}
#endif /* FIPS_MODULE */
+static int is_legacy_alg(int id, const char *keytype)
+{
+#ifndef FIPS_MODULE
+ /* Certain EVP_PKEY keytypes are only available in legacy form */
+ if (id == -1) {
+ id = OBJ_sn2nid(keytype);
+ if (id == NID_undef)
+ id = OBJ_ln2nid(keytype);
+ if (id == NID_undef)
+ return 0;
+ }
+ switch (id) {
+ /*
+ * TODO(3.0): Remove SM2 and DHX when they are converted to have provider
+ * support
+ */
+ case EVP_PKEY_SM2:
+ case EVP_PKEY_DHX:
+ case EVP_PKEY_SCRYPT:
+ case EVP_PKEY_TLS1_PRF:
+ case EVP_PKEY_HKDF:
+ case EVP_PKEY_CMAC:
+ case EVP_PKEY_HMAC:
+ case EVP_PKEY_SIPHASH:
+ case EVP_PKEY_POLY1305:
+ return 1;
+ default:
+ return 0;
+ }
+#else
+ return 0;
+#endif
+}
+
static EVP_PKEY_CTX *int_ctx_new(OPENSSL_CTX *libctx,
EVP_PKEY *pkey, ENGINE *e,
const char *keytype, const char *propquery,
goto common;
/*
- * If the key doesn't contain anything legacy, then it must be provided,
- * so we extract the necessary information and use that.
+ * If the internal key is provided, we extract the keytype from its
+ * keymgmt and skip over the legacy code.
*/
- if (pkey != NULL && pkey->type == EVP_PKEY_NONE) {
+ if (pkey != NULL && evp_pkey_is_provided(pkey)) {
/* If we have an engine, something went wrong somewhere... */
if (!ossl_assert(e == NULL))
return NULL;
* implementation.
*/
if (e == NULL && keytype != NULL) {
- /* This could fail so ignore errors */
- ERR_set_mark();
+ int legacy = is_legacy_alg(id, keytype);
+
+ if (legacy) {
+ /* This could fail so ignore errors */
+ ERR_set_mark();
+ }
+
keymgmt = EVP_KEYMGMT_fetch(libctx, keytype, propquery);
- ERR_pop_to_mark();
+ if (legacy) {
+ ERR_pop_to_mark();
+ } else if (keymgmt == NULL) {
+ EVPerr(EVP_F_INT_CTX_NEW, EVP_R_FETCH_FAILED);
+ return NULL;
+ }
}
ret = OPENSSL_zalloc(sizeof(*ret));
void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src)
{
+ int pkey_id = dst->pkey_id;
+ int flags = dst->flags;
- dst->init = src->init;
- dst->copy = src->copy;
- dst->cleanup = src->cleanup;
-
- dst->paramgen_init = src->paramgen_init;
- dst->paramgen = src->paramgen;
-
- dst->keygen_init = src->keygen_init;
- dst->keygen = src->keygen;
-
- dst->sign_init = src->sign_init;
- dst->sign = src->sign;
-
- dst->verify_init = src->verify_init;
- dst->verify = src->verify;
-
- dst->verify_recover_init = src->verify_recover_init;
- dst->verify_recover = src->verify_recover;
-
- dst->signctx_init = src->signctx_init;
- dst->signctx = src->signctx;
+ *dst = *src;
- dst->verifyctx_init = src->verifyctx_init;
- dst->verifyctx = src->verifyctx;
-
- dst->encrypt_init = src->encrypt_init;
- dst->encrypt = src->encrypt;
-
- dst->decrypt_init = src->decrypt_init;
- dst->decrypt = src->decrypt;
-
- dst->derive_init = src->derive_init;
- dst->derive = src->derive;
-
- dst->ctrl = src->ctrl;
- dst->ctrl_str = src->ctrl_str;
-
- dst->check = src->check;
+ /* We only copy the function pointers so restore the other values */
+ dst->pkey_id = pkey_id;
+ dst->flags = flags;
}
void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
return 0;
}
-#ifndef FIPS_MODULE
int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
return 0;
}
+#ifndef FIPS_MODULE
const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
{
if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
name = OSSL_PKEY_PARAM_RSA_E;
else if (strcmp(name, "rsa_keygen_primes") == 0)
name = OSSL_PKEY_PARAM_RSA_PRIMES;
+ else if (strcmp(name, "rsa_pss_keygen_md") == 0)
+ name = OSSL_PKEY_PARAM_RSA_DIGEST;
+ else if (strcmp(name, "rsa_pss_keygen_mgf1_md") == 0)
+ name = OSSL_PKEY_PARAM_RSA_MGF1_DIGEST;
+ else if (strcmp(name, "rsa_pss_keygen_saltlen") == 0)
+ name = OSSL_PKEY_PARAM_RSA_PSS_SALTLEN;
# ifndef OPENSSL_NO_DSA
else if (strcmp(name, "dsa_paramgen_bits") == 0)
name = OSSL_PKEY_PARAM_FFC_PBITS;
# endif
# ifndef OPENSSL_NO_DH
else if (strcmp(name, "dh_paramgen_generator") == 0)
- name = OSSL_PKEY_PARAM_FFC_GENERATOR;
+ name = OSSL_PKEY_PARAM_DH_GENERATOR;
else if (strcmp(name, "dh_paramgen_prime_len") == 0)
name = OSSL_PKEY_PARAM_FFC_PBITS;
else if (strcmp(name, "dh_paramgen_subprime_len") == 0)
name = OSSL_PKEY_PARAM_FFC_TYPE;
value = dh_gen_type_id2name(atoi(value));
} else if (strcmp(name, "dh_param") == 0)
- name = OSSL_PKEY_PARAM_FFC_GROUP;
+ name = OSSL_PKEY_PARAM_GROUP_NAME;
else if (strcmp(name, "dh_rfc5114") == 0) {
- name = OSSL_PKEY_PARAM_FFC_GROUP;
+ name = OSSL_PKEY_PARAM_GROUP_NAME;
value = ffc_named_group_from_uid(atoi(value));
} else if (strcmp(name, "dh_pad") == 0)
name = OSSL_EXCHANGE_PARAM_PAD;
# endif
# ifndef OPENSSL_NO_EC
else if (strcmp(name, "ec_paramgen_curve") == 0)
- name = OSSL_PKEY_PARAM_EC_NAME;
+ name = OSSL_PKEY_PARAM_GROUP_NAME;
else if (strcmp(name, "ecdh_cofactor_mode") == 0)
name = OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE;
else if (strcmp(name, "ecdh_kdf_md") == 0)
if (!OSSL_PARAM_allocate_from_text(¶ms[0], settable, name, value,
strlen(value), &exists)) {
if (!exists) {
- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ ERR_raise_data(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED,
+ "name=%s,value=%s", name, value);
return -2;
}
return 0;