encoder_pkey.c@ 107835

Last change on this file since 107835 was 104078, checked in by vboxsync, 11 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 13.4 KB

Line
1	/*
2	* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <openssl/err.h>
11	#include <openssl/ui.h>
12	#include <openssl/params.h>
13	#include <openssl/encoder.h>
14	#include <openssl/core_names.h>
15	#include <openssl/provider.h>
16	#include <openssl/safestack.h>
17	#include <openssl/trace.h>
18	#include "internal/provider.h"
19	#include "internal/property.h"
20	#include "internal/namemap.h"
21	#include "crypto/evp.h"
22	#include "encoder_local.h"
23
24	DEFINE_STACK_OF(OSSL_ENCODER)
25
26	int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
27	const char *cipher_name,
28	const char *propquery)
29	{
30	OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
31
32	params[0] =
33	OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER,
34	(void *)cipher_name, 0);
35	params[1] =
36	OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES,
37	(void *)propquery, 0);
38
39	return OSSL_ENCODER_CTX_set_params(ctx, params);
40	}
41
42	int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
43	const unsigned char *kstr,
44	size_t klen)
45	{
46	return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
47	}
48
49	int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
50	const UI_METHOD *ui_method,
51	void *ui_data)
52	{
53	return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
54	}
55
56	int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
57	pem_password_cb cb, void cbarg)
58	{
59	return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
60	}
61
62	int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
63	OSSL_PASSPHRASE_CALLBACK *cb,
64	void *cbarg)
65	{
66	return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
67	}
68
69	/*
70	* Support for OSSL_ENCODER_CTX_new_for_type:
71	* finding a suitable encoder
72	*/
73
74	struct collected_encoder_st {
75	STACK_OF(OPENSSL_CSTRING) *names;
76	int *id_names;
77	const char *output_structure;
78	const char *output_type;
79
80	const OSSL_PROVIDER *keymgmt_prov;
81	OSSL_ENCODER_CTX *ctx;
82	unsigned int flag_find_same_provider:1;
83
84	int error_occurred;
85	};
86
87	static void collect_encoder(OSSL_ENCODER encoder, void arg)
88	{
89	struct collected_encoder_st *data = arg;
90	const OSSL_PROVIDER *prov;
91
92	if (data->error_occurred)
93	return;
94
95	data->error_occurred = 1; /* Assume the worst */
96
97	prov = OSSL_ENCODER_get0_provider(encoder);
98	/*
99	* collect_encoder() is called in two passes, one where the encoders
100	* from the same provider as the keymgmt are looked up, and one where
101	* the other encoders are looked up. \|data->flag_find_same_provider\|
102	* tells us which pass we're in.
103	*/
104	if ((data->keymgmt_prov == prov) == data->flag_find_same_provider) {
105	void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
106	int i, end_i = sk_OPENSSL_CSTRING_num(data->names);
107	int match;
108
109	for (i = 0; i < end_i; i++) {
110	if (data->flag_find_same_provider)
111	match = (data->id_names[i] == encoder->base.id);
112	else
113	match = OSSL_ENCODER_is_a(encoder,
114	sk_OPENSSL_CSTRING_value(data->names, i));
115	if (!match
116	\|\| (encoder->does_selection != NULL
117	&& !encoder->does_selection(provctx, data->ctx->selection))
118	\|\| (data->keymgmt_prov != prov
119	&& encoder->import_object == NULL))
120	continue;
121
122	/* Only add each encoder implementation once */
123	if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder))
124	break;
125	}
126	}
127
128	data->error_occurred = 0; /* All is good now */
129	}
130
131	struct collected_names_st {
132	STACK_OF(OPENSSL_CSTRING) *names;
133	unsigned int error_occurred:1;
134	};
135
136	static void collect_name(const char name, void arg)
137	{
138	struct collected_names_st *data = arg;
139
140	if (data->error_occurred)
141	return;
142
143	data->error_occurred = 1; /* Assume the worst */
144
145	if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
146	return;
147
148	data->error_occurred = 0; /* All is good now */
149	}
150
151	/*
152	* Support for OSSL_ENCODER_to_bio:
153	* writing callback for the OSSL_PARAM (the implementation doesn't have
154	* intimate knowledge of the provider side object)
155	*/
156
157	struct construct_data_st {
158	const EVP_PKEY *pk;
159	int selection;
160
161	OSSL_ENCODER_INSTANCE *encoder_inst;
162	const void *obj;
163	void *constructed_obj;
164	};
165
166	static int encoder_import_cb(const OSSL_PARAM params[], void *arg)
167	{
168	struct construct_data_st *construct_data = arg;
169	OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst;
170	OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
171	void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);
172
173	construct_data->constructed_obj =
174	encoder->import_object(encoderctx, construct_data->selection, params);
175
176	return (construct_data->constructed_obj != NULL);
177	}
178
179	static const void *
180	encoder_construct_pkey(OSSL_ENCODER_INSTANCE encoder_inst, void arg)
181	{
182	struct construct_data_st *data = arg;
183
184	if (data->obj == NULL) {
185	OSSL_ENCODER *encoder =
186	OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
187	const EVP_PKEY *pk = data->pk;
188	const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt);
189	const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
190
191	if (k_prov != e_prov) {
192	data->encoder_inst = encoder_inst;
193
194	if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection,
195	&encoder_import_cb, data))
196	return NULL;
197	data->obj = data->constructed_obj;
198	} else {
199	data->obj = pk->keydata;
200	}
201	}
202
203	return data->obj;
204	}
205
206	static void encoder_destruct_pkey(void *arg)
207	{
208	struct construct_data_st *data = arg;
209
210	if (data->encoder_inst != NULL) {
211	OSSL_ENCODER *encoder =
212	OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst);
213
214	encoder->free_object(data->constructed_obj);
215	}
216	data->constructed_obj = NULL;
217	}
218
219	/*
220	* OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if
221	* it couldn't find a suitable encoder. This allows a caller to detect if
222	* a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(),
223	* and to use fallback methods if the result is NULL.
224	*/
225	static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
226	const EVP_PKEY *pkey,
227	int selection,
228	const char *propquery)
229	{
230	struct construct_data_st *data = NULL;
231	const OSSL_PROVIDER *prov = NULL;
232	OSSL_LIB_CTX *libctx = NULL;
233	int ok = 0, i, end;
234	OSSL_NAMEMAP *namemap;
235
236	if (!ossl_assert(ctx != NULL) \|\| !ossl_assert(pkey != NULL)) {
237	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
238	return 0;
239	}
240
241	if (evp_pkey_is_provided(pkey)) {
242	prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
243	libctx = ossl_provider_libctx(prov);
244	}
245
246	if (pkey->keymgmt != NULL) {
247	struct collected_encoder_st encoder_data;
248	struct collected_names_st keymgmt_data;
249
250	if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
251	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
252	goto err;
253	}
254
255	/*
256	* Select the first encoder implementations in two steps.
257	* First, collect the keymgmt names, then the encoders that match.
258	*/
259	keymgmt_data.names = sk_OPENSSL_CSTRING_new_null();
260	if (keymgmt_data.names == NULL) {
261	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
262	goto err;
263	}
264
265	keymgmt_data.error_occurred = 0;
266	EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data);
267	if (keymgmt_data.error_occurred) {
268	sk_OPENSSL_CSTRING_free(keymgmt_data.names);
269	goto err;
270	}
271
272	encoder_data.names = keymgmt_data.names;
273	encoder_data.output_type = ctx->output_type;
274	encoder_data.output_structure = ctx->output_structure;
275	encoder_data.error_occurred = 0;
276	encoder_data.keymgmt_prov = prov;
277	encoder_data.ctx = ctx;
278	encoder_data.id_names = NULL;
279
280	/*
281	* collect_encoder() is called many times, and for every call it converts all encoder_data.names
282	* into namemap ids if it calls OSSL_ENCODER_is_a(). We cache the ids here instead,
283	* and can use them for encoders with the same provider as the keymgmt.
284	*/
285	namemap = ossl_namemap_stored(libctx);
286	end = sk_OPENSSL_CSTRING_num(encoder_data.names);
287	if (end > 0) {
288	encoder_data.id_names = OPENSSL_malloc(end * sizeof(int));
289	if (encoder_data.id_names == NULL) {
290	sk_OPENSSL_CSTRING_free(keymgmt_data.names);
291	goto err;
292	}
293	for (i = 0; i < end; ++i) {
294	const char *name = sk_OPENSSL_CSTRING_value(keymgmt_data.names, i);
295
296	encoder_data.id_names[i] = ossl_namemap_name2num(namemap, name);
297	}
298	}
299	/*
300	* Place the encoders with the a different provider as the keymgmt
301	* last (the chain is processed in reverse order)
302	*/
303	encoder_data.flag_find_same_provider = 0;
304	OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
305
306	/*
307	* Place the encoders with the same provider as the keymgmt first
308	* (the chain is processed in reverse order)
309	*/
310	encoder_data.flag_find_same_provider = 1;
311	OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
312
313	OPENSSL_free(encoder_data.id_names);
314	sk_OPENSSL_CSTRING_free(keymgmt_data.names);
315	if (encoder_data.error_occurred) {
316	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
317	goto err;
318	}
319	}
320
321	if (data != NULL && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
322	if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey)
323	\|\| !OSSL_ENCODER_CTX_set_construct_data(ctx, data)
324	\|\| !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey))
325	goto err;
326
327	data->pk = pkey;
328	data->selection = selection;
329
330	data = NULL; /* Avoid it being freed */
331	}
332
333	ok = 1;
334	err:
335	if (data != NULL) {
336	OSSL_ENCODER_CTX_set_construct_data(ctx, NULL);
337	OPENSSL_free(data);
338	}
339	return ok;
340	}
341
342	OSSL_ENCODER_CTX OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY pkey,
343	int selection,
344	const char *output_type,
345	const char *output_struct,
346	const char *propquery)
347	{
348	OSSL_ENCODER_CTX *ctx = NULL;
349	OSSL_LIB_CTX *libctx = NULL;
350
351	if (pkey == NULL) {
352	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
353	return NULL;
354	}
355
356	if (!evp_pkey_is_assigned(pkey)) {
357	ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT,
358	"The passed EVP_PKEY must be assigned a key");
359	return NULL;
360	}
361
362	if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) {
363	ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
364	return NULL;
365	}
366
367	if (evp_pkey_is_provided(pkey)) {
368	const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
369
370	libctx = ossl_provider_libctx(prov);
371	}
372
373	OSSL_TRACE_BEGIN(ENCODER) {
374	BIO_printf(trc_out,
375	"(ctx %p) Looking for %s encoders with selection %d\n",
376	(void *)ctx, EVP_PKEY_get0_type_name(pkey), selection);
377	BIO_printf(trc_out, " output type: %s, output structure: %s\n",
378	output_type, output_struct);
379	} OSSL_TRACE_END(ENCODER);
380
381	if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type)
382	&& (output_struct == NULL
383	\|\| OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct))
384	&& OSSL_ENCODER_CTX_set_selection(ctx, selection)
385	&& ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
386	&& OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
387	OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
388	int save_parameters = pkey->save_parameters;
389
390	params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS,
391	&save_parameters);
392	/* ignoring error as this is only auxiliary parameter */
393	(void)OSSL_ENCODER_CTX_set_params(ctx, params);
394
395	OSSL_TRACE_BEGIN(ENCODER) {
396	BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
397	(void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));
398	} OSSL_TRACE_END(ENCODER);
399	return ctx;
400	}
401
402	OSSL_ENCODER_CTX_free(ctx);
403	return NULL;
404	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.7/crypto/encode_decode/encoder_pkey.c@ 107835

Download in other formats: