isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone
Source Code
GIT

Blame SOURCES/0094-ibmca-engine-compat.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   c9
  2.   SOURCES
  3.   0094-ibmca-engine-compat.patch
Blob History Raw
3da501 
From b00f2cab6b8dfc4ffb23fd50b049b4a443910946 Mon Sep 17 00:00:00 2001
3da501 
From: Juergen Christ <jchrist@linux.ibm.com>
3da501 
Date: Wed, 5 Oct 2022 13:57:21 +0200
3da501 
Subject: [PATCH] Add translation for ECX group parameter
3da501
3da501 
Legacy EVP_PKEY_CTX objects did not support the "group" parameter for X25519
3da501 
and X448.  The translation of this parameter resulted in an error.  This
3da501 
caused errors for legacy keys and engines.
3da501
3da501 
Fix this situation by adding a translation that simply checks that the correct
3da501 
parameter is to be set, but does not actually set anything.  This is correct
3da501 
since the group name is anyway optional for these two curves.
3da501
3da501 
Fixes #19313
3da501
3da501 
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
3da501 
---
3da501 
 crypto/evp/ctrl_params_translate.c | 37 +++++++++++++++++++++++++++++-
3da501 
 1 file changed, 36 insertions(+), 1 deletion(-)
3da501
3da501 
diff --git a/crypto/evp/ctrl_params_translate.c b/crypto/evp/ctrl_params_translate.c
3da501 
index ffea7b108b6f..47a935ce9cca 100644
3da501 
--- a/crypto/evp/ctrl_params_translate.c
3da501 
+++ b/crypto/evp/ctrl_params_translate.c
3da501 
@@ -1955,6 +1955,32 @@ IMPL_GET_RSA_PAYLOAD_COEFFICIENT(7)
3da501 
 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(8)
3da501 
 IMPL_GET_RSA_PAYLOAD_COEFFICIENT(9)
3da501
3da501 
+static int fix_group_ecx(enum state state,
3da501 
+                         const struct translation_st *translation,
3da501 
+                         struct translation_ctx_st *ctx)
3da501 
+{
3da501 
+    const char *value = NULL;
3da501 
+
3da501 
+    switch (state) {
3da501 
+    case PRE_PARAMS_TO_CTRL:
3da501 
+        if (!EVP_PKEY_CTX_IS_GEN_OP(ctx->pctx))
3da501 
+            return 0;
3da501 
+        ctx->action_type = NONE;
3da501 
+        return 1;
3da501 
+    case POST_PARAMS_TO_CTRL:
3da501 
+        if (OSSL_PARAM_get_utf8_string_ptr(ctx->params, &value) == 0 ||
3da501 
+            OPENSSL_strcasecmp(ctx->pctx->keytype, value) != 0) {
3da501 
+            ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
3da501 
+            ctx->p1 = 0;
3da501 
+            return 0;
3da501 
+        }
3da501 
+        ctx->p1 = 1;
3da501 
+        return 1;
3da501 
+    default:
3da501 
+        return 0;
3da501 
+    }
3da501 
+}
3da501 
+
3da501 
 /*-
3da501 
  * The translation table itself
3da501 
  * ============================
3da501 
@@ -2274,6 +2300,15 @@ static const struct translation_st evp_pkey_ctx_translations[] = {
3da501 
     { GET, -1, -1, EVP_PKEY_OP_TYPE_SIG,
3da501 
       EVP_PKEY_CTRL_GET_MD, NULL, NULL,
3da501 
       OSSL_SIGNATURE_PARAM_DIGEST, OSSL_PARAM_UTF8_STRING, fix_md },
3da501 
+
3da501 
+    /*-
3da501 
+     * ECX
3da501 
+     * ===
3da501 
+     */
3da501 
+    { SET, EVP_PKEY_X25519, EVP_PKEY_X25519, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
3da501 
+      OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
3da501 
+    { SET, EVP_PKEY_X448, EVP_PKEY_X448, EVP_PKEY_OP_KEYGEN, -1, NULL, NULL,
3da501 
+      OSSL_PKEY_PARAM_GROUP_NAME, OSSL_PARAM_UTF8_STRING, fix_group_ecx },
3da501 
 };
3da501
3da501 
 static const struct translation_st evp_pkey_translations[] = {
3da501 
@@ -2692,7 +2727,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
3da501
3da501 
         ret = fixup(PRE_PARAMS_TO_CTRL, translation, &ctx;;
3da501
3da501 
-        if (ret > 0 && action_type != NONE)
3da501 
+        if (ret > 0 && ctx.action_type != NONE)
3da501 
             ret = EVP_PKEY_CTX_ctrl(pctx, keytype, optype,
3da501 
                                     ctx.ctrl_cmd, ctx.p1, ctx.p2);
3da501

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation