From 556b8937d0fc323da2b206d6c13f0ddee8a7d340 Mon Sep 17 00:00:00 2001 From: Pauli Date: Tue, 2 Mar 2021 22:43:36 +1000 Subject: prov: support params arguments to signature init calls Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/14383) --- providers/implementations/signature/dsa.c | 40 ++++++++++++++-------- providers/implementations/signature/ecdsa.c | 38 +++++++++++++-------- providers/implementations/signature/eddsa.c | 5 +-- providers/implementations/signature/mac_legacy.c | 5 +-- providers/implementations/signature/rsa.c | 43 +++++++++++++++--------- providers/implementations/signature/sm2sig.c | 17 ++++++---- 6 files changed, 93 insertions(+), 55 deletions(-) diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index 214238e7cc..88a8102cff 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -171,7 +171,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, return 1; } -static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation) +static int dsa_signverify_init(void *vpdsactx, void *vdsa, + const OSSL_PARAM params[], int operation) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; @@ -183,6 +184,10 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation) DSA_free(pdsactx->dsa); pdsactx->dsa = vdsa; pdsactx->operation = operation; + + if (!dsa_set_ctx_params(pdsactx, params)) + return 0; + if (!ossl_dsa_check_key(vdsa, operation == EVP_PKEY_OP_SIGN)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; @@ -190,14 +195,15 @@ static int dsa_signverify_init(void *vpdsactx, void *vdsa, int operation) return 1; } -static int dsa_sign_init(void *vpdsactx, void *vdsa) +static int dsa_sign_init(void *vpdsactx, void *vdsa, const OSSL_PARAM params[]) { - return dsa_signverify_init(vpdsactx, vdsa, EVP_PKEY_OP_SIGN); + return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_SIGN); } -static int dsa_verify_init(void *vpdsactx, void *vdsa) +static int dsa_verify_init(void *vpdsactx, void *vdsa, + const OSSL_PARAM params[]) { - return dsa_signverify_init(vpdsactx, vdsa, EVP_PKEY_OP_VERIFY); + return dsa_signverify_init(vpdsactx, vdsa, params, EVP_PKEY_OP_VERIFY); } static int dsa_sign(void *vpdsactx, unsigned char *sig, size_t *siglen, @@ -244,7 +250,8 @@ static int dsa_verify(void *vpdsactx, const unsigned char *sig, size_t siglen, } static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, - void *vdsa, int operation) + void *vdsa, const OSSL_PARAM params[], + int operation) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; @@ -252,7 +259,7 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, return 0; pdsactx->flag_allow_md = 0; - if (!dsa_signverify_init(vpdsactx, vdsa, operation)) + if (!dsa_signverify_init(vpdsactx, vdsa, params, operation)) return 0; if (!dsa_setup_md(pdsactx, mdname, NULL)) @@ -262,7 +269,7 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, if (pdsactx->mdctx == NULL) goto error; - if (!EVP_DigestInit_ex(pdsactx->mdctx, pdsactx->md, NULL)) + if (!EVP_DigestInit_ex2(pdsactx->mdctx, pdsactx->md, params)) goto error; return 1; @@ -276,14 +283,17 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, } static int dsa_digest_sign_init(void *vpdsactx, const char *mdname, - void *vdsa) + void *vdsa, const OSSL_PARAM params[]) { - return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, EVP_PKEY_OP_SIGN); + return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, + EVP_PKEY_OP_SIGN); } -static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, void *vdsa) +static int dsa_digest_verify_init(void *vpdsactx, const char *mdname, + void *vdsa, const OSSL_PARAM params[]) { - return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, EVP_PKEY_OP_VERIFY); + return dsa_digest_signverify_init(vpdsactx, mdname, vdsa, params, + EVP_PKEY_OP_VERIFY); } int dsa_digest_signverify_update(void *vpdsactx, const unsigned char *data, @@ -413,7 +423,7 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; OSSL_PARAM *p; - if (pdsactx == NULL || params == NULL) + if (pdsactx == NULL) return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); @@ -445,8 +455,10 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; const OSSL_PARAM *p; - if (pdsactx == NULL || params == NULL) + if (pdsactx == NULL) return 0; + if (params == NULL) + return 1; p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); /* Not allowed during certain operations */ diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c index 0e99cb2a5d..4f90032af3 100644 --- a/providers/implementations/signature/ecdsa.c +++ b/providers/implementations/signature/ecdsa.c @@ -125,7 +125,8 @@ static void *ecdsa_newctx(void *provctx, const char *propq) return ctx; } -static int ecdsa_signverify_init(void *vctx, void *ec, int operation) +static int ecdsa_signverify_init(void *vctx, void *ec, + const OSSL_PARAM params[], int operation) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; @@ -137,17 +138,19 @@ static int ecdsa_signverify_init(void *vctx, void *ec, int operation) EC_KEY_free(ctx->ec); ctx->ec = ec; ctx->operation = operation; + if (!ecdsa_set_ctx_params(ctx, params)) + return 0; return ossl_ec_check_key(ec, operation == EVP_PKEY_OP_SIGN); } -static int ecdsa_sign_init(void *vctx, void *ec) +static int ecdsa_sign_init(void *vctx, void *ec, const OSSL_PARAM params[]) { - return ecdsa_signverify_init(vctx, ec, EVP_PKEY_OP_SIGN); + return ecdsa_signverify_init(vctx, ec, params, EVP_PKEY_OP_SIGN); } -static int ecdsa_verify_init(void *vctx, void *ec) +static int ecdsa_verify_init(void *vctx, void *ec, const OSSL_PARAM params[]) { - return ecdsa_signverify_init(vctx, ec, EVP_PKEY_OP_VERIFY); + return ecdsa_signverify_init(vctx, ec, params, EVP_PKEY_OP_VERIFY); } static int ecdsa_sign(void *vctx, unsigned char *sig, size_t *siglen, @@ -251,7 +254,8 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, } static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, - void *ec, int operation) + void *ec, const OSSL_PARAM params[], + int operation) { PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; @@ -259,7 +263,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, return 0; ctx->flag_allow_md = 0; - if (!ecdsa_signverify_init(vctx, ec, operation) + if (!ecdsa_signverify_init(vctx, ec, params, operation) || !ecdsa_setup_md(ctx, mdname, NULL)) return 0; @@ -267,7 +271,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname, if (ctx->mdctx == NULL) goto error; - if (!EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL)) + if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) goto error; return 1; error: @@ -278,14 +282,18 @@ error: return 0; } -static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec) +static int ecdsa_digest_sign_init(void *vctx, const char *mdname, void *ec, + const OSSL_PARAM params[]) { - return ecdsa_digest_signverify_init(vctx, mdname, ec, EVP_PKEY_OP_SIGN); + return ecdsa_digest_signverify_init(vctx, mdname, ec, params, + EVP_PKEY_OP_SIGN); } -static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec) +static int ecdsa_digest_verify_init(void *vctx, const char *mdname, void *ec, + const OSSL_PARAM params[]) { - return ecdsa_digest_signverify_init(vctx, mdname, ec, EVP_PKEY_OP_VERIFY); + return ecdsa_digest_signverify_init(vctx, mdname, ec, params, + EVP_PKEY_OP_VERIFY); } int ecdsa_digest_signverify_update(void *vctx, const unsigned char *data, @@ -406,7 +414,7 @@ static int ecdsa_get_ctx_params(void *vctx, OSSL_PARAM *params) PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; OSSL_PARAM *p; - if (ctx == NULL || params == NULL) + if (ctx == NULL) return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); @@ -444,8 +452,10 @@ static int ecdsa_set_ctx_params(void *vctx, const OSSL_PARAM params[]) PROV_ECDSA_CTX *ctx = (PROV_ECDSA_CTX *)vctx; const OSSL_PARAM *p; - if (ctx == NULL || params == NULL) + if (ctx == NULL) return 0; + if (params == NULL) + return 1; #if !defined(OPENSSL_NO_ACVP_TESTS) p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_KAT); diff --git a/providers/implementations/signature/eddsa.c b/providers/implementations/signature/eddsa.c index 0427d38241..221ccdd928 100644 --- a/providers/implementations/signature/eddsa.c +++ b/providers/implementations/signature/eddsa.c @@ -84,7 +84,8 @@ static void *eddsa_newctx(void *provctx, const char *propq_unused) } static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname, - void *vedkey) + void *vedkey, + ossl_unused const OSSL_PARAM params[]) { PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; ECX_KEY *edkey = (ECX_KEY *)vedkey; @@ -277,7 +278,7 @@ static int eddsa_get_ctx_params(void *vpeddsactx, OSSL_PARAM *params) PROV_EDDSA_CTX *peddsactx = (PROV_EDDSA_CTX *)vpeddsactx; OSSL_PARAM *p; - if (peddsactx == NULL || params == NULL) + if (peddsactx == NULL) return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); diff --git a/providers/implementations/signature/mac_legacy.c b/providers/implementations/signature/mac_legacy.c index 81bf8f27a1..a8cc67b410 100644 --- a/providers/implementations/signature/mac_legacy.c +++ b/providers/implementations/signature/mac_legacy.c @@ -91,7 +91,8 @@ MAC_NEWCTX(siphash, "SIPHASH") MAC_NEWCTX(poly1305, "POLY1305") MAC_NEWCTX(cmac, "CMAC") -static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey) +static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey, + const OSSL_PARAM params[]) { PROV_MAC_CTX *pmacctx = (PROV_MAC_CTX *)vpmacctx; const char *ciphername = NULL, *engine = NULL; @@ -121,7 +122,7 @@ static int mac_digest_sign_init(void *vpmacctx, const char *mdname, void *vkey) return 0; if (!EVP_MAC_init(pmacctx->macctx, pmacctx->key->priv_key, - pmacctx->key->priv_key_len, NULL)) + pmacctx->key->priv_key_len, params)) return 0; return 1; diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c index d3189b0d1a..0df079dc79 100644 --- a/providers/implementations/signature/rsa.c +++ b/providers/implementations/signature/rsa.c @@ -357,7 +357,8 @@ static int rsa_setup_mgf1_md(PROV_RSA_CTX *ctx, const char *mdname, return 1; } -static int rsa_signverify_init(void *vprsactx, void *vrsa, int operation) +static int rsa_signverify_init(void *vprsactx, void *vrsa, + const OSSL_PARAM params[], int operation) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -371,6 +372,9 @@ static int rsa_signverify_init(void *vprsactx, void *vrsa, int operation) prsactx->rsa = vrsa; prsactx->operation = operation; + if (!rsa_set_ctx_params(prsactx, params)) + return 0; + if (!ossl_rsa_check_key(vrsa, operation == EVP_PKEY_OP_SIGN)) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return 0; @@ -468,11 +472,11 @@ static void free_tbuf(PROV_RSA_CTX *ctx) ctx->tbuf = NULL; } -static int rsa_sign_init(void *vprsactx, void *vrsa) +static int rsa_sign_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; - return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_SIGN); + return rsa_signverify_init(vprsactx, vrsa, params, EVP_PKEY_OP_SIGN); } static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, @@ -621,11 +625,13 @@ static int rsa_sign(void *vprsactx, unsigned char *sig, size_t *siglen, return 1; } -static int rsa_verify_recover_init(void *vprsactx, void *vrsa) +static int rsa_verify_recover_init(void *vprsactx, void *vrsa, + const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; - return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFYRECOVER); + return rsa_signverify_init(vprsactx, vrsa, params, + EVP_PKEY_OP_VERIFYRECOVER); } static int rsa_verify_recover(void *vprsactx, @@ -712,11 +718,12 @@ static int rsa_verify_recover(void *vprsactx, return 1; } -static int rsa_verify_init(void *vprsactx, void *vrsa) +static int rsa_verify_init(void *vprsactx, void *vrsa, + const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; - return rsa_signverify_init(vprsactx, vrsa, EVP_PKEY_OP_VERIFY); + return rsa_signverify_init(vprsactx, vrsa, params, EVP_PKEY_OP_VERIFY); } static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, @@ -801,7 +808,8 @@ static int rsa_verify(void *vprsactx, const unsigned char *sig, size_t siglen, } static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, - void *vrsa, int operation) + void *vrsa, const OSSL_PARAM params[], + int operation) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; @@ -810,7 +818,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, if (prsactx != NULL) prsactx->flag_allow_md = 0; - if (!rsa_signverify_init(vprsactx, vrsa, operation)) + if (!rsa_signverify_init(vprsactx, vrsa, params, operation)) return 0; if (mdname != NULL /* was rsa_setup_md already called in rsa_signverify_init()? */ @@ -824,7 +832,7 @@ static int rsa_digest_signverify_init(void *vprsactx, const char *mdname, goto error; } - if (!EVP_DigestInit_ex(prsactx->mdctx, prsactx->md, NULL)) + if (!EVP_DigestInit_ex2(prsactx->mdctx, prsactx->md, params)) goto error; return 1; @@ -850,12 +858,12 @@ static int rsa_digest_signverify_update(void *vprsactx, } static int rsa_digest_sign_init(void *vprsactx, const char *mdname, - void *vrsa) + void *vrsa, const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; return rsa_digest_signverify_init(vprsactx, mdname, vrsa, - EVP_PKEY_OP_SIGN); + params, EVP_PKEY_OP_SIGN); } static int rsa_digest_sign_final(void *vprsactx, unsigned char *sig, @@ -887,12 +895,12 @@ static int rsa_digest_sign_final(void *vprsactx, unsigned char *sig, } static int rsa_digest_verify_init(void *vprsactx, const char *mdname, - void *vrsa) + void *vrsa, const OSSL_PARAM params[]) { if (!ossl_prov_is_running()) return 0; return rsa_digest_signverify_init(vprsactx, mdname, vrsa, - EVP_PKEY_OP_VERIFY); + params, EVP_PKEY_OP_VERIFY); } int rsa_digest_verify_final(void *vprsactx, const unsigned char *sig, @@ -995,7 +1003,7 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; OSSL_PARAM *p; - if (prsactx == NULL || params == NULL) + if (prsactx == NULL) return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); @@ -1114,8 +1122,11 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) char mgf1mdname[OSSL_MAX_NAME_SIZE] = "", *pmgf1mdname = NULL; char mgf1mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmgf1mdprops = NULL; - if (prsactx == NULL || params == NULL) + if (prsactx == NULL) return 0; + if (params == NULL) + return 1; + pad_mode = prsactx->pad_mode; saltlen = prsactx->saltlen; diff --git a/providers/implementations/signature/sm2sig.c b/providers/implementations/signature/sm2sig.c index 5463b000e0..4201e825b1 100644 --- a/providers/implementations/signature/sm2sig.c +++ b/providers/implementations/signature/sm2sig.c @@ -113,7 +113,8 @@ static void *sm2sig_newctx(void *provctx, const char *propq) return ctx; } -static int sm2sig_signature_init(void *vpsm2ctx, void *ec) +static int sm2sig_signature_init(void *vpsm2ctx, void *ec, + const OSSL_PARAM params[]) { PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; @@ -121,7 +122,7 @@ static int sm2sig_signature_init(void *vpsm2ctx, void *ec) return 0; EC_KEY_free(psm2ctx->ec); psm2ctx->ec = ec; - return 1; + return sm2sig_set_ctx_params(psm2ctx, params); } static int sm2sig_sign(void *vpsm2ctx, unsigned char *sig, size_t *siglen, @@ -173,7 +174,7 @@ static void free_md(PROV_SM2_CTX *ctx) } static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, - void *ec) + void *ec, const OSSL_PARAM params[]) { PROV_SM2_CTX *ctx = (PROV_SM2_CTX *)vpsm2ctx; int md_nid = NID_sm3; @@ -182,7 +183,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, free_md(ctx); - if (!sm2sig_signature_init(vpsm2ctx, ec)) + if (!sm2sig_signature_init(vpsm2ctx, ec, params)) return ret; ctx->md = EVP_MD_fetch(ctx->libctx, mdname, ctx->propq); @@ -207,7 +208,7 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname, } WPACKET_cleanup(&pkt); - if (!EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL)) + if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params)) goto error; ctx->flag_compute_z_digest = 1; @@ -353,7 +354,7 @@ static int sm2sig_get_ctx_params(void *vpsm2ctx, OSSL_PARAM *params) PROV_SM2_CTX *psm2ctx = (PROV_SM2_CTX *)vpsm2ctx; OSSL_PARAM *p; - if (psm2ctx == NULL || params == NULL) + if (psm2ctx == NULL) return 0; p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); @@ -393,8 +394,10 @@ static int sm2sig_set_ctx_params(void *vpsm2ctx, const OSSL_PARAM params[]) const OSSL_PARAM *p; char *mdname; - if (psm2ctx == NULL || params == NULL) + if (psm2ctx == NULL) return 0; + if (params == NULL) + return 1; p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_DIST_ID); if (p != NULL) { -- cgit v1.2.3