int RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from, int flen) { if (flen > tlen) { RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return 0; } if (flen < tlen) { RSAerror(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); return 0; } memcpy(to, from, flen); return 1; }
static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) { unsigned char *rk = NULL; int rklen; rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); if (rklen <= 0) { RSAerror(ERR_R_MALLOC_FAILURE); return 0; } if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, V_ASN1_NULL, NULL, rk, rklen)) { RSAerror(ERR_R_MALLOC_FAILURE); return 0; } return 1; }
static int old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { RSA *rsa; if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) { RSAerror(ERR_R_RSA_LIB); return 0; } EVP_PKEY_assign_RSA(pkey, rsa); return 1; }
int RSA_padding_check_none(unsigned char *to, int tlen, const unsigned char *from, int flen, int num) { if (flen > tlen) { RSAerror(RSA_R_DATA_TOO_LARGE); return -1; } memset(to, 0, tlen - flen); memcpy(to + tlen - flen, from, flen); return tlen; }
int RSA_print_fp(FILE *fp, const RSA *x, int off) { BIO *b; int ret; if ((b = BIO_new(BIO_s_file())) == NULL) { RSAerror(ERR_R_BUF_LIB); return 0; } BIO_set_fp(b, fp, BIO_NOCLOSE); ret = RSA_print(b, x, off); BIO_free(b); return ret; }
static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) { const unsigned char *p; int pklen; RSA *rsa = NULL; if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) return 0; if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { RSAerror(ERR_R_RSA_LIB); return 0; } EVP_PKEY_assign_RSA (pkey, rsa); return 1; }
/* Customised RSA item verification routine. This is called * when a signature is encountered requiring special handling. We * currently only handle PSS. */ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, X509_ALGOR *sigalg, ASN1_BIT_STRING *sig, EVP_PKEY *pkey) { int rv = -1; int saltlen; const EVP_MD *mgf1md = NULL, *md = NULL; RSA_PSS_PARAMS *pss; X509_ALGOR *maskHash; EVP_PKEY_CTX *pkctx; /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE); return -1; } /* Decode PSS parameters */ pss = rsa_pss_decode(sigalg, &maskHash); if (pss == NULL) { RSAerror(RSA_R_INVALID_PSS_PARAMETERS); goto err; } /* Check mask and lookup mask hash algorithm */ if (pss->maskGenAlgorithm) { if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) { RSAerror(RSA_R_UNSUPPORTED_MASK_ALGORITHM); goto err; } if (!maskHash) { RSAerror(RSA_R_UNSUPPORTED_MASK_PARAMETER); goto err; } mgf1md = EVP_get_digestbyobj(maskHash->algorithm); if (mgf1md == NULL) { RSAerror(RSA_R_UNKNOWN_MASK_DIGEST); goto err; } } else mgf1md = EVP_sha1(); if (pss->hashAlgorithm) { md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); if (md == NULL) { RSAerror(RSA_R_UNKNOWN_PSS_DIGEST); goto err; } } else md = EVP_sha1(); if (pss->saltLength) { saltlen = ASN1_INTEGER_get(pss->saltLength); /* Could perform more salt length sanity checks but the main * RSA routines will trap other invalid values anyway. */ if (saltlen < 0) { RSAerror(RSA_R_INVALID_SALT_LENGTH); goto err; } } else saltlen = 20; /* low-level routines support only trailer field 0xbc (value 1) * and PKCS#1 says we should reject any other value anyway. */ if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { RSAerror(RSA_R_INVALID_TRAILER); goto err; } /* We have all parameters now set up context */ if (!EVP_DigestVerifyInit(ctx, &pkctx, md, NULL, pkey)) goto err; if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_PSS_PADDING) <= 0) goto err; if (EVP_PKEY_CTX_set_rsa_pss_saltlen(pkctx, saltlen) <= 0) goto err; if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0) goto err; /* Carry on */ rv = 2; err: RSA_PSS_PARAMS_free(pss); if (maskHash) X509_ALGOR_free(maskHash); return rv; }
static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) { char *str; const char *s; unsigned char *m = NULL; int ret = 0, mod_len = 0; size_t buf_len = 0; update_buflen(x->n, &buf_len); update_buflen(x->e, &buf_len); if (priv) { update_buflen(x->d, &buf_len); update_buflen(x->p, &buf_len); update_buflen(x->q, &buf_len); update_buflen(x->dmp1, &buf_len); update_buflen(x->dmq1, &buf_len); update_buflen(x->iqmp, &buf_len); } m = malloc(buf_len + 10); if (m == NULL) { RSAerror(ERR_R_MALLOC_FAILURE); goto err; } if (x->n != NULL) mod_len = BN_num_bits(x->n); if (!BIO_indent(bp, off, 128)) goto err; if (priv && x->d) { if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) goto err; str = "modulus:"; s = "publicExponent:"; } else { if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) goto err; str = "Modulus:"; s= "Exponent:"; } if (!ASN1_bn_print(bp, str, x->n, m, off)) goto err; if (!ASN1_bn_print(bp, s, x->e, m, off)) goto err; if (priv) { if (!ASN1_bn_print(bp, "privateExponent:", x->d,m, off)) goto err; if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) goto err; if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) goto err; if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) goto err; if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) goto err; if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) goto err; } ret = 1; err: free(m); return (ret); }