/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include <openssl/params.h>
#include <openssl/err.h>
#include <crypto/rsa.h>
-#include "prov/providercommonerr.h"
+#include <openssl/proverr.h>
#include "prov/provider_ctx.h"
#include "prov/implementations.h"
+#include "prov/securitycheck.h"
static OSSL_FUNC_kem_newctx_fn rsakem_newctx;
-static OSSL_FUNC_kem_encapsulate_init_fn rsakem_init;
+static OSSL_FUNC_kem_encapsulate_init_fn rsakem_encapsulate_init;
static OSSL_FUNC_kem_encapsulate_fn rsakem_generate;
-static OSSL_FUNC_kem_decapsulate_init_fn rsakem_init;
+static OSSL_FUNC_kem_decapsulate_init_fn rsakem_decapsulate_init;
static OSSL_FUNC_kem_decapsulate_fn rsakem_recover;
static OSSL_FUNC_kem_freectx_fn rsakem_freectx;
static OSSL_FUNC_kem_dupctx_fn rsakem_dupctx;
* we use that here too.
*/
typedef struct {
- OPENSSL_CTX *libctx;
+ OSSL_LIB_CTX *libctx;
RSA *rsa;
int op;
} PROV_RSA_CTX;
if (prsactx == NULL)
return NULL;
- prsactx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
+ prsactx->libctx = PROV_LIBCTX_OF(provctx);
prsactx->op = KEM_OP_UNDEFINED;
return prsactx;
return dstctx;
}
-static int rsakem_init(void *vprsactx, void *vrsa)
+static int rsakem_init(void *vprsactx, void *vrsa, int operation)
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
return 0;
RSA_free(prsactx->rsa);
prsactx->rsa = vrsa;
- /* TODO(3.0) Add a RSA keylength check here for fips */
+
+ if (!ossl_rsa_check_key(vrsa, operation == EVP_PKEY_OP_ENCAPSULATE)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
+ return 0;
+ }
return 1;
}
+static int rsakem_encapsulate_init(void *vprsactx, void *vrsa)
+{
+ return rsakem_init(vprsactx, vrsa, EVP_PKEY_OP_ENCAPSULATE);
+}
+
+static int rsakem_decapsulate_init(void *vprsactx, void *vrsa)
+{
+ return rsakem_init(vprsactx, vrsa, EVP_PKEY_OP_DECAPSULATE);
+}
+
static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
{
PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx;
BN_CTX *bnctx;
BIGNUM *z, *nminus3;
- bnctx = BN_CTX_secure_new_ex(rsa_get0_libctx(rsa_pub));
+ bnctx = BN_CTX_secure_new_ex(ossl_rsa_get0_libctx(rsa_pub));
if (bnctx == NULL)
return 0;
}
}
-const OSSL_DISPATCH rsa_asym_kem_functions[] = {
+const OSSL_DISPATCH ossl_rsa_asym_kem_functions[] = {
{ OSSL_FUNC_KEM_NEWCTX, (void (*)(void))rsakem_newctx },
{ OSSL_FUNC_KEM_ENCAPSULATE_INIT,
- (void (*)(void))rsakem_init },
+ (void (*)(void))rsakem_encapsulate_init },
{ OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))rsakem_generate },
{ OSSL_FUNC_KEM_DECAPSULATE_INIT,
- (void (*)(void))rsakem_init },
+ (void (*)(void))rsakem_decapsulate_init },
{ OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))rsakem_recover },
{ OSSL_FUNC_KEM_FREECTX, (void (*)(void))rsakem_freectx },
{ OSSL_FUNC_KEM_DUPCTX, (void (*)(void))rsakem_dupctx },