#include <openssl/core_names.h>
#include <openssl/dh.h>
#include "internal/cryptlib.h"
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
+#include "crypto/asn1.h"
+#include "crypto/evp.h"
#include "internal/numbers.h"
#include "internal/provider.h"
#include "evp_locl.h"
+typedef const EVP_PKEY_METHOD *(*pmeth_fn)(void);
typedef int sk_cmp_fn_type(const char *const *a, const char *const *b);
static STACK_OF(EVP_PKEY_METHOD) *app_pkey_methods = NULL;
/* This array needs to be in order of NIDs */
-static const EVP_PKEY_METHOD *standard_methods[] = {
+static pmeth_fn standard_methods[] = {
#ifndef OPENSSL_NO_RSA
- &rsa_pkey_meth,
+ rsa_pkey_method,
#endif
#ifndef OPENSSL_NO_DH
- &dh_pkey_meth,
+ dh_pkey_method,
#endif
#ifndef OPENSSL_NO_DSA
- &dsa_pkey_meth,
+ dsa_pkey_method,
#endif
#ifndef OPENSSL_NO_EC
- &ec_pkey_meth,
+ ec_pkey_method,
#endif
- &hmac_pkey_meth,
+ hmac_pkey_method,
#ifndef OPENSSL_NO_CMAC
- &cmac_pkey_meth,
+ cmac_pkey_method,
#endif
#ifndef OPENSSL_NO_RSA
- &rsa_pss_pkey_meth,
+ rsa_pss_pkey_method,
#endif
#ifndef OPENSSL_NO_DH
- &dhx_pkey_meth,
+ dhx_pkey_method,
#endif
#ifndef OPENSSL_NO_SCRYPT
- &scrypt_pkey_meth,
+ scrypt_pkey_method,
#endif
- &tls1_prf_pkey_meth,
+ tls1_prf_pkey_method,
#ifndef OPENSSL_NO_EC
- &ecx25519_pkey_meth,
- &ecx448_pkey_meth,
+ ecx25519_pkey_method,
+ ecx448_pkey_method,
#endif
- &hkdf_pkey_meth,
+ hkdf_pkey_method,
#ifndef OPENSSL_NO_POLY1305
- &poly1305_pkey_meth,
+ poly1305_pkey_method,
#endif
#ifndef OPENSSL_NO_SIPHASH
- &siphash_pkey_meth,
+ siphash_pkey_method,
#endif
#ifndef OPENSSL_NO_EC
- &ed25519_pkey_meth,
- &ed448_pkey_meth,
+ ed25519_pkey_method,
+ ed448_pkey_method,
#endif
#ifndef OPENSSL_NO_SM2
- &sm2_pkey_meth,
+ sm2_pkey_method,
#endif
};
-DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
- pmeth);
+DECLARE_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
+
+static int pmeth_func_cmp(const EVP_PKEY_METHOD *const *a, pmeth_fn const *b)
+{
+ return ((*a)->pkey_id - ((**b)())->pkey_id);
+}
+
+IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, pmeth_fn, pmeth_func);
static int pmeth_cmp(const EVP_PKEY_METHOD *const *a,
const EVP_PKEY_METHOD *const *b)
return ((*a)->pkey_id - (*b)->pkey_id);
}
-IMPLEMENT_OBJ_BSEARCH_CMP_FN(const EVP_PKEY_METHOD *, const EVP_PKEY_METHOD *,
- pmeth);
-
const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type)
{
+ pmeth_fn *ret;
EVP_PKEY_METHOD tmp;
- const EVP_PKEY_METHOD *t = &tmp, **ret;
+ const EVP_PKEY_METHOD *t = &tmp;
tmp.pkey_id = type;
if (app_pkey_methods) {
int idx;
if (idx >= 0)
return sk_EVP_PKEY_METHOD_value(app_pkey_methods, idx);
}
- ret = OBJ_bsearch_pmeth(&t, standard_methods,
- sizeof(standard_methods) /
- sizeof(EVP_PKEY_METHOD *));
+ ret = OBJ_bsearch_pmeth_func(&t, standard_methods,
+ sizeof(standard_methods) /
+ sizeof(pmeth_fn));
if (!ret || !*ret)
return NULL;
- return *ret;
+ return (**ret)();
}
static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
return ret;
}
+void evp_pkey_ctx_free_old_ops(EVP_PKEY_CTX *ctx)
+{
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ if (ctx->op.kex.exchprovctx != NULL && ctx->op.kex.exchange != NULL)
+ ctx->op.kex.exchange->freectx(ctx->op.kex.exchprovctx);
+ EVP_KEYEXCH_free(ctx->op.kex.exchange);
+ } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
+ if (ctx->op.sig.sigprovctx != NULL && ctx->op.sig.signature != NULL)
+ ctx->op.sig.signature->freectx(ctx->op.sig.sigprovctx);
+ EVP_SIGNATURE_free(ctx->op.sig.signature);
+ }
+}
+
EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
{
EVP_PKEY_METHOD *pmeth;
EVP_PKEY_CTX *rctx;
if (((pctx->pmeth == NULL) || (pctx->pmeth->copy == NULL))
- && pctx->exchprovctx == NULL)
+ && ((EVP_PKEY_CTX_IS_DERIVE_OP(pctx)
+ && pctx->op.kex.exchprovctx == NULL)
+ || (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)
+ && pctx->op.sig.sigprovctx == NULL)))
return NULL;
#ifndef OPENSSL_NO_ENGINE
/* Make sure it's safe to copy a pkey context using an ENGINE */
rctx->pkey = pctx->pkey;
rctx->operation = pctx->operation;
- if (pctx->exchprovctx != NULL) {
- if (!ossl_assert(pctx->exchange != NULL))
- return NULL;
- rctx->exchange = pctx->exchange;
- if (!EVP_KEYEXCH_up_ref(rctx->exchange)) {
- OPENSSL_free(rctx);
- return NULL;
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
+ if (pctx->op.kex.exchange != NULL) {
+ rctx->op.kex.exchange = pctx->op.kex.exchange;
+ if (!EVP_KEYEXCH_up_ref(rctx->op.kex.exchange)) {
+ OPENSSL_free(rctx);
+ return NULL;
+ }
}
- rctx->exchprovctx = pctx->exchange->dupctx(pctx->exchprovctx);
- if (rctx->exchprovctx == NULL) {
- EVP_KEYEXCH_free(rctx->exchange);
- OPENSSL_free(rctx);
- return NULL;
+ if (pctx->op.kex.exchprovctx != NULL) {
+ if (!ossl_assert(pctx->op.kex.exchange != NULL))
+ return NULL;
+ rctx->op.kex.exchprovctx
+ = pctx->op.kex.exchange->dupctx(pctx->op.kex.exchprovctx);
+ if (rctx->op.kex.exchprovctx == NULL) {
+ EVP_KEYEXCH_free(rctx->op.kex.exchange);
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ return rctx;
+ }
+ } else if (EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) {
+ if (pctx->op.sig.signature != NULL) {
+ rctx->op.sig.signature = pctx->op.sig.signature;
+ if (!EVP_SIGNATURE_up_ref(rctx->op.sig.signature)) {
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ }
+ if (pctx->op.sig.sigprovctx != NULL) {
+ if (!ossl_assert(pctx->op.sig.signature != NULL))
+ return NULL;
+ rctx->op.sig.sigprovctx
+ = pctx->op.sig.signature->dupctx(pctx->op.sig.sigprovctx);
+ if (rctx->op.sig.sigprovctx == NULL) {
+ EVP_SIGNATURE_free(rctx->op.sig.signature);
+ OPENSSL_free(rctx);
+ return NULL;
+ }
+ return rctx;
}
- return rctx;
}
rctx->pmeth = pctx->pmeth;
const EVP_PKEY_METHOD *EVP_PKEY_meth_get0(size_t idx)
{
if (idx < OSSL_NELEM(standard_methods))
- return standard_methods[idx];
+ return (standard_methods[idx])();
if (app_pkey_methods == NULL)
return NULL;
idx -= OSSL_NELEM(standard_methods);
if (ctx->pmeth && ctx->pmeth->cleanup)
ctx->pmeth->cleanup(ctx);
- if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
- ctx->exchange->freectx(ctx->exchprovctx);
-
- EVP_KEYEXCH_free(ctx->exchange);
-
- if (ctx->sigprovctx != NULL && ctx->signature != NULL)
- ctx->signature->freectx(ctx->sigprovctx);
-
- EVP_SIGNATURE_free(ctx->signature);
+ evp_pkey_ctx_free_old_ops(ctx);
EVP_PKEY_free(ctx->pkey);
EVP_PKEY_free(ctx->peerkey);
OPENSSL_free(ctx);
}
+int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
+{
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->get_ctx_params != NULL)
+ return ctx->op.sig.signature->get_ctx_params(ctx->op.sig.sigprovctx,
+ params);
+ return 0;
+}
+
+const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(EVP_PKEY_CTX *ctx)
+{
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->gettable_ctx_params != NULL)
+ return ctx->op.sig.signature->gettable_ctx_params();
+
+ return NULL;
+}
+
int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
{
- if (ctx->exchprovctx != NULL && ctx->exchange != NULL)
- return ctx->exchange->set_params(ctx->exchprovctx, params);
- if (ctx->sigprovctx != NULL && ctx->signature != NULL)
- return ctx->signature->set_params(ctx->sigprovctx, params);
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.kex.exchprovctx != NULL
+ && ctx->op.kex.exchange != NULL
+ && ctx->op.kex.exchange->set_ctx_params != NULL)
+ return ctx->op.kex.exchange->set_ctx_params(ctx->op.kex.exchprovctx,
+ params);
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->set_ctx_params != NULL)
+ return ctx->op.sig.signature->set_ctx_params(ctx->op.sig.sigprovctx,
+ params);
return 0;
}
+const OSSL_PARAM *EVP_PKEY_CTX_settable_params(EVP_PKEY_CTX *ctx)
+{
+ if (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.kex.exchange != NULL
+ && ctx->op.kex.exchange->settable_ctx_params != NULL)
+ return ctx->op.kex.exchange->settable_ctx_params();
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.signature != NULL
+ && ctx->op.sig.signature->settable_ctx_params != NULL)
+ return ctx->op.sig.signature->settable_ctx_params();
+
+ return NULL;
+}
+
#ifndef OPENSSL_NO_DH
int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad)
{
OSSL_PARAM dh_pad_params[2];
unsigned int upad = pad;
+ /* We use EVP_PKEY_CTX_ctrl return values */
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ return -2;
+ }
+
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->exchprovctx == NULL)
+ if (ctx->op.kex.exchprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_DH, EVP_PKEY_OP_DERIVE,
EVP_PKEY_CTRL_DH_PAD, pad, NULL);
}
#endif
+int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
+{
+ OSSL_PARAM sig_md_params[3], *p = sig_md_params;
+ /* 80 should be big enough */
+ char name[80] = "";
+ const EVP_MD *tmp;
+
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
+ /* TODO(3.0): Remove this eventually when no more legacy */
+ if (ctx->op.sig.sigprovctx == NULL)
+ return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
+ EVP_PKEY_CTRL_GET_MD, 0, (void *)(md));
+
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+ name,
+ sizeof(name));
+ *p++ = OSSL_PARAM_construct_end();
+
+ if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params))
+ return 0;
+
+ tmp = EVP_get_digestbyname(name);
+ if (tmp == NULL)
+ return 0;
+
+ *md = tmp;
+
+ return 1;
+}
+
int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
{
- OSSL_PARAM sig_md_params[3];
+ OSSL_PARAM sig_md_params[3], *p = sig_md_params;
size_t mdsize;
const char *name;
+ if (ctx == NULL || !EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+ /* Uses the same return values as EVP_PKEY_CTX_ctrl */
+ return -2;
+ }
+
/* TODO(3.0): Remove this eventually when no more legacy */
- if (ctx->sigprovctx == NULL)
+ if (ctx->op.sig.sigprovctx == NULL)
return EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_TYPE_SIG,
EVP_PKEY_CTRL_MD, 0, (void *)(md));
- if (md == NULL)
- return 1;
-
- mdsize = EVP_MD_size(md);
- name = EVP_MD_name(md);
- sig_md_params[0] = OSSL_PARAM_construct_utf8_string(
- OSSL_SIGNATURE_PARAM_DIGEST,
- /*
- * Cast away the const. This is read only so should
- * be safe
- */
- (char *)name,
- strlen(name) + 1);
- sig_md_params[1] = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
- &mdsize);
- sig_md_params[2] = OSSL_PARAM_construct_end();
+ if (md == NULL) {
+ name = "";
+ mdsize = 0;
+ } else {
+ mdsize = EVP_MD_size(md);
+ name = EVP_MD_name(md);
+ }
- return EVP_PKEY_CTX_set_params(ctx, sig_md_params);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
+ /*
+ * Cast away the const. This is read
+ * only so should be safe
+ */
+ (char *)name,
+ strlen(name) + 1);
+ *p++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE,
+ &mdsize);
+ *p++ = OSSL_PARAM_construct_end();
+ return EVP_PKEY_CTX_set_params(ctx, sig_md_params);
}
static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
#endif
case EVP_PKEY_CTRL_MD:
return EVP_PKEY_CTX_set_signature_md(ctx, p2);
+ case EVP_PKEY_CTRL_GET_MD:
+ return EVP_PKEY_CTX_get_signature_md(ctx, p2);
}
return 0;
}
return -2;
}
- if (ctx->exchprovctx != NULL || ctx->sigprovctx != NULL)
+ if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL)
+ || (EVP_PKEY_CTX_IS_DERIVE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL))
return legacy_ctrl_to_param(ctx, keytype, optype, cmd, p1, p2);
if (ctx->pmeth == NULL || ctx->pmeth->ctrl == NULL) {
#endif
if (strcmp(name, "digest") == 0) {
int ret;
- EVP_MD *md
- = EVP_MD_fetch(ossl_provider_library_context(ctx->signature->prov),
- value, NULL);
+ EVP_MD *md;
+
+ if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL)
+ return 0;
+ md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov),
+ value, NULL);
if (md == NULL)
return 0;
ret = EVP_PKEY_CTX_set_signature_md(ctx, md);
return -2;
}
- if (ctx->exchprovctx != NULL || ctx->sigprovctx != NULL)
+ if ((EVP_PKEY_CTX_IS_DERIVE_OP(ctx) && ctx->op.kex.exchprovctx != NULL)
+ || (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && ctx->op.sig.sigprovctx != NULL))
return legacy_ctrl_str_to_param(ctx, name, value);
if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {