mirror of
https://github.com/openssl/openssl.git
synced 2024-12-03 05:41:46 +08:00
0d2bfe52bb
Also Add ability for providers to dynamically exclude cipher algorithms. Cipher algorithms are only returned from providers if their capable() method is either NULL, or the method returns 1. This is mainly required for ciphers that only have hardware implementations. If there is no hardware support, then the algorithm needs to be not available. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10146)
254 lines
7.4 KiB
C
254 lines
7.4 KiB
C
/*
|
|
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/core_names.h>
|
|
#include "prov/provider_util.h"
|
|
|
|
void ossl_prov_cipher_reset(PROV_CIPHER *pc)
|
|
{
|
|
EVP_CIPHER_free(pc->alloc_cipher);
|
|
pc->alloc_cipher = NULL;
|
|
pc->cipher = NULL;
|
|
pc->engine = NULL;
|
|
}
|
|
|
|
int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src)
|
|
{
|
|
if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher))
|
|
return 0;
|
|
dst->engine = src->engine;
|
|
dst->cipher = src->cipher;
|
|
dst->alloc_cipher = src->alloc_cipher;
|
|
return 1;
|
|
}
|
|
|
|
static int load_common(const OSSL_PARAM params[], const char **propquery,
|
|
ENGINE **engine)
|
|
{
|
|
const OSSL_PARAM *p;
|
|
|
|
*propquery = NULL;
|
|
p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES);
|
|
if (p != NULL) {
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
*propquery = p->data;
|
|
}
|
|
|
|
*engine = NULL;
|
|
/* TODO legacy stuff, to be removed */
|
|
/* Inside the FIPS module, we don't support legacy ciphers */
|
|
#if !defined(FIPS_MODE) && !defined(OPENSSL_NO_ENGINE)
|
|
p = OSSL_PARAM_locate_const(params, "engine");
|
|
if (p != NULL) {
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
ENGINE_finish(*engine);
|
|
*engine = ENGINE_by_id(p->data);
|
|
if (*engine == NULL)
|
|
return 0;
|
|
}
|
|
#endif
|
|
return 1;
|
|
}
|
|
|
|
int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc,
|
|
const OSSL_PARAM params[],
|
|
OPENSSL_CTX *ctx)
|
|
{
|
|
const OSSL_PARAM *p;
|
|
const char *propquery;
|
|
|
|
if (!load_common(params, &propquery, &pc->engine))
|
|
return 0;
|
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_CIPHER);
|
|
if (p == NULL)
|
|
return 1;
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
|
|
EVP_CIPHER_free(pc->alloc_cipher);
|
|
pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery);
|
|
/* TODO legacy stuff, to be removed */
|
|
#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy ciphers */
|
|
if (pc->cipher == NULL)
|
|
pc->cipher = EVP_get_cipherbyname(p->data);
|
|
#endif
|
|
return pc->cipher != NULL;
|
|
}
|
|
|
|
const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc)
|
|
{
|
|
return pc->cipher;
|
|
}
|
|
|
|
ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc)
|
|
{
|
|
return pc->engine;
|
|
}
|
|
|
|
void ossl_prov_digest_reset(PROV_DIGEST *pd)
|
|
{
|
|
EVP_MD_free(pd->alloc_md);
|
|
pd->alloc_md = NULL;
|
|
pd->md = NULL;
|
|
pd->engine = NULL;
|
|
}
|
|
|
|
int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src)
|
|
{
|
|
if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md))
|
|
return 0;
|
|
dst->engine = src->engine;
|
|
dst->md = src->md;
|
|
dst->alloc_md = src->alloc_md;
|
|
return 1;
|
|
}
|
|
|
|
int ossl_prov_digest_load_from_params(PROV_DIGEST *pd,
|
|
const OSSL_PARAM params[],
|
|
OPENSSL_CTX *ctx)
|
|
{
|
|
const OSSL_PARAM *p;
|
|
const char *propquery;
|
|
|
|
if (!load_common(params, &propquery, &pd->engine))
|
|
return 0;
|
|
|
|
|
|
p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST);
|
|
if (p == NULL)
|
|
return 1;
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
|
|
EVP_MD_free(pd->alloc_md);
|
|
pd->md = pd->alloc_md = EVP_MD_fetch(ctx, p->data, propquery);
|
|
/* TODO legacy stuff, to be removed */
|
|
#ifndef FIPS_MODE /* Inside the FIPS module, we don't support legacy digests */
|
|
if (pd->md == NULL)
|
|
pd->md = EVP_get_digestbyname(p->data);
|
|
#endif
|
|
return pd->md != NULL;
|
|
}
|
|
|
|
const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd)
|
|
{
|
|
return pd->md;
|
|
}
|
|
|
|
ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd)
|
|
{
|
|
return pd->engine;
|
|
}
|
|
|
|
int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
|
|
const OSSL_PARAM params[],
|
|
const char *macname,
|
|
const char *ciphername,
|
|
const char *mdname,
|
|
OPENSSL_CTX *libctx)
|
|
{
|
|
const OSSL_PARAM *p;
|
|
OSSL_PARAM mac_params[5], *mp = mac_params;
|
|
const char *properties = NULL;
|
|
|
|
if (macname == NULL
|
|
&& (p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_MAC)) != NULL) {
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
macname = p->data;
|
|
}
|
|
if ((p = OSSL_PARAM_locate_const(params,
|
|
OSSL_ALG_PARAM_PROPERTIES)) != NULL) {
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
properties = p->data;
|
|
}
|
|
|
|
/* If we got a new mac name, we make a new EVP_MAC_CTX */
|
|
if (macname != NULL) {
|
|
EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties);
|
|
|
|
EVP_MAC_CTX_free(*macctx);
|
|
*macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac);
|
|
/* The context holds on to the MAC */
|
|
EVP_MAC_free(mac);
|
|
if (*macctx == NULL)
|
|
return 0;
|
|
}
|
|
|
|
/*
|
|
* If there is no MAC yet (and therefore, no MAC context), we ignore
|
|
* all other parameters.
|
|
*/
|
|
if (*macctx == NULL)
|
|
return 1;
|
|
|
|
if (mdname == NULL) {
|
|
if ((p = OSSL_PARAM_locate_const(params,
|
|
OSSL_ALG_PARAM_DIGEST)) != NULL) {
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
mdname = p->data;
|
|
}
|
|
}
|
|
if (ciphername == NULL) {
|
|
if ((p = OSSL_PARAM_locate_const(params,
|
|
OSSL_ALG_PARAM_CIPHER)) != NULL) {
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
ciphername = p->data;
|
|
}
|
|
}
|
|
|
|
if (mdname != NULL)
|
|
*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
|
|
(char *)mdname, 0);
|
|
if (ciphername != NULL)
|
|
*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
|
|
(char *)ciphername, 0);
|
|
if (properties != NULL)
|
|
*mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
|
|
(char *)properties, 0);
|
|
|
|
#if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODE)
|
|
if ((p = OSSL_PARAM_locate_const(params, "engine")) != NULL) {
|
|
if (p->data_type != OSSL_PARAM_UTF8_STRING)
|
|
return 0;
|
|
*mp++ = OSSL_PARAM_construct_utf8_string("engine",
|
|
p->data, p->data_size);
|
|
}
|
|
#endif
|
|
*mp = OSSL_PARAM_construct_end();
|
|
|
|
if (EVP_MAC_CTX_set_params(*macctx, mac_params))
|
|
return 1;
|
|
|
|
EVP_MAC_CTX_free(*macctx);
|
|
*macctx = NULL;
|
|
return 0;
|
|
}
|
|
|
|
void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in,
|
|
OSSL_ALGORITHM *out)
|
|
{
|
|
int i, j;
|
|
|
|
if (out[0].algorithm_names == NULL) {
|
|
for (i = j = 0; in[i].alg.algorithm_names != NULL; ++i) {
|
|
if (in[i].capable == NULL || in[i].capable())
|
|
out[j++] = in[i].alg;
|
|
}
|
|
out[j++] = in[i].alg;
|
|
}
|
|
}
|