Don't pass a digest-size to signature implementations
authorRichard Levitte <levitte@openssl.org>
Sun, 2 Feb 2020 11:55:05 +0000 (12:55 +0100)
committerRichard Levitte <levitte@openssl.org>
Tue, 4 Feb 2020 18:32:37 +0000 (19:32 +0100)
It turns out this was never necessary, as the implementation should
always check the default digest size anyway.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10947)

crypto/evp/pmeth_lib.c
include/openssl/core_names.h
providers/fips/fipsprov.c
providers/implementations/signature/dsa.c
test/evp_extra_test.c

index 19f894d6798eaab5cc65d1a43d654e0e70f4718b..2cbd3ff284702e872509ffec324c4d98be2d5013 100644 (file)
@@ -679,8 +679,7 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
 
 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
-    OSSL_PARAM sig_md_params[3], *p = sig_md_params;
-    size_t mdsize;
+    OSSL_PARAM sig_md_params[2], *p = sig_md_params;
     const char *name;
 
     if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
@@ -696,9 +695,7 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 
     if (md == NULL) {
         name = "";
-        mdsize = 0;
     } else {
-        mdsize = EVP_MD_size(md);
         name = EVP_MD_name(md);
     }
 
@@ -709,8 +706,6 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
                                              */
                                             (char *)name,
                                             strlen(name) + 1);
-    *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
-                                       &mdsize);
     *p++ = OSSL_PARAM_construct_end();
 
     return EVP_PKEY_CTX_set_params(ctx, sig_md_params);
index cd701ab937ce839ae52b5288128670df24cee298..c061902b8ca8bdb01176a4f45f83fe4edbfb345e 100644 (file)
@@ -168,7 +168,6 @@ extern "C" {
 #define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
 #define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
 #define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
 #define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
 #define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */
 
@@ -213,7 +212,6 @@ extern "C" {
 /* Signature parameters */
 #define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
 #define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE
 
 /* Asym cipher parameters */
 #define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 "pad-mode"
index 288168cb81f9031f352250ba067ec6846ef6f617..c89fa642644fd13862c97e0bfc3f059044ea98d9 100644 (file)
@@ -276,9 +276,7 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
     /* set signature parameters */
     ossl_param_bld_init(&bld);
     if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
-                                         SN_sha256,strlen(SN_sha256) + 1)
-        || !ossl_param_bld_push_size_t(&bld, OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
-                                       SHA256_DIGEST_LENGTH))
+                                         SN_sha256,strlen(SN_sha256) + 1))
         goto err;
     params_sig = ossl_param_bld_to_param(&bld);
     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
index e8d9cd0b81c2660e01f9d10b76ee469f1d51ff64..eaf6d4fe29bd96080e0d83a770f12aeae177fc04 100644 (file)
@@ -206,7 +206,6 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
     EVP_MD_CTX_free(pdsactx->mdctx);
     EVP_MD_free(pdsactx->md);
     pdsactx->mdctx = NULL;
-    pdsactx->mdsize = 0;
     pdsactx->md = NULL;
     return 0;
 }
@@ -330,10 +329,6 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params)
         && !OSSL_PARAM_set_octet_string(p, pdsactx->aid, pdsactx->aid_len))
         return 0;
 
-    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
-    if (p != NULL && !OSSL_PARAM_set_size_t(p, pdsactx->mdsize))
-        return 0;
-
     p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
     if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->md == NULL
                                                     ? pdsactx->mdname
@@ -345,7 +340,6 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params)
 
 static const OSSL_PARAM known_gettable_ctx_params[] = {
     OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
-    OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
     OSSL_PARAM_END
 };
@@ -372,10 +366,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
         return 1;
     }
 
-    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
-    if (p != NULL && !OSSL_PARAM_get_size_t(p, &pdsactx->mdsize))
-        return 0;
-
     /*
      * We never actually use the mdname, but we do support getting it later.
      * This can be useful for applications that want to know the MD that they
@@ -391,7 +381,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
 }
 
 static const OSSL_PARAM known_settable_ctx_params[] = {
-    OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
     OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
     OSSL_PARAM_END
 };
index 4dfcd26c28c99c27e20fe79cf380125a7ba55f1b..024ef6ad171e778ab9e8e4384541552f581e73a5 100644 (file)
@@ -25,6 +25,7 @@
 #include <openssl/dh.h>
 #include "testutil.h"
 #include "internal/nelem.h"
+#include "internal/sizes.h"
 #include "crypto/evp.h"
 
 /*
@@ -1239,13 +1240,13 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
     EVP_PKEY_CTX *ctx = NULL;
     EVP_SIGNATURE *dsaimpl = NULL;
     const OSSL_PARAM *params;
-    OSSL_PARAM ourparams[2], *param = ourparams;
+    OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
     DSA *dsa = NULL;
     BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
     EVP_PKEY *pkey = NULL;
     int ret = 0;
     const EVP_MD *md;
-    size_t mdsize = SHA512_DIGEST_LENGTH;
+    char mdname[OSSL_MAX_NAME_SIZE];
     char ssl3ms[48];
 
     /*
@@ -1288,8 +1289,6 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
      */
     params = EVP_PKEY_CTX_settable_params(ctx);
     if (!TEST_ptr(params)
-        || !TEST_ptr(OSSL_PARAM_locate_const(params,
-                                             OSSL_SIGNATURE_PARAM_DIGEST_SIZE))
         || !TEST_ptr(OSSL_PARAM_locate_const(params,
                                              OSSL_SIGNATURE_PARAM_DIGEST)))
         goto err;
@@ -1298,8 +1297,6 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
     if (!TEST_ptr(params)
         || !TEST_ptr(OSSL_PARAM_locate_const(params,
                                              OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
-        || !TEST_ptr(OSSL_PARAM_locate_const(params,
-                                             OSSL_SIGNATURE_PARAM_DIGEST_SIZE))
         || !TEST_ptr(OSSL_PARAM_locate_const(params,
                                              OSSL_SIGNATURE_PARAM_DIGEST)))
         goto err;
@@ -1308,16 +1305,20 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
      * Test getting and setting params via EVP_PKEY_CTX_set_params() and
      * EVP_PKEY_CTX_get_params()
      */
-    *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
-                                           &mdsize);
+    strcpy(mdname, "SHA512");
+    param_md = param;
+    *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+                                                mdname, 0);
     *param++ = OSSL_PARAM_construct_end();
 
     if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
         goto err;
 
-    mdsize = 0;
+    mdname[0] = '\0';
+    *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+                                                 mdname, sizeof(mdname));
     if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
-            || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH))
+            || !TEST_str_eq(mdname, "SHA512"))
         goto err;
 
     /*