encoder_pkey.c@ 94403

Last change on this file since 94403 was 94320, checked in by vboxsync, 3 years ago
libs/openssl-3.0.1: Export to OSE and fix copyright headers in Makefiles, bugref:10128
File size: 12.2 KB

Line
1	/*
2	* Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include "e_os.h" /* strcasecmp on Windows */
11	#include <openssl/err.h>
12	#include <openssl/ui.h>
13	#include <openssl/params.h>
14	#include <openssl/encoder.h>
15	#include <openssl/core_names.h>
16	#include <openssl/provider.h>
17	#include <openssl/safestack.h>
18	#include <openssl/trace.h>
19	#include "internal/provider.h"
20	#include "internal/property.h"
21	#include "crypto/evp.h"
22	#include "encoder_local.h"
23
24	DEFINE_STACK_OF(OSSL_ENCODER)
25
26	int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
27	const char *cipher_name,
28	const char *propquery)
29	{
30	OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
31
32	params[0] =
33	OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER,
34	(void *)cipher_name, 0);
35	params[1] =
36	OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES,
37	(void *)propquery, 0);
38
39	return OSSL_ENCODER_CTX_set_params(ctx, params);
40	}
41
42	int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
43	const unsigned char *kstr,
44	size_t klen)
45	{
46	return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
47	}
48
49	int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
50	const UI_METHOD *ui_method,
51	void *ui_data)
52	{
53	return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
54	}
55
56	int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
57	pem_password_cb cb, void cbarg)
58	{
59	return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
60	}
61
62	int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
63	OSSL_PASSPHRASE_CALLBACK *cb,
64	void *cbarg)
65	{
66	return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
67	}
68
69	/*
70	* Support for OSSL_ENCODER_CTX_new_for_type:
71	* finding a suitable encoder
72	*/
73
74	struct collected_encoder_st {
75	STACK_OF(OPENSSL_CSTRING) *names;
76	const char *output_structure;
77	const char *output_type;
78
79	const OSSL_PROVIDER *keymgmt_prov;
80	OSSL_ENCODER_CTX *ctx;
81	unsigned int flag_find_same_provider:1;
82
83	int error_occurred;
84	};
85
86	static void collect_encoder(OSSL_ENCODER encoder, void arg)
87	{
88	struct collected_encoder_st *data = arg;
89	size_t i, end_i;
90
91	if (data->error_occurred)
92	return;
93
94	data->error_occurred = 1; /* Assume the worst */
95
96	if (data->names == NULL)
97	return;
98
99	end_i = sk_OPENSSL_CSTRING_num(data->names);
100	for (i = 0; i < end_i; i++) {
101	const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
102	const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder);
103	void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
104
105	/*
106	* collect_encoder() is called in two passes, one where the encoders
107	* from the same provider as the keymgmt are looked up, and one where
108	* the other encoders are looked up. \|data->flag_find_same_provider\|
109	* tells us which pass we're in.
110	*/
111	if ((data->keymgmt_prov == prov) != data->flag_find_same_provider)
112	continue;
113
114	if (!OSSL_ENCODER_is_a(encoder, name)
115	\|\| (encoder->does_selection != NULL
116	&& !encoder->does_selection(provctx, data->ctx->selection))
117	\|\| (data->keymgmt_prov != prov
118	&& encoder->import_object == NULL))
119	continue;
120
121	/* Only add each encoder implementation once */
122	if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder))
123	break;
124	}
125
126	data->error_occurred = 0; /* All is good now */
127	}
128
129	struct collected_names_st {
130	STACK_OF(OPENSSL_CSTRING) *names;
131	unsigned int error_occurred:1;
132	};
133
134	static void collect_name(const char name, void arg)
135	{
136	struct collected_names_st *data = arg;
137
138	if (data->error_occurred)
139	return;
140
141	data->error_occurred = 1; /* Assume the worst */
142
143	if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
144	return;
145
146	data->error_occurred = 0; /* All is good now */
147	}
148
149	/*
150	* Support for OSSL_ENCODER_to_bio:
151	* writing callback for the OSSL_PARAM (the implementation doesn't have
152	* intimate knowledge of the provider side object)
153	*/
154
155	struct construct_data_st {
156	const EVP_PKEY *pk;
157	int selection;
158
159	OSSL_ENCODER_INSTANCE *encoder_inst;
160	const void *obj;
161	void *constructed_obj;
162	};
163
164	static int encoder_import_cb(const OSSL_PARAM params[], void *arg)
165	{
166	struct construct_data_st *construct_data = arg;
167	OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst;
168	OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
169	void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);
170
171	construct_data->constructed_obj =
172	encoder->import_object(encoderctx, construct_data->selection, params);
173
174	return (construct_data->constructed_obj != NULL);
175	}
176
177	static const void *
178	encoder_construct_pkey(OSSL_ENCODER_INSTANCE encoder_inst, void arg)
179	{
180	struct construct_data_st *data = arg;
181
182	if (data->obj == NULL) {
183	OSSL_ENCODER *encoder =
184	OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
185	const EVP_PKEY *pk = data->pk;
186	const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt);
187	const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
188
189	if (k_prov != e_prov) {
190	data->encoder_inst = encoder_inst;
191
192	if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection,
193	&encoder_import_cb, data))
194	return NULL;
195	data->obj = data->constructed_obj;
196	} else {
197	data->obj = pk->keydata;
198	}
199	}
200
201	return data->obj;
202	}
203
204	static void encoder_destruct_pkey(void *arg)
205	{
206	struct construct_data_st *data = arg;
207
208	if (data->encoder_inst != NULL) {
209	OSSL_ENCODER *encoder =
210	OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst);
211
212	encoder->free_object(data->constructed_obj);
213	}
214	data->constructed_obj = NULL;
215	}
216
217	/*
218	* OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if
219	* it couldn't find a suitable encoder. This allows a caller to detect if
220	* a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(),
221	* and to use fallback methods if the result is NULL.
222	*/
223	static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
224	const EVP_PKEY *pkey,
225	int selection,
226	const char *propquery)
227	{
228	struct construct_data_st *data = NULL;
229	const OSSL_PROVIDER *prov = NULL;
230	OSSL_LIB_CTX *libctx = NULL;
231	int ok = 0;
232
233	if (!ossl_assert(ctx != NULL) \|\| !ossl_assert(pkey != NULL)) {
234	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
235	return 0;
236	}
237
238	if (evp_pkey_is_provided(pkey)) {
239	prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
240	libctx = ossl_provider_libctx(prov);
241	}
242
243	if (pkey->keymgmt != NULL) {
244	struct collected_encoder_st encoder_data;
245	struct collected_names_st keymgmt_data;
246
247	if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
248	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
249	goto err;
250	}
251
252	/*
253	* Select the first encoder implementations in two steps.
254	* First, collect the keymgmt names, then the encoders that match.
255	*/
256	keymgmt_data.names = sk_OPENSSL_CSTRING_new_null();
257	keymgmt_data.error_occurred = 0;
258	EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data);
259	if (keymgmt_data.error_occurred) {
260	sk_OPENSSL_CSTRING_free(keymgmt_data.names);
261	goto err;
262	}
263
264	encoder_data.names = keymgmt_data.names;
265	encoder_data.output_type = ctx->output_type;
266	encoder_data.output_structure = ctx->output_structure;
267	encoder_data.error_occurred = 0;
268	encoder_data.keymgmt_prov = prov;
269	encoder_data.ctx = ctx;
270
271	/*
272	* Place the encoders with the a different provider as the keymgmt
273	* last (the chain is processed in reverse order)
274	*/
275	encoder_data.flag_find_same_provider = 0;
276	OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
277
278	/*
279	* Place the encoders with the same provider as the keymgmt first
280	* (the chain is processed in reverse order)
281	*/
282	encoder_data.flag_find_same_provider = 1;
283	OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
284
285	sk_OPENSSL_CSTRING_free(keymgmt_data.names);
286	if (encoder_data.error_occurred) {
287	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
288	goto err;
289	}
290	}
291
292	if (data != NULL && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
293	if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey)
294	\|\| !OSSL_ENCODER_CTX_set_construct_data(ctx, data)
295	\|\| !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey))
296	goto err;
297
298	data->pk = pkey;
299	data->selection = selection;
300
301	data = NULL; /* Avoid it being freed */
302	}
303
304	ok = 1;
305	err:
306	if (data != NULL) {
307	OSSL_ENCODER_CTX_set_construct_data(ctx, NULL);
308	OPENSSL_free(data);
309	}
310	return ok;
311	}
312
313	OSSL_ENCODER_CTX OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY pkey,
314	int selection,
315	const char *output_type,
316	const char *output_struct,
317	const char *propquery)
318	{
319	OSSL_ENCODER_CTX *ctx = NULL;
320	OSSL_LIB_CTX *libctx = NULL;
321
322	if (pkey == NULL) {
323	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
324	return NULL;
325	}
326
327	if (!evp_pkey_is_assigned(pkey)) {
328	ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT,
329	"The passed EVP_PKEY must be assigned a key");
330	return NULL;
331	}
332
333	if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) {
334	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
335	return NULL;
336	}
337
338	if (evp_pkey_is_provided(pkey)) {
339	const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
340
341	libctx = ossl_provider_libctx(prov);
342	}
343
344	OSSL_TRACE_BEGIN(ENCODER) {
345	BIO_printf(trc_out,
346	"(ctx %p) Looking for %s encoders with selection %d\n",
347	(void *)ctx, EVP_PKEY_get0_type_name(pkey), selection);
348	BIO_printf(trc_out, " output type: %s, output structure: %s\n",
349	output_type, output_struct);
350	} OSSL_TRACE_END(ENCODER);
351
352	if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type)
353	&& (output_struct == NULL
354	\|\| OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct))
355	&& OSSL_ENCODER_CTX_set_selection(ctx, selection)
356	&& ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
357	&& OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
358	OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
359	int save_parameters = pkey->save_parameters;
360
361	params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS,
362	&save_parameters);
363	/* ignoring error as this is only auxiliary parameter */
364	(void)OSSL_ENCODER_CTX_set_params(ctx, params);
365
366	OSSL_TRACE_BEGIN(ENCODER) {
367	BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
368	(void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));
369	} OSSL_TRACE_END(ENCODER);
370	return ctx;
371	}
372
373	OSSL_ENCODER_CTX_free(ctx);
374	return NULL;
375	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.0.2/crypto/encode_decode/encoder_pkey.c@ 94403

Download in other formats: