2 * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Some ctrls depend on deprecated functionality. We trust that this is
12 * functionality that remains internally even when 'no-deprecated' is
13 * configured. When we drop #legacy EVP_PKEYs, this source should be
14 * possible to drop as well.
16 #include "internal/deprecated.h"
20 /* The following includes get us all the EVP_PKEY_CTRL macros */
21 #include <openssl/dh.h>
22 #include <openssl/dsa.h>
23 #include <openssl/ec.h>
24 #include <openssl/rsa.h>
25 #include <openssl/kdf.h>
27 /* This include gets us all the OSSL_PARAM key string macros */
28 #include <openssl/core_names.h>
30 #include <openssl/err.h>
31 #include <openssl/evperr.h>
32 #include <openssl/params.h>
33 #include "internal/nelem.h"
34 #include "internal/cryptlib.h"
35 #include "internal/ffc.h"
36 #include "crypto/evp.h"
37 #include "crypto/dh.h"
38 #include "crypto/ec.h"
40 #include "e_os.h" /* strcasecmp() for Windows */
42 struct translation_ctx_st; /* Forwarding */
43 struct translation_st; /* Forwarding */
46 * The fixup_args functions are called with the following parameters:
48 * |state| The state we're called in, explained further at the
49 * end of this comment.
50 * |translation| The translation item, to be pilfered for data as
52 * |ctx| The translation context, which contains copies of
53 * the following arguments, applicable according to
54 * the caller. All of the attributes in this context
55 * may be freely modified by the fixup_args function.
56 * For cleanup, call cleanup_translation_ctx().
58 * The |state| tells the fixup_args function something about the caller and
59 * what they may expect:
61 * PKEY The fixup_args function has been called
62 * from an EVP_PKEY payload getter / setter,
63 * and is fully responsible for getting or
64 * setting the requested data. With this
65 * state, the fixup_args function is expected
66 * to use or modify |*params|, depending on
69 * PRE_CTRL_TO_PARAMS The fixup_args function has been called
70 * POST_CTRL_TO_PARAMS from EVP_PKEY_CTX_ctrl(), to help with
71 * translating the ctrl data to an OSSL_PARAM
72 * element or back. The calling sequence is
75 * 1. fixup_args(PRE_CTRL_TO_PARAMS, ...)
76 * 2. EVP_PKEY_CTX_set_params() or
77 * EVP_PKEY_CTX_get_params()
78 * 3. fixup_args(POST_CTRL_TO_PARAMS, ...)
80 * With the PRE_CTRL_TO_PARAMS state, the
81 * fixup_args function is expected to modify
82 * the passed |*params| in whatever way
83 * necessary, when |action_type == SET|.
84 * With the POST_CTRL_TO_PARAMS state, the
85 * fixup_args function is expected to modify
86 * the passed |p2| in whatever way necessary,
87 * when |action_type == GET|.
89 * The return value from the fixup_args call
90 * with the POST_CTRL_TO_PARAMS state becomes
91 * the return value back to EVP_PKEY_CTX_ctrl().
92 * CLEANUP_CTRL_TO_PARAMS The cleanup_args functions has been called
93 * from EVP_PKEY_CTX_ctrl(), to clean up what
94 * the fixup_args function has done, if needed.
96 * PRE_CTRL_STR_TO_PARAMS The fixup_args function has been called
97 * POST_CTRL_STR_TO_PARAMS from EVP_PKEY_CTX_ctrl_str(), to help with
98 * translating the ctrl_str data to an
99 * OSSL_PARAM element or back. The calling
100 * sequence is as follows:
102 * 1. fixup_args(PRE_CTRL_STR_TO_PARAMS, ...)
103 * 2. EVP_PKEY_CTX_set_params() or
104 * EVP_PKEY_CTX_get_params()
105 * 3. fixup_args(POST_CTRL_STR_TO_PARAMS, ...)
107 * With the PRE_CTRL_STR_TO_PARAMS state,
108 * the fixup_args function is expected to
109 * modify the passed |*params| in whatever
110 * way necessary, when |action_type == SET|.
111 * With the POST_CTRL_STR_TO_PARAMS state,
112 * the fixup_args function is only expected
114 * CLEANUP_CTRL_STR_TO_PARAMS The cleanup_args functions has been called
115 * from EVP_PKEY_CTX_ctrl_str(), to clean up
116 * what the fixup_args function has done, if
119 * PRE_PARAMS_TO_CTRL The fixup_args function has been called
120 * POST_PARAMS_TO_CTRL from EVP_PKEY_CTX_get_params() or
121 * EVP_PKEY_CTX_set_params(), to help with
122 * translating the OSSL_PARAM data to the
123 * corresponding EVP_PKEY_CTX_ctrl() arguments
124 * or the other way around. The calling
125 * sequence is as follows:
127 * 1. fixup_args(PRE_PARAMS_TO_CTRL, ...)
128 * 2. EVP_PKEY_CTX_ctrl()
129 * 3. fixup_args(POST_PARAMS_TO_CTRL, ...)
131 * With the PRE_PARAMS_TO_CTRL state, the
132 * fixup_args function is expected to modify
133 * the passed |p1| and |p2| in whatever way
134 * necessary, when |action_type == SET|.
135 * With the POST_PARAMS_TO_CTRL state, the
136 * fixup_args function is expected to
137 * modify the passed |*params| in whatever
138 * way necessary, when |action_type == GET|.
139 * CLEANUP_PARAMS_TO_CTRL The cleanup_args functions has been called
140 * from EVP_PKEY_CTX_get_params() or
141 * EVP_PKEY_CTX_set_params(), to clean up what
142 * the fixup_args function has done, if needed.
146 PRE_CTRL_TO_PARAMS, POST_CTRL_TO_PARAMS, CLEANUP_CTRL_TO_PARAMS,
147 PRE_CTRL_STR_TO_PARAMS, POST_CTRL_STR_TO_PARAMS, CLEANUP_CTRL_STR_TO_PARAMS,
148 PRE_PARAMS_TO_CTRL, POST_PARAMS_TO_CTRL, CLEANUP_PARAMS_TO_CTRL,
151 NONE = 0, GET = 1, SET = 2
153 typedef int fixup_args_fn(enum state state,
154 const struct translation_st *translation,
155 struct translation_ctx_st *ctx);
156 typedef int cleanup_args_fn(enum state state,
157 const struct translation_st *translation,
158 struct translation_ctx_st *ctx);
160 struct translation_ctx_st {
162 * The EVP_PKEY_CTX, for calls on that structure, to be pilfered for data
167 * The action type (GET or SET). This may be 0 in some cases, and should
168 * be modified by the fixup_args function in the PRE states. It should
169 * otherwise remain untouched once set.
171 enum action action_type;
173 * For ctrl to params translation, the actual ctrl command number used.
174 * For params to ctrl translation, 0.
178 * For ctrl_str to params translation, the actual ctrl command string
179 * used. In this case, the (string) value is always passed as |p2|.
180 * For params to ctrl translation, this is NULL. Along with it is also
181 * and indicator whether it matched |ctrl_str| or |ctrl_hexstr| in the
184 const char *ctrl_str;
186 /* the ctrl-style int argument. */
188 /* the ctrl-style void* argument. */
190 /* a size, for passing back the |p2| size where applicable */
192 /* pointer to the OSSL_PARAM-style params array. */
196 * The following are used entirely internally by the fixup_args functions
197 * and should not be touched by the callers, at all.
201 * copy of the ctrl-style void* argument, if the the fixup_args function
202 * needs to manipulate |p2| but wants to remember original.
205 /* Diverse types of storage for the needy. */
206 char name_buf[OSSL_MAX_NAME_SIZE];
212 struct translation_st {
214 * What this table item does.
216 * If the item has this set to 0, it means that both GET and SET are
217 * supported, and |fixup_args| will determine which it is. This is to
218 * support translations of ctrls where the action type depends on the
219 * value of |p1| or |p2| (ctrls are really bi-directional, but are
220 * seldom used that way).
222 * This can be also used in the lookup template when it looks up by
223 * OSSL_PARAM key, to indicate if a setter or a getter called.
225 enum action action_type;
228 * Conditions, for params->ctrl translations.
230 * In table item, |keytype1| and |keytype2| can be set to -1 to indicate
231 * that this item supports all key types (or rather, that |fixup_args|
232 * will check and return an error if it's not supported).
233 * Any of these may be set to 0 to indicate that they are unset.
235 int keytype1; /* The EVP_PKEY_XXX type, i.e. NIDs. #legacy */
236 int keytype2; /* Another EVP_PKEY_XXX type, used for aliases */
237 int optype; /* The operation type */
240 * Lookup and translation attributes
242 * |ctrl_num|, |ctrl_str|, |ctrl_hexstr| and |param_key| are lookup
245 * |ctrl_num| may be 0 or that |param_key| may be NULL in the table item,
246 * but not at the same time. If they are, they are simply not used for
248 * When |ctrl_num| == 0, no ctrl will be called. Likewise, when
249 * |param_key| == NULL, no OSSL_PARAM setter/getter will be called.
250 * In that case the treatment of the translation item relies entirely on
251 * |fixup_args|, which is then assumed to have side effects.
253 * As a special case, it's possible to set |ctrl_hexstr| and assign NULL
254 * to |ctrl_str|. That will signal to default_fixup_args() that the
255 * value must always be interpreted as hex.
257 int ctrl_num; /* EVP_PKEY_CTRL_xxx */
258 const char *ctrl_str; /* The corresponding ctrl string */
259 const char *ctrl_hexstr; /* The alternative "hex{str}" ctrl string */
260 const char *param_key; /* The corresponding OSSL_PARAM key */
262 * The appropriate OSSL_PARAM data type. This may be 0 to indicate that
263 * this OSSL_PARAM may have more than one data type, depending on input
264 * material. In this case, |fixup_args| is expected to check and handle
267 unsigned int param_data_type;
272 * |fixup_args| is always called before (for SET) or after (for GET)
273 * the actual ctrl / OSSL_PARAM function.
275 fixup_args_fn *fixup_args;
279 * Fixer function implementations
280 * ==============================
284 * default_check isn't a fixer per se, but rather a helper function to
285 * perform certain standard checks.
287 static int default_check(enum state state,
288 const struct translation_st *translation,
289 const struct translation_ctx_st *ctx)
294 case PRE_CTRL_TO_PARAMS:
295 if (!ossl_assert(translation != NULL)) {
296 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
299 if (!ossl_assert(translation->param_key != 0)
300 || !ossl_assert(translation->param_data_type != 0)) {
301 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
305 case PRE_CTRL_STR_TO_PARAMS:
307 * For ctrl_str to params translation, we allow direct use of
308 * OSSL_PARAM keys as ctrl_str keys. Therefore, it's possible that
309 * we end up with |translation == NULL|, which is fine. The fixup
310 * function will have to deal with it carefully.
312 if (translation != NULL) {
313 if (!ossl_assert(translation->action_type != GET)) {
314 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
317 if (!ossl_assert(translation->param_key != NULL)
318 || !ossl_assert(translation->param_data_type != 0)) {
319 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
324 case PRE_PARAMS_TO_CTRL:
325 case POST_PARAMS_TO_CTRL:
326 if (!ossl_assert(translation != NULL)) {
327 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
330 if (!ossl_assert(translation->ctrl_num != 0)
331 || !ossl_assert(translation->param_data_type != 0)) {
332 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
337 /* Nothing else to check */
342 * default_fixup_args fixes up all sorts of arguments, governed by the
343 * diverse attributes in the translation item. It covers all "standard"
344 * base ctrl functionality, meaning it can handle basic conversion of
345 * data between p1+p2 (SET) or return value+p2 (GET) as long as the values
346 * don't have extra semantics (such as NIDs, OIDs, that sort of stuff).
347 * Extra semantics must be handled via specific fixup_args functions.
349 * The following states and action type combinations have standard handling
350 * done in this function:
352 * PRE_CTRL_TO_PARAMS, 0 - ERROR. action type must be
353 * determined by a fixup function.
354 * PRE_CTRL_TO_PARAMS, SET | GET - |p1| and |p2| are converted to an
355 * OSSL_PARAM according to the data
356 * type given in |translattion|.
357 * For OSSL_PARAM_UNSIGNED_INTEGER,
358 * a BIGNUM passed as |p2| is accepted.
359 * POST_CTRL_TO_PARAMS, GET - If the OSSL_PARAM data type is a
360 * STRING or PTR type, |p1| is set
361 * to the OSSL_PARAM return size, and
362 * |p2| is set to the string.
363 * PRE_CTRL_STR_TO_PARAMS, !SET - ERROR. That combination is not
365 * PRE_CTRL_STR_TO_PARAMS, SET - |p2| is taken as a string, and is
366 * converted to an OSSL_PARAM in a
367 * standard manner, guided by the
368 * param key and data type from
370 * PRE_PARAMS_TO_CTRL, SET - the OSSL_PARAM is converted to
371 * |p1| and |p2| according to the
372 * data type given in |translation|
373 * For OSSL_PARAM_UNSIGNED_INTEGER,
374 * if |p2| is non-NULL, then |*p2|
375 * is assigned a BIGNUM, otherwise
376 * |p1| is assigned an unsigned int.
377 * POST_PARAMS_TO_CTRL, GET - |p1| and |p2| are converted to
378 * an OSSL_PARAM, in the same manner
379 * as for the combination of
380 * PRE_CTRL_TO_PARAMS, SET.
382 static int default_fixup_args(enum state state,
383 const struct translation_st *translation,
384 struct translation_ctx_st *ctx)
388 if ((ret = default_check(state, translation, ctx)) < 0)
393 /* For states this function should never have been called with */
394 ERR_raise_data(ERR_LIB_EVP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED,
395 "[action:%d, state:%d]", ctx->action_type, state);
399 * PRE_CTRL_TO_PARAMS and POST_CTRL_TO_PARAMS handle ctrl to params
400 * translations. PRE_CTRL_TO_PARAMS is responsible for preparing
401 * |*params|, and POST_CTRL_TO_PARAMS is responsible for bringing the
402 * result back to |*p2| and the return value.
404 case PRE_CTRL_TO_PARAMS:
405 /* This is ctrl to params translation, so we need an OSSL_PARAM key */
406 if (ctx->action_type == NONE) {
408 * No action type is an error here. That's a case for a
409 * special fixup function.
411 ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED,
412 "[action:%d, state:%d]", ctx->action_type, state);
416 if (translation->optype != 0) {
417 if ((EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx->pctx)
418 && ctx->pctx->op.sig.sigprovctx == NULL)
419 || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx->pctx)
420 && ctx->pctx->op.kex.exchprovctx == NULL)
421 || (EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx->pctx)
422 && ctx->pctx->op.ciph.ciphprovctx == NULL)
423 || (EVP_PKEY_CTX_IS_KEM_OP(ctx->pctx)
424 && ctx->pctx->op.encap.kemprovctx == NULL)
426 * The following may be unnecessary, but we have them
427 * for good measure...
429 || (EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx)
430 && ctx->pctx->op.keymgmt.genctx == NULL)
431 || (EVP_PKEY_CTX_IS_FROMDATA_OP(ctx->pctx)
432 && ctx->pctx->op.keymgmt.genctx == NULL)) {
433 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
434 /* Uses the same return values as EVP_PKEY_CTX_ctrl */
440 * OSSL_PARAM_construct_TYPE() works equally well for both SET and GET.
442 switch (translation->param_data_type) {
443 case OSSL_PARAM_INTEGER:
444 *ctx->params = OSSL_PARAM_construct_int(translation->param_key,
447 case OSSL_PARAM_UNSIGNED_INTEGER:
449 * BIGNUMs are passed via |p2|. For all ctrl's that just want
450 * to pass a simple integer via |p1|, |p2| is expected to be
453 * Note that this allocates a buffer, which the cleanup function
456 if (ctx->p2 != NULL) {
457 if (ctx->action_type == SET) {
458 ctx->buflen = BN_num_bytes(ctx->p2);
459 if ((ctx->allocated_buf =
460 OPENSSL_malloc(ctx->buflen)) == NULL) {
461 ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
464 if (!BN_bn2nativepad(ctx->p2,
465 ctx->allocated_buf, ctx->buflen)) {
466 OPENSSL_free(ctx->allocated_buf);
467 ctx->allocated_buf = NULL;
471 OSSL_PARAM_construct_BN(translation->param_key,
476 * No support for getting a BIGNUM by ctrl, this needs
477 * fixup_args function support.
479 ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED,
480 "[action:%d, state:%d] trying to get a "
481 "BIGNUM via ctrl call",
482 ctx->action_type, state);
487 OSSL_PARAM_construct_uint(translation->param_key,
488 (unsigned int *)&ctx->p1);
491 case OSSL_PARAM_UTF8_STRING:
493 OSSL_PARAM_construct_utf8_string(translation->param_key,
494 ctx->p2, (size_t)ctx->p1);
496 case OSSL_PARAM_UTF8_PTR:
498 OSSL_PARAM_construct_utf8_ptr(translation->param_key,
499 ctx->p2, (size_t)ctx->p1);
501 case OSSL_PARAM_OCTET_STRING:
503 OSSL_PARAM_construct_octet_string(translation->param_key,
504 ctx->p2, (size_t)ctx->p1);
506 case OSSL_PARAM_OCTET_PTR:
508 OSSL_PARAM_construct_octet_ptr(translation->param_key,
509 ctx->p2, (size_t)ctx->p1);
513 case POST_CTRL_TO_PARAMS:
515 * Because EVP_PKEY_CTX_ctrl() returns the length of certain objects
516 * as its return value, we need to ensure that we do it here as well,
517 * for the OSSL_PARAM data types where this makes sense.
519 if (ctx->action_type == GET) {
520 switch (translation->param_data_type) {
521 case OSSL_PARAM_UTF8_STRING:
522 case OSSL_PARAM_UTF8_PTR:
523 case OSSL_PARAM_OCTET_STRING:
524 case OSSL_PARAM_OCTET_PTR:
525 ctx->p1 = (int)ctx->params[0].return_size;
532 * PRE_CTRL_STR_TO_PARAMS and POST_CTRL_STR_TO_PARAMS handle ctrl_str to
533 * params translations. PRE_CTRL_TO_PARAMS is responsible for preparing
534 * |*params|, and POST_CTRL_TO_PARAMS currently has nothing to do, since
535 * there's no support for getting data via ctrl_str calls.
537 case PRE_CTRL_STR_TO_PARAMS:
539 /* This is ctrl_str to params translation */
540 const char *tmp_ctrl_str = ctx->ctrl_str;
541 const char *orig_ctrl_str = ctx->ctrl_str;
542 const char *orig_value = ctx->p2;
543 const OSSL_PARAM *settable = NULL;
546 /* Only setting is supported here */
547 if (ctx->action_type != SET) {
548 ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED,
549 "[action:%d, state:%d] only setting allowed",
550 ctx->action_type, state);
555 * If no translation exists, we simply pass the control string
558 if (translation != NULL) {
559 tmp_ctrl_str = ctx->ctrl_str = translation->param_key;
562 strcpy(ctx->name_buf, "hex");
563 if (OPENSSL_strlcat(ctx->name_buf, tmp_ctrl_str,
564 sizeof(ctx->name_buf)) <= 3) {
565 ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
568 tmp_ctrl_str = ctx->name_buf;
572 settable = EVP_PKEY_CTX_settable_params(ctx->pctx);
573 if (!OSSL_PARAM_allocate_from_text(ctx->params, settable,
575 ctx->p2, strlen(ctx->p2),
578 ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED,
579 "[action:%d, state:%d] name=%s, value=%s",
580 ctx->action_type, state,
581 orig_ctrl_str, orig_value);
586 ctx->allocated_buf = ctx->params->data;
587 ctx->buflen = ctx->params->data_size;
590 case POST_CTRL_STR_TO_PARAMS:
591 /* Nothing to be done */
595 * PRE_PARAMS_TO_CTRL and POST_PARAMS_TO_CTRL handle params to ctrl
596 * translations. PRE_PARAMS_TO_CTRL is responsible for preparing
597 * |p1| and |p2|, and POST_PARAMS_TO_CTRL is responsible for bringing
598 * the EVP_PKEY_CTX_ctrl() return value (passed as |p1|) and |p2| back
601 * PKEY is treated just like POST_PARAMS_TO_CTRL, making it easy
602 * for the related fixup_args functions to just set |p1| and |p2|
603 * appropriately and leave it to this section of code to fix up
604 * |ctx->params| accordingly.
607 case POST_PARAMS_TO_CTRL:
610 case PRE_PARAMS_TO_CTRL:
612 /* This is params to ctrl translation */
613 if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) {
614 /* For the PRE state, only setting needs some work to be done */
616 /* When setting, we populate |p1| and |p2| from |*params| */
617 switch (translation->param_data_type) {
618 case OSSL_PARAM_INTEGER:
619 return OSSL_PARAM_get_int(ctx->params, &ctx->p1);
620 case OSSL_PARAM_UNSIGNED_INTEGER:
621 if (ctx->p2 != NULL) {
622 /* BIGNUM passed down with p2 */
623 if (!OSSL_PARAM_get_BN(ctx->params, ctx->p2))
626 /* Normal C unsigned int passed down */
627 if (!OSSL_PARAM_get_uint(ctx->params,
628 (unsigned int *)&ctx->p1))
632 case OSSL_PARAM_UTF8_STRING:
633 return OSSL_PARAM_get_utf8_string(ctx->params,
635 case OSSL_PARAM_OCTET_STRING:
636 return OSSL_PARAM_get_octet_string(ctx->params,
639 case OSSL_PARAM_OCTET_PTR:
640 return OSSL_PARAM_get_octet_ptr(ctx->params,
643 ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED,
644 "[action:%d, state:%d] "
645 "unknown OSSL_PARAM data type %d",
646 ctx->action_type, state,
647 translation->param_data_type);
650 } else if ((state == POST_PARAMS_TO_CTRL || state == PKEY)
651 && ctx->action_type == GET) {
652 /* For the POST state, only getting needs some work to be done */
654 /* When getting, we populate |*params| from |p1| and |p2| */
655 switch (translation->param_data_type) {
656 case OSSL_PARAM_INTEGER:
657 return OSSL_PARAM_set_int(ctx->params, ctx->p1);
658 case OSSL_PARAM_UNSIGNED_INTEGER:
659 if (ctx->p2 != NULL) {
660 /* BIGNUM passed back */
661 return OSSL_PARAM_set_BN(ctx->params, ctx->p2);
663 /* Normal C unsigned int passed back */
664 return OSSL_PARAM_set_uint(ctx->params,
665 (unsigned int)ctx->p1);
668 case OSSL_PARAM_UTF8_STRING:
669 return OSSL_PARAM_set_utf8_string(ctx->params, ctx->p2);
670 case OSSL_PARAM_OCTET_STRING:
671 return OSSL_PARAM_set_octet_string(ctx->params, ctx->p2,
673 case OSSL_PARAM_OCTET_PTR:
674 return OSSL_PARAM_set_octet_ptr(ctx->params, ctx->p2,
677 ERR_raise_data(ERR_LIB_EVP, ERR_R_UNSUPPORTED,
678 "[action:%d, state:%d] "
679 "unsupported OSSL_PARAM data type %d",
680 ctx->action_type, state,
681 translation->param_data_type);
686 /* Any other combination is simply pass-through */
693 cleanup_translation_ctx(enum state state,
694 const struct translation_st *translation,
695 struct translation_ctx_st *ctx)
697 if (ctx->allocated_buf != NULL)
698 OPENSSL_free(ctx->allocated_buf);
699 ctx->allocated_buf = NULL;
704 * fix_cipher_md fixes up an EVP_CIPHER / EVP_MD to its name on SET,
705 * and cipher / md name to EVP_MD on GET.
707 static const char *get_cipher_name(void *cipher)
709 return EVP_CIPHER_name(cipher);
712 static const char *get_md_name(void *md)
714 return EVP_MD_name(md);
717 static const void *get_cipher_by_name(OSSL_LIB_CTX *libctx, const char *name)
719 return evp_get_cipherbyname_ex(libctx, name);
722 static const void *get_md_by_name(OSSL_LIB_CTX *libctx, const char *name)
724 return evp_get_digestbyname_ex(libctx, name);
727 static int fix_cipher_md(enum state state,
728 const struct translation_st *translation,
729 struct translation_ctx_st *ctx,
730 const char *(*get_name)(void *algo),
731 const void *(*get_algo_by_name)(OSSL_LIB_CTX *libctx,
736 if ((ret = default_check(state, translation, ctx)) <= 0)
739 if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) {
741 * |ctx->p2| contains the address to an EVP_CIPHER or EVP_MD pointer
742 * to be filled in. We need to remember it, then make |ctx->p2|
743 * point at a buffer to be filled in with the name, and |ctx->p1|
744 * with its size. default_fixup_args() will take care of the rest
747 ctx->orig_p2 = ctx->p2;
748 ctx->p2 = ctx->name_buf;
749 ctx->p1 = sizeof(ctx->name_buf);
750 } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) {
752 * In different parts of OpenSSL, this ctrl command is used
753 * differently. Some calls pass a NID as p1, others pass an
754 * EVP_CIPHER pointer as p2...
756 ctx->p2 = (char *)(ctx->p2 == NULL
757 ? OBJ_nid2sn(ctx->p1)
758 : get_name(ctx->p2));
759 ctx->p1 = strlen(ctx->p2);
760 } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
761 ctx->p2 = (ctx->p2 == NULL ? "" : (char *)get_name(ctx->p2));
762 ctx->p1 = strlen(ctx->p2);
765 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
768 if (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET) {
770 * Here's how we re-use |ctx->orig_p2| that was set in the
771 * PRE_CTRL_TO_PARAMS state above.
773 *(void **)ctx->orig_p2 =
774 (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2);
776 } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET) {
777 ctx->p2 = (void *)get_algo_by_name(ctx->pctx->libctx, ctx->p2);
784 static int fix_cipher(enum state state,
785 const struct translation_st *translation,
786 struct translation_ctx_st *ctx)
788 return fix_cipher_md(state, translation, ctx,
789 get_cipher_name, get_cipher_by_name);
792 static int fix_md(enum state state,
793 const struct translation_st *translation,
794 struct translation_ctx_st *ctx)
796 return fix_cipher_md(state, translation, ctx,
797 get_md_name, get_md_by_name);
800 static int fix_distid_len(enum state state,
801 const struct translation_st *translation,
802 struct translation_ctx_st *ctx)
804 int ret = default_fixup_args(state, translation, ctx);
808 if ((state == POST_CTRL_TO_PARAMS
809 || state == POST_CTRL_STR_TO_PARAMS) && ctx->action_type == GET) {
810 *(size_t *)ctx->p2 = ctx->sz;
817 struct kdf_type_map_st {
819 const char *kdf_type_str;
822 static int fix_kdf_type(enum state state,
823 const struct translation_st *translation,
824 struct translation_ctx_st *ctx,
825 const struct kdf_type_map_st *kdf_type_map)
828 * The EVP_PKEY_CTRL_DH_KDF_TYPE ctrl command is a bit special, in
829 * that it's used both for setting a value, and for getting it, all
830 * depending on the value if |p1|; if |p1| is -2, the backend is
831 * supposed to place the current kdf type in |p2|, and if not, |p1|
832 * is interpreted as the new kdf type.
836 if ((ret = default_check(state, translation, ctx)) <= 0)
839 if (state == PRE_CTRL_TO_PARAMS) {
841 * In |translations|, the initial value for |ctx->action_type| must
844 if (!ossl_assert(ctx->action_type == NONE))
847 /* The action type depends on the value of *p1 */
850 * The OSSL_PARAMS getter needs space to store a copy of the kdf
851 * type string. We use |ctx->name_buf|, which has enough space
854 * (this wouldn't be needed if the OSSL_xxx_PARAM_KDF_TYPE
855 * had the data type OSSL_PARAM_UTF8_PTR)
857 ctx->p2 = ctx->name_buf;
858 ctx->p1 = sizeof(ctx->name_buf);
859 ctx->action_type = GET;
861 ctx->action_type = SET;
865 if ((ret = default_check(state, translation, ctx)) <= 0)
868 if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET)
869 || (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET)) {
871 /* Convert KDF type numbers to strings */
872 for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++)
873 if (ctx->p1 == kdf_type_map->kdf_type_num) {
874 ctx->p2 = (char *)kdf_type_map->kdf_type_str;
880 ctx->p1 = strlen(ctx->p2);
883 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
886 if ((state == POST_CTRL_TO_PARAMS && ctx->action_type == GET)
887 || (state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET)) {
890 /* Convert KDF type strings to numbers */
891 for (; kdf_type_map->kdf_type_str != NULL; kdf_type_map++)
892 if (strcmp(ctx->p2, kdf_type_map->kdf_type_str) == 0) {
893 ctx->p1 = kdf_type_map->kdf_type_num;
898 } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
905 /* EVP_PKEY_CTRL_DH_KDF_TYPE */
906 static int fix_dh_kdf_type(enum state state,
907 const struct translation_st *translation,
908 struct translation_ctx_st *ctx)
910 static const struct kdf_type_map_st kdf_type_map[] = {
911 { EVP_PKEY_DH_KDF_NONE, "" },
912 { EVP_PKEY_DH_KDF_X9_42, OSSL_KDF_NAME_X942KDF_ASN1 },
916 return fix_kdf_type(state, translation, ctx, kdf_type_map);
919 /* EVP_PKEY_CTRL_EC_KDF_TYPE */
920 static int fix_ec_kdf_type(enum state state,
921 const struct translation_st *translation,
922 struct translation_ctx_st *ctx)
924 static const struct kdf_type_map_st kdf_type_map[] = {
925 { EVP_PKEY_ECDH_KDF_NONE, "" },
926 { EVP_PKEY_ECDH_KDF_X9_63, OSSL_KDF_NAME_X963KDF },
930 return fix_kdf_type(state, translation, ctx, kdf_type_map);
933 /* EVP_PKEY_CTRL_DH_KDF_OID, EVP_PKEY_CTRL_GET_DH_KDF_OID, ...??? */
934 static int fix_oid(enum state state,
935 const struct translation_st *translation,
936 struct translation_ctx_st *ctx)
940 if ((ret = default_check(state, translation, ctx)) <= 0)
943 if ((state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET)
944 || (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET)) {
946 * We're translating from ctrl to params and setting the OID, or
947 * we're translating from params to ctrl and getting the OID.
948 * Either way, |ctx->p2| points at an ASN1_OBJECT, and needs to have
949 * that replaced with the corresponding name.
950 * default_fixup_args() will then be able to convert that to the
951 * corresponding OSSL_PARAM.
953 ctx->p2 = (char *)OBJ_nid2sn(OBJ_obj2nid(ctx->p2));
954 ctx->p1 = 0; /* let default_fixup_args() figure out the length */
957 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
960 if ((state == PRE_PARAMS_TO_CTRL && ctx->action_type == SET)
961 || (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET)) {
963 * We're translating from ctrl to params and setting the OID name,
964 * or we're translating from params to ctrl and getting the OID
965 * name. Either way, default_fixup_args() has placed the OID name
966 * in |ctx->p2|, all we need to do now is to replace that with the
967 * corresponding ASN1_OBJECT.
969 ctx->p2 = (ASN1_OBJECT *)OBJ_txt2obj(ctx->p2, 0);
975 /* EVP_PKEY_CTRL_DH_NID, ...??? */
976 static int fix_dh_nid(enum state state,
977 const struct translation_st *translation,
978 struct translation_ctx_st *ctx)
982 if ((ret = default_check(state, translation, ctx)) <= 0)
985 /* This is currently only settable */
986 if (ctx->action_type != SET)
989 if (state == PRE_CTRL_TO_PARAMS) {
990 ctx->p2 = (char *)ossl_ffc_named_group_get_name
991 (ossl_ffc_uid_to_dh_named_group(ctx->p1));
995 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
998 if (state == PRE_PARAMS_TO_CTRL) {
1000 ossl_ffc_named_group_get_uid(ossl_ffc_name_to_dh_named_group(ctx->p2));
1007 /* EVP_PKEY_CTRL_DH_PARAMGEN_TYPE */
1008 static int fix_dh_paramgen_type(enum state state,
1009 const struct translation_st *translation,
1010 struct translation_ctx_st *ctx)
1014 if ((ret = default_check(state, translation, ctx)) <= 0)
1017 /* This is currently only settable */
1018 if (ctx->action_type != SET)
1021 if (state == PRE_CTRL_TO_PARAMS) {
1022 ctx->p2 = (char *)dh_gen_type_id2name(ctx->p1);
1026 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
1029 if (state == PRE_PARAMS_TO_CTRL) {
1030 ctx->p1 = dh_gen_type_name2id(ctx->p2);
1037 /* EVP_PKEY_CTRL_EC_PARAM_ENC */
1038 static int fix_ec_param_enc(enum state state,
1039 const struct translation_st *translation,
1040 struct translation_ctx_st *ctx)
1044 if ((ret = default_check(state, translation, ctx)) <= 0)
1047 /* This is currently only settable */
1048 if (ctx->action_type != SET)
1051 if (state == PRE_CTRL_TO_PARAMS) {
1053 case OPENSSL_EC_EXPLICIT_CURVE:
1054 ctx->p2 = OSSL_PKEY_EC_ENCODING_EXPLICIT;
1056 case OPENSSL_EC_NAMED_CURVE:
1057 ctx->p2 = OSSL_PKEY_EC_ENCODING_GROUP;
1066 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
1069 if (state == PRE_PARAMS_TO_CTRL) {
1070 if (strcmp(ctx->p2, OSSL_PKEY_EC_ENCODING_EXPLICIT) == 0)
1071 ctx->p1 = OPENSSL_EC_EXPLICIT_CURVE;
1072 else if (strcmp(ctx->p2, OSSL_PKEY_EC_ENCODING_GROUP) == 0)
1073 ctx->p1 = OPENSSL_EC_NAMED_CURVE;
1081 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1085 /* EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID */
1086 static int fix_ec_paramgen_curve_nid(enum state state,
1087 const struct translation_st *translation,
1088 struct translation_ctx_st *ctx)
1092 if ((ret = default_check(state, translation, ctx)) <= 0)
1095 /* This is currently only settable */
1096 if (ctx->action_type != SET)
1099 if (state == PRE_CTRL_TO_PARAMS) {
1100 ctx->p2 = (char *)OBJ_nid2sn(ctx->p1);
1104 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
1107 if (state == PRE_PARAMS_TO_CTRL) {
1108 ctx->p1 = OBJ_sn2nid(ctx->p2);
1115 /* EVP_PKEY_CTRL_EC_ECDH_COFACTOR */
1116 static int fix_ecdh_cofactor(enum state state,
1117 const struct translation_st *translation,
1118 struct translation_ctx_st *ctx)
1121 * The EVP_PKEY_CTRL_EC_ECDH_COFACTOR ctrl command is a bit special, in
1122 * that it's used both for setting a value, and for getting it, all
1123 * depending on the value if |ctx->p1|; if |ctx->p1| is -2, the backend is
1124 * supposed to place the current cofactor mode in |ctx->p2|, and if not,
1125 * |ctx->p1| is interpreted as the new cofactor mode.
1129 if (state == PRE_CTRL_TO_PARAMS) {
1131 * The initial value for |ctx->action_type| must be zero.
1132 * evp_pkey_ctrl_to_params() takes it from the translation item.
1134 if (!ossl_assert(ctx->action_type == NONE))
1137 /* The action type depends on the value of ctx->p1 */
1139 ctx->action_type = GET;
1141 ctx->action_type = SET;
1142 } else if (state == PRE_CTRL_STR_TO_PARAMS) {
1143 ctx->action_type = SET;
1144 } else if (state == PRE_PARAMS_TO_CTRL) {
1145 /* The initial value for |ctx->action_type| must not be zero. */
1146 if (!ossl_assert(ctx->action_type != NONE))
1150 if ((ret = default_check(state, translation, ctx)) <= 0)
1153 if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) {
1154 if (ctx->p1 < -1 || ctx->p1 > 1) {
1155 /* Uses the same return value of pkey_ec_ctrl() */
1160 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
1163 if (state == POST_CTRL_TO_PARAMS && ctx->action_type == GET) {
1164 if (ctx->p1 < 0 || ctx->p1 > 1) {
1166 * The provider should return either 0 or 1, any other value is a
1171 } else if (state == PRE_PARAMS_TO_CTRL && ctx->action_type == GET) {
1178 /* EVP_PKEY_CTRL_RSA_PADDING, EVP_PKEY_CTRL_GET_RSA_PADDING */
1179 static int fix_rsa_padding_mode(enum state state,
1180 const struct translation_st *translation,
1181 struct translation_ctx_st *ctx)
1183 static const OSSL_ITEM str_value_map[] = {
1184 { RSA_PKCS1_PADDING, "pkcs1" },
1185 { RSA_SSLV23_PADDING, "sslv23" },
1186 { RSA_NO_PADDING, "none" },
1187 { RSA_PKCS1_OAEP_PADDING, "oaep" },
1188 { RSA_PKCS1_OAEP_PADDING, "oeap" },
1189 { RSA_X931_PADDING, "x931" },
1190 { RSA_PKCS1_PSS_PADDING, "pss" },
1191 /* Special case, will pass directly as an integer */
1192 { RSA_PKCS1_WITH_TLS_PADDING, NULL }
1196 if ((ret = default_check(state, translation, ctx)) <= 0)
1199 if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) {
1201 * EVP_PKEY_CTRL_GET_RSA_PADDING returns the padding mode in the
1202 * weirdest way for a ctrl. Instead of doing like all other ctrls
1203 * that return a simple, i.e. just have that as a return value,
1204 * this particular ctrl treats p2 as the address for the int to be
1205 * returned. We must therefore remember |ctx->p2|, then make
1206 * |ctx->p2| point at a buffer to be filled in with the name, and
1207 * |ctx->p1| with its size. default_fixup_args() will take care
1208 * of the rest for us, along with the POST_CTRL_TO_PARAMS && GET
1209 * code section further down.
1211 ctx->orig_p2 = ctx->p2;
1212 ctx->p2 = ctx->name_buf;
1213 ctx->p1 = sizeof(ctx->name_buf);
1214 } else if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == SET) {
1216 * Ideally, we should use utf8 strings for the diverse padding modes.
1217 * We only came here because someone called EVP_PKEY_CTX_ctrl(),
1218 * though, and since that can reasonably be seen as legacy code
1219 * that uses the diverse RSA macros for the padding mode, and we
1220 * know that at least our providers can handle the numeric modes,
1221 * we take the cheap route for now.
1223 * The other solution would be to match |ctx->p1| against entries
1224 * in str_value_map and pass the corresponding string. However,
1225 * since we don't have a string for RSA_PKCS1_WITH_TLS_PADDING,
1226 * we have to do this same hack at least for that one.
1228 * Since the "official" data type for the RSA padding mode is utf8
1229 * string, we cannot count on default_fixup_args(). Instead, we
1230 * build the OSSL_PARAM item ourselves and return immediately.
1232 ctx->params[0] = OSSL_PARAM_construct_int(translation->param_key,
1235 } else if (state == POST_PARAMS_TO_CTRL && ctx->action_type == GET) {
1239 * The EVP_PKEY_CTX_get_params() caller may have asked for a utf8
1240 * string, or may have asked for an integer of some sort. If they
1241 * ask for an integer, we respond directly. If not, we translate
1242 * the response from the ctrl function into a string.
1244 switch (ctx->params->data_type) {
1245 case OSSL_PARAM_INTEGER:
1246 return OSSL_PARAM_get_int(ctx->params, &ctx->p1);
1247 case OSSL_PARAM_UNSIGNED_INTEGER:
1248 return OSSL_PARAM_get_uint(ctx->params, (unsigned int *)&ctx->p1);
1253 for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
1254 if (ctx->p1 == (int)str_value_map[i].id)
1257 if (i == OSSL_NELEM(str_value_map)) {
1258 ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE,
1259 "[action:%d, state:%d] padding number %d",
1260 ctx->action_type, state, ctx->p1);
1264 * If we don't have a string, we can't do anything. The caller
1265 * should have asked for a number...
1267 if (str_value_map[i].ptr == NULL) {
1268 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1271 ctx->p2 = str_value_map[i].ptr;
1272 ctx->p1 = strlen(ctx->p2);
1275 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
1278 if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
1279 || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
1282 for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
1283 if (strcmp(ctx->p2, str_value_map[i].ptr) == 0)
1287 if (i == OSSL_NELEM(str_value_map)) {
1288 ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE,
1289 "[action:%d, state:%d] padding name %s",
1290 ctx->action_type, state, ctx->p1);
1292 } else if (state == POST_CTRL_TO_PARAMS) {
1293 /* EVP_PKEY_CTRL_GET_RSA_PADDING weirdness explained further up */
1294 *(int *)ctx->orig_p2 = str_value_map[i].id;
1296 ctx->p1 = str_value_map[i].id;
1304 /* EVP_PKEY_CTRL_RSA_PSS_SALTLEN, EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN */
1305 static int fix_rsa_pss_saltlen(enum state state,
1306 const struct translation_st *translation,
1307 struct translation_ctx_st *ctx)
1309 static const OSSL_ITEM str_value_map[] = {
1310 { (unsigned int)RSA_PSS_SALTLEN_DIGEST, "digest" },
1311 { (unsigned int)RSA_PSS_SALTLEN_MAX, "max" },
1312 { (unsigned int)RSA_PSS_SALTLEN_AUTO, "auto" }
1316 if ((ret = default_check(state, translation, ctx)) <= 0)
1319 if (state == PRE_CTRL_TO_PARAMS && ctx->action_type == GET) {
1321 * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN returns the saltlen by filling
1322 * in the int pointed at by p2. This is potentially as weird as
1323 * the way EVP_PKEY_CTRL_GET_RSA_PADDING works, except that saltlen
1324 * might be a negative value, so it wouldn't work as a legitimate
1326 * In any case, we must therefore remember |ctx->p2|, then make
1327 * |ctx->p2| point at a buffer to be filled in with the name, and
1328 * |ctx->p1| with its size. default_fixup_args() will take care
1329 * of the rest for us, along with the POST_CTRL_TO_PARAMS && GET
1330 * code section further down.
1332 ctx->orig_p2 = ctx->p2;
1333 ctx->p2 = ctx->name_buf;
1334 ctx->p1 = sizeof(ctx->name_buf);
1335 } else if ((ctx->action_type == SET && state == PRE_CTRL_TO_PARAMS)
1336 || (ctx->action_type == GET && state == POST_PARAMS_TO_CTRL)) {
1339 for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
1340 if (ctx->p1 == (int)str_value_map[i].id)
1343 if (i == OSSL_NELEM(str_value_map)) {
1344 BIO_snprintf(ctx->name_buf, 5, "%d", ctx->p1);
1346 strcpy(ctx->name_buf, str_value_map[i].ptr);
1348 ctx->p2 = ctx->name_buf;
1349 ctx->p1 = strlen(ctx->p2);
1352 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
1355 if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
1356 || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
1359 for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
1360 if (strcmp(ctx->p2, str_value_map[i].ptr) == 0)
1363 if (i == OSSL_NELEM(str_value_map)) {
1364 ctx->p1 = atoi(ctx->p2);
1365 } else if (state == POST_CTRL_TO_PARAMS) {
1367 * EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN weirdness explained further
1370 *(int *)ctx->orig_p2 = str_value_map[i].id;
1372 ctx->p1 = (int)str_value_map[i].id;
1380 /* EVP_PKEY_CTRL_HKDF_MODE */
1381 static int fix_hkdf_mode(enum state state,
1382 const struct translation_st *translation,
1383 struct translation_ctx_st *ctx)
1385 static const OSSL_ITEM str_value_map[] = {
1386 { EVP_KDF_HKDF_MODE_EXTRACT_AND_EXPAND, "EXTRACT_AND_EXPAND" },
1387 { EVP_KDF_HKDF_MODE_EXTRACT_ONLY, "EXTRACT_ONLY" },
1388 { EVP_KDF_HKDF_MODE_EXPAND_ONLY, "EXPAND_ONLY" }
1392 if ((ret = default_check(state, translation, ctx)) <= 0)
1395 if ((ctx->action_type == SET && state == PRE_CTRL_TO_PARAMS)
1396 || (ctx->action_type == GET && state == POST_PARAMS_TO_CTRL)) {
1399 for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
1400 if (ctx->p1 == (int)str_value_map[i].id)
1403 if (i == OSSL_NELEM(str_value_map))
1405 ctx->p2 = str_value_map[i].ptr;
1406 ctx->p1 = strlen(ctx->p2);
1409 if ((ret = default_fixup_args(state, translation, ctx)) <= 0)
1412 if ((ctx->action_type == SET && state == PRE_PARAMS_TO_CTRL)
1413 || (ctx->action_type == GET && state == POST_CTRL_TO_PARAMS)) {
1416 for (i = 0; i < OSSL_NELEM(str_value_map); i++) {
1417 if (strcmp(ctx->p2, str_value_map[i].ptr) == 0)
1420 if (i == OSSL_NELEM(str_value_map))
1422 if (state == POST_CTRL_TO_PARAMS)
1423 ret = str_value_map[i].id;
1425 ctx->p1 = str_value_map[i].id;
1432 static int hack_pkcs7_cms(enum state state,
1433 const struct translation_st *translation,
1434 struct translation_ctx_st *ctx)
1438 /* Make sure that this has no further effect */
1439 ctx->action_type = 0;
1442 case PRE_CTRL_TO_PARAMS:
1443 /* TODO (3.0) Temporary hack, this should probe */
1444 if (EVP_PKEY_is_a(EVP_PKEY_CTX_get0_pkey(ctx->pctx), "RSASSA-PSS")) {
1445 ERR_raise(ERR_LIB_EVP,
1446 EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
1450 case POST_CTRL_TO_PARAMS:
1453 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
1464 * These all get the data they want, then call default_fixup_args() as
1465 * a post-ctrl GET fixup. They all get NULL ctx, ctrl_cmd, ctrl_str,
1469 /* Pilfering DH, DSA and EC_KEY */
1470 static int get_payload_group_name(enum state state,
1471 const struct translation_st *translation,
1472 struct translation_ctx_st *ctx)
1474 EVP_PKEY *pkey = ctx->p2;
1477 switch (EVP_PKEY_base_id(pkey)) {
1478 #ifndef OPENSSL_NO_DH
1481 DH *dh = EVP_PKEY_get0_DH(pkey);
1482 int uid = DH_get_nid(dh);
1484 if (uid != NID_undef) {
1485 const DH_NAMED_GROUP *dh_group =
1486 ossl_ffc_uid_to_dh_named_group(uid);
1488 ctx->p2 = (char *)ossl_ffc_named_group_get_name(dh_group);
1493 #ifndef OPENSSL_NO_EC
1496 const EC_GROUP *grp =
1497 EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pkey));
1498 int nid = NID_undef;
1501 nid = EC_GROUP_get_curve_name(grp);
1502 if (nid != NID_undef)
1503 ctx->p2 = (char *)ec_curve_nid2name(nid);
1508 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE);
1512 if (ctx->p2 != NULL)
1513 ctx->p1 = strlen(ctx->p2);
1514 return default_fixup_args(state, translation, ctx);
1517 static int get_payload_private_key(enum state state,
1518 const struct translation_st *translation,
1519 struct translation_ctx_st *ctx)
1521 EVP_PKEY *pkey = ctx->p2;
1524 if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER)
1527 switch (EVP_PKEY_base_id(pkey)) {
1528 #ifndef OPENSSL_NO_DH
1531 DH *dh = EVP_PKEY_get0_DH(pkey);
1533 ctx->p2 = (BIGNUM *)DH_get0_priv_key(dh);
1537 #ifndef OPENSSL_NO_EC
1540 EC_KEY *ec = EVP_PKEY_get0_EC_KEY(pkey);
1542 ctx->p2 = (BIGNUM *)EC_KEY_get0_private_key(ec);
1547 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE);
1551 return default_fixup_args(state, translation, ctx);
1554 static int get_payload_public_key(enum state state,
1555 const struct translation_st *translation,
1556 struct translation_ctx_st *ctx)
1558 EVP_PKEY *pkey = ctx->p2;
1559 unsigned char *buf = NULL;
1563 switch (EVP_PKEY_base_id(pkey)) {
1564 #ifndef OPENSSL_NO_DH
1566 switch (ctx->params->data_type) {
1567 case OSSL_PARAM_OCTET_STRING:
1568 ctx->sz = dh_key2buf(EVP_PKEY_get0_DH(pkey), &buf, 0, 1);
1571 case OSSL_PARAM_UNSIGNED_INTEGER:
1572 ctx->p2 = (void *)DH_get0_pub_key(EVP_PKEY_get0_DH(pkey));
1579 #ifndef OPENSSL_NO_DSA
1581 if (ctx->params->data_type == OSSL_PARAM_UNSIGNED_INTEGER) {
1582 ctx->p2 = (void *)DSA_get0_pub_key(EVP_PKEY_get0_DSA(pkey));
1587 #ifndef OPENSSL_NO_EC
1589 if (ctx->params->data_type == OSSL_PARAM_OCTET_STRING) {
1590 EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey);
1591 BN_CTX *bnctx = BN_CTX_new_ex(ec_key_get_libctx(eckey));
1592 const EC_GROUP *ecg = EC_KEY_get0_group(eckey);
1593 const EC_POINT *point = EC_KEY_get0_public_key(eckey);
1595 ctx->sz = EC_POINT_point2buf(ecg, point,
1596 POINT_CONVERSION_COMPRESSED,
1604 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE);
1608 ret = default_fixup_args(state, translation, ctx);
1613 static int get_payload_bn(enum state state,
1614 const struct translation_st *translation,
1615 struct translation_ctx_st *ctx, const BIGNUM *bn)
1619 if (ctx->params->data_type != OSSL_PARAM_UNSIGNED_INTEGER)
1621 ctx->p2 = (BIGNUM *)bn;
1623 return default_fixup_args(state, translation, ctx);
1626 static int get_dh_dsa_payload_p(enum state state,
1627 const struct translation_st *translation,
1628 struct translation_ctx_st *ctx)
1630 const BIGNUM *bn = NULL;
1631 EVP_PKEY *pkey = ctx->p2;
1633 switch (EVP_PKEY_base_id(pkey)) {
1634 #ifndef OPENSSL_NO_DH
1636 bn = DH_get0_p(EVP_PKEY_get0_DH(pkey));
1639 #ifndef OPENSSL_NO_DSA
1641 bn = DSA_get0_p(EVP_PKEY_get0_DSA(pkey));
1645 ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEY_TYPE);
1648 return get_payload_bn(state, translation, ctx, bn);
1651 static int get_dh_dsa_payload_q(enum state state,
1652 const struct translation_st *translation,
1653 struct translation_ctx_st *ctx)
1655 const BIGNUM *bn = NULL;
1657 switch (EVP_PKEY_base_id(ctx->p2)) {
1658 #ifndef OPENSSL_NO_DH
1660 bn = DH_get0_q(EVP_PKEY_get0_DH(ctx->p2));
1663 #ifndef OPENSSL_NO_DSA
1665 bn = DSA_get0_q(EVP_PKEY_get0_DSA(ctx->p2));
1670 return get_payload_bn(state, translation, ctx, bn);
1673 static int get_dh_dsa_payload_g(enum state state,
1674 const struct translation_st *translation,
1675 struct translation_ctx_st *ctx)
1677 const BIGNUM *bn = NULL;
1679 switch (EVP_PKEY_base_id(ctx->p2)) {
1680 #ifndef OPENSSL_NO_DH
1682 bn = DH_get0_g(EVP_PKEY_get0_DH(ctx->p2));
1685 #ifndef OPENSSL_NO_DSA
1687 bn = DSA_get0_g(EVP_PKEY_get0_DSA(ctx->p2));
1692 return get_payload_bn(state, translation, ctx, bn);
1695 static int get_rsa_payload_n(enum state state,
1696 const struct translation_st *translation,
1697 struct translation_ctx_st *ctx)
1699 const BIGNUM *bn = NULL;
1701 if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)
1703 bn = RSA_get0_n(EVP_PKEY_get0_RSA(ctx->p2));
1705 return get_payload_bn(state, translation, ctx, bn);
1708 static int get_rsa_payload_e(enum state state,
1709 const struct translation_st *translation,
1710 struct translation_ctx_st *ctx)
1712 const BIGNUM *bn = NULL;
1714 if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)
1716 bn = RSA_get0_e(EVP_PKEY_get0_RSA(ctx->p2));
1718 return get_payload_bn(state, translation, ctx, bn);
1721 static int get_rsa_payload_d(enum state state,
1722 const struct translation_st *translation,
1723 struct translation_ctx_st *ctx)
1725 const BIGNUM *bn = NULL;
1727 if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA)
1729 bn = RSA_get0_d(EVP_PKEY_get0_RSA(ctx->p2));
1731 return get_payload_bn(state, translation, ctx, bn);
1734 static int get_rsa_payload_factor(enum state state,
1735 const struct translation_st *translation,
1736 struct translation_ctx_st *ctx,
1739 const RSA *r = EVP_PKEY_get0_RSA(ctx->p2);
1740 const BIGNUM *bn = NULL;
1742 switch (factornum) {
1751 size_t pnum = RSA_get_multi_prime_extra_count(r);
1752 const BIGNUM *factors[10];
1754 if (factornum - 2 < pnum
1755 && RSA_get0_multi_prime_factors(r, factors))
1756 bn = factors[factornum - 2];
1761 return get_payload_bn(state, translation, ctx, bn);
1764 static int get_rsa_payload_exponent(enum state state,
1765 const struct translation_st *translation,
1766 struct translation_ctx_st *ctx,
1769 const RSA *r = EVP_PKEY_get0_RSA(ctx->p2);
1770 const BIGNUM *bn = NULL;
1772 switch (exponentnum) {
1774 bn = RSA_get0_dmp1(r);
1777 bn = RSA_get0_dmq1(r);
1781 size_t pnum = RSA_get_multi_prime_extra_count(r);
1782 const BIGNUM *exps[10], *coeffs[10];
1784 if (exponentnum - 2 < pnum
1785 && RSA_get0_multi_prime_crt_params(r, exps, coeffs))
1786 bn = exps[exponentnum - 2];
1791 return get_payload_bn(state, translation, ctx, bn);
1794 static int get_rsa_payload_coefficient(enum state state,
1795 const struct translation_st *translation,
1796 struct translation_ctx_st *ctx,
1797 size_t coefficientnum)
1799 const RSA *r = EVP_PKEY_get0_RSA(ctx->p2);
1800 const BIGNUM *bn = NULL;
1802 switch (coefficientnum) {
1804 bn = RSA_get0_iqmp(r);
1808 size_t pnum = RSA_get_multi_prime_extra_count(r);
1809 const BIGNUM *exps[10], *coeffs[10];
1811 if (coefficientnum - 1 < pnum
1812 && RSA_get0_multi_prime_crt_params(r, exps, coeffs))
1813 bn = coeffs[coefficientnum - 1];
1818 return get_payload_bn(state, translation, ctx, bn);
1821 #define IMPL_GET_RSA_PAYLOAD_FACTOR(n) \
1823 get_rsa_payload_f##n(enum state state, \
1824 const struct translation_st *translation, \
1825 struct translation_ctx_st *ctx) \
1827 if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) \
1829 return get_rsa_payload_factor(state, translation, ctx, n - 1); \
1832 #define IMPL_GET_RSA_PAYLOAD_EXPONENT(n) \
1834 get_rsa_payload_e##n(enum state state, \
1835 const struct translation_st *translation, \
1836 struct translation_ctx_st *ctx) \
1838 if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) \
1840 return get_rsa_payload_exponent(state, translation, ctx, \
1844 #define IMPL_GET_RSA_PAYLOAD_COEFFICIENT(n) \
1846 get_rsa_payload_c##n(enum state state, \
1847 const struct translation_st *translation, \
1848 struct translation_ctx_st *ctx) \
1850 if (EVP_PKEY_base_id(ctx->p2) != EVP_PKEY_RSA) \
1852 return get_rsa_payload_coefficient(state, translation, ctx, \
1856 IMPL_GET_RSA_PAYLOAD_FACTOR(1)
1857 IMPL_GET_RSA_PAYLOAD_FACTOR(2)
1858 IMPL_GET_RSA_PAYLOAD_FACTOR(3)
1859 IMPL_GET_RSA_PAYLOAD_FACTOR(4)
1860 IMPL_GET_RSA_PAYLOAD_FACTOR(5)
1861 IMPL_GET_RSA_PAYLOAD_FACTOR(6)
1862 IMPL_GET_RSA_PAYLOAD_FACTOR(7)
1863 IMPL_GET_RSA_PAYLOAD_FACTOR(8)
1864 IMPL_GET_RSA_PAYLOAD_FACTOR(9)
1865 IMPL_GET_RSA_PAYLOAD_FACTOR(10)
1866 IMPL_GET_RSA_PAYLOAD_EXPONENT(1)
1867 IMPL_GET_RSA_PAYLOAD_EXPONENT(2)
1868 IMPL_GET_RSA_PAYLOAD_EXPONENT(3)
1869 IMPL_GET_RSA_PAYLOAD_EXPONENT(4)
1870 IMPL_GET_RSA_PAYLOAD_EXPONENT(5)
1871 IMPL_GET_RSA_PAYLOAD_EXPONENT(6)
1872 IMPL_GET_RSA_PAYLOAD_EXPONENT(7)
1873 IMPL_GET_RSA_PAYLOAD_EXPONENT(8)
1874 IMPL_GET_RSA_PAYLOAD_EXPONENT(9)
1875 IMPL_GET_RSA_PAYLOAD_EXPONENT(10)
1876 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(1)
1877 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(2)
1878 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(3)
1879 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(4)
1880 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(5)
1881 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(6)
1882 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(7)
1883 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(8)
1884 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(9)
1887 * The translation table itself
1888 * ============================
1891 static const struct translation_st evp_pkey_ctx_translations[] = {
1893 * DistID: we pass it to the backend as an octet string,
1894 * but get it back as a pointer to an octet string.
1896 * Note that the EVP_PKEY_CTRL_GET1_ID_LEN is purely for legacy purposes
1897 * that has no separate counterpart in OSSL_PARAM terms, since we get
1898 * the length of the DistID automatically when getting the DistID itself.
1900 { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
1901 EVP_PKEY_CTRL_SET1_ID, "distid", "hexdistid",
1902 OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_STRING, NULL },
1904 EVP_PKEY_CTRL_GET1_ID, "distid", "hexdistid",
1905 OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, NULL },
1907 EVP_PKEY_CTRL_GET1_ID_LEN, NULL, NULL,
1908 OSSL_PKEY_PARAM_DIST_ID, OSSL_PARAM_OCTET_PTR, fix_distid_len },
1916 * EVP_PKEY_CTRL_DH_KDF_TYPE is used both for setting and getting. The
1917 * fixup function has to handle this...
1919 { NONE, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1920 EVP_PKEY_CTRL_DH_KDF_TYPE, NULL, NULL,
1921 OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING,
1923 { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1924 EVP_PKEY_CTRL_DH_KDF_MD, NULL, NULL,
1925 OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
1926 { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1927 EVP_PKEY_CTRL_GET_DH_KDF_MD, NULL, NULL,
1928 OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
1929 { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1930 EVP_PKEY_CTRL_DH_KDF_OUTLEN, NULL, NULL,
1931 OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
1932 { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1933 EVP_PKEY_CTRL_GET_DH_KDF_OUTLEN, NULL, NULL,
1934 OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
1935 { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1936 EVP_PKEY_CTRL_DH_KDF_UKM, NULL, NULL,
1937 OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL },
1938 { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1939 EVP_PKEY_CTRL_GET_DH_KDF_UKM, NULL, NULL,
1940 OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
1941 { SET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1942 EVP_PKEY_CTRL_DH_KDF_OID, NULL, NULL,
1943 OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid },
1944 { GET, EVP_PKEY_DHX, 0, EVP_PKEY_OP_DERIVE,
1945 EVP_PKEY_CTRL_GET_DH_KDF_OID, NULL, NULL,
1946 OSSL_KDF_PARAM_CEK_ALG, OSSL_PARAM_UTF8_STRING, fix_oid },
1948 { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_DERIVE,
1949 EVP_PKEY_CTRL_DH_PAD, "dh_pad", NULL,
1950 OSSL_EXCHANGE_PARAM_PAD, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
1952 { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
1953 EVP_PKEY_CTRL_DH_NID, "dh_param", NULL,
1954 OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_dh_nid },
1955 { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
1956 EVP_PKEY_CTRL_DH_PARAMGEN_PRIME_LEN, NULL, NULL,
1957 OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
1958 { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
1959 EVP_PKEY_CTRL_DH_PARAMGEN_SUBPRIME_LEN, "dh_paramgen_subprime_len", NULL,
1960 OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
1961 { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
1962 EVP_PKEY_CTRL_DH_PARAMGEN_GENERATOR, "dh_paramgen_generator", NULL,
1963 OSSL_PKEY_PARAM_DH_GENERATOR, OSSL_PARAM_INTEGER, NULL },
1964 { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
1965 EVP_PKEY_CTRL_DH_PARAMGEN_TYPE, "dh_paramgen_type", NULL,
1966 OSSL_PKEY_PARAM_FFC_TYPE, OSSL_PARAM_UTF8_STRING, fix_dh_paramgen_type },
1968 * This is know to be incorrect, will be fixed and enabled when the
1969 * underlying code is corrected.
1970 * Until then, we simply don't support it here.
1973 { SET, EVP_PKEY_DH, 0, EVP_PKEY_OP_PARAMGEN,
1974 EVP_PKEY_CTRL_DH_RFC5114, "dh_rfc5114", NULL,
1975 OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_INTEGER, NULL },
1982 { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
1983 EVP_PKEY_CTRL_DSA_PARAMGEN_BITS, "dsa_paramgen_bits", NULL,
1984 OSSL_PKEY_PARAM_FFC_PBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
1985 { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
1986 EVP_PKEY_CTRL_DSA_PARAMGEN_Q_BITS, "dsa_paramgen_q_bits", NULL,
1987 OSSL_PKEY_PARAM_FFC_QBITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
1988 { SET, EVP_PKEY_DSA, 0, EVP_PKEY_OP_PARAMGEN,
1989 EVP_PKEY_CTRL_DSA_PARAMGEN_MD, "dsa_paramgen_md", NULL,
1990 OSSL_PKEY_PARAM_FFC_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
1996 { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
1997 EVP_PKEY_CTRL_EC_PARAM_ENC, "ec_param_enc", NULL,
1998 OSSL_PKEY_PARAM_EC_ENCODING, OSSL_PARAM_UTF8_STRING, fix_ec_param_enc },
1999 { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_PARAMGEN | EVP_PKEY_OP_KEYGEN,
2000 EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID, "ec_paramgen_curve", NULL,
2001 OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
2002 fix_ec_paramgen_curve_nid },
2004 * EVP_PKEY_CTRL_EC_ECDH_COFACTOR and EVP_PKEY_CTRL_EC_KDF_TYPE are used
2005 * both for setting and getting. The fixup function has to handle this...
2007 { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2008 EVP_PKEY_CTRL_EC_ECDH_COFACTOR, "ecdh_cofactor_mode", NULL,
2009 OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE, OSSL_PARAM_INTEGER,
2010 fix_ecdh_cofactor },
2011 { NONE, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2012 EVP_PKEY_CTRL_EC_KDF_TYPE, NULL, NULL,
2013 OSSL_EXCHANGE_PARAM_KDF_TYPE, OSSL_PARAM_UTF8_STRING, fix_ec_kdf_type },
2014 { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2015 EVP_PKEY_CTRL_EC_KDF_MD, "ecdh_kdf_md", NULL,
2016 OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2017 { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2018 EVP_PKEY_CTRL_GET_EC_KDF_MD, NULL, NULL,
2019 OSSL_EXCHANGE_PARAM_KDF_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2020 { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2021 EVP_PKEY_CTRL_EC_KDF_OUTLEN, NULL, NULL,
2022 OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2023 { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2024 EVP_PKEY_CTRL_GET_EC_KDF_OUTLEN, NULL, NULL,
2025 OSSL_EXCHANGE_PARAM_KDF_OUTLEN, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2026 { SET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2027 EVP_PKEY_CTRL_EC_KDF_UKM, NULL, NULL,
2028 OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_STRING, NULL },
2029 { GET, EVP_PKEY_EC, 0, EVP_PKEY_OP_DERIVE,
2030 EVP_PKEY_CTRL_GET_EC_KDF_UKM, NULL, NULL,
2031 OSSL_EXCHANGE_PARAM_KDF_UKM, OSSL_PARAM_OCTET_PTR, NULL },
2039 * RSA padding modes are numeric with ctrls, strings with ctrl_strs,
2040 * and can be both with OSSL_PARAM. We standardise on strings here,
2041 * fix_rsa_padding_mode() does the work when the caller has a different
2044 { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
2045 EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
2046 EVP_PKEY_CTRL_RSA_PADDING, "rsa_padding_mode", NULL,
2047 OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode },
2048 { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
2049 EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
2050 EVP_PKEY_CTRL_GET_RSA_PADDING, NULL, NULL,
2051 OSSL_PKEY_PARAM_PAD_MODE, OSSL_PARAM_UTF8_STRING, fix_rsa_padding_mode },
2053 { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
2054 EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
2055 EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_mgf1_md", NULL,
2056 OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2057 { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS,
2058 EVP_PKEY_OP_TYPE_CRYPT | EVP_PKEY_OP_TYPE_SIG,
2059 EVP_PKEY_CTRL_GET_RSA_MGF1_MD, NULL, NULL,
2060 OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2063 * RSA-PSS saltlen is essentially numeric, but certain values can be
2064 * expressed as keywords (strings) with ctrl_str. The corresponding
2065 * OSSL_PARAM allows both forms.
2066 * fix_rsa_pss_saltlen() takes care of the distinction.
2068 { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG,
2069 EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_saltlen", NULL,
2070 OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING,
2071 fix_rsa_pss_saltlen },
2072 { GET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_TYPE_SIG,
2073 EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, NULL, NULL,
2074 OSSL_PKEY_PARAM_RSA_PSS_SALTLEN, OSSL_PARAM_UTF8_STRING,
2075 fix_rsa_pss_saltlen },
2077 { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
2078 EVP_PKEY_CTRL_RSA_OAEP_MD, "rsa_oaep_md", NULL,
2079 OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2080 { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
2081 EVP_PKEY_CTRL_GET_RSA_OAEP_MD, NULL, NULL,
2082 OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2084 * The "rsa_oaep_label" ctrl_str expects the value to always be hex.
2085 * This is accomodated by default_fixup_args() above, which mimics that
2086 * expectation for any translation item where |ctrl_str| is NULL and
2087 * |ctrl_hexstr| is non-NULL.
2089 { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
2090 EVP_PKEY_CTRL_RSA_OAEP_LABEL, NULL, "rsa_oaep_label",
2091 OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
2092 { GET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_TYPE_CRYPT,
2093 EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL, NULL, NULL,
2094 OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL, OSSL_PARAM_OCTET_STRING, NULL },
2096 { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
2097 EVP_PKEY_CTRL_MD, "rsa_pss_keygen_md", NULL,
2098 OSSL_ALG_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2099 { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
2100 EVP_PKEY_CTRL_RSA_MGF1_MD, "rsa_pss_keygen_mgf1_md", NULL,
2101 OSSL_PKEY_PARAM_MGF1_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2102 { SET, EVP_PKEY_RSA_PSS, 0, EVP_PKEY_OP_TYPE_GEN,
2103 EVP_PKEY_CTRL_RSA_PSS_SALTLEN, "rsa_pss_keygen_saltlen", NULL,
2104 OSSL_SIGNATURE_PARAM_PSS_SALTLEN, OSSL_PARAM_INTEGER, NULL },
2105 { SET, EVP_PKEY_RSA, EVP_PKEY_RSA_PSS, EVP_PKEY_OP_KEYGEN,
2106 EVP_PKEY_CTRL_RSA_KEYGEN_BITS, "rsa_keygen_bits", NULL,
2107 OSSL_PKEY_PARAM_RSA_BITS, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2108 { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
2109 EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, "rsa_keygen_pubexp", NULL,
2110 OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2111 { SET, EVP_PKEY_RSA, 0, EVP_PKEY_OP_KEYGEN,
2112 EVP_PKEY_CTRL_RSA_KEYGEN_PRIMES, "rsa_keygen_primes", NULL,
2113 OSSL_PKEY_PARAM_RSA_PRIMES, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2115 /* PKCS#7 and CMS hacks */
2116 { SET, -1, -1, EVP_PKEY_OP_ENCRYPT,
2117 EVP_PKEY_CTRL_PKCS7_ENCRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms },
2118 { SET, -1, -1, EVP_PKEY_OP_DECRYPT,
2119 EVP_PKEY_CTRL_PKCS7_DECRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms },
2120 { SET, -1, -1, EVP_PKEY_OP_ENCRYPT,
2121 EVP_PKEY_CTRL_CMS_ENCRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms },
2122 { SET, -1, -1, EVP_PKEY_OP_DECRYPT,
2123 EVP_PKEY_CTRL_CMS_DECRYPT, NULL, NULL, NULL, 0, hack_pkcs7_cms },
2129 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2130 EVP_PKEY_CTRL_TLS_MD, "md", NULL,
2131 OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2132 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2133 EVP_PKEY_CTRL_TLS_SECRET, "secret", "hexsecret",
2134 OSSL_KDF_PARAM_SECRET, OSSL_PARAM_OCTET_STRING, NULL },
2135 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2136 EVP_PKEY_CTRL_TLS_SEED, "seed", "hexseed",
2137 OSSL_KDF_PARAM_SEED, OSSL_PARAM_OCTET_STRING, NULL },
2143 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2144 EVP_PKEY_CTRL_HKDF_MD, "md", NULL,
2145 OSSL_KDF_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2146 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2147 EVP_PKEY_CTRL_HKDF_SALT, "salt", "hexsalt",
2148 OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL },
2149 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2150 EVP_PKEY_CTRL_HKDF_KEY, "key", "hexkey",
2151 OSSL_KDF_PARAM_KEY, OSSL_PARAM_OCTET_STRING, NULL },
2152 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2153 EVP_PKEY_CTRL_HKDF_INFO, "info", "hexinfo",
2154 OSSL_KDF_PARAM_INFO, OSSL_PARAM_OCTET_STRING, NULL },
2155 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2156 EVP_PKEY_CTRL_HKDF_MODE, "mode", NULL,
2157 OSSL_KDF_PARAM_MODE, OSSL_PARAM_INTEGER, fix_hkdf_mode },
2163 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2164 EVP_PKEY_CTRL_PASS, "pass", "hexpass",
2165 OSSL_KDF_PARAM_PASSWORD, OSSL_PARAM_OCTET_STRING, NULL },
2166 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2167 EVP_PKEY_CTRL_SCRYPT_SALT, "salt", "hexsalt",
2168 OSSL_KDF_PARAM_SALT, OSSL_PARAM_OCTET_STRING, NULL },
2169 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2170 EVP_PKEY_CTRL_SCRYPT_N, "N", NULL,
2171 OSSL_KDF_PARAM_SCRYPT_N, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2172 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2173 EVP_PKEY_CTRL_SCRYPT_R, "r", NULL,
2174 OSSL_KDF_PARAM_SCRYPT_R, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2175 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2176 EVP_PKEY_CTRL_SCRYPT_P, "p", NULL,
2177 OSSL_KDF_PARAM_SCRYPT_P, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2178 { SET, -1, -1, EVP_PKEY_OP_DERIVE,
2179 EVP_PKEY_CTRL_SCRYPT_MAXMEM_BYTES, "maxmem_bytes", NULL,
2180 OSSL_KDF_PARAM_SCRYPT_MAXMEM, OSSL_PARAM_UNSIGNED_INTEGER, NULL },
2182 { SET, -1, -1, EVP_PKEY_OP_KEYGEN,
2183 EVP_PKEY_CTRL_CIPHER, NULL, NULL,
2184 OSSL_PKEY_PARAM_CIPHER, OSSL_PARAM_UTF8_STRING, fix_cipher },
2185 { SET, -1, -1, EVP_PKEY_OP_KEYGEN,
2186 EVP_PKEY_CTRL_SET_MAC_KEY, NULL, NULL,
2187 OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_OCTET_STRING, NULL },
2189 { SET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
2190 EVP_PKEY_CTRL_MD, NULL, NULL,
2191 OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2192 { GET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
2193 EVP_PKEY_CTRL_GET_MD, NULL, NULL,
2194 OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
2197 static const struct translation_st evp_pkey_translations[] = {
2199 * The following contain no ctrls, they are exclusively here to extract
2200 * key payloads from legacy keys, using OSSL_PARAMs, and rely entirely
2201 * on |fixup_args| to pass the actual data. The |fixup_args| should
2202 * expect to get the EVP_PKEY pointer through |ctx->p2|.
2206 { GET, -1, -1, -1, 0, NULL, NULL,
2207 OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING,
2208 get_payload_group_name },
2209 { GET, -1, -1, -1, 0, NULL, NULL,
2210 OSSL_PKEY_PARAM_PRIV_KEY, OSSL_PARAM_UNSIGNED_INTEGER,
2211 get_payload_private_key },
2212 { GET, -1, -1, -1, 0, NULL, NULL,
2213 OSSL_PKEY_PARAM_PUB_KEY,
2214 0 /* no data type, let get_payload_pub_key() handle that */,
2215 get_payload_public_key },
2218 { GET, -1, -1, -1, 0, NULL, NULL,
2219 OSSL_PKEY_PARAM_FFC_P, OSSL_PARAM_UNSIGNED_INTEGER,
2220 get_dh_dsa_payload_p },
2221 { GET, -1, -1, -1, 0, NULL, NULL,
2222 OSSL_PKEY_PARAM_FFC_G, OSSL_PARAM_UNSIGNED_INTEGER,
2223 get_dh_dsa_payload_g },
2224 { GET, -1, -1, -1, 0, NULL, NULL,
2225 OSSL_PKEY_PARAM_FFC_Q, OSSL_PARAM_UNSIGNED_INTEGER,
2226 get_dh_dsa_payload_q },
2229 { GET, -1, -1, -1, 0, NULL, NULL,
2230 OSSL_PKEY_PARAM_RSA_N, OSSL_PARAM_UNSIGNED_INTEGER,
2231 get_rsa_payload_n },
2232 { GET, -1, -1, -1, 0, NULL, NULL,
2233 OSSL_PKEY_PARAM_RSA_E, OSSL_PARAM_UNSIGNED_INTEGER,
2234 get_rsa_payload_e },
2235 { GET, -1, -1, -1, 0, NULL, NULL,
2236 OSSL_PKEY_PARAM_RSA_D, OSSL_PARAM_UNSIGNED_INTEGER,
2237 get_rsa_payload_d },
2238 { GET, -1, -1, -1, 0, NULL, NULL,
2239 OSSL_PKEY_PARAM_RSA_FACTOR1, OSSL_PARAM_UNSIGNED_INTEGER,
2240 get_rsa_payload_f1 },
2241 { GET, -1, -1, -1, 0, NULL, NULL,
2242 OSSL_PKEY_PARAM_RSA_FACTOR2, OSSL_PARAM_UNSIGNED_INTEGER,
2243 get_rsa_payload_f2 },
2244 { GET, -1, -1, -1, 0, NULL, NULL,
2245 OSSL_PKEY_PARAM_RSA_FACTOR3, OSSL_PARAM_UNSIGNED_INTEGER,
2246 get_rsa_payload_f3 },
2247 { GET, -1, -1, -1, 0, NULL, NULL,
2248 OSSL_PKEY_PARAM_RSA_FACTOR4, OSSL_PARAM_UNSIGNED_INTEGER,
2249 get_rsa_payload_f4 },
2250 { GET, -1, -1, -1, 0, NULL, NULL,
2251 OSSL_PKEY_PARAM_RSA_FACTOR5, OSSL_PARAM_UNSIGNED_INTEGER,
2252 get_rsa_payload_f5 },
2253 { GET, -1, -1, -1, 0, NULL, NULL,
2254 OSSL_PKEY_PARAM_RSA_FACTOR6, OSSL_PARAM_UNSIGNED_INTEGER,
2255 get_rsa_payload_f6 },
2256 { GET, -1, -1, -1, 0, NULL, NULL,
2257 OSSL_PKEY_PARAM_RSA_FACTOR7, OSSL_PARAM_UNSIGNED_INTEGER,
2258 get_rsa_payload_f7 },
2259 { GET, -1, -1, -1, 0, NULL, NULL,
2260 OSSL_PKEY_PARAM_RSA_FACTOR8, OSSL_PARAM_UNSIGNED_INTEGER,
2261 get_rsa_payload_f8 },
2262 { GET, -1, -1, -1, 0, NULL, NULL,
2263 OSSL_PKEY_PARAM_RSA_FACTOR9, OSSL_PARAM_UNSIGNED_INTEGER,
2264 get_rsa_payload_f9 },
2265 { GET, -1, -1, -1, 0, NULL, NULL,
2266 OSSL_PKEY_PARAM_RSA_FACTOR10, OSSL_PARAM_UNSIGNED_INTEGER,
2267 get_rsa_payload_f10 },
2268 { GET, -1, -1, -1, 0, NULL, NULL,
2269 OSSL_PKEY_PARAM_RSA_EXPONENT1, OSSL_PARAM_UNSIGNED_INTEGER,
2270 get_rsa_payload_e1 },
2271 { GET, -1, -1, -1, 0, NULL, NULL,
2272 OSSL_PKEY_PARAM_RSA_EXPONENT2, OSSL_PARAM_UNSIGNED_INTEGER,
2273 get_rsa_payload_e2 },
2274 { GET, -1, -1, -1, 0, NULL, NULL,
2275 OSSL_PKEY_PARAM_RSA_EXPONENT3, OSSL_PARAM_UNSIGNED_INTEGER,
2276 get_rsa_payload_e3 },
2277 { GET, -1, -1, -1, 0, NULL, NULL,
2278 OSSL_PKEY_PARAM_RSA_EXPONENT4, OSSL_PARAM_UNSIGNED_INTEGER,
2279 get_rsa_payload_e4 },
2280 { GET, -1, -1, -1, 0, NULL, NULL,
2281 OSSL_PKEY_PARAM_RSA_EXPONENT5, OSSL_PARAM_UNSIGNED_INTEGER,
2282 get_rsa_payload_e5 },
2283 { GET, -1, -1, -1, 0, NULL, NULL,
2284 OSSL_PKEY_PARAM_RSA_EXPONENT6, OSSL_PARAM_UNSIGNED_INTEGER,
2285 get_rsa_payload_e6 },
2286 { GET, -1, -1, -1, 0, NULL, NULL,
2287 OSSL_PKEY_PARAM_RSA_EXPONENT7, OSSL_PARAM_UNSIGNED_INTEGER,
2288 get_rsa_payload_e7 },
2289 { GET, -1, -1, -1, 0, NULL, NULL,
2290 OSSL_PKEY_PARAM_RSA_EXPONENT8, OSSL_PARAM_UNSIGNED_INTEGER,
2291 get_rsa_payload_e8 },
2292 { GET, -1, -1, -1, 0, NULL, NULL,
2293 OSSL_PKEY_PARAM_RSA_EXPONENT9, OSSL_PARAM_UNSIGNED_INTEGER,
2294 get_rsa_payload_e9 },
2295 { GET, -1, -1, -1, 0, NULL, NULL,
2296 OSSL_PKEY_PARAM_RSA_EXPONENT10, OSSL_PARAM_UNSIGNED_INTEGER,
2297 get_rsa_payload_e10 },
2298 { GET, -1, -1, -1, 0, NULL, NULL,
2299 OSSL_PKEY_PARAM_RSA_COEFFICIENT1, OSSL_PARAM_UNSIGNED_INTEGER,
2300 get_rsa_payload_c1 },
2301 { GET, -1, -1, -1, 0, NULL, NULL,
2302 OSSL_PKEY_PARAM_RSA_COEFFICIENT2, OSSL_PARAM_UNSIGNED_INTEGER,
2303 get_rsa_payload_c2 },
2304 { GET, -1, -1, -1, 0, NULL, NULL,
2305 OSSL_PKEY_PARAM_RSA_COEFFICIENT3, OSSL_PARAM_UNSIGNED_INTEGER,
2306 get_rsa_payload_c3 },
2307 { GET, -1, -1, -1, 0, NULL, NULL,
2308 OSSL_PKEY_PARAM_RSA_COEFFICIENT4, OSSL_PARAM_UNSIGNED_INTEGER,
2309 get_rsa_payload_c4 },
2310 { GET, -1, -1, -1, 0, NULL, NULL,
2311 OSSL_PKEY_PARAM_RSA_COEFFICIENT5, OSSL_PARAM_UNSIGNED_INTEGER,
2312 get_rsa_payload_c5 },
2313 { GET, -1, -1, -1, 0, NULL, NULL,
2314 OSSL_PKEY_PARAM_RSA_COEFFICIENT6, OSSL_PARAM_UNSIGNED_INTEGER,
2315 get_rsa_payload_c6 },
2316 { GET, -1, -1, -1, 0, NULL, NULL,
2317 OSSL_PKEY_PARAM_RSA_COEFFICIENT7, OSSL_PARAM_UNSIGNED_INTEGER,
2318 get_rsa_payload_c7 },
2319 { GET, -1, -1, -1, 0, NULL, NULL,
2320 OSSL_PKEY_PARAM_RSA_COEFFICIENT8, OSSL_PARAM_UNSIGNED_INTEGER,
2321 get_rsa_payload_c8 },
2322 { GET, -1, -1, -1, 0, NULL, NULL,
2323 OSSL_PKEY_PARAM_RSA_COEFFICIENT9, OSSL_PARAM_UNSIGNED_INTEGER,
2324 get_rsa_payload_c9 },
2327 static const struct translation_st *
2328 lookup_translation(struct translation_st *tmpl,
2329 const struct translation_st *translations,
2330 size_t translations_num)
2334 for (i = 0; i < translations_num; i++) {
2335 const struct translation_st *item = &translations[i];
2338 * Sanity check the translation table item.
2340 * 1. Either both keytypes are -1, or neither of them are.
2343 if (!ossl_assert((item->keytype1 == -1) == (item->keytype2 == -1)))
2348 * Base search criteria: check that the optype and keytypes match,
2349 * if relevant. All callers must synthesise these bits somehow.
2351 if (item->optype != -1 && (tmpl->optype & item->optype) == 0)
2354 * This expression is stunningly simple thanks to the sanity check
2357 if (item->keytype1 != -1
2358 && tmpl->keytype1 != item->keytype1
2359 && tmpl->keytype2 != item->keytype2)
2363 * Done with the base search criteria, now we check the criteria for
2364 * the individual types of translations:
2365 * ctrl->params, ctrl_str->params, and params->ctrl
2367 if (tmpl->ctrl_num != 0) {
2368 if (tmpl->ctrl_num != item->ctrl_num)
2370 } else if (tmpl->ctrl_str != NULL) {
2371 const char *ctrl_str = NULL;
2372 const char *ctrl_hexstr = NULL;
2375 * Search criteria that originates from a ctrl_str is only used
2376 * for setting, never for getting. Therefore, we only look at
2379 if (item->action_type != NONE
2380 && item->action_type != SET)
2383 * At least one of the ctrl cmd names must be match the ctrl
2384 * cmd name in the template.
2386 if (item->ctrl_str != NULL
2387 && strcasecmp(tmpl->ctrl_str, item->ctrl_str) == 0)
2388 ctrl_str = tmpl->ctrl_str;
2389 else if (item->ctrl_hexstr != NULL
2390 && strcasecmp(tmpl->ctrl_hexstr, item->ctrl_hexstr) == 0)
2391 ctrl_hexstr = tmpl->ctrl_hexstr;
2395 /* Modify the template to signal which string matched */
2396 tmpl->ctrl_str = ctrl_str;
2397 tmpl->ctrl_hexstr = ctrl_hexstr;
2398 } else if (tmpl->param_key != NULL) {
2400 * Search criteria that originates from a OSSL_PARAM setter or
2403 * Ctrls were fundamentally bidirectional, with only the ctrl
2404 * command macro name implying direction (if you're lucky).
2405 * A few ctrl commands were even taking advantage of the
2406 * bidirectional nature, making the direction depend in the
2407 * value of the numeric argument.
2409 * OSSL_PARAM functions are fundamentally different, in that
2410 * setters and getters are separated, so the data direction is
2411 * implied by the function that's used. The same OSSL_PARAM
2412 * key name can therefore be used in both directions. We must
2413 * therefore take the action type into account in this case.
2415 if ((item->action_type != NONE
2416 && tmpl->action_type != item->action_type)
2417 || (item->param_key != NULL
2418 && strcasecmp(tmpl->param_key, item->param_key) != 0))
2430 static const struct translation_st *
2431 lookup_evp_pkey_ctx_translation(struct translation_st *tmpl)
2433 return lookup_translation(tmpl, evp_pkey_ctx_translations,
2434 OSSL_NELEM(evp_pkey_ctx_translations));
2437 static const struct translation_st *
2438 lookup_evp_pkey_translation(struct translation_st *tmpl)
2440 return lookup_translation(tmpl, evp_pkey_translations,
2441 OSSL_NELEM(evp_pkey_translations));
2444 /* This must ONLY be called for provider side operations */
2445 int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *pctx,
2446 int keytype, int optype,
2447 int cmd, int p1, void *p2)
2449 struct translation_ctx_st ctx = { 0, };
2450 struct translation_st tmpl = { 0, };
2451 const struct translation_st *translation = NULL;
2452 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2454 fixup_args_fn *fixup = default_fixup_args;
2457 keytype = pctx->legacy_keytype;
2458 tmpl.ctrl_num = cmd;
2459 tmpl.keytype1 = tmpl.keytype2 = keytype;
2460 tmpl.optype = optype;
2461 translation = lookup_evp_pkey_ctx_translation(&tmpl);
2463 if (translation == NULL) {
2464 ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
2468 if (pctx->pmeth != NULL
2469 && pctx->pmeth->pkey_id != translation->keytype1
2470 && pctx->pmeth->pkey_id != translation->keytype2)
2473 if (translation->fixup_args != NULL)
2474 fixup = translation->fixup_args;
2475 ctx.action_type = translation->action_type;
2480 ctx.params = params;
2482 ret = fixup(PRE_CTRL_TO_PARAMS, translation, &ctx);
2485 switch (ctx.action_type) {
2487 /* fixup_args is expected to make sure this is dead code */
2490 ret = evp_pkey_ctx_get_params_strict(pctx, ctx.params);
2493 ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params);
2499 * In POST, we pass the return value as p1, allowing the fixup_args
2500 * function to affect it by changing its value.
2504 fixup(POST_CTRL_TO_PARAMS, translation, &ctx);
2508 cleanup_translation_ctx(POST_CTRL_TO_PARAMS, translation, &ctx);
2513 /* This must ONLY be called for provider side operations */
2514 int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *pctx,
2515 const char *name, const char *value)
2517 struct translation_ctx_st ctx = { 0, };
2518 struct translation_st tmpl = { 0, };
2519 const struct translation_st *translation = NULL;
2520 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
2521 int keytype = pctx->legacy_keytype;
2522 int optype = pctx->operation == 0 ? -1 : pctx->operation;
2524 fixup_args_fn *fixup = default_fixup_args;
2526 tmpl.action_type = SET;
2527 tmpl.keytype1 = tmpl.keytype2 = keytype;
2528 tmpl.optype = optype;
2529 tmpl.ctrl_str = name;
2530 tmpl.ctrl_hexstr = name;
2531 translation = lookup_evp_pkey_ctx_translation(&tmpl);
2533 if (translation != NULL) {
2534 if (translation->fixup_args != NULL)
2535 fixup = translation->fixup_args;
2536 ctx.action_type = translation->action_type;
2537 ctx.ishex = (tmpl.ctrl_hexstr != NULL);
2539 /* String controls really only support setting */
2540 ctx.action_type = SET;
2542 ctx.ctrl_str = name;
2543 ctx.p1 = (int)strlen(value);
2544 ctx.p2 = (char *)value;
2546 ctx.params = params;
2548 ret = fixup(PRE_CTRL_STR_TO_PARAMS, translation, &ctx);
2551 switch (ctx.action_type) {
2553 /* fixup_args is expected to make sure this is dead code */
2557 * this is dead code, but must be present, or some compilers
2562 ret = evp_pkey_ctx_set_params_strict(pctx, ctx.params);
2568 ret = fixup(POST_CTRL_STR_TO_PARAMS, translation, &ctx);
2570 cleanup_translation_ctx(CLEANUP_CTRL_STR_TO_PARAMS, translation, &ctx);
2575 /* This must ONLY be called for legacy operations */
2576 static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
2577 enum action action_type,
2580 int keytype = pctx->legacy_keytype;
2581 int optype = pctx->operation == 0 ? -1 : pctx->operation;
2583 for (; params != NULL && params->key != NULL; params++) {
2584 struct translation_ctx_st ctx = { 0, };
2585 struct translation_st tmpl = { 0, };
2586 const struct translation_st *translation = NULL;
2587 fixup_args_fn *fixup = default_fixup_args;
2590 tmpl.action_type = action_type;
2591 tmpl.keytype1 = tmpl.keytype2 = keytype;
2592 tmpl.optype = optype;
2593 tmpl.param_key = params->key;
2594 translation = lookup_evp_pkey_ctx_translation(&tmpl);
2596 if (translation != NULL) {
2597 if (translation->fixup_args != NULL)
2598 fixup = translation->fixup_args;
2599 ctx.action_type = translation->action_type;
2602 ctx.params = params;
2604 ret = fixup(PRE_PARAMS_TO_CTRL, translation, &ctx);
2606 if (ret > 0 && action_type != NONE)
2607 ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype,
2608 ctx.ctrl_cmd, ctx.p1, ctx.p2);
2611 * In POST, we pass the return value as p1, allowing the fixup_args
2612 * function to put it to good use, or maybe affect it.
2616 fixup(POST_PARAMS_TO_CTRL, translation, &ctx);
2620 cleanup_translation_ctx(CLEANUP_PARAMS_TO_CTRL, translation, &ctx);
2628 int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
2630 return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, params);
2633 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
2635 return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params);
2638 /* This must ONLY be called for legacy EVP_PKEYs */
2639 static int evp_pkey_setget_params_to_ctrl(const EVP_PKEY *pkey,
2640 enum action action_type,
2645 for (; params != NULL && params->key != NULL; params++) {
2646 struct translation_ctx_st ctx = { 0, };
2647 struct translation_st tmpl = { 0, };
2648 const struct translation_st *translation = NULL;
2649 fixup_args_fn *fixup = default_fixup_args;
2651 tmpl.action_type = action_type;
2652 tmpl.param_key = params->key;
2653 translation = lookup_evp_pkey_translation(&tmpl);
2655 if (translation != NULL) {
2656 if (translation->fixup_args != NULL)
2657 fixup = translation->fixup_args;
2658 ctx.action_type = translation->action_type;
2660 ctx.p2 = (void *)pkey;
2661 ctx.params = params;
2664 * EVP_PKEY doesn't have any ctrl function, so we rely completely
2665 * on fixup_args to do the whole work. Also, we currently only
2668 if (!ossl_assert(translation != NULL)
2669 || !ossl_assert(translation->action_type == GET)
2670 || !ossl_assert(translation->fixup_args != NULL)) {
2674 ret = fixup(PKEY, translation, &ctx);
2676 cleanup_translation_ctx(PKEY, translation, &ctx);
2681 int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params)
2683 return evp_pkey_setget_params_to_ctrl(pkey, GET, params);