Decentralize legacy_ctrl_str_to_param()

This function did a bit too much in terms of central control, actually
more so than the legacy counterpart, where all the string processing
is done in the diverse *_pmeth.c.  Furthermore, there was no room
whatsoever for control keys that libcrypto isn't centrally aware of.

This function is changed to simply translating keys and values to
OSSL_PARAM form and then sent on their merry way to the provider
implementations through EVP_PKEY_CTX_set_params().  It translates
selected well known legacy names to their core name counterpart, and
that's as far as centralized control should extend.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10947)

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 075e87fe1c205a6c35594a84d7f9d0e990d45f07..19f894d6798eaab5cc65d1a43d654e0e70f4718b 100644 (file)
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -815,76 +815,37 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype,
 static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name,
                                     const char *value)
 {
+    if (strcmp(name, "rsa_padding_mode") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE;
+    else if (strcmp(name, "rsa_mgf1_md") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST;
+    else if (strcmp(name, "rsa_oaep_md") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST;
+    else if (strcmp(name, "rsa_oaep_label") == 0)
+        name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL;
 # ifndef OPENSSL_NO_DH
-    if (strcmp(name, "dh_pad") == 0) {
-        int pad;
-
-        pad = atoi(value);
-        return EVP_PKEY_CTX_set_dh_pad(ctx, pad);
-    }
+    else if (strcmp(name, "dh_pad") == 0)
+        name = OSSL_EXCHANGE_PARAM_PAD;
 # endif
-    if (strcmp(name, "digest") == 0) {
-        int ret;
-        EVP_MD *md;
-
-        if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL)
-            return 0;
-        md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov),
-                          value, NULL);
-        if (md == NULL)
-            return 0;
-        ret = EVP_PKEY_CTX_set_signature_md(ctx, md);
-        EVP_MD_free(md);
-        return ret;
-    }
-
-    if (strcmp(name, "rsa_padding_mode") == 0) {
-        int pm;
-
-        if (strcmp(value, "pkcs1") == 0) {
-            pm = RSA_PKCS1_PADDING;
-        } else if (strcmp(value, "sslv23") == 0) {
-            pm = RSA_SSLV23_PADDING;
-        } else if (strcmp(value, "none") == 0) {
-            pm = RSA_NO_PADDING;
-        } else if (strcmp(value, "oeap") == 0) {
-            pm = RSA_PKCS1_OAEP_PADDING;
-        } else if (strcmp(value, "oaep") == 0) {
-            pm = RSA_PKCS1_OAEP_PADDING;
-        } else if (strcmp(value, "x931") == 0) {
-            pm = RSA_X931_PADDING;
-        } else if (strcmp(value, "pss") == 0) {
-            pm = RSA_PKCS1_PSS_PADDING;
-        } else {
-            ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE);
-            return -2;
-        }
-        return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
-    }
 
-    if (strcmp(name, "rsa_mgf1_md") == 0)
-        return EVP_PKEY_CTX_set_rsa_mgf1_md_name(ctx, value, NULL);
-
-    if (strcmp(name, "rsa_oaep_md") == 0)
-        return EVP_PKEY_CTX_set_rsa_oaep_md_name(ctx, value, NULL);
-
-    if (strcmp(name, "rsa_oaep_label") == 0) {
-        unsigned char *lab;
-        long lablen;
-        int ret;
+    {
+        /*
+         * TODO(3.0) reduce the code above to only translate known legacy
+         * string to the corresponding core name (see core_names.h), but
+         * otherwise leave it to this code block to do the actual work.
+         */
+        const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx);
+        OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+        int rv = 0;
 
-        lab = OPENSSL_hexstr2buf(value, &lablen);
-        if (lab == NULL)
+        if (!OSSL_PARAM_allocate_from_text(&params[0], settable, name, value,
+                                           strlen(value)))
             return 0;
-        ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
-        if (ret <= 0)
-            OPENSSL_free(lab);
-        return ret;
+        if (EVP_PKEY_CTX_set_params(ctx, params))
+            rv = 1;
+        OPENSSL_free(params[0].data);
+        return rv;
     }
-
-
-
-    return 0;
 }
 
 int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,