2015-01-22 11:40:55 +08:00
|
|
|
/*
|
2020-04-23 20:55:52 +08:00
|
|
|
* Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
|
2005-05-29 04:44:37 +08:00
|
|
|
*
|
2018-12-06 20:54:02 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 02:51:34 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
2005-05-29 04:44:37 +08:00
|
|
|
*/
|
|
|
|
|
|
2020-02-12 13:03:51 +08:00
|
|
|
/*
|
|
|
|
|
* RSA low level APIs are deprecated for public use, but still ok for
|
|
|
|
|
* internal use.
|
|
|
|
|
*/
|
|
|
|
|
#include "internal/deprecated.h"
|
|
|
|
|
|
2005-05-29 04:44:37 +08:00
|
|
|
#include <stdio.h>
|
2015-05-14 22:56:48 +08:00
|
|
|
#include "internal/cryptlib.h"
|
2005-05-29 04:44:37 +08:00
|
|
|
#include <openssl/bn.h>
|
|
|
|
|
#include <openssl/rsa.h>
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
|
#include <openssl/rand.h>
|
|
|
|
|
#include <openssl/sha.h>
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "rsa_local.h"
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2005-08-08 06:21:49 +08:00
|
|
|
#if defined(_MSC_VER) && defined(_ARM_)
|
2015-01-22 11:40:55 +08:00
|
|
|
# pragma optimize("g", off)
|
2005-08-08 06:21:49 +08:00
|
|
|
#endif
|
|
|
|
|
|
2005-05-29 04:44:37 +08:00
|
|
|
int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
|
2015-01-22 11:40:55 +08:00
|
|
|
const EVP_MD *Hash, const unsigned char *EM,
|
|
|
|
|
int sLen)
|
|
|
|
|
{
|
|
|
|
|
return RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, Hash, NULL, EM, sLen);
|
|
|
|
|
}
|
2010-03-11 21:40:42 +08:00
|
|
|
|
|
|
|
|
int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
|
2015-01-22 11:40:55 +08:00
|
|
|
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
|
|
|
|
|
const unsigned char *EM, int sLen)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
int hLen, maskedDBLen, MSBits, emLen;
|
|
|
|
|
const unsigned char *H;
|
|
|
|
|
unsigned char *DB = NULL;
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX *ctx = EVP_MD_CTX_new();
|
2015-01-22 11:40:55 +08:00
|
|
|
unsigned char H_[EVP_MAX_MD_SIZE];
|
2015-11-27 21:02:12 +08:00
|
|
|
|
|
|
|
|
if (ctx == NULL)
|
|
|
|
|
goto err;
|
2005-06-03 02:25:36 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (mgf1Hash == NULL)
|
|
|
|
|
mgf1Hash = Hash;
|
2010-03-11 21:40:42 +08:00
|
|
|
|
2015-11-27 21:02:12 +08:00
|
|
|
hLen = EVP_MD_size(Hash);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (hLen < 0)
|
|
|
|
|
goto err;
|
2015-01-05 19:30:03 +08:00
|
|
|
/*-
|
|
|
|
|
* Negative sLen has special meanings:
|
|
|
|
|
* -1 sLen == hLen
|
|
|
|
|
* -2 salt length is autorecovered from signature
|
2017-02-27 19:40:35 +08:00
|
|
|
* -3 salt length is maximized
|
2015-01-05 19:30:03 +08:00
|
|
|
* -N reserved
|
|
|
|
|
*/
|
2017-08-23 01:36:49 +08:00
|
|
|
if (sLen == RSA_PSS_SALTLEN_DIGEST) {
|
2015-01-22 11:40:55 +08:00
|
|
|
sLen = hLen;
|
2017-08-23 01:36:49 +08:00
|
|
|
} else if (sLen < RSA_PSS_SALTLEN_MAX) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2005-06-03 02:25:36 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
|
|
|
|
|
emLen = RSA_size(rsa);
|
|
|
|
|
if (EM[0] & (0xFF << MSBits)) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_FIRST_OCTET_INVALID);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (MSBits == 0) {
|
|
|
|
|
EM++;
|
|
|
|
|
emLen--;
|
|
|
|
|
}
|
2017-02-27 19:40:35 +08:00
|
|
|
if (emLen < hLen + 2) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE);
|
2017-02-27 19:40:35 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2017-01-18 01:51:24 +08:00
|
|
|
if (sLen == RSA_PSS_SALTLEN_MAX) {
|
|
|
|
|
sLen = emLen - hLen - 2;
|
2017-02-27 19:40:35 +08:00
|
|
|
} else if (sLen > emLen - hLen - 2) { /* sLen can be small negative */
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (EM[emLen - 1] != 0xbc) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_LAST_OCTET_INVALID);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
maskedDBLen = emLen - hLen - 1;
|
|
|
|
|
H = EM + maskedDBLen;
|
|
|
|
|
DB = OPENSSL_malloc(maskedDBLen);
|
2015-10-30 19:12:26 +08:00
|
|
|
if (DB == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
|
|
|
|
|
goto err;
|
|
|
|
|
for (i = 0; i < maskedDBLen; i++)
|
|
|
|
|
DB[i] ^= EM[i];
|
|
|
|
|
if (MSBits)
|
|
|
|
|
DB[0] &= 0xFF >> (8 - MSBits);
|
|
|
|
|
for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) ;
|
|
|
|
|
if (DB[i++] != 0x1) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_RECOVERY_FAILED);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2017-01-18 01:51:24 +08:00
|
|
|
if (sLen != RSA_PSS_SALTLEN_AUTO && (maskedDBLen - i) != sLen) {
|
2021-01-30 00:02:32 +08:00
|
|
|
ERR_raise_data(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED,
|
|
|
|
|
"expected: %d retrieved: %d", sLen,
|
|
|
|
|
maskedDBLen - i);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2015-11-27 21:02:12 +08:00
|
|
|
if (!EVP_DigestInit_ex(ctx, Hash, NULL)
|
2017-12-08 02:39:34 +08:00
|
|
|
|| !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
|
2015-11-27 21:02:12 +08:00
|
|
|
|| !EVP_DigestUpdate(ctx, mHash, hLen))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
if (maskedDBLen - i) {
|
2015-11-27 21:02:12 +08:00
|
|
|
if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2015-11-27 21:02:12 +08:00
|
|
|
if (!EVP_DigestFinal_ex(ctx, H_, NULL))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
if (memcmp(H_, H, hLen)) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_BAD_SIGNATURE);
|
2015-01-22 11:40:55 +08:00
|
|
|
ret = 0;
|
2017-08-23 01:36:49 +08:00
|
|
|
} else {
|
2015-01-22 11:40:55 +08:00
|
|
|
ret = 1;
|
2017-08-23 01:36:49 +08:00
|
|
|
}
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
err:
|
2015-05-01 22:02:07 +08:00
|
|
|
OPENSSL_free(DB);
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX_free(ctx);
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return ret;
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2005-05-29 04:44:37 +08:00
|
|
|
|
|
|
|
|
int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
|
2015-01-22 11:40:55 +08:00
|
|
|
const unsigned char *mHash,
|
|
|
|
|
const EVP_MD *Hash, int sLen)
|
|
|
|
|
{
|
|
|
|
|
return RSA_padding_add_PKCS1_PSS_mgf1(rsa, EM, mHash, Hash, NULL, sLen);
|
|
|
|
|
}
|
2010-03-11 21:40:42 +08:00
|
|
|
|
|
|
|
|
int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
|
2015-01-22 11:40:55 +08:00
|
|
|
const unsigned char *mHash,
|
|
|
|
|
const EVP_MD *Hash, const EVP_MD *mgf1Hash,
|
|
|
|
|
int sLen)
|
|
|
|
|
{
|
|
|
|
|
int i;
|
|
|
|
|
int ret = 0;
|
|
|
|
|
int hLen, maskedDBLen, MSBits, emLen;
|
|
|
|
|
unsigned char *H, *salt = NULL, *p;
|
2015-11-27 21:02:12 +08:00
|
|
|
EVP_MD_CTX *ctx = NULL;
|
2005-06-03 02:25:36 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (mgf1Hash == NULL)
|
|
|
|
|
mgf1Hash = Hash;
|
2010-03-11 21:40:42 +08:00
|
|
|
|
2015-11-27 21:02:12 +08:00
|
|
|
hLen = EVP_MD_size(Hash);
|
2015-01-22 11:40:55 +08:00
|
|
|
if (hLen < 0)
|
|
|
|
|
goto err;
|
2015-01-05 19:30:03 +08:00
|
|
|
/*-
|
|
|
|
|
* Negative sLen has special meanings:
|
|
|
|
|
* -1 sLen == hLen
|
|
|
|
|
* -2 salt length is maximized
|
2017-02-27 19:40:35 +08:00
|
|
|
* -3 same as above (on signing)
|
2015-01-05 19:30:03 +08:00
|
|
|
* -N reserved
|
|
|
|
|
*/
|
2017-08-23 01:36:49 +08:00
|
|
|
if (sLen == RSA_PSS_SALTLEN_DIGEST) {
|
2015-01-22 11:40:55 +08:00
|
|
|
sLen = hLen;
|
2017-08-23 01:36:49 +08:00
|
|
|
} else if (sLen == RSA_PSS_SALTLEN_MAX_SIGN) {
|
2017-01-18 01:51:24 +08:00
|
|
|
sLen = RSA_PSS_SALTLEN_MAX;
|
2017-08-23 01:36:49 +08:00
|
|
|
} else if (sLen < RSA_PSS_SALTLEN_MAX) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_SLEN_CHECK_FAILED);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2005-06-03 02:25:36 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
|
|
|
|
|
emLen = RSA_size(rsa);
|
|
|
|
|
if (MSBits == 0) {
|
|
|
|
|
*EM++ = 0;
|
|
|
|
|
emLen--;
|
|
|
|
|
}
|
2017-02-27 19:40:35 +08:00
|
|
|
if (emLen < hLen + 2) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
2017-02-27 19:40:35 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2017-01-18 01:51:24 +08:00
|
|
|
if (sLen == RSA_PSS_SALTLEN_MAX) {
|
2015-01-22 11:40:55 +08:00
|
|
|
sLen = emLen - hLen - 2;
|
2017-02-27 19:40:35 +08:00
|
|
|
} else if (sLen > emLen - hLen - 2) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (sLen > 0) {
|
|
|
|
|
salt = OPENSSL_malloc(sLen);
|
2015-10-30 19:12:26 +08:00
|
|
|
if (salt == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE);
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
2020-03-12 22:41:45 +08:00
|
|
|
if (RAND_bytes_ex(rsa->libctx, salt, sLen) <= 0)
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
maskedDBLen = emLen - hLen - 1;
|
|
|
|
|
H = EM + maskedDBLen;
|
2015-12-02 07:49:35 +08:00
|
|
|
ctx = EVP_MD_CTX_new();
|
2015-11-27 21:02:12 +08:00
|
|
|
if (ctx == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
if (!EVP_DigestInit_ex(ctx, Hash, NULL)
|
2017-12-08 02:39:34 +08:00
|
|
|
|| !EVP_DigestUpdate(ctx, zeroes, sizeof(zeroes))
|
2015-11-27 21:02:12 +08:00
|
|
|
|| !EVP_DigestUpdate(ctx, mHash, hLen))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
2015-11-27 21:02:12 +08:00
|
|
|
if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
2015-11-27 21:02:12 +08:00
|
|
|
if (!EVP_DigestFinal_ex(ctx, H, NULL))
|
2015-01-22 11:40:55 +08:00
|
|
|
goto err;
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/* Generate dbMask in place then perform XOR on it */
|
|
|
|
|
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
|
|
|
|
|
goto err;
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
p = EM;
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/*
|
|
|
|
|
* Initial PS XORs with all zeroes which is a NOP so just update pointer.
|
|
|
|
|
* Note from a test above this value is guaranteed to be non-negative.
|
|
|
|
|
*/
|
|
|
|
|
p += emLen - sLen - hLen - 2;
|
|
|
|
|
*p++ ^= 0x1;
|
|
|
|
|
if (sLen > 0) {
|
|
|
|
|
for (i = 0; i < sLen; i++)
|
|
|
|
|
*p++ ^= salt[i];
|
|
|
|
|
}
|
|
|
|
|
if (MSBits)
|
|
|
|
|
EM[0] &= 0xFF >> (8 - MSBits);
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
/* H is already in place so just set final 0xbc */
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
EM[emLen - 1] = 0xbc;
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
ret = 1;
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
err:
|
2015-12-02 07:49:35 +08:00
|
|
|
EVP_MD_CTX_free(ctx);
|
2018-09-09 22:33:12 +08:00
|
|
|
OPENSSL_clear_free(salt, (size_t)sLen); /* salt != NULL implies sLen > 0 */
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
return ret;
|
2005-05-29 04:44:37 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2005-08-08 06:21:49 +08:00
|
|
|
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
/*
|
|
|
|
|
* The defaults for PSS restrictions are defined in RFC 8017, A.2.3 RSASSA-PSS
|
|
|
|
|
* (https://tools.ietf.org/html/rfc8017#appendix-A.2.3):
|
|
|
|
|
*
|
|
|
|
|
* If the default values of the hashAlgorithm, maskGenAlgorithm, and
|
|
|
|
|
* trailerField fields of RSASSA-PSS-params are used, then the algorithm
|
|
|
|
|
* identifier will have the following value:
|
|
|
|
|
*
|
|
|
|
|
* rSASSA-PSS-Default-Identifier RSASSA-AlgorithmIdentifier ::= {
|
|
|
|
|
* algorithm id-RSASSA-PSS,
|
|
|
|
|
* parameters RSASSA-PSS-params : {
|
|
|
|
|
* hashAlgorithm sha1,
|
|
|
|
|
* maskGenAlgorithm mgf1SHA1,
|
|
|
|
|
* saltLength 20,
|
|
|
|
|
* trailerField trailerFieldBC
|
|
|
|
|
* }
|
|
|
|
|
* }
|
|
|
|
|
*
|
|
|
|
|
* RSASSA-AlgorithmIdentifier ::= AlgorithmIdentifier {
|
|
|
|
|
* {PKCS1Algorithms}
|
|
|
|
|
* }
|
|
|
|
|
*/
|
|
|
|
|
static const RSA_PSS_PARAMS_30 default_RSASSA_PSS_params = {
|
|
|
|
|
NID_sha1, /* default hashAlgorithm */
|
|
|
|
|
{
|
|
|
|
|
NID_mgf1, /* default maskGenAlgorithm */
|
|
|
|
|
NID_sha1 /* default MGF1 hash */
|
|
|
|
|
},
|
|
|
|
|
20, /* default saltLength */
|
|
|
|
|
1 /* default trailerField (0xBC) */
|
|
|
|
|
};
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
*rsa_pss_params = default_RSASSA_PSS_params;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
static RSA_PSS_PARAMS_30 pss_params_cmp = { 0, };
|
|
|
|
|
|
|
|
|
|
return rsa_pss_params == NULL
|
|
|
|
|
|| memcmp(rsa_pss_params, &pss_params_cmp,
|
|
|
|
|
sizeof(*rsa_pss_params)) == 0;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to,
|
|
|
|
|
const RSA_PSS_PARAMS_30 *from)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
memcpy(to, from, sizeof(*to));
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
|
|
|
|
|
int hashalg_nid)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
rsa_pss_params->hash_algorithm_nid = hashalg_nid;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
|
|
|
|
|
int maskgenalg_nid)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
rsa_pss_params->mask_gen.algorithm_nid = maskgenalg_nid;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
|
|
|
|
|
int maskgenhashalg_nid)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
rsa_pss_params->mask_gen.hash_algorithm_nid = maskgenhashalg_nid;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params,
|
|
|
|
|
int saltlen)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
rsa_pss_params->salt_len = saltlen;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params,
|
|
|
|
|
int trailerfield)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
rsa_pss_params->trailer_field = trailerfield;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return default_RSASSA_PSS_params.hash_algorithm_nid;
|
|
|
|
|
return rsa_pss_params->hash_algorithm_nid;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return default_RSASSA_PSS_params.mask_gen.algorithm_nid;
|
|
|
|
|
return rsa_pss_params->mask_gen.algorithm_nid;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return default_RSASSA_PSS_params.hash_algorithm_nid;
|
|
|
|
|
return rsa_pss_params->mask_gen.hash_algorithm_nid;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return default_RSASSA_PSS_params.salt_len;
|
|
|
|
|
return rsa_pss_params->salt_len;
|
|
|
|
|
}
|
|
|
|
|
|
rsa: add ossl_ prefix to internal rsa_ calls.
The functions being:
rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
rsa_check_prime_factor, rsa_check_prime_factor_range,
rsa_check_private_exponent, rsa_check_public_exponent,
rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
rsa_padding_add_PKCS1_type_2_with_libctx,
rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
rsa_validate_private and rsa_validate_public.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
2020-09-30 12:20:14 +08:00
|
|
|
int ossl_rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params)
|
RSA: Add a less loaded PSS-parameter structure
RSA_PSS_PARAMS carries with it a lot of baggage in form of X509_ALGOR
and ASN1_INTEGER, which we would rather avoid in our providers.
Therefore, we create a parallell structure - RSA_PSS_PARAMS_30 - that
contains the same information, but uses numeric identities (*) and C
integers (**). This makes it simpler to handle.
Note that neither this structure nor its contents are passed between
libcrypto and the providers. Instead, the numeric identities are
translated to and from names, which are then passed over that
boundary.
For future considerations, we might consider dropping RSA_PSS_PARAMS
entirely. For now, it's still reserved for EVP_PKEY_ASN1_METHOD code,
which RSA_PSS_PARAMS_30 is (almost entirely) reserved for use in our
providers.
(*) We use NIDs in this case, because we already have them and because
only algorithms that libcrypto knows about are permitted in PSS
restrictions. We could use any number series we want, as long as we
know for sure what they represent.
(**) That's for saltlen and for trailerfield, which are never expect
to surpass the set of numbers that fit in a regular 'int'.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
2020-05-02 18:46:55 +08:00
|
|
|
{
|
|
|
|
|
if (rsa_pss_params == NULL)
|
|
|
|
|
return default_RSASSA_PSS_params.trailer_field;
|
|
|
|
|
return rsa_pss_params->trailer_field;
|
|
|
|
|
}
|
|
|
|
|
|
2005-08-08 06:21:49 +08:00
|
|
|
#if defined(_MSC_VER)
|
2015-01-22 11:40:55 +08:00
|
|
|
# pragma optimize("",on)
|
2005-08-08 06:21:49 +08:00
|
|
|
#endif
|
