提交 6745a1ff 编写于 作者: D Dr. Stephen Henson

Cache maskHash parameter

Store hash algorithm used for MGF1 masks in PSS and OAEP modes in PSS and
OAEP parameter structure: this avoids the need to decode part of the ASN.1
structure every time it is used.
Reviewed-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2177)
上级 3b72dcd5
...@@ -188,37 +188,36 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, ...@@ -188,37 +188,36 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
return do_rsa_print(bp, pkey->pkey.rsa, indent, 1); return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
} }
/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */
static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
{ {
if (alg == NULL)
return NULL;
if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
return NULL; return NULL;
return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
alg->parameter); alg->parameter);
} }
static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg)
X509_ALGOR **pmaskHash)
{ {
RSA_PSS_PARAMS *pss; RSA_PSS_PARAMS *pss;
*pmaskHash = NULL;
pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
alg->parameter); alg->parameter);
if (!pss) if (pss == NULL)
return NULL; return NULL;
*pmaskHash = rsa_mgf1_decode(pss->maskGenAlgorithm); if (pss->maskGenAlgorithm != NULL) {
pss->maskHash = rsa_mgf1_decode(pss->maskGenAlgorithm);
if (pss->maskHash == NULL) {
RSA_PSS_PARAMS_free(pss);
return NULL;
}
}
return pss; return pss;
} }
static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, int indent)
X509_ALGOR *maskHash, int indent)
{ {
int rv = 0; int rv = 0;
if (!pss) { if (!pss) {
...@@ -252,8 +251,8 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss, ...@@ -252,8 +251,8 @@ static int rsa_pss_param_print(BIO *bp, RSA_PSS_PARAMS *pss,
goto err; goto err;
if (BIO_puts(bp, " with ") <= 0) if (BIO_puts(bp, " with ") <= 0)
goto err; goto err;
if (maskHash) { if (pss->maskHash) {
if (i2a_ASN1_OBJECT(bp, maskHash->algorithm) <= 0) if (i2a_ASN1_OBJECT(bp, pss->maskHash->algorithm) <= 0)
goto err; goto err;
} else if (BIO_puts(bp, "INVALID") <= 0) } else if (BIO_puts(bp, "INVALID") <= 0)
goto err; goto err;
...@@ -296,11 +295,9 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, ...@@ -296,11 +295,9 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) { if (OBJ_obj2nid(sigalg->algorithm) == NID_rsassaPss) {
int rv; int rv;
RSA_PSS_PARAMS *pss; RSA_PSS_PARAMS *pss;
X509_ALGOR *maskHash; pss = rsa_pss_decode(sigalg);
pss = rsa_pss_decode(sigalg, &maskHash); rv = rsa_pss_param_print(bp, pss, indent);
rv = rsa_pss_param_print(bp, pss, maskHash, indent);
RSA_PSS_PARAMS_free(pss); RSA_PSS_PARAMS_free(pss);
X509_ALGOR_free(maskHash);
if (!rv) if (!rv)
return 0; return 0;
} else if (!sig && BIO_puts(bp, "\n") <= 0) } else if (!sig && BIO_puts(bp, "\n") <= 0)
...@@ -410,29 +407,6 @@ static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg) ...@@ -410,29 +407,6 @@ static const EVP_MD *rsa_algor_to_md(X509_ALGOR *alg)
return md; return md;
} }
/* convert MGF1 algorithm ID to EVP_MD, default SHA1 */
static const EVP_MD *rsa_mgf1_to_md(X509_ALGOR *alg, X509_ALGOR *maskHash)
{
const EVP_MD *md;
if (!alg)
return EVP_sha1();
/* Check mask and lookup mask hash algorithm */
if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) {
RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_ALGORITHM);
return NULL;
}
if (!maskHash) {
RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNSUPPORTED_MASK_PARAMETER);
return NULL;
}
md = EVP_get_digestbyobj(maskHash->algorithm);
if (md == NULL) {
RSAerr(RSA_F_RSA_MGF1_TO_MD, RSA_R_UNKNOWN_MASK_DIGEST);
return NULL;
}
return md;
}
/* /*
* Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter, * Convert EVP_PKEY_CTX is PSS mode into corresponding algorithm parameter,
* suitable for setting an AlgorithmIdentifier. * suitable for setting an AlgorithmIdentifier.
...@@ -497,20 +471,19 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, ...@@ -497,20 +471,19 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
int saltlen; int saltlen;
const EVP_MD *mgf1md = NULL, *md = NULL; const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_PSS_PARAMS *pss; RSA_PSS_PARAMS *pss;
X509_ALGOR *maskHash;
/* Sanity check: make sure it is PSS */ /* Sanity check: make sure it is PSS */
if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
return -1; return -1;
} }
/* Decode PSS parameters */ /* Decode PSS parameters */
pss = rsa_pss_decode(sigalg, &maskHash); pss = rsa_pss_decode(sigalg);
if (pss == NULL) { if (pss == NULL) {
RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS); RSAerr(RSA_F_RSA_PSS_TO_CTX, RSA_R_INVALID_PSS_PARAMETERS);
goto err; goto err;
} }
mgf1md = rsa_mgf1_to_md(pss->maskGenAlgorithm, maskHash); mgf1md = rsa_algor_to_md(pss->maskHash);
if (!mgf1md) if (!mgf1md)
goto err; goto err;
md = rsa_algor_to_md(pss->hashAlgorithm); md = rsa_algor_to_md(pss->hashAlgorithm);
...@@ -568,7 +541,6 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, ...@@ -568,7 +541,6 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
err: err:
RSA_PSS_PARAMS_free(pss); RSA_PSS_PARAMS_free(pss);
X509_ALGOR_free(maskHash);
return rv; return rv;
} }
...@@ -674,22 +646,24 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ...@@ -674,22 +646,24 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
} }
#ifndef OPENSSL_NO_CMS #ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg)
X509_ALGOR **pmaskHash)
{ {
RSA_OAEP_PARAMS *pss; RSA_OAEP_PARAMS *oaep;
*pmaskHash = NULL;
pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), oaep = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
alg->parameter); alg->parameter);
if (!pss) if (oaep == NULL)
return NULL; return NULL;
*pmaskHash = rsa_mgf1_decode(pss->maskGenFunc); if (oaep->maskGenFunc != NULL) {
oaep->maskHash = rsa_mgf1_decode(oaep->maskGenFunc);
return pss; if (oaep->maskHash == NULL) {
RSA_OAEP_PARAMS_free(oaep);
return NULL;
}
}
return oaep;
} }
static int rsa_cms_decrypt(CMS_RecipientInfo *ri) static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
...@@ -702,7 +676,6 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) ...@@ -702,7 +676,6 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
int labellen = 0; int labellen = 0;
const EVP_MD *mgf1md = NULL, *md = NULL; const EVP_MD *mgf1md = NULL, *md = NULL;
RSA_OAEP_PARAMS *oaep; RSA_OAEP_PARAMS *oaep;
X509_ALGOR *maskHash;
pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
if (!pkctx) if (!pkctx)
return 0; return 0;
...@@ -716,14 +689,14 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) ...@@ -716,14 +689,14 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
return -1; return -1;
} }
/* Decode OAEP parameters */ /* Decode OAEP parameters */
oaep = rsa_oaep_decode(cmsalg, &maskHash); oaep = rsa_oaep_decode(cmsalg);
if (oaep == NULL) { if (oaep == NULL) {
RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS); RSAerr(RSA_F_RSA_CMS_DECRYPT, RSA_R_INVALID_OAEP_PARAMETERS);
goto err; goto err;
} }
mgf1md = rsa_mgf1_to_md(oaep->maskGenFunc, maskHash); mgf1md = rsa_algor_to_md(oaep->maskHash);
if (!mgf1md) if (!mgf1md)
goto err; goto err;
md = rsa_algor_to_md(oaep->hashFunc); md = rsa_algor_to_md(oaep->hashFunc);
...@@ -760,7 +733,6 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) ...@@ -760,7 +733,6 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
err: err:
RSA_OAEP_PARAMS_free(oaep); RSA_OAEP_PARAMS_free(oaep);
X509_ALGOR_free(maskHash);
return rv; return rv;
} }
......
...@@ -49,20 +49,42 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = { ...@@ -49,20 +49,42 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
ASN1_SIMPLE(RSA, e, BIGNUM), ASN1_SIMPLE(RSA, e, BIGNUM),
} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) } ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
ASN1_SEQUENCE(RSA_PSS_PARAMS) = { /* Free up maskHash */
static int rsa_pss_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
if (operation == ASN1_OP_FREE_PRE) {
RSA_PSS_PARAMS *pss = (RSA_PSS_PARAMS *)*pval;
X509_ALGOR_free(pss->maskHash);
}
return 1;
}
ASN1_SEQUENCE_cb(RSA_PSS_PARAMS, rsa_pss_cb) = {
ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0), ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1), ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2), ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3) ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
} ASN1_SEQUENCE_END(RSA_PSS_PARAMS) } ASN1_SEQUENCE_END_cb(RSA_PSS_PARAMS, RSA_PSS_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
ASN1_SEQUENCE(RSA_OAEP_PARAMS) = { /* Free up maskHash */
static int rsa_oaep_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
{
if (operation == ASN1_OP_FREE_PRE) {
RSA_OAEP_PARAMS *oaep = (RSA_OAEP_PARAMS *)*pval;
X509_ALGOR_free(oaep->maskHash);
}
return 1;
}
ASN1_SEQUENCE_cb(RSA_OAEP_PARAMS, rsa_oaep_cb) = {
ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0), ASN1_EXP_OPT(RSA_OAEP_PARAMS, hashFunc, X509_ALGOR, 0),
ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1), ASN1_EXP_OPT(RSA_OAEP_PARAMS, maskGenFunc, X509_ALGOR, 1),
ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2), ASN1_EXP_OPT(RSA_OAEP_PARAMS, pSourceFunc, X509_ALGOR, 2),
} ASN1_SEQUENCE_END(RSA_OAEP_PARAMS) } ASN1_SEQUENCE_END_cb(RSA_OAEP_PARAMS, RSA_OAEP_PARAMS)
IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) IMPLEMENT_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
......
...@@ -239,6 +239,8 @@ typedef struct rsa_pss_params_st { ...@@ -239,6 +239,8 @@ typedef struct rsa_pss_params_st {
X509_ALGOR *maskGenAlgorithm; X509_ALGOR *maskGenAlgorithm;
ASN1_INTEGER *saltLength; ASN1_INTEGER *saltLength;
ASN1_INTEGER *trailerField; ASN1_INTEGER *trailerField;
/* Decoded hash algorithm from maskGenAlgorithm */
X509_ALGOR *maskHash;
} RSA_PSS_PARAMS; } RSA_PSS_PARAMS;
DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS) DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
...@@ -247,6 +249,8 @@ typedef struct rsa_oaep_params_st { ...@@ -247,6 +249,8 @@ typedef struct rsa_oaep_params_st {
X509_ALGOR *hashFunc; X509_ALGOR *hashFunc;
X509_ALGOR *maskGenFunc; X509_ALGOR *maskGenFunc;
X509_ALGOR *pSourceFunc; X509_ALGOR *pSourceFunc;
/* Decoded hash algorithm from maskGenFunc */
X509_ALGOR *maskHash;
} RSA_OAEP_PARAMS; } RSA_OAEP_PARAMS;
DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS) DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册