Setup support for EVP_PKEY_CTX_ctrl_str

aws · Sep 11, 2024 · 91534e6 · 91534e6
1 parent 51d9a8d
commit 91534e6
Show file tree

Hide file tree

Showing 12 changed files with 60 additions and 8 deletions.
diff --git a/crypto/dilithium/p_dilithium3.c b/crypto/dilithium/p_dilithium3.c
@@ -117,6 +117,7 @@ const EVP_PKEY_METHOD dilithium3_pkey_meth = {
     NULL /* derive */,
     NULL /* paramgen */,
     NULL /* ctrl */,
+    NULL /* ctrl_str */,
     NULL /* keygen deterministic */,
     NULL /* encapsulate deterministic */,
     NULL /* encapsulate */,

diff --git a/crypto/evp_extra/p_dh.c b/crypto/evp_extra/p_dh.c
@@ -129,6 +129,7 @@ const EVP_PKEY_METHOD dh_pkey_meth = {
     .keygen = pkey_dh_keygen,
     .derive = pkey_dh_derive,
     .ctrl = pkey_dh_ctrl,
+    .ctrl_str = NULL
 };
 
 int EVP_PKEY_CTX_set_dh_pad(EVP_PKEY_CTX *ctx, int pad) {

diff --git a/crypto/evp_extra/p_x25519.c b/crypto/evp_extra/p_x25519.c
@@ -106,6 +106,7 @@ const EVP_PKEY_METHOD x25519_pkey_meth = {
     pkey_x25519_derive,
     NULL /* paramgen */,
     pkey_x25519_ctrl,
+    NULL,
     NULL /* keygen deterministic */,
     NULL /* encapsulate deterministic */,
     NULL /* encapsulate */,

diff --git a/crypto/fipsmodule/evp/evp_ctx.c b/crypto/fipsmodule/evp/evp_ctx.c
@@ -617,13 +617,32 @@ int EVP_PKEY_decapsulate(EVP_PKEY_CTX *ctx,
                                  ciphertext, ciphertext_len);
 }
 
-// Deprecated keygen NO-OP functions
-int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-                            const char *value) {
-  // No-op
-  return 0;
+int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md) {
+  const EVP_MD *m;
+
+  if (md == NULL || (m = EVP_get_digestbyname(md)) == NULL) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_INVALID_DIGEST_TYPE);
+    return 0;
+  }
+  return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, 0, (void *)m);
 }
 
+int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *name,
+                          const char *value) {
+  if (!ctx || !ctx->pmeth || !ctx->pmeth->ctrl_str) {
+    OPENSSL_PUT_ERROR(EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+    return -2;
+  }
+  if (strcmp(name, "digest") == 0) {
+    OPENSSL_BEGIN_ALLOW_DEPRECATED
+    return EVP_PKEY_CTX_md(ctx, EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_CTRL_MD, value);
+    OPENSSL_END_ALLOW_DEPRECATED
+  }
+  return ctx->pmeth->ctrl_str(ctx, name, value);
+}
+
+
+// Deprecated keygen NO-OP functions
 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb) {
   // No-op
 }

diff --git a/crypto/fipsmodule/evp/internal.h b/crypto/fipsmodule/evp/internal.h
@@ -283,6 +283,8 @@ struct evp_pkey_method_st {
 
   int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
 
+  int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
+
   // Encapsulate, encapsulate_deterministic, keygen_deterministic, and
   // decapsulate are operations defined for a Key Encapsulation Mechanism (KEM).
   int (*keygen_deterministic)(EVP_PKEY_CTX *ctx,

diff --git a/crypto/fipsmodule/evp/p_ec.c b/crypto/fipsmodule/evp/p_ec.c
@@ -289,6 +289,7 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_ec_pkey_meth) {
     out->derive = pkey_ec_derive;
     out->paramgen = pkey_ec_paramgen;
     out->ctrl = pkey_ec_ctrl;
+    out->ctrl_str = NULL;
 }
 
 int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid) {

diff --git a/crypto/fipsmodule/evp/p_ed25519.c b/crypto/fipsmodule/evp/p_ed25519.c
@@ -99,6 +99,7 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_ed25519_pkey_meth) {
   out->derive = NULL;
   out->paramgen = NULL;
   out->ctrl = NULL;
+  out->ctrl_str = NULL;
   out->keygen_deterministic = NULL;
   out->encapsulate_deterministic = NULL;
   out->encapsulate = NULL;

diff --git a/crypto/fipsmodule/evp/p_hkdf.c b/crypto/fipsmodule/evp/p_hkdf.c
@@ -197,6 +197,7 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_hkdf_pkey_meth) {
     out->derive = pkey_hkdf_derive;
     out->paramgen = NULL; /* paramgen */
     out->ctrl = pkey_hkdf_ctrl;
+    out->ctrl_str = NULL;
 }
 
 int EVP_PKEY_CTX_hkdf_mode(EVP_PKEY_CTX *ctx, int mode) {

diff --git a/crypto/fipsmodule/evp/p_hmac.c b/crypto/fipsmodule/evp/p_hmac.c
@@ -124,6 +124,7 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_hmac_pkey_meth) {
   out->derive = NULL;
   out->paramgen = NULL;
   out->ctrl = hmac_ctrl;
+  out->ctrl_str = NULL;
 }
 
 int used_for_hmac(EVP_MD_CTX *ctx) {

diff --git a/crypto/fipsmodule/evp/p_kem.c b/crypto/fipsmodule/evp/p_kem.c
@@ -317,6 +317,7 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_kem_pkey_meth) {
   out->derive = pkey_hkdf_derive;
   out->paramgen = NULL;
   out->ctrl = NULL;
+  out->ctrl_str = NULL;
   out->keygen_deterministic = pkey_kem_keygen_deterministic;
   out->encapsulate_deterministic = pkey_kem_encapsulate_deterministic;
   out->encapsulate = pkey_kem_encapsulate;

diff --git a/crypto/fipsmodule/evp/p_rsa.c b/crypto/fipsmodule/evp/p_rsa.c
@@ -703,6 +703,7 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_rsa_pkey_meth) {
     out->derive = NULL;
     out->paramgen = NULL;
     out->ctrl = pkey_rsa_ctrl;
+    out->ctrl_str = NULL;
 }
 
 DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_rsa_pss_pkey_meth) {
@@ -723,6 +724,7 @@ DEFINE_METHOD_FUNCTION(EVP_PKEY_METHOD, EVP_PKEY_rsa_pss_pkey_meth) {
     out->derive = NULL;
     out->paramgen = NULL;
     out->ctrl = pkey_rsa_ctrl;
+    out->ctrl_str = NULL;
 }
 
 int EVP_RSA_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2) {

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
@@ -1255,11 +1255,32 @@ OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_PKEY_CTX_set_dsa_paramgen_q_bits(
     EVP_PKEY_CTX *ctx, int qbits);
 
 
-// EVP_PKEY_CTX No-ops [Deprecated].
+// EVP_PKEY_CTX_ctrl_str
 
-// EVP_PKEY_CTX_ctrl_str is a no-op.
+// EVP_PKEY_CTX_ctrl_str sets a parameter on |ctx| of type |type| to |value|.
+// This function is deprecated and should not be used in new code.
+//
+// WARNING: This function is difficult to use correctly. New code should use
+// the EVP_PKEY_CTX_set1_* or EVP_PKEY_CTX_set_* functions instead.
+//
+// |ctx| is the context to operate on.
+// |type| is the parameter type as a string.
+// |value| is the value to set.
+//
+// It returns 1 for success and 0 or a negative value for failure.
 OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx, const char *type,
-                            const char *value);
+                              const char *value);
+
+// EVP_PKEY_CTX_md sets the message digest type for a specific operation.
+// This function is deprecated and should not be used in new code.
+//
+// |ctx| is the context to operate on.
+// |optype| is the operation type (e.g., EVP_PKEY_OP_TYPE_SIG, EVP_PKEY_OP_KEYGEN).
+// |cmd| is the specific command (e.g., EVP_PKEY_CTRL_MD).
+// |md| is the name of the message digest algorithm to use.
+//
+// It returns 1 for success and 0 or a negative value for failure.
+OPENSSL_EXPORT OPENSSL_DEPRECATED int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md);
 
 // EVP_PKEY_CTX keygen no-ops [Deprecated].