]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <stddef.h> | |
11 | #include <openssl/types.h> | |
12 | #include <openssl/evp.h> | |
13 | #include <openssl/core.h> | |
14 | #include "internal/cryptlib.h" | |
15 | #include "internal/thread_once.h" | |
16 | #include "internal/property.h" | |
17 | #include "internal/core.h" | |
18 | #include "internal/provider.h" | |
19 | #include "internal/namemap.h" | |
20 | #include "crypto/evp.h" /* evp_local.h needs it */ | |
21 | #include "evp_local.h" | |
22 | ||
23 | #define NAME_SEPARATOR ':' | |
24 | ||
25 | static void evp_method_store_free(void *vstore) | |
26 | { | |
27 | ossl_method_store_free(vstore); | |
28 | } | |
29 | ||
30 | static void *evp_method_store_new(OPENSSL_CTX *ctx) | |
31 | { | |
32 | return ossl_method_store_new(ctx); | |
33 | } | |
34 | ||
35 | ||
36 | static const OPENSSL_CTX_METHOD evp_method_store_method = { | |
37 | evp_method_store_new, | |
38 | evp_method_store_free, | |
39 | }; | |
40 | ||
41 | /* Data to be passed through ossl_method_construct() */ | |
42 | struct evp_method_data_st { | |
43 | OPENSSL_CTX *libctx; | |
44 | OSSL_METHOD_CONSTRUCT_METHOD *mcm; | |
45 | int operation_id; /* For get_evp_method_from_store() */ | |
46 | int name_id; /* For get_evp_method_from_store() */ | |
47 | const char *names; /* For get_evp_method_from_store() */ | |
48 | const char *propquery; /* For get_evp_method_from_store() */ | |
49 | void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *, | |
50 | OSSL_PROVIDER *); | |
51 | int (*refcnt_up_method)(void *method); | |
52 | void (*destruct_method)(void *method); | |
53 | }; | |
54 | ||
55 | /* | |
56 | * Generic routines to fetch / create EVP methods with ossl_method_construct() | |
57 | */ | |
58 | static void *alloc_tmp_evp_method_store(OPENSSL_CTX *ctx) | |
59 | { | |
60 | return ossl_method_store_new(ctx); | |
61 | } | |
62 | ||
63 | static void dealloc_tmp_evp_method_store(void *store) | |
64 | { | |
65 | if (store != NULL) | |
66 | ossl_method_store_free(store); | |
67 | } | |
68 | ||
69 | static OSSL_METHOD_STORE *get_evp_method_store(OPENSSL_CTX *libctx) | |
70 | { | |
71 | return openssl_ctx_get_data(libctx, OPENSSL_CTX_EVP_METHOD_STORE_INDEX, | |
72 | &evp_method_store_method); | |
73 | } | |
74 | ||
75 | /* | |
76 | * To identify the method in the EVP method store, we mix the name identity | |
77 | * with the operation identity, under the assumption that we don't have more | |
78 | * than 2^24 names or more than 2^8 operation types. | |
79 | * | |
80 | * The resulting identity is a 32-bit integer, composed like this: | |
81 | * | |
82 | * +---------24 bits--------+-8 bits-+ | |
83 | * | name identity | op id | | |
84 | * +------------------------+--------+ | |
85 | */ | |
86 | static uint32_t evp_method_id(int name_id, unsigned int operation_id) | |
87 | { | |
88 | if (!ossl_assert(name_id > 0 && name_id < (1 << 24)) | |
89 | || !ossl_assert(operation_id > 0 && operation_id < (1 << 8))) | |
90 | return 0; | |
91 | return ((name_id << 8) & 0xFFFFFF00) | (operation_id & 0x000000FF); | |
92 | } | |
93 | ||
94 | static void *get_evp_method_from_store(OPENSSL_CTX *libctx, void *store, | |
95 | void *data) | |
96 | { | |
97 | struct evp_method_data_st *methdata = data; | |
98 | void *method = NULL; | |
99 | int name_id; | |
100 | uint32_t meth_id; | |
101 | ||
102 | /* | |
103 | * get_evp_method_from_store() is only called to try and get the method | |
104 | * that evp_generic_fetch() is asking for, and the operation id as well | |
105 | * as the name or name id are passed via methdata. | |
106 | */ | |
107 | if ((name_id = methdata->name_id) == 0) { | |
108 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
109 | const char *names = methdata->names; | |
110 | const char *q = strchr(names, NAME_SEPARATOR); | |
111 | size_t l = (q == NULL ? strlen(names) : (size_t)(q - names)); | |
112 | ||
113 | if (namemap == 0) | |
114 | return NULL; | |
115 | name_id = ossl_namemap_name2num_n(namemap, names, l); | |
116 | } | |
117 | ||
118 | if (name_id == 0 | |
119 | || (meth_id = evp_method_id(name_id, methdata->operation_id)) == 0) | |
120 | return NULL; | |
121 | ||
122 | if (store == NULL | |
123 | && (store = get_evp_method_store(libctx)) == NULL) | |
124 | return NULL; | |
125 | ||
126 | if (!ossl_method_store_fetch(store, meth_id, methdata->propquery, | |
127 | &method)) | |
128 | return NULL; | |
129 | return method; | |
130 | } | |
131 | ||
132 | static int put_evp_method_in_store(OPENSSL_CTX *libctx, void *store, | |
133 | void *method, const OSSL_PROVIDER *prov, | |
134 | int operation_id, const char *names, | |
135 | const char *propdef, void *data) | |
136 | { | |
137 | struct evp_method_data_st *methdata = data; | |
138 | OSSL_NAMEMAP *namemap; | |
139 | int name_id; | |
140 | uint32_t meth_id; | |
141 | size_t l = 0; | |
142 | ||
143 | /* | |
144 | * put_evp_method_in_store() is only called with an EVP method that was | |
145 | * successfully created by construct_method() below, which means that | |
146 | * all the names should already be stored in the namemap with the same | |
147 | * numeric identity, so just use the first to get that identity. | |
148 | */ | |
149 | if (names != NULL) { | |
150 | const char *q = strchr(names, NAME_SEPARATOR); | |
151 | ||
152 | l = (q == NULL ? strlen(names) : (size_t)(q - names)); | |
153 | } | |
154 | ||
155 | if ((namemap = ossl_namemap_stored(libctx)) == NULL | |
156 | || (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0 | |
157 | || (meth_id = evp_method_id(name_id, operation_id)) == 0) | |
158 | return 0; | |
159 | ||
160 | if (store == NULL | |
161 | && (store = get_evp_method_store(libctx)) == NULL) | |
162 | return 0; | |
163 | ||
164 | return ossl_method_store_add(store, prov, meth_id, propdef, method, | |
165 | methdata->refcnt_up_method, | |
166 | methdata->destruct_method); | |
167 | } | |
168 | ||
169 | /* | |
170 | * The core fetching functionality passes the name of the implementation. | |
171 | * This function is responsible to getting an identity number for it. | |
172 | */ | |
173 | static void *construct_evp_method(const OSSL_ALGORITHM *algodef, | |
174 | OSSL_PROVIDER *prov, void *data) | |
175 | { | |
176 | /* | |
177 | * This function is only called if get_evp_method_from_store() returned | |
178 | * NULL, so it's safe to say that of all the spots to create a new | |
179 | * namemap entry, this is it. Should the name already exist there, we | |
180 | * know that ossl_namemap_add_name() will return its corresponding | |
181 | * number. | |
182 | */ | |
183 | struct evp_method_data_st *methdata = data; | |
184 | OPENSSL_CTX *libctx = ossl_provider_library_context(prov); | |
185 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
186 | const char *names = algodef->algorithm_names; | |
187 | int name_id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR); | |
188 | ||
189 | if (name_id == 0) | |
190 | return NULL; | |
191 | return methdata->method_from_dispatch(name_id, algodef->implementation, | |
192 | prov); | |
193 | } | |
194 | ||
195 | static void destruct_evp_method(void *method, void *data) | |
196 | { | |
197 | struct evp_method_data_st *methdata = data; | |
198 | ||
199 | methdata->destruct_method(method); | |
200 | } | |
201 | ||
202 | static void * | |
203 | inner_evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, | |
204 | int name_id, const char *name, | |
205 | const char *properties, | |
206 | void *(*new_method)(int name_id, | |
207 | const OSSL_DISPATCH *fns, | |
208 | OSSL_PROVIDER *prov), | |
209 | int (*up_ref_method)(void *), | |
210 | void (*free_method)(void *)) | |
211 | { | |
212 | OSSL_METHOD_STORE *store = get_evp_method_store(libctx); | |
213 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
214 | uint32_t meth_id = 0; | |
215 | void *method = NULL; | |
216 | ||
217 | if (store == NULL || namemap == NULL) | |
218 | return NULL; | |
219 | ||
220 | /* | |
221 | * If there's ever an operation_id == 0 passed, we have an internal | |
222 | * programming error. | |
223 | */ | |
224 | if (!ossl_assert(operation_id > 0)) | |
225 | return NULL; | |
226 | ||
227 | /* | |
228 | * If we have been passed neither a name_id or a name, we have an | |
229 | * internal programming error. | |
230 | */ | |
231 | if (!ossl_assert(name_id != 0 || name != NULL)) | |
232 | return NULL; | |
233 | ||
234 | /* If we haven't received a name id yet, try to get one for the name */ | |
235 | if (name_id == 0) | |
236 | name_id = ossl_namemap_name2num(namemap, name); | |
237 | ||
238 | /* | |
239 | * If we have a name id, calculate a method id with evp_method_id(). | |
240 | * | |
241 | * evp_method_id returns 0 if we have too many operations (more than | |
242 | * about 2^8) or too many names (more than about 2^24). In that case, | |
243 | * we can't create any new method. | |
244 | */ | |
245 | if (name_id != 0 && (meth_id = evp_method_id(name_id, operation_id)) == 0) | |
246 | return NULL; | |
247 | ||
248 | if (meth_id == 0 | |
249 | || !ossl_method_store_cache_get(store, meth_id, properties, &method)) { | |
250 | OSSL_METHOD_CONSTRUCT_METHOD mcm = { | |
251 | alloc_tmp_evp_method_store, | |
252 | dealloc_tmp_evp_method_store, | |
253 | get_evp_method_from_store, | |
254 | put_evp_method_in_store, | |
255 | construct_evp_method, | |
256 | destruct_evp_method | |
257 | }; | |
258 | struct evp_method_data_st mcmdata; | |
259 | ||
260 | mcmdata.mcm = &mcm; | |
261 | mcmdata.libctx = libctx; | |
262 | mcmdata.operation_id = operation_id; | |
263 | mcmdata.name_id = name_id; | |
264 | mcmdata.names = name; | |
265 | mcmdata.propquery = properties; | |
266 | mcmdata.method_from_dispatch = new_method; | |
267 | mcmdata.refcnt_up_method = up_ref_method; | |
268 | mcmdata.destruct_method = free_method; | |
269 | if ((method = ossl_method_construct(libctx, operation_id, | |
270 | 0 /* !force_cache */, | |
271 | &mcm, &mcmdata)) != NULL) { | |
272 | /* | |
273 | * If construction did create a method for us, we know that | |
274 | * there is a correct name_id and meth_id, since those have | |
275 | * already been calculated in get_evp_method_from_store() and | |
276 | * put_evp_method_in_store() above. | |
277 | */ | |
278 | if (name_id == 0) | |
279 | name_id = ossl_namemap_name2num(namemap, name); | |
280 | meth_id = evp_method_id(name_id, operation_id); | |
281 | ossl_method_store_cache_set(store, meth_id, properties, method, | |
282 | up_ref_method, free_method); | |
283 | } | |
284 | } | |
285 | ||
286 | return method; | |
287 | } | |
288 | ||
289 | void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, | |
290 | const char *name, const char *properties, | |
291 | void *(*new_method)(int name_id, | |
292 | const OSSL_DISPATCH *fns, | |
293 | OSSL_PROVIDER *prov), | |
294 | int (*up_ref_method)(void *), | |
295 | void (*free_method)(void *)) | |
296 | { | |
297 | void *ret = inner_evp_generic_fetch(libctx, | |
298 | operation_id, 0, name, properties, | |
299 | new_method, up_ref_method, free_method); | |
300 | ||
301 | if (ret == NULL) { | |
302 | int code = EVP_R_FETCH_FAILED; | |
303 | ||
304 | #ifdef FIPS_MODULE | |
305 | ERR_raise(ERR_LIB_EVP, code); | |
306 | #else | |
307 | ERR_raise_data(ERR_LIB_EVP, code, | |
308 | "%s, Algorithm (%s), Properties (%s)", | |
309 | (openssl_ctx_is_default(libctx) | |
310 | ? "Default library context" | |
311 | : "Non-default library context"), | |
312 | name = NULL ? "<null>" : name, | |
313 | properties == NULL ? "<null>" : properties); | |
314 | #endif | |
315 | } | |
316 | return ret; | |
317 | } | |
318 | ||
319 | /* | |
320 | * evp_generic_fetch_by_number() is special, and only returns methods for | |
321 | * already known names, i.e. it refuses to work if no name_id can be found | |
322 | * (it's considered an internal programming error). | |
323 | * This is meant to be used when one method needs to fetch an associated | |
324 | * other method. | |
325 | */ | |
326 | void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id, | |
327 | int name_id, const char *properties, | |
328 | void *(*new_method)(int name_id, | |
329 | const OSSL_DISPATCH *fns, | |
330 | OSSL_PROVIDER *prov), | |
331 | int (*up_ref_method)(void *), | |
332 | void (*free_method)(void *)) | |
333 | { | |
334 | void *ret = inner_evp_generic_fetch(libctx, | |
335 | operation_id, name_id, NULL, | |
336 | properties, new_method, up_ref_method, | |
337 | free_method); | |
338 | ||
339 | if (ret == NULL) { | |
340 | int code = EVP_R_FETCH_FAILED; | |
341 | ||
342 | #ifdef FIPS_MODULE | |
343 | ERR_raise(ERR_LIB_EVP, code); | |
344 | #else | |
345 | { | |
346 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
347 | const char *name = (namemap == NULL) | |
348 | ? NULL | |
349 | : ossl_namemap_num2name(namemap, name_id, 0); | |
350 | ||
351 | ERR_raise_data(ERR_LIB_EVP, code, | |
352 | "%s, Algorithm (%s), Properties (%s)", | |
353 | (openssl_ctx_is_default(libctx) | |
354 | ? "Default library context" | |
355 | : "Non-default library context"), | |
356 | name = NULL ? "<null>" : name, | |
357 | properties == NULL ? "<null>" : properties); | |
358 | } | |
359 | #endif | |
360 | } | |
361 | return ret; | |
362 | } | |
363 | ||
364 | int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) | |
365 | { | |
366 | OSSL_METHOD_STORE *store = get_evp_method_store(libctx); | |
367 | ||
368 | if (store != NULL) | |
369 | return ossl_method_store_set_global_properties(store, propq); | |
370 | EVPerr(0, ERR_R_INTERNAL_ERROR); | |
371 | return 0; | |
372 | } | |
373 | ||
374 | ||
375 | static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) | |
376 | { | |
377 | OSSL_METHOD_STORE *store = get_evp_method_store(libctx); | |
378 | ||
379 | if (store != NULL) | |
380 | return ossl_method_store_merge_global_properties(store, propq); | |
381 | EVPerr(0, ERR_R_INTERNAL_ERROR); | |
382 | return 0; | |
383 | } | |
384 | ||
385 | static int evp_default_property_is_enabled(OPENSSL_CTX *libctx, | |
386 | const char *prop_name) | |
387 | { | |
388 | OSSL_METHOD_STORE *store = get_evp_method_store(libctx); | |
389 | ||
390 | return ossl_method_store_global_property_is_enabled(store, prop_name); | |
391 | } | |
392 | ||
393 | int EVP_default_properties_is_fips_enabled(OPENSSL_CTX *libctx) | |
394 | { | |
395 | return evp_default_property_is_enabled(libctx, "fips"); | |
396 | } | |
397 | ||
398 | int EVP_default_properties_enable_fips(OPENSSL_CTX *libctx, int enable) | |
399 | { | |
400 | const char *query = (enable != 0) ? "fips=yes" : "-fips"; | |
401 | ||
402 | return evp_default_properties_merge(libctx, query); | |
403 | } | |
404 | ||
405 | ||
406 | struct do_all_data_st { | |
407 | void (*user_fn)(void *method, void *arg); | |
408 | void *user_arg; | |
409 | void *(*new_method)(const int name_id, const OSSL_DISPATCH *fns, | |
410 | OSSL_PROVIDER *prov); | |
411 | void (*free_method)(void *); | |
412 | }; | |
413 | ||
414 | static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, | |
415 | int no_store, void *vdata) | |
416 | { | |
417 | struct do_all_data_st *data = vdata; | |
418 | OPENSSL_CTX *libctx = ossl_provider_library_context(provider); | |
419 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
420 | int name_id = ossl_namemap_add_names(namemap, 0, algo->algorithm_names, | |
421 | NAME_SEPARATOR); | |
422 | void *method = NULL; | |
423 | ||
424 | if (name_id != 0) | |
425 | method = data->new_method(name_id, algo->implementation, provider); | |
426 | ||
427 | if (method != NULL) { | |
428 | data->user_fn(method, data->user_arg); | |
429 | data->free_method(method); | |
430 | } | |
431 | } | |
432 | ||
433 | void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, | |
434 | void (*user_fn)(void *method, void *arg), | |
435 | void *user_arg, | |
436 | void *(*new_method)(int name_id, | |
437 | const OSSL_DISPATCH *fns, | |
438 | OSSL_PROVIDER *prov), | |
439 | void (*free_method)(void *)) | |
440 | { | |
441 | struct do_all_data_st data; | |
442 | ||
443 | data.new_method = new_method; | |
444 | data.free_method = free_method; | |
445 | data.user_fn = user_fn; | |
446 | data.user_arg = user_arg; | |
447 | ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data); | |
448 | } | |
449 | ||
450 | const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id) | |
451 | { | |
452 | OPENSSL_CTX *libctx = ossl_provider_library_context(prov); | |
453 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
454 | ||
455 | return ossl_namemap_num2name(namemap, name_id, 0); | |
456 | } | |
457 | ||
458 | int evp_is_a(OSSL_PROVIDER *prov, int number, | |
459 | const char *legacy_name, const char *name) | |
460 | { | |
461 | /* | |
462 | * For a |prov| that is NULL, the library context will be NULL | |
463 | */ | |
464 | OPENSSL_CTX *libctx = ossl_provider_library_context(prov); | |
465 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
466 | ||
467 | if (prov == NULL) | |
468 | number = ossl_namemap_name2num(namemap, legacy_name); | |
469 | return ossl_namemap_name2num(namemap, name) == number; | |
470 | } | |
471 | ||
472 | void evp_names_do_all(OSSL_PROVIDER *prov, int number, | |
473 | void (*fn)(const char *name, void *data), | |
474 | void *data) | |
475 | { | |
476 | OPENSSL_CTX *libctx = ossl_provider_library_context(prov); | |
477 | OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); | |
478 | ||
479 | ossl_namemap_doall_names(namemap, number, fn, data); | |
480 | } |