diff options
author | Richard Levitte <levitte@openssl.org> | 2020-05-02 13:25:52 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2020-05-14 12:16:35 +0200 |
commit | 36a2a551d7dd5628a3533f7f23b1f3827f9535f7 (patch) | |
tree | 1ff09f9dc5a1728e760a7d4b9f451e3db2a3535b | |
parent | DER writer: Add the possibility to abandon empty SEQUENCEs (diff) | |
download | openssl-36a2a551d7dd5628a3533f7f23b1f3827f9535f7.tar.xz openssl-36a2a551d7dd5628a3533f7f23b1f3827f9535f7.zip |
PROV: Refactor the RSA DER support
We separate out the NIST arc OIDs to a separate file, so it can be
re-used, and also the DIGEST OIDs.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11710)
-rw-r--r-- | providers/common/der/DIGESTS.asn1 | 19 | ||||
-rw-r--r-- | providers/common/der/NIST.asn1 | 8 | ||||
-rw-r--r-- | providers/common/der/RSA.asn1 | 2 | ||||
-rw-r--r-- | providers/common/der/build.info | 11 | ||||
-rw-r--r-- | providers/common/der/der_digests.c.in | 18 | ||||
-rw-r--r-- | providers/common/der/der_digests.h.in | 18 | ||||
-rw-r--r-- | providers/common/der/der_rsa.c.in | 389 | ||||
-rw-r--r-- | providers/common/der/der_rsa.h.in | 7 |
8 files changed, 444 insertions, 28 deletions
diff --git a/providers/common/der/DIGESTS.asn1 b/providers/common/der/DIGESTS.asn1 new file mode 100644 index 0000000000..afed372186 --- /dev/null +++ b/providers/common/der/DIGESTS.asn1 @@ -0,0 +1,19 @@ +-- ------------------------------------------------------------------- +-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration + +id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 } +id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 } +id-sha512 OBJECT IDENTIFIER ::= { hashAlgs 3 } +id-sha224 OBJECT IDENTIFIER ::= { hashAlgs 4 } +id-sha512-224 OBJECT IDENTIFIER ::= { hashAlgs 5 } +id-sha512-256 OBJECT IDENTIFIER ::= { hashAlgs 6 } +id-sha3-224 OBJECT IDENTIFIER ::= { hashAlgs 7 } +id-sha3-256 OBJECT IDENTIFIER ::= { hashAlgs 8 } +id-sha3-384 OBJECT IDENTIFIER ::= { hashAlgs 9 } +id-sha3-512 OBJECT IDENTIFIER ::= { hashAlgs 10 } +id-shake128 OBJECT IDENTIFIER ::= { hashAlgs 11 } +id-shake256 OBJECT IDENTIFIER ::= { hashAlgs 12 } +id-shake128-len OBJECT IDENTIFIER ::= { hashAlgs 17 } +id-shake256-len OBJECT IDENTIFIER ::= { hashAlgs 18 } +id-KMACWithSHAKE128 OBJECT IDENTIFIER ::={hashAlgs 19} +id-KMACWithSHAKE256 OBJECT IDENTIFIER ::={ hashAlgs 20} diff --git a/providers/common/der/NIST.asn1 b/providers/common/der/NIST.asn1 new file mode 100644 index 0000000000..3e43848495 --- /dev/null +++ b/providers/common/der/NIST.asn1 @@ -0,0 +1,8 @@ +-- ------------------------------------------------------------------- +-- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration + +-- Copies of common OIDs used by other ASN.1 files. +csor OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 } +nistAlgorithms OBJECT IDENTIFIER ::= { csor nistAlgorithm(4) } +hashAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 2 } +sigAlgs OBJECT IDENTIFIER ::= { nistAlgorithms 3 } diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1 index 66511be50e..d0c54d71ef 100644 --- a/providers/common/der/RSA.asn1 +++ b/providers/common/der/RSA.asn1 @@ -80,8 +80,6 @@ id-mgf1 OBJECT IDENTIFIER ::= { pkcs-1 8 } -- ------------------------------------------------------------------- -- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration -sigAlgs OBJECT IDENTIFIER ::= { 2 16 840 1 101 3 4 3 } - id-rsassa-pkcs1-v1_5-with-sha3-224 OBJECT IDENTIFIER ::= { sigAlgs 13 } id-rsassa-pkcs1-v1_5-with-sha3-256 OBJECT IDENTIFIER ::= { sigAlgs 14 } id-rsassa-pkcs1-v1_5-with-sha3-384 OBJECT IDENTIFIER ::= { sigAlgs 15 } diff --git a/providers/common/der/build.info b/providers/common/der/build.info index eda763ea8e..837fe73fed 100644 --- a/providers/common/der/build.info +++ b/providers/common/der/build.info @@ -1,4 +1,4 @@ -$FIPSABLE=der_rsa.c der_dsa.c der_ec.c +$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c SOURCE[../../libfips.a]=$FIPSABLE SOURCE[../../libnonfips.a]=$FIPSABLE @@ -6,7 +6,7 @@ SOURCE[../../libnonfips.a]=$FIPSABLE GENERATE[der_rsa.c]=der_rsa.c.in DEPEND[der_rsa.c]=oids_to_c.pm -DEPEND[der_rsa.o]=../include/prov/der_rsa.h +DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm @@ -23,3 +23,10 @@ DEPEND[der_ec.c]=oids_to_c.pm DEPEND[der_ec.o]=../include/prov/der_ec.h GENERATE[../include/prov/der_ec.h]=der_ec.h.in DEPEND[../include/prov/der_ec.h]=oids_to_c.pm + +GENERATE[der_digests.c]=der_digests.c.in +DEPEND[der_digests.c]=oids_to_c.pm + +DEPEND[der_digests.o]=../include/prov/der_digests.h +GENERATE[../include/prov/der_digests.h]=der_digests.h.in +DEPEND[../include/prov/der_digests.h]=oids_to_c.pm diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_digests.c.in new file mode 100644 index 0000000000..433c107420 --- /dev/null +++ b/providers/common/der/der_digests.c.in @@ -0,0 +1,18 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "prov/der_digests.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_C }); +-} diff --git a/providers/common/der/der_digests.h.in b/providers/common/der/der_digests.h.in new file mode 100644 index 0000000000..91fbe1f72c --- /dev/null +++ b/providers/common/der/der_digests.h.in @@ -0,0 +1,18 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/der.h" + +/* Well known OIDs precompiled */ +{- + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', + { dir => $config{sourcedir}, + filter => \&oids_to_c::filter_to_H }); +-} diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa.c.in index bc7c0095e9..d3bab85d1f 100644 --- a/providers/common/der/der_rsa.c.in +++ b/providers/common/der/der_rsa.c.in @@ -9,25 +9,368 @@ #include <openssl/bn.h> #include <openssl/obj_mac.h> +#include "internal/cryptlib.h" #include "prov/der_rsa.h" +#include "prov/der_digests.h" /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', + 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_C }); -} +/* More complex pre-compiled sequences. TODO(3.0) refactor? */ +/*- + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-sha1 PARAMETERS NULL }| + * { OID id-sha224 PARAMETERS NULL }| + * { OID id-sha256 PARAMETERS NULL }| + * { OID id-sha384 PARAMETERS NULL }| + * { OID id-sha512 PARAMETERS NULL }| + * { OID id-sha512-224 PARAMETERS NULL }| + * { OID id-sha512-256 PARAMETERS NULL }, + * ... -- Allows for future expansion -- + * } + */ +#define DER_V_NULL DER_P_NULL, 0 +#define DER_SZ_NULL 2 + +/* + * The names for the hash function AlgorithmIdentifiers are borrowed and + * expanded from https://tools.ietf.org/html/rfc4055#section-2.1 + * + * sha1Identifier AlgorithmIdentifier ::= { id-sha1, NULL } + * sha224Identifier AlgorithmIdentifier ::= { id-sha224, NULL } + * sha256Identifier AlgorithmIdentifier ::= { id-sha256, NULL } + * sha384Identifier AlgorithmIdentifier ::= { id-sha384, NULL } + * sha512Identifier AlgorithmIdentifier ::= { id-sha512, NULL } + */ +#if 0 /* Currently unused */ +#define DER_AID_V_sha1Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha1 + DER_SZ_NULL, \ + DER_OID_V_id_sha1, \ + DER_V_NULL +static const unsigned char der_aid_sha1Identifier[] = { + DER_AID_V_sha1Identifier +}; +#define DER_AID_SZ_sha1Identifier sizeof(der_aid_sha1Identifier) +#endif + +#define DER_AID_V_sha224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha224 + DER_SZ_NULL, \ + DER_OID_V_id_sha224, \ + DER_V_NULL +static const unsigned char der_aid_sha224Identifier[] = { + DER_AID_V_sha224Identifier +}; +#define DER_AID_SZ_sha224Identifier sizeof(der_aid_sha224Identifier) + +#define DER_AID_V_sha256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha256 + DER_SZ_NULL, \ + DER_OID_V_id_sha256, \ + DER_V_NULL +static const unsigned char der_aid_sha256Identifier[] = { + DER_AID_V_sha256Identifier +}; +#define DER_AID_SZ_sha256Identifier sizeof(der_aid_sha256Identifier) + +#define DER_AID_V_sha384Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha384 + DER_SZ_NULL, \ + DER_OID_V_id_sha384, \ + DER_V_NULL +static const unsigned char der_aid_sha384Identifier[] = { + DER_AID_V_sha384Identifier +}; +#define DER_AID_SZ_sha384Identifier sizeof(der_aid_sha384Identifier) + +#define DER_AID_V_sha512Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512 + DER_SZ_NULL, \ + DER_OID_V_id_sha512, \ + DER_V_NULL +static const unsigned char der_aid_sha512Identifier[] = { + DER_AID_V_sha512Identifier +}; +#define DER_AID_SZ_sha512Identifier sizeof(der_aid_sha512Identifier) + +#define DER_AID_V_sha512_224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_224 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_224, \ + DER_V_NULL +static const unsigned char der_aid_sha512_224Identifier[] = { + DER_AID_V_sha512_224Identifier +}; +#define DER_AID_SZ_sha512_224Identifier sizeof(der_aid_sha512_224Identifier) + +#define DER_AID_V_sha512_256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_sha512_256 + DER_SZ_NULL, \ + DER_OID_V_id_sha512_256, \ + DER_V_NULL +static const unsigned char der_aid_sha512_256Identifier[] = { + DER_AID_V_sha512_256Identifier +}; +#define DER_AID_SZ_sha512_256Identifier sizeof(der_aid_sha512_256Identifier) + +/*- + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * HashAlgorithm ::= AlgorithmIdentifier { + * {OAEP-PSSDigestAlgorithms} + * } + * + * ... + * + * PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-mgf1 PARAMETERS HashAlgorithm }, + * ... -- Allows for future expansion -- + * } + */ + +/* + * The names for the MGF1 AlgorithmIdentifiers are borrowed and expanded + * from https://tools.ietf.org/html/rfc4055#section-2.1 + * + * mgf1SHA1Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha1Identifier } + * mgf1SHA224Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha224Identifier } + * mgf1SHA256Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha256Identifier } + * mgf1SHA384Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha384Identifier } + * mgf1SHA512Identifier AlgorithmIdentifier ::= + * { id-mgf1, sha512Identifier } + */ +#if 0 /* Currently unused */ +#define DER_AID_V_mgf1SHA1Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha1Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha1Identifier +static const unsigned char der_aid_mgf1SHA1Identifier[] = { + DER_AID_V_mgf1SHA1Identifier +}; +#define DER_AID_SZ_mgf1SHA1Identifier sizeof(der_aid_mgf1SHA1Identifier) +#endif + +#define DER_AID_V_mgf1SHA224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha224Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha224Identifier +static const unsigned char der_aid_mgf1SHA224Identifier[] = { + DER_AID_V_mgf1SHA224Identifier +}; +#define DER_AID_SZ_mgf1SHA224Identifier sizeof(der_aid_mgf1SHA224Identifier) + +#define DER_AID_V_mgf1SHA256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha256Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha256Identifier +static const unsigned char der_aid_mgf1SHA256Identifier[] = { + DER_AID_V_mgf1SHA256Identifier +}; +#define DER_AID_SZ_mgf1SHA256Identifier sizeof(der_aid_mgf1SHA256Identifier) + +#define DER_AID_V_mgf1SHA384Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha384Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha384Identifier +static const unsigned char der_aid_mgf1SHA384Identifier[] = { + DER_AID_V_mgf1SHA384Identifier +}; +#define DER_AID_SZ_mgf1SHA384Identifier sizeof(der_aid_mgf1SHA384Identifier) + +#define DER_AID_V_mgf1SHA512Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512Identifier +static const unsigned char der_aid_mgf1SHA512Identifier[] = { + DER_AID_V_mgf1SHA512Identifier +}; +#define DER_AID_SZ_mgf1SHA512Identifier sizeof(der_aid_mgf1SHA512Identifier) + +#define DER_AID_V_mgf1SHA512_224Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_224Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512_224Identifier +static const unsigned char der_aid_mgf1SHA512_224Identifier[] = { + DER_AID_V_mgf1SHA512_224Identifier +}; +#define DER_AID_SZ_mgf1SHA512_224Identifier sizeof(der_aid_mgf1SHA512_224Identifier) + +#define DER_AID_V_mgf1SHA512_256Identifier \ + DER_P_SEQUENCE|DER_F_CONSTRUCTED, \ + DER_OID_SZ_id_mgf1 + DER_AID_SZ_sha512_256Identifier, \ + DER_OID_V_id_mgf1, \ + DER_AID_V_sha512_256Identifier +static const unsigned char der_aid_mgf1SHA512_256Identifier[] = { + DER_AID_V_mgf1SHA512_256Identifier +}; +#define DER_AID_SZ_mgf1SHA512_256Identifier sizeof(der_aid_mgf1SHA512_256Identifier) + + +#define MGF1_SHA_CASE(bits, var) \ + case NID_sha##bits: \ + var = der_aid_mgf1SHA##bits##Identifier; \ + var##_sz = sizeof(der_aid_mgf1SHA##bits##Identifier); \ + break; + +/*- + * The name is borrowed from https://tools.ietf.org/html/rfc8017#appendix-A.2.1 + * + * MaskGenAlgorithm ::= AlgorithmIdentifier { {PKCS1MGFAlgorithms} } + */ +static int DER_w_MaskGenAlgorithm(WPACKET *pkt, int tag, + const RSA_PSS_PARAMS_30 *pss) +{ + if (pss != NULL && rsa_pss_params_30_maskgenalg(pss) == NID_mgf1) { + int maskgenhashalg_nid = rsa_pss_params_30_maskgenhashalg(pss); + const unsigned char *maskgenalg = NULL; + size_t maskgenalg_sz = 0; + + switch (maskgenhashalg_nid) { + case NID_sha1: + break; + MGF1_SHA_CASE(224, maskgenalg); + MGF1_SHA_CASE(256, maskgenalg); + MGF1_SHA_CASE(384, maskgenalg); + MGF1_SHA_CASE(512, maskgenalg); + MGF1_SHA_CASE(512_224, maskgenalg); + MGF1_SHA_CASE(512_256, maskgenalg); + default: + return 0; + } + + /* If there is none (or it was the default), we write nothing */ + if (maskgenalg == NULL) + return 1; + + return DER_w_precompiled(pkt, tag, maskgenalg, maskgenalg_sz); + } + return 0; +} + +#define OAEP_PSS_MD_CASE(name, var) \ + case NID_##name: \ + var = der_oid_id_##name; \ + var##_sz = sizeof(der_oid_id_##name); \ + break; + +int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, const RSA_PSS_PARAMS_30 *pss) +{ + int hashalg_nid, default_hashalg_nid; + int saltlen, default_saltlen; + int trailerfield, default_trailerfield; + const unsigned char *hashalg = NULL; + size_t hashalg_sz = 0; + + /* + * For an unrestricted key, this function should not have been called; + * the caller must be in control, because unrestricted keys are permitted + * in some situations (when encoding the public key in a SubjectKeyInfo, + * for example) while not in others, and this function doesn't know the + * intent. Therefore, we assert that here, the PSS parameters must show + * that the key is restricted. + */ + if (!ossl_assert(pss != NULL && !rsa_pss_params_30_is_unrestricted(pss))) + return 0; + + hashalg_nid = rsa_pss_params_30_hashalg(pss); + saltlen = rsa_pss_params_30_saltlen(pss); + trailerfield = rsa_pss_params_30_trailerfield(pss); + + /* Getting default values */ + default_hashalg_nid = rsa_pss_params_30_hashalg(NULL); + default_saltlen = rsa_pss_params_30_saltlen(NULL); + default_trailerfield = rsa_pss_params_30_trailerfield(NULL); + + /* + * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1: + * + * OAEP-PSSDigestAlgorithms ALGORITHM-IDENTIFIER ::= { + * { OID id-sha1 PARAMETERS NULL }| + * { OID id-sha224 PARAMETERS NULL }| + * { OID id-sha256 PARAMETERS NULL }| + * { OID id-sha384 PARAMETERS NULL }| + * { OID id-sha512 PARAMETERS NULL }| + * { OID id-sha512-224 PARAMETERS NULL }| + * { OID id-sha512-256 PARAMETERS NULL }, + * ... -- Allows for future expansion -- + * } + */ + switch (hashalg_nid) { + OAEP_PSS_MD_CASE(sha1, hashalg); + OAEP_PSS_MD_CASE(sha224, hashalg); + OAEP_PSS_MD_CASE(sha256, hashalg); + OAEP_PSS_MD_CASE(sha384, hashalg); + OAEP_PSS_MD_CASE(sha512, hashalg); + OAEP_PSS_MD_CASE(sha512_224, hashalg); + OAEP_PSS_MD_CASE(sha512_256, hashalg); + default: + return 0; + } + + return DER_w_begin_sequence(pkt, tag) + && (trailerfield == default_trailerfield + || DER_w_ulong(pkt, 3, trailerfield)) + && (saltlen == default_saltlen || DER_w_ulong(pkt, 2, saltlen)) + && DER_w_MaskGenAlgorithm(pkt, 1, pss) + && (hashalg_nid == default_hashalg_nid + || DER_w_precompiled(pkt, 0, hashalg, hashalg_sz)) + && DER_w_end_sequence(pkt, tag); +} + +/* Aliases so we can have a uniform RSA_CASE */ +#define der_oid_rsassaPss der_oid_id_RSASSA_PSS + +#define RSA_CASE(name, var) \ + var##_nid = NID_##name; \ + var##_oid = der_oid_##name; \ + var##_oid_sz = sizeof(der_oid_##name); \ + break; + int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) { + int rsa_nid = NID_undef; + const unsigned char *rsa_oid = NULL; + size_t rsa_oid_sz = 0; + RSA_PSS_PARAMS_30 *pss_params = rsa_get0_pss_params_30(rsa); + + switch (RSA_test_flags(rsa, RSA_FLAG_TYPE_MASK)) { + case RSA_FLAG_TYPE_RSA: + RSA_CASE(rsaEncryption, rsa); + case RSA_FLAG_TYPE_RSASSAPSS: + RSA_CASE(rsassaPss, rsa); + } + + if (rsa_oid == NULL) + return 0; + return DER_w_begin_sequence(pkt, tag) - /* No parameters (yet?) */ - && DER_w_precompiled(pkt, -1, der_oid_rsaEncryption, - sizeof(der_oid_rsaEncryption)) + && (rsa_nid != NID_rsassaPss + || rsa_pss_params_30_is_unrestricted(pss_params) + || DER_w_RSASSA_PSS_params(pkt, -1, pss_params)) + && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz) && DER_w_end_sequence(pkt, tag); } -/* Aliases so we can have a uniform MD_CASE */ +/* Aliases so we can have a uniform MD_with_RSA_CASE */ #define der_oid_sha3_224WithRSAEncryption \ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224 #define der_oid_sha3_256WithRSAEncryption \ @@ -37,10 +380,10 @@ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa) #define der_oid_sha3_512WithRSAEncryption \ der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512 -#define MD_CASE(name) \ +#define MD_with_RSA_CASE(name, var) \ case NID_##name: \ - precompiled = der_oid_##name##WithRSAEncryption; \ - precompiled_sz = sizeof(der_oid_##name##WithRSAEncryption); \ + var = der_oid_##name##WithRSAEncryption; \ + var##_sz = sizeof(der_oid_##name##WithRSAEncryption); \ break; int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, @@ -51,23 +394,23 @@ int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, switch (mdnid) { #ifndef FIPS_MODULE - MD_CASE(md2); - MD_CASE(md5); - MD_CASE(md4); - MD_CASE(ripemd160); + MD_with_RSA_CASE(md2, precompiled); + MD_with_RSA_CASE(md5, precompiled); + MD_with_RSA_CASE(md4, precompiled); + MD_with_RSA_CASE(ripemd160, precompiled); /* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */ #endif - MD_CASE(sha1); - MD_CASE(sha224); - MD_CASE(sha256); - MD_CASE(sha384); - MD_CASE(sha512); - MD_CASE(sha512_224); - MD_CASE(sha512_256); - MD_CASE(sha3_224); - MD_CASE(sha3_256); - MD_CASE(sha3_384); - MD_CASE(sha3_512); + MD_with_RSA_CASE(sha1, precompiled); + MD_with_RSA_CASE(sha224, precompiled); + MD_with_RSA_CASE(sha256, precompiled); + MD_with_RSA_CASE(sha384, precompiled); + MD_with_RSA_CASE(sha512, precompiled); + MD_with_RSA_CASE(sha512_224, precompiled); + MD_with_RSA_CASE(sha512_256, precompiled); + MD_with_RSA_CASE(sha3_224, precompiled); + MD_with_RSA_CASE(sha3_256, precompiled); + MD_with_RSA_CASE(sha3_384, precompiled); + MD_with_RSA_CASE(sha3_512, precompiled); default: return 0; } diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_rsa.h.in index 3f7cc0e029..53f6227825 100644 --- a/providers/common/der/der_rsa.h.in +++ b/providers/common/der/der_rsa.h.in @@ -7,15 +7,20 @@ * https://www.openssl.org/source/license.html */ +#include "crypto/rsa.h" #include "internal/der.h" /* Well known OIDs precompiled */ {- - $OUT = oids_to_c::process_leaves('providers/common/der/RSA.asn1', + $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1', + 'providers/common/der/DIGESTS.asn1', + 'providers/common/der/RSA.asn1', { dir => $config{sourcedir}, filter => \&oids_to_c::filter_to_H }); -} +int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag, + const RSA_PSS_PARAMS_30 *pss); int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa); int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag, RSA *rsa, int mdnid); |