2020-08-17 03:25:08 +08:00
|
|
|
/*
|
|
|
|
* Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
|
|
* in the file LICENSE in the source distribution or at
|
|
|
|
* https://www.openssl.org/source/license.html
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <openssl/core_names.h>
|
|
|
|
#include <openssl/bio.h>
|
|
|
|
#include <openssl/params.h>
|
|
|
|
#include <openssl/provider.h>
|
2020-09-28 22:14:14 +08:00
|
|
|
#include <openssl/evperr.h>
|
|
|
|
#include <openssl/ecerr.h>
|
|
|
|
#include <openssl/x509err.h>
|
2020-10-28 17:13:24 +08:00
|
|
|
#include <openssl/trace.h>
|
2020-08-02 18:14:19 +08:00
|
|
|
#include "internal/passphrase.h"
|
2020-08-02 18:46:00 +08:00
|
|
|
#include "crypto/decoder.h"
|
2020-08-17 03:25:08 +08:00
|
|
|
#include "encoder_local.h"
|
|
|
|
#include "e_os.h"
|
|
|
|
|
|
|
|
struct decoder_process_data_st {
|
|
|
|
OSSL_DECODER_CTX *ctx;
|
|
|
|
|
|
|
|
/* Current BIO */
|
|
|
|
BIO *bio;
|
|
|
|
|
|
|
|
/* Index of the current decoder instance to be processed */
|
2020-08-21 19:08:18 +08:00
|
|
|
size_t current_decoder_inst_index;
|
2020-08-17 03:25:08 +08:00
|
|
|
};
|
|
|
|
|
|
|
|
static int decoder_process(const OSSL_PARAM params[], void *arg);
|
|
|
|
|
|
|
|
int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
|
|
|
|
{
|
|
|
|
struct decoder_process_data_st data;
|
|
|
|
int ok = 0;
|
|
|
|
|
|
|
|
memset(&data, 0, sizeof(data));
|
|
|
|
data.ctx = ctx;
|
|
|
|
data.bio = in;
|
|
|
|
|
2020-08-02 18:14:19 +08:00
|
|
|
/* Enable passphrase caching */
|
|
|
|
(void)ossl_pw_enable_passphrase_caching(&ctx->pwdata);
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
ok = decoder_process(NULL, &data);
|
|
|
|
|
|
|
|
/* Clear any internally cached passphrase */
|
2020-08-02 18:14:19 +08:00
|
|
|
(void)ossl_pw_clear_passphrase_cache(&ctx->pwdata);
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
return ok;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifndef OPENSSL_NO_STDIO
|
|
|
|
static BIO *bio_from_file(FILE *fp)
|
|
|
|
{
|
|
|
|
BIO *b;
|
|
|
|
|
|
|
|
if ((b = BIO_new(BIO_s_file())) == NULL) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
BIO_set_fp(b, fp, BIO_NOCLOSE);
|
|
|
|
return b;
|
|
|
|
}
|
|
|
|
|
|
|
|
int OSSL_DECODER_from_fp(OSSL_DECODER_CTX *ctx, FILE *fp)
|
|
|
|
{
|
|
|
|
BIO *b = bio_from_file(fp);
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (b != NULL)
|
|
|
|
ret = OSSL_DECODER_from_bio(ctx, b);
|
|
|
|
|
|
|
|
BIO_free(b);
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2020-10-05 20:23:55 +08:00
|
|
|
int OSSL_DECODER_from_data(OSSL_DECODER_CTX *ctx, const unsigned char **pdata,
|
|
|
|
size_t *pdata_len)
|
|
|
|
{
|
|
|
|
BIO *membio;
|
|
|
|
int ret = 0;
|
|
|
|
|
|
|
|
if (pdata == NULL || *pdata == NULL || pdata_len == NULL) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
membio = BIO_new_mem_buf(*pdata, (int)*pdata_len);
|
|
|
|
if (OSSL_DECODER_from_bio(ctx, membio)) {
|
|
|
|
*pdata_len = (size_t)BIO_get_mem_data(membio, pdata);
|
|
|
|
ret = 1;
|
|
|
|
}
|
|
|
|
BIO_free(membio);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-10-26 20:06:01 +08:00
|
|
|
int OSSL_DECODER_CTX_set_selection(OSSL_DECODER_CTX *ctx, int selection)
|
|
|
|
{
|
|
|
|
if (!ossl_assert(ctx != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* 0 is a valid selection, and means that the caller leaves
|
|
|
|
* it to code to discover what the selection is.
|
|
|
|
*/
|
|
|
|
ctx->selection = selection;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
int OSSL_DECODER_CTX_set_input_type(OSSL_DECODER_CTX *ctx,
|
|
|
|
const char *input_type)
|
|
|
|
{
|
|
|
|
if (!ossl_assert(ctx != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* NULL is a valid starting input type, and means that the caller leaves
|
|
|
|
* it to code to discover what the starting input type is.
|
|
|
|
*/
|
|
|
|
ctx->start_input_type = input_type;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2020-10-26 20:06:01 +08:00
|
|
|
int OSSL_DECODER_CTX_set_input_structure(OSSL_DECODER_CTX *ctx,
|
|
|
|
const char *input_structure)
|
|
|
|
{
|
|
|
|
if (!ossl_assert(ctx != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* NULL is a valid starting input type, and means that the caller leaves
|
|
|
|
* it to code to discover what the starting input type is.
|
|
|
|
*/
|
|
|
|
ctx->input_structure = input_structure;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2020-08-02 18:46:00 +08:00
|
|
|
OSSL_DECODER_INSTANCE *ossl_decoder_instance_new(OSSL_DECODER *decoder,
|
|
|
|
void *decoderctx)
|
2020-08-17 03:25:08 +08:00
|
|
|
{
|
|
|
|
OSSL_DECODER_INSTANCE *decoder_inst = NULL;
|
2020-10-26 20:06:01 +08:00
|
|
|
OSSL_PARAM params[3];
|
2020-08-17 03:25:08 +08:00
|
|
|
|
2020-08-02 18:46:00 +08:00
|
|
|
if (!ossl_assert(decoder != NULL)) {
|
2020-08-17 03:25:08 +08:00
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (decoder->get_params == NULL) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER,
|
|
|
|
OSSL_DECODER_R_MISSING_GET_PARAMS);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if ((decoder_inst = OPENSSL_zalloc(sizeof(*decoder_inst))) == NULL) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (!OSSL_DECODER_up_ref(decoder)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_INTERNAL_ERROR);
|
|
|
|
goto err;
|
|
|
|
}
|
|
|
|
|
2020-10-26 20:06:01 +08:00
|
|
|
/* Cache the input type for this decoder */
|
2020-08-17 03:25:08 +08:00
|
|
|
params[0] =
|
|
|
|
OSSL_PARAM_construct_utf8_ptr(OSSL_DECODER_PARAM_INPUT_TYPE,
|
|
|
|
(char **)&decoder_inst->input_type, 0);
|
2020-10-26 20:06:01 +08:00
|
|
|
params[1] =
|
|
|
|
OSSL_PARAM_construct_utf8_ptr(OSSL_DECODER_PARAM_INPUT_STRUCTURE,
|
|
|
|
(char **)&decoder_inst->input_structure,
|
|
|
|
0);
|
|
|
|
params[2] = OSSL_PARAM_construct_end();
|
2020-08-17 03:25:08 +08:00
|
|
|
|
2020-08-02 18:46:00 +08:00
|
|
|
if (!decoder->get_params(params)
|
2020-08-17 03:25:08 +08:00
|
|
|
|| !OSSL_PARAM_modified(¶ms[0]))
|
|
|
|
goto err;
|
|
|
|
|
2020-10-26 20:06:01 +08:00
|
|
|
decoder_inst->flag_input_structure_was_set =
|
|
|
|
OSSL_PARAM_modified(¶ms[1]);
|
2020-08-02 18:46:00 +08:00
|
|
|
decoder_inst->decoder = decoder;
|
|
|
|
decoder_inst->decoderctx = decoderctx;
|
|
|
|
return decoder_inst;
|
2020-08-17 03:25:08 +08:00
|
|
|
err:
|
2020-08-02 18:46:00 +08:00
|
|
|
ossl_decoder_instance_free(decoder_inst);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
void ossl_decoder_instance_free(OSSL_DECODER_INSTANCE *decoder_inst)
|
|
|
|
{
|
2020-08-17 03:25:08 +08:00
|
|
|
if (decoder_inst != NULL) {
|
|
|
|
if (decoder_inst->decoder != NULL)
|
2020-08-21 19:08:18 +08:00
|
|
|
decoder_inst->decoder->freectx(decoder_inst->decoderctx);
|
2020-08-02 18:46:00 +08:00
|
|
|
decoder_inst->decoderctx = NULL;
|
2020-08-17 03:25:08 +08:00
|
|
|
OSSL_DECODER_free(decoder_inst->decoder);
|
2020-08-02 18:46:00 +08:00
|
|
|
decoder_inst->decoder = NULL;
|
2020-08-17 03:25:08 +08:00
|
|
|
OPENSSL_free(decoder_inst);
|
|
|
|
}
|
2020-08-02 18:46:00 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
int ossl_decoder_ctx_add_decoder_inst(OSSL_DECODER_CTX *ctx,
|
2020-10-26 20:06:01 +08:00
|
|
|
OSSL_DECODER_INSTANCE *di)
|
2020-08-02 18:46:00 +08:00
|
|
|
{
|
2020-10-28 17:13:24 +08:00
|
|
|
int ok;
|
|
|
|
|
2020-08-02 18:46:00 +08:00
|
|
|
if (ctx->decoder_insts == NULL
|
|
|
|
&& (ctx->decoder_insts =
|
|
|
|
sk_OSSL_DECODER_INSTANCE_new_null()) == NULL) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_MALLOC_FAILURE);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-10-28 17:13:24 +08:00
|
|
|
ok = (sk_OSSL_DECODER_INSTANCE_push(ctx->decoder_insts, di) > 0);
|
|
|
|
if (ok) {
|
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
|
|
|
BIO_printf(trc_out,
|
|
|
|
"(ctx %p) Added decoder instance %p (decoder %p) with:\n",
|
|
|
|
(void *)ctx, (void *)di, (void *)di->decoder);
|
|
|
|
BIO_printf(trc_out,
|
|
|
|
" input type: %s, input structure: %s\n",
|
|
|
|
di->input_type, di->input_structure);
|
|
|
|
} OSSL_TRACE_END(DECODER);
|
|
|
|
}
|
|
|
|
return ok;
|
2020-08-02 18:46:00 +08:00
|
|
|
}
|
|
|
|
|
2020-09-14 17:35:07 +08:00
|
|
|
int OSSL_DECODER_CTX_add_decoder(OSSL_DECODER_CTX *ctx, OSSL_DECODER *decoder)
|
2020-08-02 18:46:00 +08:00
|
|
|
{
|
|
|
|
OSSL_DECODER_INSTANCE *decoder_inst = NULL;
|
|
|
|
const OSSL_PROVIDER *prov = NULL;
|
|
|
|
void *decoderctx = NULL;
|
|
|
|
void *provctx = NULL;
|
|
|
|
|
|
|
|
if (!ossl_assert(ctx != NULL) || !ossl_assert(decoder != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
prov = OSSL_DECODER_provider(decoder);
|
|
|
|
provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
|
|
|
|
|
|
|
|
if ((decoderctx = decoder->newctx(provctx)) == NULL
|
|
|
|
|| (decoder_inst =
|
|
|
|
ossl_decoder_instance_new(decoder, decoderctx)) == NULL)
|
|
|
|
goto err;
|
|
|
|
/* Avoid double free of decoderctx on further errors */
|
|
|
|
decoderctx = NULL;
|
|
|
|
|
|
|
|
if (!ossl_decoder_ctx_add_decoder_inst(ctx, decoder_inst))
|
|
|
|
goto err;
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
err:
|
|
|
|
ossl_decoder_instance_free(decoder_inst);
|
|
|
|
if (decoderctx != NULL)
|
|
|
|
decoder->freectx(decoderctx);
|
2020-08-17 03:25:08 +08:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
int OSSL_DECODER_CTX_add_extra(OSSL_DECODER_CTX *ctx,
|
2020-10-15 17:55:50 +08:00
|
|
|
OSSL_LIB_CTX *libctx, const char *propq)
|
2020-08-17 03:25:08 +08:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* This function goes through existing decoder methods in
|
|
|
|
* |ctx->decoder_insts|, and tries to fetch new decoders that produce
|
|
|
|
* what the existing ones want as input, and push those newly fetched
|
|
|
|
* decoders on top of the same stack.
|
|
|
|
* Then it does the same again, but looping over the newly fetched
|
2020-10-26 20:06:01 +08:00
|
|
|
* decoders, until there are no more decoders to be fetched, or
|
2020-08-17 03:25:08 +08:00
|
|
|
* when we have done this 10 times.
|
|
|
|
*
|
|
|
|
* we do this with sliding windows on the stack by keeping track of indexes
|
|
|
|
* and of the end.
|
|
|
|
*
|
|
|
|
* +----------------+
|
|
|
|
* | DER to RSA | <--- w_prev_start
|
|
|
|
* +----------------+
|
|
|
|
* | DER to DSA |
|
|
|
|
* +----------------+
|
|
|
|
* | DER to DH |
|
|
|
|
* +----------------+
|
|
|
|
* | PEM to DER | <--- w_prev_end, w_new_start
|
|
|
|
* +----------------+
|
|
|
|
* <--- w_new_end
|
|
|
|
*/
|
|
|
|
size_t w_prev_start, w_prev_end; /* "previous" decoders */
|
|
|
|
size_t w_new_start, w_new_end; /* "new" decoders */
|
|
|
|
size_t count = 0; /* Calculates how many were added in each iteration */
|
|
|
|
size_t depth = 0; /* Counts the number of iterations */
|
|
|
|
|
|
|
|
if (!ossl_assert(ctx != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If there is no stack of OSSL_DECODER_INSTANCE, we have nothing
|
|
|
|
* more to add. That's fine.
|
|
|
|
*/
|
|
|
|
if (ctx->decoder_insts == NULL)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
w_prev_start = 0;
|
|
|
|
w_prev_end = sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts);
|
|
|
|
do {
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
w_new_start = w_new_end = w_prev_end;
|
|
|
|
|
|
|
|
for (i = w_prev_start; i < w_prev_end; i++) {
|
|
|
|
OSSL_DECODER_INSTANCE *decoder_inst =
|
|
|
|
sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
|
2020-09-14 17:35:07 +08:00
|
|
|
const char *input_type =
|
|
|
|
OSSL_DECODER_INSTANCE_get_input_type(decoder_inst);
|
2020-08-17 03:25:08 +08:00
|
|
|
OSSL_DECODER *decoder = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the caller has specified what the initial input should be,
|
|
|
|
* and the decoder implementation we're looking at has that
|
|
|
|
* input type, there's no point adding on more implementations
|
|
|
|
* on top of this one, so we don't.
|
|
|
|
*/
|
|
|
|
if (ctx->start_input_type != NULL
|
2020-10-02 00:17:58 +08:00
|
|
|
&& strcasecmp(ctx->start_input_type, input_type) == 0)
|
2020-08-17 03:25:08 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
ERR_set_mark();
|
2020-09-14 17:35:07 +08:00
|
|
|
decoder = OSSL_DECODER_fetch(libctx, input_type, propq);
|
2020-08-17 03:25:08 +08:00
|
|
|
ERR_pop_to_mark();
|
|
|
|
|
|
|
|
if (decoder != NULL) {
|
|
|
|
size_t j;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check that we don't already have this decoder in our
|
|
|
|
* stack We only need to check among the newly added ones.
|
|
|
|
*/
|
|
|
|
for (j = w_new_start; j < w_new_end; j++) {
|
|
|
|
OSSL_DECODER_INSTANCE *check_inst =
|
|
|
|
sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, j);
|
|
|
|
|
|
|
|
if (decoder == check_inst->decoder) {
|
|
|
|
/* We found it, so drop the new fetch */
|
|
|
|
OSSL_DECODER_free(decoder);
|
|
|
|
decoder = NULL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (decoder == NULL)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Apart from keeping w_new_end up to date, We don't care about
|
|
|
|
* errors here. If it doesn't collect, then it doesn't...
|
|
|
|
*/
|
|
|
|
if (OSSL_DECODER_CTX_add_decoder(ctx, decoder)) /* ref++ */
|
|
|
|
w_new_end++;
|
|
|
|
OSSL_DECODER_free(decoder); /* ref-- */
|
|
|
|
}
|
|
|
|
/* How many were added in this iteration */
|
|
|
|
count = w_new_end - w_new_start;
|
|
|
|
|
|
|
|
/* Slide the "previous decoder" windows */
|
|
|
|
w_prev_start = w_new_start;
|
|
|
|
w_prev_end = w_new_end;
|
|
|
|
|
|
|
|
depth++;
|
|
|
|
} while (count != 0 && depth <= 10);
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2020-09-14 17:35:07 +08:00
|
|
|
int OSSL_DECODER_CTX_get_num_decoders(OSSL_DECODER_CTX *ctx)
|
2020-08-17 03:25:08 +08:00
|
|
|
{
|
|
|
|
if (ctx == NULL || ctx->decoder_insts == NULL)
|
|
|
|
return 0;
|
|
|
|
return sk_OSSL_DECODER_INSTANCE_num(ctx->decoder_insts);
|
|
|
|
}
|
|
|
|
|
|
|
|
int OSSL_DECODER_CTX_set_construct(OSSL_DECODER_CTX *ctx,
|
|
|
|
OSSL_DECODER_CONSTRUCT *construct)
|
|
|
|
{
|
|
|
|
if (!ossl_assert(ctx != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
ctx->construct = construct;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int OSSL_DECODER_CTX_set_construct_data(OSSL_DECODER_CTX *ctx,
|
|
|
|
void *construct_data)
|
|
|
|
{
|
|
|
|
if (!ossl_assert(ctx != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
ctx->construct_data = construct_data;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
int OSSL_DECODER_CTX_set_cleanup(OSSL_DECODER_CTX *ctx,
|
|
|
|
OSSL_DECODER_CLEANUP *cleanup)
|
|
|
|
{
|
|
|
|
if (!ossl_assert(ctx != NULL)) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
ctx->cleanup = cleanup;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
OSSL_DECODER_CONSTRUCT *
|
|
|
|
OSSL_DECODER_CTX_get_construct(OSSL_DECODER_CTX *ctx)
|
|
|
|
{
|
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
|
|
|
return ctx->construct;
|
|
|
|
}
|
|
|
|
|
|
|
|
void *OSSL_DECODER_CTX_get_construct_data(OSSL_DECODER_CTX *ctx)
|
|
|
|
{
|
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
|
|
|
return ctx->construct_data;
|
|
|
|
}
|
|
|
|
|
|
|
|
OSSL_DECODER_CLEANUP *
|
|
|
|
OSSL_DECODER_CTX_get_cleanup(OSSL_DECODER_CTX *ctx)
|
|
|
|
{
|
|
|
|
if (ctx == NULL)
|
|
|
|
return NULL;
|
|
|
|
return ctx->cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
int OSSL_DECODER_export(OSSL_DECODER_INSTANCE *decoder_inst,
|
|
|
|
void *reference, size_t reference_sz,
|
|
|
|
OSSL_CALLBACK *export_cb, void *export_cbarg)
|
|
|
|
{
|
2020-09-14 17:35:07 +08:00
|
|
|
OSSL_DECODER *decoder = NULL;
|
|
|
|
void *decoderctx = NULL;
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
if (!(ossl_assert(decoder_inst != NULL)
|
|
|
|
&& ossl_assert(reference != NULL)
|
|
|
|
&& ossl_assert(export_cb != NULL)
|
|
|
|
&& ossl_assert(export_cbarg != NULL))) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_PASSED_NULL_PARAMETER);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2020-09-14 17:35:07 +08:00
|
|
|
decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst);
|
|
|
|
decoderctx = OSSL_DECODER_INSTANCE_get_decoder_ctx(decoder_inst);
|
|
|
|
return decoder->export_object(decoderctx, reference, reference_sz,
|
|
|
|
export_cb, export_cbarg);
|
2020-08-17 03:25:08 +08:00
|
|
|
}
|
|
|
|
|
2020-09-14 17:35:07 +08:00
|
|
|
OSSL_DECODER *
|
|
|
|
OSSL_DECODER_INSTANCE_get_decoder(OSSL_DECODER_INSTANCE *decoder_inst)
|
2020-08-17 03:25:08 +08:00
|
|
|
{
|
|
|
|
if (decoder_inst == NULL)
|
|
|
|
return NULL;
|
|
|
|
return decoder_inst->decoder;
|
|
|
|
}
|
|
|
|
|
2020-09-14 17:35:07 +08:00
|
|
|
void *
|
|
|
|
OSSL_DECODER_INSTANCE_get_decoder_ctx(OSSL_DECODER_INSTANCE *decoder_inst)
|
2020-08-17 03:25:08 +08:00
|
|
|
{
|
|
|
|
if (decoder_inst == NULL)
|
|
|
|
return NULL;
|
2020-08-21 19:08:18 +08:00
|
|
|
return decoder_inst->decoderctx;
|
2020-08-17 03:25:08 +08:00
|
|
|
}
|
|
|
|
|
2020-09-14 17:35:07 +08:00
|
|
|
const char *
|
|
|
|
OSSL_DECODER_INSTANCE_get_input_type(OSSL_DECODER_INSTANCE *decoder_inst)
|
|
|
|
{
|
|
|
|
if (decoder_inst == NULL)
|
|
|
|
return NULL;
|
|
|
|
return decoder_inst->input_type;
|
|
|
|
}
|
|
|
|
|
2020-10-26 20:06:01 +08:00
|
|
|
const char *
|
|
|
|
OSSL_DECODER_INSTANCE_get_input_structure(OSSL_DECODER_INSTANCE *decoder_inst,
|
|
|
|
int *was_set)
|
|
|
|
{
|
|
|
|
if (decoder_inst == NULL)
|
|
|
|
return NULL;
|
|
|
|
*was_set = decoder_inst->flag_input_structure_was_set;
|
|
|
|
return decoder_inst->input_structure;
|
|
|
|
}
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
static int decoder_process(const OSSL_PARAM params[], void *arg)
|
|
|
|
{
|
|
|
|
struct decoder_process_data_st *data = arg;
|
|
|
|
OSSL_DECODER_CTX *ctx = data->ctx;
|
|
|
|
OSSL_DECODER_INSTANCE *decoder_inst = NULL;
|
|
|
|
OSSL_DECODER *decoder = NULL;
|
|
|
|
BIO *bio = data->bio;
|
|
|
|
long loc;
|
|
|
|
size_t i;
|
2020-09-28 22:14:14 +08:00
|
|
|
int err, ok = 0;
|
2020-08-17 03:25:08 +08:00
|
|
|
/* For recursions */
|
|
|
|
struct decoder_process_data_st new_data;
|
2021-02-18 20:18:53 +08:00
|
|
|
const char *data_type = NULL;
|
|
|
|
const char *data_structure = NULL;
|
2020-08-17 03:25:08 +08:00
|
|
|
|
|
|
|
memset(&new_data, 0, sizeof(new_data));
|
|
|
|
new_data.ctx = data->ctx;
|
|
|
|
|
|
|
|
if (params == NULL) {
|
|
|
|
/* First iteration, where we prepare for what is to come */
|
|
|
|
|
2020-08-21 19:08:18 +08:00
|
|
|
data->current_decoder_inst_index =
|
2020-09-14 17:35:07 +08:00
|
|
|
OSSL_DECODER_CTX_get_num_decoders(ctx);
|
2020-08-17 03:25:08 +08:00
|
|
|
|
|
|
|
bio = data->bio;
|
|
|
|
} else {
|
|
|
|
const OSSL_PARAM *p;
|
|
|
|
|
|
|
|
decoder_inst =
|
|
|
|
sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts,
|
2020-08-21 19:08:18 +08:00
|
|
|
data->current_decoder_inst_index);
|
2020-09-14 17:35:07 +08:00
|
|
|
decoder = OSSL_DECODER_INSTANCE_get_decoder(decoder_inst);
|
2020-08-17 03:25:08 +08:00
|
|
|
|
|
|
|
if (ctx->construct != NULL
|
|
|
|
&& ctx->construct(decoder_inst, params, ctx->construct_data)) {
|
|
|
|
ok = 1;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* The constructor didn't return success */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* so we try to use the object we got and feed it to any next
|
|
|
|
* decoder that will take it. Object references are not
|
|
|
|
* allowed for this.
|
|
|
|
* If this data isn't present, decoding has failed.
|
|
|
|
*/
|
|
|
|
|
CORE: Define provider-native abstract objects
This is placed as CORE because the core of libcrypto is the authority
for what is possible to do and what's required to make these abstract
objects work.
In essence, an abstract object is an OSSL_PARAM array with well
defined parameter keys and values:
- an object type, which is a number indicating what kind of
libcrypto structure the object in question can be used with. The
currently possible numbers are defined in <openssl/core_object.h>.
- an object data type, which is a string that indicates more closely
what the contents of the object are.
- the object data, an octet string. The exact encoding used depends
on the context in which it's used. For example, the decoder
sub-system accepts any encoding, as long as there is a decoder
implementation that takes that as input. If central code is to
handle the data directly, DER encoding is assumed. (*)
- an object reference, also an octet string. This octet string is
not the object contents, just a mere reference to a provider-native
object. (**)
- an object description, which is a human readable text string that
can be displayed if some software desires to do so.
The intent is that certain provider-native operations (called X
here) are able to return any sort of object that belong with other
operations, or an object that has no provider support otherwise.
(*) A future extension might be to be able to specify encoding.
(**) The possible mechanisms for dealing with object references are:
- An object loading function in the target operation. The exact
target operation is determined by the object type (for example,
OSSL_OBJECT_PKEY implies that the target operation is a KEYMGMT)
and the implementation to be fetched by its object data type (for
an OSSL_OBJECT_PKEY, that's the KEYMGMT keytype to be fetched).
This loading function is only useful for this if the implementations
that are involved (X and KEYMGMT, for example) are from the same
provider.
- An object exporter function in the operation X implementation.
That exporter function can be used to export the object data in
OSSL_PARAM form that can be imported by a target operation's
import function. This can be used when it's not possible to fetch
the target operation implementation from the same provider.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12512)
2020-07-22 21:34:25 +08:00
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA);
|
2020-08-17 03:25:08 +08:00
|
|
|
if (p == NULL || p->data_type != OSSL_PARAM_OCTET_STRING)
|
|
|
|
goto end;
|
|
|
|
new_data.bio = BIO_new_mem_buf(p->data, (int)p->data_size);
|
|
|
|
if (new_data.bio == NULL)
|
|
|
|
goto end;
|
|
|
|
bio = new_data.bio;
|
2020-10-02 19:56:54 +08:00
|
|
|
|
2021-02-18 20:18:53 +08:00
|
|
|
/* Get the data type if there is one */
|
2020-10-02 19:56:54 +08:00
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_TYPE);
|
2021-02-18 20:18:53 +08:00
|
|
|
if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &data_type))
|
2020-10-02 19:56:54 +08:00
|
|
|
goto end;
|
2021-02-18 20:18:53 +08:00
|
|
|
|
|
|
|
/* Get the data structure if there is one */
|
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_OBJECT_PARAM_DATA_STRUCTURE);
|
|
|
|
if (p != NULL && !OSSL_PARAM_get_utf8_string_ptr(p, &data_structure))
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the data structure is "type-specific" and the data type is
|
|
|
|
* given, we drop the data structure. The reasoning is that the
|
|
|
|
* data type is already enough to find the applicable next decoder,
|
|
|
|
* so an additional "type-specific" data structure is extraneous.
|
|
|
|
*
|
|
|
|
* Furthermore, if the OSSL_DECODER caller asked for a type specific
|
|
|
|
* structure under another name, such as "DH", we get a mismatch
|
|
|
|
* if the data structure we just received is "type-specific".
|
|
|
|
* There's only so much you can do without infusing this code with
|
|
|
|
* too special knowledge.
|
|
|
|
*/
|
|
|
|
if (data_type != NULL
|
|
|
|
&& strcasecmp(data_structure, "type-specific") == 0)
|
|
|
|
data_structure = NULL;
|
2020-08-17 03:25:08 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we have no more decoders to look through at this point,
|
|
|
|
* we failed
|
|
|
|
*/
|
2020-08-21 19:08:18 +08:00
|
|
|
if (data->current_decoder_inst_index == 0)
|
2020-08-17 03:25:08 +08:00
|
|
|
goto end;
|
|
|
|
|
|
|
|
if ((loc = BIO_tell(bio)) < 0) {
|
|
|
|
ERR_raise(ERR_LIB_OSSL_DECODER, ERR_R_BIO_LIB);
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
2020-08-21 19:08:18 +08:00
|
|
|
for (i = data->current_decoder_inst_index; i-- > 0;) {
|
|
|
|
OSSL_DECODER_INSTANCE *new_decoder_inst =
|
2020-08-17 03:25:08 +08:00
|
|
|
sk_OSSL_DECODER_INSTANCE_value(ctx->decoder_insts, i);
|
2020-08-21 19:08:18 +08:00
|
|
|
OSSL_DECODER *new_decoder =
|
2020-09-14 17:35:07 +08:00
|
|
|
OSSL_DECODER_INSTANCE_get_decoder(new_decoder_inst);
|
|
|
|
void *new_decoderctx =
|
|
|
|
OSSL_DECODER_INSTANCE_get_decoder_ctx(new_decoder_inst);
|
|
|
|
const char *new_input_type =
|
|
|
|
OSSL_DECODER_INSTANCE_get_input_type(new_decoder_inst);
|
2021-02-18 20:18:53 +08:00
|
|
|
int n_i_s_was_set = 0; /* We don't care here */
|
|
|
|
const char *new_input_structure =
|
|
|
|
OSSL_DECODER_INSTANCE_get_input_structure(new_decoder_inst,
|
|
|
|
&n_i_s_was_set);
|
2020-08-17 03:25:08 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If |decoder| is NULL, it means we've just started, and the caller
|
|
|
|
* may have specified what it expects the initial input to be. If
|
|
|
|
* that's the case, we do this extra check.
|
|
|
|
*/
|
|
|
|
if (decoder == NULL && ctx->start_input_type != NULL
|
2020-09-14 17:35:07 +08:00
|
|
|
&& strcasecmp(ctx->start_input_type, new_input_type) != 0)
|
2020-08-17 03:25:08 +08:00
|
|
|
continue;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we have a previous decoder, we check that the input type
|
|
|
|
* of the next to be used matches the type of this previous one.
|
2021-02-18 20:18:53 +08:00
|
|
|
* |new_input_type| holds the value of the "input-type" parameter
|
|
|
|
* for the decoder we're currently considering.
|
2020-08-17 03:25:08 +08:00
|
|
|
*/
|
2020-09-14 17:35:07 +08:00
|
|
|
if (decoder != NULL && !OSSL_DECODER_is_a(decoder, new_input_type))
|
2020-08-17 03:25:08 +08:00
|
|
|
continue;
|
|
|
|
|
2020-10-02 19:56:54 +08:00
|
|
|
/*
|
2021-02-18 20:18:53 +08:00
|
|
|
* If the previous decoder gave us a data type, we check to see
|
2020-10-02 19:56:54 +08:00
|
|
|
* if that matches the decoder we're currently considering.
|
|
|
|
*/
|
2021-02-18 20:18:53 +08:00
|
|
|
if (data_type != NULL && !OSSL_DECODER_is_a(new_decoder, data_type))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If the previous decoder gave us a data structure name, we check
|
|
|
|
* to see that it matches the input data structure of the decoder
|
|
|
|
* we're currently considering.
|
|
|
|
*/
|
|
|
|
if (data_structure != NULL
|
|
|
|
&& (new_input_structure == NULL
|
|
|
|
|| strcasecmp(data_structure, new_input_structure) != 0))
|
2020-10-02 19:56:54 +08:00
|
|
|
continue;
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
/*
|
|
|
|
* Checking the return value of BIO_reset() or BIO_seek() is unsafe.
|
|
|
|
* Furthermore, BIO_reset() is unsafe to use if the source BIO happens
|
|
|
|
* to be a BIO_s_mem(), because the earlier BIO_tell() gives us zero
|
|
|
|
* no matter where we are in the underlying buffer we're reading from.
|
|
|
|
*
|
|
|
|
* So, we simply do a BIO_seek(), and use BIO_tell() that we're back
|
|
|
|
* at the same position. This is a best effort attempt, but BIO_seek()
|
|
|
|
* and BIO_tell() should come as a pair...
|
|
|
|
*/
|
|
|
|
(void)BIO_seek(bio, loc);
|
|
|
|
if (BIO_tell(bio) != loc)
|
|
|
|
goto end;
|
|
|
|
|
|
|
|
/* Recurse */
|
2020-08-21 19:08:18 +08:00
|
|
|
new_data.current_decoder_inst_index = i;
|
2020-09-14 17:35:07 +08:00
|
|
|
ok = new_decoder->decode(new_decoderctx, (OSSL_CORE_BIO *)bio,
|
2020-10-26 20:06:01 +08:00
|
|
|
new_data.ctx->selection,
|
2020-08-21 19:08:18 +08:00
|
|
|
decoder_process, &new_data,
|
|
|
|
ossl_pw_passphrase_callback_dec,
|
|
|
|
&new_data.ctx->pwdata);
|
2020-10-28 17:13:24 +08:00
|
|
|
|
|
|
|
OSSL_TRACE_BEGIN(DECODER) {
|
|
|
|
BIO_printf(trc_out,
|
|
|
|
"(ctx %p) Running decoder instance %p => %d\n",
|
|
|
|
(void *)new_data.ctx, (void *)new_decoder_inst, ok);
|
|
|
|
} OSSL_TRACE_END(DECODER);
|
|
|
|
|
2020-08-17 03:25:08 +08:00
|
|
|
if (ok)
|
|
|
|
break;
|
2021-02-18 20:18:53 +08:00
|
|
|
|
|
|
|
/*
|
|
|
|
* These errors are assumed to come from ossl_store_handle_load_result()
|
|
|
|
* in crypto/store/store_result.c. They are currently considered fatal
|
|
|
|
* errors, so we preserve them in the error queue and stop.
|
|
|
|
*/
|
2020-09-28 22:14:14 +08:00
|
|
|
err = ERR_peek_last_error();
|
|
|
|
if ((ERR_GET_LIB(err) == ERR_LIB_EVP
|
|
|
|
&& ERR_GET_REASON(err) == EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM)
|
|
|
|
#ifndef OPENSSL_NO_EC
|
|
|
|
|| (ERR_GET_LIB(err) == ERR_LIB_EC
|
|
|
|
&& ERR_GET_REASON(err) == EC_R_UNKNOWN_GROUP)
|
|
|
|
#endif
|
|
|
|
|| (ERR_GET_LIB(err) == ERR_LIB_X509
|
|
|
|
&& ERR_GET_REASON(err) == X509_R_UNSUPPORTED_ALGORITHM))
|
2021-02-18 20:18:53 +08:00
|
|
|
goto end;
|
2020-08-17 03:25:08 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
end:
|
|
|
|
BIO_free(new_data.bio);
|
|
|
|
return ok;
|
|
|
|
}
|