src - FreeBSD source tree

diff options


context:
space:
mode:

author	Enji Cooper <ngie@FreeBSD.org>	2025-05-07 21:18:24 +0000
committer	Enji Cooper <ngie@FreeBSD.org>	2025-05-07 22:37:22 +0000
commit	29536654cc41bf41b92dc836c47496dc6fe0b00c (patch)
tree	368a3c5b14e610bb5f6b71657f61a41e373eaf97 /crypto/evp/pmeth_lib.c
parent	1c34280346af8284acdc0eae39496811d37df25d (diff)

vendor/openssl/3.5.0

Diffstat (limited to 'crypto/evp/pmeth_lib.c')

-rw-r--r--

crypto/evp/pmeth_lib.c

158

1 files changed, 42 insertions, 116 deletions

diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 5cd0c4b27f6d..665cafbc21a7 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c

@@ -1,5 +1,5 @@

* Licensed under the Apache License 2.0 (the "License"). You may not use

* this file except in compliance with the License. You can obtain a copy

@@ -66,11 +66,9 @@ static pmeth_fn standard_methods[] = {

# ifndef OPENSSL_NO_DH

ossl_dhx_pkey_method,

# endif

-# ifndef OPENSSL_NO_EC

+# ifndef OPENSSL_NO_ECX

ossl_ecx25519_pkey_method,

ossl_ecx448_pkey_method,

-# endif

-# ifndef OPENSSL_NO_EC

ossl_ed25519_pkey_method,

ossl_ed448_pkey_method,

# endif

@@ -128,33 +126,13 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)

EVP_PKEY_METHOD *pmeth;

pmeth = OPENSSL_zalloc(sizeof(*pmeth));

- if (pmeth == NULL) {

- ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);

+ if (pmeth == NULL)

return NULL;

- }

pmeth->pkey_id = id;

pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;

return pmeth;

}

-static void help_get_legacy_alg_type_from_keymgmt(const char *keytype,

- void *arg)

- int *type = arg;

- if (*type == NID_undef)

- *type = evp_pkey_name2type(keytype);

-static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt)

- int type = NID_undef;

- EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt,

- &type);

- return type;

#endif /* FIPS_MODULE */

int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx)

@@ -292,7 +270,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,

* directly.

if (keymgmt != NULL) {

- int tmp_id = get_legacy_alg_type_from_keymgmt(keymgmt);

+ int tmp_id = evp_keymgmt_get_legacy_alg(keymgmt);

if (tmp_id != NID_undef) {

if (id == -1) {

@@ -317,8 +295,6 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,

ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_ALGORITHM);

} else {

ret = OPENSSL_zalloc(sizeof(*ret));

- if (ret == NULL)

- ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);

}

#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)

@@ -345,9 +321,13 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,

ret->engine = e;

ret->pmeth = pmeth;

ret->operation = EVP_PKEY_OP_UNDEFINED;

+ if (pkey != NULL && !EVP_PKEY_up_ref(pkey)) {

+ EVP_PKEY_CTX_free(ret);

+ return NULL;

+ }

ret->pkey = pkey;

- if (pkey != NULL)

- EVP_PKEY_up_ref(pkey);

if (pmeth != NULL && pmeth->init != NULL) {

if (pmeth->init(ret) <= 0) {

@@ -482,13 +462,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)

}

# endif

rctx = OPENSSL_zalloc(sizeof(*rctx));

- if (rctx == NULL) {

- ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);

+ if (rctx == NULL)

return NULL;

- }

- if (pctx->pkey != NULL)

- EVP_PKEY_up_ref(pctx->pkey);

+ if (pctx->pkey != NULL && !EVP_PKEY_up_ref(pctx->pkey))

+ goto err;

rctx->pkey = pctx->pkey;

rctx->operation = pctx->operation;

rctx->libctx = pctx->libctx;

@@ -595,8 +574,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)

rctx->engine = pctx->engine;

# endif

- if (pctx->peerkey != NULL)

- EVP_PKEY_up_ref(pctx->peerkey);

+ if (pctx->peerkey != NULL && !EVP_PKEY_up_ref(pctx->peerkey))

+ goto err;

rctx->peerkey = pctx->peerkey;

if (pctx->pmeth == NULL) {

@@ -627,13 +607,13 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)

{

if (app_pkey_methods == NULL) {

app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);

- if (app_pkey_methods == NULL){

- ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);

+ if (app_pkey_methods == NULL) {

+ ERR_raise(ERR_LIB_EVP, ERR_R_CRYPTO_LIB);

return 0;

}

if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {

- ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);

+ ERR_raise(ERR_LIB_EVP, ERR_R_CRYPTO_LIB);

return 0;

}

sk_EVP_PKEY_METHOD_sort(app_pkey_methods);

@@ -721,8 +701,9 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)

ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx,

params);

break;

-#ifndef FIPS_MODULE

case EVP_PKEY_STATE_UNKNOWN:

+ break;

+#ifndef FIPS_MODULE

case EVP_PKEY_STATE_LEGACY:

return evp_pkey_ctx_set_params_to_ctrl(ctx, params);

#endif

@@ -758,9 +739,16 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)

return

ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,

params);

+ if (EVP_PKEY_CTX_IS_GEN_OP(ctx)

+ && ctx->keymgmt != NULL

+ && ctx->keymgmt->gen_get_params != NULL)

+ return

+ evp_keymgmt_gen_get_params(ctx->keymgmt, ctx->op.keymgmt.genctx,

+ params);

break;

-#ifndef FIPS_MODULE

case EVP_PKEY_STATE_UNKNOWN:

+ break;

+#ifndef FIPS_MODULE

case EVP_PKEY_STATE_LEGACY:

return evp_pkey_ctx_get_params_to_ctrl(ctx, params);

#endif

@@ -803,6 +791,13 @@ const OSSL_PARAM *EVP_PKEY_CTX_gettable_params(const EVP_PKEY_CTX *ctx)

return ctx->op.encap.kem->gettable_ctx_params(ctx->op.encap.algctx,

provctx);

}

+ if (EVP_PKEY_CTX_IS_GEN_OP(ctx)

+ && ctx->keymgmt != NULL

+ && ctx->keymgmt->gen_gettable_params != NULL) {

+ provctx = ossl_provider_ctx(EVP_KEYMGMT_get0_provider(ctx->keymgmt));

+ return ctx->keymgmt->gen_gettable_params(ctx->op.keymgmt.genctx,

+ provctx);

+ }

return NULL;

}

@@ -879,7 +874,7 @@ int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)

for (p = params; p->key != NULL; p++) {

/* Check the ctx actually understands this parameter */

- if (OSSL_PARAM_locate_const(settable, p->key) == NULL )

+ if (OSSL_PARAM_locate_const(settable, p->key) == NULL)

return -2;

}

@@ -902,9 +897,9 @@ int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)

const OSSL_PARAM *gettable = EVP_PKEY_CTX_gettable_params(ctx);

const OSSL_PARAM *p;

- for (p = params; p->key != NULL; p++ ) {

+ for (p = params; p->key != NULL; p++) {

/* Check the ctx actually understands this parameter */

- if (OSSL_PARAM_locate_const(gettable, p->key) == NULL )

+ if (OSSL_PARAM_locate_const(gettable, p->key) == NULL)

return -2;

}

@@ -1284,77 +1279,12 @@ int EVP_PKEY_CTX_set_kem_op(EVP_PKEY_CTX *ctx, const char *op)

return EVP_PKEY_CTX_set_params(ctx, params);

}

-int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len)

- OSSL_PARAM params[2], *p = params;

- int ret;

- if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {

- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);

- /* Uses the same return values as EVP_PKEY_CTX_ctrl */

- return -2;

- }

- *p++ = OSSL_PARAM_construct_octet_string(OSSL_PKEY_PARAM_DIST_ID,

- /*

- * Cast away the const. This is

- * read only so should be safe

- */

- (void *)id, (size_t)len);

- *p++ = OSSL_PARAM_construct_end();

- ret = evp_pkey_ctx_set_params_strict(ctx, params);

- if (ret == -2)

- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);

- return ret;

int EVP_PKEY_CTX_set1_id(EVP_PKEY_CTX *ctx, const void *id, int len)

{

return EVP_PKEY_CTX_ctrl(ctx, -1, -1,

EVP_PKEY_CTRL_SET1_ID, (int)len, (void*)(id));

}

-static int get1_id_data(EVP_PKEY_CTX *ctx, void *id, size_t *id_len)

- int ret;

- void *tmp_id = NULL;

- OSSL_PARAM params[2], *p = params;

- if (!EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)) {

- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);

- /* Uses the same return values as EVP_PKEY_CTX_ctrl */

- return -2;

- }

- *p++ = OSSL_PARAM_construct_octet_ptr(OSSL_PKEY_PARAM_DIST_ID,

- &tmp_id, 0);

- *p++ = OSSL_PARAM_construct_end();

- ret = evp_pkey_ctx_get_params_strict(ctx, params);

- if (ret == -2) {

- ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);

- } else if (ret > 0) {

- size_t tmp_id_len = params[0].return_size;

- if (id != NULL)

- memcpy(id, tmp_id, tmp_id_len);

- if (id_len != NULL)

- *id_len = tmp_id_len;

- }

- return ret;

-int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id)

- return get1_id_data(ctx, id, NULL);

-int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len)

- return get1_id_data(ctx, NULL, id_len);

int EVP_PKEY_CTX_get1_id(EVP_PKEY_CTX *ctx, void *id)

{

return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_GET1_ID, 0, (void*)id);

@@ -1570,17 +1500,13 @@ static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,

evp_pkey_ctx_free_cached_data(ctx, cmd, name);

if (name != NULL) {

ctx->cached_parameters.dist_id_name = OPENSSL_strdup(name);

- if (ctx->cached_parameters.dist_id_name == NULL) {

- ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);

+ if (ctx->cached_parameters.dist_id_name == NULL)

return 0;

- }

}

if (data_len > 0) {

ctx->cached_parameters.dist_id = OPENSSL_memdup(data, data_len);

- if (ctx->cached_parameters.dist_id == NULL) {

- ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);

+ if (ctx->cached_parameters.dist_id == NULL)

return 0;

- }

}

ctx->cached_parameters.dist_id_set = 1;

ctx->cached_parameters.dist_id_len = data_len;