root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

rsa: update to use generated param decoders for signature operations 

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
This commit is contained in:
Pauli 2025-07-28 11:02:45 +10:00
parent 79197465e3
commit a14e2f417e
1 changed files with 117 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

247
providers/implementations/signature/rsa_sig.c.in
View File

@ -6,6 +6,9 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
{-
use OpenSSL::paramnames qw(produce_param_decoder);
-}
/*
* RSA low level APIs are deprecated for public use, but still ok for
@ -1382,16 +1385,27 @@ static void *rsa_dupctx(void *vprsactx)
return NULL;
}
{- produce_param_decoder('rsa_get_ctx_params',
(['SIGNATURE_PARAM_ALGORITHM_ID', 'algid', 'octet_string'],
['SIGNATURE_PARAM_PAD_MODE', 'pad', 'utf8_string'],
['SIGNATURE_PARAM_PAD_MODE', 'pad', 'int'],
['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'],
['SIGNATURE_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'],
['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'utf8_string'],
['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'int'],
['SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE', 'verify', 'uint'],
['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'],
)); -}
static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
OSSL_PARAM *p;
struct rsa_get_ctx_params_st p;
if (prsactx == NULL)
if (prsactx == NULL || !rsa_get_ctx_params_decoder(params, &p))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
if (p != NULL) {
if (p.algid != NULL) {
/* The Algorithm Identifier of the combined signature algorithm */
unsigned char aid_buf[128];
unsigned char *aid;
@ -1399,15 +1413,14 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
aid = rsa_generate_signature_aid(prsactx, aid_buf,
sizeof(aid_buf), &aid_len);
if (aid == NULL || !OSSL_PARAM_set_octet_string(p, aid, aid_len))
if (aid == NULL || !OSSL_PARAM_set_octet_string(p.algid, aid, aid_len))
return 0;
}
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_PAD_MODE);
if (p != NULL)
switch (p->data_type) {
case OSSL_PARAM_INTEGER:
if (!OSSL_PARAM_set_int(p, prsactx->pad_mode))
if (p.pad != NULL)
switch (p.pad->data_type) {
default:
if (!OSSL_PARAM_set_int(p.pad, prsactx->pad_mode))
return 0;
break;
case OSSL_PARAM_UTF8_STRING:
@ -1423,31 +1436,26 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
}
if (word != NULL) {
if (!OSSL_PARAM_set_utf8_string(p, word))
if (!OSSL_PARAM_set_utf8_string(p.pad, word))
return 0;
} else {
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
}
}
break;
default:
return 0;
}
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->mdname))
if (p.digest != NULL && !OSSL_PARAM_set_utf8_string(p.digest, prsactx->mdname))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_MGF1_DIGEST);
if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->mgf1_mdname))
if (p.mgf1 != NULL && !OSSL_PARAM_set_utf8_string(p.mgf1, prsactx->mgf1_mdname))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_PSS_SALTLEN);
if (p != NULL) {
if (p->data_type == OSSL_PARAM_INTEGER) {
if (!OSSL_PARAM_set_int(p, prsactx->saltlen))
if (p.slen != NULL) {
if (p.slen->data_type != OSSL_PARAM_UTF8_STRING) {
if (!OSSL_PARAM_set_int(p.slen, prsactx->saltlen))
return 0;
} else if (p->data_type == OSSL_PARAM_UTF8_STRING) {
} else {
const char *value = NULL;
switch (prsactx->saltlen) {
@ -1465,49 +1473,35 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
break;
default:
{
int len = BIO_snprintf(p->data, p->data_size, "%d",
int len = BIO_snprintf(p.slen->data, p.slen->data_size, "%d",
prsactx->saltlen);
if (len <= 0)
return 0;
p->return_size = len;
p.slen->return_size = len;
break;
}
}
if (value != NULL
&& !OSSL_PARAM_set_utf8_string(p, value))
&& !OSSL_PARAM_set_utf8_string(p.slen, value))
return 0;
}
}
#ifdef FIPS_MODULE
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE);
if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->verify_message))
if (p.verify != NULL && !OSSL_PARAM_set_uint(p.verify, prsactx->verify_message))
return 0;
#endif
if (!OSSL_FIPS_IND_GET_CTX_PARAM(prsactx, params))
if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(prsactx, p.ind))
return 0;
return 1;
}
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
#ifdef FIPS_MODULE
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE, NULL),
#endif
OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx,
ossl_unused void *provctx)
{
return known_gettable_ctx_params;
return rsa_get_ctx_params_list;
}
#ifdef FIPS_MODULE
@ -1529,10 +1523,40 @@ static int rsa_x931_padding_allowed(PROV_RSA_CTX *ctx)
}
#endif
{- produce_param_decoder('rsa_set_ctx_params',
(['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'],
['SIGNATURE_PARAM_PROPERTIES', 'propq', 'utf8_string'],
['SIGNATURE_PARAM_PAD_MODE', 'pad', 'utf8_string'],
['SIGNATURE_PARAM_PAD_MODE', 'pad', 'int'],
['SIGNATURE_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'],
['SIGNATURE_PARAM_MGF1_PROPERTIES', 'mgf1pq', 'utf8_string'],
['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'utf8_string'],
['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'int'],
['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int'],
['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK', 'ind_xpad', 'int'],
)); -}
#define rsa_set_ctx_params_no_digest_st rsa_set_ctx_params_st
{- produce_param_decoder('rsa_set_ctx_params_no_digest',
(['SIGNATURE_PARAM_PAD_MODE', 'pad', 'utf8_string'],
['SIGNATURE_PARAM_PAD_MODE', 'pad', 'int'],
['SIGNATURE_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'],
['SIGNATURE_PARAM_MGF1_PROPERTIES', 'mgf1pq', 'utf8_string'],
['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'utf8_string'],
['SIGNATURE_PARAM_PSS_SALTLEN', 'slen', 'int'],
['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
['SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK', 'ind_slen', 'int'],
['SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK', 'ind_xpad', 'int'],
)); -}
static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
const OSSL_PARAM *p;
struct rsa_set_ctx_params_st p;
int pad_mode;
int saltlen;
char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = NULL;
@ -1542,72 +1566,73 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
if (prsactx == NULL)
return 0;
/* The processing code below doesn't handle no parameters properly */
if (ossl_param_is_empty(params))
return 1;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, params,
OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK))
if (prsactx->flag_allow_md) {
if (!rsa_set_ctx_params_decoder(params, &p))
return 0;
} else {
if (!rsa_set_ctx_params_no_digest_decoder(params, &p))
return 0;
}
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0,
p.ind_k))
return 0;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, params,
OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1,
p.ind_d))
return 0;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE2, params,
OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE2,
p.ind_xpad))
return 0;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE3, params,
OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE3,
p.ind_slen))
return 0;
pad_mode = prsactx->pad_mode;
saltlen = prsactx->saltlen;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
if (p != NULL) {
const OSSL_PARAM *propsp =
OSSL_PARAM_locate_const(params,
OSSL_SIGNATURE_PARAM_PROPERTIES);
if (p.digest != NULL) {
pmdname = mdname;
if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
if (!OSSL_PARAM_get_utf8_string(p.digest, &pmdname, sizeof(mdname)))
return 0;
if (propsp != NULL) {
if (p.propq != NULL) {
pmdprops = mdprops;
if (!OSSL_PARAM_get_utf8_string(propsp,
if (!OSSL_PARAM_get_utf8_string(p.propq,
&pmdprops, sizeof(mdprops)))
return 0;
}
}
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PAD_MODE);
if (p != NULL) {
if (p.pad != NULL) {
const char *err_extra_text = NULL;
switch (p->data_type) {
case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */
if (!OSSL_PARAM_get_int(p, &pad_mode))
switch (p.pad->data_type) {
default: /* Support for legacy pad mode number */
if (!OSSL_PARAM_get_int(p.pad, &pad_mode))
return 0;
break;
case OSSL_PARAM_UTF8_STRING:
{
int i;
if (p->data == NULL)
if (p.pad->data == NULL)
return 0;
for (i = 0; padding_item[i].id != 0; i++) {
if (strcmp(p->data, padding_item[i].ptr) == 0) {
if (strcmp(p.pad->data, padding_item[i].ptr) == 0) {
pad_mode = padding_item[i].id;
break;
}
}
}
break;
default:
return 0;
}
switch (pad_mode) {
@ -1663,8 +1688,7 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
}
}
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_PSS_SALTLEN);
if (p != NULL) {
if (p.slen != NULL) {
if (pad_mode != RSA_PKCS1_PSS_PADDING) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED,
"PSS saltlen can only be specified if "
@ -1672,25 +1696,23 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
return 0;
}
switch (p->data_type) {
case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */
if (!OSSL_PARAM_get_int(p, &saltlen))
switch (p.slen->data_type) {
default: /* Support for legacy pad mode number */
if (!OSSL_PARAM_get_int(p.slen, &saltlen))
return 0;
break;
case OSSL_PARAM_UTF8_STRING:
if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST) == 0)
if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST) == 0)
saltlen = RSA_PSS_SALTLEN_DIGEST;
else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_MAX) == 0)
else if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_MAX) == 0)
saltlen = RSA_PSS_SALTLEN_MAX;
else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0)
else if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO) == 0)
saltlen = RSA_PSS_SALTLEN_AUTO;
else if (strcmp(p->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0)
else if (strcmp(p.slen->data, OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX) == 0)
saltlen = RSA_PSS_SALTLEN_AUTO_DIGEST_MAX;
else
saltlen = atoi(p->data);
saltlen = atoi(p.slen->data);
break;
default:
return 0;
}
/*
@ -1738,19 +1760,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
}
}
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_MGF1_DIGEST);
if (p != NULL) {
const OSSL_PARAM *propsp =
OSSL_PARAM_locate_const(params,
OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES);
if (p.mgf1 != NULL) {
pmgf1mdname = mgf1mdname;
if (!OSSL_PARAM_get_utf8_string(p, &pmgf1mdname, sizeof(mgf1mdname)))
if (!OSSL_PARAM_get_utf8_string(p.mgf1, &pmgf1mdname, sizeof(mgf1mdname)))
return 0;
if (propsp != NULL) {
if (p.mgf1pq != NULL) {
pmgf1mdprops = mgf1mdprops;
if (!OSSL_PARAM_get_utf8_string(propsp,
if (!OSSL_PARAM_get_utf8_string(p.mgf1pq,
&pmgf1mdprops, sizeof(mgf1mdprops)))
return 0;
}
@ -1782,40 +1799,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
return 1;
}
static const OSSL_PARAM settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK)
OSSL_PARAM_END
};
static const OSSL_PARAM settable_ctx_params_no_digest[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0),
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK)
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK)
OSSL_PARAM_END
};
static const OSSL_PARAM *rsa_settable_ctx_params(void *vprsactx,
ossl_unused void *provctx)
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
if (prsactx != NULL && !prsactx->flag_allow_md)
return settable_ctx_params_no_digest;
return settable_ctx_params;
return rsa_set_ctx_params_no_digest_list;
return rsa_set_ctx_params_list;
}
static int rsa_get_ctx_md_params(void *vprsactx, OSSL_PARAM *params)
@ -1968,10 +1959,9 @@ static const char **rsa_sigalg_query_key_types(void)
return keytypes;
}
static const OSSL_PARAM settable_sigalg_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0),
OSSL_PARAM_END
};
{- produce_param_decoder('rsa_sigalg_set_ctx_params',
(['SIGNATURE_PARAM_SIGNATURE', 'sig', 'octet_string'],
)); -}
static const OSSL_PARAM *rsa_sigalg_settable_ctx_params(void *vprsactx,
ossl_unused void *provctx)
@ -1979,27 +1969,24 @@ static const OSSL_PARAM *rsa_sigalg_settable_ctx_params(void *vprsactx,
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
if (prsactx != NULL && prsactx->operation == EVP_PKEY_OP_VERIFYMSG)
return settable_sigalg_ctx_params;
return rsa_sigalg_set_ctx_params_list;
return NULL;
}
static int rsa_sigalg_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
const OSSL_PARAM *p;
struct rsa_sigalg_set_ctx_params_st p;
if (prsactx == NULL)
if (prsactx == NULL || !rsa_sigalg_set_ctx_params_decoder(params, &p))
return 0;
if (ossl_param_is_empty(params))
return 1;
if (prsactx->operation == EVP_PKEY_OP_VERIFYMSG) {
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE);
if (p != NULL) {
if (p.sig != NULL) {
OPENSSL_free(prsactx->sig);
prsactx->sig = NULL;
prsactx->siglen = 0;
if (!OSSL_PARAM_get_octet_string(p, (void **)&prsactx->sig,
if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&prsactx->sig,
0, &prsactx->siglen))
return 0;
}