diff options
| author | Tomas Mraz <tomas@openssl.org> | 2021-02-26 18:02:36 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-03-03 11:25:39 +0100 |
| commit | fb67126ea8a1a9fadb9b60641d84808fc123cd9d (patch) | |
| tree | bff46e01abd2dabca35123e422bcbc797a6ef484 /providers | |
| parent | 4e4ae84056133c863860e27ceedae8bd3fb0a402 (diff) | |
EVP_PKEY_CTX_get/settable_params: pass provider operation context
This allows making the signature operations return different
settable params when the context is initialized with
EVP_DigestSign/VerifyInit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14338)
Diffstat (limited to 'providers')
18 files changed, 101 insertions, 59 deletions
diff --git a/providers/implementations/asymciphers/rsa_enc.c b/providers/implementations/asymciphers/rsa_enc.c index 5484c3d54a..8bf93dc7a2 100644 --- a/providers/implementations/asymciphers/rsa_enc.c +++ b/providers/implementations/asymciphers/rsa_enc.c @@ -408,7 +408,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -552,7 +553,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_settable_ctx_params; } diff --git a/providers/implementations/asymciphers/sm2_enc.c b/providers/implementations/asymciphers/sm2_enc.c index 0068e504e2..efd87f9d6a 100644 --- a/providers/implementations/asymciphers/sm2_enc.c +++ b/providers/implementations/asymciphers/sm2_enc.c @@ -176,7 +176,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2_gettable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -202,7 +203,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2_settable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { return known_settable_ctx_params; } diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 7f0fa3295e..b74adfbc34 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -389,7 +389,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *dh_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *dh_settable_ctx_params(ossl_unused void *vpdhctx, + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -404,7 +405,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *dh_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *dh_gettable_ctx_params(ossl_unused void *vpdhctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index a1b984769e..d468d2a8a2 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -298,7 +298,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { }; static -const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *provctx) +const OSSL_PARAM *ecdh_settable_ctx_params(ossl_unused void *vpecdhctx, + ossl_unused void *provctx) { return known_settable_ctx_params; } @@ -375,7 +376,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { }; static -const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *provctx) +const OSSL_PARAM *ecdh_gettable_ctx_params(ossl_unused void *vpecdhctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } diff --git a/providers/implementations/exchange/kdf_exch.c b/providers/implementations/exchange/kdf_exch.c index 7b6b12af69..6979ce5c11 100644 --- a/providers/implementations/exchange/kdf_exch.c +++ b/providers/implementations/exchange/kdf_exch.c @@ -149,7 +149,8 @@ static int kdf_set_ctx_params(void *vpkdfctx, const OSSL_PARAM params[]) return EVP_KDF_CTX_set_params(pkdfctx->kdfctx, params); } -static const OSSL_PARAM *kdf_settable_ctx_params(void *provctx, +static const OSSL_PARAM *kdf_settable_ctx_params(ossl_unused void *vpkdfctx, + void *provctx, const char *kdfname) { EVP_KDF *kdf = EVP_KDF_fetch(PROV_LIBCTX_OF(provctx), kdfname, @@ -166,9 +167,10 @@ static const OSSL_PARAM *kdf_settable_ctx_params(void *provctx, } #define KDF_SETTABLE_CTX_PARAMS(funcname, kdfname) \ - static const OSSL_PARAM *kdf_##funcname##_settable_ctx_params(void *provctx) \ + static const OSSL_PARAM *kdf_##funcname##_settable_ctx_params(void *vpkdfctx, \ + void *provctx) \ { \ - return kdf_settable_ctx_params(provctx, kdfname); \ + return kdf_settable_ctx_params(vpkdfctx, provctx, kdfname); \ } KDF_SETTABLE_CTX_PARAMS(tls1_prf, "TLS1-PRF") diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c index 0bf0607735..559d7d0c52 100644 --- a/providers/implementations/kem/rsa_kem.c +++ b/providers/implementations/kem/rsa_kem.c @@ -156,7 +156,8 @@ static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsakem_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsakem_gettable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_gettable_rsakem_ctx_params; } @@ -187,7 +188,8 @@ static const OSSL_PARAM known_settable_rsakem_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsakem_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *rsakem_settable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_settable_rsakem_ctx_params; } diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index 9b1679e4fa..5731b73418 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -558,7 +558,8 @@ static int dh_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *dh_gen_settable_params(void *provctx) +static const OSSL_PARAM *dh_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 18313aa329..92ab579b66 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -476,7 +476,8 @@ static int dsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *dsa_gen_settable_params(void *provctx) +static const OSSL_PARAM *dsa_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_FFC_TYPE, NULL, 0), diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index 6a74196600..92521b66ec 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -1121,7 +1121,8 @@ err: return ret; } -static const OSSL_PARAM *ec_gen_settable_params(void *provctx) +static const OSSL_PARAM *ec_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 6cb0e9bc41..0adfd01173 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -529,7 +529,8 @@ static int ecx_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *ecx_gen_settable_params(void *provctx) +static const OSSL_PARAM *ecx_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, NULL, 0), diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index 77efe145d9..9d98d32fb2 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -428,7 +428,8 @@ static int cmac_gen_set_params(void *genctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM *mac_gen_settable_params(void *provctx) +static const OSSL_PARAM *mac_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), @@ -437,7 +438,8 @@ static const OSSL_PARAM *mac_gen_settable_params(void *provctx) return settable; } -static const OSSL_PARAM *cmac_gen_settable_params(void *provctx) +static const OSSL_PARAM *cmac_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PRIV_KEY, NULL, 0), diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index 0d3782e830..ac8443a739 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -502,7 +502,8 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[]) OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \ OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL) -static const OSSL_PARAM *rsa_gen_settable_params(void *provctx) +static const OSSL_PARAM *rsa_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { rsa_gen_basic, @@ -512,7 +513,8 @@ static const OSSL_PARAM *rsa_gen_settable_params(void *provctx) return settable; } -static const OSSL_PARAM *rsapss_gen_settable_params(void *provctx) +static const OSSL_PARAM *rsapss_gen_settable_params(ossl_unused void *genctx, + ossl_unused void *provctx) { static OSSL_PARAM settable[] = { rsa_gen_basic, diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index eadf62361a..214238e7cc 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -434,7 +434,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *vctx) +static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -470,27 +471,24 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { +static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_END }; -static const OSSL_PARAM *dsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM settable_ctx_params_no_digest[] = { + OSSL_PARAM_END +}; + +static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx, + ossl_unused void *provctx) { - /* - * TODO(3.0): Should this function return a different set of settable ctx - * params if the ctx is being used for a DigestSign/DigestVerify? In that - * case it is not allowed to set the digest size/digest name because the - * digest is explicitly set as part of the init. - * NOTE: Ideally we would check pdsactx->flag_allow_md, but this is - * problematic because there is no nice way of passing the - * PROV_DSA_CTX down to this function... - * Because we have API's that dont know about their parent.. - * e.g: EVP_SIGNATURE_gettable_ctx_params(const EVP_SIGNATURE *sig). - * We could pass NULL for that case (but then how useful is the check?). - */ - return known_settable_ctx_params; + PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; + + if (pdsactx != NULL && !pdsactx->flag_allow_md) + return settable_ctx_params_no_digest; + return settable_ctx_params; } static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params) diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index 74717c9b56..0e99cb2a5d 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -433,7 +433,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *ecdsa_gettable_ctx_params(ossl_unused void *vctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -481,17 +482,27 @@ static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), +static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), + OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), OSSL_PARAM_END }; -static const OSSL_PARAM *ecdsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM settable_ctx_params_no_digest[] = { + OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_KAT, NULL), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *ecdsa_settable_ctx_params(void *vctx, + ossl_unused void *provctx) { - return known_settable_ctx_params; + PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; + + if (ctx != NULL && !ctx->flag_allow_md) + return settable_ctx_params_no_digest; + return settable_ctx_params; } static int ecdsa_get_ctx_md_params(void *vctx, OSSL_PARAM *params) diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 93b98dbbbc..0427d38241 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -293,7 +293,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *eddsa_gettable_ctx_params(ossl_unused void *vpeddsactx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy.c index fb99221f08..81bf8f27a1 100644 --- a/providers/implementations/signature/mac_legacy.c +++ b/providers/implementations/signature/mac_legacy.c @@ -202,7 +202,8 @@ static int mac_set_ctx_params(void *vpmacctx, const OSSL_PARAM params[]) return EVP_MAC_CTX_set_params(ctx->macctx, params); } -static const OSSL_PARAM *mac_settable_ctx_params(void *provctx, +static const OSSL_PARAM *mac_settable_ctx_params(ossl_unused void *ctx, + void *provctx, const char *macname) { EVP_MAC *mac = EVP_MAC_fetch(PROV_LIBCTX_OF(provctx), macname, @@ -219,9 +220,10 @@ static const OSSL_PARAM *mac_settable_ctx_params(void *provctx, } #define MAC_SETTABLE_CTX_PARAMS(funcname, macname) \ - static const OSSL_PARAM *mac_##funcname##_settable_ctx_params(void *provctx) \ + static const OSSL_PARAM *mac_##funcname##_settable_ctx_params(void *ctx, \ + void *provctx) \ { \ - return mac_settable_ctx_params(provctx, macname); \ + return mac_settable_ctx_params(ctx, provctx, macname); \ } MAC_SETTABLE_CTX_PARAMS(hmac, "HMAC") diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index ca1510e718..d3189b0d1a 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -1097,7 +1097,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vctx) +static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -1324,25 +1325,32 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), +static const OSSL_PARAM settable_ctx_params[] = { OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), OSSL_PARAM_END }; -static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM settable_ctx_params_no_digest[] = { + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PAD_MODE, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_DIGEST, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_MGF1_PROPERTIES, NULL, 0), + OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PSS_SALTLEN, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *rsa_settable_ctx_params(void *vprsactx, + ossl_unused void *provctx) { - /* - * TODO(3.0): Should this function return a different set of settable ctx - * params if the ctx is being used for a DigestSign/DigestVerify? In that - * case it is not allowed to set the digest size/digest name because the - * digest is explicitly set as part of the init. - */ - return known_settable_ctx_params; + PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; + + if (prsactx != NULL && !prsactx->flag_allow_md) + return settable_ctx_params_no_digest; + return settable_ctx_params; } static int rsa_get_ctx_md_params(void *vprsactx, OSSL_PARAM *params) diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c index 18fdf62487..5463b000e0 100644 --- a/providers/implementations/signature/sm2sig.c +++ b/providers/implementations/signature/sm2sig.c @@ -381,7 +381,8 @@ static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2sig_gettable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2sig_gettable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { return known_gettable_ctx_params; } @@ -446,7 +447,8 @@ static const OSSL_PARAM known_settable_ctx_params[] = { OSSL_PARAM_END }; -static const OSSL_PARAM *sm2sig_settable_ctx_params(ossl_unused void *provctx) +static const OSSL_PARAM *sm2sig_settable_ctx_params(ossl_unused void *vpsm2ctx, + ossl_unused void *provctx) { /* * TODO(3.0): Should this function return a different set of settable ctx |