]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/encode_decode/encoder_pkey.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Rename all getters to use get/get0 in name
[thirdparty/openssl.git] / crypto / encode_decode / encoder_pkey.c
CommitLineData
ece9304c 1/*
a28d06f3 2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
ece9304c
RL		 3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
b8975c68 10#include "e_os.h" /* strcasecmp on Windows */
ece9304c
RL		 11#include <openssl/err.h>
12#include <openssl/ui.h>
13#include <openssl/params.h>
14#include <openssl/encoder.h>
15#include <openssl/core_names.h>
b9a2afdf 16#include <openssl/provider.h>
ece9304c 17#include <openssl/safestack.h>
0b9f90f5 18#include <openssl/trace.h>
ece9304c
RL		 19#include "internal/provider.h"
20#include "internal/property.h"
21#include "crypto/evp.h"
22#include "encoder_local.h"
23
b8975c68
RL		 24DEFINE_STACK_OF(OSSL_ENCODER)
25
ece9304c
RL		 26int OSSL_ENCODER_CTX_set_cipher(OSSL_ENCODER_CTX *ctx,
27 const char *cipher_name,
28 const char *propquery)
29{
30 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END };
31
32 params[0] =
33 OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_CIPHER,
34 (void *)cipher_name, 0);
35 params[1] =
36 OSSL_PARAM_construct_utf8_string(OSSL_ENCODER_PARAM_PROPERTIES,
37 (void *)propquery, 0);
38
39 return OSSL_ENCODER_CTX_set_params(ctx, params);
40}
41
42int OSSL_ENCODER_CTX_set_passphrase(OSSL_ENCODER_CTX *ctx,
43 const unsigned char *kstr,
44 size_t klen)
45{
8ae40cf5 46 return ossl_pw_set_passphrase(&ctx->pwdata, kstr, klen);
ece9304c
RL		 47}
48
ece9304c
RL		 49int OSSL_ENCODER_CTX_set_passphrase_ui(OSSL_ENCODER_CTX *ctx,
50 const UI_METHOD *ui_method,
51 void *ui_data)
52{
a517edec 53 return ossl_pw_set_ui_method(&ctx->pwdata, ui_method, ui_data);
ece9304c
RL		 54}
55
b8975c68
RL		 56int OSSL_ENCODER_CTX_set_pem_password_cb(OSSL_ENCODER_CTX *ctx,
57 pem_password_cb *cb, void *cbarg)
ece9304c 58{
a517edec 59 return ossl_pw_set_pem_password_cb(&ctx->pwdata, cb, cbarg);
ece9304c
RL		 60}
61
b8975c68
RL		 62int OSSL_ENCODER_CTX_set_passphrase_cb(OSSL_ENCODER_CTX *ctx,
63 OSSL_PASSPHRASE_CALLBACK *cb,
64 void *cbarg)
65{
66 return ossl_pw_set_ossl_passphrase_cb(&ctx->pwdata, cb, cbarg);
67}
68
ece9304c 69/*
fe75766c 70 * Support for OSSL_ENCODER_CTX_new_for_type:
ece9304c
RL		 71 * finding a suitable encoder
72 */
73
b8975c68 74struct collected_encoder_st {
b9a2afdf
RL		 75 STACK_OF(OPENSSL_CSTRING) *names;
76 const char *output_structure;
b8975c68 77 const char *output_type;
b9a2afdf 78
021521aa 79 const OSSL_PROVIDER *keymgmt_prov;
b9a2afdf
RL		 80 OSSL_ENCODER_CTX *ctx;
81
e3a2ba75 82 int error_occurred;
b8975c68
RL		 83};
84
85static void collect_encoder(OSSL_ENCODER *encoder, void *arg)
86{
87 struct collected_encoder_st *data = arg;
b9a2afdf 88 size_t i, end_i;
b8975c68 89
e3a2ba75 90 if (data->error_occurred)
b8975c68
RL		 91 return;
92
e3a2ba75 93 data->error_occurred = 1; /* Assume the worst */
b9a2afdf
RL		 94
95 if (data->names == NULL)
b8975c68
RL		 96 return;
97
b9a2afdf
RL		 98 end_i = sk_OPENSSL_CSTRING_num(data->names);
99 for (i = 0; i < end_i; i++) {
100 const char *name = sk_OPENSSL_CSTRING_value(data->names, i);
ed576acd 101 const OSSL_PROVIDER *prov = OSSL_ENCODER_get0_provider(encoder);
b9a2afdf 102 void *provctx = OSSL_PROVIDER_get0_provider_ctx(prov);
b8975c68 103
b9a2afdf
RL		 104 if (!OSSL_ENCODER_is_a(encoder, name)
105 || (encoder->does_selection != NULL
021521aa
PG		 106 && !encoder->does_selection(provctx, data->ctx->selection))
107 || (data->keymgmt_prov != prov
108 && encoder->import_object == NULL))
b9a2afdf
RL		 109 continue;
110
111 /* Only add each encoder implementation once */
112 if (OSSL_ENCODER_CTX_add_encoder(data->ctx, encoder))
113 break;
b8975c68
RL		 114 }
115
e3a2ba75 116 data->error_occurred = 0; /* All is good now */
b8975c68
RL		 117}
118
119struct collected_names_st {
ece9304c 120 STACK_OF(OPENSSL_CSTRING) *names;
e3a2ba75 121 unsigned int error_occurred:1;
ece9304c
RL		 122};
123
b8975c68 124static void collect_name(const char *name, void *arg)
ece9304c 125{
b8975c68
RL		 126 struct collected_names_st *data = arg;
127
e3a2ba75 128 if (data->error_occurred)
b8975c68
RL		 129 return;
130
e3a2ba75 131 data->error_occurred = 1; /* Assume the worst */
ece9304c 132
b8975c68
RL		 133 if (sk_OPENSSL_CSTRING_push(data->names, name) <= 0)
134 return;
135
e3a2ba75 136 data->error_occurred = 0; /* All is good now */
ece9304c
RL		 137}
138
139/*
140 * Support for OSSL_ENCODER_to_bio:
141 * writing callback for the OSSL_PARAM (the implementation doesn't have
142 * intimate knowledge of the provider side object)
143 */
144
b8975c68
RL		 145struct construct_data_st {
146 const EVP_PKEY *pk;
147 int selection;
148
149 OSSL_ENCODER_INSTANCE *encoder_inst;
150 const void *obj;
151 void *constructed_obj;
ece9304c
RL		 152};
153
b8975c68 154static int encoder_import_cb(const OSSL_PARAM params[], void *arg)
ece9304c 155{
b8975c68
RL		 156 struct construct_data_st *construct_data = arg;
157 OSSL_ENCODER_INSTANCE *encoder_inst = construct_data->encoder_inst;
158 OSSL_ENCODER *encoder = OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
159 void *encoderctx = OSSL_ENCODER_INSTANCE_get_encoder_ctx(encoder_inst);
ece9304c 160
b8975c68
RL		 161 construct_data->constructed_obj =
162 encoder->import_object(encoderctx, construct_data->selection, params);
ece9304c 163
b8975c68
RL		 164 return (construct_data->constructed_obj != NULL);
165}
166
167static const void *
fe75766c 168encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
ece9304c 169{
b8975c68
RL		 170 struct construct_data_st *data = arg;
171
172 if (data->obj == NULL) {
173 OSSL_ENCODER *encoder =
174 OSSL_ENCODER_INSTANCE_get_encoder(encoder_inst);
175 const EVP_PKEY *pk = data->pk;
ed576acd
TM		 176 const OSSL_PROVIDER *k_prov = EVP_KEYMGMT_get0_provider(pk->keymgmt);
177 const OSSL_PROVIDER *e_prov = OSSL_ENCODER_get0_provider(encoder);
b8975c68
RL		 178
179 if (k_prov != e_prov) {
180 data->encoder_inst = encoder_inst;
181
182 if (!evp_keymgmt_export(pk->keymgmt, pk->keydata, data->selection,
183 &encoder_import_cb, data))
184 return NULL;
185 data->obj = data->constructed_obj;
186 } else {
187 data->obj = pk->keydata;
188 }
189 }
ece9304c 190
b8975c68
RL		 191 return data->obj;
192}
ece9304c 193
fe75766c 194static void encoder_destruct_pkey(void *arg)
b8975c68
RL		 195{
196 struct construct_data_st *data = arg;
ece9304c 197
b8975c68
RL		 198 if (data->encoder_inst != NULL) {
199 OSSL_ENCODER *encoder =
200 OSSL_ENCODER_INSTANCE_get_encoder(data->encoder_inst);
ece9304c 201
b8975c68 202 encoder->free_object(data->constructed_obj);
ece9304c 203 }
b8975c68 204 data->constructed_obj = NULL;
ece9304c
RL		 205}
206
207/*
fe75766c 208 * OSSL_ENCODER_CTX_new_for_pkey() returns a ctx with no encoder if
ece9304c 209 * it couldn't find a suitable encoder. This allows a caller to detect if
b8975c68 210 * a suitable encoder was found, with OSSL_ENCODER_CTX_get_num_encoder(),
ece9304c
RL		 211 * and to use fallback methods if the result is NULL.
212 */
fe75766c
TM		 213static int ossl_encoder_ctx_setup_for_pkey(OSSL_ENCODER_CTX *ctx,
214 const EVP_PKEY *pkey,
215 int selection,
216 const char *propquery)
ece9304c 217{
b8975c68 218 struct construct_data_st *data = NULL;
021521aa 219 const OSSL_PROVIDER *prov = NULL;
cbcbac64 220 OSSL_LIB_CTX *libctx = NULL;
b8975c68 221 int ok = 0;
ece9304c 222
b8975c68 223 if (!ossl_assert(ctx != NULL) || !ossl_assert(pkey != NULL)) {
ece9304c 224 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
b8975c68 225 return 0;
ece9304c
RL		 226 }
227
cbcbac64 228 if (evp_pkey_is_provided(pkey)) {
ed576acd 229 prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
cbcbac64
RL		 230 libctx = ossl_provider_libctx(prov);
231 }
232
b8975c68 233 if (pkey->keymgmt != NULL) {
b8975c68
RL		 234 struct collected_encoder_st encoder_data;
235 struct collected_names_st keymgmt_data;
ece9304c 236
b8975c68
RL		 237 if ((data = OPENSSL_zalloc(sizeof(*data))) == NULL) {
238 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
239 goto err;
240 }
241
ece9304c 242 /*
b9a2afdf
RL		 243 * Select the first encoder implementations in two steps.
244 * First, collect the keymgmt names, then the encoders that match.
ece9304c 245 */
b8975c68 246 keymgmt_data.names = sk_OPENSSL_CSTRING_new_null();
e3a2ba75 247 keymgmt_data.error_occurred = 0;
b8975c68 248 EVP_KEYMGMT_names_do_all(pkey->keymgmt, collect_name, &keymgmt_data);
e3a2ba75 249 if (keymgmt_data.error_occurred) {
b9a2afdf
RL		 250 sk_OPENSSL_CSTRING_free(keymgmt_data.names);
251 goto err;
ece9304c 252 }
b8975c68 253
b9a2afdf
RL		 254 encoder_data.names = keymgmt_data.names;
255 encoder_data.output_type = ctx->output_type;
256 encoder_data.output_structure = ctx->output_structure;
e3a2ba75 257 encoder_data.error_occurred = 0;
021521aa 258 encoder_data.keymgmt_prov = prov;
b9a2afdf
RL		 259 encoder_data.ctx = ctx;
260 OSSL_ENCODER_do_all_provided(libctx, collect_encoder, &encoder_data);
b8975c68 261 sk_OPENSSL_CSTRING_free(keymgmt_data.names);
e3a2ba75 262 if (encoder_data.error_occurred) {
b9a2afdf
RL		 263 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
264 goto err;
265 }
ece9304c
RL		 266 }
267
3c4c8dd8 268 if (data != NULL && OSSL_ENCODER_CTX_get_num_encoders(ctx) != 0) {
fe75766c 269 if (!OSSL_ENCODER_CTX_set_construct(ctx, encoder_construct_pkey)
b8975c68 270 || !OSSL_ENCODER_CTX_set_construct_data(ctx, data)
fe75766c 271 || !OSSL_ENCODER_CTX_set_cleanup(ctx, encoder_destruct_pkey))
b8975c68 272 goto err;
ece9304c 273
b8975c68
RL		 274 data->pk = pkey;
275 data->selection = selection;
276
277 data = NULL; /* Avoid it being freed */
ece9304c
RL		 278 }
279
b8975c68
RL		 280 ok = 1;
281 err:
282 if (data != NULL) {
283 OSSL_ENCODER_CTX_set_construct_data(ctx, NULL);
284 OPENSSL_free(data);
285 }
286 return ok;
ece9304c
RL		 287}
288
fe75766c
TM		 289OSSL_ENCODER_CTX *OSSL_ENCODER_CTX_new_for_pkey(const EVP_PKEY *pkey,
290 int selection,
291 const char *output_type,
292 const char *output_struct,
293 const char *propquery)
b8975c68
RL		 294{
295 OSSL_ENCODER_CTX *ctx = NULL;
cbcbac64
RL		 296 OSSL_LIB_CTX *libctx = NULL;
297
298 if (pkey == NULL) {
299 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_NULL_PARAMETER);
300 return NULL;
301 }
302
303 if (!evp_pkey_is_assigned(pkey)) {
304 ERR_raise_data(ERR_LIB_OSSL_ENCODER, ERR_R_PASSED_INVALID_ARGUMENT,
305 "The passed EVP_PKEY must be assigned a key");
306 return NULL;
307 }
b8975c68
RL		 308
309 if ((ctx = OSSL_ENCODER_CTX_new()) == NULL) {
310 ERR_raise(ERR_LIB_OSSL_ENCODER, ERR_R_MALLOC_FAILURE);
311 return NULL;
312 }
0b9f90f5 313
cbcbac64 314 if (evp_pkey_is_provided(pkey)) {
ed576acd 315 const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
cbcbac64
RL		 316
317 libctx = ossl_provider_libctx(prov);
318 }
319
0b9f90f5
RL		 320 OSSL_TRACE_BEGIN(ENCODER) {
321 BIO_printf(trc_out,
322 "(ctx %p) Looking for %s encoders with selection %d\n",
ddf0d149 323 (void *)ctx, EVP_PKEY_get0_type_name(pkey), selection);
0b9f90f5
RL		 324 BIO_printf(trc_out, " output type: %s, output structure: %s\n",
325 output_type, output_struct);
326 } OSSL_TRACE_END(ENCODER);
327
b8975c68 328 if (OSSL_ENCODER_CTX_set_output_type(ctx, output_type)
b9a2afdf
RL		 329 && (output_struct == NULL
330 || OSSL_ENCODER_CTX_set_output_structure(ctx, output_struct))
b8975c68 331 && OSSL_ENCODER_CTX_set_selection(ctx, selection)
fe75766c 332 && ossl_encoder_ctx_setup_for_pkey(ctx, pkey, selection, propquery)
0b9f90f5 333 && OSSL_ENCODER_CTX_add_extra(ctx, libctx, propquery)) {
78043fe8
TM		 334 OSSL_PARAM params[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
335 int save_parameters = pkey->save_parameters;
336
337 params[0] = OSSL_PARAM_construct_int(OSSL_ENCODER_PARAM_SAVE_PARAMETERS,
338 &save_parameters);
339 /* ignoring error as this is only auxiliary parameter */
340 (void)OSSL_ENCODER_CTX_set_params(ctx, params);
341
0b9f90f5
RL		 342 OSSL_TRACE_BEGIN(ENCODER) {
343 BIO_printf(trc_out, "(ctx %p) Got %d encoders\n",
344 (void *)ctx, OSSL_ENCODER_CTX_get_num_encoders(ctx));
345 } OSSL_TRACE_END(ENCODER);
b8975c68 346 return ctx;
0b9f90f5 347 }
b8975c68
RL		 348
349 OSSL_ENCODER_CTX_free(ctx);
350 return NULL;
351}
A mirror of the official openssl repository