Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
This reverts commit ab50d8d30c22f38e3e2d2373219cfbeb1940082e, reversing
changes made to e31b1d992ad0a3874646c73a44f3eb750d13e900.
diff --git a/library/oid.c b/library/oid.c
index 1078608..f943c6d 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -328,10 +328,6 @@
POLARSSL_MD_SHA512, POLARSSL_PK_ECDSA,
},
{
- { ADD_LEN( OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" },
- POLARSSL_MD_NONE, POLARSSL_PK_RSASSA_PSS,
- },
- {
{ NULL, 0, NULL, NULL },
0, 0,
},
diff --git a/library/x509.c b/library/x509.c
index 17e8b4d..e042347 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -120,215 +120,6 @@
}
/*
- * Parse an algorithm identifier with (optional) paramaters
- */
-int x509_get_alg( unsigned char **p, const unsigned char *end,
- x509_buf *alg, x509_buf *params )
-{
- int ret;
-
- if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- return( 0 );
-}
-
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
-/*
- * HashAlgorithm ::= AlgorithmIdentifier
- *
- * AlgorithmIdentifier ::= SEQUENCE {
- * algorithm OBJECT IDENTIFIER,
- * parameters ANY DEFINED BY algorithm OPTIONAL }
- *
- * For HashAlgorithm, parameters MUST be NULL or absent.
- */
-static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
-{
- int ret;
- unsigned char *p;
- const unsigned char *end;
- x509_buf md_oid;
- size_t len;
-
- /* Make sure we got a SEQUENCE and setup bounds */
- if( alg->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
-
- p = (unsigned char *) alg->p;
- end = p + alg->len;
-
- if( p >= end )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_OUT_OF_DATA );
-
- /* Parse md_oid */
- md_oid.tag = *p;
-
- if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- md_oid.p = p;
- p += md_oid.len;
-
- /* Get md_alg from md_oid */
- if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- /* Make sure params is absent of NULL */
- if( p == end )
- return( 0 );
-
- if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 || len != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p != end )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-
-/*
- * RSASSA-PSS-params ::= SEQUENCE {
- * hashAlgorithm [0] HashAlgorithm DEFAULT sha1Identifier,
- * maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1Identifier,
- * saltLength [2] INTEGER DEFAULT 20,
- * trailerField [3] INTEGER DEFAULT 1 }
- * -- Note that the tags in this Sequence are explicit.
- */
-int x509_get_rsassa_pss_params( const x509_buf *params,
- md_type_t *md_alg, md_type_t *mgf_md,
- int *salt_len, int *trailer_field )
-{
- int ret;
- unsigned char *p;
- const unsigned char *end, *end2;
- size_t len;
- x509_buf alg_id, alg_params;
-
- /* First set everything to defaults */
- *md_alg = POLARSSL_MD_SHA1;
- *mgf_md = POLARSSL_MD_SHA1;
- *salt_len = 20;
- *trailer_field = 1;
-
- /* Make sure params is a SEQUENCE and setup bounds */
- if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
-
- p = (unsigned char *) params->p;
- end = p + params->len;
-
- if( p == end )
- return( 0 );
-
- /*
- * HashAlgorithm
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
- {
- end2 = p + len;
-
- /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
- if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
- return( ret );
-
- if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p != end2 )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
- else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p == end )
- return( 0 );
-
- /*
- * MaskGenAlgorithm
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
- {
- end2 = p + len;
-
- /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
- if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
- return( ret );
-
- /* Only MFG1 is recognised for now */
- if( ! OID_CMP( OID_MGF1, &alg_id ) )
- return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
- POLARSSL_ERR_OID_NOT_FOUND );
-
- /* Parse HashAlgorithm */
- if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
- return( ret );
-
- if( p != end2 )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
- else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p == end )
- return( 0 );
-
- /*
- * salt_len
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
- {
- end2 = p + len;
-
- if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p != end2 )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
- else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p == end )
- return( 0 );
-
- /*
- * trailer_field
- */
- if( ( ret = asn1_get_tag( &p, end, &len,
- ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
- {
- end2 = p + len;
-
- if( ( ret = asn1_get_int( &p, end2, trailer_field ) ) != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p != end2 )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
- }
- else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
- return( POLARSSL_ERR_X509_INVALID_ALG + ret );
-
- if( p != end )
- return( POLARSSL_ERR_X509_INVALID_ALG +
- POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
-
- return( 0 );
-}
-#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
-
-/*
* AttributeTypeAndValue ::= SEQUENCE {
* type AttributeType,
* value AttributeValue }
@@ -543,39 +334,14 @@
return( 0 );
}
-/*
- * Get signature algorithm from alg OID and optional parameters
- */
-int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
- md_type_t *md_alg, pk_type_t *pk_alg )
+int x509_get_sig_alg( const x509_buf *sig_oid, md_type_t *md_alg,
+ pk_type_t *pk_alg )
{
- int ret;
+ int ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg );
- if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
+ if( ret != 0 )
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
- {
- int salt_len, trailer_field;
- md_type_t mgf_md;
-
- /* Make sure params are valid */
- ret = x509_get_rsassa_pss_params( sig_params,
- md_alg, &mgf_md, &salt_len, &trailer_field );
- if( ret != 0 )
- return( ret );
-
- }
- else
-#endif
- {
- /* Make sure parameters are absent or NULL */
- if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) ||
- sig_params->len != 0 )
- return( POLARSSL_ERR_X509_INVALID_ALG );
- }
-
return( 0 );
}
@@ -812,52 +578,6 @@
}
/*
- * Helper for writing signature alrogithms
- */
-int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
- pk_type_t pk_alg, const x509_buf *sig_params )
-{
- int ret;
- char *p = buf;
- size_t n = size;
- const char *desc = NULL;
-
- ret = oid_get_sig_alg_desc( sig_oid, &desc );
- if( ret != 0 )
- ret = snprintf( p, n, "???" );
- else
- ret = snprintf( p, n, "%s", desc );
- SAFE_SNPRINTF();
-
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- if( pk_alg == POLARSSL_PK_RSASSA_PSS )
- {
- md_type_t md_alg, mgf_md;
- const md_info_t *md_info, *mgf_md_info;
- int salt_len, trailer_field;
-
- if( ( ret = x509_get_rsassa_pss_params( sig_params,
- &md_alg, &mgf_md, &salt_len, &trailer_field ) ) != 0 )
- return( ret );
-
- md_info = md_info_from_type( md_alg );
- mgf_md_info = md_info_from_type( mgf_md );
-
- ret = snprintf( p, n, " (%s, MGF1-%s, 0x%02X, %d)",
- md_info ? md_info->name : "???",
- mgf_md_info ? mgf_md_info->name : "???",
- salt_len, trailer_field );
- SAFE_SNPRINTF();
- }
-#else
- ((void) pk_alg);
- ((void) sig_params);
-#endif /* POLARSSL_RSASSA_PSS_CERTIFICATES */
-
- return( (int) size - n );
-}
-
-/*
* Helper for writing "RSA key size", "EC key size", etc
*/
int x509_key_size_helper( char *buf, size_t size, const char *name )
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 92ede6d..e3ebbff 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -250,15 +250,11 @@
size_t len;
unsigned char *p, *end;
x509_crl *crl;
- x509_buf sig_params;
-
#if defined(POLARSSL_PEM_PARSE_C)
size_t use_len;
pem_context pem;
#endif
- memset( &sig_params, 0, sizeof( x509_buf ) );
-
crl = chain;
/*
@@ -377,7 +373,7 @@
* signature AlgorithmIdentifier
*/
if( ( ret = x509_crl_get_version( &p, end, &crl->version ) ) != 0 ||
- ( ret = x509_get_alg( &p, end, &crl->sig_oid1, &sig_params ) ) != 0 )
+ ( ret = x509_get_alg_null( &p, end, &crl->sig_oid1 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
@@ -391,17 +387,13 @@
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
- if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &sig_params,
- &crl->sig_md, &crl->sig_pk ) ) != 0 )
+ if( ( ret = x509_get_sig_alg( &crl->sig_oid1, &crl->sig_md,
+ &crl->sig_pk ) ) != 0 )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
}
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- memcpy( &crl->sig_params, &sig_params, sizeof( x509_buf ) );
-#endif
-
/*
* issuer Name
*/
@@ -486,20 +478,14 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
- if( ( ret = x509_get_alg( &p, end, &crl->sig_oid2, &sig_params ) ) != 0 )
+ if( ( ret = x509_get_alg_null( &p, end, &crl->sig_oid2 ) ) != 0 )
{
x509_crl_free( crl );
return( ret );
}
if( crl->sig_oid1.len != crl->sig_oid2.len ||
- memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- ||
- crl->sig_params.len != sig_params.len ||
- memcmp( crl->sig_params.p, sig_params.p, sig_params.len ) != 0
-#endif
- )
+ memcmp( crl->sig_oid1.p, crl->sig_oid2.p, crl->sig_oid1.len ) != 0 )
{
x509_crl_free( crl );
return( POLARSSL_ERR_X509_SIG_MISMATCH );
@@ -625,12 +611,8 @@
int ret;
size_t n;
char *p;
+ const char *desc;
const x509_crl_entry *entry;
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- const x509_buf *sig_params = &crl->sig_params;
-#else
- const x509_buf *sig_params = NULL;
-#endif
p = buf;
n = size;
@@ -686,7 +668,11 @@
ret = snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
- ret = x509_sig_alg_gets( p, n, &crl->sig_oid1, crl->sig_pk, sig_params );
+ ret = oid_get_sig_alg_desc( &crl->sig_oid1, &desc );
+ if( ret != 0 )
+ ret = snprintf( p, n, "???" );
+ else
+ ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
ret = snprintf( p, n, "\n" );
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 4c79a7a..d18e117 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -529,9 +529,6 @@
int ret;
size_t len;
unsigned char *p, *end, *crt_end;
- x509_buf sig_params;
-
- memset( &sig_params, 0, sizeof( x509_buf ) );
/*
* Check for valid input
@@ -595,8 +592,7 @@
*/
if( ( ret = x509_get_version( &p, end, &crt->version ) ) != 0 ||
( ret = x509_get_serial( &p, end, &crt->serial ) ) != 0 ||
- ( ret = x509_get_alg( &p, end, &crt->sig_oid1,
- &sig_params ) ) != 0 )
+ ( ret = x509_get_alg_null( &p, end, &crt->sig_oid1 ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
@@ -610,17 +606,13 @@
return( POLARSSL_ERR_X509_UNKNOWN_VERSION );
}
- if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &sig_params,
- &crt->sig_md, &crt->sig_pk ) ) != 0 )
+ if( ( ret = x509_get_sig_alg( &crt->sig_oid1, &crt->sig_md,
+ &crt->sig_pk ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
}
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- memcpy( &crt->sig_params, &sig_params, sizeof( x509_buf ) );
-#endif
-
/*
* issuer Name
*/
@@ -741,20 +733,14 @@
* signatureAlgorithm AlgorithmIdentifier,
* signatureValue BIT STRING
*/
- if( ( ret = x509_get_alg( &p, end, &crt->sig_oid2, &sig_params ) ) != 0 )
+ if( ( ret = x509_get_alg_null( &p, end, &crt->sig_oid2 ) ) != 0 )
{
x509_crt_free( crt );
return( ret );
}
if( crt->sig_oid1.len != crt->sig_oid2.len ||
- memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- ||
- crt->sig_params.len != sig_params.len ||
- memcmp( crt->sig_params.p, sig_params.p, sig_params.len ) != 0
-#endif
- )
+ memcmp( crt->sig_oid1.p, crt->sig_oid2.p, crt->sig_oid1.len ) != 0 )
{
x509_crt_free( crt );
return( POLARSSL_ERR_X509_SIG_MISMATCH );
@@ -1124,12 +1110,8 @@
int ret;
size_t n;
char *p;
+ const char *desc = NULL;
char key_size_str[BEFORE_COLON];
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- const x509_buf *sig_params = &crt->sig_params;
-#else
- const x509_buf *sig_params = NULL;
-#endif
p = buf;
n = size;
@@ -1171,7 +1153,11 @@
ret = snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
- ret = x509_sig_alg_gets( p, n, &crt->sig_oid1, crt->sig_pk, sig_params );
+ ret = oid_get_sig_alg_desc( &crt->sig_oid1, &desc );
+ if( ret != 0 )
+ ret = snprintf( p, n, "???" );
+ else
+ ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,
diff --git a/library/x509_csr.c b/library/x509_csr.c
index bdadec3..4fb9ac2 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -89,7 +89,6 @@
int ret;
size_t len;
unsigned char *p, *end;
- x509_buf sig_params;
#if defined(POLARSSL_PEM_PARSE_C)
size_t use_len;
pem_context pem;
@@ -244,23 +243,19 @@
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING
*/
- if( ( ret = x509_get_alg( &p, end, &csr->sig_oid, &sig_params ) ) != 0 )
+ if( ( ret = x509_get_alg_null( &p, end, &csr->sig_oid ) ) != 0 )
{
x509_csr_free( csr );
return( ret );
}
- if( ( ret = x509_get_sig_alg( &csr->sig_oid, &sig_params,
- &csr->sig_md, &csr->sig_pk ) ) != 0 )
+ if( ( ret = x509_get_sig_alg( &csr->sig_oid, &csr->sig_md,
+ &csr->sig_pk ) ) != 0 )
{
x509_csr_free( csr );
return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG );
}
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- memcpy( &csr->sig_params, &sig_params, sizeof( x509_buf ) );
-#endif
-
if( ( ret = x509_get_sig( &p, end, &csr->sig ) ) != 0 )
{
x509_csr_free( csr );
@@ -362,12 +357,8 @@
int ret;
size_t n;
char *p;
+ const char *desc;
char key_size_str[BEFORE_COLON];
-#if defined(POLARSSL_RSASSA_PSS_CERTIFICATES)
- const x509_buf *sig_params = &csr->sig_params;
-#else
- const x509_buf *sig_params = NULL;
-#endif
p = buf;
n = size;
@@ -384,7 +375,11 @@
ret = snprintf( p, n, "\n%ssigned using : ", prefix );
SAFE_SNPRINTF();
- ret = x509_sig_alg_gets( p, n, &csr->sig_oid, csr->sig_pk, sig_params );
+ ret = oid_get_sig_alg_desc( &csr->sig_oid, &desc );
+ if( ret != 0 )
+ ret = snprintf( p, n, "???" );
+ else
+ ret = snprintf( p, n, "%s", desc );
SAFE_SNPRINTF();
if( ( ret = x509_key_size_helper( key_size_str, BEFORE_COLON,