Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
btwise
openssl
提交
17c63d1c
O
openssl
项目概览
btwise
/
openssl
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
O
openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
17c63d1c
编写于
3月 11, 2010
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
RSA PSS ASN1 signing method
上级
877669d6
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
99 addition
and
4 deletion
+99
-4
CHANGES
CHANGES
+5
-0
crypto/rsa/rsa_ameth.c
crypto/rsa/rsa_ameth.c
+91
-4
crypto/x509/x509.h
crypto/x509/x509.h
+3
-0
未找到文件。
CHANGES
浏览文件 @
17c63d1c
...
...
@@ -4,6 +4,11 @@
Changes between 1.0.0 and 1.1.0 [xx XXX xxxx]
*) Add RSA PSS signing function. This will generated and set the
appropriate AlgorithmIdentifiers for PSS based on those in the
corresponding EVP_MD_CTX structure. No application support yet.
[Steve Henson]
*) Support for companion algorithm specific ASN1 signing routines.
New function ASN1_item_sign_ctx() signs a pre-initialised
EVP_MD_CTX structure and sets AlgorithmIdentifiers based on
...
...
crypto/rsa/rsa_ameth.c
浏览文件 @
17c63d1c
...
...
@@ -535,13 +535,13 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
if
(
!
EVP_DigestVerifyInit
(
ctx
,
&
pkctx
,
md
,
NULL
,
pkey
))
goto
err
;
if
(
!
EVP_PKEY_CTX_set_rsa_padding
(
pkctx
,
RSA_PKCS1_PSS_PADDING
)
)
if
(
EVP_PKEY_CTX_set_rsa_padding
(
pkctx
,
RSA_PKCS1_PSS_PADDING
)
<=
0
)
goto
err
;
if
(
!
EVP_PKEY_CTX_set_rsa_pss_saltlen
(
pkctx
,
saltlen
)
)
if
(
EVP_PKEY_CTX_set_rsa_pss_saltlen
(
pkctx
,
saltlen
)
<=
0
)
goto
err
;
if
(
!
EVP_PKEY_CTX_set_rsa_mgf1_md
(
pkctx
,
mgf1md
)
)
if
(
EVP_PKEY_CTX_set_rsa_mgf1_md
(
pkctx
,
mgf1md
)
<=
0
)
goto
err
;
/* Carry on */
rv
=
2
;
...
...
@@ -553,6 +553,92 @@ static int rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return
rv
;
}
static
int
rsa_item_sign
(
EVP_MD_CTX
*
ctx
,
const
ASN1_ITEM
*
it
,
void
*
asn
,
X509_ALGOR
*
alg1
,
X509_ALGOR
*
alg2
,
ASN1_BIT_STRING
*
sig
)
{
int
pad_mode
;
EVP_PKEY_CTX
*
pkctx
=
ctx
->
pctx
;
if
(
EVP_PKEY_CTX_get_rsa_padding
(
pkctx
,
&
pad_mode
)
<=
0
)
return
0
;
if
(
pad_mode
==
RSA_PKCS1_PADDING
)
return
2
;
if
(
pad_mode
==
RSA_PKCS1_PSS_PADDING
)
{
const
EVP_MD
*
sigmd
,
*
mgf1md
;
RSA_PSS_PARAMS
*
pss
=
NULL
;
X509_ALGOR
*
mgf1alg
=
NULL
;
ASN1_STRING
*
os1
=
NULL
,
*
os2
=
NULL
;
EVP_PKEY
*
pk
=
EVP_PKEY_CTX_get0_pkey
(
pkctx
);
int
saltlen
,
rv
=
0
;
sigmd
=
EVP_MD_CTX_md
(
ctx
);
if
(
EVP_PKEY_CTX_get_rsa_mgf1_md
(
pkctx
,
&
mgf1md
)
<=
0
)
goto
err
;
if
(
!
EVP_PKEY_CTX_get_rsa_pss_saltlen
(
pkctx
,
&
saltlen
))
goto
err
;
if
(
saltlen
==
-
1
)
saltlen
=
EVP_MD_size
(
sigmd
);
else
if
(
saltlen
==
-
2
)
saltlen
=
EVP_PKEY_size
(
pk
)
-
EVP_MD_size
(
sigmd
)
-
2
;
pss
=
RSA_PSS_PARAMS_new
();
if
(
!
pss
)
goto
err
;
if
(
saltlen
!=
20
)
{
pss
->
saltLength
=
ASN1_INTEGER_new
();
if
(
!
pss
->
saltLength
)
goto
err
;
if
(
!
ASN1_INTEGER_set
(
pss
->
saltLength
,
saltlen
))
goto
err
;
}
if
(
EVP_MD_type
(
sigmd
)
!=
NID_sha1
)
{
pss
->
hashAlgorithm
=
X509_ALGOR_new
();
if
(
!
pss
->
hashAlgorithm
)
goto
err
;
X509_ALGOR_set_md
(
pss
->
hashAlgorithm
,
sigmd
);
}
if
(
EVP_MD_type
(
mgf1md
)
!=
NID_sha1
)
{
ASN1_STRING
*
stmp
=
NULL
;
/* need to embed algorithm ID inside another */
mgf1alg
=
X509_ALGOR_new
();
X509_ALGOR_set_md
(
mgf1alg
,
mgf1md
);
if
(
!
ASN1_item_pack
(
mgf1alg
,
ASN1_ITEM_rptr
(
X509_ALGOR
),
&
stmp
))
goto
err
;
pss
->
maskGenAlgorithm
=
X509_ALGOR_new
();
if
(
!
pss
->
maskGenAlgorithm
)
goto
err
;
X509_ALGOR_set0
(
pss
->
maskGenAlgorithm
,
OBJ_nid2obj
(
NID_mgf1
),
V_ASN1_SEQUENCE
,
stmp
);
}
/* Finally create string with pss parameter encoding. */
if
(
!
ASN1_item_pack
(
pss
,
ASN1_ITEM_rptr
(
RSA_PSS_PARAMS
),
&
os1
))
goto
err
;
os2
=
ASN1_STRING_dup
(
os1
);
if
(
!
os2
)
goto
err
;
X509_ALGOR_set0
(
alg1
,
OBJ_nid2obj
(
NID_rsassaPss
),
V_ASN1_SEQUENCE
,
os1
);
X509_ALGOR_set0
(
alg2
,
OBJ_nid2obj
(
NID_rsassaPss
),
V_ASN1_SEQUENCE
,
os2
);
os1
=
os2
=
NULL
;
rv
=
3
;
err:
if
(
mgf1alg
)
X509_ALGOR_free
(
mgf1alg
);
if
(
pss
)
RSA_PSS_PARAMS_free
(
pss
);
if
(
os1
)
ASN1_STRING_free
(
os1
);
return
rv
;
}
return
2
;
}
const
EVP_PKEY_ASN1_METHOD
rsa_asn1_meths
[]
=
{
{
...
...
@@ -582,7 +668,8 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] =
rsa_pkey_ctrl
,
old_rsa_priv_decode
,
old_rsa_priv_encode
,
rsa_item_verify
rsa_item_verify
,
rsa_item_sign
},
{
...
...
crypto/x509/x509.h
浏览文件 @
17c63d1c
...
...
@@ -897,6 +897,9 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1,
int
ASN1_item_sign
(
const
ASN1_ITEM
*
it
,
X509_ALGOR
*
algor1
,
X509_ALGOR
*
algor2
,
ASN1_BIT_STRING
*
signature
,
void
*
data
,
EVP_PKEY
*
pkey
,
const
EVP_MD
*
type
);
int
ASN1_item_sign_ctx
(
EVP_MD_CTX
*
ctx
,
const
ASN1_ITEM
*
it
,
X509_ALGOR
*
algor1
,
X509_ALGOR
*
algor2
,
ASN1_BIT_STRING
*
signature
,
void
*
asn
);
#endif
int
X509_set_version
(
X509
*
x
,
long
version
);
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录