root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

dsa: update to use generated param decoders for signature operations 

Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28150)
This commit is contained in:
Pauli 2025-07-28 10:11:34 +10:00
parent 2c214751fe
commit c1fd9a4f8b
1 changed files with 72 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

143
providers/implementations/signature/dsa_sig.c.in
View File

@ -6,6 +6,9 @@
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
{-
use OpenSSL::paramnames qw(produce_param_decoder);
-}
/*
* DSA low level APIs are deprecated for public use, but still ok for
@ -669,108 +672,110 @@ static void *dsa_dupctx(void *vpdsactx)
return NULL;
}
{- produce_param_decoder('dsa_get_ctx_params',
(['SIGNATURE_PARAM_ALGORITHM_ID', 'algid', 'octet_string'],
['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'],
['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'],
['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'],
)); -}
static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
OSSL_PARAM *p;
struct dsa_get_ctx_params_st p;
if (pdsactx == NULL)
if (pdsactx == NULL || !dsa_get_ctx_params_decoder(params, &p))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
if (p != NULL
&& !OSSL_PARAM_set_octet_string(p,
if (p.algid != NULL
&& !OSSL_PARAM_set_octet_string(p.algid,
pdsactx->aid_len == 0 ? NULL : pdsactx->aid_buf,
pdsactx->aid_len))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->mdname))
if (p.digest != NULL && !OSSL_PARAM_set_utf8_string(p.digest, pdsactx->mdname))
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
if (p != NULL && !OSSL_PARAM_set_uint(p, pdsactx->nonce_type))
if (p.nonce != NULL && !OSSL_PARAM_set_uint(p.nonce, pdsactx->nonce_type))
return 0;
if (!OSSL_FIPS_IND_GET_CTX_PARAM(pdsactx, params))
if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(pdsactx, p.ind))
return 0;
return 1;
}
static const OSSL_PARAM known_gettable_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL),
OSSL_FIPS_IND_GETTABLE_CTX_PARAM()
OSSL_PARAM_END
};
static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx,
ossl_unused void *provctx)
{
return known_gettable_ctx_params;
return dsa_get_ctx_params_list;
}
struct dsa_all_set_ctx_params_st {
OSSL_PARAM *digest; /* dsa_set_ctx_params */
OSSL_PARAM *propq; /* dsa_set_ctx_params */
OSSL_PARAM *ind_d;
OSSL_PARAM *ind_k;
OSSL_PARAM *ind_sign;
OSSL_PARAM *nonce;
OSSL_PARAM *sig; /* dsa_sigalg_set_ctx_params */
};
/**
* @brief Setup common params for dsa_set_ctx_params and dsa_sigalg_set_ctx_params
* The caller is responsible for checking |vpdsactx| is not NULL and |params|
* is not empty.
*/
static int dsa_common_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
static int dsa_common_set_ctx_params(PROV_DSA_CTX *pdsactx,
const struct dsa_all_set_ctx_params_st *p)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
const OSSL_PARAM *p;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE0, params,
OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE0,
p->ind_k))
return 0;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE1, params,
OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE1,
p->ind_d))
return 0;
if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE2, params,
OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK))
if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE2,
p->ind_sign))
return 0;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE);
if (p != NULL
&& !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type))
if (p->nonce != NULL
&& !OSSL_PARAM_get_uint(p->nonce, &pdsactx->nonce_type))
return 0;
return 1;
}
#define DSA_COMMON_SETTABLE_CTX_PARAMS \
OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \
OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) \
OSSL_PARAM_END
#define dsa_set_ctx_params_st dsa_all_set_ctx_params_st
{- produce_param_decoder('dsa_set_ctx_params',
(['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'],
['SIGNATURE_PARAM_PROPERTIES', 'propq', 'utf8_string'],
['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'],
['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
['SIGNATURE_PARAM_FIPS_SIGN_CHECK', 'ind_sign', 'int'],
)); -}
static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
const OSSL_PARAM *p;
struct dsa_all_set_ctx_params_st p;
int ret;
if (pdsactx == NULL)
if (pdsactx == NULL || !dsa_set_ctx_params_decoder(params, &p))
return 0;
if (ossl_param_is_empty(params))
return 1;
if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0)
if ((ret = dsa_common_set_ctx_params(pdsactx, &p)) <= 0)
return ret;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
if (p != NULL) {
if (p.digest != NULL) {
char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname;
char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops;
const OSSL_PARAM *propsp =
OSSL_PARAM_locate_const(params,
OSSL_SIGNATURE_PARAM_PROPERTIES);
if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname)))
if (!OSSL_PARAM_get_utf8_string(p.digest, &pmdname, sizeof(mdname)))
return 0;
if (propsp != NULL
&& !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops)))
if (p.propq != NULL
&& !OSSL_PARAM_get_utf8_string(p.propq, &pmdprops, sizeof(mdprops)))
return 0;
if (!dsa_setup_md(pdsactx, mdname, mdprops, "DSA Set Ctx"))
return 0;
@ -778,12 +783,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
return 1;
}
static const OSSL_PARAM settable_ctx_params[] = {
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0),
DSA_COMMON_SETTABLE_CTX_PARAMS
};
static const OSSL_PARAM settable_ctx_params_no_digest[] = {
OSSL_PARAM_END
};
@ -795,7 +794,7 @@ static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx,
if (pdsactx != NULL && !pdsactx->flag_allow_md)
return settable_ctx_params_no_digest;
return settable_ctx_params;
return dsa_set_ctx_params_list;
}
static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params)
@ -935,10 +934,15 @@ static const char **dsa_sigalg_query_key_types(void)
return keytypes;
}
static const OSSL_PARAM settable_sigalg_ctx_params[] = {
OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0),
DSA_COMMON_SETTABLE_CTX_PARAMS
};
#define dsa_sigalg_set_ctx_params_st dsa_all_set_ctx_params_st
{- produce_param_decoder('dsa_sigalg_set_ctx_params',
(['SIGNATURE_PARAM_SIGNATURE', 'sig', 'octet_string'],
['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'],
['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'],
['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'],
['SIGNATURE_PARAM_FIPS_SIGN_CHECK', 'ind_sign', 'int'],
)); -}
static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx,
ossl_unused void *provctx)
@ -946,31 +950,28 @@ static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx,
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
if (pdsactx != NULL && pdsactx->operation == EVP_PKEY_OP_VERIFYMSG)
return settable_sigalg_ctx_params;
return dsa_sigalg_set_ctx_params_list;
return NULL;
}
static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
const OSSL_PARAM *p;
struct dsa_all_set_ctx_params_st p;
int ret;
if (pdsactx == NULL)
if (pdsactx == NULL || !dsa_sigalg_set_ctx_params_decoder(params, &p))
return 0;
if (ossl_param_is_empty(params))
return 1;
if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0)
if ((ret = dsa_common_set_ctx_params(pdsactx, &p)) <= 0)
return ret;
if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) {
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE);
if (p != NULL) {
if (p.sig != NULL) {
OPENSSL_free(pdsactx->sig);
pdsactx->sig = NULL;
pdsactx->siglen = 0;
if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig,
if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&pdsactx->sig,
0, &pdsactx->siglen))
return 0;
}