2015-01-22 11:40:55 +08:00
|
|
|
/*
|
2021-03-11 21:27:36 +08:00
|
|
|
* Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
|
2006-04-08 00:42:09 +08:00
|
|
|
*
|
2018-12-06 20:40:06 +08:00
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
2016-05-18 03:38:09 +08:00
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
|
* https://www.openssl.org/source/license.html
|
2006-04-08 00:42:09 +08:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <stdio.h>
|
|
|
|
|
#include <stdlib.h>
|
2006-04-17 20:08:22 +08:00
|
|
|
#include <openssl/objects.h>
|
2006-04-08 00:42:09 +08:00
|
|
|
#include <openssl/evp.h>
|
2019-06-27 17:48:17 +08:00
|
|
|
#include "internal/cryptlib.h"
|
2019-08-30 20:33:10 +08:00
|
|
|
#include "internal/provider.h"
|
2021-04-16 22:22:03 +08:00
|
|
|
#include "internal/core.h"
|
|
|
|
|
#include "crypto/evp.h"
|
2019-09-28 06:45:40 +08:00
|
|
|
#include "evp_local.h"
|
2006-04-16 02:50:56 +08:00
|
|
|
|
2021-03-02 18:20:25 +08:00
|
|
|
static int evp_pkey_asym_cipher_init(EVP_PKEY_CTX *ctx, int operation,
|
|
|
|
|
const OSSL_PARAM params[])
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2019-10-01 16:40:57 +08:00
|
|
|
int ret = 0;
|
|
|
|
|
void *provkey = NULL;
|
|
|
|
|
EVP_ASYM_CIPHER *cipher = NULL;
|
2020-01-14 21:11:47 +08:00
|
|
|
EVP_KEYMGMT *tmp_keymgmt = NULL;
|
2021-10-01 20:05:02 +08:00
|
|
|
const OSSL_PROVIDER *tmp_prov = NULL;
|
2020-01-14 21:11:47 +08:00
|
|
|
const char *supported_ciph = NULL;
|
2021-10-01 20:05:02 +08:00
|
|
|
int iter;
|
2019-10-01 16:40:57 +08:00
|
|
|
|
|
|
|
|
if (ctx == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2015-01-22 11:40:55 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
2019-10-01 16:40:57 +08:00
|
|
|
|
|
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
|
|
|
|
ctx->operation = operation;
|
|
|
|
|
|
2020-01-11 00:50:03 +08:00
|
|
|
ERR_set_mark();
|
|
|
|
|
|
2020-09-30 23:22:27 +08:00
|
|
|
if (evp_pkey_ctx_is_legacy(ctx))
|
2019-10-01 16:40:57 +08:00
|
|
|
goto legacy;
|
|
|
|
|
|
2021-10-01 21:02:15 +08:00
|
|
|
if (ctx->pkey == NULL) {
|
|
|
|
|
ERR_clear_last_mark();
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_NO_KEY_SET);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-21 03:26:16 +08:00
|
|
|
/*
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
* Try to derive the supported asym cipher from |ctx->keymgmt|.
|
2020-02-21 03:26:16 +08:00
|
|
|
*/
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
if (!ossl_assert(ctx->pkey->keymgmt == NULL
|
|
|
|
|
|| ctx->pkey->keymgmt == ctx->keymgmt)) {
|
|
|
|
|
ERR_clear_last_mark();
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
supported_ciph
|
|
|
|
|
= evp_keymgmt_util_query_operation_name(ctx->keymgmt,
|
|
|
|
|
OSSL_OP_ASYM_CIPHER);
|
|
|
|
|
if (supported_ciph == NULL) {
|
2020-01-11 00:50:03 +08:00
|
|
|
ERR_clear_last_mark();
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2019-12-18 20:24:27 +08:00
|
|
|
|
2020-01-14 21:11:47 +08:00
|
|
|
/*
|
2021-10-01 20:05:02 +08:00
|
|
|
* We perform two iterations:
|
|
|
|
|
*
|
|
|
|
|
* 1. Do the normal asym cipher fetch, using the fetching data given by
|
|
|
|
|
* the EVP_PKEY_CTX.
|
|
|
|
|
* 2. Do the provider specific asym cipher fetch, from the same provider
|
|
|
|
|
* as |ctx->keymgmt|
|
|
|
|
|
*
|
|
|
|
|
* We then try to fetch the keymgmt from the same provider as the
|
|
|
|
|
* asym cipher, and try to export |ctx->pkey| to that keymgmt (when
|
|
|
|
|
* this keymgmt happens to be the same as |ctx->keymgmt|, the export
|
|
|
|
|
* is a no-op, but we call it anyway to not complicate the code even
|
|
|
|
|
* more).
|
|
|
|
|
* If the export call succeeds (returns a non-NULL provider key pointer),
|
|
|
|
|
* we're done and can perform the operation itself. If not, we perform
|
|
|
|
|
* the second iteration, or jump to legacy.
|
2020-01-14 21:11:47 +08:00
|
|
|
*/
|
2021-10-01 20:05:02 +08:00
|
|
|
for (iter = 1, provkey = NULL; iter < 3 && provkey == NULL; iter++) {
|
|
|
|
|
EVP_KEYMGMT *tmp_keymgmt_tofree;
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
|
2021-10-01 20:05:02 +08:00
|
|
|
/*
|
|
|
|
|
* If we're on the second iteration, free the results from the first.
|
|
|
|
|
* They are NULL on the first iteration, so no need to check what
|
|
|
|
|
* iteration we're on.
|
|
|
|
|
*/
|
|
|
|
|
EVP_ASYM_CIPHER_free(cipher);
|
|
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
2019-10-01 16:40:57 +08:00
|
|
|
|
2021-10-01 20:05:02 +08:00
|
|
|
switch (iter) {
|
|
|
|
|
case 1:
|
|
|
|
|
cipher = EVP_ASYM_CIPHER_fetch(ctx->libctx, supported_ciph,
|
|
|
|
|
ctx->propquery);
|
|
|
|
|
if (cipher != NULL)
|
|
|
|
|
tmp_prov = EVP_ASYM_CIPHER_get0_provider(cipher);
|
|
|
|
|
break;
|
|
|
|
|
case 2:
|
|
|
|
|
tmp_prov = EVP_KEYMGMT_get0_provider(ctx->keymgmt);
|
|
|
|
|
cipher =
|
|
|
|
|
evp_asym_cipher_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
|
|
|
supported_ciph, ctx->propquery);
|
|
|
|
|
if (cipher == NULL)
|
|
|
|
|
goto legacy;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
if (cipher == NULL)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Ensure that the key is provided, either natively, or as a cached
|
|
|
|
|
* export. We start by fetching the keymgmt with the same name as
|
|
|
|
|
* |ctx->pkey|, but from the provider of the asym cipher method, using
|
|
|
|
|
* the same property query as when fetching the asym cipher method.
|
|
|
|
|
* With the keymgmt we found (if we did), we try to export |ctx->pkey|
|
|
|
|
|
* to it (evp_pkey_export_to_provider() is smart enough to only actually
|
|
|
|
|
* export it if |tmp_keymgmt| is different from |ctx->pkey|'s keymgmt)
|
|
|
|
|
*/
|
|
|
|
|
tmp_keymgmt_tofree = tmp_keymgmt
|
|
|
|
|
= evp_keymgmt_fetch_from_prov((OSSL_PROVIDER *)tmp_prov,
|
|
|
|
|
EVP_KEYMGMT_get0_name(ctx->keymgmt),
|
|
|
|
|
ctx->propquery);
|
|
|
|
|
if (tmp_keymgmt != NULL)
|
|
|
|
|
provkey = evp_pkey_export_to_provider(ctx->pkey, ctx->libctx,
|
|
|
|
|
&tmp_keymgmt, ctx->propquery);
|
|
|
|
|
if (tmp_keymgmt == NULL)
|
|
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt_tofree);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (provkey == NULL) {
|
|
|
|
|
EVP_ASYM_CIPHER_free(cipher);
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
goto legacy;
|
2021-10-01 20:05:02 +08:00
|
|
|
}
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
|
2020-01-11 00:50:03 +08:00
|
|
|
ERR_pop_to_mark();
|
|
|
|
|
|
|
|
|
|
/* No more legacy from here down to legacy: */
|
|
|
|
|
|
2019-10-01 16:40:57 +08:00
|
|
|
ctx->op.ciph.cipher = cipher;
|
2021-05-14 11:08:42 +08:00
|
|
|
ctx->op.ciph.algctx = cipher->newctx(ossl_provider_ctx(cipher->prov));
|
|
|
|
|
if (ctx->op.ciph.algctx == NULL) {
|
2019-10-01 16:40:57 +08:00
|
|
|
/* The provider key can stay in the cache */
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
2019-10-01 16:40:57 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch (operation) {
|
|
|
|
|
case EVP_PKEY_OP_ENCRYPT:
|
|
|
|
|
if (cipher->encrypt_init == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2019-10-01 16:40:57 +08:00
|
|
|
ret = -2;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = cipher->encrypt_init(ctx->op.ciph.algctx, provkey, params);
|
2019-10-01 16:40:57 +08:00
|
|
|
break;
|
|
|
|
|
case EVP_PKEY_OP_DECRYPT:
|
|
|
|
|
if (cipher->decrypt_init == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2019-10-01 16:40:57 +08:00
|
|
|
ret = -2;
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = cipher->decrypt_init(ctx->op.ciph.algctx, provkey, params);
|
2019-10-01 16:40:57 +08:00
|
|
|
break;
|
|
|
|
|
default:
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
2019-10-01 16:40:57 +08:00
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-07 02:48:25 +08:00
|
|
|
if (ret <= 0)
|
2019-10-01 16:40:57 +08:00
|
|
|
goto err;
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
2019-10-01 16:40:57 +08:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
|
|
legacy:
|
2020-01-11 00:50:03 +08:00
|
|
|
/*
|
|
|
|
|
* If we don't have the full support we need with provided methods,
|
|
|
|
|
* let's go see if legacy does.
|
|
|
|
|
*/
|
|
|
|
|
ERR_pop_to_mark();
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
|
|
|
|
tmp_keymgmt = NULL;
|
2020-01-11 00:50:03 +08:00
|
|
|
|
2019-10-01 16:40:57 +08:00
|
|
|
if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2019-10-01 16:40:57 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
2021-10-26 15:16:18 +08:00
|
|
|
switch (ctx->operation) {
|
2019-10-01 16:40:57 +08:00
|
|
|
case EVP_PKEY_OP_ENCRYPT:
|
|
|
|
|
if (ctx->pmeth->encrypt_init == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
ret = ctx->pmeth->encrypt_init(ctx);
|
|
|
|
|
break;
|
|
|
|
|
case EVP_PKEY_OP_DECRYPT:
|
|
|
|
|
if (ctx->pmeth->decrypt_init == NULL)
|
|
|
|
|
return 1;
|
|
|
|
|
ret = ctx->pmeth->decrypt_init(ctx);
|
|
|
|
|
break;
|
|
|
|
|
default:
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
2019-10-01 16:40:57 +08:00
|
|
|
ret = -1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err:
|
2020-05-07 02:48:25 +08:00
|
|
|
if (ret <= 0) {
|
|
|
|
|
evp_pkey_ctx_free_old_ops(ctx);
|
2015-01-22 11:40:55 +08:00
|
|
|
ctx->operation = EVP_PKEY_OP_UNDEFINED;
|
2020-05-07 02:48:25 +08:00
|
|
|
}
|
EVP: Reverse the fetch logic in all pkey using functionality
In all initializing functions for functionality that use an EVP_PKEY, the
coded logic was to find an KEYMGMT implementation first, and then try to
find the operation method (for example, SIGNATURE implementation) in the
same provider.
This implies that in providers where there is a KEYMGMT implementation,
there must also be a SIGNATURE implementation, along with a KEYEXCH,
ASYM_CIPHER, etc implementation.
The intended design was, however, the opposite implication, i.e. that
where there is a SIGNATURE implementation, there must also be KEYMGMT.
This change reverses the logic of the code to be closer to the intended
design.
There is a consequence; we now use the query_operation_name function from
the KEYMGMT of the EVP_PKEY given by the EVP_PKEY_CTX (ultimately given by
the application). Previously, we used the query_operation_name function
from the KEYMGMT found alongside the SIGNATURE implementation.
Another minor consequence is that the |keymgmt| field in EVP_PKEY_CTX
is now always a reference to the KEYMGMT of the |pkey| field if that
one is given (|pkey| isn't NULL) and is provided (|pkey->keymgmt|
isn't NULL).
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-01 14:57:03 +08:00
|
|
|
EVP_KEYMGMT_free(tmp_keymgmt);
|
2015-01-22 11:40:55 +08:00
|
|
|
return ret;
|
|
|
|
|
}
|
2006-04-08 00:42:09 +08:00
|
|
|
|
2019-10-01 16:40:57 +08:00
|
|
|
int EVP_PKEY_encrypt_init(EVP_PKEY_CTX *ctx)
|
|
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_PKEY_encrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
|
|
|
|
|
{
|
|
|
|
|
return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_ENCRYPT, params);
|
2019-10-01 16:40:57 +08:00
|
|
|
}
|
|
|
|
|
|
2006-04-08 00:42:09 +08:00
|
|
|
int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
|
2015-01-22 11:40:55 +08:00
|
|
|
unsigned char *out, size_t *outlen,
|
|
|
|
|
const unsigned char *in, size_t inlen)
|
|
|
|
|
{
|
2019-10-01 16:40:57 +08:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if (ctx == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2015-01-22 11:40:55 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
2019-10-01 16:40:57 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (ctx->operation != EVP_PKEY_OP_ENCRYPT) {
|
2021-03-05 00:01:50 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
|
2015-01-22 11:40:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2019-10-01 16:40:57 +08:00
|
|
|
|
2021-05-14 11:08:42 +08:00
|
|
|
if (ctx->op.ciph.algctx == NULL)
|
2019-10-01 16:40:57 +08:00
|
|
|
goto legacy;
|
|
|
|
|
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = ctx->op.ciph.cipher->encrypt(ctx->op.ciph.algctx, out, outlen,
|
2019-10-01 16:40:57 +08:00
|
|
|
(out == NULL ? 0 : *outlen), in, inlen);
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
legacy:
|
|
|
|
|
if (ctx->pmeth == NULL || ctx->pmeth->encrypt == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2019-10-01 16:40:57 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_ENCRYPT)
|
|
|
|
|
return ctx->pmeth->encrypt(ctx, out, outlen, in, inlen);
|
|
|
|
|
}
|
2006-04-08 00:42:09 +08:00
|
|
|
|
2006-04-08 01:28:56 +08:00
|
|
|
int EVP_PKEY_decrypt_init(EVP_PKEY_CTX *ctx)
|
2015-01-22 11:40:55 +08:00
|
|
|
{
|
2021-03-02 18:20:25 +08:00
|
|
|
return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT, NULL);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_PKEY_decrypt_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[])
|
|
|
|
|
{
|
|
|
|
|
return evp_pkey_asym_cipher_init(ctx, EVP_PKEY_OP_DECRYPT, params);
|
2015-01-22 11:40:55 +08:00
|
|
|
}
|
2006-04-08 00:42:09 +08:00
|
|
|
|
|
|
|
|
int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
|
2015-01-22 11:40:55 +08:00
|
|
|
unsigned char *out, size_t *outlen,
|
|
|
|
|
const unsigned char *in, size_t inlen)
|
|
|
|
|
{
|
2019-10-01 16:40:57 +08:00
|
|
|
int ret;
|
|
|
|
|
|
|
|
|
|
if (ctx == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2015-01-22 11:40:55 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
2019-10-01 16:40:57 +08:00
|
|
|
|
2015-01-22 11:40:55 +08:00
|
|
|
if (ctx->operation != EVP_PKEY_OP_DECRYPT) {
|
2021-03-05 00:01:50 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_INITIALIZED);
|
2015-01-22 11:40:55 +08:00
|
|
|
return -1;
|
|
|
|
|
}
|
2019-10-01 16:40:57 +08:00
|
|
|
|
2021-05-14 11:08:42 +08:00
|
|
|
if (ctx->op.ciph.algctx == NULL)
|
2019-10-01 16:40:57 +08:00
|
|
|
goto legacy;
|
|
|
|
|
|
2021-05-14 11:08:42 +08:00
|
|
|
ret = ctx->op.ciph.cipher->decrypt(ctx->op.ciph.algctx, out, outlen,
|
2019-10-01 16:40:57 +08:00
|
|
|
(out == NULL ? 0 : *outlen), in, inlen);
|
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
|
|
legacy:
|
|
|
|
|
if (ctx->pmeth == NULL || ctx->pmeth->decrypt == NULL) {
|
2020-11-04 19:23:19 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
|
2019-10-01 16:40:57 +08:00
|
|
|
return -2;
|
|
|
|
|
}
|
2015-01-22 11:40:55 +08:00
|
|
|
M_check_autoarg(ctx, out, outlen, EVP_F_EVP_PKEY_DECRYPT)
|
|
|
|
|
return ctx->pmeth->decrypt(ctx, out, outlen, in, inlen);
|
|
|
|
|
}
|
2019-10-01 16:40:57 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
static EVP_ASYM_CIPHER *evp_asym_cipher_new(OSSL_PROVIDER *prov)
|
|
|
|
|
{
|
|
|
|
|
EVP_ASYM_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_ASYM_CIPHER));
|
|
|
|
|
|
2019-11-27 01:14:08 +08:00
|
|
|
if (cipher == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-01 16:40:57 +08:00
|
|
|
cipher->lock = CRYPTO_THREAD_lock_new();
|
|
|
|
|
if (cipher->lock == NULL) {
|
2019-11-27 01:14:08 +08:00
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
2019-10-01 16:40:57 +08:00
|
|
|
OPENSSL_free(cipher);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
cipher->prov = prov;
|
|
|
|
|
ossl_provider_up_ref(prov);
|
|
|
|
|
cipher->refcnt = 1;
|
|
|
|
|
|
|
|
|
|
return cipher;
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-16 21:14:43 +08:00
|
|
|
static void *evp_asym_cipher_from_algorithm(int name_id,
|
|
|
|
|
const OSSL_ALGORITHM *algodef,
|
|
|
|
|
OSSL_PROVIDER *prov)
|
2019-10-01 16:40:57 +08:00
|
|
|
{
|
2021-03-16 21:14:43 +08:00
|
|
|
const OSSL_DISPATCH *fns = algodef->implementation;
|
2019-10-01 16:40:57 +08:00
|
|
|
EVP_ASYM_CIPHER *cipher = NULL;
|
|
|
|
|
int ctxfncnt = 0, encfncnt = 0, decfncnt = 0;
|
|
|
|
|
int gparamfncnt = 0, sparamfncnt = 0;
|
|
|
|
|
|
|
|
|
|
if ((cipher = evp_asym_cipher_new(prov)) == NULL) {
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
cipher->name_id = name_id;
|
2021-04-16 22:22:03 +08:00
|
|
|
if ((cipher->type_name = ossl_algorithm_get1_first_name(algodef)) == NULL)
|
|
|
|
|
goto err;
|
2021-03-16 21:14:43 +08:00
|
|
|
cipher->description = algodef->algorithm_description;
|
2019-10-01 16:40:57 +08:00
|
|
|
|
|
|
|
|
for (; fns->function_id != 0; fns++) {
|
|
|
|
|
switch (fns->function_id) {
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_NEWCTX:
|
|
|
|
|
if (cipher->newctx != NULL)
|
|
|
|
|
break;
|
2020-06-21 07:19:16 +08:00
|
|
|
cipher->newctx = OSSL_FUNC_asym_cipher_newctx(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
ctxfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT:
|
|
|
|
|
if (cipher->encrypt_init != NULL)
|
|
|
|
|
break;
|
2020-06-21 07:19:16 +08:00
|
|
|
cipher->encrypt_init = OSSL_FUNC_asym_cipher_encrypt_init(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
encfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_ENCRYPT:
|
|
|
|
|
if (cipher->encrypt != NULL)
|
|
|
|
|
break;
|
2020-06-21 07:19:16 +08:00
|
|
|
cipher->encrypt = OSSL_FUNC_asym_cipher_encrypt(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
encfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT:
|
|
|
|
|
if (cipher->decrypt_init != NULL)
|
|
|
|
|
break;
|
2020-06-21 07:19:16 +08:00
|
|
|
cipher->decrypt_init = OSSL_FUNC_asym_cipher_decrypt_init(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
decfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_DECRYPT:
|
|
|
|
|
if (cipher->decrypt != NULL)
|
|
|
|
|
break;
|
2020-06-21 07:19:16 +08:00
|
|
|
cipher->decrypt = OSSL_FUNC_asym_cipher_decrypt(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
decfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_FREECTX:
|
|
|
|
|
if (cipher->freectx != NULL)
|
|
|
|
|
break;
|
2020-06-21 07:19:16 +08:00
|
|
|
cipher->freectx = OSSL_FUNC_asym_cipher_freectx(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
ctxfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_DUPCTX:
|
|
|
|
|
if (cipher->dupctx != NULL)
|
|
|
|
|
break;
|
2020-06-21 07:19:16 +08:00
|
|
|
cipher->dupctx = OSSL_FUNC_asym_cipher_dupctx(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS:
|
|
|
|
|
if (cipher->get_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
cipher->get_ctx_params
|
2020-06-21 07:19:16 +08:00
|
|
|
= OSSL_FUNC_asym_cipher_get_ctx_params(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
gparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS:
|
|
|
|
|
if (cipher->gettable_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
cipher->gettable_ctx_params
|
2020-06-21 07:19:16 +08:00
|
|
|
= OSSL_FUNC_asym_cipher_gettable_ctx_params(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
gparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS:
|
|
|
|
|
if (cipher->set_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
cipher->set_ctx_params
|
2020-06-21 07:19:16 +08:00
|
|
|
= OSSL_FUNC_asym_cipher_set_ctx_params(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
sparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
case OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS:
|
|
|
|
|
if (cipher->settable_ctx_params != NULL)
|
|
|
|
|
break;
|
|
|
|
|
cipher->settable_ctx_params
|
2020-06-21 07:19:16 +08:00
|
|
|
= OSSL_FUNC_asym_cipher_settable_ctx_params(fns);
|
2019-10-01 16:40:57 +08:00
|
|
|
sparamfncnt++;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (ctxfncnt != 2
|
|
|
|
|
|| (encfncnt != 0 && encfncnt != 2)
|
|
|
|
|
|| (decfncnt != 0 && decfncnt != 2)
|
|
|
|
|
|| (encfncnt != 2 && decfncnt != 2)
|
|
|
|
|
|| (gparamfncnt != 0 && gparamfncnt != 2)
|
|
|
|
|
|| (sparamfncnt != 0 && sparamfncnt != 2)) {
|
|
|
|
|
/*
|
|
|
|
|
* In order to be a consistent set of functions we must have at least
|
|
|
|
|
* a set of context functions (newctx and freectx) as well as a pair of
|
|
|
|
|
* "cipher" functions: (encrypt_init, encrypt) or
|
|
|
|
|
* (decrypt_init decrypt). set_ctx_params and settable_ctx_params are
|
|
|
|
|
* optional, but if one of them is present then the other one must also
|
|
|
|
|
* be present. The same applies to get_ctx_params and
|
|
|
|
|
* gettable_ctx_params. The dupctx function is optional.
|
|
|
|
|
*/
|
|
|
|
|
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_PROVIDER_FUNCTIONS);
|
|
|
|
|
goto err;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return cipher;
|
|
|
|
|
err:
|
|
|
|
|
EVP_ASYM_CIPHER_free(cipher);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void EVP_ASYM_CIPHER_free(EVP_ASYM_CIPHER *cipher)
|
|
|
|
|
{
|
2021-02-16 01:31:36 +08:00
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if (cipher == NULL)
|
|
|
|
|
return;
|
|
|
|
|
CRYPTO_DOWN_REF(&cipher->refcnt, &i, cipher->lock);
|
|
|
|
|
if (i > 0)
|
|
|
|
|
return;
|
2021-04-16 22:22:03 +08:00
|
|
|
OPENSSL_free(cipher->type_name);
|
2021-02-16 01:31:36 +08:00
|
|
|
ossl_provider_free(cipher->prov);
|
|
|
|
|
CRYPTO_THREAD_lock_free(cipher->lock);
|
|
|
|
|
OPENSSL_free(cipher);
|
2019-10-01 16:40:57 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int EVP_ASYM_CIPHER_up_ref(EVP_ASYM_CIPHER *cipher)
|
|
|
|
|
{
|
|
|
|
|
int ref = 0;
|
|
|
|
|
|
|
|
|
|
CRYPTO_UP_REF(&cipher->refcnt, &ref, cipher->lock);
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
OSSL_PROVIDER *EVP_ASYM_CIPHER_get0_provider(const EVP_ASYM_CIPHER *cipher)
|
2019-10-01 16:40:57 +08:00
|
|
|
{
|
|
|
|
|
return cipher->prov;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-15 17:55:50 +08:00
|
|
|
EVP_ASYM_CIPHER *EVP_ASYM_CIPHER_fetch(OSSL_LIB_CTX *ctx, const char *algorithm,
|
2019-10-01 16:40:57 +08:00
|
|
|
const char *properties)
|
|
|
|
|
{
|
|
|
|
|
return evp_generic_fetch(ctx, OSSL_OP_ASYM_CIPHER, algorithm, properties,
|
2021-03-16 21:14:43 +08:00
|
|
|
evp_asym_cipher_from_algorithm,
|
2019-10-01 16:40:57 +08:00
|
|
|
(int (*)(void *))EVP_ASYM_CIPHER_up_ref,
|
|
|
|
|
(void (*)(void *))EVP_ASYM_CIPHER_free);
|
|
|
|
|
}
|
|
|
|
|
|
2021-10-01 18:06:52 +08:00
|
|
|
EVP_ASYM_CIPHER *evp_asym_cipher_fetch_from_prov(OSSL_PROVIDER *prov,
|
|
|
|
|
const char *algorithm,
|
|
|
|
|
const char *properties)
|
|
|
|
|
{
|
|
|
|
|
return evp_generic_fetch_from_prov(prov, OSSL_OP_ASYM_CIPHER,
|
|
|
|
|
algorithm, properties,
|
|
|
|
|
evp_asym_cipher_from_algorithm,
|
|
|
|
|
(int (*)(void *))EVP_ASYM_CIPHER_up_ref,
|
|
|
|
|
(void (*)(void *))EVP_ASYM_CIPHER_free);
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-01 16:40:57 +08:00
|
|
|
int EVP_ASYM_CIPHER_is_a(const EVP_ASYM_CIPHER *cipher, const char *name)
|
|
|
|
|
{
|
2020-01-15 08:04:37 +08:00
|
|
|
return evp_is_a(cipher->prov, cipher->name_id, NULL, name);
|
2019-10-01 16:40:57 +08:00
|
|
|
}
|
|
|
|
|
|
2021-06-01 19:18:04 +08:00
|
|
|
int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher)
|
2019-10-01 16:40:57 +08:00
|
|
|
{
|
|
|
|
|
return cipher->name_id;
|
|
|
|
|
}
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
const char *EVP_ASYM_CIPHER_get0_name(const EVP_ASYM_CIPHER *cipher)
|
2021-04-16 22:22:03 +08:00
|
|
|
{
|
|
|
|
|
return cipher->type_name;
|
|
|
|
|
}
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
const char *EVP_ASYM_CIPHER_get0_description(const EVP_ASYM_CIPHER *cipher)
|
EVP: Add EVP_<TYPE>_description()
The following operation types are covered:
EVP_MD, EVP_CIPHER, EVP_MAC, EVP_RAND, EVP_KEYMGMT, EVP_SIGNATURE,
EVP_ASYM_CIPHER, EVP_KEM, EVP_KEYEXCH, EVP_KDF. Also EVP_PKEY.
For EVP_MD and EVP_CIPHER, OBJ_nid2ln() is used as a fallback for
legacy implementations.
For EVP_PKEY, the info field of the EVP_PKEY_ASN1_METHOD is used as a
fallback for legacy implementations.
Fixes #14514
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14656)
2021-03-16 21:23:54 +08:00
|
|
|
{
|
|
|
|
|
return cipher->description;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-15 17:55:50 +08:00
|
|
|
void EVP_ASYM_CIPHER_do_all_provided(OSSL_LIB_CTX *libctx,
|
2019-10-01 16:40:57 +08:00
|
|
|
void (*fn)(EVP_ASYM_CIPHER *cipher,
|
|
|
|
|
void *arg),
|
|
|
|
|
void *arg)
|
|
|
|
|
{
|
|
|
|
|
evp_generic_do_all(libctx, OSSL_OP_ASYM_CIPHER,
|
|
|
|
|
(void (*)(void *, void *))fn, arg,
|
2021-03-16 21:14:43 +08:00
|
|
|
evp_asym_cipher_from_algorithm,
|
2021-06-09 13:52:09 +08:00
|
|
|
(int (*)(void *))EVP_ASYM_CIPHER_up_ref,
|
2019-10-01 16:40:57 +08:00
|
|
|
(void (*)(void *))EVP_ASYM_CIPHER_free);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2021-02-20 01:03:43 +08:00
|
|
|
int EVP_ASYM_CIPHER_names_do_all(const EVP_ASYM_CIPHER *cipher,
|
|
|
|
|
void (*fn)(const char *name, void *data),
|
|
|
|
|
void *data)
|
2019-10-01 16:40:57 +08:00
|
|
|
{
|
|
|
|
|
if (cipher->prov != NULL)
|
2021-02-20 01:03:43 +08:00
|
|
|
return evp_names_do_all(cipher->prov, cipher->name_id, fn, data);
|
|
|
|
|
|
|
|
|
|
return 1;
|
2019-10-01 16:40:57 +08:00
|
|
|
}
|
|
|
|
|
|
2020-09-22 08:38:13 +08:00
|
|
|
const OSSL_PARAM *EVP_ASYM_CIPHER_gettable_ctx_params(const EVP_ASYM_CIPHER *cip)
|
|
|
|
|
{
|
|
|
|
|
void *provctx;
|
|
|
|
|
|
|
|
|
|
if (cip == NULL || cip->gettable_ctx_params == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip));
|
2021-02-27 01:02:36 +08:00
|
|
|
return cip->gettable_ctx_params(NULL, provctx);
|
2020-09-22 08:38:13 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const OSSL_PARAM *EVP_ASYM_CIPHER_settable_ctx_params(const EVP_ASYM_CIPHER *cip)
|
|
|
|
|
{
|
|
|
|
|
void *provctx;
|
|
|
|
|
|
|
|
|
|
if (cip == NULL || cip->settable_ctx_params == NULL)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
2021-05-21 22:58:08 +08:00
|
|
|
provctx = ossl_provider_ctx(EVP_ASYM_CIPHER_get0_provider(cip));
|
2021-02-27 01:02:36 +08:00
|
|
|
return cip->settable_ctx_params(NULL, provctx);
|
2020-09-22 08:38:13 +08:00
|
|
|
}
|
