[openssl] master update

Richard Levitte levitte at openssl.org
Wed May 20 19:08:26 UTC 2020


The branch master has been updated
       via  a30027b680c4ccf69f0600b3a5406821b2d7fe0b (commit)
      from  c2f2db9b6fb75ca2d672bb50f4f1f5a23991a6c3 (commit)


- Log -----------------------------------------------------------------
commit a30027b680c4ccf69f0600b3a5406821b2d7fe0b
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue May 19 10:43:49 2020 +0200

    Refactor the provider side DER constants and writers
    
    This splits up all the providers/common/der/*.c.in so the generated
    portion is on its own and all related DER writing routines are in
    their own files.  This also ensures that the DIGEST consstants aren't
    reproduced in several files (resulting in symbol clashes).
    
    Finally, the production of OID macros is moved to the generated header
    files, allowing other similar macros, or DER constant arrays, to be
    built on top of them.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11868)

-----------------------------------------------------------------------

Summary of changes:
 providers/common/der/DIGESTS.asn1                  | 19 ++++++-
 providers/common/der/RSA.asn1                      | 19 -------
 providers/common/der/build.info                    | 30 +++++-----
 .../der/{der_digests.c.in => der_digests_gen.c.in} |  0
 providers/common/der/der_dsa.h.in                  |  6 +-
 .../der/{der_digests.c.in => der_dsa_gen.c.in}     |  5 +-
 providers/common/der/der_dsa_key.c                 | 20 +++++++
 .../common/der/{der_dsa.c.in => der_dsa_sig.c}     | 21 +------
 providers/common/der/der_ec.h.in                   |  6 +-
 .../der/{der_digests.c.in => der_ec_gen.c.in}      |  5 +-
 providers/common/der/der_ec_key.c                  | 21 +++++++
 providers/common/der/{der_ec.c.in => der_ec_sig.c} | 22 +-------
 providers/common/der/der_rsa.h.in                  |  8 ++-
 .../der/{der_digests.c.in => der_rsa_gen.c.in}     |  4 +-
 .../common/der/{der_rsa.c.in => der_rsa_key.c}     | 61 ---------------------
 providers/common/der/der_rsa_sig.c                 | 64 ++++++++++++++++++++++
 providers/common/der/oids_to_c.pm                  | 12 ++--
 providers/implementations/signature/dsa.c          |  3 +-
 providers/implementations/signature/ecdsa.c        |  2 +-
 providers/implementations/signature/rsa.c          |  3 +-
 20 files changed, 178 insertions(+), 153 deletions(-)
 copy providers/common/der/{der_digests.c.in => der_digests_gen.c.in} (100%)
 copy providers/common/der/{der_digests.c.in => der_dsa_gen.c.in} (74%)
 create mode 100644 providers/common/der/der_dsa_key.c
 rename providers/common/der/{der_dsa.c.in => der_dsa_sig.c} (65%)
 copy providers/common/der/{der_digests.c.in => der_ec_gen.c.in} (74%)
 create mode 100644 providers/common/der/der_ec_key.c
 rename providers/common/der/{der_ec.c.in => der_ec_sig.c} (69%)
 rename providers/common/der/{der_digests.c.in => der_rsa_gen.c.in} (84%)
 rename providers/common/der/{der_rsa.c.in => der_rsa_key.c} (86%)
 create mode 100644 providers/common/der/der_rsa_sig.c

diff --git a/providers/common/der/DIGESTS.asn1 b/providers/common/der/DIGESTS.asn1
index afed372186..bd955df8f2 100644
--- a/providers/common/der/DIGESTS.asn1
+++ b/providers/common/der/DIGESTS.asn1
@@ -1,5 +1,22 @@
 -- -------------------------------------------------------------------
--- Taken from https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
+-- From https://tools.ietf.org/html/rfc4055#section-2.1
+
+id-sha1  OBJECT IDENTIFIER  ::=  { iso(1)
+                     identified-organization(3) oiw(14)
+                     secsig(3) algorithms(2) 26 }
+
+-- -------------------------------------------------------------------
+-- From https://tools.ietf.org/html/rfc5480#appendix-A
+-- (OIDs for MD2 and MD5 are allowed only in EMSA-PKCS1-v1_5)
+
+id-md2  OBJECT IDENTIFIER ::= {
+  iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 }
+
+id-md5  OBJECT IDENTIFIER ::= {
+  iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 }
+
+-- -------------------------------------------------------------------
+-- From https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration
 
 id-sha256 OBJECT IDENTIFIER ::= { hashAlgs 1 }
 id-sha384 OBJECT IDENTIFIER ::= { hashAlgs 2 }
diff --git a/providers/common/der/RSA.asn1 b/providers/common/der/RSA.asn1
index d0c54d71ef..6ba99daa7c 100644
--- a/providers/common/der/RSA.asn1
+++ b/providers/common/der/RSA.asn1
@@ -52,25 +52,6 @@ sha512WithRSAEncryption      OBJECT IDENTIFIER ::= { pkcs-1 13 }
 sha512-224WithRSAEncryption  OBJECT IDENTIFIER ::= { pkcs-1 15 }
 sha512-256WithRSAEncryption  OBJECT IDENTIFIER ::= { pkcs-1 16 }
 
---
--- This OID really belongs in a module with the secsig OIDs.
---
-id-sha1    OBJECT IDENTIFIER ::= {
-    iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2)
-    26
-}
-
---
--- OIDs for MD2 and MD5, allowed only in EMSA-PKCS1-v1_5.
---
-id-md2 OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2
-}
-
-id-md5 OBJECT IDENTIFIER ::= {
-    iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5
-}
-
 --
 -- When id-mgf1 is used in an AlgorithmIdentifier, the parameters
 -- MUST be present and MUST be a HashAlgorithm, for example, sha1.
diff --git a/providers/common/der/build.info b/providers/common/der/build.info
index 837fe73fed..43fe9038fe 100644
--- a/providers/common/der/build.info
+++ b/providers/common/der/build.info
@@ -1,32 +1,36 @@
-$FIPSABLE=der_rsa.c der_dsa.c der_ec.c der_digests.c
+$FIPSABLE=\
+        der_rsa_gen.c der_rsa_key.c der_rsa_sig.c \
+        der_dsa_gen.c der_dsa_key.c der_dsa_sig.c \
+        der_ec_gen.c der_ec_key.c der_ec_sig.c \
+        der_digests_gen.c
 
 SOURCE[../../libfips.a]=$FIPSABLE
 SOURCE[../../libnonfips.a]=$FIPSABLE
 
-GENERATE[der_rsa.c]=der_rsa.c.in
-DEPEND[der_rsa.c]=oids_to_c.pm
+GENERATE[der_rsa_gen.c]=der_rsa_gen.c.in
+DEPEND[der_rsa_gen.c]=oids_to_c.pm
 
-DEPEND[der_rsa.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h
+DEPEND[der_rsa_gen.o]=../include/prov/der_rsa.h ../include/prov/der_digests.h
 GENERATE[../include/prov/der_rsa.h]=der_rsa.h.in
 DEPEND[../include/prov/der_rsa.h]=oids_to_c.pm
 
-GENERATE[der_dsa.c]=der_dsa.c.in
-DEPEND[der_dsa.c]=oids_to_c.pm
+GENERATE[der_dsa_gen.c]=der_dsa_gen.c.in
+DEPEND[der_dsa_gen.c]=oids_to_c.pm
 
-DEPEND[der_dsa.o]=../include/prov/der_dsa.h
+DEPEND[der_dsa_gen.o]=../include/prov/der_dsa.h
 GENERATE[../include/prov/der_dsa.h]=der_dsa.h.in
 DEPEND[../include/prov/der_dsa.h]=oids_to_c.pm
 
-GENERATE[der_ec.c]=der_ec.c.in
-DEPEND[der_ec.c]=oids_to_c.pm
+GENERATE[der_ec_gen.c]=der_ec_gen.c.in
+DEPEND[der_ec_gen.c]=oids_to_c.pm
 
-DEPEND[der_ec.o]=../include/prov/der_ec.h
+DEPEND[der_ec_gen.o]=../include/prov/der_ec.h
 GENERATE[../include/prov/der_ec.h]=der_ec.h.in
 DEPEND[../include/prov/der_ec.h]=oids_to_c.pm
 
-GENERATE[der_digests.c]=der_digests.c.in
-DEPEND[der_digests.c]=oids_to_c.pm
+GENERATE[der_digests_gen.c]=der_digests_gen.c.in
+DEPEND[der_digests_gen.c]=oids_to_c.pm
 
-DEPEND[der_digests.o]=../include/prov/der_digests.h
+DEPEND[der_digests_gen.o]=../include/prov/der_digests.h
 GENERATE[../include/prov/der_digests.h]=der_digests.h.in
 DEPEND[../include/prov/der_digests.h]=oids_to_c.pm
diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_digests_gen.c.in
similarity index 100%
copy from providers/common/der/der_digests.c.in
copy to providers/common/der/der_digests_gen.c.in
diff --git a/providers/common/der/der_dsa.h.in b/providers/common/der/der_dsa.h.in
index d9e7bf205a..e9a8718fc6 100644
--- a/providers/common/der/der_dsa.h.in
+++ b/providers/common/der/der_dsa.h.in
@@ -16,6 +16,8 @@
                                        filter => \&oids_to_c::filter_to_H });
 -}
 
+/* Subject Public Key Info */
 int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa);
-int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag,
-                                       DSA *dsa, int mdnid);
+/* Signature */
+int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag,
+                                        DSA *dsa, int mdnid);
diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_dsa_gen.c.in
similarity index 74%
copy from providers/common/der/der_digests.c.in
copy to providers/common/der/der_dsa_gen.c.in
index 433c107420..95f1f5cdd1 100644
--- a/providers/common/der/der_digests.c.in
+++ b/providers/common/der/der_dsa_gen.c.in
@@ -7,12 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "prov/der_digests.h"
+#include "prov/der_dsa.h"
 
 /* Well known OIDs precompiled */
 {-
-    $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
-                                     'providers/common/der/DIGESTS.asn1',
+    $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1',
                                      { dir => $config{sourcedir},
                                        filter => \&oids_to_c::filter_to_C });
 -}
diff --git a/providers/common/der/der_dsa_key.c b/providers/common/der/der_dsa_key.c
new file mode 100644
index 0000000000..6118b275fb
--- /dev/null
+++ b/providers/common/der/der_dsa_key.c
@@ -0,0 +1,20 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_dsa.h"
+
+int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa)
+{
+    return DER_w_begin_sequence(pkt, tag)
+        /* No parameters (yet?) */
+        && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa))
+        && DER_w_end_sequence(pkt, tag);
+}
diff --git a/providers/common/der/der_dsa.c.in b/providers/common/der/der_dsa_sig.c
similarity index 65%
rename from providers/common/der/der_dsa.c.in
rename to providers/common/der/der_dsa_sig.c
index 28c0ba8c6c..c96a617dad 100644
--- a/providers/common/der/der_dsa.c.in
+++ b/providers/common/der/der_dsa_sig.c
@@ -7,33 +7,18 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/bn.h>
 #include <openssl/obj_mac.h>
+#include "internal/packet.h"
 #include "prov/der_dsa.h"
 
-/* Well known OIDs precompiled */
-{-
-    $OUT = oids_to_c::process_leaves('providers/common/der/DSA.asn1',
-                                     { dir => $config{sourcedir},
-                                       filter => \&oids_to_c::filter_to_C });
--}
-
-int DER_w_algorithmIdentifier_DSA(WPACKET *pkt, int tag, DSA *dsa)
-{
-    return DER_w_begin_sequence(pkt, tag)
-        /* No parameters (yet?) */
-        && DER_w_precompiled(pkt, -1, der_oid_id_dsa, sizeof(der_oid_id_dsa))
-        && DER_w_end_sequence(pkt, tag);
-}
-
 #define MD_CASE(name)                                                   \
     case NID_##name:                                                    \
         precompiled = der_oid_id_dsa_with_##name;                \
         precompiled_sz = sizeof(der_oid_id_dsa_with_##name);     \
         break;
 
-int DER_w_algorithmIdentifier_DSA_with(WPACKET *pkt, int tag,
-                                       DSA *dsa, int mdnid)
+int DER_w_algorithmIdentifier_DSA_with_MD(WPACKET *pkt, int tag,
+                                          DSA *dsa, int mdnid)
 {
     const unsigned char *precompiled = NULL;
     size_t precompiled_sz = 0;
diff --git a/providers/common/der/der_ec.h.in b/providers/common/der/der_ec.h.in
index 24f153cd8f..86a754e4ff 100644
--- a/providers/common/der/der_ec.h.in
+++ b/providers/common/der/der_ec.h.in
@@ -16,6 +16,8 @@
                                        filter => \&oids_to_c::filter_to_H });
 -}
 
+/* Subject Public Key Info */
 int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec);
-int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont,
-                                         EC_KEY *ec, int mdnid);
+/* Signature */
+int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont,
+                                            EC_KEY *ec, int mdnid);
diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_ec_gen.c.in
similarity index 74%
copy from providers/common/der/der_digests.c.in
copy to providers/common/der/der_ec_gen.c.in
index 433c107420..40acf9a31c 100644
--- a/providers/common/der/der_digests.c.in
+++ b/providers/common/der/der_ec_gen.c.in
@@ -7,12 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "prov/der_digests.h"
+#include "prov/der_ec.h"
 
 /* Well known OIDs precompiled */
 {-
-    $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
-                                     'providers/common/der/DIGESTS.asn1',
+    $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1',
                                      { dir => $config{sourcedir},
                                        filter => \&oids_to_c::filter_to_C });
 -}
diff --git a/providers/common/der/der_ec_key.c b/providers/common/der/der_ec_key.c
new file mode 100644
index 0000000000..058596a96e
--- /dev/null
+++ b/providers/common/der/der_ec_key.c
@@ -0,0 +1,21 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_ec.h"
+
+int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
+{
+    return DER_w_begin_sequence(pkt, cont)
+        /* No parameters (yet?) */
+        && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey,
+                             sizeof(der_oid_id_ecPublicKey))
+        && DER_w_end_sequence(pkt, cont);
+}
diff --git a/providers/common/der/der_ec.c.in b/providers/common/der/der_ec_sig.c
similarity index 69%
rename from providers/common/der/der_ec.c.in
rename to providers/common/der/der_ec_sig.c
index a617651e4e..687ec49c1f 100644
--- a/providers/common/der/der_ec.c.in
+++ b/providers/common/der/der_ec_sig.c
@@ -7,26 +7,10 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/bn.h>
 #include <openssl/obj_mac.h>
+#include "internal/packet.h"
 #include "prov/der_ec.h"
 
-/* Well known OIDs precompiled */
-{-
-    $OUT = oids_to_c::process_leaves('providers/common/der/EC.asn1',
-                                     { dir => $config{sourcedir},
-                                       filter => \&oids_to_c::filter_to_C });
--}
-
-int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
-{
-    return DER_w_begin_sequence(pkt, cont)
-        /* No parameters (yet?) */
-        && DER_w_precompiled(pkt, -1, der_oid_id_ecPublicKey,
-                             sizeof(der_oid_id_ecPublicKey))
-        && DER_w_end_sequence(pkt, cont);
-}
-
 /* Aliases so we can have a uniform MD_CASE */
 #define der_oid_id_ecdsa_with_sha1   der_oid_ecdsa_with_SHA1
 #define der_oid_id_ecdsa_with_sha224 der_oid_ecdsa_with_SHA224
@@ -40,8 +24,8 @@ int DER_w_algorithmIdentifier_EC(WPACKET *pkt, int cont, EC_KEY *ec)
         precompiled_sz = sizeof(der_oid_id_ecdsa_with_##name);          \
         break;
 
-int DER_w_algorithmIdentifier_ECDSA_with(WPACKET *pkt, int cont,
-                                         EC_KEY *ec, int mdnid)
+int DER_w_algorithmIdentifier_ECDSA_with_MD(WPACKET *pkt, int cont,
+                                            EC_KEY *ec, int mdnid)
 {
     const unsigned char *precompiled = NULL;
     size_t precompiled_sz = 0;
diff --git a/providers/common/der/der_rsa.h.in b/providers/common/der/der_rsa.h.in
index 53f6227825..c744fc25c5 100644
--- a/providers/common/der/der_rsa.h.in
+++ b/providers/common/der/der_rsa.h.in
@@ -13,14 +13,16 @@
 /* Well known OIDs precompiled */
 {-
     $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
-                                     'providers/common/der/DIGESTS.asn1',
                                      'providers/common/der/RSA.asn1',
                                      { dir => $config{sourcedir},
                                        filter => \&oids_to_c::filter_to_H });
 -}
 
+/* PSS parameters */
 int DER_w_RSASSA_PSS_params(WPACKET *pkt, int tag,
                             const RSA_PSS_PARAMS_30 *pss);
+/* Subject Public Key Info */
 int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa);
-int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
-                                       RSA *rsa, int mdnid);
+/* Signature */
+int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
+                                                  RSA *rsa, int mdnid);
diff --git a/providers/common/der/der_digests.c.in b/providers/common/der/der_rsa_gen.c.in
similarity index 84%
rename from providers/common/der/der_digests.c.in
rename to providers/common/der/der_rsa_gen.c.in
index 433c107420..0d1ca0b10b 100644
--- a/providers/common/der/der_digests.c.in
+++ b/providers/common/der/der_rsa_gen.c.in
@@ -7,12 +7,12 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include "prov/der_digests.h"
+#include "prov/der_rsa.h"
 
 /* Well known OIDs precompiled */
 {-
     $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
-                                     'providers/common/der/DIGESTS.asn1',
+                                     'providers/common/der/RSA.asn1',
                                      { dir => $config{sourcedir},
                                        filter => \&oids_to_c::filter_to_C });
 -}
diff --git a/providers/common/der/der_rsa.c.in b/providers/common/der/der_rsa_key.c
similarity index 86%
rename from providers/common/der/der_rsa.c.in
rename to providers/common/der/der_rsa_key.c
index 30e945cf58..bd2de4a6c3 100644
--- a/providers/common/der/der_rsa.c.in
+++ b/providers/common/der/der_rsa_key.c
@@ -7,21 +7,11 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/bn.h>
 #include <openssl/obj_mac.h>
 #include "internal/cryptlib.h"
 #include "prov/der_rsa.h"
 #include "prov/der_digests.h"
 
-/* Well known OIDs precompiled */
-{-
-    $OUT = oids_to_c::process_leaves('providers/common/der/NIST.asn1',
-                                     'providers/common/der/DIGESTS.asn1',
-                                     'providers/common/der/RSA.asn1',
-                                     { dir => $config{sourcedir},
-                                       filter => \&oids_to_c::filter_to_C });
--}
-
 /* More complex pre-compiled sequences.  TODO(3.0) refactor? */
 /*-
  * From https://tools.ietf.org/html/rfc8017#appendix-A.2.1
@@ -382,54 +372,3 @@ int DER_w_algorithmIdentifier_RSA(WPACKET *pkt, int tag, RSA *rsa)
         && DER_w_precompiled(pkt, -1, rsa_oid, rsa_oid_sz)
         && DER_w_end_sequence(pkt, tag);
 }
-
-/* Aliases so we can have a uniform MD_with_RSA_CASE */
-#define der_oid_sha3_224WithRSAEncryption \
-    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224
-#define der_oid_sha3_256WithRSAEncryption \
-    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256
-#define der_oid_sha3_384WithRSAEncryption \
-    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384
-#define der_oid_sha3_512WithRSAEncryption \
-    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
-
-#define MD_with_RSA_CASE(name, var)                                     \
-    case NID_##name:                                                    \
-        var = der_oid_##name##WithRSAEncryption;                        \
-        var##_sz = sizeof(der_oid_##name##WithRSAEncryption);           \
-        break;
-
-int DER_w_algorithmIdentifier_RSA_with(WPACKET *pkt, int tag,
-                                       RSA *rsa, int mdnid)
-{
-    const unsigned char *precompiled = NULL;
-    size_t precompiled_sz = 0;
-
-    switch (mdnid) {
-#ifndef FIPS_MODULE
-        MD_with_RSA_CASE(md2, precompiled);
-        MD_with_RSA_CASE(md5, precompiled);
-        MD_with_RSA_CASE(md4, precompiled);
-        MD_with_RSA_CASE(ripemd160, precompiled);
-/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
-#endif
-        MD_with_RSA_CASE(sha1, precompiled);
-        MD_with_RSA_CASE(sha224, precompiled);
-        MD_with_RSA_CASE(sha256, precompiled);
-        MD_with_RSA_CASE(sha384, precompiled);
-        MD_with_RSA_CASE(sha512, precompiled);
-        MD_with_RSA_CASE(sha512_224, precompiled);
-        MD_with_RSA_CASE(sha512_256, precompiled);
-        MD_with_RSA_CASE(sha3_224, precompiled);
-        MD_with_RSA_CASE(sha3_256, precompiled);
-        MD_with_RSA_CASE(sha3_384, precompiled);
-        MD_with_RSA_CASE(sha3_512, precompiled);
-    default:
-        return 0;
-    }
-
-    return DER_w_begin_sequence(pkt, tag)
-        /* No parameters (yet?) */
-        && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
-        && DER_w_end_sequence(pkt, tag);
-}
diff --git a/providers/common/der/der_rsa_sig.c b/providers/common/der/der_rsa_sig.c
new file mode 100644
index 0000000000..a1ab263dc1
--- /dev/null
+++ b/providers/common/der/der_rsa_sig.c
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/obj_mac.h>
+#include "internal/packet.h"
+#include "prov/der_rsa.h"
+#include "prov/der_digests.h"
+
+/* Aliases so we can have a uniform MD_with_RSA_CASE */
+#define der_oid_sha3_224WithRSAEncryption \
+    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_224
+#define der_oid_sha3_256WithRSAEncryption \
+    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_256
+#define der_oid_sha3_384WithRSAEncryption \
+    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_384
+#define der_oid_sha3_512WithRSAEncryption \
+    der_oid_id_rsassa_pkcs1_v1_5_with_sha3_512
+
+#define MD_with_RSA_CASE(name, var)                                     \
+    case NID_##name:                                                    \
+        var = der_oid_##name##WithRSAEncryption;                        \
+        var##_sz = sizeof(der_oid_##name##WithRSAEncryption);           \
+        break;
+
+int DER_w_algorithmIdentifier_MDWithRSAEncryption(WPACKET *pkt, int tag,
+                                                  RSA *rsa, int mdnid)
+{
+    const unsigned char *precompiled = NULL;
+    size_t precompiled_sz = 0;
+
+    switch (mdnid) {
+#ifndef FIPS_MODULE
+        MD_with_RSA_CASE(md2, precompiled);
+        MD_with_RSA_CASE(md5, precompiled);
+        MD_with_RSA_CASE(md4, precompiled);
+        MD_with_RSA_CASE(ripemd160, precompiled);
+/* TODO(3.0) Decide what to do about mdc2 and md5_sha1 */
+#endif
+        MD_with_RSA_CASE(sha1, precompiled);
+        MD_with_RSA_CASE(sha224, precompiled);
+        MD_with_RSA_CASE(sha256, precompiled);
+        MD_with_RSA_CASE(sha384, precompiled);
+        MD_with_RSA_CASE(sha512, precompiled);
+        MD_with_RSA_CASE(sha512_224, precompiled);
+        MD_with_RSA_CASE(sha512_256, precompiled);
+        MD_with_RSA_CASE(sha3_224, precompiled);
+        MD_with_RSA_CASE(sha3_256, precompiled);
+        MD_with_RSA_CASE(sha3_384, precompiled);
+        MD_with_RSA_CASE(sha3_512, precompiled);
+    default:
+        return 0;
+    }
+
+    return DER_w_begin_sequence(pkt, tag)
+        /* No parameters (yet?) */
+        && DER_w_precompiled(pkt, -1, precompiled, precompiled_sz)
+        && DER_w_end_sequence(pkt, tag);
+}
diff --git a/providers/common/der/oids_to_c.pm b/providers/common/der/oids_to_c.pm
index 64e6c07df3..dee326316b 100644
--- a/providers/common/der/oids_to_c.pm
+++ b/providers/common/der/oids_to_c.pm
@@ -28,12 +28,19 @@ use Data::Dumper;
 sub filter_to_H {
     my ($name, $comment) = @{ shift() };
     my @oid_nums = @_;
+    my $oid_size = scalar @oid_nums;
 
+    (my $C_comment = $comment) =~ s|^| * |msg;
+    $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne '';
     (my $C_name = $name) =~ s|-|_|g;
     my $C_bytes_size = 2 + scalar @_;
+    my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums );
 
     return <<"_____";
-extern const unsigned char der_oid_${C_name}[$C_bytes_size];
+$C_comment
+#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes}
+#define DER_OID_SZ_${C_name} ${C_bytes_size}
+extern const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}];
 _____
 }
 
@@ -48,12 +55,9 @@ sub filter_to_C {
     $C_comment = "\n/*\n${C_comment}\n */" if $C_comment ne '';
     (my $C_name = $name) =~ s|-|_|g;
     my $C_bytes_size = 2 + $oid_size;
-    my $C_bytes = join(', ', map { sprintf("0x%02X", $_) } @oid_nums );
 
     return <<"_____";
 $C_comment
-#define DER_OID_V_${C_name} DER_P_OBJECT, $oid_size, ${C_bytes}
-#define DER_OID_SZ_${C_name} ${C_bytes_size}
 const unsigned char der_oid_${C_name}[DER_OID_SZ_${C_name}] = {
     DER_OID_V_${C_name}
 };
diff --git a/providers/implementations/signature/dsa.c b/providers/implementations/signature/dsa.c
index bfab22488f..9227cb181c 100644
--- a/providers/implementations/signature/dsa.c
+++ b/providers/implementations/signature/dsa.c
@@ -177,7 +177,8 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
          */
         ctx->aid_len = 0;
         if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
-            && DER_w_algorithmIdentifier_DSA_with(&pkt, -1, ctx->dsa, md_nid)
+            && DER_w_algorithmIdentifier_DSA_with_MD(&pkt, -1, ctx->dsa,
+                                                     md_nid)
             && WPACKET_finish(&pkt)) {
             WPACKET_get_total_written(&pkt, &ctx->aid_len);
             ctx->aid = WPACKET_get_curr(&pkt);
diff --git a/providers/implementations/signature/ecdsa.c b/providers/implementations/signature/ecdsa.c
index 267950d537..d96f597a92 100644
--- a/providers/implementations/signature/ecdsa.c
+++ b/providers/implementations/signature/ecdsa.c
@@ -238,7 +238,7 @@ static int ecdsa_digest_signverify_init(void *vctx, const char *mdname,
      */
     ctx->aid_len = 0;
     if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
-        && DER_w_algorithmIdentifier_ECDSA_with(&pkt, -1, ctx->ec, md_nid)
+        && DER_w_algorithmIdentifier_ECDSA_with_MD(&pkt, -1, ctx->ec, md_nid)
         && WPACKET_finish(&pkt)) {
         WPACKET_get_total_written(&pkt, &ctx->aid_len);
         ctx->aid = WPACKET_get_curr(&pkt);
diff --git a/providers/implementations/signature/rsa.c b/providers/implementations/signature/rsa.c
index 4dc3a89878..6f62c2b648 100644
--- a/providers/implementations/signature/rsa.c
+++ b/providers/implementations/signature/rsa.c
@@ -254,7 +254,8 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
          */
         ctx->aid_len = 0;
         if (WPACKET_init_der(&pkt, ctx->aid_buf, sizeof(ctx->aid_buf))
-            && DER_w_algorithmIdentifier_RSA_with(&pkt, -1, ctx->rsa, md_nid)
+            && DER_w_algorithmIdentifier_MDWithRSAEncryption(&pkt, -1, ctx->rsa,
+                                                             md_nid)
             && WPACKET_finish(&pkt)) {
             WPACKET_get_total_written(&pkt, &ctx->aid_len);
             ctx->aid = WPACKET_get_curr(&pkt);


More information about the openssl-commits mailing list