X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fevp%2Fevp_fetch.c;h=596f5925350236ec5f3d0fc6d05ab0d659cd0560;hp=329129d1330ed4175f076c8ff15a39907e31cc9b;hb=5a29b6286f8ccafc2ed9a026b0e8d4bd6d0396e6;hpb=cb92964563a053d5d9c0810912fa6d3ff35c1e16 diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 329129d133..596f592535 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -1,5 +1,5 @@ /* - * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -8,57 +8,45 @@ */ #include -#include +#include #include #include #include "internal/cryptlib.h" #include "internal/thread_once.h" -#include "internal/asn1_int.h" #include "internal/property.h" #include "internal/core.h" -#include "internal/evp_int.h" /* evp_locl.h needs it */ -#include "evp_locl.h" +#include "internal/provider.h" +#include "internal/namemap.h" +#include "crypto/evp.h" /* evp_local.h needs it */ +#include "evp_local.h" -/* The OpenSSL library context index for the default method store */ -static int default_method_store_index = -1; +#define NAME_SEPARATOR ':' -static void default_method_store_free(void *vstore) +static void evp_method_store_free(void *vstore) { ossl_method_store_free(vstore); } -static void *default_method_store_new(void) +static void *evp_method_store_new(OPENSSL_CTX *ctx) { - return ossl_method_store_new(); + return ossl_method_store_new(ctx); } -static const OPENSSL_CTX_METHOD default_method_store_method = { - default_method_store_new, - default_method_store_free, +static const OPENSSL_CTX_METHOD evp_method_store_method = { + evp_method_store_new, + evp_method_store_free, }; -static int default_method_store_init(void) -{ - default_method_store_index = - openssl_ctx_new_index(&default_method_store_method); - - return default_method_store_index != -1; -} - -static CRYPTO_ONCE default_method_store_init_flag = CRYPTO_ONCE_STATIC_INIT; -DEFINE_RUN_ONCE_STATIC(do_default_method_store_init) -{ - return OPENSSL_init_crypto(0, NULL) - && default_method_store_init(); -} - /* Data to be passed through ossl_method_construct() */ -struct method_data_st { - const char *name; - int nid; +struct evp_method_data_st { + OPENSSL_CTX *libctx; OSSL_METHOD_CONSTRUCT_METHOD *mcm; - void *(*method_from_dispatch)(int nid, const OSSL_DISPATCH *, + int operation_id; /* For get_evp_method_from_store() */ + int name_id; /* For get_evp_method_from_store() */ + const char *names; /* For get_evp_method_from_store() */ + const char *propquery; /* For get_evp_method_from_store() */ + void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *, OSSL_PROVIDER *); int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); @@ -67,140 +55,432 @@ struct method_data_st { /* * Generic routines to fetch / create EVP methods with ossl_method_construct() */ -static void *alloc_tmp_method_store(void) +static void *alloc_tmp_evp_method_store(OPENSSL_CTX *ctx) { - return ossl_method_store_new(); + return ossl_method_store_new(ctx); } - static void dealloc_tmp_method_store(void *store) + static void dealloc_tmp_evp_method_store(void *store) { if (store != NULL) ossl_method_store_free(store); } -static OSSL_METHOD_STORE *get_default_method_store(OPENSSL_CTX *libctx) +static OSSL_METHOD_STORE *get_evp_method_store(OPENSSL_CTX *libctx) { - if (!RUN_ONCE(&default_method_store_init_flag, - do_default_method_store_init)) - return NULL; - return openssl_ctx_get_data(libctx, default_method_store_index); + return openssl_ctx_get_data(libctx, OPENSSL_CTX_EVP_METHOD_STORE_INDEX, + &evp_method_store_method); +} + +/* + * To identify the method in the EVP method store, we mix the name identity + * with the operation identity, under the assumption that we don't have more + * than 2^24 names or more than 2^8 operation types. + * + * The resulting identity is a 32-bit integer, composed like this: + * + * +---------24 bits--------+-8 bits-+ + * | name identity | op id | + * +------------------------+--------+ + */ +static uint32_t evp_method_id(int name_id, unsigned int operation_id) +{ + if (!ossl_assert(name_id > 0 && name_id < (1 << 24)) + || !ossl_assert(operation_id > 0 && operation_id < (1 << 8))) + return 0; + return ((name_id << 8) & 0xFFFFFF00) | (operation_id & 0x000000FF); } -static void *get_method_from_store(OPENSSL_CTX *libctx, void *store, - const char *propquery, void *data) +static void *get_evp_method_from_store(OPENSSL_CTX *libctx, void *store, + void *data) { - struct method_data_st *methdata = data; + struct evp_method_data_st *methdata = data; void *method = NULL; + int name_id; + uint32_t meth_id; + + /* + * get_evp_method_from_store() is only called to try and get the method + * that evp_generic_fetch() is asking for, and the operation id as well + * as the name or name id are passed via methdata. + */ + if ((name_id = methdata->name_id) == 0) { + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + const char *names = methdata->names; + const char *q = strchr(names, NAME_SEPARATOR); + size_t l = (q == NULL ? strlen(names) : (size_t)(q - names)); + + if (namemap == 0) + return NULL; + name_id = ossl_namemap_name2num_n(namemap, names, l); + } - if (store == NULL - && (store = get_default_method_store(libctx)) == NULL) + if (name_id == 0 + || (meth_id = evp_method_id(name_id, methdata->operation_id)) == 0) return NULL; - (void)ossl_method_store_fetch(store, methdata->nid, propquery, &method); + if (store == NULL + && (store = get_evp_method_store(libctx)) == NULL) + return NULL; - if (method != NULL - && !methdata->refcnt_up_method(method)) { - method = NULL; - } + if (!ossl_method_store_fetch(store, meth_id, methdata->propquery, + &method)) + return NULL; return method; } -static int put_method_in_store(OPENSSL_CTX *libctx, void *store, - const char *propdef, void *method, - void *data) +static int put_evp_method_in_store(OPENSSL_CTX *libctx, void *store, + void *method, const OSSL_PROVIDER *prov, + int operation_id, const char *names, + const char *propdef, void *data) { - struct method_data_st *methdata = data; + struct evp_method_data_st *methdata = data; + OSSL_NAMEMAP *namemap; + int name_id; + uint32_t meth_id; + size_t l = 0; + + /* + * put_evp_method_in_store() is only called with an EVP method that was + * successfully created by construct_method() below, which means that + * all the names should already be stored in the namemap with the same + * numeric identity, so just use the first to get that identity. + */ + if (names != NULL) { + const char *q = strchr(names, NAME_SEPARATOR); + + l = (q == NULL ? strlen(names) : (size_t)(q - names)); + } + + if ((namemap = ossl_namemap_stored(libctx)) == NULL + || (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0 + || (meth_id = evp_method_id(name_id, operation_id)) == 0) + return 0; if (store == NULL - && (store = get_default_method_store(libctx)) == NULL) + && (store = get_evp_method_store(libctx)) == NULL) return 0; - if (methdata->refcnt_up_method(method) - && ossl_method_store_add(store, methdata->nid, propdef, method, - methdata->destruct_method)) - return 1; - return 0; + return ossl_method_store_add(store, prov, meth_id, propdef, method, + methdata->refcnt_up_method, + methdata->destruct_method); } -static void *construct_method(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, - void *data) +/* + * The core fetching functionality passes the name of the implementation. + * This function is responsible to getting an identity number for it. + */ +static void *construct_evp_method(const OSSL_ALGORITHM *algodef, + OSSL_PROVIDER *prov, void *data) { - struct method_data_st *methdata = data; - void *method = NULL; - - if (methdata->nid == NID_undef) { - /* Create a new NID for that name on the fly */ - ASN1_OBJECT tmpobj; - - /* This is the same as OBJ_create() but without requiring a OID */ - tmpobj.nid = OBJ_new_nid(1); - tmpobj.sn = tmpobj.ln = methdata->name; - tmpobj.flags = ASN1_OBJECT_FLAG_DYNAMIC; - tmpobj.length = 0; - tmpobj.data = NULL; - - methdata->nid = OBJ_add_object(&tmpobj); - } - - if (methdata->nid == NID_undef) - return NULL; - - method = methdata->method_from_dispatch(methdata->nid, fns, prov); - if (method == NULL) + /* + * This function is only called if get_evp_method_from_store() returned + * NULL, so it's safe to say that of all the spots to create a new + * namemap entry, this is it. Should the name already exist there, we + * know that ossl_namemap_add_name() will return its corresponding + * number. + */ + struct evp_method_data_st *methdata = data; + OPENSSL_CTX *libctx = ossl_provider_library_context(prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + const char *names = algodef->algorithm_names; + int name_id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR); + + if (name_id == 0) return NULL; - return method; + return methdata->method_from_dispatch(name_id, algodef->implementation, + prov); } -static void destruct_method(void *method, void *data) +static void destruct_evp_method(void *method, void *data) { - struct method_data_st *methdata = data; + struct evp_method_data_st *methdata = data; methdata->destruct_method(method); } -void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, - const char *algorithm, const char *properties, - void *(*new_method)(int nid, const OSSL_DISPATCH *fns, +static void * +inner_evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, + int name_id, const char *name, + const char *properties, + void *(*new_method)(int name_id, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), - int (*upref_method)(void *), + int (*up_ref_method)(void *), void (*free_method)(void *)) { - int nid = OBJ_sn2nid(algorithm); + OSSL_METHOD_STORE *store = get_evp_method_store(libctx); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + uint32_t meth_id = 0; void *method = NULL; - if (nid == NID_undef - || !ossl_method_store_cache_get(NULL, nid, properties, &method)) { + if (store == NULL || namemap == NULL) + return NULL; + + /* + * If there's ever an operation_id == 0 passed, we have an internal + * programming error. + */ + if (!ossl_assert(operation_id > 0)) + return NULL; + + /* + * If we have been passed neither a name_id or a name, we have an + * internal programming error. + */ + if (!ossl_assert(name_id != 0 || name != NULL)) + return NULL; + + /* If we haven't received a name id yet, try to get one for the name */ + if (name_id == 0) + name_id = ossl_namemap_name2num(namemap, name); + + /* + * If we have a name id, calculate a method id with evp_method_id(). + * + * evp_method_id returns 0 if we have too many operations (more than + * about 2^8) or too many names (more than about 2^24). In that case, + * we can't create any new method. + */ + if (name_id != 0 && (meth_id = evp_method_id(name_id, operation_id)) == 0) + return NULL; + + if (meth_id == 0 + || !ossl_method_store_cache_get(store, meth_id, properties, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { - alloc_tmp_method_store, - dealloc_tmp_method_store, - get_method_from_store, - put_method_in_store, - construct_method, - destruct_method + alloc_tmp_evp_method_store, + dealloc_tmp_evp_method_store, + get_evp_method_from_store, + put_evp_method_in_store, + construct_evp_method, + destruct_evp_method }; - struct method_data_st mcmdata; + struct evp_method_data_st mcmdata; - mcmdata.nid = nid; mcmdata.mcm = &mcm; + mcmdata.libctx = libctx; + mcmdata.operation_id = operation_id; + mcmdata.name_id = name_id; + mcmdata.names = name; + mcmdata.propquery = properties; mcmdata.method_from_dispatch = new_method; + mcmdata.refcnt_up_method = up_ref_method; mcmdata.destruct_method = free_method; - mcmdata.refcnt_up_method = upref_method; - mcmdata.destruct_method = free_method; - method = ossl_method_construct(libctx, operation_id, algorithm, - properties, 0 /* !force_cache */, - &mcm, &mcmdata); - ossl_method_store_cache_set(NULL, nid, properties, method); + if ((method = ossl_method_construct(libctx, operation_id, + 0 /* !force_cache */, + &mcm, &mcmdata)) != NULL) { + /* + * If construction did create a method for us, we know that + * there is a correct name_id and meth_id, since those have + * already been calculated in get_evp_method_from_store() and + * put_evp_method_in_store() above. + */ + if (name_id == 0) + name_id = ossl_namemap_name2num(namemap, name); + meth_id = evp_method_id(name_id, operation_id); + ossl_method_store_cache_set(store, meth_id, properties, method, + up_ref_method, free_method); + } } return method; } +void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, + const char *name, const char *properties, + void *(*new_method)(int name_id, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)) +{ + void *ret = inner_evp_generic_fetch(libctx, + operation_id, 0, name, properties, + new_method, up_ref_method, free_method); + + if (ret == NULL) { + int code = EVP_R_FETCH_FAILED; + +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, code); +#else + ERR_raise_data(ERR_LIB_EVP, code, + "%s, Algorithm (%s), Properties (%s)", + (openssl_ctx_is_default(libctx) + ? "Default library context" + : "Non-default library context"), + name = NULL ? "" : name, + properties == NULL ? "" : properties); +#endif + } + return ret; +} + +/* + * evp_generic_fetch_by_number() is special, and only returns methods for + * already known names, i.e. it refuses to work if no name_id can be found + * (it's considered an internal programming error). + * This is meant to be used when one method needs to fetch an associated + * other method. + */ +void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id, + int name_id, const char *properties, + void *(*new_method)(int name_id, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov), + int (*up_ref_method)(void *), + void (*free_method)(void *)) +{ + void *ret = inner_evp_generic_fetch(libctx, + operation_id, name_id, NULL, + properties, new_method, up_ref_method, + free_method); + + if (ret == NULL) { + int code = EVP_R_FETCH_FAILED; + +#ifdef FIPS_MODULE + ERR_raise(ERR_LIB_EVP, code); +#else + { + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + const char *name = (namemap == NULL) + ? NULL + : ossl_namemap_num2name(namemap, name_id, 0); + + ERR_raise_data(ERR_LIB_EVP, code, + "%s, Algorithm (%s), Properties (%s)", + (openssl_ctx_is_default(libctx) + ? "Default library context" + : "Non-default library context"), + name = NULL ? "" : name, + properties == NULL ? "" : properties); + } +#endif + } + return ret; +} + int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) { - OSSL_METHOD_STORE *store = get_default_method_store(libctx); + OSSL_METHOD_STORE *store = get_evp_method_store(libctx); if (store != NULL) return ossl_method_store_set_global_properties(store, propq); - EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR); + EVPerr(0, ERR_R_INTERNAL_ERROR); + return 0; +} + + +static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) +{ + OSSL_METHOD_STORE *store = get_evp_method_store(libctx); + + if (store != NULL) + return ossl_method_store_merge_global_properties(store, propq); + EVPerr(0, ERR_R_INTERNAL_ERROR); return 0; } + +static int evp_default_property_is_enabled(OPENSSL_CTX *libctx, + const char *prop_name) +{ + OSSL_METHOD_STORE *store = get_evp_method_store(libctx); + + return ossl_method_store_global_property_is_enabled(store, prop_name); +} + +int EVP_default_properties_is_fips_enabled(OPENSSL_CTX *libctx) +{ + return evp_default_property_is_enabled(libctx, "fips"); +} + +int EVP_default_properties_enable_fips(OPENSSL_CTX *libctx, int enable) +{ + const char *query = (enable != 0) ? "fips=yes" : "-fips"; + + return evp_default_properties_merge(libctx, query); +} + + +struct do_all_data_st { + void (*user_fn)(void *method, void *arg); + void *user_arg; + void *(*new_method)(const int name_id, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov); + void (*free_method)(void *); +}; + +static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, + int no_store, void *vdata) +{ + struct do_all_data_st *data = vdata; + OPENSSL_CTX *libctx = ossl_provider_library_context(provider); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + int name_id = ossl_namemap_add_names(namemap, 0, algo->algorithm_names, + NAME_SEPARATOR); + void *method = NULL; + + if (name_id != 0) + method = data->new_method(name_id, algo->implementation, provider); + + if (method != NULL) { + data->user_fn(method, data->user_arg); + data->free_method(method); + } +} + +void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, + void (*user_fn)(void *method, void *arg), + void *user_arg, + void *(*new_method)(int name_id, + const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov), + void (*free_method)(void *)) +{ + struct do_all_data_st data; + + data.new_method = new_method; + data.free_method = free_method; + data.user_fn = user_fn; + data.user_arg = user_arg; + + /* + * No pre- or post-condition for this call, as this only creates methods + * temporarly and then promptly destroys them. + */ + ossl_algorithm_do_all(libctx, operation_id, NULL, NULL, do_one, NULL, + &data); +} + +const char *evp_first_name(const OSSL_PROVIDER *prov, int name_id) +{ + OPENSSL_CTX *libctx = ossl_provider_library_context(prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + + return ossl_namemap_num2name(namemap, name_id, 0); +} + +int evp_is_a(OSSL_PROVIDER *prov, int number, + const char *legacy_name, const char *name) +{ + /* + * For a |prov| that is NULL, the library context will be NULL + */ + OPENSSL_CTX *libctx = ossl_provider_library_context(prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + + if (prov == NULL) + number = ossl_namemap_name2num(namemap, legacy_name); + return ossl_namemap_name2num(namemap, name) == number; +} + +void evp_names_do_all(OSSL_PROVIDER *prov, int number, + void (*fn)(const char *name, void *data), + void *data) +{ + OPENSSL_CTX *libctx = ossl_provider_library_context(prov); + OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); + + ossl_namemap_doall_names(namemap, number, fn, data); +}