]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/evp/evp_fetch.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CORE: ossl_namemap_add_names(): new function to add multiple names
[thirdparty/openssl.git] / crypto / evp / evp_fetch.c
1 /*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stddef.h>
11 #include <openssl/types.h>
12 #include <openssl/evp.h>
13 #include <openssl/core.h>
14 #include "internal/cryptlib.h"
15 #include "internal/thread_once.h"
16 #include "internal/property.h"
17 #include "internal/core.h"
18 #include "internal/provider.h"
19 #include "internal/namemap.h"
20 #include "crypto/evp.h" /* evp_local.h needs it */
21 #include "evp_local.h"
22
23 #define NAME_SEPARATOR ':'
24
25 static void evp_method_store_free(void *vstore)
26 {
27 ossl_method_store_free(vstore);
28 }
29
30 static void *evp_method_store_new(OPENSSL_CTX *ctx)
31 {
32 return ossl_method_store_new(ctx);
33 }
34
35
36 static const OPENSSL_CTX_METHOD evp_method_store_method = {
37 evp_method_store_new,
38 evp_method_store_free,
39 };
40
41 /* Data to be passed through ossl_method_construct() */
42 struct evp_method_data_st {
43 OPENSSL_CTX *libctx;
44 OSSL_METHOD_CONSTRUCT_METHOD *mcm;
45 int operation_id; /* For get_evp_method_from_store() */
46 int name_id; /* For get_evp_method_from_store() */
47 const char *names; /* For get_evp_method_from_store() */
48 const char *propquery; /* For get_evp_method_from_store() */
49 void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *,
50 OSSL_PROVIDER *);
51 int (*refcnt_up_method)(void *method);
52 void (*destruct_method)(void *method);
53 };
54
55 #ifndef FIPS_MODE
56 /* Creates an initial namemap with names found in the legacy method db */
57 static void get_legacy_evp_names(const char *main_name, const char *alias,
58 void *arg)
59 {
60 int main_id = ossl_namemap_add_name(arg, 0, main_name);
61
62 /*
63 * We could check that the returned value is the same as main_id,
64 * but since this is a void function, there's no sane way to report
65 * the error. The best we can do is trust ourselve to keep the legacy
66 * method database conflict free.
67 *
68 * This registers any alias with the same number as the main name.
69 * Should it be that the current |on| *has* the main name, this is
70 * simply a no-op.
71 */
72 if (alias != NULL)
73 (void)ossl_namemap_add_name(arg, main_id, alias);
74 }
75
76 static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
77 {
78 const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
79
80 get_legacy_evp_names(EVP_CIPHER_name(cipher), on->name, arg);
81 }
82
83 static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
84 {
85 const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
86 /* We don't want the pkey_type names, so we need some extra care */
87 int snid, lnid;
88
89 snid = OBJ_sn2nid(on->name);
90 lnid = OBJ_ln2nid(on->name);
91 if (snid != EVP_MD_pkey_type(md) && lnid != EVP_MD_pkey_type(md))
92 get_legacy_evp_names(EVP_MD_name(md), on->name, arg);
93 else
94 get_legacy_evp_names(EVP_MD_name(md), NULL, arg);
95 }
96 #endif
97
98 static OSSL_NAMEMAP *get_prepopulated_namemap(OPENSSL_CTX *libctx)
99 {
100 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
101
102 #ifndef FIPS_MODE
103 if (namemap != NULL && ossl_namemap_empty(namemap)) {
104 /* Before pilfering, we make sure the legacy database is populated */
105 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
106 |OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
107
108 OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
109 get_legacy_cipher_names, namemap);
110 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
111 get_legacy_md_names, namemap);
112 }
113 #endif
114
115 return namemap;
116 }
117
118 /*
119 * Generic routines to fetch / create EVP methods with ossl_method_construct()
120 */
121 static void *alloc_tmp_evp_method_store(OPENSSL_CTX *ctx)
122 {
123 return ossl_method_store_new(ctx);
124 }
125
126 static void dealloc_tmp_evp_method_store(void *store)
127 {
128 if (store != NULL)
129 ossl_method_store_free(store);
130 }
131
132 static OSSL_METHOD_STORE *get_evp_method_store(OPENSSL_CTX *libctx)
133 {
134 return openssl_ctx_get_data(libctx, OPENSSL_CTX_EVP_METHOD_STORE_INDEX,
135 &evp_method_store_method);
136 }
137
138 /*
139 * To identity the method in the EVP method store, we mix the name identity
140 * with the operation identity, with the assumption that we don't have more
141 * than 2^24 names or more than 2^8 operation types.
142 *
143 * The resulting identity is a 32-bit integer, composed like this:
144 *
145 * +---------24 bits--------+-8 bits-+
146 * | name identity | op id |
147 * +------------------------+--------+
148 */
149 static uint32_t evp_method_id(unsigned int operation_id, int name_id)
150 {
151 if (!ossl_assert(name_id < (1 << 24) || operation_id < (1 << 8))
152 || !ossl_assert(name_id > 0 && operation_id > 0))
153 return 0;
154 return ((name_id << 8) & 0xFFFFFF00) | (operation_id & 0x000000FF);
155 }
156
157 static void *get_evp_method_from_store(OPENSSL_CTX *libctx, void *store,
158 void *data)
159 {
160 struct evp_method_data_st *methdata = data;
161 void *method = NULL;
162 int name_id;
163 uint32_t meth_id;
164
165 /*
166 * get_evp_method_from_store() is only called to try and get the method
167 * that evp_generic_fetch() is asking for, and the operation id as well
168 * as the name or name id are passed via methdata.
169 */
170 if ((name_id = methdata->name_id) == 0) {
171 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
172 const char *names = methdata->names;
173 const char *q = strchr(names, NAME_SEPARATOR);
174 size_t l = (q == NULL ? strlen(names) : (size_t)(q - names));
175
176 if (namemap == 0)
177 return NULL;
178 name_id = ossl_namemap_name2num_n(namemap, names, l);
179 }
180
181 if (name_id == 0
182 || (meth_id = evp_method_id(methdata->operation_id, name_id)) == 0)
183 return NULL;
184
185 if (store == NULL
186 && (store = get_evp_method_store(libctx)) == NULL)
187 return NULL;
188
189 if (!ossl_method_store_fetch(store, meth_id, methdata->propquery,
190 &method))
191 return NULL;
192 return method;
193 }
194
195 static int put_evp_method_in_store(OPENSSL_CTX *libctx, void *store,
196 void *method, const OSSL_PROVIDER *prov,
197 int operation_id, const char *names,
198 const char *propdef, void *data)
199 {
200 struct evp_method_data_st *methdata = data;
201 OSSL_NAMEMAP *namemap;
202 int name_id;
203 uint32_t meth_id;
204 size_t l = 0;
205
206 /*
207 * put_evp_method_in_store() is only called with an EVP method that was
208 * successfully created by construct_method() below, which means that
209 * all the names should already be stored in the namemap with the same
210 * numeric identity, so just use the first to get that identity.
211 */
212 if (names != NULL) {
213 const char *q = strchr(names, NAME_SEPARATOR);
214
215 l = (q == NULL ? strlen(names) : (size_t)(q - names));
216 }
217
218 if ((namemap = ossl_namemap_stored(libctx)) == NULL
219 || (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0
220 || (meth_id = evp_method_id(operation_id, name_id)) == 0)
221 return 0;
222
223 if (store == NULL
224 && (store = get_evp_method_store(libctx)) == NULL)
225 return 0;
226
227 return ossl_method_store_add(store, prov, meth_id, propdef, method,
228 methdata->refcnt_up_method,
229 methdata->destruct_method);
230 }
231
232 /*
233 * The core fetching functionality passes the name of the implementation.
234 * This function is responsible to getting an identity number for it.
235 */
236 static void *construct_evp_method(const char *names, const OSSL_DISPATCH *fns,
237 OSSL_PROVIDER *prov, void *data)
238 {
239 /*
240 * This function is only called if get_evp_method_from_store() returned
241 * NULL, so it's safe to say that of all the spots to create a new
242 * namemap entry, this is it. Should the name already exist there, we
243 * know that ossl_namemap_add_name() will return its corresponding
244 * number.
245 */
246 struct evp_method_data_st *methdata = data;
247 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
248 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
249 int name_id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR);
250
251 if (name_id == 0)
252 return NULL;
253 return methdata->method_from_dispatch(name_id, fns, prov);
254 }
255
256 static void destruct_evp_method(void *method, void *data)
257 {
258 struct evp_method_data_st *methdata = data;
259
260 methdata->destruct_method(method);
261 }
262
263 static void *
264 inner_evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id,
265 int name_id, const char *name,
266 const char *properties,
267 void *(*new_method)(int name_id,
268 const OSSL_DISPATCH *fns,
269 OSSL_PROVIDER *prov),
270 int (*up_ref_method)(void *),
271 void (*free_method)(void *))
272 {
273 OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
274 OSSL_NAMEMAP *namemap = get_prepopulated_namemap(libctx);
275 uint32_t meth_id = 0;
276 void *method = NULL;
277
278 if (store == NULL || namemap == NULL)
279 return NULL;
280
281 /*
282 * If there's ever an operation_id == 0 passed, we have an internal
283 * programming error.
284 */
285 if (!ossl_assert(operation_id > 0))
286 return NULL;
287
288 /*
289 * If we have been passed neither a name_id or a name, we have an
290 * internal programming error.
291 */
292 if (!ossl_assert(name_id != 0 || name != NULL))
293 return NULL;
294
295 /* If we haven't received a name id yet, try to get one for the name */
296 if (name_id == 0)
297 name_id = ossl_namemap_name2num(namemap, name);
298
299 /*
300 * If we have a name id, calculate a method id with evp_method_id().
301 *
302 * evp_method_id returns 0 if we have too many operations (more than
303 * about 2^8) or too many names (more than about 2^24). In that case,
304 * we can't create any new method.
305 */
306 if (name_id != 0 && (meth_id = evp_method_id(operation_id, name_id)) == 0)
307 return NULL;
308
309 if (meth_id == 0
310 || !ossl_method_store_cache_get(store, meth_id, properties, &method)) {
311 OSSL_METHOD_CONSTRUCT_METHOD mcm = {
312 alloc_tmp_evp_method_store,
313 dealloc_tmp_evp_method_store,
314 get_evp_method_from_store,
315 put_evp_method_in_store,
316 construct_evp_method,
317 destruct_evp_method
318 };
319 struct evp_method_data_st mcmdata;
320
321 mcmdata.mcm = &mcm;
322 mcmdata.libctx = libctx;
323 mcmdata.operation_id = operation_id;
324 mcmdata.name_id = name_id;
325 mcmdata.names = name;
326 mcmdata.propquery = properties;
327 mcmdata.method_from_dispatch = new_method;
328 mcmdata.refcnt_up_method = up_ref_method;
329 mcmdata.destruct_method = free_method;
330 if ((method = ossl_method_construct(libctx, operation_id,
331 0 /* !force_cache */,
332 &mcm, &mcmdata)) != NULL) {
333 /*
334 * If construction did create a method for us, we know that
335 * there is a correct name_id and meth_id, since those have
336 * already been calculated in get_evp_method_from_store() and
337 * put_evp_method_in_store() above.
338 */
339 if (name_id == 0)
340 name_id = ossl_namemap_name2num(namemap, name);
341 meth_id = evp_method_id(operation_id, name_id);
342 ossl_method_store_cache_set(store, meth_id, properties, method,
343 up_ref_method, free_method);
344 }
345 }
346
347 return method;
348 }
349
350 void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id,
351 const char *name, const char *properties,
352 void *(*new_method)(int name_id,
353 const OSSL_DISPATCH *fns,
354 OSSL_PROVIDER *prov),
355 int (*up_ref_method)(void *),
356 void (*free_method)(void *))
357 {
358 return inner_evp_generic_fetch(libctx,
359 operation_id, 0, name, properties,
360 new_method, up_ref_method, free_method);
361 }
362
363 /*
364 * evp_generic_fetch_by_number() is special, and only returns methods for
365 * already known names, i.e. it refuses to work if no name_id can be found
366 * (it's considered an internal programming error).
367 * This is meant to be used when one method needs to fetch an associated
368 * other method.
369 */
370 void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id,
371 int name_id, const char *properties,
372 void *(*new_method)(int name_id,
373 const OSSL_DISPATCH *fns,
374 OSSL_PROVIDER *prov),
375 int (*up_ref_method)(void *),
376 void (*free_method)(void *))
377 {
378 return inner_evp_generic_fetch(libctx,
379 operation_id, name_id, NULL, properties,
380 new_method, up_ref_method, free_method);
381 }
382
383 int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq)
384 {
385 OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
386
387 if (store != NULL)
388 return ossl_method_store_set_global_properties(store, propq);
389 EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR);
390 return 0;
391 }
392
393 struct do_all_data_st {
394 void (*user_fn)(void *method, void *arg);
395 void *user_arg;
396 void *(*new_method)(const int name_id, const OSSL_DISPATCH *fns,
397 OSSL_PROVIDER *prov);
398 void (*free_method)(void *);
399 };
400
401 static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo,
402 int no_store, void *vdata)
403 {
404 struct do_all_data_st *data = vdata;
405 OPENSSL_CTX *libctx = ossl_provider_library_context(provider);
406 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
407 int name_id = ossl_namemap_add_names(namemap, 0, algo->algorithm_names,
408 NAME_SEPARATOR);
409 void *method = NULL;
410
411 if (name_id != 0)
412 method = data->new_method(name_id, algo->implementation, provider);
413
414 if (method != NULL) {
415 data->user_fn(method, data->user_arg);
416 data->free_method(method);
417 }
418 }
419
420 void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id,
421 void (*user_fn)(void *method, void *arg),
422 void *user_arg,
423 void *(*new_method)(int name_id,
424 const OSSL_DISPATCH *fns,
425 OSSL_PROVIDER *prov),
426 void (*free_method)(void *))
427 {
428 struct do_all_data_st data;
429
430 data.new_method = new_method;
431 data.free_method = free_method;
432 data.user_fn = user_fn;
433 data.user_arg = user_arg;
434 ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data);
435 }
436
437 const char *evp_first_name(OSSL_PROVIDER *prov, int name_id)
438 {
439 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
440 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
441
442 return ossl_namemap_num2name(namemap, name_id, 0);
443 }
444
445 int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name)
446 {
447 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
448 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
449
450 return ossl_namemap_name2num(namemap, name) == number;
451 }
452
453 void evp_names_do_all(OSSL_PROVIDER *prov, int number,
454 void (*fn)(const char *name, void *data),
455 void *data)
456 {
457 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
458 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
459
460 ossl_namemap_doall_names(namemap, number, fn, data);
461 }
A mirror of the official openssl repository