core_namemap.c

Last change on this file was 109052, checked in by vboxsync, 3 weeks ago
openssl-3.4.1: Applied our changes, regenerated files, added missing files and functions. This time with a three way merge. bugref:10890
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 14.1 KB

Line
1	/*
2	* Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include "internal/namemap.h"
11	#include "internal/tsan_assist.h"
12	#include "internal/hashtable.h"
13	#include "internal/sizes.h"
14	#include "crypto/context.h"
15
16	#define NAMEMAP_HT_BUCKETS 2048
17
18	HT_START_KEY_DEFN(namenum_key)
19	HT_DEF_KEY_FIELD_CHAR_ARRAY(name, 64)
20	HT_END_KEY_DEFN(NAMENUM_KEY)
21
22	/*-
23	* The namemap itself
24	* ==================
25	*/
26
27	typedef STACK_OF(OPENSSL_STRING) NAMES;
28
29	DEFINE_STACK_OF(NAMES)
30
31	struct ossl_namemap_st {
32	/* Flags */
33	unsigned int stored:1; /* If 1, it's stored in a library context */
34
35	HT namenum_ht; / Name->number mapping */
36
37	CRYPTO_RWLOCK *lock;
38	STACK_OF(NAMES) *numnames;
39
40	TSAN_QUALIFIER int max_number; /* Current max number */
41	};
42
43	static void name_string_free(char *name)
44	{
45	OPENSSL_free(name);
46	}
47
48	static void names_free(NAMES *n)
49	{
50	sk_OPENSSL_STRING_pop_free(n, name_string_free);
51	}
52
53	/* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
54
55	void ossl_stored_namemap_new(OSSL_LIB_CTX libctx)
56	{
57	OSSL_NAMEMAP *namemap = ossl_namemap_new(libctx);
58
59	if (namemap != NULL)
60	namemap->stored = 1;
61
62	return namemap;
63	}
64
65	void ossl_stored_namemap_free(void *vnamemap)
66	{
67	OSSL_NAMEMAP *namemap = vnamemap;
68
69	if (namemap != NULL) {
70	/* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
71	namemap->stored = 0;
72	ossl_namemap_free(namemap);
73	}
74	}
75
76	/*-
77	* API functions
78	* =============
79	*/
80
81	int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
82	{
83	#ifdef TSAN_REQUIRES_LOCKING
84	/* No TSAN support */
85	int rv;
86
87	if (namemap == NULL)
88	return 1;
89
90	if (!CRYPTO_THREAD_read_lock(namemap->lock))
91	return -1;
92	rv = namemap->max_number == 0;
93	CRYPTO_THREAD_unlock(namemap->lock);
94	return rv;
95	#else
96	/* Have TSAN support */
97	return namemap == NULL \|\| tsan_load(&namemap->max_number) == 0;
98	#endif
99	}
100
101	/*
102	* Call the callback for all names in the namemap with the given number.
103	* A return value 1 means that the callback was called for all names. A
104	* return value of 0 means that the callback was not called for any names.
105	*/
106	int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
107	void (fn)(const char name, void *data),
108	void *data)
109	{
110	int i;
111	NAMES *names;
112
113	if (namemap == NULL \|\| number <= 0)
114	return 0;
115
116	/*
117	* We duplicate the NAMES stack under a read lock. Subsequently we call
118	* the user function, so that we're not holding the read lock when in user
119	* code. This could lead to deadlocks.
120	*/
121	if (!CRYPTO_THREAD_read_lock(namemap->lock))
122	return 0;
123
124	names = sk_NAMES_value(namemap->numnames, number - 1);
125	if (names != NULL)
126	names = sk_OPENSSL_STRING_dup(names);
127
128	CRYPTO_THREAD_unlock(namemap->lock);
129
130	if (names == NULL)
131	return 0;
132
133	for (i = 0; i < sk_OPENSSL_STRING_num(names); i++)
134	fn(sk_OPENSSL_STRING_value(names, i), data);
135
136	sk_OPENSSL_STRING_free(names);
137	return i > 0;
138	}
139
140	int ossl_namemap_name2num(const OSSL_NAMEMAP namemap, const char name)
141	{
142	int number = 0;
143	HT_VALUE *val;
144	NAMENUM_KEY key;
145
146	#ifndef FIPS_MODULE
147	if (namemap == NULL)
148	namemap = ossl_namemap_stored(NULL);
149	#endif
150
151	if (namemap == NULL)
152	return 0;
153
154	HT_INIT_KEY(&key);
155	HT_SET_KEY_STRING_CASE(&key, name, name);
156
157	val = ossl_ht_get(namemap->namenum_ht, TO_HT_KEY(&key));
158
159	if (val != NULL)
160	/* We store a (small) int directly instead of a pointer to it. */
161	number = (int)(intptr_t)val->value;
162
163	return number;
164	}
165
166	/* TODO: Optimize to avoid strndup() */
167	int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
168	const char *name, size_t name_len)
169	{
170	char *tmp;
171	int ret;
172
173	if (name == NULL \|\| (tmp = OPENSSL_strndup(name, name_len)) == NULL)
174	return 0;
175
176	ret = ossl_namemap_name2num(namemap, tmp);
177	OPENSSL_free(tmp);
178	return ret;
179	}
180
181	const char ossl_namemap_num2name(const OSSL_NAMEMAP namemap, int number,
182	size_t idx)
183	{
184	NAMES *names;
185	const char *ret = NULL;
186
187	if (namemap == NULL \|\| number <= 0)
188	return NULL;
189
190	if (!CRYPTO_THREAD_read_lock(namemap->lock))
191	return NULL;
192
193	names = sk_NAMES_value(namemap->numnames, number - 1);
194	if (names != NULL)
195	ret = sk_OPENSSL_STRING_value(names, idx);
196
197	CRYPTO_THREAD_unlock(namemap->lock);
198
199	return ret;
200	}
201
202	/* This function is not thread safe, the namemap must be locked */
203	static int numname_insert(OSSL_NAMEMAP *namemap, int number,
204	const char *name)
205	{
206	NAMES *names;
207	char *tmpname;
208
209	if (number > 0) {
210	names = sk_NAMES_value(namemap->numnames, number - 1);
211	if (!ossl_assert(names != NULL)) {
212	/* cannot happen */
213	return 0;
214	}
215	} else {
216	/* a completely new entry */
217	names = sk_OPENSSL_STRING_new_null();
218	if (names == NULL)
219	return 0;
220	}
221
222	if ((tmpname = OPENSSL_strdup(name)) == NULL)
223	goto err;
224
225	if (!sk_OPENSSL_STRING_push(names, tmpname))
226	goto err;
227	tmpname = NULL;
228
229	if (number <= 0) {
230	if (!sk_NAMES_push(namemap->numnames, names))
231	goto err;
232	number = sk_NAMES_num(namemap->numnames);
233	}
234	return number;
235
236	err:
237	if (number <= 0)
238	sk_OPENSSL_STRING_pop_free(names, name_string_free);
239	OPENSSL_free(tmpname);
240	return 0;
241	}
242
243	/* This function is not thread safe, the namemap must be locked */
244	static int namemap_add_name(OSSL_NAMEMAP *namemap, int number,
245	const char *name)
246	{
247	int ret;
248	HT_VALUE val = { 0 };
249	NAMENUM_KEY key;
250
251	/* If it already exists, we don't add it */
252	if ((ret = ossl_namemap_name2num(namemap, name)) != 0)
253	return ret;
254
255	if ((number = numname_insert(namemap, number, name)) == 0)
256	return 0;
257
258	/* Using tsan_store alone here is safe since we're under lock */
259	tsan_store(&namemap->max_number, number);
260
261	HT_INIT_KEY(&key);
262	HT_SET_KEY_STRING_CASE(&key, name, name);
263	val.value = (void *)(intptr_t)number;
264	ret = ossl_ht_insert(namemap->namenum_ht, TO_HT_KEY(&key), &val, NULL);
265	if (!ossl_assert(ret != 0)) /* cannot happen as we are under write lock */
266	return 0;
267	if (ret < 1) {
268	/* unable to insert due to too many collisions */
269	ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_NAMES);
270	return 0;
271	}
272	return number;
273	}
274
275	int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number,
276	const char *name)
277	{
278	int tmp_number;
279
280	#ifndef FIPS_MODULE
281	if (namemap == NULL)
282	namemap = ossl_namemap_stored(NULL);
283	#endif
284
285	if (name == NULL \|\| *name == 0 \|\| namemap == NULL)
286	return 0;
287
288	if (!CRYPTO_THREAD_write_lock(namemap->lock))
289	return 0;
290	tmp_number = namemap_add_name(namemap, number, name);
291	CRYPTO_THREAD_unlock(namemap->lock);
292	return tmp_number;
293	}
294
295	int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
296	const char *names, const char separator)
297	{
298	char tmp, p, q, endp;
299
300	/* Check that we have a namemap */
301	if (!ossl_assert(namemap != NULL)) {
302	ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
303	return 0;
304	}
305
306	if ((tmp = OPENSSL_strdup(names)) == NULL)
307	return 0;
308
309	if (!CRYPTO_THREAD_write_lock(namemap->lock)) {
310	OPENSSL_free(tmp);
311	return 0;
312	}
313	/*
314	* Check that no name is an empty string, and that all names have at
315	* most one numeric identity together.
316	*/
317	for (p = tmp; *p != '\0'; p = q) {
318	int this_number;
319	size_t l;
320
321	if ((q = strchr(p, separator)) == NULL) {
322	l = strlen(p); /* offset to \0 */
323	q = p + l;
324	} else {
325	l = q - p; /* offset to the next separator */
326	*q++ = '\0';
327	}
328
329	if (*p == '\0') {
330	ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
331	number = 0;
332	goto end;
333	}
334
335	this_number = ossl_namemap_name2num(namemap, p);
336
337	if (number == 0) {
338	number = this_number;
339	} else if (this_number != 0 && this_number != number) {
340	ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
341	"\"%s\" has an existing different identity %d (from \"%s\")",
342	p, this_number, names);
343	number = 0;
344	goto end;
345	}
346	}
347	endp = p;
348
349	/* Now that we have checked, register all names */
350	for (p = tmp; p < endp; p = q) {
351	int this_number;
352
353	q = p + strlen(p) + 1;
354
355	this_number = namemap_add_name(namemap, number, p);
356	if (number == 0) {
357	number = this_number;
358	} else if (this_number != number) {
359	ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
360	"Got number %d when expecting %d",
361	this_number, number);
362	number = 0;
363	goto end;
364	}
365	}
366
367	end:
368	CRYPTO_THREAD_unlock(namemap->lock);
369	OPENSSL_free(tmp);
370	return number;
371	}
372
373	/*-
374	* Pre-population
375	* ==============
376	*/
377
378	#ifndef FIPS_MODULE
379	#include <openssl/evp.h>
380
381	/* Creates an initial namemap with names found in the legacy method db */
382	static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
383	void *arg)
384	{
385	int num = 0;
386	ASN1_OBJECT *obj;
387
388	if (base_nid != NID_undef) {
389	num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
390	num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
391	}
392
393	if (nid != NID_undef) {
394	num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
395	num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
396	if ((obj = OBJ_nid2obj(nid)) != NULL) {
397	char txtoid[OSSL_MAX_NAME_SIZE];
398
399	if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0)
400	num = ossl_namemap_add_name(arg, num, txtoid);
401	}
402	}
403	if (pem_name != NULL)
404	num = ossl_namemap_add_name(arg, num, pem_name);
405	}
406
407	static void get_legacy_cipher_names(const OBJ_NAME on, void arg)
408	{
409	const EVP_CIPHER cipher = (void )OBJ_NAME_get(on->name, on->type);
410
411	if (cipher != NULL)
412	get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
413	}
414
415	static void get_legacy_md_names(const OBJ_NAME on, void arg)
416	{
417	const EVP_MD md = (void )OBJ_NAME_get(on->name, on->type);
418
419	if (md != NULL)
420	get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
421	}
422
423	static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
424	void *arg)
425	{
426	int nid = 0, base_nid = 0, flags = 0;
427	const char *pem_name = NULL;
428
429	EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
430	if (nid != NID_undef) {
431	if ((flags & ASN1_PKEY_ALIAS) == 0) {
432	switch (nid) {
433	case EVP_PKEY_DHX:
434	/* We know that the name "DHX" is used too */
435	get_legacy_evp_names(0, nid, "DHX", arg);
436	/* FALLTHRU */
437	default:
438	get_legacy_evp_names(0, nid, pem_name, arg);
439	}
440	} else {
441	/*
442	* Treat aliases carefully, some of them are undesirable, or
443	* should not be treated as such for providers.
444	*/
445
446	switch (nid) {
447	case EVP_PKEY_SM2:
448	/*
449	* SM2 is a separate keytype with providers, not an alias for
450	* EC.
451	*/
452	get_legacy_evp_names(0, nid, pem_name, arg);
453	break;
454	default:
455	/* Use the short name of the base nid as the common reference */
456	get_legacy_evp_names(base_nid, nid, pem_name, arg);
457	}
458	}
459	}
460	}
461	#endif
462
463	/*-
464	* Constructors / destructors
465	* ==========================
466	*/
467
468	OSSL_NAMEMAP ossl_namemap_stored(OSSL_LIB_CTX libctx)
469	{
470	#ifndef FIPS_MODULE
471	int nms;
472	#endif
473	OSSL_NAMEMAP *namemap =
474	ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX);
475
476	if (namemap == NULL)
477	return NULL;
478
479	#ifndef FIPS_MODULE
480	nms = ossl_namemap_empty(namemap);
481	if (nms < 0) {
482	/*
483	* Could not get lock to make the count, so maybe internal objects
484	* weren't added. This seems safest.
485	*/
486	return NULL;
487	}
488	if (nms == 1) {
489	int i, end;
490
491	/* Before pilfering, we make sure the legacy database is populated */
492	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
493	\| OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
494
495	OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
496	get_legacy_cipher_names, namemap);
497	OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
498	get_legacy_md_names, namemap);
499
500	/* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
501	for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
502	get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
503	}
504	#endif
505
506	return namemap;
507	}
508
509	OSSL_NAMEMAP ossl_namemap_new(OSSL_LIB_CTX libctx)
510	{
511	OSSL_NAMEMAP *namemap;
512	HT_CONFIG htconf = { NULL, NULL, NULL, NAMEMAP_HT_BUCKETS, 1, 1 };
513
514	htconf.ctx = libctx;
515
516	if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) == NULL)
517	goto err;
518
519	if ((namemap->lock = CRYPTO_THREAD_lock_new()) == NULL)
520	goto err;
521
522	if ((namemap->namenum_ht = ossl_ht_new(&htconf)) == NULL)
523	goto err;
524
525	if ((namemap->numnames = sk_NAMES_new_null()) == NULL)
526	goto err;
527
528	return namemap;
529
530	err:
531	ossl_namemap_free(namemap);
532	return NULL;
533	}
534
535	void ossl_namemap_free(OSSL_NAMEMAP *namemap)
536	{
537	if (namemap == NULL \|\| namemap->stored)
538	return;
539
540	sk_NAMES_pop_free(namemap->numnames, names_free);
541
542	ossl_ht_free(namemap->namenum_ht);
543
544	CRYPTO_THREAD_lock_free(namemap->lock);
545	OPENSSL_free(namemap);
546	}

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.4.1/crypto/core_namemap.c

Download in other formats: