rsa_pss_params_30_fromdata() now uses the OSSL_PKEY_PARAM_RSA_DIGEST_PROPS parameter also.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)
|| !rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
|| !rsa_pss_params_30_set_maskgenhashalg(&pss_params, mgf1md_nid)
|| !rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
- || !rsa_pss_params_30_todata(&pss_params, propq, tmpl, NULL))
+ || !rsa_pss_params_30_todata(&pss_params, tmpl, NULL))
goto err;
selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
}
return ret;
}
-int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, const char *propq,
+int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
{
if (!rsa_pss_params_30_is_unrestricted(pss)) {
const OSSL_PARAM params[], OPENSSL_CTX *libctx)
{
const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md, *param_saltlen;
+ const OSSL_PARAM *param_propq;
+ const char *propq = NULL;
EVP_MD *md = NULL, *mgf1md = NULL;
int saltlen;
int ret = 0;
if (pss_params == NULL)
return 0;
-
+ param_propq =
+ OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
param_md =
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
param_mgf =
param_saltlen =
OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);
+ if (param_propq != NULL) {
+ if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
+ propq = param_propq->data;
+ }
/*
* If we get any of the parameters, we know we have at least some
* restrictions, so we start by setting default values, and let each
else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
goto err;
- if ((md = EVP_MD_fetch(libctx, mdname, NULL)) == NULL
+ if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
|| !rsa_pss_params_30_set_hashalg(pss_params,
rsa_oaeppss_md2nid(md)))
goto err;
else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
goto err;
- if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, NULL)) == NULL
+ if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
|| !rsa_pss_params_30_set_maskgenhashalg(pss_params,
rsa_oaeppss_md2nid(mgf1md)))
goto err;
int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
-int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, const char *propq,
+int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
const OSSL_PARAM params[], OPENSSL_CTX *libctx);
#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
#define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
ok = ok && (rsa_pss_params_30_is_unrestricted(pss_params)
- || rsa_pss_params_30_todata(pss_params, NULL, tmpl, NULL));
+ || rsa_pss_params_30_todata(pss_params, tmpl, NULL));
if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
ok = ok && rsa_todata(rsa, tmpl, NULL);
}
}
return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS
- || rsa_pss_params_30_todata(pss_params, NULL, NULL, params))
+ || rsa_pss_params_30_todata(pss_params, NULL, params))
&& rsa_todata(rsa, NULL, params);
}
struct rsa_gen_ctx {
OPENSSL_CTX *libctx;
+ const char *propq;
int rsa_type;
*/
#define rsa_gen_pss \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0), \
+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0), \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0), \
OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0), \
OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL)