From: Pauli Date: Mon, 28 Jul 2025 00:11:34 +0000 (+1000) Subject: dsa: update to use generated param decoders for signature operations X-Git-Tag: openssl-3.6.0-alpha1~142 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c1fd9a4f8b582f4fc27b7f0533d9f7673d99513c;p=thirdparty%2Fopenssl.git dsa: update to use generated param decoders for signature operations Reviewed-by: Paul Yang Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/28150) --- diff --git a/providers/implementations/signature/dsa_sig.c.in b/providers/implementations/signature/dsa_sig.c.in index c10df19eee4..e4d569376ba 100644 --- a/providers/implementations/signature/dsa_sig.c.in +++ b/providers/implementations/signature/dsa_sig.c.in @@ -6,6 +6,9 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} /* * DSA low level APIs are deprecated for public use, but still ok for @@ -669,108 +672,110 @@ static void *dsa_dupctx(void *vpdsactx) return NULL; } +{- produce_param_decoder('dsa_get_ctx_params', + (['SIGNATURE_PARAM_ALGORITHM_ID', 'algid', 'octet_string'], + ['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], + ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], + ['SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + )); -} + static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - OSSL_PARAM *p; + struct dsa_get_ctx_params_st p; - if (pdsactx == NULL) + if (pdsactx == NULL || !dsa_get_ctx_params_decoder(params, &p)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID); - if (p != NULL - && !OSSL_PARAM_set_octet_string(p, + if (p.algid != NULL + && !OSSL_PARAM_set_octet_string(p.algid, pdsactx->aid_len == 0 ? NULL : pdsactx->aid_buf, pdsactx->aid_len)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->mdname)) + if (p.digest != NULL && !OSSL_PARAM_set_utf8_string(p.digest, pdsactx->mdname)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); - if (p != NULL && !OSSL_PARAM_set_uint(p, pdsactx->nonce_type)) + if (p.nonce != NULL && !OSSL_PARAM_set_uint(p.nonce, pdsactx->nonce_type)) return 0; - if (!OSSL_FIPS_IND_GET_CTX_PARAM(pdsactx, params)) + + if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(pdsactx, p.ind)) return 0; return 1; } -static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), - OSSL_FIPS_IND_GETTABLE_CTX_PARAM() - OSSL_PARAM_END -}; - static const OSSL_PARAM *dsa_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) { - return known_gettable_ctx_params; + return dsa_get_ctx_params_list; } +struct dsa_all_set_ctx_params_st { + OSSL_PARAM *digest; /* dsa_set_ctx_params */ + OSSL_PARAM *propq; /* dsa_set_ctx_params */ + OSSL_PARAM *ind_d; + OSSL_PARAM *ind_k; + OSSL_PARAM *ind_sign; + OSSL_PARAM *nonce; + OSSL_PARAM *sig; /* dsa_sigalg_set_ctx_params */ +}; + /** * @brief Setup common params for dsa_set_ctx_params and dsa_sigalg_set_ctx_params * The caller is responsible for checking |vpdsactx| is not NULL and |params| * is not empty. */ -static int dsa_common_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) +static int dsa_common_set_ctx_params(PROV_DSA_CTX *pdsactx, + const struct dsa_all_set_ctx_params_st *p) { - PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - const OSSL_PARAM *p; - - if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE0, + p->ind_k)) return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE1, params, - OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE1, + p->ind_d)) return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE2, params, - OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(pdsactx, OSSL_FIPS_IND_SETTABLE2, + p->ind_sign)) return 0; - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_NONCE_TYPE); - if (p != NULL - && !OSSL_PARAM_get_uint(p, &pdsactx->nonce_type)) + if (p->nonce != NULL + && !OSSL_PARAM_get_uint(p->nonce, &pdsactx->nonce_type)) return 0; return 1; } -#define DSA_COMMON_SETTABLE_CTX_PARAMS \ - OSSL_PARAM_uint(OSSL_SIGNATURE_PARAM_NONCE_TYPE, NULL), \ - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_KEY_CHECK) \ - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_DIGEST_CHECK) \ - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_SIGNATURE_PARAM_FIPS_SIGN_CHECK) \ - OSSL_PARAM_END +#define dsa_set_ctx_params_st dsa_all_set_ctx_params_st + +{- produce_param_decoder('dsa_set_ctx_params', + (['SIGNATURE_PARAM_DIGEST', 'digest', 'utf8_string'], + ['SIGNATURE_PARAM_PROPERTIES', 'propq', 'utf8_string'], + ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + ['SIGNATURE_PARAM_FIPS_SIGN_CHECK', 'ind_sign', 'int'], + )); -} static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - const OSSL_PARAM *p; + struct dsa_all_set_ctx_params_st p; int ret; - if (pdsactx == NULL) + if (pdsactx == NULL || !dsa_set_ctx_params_decoder(params, &p)) return 0; - if (ossl_param_is_empty(params)) - return 1; - if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) + if ((ret = dsa_common_set_ctx_params(pdsactx, &p)) <= 0) return ret; - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST); - if (p != NULL) { + if (p.digest != NULL) { char mdname[OSSL_MAX_NAME_SIZE] = "", *pmdname = mdname; char mdprops[OSSL_MAX_PROPQUERY_SIZE] = "", *pmdprops = mdprops; - const OSSL_PARAM *propsp = - OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_PROPERTIES); - if (!OSSL_PARAM_get_utf8_string(p, &pmdname, sizeof(mdname))) + if (!OSSL_PARAM_get_utf8_string(p.digest, &pmdname, sizeof(mdname))) return 0; - if (propsp != NULL - && !OSSL_PARAM_get_utf8_string(propsp, &pmdprops, sizeof(mdprops))) + if (p.propq != NULL + && !OSSL_PARAM_get_utf8_string(p.propq, &pmdprops, sizeof(mdprops))) return 0; if (!dsa_setup_md(pdsactx, mdname, mdprops, "DSA Set Ctx")) return 0; @@ -778,12 +783,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) return 1; } -static const OSSL_PARAM settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_PROPERTIES, NULL, 0), - DSA_COMMON_SETTABLE_CTX_PARAMS -}; - static const OSSL_PARAM settable_ctx_params_no_digest[] = { OSSL_PARAM_END }; @@ -795,7 +794,7 @@ static const OSSL_PARAM *dsa_settable_ctx_params(void *vpdsactx, if (pdsactx != NULL && !pdsactx->flag_allow_md) return settable_ctx_params_no_digest; - return settable_ctx_params; + return dsa_set_ctx_params_list; } static int dsa_get_ctx_md_params(void *vpdsactx, OSSL_PARAM *params) @@ -935,10 +934,15 @@ static const char **dsa_sigalg_query_key_types(void) return keytypes; } -static const OSSL_PARAM settable_sigalg_ctx_params[] = { - OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_SIGNATURE, NULL, 0), - DSA_COMMON_SETTABLE_CTX_PARAMS -}; +#define dsa_sigalg_set_ctx_params_st dsa_all_set_ctx_params_st + +{- produce_param_decoder('dsa_sigalg_set_ctx_params', + (['SIGNATURE_PARAM_SIGNATURE', 'sig', 'octet_string'], + ['SIGNATURE_PARAM_NONCE_TYPE', 'nonce', 'uint'], + ['SIGNATURE_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['SIGNATURE_PARAM_FIPS_DIGEST_CHECK', 'ind_d', 'int'], + ['SIGNATURE_PARAM_FIPS_SIGN_CHECK', 'ind_sign', 'int'], + )); -} static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx, ossl_unused void *provctx) @@ -946,31 +950,28 @@ static const OSSL_PARAM *dsa_sigalg_settable_ctx_params(void *vpdsactx, PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; if (pdsactx != NULL && pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) - return settable_sigalg_ctx_params; + return dsa_sigalg_set_ctx_params_list; return NULL; } static int dsa_sigalg_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) { PROV_DSA_CTX *pdsactx = (PROV_DSA_CTX *)vpdsactx; - const OSSL_PARAM *p; + struct dsa_all_set_ctx_params_st p; int ret; - if (pdsactx == NULL) + if (pdsactx == NULL || !dsa_sigalg_set_ctx_params_decoder(params, &p)) return 0; - if (ossl_param_is_empty(params)) - return 1; - if ((ret = dsa_common_set_ctx_params(pdsactx, params)) <= 0) + if ((ret = dsa_common_set_ctx_params(pdsactx, &p)) <= 0) return ret; if (pdsactx->operation == EVP_PKEY_OP_VERIFYMSG) { - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_SIGNATURE); - if (p != NULL) { + if (p.sig != NULL) { OPENSSL_free(pdsactx->sig); pdsactx->sig = NULL; pdsactx->siglen = 0; - if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig, + if (!OSSL_PARAM_get_octet_string(p.sig, (void **)&pdsactx->sig, 0, &pdsactx->siglen)) return 0; }