[PATCH] uadk_provider: set rsa sign hash flag

18 Jun 2026

From: Weili Qian <qianweili@huawei.com>

Set rsa signature hash flag, this flag is cleared by their
Init function, and set again by their Final function.

Signed-off-by: Weili Qian <qianweili@huawei.com>
---
 src/uadk_prov_rsa_enc.c  |  3 +++
 src/uadk_prov_rsa_sign.c | 15 ++++++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/uadk_prov_rsa_enc.c b/src/uadk_prov_rsa_enc.c
index c0da4c9..66d9fea 100644
--- a/src/uadk_prov_rsa_enc.c
+++ b/src/uadk_prov_rsa_enc.c
@@ -353,6 +353,9 @@ static int uadk_rsa_asym_init(void *vprsactx, void *vrsa,
 	RSA_free(priv->rsa);
 	priv->rsa = vrsa;
 	priv->operation = operation;
+# if OPENSSL_VERSION_NUMBER >= 0x30200000
+	priv->implicit_rejection = 1;
+#endif
 
 	switch (uadk_rsa_test_flags(priv->rsa, RSA_FLAG_TYPE_MASK)) {
 	case RSA_FLAG_TYPE_RSA:
diff --git a/src/uadk_prov_rsa_sign.c b/src/uadk_prov_rsa_sign.c
index e2b7073..249dcc7 100644
--- a/src/uadk_prov_rsa_sign.c
+++ b/src/uadk_prov_rsa_sign.c
@@ -35,7 +35,9 @@ struct PROV_RSA_SIG_CTX {
 	char *propq;
 	RSA *rsa;
 	int operation;
-
+#if OPENSSL_VERSION_NUMBER >= 0x30400000L
+	unsigned int flag_sigalg : 1;
+#endif
 	/*
 	 * Flag to determine if the hash function can be changed (1) or not (0)
 	 * Because it's dangerous to change during a DigestSign or DigestVerify
@@ -637,6 +639,9 @@ static int uadk_rsa_signverify_init(void *vprsactx, void *vrsa,
 	/* Maximum for sign, auto for verify */
 	ctx->saltlen = RSA_PSS_SALTLEN_AUTO;
 	ctx->min_saltlen = -1;
+	ctx->flag_allow_oneshot = 1;
+	ctx->flag_allow_final = 1;
+	ctx->flag_allow_update = 1;
 
 	switch (uadk_rsa_test_flags(ctx->rsa, RSA_FLAG_TYPE_MASK)) {
 	case RSA_FLAG_TYPE_RSA:
@@ -1585,6 +1590,10 @@ static int uadk_signature_rsa_digest_sign_final(void *vprsactx, unsigned char *s
 		 */
 		if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen))
 			return UADK_P_FAIL;
+
+		priv->flag_allow_update = 0;
+		priv->flag_allow_oneshot = 0;
+		priv->flag_allow_final = 0;
 	}
 
 	priv->flag_allow_md = 1;
@@ -1630,6 +1639,10 @@ static int uadk_signature_rsa_digest_verify_final(void *vprsactx, const unsigned
 	if (!EVP_DigestFinal_ex(priv->mdctx, digest, &dlen))
 		return UADK_P_FAIL;
 
+	priv->flag_allow_update = 0;
+	priv->flag_allow_final = 0;
+	priv->flag_allow_oneshot = 0;
+
 	priv->flag_allow_md = 1;
 	return uadk_signature_rsa_verify(vprsactx, sig, siglen, digest, (size_t)dlen);
 }
-- 
2.43.0

    

ZongYu Wu

tags

participants (1)