packages/openssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssl/backport-params-provide-a-faster-TRIE-based-param-lookup.patch

1687 lines
65 KiB
Diff
Raw Normal View History

backport patch for performance improvements
2024-11-27 19:51:06 +08:00
From ed34eddc7e458dd013f7a7228f707ee2095909c5 Mon Sep 17 00:00:00 2001
From: wangcheng <wangcheng156@huawei.com>
Date: Wed, 25 Sep 2024 16:52:03 +0800
Subject: [PATCH] 2
---
build.info | 11 +-
crypto/build.info | 2 +-
crypto/params_idx.c.in | 21 +
include/internal/e_os.h | 432 +++++++++++
include/internal/param_names.h.in | 18 +
include/openssl/core_names.h.in | 118 +++
.../ciphers/ciphercommon_gcm.c | 288 ++++----
util/perl/OpenSSL/paramnames.pm | 673 ++++++++++++++++++
8 files changed, 1426 insertions(+), 137 deletions(-)
create mode 100644 crypto/params_idx.c.in
create mode 100644 include/internal/e_os.h
create mode 100644 include/internal/param_names.h.in
create mode 100644 include/openssl/core_names.h.in
create mode 100644 util/perl/OpenSSL/paramnames.pm
diff --git a/build.info b/build.info
index 5a84216..630696c 100644
--- a/build.info
+++ b/build.info
@@ -22,6 +22,7 @@ DEPEND[]=include/openssl/asn1.h \
include/openssl/cmp.h \
include/openssl/cms.h \
include/openssl/conf.h \
+ include/openssl/core_names.h \
include/openssl/crmf.h \
include/openssl/crypto.h \
include/openssl/ct.h \
@@ -40,7 +41,8 @@ DEPEND[]=include/openssl/asn1.h \
include/openssl/x509.h \
include/openssl/x509v3.h \
include/openssl/x509_vfy.h \
- include/crypto/bn_conf.h include/crypto/dso_conf.h
+ include/crypto/bn_conf.h include/crypto/dso_conf.h \
+ include/internal/param_names.h crypto/params_idx.c
GENERATE[include/openssl/asn1.h]=include/openssl/asn1.h.in
GENERATE[include/openssl/asn1t.h]=include/openssl/asn1t.h.in
@@ -73,6 +75,13 @@ GENERATE[include/openssl/x509_vfy.h]=include/openssl/x509_vfy.h.in
GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in
GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in
+DEPEND[crypto/params_idx.c \
+ include/internal/param_names.h \
+ include/openssl/core_names.h]=util/perl/OpenSSL/paramnames.pm
+GENERATE[crypto/params_idx.c]=crypto/params_idx.c.in
+GENERATE[include/internal/param_names.h]=include/internal/param_names.h.in
+GENERATE[include/openssl/core_names.h]=include/openssl/core_names.h.in
+
IF[{- defined $target{shared_defflag} -}]
SHARED_SOURCE[libcrypto]=libcrypto.ld
SHARED_SOURCE[libssl]=libssl.ld
diff --git a/crypto/build.info b/crypto/build.info
index c04db55..d7afe47 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -95,7 +95,7 @@ $UTIL_COMMON=\
cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \
threads_pthread.c threads_win.c threads_none.c initthread.c \
context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
- param_build_set.c der_writer.c threads_lib.c params_dup.c
+ param_build_set.c der_writer.c threads_lib.c params_dup.c params_idx.c
SOURCE[../libcrypto]=$UTIL_COMMON \
mem.c mem_sec.c \
diff --git a/crypto/params_idx.c.in b/crypto/params_idx.c.in
new file mode 100644
index 0000000..f04939b
--- /dev/null
+++ b/crypto/params_idx.c.in
@@ -0,0 +1,21 @@
+/*
+ * {- join("\n * ", @autowarntext) -}
+ *
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+{-
+use OpenSSL::paramnames qw(produce_decoder);
+-}
+
+#include "internal/e_os.h"
+#include "internal/param_names.h"
+#include <string.h>
+
+/* Machine generated TRIE -- generated by util/perl/OpenSSL/paramnames.pm */
+{- produce_decoder(); -}
+/* End of TRIE */
diff --git a/include/internal/e_os.h b/include/internal/e_os.h
new file mode 100644
index 0000000..db05b7f
--- /dev/null
+++ b/include/internal/e_os.h
@@ -0,0 +1,432 @@
+/*
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_E_OS_H
+# define OSSL_E_OS_H
+
+# include <limits.h>
+# include <openssl/opensslconf.h>
+
+# include <openssl/e_os2.h>
+# include <openssl/crypto.h>
+# include "internal/nelem.h"
+
+/*
+ * <openssl/e_os2.h> contains what we can justify to make visible to the
+ * outside; this file e_os.h is not part of the exported interface.
+ */
+
+# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI)
+# define NO_CHMOD
+# define NO_SYSLOG
+# endif
+
+# define get_last_sys_error() errno
+# define clear_sys_error() errno=0
+# define set_sys_error(e) errno=(e)
+
+/********************************************************************
+ The Microsoft section
+ ********************************************************************/
+# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32)
+# define WIN32
+# endif
+# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS)
+# define WINDOWS
+# endif
+# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS)
+# define MSDOS
+# endif
+
+# ifdef WIN32
+# undef get_last_sys_error
+# undef clear_sys_error
+# undef set_sys_error
+# define get_last_sys_error() GetLastError()
+# define clear_sys_error() SetLastError(0)
+# define set_sys_error(e) SetLastError(e)
+# if !defined(WINNT)
+# define WIN_CONSOLE_BUG
+# endif
+# else
+# endif
+
+# if (defined(WINDOWS) || defined(MSDOS))
+
+# ifdef __DJGPP__
+# include <unistd.h>
+# include <sys/stat.h>
+# define _setmode setmode
+# define _O_TEXT O_TEXT
+# define _O_BINARY O_BINARY
+# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */
+# undef DEVRANDOM
+# define DEVRANDOM "/dev/urandom\x24"
+# endif /* __DJGPP__ */
+
+# ifndef S_IFDIR
+# define S_IFDIR _S_IFDIR
+# endif
+
+# ifndef S_IFMT
+# define S_IFMT _S_IFMT
+# endif
+
+# if !defined(WINNT) && !defined(__DJGPP__)
+# define NO_SYSLOG
+# endif
+
+# ifdef WINDOWS
+# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT)
+ /*
+ * Defining _WIN32_WINNT here in e_os.h implies certain "discipline."
+ * Most notably we ought to check for availability of each specific
+ * routine that was introduced after denoted _WIN32_WINNT with
+ * GetProcAddress(). Normally newer functions are masked with higher
+ * _WIN32_WINNT in SDK headers. So that if you wish to use them in
+ * some module, you'd need to override _WIN32_WINNT definition in
+ * the target module in order to "reach for" prototypes, but replace
+ * calls to new functions with indirect calls. Alternatively it
+ * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs
+ * and check for current OS version instead.
+ */
+# define _WIN32_WINNT 0x0501
+# endif
+# if defined(_WIN32_WINNT) || defined(_WIN32_WCE)
+ /*
+ * Just like defining _WIN32_WINNT including winsock2.h implies
+ * certain "discipline" for maintaining [broad] binary compatibility.
+ * As long as structures are invariant among Winsock versions,
+ * it's sufficient to check for specific Winsock2 API availability
+ * at run-time [DSO_global_lookup is recommended]...
+ */
+# include <winsock2.h>
+# include <ws2tcpip.h>
+ /*
+ * Clang-based C++Builder 10.3.3 toolchains cannot find C inline
+ * definitions at link-time. This header defines WspiapiLoad() as an
+ * __inline function. https://quality.embarcadero.com/browse/RSP-33806
+ */
+# if !defined(__BORLANDC__) || !defined(__clang__)
+# include <wspiapi.h>
+# endif
+ /* yes, they have to be #included prior to <windows.h> */
+# endif
+# include <windows.h>
+# include <stdio.h>
+# include <stddef.h>
+# include <errno.h>
+# if defined(_WIN32_WCE) && !defined(EACCES)
+# define EACCES 13
+# endif
+# include <string.h>
+# ifdef _WIN64
+# define strlen(s) _strlen31(s)
+/* cut strings to 2GB */
+static __inline unsigned int _strlen31(const char *str)
+{
+ unsigned int len = 0;
+ while (*str && len < 0x80000000U)
+ str++, len++;
+ return len & 0x7FFFFFFF;
+}
+# endif
+# include <malloc.h>
+# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
+# if _MSC_VER>=1300 && _MSC_VER<1600
+# undef stdin
+# undef stdout
+# undef stderr
+FILE *__iob_func();
+# define stdin (&__iob_func()[0])
+# define stdout (&__iob_func()[1])
+# define stderr (&__iob_func()[2])
+# endif
+# endif
+# endif
+# include <io.h>
+# include <fcntl.h>
+
+# ifdef OPENSSL_SYS_WINCE
+# define OPENSSL_NO_POSIX_IO
+# endif
+
+# define EXIT(n) exit(n)
+# define LIST_SEPARATOR_CHAR ';'
+# ifndef W_OK
+# define W_OK 2
+# endif
+# ifndef R_OK
+# define R_OK 4
+# endif
+# ifdef OPENSSL_SYS_WINCE
+# define DEFAULT_HOME ""
+# else
+# define DEFAULT_HOME "C:"
+# endif
+
+/* Avoid Visual Studio 13 GetVersion deprecated problems */
+# if defined(_MSC_VER) && _MSC_VER>=1800
+# define check_winnt() (1)
+# define check_win_minplat(x) (1)
+# else
+# define check_winnt() (GetVersion() < 0x80000000)
+# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x))
+# endif
+
+# else /* The non-microsoft world */
+
+# if defined(OPENSSL_SYS_VXWORKS)
+# include <time.h>
+# else
+# include <sys/time.h>
+# endif
+
+# ifdef OPENSSL_SYS_VMS
+# define VMS 1
+ /*
+ * some programs don't include stdlib, so exit() and others give implicit
+ * function warnings
+ */
+# include <stdlib.h>
+# if defined(__DECC)
+# include <unistd.h>
+# else
+# include <unixlib.h>
+# endif
+# define LIST_SEPARATOR_CHAR ','
+ /* We don't have any well-defined random devices on VMS, yet... */
+# undef DEVRANDOM
+ /*-
+ We need to do this since VMS has the following coding on status codes:
+
+ Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ...
+ The important thing to know is that odd numbers are considered
+ good, while even ones are considered errors.
+ Bits 3-15: actual status number
+ Bits 16-27: facility number. 0 is considered "unknown"
+ Bits 28-31: control bits. If bit 28 is set, the shell won't try to
+ output the message (which, for random codes, just looks ugly)
+
+ So, what we do here is to change 0 to 1 to get the default success status,
+ and everything else is shifted up to fit into the status number field, and
+ the status is tagged as an error, which is what is wanted here.
+
+ Finally, we add the VMS C facility code 0x35a000, because there are some
+ programs, such as Perl, that will reinterpret the code back to something
+ POSIX. 'man perlvms' explains it further.
+
+ NOTE: the perlvms manual wants to turn all codes 2 to 255 into success
+ codes (status type = 1). I couldn't disagree more. Fortunately, the
+ status type doesn't seem to bother Perl.
+ -- Richard Levitte
+ */
+# define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1)
+
+# define DEFAULT_HOME "SYS$LOGIN:"
+
+# else
+ /* !defined VMS */
+# include <unistd.h>
+# include <sys/types.h>
+# ifdef OPENSSL_SYS_WIN32_CYGWIN
+# include <io.h>
+# include <fcntl.h>
+# endif
+
+# define LIST_SEPARATOR_CHAR ':'
+# define EXIT(n) exit(n)
+# endif
+
+# endif
+
+/***********************************************/
+
+# if defined(OPENSSL_SYS_WINDOWS)
+# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE)
+# define open _open
+# define fdopen _fdopen
+# define close _close
+# ifndef strdup
+# define strdup _strdup
+# endif
+# define unlink _unlink
+# define fileno _fileno
+# endif
+# else
+# include <strings.h>
+# endif
+
+/* vxworks */
+# if defined(OPENSSL_SYS_VXWORKS)
+# include <ioLib.h>
+# include <tickLib.h>
+# include <sysLib.h>
+# include <vxWorks.h>
+# include <sockLib.h>
+# include <taskLib.h>
+
+# define TTY_STRUCT int
+# define sleep(a) taskDelay((a) * sysClkRateGet())
+
+/*
+ * NOTE: these are implemented by helpers in database app! if the database is
+ * not linked, we need to implement them elsewhere
+ */
+struct hostent *gethostbyname(const char *name);
+struct hostent *gethostbyaddr(const char *addr, int length, int type);
+struct servent *getservbyname(const char *name, const char *proto);
+
+# endif
+/* end vxworks */
+
+/* system-specific variants defining ossl_sleep() */
+#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
+# include <unistd.h>
+static ossl_inline void ossl_sleep(unsigned long millis)
+{
+# ifdef OPENSSL_SYS_VXWORKS
+ struct timespec ts;
+ ts.tv_sec = (long int) (millis / 1000);
+ ts.tv_nsec = (long int) (millis % 1000) * 1000000ul;
+ nanosleep(&ts, NULL);
+# elif defined(__TANDEM)
+# if !defined(_REENTRANT)
+# include <cextdecs.h(PROCESS_DELAY_)>
+ /* HPNS does not support usleep for non threaded apps */
+ PROCESS_DELAY_(millis * 1000);
+# elif defined(_SPT_MODEL_)
+# include <spthread.h>
+# include <spt_extensions.h>
+ usleep(millis * 1000);
+# else
+ usleep(millis * 1000);
+# endif
+# else
+ usleep(millis * 1000);
+# endif
+}
+#elif defined(_WIN32)
+# include <windows.h>
+static ossl_inline void ossl_sleep(unsigned long millis)
+{
+ Sleep(millis);
+}
+#else
+/* Fallback to a busy wait */
+static ossl_inline void ossl_sleep(unsigned long millis)
+{
+ struct timeval start, now;
+ unsigned long elapsedms;
+
+ gettimeofday(&start, NULL);
+ do {
+ gettimeofday(&now, NULL);
+ elapsedms = (((now.tv_sec - start.tv_sec) * 1000000)
+ + now.tv_usec - start.tv_usec) / 1000;
+ } while (elapsedms < millis);
+}
+#endif /* defined OPENSSL_SYS_UNIX */
+
+/* ----------------------------- HP NonStop -------------------------------- */
+/* Required to support platform variant without getpid() and pid_t. */
+# if defined(__TANDEM) && defined(_GUARDIAN_TARGET)
+# include <strings.h>
+# include <netdb.h>
+# define getservbyname(name,proto) getservbyname((char*)name,proto)
+# define gethostbyname(name) gethostbyname((char*)name)
+# define ioctlsocket(a,b,c) ioctl(a,b,c)
+# ifdef NO_GETPID
+inline int nssgetpid();
+# ifndef NSSGETPID_MACRO
+# define NSSGETPID_MACRO
+# include <cextdecs.h(PROCESSHANDLE_GETMINE_)>
+# include <cextdecs.h(PROCESSHANDLE_DECOMPOSE_)>
+ inline int nssgetpid()
+ {
+ short phandle[10]={0};
+ union pseudo_pid {
+ struct {
+ short cpu;
+ short pin;
+ } cpu_pin ;
+ int ppid;
+ } ppid = { 0 };
+ PROCESSHANDLE_GETMINE_(phandle);
+ PROCESSHANDLE_DECOMPOSE_(phandle, &ppid.cpu_pin.cpu, &ppid.cpu_pin.pin);
+ return ppid.ppid;
+ }
+# define getpid(a) nssgetpid(a)
+# endif /* NSSGETPID_MACRO */
+# endif /* NO_GETPID */
+/*# define setsockopt(a,b,c,d,f) setsockopt(a,b,c,(char*)d,f)*/
+/*# define getsockopt(a,b,c,d,f) getsockopt(a,b,c,(char*)d,f)*/
+/*# define connect(a,b,c) connect(a,(struct sockaddr *)b,c)*/
+/*# define bind(a,b,c) bind(a,(struct sockaddr *)b,c)*/
+/*# define sendto(a,b,c,d,e,f) sendto(a,(char*)b,c,d,(struct sockaddr *)e,f)*/
+# if defined(OPENSSL_THREADS) && !defined(_PUT_MODEL_)
+ /*
+ * HPNS SPT threads
+ */
+# define SPT_THREAD_SIGNAL 1
+# define SPT_THREAD_AWARE 1
+# include <spthread.h>
+# undef close
+# define close spt_close
+/*
+# define get_last_socket_error() errno
+# define clear_socket_error() errno=0
+# define ioctlsocket(a,b,c) ioctl(a,b,c)
+# define closesocket(s) close(s)
+# define readsocket(s,b,n) read((s),(char*)(b),(n))
+# define writesocket(s,b,n) write((s),(char*)(b),(n)
+*/
+# define accept(a,b,c) accept(a,(struct sockaddr *)b,c)
+# define recvfrom(a,b,c,d,e,f) recvfrom(a,b,(socklen_t)c,d,e,f)
+# endif
+# endif
+
+# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+# define CRYPTO_memcmp memcmp
+# endif
+
+# ifndef OPENSSL_NO_SECURE_MEMORY
+ /* unistd.h defines _POSIX_VERSION */
+# if (defined(OPENSSL_SYS_UNIX) \
+ && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \
+ || defined(__sun) || defined(__hpux) || defined(__sgi) \
+ || defined(__osf__) )) \
+ || defined(_WIN32)
+ /* secure memory is implemented */
+# else
+# define OPENSSL_NO_SECURE_MEMORY
+# endif
+# endif
+
+/*
+ * str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly
+ * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html
+ * There are also equivalent functions on Windows.
+ * There is no locale_t on NONSTOP.
+ */
+# if defined(OPENSSL_SYS_WINDOWS)
+# define locale_t _locale_t
+# define freelocale _free_locale
+# define strcasecmp_l _stricmp_l
+# define strncasecmp_l _strnicmp_l
+# define strcasecmp _stricmp
+# define strncasecmp _strnicmp
+# elif !defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE < 200809L \
+ || defined(OPENSSL_SYS_TANDEM)
+# ifndef OPENSSL_NO_LOCALE
+# define OPENSSL_NO_LOCALE
+# endif
+# endif
+
+#endif
diff --git a/include/internal/param_names.h.in b/include/internal/param_names.h.in
new file mode 100644
index 0000000..f34db21
--- /dev/null
+++ b/include/internal/param_names.h.in
@@ -0,0 +1,18 @@
+/*
+ * {- join("\n * ", @autowarntext) -}
+ *
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+{-
+use OpenSSL::paramnames qw(generate_internal_macros);
+-}
+
+int ossl_param_find_pidx(const char *s);
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+{- generate_internal_macros(); -}
diff --git a/include/openssl/core_names.h.in b/include/openssl/core_names.h.in
new file mode 100644
index 0000000..133f783
--- /dev/null
+++ b/include/openssl/core_names.h.in
@@ -0,0 +1,118 @@
+/*
+ * {- join("\n * ", @autowarntext) -}
+ *
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+{-
+use OpenSSL::paramnames qw(generate_public_macros);
+-}
+
+#ifndef OPENSSL_CORE_NAMES_H
+# define OPENSSL_CORE_NAMES_H
+# pragma once
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* OSSL_CIPHER_PARAM_CTS_MODE Values */
+# define OSSL_CIPHER_CTS_MODE_CS1 "CS1"
+# define OSSL_CIPHER_CTS_MODE_CS2 "CS2"
+# define OSSL_CIPHER_CTS_MODE_CS3 "CS3"
+
+/* Known CIPHER names (not a complete list) */
+# define OSSL_CIPHER_NAME_AES_128_GCM_SIV "AES-128-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_192_GCM_SIV "AES-192-GCM-SIV"
+# define OSSL_CIPHER_NAME_AES_256_GCM_SIV "AES-256-GCM-SIV"
+
+/* Known DIGEST names (not a complete list) */
+# define OSSL_DIGEST_NAME_MD5 "MD5"
+# define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1"
+# define OSSL_DIGEST_NAME_SHA1 "SHA1"
+# define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224"
+# define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256"
+# define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384"
+# define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512"
+# define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224"
+# define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256"
+# define OSSL_DIGEST_NAME_MD2 "MD2"
+# define OSSL_DIGEST_NAME_MD4 "MD4"
+# define OSSL_DIGEST_NAME_MDC2 "MDC2"
+# define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160"
+# define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224"
+# define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256"
+# define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384"
+# define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
+# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+# define OSSL_DIGEST_NAME_SM3 "SM3"
+
+/* Known MAC names */
+# define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
+# define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC"
+# define OSSL_MAC_NAME_CMAC "CMAC"
+# define OSSL_MAC_NAME_GMAC "GMAC"
+# define OSSL_MAC_NAME_HMAC "HMAC"
+# define OSSL_MAC_NAME_KMAC128 "KMAC128"
+# define OSSL_MAC_NAME_KMAC256 "KMAC256"
+# define OSSL_MAC_NAME_POLY1305 "POLY1305"
+# define OSSL_MAC_NAME_SIPHASH "SIPHASH"
+
+/* Known KDF names */
+# define OSSL_KDF_NAME_HKDF "HKDF"
+# define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF"
+# define OSSL_KDF_NAME_PBKDF1 "PBKDF1"
+# define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
+# define OSSL_KDF_NAME_SCRYPT "SCRYPT"
+# define OSSL_KDF_NAME_SSHKDF "SSHKDF"
+# define OSSL_KDF_NAME_SSKDF "SSKDF"
+# define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF"
+# define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1"
+# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+# define OSSL_KDF_NAME_X963KDF "X963KDF"
+# define OSSL_KDF_NAME_KBKDF "KBKDF"
+# define OSSL_KDF_NAME_KRB5KDF "KRB5KDF"
+# define OSSL_KDF_NAME_HMACDRBGKDF "HMAC-DRBG-KDF"
+
+/* RSA padding modes */
+# define OSSL_PKEY_RSA_PAD_MODE_NONE "none"
+# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1"
+# define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep"
+# define OSSL_PKEY_RSA_PAD_MODE_X931 "x931"
+# define OSSL_PKEY_RSA_PAD_MODE_PSS "pss"
+
+/* RSA pss padding salt length */
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto"
+# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax"
+
+/* OSSL_PKEY_PARAM_EC_ENCODING values */
+# define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit"
+# define OSSL_PKEY_EC_ENCODING_GROUP "named_curve"
+
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed"
+# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid"
+
+# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named"
+# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist"
+
+/* OSSL_KEM_PARAM_OPERATION values */
+#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE"
+#define OSSL_KEM_PARAM_OPERATION_DHKEM "DHKEM"
+
+/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */
+{- generate_public_macros(); -}
+
+# ifdef __cplusplus
+}
+# endif
+
+#endif
diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c
index ed95c97..455924f 100644
--- a/providers/implementations/ciphers/ciphercommon_gcm.c
+++ b/providers/implementations/ciphers/ciphercommon_gcm.c
@@ -15,6 +15,7 @@
#include "prov/ciphercommon_gcm.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
+#include "internal/param_names.h"
static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len);
static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv,
@@ -145,84 +146,97 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[])
PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx;
OSSL_PARAM *p;
size_t sz;
-
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN);
- if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
- return 0;
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN);
- if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
- return 0;
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN);
- if (p != NULL) {
- size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen :
- GCM_TAG_MAX_SIZE;
-
- if (!OSSL_PARAM_set_size_t(p, taglen)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
- return 0;
- }
- }
-
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV);
- if (p != NULL) {
- if (ctx->iv_state == IV_STATE_UNINITIALISED)
- return 0;
- if (ctx->ivlen > p->data_size) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
- return 0;
- }
- if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)
- && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
- return 0;
- }
- }
-
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV);
- if (p != NULL) {
- if (ctx->iv_state == IV_STATE_UNINITIALISED)
- return 0;
- if (ctx->ivlen > p->data_size) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
- return 0;
- }
- if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)
- && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
- return 0;
- }
- }
-
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD);
- if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
- return 0;
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG);
- if (p != NULL) {
- sz = p->data_size;
- if (sz == 0
- || sz > EVP_GCM_TLS_TAG_LEN
- || !ctx->enc
- || ctx->taglen == UNINITIALISED_SIZET) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
- return 0;
+ int type;
+
+ for (p = params; p->key != NULL; p++) {
+ type = ossl_param_find_pidx(p->key);
+ switch (type) {
+ default:
+ break;
+
+ case PIDX_CIPHER_PARAM_IVLEN:
+ if (!OSSL_PARAM_set_size_t(p, ctx->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_KEYLEN:
+ if (!OSSL_PARAM_set_size_t(p, ctx->keylen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TAGLEN:
+ {
+ size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen :
+ GCM_TAG_MAX_SIZE;
+
+ if (!OSSL_PARAM_set_size_t(p, taglen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_IV:
+ if (ctx->iv_state == IV_STATE_UNINITIALISED)
+ return 0;
+ if (ctx->ivlen > p->data_size) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)
+ && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_UPDATED_IV:
+ if (ctx->iv_state == IV_STATE_UNINITIALISED)
+ return 0;
+ if (ctx->ivlen > p->data_size) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen)
+ && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD:
+ if (!OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TAG:
+ sz = p->data_size;
+ if (sz == 0
+ || sz > EVP_GCM_TLS_TAG_LEN
+ || !ctx->enc
+ || ctx->taglen == UNINITIALISED_SIZET) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
+ return 0;
+ }
+ if (!OSSL_PARAM_set_octet_string(p, ctx->buf, sz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
+ return 0;
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN:
+ if (p->data == NULL
+ || p->data_type != OSSL_PARAM_OCTET_STRING
+ || !getivgen(ctx, p->data, p->data_size))
+ return 0;
+ break;
}
- if (!OSSL_PARAM_set_octet_string(p, ctx->buf, sz)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER);
- return 0;
- }
- }
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN);
- if (p != NULL) {
- if (p->data == NULL
- || p->data_type != OSSL_PARAM_OCTET_STRING
- || !getivgen(ctx, p->data, p->data_size))
- return 0;
}
return 1;
}
@@ -233,71 +247,75 @@ int ossl_gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[])
const OSSL_PARAM *p;
size_t sz;
void *vp;
+ int type;
if (params == NULL)
return 1;
- p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG);
- if (p != NULL) {
- vp = ctx->buf;
- if (!OSSL_PARAM_get_octet_string(p, &vp, EVP_GCM_TLS_TAG_LEN, &sz)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
- return 0;
- }
- if (sz == 0 || ctx->enc) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
- return 0;
+ for (p = params; p->key != NULL; p++) {
+ type = ossl_param_find_pidx(p->key);
+ switch (type) {
+ default:
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TAG:
+ vp = ctx->buf;
+ if (!OSSL_PARAM_get_octet_string(p, &vp, EVP_GCM_TLS_TAG_LEN, &sz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (sz == 0 || ctx->enc) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG);
+ return 0;
+ }
+ ctx->taglen = sz;
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_IVLEN:
+ if (!OSSL_PARAM_get_size_t(p, &sz)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (sz == 0 || sz > sizeof(ctx->iv)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
+ return 0;
+ }
+ ctx->ivlen = sz;
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD:
+ if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ sz = gcm_tls_init(ctx, p->data, p->data_size);
+ if (sz == 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_AAD);
+ return 0;
+ }
+ ctx->tls_aad_pad_sz = sz;
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED:
+ if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ if (gcm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+ return 0;
+ }
+ break;
+
+ case PIDX_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV:
+ if (p->data == NULL
+ || p->data_type != OSSL_PARAM_OCTET_STRING
+ || !setivinv(ctx, p->data, p->data_size))
+ return 0;
+ break;
}
- ctx->taglen = sz;
}
- p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN);
- if (p != NULL) {
- if (!OSSL_PARAM_get_size_t(p, &sz)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
- return 0;
- }
- if (sz == 0 || sz > sizeof(ctx->iv)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH);
- return 0;
- }
- ctx->ivlen = sz;
- }
-
- p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD);
- if (p != NULL) {
- if (p->data_type != OSSL_PARAM_OCTET_STRING) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
- return 0;
- }
- sz = gcm_tls_init(ctx, p->data, p->data_size);
- if (sz == 0) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_AAD);
- return 0;
- }
- ctx->tls_aad_pad_sz = sz;
- }
-
- p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED);
- if (p != NULL) {
- if (p->data_type != OSSL_PARAM_OCTET_STRING) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
- return 0;
- }
- if (gcm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
- return 0;
- }
- }
- p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV);
- if (p != NULL) {
- if (p->data == NULL
- || p->data_type != OSSL_PARAM_OCTET_STRING
- || !setivinv(ctx, p->data, p->data_size))
- return 0;
- }
-
-
return 1;
}
diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm
new file mode 100644
index 0000000..66c6fdd
--- /dev/null
+++ b/util/perl/OpenSSL/paramnames.pm
@@ -0,0 +1,673 @@
+#! /usr/bin/env perl
+# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+package OpenSSL::paramnames;
+
+use strict;
+use warnings;
+
+require Exporter;
+our @ISA = qw(Exporter);
+our @EXPORT_OK = qw(generate_public_macros
+ generate_internal_macros
+ produce_decoder);
+
+my $case_sensitive = 1;
+
+my %params = (
+# Well known parameter names that core passes to providers
+ 'PROV_PARAM_CORE_VERSION' => "openssl-version",# utf8_ptr
+ 'PROV_PARAM_CORE_PROV_NAME' => "provider-name", # utf8_ptr
+ 'PROV_PARAM_CORE_MODULE_FILENAME' => "module-filename",# utf8_ptr
+
+# Well known parameter names that Providers can define
+ 'PROV_PARAM_NAME' => "name", # utf8_ptr
+ 'PROV_PARAM_VERSION' => "version", # utf8_ptr
+ 'PROV_PARAM_BUILDINFO' => "buildinfo", # utf8_ptr
+ 'PROV_PARAM_STATUS' => "status", # uint
+ 'PROV_PARAM_SECURITY_CHECKS' => "security-checks", # uint
+ 'PROV_PARAM_TLS1_PRF_EMS_CHECK' => "tls1-prf-ems-check", # uint
+ 'PROV_PARAM_DRBG_TRUNC_DIGEST' => "drbg-no-trunc-md", # uint
+
+# Self test callback parameters
+ 'PROV_PARAM_SELF_TEST_PHASE' => "st-phase",# utf8_string
+ 'PROV_PARAM_SELF_TEST_TYPE' => "st-type", # utf8_string
+ 'PROV_PARAM_SELF_TEST_DESC' => "st-desc", # utf8_string
+
+# Provider-native object abstractions
+#
+# These are used when a provider wants to pass object data or an object
+# reference back to libcrypto. This is only useful for provider functions
+# that take a callback to which an PARAM array with these parameters
+# can be passed.
+#
+# This set of parameter names is explained in detail in provider-object(7)
+# (doc/man7/provider-object.pod)
+
+ 'OBJECT_PARAM_TYPE' => "type", # INTEGER
+ 'OBJECT_PARAM_DATA_TYPE' => "data-type",# UTF8_STRING
+ 'OBJECT_PARAM_DATA_STRUCTURE' => "data-structure",# UTF8_STRING
+ 'OBJECT_PARAM_REFERENCE' => "reference",# OCTET_STRING
+ 'OBJECT_PARAM_DATA' => "data",# OCTET_STRING or UTF8_STRING
+ 'OBJECT_PARAM_DESC' => "desc", # UTF8_STRING
+
+# Algorithm parameters
+# If "engine",or "properties",are specified, they should always be paired
+# with the algorithm type.
+# Note these are common names that are shared by many types (such as kdf, mac,
+# and pkey) e.g: see MAC_PARAM_DIGEST below.
+
+ 'ALG_PARAM_DIGEST' => "digest", # utf8_string
+ 'ALG_PARAM_CIPHER' => "cipher", # utf8_string
+ 'ALG_PARAM_ENGINE' => "engine", # utf8_string
+ 'ALG_PARAM_MAC' => "mac", # utf8_string
+ 'ALG_PARAM_PROPERTIES' => "properties", # utf8_string
+
+# cipher parameters
+ 'CIPHER_PARAM_PADDING' => "padding", # uint
+ 'CIPHER_PARAM_USE_BITS' => "use-bits", # uint
+ 'CIPHER_PARAM_TLS_VERSION' => "tls-version", # uint
+ 'CIPHER_PARAM_TLS_MAC' => "tls-mac", # octet_ptr
+ 'CIPHER_PARAM_TLS_MAC_SIZE' => "tls-mac-size",# size_t
+ 'CIPHER_PARAM_MODE' => "mode", # uint
+ 'CIPHER_PARAM_BLOCK_SIZE' => "blocksize", # size_t
+ 'CIPHER_PARAM_AEAD' => "aead", # int, 0 or 1
+ 'CIPHER_PARAM_CUSTOM_IV' => "custom-iv", # int, 0 or 1
+ 'CIPHER_PARAM_CTS' => "cts", # int, 0 or 1
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK' => "tls-multi", # int, 0 or 1
+ 'CIPHER_PARAM_HAS_RAND_KEY' => "has-randkey", # int, 0 or 1
+ 'CIPHER_PARAM_KEYLEN' => "keylen", # size_t
+ 'CIPHER_PARAM_IVLEN' => "ivlen", # size_t
+ 'CIPHER_PARAM_IV' => "iv", # octet_string OR octet_ptr
+ 'CIPHER_PARAM_UPDATED_IV' => "updated-iv", # octet_string OR octet_ptr
+ 'CIPHER_PARAM_NUM' => "num", # uint
+ 'CIPHER_PARAM_ROUNDS' => "rounds", # uint
+ 'CIPHER_PARAM_AEAD_TAG' => "tag", # octet_string
+ 'CIPHER_PARAM_AEAD_TLS1_AAD' => "tlsaad", # octet_string
+ 'CIPHER_PARAM_AEAD_TLS1_AAD_PAD' => "tlsaadpad", # size_t
+ 'CIPHER_PARAM_AEAD_TLS1_IV_FIXED' => "tlsivfixed", # octet_string
+ 'CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN' => "tlsivgen", # octet_string
+ 'CIPHER_PARAM_AEAD_TLS1_SET_IV_INV' => "tlsivinv", # octet_string
+ 'CIPHER_PARAM_AEAD_IVLEN' => '*CIPHER_PARAM_IVLEN',
+ 'CIPHER_PARAM_AEAD_TAGLEN' => "taglen", # size_t
+ 'CIPHER_PARAM_AEAD_MAC_KEY' => "mackey", # octet_string
+ 'CIPHER_PARAM_RANDOM_KEY' => "randkey", # octet_string
+ 'CIPHER_PARAM_RC2_KEYBITS' => "keybits", # size_t
+ 'CIPHER_PARAM_SPEED' => "speed", # uint
+ 'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string
+# For passing the AlgorithmIdentifier parameter in DER form
+ 'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string
+ 'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string
+
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE' => "tls1multi_interleave",# uint
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_AAD' => "tls1multi_aad", # octet_string
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN' => "tls1multi_aadpacklen",# uint
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC' => "tls1multi_enc", # octet_string
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN' => "tls1multi_encin", # octet_string
+ 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN' => "tls1multi_enclen", # size_t
+
+# digest parameters
+ 'DIGEST_PARAM_XOFLEN' => "xoflen", # size_t
+ 'DIGEST_PARAM_SSL3_MS' => "ssl3-ms", # octet string
+ 'DIGEST_PARAM_PAD_TYPE' => "pad-type", # uint
+ 'DIGEST_PARAM_MICALG' => "micalg", # utf8 string
+ 'DIGEST_PARAM_BLOCK_SIZE' => "blocksize", # size_t
+ 'DIGEST_PARAM_SIZE' => "size", # size_t
+ 'DIGEST_PARAM_XOF' => "xof", # int, 0 or 1
+ 'DIGEST_PARAM_ALGID_ABSENT' => "algid-absent", # int, 0 or 1
+
+# MAC parameters
+ 'MAC_PARAM_KEY' => "key", # octet string
+ 'MAC_PARAM_IV' => "iv", # octet string
+ 'MAC_PARAM_CUSTOM' => "custom", # utf8 string
+ 'MAC_PARAM_SALT' => "salt", # octet string
+ 'MAC_PARAM_XOF' => "xof", # int, 0 or 1
+ 'MAC_PARAM_DIGEST_NOINIT' => "digest-noinit", # int, 0 or 1
+ 'MAC_PARAM_DIGEST_ONESHOT' => "digest-oneshot",# int, 0 or 1
+ 'MAC_PARAM_C_ROUNDS' => "c-rounds", # unsigned int
+ 'MAC_PARAM_D_ROUNDS' => "d-rounds", # unsigned int
+
+# If "engine",or "properties",are specified, they should always be paired
+# with "cipher",or "digest".
+
+ 'MAC_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string
+ 'MAC_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string
+ 'MAC_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string
+ 'MAC_PARAM_SIZE' => "size", # size_t
+ 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t
+ 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t
+
+# KDF / PRF parameters
+ 'KDF_PARAM_SECRET' => "secret", # octet string
+ 'KDF_PARAM_KEY' => "key", # octet string
+ 'KDF_PARAM_SALT' => "salt", # octet string
+ 'KDF_PARAM_PASSWORD' => "pass", # octet string
+ 'KDF_PARAM_PREFIX' => "prefix", # octet string
+ 'KDF_PARAM_LABEL' => "label", # octet string
+ 'KDF_PARAM_DATA' => "data", # octet string
+ 'KDF_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string
+ 'KDF_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string
+ 'KDF_PARAM_MAC' => '*ALG_PARAM_MAC', # utf8 string
+ 'KDF_PARAM_MAC_SIZE' => "maclen", # size_t
+ 'KDF_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string
+ 'KDF_PARAM_ITER' => "iter", # unsigned int
+ 'KDF_PARAM_MODE' => "mode", # utf8 string or int
+ 'KDF_PARAM_PKCS5' => "pkcs5", # int
+ 'KDF_PARAM_UKM' => "ukm", # octet string
+ 'KDF_PARAM_CEK_ALG' => "cekalg", # utf8 string
+ 'KDF_PARAM_SCRYPT_N' => "n", # uint64_t
+ 'KDF_PARAM_SCRYPT_R' => "r", # uint32_t
+ 'KDF_PARAM_SCRYPT_P' => "p", # uint32_t
+ 'KDF_PARAM_SCRYPT_MAXMEM' => "maxmem_bytes", # uint64_t
+ 'KDF_PARAM_INFO' => "info", # octet string
+ 'KDF_PARAM_SEED' => "seed", # octet string
+ 'KDF_PARAM_SSHKDF_XCGHASH' => "xcghash", # octet string
+ 'KDF_PARAM_SSHKDF_SESSION_ID' => "session_id", # octet string
+ 'KDF_PARAM_SSHKDF_TYPE' => "type", # int
+ 'KDF_PARAM_SIZE' => "size", # size_t
+ 'KDF_PARAM_CONSTANT' => "constant", # octet string
+ 'KDF_PARAM_PKCS12_ID' => "id", # int
+ 'KDF_PARAM_KBKDF_USE_L' => "use-l", # int
+ 'KDF_PARAM_KBKDF_USE_SEPARATOR' => "use-separator", # int
+ 'KDF_PARAM_KBKDF_R' => "r", # int
+ 'KDF_PARAM_X942_ACVPINFO' => "acvp-info",
+ 'KDF_PARAM_X942_PARTYUINFO' => "partyu-info",
+ 'KDF_PARAM_X942_PARTYVINFO' => "partyv-info",
+ 'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo",
+ 'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo",
+ 'KDF_PARAM_X942_USE_KEYBITS' => "use-keybits",
+ 'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy",
+ 'KDF_PARAM_HMACDRBG_NONCE' => "nonce",
+ 'KDF_PARAM_THREADS' => "threads", # uint32_t
+ 'KDF_PARAM_EARLY_CLEAN' => "early_clean", # uint32_t
+ 'KDF_PARAM_ARGON2_AD' => "ad", # octet string
+ 'KDF_PARAM_ARGON2_LANES' => "lanes", # uint32_t
+ 'KDF_PARAM_ARGON2_MEMCOST' => "memcost", # uint32_t
+ 'KDF_PARAM_ARGON2_VERSION' => "version", # uint32_t
+
+# Known RAND names
+ 'RAND_PARAM_STATE' => "state",
+ 'RAND_PARAM_STRENGTH' => "strength",
+ 'RAND_PARAM_MAX_REQUEST' => "max_request",
+ 'RAND_PARAM_TEST_ENTROPY' => "test_entropy",
+ 'RAND_PARAM_TEST_NONCE' => "test_nonce",
+
+# RAND/DRBG names
+ 'DRBG_PARAM_RESEED_REQUESTS' => "reseed_requests",
+ 'DRBG_PARAM_RESEED_TIME_INTERVAL' => "reseed_time_interval",
+ 'DRBG_PARAM_MIN_ENTROPYLEN' => "min_entropylen",
+ 'DRBG_PARAM_MAX_ENTROPYLEN' => "max_entropylen",
+ 'DRBG_PARAM_MIN_NONCELEN' => "min_noncelen",
+ 'DRBG_PARAM_MAX_NONCELEN' => "max_noncelen",
+ 'DRBG_PARAM_MAX_PERSLEN' => "max_perslen",
+ 'DRBG_PARAM_MAX_ADINLEN' => "max_adinlen",
+ 'DRBG_PARAM_RESEED_COUNTER' => "reseed_counter",
+ 'DRBG_PARAM_RESEED_TIME' => "reseed_time",
+ 'DRBG_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES',
+ 'DRBG_PARAM_DIGEST' => '*ALG_PARAM_DIGEST',
+ 'DRBG_PARAM_CIPHER' => '*ALG_PARAM_CIPHER',
+ 'DRBG_PARAM_MAC' => '*ALG_PARAM_MAC',
+ 'DRBG_PARAM_USE_DF' => "use_derivation_function",
+
+# DRBG call back parameters
+ 'DRBG_PARAM_ENTROPY_REQUIRED' => "entropy_required",
+ 'DRBG_PARAM_PREDICTION_RESISTANCE' => "prediction_resistance",
+ 'DRBG_PARAM_MIN_LENGTH' => "minium_length",
+ 'DRBG_PARAM_MAX_LENGTH' => "maxium_length",
+ 'DRBG_PARAM_RANDOM_DATA' => "random_data",
+ 'DRBG_PARAM_SIZE' => "size",
+
+# PKEY parameters
+# Common PKEY parameters
+ 'PKEY_PARAM_BITS' => "bits",# integer
+ 'PKEY_PARAM_MAX_SIZE' => "max-size",# integer
+ 'PKEY_PARAM_SECURITY_BITS' => "security-bits",# integer
+ 'PKEY_PARAM_DIGEST' => '*ALG_PARAM_DIGEST',
+ 'PKEY_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string
+ 'PKEY_PARAM_ENGINE' => '*ALG_PARAM_ENGINE', # utf8 string
+ 'PKEY_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES',
+ 'PKEY_PARAM_DEFAULT_DIGEST' => "default-digest",# utf8 string
+ 'PKEY_PARAM_MANDATORY_DIGEST' => "mandatory-digest",# utf8 string
+ 'PKEY_PARAM_PAD_MODE' => "pad-mode",
+ 'PKEY_PARAM_DIGEST_SIZE' => "digest-size",
+ 'PKEY_PARAM_MASKGENFUNC' => "mgf",
+ 'PKEY_PARAM_MGF1_DIGEST' => "mgf1-digest",
+ 'PKEY_PARAM_MGF1_PROPERTIES' => "mgf1-properties",
+ 'PKEY_PARAM_ENCODED_PUBLIC_KEY' => "encoded-pub-key",
+ 'PKEY_PARAM_GROUP_NAME' => "group",
+ 'PKEY_PARAM_DIST_ID' => "distid",
+ 'PKEY_PARAM_PUB_KEY' => "pub",
+ 'PKEY_PARAM_PRIV_KEY' => "priv",
+ 'PKEY_PARAM_IMPLICIT_REJECTION' => "implicit-rejection",
+
+# Diffie-Hellman/DSA Parameters
+ 'PKEY_PARAM_FFC_P' => "p",
+ 'PKEY_PARAM_FFC_G' => "g",
+ 'PKEY_PARAM_FFC_Q' => "q",
+ 'PKEY_PARAM_FFC_GINDEX' => "gindex",
+ 'PKEY_PARAM_FFC_PCOUNTER' => "pcounter",
+ 'PKEY_PARAM_FFC_SEED' => "seed",
+ 'PKEY_PARAM_FFC_COFACTOR' => "j",
+ 'PKEY_PARAM_FFC_H' => "hindex",
+ 'PKEY_PARAM_FFC_VALIDATE_PQ' => "validate-pq",
+ 'PKEY_PARAM_FFC_VALIDATE_G' => "validate-g",
+ 'PKEY_PARAM_FFC_VALIDATE_LEGACY' => "validate-legacy",
+
+# Diffie-Hellman params
+ 'PKEY_PARAM_DH_GENERATOR' => "safeprime-generator",
+ 'PKEY_PARAM_DH_PRIV_LEN' => "priv_len",
+
+# Elliptic Curve Domain Parameters
+ 'PKEY_PARAM_EC_PUB_X' => "qx",
+ 'PKEY_PARAM_EC_PUB_Y' => "qy",
+
+# Elliptic Curve Explicit Domain Parameters
+ 'PKEY_PARAM_EC_FIELD_TYPE' => "field-type",
+ 'PKEY_PARAM_EC_P' => "p",
+ 'PKEY_PARAM_EC_A' => "a",
+ 'PKEY_PARAM_EC_B' => "b",
+ 'PKEY_PARAM_EC_GENERATOR' => "generator",
+ 'PKEY_PARAM_EC_ORDER' => "order",
+ 'PKEY_PARAM_EC_COFACTOR' => "cofactor",
+ 'PKEY_PARAM_EC_SEED' => "seed",
+ 'PKEY_PARAM_EC_CHAR2_M' => "m",
+ 'PKEY_PARAM_EC_CHAR2_TYPE' => "basis-type",
+ 'PKEY_PARAM_EC_CHAR2_TP_BASIS' => "tp",
+ 'PKEY_PARAM_EC_CHAR2_PP_K1' => "k1",
+ 'PKEY_PARAM_EC_CHAR2_PP_K2' => "k2",
+ 'PKEY_PARAM_EC_CHAR2_PP_K3' => "k3",
+ 'PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS' => "decoded-from-explicit",
+
+# Elliptic Curve Key Parameters
+ 'PKEY_PARAM_USE_COFACTOR_FLAG' => "use-cofactor-flag",
+ 'PKEY_PARAM_USE_COFACTOR_ECDH' => '*PKEY_PARAM_USE_COFACTOR_FLAG',
+
+# RSA Keys
+#
+# n, e, d are the usual public and private key components
+#
+# rsa-num is the number of factors, including p and q
+# rsa-factor is used for each factor: p, q, r_i (i = 3, ...)
+# rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...)
+# rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...)
+#
+# The number of rsa-factor items must be equal to the number of rsa-exponent
+# items, and the number of rsa-coefficients must be one less.
+# (the base i for the coefficients is 2, not 1, at least as implied by
+# RFC 8017)
+
+ 'PKEY_PARAM_RSA_N' => "n",
+ 'PKEY_PARAM_RSA_E' => "e",
+ 'PKEY_PARAM_RSA_D' => "d",
+ 'PKEY_PARAM_RSA_FACTOR' => "rsa-factor",
+ 'PKEY_PARAM_RSA_EXPONENT' => "rsa-exponent",
+ 'PKEY_PARAM_RSA_COEFFICIENT' => "rsa-coefficient",
+ 'PKEY_PARAM_RSA_FACTOR1' => "rsa-factor1",
+ 'PKEY_PARAM_RSA_FACTOR2' => "rsa-factor2",
+ 'PKEY_PARAM_RSA_FACTOR3' => "rsa-factor3",
+ 'PKEY_PARAM_RSA_FACTOR4' => "rsa-factor4",
+ 'PKEY_PARAM_RSA_FACTOR5' => "rsa-factor5",
+ 'PKEY_PARAM_RSA_FACTOR6' => "rsa-factor6",
+ 'PKEY_PARAM_RSA_FACTOR7' => "rsa-factor7",
+ 'PKEY_PARAM_RSA_FACTOR8' => "rsa-factor8",
+ 'PKEY_PARAM_RSA_FACTOR9' => "rsa-factor9",
+ 'PKEY_PARAM_RSA_FACTOR10' => "rsa-factor10",
+ 'PKEY_PARAM_RSA_EXPONENT1' => "rsa-exponent1",
+ 'PKEY_PARAM_RSA_EXPONENT2' => "rsa-exponent2",
+ 'PKEY_PARAM_RSA_EXPONENT3' => "rsa-exponent3",
+ 'PKEY_PARAM_RSA_EXPONENT4' => "rsa-exponent4",
+ 'PKEY_PARAM_RSA_EXPONENT5' => "rsa-exponent5",
+ 'PKEY_PARAM_RSA_EXPONENT6' => "rsa-exponent6",
+ 'PKEY_PARAM_RSA_EXPONENT7' => "rsa-exponent7",
+ 'PKEY_PARAM_RSA_EXPONENT8' => "rsa-exponent8",
+ 'PKEY_PARAM_RSA_EXPONENT9' => "rsa-exponent9",
+ 'PKEY_PARAM_RSA_EXPONENT10' => "rsa-exponent10",
+ 'PKEY_PARAM_RSA_COEFFICIENT1' => "rsa-coefficient1",
+ 'PKEY_PARAM_RSA_COEFFICIENT2' => "rsa-coefficient2",
+ 'PKEY_PARAM_RSA_COEFFICIENT3' => "rsa-coefficient3",
+ 'PKEY_PARAM_RSA_COEFFICIENT4' => "rsa-coefficient4",
+ 'PKEY_PARAM_RSA_COEFFICIENT5' => "rsa-coefficient5",
+ 'PKEY_PARAM_RSA_COEFFICIENT6' => "rsa-coefficient6",
+ 'PKEY_PARAM_RSA_COEFFICIENT7' => "rsa-coefficient7",
+ 'PKEY_PARAM_RSA_COEFFICIENT8' => "rsa-coefficient8",
+ 'PKEY_PARAM_RSA_COEFFICIENT9' => "rsa-coefficient9",
+
+# Key generation parameters
+ 'PKEY_PARAM_RSA_BITS' => '*PKEY_PARAM_BITS',
+ 'PKEY_PARAM_RSA_PRIMES' => "primes",
+ 'PKEY_PARAM_RSA_DIGEST' => '*PKEY_PARAM_DIGEST',
+ 'PKEY_PARAM_RSA_DIGEST_PROPS' => '*PKEY_PARAM_PROPERTIES',
+ 'PKEY_PARAM_RSA_MASKGENFUNC' => '*PKEY_PARAM_MASKGENFUNC',
+ 'PKEY_PARAM_RSA_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST',
+ 'PKEY_PARAM_RSA_PSS_SALTLEN' => "saltlen",
+
+# EC, X25519 and X448 Key generation parameters
+ 'PKEY_PARAM_DHKEM_IKM' => "dhkem-ikm",
+
+# Key generation parameters
+ 'PKEY_PARAM_FFC_TYPE' => "type",
+ 'PKEY_PARAM_FFC_PBITS' => "pbits",
+ 'PKEY_PARAM_FFC_QBITS' => "qbits",
+ 'PKEY_PARAM_FFC_DIGEST' => '*PKEY_PARAM_DIGEST',
+ 'PKEY_PARAM_FFC_DIGEST_PROPS' => '*PKEY_PARAM_PROPERTIES',
+
+ 'PKEY_PARAM_EC_ENCODING' => "encoding",# utf8_string
+ 'PKEY_PARAM_EC_POINT_CONVERSION_FORMAT' => "point-format",
+ 'PKEY_PARAM_EC_GROUP_CHECK_TYPE' => "group-check",
+ 'PKEY_PARAM_EC_INCLUDE_PUBLIC' => "include-public",
+
+# Key Exchange parameters
+ 'EXCHANGE_PARAM_PAD' => "pad",# uint
+ 'EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE' => "ecdh-cofactor-mode",# int
+ 'EXCHANGE_PARAM_KDF_TYPE' => "kdf-type",# utf8_string
+ 'EXCHANGE_PARAM_KDF_DIGEST' => "kdf-digest",# utf8_string
+ 'EXCHANGE_PARAM_KDF_DIGEST_PROPS' => "kdf-digest-props",# utf8_string
+ 'EXCHANGE_PARAM_KDF_OUTLEN' => "kdf-outlen",# size_t
+# The following parameter is an octet_string on set and an octet_ptr on get
+ 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm",
+
+# Signature parameters
+ 'SIGNATURE_PARAM_ALGORITHM_ID' => "algorithm-id",
+ 'SIGNATURE_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE',
+ 'SIGNATURE_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST',
+ 'SIGNATURE_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES',
+ 'SIGNATURE_PARAM_PSS_SALTLEN' => "saltlen",
+ 'SIGNATURE_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST',
+ 'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES',
+ 'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE',
+ 'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type",
+ 'SIGNATURE_PARAM_INSTANCE' => "instance",
+ 'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string",
+
+# Asym cipher parameters
+ 'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST',
+ 'ASYM_CIPHER_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES',
+ 'ASYM_CIPHER_PARAM_ENGINE' => '*PKEY_PARAM_ENGINE',
+ 'ASYM_CIPHER_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE',
+ 'ASYM_CIPHER_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST',
+ 'ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS' => '*PKEY_PARAM_MGF1_PROPERTIES',
+ 'ASYM_CIPHER_PARAM_OAEP_DIGEST' => '*ALG_PARAM_DIGEST',
+ 'ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS' => "digest-props",
+# The following parameter is an octet_string on set and an octet_ptr on get
+ 'ASYM_CIPHER_PARAM_OAEP_LABEL' => "oaep-label",
+ 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version",
+ 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version",
+ 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection",
+
+# Encoder / decoder parameters
+
+ 'ENCODER_PARAM_CIPHER' => '*ALG_PARAM_CIPHER',
+ 'ENCODER_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES',
+# Currently PVK only, but reusable for others as needed
+ 'ENCODER_PARAM_ENCRYPT_LEVEL' => "encrypt-level",
+ 'ENCODER_PARAM_SAVE_PARAMETERS' => "save-parameters",# integer
+
+ 'DECODER_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES',
+
+# Passphrase callback parameters
+ 'PASSPHRASE_PARAM_INFO' => "info",
+
+# Keygen callback parameters, from provider to libcrypto
+ 'GEN_PARAM_POTENTIAL' => "potential",# integer
+ 'GEN_PARAM_ITERATION' => "iteration",# integer
+
+# ACVP Test parameters : These should not be used normally
+ 'PKEY_PARAM_RSA_TEST_XP1' => "xp1",
+ 'PKEY_PARAM_RSA_TEST_XP2' => "xp2",
+ 'PKEY_PARAM_RSA_TEST_XP' => "xp",
+ 'PKEY_PARAM_RSA_TEST_XQ1' => "xq1",
+ 'PKEY_PARAM_RSA_TEST_XQ2' => "xq2",
+ 'PKEY_PARAM_RSA_TEST_XQ' => "xq",
+ 'PKEY_PARAM_RSA_TEST_P1' => "p1",
+ 'PKEY_PARAM_RSA_TEST_P2' => "p2",
+ 'PKEY_PARAM_RSA_TEST_Q1' => "q1",
+ 'PKEY_PARAM_RSA_TEST_Q2' => "q2",
+ 'SIGNATURE_PARAM_KAT' => "kat",
+
+# KEM parameters
+ 'KEM_PARAM_OPERATION' => "operation",
+ 'KEM_PARAM_IKME' => "ikme",
+
+# Capabilities
+
+# TLS-GROUP Capability
+ 'CAPABILITY_TLS_GROUP_NAME' => "tls-group-name",
+ 'CAPABILITY_TLS_GROUP_NAME_INTERNAL' => "tls-group-name-internal",
+ 'CAPABILITY_TLS_GROUP_ID' => "tls-group-id",
+ 'CAPABILITY_TLS_GROUP_ALG' => "tls-group-alg",
+ 'CAPABILITY_TLS_GROUP_SECURITY_BITS' => "tls-group-sec-bits",
+ 'CAPABILITY_TLS_GROUP_IS_KEM' => "tls-group-is-kem",
+ 'CAPABILITY_TLS_GROUP_MIN_TLS' => "tls-min-tls",
+ 'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls",
+ 'CAPABILITY_TLS_GROUP_MIN_DTLS' => "tls-min-dtls",
+ 'CAPABILITY_TLS_GROUP_MAX_DTLS' => "tls-max-dtls",
+
+# TLS-SIGALG Capability
+ 'CAPABILITY_TLS_SIGALG_IANA_NAME' => "tls-sigalg-iana-name",
+ 'CAPABILITY_TLS_SIGALG_CODE_POINT' => "tls-sigalg-code-point",
+ 'CAPABILITY_TLS_SIGALG_NAME' => "tls-sigalg-name",
+ 'CAPABILITY_TLS_SIGALG_OID' => "tls-sigalg-oid",
+ 'CAPABILITY_TLS_SIGALG_SIG_NAME' => "tls-sigalg-sig-name",
+ 'CAPABILITY_TLS_SIGALG_SIG_OID' => "tls-sigalg-sig-oid",
+ 'CAPABILITY_TLS_SIGALG_HASH_NAME' => "tls-sigalg-hash-name",
+ 'CAPABILITY_TLS_SIGALG_HASH_OID' => "tls-sigalg-hash-oid",
+ 'CAPABILITY_TLS_SIGALG_KEYTYPE' => "tls-sigalg-keytype",
+ 'CAPABILITY_TLS_SIGALG_KEYTYPE_OID' => "tls-sigalg-keytype-oid",
+ 'CAPABILITY_TLS_SIGALG_SECURITY_BITS' => "tls-sigalg-sec-bits",
+ 'CAPABILITY_TLS_SIGALG_MIN_TLS' => "tls-min-tls",
+ 'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls",
+
+# storemgmt parameters
+
+
+# Used by storemgmt_ctx_set_params():
+#
+# - STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
+# STORE_INFO numbers. This is used to set the expected type of
+# object loaded.
+#
+# - STORE_PARAM_SUBJECT, STORE_PARAM_ISSUER,
+# STORE_PARAM_SERIAL, STORE_PARAM_FINGERPRINT,
+# STORE_PARAM_DIGEST, STORE_PARAM_ALIAS
+# are used as search criteria.
+# (STORE_PARAM_DIGEST is used with STORE_PARAM_FINGERPRINT)
+
+ 'STORE_PARAM_EXPECT' => "expect", # INTEGER
+ 'STORE_PARAM_SUBJECT' => "subject", # DER blob => OCTET_STRING
+ 'STORE_PARAM_ISSUER' => "name", # DER blob => OCTET_STRING
+ 'STORE_PARAM_SERIAL' => "serial", # INTEGER
+ 'STORE_PARAM_DIGEST' => "digest", # UTF8_STRING
+ 'STORE_PARAM_FINGERPRINT' => "fingerprint", # OCTET_STRING
+ 'STORE_PARAM_ALIAS' => "alias", # UTF8_STRING
+
+# You may want to pass properties for the provider implementation to use
+ 'STORE_PARAM_PROPERTIES' => "properties", # utf8_string
+# DECODER input type if a decoder is used by the store
+ 'STORE_PARAM_INPUT_TYPE' => "input-type", # UTF8_STRING
+
+
+# Libssl record layer
+ 'LIBSSL_RECORD_LAYER_PARAM_OPTIONS' => "options",
+ 'LIBSSL_RECORD_LAYER_PARAM_MODE' => "mode",
+ 'LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD' => "read_ahead",
+ 'LIBSSL_RECORD_LAYER_READ_BUFFER_LEN' => "read_buffer_len",
+ 'LIBSSL_RECORD_LAYER_PARAM_USE_ETM' => "use_etm",
+ 'LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC' => "stream_mac",
+ 'LIBSSL_RECORD_LAYER_PARAM_TLSTREE' => "tlstree",
+ 'LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN' => "max_frag_len",
+ 'LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA' => "max_early_data",
+ 'LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING' => "block_padding",
+);
+
+# Generate string based macros for public consumption
+sub generate_public_macros {
+ my @macros = ();
+
+ foreach my $name (keys %params) {
+ my $val = $params{$name};
+ my $def = '# define OSSL_' . $name . ' ';
+
+ if (substr($val, 0, 1) eq '*') {
+ $def .= 'OSSL_' . substr($val, 1);
+ } else {
+ $def .= '"' . $val . '"';
+ }
+ push(@macros, $def)
+ }
+ return join("\n", sort @macros);
+}
+
+# Generate number based macros for internal use
+# The numbers are unique per string
+sub generate_internal_macros {
+ my @macros = ();
+ my $count = 0;
+ my %reverse;
+
+ # Determine the number for each unique string
+ # Sort the names to improve the chance of cache coherency
+ foreach my $name (sort keys %params) {
+ my $val = $params{$name};
+
+ if (substr($val, 0, 1) ne '*' and not defined $reverse{$val}) {
+ $reverse{$val} = $count++;
+ }
+ }
+
+ # Output the defines
+ foreach my $name (keys %params) {
+ my $val = $params{$name};
+ my $def = '#define PIDX_' . $name . ' ';
+
+ if (substr($val, 0, 1) eq '*') {
+ $def .= 'PIDX_' . substr($val, 1);
+ } else {
+ $def .= $reverse{$val};
+ }
+ push(@macros, $def)
+ }
+ return "#define NUM_PIDX $count\n\n" . join("\n", sort @macros);
+}
+
+sub generate_trie {
+ my %trie;
+ my $nodes = 0;
+ my $chars = 0;
+
+ foreach my $name (keys %params) {
+ my $val = $params{$name};
+ if (substr($val, 0, 1) ne '*') {
+ my $cursor = \%trie;
+
+ $chars += length($val);
+ for my $i (0 .. length($val) - 1) {
+ my $c = substr($val, $i, 1);
+
+ if (not $case_sensitive) {
+ $c = '_' if $c eq '-';
+ $c = lc $c;
+ }
+
+ if (not defined $$cursor{$c}) {
+ $$cursor{$c} = {};
+ $nodes++;
+ }
+ $cursor = %$cursor{$c};
+ }
+ $$cursor{'val'} = $name;
+ }
+ }
+ #print "\n\n/* $nodes nodes for $chars letters*/\n\n";
+ return %trie;
+}
+
+sub generate_code_from_trie {
+ my $n = shift;
+ my $trieref = shift;
+ my $idt = " ";
+ my $indent0 = $idt x ($n + 1);
+ my $indent1 = $indent0 . $idt;
+ my $strcmp = $case_sensitive ? 'strcmp' : 'strcasecmp';
+
+ print "int ossl_param_find_pidx(const char *s)\n{\n" if $n == 0;
+
+ if ($trieref->{'suffix'}) {
+ my $suf = $trieref->{'suffix'};
+
+ printf "%sif ($strcmp(\"$suf\", s + $n) == 0", $indent0;
+ if (not $case_sensitive) {
+ $suf =~ tr/_/-/;
+ print " || $strcmp(\"$suf\", s + $n) == 0"
+ if ($suf ne $trieref->{'suffix'});
+ }
+ printf ")\n%sreturn PIDX_%s;\n", $indent1, $trieref->{'name'};
+ #printf "%sbreak;\n", $indent0;
+ return;
+ }
+
+ printf "%sswitch(s\[%d\]) {\n", $indent0, $n;
+ printf "%sdefault:\n", $indent0;
+ for my $l (sort keys %$trieref) {
+ if ($l eq 'val') {
+ printf "%sbreak;\n", $indent1;
+ printf "%scase '\\0':\n", $indent0;
+ printf "%sreturn PIDX_%s;\n", $indent1, $trieref->{'val'};
+ } else {
+ printf "%sbreak;\n", $indent1;
+ printf "%scase '%s':", $indent0, $l;
+ if (not $case_sensitive) {
+ print " case '-':" if ($l eq '_');
+ printf " case '%s':", uc $l if ($l =~ /[a-z]/);
+ }
+ print "\n";
+ generate_code_from_trie($n + 1, $trieref->{$l});
+ }
+ }
+ printf "%s}\n", $indent0;
+ print " return -1;\n}\n" if $n == 0;
+ return "";
+}
+
+# Find long endings and cache what they resolve to
+sub locate_long_endings {
+ my $trieref = shift;
+ my @names = keys %$trieref;
+ my $num = @names;
+
+ return (1, '', $trieref->{$names[0]}) if ($num == 1 and $names[0] eq 'val');
+
+ if ($num == 1) {
+ my ($res, $suffix, $name) = locate_long_endings($trieref->{$names[0]});
+ my $e = $names[0] . $suffix;
+ if ($res) {
+ $trieref->{'suffix'} = $e;
+ $trieref->{'name'} = $name;
+ }
+ return $res, $e, $name;
+ }
+
+ for my $l (@names) {
+ if ($l ne 'val') {
+ my ($res, $suffix, $name) = locate_long_endings($trieref->{$l});
+ }
+ }
+ return 0, '';
+}
+
+sub produce_decoder {
+ my %t = generate_trie();
+ my $s;
+
+ locate_long_endings(\%t);
+
+ open local *STDOUT, '>', \$s;
+ generate_code_from_trie(0, \%t);
+ return $s;
+}
--
2.33.0
Reference in New Issue Copy Permalink