2020-07-09 05:19:13 +08:00
|
|
|
/*
|
2022-05-03 18:52:38 +08:00
|
|
|
* Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
2020-07-09 05:19:13 +08:00
|
|
|
*
|
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <openssl/core_names.h>
|
CORE: Define provider-native abstract objects
This is placed as CORE because the core of libcrypto is the authority
for what is possible to do and what's required to make these abstract
objects work.
In essence, an abstract object is an OSSL_PARAM array with well
defined parameter keys and values:
- an object type, which is a number indicating what kind of
libcrypto structure the object in question can be used with. The
currently possible numbers are defined in <openssl/core_object.h>.
- an object data type, which is a string that indicates more closely
what the contents of the object are.
- the object data, an octet string. The exact encoding used depends
on the context in which it's used. For example, the decoder
sub-system accepts any encoding, as long as there is a decoder
implementation that takes that as input. If central code is to
handle the data directly, DER encoding is assumed. (*)
- an object reference, also an octet string. This octet string is
not the object contents, just a mere reference to a provider-native
object. (**)
- an object description, which is a human readable text string that
can be displayed if some software desires to do so.
The intent is that certain provider-native operations (called X
here) are able to return any sort of object that belong with other
operations, or an object that has no provider support otherwise.
(*) A future extension might be to be able to specify encoding.
(**) The possible mechanisms for dealing with object references are:
- An object loading function in the target operation. The exact
target operation is determined by the object type (for example,
OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT)
and the implementation to be fetched by its object data type (for
an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched).
This loading function is only useful for this if the implementations
that are involved (X and KEYMGMT, for example) are from the same
provider.
- An object exporter function in the operation X implementation.
That exporter function can be used to export the object data in
OSSL_PARAM form that can be imported by a target operation's
import function. This can be used when it's not possible to fetch
the target operation implementation from the same provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 21:34:25 +08:00
|
|
|
#include <openssl/core_object.h>
|
2020-10-26 20:17:42 +08:00
|
|
|
#include <openssl/provider.h>
|
2020-07-09 05:19:13 +08:00
|
|
|
#include <openssl/evp.h>
|
2020-07-10 21:13:55 +08:00
|
|
|
#include <openssl/ui.h>
|
2020-08-17 03:25:08 +08:00
|
|
|
#include <openssl/decoder.h>
|
2020-07-09 05:19:13 +08:00
|
|
|
#include <openssl/safestack.h>
|
2020-10-28 17:13:24 +08:00
|
|
|
#include <openssl/trace.h>
|
2020-07-09 05:19:13 +08:00
|
|
|
#include "crypto/evp.h"
|
2020-08-02 18:46:00 +08:00
|
|
|
#include "crypto/decoder.h"
|
2022-03-18 01:29:22 +08:00
|
|
|
#include "crypto/evp/evp_local.h"
|
2023-07-11 00:41:06 +08:00
|
|
|
#include "crypto/lhash.h"
|
2020-08-17 03:25:08 +08:00
|
|
|
#include "encoder_local.h"
|
2022-03-18 01:29:22 +08:00
|
|
|
#include "internal/namemap.h"
|
2023-07-11 00:41:06 +08:00
|
|
|
#include "internal/sizes.h"
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
|
|
|
|
|
const unsigned char *kstr,
|
|
|
|
|
size_t klen)
|
2020-07-10 21:13:55 +08:00
|
|
|
{
|
2020-08-02 18:14:19 +08:00
|
|
|
return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
|
2020-07-10 21:13:55 +08:00
|
|
|
}
|
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx,
|
|
|
|
|
const UI_METHOD *ui_method,
|
|
|
|
|
void *ui_data)
|
2020-07-10 21:13:55 +08:00
|
|
|
{
|
2020-08-02 18:14:19 +08:00
|
|
|
return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
|
2020-07-10 21:13:55 +08:00
|
|
|
}
|
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx,
|
|
|
|
|
pem_password_cb *cb, void *cbarg)
|
2020-07-10 21:13:55 +08:00
|
|
|
{
|
2020-08-02 18:14:19 +08:00
|
|
|
return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
|
2020-07-10 21:13:55 +08:00
|
|
|
}
|
|
|
|
|
|
2020-08-02 20:29:33 +08:00
|
|
|
int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx,
|
|
|
|
|
OSSL_PASSPHRASE_CALLBACK *cb,
|
|
|
|
|
void *cbarg)
|
|
|
|
|
{
|
|
|
|
|
return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-09 05:19:13 +08:00
|
|
|
/*
|
2021-02-11 23:57:37 +08:00
|
|
|
* Support for OSSL_DECODER_CTX_new_for_pkey:
|
2020-07-28 00:39:58 +08:00
|
|
|
* The construct data, and collecting keymgmt information for it
|
2020-07-09 05:19:13 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
DEFINE_STACK_OF(EVP_KEYMGMT)
|
|
|
|
|
|
2021-02-11 23:57:37 +08:00
|
|
|
struct decoder_pkey_data_st {
|
2020-12-11 01:33:16 +08:00
|
|
|
OSSL_LIB_CTX *libctx;
|
|
|
|
|
char *propq;
|
2021-06-28 11:52:42 +08:00
|
|
|
int selection;
|
2020-12-11 01:33:16 +08:00
|
|
|
|
2021-06-28 11:37:22 +08:00
|
|
|
STACK_OF(EVP_KEYMGMT) *keymgmts;
|
2020-07-09 05:19:13 +08:00
|
|
|
char *object_type; /* recorded object data type, may be NULL */
|
|
|
|
|
void **object; /* Where the result should end up */
|
|
|
|
|
};
|
|
|
|
|
|
2021-02-11 23:57:37 +08:00
|
|
|
static int decoder_construct_pkey(OSSL_DECODER_INSTANCE *decoder_inst,
|
|
|
|
|
const OSSL_PARAM *params,
|
|
|
|
|
void *construct_data)
|
2020-07-09 05:19:13 +08:00
|
|
|
{
|
2021-02-11 23:57:37 +08:00
|
|
|
struct decoder_pkey_data_st *data = construct_data;
|
2020-09-14 17:35:07 +08:00
|
|
|
OSSL_DECODER *decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst);
|
|
|
|
|
void *decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst);
|
2021-06-28 11:37:22 +08:00
|
|
|
const OSSL_PROVIDER *decoder_prov = OSSL_DECODER_get0_provider(decoder);
|
2020-12-11 01:33:16 +08:00
|
|
|
EVP_KEYMGMT *keymgmt = NULL;
|
2021-06-28 11:37:22 +08:00
|
|
|
const OSSL_PROVIDER *keymgmt_prov = NULL;
|
|
|
|
|
int i, end;
|
2020-07-09 05:19:13 +08:00
|
|
|
/*
|
|
|
|
|
* |object_ref| points to a provider reference to an object, its exact
|
|
|
|
|
* contents entirely opaque to us, but may be passed to any provider
|
|
|
|
|
* function that expects this (such as OSSL_FUNC_keymgmt_load().
|
|
|
|
|
*
|
|
|
|
|
* This pointer is considered volatile, i.e. whatever it points at
|
|
|
|
|
* is assumed to be freed as soon as this function returns.
|
|
|
|
|
*/
|
|
|
|
|
void *object_ref = NULL;
|
|
|
|
|
size_t object_ref_sz = 0;
|
|
|
|
|
const OSSL_PARAM *p;
|
|
|
|
|
|
CORE: Define provider-native abstract objects
This is placed as CORE because the core of libcrypto is the authority
for what is possible to do and what's required to make these abstract
objects work.
In essence, an abstract object is an OSSL_PARAM array with well
defined parameter keys and values:
- an object type, which is a number indicating what kind of
libcrypto structure the object in question can be used with. The
currently possible numbers are defined in <openssl/core_object.h>.
- an object data type, which is a string that indicates more closely
what the contents of the object are.
- the object data, an octet string. The exact encoding used depends
on the context in which it's used. For example, the decoder
sub-system accepts any encoding, as long as there is a decoder
implementation that takes that as input. If central code is to
handle the data directly, DER encoding is assumed. (*)
- an object reference, also an octet string. This octet string is
not the object contents, just a mere reference to a provider-native
object. (**)
- an object description, which is a human readable text string that
can be displayed if some software desires to do so.
The intent is that certain provider-native operations (called X
here) are able to return any sort of object that belong with other
operations, or an object that has no provider support otherwise.
(*) A future extension might be to be able to specify encoding.
(**) The possible mechanisms for dealing with object references are:
- An object loading function in the target operation. The exact
target operation is determined by the object type (for example,
OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT)
and the implementation to be fetched by its object data type (for
an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched).
This loading function is only useful for this if the implementations
that are involved (X and KEYMGMT, for example) are from the same
provider.
- An object exporter function in the operation X implementation.
That exporter function can be used to export the object data in
OSSL_PARAM form that can be imported by a target operation's
import function. This can be used when it's not possible to fetch
the target operation implementation from the same provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 21:34:25 +08:00
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE);
|
2020-07-09 05:19:13 +08:00
|
|
|
if (p != NULL) {
|
|
|
|
|
char *object_type = NULL;
|
|
|
|
|
|
|
|
|
|
if (!OSSL_PARAM_get_utf8_string(p, &object_type, 0))
|
|
|
|
|
return 0;
|
|
|
|
|
OPENSSL_free(data->object_type);
|
|
|
|
|
data->object_type = object_type;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* For stuff that should end up in an EVP_PKEY, we only accept an object
|
|
|
|
|
* reference for the moment. This enforces that the key data itself
|
|
|
|
|
* remains with the provider.
|
|
|
|
|
*/
|
CORE: Define provider-native abstract objects
This is placed as CORE because the core of libcrypto is the authority
for what is possible to do and what's required to make these abstract
objects work.
In essence, an abstract object is an OSSL_PARAM array with well
defined parameter keys and values:
- an object type, which is a number indicating what kind of
libcrypto structure the object in question can be used with. The
currently possible numbers are defined in <openssl/core_object.h>.
- an object data type, which is a string that indicates more closely
what the contents of the object are.
- the object data, an octet string. The exact encoding used depends
on the context in which it's used. For example, the decoder
sub-system accepts any encoding, as long as there is a decoder
implementation that takes that as input. If central code is to
handle the data directly, DER encoding is assumed. (*)
- an object reference, also an octet string. This octet string is
not the object contents, just a mere reference to a provider-native
object. (**)
- an object description, which is a human readable text string that
can be displayed if some software desires to do so.
The intent is that certain provider-native operations (called X
here) are able to return any sort of object that belong with other
operations, or an object that has no provider support otherwise.
(*) A future extension might be to be able to specify encoding.
(**) The possible mechanisms for dealing with object references are:
- An object loading function in the target operation. The exact
target operation is determined by the object type (for example,
OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT)
and the implementation to be fetched by its object data type (for
an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched).
This loading function is only useful for this if the implementations
that are involved (X and KEYMGMT, for example) are from the same
provider.
- An object exporter function in the operation X implementation.
That exporter function can be used to export the object data in
OSSL_PARAM form that can be imported by a target operation's
import function. This can be used when it's not possible to fetch
the target operation implementation from the same provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 21:34:25 +08:00
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_REFERENCE);
|
2020-07-09 05:19:13 +08:00
|
|
|
if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING)
|
|
|
|
|
return 0;
|
|
|
|
|
object_ref = p->data;
|
|
|
|
|
object_ref_sz = p->data_size;
|
|
|
|
|
|
2021-06-28 11:37:22 +08:00
|
|
|
/*
|
|
|
|
|
* First, we try to find a keymgmt that comes from the same provider as
|
|
|
|
|
* the decoder that passed the params.
|
|
|
|
|
*/
|
|
|
|
|
end = sk_EVP_KEYMGMT_num(data->keymgmts);
|
|
|
|
|
for (i = 0; i < end; i++) {
|
|
|
|
|
keymgmt = sk_EVP_KEYMGMT_value(data->keymgmts, i);
|
|
|
|
|
keymgmt_prov = EVP_KEYMGMT_get0_provider(keymgmt);
|
|
|
|
|
|
|
|
|
|
if (keymgmt_prov == decoder_prov
|
|
|
|
|
&& evp_keymgmt_has_load(keymgmt)
|
|
|
|
|
&& EVP_KEYMGMT_is_a(keymgmt, data->object_type))
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (i < end) {
|
|
|
|
|
/* To allow it to be freed further down */
|
|
|
|
|
if (!EVP_KEYMGMT_up_ref(keymgmt))
|
|
|
|
|
return 0;
|
2021-07-02 21:45:09 +08:00
|
|
|
} else if ((keymgmt = EVP_KEYMGMT_fetch(data->libctx,
|
|
|
|
|
data->object_type,
|
|
|
|
|
data->propq)) != NULL) {
|
2021-06-28 11:37:22 +08:00
|
|
|
keymgmt_prov = EVP_KEYMGMT_get0_provider(keymgmt);
|
|
|
|
|
}
|
2020-12-11 01:33:16 +08:00
|
|
|
|
|
|
|
|
if (keymgmt != NULL) {
|
|
|
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
|
void *keydata = NULL;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
|
|
|
|
/*
|
2020-12-11 01:33:16 +08:00
|
|
|
* If the EVP_KEYMGMT and the OSSL_DECODER are from the
|
|
|
|
|
* same provider, we assume that the KEYMGMT has a key loading
|
|
|
|
|
* function that can handle the provider reference we hold.
|
2020-07-09 05:19:13 +08:00
|
|
|
*
|
2020-12-11 01:33:16 +08:00
|
|
|
* Otherwise, we export from the decoder and import the
|
|
|
|
|
* result in the keymgmt.
|
2020-07-09 05:19:13 +08:00
|
|
|
*/
|
2020-12-11 01:33:16 +08:00
|
|
|
if (keymgmt_prov == decoder_prov) {
|
|
|
|
|
keydata = evp_keymgmt_load(keymgmt, object_ref, object_ref_sz);
|
|
|
|
|
} else {
|
|
|
|
|
struct evp_keymgmt_util_try_import_data_st import_data;
|
|
|
|
|
|
|
|
|
|
import_data.keymgmt = keymgmt;
|
|
|
|
|
import_data.keydata = NULL;
|
2023-07-21 23:40:31 +08:00
|
|
|
if (data->selection == 0)
|
|
|
|
|
/* import/export functions do not tolerate 0 selection */
|
|
|
|
|
import_data.selection = OSSL_KEYMGMT_SELECT_ALL;
|
|
|
|
|
else
|
|
|
|
|
import_data.selection = data->selection;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
|
|
|
|
/*
|
2020-12-11 01:33:16 +08:00
|
|
|
* No need to check for errors here, the value of
|
|
|
|
|
* |import_data.keydata| is as much an indicator.
|
2020-07-09 05:19:13 +08:00
|
|
|
*/
|
2020-12-11 01:33:16 +08:00
|
|
|
(void)decoder->export_object(decoderctx,
|
|
|
|
|
object_ref, object_ref_sz,
|
|
|
|
|
&evp_keymgmt_util_try_import,
|
|
|
|
|
&import_data);
|
|
|
|
|
keydata = import_data.keydata;
|
|
|
|
|
import_data.keydata = NULL;
|
2020-07-09 05:19:13 +08:00
|
|
|
}
|
2020-12-11 01:33:16 +08:00
|
|
|
|
|
|
|
|
if (keydata != NULL
|
|
|
|
|
&& (pkey = evp_keymgmt_util_make_pkey(keymgmt, keydata)) == NULL)
|
|
|
|
|
evp_keymgmt_freedata(keymgmt, keydata);
|
|
|
|
|
|
|
|
|
|
*data->object = pkey;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* evp_keymgmt_util_make_pkey() increments the reference count when
|
|
|
|
|
* assigning the EVP_PKEY, so we can free the keymgmt here.
|
|
|
|
|
*/
|
|
|
|
|
EVP_KEYMGMT_free(keymgmt);
|
2020-07-09 05:19:13 +08:00
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* We successfully looked through, |*ctx->object| determines if we
|
|
|
|
|
* actually found something.
|
|
|
|
|
*/
|
|
|
|
|
return (*data->object != NULL);
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-11 23:57:37 +08:00
|
|
|
static void decoder_clean_pkey_construct_arg(void *construct_data)
|
2020-07-09 05:19:13 +08:00
|
|
|
{
|
2021-02-11 23:57:37 +08:00
|
|
|
struct decoder_pkey_data_st *data = construct_data;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2020-07-28 03:51:44 +08:00
|
|
|
if (data != NULL) {
|
2021-06-28 11:37:22 +08:00
|
|
|
sk_EVP_KEYMGMT_pop_free(data->keymgmts, EVP_KEYMGMT_free);
|
2020-12-11 01:33:16 +08:00
|
|
|
OPENSSL_free(data->propq);
|
2020-07-28 03:51:44 +08:00
|
|
|
OPENSSL_free(data->object_type);
|
|
|
|
|
OPENSSL_free(data);
|
|
|
|
|
}
|
2020-07-09 05:19:13 +08:00
|
|
|
}
|
|
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
struct collect_data_st {
|
|
|
|
|
OSSL_LIB_CTX *libctx;
|
|
|
|
|
OSSL_DECODER_CTX *ctx;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
const char *keytype; /* the keytype requested, if any */
|
|
|
|
|
int keytype_id; /* if keytype_resolved is set, keymgmt name_id; else 0 */
|
|
|
|
|
int sm2_id; /* if keytype_resolved is set and EC, SM2 name_id; else 0 */
|
|
|
|
|
int total; /* number of matching results */
|
|
|
|
|
char error_occurred;
|
|
|
|
|
char keytype_resolved;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
STACK_OF(EVP_KEYMGMT) *keymgmts;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
static void collect_decoder_keymgmt(EVP_KEYMGMT *keymgmt, OSSL_DECODER *decoder,
|
|
|
|
|
void *provctx, struct collect_data_st *data)
|
2020-07-09 05:19:13 +08:00
|
|
|
{
|
2022-03-18 01:29:22 +08:00
|
|
|
void *decoderctx = NULL;
|
|
|
|
|
OSSL_DECODER_INSTANCE *di = NULL;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We already checked the EVP_KEYMGMT is applicable in check_keymgmt so we
|
|
|
|
|
* don't check it again here.
|
|
|
|
|
*/
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
if (keymgmt->name_id != decoder->base.id)
|
|
|
|
|
/* Mismatch is not an error, continue. */
|
2020-07-09 05:19:13 +08:00
|
|
|
return;
|
2022-03-18 01:29:22 +08:00
|
|
|
|
|
|
|
|
if ((decoderctx = decoder->newctx(provctx)) == NULL) {
|
|
|
|
|
data->error_occurred = 1;
|
2020-07-09 05:19:13 +08:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
if ((di = ossl_decoder_instance_new(decoder, decoderctx)) == NULL) {
|
|
|
|
|
decoder->freectx(decoderctx);
|
|
|
|
|
data->error_occurred = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
2020-12-11 01:33:16 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
|
|
|
|
BIO_printf(trc_out,
|
|
|
|
|
"(ctx %p) Checking out decoder %p:\n"
|
|
|
|
|
" %s with %s\n",
|
|
|
|
|
(void *)data->ctx, (void *)decoder,
|
|
|
|
|
OSSL_DECODER_get0_name(decoder),
|
|
|
|
|
OSSL_DECODER_get0_properties(decoder));
|
|
|
|
|
} OSSL_TRACE_END(DECODER);
|
|
|
|
|
|
|
|
|
|
if (!ossl_decoder_ctx_add_decoder_inst(data->ctx, di)) {
|
|
|
|
|
ossl_decoder_instance_free(di);
|
|
|
|
|
data->error_occurred = 1;
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
++data->total;
|
|
|
|
|
}
|
2020-12-11 01:33:16 +08:00
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
static void collect_decoder(OSSL_DECODER *decoder, void *arg)
|
2020-08-04 03:04:05 +08:00
|
|
|
{
|
2022-03-18 01:29:22 +08:00
|
|
|
struct collect_data_st *data = arg;
|
|
|
|
|
STACK_OF(EVP_KEYMGMT) *keymgmts = data->keymgmts;
|
2022-03-24 11:31:19 +08:00
|
|
|
int i, end_i;
|
2022-03-18 01:29:22 +08:00
|
|
|
EVP_KEYMGMT *keymgmt;
|
|
|
|
|
const OSSL_PROVIDER *prov;
|
|
|
|
|
void *provctx;
|
2020-08-04 03:04:05 +08:00
|
|
|
|
2021-03-03 01:15:32 +08:00
|
|
|
if (data->error_occurred)
|
2020-08-04 03:04:05 +08:00
|
|
|
return;
|
|
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
prov = OSSL_DECODER_get0_provider(decoder);
|
|
|
|
|
provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
|
2021-05-21 19:21:32 +08:00
|
|
|
|
|
|
|
|
/*
|
2022-03-18 01:29:22 +08:00
|
|
|
* Either the caller didn't give us a selection, or if they did, the decoder
|
|
|
|
|
* must tell us if it supports that selection to be accepted. If the decoder
|
|
|
|
|
* doesn't have |does_selection|, it's seen as taking anything.
|
2021-05-21 19:21:32 +08:00
|
|
|
*/
|
|
|
|
|
if (decoder->does_selection != NULL
|
|
|
|
|
&& !decoder->does_selection(provctx, data->ctx->selection))
|
2020-08-11 13:17:17 +08:00
|
|
|
return;
|
2020-08-04 03:04:05 +08:00
|
|
|
|
2021-06-09 16:58:33 +08:00
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
|
|
|
|
BIO_printf(trc_out,
|
|
|
|
|
"(ctx %p) Checking out decoder %p:\n"
|
|
|
|
|
" %s with %s\n",
|
|
|
|
|
(void *)data->ctx, (void *)decoder,
|
|
|
|
|
OSSL_DECODER_get0_name(decoder),
|
|
|
|
|
OSSL_DECODER_get0_properties(decoder));
|
|
|
|
|
} OSSL_TRACE_END(DECODER);
|
|
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
end_i = sk_EVP_KEYMGMT_num(keymgmts);
|
|
|
|
|
for (i = 0; i < end_i; ++i) {
|
|
|
|
|
keymgmt = sk_EVP_KEYMGMT_value(keymgmts, i);
|
|
|
|
|
|
|
|
|
|
collect_decoder_keymgmt(keymgmt, decoder, provctx, data);
|
|
|
|
|
if (data->error_occurred)
|
2021-05-21 19:21:32 +08:00
|
|
|
return;
|
2020-08-04 03:04:05 +08:00
|
|
|
}
|
2022-03-18 01:29:22 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Is this EVP_KEYMGMT applicable given the key type given in the call to
|
|
|
|
|
* ossl_decoder_ctx_setup_for_pkey (if any)?
|
|
|
|
|
*/
|
|
|
|
|
static int check_keymgmt(EVP_KEYMGMT *keymgmt, struct collect_data_st *data)
|
|
|
|
|
{
|
|
|
|
|
/* If no keytype was specified, everything matches. */
|
|
|
|
|
if (data->keytype == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
if (!data->keytype_resolved) {
|
|
|
|
|
/* We haven't cached the IDs from the keytype string yet. */
|
|
|
|
|
OSSL_NAMEMAP *namemap = ossl_namemap_stored(data->libctx);
|
|
|
|
|
data->keytype_id = ossl_namemap_name2num(namemap, data->keytype);
|
2020-08-04 03:04:05 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
/*
|
|
|
|
|
* If keytype is a value ambiguously used for both EC and SM2,
|
|
|
|
|
* collect the ID for SM2 as well.
|
|
|
|
|
*/
|
|
|
|
|
if (data->keytype_id != 0
|
|
|
|
|
&& (strcmp(data->keytype, "id-ecPublicKey") == 0
|
|
|
|
|
|| strcmp(data->keytype, "1.2.840.10045.2.1") == 0))
|
|
|
|
|
data->sm2_id = ossl_namemap_name2num(namemap, "SM2");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If keytype_id is zero the name was not found, but we still
|
|
|
|
|
* set keytype_resolved to avoid trying all this again.
|
|
|
|
|
*/
|
|
|
|
|
data->keytype_resolved = 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Specified keytype could not be resolved, so nothing matches. */
|
|
|
|
|
if (data->keytype_id == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* Does not match the keytype specified, so skip. */
|
|
|
|
|
if (keymgmt->name_id != data->keytype_id
|
|
|
|
|
&& keymgmt->name_id != data->sm2_id)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
return 1;
|
2020-08-04 03:04:05 +08:00
|
|
|
}
|
|
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
static void collect_keymgmt(EVP_KEYMGMT *keymgmt, void *arg)
|
|
|
|
|
{
|
|
|
|
|
struct collect_data_st *data = arg;
|
|
|
|
|
|
|
|
|
|
if (!check_keymgmt(keymgmt, data))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* We have to ref EVP_KEYMGMT here because in the success case,
|
|
|
|
|
* data->keymgmts is referenced by the constructor we register in the
|
|
|
|
|
* OSSL_DECODER_CTX. The registered cleanup function
|
|
|
|
|
* (decoder_clean_pkey_construct_arg) unrefs every element of the stack and
|
|
|
|
|
* frees it.
|
|
|
|
|
*/
|
|
|
|
|
if (!EVP_KEYMGMT_up_ref(keymgmt))
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (sk_EVP_KEYMGMT_push(data->keymgmts, keymgmt) <= 0) {
|
|
|
|
|
EVP_KEYMGMT_free(keymgmt);
|
|
|
|
|
data->error_occurred = 1;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This function does the actual binding of decoders to the OSSL_DECODER_CTX. It
|
|
|
|
|
* searches for decoders matching 'keytype', which is a string like "RSA", "DH",
|
|
|
|
|
* etc. If 'keytype' is NULL, decoders for all keytypes are bound.
|
|
|
|
|
*/
|
2023-07-11 00:41:06 +08:00
|
|
|
static int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
|
|
|
|
|
const char *keytype,
|
|
|
|
|
OSSL_LIB_CTX *libctx,
|
|
|
|
|
const char *propquery)
|
2020-07-09 05:19:13 +08:00
|
|
|
{
|
2020-08-02 18:46:00 +08:00
|
|
|
int ok = 0;
|
2022-03-18 01:29:22 +08:00
|
|
|
struct decoder_pkey_data_st *process_data = NULL;
|
|
|
|
|
struct collect_data_st collect_data = { NULL };
|
|
|
|
|
STACK_OF(EVP_KEYMGMT) *keymgmts = NULL;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2021-06-09 16:58:33 +08:00
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
2022-03-18 01:29:22 +08:00
|
|
|
const char *input_type = ctx->start_input_type;
|
|
|
|
|
const char *input_structure = ctx->input_structure;
|
|
|
|
|
|
2021-06-09 16:58:33 +08:00
|
|
|
BIO_printf(trc_out,
|
|
|
|
|
"(ctx %p) Looking for decoders producing %s%s%s%s%s%s\n",
|
|
|
|
|
(void *)ctx,
|
|
|
|
|
keytype != NULL ? keytype : "",
|
|
|
|
|
keytype != NULL ? " keys" : "keys of any type",
|
|
|
|
|
input_type != NULL ? " from " : "",
|
|
|
|
|
input_type != NULL ? input_type : "",
|
|
|
|
|
input_structure != NULL ? " with " : "",
|
|
|
|
|
input_structure != NULL ? input_structure : "");
|
|
|
|
|
} OSSL_TRACE_END(DECODER);
|
|
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
/* Allocate data. */
|
2022-09-29 19:57:34 +08:00
|
|
|
if ((process_data = OPENSSL_zalloc(sizeof(*process_data))) == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
if ((propquery != NULL
|
|
|
|
|
&& (process_data->propq = OPENSSL_strdup(propquery)) == NULL))
|
2022-03-18 01:29:22 +08:00
|
|
|
goto err;
|
|
|
|
|
|
|
|
|
|
/* Allocate our list of EVP_KEYMGMTs. */
|
|
|
|
|
keymgmts = sk_EVP_KEYMGMT_new_null();
|
|
|
|
|
if (keymgmts == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
|
2020-07-09 05:19:13 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-11 00:41:06 +08:00
|
|
|
process_data->object = NULL;
|
2022-03-18 01:29:22 +08:00
|
|
|
process_data->libctx = libctx;
|
2021-06-28 11:52:42 +08:00
|
|
|
process_data->selection = ctx->selection;
|
2022-03-18 01:29:22 +08:00
|
|
|
process_data->keymgmts = keymgmts;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
/*
|
|
|
|
|
* Enumerate all keymgmts into a stack.
|
|
|
|
|
*
|
|
|
|
|
* We could nest EVP_KEYMGMT_do_all_provided inside
|
|
|
|
|
* OSSL_DECODER_do_all_provided or vice versa but these functions become
|
|
|
|
|
* bottlenecks if called repeatedly, which is why we collect the
|
|
|
|
|
* EVP_KEYMGMTs into a stack here and call both functions only once.
|
|
|
|
|
*
|
|
|
|
|
* We resolve the keytype string to a name ID so we don't have to resolve it
|
|
|
|
|
* multiple times, avoiding repeated calls to EVP_KEYMGMT_is_a, which is a
|
|
|
|
|
* performance bottleneck. However, we do this lazily on the first call to
|
|
|
|
|
* collect_keymgmt made by EVP_KEYMGMT_do_all_provided, rather than do it
|
|
|
|
|
* upfront, as this ensures that the names for all loaded providers have
|
|
|
|
|
* been registered by the time we try to resolve the keytype string.
|
|
|
|
|
*/
|
|
|
|
|
collect_data.ctx = ctx;
|
|
|
|
|
collect_data.libctx = libctx;
|
|
|
|
|
collect_data.keymgmts = keymgmts;
|
|
|
|
|
collect_data.keytype = keytype;
|
|
|
|
|
EVP_KEYMGMT_do_all_provided(libctx, collect_keymgmt, &collect_data);
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
if (collect_data.error_occurred)
|
|
|
|
|
goto err;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2022-03-18 01:29:22 +08:00
|
|
|
/* Enumerate all matching decoders. */
|
|
|
|
|
OSSL_DECODER_do_all_provided(libctx, collect_decoder, &collect_data);
|
|
|
|
|
|
|
|
|
|
if (collect_data.error_occurred)
|
|
|
|
|
goto err;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2021-06-09 16:58:33 +08:00
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
|
|
|
|
BIO_printf(trc_out,
|
2022-03-18 01:29:22 +08:00
|
|
|
"(ctx %p) Got %d decoders producing keys\n",
|
|
|
|
|
(void *)ctx, collect_data.total);
|
2021-06-09 16:58:33 +08:00
|
|
|
} OSSL_TRACE_END(DECODER);
|
|
|
|
|
|
2020-08-04 03:04:05 +08:00
|
|
|
/*
|
2022-03-18 01:29:22 +08:00
|
|
|
* Finish initializing the decoder context. If one or more decoders matched
|
|
|
|
|
* above then the number of decoders attached to the OSSL_DECODER_CTX will
|
|
|
|
|
* be nonzero. Else nothing was found and we do nothing.
|
2020-08-04 03:04:05 +08:00
|
|
|
*/
|
2020-09-14 17:35:07 +08:00
|
|
|
if (OSSL_DECODER_CTX_get_num_decoders(ctx) != 0) {
|
2021-02-11 23:57:37 +08:00
|
|
|
if (!OSSL_DECODER_CTX_set_construct(ctx, decoder_construct_pkey)
|
2020-12-11 01:33:16 +08:00
|
|
|
|| !OSSL_DECODER_CTX_set_construct_data(ctx, process_data)
|
2020-09-14 17:35:07 +08:00
|
|
|
|| !OSSL_DECODER_CTX_set_cleanup(ctx,
|
2021-02-11 23:57:37 +08:00
|
|
|
decoder_clean_pkey_construct_arg))
|
2020-09-14 17:35:07 +08:00
|
|
|
goto err;
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2020-12-11 01:33:16 +08:00
|
|
|
process_data = NULL; /* Avoid it being freed */
|
2020-09-14 17:35:07 +08:00
|
|
|
}
|
2020-07-09 05:19:13 +08:00
|
|
|
|
2020-08-02 18:46:00 +08:00
|
|
|
ok = 1;
|
2020-07-09 05:19:13 +08:00
|
|
|
err:
|
2021-02-11 23:57:37 +08:00
|
|
|
decoder_clean_pkey_construct_arg(process_data);
|
2020-08-02 18:46:00 +08:00
|
|
|
return ok;
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-11 00:41:06 +08:00
|
|
|
/* Only const here because deep_copy requires it */
|
|
|
|
|
static EVP_KEYMGMT *keymgmt_dup(const EVP_KEYMGMT *keymgmt)
|
|
|
|
|
{
|
|
|
|
|
if (!EVP_KEYMGMT_up_ref((EVP_KEYMGMT *)keymgmt))
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
return (EVP_KEYMGMT *)keymgmt;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Duplicates a template OSSL_DECODER_CTX that has been setup for an EVP_PKEY
|
|
|
|
|
* operation and sets up the duplicate for a new operation.
|
|
|
|
|
* It does not duplicate the pwdata on the assumption that this does not form
|
|
|
|
|
* part of the template. That is set up later.
|
|
|
|
|
*/
|
|
|
|
|
static OSSL_DECODER_CTX *
|
|
|
|
|
ossl_decoder_ctx_for_pkey_dup(OSSL_DECODER_CTX *src,
|
|
|
|
|
EVP_PKEY **pkey,
|
|
|
|
|
const char *input_type,
|
|
|
|
|
const char *input_structure)
|
|
|
|
|
{
|
|
|
|
|
OSSL_DECODER_CTX *dest;
|
|
|
|
|
struct decoder_pkey_data_st *process_data_src, *process_data_dest = NULL;
|
|
|
|
|
|
|
|
|
|
if (src == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
if ((dest = OSSL_DECODER_CTX_new()) == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!OSSL_DECODER_CTX_set_input_type(dest, input_type)
|
|
|
|
|
|| !OSSL_DECODER_CTX_set_input_structure(dest, input_structure)) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
dest->selection = src->selection;
|
|
|
|
|
|
|
|
|
|
if (src->decoder_insts != NULL) {
|
|
|
|
|
dest->decoder_insts
|
|
|
|
|
= sk_OSSL_DECODER_INSTANCE_deep_copy(src->decoder_insts,
|
|
|
|
|
ossl_decoder_instance_dup,
|
|
|
|
|
ossl_decoder_instance_free);
|
|
|
|
|
if (dest->decoder_insts == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!OSSL_DECODER_CTX_set_construct(dest,
|
|
|
|
|
OSSL_DECODER_CTX_get_construct(src))) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
process_data_src = OSSL_DECODER_CTX_get_construct_data(src);
|
|
|
|
|
if (process_data_src != NULL) {
|
|
|
|
|
process_data_dest = OPENSSL_zalloc(sizeof(*process_data_dest));
|
|
|
|
|
if (process_data_dest == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (process_data_src->propq != NULL) {
|
|
|
|
|
process_data_dest->propq = OPENSSL_strdup(process_data_src->propq);
|
|
|
|
|
if (process_data_dest->propq == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (process_data_src->keymgmts != NULL) {
|
|
|
|
|
process_data_dest->keymgmts
|
|
|
|
|
= sk_EVP_KEYMGMT_deep_copy(process_data_src->keymgmts,
|
|
|
|
|
keymgmt_dup,
|
|
|
|
|
EVP_KEYMGMT_free);
|
|
|
|
|
if (process_data_dest->keymgmts == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_EVP_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
process_data_dest->object = (void **)pkey;
|
|
|
|
|
process_data_dest->libctx = process_data_src->libctx;
|
|
|
|
|
process_data_dest->selection = process_data_src->selection;
|
|
|
|
|
if (!OSSL_DECODER_CTX_set_construct_data(dest, process_data_dest)) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
process_data_dest = NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!OSSL_DECODER_CTX_set_cleanup(dest,
|
|
|
|
|
OSSL_DECODER_CTX_get_cleanup(src))) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return dest;
|
|
|
|
|
err:
|
|
|
|
|
if (process_data_dest != NULL) {
|
|
|
|
|
OPENSSL_free(process_data_dest->propq);
|
|
|
|
|
sk_EVP_KEYMGMT_pop_free(process_data_dest->keymgmts, EVP_KEYMGMT_free);
|
2023-08-15 22:05:38 +08:00
|
|
|
OPENSSL_free(process_data_dest);
|
2023-07-11 00:41:06 +08:00
|
|
|
}
|
|
|
|
|
OSSL_DECODER_CTX_free(dest);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
|
char *input_type;
|
|
|
|
|
char *input_structure;
|
|
|
|
|
char *keytype;
|
|
|
|
|
int selection;
|
|
|
|
|
char *propquery;
|
|
|
|
|
OSSL_DECODER_CTX *template;
|
|
|
|
|
} DECODER_CACHE_ENTRY;
|
|
|
|
|
|
|
|
|
|
DEFINE_LHASH_OF_EX(DECODER_CACHE_ENTRY);
|
|
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
|
CRYPTO_RWLOCK *lock;
|
|
|
|
|
LHASH_OF(DECODER_CACHE_ENTRY) *hashtable;
|
|
|
|
|
} DECODER_CACHE;
|
|
|
|
|
|
|
|
|
|
static void decoder_cache_entry_free(DECODER_CACHE_ENTRY *entry)
|
|
|
|
|
{
|
|
|
|
|
if (entry == NULL)
|
|
|
|
|
return;
|
|
|
|
|
OPENSSL_free(entry->input_type);
|
|
|
|
|
OPENSSL_free(entry->input_structure);
|
|
|
|
|
OPENSSL_free(entry->keytype);
|
|
|
|
|
OPENSSL_free(entry->propquery);
|
|
|
|
|
OSSL_DECODER_CTX_free(entry->template);
|
|
|
|
|
OPENSSL_free(entry);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static unsigned long decoder_cache_entry_hash(const DECODER_CACHE_ENTRY *cache)
|
|
|
|
|
{
|
|
|
|
|
unsigned long hash = 17;
|
|
|
|
|
|
|
|
|
|
hash = (hash * 23)
|
|
|
|
|
+ (cache->propquery == NULL
|
|
|
|
|
? 0 : ossl_lh_strcasehash(cache->propquery));
|
|
|
|
|
hash = (hash * 23)
|
|
|
|
|
+ (cache->input_structure == NULL
|
|
|
|
|
? 0 : ossl_lh_strcasehash(cache->input_structure));
|
|
|
|
|
hash = (hash * 23)
|
|
|
|
|
+ (cache->input_type == NULL
|
|
|
|
|
? 0 : ossl_lh_strcasehash(cache->input_type));
|
|
|
|
|
hash = (hash * 23)
|
|
|
|
|
+ (cache->keytype == NULL
|
|
|
|
|
? 0 : ossl_lh_strcasehash(cache->keytype));
|
|
|
|
|
|
|
|
|
|
hash ^= cache->selection;
|
|
|
|
|
|
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static ossl_inline int nullstrcmp(const char *a, const char *b, int casecmp)
|
|
|
|
|
{
|
|
|
|
|
if (a == NULL || b == NULL) {
|
|
|
|
|
if (a == NULL) {
|
|
|
|
|
if (b == NULL)
|
|
|
|
|
return 0;
|
|
|
|
|
else
|
|
|
|
|
return 1;
|
|
|
|
|
} else {
|
|
|
|
|
return -1;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if (casecmp)
|
|
|
|
|
return OPENSSL_strcasecmp(a, b);
|
|
|
|
|
else
|
|
|
|
|
return strcmp(a, b);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int decoder_cache_entry_cmp(const DECODER_CACHE_ENTRY *a,
|
|
|
|
|
const DECODER_CACHE_ENTRY *b)
|
|
|
|
|
{
|
|
|
|
|
int cmp;
|
|
|
|
|
|
|
|
|
|
if (a->selection != b->selection)
|
|
|
|
|
return (a->selection < b->selection) ? -1 : 1;
|
|
|
|
|
|
|
|
|
|
cmp = nullstrcmp(a->keytype, b->keytype, 1);
|
|
|
|
|
if (cmp != 0)
|
|
|
|
|
return cmp;
|
|
|
|
|
|
|
|
|
|
cmp = nullstrcmp(a->input_type, b->input_type, 1);
|
|
|
|
|
if (cmp != 0)
|
|
|
|
|
return cmp;
|
|
|
|
|
|
|
|
|
|
cmp = nullstrcmp(a->input_structure, b->input_structure, 1);
|
|
|
|
|
if (cmp != 0)
|
|
|
|
|
return cmp;
|
|
|
|
|
|
|
|
|
|
cmp = nullstrcmp(a->propquery, b->propquery, 0);
|
|
|
|
|
|
|
|
|
|
return cmp;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void *ossl_decoder_cache_new(OSSL_LIB_CTX *ctx)
|
|
|
|
|
{
|
|
|
|
|
DECODER_CACHE *cache = OPENSSL_malloc(sizeof(*cache));
|
|
|
|
|
|
|
|
|
|
if (cache == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
cache->lock = CRYPTO_THREAD_lock_new();
|
|
|
|
|
if (cache->lock == NULL) {
|
|
|
|
|
OPENSSL_free(cache);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
cache->hashtable = lh_DECODER_CACHE_ENTRY_new(decoder_cache_entry_hash,
|
|
|
|
|
decoder_cache_entry_cmp);
|
|
|
|
|
if (cache->hashtable == NULL) {
|
|
|
|
|
CRYPTO_THREAD_lock_free(cache->lock);
|
|
|
|
|
OPENSSL_free(cache);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cache;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void ossl_decoder_cache_free(void *vcache)
|
|
|
|
|
{
|
|
|
|
|
DECODER_CACHE *cache = (DECODER_CACHE *)vcache;
|
|
|
|
|
|
|
|
|
|
lh_DECODER_CACHE_ENTRY_doall(cache->hashtable, decoder_cache_entry_free);
|
|
|
|
|
lh_DECODER_CACHE_ENTRY_free(cache->hashtable);
|
|
|
|
|
CRYPTO_THREAD_lock_free(cache->lock);
|
|
|
|
|
OPENSSL_free(cache);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Called whenever a provider gets activated/deactivated. In that case the
|
|
|
|
|
* decoders that are available might change so we flush our cache.
|
|
|
|
|
*/
|
|
|
|
|
int ossl_decoder_cache_flush(OSSL_LIB_CTX *libctx)
|
|
|
|
|
{
|
|
|
|
|
DECODER_CACHE *cache
|
|
|
|
|
= ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DECODER_CACHE_INDEX);
|
|
|
|
|
|
|
|
|
|
if (cache == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!CRYPTO_THREAD_write_lock(cache->lock)) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
lh_DECODER_CACHE_ENTRY_doall(cache->hashtable, decoder_cache_entry_free);
|
|
|
|
|
lh_DECODER_CACHE_ENTRY_flush(cache->hashtable);
|
|
|
|
|
|
|
|
|
|
CRYPTO_THREAD_unlock(cache->lock);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-02 20:21:51 +08:00
|
|
|
OSSL_DECODER_CTX *
|
2021-02-11 23:57:37 +08:00
|
|
|
OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
|
|
|
|
|
const char *input_type,
|
|
|
|
|
const char *input_structure,
|
|
|
|
|
const char *keytype, int selection,
|
|
|
|
|
OSSL_LIB_CTX *libctx, const char *propquery)
|
2020-08-02 18:46:00 +08:00
|
|
|
{
|
|
|
|
|
OSSL_DECODER_CTX *ctx = NULL;
|
2023-06-16 14:40:06 +08:00
|
|
|
OSSL_PARAM decoder_params[] = {
|
|
|
|
|
OSSL_PARAM_END,
|
|
|
|
|
OSSL_PARAM_END
|
|
|
|
|
};
|
2023-07-11 00:41:06 +08:00
|
|
|
DECODER_CACHE *cache
|
|
|
|
|
= ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DECODER_CACHE_INDEX);
|
|
|
|
|
DECODER_CACHE_ENTRY cacheent, *res, *newcache = NULL;
|
2020-08-02 18:46:00 +08:00
|
|
|
|
2023-07-11 00:41:06 +08:00
|
|
|
if (cache == NULL) {
|
2022-09-29 19:57:34 +08:00
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
2020-08-02 18:46:00 +08:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2023-06-16 14:40:06 +08:00
|
|
|
if (propquery != NULL)
|
|
|
|
|
decoder_params[0] = OSSL_PARAM_construct_utf8_string(OSSL_DECODER_PARAM_PROPERTIES,
|
|
|
|
|
(char *)propquery, 0);
|
2020-10-28 17:13:24 +08:00
|
|
|
|
2023-07-11 00:41:06 +08:00
|
|
|
/* It is safe to cast away the const here */
|
|
|
|
|
cacheent.input_type = (char *)input_type;
|
|
|
|
|
cacheent.input_structure = (char *)input_structure;
|
|
|
|
|
cacheent.keytype = (char *)keytype;
|
|
|
|
|
cacheent.selection = selection;
|
|
|
|
|
cacheent.propquery = (char *)propquery;
|
|
|
|
|
|
|
|
|
|
if (!CRYPTO_THREAD_read_lock(cache->lock)) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* First see if we have a template OSSL_DECODER_CTX */
|
|
|
|
|
res = lh_DECODER_CACHE_ENTRY_retrieve(cache->hashtable, &cacheent);
|
|
|
|
|
|
|
|
|
|
if (res == NULL) {
|
|
|
|
|
/*
|
|
|
|
|
* There is no template so we will have to construct one. This will be
|
|
|
|
|
* time consuming so release the lock and we will later upgrade it to a
|
|
|
|
|
* write lock.
|
|
|
|
|
*/
|
|
|
|
|
CRYPTO_THREAD_unlock(cache->lock);
|
|
|
|
|
|
|
|
|
|
if ((ctx = OSSL_DECODER_CTX_new()) == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
2020-10-28 17:13:24 +08:00
|
|
|
|
|
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
2023-07-11 00:41:06 +08:00
|
|
|
BIO_printf(trc_out,
|
|
|
|
|
"(ctx %p) Looking for %s decoders with selection %d\n",
|
|
|
|
|
(void *)ctx, keytype, selection);
|
|
|
|
|
BIO_printf(trc_out, " input type: %s, input structure: %s\n",
|
|
|
|
|
input_type, input_structure);
|
2020-10-28 17:13:24 +08:00
|
|
|
} OSSL_TRACE_END(DECODER);
|
2023-07-11 00:41:06 +08:00
|
|
|
|
|
|
|
|
if (OSSL_DECODER_CTX_set_input_type(ctx, input_type)
|
|
|
|
|
&& OSSL_DECODER_CTX_set_input_structure(ctx, input_structure)
|
|
|
|
|
&& OSSL_DECODER_CTX_set_selection(ctx, selection)
|
|
|
|
|
&& ossl_decoder_ctx_setup_for_pkey(ctx, keytype, libctx, propquery)
|
2023-06-16 14:40:06 +08:00
|
|
|
&& OSSL_DECODER_CTX_add_extra(ctx, libctx, propquery)
|
|
|
|
|
&& (propquery == NULL
|
|
|
|
|
|| OSSL_DECODER_CTX_set_params(ctx, decoder_params))) {
|
2023-07-11 00:41:06 +08:00
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
|
|
|
|
BIO_printf(trc_out, "(ctx %p) Got %d decoders\n",
|
|
|
|
|
(void *)ctx, OSSL_DECODER_CTX_get_num_decoders(ctx));
|
|
|
|
|
} OSSL_TRACE_END(DECODER);
|
|
|
|
|
} else {
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_OSSL_DECODER_LIB);
|
|
|
|
|
OSSL_DECODER_CTX_free(ctx);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
newcache = OPENSSL_zalloc(sizeof(*newcache));
|
|
|
|
|
if (newcache == NULL) {
|
|
|
|
|
OSSL_DECODER_CTX_free(ctx);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (input_type != NULL) {
|
|
|
|
|
newcache->input_type = OPENSSL_strdup(input_type);
|
|
|
|
|
if (newcache->input_type == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (input_structure != NULL) {
|
|
|
|
|
newcache->input_structure = OPENSSL_strdup(input_structure);
|
|
|
|
|
if (newcache->input_structure == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (keytype != NULL) {
|
|
|
|
|
newcache->keytype = OPENSSL_strdup(keytype);
|
|
|
|
|
if (newcache->keytype == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
if (propquery != NULL) {
|
|
|
|
|
newcache->propquery = OPENSSL_strdup(propquery);
|
|
|
|
|
if (newcache->propquery == NULL)
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
newcache->selection = selection;
|
|
|
|
|
newcache->template = ctx;
|
|
|
|
|
|
|
|
|
|
if (!CRYPTO_THREAD_write_lock(cache->lock)) {
|
2023-08-11 18:22:02 +08:00
|
|
|
ctx = NULL;
|
2023-07-11 00:41:06 +08:00
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
|
2023-08-11 18:22:02 +08:00
|
|
|
goto err;
|
2023-07-11 00:41:06 +08:00
|
|
|
}
|
|
|
|
|
res = lh_DECODER_CACHE_ENTRY_retrieve(cache->hashtable, &cacheent);
|
|
|
|
|
if (res == NULL) {
|
2023-08-11 18:22:02 +08:00
|
|
|
(void)lh_DECODER_CACHE_ENTRY_insert(cache->hashtable, newcache);
|
|
|
|
|
if (lh_DECODER_CACHE_ENTRY_error(cache->hashtable)) {
|
|
|
|
|
ctx = NULL;
|
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_CRYPTO_LIB);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2023-07-11 00:41:06 +08:00
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* We raced with another thread to construct this and lost. Free
|
|
|
|
|
* what we just created and use the entry from the hashtable instead
|
|
|
|
|
*/
|
|
|
|
|
decoder_cache_entry_free(newcache);
|
|
|
|
|
ctx = res->template;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
ctx = res->template;
|
2020-10-28 17:13:24 +08:00
|
|
|
}
|
2020-08-02 18:46:00 +08:00
|
|
|
|
2023-07-11 00:41:06 +08:00
|
|
|
ctx = ossl_decoder_ctx_for_pkey_dup(ctx, pkey, input_type, input_structure);
|
|
|
|
|
CRYPTO_THREAD_unlock(cache->lock);
|
|
|
|
|
|
|
|
|
|
return ctx;
|
|
|
|
|
err:
|
|
|
|
|
decoder_cache_entry_free(newcache);
|
2020-08-02 18:46:00 +08:00
|
|
|
OSSL_DECODER_CTX_free(ctx);
|
|
|
|
|
return NULL;
|
2020-07-09 05:19:13 +08:00
|
|
|
}
|
