diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-01-25 12:27:47 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-02-04 19:32:37 +0100 |
| commit | 972fa31895b38cbe91a87a04875f7dadee387dea (patch) | |
| tree | 2b98575a48ad5d97e0d7167146cc57f57d3be2b5 /crypto | |
| parent | 6d53ad6b5cf726d92860e973d7bc8c1930762086 (diff) | |
Decentralize legacy_ctrl_str_to_param()
This function did a bit too much in terms of central control, actually
more so than the legacy counterpart, where all the string processing
is done in the diverse *_pmeth.c. Furthermore, there was no room
whatsoever for control keys that libcrypto isn't centrally aware of.
This function is changed to simply translating keys and values to
OSSL_PARAM form and then sent on their merry way to the provider
implementations through EVP_PKEY_CTX_set_params(). It translates
selected well known legacy names to their core name counterpart, and
that's as far as centralized control should extend.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10947)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/pmeth_lib.c | 89 |
1 files changed, 25 insertions, 64 deletions
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 075e87fe1c..19f894d679 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -815,76 +815,37 @@ int EVP_PKEY_CTX_ctrl_uint64(EVP_PKEY_CTX *ctx, int keytype, int optype, static int legacy_ctrl_str_to_param(EVP_PKEY_CTX *ctx, const char *name, const char *value) { + if (strcmp(name, "rsa_padding_mode") == 0) + name = OSSL_ASYM_CIPHER_PARAM_PAD_MODE; + else if (strcmp(name, "rsa_mgf1_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST; + else if (strcmp(name, "rsa_oaep_md") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST; + else if (strcmp(name, "rsa_oaep_label") == 0) + name = OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL; # ifndef OPENSSL_NO_DH - if (strcmp(name, "dh_pad") == 0) { - int pad; - - pad = atoi(value); - return EVP_PKEY_CTX_set_dh_pad(ctx, pad); - } + else if (strcmp(name, "dh_pad") == 0) + name = OSSL_EXCHANGE_PARAM_PAD; # endif - if (strcmp(name, "digest") == 0) { - int ret; - EVP_MD *md; - - if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) || ctx->op.sig.signature == NULL) - return 0; - md = EVP_MD_fetch(ossl_provider_library_context(ctx->op.sig.signature->prov), - value, NULL); - if (md == NULL) - return 0; - ret = EVP_PKEY_CTX_set_signature_md(ctx, md); - EVP_MD_free(md); - return ret; - } - - if (strcmp(name, "rsa_padding_mode") == 0) { - int pm; - - if (strcmp(value, "pkcs1") == 0) { - pm = RSA_PKCS1_PADDING; - } else if (strcmp(value, "sslv23") == 0) { - pm = RSA_SSLV23_PADDING; - } else if (strcmp(value, "none") == 0) { - pm = RSA_NO_PADDING; - } else if (strcmp(value, "oeap") == 0) { - pm = RSA_PKCS1_OAEP_PADDING; - } else if (strcmp(value, "oaep") == 0) { - pm = RSA_PKCS1_OAEP_PADDING; - } else if (strcmp(value, "x931") == 0) { - pm = RSA_X931_PADDING; - } else if (strcmp(value, "pss") == 0) { - pm = RSA_PKCS1_PSS_PADDING; - } else { - ERR_raise(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE); - return -2; - } - return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); - } - if (strcmp(name, "rsa_mgf1_md") == 0) - return EVP_PKEY_CTX_set_rsa_mgf1_md_name(ctx, value, NULL); - - if (strcmp(name, "rsa_oaep_md") == 0) - return EVP_PKEY_CTX_set_rsa_oaep_md_name(ctx, value, NULL); - - if (strcmp(name, "rsa_oaep_label") == 0) { - unsigned char *lab; - long lablen; - int ret; + { + /* + * TODO(3.0) reduce the code above to only translate known legacy + * string to the corresponding core name (see core_names.h), but + * otherwise leave it to this code block to do the actual work. + */ + const OSSL_PARAM *settable = EVP_PKEY_CTX_settable_params(ctx); + OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END }; + int rv = 0; - lab = OPENSSL_hexstr2buf(value, &lablen); - if (lab == NULL) + if (!OSSL_PARAM_allocate_from_text(¶ms[0], settable, name, value, + strlen(value))) return 0; - ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); - if (ret <= 0) - OPENSSL_free(lab); - return ret; + if (EVP_PKEY_CTX_set_params(ctx, params)) + rv = 1; + OPENSSL_free(params[0].data); + return rv; } - - - - return 0; } int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, |