/src/openssl/crypto/core_namemap.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * For EVP_PKEY_asn1_get0_info(), EVP_PKEY_asn1_get_count() and
 * EVP_PKEY_asn1_get0()
 */
#define OPENSSL_SUPPRESS_DEPRECATED

#include "internal/namemap.h"
#include "internal/tsan_assist.h"
#include "internal/hashtable.h"
#include "internal/sizes.h"
#include "crypto/context.h"

#define NAMEMAP_HT_BUCKETS 512

HT_START_KEY_DEFN(namenum_key)
HT_DEF_KEY_FIELD_CHAR_ARRAY(name, 64)
HT_END_KEY_DEFN(NAMENUM_KEY)

/*-
 * The namemap itself
 * ==================
 */

typedef STACK_OF(OPENSSL_STRING) NAMES;

DEFINE_STACK_OF(NAMES)

struct ossl_namemap_st {
    /* Flags */
    unsigned int stored:1; /* If 1, it's stored in a library context */

    HT *namenum_ht;        /* Name->number mapping */

    CRYPTO_RWLOCK *lock;
    STACK_OF(NAMES) *numnames;

    TSAN_QUALIFIER int max_number;     /* Current max number */
};

static void name_string_free(char *name)
{
    OPENSSL_free(name);
}

static void names_free(NAMES *n)
{
    sk_OPENSSL_STRING_pop_free(n, name_string_free);
}

/* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */

void *ossl_stored_namemap_new(OSSL_LIB_CTX *libctx)
{
    OSSL_NAMEMAP *namemap = ossl_namemap_new(libctx);

    if (namemap != NULL)
        namemap->stored = 1;

    return namemap;
}

void ossl_stored_namemap_free(void *vnamemap)
{
    OSSL_NAMEMAP *namemap = vnamemap;

    if (namemap != NULL) {
        /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
        namemap->stored = 0;
        ossl_namemap_free(namemap);
    }
}

/*-
 * API functions
 * =============
 */

int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
{
#ifdef TSAN_REQUIRES_LOCKING
    /* No TSAN support */
    int rv;

    if (namemap == NULL)
        return 1;

    if (!CRYPTO_THREAD_read_lock(namemap->lock))
        return -1;
    rv = namemap->max_number == 0;
    CRYPTO_THREAD_unlock(namemap->lock);
    return rv;
#else
    /* Have TSAN support */
    return namemap == NULL || tsan_load(&namemap->max_number) == 0;
#endif
}

/*
 * Call the callback for all names in the namemap with the given number.
 * A return value 1 means that the callback was called for all names. A
 * return value of 0 means that the callback was not called for any names.
 */
int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
                             void (*fn)(const char *name, void *data),
                             void *data)
{
    int i;
    NAMES *names;

    if (namemap == NULL || number <= 0)
        return 0;

    /*
     * We duplicate the NAMES stack under a read lock. Subsequently we call
     * the user function, so that we're not holding the read lock when in user
     * code. This could lead to deadlocks.
     */
    if (!CRYPTO_THREAD_read_lock(namemap->lock))
        return 0;

    names = sk_NAMES_value(namemap->numnames, number - 1);
    if (names != NULL)
        names = sk_OPENSSL_STRING_dup(names);

    CRYPTO_THREAD_unlock(namemap->lock);

    if (names == NULL)
        return 0;

    for (i = 0; i < sk_OPENSSL_STRING_num(names); i++)
        fn(sk_OPENSSL_STRING_value(names, i), data);

    sk_OPENSSL_STRING_free(names);
    return i > 0;
}

int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name)
{
    int number = 0;
    HT_VALUE *val;
    NAMENUM_KEY key;

#ifndef FIPS_MODULE
    if (namemap == NULL)
        namemap = ossl_namemap_stored(NULL);
#endif

    if (namemap == NULL)
        return 0;

    HT_INIT_KEY(&key);
    HT_SET_KEY_STRING_CASE(&key, name, name);

    val = ossl_ht_get(namemap->namenum_ht, TO_HT_KEY(&key));

    if (val != NULL)
        /* We store a (small) int directly instead of a pointer to it. */
        number = (int)(intptr_t)val->value;

    return number;
}

int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
                            const char *name, size_t name_len)
{
    int number = 0;
    HT_VALUE *val;
    NAMENUM_KEY key;

#ifndef FIPS_MODULE
    if (namemap == NULL)
        namemap = ossl_namemap_stored(NULL);
#endif

    if (namemap == NULL)
        return 0;

    HT_INIT_KEY(&key);
    HT_SET_KEY_STRING_CASE_N(&key, name, name, (int)name_len);

    val = ossl_ht_get(namemap->namenum_ht, TO_HT_KEY(&key));

    if (val != NULL)
        /* We store a (small) int directly instead of a pointer to it. */
        number = (int)(intptr_t)val->value;

    return number;
}

const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
                                  int idx)
{
    NAMES *names;
    const char *ret = NULL;

    if (namemap == NULL || number <= 0)
        return NULL;

    if (!CRYPTO_THREAD_read_lock(namemap->lock))
        return NULL;

    names = sk_NAMES_value(namemap->numnames, number - 1);
    if (names != NULL)
        ret = sk_OPENSSL_STRING_value(names, idx);

    CRYPTO_THREAD_unlock(namemap->lock);

    return ret;
}

/* This function is not thread safe, the namemap must be locked */
static int numname_insert(OSSL_NAMEMAP *namemap, int number,
                          const char *name)
{
    NAMES *names;
    char *tmpname;

    if (number > 0) {
        names = sk_NAMES_value(namemap->numnames, number - 1);
        if (!ossl_assert(names != NULL)) {
            /* cannot happen */
            return 0;
        }
    } else {
        /* a completely new entry */
        names = sk_OPENSSL_STRING_new_null();
        if (names == NULL)
            return 0;
    }

    if ((tmpname = OPENSSL_strdup(name)) == NULL)
        goto err;

    if (!sk_OPENSSL_STRING_push(names, tmpname))
        goto err;
    tmpname = NULL;

    if (number <= 0) {
        if (!sk_NAMES_push(namemap->numnames, names))
            goto err;
        number = sk_NAMES_num(namemap->numnames);
    }
    return number;

 err:
    if (number <= 0)
        sk_OPENSSL_STRING_pop_free(names, name_string_free);
    OPENSSL_free(tmpname);
    return 0;
}

/* This function is not thread safe, the namemap must be locked */
static int namemap_add_name(OSSL_NAMEMAP *namemap, int number,
                            const char *name)
{
    int ret;
    HT_VALUE val = { 0 };
    NAMENUM_KEY key;

    /* If it already exists, we don't add it */
    if ((ret = ossl_namemap_name2num(namemap, name)) != 0)
        return ret;

    if ((number = numname_insert(namemap, number, name)) == 0)
        return 0;

    /* Using tsan_store alone here is safe since we're under lock */
    tsan_store(&namemap->max_number, number);

    HT_INIT_KEY(&key);
    HT_SET_KEY_STRING_CASE(&key, name, name);
    val.value = (void *)(intptr_t)number;
    ret = ossl_ht_insert(namemap->namenum_ht, TO_HT_KEY(&key), &val, NULL);
    if (!ossl_assert(ret != 0)) /* cannot happen as we are under write lock */
        return 0;
    if (ret < 1) {
        /* unable to insert due to too many collisions */
        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_NAMES);
        return 0;
    }
    return number;
}

int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number,
                          const char *name)
{
    int tmp_number;

#ifndef FIPS_MODULE
    if (namemap == NULL)
        namemap = ossl_namemap_stored(NULL);
#endif

    if (name == NULL || *name == 0 || namemap == NULL)
        return 0;

    if (!CRYPTO_THREAD_write_lock(namemap->lock))
        return 0;
    tmp_number = namemap_add_name(namemap, number, name);
    CRYPTO_THREAD_unlock(namemap->lock);
    return tmp_number;
}

int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
                           const char *names, const char separator)
{
    char *tmp, *p, *q, *endp;

    /* Check that we have a namemap */
    if (!ossl_assert(namemap != NULL)) {
        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }

    if ((tmp = OPENSSL_strdup(names)) == NULL)
        return 0;

    if (!CRYPTO_THREAD_write_lock(namemap->lock)) {
        OPENSSL_free(tmp);
        return 0;
    }
    /*
     * Check that no name is an empty string, and that all names have at
     * most one numeric identity together.
     */
    for (p = tmp; *p != '\0'; p = q) {
        int this_number;
        size_t l;

        if ((q = strchr(p, separator)) == NULL) {
            l = strlen(p);       /* offset to \0 */
            q = p + l;
        } else {
            l = q - p;           /* offset to the next separator */
            *q++ = '\0';
        }

        if (*p == '\0') {
            ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
            number = 0;
            goto end;
        }

        this_number = ossl_namemap_name2num(namemap, p);

        if (number == 0) {
            number = this_number;
        } else if (this_number != 0 && this_number != number) {
            ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
                           "\"%s\" has an existing different identity %d (from \"%s\")",
                           p, this_number, names);
            number = 0;
            goto end;
        }
    }
    endp = p;

    /* Now that we have checked, register all names */
    for (p = tmp; p < endp; p = q) {
        int this_number;

        q = p + strlen(p) + 1;

        this_number = namemap_add_name(namemap, number, p);
        if (number == 0) {
            number = this_number;
        } else if (this_number != number) {
            ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
                           "Got number %d when expecting %d",
                           this_number, number);
            number = 0;
            goto end;
        }
    }

 end:
    CRYPTO_THREAD_unlock(namemap->lock);
    OPENSSL_free(tmp);
    return number;
}

/*-
 * Pre-population
 * ==============
 */

#ifndef FIPS_MODULE
#include <openssl/evp.h>

/* Creates an initial namemap with names found in the legacy method db */
static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
                                 void *arg)
{
    int num = 0;
    ASN1_OBJECT *obj;

    if (base_nid != NID_undef) {
        num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
        num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
    }

    if (nid != NID_undef) {
        num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
        num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
        if ((obj = OBJ_nid2obj(nid)) != NULL) {
            char txtoid[OSSL_MAX_NAME_SIZE];

            if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0)
                num = ossl_namemap_add_name(arg, num, txtoid);
        }
    }
    if (pem_name != NULL)
        num = ossl_namemap_add_name(arg, num, pem_name);
}

static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
{
    const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);

    if (cipher != NULL)
        get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
}

static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
{
    const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);

    if (md != NULL)
        get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
}

# ifndef OPENSSL_NO_DEPRECATED_3_6
static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
                                       void *arg)
{
    int nid = 0, base_nid = 0, flags = 0;
    const char *pem_name = NULL;

    EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
    if (nid != NID_undef) {
        if ((flags & ASN1_PKEY_ALIAS) == 0) {
            switch (nid) {
            case EVP_PKEY_DHX:
                /* We know that the name "DHX" is used too */
                get_legacy_evp_names(0, nid, "DHX", arg);
                /* FALLTHRU */
            default:
                get_legacy_evp_names(0, nid, pem_name, arg);
            }
        } else {
            /*
             * Treat aliases carefully, some of them are undesirable, or
             * should not be treated as such for providers.
             */

            switch (nid) {
            case EVP_PKEY_SM2:
                /*
                 * SM2 is a separate keytype with providers, not an alias for
                 * EC.
                 */
                get_legacy_evp_names(0, nid, pem_name, arg);
                break;
            default:
                /* Use the short name of the base nid as the common reference */
                get_legacy_evp_names(base_nid, nid, pem_name, arg);
            }
        }
    }
}
# endif /* OPENSSL_NO_DEPRECATED_3_6 */
#endif

/*-
 * Constructors / destructors
 * ==========================
 */

OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
{
#ifndef FIPS_MODULE
    int nms;
#endif
    OSSL_NAMEMAP *namemap =
        ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX);

    if (namemap == NULL)
        return NULL;

#ifndef FIPS_MODULE
    nms = ossl_namemap_empty(namemap);
    if (nms < 0) {
        /*
         * Could not get lock to make the count, so maybe internal objects
         * weren't added. This seems safest.
         */
        return NULL;
    }
    if (nms == 1) {
        int num;

        /* Before pilfering, we make sure the legacy database is populated */
        OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
                            | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);

        OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
                        get_legacy_cipher_names, namemap);
        OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
                        get_legacy_md_names, namemap);

        /*
         * Some old providers (<= 3.5) may not have the rsassaPSS alias which
         * may cause problems in some cases. We add it manually here
         */
        num = ossl_namemap_add_name(namemap, 0, "RSA-PSS");
        if (num != 0) {
            ossl_namemap_add_name(namemap, num, "rsassaPss");
            /* Add other RSA-PSS aliases as well */
            ossl_namemap_add_name(namemap, num, "RSASSA-PSS");
            ossl_namemap_add_name(namemap, num, "1.2.840.113549.1.1.10");
        }
# ifndef OPENSSL_NO_DEPRECATED_3_6
        {
            int i, end;

            /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
            for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
                get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
        }
# endif
    }
#endif

    return namemap;
}

OSSL_NAMEMAP *ossl_namemap_new(OSSL_LIB_CTX *libctx)
{
    OSSL_NAMEMAP *namemap;
    HT_CONFIG htconf = { NULL, NULL, NULL, NAMEMAP_HT_BUCKETS, 1, 1 };

    htconf.ctx = libctx;

    if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) == NULL)
        goto err;

    if ((namemap->lock = CRYPTO_THREAD_lock_new()) == NULL)
        goto err;

    if ((namemap->namenum_ht = ossl_ht_new(&htconf)) == NULL)
        goto err;

    if ((namemap->numnames = sk_NAMES_new_null()) == NULL)
        goto err;

    return namemap;

 err:
    ossl_namemap_free(namemap);
    return NULL;
}

void ossl_namemap_free(OSSL_NAMEMAP *namemap)
{
    if (namemap == NULL || namemap->stored)
        return;

    sk_NAMES_pop_free(namemap->numnames, names_free);

    ossl_ht_free(namemap->namenum_ht);

    CRYPTO_THREAD_lock_free(namemap->lock);
    OPENSSL_free(namemap);
}

Coverage Report

Created: 2025-07-23 06:08

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		/*
11		* For EVP_PKEY_asn1_get0_info(), EVP_PKEY_asn1_get_count() and
12		* EVP_PKEY_asn1_get0()
13		*/
14		#define OPENSSL_SUPPRESS_DEPRECATED
15
16		#include "internal/namemap.h"
17		#include "internal/tsan_assist.h"
18		#include "internal/hashtable.h"
19		#include "internal/sizes.h"
20		#include "crypto/context.h"
21
22	1	#define NAMEMAP_HT_BUCKETS 512
23
24		HT_START_KEY_DEFN(namenum_key)
25		HT_DEF_KEY_FIELD_CHAR_ARRAY(name, 64)
26		HT_END_KEY_DEFN(NAMENUM_KEY)
27
28		/*-
29		* The namemap itself
30		* ==================
31		*/
32
33		typedef STACK_OF(OPENSSL_STRING) NAMES;
34
35		DEFINE_STACK_OF(NAMES)
36
37		struct ossl_namemap_st {
38		/* Flags */
39		unsigned int stored:1; /* If 1, it's stored in a library context */
40
41		HT namenum_ht; / Name->number mapping */
42
43		CRYPTO_RWLOCK *lock;
44		STACK_OF(NAMES) *numnames;
45
46		TSAN_QUALIFIER int max_number; /* Current max number */
47		};
48
49		static void name_string_free(char *name)
50	354	{
51	354	OPENSSL_free(name);
52	354	}
53
54		static void names_free(NAMES *n)
55	177	{
56	177	sk_OPENSSL_STRING_pop_free(n, name_string_free);
57	177	}
58
59		/* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
60
61		void ossl_stored_namemap_new(OSSL_LIB_CTX libctx)
62	1	{
63	1	OSSL_NAMEMAP *namemap = ossl_namemap_new(libctx);
64
65	1	if (namemap != NULL)
66	1	namemap->stored = 1;
67
68	1	return namemap;
69	1	}
70
71		void ossl_stored_namemap_free(void *vnamemap)
72	1	{
73	1	OSSL_NAMEMAP *namemap = vnamemap;
74
75	1	if (namemap != NULL) {
76		/* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
77	1	namemap->stored = 0;
78	1	ossl_namemap_free(namemap);
79	1	}
80	1	}
81
82		/*-
83		* API functions
84		* =============
85		*/
86
87		int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
88	393	{
89		#ifdef TSAN_REQUIRES_LOCKING
90		/* No TSAN support */
91		int rv;
92
93		if (namemap == NULL)
94		return 1;
95
96		if (!CRYPTO_THREAD_read_lock(namemap->lock))
97		return -1;
98		rv = namemap->max_number == 0;
99		CRYPTO_THREAD_unlock(namemap->lock);
100		return rv;
101		#else
102		/* Have TSAN support */
103	393	return namemap == NULL \|\| tsan_load(&namemap->max_number) == 0;
104	393	#endif
105	393	}
106
107		/*
108		* Call the callback for all names in the namemap with the given number.
109		* A return value 1 means that the callback was called for all names. A
110		* return value of 0 means that the callback was not called for any names.
111		*/
112		int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
113		void (fn)(const char name, void *data),
114		void *data)
115	130	{
116	130	int i;
117	130	NAMES *names;
118
119	130	if (namemap == NULL \|\| number <= 0)
120	0	return 0;
121
122		/*
123		* We duplicate the NAMES stack under a read lock. Subsequently we call
124		* the user function, so that we're not holding the read lock when in user
125		* code. This could lead to deadlocks.
126		*/
127	130	if (!CRYPTO_THREAD_read_lock(namemap->lock))
128	0	return 0;
129
130	130	names = sk_NAMES_value(namemap->numnames, number - 1);
131	130	if (names != NULL)
132	130	names = sk_OPENSSL_STRING_dup(names);
133
134	130	CRYPTO_THREAD_unlock(namemap->lock);
135
136	130	if (names == NULL)
137	0	return 0;
138
139	373	for (i = 0; i < sk_OPENSSL_STRING_num(names); i++)
140	243	fn(sk_OPENSSL_STRING_value(names, i), data);
141
142	130	sk_OPENSSL_STRING_free(names);
143	130	return i > 0;
144	130	}
145
146		int ossl_namemap_name2num(const OSSL_NAMEMAP namemap, const char name)
147	1.13k	{
148	1.13k	int number = 0;
149	1.13k	HT_VALUE *val;
150	1.13k	NAMENUM_KEY key;
151
152	1.13k	#ifndef FIPS_MODULE
153	1.13k	if (namemap == NULL)
154	0	namemap = ossl_namemap_stored(NULL);
155	1.13k	#endif
156
157	1.13k	if (namemap == NULL)
158	0	return 0;
159
160	1.13k	HT_INIT_KEY(&key);
161	1.13k	HT_SET_KEY_STRING_CASE(&key, name, name);
162
163	1.13k	val = ossl_ht_get(namemap->namenum_ht, TO_HT_KEY(&key));
164
165	1.13k	if (val != NULL)
166		/* We store a (small) int directly instead of a pointer to it. */
167	684	number = (int)(intptr_t)val->value;
168
169	1.13k	return number;
170	1.13k	}
171
172		int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
173		const char *name, size_t name_len)
174	130	{
175	130	int number = 0;
176	130	HT_VALUE *val;
177	130	NAMENUM_KEY key;
178
179	130	#ifndef FIPS_MODULE
180	130	if (namemap == NULL)
181	0	namemap = ossl_namemap_stored(NULL);
182	130	#endif
183
184	130	if (namemap == NULL)
185	0	return 0;
186
187	130	HT_INIT_KEY(&key);
188	130	HT_SET_KEY_STRING_CASE_N(&key, name, name, (int)name_len);
189
190	130	val = ossl_ht_get(namemap->namenum_ht, TO_HT_KEY(&key));
191
192	130	if (val != NULL)
193		/* We store a (small) int directly instead of a pointer to it. */
194	130	number = (int)(intptr_t)val->value;
195
196	130	return number;
197	130	}
198
199		const char ossl_namemap_num2name(const OSSL_NAMEMAP namemap, int number,
200		int idx)
201	0	{
202	0	NAMES *names;
203	0	const char *ret = NULL;
204
205	0	if (namemap == NULL \|\| number <= 0)
206	0	return NULL;
207
208	0	if (!CRYPTO_THREAD_read_lock(namemap->lock))
209	0	return NULL;
210
211	0	names = sk_NAMES_value(namemap->numnames, number - 1);
212	0	if (names != NULL)
213	0	ret = sk_OPENSSL_STRING_value(names, idx);
214
215	0	CRYPTO_THREAD_unlock(namemap->lock);
216
217	0	return ret;
218	0	}
219
220		/* This function is not thread safe, the namemap must be locked */
221		static int numname_insert(OSSL_NAMEMAP *namemap, int number,
222		const char *name)
223	354	{
224	354	NAMES *names;
225	354	char *tmpname;
226
227	354	if (number > 0) {
228	177	names = sk_NAMES_value(namemap->numnames, number - 1);
229	177	if (!ossl_assert(names != NULL)) {
230		/* cannot happen */
231	0	return 0;
232	0	}
233	177	} else {
234		/* a completely new entry */
235	177	names = sk_OPENSSL_STRING_new_null();
236	177	if (names == NULL)
237	0	return 0;
238	177	}
239
240	354	if ((tmpname = OPENSSL_strdup(name)) == NULL)
241	0	goto err;
242
243	354	if (!sk_OPENSSL_STRING_push(names, tmpname))
244	0	goto err;
245	354	tmpname = NULL;
246
247	354	if (number <= 0) {
248	177	if (!sk_NAMES_push(namemap->numnames, names))
249	0	goto err;
250	177	number = sk_NAMES_num(namemap->numnames);
251	177	}
252	354	return number;
253
254	0	err:
255	0	if (number <= 0)
256	0	sk_OPENSSL_STRING_pop_free(names, name_string_free);
257	0	OPENSSL_free(tmpname);
258	0	return 0;
259	354	}
260
261		/* This function is not thread safe, the namemap must be locked */
262		static int namemap_add_name(OSSL_NAMEMAP *namemap, int number,
263		const char *name)
264	889	{
265	889	int ret;
266	889	HT_VALUE val = { 0 };
267	889	NAMENUM_KEY key;
268
269		/* If it already exists, we don't add it */
270	889	if ((ret = ossl_namemap_name2num(namemap, name)) != 0)
271	535	return ret;
272
273	354	if ((number = numname_insert(namemap, number, name)) == 0)
274	0	return 0;
275
276		/* Using tsan_store alone here is safe since we're under lock */
277	354	tsan_store(&namemap->max_number, number);
278
279	354	HT_INIT_KEY(&key);
280	354	HT_SET_KEY_STRING_CASE(&key, name, name);
281	354	val.value = (void *)(intptr_t)number;
282	354	ret = ossl_ht_insert(namemap->namenum_ht, TO_HT_KEY(&key), &val, NULL);
283	354	if (!ossl_assert(ret != 0)) /* cannot happen as we are under write lock */
284	0	return 0;
285	354	if (ret < 1) {
286		/* unable to insert due to too many collisions */
287	0	ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_NAMES);
288	0	return 0;
289	0	}
290	354	return number;
291	354	}
292
293		int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number,
294		const char *name)
295	646	{
296	646	int tmp_number;
297
298	646	#ifndef FIPS_MODULE
299	646	if (namemap == NULL)
300	0	namemap = ossl_namemap_stored(NULL);
301	646	#endif
302
303	646	if (name == NULL \|\| *name == 0 \|\| namemap == NULL)
304	0	return 0;
305
306	646	if (!CRYPTO_THREAD_write_lock(namemap->lock))
307	0	return 0;
308	646	tmp_number = namemap_add_name(namemap, number, name);
309	646	CRYPTO_THREAD_unlock(namemap->lock);
310	646	return tmp_number;
311	646	}
312
313		int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
314		const char *names, const char separator)
315	130	{
316	130	char tmp, p, q, endp;
317
318		/* Check that we have a namemap */
319	130	if (!ossl_assert(namemap != NULL)) {
320	0	ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
321	0	return 0;
322	0	}
323
324	130	if ((tmp = OPENSSL_strdup(names)) == NULL)
325	0	return 0;
326
327	130	if (!CRYPTO_THREAD_write_lock(namemap->lock)) {
328	0	OPENSSL_free(tmp);
329	0	return 0;
330	0	}
331		/*
332		* Check that no name is an empty string, and that all names have at
333		* most one numeric identity together.
334		*/
335	373	for (p = tmp; *p != '\0'; p = q) {
336	243	int this_number;
337	243	size_t l;
338
339	243	if ((q = strchr(p, separator)) == NULL) {
340	130	l = strlen(p); /* offset to \0 */
341	130	q = p + l;
342	130	} else {
343	113	l = q - p; /* offset to the next separator */
344	113	*q++ = '\0';
345	113	}
346
347	243	if (*p == '\0') {
348	0	ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
349	0	number = 0;
350	0	goto end;
351	0	}
352
353	243	this_number = ossl_namemap_name2num(namemap, p);
354
355	243	if (number == 0) {
356	148	number = this_number;
357	148	} else if (this_number != 0 && this_number != number) {
358	0	ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
359	0	"\"%s\" has an existing different identity %d (from \"%s\")",
360	0	p, this_number, names);
361	0	number = 0;
362	0	goto end;
363	0	}
364	243	}
365	130	endp = p;
366
367		/* Now that we have checked, register all names */
368	373	for (p = tmp; p < endp; p = q) {
369	243	int this_number;
370
371	243	q = p + strlen(p) + 1;
372
373	243	this_number = namemap_add_name(namemap, number, p);
374	243	if (number == 0) {
375	60	number = this_number;
376	183	} else if (this_number != number) {
377	0	ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
378	0	"Got number %d when expecting %d",
379	0	this_number, number);
380	0	number = 0;
381	0	goto end;
382	0	}
383	243	}
384
385	130	end:
386	130	CRYPTO_THREAD_unlock(namemap->lock);
387	130	OPENSSL_free(tmp);
388	130	return number;
389	130	}
390
391		/*-
392		* Pre-population
393		* ==============
394		*/
395
396		#ifndef FIPS_MODULE
397		#include <openssl/evp.h>
398
399		/* Creates an initial namemap with names found in the legacy method db */
400		static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
401		void *arg)
402	253	{
403	253	int num = 0;
404	253	ASN1_OBJECT *obj;
405
406	253	if (base_nid != NID_undef) {
407	4	num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
408	4	num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
409	4	}
410
411	253	if (nid != NID_undef) {
412	208	num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
413	208	num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
414	208	if ((obj = OBJ_nid2obj(nid)) != NULL) {
415	208	char txtoid[OSSL_MAX_NAME_SIZE];
416
417	208	if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0)
418	207	num = ossl_namemap_add_name(arg, num, txtoid);
419	208	}
420	208	}
421	253	if (pem_name != NULL)
422	11	num = ossl_namemap_add_name(arg, num, pem_name);
423	253	}
424
425		static void get_legacy_cipher_names(const OBJ_NAME on, void arg)
426	178	{
427	178	const EVP_CIPHER cipher = (void )OBJ_NAME_get(on->name, on->type);
428
429	178	if (cipher != NULL)
430	178	get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
431	178	}
432
433		static void get_legacy_md_names(const OBJ_NAME on, void arg)
434	59	{
435	59	const EVP_MD md = (void )OBJ_NAME_get(on->name, on->type);
436
437	59	if (md != NULL)
438	59	get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
439	59	}
440
441		# ifndef OPENSSL_NO_DEPRECATED_3_6
442		static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
443		void *arg)
444	15	{
445	15	int nid = 0, base_nid = 0, flags = 0;
446	15	const char *pem_name = NULL;
447
448	15	EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
449	15	if (nid != NID_undef) {
450	15	if ((flags & ASN1_PKEY_ALIAS) == 0) {
451	10	switch (nid) {
452	1	case EVP_PKEY_DHX:
453		/* We know that the name "DHX" is used too */
454	1	get_legacy_evp_names(0, nid, "DHX", arg);
455		/* FALLTHRU */
456	10	default:
457	10	get_legacy_evp_names(0, nid, pem_name, arg);
458	10	}
459	10	} else {
460		/*
461		* Treat aliases carefully, some of them are undesirable, or
462		* should not be treated as such for providers.
463		*/
464
465	5	switch (nid) {
466	1	case EVP_PKEY_SM2:
467		/*
468		* SM2 is a separate keytype with providers, not an alias for
469		* EC.
470		*/
471	1	get_legacy_evp_names(0, nid, pem_name, arg);
472	1	break;
473	4	default:
474		/* Use the short name of the base nid as the common reference */
475	4	get_legacy_evp_names(base_nid, nid, pem_name, arg);
476	5	}
477	5	}
478	15	}
479	15	}
480		# endif /* OPENSSL_NO_DEPRECATED_3_6 */
481		#endif
482
483		/*-
484		* Constructors / destructors
485		* ==========================
486		*/
487
488		OSSL_NAMEMAP ossl_namemap_stored(OSSL_LIB_CTX libctx)
489	393	{
490	393	#ifndef FIPS_MODULE
491	393	int nms;
492	393	#endif
493	393	OSSL_NAMEMAP *namemap =
494	393	ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX);
495
496	393	if (namemap == NULL)
497	0	return NULL;
498
499	393	#ifndef FIPS_MODULE
500	393	nms = ossl_namemap_empty(namemap);
501	393	if (nms < 0) {
502		/*
503		* Could not get lock to make the count, so maybe internal objects
504		* weren't added. This seems safest.
505		*/
506	0	return NULL;
507	0	}
508	393	if (nms == 1) {
509	1	int num;
510
511		/* Before pilfering, we make sure the legacy database is populated */
512	1	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
513	1	\| OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
514
515	1	OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
516	1	get_legacy_cipher_names, namemap);
517	1	OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
518	1	get_legacy_md_names, namemap);
519
520		/*
521		* Some old providers (<= 3.5) may not have the rsassaPSS alias which
522		* may cause problems in some cases. We add it manually here
523		*/
524	1	num = ossl_namemap_add_name(namemap, 0, "RSA-PSS");
525	1	if (num != 0) {
526	1	ossl_namemap_add_name(namemap, num, "rsassaPss");
527		/* Add other RSA-PSS aliases as well */
528	1	ossl_namemap_add_name(namemap, num, "RSASSA-PSS");
529	1	ossl_namemap_add_name(namemap, num, "1.2.840.113549.1.1.10");
530	1	}
531	1	# ifndef OPENSSL_NO_DEPRECATED_3_6
532	1	{
533	1	int i, end;
534
535		/* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
536	16	for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
537	15	get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
538	1	}
539	1	# endif
540	1	}
541	393	#endif
542
543	393	return namemap;
544	393	}
545
546		OSSL_NAMEMAP ossl_namemap_new(OSSL_LIB_CTX libctx)
547	1	{
548	1	OSSL_NAMEMAP *namemap;
549	1	HT_CONFIG htconf = { NULL, NULL, NULL, NAMEMAP_HT_BUCKETS, 1, 1 };
550
551	1	htconf.ctx = libctx;
552
553	1	if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) == NULL)
554	0	goto err;
555
556	1	if ((namemap->lock = CRYPTO_THREAD_lock_new()) == NULL)
557	0	goto err;
558
559	1	if ((namemap->namenum_ht = ossl_ht_new(&htconf)) == NULL)
560	0	goto err;
561
562	1	if ((namemap->numnames = sk_NAMES_new_null()) == NULL)
563	0	goto err;
564
565	1	return namemap;
566
567	0	err:
568	0	ossl_namemap_free(namemap);
569	0	return NULL;
570	1	}
571
572		void ossl_namemap_free(OSSL_NAMEMAP *namemap)
573	1	{
574	1	if (namemap == NULL \|\| namemap->stored)
575	0	return;
576
577	1	sk_NAMES_pop_free(namemap->numnames, names_free);
578
579	1	ossl_ht_free(namemap->namenum_ht);
580
581	1	CRYPTO_THREAD_lock_free(namemap->lock);
582	1	OPENSSL_free(namemap);
583	1	}