provider: Don't allow to use XOF digests

Check if the selected digest is an XOF digest and fail if so.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Author: ifranzki

src/provider/dh_keyexch.c

@@ -685,6 +685,13 @@ static int ibmca_keyexch_dh_set_ctx_params(void *vctx,
             return 0;
         }
 
+        if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+            put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                             "XOF Digest '%s' is not allowed", name);
+            EVP_MD_free(md);
+            return 0;
+        }
+
         if (ctx->dh.derive.kdf_md != NULL)
             EVP_MD_free(ctx->dh.derive.kdf_md);
         ctx->dh.derive.kdf_md = md;

src/provider/ec_keyexch.c

@@ -636,6 +636,13 @@ static int ibmca_keyexch_ec_set_ctx_params(void *vctx,
             return 0;
         }
 
+        if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+            put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                             "XOF Digest '%s' is not allowed", name);
+            EVP_MD_free(md);
+            return 0;
+        }
+
         if (ctx->ec.derive.kdf_md != NULL)
             EVP_MD_free(ctx->ec.derive.kdf_md);
         ctx->ec.derive.kdf_md = md;

src/provider/ec_signature.c

@@ -212,6 +212,13 @@ static int ibmca_signature_ec_set_md(struct ibmca_op_ctx *ctx,
         return 0;
     }
 
+    if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+        put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                         "XOF Digest '%s' is not allowed", mdname);
+        EVP_MD_free(md);
+        return 0;
+    }
+
     if (ctx->ec.signature.md != NULL)
         EVP_MD_free(ctx->ec.signature.md);
 

src/provider/rsa_asym_cipher.c

@@ -303,6 +303,15 @@ static int ibmca_asym_cipher_rsa_set_ctx_params(void *vctx,
                                   "Failed to fetch default OAEP digest");
                     return 0;
                 }
+
+                if ((EVP_MD_get_flags(ctx->rsa.cipher.oaep_md) &
+                                                        EVP_MD_FLAG_XOF) != 0) {
+                    put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                                     "XOF Digest '%s' is not allowed", name);
+                    EVP_MD_free(ctx->rsa.cipher.oaep_md);
+                    ctx->rsa.cipher.oaep_md = NULL;
+                    return 0;
+                }
             }
             break;
         case RSA_PKCS1_PSS_PADDING: /* PSS is for signatures only */
@@ -337,6 +346,15 @@ static int ibmca_asym_cipher_rsa_set_ctx_params(void *vctx,
                               "Invalid RSA OAEP digest: '%s'", name);
             return 0;
         }
+
+        if ((EVP_MD_get_flags(ctx->rsa.cipher.oaep_md) &
+                                                EVP_MD_FLAG_XOF) != 0) {
+            put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                             "XOF Digest '%s' is not allowed", name);
+            EVP_MD_free(ctx->rsa.cipher.oaep_md);
+            ctx->rsa.cipher.oaep_md = NULL;
+            return 0;
+        }
     }
 
     /* OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS */
@@ -361,6 +379,15 @@ static int ibmca_asym_cipher_rsa_set_ctx_params(void *vctx,
                               "Invalid RSA MGF1 digest: '%s'", name);
             return 0;
         }
+
+        if ((EVP_MD_get_flags(ctx->rsa.cipher.mgf1_md) &
+                                                EVP_MD_FLAG_XOF) != 0) {
+            put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                             "XOF Digest '%s' is not allowed", name);
+            EVP_MD_free(ctx->rsa.cipher.mgf1_md);
+            ctx->rsa.cipher.mgf1_md = NULL;
+            return 0;
+        }
     }
 
     /* OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL */

src/provider/rsa_keymgmt.c

@@ -106,6 +106,13 @@ static int ibmca_keymgmt_rsa_pss_parms_from_data(
             return 0;
         }
 
+        if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+            put_error_ctx(provctx, IBMCA_ERR_INVALID_PARAM,
+                          "XOF Digest '%s' is not allowed", name);
+            EVP_MD_free(md);
+            return 0;
+        }
+
         pss->digest_nid = EVP_MD_get_type(md);
         EVP_MD_free(md);
         pss->restricted = true;
@@ -142,6 +149,13 @@ static int ibmca_keymgmt_rsa_pss_parms_from_data(
             return 0;
         }
 
+        if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+            put_error_ctx(provctx, IBMCA_ERR_INVALID_PARAM,
+                          "XOF Digest '%s' is not allowed", name);
+            EVP_MD_free(md);
+            return 0;
+        }
+
         pss->mgf_digest_nid = EVP_MD_get_type(md);
         EVP_MD_free(md);
         pss->restricted = true;

src/provider/rsa_signature.c

@@ -228,6 +228,13 @@ static int ibmca_signature_rsa_set_md(struct ibmca_op_ctx *ctx,
         return 0;
     }
 
+    if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+        put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                         "XOF Digest '%s' is not allowed", mdname);
+        EVP_MD_free(md);
+        return 0;
+    }
+
     if (ctx->key->type == EVP_PKEY_RSA_PSS &&
         ctx->rsa.signature.pss.restricted &&
         EVP_MD_get_type(md) != ctx->rsa.signature.pss.digest_nid) {
@@ -264,6 +271,13 @@ static int ibmca_signature_rsa_set_mgf1_md(struct ibmca_op_ctx *ctx,
         return 0;
     }
 
+    if ((EVP_MD_get_flags(md) & EVP_MD_FLAG_XOF) != 0) {
+        put_error_op_ctx(ctx, IBMCA_ERR_INVALID_PARAM,
+                         "XOF Digest '%s' is not allowed", mdname);
+        EVP_MD_free(md);
+        return 0;
+    }
+
     if (ctx->key->type == EVP_PKEY_RSA_PSS &&
         ctx->rsa.signature.pss.restricted &&
         EVP_MD_get_type(md) != ctx->rsa.signature.pss.mgf_digest_nid) {