root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

ecdsa: update to use generated param decoders for signature operations 

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
This commit is contained in:
Pauli 2025-07-28 10:11:34 +10:00
parent c1fd9a4f8b
commit 3c9ad1dba9
1 changed files with 82 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
providers/implementations/signature/ecdsa_sig.c.in
View File

@ -6,6 +6,9 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
{-
use OpenSSL::paramnames qw(produce_param_decoder);
-}
/*
* ECDSA low level APIs are deprecated for public use, but still ok for
@ -672,135 +675,133 @@ static void *ecdsa_dupctx(void *vctx)
return NULL;
}
{- produce_param_decoder('ecdsa_get_ctx_params',
(['SIGNATURE_PARAM_ALGORITHM_ID', 'algid', 'octet_string'],
['SIGNATURE_PARAM_DIGEST_SIZE', 'size', 'size_t'],
['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'],
['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'],
['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE', 'verify', 'uint'],
['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'],
)); -}
static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
OSSL_PARAM *p;
struct ecdsa_get_ctx_params_st p;
if (ctx == NULL)
if (ctx == NULL || !ecdsa_get_ctx_params_decoder(params, &p))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
if (p != NULL && !OSSL_PARAM_set_octet_string(p,
if (p.algid != NULL
&& !OSSL_PARAM_set_octet_string(p.algid,
ctx->aid_len == 0 ? NULL : ctx->aid_buf,
ctx->aid_len))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->mdsize))
if (p.size != NULL && !OSSL_PARAM_set_size_t(p.size, ctx->mdsize))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
if (p != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL
if (p.digest != NULL
&& !OSSL_PARAM_set_utf8_string(p.digest, ctx->md == NULL
? ctx->mdname
: EVP_MD_get0_name(ctx->md)))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->nonce_type))
if (p.nonce != NULL && !OSSL_PARAM_set_uint(p.nonce, ctx->nonce_type))
return 0;
#ifdef FIPS_MODULE
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE);
if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->verify_message))
if (p.verify != NULL && !OSSL_PARAM_set_uint(p.verify, ctx->verify_message))
return 0;
#endif
if (!OSSL_FIPS_IND_GET_CTX_PARAM(ctx, params))
if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(ctx, p.ind))
return 0;
return 1;
}
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL),
#ifdef FIPS_MODULE
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL),
#endif
OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx,
ossl_unused void *provctx)
{
return known_gettable_ctx_params;
return ecdsa_get_ctx_params_list;
}
struct ecdsa_all_set_ctx_params_st {
OSSL_PARAM *digest; /* ecdsa_set_ctx_params */
OSSL_PARAM *propq; /* ecdsa_set_ctx_params */
OSSL_PARAM *size; /* ecdsa_set_ctx_params */
OSSL_PARAM *ind_d;
OSSL_PARAM *ind_k;
OSSL_PARAM *kat;
OSSL_PARAM *nonce;
OSSL_PARAM *sig; /* ecdsa_sigalg_set_ctx_params */
};
/**
* @brief Set up common params for ecdsa_set_ctx_params and
* ecdsa_sigalg_set_ctx_params. The caller is responsible for checking |vctx| is
* not NULL and |params| is not empty.
*/
static int ecdsa_common_set_ctx_params(void *vctx, const OSSL_PARAM params[])
static int ecdsa_common_set_ctx_params(PROV_ECDSA_CTX *ctx,
const struct ecdsa_all_set_ctx_params_st *p)
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
const OSSL_PARAM *p;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, params,
OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0,
p->ind_k))
return 0;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, params,
OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1,
p->ind_d))
return 0;
#if !defined(OPENSSL_NO_ACVP_TESTS)
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
if (p != NULL && !OSSL_PARAM_get_uint(p, &ctx->kattest))
if (p->kat != NULL && !OSSL_PARAM_get_uint(p->kat, &ctx->kattest))
return 0;
#endif
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
if (p != NULL
&& !OSSL_PARAM_get_uint(p, &ctx->nonce_type))
if (p->nonce != NULL && !OSSL_PARAM_get_uint(p->nonce, &ctx->nonce_type))
return 0;
return 1;
}
#define ECDSA_COMMON_SETTABLE_CTX_PARAMS \
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), \
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \
OSSL_PARAM_END
#define ecdsa_set_ctx_params_st ecdsa_all_set_ctx_params_st
{- produce_param_decoder('ecdsa_set_ctx_params',
(['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'],
['SIGNATURE_PARAM_PROPERTIES', 'propq', 'utf8_string'],
['SIGNATURE_PARAM_DIGEST_SIZE', 'size', 'size_t'],
['SIGNATURE_PARAM_KAT', 'kat', 'uint'],
['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'],
['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
)); -}
static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
const OSSL_PARAM *p;
struct ecdsa_all_set_ctx_params_st p;
size_t mdsize = 0;
int ret;
if (ctx == NULL)
if (ctx == NULL || !ecdsa_set_ctx_params_decoder(params, &p))
return 0;
if (ossl_param_is_empty(params))
return 1;
if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0)
if ((ret = ecdsa_common_set_ctx_params(ctx, &p)) <= 0)
return ret;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
if (p != NULL) {
if (p.digest != NULL) {
char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops;
const OSSL_PARAM *propsp =
OSSL_PARAM_locate_const(params,
OSSL_SIGNATURE_PARAM_PROPERTIES);
if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
if (!OSSL_PARAM_get_utf8_string(p.digest, &pmdname, sizeof(mdname)))
return 0;
if (propsp != NULL
&& !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops)))
if (p.propq != NULL
&& !OSSL_PARAM_get_utf8_string(p.propq, &pmdprops, sizeof(mdprops)))
return 0;
if (!ecdsa_setup_md(ctx, mdname, mdprops, "ECDSA Set Ctx"))
return 0;
}
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
if (p != NULL) {
if (!OSSL_PARAM_get_size_t(p, &mdsize)
if (p.size != NULL) {
if (!OSSL_PARAM_get_size_t(p.size, &mdsize)
|| (!ctx->flag_allow_md && mdsize != ctx->mdsize))
return 0;
ctx->mdsize = mdsize;
@ -808,17 +809,10 @@ static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
return 1;
}
static const OSSL_PARAM settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
ECDSA_COMMON_SETTABLE_CTX_PARAMS
};
static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx,
ossl_unused void *provctx)
{
return settable_ctx_params;
return ecdsa_set_ctx_params_list;
}
static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params)
@ -958,10 +952,15 @@ static const char **ecdsa_sigalg_query_key_types(void)
return keytypes;
}
static const OSSL_PARAM settable_sigalg_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0),
ECDSA_COMMON_SETTABLE_CTX_PARAMS
};
#define ecdsa_sigalg_set_ctx_params_st ecdsa_all_set_ctx_params_st
{- produce_param_decoder('ecdsa_sigalg_set_ctx_params',
(['SIGNATURE_PARAM_SIGNATURE', 'sig', 'octet_string'],
['SIGNATURE_PARAM_KAT', 'kat', 'uint'],
['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'],
['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
)); -}
static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx,
ossl_unused void *provctx)
@ -969,31 +968,28 @@ static const OSSL_PARAM *ecdsa_sigalg_settable_ctx_params(void *vctx,
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
if (ctx != NULL && ctx->operation == EVP_PKEY_OP_VERIFYMSG)
return settable_sigalg_ctx_params;
return ecdsa_sigalg_set_ctx_params_list;
return NULL;
}
static int ecdsa_sigalg_set_ctx_params(void *vctx, const OSSL_PARAM params[])
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
const OSSL_PARAM *p;
struct ecdsa_all_set_ctx_params_st p;
int ret;
if (ctx == NULL)
if (ctx == NULL || !ecdsa_sigalg_set_ctx_params_decoder(params, &p))
return 0;
if (ossl_param_is_empty(params))
return 1;
if ((ret = ecdsa_common_set_ctx_params(ctx, params)) <= 0)
if ((ret = ecdsa_common_set_ctx_params(ctx, &p)) <= 0)
return ret;
if (ctx->operation == EVP_PKEY_OP_VERIFYMSG) {
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE);
if (p != NULL) {
if (p.sig != NULL) {
OPENSSL_free(ctx->sig);
ctx->sig = NULL;
ctx->siglen = 0;
if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig,
if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&ctx->sig,
0, &ctx->siglen))
return 0;
}