static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
{
const EVP_MD *md, *mgf1md;
RSA_OAEP_PARAMS *oaep = NULL;
ASN1_STRING *os = NULL;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
unsigned char *label;
CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg);
if (pkctx) {
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
}
if (pad_mode == RSA_PKCS1_PADDING) {
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
return 1;
}
/* Not supported */
if (pad_mode != RSA_PKCS1_OAEP_PADDING)
return 0;
if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
goto err;
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
goto err;
labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
if (labellen < 0)
goto err;
oaep = RSA_OAEP_PARAMS_new();
if (oaep == NULL)
goto err;
if (!rsa_md_to_algor(&oaep->hashFunc, md))
goto err;
if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
goto err;
if (labellen > 0) {
ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new();
oaep->pSourceFunc = X509_ALGOR_new();
if (oaep->pSourceFunc == NULL)
goto err;
if (los == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
ASN1_OCTET_STRING_free(los);
goto err;
}
X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
V_ASN1_OCTET_STRING, los);
}
/* create string with pss parameter encoding. */
if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
goto err;
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
os = NULL;
rv = 1;
err:
RSA_OAEP_PARAMS_free(oaep);
ASN1_STRING_free(os);
return rv;
}
static int
pkey_ctrl_gost01(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
X509_ALGOR *alg1 = NULL, *alg2 = NULL, *alg3 = NULL;
int digest = GOST_KEY_get_digest(pkey->pkey.gost);
switch (op) {
case ASN1_PKEY_CTRL_PKCS7_SIGN:
if (arg1 == 0)
PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, &alg1, &alg2);
break;
case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
if (arg1 == 0)
PKCS7_RECIP_INFO_get0_alg(arg2, &alg3);
break;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
if (arg1 == 0)
CMS_SignerInfo_get0_algs(arg2, NULL, NULL, &alg1, &alg2);
break;
case ASN1_PKEY_CTRL_CMS_ENVELOPE:
if (arg1 == 0)
CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg3);
break;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = GostR3410_get_md_digest(digest);
return 2;
default:
return -2;
}
if (alg1)
X509_ALGOR_set0(alg1, OBJ_nid2obj(GostR3410_get_md_digest(digest)), V_ASN1_NULL, 0);
if (alg2)
X509_ALGOR_set0(alg2, OBJ_nid2obj(GostR3410_get_pk_digest(digest)), V_ASN1_NULL, 0);
if (alg3) {
ASN1_STRING *params = encode_gost01_algor_params(pkey);
if (params == NULL) {
return -1;
}
X509_ALGOR_set0(alg3,
OBJ_nid2obj(GostR3410_get_pk_digest(digest)),
V_ASN1_SEQUENCE, params);
}
return 1;
}
static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
X509_ALGOR *alg = NULL;
switch (op)
{
case ASN1_PKEY_CTRL_PKCS7_SIGN:
if (arg1 == 0)
PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
break;
case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
if (arg1 == 0)
PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
break;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
if (arg1 == 0)
CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
break;
case ASN1_PKEY_CTRL_CMS_ENVELOPE:
if (arg1 == 0)
CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
break;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_sha1;
return 1;
default:
return -2;
}
if (alg)
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
V_ASN1_NULL, 0);
return 1;
}
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pkctx;
X509_ALGOR *cmsalg;
int nid;
int rv = -1;
unsigned char *label = NULL;
int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep;
X509_ALGOR *maskHash;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (!pkctx)
return 0;
if (!CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &cmsalg))
return -1;
nid = OBJ_obj2nid(cmsalg->algorithm);
if (nid == NID_rsaEncryption)
return 1;
if (nid != NID_rsaesOaep) {
RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
return -1;
}
/* Decode OAEP parameters */
oaep = rsa_oaep_decode(cmsalg, &maskHash);
if (oaep == NULL) {
RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
goto err;
}
mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash);
if (!mgf1md)
goto err;
md = rsa_algor_to_md(oaep->hashFunc);
if (!md)
goto err;
if (oaep->pSourceFunc) {
X509_ALGOR *plab = oaep->pSourceFunc;
if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_UNSUPPORTED_LABEL_SOURCE);
goto err;
}
if (plab->parameter->type != V_ASN1_OCTET_STRING) {
RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_LABEL);
goto err;
}
label = plab->parameter->value.octet_string->data;
/* Stop label being freed when OAEP parameters are freed */
plab->parameter->value.octet_string->data = NULL;
labellen = plab->parameter->value.octet_string->length;
}
if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_oaep_md(pkctx, md) <= 0)
goto err;
if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
goto err;
if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0)
goto err;
/* Carry on */
rv = 1;
err:
RSA_OAEP_PARAMS_free(oaep);
X509_ALGOR_free(maskHash);
return rv;
}
static int pkey_ctrl_gost(EVP_PKEY *pkey, int op,
long arg1, void *arg2)
{
switch (op)
{
case ASN1_PKEY_CTRL_PKCS7_SIGN:
if (arg1 == 0)
{
X509_ALGOR *alg1 = NULL, *alg2 = NULL;
int nid = EVP_PKEY_base_id(pkey);
PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO*)arg2,
NULL, &alg1, &alg2);
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
V_ASN1_NULL, 0);
if (nid == NID_undef)
{
return (-1);
}
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
}
return 1;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
if (arg1 == 0)
{
X509_ALGOR *alg1 = NULL, *alg2 = NULL;
int nid = EVP_PKEY_base_id(pkey);
CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2,
NULL, NULL, &alg1, &alg2);
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_id_GostR3411_94),
V_ASN1_NULL, 0);
if (nid == NID_undef)
{
return (-1);
}
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
}
return 1;
#endif
case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
if (arg1 == 0)
{
X509_ALGOR *alg;
ASN1_STRING * params = encode_gost_algor_params(pkey);
if (!params)
{
return -1;
}
PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO*)arg2, &alg);
X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
V_ASN1_SEQUENCE, params);
}
return 1;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_ENVELOPE:
if (arg1 == 0)
{
X509_ALGOR *alg;
ASN1_STRING * params = encode_gost_algor_params(pkey);
if (!params)
{
return -1;
}
CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL, NULL, &alg);
X509_ALGOR_set0(alg, OBJ_nid2obj(pkey->type),
V_ASN1_SEQUENCE, params);
}
return 1;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = NID_id_GostR3411_94;
return 2;
}
return -2;
}
static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{
RSA_PKEY_CTX *rctx = ctx->data;
switch (type)
{
case EVP_PKEY_CTRL_RSA_PADDING:
if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
{
if (!check_padding_md(rctx->md, p1))
return 0;
if (p1 == RSA_PKCS1_PSS_PADDING)
{
if (!(ctx->operation &
(EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
goto bad_pad;
if (!rctx->md)
rctx->md = EVP_sha1();
}
if (p1 == RSA_PKCS1_OAEP_PADDING)
{
if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
goto bad_pad;
if (!rctx->md)
rctx->md = EVP_sha1();
}
rctx->pad_mode = p1;
return 1;
}
bad_pad:
RSAerr(RSA_F_PKEY_RSA_CTRL,
RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
return -2;
case EVP_PKEY_CTRL_GET_RSA_PADDING:
*(int *)p2 = rctx->pad_mode;
return 1;
case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
{
RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
return -2;
}
if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
*(int *)p2 = rctx->saltlen;
else
{
if (p1 < -2)
return -2;
rctx->saltlen = p1;
}
return 1;
case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
if (p1 < 256)
{
RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
return -2;
}
rctx->nbits = p1;
return 1;
case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
if (!p2)
return -2;
rctx->pub_exp = p2;
return 1;
case EVP_PKEY_CTRL_MD:
if (!check_padding_md(p2, rctx->pad_mode))
return 0;
rctx->md = p2;
return 1;
case EVP_PKEY_CTRL_RSA_MGF1_MD:
case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
{
RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
return -2;
}
if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
{
if (rctx->mgf1md)
*(const EVP_MD **)p2 = rctx->mgf1md;
else
*(const EVP_MD **)p2 = rctx->md;
}
else
rctx->mgf1md = p2;
return 1;
case EVP_PKEY_CTRL_DIGESTINIT:
case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
case EVP_PKEY_CTRL_PKCS7_DECRYPT:
case EVP_PKEY_CTRL_PKCS7_SIGN:
return 1;
#ifndef OPENSSL_NO_CMS
case EVP_PKEY_CTRL_CMS_DECRYPT:
{
X509_ALGOR *alg = NULL;
ASN1_OBJECT *encalg = NULL;
if (p2)
CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
if (alg)
X509_ALGOR_get0(&encalg, NULL, NULL, alg);
if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
}
case EVP_PKEY_CTRL_CMS_ENCRYPT:
case EVP_PKEY_CTRL_CMS_SIGN:
return 1;
#endif
case EVP_PKEY_CTRL_PEER_KEY:
RSAerr(RSA_F_PKEY_RSA_CTRL,
RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
return -2;
default:
return -2;
}
}
/*
* Control function
*/
static int pkey_ctrl_gost(EVP_PKEY *pkey, int op, long arg1, void *arg2)
{
int nid = EVP_PKEY_base_id(pkey), md_nid = NID_undef;
X509_ALGOR *alg1 = NULL, *alg2 = NULL;
switch (nid) {
case NID_id_GostR3410_2012_512:
md_nid = NID_id_GostR3411_2012_512;
break;
case NID_id_GostR3410_2012_256:
md_nid = NID_id_GostR3411_2012_256;
break;
case NID_id_GostR3410_2001:
case NID_id_GostR3410_94:
md_nid = NID_id_GostR3411_94;
break;
default:
return -1;
}
switch (op) {
case ASN1_PKEY_CTRL_PKCS7_SIGN:
if (arg1 == 0) {
PKCS7_SIGNER_INFO_get0_algs((PKCS7_SIGNER_INFO *)arg2, NULL,
&alg1, &alg2);
X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
}
return 1;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_SIGN:
if (arg1 == 0) {
CMS_SignerInfo_get0_algs((CMS_SignerInfo *)arg2, NULL, NULL,
&alg1, &alg2);
X509_ALGOR_set0(alg1, OBJ_nid2obj(md_nid), V_ASN1_NULL, 0);
X509_ALGOR_set0(alg2, OBJ_nid2obj(nid), V_ASN1_NULL, 0);
}
return 1;
#endif
case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
if (arg1 == 0) {
ASN1_STRING *params = encode_gost_algor_params(pkey);
if (!params) {
return -1;
}
PKCS7_RECIP_INFO_get0_alg((PKCS7_RECIP_INFO *)arg2, &alg1);
X509_ALGOR_set0(alg1, OBJ_nid2obj(pkey->type),
V_ASN1_SEQUENCE, params);
}
return 1;
#ifndef OPENSSL_NO_CMS
case ASN1_PKEY_CTRL_CMS_ENVELOPE:
if (arg1 == 0) {
ASN1_STRING *params = encode_gost_algor_params(pkey);
if (!params) {
return -1;
}
CMS_RecipientInfo_ktri_get0_algs((CMS_RecipientInfo *)arg2, NULL,
NULL, &alg1);
X509_ALGOR_set0(alg1, OBJ_nid2obj(pkey->type), V_ASN1_SEQUENCE,
params);
}
return 1;
#endif
case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
*(int *)arg2 = md_nid;
return 2;
}
return -2;
}
