core_namemap.c 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532
  1. /*
  2. * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "internal/namemap.h"
  10. #include <openssl/lhash.h>
  11. #include "crypto/lhash.h" /* ossl_lh_strcasehash */
  12. #include "internal/tsan_assist.h"
  13. #include "internal/sizes.h"
  14. #include "crypto/context.h"
  15. /*-
  16. * The namenum entry
  17. * =================
  18. */
  19. typedef struct {
  20. char *name;
  21. int number;
  22. } NAMENUM_ENTRY;
  23. DEFINE_LHASH_OF_EX(NAMENUM_ENTRY);
  24. /*-
  25. * The namemap itself
  26. * ==================
  27. */
  28. struct ossl_namemap_st {
  29. /* Flags */
  30. unsigned int stored:1; /* If 1, it's stored in a library context */
  31. CRYPTO_RWLOCK *lock;
  32. LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */
  33. TSAN_QUALIFIER int max_number; /* Current max number */
  34. };
  35. /* LHASH callbacks */
  36. static unsigned long namenum_hash(const NAMENUM_ENTRY *n)
  37. {
  38. return ossl_lh_strcasehash(n->name);
  39. }
  40. static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b)
  41. {
  42. return OPENSSL_strcasecmp(a->name, b->name);
  43. }
  44. static void namenum_free(NAMENUM_ENTRY *n)
  45. {
  46. if (n != NULL)
  47. OPENSSL_free(n->name);
  48. OPENSSL_free(n);
  49. }
  50. /* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
  51. void *ossl_stored_namemap_new(OSSL_LIB_CTX *libctx)
  52. {
  53. OSSL_NAMEMAP *namemap = ossl_namemap_new();
  54. if (namemap != NULL)
  55. namemap->stored = 1;
  56. return namemap;
  57. }
  58. void ossl_stored_namemap_free(void *vnamemap)
  59. {
  60. OSSL_NAMEMAP *namemap = vnamemap;
  61. if (namemap != NULL) {
  62. /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
  63. namemap->stored = 0;
  64. ossl_namemap_free(namemap);
  65. }
  66. }
  67. /*-
  68. * API functions
  69. * =============
  70. */
  71. int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
  72. {
  73. #ifdef TSAN_REQUIRES_LOCKING
  74. /* No TSAN support */
  75. int rv;
  76. if (namemap == NULL)
  77. return 1;
  78. if (!CRYPTO_THREAD_read_lock(namemap->lock))
  79. return -1;
  80. rv = namemap->max_number == 0;
  81. CRYPTO_THREAD_unlock(namemap->lock);
  82. return rv;
  83. #else
  84. /* Have TSAN support */
  85. return namemap == NULL || tsan_load(&namemap->max_number) == 0;
  86. #endif
  87. }
  88. typedef struct doall_names_data_st {
  89. int number;
  90. const char **names;
  91. int found;
  92. } DOALL_NAMES_DATA;
  93. static void do_name(const NAMENUM_ENTRY *namenum, DOALL_NAMES_DATA *data)
  94. {
  95. if (namenum->number == data->number)
  96. data->names[data->found++] = namenum->name;
  97. }
  98. IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA);
  99. /*
  100. * Call the callback for all names in the namemap with the given number.
  101. * A return value 1 means that the callback was called for all names. A
  102. * return value of 0 means that the callback was not called for any names.
  103. */
  104. int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
  105. void (*fn)(const char *name, void *data),
  106. void *data)
  107. {
  108. DOALL_NAMES_DATA cbdata;
  109. size_t num_names;
  110. int i;
  111. cbdata.number = number;
  112. cbdata.found = 0;
  113. /*
  114. * We collect all the names first under a read lock. Subsequently we call
  115. * the user function, so that we're not holding the read lock when in user
  116. * code. This could lead to deadlocks.
  117. */
  118. if (!CRYPTO_THREAD_read_lock(namemap->lock))
  119. return 0;
  120. num_names = lh_NAMENUM_ENTRY_num_items(namemap->namenum);
  121. if (num_names == 0) {
  122. CRYPTO_THREAD_unlock(namemap->lock);
  123. return 0;
  124. }
  125. cbdata.names = OPENSSL_malloc(sizeof(*cbdata.names) * num_names);
  126. if (cbdata.names == NULL) {
  127. CRYPTO_THREAD_unlock(namemap->lock);
  128. return 0;
  129. }
  130. lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name,
  131. &cbdata);
  132. CRYPTO_THREAD_unlock(namemap->lock);
  133. for (i = 0; i < cbdata.found; i++)
  134. fn(cbdata.names[i], data);
  135. OPENSSL_free(cbdata.names);
  136. return 1;
  137. }
  138. /* This function is not thread safe, the namemap must be locked */
  139. static int namemap_name2num(const OSSL_NAMEMAP *namemap,
  140. const char *name)
  141. {
  142. NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
  143. namenum_tmpl.name = (char *)name;
  144. namenum_tmpl.number = 0;
  145. namenum_entry =
  146. lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl);
  147. return namenum_entry != NULL ? namenum_entry->number : 0;
  148. }
  149. int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name)
  150. {
  151. int number;
  152. #ifndef FIPS_MODULE
  153. if (namemap == NULL)
  154. namemap = ossl_namemap_stored(NULL);
  155. #endif
  156. if (namemap == NULL)
  157. return 0;
  158. if (!CRYPTO_THREAD_read_lock(namemap->lock))
  159. return 0;
  160. number = namemap_name2num(namemap, name);
  161. CRYPTO_THREAD_unlock(namemap->lock);
  162. return number;
  163. }
  164. int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
  165. const char *name, size_t name_len)
  166. {
  167. char *tmp;
  168. int ret;
  169. if (name == NULL || (tmp = OPENSSL_strndup(name, name_len)) == NULL)
  170. return 0;
  171. ret = ossl_namemap_name2num(namemap, tmp);
  172. OPENSSL_free(tmp);
  173. return ret;
  174. }
  175. struct num2name_data_st {
  176. size_t idx; /* Countdown */
  177. const char *name; /* Result */
  178. };
  179. static void do_num2name(const char *name, void *vdata)
  180. {
  181. struct num2name_data_st *data = vdata;
  182. if (data->idx > 0)
  183. data->idx--;
  184. else if (data->name == NULL)
  185. data->name = name;
  186. }
  187. const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
  188. size_t idx)
  189. {
  190. struct num2name_data_st data;
  191. data.idx = idx;
  192. data.name = NULL;
  193. if (!ossl_namemap_doall_names(namemap, number, do_num2name, &data))
  194. return NULL;
  195. return data.name;
  196. }
  197. /* This function is not thread safe, the namemap must be locked */
  198. static int namemap_add_name(OSSL_NAMEMAP *namemap, int number,
  199. const char *name)
  200. {
  201. NAMENUM_ENTRY *namenum = NULL;
  202. int tmp_number;
  203. /* If it already exists, we don't add it */
  204. if ((tmp_number = namemap_name2num(namemap, name)) != 0)
  205. return tmp_number;
  206. if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL)
  207. return 0;
  208. if ((namenum->name = OPENSSL_strdup(name)) == NULL)
  209. goto err;
  210. /* The tsan_counter use here is safe since we're under lock */
  211. namenum->number =
  212. number != 0 ? number : 1 + tsan_counter(&namemap->max_number);
  213. (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum);
  214. if (lh_NAMENUM_ENTRY_error(namemap->namenum))
  215. goto err;
  216. return namenum->number;
  217. err:
  218. namenum_free(namenum);
  219. return 0;
  220. }
  221. int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number,
  222. const char *name)
  223. {
  224. int tmp_number;
  225. #ifndef FIPS_MODULE
  226. if (namemap == NULL)
  227. namemap = ossl_namemap_stored(NULL);
  228. #endif
  229. if (name == NULL || *name == 0 || namemap == NULL)
  230. return 0;
  231. if (!CRYPTO_THREAD_write_lock(namemap->lock))
  232. return 0;
  233. tmp_number = namemap_add_name(namemap, number, name);
  234. CRYPTO_THREAD_unlock(namemap->lock);
  235. return tmp_number;
  236. }
  237. int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
  238. const char *names, const char separator)
  239. {
  240. char *tmp, *p, *q, *endp;
  241. /* Check that we have a namemap */
  242. if (!ossl_assert(namemap != NULL)) {
  243. ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
  244. return 0;
  245. }
  246. if ((tmp = OPENSSL_strdup(names)) == NULL)
  247. return 0;
  248. if (!CRYPTO_THREAD_write_lock(namemap->lock)) {
  249. OPENSSL_free(tmp);
  250. return 0;
  251. }
  252. /*
  253. * Check that no name is an empty string, and that all names have at
  254. * most one numeric identity together.
  255. */
  256. for (p = tmp; *p != '\0'; p = q) {
  257. int this_number;
  258. size_t l;
  259. if ((q = strchr(p, separator)) == NULL) {
  260. l = strlen(p); /* offset to \0 */
  261. q = p + l;
  262. } else {
  263. l = q - p; /* offset to the next separator */
  264. *q++ = '\0';
  265. }
  266. if (*p == '\0') {
  267. ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
  268. number = 0;
  269. goto end;
  270. }
  271. this_number = namemap_name2num(namemap, p);
  272. if (number == 0) {
  273. number = this_number;
  274. } else if (this_number != 0 && this_number != number) {
  275. ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
  276. "\"%s\" has an existing different identity %d (from \"%s\")",
  277. p, this_number, names);
  278. number = 0;
  279. goto end;
  280. }
  281. }
  282. endp = p;
  283. /* Now that we have checked, register all names */
  284. for (p = tmp; p < endp; p = q) {
  285. int this_number;
  286. q = p + strlen(p) + 1;
  287. this_number = namemap_add_name(namemap, number, p);
  288. if (number == 0) {
  289. number = this_number;
  290. } else if (this_number != number) {
  291. ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
  292. "Got number %d when expecting %d",
  293. this_number, number);
  294. number = 0;
  295. goto end;
  296. }
  297. }
  298. end:
  299. CRYPTO_THREAD_unlock(namemap->lock);
  300. OPENSSL_free(tmp);
  301. return number;
  302. }
  303. /*-
  304. * Pre-population
  305. * ==============
  306. */
  307. #ifndef FIPS_MODULE
  308. #include <openssl/evp.h>
  309. /* Creates an initial namemap with names found in the legacy method db */
  310. static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
  311. void *arg)
  312. {
  313. int num = 0;
  314. ASN1_OBJECT *obj;
  315. if (base_nid != NID_undef) {
  316. num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
  317. num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
  318. }
  319. if (nid != NID_undef) {
  320. num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
  321. num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
  322. if ((obj = OBJ_nid2obj(nid)) != NULL) {
  323. char txtoid[OSSL_MAX_NAME_SIZE];
  324. if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0)
  325. num = ossl_namemap_add_name(arg, num, txtoid);
  326. }
  327. }
  328. if (pem_name != NULL)
  329. num = ossl_namemap_add_name(arg, num, pem_name);
  330. }
  331. static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
  332. {
  333. const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
  334. if (cipher != NULL)
  335. get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
  336. }
  337. static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
  338. {
  339. const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
  340. if (md != NULL)
  341. get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
  342. }
  343. static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
  344. void *arg)
  345. {
  346. int nid = 0, base_nid = 0, flags = 0;
  347. const char *pem_name = NULL;
  348. EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
  349. if (nid != NID_undef) {
  350. if ((flags & ASN1_PKEY_ALIAS) == 0) {
  351. switch (nid) {
  352. case EVP_PKEY_DHX:
  353. /* We know that the name "DHX" is used too */
  354. get_legacy_evp_names(0, nid, "DHX", arg);
  355. /* FALLTHRU */
  356. default:
  357. get_legacy_evp_names(0, nid, pem_name, arg);
  358. }
  359. } else {
  360. /*
  361. * Treat aliases carefully, some of them are undesirable, or
  362. * should not be treated as such for providers.
  363. */
  364. switch (nid) {
  365. case EVP_PKEY_SM2:
  366. /*
  367. * SM2 is a separate keytype with providers, not an alias for
  368. * EC.
  369. */
  370. get_legacy_evp_names(0, nid, pem_name, arg);
  371. break;
  372. default:
  373. /* Use the short name of the base nid as the common reference */
  374. get_legacy_evp_names(base_nid, nid, pem_name, arg);
  375. }
  376. }
  377. }
  378. }
  379. #endif
  380. /*-
  381. * Constructors / destructors
  382. * ==========================
  383. */
  384. OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
  385. {
  386. #ifndef FIPS_MODULE
  387. int nms;
  388. #endif
  389. OSSL_NAMEMAP *namemap =
  390. ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX);
  391. if (namemap == NULL)
  392. return NULL;
  393. #ifndef FIPS_MODULE
  394. nms = ossl_namemap_empty(namemap);
  395. if (nms < 0) {
  396. /*
  397. * Could not get lock to make the count, so maybe internal objects
  398. * weren't added. This seems safest.
  399. */
  400. return NULL;
  401. }
  402. if (nms == 1) {
  403. int i, end;
  404. /* Before pilfering, we make sure the legacy database is populated */
  405. OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
  406. | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
  407. OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
  408. get_legacy_cipher_names, namemap);
  409. OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
  410. get_legacy_md_names, namemap);
  411. /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
  412. for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
  413. get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
  414. }
  415. #endif
  416. return namemap;
  417. }
  418. OSSL_NAMEMAP *ossl_namemap_new(void)
  419. {
  420. OSSL_NAMEMAP *namemap;
  421. if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL
  422. && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL
  423. && (namemap->namenum =
  424. lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL)
  425. return namemap;
  426. ossl_namemap_free(namemap);
  427. return NULL;
  428. }
  429. void ossl_namemap_free(OSSL_NAMEMAP *namemap)
  430. {
  431. if (namemap == NULL || namemap->stored)
  432. return;
  433. lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free);
  434. lh_NAMENUM_ENTRY_free(namemap->namenum);
  435. CRYPTO_THREAD_lock_free(namemap->lock);
  436. OPENSSL_free(namemap);
  437. }