]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/core_namemap.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA
[thirdparty/openssl.git] / crypto / core_namemap.c
1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "internal/e_os.h" /* strcasecmp */
11 #include "internal/namemap.h"
12 #include <openssl/lhash.h>
13 #include "crypto/lhash.h" /* ossl_lh_strcasehash */
14 #include "internal/tsan_assist.h"
15 #include "internal/sizes.h"
16 #include "crypto/context.h"
17
18 /*-
19 * The namenum entry
20 * =================
21 */
22 typedef struct {
23 char *name;
24 int number;
25 } NAMENUM_ENTRY;
26
27 DEFINE_LHASH_OF(NAMENUM_ENTRY);
28
29 /*-
30 * The namemap itself
31 * ==================
32 */
33
34 struct ossl_namemap_st {
35 /* Flags */
36 unsigned int stored:1; /* If 1, it's stored in a library context */
37
38 CRYPTO_RWLOCK *lock;
39 LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */
40
41 TSAN_QUALIFIER int max_number; /* Current max number */
42 };
43
44 /* LHASH callbacks */
45
46 static unsigned long namenum_hash(const NAMENUM_ENTRY *n)
47 {
48 return ossl_lh_strcasehash(n->name);
49 }
50
51 static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b)
52 {
53 return strcasecmp(a->name, b->name);
54 }
55
56 static void namenum_free(NAMENUM_ENTRY *n)
57 {
58 if (n != NULL)
59 OPENSSL_free(n->name);
60 OPENSSL_free(n);
61 }
62
63 /* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
64
65 void *ossl_stored_namemap_new(OSSL_LIB_CTX *libctx)
66 {
67 OSSL_NAMEMAP *namemap = ossl_namemap_new();
68
69 if (namemap != NULL)
70 namemap->stored = 1;
71
72 return namemap;
73 }
74
75 void ossl_stored_namemap_free(void *vnamemap)
76 {
77 OSSL_NAMEMAP *namemap = vnamemap;
78
79 if (namemap != NULL) {
80 /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
81 namemap->stored = 0;
82 ossl_namemap_free(namemap);
83 }
84 }
85
86 /*-
87 * API functions
88 * =============
89 */
90
91 int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
92 {
93 #ifdef TSAN_REQUIRES_LOCKING
94 /* No TSAN support */
95 int rv;
96
97 if (namemap == NULL)
98 return 1;
99
100 if (!CRYPTO_THREAD_read_lock(namemap->lock))
101 return -1;
102 rv = namemap->max_number == 0;
103 CRYPTO_THREAD_unlock(namemap->lock);
104 return rv;
105 #else
106 /* Have TSAN support */
107 return namemap == NULL || tsan_load(&namemap->max_number) == 0;
108 #endif
109 }
110
111 typedef struct doall_names_data_st {
112 int number;
113 const char **names;
114 int found;
115 } DOALL_NAMES_DATA;
116
117 static void do_name(const NAMENUM_ENTRY *namenum, DOALL_NAMES_DATA *data)
118 {
119 if (namenum->number == data->number)
120 data->names[data->found++] = namenum->name;
121 }
122
123 IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA);
124
125 /*
126 * Call the callback for all names in the namemap with the given number.
127 * A return value 1 means that the callback was called for all names. A
128 * return value of 0 means that the callback was not called for any names.
129 */
130 int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
131 void (*fn)(const char *name, void *data),
132 void *data)
133 {
134 DOALL_NAMES_DATA cbdata;
135 size_t num_names;
136 int i;
137
138 cbdata.number = number;
139 cbdata.found = 0;
140
141 /*
142 * We collect all the names first under a read lock. Subsequently we call
143 * the user function, so that we're not holding the read lock when in user
144 * code. This could lead to deadlocks.
145 */
146 if (!CRYPTO_THREAD_read_lock(namemap->lock))
147 return 0;
148
149 num_names = lh_NAMENUM_ENTRY_num_items(namemap->namenum);
150 if (num_names == 0) {
151 CRYPTO_THREAD_unlock(namemap->lock);
152 return 0;
153 }
154 cbdata.names = OPENSSL_malloc(sizeof(*cbdata.names) * num_names);
155 if (cbdata.names == NULL) {
156 CRYPTO_THREAD_unlock(namemap->lock);
157 return 0;
158 }
159 lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name,
160 &cbdata);
161 CRYPTO_THREAD_unlock(namemap->lock);
162
163 for (i = 0; i < cbdata.found; i++)
164 fn(cbdata.names[i], data);
165
166 OPENSSL_free(cbdata.names);
167 return 1;
168 }
169
170 static int namemap_name2num_n(const OSSL_NAMEMAP *namemap,
171 const char *name, size_t name_len)
172 {
173 NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
174
175 if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL)
176 return 0;
177 namenum_tmpl.number = 0;
178 namenum_entry =
179 lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl);
180 OPENSSL_free(namenum_tmpl.name);
181 return namenum_entry != NULL ? namenum_entry->number : 0;
182 }
183
184 int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
185 const char *name, size_t name_len)
186 {
187 int number;
188
189 #ifndef FIPS_MODULE
190 if (namemap == NULL)
191 namemap = ossl_namemap_stored(NULL);
192 #endif
193
194 if (namemap == NULL)
195 return 0;
196
197 if (!CRYPTO_THREAD_read_lock(namemap->lock))
198 return 0;
199 number = namemap_name2num_n(namemap, name, name_len);
200 CRYPTO_THREAD_unlock(namemap->lock);
201
202 return number;
203 }
204
205 int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name)
206 {
207 if (name == NULL)
208 return 0;
209
210 return ossl_namemap_name2num_n(namemap, name, strlen(name));
211 }
212
213 struct num2name_data_st {
214 size_t idx; /* Countdown */
215 const char *name; /* Result */
216 };
217
218 static void do_num2name(const char *name, void *vdata)
219 {
220 struct num2name_data_st *data = vdata;
221
222 if (data->idx > 0)
223 data->idx--;
224 else if (data->name == NULL)
225 data->name = name;
226 }
227
228 const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
229 size_t idx)
230 {
231 struct num2name_data_st data;
232
233 data.idx = idx;
234 data.name = NULL;
235 if (!ossl_namemap_doall_names(namemap, number, do_num2name, &data))
236 return NULL;
237 return data.name;
238 }
239
240 static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
241 const char *name, size_t name_len)
242 {
243 NAMENUM_ENTRY *namenum = NULL;
244 int tmp_number;
245
246 /* If it already exists, we don't add it */
247 if ((tmp_number = namemap_name2num_n(namemap, name, name_len)) != 0)
248 return tmp_number;
249
250 if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL
251 || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL)
252 goto err;
253
254 /* The tsan_counter use here is safe since we're under lock */
255 namenum->number =
256 number != 0 ? number : 1 + tsan_counter(&namemap->max_number);
257 (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum);
258
259 if (lh_NAMENUM_ENTRY_error(namemap->namenum))
260 goto err;
261 return namenum->number;
262
263 err:
264 namenum_free(namenum);
265 return 0;
266 }
267
268 int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
269 const char *name, size_t name_len)
270 {
271 int tmp_number;
272
273 #ifndef FIPS_MODULE
274 if (namemap == NULL)
275 namemap = ossl_namemap_stored(NULL);
276 #endif
277
278 if (name == NULL || name_len == 0 || namemap == NULL)
279 return 0;
280
281 if (!CRYPTO_THREAD_write_lock(namemap->lock))
282 return 0;
283 tmp_number = namemap_add_name_n(namemap, number, name, name_len);
284 CRYPTO_THREAD_unlock(namemap->lock);
285 return tmp_number;
286 }
287
288 int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name)
289 {
290 if (name == NULL)
291 return 0;
292
293 return ossl_namemap_add_name_n(namemap, number, name, strlen(name));
294 }
295
296 int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
297 const char *names, const char separator)
298 {
299 const char *p, *q;
300 size_t l;
301
302 /* Check that we have a namemap */
303 if (!ossl_assert(namemap != NULL)) {
304 ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
305 return 0;
306 }
307
308 if (!CRYPTO_THREAD_write_lock(namemap->lock))
309 return 0;
310 /*
311 * Check that no name is an empty string, and that all names have at
312 * most one numeric identity together.
313 */
314 for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
315 int this_number;
316
317 if ((q = strchr(p, separator)) == NULL)
318 l = strlen(p); /* offset to \0 */
319 else
320 l = q - p; /* offset to the next separator */
321
322 this_number = namemap_name2num_n(namemap, p, l);
323
324 if (*p == '\0' || *p == separator) {
325 ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
326 goto err;
327 }
328 if (number == 0) {
329 number = this_number;
330 } else if (this_number != 0 && this_number != number) {
331 ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
332 "\"%.*s\" has an existing different identity %d (from \"%s\")",
333 l, p, this_number, names);
334 goto err;
335 }
336 }
337
338 /* Now that we have checked, register all names */
339 for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
340 int this_number;
341
342 if ((q = strchr(p, separator)) == NULL)
343 l = strlen(p); /* offset to \0 */
344 else
345 l = q - p; /* offset to the next separator */
346
347 this_number = namemap_add_name_n(namemap, number, p, l);
348 if (number == 0) {
349 number = this_number;
350 } else if (this_number != number) {
351 ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
352 "Got number %d when expecting %d",
353 this_number, number);
354 goto err;
355 }
356 }
357
358 CRYPTO_THREAD_unlock(namemap->lock);
359 return number;
360
361 err:
362 CRYPTO_THREAD_unlock(namemap->lock);
363 return 0;
364 }
365
366 /*-
367 * Pre-population
368 * ==============
369 */
370
371 #ifndef FIPS_MODULE
372 #include <openssl/evp.h>
373
374 /* Creates an initial namemap with names found in the legacy method db */
375 static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
376 void *arg)
377 {
378 int num = 0;
379 ASN1_OBJECT *obj;
380
381 if (base_nid != NID_undef) {
382 num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
383 num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
384 }
385
386 if (nid != NID_undef) {
387 num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
388 num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
389 if ((obj = OBJ_nid2obj(nid)) != NULL) {
390 char txtoid[OSSL_MAX_NAME_SIZE];
391
392 if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0)
393 num = ossl_namemap_add_name(arg, num, txtoid);
394 }
395 }
396 if (pem_name != NULL)
397 num = ossl_namemap_add_name(arg, num, pem_name);
398 }
399
400 static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
401 {
402 const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
403
404 if (cipher != NULL)
405 get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
406 }
407
408 static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
409 {
410 const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
411
412 if (md != NULL)
413 get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
414 }
415
416 static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
417 void *arg)
418 {
419 int nid = 0, base_nid = 0, flags = 0;
420 const char *pem_name = NULL;
421
422 EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
423 if (nid != NID_undef) {
424 if ((flags & ASN1_PKEY_ALIAS) == 0) {
425 switch (nid) {
426 case EVP_PKEY_DHX:
427 /* We know that the name "DHX" is used too */
428 get_legacy_evp_names(0, nid, "DHX", arg);
429 /* FALLTHRU */
430 default:
431 get_legacy_evp_names(0, nid, pem_name, arg);
432 }
433 } else {
434 /*
435 * Treat aliases carefully, some of them are undesirable, or
436 * should not be treated as such for providers.
437 */
438
439 switch (nid) {
440 case EVP_PKEY_SM2:
441 /*
442 * SM2 is a separate keytype with providers, not an alias for
443 * EC.
444 */
445 get_legacy_evp_names(0, nid, pem_name, arg);
446 break;
447 default:
448 /* Use the short name of the base nid as the common reference */
449 get_legacy_evp_names(base_nid, nid, pem_name, arg);
450 }
451 }
452 }
453 }
454 #endif
455
456 /*-
457 * Constructors / destructors
458 * ==========================
459 */
460
461 OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
462 {
463 #ifndef FIPS_MODULE
464 int nms;
465 #endif
466 OSSL_NAMEMAP *namemap =
467 ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX);
468
469 if (namemap == NULL)
470 return NULL;
471
472 #ifndef FIPS_MODULE
473 nms = ossl_namemap_empty(namemap);
474 if (nms < 0) {
475 /*
476 * Could not get lock to make the count, so maybe internal objects
477 * weren't added. This seems safest.
478 */
479 return NULL;
480 }
481 if (nms == 1) {
482 int i, end;
483
484 /* Before pilfering, we make sure the legacy database is populated */
485 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
486 | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
487
488 OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
489 get_legacy_cipher_names, namemap);
490 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
491 get_legacy_md_names, namemap);
492
493 /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
494 for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
495 get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
496 }
497 #endif
498
499 return namemap;
500 }
501
502 OSSL_NAMEMAP *ossl_namemap_new(void)
503 {
504 OSSL_NAMEMAP *namemap;
505
506 if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL
507 && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL
508 && (namemap->namenum =
509 lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL)
510 return namemap;
511
512 ossl_namemap_free(namemap);
513 return NULL;
514 }
515
516 void ossl_namemap_free(OSSL_NAMEMAP *namemap)
517 {
518 if (namemap == NULL || namemap->stored)
519 return;
520
521 lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free);
522 lh_NAMENUM_ENTRY_free(namemap->namenum);
523
524 CRYPTO_THREAD_lock_free(namemap->lock);
525 OPENSSL_free(namemap);
526 }
A mirror of the official openssl repository