]>
Commit | Line | Data |
---|---|---|
ac2d58c7 | 1 | /* |
3c2bdd7d | 2 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
ac2d58c7 MC |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * This implemments a dummy key manager for legacy KDFs that still support the | |
12 | * old way of performing a KDF via EVP_PKEY_derive(). New KDFs should not be | |
13 | * implemented this way. In reality there is no key data for such KDFs, so this | |
14 | * key manager does very little. | |
15 | */ | |
16 | ||
17 | #include <openssl/core_dispatch.h> | |
18 | #include <openssl/core_names.h> | |
19 | #include <openssl/err.h> | |
20 | #include "prov/implementations.h" | |
21 | #include "prov/providercommon.h" | |
22 | #include "prov/provider_ctx.h" | |
23 | #include "prov/kdfexchange.h" | |
24 | ||
25 | static OSSL_FUNC_keymgmt_new_fn kdf_newdata; | |
26 | static OSSL_FUNC_keymgmt_free_fn kdf_freedata; | |
27 | static OSSL_FUNC_keymgmt_has_fn kdf_has; | |
28 | ||
9500c823 | 29 | KDF_DATA *ossl_kdf_data_new(void *provctx) |
ac2d58c7 | 30 | { |
422cbcee | 31 | KDF_DATA *kdfdata; |
ac2d58c7 | 32 | |
422cbcee P |
33 | if (!ossl_prov_is_running()) |
34 | return NULL; | |
35 | ||
36 | kdfdata = OPENSSL_zalloc(sizeof(*kdfdata)); | |
ac2d58c7 MC |
37 | if (kdfdata == NULL) |
38 | return NULL; | |
39 | ||
40 | kdfdata->lock = CRYPTO_THREAD_lock_new(); | |
41 | if (kdfdata->lock == NULL) { | |
42 | OPENSSL_free(kdfdata); | |
43 | return NULL; | |
44 | } | |
a829b735 | 45 | kdfdata->libctx = PROV_LIBCTX_OF(provctx); |
ac2d58c7 MC |
46 | kdfdata->refcnt = 1; |
47 | ||
48 | return kdfdata; | |
49 | } | |
50 | ||
9500c823 | 51 | void ossl_kdf_data_free(KDF_DATA *kdfdata) |
ac2d58c7 MC |
52 | { |
53 | int ref = 0; | |
54 | ||
55 | if (kdfdata == NULL) | |
56 | return; | |
57 | ||
58 | CRYPTO_DOWN_REF(&kdfdata->refcnt, &ref, kdfdata->lock); | |
59 | if (ref > 0) | |
60 | return; | |
61 | ||
62 | CRYPTO_THREAD_lock_free(kdfdata->lock); | |
63 | OPENSSL_free(kdfdata); | |
64 | } | |
65 | ||
9500c823 | 66 | int ossl_kdf_data_up_ref(KDF_DATA *kdfdata) |
ac2d58c7 MC |
67 | { |
68 | int ref = 0; | |
69 | ||
422cbcee P |
70 | /* This is effectively doing a new operation on the KDF_DATA and should be |
71 | * adequately guarded again modules' error states. However, both current | |
72 | * calls here are guarded propery in exchange/kdf_exch.c. Thus, it | |
73 | * could be removed here. The concern is that something in the future | |
74 | * might call this function without adequate guards. It's a cheap call, | |
75 | * it seems best to leave it even though it is currently redundant. | |
76 | */ | |
77 | if (!ossl_prov_is_running()) | |
78 | return 0; | |
79 | ||
ac2d58c7 MC |
80 | CRYPTO_UP_REF(&kdfdata->refcnt, &ref, kdfdata->lock); |
81 | return 1; | |
82 | } | |
83 | ||
84 | static void *kdf_newdata(void *provctx) | |
85 | { | |
9500c823 | 86 | return ossl_kdf_data_new(provctx); |
ac2d58c7 MC |
87 | } |
88 | ||
89 | static void kdf_freedata(void *kdfdata) | |
90 | { | |
9500c823 | 91 | ossl_kdf_data_free(kdfdata); |
ac2d58c7 MC |
92 | } |
93 | ||
3d914185 | 94 | static int kdf_has(const void *keydata, int selection) |
ac2d58c7 | 95 | { |
9a485440 | 96 | return 1; /* nothing is missing */ |
ac2d58c7 MC |
97 | } |
98 | ||
1be63951 | 99 | const OSSL_DISPATCH ossl_kdf_keymgmt_functions[] = { |
ac2d58c7 MC |
100 | { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))kdf_newdata }, |
101 | { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))kdf_freedata }, | |
102 | { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))kdf_has }, | |
103 | { 0, NULL } | |
104 | }; |