From 00bc1ad99a69f851ccdea3656445ae2daaf70717 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sun, 2 Feb 2020 12:55:05 +0100 Subject: [PATCH] Don't pass a digest-size to signature implementations It turns out this was never necessary, as the implementation should always check the default digest size anyway. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/10947) --- crypto/evp/pmeth_lib.c | 7 +------ include/openssl/core_names.h | 2 -- providers/fips/fipsprov.c | 4 +--- providers/implementations/signature/dsa.c | 11 ----------- test/evp_extra_test.c | 21 +++++++++++---------- 5 files changed, 13 insertions(+), 32 deletions(-) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 19f894d679..2cbd3ff284 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -679,8 +679,7 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md) int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) { - OSSL_PARAM sig_md_params[3], *p = sig_md_params; - size_t mdsize; + OSSL_PARAM sig_md_params[2], *p = sig_md_params; const char *name; if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) { @@ -696,9 +695,7 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) if (md == NULL) { name = ""; - mdsize = 0; } else { - mdsize = EVP_MD_size(md); name = EVP_MD_name(md); } @@ -709,8 +706,6 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) */ (char *)name, strlen(name) + 1); - *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, - &mdsize); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, sig_md_params); diff --git a/include/openssl/core_names.h b/include/openssl/core_names.h index cd701ab937..c061902b8c 100644 --- a/include/openssl/core_names.h +++ b/include/openssl/core_names.h @@ -168,7 +168,6 @@ extern "C" { #define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */ #define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */ #define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST -#define OSSL_PKEY_PARAM_DIGEST_SIZE "digest-size" #define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */ #define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */ @@ -213,7 +212,6 @@ extern "C" { /* Signature parameters */ #define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id" #define OSSL_SIGNATURE_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST -#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE /* Asym cipher parameters */ #define OSSL_ASYM_CIPHER_PARAM_PAD_MODE "pad-mode" diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 288168cb81..c89fa64264 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -276,9 +276,7 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx) /* set signature parameters */ ossl_param_bld_init(&bld); if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST, - SN_sha256,strlen(SN_sha256) + 1) - || !ossl_param_bld_push_size_t(&bld, OSSL_SIGNATURE_PARAM_DIGEST_SIZE, - SHA256_DIGEST_LENGTH)) + SN_sha256,strlen(SN_sha256) + 1)) goto err; params_sig = ossl_param_bld_to_param(&bld); if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c index e8d9cd0b81..eaf6d4fe29 100644 --- a/providers/implementations/signature/dsa.c +++ b/providers/implementations/signature/dsa.c @@ -206,7 +206,6 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname, EVP_MD_CTX_free(pdsactx->mdctx); EVP_MD_free(pdsactx->md); pdsactx->mdctx = NULL; - pdsactx->mdsize = 0; pdsactx->md = NULL; return 0; } @@ -330,10 +329,6 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) && !OSSL_PARAM_set_octet_string(p, pdsactx->aid, pdsactx->aid_len)) return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); - if (p != NULL && !OSSL_PARAM_set_size_t(p, pdsactx->mdsize)) - return 0; - p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST); if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->md == NULL ? pdsactx->mdname @@ -345,7 +340,6 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params) static const OSSL_PARAM known_gettable_ctx_params[] = { OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0), - OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_END }; @@ -372,10 +366,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) return 1; } - p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE); - if (p != NULL && !OSSL_PARAM_get_size_t(p, &pdsactx->mdsize)) - return 0; - /* * We never actually use the mdname, but we do support getting it later. * This can be useful for applications that want to know the MD that they @@ -391,7 +381,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[]) } static const OSSL_PARAM known_settable_ctx_params[] = { - OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL), OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0), OSSL_PARAM_END }; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 4dfcd26c28..024ef6ad17 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -25,6 +25,7 @@ #include #include "testutil.h" #include "internal/nelem.h" +#include "internal/sizes.h" #include "crypto/evp.h" /* @@ -1239,13 +1240,13 @@ static int test_EVP_PKEY_CTX_get_set_params(void) EVP_PKEY_CTX *ctx = NULL; EVP_SIGNATURE *dsaimpl = NULL; const OSSL_PARAM *params; - OSSL_PARAM ourparams[2], *param = ourparams; + OSSL_PARAM ourparams[2], *param = ourparams, *param_md; DSA *dsa = NULL; BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; EVP_PKEY *pkey = NULL; int ret = 0; const EVP_MD *md; - size_t mdsize = SHA512_DIGEST_LENGTH; + char mdname[OSSL_MAX_NAME_SIZE]; char ssl3ms[48]; /* @@ -1288,8 +1289,6 @@ static int test_EVP_PKEY_CTX_get_set_params(void) */ params = EVP_PKEY_CTX_settable_params(ctx); if (!TEST_ptr(params) - || !TEST_ptr(OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_DIGEST_SIZE)) || !TEST_ptr(OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST))) goto err; @@ -1298,8 +1297,6 @@ static int test_EVP_PKEY_CTX_get_set_params(void) if (!TEST_ptr(params) || !TEST_ptr(OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) - || !TEST_ptr(OSSL_PARAM_locate_const(params, - OSSL_SIGNATURE_PARAM_DIGEST_SIZE)) || !TEST_ptr(OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST))) goto err; @@ -1308,16 +1305,20 @@ static int test_EVP_PKEY_CTX_get_set_params(void) * Test getting and setting params via EVP_PKEY_CTX_set_params() and * EVP_PKEY_CTX_get_params() */ - *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, - &mdsize); + strcpy(mdname, "SHA512"); + param_md = param; + *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, + mdname, 0); *param++ = OSSL_PARAM_construct_end(); if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) goto err; - mdsize = 0; + mdname[0] = '\0'; + *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, + mdname, sizeof(mdname)); if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) - || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH)) + || !TEST_str_eq(mdname, "SHA512")) goto err; /* -- 2.25.1