Add OID for mdc2WithRSASignature and remove related TODO 3.0

Fixes #14366

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14874)

providers/common/der/RSA.asn1

@@ -69,10 +69,14 @@ id-rsassa-pkcs1-v1_5-with-sha3-512 OBJECT IDENTIFIER ::= { sigAlgs 16 }
 
 -- -------------------------------------------------------------------
 -- These OID's exist in the codebase but may need to be deprecated at some point.
--- mdc2 and md5_sha1 have been omitted as they do not look like valid entries.
+-- md5_sha1 has been omitted as it does not look like valid entry.
 
 md4WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 3 }
 
 ripemd160WithRSAEncryption    OBJECT IDENTIFIER ::= {
     iso(1) identified-organization(3) teletrust(36) algorithm(3) signatureAlgorithm(3) rsaSignature(1) 2
 }
+
+mdc2WithRSASignature OBJECT IDENTIFIER ::= {
+    iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) mdc2WithRSASignature(14)
+}

providers/common/der/der_rsa_sig.c

@@ -21,6 +21,8 @@
     ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384
 #define ossl_der_oid_sha3_512WithRSAEncryption \
     ossl_der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
+#define ossl_der_oid_mdc2WithRSAEncryption \
+    ossl_der_oid_mdc2WithRSASignature
 
 #define MD_with_RSA_CASE(name, var)                                     \
     case NID_##name:                                                    \
@@ -40,7 +42,7 @@ int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
         MD_with_RSA_CASE(md5, precompiled);
         MD_with_RSA_CASE(md4, precompiled);
         MD_with_RSA_CASE(ripemd160, precompiled);
-/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
+        MD_with_RSA_CASE(mdc2, precompiled);
 #endif
         MD_with_RSA_CASE(sha1, precompiled);
         MD_with_RSA_CASE(sha224, precompiled);
@@ -54,7 +56,12 @@ int ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
         MD_with_RSA_CASE(sha3_384, precompiled);
         MD_with_RSA_CASE(sha3_512, precompiled);
     default:
-        return 0;
+        /*
+         * Hash algorithms for which we do not have a valid OID
+         * such as md5sha1 will just fail to provide the der encoding.
+         * That does not prevent producing signatures if OID is not needed.
+         */
+        return -1;
     }
 
     return ossl_DER_w_begin_sequence(pkt, tag)

providers/implementations/signature/rsa.c

@@ -222,6 +222,7 @@ static unsigned char *rsa_generate_signature_aid(PROV_RSA_CTX *ctx,
     unsigned char *aid = NULL;
     int saltlen;
     RSA_PSS_PARAMS_30 pss_params;
+    int ret;
 
     if (!WPACKET_init_der(&pkt, aid_buf, buf_len)) {
         ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
@@ -229,33 +230,41 @@ static unsigned char *rsa_generate_signature_aid(PROV_RSA_CTX *ctx,
     }
 
     switch(ctx->pad_mode) {
-        case RSA_PKCS1_PADDING:
-            if (!ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1,
-                                                                    ctx->mdnid)) {
-                ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
-                goto cleanup;
-            }
+    case RSA_PKCS1_PADDING:
+        ret = ossl_DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1,
+                                                                 ctx->mdnid);
+
+        if (ret > 0) {
             break;
-        case RSA_PKCS1_PSS_PADDING:
-            saltlen = rsa_pss_compute_saltlen(ctx);
-            if (saltlen < 0)
-                goto cleanup;
-            if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
-                || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, ctx->mdnid)
-                || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
-                                                              ctx->mgf1_mdnid)
-                || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
-                || !ossl_DER_w_algorithmIdentifier_RSA_PSS(&pkt, -1,
-                                                           RSA_FLAG_TYPE_RSASSAPSS,
-                                                           &pss_params)) {
-                ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
-                goto cleanup;
-            }
-            break;
-        default:
-            ERR_raise_data(ERR_LIB_PROV, ERR_R_UNSUPPORTED,
-                           "Algorithm ID generation");
+        } else if (ret == 0) {
+            ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
             goto cleanup;
+        }
+        ERR_raise_data(ERR_LIB_PROV, ERR_R_UNSUPPORTED,
+                       "Algorithm ID generation - md NID: %d",
+                       ctx->mdnid);
+        goto cleanup;
+    case RSA_PKCS1_PSS_PADDING:
+        saltlen = rsa_pss_compute_saltlen(ctx);
+        if (saltlen < 0)
+            goto cleanup;
+        if (!ossl_rsa_pss_params_30_set_defaults(&pss_params)
+            || !ossl_rsa_pss_params_30_set_hashalg(&pss_params, ctx->mdnid)
+            || !ossl_rsa_pss_params_30_set_maskgenhashalg(&pss_params,
+                                                          ctx->mgf1_mdnid)
+            || !ossl_rsa_pss_params_30_set_saltlen(&pss_params, saltlen)
+            || !ossl_DER_w_algorithmIdentifier_RSA_PSS(&pkt, -1,
+                                                       RSA_FLAG_TYPE_RSASSAPSS,
+                                                       &pss_params)) {
+            ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
+            goto cleanup;
+        }
+        break;
+    default:
+        ERR_raise_data(ERR_LIB_PROV, ERR_R_UNSUPPORTED,
+                       "Algorithm ID generation - pad mode: %d",
+                       ctx->pad_mode);
+        goto cleanup;
     }
     if (WPACKET_finish(&pkt)) {
         WPACKET_get_total_written(&pkt, aid_len);