EC: Reimplement EVP_PKEY_CTX_set_ec_param_enc() to support providers

Fixes #12852 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12853)
2025-01-18 13:44:20 +08:00 · 2020-09-10 22:06:46 +02:00 · 2020-09-10 22:06:46 +02:00 · 7229a2f4ab
commit 7229a2f4ab
parent 4588f35b5a
5 changed files with 47 additions and 6 deletions
--- a/crypto/ec/ec_ctrl.c
+++ b/crypto/ec/ec_ctrl.c
@ -443,4 +443,44 @@ int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid)

    return EVP_PKEY_CTX_set_group_name(ctx, OBJ_nid2sn(nid));
 }
+
+int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc)
+{
+    const char *enc = NULL;
+    OSSL_PARAM params[2], *p = params;
+    int ret = -2;                /* Assume unsupported */
+
+    if (ctx == NULL
+        || !EVP_PKEY_CTX_IS_GEN_OP(ctx)
+        || ctx->op.keymgmt.genctx == NULL)
+        goto end;
+
+    switch (param_enc) {
+    case OPENSSL_EC_EXPLICIT_CURVE:
+        enc = OSSL_PKEY_EC_ENCODING_EXPLICIT;
+        break;
+    case OPENSSL_EC_NAMED_CURVE:
+        enc = OSSL_PKEY_EC_ENCODING_GROUP;
+        break;
+    default:
+        goto end;
+    }
+
+    *p++ = OSSL_PARAM_construct_utf8_string(OSSL_PKEY_PARAM_EC_ENCODING,
+                                            (char *)enc, 0);
+    *p++ = OSSL_PARAM_construct_end();
+
+    ret = evp_pkey_ctx_set_params_strict(ctx, params);
+ end:
+    if (ret == -2)
+        ERR_raise(ERR_LIB_EVP, EVP_R_COMMAND_NOT_SUPPORTED);
+    return ret;
+}
+
+int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc)
+{
+    return EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC,
+                             EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN,
+                             EVP_PKEY_CTRL_EC_PARAM_ENC, param_enc, NULL);
+}
 #endif
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -26,6 +26,7 @@
 #include "crypto/asn1.h"
 #include "crypto/evp.h"
 #include "crypto/dh.h"
+#include "crypto/ec.h"
 #include "internal/ffc.h"
 #include "internal/numbers.h"
 #include "internal/provider.h"
@ -1248,6 +1249,8 @@ static int legacy_ctrl_to_param(EVP_PKEY_CTX *ctx, int keytype, int optype,
 # ifndef OPENSSL_NO_EC
    if (keytype == EVP_PKEY_EC) {
        switch (cmd) {
+        case EVP_PKEY_CTRL_EC_PARAM_ENC:
+            return evp_pkey_ctx_set_ec_param_enc_prov(ctx, p1);
        case EVP_PKEY_CTRL_EC_PARAMGEN_CURVE_NID:
            return EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, p1);
        case EVP_PKEY_CTRL_EC_ECDH_COFACTOR:
--- a/include/crypto/ec.h
+++ b/include/crypto/ec.h
@ -68,5 +68,7 @@ int ec_key_otherparams_fromdata(EC_KEY *ec, const OSSL_PARAM params[]);
 int ec_set_ecdh_cofactor_mode(EC_KEY *ec, int mode);
 int ec_encoding_name2id(const char *name);

+int evp_pkey_ctx_set_ec_param_enc_prov(EVP_PKEY_CTX *ctx, int param_enc);
+
 # endif /* OPENSSL_NO_EC */
 #endif
--- a/include/openssl/ec.h
+++ b/include/openssl/ec.h
@ -1470,12 +1470,7 @@ DEPRECATEDIN_3_0(void EC_KEY_METHOD_get_verify
 #  endif

 int EVP_PKEY_CTX_set_ec_paramgen_curve_nid(EVP_PKEY_CTX *ctx, int nid);
-
-#  define EVP_PKEY_CTX_set_ec_param_enc(ctx, flag) \
-        EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_EC, \
-                          EVP_PKEY_OP_PARAMGEN|EVP_PKEY_OP_KEYGEN, \
-                          EVP_PKEY_CTRL_EC_PARAM_ENC, flag, NULL)
-
+int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int param_enc);
 int EVP_PKEY_CTX_set_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx, int cofactor_mode);
 int EVP_PKEY_CTX_get_ecdh_cofactor_mode(EVP_PKEY_CTX *ctx);

--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@ -5301,3 +5301,4 @@ EVP_PKEY_CTX_get1_id                    ?	3_0_0	EXIST::FUNCTION:
 EVP_PKEY_CTX_get1_id_len                ?	3_0_0	EXIST::FUNCTION:
 CMS_AuthEnvelopedData_create            ?	3_0_0	EXIST::FUNCTION:CMS
 CMS_AuthEnvelopedData_create_with_libctx ?	3_0_0	EXIST::FUNCTION:CMS
+EVP_PKEY_CTX_set_ec_param_enc           ?	3_0_0	EXIST::FUNCTION:EC