]>
Commit | Line | Data |
---|---|---|
f2182a4e | 1 | /* |
33388b44 | 2 | * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. |
f2182a4e RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
a9550b74 | 10 | #include "e_os.h" /* strcasecmp */ |
f2182a4e RL |
11 | #include "internal/namemap.h" |
12 | #include <openssl/lhash.h> | |
25f2138b | 13 | #include "crypto/lhash.h" /* openssl_lh_strcasehash */ |
f2182a4e | 14 | |
651d4418 RL |
15 | /*- |
16 | * The namenum entry | |
17 | * ================= | |
18 | */ | |
f2182a4e | 19 | typedef struct { |
651d4418 | 20 | char *name; |
f2182a4e | 21 | int number; |
651d4418 | 22 | } NAMENUM_ENTRY; |
f2182a4e | 23 | |
651d4418 | 24 | DEFINE_LHASH_OF(NAMENUM_ENTRY); |
f2182a4e | 25 | |
651d4418 RL |
26 | /*- |
27 | * The namemap itself | |
28 | * ================== | |
29 | */ | |
f2182a4e RL |
30 | |
31 | struct ossl_namemap_st { | |
32 | /* Flags */ | |
33 | unsigned int stored:1; /* If 1, it's stored in a library context */ | |
34 | ||
35 | CRYPTO_RWLOCK *lock; | |
651d4418 RL |
36 | LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ |
37 | int max_number; /* Current max number */ | |
f2182a4e RL |
38 | }; |
39 | ||
40 | /* LHASH callbacks */ | |
41 | ||
651d4418 | 42 | static unsigned long namenum_hash(const NAMENUM_ENTRY *n) |
f2182a4e | 43 | { |
a9550b74 | 44 | return openssl_lh_strcasehash(n->name); |
f2182a4e RL |
45 | } |
46 | ||
651d4418 | 47 | static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b) |
f2182a4e | 48 | { |
a9550b74 | 49 | return strcasecmp(a->name, b->name); |
f2182a4e RL |
50 | } |
51 | ||
651d4418 | 52 | static void namenum_free(NAMENUM_ENTRY *n) |
f2182a4e | 53 | { |
651d4418 RL |
54 | if (n != NULL) |
55 | OPENSSL_free(n->name); | |
f2182a4e RL |
56 | OPENSSL_free(n); |
57 | } | |
58 | ||
59 | /* OPENSSL_CTX_METHOD functions for a namemap stored in a library context */ | |
60 | ||
61 | static void *stored_namemap_new(OPENSSL_CTX *libctx) | |
62 | { | |
63 | OSSL_NAMEMAP *namemap = ossl_namemap_new(); | |
64 | ||
65 | if (namemap != NULL) | |
66 | namemap->stored = 1; | |
67 | ||
68 | return namemap; | |
69 | } | |
70 | ||
71 | static void stored_namemap_free(void *vnamemap) | |
72 | { | |
73 | OSSL_NAMEMAP *namemap = vnamemap; | |
74 | ||
bd65afdb P |
75 | if (namemap != NULL) { |
76 | /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */ | |
77 | namemap->stored = 0; | |
78 | ossl_namemap_free(namemap); | |
79 | } | |
f2182a4e RL |
80 | } |
81 | ||
82 | static const OPENSSL_CTX_METHOD stored_namemap_method = { | |
83 | stored_namemap_new, | |
84 | stored_namemap_free, | |
85 | }; | |
86 | ||
651d4418 RL |
87 | /*- |
88 | * API functions | |
89 | * ============= | |
90 | */ | |
f2182a4e | 91 | |
6a835fcf RL |
92 | int ossl_namemap_empty(OSSL_NAMEMAP *namemap) |
93 | { | |
94 | int rv = 0; | |
95 | ||
96 | CRYPTO_THREAD_read_lock(namemap->lock); | |
97 | if (namemap->max_number == 0) | |
98 | rv = 1; | |
99 | CRYPTO_THREAD_unlock(namemap->lock); | |
100 | ||
101 | return rv; | |
102 | } | |
103 | ||
651d4418 RL |
104 | typedef struct doall_names_data_st { |
105 | int number; | |
106 | void (*fn)(const char *name, void *data); | |
107 | void *data; | |
108 | } DOALL_NAMES_DATA; | |
f2182a4e | 109 | |
651d4418 | 110 | static void do_name(const NAMENUM_ENTRY *namenum, DOALL_NAMES_DATA *data) |
f2182a4e | 111 | { |
651d4418 RL |
112 | if (namenum->number == data->number) |
113 | data->fn(namenum->name, data->data); | |
114 | } | |
f2182a4e | 115 | |
651d4418 | 116 | IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA); |
f2182a4e | 117 | |
651d4418 RL |
118 | void ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, |
119 | void (*fn)(const char *name, void *data), | |
120 | void *data) | |
121 | { | |
122 | DOALL_NAMES_DATA cbdata; | |
f2182a4e | 123 | |
651d4418 RL |
124 | cbdata.number = number; |
125 | cbdata.fn = fn; | |
126 | cbdata.data = data; | |
f2182a4e | 127 | CRYPTO_THREAD_read_lock(namemap->lock); |
651d4418 RL |
128 | lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name, |
129 | &cbdata); | |
f2182a4e | 130 | CRYPTO_THREAD_unlock(namemap->lock); |
f2182a4e RL |
131 | } |
132 | ||
695d195b RL |
133 | int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, |
134 | const char *name, size_t name_len) | |
f2182a4e | 135 | { |
651d4418 RL |
136 | NAMENUM_ENTRY *namenum_entry, namenum_tmpl; |
137 | int number = 0; | |
f2182a4e | 138 | |
f844f9eb | 139 | #ifndef FIPS_MODULE |
f2182a4e RL |
140 | if (namemap == NULL) |
141 | namemap = ossl_namemap_stored(NULL); | |
142 | #endif | |
143 | ||
144 | if (namemap == NULL) | |
145 | return 0; | |
146 | ||
695d195b RL |
147 | if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL) |
148 | return 0; | |
651d4418 | 149 | namenum_tmpl.number = 0; |
f2182a4e | 150 | CRYPTO_THREAD_read_lock(namemap->lock); |
651d4418 RL |
151 | namenum_entry = |
152 | lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl); | |
153 | if (namenum_entry != NULL) | |
154 | number = namenum_entry->number; | |
f2182a4e | 155 | CRYPTO_THREAD_unlock(namemap->lock); |
695d195b | 156 | OPENSSL_free(namenum_tmpl.name); |
f2182a4e | 157 | |
651d4418 | 158 | return number; |
f2182a4e RL |
159 | } |
160 | ||
695d195b RL |
161 | int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name) |
162 | { | |
163 | if (name == NULL) | |
164 | return 0; | |
165 | ||
166 | return ossl_namemap_name2num_n(namemap, name, strlen(name)); | |
167 | } | |
168 | ||
f7c16d48 RL |
169 | struct num2name_data_st { |
170 | size_t idx; /* Countdown */ | |
171 | const char *name; /* Result */ | |
172 | }; | |
173 | ||
174 | static void do_num2name(const char *name, void *vdata) | |
175 | { | |
176 | struct num2name_data_st *data = vdata; | |
177 | ||
178 | if (data->idx > 0) | |
179 | data->idx--; | |
180 | else if (data->name == NULL) | |
181 | data->name = name; | |
182 | } | |
183 | ||
184 | const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, | |
185 | size_t idx) | |
186 | { | |
187 | struct num2name_data_st data; | |
188 | ||
189 | data.idx = idx; | |
190 | data.name = NULL; | |
191 | ossl_namemap_doall_names(namemap, number, do_num2name, &data); | |
192 | return data.name; | |
193 | } | |
194 | ||
3d83c735 RL |
195 | int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, |
196 | const char *name, size_t name_len) | |
f2182a4e | 197 | { |
651d4418 RL |
198 | NAMENUM_ENTRY *namenum = NULL; |
199 | int tmp_number; | |
f2182a4e | 200 | |
f844f9eb | 201 | #ifndef FIPS_MODULE |
f2182a4e RL |
202 | if (namemap == NULL) |
203 | namemap = ossl_namemap_stored(NULL); | |
204 | #endif | |
205 | ||
695d195b | 206 | if (name == NULL || name_len == 0 || namemap == NULL) |
f2182a4e RL |
207 | return 0; |
208 | ||
695d195b | 209 | if ((tmp_number = ossl_namemap_name2num_n(namemap, name, name_len)) != 0) |
651d4418 | 210 | return tmp_number; /* Pretend success */ |
f2182a4e RL |
211 | |
212 | CRYPTO_THREAD_write_lock(namemap->lock); | |
213 | ||
651d4418 | 214 | if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL |
695d195b | 215 | || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL) |
f2182a4e RL |
216 | goto err; |
217 | ||
651d4418 RL |
218 | namenum->number = tmp_number = |
219 | number != 0 ? number : ++namemap->max_number; | |
220 | (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); | |
221 | ||
222 | if (lh_NAMENUM_ENTRY_error(namemap->namenum)) | |
f2182a4e RL |
223 | goto err; |
224 | ||
225 | CRYPTO_THREAD_unlock(namemap->lock); | |
226 | ||
651d4418 | 227 | return tmp_number; |
f2182a4e RL |
228 | |
229 | err: | |
651d4418 RL |
230 | namenum_free(namenum); |
231 | ||
232 | CRYPTO_THREAD_unlock(namemap->lock); | |
f2182a4e RL |
233 | return 0; |
234 | } | |
695d195b | 235 | |
3d83c735 | 236 | int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name) |
695d195b RL |
237 | { |
238 | if (name == NULL) | |
239 | return 0; | |
240 | ||
3d83c735 RL |
241 | return ossl_namemap_add_name_n(namemap, number, name, strlen(name)); |
242 | } | |
243 | ||
244 | int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, | |
245 | const char *names, const char separator) | |
246 | { | |
247 | const char *p, *q; | |
248 | size_t l; | |
249 | ||
250 | /* Check that we have a namemap */ | |
251 | if (!ossl_assert(namemap != NULL)) { | |
252 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); | |
253 | return 0; | |
254 | } | |
255 | ||
256 | /* | |
257 | * Check that no name is an empty string, and that all names have at | |
258 | * most one numeric identity together. | |
259 | */ | |
260 | for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) { | |
261 | int this_number; | |
262 | ||
263 | if ((q = strchr(p, separator)) == NULL) | |
264 | l = strlen(p); /* offset to \0 */ | |
265 | else | |
266 | l = q - p; /* offset to the next separator */ | |
267 | ||
268 | this_number = ossl_namemap_name2num_n(namemap, p, l); | |
269 | ||
270 | if (*p == '\0' || *p == separator) { | |
271 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME); | |
272 | return 0; | |
273 | } | |
274 | if (number == 0) { | |
275 | number = this_number; | |
276 | } else if (this_number != 0 && this_number != number) { | |
277 | ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES, | |
278 | "\"%.*s\" has an existing different identity %d (from \"%s\")", | |
279 | l, p, this_number, names); | |
280 | return 0; | |
281 | } | |
282 | } | |
283 | ||
284 | /* Now that we have checked, register all names */ | |
285 | for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) { | |
286 | int this_number; | |
287 | ||
288 | if ((q = strchr(p, separator)) == NULL) | |
289 | l = strlen(p); /* offset to \0 */ | |
290 | else | |
291 | l = q - p; /* offset to the next separator */ | |
292 | ||
293 | this_number = ossl_namemap_add_name_n(namemap, number, p, l); | |
294 | if (number == 0) { | |
295 | number = this_number; | |
296 | } else if (this_number != number) { | |
e4a1d023 | 297 | ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR, |
3d83c735 RL |
298 | "Got number %d when expecting %d", |
299 | this_number, number); | |
300 | return 0; | |
301 | } | |
302 | } | |
303 | ||
304 | return number; | |
695d195b | 305 | } |
437ad983 RL |
306 | |
307 | /*- | |
308 | * Pre-population | |
309 | * ============== | |
310 | */ | |
311 | ||
f844f9eb | 312 | #ifndef FIPS_MODULE |
437ad983 RL |
313 | #include <openssl/evp.h> |
314 | ||
315 | /* Creates an initial namemap with names found in the legacy method db */ | |
316 | static void get_legacy_evp_names(const char *main_name, const char *alias, | |
317 | void *arg) | |
318 | { | |
319 | int main_id = ossl_namemap_add_name(arg, 0, main_name); | |
320 | ||
321 | /* | |
322 | * We could check that the returned value is the same as main_id, | |
323 | * but since this is a void function, there's no sane way to report | |
324 | * the error. The best we can do is trust ourselve to keep the legacy | |
325 | * method database conflict free. | |
326 | * | |
327 | * This registers any alias with the same number as the main name. | |
328 | * Should it be that the current |on| *has* the main name, this is | |
329 | * simply a no-op. | |
330 | */ | |
331 | if (alias != NULL) { | |
332 | (void)ossl_namemap_add_name(arg, main_id, alias); | |
333 | } | |
334 | } | |
335 | ||
336 | static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg) | |
337 | { | |
338 | const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); | |
339 | ||
340 | get_legacy_evp_names(EVP_CIPHER_name(cipher), on->name, arg); | |
341 | } | |
342 | ||
343 | static void get_legacy_md_names(const OBJ_NAME *on, void *arg) | |
344 | { | |
345 | const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); | |
346 | /* We don't want the pkey_type names, so we need some extra care */ | |
347 | int snid, lnid; | |
348 | ||
349 | snid = OBJ_sn2nid(on->name); | |
350 | lnid = OBJ_ln2nid(on->name); | |
351 | if (snid != EVP_MD_pkey_type(md) && lnid != EVP_MD_pkey_type(md)) | |
352 | get_legacy_evp_names(EVP_MD_name(md), on->name, arg); | |
353 | else | |
354 | get_legacy_evp_names(EVP_MD_name(md), NULL, arg); | |
355 | } | |
356 | #endif | |
357 | ||
358 | /*- | |
359 | * Constructors / destructors | |
360 | * ========================== | |
361 | */ | |
362 | ||
363 | OSSL_NAMEMAP *ossl_namemap_stored(OPENSSL_CTX *libctx) | |
364 | { | |
365 | OSSL_NAMEMAP *namemap = | |
366 | openssl_ctx_get_data(libctx, OPENSSL_CTX_NAMEMAP_INDEX, | |
367 | &stored_namemap_method); | |
368 | ||
f844f9eb | 369 | #ifndef FIPS_MODULE |
437ad983 RL |
370 | if (namemap != NULL && ossl_namemap_empty(namemap)) { |
371 | /* Before pilfering, we make sure the legacy database is populated */ | |
372 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |
373 | | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); | |
374 | ||
375 | OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, | |
376 | get_legacy_cipher_names, namemap); | |
377 | OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, | |
378 | get_legacy_md_names, namemap); | |
379 | } | |
380 | #endif | |
381 | ||
382 | return namemap; | |
383 | } | |
384 | ||
385 | OSSL_NAMEMAP *ossl_namemap_new(void) | |
386 | { | |
387 | OSSL_NAMEMAP *namemap; | |
388 | ||
389 | if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL | |
390 | && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL | |
391 | && (namemap->namenum = | |
392 | lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL) | |
393 | return namemap; | |
394 | ||
395 | ossl_namemap_free(namemap); | |
396 | return NULL; | |
397 | } | |
398 | ||
399 | void ossl_namemap_free(OSSL_NAMEMAP *namemap) | |
400 | { | |
401 | if (namemap == NULL || namemap->stored) | |
402 | return; | |
403 | ||
404 | lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free); | |
405 | lh_NAMENUM_ENTRY_free(namemap->namenum); | |
406 | ||
407 | CRYPTO_THREAD_lock_free(namemap->lock); | |
408 | OPENSSL_free(namemap); | |
409 | } |