provider_util.c 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353
  1. /*
  2. * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <openssl/evp.h>
  12. #include <openssl/core_names.h>
  13. #include <openssl/err.h>
  14. #include <openssl/proverr.h>
  15. #ifndef FIPS_MODULE
  16. # include <openssl/engine.h>
  17. # include "crypto/evp.h"
  18. #endif
  19. #include "prov/provider_util.h"
  20. #include "internal/nelem.h"
  21. void ossl_prov_cipher_reset(PROV_CIPHER *pc)
  22. {
  23. EVP_CIPHER_free(pc->alloc_cipher);
  24. pc->alloc_cipher = NULL;
  25. pc->cipher = NULL;
  26. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  27. ENGINE_finish(pc->engine);
  28. #endif
  29. pc->engine = NULL;
  30. }
  31. int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src)
  32. {
  33. if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher))
  34. return 0;
  35. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  36. if (src->engine != NULL && !ENGINE_init(src->engine)) {
  37. EVP_CIPHER_free(src->alloc_cipher);
  38. return 0;
  39. }
  40. #endif
  41. dst->engine = src->engine;
  42. dst->cipher = src->cipher;
  43. dst->alloc_cipher = src->alloc_cipher;
  44. return 1;
  45. }
  46. static int load_common(const OSSL_PARAM params[], const char **propquery,
  47. ENGINE **engine)
  48. {
  49. const OSSL_PARAM *p;
  50. *propquery = NULL;
  51. p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES);
  52. if (p != NULL) {
  53. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  54. return 0;
  55. *propquery = p->data;
  56. }
  57. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  58. ENGINE_finish(*engine);
  59. #endif
  60. *engine = NULL;
  61. /* Inside the FIPS module, we don't support legacy ciphers */
  62. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  63. p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE);
  64. if (p != NULL) {
  65. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  66. return 0;
  67. /* Get a structural reference */
  68. *engine = ENGINE_by_id(p->data);
  69. if (*engine == NULL)
  70. return 0;
  71. /* Get a functional reference */
  72. if (!ENGINE_init(*engine)) {
  73. ENGINE_free(*engine);
  74. *engine = NULL;
  75. return 0;
  76. }
  77. /* Free the structural reference */
  78. ENGINE_free(*engine);
  79. }
  80. #endif
  81. return 1;
  82. }
  83. int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc,
  84. const OSSL_PARAM params[],
  85. OSSL_LIB_CTX *ctx)
  86. {
  87. const OSSL_PARAM *p;
  88. const char *propquery;
  89. if (params == NULL)
  90. return 1;
  91. if (!load_common(params, &propquery, &pc->engine))
  92. return 0;
  93. p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_CIPHER);
  94. if (p == NULL)
  95. return 1;
  96. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  97. return 0;
  98. EVP_CIPHER_free(pc->alloc_cipher);
  99. ERR_set_mark();
  100. pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery);
  101. #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy ciphers */
  102. if (pc->cipher == NULL) {
  103. const EVP_CIPHER *cipher;
  104. cipher = EVP_get_cipherbyname(p->data);
  105. /* Do not use global EVP_CIPHERs */
  106. if (cipher != NULL && cipher->origin != EVP_ORIG_GLOBAL)
  107. pc->cipher = cipher;
  108. }
  109. #endif
  110. if (pc->cipher != NULL)
  111. ERR_pop_to_mark();
  112. else
  113. ERR_clear_last_mark();
  114. return pc->cipher != NULL;
  115. }
  116. const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc)
  117. {
  118. return pc->cipher;
  119. }
  120. ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc)
  121. {
  122. return pc->engine;
  123. }
  124. void ossl_prov_digest_reset(PROV_DIGEST *pd)
  125. {
  126. EVP_MD_free(pd->alloc_md);
  127. pd->alloc_md = NULL;
  128. pd->md = NULL;
  129. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  130. ENGINE_finish(pd->engine);
  131. #endif
  132. pd->engine = NULL;
  133. }
  134. int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src)
  135. {
  136. if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md))
  137. return 0;
  138. #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
  139. if (src->engine != NULL && !ENGINE_init(src->engine)) {
  140. EVP_MD_free(src->alloc_md);
  141. return 0;
  142. }
  143. #endif
  144. dst->engine = src->engine;
  145. dst->md = src->md;
  146. dst->alloc_md = src->alloc_md;
  147. return 1;
  148. }
  149. const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
  150. const char *mdname, const char *propquery)
  151. {
  152. EVP_MD_free(pd->alloc_md);
  153. pd->md = pd->alloc_md = EVP_MD_fetch(libctx, mdname, propquery);
  154. return pd->md;
  155. }
  156. int ossl_prov_digest_load_from_params(PROV_DIGEST *pd,
  157. const OSSL_PARAM params[],
  158. OSSL_LIB_CTX *ctx)
  159. {
  160. const OSSL_PARAM *p;
  161. const char *propquery;
  162. if (params == NULL)
  163. return 1;
  164. if (!load_common(params, &propquery, &pd->engine))
  165. return 0;
  166. p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST);
  167. if (p == NULL)
  168. return 1;
  169. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  170. return 0;
  171. ERR_set_mark();
  172. ossl_prov_digest_fetch(pd, ctx, p->data, propquery);
  173. #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy digests */
  174. if (pd->md == NULL) {
  175. const EVP_MD *md;
  176. md = EVP_get_digestbyname(p->data);
  177. /* Do not use global EVP_MDs */
  178. if (md != NULL && md->origin != EVP_ORIG_GLOBAL)
  179. pd->md = md;
  180. }
  181. #endif
  182. if (pd->md != NULL)
  183. ERR_pop_to_mark();
  184. else
  185. ERR_clear_last_mark();
  186. return pd->md != NULL;
  187. }
  188. const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd)
  189. {
  190. return pd->md;
  191. }
  192. ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd)
  193. {
  194. return pd->engine;
  195. }
  196. int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
  197. const OSSL_PARAM params[],
  198. const char *ciphername,
  199. const char *mdname,
  200. const char *engine,
  201. const char *properties,
  202. const unsigned char *key,
  203. size_t keylen)
  204. {
  205. const OSSL_PARAM *p;
  206. OSSL_PARAM mac_params[6], *mp = mac_params;
  207. if (params != NULL) {
  208. if (mdname == NULL) {
  209. if ((p = OSSL_PARAM_locate_const(params,
  210. OSSL_ALG_PARAM_DIGEST)) != NULL) {
  211. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  212. return 0;
  213. mdname = p->data;
  214. }
  215. }
  216. if (ciphername == NULL) {
  217. if ((p = OSSL_PARAM_locate_const(params,
  218. OSSL_ALG_PARAM_CIPHER)) != NULL) {
  219. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  220. return 0;
  221. ciphername = p->data;
  222. }
  223. }
  224. if (engine == NULL) {
  225. if ((p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE))
  226. != NULL) {
  227. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  228. return 0;
  229. engine = p->data;
  230. }
  231. }
  232. }
  233. if (mdname != NULL)
  234. *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
  235. (char *)mdname, 0);
  236. if (ciphername != NULL)
  237. *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
  238. (char *)ciphername, 0);
  239. if (properties != NULL)
  240. *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
  241. (char *)properties, 0);
  242. #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
  243. if (engine != NULL)
  244. *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_ENGINE,
  245. (char *) engine, 0);
  246. #endif
  247. if (key != NULL)
  248. *mp++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
  249. (unsigned char *)key,
  250. keylen);
  251. *mp = OSSL_PARAM_construct_end();
  252. return EVP_MAC_CTX_set_params(macctx, mac_params);
  253. }
  254. int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
  255. const OSSL_PARAM params[],
  256. const char *macname,
  257. const char *ciphername,
  258. const char *mdname,
  259. OSSL_LIB_CTX *libctx)
  260. {
  261. const OSSL_PARAM *p;
  262. const char *properties = NULL;
  263. if (macname == NULL
  264. && (p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_MAC)) != NULL) {
  265. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  266. return 0;
  267. macname = p->data;
  268. }
  269. if ((p = OSSL_PARAM_locate_const(params,
  270. OSSL_ALG_PARAM_PROPERTIES)) != NULL) {
  271. if (p->data_type != OSSL_PARAM_UTF8_STRING)
  272. return 0;
  273. properties = p->data;
  274. }
  275. /* If we got a new mac name, we make a new EVP_MAC_CTX */
  276. if (macname != NULL) {
  277. EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties);
  278. EVP_MAC_CTX_free(*macctx);
  279. *macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac);
  280. /* The context holds on to the MAC */
  281. EVP_MAC_free(mac);
  282. if (*macctx == NULL)
  283. return 0;
  284. }
  285. /*
  286. * If there is no MAC yet (and therefore, no MAC context), we ignore
  287. * all other parameters.
  288. */
  289. if (*macctx == NULL)
  290. return 1;
  291. if (ossl_prov_set_macctx(*macctx, params, ciphername, mdname, NULL,
  292. properties, NULL, 0))
  293. return 1;
  294. EVP_MAC_CTX_free(*macctx);
  295. *macctx = NULL;
  296. return 0;
  297. }
  298. void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in,
  299. OSSL_ALGORITHM *out)
  300. {
  301. int i, j;
  302. if (out[0].algorithm_names == NULL) {
  303. for (i = j = 0; in[i].alg.algorithm_names != NULL; ++i) {
  304. if (in[i].capable == NULL || in[i].capable())
  305. out[j++] = in[i].alg;
  306. }
  307. out[j++] = in[i].alg;
  308. }
  309. }