Skip to content

Commit de25233

Browse files
authored
Add configurable RSA OAEP parameters and migrate OSSL RSA to EVP_PKEY (#833)
OAEP encryption was hardcoded to SHA-1 with an MGF1-SHA1 mask and no label support, and PSS parameters were smuggled through an untyped void* param / size_t paramLen pair on every AsymmetricAlgorithm method. The void* scheme forced each backend to validate paramLen against sizeof(RSA_PKCS_PSS_PARAMS) by hand and gave no path to carry the extra hash, MGF, and label fields OAEP needs. Replace the void* param / paramLen pair with a typed MechanismParam* across the full AsymmetricAlgorithm hierarchy (RSA, DSA, ECDSA, EDDSA, GOST, DH, ECDH, ML-DSA) for both OpenSSL and Botan. Introduce RSAPssMechanismParam (replacing the POD RSA_PKCS_PSS_PARAMS) and a new RSAOaepMechanismParam carrying hashAlg, mgfAlg, and an optional label. BuildRSAOAEPParam centralises CK_RSA_PKCS_OAEP_PARAMS validation and mapping; encrypt/decrypt, wrapKey/unwrapKey, and the OAEP key-size check now thread the parsed parameter through to the backend. The OpenSSL RSA backend is rewritten onto the EVP_PKEY / EVP_PKEY_CTX API (sign, verify, encrypt, decrypt, keygen, and key import/export), dropping the deprecated low-level RSA_* calls and supporting both OpenSSL 1.1 and 3.x via OSSL_PARAM_BLD. Backends type-check the parameter with isOfType() and dynamic_cast before use, rejecting a missing or mismatched MechanismParam. OAEP label length is capped at MAX_RSA_OAEP_LABEL_LENGTH, OAEP input size is validated against modulus - 2*hashLen - 2, and recycle paths free the key and algorithm on every early return. RSATests and AsymEncryptDecryptTests are extended to cover all hash/MGF combinations, labelled encryption, and wrong-label decryption failures.
1 parent 679f33d commit de25233

47 files changed

Lines changed: 2161 additions & 1091 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
# VsCode
2+
.vscode
13
# Automake, autoconf, libtool
24
Makefile
35
Makefile.in

0 commit comments

Comments
 (0)