diff options
author | Jack Lloyd <[email protected]> | 2016-09-14 16:33:37 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-10-07 19:27:58 -0400 |
commit | 239bdf36a617df86dc97efb11ec96d7c6d357534 (patch) | |
tree | 1011ccccee0a4aad5e58943fa3a4af621c968b8a /src/lib/pubkey/rsa/rsa.cpp | |
parent | 25b6fb53eec30620d084411fb1dbc8913142fc6d (diff) |
Revert PK_Verifier change (don't require RNG there).
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
Diffstat (limited to 'src/lib/pubkey/rsa/rsa.cpp')
-rw-r--r-- | src/lib/pubkey/rsa/rsa.cpp | 76 |
1 files changed, 54 insertions, 22 deletions
diff --git a/src/lib/pubkey/rsa/rsa.cpp b/src/lib/pubkey/rsa/rsa.cpp index c8d1e7afc..b40f485e3 100644 --- a/src/lib/pubkey/rsa/rsa.cpp +++ b/src/lib/pubkey/rsa/rsa.cpp @@ -406,37 +406,51 @@ class RSA_KEM_Encryption_Operation : public PK_Ops::KEM_Encryption_with_KDF, } std::unique_ptr<PK_Ops::Encryption> -RSA_PublicKey::create_encryption_op(RandomNumberGenerator& rng, +RSA_PublicKey::create_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr<PK_Ops::Encryption> res = make_openssl_rsa_enc_op(*this, params); - if(res) - return res; + try + { + return make_openssl_rsa_enc_op(*this, params); + } + catch(Exception& e) + { + /* + * If OpenSSL for some reason could not handle this (eg due to OAEP params), + * throw if openssl was specifically requested but otherwise just fall back + * to the normal version. + */ + if(provider == "openssl") + throw Exception("OpenSSL RSA provider rejected key:", e.what()); + } } #endif - return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Encryption>(new RSA_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::KEM_Encryption> -RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& rng, +RSA_PublicKey::create_kem_encryption_op(RandomNumberGenerator& /*rng*/, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::KEM_Encryption>(new RSA_KEM_Encryption_Operation(*this, params)); + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Verification> -RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, - const std::string& params, +RSA_PublicKey::create_verification_op(const std::string& params, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { std::unique_ptr<PK_Ops::Verification> res = make_openssl_rsa_ver_op(*this, params); if(res) @@ -444,7 +458,10 @@ RSA_PublicKey::create_verification_op(RandomNumberGenerator& rng, } #endif - return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Verification>(new RSA_Verify_Operation(*this, params)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Decryption> @@ -453,23 +470,35 @@ RSA_PrivateKey::create_decryption_op(RandomNumberGenerator& rng, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { - std::unique_ptr<PK_Ops::Decryption> res = make_openssl_rsa_dec_op(*this, params); - if(res) - return res; + try + { + return make_openssl_rsa_dec_op(*this, params); + } + catch(Exception& e) + { + if(provider == "openssl") + throw Exception("OpenSSL RSA provider rejected key:", e.what()); + } } #endif - return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Decryption>(new RSA_Decryption_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::KEM_Decryption> RSA_PrivateKey::create_kem_decryption_op(RandomNumberGenerator& rng, const std::string& params, - const std::string& /*provider*/) const + const std::string& provider) const { - return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::KEM_Decryption>(new RSA_KEM_Decryption_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } std::unique_ptr<PK_Ops::Signature> @@ -478,7 +507,7 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, const std::string& provider) const { #if defined(BOTAN_HAS_OPENSSL) - if(provider == "openssl") + if(provider == "openssl" || provider.empty()) { std::unique_ptr<PK_Ops::Signature> res = make_openssl_rsa_sig_op(*this, params); if(res) @@ -486,7 +515,10 @@ RSA_PrivateKey::create_signature_op(RandomNumberGenerator& rng, } #endif - return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng)); + if(provider == "base" || provider.empty()) + return std::unique_ptr<PK_Ops::Signature>(new RSA_Signature_Operation(*this, params, rng)); + + throw Provider_Not_Found(algo_name(), provider); } } |