From: Shane Lontis Date: Wed, 31 Jul 2019 10:34:26 +0000 (+1000) Subject: Add evp_util macros X-Git-Tag: openssl-3.0.0-alpha1~1695 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=e870791a4d6aea3a0275396bd01da629cb6f4ac8 Add evp_util macros Also added EVP_CTRL_RET_UNSUPPORTED define (so magic numbers can be removed) Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9464) --- diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d172f4c288..6b52193895 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -2421,6 +2421,8 @@ EVP_R_BAD_DECRYPT:100:bad decrypt EVP_R_BAD_KEY_LENGTH:195:bad key length EVP_R_BUFFER_TOO_SMALL:155:buffer too small EVP_R_CAMELLIA_KEY_SETUP_FAILED:157:camellia key setup failed +EVP_R_CANNOT_GET_PARAMETERS:197:cannot get parameters +EVP_R_CANNOT_SET_PARAMETERS:198:cannot set parameters EVP_R_CIPHER_NOT_GCM_MODE:184:cipher not gcm mode EVP_R_CIPHER_PARAMETER_ERROR:122:cipher parameter error EVP_R_COMMAND_NOT_SUPPORTED:147:command not supported diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index b2c0a260e6..8f5175b525 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -926,7 +926,7 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &keylen); ok = evp_do_ciph_ctx_setparams(c->cipher, c->provctx, params); - if (ok != -2) + if (ok != EVP_CTRL_RET_UNSUPPORTED) return ok; /* TODO(3.0) legacy code follows */ @@ -960,7 +960,7 @@ int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) { - int ret = -2; /* Unsupported */ + int ret = EVP_CTRL_RET_UNSUPPORTED; int set_params = 1; size_t sz; OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; @@ -981,7 +981,7 @@ int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) case EVP_CTRL_SET_PIPELINE_OUTPUT_BUFS: /* Used by DASYNC */ case EVP_CTRL_INIT: /* TODO(3.0) Purely legacy, no provider counterpart */ default: - return -2; /* Unsupported */ + return EVP_CTRL_RET_UNSUPPORTED; case EVP_CTRL_GET_IV: set_params = 0; params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_IV, @@ -1039,7 +1039,7 @@ legacy: } ret = ctx->cipher->ctrl(ctx, type, arg, ptr); - if (ret == -1) { + if (ret == EVP_CTRL_RET_UNSUPPORTED) { EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); return 0; diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 92df593821..749f189be3 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -23,6 +23,10 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BUFFER_TOO_SMALL), "buffer too small"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CAMELLIA_KEY_SETUP_FAILED), "camellia key setup failed"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_GET_PARAMETERS), + "cannot get parameters"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CANNOT_SET_PARAMETERS), + "cannot set parameters"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_NOT_GCM_MODE), "cipher not gcm mode"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CIPHER_PARAMETER_ERROR), diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index 9091f8b475..e6daf684be 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -224,7 +224,7 @@ int EVP_CIPHER_block_size(const EVP_CIPHER *cipher) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_BLOCK_SIZE, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) @@ -310,7 +310,7 @@ int EVP_CIPHER_iv_length(const EVP_CIPHER *cipher) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_IVLEN, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) @@ -367,7 +367,7 @@ int EVP_CIPHER_CTX_num(const EVP_CIPHER_CTX *ctx) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_NUM, &v); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_set_num(EVP_CIPHER_CTX *ctx, int num) @@ -391,7 +391,7 @@ int EVP_CIPHER_key_length(const EVP_CIPHER *cipher) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); ok = evp_do_ciph_getparams(cipher, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) @@ -402,7 +402,7 @@ int EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) params[0] = OSSL_PARAM_construct_int(OSSL_CIPHER_PARAM_KEYLEN, &v); ok = evp_do_ciph_ctx_getparams(ctx->cipher, ctx->provctx, params); - return ok != 0 ? v : -1; + return ok != 0 ? v : EVP_CTRL_RET_UNSUPPORTED; } int EVP_CIPHER_nid(const EVP_CIPHER *cipher) diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 848ef299ca..17ab24c07a 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -11,6 +11,9 @@ #include +#define EVP_CTRL_RET_UNSUPPORTED -1 + + struct evp_md_ctx_st { const EVP_MD *reqdigest; /* The original requested digest */ const EVP_MD *digest; diff --git a/crypto/evp/evp_utils.c b/crypto/evp/evp_utils.c index c3b5520593..e24bee1c0c 100644 --- a/crypto/evp/evp_utils.c +++ b/crypto/evp/evp_utils.c @@ -17,31 +17,65 @@ #include "internal/evp_int.h" /* evp_locl.h needs it */ #include "evp_locl.h" -int evp_do_ciph_getparams(const EVP_CIPHER *ciph, OSSL_PARAM params[]) -{ - if (ciph->prov == NULL) - return -2; - if (ciph->get_params == NULL) - return -1; - return ciph->get_params(params); +/* + * EVP_CTRL_RET_UNSUPPORTED = -1 is the returned value from any ctrl function + * where the control command isn't supported, and an alternative code path + * may be chosen. + * Since these functions are used to implement ctrl functionality, we + * use the same value, and other callers will have to compensate. + */ +#define PARAM_CHECK(obj, func, errfunc) \ + if (obj->prov == NULL) \ + return EVP_CTRL_RET_UNSUPPORTED; \ + if (obj->func == NULL) { \ + errfunc(); \ + return 0; \ + } + +#define PARAM_FUNC(name, func, type, err) \ +int name (const type *obj, OSSL_PARAM params[]) \ +{ \ + PARAM_CHECK(obj, func, err) \ + return obj->func(params); \ +} + +#define PARAM_CTX_FUNC(name, func, type, err) \ +int name (const type *obj, void *provctx, OSSL_PARAM params[]) \ +{ \ + PARAM_CHECK(obj, func, err) \ + return obj->func(provctx, params); \ } -int evp_do_ciph_ctx_getparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]) +#define PARAM_FUNCTIONS(type, \ + getname, getfunc, \ + getctxname, getctxfunc, \ + setctxname, setctxfunc) \ + PARAM_FUNC(getname, getfunc, type, geterr) \ + PARAM_CTX_FUNC(getctxname, getctxfunc, type, geterr) \ + PARAM_CTX_FUNC(setctxname, setctxfunc, type, seterr) + +/* + * These error functions are a workaround for the error scripts, which + * currently require that XXXerr method appears inside a function (not a macro). + */ +static void geterr(void) { - if (ciph->prov == NULL) - return -2; - if (ciph->ctx_get_params == NULL) - return -1; - return ciph->ctx_get_params(provctx, params); + EVPerr(0, EVP_R_CANNOT_GET_PARAMETERS); } -int evp_do_ciph_ctx_setparams(const EVP_CIPHER *ciph, void *provctx, - OSSL_PARAM params[]) +static void seterr(void) { - if (ciph->prov == NULL) - return -2; - if (ciph->ctx_set_params == NULL) - return -1; - return ciph->ctx_set_params(provctx, params); + EVPerr(0, EVP_R_CANNOT_SET_PARAMETERS); } + +PARAM_FUNCTIONS(EVP_CIPHER, + evp_do_ciph_getparams, get_params, + evp_do_ciph_ctx_getparams, ctx_get_params, + evp_do_ciph_ctx_setparams, ctx_set_params) + +#if 0 +PARAM_FUNCTIONS(EVP_MD, + evp_do_md_getparams, get_params, + evp_do_md_ctx_getparams, ctx_get_params, + evp_do_md_ctx_setparams, ctx_set_params) +#endif diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index 8b46d76ec1..34966f84cd 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -73,6 +73,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_KDF_CTRL_STR 0 # define EVP_F_EVP_KDF_CTX_NEW 0 # define EVP_F_EVP_KDF_CTX_NEW_ID 0 +# define EVP_F_EVP_KEYEXCH_FETCH 0 +# define EVP_F_EVP_KEYEXCH_FROM_DISPATCH 0 # define EVP_F_EVP_MAC_CTRL 0 # define EVP_F_EVP_MAC_CTRL_STR 0 # define EVP_F_EVP_MAC_CTX_DUP 0 @@ -100,6 +102,7 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_DECRYPT_OLD 0 # define EVP_F_EVP_PKEY_DERIVE 0 # define EVP_F_EVP_PKEY_DERIVE_INIT 0 +# define EVP_F_EVP_PKEY_DERIVE_INIT_EX 0 # define EVP_F_EVP_PKEY_DERIVE_SET_PEER 0 # define EVP_F_EVP_PKEY_ENCRYPT 0 # define EVP_F_EVP_PKEY_ENCRYPT_INIT 0 @@ -168,6 +171,8 @@ int ERR_load_EVP_strings(void); # define EVP_R_BAD_KEY_LENGTH 195 # define EVP_R_BUFFER_TOO_SMALL 155 # define EVP_R_CAMELLIA_KEY_SETUP_FAILED 157 +# define EVP_R_CANNOT_GET_PARAMETERS 197 +# define EVP_R_CANNOT_SET_PARAMETERS 198 # define EVP_R_CIPHER_NOT_GCM_MODE 184 # define EVP_R_CIPHER_PARAMETER_ERROR 122 # define EVP_R_COMMAND_NOT_SUPPORTED 147