New functions to get key types without dereferncing EVP_PKEY.
authorDr. Stephen Henson <steve@openssl.org>
Thu, 11 May 2006 21:33:00 +0000 (21:33 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Thu, 11 May 2006 21:33:00 +0000 (21:33 +0000)
More error checking for RSA pmeth.

crypto/evp/evp.h
crypto/evp/p_lib.c
crypto/rsa/rsa.h
crypto/rsa/rsa_err.c
crypto/rsa/rsa_pmeth.c

index ae7bee8097cb0ddc42ed569121eb9e36770f9fcc..73f211e4d30c69ba11916a60cfdc5e5c691e19e4 100644 (file)
@@ -717,6 +717,8 @@ int         EVP_PKEY_encrypt_old(unsigned char *enc_key,
                        const unsigned char *key,int key_len,
                        EVP_PKEY *pub_key);
 int            EVP_PKEY_type(int type);
+int            EVP_PKEY_id(const EVP_PKEY *pkey);
+int            EVP_PKEY_base_id(const EVP_PKEY *pkey);
 int            EVP_PKEY_bits(EVP_PKEY *pkey);
 int            EVP_PKEY_size(EVP_PKEY *pkey);
 int            EVP_PKEY_assign(EVP_PKEY *pkey,int type,void *key);
index 730520fb59bceb947172d74d64fa515f7e9ee981..752547d1e6cc00e41b50fe35052b6aab16584f63 100644 (file)
@@ -297,6 +297,16 @@ int EVP_PKEY_type(int type)
        return NID_undef;
        }
 
+int EVP_PKEY_id(const EVP_PKEY *pkey)
+       {
+       return pkey->type;
+       }
+
+int EVP_PKEY_base_id(const EVP_PKEY *pkey)
+       {
+       return EVP_PKEY_type(pkey->type);
+       }
+
 void EVP_PKEY_free(EVP_PKEY *x)
        {
        int i;
index 74fcdee2597411d153b10ef032e9bb8f457ea4e9..d24e4d7a84c807a71644dbf4ebed8b24b235cbab 100644 (file)
@@ -372,6 +372,8 @@ void ERR_load_RSA_strings(void);
 /* Function codes. */
 #define RSA_F_CHECK_PADDING_MD                          140
 #define RSA_F_MEMORY_LOCK                               100
+#define RSA_F_PKEY_RSA_CTRL                             143
+#define RSA_F_PKEY_RSA_CTRL_STR                                 144
 #define RSA_F_PKEY_RSA_SIGN                             142
 #define RSA_F_PKEY_RSA_VERIFYRECOVER                    141
 #define RSA_F_RSA_BUILTIN_KEYGEN                        129
@@ -433,12 +435,15 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                   125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1                    123
 #define RSA_R_FIRST_OCTET_INVALID                       133
+#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE       144
 #define RSA_R_INVALID_DIGEST                            105
 #define RSA_R_INVALID_DIGEST_LENGTH                     143
 #define RSA_R_INVALID_HEADER                            137
+#define RSA_R_INVALID_KEYBITS                           145
 #define RSA_R_INVALID_MESSAGE_LENGTH                    131
 #define RSA_R_INVALID_PADDING                           138
 #define RSA_R_INVALID_PADDING_MODE                      141
+#define RSA_R_INVALID_PSS_SALTLEN                       146
 #define RSA_R_INVALID_TRAILER                           139
 #define RSA_R_INVALID_X931_DIGEST                       142
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q                     126
@@ -458,6 +463,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE                    117
 #define RSA_R_UNKNOWN_PADDING_TYPE                      118
+#define RSA_R_VALUE_MISSING                             147
 #define RSA_R_WRONG_SIGNATURE_LENGTH                    119
 
 #ifdef  __cplusplus
index cfbbfa8d9dbf1f93b08f70ef67619a917834fcb6..7dcf766c38010ae3a0e26a9959af96d449fc0f09 100644 (file)
@@ -72,6 +72,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
        {
 {ERR_FUNC(RSA_F_CHECK_PADDING_MD),     "CHECK_PADDING_MD"},
 {ERR_FUNC(RSA_F_MEMORY_LOCK),  "MEMORY_LOCK"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL),        "PKEY_RSA_CTRL"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR),    "PKEY_RSA_CTRL_STR"},
 {ERR_FUNC(RSA_F_PKEY_RSA_SIGN),        "PKEY_RSA_SIGN"},
 {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER),       "PKEY_RSA_VERIFYRECOVER"},
 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),   "RSA_BUILTIN_KEYGEN"},
@@ -136,12 +138,15 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
 {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
 {ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
+{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
 {ERR_REASON(RSA_R_INVALID_DIGEST)        ,"invalid digest"},
 {ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
 {ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
+{ERR_REASON(RSA_R_INVALID_KEYBITS)       ,"invalid keybits"},
 {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
 {ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
 {ERR_REASON(RSA_R_INVALID_PADDING_MODE)  ,"invalid padding mode"},
+{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN)   ,"invalid pss saltlen"},
 {ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
 {ERR_REASON(RSA_R_INVALID_X931_DIGEST)   ,"invalid x931 digest"},
 {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
@@ -161,6 +166,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
+{ERR_REASON(RSA_R_VALUE_MISSING)         ,"value missing"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
 {0,NULL}
        };
index 01a4030f16c59508183d0f9d9be764784393cf7b..3788406bb814903d1b2532cd89f4bfab1ab06dc5 100644 (file)
@@ -362,34 +362,44 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                                return 0;
                        if (p1 == RSA_PKCS1_PSS_PADDING) 
                                {
-                               if (ctx->operation == EVP_PKEY_OP_VERIFYRECOVER)
-                                       return -2;
+                               if (!(ctx->operation &
+                                    (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
+                                       goto bad_pad;
                                if (!rctx->md)
                                        rctx->md = EVP_sha1();
                                }
                        if (p1 == RSA_PKCS1_OAEP_PADDING) 
                                {
                                if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
-                                       return -2;
+                                       goto bad_pad;
                                if (!rctx->md)
                                        rctx->md = EVP_sha1();
                                }
                        rctx->pad_mode = p1;
                        return 1;
                        }
+               bad_pad:
+               RSAerr(RSA_F_PKEY_RSA_CTRL,
+                               RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
                return -2;
 
                case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
                if (p1 < -2)
                        return -2;
                if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
+                       {
+                       RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
                        return -2;
+                       }
                rctx->saltlen = p1;
                return 1;
 
                case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
                if (p1 < 256)
+                       {
+                       RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
                        return -2;
+                       }
                rctx->nbits = p1;
                return 1;
 
@@ -418,11 +428,14 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
                        const char *type, const char *value)
        {
+       if (!value)
+               {
+               RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+               return 0;
+               }
        if (!strcmp(type, "rsa_padding_mode"))
                {
                int pm;
-               if (!value)
-                       return 0;
                if (!strcmp(value, "pkcs1"))
                        pm = RSA_PKCS1_PADDING;
                else if (!strcmp(value, "sslv23"))
@@ -436,7 +449,11 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
                else if (!strcmp(value, "pss"))
                        pm = RSA_PKCS1_PSS_PADDING;
                else
+                       {
+                       RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
+                                               RSA_R_UNKNOWN_PADDING_TYPE);
                        return -2;
+                       }
                return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
                }