mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-31 20:10:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

rsa: add ossl_ prefix to internal rsa_ calls.

Browse Source 
The functions being:
    rsa_check_crt_components, rsa_check_key, rsa_check_pminusq_diff,
    rsa_check_prime_factor, rsa_check_prime_factor_range,
    rsa_check_private_exponent, rsa_check_public_exponent,
    rsa_digestinfo_encoding, rsa_fips186_4_gen_prob_primes, rsa_fromdata,
    rsa_get0_all_params, rsa_get0_libctx, rsa_get0_pss_params_30,
    rsa_get_lcm, rsa_mgf_nid2name, rsa_mp_coeff_names, rsa_mp_exp_names,
    rsa_mp_factor_names, rsa_new_with_ctx, rsa_oaeppss_md2nid,
    rsa_oaeppss_nid2name, rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx,
    rsa_padding_add_PKCS1_type_2_with_libctx,
    rsa_padding_add_SSLv23_with_libctx, rsa_padding_check_PKCS1_type_2_TLS,
    rsa_pkey_method, rsa_pss_params_30_copy, rsa_pss_params_30_fromdata,
    rsa_pss_params_30_hashalg, rsa_pss_params_30_is_unrestricted,
    rsa_pss_params_30_maskgenalg, rsa_pss_params_30_maskgenhashalg,
    rsa_pss_params_30_saltlen, rsa_pss_params_30_set_defaults,
    rsa_pss_params_30_set_hashalg, rsa_pss_params_30_set_maskgenalg,
    rsa_pss_params_30_set_maskgenhashalg, rsa_pss_params_30_set_saltlen,
    rsa_pss_params_30_set_trailerfield, rsa_pss_params_30_todata,
    rsa_pss_params_30_trailerfield, rsa_pss_pkey_method, rsa_set0_all_params,
    rsa_sp800_56b_check_keypair, rsa_sp800_56b_check_private,
    rsa_sp800_56b_check_public, rsa_sp800_56b_derive_params_from_pq,
    rsa_sp800_56b_generate_key, rsa_sp800_56b_pairwise_test,
    rsa_sp800_56b_validate_strength, rsa_todata, rsa_validate_pairwise,
    rsa_validate_private and rsa_validate_public.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13040)
This commit is contained in:
Pauli 2020-09-30 14:20:14 +10:00
parent a21db568bf
commit 23b2fc0b50
34 changed files with 439 additions and 434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
crypto/err/openssl.txt
View File

@ -1168,7 +1168,6 @@ RSA_F_RSA_CHECK_KEY:123:RSA_check_key
RSA_F_RSA_CHECK_KEY_EX:160:RSA_check_key_ex
RSA_F_RSA_CMS_DECRYPT:159:rsa_cms_decrypt
RSA_F_RSA_CMS_VERIFY:158:rsa_cms_verify
RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES:168:rsa_fips186_4_gen_prob_primes
RSA_F_RSA_ITEM_VERIFY:148:rsa_item_verify
RSA_F_RSA_METH_DUP:161:RSA_meth_dup
RSA_F_RSA_METH_NEW:162:RSA_meth_new
@ -1212,10 +1211,6 @@ RSA_F_RSA_PUB_DECODE:139:rsa_pub_decode
RSA_F_RSA_SETUP_BLINDING:136:RSA_setup_blinding
RSA_F_RSA_SIGN:117:RSA_sign
RSA_F_RSA_SIGN_ASN1_OCTET_STRING:118:RSA_sign_ASN1_OCTET_STRING
RSA_F_RSA_SP800_56B_CHECK_KEYPAIR:169:rsa_sp800_56b_check_keypair
RSA_F_RSA_SP800_56B_CHECK_PUBLIC:170:rsa_sp800_56b_check_public
RSA_F_RSA_SP800_56B_PAIRWISE_TEST:171:rsa_sp800_56b_pairwise_test
RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH:172:rsa_sp800_56b_validate_strength
RSA_F_RSA_VERIFY:119:RSA_verify
RSA_F_RSA_VERIFY_ASN1_OCTET_STRING:120:RSA_verify_ASN1_OCTET_STRING
RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1:126:RSA_verify_PKCS1_PSS_mgf1

4
crypto/evp/pmeth_lib.c
View File

@ -50,7 +50,7 @@ static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
/* This array needs to be in order of NIDs */
static pmeth_fn standard_methods[] = {
# ifndef OPENSSL_NO_RSA
rsa_pkey_method,
ossl_rsa_pkey_method,
# endif
# ifndef OPENSSL_NO_DH
dh_pkey_method,
@ -62,7 +62,7 @@ static pmeth_fn standard_methods[] = {
ec_pkey_method,
# endif
# ifndef OPENSSL_NO_RSA
rsa_pss_pkey_method,
ossl_rsa_pss_pkey_method,
# endif
# ifndef OPENSSL_NO_DH
dhx_pkey_method,

47
crypto/rsa/rsa_ameth.c
View File

@ -777,7 +777,7 @@ static int rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
RSA_PSS_PARAMS_30 pss_params;
/* Get the defaults from the ONE place */
(void)rsa_pss_params_30_set_defaults(&pss_params);
(void)ossl_rsa_pss_params_30_set_defaults(&pss_params);
if (pss == NULL)
return 0;
@ -790,11 +790,11 @@ static int rsa_pss_get_param_unverified(const RSA_PSS_PARAMS *pss,
if (pss->saltLength)
*psaltlen = ASN1_INTEGER_get(pss->saltLength);
else
*psaltlen = rsa_pss_params_30_saltlen(&pss_params);
*psaltlen = ossl_rsa_pss_params_30_saltlen(&pss_params);
if (pss->trailerField)
*ptrailerField = ASN1_INTEGER_get(pss->trailerField);
else
*ptrailerField = rsa_pss_params_30_trailerfield(&pss_params);;
*ptrailerField = ossl_rsa_pss_params_30_trailerfield(&pss_params);;
return 1;
}
@ -838,11 +838,13 @@ static int rsa_sync_to_pss_params_30(RSA *rsa)
return 0;
md_nid = EVP_MD_type(md);
mgf1md_nid = EVP_MD_type(mgf1md);
if (!rsa_pss_params_30_set_defaults(&pss_params)
|| !rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
|| !rsa_pss_params_30_set_maskgenhashalg(&pss_params, mgf1md_nid)
|| !rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
|| !rsa_pss_params_30_set_trailerfield(&pss_params, trailerField))
if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
|| !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
|| !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
mgf1md_nid)
|| !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
|| !ossl_rsa_pss_params_30_set_trailerfield(&pss_params,
trailerField))
return 0;
rsa->pss_params = pss_params;
}
@ -1214,7 +1216,7 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
if (RSA_get0_n(rsa) == NULL || RSA_get0_e(rsa) == NULL)
goto err;
if (!rsa_todata(rsa, tmpl, NULL))
if (!ossl_rsa_todata(rsa, tmpl, NULL))
goto err;
selection |= OSSL_KEYMGMT_SELECT_PUBLIC_KEY;
@ -1231,11 +1233,12 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
goto err;
md_nid = EVP_MD_type(md);
mgf1md_nid = EVP_MD_type(mgf1md);
if (!rsa_pss_params_30_set_defaults(&pss_params)
|| !rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
|| !rsa_pss_params_30_set_maskgenhashalg(&pss_params, mgf1md_nid)
|| !rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
|| !rsa_pss_params_30_todata(&pss_params, tmpl, NULL))
if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
|| !ossl_rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
|| !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
mgf1md_nid)
|| !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
|| !ossl_rsa_pss_params_30_todata(&pss_params, tmpl, NULL))
goto err;
selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
}
@ -1257,7 +1260,7 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
{
EVP_PKEY_CTX *pctx = vpctx;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
RSA *rsa = rsa_new_with_ctx(pctx->libctx);
RSA *rsa = ossl_rsa_new_with_ctx(pctx->libctx);
RSA_PSS_PARAMS_30 rsa_pss_params = { 0, };
int ok = 0;
@ -1269,7 +1272,7 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, rsa_type);
if (!rsa_pss_params_30_fromdata(&rsa_pss_params, params, pctx->libctx))
if (!ossl_rsa_pss_params_30_fromdata(&rsa_pss_params, params, pctx->libctx))
goto err;
switch (rsa_type) {
@ -1278,7 +1281,7 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
* Were PSS parameters filled in?
* In that case, something's wrong
*/
if (!rsa_pss_params_30_is_unrestricted(&rsa_pss_params))
if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params))
goto err;
break;
case RSA_FLAG_TYPE_RSASSAPSS:
@ -1286,11 +1289,11 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
* Were PSS parameters filled in? In that case, create the old
* RSA_PSS_PARAMS structure. Otherwise, this is an unrestricted key.
*/
if (!rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) {
if (!ossl_rsa_pss_params_30_is_unrestricted(&rsa_pss_params)) {
/* Create the older RSA_PSS_PARAMS from RSA_PSS_PARAMS_30 data */
int mdnid = rsa_pss_params_30_hashalg(&rsa_pss_params);
int mgf1mdnid = rsa_pss_params_30_maskgenhashalg(&rsa_pss_params);
int saltlen = rsa_pss_params_30_saltlen(&rsa_pss_params);
int mdnid = ossl_rsa_pss_params_30_hashalg(&rsa_pss_params);
int mgf1mdnid = ossl_rsa_pss_params_30_maskgenhashalg(&rsa_pss_params);
int saltlen = ossl_rsa_pss_params_30_saltlen(&rsa_pss_params);
const EVP_MD *md = EVP_get_digestbynid(mdnid);
const EVP_MD *mgf1md = EVP_get_digestbynid(mgf1mdnid);
@ -1303,7 +1306,7 @@ static int rsa_int_import_from(const OSSL_PARAM params[], void *vpctx,
goto err;
}
if (!rsa_fromdata(rsa, params))
if (!ossl_rsa_fromdata(rsa, params))
goto err;
switch (rsa_type) {

70
crypto/rsa/rsa_backend.c
View File

@ -48,7 +48,7 @@ static int collect_numbers(STACK_OF(BIGNUM) *numbers,
return 1;
}
int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
{
const OSSL_PARAM *param_n, *param_e, *param_d;
BIGNUM *n = NULL, *e = NULL, *d = NULL;
@ -75,16 +75,16 @@ int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
if (is_private) {
if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
rsa_mp_factor_names)
ossl_rsa_mp_factor_names)
|| !collect_numbers(exps = sk_BIGNUM_new_null(), params,
rsa_mp_exp_names)
ossl_rsa_mp_exp_names)
|| !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
rsa_mp_coeff_names))
ossl_rsa_mp_coeff_names))
goto err;
/* It's ok if this private key just has n, e and d */
if (sk_BIGNUM_num(factors) != 0
&& !rsa_set0_all_params(rsa, factors, exps, coeffs))
&& !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
goto err;
}
@ -106,7 +106,7 @@ int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
int ret = 0;
const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
@ -118,7 +118,7 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
goto err;
RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
rsa_get0_all_params(rsa, factors, exps, coeffs);
ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);
if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
|| !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
@ -142,11 +142,13 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
rsa_d)
|| !ossl_param_build_set_multi_key_bn(bld, params,
rsa_mp_factor_names, factors)
ossl_rsa_mp_factor_names,
factors)
|| !ossl_param_build_set_multi_key_bn(bld, params,
rsa_mp_exp_names, exps)
ossl_rsa_mp_exp_names, exps)
|| !ossl_param_build_set_multi_key_bn(bld, params,
rsa_mp_coeff_names, coeffs))
ossl_rsa_mp_coeff_names,
coeffs))
goto err;
}
@ -163,26 +165,27 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
return ret;
}
int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
if (!rsa_pss_params_30_is_unrestricted(pss)) {
int hashalg_nid = rsa_pss_params_30_hashalg(pss);
int maskgenalg_nid = rsa_pss_params_30_maskgenalg(pss);
int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss);
int saltlen = rsa_pss_params_30_saltlen(pss);
int default_hashalg_nid = rsa_pss_params_30_hashalg(NULL);
int default_maskgenalg_nid = rsa_pss_params_30_maskgenalg(NULL);
int default_maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(NULL);
if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
int default_maskgenhashalg_nid =
ossl_rsa_pss_params_30_maskgenhashalg(NULL);
const char *mdname =
(hashalg_nid == default_hashalg_nid
? NULL : rsa_oaeppss_nid2name(hashalg_nid));
? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
const char *mgfname =
(maskgenalg_nid == default_maskgenalg_nid
? NULL : rsa_oaeppss_nid2name(maskgenalg_nid));
? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
const char *mgf1mdname =
(maskgenhashalg_nid == default_maskgenhashalg_nid
? NULL : rsa_oaeppss_nid2name(maskgenhashalg_nid));
? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
@ -207,8 +210,9 @@ int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
return 1;
}
int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
const OSSL_PARAM params[], OPENSSL_CTX *libctx)
int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
const OSSL_PARAM params[],
OPENSSL_CTX *libctx)
{
const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md, *param_saltlen;
const OSSL_PARAM *param_propq;
@ -241,11 +245,11 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
*/
if (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL
|| param_saltlen != NULL)
if (!rsa_pss_params_30_set_defaults(pss_params))
if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
return 0;
if (param_mgf != NULL) {
int default_maskgenalg_nid = rsa_pss_params_30_maskgenalg(NULL);
int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
const char *mgfname = NULL;
if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
@ -255,7 +259,7 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
/* TODO Revisit this if / when a new MGF algorithm appears */
if (strcasecmp(param_mgf->data,
rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
return 0;
}
@ -273,8 +277,8 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
goto err;
if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
|| !rsa_pss_params_30_set_hashalg(pss_params,
rsa_oaeppss_md2nid(md)))
|| !ossl_rsa_pss_params_30_set_hashalg(pss_params,
ossl_rsa_oaeppss_md2nid(md)))
goto err;
}
@ -287,14 +291,14 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
goto err;
if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
|| !rsa_pss_params_30_set_maskgenhashalg(pss_params,
rsa_oaeppss_md2nid(mgf1md)))
|| !ossl_rsa_pss_params_30_set_maskgenhashalg(
pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
goto err;
}
if (param_saltlen != NULL) {
if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
|| !rsa_pss_params_30_set_saltlen(pss_params, saltlen))
|| !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
goto err;
}

18
crypto/rsa/rsa_chk.c
View File

@ -230,20 +230,20 @@ static int rsa_validate_keypair_multiprime(const RSA *key, BN_GENCB *cb)
}
#endif /* FIPS_MODULE */
int rsa_validate_public(const RSA *key)
int ossl_rsa_validate_public(const RSA *key)
{
return rsa_sp800_56b_check_public(key);
return ossl_rsa_sp800_56b_check_public(key);
}
int rsa_validate_private(const RSA *key)
int ossl_rsa_validate_private(const RSA *key)
{
return rsa_sp800_56b_check_private(key);
return ossl_rsa_sp800_56b_check_private(key);
}
int rsa_validate_pairwise(const RSA *key)
int ossl_rsa_validate_pairwise(const RSA *key)
{
#ifdef FIPS_MODULE
return rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key));
return ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key));
#else
return rsa_validate_keypair_multiprime(key, NULL);
#endif
@ -257,9 +257,9 @@ int RSA_check_key(const RSA *key)
int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
{
#ifdef FIPS_MODULE
return rsa_validate_public(key)
&& rsa_validate_private(key)
&& rsa_validate_pairwise(key);
return ossl_rsa_validate_public(key)
&& ossl_rsa_validate_private(key)
&& ossl_rsa_validate_pairwise(key);
#else
return rsa_validate_keypair_multiprime(key, cb);
#endif /* FIPS_MODULE */

4
crypto/rsa/rsa_gen.c
View File

@ -92,7 +92,7 @@ static int rsa_multiprime_keygen(RSA *rsa, int bits, int primes,
}
/* A bad value for e can cause infinite loops */
if (e_value != NULL && !rsa_check_public_exponent(e_value)) {
if (e_value != NULL && !ossl_rsa_check_public_exponent(e_value)) {
RSAerr(0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
return 0;
}
@ -429,7 +429,7 @@ static int rsa_keygen(OPENSSL_CTX *libctx, RSA *rsa, int bits, int primes,
* the older rsa_multiprime_keygen().
*/
if (primes == 2 && bits >= 2048)
ok = rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
ok = ossl_rsa_sp800_56b_generate_key(rsa, bits, e_value, cb);
#ifndef FIPS_MODULE
else
ok = rsa_multiprime_keygen(rsa, bits, primes, e_value, cb);

18
crypto/rsa/rsa_lib.c
View File

@ -66,7 +66,7 @@ RSA *RSA_new_method(ENGINE *engine)
}
#endif
RSA *rsa_new_with_ctx(OPENSSL_CTX *libctx)
RSA *ossl_rsa_new_with_ctx(OPENSSL_CTX *libctx)
{
return rsa_new_intern(NULL, libctx);
}
@ -189,7 +189,7 @@ int RSA_up_ref(RSA *r)
return i > 1 ? 1 : 0;
}
OPENSSL_CTX *rsa_get0_libctx(RSA *r)
OPENSSL_CTX *ossl_rsa_get0_libctx(RSA *r)
{
return r->libctx;
}
@ -654,7 +654,7 @@ const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)
}
/* Internal */
RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r)
RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r)
{
return &r->pss_params;
}
@ -699,9 +699,9 @@ int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
DEFINE_STACK_OF(BIGNUM)
int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
const STACK_OF(BIGNUM) *exps,
const STACK_OF(BIGNUM) *coeffs)
int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
const STACK_OF(BIGNUM) *exps,
const STACK_OF(BIGNUM) *coeffs)
{
#ifndef FIPS_MODULE
STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL;
@ -797,9 +797,9 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs)
int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs)
{
#ifndef FIPS_MODULE
RSA_PRIME_INFO *pinfo;

57
crypto/rsa/rsa_local.h
View File

@ -169,37 +169,38 @@ RSA_PRIME_INFO *rsa_multip_info_new(void);
int rsa_multip_calc_product(RSA *rsa);
int rsa_multip_cap(int bits);
int rsa_sp800_56b_validate_strength(int nbits, int strength);
int rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q,
int nbits);
int rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q,
BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1,
BIGNUM *p1q1);
int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength);
int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q,
int nbits);
int ossl_rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q,
BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1,
BIGNUM *p1q1);
int rsa_check_public_exponent(const BIGNUM *e);
int rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx);
int rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx);
int rsa_check_prime_factor_range(const BIGNUM *p, int nbits, BN_CTX *ctx);
int rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx);
int ossl_rsa_check_public_exponent(const BIGNUM *e);
int ossl_rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx);
int ossl_rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx);
int ossl_rsa_check_prime_factor_range(const BIGNUM *p, int nbits, BN_CTX *ctx);
int ossl_rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx);
int rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx);
int rsa_sp800_56b_check_public(const RSA *rsa);
int rsa_sp800_56b_check_private(const RSA *rsa);
int rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
int strength, int nbits);
int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
BN_GENCB *cb);
int ossl_rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx);
int ossl_rsa_sp800_56b_check_public(const RSA *rsa);
int ossl_rsa_sp800_56b_check_private(const RSA *rsa);
int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
int strength, int nbits);
int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
BN_GENCB *cb);
int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits,
const BIGNUM *e, BN_CTX *ctx);
int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
int nbits, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb);
int ossl_rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits,
const BIGNUM *e, BN_CTX *ctx);
int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
int nbits, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb);
int rsa_padding_add_SSLv23_ex(OPENSSL_CTX *libctx, unsigned char *to, int tlen,
const unsigned char *from, int flen);
int rsa_padding_add_PKCS1_type_2_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen);
int ossl_rsa_padding_add_SSLv23_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen);
int ossl_rsa_padding_add_PKCS1_type_2_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen);
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */

6
crypto/rsa/rsa_mp_names.c
View File

@ -20,7 +20,7 @@
* A fixed table of names for the RSA prime factors starting with
* P,Q and up to 8 additional primes.
*/
const char *rsa_mp_factor_names[] = {
const char *ossl_rsa_mp_factor_names[] = {
OSSL_PKEY_PARAM_RSA_FACTOR1,
OSSL_PKEY_PARAM_RSA_FACTOR2,
#ifndef FIPS_MODULE
@ -40,7 +40,7 @@ const char *rsa_mp_factor_names[] = {
* A fixed table of names for the RSA exponents starting with
* DP,DQ and up to 8 additional exponents.
*/
const char *rsa_mp_exp_names[] = {
const char *ossl_rsa_mp_exp_names[] = {
OSSL_PKEY_PARAM_RSA_EXPONENT1,
OSSL_PKEY_PARAM_RSA_EXPONENT2,
#ifndef FIPS_MODULE
@ -60,7 +60,7 @@ const char *rsa_mp_exp_names[] = {
* A fixed table of names for the RSA coefficients starting with
* QINV and up to 8 additional exponents.
*/
const char *rsa_mp_coeff_names[] = {
const char *ossl_rsa_mp_coeff_names[] = {
OSSL_PKEY_PARAM_RSA_COEFFICIENT1,
#ifndef FIPS_MODULE
OSSL_PKEY_PARAM_RSA_COEFFICIENT2,

19
crypto/rsa/rsa_oaep.c
View File

@ -40,8 +40,8 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param, int plen)
{
return rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, param,
plen, NULL, NULL);
return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen,
param, plen, NULL, NULL);
}
/*
@ -51,11 +51,12 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
* Step numbers are included here but not in the constant time inverse below
* to avoid complicating an already difficult enough function.
*/
int rsa_padding_add_PKCS1_OAEP_mgf1_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen, const unsigned char *param,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md)
int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OPENSSL_CTX *libctx,
unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md)
{
int rv = 0;
int i, emlen = tlen - 1;
@ -138,8 +139,8 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
const unsigned char *param, int plen,
const EVP_MD *md, const EVP_MD *mgf1md)
{
return rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen, param,
plen, md, mgf1md);
return ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(NULL, to, tlen, from, flen,
param, plen, md, mgf1md);
}
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,

10
crypto/rsa/rsa_ossl.c
View File

@ -111,15 +111,17 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
switch (padding) {
case RSA_PKCS1_PADDING:
i = rsa_padding_add_PKCS1_type_2_ex(rsa->libctx, buf, num, from, flen);
i = ossl_rsa_padding_add_PKCS1_type_2_ex(rsa->libctx, buf, num,
from, flen);
break;
case RSA_PKCS1_OAEP_PADDING:
i = rsa_padding_add_PKCS1_OAEP_mgf1_ex(rsa->libctx, buf, num, from,
flen, NULL, 0, NULL, NULL);
i = ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(rsa->libctx, buf, num,
from, flen, NULL, 0,
NULL, NULL);
break;
#ifndef FIPS_MODULE
case RSA_SSLV23_PADDING:
i = rsa_padding_add_SSLv23_ex(rsa->libctx, buf, num, from, flen);
i = ossl_rsa_padding_add_SSLv23_ex(rsa->libctx, buf, num, from, flen);
break;
#endif
case RSA_NO_PADDING:

19
crypto/rsa/rsa_pk1.c
View File

@ -124,9 +124,9 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
return j;
}
int rsa_padding_add_PKCS1_type_2_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen)
int ossl_rsa_padding_add_PKCS1_type_2_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen)
{
int i, j;
unsigned char *p;
@ -164,7 +164,7 @@ int rsa_padding_add_PKCS1_type_2_ex(OPENSSL_CTX *libctx, unsigned char *to,
int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *from, int flen)
{
return rsa_padding_add_PKCS1_type_2_ex(NULL, to, tlen, from, flen);
return ossl_rsa_padding_add_PKCS1_type_2_ex(NULL, to, tlen, from, flen);
}
int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
@ -278,7 +278,7 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
}
/*
* rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
* ossl_rsa_padding_check_PKCS1_type_2_TLS() checks and removes the PKCS1 type 2
* padding from a decrypted RSA message in a TLS signature. The result is stored
* in the buffer pointed to by |to| which should be |tlen| bytes long. |tlen|
* must be at least SSL_MAX_MASTER_KEY_LENGTH. The original decrypted message
@ -298,10 +298,11 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
* decrypted data will be randomly generated (as per
* https://tools.ietf.org/html/rfc5246#section-7.4.7.1).
*/
int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *libctx, unsigned char *to,
size_t tlen, const unsigned char *from,
size_t flen, int client_version,
int alt_version)
int ossl_rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *libctx,
unsigned char *to, size_t tlen,
const unsigned char *from,
size_t flen, int client_version,
int alt_version)
{
unsigned int i, good, version_good;
unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];

4
crypto/rsa/rsa_pmeth.c
View File

@ -798,7 +798,7 @@ static const EVP_PKEY_METHOD rsa_pkey_meth = {
pkey_rsa_ctrl_str
};
const EVP_PKEY_METHOD *rsa_pkey_method(void)
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void)
{
return &rsa_pkey_meth;
}
@ -874,7 +874,7 @@ static const EVP_PKEY_METHOD rsa_pss_pkey_meth = {
pkey_rsa_ctrl_str
};
const EVP_PKEY_METHOD *rsa_pss_pkey_method(void)
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void)
{
return &rsa_pss_pkey_meth;
}

38
crypto/rsa/rsa_pss.c
View File

@ -288,7 +288,7 @@ static const RSA_PSS_PARAMS_30 default_RSASSA_PSS_params = {
1 /* default trailerField (0xBC) */
};
int rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params)
int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params)
{
if (rsa_pss_params == NULL)
return 0;
@ -296,7 +296,7 @@ int rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params)
return 1;
}
int rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params)
int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params)
{
static RSA_PSS_PARAMS_30 pss_params_cmp = { 0, };
@ -305,15 +305,15 @@ int rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params)
sizeof(*rsa_pss_params)) == 0;
}
int rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to,
const RSA_PSS_PARAMS_30 *from)
int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to,
const RSA_PSS_PARAMS_30 *from)
{
memcpy(to, from, sizeof(*to));
return 1;
}
int rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int hashalg_nid)
int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int hashalg_nid)
{
if (rsa_pss_params == NULL)
return 0;
@ -321,8 +321,8 @@ int rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
return 1;
}
int rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenalg_nid)
int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenalg_nid)
{
if (rsa_pss_params == NULL)
return 0;
@ -330,8 +330,8 @@ int rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
return 1;
}
int rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenhashalg_nid)
int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenhashalg_nid)
{
if (rsa_pss_params == NULL)
return 0;
@ -339,8 +339,8 @@ int rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
return 1;
}
int rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params,
int saltlen)
int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params,
int saltlen)
{
if (rsa_pss_params == NULL)
return 0;
@ -348,8 +348,8 @@ int rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params,
return 1;
}
int rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params,
int trailerfield)
int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params,
int trailerfield)
{
if (rsa_pss_params == NULL)
return 0;
@ -357,35 +357,35 @@ int rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params,
return 1;
}
int rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
int ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
{
if (rsa_pss_params == NULL)
return default_RSASSA_PSS_params.hash_algorithm_nid;
return rsa_pss_params->hash_algorithm_nid;
}
int rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
int ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
{
if (rsa_pss_params == NULL)
return default_RSASSA_PSS_params.mask_gen.algorithm_nid;
return rsa_pss_params->mask_gen.algorithm_nid;
}
int rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
int ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params)
{
if (rsa_pss_params == NULL)
return default_RSASSA_PSS_params.hash_algorithm_nid;
return rsa_pss_params->mask_gen.hash_algorithm_nid;
}
int rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params)
int ossl_rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params)
{
if (rsa_pss_params == NULL)
return default_RSASSA_PSS_params.salt_len;
return rsa_pss_params->salt_len;
}
int rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params)
int ossl_rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params)
{
if (rsa_pss_params == NULL)
return default_RSASSA_PSS_params.trailer_field;

6
crypto/rsa/rsa_schemes.c
View File

@ -67,18 +67,18 @@ static int md_is_a(const void *md, const char *name)
return EVP_MD_is_a(md, name);
}
int rsa_oaeppss_md2nid(const EVP_MD *md)
int ossl_rsa_oaeppss_md2nid(const EVP_MD *md)
{
return meth2nid(md, md_is_a,
oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map));
}
const char *rsa_oaeppss_nid2name(int md)
const char *ossl_rsa_oaeppss_nid2name(int md)
{
return nid2name(md, oaeppss_name_nid_map, OSSL_NELEM(oaeppss_name_nid_map));
}
const char *rsa_mgf_nid2name(int mgf)
const char *ossl_rsa_mgf_nid2name(int mgf)
{
if (mgf == NID_mgf1)
return SN_mgf1;

4
crypto/rsa/rsa_sign.c
View File

@ -150,7 +150,7 @@ ENCODE_DIGESTINFO_SHA(sha3_512, 0x0a, SHA512_DIGEST_LENGTH)
*len = sizeof(digestinfo_##name##_der); \
return digestinfo_##name##_der;
const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len)
const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len)
{
switch (md_nid) {
#ifndef FIPS_MODULE
@ -250,7 +250,7 @@ static int encode_pkcs1(unsigned char **out, size_t *out_len, int type,
RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
di_prefix = rsa_digestinfo_encoding(type, &di_prefix_len);
di_prefix = ossl_rsa_digestinfo_encoding(type, &di_prefix_len);
if (di_prefix == NULL) {
RSAerr(RSA_F_ENCODE_PKCS1,
RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

73
crypto/rsa/rsa_sp800_56b_check.c
View File

@ -21,7 +21,7 @@
* 6.4.1.2.3: rsakpv1-crt Step 7
* 6.4.1.3.3: rsakpv2-crt Step 7
*/
int rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx)
int ossl_rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *r = NULL, *p1 = NULL, *q1 = NULL;
@ -85,7 +85,7 @@ int rsa_check_crt_components(const RSA *rsa, BN_CTX *ctx)
*
* (2)(2^(nbits/2 - 1) = (2/2)(2^(nbits/2))
*/
int rsa_check_prime_factor_range(const BIGNUM *p, int nbits, BN_CTX *ctx)
int ossl_rsa_check_prime_factor_range(const BIGNUM *p, int nbits, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *low;
@ -133,7 +133,7 @@ err:
*
* See SP800-56Br1 6.4.1.2.3 Step 5 (a to d) & (e to h).
*/
int rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx)
int ossl_rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *p1 = NULL, *gcd = NULL;
@ -141,7 +141,7 @@ int rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx)
/* (Steps 5 a-b) prime test */
if (BN_check_prime(p, ctx, NULL) != 1
/* (Step 5c) (√2)(2^(nbits/2 - 1) <= p <= 2^(nbits/2 - 1) */
|| rsa_check_prime_factor_range(p, nbits, ctx) != 1)
|| ossl_rsa_check_prime_factor_range(p, nbits, ctx) != 1)
return 0;
BN_CTX_start(ctx);
@ -172,7 +172,7 @@ int rsa_check_prime_factor(BIGNUM *p, BIGNUM *e, int nbits, BN_CTX *ctx)
* (Step 6a) 2^(nBit/2) < d < LCM(p1, q1).
* (Step 6b) 1 = (d*e) mod LCM(p1, q1)
*/
int rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx)
int ossl_rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx)
{
int ret;
BIGNUM *r, *p1, *q1, *lcm, *p1q1, *gcd;
@ -201,7 +201,8 @@ int rsa_check_private_exponent(const RSA *rsa, int nbits, BN_CTX *ctx)
}
ret = (ret
/* LCM(p - 1, q - 1) */
&& (rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, p1q1) == 1)
&& (ossl_rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1,
p1q1) == 1)
/* (Step 6a) d < LCM(p - 1, q - 1) */
&& (BN_cmp(rsa->d, lcm) < 0)
/* (Step 6b) 1 = (e . d) mod LCM(p - 1, q - 1) */
@ -229,7 +230,7 @@ static int bn_is_three(const BIGNUM *bn)
#endif /* FIPS_MODULE */
/* Check exponent is odd, and has a bitlen ranging from [17..256] */
int rsa_check_public_exponent(const BIGNUM *e)
int ossl_rsa_check_public_exponent(const BIGNUM *e)
{
int bitlen;
@ -247,7 +248,7 @@ int rsa_check_public_exponent(const BIGNUM *e)
* SP800-56Br1 6.4.1.2.1 (Step 5i): |p - q| > 2^(nbits/2 - 100)
* i.e- numbits(p-q-1) > (nbits/2 -100)
*/
int rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q,
int ossl_rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q,
int nbits)
{
int bitlen = (nbits >> 1) - 100;
@ -270,9 +271,9 @@ int rsa_check_pminusq_diff(BIGNUM *diff, const BIGNUM *p, const BIGNUM *q,
* Caller should ensure that lcm, gcd, p1, q1, p1q1 are flagged with
* BN_FLG_CONSTTIME.
*/
int rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q,
BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1,
BIGNUM *p1q1)
int ossl_rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q,
BIGNUM *lcm, BIGNUM *gcd, BIGNUM *p1, BIGNUM *q1,
BIGNUM *p1q1)
{
return BN_sub(p1, p, BN_value_one()) /* p-1 */
&& BN_sub(q1, q, BN_value_one()) /* q-1 */
@ -286,7 +287,7 @@ int rsa_get_lcm(BN_CTX *ctx, const BIGNUM *p, const BIGNUM *q,
* SP800-89 5.3.3 (Explicit) Partial Public Key Validation for RSA
* caveat is that the modulus must be as specified in SP800-56Br1
*/
int rsa_sp800_56b_check_public(const RSA *rsa)
int ossl_rsa_sp800_56b_check_public(const RSA *rsa)
{
int ret = 0, status;
#ifdef FIPS_MODULE
@ -304,19 +305,18 @@ int rsa_sp800_56b_check_public(const RSA *rsa)
* NOTE: changed to allow keys >= 2048
*/
nbits = BN_num_bits(rsa->n);
if (!rsa_sp800_56b_validate_strength(nbits, -1)) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_PUBLIC, RSA_R_INVALID_KEY_LENGTH);
if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1)) {
RSAerr(0, RSA_R_INVALID_KEY_LENGTH);
return 0;
}
#endif
if (!BN_is_odd(rsa->n)) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_PUBLIC, RSA_R_INVALID_MODULUS);
RSAerr(0, RSA_R_INVALID_MODULUS);
return 0;
}
/* (Steps b-c): 2^16 < e < 2^256, n and e must be odd */
if (!rsa_check_public_exponent(rsa->e)) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_PUBLIC,
RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
if (!ossl_rsa_check_public_exponent(rsa->e)) {
RSAerr(0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
return 0;
}
@ -330,13 +330,13 @@ int rsa_sp800_56b_check_public(const RSA *rsa)
* The modulus has no factors smaller than 752.
*/
if (!BN_gcd(gcd, rsa->n, bn_get0_small_factors(), ctx) || !BN_is_one(gcd)) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_PUBLIC, RSA_R_INVALID_MODULUS);
RSAerr(0, RSA_R_INVALID_MODULUS);
goto err;
}
ret = bn_miller_rabin_is_prime(rsa->n, 0, ctx, NULL, 1, &status);
if (ret != 1 || status != BN_PRIMETEST_COMPOSITE_NOT_POWER_OF_PRIME) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_PUBLIC, RSA_R_INVALID_MODULUS);
RSAerr(0, RSA_R_INVALID_MODULUS);
ret = 0;
goto err;
}
@ -351,7 +351,7 @@ err:
/*
* Perform validation of the RSA private key to check that 0 < D < N.
*/
int rsa_sp800_56b_check_private(const RSA *rsa)
int ossl_rsa_sp800_56b_check_private(const RSA *rsa)
{
if (rsa->d == NULL || rsa->n == NULL)
return 0;
@ -369,8 +369,8 @@ int rsa_sp800_56b_check_private(const RSA *rsa)
* 6.4.1.2.3 "rsakpv1 - crt"
* 6.4.1.3.3 "rsakpv2 - crt"
*/
int rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
int strength, int nbits)
int ossl_rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
int strength, int nbits)
{
int ret = 0;
BN_CTX *ctx = NULL;
@ -381,31 +381,30 @@ int rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
|| rsa->e == NULL
|| rsa->d == NULL
|| rsa->n == NULL) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_KEYPAIR, RSA_R_INVALID_REQUEST);
RSAerr(0, RSA_R_INVALID_REQUEST);
return 0;
}
/* (Step 1): Check Ranges */
if (!rsa_sp800_56b_validate_strength(nbits, strength))
if (!ossl_rsa_sp800_56b_validate_strength(nbits, strength))
return 0;
/* If the exponent is known */
if (efixed != NULL) {
/* (2): Check fixed exponent matches public exponent. */
if (BN_cmp(efixed, rsa->e) != 0) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_KEYPAIR, RSA_R_INVALID_REQUEST);
RSAerr(0, RSA_R_INVALID_REQUEST);
return 0;
}
}
/* (Step 1.c): e is odd integer 65537 <= e < 2^256 */
if (!rsa_check_public_exponent(rsa->e)) {
if (!ossl_rsa_check_public_exponent(rsa->e)) {
/* exponent out of range */
RSAerr(RSA_F_RSA_SP800_56B_CHECK_KEYPAIR,
RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
RSAerr(0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
return 0;
}
/* (Step 3.b): check the modulus */
if (nbits != BN_num_bits(rsa->n)) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_KEYPAIR, RSA_R_INVALID_KEYPAIR);
RSAerr(0, RSA_R_INVALID_KEYPAIR);
return 0;
}
@ -419,20 +418,20 @@ int rsa_sp800_56b_check_keypair(const RSA *rsa, const BIGNUM *efixed,
goto err;
/* (Step 4.c): Check n = pq */
if (BN_cmp(rsa->n, r) != 0) {
RSAerr(RSA_F_RSA_SP800_56B_CHECK_KEYPAIR, RSA_R_INVALID_REQUEST);
RSAerr(0, RSA_R_INVALID_REQUEST);
goto err;
}
/* (Step 5): check prime factors p & q */
ret = rsa_check_prime_factor(rsa->p, rsa->e, nbits, ctx)
&& rsa_check_prime_factor(rsa->q, rsa->e, nbits, ctx)
&& (rsa_check_pminusq_diff(r, rsa->p, rsa->q, nbits) > 0)
ret = ossl_rsa_check_prime_factor(rsa->p, rsa->e, nbits, ctx)
&& ossl_rsa_check_prime_factor(rsa->q, rsa->e, nbits, ctx)
&& (ossl_rsa_check_pminusq_diff(r, rsa->p, rsa->q, nbits) > 0)
/* (Step 6): Check the private exponent d */
&& rsa_check_private_exponent(rsa, nbits, ctx)
&& ossl_rsa_check_private_exponent(rsa, nbits, ctx)
/* 6.4.1.2.3 (Step 7): Check the CRT components */
&& rsa_check_crt_components(rsa, ctx);
&& ossl_rsa_check_crt_components(rsa, ctx);
if (ret != 1)
RSAerr(RSA_F_RSA_SP800_56B_CHECK_KEYPAIR, RSA_R_INVALID_KEYPAIR);
RSAerr(0, RSA_R_INVALID_KEYPAIR);
err:
BN_clear(r);

45
crypto/rsa/rsa_sp800_56b_gen.c
View File

@ -53,8 +53,9 @@
* Xp, Xp1, Xp2, Xq, Xq1, Xq2 are optionally passed in.
* (Required for CAVS testing).
*/
int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, int nbits,
const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb)
int ossl_rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test,
int nbits, const BIGNUM *e, BN_CTX *ctx,
BN_GENCB *cb)
{
int ret = 0, ok;
/* Temp allocated BIGNUMS */
@ -87,13 +88,12 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, int nbits,
* Signature Generation and Key Agree/Transport.
*/
if (nbits < RSA_FIPS1864_MIN_KEYGEN_KEYSIZE) {
RSAerr(RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES, RSA_R_KEY_SIZE_TOO_SMALL);
RSAerr(0, RSA_R_KEY_SIZE_TOO_SMALL);
return 0;
}
if (!rsa_check_public_exponent(e)) {
RSAerr(RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES,
RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
if (!ossl_rsa_check_public_exponent(e)) {
RSAerr(0, RSA_R_PUB_EXPONENT_OUT_OF_RANGE);
return 0;
}
@ -131,14 +131,14 @@ int rsa_fips186_4_gen_prob_primes(RSA *rsa, RSA_ACVP_TEST *test, int nbits,
goto err;
/* (Step 6) |Xp - Xq| > 2^(nbitlen/2 - 100) */
ok = rsa_check_pminusq_diff(tmp, Xpo, Xqo, nbits);
ok = ossl_rsa_check_pminusq_diff(tmp, Xpo, Xqo, nbits);
if (ok < 0)
goto err;
if (ok == 0)
continue;
/* (Step 6) |p - q| > 2^(nbitlen/2 - 100) */
ok = rsa_check_pminusq_diff(tmp, rsa->p, rsa->q, nbits);
ok = ossl_rsa_check_pminusq_diff(tmp, rsa->p, rsa->q, nbits);
if (ok < 0)
goto err;
if (ok == 0)
@ -169,18 +169,18 @@ err:
* strength is unknown.
* Returns: 1 if the key size matches the target strength, or 0 otherwise.
*/
int rsa_sp800_56b_validate_strength(int nbits, int strength)
int ossl_rsa_sp800_56b_validate_strength(int nbits, int strength)
{
int s = (int)ifc_ffc_compute_security_bits(nbits);
#ifdef FIPS_MODULE
if (s < RSA_FIPS1864_MIN_KEYGEN_STRENGTH
|| s > RSA_FIPS1864_MAX_KEYGEN_STRENGTH) {
RSAerr(RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH, RSA_R_INVALID_MODULUS);
RSAerr(0, RSA_R_INVALID_MODULUS);
return 0;
}
#endif
if (strength != -1 && s != strength) {
RSAerr(RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH, RSA_R_INVALID_STRENGTH);
RSAerr(0, RSA_R_INVALID_STRENGTH);
return 0;
}
return 1;
@ -206,8 +206,8 @@ int rsa_sp800_56b_validate_strength(int nbits, int strength)
* 0 = d is too small,
* 1 = success.
*/
int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits,
const BIGNUM *e, BN_CTX *ctx)
int ossl_rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits,
const BIGNUM *e, BN_CTX *ctx)
{
int ret = -1;
BIGNUM *p1, *q1, *lcm, *p1q1, *gcd;
@ -228,7 +228,7 @@ int rsa_sp800_56b_derive_params_from_pq(RSA *rsa, int nbits,
BN_set_flags(gcd, BN_FLG_CONSTTIME);
/* LCM((p-1, q-1)) */
if (rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, p1q1) != 1)
if (ossl_rsa_get_lcm(ctx, rsa->p, rsa->q, lcm, gcd, p1, q1, p1q1) != 1)
goto err;
/* copy e */
@ -330,8 +330,8 @@ err:
* cb An optional BIGNUM callback.
* Returns: 1 if successfully generated otherwise it returns 0.
*/
int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
BN_GENCB *cb)
int ossl_rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
BN_GENCB *cb)
{
int ret = 0;
int ok;
@ -344,7 +344,7 @@ int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
#endif
/* (Steps 1a-1b) : Currently ignores the strength check */
if (!rsa_sp800_56b_validate_strength(nbits, -1))
if (!ossl_rsa_sp800_56b_validate_strength(nbits, -1))
return 0;
ctx = BN_CTX_new_ex(rsa->libctx);
@ -363,11 +363,10 @@ int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
for (;;) {
/* (Step 2) Generate prime factors */
if (!rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx,
cb))
if (!ossl_rsa_fips186_4_gen_prob_primes(rsa, info, nbits, e, ctx, cb))
goto err;
/* (Steps 3-5) Compute params d, n, dP, dQ, qInv */
ok = rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx);
ok = ossl_rsa_sp800_56b_derive_params_from_pq(rsa, nbits, e, ctx);
if (ok < 0)
goto err;
if (ok > 0)
@ -376,7 +375,7 @@ int rsa_sp800_56b_generate_key(RSA *rsa, int nbits, const BIGNUM *efixed,
}
/* (Step 6) Do pairwise test - optional validity test has been omitted */
ret = rsa_sp800_56b_pairwise_test(rsa, ctx);
ret = ossl_rsa_sp800_56b_pairwise_test(rsa, ctx);
err:
if (efixed == NULL)
BN_free(e);
@ -390,7 +389,7 @@ err:
*
* Returns 1 if the RSA key passes the pairwise test or 0 it it fails.
*/
int rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx)
int ossl_rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx)
{
int ret = 0;
BIGNUM *k, *tmp;
@ -407,7 +406,7 @@ int rsa_sp800_56b_pairwise_test(RSA *rsa, BN_CTX *ctx)
&& BN_mod_exp(tmp, tmp, rsa->d, rsa->n, ctx)
&& BN_cmp(k, tmp) == 0);
if (ret == 0)
RSAerr(RSA_F_RSA_SP800_56B_PAIRWISE_TEST, RSA_R_PAIRWISE_TEST_FAILURE);
RSAerr(0, RSA_R_PAIRWISE_TEST_FAILURE);
err:
BN_CTX_end(ctx);
return ret;

7
crypto/rsa/rsa_ssl.c
View File

@ -21,8 +21,9 @@
#include "internal/constant_time.h"
#include "rsa_local.h"
int rsa_padding_add_SSLv23_ex(OPENSSL_CTX *libctx, unsigned char *to, int tlen,
const unsigned char *from, int flen)
int ossl_rsa_padding_add_SSLv23_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen)
{
int i, j;
unsigned char *p;
@ -62,7 +63,7 @@ int rsa_padding_add_SSLv23_ex(OPENSSL_CTX *libctx, unsigned char *to, int tlen,
int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
const unsigned char *from, int flen)
{
return rsa_padding_add_SSLv23_ex(NULL, to, tlen, from, flen);
return ossl_rsa_padding_add_SSLv23_ex(NULL, to, tlen, from, flen);
}
/*

22
doc/internal/man3/rsa_get0_all_params.pod → doc/internal/man3/ossl_rsa_get0_all_params.pod
View File

@ -2,28 +2,28 @@
=head1 NAME
rsa_set0_all_params, rsa_get0_all_params
ossl_rsa_set0_all_params, ossl_rsa_get0_all_params
- Internal routines for getting and setting data in an RSA object
=head1 SYNOPSIS
#include "crypto/rsa.h"
int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs);
int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
const STACK_OF(BIGNUM) *exps,
const STACK_OF(BIGNUM) *coeffs);
int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs);
int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
const STACK_OF(BIGNUM) *exps,
const STACK_OF(BIGNUM) *coeffs);
=head1 DESCRIPTION
rsa_set0_all_params() sets all primes, CRT exponents and CRT coefficients
ossl_rsa_set0_all_params() sets all primes, CRT exponents and CRT coefficients
in the B<RSA> object I<r> to the contents of the stacks of BIGNUMs I<primes>,
I<exps> and I<coeffs>. The B<RSA> object takes ownership of the BIGNUMs,
but not of the stacks.
rsa_get0_all_params() gets all primes, CRT exponents and CRT coefficients
ossl_rsa_get0_all_params() gets all primes, CRT exponents and CRT coefficients
in the B<RSA> object I<r> and pushes them on the stacks of constant BIGNUMs
I<primes>, I<exps> and I<coeffs>. The B<RSA> object retains ownership of the
BIGNUMs, but not of the stacks.
@ -56,8 +56,8 @@ the number of coefficients must be one less than the number of primes.
=head1 RETURN VALUES
rsa_get0_all_params() and rsa_set0_all_params() return 1 on success, or
0 on failure.
ossl_rsa_get0_all_params() and ossl_rsa_set0_all_params() return 1 on success,
or 0 on failure.
=head1 SEE ALSO

4
include/crypto/evp.h
View File

@ -183,8 +183,8 @@ const EVP_PKEY_METHOD *ecx25519_pkey_method(void);
const EVP_PKEY_METHOD *ecx448_pkey_method(void);
const EVP_PKEY_METHOD *ed25519_pkey_method(void);
const EVP_PKEY_METHOD *ed448_pkey_method(void);
const EVP_PKEY_METHOD *rsa_pkey_method(void);
const EVP_PKEY_METHOD *rsa_pss_pkey_method(void);
const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
struct evp_mac_st {
OSSL_PROVIDER *prov;

109
include/crypto/rsa.h
View File

@ -23,72 +23,75 @@ typedef struct rsa_pss_params_30_st {
int trailer_field;
} RSA_PSS_PARAMS_30;
RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r);
int rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params);
int rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to,
const RSA_PSS_PARAMS_30 *from);
int rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int hashalg_nid);
int rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenalg_nid);
int rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenhashalg_nid);
int rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params,
int saltlen);
int rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params,
int trailerfield);
int rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params);
RSA_PSS_PARAMS_30 *ossl_rsa_get0_pss_params_30(RSA *r);
int ossl_rsa_pss_params_30_set_defaults(RSA_PSS_PARAMS_30 *rsa_pss_params);
int ossl_rsa_pss_params_30_copy(RSA_PSS_PARAMS_30 *to,
const RSA_PSS_PARAMS_30 *from);
int ossl_rsa_pss_params_30_is_unrestricted(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int ossl_rsa_pss_params_30_set_hashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int hashalg_nid);
int ossl_rsa_pss_params_30_set_maskgenalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenalg_nid);
int ossl_rsa_pss_params_30_set_maskgenhashalg(RSA_PSS_PARAMS_30 *rsa_pss_params,
int maskgenhashalg_nid);
int ossl_rsa_pss_params_30_set_saltlen(RSA_PSS_PARAMS_30 *rsa_pss_params,
int saltlen);
int ossl_rsa_pss_params_30_set_trailerfield(RSA_PSS_PARAMS_30 *rsa_pss_params,
int trailerfield);
int ossl_rsa_pss_params_30_hashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int ossl_rsa_pss_params_30_maskgenalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int ossl_rsa_pss_params_30_maskgenhashalg(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int ossl_rsa_pss_params_30_saltlen(const RSA_PSS_PARAMS_30 *rsa_pss_params);
int ossl_rsa_pss_params_30_trailerfield(const RSA_PSS_PARAMS_30 *rsa_pss_params);
const char *rsa_mgf_nid2name(int mgf);
int rsa_oaeppss_md2nid(const EVP_MD *md);
const char *rsa_oaeppss_nid2name(int md);
const char *ossl_rsa_mgf_nid2name(int mgf);
int ossl_rsa_oaeppss_md2nid(const EVP_MD *md);
const char *ossl_rsa_oaeppss_nid2name(int md);
RSA *rsa_new_with_ctx(OPENSSL_CTX *libctx);
OPENSSL_CTX *rsa_get0_libctx(RSA *r);
RSA *ossl_rsa_new_with_ctx(OPENSSL_CTX *libctx);
OPENSSL_CTX *ossl_rsa_get0_libctx(RSA *r);
int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
const STACK_OF(BIGNUM) *exps,
const STACK_OF(BIGNUM) *coeffs);
int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs);
int ossl_rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
const STACK_OF(BIGNUM) *exps,
const STACK_OF(BIGNUM) *coeffs);
int ossl_rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs);
int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
const OSSL_PARAM params[], OPENSSL_CTX *libctx);
int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
const OSSL_PARAM params[],
OPENSSL_CTX *libctx);
int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to,
size_t tlen, const unsigned char *from,
size_t flen, int client_version,
int alt_version);
int rsa_padding_add_PKCS1_OAEP_mgf1_ex(OPENSSL_CTX *libctx, unsigned char *to,
int tlen, const unsigned char *from,
int flen, const unsigned char *param,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md);
int ossl_rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to,
size_t tlen,
const unsigned char *from,
size_t flen, int client_version,
int alt_version);
int ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(OPENSSL_CTX *libctx,
unsigned char *to, int tlen,
const unsigned char *from, int flen,
const unsigned char *param,
int plen, const EVP_MD *md,
const EVP_MD *mgf1md);
int rsa_validate_public(const RSA *key);
int rsa_validate_private(const RSA *key);
int rsa_validate_pairwise(const RSA *key);
int ossl_rsa_validate_public(const RSA *key);
int ossl_rsa_validate_private(const RSA *key);
int ossl_rsa_validate_pairwise(const RSA *key);
int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm,
size_t *prm_len, const unsigned char *sigbuf,
size_t siglen, RSA *rsa);
const unsigned char *rsa_digestinfo_encoding(int md_nid, size_t *len);
const unsigned char *ossl_rsa_digestinfo_encoding(int md_nid, size_t *len);
extern const char *rsa_mp_factor_names[];
extern const char *rsa_mp_exp_names[];
extern const char *rsa_mp_coeff_names[];
extern const char *ossl_rsa_mp_factor_names[];
extern const char *ossl_rsa_mp_exp_names[];
extern const char *ossl_rsa_mp_coeff_names[];
# if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
int rsa_acvp_test_gen_params_new(OSSL_PARAM **dst, const OSSL_PARAM src[]);

5
include/openssl/rsaerr.h
View File

@ -41,7 +41,6 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_CHECK_KEY_EX 0
# define RSA_F_RSA_CMS_DECRYPT 0
# define RSA_F_RSA_CMS_VERIFY 0
# define RSA_F_RSA_FIPS186_4_GEN_PROB_PRIMES 0
# define RSA_F_RSA_ITEM_VERIFY 0
# define RSA_F_RSA_METH_DUP 0
# define RSA_F_RSA_METH_NEW 0
@ -85,10 +84,6 @@ int ERR_load_RSA_strings(void);
# define RSA_F_RSA_SETUP_BLINDING 0
# define RSA_F_RSA_SIGN 0
# define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 0
# define RSA_F_RSA_SP800_56B_CHECK_KEYPAIR 0
# define RSA_F_RSA_SP800_56B_CHECK_PUBLIC 0
# define RSA_F_RSA_SP800_56B_PAIRWISE_TEST 0
# define RSA_F_RSA_SP800_56B_VALIDATE_STRENGTH 0
# define RSA_F_RSA_VERIFY 0
# define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 0
# define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 0

23
providers/common/der/der_rsa_key.c
View File

@ -242,8 +242,8 @@ static const unsigned char der_aid_mgf1SHA512_256Identifier[] = {
static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag,
const RSA_PSS_PARAMS_30 *pss)
{
if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) {
int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss);
if (pss != NULL && ossl_rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) {
int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
const unsigned char *maskgenalg = NULL;
size_t maskgenalg_sz = 0;
@ -292,17 +292,18 @@ int ossl_DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag,
* intent. Therefore, we assert that here, the PSS parameters must show
* that the key is restricted.
*/
if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss)))
if (!ossl_assert(pss != NULL
&& !ossl_rsa_pss_params_30_is_unrestricted(pss)))
return 0;
hashalg_nid = rsa_pss_params_30_hashalg(pss);
saltlen = rsa_pss_params_30_saltlen(pss);
trailerfield = rsa_pss_params_30_trailerfield(pss);
hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
saltlen = ossl_rsa_pss_params_30_saltlen(pss);
trailerfield = ossl_rsa_pss_params_30_trailerfield(pss);
/* Getting default values */
default_hashalg_nid = rsa_pss_params_30_hashalg(NULL);
default_saltlen = rsa_pss_params_30_saltlen(NULL);
default_trailerfield = rsa_pss_params_30_trailerfield(NULL);
default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
default_saltlen = ossl_rsa_pss_params_30_saltlen(NULL);
default_trailerfield = ossl_rsa_pss_params_30_trailerfield(NULL);
/*
* From https://tools.ietf.org/html/rfc8017#appendix-A.2.1:
@ -354,7 +355,7 @@ int ossl_DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
int rsa_nid = NID_undef;
const unsigned char *rsa_oid = NULL;
size_t rsa_oid_sz = 0;
RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa);
RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa);
switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
case RSA_FLAG_TYPE_RSA:
@ -368,7 +369,7 @@ int ossl_DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
return ossl_DER_w_begin_sequence(pkt, tag)
&& (rsa_nid != NID_rsassaPss
|| rsa_pss_params_30_is_unrestricted(pss_params)
|| ossl_rsa_pss_params_30_is_unrestricted(pss_params)
|| ossl_DER_w_RSASSA_PSS_params(pkt, -1, pss_params))
&& ossl_DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz)
&& ossl_DER_w_end_sequence(pkt, tag);

2
providers/common/include/prov/securitycheck.h
View File

@ -8,7 +8,7 @@
*/
/* Functions that are common */
int rsa_check_key(const RSA *rsa, int protect);
int ossl_rsa_check_key(const RSA *rsa, int protect);
int ec_check_key(const EC_KEY *ec, int protect);
int dsa_check_key(const DSA *dsa, int sign);
int dh_check_key(const DH *dh);

2
providers/common/securitycheck.c
View File

@ -25,7 +25,7 @@
* Set protect = 1 for encryption or signing operations, or 0 otherwise. See
* https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf.
*/
int rsa_check_key(const RSA *rsa, int protect)
int ossl_rsa_check_key(const RSA *rsa, int protect)
{
#if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS)
if (securitycheck_enabled()) {

21
providers/implementations/asymciphers/rsa_enc.c
View File

@ -113,7 +113,7 @@ static int rsa_init(void *vprsactx, void *vrsa, int operation)
ERR_raise(ERR_LIB_PROV, PROV_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return 0;
}
if (!rsa_check_key(vrsa, operation == EVP_PKEY_OP_ENCRYPT)) {
if (!ossl_rsa_check_key(vrsa, operation == EVP_PKEY_OP_ENCRYPT)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
@ -165,11 +165,12 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
return 0;
}
ret =
rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, rsasize,
in, inlen, prsactx->oaep_label,
prsactx->oaep_labellen,
prsactx->oaep_md,
prsactx->mgf1_md);
ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf,
rsasize, in, inlen,
prsactx->oaep_label,
prsactx->oaep_labellen,
prsactx->oaep_md,
prsactx->mgf1_md);
if (!ret) {
OPENSSL_free(tbuf);
@ -263,11 +264,9 @@ static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen,
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_TLS_CLIENT_VERSION);
return 0;
}
ret = rsa_padding_check_PKCS1_type_2_TLS(prsactx->libctx, out,
outsize,
tbuf, len,
prsactx->client_version,
prsactx->alt_version);
ret = ossl_rsa_padding_check_PKCS1_type_2_TLS(
prsactx->libctx, out, outsize, tbuf, len,
prsactx->client_version, prsactx->alt_version);
}
OPENSSL_free(tbuf);
} else {

4
providers/implementations/encode_decode/encode_key2any.c
View File

@ -624,7 +624,7 @@ static int ecx_priv_to_der(const void *vecxkey, unsigned char **pder)
static int prepare_rsa_params(const void *rsa, int nid,
void **pstr, int *pstrtype)
{
const RSA_PSS_PARAMS_30 *pss = rsa_get0_pss_params_30((RSA *)rsa);
const RSA_PSS_PARAMS_30 *pss = ossl_rsa_get0_pss_params_30((RSA *)rsa);
*pstr = NULL;
@ -634,7 +634,7 @@ static int prepare_rsa_params(const void *rsa, int nid,
*pstrtype = V_ASN1_NULL;
return 1;
case RSA_FLAG_TYPE_RSASSAPSS:
if (rsa_pss_params_30_is_unrestricted(pss)) {
if (ossl_rsa_pss_params_30_is_unrestricted(pss)) {
*pstrtype = V_ASN1_UNDEF;
return 1;
} else {

26
providers/implementations/encode_decode/encode_key2text.c
View File

@ -627,7 +627,7 @@ static int rsa_to_text(BIO *out, const void *key, int selection)
STACK_OF(BIGNUM_const) *exps = NULL;
STACK_OF(BIGNUM_const) *coeffs = NULL;
int primes;
const RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30((RSA *)rsa);
const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30((RSA *)rsa);
int ret = 0;
if (out == NULL || rsa == NULL) {
@ -655,7 +655,7 @@ static int rsa_to_text(BIO *out, const void *key, int selection)
}
RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
rsa_get0_all_params((RSA *)rsa, factors, exps, coeffs);
ossl_rsa_get0_all_params((RSA *)rsa, factors, exps, coeffs);
primes = sk_BIGNUM_const_num(factors);
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
@ -714,33 +714,35 @@ static int rsa_to_text(BIO *out, const void *key, int selection)
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) {
switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) {
case RSA_FLAG_TYPE_RSA:
if (!rsa_pss_params_30_is_unrestricted(pss_params)) {
if (!ossl_rsa_pss_params_30_is_unrestricted(pss_params)) {
if (BIO_printf(out, "(INVALID PSS PARAMETERS)\n") <= 0)
goto err;
}
break;
case RSA_FLAG_TYPE_RSASSAPSS:
if (rsa_pss_params_30_is_unrestricted(pss_params)) {
if (ossl_rsa_pss_params_30_is_unrestricted(pss_params)) {
if (BIO_printf(out, "No PSS parameter restrictions\n") <= 0)
goto err;
} else {
int hashalg_nid = rsa_pss_params_30_hashalg(pss_params);
int maskgenalg_nid = rsa_pss_params_30_maskgenalg(pss_params);
int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss_params);
int maskgenalg_nid =
ossl_rsa_pss_params_30_maskgenalg(pss_params);
int maskgenhashalg_nid =
rsa_pss_params_30_maskgenhashalg(pss_params);
int saltlen = rsa_pss_params_30_saltlen(pss_params);
int trailerfield = rsa_pss_params_30_trailerfield(pss_params);
ossl_rsa_pss_params_30_maskgenhashalg(pss_params);
int saltlen = ossl_rsa_pss_params_30_saltlen(pss_params);
int trailerfield =
ossl_rsa_pss_params_30_trailerfield(pss_params);
if (BIO_printf(out, "PSS parameter restrictions:\n") <= 0)
goto err;
if (BIO_printf(out, " Hash Algorithm: %s%s\n",
rsa_oaeppss_nid2name(hashalg_nid),
ossl_rsa_oaeppss_nid2name(hashalg_nid),
(hashalg_nid == NID_sha1
? " (default)" : "")) <= 0)
goto err;
if (BIO_printf(out, " Mask Algorithm: %s with %s%s\n",
rsa_mgf_nid2name(maskgenalg_nid),
rsa_oaeppss_nid2name(maskgenhashalg_nid),
ossl_rsa_mgf_nid2name(maskgenalg_nid),
ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid),
(maskgenalg_nid == NID_mgf1
&& maskgenhashalg_nid == NID_sha1
? " (default)" : "")) <= 0)

4
providers/implementations/kem/rsa_kem.c
View File

@ -126,7 +126,7 @@ static int rsakem_init(void *vprsactx, void *vrsa, int operation)
RSA_free(prsactx->rsa);
prsactx->rsa = vrsa;
if (!rsa_check_key(vrsa, operation == EVP_PKEY_OP_ENCAPSULATE)) {
if (!ossl_rsa_check_key(vrsa, operation == EVP_PKEY_OP_ENCAPSULATE)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
@ -205,7 +205,7 @@ static int rsasve_gen_rand_bytes(RSA *rsa_pub,
BN_CTX *bnctx;
BIGNUM *z, *nminus3;
bnctx = BN_CTX_secure_new_ex(rsa_get0_libctx(rsa_pub));
bnctx = BN_CTX_secure_new_ex(ossl_rsa_get0_libctx(rsa_pub));
if (bnctx == NULL)
return 0;

48
providers/implementations/keymgmt/rsa_kmgmt.c
View File

@ -60,12 +60,12 @@ static int pss_params_fromdata(RSA_PSS_PARAMS_30 *pss_params,
const OSSL_PARAM params[], int rsa_type,
OPENSSL_CTX *libctx)
{
if (!rsa_pss_params_30_fromdata(pss_params, params, libctx))
if (!ossl_rsa_pss_params_30_fromdata(pss_params, params, libctx))
return 0;
/* If not a PSS type RSA, sending us PSS parameters is wrong */
if (rsa_type != RSA_FLAG_TYPE_RSASSAPSS
&& !rsa_pss_params_30_is_unrestricted(pss_params))
&& !ossl_rsa_pss_params_30_is_unrestricted(pss_params))
return 0;
return 1;
@ -79,7 +79,7 @@ static void *rsa_newdata(void *provctx)
if (!ossl_prov_is_running())
return NULL;
rsa = rsa_new_with_ctx(libctx);
rsa = ossl_rsa_new_with_ctx(libctx);
if (rsa != NULL) {
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, RSA_FLAG_TYPE_RSA);
@ -95,7 +95,7 @@ static void *rsapss_newdata(void *provctx)
if (!ossl_prov_is_running())
return NULL;
rsa = rsa_new_with_ctx(libctx);
rsa = ossl_rsa_new_with_ctx(libctx);
if (rsa != NULL) {
RSA_clear_flags(rsa, RSA_FLAG_TYPE_MASK);
RSA_set_flags(rsa, RSA_FLAG_TYPE_RSASSAPSS);
@ -165,10 +165,10 @@ static int rsa_import(void *keydata, int selection, const OSSL_PARAM params[])
/* TODO(3.0) OAEP should bring on parameters as well */
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
ok = ok && pss_params_fromdata(rsa_get0_pss_params_30(rsa), params,
rsa_type, rsa_get0_libctx(rsa));
ok = ok && pss_params_fromdata(ossl_rsa_get0_pss_params_30(rsa), params,
rsa_type, ossl_rsa_get0_libctx(rsa));
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
ok = ok && rsa_fromdata(rsa, params);
ok = ok && ossl_rsa_fromdata(rsa, params);
return ok;
}
@ -177,7 +177,7 @@ static int rsa_export(void *keydata, int selection,
OSSL_CALLBACK *param_callback, void *cbarg)
{
RSA *rsa = keydata;
const RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa);
const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa);
OSSL_PARAM_BLD *tmpl;
OSSL_PARAM *params = NULL;
int ok = 1;
@ -192,10 +192,10 @@ static int rsa_export(void *keydata, int selection,
return 0;
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
ok = ok && (rsa_pss_params_30_is_unrestricted(pss_params)
|| rsa_pss_params_30_todata(pss_params, tmpl, NULL));
ok = ok && (ossl_rsa_pss_params_30_is_unrestricted(pss_params)
|| ossl_rsa_pss_params_30_todata(pss_params, tmpl, NULL));
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
ok = ok && rsa_todata(rsa, tmpl, NULL);
ok = ok && ossl_rsa_todata(rsa, tmpl, NULL);
if (!ok
|| (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
@ -297,7 +297,7 @@ static const OSSL_PARAM *rsa_export_types(int selection)
static int rsa_get_params(void *key, OSSL_PARAM params[])
{
RSA *rsa = key;
const RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa);
const RSA_PSS_PARAMS_30 *pss_params = ossl_rsa_get0_pss_params_30(rsa);
int rsa_type = RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK);
OSSL_PARAM *p;
@ -330,17 +330,17 @@ static int rsa_get_params(void *key, OSSL_PARAM params[])
&& rsa_type == RSA_FLAG_TYPE_RSASSAPSS) {
const char *mdname = RSA_PSS_DEFAULT_MD;
if (!rsa_pss_params_30_is_unrestricted(pss_params)) {
if (!ossl_rsa_pss_params_30_is_unrestricted(pss_params)) {
mdname =
rsa_oaeppss_nid2name(rsa_pss_params_30_hashalg(pss_params));
ossl_rsa_oaeppss_nid2name(ossl_rsa_pss_params_30_hashalg(pss_params));
if (mdname == NULL || !OSSL_PARAM_set_utf8_string(p, mdname))
return 0;
}
}
return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS
|| rsa_pss_params_30_todata(pss_params, NULL, params))
&& rsa_todata(rsa, NULL, params);
|| ossl_rsa_pss_params_30_todata(pss_params, NULL, params))
&& ossl_rsa_todata(rsa, NULL, params);
}
static const OSSL_PARAM rsa_params[] = {
@ -371,12 +371,12 @@ static int rsa_validate(void *keydata, int selection)
/* If the whole key is selected, we do a pairwise validation */
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR)
== OSSL_KEYMGMT_SELECT_KEYPAIR) {
ok = ok && rsa_validate_pairwise(rsa);
ok = ok && ossl_rsa_validate_pairwise(rsa);
} else {
if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0)
ok = ok && rsa_validate_private(rsa);
ok = ok && ossl_rsa_validate_private(rsa);
if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0)
ok = ok && rsa_validate_public(rsa);
ok = ok && ossl_rsa_validate_public(rsa);
}
return ok;
}
@ -489,7 +489,7 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
OSSL_PARAM_BN(OSSL_PKEY_PARAM_RSA_E, NULL, 0)
/*
* The following must be kept in sync with rsa_pss_params_30_fromdata()
* The following must be kept in sync with ossl_rsa_pss_params_30_fromdata()
* in crypto/rsa/rsa_backend.c
*/
#define rsa_gen_pss \
@ -532,7 +532,7 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
switch (gctx->rsa_type) {
case RSA_FLAG_TYPE_RSA:
/* For plain RSA keys, PSS parameters must not be set */
if (!rsa_pss_params_30_is_unrestricted(&gctx->pss_params))
if (!ossl_rsa_pss_params_30_is_unrestricted(&gctx->pss_params))
goto err;
break;
case RSA_FLAG_TYPE_RSASSAPSS:
@ -546,7 +546,7 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
return NULL;
}
if ((rsa_tmp = rsa_new_with_ctx(gctx->libctx)) == NULL)
if ((rsa_tmp = ossl_rsa_new_with_ctx(gctx->libctx)) == NULL)
return NULL;
gctx->cb = osslcb;
@ -567,8 +567,8 @@ static void *rsa_gen(void *genctx, OSSL_CALLBACK *osslcb, void *cbarg)
gctx->pub_exp, gencb))
goto err;
if (!rsa_pss_params_30_copy(rsa_get0_pss_params_30(rsa_tmp),
&gctx->pss_params))
if (!ossl_rsa_pss_params_30_copy(ossl_rsa_get0_pss_params_30(rsa_tmp),
&gctx->pss_params))
goto err;
RSA_clear_flags(rsa_tmp, RSA_FLAG_TYPE_MASK);

16
providers/implementations/signature/rsa.c
View File

@ -288,7 +288,7 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa, int operation)
prsactx->rsa = vrsa;
prsactx->operation = operation;
if (!rsa_check_key(vrsa, operation == EVP_PKEY_OP_SIGN)) {
if (!ossl_rsa_check_key(vrsa, operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
@ -306,17 +306,17 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa, int operation)
{
const RSA_PSS_PARAMS_30 *pss =
rsa_get0_pss_params_30(prsactx->rsa);
ossl_rsa_get0_pss_params_30(prsactx->rsa);
if (!rsa_pss_params_30_is_unrestricted(pss)) {
int md_nid = rsa_pss_params_30_hashalg(pss);
int mgf1md_nid = rsa_pss_params_30_maskgenhashalg(pss);
int min_saltlen = rsa_pss_params_30_saltlen(pss);
if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
int md_nid = ossl_rsa_pss_params_30_hashalg(pss);
int mgf1md_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
int min_saltlen = ossl_rsa_pss_params_30_saltlen(pss);
const char *mdname, *mgf1mdname;
size_t len;
mdname = rsa_oaeppss_nid2name(md_nid);
mgf1mdname = rsa_oaeppss_nid2name(mgf1md_nid);
mdname = ossl_rsa_oaeppss_nid2name(md_nid);
mgf1mdname = ossl_rsa_oaeppss_nid2name(mgf1md_nid);
prsactx->min_saltlen = min_saltlen;
if (mdname == NULL) {

2
test/rsa_mp_test.c
View File

@ -231,7 +231,7 @@ static int key2048p3_v2(RSA *key)
|| !TEST_int_ne(sk_BIGNUM_push(coeffs, num), 0))
goto err;
if (!TEST_true(rsa_set0_all_params(key, primes, exps, coeffs)))
if (!TEST_true(ossl_rsa_set0_all_params(key, primes, exps, coeffs)))
goto err;
ret:

131
test/rsa_sp800_56b_test.c
View File

@ -113,19 +113,19 @@ static int test_check_public_exponent(void)
ret = TEST_ptr(e = BN_new())
/* e is too small */
&& TEST_true(BN_set_word(e, 65535))
&& TEST_false(rsa_check_public_exponent(e))
&& TEST_false(ossl_rsa_check_public_exponent(e))
/* e is even will fail */
&& TEST_true(BN_set_word(e, 65536))
&& TEST_false(rsa_check_public_exponent(e))
&& TEST_false(ossl_rsa_check_public_exponent(e))
/* e is ok */
&& TEST_true(BN_set_word(e, 65537))
&& TEST_true(rsa_check_public_exponent(e))
&& TEST_true(ossl_rsa_check_public_exponent(e))
/* e = 2^256 is too big */
&& TEST_true(BN_lshift(e, BN_value_one(), 256))
&& TEST_false(rsa_check_public_exponent(e))
&& TEST_false(ossl_rsa_check_public_exponent(e))
/* e = 2^256-1 is odd and in range */
&& TEST_true(BN_sub(e, e, BN_value_one()))
&& TEST_true(rsa_check_public_exponent(e));
&& TEST_true(ossl_rsa_check_public_exponent(e));
BN_free(e);
return ret;
}
@ -153,19 +153,19 @@ static int test_check_prime_factor_range(void)
&& TEST_ptr(bn_p4 = bn_load_new(p4, sizeof(p4)))
&& TEST_ptr(ctx = BN_CTX_new())
&& TEST_true(BN_set_word(p, 0xA))
&& TEST_false(rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_true(BN_set_word(p, 0x10))
&& TEST_false(rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_true(BN_set_word(p, 0xB))
&& TEST_false(rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_false(ossl_rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_true(BN_set_word(p, 0xC))
&& TEST_true(rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_true(BN_set_word(p, 0xF))
&& TEST_true(rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_false(rsa_check_prime_factor_range(bn_p1, 72, ctx))
&& TEST_false(rsa_check_prime_factor_range(bn_p2, 72, ctx))
&& TEST_true(rsa_check_prime_factor_range(bn_p3, 72, ctx))
&& TEST_true(rsa_check_prime_factor_range(bn_p4, 72, ctx));
&& TEST_true(ossl_rsa_check_prime_factor_range(p, 8, ctx))
&& TEST_false(ossl_rsa_check_prime_factor_range(bn_p1, 72, ctx))
&& TEST_false(ossl_rsa_check_prime_factor_range(bn_p2, 72, ctx))
&& TEST_true(ossl_rsa_check_prime_factor_range(bn_p3, 72, ctx))
&& TEST_true(ossl_rsa_check_prime_factor_range(bn_p4, 72, ctx));
BN_free(bn_p4);
BN_free(bn_p3);
@ -196,15 +196,15 @@ static int test_check_prime_factor(void)
&& TEST_ptr(ctx = BN_CTX_new())
/* Fails the prime test */
&& TEST_true(BN_set_word(e, 0x1))
&& TEST_false(rsa_check_prime_factor(bn_p1, e, 72, ctx))
&& TEST_false(ossl_rsa_check_prime_factor(bn_p1, e, 72, ctx))
/* p is prime and in range and gcd(p-1, e) = 1 */
&& TEST_true(rsa_check_prime_factor(bn_p2, e, 72, ctx))
&& TEST_true(ossl_rsa_check_prime_factor(bn_p2, e, 72, ctx))
/* gcd(p-1,e) = 1 test fails */
&& TEST_true(BN_set_word(e, 0x2))
&& TEST_false(rsa_check_prime_factor(p, e, 72, ctx))
&& TEST_false(ossl_rsa_check_prime_factor(p, e, 72, ctx))
/* p fails the range check */
&& TEST_true(BN_set_word(e, 0x1))
&& TEST_false(rsa_check_prime_factor(bn_p3, e, 72, ctx));
&& TEST_false(ossl_rsa_check_prime_factor(bn_p3, e, 72, ctx));
BN_free(bn_p3);
BN_free(bn_p2);
@ -250,18 +250,18 @@ static int test_check_private_exponent(void)
goto end;
}
/* fails since d >= lcm(p-1, q-1) */
ret = TEST_false(rsa_check_private_exponent(key, 8, ctx))
ret = TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx))
&& TEST_true(BN_set_word(d, 45))
/* d is correct size and 1 = e.d mod lcm(p-1, q-1) */
&& TEST_true(rsa_check_private_exponent(key, 8, ctx))
&& TEST_true(ossl_rsa_check_private_exponent(key, 8, ctx))
/* d is too small compared to nbits */
&& TEST_false(rsa_check_private_exponent(key, 16, ctx))
&& TEST_false(ossl_rsa_check_private_exponent(key, 16, ctx))
/* d is too small compared to nbits */
&& TEST_true(BN_set_word(d, 16))
&& TEST_false(rsa_check_private_exponent(key, 8, ctx))
&& TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx))
/* fail if 1 != e.d mod lcm(p-1, q-1) */
&& TEST_true(BN_set_word(d, 46))
&& TEST_false(rsa_check_private_exponent(key, 8, ctx));
&& TEST_false(ossl_rsa_check_private_exponent(key, 8, ctx));
end:
RSA_free(key);
BN_CTX_free(ctx);
@ -297,44 +297,44 @@ static int test_check_crt_components(void)
BN_free(q);
goto end;
}
ret = TEST_true(rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx))
ret = TEST_true(ossl_rsa_sp800_56b_derive_params_from_pq(key, 8, e, ctx))
&& TEST_BN_eq_word(key->n, N)
&& TEST_BN_eq_word(key->dmp1, DP)
&& TEST_BN_eq_word(key->dmq1, DQ)
&& TEST_BN_eq_word(key->iqmp, QINV)
&& TEST_true(rsa_check_crt_components(key, ctx))
&& TEST_true(ossl_rsa_check_crt_components(key, ctx))
/* (a) 1 < dP < (p 1). */
&& TEST_true(BN_set_word(key->dmp1, 1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmp1, P-1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmp1, DP))
/* (b) 1 < dQ < (q - 1). */
&& TEST_true(BN_set_word(key->dmq1, 1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmq1, Q-1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmq1, DQ))
/* (c) 1 < qInv < p */
&& TEST_true(BN_set_word(key->iqmp, 1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->iqmp, P))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->iqmp, QINV))
/* (d) 1 = (dP . e) mod (p - 1)*/
&& TEST_true(BN_set_word(key->dmp1, DP+1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmp1, DP))
/* (e) 1 = (dQ . e) mod (q - 1) */
&& TEST_true(BN_set_word(key->dmq1, DQ-1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->dmq1, DQ))
/* (f) 1 = (qInv . q) mod p */
&& TEST_true(BN_set_word(key->iqmp, QINV+1))
&& TEST_false(rsa_check_crt_components(key, ctx))
&& TEST_false(ossl_rsa_check_crt_components(key, ctx))
&& TEST_true(BN_set_word(key->iqmp, QINV))
/* check defaults are still valid */
&& TEST_true(rsa_check_crt_components(key, ctx));
&& TEST_true(ossl_rsa_check_crt_components(key, ctx));
end:
BN_free(e);
RSA_free(key);
@ -353,13 +353,13 @@ static int test_pq_diff(void)
/* |1-(2+1)| > 2^1 */
&& TEST_true(BN_set_word(p, 1))
&& TEST_true(BN_set_word(q, 1+2))
&& TEST_false(rsa_check_pminusq_diff(tmp, p, q, 202))
&& TEST_false(ossl_rsa_check_pminusq_diff(tmp, p, q, 202))
/* Check |p - q| > 2^(nbits/2 - 100) */
&& TEST_true(BN_set_word(q, 1+3))
&& TEST_true(rsa_check_pminusq_diff(tmp, p, q, 202))
&& TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202))
&& TEST_true(BN_set_word(p, 1+3))
&& TEST_true(BN_set_word(q, 1))
&& TEST_true(rsa_check_pminusq_diff(tmp, p, q, 202));
&& TEST_true(ossl_rsa_check_pminusq_diff(tmp, p, q, 202));
BN_free(p);
BN_free(q);
BN_free(tmp);
@ -376,7 +376,7 @@ static int test_invalid_keypair(void)
ret = TEST_ptr(key = RSA_new())
&& TEST_ptr(ctx = BN_CTX_new())
/* NULL parameters */
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
/* load key */
&& TEST_ptr(p = bn_load_new(cav_p, sizeof(cav_p)))
&& TEST_ptr(q = bn_load_new(cav_q, sizeof(cav_q)))
@ -398,36 +398,35 @@ static int test_invalid_keypair(void)
goto end;
}
/* bad strength/key size */
ret = TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 100, 2048))
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 112, 1024))
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 128, 2048))
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, 140, 3072))
ret = TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 100, 2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 112, 1024))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 128, 2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, 140, 3072))
/* mismatching exponent */
&& TEST_false(rsa_sp800_56b_check_keypair(key, BN_value_one(), -1,
2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, BN_value_one(),
-1, 2048))
/* bad exponent */
&& TEST_true(BN_add_word(e, 1))
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1,
2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_true(BN_sub_word(e, 1))
/* mismatch between bits and modulus */
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 3072))
&& TEST_true(rsa_sp800_56b_check_keypair(key, e, 112, 2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 3072))
&& TEST_true(ossl_rsa_sp800_56b_check_keypair(key, e, 112, 2048))
/* check n == pq failure */
&& TEST_true(BN_add_word(n, 1))
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_true(BN_sub_word(n, 1))
/* check p */
&& TEST_true(BN_sub_word(p, 2))
&& TEST_true(BN_mul(n, p, q, ctx))
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_true(BN_add_word(p, 2))
&& TEST_true(BN_mul(n, p, q, ctx))
/* check q */
&& TEST_true(BN_sub_word(q, 2))
&& TEST_true(BN_mul(n, p, q, ctx))
&& TEST_false(rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_false(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, 2048))
&& TEST_true(BN_add_word(q, 2))
&& TEST_true(BN_mul(n, p, q, ctx));
end:
@ -448,10 +447,10 @@ static int test_sp80056b_keygen(int id)
int sz = keygen_size[id];
ret = TEST_ptr(key = RSA_new())
&& TEST_true(rsa_sp800_56b_generate_key(key, sz, NULL, NULL))
&& TEST_true(rsa_sp800_56b_check_public(key))
&& TEST_true(rsa_sp800_56b_check_private(key))
&& TEST_true(rsa_sp800_56b_check_keypair(key, NULL, -1, sz));
&& TEST_true(ossl_rsa_sp800_56b_generate_key(key, sz, NULL, NULL))
&& TEST_true(ossl_rsa_sp800_56b_check_public(key))
&& TEST_true(ossl_rsa_sp800_56b_check_private(key))
&& TEST_true(ossl_rsa_sp800_56b_check_keypair(key, NULL, -1, sz));
RSA_free(key);
return ret;
@ -465,7 +464,7 @@ static int test_check_private_key(void)
ret = TEST_ptr(key = RSA_new())
/* check NULL pointers fail */
&& TEST_false(rsa_sp800_56b_check_private(key))
&& TEST_false(ossl_rsa_sp800_56b_check_private(key))
/* load private key */
&& TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n)))
&& TEST_ptr(d = bn_load_new(cav_d, sizeof(cav_d)))
@ -478,13 +477,13 @@ static int test_check_private_key(void)
goto end;
}
/* check d is in range */
ret = TEST_true(rsa_sp800_56b_check_private(key))
ret = TEST_true(ossl_rsa_sp800_56b_check_private(key))
/* check d is too low */
&& TEST_true(BN_set_word(d, 0))
&& TEST_false(rsa_sp800_56b_check_private(key))
&& TEST_false(ossl_rsa_sp800_56b_check_private(key))
/* check d is too high */
&& TEST_ptr(BN_copy(d, n))
&& TEST_false(rsa_sp800_56b_check_private(key));
&& TEST_false(ossl_rsa_sp800_56b_check_private(key));
end:
RSA_free(key);
return ret;
@ -498,7 +497,7 @@ static int test_check_public_key(void)
ret = TEST_ptr(key = RSA_new())
/* check NULL pointers fail */
&& TEST_false(rsa_sp800_56b_check_public(key))
&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
/* load public key */
&& TEST_ptr(e = bn_load_new(cav_e, sizeof(cav_e)))
&& TEST_ptr(n = bn_load_new(cav_n, sizeof(cav_n)))
@ -509,22 +508,22 @@ static int test_check_public_key(void)
goto end;
}
/* check public key is valid */
ret = TEST_true(rsa_sp800_56b_check_public(key))
ret = TEST_true(ossl_rsa_sp800_56b_check_public(key))
/* check fail if n is even */
&& TEST_true(BN_add_word(n, 1))
&& TEST_false(rsa_sp800_56b_check_public(key))
&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
&& TEST_true(BN_sub_word(n, 1))
/* check fail if n is wrong number of bits */
&& TEST_true(BN_lshift1(n, n))
&& TEST_false(rsa_sp800_56b_check_public(key))
&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
&& TEST_true(BN_rshift1(n, n))
/* test odd exponent fails */
&& TEST_true(BN_add_word(e, 1))
&& TEST_false(rsa_sp800_56b_check_public(key))
&& TEST_false(ossl_rsa_sp800_56b_check_public(key))
&& TEST_true(BN_sub_word(e, 1))
/* modulus fails composite check */
&& TEST_true(BN_add_word(n, 2))
&& TEST_false(rsa_sp800_56b_check_public(key));
&& TEST_false(ossl_rsa_sp800_56b_check_public(key));
end:
RSA_free(key);
return ret;