diff options
-rw-r--r-- | apps/list.c | 75 | ||||
-rw-r--r-- | crypto/provider_predefined.c | 2 | ||||
-rw-r--r-- | doc/man1/openssl-list.pod.in | 6 | ||||
-rw-r--r-- | doc/man7/OSSL_PROVIDER-base.pod | 96 | ||||
-rw-r--r-- | doc/man7/OSSL_PROVIDER-default.pod | 9 | ||||
-rw-r--r-- | doc/man7/provider.pod | 8 | ||||
-rw-r--r-- | providers/baseprov.c | 153 | ||||
-rw-r--r-- | providers/build.info | 10 | ||||
-rw-r--r-- | providers/defltprov.c | 150 | ||||
-rw-r--r-- | providers/serializers.inc | 102 |
10 files changed, 460 insertions, 151 deletions
diff --git a/apps/list.c b/apps/list.c index b58871b1c5..5b93f7dfed 100644 --- a/apps/list.c +++ b/apps/list.c @@ -16,6 +16,8 @@ #include <openssl/provider.h> #include <openssl/safestack.h> #include <openssl/kdf.h> +#include <openssl/serializer.h> +#include <openssl/core_names.h> #include "apps.h" #include "app_params.h" #include "progs.h" @@ -351,6 +353,66 @@ static void list_random_generators(void) sk_EVP_RAND_pop_free(rands, EVP_RAND_free); } +/* + * Serializers + */ +DEFINE_STACK_OF(OSSL_SERIALIZER) +static int serializer_cmp(const OSSL_SERIALIZER * const *a, + const OSSL_SERIALIZER * const *b) +{ + int ret = OSSL_SERIALIZER_number(*a) - OSSL_SERIALIZER_number(*b); + + if (ret == 0) + ret = strcmp(OSSL_PROVIDER_name(OSSL_SERIALIZER_provider(*a)), + OSSL_PROVIDER_name(OSSL_SERIALIZER_provider(*b))); + return ret; +} + +static void collect_serializers(OSSL_SERIALIZER *serializer, void *stack) +{ + STACK_OF(OSSL_SERIALIZER) *serializer_stack = stack; + + sk_OSSL_SERIALIZER_push(serializer_stack, serializer); + OSSL_SERIALIZER_up_ref(serializer); +} + +static void list_serializers(void) +{ + STACK_OF(OSSL_SERIALIZER) *serializers; + int i; + + serializers = sk_OSSL_SERIALIZER_new(serializer_cmp); + if (serializers == NULL) { + BIO_printf(bio_err, "ERROR: Memory allocation\n"); + return; + } + BIO_printf(bio_out, "Provided SERIALIZERs:\n"); + OSSL_SERIALIZER_do_all_provided(NULL, collect_serializers, serializers); + sk_OSSL_SERIALIZER_sort(serializers); + + for (i = 0; i < sk_OSSL_SERIALIZER_num(serializers); i++) { + OSSL_SERIALIZER *k = sk_OSSL_SERIALIZER_value(serializers, i); + STACK_OF(OPENSSL_CSTRING) *names = + sk_OPENSSL_CSTRING_new(name_cmp); + + OSSL_SERIALIZER_names_do_all(k, collect_names, names); + + BIO_printf(bio_out, " "); + print_names(bio_out, names); + BIO_printf(bio_out, " @ %s (%s)\n", + OSSL_PROVIDER_name(OSSL_SERIALIZER_provider(k)), + OSSL_SERIALIZER_properties(k)); + + sk_OPENSSL_CSTRING_free(names); + + if (verbose) { + print_param_types("settable operation parameters", + OSSL_SERIALIZER_settable_ctx_params(k), 4); + } + } + sk_OSSL_SERIALIZER_pop_free(serializers, OSSL_SERIALIZER_free); +} + static void list_missing_help(void) { const FUNCTION *fp; @@ -697,7 +759,8 @@ typedef enum HELPLIST_CHOICE { OPT_COMMANDS, OPT_DIGEST_COMMANDS, OPT_MAC_ALGORITHMS, OPT_OPTIONS, OPT_DIGEST_ALGORITHMS, OPT_CIPHER_COMMANDS, OPT_CIPHER_ALGORITHMS, OPT_PK_ALGORITHMS, OPT_PK_METHOD, OPT_DISABLED, - OPT_KDF_ALGORITHMS, OPT_RANDOM_GENERATORS, OPT_MISSING_HELP, OPT_OBJECTS, + OPT_KDF_ALGORITHMS, OPT_RANDOM_GENERATORS, OPT_SERIALIZERS, + OPT_MISSING_HELP, OPT_OBJECTS, #ifndef OPENSSL_NO_DEPRECATED_3_0 OPT_ENGINES, #endif @@ -727,6 +790,7 @@ const OPTIONS list_options[] = { {"cipher-commands", OPT_CIPHER_COMMANDS, '-', "List of cipher commands"}, {"cipher-algorithms", OPT_CIPHER_ALGORITHMS, '-', "List of cipher algorithms"}, + {"serializers", OPT_SERIALIZERS, '-', "List of serialization methods" }, {"public-key-algorithms", OPT_PK_ALGORITHMS, '-', "List of public key algorithms"}, #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -735,8 +799,7 @@ const OPTIONS list_options[] = { {"engines", OPT_ENGINES, '-', "List of loaded engines"}, #endif - {"disabled", OPT_DISABLED, '-', - "List of disabled features"}, + {"disabled", OPT_DISABLED, '-', "List of disabled features"}, {"missing-help", OPT_MISSING_HELP, '-', "List missing detailed help strings"}, {"options", OPT_OPTIONS, 's', @@ -762,6 +825,7 @@ int list_main(int argc, char **argv) unsigned int mac_algorithms:1; unsigned int cipher_commands:1; unsigned int cipher_algorithms:1; + unsigned int serializer_algorithms:1; unsigned int pk_algorithms:1; unsigned int pk_method:1; #ifndef OPENSSL_NO_DEPRECATED_3_0 @@ -813,6 +877,9 @@ opthelp: case OPT_CIPHER_ALGORITHMS: todo.cipher_algorithms = 1; break; + case OPT_SERIALIZERS: + todo.serializer_algorithms = 1; + break; case OPT_PK_ALGORITHMS: todo.pk_algorithms = 1; break; @@ -867,6 +934,8 @@ opthelp: list_type(FT_cipher, one); if (todo.cipher_algorithms) list_ciphers(); + if (todo.serializer_algorithms) + list_serializers(); if (todo.pk_algorithms) list_pkey(); #ifndef OPENSSL_NO_DEPRECATED_3_0 diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c index d1c3a6e024..6acf2ea1af 100644 --- a/crypto/provider_predefined.c +++ b/crypto/provider_predefined.c @@ -11,6 +11,7 @@ #include "provider_local.h" OSSL_provider_init_fn ossl_default_provider_init; +OSSL_provider_init_fn ossl_base_provider_init; OSSL_provider_init_fn ossl_null_provider_init; OSSL_provider_init_fn fips_intern_provider_init; #ifdef STATIC_LEGACY @@ -24,6 +25,7 @@ const struct predefined_providers_st predefined_providers[] = { # ifdef STATIC_LEGACY { "legacy", ossl_legacy_provider_init, 0 }, # endif + { "base", ossl_base_provider_init, 0 }, { "null", ossl_null_provider_init, 0 }, #endif { NULL, NULL, 0 } diff --git a/doc/man1/openssl-list.pod.in b/doc/man1/openssl-list.pod.in index e13b6c34cf..89116888f4 100644 --- a/doc/man1/openssl-list.pod.in +++ b/doc/man1/openssl-list.pod.in @@ -19,6 +19,7 @@ B<openssl list> [B<-random-generators>] [B<-cipher-commands>] [B<-cipher-algorithms>] +[B<-serializers>] [B<-public-key-algorithms>] {- output_off() if $disabled{"deprecated-3.0"}; "" -}[B<-public-key-methods>] @@ -79,7 +80,12 @@ information on what parameters each implementation supports. =item B<-random-generators> Display a list of random number generators. +See L</Display of algorithm names> for a description of how names are +displayed. + +=item B<-serializers> +Display a list of serializers. See L</Display of algorithm names> for a description of how names are displayed. diff --git a/doc/man7/OSSL_PROVIDER-base.pod b/doc/man7/OSSL_PROVIDER-base.pod new file mode 100644 index 0000000000..5896c5a91e --- /dev/null +++ b/doc/man7/OSSL_PROVIDER-base.pod @@ -0,0 +1,96 @@ +=pod + +=head1 NAME + +OSSL_PROVIDER-base - OpenSSL base provider + +=head1 DESCRIPTION + +The OpenSSL base provider supplies the serialization for OpenSSL's +asymmetric cryptography. + +=head2 Properties + +The implementations in this provider specifically have this property +defined: + +=over 4 + +=item "provider=base" + +=back + +It may be used in a property query string with fetching functions. + +It isn't mandatory to query for this property, except to make sure to get +implementations of this provider and none other. + +=over 4 + +=item "type=parameters" + +=item "type=private" + +=item "type=public" + +=back + +These may be used in a property query string with fetching functions to select +which data are to be serialized. Either the private key material, the public +key material or the domain parameters can be selected. + +=over 4 + +=item "format=der" + +=item "format=pem" + +=item "format=text" + +=back + +These may be used in a property query string with fetching functions to select +the serialization output format. Either the DER, PEM and plaintext are +currently permitted. + +=head1 OPERATIONS AND ALGORITHMS + +The OpenSSL base provider supports these operations and algorithms: + +=head2 Asymmetric Key Serializer + +In addition to "provider=base", some of these serializers define the +property "fips=yes", to allow them to be used together with the FIPS +provider. + +=over 4 + +=item RSA, see L<OSSL_SERIALIZER-RSA(7)> + +=item DH, see L<OSSL_SERIALIZER-DH(7)> + +=item DSA, see L<OSSL_SERIALIZER-DSA(7)> + +=item EC, see L<OSSL_SERIALIZER-EC(7)> + +=item X25519, see L<OSSL_SERIALIZER-X25519(7)> + +=item X448, see L<OSSL_SERIALIZER-X448(7)> + +=back + +=head1 SEE ALSO + +L<OSSL_PROVIDER-default(7)>, L<openssl-core.h(7)>, +L<openssl-core_dispatch.h(7)>, L<provider(7)> + +=head1 COPYRIGHT + +Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut diff --git a/doc/man7/OSSL_PROVIDER-default.pod b/doc/man7/OSSL_PROVIDER-default.pod index d9a51dce00..5fe7dbde8c 100644 --- a/doc/man7/OSSL_PROVIDER-default.pod +++ b/doc/man7/OSSL_PROVIDER-default.pod @@ -192,9 +192,9 @@ The OpenSSL default provider supports these operations and algorithms: =head2 Asymmetric Key Serializer -In addition to "provider=default", this set of implementations define the -property "fips=yes", to allow them to be used together with the FIPS -provider. +The default provider also includes all of the serialization algorithms +present in the base provider. Some of these have the property "fips=yes", +to allow them to be used together with the FIPS provider. =over 4 @@ -214,7 +214,8 @@ provider. =head1 SEE ALSO -L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)> +L<openssl-core.h(7)>, L<openssl-core_dispatch.h(7)>, L<provider(7)>, +L<OSSL_PROVIDER-base(7)> =head1 COPYRIGHT diff --git a/doc/man7/provider.pod b/doc/man7/provider.pod index 08edb4a1dd..62ff8695f1 100644 --- a/doc/man7/provider.pod +++ b/doc/man7/provider.pod @@ -268,6 +268,14 @@ algorithm identifier to the appropriate fetching function. The default provider is built in as part of the F<libcrypto> library. Should it be needed (if other providers are loaded and offer implementations of the same algorithms), the property "provider=default" +can be used as a search criterion for these implementations. The default +provider includes all the functionality of the base provider below. + +=head2 Base provider + +The base provider is built in as part of the F<libcrypto> library. +Should it be needed (if other providers are loaded and offer +implementations of the same algorithms), the property "provider=base" can be used as a search criterion for these implementations. Some non-cryptographic algorithms (such as serializers for loading keys and parameters from files) are not FIPS algorithm implementations in themselves but diff --git a/providers/baseprov.c b/providers/baseprov.c new file mode 100644 index 0000000000..d40535bafa --- /dev/null +++ b/providers/baseprov.c @@ -0,0 +1,153 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <string.h> +#include <stdio.h> +#include <openssl/opensslconf.h> +#include <openssl/core.h> +#include <openssl/core_dispatch.h> +#include <openssl/core_names.h> +#include <openssl/params.h> +#include "prov/bio.h" +#include "prov/provider_ctx.h" +#include "prov/providercommon.h" +#include "prov/implementations.h" +#include "prov/provider_util.h" +#include "internal/nelem.h" + +/* + * Forward declarations to ensure that interface functions are correctly + * defined. + */ +static OSSL_FUNC_provider_gettable_params_fn base_gettable_params; +static OSSL_FUNC_provider_get_params_fn base_get_params; +static OSSL_FUNC_provider_query_operation_fn base_query; + +/* Functions provided by the core */ +static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL; +static OSSL_FUNC_core_get_params_fn *c_get_params = NULL; + +/* Parameters we provide to the core */ +static const OSSL_PARAM base_param_types[] = { + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), + OSSL_PARAM_END +}; + +static const OSSL_PARAM *base_gettable_params(void *provctx) +{ + return base_param_types; +} + +static int base_get_params(void *provctx, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); + if (p != NULL + && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Base Provider")) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) + return 0; + p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) + return 0; + + return 1; +} + +static const OSSL_ALGORITHM base_serializer[] = { +#define SER(name, fips, format, type, func_table) \ + { name, \ + "provider=base,fips=" fips ",format=" format ",type=" type, \ + (func_table) } + +#include "serializers.inc" + { NULL, NULL, NULL } +}; +#undef SER + +static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id, + int *no_cache) +{ + *no_cache = 0; + return operation_id == OSSL_OP_SERIALIZER ? base_serializer : NULL; +} + +static void base_teardown(void *provctx) +{ + BIO_meth_free(PROV_CTX_get0_core_bio_method(provctx)); + PROV_CTX_free(provctx); +} + +/* Functions we provide to the core */ +static const OSSL_DISPATCH base_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))base_teardown }, + { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, + (void (*)(void))base_gettable_params }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))base_get_params }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))base_query }, + { 0, NULL } +}; + +OSSL_provider_init_fn ossl_base_provider_init; + +int ossl_base_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, + void **provctx) +{ + OSSL_FUNC_core_get_library_context_fn *c_get_libctx = NULL; + BIO_METHOD *corebiometh; + + if (!ossl_prov_bio_from_dispatch(in)) + return 0; + for (; in->function_id != 0; in++) { + switch (in->function_id) { + case OSSL_FUNC_CORE_GETTABLE_PARAMS: + c_gettable_params = OSSL_FUNC_core_gettable_params(in); + break; + case OSSL_FUNC_CORE_GET_PARAMS: + c_get_params = OSSL_FUNC_core_get_params(in); + break; + case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: + c_get_libctx = OSSL_FUNC_core_get_library_context(in); + break; + default: + /* Just ignore anything we don't understand */ + break; + } + } + + if (c_get_libctx == NULL) + return 0; + + /* + * We want to make sure that all calls from this provider that requires + * a library context use the same context as the one used to call our + * functions. We do that by passing it along in the provider context. + * + * This only works for built-in providers. Most providers should + * create their own library context. + */ + if ((*provctx = PROV_CTX_new()) == NULL + || (corebiometh = bio_prov_init_bio_method()) == NULL) { + PROV_CTX_free(*provctx); + *provctx = NULL; + return 0; + } + PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle)); + PROV_CTX_set0_handle(*provctx, handle); + PROV_CTX_set0_core_bio_method(*provctx, corebiometh); + + *out = base_dispatch_table; + + return 1; +} diff --git a/providers/build.info b/providers/build.info index b1bb966b70..8d82d3f911 100644 --- a/providers/build.info +++ b/providers/build.info @@ -109,6 +109,16 @@ INCLUDE[$DEFAULTGOAL]=implementations/include LIBS=$DEFAULTGOAL # +# Base provider stuff +# +# Because the base provider is built in, it means that libcrypto +# must include all of the object files that are needed. +$BASEGOAL=../libcrypto +SOURCE[$BASEGOAL]=$LIBIMPLEMENTATIONS $LIBNONFIPS +SOURCE[$BASEGOAL]=baseprov.c +INCLUDE[$BASEGOAL]=implementations/include + +# # FIPS provider stuff # # We define it this way to ensure that configdata.pm will have all the diff --git a/providers/defltprov.c b/providers/defltprov.c index 466b7908a1..fa6e18fdca 100644 --- a/providers/defltprov.c +++ b/providers/defltprov.c @@ -385,154 +385,16 @@ static const OSSL_ALGORITHM deflt_keymgmt[] = { { NULL, NULL, NULL } }; -/* - * Unlike most algorithms in the default provider, the serializers are allowed - * for use in FIPS mode because they are not FIPS relevant, and therefore have - * the "fips=yes" property. - */ static const OSSL_ALGORITHM deflt_serializer[] = { - { "RSA", "provider=default,fips=yes,format=text,type=private", - rsa_priv_text_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=text,type=public", - rsa_pub_text_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=der,type=private", - rsa_priv_der_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=der,type=public", - rsa_pub_der_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=pem,type=private", - rsa_priv_pem_serializer_functions }, - { "RSA", "provider=default,fips=yes,format=pem,type=public", - rsa_pub_pem_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=text,type=private", - rsa_priv_text_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=text,type=public", - rsa_pub_text_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=der,type=private", - rsa_priv_der_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=der,type=public", - rsa_pub_der_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=pem,type=private", - rsa_priv_pem_serializer_functions }, - { "RSA-PSS", "provider=default,fips=yes,format=pem,type=public", - rsa_pub_pem_serializer_functions }, - -#ifndef OPENSSL_NO_DH - { "DH", "provider=default,fips=yes,format=text,type=private", - dh_priv_text_serializer_functions }, - { "DH", "provider=default,fips=yes,format=text,type=public", - dh_pub_text_serializer_functions }, - { "DH", "provider=default,fips=yes,format=text,type=parameters", - dh_param_text_serializer_functions }, - { "DH", "provider=default,fips=yes,format=der,type=private", - dh_priv_der_serializer_functions }, - { "DH", "provider=default,fips=yes,format=der,type=public", - dh_pub_der_serializer_functions }, - { "DH", "provider=default,fips=yes,format=der,type=parameters", - dh_param_der_serializer_functions }, - { "DH", "provider=default,fips=yes,format=pem,type=private", - dh_priv_pem_serializer_functions }, - { "DH", "provider=default,fips=yes,format=pem,type=public", - dh_pub_pem_serializer_functions }, - { "DH", "provider=default,fips=yes,format=pem,type=parameters", - dh_param_pem_serializer_functions }, -#endif - -#ifndef OPENSSL_NO_DSA - { "DSA", "provider=default,fips=yes,format=text,type=private", - dsa_priv_text_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=text,type=public", - dsa_pub_text_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=text,type=parameters", - dsa_param_text_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=der,type=private", - dsa_priv_der_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=der,type=public", - dsa_pub_der_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=der,type=parameters", - dsa_param_der_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=pem,type=private", - dsa_priv_pem_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=pem,type=public", - dsa_pub_pem_serializer_functions }, - { "DSA", "provider=default,fips=yes,format=pem,type=parameters", - dsa_param_pem_serializer_functions }, -#endif - -#ifndef OPENSSL_NO_EC - { "X25519", "provider=default,fips=yes,format=text,type=private", - x25519_priv_print_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=text,type=public", - x25519_pub_print_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=der,type=private", - x25519_priv_der_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=der,type=public", - x25519_pub_der_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=pem,type=private", - x25519_priv_pem_serializer_functions }, - { "X25519", "provider=default,fips=yes,format=pem,type=public", - x25519_pub_pem_serializer_functions }, - - { "X448", "provider=default,format=text,type=private", - x448_priv_print_serializer_functions }, - { "X448", "provider=default,format=text,type=public", - x448_pub_print_serializer_functions }, - { "X448", "provider=default,format=der,type=private", - x448_priv_der_serializer_functions }, - { "X448", "provider=default,format=der,type=public", - x448_pub_der_serializer_functions }, - { "X448", "provider=default,format=pem,type=private", - x448_priv_pem_serializer_functions }, - { "X448", "provider=default,format=pem,type=public", - x448_pub_pem_serializer_functions }, - - { "ED25519", "provider=default,fips=yes,format=text,type=private", - ed25519_priv_print_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=text,type=public", - ed25519_pub_print_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=der,type=private", - ed25519_priv_der_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=der,type=public", - ed25519_pub_der_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=pem,type=private", - ed25519_priv_pem_serializer_functions }, - { "ED25519", "provider=default,fips=yes,format=pem,type=public", - ed25519_pub_pem_serializer_functions }, - - { "ED448", "provider=default,format=text,type=private", - ed448_priv_print_serializer_functions }, - { "ED448", "provider=default,format=text,type=public", - ed448_pub_print_serializer_functions }, - { "ED448", "provider=default,format=der,type=private", - ed448_priv_der_serializer_functions }, - { "ED448", "provider=default,format=der,type=public", - ed448_pub_der_serializer_functions }, - { "ED448", "provider=default,format=pem,type=private", - ed448_priv_pem_serializer_functions }, - { "ED448", "provider=default,format=pem,type=public", - ed448_pub_pem_serializer_functions }, - - { "EC", "provider=default,fips=yes,format=text,type=private", - ec_priv_text_serializer_functions }, - { "EC", "provider=default,fips=yes,format=text,type=public", - ec_pub_text_serializer_functions }, - { "EC", "provider=default,fips=yes,format=text,type=parameters", - ec_param_text_serializer_functions }, - { "EC", "provider=default,fips=yes,format=der,type=private", - ec_priv_der_serializer_functions }, - { "EC", "provider=default,fips=yes,format=der,type=public", - ec_pub_der_serializer_functions }, - { "EC", "provider=default,fips=yes,format=der,type=parameters", - ec_param_der_serializer_functions }, - { "EC", "provider=default,fips=yes,format=pem,type=private", - ec_priv_pem_serializer_functions }, - { "EC", "provider=default,fips=yes,format=pem,type=public", - ec_pub_pem_serializer_functions }, - { "EC", "provider=default,fips=yes,format=pem,type=parameters", - ec_param_pem_serializer_functions }, -#endif +#define SER(name, fips, format, type, func_table) \ + { name, \ + "provider=default,fips=" fips ",format=" format ",type=" type, \ + (func_table) } +#include "serializers.inc" { NULL, NULL, NULL } }; +#undef SER static const OSSL_ALGORITHM deflt_deserializer[] = { { "RSA", "provider=default,fips=yes,input=der", diff --git a/providers/serializers.inc b/providers/serializers.inc new file mode 100644 index 0000000000..3143ebbec5 --- /dev/null +++ b/providers/serializers.inc @@ -0,0 +1,102 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef SER +# error Macro SER undefined +#endif + + SER("RSA", "yes", "text", "private", rsa_priv_text_serializer_functions), + SER("RSA", "yes", "text", "public", rsa_pub_text_serializer_functions), + SER("RSA", "yes", "der", "private", rsa_priv_der_serializer_functions), + SER("RSA", "yes", "der", "public", rsa_pub_der_serializer_functions), + SER("RSA", "yes", "pem", "private", rsa_priv_pem_serializer_functions), + SER("RSA", "yes", "pem", "public", rsa_pub_pem_serializer_functions), + SER("RSA-PSS", "yes", "text", "private", + rsa_priv_text_serializer_functions), + SER("RSA-PSS", "yes", "text", "public", rsa_pub_text_serializer_functions), + SER("RSA-PSS", "yes", "der", "private", rsa_priv_der_serializer_functions), + SER("RSA-PSS", "yes", "der", "public", rsa_pub_der_serializer_functions), + SER("RSA-PSS", "yes", "pem", "private", rsa_priv_pem_serializer_functions), + SER("RSA-PSS", "yes", "pem", "public", rsa_pub_pem_serializer_functions), + +#ifndef OPENSSL_NO_DH + SER("DH", "yes", "text", "private", dh_priv_text_serializer_functions), + SER("DH", "yes", "text", "public", dh_pub_text_serializer_functions), + SER("DH", "yes", "text", "parameters", dh_param_text_serializer_functions), + SER("DH", "yes", "der", "private", dh_priv_der_serializer_functions), + SER("DH", "yes", "der", "public", dh_pub_der_serializer_functions), + SER("DH", "yes", "der", "parameters", dh_param_der_serializer_functions), + SER("DH", "yes", "pem", "private", dh_priv_pem_serializer_functions), + SER("DH", "yes", "pem", "public", dh_pub_pem_serializer_functions), + SER("DH", "yes", "pem", "parameters", dh_param_pem_serializer_functions), +#endif + +#ifndef OPENSSL_NO_DSA + SER("DSA", "yes", "text", "private", dsa_priv_text_serializer_functions), + SER("DSA", "yes", "text", "public", dsa_pub_text_serializer_functions), + SER("DSA", "yes", "text", "parameters", + dsa_param_text_serializer_functions), + SER("DSA", "yes", "der", "private", dsa_priv_der_serializer_functions), + SER("DSA", "yes", "der", "public", dsa_pub_der_serializer_functions), + SER("DSA", "yes", "der", "parameters", dsa_param_der_serializer_functions), + SER("DSA", "yes", "pem", "private", dsa_priv_pem_serializer_functions), + SER("DSA", "yes", "pem", "public", dsa_pub_pem_serializer_functions), + SER("DSA", "yes", "pem", "parameters", dsa_param_pem_serializer_functions), +#endif + +#ifndef OPENSSL_NO_EC + SER("X25519", "yes", "text", "private", + x25519_priv_print_serializer_functions), + SER("X25519", "yes", "text", "public", + x25519_pub_print_serializer_functions), + SER("X25519", "yes", "der", "private", + x25519_priv_der_serializer_functions), + SER("X25519", "yes", "der", "public", x25519_pub_der_serializer_functions), + SER("X25519", "yes", "pem", "private", + x25519_priv_pem_serializer_functions), + SER("X25519", "yes", "pem", "public", x25519_pub_pem_serializer_functions), + + SER("X448", "no", "text", "private", x448_priv_print_serializer_functions), + SER("X448", "no", "text", "public", x448_pub_print_serializer_functions), + SER("X448", "no", "der", "private", x448_priv_der_serializer_functions), + SER("X448", "no", "der", "public", x448_pub_der_serializer_functions), + SER("X448", "no", "pem", "private", x448_priv_pem_serializer_functions), + SER("X448", "no", "pem", "public", x448_pub_pem_serializer_functions), + + SER("ED25519", "yes", "text", "private", + ed25519_priv_print_serializer_functions), + SER("ED25519", "yes", "text", "public", + ed25519_pub_print_serializer_functions), + SER("ED25519", "yes", "der", "private", + ed25519_priv_der_serializer_functions), + SER("ED25519", "yes", "der", "public", + ed25519_pub_der_serializer_functions), + SER("ED25519", "yes", "pem", "private", + ed25519_priv_pem_serializer_functions), + SER("ED25519", "yes", "pem", "public", + ed25519_pub_pem_serializer_functions), + + SER("ED448", "no", "text", "private", + ed448_priv_print_serializer_functions), + SER("ED448", "no", "text", "public", ed448_pub_print_serializer_functions), + SER("ED448", "no", "der", "private", ed448_priv_der_serializer_functions), + SER("ED448", "no", "der", "public", ed448_pub_der_serializer_functions), + SER("ED448", "no", "pem", "private", ed448_priv_pem_serializer_functions), + SER("ED448", "no", "pem", "public", ed448_pub_pem_serializer_functions), + + SER("EC", "yes", "text", "private", ec_priv_text_serializer_functions), + SER("EC", "yes", "text", "public", ec_pub_text_serializer_functions), + SER("EC", "yes", "text", "parameters", ec_param_text_serializer_functions), + SER("EC", "yes", "der", "private", ec_priv_der_serializer_functions), + SER("EC", "yes", "der", "public", ec_pub_der_serializer_functions), + SER("EC", "yes", "der", "parameters", ec_param_der_serializer_functions), + SER("EC", "yes", "pem", "private", ec_priv_pem_serializer_functions), + SER("EC", "yes", "pem", "public", ec_pub_pem_serializer_functions), + SER("EC", "yes", "pem", "parameters", ec_param_pem_serializer_functions), +#endif |