#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "internal/numbers.h"
+#include "internal/provider.h"
#include "evp_locl.h"
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
return ret;
}
+void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
+{
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL)
+ ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx);
+ EVP_KEYEXCH_free(ctx->op.kex.exchange);
+ } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
+ if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL)
+ ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx);
+ EVP_SIGNATURE_free(ctx->op.sig.signature);
+ }
+}
+
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
{
EVP_PKEY_METHOD *pmeth;
EVP_PKEY_CTX *rctx;
if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL))
- && pctx->exchprovctx == NULL)
+ && ((EVP_PKEY_CTX_IS_DERIVE_OP(pctx)
+ && pctx->op.kex.exchprovctx == NULL)
+ || (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)
+ && pctx->op.sig.sigprovctx == NULL)))
return NULL;
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a pkey context using an ENGINE */
rctx->pkey = pctx->pkey;
rctx->operation = pctx->operation;
- if (pctx->exchprovctx != NULL) {
- if (!ossl_assert(pctx->exchange != NULL))
- return NULL;
- rctx->exchange = pctx->exchange;
- if (!EVP_KEYEXCH_up_ref(rctx->exchange)) {
- OPENSSL_free(rctx);
- return NULL;
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
+ if (pctx->op.kex.exchange != NULL) {
+ rctx->op.kex.exchange = pctx->op.kex.exchange;
+ if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange)) {
+ OPENSSL_free(rctx);
+ return NULL;
+ }
}
- rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx);
- if (rctx->exchprovctx == NULL) {
- EVP_KEYEXCH_free(rctx->exchange);
- OPENSSL_free(rctx);
- return NULL;
+ if (pctx->op.kex.exchprovctx != NULL) {
+ if (!ossl_assert(pctx->op.kex.exchange != NULL))
+ return NULL;
+ rctx->op.kex.exchprovctx
+ = pctx->op.kex.exchange->dupctx(pctx->op.kex.exchprovctx);
+ if (rctx->op.kex.exchprovctx == NULL) {
+ EVP_KEYEXCH_free(rctx->op.kex.exchange);
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ return rctx;
+ }
+ } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
+ if (pctx->op.sig.signature != NULL) {
+ rctx->op.sig.signature = pctx->op.sig.signature;
+ if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature)) {
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ }
+ if (pctx->op.sig.sigprovctx != NULL) {
+ if (!ossl_assert(pctx->op.sig.signature != NULL))
+ return NULL;
+ rctx->op.sig.sigprovctx
+ = pctx->op.sig.signature->dupctx(pctx->op.sig.sigprovctx);
+ if (rctx->op.sig.sigprovctx == NULL) {
+ EVP_SIGNATURE_free(rctx->op.sig.signature);
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ return rctx;
}
- return rctx;
}
rctx->pmeth = pctx->pmeth;
if (ctx->pmeth && ctx->pmeth->cleanup)
ctx->pmeth->cleanup(ctx);
- if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
- ctx->exchange->freectx(ctx->exchprovctx);
-
- EVP_KEYEXCH_free(ctx->exchange);
+ evp_pkey_ctx_free_old_ops(ctx);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
OPENSSL_free(ctx);
}
+int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
+{
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->get_ctx_params != NULL)
+ return ctx->op.sig.signature->get_ctx_params(ctx->op.sig.sigprovctx,
+ params);
+ return 0;
+}
+
+const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
+{
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->gettable_ctx_params != NULL)
+ return ctx->op.sig.signature->gettable_ctx_params();
+
+ return NULL;
+}
+
int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
- if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
- return ctx->exchange->set_params(ctx->exchprovctx, params);
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.kex.exchprovctx != NULL
+ && ctx->op.kex.exchange != NULL
+ && ctx->op.kex.exchange->set_ctx_params != NULL)
+ return ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.exchprovctx,
+ params);
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->set_ctx_params != NULL)
+ return ctx->op.sig.signature->set_ctx_params(ctx->op.sig.sigprovctx,
+ params);
return 0;
}
+const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx)
+{
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.kex.exchange != NULL
+ && ctx->op.kex.exchange->settable_ctx_params != NULL)
+ return ctx->op.kex.exchange->settable_ctx_params();
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->settable_ctx_params != NULL)
+ return ctx->op.sig.signature->settable_ctx_params();
+
+ return NULL;
+}
+
#ifndef OPENSSL_NO_DH
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
{
OSSL_PARAM dh_pad_params[2];
unsigned int upad = pad;
+ /* We use EVP_PKEY_CTX_ctrl return values */
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ return -2;
+ }
+
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->exchprovctx == NULL)
+ if (ctx->op.kex.exchprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_PAD, pad, NULL);
}
#endif
+int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
+{
+ OSSL_PARAM sig_md_params[3], *p = sig_md_params;
+ /* 80 should be big enough */
+ char name[80] = "";
+ const EVP_MD *tmp;
+
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.sig.sigprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
+ EVP_PKEY_CTRL_GET_MD, 0, (void *)(md));
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+ name,
+ sizeof(name));
+ *p++ = OSSL_PARAM_construct_end();
+
+ if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params))
+ return 0;
+
+ tmp = EVP_get_digestbyname(name);
+ if (tmp == NULL)
+ return 0;
+
+ *md = tmp;
+
+ return 1;
+}
+
+int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
+{
+ OSSL_PARAM sig_md_params[3], *p = sig_md_params;
+ size_t mdsize;
+ const char *name;
+
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.sig.sigprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
+ EVP_PKEY_CTRL_MD, 0, (void *)(md));
+
+ if (md == NULL) {
+ name = "";
+ mdsize = 0;
+ } else {
+ mdsize = EVP_MD_size(md);
+ name = EVP_MD_name(md);
+ }
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (char *)name,
+ strlen(name) + 1);
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
+ &mdsize);
+ *p++ = OSSL_PARAM_construct_end();
+
+ return EVP_PKEY_CTX_set_params(ctx, sig_md_params);
+}
+
static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
int cmd, int p1, void *p2)
{
case EVP_PKEY_CTRL_DH_PAD:
return EVP_PKEY_CTX_set_dh_pad(ctx, p1);
#endif
+ case EVP_PKEY_CTRL_MD:
+ return EVP_PKEY_CTX_set_signature_md(ctx, p2);
+ case EVP_PKEY_CTRL_GET_MD:
+ return EVP_PKEY_CTX_get_signature_md(ctx, p2);
}
return 0;
}
return -2;
}
- if (ctx->exchprovctx != NULL)
+ if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL)
+ || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL))
return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2);
if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) {
return EVP_PKEY_CTX_set_dh_pad(ctx, pad);
}
#endif
+ if (strcmp(name, "digest") == 0) {
+ int ret;
+ EVP_MD *md;
+
+ if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL)
+ return 0;
+ md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov),
+ value, NULL);
+ if (md == NULL)
+ return 0;
+ ret = EVP_PKEY_CTX_set_signature_md(ctx, md);
+ EVP_MD_meth_free(md);
+ return ret;
+ }
+
return 0;
}
return -2;
}
- if (ctx->exchprovctx != NULL)
+ if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL)
+ || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL))
return legacy_ctrl_str_to_param(ctx, name, value);
if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {