From: Weili Qian <qianweili@huawei.com> Set rsa signature hash flag, this flag is cleared by their Init function, and set again by their Final function. Signed-off-by: Weili Qian <qianweili@huawei.com> --- src/uadk_prov_rsa_enc.c | 3 +++ src/uadk_prov_rsa_sign.c | 38 +++++++++++++++++++++++++++++++++++--- 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/src/uadk_prov_rsa_enc.c b/src/uadk_prov_rsa_enc.c index c0da4c9..66d9fea 100644 --- a/src/uadk_prov_rsa_enc.c +++ b/src/uadk_prov_rsa_enc.c @@ -353,6 +353,9 @@ static int uadk_rsa_asym_init(void *vprsactx, void *vrsa, RSA_free(priv->rsa); priv->rsa = vrsa; priv->operation = operation; +# if OPENSSL_VERSION_NUMBER >= 0x30200000 + priv->implicit_rejection = 1; +#endif switch (uadk_rsa_test_flags(priv->rsa, RSA_FLAG_TYPE_MASK)) { case RSA_FLAG_TYPE_RSA: diff --git a/src/uadk_prov_rsa_sign.c b/src/uadk_prov_rsa_sign.c index e2b7073..2ecde8a 100644 --- a/src/uadk_prov_rsa_sign.c +++ b/src/uadk_prov_rsa_sign.c @@ -35,7 +35,9 @@ struct PROV_RSA_SIG_CTX { char *propq; RSA *rsa; int operation; - +#if OPENSSL_VERSION_NUMBER >= 0x30400000L + unsigned int flag_sigalg : 1; +#endif /* * Flag to determine if the hash function can be changed (1) or not (0) * Because it's dangerous to change during a DigestSign or DigestVerify @@ -69,6 +71,17 @@ struct PROV_RSA_SIG_CTX { size_t siglen; #endif +#ifdef FIPS_MODULE +#ifdef OPENSSL_VERSION_NUMBER >= 0x30400000L + /* + * FIPS 140-3 IG 2.4.B mandates that verification based on a digest of a + * message is not permitted. However, signing based on a digest is still + * permitted. + */ + int verify_message; +#endif +#endif + /* Temp buffer */ unsigned char *tbuf; @@ -637,6 +650,9 @@ static int uadk_rsa_signverify_init(void *vprsactx, void *vrsa, /* Maximum for sign, auto for verify */ ctx->saltlen = RSA_PSS_SALTLEN_AUTO; ctx->min_saltlen = -1; + ctx->flag_allow_oneshot = 1; + ctx->flag_allow_final = 1; + ctx->flag_allow_update = 1; switch (uadk_rsa_test_flags(ctx->rsa, RSA_FLAG_TYPE_MASK)) { case RSA_FLAG_TYPE_RSA: @@ -1567,6 +1583,7 @@ static int uadk_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *s struct PROV_RSA_SIG_CTX *priv = (struct PROV_RSA_SIG_CTX *)vprsactx; unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int dlen = 0; + int ret; if (!priv) return UADK_P_FAIL; @@ -1589,7 +1606,14 @@ static int uadk_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *s priv->flag_allow_md = 1; - return uadk_signature_rsa_sign(vprsactx, sig, siglen, sigsize, digest, (size_t)dlen); + ret = uadk_signature_rsa_sign(vprsactx, sig, siglen, sigsize, digest, (size_t)dlen); + if (sig != NULL) { + priv->flag_allow_update = 0; + priv->flag_allow_oneshot = 0; + priv->flag_allow_final = 0; + } + + return ret; } static int uadk_signature_rsa_digest_verify_init(void *vprsactx, const char *mdname, @@ -1616,6 +1640,7 @@ static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned struct PROV_RSA_SIG_CTX *priv = (struct PROV_RSA_SIG_CTX *)vprsactx; unsigned char digest[EVP_MAX_MD_SIZE]; unsigned int dlen = 0; + int ret; if (!priv) return UADK_P_FAIL; @@ -1631,7 +1656,14 @@ static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned return UADK_P_FAIL; priv->flag_allow_md = 1; - return uadk_signature_rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen); + + ret = uadk_signature_rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen); + + priv->flag_allow_update = 0; + priv->flag_allow_final = 0; + priv->flag_allow_oneshot = 0; + + return ret; } static void *uadk_signature_rsa_dupctx(void *vprsactx) -- 2.43.0