/src/openssl32/crypto/core_namemap.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "internal/namemap.h" |
11 | | #include <openssl/lhash.h> |
12 | | #include "crypto/lhash.h" /* ossl_lh_strcasehash */ |
13 | | #include "internal/tsan_assist.h" |
14 | | #include "internal/sizes.h" |
15 | | #include "crypto/context.h" |
16 | | |
17 | | /*- |
18 | | * The namenum entry |
19 | | * ================= |
20 | | */ |
21 | | typedef struct { |
22 | | char *name; |
23 | | int number; |
24 | | } NAMENUM_ENTRY; |
25 | | |
26 | | DEFINE_LHASH_OF_EX(NAMENUM_ENTRY); |
27 | | |
28 | | /*- |
29 | | * The namemap itself |
30 | | * ================== |
31 | | */ |
32 | | |
33 | | struct ossl_namemap_st { |
34 | | /* Flags */ |
35 | | unsigned int stored:1; /* If 1, it's stored in a library context */ |
36 | | |
37 | | CRYPTO_RWLOCK *lock; |
38 | | LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */ |
39 | | |
40 | | TSAN_QUALIFIER int max_number; /* Current max number */ |
41 | | }; |
42 | | |
43 | | /* LHASH callbacks */ |
44 | | |
45 | | static unsigned long namenum_hash(const NAMENUM_ENTRY *n) |
46 | 272M | { |
47 | 272M | return ossl_lh_strcasehash(n->name); |
48 | 272M | } |
49 | | |
50 | | static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b) |
51 | 203M | { |
52 | 203M | return OPENSSL_strcasecmp(a->name, b->name); |
53 | 203M | } |
54 | | |
55 | | static void namenum_free(NAMENUM_ENTRY *n) |
56 | 8.43k | { |
57 | 8.43k | if (n != NULL) |
58 | 8.43k | OPENSSL_free(n->name); |
59 | 8.43k | OPENSSL_free(n); |
60 | 8.43k | } |
61 | | |
62 | | /* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */ |
63 | | |
64 | | void *ossl_stored_namemap_new(OSSL_LIB_CTX *libctx) |
65 | 151 | { |
66 | 151 | OSSL_NAMEMAP *namemap = ossl_namemap_new(); |
67 | | |
68 | 151 | if (namemap != NULL) |
69 | 151 | namemap->stored = 1; |
70 | | |
71 | 151 | return namemap; |
72 | 151 | } |
73 | | |
74 | | void ossl_stored_namemap_free(void *vnamemap) |
75 | 99 | { |
76 | 99 | OSSL_NAMEMAP *namemap = vnamemap; |
77 | | |
78 | 99 | if (namemap != NULL) { |
79 | | /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */ |
80 | 99 | namemap->stored = 0; |
81 | 99 | ossl_namemap_free(namemap); |
82 | 99 | } |
83 | 99 | } |
84 | | |
85 | | /*- |
86 | | * API functions |
87 | | * ============= |
88 | | */ |
89 | | |
90 | | int ossl_namemap_empty(OSSL_NAMEMAP *namemap) |
91 | 285M | { |
92 | | #ifdef TSAN_REQUIRES_LOCKING |
93 | | /* No TSAN support */ |
94 | | int rv; |
95 | | |
96 | | if (namemap == NULL) |
97 | | return 1; |
98 | | |
99 | | if (!CRYPTO_THREAD_read_lock(namemap->lock)) |
100 | | return -1; |
101 | | rv = namemap->max_number == 0; |
102 | | CRYPTO_THREAD_unlock(namemap->lock); |
103 | | return rv; |
104 | | #else |
105 | | /* Have TSAN support */ |
106 | 285M | return namemap == NULL || tsan_load(&namemap->max_number) == 0; |
107 | 285M | #endif |
108 | 285M | } |
109 | | |
110 | | typedef struct doall_names_data_st { |
111 | | int number; |
112 | | const char **names; |
113 | | int found; |
114 | | } DOALL_NAMES_DATA; |
115 | | |
116 | | static void do_name(const NAMENUM_ENTRY *namenum, DOALL_NAMES_DATA *data) |
117 | 1.09G | { |
118 | 1.09G | if (namenum->number == data->number) |
119 | 13.1M | data->names[data->found++] = namenum->name; |
120 | 1.09G | } |
121 | | |
122 | | IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA); |
123 | | |
124 | | /* |
125 | | * Call the callback for all names in the namemap with the given number. |
126 | | * A return value 1 means that the callback was called for all names. A |
127 | | * return value of 0 means that the callback was not called for any names. |
128 | | */ |
129 | | int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, |
130 | | void (*fn)(const char *name, void *data), |
131 | | void *data) |
132 | 2.92M | { |
133 | 2.92M | DOALL_NAMES_DATA cbdata; |
134 | 2.92M | size_t num_names; |
135 | 2.92M | int i; |
136 | | |
137 | 2.92M | cbdata.number = number; |
138 | 2.92M | cbdata.found = 0; |
139 | | |
140 | 2.92M | if (namemap == NULL) |
141 | 0 | return 0; |
142 | | |
143 | | /* |
144 | | * We collect all the names first under a read lock. Subsequently we call |
145 | | * the user function, so that we're not holding the read lock when in user |
146 | | * code. This could lead to deadlocks. |
147 | | */ |
148 | 2.92M | if (!CRYPTO_THREAD_read_lock(namemap->lock)) |
149 | 0 | return 0; |
150 | | |
151 | 2.92M | num_names = lh_NAMENUM_ENTRY_num_items(namemap->namenum); |
152 | 2.92M | if (num_names == 0) { |
153 | 0 | CRYPTO_THREAD_unlock(namemap->lock); |
154 | 0 | return 0; |
155 | 0 | } |
156 | 2.92M | cbdata.names = OPENSSL_malloc(sizeof(*cbdata.names) * num_names); |
157 | 2.92M | if (cbdata.names == NULL) { |
158 | 0 | CRYPTO_THREAD_unlock(namemap->lock); |
159 | 0 | return 0; |
160 | 0 | } |
161 | 2.92M | lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name, |
162 | 2.92M | &cbdata); |
163 | 2.92M | CRYPTO_THREAD_unlock(namemap->lock); |
164 | | |
165 | 16.0M | for (i = 0; i < cbdata.found; i++) |
166 | 13.1M | fn(cbdata.names[i], data); |
167 | | |
168 | 2.92M | OPENSSL_free(cbdata.names); |
169 | 2.92M | return 1; |
170 | 2.92M | } |
171 | | |
172 | | /* This function is not thread safe, the namemap must be locked */ |
173 | | static int namemap_name2num(const OSSL_NAMEMAP *namemap, |
174 | | const char *name) |
175 | 40.9M | { |
176 | 40.9M | NAMENUM_ENTRY *namenum_entry, namenum_tmpl; |
177 | | |
178 | 40.9M | namenum_tmpl.name = (char *)name; |
179 | 40.9M | namenum_tmpl.number = 0; |
180 | 40.9M | namenum_entry = |
181 | 40.9M | lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl); |
182 | 40.9M | return namenum_entry != NULL ? namenum_entry->number : 0; |
183 | 40.9M | } |
184 | | |
185 | | int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name) |
186 | 40.9M | { |
187 | 40.9M | int number; |
188 | | |
189 | 40.9M | #ifndef FIPS_MODULE |
190 | 40.9M | if (namemap == NULL) |
191 | 0 | namemap = ossl_namemap_stored(NULL); |
192 | 40.9M | #endif |
193 | | |
194 | 40.9M | if (namemap == NULL) |
195 | 0 | return 0; |
196 | | |
197 | 40.9M | if (!CRYPTO_THREAD_read_lock(namemap->lock)) |
198 | 0 | return 0; |
199 | 40.9M | number = namemap_name2num(namemap, name); |
200 | 40.9M | CRYPTO_THREAD_unlock(namemap->lock); |
201 | | |
202 | 40.9M | return number; |
203 | 40.9M | } |
204 | | |
205 | | int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, |
206 | | const char *name, size_t name_len) |
207 | 405k | { |
208 | 405k | char *tmp; |
209 | 405k | int ret; |
210 | | |
211 | 405k | if (name == NULL || (tmp = OPENSSL_strndup(name, name_len)) == NULL) |
212 | 0 | return 0; |
213 | | |
214 | 405k | ret = ossl_namemap_name2num(namemap, tmp); |
215 | 405k | OPENSSL_free(tmp); |
216 | 405k | return ret; |
217 | 405k | } |
218 | | |
219 | | struct num2name_data_st { |
220 | | size_t idx; /* Countdown */ |
221 | | const char *name; /* Result */ |
222 | | }; |
223 | | |
224 | | static void do_num2name(const char *name, void *vdata) |
225 | 0 | { |
226 | 0 | struct num2name_data_st *data = vdata; |
227 | |
|
228 | 0 | if (data->idx > 0) |
229 | 0 | data->idx--; |
230 | 0 | else if (data->name == NULL) |
231 | 0 | data->name = name; |
232 | 0 | } |
233 | | |
234 | | const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, |
235 | | size_t idx) |
236 | 0 | { |
237 | 0 | struct num2name_data_st data; |
238 | |
|
239 | 0 | data.idx = idx; |
240 | 0 | data.name = NULL; |
241 | 0 | if (!ossl_namemap_doall_names(namemap, number, do_num2name, &data)) |
242 | 0 | return NULL; |
243 | 0 | return data.name; |
244 | 0 | } |
245 | | |
246 | | /* This function is not thread safe, the namemap must be locked */ |
247 | | static int namemap_add_name(OSSL_NAMEMAP *namemap, int number, |
248 | | const char *name) |
249 | 16.1k | { |
250 | 16.1k | NAMENUM_ENTRY *namenum = NULL; |
251 | 16.1k | int tmp_number; |
252 | | |
253 | | /* If it already exists, we don't add it */ |
254 | 16.1k | if ((tmp_number = namemap_name2num(namemap, name)) != 0) |
255 | 10.1k | return tmp_number; |
256 | | |
257 | 6.00k | if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL) |
258 | 0 | return 0; |
259 | | |
260 | 6.00k | if ((namenum->name = OPENSSL_strdup(name)) == NULL) |
261 | 0 | goto err; |
262 | | |
263 | | /* The tsan_counter use here is safe since we're under lock */ |
264 | 6.00k | namenum->number = |
265 | 6.00k | number != 0 ? number : 1 + tsan_counter(&namemap->max_number); |
266 | 6.00k | (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum); |
267 | | |
268 | 6.00k | if (lh_NAMENUM_ENTRY_error(namemap->namenum)) |
269 | 0 | goto err; |
270 | 6.00k | return namenum->number; |
271 | | |
272 | 0 | err: |
273 | 0 | namenum_free(namenum); |
274 | 0 | return 0; |
275 | 6.00k | } |
276 | | |
277 | | int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, |
278 | | const char *name) |
279 | 24.6k | { |
280 | 24.6k | int tmp_number; |
281 | | |
282 | 24.6k | #ifndef FIPS_MODULE |
283 | 24.6k | if (namemap == NULL) |
284 | 0 | namemap = ossl_namemap_stored(NULL); |
285 | 24.6k | #endif |
286 | | |
287 | 24.6k | if (name == NULL || *name == 0 || namemap == NULL) |
288 | 0 | return 0; |
289 | | |
290 | 24.6k | if (!CRYPTO_THREAD_write_lock(namemap->lock)) |
291 | 0 | return 0; |
292 | 24.6k | tmp_number = namemap_add_name(namemap, number, name); |
293 | 24.6k | CRYPTO_THREAD_unlock(namemap->lock); |
294 | 24.6k | return tmp_number; |
295 | 24.6k | } |
296 | | |
297 | | int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, |
298 | | const char *names, const char separator) |
299 | 8.86k | { |
300 | 8.86k | char *tmp, *p, *q, *endp; |
301 | | |
302 | | /* Check that we have a namemap */ |
303 | 8.86k | if (!ossl_assert(namemap != NULL)) { |
304 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); |
305 | 0 | return 0; |
306 | 0 | } |
307 | | |
308 | 8.86k | if ((tmp = OPENSSL_strdup(names)) == NULL) |
309 | 0 | return 0; |
310 | | |
311 | 8.86k | if (!CRYPTO_THREAD_write_lock(namemap->lock)) { |
312 | 0 | OPENSSL_free(tmp); |
313 | 0 | return 0; |
314 | 0 | } |
315 | | /* |
316 | | * Check that no name is an empty string, and that all names have at |
317 | | * most one numeric identity together. |
318 | | */ |
319 | 25.1k | for (p = tmp; *p != '\0'; p = q) { |
320 | 16.2k | int this_number; |
321 | 16.2k | size_t l; |
322 | | |
323 | 16.2k | if ((q = strchr(p, separator)) == NULL) { |
324 | 8.86k | l = strlen(p); /* offset to \0 */ |
325 | 8.86k | q = p + l; |
326 | 8.86k | } else { |
327 | 7.37k | l = q - p; /* offset to the next separator */ |
328 | 7.37k | *q++ = '\0'; |
329 | 7.37k | } |
330 | | |
331 | 16.2k | if (*p == '\0') { |
332 | 0 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME); |
333 | 0 | number = 0; |
334 | 0 | goto end; |
335 | 0 | } |
336 | | |
337 | 16.2k | this_number = namemap_name2num(namemap, p); |
338 | | |
339 | 16.2k | if (number == 0) { |
340 | 11.9k | number = this_number; |
341 | 11.9k | } else if (this_number != 0 && this_number != number) { |
342 | 0 | ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES, |
343 | 0 | "\"%s\" has an existing different identity %d (from \"%s\")", |
344 | 0 | p, this_number, names); |
345 | 0 | number = 0; |
346 | 0 | goto end; |
347 | 0 | } |
348 | 16.2k | } |
349 | 8.86k | endp = p; |
350 | | |
351 | | /* Now that we have checked, register all names */ |
352 | 25.1k | for (p = tmp; p < endp; p = q) { |
353 | 16.2k | int this_number; |
354 | | |
355 | 16.2k | q = p + strlen(p) + 1; |
356 | | |
357 | 16.2k | this_number = namemap_add_name(namemap, number, p); |
358 | 16.2k | if (number == 0) { |
359 | 3.00k | number = this_number; |
360 | 13.2k | } else if (this_number != number) { |
361 | 0 | ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR, |
362 | 0 | "Got number %d when expecting %d", |
363 | 0 | this_number, number); |
364 | 0 | number = 0; |
365 | 0 | goto end; |
366 | 0 | } |
367 | 16.2k | } |
368 | | |
369 | 8.86k | end: |
370 | 8.86k | CRYPTO_THREAD_unlock(namemap->lock); |
371 | 8.86k | OPENSSL_free(tmp); |
372 | 8.86k | return number; |
373 | 8.86k | } |
374 | | |
375 | | /*- |
376 | | * Pre-population |
377 | | * ============== |
378 | | */ |
379 | | |
380 | | #ifndef FIPS_MODULE |
381 | | #include <openssl/evp.h> |
382 | | |
383 | | /* Creates an initial namemap with names found in the legacy method db */ |
384 | | static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name, |
385 | | void *arg) |
386 | 11.5k | { |
387 | 11.5k | int num = 0; |
388 | 11.5k | ASN1_OBJECT *obj; |
389 | | |
390 | 11.5k | if (base_nid != NID_undef) { |
391 | 204 | num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid)); |
392 | 204 | num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid)); |
393 | 204 | } |
394 | | |
395 | 11.5k | if (nid != NID_undef) { |
396 | 9.43k | num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid)); |
397 | 9.43k | num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid)); |
398 | 9.43k | if ((obj = OBJ_nid2obj(nid)) != NULL) { |
399 | 9.43k | char txtoid[OSSL_MAX_NAME_SIZE]; |
400 | | |
401 | 9.43k | if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1) > 0) |
402 | 9.38k | num = ossl_namemap_add_name(arg, num, txtoid); |
403 | 9.43k | } |
404 | 9.43k | } |
405 | 11.5k | if (pem_name != NULL) |
406 | 495 | num = ossl_namemap_add_name(arg, num, pem_name); |
407 | 11.5k | } |
408 | | |
409 | | static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg) |
410 | 8.19k | { |
411 | 8.19k | const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type); |
412 | | |
413 | 8.19k | if (cipher != NULL) |
414 | 8.19k | get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg); |
415 | 8.19k | } |
416 | | |
417 | | static void get_legacy_md_names(const OBJ_NAME *on, void *arg) |
418 | 2.65k | { |
419 | 2.65k | const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type); |
420 | | |
421 | 2.65k | if (md != NULL) |
422 | 2.65k | get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg); |
423 | 2.65k | } |
424 | | |
425 | | static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth, |
426 | | void *arg) |
427 | 699 | { |
428 | 699 | int nid = 0, base_nid = 0, flags = 0; |
429 | 699 | const char *pem_name = NULL; |
430 | | |
431 | 699 | EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth); |
432 | 699 | if (nid != NID_undef) { |
433 | 699 | if ((flags & ASN1_PKEY_ALIAS) == 0) { |
434 | 450 | switch (nid) { |
435 | 45 | case EVP_PKEY_DHX: |
436 | | /* We know that the name "DHX" is used too */ |
437 | 45 | get_legacy_evp_names(0, nid, "DHX", arg); |
438 | | /* FALLTHRU */ |
439 | 450 | default: |
440 | 450 | get_legacy_evp_names(0, nid, pem_name, arg); |
441 | 450 | } |
442 | 450 | } else { |
443 | | /* |
444 | | * Treat aliases carefully, some of them are undesirable, or |
445 | | * should not be treated as such for providers. |
446 | | */ |
447 | | |
448 | 249 | switch (nid) { |
449 | 45 | case EVP_PKEY_SM2: |
450 | | /* |
451 | | * SM2 is a separate keytype with providers, not an alias for |
452 | | * EC. |
453 | | */ |
454 | 45 | get_legacy_evp_names(0, nid, pem_name, arg); |
455 | 45 | break; |
456 | 204 | default: |
457 | | /* Use the short name of the base nid as the common reference */ |
458 | 204 | get_legacy_evp_names(base_nid, nid, pem_name, arg); |
459 | 249 | } |
460 | 249 | } |
461 | 699 | } |
462 | 699 | } |
463 | | #endif |
464 | | |
465 | | /*- |
466 | | * Constructors / destructors |
467 | | * ========================== |
468 | | */ |
469 | | |
470 | | OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx) |
471 | 285M | { |
472 | 285M | #ifndef FIPS_MODULE |
473 | 285M | int nms; |
474 | 285M | #endif |
475 | 285M | OSSL_NAMEMAP *namemap = |
476 | 285M | ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX); |
477 | | |
478 | 285M | if (namemap == NULL) |
479 | 0 | return NULL; |
480 | | |
481 | 285M | #ifndef FIPS_MODULE |
482 | 285M | nms = ossl_namemap_empty(namemap); |
483 | 285M | if (nms < 0) { |
484 | | /* |
485 | | * Could not get lock to make the count, so maybe internal objects |
486 | | * weren't added. This seems safest. |
487 | | */ |
488 | 0 | return NULL; |
489 | 0 | } |
490 | 285M | if (nms == 1) { |
491 | 45 | int i, end; |
492 | | |
493 | | /* Before pilfering, we make sure the legacy database is populated */ |
494 | 45 | OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
495 | 45 | | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); |
496 | | |
497 | 45 | OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, |
498 | 45 | get_legacy_cipher_names, namemap); |
499 | 45 | OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, |
500 | 45 | get_legacy_md_names, namemap); |
501 | | |
502 | | /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */ |
503 | 744 | for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++) |
504 | 699 | get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap); |
505 | 45 | } |
506 | 285M | #endif |
507 | | |
508 | 285M | return namemap; |
509 | 285M | } |
510 | | |
511 | | OSSL_NAMEMAP *ossl_namemap_new(void) |
512 | 77 | { |
513 | 77 | OSSL_NAMEMAP *namemap; |
514 | | |
515 | 77 | if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL |
516 | 77 | && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL |
517 | 77 | && (namemap->namenum = |
518 | 77 | lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL) |
519 | 77 | return namemap; |
520 | | |
521 | 0 | ossl_namemap_free(namemap); |
522 | 0 | return NULL; |
523 | 77 | } |
524 | | |
525 | | void ossl_namemap_free(OSSL_NAMEMAP *namemap) |
526 | 106 | { |
527 | 106 | if (namemap == NULL || namemap->stored) |
528 | 0 | return; |
529 | | |
530 | 106 | lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free); |
531 | 106 | lh_NAMENUM_ENTRY_free(namemap->namenum); |
532 | | |
533 | 106 | CRYPTO_THREAD_lock_free(namemap->lock); |
534 | 106 | OPENSSL_free(namemap); |
535 | 106 | } |