2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "internal/namemap.h"
11 #include <openssl/lhash.h>
12 #include "crypto/lhash.h" /* ossl_lh_strcasehash */
13 #include "internal/tsan_assist.h"
14 #include "internal/sizes.h"
15 #include "crypto/context.h"
26 DEFINE_LHASH_OF(NAMENUM_ENTRY
);
33 struct ossl_namemap_st
{
35 unsigned int stored
:1; /* If 1, it's stored in a library context */
38 LHASH_OF(NAMENUM_ENTRY
) *namenum
; /* Name->number mapping */
40 TSAN_QUALIFIER
int max_number
; /* Current max number */
45 static unsigned long namenum_hash(const NAMENUM_ENTRY
*n
)
47 return ossl_lh_strcasehash(n
->name
);
50 static int namenum_cmp(const NAMENUM_ENTRY
*a
, const NAMENUM_ENTRY
*b
)
52 return OPENSSL_strcasecmp(a
->name
, b
->name
);
55 static void namenum_free(NAMENUM_ENTRY
*n
)
58 OPENSSL_free(n
->name
);
62 /* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
64 void *ossl_stored_namemap_new(OSSL_LIB_CTX
*libctx
)
66 OSSL_NAMEMAP
*namemap
= ossl_namemap_new();
74 void ossl_stored_namemap_free(void *vnamemap
)
76 OSSL_NAMEMAP
*namemap
= vnamemap
;
78 if (namemap
!= NULL
) {
79 /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
81 ossl_namemap_free(namemap
);
90 int ossl_namemap_empty(OSSL_NAMEMAP
*namemap
)
92 #ifdef TSAN_REQUIRES_LOCKING
99 if (!CRYPTO_THREAD_read_lock(namemap
->lock
))
101 rv
= namemap
->max_number
== 0;
102 CRYPTO_THREAD_unlock(namemap
->lock
);
105 /* Have TSAN support */
106 return namemap
== NULL
|| tsan_load(&namemap
->max_number
) == 0;
110 typedef struct doall_names_data_st
{
116 static void do_name(const NAMENUM_ENTRY
*namenum
, DOALL_NAMES_DATA
*data
)
118 if (namenum
->number
== data
->number
)
119 data
->names
[data
->found
++] = namenum
->name
;
122 IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY
, DOALL_NAMES_DATA
);
125 * Call the callback for all names in the namemap with the given number.
126 * A return value 1 means that the callback was called for all names. A
127 * return value of 0 means that the callback was not called for any names.
129 int ossl_namemap_doall_names(const OSSL_NAMEMAP
*namemap
, int number
,
130 void (*fn
)(const char *name
, void *data
),
133 DOALL_NAMES_DATA cbdata
;
137 cbdata
.number
= number
;
141 * We collect all the names first under a read lock. Subsequently we call
142 * the user function, so that we're not holding the read lock when in user
143 * code. This could lead to deadlocks.
145 if (!CRYPTO_THREAD_read_lock(namemap
->lock
))
148 num_names
= lh_NAMENUM_ENTRY_num_items(namemap
->namenum
);
149 if (num_names
== 0) {
150 CRYPTO_THREAD_unlock(namemap
->lock
);
153 cbdata
.names
= OPENSSL_malloc(sizeof(*cbdata
.names
) * num_names
);
154 if (cbdata
.names
== NULL
) {
155 CRYPTO_THREAD_unlock(namemap
->lock
);
158 lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap
->namenum
, do_name
,
160 CRYPTO_THREAD_unlock(namemap
->lock
);
162 for (i
= 0; i
< cbdata
.found
; i
++)
163 fn(cbdata
.names
[i
], data
);
165 OPENSSL_free(cbdata
.names
);
169 static int namemap_name2num(const OSSL_NAMEMAP
*namemap
,
172 NAMENUM_ENTRY
*namenum_entry
, namenum_tmpl
;
174 namenum_tmpl
.name
= (char *)name
;
175 namenum_tmpl
.number
= 0;
177 lh_NAMENUM_ENTRY_retrieve(namemap
->namenum
, &namenum_tmpl
);
178 return namenum_entry
!= NULL
? namenum_entry
->number
: 0;
181 int ossl_namemap_name2num(const OSSL_NAMEMAP
*namemap
, const char *name
)
187 namemap
= ossl_namemap_stored(NULL
);
193 if (!CRYPTO_THREAD_read_lock(namemap
->lock
))
195 number
= namemap_name2num(namemap
, name
);
196 CRYPTO_THREAD_unlock(namemap
->lock
);
201 int ossl_namemap_name2num_n(const OSSL_NAMEMAP
*namemap
,
202 const char *name
, size_t name_len
)
207 if (name
== NULL
|| (tmp
= OPENSSL_strndup(name
, name_len
)) == NULL
)
210 ret
= ossl_namemap_name2num(namemap
, tmp
);
215 struct num2name_data_st
{
216 size_t idx
; /* Countdown */
217 const char *name
; /* Result */
220 static void do_num2name(const char *name
, void *vdata
)
222 struct num2name_data_st
*data
= vdata
;
226 else if (data
->name
== NULL
)
230 const char *ossl_namemap_num2name(const OSSL_NAMEMAP
*namemap
, int number
,
233 struct num2name_data_st data
;
237 if (!ossl_namemap_doall_names(namemap
, number
, do_num2name
, &data
))
242 static int namemap_add_name_n(OSSL_NAMEMAP
*namemap
, int number
,
243 const char *name
, size_t name_len
)
245 NAMENUM_ENTRY
*namenum
= NULL
;
247 char *tmp
= OPENSSL_strndup(name
, name_len
);
252 /* If it already exists, we don't add it */
253 if ((tmp_number
= namemap_name2num(namemap
, tmp
)) != 0) {
258 if ((namenum
= OPENSSL_zalloc(sizeof(*namenum
))) == NULL
)
262 /* The tsan_counter use here is safe since we're under lock */
264 number
!= 0 ? number
: 1 + tsan_counter(&namemap
->max_number
);
265 (void)lh_NAMENUM_ENTRY_insert(namemap
->namenum
, namenum
);
267 if (lh_NAMENUM_ENTRY_error(namemap
->namenum
))
269 return namenum
->number
;
273 OPENSSL_free(namenum
);
277 int ossl_namemap_add_name_n(OSSL_NAMEMAP
*namemap
, int number
,
278 const char *name
, size_t name_len
)
284 namemap
= ossl_namemap_stored(NULL
);
287 if (name
== NULL
|| name_len
== 0 || namemap
== NULL
)
290 if (!CRYPTO_THREAD_write_lock(namemap
->lock
))
292 tmp_number
= namemap_add_name_n(namemap
, number
, name
, name_len
);
293 CRYPTO_THREAD_unlock(namemap
->lock
);
297 int ossl_namemap_add_name(OSSL_NAMEMAP
*namemap
, int number
, const char *name
)
302 return ossl_namemap_add_name_n(namemap
, number
, name
, strlen(name
));
305 int ossl_namemap_add_names(OSSL_NAMEMAP
*namemap
, int number
,
306 const char *names
, const char separator
)
311 /* Check that we have a namemap */
312 if (!ossl_assert(namemap
!= NULL
)) {
313 ERR_raise(ERR_LIB_CRYPTO
, ERR_R_PASSED_NULL_PARAMETER
);
317 if (!CRYPTO_THREAD_write_lock(namemap
->lock
))
320 * Check that no name is an empty string, and that all names have at
321 * most one numeric identity together.
323 for (p
= names
; *p
!= '\0'; p
= (q
== NULL
? p
+ l
: q
+ 1)) {
328 if ((q
= strchr(p
, separator
)) == NULL
) {
329 l
= strlen(p
); /* offset to \0 */
333 l
= q
- p
; /* offset to the next separator */
334 tmp
= allocated
= OPENSSL_strndup(p
, l
);
339 this_number
= namemap_name2num(namemap
, tmp
);
340 OPENSSL_free(allocated
);
342 if (*p
== '\0' || *p
== separator
) {
343 ERR_raise(ERR_LIB_CRYPTO
, CRYPTO_R_BAD_ALGORITHM_NAME
);
347 number
= this_number
;
348 } else if (this_number
!= 0 && this_number
!= number
) {
349 ERR_raise_data(ERR_LIB_CRYPTO
, CRYPTO_R_CONFLICTING_NAMES
,
350 "\"%.*s\" has an existing different identity %d (from \"%s\")",
351 l
, p
, this_number
, names
);
356 /* Now that we have checked, register all names */
357 for (p
= names
; *p
!= '\0'; p
= (q
== NULL
? p
+ l
: q
+ 1)) {
360 if ((q
= strchr(p
, separator
)) == NULL
)
361 l
= strlen(p
); /* offset to \0 */
363 l
= q
- p
; /* offset to the next separator */
365 this_number
= namemap_add_name_n(namemap
, number
, p
, l
);
367 number
= this_number
;
368 } else if (this_number
!= number
) {
369 ERR_raise_data(ERR_LIB_CRYPTO
, ERR_R_INTERNAL_ERROR
,
370 "Got number %d when expecting %d",
371 this_number
, number
);
376 CRYPTO_THREAD_unlock(namemap
->lock
);
380 CRYPTO_THREAD_unlock(namemap
->lock
);
390 #include <openssl/evp.h>
392 /* Creates an initial namemap with names found in the legacy method db */
393 static void get_legacy_evp_names(int base_nid
, int nid
, const char *pem_name
,
399 if (base_nid
!= NID_undef
) {
400 num
= ossl_namemap_add_name(arg
, num
, OBJ_nid2sn(base_nid
));
401 num
= ossl_namemap_add_name(arg
, num
, OBJ_nid2ln(base_nid
));
404 if (nid
!= NID_undef
) {
405 num
= ossl_namemap_add_name(arg
, num
, OBJ_nid2sn(nid
));
406 num
= ossl_namemap_add_name(arg
, num
, OBJ_nid2ln(nid
));
407 if ((obj
= OBJ_nid2obj(nid
)) != NULL
) {
408 char txtoid
[OSSL_MAX_NAME_SIZE
];
410 if (OBJ_obj2txt(txtoid
, sizeof(txtoid
), obj
, 1) > 0)
411 num
= ossl_namemap_add_name(arg
, num
, txtoid
);
414 if (pem_name
!= NULL
)
415 num
= ossl_namemap_add_name(arg
, num
, pem_name
);
418 static void get_legacy_cipher_names(const OBJ_NAME
*on
, void *arg
)
420 const EVP_CIPHER
*cipher
= (void *)OBJ_NAME_get(on
->name
, on
->type
);
423 get_legacy_evp_names(NID_undef
, EVP_CIPHER_get_type(cipher
), NULL
, arg
);
426 static void get_legacy_md_names(const OBJ_NAME
*on
, void *arg
)
428 const EVP_MD
*md
= (void *)OBJ_NAME_get(on
->name
, on
->type
);
431 get_legacy_evp_names(0, EVP_MD_get_type(md
), NULL
, arg
);
434 static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD
*ameth
,
437 int nid
= 0, base_nid
= 0, flags
= 0;
438 const char *pem_name
= NULL
;
440 EVP_PKEY_asn1_get0_info(&nid
, &base_nid
, &flags
, NULL
, &pem_name
, ameth
);
441 if (nid
!= NID_undef
) {
442 if ((flags
& ASN1_PKEY_ALIAS
) == 0) {
445 /* We know that the name "DHX" is used too */
446 get_legacy_evp_names(0, nid
, "DHX", arg
);
449 get_legacy_evp_names(0, nid
, pem_name
, arg
);
453 * Treat aliases carefully, some of them are undesirable, or
454 * should not be treated as such for providers.
460 * SM2 is a separate keytype with providers, not an alias for
463 get_legacy_evp_names(0, nid
, pem_name
, arg
);
466 /* Use the short name of the base nid as the common reference */
467 get_legacy_evp_names(base_nid
, nid
, pem_name
, arg
);
475 * Constructors / destructors
476 * ==========================
479 OSSL_NAMEMAP
*ossl_namemap_stored(OSSL_LIB_CTX
*libctx
)
484 OSSL_NAMEMAP
*namemap
=
485 ossl_lib_ctx_get_data(libctx
, OSSL_LIB_CTX_NAMEMAP_INDEX
);
491 nms
= ossl_namemap_empty(namemap
);
494 * Could not get lock to make the count, so maybe internal objects
495 * weren't added. This seems safest.
502 /* Before pilfering, we make sure the legacy database is populated */
503 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
504 | OPENSSL_INIT_ADD_ALL_DIGESTS
, NULL
);
506 OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH
,
507 get_legacy_cipher_names
, namemap
);
508 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH
,
509 get_legacy_md_names
, namemap
);
511 /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
512 for (i
= 0, end
= EVP_PKEY_asn1_get_count(); i
< end
; i
++)
513 get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i
), namemap
);
520 OSSL_NAMEMAP
*ossl_namemap_new(void)
522 OSSL_NAMEMAP
*namemap
;
524 if ((namemap
= OPENSSL_zalloc(sizeof(*namemap
))) != NULL
525 && (namemap
->lock
= CRYPTO_THREAD_lock_new()) != NULL
526 && (namemap
->namenum
=
527 lh_NAMENUM_ENTRY_new(namenum_hash
, namenum_cmp
)) != NULL
)
530 ossl_namemap_free(namemap
);
534 void ossl_namemap_free(OSSL_NAMEMAP
*namemap
)
536 if (namemap
== NULL
|| namemap
->stored
)
539 lh_NAMENUM_ENTRY_doall(namemap
->namenum
, namenum_free
);
540 lh_NAMENUM_ENTRY_free(namemap
->namenum
);
542 CRYPTO_THREAD_lock_free(namemap
->lock
);
543 OPENSSL_free(namemap
);