1 /* 2 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* 11 * RSA low level APIs are deprecated for public use, but still ok for 12 * internal use. 13 */ 14 #include "internal/deprecated.h" 15 16 #include <openssl/crypto.h> 17 #include <openssl/evp.h> 18 #include <openssl/core_dispatch.h> 19 #include <openssl/core_names.h> 20 #include <openssl/rsa.h> 21 #include <openssl/params.h> 22 #include <openssl/err.h> 23 #include <openssl/proverr.h> 24 /* Just for SSL_MAX_MASTER_KEY_LENGTH */ 25 #include <openssl/prov_ssl.h> 26 #include "internal/constant_time.h" 27 #include "internal/sizes.h" 28 #include "crypto/rsa.h" 29 #include "prov/provider_ctx.h" 30 #include "prov/implementations.h" 31 #include "prov/providercommon.h" 32 #include "prov/securitycheck.h" 33 #include <stdlib.h> 34 35 static OSSL_FUNC_asym_cipher_newctx_fn rsa_newctx; 36 static OSSL_FUNC_asym_cipher_encrypt_init_fn rsa_encrypt_init; 37 static OSSL_FUNC_asym_cipher_encrypt_fn rsa_encrypt; 38 static OSSL_FUNC_asym_cipher_decrypt_init_fn rsa_decrypt_init; 39 static OSSL_FUNC_asym_cipher_decrypt_fn rsa_decrypt; 40 static OSSL_FUNC_asym_cipher_freectx_fn rsa_freectx; 41 static OSSL_FUNC_asym_cipher_dupctx_fn rsa_dupctx; 42 static OSSL_FUNC_asym_cipher_get_ctx_params_fn rsa_get_ctx_params; 43 static OSSL_FUNC_asym_cipher_gettable_ctx_params_fn rsa_gettable_ctx_params; 44 static OSSL_FUNC_asym_cipher_set_ctx_params_fn rsa_set_ctx_params; 45 static OSSL_FUNC_asym_cipher_settable_ctx_params_fn rsa_settable_ctx_params; 46 47 static OSSL_ITEM padding_item[] = { 48 { RSA_PKCS1_PADDING, OSSL_PKEY_RSA_PAD_MODE_PKCSV15 }, 49 { RSA_NO_PADDING, OSSL_PKEY_RSA_PAD_MODE_NONE }, 50 { RSA_PKCS1_OAEP_PADDING, OSSL_PKEY_RSA_PAD_MODE_OAEP }, /* Correct spelling first */ 51 { RSA_PKCS1_OAEP_PADDING, "oeap" }, 52 { 0, NULL } 53 }; 54 55 /* 56 * What's passed as an actual key is defined by the KEYMGMT interface. 57 * We happen to know that our KEYMGMT simply passes RSA structures, so 58 * we use that here too. 59 */ 60 61 typedef struct { 62 OSSL_LIB_CTX *libctx; 63 RSA *rsa; 64 int pad_mode; 65 int operation; 66 /* OAEP message digest */ 67 EVP_MD *oaep_md; 68 /* message digest for MGF1 */ 69 EVP_MD *mgf1_md; 70 /* OAEP label */ 71 unsigned char *oaep_label; 72 size_t oaep_labellen; 73 /* TLS padding */ 74 unsigned int client_version; 75 unsigned int alt_version; 76 /* PKCS#1 v1.5 decryption mode */ 77 unsigned int implicit_rejection; 78 OSSL_FIPS_IND_DECLARE 79 } PROV_RSA_CTX; 80 81 static void *rsa_newctx(void *provctx) 82 { 83 PROV_RSA_CTX *prsactx; 84 85 if (!ossl_prov_is_running()) 86 return NULL; 87 prsactx = OPENSSL_zalloc(sizeof(PROV_RSA_CTX)); 88 if (prsactx == NULL) 89 return NULL; 90 prsactx->libctx = PROV_LIBCTX_OF(provctx); 91 OSSL_FIPS_IND_INIT(prsactx) 92 93 return prsactx; 94 } 95 96 static int rsa_init(void *vprsactx, void *vrsa, const OSSL_PARAM params[], 97 int operation, const char *desc) 98 { 99 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 100 int protect = 0; 101 102 if (!ossl_prov_is_running() || prsactx == NULL || vrsa == NULL) 103 return 0; 104 105 if (!ossl_rsa_key_op_get_protect(vrsa, operation, &protect)) 106 return 0; 107 if (!RSA_up_ref(vrsa)) 108 return 0; 109 RSA_free(prsactx->rsa); 110 prsactx->rsa = vrsa; 111 prsactx->operation = operation; 112 prsactx->implicit_rejection = 1; 113 114 switch (RSA_test_flags(prsactx->rsa, RSA_FLAG_TYPE_MASK)) { 115 case RSA_FLAG_TYPE_RSA: 116 prsactx->pad_mode = RSA_PKCS1_PADDING; 117 break; 118 default: 119 /* This should not happen due to the check above */ 120 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 121 return 0; 122 } 123 124 OSSL_FIPS_IND_SET_APPROVED(prsactx) 125 if (!rsa_set_ctx_params(prsactx, params)) 126 return 0; 127 #ifdef FIPS_MODULE 128 if (!ossl_fips_ind_rsa_key_check(OSSL_FIPS_IND_GET(prsactx), 129 OSSL_FIPS_IND_SETTABLE0, prsactx->libctx, 130 prsactx->rsa, desc, protect)) 131 return 0; 132 #endif 133 return 1; 134 } 135 136 static int rsa_encrypt_init(void *vprsactx, void *vrsa, 137 const OSSL_PARAM params[]) 138 { 139 return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_ENCRYPT, 140 "RSA Encrypt Init"); 141 } 142 143 static int rsa_decrypt_init(void *vprsactx, void *vrsa, 144 const OSSL_PARAM params[]) 145 { 146 return rsa_init(vprsactx, vrsa, params, EVP_PKEY_OP_DECRYPT, 147 "RSA Decrypt Init"); 148 } 149 150 static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen, 151 size_t outsize, const unsigned char *in, size_t inlen) 152 { 153 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 154 size_t len = RSA_size(prsactx->rsa); 155 int ret; 156 157 if (!ossl_prov_is_running()) 158 return 0; 159 160 #ifdef FIPS_MODULE 161 if ((prsactx->pad_mode == RSA_PKCS1_PADDING 162 || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) 163 && !OSSL_FIPS_IND_ON_UNAPPROVED(prsactx, OSSL_FIPS_IND_SETTABLE1, 164 prsactx->libctx, "RSA Encrypt", 165 "PKCS#1 v1.5 padding", 166 ossl_fips_config_rsa_pkcs15_padding_disabled)) { 167 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_PADDING_MODE); 168 return 0; 169 } 170 #endif 171 172 if (len == 0) { 173 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); 174 return 0; 175 } 176 177 if (out == NULL) { 178 *outlen = len; 179 return 1; 180 } 181 182 if (outsize < len) { 183 ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); 184 return 0; 185 } 186 187 if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { 188 int rsasize = RSA_size(prsactx->rsa); 189 unsigned char *tbuf; 190 191 if ((tbuf = OPENSSL_malloc(rsasize)) == NULL) 192 return 0; 193 if (prsactx->oaep_md == NULL) { 194 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, "SHA-1", NULL); 195 if (prsactx->oaep_md == NULL) { 196 OPENSSL_free(tbuf); 197 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 198 return 0; 199 } 200 } 201 ret = 202 ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(prsactx->libctx, tbuf, 203 rsasize, in, inlen, 204 prsactx->oaep_label, 205 prsactx->oaep_labellen, 206 prsactx->oaep_md, 207 prsactx->mgf1_md); 208 209 if (!ret) { 210 OPENSSL_free(tbuf); 211 return 0; 212 } 213 ret = RSA_public_encrypt(rsasize, tbuf, out, prsactx->rsa, 214 RSA_NO_PADDING); 215 OPENSSL_free(tbuf); 216 } else { 217 ret = RSA_public_encrypt(inlen, in, out, prsactx->rsa, 218 prsactx->pad_mode); 219 } 220 /* A ret value of 0 is not an error */ 221 if (ret < 0) 222 return ret; 223 *outlen = ret; 224 return 1; 225 } 226 227 static int rsa_decrypt(void *vprsactx, unsigned char *out, size_t *outlen, 228 size_t outsize, const unsigned char *in, size_t inlen) 229 { 230 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 231 int ret; 232 int pad_mode; 233 size_t len = RSA_size(prsactx->rsa); 234 235 if (!ossl_prov_is_running()) 236 return 0; 237 238 if (prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { 239 if (out == NULL) { 240 *outlen = SSL_MAX_MASTER_KEY_LENGTH; 241 return 1; 242 } 243 if (outsize < SSL_MAX_MASTER_KEY_LENGTH) { 244 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); 245 return 0; 246 } 247 } else { 248 if (out == NULL) { 249 if (len == 0) { 250 ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); 251 return 0; 252 } 253 *outlen = len; 254 return 1; 255 } 256 257 if (outsize < len) { 258 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH); 259 return 0; 260 } 261 } 262 263 if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING 264 || prsactx->pad_mode == RSA_PKCS1_WITH_TLS_PADDING) { 265 unsigned char *tbuf; 266 267 if ((tbuf = OPENSSL_malloc(len)) == NULL) 268 return 0; 269 ret = RSA_private_decrypt(inlen, in, tbuf, prsactx->rsa, 270 RSA_NO_PADDING); 271 /* 272 * With no padding then, on success ret should be len, otherwise an 273 * error occurred (non-constant time) 274 */ 275 if (ret != (int)len) { 276 OPENSSL_free(tbuf); 277 ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_DECRYPT); 278 return 0; 279 } 280 if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) { 281 if (prsactx->oaep_md == NULL) { 282 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, "SHA-1", NULL); 283 if (prsactx->oaep_md == NULL) { 284 OPENSSL_free(tbuf); 285 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 286 return 0; 287 } 288 } 289 ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, outsize, tbuf, 290 len, len, 291 prsactx->oaep_label, 292 prsactx->oaep_labellen, 293 prsactx->oaep_md, 294 prsactx->mgf1_md); 295 } else { 296 /* RSA_PKCS1_WITH_TLS_PADDING */ 297 if (prsactx->client_version <= 0) { 298 ERR_raise(ERR_LIB_PROV, PROV_R_BAD_TLS_CLIENT_VERSION); 299 OPENSSL_free(tbuf); 300 return 0; 301 } 302 ret = ossl_rsa_padding_check_PKCS1_type_2_TLS( 303 prsactx->libctx, out, outsize, tbuf, len, 304 prsactx->client_version, prsactx->alt_version); 305 } 306 OPENSSL_free(tbuf); 307 } else { 308 if ((prsactx->implicit_rejection == 0) && 309 (prsactx->pad_mode == RSA_PKCS1_PADDING)) 310 pad_mode = RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING; 311 else 312 pad_mode = prsactx->pad_mode; 313 ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, pad_mode); 314 } 315 *outlen = constant_time_select_s(constant_time_msb_s(ret), *outlen, ret); 316 ret = constant_time_select_int(constant_time_msb(ret), 0, 1); 317 return ret; 318 } 319 320 static void rsa_freectx(void *vprsactx) 321 { 322 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 323 324 RSA_free(prsactx->rsa); 325 326 EVP_MD_free(prsactx->oaep_md); 327 EVP_MD_free(prsactx->mgf1_md); 328 OPENSSL_free(prsactx->oaep_label); 329 330 OPENSSL_free(prsactx); 331 } 332 333 static void *rsa_dupctx(void *vprsactx) 334 { 335 PROV_RSA_CTX *srcctx = (PROV_RSA_CTX *)vprsactx; 336 PROV_RSA_CTX *dstctx; 337 338 if (!ossl_prov_is_running()) 339 return NULL; 340 341 dstctx = OPENSSL_zalloc(sizeof(*srcctx)); 342 if (dstctx == NULL) 343 return NULL; 344 345 *dstctx = *srcctx; 346 if (dstctx->rsa != NULL && !RSA_up_ref(dstctx->rsa)) { 347 OPENSSL_free(dstctx); 348 return NULL; 349 } 350 351 if (dstctx->oaep_md != NULL && !EVP_MD_up_ref(dstctx->oaep_md)) { 352 RSA_free(dstctx->rsa); 353 OPENSSL_free(dstctx); 354 return NULL; 355 } 356 357 if (dstctx->mgf1_md != NULL && !EVP_MD_up_ref(dstctx->mgf1_md)) { 358 RSA_free(dstctx->rsa); 359 EVP_MD_free(dstctx->oaep_md); 360 OPENSSL_free(dstctx); 361 return NULL; 362 } 363 364 return dstctx; 365 } 366 367 static int rsa_get_ctx_params(void *vprsactx, OSSL_PARAM *params) 368 { 369 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 370 OSSL_PARAM *p; 371 372 if (prsactx == NULL) 373 return 0; 374 375 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE); 376 if (p != NULL) 377 switch (p->data_type) { 378 case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ 379 if (!OSSL_PARAM_set_int(p, prsactx->pad_mode)) 380 return 0; 381 break; 382 case OSSL_PARAM_UTF8_STRING: 383 { 384 int i; 385 const char *word = NULL; 386 387 for (i = 0; padding_item[i].id != 0; i++) { 388 if (prsactx->pad_mode == (int)padding_item[i].id) { 389 word = padding_item[i].ptr; 390 break; 391 } 392 } 393 394 if (word != NULL) { 395 if (!OSSL_PARAM_set_utf8_string(p, word)) 396 return 0; 397 } else { 398 ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); 399 } 400 } 401 break; 402 default: 403 return 0; 404 } 405 406 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); 407 if (p != NULL && !OSSL_PARAM_set_utf8_string(p, prsactx->oaep_md == NULL 408 ? "" 409 : EVP_MD_get0_name(prsactx->oaep_md))) 410 return 0; 411 412 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); 413 if (p != NULL) { 414 EVP_MD *mgf1_md = prsactx->mgf1_md == NULL ? prsactx->oaep_md 415 : prsactx->mgf1_md; 416 417 if (!OSSL_PARAM_set_utf8_string(p, mgf1_md == NULL 418 ? "" 419 : EVP_MD_get0_name(mgf1_md))) 420 return 0; 421 } 422 423 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL); 424 if (p != NULL && 425 !OSSL_PARAM_set_octet_ptr(p, prsactx->oaep_label, 426 prsactx->oaep_labellen)) 427 return 0; 428 429 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); 430 if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->client_version)) 431 return 0; 432 433 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION); 434 if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->alt_version)) 435 return 0; 436 437 p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); 438 if (p != NULL && !OSSL_PARAM_set_uint(p, prsactx->implicit_rejection)) 439 return 0; 440 if (!OSSL_FIPS_IND_GET_CTX_PARAM(prsactx, params)) 441 return 0; 442 return 1; 443 } 444 445 static const OSSL_PARAM known_gettable_ctx_params[] = { 446 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), 447 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), 448 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), 449 OSSL_PARAM_DEFN(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, 450 NULL, 0), 451 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), 452 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), 453 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), 454 OSSL_FIPS_IND_GETTABLE_CTX_PARAM() 455 OSSL_PARAM_END 456 }; 457 458 static const OSSL_PARAM *rsa_gettable_ctx_params(ossl_unused void *vprsactx, 459 ossl_unused void *provctx) 460 { 461 return known_gettable_ctx_params; 462 } 463 464 static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[]) 465 { 466 PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx; 467 const OSSL_PARAM *p; 468 char mdname[OSSL_MAX_NAME_SIZE]; 469 char mdprops[OSSL_MAX_PROPQUERY_SIZE] = { '\0' }; 470 char *str = NULL; 471 472 if (prsactx == NULL) 473 return 0; 474 if (ossl_param_is_empty(params)) 475 return 1; 476 477 if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE0, params, 478 OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK)) 479 return 0; 480 if (!OSSL_FIPS_IND_SET_CTX_PARAM(prsactx, OSSL_FIPS_IND_SETTABLE1, params, 481 OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED)) 482 return 0; 483 484 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST); 485 if (p != NULL) { 486 str = mdname; 487 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) 488 return 0; 489 490 p = OSSL_PARAM_locate_const(params, 491 OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS); 492 if (p != NULL) { 493 str = mdprops; 494 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) 495 return 0; 496 } 497 498 EVP_MD_free(prsactx->oaep_md); 499 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, mdname, mdprops); 500 501 if (prsactx->oaep_md == NULL) 502 return 0; 503 } 504 505 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE); 506 if (p != NULL) { 507 int pad_mode = 0; 508 509 switch (p->data_type) { 510 case OSSL_PARAM_INTEGER: /* Support for legacy pad mode number */ 511 if (!OSSL_PARAM_get_int(p, &pad_mode)) 512 return 0; 513 break; 514 case OSSL_PARAM_UTF8_STRING: 515 { 516 int i; 517 518 if (p->data == NULL) 519 return 0; 520 521 for (i = 0; padding_item[i].id != 0; i++) { 522 if (strcmp(p->data, padding_item[i].ptr) == 0) { 523 pad_mode = padding_item[i].id; 524 break; 525 } 526 } 527 } 528 break; 529 default: 530 return 0; 531 } 532 533 /* 534 * PSS padding is for signatures only so is not compatible with 535 * asymmetric cipher use. 536 */ 537 if (pad_mode == RSA_PKCS1_PSS_PADDING) 538 return 0; 539 if (pad_mode == RSA_PKCS1_OAEP_PADDING && prsactx->oaep_md == NULL) { 540 prsactx->oaep_md = EVP_MD_fetch(prsactx->libctx, "SHA1", mdprops); 541 if (prsactx->oaep_md == NULL) 542 return 0; 543 } 544 prsactx->pad_mode = pad_mode; 545 } 546 547 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST); 548 if (p != NULL) { 549 str = mdname; 550 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdname))) 551 return 0; 552 553 p = OSSL_PARAM_locate_const(params, 554 OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS); 555 if (p != NULL) { 556 str = mdprops; 557 if (!OSSL_PARAM_get_utf8_string(p, &str, sizeof(mdprops))) 558 return 0; 559 } else { 560 str = NULL; 561 } 562 563 EVP_MD_free(prsactx->mgf1_md); 564 prsactx->mgf1_md = EVP_MD_fetch(prsactx->libctx, mdname, str); 565 566 if (prsactx->mgf1_md == NULL) 567 return 0; 568 } 569 570 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL); 571 if (p != NULL) { 572 void *tmp_label = NULL; 573 size_t tmp_labellen; 574 575 if (!OSSL_PARAM_get_octet_string(p, &tmp_label, 0, &tmp_labellen)) 576 return 0; 577 OPENSSL_free(prsactx->oaep_label); 578 prsactx->oaep_label = (unsigned char *)tmp_label; 579 prsactx->oaep_labellen = tmp_labellen; 580 } 581 582 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION); 583 if (p != NULL) { 584 unsigned int client_version; 585 586 if (!OSSL_PARAM_get_uint(p, &client_version)) 587 return 0; 588 prsactx->client_version = client_version; 589 } 590 591 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION); 592 if (p != NULL) { 593 unsigned int alt_version; 594 595 if (!OSSL_PARAM_get_uint(p, &alt_version)) 596 return 0; 597 prsactx->alt_version = alt_version; 598 } 599 p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION); 600 if (p != NULL) { 601 unsigned int implicit_rejection; 602 603 if (!OSSL_PARAM_get_uint(p, &implicit_rejection)) 604 return 0; 605 prsactx->implicit_rejection = implicit_rejection; 606 } 607 return 1; 608 } 609 610 static const OSSL_PARAM known_settable_ctx_params[] = { 611 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, NULL, 0), 612 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, NULL, 0), 613 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_PAD_MODE, NULL, 0), 614 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, NULL, 0), 615 OSSL_PARAM_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS, NULL, 0), 616 OSSL_PARAM_octet_string(OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, NULL, 0), 617 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION, NULL), 618 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION, NULL), 619 OSSL_PARAM_uint(OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, NULL), 620 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_FIPS_KEY_CHECK) 621 OSSL_FIPS_IND_SETTABLE_CTX_PARAM(OSSL_ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED) 622 OSSL_PARAM_END 623 }; 624 625 static const OSSL_PARAM *rsa_settable_ctx_params(ossl_unused void *vprsactx, 626 ossl_unused void *provctx) 627 { 628 return known_settable_ctx_params; 629 } 630 631 const OSSL_DISPATCH ossl_rsa_asym_cipher_functions[] = { 632 { OSSL_FUNC_ASYM_CIPHER_NEWCTX, (void (*)(void))rsa_newctx }, 633 { OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT, (void (*)(void))rsa_encrypt_init }, 634 { OSSL_FUNC_ASYM_CIPHER_ENCRYPT, (void (*)(void))rsa_encrypt }, 635 { OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT, (void (*)(void))rsa_decrypt_init }, 636 { OSSL_FUNC_ASYM_CIPHER_DECRYPT, (void (*)(void))rsa_decrypt }, 637 { OSSL_FUNC_ASYM_CIPHER_FREECTX, (void (*)(void))rsa_freectx }, 638 { OSSL_FUNC_ASYM_CIPHER_DUPCTX, (void (*)(void))rsa_dupctx }, 639 { OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS, 640 (void (*)(void))rsa_get_ctx_params }, 641 { OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS, 642 (void (*)(void))rsa_gettable_ctx_params }, 643 { OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS, 644 (void (*)(void))rsa_set_ctx_params }, 645 { OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS, 646 (void (*)(void))rsa_settable_ctx_params }, 647 OSSL_DISPATCH_END 648 }; 649