diff options
| author | Richard Levitte <levitte@openssl.org> | 2020-02-03 05:42:48 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2020-02-07 09:37:56 +0100 |
| commit | 68552cdef7631191e77315e0faeb42c6893cafe3 (patch) | |
| tree | b289807007316a0b0a8dfba53acc5f6fa8dbcc4e /crypto | |
| parent | bd2ff9e8674b34a7547a7fa75b81b6b36f60dbb8 (diff) | |
| download | openssl-68552cdef7631191e77315e0faeb42c6893cafe3.tar.gz | |
Reorganize the internal evp_keymgmt functions
Some of the evp_keymgmt_ functions are just wrappers around the
EVP_KEYMGMT function pointers. We move those from keymgmt_lib.c to
keymgmt_meth.c.
Other evp_keymgmt_ functions are utility functions to help the rest of
the EVP functions. Since their names are easily confused with the
functions that were moved to keymgmt_meth.c, we rename them so they
all start with evp_keymgmt_util_.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11006)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/exchange.c | 2 | ||||
| -rw-r--r-- | crypto/evp/keymgmt_lib.c | 173 | ||||
| -rw-r--r-- | crypto/evp/keymgmt_meth.c | 150 | ||||
| -rw-r--r-- | crypto/evp/p_lib.c | 4 | ||||
| -rw-r--r-- | crypto/evp/pmeth_gn.c | 4 |
5 files changed, 168 insertions, 165 deletions
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 1f87c59343..fa9367905f 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -293,7 +293,7 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) return -2; } - provkey = evp_keymgmt_export_to_provider(peer, ctx->keymgmt, 0); + provkey = evp_keymgmt_util_export_to_provider(peer, ctx->keymgmt, 0); /* If export failed, legacy may be able to pick it up */ if (provkey == NULL) goto legacy; diff --git a/crypto/evp/keymgmt_lib.c b/crypto/evp/keymgmt_lib.c index 6990c0cdaa..a63e5cd6bf 100644 --- a/crypto/evp/keymgmt_lib.c +++ b/crypto/evp/keymgmt_lib.c @@ -32,8 +32,8 @@ static int try_import(const OSSL_PARAM params[], void *arg) return data->provdata != NULL; } -void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, - int want_domainparams) +void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, + int want_domainparams) { void *provdata = NULL; size_t i, j; @@ -51,7 +51,7 @@ void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, return NULL; if (pk->ameth->dirty_cnt(pk) != pk->dirty_cnt_copy) - evp_keymgmt_clear_pkey_cache(pk); + evp_keymgmt_util_clear_pkey_cache(pk); } /* @@ -138,12 +138,12 @@ void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, if (!ossl_assert(i < OSSL_NELEM(pk->pkeys))) return NULL; - evp_keymgmt_cache_pkey(pk, i, keymgmt, provdata, want_domainparams); + evp_keymgmt_util_cache_pkey(pk, i, keymgmt, provdata, want_domainparams); return provdata; } -void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk) +void evp_keymgmt_util_clear_pkey_cache(EVP_PKEY *pk) { size_t i; @@ -169,8 +169,9 @@ void evp_keymgmt_clear_pkey_cache(EVP_PKEY *pk) } } -void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, - void *provdata, int domainparams) +void evp_keymgmt_util_cache_pkey(EVP_PKEY *pk, size_t index, + EVP_KEYMGMT *keymgmt, void *provdata, + int domainparams) { if (provdata != NULL) { EVP_KEYMGMT_up_ref(keymgmt); @@ -194,7 +195,8 @@ void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, params[0] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_BITS, &bits); params[1] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_SECURITY_BITS, &security_bits); - params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, &size); + params[2] = OSSL_PARAM_construct_int(OSSL_PKEY_PARAM_MAX_SIZE, + &size); params[3] = OSSL_PARAM_construct_end(); ok = domainparams ? evp_keymgmt_get_domparam_params(keymgmt, provdata, params) @@ -208,164 +210,15 @@ void evp_keymgmt_cache_pkey(EVP_PKEY *pk, size_t index, EVP_KEYMGMT *keymgmt, } } -void *evp_keymgmt_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, +void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, const OSSL_PARAM params[], int domainparams) { void *provdata = domainparams ? evp_keymgmt_importdomparams(keymgmt, params) : evp_keymgmt_importkey(keymgmt, params); - evp_keymgmt_clear_pkey_cache(target); - evp_keymgmt_cache_pkey(target, 0, keymgmt, provdata, domainparams); + evp_keymgmt_util_clear_pkey_cache(target); + evp_keymgmt_util_cache_pkey(target, 0, keymgmt, provdata, domainparams); return provdata; } - -/* internal functions */ -/* TODO(3.0) decide if these should be public or internal */ -void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->importdomparams(provctx, params); -} - -void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->gendomparams(provctx, params); -} - -void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt, - void *provdomparams) -{ - keymgmt->freedomparams(provdomparams); -} - -int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt, - void *provdomparams, - OSSL_CALLBACK *param_cb, void *cbarg) -{ - return keymgmt->exportdomparams(provdomparams, param_cb, cbarg); -} - -const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->importdomparam_types(); -} - -/* - * TODO(v3.0) investigate if we need this function. 'openssl provider' may - * be a caller... - */ -const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->exportdomparam_types(); -} - -int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt, - void *provdomparams, OSSL_PARAM params[]) -{ - if (keymgmt->get_domparam_params == NULL) - return 1; - return keymgmt->get_domparam_params(provdomparams, params); -} - -const OSSL_PARAM * -evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt) -{ - if (keymgmt->gettable_domparam_params == NULL) - return NULL; - return keymgmt->gettable_domparam_params(); -} - - -void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->importkey(provctx, params); -} - -void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams, - const OSSL_PARAM params[]) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->genkey(provctx, domparams, params); -} - -void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt, - void *id, size_t idlen) -{ - void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); - - return keymgmt->loadkey(provctx, id, idlen); -} - -void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - keymgmt->freekey(provkey); -} - -int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey, - OSSL_CALLBACK *param_cb, void *cbarg) -{ - return keymgmt->exportkey(provkey, param_cb, cbarg); -} - -const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->importkey_types(); -} - -/* - * TODO(v3.0) investigate if we need this function. 'openssl provider' may - * be a caller... - */ -const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt) -{ - return keymgmt->exportkey_types(); -} - -int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt, - void *provkey, OSSL_PARAM params[]) -{ - if (keymgmt->get_key_params == NULL) - return 1; - return keymgmt->get_key_params(provkey, params); -} - -const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt) -{ - if (keymgmt->gettable_key_params == NULL) - return NULL; - return keymgmt->gettable_key_params(); -} - -int evp_keymgmt_validate_domparams(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - /* if domainparams are not supported - then pass */ - if (keymgmt->validatedomparams == NULL) - return 1; - return keymgmt->validatedomparams(provkey); -} - -int evp_keymgmt_validate_public(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - return keymgmt->validatepublic(provkey); -} - -int evp_keymgmt_validate_private(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - return keymgmt->validateprivate(provkey); -} - -int evp_keymgmt_validate_pairwise(const EVP_KEYMGMT *keymgmt, void *provkey) -{ - return keymgmt->validatepairwise(provkey); -} diff --git a/crypto/evp/keymgmt_meth.c b/crypto/evp/keymgmt_meth.c index e9e7f89744..ca5c9e8050 100644 --- a/crypto/evp/keymgmt_meth.c +++ b/crypto/evp/keymgmt_meth.c @@ -280,3 +280,153 @@ void EVP_KEYMGMT_names_do_all(const EVP_KEYMGMT *keymgmt, if (keymgmt->prov != NULL) evp_names_do_all(keymgmt->prov, keymgmt->name_id, fn, data); } + +/* + * Internal API that interfaces with the method function pointers + */ +void *evp_keymgmt_importdomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->importdomparams(provctx, params); +} + +void *evp_keymgmt_gendomparams(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->gendomparams(provctx, params); +} + +void evp_keymgmt_freedomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams) +{ + keymgmt->freedomparams(provdomparams); +} + +int evp_keymgmt_exportdomparams(const EVP_KEYMGMT *keymgmt, + void *provdomparams, + OSSL_CALLBACK *param_cb, void *cbarg) +{ + return keymgmt->exportdomparams(provdomparams, param_cb, cbarg); +} + +const OSSL_PARAM *evp_keymgmt_importdomparam_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->importdomparam_types(); +} + +/* + * TODO(v3.0) investigate if we need this function. 'openssl provider' may + * be a caller... + */ +const OSSL_PARAM *evp_keymgmt_exportdomparam_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->exportdomparam_types(); +} + +int evp_keymgmt_get_domparam_params(const EVP_KEYMGMT *keymgmt, + void *provdomparams, OSSL_PARAM params[]) +{ + if (keymgmt->get_domparam_params == NULL) + return 1; + return keymgmt->get_domparam_params(provdomparams, params); +} + +const OSSL_PARAM * +evp_keymgmt_gettable_domparam_params(const EVP_KEYMGMT *keymgmt) +{ + if (keymgmt->gettable_domparam_params == NULL) + return NULL; + return keymgmt->gettable_domparam_params(); +} + + +void *evp_keymgmt_importkey(const EVP_KEYMGMT *keymgmt, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->importkey(provctx, params); +} + +void *evp_keymgmt_genkey(const EVP_KEYMGMT *keymgmt, void *domparams, + const OSSL_PARAM params[]) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->genkey(provctx, domparams, params); +} + +void *evp_keymgmt_loadkey(const EVP_KEYMGMT *keymgmt, + void *id, size_t idlen) +{ + void *provctx = ossl_provider_ctx(EVP_KEYMGMT_provider(keymgmt)); + + return keymgmt->loadkey(provctx, id, idlen); +} + +void evp_keymgmt_freekey(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + keymgmt->freekey(provkey); +} + +int evp_keymgmt_exportkey(const EVP_KEYMGMT *keymgmt, void *provkey, + OSSL_CALLBACK *param_cb, void *cbarg) +{ + return keymgmt->exportkey(provkey, param_cb, cbarg); +} + +const OSSL_PARAM *evp_keymgmt_importkey_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->importkey_types(); +} + +/* + * TODO(v3.0) investigate if we need this function. 'openssl provider' may + * be a caller... + */ +const OSSL_PARAM *evp_keymgmt_exportkey_types(const EVP_KEYMGMT *keymgmt) +{ + return keymgmt->exportkey_types(); +} + +int evp_keymgmt_get_key_params(const EVP_KEYMGMT *keymgmt, + void *provkey, OSSL_PARAM params[]) +{ + if (keymgmt->get_key_params == NULL) + return 1; + return keymgmt->get_key_params(provkey, params); +} + +const OSSL_PARAM *evp_keymgmt_gettable_key_params(const EVP_KEYMGMT *keymgmt) +{ + if (keymgmt->gettable_key_params == NULL) + return NULL; + return keymgmt->gettable_key_params(); +} + +int evp_keymgmt_validate_domparams(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + /* if domainparams are not supported - then pass */ + if (keymgmt->validatedomparams == NULL) + return 1; + return keymgmt->validatedomparams(provkey); +} + +int evp_keymgmt_validate_public(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + return keymgmt->validatepublic(provkey); +} + +int evp_keymgmt_validate_private(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + return keymgmt->validateprivate(provkey); +} + +int evp_keymgmt_validate_pairwise(const EVP_KEYMGMT *keymgmt, void *provkey) +{ + return keymgmt->validatepairwise(provkey); +} diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 0a3c86d63a..2c0ee83048 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -864,7 +864,7 @@ static void evp_pkey_free_it(EVP_PKEY *x) { /* internal function; x is never NULL */ - evp_keymgmt_clear_pkey_cache(x); + evp_keymgmt_util_clear_pkey_cache(x); if (x->ameth && x->ameth->pkey_free) { x->ameth->pkey_free(x); @@ -936,7 +936,7 @@ void *evp_pkey_make_provided(EVP_PKEY *pk, OPENSSL_CTX *libctx, if (tmp_keymgmt != NULL) provdata = - evp_keymgmt_export_to_provider(pk, tmp_keymgmt, domainparams); + evp_keymgmt_util_export_to_provider(pk, tmp_keymgmt, domainparams); /* * If nothing was exported, |tmp_keymgmt| might point at a freed diff --git a/crypto/evp/pmeth_gn.c b/crypto/evp/pmeth_gn.c index a093337e62..904b36e737 100644 --- a/crypto/evp/pmeth_gn.c +++ b/crypto/evp/pmeth_gn.c @@ -227,8 +227,8 @@ int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]) } provdata = - evp_keymgmt_fromdata(*ppkey, ctx->keymgmt, params, - ctx->operation == EVP_PKEY_OP_PARAMFROMDATA); + evp_keymgmt_util_fromdata(*ppkey, ctx->keymgmt, params, + ctx->operation == EVP_PKEY_OP_PARAMFROMDATA); if (provdata == NULL) return 0; |