From ed34eddc7e458dd013f7a7228f707ee2095909c5 Mon Sep 17 00:00:00 2001 From: wangcheng Date: Wed, 25 Sep 2024 16:52:03 +0800 Subject: [PATCH] 2 --- build.info | 11 +- crypto/build.info | 2 +- crypto/params_idx.c.in | 21 + include/internal/e_os.h | 432 +++++++++++ include/internal/param_names.h.in | 18 + include/openssl/core_names.h.in | 118 +++ .../ciphers/ciphercommon_gcm.c | 288 ++++---- util/perl/OpenSSL/paramnames.pm | 673 ++++++++++++++++++ 8 files changed, 1426 insertions(+), 137 deletions(-) create mode 100644 crypto/params_idx.c.in create mode 100644 include/internal/e_os.h create mode 100644 include/internal/param_names.h.in create mode 100644 include/openssl/core_names.h.in create mode 100644 util/perl/OpenSSL/paramnames.pm diff --git a/build.info b/build.info index 5a84216..630696c 100644 --- a/build.info +++ b/build.info @@ -22,6 +22,7 @@ DEPEND[]=include/openssl/asn1.h \ include/openssl/cmp.h \ include/openssl/cms.h \ include/openssl/conf.h \ + include/openssl/core_names.h \ include/openssl/crmf.h \ include/openssl/crypto.h \ include/openssl/ct.h \ @@ -40,7 +41,8 @@ DEPEND[]=include/openssl/asn1.h \ include/openssl/x509.h \ include/openssl/x509v3.h \ include/openssl/x509_vfy.h \ - include/crypto/bn_conf.h include/crypto/dso_conf.h + include/crypto/bn_conf.h include/crypto/dso_conf.h \ + include/internal/param_names.h crypto/params_idx.c GENERATE[include/openssl/asn1.h]=include/openssl/asn1.h.in GENERATE[include/openssl/asn1t.h]=include/openssl/asn1t.h.in @@ -73,6 +75,13 @@ GENERATE[include/openssl/x509_vfy.h]=include/openssl/x509_vfy.h.in GENERATE[include/crypto/bn_conf.h]=include/crypto/bn_conf.h.in GENERATE[include/crypto/dso_conf.h]=include/crypto/dso_conf.h.in +DEPEND[crypto/params_idx.c \ + include/internal/param_names.h \ + include/openssl/core_names.h]=util/perl/OpenSSL/paramnames.pm +GENERATE[crypto/params_idx.c]=crypto/params_idx.c.in +GENERATE[include/internal/param_names.h]=include/internal/param_names.h.in +GENERATE[include/openssl/core_names.h]=include/openssl/core_names.h.in + IF[{- defined $target{shared_defflag} -}] SHARED_SOURCE[libcrypto]=libcrypto.ld SHARED_SOURCE[libssl]=libssl.ld diff --git a/crypto/build.info b/crypto/build.info index c04db55..d7afe47 100644 --- a/crypto/build.info +++ b/crypto/build.info @@ -95,7 +95,7 @@ $UTIL_COMMON=\ cryptlib.c params.c params_from_text.c bsearch.c ex_data.c o_str.c \ threads_pthread.c threads_win.c threads_none.c initthread.c \ context.c sparse_array.c asn1_dsa.c packet.c param_build.c \ - param_build_set.c der_writer.c threads_lib.c params_dup.c + param_build_set.c der_writer.c threads_lib.c params_dup.c params_idx.c SOURCE[../libcrypto]=$UTIL_COMMON \ mem.c mem_sec.c \ diff --git a/crypto/params_idx.c.in b/crypto/params_idx.c.in new file mode 100644 index 0000000..f04939b --- /dev/null +++ b/crypto/params_idx.c.in @@ -0,0 +1,21 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +{- +use OpenSSL::paramnames qw(produce_decoder); +-} + +#include "internal/e_os.h" +#include "internal/param_names.h" +#include + +/* Machine generated TRIE -- generated by util/perl/OpenSSL/paramnames.pm */ +{- produce_decoder(); -} +/* End of TRIE */ diff --git a/include/internal/e_os.h b/include/internal/e_os.h new file mode 100644 index 0000000..db05b7f --- /dev/null +++ b/include/internal/e_os.h @@ -0,0 +1,432 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_E_OS_H +# define OSSL_E_OS_H + +# include +# include + +# include +# include +# include "internal/nelem.h" + +/* + * contains what we can justify to make visible to the + * outside; this file e_os.h is not part of the exported interface. + */ + +# if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) +# define NO_CHMOD +# define NO_SYSLOG +# endif + +# define get_last_sys_error() errno +# define clear_sys_error() errno=0 +# define set_sys_error(e) errno=(e) + +/******************************************************************** + The Microsoft section + ********************************************************************/ +# if defined(OPENSSL_SYS_WIN32) && !defined(WIN32) +# define WIN32 +# endif +# if defined(OPENSSL_SYS_WINDOWS) && !defined(WINDOWS) +# define WINDOWS +# endif +# if defined(OPENSSL_SYS_MSDOS) && !defined(MSDOS) +# define MSDOS +# endif + +# ifdef WIN32 +# undef get_last_sys_error +# undef clear_sys_error +# undef set_sys_error +# define get_last_sys_error() GetLastError() +# define clear_sys_error() SetLastError(0) +# define set_sys_error(e) SetLastError(e) +# if !defined(WINNT) +# define WIN_CONSOLE_BUG +# endif +# else +# endif + +# if (defined(WINDOWS) || defined(MSDOS)) + +# ifdef __DJGPP__ +# include +# include +# define _setmode setmode +# define _O_TEXT O_TEXT +# define _O_BINARY O_BINARY +# undef DEVRANDOM_EGD /* Neither MS-DOS nor FreeDOS provide 'egd' sockets. */ +# undef DEVRANDOM +# define DEVRANDOM "/dev/urandom\x24" +# endif /* __DJGPP__ */ + +# ifndef S_IFDIR +# define S_IFDIR _S_IFDIR +# endif + +# ifndef S_IFMT +# define S_IFMT _S_IFMT +# endif + +# if !defined(WINNT) && !defined(__DJGPP__) +# define NO_SYSLOG +# endif + +# ifdef WINDOWS +# if !defined(_WIN32_WCE) && !defined(_WIN32_WINNT) + /* + * Defining _WIN32_WINNT here in e_os.h implies certain "discipline." + * Most notably we ought to check for availability of each specific + * routine that was introduced after denoted _WIN32_WINNT with + * GetProcAddress(). Normally newer functions are masked with higher + * _WIN32_WINNT in SDK headers. So that if you wish to use them in + * some module, you'd need to override _WIN32_WINNT definition in + * the target module in order to "reach for" prototypes, but replace + * calls to new functions with indirect calls. Alternatively it + * might be possible to achieve the goal by /DELAYLOAD-ing .DLLs + * and check for current OS version instead. + */ +# define _WIN32_WINNT 0x0501 +# endif +# if defined(_WIN32_WINNT) || defined(_WIN32_WCE) + /* + * Just like defining _WIN32_WINNT including winsock2.h implies + * certain "discipline" for maintaining [broad] binary compatibility. + * As long as structures are invariant among Winsock versions, + * it's sufficient to check for specific Winsock2 API availability + * at run-time [DSO_global_lookup is recommended]... + */ +# include +# include + /* + * Clang-based C++Builder 10.3.3 toolchains cannot find C inline + * definitions at link-time. This header defines WspiapiLoad() as an + * __inline function. https://quality.embarcadero.com/browse/RSP-33806 + */ +# if !defined(__BORLANDC__) || !defined(__clang__) +# include +# endif + /* yes, they have to be #included prior to */ +# endif +# include +# include +# include +# include +# if defined(_WIN32_WCE) && !defined(EACCES) +# define EACCES 13 +# endif +# include +# ifdef _WIN64 +# define strlen(s) _strlen31(s) +/* cut strings to 2GB */ +static __inline unsigned int _strlen31(const char *str) +{ + unsigned int len = 0; + while (*str && len < 0x80000000U) + str++, len++; + return len & 0x7FFFFFFF; +} +# endif +# include +# if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin) +# if _MSC_VER>=1300 && _MSC_VER<1600 +# undef stdin +# undef stdout +# undef stderr +FILE *__iob_func(); +# define stdin (&__iob_func()[0]) +# define stdout (&__iob_func()[1]) +# define stderr (&__iob_func()[2]) +# endif +# endif +# endif +# include +# include + +# ifdef OPENSSL_SYS_WINCE +# define OPENSSL_NO_POSIX_IO +# endif + +# define EXIT(n) exit(n) +# define LIST_SEPARATOR_CHAR ';' +# ifndef W_OK +# define W_OK 2 +# endif +# ifndef R_OK +# define R_OK 4 +# endif +# ifdef OPENSSL_SYS_WINCE +# define DEFAULT_HOME "" +# else +# define DEFAULT_HOME "C:" +# endif + +/* Avoid Visual Studio 13 GetVersion deprecated problems */ +# if defined(_MSC_VER) && _MSC_VER>=1800 +# define check_winnt() (1) +# define check_win_minplat(x) (1) +# else +# define check_winnt() (GetVersion() < 0x80000000) +# define check_win_minplat(x) (LOBYTE(LOWORD(GetVersion())) >= (x)) +# endif + +# else /* The non-microsoft world */ + +# if defined(OPENSSL_SYS_VXWORKS) +# include +# else +# include +# endif + +# ifdef OPENSSL_SYS_VMS +# define VMS 1 + /* + * some programs don't include stdlib, so exit() and others give implicit + * function warnings + */ +# include +# if defined(__DECC) +# include +# else +# include +# endif +# define LIST_SEPARATOR_CHAR ',' + /* We don't have any well-defined random devices on VMS, yet... */ +# undef DEVRANDOM + /*- + We need to do this since VMS has the following coding on status codes: + + Bits 0-2: status type: 0 = warning, 1 = success, 2 = error, 3 = info ... + The important thing to know is that odd numbers are considered + good, while even ones are considered errors. + Bits 3-15: actual status number + Bits 16-27: facility number. 0 is considered "unknown" + Bits 28-31: control bits. If bit 28 is set, the shell won't try to + output the message (which, for random codes, just looks ugly) + + So, what we do here is to change 0 to 1 to get the default success status, + and everything else is shifted up to fit into the status number field, and + the status is tagged as an error, which is what is wanted here. + + Finally, we add the VMS C facility code 0x35a000, because there are some + programs, such as Perl, that will reinterpret the code back to something + POSIX. 'man perlvms' explains it further. + + NOTE: the perlvms manual wants to turn all codes 2 to 255 into success + codes (status type = 1). I couldn't disagree more. Fortunately, the + status type doesn't seem to bother Perl. + -- Richard Levitte + */ +# define EXIT(n) exit((n) ? (((n) << 3) | 2 | 0x10000000 | 0x35a000) : 1) + +# define DEFAULT_HOME "SYS$LOGIN:" + +# else + /* !defined VMS */ +# include +# include +# ifdef OPENSSL_SYS_WIN32_CYGWIN +# include +# include +# endif + +# define LIST_SEPARATOR_CHAR ':' +# define EXIT(n) exit(n) +# endif + +# endif + +/***********************************************/ + +# if defined(OPENSSL_SYS_WINDOWS) +# if (_MSC_VER >= 1310) && !defined(_WIN32_WCE) +# define open _open +# define fdopen _fdopen +# define close _close +# ifndef strdup +# define strdup _strdup +# endif +# define unlink _unlink +# define fileno _fileno +# endif +# else +# include +# endif + +/* vxworks */ +# if defined(OPENSSL_SYS_VXWORKS) +# include +# include +# include +# include +# include +# include + +# define TTY_STRUCT int +# define sleep(a) taskDelay((a) * sysClkRateGet()) + +/* + * NOTE: these are implemented by helpers in database app! if the database is + * not linked, we need to implement them elsewhere + */ +struct hostent *gethostbyname(const char *name); +struct hostent *gethostbyaddr(const char *addr, int length, int type); +struct servent *getservbyname(const char *name, const char *proto); + +# endif +/* end vxworks */ + +/* system-specific variants defining ossl_sleep() */ +#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) +# include +static ossl_inline void ossl_sleep(unsigned long millis) +{ +# ifdef OPENSSL_SYS_VXWORKS + struct timespec ts; + ts.tv_sec = (long int) (millis / 1000); + ts.tv_nsec = (long int) (millis % 1000) * 1000000ul; + nanosleep(&ts, NULL); +# elif defined(__TANDEM) +# if !defined(_REENTRANT) +# include + /* HPNS does not support usleep for non threaded apps */ + PROCESS_DELAY_(millis * 1000); +# elif defined(_SPT_MODEL_) +# include +# include + usleep(millis * 1000); +# else + usleep(millis * 1000); +# endif +# else + usleep(millis * 1000); +# endif +} +#elif defined(_WIN32) +# include +static ossl_inline void ossl_sleep(unsigned long millis) +{ + Sleep(millis); +} +#else +/* Fallback to a busy wait */ +static ossl_inline void ossl_sleep(unsigned long millis) +{ + struct timeval start, now; + unsigned long elapsedms; + + gettimeofday(&start, NULL); + do { + gettimeofday(&now, NULL); + elapsedms = (((now.tv_sec - start.tv_sec) * 1000000) + + now.tv_usec - start.tv_usec) / 1000; + } while (elapsedms < millis); +} +#endif /* defined OPENSSL_SYS_UNIX */ + +/* ----------------------------- HP NonStop -------------------------------- */ +/* Required to support platform variant without getpid() and pid_t. */ +# if defined(__TANDEM) && defined(_GUARDIAN_TARGET) +# include +# include +# define getservbyname(name,proto) getservbyname((char*)name,proto) +# define gethostbyname(name) gethostbyname((char*)name) +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# ifdef NO_GETPID +inline int nssgetpid(); +# ifndef NSSGETPID_MACRO +# define NSSGETPID_MACRO +# include +# include + inline int nssgetpid() + { + short phandle[10]={0}; + union pseudo_pid { + struct { + short cpu; + short pin; + } cpu_pin ; + int ppid; + } ppid = { 0 }; + PROCESSHANDLE_GETMINE_(phandle); + PROCESSHANDLE_DECOMPOSE_(phandle, &ppid.cpu_pin.cpu, &ppid.cpu_pin.pin); + return ppid.ppid; + } +# define getpid(a) nssgetpid(a) +# endif /* NSSGETPID_MACRO */ +# endif /* NO_GETPID */ +/*# define setsockopt(a,b,c,d,f) setsockopt(a,b,c,(char*)d,f)*/ +/*# define getsockopt(a,b,c,d,f) getsockopt(a,b,c,(char*)d,f)*/ +/*# define connect(a,b,c) connect(a,(struct sockaddr *)b,c)*/ +/*# define bind(a,b,c) bind(a,(struct sockaddr *)b,c)*/ +/*# define sendto(a,b,c,d,e,f) sendto(a,(char*)b,c,d,(struct sockaddr *)e,f)*/ +# if defined(OPENSSL_THREADS) && !defined(_PUT_MODEL_) + /* + * HPNS SPT threads + */ +# define SPT_THREAD_SIGNAL 1 +# define SPT_THREAD_AWARE 1 +# include +# undef close +# define close spt_close +/* +# define get_last_socket_error() errno +# define clear_socket_error() errno=0 +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) +# define readsocket(s,b,n) read((s),(char*)(b),(n)) +# define writesocket(s,b,n) write((s),(char*)(b),(n) +*/ +# define accept(a,b,c) accept(a,(struct sockaddr *)b,c) +# define recvfrom(a,b,c,d,e,f) recvfrom(a,b,(socklen_t)c,d,e,f) +# endif +# endif + +# ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION +# define CRYPTO_memcmp memcmp +# endif + +# ifndef OPENSSL_NO_SECURE_MEMORY + /* unistd.h defines _POSIX_VERSION */ +# if (defined(OPENSSL_SYS_UNIX) \ + && ( (defined(_POSIX_VERSION) && _POSIX_VERSION >= 200112L) \ + || defined(__sun) || defined(__hpux) || defined(__sgi) \ + || defined(__osf__) )) \ + || defined(_WIN32) + /* secure memory is implemented */ +# else +# define OPENSSL_NO_SECURE_MEMORY +# endif +# endif + +/* + * str[n]casecmp_l is defined in POSIX 2008-01. Value is taken accordingly + * https://www.gnu.org/software/libc/manual/html_node/Feature-Test-Macros.html + * There are also equivalent functions on Windows. + * There is no locale_t on NONSTOP. + */ +# if defined(OPENSSL_SYS_WINDOWS) +# define locale_t _locale_t +# define freelocale _free_locale +# define strcasecmp_l _stricmp_l +# define strncasecmp_l _strnicmp_l +# define strcasecmp _stricmp +# define strncasecmp _strnicmp +# elif !defined(_POSIX_C_SOURCE) || _POSIX_C_SOURCE < 200809L \ + || defined(OPENSSL_SYS_TANDEM) +# ifndef OPENSSL_NO_LOCALE +# define OPENSSL_NO_LOCALE +# endif +# endif + +#endif diff --git a/include/internal/param_names.h.in b/include/internal/param_names.h.in new file mode 100644 index 0000000..f34db21 --- /dev/null +++ b/include/internal/param_names.h.in @@ -0,0 +1,18 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +{- +use OpenSSL::paramnames qw(generate_internal_macros); +-} + +int ossl_param_find_pidx(const char *s); + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +{- generate_internal_macros(); -} diff --git a/include/openssl/core_names.h.in b/include/openssl/core_names.h.in new file mode 100644 index 0000000..133f783 --- /dev/null +++ b/include/openssl/core_names.h.in @@ -0,0 +1,118 @@ +/* + * {- join("\n * ", @autowarntext) -} + * + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +{- +use OpenSSL::paramnames qw(generate_public_macros); +-} + +#ifndef OPENSSL_CORE_NAMES_H +# define OPENSSL_CORE_NAMES_H +# pragma once + +# ifdef __cplusplus +extern "C" { +# endif + +/* OSSL_CIPHER_PARAM_CTS_MODE Values */ +# define OSSL_CIPHER_CTS_MODE_CS1 "CS1" +# define OSSL_CIPHER_CTS_MODE_CS2 "CS2" +# define OSSL_CIPHER_CTS_MODE_CS3 "CS3" + +/* Known CIPHER names (not a complete list) */ +# define OSSL_CIPHER_NAME_AES_128_GCM_SIV "AES-128-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_192_GCM_SIV "AES-192-GCM-SIV" +# define OSSL_CIPHER_NAME_AES_256_GCM_SIV "AES-256-GCM-SIV" + +/* Known DIGEST names (not a complete list) */ +# define OSSL_DIGEST_NAME_MD5 "MD5" +# define OSSL_DIGEST_NAME_MD5_SHA1 "MD5-SHA1" +# define OSSL_DIGEST_NAME_SHA1 "SHA1" +# define OSSL_DIGEST_NAME_SHA2_224 "SHA2-224" +# define OSSL_DIGEST_NAME_SHA2_256 "SHA2-256" +# define OSSL_DIGEST_NAME_SHA2_384 "SHA2-384" +# define OSSL_DIGEST_NAME_SHA2_512 "SHA2-512" +# define OSSL_DIGEST_NAME_SHA2_512_224 "SHA2-512/224" +# define OSSL_DIGEST_NAME_SHA2_512_256 "SHA2-512/256" +# define OSSL_DIGEST_NAME_MD2 "MD2" +# define OSSL_DIGEST_NAME_MD4 "MD4" +# define OSSL_DIGEST_NAME_MDC2 "MDC2" +# define OSSL_DIGEST_NAME_RIPEMD160 "RIPEMD160" +# define OSSL_DIGEST_NAME_SHA3_224 "SHA3-224" +# define OSSL_DIGEST_NAME_SHA3_256 "SHA3-256" +# define OSSL_DIGEST_NAME_SHA3_384 "SHA3-384" +# define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512" +# define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128" +# define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256" +# define OSSL_DIGEST_NAME_SM3 "SM3" + +/* Known MAC names */ +# define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC" +# define OSSL_MAC_NAME_BLAKE2SMAC "BLAKE2SMAC" +# define OSSL_MAC_NAME_CMAC "CMAC" +# define OSSL_MAC_NAME_GMAC "GMAC" +# define OSSL_MAC_NAME_HMAC "HMAC" +# define OSSL_MAC_NAME_KMAC128 "KMAC128" +# define OSSL_MAC_NAME_KMAC256 "KMAC256" +# define OSSL_MAC_NAME_POLY1305 "POLY1305" +# define OSSL_MAC_NAME_SIPHASH "SIPHASH" + +/* Known KDF names */ +# define OSSL_KDF_NAME_HKDF "HKDF" +# define OSSL_KDF_NAME_TLS1_3_KDF "TLS13-KDF" +# define OSSL_KDF_NAME_PBKDF1 "PBKDF1" +# define OSSL_KDF_NAME_PBKDF2 "PBKDF2" +# define OSSL_KDF_NAME_SCRYPT "SCRYPT" +# define OSSL_KDF_NAME_SSHKDF "SSHKDF" +# define OSSL_KDF_NAME_SSKDF "SSKDF" +# define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF" +# define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1" +# define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT" +# define OSSL_KDF_NAME_X963KDF "X963KDF" +# define OSSL_KDF_NAME_KBKDF "KBKDF" +# define OSSL_KDF_NAME_KRB5KDF "KRB5KDF" +# define OSSL_KDF_NAME_HMACDRBGKDF "HMAC-DRBG-KDF" + +/* RSA padding modes */ +# define OSSL_PKEY_RSA_PAD_MODE_NONE "none" +# define OSSL_PKEY_RSA_PAD_MODE_PKCSV15 "pkcs1" +# define OSSL_PKEY_RSA_PAD_MODE_OAEP "oaep" +# define OSSL_PKEY_RSA_PAD_MODE_X931 "x931" +# define OSSL_PKEY_RSA_PAD_MODE_PSS "pss" + +/* RSA pss padding salt length */ +# define OSSL_PKEY_RSA_PSS_SALT_LEN_DIGEST "digest" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_MAX "max" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO "auto" +# define OSSL_PKEY_RSA_PSS_SALT_LEN_AUTO_DIGEST_MAX "auto-digestmax" + +/* OSSL_PKEY_PARAM_EC_ENCODING values */ +# define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit" +# define OSSL_PKEY_EC_ENCODING_GROUP "named_curve" + +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed" +# define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid" + +# define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named" +# define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist" + +/* OSSL_KEM_PARAM_OPERATION values */ +#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE" +#define OSSL_KEM_PARAM_OPERATION_DHKEM "DHKEM" + +/* Parameter name definitions - generated by util/perl/OpenSSL/paramnames.pm */ +{- generate_public_macros(); -} + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/providers/implementations/ciphers/ciphercommon_gcm.c b/providers/implementations/ciphers/ciphercommon_gcm.c index ed95c97..455924f 100644 --- a/providers/implementations/ciphers/ciphercommon_gcm.c +++ b/providers/implementations/ciphers/ciphercommon_gcm.c @@ -15,6 +15,7 @@ #include "prov/ciphercommon_gcm.h" #include "prov/providercommon.h" #include "prov/provider_ctx.h" +#include "internal/param_names.h" static int gcm_tls_init(PROV_GCM_CTX *dat, unsigned char *aad, size_t aad_len); static int gcm_tls_iv_set_fixed(PROV_GCM_CTX *ctx, unsigned char *iv, @@ -145,84 +146,97 @@ int ossl_gcm_get_ctx_params(void *vctx, OSSL_PARAM params[]) PROV_GCM_CTX *ctx = (PROV_GCM_CTX *)vctx; OSSL_PARAM *p; size_t sz; - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); - if (p != NULL) { - size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen : - GCM_TAG_MAX_SIZE; - - if (!OSSL_PARAM_set_size_t(p, taglen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL) { - if (ctx->iv_state == IV_STATE_UNINITIALISED) - return 0; - if (ctx->ivlen > p->data_size) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); - return 0; - } - if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen) - && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); - if (p != NULL) { - if (ctx->iv_state == IV_STATE_UNINITIALISED) - return 0; - if (ctx->ivlen > p->data_size) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); - return 0; - } - if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen) - && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - } - - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) { - sz = p->data_size; - if (sz == 0 - || sz > EVP_GCM_TLS_TAG_LEN - || !ctx->enc - || ctx->taglen == UNINITIALISED_SIZET) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG); - return 0; + int type; + + for (p = params; p->key != NULL; p++) { + type = ossl_param_find_pidx(p->key); + switch (type) { + default: + break; + + case PIDX_CIPHER_PARAM_IVLEN: + if (!OSSL_PARAM_set_size_t(p, ctx->ivlen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + break; + + case PIDX_CIPHER_PARAM_KEYLEN: + if (!OSSL_PARAM_set_size_t(p, ctx->keylen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + break; + + case PIDX_CIPHER_PARAM_AEAD_TAGLEN: + { + size_t taglen = (ctx->taglen != UNINITIALISED_SIZET) ? ctx->taglen : + GCM_TAG_MAX_SIZE; + + if (!OSSL_PARAM_set_size_t(p, taglen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + } + break; + + case PIDX_CIPHER_PARAM_IV: + if (ctx->iv_state == IV_STATE_UNINITIALISED) + return 0; + if (ctx->ivlen > p->data_size) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + return 0; + } + if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + break; + + case PIDX_CIPHER_PARAM_UPDATED_IV: + if (ctx->iv_state == IV_STATE_UNINITIALISED) + return 0; + if (ctx->ivlen > p->data_size) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + return 0; + } + if (!OSSL_PARAM_set_octet_string(p, ctx->iv, ctx->ivlen) + && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + break; + + case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD_PAD: + if (!OSSL_PARAM_set_size_t(p, ctx->tls_aad_pad_sz)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + break; + + case PIDX_CIPHER_PARAM_AEAD_TAG: + sz = p->data_size; + if (sz == 0 + || sz > EVP_GCM_TLS_TAG_LEN + || !ctx->enc + || ctx->taglen == UNINITIALISED_SIZET) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG); + return 0; + } + if (!OSSL_PARAM_set_octet_string(p, ctx->buf, sz)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return 0; + } + break; + + case PIDX_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN: + if (p->data == NULL + || p->data_type != OSSL_PARAM_OCTET_STRING + || !getivgen(ctx, p->data, p->data_size)) + return 0; + break; } - if (!OSSL_PARAM_set_octet_string(p, ctx->buf, sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return 0; - } - } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN); - if (p != NULL) { - if (p->data == NULL - || p->data_type != OSSL_PARAM_OCTET_STRING - || !getivgen(ctx, p->data, p->data_size)) - return 0; } return 1; } @@ -233,71 +247,75 @@ int ossl_gcm_set_ctx_params(void *vctx, const OSSL_PARAM params[]) const OSSL_PARAM *p; size_t sz; void *vp; + int type; if (params == NULL) return 1; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) { - vp = ctx->buf; - if (!OSSL_PARAM_get_octet_string(p, &vp, EVP_GCM_TLS_TAG_LEN, &sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - if (sz == 0 || ctx->enc) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG); - return 0; + for (p = params; p->key != NULL; p++) { + type = ossl_param_find_pidx(p->key); + switch (type) { + default: + break; + + case PIDX_CIPHER_PARAM_AEAD_TAG: + vp = ctx->buf; + if (!OSSL_PARAM_get_octet_string(p, &vp, EVP_GCM_TLS_TAG_LEN, &sz)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + if (sz == 0 || ctx->enc) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG); + return 0; + } + ctx->taglen = sz; + break; + + case PIDX_CIPHER_PARAM_AEAD_IVLEN: + if (!OSSL_PARAM_get_size_t(p, &sz)) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + if (sz == 0 || sz > sizeof(ctx->iv)) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); + return 0; + } + ctx->ivlen = sz; + break; + + case PIDX_CIPHER_PARAM_AEAD_TLS1_AAD: + if (p->data_type != OSSL_PARAM_OCTET_STRING) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + sz = gcm_tls_init(ctx, p->data, p->data_size); + if (sz == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_AAD); + return 0; + } + ctx->tls_aad_pad_sz = sz; + break; + + case PIDX_CIPHER_PARAM_AEAD_TLS1_IV_FIXED: + if (p->data_type != OSSL_PARAM_OCTET_STRING) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + if (gcm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) { + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); + return 0; + } + break; + + case PIDX_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV: + if (p->data == NULL + || p->data_type != OSSL_PARAM_OCTET_STRING + || !setivinv(ctx, p->data, p->data_size)) + return 0; + break; } - ctx->taglen = sz; } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); - if (p != NULL) { - if (!OSSL_PARAM_get_size_t(p, &sz)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - if (sz == 0 || sz > sizeof(ctx->iv)) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); - return 0; - } - ctx->ivlen = sz; - } - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - sz = gcm_tls_init(ctx, p->data, p->data_size); - if (sz == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_AAD); - return 0; - } - ctx->tls_aad_pad_sz = sz; - } - - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - if (gcm_tls_iv_set_fixed(ctx, p->data, p->data_size) == 0) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); - return 0; - } - } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV); - if (p != NULL) { - if (p->data == NULL - || p->data_type != OSSL_PARAM_OCTET_STRING - || !setivinv(ctx, p->data, p->data_size)) - return 0; - } - - return 1; } diff --git a/util/perl/OpenSSL/paramnames.pm b/util/perl/OpenSSL/paramnames.pm new file mode 100644 index 0000000..66c6fdd --- /dev/null +++ b/util/perl/OpenSSL/paramnames.pm @@ -0,0 +1,673 @@ +#! /usr/bin/env perl +# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +package OpenSSL::paramnames; + +use strict; +use warnings; + +require Exporter; +our @ISA = qw(Exporter); +our @EXPORT_OK = qw(generate_public_macros + generate_internal_macros + produce_decoder); + +my $case_sensitive = 1; + +my %params = ( +# Well known parameter names that core passes to providers + 'PROV_PARAM_CORE_VERSION' => "openssl-version",# utf8_ptr + 'PROV_PARAM_CORE_PROV_NAME' => "provider-name", # utf8_ptr + 'PROV_PARAM_CORE_MODULE_FILENAME' => "module-filename",# utf8_ptr + +# Well known parameter names that Providers can define + 'PROV_PARAM_NAME' => "name", # utf8_ptr + 'PROV_PARAM_VERSION' => "version", # utf8_ptr + 'PROV_PARAM_BUILDINFO' => "buildinfo", # utf8_ptr + 'PROV_PARAM_STATUS' => "status", # uint + 'PROV_PARAM_SECURITY_CHECKS' => "security-checks", # uint + 'PROV_PARAM_TLS1_PRF_EMS_CHECK' => "tls1-prf-ems-check", # uint + 'PROV_PARAM_DRBG_TRUNC_DIGEST' => "drbg-no-trunc-md", # uint + +# Self test callback parameters + 'PROV_PARAM_SELF_TEST_PHASE' => "st-phase",# utf8_string + 'PROV_PARAM_SELF_TEST_TYPE' => "st-type", # utf8_string + 'PROV_PARAM_SELF_TEST_DESC' => "st-desc", # utf8_string + +# Provider-native object abstractions +# +# These are used when a provider wants to pass object data or an object +# reference back to libcrypto. This is only useful for provider functions +# that take a callback to which an PARAM array with these parameters +# can be passed. +# +# This set of parameter names is explained in detail in provider-object(7) +# (doc/man7/provider-object.pod) + + 'OBJECT_PARAM_TYPE' => "type", # INTEGER + 'OBJECT_PARAM_DATA_TYPE' => "data-type",# UTF8_STRING + 'OBJECT_PARAM_DATA_STRUCTURE' => "data-structure",# UTF8_STRING + 'OBJECT_PARAM_REFERENCE' => "reference",# OCTET_STRING + 'OBJECT_PARAM_DATA' => "data",# OCTET_STRING or UTF8_STRING + 'OBJECT_PARAM_DESC' => "desc", # UTF8_STRING + +# Algorithm parameters +# If "engine",or "properties",are specified, they should always be paired +# with the algorithm type. +# Note these are common names that are shared by many types (such as kdf, mac, +# and pkey) e.g: see MAC_PARAM_DIGEST below. + + 'ALG_PARAM_DIGEST' => "digest", # utf8_string + 'ALG_PARAM_CIPHER' => "cipher", # utf8_string + 'ALG_PARAM_ENGINE' => "engine", # utf8_string + 'ALG_PARAM_MAC' => "mac", # utf8_string + 'ALG_PARAM_PROPERTIES' => "properties", # utf8_string + +# cipher parameters + 'CIPHER_PARAM_PADDING' => "padding", # uint + 'CIPHER_PARAM_USE_BITS' => "use-bits", # uint + 'CIPHER_PARAM_TLS_VERSION' => "tls-version", # uint + 'CIPHER_PARAM_TLS_MAC' => "tls-mac", # octet_ptr + 'CIPHER_PARAM_TLS_MAC_SIZE' => "tls-mac-size",# size_t + 'CIPHER_PARAM_MODE' => "mode", # uint + 'CIPHER_PARAM_BLOCK_SIZE' => "blocksize", # size_t + 'CIPHER_PARAM_AEAD' => "aead", # int, 0 or 1 + 'CIPHER_PARAM_CUSTOM_IV' => "custom-iv", # int, 0 or 1 + 'CIPHER_PARAM_CTS' => "cts", # int, 0 or 1 + 'CIPHER_PARAM_TLS1_MULTIBLOCK' => "tls-multi", # int, 0 or 1 + 'CIPHER_PARAM_HAS_RAND_KEY' => "has-randkey", # int, 0 or 1 + 'CIPHER_PARAM_KEYLEN' => "keylen", # size_t + 'CIPHER_PARAM_IVLEN' => "ivlen", # size_t + 'CIPHER_PARAM_IV' => "iv", # octet_string OR octet_ptr + 'CIPHER_PARAM_UPDATED_IV' => "updated-iv", # octet_string OR octet_ptr + 'CIPHER_PARAM_NUM' => "num", # uint + 'CIPHER_PARAM_ROUNDS' => "rounds", # uint + 'CIPHER_PARAM_AEAD_TAG' => "tag", # octet_string + 'CIPHER_PARAM_AEAD_TLS1_AAD' => "tlsaad", # octet_string + 'CIPHER_PARAM_AEAD_TLS1_AAD_PAD' => "tlsaadpad", # size_t + 'CIPHER_PARAM_AEAD_TLS1_IV_FIXED' => "tlsivfixed", # octet_string + 'CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN' => "tlsivgen", # octet_string + 'CIPHER_PARAM_AEAD_TLS1_SET_IV_INV' => "tlsivinv", # octet_string + 'CIPHER_PARAM_AEAD_IVLEN' => '*CIPHER_PARAM_IVLEN', + 'CIPHER_PARAM_AEAD_TAGLEN' => "taglen", # size_t + 'CIPHER_PARAM_AEAD_MAC_KEY' => "mackey", # octet_string + 'CIPHER_PARAM_RANDOM_KEY' => "randkey", # octet_string + 'CIPHER_PARAM_RC2_KEYBITS' => "keybits", # size_t + 'CIPHER_PARAM_SPEED' => "speed", # uint + 'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string +# For passing the AlgorithmIdentifier parameter in DER form + 'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => "alg_id_param",# octet_string + 'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string + + 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint + 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t + 'CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE' => "tls1multi_interleave",# uint + 'CIPHER_PARAM_TLS1_MULTIBLOCK_AAD' => "tls1multi_aad", # octet_string + 'CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN' => "tls1multi_aadpacklen",# uint + 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC' => "tls1multi_enc", # octet_string + 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN' => "tls1multi_encin", # octet_string + 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN' => "tls1multi_enclen", # size_t + +# digest parameters + 'DIGEST_PARAM_XOFLEN' => "xoflen", # size_t + 'DIGEST_PARAM_SSL3_MS' => "ssl3-ms", # octet string + 'DIGEST_PARAM_PAD_TYPE' => "pad-type", # uint + 'DIGEST_PARAM_MICALG' => "micalg", # utf8 string + 'DIGEST_PARAM_BLOCK_SIZE' => "blocksize", # size_t + 'DIGEST_PARAM_SIZE' => "size", # size_t + 'DIGEST_PARAM_XOF' => "xof", # int, 0 or 1 + 'DIGEST_PARAM_ALGID_ABSENT' => "algid-absent", # int, 0 or 1 + +# MAC parameters + 'MAC_PARAM_KEY' => "key", # octet string + 'MAC_PARAM_IV' => "iv", # octet string + 'MAC_PARAM_CUSTOM' => "custom", # utf8 string + 'MAC_PARAM_SALT' => "salt", # octet string + 'MAC_PARAM_XOF' => "xof", # int, 0 or 1 + 'MAC_PARAM_DIGEST_NOINIT' => "digest-noinit", # int, 0 or 1 + 'MAC_PARAM_DIGEST_ONESHOT' => "digest-oneshot",# int, 0 or 1 + 'MAC_PARAM_C_ROUNDS' => "c-rounds", # unsigned int + 'MAC_PARAM_D_ROUNDS' => "d-rounds", # unsigned int + +# If "engine",or "properties",are specified, they should always be paired +# with "cipher",or "digest". + + 'MAC_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string + 'MAC_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string + 'MAC_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string + 'MAC_PARAM_SIZE' => "size", # size_t + 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t + 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t + +# KDF / PRF parameters + 'KDF_PARAM_SECRET' => "secret", # octet string + 'KDF_PARAM_KEY' => "key", # octet string + 'KDF_PARAM_SALT' => "salt", # octet string + 'KDF_PARAM_PASSWORD' => "pass", # octet string + 'KDF_PARAM_PREFIX' => "prefix", # octet string + 'KDF_PARAM_LABEL' => "label", # octet string + 'KDF_PARAM_DATA' => "data", # octet string + 'KDF_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string + 'KDF_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string + 'KDF_PARAM_MAC' => '*ALG_PARAM_MAC', # utf8 string + 'KDF_PARAM_MAC_SIZE' => "maclen", # size_t + 'KDF_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string + 'KDF_PARAM_ITER' => "iter", # unsigned int + 'KDF_PARAM_MODE' => "mode", # utf8 string or int + 'KDF_PARAM_PKCS5' => "pkcs5", # int + 'KDF_PARAM_UKM' => "ukm", # octet string + 'KDF_PARAM_CEK_ALG' => "cekalg", # utf8 string + 'KDF_PARAM_SCRYPT_N' => "n", # uint64_t + 'KDF_PARAM_SCRYPT_R' => "r", # uint32_t + 'KDF_PARAM_SCRYPT_P' => "p", # uint32_t + 'KDF_PARAM_SCRYPT_MAXMEM' => "maxmem_bytes", # uint64_t + 'KDF_PARAM_INFO' => "info", # octet string + 'KDF_PARAM_SEED' => "seed", # octet string + 'KDF_PARAM_SSHKDF_XCGHASH' => "xcghash", # octet string + 'KDF_PARAM_SSHKDF_SESSION_ID' => "session_id", # octet string + 'KDF_PARAM_SSHKDF_TYPE' => "type", # int + 'KDF_PARAM_SIZE' => "size", # size_t + 'KDF_PARAM_CONSTANT' => "constant", # octet string + 'KDF_PARAM_PKCS12_ID' => "id", # int + 'KDF_PARAM_KBKDF_USE_L' => "use-l", # int + 'KDF_PARAM_KBKDF_USE_SEPARATOR' => "use-separator", # int + 'KDF_PARAM_KBKDF_R' => "r", # int + 'KDF_PARAM_X942_ACVPINFO' => "acvp-info", + 'KDF_PARAM_X942_PARTYUINFO' => "partyu-info", + 'KDF_PARAM_X942_PARTYVINFO' => "partyv-info", + 'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo", + 'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo", + 'KDF_PARAM_X942_USE_KEYBITS' => "use-keybits", + 'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy", + 'KDF_PARAM_HMACDRBG_NONCE' => "nonce", + 'KDF_PARAM_THREADS' => "threads", # uint32_t + 'KDF_PARAM_EARLY_CLEAN' => "early_clean", # uint32_t + 'KDF_PARAM_ARGON2_AD' => "ad", # octet string + 'KDF_PARAM_ARGON2_LANES' => "lanes", # uint32_t + 'KDF_PARAM_ARGON2_MEMCOST' => "memcost", # uint32_t + 'KDF_PARAM_ARGON2_VERSION' => "version", # uint32_t + +# Known RAND names + 'RAND_PARAM_STATE' => "state", + 'RAND_PARAM_STRENGTH' => "strength", + 'RAND_PARAM_MAX_REQUEST' => "max_request", + 'RAND_PARAM_TEST_ENTROPY' => "test_entropy", + 'RAND_PARAM_TEST_NONCE' => "test_nonce", + +# RAND/DRBG names + 'DRBG_PARAM_RESEED_REQUESTS' => "reseed_requests", + 'DRBG_PARAM_RESEED_TIME_INTERVAL' => "reseed_time_interval", + 'DRBG_PARAM_MIN_ENTROPYLEN' => "min_entropylen", + 'DRBG_PARAM_MAX_ENTROPYLEN' => "max_entropylen", + 'DRBG_PARAM_MIN_NONCELEN' => "min_noncelen", + 'DRBG_PARAM_MAX_NONCELEN' => "max_noncelen", + 'DRBG_PARAM_MAX_PERSLEN' => "max_perslen", + 'DRBG_PARAM_MAX_ADINLEN' => "max_adinlen", + 'DRBG_PARAM_RESEED_COUNTER' => "reseed_counter", + 'DRBG_PARAM_RESEED_TIME' => "reseed_time", + 'DRBG_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', + 'DRBG_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', + 'DRBG_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', + 'DRBG_PARAM_MAC' => '*ALG_PARAM_MAC', + 'DRBG_PARAM_USE_DF' => "use_derivation_function", + +# DRBG call back parameters + 'DRBG_PARAM_ENTROPY_REQUIRED' => "entropy_required", + 'DRBG_PARAM_PREDICTION_RESISTANCE' => "prediction_resistance", + 'DRBG_PARAM_MIN_LENGTH' => "minium_length", + 'DRBG_PARAM_MAX_LENGTH' => "maxium_length", + 'DRBG_PARAM_RANDOM_DATA' => "random_data", + 'DRBG_PARAM_SIZE' => "size", + +# PKEY parameters +# Common PKEY parameters + 'PKEY_PARAM_BITS' => "bits",# integer + 'PKEY_PARAM_MAX_SIZE' => "max-size",# integer + 'PKEY_PARAM_SECURITY_BITS' => "security-bits",# integer + 'PKEY_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', + 'PKEY_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string + 'PKEY_PARAM_ENGINE' => '*ALG_PARAM_ENGINE', # utf8 string + 'PKEY_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', + 'PKEY_PARAM_DEFAULT_DIGEST' => "default-digest",# utf8 string + 'PKEY_PARAM_MANDATORY_DIGEST' => "mandatory-digest",# utf8 string + 'PKEY_PARAM_PAD_MODE' => "pad-mode", + 'PKEY_PARAM_DIGEST_SIZE' => "digest-size", + 'PKEY_PARAM_MASKGENFUNC' => "mgf", + 'PKEY_PARAM_MGF1_DIGEST' => "mgf1-digest", + 'PKEY_PARAM_MGF1_PROPERTIES' => "mgf1-properties", + 'PKEY_PARAM_ENCODED_PUBLIC_KEY' => "encoded-pub-key", + 'PKEY_PARAM_GROUP_NAME' => "group", + 'PKEY_PARAM_DIST_ID' => "distid", + 'PKEY_PARAM_PUB_KEY' => "pub", + 'PKEY_PARAM_PRIV_KEY' => "priv", + 'PKEY_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", + +# Diffie-Hellman/DSA Parameters + 'PKEY_PARAM_FFC_P' => "p", + 'PKEY_PARAM_FFC_G' => "g", + 'PKEY_PARAM_FFC_Q' => "q", + 'PKEY_PARAM_FFC_GINDEX' => "gindex", + 'PKEY_PARAM_FFC_PCOUNTER' => "pcounter", + 'PKEY_PARAM_FFC_SEED' => "seed", + 'PKEY_PARAM_FFC_COFACTOR' => "j", + 'PKEY_PARAM_FFC_H' => "hindex", + 'PKEY_PARAM_FFC_VALIDATE_PQ' => "validate-pq", + 'PKEY_PARAM_FFC_VALIDATE_G' => "validate-g", + 'PKEY_PARAM_FFC_VALIDATE_LEGACY' => "validate-legacy", + +# Diffie-Hellman params + 'PKEY_PARAM_DH_GENERATOR' => "safeprime-generator", + 'PKEY_PARAM_DH_PRIV_LEN' => "priv_len", + +# Elliptic Curve Domain Parameters + 'PKEY_PARAM_EC_PUB_X' => "qx", + 'PKEY_PARAM_EC_PUB_Y' => "qy", + +# Elliptic Curve Explicit Domain Parameters + 'PKEY_PARAM_EC_FIELD_TYPE' => "field-type", + 'PKEY_PARAM_EC_P' => "p", + 'PKEY_PARAM_EC_A' => "a", + 'PKEY_PARAM_EC_B' => "b", + 'PKEY_PARAM_EC_GENERATOR' => "generator", + 'PKEY_PARAM_EC_ORDER' => "order", + 'PKEY_PARAM_EC_COFACTOR' => "cofactor", + 'PKEY_PARAM_EC_SEED' => "seed", + 'PKEY_PARAM_EC_CHAR2_M' => "m", + 'PKEY_PARAM_EC_CHAR2_TYPE' => "basis-type", + 'PKEY_PARAM_EC_CHAR2_TP_BASIS' => "tp", + 'PKEY_PARAM_EC_CHAR2_PP_K1' => "k1", + 'PKEY_PARAM_EC_CHAR2_PP_K2' => "k2", + 'PKEY_PARAM_EC_CHAR2_PP_K3' => "k3", + 'PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS' => "decoded-from-explicit", + +# Elliptic Curve Key Parameters + 'PKEY_PARAM_USE_COFACTOR_FLAG' => "use-cofactor-flag", + 'PKEY_PARAM_USE_COFACTOR_ECDH' => '*PKEY_PARAM_USE_COFACTOR_FLAG', + +# RSA Keys +# +# n, e, d are the usual public and private key components +# +# rsa-num is the number of factors, including p and q +# rsa-factor is used for each factor: p, q, r_i (i = 3, ...) +# rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) +# rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) +# +# The number of rsa-factor items must be equal to the number of rsa-exponent +# items, and the number of rsa-coefficients must be one less. +# (the base i for the coefficients is 2, not 1, at least as implied by +# RFC 8017) + + 'PKEY_PARAM_RSA_N' => "n", + 'PKEY_PARAM_RSA_E' => "e", + 'PKEY_PARAM_RSA_D' => "d", + 'PKEY_PARAM_RSA_FACTOR' => "rsa-factor", + 'PKEY_PARAM_RSA_EXPONENT' => "rsa-exponent", + 'PKEY_PARAM_RSA_COEFFICIENT' => "rsa-coefficient", + 'PKEY_PARAM_RSA_FACTOR1' => "rsa-factor1", + 'PKEY_PARAM_RSA_FACTOR2' => "rsa-factor2", + 'PKEY_PARAM_RSA_FACTOR3' => "rsa-factor3", + 'PKEY_PARAM_RSA_FACTOR4' => "rsa-factor4", + 'PKEY_PARAM_RSA_FACTOR5' => "rsa-factor5", + 'PKEY_PARAM_RSA_FACTOR6' => "rsa-factor6", + 'PKEY_PARAM_RSA_FACTOR7' => "rsa-factor7", + 'PKEY_PARAM_RSA_FACTOR8' => "rsa-factor8", + 'PKEY_PARAM_RSA_FACTOR9' => "rsa-factor9", + 'PKEY_PARAM_RSA_FACTOR10' => "rsa-factor10", + 'PKEY_PARAM_RSA_EXPONENT1' => "rsa-exponent1", + 'PKEY_PARAM_RSA_EXPONENT2' => "rsa-exponent2", + 'PKEY_PARAM_RSA_EXPONENT3' => "rsa-exponent3", + 'PKEY_PARAM_RSA_EXPONENT4' => "rsa-exponent4", + 'PKEY_PARAM_RSA_EXPONENT5' => "rsa-exponent5", + 'PKEY_PARAM_RSA_EXPONENT6' => "rsa-exponent6", + 'PKEY_PARAM_RSA_EXPONENT7' => "rsa-exponent7", + 'PKEY_PARAM_RSA_EXPONENT8' => "rsa-exponent8", + 'PKEY_PARAM_RSA_EXPONENT9' => "rsa-exponent9", + 'PKEY_PARAM_RSA_EXPONENT10' => "rsa-exponent10", + 'PKEY_PARAM_RSA_COEFFICIENT1' => "rsa-coefficient1", + 'PKEY_PARAM_RSA_COEFFICIENT2' => "rsa-coefficient2", + 'PKEY_PARAM_RSA_COEFFICIENT3' => "rsa-coefficient3", + 'PKEY_PARAM_RSA_COEFFICIENT4' => "rsa-coefficient4", + 'PKEY_PARAM_RSA_COEFFICIENT5' => "rsa-coefficient5", + 'PKEY_PARAM_RSA_COEFFICIENT6' => "rsa-coefficient6", + 'PKEY_PARAM_RSA_COEFFICIENT7' => "rsa-coefficient7", + 'PKEY_PARAM_RSA_COEFFICIENT8' => "rsa-coefficient8", + 'PKEY_PARAM_RSA_COEFFICIENT9' => "rsa-coefficient9", + +# Key generation parameters + 'PKEY_PARAM_RSA_BITS' => '*PKEY_PARAM_BITS', + 'PKEY_PARAM_RSA_PRIMES' => "primes", + 'PKEY_PARAM_RSA_DIGEST' => '*PKEY_PARAM_DIGEST', + 'PKEY_PARAM_RSA_DIGEST_PROPS' => '*PKEY_PARAM_PROPERTIES', + 'PKEY_PARAM_RSA_MASKGENFUNC' => '*PKEY_PARAM_MASKGENFUNC', + 'PKEY_PARAM_RSA_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', + 'PKEY_PARAM_RSA_PSS_SALTLEN' => "saltlen", + +# EC, X25519 and X448 Key generation parameters + 'PKEY_PARAM_DHKEM_IKM' => "dhkem-ikm", + +# Key generation parameters + 'PKEY_PARAM_FFC_TYPE' => "type", + 'PKEY_PARAM_FFC_PBITS' => "pbits", + 'PKEY_PARAM_FFC_QBITS' => "qbits", + 'PKEY_PARAM_FFC_DIGEST' => '*PKEY_PARAM_DIGEST', + 'PKEY_PARAM_FFC_DIGEST_PROPS' => '*PKEY_PARAM_PROPERTIES', + + 'PKEY_PARAM_EC_ENCODING' => "encoding",# utf8_string + 'PKEY_PARAM_EC_POINT_CONVERSION_FORMAT' => "point-format", + 'PKEY_PARAM_EC_GROUP_CHECK_TYPE' => "group-check", + 'PKEY_PARAM_EC_INCLUDE_PUBLIC' => "include-public", + +# Key Exchange parameters + 'EXCHANGE_PARAM_PAD' => "pad",# uint + 'EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE' => "ecdh-cofactor-mode",# int + 'EXCHANGE_PARAM_KDF_TYPE' => "kdf-type",# utf8_string + 'EXCHANGE_PARAM_KDF_DIGEST' => "kdf-digest",# utf8_string + 'EXCHANGE_PARAM_KDF_DIGEST_PROPS' => "kdf-digest-props",# utf8_string + 'EXCHANGE_PARAM_KDF_OUTLEN' => "kdf-outlen",# size_t +# The following parameter is an octet_string on set and an octet_ptr on get + 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm", + +# Signature parameters + 'SIGNATURE_PARAM_ALGORITHM_ID' => "algorithm-id", + 'SIGNATURE_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE', + 'SIGNATURE_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', + 'SIGNATURE_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES', + 'SIGNATURE_PARAM_PSS_SALTLEN' => "saltlen", + 'SIGNATURE_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', + 'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES', + 'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE', + 'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type", + 'SIGNATURE_PARAM_INSTANCE' => "instance", + 'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string", + +# Asym cipher parameters + 'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', + 'ASYM_CIPHER_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES', + 'ASYM_CIPHER_PARAM_ENGINE' => '*PKEY_PARAM_ENGINE', + 'ASYM_CIPHER_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE', + 'ASYM_CIPHER_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', + 'ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS' => '*PKEY_PARAM_MGF1_PROPERTIES', + 'ASYM_CIPHER_PARAM_OAEP_DIGEST' => '*ALG_PARAM_DIGEST', + 'ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS' => "digest-props", +# The following parameter is an octet_string on set and an octet_ptr on get + 'ASYM_CIPHER_PARAM_OAEP_LABEL' => "oaep-label", + 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version", + 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", + 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", + +# Encoder / decoder parameters + + 'ENCODER_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', + 'ENCODER_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', +# Currently PVK only, but reusable for others as needed + 'ENCODER_PARAM_ENCRYPT_LEVEL' => "encrypt-level", + 'ENCODER_PARAM_SAVE_PARAMETERS' => "save-parameters",# integer + + 'DECODER_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', + +# Passphrase callback parameters + 'PASSPHRASE_PARAM_INFO' => "info", + +# Keygen callback parameters, from provider to libcrypto + 'GEN_PARAM_POTENTIAL' => "potential",# integer + 'GEN_PARAM_ITERATION' => "iteration",# integer + +# ACVP Test parameters : These should not be used normally + 'PKEY_PARAM_RSA_TEST_XP1' => "xp1", + 'PKEY_PARAM_RSA_TEST_XP2' => "xp2", + 'PKEY_PARAM_RSA_TEST_XP' => "xp", + 'PKEY_PARAM_RSA_TEST_XQ1' => "xq1", + 'PKEY_PARAM_RSA_TEST_XQ2' => "xq2", + 'PKEY_PARAM_RSA_TEST_XQ' => "xq", + 'PKEY_PARAM_RSA_TEST_P1' => "p1", + 'PKEY_PARAM_RSA_TEST_P2' => "p2", + 'PKEY_PARAM_RSA_TEST_Q1' => "q1", + 'PKEY_PARAM_RSA_TEST_Q2' => "q2", + 'SIGNATURE_PARAM_KAT' => "kat", + +# KEM parameters + 'KEM_PARAM_OPERATION' => "operation", + 'KEM_PARAM_IKME' => "ikme", + +# Capabilities + +# TLS-GROUP Capability + 'CAPABILITY_TLS_GROUP_NAME' => "tls-group-name", + 'CAPABILITY_TLS_GROUP_NAME_INTERNAL' => "tls-group-name-internal", + 'CAPABILITY_TLS_GROUP_ID' => "tls-group-id", + 'CAPABILITY_TLS_GROUP_ALG' => "tls-group-alg", + 'CAPABILITY_TLS_GROUP_SECURITY_BITS' => "tls-group-sec-bits", + 'CAPABILITY_TLS_GROUP_IS_KEM' => "tls-group-is-kem", + 'CAPABILITY_TLS_GROUP_MIN_TLS' => "tls-min-tls", + 'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls", + 'CAPABILITY_TLS_GROUP_MIN_DTLS' => "tls-min-dtls", + 'CAPABILITY_TLS_GROUP_MAX_DTLS' => "tls-max-dtls", + +# TLS-SIGALG Capability + 'CAPABILITY_TLS_SIGALG_IANA_NAME' => "tls-sigalg-iana-name", + 'CAPABILITY_TLS_SIGALG_CODE_POINT' => "tls-sigalg-code-point", + 'CAPABILITY_TLS_SIGALG_NAME' => "tls-sigalg-name", + 'CAPABILITY_TLS_SIGALG_OID' => "tls-sigalg-oid", + 'CAPABILITY_TLS_SIGALG_SIG_NAME' => "tls-sigalg-sig-name", + 'CAPABILITY_TLS_SIGALG_SIG_OID' => "tls-sigalg-sig-oid", + 'CAPABILITY_TLS_SIGALG_HASH_NAME' => "tls-sigalg-hash-name", + 'CAPABILITY_TLS_SIGALG_HASH_OID' => "tls-sigalg-hash-oid", + 'CAPABILITY_TLS_SIGALG_KEYTYPE' => "tls-sigalg-keytype", + 'CAPABILITY_TLS_SIGALG_KEYTYPE_OID' => "tls-sigalg-keytype-oid", + 'CAPABILITY_TLS_SIGALG_SECURITY_BITS' => "tls-sigalg-sec-bits", + 'CAPABILITY_TLS_SIGALG_MIN_TLS' => "tls-min-tls", + 'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls", + +# storemgmt parameters + + +# Used by storemgmt_ctx_set_params(): +# +# - STORE_PARAM_EXPECT is an INTEGER, and the value is any of the +# STORE_INFO numbers. This is used to set the expected type of +# object loaded. +# +# - STORE_PARAM_SUBJECT, STORE_PARAM_ISSUER, +# STORE_PARAM_SERIAL, STORE_PARAM_FINGERPRINT, +# STORE_PARAM_DIGEST, STORE_PARAM_ALIAS +# are used as search criteria. +# (STORE_PARAM_DIGEST is used with STORE_PARAM_FINGERPRINT) + + 'STORE_PARAM_EXPECT' => "expect", # INTEGER + 'STORE_PARAM_SUBJECT' => "subject", # DER blob => OCTET_STRING + 'STORE_PARAM_ISSUER' => "name", # DER blob => OCTET_STRING + 'STORE_PARAM_SERIAL' => "serial", # INTEGER + 'STORE_PARAM_DIGEST' => "digest", # UTF8_STRING + 'STORE_PARAM_FINGERPRINT' => "fingerprint", # OCTET_STRING + 'STORE_PARAM_ALIAS' => "alias", # UTF8_STRING + +# You may want to pass properties for the provider implementation to use + 'STORE_PARAM_PROPERTIES' => "properties", # utf8_string +# DECODER input type if a decoder is used by the store + 'STORE_PARAM_INPUT_TYPE' => "input-type", # UTF8_STRING + + +# Libssl record layer + 'LIBSSL_RECORD_LAYER_PARAM_OPTIONS' => "options", + 'LIBSSL_RECORD_LAYER_PARAM_MODE' => "mode", + 'LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD' => "read_ahead", + 'LIBSSL_RECORD_LAYER_READ_BUFFER_LEN' => "read_buffer_len", + 'LIBSSL_RECORD_LAYER_PARAM_USE_ETM' => "use_etm", + 'LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC' => "stream_mac", + 'LIBSSL_RECORD_LAYER_PARAM_TLSTREE' => "tlstree", + 'LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN' => "max_frag_len", + 'LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA' => "max_early_data", + 'LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING' => "block_padding", +); + +# Generate string based macros for public consumption +sub generate_public_macros { + my @macros = (); + + foreach my $name (keys %params) { + my $val = $params{$name}; + my $def = '# define OSSL_' . $name . ' '; + + if (substr($val, 0, 1) eq '*') { + $def .= 'OSSL_' . substr($val, 1); + } else { + $def .= '"' . $val . '"'; + } + push(@macros, $def) + } + return join("\n", sort @macros); +} + +# Generate number based macros for internal use +# The numbers are unique per string +sub generate_internal_macros { + my @macros = (); + my $count = 0; + my %reverse; + + # Determine the number for each unique string + # Sort the names to improve the chance of cache coherency + foreach my $name (sort keys %params) { + my $val = $params{$name}; + + if (substr($val, 0, 1) ne '*' and not defined $reverse{$val}) { + $reverse{$val} = $count++; + } + } + + # Output the defines + foreach my $name (keys %params) { + my $val = $params{$name}; + my $def = '#define PIDX_' . $name . ' '; + + if (substr($val, 0, 1) eq '*') { + $def .= 'PIDX_' . substr($val, 1); + } else { + $def .= $reverse{$val}; + } + push(@macros, $def) + } + return "#define NUM_PIDX $count\n\n" . join("\n", sort @macros); +} + +sub generate_trie { + my %trie; + my $nodes = 0; + my $chars = 0; + + foreach my $name (keys %params) { + my $val = $params{$name}; + if (substr($val, 0, 1) ne '*') { + my $cursor = \%trie; + + $chars += length($val); + for my $i (0 .. length($val) - 1) { + my $c = substr($val, $i, 1); + + if (not $case_sensitive) { + $c = '_' if $c eq '-'; + $c = lc $c; + } + + if (not defined $$cursor{$c}) { + $$cursor{$c} = {}; + $nodes++; + } + $cursor = %$cursor{$c}; + } + $$cursor{'val'} = $name; + } + } + #print "\n\n/* $nodes nodes for $chars letters*/\n\n"; + return %trie; +} + +sub generate_code_from_trie { + my $n = shift; + my $trieref = shift; + my $idt = " "; + my $indent0 = $idt x ($n + 1); + my $indent1 = $indent0 . $idt; + my $strcmp = $case_sensitive ? 'strcmp' : 'strcasecmp'; + + print "int ossl_param_find_pidx(const char *s)\n{\n" if $n == 0; + + if ($trieref->{'suffix'}) { + my $suf = $trieref->{'suffix'}; + + printf "%sif ($strcmp(\"$suf\", s + $n) == 0", $indent0; + if (not $case_sensitive) { + $suf =~ tr/_/-/; + print " || $strcmp(\"$suf\", s + $n) == 0" + if ($suf ne $trieref->{'suffix'}); + } + printf ")\n%sreturn PIDX_%s;\n", $indent1, $trieref->{'name'}; + #printf "%sbreak;\n", $indent0; + return; + } + + printf "%sswitch(s\[%d\]) {\n", $indent0, $n; + printf "%sdefault:\n", $indent0; + for my $l (sort keys %$trieref) { + if ($l eq 'val') { + printf "%sbreak;\n", $indent1; + printf "%scase '\\0':\n", $indent0; + printf "%sreturn PIDX_%s;\n", $indent1, $trieref->{'val'}; + } else { + printf "%sbreak;\n", $indent1; + printf "%scase '%s':", $indent0, $l; + if (not $case_sensitive) { + print " case '-':" if ($l eq '_'); + printf " case '%s':", uc $l if ($l =~ /[a-z]/); + } + print "\n"; + generate_code_from_trie($n + 1, $trieref->{$l}); + } + } + printf "%s}\n", $indent0; + print " return -1;\n}\n" if $n == 0; + return ""; +} + +# Find long endings and cache what they resolve to +sub locate_long_endings { + my $trieref = shift; + my @names = keys %$trieref; + my $num = @names; + + return (1, '', $trieref->{$names[0]}) if ($num == 1 and $names[0] eq 'val'); + + if ($num == 1) { + my ($res, $suffix, $name) = locate_long_endings($trieref->{$names[0]}); + my $e = $names[0] . $suffix; + if ($res) { + $trieref->{'suffix'} = $e; + $trieref->{'name'} = $name; + } + return $res, $e, $name; + } + + for my $l (@names) { + if ($l ne 'val') { + my ($res, $suffix, $name) = locate_long_endings($trieref->{$l}); + } + } + return 0, ''; +} + +sub produce_decoder { + my %t = generate_trie(); + my $s; + + locate_long_endings(\%t); + + open local *STDOUT, '>', \$s; + generate_code_from_trie(0, \%t); + return $s; +} -- 2.33.0