]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/encode_decode/encoder_pkey.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / crypto / encode_decode / encoder_pkey.c
1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "e_os.h" /* strcasecmp on Windows */
11 #include <openssl/err.h>
12 #include <openssl/ui.h>
13 #include <openssl/params.h>
14 #include <openssl/encoder.h>
15 #include <openssl/core_names.h>
16 #include <openssl/provider.h>
17 #include <openssl/safestack.h>
18 #include <openssl/trace.h>
19 #include "internal/provider.h"
20 #include "internal/property.h"
21 #include "crypto/evp.h"
22 #include "encoder_local.h"
23
24 DEFINE_STACK_OF(OSSL_ENCODER)
25
26 int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
27 const char *cipher_name,
28 const char *propquery)
29 {
30 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
31
32 params[0] =
33 OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER,
34 (void *)cipher_name, 0);
35 params[1] =
36 OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES,
37 (void *)propquery, 0);
38
39 return OSSL_ENCODER_CTX_set_params(ctx, params);
40 }
41
42 int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
43 const unsigned char *kstr,
44 size_t klen)
45 {
46 return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
47 }
48
49 int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
50 const UI_METHOD *ui_method,
51 void *ui_data)
52 {
53 return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
54 }
55
56 int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
57 pem_password_cb *cb, void *cbarg)
58 {
59 return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
60 }
61
62 int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
63 OSSL_PASSPHRASE_CALLBACK *cb,
64 void *cbarg)
65 {
66 return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
67 }
68
69 /*
70 * Support for OSSL_ENCODER_CTX_new_for_type:
71 * finding a suitable encoder
72 */
73
74 struct collected_encoder_st {
75 STACK_OF(OPENSSL_CSTRING) *names;
76 const char *output_structure;
77 const char *output_type;
78
79 OSSL_ENCODER_CTX *ctx;
80
81 int error_occured;
82 };
83
84 static void collect_encoder(OSSL_ENCODER *encoder, void *arg)
85 {
86 struct collected_encoder_st *data = arg;
87 size_t i, end_i;
88
89 if (data->error_occured)
90 return;
91
92 data->error_occured = 1; /* Assume the worst */
93
94 if (data->names == NULL)
95 return;
96
97 end_i = sk_OPENSSL_CSTRING_num(data->names);
98 for (i = 0; i < end_i; i++) {
99 const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
100 const OSSL_PROVIDER *prov = OSSL_ENCODER_provider(encoder);
101 void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
102
103 if (!OSSL_ENCODER_is_a(encoder, name)
104 || (encoder->does_selection != NULL
105 && !encoder->does_selection(provctx, data->ctx->selection)))
106 continue;
107
108 /* Only add each encoder implementation once */
109 if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder))
110 break;
111 }
112
113 data->error_occured = 0; /* All is good now */
114 }
115
116 struct collected_names_st {
117 STACK_OF(OPENSSL_CSTRING) *names;
118 unsigned int error_occured:1;
119 };
120
121 static void collect_name(const char *name, void *arg)
122 {
123 struct collected_names_st *data = arg;
124
125 if (data->error_occured)
126 return;
127
128 data->error_occured = 1; /* Assume the worst */
129
130 if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
131 return;
132
133 data->error_occured = 0; /* All is good now */
134 }
135
136 /*
137 * Support for OSSL_ENCODER_to_bio:
138 * writing callback for the OSSL_PARAM (the implementation doesn't have
139 * intimate knowledge of the provider side object)
140 */
141
142 struct construct_data_st {
143 const EVP_PKEY *pk;
144 int selection;
145
146 OSSL_ENCODER_INSTANCE *encoder_inst;
147 const void *obj;
148 void *constructed_obj;
149 };
150
151 static int encoder_import_cb(const OSSL_PARAM params[], void *arg)
152 {
153 struct construct_data_st *construct_data = arg;
154 OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst;
155 OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
156 void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);
157
158 construct_data->constructed_obj =
159 encoder->import_object(encoderctx, construct_data->selection, params);
160
161 return (construct_data->constructed_obj != NULL);
162 }
163
164 static const void *
165 encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
166 {
167 struct construct_data_st *data = arg;
168
169 if (data->obj == NULL) {
170 OSSL_ENCODER *encoder =
171 OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
172 const EVP_PKEY *pk = data->pk;
173 const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_provider(pk->keymgmt);
174 const OSSL_PROVIDER *e_prov = OSSL_ENCODER_provider(encoder);
175
176 if (k_prov != e_prov) {
177 data->encoder_inst = encoder_inst;
178
179 if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection,
180 &encoder_import_cb, data))
181 return NULL;
182 data->obj = data->constructed_obj;
183 } else {
184 data->obj = pk->keydata;
185 }
186 }
187
188 return data->obj;
189 }
190
191 static void encoder_destruct_pkey(void *arg)
192 {
193 struct construct_data_st *data = arg;
194
195 if (data->encoder_inst != NULL) {
196 OSSL_ENCODER *encoder =
197 OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst);
198
199 encoder->free_object(data->constructed_obj);
200 }
201 data->constructed_obj = NULL;
202 }
203
204 /*
205 * OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if
206 * it couldn't find a suitable encoder. This allows a caller to detect if
207 * a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(),
208 * and to use fallback methods if the result is NULL.
209 */
210 static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
211 const EVP_PKEY *pkey,
212 int selection,
213 const char *propquery)
214 {
215 struct construct_data_st *data = NULL;
216 OSSL_LIB_CTX *libctx = NULL;
217 int ok = 0;
218
219 if (!ossl_assert(ctx != NULL) || !ossl_assert(pkey != NULL)) {
220 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
221 return 0;
222 }
223
224 if (evp_pkey_is_provided(pkey)) {
225 const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt);
226
227 libctx = ossl_provider_libctx(prov);
228 }
229
230 if (pkey->keymgmt != NULL) {
231 struct collected_encoder_st encoder_data;
232 struct collected_names_st keymgmt_data;
233
234 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
235 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
236 goto err;
237 }
238
239 /*
240 * Select the first encoder implementations in two steps.
241 * First, collect the keymgmt names, then the encoders that match.
242 */
243 keymgmt_data.names = sk_OPENSSL_CSTRING_new_null();
244 keymgmt_data.error_occured = 0;
245 EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data);
246 if (keymgmt_data.error_occured) {
247 sk_OPENSSL_CSTRING_free(keymgmt_data.names);
248 goto err;
249 }
250
251 encoder_data.names = keymgmt_data.names;
252 encoder_data.output_type = ctx->output_type;
253 encoder_data.output_structure = ctx->output_structure;
254 encoder_data.error_occured = 0;
255 encoder_data.ctx = ctx;
256 OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
257 sk_OPENSSL_CSTRING_free(keymgmt_data.names);
258 if (encoder_data.error_occured) {
259 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
260 goto err;
261 }
262 }
263
264 if (OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
265 if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey)
266 || !OSSL_ENCODER_CTX_set_construct_data(ctx, data)
267 || !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey))
268 goto err;
269
270 data->pk = pkey;
271 data->selection = selection;
272
273 data = NULL; /* Avoid it being freed */
274 }
275
276 ok = 1;
277 err:
278 if (data != NULL) {
279 OSSL_ENCODER_CTX_set_construct_data(ctx, NULL);
280 OPENSSL_free(data);
281 }
282 return ok;
283 }
284
285 OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey,
286 int selection,
287 const char *output_type,
288 const char *output_struct,
289 const char *propquery)
290 {
291 OSSL_ENCODER_CTX *ctx = NULL;
292 OSSL_LIB_CTX *libctx = NULL;
293
294 if (pkey == NULL) {
295 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
296 return NULL;
297 }
298
299 if (!evp_pkey_is_assigned(pkey)) {
300 ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT,
301 "The passed EVP_PKEY must be assigned a key");
302 return NULL;
303 }
304
305 if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) {
306 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
307 return NULL;
308 }
309
310 if (evp_pkey_is_provided(pkey)) {
311 const OSSL_PROVIDER *prov = EVP_KEYMGMT_provider(pkey->keymgmt);
312
313 libctx = ossl_provider_libctx(prov);
314 }
315
316 OSSL_TRACE_BEGIN(ENCODER) {
317 BIO_printf(trc_out,
318 "(ctx %p) Looking for %s encoders with selection %d\n",
319 (void *)ctx, EVP_PKEY_get0_first_alg_name(pkey), selection);
320 BIO_printf(trc_out, " output type: %s, output structure: %s\n",
321 output_type, output_struct);
322 } OSSL_TRACE_END(ENCODER);
323
324 if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type)
325 && (output_struct == NULL
326 || OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct))
327 && OSSL_ENCODER_CTX_set_selection(ctx, selection)
328 && ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
329 && OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
330 OSSL_TRACE_BEGIN(ENCODER) {
331 BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
332 (void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));
333 } OSSL_TRACE_END(ENCODER);
334 return ctx;
335 }
336
337 OSSL_ENCODER_CTX_free(ctx);
338 return NULL;
339 }
A mirror of the official openssl repository