]>
Commit | Line | Data |
---|---|---|
ac2d58c7 | 1 | /* |
da1c088f | 2 | * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. |
ac2d58c7 MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * This implemments a dummy key manager for legacy KDFs that still support the | |
12 | * old way of performing a KDF via EVP_PKEY_derive(). New KDFs should not be | |
13 | * implemented this way. In reality there is no key data for such KDFs, so this | |
14 | * key manager does very little. | |
15 | */ | |
16 | ||
17 | #include <openssl/core_dispatch.h> | |
18 | #include <openssl/core_names.h> | |
19 | #include <openssl/err.h> | |
20 | #include "prov/implementations.h" | |
21 | #include "prov/providercommon.h" | |
22 | #include "prov/provider_ctx.h" | |
23 | #include "prov/kdfexchange.h" | |
24 | ||
25 | static OSSL_FUNC_keymgmt_new_fn kdf_newdata; | |
26 | static OSSL_FUNC_keymgmt_free_fn kdf_freedata; | |
27 | static OSSL_FUNC_keymgmt_has_fn kdf_has; | |
28 | ||
9500c823 | 29 | KDF_DATA *ossl_kdf_data_new(void *provctx) |
ac2d58c7 | 30 | { |
422cbcee | 31 | KDF_DATA *kdfdata; |
ac2d58c7 | 32 | |
422cbcee P |
33 | if (!ossl_prov_is_running()) |
34 | return NULL; | |
35 | ||
36 | kdfdata = OPENSSL_zalloc(sizeof(*kdfdata)); | |
ac2d58c7 MC |
37 | if (kdfdata == NULL) |
38 | return NULL; | |
39 | ||
7599d17d | 40 | if (!CRYPTO_NEW_REF(&kdfdata->refcnt, 1)) { |
ac2d58c7 MC |
41 | OPENSSL_free(kdfdata); |
42 | return NULL; | |
43 | } | |
a829b735 | 44 | kdfdata->libctx = PROV_LIBCTX_OF(provctx); |
ac2d58c7 MC |
45 | |
46 | return kdfdata; | |
47 | } | |
48 | ||
9500c823 | 49 | void ossl_kdf_data_free(KDF_DATA *kdfdata) |
ac2d58c7 MC |
50 | { |
51 | int ref = 0; | |
52 | ||
53 | if (kdfdata == NULL) | |
54 | return; | |
55 | ||
7599d17d | 56 | CRYPTO_DOWN_REF(&kdfdata->refcnt, &ref); |
ac2d58c7 MC |
57 | if (ref > 0) |
58 | return; | |
59 | ||
7599d17d | 60 | CRYPTO_FREE_REF(&kdfdata->refcnt); |
ac2d58c7 MC |
61 | OPENSSL_free(kdfdata); |
62 | } | |
63 | ||
9500c823 | 64 | int ossl_kdf_data_up_ref(KDF_DATA *kdfdata) |
ac2d58c7 MC |
65 | { |
66 | int ref = 0; | |
67 | ||
422cbcee P |
68 | /* This is effectively doing a new operation on the KDF_DATA and should be |
69 | * adequately guarded again modules' error states. However, both current | |
e304aa87 | 70 | * calls here are guarded properly in exchange/kdf_exch.c. Thus, it |
422cbcee P |
71 | * could be removed here. The concern is that something in the future |
72 | * might call this function without adequate guards. It's a cheap call, | |
73 | * it seems best to leave it even though it is currently redundant. | |
74 | */ | |
75 | if (!ossl_prov_is_running()) | |
76 | return 0; | |
77 | ||
7599d17d | 78 | CRYPTO_UP_REF(&kdfdata->refcnt, &ref); |
ac2d58c7 MC |
79 | return 1; |
80 | } | |
81 | ||
82 | static void *kdf_newdata(void *provctx) | |
83 | { | |
9500c823 | 84 | return ossl_kdf_data_new(provctx); |
ac2d58c7 MC |
85 | } |
86 | ||
87 | static void kdf_freedata(void *kdfdata) | |
88 | { | |
9500c823 | 89 | ossl_kdf_data_free(kdfdata); |
ac2d58c7 MC |
90 | } |
91 | ||
3d914185 | 92 | static int kdf_has(const void *keydata, int selection) |
ac2d58c7 | 93 | { |
9a485440 | 94 | return 1; /* nothing is missing */ |
ac2d58c7 MC |
95 | } |
96 | ||
1be63951 | 97 | const OSSL_DISPATCH ossl_kdf_keymgmt_functions[] = { |
ac2d58c7 MC |
98 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))kdf_newdata }, |
99 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))kdf_freedata }, | |
100 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))kdf_has }, | |
1e6bd31e | 101 | OSSL_DISPATCH_END |
ac2d58c7 | 102 | }; |