Browse Source
serialisation: Add a built-in base provider.
Move the libcrypto serialisation functionality into a place where it can be provided at some point. The serialisation still remains native in the default provider. Add additional code to the list command to display what kind of serialisation each entry is capable of. Having the FIPS provider auto load the base provider is a future (but necessary) enhancement. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12104)master
Pauli
2 years ago
10 changed files with 460 additions and 151 deletions
Split View
Diff Options
-
+72 -3apps/list.c
-
+2 -0crypto/provider_predefined.c
-
+6 -0doc/man1/openssl-list.pod.in
-
+96 -0doc/man7/OSSL_PROVIDER-base.pod
-
+5 -4doc/man7/OSSL_PROVIDER-default.pod
-
+8 -0doc/man7/provider.pod
-
+153 -0providers/baseprov.c
-
+10 -0providers/build.info
-
+6 -144providers/defltprov.c
-
+102 -0providers/serializers.inc
+ 72
- 3
apps/list.c
View File
+ 2
- 0
crypto/provider_predefined.c
View File
+ 6
- 0
doc/man1/openssl-list.pod.in
View File
+ 96
- 0
doc/man7/OSSL_PROVIDER-base.pod
View File
| @ -0,0 +1,96 @@ | |||
| =pod | |||
| =head1 NAME | |||
| OSSL_PROVIDER-base - OpenSSL base provider | |||
| =head1 DESCRIPTION | |||
| The OpenSSL base provider supplies the serialization for OpenSSL's | |||
| asymmetric cryptography. | |||
| =head2 Properties | |||
| The implementations in this provider specifically have this property | |||
| defined: | |||
| =over 4 | |||
| =item "provider=base" | |||
| =back | |||
| It may be used in a property query string with fetching functions. | |||
| It isn't mandatory to query for this property, except to make sure to get | |||
| implementations of this provider and none other. | |||
| =over 4 | |||
| =item "type=parameters" | |||
| =item "type=private" | |||
| =item "type=public" | |||
| =back | |||
| These may be used in a property query string with fetching functions to select | |||
| which data are to be serialized. Either the private key material, the public | |||
| key material or the domain parameters can be selected. | |||
| =over 4 | |||
| =item "format=der" | |||
| =item "format=pem" | |||
| =item "format=text" | |||
| =back | |||
| These may be used in a property query string with fetching functions to select | |||
| the serialization output format. Either the DER, PEM and plaintext are | |||
| currently permitted. | |||
| =head1 OPERATIONS AND ALGORITHMS | |||
| The OpenSSL base provider supports these operations and algorithms: | |||
| =head2 Asymmetric Key Serializer | |||
| In addition to "provider=base", some of these serializers define the | |||
| property "fips=yes", to allow them to be used together with the FIPS | |||
| provider. | |||
| =over 4 | |||
| =item RSA, see L<OSSL_SERIALIZER-RSA(7)> | |||
| =item DH, see L<OSSL_SERIALIZER-DH(7)> | |||
| =item DSA, see L<OSSL_SERIALIZER-DSA(7)> | |||
| =item EC, see L<OSSL_SERIALIZER-EC(7)> | |||
| =item X25519, see L<OSSL_SERIALIZER-X25519(7)> | |||
| =item X448, see L<OSSL_SERIALIZER-X448(7)> | |||
| =back | |||
| =head1 SEE ALSO | |||
| L<OSSL_PROVIDER-default(7)>, L<openssl-core.h(7)>, | |||
| L<openssl-core_dispatch.h(7)>, L<provider(7)> | |||
| =head1 COPYRIGHT | |||
| Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |||
| Licensed under the Apache License 2.0 (the "License"). You may not use | |||
| this file except in compliance with the License. You can obtain a copy | |||
| in the file LICENSE in the source distribution or at | |||
| L<https://www.openssl.org/source/license.html>. | |||
| =cut | |||
+ 5
- 4
doc/man7/OSSL_PROVIDER-default.pod
View File
+ 8
- 0
doc/man7/provider.pod
View File
+ 153
- 0
providers/baseprov.c
View File
| @ -0,0 +1,153 @@ | |||
| /* | |||
| * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |||
| * | |||
| * Licensed under the Apache License 2.0 (the "License"). You may not use | |||
| * this file except in compliance with the License. You can obtain a copy | |||
| * in the file LICENSE in the source distribution or at | |||
| * https://www.openssl.org/source/license.html | |||
| */ | |||
| #include <string.h> | |||
| #include <stdio.h> | |||
| #include <openssl/opensslconf.h> | |||
| #include <openssl/core.h> | |||
| #include <openssl/core_dispatch.h> | |||
| #include <openssl/core_names.h> | |||
| #include <openssl/params.h> | |||
| #include "prov/bio.h" | |||
| #include "prov/provider_ctx.h" | |||
| #include "prov/providercommon.h" | |||
| #include "prov/implementations.h" | |||
| #include "prov/provider_util.h" | |||
| #include "internal/nelem.h" | |||
| /* | |||
| * Forward declarations to ensure that interface functions are correctly | |||
| * defined. | |||
| */ | |||
| static OSSL_FUNC_provider_gettable_params_fn base_gettable_params; | |||
| static OSSL_FUNC_provider_get_params_fn base_get_params; | |||
| static OSSL_FUNC_provider_query_operation_fn base_query; | |||
| /* Functions provided by the core */ | |||
| static OSSL_FUNC_core_gettable_params_fn *c_gettable_params = NULL; | |||
| static OSSL_FUNC_core_get_params_fn *c_get_params = NULL; | |||
| /* Parameters we provide to the core */ | |||
| static const OSSL_PARAM base_param_types[] = { | |||
| OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), | |||
| OSSL_PARAM_DEFN(OSSL_PROV_PARAM_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), | |||
| OSSL_PARAM_DEFN(OSSL_PROV_PARAM_BUILDINFO, OSSL_PARAM_UTF8_PTR, NULL, 0), | |||
| OSSL_PARAM_END | |||
| }; | |||
| static const OSSL_PARAM *base_gettable_params(void *provctx) | |||
| { | |||
| return base_param_types; | |||
| } | |||
| static int base_get_params(void *provctx, OSSL_PARAM params[]) | |||
| { | |||
| OSSL_PARAM *p; | |||
| p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); | |||
| if (p != NULL | |||
| && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Base Provider")) | |||
| return 0; | |||
| p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); | |||
| if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) | |||
| return 0; | |||
| p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO); | |||
| if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR)) | |||
| return 0; | |||
| return 1; | |||
| } | |||
| static const OSSL_ALGORITHM base_serializer[] = { | |||
| #define SER(name, fips, format, type, func_table) \ | |||
| { name, \ | |||
| "provider=base,fips=" fips ",format=" format ",type=" type, \ | |||
| (func_table) } | |||
| #include "serializers.inc" | |||
| { NULL, NULL, NULL } | |||
| }; | |||
| #undef SER | |||
| static const OSSL_ALGORITHM *base_query(void *provctx, int operation_id, | |||
| int *no_cache) | |||
| { | |||
| *no_cache = 0; | |||
| return operation_id == OSSL_OP_SERIALIZER ? base_serializer : NULL; | |||
| } | |||
| static void base_teardown(void *provctx) | |||
| { | |||
| BIO_meth_free(PROV_CTX_get0_core_bio_method(provctx)); | |||
| PROV_CTX_free(provctx); | |||
| } | |||
| /* Functions we provide to the core */ | |||
| static const OSSL_DISPATCH base_dispatch_table[] = { | |||
| { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))base_teardown }, | |||
| { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, | |||
| (void (*)(void))base_gettable_params }, | |||
| { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))base_get_params }, | |||
| { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))base_query }, | |||
| { 0, NULL } | |||
| }; | |||
| OSSL_provider_init_fn ossl_base_provider_init; | |||
| int ossl_base_provider_init(const OSSL_CORE_HANDLE *handle, | |||
| const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, | |||
| void **provctx) | |||
| { | |||
| OSSL_FUNC_core_get_library_context_fn *c_get_libctx = NULL; | |||
| BIO_METHOD *corebiometh; | |||
| if (!ossl_prov_bio_from_dispatch(in)) | |||
| return 0; | |||
| for (; in->function_id != 0; in++) { | |||
| switch (in->function_id) { | |||
| case OSSL_FUNC_CORE_GETTABLE_PARAMS: | |||
| c_gettable_params = OSSL_FUNC_core_gettable_params(in); | |||
| break; | |||
| case OSSL_FUNC_CORE_GET_PARAMS: | |||
| c_get_params = OSSL_FUNC_core_get_params(in); | |||
| break; | |||
| case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT: | |||
| c_get_libctx = OSSL_FUNC_core_get_library_context(in); | |||
| break; | |||
| default: | |||
| /* Just ignore anything we don't understand */ | |||
| break; | |||
| } | |||
| } | |||
| if (c_get_libctx == NULL) | |||
| return 0; | |||
| /* | |||
| * We want to make sure that all calls from this provider that requires | |||
| * a library context use the same context as the one used to call our | |||
| * functions. We do that by passing it along in the provider context. | |||
| * | |||
| * This only works for built-in providers. Most providers should | |||
| * create their own library context. | |||
| */ | |||
| if ((*provctx = PROV_CTX_new()) == NULL | |||
| || (corebiometh = bio_prov_init_bio_method()) == NULL) { | |||
| PROV_CTX_free(*provctx); | |||
| *provctx = NULL; | |||
| return 0; | |||
| } | |||
| PROV_CTX_set0_library_context(*provctx, (OPENSSL_CTX *)c_get_libctx(handle)); | |||
| PROV_CTX_set0_handle(*provctx, handle); | |||
| PROV_CTX_set0_core_bio_method(*provctx, corebiometh); | |||
| *out = base_dispatch_table; | |||
| return 1; | |||
| } | |||
+ 10
- 0
providers/build.info
View File
+ 6
- 144
providers/defltprov.c
View File
+ 102
- 0
providers/serializers.inc
View File
| @ -0,0 +1,102 @@ | |||
| /* | |||
| * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. | |||
| * | |||
| * Licensed under the Apache License 2.0 (the "License"). You may not use | |||
| * this file except in compliance with the License. You can obtain a copy | |||
| * in the file LICENSE in the source distribution or at | |||
| * https://www.openssl.org/source/license.html | |||
| */ | |||
| #ifndef SER | |||
| # error Macro SER undefined | |||
| #endif | |||
| SER("RSA", "yes", "text", "private", rsa_priv_text_serializer_functions), | |||
| SER("RSA", "yes", "text", "public", rsa_pub_text_serializer_functions), | |||
| SER("RSA", "yes", "der", "private", rsa_priv_der_serializer_functions), | |||
| SER("RSA", "yes", "der", "public", rsa_pub_der_serializer_functions), | |||
| SER("RSA", "yes", "pem", "private", rsa_priv_pem_serializer_functions), | |||
| SER("RSA", "yes", "pem", "public", rsa_pub_pem_serializer_functions), | |||
| SER("RSA-PSS", "yes", "text", "private", | |||
| rsa_priv_text_serializer_functions), | |||
| SER("RSA-PSS", "yes", "text", "public", rsa_pub_text_serializer_functions), | |||
| SER("RSA-PSS", "yes", "der", "private", rsa_priv_der_serializer_functions), | |||
| SER("RSA-PSS", "yes", "der", "public", rsa_pub_der_serializer_functions), | |||
| SER("RSA-PSS", "yes", "pem", "private", rsa_priv_pem_serializer_functions), | |||
| SER("RSA-PSS", "yes", "pem", "public", rsa_pub_pem_serializer_functions), | |||
| #ifndef OPENSSL_NO_DH | |||
| SER("DH", "yes", "text", "private", dh_priv_text_serializer_functions), | |||
| SER("DH", "yes", "text", "public", dh_pub_text_serializer_functions), | |||
| SER("DH", "yes", "text", "parameters", dh_param_text_serializer_functions), | |||
| SER("DH", "yes", "der", "private", dh_priv_der_serializer_functions), | |||
| SER("DH", "yes", "der", "public", dh_pub_der_serializer_functions), | |||
| SER("DH", "yes", "der", "parameters", dh_param_der_serializer_functions), | |||
| SER("DH", "yes", "pem", "private", dh_priv_pem_serializer_functions), | |||
| SER("DH", "yes", "pem", "public", dh_pub_pem_serializer_functions), | |||
| SER("DH", "yes", "pem", "parameters", dh_param_pem_serializer_functions), | |||
| #endif | |||
| #ifndef OPENSSL_NO_DSA | |||
| SER("DSA", "yes", "text", "private", dsa_priv_text_serializer_functions), | |||
| SER("DSA", "yes", "text", "public", dsa_pub_text_serializer_functions), | |||
| SER("DSA", "yes", "text", "parameters", | |||
| dsa_param_text_serializer_functions), | |||
| SER("DSA", "yes", "der", "private", dsa_priv_der_serializer_functions), | |||
| SER("DSA", "yes", "der", "public", dsa_pub_der_serializer_functions), | |||
| SER("DSA", "yes", "der", "parameters", dsa_param_der_serializer_functions), | |||
| SER("DSA", "yes", "pem", "private", dsa_priv_pem_serializer_functions), | |||
| SER("DSA", "yes", "pem", "public", dsa_pub_pem_serializer_functions), | |||
| SER("DSA", "yes", "pem", "parameters", dsa_param_pem_serializer_functions), | |||
| #endif | |||
| #ifndef OPENSSL_NO_EC | |||
| SER("X25519", "yes", "text", "private", | |||
| x25519_priv_print_serializer_functions), | |||
| SER("X25519", "yes", "text", "public", | |||
| x25519_pub_print_serializer_functions), | |||
| SER("X25519", "yes", "der", "private", | |||
| x25519_priv_der_serializer_functions), | |||
| SER("X25519", "yes", "der", "public", x25519_pub_der_serializer_functions), | |||
| SER("X25519", "yes", "pem", "private", | |||
| x25519_priv_pem_serializer_functions), | |||
| SER("X25519", "yes", "pem", "public", x25519_pub_pem_serializer_functions), | |||
| SER("X448", "no", "text", "private", x448_priv_print_serializer_functions), | |||
| SER("X448", "no", "text", "public", x448_pub_print_serializer_functions), | |||
| SER("X448", "no", "der", "private", x448_priv_der_serializer_functions), | |||
| SER("X448", "no", "der", "public", x448_pub_der_serializer_functions), | |||
| SER("X448", "no", "pem", "private", x448_priv_pem_serializer_functions), | |||
| SER("X448", "no", "pem", "public", x448_pub_pem_serializer_functions), | |||
| SER("ED25519", "yes", "text", "private", | |||
| ed25519_priv_print_serializer_functions), | |||
| SER("ED25519", "yes", "text", "public", | |||
| ed25519_pub_print_serializer_functions), | |||
| SER("ED25519", "yes", "der", "private", | |||
| ed25519_priv_der_serializer_functions), | |||
| SER("ED25519", "yes", "der", "public", | |||
| ed25519_pub_der_serializer_functions), | |||
| SER("ED25519", "yes", "pem", "private", | |||
| ed25519_priv_pem_serializer_functions), | |||
| SER("ED25519", "yes", "pem", "public", | |||
| ed25519_pub_pem_serializer_functions), | |||
| SER("ED448", "no", "text", "private", | |||
| ed448_priv_print_serializer_functions), | |||
| SER("ED448", "no", "text", "public", ed448_pub_print_serializer_functions), | |||
| SER("ED448", "no", "der", "private", ed448_priv_der_serializer_functions), | |||
| SER("ED448", "no", "der", "public", ed448_pub_der_serializer_functions), | |||
| SER("ED448", "no", "pem", "private", ed448_priv_pem_serializer_functions), | |||
| SER("ED448", "no", "pem", "public", ed448_pub_pem_serializer_functions), | |||
| SER("EC", "yes", "text", "private", ec_priv_text_serializer_functions), | |||
| SER("EC", "yes", "text", "public", ec_pub_text_serializer_functions), | |||
| SER("EC", "yes", "text", "parameters", ec_param_text_serializer_functions), | |||
| SER("EC", "yes", "der", "private", ec_priv_der_serializer_functions), | |||
| SER("EC", "yes", "der", "public", ec_pub_der_serializer_functions), | |||
| SER("EC", "yes", "der", "parameters", ec_param_der_serializer_functions), | |||
| SER("EC", "yes", "pem", "private", ec_priv_pem_serializer_functions), | |||
| SER("EC", "yes", "pem", "public", ec_pub_pem_serializer_functions), | |||
| SER("EC", "yes", "pem", "parameters", ec_param_pem_serializer_functions), | |||
| #endif | |||