Parse RSAPrivateKey with CBS. This removes the version field from RSA and instead handles versioning as part of parsing. (As a bonus, we now correctly limit multi-prime RSA to version 1 keys.) Most consumers are also converted. old_rsa_priv_{de,en}code are left alone for now. Those hooks are passed in parameters which match the old d2i/i2d pattern (they're only used in d2i_PrivateKey and i2d_PrivateKey). Include a test which, among other things, checks that public keys being serialized as private keys are handled properly. BUG=499653 Change-Id: Icdd5f0382c4a84f9c8867024f29756e1a306ba08 Reviewed-on: https://boringssl-review.googlesource.com/5273 Reviewed-by: Adam Langley <agl@google.com>

commit: 74f711083dc88c7344f33f1bca7019da4e376758 [log] [tgz]
author: David Benjamin <davidben@chromium.org> Sat Jun 27 14:56:25 2015 -0400
committer: Adam Langley <agl@google.com> Tue Jul 07 22:50:53 2015 +0000
tree: 6c690df3028dcfccbd65b448393d9a8732c2c98a
parent: c0e245a546b15c6b4219d2f3d5455e417cddc782 [diff] [blame]
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index a79f91f..a428446 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h

@@ -353,19 +353,27 @@
 OPENSSL_EXPORT int RSA_public_key_to_bytes(uint8_t **out_bytes, size_t *out_len,
                                            const RSA *rsa);
 
-/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len|
- * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
- * is in |*out|. If |*out| is already non-NULL on entry then the result is
- * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
- * successful exit, |*inp| is advanced past the DER structure. It returns the
- * result or NULL on error. */
-OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
+/* RSA_parse_private_key parses a DER-encoded RSAPrivateKey structure (RFC 3447)
+ * from |cbs| and advances |cbs|. It returns a newly-allocated |RSA| or NULL on
+ * error. */
+OPENSSL_EXPORT RSA *RSA_parse_private_key(CBS *cbs);
 
-/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not
- * NULL then the result is written to |*outp| and |*outp| is advanced just past
- * the output. It returns the number of bytes in the result, whether written or
- * not, or a negative value on error. */
-OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp);
+/* RSA_private_key_from_bytes parses |in| as a DER-encoded RSAPrivateKey
+ * structure (RFC 3447). It returns a newly-allocated |RSA| or NULL on error. */
+OPENSSL_EXPORT RSA *RSA_private_key_from_bytes(const uint8_t *in,
+                                               size_t in_len);
+
+/* RSA_marshal_private_key marshals |rsa| as a DER-encoded RSAPrivateKey
+ * structure (RFC 3447) and appends the result to |cbb|. It returns one on
+ * success and zero on failure. */
+OPENSSL_EXPORT int RSA_marshal_private_key(CBB *cbb, const RSA *rsa);
+
+/* RSA_private_key_to_bytes marshals |rsa| as a DER-encoded RSAPrivateKey
+ * structure (RFC 3447) and, on success, sets |*out_bytes| to a newly allocated
+ * buffer containing the result and returns one. Otherwise, it returns zero. The
+ * result should be freed with |OPENSSL_free|. */
+OPENSSL_EXPORT int RSA_private_key_to_bytes(uint8_t **out_bytes,
+                                            size_t *out_len, const RSA *rsa);
 
 
 /* Deprecated functions. */
@@ -384,6 +392,20 @@
  * not, or a negative value on error. */
 OPENSSL_EXPORT int i2d_RSAPublicKey(const RSA *in, uint8_t **outp);
 
+/* d2i_RSAPrivateKey parses an ASN.1, DER-encoded, RSA private key from |len|
+ * bytes at |*inp|. If |out| is not NULL then, on exit, a pointer to the result
+ * is in |*out|. If |*out| is already non-NULL on entry then the result is
+ * written directly into |*out|, otherwise a fresh |RSA| is allocated. On
+ * successful exit, |*inp| is advanced past the DER structure. It returns the
+ * result or NULL on error. */
+OPENSSL_EXPORT RSA *d2i_RSAPrivateKey(RSA **out, const uint8_t **inp, long len);
+
+/* i2d_RSAPrivateKey marshals |in| to an ASN.1, DER structure. If |outp| is not
+ * NULL then the result is written to |*outp| and |*outp| is advanced just past
+ * the output. It returns the number of bytes in the result, whether written or
+ * not, or a negative value on error. */
+OPENSSL_EXPORT int i2d_RSAPrivateKey(const RSA *in, uint8_t **outp);
+
 
 /* ex_data functions.
  *
@@ -509,8 +531,6 @@
 typedef struct bn_blinding_st BN_BLINDING;
 
 struct rsa_st {
-  /* version is only used during ASN.1 (de)serialisation. */
-  long version;
   RSA_METHOD *meth;
 
   BIGNUM *n;
@@ -588,6 +608,12 @@
 #define RSA_F_RSA_public_key_to_bytes 132
 #define RSA_F_i2d_RSAPublicKey 133
 #define RSA_F_marshal_integer 134
+#define RSA_F_RSA_marshal_private_key 135
+#define RSA_F_RSA_parse_private_key 136
+#define RSA_F_RSA_private_key_from_bytes 137
+#define RSA_F_RSA_private_key_to_bytes 138
+#define RSA_F_i2d_RSAPrivateKey 139
+#define RSA_F_rsa_parse_additional_prime 140
 #define RSA_R_BAD_E_VALUE 100
 #define RSA_R_BAD_FIXED_HEADER_DECRYPT 101
 #define RSA_R_BAD_PAD_BYTE_COUNT 102
@@ -633,5 +659,6 @@
 #define RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY 142
 #define RSA_R_BAD_ENCODING 143
 #define RSA_R_ENCODE_ERROR 144
+#define RSA_R_BAD_VERSION 145
 
 #endif  /* OPENSSL_HEADER_RSA_H */
commit	74f711083dc88c7344f33f1bca7019da4e376758	[log] [tgz]
author	David Benjamin <davidben@chromium.org>	Sat Jun 27 14:56:25 2015 -0400
committer	Adam Langley <agl@google.com>	Tue Jul 07 22:50:53 2015 +0000
tree	6c690df3028dcfccbd65b448393d9a8732c2c98a
parent	c0e245a546b15c6b4219d2f3d5455e417cddc782 [diff] [blame]