diff --git a/providers/implementations/signature/ecdsa_sig.c.in b/providers/implementations/signature/ecdsa_sig.c.in index a1d78d439f..4c18f495d6 100644 --- a/providers/implementations/signature/ecdsa_sig.c.in +++ b/providers/implementations/signature/ecdsa_sig.c.in @@ -6,6 +6,9 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} /* * ECDSA low level APIs are deprecated for public use, but still ok for @@ -672,135 +675,133 @@ static void *ecdsa_dupctx(void *vctx) return NULL; } +{- produce_param_decoder('ecdsa_get_ctx_params', + (['SIGNATURE_PARAM_ALGORITHM_ID', 'algid', 'octet_string'], + ['SIGNATURE_PARAM_DIGEST_SIZE', 'size', 'size_t'], + ['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], + ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], + ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE', 'verify', 'uint'], + ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + )); -} + static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; - OSSL_PARAM *p; + struct ecdsa_get_ctx_params_st p; - if (ctx == NULL) + if (ctx == NULL || !ecdsa_get_ctx_params_decoder(params, &p)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); - if (p != NULL && !OSSL_PARAM_set_octet_string(p, - ctx->aid_len == 0 ? NULL : ctx->aid_buf, - ctx->aid_len)) + if (p.algid != NULL + && !OSSL_PARAM_set_octet_string(p.algid, + ctx->aid_len == 0 ? NULL : ctx->aid_buf, + ctx->aid_len)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->mdsize)) + if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, ctx->mdsize)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL - ? ctx->mdname - : EVP_MD_get0_name(ctx->md))) + if (p.digest != NULL + && !OSSL_PARAM_set_utf8_string(p.digest, ctx->md == NULL + ? ctx->mdname + : EVP_MD_get0_name(ctx->md))) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); - if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->nonce_type)) + if (p.nonce != NULL && !OSSL_PARAM_set_uint(p.nonce, ctx->nonce_type)) return 0; #ifdef FIPS_MODULE - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE); - if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->verify_message)) + if (p.verify != NULL && !OSSL_PARAM_set_uint(p.verify, ctx->verify_message)) return 0; #endif - if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params)) + if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(ctx, p.ind)) return 0; return 1; } -static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), - OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), -#ifdef FIPS_MODULE - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL), -#endif - OSSL_FIPS_IND_GETTABLE_CTX_PARAM() - OSSL_PARAM_END -}; - static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx, ossl_unused void *provctx) { - return known_gettable_ctx_params; + return ecdsa_get_ctx_params_list; } +struct ecdsa_all_set_ctx_params_st { + OSSL_PARAM *digest; /* ecdsa_set_ctx_params */ + OSSL_PARAM *propq; /* ecdsa_set_ctx_params */ + OSSL_PARAM *size; /* ecdsa_set_ctx_params */ + OSSL_PARAM *ind_d; + OSSL_PARAM *ind_k; + OSSL_PARAM *kat; + OSSL_PARAM *nonce; + OSSL_PARAM *sig; /* ecdsa_sigalg_set_ctx_params */ +}; + /** * @brief Set up common params for ecdsa_set_ctx_params and * ecdsa_sigalg_set_ctx_params. The caller is responsible for checking |vctx| is * not NULL and |params| is not empty. */ -static int ecdsa_common_set_ctx_params(void *vctx, const OSSL_PARAM params[]) +static int ecdsa_common_set_ctx_params(PROV_ECDSA_CTX *ctx, + const struct ecdsa_all_set_ctx_params_st *p) { - PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; - const OSSL_PARAM *p; - - if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, + p->ind_k)) return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params, - OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, + p->ind_d)) return 0; #if !defined(OPENSSL_NO_ACVP_TESTS) - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT); - if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->kattest)) + if (p->kat != NULL && !OSSL_PARAM_get_uint(p->kat, &ctx->kattest)) return 0; #endif - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); - if (p != NULL - && !OSSL_PARAM_get_uint(p, &ctx->nonce_type)) + if (p->nonce != NULL && !OSSL_PARAM_get_uint(p->nonce, &ctx->nonce_type)) return 0; return 1; } -#define ECDSA_COMMON_SETTABLE_CTX_PARAMS \ - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), \ - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \ - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \ - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \ - OSSL_PARAM_END +#define ecdsa_set_ctx_params_st ecdsa_all_set_ctx_params_st + +{- produce_param_decoder('ecdsa_set_ctx_params', + (['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], + ['SIGNATURE_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['SIGNATURE_PARAM_DIGEST_SIZE', 'size', 'size_t'], + ['SIGNATURE_PARAM_KAT', 'kat', 'uint'], + ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + )); -} static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; - const OSSL_PARAM *p; + struct ecdsa_all_set_ctx_params_st p; size_t mdsize = 0; int ret; - if (ctx == NULL) + if (ctx == NULL || !ecdsa_set_ctx_params_decoder(params, &p)) return 0; - if (ossl_param_is_empty(params)) - return 1; - if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0) + if ((ret = ecdsa_common_set_ctx_params(ctx, &p)) <= 0) return ret; - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL) { + if (p.digest != NULL) { char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_PROPERTIES); - if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) + if (!OSSL_PARAM_get_utf8_string(p.digest, &pmdname, sizeof(mdname))) return 0; - if (propsp != NULL - && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) + if (p.propq != NULL + && !OSSL_PARAM_get_utf8_string(p.propq, &pmdprops, sizeof(mdprops))) return 0; if (!ecdsa_setup_md(ctx, mdname, mdprops, "ECDSA Set Ctx")) return 0; } - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); - if (p != NULL) { - if (!OSSL_PARAM_get_size_t(p, &mdsize) + if (p.size != NULL) { + if (!OSSL_PARAM_get_size_t(p.size, &mdsize) || (!ctx->flag_allow_md && mdsize != ctx->mdsize)) return 0; ctx->mdsize = mdsize; @@ -808,17 +809,10 @@ static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), - ECDSA_COMMON_SETTABLE_CTX_PARAMS -}; - static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx, ossl_unused void *provctx) { - return settable_ctx_params; + return ecdsa_set_ctx_params_list; } static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params) @@ -958,10 +952,15 @@ static const char **ecdsa_sigalg_query_key_types(void) return keytypes; } -static const OSSL_PARAM settable_sigalg_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), - ECDSA_COMMON_SETTABLE_CTX_PARAMS -}; +#define ecdsa_sigalg_set_ctx_params_st ecdsa_all_set_ctx_params_st + +{- produce_param_decoder('ecdsa_sigalg_set_ctx_params', + (['SIGNATURE_PARAM_SIGNATURE', 'sig', 'octet_string'], + ['SIGNATURE_PARAM_KAT', 'kat', 'uint'], + ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + )); -} static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx, ossl_unused void *provctx) @@ -969,31 +968,28 @@ static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx, PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; if (ctx != NULL && ctx->operation == EVP_PKEY_OP_VERIFYMSG) - return settable_sigalg_ctx_params; + return ecdsa_sigalg_set_ctx_params_list; return NULL; } static int ecdsa_sigalg_set_ctx_params(void *vctx, const OSSL_PARAM params[]) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; - const OSSL_PARAM *p; + struct ecdsa_all_set_ctx_params_st p; int ret; - if (ctx == NULL) + if (ctx == NULL || !ecdsa_sigalg_set_ctx_params_decoder(params, &p)) return 0; - if (ossl_param_is_empty(params)) - return 1; - if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0) + if ((ret = ecdsa_common_set_ctx_params(ctx, &p)) <= 0) return ret; if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) { - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE); - if (p != NULL) { + if (p.sig != NULL) { OPENSSL_free(ctx->sig); ctx->sig = NULL; ctx->siglen = 0; - if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig, + if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&ctx->sig, 0, &ctx->siglen)) return 0; }