Export pkcs1_prefixed_msg as RSA_add_pkcs1_prefix.

Platform crypto APIs for PKCS#1 RSA signatures vary between expecting the caller to prepend the DigestInfo prefix (RSA_sign_raw) and prepending it internally (RSA_sign). Currently, Chromium implements sign or sign_raw as appropriate. To avoid needing both variants, the new asynchronous methods will only expose the higher-level one, sign. To satisfy ports which previously implemented sign_raw, expose the DigestInfo prefix as a utility function. BUG=347404 Change-Id: I04c397b5e9502b2942f6698ecf81662a3c9282e6 Reviewed-on: https://boringssl-review.googlesource.com/4940 Reviewed-by: Adam Langley <agl@google.com>
2015-05-28 16:53:31 -04:00 · 2015-05-28 16:53:31 -04:00 · b0acb7743f
commit b0acb7743f
parent d87021d246
3 changed files with 22 additions and 18 deletions
--- a/crypto/err/rsa.errordata
+++ b/crypto/err/rsa.errordata
@ -3,6 +3,7 @@ RSA,function,101,BN_BLINDING_create_param
 RSA,function,102,BN_BLINDING_invert_ex
 RSA,function,103,BN_BLINDING_new
 RSA,function,104,BN_BLINDING_update
+RSA,function,123,RSA_add_pkcs1_prefix
 RSA,function,105,RSA_check_key
 RSA,function,106,RSA_new_method
 RSA,function,107,RSA_padding_add_PKCS1_OAEP_mgf1
@ -22,7 +23,6 @@ RSA,function,120,decrypt
 RSA,function,121,encrypt
 RSA,function,122,keygen
 RSA,function,128,keygen_multiprime
-RSA,function,123,pkcs1_prefixed_msg
 RSA,function,124,private_transform
 RSA,function,125,rsa_setup_blinding
 RSA,function,126,sign_raw
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@ -368,20 +368,16 @@ static const struct pkcs1_sig_prefix kPKCS1SigPrefixes[] = {
    },
 };

-/* TODO(fork): mostly new code, needs careful review. */
-
-/* pkcs1_prefixed_msg builds a PKCS#1, prefixed version of |msg| for the given
- * hash function and sets |out_msg| to point to it. On successful return,
- * |*out_msg| may be allocated memory and, if so, |*is_alloced| will be 1. */
-static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len,
-                              int *is_alloced, int hash_nid, const uint8_t *msg,
-                              size_t msg_len) {
+int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
+                         int *is_alloced, int hash_nid, const uint8_t *msg,
+                         size_t msg_len) {
  unsigned i;

  if (hash_nid == NID_md5_sha1) {
    /* Special case: SSL signature, just check the length. */
    if (msg_len != SSL_SIG_LENGTH) {
-      OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_INVALID_MESSAGE_LENGTH);
+      OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix,
+                        RSA_R_INVALID_MESSAGE_LENGTH);
      return 0;
    }

@ -404,13 +400,13 @@ static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len,

    signed_msg_len = prefix_len + msg_len;
    if (signed_msg_len < prefix_len) {
-      OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_TOO_LONG);
+      OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix, RSA_R_TOO_LONG);
      return 0;
    }

    signed_msg = OPENSSL_malloc(signed_msg_len);
    if (!signed_msg) {
-      OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, ERR_R_MALLOC_FAILURE);
+      OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix, ERR_R_MALLOC_FAILURE);
      return 0;
    }

@ -424,7 +420,7 @@ static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len,
    return 1;
  }

-  OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+  OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix, RSA_R_UNKNOWN_ALGORITHM_TYPE);
  return 0;
 }

@ -441,8 +437,8 @@ int RSA_sign(int hash_nid, const uint8_t *in, unsigned in_len, uint8_t *out,
    return rsa->meth->sign(hash_nid, in, in_len, out, out_len, rsa);
  }

-  if (!pkcs1_prefixed_msg(&signed_msg, &signed_msg_len, &signed_msg_is_alloced,
-                          hash_nid, in, in_len)) {
+  if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
+                            &signed_msg_is_alloced, hash_nid, in, in_len)) {
    return 0;
  }

@ -499,8 +495,8 @@ int RSA_verify(int hash_nid, const uint8_t *msg, size_t msg_len,
    goto out;
  }

-  if (!pkcs1_prefixed_msg(&signed_msg, &signed_msg_len, &signed_msg_is_alloced,
-                          hash_nid, msg, msg_len)) {
+  if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
+                            &signed_msg_is_alloced, hash_nid, msg, msg_len)) {
    goto out;
  }

--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@ -321,6 +321,14 @@ OPENSSL_EXPORT int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, uint8_t *EM,
                                                  const EVP_MD *mgf1Hash,
                                                  int sLen);

+/* RSA_add_pkcs1_prefix builds a version of |msg| prefixed with the DigestInfo
+ * header for the given hash function and sets |out_msg| to point to it. On
+ * successful return, |*out_msg| may be allocated memory and, if so,
+ * |*is_alloced| will be 1. */
+OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
+                                        int *is_alloced, int hash_nid,
+                                        const uint8_t *msg, size_t msg_len);
+

 /* ASN.1 functions. */

@ -537,7 +545,7 @@ struct rsa_st {
 #define RSA_F_decrypt 120
 #define RSA_F_encrypt 121
 #define RSA_F_keygen 122
-#define RSA_F_pkcs1_prefixed_msg 123
+#define RSA_F_RSA_add_pkcs1_prefix 123
 #define RSA_F_private_transform 124
 #define RSA_F_rsa_setup_blinding 125
 #define RSA_F_sign_raw 126