Don't pass a digest-size to signature implementations

It turns out this was never necessary, as the implementation should always check the default digest size anyway. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10947)
2025-01-18 13:44:20 +08:00 · 2020-02-02 12:55:05 +01:00 · 2020-02-02 12:55:05 +01:00 · 00bc1ad99a
commit 00bc1ad99a
parent 972fa31895
5 changed files with 13 additions and 32 deletions
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -679,8 +679,7 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)

 int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
 {
-    OSSL_PARAM sig_md_params[3], *p = sig_md_params;
-    size_t mdsize;
+    OSSL_PARAM sig_md_params[2], *p = sig_md_params;
    const char *name;

    if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
@ -696,9 +695,7 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)

    if (md == NULL) {
        name = "";
-        mdsize = 0;
    } else {
-        mdsize = EVP_MD_size(md);
        name = EVP_MD_name(md);
    }

@ -709,8 +706,6 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
                                             */
                                            (char *)name,
                                            strlen(name) + 1);
-    *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
-                                       &mdsize);
    *p++ = OSSL_PARAM_construct_end();

    return EVP_PKEY_CTX_set_params(ctx, sig_md_params);
--- a/include/openssl/core_names.h
+++ b/include/openssl/core_names.h
@ -168,7 +168,6 @@ extern "C" {
 #define OSSL_PKEY_PARAM_MAX_SIZE            "max-size" /* integer */
 #define OSSL_PKEY_PARAM_SECURITY_BITS       "security-bits" /* integer */
 #define OSSL_PKEY_PARAM_DIGEST              OSSL_ALG_PARAM_DIGEST
-#define OSSL_PKEY_PARAM_DIGEST_SIZE         "digest-size"
 #define OSSL_PKEY_PARAM_DEFAULT_DIGEST      "default-digest" /* utf8 string */
 #define OSSL_PKEY_PARAM_MANDATORY_DIGEST    "mandatory-digest" /* utf8 string */

@ -213,7 +212,6 @@ extern "C" {
 /* Signature parameters */
 #define OSSL_SIGNATURE_PARAM_ALGORITHM_ID       "algorithm-id"
 #define OSSL_SIGNATURE_PARAM_DIGEST             OSSL_PKEY_PARAM_DIGEST
-#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE        OSSL_PKEY_PARAM_DIGEST_SIZE

 /* Asym cipher parameters */
 #define OSSL_ASYM_CIPHER_PARAM_PAD_MODE                 "pad-mode"
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@ -276,9 +276,7 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
    /* set signature parameters */
    ossl_param_bld_init(&bld);
    if (!ossl_param_bld_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
-                                         SN_sha256,strlen(SN_sha256) + 1)
-        || !ossl_param_bld_push_size_t(&bld, OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
-                                       SHA256_DIGEST_LENGTH))
+                                         SN_sha256,strlen(SN_sha256) + 1))
        goto err;
    params_sig = ossl_param_bld_to_param(&bld);
    if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
--- a/providers/implementations/signature/dsa.c
+++ b/providers/implementations/signature/dsa.c
@ -206,7 +206,6 @@ static int dsa_digest_signverify_init(void *vpdsactx, const char *mdname,
    EVP_MD_CTX_free(pdsactx->mdctx);
    EVP_MD_free(pdsactx->md);
    pdsactx->mdctx = NULL;
-    pdsactx->mdsize = 0;
    pdsactx->md = NULL;
    return 0;
 }
@ -330,10 +329,6 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params)
        && !OSSL_PARAM_set_octet_string(p, pdsactx->aid, pdsactx->aid_len))
        return 0;

-    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
-    if (p != NULL && !OSSL_PARAM_set_size_t(p, pdsactx->mdsize))
-        return 0;
-
    p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST);
    if (p != NULL && !OSSL_PARAM_set_utf8_string(p, pdsactx->md == NULL
                                                    ? pdsactx->mdname
@ -345,7 +340,6 @@ static int dsa_get_ctx_params(void *vpdsactx, OSSL_PARAM *params)

 static const OSSL_PARAM known_gettable_ctx_params[] = {
    OSSL_PARAM_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, NULL, 0),
-    OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
    OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
    OSSL_PARAM_END
 };
@ -372,10 +366,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
        return 1;
    }

-    p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST_SIZE);
-    if (p != NULL && !OSSL_PARAM_get_size_t(p, &pdsactx->mdsize))
-        return 0;
-
    /*
     * We never actually use the mdname, but we do support getting it later.
     * This can be useful for applications that want to know the MD that they
@ -391,7 +381,6 @@ static int dsa_set_ctx_params(void *vpdsactx, const OSSL_PARAM params[])
 }

 static const OSSL_PARAM known_settable_ctx_params[] = {
-    OSSL_PARAM_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, NULL),
    OSSL_PARAM_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, NULL, 0),
    OSSL_PARAM_END
 };
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@ -25,6 +25,7 @@
 #include <openssl/dh.h>
 #include "testutil.h"
 #include "internal/nelem.h"
+#include "internal/sizes.h"
 #include "crypto/evp.h"

 /*
@ -1239,13 +1240,13 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
    EVP_PKEY_CTX *ctx = NULL;
    EVP_SIGNATURE *dsaimpl = NULL;
    const OSSL_PARAM *params;
-    OSSL_PARAM ourparams[2], *param = ourparams;
+    OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
    DSA *dsa = NULL;
    BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
    EVP_PKEY *pkey = NULL;
    int ret = 0;
    const EVP_MD *md;
-    size_t mdsize = SHA512_DIGEST_LENGTH;
+    char mdname[OSSL_MAX_NAME_SIZE];
    char ssl3ms[48];

    /*
@ -1288,8 +1289,6 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
     */
    params = EVP_PKEY_CTX_settable_params(ctx);
    if (!TEST_ptr(params)
-        || !TEST_ptr(OSSL_PARAM_locate_const(params,
-                                             OSSL_SIGNATURE_PARAM_DIGEST_SIZE))
        || !TEST_ptr(OSSL_PARAM_locate_const(params,
                                             OSSL_SIGNATURE_PARAM_DIGEST)))
        goto err;
@ -1298,8 +1297,6 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
    if (!TEST_ptr(params)
        || !TEST_ptr(OSSL_PARAM_locate_const(params,
                                             OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
-        || !TEST_ptr(OSSL_PARAM_locate_const(params,
-                                             OSSL_SIGNATURE_PARAM_DIGEST_SIZE))
        || !TEST_ptr(OSSL_PARAM_locate_const(params,
                                             OSSL_SIGNATURE_PARAM_DIGEST)))
        goto err;
@ -1308,16 +1305,20 @@ static int test_EVP_PKEY_CTX_get_set_params(void)
     * Test getting and setting params via EVP_PKEY_CTX_set_params() and
     * EVP_PKEY_CTX_get_params()
     */
-    *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
-                                           &mdsize);
+    strcpy(mdname, "SHA512");
+    param_md = param;
+    *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+                                                mdname, 0);
    *param++ = OSSL_PARAM_construct_end();

    if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
        goto err;

-    mdsize = 0;
+    mdname[0] = '\0';
+    *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+                                                 mdname, sizeof(mdname));
    if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
-            || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH))
+            || !TEST_str_eq(mdname, "SHA512"))
        goto err;

    /*