/*
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* internal use.
*/
#include "internal/deprecated.h"
+#include "internal/nelem.h"
-#include "e_os.h" /* strcasecmp */
#include <openssl/crypto.h>
#include <openssl/evp.h>
#include <openssl/core_dispatch.h>
#include <openssl/rsa.h>
#include <openssl/params.h>
#include <openssl/err.h>
-#include <crypto/rsa.h>
-#include "prov/providercommonerr.h"
+#include "crypto/rsa.h"
+#include <openssl/proverr.h>
+#include "internal/nelem.h"
#include "prov/provider_ctx.h"
#include "prov/implementations.h"
+#include "prov/securitycheck.h"
static OSSL_FUNC_kem_newctx_fn rsakem_newctx;
-static OSSL_FUNC_kem_encapsulate_init_fn rsakem_init;
+static OSSL_FUNC_kem_encapsulate_init_fn rsakem_encapsulate_init;
static OSSL_FUNC_kem_encapsulate_fn rsakem_generate;
-static OSSL_FUNC_kem_decapsulate_init_fn rsakem_init;
+static OSSL_FUNC_kem_decapsulate_init_fn rsakem_decapsulate_init;
static OSSL_FUNC_kem_decapsulate_fn rsakem_recover;
static OSSL_FUNC_kem_freectx_fn rsakem_freectx;
static OSSL_FUNC_kem_dupctx_fn rsakem_dupctx;
* we use that here too.
*/
typedef struct {
- OPENSSL_CTX *libctx;
+ OSSL_LIB_CTX *libctx;
RSA *rsa;
int op;
} PROV_RSA_CTX;
return -1;
for (i = 0; i < sz; ++i) {
- if (strcasecmp(map[i].ptr, name) == 0)
+ if (OPENSSL_strcasecmp(map[i].ptr, name) == 0)
return map[i].id;
}
return -1;
if (prsactx == NULL)
return NULL;
- prsactx->libctx = PROV_LIBRARY_CONTEXT_OF(provctx);
+ prsactx->libctx = PROV_LIBCTX_OF(provctx);
prsactx->op = KEM_OP_UNDEFINED;
return prsactx;
return dstctx;
}
-static int rsakem_init(void *vprsactx, void *vrsa)
+static int rsakem_init(void *vprsactx, void *vrsa,
+ const OSSL_PARAM params[], int operation)
{
PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
- if (prsactx == NULL || vrsa == NULL || !RSA_up_ref(vrsa))
+ if (prsactx == NULL || vrsa == NULL)
+ return 0;
+
+ if (!ossl_rsa_check_key(prsactx->libctx, vrsa, operation))
+ return 0;
+
+ if (!RSA_up_ref(vrsa))
return 0;
RSA_free(prsactx->rsa);
prsactx->rsa = vrsa;
- /* TODO(3.0) Add a RSA keylength check here for fips */
- return 1;
+
+ return rsakem_set_ctx_params(prsactx, params);
+}
+
+static int rsakem_encapsulate_init(void *vprsactx, void *vrsa,
+ const OSSL_PARAM params[])
+{
+ return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_ENCAPSULATE);
+}
+
+static int rsakem_decapsulate_init(void *vprsactx, void *vrsa,
+ const OSSL_PARAM params[])
+{
+ return rsakem_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECAPSULATE);
}
static int rsakem_get_ctx_params(void *vprsactx, OSSL_PARAM *params)
{
PROV_RSA_CTX *ctx = (PROV_RSA_CTX *)vprsactx;
- if (ctx == NULL || params == NULL)
- return 0;
- return 1;
+ return ctx != NULL;
}
static const OSSL_PARAM known_gettable_rsakem_ctx_params[] = {
OSSL_PARAM_END
};
-static const OSSL_PARAM *rsakem_gettable_ctx_params(ossl_unused void *provctx)
+static const OSSL_PARAM *rsakem_gettable_ctx_params(ossl_unused void *vprsactx,
+ ossl_unused void *provctx)
{
return known_gettable_rsakem_ctx_params;
}
const OSSL_PARAM *p;
int op;
- if (prsactx == NULL || params == NULL)
+ if (prsactx == NULL)
return 0;
+ if (params == NULL)
+ return 1;
+
p = OSSL_PARAM_locate_const(params, OSSL_KEM_PARAM_OPERATION);
if (p != NULL) {
OSSL_PARAM_END
};
-static const OSSL_PARAM *rsakem_settable_ctx_params(ossl_unused void *provctx)
+static const OSSL_PARAM *rsakem_settable_ctx_params(ossl_unused void *vprsactx,
+ ossl_unused void *provctx)
{
return known_settable_rsakem_ctx_params;
}
BN_CTX *bnctx;
BIGNUM *z, *nminus3;
- bnctx = BN_CTX_secure_new_ex(rsa_get0_libctx(rsa_pub));
+ bnctx = BN_CTX_secure_new_ex(ossl_rsa_get0_libctx(rsa_pub));
if (bnctx == NULL)
return 0;
ret = (z != NULL
&& (BN_copy(nminus3, RSA_get0_n(rsa_pub)) != NULL)
&& BN_sub_word(nminus3, 3)
- && BN_priv_rand_range_ex(z, nminus3, bnctx)
+ && BN_priv_rand_range_ex(z, nminus3, 0, bnctx)
&& BN_add_word(z, 2)
&& (BN_bn2binpad(z, out, outlen) == outlen));
BN_CTX_end(bnctx);
}
}
-const OSSL_DISPATCH rsa_asym_kem_functions[] = {
+const OSSL_DISPATCH ossl_rsa_asym_kem_functions[] = {
{ OSSL_FUNC_KEM_NEWCTX, (void (*)(void))rsakem_newctx },
{ OSSL_FUNC_KEM_ENCAPSULATE_INIT,
- (void (*)(void))rsakem_init },
+ (void (*)(void))rsakem_encapsulate_init },
{ OSSL_FUNC_KEM_ENCAPSULATE, (void (*)(void))rsakem_generate },
{ OSSL_FUNC_KEM_DECAPSULATE_INIT,
- (void (*)(void))rsakem_init },
+ (void (*)(void))rsakem_decapsulate_init },
{ OSSL_FUNC_KEM_DECAPSULATE, (void (*)(void))rsakem_recover },
{ OSSL_FUNC_KEM_FREECTX, (void (*)(void))rsakem_freectx },
{ OSSL_FUNC_KEM_DUPCTX, (void (*)(void))rsakem_dupctx },
(void (*)(void))rsakem_set_ctx_params },
{ OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS,
(void (*)(void))rsakem_settable_ctx_params },
- { 0, NULL }
+ OSSL_DISPATCH_END
};