summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPauli <ppzgs1@gmail.com>2021-03-02 22:43:36 +1000
committerPauli <ppzgs1@gmail.com>2021-03-12 08:27:21 +1000
commit556b8937d0fc323da2b206d6c13f0ddee8a7d340 (patch)
tree14eaaee5205ea4f3ff90889407eb446e1cf3baac
parent5506cd0bbd874b164f59e3e6a6a530426a2b38bf (diff)
prov: support params arguments to signature init calls
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
Diffstat
-rw-r--r--providers/implementations/signature/dsa.c40
-rw-r--r--providers/implementations/signature/ecdsa.c38
-rw-r--r--providers/implementations/signature/eddsa.c5
-rw-r--r--providers/implementations/signature/mac_legacy.c5
-rw-r--r--providers/implementations/signature/rsa.c43
-rw-r--r--providers/implementations/signature/sm2sig.c17
6 files changed, 93 insertions, 55 deletions
diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c
index 214238e7cc..88a8102cff 100644
--- a/providers/implementations/signature/dsa.c
+++ b/providers/implementations/signature/dsa.c
@@ -171,7 +171,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
return 1;
}
-static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation)
+static int dsa_signverify_init(void *vpdsactx, void *vdsa,
+ const OSSL_PARAM params[], int operation)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
@@ -183,6 +184,10 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation)
DSA_free(pdsactx->dsa);
pdsactx->dsa = vdsa;
pdsactx->operation = operation;
+
+ if (!dsa_set_ctx_params(pdsactx, params))
+ return 0;
+
if (!ossl_dsa_check_key(vdsa, operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
@@ -190,14 +195,15 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation)
return 1;
}
-static int dsa_sign_init(void *vpdsactx, void *vdsa)
+static int dsa_sign_init(void *vpdsactx, void *vdsa, const OSSL_PARAM params[])
{
- return dsa_signverify_init(vpdsactx, vdsa, EVP_PKEY_OP_SIGN);
+ return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_SIGN);
}
-static int dsa_verify_init(void *vpdsactx, void *vdsa)
+static int dsa_verify_init(void *vpdsactx, void *vdsa,
+ const OSSL_PARAM params[])
{
- return dsa_signverify_init(vpdsactx, vdsa, EVP_PKEY_OP_VERIFY);
+ return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_VERIFY);
}
static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen,
@@ -244,7 +250,8 @@ static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen,
}
static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
- void *vdsa, int operation)
+ void *vdsa, const OSSL_PARAM params[],
+ int operation)
{
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
@@ -252,7 +259,7 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
return 0;
pdsactx->flag_allow_md = 0;
- if (!dsa_signverify_init(vpdsactx, vdsa, operation))
+ if (!dsa_signverify_init(vpdsactx, vdsa, params, operation))
return 0;
if (!dsa_setup_md(pdsactx, mdname, NULL))
@@ -262,7 +269,7 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
if (pdsactx->mdctx == NULL)
goto error;
- if (!EVP_DigestInit_ex(pdsactx->mdctx, pdsactx->md, NULL))
+ if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params))
goto error;
return 1;
@@ -276,14 +283,17 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
}
static int dsa_digest_sign_init(void *vpdsactx, const char *mdname,
- void *vdsa)
+ void *vdsa, const OSSL_PARAM params[])
{
- return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, EVP_PKEY_OP_SIGN);
+ return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params,
+ EVP_PKEY_OP_SIGN);
}
-static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, void *vdsa)
+static int dsa_digest_verify_init(void *vpdsactx, const char *mdname,
+ void *vdsa, const OSSL_PARAM params[])
{
- return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, EVP_PKEY_OP_VERIFY);
+ return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params,
+ EVP_PKEY_OP_VERIFY);
}
int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data,
@@ -413,7 +423,7 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params)
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
OSSL_PARAM *p;
- if (pdsactx == NULL || params == NULL)
+ if (pdsactx == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
@@ -445,8 +455,10 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx;
const OSSL_PARAM *p;
- if (pdsactx == NULL || params == NULL)
+ if (pdsactx == NULL)
return 0;
+ if (params == NULL)
+ return 1;
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST);
/* Not allowed during certain operations */
diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c
index 0e99cb2a5d..4f90032af3 100644
--- a/providers/implementations/signature/ecdsa.c
+++ b/providers/implementations/signature/ecdsa.c
@@ -125,7 +125,8 @@ static void *ecdsa_newctx(void *provctx, const char *propq)
return ctx;
}
-static int ecdsa_signverify_init(void *vctx, void *ec, int operation)
+static int ecdsa_signverify_init(void *vctx, void *ec,
+ const OSSL_PARAM params[], int operation)
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
@@ -137,17 +138,19 @@ static int ecdsa_signverify_init(void *vctx, void *ec, int operation)
EC_KEY_free(ctx->ec);
ctx->ec = ec;
ctx->operation = operation;
+ if (!ecdsa_set_ctx_params(ctx, params))
+ return 0;
return ossl_ec_check_key(ec, operation == EVP_PKEY_OP_SIGN);
}
-static int ecdsa_sign_init(void *vctx, void *ec)
+static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[])
{
- return ecdsa_signverify_init(vctx, ec, EVP_PKEY_OP_SIGN);
+ return ecdsa_signverify_init(vctx, ec, params, EVP_PKEY_OP_SIGN);
}
-static int ecdsa_verify_init(void *vctx, void *ec)
+static int ecdsa_verify_init(void *vctx, void *ec, const OSSL_PARAM params[])
{
- return ecdsa_signverify_init(vctx, ec, EVP_PKEY_OP_VERIFY);
+ return ecdsa_signverify_init(vctx, ec, params, EVP_PKEY_OP_VERIFY);
}
static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen,
@@ -251,7 +254,8 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
}
static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
- void *ec, int operation)
+ void *ec, const OSSL_PARAM params[],
+ int operation)
{
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
@@ -259,7 +263,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
return 0;
ctx->flag_allow_md = 0;
- if (!ecdsa_signverify_init(vctx, ec, operation)
+ if (!ecdsa_signverify_init(vctx, ec, params, operation)
|| !ecdsa_setup_md(ctx, mdname, NULL))
return 0;
@@ -267,7 +271,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
if (ctx->mdctx == NULL)
goto error;
- if (!EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL))
+ if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
goto error;
return 1;
error:
@@ -278,14 +282,18 @@ error:
return 0;
}
-static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec)
+static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec,
+ const OSSL_PARAM params[])
{
- return ecdsa_digest_signverify_init(vctx, mdname, ec, EVP_PKEY_OP_SIGN);
+ return ecdsa_digest_signverify_init(vctx, mdname, ec, params,
+ EVP_PKEY_OP_SIGN);
}
-static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec)
+static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec,
+ const OSSL_PARAM params[])
{
- return ecdsa_digest_signverify_init(vctx, mdname, ec, EVP_PKEY_OP_VERIFY);
+ return ecdsa_digest_signverify_init(vctx, mdname, ec, params,
+ EVP_PKEY_OP_VERIFY);
}
int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data,
@@ -406,7 +414,7 @@ static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params)
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
OSSL_PARAM *p;
- if (ctx == NULL || params == NULL)
+ if (ctx == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
@@ -444,8 +452,10 @@ static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[])
PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx;
const OSSL_PARAM *p;
- if (ctx == NULL || params == NULL)
+ if (ctx == NULL)
return 0;
+ if (params == NULL)
+ return 1;
#if !defined(OPENSSL_NO_ACVP_TESTS)
p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT);
diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c
index 0427d38241..221ccdd928 100644
--- a/providers/implementations/signature/eddsa.c
+++ b/providers/implementations/signature/eddsa.c
@@ -84,7 +84,8 @@ static void *eddsa_newctx(void *provctx, const char *propq_unused)
}
static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
- void *vedkey)
+ void *vedkey,
+ ossl_unused const OSSL_PARAM params[])
{
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
ECX_KEY *edkey = (ECX_KEY *)vedkey;
@@ -277,7 +278,7 @@ static int eddsa_get_ctx_params(void *vpeddsactx, OSSL_PARAM *params)
PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx;
OSSL_PARAM *p;
- if (peddsactx == NULL || params == NULL)
+ if (peddsactx == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy.c
index 81bf8f27a1..a8cc67b410 100644
--- a/providers/implementations/signature/mac_legacy.c
+++ b/providers/implementations/signature/mac_legacy.c
@@ -91,7 +91,8 @@ MAC_NEWCTX(siphash, "SIPHASH")
MAC_NEWCTX(poly1305, "POLY1305")
MAC_NEWCTX(cmac, "CMAC")
-static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey)
+static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey,
+ const OSSL_PARAM params[])
{
PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx;
const char *ciphername = NULL, *engine = NULL;
@@ -121,7 +122,7 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey)
return 0;
if (!EVP_MAC_init(pmacctx->macctx, pmacctx->key->priv_key,
- pmacctx->key->priv_key_len, NULL))
+ pmacctx->key->priv_key_len, params))
return 0;
return 1;
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index d3189b0d1a..0df079dc79 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -357,7 +357,8 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname,
return 1;
}
-static int rsa_signverify_init(void *vprsactx, void *vrsa, int operation)
+static int rsa_signverify_init(void *vprsactx, void *vrsa,
+ const OSSL_PARAM params[], int operation)
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -371,6 +372,9 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa, int operation)
prsactx->rsa = vrsa;
prsactx->operation = operation;
+ if (!rsa_set_ctx_params(prsactx, params))
+ return 0;
+
if (!ossl_rsa_check_key(vrsa, operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
@@ -468,11 +472,11 @@ static void free_tbuf(PROV_RSA_CTX *ctx)
ctx->tbuf = NULL;
}
-static int rsa_sign_init(void *vprsactx, void *vrsa)
+static int rsa_sign_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[])
{
if (!ossl_prov_is_running())
return 0;
- return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_SIGN);
+ return rsa_signverify_init(vprsactx, vrsa, params, EVP_PKEY_OP_SIGN);
}
static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
@@ -621,11 +625,13 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen,
return 1;
}
-static int rsa_verify_recover_init(void *vprsactx, void *vrsa)
+static int rsa_verify_recover_init(void *vprsactx, void *vrsa,
+ const OSSL_PARAM params[])
{
if (!ossl_prov_is_running())
return 0;
- return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFYRECOVER);
+ return rsa_signverify_init(vprsactx, vrsa, params,
+ EVP_PKEY_OP_VERIFYRECOVER);
}
static int rsa_verify_recover(void *vprsactx,
@@ -712,11 +718,12 @@ static int rsa_verify_recover(void *vprsactx,
return 1;
}
-static int rsa_verify_init(void *vprsactx, void *vrsa)
+static int rsa_verify_init(void *vprsactx, void *vrsa,
+ const OSSL_PARAM params[])
{
if (!ossl_prov_is_running())
return 0;
- return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFY);
+ return rsa_signverify_init(vprsactx, vrsa, params, EVP_PKEY_OP_VERIFY);
}
static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
@@ -801,7 +808,8 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen,
}
static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
- void *vrsa, int operation)
+ void *vrsa, const OSSL_PARAM params[],
+ int operation)
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
@@ -810,7 +818,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
if (prsactx != NULL)
prsactx->flag_allow_md = 0;
- if (!rsa_signverify_init(vprsactx, vrsa, operation))
+ if (!rsa_signverify_init(vprsactx, vrsa, params, operation))
return 0;
if (mdname != NULL
/* was rsa_setup_md already called in rsa_signverify_init()? */
@@ -824,7 +832,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname,
goto error;
}
- if (!EVP_DigestInit_ex(prsactx->mdctx, prsactx->md, NULL))
+ if (!EVP_DigestInit_ex2(prsactx->mdctx, prsactx->md, params))
goto error;
return 1;
@@ -850,12 +858,12 @@ static int rsa_digest_signverify_update(void *vprsactx,
}
static int rsa_digest_sign_init(void *vprsactx, const char *mdname,
- void *vrsa)
+ void *vrsa, const OSSL_PARAM params[])
{
if (!ossl_prov_is_running())
return 0;
return rsa_digest_signverify_init(vprsactx, mdname, vrsa,
- EVP_PKEY_OP_SIGN);
+ params, EVP_PKEY_OP_SIGN);
}
static int rsa_digest_sign_final(void *vprsactx, unsigned char *sig,
@@ -887,12 +895,12 @@ static int rsa_digest_sign_final(void *vprsactx, unsigned char *sig,
}
static int rsa_digest_verify_init(void *vprsactx, const char *mdname,
- void *vrsa)
+ void *vrsa, const OSSL_PARAM params[])
{
if (!ossl_prov_is_running())
return 0;
return rsa_digest_signverify_init(vprsactx, mdname, vrsa,
- EVP_PKEY_OP_VERIFY);
+ params, EVP_PKEY_OP_VERIFY);
}
int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig,
@@ -995,7 +1003,7 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
OSSL_PARAM *p;
- if (prsactx == NULL || params == NULL)
+ if (prsactx == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
@@ -1114,8 +1122,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
char mgf1mdname[OSSL_MAX_NAME_SIZE] = "", *pmgf1mdname = NULL;
char mgf1mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmgf1mdprops = NULL;
- if (prsactx == NULL || params == NULL)
+ if (prsactx == NULL)
return 0;
+ if (params == NULL)
+ return 1;
+
pad_mode = prsactx->pad_mode;
saltlen = prsactx->saltlen;
diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c
index 5463b000e0..4201e825b1 100644
--- a/providers/implementations/signature/sm2sig.c
+++ b/providers/implementations/signature/sm2sig.c
@@ -113,7 +113,8 @@ static void *sm2sig_newctx(void *provctx, const char *propq)
return ctx;
}
-static int sm2sig_signature_init(void *vpsm2ctx, void *ec)
+static int sm2sig_signature_init(void *vpsm2ctx, void *ec,
+ const OSSL_PARAM params[])
{
PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx;
@@ -121,7 +122,7 @@ static int sm2sig_signature_init(void *vpsm2ctx, void *ec)
return 0;
EC_KEY_free(psm2ctx->ec);
psm2ctx->ec = ec;
- return 1;
+ return sm2sig_set_ctx_params(psm2ctx, params);
}
static int sm2sig_sign(void *vpsm2ctx, unsigned char *sig, size_t *siglen,
@@ -173,7 +174,7 @@ static void free_md(PROV_SM2_CTX *ctx)
}
static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
- void *ec)
+ void *ec, const OSSL_PARAM params[])
{
PROV_SM2_CTX *ctx = (PROV_SM2_CTX *)vpsm2ctx;
int md_nid = NID_sm3;
@@ -182,7 +183,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
free_md(ctx);
- if (!sm2sig_signature_init(vpsm2ctx, ec))
+ if (!sm2sig_signature_init(vpsm2ctx, ec, params))
return ret;
ctx->md = EVP_MD_fetch(ctx->libctx, mdname, ctx->propq);
@@ -207,7 +208,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
}
WPACKET_cleanup(&pkt);
- if (!EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL))
+ if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
goto error;
ctx->flag_compute_z_digest = 1;
@@ -353,7 +354,7 @@ static int sm2sig_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params)
PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx;
OSSL_PARAM *p;
- if (psm2ctx == NULL || params == NULL)
+ if (psm2ctx == NULL)
return 0;
p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID);
@@ -393,8 +394,10 @@ static int sm2sig_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM params[])
const OSSL_PARAM *p;
char *mdname;
- if (psm2ctx == NULL || params == NULL)
+ if (psm2ctx == NULL)
return 0;
+ if (params == NULL)
+ return 1;
p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DIST_ID);
if (p != NULL) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 11:35:14 +0000