From 8aa3781bfc7f21b9add1f7ad3f25c78670ec182a Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 11 Jan 2024 15:52:35 +0000 Subject: [PATCH] Move discovery of the legacy alg type into the keymgmt During creation of the EVP_PKEY_CTX we were trying to discover what legacy alg it corresponds to every time which was slow. Instead we move this into the construction of the EVP_KEYMGMT. Reviewed-by: Richard Levitte Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/23265) --- crypto/evp/evp_local.h | 2 ++ crypto/evp/keymgmt_meth.c | 29 +++++++++++++++++++++++++++++ crypto/evp/pmeth_lib.c | 20 +------------------- include/crypto/evp.h | 1 + 4 files changed, 33 insertions(+), 19 deletions(-) diff --git a/crypto/evp/evp_local.h b/crypto/evp/evp_local.h index 9e4059d703..35c302ff7b 100644 --- a/crypto/evp/evp_local.h +++ b/crypto/evp/evp_local.h @@ -95,6 +95,8 @@ struct evp_keymgmt_st { int id; /* libcrypto internal */ int name_id; + /* NID for the legacy alg if there is one */ + int legacy_alg; char *type_name; const char *description; OSSL_PROVIDER *prov; diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index 1d7031f33c..f8f74925f8 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -30,6 +30,26 @@ static void *keymgmt_new(void) return keymgmt; } +#ifndef FIPS_MODULE +static void help_get_legacy_alg_type_from_keymgmt(const char *keytype, + void *arg) +{ + int *type = arg; + + if (*type == NID_undef) + *type = evp_pkey_name2type(keytype); +} + +static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt) +{ + int type = NID_undef; + + EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt, + &type); + return type; +} +#endif + static void *keymgmt_from_algorithm(int name_id, const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov) @@ -218,6 +238,10 @@ static void *keymgmt_from_algorithm(int name_id, if (prov != NULL) ossl_provider_up_ref(prov); +#ifndef FIPS_MODULE + keymgmt->legacy_alg = get_legacy_alg_type_from_keymgmt(keymgmt); +#endif + return keymgmt; } @@ -275,6 +299,11 @@ int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt) return keymgmt->name_id; } +int evp_keymgmt_get_legacy_alg(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->legacy_alg; +} + const char *EVP_KEYMGMT_get0_description(const EVP_KEYMGMT *keymgmt) { return keymgmt->description; diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 268b1617e3..170f6ebcb0 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -133,24 +133,6 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; return pmeth; } - -static void help_get_legacy_alg_type_from_keymgmt(const char *keytype, - void *arg) -{ - int *type = arg; - - if (*type == NID_undef) - *type = evp_pkey_name2type(keytype); -} - -static int get_legacy_alg_type_from_keymgmt(const EVP_KEYMGMT *keymgmt) -{ - int type = NID_undef; - - EVP_KEYMGMT_names_do_all(keymgmt, help_get_legacy_alg_type_from_keymgmt, - &type); - return type; -} #endif /* FIPS_MODULE */ int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx) @@ -288,7 +270,7 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx, * directly. */ if (keymgmt != NULL) { - int tmp_id = get_legacy_alg_type_from_keymgmt(keymgmt); + int tmp_id = evp_keymgmt_get_legacy_alg(keymgmt); if (tmp_id != NID_undef) { if (id == -1) { diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 96133bf7f5..5e05385d9f 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -951,6 +951,7 @@ int evp_kdf_get_number(const EVP_KDF *kdf); int evp_kem_get_number(const EVP_KEM *wrap); int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch); int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); +int evp_keymgmt_get_legacy_alg(const EVP_KEYMGMT *keymgmt); int evp_mac_get_number(const EVP_MAC *mac); int evp_md_get_number(const EVP_MD *md); int evp_rand_get_number(const EVP_RAND *rand); -- 2.39.2