From 68552cdef7631191e77315e0faeb42c6893cafe3 Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Mon, 3 Feb 2020 05:42:48 +0100 Subject: [PATCH] Reorganize the internal evp_keymgmt functions Some of the evp_keymgmt_ functions are just wrappers around the EVP_KEYMGMT function pointers. We move those from keymgmt_lib.c to keymgmt_meth.c. Other evp_keymgmt_ functions are utility functions to help the rest of the EVP functions. Since their names are easily confused with the functions that were moved to keymgmt_meth.c, we rename them so they all start with evp_keymgmt_util_. Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/11006) --- crypto/evp/exchange.c | 2 +- crypto/evp/keymgmt_lib.c | 173 +++-------------------------------- crypto/evp/keymgmt_meth.c | 150 ++++++++++++++++++++++++++++++ crypto/evp/p_lib.c | 4 +- crypto/evp/pmeth_gn.c | 4 +- include/crypto/evp.h | 23 +++-- test/keymgmt_internal_test.c | 5 +- 7 files changed, 185 insertions(+), 176 deletions(-) diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 1f87c593437c9..fa9367905fc0c 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -293,7 +293,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return -2; } - provkey = evp_keymgmt_export_to_provider(peer, ctx->keymgmt, 0); + provkey = evp_keymgmt_util_export_to_provider(peer, ctx->keymgmt, 0); /* If export failed, legacy may be able to pick it up */ if (provkey == NULL) goto legacy; diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 6990c0cdaa07a..a63e5cd6bf80b 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -32,8 +32,8 @@ static int try_import(const OSSL_PARAM params[], void *arg) return data->provdata != NULL; } -void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, - int want_domainparams) +void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int want_domainparams) { void *provdata = NULL; size_t i, j; @@ -51,7 +51,7 @@ void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, return NULL; if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy) - evp_keymgmt_clear_pkey_cache(pk); + evp_keymgmt_util_clear_pkey_cache(pk); } /* @@ -138,12 +138,12 @@ void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, if (!ossl_assert(i < OSSL_NELEM(pk->pkeys))) return NULL; - evp_keymgmt_cache_pkey(pk, i, keymgmt, provdata, want_domainparams); + evp_keymgmt_util_cache_pkey(pk, i, keymgmt, provdata, want_domainparams); return provdata; } -void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk) +void evp_keymgmt_util_clear_pkey_cache(EVP_PKEY *pk) { size_t i; @@ -169,8 +169,9 @@ void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk) } } -void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, - void *provdata, int domainparams) +void evp_keymgmt_util_cache_pkey(EVP_PKEY *pk, size_t index, + EVP_KEYMGMT *keymgmt, void *provdata, + int domainparams) { if (provdata != NULL) { EVP_KEYMGMT_up_ref(keymgmt); @@ -194,7 +195,8 @@ void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits); params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS, &security_bits); - params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size); + params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, + &size); params[3] = OSSL_PARAM_construct_end(); ok = domainparams ? evp_keymgmt_get_domparam_params(keymgmt, provdata, params) @@ -208,164 +210,15 @@ void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, } } -void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, +void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[], int domainparams) { void *provdata = domainparams ? evp_keymgmt_importdomparams(keymgmt, params) : evp_keymgmt_importkey(keymgmt, params); - evp_keymgmt_clear_pkey_cache(target); - evp_keymgmt_cache_pkey(target, 0, keymgmt, provdata, domainparams); + evp_keymgmt_util_clear_pkey_cache(target); + evp_keymgmt_util_cache_pkey(target, 0, keymgmt, provdata, domainparams); return provdata; } - -/* internal functions */ -/* TODO(3.0) decide if these should be public or internal */ -void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->importdomparams(provctx, params); -} - -void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->gendomparams(provctx, params); -} - -void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt, - void *provdomparams) -{ - keymgmt->freedomparams(provdomparams); -} - -int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt, - void *provdomparams, - OSSL_CALLBACK *param_cb, void *cbarg) -{ - return keymgmt->exportdomparams(provdomparams, param_cb, cbarg); -} - -const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->importdomparam_types(); -} - -/* - * TODO(v3.0) investigate if we need this function. 'openssl provider' may - * be a caller... - */ -const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->exportdomparam_types(); -} - -int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt, - void *provdomparams, OSSL_PARAM params[]) -{ - if (keymgmt->get_domparam_params == NULL) - return 1; - return keymgmt->get_domparam_params(provdomparams, params); -} - -const OSSL_PARAM * -evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt) -{ - if (keymgmt->gettable_domparam_params == NULL) - return NULL; - return keymgmt->gettable_domparam_params(); -} - - -void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->importkey(provctx, params); -} - -void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->genkey(provctx, domparams, params); -} - -void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt, - void *id, size_t idlen) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->loadkey(provctx, id, idlen); -} - -void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - keymgmt->freekey(provkey); -} - -int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey, - OSSL_CALLBACK *param_cb, void *cbarg) -{ - return keymgmt->exportkey(provkey, param_cb, cbarg); -} - -const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->importkey_types(); -} - -/* - * TODO(v3.0) investigate if we need this function. 'openssl provider' may - * be a caller... - */ -const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->exportkey_types(); -} - -int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt, - void *provkey, OSSL_PARAM params[]) -{ - if (keymgmt->get_key_params == NULL) - return 1; - return keymgmt->get_key_params(provkey, params); -} - -const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt) -{ - if (keymgmt->gettable_key_params == NULL) - return NULL; - return keymgmt->gettable_key_params(); -} - -int evp_keymgmt_validate_domparams(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - /* if domainparams are not supported - then pass */ - if (keymgmt->validatedomparams == NULL) - return 1; - return keymgmt->validatedomparams(provkey); -} - -int evp_keymgmt_validate_public(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - return keymgmt->validatepublic(provkey); -} - -int evp_keymgmt_validate_private(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - return keymgmt->validateprivate(provkey); -} - -int evp_keymgmt_validate_pairwise(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - return keymgmt->validatepairwise(provkey); -} diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index e9e7f89744f57..ca5c9e80501d1 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -280,3 +280,153 @@ void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, if (keymgmt->prov != NULL) evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data); } + +/* + * Internal API that interfaces with the method function pointers + */ +void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->importdomparams(provctx, params); +} + +void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->gendomparams(provctx, params); +} + +void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams) +{ + keymgmt->freedomparams(provdomparams); +} + +int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams, + OSSL_CALLBACK *param_cb, void *cbarg) +{ + return keymgmt->exportdomparams(provdomparams, param_cb, cbarg); +} + +const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->importdomparam_types(); +} + +/* + * TODO(v3.0) investigate if we need this function. 'openssl provider' may + * be a caller... + */ +const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->exportdomparam_types(); +} + +int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt, + void *provdomparams, OSSL_PARAM params[]) +{ + if (keymgmt->get_domparam_params == NULL) + return 1; + return keymgmt->get_domparam_params(provdomparams, params); +} + +const OSSL_PARAM * +evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt) +{ + if (keymgmt->gettable_domparam_params == NULL) + return NULL; + return keymgmt->gettable_domparam_params(); +} + + +void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->importkey(provctx, params); +} + +void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->genkey(provctx, domparams, params); +} + +void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt, + void *id, size_t idlen) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->loadkey(provctx, id, idlen); +} + +void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + keymgmt->freekey(provkey); +} + +int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey, + OSSL_CALLBACK *param_cb, void *cbarg) +{ + return keymgmt->exportkey(provkey, param_cb, cbarg); +} + +const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->importkey_types(); +} + +/* + * TODO(v3.0) investigate if we need this function. 'openssl provider' may + * be a caller... + */ +const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->exportkey_types(); +} + +int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt, + void *provkey, OSSL_PARAM params[]) +{ + if (keymgmt->get_key_params == NULL) + return 1; + return keymgmt->get_key_params(provkey, params); +} + +const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt) +{ + if (keymgmt->gettable_key_params == NULL) + return NULL; + return keymgmt->gettable_key_params(); +} + +int evp_keymgmt_validate_domparams(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + /* if domainparams are not supported - then pass */ + if (keymgmt->validatedomparams == NULL) + return 1; + return keymgmt->validatedomparams(provkey); +} + +int evp_keymgmt_validate_public(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + return keymgmt->validatepublic(provkey); +} + +int evp_keymgmt_validate_private(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + return keymgmt->validateprivate(provkey); +} + +int evp_keymgmt_validate_pairwise(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + return keymgmt->validatepairwise(provkey); +} diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 0a3c86d63a654..2c0ee83048179 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -864,7 +864,7 @@ static void evp_pkey_free_it(EVP_PKEY *x) { /* internal function; x is never NULL */ - evp_keymgmt_clear_pkey_cache(x); + evp_keymgmt_util_clear_pkey_cache(x); if (x->ameth && x->ameth->pkey_free) { x->ameth->pkey_free(x); @@ -936,7 +936,7 @@ void *evp_pkey_make_provided(EVP_PKEY *pk, OPENSSL_CTX *libctx, if (tmp_keymgmt != NULL) provdata = - evp_keymgmt_export_to_provider(pk, tmp_keymgmt, domainparams); + evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt, domainparams); /* * If nothing was exported, |tmp_keymgmt| might point at a freed diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index a093337e62462..904b36e737a9e 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -227,8 +227,8 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]) } provdata = - evp_keymgmt_fromdata(*ppkey, ctx->keymgmt, params, - ctx->operation == EVP_PKEY_OP_PARAMFROMDATA); + evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, params, + ctx->operation == EVP_PKEY_OP_PARAMFROMDATA); if (provdata == NULL) return 0; diff --git a/include/crypto/evp.h b/include/crypto/evp.h index 5d6f70be78aac..cafb465ed9a7f 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -593,17 +593,22 @@ void openssl_add_all_digests_int(void); void evp_cleanup_int(void); void evp_app_cleanup_int(void); -/* KEYMGMT helper functions */ -void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, - int domainparams); -void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk); -void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, - void *provdata, int domainparams); -void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, - const OSSL_PARAM params[], int domainparams); +/* + * KEYMGMT utility functions + */ +void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int domainparams); +void evp_keymgmt_util_clear_pkey_cache(EVP_PKEY *pk); +void evp_keymgmt_util_cache_pkey(EVP_PKEY *pk, size_t index, + EVP_KEYMGMT *keymgmt, void *provdata, + int domainparams); +void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[], int domainparams); -/* KEYMGMT provider interface functions */ +/* + * KEYMGMT provider interface functions + */ void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[]); void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, diff --git a/test/keymgmt_internal_test.c b/test/keymgmt_internal_test.c index e621412390cc1..ccb5f7f9b58bc 100644 --- a/test/keymgmt_internal_test.c +++ b/test/keymgmt_internal_test.c @@ -207,8 +207,9 @@ static int test_pass_rsa(FIXTURE *fixture) || !TEST_ptr_ne(km1, km2)) goto err; - if (!TEST_ptr(evp_keymgmt_export_to_provider(pk, km1, 0)) - || !TEST_ptr(provdata = evp_keymgmt_export_to_provider(pk, km2, 0))) + if (!TEST_ptr(evp_keymgmt_util_export_to_provider(pk, km1, 0)) + || !TEST_ptr(provdata = + evp_keymgmt_util_export_to_provider(pk, km2, 0))) goto err; if (!TEST_true(evp_keymgmt_exportkey(km2, provdata, &export_cb, keydata)))