/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
void (*destruct_method)(void *method);
};
-#ifndef FIPS_MODE
-/* Creates an initial namemap with names found in the legacy method db */
-static void get_legacy_evp_names(const char *main_name, const char *alias,
- void *arg)
-{
- int main_id = ossl_namemap_add_name(arg, 0, main_name);
-
- /*
- * We could check that the returned value is the same as main_id,
- * but since this is a void function, there's no sane way to report
- * the error. The best we can do is trust ourselve to keep the legacy
- * method database conflict free.
- *
- * This registers any alias with the same number as the main name.
- * Should it be that the current |on| *has* the main name, this is
- * simply a no-op.
- */
- if (alias != NULL)
- (void)ossl_namemap_add_name(arg, main_id, alias);
-}
-
-static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
-{
- const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
-
- get_legacy_evp_names(EVP_CIPHER_name(cipher), on->name, arg);
-}
-
-static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
-{
- const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
- /* We don't want the pkey_type names, so we need some extra care */
- int snid, lnid;
-
- snid = OBJ_sn2nid(on->name);
- lnid = OBJ_ln2nid(on->name);
- if (snid != EVP_MD_pkey_type(md) && lnid != EVP_MD_pkey_type(md))
- get_legacy_evp_names(EVP_MD_name(md), on->name, arg);
- else
- get_legacy_evp_names(EVP_MD_name(md), NULL, arg);
-}
-#endif
-
-static OSSL_NAMEMAP *get_prepopulated_namemap(OPENSSL_CTX *libctx)
-{
- OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
-
-#ifndef FIPS_MODE
- if (namemap != NULL && ossl_namemap_empty(namemap)) {
- /* Before pilfering, we make sure the legacy database is populated */
- OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
- |OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
-
- OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
- get_legacy_cipher_names, namemap);
- OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
- get_legacy_md_names, namemap);
- }
-#endif
-
- return namemap;
-}
-
/*
* Generic routines to fetch / create EVP methods with ossl_method_construct()
*/
}
/*
- * To identity the method in the EVP method store, we mix the name identity
- * with the operation identity, with the assumption that we don't have more
+ * To identify the method in the EVP method store, we mix the name identity
+ * with the operation identity, under the assumption that we don't have more
* than 2^24 names or more than 2^8 operation types.
*
* The resulting identity is a 32-bit integer, composed like this:
* | name identity | op id |
* +------------------------+--------+
*/
-static uint32_t evp_method_id(unsigned int operation_id, int name_id)
+static uint32_t evp_method_id(int name_id, unsigned int operation_id)
{
- if (!ossl_assert(name_id < (1 << 24) || operation_id < (1 << 8))
- || !ossl_assert(name_id > 0 && operation_id > 0))
+ if (!ossl_assert(name_id > 0 && name_id < (1 << 24))
+ || !ossl_assert(operation_id > 0 && operation_id < (1 << 8)))
return 0;
return ((name_id << 8) & 0xFFFFFF00) | (operation_id & 0x000000FF);
}
}
if (name_id == 0
- || (meth_id = evp_method_id(methdata->operation_id, name_id)) == 0)
+ || (meth_id = evp_method_id(name_id, methdata->operation_id)) == 0)
return NULL;
if (store == NULL
if ((namemap = ossl_namemap_stored(libctx)) == NULL
|| (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0
- || (meth_id = evp_method_id(operation_id, name_id)) == 0)
+ || (meth_id = evp_method_id(name_id, operation_id)) == 0)
return 0;
if (store == NULL
void (*free_method)(void *))
{
OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
- OSSL_NAMEMAP *namemap = get_prepopulated_namemap(libctx);
+ OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
uint32_t meth_id = 0;
void *method = NULL;
* about 2^8) or too many names (more than about 2^24). In that case,
* we can't create any new method.
*/
- if (name_id != 0 && (meth_id = evp_method_id(operation_id, name_id)) == 0)
+ if (name_id != 0 && (meth_id = evp_method_id(name_id, operation_id)) == 0)
return NULL;
if (meth_id == 0
*/
if (name_id == 0)
name_id = ossl_namemap_name2num(namemap, name);
- meth_id = evp_method_id(operation_id, name_id);
+ meth_id = evp_method_id(name_id, operation_id);
ossl_method_store_cache_set(store, meth_id, properties, method,
up_ref_method, free_method);
}
int (*up_ref_method)(void *),
void (*free_method)(void *))
{
- return inner_evp_generic_fetch(libctx,
- operation_id, 0, name, properties,
- new_method, up_ref_method, free_method);
+ void *ret = inner_evp_generic_fetch(libctx,
+ operation_id, 0, name, properties,
+ new_method, up_ref_method, free_method);
+
+ if (ret == NULL) {
+ int code = EVP_R_FETCH_FAILED;
+
+#ifdef FIPS_MODULE
+ ERR_raise(ERR_LIB_EVP, code);
+#else
+ ERR_raise_data(ERR_LIB_EVP, code,
+ "%s, Algorithm (%s), Properties (%s)",
+ (openssl_ctx_is_default(libctx)
+ ? "Default library context"
+ : "Non-default library context"),
+ name = NULL ? "<null>" : name,
+ properties == NULL ? "<null>" : properties);
+#endif
+ }
+ return ret;
}
/*
int (*up_ref_method)(void *),
void (*free_method)(void *))
{
- return inner_evp_generic_fetch(libctx,
- operation_id, name_id, NULL, properties,
- new_method, up_ref_method, free_method);
+ void *ret = inner_evp_generic_fetch(libctx,
+ operation_id, name_id, NULL,
+ properties, new_method, up_ref_method,
+ free_method);
+
+ if (ret == NULL) {
+ int code = EVP_R_FETCH_FAILED;
+
+#ifdef FIPS_MODULE
+ ERR_raise(ERR_LIB_EVP, code);
+#else
+ {
+ OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+ const char *name = (namemap == NULL)
+ ? NULL
+ : ossl_namemap_num2name(namemap, name_id, 0);
+
+ ERR_raise_data(ERR_LIB_EVP, code,
+ "%s, Algorithm (%s), Properties (%s)",
+ (openssl_ctx_is_default(libctx)
+ ? "Default library context"
+ : "Non-default library context"),
+ name = NULL ? "<null>" : name,
+ properties == NULL ? "<null>" : properties);
+ }
+#endif
+ }
+ return ret;
}
-int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq)
+static int evp_set_default_properties(OPENSSL_CTX *libctx,
+ OSSL_PROPERTY_LIST *def_prop)
{
OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
-
- if (store != NULL)
- return ossl_method_store_set_global_properties(store, propq);
- EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR);
+ OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx);
+
+ if (plp != NULL) {
+ ossl_property_free(*plp);
+ *plp = def_prop;
+ if (store != NULL)
+ ossl_method_store_flush_cache(store);
+ return 1;
+ }
+ EVPerr(0, ERR_R_INTERNAL_ERROR);
return 0;
}
+int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq)
+{
+ OSSL_PROPERTY_LIST *pl = NULL;
+
+ if (propq != NULL && (pl = ossl_parse_query(libctx, propq)) == NULL) {
+ EVPerr(0, EVP_R_DEFAULT_QUERY_PARSE_ERROR);
+ return 0;
+ }
+ return evp_set_default_properties(libctx, pl);
+}
+
+
+static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq)
+{
+ OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx);
+ OSSL_PROPERTY_LIST *pl1, *pl2;
+
+ if (propq == NULL)
+ return 1;
+ if (plp == NULL || *plp == NULL)
+ return EVP_set_default_properties(libctx, propq);
+ if ((pl1 = ossl_parse_query(libctx, propq)) == NULL) {
+ EVPerr(0, EVP_R_DEFAULT_QUERY_PARSE_ERROR);
+ return 0;
+ }
+ pl2 = ossl_property_merge(pl1, *plp);
+ ossl_property_free(pl1);
+ if (pl2 == NULL) {
+ EVPerr(0, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+ return evp_set_default_properties(libctx, pl2);
+}
+
+static int evp_default_property_is_enabled(OPENSSL_CTX *libctx,
+ const char *prop_name)
+{
+ OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx);
+
+ return plp != NULL && ossl_property_is_enabled(libctx, prop_name, *plp);
+}
+
+int EVP_default_properties_is_fips_enabled(OPENSSL_CTX *libctx)
+{
+ return evp_default_property_is_enabled(libctx, "fips");
+}
+
+int EVP_default_properties_enable_fips(OPENSSL_CTX *libctx, int enable)
+{
+ const char *query = (enable != 0) ? "fips=yes" : "-fips";
+
+ return evp_default_properties_merge(libctx, query);
+}
+
+
struct do_all_data_st {
void (*user_fn)(void *method, void *arg);
void *user_arg;
data.free_method = free_method;
data.user_fn = user_fn;
data.user_arg = user_arg;
- ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data);
+
+ /*
+ * No pre- or post-condition for this call, as this only creates methods
+ * temporarly and then promptly destroys them.
+ */
+ ossl_algorithm_do_all(libctx, operation_id, NULL, NULL, do_one, NULL,
+ &data);
}
-const char *evp_first_name(OSSL_PROVIDER *prov, int name_id)
+const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id)
{
OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
return ossl_namemap_num2name(namemap, name_id, 0);
}
-int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name)
+int evp_is_a(OSSL_PROVIDER *prov, int number,
+ const char *legacy_name, const char *name)
{
+ /*
+ * For a |prov| that is NULL, the library context will be NULL
+ */
OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
+ if (prov == NULL)
+ number = ossl_namemap_name2num(namemap, legacy_name);
return ossl_namemap_name2num(namemap, name) == number;
}
projects / openssl.git / blobdiff