From 972fa31895b38cbe91a87a04875f7dadee387dea Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Sat, 25 Jan 2020 12:27:47 +0100 Subject: [PATCH] Decentralize legacy_ctrl_str_to_param() This function did a bit too much in terms of central control, actually more so than the legacy counterpart, where all the string processing is done in the diverse *_pmeth.c. Furthermore, there was no room whatsoever for control keys that libcrypto isn't centrally aware of. This function is changed to simply translating keys and values to OSSL_PARAM form and then sent on their merry way to the provider implementations through EVP_PKEY_CTX_set_params(). It translates selected well known legacy names to their core name counterpart, and that's as far as centralized control should extend. Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/10947) --- crypto/evp/pmeth_lib.c | 89 ++++++++++++------------------------------ 1 file changed, 25 insertions(+), 64 deletions(-) diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 075e87fe1c..19f894d679 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -815,76 +815,37 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, const char *value) { + if (strcmp(name, "rsa_padding_mode") == 0) + name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE; + else if (strcmp(name, "rsa_mgf1_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST; + else if (strcmp(name, "rsa_oaep_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST; + else if (strcmp(name, "rsa_oaep_label") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL; # ifndef OPENSSL_NO_DH - if (strcmp(name, "dh_pad") == 0) { - int pad; - - pad = atoi(value); - return EVP_PKEY_CTX_set_dh_pad(ctx, pad); - } + else if (strcmp(name, "dh_pad") == 0) + name = OSSL_EXCHANGE_PARAM_PAD; # endif - if (strcmp(name, "digest") == 0) { - int ret; - EVP_MD *md; - - if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL) - return 0; - md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov), - value, NULL); - if (md == NULL) - return 0; - ret = EVP_PKEY_CTX_set_signature_md(ctx, md); - EVP_MD_free(md); - return ret; - } - - if (strcmp(name, "rsa_padding_mode") == 0) { - int pm; - - if (strcmp(value, "pkcs1") == 0) { - pm = RSA_PKCS1_PADDING; - } else if (strcmp(value, "sslv23") == 0) { - pm = RSA_SSLV23_PADDING; - } else if (strcmp(value, "none") == 0) { - pm = RSA_NO_PADDING; - } else if (strcmp(value, "oeap") == 0) { - pm = RSA_PKCS1_OAEP_PADDING; - } else if (strcmp(value, "oaep") == 0) { - pm = RSA_PKCS1_OAEP_PADDING; - } else if (strcmp(value, "x931") == 0) { - pm = RSA_X931_PADDING; - } else if (strcmp(value, "pss") == 0) { - pm = RSA_PKCS1_PSS_PADDING; - } else { - ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE); - return -2; - } - return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); - } - if (strcmp(name, "rsa_mgf1_md") == 0) - return EVP_PKEY_CTX_set_rsa_mgf1_md_name(ctx, value, NULL); - - if (strcmp(name, "rsa_oaep_md") == 0) - return EVP_PKEY_CTX_set_rsa_oaep_md_name(ctx, value, NULL); - - if (strcmp(name, "rsa_oaep_label") == 0) { - unsigned char *lab; - long lablen; - int ret; + { + /* + * TODO(3.0) reduce the code above to only translate known legacy + * string to the corresponding core name (see core_names.h), but + * otherwise leave it to this code block to do the actual work. + */ + const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int rv = 0; - lab = OPENSSL_hexstr2buf(value, &lablen); - if (lab == NULL) + if (!OSSL_PARAM_allocate_from_text(¶ms[0], settable, name, value, + strlen(value))) return 0; - ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); - if (ret <= 0) - OPENSSL_free(lab); - return ret; + if (EVP_PKEY_CTX_set_params(ctx, params)) + rv = 1; + OPENSSL_free(params[0].data); + return rv; } - - - - return 0; } int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, -- 2.25.1