/src/openssl31/providers/implementations/keymgmt/kdf_legacy_kmgmt.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * This implemments a dummy key manager for legacy KDFs that still support the
 * old way of performing a KDF via EVP_PKEY_derive(). New KDFs should not be
 * implemented this way. In reality there is no key data for such KDFs, so this
 * key manager does very little.
 */

#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
#include <openssl/err.h>
#include "prov/implementations.h"
#include "prov/providercommon.h"
#include "prov/provider_ctx.h"
#include "prov/kdfexchange.h"

static OSSL_FUNC_keymgmt_new_fn kdf_newdata;
static OSSL_FUNC_keymgmt_free_fn kdf_freedata;
static OSSL_FUNC_keymgmt_has_fn kdf_has;

KDF_DATA *ossl_kdf_data_new(void *provctx)
{
    KDF_DATA *kdfdata;

    if (!ossl_prov_is_running())
        return NULL;

    kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
    if (kdfdata == NULL)
        return NULL;

    kdfdata->lock = CRYPTO_THREAD_lock_new();
    if (kdfdata->lock == NULL) {
        OPENSSL_free(kdfdata);
        return NULL;
    }
    kdfdata->libctx = PROV_LIBCTX_OF(provctx);
    kdfdata->refcnt = 1;

    return kdfdata;
}

void ossl_kdf_data_free(KDF_DATA *kdfdata)
{
    int ref = 0;

    if (kdfdata == NULL)
        return;

    CRYPTO_DOWN_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
    if (ref > 0)
        return;

    CRYPTO_THREAD_lock_free(kdfdata->lock);
    OPENSSL_free(kdfdata);
}

int ossl_kdf_data_up_ref(KDF_DATA *kdfdata)
{
    int ref = 0;

    /* This is effectively doing a new operation on the KDF_DATA and should be
     * adequately guarded again modules' error states.  However, both current
     * calls here are guarded properly in exchange/kdf_exch.c.  Thus, it
     * could be removed here.  The concern is that something in the future
     * might call this function without adequate guards.  It's a cheap call,
     * it seems best to leave it even though it is currently redundant.
     */
    if (!ossl_prov_is_running())
        return 0;

    CRYPTO_UP_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
    return 1;
}

static void *kdf_newdata(void *provctx)
{
    return ossl_kdf_data_new(provctx);
}

static void kdf_freedata(void *kdfdata)
{
    ossl_kdf_data_free(kdfdata);
}

static int kdf_has(const void *keydata, int selection)
{
    return 1; /* nothing is missing */
}

const OSSL_DISPATCH ossl_kdf_keymgmt_functions[] = {
    { OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))kdf_newdata },
    { OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))kdf_freedata },
    { OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))kdf_has },
    { 0, NULL }
};

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*
11		* This implemments a dummy key manager for legacy KDFs that still support the
12		* old way of performing a KDF via EVP_PKEY_derive(). New KDFs should not be
13		* implemented this way. In reality there is no key data for such KDFs, so this
14		* key manager does very little.
15		*/
16
17		#include <openssl/core_dispatch.h>
18		#include <openssl/core_names.h>
19		#include <openssl/err.h>
20		#include "prov/implementations.h"
21		#include "prov/providercommon.h"
22		#include "prov/provider_ctx.h"
23		#include "prov/kdfexchange.h"
24
25		static OSSL_FUNC_keymgmt_new_fn kdf_newdata;
26		static OSSL_FUNC_keymgmt_free_fn kdf_freedata;
27		static OSSL_FUNC_keymgmt_has_fn kdf_has;
28
29		KDF_DATA ossl_kdf_data_new(void provctx)
30	0	{
31	0	KDF_DATA *kdfdata;
32
33	0	if (!ossl_prov_is_running())
34	0	return NULL;
35
36	0	kdfdata = OPENSSL_zalloc(sizeof(*kdfdata));
37	0	if (kdfdata == NULL)
38	0	return NULL;
39
40	0	kdfdata->lock = CRYPTO_THREAD_lock_new();
41	0	if (kdfdata->lock == NULL) {
42	0	OPENSSL_free(kdfdata);
43	0	return NULL;
44	0	}
45	0	kdfdata->libctx = PROV_LIBCTX_OF(provctx);
46	0	kdfdata->refcnt = 1;
47
48	0	return kdfdata;
49	0	}
50
51		void ossl_kdf_data_free(KDF_DATA *kdfdata)
52	0	{
53	0	int ref = 0;
54
55	0	if (kdfdata == NULL)
56	0	return;
57
58	0	CRYPTO_DOWN_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
59	0	if (ref > 0)
60	0	return;
61
62	0	CRYPTO_THREAD_lock_free(kdfdata->lock);
63	0	OPENSSL_free(kdfdata);
64	0	}
65
66		int ossl_kdf_data_up_ref(KDF_DATA *kdfdata)
67	0	{
68	0	int ref = 0;
69
70		/* This is effectively doing a new operation on the KDF_DATA and should be
71		* adequately guarded again modules' error states. However, both current
72		* calls here are guarded properly in exchange/kdf_exch.c. Thus, it
73		* could be removed here. The concern is that something in the future
74		* might call this function without adequate guards. It's a cheap call,
75		* it seems best to leave it even though it is currently redundant.
76		*/
77	0	if (!ossl_prov_is_running())
78	0	return 0;
79
80	0	CRYPTO_UP_REF(&kdfdata->refcnt, &ref, kdfdata->lock);
81	0	return 1;
82	0	}
83
84		static void kdf_newdata(void provctx)
85	0	{
86	0	return ossl_kdf_data_new(provctx);
87	0	}
88
89		static void kdf_freedata(void *kdfdata)
90	0	{
91	0	ossl_kdf_data_free(kdfdata);
92	0	}
93
94		static int kdf_has(const void *keydata, int selection)
95	0	{
96	0	return 1; /* nothing is missing */
97	0	}
98
99		const OSSL_DISPATCH ossl_kdf_keymgmt_functions[] = {
100		{ OSSL_FUNC_KEYMGMT_NEW, (void (*)(void))kdf_newdata },
101		{ OSSL_FUNC_KEYMGMT_FREE, (void (*)(void))kdf_freedata },
102		{ OSSL_FUNC_KEYMGMT_HAS, (void (*)(void))kdf_has },
103		{ 0, NULL }
104		};

Coverage Report

Created: 2025-06-13 06:58