openssl3/contribs10/0089-PSS-salt-length-from-provider.patch

From 0879fac692cb1bff0ec4c196cb364d970ad3ecec Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 21 Nov 2022 14:33:57 +0100
Subject: [PATCH 2/3] Obtain PSS salt length from provider

Rather than computing the PSS salt length again in core using
ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
salt length, obtain it from the provider using the
OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
interpretation of the magic constants in the provider differs from that
of OpenSSL core.

Signed-off-by: Clemens Lang <cllang@redhat.com>
---
 crypto/cms/cms_rsa.c   | 19 +++++++++++++++----
 crypto/rsa/rsa_ameth.c | 34 +++++++++++++++++++++-------------
 2 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index 20ed816918..997567fdbf 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -10,6 +10,7 @@
 #include <assert.h>
 #include <openssl/cms.h>
 #include <openssl/err.h>
+#include <openssl/core_names.h>
 #include "crypto/asn1.h"
 #include "crypto/rsa.h"
 #include "cms_local.h"
@@ -191,7 +192,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
     int pad_mode = RSA_PKCS1_PADDING;
     X509_ALGOR *alg;
     EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
-    ASN1_STRING *os = NULL;
+    unsigned char aid[128];
+    const unsigned char *pp = aid;
+    size_t aid_len = 0;
+    OSSL_PARAM params[2];
 
     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
     if (pkctx != NULL) {
@@ -205,10 +209,17 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
     /* We don't support it */
     if (pad_mode != RSA_PKCS1_PSS_PADDING)
         return 0;
-    os = ossl_rsa_ctx_to_pss_string(pkctx);
-    if (os == NULL)
+
+    params[0] = OSSL_PARAM_construct_octet_string(
+        OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
+    params[1] = OSSL_PARAM_construct_end();
+
+    if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
+        return 0;
+    if ((aid_len = params[0].return_size) == 0)
+        return 0;
+    if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL)
         return 0;
-    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
     return 1;
 }
 
diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index c15554505b..61ec53d424 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -637,22 +637,30 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,
     if (pad_mode == RSA_PKCS1_PADDING)
         return 2;
     if (pad_mode == RSA_PKCS1_PSS_PADDING) {
-        ASN1_STRING *os1 = NULL;
-        os1 = ossl_rsa_ctx_to_pss_string(pkctx);
-        if (!os1)
+        unsigned char aid[128];
+        size_t aid_len = 0;
+        OSSL_PARAM params[2];
+
+        params[0] = OSSL_PARAM_construct_octet_string(
+            OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
+        params[1] = OSSL_PARAM_construct_end();
+
+        if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
             return 0;
-        /* Duplicate parameters if we have to */
-        if (alg2) {
-            ASN1_STRING *os2 = ASN1_STRING_dup(os1);
-            if (!os2) {
-                ASN1_STRING_free(os1);
+        if ((aid_len = params[0].return_size) == 0)
+            return 0;
+
+        if (alg1 != NULL) {
+            const unsigned char *pp = aid;
+            if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)
+                return 0;
+        }
+        if (alg2 != NULL) {
+            const unsigned char *pp = aid;
+            if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)
                 return 0;
-            }
-            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
-                            V_ASN1_SEQUENCE, os2);
         }
-        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
-                        V_ASN1_SEQUENCE, os1);
+
         return 3;
     }
     return 2;
-- 
2.38.1

1	jpp	1.1	From 0879fac692cb1bff0ec4c196cb364d970ad3ecec Mon Sep 17 00:00:00 2001
2			From: Clemens Lang <cllang@redhat.com>
3			Date: Mon, 21 Nov 2022 14:33:57 +0100
4			Subject: [PATCH 2/3] Obtain PSS salt length from provider
5
6			Rather than computing the PSS salt length again in core using
7			ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the
8			salt length, obtain it from the provider using the
9			OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the
10			interpretation of the magic constants in the provider differs from that
11			of OpenSSL core.
12
13			Signed-off-by: Clemens Lang <cllang@redhat.com>
14			---
15			crypto/cms/cms_rsa.c \| 19 +++++++++++++++----
16			crypto/rsa/rsa_ameth.c \| 34 +++++++++++++++++++++-------------
17			2 files changed, 36 insertions(+), 17 deletions(-)
18
19			diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
20			index 20ed816918..997567fdbf 100644
21			--- a/crypto/cms/cms_rsa.c
22			+++ b/crypto/cms/cms_rsa.c
23			@@ -10,6 +10,7 @@
24			#include <assert.h>
25			#include <openssl/cms.h>
26			#include <openssl/err.h>
27			+#include <openssl/core_names.h>
28			#include "crypto/asn1.h"
29			#include "crypto/rsa.h"
30			#include "cms_local.h"
31			@@ -191,7 +192,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
32			int pad_mode = RSA_PKCS1_PADDING;
33			X509_ALGOR *alg;
34			EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);
35			- ASN1_STRING *os = NULL;
36			+ unsigned char aid[128];
37			+ const unsigned char *pp = aid;
38			+ size_t aid_len = 0;
39			+ OSSL_PARAM params[2];
40
41			CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg);
42			if (pkctx != NULL) {
43			@@ -205,10 +209,17 @@ static int rsa_cms_sign(CMS_SignerInfo *si)
44			/* We don't support it */
45			if (pad_mode != RSA_PKCS1_PSS_PADDING)
46			return 0;
47			- os = ossl_rsa_ctx_to_pss_string(pkctx);
48			- if (os == NULL)
49			+
50			+ params[0] = OSSL_PARAM_construct_octet_string(
51			+ OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
52			+ params[1] = OSSL_PARAM_construct_end();
53			+
54			+ if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
55			+ return 0;
56			+ if ((aid_len = params[0].return_size) == 0)
57			+ return 0;
58			+ if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL)
59			return 0;
60			- X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);
61			return 1;
62			}
63
64			diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
65			index c15554505b..61ec53d424 100644
66			--- a/crypto/rsa/rsa_ameth.c
67			+++ b/crypto/rsa/rsa_ameth.c
68			@@ -637,22 +637,30 @@ static int rsa_item_sign(EVP_MD_CTX ctx, const ASN1_ITEM it, const void *asn,
69			if (pad_mode == RSA_PKCS1_PADDING)
70			return 2;
71			if (pad_mode == RSA_PKCS1_PSS_PADDING) {
72			- ASN1_STRING *os1 = NULL;
73			- os1 = ossl_rsa_ctx_to_pss_string(pkctx);
74			- if (!os1)
75			+ unsigned char aid[128];
76			+ size_t aid_len = 0;
77			+ OSSL_PARAM params[2];
78			+
79			+ params[0] = OSSL_PARAM_construct_octet_string(
80			+ OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));
81			+ params[1] = OSSL_PARAM_construct_end();
82			+
83			+ if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)
84			return 0;
85			- /* Duplicate parameters if we have to */
86			- if (alg2) {
87			- ASN1_STRING *os2 = ASN1_STRING_dup(os1);
88			- if (!os2) {
89			- ASN1_STRING_free(os1);
90			+ if ((aid_len = params[0].return_size) == 0)
91			+ return 0;
92			+
93			+ if (alg1 != NULL) {
94			+ const unsigned char *pp = aid;
95			+ if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)
96			+ return 0;
97			+ }
98			+ if (alg2 != NULL) {
99			+ const unsigned char *pp = aid;
100			+ if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)
101			return 0;
102			- }
103			- X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
104			- V_ASN1_SEQUENCE, os2);
105			}
106			- X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),
107			- V_ASN1_SEQUENCE, os1);
108			+
109			return 3;
110			}
111			return 2;
112			--
113			2.38.1
114