openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

PROV: add RSA signature implementation 

This includes legacy PSS controls to params conversion, and an attempt
to generalise the parameter names when they are suitable for more than
one operation.

Also added crypto/rsa/rsa_aid.c, containing proper AlgorithmIdentifiers
for known RSA+hash function combinations.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10557)
This commit is contained in:
Richard Levitte 2019-12-01 15:01:50 +01:00
parent e8d0819d52
commit 6f4b766315
19 changed files with 1517 additions and 122 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
crypto/err/openssl.txt
View File

@ -2752,6 +2752,7 @@ PROP_R_PARSE_FAILED:108:parse failed
PROP_R_STRING_TOO_LONG:109:string too long
PROP_R_TRAILING_CHARACTERS:110:trailing characters
PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed
PROV_R_ALGORITHM_MISMATCH:173:algorithm mismatch
PROV_R_BAD_DECRYPT:100:bad decrypt
PROV_R_BAD_ENCODING:141:bad encoding
PROV_R_BAD_LENGTH:142:bad length
@ -2759,17 +2760,21 @@ PROV_R_BAD_TLS_CLIENT_VERSION:161:bad tls client version
PROV_R_BN_ERROR:160:bn error
PROV_R_BOTH_MODE_AND_MODE_INT:127:both mode and mode int
PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed
PROV_R_DIGEST_NOT_ALLOWED:174:digest not allowed
PROV_R_FAILED_DURING_DERIVATION:164:failed during derivation
PROV_R_FAILED_TO_DECRYPT:162:failed to decrypt
PROV_R_FAILED_TO_GENERATE_KEY:121:failed to generate key
PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter
PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter
PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE:165:\
illegal or unsupported padding mode
PROV_R_INAVLID_UKM_LENGTH:146:inavlid ukm length
PROV_R_INVALID_AAD:108:invalid aad
PROV_R_INVALID_CONSTANT_LENGTH:157:invalid constant length
PROV_R_INVALID_CUSTOM_LENGTH:111:invalid custom length
PROV_R_INVALID_DATA:115:invalid data
PROV_R_INVALID_DIGEST:122:invalid digest
PROV_R_INVALID_DIGEST_LENGTH:166:invalid digest length
PROV_R_INVALID_ITERATION_COUNT:123:invalid iteration count
PROV_R_INVALID_IVLEN:116:invalid ivlen
PROV_R_INVALID_IV_LENGTH:109:invalid iv length
@ -2778,12 +2783,17 @@ PROV_R_INVALID_KEYLEN:117:invalid keylen
PROV_R_INVALID_KEY_LEN:124:invalid key len
PROV_R_INVALID_KEY_LENGTH:105:invalid key length
PROV_R_INVALID_MAC:151:invalid mac
PROV_R_INVALID_MGF1_MD:167:invalid mgf1 md
PROV_R_INVALID_MODE:125:invalid mode
PROV_R_INVALID_MODE_INT:126:invalid mode int
PROV_R_INVALID_PADDING_MODE:168:invalid padding mode
PROV_R_INVALID_PSS_SALTLEN:169:invalid pss saltlen
PROV_R_INVALID_SALT_LENGTH:112:invalid salt length
PROV_R_INVALID_SEED_LENGTH:154:invalid seed length
PROV_R_INVALID_TAG:110:invalid tag
PROV_R_INVALID_TAGLEN:118:invalid taglen
PROV_R_INVALID_X931_DIGEST:170:invalid x931 digest
PROV_R_KEY_SIZE_TOO_SMALL:171:key size too small
PROV_R_MISSING_CEK_ALG:144:missing cek alg
PROV_R_MISSING_CIPHER:155:missing cipher
PROV_R_MISSING_CONSTANT:156:missing constant
@ -2801,6 +2811,7 @@ PROV_R_NOT_SUPPORTED:136:not supported
PROV_R_NOT_XOF_OR_INVALID_LENGTH:113:not xof or invalid length
PROV_R_NO_KEY_SET:114:no key set
PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
PROV_R_PSS_SALTLEN_TOO_SMALL:172:pss saltlen too small
PROV_R_READ_KEY:159:read key
PROV_R_TAG_NOTSET:119:tag notset
PROV_R_TAG_NOT_NEEDED:120:tag not needed

118
crypto/evp/pmeth_lib.c
View File

@ -786,69 +786,73 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
# ifndef OPENSSL_NO_EC
if (keytype == EVP_PKEY_EC) {
switch (cmd) {
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx);
} else if (p1 < -1 || p1 > 1) {
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
} else {
return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, p1);
}
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_kdf_type(ctx);
} else {
return EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, p1);
}
case EVP_PKEY_CTRL_GET_EC_KDF_MD:
return EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_MD:
return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, p1);
case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
return EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_UKM:
return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p2, p1);
case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_cofactor_mode(ctx);
} else if (p1 < -1 || p1 > 1) {
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
} else {
return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, p1);
}
case EVP_PKEY_CTRL_EC_KDF_TYPE:
if (p1 == -2) {
return EVP_PKEY_CTX_get_ecdh_kdf_type(ctx);
} else {
return EVP_PKEY_CTX_set_ecdh_kdf_type(ctx, p1);
}
case EVP_PKEY_CTRL_GET_EC_KDF_MD:
return EVP_PKEY_CTX_get_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_MD:
return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, p2);
case EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_get_ecdh_kdf_outlen(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_OUTLEN:
return EVP_PKEY_CTX_set_ecdh_kdf_outlen(ctx, p1);
case EVP_PKEY_CTRL_GET_EC_KDF_UKM:
return EVP_PKEY_CTX_get0_ecdh_kdf_ukm(ctx, p2);
case EVP_PKEY_CTRL_EC_KDF_UKM:
return EVP_PKEY_CTX_set0_ecdh_kdf_ukm(ctx, p2, p1);
}
}
# endif
if (keytype == -1) {
switch (cmd) {
case EVP_PKEY_CTRL_MD:
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
case EVP_PKEY_CTRL_GET_MD:
return EVP_PKEY_CTX_get_signature_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_PADDING:
return EVP_PKEY_CTX_set_rsa_padding(ctx, p1);
case EVP_PKEY_CTRL_GET_RSA_PADDING:
return EVP_PKEY_CTX_get_rsa_padding(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_MGF1_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1);
case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2);
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
case EVP_PKEY_CTRL_MD:
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
case EVP_PKEY_CTRL_GET_MD:
return EVP_PKEY_CTX_get_signature_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_PADDING:
return EVP_PKEY_CTX_set_rsa_padding(ctx, p1);
case EVP_PKEY_CTRL_GET_RSA_PADDING:
return EVP_PKEY_CTX_get_rsa_padding(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_MGF1_MD:
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
return EVP_PKEY_CTX_get_rsa_oaep_md(ctx, p2);
case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, p2, p1);
case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
return EVP_PKEY_CTX_get0_rsa_oaep_label(ctx, (unsigned char **)p2);
case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, p1);
case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
return EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, p2);
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
# ifndef OPENSSL_NO_CMS
case EVP_PKEY_CTRL_CMS_DECRYPT:
case EVP_PKEY_CTRL_CMS_ENCRYPT:
case EVP_PKEY_CTRL_CMS_DECRYPT:
case EVP_PKEY_CTRL_CMS_ENCRYPT:
# endif
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return 1;
ERR_raise(ERR_LIB_EVP,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
if (ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return 1;
ERR_raise(ERR_LIB_EVP,
EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
}
}
return 0;
@ -918,6 +922,8 @@ static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST;
else if (strcmp(name, "rsa_oaep_label") == 0)
name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL;
else if (strcmp(name, "rsa_pss_saltlen") == 0)
name = OSSL_SIGNATURE_PARAM_PSS_SALTLEN;
# ifndef OPENSSL_NO_DH
else if (strcmp(name, "dh_pad") == 0)
name = OSSL_EXCHANGE_PARAM_PAD;

2
crypto/rsa/build.info
View File

@ -1,6 +1,6 @@
LIBS=../../libcrypto
$COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_pk1.c \
$COMMON=rsa_ossl.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_aid.c rsa_pk1.c \
rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c rsa_x931.c rsa_crpt.c \
rsa_x931g.c rsa_sp800_56b_gen.c rsa_sp800_56b_check.c

98
crypto/rsa/rsa_aid.c Normal file
View File

@ -0,0 +1,98 @@
/*
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdlib.h>
#include <openssl/objects.h>
#include "crypto/rsa.h"
#define ASN1_SEQUENCE 0x30
#define ASN1_OID 0x06
/*
* -- RFC 2313
* pkcs-1 OBJECT IDENTIFIER ::= {
* iso(1) member-body(2) US(840) rsadsi(113549) pkcs(1) 1
* }
*/
/*
* -- RFC 3279
* md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
* md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
* sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
*/
#define ENCODE_ALGORITHMIDENTIFIER_PKCS1(name, n) \
static const unsigned char algorithmidentifier_##name##_der[] = { \
ASN1_SEQUENCE, 0x0b, \
ASN1_OID, 0x09, 1 * 40 + 2, 134, 72, 134, 247, 13, 1, 1, n \
}
#ifndef FIPS_MODE
ENCODE_ALGORITHMIDENTIFIER_PKCS1(md2, 2);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(md5, 4);
#endif
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha1, 5);
/*
* -- RFC 4055
* sha224WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 14 }
* sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
* sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
* sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
*/
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha224, 14);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha256, 11);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha384, 12);
ENCODE_ALGORITHMIDENTIFIER_PKCS1(sha512, 13);
/*
* -- https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
*
* sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 }
*
* id-rsassa-pkcs1-v1_5-with-sha3-224 ::= { sigAlgs 13 }
* id-rsassa-pkcs1-v1_5-with-sha3-256 ::= { sigAlgs 14 }
* id-rsassa-pkcs1-v1_5-with-sha3-384 ::= { sigAlgs 15 }
* id-rsassa-pkcs1-v1_5-with-sha3-512 ::= { sigAlgs 16 }
*/
#define ENCODE_ALGORITHMIDENTIFIER_SIGALGS(name, n) \
static const unsigned char algorithmidentifier_##name##_der[] = { \
ASN1_SEQUENCE, 0x0c, \
ASN1_OID, 0x0a, 1 * 40 + 2, 16, 134, 72, 1, 101, 3, 4, 3, n \
}
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_224, 13);
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_256, 14);
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_384, 15);
ENCODE_ALGORITHMIDENTIFIER_SIGALGS(sha3_512, 16);
#define MD_CASE(name) \
case NID_##name: \
*len = sizeof(algorithmidentifier_##name##_der); \
return algorithmidentifier_##name##_der
const unsigned char *rsa_algorithmidentifier_encoding(int md_nid, size_t *len)
{
switch (md_nid) {
#ifndef FIPS_MODE
MD_CASE(md2);
MD_CASE(md5);
#endif
MD_CASE(sha1);
MD_CASE(sha224);
MD_CASE(sha256);
MD_CASE(sha384);
MD_CASE(sha512);
MD_CASE(sha3_224);
MD_CASE(sha3_256);
MD_CASE(sha3_384);
MD_CASE(sha3_512);
default:
return NULL;
}
}

113
crypto/rsa/rsa_lib.c
View File

@ -817,12 +817,14 @@ int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode)
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
if (!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
|| ctx->op.ciph.ciphprovctx == NULL)
if ((!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
|| ctx->op.ciph.ciphprovctx == NULL)
&& (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|| ctx->op.sig.sigprovctx == NULL))
return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_RSA_PADDING,
pad_mode, NULL);
*p++ = OSSL_PARAM_construct_int(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, &pad_mode);
*p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_PAD_MODE, &pad_mode);
*p++ = OSSL_PARAM_construct_end();
return EVP_PKEY_CTX_set_params(ctx, pad_params);
@ -845,12 +847,14 @@ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode)
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
if (!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
|| ctx->op.ciph.ciphprovctx == NULL)
if ((!EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx)
|| ctx->op.ciph.ciphprovctx == NULL)
&& (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|| ctx->op.sig.sigprovctx == NULL))
return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET_RSA_PADDING, 0,
pad_mode);
*p++ = OSSL_PARAM_construct_int(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, pad_mode);
*p++ = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_PAD_MODE, pad_mode);
*p++ = OSSL_PARAM_construct_end();
if (!EVP_PKEY_CTX_get_params(ctx, pad_params))
@ -1026,20 +1030,20 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return -1;
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MGF1_DIGEST,
/*
* Cast away the const. This is read
* only so should be safe
* Cast away the const. This is
* read only so should be safe
*/
(char *)mdname, 0);
if (mdprops != NULL) {
*p++ = OSSL_PARAM_construct_utf8_string(
OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS,
/*
* Cast away the const. This is read
* only so should be safe
*/
(char *)mdprops, 0);
*p++ =
OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MGF1_PROPERTIES,
/*
* Cast away the const. This is
* read only so should be safe
*/
(char *)mdprops, 0);
}
*p++ = OSSL_PARAM_construct_end();
@ -1065,7 +1069,7 @@ int EVP_PKEY_CTX_get_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, char *name,
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return -1;
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_MGF1_DIGEST,
name, namelen);
*p++ = OSSL_PARAM_construct_end();
@ -1133,12 +1137,12 @@ int EVP_PKEY_CTX_set0_rsa_oaep_label(EVP_PKEY_CTX *ctx, void *label, int llen)
(void *)label);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL,
/*
* Cast away the const. This is read
* only so should be safe
*/
(void *)label,
(size_t)llen);
/*
* Cast away the const. This is
* read only so should be safe
*/
(void *)label,
(size_t)llen);
*p++ = OSSL_PARAM_construct_end();
if (!EVP_PKEY_CTX_set_params(ctx, rsa_params))
@ -1183,4 +1187,67 @@ int EVP_PKEY_CTX_get0_rsa_oaep_label(EVP_PKEY_CTX *ctx, unsigned char **label)
return (int)labellen;
}
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen)
{
OSSL_PARAM pad_params[2], *p = pad_params;
if (ctx == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
}
/* If key type not RSA or RSA-PSS return error */
if (ctx->pmeth != NULL
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|| ctx->op.sig.sigprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_RSA_PSS_SALTLEN,
saltlen, NULL);
*p++ =
OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, &saltlen);
*p++ = OSSL_PARAM_construct_end();
return EVP_PKEY_CTX_set_params(ctx, pad_params);
}
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen)
{
OSSL_PARAM pad_params[2], *p = pad_params;
if (ctx == NULL || saltlen == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
/* Uses the same return values as EVP_PKEY_CTX_ctrl */
return -2;
}
/* If key type not RSA or RSA-PSS return error */
if (ctx->pmeth != NULL
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
return -1;
/* TODO(3.0): Remove this eventually when no more legacy */
if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|| ctx->op.sig.sigprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, -1, -1,
EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN,
0, saltlen);
*p++ =
OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, saltlen);
*p++ = OSSL_PARAM_construct_end();
if (!EVP_PKEY_CTX_get_params(ctx, pad_params))
return 0;
return 1;
}
#endif

4
crypto/rsa/rsa_local.h
View File

@ -122,10 +122,6 @@ struct rsa_meth_st {
BIGNUM *e, BN_GENCB *cb);
};
extern int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm,
size_t *prm_len, const unsigned char *sigbuf,
size_t siglen, RSA *rsa);
/* Macros to test if a pkey or ctx is for a PSS key */
#define pkey_is_pss(pkey) (pkey->ameth->pkey_id == EVP_PKEY_RSA_PSS)
#define pkey_ctx_is_pss(ctx) (ctx->pmeth->pkey_id == EVP_PKEY_RSA_PSS)

1
crypto/rsa/rsa_pmeth.c
View File

@ -25,6 +25,7 @@
#include <openssl/x509v3.h>
#include <openssl/cms.h>
#include "crypto/evp.h"
#include "crypto/rsa.h"
#include "rsa_local.h"
/* RSA pkey context structure */

40
crypto/rsa/rsa_sign.c
View File

@ -23,13 +23,20 @@
#ifndef OPENSSL_NO_MD2
# include <openssl/md2.h> /* uses MD2_DIGEST_LENGTH */
#endif
#ifndef OPENSSL_NO_MD4
# include <openssl/md4.h> /* uses MD4_DIGEST_LENGTH */
#endif
#ifndef OPENSSL_NO_MD5
# include <openssl/md5.h> /* uses MD5_DIGEST_LENGTH */
#endif
#ifndef OPENSSL_NO_MDC2
# include <openssl/mdc2.h> /* uses MDC2_DIGEST_LENGTH */
#endif
#ifndef OPENSSL_NO_RMD160
# include <openssl/ripemd.h> /* uses RIPEMD160_DIGEST_LENGTH */
#endif
#include <openssl/sha.h> /* uses SHA???_DIGEST_LENGTH */
#include "crypto/rsa.h"
#include "rsa_local.h"
/*
@ -76,7 +83,7 @@ static const unsigned char digestinfo_##name##_der[] = { \
ASN1_OCTET_STRING, sz \
};
/* MD2 and MD5 OIDs are of the form: (1 2 840 113549 2 |n|) */
/* MD2, MD4 and MD5 OIDs are of the form: (1 2 840 113549 2 |n|) */
#define ENCODE_DIGESTINFO_MD(name, n, sz) \
static const unsigned char digestinfo_##name##_der[] = { \
ASN1_SEQUENCE, 0x10 + sz, \
@ -90,6 +97,9 @@ static const unsigned char digestinfo_##name##_der[] = { \
# ifndef OPENSSL_NO_MD2
ENCODE_DIGESTINFO_MD(md2, 0x02, MD2_DIGEST_LENGTH)
# endif
# ifndef OPENSSL_NO_MD4
ENCODE_DIGESTINFO_MD(md4, 0x03, MD4_DIGEST_LENGTH)
# endif
# ifndef OPENSSL_NO_MD5
ENCODE_DIGESTINFO_MD(md5, 0x05, MD5_DIGEST_LENGTH)
# endif
@ -103,6 +113,18 @@ static const unsigned char digestinfo_mdc2_der[] = {
ASN1_OCTET_STRING, MDC2_DIGEST_LENGTH
};
# endif
# ifndef OPENSSL_NO_RMD160
/* RIPEMD160 (1 3 36 3 3 1 2) */
static const unsigned char digestinfo_ripemd160_der[] = {
ASN1_SEQUENCE, 0x0c + RIPEMD160_DIGEST_LENGTH,
ASN1_SEQUENCE, 0x08,
ASN1_OID, 0x04, 1 * 40 + 3, 36, 3, 3, 1, 2,
ASN1_NULL, 0x00,
ASN1_OCTET_STRING, RIPEMD160_DIGEST_LENGTH
};
# endif
#endif /* FIPS_MODE */
/* SHA-1 (1 3 14 3 2 26) */
static const unsigned char digestinfo_sha1_der[] = {
ASN1_SEQUENCE, 0x0d + SHA_DIGEST_LENGTH,
@ -112,8 +134,6 @@ static const unsigned char digestinfo_sha1_der[] = {
ASN1_OCTET_STRING, SHA_DIGEST_LENGTH
};
#endif /* FIPS_MODE */
ENCODE_DIGESTINFO_SHA(sha256, 0x01, SHA256_DIGEST_LENGTH)
ENCODE_DIGESTINFO_SHA(sha384, 0x02, SHA384_DIGEST_LENGTH)
ENCODE_DIGESTINFO_SHA(sha512, 0x03, SHA512_DIGEST_LENGTH)
@ -130,9 +150,9 @@ ENCODE_DIGESTINFO_SHA(sha3_512, 0x0a, SHA512_DIGEST_LENGTH)
*len = sizeof(digestinfo_##name##_der); \
return digestinfo_##name##_der;
static const unsigned char *digestinfo_encoding(int nid, size_t *len)
const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len)
{
switch (nid) {
switch (md_nid) {
#ifndef FIPS_MODE
# ifndef OPENSSL_NO_MDC2
MD_CASE(mdc2)
@ -140,11 +160,17 @@ static const unsigned char *digestinfo_encoding(int nid, size_t *len)
# ifndef OPENSSL_NO_MD2
MD_CASE(md2)
# endif
# ifndef OPENSSL_NO_MD4
MD_CASE(md4)
# endif
# ifndef OPENSSL_NO_MD5
MD_CASE(md5)
# endif
MD_CASE(sha1)
# ifndef OPENSSL_NO_RMD160
MD_CASE(ripemd160)
# endif
#endif /* FIPS_MODE */
MD_CASE(sha1)
MD_CASE(sha224)
MD_CASE(sha256)
MD_CASE(sha384)
@ -183,7 +209,7 @@ static int encode_pkcs1(unsigned char **out, size_t *out_len, int type,
RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
di_prefix = digestinfo_encoding(type, &di_prefix_len);
di_prefix = rsa_digestinfo_encoding(type, &di_prefix_len);
if (di_prefix == NULL) {
RSAerr(RSA_F_ENCODE_PKCS1,
RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

59
doc/man3/EVP_PKEY_CTX_ctrl.pod
View File

@ -94,8 +94,8 @@ EVP_PKEY_CTX_set1_id, EVP_PKEY_CTX_get1_id, EVP_PKEY_CTX_get1_id_len
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad);
int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad);
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int len);
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *len);
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen);
int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int mbits);
int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp);
int EVP_PKEY_CTX_set_rsa_keygen_primes(EVP_PKEY_CTX *ctx, int primes);
@ -211,8 +211,8 @@ B<optype> is a mask indicating which operations the control can be applied to.
The control command is indicated in B<cmd> and any additional arguments in
B<p1> and B<p2>.
For B<cmd> = B<EVP_PKEY_CTRL_SET_MAC_KEY>, B<p1> is the length of the MAC key,
and B<p2> is MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.
For I<cmd> = B<EVP_PKEY_CTRL_SET_MAC_KEY>, I<p1> is the length of the MAC key,
and I<p2> is the MAC key. This is used by Poly1305, SipHash, HMAC and CMAC.
Applications will not normally call EVP_PKEY_CTX_ctrl() directly but will
instead call one of the algorithm specific macros below.
@ -272,20 +272,36 @@ buffer is expected to be the algorithm identifier byte.
The EVP_PKEY_CTX_get_rsa_padding() function gets the RSA padding mode for B<ctx>.
The EVP_PKEY_CTX_set_rsa_pss_saltlen() macro sets the RSA PSS salt length to
B<len>. As its name implies it is only supported for PSS padding. Three special
values are supported: B<RSA_PSS_SALTLEN_DIGEST> sets the salt length to the
digest length, B<RSA_PSS_SALTLEN_MAX> sets the salt length to the maximum
permissible value. When verifying B<RSA_PSS_SALTLEN_AUTO> causes the salt length
to be automatically determined based on the B<PSS> block structure. If this
macro is not called maximum salt length is used when signing and auto detection
when verifying is used by default.
The EVP_PKEY_CTX_set_rsa_pss_saltlen() function sets the RSA PSS salt
length to I<saltlen>. As its name implies it is only supported for PSS
padding. If this function is not called then the maximum salt length
is used when signing and auto detection when verifying. Three special
values are supported:
The EVP_PKEY_CTX_get_rsa_pss_saltlen() macro gets the RSA PSS salt length
for B<ctx>. The padding mode must have been set to B<RSA_PKCS1_PSS_PADDING>.
=over 4
=item B<RSA_PSS_SALTLEN_DIGEST>
sets the salt length to the digest length.
=item B<RSA_PSS_SALTLEN_MAX>
sets the salt length to the maximum permissible value.
=item B<RSA_PSS_SALTLEN_AUTO>
causes the salt length to be automatically determined based on the
B<PSS> block structure when verifying. When signing, it has the same
meaning as B<RSA_PSS_SALTLEN_MAX>.
=back
The EVP_PKEY_CTX_get_rsa_pss_saltlen() function gets the RSA PSS salt length
for B<ctx>. The padding mode must already have been set to
B<RSA_PKCS1_PSS_PADDING>.
The EVP_PKEY_CTX_set_rsa_keygen_bits() macro sets the RSA key length for
RSA key generation to B<bits>. If not specified 1024 bits is used.
RSA key generation to I<bits>. If not specified 2048 bits is used.
The EVP_PKEY_CTX_set_rsa_keygen_pubexp() macro sets the public exponent value
for RSA key generation to B<pubexp>. Currently it should be an odd integer. The
@ -374,12 +390,12 @@ negotiated protocol version. Otherwise it should be left unset.
=head2 DSA parameters
The EVP_PKEY_CTX_set_dsa_paramgen_bits() macro sets the number of bits used
for DSA parameter generation to B<nbits>. If not specified, 1024 is used.
for DSA parameter generation to I<nbits>. If not specified, 2048 is used.
The EVP_PKEY_CTX_set_dsa_paramgen_q_bits() macro sets the number of bits in the
subprime parameter B<q> for DSA parameter generation to B<qbits>. If not
specified, 160 is used. If a digest function is specified below, this parameter
is ignored and instead, the number of bits in B<q> matches the size of the
subprime parameter I<q> for DSA parameter generation to I<qbits>. If not
specified, 224 is used. If a digest function is specified below, this parameter
is ignored and instead, the number of bits in I<q> matches the size of the
digest.
The EVP_PKEY_CTX_set_dsa_paramgen_md() macro sets the digest function used for
@ -598,8 +614,9 @@ EVP_PKEY_CTX_set_dh_pad(), EVP_PKEY_CTX_set_rsa_padding(),
EVP_PKEY_CTX_get_rsa_padding(), EVP_PKEY_CTX_get_rsa_mgf1_md(),
EVP_PKEY_CTX_set_rsa_mgf1_md(), EVP_PKEY_CTX_set_rsa_oaep_md(),
EVP_PKEY_CTX_get_rsa_oaep_md(), EVP_PKEY_CTX_set0_rsa_oaep_label(),
EVP_PKEY_CTX_get0_rsa_oaep_label() were macros in OpenSSL 1.1.1 and below. From
OpenSSL 3.0 they are functions.
EVP_PKEY_CTX_get0_rsa_oaep_label(), EVP_PKEY_CTX_set_rsa_pss_saltlen(),
EVP_PKEY_CTX_get_rsa_pss_saltlen(), were macros in OpenSSL 1.1.1 and below.
From OpenSSL 3.0 they are functions.
EVP_PKEY_CTX_get_rsa_oaep_md_name(), EVP_PKEY_CTX_get_rsa_mgf1_md_name(),
EVP_PKEY_CTX_set_rsa_mgf1_md_name() and EVP_PKEY_CTX_set_rsa_oaep_md_name() were

8
include/crypto/rsa.h
View File

@ -29,4 +29,12 @@ int rsa_validate_public(const RSA *key);
int rsa_validate_private(const RSA *key);
int rsa_validate_pairwise(const RSA *key);
int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm,
size_t *prm_len, const unsigned char *sigbuf,
size_t siglen, RSA *rsa);
const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len);
const unsigned char *rsa_algorithmidentifier_encoding(int md_nid, size_t *len);
#endif

26
include/openssl/core_names.h
View File

@ -88,11 +88,16 @@ extern "C" {
/* Known DIGEST names (not a complete list) */
#define OSSL_DIGEST_NAME_MD5 "MD5"
#define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1"
#define OSSL_DIGEST_NAME_SHA1 "SHA1"
#define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224"
#define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256"
#define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384"
#define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512"
#define OSSL_DIGEST_NAME_MD2 "MD2"
#define OSSL_DIGEST_NAME_MD4 "MD4"
#define OSSL_DIGEST_NAME_MDC2 "MDC2"
#define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160"
#define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224"
#define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256"
#define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384"
@ -171,6 +176,14 @@ extern "C" {
#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */
#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */
#define OSSL_PKEY_PARAM_PAD_MODE "pad-mode"
#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size"
#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
/* Diffie-Hellman/DSA public/private key */
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
@ -234,15 +247,22 @@ extern "C" {
/* Signature parameters */
#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
#define OSSL_SIGNATURE_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
#define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
#define OSSL_SIGNATURE_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
#define OSSL_SIGNATURE_PARAM_PSS_SALTLEN "pss-saltlen"
#define OSSL_SIGNATURE_PARAM_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
#define OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES \
OSSL_PKEY_PARAM_MGF1_PROPERTIES
/* Asym cipher parameters */
#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE "pad-mode"
#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \
OSSL_PKEY_PARAM_MGF1_DIGEST
#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS \
OSSL_PKEY_PARAM_MGF1_PROPERTIES
#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST "mgf1-digest"
#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS "mgf1-digest-props"
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN "oaep-label-len"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"

10
include/openssl/rsa.h
View File

@ -108,9 +108,9 @@ extern "C" {
int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode);
int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode);
# define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
int EVP_PKEY_CTX_set_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int saltlen);
int EVP_PKEY_CTX_get_rsa_pss_saltlen(EVP_PKEY_CTX *ctx, int *saltlen);
/* Salt length matches digest */
# define RSA_PSS_SALTLEN_DIGEST -1
/* Verify only: auto detect salt length */
@ -124,10 +124,6 @@ int EVP_PKEY_CTX_get_rsa_padding(EVP_PKEY_CTX *ctx, int *pad_mode);
EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_PSS_SALTLEN, len, NULL)
# define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
RSA_pkey_ctx_ctrl(ctx, (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, 0, plen)
# define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
RSA_pkey_ctx_ctrl(ctx, EVP_PKEY_OP_KEYGEN, \
EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)

10
providers/common/include/prov/providercommonerr.h
View File

@ -50,6 +50,7 @@ int ERR_load_PROV_strings(void);
* PROV reason codes.
*/
# define PROV_R_AES_KEY_SETUP_FAILED 101
# define PROV_R_ALGORITHM_MISMATCH 173
# define PROV_R_BAD_DECRYPT 100
# define PROV_R_BAD_ENCODING 141
# define PROV_R_BAD_LENGTH 142
@ -57,17 +58,20 @@ int ERR_load_PROV_strings(void);
# define PROV_R_BN_ERROR 160
# define PROV_R_BOTH_MODE_AND_MODE_INT 127
# define PROV_R_CIPHER_OPERATION_FAILED 102
# define PROV_R_DIGEST_NOT_ALLOWED 174
# define PROV_R_FAILED_DURING_DERIVATION 164
# define PROV_R_FAILED_TO_DECRYPT 162
# define PROV_R_FAILED_TO_GENERATE_KEY 121
# define PROV_R_FAILED_TO_GET_PARAMETER 103
# define PROV_R_FAILED_TO_SET_PARAMETER 104
# define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165
# define PROV_R_INAVLID_UKM_LENGTH 146
# define PROV_R_INVALID_AAD 108
# define PROV_R_INVALID_CONSTANT_LENGTH 157
# define PROV_R_INVALID_CUSTOM_LENGTH 111
# define PROV_R_INVALID_DATA 115
# define PROV_R_INVALID_DIGEST 122
# define PROV_R_INVALID_DIGEST_LENGTH 166
# define PROV_R_INVALID_ITERATION_COUNT 123
# define PROV_R_INVALID_IVLEN 116
# define PROV_R_INVALID_IV_LENGTH 109
@ -76,12 +80,17 @@ int ERR_load_PROV_strings(void);
# define PROV_R_INVALID_KEY_LEN 124
# define PROV_R_INVALID_KEY_LENGTH 105
# define PROV_R_INVALID_MAC 151
# define PROV_R_INVALID_MGF1_MD 167
# define PROV_R_INVALID_MODE 125
# define PROV_R_INVALID_MODE_INT 126
# define PROV_R_INVALID_PADDING_MODE 168
# define PROV_R_INVALID_PSS_SALTLEN 169
# define PROV_R_INVALID_SALT_LENGTH 112
# define PROV_R_INVALID_SEED_LENGTH 154
# define PROV_R_INVALID_TAG 110
# define PROV_R_INVALID_TAGLEN 118
# define PROV_R_INVALID_X931_DIGEST 170
# define PROV_R_KEY_SIZE_TOO_SMALL 171
# define PROV_R_MISSING_CEK_ALG 144
# define PROV_R_MISSING_CIPHER 155
# define PROV_R_MISSING_CONSTANT 156
@ -99,6 +108,7 @@ int ERR_load_PROV_strings(void);
# define PROV_R_NOT_XOF_OR_INVALID_LENGTH 113
# define PROV_R_NO_KEY_SET 114
# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106
# define PROV_R_PSS_SALTLEN_TOO_SMALL 172
# define PROV_R_READ_KEY 159
# define PROV_R_TAG_NOTSET 119
# define PROV_R_TAG_NOT_NEEDED 120

19
providers/common/provider_err.c
View File

@ -16,6 +16,8 @@
static const ERR_STRING_DATA PROV_str_reasons[] = {
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_AES_KEY_SETUP_FAILED),
"aes key setup failed"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ALGORITHM_MISMATCH),
"algorithm mismatch"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_ENCODING), "bad encoding"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_LENGTH), "bad length"},
@ -26,6 +28,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"both mode and mode int"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED),
"cipher operation failed"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_DIGEST_NOT_ALLOWED),
"digest not allowed"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_DURING_DERIVATION),
"failed during derivation"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_DECRYPT), "failed to decrypt"},
@ -35,6 +39,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"failed to get parameter"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER),
"failed to set parameter"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),
"illegal or unsupported padding mode"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INAVLID_UKM_LENGTH),
"inavlid ukm length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_AAD), "invalid aad"},
@ -44,6 +50,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
"invalid custom length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DATA), "invalid data"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST), "invalid digest"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_DIGEST_LENGTH),
"invalid digest length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_ITERATION_COUNT),
"invalid iteration count"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_IVLEN), "invalid ivlen"},
@ -54,14 +62,23 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEY_LENGTH),
"invalid key length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MAC), "invalid mac"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MGF1_MD), "invalid mgf1 md"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE), "invalid mode"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_MODE_INT), "invalid mode int"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PADDING_MODE),
"invalid padding mode"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_PSS_SALTLEN),
"invalid pss saltlen"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SALT_LENGTH),
"invalid salt length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_SEED_LENGTH),
"invalid seed length"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAG), "invalid tag"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_TAGLEN), "invalid taglen"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST),
"invalid x931 digest"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_KEY_SIZE_TOO_SMALL),
"key size too small"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CEK_ALG), "missing cek alg"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CIPHER), "missing cipher"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISSING_CONSTANT), "missing constant"},
@ -83,6 +100,8 @@ static const ERR_STRING_DATA PROV_str_reasons[] = {
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_NO_KEY_SET), "no key set"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL),
"output buffer too small"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_PSS_SALTLEN_TOO_SMALL),
"pss saltlen too small"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_READ_KEY), "read key"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOTSET), "tag notset"},
{ERR_PACK(ERR_LIB_PROV, 0, PROV_R_TAG_NOT_NEEDED), "tag not needed"},

1
providers/defltprov.c
View File

@ -384,6 +384,7 @@ static const OSSL_ALGORITHM deflt_signature[] = {
#ifndef OPENSSL_NO_DSA
{ "DSA:dsaEncryption", "provider=default", dsa_signature_functions },
#endif
{ "RSA:rsaEncryption", "default=yes", rsa_signature_functions },
{ NULL, NULL, NULL }
};

1
providers/implementations/include/prov/implementations.h
View File

@ -269,6 +269,7 @@ extern const OSSL_DISPATCH ecdh_keyexch_functions[];
/* Signature */
extern const OSSL_DISPATCH dsa_signature_functions[];
extern const OSSL_DISPATCH rsa_signature_functions[];
/* Asym Cipher */
extern const OSSL_DISPATCH rsa_asym_cipher_functions[];

3
providers/implementations/signature/build.info
View File

@ -2,9 +2,12 @@
# switch each to the Legacy provider when needed.
$DSA_GOAL=../../libimplementations.a
$RSA_GOAL=../../libimplementations.a
IF[{- !$disabled{dsa} -}]
SOURCE[$DSA_GOAL]=dsa.c
ENDIF
SOURCE[$RSA_GOAL]=rsa.c

1113
providers/implementations/signature/rsa.c Normal file
View File

File diff suppressed because it is too large Load Diff

2
util/libcrypto.num
View File

@ -4945,3 +4945,5 @@ EVP_PKEY_CTX_set_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_CTX_get_ecdh_kdf_outlen ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_CTX_set0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_CTX_get0_ecdh_kdf_ukm ? 3_0_0 EXIST::FUNCTION:EC
EVP_PKEY_CTX_set_rsa_pss_saltlen ? 3_0_0 EXIST::FUNCTION:RSA
EVP_PKEY_CTX_get_rsa_pss_saltlen ? 3_0_0 EXIST::FUNCTION:RSA