int x509_rsa_ctx_to_pss(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
const EVP_MD *sigmd, *mgf1md;
int saltlen;
if (!EVP_PKEY_CTX_get_signature_md(ctx->pctx, &sigmd) ||
!EVP_PKEY_CTX_get_rsa_mgf1_md(ctx->pctx, &mgf1md) ||
!EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx->pctx, &saltlen)) {
return 0;
}
EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
if (saltlen == -1) {
saltlen = EVP_MD_size(sigmd);
} else if (saltlen == -2) {
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0) {
saltlen--;
}
} else {
return 0;
}
int ret = 0;
ASN1_STRING *os = NULL;
RSA_PSS_PARAMS *pss = RSA_PSS_PARAMS_new();
if (!pss) {
goto err;
}
if (saltlen != 20) {
pss->saltLength = ASN1_INTEGER_new();
if (!pss->saltLength ||
!ASN1_INTEGER_set(pss->saltLength, saltlen)) {
goto err;
}
}
if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd) ||
!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md)) {
goto err;
}
/* Finally create string with pss parameter encoding. */
if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os)) {
goto err;
}
X509_ALGOR_set0(algor, OBJ_nid2obj(NID_rsassaPss), V_ASN1_SEQUENCE, os);
os = NULL;
ret = 1;
err:
RSA_PSS_PARAMS_free(pss);
ASN1_STRING_free(os);
return ret;
}
static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
{
const EVP_MD *sigmd, *mgf1md;
RSA_PSS_PARAMS *pss = NULL;
ASN1_STRING *os = NULL;
EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
int saltlen, rv = 0;
if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
goto err;
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
goto err;
if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
goto err;
if (saltlen == -1)
saltlen = EVP_MD_size(sigmd);
else if (saltlen == -2) {
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
saltlen--;
}
pss = RSA_PSS_PARAMS_new();
if (!pss)
goto err;
if (saltlen != 20) {
pss->saltLength = ASN1_INTEGER_new();
if (!pss->saltLength)
goto err;
if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
goto err;
}
if (!rsa_md_to_algor(&pss->hashAlgorithm, sigmd))
goto err;
if (!rsa_md_to_mgf1(&pss->maskGenAlgorithm, mgf1md))
goto err;
/* Finally create string with pss parameter encoding. */
if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os))
goto err;
rv = 1;
err:
if (pss)
RSA_PSS_PARAMS_free(pss);
if (rv)
return os;
if (os)
ASN1_STRING_free(os);
return NULL;
}
static RSA_PSS_PARAMS *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
{
const EVP_MD *sigmd, *mgf1md;
EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
int saltlen;
if (EVP_PKEY_CTX_get_signature_md(pkctx, &sigmd) <= 0)
return NULL;
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
return NULL;
if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
return NULL;
if (saltlen == -1) {
saltlen = EVP_MD_size(sigmd);
} else if (saltlen == -2) {
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
if ((EVP_PKEY_bits(pk) & 0x7) == 1)
saltlen--;
}
return rsa_pss_params_create(sigmd, mgf1md, saltlen);
}
static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
{
const EVP_MD *md, *mgf1md;
RSA_OAEP_PARAMS *oaep = NULL;
ASN1_STRING *os = NULL;
X509_ALGOR *alg;
EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen;
unsigned char *label;
CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg);
if (pkctx) {
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
}
if (pad_mode == RSA_PKCS1_PADDING) {
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption), V_ASN1_NULL, 0);
return 1;
}
/* Not supported */
if (pad_mode != RSA_PKCS1_OAEP_PADDING)
return 0;
if (EVP_PKEY_CTX_get_rsa_oaep_md(pkctx, &md) <= 0)
goto err;
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
goto err;
labellen = EVP_PKEY_CTX_get0_rsa_oaep_label(pkctx, &label);
if (labellen < 0)
goto err;
oaep = RSA_OAEP_PARAMS_new();
if (oaep == NULL)
goto err;
if (!rsa_md_to_algor(&oaep->hashFunc, md))
goto err;
if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
goto err;
if (labellen > 0) {
ASN1_OCTET_STRING *los;
oaep->pSourceFunc = X509_ALGOR_new();
if (oaep->pSourceFunc == NULL)
goto err;
los = ASN1_OCTET_STRING_new();
if (los == NULL)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
ASN1_OCTET_STRING_free(los);
goto err;
}
X509_ALGOR_set0(oaep->pSourceFunc, OBJ_nid2obj(NID_pSpecified),
V_ASN1_OCTET_STRING, los);
}
/* create string with pss parameter encoding. */
if (!ASN1_item_pack(oaep, ASN1_ITEM_rptr(RSA_OAEP_PARAMS), &os))
goto err;
X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaesOaep), V_ASN1_SEQUENCE, os);
os = NULL;
rv = 1;
err:
RSA_OAEP_PARAMS_free(oaep);
ASN1_STRING_free(os);
return rv;
}
static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
X509_ALGOR *alg1, X509_ALGOR *alg2,
ASN1_BIT_STRING *sig)
{
int pad_mode;
EVP_PKEY_CTX *pkctx = ctx->pctx;
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
if (pad_mode == RSA_PKCS1_PADDING)
return 2;
if (pad_mode == RSA_PKCS1_PSS_PADDING)
{
const EVP_MD *sigmd, *mgf1md;
RSA_PSS_PARAMS *pss = NULL;
X509_ALGOR *mgf1alg = NULL;
ASN1_STRING *os1 = NULL, *os2 = NULL;
EVP_PKEY *pk = EVP_PKEY_CTX_get0_pkey(pkctx);
int saltlen, rv = 0;
sigmd = EVP_MD_CTX_md(ctx);
if (EVP_PKEY_CTX_get_rsa_mgf1_md(pkctx, &mgf1md) <= 0)
goto err;
if (!EVP_PKEY_CTX_get_rsa_pss_saltlen(pkctx, &saltlen))
goto err;
if (saltlen == -1)
saltlen = EVP_MD_size(sigmd);
else if (saltlen == -2)
{
saltlen = EVP_PKEY_size(pk) - EVP_MD_size(sigmd) - 2;
if (((EVP_PKEY_bits(pk) - 1) & 0x7) == 0)
saltlen--;
}
pss = RSA_PSS_PARAMS_new();
if (!pss)
goto err;
if (saltlen != 20)
{
pss->saltLength = ASN1_INTEGER_new();
if (!pss->saltLength)
goto err;
if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
goto err;
}
if (EVP_MD_type(sigmd) != NID_sha1)
{
pss->hashAlgorithm = X509_ALGOR_new();
if (!pss->hashAlgorithm)
goto err;
X509_ALGOR_set_md(pss->hashAlgorithm, sigmd);
}
if (EVP_MD_type(mgf1md) != NID_sha1)
{
ASN1_STRING *stmp = NULL;
/* need to embed algorithm ID inside another */
mgf1alg = X509_ALGOR_new();
X509_ALGOR_set_md(mgf1alg, mgf1md);
if (!ASN1_item_pack(mgf1alg, ASN1_ITEM_rptr(X509_ALGOR),
&stmp))
goto err;
pss->maskGenAlgorithm = X509_ALGOR_new();
if (!pss->maskGenAlgorithm)
goto err;
X509_ALGOR_set0(pss->maskGenAlgorithm,
OBJ_nid2obj(NID_mgf1),
V_ASN1_SEQUENCE, stmp);
}
/* Finally create string with pss parameter encoding. */
if (!ASN1_item_pack(pss, ASN1_ITEM_rptr(RSA_PSS_PARAMS), &os1))
goto err;
if (alg2)
{
os2 = ASN1_STRING_dup(os1);
if (!os2)
goto err;
X509_ALGOR_set0(alg2, OBJ_nid2obj(NID_rsassaPss),
V_ASN1_SEQUENCE, os2);
}
X509_ALGOR_set0(alg1, OBJ_nid2obj(NID_rsassaPss),
V_ASN1_SEQUENCE, os1);
os1 = os2 = NULL;
rv = 3;
err:
if (mgf1alg)
X509_ALGOR_free(mgf1alg);
if (pss)
RSA_PSS_PARAMS_free(pss);
if (os1)
ASN1_STRING_free(os1);
return rv;
}
return 2;
}
