/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "internal/core.h"
#include "internal/provider.h"
#include "internal/namemap.h"
+#include "internal/property.h"
#include "crypto/evp.h" /* evp_local.h needs it */
#include "evp_local.h"
ossl_method_store_free(vstore);
}
-static void *evp_method_store_new(OPENSSL_CTX *ctx)
+static void *evp_method_store_new(OSSL_LIB_CTX *ctx)
{
return ossl_method_store_new(ctx);
}
-static const OPENSSL_CTX_METHOD evp_method_store_method = {
+static const OSSL_LIB_CTX_METHOD evp_method_store_method = {
evp_method_store_new,
evp_method_store_free,
};
/* Data to be passed through ossl_method_construct() */
struct evp_method_data_st {
- OPENSSL_CTX *libctx;
+ OSSL_LIB_CTX *libctx;
OSSL_METHOD_CONSTRUCT_METHOD *mcm;
int operation_id; /* For get_evp_method_from_store() */
int name_id; /* For get_evp_method_from_store() */
const char *names; /* For get_evp_method_from_store() */
const char *propquery; /* For get_evp_method_from_store() */
+
+ unsigned int flag_construct_error_occured : 1;
+
void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *,
OSSL_PROVIDER *);
int (*refcnt_up_method)(void *method);
void (*destruct_method)(void *method);
};
-static int add_names_to_namemap(OSSL_NAMEMAP *namemap,
- const char *names)
-{
- const char *p, *q;
- size_t l;
- int id = 0;
-
- /* Check that we have a namemap and that there is at least one name */
- if (namemap == NULL) {
- ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
- return 0;
- }
-
- /*
- * Check that no name is an empty string, and that all names have at
- * most one numeric identity together.
- */
- for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
- int this_id;
-
- if ((q = strchr(p, NAME_SEPARATOR)) == NULL)
- l = strlen(p); /* offset to \0 */
- else
- l = q - p; /* offset to the next separator */
-
- this_id = ossl_namemap_name2num_n(namemap, p, l);
-
- if (*p == '\0' || *p == NAME_SEPARATOR) {
- ERR_raise(ERR_LIB_EVP, EVP_R_BAD_ALGORITHM_NAME);
- return 0;
- }
- if (id == 0)
- id = this_id;
- else if (this_id != 0 && this_id != id) {
- ERR_raise_data(ERR_LIB_EVP, EVP_R_CONFLICTING_ALGORITHM_NAME,
- "\"%.*s\" has an existing different identity %d (from \"%s\")",
- l, p, this_id, names);
- return 0;
- }
- }
-
- /* Now that we have checked, register all names */
- for (p = names; *p != '\0'; p = (q == NULL ? p + l : q + 1)) {
- int this_id;
-
- if ((q = strchr(p, NAME_SEPARATOR)) == NULL)
- l = strlen(p); /* offset to \0 */
- else
- l = q - p; /* offset to the next separator */
-
- this_id = ossl_namemap_add_n(namemap, id, p, l);
- if (id == 0)
- id = this_id;
- else if (this_id != id) {
- ERR_raise_data(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR,
- "Got id %d when expecting %d", this_id, id);
- return 0;
- }
- }
-
- return id;
-}
-
/*
* Generic routines to fetch / create EVP methods with ossl_method_construct()
*/
-static void *alloc_tmp_evp_method_store(OPENSSL_CTX *ctx)
+static void *alloc_tmp_evp_method_store(OSSL_LIB_CTX *ctx)
{
return ossl_method_store_new(ctx);
}
ossl_method_store_free(store);
}
-static OSSL_METHOD_STORE *get_evp_method_store(OPENSSL_CTX *libctx)
+static OSSL_METHOD_STORE *get_evp_method_store(OSSL_LIB_CTX *libctx)
{
- return openssl_ctx_get_data(libctx, OPENSSL_CTX_EVP_METHOD_STORE_INDEX,
- &evp_method_store_method);
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX,
+ &evp_method_store_method);
}
/*
- * To identity the method in the EVP method store, we mix the name identity
- * with the operation identity, with the assumption that we don't have more
+ * To identify the method in the EVP method store, we mix the name identity
+ * with the operation identity, under the assumption that we don't have more
* than 2^24 names or more than 2^8 operation types.
*
* The resulting identity is a 32-bit integer, composed like this:
* | name identity | op id |
* +------------------------+--------+
*/
-static uint32_t evp_method_id(unsigned int operation_id, int name_id)
+static uint32_t evp_method_id(int name_id, unsigned int operation_id)
{
- if (!ossl_assert(name_id < (1 << 24) || operation_id < (1 << 8))
- || !ossl_assert(name_id > 0 && operation_id > 0))
+ if (!ossl_assert(name_id > 0 && name_id < (1 << 24))
+ || !ossl_assert(operation_id > 0 && operation_id < (1 << 8)))
return 0;
return ((name_id << 8) & 0xFFFFFF00) | (operation_id & 0x000000FF);
}
-static void *get_evp_method_from_store(OPENSSL_CTX *libctx, void *store,
+static void *get_evp_method_from_store(OSSL_LIB_CTX *libctx, void *store,
void *data)
{
struct evp_method_data_st *methdata = data;
}
if (name_id == 0
- || (meth_id = evp_method_id(methdata->operation_id, name_id)) == 0)
+ || (meth_id = evp_method_id(name_id, methdata->operation_id)) == 0)
return NULL;
if (store == NULL
return method;
}
-static int put_evp_method_in_store(OPENSSL_CTX *libctx, void *store,
+static int put_evp_method_in_store(OSSL_LIB_CTX *libctx, void *store,
void *method, const OSSL_PROVIDER *prov,
int operation_id, const char *names,
const char *propdef, void *data)
if ((namemap = ossl_namemap_stored(libctx)) == NULL
|| (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0
- || (meth_id = evp_method_id(operation_id, name_id)) == 0)
+ || (meth_id = evp_method_id(name_id, operation_id)) == 0)
return 0;
if (store == NULL
* The core fetching functionality passes the name of the implementation.
* This function is responsible to getting an identity number for it.
*/
-static void *construct_evp_method(const char *names, const OSSL_DISPATCH *fns,
+static void *construct_evp_method(const OSSL_ALGORITHM *algodef,
OSSL_PROVIDER *prov, void *data)
{
/*
* This function is only called if get_evp_method_from_store() returned
* NULL, so it's safe to say that of all the spots to create a new
* namemap entry, this is it. Should the name already exist there, we
- * know that ossl_namemap_add() will return its corresponding number.
+ * know that ossl_namemap_add_name() will return its corresponding
+ * number.
*/
struct evp_method_data_st *methdata = data;
- OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
+ OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
- int name_id = add_names_to_namemap(namemap, names);
+ const char *names = algodef->algorithm_names;
+ int name_id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR);
+ void *method;
if (name_id == 0)
return NULL;
- return methdata->method_from_dispatch(name_id, fns, prov);
+
+ method = methdata->method_from_dispatch(name_id, algodef->implementation,
+ prov);
+
+ /*
+ * Flag to indicate that there was actual construction errors. This
+ * helps inner_evp_generic_fetch() determine what error it should
+ * record on inaccessible algorithms.
+ */
+ if (method == NULL)
+ methdata->flag_construct_error_occured = 1;
+
+ return method;
}
static void destruct_evp_method(void *method, void *data)
}
static void *
-inner_evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id,
+inner_evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id,
int name_id, const char *name,
const char *properties,
void *(*new_method)(int name_id,
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
uint32_t meth_id = 0;
void *method = NULL;
+ int unsupported = 0;
- if (store == NULL || namemap == NULL)
+ if (store == NULL || namemap == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT);
return NULL;
+ }
/*
* If there's ever an operation_id == 0 passed, we have an internal
* programming error.
*/
- if (!ossl_assert(operation_id > 0))
+ if (!ossl_assert(operation_id > 0)) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
return NULL;
+ }
/*
* If we have been passed neither a name_id or a name, we have an
* internal programming error.
*/
- if (!ossl_assert(name_id != 0 || name != NULL))
+ if (!ossl_assert(name_id != 0 || name != NULL)) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
return NULL;
+ }
/* If we haven't received a name id yet, try to get one for the name */
if (name_id == 0)
* evp_method_id returns 0 if we have too many operations (more than
* about 2^8) or too many names (more than about 2^24). In that case,
* we can't create any new method.
+ * For all intents and purposes, this is an internal error.
*/
- if (name_id != 0 && (meth_id = evp_method_id(operation_id, name_id)) == 0)
+ if (name_id != 0 && (meth_id = evp_method_id(name_id, operation_id)) == 0) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
return NULL;
+ }
+
+ /*
+ * If we haven't found the name yet, chances are that the algorithm to
+ * be fetched is unsupported.
+ */
+ if (name_id == 0)
+ unsupported = 1;
if (meth_id == 0
|| !ossl_method_store_cache_get(store, meth_id, properties, &method)) {
mcmdata.method_from_dispatch = new_method;
mcmdata.refcnt_up_method = up_ref_method;
mcmdata.destruct_method = free_method;
+ mcmdata.flag_construct_error_occured = 0;
if ((method = ossl_method_construct(libctx, operation_id,
0 /* !force_cache */,
&mcm, &mcmdata)) != NULL) {
*/
if (name_id == 0)
name_id = ossl_namemap_name2num(namemap, name);
- meth_id = evp_method_id(operation_id, name_id);
+ meth_id = evp_method_id(name_id, operation_id);
ossl_method_store_cache_set(store, meth_id, properties, method,
up_ref_method, free_method);
}
+
+ /*
+ * If we never were in the constructor, the algorithm to be fetched
+ * is unsupported.
+ */
+ unsupported = !mcmdata.flag_construct_error_occured;
+ }
+
+ if (method == NULL) {
+ int code = unsupported ? ERR_R_UNSUPPORTED : ERR_R_FETCH_FAILED;
+
+ if (name == NULL)
+ name = ossl_namemap_num2name(namemap, name_id, 0);
+ ERR_raise_data(ERR_LIB_EVP, code,
+ "%s, Algorithm (%s : %d), Properties (%s)",
+ ossl_lib_ctx_get_descriptor(libctx),
+ name = NULL ? "<null>" : name, name_id,
+ properties == NULL ? "<null>" : properties);
}
return method;
}
-void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id,
+void *evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id,
const char *name, const char *properties,
void *(*new_method)(int name_id,
const OSSL_DISPATCH *fns,
* This is meant to be used when one method needs to fetch an associated
* other method.
*/
-void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id,
+void *evp_generic_fetch_by_number(OSSL_LIB_CTX *libctx, int operation_id,
int name_id, const char *properties,
void *(*new_method)(int name_id,
const OSSL_DISPATCH *fns,
void (*free_method)(void *))
{
return inner_evp_generic_fetch(libctx,
- operation_id, name_id, NULL, properties,
- new_method, up_ref_method, free_method);
+ operation_id, name_id, NULL,
+ properties, new_method, up_ref_method,
+ free_method);
}
-int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq)
+void evp_method_store_flush(OSSL_LIB_CTX *libctx)
{
OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
if (store != NULL)
- return ossl_method_store_set_global_properties(store, propq);
- EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR);
+ ossl_method_store_flush_cache(store, 1);
+}
+
+static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx,
+ OSSL_PROPERTY_LIST *def_prop,
+ int loadconfig)
+{
+ OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
+ OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig);
+
+ if (plp != NULL) {
+ ossl_property_free(*plp);
+ *plp = def_prop;
+ if (store != NULL)
+ ossl_method_store_flush_cache(store, 0);
+ return 1;
+ }
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
return 0;
}
+int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
+ int loadconfig)
+{
+ OSSL_PROPERTY_LIST *pl = NULL;
+
+ if (propq != NULL && (pl = ossl_parse_query(libctx, propq)) == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_DEFAULT_QUERY_PARSE_ERROR);
+ return 0;
+ }
+ return evp_set_parsed_default_properties(libctx, pl, loadconfig);
+}
+
+int EVP_set_default_properties(OSSL_LIB_CTX *libctx, const char *propq)
+{
+ return evp_set_default_properties_int(libctx, propq, 1);
+}
+
+static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq)
+{
+ OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1);
+ OSSL_PROPERTY_LIST *pl1, *pl2;
+
+ if (propq == NULL)
+ return 1;
+ if (plp == NULL || *plp == NULL)
+ return EVP_set_default_properties(libctx, propq);
+ if ((pl1 = ossl_parse_query(libctx, propq)) == NULL) {
+ ERR_raise(ERR_LIB_EVP, EVP_R_DEFAULT_QUERY_PARSE_ERROR);
+ return 0;
+ }
+ pl2 = ossl_property_merge(pl1, *plp);
+ ossl_property_free(pl1);
+ if (pl2 == NULL) {
+ ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return evp_set_parsed_default_properties(libctx, pl2, 0);
+}
+
+static int evp_default_property_is_enabled(OSSL_LIB_CTX *libctx,
+ const char *prop_name)
+{
+ OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1);
+
+ return plp != NULL && ossl_property_is_enabled(libctx, prop_name, *plp);
+}
+
+int EVP_default_properties_is_fips_enabled(OSSL_LIB_CTX *libctx)
+{
+ return evp_default_property_is_enabled(libctx, "fips");
+}
+
+int EVP_default_properties_enable_fips(OSSL_LIB_CTX *libctx, int enable)
+{
+ const char *query = (enable != 0) ? "fips=yes" : "-fips";
+
+ return evp_default_properties_merge(libctx, query);
+}
+
+
struct do_all_data_st {
void (*user_fn)(void *method, void *arg);
void *user_arg;
int no_store, void *vdata)
{
struct do_all_data_st *data = vdata;
- OPENSSL_CTX *libctx = ossl_provider_library_context(provider);
+ OSSL_LIB_CTX *libctx = ossl_provider_libctx(provider);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
- int name_id = add_names_to_namemap(namemap, algo->algorithm_names);
+ int name_id = ossl_namemap_add_names(namemap, 0, algo->algorithm_names,
+ NAME_SEPARATOR);
void *method = NULL;
if (name_id != 0)
}
}
-void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id,
+void evp_generic_do_all(OSSL_LIB_CTX *libctx, int operation_id,
void (*user_fn)(void *method, void *arg),
void *user_arg,
void *(*new_method)(int name_id,
data.free_method = free_method;
data.user_fn = user_fn;
data.user_arg = user_arg;
- ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data);
+
+ /*
+ * No pre- or post-condition for this call, as this only creates methods
+ * temporarly and then promptly destroys them.
+ */
+ ossl_algorithm_do_all(libctx, operation_id, NULL, NULL, do_one, NULL,
+ &data);
}
-const char *evp_first_name(OSSL_PROVIDER *prov, int name_id)
+const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id)
{
- OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
+ OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
return ossl_namemap_num2name(namemap, name_id, 0);
}
-int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name)
+int evp_is_a(OSSL_PROVIDER *prov, int number,
+ const char *legacy_name, const char *name)
{
- OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
+ /*
+ * For a |prov| that is NULL, the library context will be NULL
+ */
+ OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+ if (prov == NULL)
+ number = ossl_namemap_name2num(namemap, legacy_name);
return ossl_namemap_name2num(namemap, name) == number;
}
void (*fn)(const char *name, void *data),
void *data)
{
- OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
+ OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
ossl_namemap_doall_names(namemap, number, fn, data);