2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 #include "e_os.h" /* strcasecmp */
11 #include "internal/namemap.h"
12 #include <openssl/lhash.h>
13 #include "crypto/lhash.h" /* ossl_lh_strcasehash */
14 #include "internal/tsan_assist.h"
15 #include "internal/sizes.h"
26 DEFINE_LHASH_OF(NAMENUM_ENTRY);
33 struct ossl_namemap_st {
35 unsigned int stored:1; /* If 1, it's stored in a library context */
38 LHASH_OF(NAMENUM_ENTRY) *namenum; /* Name->number mapping */
41 TSAN_QUALIFIER int max_number; /* Current max number TSAN version */
43 int max_number; /* Current max number plain version */
49 static unsigned long namenum_hash(const NAMENUM_ENTRY *n)
51 return ossl_lh_strcasehash(n->name);
54 static int namenum_cmp(const NAMENUM_ENTRY *a, const NAMENUM_ENTRY *b)
56 return strcasecmp(a->name, b->name);
59 static void namenum_free(NAMENUM_ENTRY *n)
62 OPENSSL_free(n->name);
66 /* OSSL_LIB_CTX_METHOD functions for a namemap stored in a library context */
68 static void *stored_namemap_new(OSSL_LIB_CTX *libctx)
70 OSSL_NAMEMAP *namemap = ossl_namemap_new();
78 static void stored_namemap_free(void *vnamemap)
80 OSSL_NAMEMAP *namemap = vnamemap;
82 if (namemap != NULL) {
83 /* Pretend it isn't stored, or ossl_namemap_free() will do nothing */
85 ossl_namemap_free(namemap);
89 static const OSSL_LIB_CTX_METHOD stored_namemap_method = {
90 OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY,
100 int ossl_namemap_empty(OSSL_NAMEMAP *namemap)
103 /* Have TSAN support */
104 return namemap == NULL || tsan_load(&namemap->max_number) == 0;
106 /* No TSAN support */
112 if (!CRYPTO_THREAD_read_lock(namemap->lock))
114 rv = namemap->max_number == 0;
115 CRYPTO_THREAD_unlock(namemap->lock);
120 typedef struct doall_names_data_st {
126 static void do_name(const NAMENUM_ENTRY *namenum, DOALL_NAMES_DATA *data)
128 if (namenum->number == data->number)
129 data->names[data->found++] = namenum->name;
132 IMPLEMENT_LHASH_DOALL_ARG_CONST(NAMENUM_ENTRY, DOALL_NAMES_DATA);
135 * Call the callback for all names in the namemap with the given number.
136 * A return value 1 means that the callback was called for all names. A
137 * return value of 0 means that the callback was not called for any names.
139 int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number,
140 void (*fn)(const char *name, void *data),
143 DOALL_NAMES_DATA cbdata;
147 cbdata.number = number;
151 * We collect all the names first under a read lock. Subsequently we call
152 * the user function, so that we're not holding the read lock when in user
153 * code. This could lead to deadlocks.
155 if (!CRYPTO_THREAD_read_lock(namemap->lock))
158 num_names = lh_NAMENUM_ENTRY_num_items(namemap->namenum);
159 if (num_names == 0) {
160 CRYPTO_THREAD_unlock(namemap->lock);
163 cbdata.names = OPENSSL_malloc(sizeof(*cbdata.names) * num_names);
164 if (cbdata.names == NULL) {
165 CRYPTO_THREAD_unlock(namemap->lock);
168 lh_NAMENUM_ENTRY_doall_DOALL_NAMES_DATA(namemap->namenum, do_name,
170 CRYPTO_THREAD_unlock(namemap->lock);
172 for (i = 0; i < cbdata.found; i++)
173 fn(cbdata.names[i], data);
175 OPENSSL_free(cbdata.names);
179 static int namemap_name2num_n(const OSSL_NAMEMAP *namemap,
180 const char *name, size_t name_len)
182 NAMENUM_ENTRY *namenum_entry, namenum_tmpl;
184 if ((namenum_tmpl.name = OPENSSL_strndup(name, name_len)) == NULL)
186 namenum_tmpl.number = 0;
188 lh_NAMENUM_ENTRY_retrieve(namemap->namenum, &namenum_tmpl);
189 OPENSSL_free(namenum_tmpl.name);
190 return namenum_entry != NULL ? namenum_entry->number : 0;
193 int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap,
194 const char *name, size_t name_len)
200 namemap = ossl_namemap_stored(NULL);
206 if (!CRYPTO_THREAD_read_lock(namemap->lock))
208 number = namemap_name2num_n(namemap, name, name_len);
209 CRYPTO_THREAD_unlock(namemap->lock);
214 int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name)
219 return ossl_namemap_name2num_n(namemap, name, strlen(name));
222 struct num2name_data_st {
223 size_t idx; /* Countdown */
224 const char *name; /* Result */
227 static void do_num2name(const char *name, void *vdata)
229 struct num2name_data_st *data = vdata;
233 else if (data->name == NULL)
237 const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number,
240 struct num2name_data_st data;
244 if (!ossl_namemap_doall_names(namemap, number, do_num2name, &data))
249 static int namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
250 const char *name, size_t name_len)
252 NAMENUM_ENTRY *namenum = NULL;
255 /* If it already exists, we don't add it */
256 if ((tmp_number = namemap_name2num_n(namemap, name, name_len)) != 0)
259 if ((namenum = OPENSSL_zalloc(sizeof(*namenum))) == NULL
260 || (namenum->name = OPENSSL_strndup(name, name_len)) == NULL)
264 number != 0 ? number : 1 + tsan_counter(&namemap->max_number);
265 (void)lh_NAMENUM_ENTRY_insert(namemap->namenum, namenum);
267 if (lh_NAMENUM_ENTRY_error(namemap->namenum))
269 return namenum->number;
272 namenum_free(namenum);
276 int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number,
277 const char *name, size_t name_len)
283 namemap = ossl_namemap_stored(NULL);
286 if (name == NULL || name_len == 0 || namemap == NULL)
289 if (!CRYPTO_THREAD_write_lock(namemap->lock))
291 tmp_number = namemap_add_name_n(namemap, number, name, name_len);
292 CRYPTO_THREAD_unlock(namemap->lock);
296 int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name)
301 return ossl_namemap_add_name_n(namemap, number, name, strlen(name));
304 int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number,
305 const char *names, const char separator)
310 /* Check that we have a namemap */
311 if (!ossl_assert(namemap != NULL)) {
312 ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
316 if (!CRYPTO_THREAD_write_lock(namemap->lock))
319 * Check that no name is an empty string, and that all names have at
320 * most one numeric identity together.
322 for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
325 if ((q = strchr(p, separator)) == NULL)
326 l = strlen(p); /* offset to \0 */
328 l = q - p; /* offset to the next separator */
330 this_number = namemap_name2num_n(namemap, p, l);
332 if (*p == '\0' || *p == separator) {
333 ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_BAD_ALGORITHM_NAME);
337 number = this_number;
338 } else if (this_number != 0 && this_number != number) {
339 ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_CONFLICTING_NAMES,
340 "\"%.*s\" has an existing different identity %d (from \"%s\")",
341 l, p, this_number, names);
346 /* Now that we have checked, register all names */
347 for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
350 if ((q = strchr(p, separator)) == NULL)
351 l = strlen(p); /* offset to \0 */
353 l = q - p; /* offset to the next separator */
355 this_number = namemap_add_name_n(namemap, number, p, l);
357 number = this_number;
358 } else if (this_number != number) {
359 ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR,
360 "Got number %d when expecting %d",
361 this_number, number);
366 CRYPTO_THREAD_unlock(namemap->lock);
370 CRYPTO_THREAD_unlock(namemap->lock);
380 #include <openssl/evp.h>
382 /* Creates an initial namemap with names found in the legacy method db */
383 static void get_legacy_evp_names(int base_nid, int nid, const char *pem_name,
389 if (base_nid != NID_undef) {
390 num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(base_nid));
391 num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(base_nid));
394 if (nid != NID_undef) {
395 num = ossl_namemap_add_name(arg, num, OBJ_nid2sn(nid));
396 num = ossl_namemap_add_name(arg, num, OBJ_nid2ln(nid));
397 if ((obj = OBJ_nid2obj(nid)) != NULL) {
398 char txtoid[OSSL_MAX_NAME_SIZE];
400 if (OBJ_obj2txt(txtoid, sizeof(txtoid), obj, 1))
401 num = ossl_namemap_add_name(arg, num, txtoid);
404 if (pem_name != NULL)
405 num = ossl_namemap_add_name(arg, num, pem_name);
408 static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
410 const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
412 get_legacy_evp_names(NID_undef, EVP_CIPHER_get_type(cipher), NULL, arg);
415 static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
417 const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
419 get_legacy_evp_names(0, EVP_MD_get_type(md), NULL, arg);
422 static void get_legacy_pkey_meth_names(const EVP_PKEY_ASN1_METHOD *ameth,
425 int nid = 0, base_nid = 0, flags = 0;
426 const char *pem_name = NULL;
428 EVP_PKEY_asn1_get0_info(&nid, &base_nid, &flags, NULL, &pem_name, ameth);
429 if (nid != NID_undef) {
430 if ((flags & ASN1_PKEY_ALIAS) == 0) {
433 /* We know that the name "DHX" is used too */
434 get_legacy_evp_names(0, nid, "DHX", arg);
437 get_legacy_evp_names(0, nid, pem_name, arg);
441 * Treat aliases carefully, some of them are undesirable, or
442 * should not be treated as such for providers.
448 * SM2 is a separate keytype with providers, not an alias for
451 get_legacy_evp_names(0, nid, pem_name, arg);
454 /* Use the short name of the base nid as the common reference */
455 get_legacy_evp_names(base_nid, nid, pem_name, arg);
463 * Constructors / destructors
464 * ==========================
467 OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx)
472 OSSL_NAMEMAP *namemap =
473 ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_NAMEMAP_INDEX,
474 &stored_namemap_method);
480 nms = ossl_namemap_empty(namemap);
483 * Could not get lock to make the count, so maybe internal objects
484 * weren't added. This seems safest.
491 /* Before pilfering, we make sure the legacy database is populated */
492 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
493 | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
495 OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
496 get_legacy_cipher_names, namemap);
497 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
498 get_legacy_md_names, namemap);
500 /* We also pilfer data from the legacy EVP_PKEY_ASN1_METHODs */
501 for (i = 0, end = EVP_PKEY_asn1_get_count(); i < end; i++)
502 get_legacy_pkey_meth_names(EVP_PKEY_asn1_get0(i), namemap);
509 OSSL_NAMEMAP *ossl_namemap_new(void)
511 OSSL_NAMEMAP *namemap;
513 if ((namemap = OPENSSL_zalloc(sizeof(*namemap))) != NULL
514 && (namemap->lock = CRYPTO_THREAD_lock_new()) != NULL
515 && (namemap->namenum =
516 lh_NAMENUM_ENTRY_new(namenum_hash, namenum_cmp)) != NULL)
519 ossl_namemap_free(namemap);
523 void ossl_namemap_free(OSSL_NAMEMAP *namemap)
525 if (namemap == NULL || namemap->stored)
528 lh_NAMENUM_ENTRY_doall(namemap->namenum, namenum_free);
529 lh_NAMENUM_ENTRY_free(namemap->namenum);
531 CRYPTO_THREAD_lock_free(namemap->lock);
532 OPENSSL_free(namemap);