From 0879fac692cb1bff0ec4c196cb364d970ad3ecec Mon Sep 17 00:00:00 2001

From: Clemens Lang <cllang@redhat.com>

Date: Mon, 21 Nov 2022 14:33:57 +0100

Subject: [PATCH 2/3] Obtain PSS salt length from provider

Rather than computing the PSS salt length again in core using

ossl_rsa_ctx_to_pss_string, which calls rsa_ctx_to_pss and computes the

salt length, obtain it from the provider using the

OSSL_SIGNATURE_PARAM_ALGORITHM_ID param to handle the case where the

interpretation of the magic constants in the provider differs from that

of OpenSSL core.

Signed-off-by: Clemens Lang <cllang@redhat.com>

---

 crypto/cms/cms_rsa.c   | 19 +++++++++++++++----

 crypto/rsa/rsa_ameth.c | 34 +++++++++++++++++++++-------------

 2 files changed, 36 insertions(+), 17 deletions(-)

diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c

index 20ed816918..997567fdbf 100644

--- a/crypto/cms/cms_rsa.c

+++ b/crypto/cms/cms_rsa.c

@@ -10,6 +10,7 @@

 #include <assert.h>

 #include <openssl/cms.h>

 #include <openssl/err.h>

+#include <openssl/core_names.h>

 #include "crypto/asn1.h"

 #include "crypto/rsa.h"

 #include "cms_local.h"

@@ -191,7 +192,10 @@ static int rsa_cms_sign(CMS_SignerInfo *si)

     int pad_mode = RSA_PKCS1_PADDING;

     X509_ALGOR *alg;

     EVP_PKEY_CTX *pkctx = CMS_SignerInfo_get0_pkey_ctx(si);

-    ASN1_STRING *os = NULL;

+    unsigned char aid[128];

+    const unsigned char *pp = aid;

+    size_t aid_len = 0;

+    OSSL_PARAM params[2];

     CMS_SignerInfo_get0_algs(si, NULL, NULL, NULL, &alg;;

     if (pkctx != NULL) {

@@ -205,10 +209,17 @@ static int rsa_cms_sign(CMS_SignerInfo *si)

     /* We don't support it */

     if (pad_mode != RSA_PKCS1_PSS_PADDING)

         return 0;

-    os = ossl_rsa_ctx_to_pss_string(pkctx);

-    if (os == NULL)

+

+    params[0] = OSSL_PARAM_construct_octet_string(

+        OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));

+    params[1] = OSSL_PARAM_construct_end();

+

+    if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)

+        return 0;

+    if ((aid_len = params[0].return_size) == 0)

+        return 0;

+    if (d2i_X509_ALGOR(&alg, &pp, aid_len) == NULL)

         return 0;

-    X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_PKEY_RSA_PSS), V_ASN1_SEQUENCE, os);

     return 1;

 }

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c

index c15554505b..61ec53d424 100644

--- a/crypto/rsa/rsa_ameth.c

+++ b/crypto/rsa/rsa_ameth.c

@@ -637,22 +637,30 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, const void *asn,

     if (pad_mode == RSA_PKCS1_PADDING)

         return 2;

     if (pad_mode == RSA_PKCS1_PSS_PADDING) {

-        ASN1_STRING *os1 = NULL;

-        os1 = ossl_rsa_ctx_to_pss_string(pkctx);

-        if (!os1)

+        unsigned char aid[128];

+        size_t aid_len = 0;

+        OSSL_PARAM params[2];

+

+        params[0] = OSSL_PARAM_construct_octet_string(

+            OSSL_SIGNATURE_PARAM_ALGORITHM_ID, aid, sizeof(aid));

+        params[1] = OSSL_PARAM_construct_end();

+

+        if (EVP_PKEY_CTX_get_params(pkctx, params) <= 0)

             return 0;

-        /* Duplicate parameters if we have to */

-        if (alg2) {

-            ASN1_STRING *os2 = ASN1_STRING_dup(os1);

-            if (!os2) {

-                ASN1_STRING_free(os1);

+        if ((aid_len = params[0].return_size) == 0)

+            return 0;

+

+        if (alg1 != NULL) {

+            const unsigned char *pp = aid;

+            if (d2i_X509_ALGOR(&alg1, &pp, aid_len) == NULL)

+                return 0;

+        }

+        if (alg2 != NULL) {

+            const unsigned char *pp = aid;

+            if (d2i_X509_ALGOR(&alg2, &pp, aid_len) == NULL)

                 return 0;

-            }

-            X509_ALGOR_set0(alg2, OBJ_nid2obj(EVP_PKEY_RSA_PSS),

-                            V_ASN1_SEQUENCE, os2);

         }

-        X509_ALGOR_set0(alg1, OBJ_nid2obj(EVP_PKEY_RSA_PSS),

-                        V_ASN1_SEQUENCE, os1);

+

         return 3;

     }

     return 2;

-- 

2.38.1