1 /* 2 * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <openssl/crypto.h> 17 #include <openssl/evp.h> 18 #include <openssl/core_dispatch.h> 19 #include <openssl/core_names.h> 20 #include <openssl/rsa.h> 21 #include <openssl/params.h> 22 #include <openssl/err.h> 23 #include <openssl/proverr.h> 24 /* Just for SSL_MAX_MASTER_KEY_LENGTH */ 25 #include <openssl/prov_ssl.h> 26 #include "internal/constant_time.h" 27 #include "internal/sizes.h" 28 #include "crypto/rsa.h" 29 #include "prov/provider_ctx.h" 30 #include "prov/implementations.h" 31 #include "prov/providercommon.h" 32 #include "prov/securitycheck.h" 33 #include <stdlib.h> 34 35 static OSSL_FUNC_asym_cipher_newctx_fn rsa_newctx; 36 static OSSL_FUNC_asym_cipher_encrypt_init_fn rsa_encrypt_init; 37 static OSSL_FUNC_asym_cipher_encrypt_fn rsa_encrypt; 38 static OSSL_FUNC_asym_cipher_decrypt_init_fn rsa_decrypt_init; 39 static OSSL_FUNC_asym_cipher_decrypt_fn rsa_decrypt; 40 static OSSL_FUNC_asym_cipher_freectx_fn rsa_freectx; 41 static OSSL_FUNC_asym_cipher_dupctx_fn rsa_dupctx; 42 static OSSL_FUNC_asym_cipher_get_ctx_params_fn rsa_get_ctx_params; 43 static OSSL_FUNC_asym_cipher_gettable_ctx_params_fn rsa_gettable_ctx_params; 44 static OSSL_FUNC_asym_cipher_set_ctx_params_fn rsa_set_ctx_params; 45 static OSSL_FUNC_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params; 46 47 static OSSL_ITEM padding_item[] = { 48 { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, 49 { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, 50 { RSA_PKCS1_OAEP_PADDING, OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */ 51 { RSA_PKCS1_OAEP_PADDING, "oeap" }, 52 { 0, NULL } 53 }; 54 55 /* 56 * What's passed as an actual key is defined by the KEYMGMT interface. 57 * We happen to know that our KEYMGMT simply passes RSA structures, so 58 * we use that here too. 59 */ 60 61 typedef struct { 62 OSSL_LIB_CTX *libctx; 63 RSA *rsa; 64 int pad_mode; 65 int operation; 66 /* OAEP message digest */ 67 EVP_MD *oaep_md; 68 /* message digest for MGF1 */ 69 EVP_MD *mgf1_md; 70 /* OAEP label */ 71 unsigned char *oaep_label; 72 size_t oaep_labellen; 73 /* TLS padding */ 74 unsigned int client_version; 75 unsigned int alt_version; 76 /* PKCS#1 v1.5 decryption mode */ 77 unsigned int implicit_rejection; 78 OSSL_FIPS_IND_DECLARE 79 } PROV_RSA_CTX; 80 81 static void *rsa_newctx(void *provctx) 82 { 83 PROV_RSA_CTX *prsactx; 84 85 if (!ossl_prov_is_running()) 86 return NULL; 87 prsactx = OPENSSL_zalloc(sizeof(PROV_RSA_CTX)); 88 if (prsactx == NULL) 89 return NULL; 90 prsactx->libctx = PROV_LIBCTX_OF(provctx); 91 OSSL_FIPS_IND_INIT(prsactx) 92 93 return prsactx; 94 } 95 96 static int rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[], 97 int operation, const char *desc) 98 { 99 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 100 int protect = 0; 101 102 if (!ossl_prov_is_running() || prsactx == NULL || vrsa == NULL) 103 return 0; 104 105 if (!ossl_rsa_key_op_get_protect(vrsa, operation, &protect)) 106 return 0; 107 if (!RSA_up_ref(vrsa)) 108 return 0; 109 RSA_free(prsactx->rsa); 110 prsactx->rsa = vrsa; 111 prsactx->operation = operation; 112 prsactx->implicit_rejection = 1; 113 114 switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { 115 case RSA_FLAG_TYPE_RSA: 116 prsactx->pad_mode = RSA_PKCS1_PADDING; 117 break; 118 default: 119 /* This should not happen due to the check above */ 120 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 121 return 0; 122 } 123 124 OSSL_FIPS_IND_SET_APPROVED(prsactx) 125 if (!rsa_set_ctx_params(prsactx, params)) 126 return 0; 127 #ifdef FIPS_MODULE 128 if (!ossl_fips_ind_rsa_key_check(OSSL_FIPS_IND_GET(prsactx), 129 OSSL_FIPS_IND_SETTABLE0, prsactx->libctx, 130 prsactx->rsa, desc, protect)) 131 return 0; 132 #endif 133 return 1; 134 } 135 136 static int rsa_encrypt_init(void *vprsactx, void *vrsa, 137 const OSSL_PARAM params[]) 138 { 139 return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_ENCRYPT, 140 "RSA Encrypt Init"); 141 } 142 143 static int rsa_decrypt_init(void *vprsactx, void *vrsa, 144 const OSSL_PARAM params[]) 145 { 146 return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT, 147 "RSA Decrypt Init"); 148 } 149 150 static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, 151 size_t outsize, const unsigned char *in, size_t inlen) 152 { 153 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 154 int ret; 155 156 if (!ossl_prov_is_running()) 157 return 0; 158 159 #ifdef FIPS_MODULE 160 if ((prsactx->pad_mode == RSA_PKCS1_PADDING 161 || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) 162 && !OSSL_FIPS_IND_ON_UNAPPROVED(prsactx, OSSL_FIPS_IND_SETTABLE1, 163 prsactx->libctx, "RSA Encrypt", 164 "PKCS#1 v1.5 padding", 165 ossl_fips_config_rsa_pkcs15_padding_disabled)) { 166 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); 167 return 0; 168 } 169 #endif 170 171 if (out == NULL) { 172 size_t len = RSA_size(prsactx->rsa); 173 174 if (len == 0) { 175 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); 176 return 0; 177 } 178 *outlen = len; 179 return 1; 180 } 181 182 if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { 183 int rsasize = RSA_size(prsactx->rsa); 184 unsigned char *tbuf; 185 186 if ((tbuf = OPENSSL_malloc(rsasize)) == NULL) 187 return 0; 188 if (prsactx->oaep_md == NULL) { 189 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, "SHA-1", NULL); 190 if (prsactx->oaep_md == NULL) { 191 OPENSSL_free(tbuf); 192 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 193 return 0; 194 } 195 } 196 ret = 197 ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, 198 rsasize, in, inlen, 199 prsactx->oaep_label, 200 prsactx->oaep_labellen, 201 prsactx->oaep_md, 202 prsactx->mgf1_md); 203 204 if (!ret) { 205 OPENSSL_free(tbuf); 206 return 0; 207 } 208 ret = RSA_public_encrypt(rsasize, tbuf, out, prsactx->rsa, 209 RSA_NO_PADDING); 210 OPENSSL_free(tbuf); 211 } else { 212 ret = RSA_public_encrypt(inlen, in, out, prsactx->rsa, 213 prsactx->pad_mode); 214 } 215 /* A ret value of 0 is not an error */ 216 if (ret < 0) 217 return ret; 218 *outlen = ret; 219 return 1; 220 } 221 222 static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, 223 size_t outsize, const unsigned char *in, size_t inlen) 224 { 225 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 226 int ret; 227 int pad_mode; 228 size_t len = RSA_size(prsactx->rsa); 229 230 if (!ossl_prov_is_running()) 231 return 0; 232 233 if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { 234 if (out == NULL) { 235 *outlen = SSL_MAX_MASTER_KEY_LENGTH; 236 return 1; 237 } 238 if (outsize < SSL_MAX_MASTER_KEY_LENGTH) { 239 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); 240 return 0; 241 } 242 } else { 243 if (out == NULL) { 244 if (len == 0) { 245 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); 246 return 0; 247 } 248 *outlen = len; 249 return 1; 250 } 251 252 if (outsize < len) { 253 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); 254 return 0; 255 } 256 } 257 258 if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING 259 || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { 260 unsigned char *tbuf; 261 262 if ((tbuf = OPENSSL_malloc(len)) == NULL) 263 return 0; 264 ret = RSA_private_decrypt(inlen, in, tbuf, prsactx->rsa, 265 RSA_NO_PADDING); 266 /* 267 * With no padding then, on success ret should be len, otherwise an 268 * error occurred (non-constant time) 269 */ 270 if (ret != (int)len) { 271 OPENSSL_free(tbuf); 272 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_DECRYPT); 273 return 0; 274 } 275 if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { 276 if (prsactx->oaep_md == NULL) { 277 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, "SHA-1", NULL); 278 if (prsactx->oaep_md == NULL) { 279 OPENSSL_free(tbuf); 280 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 281 return 0; 282 } 283 } 284 ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, outsize, tbuf, 285 len, len, 286 prsactx->oaep_label, 287 prsactx->oaep_labellen, 288 prsactx->oaep_md, 289 prsactx->mgf1_md); 290 } else { 291 /* RSA_PKCS1_WITH_TLS_PADDING */ 292 if (prsactx->client_version <= 0) { 293 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_TLS_CLIENT_VERSION); 294 OPENSSL_free(tbuf); 295 return 0; 296 } 297 ret = ossl_rsa_padding_check_PKCS1_type_2_TLS( 298 prsactx->libctx, out, outsize, tbuf, len, 299 prsactx->client_version, prsactx->alt_version); 300 } 301 OPENSSL_free(tbuf); 302 } else { 303 if ((prsactx->implicit_rejection == 0) && 304 (prsactx->pad_mode == RSA_PKCS1_PADDING)) 305 pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; 306 else 307 pad_mode = prsactx->pad_mode; 308 ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode); 309 } 310 *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); 311 ret = constant_time_select_int(constant_time_msb(ret), 0, 1); 312 return ret; 313 } 314 315 static void rsa_freectx(void *vprsactx) 316 { 317 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 318 319 RSA_free(prsactx->rsa); 320 321 EVP_MD_free(prsactx->oaep_md); 322 EVP_MD_free(prsactx->mgf1_md); 323 OPENSSL_free(prsactx->oaep_label); 324 325 OPENSSL_free(prsactx); 326 } 327 328 static void *rsa_dupctx(void *vprsactx) 329 { 330 PROV_RSA_CTX *srcctx = (PROV_RSA_CTX *)vprsactx; 331 PROV_RSA_CTX *dstctx; 332 333 if (!ossl_prov_is_running()) 334 return NULL; 335 336 dstctx = OPENSSL_zalloc(sizeof(*srcctx)); 337 if (dstctx == NULL) 338 return NULL; 339 340 *dstctx = *srcctx; 341 if (dstctx->rsa != NULL && !RSA_up_ref(dstctx->rsa)) { 342 OPENSSL_free(dstctx); 343 return NULL; 344 } 345 346 if (dstctx->oaep_md != NULL && !EVP_MD_up_ref(dstctx->oaep_md)) { 347 RSA_free(dstctx->rsa); 348 OPENSSL_free(dstctx); 349 return NULL; 350 } 351 352 if (dstctx->mgf1_md != NULL && !EVP_MD_up_ref(dstctx->mgf1_md)) { 353 RSA_free(dstctx->rsa); 354 EVP_MD_free(dstctx->oaep_md); 355 OPENSSL_free(dstctx); 356 return NULL; 357 } 358 359 return dstctx; 360 } 361 362 static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) 363 { 364 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 365 OSSL_PARAM *p; 366 367 if (prsactx == NULL) 368 return 0; 369 370 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE); 371 if (p != NULL) 372 switch (p->data_type) { 373 case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ 374 if (!OSSL_PARAM_set_int(p, prsactx->pad_mode)) 375 return 0; 376 break; 377 case OSSL_PARAM_UTF8_STRING: 378 { 379 int i; 380 const char *word = NULL; 381 382 for (i = 0; padding_item[i].id != 0; i++) { 383 if (prsactx->pad_mode == (int)padding_item[i].id) { 384 word = padding_item[i].ptr; 385 break; 386 } 387 } 388 389 if (word != NULL) { 390 if (!OSSL_PARAM_set_utf8_string(p, word)) 391 return 0; 392 } else { 393 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 394 } 395 } 396 break; 397 default: 398 return 0; 399 } 400 401 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); 402 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->oaep_md == NULL 403 ? "" 404 : EVP_MD_get0_name(prsactx->oaep_md))) 405 return 0; 406 407 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); 408 if (p != NULL) { 409 EVP_MD *mgf1_md = prsactx->mgf1_md == NULL ? prsactx->oaep_md 410 : prsactx->mgf1_md; 411 412 if (!OSSL_PARAM_set_utf8_string(p, mgf1_md == NULL 413 ? "" 414 : EVP_MD_get0_name(mgf1_md))) 415 return 0; 416 } 417 418 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL); 419 if (p != NULL && 420 !OSSL_PARAM_set_octet_ptr(p, prsactx->oaep_label, 421 prsactx->oaep_labellen)) 422 return 0; 423 424 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); 425 if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->client_version)) 426 return 0; 427 428 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION); 429 if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version)) 430 return 0; 431 432 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); 433 if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) 434 return 0; 435 if (!OSSL_FIPS_IND_GET_CTX_PARAM(prsactx, params)) 436 return 0; 437 return 1; 438 } 439 440 static const OSSL_PARAM known_gettable_ctx_params[] = { 441 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), 442 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), 443 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), 444 OSSL_PARAM_DEFN(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, 445 NULL, 0), 446 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), 447 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), 448 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), 449 OSSL_FIPS_IND_GETTABLE_CTX_PARAM() 450 OSSL_PARAM_END 451 }; 452 453 static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, 454 ossl_unused void *provctx) 455 { 456 return known_gettable_ctx_params; 457 } 458 459 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) 460 { 461 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 462 const OSSL_PARAM *p; 463 char mdname[OSSL_MAX_NAME_SIZE]; 464 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' }; 465 char *str = NULL; 466 467 if (prsactx == NULL) 468 return 0; 469 if (ossl_param_is_empty(params)) 470 return 1; 471 472 if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, params, 473 OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK)) 474 return 0; 475 if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, params, 476 OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED)) 477 return 0; 478 479 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); 480 if (p != NULL) { 481 str = mdname; 482 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) 483 return 0; 484 485 p = OSSL_PARAM_locate_const(params, 486 OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS); 487 if (p != NULL) { 488 str = mdprops; 489 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) 490 return 0; 491 } 492 493 EVP_MD_free(prsactx->oaep_md); 494 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, mdname, mdprops); 495 496 if (prsactx->oaep_md == NULL) 497 return 0; 498 } 499 500 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE); 501 if (p != NULL) { 502 int pad_mode = 0; 503 504 switch (p->data_type) { 505 case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ 506 if (!OSSL_PARAM_get_int(p, &pad_mode)) 507 return 0; 508 break; 509 case OSSL_PARAM_UTF8_STRING: 510 { 511 int i; 512 513 if (p->data == NULL) 514 return 0; 515 516 for (i = 0; padding_item[i].id != 0; i++) { 517 if (strcmp(p->data, padding_item[i].ptr) == 0) { 518 pad_mode = padding_item[i].id; 519 break; 520 } 521 } 522 } 523 break; 524 default: 525 return 0; 526 } 527 528 /* 529 * PSS padding is for signatures only so is not compatible with 530 * asymmetric cipher use. 531 */ 532 if (pad_mode == RSA_PKCS1_PSS_PADDING) 533 return 0; 534 if (pad_mode == RSA_PKCS1_OAEP_PADDING && prsactx->oaep_md == NULL) { 535 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, "SHA1", mdprops); 536 if (prsactx->oaep_md == NULL) 537 return 0; 538 } 539 prsactx->pad_mode = pad_mode; 540 } 541 542 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); 543 if (p != NULL) { 544 str = mdname; 545 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) 546 return 0; 547 548 p = OSSL_PARAM_locate_const(params, 549 OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS); 550 if (p != NULL) { 551 str = mdprops; 552 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) 553 return 0; 554 } else { 555 str = NULL; 556 } 557 558 EVP_MD_free(prsactx->mgf1_md); 559 prsactx->mgf1_md = EVP_MD_fetch(prsactx->libctx, mdname, str); 560 561 if (prsactx->mgf1_md == NULL) 562 return 0; 563 } 564 565 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL); 566 if (p != NULL) { 567 void *tmp_label = NULL; 568 size_t tmp_labellen; 569 570 if (!OSSL_PARAM_get_octet_string(p, &tmp_label, 0, &tmp_labellen)) 571 return 0; 572 OPENSSL_free(prsactx->oaep_label); 573 prsactx->oaep_label = (unsigned char *)tmp_label; 574 prsactx->oaep_labellen = tmp_labellen; 575 } 576 577 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); 578 if (p != NULL) { 579 unsigned int client_version; 580 581 if (!OSSL_PARAM_get_uint(p, &client_version)) 582 return 0; 583 prsactx->client_version = client_version; 584 } 585 586 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION); 587 if (p != NULL) { 588 unsigned int alt_version; 589 590 if (!OSSL_PARAM_get_uint(p, &alt_version)) 591 return 0; 592 prsactx->alt_version = alt_version; 593 } 594 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); 595 if (p != NULL) { 596 unsigned int implicit_rejection; 597 598 if (!OSSL_PARAM_get_uint(p, &implicit_rejection)) 599 return 0; 600 prsactx->implicit_rejection = implicit_rejection; 601 } 602 return 1; 603 } 604 605 static const OSSL_PARAM known_settable_ctx_params[] = { 606 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), 607 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, NULL, 0), 608 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), 609 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), 610 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS, NULL, 0), 611 OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), 612 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), 613 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), 614 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), 615 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK) 616 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED) 617 OSSL_PARAM_END 618 }; 619 620 static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *vprsactx, 621 ossl_unused void *provctx) 622 { 623 return known_settable_ctx_params; 624 } 625 626 const OSSL_DISPATCH ossl_rsa_asym_cipher_functions[] = { 627 { OSSL_FUNC_ASYM_CIPHER_NEWCTX, (void (*)(void))rsa_newctx }, 628 { OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT, (void (*)(void))rsa_encrypt_init }, 629 { OSSL_FUNC_ASYM_CIPHER_ENCRYPT, (void (*)(void))rsa_encrypt }, 630 { OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT, (void (*)(void))rsa_decrypt_init }, 631 { OSSL_FUNC_ASYM_CIPHER_DECRYPT, (void (*)(void))rsa_decrypt }, 632 { OSSL_FUNC_ASYM_CIPHER_FREECTX, (void (*)(void))rsa_freectx }, 633 { OSSL_FUNC_ASYM_CIPHER_DUPCTX, (void (*)(void))rsa_dupctx }, 634 { OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS, 635 (void (*)(void))rsa_get_ctx_params }, 636 { OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS, 637 (void (*)(void))rsa_gettable_ctx_params }, 638 { OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS, 639 (void (*)(void))rsa_set_ctx_params }, 640 { OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS, 641 (void (*)(void))rsa_settable_ctx_params }, 642 OSSL_DISPATCH_END 643 }; 644