diff --git a/providers/implementations/signature/rsa_sig.c.in b/providers/implementations/signature/rsa_sig.c.in index 79bda67395..5f1485ed1c 100644 --- a/providers/implementations/signature/rsa_sig.c.in +++ b/providers/implementations/signature/rsa_sig.c.in @@ -6,6 +6,9 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} /* * RSA low level APIs are deprecated for public use, but still ok for @@ -1382,16 +1385,27 @@ static void *rsa_dupctx(void *vprsactx) return NULL; } +{- produce_param_decoder('rsa_get_ctx_params', + (['SIGNATURE_PARAM_ALGORITHM_ID', 'algid', 'octet_string'], + ['SIGNATURE_PARAM_PAD_MODE', 'pad', 'utf8_string'], + ['SIGNATURE_PARAM_PAD_MODE', 'pad', 'int'], + ['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], + ['SIGNATURE_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'], + ['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'utf8_string'], + ['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'int'], + ['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE', 'verify', 'uint'], + ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + )); -} + static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - OSSL_PARAM *p; + struct rsa_get_ctx_params_st p; - if (prsactx == NULL) + if (prsactx == NULL || !rsa_get_ctx_params_decoder(params, &p)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); - if (p != NULL) { + if (p.algid != NULL) { /* The Algorithm Identifier of the combined signature algorithm */ unsigned char aid_buf[128]; unsigned char *aid; @@ -1399,15 +1413,14 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) aid = rsa_generate_signature_aid(prsactx, aid_buf, sizeof(aid_buf), &aid_len); - if (aid == NULL || !OSSL_PARAM_set_octet_string(p, aid, aid_len)) + if (aid == NULL || !OSSL_PARAM_set_octet_string(p.algid, aid, aid_len)) return 0; } - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_PAD_MODE); - if (p != NULL) - switch (p->data_type) { - case OSSL_PARAM_INTEGER: - if (!OSSL_PARAM_set_int(p, prsactx->pad_mode)) + if (p.pad != NULL) + switch (p.pad->data_type) { + default: + if (!OSSL_PARAM_set_int(p.pad, prsactx->pad_mode)) return 0; break; case OSSL_PARAM_UTF8_STRING: @@ -1423,31 +1436,26 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) } if (word != NULL) { - if (!OSSL_PARAM_set_utf8_string(p, word)) + if (!OSSL_PARAM_set_utf8_string(p.pad, word)) return 0; } else { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); } } break; - default: - return 0; } - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->mdname)) + if (p.digest != NULL && !OSSL_PARAM_set_utf8_string(p.digest, prsactx->mdname)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_MGF1_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->mgf1_mdname)) + if (p.mgf1 != NULL && !OSSL_PARAM_set_utf8_string(p.mgf1, prsactx->mgf1_mdname)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_PSS_SALTLEN); - if (p != NULL) { - if (p->data_type == OSSL_PARAM_INTEGER) { - if (!OSSL_PARAM_set_int(p, prsactx->saltlen)) + if (p.slen != NULL) { + if (p.slen->data_type != OSSL_PARAM_UTF8_STRING) { + if (!OSSL_PARAM_set_int(p.slen, prsactx->saltlen)) return 0; - } else if (p->data_type == OSSL_PARAM_UTF8_STRING) { + } else { const char *value = NULL; switch (prsactx->saltlen) { @@ -1465,49 +1473,35 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) break; default: { - int len = BIO_snprintf(p->data, p->data_size, "%d", + int len = BIO_snprintf(p.slen->data, p.slen->data_size, "%d", prsactx->saltlen); if (len <= 0) return 0; - p->return_size = len; + p.slen->return_size = len; break; } } if (value != NULL - && !OSSL_PARAM_set_utf8_string(p, value)) + && !OSSL_PARAM_set_utf8_string(p.slen, value)) return 0; } } #ifdef FIPS_MODULE - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE); - if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->verify_message)) + if (p.verify != NULL && !OSSL_PARAM_set_uint(p.verify, prsactx->verify_message)) return 0; #endif - if (!OSSL_FIPS_IND_GET_CTX_PARAM(prsactx, params)) + if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(prsactx, p.ind)) return 0; return 1; } -static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), -#ifdef FIPS_MODULE - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL), -#endif - OSSL_FIPS_IND_GETTABLE_CTX_PARAM() - OSSL_PARAM_END -}; - static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, ossl_unused void *provctx) { - return known_gettable_ctx_params; + return rsa_get_ctx_params_list; } #ifdef FIPS_MODULE @@ -1529,10 +1523,40 @@ static int rsa_x931_padding_allowed(PROV_RSA_CTX *ctx) } #endif +{- produce_param_decoder('rsa_set_ctx_params', + (['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], + ['SIGNATURE_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['SIGNATURE_PARAM_PAD_MODE', 'pad', 'utf8_string'], + ['SIGNATURE_PARAM_PAD_MODE', 'pad', 'int'], + ['SIGNATURE_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'], + ['SIGNATURE_PARAM_MGF1_PROPERTIES', 'mgf1pq', 'utf8_string'], + ['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'utf8_string'], + ['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'int'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + ['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int'], + ['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK', 'ind_xpad', 'int'], + )); -} + +#define rsa_set_ctx_params_no_digest_st rsa_set_ctx_params_st + +{- produce_param_decoder('rsa_set_ctx_params_no_digest', + (['SIGNATURE_PARAM_PAD_MODE', 'pad', 'utf8_string'], + ['SIGNATURE_PARAM_PAD_MODE', 'pad', 'int'], + ['SIGNATURE_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'], + ['SIGNATURE_PARAM_MGF1_PROPERTIES', 'mgf1pq', 'utf8_string'], + ['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'utf8_string'], + ['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'int'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + ['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int'], + ['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK', 'ind_xpad', 'int'], + )); -} + static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - const OSSL_PARAM *p; + struct rsa_set_ctx_params_st p; int pad_mode; int saltlen; char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = NULL; @@ -1542,72 +1566,73 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) if (prsactx == NULL) return 0; + /* The processing code below doesn't handle no parameters properly */ if (ossl_param_is_empty(params)) return 1; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)) + if (prsactx->flag_allow_md) { + if (!rsa_set_ctx_params_decoder(params, &p)) + return 0; + } else { + if (!rsa_set_ctx_params_no_digest_decoder(params, &p)) + return 0; + } + + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, + p.ind_k)) return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, params, - OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, + p.ind_d)) return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE2, params, - OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE2, + p.ind_xpad)) return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE3, params, - OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE3, + p.ind_slen)) return 0; pad_mode = prsactx->pad_mode; saltlen = prsactx->saltlen; - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_PROPERTIES); - + if (p.digest != NULL) { pmdname = mdname; - if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) + if (!OSSL_PARAM_get_utf8_string(p.digest, &pmdname, sizeof(mdname))) return 0; - if (propsp != NULL) { + if (p.propq != NULL) { pmdprops = mdprops; - if (!OSSL_PARAM_get_utf8_string(propsp, + if (!OSSL_PARAM_get_utf8_string(p.propq, &pmdprops, sizeof(mdprops))) return 0; } } - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PAD_MODE); - if (p != NULL) { + if (p.pad != NULL) { const char *err_extra_text = NULL; - switch (p->data_type) { - case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ - if (!OSSL_PARAM_get_int(p, &pad_mode)) + switch (p.pad->data_type) { + default: /* Support for legacy pad mode number */ + if (!OSSL_PARAM_get_int(p.pad, &pad_mode)) return 0; break; case OSSL_PARAM_UTF8_STRING: { int i; - if (p->data == NULL) + if (p.pad->data == NULL) return 0; for (i = 0; padding_item[i].id != 0; i++) { - if (strcmp(p->data, padding_item[i].ptr) == 0) { + if (strcmp(p.pad->data, padding_item[i].ptr) == 0) { pad_mode = padding_item[i].id; break; } } } break; - default: - return 0; } switch (pad_mode) { @@ -1663,8 +1688,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) } } - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PSS_SALTLEN); - if (p != NULL) { + if (p.slen != NULL) { if (pad_mode != RSA_PKCS1_PSS_PADDING) { ERR_raise_data(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED, "PSS saltlen can only be specified if " @@ -1672,25 +1696,23 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 0; } - switch (p->data_type) { - case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ - if (!OSSL_PARAM_get_int(p, &saltlen)) + switch (p.slen->data_type) { + default: /* Support for legacy pad mode number */ + if (!OSSL_PARAM_get_int(p.slen, &saltlen)) return 0; break; case OSSL_PARAM_UTF8_STRING: - if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST) == 0) + if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST) == 0) saltlen = RSA_PSS_SALTLEN_DIGEST; - else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_MAX) == 0) + else if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_MAX) == 0) saltlen = RSA_PSS_SALTLEN_MAX; - else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0) + else if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0) saltlen = RSA_PSS_SALTLEN_AUTO; - else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0) + else if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0) saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX; else - saltlen = atoi(p->data); + saltlen = atoi(p.slen->data); break; - default: - return 0; } /* @@ -1738,19 +1760,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) } } - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_MGF1_DIGEST); - if (p != NULL) { - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES); - + if (p.mgf1 != NULL) { pmgf1mdname = mgf1mdname; - if (!OSSL_PARAM_get_utf8_string(p, &pmgf1mdname, sizeof(mgf1mdname))) + if (!OSSL_PARAM_get_utf8_string(p.mgf1, &pmgf1mdname, sizeof(mgf1mdname))) return 0; - if (propsp != NULL) { + if (p.mgf1pq != NULL) { pmgf1mdprops = mgf1mdprops; - if (!OSSL_PARAM_get_utf8_string(propsp, + if (!OSSL_PARAM_get_utf8_string(p.mgf1pq, &pmgf1mdprops, sizeof(mgf1mdprops))) return 0; } @@ -1782,40 +1799,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK) - OSSL_PARAM_END -}; - -static const OSSL_PARAM settable_ctx_params_no_digest[] = { - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK) - OSSL_PARAM_END -}; - static const OSSL_PARAM *rsa_settable_ctx_params(void *vprsactx, ossl_unused void *provctx) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; if (prsactx != NULL && !prsactx->flag_allow_md) - return settable_ctx_params_no_digest; - return settable_ctx_params; + return rsa_set_ctx_params_no_digest_list; + return rsa_set_ctx_params_list; } static int rsa_get_ctx_md_params(void *vprsactx, OSSL_PARAM *params) @@ -1968,10 +1959,9 @@ static const char **rsa_sigalg_query_key_types(void) return keytypes; } -static const OSSL_PARAM settable_sigalg_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), - OSSL_PARAM_END -}; +{- produce_param_decoder('rsa_sigalg_set_ctx_params', + (['SIGNATURE_PARAM_SIGNATURE', 'sig', 'octet_string'], + )); -} static const OSSL_PARAM *rsa_sigalg_settable_ctx_params(void *vprsactx, ossl_unused void *provctx) @@ -1979,27 +1969,24 @@ static const OSSL_PARAM *rsa_sigalg_settable_ctx_params(void *vprsactx, PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; if (prsactx != NULL && prsactx->operation == EVP_PKEY_OP_VERIFYMSG) - return settable_sigalg_ctx_params; + return rsa_sigalg_set_ctx_params_list; return NULL; } static int rsa_sigalg_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - const OSSL_PARAM *p; + struct rsa_sigalg_set_ctx_params_st p; - if (prsactx == NULL) + if (prsactx == NULL || !rsa_sigalg_set_ctx_params_decoder(params, &p)) return 0; - if (ossl_param_is_empty(params)) - return 1; if (prsactx->operation == EVP_PKEY_OP_VERIFYMSG) { - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE); - if (p != NULL) { + if (p.sig != NULL) { OPENSSL_free(prsactx->sig); prsactx->sig = NULL; prsactx->siglen = 0; - if (!OSSL_PARAM_get_octet_string(p, (void **)&prsactx->sig, + if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&prsactx->sig, 0, &prsactx->siglen)) return 0; }