summaryrefslogtreecommitdiffstats
path: root/providers
diff options
context:
space:
mode:
authorRichard Levitte <levitte@openssl.org>2019-11-08 15:24:42 +0100
committerRichard Levitte <levitte@openssl.org>2019-11-14 10:53:14 +0100
commit1640d48c5b4ee0a3ff5a2a5015ee17ac163d9cd4 (patch)
tree24fb95a9c51ec8fac457e00b924b853ad098bffc /providers
parent726ad13c4e720daeda5f56326aebcd27b4615d6c (diff)
CORE & PROV: make export of key data leaner through callback
Exporting data from a provider owned domainparams or key is quite an ordeal, with having to figure out what parameter keys an implementation supports, call the export function a first time to find out how large each parameter buffer must be, allocate the necessary space for it, and call the export function again. So how about letting the export function build up the key data params and call back with that? This change implements exactly such a mechanism. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10414)
Diffstat (limited to 'providers')
-rw-r--r--providers/implementations/keymgmt/dh_kmgmt.c61
-rw-r--r--providers/implementations/keymgmt/dsa_kmgmt.c63
-rw-r--r--providers/implementations/keymgmt/rsa_kmgmt.c55
3 files changed, 112 insertions, 67 deletions
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index 4120155619..c38c5f2bd5 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -12,7 +12,9 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
#include <openssl/params.h>
+#include "internal/param_build.h"
#include "prov/implementations.h"
+#include "prov/providercommon.h"
static OSSL_OP_keymgmt_importdomparams_fn dh_importdomparams;
static OSSL_OP_keymgmt_exportdomparams_fn dh_exportdomparams;
@@ -45,20 +47,19 @@ static int params_to_domparams(DH *dh, const OSSL_PARAM params[])
return 0;
}
-static int domparams_to_params(DH *dh, OSSL_PARAM params[])
+static int domparams_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
{
- OSSL_PARAM *p;
const BIGNUM *dh_p = NULL, *dh_g = NULL;
if (dh == NULL)
return 0;
DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_P)) != NULL
- && !OSSL_PARAM_set_BN(p, dh_p))
+ if (dh_p != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, dh_p))
return 0;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_G)) != NULL
- && !OSSL_PARAM_set_BN(p, dh_g))
+ if (dh_g != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, dh_g))
return 0;
return 1;
@@ -105,24 +106,21 @@ static int params_to_key(DH *dh, const OSSL_PARAM params[])
return 0;
}
-static int key_to_params(DH *dh, OSSL_PARAM params[])
+static int key_to_params(DH *dh, OSSL_PARAM_BLD *tmpl)
{
- OSSL_PARAM *p;
const BIGNUM *priv_key = NULL, *pub_key = NULL;
if (dh == NULL)
return 0;
- if (!domparams_to_params(dh, params))
+ if (!domparams_to_params(dh, tmpl))
return 0;
DH_get0_key(dh, &pub_key, &priv_key);
- if ((p = OSSL_PARAM_locate(params,
- OSSL_PKEY_PARAM_DH_PRIV_KEY)) != NULL
- && !OSSL_PARAM_set_BN(p, priv_key))
+ if (priv_key != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DH_PRIV_KEY, priv_key))
return 0;
- if ((p = OSSL_PARAM_locate(params,
- OSSL_PKEY_PARAM_DH_PUB_KEY)) != NULL
- && !OSSL_PARAM_set_BN(p, pub_key))
+ if (pub_key != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DH_PUB_KEY, pub_key))
return 0;
return 1;
@@ -140,11 +138,22 @@ static void *dh_importdomparams(void *provctx, const OSSL_PARAM params[])
return dh;
}
-static int dh_exportdomparams(void *domparams, OSSL_PARAM params[])
+static int dh_exportdomparams(void *domparams, OSSL_CALLBACK *param_cb,
+ void *cbarg)
{
DH *dh = domparams;
-
- return dh != NULL && !domparams_to_params(dh, params);
+ OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM *params = NULL;
+ int ret;
+
+ ossl_param_bld_init(&tmpl);
+ if (dh == NULL
+ || !domparams_to_params(dh, &tmpl)
+ || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
+ return 0;
+ ret = param_cb(params, cbarg);
+ ossl_param_bld_free(params);
+ return ret;
}
static void *dh_importkey(void *provctx, const OSSL_PARAM params[])
@@ -159,11 +168,21 @@ static void *dh_importkey(void *provctx, const OSSL_PARAM params[])
return dh;
}
-static int dh_exportkey(void *key, OSSL_PARAM params[])
+static int dh_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
{
DH *dh = key;
-
- return dh != NULL && !key_to_params(dh, params);
+ OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM *params = NULL;
+ int ret;
+
+ ossl_param_bld_init(&tmpl);
+ if (dh == NULL
+ || !key_to_params(dh, &tmpl)
+ || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
+ return 0;
+ ret = param_cb(params, cbarg);
+ ossl_param_bld_free(params);
+ return ret;
}
const OSSL_DISPATCH dh_keymgmt_functions[] = {
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index a3bf11a570..ca4354af59 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -12,7 +12,9 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/params.h>
+#include "internal/param_build.h"
#include "prov/implementations.h"
+#include "prov/providercommon.h"
static OSSL_OP_keymgmt_importdomparams_fn dsa_importdomparams;
static OSSL_OP_keymgmt_exportdomparams_fn dsa_exportdomparams;
@@ -48,23 +50,22 @@ static int params_to_domparams(DSA *dsa, const OSSL_PARAM params[])
return 0;
}
-static int domparams_to_params(DSA *dsa, OSSL_PARAM params[])
+static int domparams_to_params(DSA *dsa, OSSL_PARAM_BLD *tmpl)
{
- OSSL_PARAM *p;
const BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
if (dsa == NULL)
return 0;
DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_P)) != NULL
- && !OSSL_PARAM_set_BN(p, dsa_p))
+ if (dsa_p != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_P, dsa_p))
return 0;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_Q)) != NULL
- && !OSSL_PARAM_set_BN(p, dsa_q))
+ if (dsa_q != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_Q, dsa_q))
return 0;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_G)) != NULL
- && !OSSL_PARAM_set_BN(p, dsa_g))
+ if (dsa_g != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_FFC_G, dsa_g))
return 0;
return 1;
@@ -110,22 +111,21 @@ static int params_to_key(DSA *dsa, const OSSL_PARAM params[])
return 0;
}
-static int key_to_params(DSA *dsa, OSSL_PARAM params[])
+static int key_to_params(DSA *dsa, OSSL_PARAM_BLD *tmpl)
{
- OSSL_PARAM *p;
const BIGNUM *priv_key = NULL, *pub_key = NULL;
if (dsa == NULL)
return 0;
- if (!domparams_to_params(dsa, params))
+ if (!domparams_to_params(dsa, tmpl))
return 0;
DSA_get0_key(dsa, &pub_key, &priv_key);
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DSA_PRIV_KEY)) != NULL
- && !OSSL_PARAM_set_BN(p, priv_key))
+ if (priv_key != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DSA_PRIV_KEY, priv_key))
return 0;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_DSA_PUB_KEY)) != NULL
- && !OSSL_PARAM_set_BN(p, pub_key))
+ if (pub_key != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_DSA_PUB_KEY, pub_key))
return 0;
return 1;
@@ -143,11 +143,22 @@ static void *dsa_importdomparams(void *provctx, const OSSL_PARAM params[])
return dsa;
}
-static int dsa_exportdomparams(void *domparams, OSSL_PARAM params[])
+static int dsa_exportdomparams(void *domparams,
+ OSSL_CALLBACK *param_cb, void *cbarg)
{
DSA *dsa = domparams;
-
- return dsa != NULL && !domparams_to_params(dsa, params);
+ OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM *params = NULL;
+ int ret;
+
+ ossl_param_bld_init(&tmpl);
+ if (dsa == NULL
+ || !domparams_to_params(dsa, &tmpl)
+ || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
+ return 0;
+ ret = param_cb(params, cbarg);
+ ossl_param_bld_free(params);
+ return ret;
}
static void *dsa_importkey(void *provctx, const OSSL_PARAM params[])
@@ -162,11 +173,21 @@ static void *dsa_importkey(void *provctx, const OSSL_PARAM params[])
return dsa;
}
-static int dsa_exportkey(void *key, OSSL_PARAM params[])
+static int dsa_exportkey(void *key, OSSL_CALLBACK *param_cb, void *cbarg)
{
DSA *dsa = key;
-
- return dsa != NULL && !key_to_params(dsa, params);
+ OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM *params = NULL;
+ int ret;
+
+ ossl_param_bld_init(&tmpl);
+ if (dsa == NULL
+ || !key_to_params(dsa, &tmpl)
+ || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
+ return 0;
+ ret = param_cb(params, cbarg);
+ ossl_param_bld_free(params);
+ return ret;
}
const OSSL_DISPATCH dsa_keymgmt_functions[] = {
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index aaa9815aa9..451f227775 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -13,7 +13,9 @@
#include <openssl/rsa.h>
#include <openssl/params.h>
#include <openssl/types.h>
+#include "internal/param_build.h"
#include "prov/implementations.h"
+#include "prov/providercommon.h"
#include "crypto/rsa.h"
static OSSL_OP_keymgmt_importkey_fn rsa_importkey;
@@ -96,10 +98,9 @@ static int params_to_key(RSA *rsa, const OSSL_PARAM params[])
return 0;
}
-static int export_numbers(OSSL_PARAM params[], const char *key,
+static int export_numbers(OSSL_PARAM_BLD *tmpl, const char *key,
STACK_OF(BIGNUM_const) *numbers)
{
- OSSL_PARAM *p = NULL;
int i, nnum;
if (numbers == NULL)
@@ -107,24 +108,18 @@ static int export_numbers(OSSL_PARAM params[], const char *key,
nnum = sk_BIGNUM_const_num(numbers);
- for (p = params, i = 0;
- i < nnum && (p = OSSL_PARAM_locate(p, key)) != NULL;
- p++, i++) {
- if (!OSSL_PARAM_set_BN(p, sk_BIGNUM_const_value(numbers, i)))
+ for (i = 0; i < nnum; i++) {
+ if (!ossl_param_bld_push_BN(tmpl, key,
+ sk_BIGNUM_const_value(numbers, i)))
return 0;
}
- /*
- * If we didn't export the amount of numbers we have, the caller didn't
- * specify enough OSSL_PARAM entries named |key|.
- */
- return i == nnum;
+ return 1;
}
-static int key_to_params(RSA *rsa, OSSL_PARAM params[])
+static int key_to_params(RSA *rsa, OSSL_PARAM_BLD *tmpl)
{
int ret = 0;
- OSSL_PARAM *p;
const BIGNUM *rsa_d = NULL, *rsa_n = NULL, *rsa_e = NULL;
STACK_OF(BIGNUM_const) *factors = sk_BIGNUM_const_new_null();
STACK_OF(BIGNUM_const) *exps = sk_BIGNUM_const_new_null();
@@ -136,19 +131,19 @@ static int key_to_params(RSA *rsa, OSSL_PARAM params[])
RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d);
rsa_get0_all_params(rsa, factors, exps, coeffs);
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_N)) != NULL
- && !OSSL_PARAM_set_BN(p, rsa_n))
+ if (rsa_n != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_N, rsa_n))
goto err;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_E)) != NULL
- && !OSSL_PARAM_set_BN(p, rsa_e))
+ if (rsa_e != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_E, rsa_e))
goto err;
- if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_RSA_D)) != NULL
- && !OSSL_PARAM_set_BN(p, rsa_d))
+ if (rsa_d != NULL
+ && !ossl_param_bld_push_BN(tmpl, OSSL_PKEY_PARAM_RSA_D, rsa_d))
goto err;
- if (!export_numbers(params, OSSL_PKEY_PARAM_RSA_FACTOR, factors)
- || !export_numbers(params, OSSL_PKEY_PARAM_RSA_EXPONENT, exps)
- || !export_numbers(params, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs))
+ if (!export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_FACTOR, factors)
+ || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_EXPONENT, exps)
+ || !export_numbers(tmpl, OSSL_PKEY_PARAM_RSA_COEFFICIENT, coeffs))
goto err;
ret = 1;
@@ -171,11 +166,21 @@ static void *rsa_importkey(void *provctx, const OSSL_PARAM params[])
return rsa;
}
-static int rsa_exportkey(void *key, OSSL_PARAM params[])
+static int rsa_exportkey(void *key, OSSL_CALLBACK *param_callback, void *cbarg)
{
RSA *rsa = key;
-
- return rsa != NULL && key_to_params(rsa, params);
+ OSSL_PARAM_BLD tmpl;
+ OSSL_PARAM *params = NULL;
+ int ret;
+
+ ossl_param_bld_init(&tmpl);
+ if (rsa == NULL
+ || !key_to_params(rsa, &tmpl)
+ || (params = ossl_param_bld_to_param(&tmpl)) == NULL)
+ return 0;
+ ret = param_callback(params, cbarg);
+ ossl_param_bld_free(params);
+ return ret;
}
/*
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 04:20:08 +0000