#include "prov/implementations.h"
#include "prov/provider_ctx.h"
#include "prov/der_rsa.h"
-#include "prov/provider_util.h"
+#include "prov/securitycheck.h"
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
*/
typedef struct {
- OPENSSL_CTX *libctx;
+ OSSL_LIB_CTX *libctx;
char *propq;
RSA *rsa;
int operation;
return 0;
}
-static int rsa_get_md_nid_check(const PROV_RSA_CTX *ctx, const EVP_MD *md,
- int sha1_allowed)
-{
- int mdnid = NID_undef;
-
- #ifndef FIPS_MODULE
- static const OSSL_ITEM name_to_nid[] = {
- { NID_md5, OSSL_DIGEST_NAME_MD5 },
- { NID_md5_sha1, OSSL_DIGEST_NAME_MD5_SHA1 },
- { NID_md2, OSSL_DIGEST_NAME_MD2 },
- { NID_md4, OSSL_DIGEST_NAME_MD4 },
- { NID_mdc2, OSSL_DIGEST_NAME_MDC2 },
- { NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
- };
- #endif
-
- if (md == NULL)
- goto end;
-
- mdnid = ossl_prov_digest_get_approved_nid(md, sha1_allowed);
-
- #ifndef FIPS_MODULE
- if (mdnid == NID_undef)
- mdnid = ossl_prov_digest_md_to_nid(md, name_to_nid,
- OSSL_NELEM(name_to_nid));
- #endif
- end:
- return mdnid;
-}
-
-static int rsa_get_md_nid(const PROV_RSA_CTX *ctx, const EVP_MD *md)
-{
- return rsa_get_md_nid_check(ctx, md, ctx->operation != EVP_PKEY_OP_SIGN);
-}
-
-static int rsa_get_md_mgf1_nid(const PROV_RSA_CTX *ctx, const EVP_MD *md)
-{
- /* The default for mgf1 is SHA1 - so allow this */
- return rsa_get_md_nid_check(ctx, md, 1);
-}
-
-static int rsa_check_key_size(const PROV_RSA_CTX *prsactx)
-{
-#ifdef FIPS_MODULE
- int sz = RSA_bits(prsactx->rsa);
-
- return (prsactx->operation == EVP_PKEY_OP_SIGN) ? (sz >= 2048) : (sz >= 1024);
-#else
- return 1;
-#endif
-}
-
static int rsa_check_padding(int mdnid, int padding)
{
if (padding == RSA_NO_PADDING) {
if (mdname != NULL) {
WPACKET pkt;
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
- int md_nid = rsa_get_md_nid(ctx, md);
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
+ int md_nid = digest_rsa_sign_get_md_nid(md, sha1_allowed);
size_t mdname_len = strlen(mdname);
if (md == NULL
*/
ctx->aid_len = 0;
if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
- && DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, ctx->rsa,
- md_nid)
+ && ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1,
+ ctx->rsa,
+ md_nid)
&& WPACKET_finish(&pkt)) {
WPACKET_get_total_written(&pkt, &ctx->aid_len);
ctx->aid = WPACKET_get_curr(&pkt);
"%s could not be fetched", mdname);
return 0;
}
- if (rsa_get_md_mgf1_nid(ctx, md) == NID_undef) {
+ /* The default for mgf1 is SHA1 - so allow SHA1 */
+ if (digest_rsa_sign_get_md_nid(md, 1) == NID_undef) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
"digest=%s", mdname);
EVP_MD_free(md);
prsactx->rsa = vrsa;
prsactx->operation = operation;
- if (!rsa_check_key_size(prsactx)) {
+ if (!ossl_rsa_check_key(vrsa, operation == EVP_PKEY_OP_SIGN)) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
return 0;
}
{
const RSA_PSS_PARAMS_30 *pss =
- rsa_get0_pss_params_30(prsactx->rsa);
+ ossl_rsa_get0_pss_params_30(prsactx->rsa);
- if (!rsa_pss_params_30_is_unrestricted(pss)) {
- int md_nid = rsa_pss_params_30_hashalg(pss);
- int mgf1md_nid = rsa_pss_params_30_maskgenhashalg(pss);
- int min_saltlen = rsa_pss_params_30_saltlen(pss);
+ if (!ossl_rsa_pss_params_30_is_unrestricted(pss)) {
+ int md_nid = ossl_rsa_pss_params_30_hashalg(pss);
+ int mgf1md_nid = ossl_rsa_pss_params_30_maskgenhashalg(pss);
+ int min_saltlen = ossl_rsa_pss_params_30_saltlen(pss);
const char *mdname, *mgf1mdname;
size_t len;
- mdname = rsa_oaeppss_nid2name(md_nid);
- mgf1mdname = rsa_oaeppss_nid2name(mgf1md_nid);
+ mdname = ossl_rsa_oaeppss_nid2name(md_nid);
+ mgf1mdname = ossl_rsa_oaeppss_nid2name(mgf1md_nid);
prsactx->min_saltlen = min_saltlen;
if (mdname == NULL) {
OSSL_PARAM_END
};
-static const OSSL_PARAM *rsa_settable_ctx_params(void *provctx)
+static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *provctx)
{
/*
* TODO(3.0): Should this function return a different set of settable ctx
return EVP_MD_settable_ctx_params(prsactx->md);
}
-const OSSL_DISPATCH rsa_signature_functions[] = {
+const OSSL_DISPATCH ossl_rsa_signature_functions[] = {
{ OSSL_FUNC_SIGNATURE_NEWCTX, (void (*)(void))rsa_newctx },
{ OSSL_FUNC_SIGNATURE_SIGN_INIT, (void (*)(void))rsa_sign_init },
{ OSSL_FUNC_SIGNATURE_SIGN, (void (*)(void))rsa_sign },