Fix RSA upcalls from TLS/SSL into JCA.
When BoringSSL/OpenSSL TLS/SSL stack operates on opaque private keys
(those that don't expose their key material) it upcalls (via
Conscrypt's NativeCrypto) into corresponding JCA Signature and Cipher
This CL fixes two issues with RSA-related upcalls, which prevented
the use of opaque RSA private keys for TLS/SSL with Conscrypt backed
* RSA sign was upcalled into RSA Cipher decrypt using private key.
In JCA, the correct upcall is RSA Signature sign. This is now
invoked instead of RSA Cipher decrypt.
* RSA decrypt was not implemented. It's now implemented.
As part of implementing RSA decrypt upcall from BoringSSL, it
transpired that BoringSSL requests no padding as opposed to OpenSSL
which requests PKCS#1 padding. As a result, this CL modifies the
decrypt upcall to take a padding parameter. The implementation of
the upcall (see CryptoUpcalls.java) now supports PKCS#1 padding
scheme, OAEP padding scheme, and no padding.
This CL also drops the encrypt/decrypt flag from the RSA
encrypt/decrypt upcall and simplies it into an RSA decrypt upcall. RSA
encrypt upcall is not needed at all.
3 files changed