Change rsa gen so it can use the propq from OSSL_PKEY_PARAM_RSA_DIGEST

rsa_pss_params_30_fromdata() now uses the OSSL_PKEY_PARAM_RSA_DIGEST_PROPS parameter also.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12944)

crypto/rsa/rsa_ameth.c

@@ -1239,7 +1239,7 @@ static int rsa_int_export_to(const EVP_PKEY *from, int rsa_type,
             || !rsa_pss_params_30_set_hashalg(&pss_params, md_nid)
             || !rsa_pss_params_30_set_maskgenhashalg(&pss_params, mgf1md_nid)
             || !rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
-            || !rsa_pss_params_30_todata(&pss_params, propq, tmpl, NULL))
+            || !rsa_pss_params_30_todata(&pss_params, tmpl, NULL))
             goto err;
         selection |= OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS;
     }

crypto/rsa/rsa_backend.c

@@ -163,7 +163,7 @@ int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
     return ret;
 }
 
-int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, const char *propq,
+int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
                              OSSL_PARAM_BLD *bld, OSSL_PARAM params[])
 {
     if (!rsa_pss_params_30_is_unrestricted(pss)) {
@@ -211,13 +211,16 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
                                const OSSL_PARAM params[], OPENSSL_CTX *libctx)
 {
     const OSSL_PARAM *param_md, *param_mgf, *param_mgf1md,  *param_saltlen;
+    const OSSL_PARAM *param_propq;
+    const char *propq = NULL;
     EVP_MD *md = NULL, *mgf1md = NULL;
     int saltlen;
     int ret = 0;
 
     if (pss_params == NULL)
         return 0;
-
+    param_propq =
+        OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST_PROPS);
     param_md =
         OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_DIGEST);
     param_mgf =
@@ -227,6 +230,10 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
     param_saltlen =
         OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_PSS_SALTLEN);
 
+    if (param_propq != NULL) {
+        if (param_propq->data_type == OSSL_PARAM_UTF8_STRING)
+            propq = param_propq->data;
+    }
     /*
      * If we get any of the parameters, we know we have at least some
      * restrictions, so we start by setting default values, and let each
@@ -265,7 +272,7 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
         else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mdname))
             goto err;
 
-        if ((md = EVP_MD_fetch(libctx, mdname, NULL)) == NULL
+        if ((md = EVP_MD_fetch(libctx, mdname, propq)) == NULL
             || !rsa_pss_params_30_set_hashalg(pss_params,
                                               rsa_oaeppss_md2nid(md)))
             goto err;
@@ -279,7 +286,7 @@ int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
         else if (!OSSL_PARAM_get_utf8_ptr(param_mgf, &mgf1mdname))
             goto err;
 
-        if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, NULL)) == NULL
+        if ((mgf1md = EVP_MD_fetch(libctx, mgf1mdname, propq)) == NULL
             || !rsa_pss_params_30_set_maskgenhashalg(pss_params,
                                                      rsa_oaeppss_md2nid(mgf1md)))
             goto err;

include/crypto/rsa.h

@@ -60,7 +60,7 @@ int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes,
 
 int rsa_todata(RSA *rsa, OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
 int rsa_fromdata(RSA *rsa, const OSSL_PARAM params[]);
-int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss, const char *propq,
+int rsa_pss_params_30_todata(const RSA_PSS_PARAMS_30 *pss,
                              OSSL_PARAM_BLD *bld, OSSL_PARAM params[]);
 int rsa_pss_params_30_fromdata(RSA_PSS_PARAMS_30 *pss_params,
                                const OSSL_PARAM params[], OPENSSL_CTX *libctx);

include/openssl/core_names.h

@@ -379,6 +379,7 @@ extern "C" {
 #define OSSL_PKEY_PARAM_RSA_BITS            OSSL_PKEY_PARAM_BITS
 #define OSSL_PKEY_PARAM_RSA_PRIMES          "primes"
 #define OSSL_PKEY_PARAM_RSA_DIGEST          OSSL_PKEY_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS    OSSL_PKEY_PARAM_PROPERTIES
 #define OSSL_PKEY_PARAM_RSA_MASKGENFUNC     OSSL_PKEY_PARAM_MASKGENFUNC
 #define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST     OSSL_PKEY_PARAM_MGF1_DIGEST
 #define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN     "saltlen"

providers/implementations/keymgmt/rsa_kmgmt.c

@@ -193,7 +193,7 @@ static int rsa_export(void *keydata, int selection,
 
     if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
         ok = ok && (rsa_pss_params_30_is_unrestricted(pss_params)
-                    || rsa_pss_params_30_todata(pss_params, NULL, tmpl, NULL));
+                    || rsa_pss_params_30_todata(pss_params, tmpl, NULL));
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
         ok = ok && rsa_todata(rsa, tmpl, NULL);
 
@@ -339,7 +339,7 @@ static int rsa_get_params(void *key, OSSL_PARAM params[])
         }
     }
     return (rsa_type != RSA_FLAG_TYPE_RSASSAPSS
-            || rsa_pss_params_30_todata(pss_params, NULL, NULL, params))
+            || rsa_pss_params_30_todata(pss_params, NULL, params))
         && rsa_todata(rsa, NULL, params);
 }
 
@@ -383,6 +383,7 @@ static int rsa_validate(void *keydata, int selection)
 
 struct rsa_gen_ctx {
     OPENSSL_CTX *libctx;
+    const char *propq;
 
     int rsa_type;
 
@@ -493,6 +494,7 @@ static int rsa_gen_set_params(void *genctx, const OSSL_PARAM params[])
  */
 #define rsa_gen_pss                                                     \
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST, NULL, 0),        \
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_DIGEST_PROPS, NULL, 0),  \
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MASKGENFUNC, NULL, 0),   \
     OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_RSA_MGF1_DIGEST, NULL, 0),   \
     OSSL_PARAM_int(OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, NULL)