diff options
| author | Matt Caswell <matt@openssl.org> | 2021-06-09 15:05:26 +0200 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2021-06-16 07:04:50 +0200 |
| commit | 97abae6a9d94c29314dc28f6d4d6a4171b9b0c38 (patch) | |
| tree | 60e25ae8e06844a09c462f3379905b2b77a5ac23 | |
| parent | doc: finish the provider child up call documentation (diff) | |
| download | openssl-97abae6a9d94c29314dc28f6d4d6a4171b9b0c38.tar.xz openssl-97abae6a9d94c29314dc28f6d4d6a4171b9b0c38.zip | |
Add various OBJ functions as callbacks
This enables providers to register new OIDs in the same libcrypto instance
as is used by the application.
Fixes #15624
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15681)
| -rw-r--r-- | crypto/provider_core.c | 37 | ||||
| -rw-r--r-- | include/openssl/core_dispatch.h | 13 |
2 files changed, 50 insertions, 0 deletions
diff --git a/crypto/provider_core.c b/crypto/provider_core.c index c6a8fa3f26..4c423a6bda 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -1543,6 +1543,8 @@ static OSSL_FUNC_core_vset_error_fn core_vset_error; static OSSL_FUNC_core_set_error_mark_fn core_set_error_mark; static OSSL_FUNC_core_clear_last_error_mark_fn core_clear_last_error_mark; static OSSL_FUNC_core_pop_error_to_mark_fn core_pop_error_to_mark; +static OSSL_FUNC_core_obj_add_sigid_fn core_obj_add_sigid; +static OSSL_FUNC_core_obj_create_fn core_obj_create; #endif static const OSSL_PARAM *core_gettable_params(const OSSL_CORE_HANDLE *handle) @@ -1673,6 +1675,39 @@ static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle) { return ERR_pop_to_mark(); } + +static int core_obj_add_sigid(const OSSL_CORE_HANDLE *prov, + const char *sign_name, const char *digest_name, + const char *pkey_name) +{ + int sign_nid = OBJ_txt2nid(sign_name); + int digest_nid = OBJ_txt2nid(digest_name); + int pkey_nid = OBJ_txt2nid(pkey_name); + + if (sign_nid == NID_undef) + return 0; + + /* + * Check if it already exists. This is a success if so (even if we don't + * have nids for the digest/pkey) + */ + if (OBJ_find_sigid_algs(sign_nid, NULL, NULL)) + return 1; + + if (digest_nid == NID_undef + || pkey_nid == NID_undef) + return 0; + + return OBJ_add_sigid(sign_nid, digest_nid, pkey_nid); +} + +static int core_obj_create(const OSSL_CORE_HANDLE *prov, const char *oid, + const char *sn, const char *ln) +{ + /* Check if it already exists and create it if not */ + return OBJ_txt2nid(oid) != NID_undef + || OBJ_create(oid, sn, ln) != NID_undef; +} #endif /* FIPS_MODULE */ /* @@ -1737,6 +1772,8 @@ static const OSSL_DISPATCH core_dispatch_[] = { (void (*)(void))provider_up_ref_intern }, { OSSL_FUNC_PROVIDER_FREE, (void (*)(void))provider_free_intern }, + { OSSL_FUNC_CORE_OBJ_ADD_SIGID, (void (*)(void))core_obj_add_sigid }, + { OSSL_FUNC_CORE_OBJ_CREATE, (void (*)(void))core_obj_create }, #endif { 0, NULL } }; diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index 2a46c10123..99fcda0020 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -91,6 +91,19 @@ OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark, # define OSSL_FUNC_CORE_POP_ERROR_TO_MARK 10 OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_CORE_HANDLE *prov)) + +/* Functions to access the OBJ database */ + +#define OSSL_FUNC_CORE_OBJ_ADD_SIGID 11 +#define OSSL_FUNC_CORE_OBJ_CREATE 12 + +OSSL_CORE_MAKE_FUNC(int, core_obj_add_sigid, + (const OSSL_CORE_HANDLE *prov, const char *sign_name, + const char *digest_name, const char *pkey_name)) +OSSL_CORE_MAKE_FUNC(int, core_obj_create, + (const OSSL_CORE_HANDLE *prov, const char *oid, + const char *sn, const char *ln)) + /* Memory allocation, freeing, clearing. */ #define OSSL_FUNC_CRYPTO_MALLOC 20 OSSL_CORE_MAKE_FUNC(void *, |