/src/openssl/crypto/evp/ctrl_params_translate.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | /* |
11 | | * Some ctrls depend on deprecated functionality. We trust that this is |
12 | | * functionality that remains internally even when 'no-deprecated' is |
13 | | * configured. When we drop #legacy EVP_PKEYs, this source should be |
14 | | * possible to drop as well. |
15 | | */ |
16 | | #include "internal/deprecated.h" |
17 | | |
18 | | #include <string.h> |
19 | | |
20 | | /* The following includes get us all the EVP_PKEY_CTRL macros */ |
21 | | #include <openssl/dh.h> |
22 | | #include <openssl/dsa.h> |
23 | | #include <openssl/ec.h> |
24 | | #include <openssl/rsa.h> |
25 | | #include <openssl/kdf.h> |
26 | | |
27 | | /* This include gets us all the OSSL_PARAM key string macros */ |
28 | | #include <openssl/core_names.h> |
29 | | |
30 | | #include <openssl/err.h> |
31 | | #include <openssl/evperr.h> |
32 | | #include <openssl/params.h> |
33 | | #include "internal/nelem.h" |
34 | | #include "internal/cryptlib.h" |
35 | | #include "internal/ffc.h" |
36 | | #include "crypto/evp.h" |
37 | | #include "crypto/dh.h" |
38 | | #include "crypto/ec.h" |
39 | | |
40 | | struct translation_ctx_st; /* Forwarding */ |
41 | | struct translation_st; /* Forwarding */ |
42 | | |
43 | | /* |
44 | | * The fixup_args functions are called with the following parameters: |
45 | | * |
46 | | * |state| The state we're called in, explained further at the |
47 | | * end of this comment. |
48 | | * |translation| The translation item, to be pilfered for data as |
49 | | * necessary. |
50 | | * |ctx| The translation context, which contains copies of |
51 | | * the following arguments, applicable according to |
52 | | * the caller. All of the attributes in this context |
53 | | * may be freely modified by the fixup_args function. |
54 | | * For cleanup, call cleanup_translation_ctx(). |
55 | | * |
56 | | * The |state| tells the fixup_args function something about the caller and |
57 | | * what they may expect: |
58 | | * |
59 | | * PKEY The fixup_args function has been called |
60 | | * from an EVP_PKEY payload getter / setter, |
61 | | * and is fully responsible for getting or |
62 | | * setting the requested data. With this |
63 | | * state, the fixup_args function is expected |
64 | | * to use or modify |*params|, depending on |
65 | | * |action_type|. |
66 | | * |
67 | | * PRE_CTRL_TO_PARAMS The fixup_args function has been called |
68 | | * POST_CTRL_TO_PARAMS from EVP_PKEY_CTX_ctrl(), to help with |
69 | | * translating the ctrl data to an OSSL_PARAM |
70 | | * element or back. The calling sequence is |
71 | | * as follows: |
72 | | * |
73 | | * 1. fixup_args(PRE_CTRL_TO_PARAMS, ...) |
74 | | * 2. EVP_PKEY_CTX_set_params() or |
75 | | * EVP_PKEY_CTX_get_params() |
76 | | * 3. fixup_args(POST_CTRL_TO_PARAMS, ...) |
77 | | * |
78 | | * With the PRE_CTRL_TO_PARAMS state, the |
79 | | * fixup_args function is expected to modify |
80 | | * the passed |*params| in whatever way |
81 | | * necessary, when |action_type == OSSL_ACTION_SET|. |
82 | | * With the POST_CTRL_TO_PARAMS state, the |
83 | | * fixup_args function is expected to modify |
84 | | * the passed |p2| in whatever way necessary, |
85 | | * when |action_type == OSSL_ACTION_GET|. |
86 | | * |
87 | | * The return value from the fixup_args call |
88 | | * with the POST_CTRL_TO_PARAMS state becomes |
89 | | * the return value back to EVP_PKEY_CTX_ctrl(). |
90 | | * |
91 | | * CLEANUP_CTRL_TO_PARAMS The cleanup_args functions has been called |
92 | | * from EVP_PKEY_CTX_ctrl(), to clean up what |
93 | | * the fixup_args function has done, if needed. |
94 | | * |
95 | | * |
96 | | * PRE_CTRL_STR_TO_PARAMS The fixup_args function has been called |
97 | | * POST_CTRL_STR_TO_PARAMS from EVP_PKEY_CTX_ctrl_str(), to help with |
98 | | * translating the ctrl_str data to an |
99 | | * OSSL_PARAM element or back. The calling |
100 | | * sequence is as follows: |
101 | | * |
102 | | * 1. fixup_args(PRE_CTRL_STR_TO_PARAMS, ...) |
103 | | * 2. EVP_PKEY_CTX_set_params() or |
104 | | * EVP_PKEY_CTX_get_params() |
105 | | * 3. fixup_args(POST_CTRL_STR_TO_PARAMS, ...) |
106 | | * |
107 | | * With the PRE_CTRL_STR_TO_PARAMS state, |
108 | | * the fixup_args function is expected to |
109 | | * modify the passed |*params| in whatever |
110 | | * way necessary, when |action_type == OSSL_ACTION_SET|. |
111 | | * With the POST_CTRL_STR_TO_PARAMS state, |
112 | | * the fixup_args function is only expected |
113 | | * to return a value. |
114 | | * |
115 | | * CLEANUP_CTRL_STR_TO_PARAMS The cleanup_args functions has been called |
116 | | * from EVP_PKEY_CTX_ctrl_str(), to clean up |
117 | | * what the fixup_args function has done, if |
118 | | * needed. |
119 | | * |
120 | | * PRE_PARAMS_TO_CTRL The fixup_args function has been called |
121 | | * POST_PARAMS_TO_CTRL from EVP_PKEY_CTX_get_params() or |
122 | | * EVP_PKEY_CTX_set_params(), to help with |
123 | | * translating the OSSL_PARAM data to the |
124 | | * corresponding EVP_PKEY_CTX_ctrl() arguments |
125 | | * or the other way around. The calling |
126 | | * sequence is as follows: |
127 | | * |
128 | | * 1. fixup_args(PRE_PARAMS_TO_CTRL, ...) |
129 | | * 2. EVP_PKEY_CTX_ctrl() |
130 | | * 3. fixup_args(POST_PARAMS_TO_CTRL, ...) |
131 | | * |
132 | | * With the PRE_PARAMS_TO_CTRL state, the |
133 | | * fixup_args function is expected to modify |
134 | | * the passed |p1| and |p2| in whatever way |
135 | | * necessary, when |action_type == OSSL_ACTION_SET|. |
136 | | * With the POST_PARAMS_TO_CTRL state, the |
137 | | * fixup_args function is expected to |
138 | | * modify the passed |*params| in whatever |
139 | | * way necessary, when |action_type == OSSL_ACTION_GET|. |
140 | | * |
141 | | * CLEANUP_PARAMS_TO_CTRL The cleanup_args functions has been called |
142 | | * from EVP_PKEY_CTX_get_params() or |
143 | | * EVP_PKEY_CTX_set_params(), to clean up what |
144 | | * the fixup_args function has done, if needed. |
145 | | */ |
146 | | enum state { |
147 | | PKEY, |
148 | | PRE_CTRL_TO_PARAMS, POST_CTRL_TO_PARAMS, CLEANUP_CTRL_TO_PARAMS, |
149 | | PRE_CTRL_STR_TO_PARAMS, POST_CTRL_STR_TO_PARAMS, CLEANUP_CTRL_STR_TO_PARAMS, |
150 | | PRE_PARAMS_TO_CTRL, POST_PARAMS_TO_CTRL, CLEANUP_PARAMS_TO_CTRL |
151 | | }; |
152 | | enum action { |
153 | | OSSL_ACTION_NONE = 0, OSSL_ACTION_GET = 1, OSSL_ACTION_SET = 2 |
154 | | }; |
155 | | typedef int fixup_args_fn(enum state state, |
156 | | const struct translation_st *translation, |
157 | | struct translation_ctx_st *ctx); |
158 | | typedef int cleanup_args_fn(enum state state, |
159 | | const struct translation_st *translation, |
160 | | struct translation_ctx_st *ctx); |
161 | | |
162 | | struct translation_ctx_st { |
163 | | /* |
164 | | * The EVP_PKEY_CTX, for calls on that structure, to be pilfered for data |
165 | | * as necessary. |
166 | | */ |
167 | | EVP_PKEY_CTX *pctx; |
168 | | /* |
169 | | * The action type (OSSL_ACTION_GET or OSSL_ACTION_SET). This may be 0 in some cases, and should |
170 | | * be modified by the fixup_args function in the PRE states. It should |
171 | | * otherwise remain untouched once set. |
172 | | */ |
173 | | enum action action_type; |
174 | | /* |
175 | | * For ctrl to params translation, the actual ctrl command number used. |
176 | | * For params to ctrl translation, 0. |
177 | | */ |
178 | | int ctrl_cmd; |
179 | | /* |
180 | | * For ctrl_str to params translation, the actual ctrl command string |
181 | | * used. In this case, the (string) value is always passed as |p2|. |
182 | | * For params to ctrl translation, this is NULL. Along with it is also |
183 | | * and indicator whether it matched |ctrl_str| or |ctrl_hexstr| in the |
184 | | * translation item. |
185 | | */ |
186 | | const char *ctrl_str; |
187 | | int ishex; |
188 | | /* the ctrl-style int argument. */ |
189 | | int p1; |
190 | | /* the ctrl-style void* argument. */ |
191 | | void *p2; |
192 | | /* a size, for passing back the |p2| size where applicable */ |
193 | | size_t sz; |
194 | | /* pointer to the OSSL_PARAM-style params array. */ |
195 | | OSSL_PARAM *params; |
196 | | |
197 | | /*- |
198 | | * The following are used entirely internally by the fixup_args functions |
199 | | * and should not be touched by the callers, at all. |
200 | | */ |
201 | | |
202 | | /* |
203 | | * Copy of the ctrl-style void* argument, if the fixup_args function |
204 | | * needs to manipulate |p2| but wants to remember original. |
205 | | */ |
206 | | void *orig_p2; |
207 | | /* Diverse types of storage for the needy. */ |
208 | | char name_buf[OSSL_MAX_NAME_SIZE]; |
209 | | void *allocated_buf; |
210 | | void *bufp; |
211 | | size_t buflen; |
212 | | }; |
213 | | |
214 | | struct translation_st { |
215 | | /*- |
216 | | * What this table item does. |
217 | | * |
218 | | * If the item has this set to 0, it means that both OSSL_ACTION_GET and OSSL_ACTION_SET are |
219 | | * supported, and |fixup_args| will determine which it is. This is to |
220 | | * support translations of ctrls where the action type depends on the |
221 | | * value of |p1| or |p2| (ctrls are really bi-directional, but are |
222 | | * seldom used that way). |
223 | | * |
224 | | * This can be also used in the lookup template when it looks up by |
225 | | * OSSL_PARAM key, to indicate if a setter or a getter called. |
226 | | */ |
227 | | enum action action_type; |
228 | | |
229 | | /*- |
230 | | * Conditions, for params->ctrl translations. |
231 | | * |
232 | | * In table item, |keytype1| and |keytype2| can be set to -1 to indicate |
233 | | * that this item supports all key types (or rather, that |fixup_args| |
234 | | * will check and return an error if it's not supported). |
235 | | * Any of these may be set to 0 to indicate that they are unset. |
236 | | */ |
237 | | int keytype1; /* The EVP_PKEY_XXX type, i.e. NIDs. #legacy */ |
238 | | int keytype2; /* Another EVP_PKEY_XXX type, used for aliases */ |
239 | | int optype; /* The operation type */ |
240 | | |
241 | | /* |
242 | | * Lookup and translation attributes |
243 | | * |
244 | | * |ctrl_num|, |ctrl_str|, |ctrl_hexstr| and |param_key| are lookup |
245 | | * attributes. |
246 | | * |
247 | | * |ctrl_num| may be 0 or that |param_key| may be NULL in the table item, |
248 | | * but not at the same time. If they are, they are simply not used for |
249 | | * lookup. |
250 | | * When |ctrl_num| == 0, no ctrl will be called. Likewise, when |
251 | | * |param_key| == NULL, no OSSL_PARAM setter/getter will be called. |
252 | | * In that case the treatment of the translation item relies entirely on |
253 | | * |fixup_args|, which is then assumed to have side effects. |
254 | | * |
255 | | * As a special case, it's possible to set |ctrl_hexstr| and assign NULL |
256 | | * to |ctrl_str|. That will signal to default_fixup_args() that the |
257 | | * value must always be interpreted as hex. |
258 | | */ |
259 | | int ctrl_num; /* EVP_PKEY_CTRL_xxx */ |
260 | | const char *ctrl_str; /* The corresponding ctrl string */ |
261 | | const char *ctrl_hexstr; /* The alternative "hex{str}" ctrl string */ |
262 | | const char *param_key; /* The corresponding OSSL_PARAM key */ |
263 | | /* |
264 | | * The appropriate OSSL_PARAM data type. This may be 0 to indicate that |
265 | | * this OSSL_PARAM may have more than one data type, depending on input |
266 | | * material. In this case, |fixup_args| is expected to check and handle |
267 | | * it. |
268 | | */ |
269 | | unsigned int param_data_type; |
270 | | |
271 | | /* |
272 | | * Fixer functions |
273 | | * |
274 | | * |fixup_args| is always called before (for OSSL_ACTION_SET) or after (for OSSL_ACTION_GET) |
275 | | * the actual ctrl / OSSL_PARAM function. |
276 | | */ |
277 | | fixup_args_fn *fixup_args; |
278 | | }; |
279 | | |
280 | | /*- |
281 | | * Fixer function implementations |
282 | | * ============================== |
283 | | */ |
284 | | |
285 | | /* |
286 | | * default_check isn't a fixer per se, but rather a helper function to |
287 | | * perform certain standard checks. |
288 | | */ |
289 | | static int default_check(enum state state, |
290 | | const struct translation_st *translation, |
291 | | const struct translation_ctx_st *ctx) |
292 | 0 | { |
293 | 0 | switch (state) { |
294 | 0 | default: |
295 | 0 | break; |
296 | 0 | case PRE_CTRL_TO_PARAMS: |
297 | 0 | if (!ossl_assert(translation != NULL)) { |
298 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
299 | 0 | return -2; |
300 | 0 | } |
301 | 0 | if (!ossl_assert(translation->param_key != 0) |
302 | 0 | || !ossl_assert(translation->param_data_type != 0)) { |
303 | 0 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); |
304 | 0 | return -1; |
305 | 0 | } |
306 | 0 | break; |
307 | 0 | case PRE_CTRL_STR_TO_PARAMS: |
308 | | /* |
309 | | * For ctrl_str to params translation, we allow direct use of |
310 | | * OSSL_PARAM keys as ctrl_str keys. Therefore, it's possible that |
311 | | * we end up with |translation == NULL|, which is fine. The fixup |
312 | | * function will have to deal with it carefully. |
313 | | */ |
314 | 0 | if (translation != NULL) { |
315 | 0 | if (!ossl_assert(translation->action_type != OSSL_ACTION_GET)) { |
316 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
317 | 0 | return -2; |
318 | 0 | } |
319 | 0 | if (!ossl_assert(translation->param_key != NULL) |
320 | 0 | || !ossl_assert(translation->param_data_type != 0)) { |
321 | 0 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); |
322 | 0 | return 0; |
323 | 0 | } |
324 | 0 | } |
325 | 0 | break; |
326 | 0 | case PRE_PARAMS_TO_CTRL: |
327 | 0 | case POST_PARAMS_TO_CTRL: |
328 | 0 | if (!ossl_assert(translation != NULL)) { |
329 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
330 | 0 | return -2; |
331 | 0 | } |
332 | 0 | if (!ossl_assert(translation->ctrl_num != 0) |
333 | 0 | || !ossl_assert(translation->param_data_type != 0)) { |
334 | 0 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); |
335 | 0 | return -1; |
336 | 0 | } |
337 | 0 | } |
338 | | |
339 | | /* Nothing else to check */ |
340 | 0 | return 1; |
341 | 0 | } |
342 | | |
343 | | /*- |
344 | | * default_fixup_args fixes up all sorts of arguments, governed by the |
345 | | * diverse attributes in the translation item. It covers all "standard" |
346 | | * base ctrl functionality, meaning it can handle basic conversion of |
347 | | * data between p1+p2 (OSSL_ACTION_SET) or return value+p2 (OSSL_ACTION_GET) as long as the values |
348 | | * don't have extra semantics (such as NIDs, OIDs, that sort of stuff). |
349 | | * Extra semantics must be handled via specific fixup_args functions. |
350 | | * |
351 | | * The following states and action type combinations have standard handling |
352 | | * done in this function: |
353 | | * |
354 | | * PRE_CTRL_TO_PARAMS, 0 - ERROR. action type must be |
355 | | * determined by a fixup function. |
356 | | * PRE_CTRL_TO_PARAMS, OSSL_ACTION_SET |
357 | | * | OSSL_ACTION_GET - |p1| and |p2| are converted to an |
358 | | * OSSL_PARAM according to the data |
359 | | * type given in |translattion|. |
360 | | * For OSSL_PARAM_UNSIGNED_INTEGER, |
361 | | * a BIGNUM passed as |p2| is accepted. |
362 | | * POST_CTRL_TO_PARAMS, OSSL_ACTION_GET - If the OSSL_PARAM data type is a |
363 | | * STRING or PTR type, |p1| is set |
364 | | * to the OSSL_PARAM return size, and |
365 | | * |p2| is set to the string. |
366 | | * PRE_CTRL_STR_TO_PARAMS, |
367 | | * !OSSL_ACTION_SET - ERROR. That combination is not |
368 | | * supported. |
369 | | * PRE_CTRL_STR_TO_PARAMS, |
370 | | * OSSL_ACTION_SET - |p2| is taken as a string, and is |
371 | | * converted to an OSSL_PARAM in a |
372 | | * standard manner, guided by the |
373 | | * param key and data type from |
374 | | * |translation|. |
375 | | * PRE_PARAMS_TO_CTRL, OSSL_ACTION_SET - the OSSL_PARAM is converted to |
376 | | * |p1| and |p2| according to the |
377 | | * data type given in |translation| |
378 | | * For OSSL_PARAM_UNSIGNED_INTEGER, |
379 | | * if |p2| is non-NULL, then |*p2| |
380 | | * is assigned a BIGNUM, otherwise |
381 | | * |p1| is assigned an unsigned int. |
382 | | * POST_PARAMS_TO_CTRL, OSSL_ACTION_GET - |p1| and |p2| are converted to |
383 | | * an OSSL_PARAM, in the same manner |
384 | | * as for the combination of |
385 | | * PRE_CTRL_TO_PARAMS, OSSL_ACTION_SET. |
386 | | */ |
387 | | static int default_fixup_args(enum state state, |
388 | | const struct translation_st *translation, |
389 | | struct translation_ctx_st *ctx) |
390 | 0 | { |
391 | 0 | int ret; |
392 | |
|
393 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
394 | 0 | return ret; |
395 | | |
396 | 0 | switch (state) { |
397 | 0 | default: |
398 | | /* For states this function should never have been called with */ |
399 | 0 | ERR_raise_data(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, |
400 | 0 | "[action:%d, state:%d]", ctx->action_type, state); |
401 | 0 | return 0; |
402 | | |
403 | | /* |
404 | | * PRE_CTRL_TO_PARAMS and POST_CTRL_TO_PARAMS handle ctrl to params |
405 | | * translations. PRE_CTRL_TO_PARAMS is responsible for preparing |
406 | | * |*params|, and POST_CTRL_TO_PARAMS is responsible for bringing the |
407 | | * result back to |*p2| and the return value. |
408 | | */ |
409 | 0 | case PRE_CTRL_TO_PARAMS: |
410 | | /* This is ctrl to params translation, so we need an OSSL_PARAM key */ |
411 | 0 | if (ctx->action_type == OSSL_ACTION_NONE) { |
412 | | /* |
413 | | * No action type is an error here. That's a case for a |
414 | | * special fixup function. |
415 | | */ |
416 | 0 | ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, |
417 | 0 | "[action:%d, state:%d]", ctx->action_type, state); |
418 | 0 | return 0; |
419 | 0 | } |
420 | | |
421 | 0 | if (translation->optype != 0) { |
422 | 0 | if ((EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx) |
423 | 0 | && ctx->pctx->op.sig.algctx == NULL) |
424 | 0 | || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx->pctx) |
425 | 0 | && ctx->pctx->op.kex.algctx == NULL) |
426 | 0 | || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx->pctx) |
427 | 0 | && ctx->pctx->op.ciph.algctx == NULL) |
428 | 0 | || (EVP_PKEY_CTX_IS_KEM_OP(ctx->pctx) |
429 | 0 | && ctx->pctx->op.encap.algctx == NULL) |
430 | | /* |
431 | | * The following may be unnecessary, but we have them |
432 | | * for good measure... |
433 | | */ |
434 | 0 | || (EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx) |
435 | 0 | && ctx->pctx->op.keymgmt.genctx == NULL) |
436 | 0 | || (EVP_PKEY_CTX_IS_FROMDATA_OP(ctx->pctx) |
437 | 0 | && ctx->pctx->op.keymgmt.genctx == NULL)) { |
438 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
439 | | /* Uses the same return values as EVP_PKEY_CTX_ctrl */ |
440 | 0 | return -2; |
441 | 0 | } |
442 | 0 | } |
443 | | |
444 | | /* |
445 | | * OSSL_PARAM_construct_TYPE() works equally well for OSSL_ACTION_SET and OSSL_ACTION_GET. |
446 | | */ |
447 | 0 | switch (translation->param_data_type) { |
448 | 0 | case OSSL_PARAM_INTEGER: |
449 | 0 | *ctx->params = OSSL_PARAM_construct_int(translation->param_key, |
450 | 0 | &ctx->p1); |
451 | 0 | break; |
452 | 0 | case OSSL_PARAM_UNSIGNED_INTEGER: |
453 | | /* |
454 | | * BIGNUMs are passed via |p2|. For all ctrl's that just want |
455 | | * to pass a simple integer via |p1|, |p2| is expected to be |
456 | | * NULL. |
457 | | * |
458 | | * Note that this allocates a buffer, which the cleanup function |
459 | | * must deallocate. |
460 | | */ |
461 | 0 | if (ctx->p2 != NULL) { |
462 | 0 | if (ctx->action_type == OSSL_ACTION_SET) { |
463 | 0 | ctx->buflen = BN_num_bytes(ctx->p2); |
464 | 0 | if ((ctx->allocated_buf |
465 | 0 | = OPENSSL_malloc(ctx->buflen)) == NULL) |
466 | 0 | return 0; |
467 | 0 | if (BN_bn2nativepad(ctx->p2, |
468 | 0 | ctx->allocated_buf, ctx->buflen) < 0) { |
469 | 0 | OPENSSL_free(ctx->allocated_buf); |
470 | 0 | ctx->allocated_buf = NULL; |
471 | 0 | return 0; |
472 | 0 | } |
473 | 0 | *ctx->params = |
474 | 0 | OSSL_PARAM_construct_BN(translation->param_key, |
475 | 0 | ctx->allocated_buf, |
476 | 0 | ctx->buflen); |
477 | 0 | } else { |
478 | | /* |
479 | | * No support for getting a BIGNUM by ctrl, this needs |
480 | | * fixup_args function support. |
481 | | */ |
482 | 0 | ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, |
483 | 0 | "[action:%d, state:%d] trying to get a " |
484 | 0 | "BIGNUM via ctrl call", |
485 | 0 | ctx->action_type, state); |
486 | 0 | return 0; |
487 | 0 | } |
488 | 0 | } else { |
489 | 0 | *ctx->params = |
490 | 0 | OSSL_PARAM_construct_uint(translation->param_key, |
491 | 0 | (unsigned int *)&ctx->p1); |
492 | 0 | } |
493 | 0 | break; |
494 | 0 | case OSSL_PARAM_UTF8_STRING: |
495 | 0 | *ctx->params = |
496 | 0 | OSSL_PARAM_construct_utf8_string(translation->param_key, |
497 | 0 | ctx->p2, (size_t)ctx->p1); |
498 | 0 | break; |
499 | 0 | case OSSL_PARAM_UTF8_PTR: |
500 | 0 | *ctx->params = |
501 | 0 | OSSL_PARAM_construct_utf8_ptr(translation->param_key, |
502 | 0 | ctx->p2, (size_t)ctx->p1); |
503 | 0 | break; |
504 | 0 | case OSSL_PARAM_OCTET_STRING: |
505 | 0 | *ctx->params = |
506 | 0 | OSSL_PARAM_construct_octet_string(translation->param_key, |
507 | 0 | ctx->p2, (size_t)ctx->p1); |
508 | 0 | break; |
509 | 0 | case OSSL_PARAM_OCTET_PTR: |
510 | 0 | *ctx->params = |
511 | 0 | OSSL_PARAM_construct_octet_ptr(translation->param_key, |
512 | 0 | ctx->p2, (size_t)ctx->p1); |
513 | 0 | break; |
514 | 0 | } |
515 | 0 | break; |
516 | 0 | case POST_CTRL_TO_PARAMS: |
517 | | /* |
518 | | * Because EVP_PKEY_CTX_ctrl() returns the length of certain objects |
519 | | * as its return value, we need to ensure that we do it here as well, |
520 | | * for the OSSL_PARAM data types where this makes sense. |
521 | | */ |
522 | 0 | if (ctx->action_type == OSSL_ACTION_GET) { |
523 | 0 | switch (translation->param_data_type) { |
524 | 0 | case OSSL_PARAM_UTF8_STRING: |
525 | 0 | case OSSL_PARAM_UTF8_PTR: |
526 | 0 | case OSSL_PARAM_OCTET_STRING: |
527 | 0 | case OSSL_PARAM_OCTET_PTR: |
528 | 0 | ctx->p1 = (int)ctx->params[0].return_size; |
529 | 0 | break; |
530 | 0 | } |
531 | 0 | } |
532 | 0 | break; |
533 | | |
534 | | /* |
535 | | * PRE_CTRL_STR_TO_PARAMS and POST_CTRL_STR_TO_PARAMS handle ctrl_str to |
536 | | * params translations. PRE_CTRL_TO_PARAMS is responsible for preparing |
537 | | * |*params|, and POST_CTRL_TO_PARAMS currently has nothing to do, since |
538 | | * there's no support for getting data via ctrl_str calls. |
539 | | */ |
540 | 0 | case PRE_CTRL_STR_TO_PARAMS: |
541 | 0 | { |
542 | | /* This is ctrl_str to params translation */ |
543 | 0 | const char *tmp_ctrl_str = ctx->ctrl_str; |
544 | 0 | const char *orig_ctrl_str = ctx->ctrl_str; |
545 | 0 | const char *orig_value = ctx->p2; |
546 | 0 | const OSSL_PARAM *settable = NULL; |
547 | 0 | int exists = 0; |
548 | | |
549 | | /* Only setting is supported here */ |
550 | 0 | if (ctx->action_type != OSSL_ACTION_SET) { |
551 | 0 | ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, |
552 | 0 | "[action:%d, state:%d] only setting allowed", |
553 | 0 | ctx->action_type, state); |
554 | 0 | return 0; |
555 | 0 | } |
556 | | |
557 | | /* |
558 | | * If no translation exists, we simply pass the control string |
559 | | * unmodified. |
560 | | */ |
561 | 0 | if (translation != NULL) { |
562 | 0 | tmp_ctrl_str = ctx->ctrl_str = translation->param_key; |
563 | |
|
564 | 0 | if (ctx->ishex) { |
565 | 0 | strcpy(ctx->name_buf, "hex"); |
566 | 0 | if (OPENSSL_strlcat(ctx->name_buf, tmp_ctrl_str, |
567 | 0 | sizeof(ctx->name_buf)) <= 3) { |
568 | 0 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); |
569 | 0 | return -1; |
570 | 0 | } |
571 | 0 | tmp_ctrl_str = ctx->name_buf; |
572 | 0 | } |
573 | 0 | } |
574 | | |
575 | 0 | settable = EVP_PKEY_CTX_settable_params(ctx->pctx); |
576 | 0 | if (!OSSL_PARAM_allocate_from_text(ctx->params, settable, |
577 | 0 | tmp_ctrl_str, |
578 | 0 | ctx->p2, strlen(ctx->p2), |
579 | 0 | &exists)) { |
580 | 0 | if (!exists) { |
581 | 0 | ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED, |
582 | 0 | "[action:%d, state:%d] name=%s, value=%s", |
583 | 0 | ctx->action_type, state, |
584 | 0 | orig_ctrl_str, orig_value); |
585 | 0 | return -2; |
586 | 0 | } |
587 | 0 | return 0; |
588 | 0 | } |
589 | 0 | ctx->allocated_buf = ctx->params->data; |
590 | 0 | ctx->buflen = ctx->params->data_size; |
591 | 0 | } |
592 | 0 | break; |
593 | 0 | case POST_CTRL_STR_TO_PARAMS: |
594 | | /* Nothing to be done */ |
595 | 0 | break; |
596 | | |
597 | | /* |
598 | | * PRE_PARAMS_TO_CTRL and POST_PARAMS_TO_CTRL handle params to ctrl |
599 | | * translations. PRE_PARAMS_TO_CTRL is responsible for preparing |
600 | | * |p1| and |p2|, and POST_PARAMS_TO_CTRL is responsible for bringing |
601 | | * the EVP_PKEY_CTX_ctrl() return value (passed as |p1|) and |p2| back |
602 | | * to |*params|. |
603 | | * |
604 | | * PKEY is treated just like POST_PARAMS_TO_CTRL, making it easy |
605 | | * for the related fixup_args functions to just set |p1| and |p2| |
606 | | * appropriately and leave it to this section of code to fix up |
607 | | * |ctx->params| accordingly. |
608 | | */ |
609 | 0 | case PKEY: |
610 | 0 | case POST_PARAMS_TO_CTRL: |
611 | 0 | ret = ctx->p1; |
612 | | /* FALLTHRU */ |
613 | 0 | case PRE_PARAMS_TO_CTRL: |
614 | 0 | { |
615 | | /* This is params to ctrl translation */ |
616 | 0 | if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET) { |
617 | | /* For the PRE state, only setting needs some work to be done */ |
618 | | |
619 | | /* When setting, we populate |p1| and |p2| from |*params| */ |
620 | 0 | switch (translation->param_data_type) { |
621 | 0 | case OSSL_PARAM_INTEGER: |
622 | 0 | return OSSL_PARAM_get_int(ctx->params, &ctx->p1); |
623 | 0 | case OSSL_PARAM_UNSIGNED_INTEGER: |
624 | 0 | if (ctx->p2 != NULL) { |
625 | | /* BIGNUM passed down with p2 */ |
626 | 0 | if (!OSSL_PARAM_get_BN(ctx->params, ctx->p2)) |
627 | 0 | return 0; |
628 | 0 | } else { |
629 | | /* Normal C unsigned int passed down */ |
630 | 0 | if (!OSSL_PARAM_get_uint(ctx->params, |
631 | 0 | (unsigned int *)&ctx->p1)) |
632 | 0 | return 0; |
633 | 0 | } |
634 | 0 | return 1; |
635 | 0 | case OSSL_PARAM_UTF8_STRING: |
636 | 0 | return OSSL_PARAM_get_utf8_string(ctx->params, |
637 | 0 | ctx->p2, ctx->sz); |
638 | 0 | case OSSL_PARAM_OCTET_STRING: |
639 | 0 | return OSSL_PARAM_get_octet_string(ctx->params, |
640 | 0 | &ctx->p2, ctx->sz, |
641 | 0 | (size_t *)&ctx->p1); |
642 | 0 | case OSSL_PARAM_OCTET_PTR: |
643 | 0 | return OSSL_PARAM_get_octet_ptr(ctx->params, |
644 | 0 | ctx->p2, &ctx->sz); |
645 | 0 | default: |
646 | 0 | ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, |
647 | 0 | "[action:%d, state:%d] " |
648 | 0 | "unknown OSSL_PARAM data type %d", |
649 | 0 | ctx->action_type, state, |
650 | 0 | translation->param_data_type); |
651 | 0 | return 0; |
652 | 0 | } |
653 | 0 | } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY) |
654 | 0 | && ctx->action_type == OSSL_ACTION_GET) { |
655 | | /* For the POST state, only getting needs some work to be done */ |
656 | 0 | unsigned int param_data_type = translation->param_data_type; |
657 | 0 | size_t size = (size_t)ctx->p1; |
658 | |
|
659 | 0 | if (state == PKEY) |
660 | 0 | size = ctx->sz; |
661 | 0 | if (param_data_type == 0) { |
662 | | /* we must have a fixup_args function to work */ |
663 | 0 | if (!ossl_assert(translation->fixup_args != NULL)) { |
664 | 0 | ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); |
665 | 0 | return 0; |
666 | 0 | } |
667 | 0 | param_data_type = ctx->params->data_type; |
668 | 0 | } |
669 | | /* When getting, we populate |*params| from |p1| and |p2| */ |
670 | 0 | switch (param_data_type) { |
671 | 0 | case OSSL_PARAM_INTEGER: |
672 | 0 | return OSSL_PARAM_set_int(ctx->params, ctx->p1); |
673 | 0 | case OSSL_PARAM_UNSIGNED_INTEGER: |
674 | 0 | if (ctx->p2 != NULL) { |
675 | | /* BIGNUM passed back */ |
676 | 0 | return OSSL_PARAM_set_BN(ctx->params, ctx->p2); |
677 | 0 | } else { |
678 | | /* Normal C unsigned int passed back */ |
679 | 0 | return OSSL_PARAM_set_uint(ctx->params, |
680 | 0 | (unsigned int)ctx->p1); |
681 | 0 | } |
682 | 0 | return 0; |
683 | 0 | case OSSL_PARAM_UTF8_STRING: |
684 | 0 | return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2); |
685 | 0 | case OSSL_PARAM_OCTET_STRING: |
686 | 0 | return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2, |
687 | 0 | size); |
688 | 0 | case OSSL_PARAM_OCTET_PTR: |
689 | 0 | return OSSL_PARAM_set_octet_ptr(ctx->params, *(void **)ctx->p2, |
690 | 0 | size); |
691 | 0 | default: |
692 | 0 | ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED, |
693 | 0 | "[action:%d, state:%d] " |
694 | 0 | "unsupported OSSL_PARAM data type %d", |
695 | 0 | ctx->action_type, state, |
696 | 0 | translation->param_data_type); |
697 | 0 | return 0; |
698 | 0 | } |
699 | 0 | } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) { |
700 | 0 | if (translation->param_data_type == OSSL_PARAM_OCTET_PTR) |
701 | 0 | ctx->p2 = &ctx->bufp; |
702 | 0 | } |
703 | 0 | } |
704 | | /* Any other combination is simply pass-through */ |
705 | 0 | break; |
706 | 0 | } |
707 | 0 | return ret; |
708 | 0 | } |
709 | | |
710 | | static int |
711 | | cleanup_translation_ctx(enum state state, |
712 | | const struct translation_st *translation, |
713 | | struct translation_ctx_st *ctx) |
714 | 0 | { |
715 | 0 | if (ctx->allocated_buf != NULL) |
716 | 0 | OPENSSL_free(ctx->allocated_buf); |
717 | 0 | ctx->allocated_buf = NULL; |
718 | 0 | return 1; |
719 | 0 | } |
720 | | |
721 | | /* |
722 | | * fix_cipher_md fixes up an EVP_CIPHER / EVP_MD to its name on OSSL_ACTION_SET, |
723 | | * and cipher / md name to EVP_MD on OSSL_ACTION_GET. |
724 | | */ |
725 | | static const char *get_cipher_name(void *cipher) |
726 | 0 | { |
727 | 0 | return EVP_CIPHER_get0_name(cipher); |
728 | 0 | } |
729 | | |
730 | | static const char *get_md_name(void *md) |
731 | 0 | { |
732 | 0 | return EVP_MD_get0_name(md); |
733 | 0 | } |
734 | | |
735 | | static const void *get_cipher_by_name(OSSL_LIB_CTX *libctx, const char *name) |
736 | 0 | { |
737 | 0 | return evp_get_cipherbyname_ex(libctx, name); |
738 | 0 | } |
739 | | |
740 | | static const void *get_md_by_name(OSSL_LIB_CTX *libctx, const char *name) |
741 | 0 | { |
742 | 0 | return evp_get_digestbyname_ex(libctx, name); |
743 | 0 | } |
744 | | |
745 | | static int fix_cipher_md(enum state state, |
746 | | const struct translation_st *translation, |
747 | | struct translation_ctx_st *ctx, |
748 | | const char *(*get_name)(void *algo), |
749 | | const void *(*get_algo_by_name)(OSSL_LIB_CTX *libctx, |
750 | | const char *name)) |
751 | 0 | { |
752 | 0 | int ret = 1; |
753 | |
|
754 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
755 | 0 | return ret; |
756 | | |
757 | 0 | if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) { |
758 | | /* |
759 | | * |ctx->p2| contains the address to an EVP_CIPHER or EVP_MD pointer |
760 | | * to be filled in. We need to remember it, then make |ctx->p2| |
761 | | * point at a buffer to be filled in with the name, and |ctx->p1| |
762 | | * with its size. default_fixup_args() will take care of the rest |
763 | | * for us. |
764 | | */ |
765 | 0 | ctx->orig_p2 = ctx->p2; |
766 | 0 | ctx->p2 = ctx->name_buf; |
767 | 0 | ctx->p1 = sizeof(ctx->name_buf); |
768 | 0 | } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) { |
769 | | /* |
770 | | * In different parts of OpenSSL, this ctrl command is used |
771 | | * differently. Some calls pass a NID as p1, others pass an |
772 | | * EVP_CIPHER pointer as p2... |
773 | | */ |
774 | 0 | ctx->p2 = (char *)(ctx->p2 == NULL |
775 | 0 | ? OBJ_nid2sn(ctx->p1) |
776 | 0 | : get_name(ctx->p2)); |
777 | 0 | ctx->p1 = strlen(ctx->p2); |
778 | 0 | } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) { |
779 | 0 | ctx->p2 = (ctx->p2 == NULL ? "" : (char *)get_name(ctx->p2)); |
780 | 0 | ctx->p1 = strlen(ctx->p2); |
781 | 0 | } |
782 | |
|
783 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
784 | 0 | return ret; |
785 | | |
786 | 0 | if (state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) { |
787 | | /* |
788 | | * Here's how we reuse |ctx->orig_p2| that was set in the |
789 | | * PRE_CTRL_TO_PARAMS state above. |
790 | | */ |
791 | 0 | *(void **)ctx->orig_p2 = |
792 | 0 | (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2); |
793 | 0 | ctx->p1 = 1; |
794 | 0 | } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET) { |
795 | 0 | ctx->p2 = (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2); |
796 | 0 | ctx->p1 = 0; |
797 | 0 | } |
798 | |
|
799 | 0 | return ret; |
800 | 0 | } |
801 | | |
802 | | static int fix_cipher(enum state state, |
803 | | const struct translation_st *translation, |
804 | | struct translation_ctx_st *ctx) |
805 | 0 | { |
806 | 0 | return fix_cipher_md(state, translation, ctx, |
807 | 0 | get_cipher_name, get_cipher_by_name); |
808 | 0 | } |
809 | | |
810 | | static int fix_md(enum state state, |
811 | | const struct translation_st *translation, |
812 | | struct translation_ctx_st *ctx) |
813 | 0 | { |
814 | 0 | return fix_cipher_md(state, translation, ctx, |
815 | 0 | get_md_name, get_md_by_name); |
816 | 0 | } |
817 | | |
818 | | static int fix_distid_len(enum state state, |
819 | | const struct translation_st *translation, |
820 | | struct translation_ctx_st *ctx) |
821 | 0 | { |
822 | 0 | int ret = default_fixup_args(state, translation, ctx); |
823 | |
|
824 | 0 | if (ret > 0) { |
825 | 0 | ret = 0; |
826 | 0 | if ((state == POST_CTRL_TO_PARAMS |
827 | 0 | || state == POST_CTRL_STR_TO_PARAMS) && ctx->action_type == OSSL_ACTION_GET) { |
828 | 0 | *(size_t *)ctx->p2 = ctx->sz; |
829 | 0 | ret = 1; |
830 | 0 | } |
831 | 0 | } |
832 | 0 | return ret; |
833 | 0 | } |
834 | | |
835 | | struct kdf_type_map_st { |
836 | | int kdf_type_num; |
837 | | const char *kdf_type_str; |
838 | | }; |
839 | | |
840 | | static int fix_kdf_type(enum state state, |
841 | | const struct translation_st *translation, |
842 | | struct translation_ctx_st *ctx, |
843 | | const struct kdf_type_map_st *kdf_type_map) |
844 | 0 | { |
845 | | /* |
846 | | * The EVP_PKEY_CTRL_DH_KDF_TYPE ctrl command is a bit special, in |
847 | | * that it's used both for setting a value, and for getting it, all |
848 | | * depending on the value if |p1|; if |p1| is -2, the backend is |
849 | | * supposed to place the current kdf type in |p2|, and if not, |p1| |
850 | | * is interpreted as the new kdf type. |
851 | | */ |
852 | 0 | int ret = 0; |
853 | |
|
854 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
855 | 0 | return ret; |
856 | | |
857 | 0 | if (state == PRE_CTRL_TO_PARAMS) { |
858 | | /* |
859 | | * In |translations|, the initial value for |ctx->action_type| must |
860 | | * be OSSL_ACTION_NONE. |
861 | | */ |
862 | 0 | if (!ossl_assert(ctx->action_type == OSSL_ACTION_NONE)) |
863 | 0 | return 0; |
864 | | |
865 | | /* The action type depends on the value of *p1 */ |
866 | 0 | if (ctx->p1 == -2) { |
867 | | /* |
868 | | * The OSSL_PARAMS getter needs space to store a copy of the kdf |
869 | | * type string. We use |ctx->name_buf|, which has enough space |
870 | | * allocated. |
871 | | * |
872 | | * (this wouldn't be needed if the OSSL_xxx_PARAM_KDF_TYPE |
873 | | * had the data type OSSL_PARAM_UTF8_PTR) |
874 | | */ |
875 | 0 | ctx->p2 = ctx->name_buf; |
876 | 0 | ctx->p1 = sizeof(ctx->name_buf); |
877 | 0 | ctx->action_type = OSSL_ACTION_GET; |
878 | 0 | } else { |
879 | 0 | ctx->action_type = OSSL_ACTION_SET; |
880 | 0 | } |
881 | 0 | } |
882 | | |
883 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
884 | 0 | return ret; |
885 | | |
886 | 0 | if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) |
887 | 0 | || (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET)) { |
888 | 0 | ret = -2; |
889 | | /* Convert KDF type numbers to strings */ |
890 | 0 | for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) |
891 | 0 | if (ctx->p1 == kdf_type_map->kdf_type_num) { |
892 | 0 | ctx->p2 = (char *)kdf_type_map->kdf_type_str; |
893 | 0 | ret = 1; |
894 | 0 | break; |
895 | 0 | } |
896 | 0 | if (ret <= 0) |
897 | 0 | goto end; |
898 | 0 | ctx->p1 = strlen(ctx->p2); |
899 | 0 | } |
900 | | |
901 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
902 | 0 | return ret; |
903 | | |
904 | 0 | if ((state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) |
905 | 0 | || (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET)) { |
906 | 0 | ctx->p1 = ret = -1; |
907 | | |
908 | | /* Convert KDF type strings to numbers */ |
909 | 0 | for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++) |
910 | 0 | if (OPENSSL_strcasecmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) { |
911 | 0 | ctx->p1 = kdf_type_map->kdf_type_num; |
912 | 0 | ret = 1; |
913 | 0 | break; |
914 | 0 | } |
915 | 0 | ctx->p2 = NULL; |
916 | 0 | } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) { |
917 | 0 | ctx->p1 = -2; |
918 | 0 | } |
919 | 0 | end: |
920 | 0 | return ret; |
921 | 0 | } |
922 | | |
923 | | /* EVP_PKEY_CTRL_DH_KDF_TYPE */ |
924 | | static int fix_dh_kdf_type(enum state state, |
925 | | const struct translation_st *translation, |
926 | | struct translation_ctx_st *ctx) |
927 | 0 | { |
928 | 0 | static const struct kdf_type_map_st kdf_type_map[] = { |
929 | 0 | { EVP_PKEY_DH_KDF_NONE, "" }, |
930 | 0 | { EVP_PKEY_DH_KDF_X9_42, OSSL_KDF_NAME_X942KDF_ASN1 }, |
931 | 0 | { 0, NULL } |
932 | 0 | }; |
933 | |
|
934 | 0 | return fix_kdf_type(state, translation, ctx, kdf_type_map); |
935 | 0 | } |
936 | | |
937 | | /* EVP_PKEY_CTRL_EC_KDF_TYPE */ |
938 | | static int fix_ec_kdf_type(enum state state, |
939 | | const struct translation_st *translation, |
940 | | struct translation_ctx_st *ctx) |
941 | 0 | { |
942 | 0 | static const struct kdf_type_map_st kdf_type_map[] = { |
943 | 0 | { EVP_PKEY_ECDH_KDF_NONE, "" }, |
944 | 0 | { EVP_PKEY_ECDH_KDF_X9_63, OSSL_KDF_NAME_X963KDF }, |
945 | 0 | { 0, NULL } |
946 | 0 | }; |
947 | |
|
948 | 0 | return fix_kdf_type(state, translation, ctx, kdf_type_map); |
949 | 0 | } |
950 | | |
951 | | /* EVP_PKEY_CTRL_DH_KDF_OID, EVP_PKEY_CTRL_GET_DH_KDF_OID, ...??? */ |
952 | | static int fix_oid(enum state state, |
953 | | const struct translation_st *translation, |
954 | | struct translation_ctx_st *ctx) |
955 | 0 | { |
956 | 0 | int ret; |
957 | |
|
958 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
959 | 0 | return ret; |
960 | | |
961 | 0 | if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) |
962 | 0 | || (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET)) { |
963 | | /* |
964 | | * We're translating from ctrl to params and setting the OID, or |
965 | | * we're translating from params to ctrl and getting the OID. |
966 | | * Either way, |ctx->p2| points at an ASN1_OBJECT, and needs to have |
967 | | * that replaced with the corresponding name. |
968 | | * default_fixup_args() will then be able to convert that to the |
969 | | * corresponding OSSL_PARAM. |
970 | | */ |
971 | 0 | OBJ_obj2txt(ctx->name_buf, sizeof(ctx->name_buf), ctx->p2, 0); |
972 | 0 | ctx->p2 = (char *)ctx->name_buf; |
973 | 0 | ctx->p1 = 0; /* let default_fixup_args() figure out the length */ |
974 | 0 | } |
975 | |
|
976 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
977 | 0 | return ret; |
978 | | |
979 | 0 | if ((state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_SET) |
980 | 0 | || (state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET)) { |
981 | | /* |
982 | | * We're translating from ctrl to params and setting the OID name, |
983 | | * or we're translating from params to ctrl and getting the OID |
984 | | * name. Either way, default_fixup_args() has placed the OID name |
985 | | * in |ctx->p2|, all we need to do now is to replace that with the |
986 | | * corresponding ASN1_OBJECT. |
987 | | */ |
988 | 0 | ctx->p2 = (ASN1_OBJECT *)OBJ_txt2obj(ctx->p2, 0); |
989 | 0 | } |
990 | |
|
991 | 0 | return ret; |
992 | 0 | } |
993 | | |
994 | | /* EVP_PKEY_CTRL_DH_NID */ |
995 | | static int fix_dh_nid(enum state state, |
996 | | const struct translation_st *translation, |
997 | | struct translation_ctx_st *ctx) |
998 | 0 | { |
999 | 0 | int ret; |
1000 | |
|
1001 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1002 | 0 | return ret; |
1003 | | |
1004 | | /* This is only settable */ |
1005 | 0 | if (ctx->action_type != OSSL_ACTION_SET) |
1006 | 0 | return 0; |
1007 | | |
1008 | 0 | if (state == PRE_CTRL_TO_PARAMS) { |
1009 | 0 | if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name |
1010 | 0 | (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { |
1011 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); |
1012 | 0 | return 0; |
1013 | 0 | } |
1014 | 0 | ctx->p1 = 0; |
1015 | 0 | } |
1016 | | |
1017 | 0 | return default_fixup_args(state, translation, ctx); |
1018 | 0 | } |
1019 | | |
1020 | | /* EVP_PKEY_CTRL_DH_RFC5114 */ |
1021 | | static int fix_dh_nid5114(enum state state, |
1022 | | const struct translation_st *translation, |
1023 | | struct translation_ctx_st *ctx) |
1024 | 0 | { |
1025 | 0 | int ret; |
1026 | |
|
1027 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1028 | 0 | return ret; |
1029 | | |
1030 | | /* This is only settable */ |
1031 | 0 | if (ctx->action_type != OSSL_ACTION_SET) |
1032 | 0 | return 0; |
1033 | | |
1034 | 0 | switch (state) { |
1035 | 0 | case PRE_CTRL_TO_PARAMS: |
1036 | 0 | if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name |
1037 | 0 | (ossl_ffc_uid_to_dh_named_group(ctx->p1))) == NULL) { |
1038 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); |
1039 | 0 | return 0; |
1040 | 0 | } |
1041 | | |
1042 | 0 | ctx->p1 = 0; |
1043 | 0 | break; |
1044 | | |
1045 | 0 | case PRE_CTRL_STR_TO_PARAMS: |
1046 | 0 | if (ctx->p2 == NULL) |
1047 | 0 | return 0; |
1048 | 0 | if ((ctx->p2 = (char *)ossl_ffc_named_group_get_name |
1049 | 0 | (ossl_ffc_uid_to_dh_named_group(atoi(ctx->p2)))) == NULL) { |
1050 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); |
1051 | 0 | return 0; |
1052 | 0 | } |
1053 | | |
1054 | 0 | ctx->p1 = 0; |
1055 | 0 | break; |
1056 | | |
1057 | 0 | default: |
1058 | 0 | break; |
1059 | 0 | } |
1060 | | |
1061 | 0 | return default_fixup_args(state, translation, ctx); |
1062 | 0 | } |
1063 | | |
1064 | | /* EVP_PKEY_CTRL_DH_PARAMGEN_TYPE */ |
1065 | | static int fix_dh_paramgen_type(enum state state, |
1066 | | const struct translation_st *translation, |
1067 | | struct translation_ctx_st *ctx) |
1068 | 0 | { |
1069 | 0 | int ret; |
1070 | |
|
1071 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1072 | 0 | return ret; |
1073 | | |
1074 | | /* This is only settable */ |
1075 | 0 | if (ctx->action_type != OSSL_ACTION_SET) |
1076 | 0 | return 0; |
1077 | | |
1078 | 0 | if (state == PRE_CTRL_STR_TO_PARAMS) { |
1079 | 0 | if ((ctx->p2 = (char *)ossl_dh_gen_type_id2name(atoi(ctx->p2))) |
1080 | 0 | == NULL) { |
1081 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_VALUE); |
1082 | 0 | return 0; |
1083 | 0 | } |
1084 | 0 | ctx->p1 = strlen(ctx->p2); |
1085 | 0 | } |
1086 | | |
1087 | 0 | return default_fixup_args(state, translation, ctx); |
1088 | 0 | } |
1089 | | |
1090 | | /* EVP_PKEY_CTRL_EC_PARAM_ENC */ |
1091 | | static int fix_ec_param_enc(enum state state, |
1092 | | const struct translation_st *translation, |
1093 | | struct translation_ctx_st *ctx) |
1094 | 0 | { |
1095 | 0 | int ret; |
1096 | |
|
1097 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1098 | 0 | return ret; |
1099 | | |
1100 | | /* This is currently only settable */ |
1101 | 0 | if (ctx->action_type != OSSL_ACTION_SET) |
1102 | 0 | return 0; |
1103 | | |
1104 | 0 | if (state == PRE_CTRL_TO_PARAMS) { |
1105 | 0 | switch (ctx->p1) { |
1106 | 0 | case OPENSSL_EC_EXPLICIT_CURVE: |
1107 | 0 | ctx->p2 = OSSL_PKEY_EC_ENCODING_EXPLICIT; |
1108 | 0 | break; |
1109 | 0 | case OPENSSL_EC_NAMED_CURVE: |
1110 | 0 | ctx->p2 = OSSL_PKEY_EC_ENCODING_GROUP; |
1111 | 0 | break; |
1112 | 0 | default: |
1113 | 0 | ret = -2; |
1114 | 0 | goto end; |
1115 | 0 | } |
1116 | 0 | ctx->p1 = 0; |
1117 | 0 | } |
1118 | | |
1119 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
1120 | 0 | return ret; |
1121 | | |
1122 | 0 | if (state == PRE_PARAMS_TO_CTRL) { |
1123 | 0 | if (strcmp(ctx->p2, OSSL_PKEY_EC_ENCODING_EXPLICIT) == 0) |
1124 | 0 | ctx->p1 = OPENSSL_EC_EXPLICIT_CURVE; |
1125 | 0 | else if (strcmp(ctx->p2, OSSL_PKEY_EC_ENCODING_GROUP) == 0) |
1126 | 0 | ctx->p1 = OPENSSL_EC_NAMED_CURVE; |
1127 | 0 | else |
1128 | 0 | ctx->p1 = ret = -2; |
1129 | 0 | ctx->p2 = NULL; |
1130 | 0 | } |
1131 | |
|
1132 | 0 | end: |
1133 | 0 | if (ret == -2) |
1134 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
1135 | 0 | return ret; |
1136 | 0 | } |
1137 | | |
1138 | | /* EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID */ |
1139 | | static int fix_ec_paramgen_curve_nid(enum state state, |
1140 | | const struct translation_st *translation, |
1141 | | struct translation_ctx_st *ctx) |
1142 | 0 | { |
1143 | 0 | char *p2 = NULL; |
1144 | 0 | int ret; |
1145 | |
|
1146 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1147 | 0 | return ret; |
1148 | | |
1149 | | /* This is currently only settable */ |
1150 | 0 | if (ctx->action_type != OSSL_ACTION_SET) |
1151 | 0 | return 0; |
1152 | | |
1153 | 0 | if (state == PRE_CTRL_TO_PARAMS) { |
1154 | 0 | ctx->p2 = (char *)OBJ_nid2sn(ctx->p1); |
1155 | 0 | ctx->p1 = 0; |
1156 | 0 | } else if (state == PRE_PARAMS_TO_CTRL) { |
1157 | | /* |
1158 | | * We're translating from params to ctrl and setting the curve name. |
1159 | | * The ctrl function needs it to be a NID, but meanwhile, we need |
1160 | | * space to get the curve name from the param. |ctx->name_buf| is |
1161 | | * sufficient for that. |
1162 | | * The double indirection is necessary for default_fixup_args()'s |
1163 | | * call of OSSL_PARAM_get_utf8_string() to be done correctly. |
1164 | | */ |
1165 | 0 | p2 = ctx->name_buf; |
1166 | 0 | ctx->p2 = &p2; |
1167 | 0 | ctx->sz = sizeof(ctx->name_buf); |
1168 | 0 | } |
1169 | |
|
1170 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
1171 | 0 | return ret; |
1172 | | |
1173 | 0 | if (state == PRE_PARAMS_TO_CTRL) { |
1174 | 0 | ctx->p1 = OBJ_sn2nid(p2); |
1175 | 0 | ctx->p2 = NULL; |
1176 | 0 | } |
1177 | |
|
1178 | 0 | return ret; |
1179 | 0 | } |
1180 | | |
1181 | | /* EVP_PKEY_CTRL_EC_ECDH_COFACTOR */ |
1182 | | static int fix_ecdh_cofactor(enum state state, |
1183 | | const struct translation_st *translation, |
1184 | | struct translation_ctx_st *ctx) |
1185 | 0 | { |
1186 | | /* |
1187 | | * The EVP_PKEY_CTRL_EC_ECDH_COFACTOR ctrl command is a bit special, in |
1188 | | * that it's used both for setting a value, and for getting it, all |
1189 | | * depending on the value if |ctx->p1|; if |ctx->p1| is -2, the backend is |
1190 | | * supposed to place the current cofactor mode in |ctx->p2|, and if not, |
1191 | | * |ctx->p1| is interpreted as the new cofactor mode. |
1192 | | */ |
1193 | 0 | int ret = 0; |
1194 | |
|
1195 | 0 | if (state == PRE_CTRL_TO_PARAMS) { |
1196 | | /* |
1197 | | * The initial value for |ctx->action_type| must be zero. |
1198 | | * evp_pkey_ctrl_to_params() takes it from the translation item. |
1199 | | */ |
1200 | 0 | if (!ossl_assert(ctx->action_type == OSSL_ACTION_NONE)) |
1201 | 0 | return 0; |
1202 | | |
1203 | | /* The action type depends on the value of ctx->p1 */ |
1204 | 0 | if (ctx->p1 == -2) |
1205 | 0 | ctx->action_type = OSSL_ACTION_GET; |
1206 | 0 | else |
1207 | 0 | ctx->action_type = OSSL_ACTION_SET; |
1208 | 0 | } else if (state == PRE_CTRL_STR_TO_PARAMS) { |
1209 | 0 | ctx->action_type = OSSL_ACTION_SET; |
1210 | 0 | } else if (state == PRE_PARAMS_TO_CTRL) { |
1211 | | /* The initial value for |ctx->action_type| must not be zero. */ |
1212 | 0 | if (!ossl_assert(ctx->action_type != OSSL_ACTION_NONE)) |
1213 | 0 | return 0; |
1214 | 0 | } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_NONE) { |
1215 | 0 | ctx->action_type = OSSL_ACTION_GET; |
1216 | 0 | } |
1217 | | |
1218 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1219 | 0 | return ret; |
1220 | | |
1221 | 0 | if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) { |
1222 | 0 | if (ctx->p1 < -1 || ctx->p1 > 1) { |
1223 | | /* Uses the same return value of pkey_ec_ctrl() */ |
1224 | 0 | return -2; |
1225 | 0 | } |
1226 | 0 | } |
1227 | | |
1228 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
1229 | 0 | return ret; |
1230 | | |
1231 | 0 | if (state == POST_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) { |
1232 | 0 | if (ctx->p1 < 0 || ctx->p1 > 1) { |
1233 | | /* |
1234 | | * The provider should return either 0 or 1, any other value is a |
1235 | | * provider error. |
1236 | | */ |
1237 | 0 | ctx->p1 = ret = -1; |
1238 | 0 | } |
1239 | 0 | } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) { |
1240 | 0 | ctx->p1 = -2; |
1241 | 0 | } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) { |
1242 | 0 | ctx->p1 = ret; |
1243 | 0 | } |
1244 | |
|
1245 | 0 | return ret; |
1246 | 0 | } |
1247 | | |
1248 | | /* EVP_PKEY_CTRL_RSA_PADDING, EVP_PKEY_CTRL_GET_RSA_PADDING */ |
1249 | | static int fix_rsa_padding_mode(enum state state, |
1250 | | const struct translation_st *translation, |
1251 | | struct translation_ctx_st *ctx) |
1252 | 0 | { |
1253 | 0 | static const OSSL_ITEM str_value_map[] = { |
1254 | 0 | { RSA_PKCS1_PADDING, "pkcs1" }, |
1255 | 0 | { RSA_NO_PADDING, "none" }, |
1256 | 0 | { RSA_PKCS1_OAEP_PADDING, "oaep" }, |
1257 | 0 | { RSA_PKCS1_OAEP_PADDING, "oeap" }, |
1258 | 0 | { RSA_X931_PADDING, "x931" }, |
1259 | 0 | { RSA_PKCS1_PSS_PADDING, "pss" }, |
1260 | | /* Special case, will pass directly as an integer */ |
1261 | 0 | { RSA_PKCS1_WITH_TLS_PADDING, NULL } |
1262 | 0 | }; |
1263 | 0 | int ret; |
1264 | |
|
1265 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1266 | 0 | return ret; |
1267 | | |
1268 | 0 | if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) { |
1269 | | /* |
1270 | | * EVP_PKEY_CTRL_GET_RSA_PADDING returns the padding mode in the |
1271 | | * weirdest way for a ctrl. Instead of doing like all other ctrls |
1272 | | * that return a simple, i.e. just have that as a return value, |
1273 | | * this particular ctrl treats p2 as the address for the int to be |
1274 | | * returned. We must therefore remember |ctx->p2|, then make |
1275 | | * |ctx->p2| point at a buffer to be filled in with the name, and |
1276 | | * |ctx->p1| with its size. default_fixup_args() will take care |
1277 | | * of the rest for us, along with the POST_CTRL_TO_PARAMS && OSSL_ACTION_GET |
1278 | | * code section further down. |
1279 | | */ |
1280 | 0 | ctx->orig_p2 = ctx->p2; |
1281 | 0 | ctx->p2 = ctx->name_buf; |
1282 | 0 | ctx->p1 = sizeof(ctx->name_buf); |
1283 | 0 | } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_SET) { |
1284 | | /* |
1285 | | * Ideally, we should use utf8 strings for the diverse padding modes. |
1286 | | * We only came here because someone called EVP_PKEY_CTX_ctrl(), |
1287 | | * though, and since that can reasonably be seen as legacy code |
1288 | | * that uses the diverse RSA macros for the padding mode, and we |
1289 | | * know that at least our providers can handle the numeric modes, |
1290 | | * we take the cheap route for now. |
1291 | | * |
1292 | | * The other solution would be to match |ctx->p1| against entries |
1293 | | * in str_value_map and pass the corresponding string. However, |
1294 | | * since we don't have a string for RSA_PKCS1_WITH_TLS_PADDING, |
1295 | | * we have to do this same hack at least for that one. |
1296 | | * |
1297 | | * Since the "official" data type for the RSA padding mode is utf8 |
1298 | | * string, we cannot count on default_fixup_args(). Instead, we |
1299 | | * build the OSSL_PARAM item ourselves and return immediately. |
1300 | | */ |
1301 | 0 | ctx->params[0] = OSSL_PARAM_construct_int(translation->param_key, |
1302 | 0 | &ctx->p1); |
1303 | 0 | return 1; |
1304 | 0 | } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == OSSL_ACTION_GET) { |
1305 | 0 | size_t i; |
1306 | | |
1307 | | /* |
1308 | | * The EVP_PKEY_CTX_get_params() caller may have asked for a utf8 |
1309 | | * string, or may have asked for an integer of some sort. If they |
1310 | | * ask for an integer, we respond directly. If not, we translate |
1311 | | * the response from the ctrl function into a string. |
1312 | | */ |
1313 | 0 | switch (ctx->params->data_type) { |
1314 | 0 | case OSSL_PARAM_INTEGER: |
1315 | 0 | return OSSL_PARAM_get_int(ctx->params, &ctx->p1); |
1316 | 0 | case OSSL_PARAM_UNSIGNED_INTEGER: |
1317 | 0 | return OSSL_PARAM_get_uint(ctx->params, (unsigned int *)&ctx->p1); |
1318 | 0 | default: |
1319 | 0 | break; |
1320 | 0 | } |
1321 | | |
1322 | 0 | for (i = 0; i < OSSL_NELEM(str_value_map); i++) { |
1323 | 0 | if (ctx->p1 == (int)str_value_map[i].id) |
1324 | 0 | break; |
1325 | 0 | } |
1326 | 0 | if (i == OSSL_NELEM(str_value_map)) { |
1327 | 0 | ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, |
1328 | 0 | "[action:%d, state:%d] padding number %d", |
1329 | 0 | ctx->action_type, state, ctx->p1); |
1330 | 0 | return -2; |
1331 | 0 | } |
1332 | | /* |
1333 | | * If we don't have a string, we can't do anything. The caller |
1334 | | * should have asked for a number... |
1335 | | */ |
1336 | 0 | if (str_value_map[i].ptr == NULL) { |
1337 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
1338 | 0 | return -2; |
1339 | 0 | } |
1340 | 0 | ctx->p2 = str_value_map[i].ptr; |
1341 | 0 | ctx->p1 = strlen(ctx->p2); |
1342 | 0 | } |
1343 | | |
1344 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
1345 | 0 | return ret; |
1346 | | |
1347 | 0 | if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_PARAMS_TO_CTRL) |
1348 | 0 | || (ctx->action_type == OSSL_ACTION_GET && state == POST_CTRL_TO_PARAMS)) { |
1349 | 0 | size_t i; |
1350 | |
|
1351 | 0 | for (i = 0; i < OSSL_NELEM(str_value_map); i++) { |
1352 | 0 | if (strcmp(ctx->p2, str_value_map[i].ptr) == 0) |
1353 | 0 | break; |
1354 | 0 | } |
1355 | |
|
1356 | 0 | if (i == OSSL_NELEM(str_value_map)) { |
1357 | 0 | ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE, |
1358 | 0 | "[action:%d, state:%d] padding name %s", |
1359 | 0 | ctx->action_type, state, ctx->p1); |
1360 | 0 | ctx->p1 = ret = -2; |
1361 | 0 | } else if (state == POST_CTRL_TO_PARAMS) { |
1362 | | /* EVP_PKEY_CTRL_GET_RSA_PADDING weirdness explained further up */ |
1363 | 0 | *(int *)ctx->orig_p2 = str_value_map[i].id; |
1364 | 0 | } else { |
1365 | 0 | ctx->p1 = str_value_map[i].id; |
1366 | 0 | } |
1367 | 0 | ctx->p2 = NULL; |
1368 | 0 | } |
1369 | |
|
1370 | 0 | return ret; |
1371 | 0 | } |
1372 | | |
1373 | | /* EVP_PKEY_CTRL_RSA_PSS_SALTLEN, EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN */ |
1374 | | static int fix_rsa_pss_saltlen(enum state state, |
1375 | | const struct translation_st *translation, |
1376 | | struct translation_ctx_st *ctx) |
1377 | 0 | { |
1378 | 0 | static const OSSL_ITEM str_value_map[] = { |
1379 | 0 | { (unsigned int)RSA_PSS_SALTLEN_DIGEST, "digest" }, |
1380 | 0 | { (unsigned int)RSA_PSS_SALTLEN_MAX, "max" }, |
1381 | 0 | { (unsigned int)RSA_PSS_SALTLEN_AUTO, "auto" } |
1382 | 0 | }; |
1383 | 0 | int ret; |
1384 | |
|
1385 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1386 | 0 | return ret; |
1387 | | |
1388 | 0 | if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == OSSL_ACTION_GET) { |
1389 | | /* |
1390 | | * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN returns the saltlen by filling |
1391 | | * in the int pointed at by p2. This is potentially as weird as |
1392 | | * the way EVP_PKEY_CTRL_GET_RSA_PADDING works, except that saltlen |
1393 | | * might be a negative value, so it wouldn't work as a legitimate |
1394 | | * return value. |
1395 | | * In any case, we must therefore remember |ctx->p2|, then make |
1396 | | * |ctx->p2| point at a buffer to be filled in with the name, and |
1397 | | * |ctx->p1| with its size. default_fixup_args() will take care |
1398 | | * of the rest for us, along with the POST_CTRL_TO_PARAMS && OSSL_ACTION_GET |
1399 | | * code section further down. |
1400 | | */ |
1401 | 0 | ctx->orig_p2 = ctx->p2; |
1402 | 0 | ctx->p2 = ctx->name_buf; |
1403 | 0 | ctx->p1 = sizeof(ctx->name_buf); |
1404 | 0 | } else if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_CTRL_TO_PARAMS) |
1405 | 0 | || (ctx->action_type == OSSL_ACTION_GET && state == POST_PARAMS_TO_CTRL)) { |
1406 | 0 | size_t i; |
1407 | |
|
1408 | 0 | for (i = 0; i < OSSL_NELEM(str_value_map); i++) { |
1409 | 0 | if (ctx->p1 == (int)str_value_map[i].id) |
1410 | 0 | break; |
1411 | 0 | } |
1412 | 0 | if (i == OSSL_NELEM(str_value_map)) { |
1413 | 0 | BIO_snprintf(ctx->name_buf, sizeof(ctx->name_buf), "%d", ctx->p1); |
1414 | 0 | } else { |
1415 | | /* This won't truncate but it will quiet static analysers */ |
1416 | 0 | strncpy(ctx->name_buf, str_value_map[i].ptr, sizeof(ctx->name_buf) - 1); |
1417 | 0 | ctx->name_buf[sizeof(ctx->name_buf) - 1] = '\0'; |
1418 | 0 | } |
1419 | 0 | ctx->p2 = ctx->name_buf; |
1420 | 0 | ctx->p1 = strlen(ctx->p2); |
1421 | 0 | } |
1422 | |
|
1423 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
1424 | 0 | return ret; |
1425 | | |
1426 | 0 | if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_PARAMS_TO_CTRL) |
1427 | 0 | || (ctx->action_type == OSSL_ACTION_GET && state == POST_CTRL_TO_PARAMS)) { |
1428 | 0 | size_t i; |
1429 | 0 | int val; |
1430 | |
|
1431 | 0 | for (i = 0; i < OSSL_NELEM(str_value_map); i++) { |
1432 | 0 | if (strcmp(ctx->p2, str_value_map[i].ptr) == 0) |
1433 | 0 | break; |
1434 | 0 | } |
1435 | |
|
1436 | 0 | val = i == OSSL_NELEM(str_value_map) ? atoi(ctx->p2) |
1437 | 0 | : (int)str_value_map[i].id; |
1438 | 0 | if (state == POST_CTRL_TO_PARAMS) { |
1439 | | /* |
1440 | | * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further |
1441 | | * up |
1442 | | */ |
1443 | 0 | *(int *)ctx->orig_p2 = val; |
1444 | 0 | } else { |
1445 | 0 | ctx->p1 = val; |
1446 | 0 | } |
1447 | 0 | ctx->p2 = NULL; |
1448 | 0 | } |
1449 | |
|
1450 | 0 | return ret; |
1451 | 0 | } |
1452 | | |
1453 | | /* EVP_PKEY_CTRL_HKDF_MODE */ |
1454 | | static int fix_hkdf_mode(enum state state, |
1455 | | const struct translation_st *translation, |
1456 | | struct translation_ctx_st *ctx) |
1457 | 0 | { |
1458 | 0 | static const OSSL_ITEM str_value_map[] = { |
1459 | 0 | { EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND, "EXTRACT_AND_EXPAND" }, |
1460 | 0 | { EVP_KDF_HKDF_MODE_EXTRACT_ONLY, "EXTRACT_ONLY" }, |
1461 | 0 | { EVP_KDF_HKDF_MODE_EXPAND_ONLY, "EXPAND_ONLY" } |
1462 | 0 | }; |
1463 | 0 | int ret; |
1464 | |
|
1465 | 0 | if ((ret = default_check(state, translation, ctx)) <= 0) |
1466 | 0 | return ret; |
1467 | | |
1468 | 0 | if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_CTRL_TO_PARAMS) |
1469 | 0 | || (ctx->action_type == OSSL_ACTION_GET && state == POST_PARAMS_TO_CTRL)) { |
1470 | 0 | size_t i; |
1471 | |
|
1472 | 0 | for (i = 0; i < OSSL_NELEM(str_value_map); i++) { |
1473 | 0 | if (ctx->p1 == (int)str_value_map[i].id) |
1474 | 0 | break; |
1475 | 0 | } |
1476 | 0 | if (i == OSSL_NELEM(str_value_map)) |
1477 | 0 | return 0; |
1478 | 0 | ctx->p2 = str_value_map[i].ptr; |
1479 | 0 | ctx->p1 = strlen(ctx->p2); |
1480 | 0 | } |
1481 | | |
1482 | 0 | if ((ret = default_fixup_args(state, translation, ctx)) <= 0) |
1483 | 0 | return ret; |
1484 | | |
1485 | 0 | if ((ctx->action_type == OSSL_ACTION_SET && state == PRE_PARAMS_TO_CTRL) |
1486 | 0 | || (ctx->action_type == OSSL_ACTION_GET && state == POST_CTRL_TO_PARAMS)) { |
1487 | 0 | size_t i; |
1488 | |
|
1489 | 0 | for (i = 0; i < OSSL_NELEM(str_value_map); i++) { |
1490 | 0 | if (strcmp(ctx->p2, str_value_map[i].ptr) == 0) |
1491 | 0 | break; |
1492 | 0 | } |
1493 | 0 | if (i == OSSL_NELEM(str_value_map)) |
1494 | 0 | return 0; |
1495 | 0 | if (state == POST_CTRL_TO_PARAMS) |
1496 | 0 | ret = str_value_map[i].id; |
1497 | 0 | else |
1498 | 0 | ctx->p1 = str_value_map[i].id; |
1499 | 0 | ctx->p2 = NULL; |
1500 | 0 | } |
1501 | | |
1502 | 0 | return 1; |
1503 | 0 | } |
1504 | | |
1505 | | /*- |
1506 | | * Payload getters |
1507 | | * =============== |
1508 | | * |
1509 | | * These all get the data they want, then call default_fixup_args() as |
1510 | | * a post-ctrl OSSL_ACTION_GET fixup. They all get NULL ctx, ctrl_cmd, ctrl_str, |
1511 | | * p1, sz |
1512 | | */ |
1513 | | |
1514 | | /* Pilfering DH, DSA and EC_KEY */ |
1515 | | static int get_payload_group_name(enum state state, |
1516 | | const struct translation_st *translation, |
1517 | | struct translation_ctx_st *ctx) |
1518 | 0 | { |
1519 | 0 | EVP_PKEY *pkey = ctx->p2; |
1520 | |
|
1521 | 0 | ctx->p2 = NULL; |
1522 | 0 | switch (EVP_PKEY_get_base_id(pkey)) { |
1523 | 0 | #ifndef OPENSSL_NO_DH |
1524 | 0 | case EVP_PKEY_DH: |
1525 | 0 | { |
1526 | 0 | const DH *dh = EVP_PKEY_get0_DH(pkey); |
1527 | 0 | int uid = DH_get_nid(dh); |
1528 | |
|
1529 | 0 | if (uid != NID_undef) { |
1530 | 0 | const DH_NAMED_GROUP *dh_group = |
1531 | 0 | ossl_ffc_uid_to_dh_named_group(uid); |
1532 | |
|
1533 | 0 | ctx->p2 = (char *)ossl_ffc_named_group_get_name(dh_group); |
1534 | 0 | } |
1535 | 0 | } |
1536 | 0 | break; |
1537 | 0 | #endif |
1538 | 0 | #ifndef OPENSSL_NO_EC |
1539 | 0 | case EVP_PKEY_EC: |
1540 | 0 | { |
1541 | 0 | const EC_GROUP *grp = |
1542 | 0 | EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey)); |
1543 | 0 | int nid = NID_undef; |
1544 | |
|
1545 | 0 | if (grp != NULL) |
1546 | 0 | nid = EC_GROUP_get_curve_name(grp); |
1547 | 0 | if (nid != NID_undef) |
1548 | 0 | ctx->p2 = (char *)OSSL_EC_curve_nid2name(nid); |
1549 | 0 | } |
1550 | 0 | break; |
1551 | 0 | #endif |
1552 | 0 | default: |
1553 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); |
1554 | 0 | return 0; |
1555 | 0 | } |
1556 | | |
1557 | | /* |
1558 | | * Quietly ignoring unknown groups matches the behaviour on the provider |
1559 | | * side. |
1560 | | */ |
1561 | 0 | if (ctx->p2 == NULL) |
1562 | 0 | return 1; |
1563 | | |
1564 | 0 | ctx->p1 = strlen(ctx->p2); |
1565 | 0 | return default_fixup_args(state, translation, ctx); |
1566 | 0 | } |
1567 | | |
1568 | | static int get_payload_private_key(enum state state, |
1569 | | const struct translation_st *translation, |
1570 | | struct translation_ctx_st *ctx) |
1571 | 0 | { |
1572 | 0 | EVP_PKEY *pkey = ctx->p2; |
1573 | |
|
1574 | 0 | ctx->p2 = NULL; |
1575 | 0 | if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER) |
1576 | 0 | return 0; |
1577 | | |
1578 | 0 | switch (EVP_PKEY_get_base_id(pkey)) { |
1579 | 0 | #ifndef OPENSSL_NO_DH |
1580 | 0 | case EVP_PKEY_DH: |
1581 | 0 | { |
1582 | 0 | const DH *dh = EVP_PKEY_get0_DH(pkey); |
1583 | |
|
1584 | 0 | ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh); |
1585 | 0 | } |
1586 | 0 | break; |
1587 | 0 | #endif |
1588 | 0 | #ifndef OPENSSL_NO_EC |
1589 | 0 | case EVP_PKEY_EC: |
1590 | 0 | { |
1591 | 0 | const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey); |
1592 | |
|
1593 | 0 | ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec); |
1594 | 0 | } |
1595 | 0 | break; |
1596 | 0 | #endif |
1597 | 0 | default: |
1598 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); |
1599 | 0 | return 0; |
1600 | 0 | } |
1601 | | |
1602 | 0 | return default_fixup_args(state, translation, ctx); |
1603 | 0 | } |
1604 | | |
1605 | | static int get_payload_public_key(enum state state, |
1606 | | const struct translation_st *translation, |
1607 | | struct translation_ctx_st *ctx) |
1608 | 0 | { |
1609 | 0 | EVP_PKEY *pkey = ctx->p2; |
1610 | 0 | unsigned char *buf = NULL; |
1611 | 0 | int ret; |
1612 | |
|
1613 | 0 | ctx->p2 = NULL; |
1614 | 0 | switch (EVP_PKEY_get_base_id(pkey)) { |
1615 | 0 | #ifndef OPENSSL_NO_DH |
1616 | 0 | case EVP_PKEY_DHX: |
1617 | 0 | case EVP_PKEY_DH: |
1618 | 0 | switch (ctx->params->data_type) { |
1619 | 0 | case OSSL_PARAM_OCTET_STRING: |
1620 | 0 | ctx->sz = ossl_dh_key2buf(EVP_PKEY_get0_DH(pkey), &buf, 0, 1); |
1621 | 0 | ctx->p2 = buf; |
1622 | 0 | break; |
1623 | 0 | case OSSL_PARAM_UNSIGNED_INTEGER: |
1624 | 0 | ctx->p2 = (void *)DH_get0_pub_key(EVP_PKEY_get0_DH(pkey)); |
1625 | 0 | break; |
1626 | 0 | default: |
1627 | 0 | return 0; |
1628 | 0 | } |
1629 | 0 | break; |
1630 | 0 | #endif |
1631 | 0 | #ifndef OPENSSL_NO_DSA |
1632 | 0 | case EVP_PKEY_DSA: |
1633 | 0 | if (ctx->params->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { |
1634 | 0 | ctx->p2 = (void *)DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey)); |
1635 | 0 | break; |
1636 | 0 | } |
1637 | 0 | return 0; |
1638 | 0 | #endif |
1639 | 0 | #ifndef OPENSSL_NO_EC |
1640 | 0 | case EVP_PKEY_EC: |
1641 | 0 | if (ctx->params->data_type == OSSL_PARAM_OCTET_STRING) { |
1642 | 0 | const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); |
1643 | 0 | BN_CTX *bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey)); |
1644 | 0 | const EC_GROUP *ecg = EC_KEY_get0_group(eckey); |
1645 | 0 | const EC_POINT *point = EC_KEY_get0_public_key(eckey); |
1646 | |
|
1647 | 0 | if (bnctx == NULL) |
1648 | 0 | return 0; |
1649 | 0 | ctx->sz = EC_POINT_point2buf(ecg, point, |
1650 | 0 | POINT_CONVERSION_COMPRESSED, |
1651 | 0 | &buf, bnctx); |
1652 | 0 | ctx->p2 = buf; |
1653 | 0 | BN_CTX_free(bnctx); |
1654 | 0 | break; |
1655 | 0 | } |
1656 | 0 | return 0; |
1657 | 0 | #endif |
1658 | 0 | default: |
1659 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); |
1660 | 0 | return 0; |
1661 | 0 | } |
1662 | | |
1663 | 0 | ret = default_fixup_args(state, translation, ctx); |
1664 | 0 | OPENSSL_free(buf); |
1665 | 0 | return ret; |
1666 | 0 | } |
1667 | | |
1668 | | static int get_payload_public_key_ec(enum state state, |
1669 | | const struct translation_st *translation, |
1670 | | struct translation_ctx_st *ctx) |
1671 | 0 | { |
1672 | 0 | #ifndef OPENSSL_NO_EC |
1673 | 0 | EVP_PKEY *pkey = ctx->p2; |
1674 | 0 | const EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey); |
1675 | 0 | BN_CTX *bnctx; |
1676 | 0 | const EC_POINT *point; |
1677 | 0 | const EC_GROUP *ecg; |
1678 | 0 | BIGNUM *x = NULL; |
1679 | 0 | BIGNUM *y = NULL; |
1680 | 0 | int ret = 0; |
1681 | |
|
1682 | 0 | ctx->p2 = NULL; |
1683 | |
|
1684 | 0 | if (eckey == NULL) { |
1685 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); |
1686 | 0 | return 0; |
1687 | 0 | } |
1688 | | |
1689 | 0 | bnctx = BN_CTX_new_ex(ossl_ec_key_get_libctx(eckey)); |
1690 | 0 | if (bnctx == NULL) |
1691 | 0 | return 0; |
1692 | | |
1693 | 0 | point = EC_KEY_get0_public_key(eckey); |
1694 | 0 | ecg = EC_KEY_get0_group(eckey); |
1695 | | |
1696 | | /* Caller should have requested a BN, fail if not */ |
1697 | 0 | if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER) |
1698 | 0 | goto out; |
1699 | | |
1700 | 0 | x = BN_CTX_get(bnctx); |
1701 | 0 | y = BN_CTX_get(bnctx); |
1702 | 0 | if (y == NULL) |
1703 | 0 | goto out; |
1704 | | |
1705 | 0 | if (!EC_POINT_get_affine_coordinates(ecg, point, x, y, bnctx)) |
1706 | 0 | goto out; |
1707 | | |
1708 | 0 | if (strncmp(ctx->params->key, OSSL_PKEY_PARAM_EC_PUB_X, 2) == 0) |
1709 | 0 | ctx->p2 = x; |
1710 | 0 | else if (strncmp(ctx->params->key, OSSL_PKEY_PARAM_EC_PUB_Y, 2) == 0) |
1711 | 0 | ctx->p2 = y; |
1712 | 0 | else |
1713 | 0 | goto out; |
1714 | | |
1715 | | /* Return the payload */ |
1716 | 0 | ret = default_fixup_args(state, translation, ctx); |
1717 | 0 | out: |
1718 | 0 | BN_CTX_free(bnctx); |
1719 | 0 | return ret; |
1720 | | #else |
1721 | | ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); |
1722 | | return 0; |
1723 | | #endif |
1724 | 0 | } |
1725 | | |
1726 | | static int get_payload_bn(enum state state, |
1727 | | const struct translation_st *translation, |
1728 | | struct translation_ctx_st *ctx, const BIGNUM *bn) |
1729 | 0 | { |
1730 | 0 | if (bn == NULL) |
1731 | 0 | return 0; |
1732 | 0 | if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER) |
1733 | 0 | return 0; |
1734 | 0 | ctx->p2 = (BIGNUM *)bn; |
1735 | |
|
1736 | 0 | return default_fixup_args(state, translation, ctx); |
1737 | 0 | } |
1738 | | |
1739 | | static int get_dh_dsa_payload_p(enum state state, |
1740 | | const struct translation_st *translation, |
1741 | | struct translation_ctx_st *ctx) |
1742 | 0 | { |
1743 | 0 | const BIGNUM *bn = NULL; |
1744 | 0 | EVP_PKEY *pkey = ctx->p2; |
1745 | |
|
1746 | 0 | switch (EVP_PKEY_get_base_id(pkey)) { |
1747 | 0 | #ifndef OPENSSL_NO_DH |
1748 | 0 | case EVP_PKEY_DH: |
1749 | 0 | bn = DH_get0_p(EVP_PKEY_get0_DH(pkey)); |
1750 | 0 | break; |
1751 | 0 | #endif |
1752 | 0 | #ifndef OPENSSL_NO_DSA |
1753 | 0 | case EVP_PKEY_DSA: |
1754 | 0 | bn = DSA_get0_p(EVP_PKEY_get0_DSA(pkey)); |
1755 | 0 | break; |
1756 | 0 | #endif |
1757 | 0 | default: |
1758 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); |
1759 | 0 | } |
1760 | | |
1761 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1762 | 0 | } |
1763 | | |
1764 | | static int get_dh_dsa_payload_q(enum state state, |
1765 | | const struct translation_st *translation, |
1766 | | struct translation_ctx_st *ctx) |
1767 | 0 | { |
1768 | 0 | const BIGNUM *bn = NULL; |
1769 | |
|
1770 | 0 | switch (EVP_PKEY_get_base_id(ctx->p2)) { |
1771 | 0 | #ifndef OPENSSL_NO_DH |
1772 | 0 | case EVP_PKEY_DH: |
1773 | 0 | bn = DH_get0_q(EVP_PKEY_get0_DH(ctx->p2)); |
1774 | 0 | break; |
1775 | 0 | #endif |
1776 | 0 | #ifndef OPENSSL_NO_DSA |
1777 | 0 | case EVP_PKEY_DSA: |
1778 | 0 | bn = DSA_get0_q(EVP_PKEY_get0_DSA(ctx->p2)); |
1779 | 0 | break; |
1780 | 0 | #endif |
1781 | 0 | } |
1782 | | |
1783 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1784 | 0 | } |
1785 | | |
1786 | | static int get_dh_dsa_payload_g(enum state state, |
1787 | | const struct translation_st *translation, |
1788 | | struct translation_ctx_st *ctx) |
1789 | 0 | { |
1790 | 0 | const BIGNUM *bn = NULL; |
1791 | |
|
1792 | 0 | switch (EVP_PKEY_get_base_id(ctx->p2)) { |
1793 | 0 | #ifndef OPENSSL_NO_DH |
1794 | 0 | case EVP_PKEY_DH: |
1795 | 0 | bn = DH_get0_g(EVP_PKEY_get0_DH(ctx->p2)); |
1796 | 0 | break; |
1797 | 0 | #endif |
1798 | 0 | #ifndef OPENSSL_NO_DSA |
1799 | 0 | case EVP_PKEY_DSA: |
1800 | 0 | bn = DSA_get0_g(EVP_PKEY_get0_DSA(ctx->p2)); |
1801 | 0 | break; |
1802 | 0 | #endif |
1803 | 0 | } |
1804 | | |
1805 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1806 | 0 | } |
1807 | | |
1808 | | static int get_payload_int(enum state state, |
1809 | | const struct translation_st *translation, |
1810 | | struct translation_ctx_st *ctx, |
1811 | | const int val) |
1812 | 0 | { |
1813 | 0 | if (ctx->params->data_type != OSSL_PARAM_INTEGER) |
1814 | 0 | return 0; |
1815 | 0 | ctx->p1 = val; |
1816 | 0 | ctx->p2 = NULL; |
1817 | |
|
1818 | 0 | return default_fixup_args(state, translation, ctx); |
1819 | 0 | } |
1820 | | |
1821 | | static int get_ec_decoded_from_explicit_params(enum state state, |
1822 | | const struct translation_st *translation, |
1823 | | struct translation_ctx_st *ctx) |
1824 | 0 | { |
1825 | 0 | int val = 0; |
1826 | 0 | EVP_PKEY *pkey = ctx->p2; |
1827 | |
|
1828 | 0 | switch (EVP_PKEY_base_id(pkey)) { |
1829 | 0 | #ifndef OPENSSL_NO_EC |
1830 | 0 | case EVP_PKEY_EC: |
1831 | 0 | val = EC_KEY_decoded_from_explicit_params(EVP_PKEY_get0_EC_KEY(pkey)); |
1832 | 0 | if (val < 0) { |
1833 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY); |
1834 | 0 | return 0; |
1835 | 0 | } |
1836 | 0 | break; |
1837 | 0 | #endif |
1838 | 0 | default: |
1839 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE); |
1840 | 0 | return 0; |
1841 | 0 | } |
1842 | | |
1843 | 0 | return get_payload_int(state, translation, ctx, val); |
1844 | 0 | } |
1845 | | |
1846 | | static int get_rsa_payload_n(enum state state, |
1847 | | const struct translation_st *translation, |
1848 | | struct translation_ctx_st *ctx) |
1849 | 0 | { |
1850 | 0 | const BIGNUM *bn = NULL; |
1851 | |
|
1852 | 0 | if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA |
1853 | 0 | && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) |
1854 | 0 | return 0; |
1855 | 0 | bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2)); |
1856 | |
|
1857 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1858 | 0 | } |
1859 | | |
1860 | | static int get_rsa_payload_e(enum state state, |
1861 | | const struct translation_st *translation, |
1862 | | struct translation_ctx_st *ctx) |
1863 | 0 | { |
1864 | 0 | const BIGNUM *bn = NULL; |
1865 | |
|
1866 | 0 | if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA |
1867 | 0 | && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) |
1868 | 0 | return 0; |
1869 | 0 | bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2)); |
1870 | |
|
1871 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1872 | 0 | } |
1873 | | |
1874 | | static int get_rsa_payload_d(enum state state, |
1875 | | const struct translation_st *translation, |
1876 | | struct translation_ctx_st *ctx) |
1877 | 0 | { |
1878 | 0 | const BIGNUM *bn = NULL; |
1879 | |
|
1880 | 0 | if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA |
1881 | 0 | && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) |
1882 | 0 | return 0; |
1883 | 0 | bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2)); |
1884 | |
|
1885 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1886 | 0 | } |
1887 | | |
1888 | | static int get_rsa_payload_factor(enum state state, |
1889 | | const struct translation_st *translation, |
1890 | | struct translation_ctx_st *ctx, |
1891 | | size_t factornum) |
1892 | 0 | { |
1893 | 0 | const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); |
1894 | 0 | const BIGNUM *bn = NULL; |
1895 | |
|
1896 | 0 | switch (factornum) { |
1897 | 0 | case 0: |
1898 | 0 | bn = RSA_get0_p(r); |
1899 | 0 | break; |
1900 | 0 | case 1: |
1901 | 0 | bn = RSA_get0_q(r); |
1902 | 0 | break; |
1903 | 0 | default: |
1904 | 0 | { |
1905 | 0 | size_t pnum = RSA_get_multi_prime_extra_count(r); |
1906 | 0 | const BIGNUM *factors[10]; |
1907 | |
|
1908 | 0 | if (factornum - 2 < pnum |
1909 | 0 | && RSA_get0_multi_prime_factors(r, factors)) |
1910 | 0 | bn = factors[factornum - 2]; |
1911 | 0 | } |
1912 | 0 | break; |
1913 | 0 | } |
1914 | | |
1915 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1916 | 0 | } |
1917 | | |
1918 | | static int get_rsa_payload_exponent(enum state state, |
1919 | | const struct translation_st *translation, |
1920 | | struct translation_ctx_st *ctx, |
1921 | | size_t exponentnum) |
1922 | 0 | { |
1923 | 0 | const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); |
1924 | 0 | const BIGNUM *bn = NULL; |
1925 | |
|
1926 | 0 | switch (exponentnum) { |
1927 | 0 | case 0: |
1928 | 0 | bn = RSA_get0_dmp1(r); |
1929 | 0 | break; |
1930 | 0 | case 1: |
1931 | 0 | bn = RSA_get0_dmq1(r); |
1932 | 0 | break; |
1933 | 0 | default: |
1934 | 0 | { |
1935 | 0 | size_t pnum = RSA_get_multi_prime_extra_count(r); |
1936 | 0 | const BIGNUM *exps[10], *coeffs[10]; |
1937 | |
|
1938 | 0 | if (exponentnum - 2 < pnum |
1939 | 0 | && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) |
1940 | 0 | bn = exps[exponentnum - 2]; |
1941 | 0 | } |
1942 | 0 | break; |
1943 | 0 | } |
1944 | | |
1945 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1946 | 0 | } |
1947 | | |
1948 | | static int get_rsa_payload_coefficient(enum state state, |
1949 | | const struct translation_st *translation, |
1950 | | struct translation_ctx_st *ctx, |
1951 | | size_t coefficientnum) |
1952 | 0 | { |
1953 | 0 | const RSA *r = EVP_PKEY_get0_RSA(ctx->p2); |
1954 | 0 | const BIGNUM *bn = NULL; |
1955 | |
|
1956 | 0 | switch (coefficientnum) { |
1957 | 0 | case 0: |
1958 | 0 | bn = RSA_get0_iqmp(r); |
1959 | 0 | break; |
1960 | 0 | default: |
1961 | 0 | { |
1962 | 0 | size_t pnum = RSA_get_multi_prime_extra_count(r); |
1963 | 0 | const BIGNUM *exps[10], *coeffs[10]; |
1964 | |
|
1965 | 0 | if (coefficientnum - 1 < pnum |
1966 | 0 | && RSA_get0_multi_prime_crt_params(r, exps, coeffs)) |
1967 | 0 | bn = coeffs[coefficientnum - 1]; |
1968 | 0 | } |
1969 | 0 | break; |
1970 | 0 | } |
1971 | | |
1972 | 0 | return get_payload_bn(state, translation, ctx, bn); |
1973 | 0 | } |
1974 | | |
1975 | | #define IMPL_GET_RSA_PAYLOAD_FACTOR(n) \ |
1976 | | static int \ |
1977 | | get_rsa_payload_f##n(enum state state, \ |
1978 | | const struct translation_st *translation, \ |
1979 | | struct translation_ctx_st *ctx) \ |
1980 | 0 | { \ |
1981 | 0 | if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ |
1982 | 0 | && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ |
1983 | 0 | return 0; \ |
1984 | 0 | return get_rsa_payload_factor(state, translation, ctx, n - 1); \ |
1985 | 0 | } Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f1 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f2 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f3 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f4 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f5 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f6 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f7 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f8 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f9 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_f10 |
1986 | | |
1987 | | #define IMPL_GET_RSA_PAYLOAD_EXPONENT(n) \ |
1988 | | static int \ |
1989 | | get_rsa_payload_e##n(enum state state, \ |
1990 | | const struct translation_st *translation, \ |
1991 | | struct translation_ctx_st *ctx) \ |
1992 | 0 | { \ |
1993 | 0 | if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ |
1994 | 0 | && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ |
1995 | 0 | return 0; \ |
1996 | 0 | return get_rsa_payload_exponent(state, translation, ctx, \ |
1997 | 0 | n - 1); \ |
1998 | 0 | } Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e1 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e2 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e3 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e4 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e5 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e6 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e7 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e8 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e9 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_e10 |
1999 | | |
2000 | | #define IMPL_GET_RSA_PAYLOAD_COEFFICIENT(n) \ |
2001 | | static int \ |
2002 | | get_rsa_payload_c##n(enum state state, \ |
2003 | | const struct translation_st *translation, \ |
2004 | | struct translation_ctx_st *ctx) \ |
2005 | 0 | { \ |
2006 | 0 | if (EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA \ |
2007 | 0 | && EVP_PKEY_get_base_id(ctx->p2) != EVP_PKEY_RSA_PSS) \ |
2008 | 0 | return 0; \ |
2009 | 0 | return get_rsa_payload_coefficient(state, translation, ctx, \ |
2010 | 0 | n - 1); \ |
2011 | 0 | } Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c1 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c2 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c3 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c4 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c5 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c6 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c7 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c8 Unexecuted instantiation: ctrl_params_translate.c:get_rsa_payload_c9 |
2012 | | |
2013 | | IMPL_GET_RSA_PAYLOAD_FACTOR(1) |
2014 | | IMPL_GET_RSA_PAYLOAD_FACTOR(2) |
2015 | | IMPL_GET_RSA_PAYLOAD_FACTOR(3) |
2016 | | IMPL_GET_RSA_PAYLOAD_FACTOR(4) |
2017 | | IMPL_GET_RSA_PAYLOAD_FACTOR(5) |
2018 | | IMPL_GET_RSA_PAYLOAD_FACTOR(6) |
2019 | | IMPL_GET_RSA_PAYLOAD_FACTOR(7) |
2020 | | IMPL_GET_RSA_PAYLOAD_FACTOR(8) |
2021 | | IMPL_GET_RSA_PAYLOAD_FACTOR(9) |
2022 | | IMPL_GET_RSA_PAYLOAD_FACTOR(10) |
2023 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(1) |
2024 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(2) |
2025 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(3) |
2026 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(4) |
2027 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(5) |
2028 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(6) |
2029 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(7) |
2030 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(8) |
2031 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(9) |
2032 | | IMPL_GET_RSA_PAYLOAD_EXPONENT(10) |
2033 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(1) |
2034 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(2) |
2035 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(3) |
2036 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(4) |
2037 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(5) |
2038 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(6) |
2039 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(7) |
2040 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(8) |
2041 | | IMPL_GET_RSA_PAYLOAD_COEFFICIENT(9) |
2042 | | |
2043 | | static int fix_group_ecx(enum state state, |
2044 | | const struct translation_st *translation, |
2045 | | struct translation_ctx_st *ctx) |
2046 | 0 | { |
2047 | 0 | const char *value = NULL; |
2048 | |
|
2049 | 0 | switch (state) { |
2050 | 0 | case PRE_PARAMS_TO_CTRL: |
2051 | 0 | if (!EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx)) |
2052 | 0 | return 0; |
2053 | 0 | ctx->action_type = OSSL_ACTION_NONE; |
2054 | 0 | return 1; |
2055 | 0 | case POST_PARAMS_TO_CTRL: |
2056 | 0 | if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 || |
2057 | 0 | OPENSSL_strcasecmp(ctx->pctx->keytype, value) != 0) { |
2058 | 0 | ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); |
2059 | 0 | ctx->p1 = 0; |
2060 | 0 | return 0; |
2061 | 0 | } |
2062 | 0 | ctx->p1 = 1; |
2063 | 0 | return 1; |
2064 | 0 | default: |
2065 | 0 | return 0; |
2066 | 0 | } |
2067 | 0 | } |
2068 | | |
2069 | | /*- |
2070 | | * The translation table itself |
2071 | | * ============================ |
2072 | | */ |
2073 | | |
2074 | | static const struct translation_st evp_pkey_ctx_translations[] = { |
2075 | | /* |
2076 | | * DistID: we pass it to the backend as an octet string, |
2077 | | * but get it back as a pointer to an octet string. |
2078 | | * |
2079 | | * Note that the EVP_PKEY_CTRL_GET1_ID_LEN is purely for legacy purposes |
2080 | | * that has no separate counterpart in OSSL_PARAM terms, since we get |
2081 | | * the length of the DistID automatically when getting the DistID itself. |
2082 | | */ |
2083 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, |
2084 | | EVP_PKEY_CTRL_SET1_ID, "distid", "hexdistid", |
2085 | | OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_STRING, NULL }, |
2086 | | { OSSL_ACTION_GET, -1, -1, -1, |
2087 | | EVP_PKEY_CTRL_GET1_ID, "distid", "hexdistid", |
2088 | | OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, NULL }, |
2089 | | { OSSL_ACTION_GET, -1, -1, -1, |
2090 | | EVP_PKEY_CTRL_GET1_ID_LEN, NULL, NULL, |
2091 | | OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, fix_distid_len }, |
2092 | | |
2093 | | /*- |
2094 | | * DH & DHX |
2095 | | * ======== |
2096 | | */ |
2097 | | |
2098 | | /* |
2099 | | * EVP_PKEY_CTRL_DH_KDF_TYPE is used both for setting and getting. The |
2100 | | * fixup function has to handle this... |
2101 | | */ |
2102 | | { OSSL_ACTION_NONE, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2103 | | EVP_PKEY_CTRL_DH_KDF_TYPE, NULL, NULL, |
2104 | | OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, |
2105 | | fix_dh_kdf_type }, |
2106 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2107 | | EVP_PKEY_CTRL_DH_KDF_MD, NULL, NULL, |
2108 | | OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2109 | | { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2110 | | EVP_PKEY_CTRL_GET_DH_KDF_MD, NULL, NULL, |
2111 | | OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2112 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2113 | | EVP_PKEY_CTRL_DH_KDF_OUTLEN, NULL, NULL, |
2114 | | OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2115 | | { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2116 | | EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, NULL, NULL, |
2117 | | OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2118 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2119 | | EVP_PKEY_CTRL_DH_KDF_UKM, NULL, NULL, |
2120 | | OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, |
2121 | | { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2122 | | EVP_PKEY_CTRL_GET_DH_KDF_UKM, NULL, NULL, |
2123 | | OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, |
2124 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2125 | | EVP_PKEY_CTRL_DH_KDF_OID, NULL, NULL, |
2126 | | OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, |
2127 | | { OSSL_ACTION_GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE, |
2128 | | EVP_PKEY_CTRL_GET_DH_KDF_OID, NULL, NULL, |
2129 | | OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid }, |
2130 | | |
2131 | | /* DHX Keygen Parameters that are shared with DH */ |
2132 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, |
2133 | | EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, |
2134 | | OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, |
2135 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, |
2136 | | EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, |
2137 | | OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2138 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2139 | | EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, |
2140 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, NULL }, |
2141 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2142 | | EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, |
2143 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, |
2144 | | |
2145 | | /* DH Keygen Parameters that are shared with DHX */ |
2146 | | { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, |
2147 | | EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL, |
2148 | | OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type }, |
2149 | | { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, |
2150 | | EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, "dh_paramgen_prime_len", NULL, |
2151 | | OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2152 | | { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2153 | | EVP_PKEY_CTRL_DH_NID, "dh_param", NULL, |
2154 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid }, |
2155 | | { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2156 | | EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL, |
2157 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid5114 }, |
2158 | | |
2159 | | /* DH specific Keygen Parameters */ |
2160 | | { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN, |
2161 | | EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, "dh_paramgen_generator", NULL, |
2162 | | OSSL_PKEY_PARAM_DH_GENERATOR, OSSL_PARAM_INTEGER, NULL }, |
2163 | | |
2164 | | /* DHX specific Keygen Parameters */ |
2165 | | { OSSL_ACTION_SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_PARAMGEN, |
2166 | | EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, "dh_paramgen_subprime_len", NULL, |
2167 | | OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2168 | | |
2169 | | { OSSL_ACTION_SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_DERIVE, |
2170 | | EVP_PKEY_CTRL_DH_PAD, "dh_pad", NULL, |
2171 | | OSSL_EXCHANGE_PARAM_PAD, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2172 | | |
2173 | | /*- |
2174 | | * DSA |
2175 | | * === |
2176 | | */ |
2177 | | { OSSL_ACTION_SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, |
2178 | | EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, "dsa_paramgen_bits", NULL, |
2179 | | OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2180 | | { OSSL_ACTION_SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, |
2181 | | EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, "dsa_paramgen_q_bits", NULL, |
2182 | | OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2183 | | { OSSL_ACTION_SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN, |
2184 | | EVP_PKEY_CTRL_DSA_PARAMGEN_MD, "dsa_paramgen_md", NULL, |
2185 | | OSSL_PKEY_PARAM_FFC_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2186 | | |
2187 | | /*- |
2188 | | * EC |
2189 | | * == |
2190 | | */ |
2191 | | { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2192 | | EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL, |
2193 | | OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc }, |
2194 | | { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2195 | | EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL, |
2196 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, |
2197 | | fix_ec_paramgen_curve_nid }, |
2198 | | /* |
2199 | | * EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used |
2200 | | * both for setting and getting. The fixup function has to handle this... |
2201 | | */ |
2202 | | { OSSL_ACTION_NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2203 | | EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL, |
2204 | | OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER, |
2205 | | fix_ecdh_cofactor }, |
2206 | | { OSSL_ACTION_NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2207 | | EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL, |
2208 | | OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type }, |
2209 | | { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2210 | | EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL, |
2211 | | OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2212 | | { OSSL_ACTION_GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2213 | | EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL, |
2214 | | OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2215 | | { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2216 | | EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL, |
2217 | | OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2218 | | { OSSL_ACTION_GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2219 | | EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL, |
2220 | | OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2221 | | { OSSL_ACTION_SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2222 | | EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL, |
2223 | | OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, |
2224 | | { OSSL_ACTION_GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE, |
2225 | | EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL, |
2226 | | OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, |
2227 | | |
2228 | | /*- |
2229 | | * SM2 |
2230 | | * == |
2231 | | */ |
2232 | | { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2233 | | EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL, |
2234 | | OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc }, |
2235 | | { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN, |
2236 | | EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL, |
2237 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, |
2238 | | fix_ec_paramgen_curve_nid }, |
2239 | | /* |
2240 | | * EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used |
2241 | | * both for setting and getting. The fixup function has to handle this... |
2242 | | */ |
2243 | | { OSSL_ACTION_NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2244 | | EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL, |
2245 | | OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER, |
2246 | | fix_ecdh_cofactor }, |
2247 | | { OSSL_ACTION_NONE, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2248 | | EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL, |
2249 | | OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type }, |
2250 | | { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2251 | | EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL, |
2252 | | OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2253 | | { OSSL_ACTION_GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2254 | | EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL, |
2255 | | OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2256 | | { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2257 | | EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL, |
2258 | | OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2259 | | { OSSL_ACTION_GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2260 | | EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL, |
2261 | | OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2262 | | { OSSL_ACTION_SET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2263 | | EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL, |
2264 | | OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL }, |
2265 | | { OSSL_ACTION_GET, EVP_PKEY_SM2, 0, EVP_PKEY_OP_DERIVE, |
2266 | | EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL, |
2267 | | OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL }, |
2268 | | /*- |
2269 | | * RSA |
2270 | | * === |
2271 | | */ |
2272 | | |
2273 | | /* |
2274 | | * RSA padding modes are numeric with ctrls, strings with ctrl_strs, |
2275 | | * and can be both with OSSL_PARAM. We standardise on strings here, |
2276 | | * fix_rsa_padding_mode() does the work when the caller has a different |
2277 | | * idea. |
2278 | | */ |
2279 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, |
2280 | | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, |
2281 | | EVP_PKEY_CTRL_RSA_PADDING, "rsa_padding_mode", NULL, |
2282 | | OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, |
2283 | | { OSSL_ACTION_GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, |
2284 | | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, |
2285 | | EVP_PKEY_CTRL_GET_RSA_PADDING, NULL, NULL, |
2286 | | OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode }, |
2287 | | |
2288 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, |
2289 | | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, |
2290 | | EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_mgf1_md", NULL, |
2291 | | OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2292 | | { OSSL_ACTION_GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, |
2293 | | EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG, |
2294 | | EVP_PKEY_CTRL_GET_RSA_MGF1_MD, NULL, NULL, |
2295 | | OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2296 | | |
2297 | | /* |
2298 | | * RSA-PSS saltlen is essentially numeric, but certain values can be |
2299 | | * expressed as keywords (strings) with ctrl_str. The corresponding |
2300 | | * OSSL_PARAM allows both forms. |
2301 | | * fix_rsa_pss_saltlen() takes care of the distinction. |
2302 | | */ |
2303 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG, |
2304 | | EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_saltlen", NULL, |
2305 | | OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, |
2306 | | fix_rsa_pss_saltlen }, |
2307 | | { OSSL_ACTION_GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG, |
2308 | | EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, NULL, NULL, |
2309 | | OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING, |
2310 | | fix_rsa_pss_saltlen }, |
2311 | | |
2312 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, |
2313 | | EVP_PKEY_CTRL_RSA_OAEP_MD, "rsa_oaep_md", NULL, |
2314 | | OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2315 | | { OSSL_ACTION_GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, |
2316 | | EVP_PKEY_CTRL_GET_RSA_OAEP_MD, NULL, NULL, |
2317 | | OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2318 | | /* |
2319 | | * The "rsa_oaep_label" ctrl_str expects the value to always be hex. |
2320 | | * This is accommodated by default_fixup_args() above, which mimics that |
2321 | | * expectation for any translation item where |ctrl_str| is NULL and |
2322 | | * |ctrl_hexstr| is non-NULL. |
2323 | | */ |
2324 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, |
2325 | | EVP_PKEY_CTRL_RSA_OAEP_LABEL, NULL, "rsa_oaep_label", |
2326 | | OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL }, |
2327 | | { OSSL_ACTION_GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, |
2328 | | EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL, |
2329 | | OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_PTR, NULL }, |
2330 | | |
2331 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT, |
2332 | | EVP_PKEY_CTRL_RSA_IMPLICIT_REJECTION, NULL, |
2333 | | "rsa_pkcs1_implicit_rejection", |
2334 | | OSSL_ASYM_CIPHER_PARAM_IMPLICIT_REJECTION, OSSL_PARAM_UNSIGNED_INTEGER, |
2335 | | NULL }, |
2336 | | |
2337 | | { OSSL_ACTION_SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, |
2338 | | EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL, |
2339 | | OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2340 | | { OSSL_ACTION_SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, |
2341 | | EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_pss_keygen_mgf1_md", NULL, |
2342 | | OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2343 | | { OSSL_ACTION_SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN, |
2344 | | EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_keygen_saltlen", NULL, |
2345 | | OSSL_SIGNATURE_PARAM_PSS_SALTLEN, OSSL_PARAM_INTEGER, NULL }, |
2346 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, |
2347 | | EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL, |
2348 | | OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2349 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, |
2350 | | EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL, |
2351 | | OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2352 | | { OSSL_ACTION_SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN, |
2353 | | EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL, |
2354 | | OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2355 | | |
2356 | | /*- |
2357 | | * SipHash |
2358 | | * ====== |
2359 | | */ |
2360 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, |
2361 | | EVP_PKEY_CTRL_SET_DIGEST_SIZE, "digestsize", NULL, |
2362 | | OSSL_MAC_PARAM_SIZE, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2363 | | |
2364 | | /*- |
2365 | | * TLS1-PRF |
2366 | | * ======== |
2367 | | */ |
2368 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2369 | | EVP_PKEY_CTRL_TLS_MD, "md", NULL, |
2370 | | OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2371 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2372 | | EVP_PKEY_CTRL_TLS_SECRET, "secret", "hexsecret", |
2373 | | OSSL_KDF_PARAM_SECRET, OSSL_PARAM_OCTET_STRING, NULL }, |
2374 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2375 | | EVP_PKEY_CTRL_TLS_SEED, "seed", "hexseed", |
2376 | | OSSL_KDF_PARAM_SEED, OSSL_PARAM_OCTET_STRING, NULL }, |
2377 | | |
2378 | | /*- |
2379 | | * HKDF |
2380 | | * ==== |
2381 | | */ |
2382 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2383 | | EVP_PKEY_CTRL_HKDF_MD, "md", NULL, |
2384 | | OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2385 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2386 | | EVP_PKEY_CTRL_HKDF_SALT, "salt", "hexsalt", |
2387 | | OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, |
2388 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2389 | | EVP_PKEY_CTRL_HKDF_KEY, "key", "hexkey", |
2390 | | OSSL_KDF_PARAM_KEY, OSSL_PARAM_OCTET_STRING, NULL }, |
2391 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2392 | | EVP_PKEY_CTRL_HKDF_INFO, "info", "hexinfo", |
2393 | | OSSL_KDF_PARAM_INFO, OSSL_PARAM_OCTET_STRING, NULL }, |
2394 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2395 | | EVP_PKEY_CTRL_HKDF_MODE, "mode", NULL, |
2396 | | OSSL_KDF_PARAM_MODE, OSSL_PARAM_INTEGER, fix_hkdf_mode }, |
2397 | | |
2398 | | /*- |
2399 | | * Scrypt |
2400 | | * ====== |
2401 | | */ |
2402 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2403 | | EVP_PKEY_CTRL_PASS, "pass", "hexpass", |
2404 | | OSSL_KDF_PARAM_PASSWORD, OSSL_PARAM_OCTET_STRING, NULL }, |
2405 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2406 | | EVP_PKEY_CTRL_SCRYPT_SALT, "salt", "hexsalt", |
2407 | | OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL }, |
2408 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2409 | | EVP_PKEY_CTRL_SCRYPT_N, "N", NULL, |
2410 | | OSSL_KDF_PARAM_SCRYPT_N, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2411 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2412 | | EVP_PKEY_CTRL_SCRYPT_R, "r", NULL, |
2413 | | OSSL_KDF_PARAM_SCRYPT_R, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2414 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2415 | | EVP_PKEY_CTRL_SCRYPT_P, "p", NULL, |
2416 | | OSSL_KDF_PARAM_SCRYPT_P, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2417 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_DERIVE, |
2418 | | EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, "maxmem_bytes", NULL, |
2419 | | OSSL_KDF_PARAM_SCRYPT_MAXMEM, OSSL_PARAM_UNSIGNED_INTEGER, NULL }, |
2420 | | |
2421 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_KEYGEN | EVP_PKEY_OP_TYPE_CRYPT, |
2422 | | EVP_PKEY_CTRL_CIPHER, NULL, NULL, |
2423 | | OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher }, |
2424 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_KEYGEN, |
2425 | | EVP_PKEY_CTRL_SET_MAC_KEY, "key", "hexkey", |
2426 | | OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL }, |
2427 | | |
2428 | | { OSSL_ACTION_SET, -1, -1, EVP_PKEY_OP_TYPE_SIG, |
2429 | | EVP_PKEY_CTRL_MD, NULL, NULL, |
2430 | | OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2431 | | { OSSL_ACTION_GET, -1, -1, EVP_PKEY_OP_TYPE_SIG, |
2432 | | EVP_PKEY_CTRL_GET_MD, NULL, NULL, |
2433 | | OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md }, |
2434 | | |
2435 | | /*- |
2436 | | * ECX |
2437 | | * === |
2438 | | */ |
2439 | | { OSSL_ACTION_SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, |
2440 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, |
2441 | | { OSSL_ACTION_SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL, |
2442 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, |
2443 | | { OSSL_ACTION_SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL, |
2444 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, |
2445 | | { OSSL_ACTION_SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_PARAMGEN, -1, NULL, NULL, |
2446 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx }, |
2447 | | }; |
2448 | | |
2449 | | static const struct translation_st evp_pkey_translations[] = { |
2450 | | /* |
2451 | | * The following contain no ctrls, they are exclusively here to extract |
2452 | | * key payloads from legacy keys, using OSSL_PARAMs, and rely entirely |
2453 | | * on |fixup_args| to pass the actual data. The |fixup_args| should |
2454 | | * expect to get the EVP_PKEY pointer through |ctx->p2|. |
2455 | | */ |
2456 | | |
2457 | | /* DH, DSA & EC */ |
2458 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2459 | | OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, |
2460 | | get_payload_group_name }, |
2461 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2462 | | OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_UNSIGNED_INTEGER, |
2463 | | get_payload_private_key }, |
2464 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2465 | | OSSL_PKEY_PARAM_PUB_KEY, |
2466 | | 0 /* no data type, let get_payload_public_key() handle that */, |
2467 | | get_payload_public_key }, |
2468 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2469 | | OSSL_PKEY_PARAM_EC_PUB_X, OSSL_PARAM_UNSIGNED_INTEGER, |
2470 | | get_payload_public_key_ec }, |
2471 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2472 | | OSSL_PKEY_PARAM_EC_PUB_Y, OSSL_PARAM_UNSIGNED_INTEGER, |
2473 | | get_payload_public_key_ec }, |
2474 | | |
2475 | | /* DH and DSA */ |
2476 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2477 | | OSSL_PKEY_PARAM_FFC_P, OSSL_PARAM_UNSIGNED_INTEGER, |
2478 | | get_dh_dsa_payload_p }, |
2479 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2480 | | OSSL_PKEY_PARAM_FFC_G, OSSL_PARAM_UNSIGNED_INTEGER, |
2481 | | get_dh_dsa_payload_g }, |
2482 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2483 | | OSSL_PKEY_PARAM_FFC_Q, OSSL_PARAM_UNSIGNED_INTEGER, |
2484 | | get_dh_dsa_payload_q }, |
2485 | | |
2486 | | /* RSA */ |
2487 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2488 | | OSSL_PKEY_PARAM_RSA_N, OSSL_PARAM_UNSIGNED_INTEGER, |
2489 | | get_rsa_payload_n }, |
2490 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2491 | | OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, |
2492 | | get_rsa_payload_e }, |
2493 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2494 | | OSSL_PKEY_PARAM_RSA_D, OSSL_PARAM_UNSIGNED_INTEGER, |
2495 | | get_rsa_payload_d }, |
2496 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2497 | | OSSL_PKEY_PARAM_RSA_FACTOR1, OSSL_PARAM_UNSIGNED_INTEGER, |
2498 | | get_rsa_payload_f1 }, |
2499 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2500 | | OSSL_PKEY_PARAM_RSA_FACTOR2, OSSL_PARAM_UNSIGNED_INTEGER, |
2501 | | get_rsa_payload_f2 }, |
2502 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2503 | | OSSL_PKEY_PARAM_RSA_FACTOR3, OSSL_PARAM_UNSIGNED_INTEGER, |
2504 | | get_rsa_payload_f3 }, |
2505 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2506 | | OSSL_PKEY_PARAM_RSA_FACTOR4, OSSL_PARAM_UNSIGNED_INTEGER, |
2507 | | get_rsa_payload_f4 }, |
2508 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2509 | | OSSL_PKEY_PARAM_RSA_FACTOR5, OSSL_PARAM_UNSIGNED_INTEGER, |
2510 | | get_rsa_payload_f5 }, |
2511 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2512 | | OSSL_PKEY_PARAM_RSA_FACTOR6, OSSL_PARAM_UNSIGNED_INTEGER, |
2513 | | get_rsa_payload_f6 }, |
2514 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2515 | | OSSL_PKEY_PARAM_RSA_FACTOR7, OSSL_PARAM_UNSIGNED_INTEGER, |
2516 | | get_rsa_payload_f7 }, |
2517 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2518 | | OSSL_PKEY_PARAM_RSA_FACTOR8, OSSL_PARAM_UNSIGNED_INTEGER, |
2519 | | get_rsa_payload_f8 }, |
2520 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2521 | | OSSL_PKEY_PARAM_RSA_FACTOR9, OSSL_PARAM_UNSIGNED_INTEGER, |
2522 | | get_rsa_payload_f9 }, |
2523 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2524 | | OSSL_PKEY_PARAM_RSA_FACTOR10, OSSL_PARAM_UNSIGNED_INTEGER, |
2525 | | get_rsa_payload_f10 }, |
2526 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2527 | | OSSL_PKEY_PARAM_RSA_EXPONENT1, OSSL_PARAM_UNSIGNED_INTEGER, |
2528 | | get_rsa_payload_e1 }, |
2529 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2530 | | OSSL_PKEY_PARAM_RSA_EXPONENT2, OSSL_PARAM_UNSIGNED_INTEGER, |
2531 | | get_rsa_payload_e2 }, |
2532 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2533 | | OSSL_PKEY_PARAM_RSA_EXPONENT3, OSSL_PARAM_UNSIGNED_INTEGER, |
2534 | | get_rsa_payload_e3 }, |
2535 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2536 | | OSSL_PKEY_PARAM_RSA_EXPONENT4, OSSL_PARAM_UNSIGNED_INTEGER, |
2537 | | get_rsa_payload_e4 }, |
2538 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2539 | | OSSL_PKEY_PARAM_RSA_EXPONENT5, OSSL_PARAM_UNSIGNED_INTEGER, |
2540 | | get_rsa_payload_e5 }, |
2541 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2542 | | OSSL_PKEY_PARAM_RSA_EXPONENT6, OSSL_PARAM_UNSIGNED_INTEGER, |
2543 | | get_rsa_payload_e6 }, |
2544 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2545 | | OSSL_PKEY_PARAM_RSA_EXPONENT7, OSSL_PARAM_UNSIGNED_INTEGER, |
2546 | | get_rsa_payload_e7 }, |
2547 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2548 | | OSSL_PKEY_PARAM_RSA_EXPONENT8, OSSL_PARAM_UNSIGNED_INTEGER, |
2549 | | get_rsa_payload_e8 }, |
2550 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2551 | | OSSL_PKEY_PARAM_RSA_EXPONENT9, OSSL_PARAM_UNSIGNED_INTEGER, |
2552 | | get_rsa_payload_e9 }, |
2553 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2554 | | OSSL_PKEY_PARAM_RSA_EXPONENT10, OSSL_PARAM_UNSIGNED_INTEGER, |
2555 | | get_rsa_payload_e10 }, |
2556 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2557 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PARAM_UNSIGNED_INTEGER, |
2558 | | get_rsa_payload_c1 }, |
2559 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2560 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT2, OSSL_PARAM_UNSIGNED_INTEGER, |
2561 | | get_rsa_payload_c2 }, |
2562 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2563 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT3, OSSL_PARAM_UNSIGNED_INTEGER, |
2564 | | get_rsa_payload_c3 }, |
2565 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2566 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT4, OSSL_PARAM_UNSIGNED_INTEGER, |
2567 | | get_rsa_payload_c4 }, |
2568 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2569 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT5, OSSL_PARAM_UNSIGNED_INTEGER, |
2570 | | get_rsa_payload_c5 }, |
2571 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2572 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT6, OSSL_PARAM_UNSIGNED_INTEGER, |
2573 | | get_rsa_payload_c6 }, |
2574 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2575 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT7, OSSL_PARAM_UNSIGNED_INTEGER, |
2576 | | get_rsa_payload_c7 }, |
2577 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2578 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT8, OSSL_PARAM_UNSIGNED_INTEGER, |
2579 | | get_rsa_payload_c8 }, |
2580 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2581 | | OSSL_PKEY_PARAM_RSA_COEFFICIENT9, OSSL_PARAM_UNSIGNED_INTEGER, |
2582 | | get_rsa_payload_c9 }, |
2583 | | |
2584 | | /* EC */ |
2585 | | { OSSL_ACTION_GET, -1, -1, -1, 0, NULL, NULL, |
2586 | | OSSL_PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS, OSSL_PARAM_INTEGER, |
2587 | | get_ec_decoded_from_explicit_params }, |
2588 | | }; |
2589 | | |
2590 | | static const struct translation_st * |
2591 | | lookup_translation(struct translation_st *tmpl, |
2592 | | const struct translation_st *translations, |
2593 | | size_t translations_num) |
2594 | 0 | { |
2595 | 0 | size_t i; |
2596 | |
|
2597 | 0 | for (i = 0; i < translations_num; i++) { |
2598 | 0 | const struct translation_st *item = &translations[i]; |
2599 | | |
2600 | | /* |
2601 | | * Sanity check the translation table item. |
2602 | | * |
2603 | | * 1. Either both keytypes are -1, or neither of them are. |
2604 | | * 2. TBA... |
2605 | | */ |
2606 | 0 | if (!ossl_assert((item->keytype1 == -1) == (item->keytype2 == -1))) |
2607 | 0 | continue; |
2608 | | |
2609 | | |
2610 | | /* |
2611 | | * Base search criteria: check that the optype and keytypes match, |
2612 | | * if relevant. All callers must synthesise these bits somehow. |
2613 | | */ |
2614 | 0 | if (item->optype != -1 && (tmpl->optype & item->optype) == 0) |
2615 | 0 | continue; |
2616 | | /* |
2617 | | * This expression is stunningly simple thanks to the sanity check |
2618 | | * above. |
2619 | | */ |
2620 | 0 | if (item->keytype1 != -1 |
2621 | 0 | && tmpl->keytype1 != item->keytype1 |
2622 | 0 | && tmpl->keytype2 != item->keytype2) |
2623 | 0 | continue; |
2624 | | |
2625 | | /* |
2626 | | * Done with the base search criteria, now we check the criteria for |
2627 | | * the individual types of translations: |
2628 | | * ctrl->params, ctrl_str->params, and params->ctrl |
2629 | | */ |
2630 | 0 | if (tmpl->ctrl_num != 0) { |
2631 | 0 | if (tmpl->ctrl_num != item->ctrl_num) |
2632 | 0 | continue; |
2633 | 0 | } else if (tmpl->ctrl_str != NULL) { |
2634 | 0 | const char *ctrl_str = NULL; |
2635 | 0 | const char *ctrl_hexstr = NULL; |
2636 | | |
2637 | | /* |
2638 | | * Search criteria that originates from a ctrl_str is only used |
2639 | | * for setting, never for getting. Therefore, we only look at |
2640 | | * the setter items. |
2641 | | */ |
2642 | 0 | if (item->action_type != OSSL_ACTION_NONE |
2643 | 0 | && item->action_type != OSSL_ACTION_SET) |
2644 | 0 | continue; |
2645 | | /* |
2646 | | * At least one of the ctrl cmd names must be match the ctrl |
2647 | | * cmd name in the template. |
2648 | | */ |
2649 | 0 | if (item->ctrl_str != NULL |
2650 | 0 | && OPENSSL_strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0) |
2651 | 0 | ctrl_str = tmpl->ctrl_str; |
2652 | 0 | else if (item->ctrl_hexstr != NULL |
2653 | 0 | && OPENSSL_strcasecmp(tmpl->ctrl_hexstr, |
2654 | 0 | item->ctrl_hexstr) == 0) |
2655 | 0 | ctrl_hexstr = tmpl->ctrl_hexstr; |
2656 | 0 | else |
2657 | 0 | continue; |
2658 | | |
2659 | | /* Modify the template to signal which string matched */ |
2660 | 0 | tmpl->ctrl_str = ctrl_str; |
2661 | 0 | tmpl->ctrl_hexstr = ctrl_hexstr; |
2662 | 0 | } else if (tmpl->param_key != NULL) { |
2663 | | /* |
2664 | | * Search criteria that originates from an OSSL_PARAM setter or |
2665 | | * getter. |
2666 | | * |
2667 | | * Ctrls were fundamentally bidirectional, with only the ctrl |
2668 | | * command macro name implying direction (if you're lucky). |
2669 | | * A few ctrl commands were even taking advantage of the |
2670 | | * bidirectional nature, making the direction depend in the |
2671 | | * value of the numeric argument. |
2672 | | * |
2673 | | * OSSL_PARAM functions are fundamentally different, in that |
2674 | | * setters and getters are separated, so the data direction is |
2675 | | * implied by the function that's used. The same OSSL_PARAM |
2676 | | * key name can therefore be used in both directions. We must |
2677 | | * therefore take the action type into account in this case. |
2678 | | */ |
2679 | 0 | if ((item->action_type != OSSL_ACTION_NONE |
2680 | 0 | && tmpl->action_type != item->action_type) |
2681 | 0 | || (item->param_key != NULL |
2682 | 0 | && OPENSSL_strcasecmp(tmpl->param_key, |
2683 | 0 | item->param_key) != 0)) |
2684 | 0 | continue; |
2685 | 0 | } else { |
2686 | 0 | return NULL; |
2687 | 0 | } |
2688 | | |
2689 | 0 | return item; |
2690 | 0 | } |
2691 | | |
2692 | 0 | return NULL; |
2693 | 0 | } |
2694 | | |
2695 | | static const struct translation_st * |
2696 | | lookup_evp_pkey_ctx_translation(struct translation_st *tmpl) |
2697 | 0 | { |
2698 | 0 | return lookup_translation(tmpl, evp_pkey_ctx_translations, |
2699 | 0 | OSSL_NELEM(evp_pkey_ctx_translations)); |
2700 | 0 | } |
2701 | | |
2702 | | static const struct translation_st * |
2703 | | lookup_evp_pkey_translation(struct translation_st *tmpl) |
2704 | 0 | { |
2705 | 0 | return lookup_translation(tmpl, evp_pkey_translations, |
2706 | 0 | OSSL_NELEM(evp_pkey_translations)); |
2707 | 0 | } |
2708 | | |
2709 | | /* This must ONLY be called for provider side operations */ |
2710 | | int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *pctx, |
2711 | | int keytype, int optype, |
2712 | | int cmd, int p1, void *p2) |
2713 | 0 | { |
2714 | 0 | struct translation_ctx_st ctx = { 0, }; |
2715 | 0 | struct translation_st tmpl = { 0, }; |
2716 | 0 | const struct translation_st *translation = NULL; |
2717 | 0 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
2718 | 0 | int ret; |
2719 | 0 | fixup_args_fn *fixup = default_fixup_args; |
2720 | |
|
2721 | 0 | if (keytype == -1) |
2722 | 0 | keytype = pctx->legacy_keytype; |
2723 | 0 | tmpl.ctrl_num = cmd; |
2724 | 0 | tmpl.keytype1 = tmpl.keytype2 = keytype; |
2725 | 0 | tmpl.optype = optype; |
2726 | 0 | translation = lookup_evp_pkey_ctx_translation(&tmpl); |
2727 | |
|
2728 | 0 | if (translation == NULL) { |
2729 | 0 | ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED); |
2730 | 0 | return -2; |
2731 | 0 | } |
2732 | | |
2733 | 0 | if (pctx->pmeth != NULL |
2734 | 0 | && pctx->pmeth->pkey_id != translation->keytype1 |
2735 | 0 | && pctx->pmeth->pkey_id != translation->keytype2) |
2736 | 0 | return -1; |
2737 | | |
2738 | 0 | if (translation->fixup_args != NULL) |
2739 | 0 | fixup = translation->fixup_args; |
2740 | 0 | ctx.action_type = translation->action_type; |
2741 | 0 | ctx.ctrl_cmd = cmd; |
2742 | 0 | ctx.p1 = p1; |
2743 | 0 | ctx.p2 = p2; |
2744 | 0 | ctx.pctx = pctx; |
2745 | 0 | ctx.params = params; |
2746 | |
|
2747 | 0 | ret = fixup(PRE_CTRL_TO_PARAMS, translation, &ctx); |
2748 | |
|
2749 | 0 | if (ret > 0) { |
2750 | 0 | switch (ctx.action_type) { |
2751 | 0 | default: |
2752 | | /* fixup_args is expected to make sure this is dead code */ |
2753 | 0 | break; |
2754 | 0 | case OSSL_ACTION_GET: |
2755 | 0 | ret = evp_pkey_ctx_get_params_strict(pctx, ctx.params); |
2756 | 0 | break; |
2757 | 0 | case OSSL_ACTION_SET: |
2758 | 0 | ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params); |
2759 | 0 | break; |
2760 | 0 | } |
2761 | 0 | } |
2762 | | |
2763 | | /* |
2764 | | * In POST, we pass the return value as p1, allowing the fixup_args |
2765 | | * function to affect it by changing its value. |
2766 | | */ |
2767 | 0 | if (ret > 0) { |
2768 | 0 | ctx.p1 = ret; |
2769 | 0 | fixup(POST_CTRL_TO_PARAMS, translation, &ctx); |
2770 | 0 | ret = ctx.p1; |
2771 | 0 | } |
2772 | |
|
2773 | 0 | cleanup_translation_ctx(POST_CTRL_TO_PARAMS, translation, &ctx); |
2774 | |
|
2775 | 0 | return ret; |
2776 | 0 | } |
2777 | | |
2778 | | /* This must ONLY be called for provider side operations */ |
2779 | | int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *pctx, |
2780 | | const char *name, const char *value) |
2781 | 0 | { |
2782 | 0 | struct translation_ctx_st ctx = { 0, }; |
2783 | 0 | struct translation_st tmpl = { 0, }; |
2784 | 0 | const struct translation_st *translation = NULL; |
2785 | 0 | OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; |
2786 | 0 | int keytype = pctx->legacy_keytype; |
2787 | 0 | int optype = pctx->operation == 0 ? -1 : pctx->operation; |
2788 | 0 | int ret; |
2789 | 0 | fixup_args_fn *fixup = default_fixup_args; |
2790 | |
|
2791 | 0 | tmpl.action_type = OSSL_ACTION_SET; |
2792 | 0 | tmpl.keytype1 = tmpl.keytype2 = keytype; |
2793 | 0 | tmpl.optype = optype; |
2794 | 0 | tmpl.ctrl_str = name; |
2795 | 0 | tmpl.ctrl_hexstr = name; |
2796 | 0 | translation = lookup_evp_pkey_ctx_translation(&tmpl); |
2797 | |
|
2798 | 0 | if (translation != NULL) { |
2799 | 0 | if (translation->fixup_args != NULL) |
2800 | 0 | fixup = translation->fixup_args; |
2801 | 0 | ctx.action_type = translation->action_type; |
2802 | 0 | ctx.ishex = (tmpl.ctrl_hexstr != NULL); |
2803 | 0 | } else { |
2804 | | /* String controls really only support setting */ |
2805 | 0 | ctx.action_type = OSSL_ACTION_SET; |
2806 | 0 | } |
2807 | 0 | ctx.ctrl_str = name; |
2808 | 0 | ctx.p1 = (int)strlen(value); |
2809 | 0 | ctx.p2 = (char *)value; |
2810 | 0 | ctx.pctx = pctx; |
2811 | 0 | ctx.params = params; |
2812 | |
|
2813 | 0 | ret = fixup(PRE_CTRL_STR_TO_PARAMS, translation, &ctx); |
2814 | |
|
2815 | 0 | if (ret > 0) { |
2816 | 0 | switch (ctx.action_type) { |
2817 | 0 | default: |
2818 | | /* fixup_args is expected to make sure this is dead code */ |
2819 | 0 | break; |
2820 | 0 | case OSSL_ACTION_GET: |
2821 | | /* |
2822 | | * this is dead code, but must be present, or some compilers |
2823 | | * will complain |
2824 | | */ |
2825 | 0 | break; |
2826 | 0 | case OSSL_ACTION_SET: |
2827 | 0 | ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params); |
2828 | 0 | break; |
2829 | 0 | } |
2830 | 0 | } |
2831 | | |
2832 | 0 | if (ret > 0) |
2833 | 0 | ret = fixup(POST_CTRL_STR_TO_PARAMS, translation, &ctx); |
2834 | |
|
2835 | 0 | cleanup_translation_ctx(CLEANUP_CTRL_STR_TO_PARAMS, translation, &ctx); |
2836 | |
|
2837 | 0 | return ret; |
2838 | 0 | } |
2839 | | |
2840 | | /* This must ONLY be called for legacy operations */ |
2841 | | static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx, |
2842 | | enum action action_type, |
2843 | | OSSL_PARAM *params) |
2844 | 0 | { |
2845 | 0 | int keytype = pctx->legacy_keytype; |
2846 | 0 | int optype = pctx->operation == 0 ? -1 : pctx->operation; |
2847 | |
|
2848 | 0 | for (; params != NULL && params->key != NULL; params++) { |
2849 | 0 | struct translation_ctx_st ctx = { 0, }; |
2850 | 0 | struct translation_st tmpl = { 0, }; |
2851 | 0 | const struct translation_st *translation = NULL; |
2852 | 0 | fixup_args_fn *fixup = default_fixup_args; |
2853 | 0 | int ret; |
2854 | |
|
2855 | 0 | ctx.action_type = tmpl.action_type = action_type; |
2856 | 0 | tmpl.keytype1 = tmpl.keytype2 = keytype; |
2857 | 0 | tmpl.optype = optype; |
2858 | 0 | tmpl.param_key = params->key; |
2859 | 0 | translation = lookup_evp_pkey_ctx_translation(&tmpl); |
2860 | |
|
2861 | 0 | if (translation != NULL) { |
2862 | 0 | if (translation->fixup_args != NULL) |
2863 | 0 | fixup = translation->fixup_args; |
2864 | 0 | ctx.ctrl_cmd = translation->ctrl_num; |
2865 | 0 | } |
2866 | 0 | ctx.pctx = pctx; |
2867 | 0 | ctx.params = params; |
2868 | |
|
2869 | 0 | ret = fixup(PRE_PARAMS_TO_CTRL, translation, &ctx); |
2870 | |
|
2871 | 0 | if (ret > 0 && ctx.action_type != OSSL_ACTION_NONE) |
2872 | 0 | ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype, |
2873 | 0 | ctx.ctrl_cmd, ctx.p1, ctx.p2); |
2874 | | |
2875 | | /* |
2876 | | * In POST, we pass the return value as p1, allowing the fixup_args |
2877 | | * function to put it to good use, or maybe affect it. |
2878 | | * |
2879 | | * NOTE: even though EVP_PKEY_CTX_ctrl return value is documented |
2880 | | * as return positive on Success and 0 or negative on falure. There |
2881 | | * maybe parameters (e.g. ecdh_cofactor), which actually return 0 |
2882 | | * as success value. That is why we do POST_PARAMS_TO_CTRL for 0 |
2883 | | * value as well |
2884 | | */ |
2885 | 0 | if (ret >= 0) { |
2886 | 0 | ctx.p1 = ret; |
2887 | 0 | fixup(POST_PARAMS_TO_CTRL, translation, &ctx); |
2888 | 0 | ret = ctx.p1; |
2889 | 0 | } |
2890 | |
|
2891 | 0 | cleanup_translation_ctx(CLEANUP_PARAMS_TO_CTRL, translation, &ctx); |
2892 | |
|
2893 | 0 | if (ret <= 0) |
2894 | 0 | return 0; |
2895 | 0 | } |
2896 | 0 | return 1; |
2897 | 0 | } |
2898 | | |
2899 | | int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params) |
2900 | 0 | { |
2901 | 0 | if (ctx->keymgmt != NULL) |
2902 | 0 | return 0; |
2903 | 0 | return evp_pkey_ctx_setget_params_to_ctrl(ctx, OSSL_ACTION_SET, (OSSL_PARAM *)params); |
2904 | 0 | } |
2905 | | |
2906 | | int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params) |
2907 | 0 | { |
2908 | 0 | if (ctx->keymgmt != NULL) |
2909 | 0 | return 0; |
2910 | 0 | return evp_pkey_ctx_setget_params_to_ctrl(ctx, OSSL_ACTION_GET, params); |
2911 | 0 | } |
2912 | | |
2913 | | /* This must ONLY be called for legacy EVP_PKEYs */ |
2914 | | static int evp_pkey_setget_params_to_ctrl(const EVP_PKEY *pkey, |
2915 | | enum action action_type, |
2916 | | OSSL_PARAM *params) |
2917 | 0 | { |
2918 | 0 | int ret = 1; |
2919 | |
|
2920 | 0 | for (; params != NULL && params->key != NULL; params++) { |
2921 | 0 | struct translation_ctx_st ctx = { 0, }; |
2922 | 0 | struct translation_st tmpl = { 0, }; |
2923 | 0 | const struct translation_st *translation = NULL; |
2924 | 0 | fixup_args_fn *fixup = default_fixup_args; |
2925 | |
|
2926 | 0 | tmpl.action_type = action_type; |
2927 | 0 | tmpl.param_key = params->key; |
2928 | 0 | translation = lookup_evp_pkey_translation(&tmpl); |
2929 | |
|
2930 | 0 | if (translation != NULL) { |
2931 | 0 | if (translation->fixup_args != NULL) |
2932 | 0 | fixup = translation->fixup_args; |
2933 | 0 | ctx.action_type = translation->action_type; |
2934 | 0 | } |
2935 | 0 | ctx.p2 = (void *)pkey; |
2936 | 0 | ctx.params = params; |
2937 | | |
2938 | | /* |
2939 | | * EVP_PKEY doesn't have any ctrl function, so we rely completely |
2940 | | * on fixup_args to do the whole work. Also, we currently only |
2941 | | * support getting. |
2942 | | */ |
2943 | 0 | if (!ossl_assert(translation != NULL) |
2944 | 0 | || !ossl_assert(translation->action_type == OSSL_ACTION_GET) |
2945 | 0 | || !ossl_assert(translation->fixup_args != NULL)) { |
2946 | 0 | return -2; |
2947 | 0 | } |
2948 | | |
2949 | 0 | ret = fixup(PKEY, translation, &ctx); |
2950 | |
|
2951 | 0 | cleanup_translation_ctx(PKEY, translation, &ctx); |
2952 | 0 | } |
2953 | 0 | return ret; |
2954 | 0 | } |
2955 | | |
2956 | | int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params) |
2957 | 0 | { |
2958 | 0 | return evp_pkey_setget_params_to_ctrl(pkey, OSSL_ACTION_GET, params); |
2959 | 0 | } |