kdf_legacy_kmgmt.c 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
  1. /*
  2. * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * This implemments a dummy key manager for legacy KDFs that still support the
  11. * old way of performing a KDF via EVP_PKEY_derive(). New KDFs should not be
  12. * implemented this way. In reality there is no key data for such KDFs, so this
  13. * key manager does very little.
  14. */
  15. #include <openssl/core_dispatch.h>
  16. #include <openssl/core_names.h>
  17. #include <openssl/err.h>
  18. #include "prov/implementations.h"
  19. #include "prov/providercommon.h"
  20. #include "prov/provider_ctx.h"
  21. #include "prov/kdfexchange.h"
  22. static OSSL_FUNC_keymgmt_new_fn kdf_newdata;
  23. static OSSL_FUNC_keymgmt_free_fn kdf_freedata;
  24. static OSSL_FUNC_keymgmt_has_fn kdf_has;
  25. KDF_DATA *ossl_kdf_data_new(void *provctx)
  26. {
  27. KDF_DATA *kdfdata;
  28. if (!ossl_prov_is_running())
  29. return NULL;
  30. kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
  31. if (kdfdata == NULL)
  32. return NULL;
  33. if (!CRYPTO_NEW_REF(&kdfdata->refcnt, 1)) {
  34. OPENSSL_free(kdfdata);
  35. return NULL;
  36. }
  37. kdfdata->libctx = PROV_LIBCTX_OF(provctx);
  38. return kdfdata;
  39. }
  40. void ossl_kdf_data_free(KDF_DATA *kdfdata)
  41. {
  42. int ref = 0;
  43. if (kdfdata == NULL)
  44. return;
  45. CRYPTO_DOWN_REF(&kdfdata->refcnt, &ref);
  46. if (ref > 0)
  47. return;
  48. CRYPTO_FREE_REF(&kdfdata->refcnt);
  49. OPENSSL_free(kdfdata);
  50. }
  51. int ossl_kdf_data_up_ref(KDF_DATA *kdfdata)
  52. {
  53. int ref = 0;
  54. /* This is effectively doing a new operation on the KDF_DATA and should be
  55. * adequately guarded again modules' error states. However, both current
  56. * calls here are guarded properly in exchange/kdf_exch.c. Thus, it
  57. * could be removed here. The concern is that something in the future
  58. * might call this function without adequate guards. It's a cheap call,
  59. * it seems best to leave it even though it is currently redundant.
  60. */
  61. if (!ossl_prov_is_running())
  62. return 0;
  63. CRYPTO_UP_REF(&kdfdata->refcnt, &ref);
  64. return 1;
  65. }
  66. static void *kdf_newdata(void *provctx)
  67. {
  68. return ossl_kdf_data_new(provctx);
  69. }
  70. static void kdf_freedata(void *kdfdata)
  71. {
  72. ossl_kdf_data_free(kdfdata);
  73. }
  74. static int kdf_has(const void *keydata, int selection)
  75. {
  76. return 1; /* nothing is missing */
  77. }
  78. const OSSL_DISPATCH ossl_kdf_keymgmt_functions[] = {
  79. { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))kdf_newdata },
  80. { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))kdf_freedata },
  81. { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))kdf_has },
  82. OSSL_DISPATCH_END
  83. };