Export pkcs1_prefixed_msg as RSA_add_pkcs1_prefix.
Platform crypto APIs for PKCS#1 RSA signatures vary between expecting the
caller to prepend the DigestInfo prefix (RSA_sign_raw) and prepending it
internally (RSA_sign). Currently, Chromium implements sign or sign_raw as
appropriate. To avoid needing both variants, the new asynchronous methods will
only expose the higher-level one, sign.
To satisfy ports which previously implemented sign_raw, expose the DigestInfo
prefix as a utility function.
BUG=347404
Change-Id: I04c397b5e9502b2942f6698ecf81662a3c9282e6
Reviewed-on: https://boringssl-review.googlesource.com/4940
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/err/rsa.errordata b/crypto/err/rsa.errordata
index 091d2cd..94b4bcb 100644
--- a/crypto/err/rsa.errordata
+++ b/crypto/err/rsa.errordata
@@ -3,6 +3,7 @@
RSA,function,102,BN_BLINDING_invert_ex
RSA,function,103,BN_BLINDING_new
RSA,function,104,BN_BLINDING_update
+RSA,function,123,RSA_add_pkcs1_prefix
RSA,function,105,RSA_check_key
RSA,function,106,RSA_new_method
RSA,function,107,RSA_padding_add_PKCS1_OAEP_mgf1
@@ -22,7 +23,6 @@
RSA,function,121,encrypt
RSA,function,122,keygen
RSA,function,128,keygen_multiprime
-RSA,function,123,pkcs1_prefixed_msg
RSA,function,124,private_transform
RSA,function,125,rsa_setup_blinding
RSA,function,126,sign_raw
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index 51cc790..6fdc349 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -368,20 +368,16 @@
},
};
-/* TODO(fork): mostly new code, needs careful review. */
-
-/* pkcs1_prefixed_msg builds a PKCS#1, prefixed version of |msg| for the given
- * hash function and sets |out_msg| to point to it. On successful return,
- * |*out_msg| may be allocated memory and, if so, |*is_alloced| will be 1. */
-static int pkcs1_prefixed_msg(uint8_t **out_msg, size_t *out_msg_len,
- int *is_alloced, int hash_nid, const uint8_t *msg,
- size_t msg_len) {
+int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
+ int *is_alloced, int hash_nid, const uint8_t *msg,
+ size_t msg_len) {
unsigned i;
if (hash_nid == NID_md5_sha1) {
/* Special case: SSL signature, just check the length. */
if (msg_len != SSL_SIG_LENGTH) {
- OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_INVALID_MESSAGE_LENGTH);
+ OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix,
+ RSA_R_INVALID_MESSAGE_LENGTH);
return 0;
}
@@ -404,13 +400,13 @@
signed_msg_len = prefix_len + msg_len;
if (signed_msg_len < prefix_len) {
- OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_TOO_LONG);
+ OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix, RSA_R_TOO_LONG);
return 0;
}
signed_msg = OPENSSL_malloc(signed_msg_len);
if (!signed_msg) {
- OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, ERR_R_MALLOC_FAILURE);
+ OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix, ERR_R_MALLOC_FAILURE);
return 0;
}
@@ -424,7 +420,7 @@
return 1;
}
- OPENSSL_PUT_ERROR(RSA, pkcs1_prefixed_msg, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ OPENSSL_PUT_ERROR(RSA, RSA_add_pkcs1_prefix, RSA_R_UNKNOWN_ALGORITHM_TYPE);
return 0;
}
@@ -441,8 +437,8 @@
return rsa->meth->sign(hash_nid, in, in_len, out, out_len, rsa);
}
- if (!pkcs1_prefixed_msg(&signed_msg, &signed_msg_len, &signed_msg_is_alloced,
- hash_nid, in, in_len)) {
+ if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
+ &signed_msg_is_alloced, hash_nid, in, in_len)) {
return 0;
}
@@ -499,8 +495,8 @@
goto out;
}
- if (!pkcs1_prefixed_msg(&signed_msg, &signed_msg_len, &signed_msg_is_alloced,
- hash_nid, msg, msg_len)) {
+ if (!RSA_add_pkcs1_prefix(&signed_msg, &signed_msg_len,
+ &signed_msg_is_alloced, hash_nid, msg, msg_len)) {
goto out;
}
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index e27f04e..61e1069 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -321,6 +321,14 @@
const EVP_MD *mgf1Hash,
int sLen);
+/* RSA_add_pkcs1_prefix builds a version of |msg| prefixed with the DigestInfo
+ * header for the given hash function and sets |out_msg| to point to it. On
+ * successful return, |*out_msg| may be allocated memory and, if so,
+ * |*is_alloced| will be 1. */
+OPENSSL_EXPORT int RSA_add_pkcs1_prefix(uint8_t **out_msg, size_t *out_msg_len,
+ int *is_alloced, int hash_nid,
+ const uint8_t *msg, size_t msg_len);
+
/* ASN.1 functions. */
@@ -537,7 +545,7 @@
#define RSA_F_decrypt 120
#define RSA_F_encrypt 121
#define RSA_F_keygen 122
-#define RSA_F_pkcs1_prefixed_msg 123
+#define RSA_F_RSA_add_pkcs1_prefix 123
#define RSA_F_private_transform 124
#define RSA_F_rsa_setup_blinding 125
#define RSA_F_sign_raw 126