2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some engine deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
13 #include <openssl/evp.h>
14 #include <openssl/core_names.h>
15 #include <openssl/err.h>
16 #include <openssl/proverr.h>
18 # include <openssl/engine.h>
19 # include "crypto/evp.h"
21 #include "prov/provider_util.h"
23 void ossl_prov_cipher_reset(PROV_CIPHER *pc)
25 EVP_CIPHER_free(pc->alloc_cipher);
26 pc->alloc_cipher = NULL;
28 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
29 ENGINE_finish(pc->engine);
34 int ossl_prov_cipher_copy(PROV_CIPHER *dst, const PROV_CIPHER *src)
36 if (src->alloc_cipher != NULL && !EVP_CIPHER_up_ref(src->alloc_cipher))
38 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
39 if (src->engine != NULL && !ENGINE_init(src->engine)) {
40 EVP_CIPHER_free(src->alloc_cipher);
44 dst->engine = src->engine;
45 dst->cipher = src->cipher;
46 dst->alloc_cipher = src->alloc_cipher;
50 static int load_common(const OSSL_PARAM params[], const char **propquery,
56 p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_PROPERTIES);
58 if (p->data_type != OSSL_PARAM_UTF8_STRING)
63 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
64 ENGINE_finish(*engine);
67 /* Inside the FIPS module, we don't support legacy ciphers */
68 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
69 p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE);
71 if (p->data_type != OSSL_PARAM_UTF8_STRING)
73 /* Get a structural reference */
74 *engine = ENGINE_by_id(p->data);
77 /* Get a functional reference */
78 if (!ENGINE_init(*engine)) {
83 /* Free the structural reference */
90 int ossl_prov_cipher_load_from_params(PROV_CIPHER *pc,
91 const OSSL_PARAM params[],
95 const char *propquery;
100 if (!load_common(params, &propquery, &pc->engine))
103 p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_CIPHER);
106 if (p->data_type != OSSL_PARAM_UTF8_STRING)
109 EVP_CIPHER_free(pc->alloc_cipher);
111 pc->cipher = pc->alloc_cipher = EVP_CIPHER_fetch(ctx, p->data, propquery);
112 #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy ciphers */
113 if (pc->cipher == NULL) {
114 const EVP_CIPHER *cipher;
116 cipher = EVP_get_cipherbyname(p->data);
117 /* Do not use global EVP_CIPHERs */
118 if (cipher != NULL && cipher->origin != EVP_ORIG_GLOBAL)
122 if (pc->cipher != NULL)
125 ERR_clear_last_mark();
126 return pc->cipher != NULL;
129 const EVP_CIPHER *ossl_prov_cipher_cipher(const PROV_CIPHER *pc)
134 ENGINE *ossl_prov_cipher_engine(const PROV_CIPHER *pc)
139 void ossl_prov_digest_reset(PROV_DIGEST *pd)
141 EVP_MD_free(pd->alloc_md);
144 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
145 ENGINE_finish(pd->engine);
150 int ossl_prov_digest_copy(PROV_DIGEST *dst, const PROV_DIGEST *src)
152 if (src->alloc_md != NULL && !EVP_MD_up_ref(src->alloc_md))
154 #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_ENGINE)
155 if (src->engine != NULL && !ENGINE_init(src->engine)) {
156 EVP_MD_free(src->alloc_md);
160 dst->engine = src->engine;
162 dst->alloc_md = src->alloc_md;
166 const EVP_MD *ossl_prov_digest_fetch(PROV_DIGEST *pd, OSSL_LIB_CTX *libctx,
167 const char *mdname, const char *propquery)
169 EVP_MD_free(pd->alloc_md);
170 pd->md = pd->alloc_md = EVP_MD_fetch(libctx, mdname, propquery);
175 int ossl_prov_digest_load_from_params(PROV_DIGEST *pd,
176 const OSSL_PARAM params[],
180 const char *propquery;
185 if (!load_common(params, &propquery, &pd->engine))
188 p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST);
191 if (p->data_type != OSSL_PARAM_UTF8_STRING)
195 ossl_prov_digest_fetch(pd, ctx, p->data, propquery);
196 #ifndef FIPS_MODULE /* Inside the FIPS module, we don't support legacy digests */
197 if (pd->md == NULL) {
200 md = EVP_get_digestbyname(p->data);
201 /* Do not use global EVP_MDs */
202 if (md != NULL && md->origin != EVP_ORIG_GLOBAL)
209 ERR_clear_last_mark();
210 return pd->md != NULL;
213 const EVP_MD *ossl_prov_digest_md(const PROV_DIGEST *pd)
218 ENGINE *ossl_prov_digest_engine(const PROV_DIGEST *pd)
223 int ossl_prov_set_macctx(EVP_MAC_CTX *macctx,
224 const OSSL_PARAM params[],
225 const char *ciphername,
228 const char *properties,
229 const unsigned char *key,
233 OSSL_PARAM mac_params[6], *mp = mac_params;
235 if (params != NULL) {
236 if (mdname == NULL) {
237 if ((p = OSSL_PARAM_locate_const(params,
238 OSSL_ALG_PARAM_DIGEST)) != NULL) {
239 if (p->data_type != OSSL_PARAM_UTF8_STRING)
244 if (ciphername == NULL) {
245 if ((p = OSSL_PARAM_locate_const(params,
246 OSSL_ALG_PARAM_CIPHER)) != NULL) {
247 if (p->data_type != OSSL_PARAM_UTF8_STRING)
249 ciphername = p->data;
252 if (engine == NULL) {
253 if ((p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_ENGINE))
255 if (p->data_type != OSSL_PARAM_UTF8_STRING)
263 *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_DIGEST,
265 if (ciphername != NULL)
266 *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
267 (char *)ciphername, 0);
268 if (properties != NULL)
269 *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_PROPERTIES,
270 (char *)properties, 0);
272 #if !defined(OPENSSL_NO_ENGINE) && !defined(FIPS_MODULE)
274 *mp++ = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_ENGINE,
279 *mp++ = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
280 (unsigned char *)key,
283 *mp = OSSL_PARAM_construct_end();
285 return EVP_MAC_CTX_set_params(macctx, mac_params);
289 int ossl_prov_macctx_load_from_params(EVP_MAC_CTX **macctx,
290 const OSSL_PARAM params[],
292 const char *ciphername,
294 OSSL_LIB_CTX *libctx)
297 const char *properties = NULL;
300 && (p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_MAC)) != NULL) {
301 if (p->data_type != OSSL_PARAM_UTF8_STRING)
305 if ((p = OSSL_PARAM_locate_const(params,
306 OSSL_ALG_PARAM_PROPERTIES)) != NULL) {
307 if (p->data_type != OSSL_PARAM_UTF8_STRING)
309 properties = p->data;
312 /* If we got a new mac name, we make a new EVP_MAC_CTX */
313 if (macname != NULL) {
314 EVP_MAC *mac = EVP_MAC_fetch(libctx, macname, properties);
316 EVP_MAC_CTX_free(*macctx);
317 *macctx = mac == NULL ? NULL : EVP_MAC_CTX_new(mac);
318 /* The context holds on to the MAC */
325 * If there is no MAC yet (and therefore, no MAC context), we ignore
326 * all other parameters.
331 if (ossl_prov_set_macctx(*macctx, params, ciphername, mdname, NULL,
332 properties, NULL, 0))
335 EVP_MAC_CTX_free(*macctx);
340 void ossl_prov_cache_exported_algorithms(const OSSL_ALGORITHM_CAPABLE *in,
345 if (out[0].algorithm_names == NULL) {
346 for (i = j = 0; in[i].alg.algorithm_names != NULL; ++i) {
347 if (in[i].capable == NULL || in[i].capable())
348 out[j++] = in[i].alg;
350 out[j++] = in[i].alg;
354 /* Duplicate a lump of memory safely */
355 int ossl_prov_memdup(const void *src, size_t src_len,
356 unsigned char **dest, size_t *dest_len)
359 if ((*dest = OPENSSL_memdup(src, src_len)) == NULL)