RSA: Add a less loaded PSS-parameter structure

[openssl.git] / crypto / rsa / rsa_lib.c

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 0a0d3e84db4b52cd1ce6673f99d168d4fa295142..d1fee590a8b72b782f3b47a7251e63fe1b135a1b 100644 (file)
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,7 +20,7 @@
 #include <openssl/evp.h>
 #include "internal/cryptlib.h"
 #include "internal/refcount.h"
-#include "internal/param_build.h"
+#include "openssl/param_build.h"
 #include "crypto/bn.h"
 #include "crypto/evp.h"
 #include "crypto/rsa.h"
@@ -29,7 +29,7 @@
 
 static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx);
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 RSA *RSA_new(void)
 {
     return rsa_new_intern(NULL, NULL);
@@ -90,7 +90,7 @@ static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
 
     ret->libctx = libctx;
     ret->meth = RSA_get_default_method();
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
     ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
     if (engine) {
         if (!ENGINE_init(engine)) {
@@ -111,7 +111,7 @@ static RSA *rsa_new_intern(ENGINE *engine, OPENSSL_CTX *libctx)
 #endif
 
     ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
         goto err;
     }
@@ -144,11 +144,11 @@ void RSA_free(RSA *r)
 
     if (r->meth != NULL && r->meth->finish != NULL)
         r->meth->finish(r);
-#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
+#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
     ENGINE_finish(r->engine);
 #endif
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
 #endif
 
@@ -162,8 +162,7 @@ void RSA_free(RSA *r)
     BN_clear_free(r->dmp1);
     BN_clear_free(r->dmq1);
     BN_clear_free(r->iqmp);
-    /* TODO(3.0): Support PSS in FIPS_MODE */
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     RSA_PSS_PARAMS_free(r->pss);
     sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
 #endif
@@ -185,7 +184,7 @@ int RSA_up_ref(RSA *r)
     return i > 1 ? 1 : 0;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 int RSA_set_ex_data(RSA *r, int idx, void *arg)
 {
     return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
@@ -339,7 +338,7 @@ int RSA_security_bits(const RSA *rsa)
 {
     int bits = BN_num_bits(rsa->n);
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     if (rsa->version == RSA_ASN1_VERSION_MULTI) {
         /* This ought to mean that we have private key at hand. */
         int ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos);
@@ -433,7 +432,7 @@ int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
     return 1;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 /*
  * Is it better to export RSA_PRIME_INFO structure
  * and related functions to let user pass a triplet?
@@ -523,7 +522,7 @@ void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
         *q = r->q;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 int RSA_get_multi_prime_extra_count(const RSA *r)
 {
     int pnum;
@@ -567,7 +566,7 @@ void RSA_get0_crt_params(const RSA *r,
         *iqmp = r->iqmp;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 int RSA_get0_multi_prime_crt_params(const RSA *r, const BIGNUM *exps[],
                                     const BIGNUM *coeffs[])
 {
@@ -635,13 +634,20 @@ const BIGNUM *RSA_get0_iqmp(const RSA *r)
     return r->iqmp;
 }
 
-/* TODO(3.0): Temporary until we move PSS support into the FIPS module */
-#ifndef FIPS_MODE
 const RSA_PSS_PARAMS *RSA_get0_pss_params(const RSA *r)
 {
+#ifdef FIPS_MODULE
+    return NULL;
+#else
     return r->pss;
-}
 #endif
+}
+
+/* Internal */
+RSA_PSS_PARAMS_30 *rsa_get0_pss_params_30(RSA *r)
+{
+    return &r->pss_params;
+}
 
 void RSA_clear_flags(RSA *r, int flags)
 {
@@ -664,7 +670,7 @@ int RSA_get_version(RSA *r)
     return r->version;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 ENGINE *RSA_get0_engine(const RSA *r)
 {
     return r->engine;
@@ -687,7 +693,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
                         const STACK_OF(BIGNUM) *exps,
                         const STACK_OF(BIGNUM) *coeffs)
 {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL;
 #endif
     int pnum;
@@ -708,12 +714,12 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
                                 sk_BIGNUM_value(coeffs, 0)))
         return 0;
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     old_infos = r->prime_infos;
 #endif
 
     if (pnum > 2) {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
         int i;
 
         prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum);
@@ -755,7 +761,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
 #endif
     }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     if (old_infos != NULL) {
         /*
          * This is hard to deal with, since the old infos could
@@ -771,7 +777,7 @@ int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes,
     r->dirty_cnt++;
 
     return 1;
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
  err:
     /* r, d, t should not be freed */
     sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex);
@@ -785,7 +791,7 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
                         STACK_OF(BIGNUM_const) *exps,
                         STACK_OF(BIGNUM_const) *coeffs)
 {
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     RSA_PRIME_INFO *pinfo;
     int i, pnum;
 #endif
@@ -803,7 +809,7 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
     sk_BIGNUM_const_push(exps, RSA_get0_dmq1(r));
     sk_BIGNUM_const_push(coeffs, RSA_get0_iqmp(r));
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
     pnum = RSA_get_multi_prime_extra_count(r);
     for (i = 0; i < pnum; i++) {
         pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i);
@@ -816,7 +822,7 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
     return 1;
 }
 
-#ifndef FIPS_MODE
+#ifndef FIPS_MODULE
 int EVP_PKEY_CTX_set_rsa_padding(EVP_PKEY_CTX *ctx, int pad_mode)
 {
     OSSL_PARAM pad_params[2], *p = pad_params;
@@ -1299,7 +1305,7 @@ int EVP_PKEY_CTX_set_rsa_keygen_bits(EVP_PKEY_CTX *ctx, int bits)
 
 int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
 {
-    OSSL_PARAM_BLD tmpl;
+    OSSL_PARAM_BLD *tmpl;
     OSSL_PARAM *params;
     int ret;
 
@@ -1318,13 +1324,17 @@ int EVP_PKEY_CTX_set_rsa_keygen_pubexp(EVP_PKEY_CTX *ctx, BIGNUM *pubexp)
         return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN,
                                  EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp);
 
-    ossl_param_bld_init(&tmpl);
-    if (!ossl_param_bld_push_BN(&tmpl, OSSL_PKEY_PARAM_RSA_E, pubexp)
-        || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
+    if ((tmpl = OSSL_PARAM_BLD_new()) == NULL)
         return 0;
+    if (!OSSL_PARAM_BLD_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, pubexp)
+        || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
+        OSSL_PARAM_BLD_free(tmpl);
+        return 0;
+    }
+    OSSL_PARAM_BLD_free(tmpl);
 
     ret = EVP_PKEY_CTX_set_params(ctx, params);
-    ossl_param_bld_free(params);
+    OSSL_PARAM_BLD_free_params(params);
     return ret;
 }