core_namemap.c@ 106061

Last change on this file since 106061 was 104078, checked in by vboxsync, 11 months ago
openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 14.0 KB

Line
1	/*
2	* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include "internal/namemap.h"
11	#include <openssl/lhash.h>
12	#include "crypto/lhash.h" /* ossl_lh_strcasehash */
13	#include "internal/tsan_assist.h"
14	#include "internal/sizes.h"
15	#include "crypto/context.h"
16
17	/*-
18	* The namenum entry
19	* =================
20	*/
21	typedef struct {
22	char *name;
23	int number;
24	} NAMENUM_ENTRY;
25
26	DEFINE_LHASH_OF_EX(NAMENUM_ENTRY);
27
28	/*-
29	* The namemap itself
30	* ==================
31	*/
32
33	struct ossl_namemap_st {
34	/* Flags */
35	unsigned int stored:1; /* If 1, it's stored in a library context */
36
37	CRYPTO_RWLOCK *lock;
38	LHASH_OF(NAMENUM_ENTRY) namenum; / Name->number mapping */
39
40	TSAN_QUALIFIER int max_number; /* Current max number */
41	};
42
43	/* LHASH callbacks */
44
45	static unsigned long namenum_hash(const NAMENUM_ENTRY *n)
46	{
47	return ossl_lh_strcasehash(n->name);
48	}
49
50	static int namenum_cmp(const NAMENUM_ENTRY a, const NAMENUM_ENTRY b)
51	{
52	return OPENSSL_strcasecmp(a->name, b->name);
53	}
54
55	static void namenum_free(NAMENUM_ENTRY *n)
56	{
57	if (n != NULL)
58	OPENSSL_free(n->name);
59	OPENSSL_free(n);
60	}
61
62	/* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
63
64	void ossl_stored_namemap_new(OSSL_LIB_CTX libctx)
65	{
66	OSSL_NAMEMAP *namemap = ossl_namemap_new();
67
68	if (namemap != NULL)
69	namemap->stored = 1;
70
71	return namemap;
72	}
73
74	void ossl_stored_namemap_free(void *vnamemap)
75	{
76	OSSL_NAMEMAP *namemap = vnamemap;
77
78	if (namemap != NULL) {
79	/* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
80	namemap->stored = 0;
81	ossl_namemap_free(namemap);
82	}
83	}
84
85	/*-
86	* API functions
87	* =============
88	*/
89
90	int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
91	{
92	#ifdef TSAN_REQUIRES_LOCKING
93	/* No TSAN support */
94	int rv;
95
96	if (namemap == NULL)
97	return 1;
98
99	if (!CRYPTO_THREAD_read_lock(namemap->lock))
100	return -1;
101	rv = namemap->max_number == 0;
102	CRYPTO_THREAD_unlock(namemap->lock);
103	return rv;
104	#else
105	/* Have TSAN support */
106	return namemap == NULL \|\| tsan_load(&namemap->max_number) == 0;
107	#endif
108	}
109
110	typedef struct doall_names_data_st {
111	int number;
112	const char **names;
113	int found;
114	} DOALL_NAMES_DATA;
115
116	static void do_name(const NAMENUM_ENTRY namenum, DOALL_NAMES_DATA data)
117	{
118	if (namenum->number == data->number)
119	data->names[data->found++] = namenum->name;
120	}
121
122	IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA);
123
124	/*
125	* Call the callback for all names in the namemap with the given number.
126	* A return value 1 means that the callback was called for all names. A
127	* return value of 0 means that the callback was not called for any names.
128	*/
129	int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
130	void (fn)(const char name, void *data),
131	void *data)
132	{
133	DOALL_NAMES_DATA cbdata;
134	size_t num_names;
135	int i;
136
137	cbdata.number = number;
138	cbdata.found = 0;
139
140	if (namemap == NULL)
141	return 0;
142
143	/*
144	* We collect all the names first under a read lock. Subsequently we call
145	* the user function, so that we're not holding the read lock when in user
146	* code. This could lead to deadlocks.
147	*/
148	if (!CRYPTO_THREAD_read_lock(namemap->lock))
149	return 0;
150
151	num_names = lh_NAMENUM_ENTRY_num_items(namemap->namenum);
152	if (num_names == 0) {
153	CRYPTO_THREAD_unlock(namemap->lock);
154	return 0;
155	}
156	cbdata.names = OPENSSL_malloc(sizeof(cbdata.names) num_names);
157	if (cbdata.names == NULL) {
158	CRYPTO_THREAD_unlock(namemap->lock);
159	return 0;
160	}
161	lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name,
162	&cbdata);
163	CRYPTO_THREAD_unlock(namemap->lock);
164
165	for (i = 0; i < cbdata.found; i++)
166	fn(cbdata.names[i], data);
167
168	OPENSSL_free(cbdata.names);
169	return 1;
170	}
171
172	/* This function is not thread safe, the namemap must be locked */
173	static int namemap_name2num(const OSSL_NAMEMAP *namemap,
174	const char *name)
175	{
176	NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
177
178	namenum_tmpl.name = (char *)name;
179	namenum_tmpl.number = 0;
180	namenum_entry =
181	lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl);
182	return namenum_entry != NULL ? namenum_entry->number : 0;
183	}
184
185	int ossl_namemap_name2num(const OSSL_NAMEMAP namemap, const char name)
186	{
187	int number;
188
189	#ifndef FIPS_MODULE
190	if (namemap == NULL)
191	namemap = ossl_namemap_stored(NULL);
192	#endif
193
194	if (namemap == NULL)
195	return 0;
196
197	if (!CRYPTO_THREAD_read_lock(namemap->lock))
198	return 0;
199	number = namemap_name2num(namemap, name);
200	CRYPTO_THREAD_unlock(namemap->lock);
201
202	return number;
203	}
204
205	int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
206	const char *name, size_t name_len)
207	{
208	char *tmp;
209	int ret;
210
211	if (name == NULL \|\| (tmp = OPENSSL_strndup(name, name_len)) == NULL)
212	return 0;
213
214	ret = ossl_namemap_name2num(namemap, tmp);
215	OPENSSL_free(tmp);
216	return ret;
217	}
218
219	struct num2name_data_st {
220	size_t idx; /* Countdown */
221	const char name; / Result */
222	};
223
224	static void do_num2name(const char name, void vdata)
225	{
226	struct num2name_data_st *data = vdata;
227
228	if (data->idx > 0)
229	data->idx--;
230	else if (data->name == NULL)
231	data->name = name;
232	}
233
234	const char ossl_namemap_num2name(const OSSL_NAMEMAP namemap, int number,
235	size_t idx)
236	{
237	struct num2name_data_st data;
238
239	data.idx = idx;
240	data.name = NULL;
241	if (!ossl_namemap_doall_names(namemap, number, do_num2name, &data))
242	return NULL;
243	return data.name;
244	}
245
246	/* This function is not thread safe, the namemap must be locked */
247	static int namemap_add_name(OSSL_NAMEMAP *namemap, int number,
248	const char *name)
249	{
250	NAMENUM_ENTRY *namenum = NULL;
251	int tmp_number;
252
253	/* If it already exists, we don't add it */
254	if ((tmp_number = namemap_name2num(namemap, name)) != 0)
255	return tmp_number;
256
257	if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL)
258	return 0;
259
260	if ((namenum->name = OPENSSL_strdup(name)) == NULL)
261	goto err;
262
263	/* The tsan_counter use here is safe since we're under lock */
264	namenum->number =
265	number != 0 ? number : 1 + tsan_counter(&namemap->max_number);
266	(void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum);
267
268	if (lh_NAMENUM_ENTRY_error(namemap->namenum))
269	goto err;
270	return namenum->number;
271
272	err:
273	namenum_free(namenum);
274	return 0;
275	}
276
277	int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number,
278	const char *name)
279	{
280	int tmp_number;
281
282	#ifndef FIPS_MODULE
283	if (namemap == NULL)
284	namemap = ossl_namemap_stored(NULL);
285	#endif
286
287	if (name == NULL \|\| *name == 0 \|\| namemap == NULL)
288	return 0;
289
290	if (!CRYPTO_THREAD_write_lock(namemap->lock))
291	return 0;
292	tmp_number = namemap_add_name(namemap, number, name);
293	CRYPTO_THREAD_unlock(namemap->lock);
294	return tmp_number;
295	}
296
297	int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
298	const char *names, const char separator)
299	{
300	char tmp, p, q, endp;
301
302	/* Check that we have a namemap */
303	if (!ossl_assert(namemap != NULL)) {
304	ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
305	return 0;
306	}
307
308	if ((tmp = OPENSSL_strdup(names)) == NULL)
309	return 0;
310
311	if (!CRYPTO_THREAD_write_lock(namemap->lock)) {
312	OPENSSL_free(tmp);
313	return 0;
314	}
315	/*
316	* Check that no name is an empty string, and that all names have at
317	* most one numeric identity together.
318	*/
319	for (p = tmp; *p != '\0'; p = q) {
320	int this_number;
321	size_t l;
322
323	if ((q = strchr(p, separator)) == NULL) {
324	l = strlen(p); /* offset to \0 */
325	q = p + l;
326	} else {
327	l = q - p; /* offset to the next separator */
328	*q++ = '\0';
329	}
330
331	if (*p == '\0') {
332	ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
333	number = 0;
334	goto end;
335	}
336
337	this_number = namemap_name2num(namemap, p);
338
339	if (number == 0) {
340	number = this_number;
341	} else if (this_number != 0 && this_number != number) {
342	ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
343	"\"%s\" has an existing different identity %d (from \"%s\")",
344	p, this_number, names);
345	number = 0;
346	goto end;
347	}
348	}
349	endp = p;
350
351	/* Now that we have checked, register all names */
352	for (p = tmp; p < endp; p = q) {
353	int this_number;
354
355	q = p + strlen(p) + 1;
356
357	this_number = namemap_add_name(namemap, number, p);
358	if (number == 0) {
359	number = this_number;
360	} else if (this_number != number) {
361	ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
362	"Got number %d when expecting %d",
363	this_number, number);
364	number = 0;
365	goto end;
366	}
367	}
368
369	end:
370	CRYPTO_THREAD_unlock(namemap->lock);
371	OPENSSL_free(tmp);
372	return number;
373	}
374
375	/*-
376	* Pre-population
377	* ==============
378	*/
379
380	#ifndef FIPS_MODULE
381	#include <openssl/evp.h>
382
383	/* Creates an initial namemap with names found in the legacy method db */
384	static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
385	void *arg)
386	{
387	int num = 0;
388	ASN1_OBJECT *obj;
389
390	if (base_nid != NID_undef) {
391	num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
392	num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
393	}
394
395	if (nid != NID_undef) {
396	num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
397	num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
398	if ((obj = OBJ_nid2obj(nid)) != NULL) {
399	char txtoid[OSSL_MAX_NAME_SIZE];
400
401	if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0)
402	num = ossl_namemap_add_name(arg, num, txtoid);
403	}
404	}
405	if (pem_name != NULL)
406	num = ossl_namemap_add_name(arg, num, pem_name);
407	}
408
409	static void get_legacy_cipher_names(const OBJ_NAME on, void arg)
410	{
411	const EVP_CIPHER cipher = (void )OBJ_NAME_get(on->name, on->type);
412
413	if (cipher != NULL)
414	get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
415	}
416
417	static void get_legacy_md_names(const OBJ_NAME on, void arg)
418	{
419	const EVP_MD md = (void )OBJ_NAME_get(on->name, on->type);
420
421	if (md != NULL)
422	get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
423	}
424
425	static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
426	void *arg)
427	{
428	int nid = 0, base_nid = 0, flags = 0;
429	const char *pem_name = NULL;
430
431	EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
432	if (nid != NID_undef) {
433	if ((flags & ASN1_PKEY_ALIAS) == 0) {
434	switch (nid) {
435	case EVP_PKEY_DHX:
436	/* We know that the name "DHX" is used too */
437	get_legacy_evp_names(0, nid, "DHX", arg);
438	/* FALLTHRU */
439	default:
440	get_legacy_evp_names(0, nid, pem_name, arg);
441	}
442	} else {
443	/*
444	* Treat aliases carefully, some of them are undesirable, or
445	* should not be treated as such for providers.
446	*/
447
448	switch (nid) {
449	case EVP_PKEY_SM2:
450	/*
451	* SM2 is a separate keytype with providers, not an alias for
452	* EC.
453	*/
454	get_legacy_evp_names(0, nid, pem_name, arg);
455	break;
456	default:
457	/* Use the short name of the base nid as the common reference */
458	get_legacy_evp_names(base_nid, nid, pem_name, arg);
459	}
460	}
461	}
462	}
463	#endif
464
465	/*-
466	* Constructors / destructors
467	* ==========================
468	*/
469
470	OSSL_NAMEMAP ossl_namemap_stored(OSSL_LIB_CTX libctx)
471	{
472	#ifndef FIPS_MODULE
473	int nms;
474	#endif
475	OSSL_NAMEMAP *namemap =
476	ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX);
477
478	if (namemap == NULL)
479	return NULL;
480
481	#ifndef FIPS_MODULE
482	nms = ossl_namemap_empty(namemap);
483	if (nms < 0) {
484	/*
485	* Could not get lock to make the count, so maybe internal objects
486	* weren't added. This seems safest.
487	*/
488	return NULL;
489	}
490	if (nms == 1) {
491	int i, end;
492
493	/* Before pilfering, we make sure the legacy database is populated */
494	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
495	\| OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
496
497	OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
498	get_legacy_cipher_names, namemap);
499	OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
500	get_legacy_md_names, namemap);
501
502	/* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
503	for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
504	get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
505	}
506	#endif
507
508	return namemap;
509	}
510
511	OSSL_NAMEMAP *ossl_namemap_new(void)
512	{
513	OSSL_NAMEMAP *namemap;
514
515	if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL
516	&& (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL
517	&& (namemap->namenum =
518	lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL)
519	return namemap;
520
521	ossl_namemap_free(namemap);
522	return NULL;
523	}
524
525	void ossl_namemap_free(OSSL_NAMEMAP *namemap)
526	{
527	if (namemap == NULL \|\| namemap->stored)
528	return;
529
530	lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free);
531	lh_NAMENUM_ENTRY_free(namemap->namenum);
532
533	CRYPTO_THREAD_lock_free(namemap->lock);
534	OPENSSL_free(namemap);
535	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.1.7/crypto/core_namemap.c@ 106061

Download in other formats: