summaryrefslogtreecommitdiffstats
path: root/providers
diff options
context:
space:
mode:
authorPauli <paul.dale@oracle.com>2020-06-11 01:08:01 +0200
committerPauli <paul.dale@oracle.com>2020-07-30 12:15:22 +0200
commitdfc0857d8191d43be320f4ba472b7c782248a35d (patch)
tree1fc044e3ce75b9f8518461c157f7430725a6ad85 /providers
parentunify spelling of serialize (diff)
downloadopenssl-dfc0857d8191d43be320f4ba472b7c782248a35d.tar.xz
openssl-dfc0857d8191d43be320f4ba472b7c782248a35d.zip
serialisation: Add a built-in base provider.
Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in the default provider. Add additional code to the list command to display what kind of serialisation each entry is capable of. Having the FIPS provider auto load the base provider is a future (but necessary) enhancement. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)
Diffstat (limited to 'providers')
-rw-r--r--providers/baseprov.c153
-rw-r--r--providers/build.info10
-rw-r--r--providers/defltprov.c150
-rw-r--r--providers/serializers.inc102
4 files changed, 271 insertions, 144 deletions
diff --git a/providers/baseprov.c b/providers/baseprov.c
new file mode 100644
index 0000000000..d40535bafa
--- /dev/null
+++ b/providers/baseprov.c
@@ -0,0 +1,153 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/opensslconf.h>
+#include <openssl/core.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include "prov/bio.h"
+#include "prov/provider_ctx.h"
+#include "prov/providercommon.h"
+#include "prov/implementations.h"
+#include "prov/provider_util.h"
+#include "internal/nelem.h"
+
+/*
+ * Forward declarations to ensure that interface functions are correctly
+ * defined.
+ */
+static OSSL_FUNC_provider_gettable_params_fn base_gettable_params;
+static OSSL_FUNC_provider_get_params_fn base_get_params;
+static OSSL_FUNC_provider_query_operation_fn base_query;
+
+/* Functions provided by the core */
+static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL;
+static OSSL_FUNC_core_get_params_fn *c_get_params = NULL;
+
+/* Parameters we provide to the core */
+static const OSSL_PARAM base_param_types[] = {
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0),
+ OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0),
+ OSSL_PARAM_END
+};
+
+static const OSSL_PARAM *base_gettable_params(void *provctx)
+{
+ return base_param_types;
+}
+
+static int base_get_params(void *provctx, OSSL_PARAM params[])
+{
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
+ if (p != NULL
+ && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Base Provider"))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
+ return 0;
+
+ return 1;
+}
+
+static const OSSL_ALGORITHM base_serializer[] = {
+#define SER(name, fips, format, type, func_table) \
+ { name, \
+ "provider=base,fips=" fips ",format=" format ",type=" type, \
+ (func_table) }
+
+#include "serializers.inc"
+ { NULL, NULL, NULL }
+};
+#undef SER
+
+static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id,
+ int *no_cache)
+{
+ *no_cache = 0;
+ return operation_id == OSSL_OP_SERIALIZER ? base_serializer : NULL;
+}
+
+static void base_teardown(void *provctx)
+{
+ BIO_meth_free(PROV_CTX_get0_core_bio_method(provctx));
+ PROV_CTX_free(provctx);
+}
+
+/* Functions we provide to the core */
+static const OSSL_DISPATCH base_dispatch_table[] = {
+ { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))base_teardown },
+ { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS,
+ (void (*)(void))base_gettable_params },
+ { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))base_get_params },
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))base_query },
+ { 0, NULL }
+};
+
+OSSL_provider_init_fn ossl_base_provider_init;
+
+int ossl_base_provider_init(const OSSL_CORE_HANDLE *handle,
+ const OSSL_DISPATCH *in, const OSSL_DISPATCH **out,
+ void **provctx)
+{
+ OSSL_FUNC_core_get_library_context_fn *c_get_libctx = NULL;
+ BIO_METHOD *corebiometh;
+
+ if (!ossl_prov_bio_from_dispatch(in))
+ return 0;
+ for (; in->function_id != 0; in++) {
+ switch (in->function_id) {
+ case OSSL_FUNC_CORE_GETTABLE_PARAMS:
+ c_gettable_params = OSSL_FUNC_core_gettable_params(in);
+ break;
+ case OSSL_FUNC_CORE_GET_PARAMS:
+ c_get_params = OSSL_FUNC_core_get_params(in);
+ break;
+ case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
+ c_get_libctx = OSSL_FUNC_core_get_library_context(in);
+ break;
+ default:
+ /* Just ignore anything we don't understand */
+ break;
+ }
+ }
+
+ if (c_get_libctx == NULL)
+ return 0;
+
+ /*
+ * We want to make sure that all calls from this provider that requires
+ * a library context use the same context as the one used to call our
+ * functions. We do that by passing it along in the provider context.
+ *
+ * This only works for built-in providers. Most providers should
+ * create their own library context.
+ */
+ if ((*provctx = PROV_CTX_new()) == NULL
+ || (corebiometh = bio_prov_init_bio_method()) == NULL) {
+ PROV_CTX_free(*provctx);
+ *provctx = NULL;
+ return 0;
+ }
+ PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle));
+ PROV_CTX_set0_handle(*provctx, handle);
+ PROV_CTX_set0_core_bio_method(*provctx, corebiometh);
+
+ *out = base_dispatch_table;
+
+ return 1;
+}
diff --git a/providers/build.info b/providers/build.info
index b1bb966b70..8d82d3f911 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -109,6 +109,16 @@ INCLUDE[$DEFAULTGOAL]=implementations/include
LIBS=$DEFAULTGOAL
#
+# Base provider stuff
+#
+# Because the base provider is built in, it means that libcrypto
+# must include all of the object files that are needed.
+$BASEGOAL=../libcrypto
+SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS
+SOURCE[$BASEGOAL]=baseprov.c
+INCLUDE[$BASEGOAL]=implementations/include
+
+#
# FIPS provider stuff
#
# We define it this way to ensure that configdata.pm will have all the
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 466b7908a1..fa6e18fdca 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -385,154 +385,16 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = {
{ NULL, NULL, NULL }
};
-/*
- * Unlike most algorithms in the default provider, the serializers are allowed
- * for use in FIPS mode because they are not FIPS relevant, and therefore have
- * the "fips=yes" property.
- */
static const OSSL_ALGORITHM deflt_serializer[] = {
- { "RSA", "provider=default,fips=yes,format=text,type=private",
- rsa_priv_text_serializer_functions },
- { "RSA", "provider=default,fips=yes,format=text,type=public",
- rsa_pub_text_serializer_functions },
- { "RSA", "provider=default,fips=yes,format=der,type=private",
- rsa_priv_der_serializer_functions },
- { "RSA", "provider=default,fips=yes,format=der,type=public",
- rsa_pub_der_serializer_functions },
- { "RSA", "provider=default,fips=yes,format=pem,type=private",
- rsa_priv_pem_serializer_functions },
- { "RSA", "provider=default,fips=yes,format=pem,type=public",
- rsa_pub_pem_serializer_functions },
- { "RSA-PSS", "provider=default,fips=yes,format=text,type=private",
- rsa_priv_text_serializer_functions },
- { "RSA-PSS", "provider=default,fips=yes,format=text,type=public",
- rsa_pub_text_serializer_functions },
- { "RSA-PSS", "provider=default,fips=yes,format=der,type=private",
- rsa_priv_der_serializer_functions },
- { "RSA-PSS", "provider=default,fips=yes,format=der,type=public",
- rsa_pub_der_serializer_functions },
- { "RSA-PSS", "provider=default,fips=yes,format=pem,type=private",
- rsa_priv_pem_serializer_functions },
- { "RSA-PSS", "provider=default,fips=yes,format=pem,type=public",
- rsa_pub_pem_serializer_functions },
-
-#ifndef OPENSSL_NO_DH
- { "DH", "provider=default,fips=yes,format=text,type=private",
- dh_priv_text_serializer_functions },
- { "DH", "provider=default,fips=yes,format=text,type=public",
- dh_pub_text_serializer_functions },
- { "DH", "provider=default,fips=yes,format=text,type=parameters",
- dh_param_text_serializer_functions },
- { "DH", "provider=default,fips=yes,format=der,type=private",
- dh_priv_der_serializer_functions },
- { "DH", "provider=default,fips=yes,format=der,type=public",
- dh_pub_der_serializer_functions },
- { "DH", "provider=default,fips=yes,format=der,type=parameters",
- dh_param_der_serializer_functions },
- { "DH", "provider=default,fips=yes,format=pem,type=private",
- dh_priv_pem_serializer_functions },
- { "DH", "provider=default,fips=yes,format=pem,type=public",
- dh_pub_pem_serializer_functions },
- { "DH", "provider=default,fips=yes,format=pem,type=parameters",
- dh_param_pem_serializer_functions },
-#endif
-
-#ifndef OPENSSL_NO_DSA
- { "DSA", "provider=default,fips=yes,format=text,type=private",
- dsa_priv_text_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=text,type=public",
- dsa_pub_text_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=text,type=parameters",
- dsa_param_text_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=der,type=private",
- dsa_priv_der_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=der,type=public",
- dsa_pub_der_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=der,type=parameters",
- dsa_param_der_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=pem,type=private",
- dsa_priv_pem_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=pem,type=public",
- dsa_pub_pem_serializer_functions },
- { "DSA", "provider=default,fips=yes,format=pem,type=parameters",
- dsa_param_pem_serializer_functions },
-#endif
-
-#ifndef OPENSSL_NO_EC
- { "X25519", "provider=default,fips=yes,format=text,type=private",
- x25519_priv_print_serializer_functions },
- { "X25519", "provider=default,fips=yes,format=text,type=public",
- x25519_pub_print_serializer_functions },
- { "X25519", "provider=default,fips=yes,format=der,type=private",
- x25519_priv_der_serializer_functions },
- { "X25519", "provider=default,fips=yes,format=der,type=public",
- x25519_pub_der_serializer_functions },
- { "X25519", "provider=default,fips=yes,format=pem,type=private",
- x25519_priv_pem_serializer_functions },
- { "X25519", "provider=default,fips=yes,format=pem,type=public",
- x25519_pub_pem_serializer_functions },
-
- { "X448", "provider=default,format=text,type=private",
- x448_priv_print_serializer_functions },
- { "X448", "provider=default,format=text,type=public",
- x448_pub_print_serializer_functions },
- { "X448", "provider=default,format=der,type=private",
- x448_priv_der_serializer_functions },
- { "X448", "provider=default,format=der,type=public",
- x448_pub_der_serializer_functions },
- { "X448", "provider=default,format=pem,type=private",
- x448_priv_pem_serializer_functions },
- { "X448", "provider=default,format=pem,type=public",
- x448_pub_pem_serializer_functions },
-
- { "ED25519", "provider=default,fips=yes,format=text,type=private",
- ed25519_priv_print_serializer_functions },
- { "ED25519", "provider=default,fips=yes,format=text,type=public",
- ed25519_pub_print_serializer_functions },
- { "ED25519", "provider=default,fips=yes,format=der,type=private",
- ed25519_priv_der_serializer_functions },
- { "ED25519", "provider=default,fips=yes,format=der,type=public",
- ed25519_pub_der_serializer_functions },
- { "ED25519", "provider=default,fips=yes,format=pem,type=private",
- ed25519_priv_pem_serializer_functions },
- { "ED25519", "provider=default,fips=yes,format=pem,type=public",
- ed25519_pub_pem_serializer_functions },
-
- { "ED448", "provider=default,format=text,type=private",
- ed448_priv_print_serializer_functions },
- { "ED448", "provider=default,format=text,type=public",
- ed448_pub_print_serializer_functions },
- { "ED448", "provider=default,format=der,type=private",
- ed448_priv_der_serializer_functions },
- { "ED448", "provider=default,format=der,type=public",
- ed448_pub_der_serializer_functions },
- { "ED448", "provider=default,format=pem,type=private",
- ed448_priv_pem_serializer_functions },
- { "ED448", "provider=default,format=pem,type=public",
- ed448_pub_pem_serializer_functions },
-
- { "EC", "provider=default,fips=yes,format=text,type=private",
- ec_priv_text_serializer_functions },
- { "EC", "provider=default,fips=yes,format=text,type=public",
- ec_pub_text_serializer_functions },
- { "EC", "provider=default,fips=yes,format=text,type=parameters",
- ec_param_text_serializer_functions },
- { "EC", "provider=default,fips=yes,format=der,type=private",
- ec_priv_der_serializer_functions },
- { "EC", "provider=default,fips=yes,format=der,type=public",
- ec_pub_der_serializer_functions },
- { "EC", "provider=default,fips=yes,format=der,type=parameters",
- ec_param_der_serializer_functions },
- { "EC", "provider=default,fips=yes,format=pem,type=private",
- ec_priv_pem_serializer_functions },
- { "EC", "provider=default,fips=yes,format=pem,type=public",
- ec_pub_pem_serializer_functions },
- { "EC", "provider=default,fips=yes,format=pem,type=parameters",
- ec_param_pem_serializer_functions },
-#endif
+#define SER(name, fips, format, type, func_table) \
+ { name, \
+ "provider=default,fips=" fips ",format=" format ",type=" type, \
+ (func_table) }
+#include "serializers.inc"
{ NULL, NULL, NULL }
};
+#undef SER
static const OSSL_ALGORITHM deflt_deserializer[] = {
{ "RSA", "provider=default,fips=yes,input=der",
diff --git a/providers/serializers.inc b/providers/serializers.inc
new file mode 100644
index 0000000000..3143ebbec5
--- /dev/null
+++ b/providers/serializers.inc
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef SER
+# error Macro SER undefined
+#endif
+
+ SER("RSA", "yes", "text", "private", rsa_priv_text_serializer_functions),
+ SER("RSA", "yes", "text", "public", rsa_pub_text_serializer_functions),
+ SER("RSA", "yes", "der", "private", rsa_priv_der_serializer_functions),
+ SER("RSA", "yes", "der", "public", rsa_pub_der_serializer_functions),
+ SER("RSA", "yes", "pem", "private", rsa_priv_pem_serializer_functions),
+ SER("RSA", "yes", "pem", "public", rsa_pub_pem_serializer_functions),
+ SER("RSA-PSS", "yes", "text", "private",
+ rsa_priv_text_serializer_functions),
+ SER("RSA-PSS", "yes", "text", "public", rsa_pub_text_serializer_functions),
+ SER("RSA-PSS", "yes", "der", "private", rsa_priv_der_serializer_functions),
+ SER("RSA-PSS", "yes", "der", "public", rsa_pub_der_serializer_functions),
+ SER("RSA-PSS", "yes", "pem", "private", rsa_priv_pem_serializer_functions),
+ SER("RSA-PSS", "yes", "pem", "public", rsa_pub_pem_serializer_functions),
+
+#ifndef OPENSSL_NO_DH
+ SER("DH", "yes", "text", "private", dh_priv_text_serializer_functions),
+ SER("DH", "yes", "text", "public", dh_pub_text_serializer_functions),
+ SER("DH", "yes", "text", "parameters", dh_param_text_serializer_functions),
+ SER("DH", "yes", "der", "private", dh_priv_der_serializer_functions),
+ SER("DH", "yes", "der", "public", dh_pub_der_serializer_functions),
+ SER("DH", "yes", "der", "parameters", dh_param_der_serializer_functions),
+ SER("DH", "yes", "pem", "private", dh_priv_pem_serializer_functions),
+ SER("DH", "yes", "pem", "public", dh_pub_pem_serializer_functions),
+ SER("DH", "yes", "pem", "parameters", dh_param_pem_serializer_functions),
+#endif
+
+#ifndef OPENSSL_NO_DSA
+ SER("DSA", "yes", "text", "private", dsa_priv_text_serializer_functions),
+ SER("DSA", "yes", "text", "public", dsa_pub_text_serializer_functions),
+ SER("DSA", "yes", "text", "parameters",
+ dsa_param_text_serializer_functions),
+ SER("DSA", "yes", "der", "private", dsa_priv_der_serializer_functions),
+ SER("DSA", "yes", "der", "public", dsa_pub_der_serializer_functions),
+ SER("DSA", "yes", "der", "parameters", dsa_param_der_serializer_functions),
+ SER("DSA", "yes", "pem", "private", dsa_priv_pem_serializer_functions),
+ SER("DSA", "yes", "pem", "public", dsa_pub_pem_serializer_functions),
+ SER("DSA", "yes", "pem", "parameters", dsa_param_pem_serializer_functions),
+#endif
+
+#ifndef OPENSSL_NO_EC
+ SER("X25519", "yes", "text", "private",
+ x25519_priv_print_serializer_functions),
+ SER("X25519", "yes", "text", "public",
+ x25519_pub_print_serializer_functions),
+ SER("X25519", "yes", "der", "private",
+ x25519_priv_der_serializer_functions),
+ SER("X25519", "yes", "der", "public", x25519_pub_der_serializer_functions),
+ SER("X25519", "yes", "pem", "private",
+ x25519_priv_pem_serializer_functions),
+ SER("X25519", "yes", "pem", "public", x25519_pub_pem_serializer_functions),
+
+ SER("X448", "no", "text", "private", x448_priv_print_serializer_functions),
+ SER("X448", "no", "text", "public", x448_pub_print_serializer_functions),
+ SER("X448", "no", "der", "private", x448_priv_der_serializer_functions),
+ SER("X448", "no", "der", "public", x448_pub_der_serializer_functions),
+ SER("X448", "no", "pem", "private", x448_priv_pem_serializer_functions),
+ SER("X448", "no", "pem", "public", x448_pub_pem_serializer_functions),
+
+ SER("ED25519", "yes", "text", "private",
+ ed25519_priv_print_serializer_functions),
+ SER("ED25519", "yes", "text", "public",
+ ed25519_pub_print_serializer_functions),
+ SER("ED25519", "yes", "der", "private",
+ ed25519_priv_der_serializer_functions),
+ SER("ED25519", "yes", "der", "public",
+ ed25519_pub_der_serializer_functions),
+ SER("ED25519", "yes", "pem", "private",
+ ed25519_priv_pem_serializer_functions),
+ SER("ED25519", "yes", "pem", "public",
+ ed25519_pub_pem_serializer_functions),
+
+ SER("ED448", "no", "text", "private",
+ ed448_priv_print_serializer_functions),
+ SER("ED448", "no", "text", "public", ed448_pub_print_serializer_functions),
+ SER("ED448", "no", "der", "private", ed448_priv_der_serializer_functions),
+ SER("ED448", "no", "der", "public", ed448_pub_der_serializer_functions),
+ SER("ED448", "no", "pem", "private", ed448_priv_pem_serializer_functions),
+ SER("ED448", "no", "pem", "public", ed448_pub_pem_serializer_functions),
+
+ SER("EC", "yes", "text", "private", ec_priv_text_serializer_functions),
+ SER("EC", "yes", "text", "public", ec_pub_text_serializer_functions),
+ SER("EC", "yes", "text", "parameters", ec_param_text_serializer_functions),
+ SER("EC", "yes", "der", "private", ec_priv_der_serializer_functions),
+ SER("EC", "yes", "der", "public", ec_pub_der_serializer_functions),
+ SER("EC", "yes", "der", "parameters", ec_param_der_serializer_functions),
+ SER("EC", "yes", "pem", "private", ec_priv_pem_serializer_functions),
+ SER("EC", "yes", "pem", "public", ec_pub_pem_serializer_functions),
+ SER("EC", "yes", "pem", "parameters", ec_param_pem_serializer_functions),
+#endif