2019-08-21 16:54:35 +08:00
|
|
|
/*
|
|
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
#include <openssl/err.h>
|
|
|
|
#include <openssl/core.h>
|
|
|
|
#include <openssl/core_numbers.h>
|
|
|
|
#include <openssl/kdf.h>
|
2019-09-28 06:45:33 +08:00
|
|
|
#include "crypto/evp.h"
|
2019-08-21 16:54:35 +08:00
|
|
|
#include "internal/provider.h"
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "evp_local.h"
|
2019-08-21 16:54:35 +08:00
|
|
|
|
|
|
|
static int evp_kdf_up_ref(void *vkdf)
|
|
|
|
{
|
|
|
|
EVP_KDF *kdf = (EVP_KDF *)vkdf;
|
|
|
|
int ref = 0;
|
|
|
|
|
|
|
|
CRYPTO_UP_REF(&kdf->refcnt, &ref, kdf->lock);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void evp_kdf_free(void *vkdf){
|
|
|
|
EVP_KDF *kdf = (EVP_KDF *)vkdf;
|
|
|
|
int ref = 0;
|
|
|
|
|
|
|
|
if (kdf != NULL) {
|
|
|
|
CRYPTO_DOWN_REF(&kdf->refcnt, &ref, kdf->lock);
|
|
|
|
if (ref <= 0) {
|
|
|
|
ossl_provider_free(kdf->prov);
|
|
|
|
CRYPTO_THREAD_lock_free(kdf->lock);
|
|
|
|
OPENSSL_free(kdf);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void *evp_kdf_new(void)
|
|
|
|
{
|
|
|
|
EVP_KDF *kdf = NULL;
|
|
|
|
|
|
|
|
if ((kdf = OPENSSL_zalloc(sizeof(*kdf))) == NULL
|
|
|
|
|| (kdf->lock = CRYPTO_THREAD_lock_new()) == NULL) {
|
|
|
|
OPENSSL_free(kdf);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
kdf->refcnt = 1;
|
|
|
|
return kdf;
|
|
|
|
}
|
|
|
|
|
In provider implemented methods, save the name number, not the name string
Multiple names per implementation is already supported in the namemap,
but hasn't been used yet. However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.
The solution is to not save the name itself, but rather the number
it's associated with. This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.
Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method(). As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.
There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-14 22:22:19 +08:00
|
|
|
static void *evp_kdf_from_dispatch(int name_id,
|
|
|
|
const OSSL_DISPATCH *fns,
|
|
|
|
OSSL_PROVIDER *prov,
|
|
|
|
void *method_data)
|
2019-08-21 16:54:35 +08:00
|
|
|
{
|
|
|
|
EVP_KDF *kdf = NULL;
|
|
|
|
int fnkdfcnt = 0, fnctxcnt = 0;
|
|
|
|
|
In provider implemented methods, save the name number, not the name string
Multiple names per implementation is already supported in the namemap,
but hasn't been used yet. However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.
The solution is to not save the name itself, but rather the number
it's associated with. This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.
Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method(). As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.
There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-14 22:22:19 +08:00
|
|
|
if ((kdf = evp_kdf_new()) == NULL) {
|
2019-08-21 16:54:35 +08:00
|
|
|
EVPerr(0, ERR_R_MALLOC_FAILURE);
|
|
|
|
return NULL;
|
|
|
|
}
|
In provider implemented methods, save the name number, not the name string
Multiple names per implementation is already supported in the namemap,
but hasn't been used yet. However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.
The solution is to not save the name itself, but rather the number
it's associated with. This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.
Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method(). As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.
There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-14 22:22:19 +08:00
|
|
|
kdf->name_id = name_id;
|
2019-08-21 16:54:35 +08:00
|
|
|
|
|
|
|
for (; fns->function_id != 0; fns++) {
|
|
|
|
switch (fns->function_id) {
|
|
|
|
case OSSL_FUNC_KDF_NEWCTX:
|
|
|
|
if (kdf->newctx != NULL)
|
|
|
|
break;
|
|
|
|
kdf->newctx = OSSL_get_OP_kdf_newctx(fns);
|
|
|
|
fnctxcnt++;
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_DUPCTX:
|
|
|
|
if (kdf->dupctx != NULL)
|
|
|
|
break;
|
|
|
|
kdf->dupctx = OSSL_get_OP_kdf_dupctx(fns);
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_FREECTX:
|
|
|
|
if (kdf->freectx != NULL)
|
|
|
|
break;
|
|
|
|
kdf->freectx = OSSL_get_OP_kdf_freectx(fns);
|
|
|
|
fnctxcnt++;
|
|
|
|
break;
|
2019-08-30 20:32:33 +08:00
|
|
|
case OSSL_FUNC_KDF_RESET:
|
|
|
|
if (kdf->reset != NULL)
|
|
|
|
break;
|
|
|
|
kdf->reset = OSSL_get_OP_kdf_reset(fns);
|
|
|
|
break;
|
2019-08-21 16:54:35 +08:00
|
|
|
case OSSL_FUNC_KDF_DERIVE:
|
|
|
|
if (kdf->derive != NULL)
|
|
|
|
break;
|
|
|
|
kdf->derive = OSSL_get_OP_kdf_derive(fns);
|
|
|
|
fnkdfcnt++;
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_GETTABLE_PARAMS:
|
|
|
|
if (kdf->gettable_params != NULL)
|
|
|
|
break;
|
|
|
|
kdf->gettable_params =
|
|
|
|
OSSL_get_OP_kdf_gettable_params(fns);
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS:
|
|
|
|
if (kdf->gettable_ctx_params != NULL)
|
|
|
|
break;
|
|
|
|
kdf->gettable_ctx_params =
|
|
|
|
OSSL_get_OP_kdf_gettable_ctx_params(fns);
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS:
|
|
|
|
if (kdf->settable_ctx_params != NULL)
|
|
|
|
break;
|
|
|
|
kdf->settable_ctx_params =
|
|
|
|
OSSL_get_OP_kdf_settable_ctx_params(fns);
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_GET_PARAMS:
|
|
|
|
if (kdf->get_params != NULL)
|
|
|
|
break;
|
|
|
|
kdf->get_params = OSSL_get_OP_kdf_get_params(fns);
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_GET_CTX_PARAMS:
|
|
|
|
if (kdf->get_ctx_params != NULL)
|
|
|
|
break;
|
|
|
|
kdf->get_ctx_params = OSSL_get_OP_kdf_get_ctx_params(fns);
|
|
|
|
break;
|
|
|
|
case OSSL_FUNC_KDF_SET_CTX_PARAMS:
|
|
|
|
if (kdf->set_ctx_params != NULL)
|
|
|
|
break;
|
|
|
|
kdf->set_ctx_params = OSSL_get_OP_kdf_set_ctx_params(fns);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (fnkdfcnt != 1 || fnctxcnt != 2) {
|
|
|
|
/*
|
|
|
|
* In order to be a consistent set of functions we must have at least
|
|
|
|
* a derive function, and a complete set of context management
|
|
|
|
* functions.
|
|
|
|
*/
|
|
|
|
evp_kdf_free(kdf);
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
kdf->prov = prov;
|
|
|
|
if (prov != NULL)
|
|
|
|
ossl_provider_up_ref(prov);
|
|
|
|
|
|
|
|
return kdf;
|
|
|
|
}
|
|
|
|
|
|
|
|
EVP_KDF *EVP_KDF_fetch(OPENSSL_CTX *libctx, const char *algorithm,
|
|
|
|
const char *properties)
|
|
|
|
{
|
|
|
|
return evp_generic_fetch(libctx, OSSL_OP_KDF, algorithm, properties,
|
|
|
|
evp_kdf_from_dispatch, NULL, evp_kdf_up_ref,
|
|
|
|
evp_kdf_free);
|
|
|
|
}
|
|
|
|
|
|
|
|
int EVP_KDF_up_ref(EVP_KDF *kdf)
|
|
|
|
{
|
|
|
|
return evp_kdf_up_ref(kdf);
|
|
|
|
}
|
|
|
|
|
|
|
|
void EVP_KDF_free(EVP_KDF *kdf)
|
|
|
|
{
|
|
|
|
evp_kdf_free(kdf);
|
|
|
|
}
|
|
|
|
|
|
|
|
const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf)
|
|
|
|
{
|
|
|
|
if (kdf->gettable_params == NULL)
|
|
|
|
return NULL;
|
|
|
|
return kdf->gettable_params();
|
|
|
|
}
|
|
|
|
|
|
|
|
const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf)
|
|
|
|
{
|
|
|
|
if (kdf->gettable_ctx_params == NULL)
|
|
|
|
return NULL;
|
|
|
|
return kdf->gettable_ctx_params();
|
|
|
|
}
|
|
|
|
|
|
|
|
const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf)
|
|
|
|
{
|
|
|
|
if (kdf->settable_ctx_params == NULL)
|
|
|
|
return NULL;
|
|
|
|
return kdf->settable_ctx_params();
|
|
|
|
}
|
|
|
|
|
|
|
|
void EVP_KDF_do_all_ex(OPENSSL_CTX *libctx,
|
|
|
|
void (*fn)(EVP_KDF *kdf, void *arg),
|
|
|
|
void *arg)
|
|
|
|
{
|
|
|
|
evp_generic_do_all(libctx, OSSL_OP_KDF,
|
|
|
|
(void (*)(void *, void *))fn, arg,
|
|
|
|
evp_kdf_from_dispatch, NULL, evp_kdf_free);
|
|
|
|
}
|