add separate PSS decode function, rename PSS parameters to RSA_PSS_PARAMS

63b825c9 · Dr. Stephen Henson · 77f4b6ba · 63b825c9 · 63b825c9 · 63b825c9
隐藏空白更改
内联并排

Showing with 63 addition and 32 deletion

crypto/rsa/rsa.h crypto/rsa/rsa.h +4 -3

crypto/rsa/rsa_ameth.c crypto/rsa/rsa_ameth.c +52 -22

crypto/rsa/rsa_asn1.c crypto/rsa/rsa_asn1.c +7 -7

未找到文件。
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -241,6 +241,7 @@ struct rsa_st
 #define EVP_PKEY_CTRL_RSA_KEYGEN_BITS	(EVP_PKEY_ALG_CTRL + 3)
 #define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP	(EVP_PKEY_ALG_CTRL + 4)
+#define EVP_PKEY_CTRL_MGF1_MD		(EVP_PKEY_ALG_CTRL + 5)
 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
@@ -300,15 +301,15 @@ const RSA_METHOD *RSA_null_method(void);
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
 DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
-typedef struct rsassaPssParams_st
+typedef struct rsa_pss_params_st
 	{
 	X509_ALGOR *hashAlgorithm;
 	X509_ALGOR *maskGenAlgorithm;
 	ASN1_INTEGER *saltLength;
 	ASN1_INTEGER *trailerField;
-	} RSASSA_PSS_PARAMS;
+	} RSA_PSS_PARAMS;
-DECLARE_ASN1_FUNCTIONS(RSASSA_PSS_PARAMS)
+DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 #ifndef OPENSSL_NO_FP_API
 int	RSA_print_fp(FILE *fp, const RSA *r,int offset);

--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -265,14 +265,48 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
 	return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
 	}
-static int rsa_pss_param_print(BIO *bp, RSASSA_PSS_PARAMS *pss, int indent)
+static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
+					X509_ALGOR **pmaskHash)
+	{
+	const unsigned char *p;
+	int plen;
+	RSA_PSS_PARAMS *pss;
+	*pmaskHash = NULL;
+	if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
+		return NULL;
+	p = alg->parameter->value.sequence->data;
+	plen = alg->parameter->value.sequence->length;
+	pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
+	if (!pss)
+		return NULL;
+	if (pss->maskGenAlgorithm)
+		{
+		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
+		if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) == NID_mgf1
+			&& param->type == V_ASN1_SEQUENCE)
+			{
+			p = param->value.sequence->data;
+			plen = param->value.sequence->length;
+			*pmaskHash = d2i_X509_ALGOR(NULL, &p, plen);
+			}
+		}
+	return pss;
+	}
+static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, 
+				X509_ALGOR *maskHash, int indent)
 	{
 	int rv = 0;
-	X509_ALGOR *maskHash = NULL;
 	if (!pss)
 		{
 		if (BIO_puts(bp, " (INVALID PSS PARAMETERS)\n") <= 0)
 			return 0;
+		return 1;
 		}
 	if (BIO_puts(bp, "\n") <= 0)
 		goto err;
@@ -299,18 +333,16 @@ static int rsa_pss_param_print(BIO *bp, RSASSA_PSS_PARAMS *pss, int indent)
 			goto err;
 	if (pss->maskGenAlgorithm)
 		{
-		ASN1_TYPE *param = pss->maskGenAlgorithm->parameter;
-		if (param->type == V_ASN1_SEQUENCE)
-			{
-			const unsigned char *p = param->value.sequence->data;
-			int plen = param->value.sequence->length;
-			maskHash = d2i_X509_ALGOR(NULL, &p, plen);
-			}
 		if (i2a_ASN1_OBJECT(bp, pss->maskGenAlgorithm->algorithm) <= 0)
 			goto err;
 		if (BIO_puts(bp, " with ") <= 0)
 			goto err;
-		if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
+		if (maskHash)
+			{
+			if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0)
+			goto err;
+			}
+		else if (BIO_puts(bp, "INVALID") <= 0)
 			goto err;
 		}
 	else if (BIO_puts(bp, "mgf1 with sha1 (default)") <= 0)
@@ -346,9 +378,6 @@ static int rsa_pss_param_print(BIO *bp, RSASSA_PSS_PARAMS *pss, int indent)
 	rv = 1;
 	err:
-	if (maskHash)
-		X509_ALGOR_free(maskHash);
-	RSASSA_PSS_PARAMS_free(pss);
 	return rv;
 	}
@@ -359,15 +388,16 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
 	{
 	if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss)
 		{
-		RSASSA_PSS_PARAMS *pss = NULL;
+		int rv;
-		ASN1_TYPE *param = sigalg->parameter;
+		RSA_PSS_PARAMS *pss;
-		if (param && param->type == V_ASN1_SEQUENCE)
+		X509_ALGOR *maskHash;
-			{
+		pss = rsa_pss_decode(sigalg, &maskHash);
-			const unsigned char *p = param->value.sequence->data;
+		rv = rsa_pss_param_print(bp, pss, maskHash, indent);
-			int plen = param->value.sequence->length;
+		if (pss)
-			pss = d2i_RSASSA_PSS_PARAMS(NULL, &p, plen);
+			RSA_PSS_PARAMS_free(pss);
-			}
+		if (maskHash)
-		if (!rsa_pss_param_print(bp, pss, indent))
+			X509_ALGOR_free(maskHash);
+		if (!rv)
 			return 0;
 		}

--- a/crypto/rsa/rsa_asn1.c
+++ b/crypto/rsa/rsa_asn1.c
@@ -97,14 +97,14 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
 	ASN1_SIMPLE(RSA, e, BIGNUM),
 } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
-ASN1_SEQUENCE(RSASSA_PSS_PARAMS) = {
+ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
-	ASN1_EXP_OPT(RSASSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
+	ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
-	ASN1_EXP_OPT(RSASSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
+	ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
-	ASN1_EXP_OPT(RSASSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
+	ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
-	ASN1_EXP_OPT(RSASSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
+	ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
-} ASN1_SEQUENCE_END(RSASSA_PSS_PARAMS)
+} ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
-IMPLEMENT_ASN1_FUNCTIONS(RSASSA_PSS_PARAMS)
+IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)