[thirdparty/openssl.git] / crypto / rsa / rsa_backend.c

/*
 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * RSA low level APIs are deprecated for public use, but still ok for
 * internal use.
 */
#include "internal/deprecated.h"

#include <string.h>
#include <openssl/core_names.h>
#include <openssl/params.h>
#include <openssl/evp.h>
#include "internal/sizes.h"
#include "internal/param_build_set.h"
#include "crypto/rsa.h"

#include "e_os.h"                /* strcasecmp for Windows() */

/*
 * The intention with the "backend" source file is to offer backend support
 * for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
 * implementations alike.
 */

DEFINE_STACK_OF(BIGNUM)

static int collect_numbers(STACK_OF(BIGNUM) *numbers,
                           const OSSL_PARAM params[], const char *names[])
{
    const OSSL_PARAM *p = NULL;
    int i;

    if (numbers == NULL)
        return 0;

    for (i = 0; names[i] != NULL; i++){
        p = OSSL_PARAM_locate_const(params, names[i]);
        if (p != NULL) {
            BIGNUM *tmp = NULL;

            if (!OSSL_PARAM_get_BN(p, &tmp)
                || sk_BIGNUM_push(numbers, tmp) == 0)
                return 0;
        }
    }

    return 1;
}

int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
{
    const OSSL_PARAM *param_n, *param_e,  *param_d;
    BIGNUM *n = NULL, *e = NULL, *d = NULL;
    STACK_OF(BIGNUM) *factors = NULL, *exps = NULL, *coeffs = NULL;
    int is_private = 0;

    if (rsa == NULL)
        return 0;

    param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
    param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
    param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);

    if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
        || (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
        || (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
        goto err;

    is_private = (d != NULL);

    if (!RSA_set0_key(rsa, n, e, d))
        goto err;
    n = e = d = NULL;

    if (is_private) {
        if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
                             ossl_rsa_mp_factor_names)
            || !collect_numbers(exps = sk_BIGNUM_new_null(), params,
                                ossl_rsa_mp_exp_names)
            || !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
                                ossl_rsa_mp_coeff_names))
            goto err;

        /* It's ok if this private key just has n, e and d */
        if (sk_BIGNUM_num(factors) != 0
            && !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
            goto err;
    }


    sk_BIGNUM_free(factors);
    sk_BIGNUM_free(exps);
    sk_BIGNUM_free(coeffs);
    return 1;

 err:
    BN_free(n);
    BN_free(e);
    BN_free(d);
    sk_BIGNUM_pop_free(factors, BN_free);
    sk_BIGNUM_pop_free(exps, BN_free);
    sk_BIGNUM_pop_free(coeffs, BN_free);
    return 0;
}

DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)

int ossl_rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
    int ret = 0;
    const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
    STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
    STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
    STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();

    if (rsa == NULL || factors == NULL || exps == NULL || coeffs == NULL)
        goto err;

    RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
    ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);

    if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
        || !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
        goto err;

    /* Check private key data integrity */
    if (rsa_d != NULL) {
        int numprimes = sk_BIGNUM_const_num(factors);
        int numexps = sk_BIGNUM_const_num(exps);
        int numcoeffs = sk_BIGNUM_const_num(coeffs);

        /*
         * It's permissible to have zero primes, i.e. no CRT params.
         * Otherwise, there must be at least two, as many exponents,
         * and one coefficient less.
         */
        if (numprimes != 0
            && (numprimes < 2 || numexps < 2 || numcoeffs < 1))
            goto err;

        if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
                                     rsa_d)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_factor_names,
                                                  factors)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_exp_names, exps)
            || !ossl_param_build_set_multi_key_bn(bld, params,
                                                  ossl_rsa_mp_coeff_names,
                                                  coeffs))
        goto err;
    }

#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
    /* The acvp test results are not meant for export so check for bld == NULL */
    if (bld == NULL)
        rsa_acvp_test_get_params(rsa, params);
#endif
    ret = 1;
 err:
    sk_BIGNUM_const_free(factors);
    sk_BIGNUM_const_free(exps);
    sk_BIGNUM_const_free(coeffs);
    return ret;
}

int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
                                  OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
    if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
        int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
        int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
        int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
        int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
        int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
        int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
        int default_maskgenhashalg_nid =
                ossl_rsa_pss_params_30_maskgenhashalg(NULL);
        const char *mdname =
            (hashalg_nid == default_hashalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
        const char *mgfname =
            (maskgenalg_nid == default_maskgenalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
        const char *mgf1mdname =
            (maskgenhashalg_nid == default_maskgenhashalg_nid
             ? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
        const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
        const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
        const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
        const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;

        /*
         * To ensure that the key isn't seen as unrestricted by the recipient,
         * we make sure that at least one PSS-related parameter is passed, even
         * if it has a default value; saltlen.
         */
        if ((mdname != NULL
             && !ossl_param_build_set_utf8_string(bld, params, key_md, mdname))
            || (mgfname != NULL
                && !ossl_param_build_set_utf8_string(bld, params,
                                                     key_mgf, mgfname))
            || (mgf1mdname != NULL
                && !ossl_param_build_set_utf8_string(bld, params,
                                                     key_mgf1_md, mgf1mdname))
            || (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen)))
            return 0;
    }
    return 1;
}

int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
                                    int *defaults_set,
                                    const OSSL_PARAM params[],
                                    OSSL_LIB_CTX *libctx)
{
    const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md,  *param_saltlen;
    const OSSL_PARAM *param_propq;
    const char *propq = NULL;
    EVP_MD *md = NULL, *mgf1md = NULL;
    int saltlen;
    int ret = 0;

    if (pss_params == NULL)
        return 0;
    param_propq =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
    param_md =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
    param_mgf =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC);
    param_mgf1md =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST);
    param_saltlen =
        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);

    if (param_propq != NULL) {
        if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
            propq = param_propq->data;
    }
    /*
     * If we get any of the parameters, we know we have at least some
     * restrictions, so we start by setting default values, and let each
     * parameter override their specific restriction data.
     */
    if (!*defaults_set
        && (param_md != NULL || param_mgf != NULL || param_mgf1md != NULL
            || param_saltlen != NULL)) {
        if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
            return 0;
        *defaults_set = 1;
    }

    if (param_mgf != NULL) {
        int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
        const char *mgfname = NULL;

        if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
            mgfname = param_mgf->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
            return 0;

        /* TODO Revisit this if / when a new MGF algorithm appears */
        if (strcasecmp(param_mgf->data,
                       ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
            return 0;
    }

    /*
     * We're only interested in the NIDs that correspond to the MDs, so the
     * exact propquery is unimportant in the EVP_MD_fetch() calls below.
     */

    if (param_md != NULL) {
        const char *mdname = NULL;

        if (param_md->data_type == OSSL_PARAM_UTF8_STRING)
            mdname = param_md->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
            goto err;

        if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
            || !ossl_rsa_pss_params_30_set_hashalg(pss_params,
                                                   ossl_rsa_oaeppss_md2nid(md)))
            goto err;
    }

    if (param_mgf1md != NULL) {
        const char *mgf1mdname = NULL;

        if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING)
            mgf1mdname = param_mgf1md->data;
        else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
            goto err;

        if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
            || !ossl_rsa_pss_params_30_set_maskgenhashalg(
                    pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
            goto err;
    }

    if (param_saltlen != NULL) {
        if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
            || !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
            goto err;
    }

    ret = 1;

 err:
    EVP_MD_free(md);
    EVP_MD_free(mgf1md);
    return ret;
}
Commit	Line	Data
0abae163	1	/*
a28d06f3	2	* Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
0abae163 RL	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
d7e498ac RL	10	/*
	11	* RSA low level APIs are deprecated for public use, but still ok for
	12	* internal use.
	13	*/
	14	#include "internal/deprecated.h"
	15
15671090	16	#include <string.h>
0abae163 RL	17	#include <openssl/core_names.h>
0abae163 RL	18	#include <openssl/params.h>
15671090 RL	19	#include <openssl/evp.h>
	20	#include "internal/sizes.h"
	21	#include "internal/param_build_set.h"
0abae163 RL	22	#include "crypto/rsa.h"
0abae163 RL	23
15671090 RL	24	#include "e_os.h" /* strcasecmp for Windows() */
15671090 RL	25
0abae163 RL	26	/*
	27	* The intention with the "backend" source file is to offer backend support
	28	* for legacy backends (EVP_PKEY_ASN1_METHOD and EVP_PKEY_METHOD) and provider
	29	* implementations alike.
	30	*/
	31
	32	DEFINE_STACK_OF(BIGNUM)
	33
	34	static int collect_numbers(STACK_OF(BIGNUM) *numbers,
96ebe52e	35	const OSSL_PARAM params[], const char *names[])
0abae163 RL	36	{
0abae163 RL	37	const OSSL_PARAM *p = NULL;
96ebe52e	38	int i;
0abae163 RL	39
	40	if (numbers == NULL)
	41	return 0;
	42
96ebe52e SL	43	for (i = 0; names[i] != NULL; i++){
	44	p = OSSL_PARAM_locate_const(params, names[i]);
	45	if (p != NULL) {
	46	BIGNUM *tmp = NULL;
0abae163	47
96ebe52e SL	48	if (!OSSL_PARAM_get_BN(p, &tmp)
	49	\|\| sk_BIGNUM_push(numbers, tmp) == 0)
	50	return 0;
	51	}
0abae163 RL	52	}
	53
	54	return 1;
	55	}
	56
23b2fc0b	57	int ossl_rsa_fromdata(RSA *rsa, const OSSL_PARAM params[])
0abae163 RL	58	{
	59	const OSSL_PARAM param_n, param_e, *param_d;
	60	BIGNUM n = NULL, e = NULL, *d = NULL;
	61	STACK_OF(BIGNUM) factors = NULL, exps = NULL, *coeffs = NULL;
	62	int is_private = 0;
	63
	64	if (rsa == NULL)
	65	return 0;
	66
	67	param_n = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_N);
	68	param_e = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_E);
	69	param_d = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_D);
	70
	71	if ((param_n != NULL && !OSSL_PARAM_get_BN(param_n, &n))
	72	\|\| (param_e != NULL && !OSSL_PARAM_get_BN(param_e, &e))
	73	\|\| (param_d != NULL && !OSSL_PARAM_get_BN(param_d, &d)))
	74	goto err;
	75
	76	is_private = (d != NULL);
	77
	78	if (!RSA_set0_key(rsa, n, e, d))
	79	goto err;
	80	n = e = d = NULL;
	81
	82	if (is_private) {
	83	if (!collect_numbers(factors = sk_BIGNUM_new_null(), params,
23b2fc0b	84	ossl_rsa_mp_factor_names)
0abae163	85	\|\| !collect_numbers(exps = sk_BIGNUM_new_null(), params,
23b2fc0b	86	ossl_rsa_mp_exp_names)
0abae163	87	\|\| !collect_numbers(coeffs = sk_BIGNUM_new_null(), params,
23b2fc0b	88	ossl_rsa_mp_coeff_names))
0abae163 RL	89	goto err;
	90
	91	/* It's ok if this private key just has n, e and d */
	92	if (sk_BIGNUM_num(factors) != 0
23b2fc0b	93	&& !ossl_rsa_set0_all_params(rsa, factors, exps, coeffs))
0abae163 RL	94	goto err;
	95	}
	96
4f2271d5	97
0abae163 RL	98	sk_BIGNUM_free(factors);
	99	sk_BIGNUM_free(exps);
	100	sk_BIGNUM_free(coeffs);
	101	return 1;
	102
	103	err:
	104	BN_free(n);
	105	BN_free(e);
	106	BN_free(d);
	107	sk_BIGNUM_pop_free(factors, BN_free);
	108	sk_BIGNUM_pop_free(exps, BN_free);
	109	sk_BIGNUM_pop_free(coeffs, BN_free);
	110	return 0;
	111	}
	112
645a541a RL	113	DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM)
645a541a RL	114
23b2fc0b	115	int ossl_rsa_todata(RSA rsa, OSSL_PARAM_BLD bld, OSSL_PARAM params[])
645a541a RL	116	{
	117	int ret = 0;
	118	const BIGNUM rsa_d = NULL, rsa_n = NULL, *rsa_e = NULL;
	119	STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
	120	STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
	121	STACK_OF(BIGNUM_const) *coeffs = sk_BIGNUM_const_new_null();
	122
	123	if (rsa == NULL \|\| factors == NULL \|\| exps == NULL \|\| coeffs == NULL)
	124	goto err;
	125
	126	RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
23b2fc0b	127	ossl_rsa_get0_all_params(rsa, factors, exps, coeffs);
645a541a	128
26a8f2ac RL	129	if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_N, rsa_n)
	130	\|\| !ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_E, rsa_e))
	131	goto err;
	132
645a541a RL	133	/* Check private key data integrity */
	134	if (rsa_d != NULL) {
	135	int numprimes = sk_BIGNUM_const_num(factors);
	136	int numexps = sk_BIGNUM_const_num(exps);
	137	int numcoeffs = sk_BIGNUM_const_num(coeffs);
	138
	139	/*
4f2271d5	140	* It's permissible to have zero primes, i.e. no CRT params.
645a541a RL	141	* Otherwise, there must be at least two, as many exponents,
	142	* and one coefficient less.
	143	*/
	144	if (numprimes != 0
	145	&& (numprimes < 2 \|\| numexps < 2 \|\| numcoeffs < 1))
	146	goto err;
645a541a	147
26a8f2ac RL	148	if (!ossl_param_build_set_bn(bld, params, OSSL_PKEY_PARAM_RSA_D,
	149	rsa_d)
	150	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b P	151	ossl_rsa_mp_factor_names,
23b2fc0b P	152	factors)
26a8f2ac	153	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b	154	ossl_rsa_mp_exp_names, exps)
26a8f2ac	155	\|\| !ossl_param_build_set_multi_key_bn(bld, params,
23b2fc0b P	156	ossl_rsa_mp_coeff_names,
23b2fc0b P	157	coeffs))
645a541a	158	goto err;
26a8f2ac RL	159	}
26a8f2ac RL	160
4f2271d5 SL	161	#if defined(FIPS_MODULE) && !defined(OPENSSL_NO_ACVP_TESTS)
	162	/* The acvp test results are not meant for export so check for bld == NULL */
	163	if (bld == NULL)
	164	rsa_acvp_test_get_params(rsa, params);
	165	#endif
645a541a RL	166	ret = 1;
	167	err:
	168	sk_BIGNUM_const_free(factors);
	169	sk_BIGNUM_const_free(exps);
	170	sk_BIGNUM_const_free(coeffs);
	171	return ret;
	172	}
15671090	173
23b2fc0b P	174	int ossl_rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
23b2fc0b P	175	OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
15671090	176	{
23b2fc0b P	177	if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
	178	int hashalg_nid = ossl_rsa_pss_params_30_hashalg(pss);
	179	int maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(pss);
	180	int maskgenhashalg_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
	181	int saltlen = ossl_rsa_pss_params_30_saltlen(pss);
	182	int default_hashalg_nid = ossl_rsa_pss_params_30_hashalg(NULL);
	183	int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
	184	int default_maskgenhashalg_nid =
	185	ossl_rsa_pss_params_30_maskgenhashalg(NULL);
15671090 RL	186	const char *mdname =
15671090 RL	187	(hashalg_nid == default_hashalg_nid
23b2fc0b	188	? NULL : ossl_rsa_oaeppss_nid2name(hashalg_nid));
15671090 RL	189	const char *mgfname =
15671090 RL	190	(maskgenalg_nid == default_maskgenalg_nid
23b2fc0b	191	? NULL : ossl_rsa_oaeppss_nid2name(maskgenalg_nid));
15671090 RL	192	const char *mgf1mdname =
15671090 RL	193	(maskgenhashalg_nid == default_maskgenhashalg_nid
23b2fc0b	194	? NULL : ossl_rsa_oaeppss_nid2name(maskgenhashalg_nid));
15671090 RL	195	const char *key_md = OSSL_PKEY_PARAM_RSA_DIGEST;
	196	const char *key_mgf = OSSL_PKEY_PARAM_RSA_MASKGENFUNC;
	197	const char *key_mgf1_md = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
	198	const char *key_saltlen = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
	199
	200	/*
	201	* To ensure that the key isn't seen as unrestricted by the recipient,
	202	* we make sure that at least one PSS-related parameter is passed, even
	203	* if it has a default value; saltlen.
	204	*/
	205	if ((mdname != NULL
	206	&& !ossl_param_build_set_utf8_string(bld, params, key_md, mdname))
	207	\|\| (mgfname != NULL
	208	&& !ossl_param_build_set_utf8_string(bld, params,
	209	key_mgf, mgfname))
	210	\|\| (mgf1mdname != NULL
	211	&& !ossl_param_build_set_utf8_string(bld, params,
	212	key_mgf1_md, mgf1mdname))
	213	\|\| (!ossl_param_build_set_int(bld, params, key_saltlen, saltlen)))
	214	return 0;
	215	}
	216	return 1;
	217	}
	218
23b2fc0b	219	int ossl_rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
bbde8566	220	int *defaults_set,
23b2fc0b	221	const OSSL_PARAM params[],
b4250010	222	OSSL_LIB_CTX *libctx)
15671090 RL	223	{
15671090 RL	224	const OSSL_PARAM param_md, param_mgf, param_mgf1md, param_saltlen;
719523c7 SL	225	const OSSL_PARAM *param_propq;
719523c7 SL	226	const char *propq = NULL;
15671090 RL	227	EVP_MD md = NULL, mgf1md = NULL;
	228	int saltlen;
	229	int ret = 0;
	230
	231	if (pss_params == NULL)
	232	return 0;
719523c7 SL	233	param_propq =
719523c7 SL	234	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
15671090 RL	235	param_md =
	236	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
	237	param_mgf =
	238	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MASKGENFUNC);
	239	param_mgf1md =
	240	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_MGF1_DIGEST);
	241	param_saltlen =
	242	OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);
	243
719523c7 SL	244	if (param_propq != NULL) {
	245	if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
	246	propq = param_propq->data;
	247	}
15671090 RL	248	/*
	249	* If we get any of the parameters, we know we have at least some
	250	* restrictions, so we start by setting default values, and let each
	251	* parameter override their specific restriction data.
	252	*/
bbde8566 TM	253	if (!*defaults_set
	254	&& (param_md != NULL \|\| param_mgf != NULL \|\| param_mgf1md != NULL
	255	\|\| param_saltlen != NULL)) {
23b2fc0b	256	if (!ossl_rsa_pss_params_30_set_defaults(pss_params))
15671090	257	return 0;
bbde8566 TM	258	*defaults_set = 1;
bbde8566 TM	259	}
15671090 RL	260
15671090 RL	261	if (param_mgf != NULL) {
23b2fc0b	262	int default_maskgenalg_nid = ossl_rsa_pss_params_30_maskgenalg(NULL);
15671090 RL	263	const char *mgfname = NULL;
	264
	265	if (param_mgf->data_type == OSSL_PARAM_UTF8_STRING)
	266	mgfname = param_mgf->data;
	267	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgfname))
	268	return 0;
	269
	270	/* TODO Revisit this if / when a new MGF algorithm appears */
	271	if (strcasecmp(param_mgf->data,
23b2fc0b	272	ossl_rsa_mgf_nid2name(default_maskgenalg_nid)) != 0)
15671090 RL	273	return 0;
	274	}
	275
	276	/*
	277	* We're only interested in the NIDs that correspond to the MDs, so the
	278	* exact propquery is unimportant in the EVP_MD_fetch() calls below.
	279	*/
	280
	281	if (param_md != NULL) {
	282	const char *mdname = NULL;
	283
	284	if (param_md->data_type == OSSL_PARAM_UTF8_STRING)
	285	mdname = param_md->data;
	286	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
	287	goto err;
	288
719523c7	289	if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
23b2fc0b P	290	\|\| !ossl_rsa_pss_params_30_set_hashalg(pss_params,
23b2fc0b P	291	ossl_rsa_oaeppss_md2nid(md)))
15671090 RL	292	goto err;
	293	}
	294
	295	if (param_mgf1md != NULL) {
	296	const char *mgf1mdname = NULL;
	297
	298	if (param_mgf1md->data_type == OSSL_PARAM_UTF8_STRING)
	299	mgf1mdname = param_mgf1md->data;
	300	else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
	301	goto err;
	302
719523c7	303	if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
23b2fc0b P	304	\|\| !ossl_rsa_pss_params_30_set_maskgenhashalg(
23b2fc0b P	305	pss_params, ossl_rsa_oaeppss_md2nid(mgf1md)))
15671090 RL	306	goto err;
	307	}
	308
	309	if (param_saltlen != NULL) {
	310	if (!OSSL_PARAM_get_int(param_saltlen, &saltlen)
23b2fc0b	311	\|\| !ossl_rsa_pss_params_30_set_saltlen(pss_params, saltlen))
15671090 RL	312	goto err;
	313	}
	314
	315	ret = 1;
	316
	317	err:
	318	EVP_MD_free(md);
	319	EVP_MD_free(mgf1md);
	320	return ret;
	321	}