From: Pauli Date: Tue, 22 Jul 2025 02:09:23 +0000 (+1000) Subject: rsa: update sm asymmetric cipher to use generated param parser X-Git-Tag: openssl-3.6.0-alpha1~157 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb96193b4b57ecdcfb1ae11778455b4ff58dbdcd;p=thirdparty%2Fopenssl.git rsa: update sm asymmetric cipher to use generated param parser Reviewed-by: Paul Yang Reviewed-by: Shane Lontis Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/28145) --- diff --git a/providers/implementations/asymciphers/rsa_enc.c.in b/providers/implementations/asymciphers/rsa_enc.c.in index 4bc5953b384..7eb9894b80b 100644 --- a/providers/implementations/asymciphers/rsa_enc.c.in +++ b/providers/implementations/asymciphers/rsa_enc.c.in @@ -6,6 +6,9 @@ * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +{- +use OpenSSL::paramnames qw(produce_param_decoder); +-} /* * RSA low level APIs are deprecated for public use, but still ok for @@ -24,6 +27,7 @@ /* Just for SSL_MAX_MASTER_KEY_LENGTH */ #include #include "internal/constant_time.h" +#include "internal/cryptlib.h" #include "internal/sizes.h" #include "crypto/rsa.h" #include "prov/provider_ctx.h" @@ -359,19 +363,30 @@ static void *rsa_dupctx(void *vprsactx) return dstctx; } +{- produce_param_decoder('rsa_get_ctx_params', + (['ASYM_CIPHER_PARAM_OAEP_DIGEST', 'oaep', 'utf8_string'], + ['ASYM_CIPHER_PARAM_PAD_MODE', 'pad', 'utf8_string'], + ['ASYM_CIPHER_PARAM_PAD_MODE', 'pad', 'int'], + ['ASYM_CIPHER_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'], + ['ASYM_CIPHER_PARAM_OAEP_LABEL', 'label', 'octet_ptr'], + ['ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION', 'tlsver', 'uint'], + ['ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION', 'negver', 'uint'], + ['ASYM_CIPHER_PARAM_IMPLICIT_REJECTION', 'imrej', 'uint'], + ['ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR', 'ind', 'int'], + )); -} + static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - OSSL_PARAM *p; + struct rsa_get_ctx_params_st p; - if (prsactx == NULL) + if (prsactx == NULL || !rsa_get_ctx_params_decoder(params, &p)) return 0; - p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE); - if (p != NULL) - switch (p->data_type) { + if (p.pad != NULL) + switch (p.pad->data_type) { case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ - if (!OSSL_PARAM_set_int(p, prsactx->pad_mode)) + if (!OSSL_PARAM_set_int(p.pad, prsactx->pad_mode)) return 0; break; case OSSL_PARAM_UTF8_STRING: @@ -387,7 +402,7 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) } if (word != NULL) { - if (!OSSL_PARAM_set_utf8_string(p, word)) + if (!OSSL_PARAM_set_utf8_string(p.pad, word)) return 0; } else { ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); @@ -398,95 +413,90 @@ static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) return 0; } - p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); - if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->oaep_md == NULL - ? "" - : EVP_MD_get0_name(prsactx->oaep_md))) + if (p.oaep != NULL && !OSSL_PARAM_set_utf8_string(p.oaep, prsactx->oaep_md == NULL + ? "" + : EVP_MD_get0_name(prsactx->oaep_md))) return 0; - p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); - if (p != NULL) { + if (p.mgf1 != NULL) { EVP_MD *mgf1_md = prsactx->mgf1_md == NULL ? prsactx->oaep_md : prsactx->mgf1_md; - if (!OSSL_PARAM_set_utf8_string(p, mgf1_md == NULL - ? "" - : EVP_MD_get0_name(mgf1_md))) + if (!OSSL_PARAM_set_utf8_string(p.mgf1, mgf1_md == NULL + ? "" + : EVP_MD_get0_name(mgf1_md))) return 0; } - p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL); - if (p != NULL && - !OSSL_PARAM_set_octet_ptr(p, prsactx->oaep_label, - prsactx->oaep_labellen)) + if (p.label != NULL + && !OSSL_PARAM_set_octet_ptr(p.label, prsactx->oaep_label, + prsactx->oaep_labellen)) return 0; - p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); - if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->client_version)) + if (p.tlsver != NULL + && !OSSL_PARAM_set_uint(p.tlsver, prsactx->client_version)) return 0; - p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION); - if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version)) + if (p.negver != NULL + && !OSSL_PARAM_set_uint(p.negver, prsactx->alt_version)) return 0; - p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); - if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) + if (p.imrej != NULL + && !OSSL_PARAM_set_uint(p.imrej, prsactx->implicit_rejection)) return 0; - if (!OSSL_FIPS_IND_GET_CTX_PARAM(prsactx, params)) + + if (!OSSL_FIPS_IND_GET_CTX_FROM_PARAM(prsactx, p.ind)) return 0; + return 1; } -static const OSSL_PARAM known_gettable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), - OSSL_PARAM_DEFN(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, - NULL, 0), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), - OSSL_FIPS_IND_GETTABLE_CTX_PARAM() - OSSL_PARAM_END -}; static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, ossl_unused void *provctx) { - return known_gettable_ctx_params; + return rsa_get_ctx_params_list; } +{- produce_param_decoder('rsa_set_ctx_params', + (['ASYM_CIPHER_PARAM_OAEP_DIGEST', 'oaep', 'utf8_string'], + ['ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS', 'oaep_pq', 'utf8_string'], + ['ASYM_CIPHER_PARAM_PAD_MODE', 'pad', 'utf8_string'], + ['ASYM_CIPHER_PARAM_PAD_MODE', 'pad', 'int'], + ['ASYM_CIPHER_PARAM_MGF1_DIGEST', 'mgf1', 'utf8_string'], + ['ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS', 'mgf1_pq', 'utf8_string'], + ['ASYM_CIPHER_PARAM_OAEP_LABEL', 'label', 'octet_string'], + ['ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION', 'tlsver', 'uint'], + ['ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION', 'negver', 'uint'], + ['ASYM_CIPHER_PARAM_IMPLICIT_REJECTION', 'imrej', 'uint'], + ['ASYM_CIPHER_PARAM_FIPS_KEY_CHECK', 'ind_k', 'int'], + ['ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED', 'ind_pad', 'int'], + )); -} + static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) { PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; - const OSSL_PARAM *p; + struct rsa_set_ctx_params_st p; char mdname[OSSL_MAX_NAME_SIZE]; char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' }; char *str = NULL; - if (prsactx == NULL) + if (prsactx == NULL || !rsa_set_ctx_params_decoder(params, &p)) return 0; - if (ossl_param_is_empty(params)) - return 1; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, params, - OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, p.ind_k)) return 0; - if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, params, - OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED)) + if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, p.ind_pad)) return 0; - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); - if (p != NULL) { + if (p.oaep != NULL) { str = mdname; - if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) + if (!OSSL_PARAM_get_utf8_string(p.oaep, &str, sizeof(mdname))) return 0; - p = OSSL_PARAM_locate_const(params, - OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS); - if (p != NULL) { + if (p.oaep_pq != NULL) { str = mdprops; - if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) + if (!OSSL_PARAM_get_utf8_string(p.oaep_pq, &str, sizeof(mdprops))) return 0; } @@ -497,24 +507,23 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 0; } - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE); - if (p != NULL) { + if (p.pad != NULL) { int pad_mode = 0; - switch (p->data_type) { + switch (p.pad->data_type) { case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ - if (!OSSL_PARAM_get_int(p, &pad_mode)) + if (!OSSL_PARAM_get_int(p.pad, &pad_mode)) return 0; break; case OSSL_PARAM_UTF8_STRING: { int i; - if (p->data == NULL) + if (p.pad->data == NULL) return 0; for (i = 0; padding_item[i].id != 0; i++) { - if (strcmp(p->data, padding_item[i].ptr) == 0) { + if (strcmp(p.pad->data, padding_item[i].ptr) == 0) { pad_mode = padding_item[i].id; break; } @@ -539,17 +548,14 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) prsactx->pad_mode = pad_mode; } - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); - if (p != NULL) { + if (p.mgf1 != NULL) { str = mdname; - if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) + if (!OSSL_PARAM_get_utf8_string(p.mgf1, &str, sizeof(mdname))) return 0; - p = OSSL_PARAM_locate_const(params, - OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS); - if (p != NULL) { + if (p.mgf1_pq != NULL) { str = mdprops; - if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) + if (!OSSL_PARAM_get_utf8_string(p.mgf1_pq, &str, sizeof(mdprops))) return 0; } else { str = NULL; @@ -562,65 +568,47 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) return 0; } - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL); - if (p != NULL) { + if (p.label != NULL) { void *tmp_label = NULL; size_t tmp_labellen; - if (!OSSL_PARAM_get_octet_string(p, &tmp_label, 0, &tmp_labellen)) + if (!OSSL_PARAM_get_octet_string(p.label, &tmp_label, 0, &tmp_labellen)) return 0; OPENSSL_free(prsactx->oaep_label); prsactx->oaep_label = (unsigned char *)tmp_label; prsactx->oaep_labellen = tmp_labellen; } - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); - if (p != NULL) { + if (p.tlsver != NULL) { unsigned int client_version; - if (!OSSL_PARAM_get_uint(p, &client_version)) + if (!OSSL_PARAM_get_uint(p.tlsver, &client_version)) return 0; prsactx->client_version = client_version; } - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION); - if (p != NULL) { + if (p.negver != NULL) { unsigned int alt_version; - if (!OSSL_PARAM_get_uint(p, &alt_version)) + if (!OSSL_PARAM_get_uint(p.negver, &alt_version)) return 0; prsactx->alt_version = alt_version; } - p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); - if (p != NULL) { + + if (p.imrej != NULL) { unsigned int implicit_rejection; - if (!OSSL_PARAM_get_uint(p, &implicit_rejection)) + if (!OSSL_PARAM_get_uint(p.imrej, &implicit_rejection)) return 0; prsactx->implicit_rejection = implicit_rejection; } return 1; } -static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), - OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS, NULL, 0), - OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), - OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK) - OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED) - OSSL_PARAM_END -}; - static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *vprsactx, ossl_unused void *provctx) { - return known_settable_ctx_params; + return rsa_set_ctx_params_list; } const OSSL_DISPATCH ossl_rsa_asym_cipher_functions[] = {