1/*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stddef.h>
11#include <openssl/types.h>
12#include <openssl/evp.h>
13#include <openssl/core.h>
14#include "internal/cryptlib.h"
15#include "internal/thread_once.h"
16#include "internal/property.h"
17#include "internal/core.h"
18#include "internal/provider.h"
19#include "internal/namemap.h"
20#include "crypto/evp.h" /* evp_local.h needs it */
21#include "evp_local.h"
22
23#define NAME_SEPARATOR ':'
24
25static void evp_method_store_free(void *vstore)
26{
27 ossl_method_store_free(vstore);
28}
29
30static void *evp_method_store_new(OPENSSL_CTX *ctx)
31{
32 return ossl_method_store_new(ctx);
33}
34
35
36static const OPENSSL_CTX_METHOD evp_method_store_method = {
37 evp_method_store_new,
38 evp_method_store_free,
39};
40
41/* Data to be passed through ossl_method_construct() */
42struct evp_method_data_st {
43 OPENSSL_CTX *libctx;
44 OSSL_METHOD_CONSTRUCT_METHOD *mcm;
45 int operation_id; /* For get_evp_method_from_store() */
46 int name_id; /* For get_evp_method_from_store() */
47 const char *names; /* For get_evp_method_from_store() */
48 const char *propquery; /* For get_evp_method_from_store() */
49 void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *,
50 OSSL_PROVIDER *);
51 int (*refcnt_up_method)(void *method);
52 void (*destruct_method)(void *method);
53};
54
55#ifndef FIPS_MODE
56/* Creates an initial namemap with names found in the legacy method db */
57static void get_legacy_evp_names(const char *main_name, const char *alias,
58 void *arg)
59{
60 int main_id = ossl_namemap_add_name(arg, 0, main_name);
61
62 /*
63 * We could check that the returned value is the same as main_id,
64 * but since this is a void function, there's no sane way to report
65 * the error. The best we can do is trust ourselve to keep the legacy
66 * method database conflict free.
67 *
68 * This registers any alias with the same number as the main name.
69 * Should it be that the current |on| *has* the main name, this is
70 * simply a no-op.
71 */
72 if (alias != NULL)
73 (void)ossl_namemap_add_name(arg, main_id, alias);
74}
75
76static void get_legacy_cipher_names(const OBJ_NAME *on, void *arg)
77{
78 const EVP_CIPHER *cipher = (void *)OBJ_NAME_get(on->name, on->type);
79
80 get_legacy_evp_names(EVP_CIPHER_name(cipher), on->name, arg);
81}
82
83static void get_legacy_md_names(const OBJ_NAME *on, void *arg)
84{
85 const EVP_MD *md = (void *)OBJ_NAME_get(on->name, on->type);
86 /* We don't want the pkey_type names, so we need some extra care */
87 int snid, lnid;
88
89 snid = OBJ_sn2nid(on->name);
90 lnid = OBJ_ln2nid(on->name);
91 if (snid != EVP_MD_pkey_type(md) && lnid != EVP_MD_pkey_type(md))
92 get_legacy_evp_names(EVP_MD_name(md), on->name, arg);
93 else
94 get_legacy_evp_names(EVP_MD_name(md), NULL, arg);
95}
96#endif
97
98static OSSL_NAMEMAP *get_prepopulated_namemap(OPENSSL_CTX *libctx)
99{
100 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
101
102#ifndef FIPS_MODE
103 if (namemap != NULL && ossl_namemap_empty(namemap)) {
104 /* Before pilfering, we make sure the legacy database is populated */
105 OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
106 |OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
107
108 OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH,
109 get_legacy_cipher_names, namemap);
110 OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH,
111 get_legacy_md_names, namemap);
112 }
113#endif
114
115 return namemap;
116}
117
118/*
119 * Generic routines to fetch / create EVP methods with ossl_method_construct()
120 */
121static void *alloc_tmp_evp_method_store(OPENSSL_CTX *ctx)
122{
123 return ossl_method_store_new(ctx);
124}
125
126 static void dealloc_tmp_evp_method_store(void *store)
127{
128 if (store != NULL)
129 ossl_method_store_free(store);
130}
131
132static OSSL_METHOD_STORE *get_evp_method_store(OPENSSL_CTX *libctx)
133{
134 return openssl_ctx_get_data(libctx, OPENSSL_CTX_EVP_METHOD_STORE_INDEX,
135 &evp_method_store_method);
136}
137
138/*
139 * To identity the method in the EVP method store, we mix the name identity
140 * with the operation identity, with the assumption that we don't have more
141 * than 2^24 names or more than 2^8 operation types.
142 *
143 * The resulting identity is a 32-bit integer, composed like this:
144 *
145 * +---------24 bits--------+-8 bits-+
146 * | name identity | op id |
147 * +------------------------+--------+
148 */
149static uint32_t evp_method_id(unsigned int operation_id, int name_id)
150{
151 if (!ossl_assert(name_id < (1 << 24) || operation_id < (1 << 8))
152 || !ossl_assert(name_id > 0 && operation_id > 0))
153 return 0;
154 return ((name_id << 8) & 0xFFFFFF00) | (operation_id & 0x000000FF);
155}
156
157static void *get_evp_method_from_store(OPENSSL_CTX *libctx, void *store,
158 void *data)
159{
160 struct evp_method_data_st *methdata = data;
161 void *method = NULL;
162 int name_id;
163 uint32_t meth_id;
164
165 /*
166 * get_evp_method_from_store() is only called to try and get the method
167 * that evp_generic_fetch() is asking for, and the operation id as well
168 * as the name or name id are passed via methdata.
169 */
170 if ((name_id = methdata->name_id) == 0) {
171 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
172 const char *names = methdata->names;
173 const char *q = strchr(names, NAME_SEPARATOR);
174 size_t l = (q == NULL ? strlen(names) : (size_t)(q - names));
175
176 if (namemap == 0)
177 return NULL;
178 name_id = ossl_namemap_name2num_n(namemap, names, l);
179 }
180
181 if (name_id == 0
182 || (meth_id = evp_method_id(methdata->operation_id, name_id)) == 0)
183 return NULL;
184
185 if (store == NULL
186 && (store = get_evp_method_store(libctx)) == NULL)
187 return NULL;
188
189 if (!ossl_method_store_fetch(store, meth_id, methdata->propquery,
190 &method))
191 return NULL;
192 return method;
193}
194
195static int put_evp_method_in_store(OPENSSL_CTX *libctx, void *store,
196 void *method, const OSSL_PROVIDER *prov,
197 int operation_id, const char *names,
198 const char *propdef, void *data)
199{
200 struct evp_method_data_st *methdata = data;
201 OSSL_NAMEMAP *namemap;
202 int name_id;
203 uint32_t meth_id;
204 size_t l = 0;
205
206 /*
207 * put_evp_method_in_store() is only called with an EVP method that was
208 * successfully created by construct_method() below, which means that
209 * all the names should already be stored in the namemap with the same
210 * numeric identity, so just use the first to get that identity.
211 */
212 if (names != NULL) {
213 const char *q = strchr(names, NAME_SEPARATOR);
214
215 l = (q == NULL ? strlen(names) : (size_t)(q - names));
216 }
217
218 if ((namemap = ossl_namemap_stored(libctx)) == NULL
219 || (name_id = ossl_namemap_name2num_n(namemap, names, l)) == 0
220 || (meth_id = evp_method_id(operation_id, name_id)) == 0)
221 return 0;
222
223 if (store == NULL
224 && (store = get_evp_method_store(libctx)) == NULL)
225 return 0;
226
227 return ossl_method_store_add(store, prov, meth_id, propdef, method,
228 methdata->refcnt_up_method,
229 methdata->destruct_method);
230}
231
232/*
233 * The core fetching functionality passes the name of the implementation.
234 * This function is responsible to getting an identity number for it.
235 */
236static void *construct_evp_method(const OSSL_ALGORITHM *algodef,
237 OSSL_PROVIDER *prov, void *data)
238{
239 /*
240 * This function is only called if get_evp_method_from_store() returned
241 * NULL, so it's safe to say that of all the spots to create a new
242 * namemap entry, this is it. Should the name already exist there, we
243 * know that ossl_namemap_add_name() will return its corresponding
244 * number.
245 */
246 struct evp_method_data_st *methdata = data;
247 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
248 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
249 const char *names = algodef->algorithm_names;
250 int name_id = ossl_namemap_add_names(namemap, 0, names, NAME_SEPARATOR);
251
252 if (name_id == 0)
253 return NULL;
254 return methdata->method_from_dispatch(name_id, algodef->implementation,
255 prov);
256}
257
258static void destruct_evp_method(void *method, void *data)
259{
260 struct evp_method_data_st *methdata = data;
261
262 methdata->destruct_method(method);
263}
264
265static void *
266inner_evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id,
267 int name_id, const char *name,
268 const char *properties,
269 void *(*new_method)(int name_id,
270 const OSSL_DISPATCH *fns,
271 OSSL_PROVIDER *prov),
272 int (*up_ref_method)(void *),
273 void (*free_method)(void *))
274{
275 OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
276 OSSL_NAMEMAP *namemap = get_prepopulated_namemap(libctx);
277 uint32_t meth_id = 0;
278 void *method = NULL;
279
280 if (store == NULL || namemap == NULL)
281 return NULL;
282
283 /*
284 * If there's ever an operation_id == 0 passed, we have an internal
285 * programming error.
286 */
287 if (!ossl_assert(operation_id > 0))
288 return NULL;
289
290 /*
291 * If we have been passed neither a name_id or a name, we have an
292 * internal programming error.
293 */
294 if (!ossl_assert(name_id != 0 || name != NULL))
295 return NULL;
296
297 /* If we haven't received a name id yet, try to get one for the name */
298 if (name_id == 0)
299 name_id = ossl_namemap_name2num(namemap, name);
300
301 /*
302 * If we have a name id, calculate a method id with evp_method_id().
303 *
304 * evp_method_id returns 0 if we have too many operations (more than
305 * about 2^8) or too many names (more than about 2^24). In that case,
306 * we can't create any new method.
307 */
308 if (name_id != 0 && (meth_id = evp_method_id(operation_id, name_id)) == 0)
309 return NULL;
310
311 if (meth_id == 0
312 || !ossl_method_store_cache_get(store, meth_id, properties, &method)) {
313 OSSL_METHOD_CONSTRUCT_METHOD mcm = {
314 alloc_tmp_evp_method_store,
315 dealloc_tmp_evp_method_store,
316 get_evp_method_from_store,
317 put_evp_method_in_store,
318 construct_evp_method,
319 destruct_evp_method
320 };
321 struct evp_method_data_st mcmdata;
322
323 mcmdata.mcm = &mcm;
324 mcmdata.libctx = libctx;
325 mcmdata.operation_id = operation_id;
326 mcmdata.name_id = name_id;
327 mcmdata.names = name;
328 mcmdata.propquery = properties;
329 mcmdata.method_from_dispatch = new_method;
330 mcmdata.refcnt_up_method = up_ref_method;
331 mcmdata.destruct_method = free_method;
332 if ((method = ossl_method_construct(libctx, operation_id,
333 0 /* !force_cache */,
334 &mcm, &mcmdata)) != NULL) {
335 /*
336 * If construction did create a method for us, we know that
337 * there is a correct name_id and meth_id, since those have
338 * already been calculated in get_evp_method_from_store() and
339 * put_evp_method_in_store() above.
340 */
341 if (name_id == 0)
342 name_id = ossl_namemap_name2num(namemap, name);
343 meth_id = evp_method_id(operation_id, name_id);
344 ossl_method_store_cache_set(store, meth_id, properties, method,
345 up_ref_method, free_method);
346 }
347 }
348
349 return method;
350}
351
352void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id,
353 const char *name, const char *properties,
354 void *(*new_method)(int name_id,
355 const OSSL_DISPATCH *fns,
356 OSSL_PROVIDER *prov),
357 int (*up_ref_method)(void *),
358 void (*free_method)(void *))
359{
360 return inner_evp_generic_fetch(libctx,
361 operation_id, 0, name, properties,
362 new_method, up_ref_method, free_method);
363}
364
365/*
366 * evp_generic_fetch_by_number() is special, and only returns methods for
367 * already known names, i.e. it refuses to work if no name_id can be found
368 * (it's considered an internal programming error).
369 * This is meant to be used when one method needs to fetch an associated
370 * other method.
371 */
372void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id,
373 int name_id, const char *properties,
374 void *(*new_method)(int name_id,
375 const OSSL_DISPATCH *fns,
376 OSSL_PROVIDER *prov),
377 int (*up_ref_method)(void *),
378 void (*free_method)(void *))
379{
380 return inner_evp_generic_fetch(libctx,
381 operation_id, name_id, NULL, properties,
382 new_method, up_ref_method, free_method);
383}
384
385int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq)
386{
387 OSSL_METHOD_STORE *store = get_evp_method_store(libctx);
388
389 if (store != NULL)
390 return ossl_method_store_set_global_properties(store, propq);
391 EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR);
392 return 0;
393}
394
395struct do_all_data_st {
396 void (*user_fn)(void *method, void *arg);
397 void *user_arg;
398 void *(*new_method)(const int name_id, const OSSL_DISPATCH *fns,
399 OSSL_PROVIDER *prov);
400 void (*free_method)(void *);
401};
402
403static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo,
404 int no_store, void *vdata)
405{
406 struct do_all_data_st *data = vdata;
407 OPENSSL_CTX *libctx = ossl_provider_library_context(provider);
408 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
409 int name_id = ossl_namemap_add_names(namemap, 0, algo->algorithm_names,
410 NAME_SEPARATOR);
411 void *method = NULL;
412
413 if (name_id != 0)
414 method = data->new_method(name_id, algo->implementation, provider);
415
416 if (method != NULL) {
417 data->user_fn(method, data->user_arg);
418 data->free_method(method);
419 }
420}
421
422void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id,
423 void (*user_fn)(void *method, void *arg),
424 void *user_arg,
425 void *(*new_method)(int name_id,
426 const OSSL_DISPATCH *fns,
427 OSSL_PROVIDER *prov),
428 void (*free_method)(void *))
429{
430 struct do_all_data_st data;
431
432 data.new_method = new_method;
433 data.free_method = free_method;
434 data.user_fn = user_fn;
435 data.user_arg = user_arg;
436 ossl_algorithm_do_all(libctx, operation_id, NULL, do_one, &data);
437}
438
439const char *evp_first_name(OSSL_PROVIDER *prov, int name_id)
440{
441 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
442 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
443
444 return ossl_namemap_num2name(namemap, name_id, 0);
445}
446
447int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name)
448{
449 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
450 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
451
452 return ossl_namemap_name2num(namemap, name) == number;
453}
454
455void evp_names_do_all(OSSL_PROVIDER *prov, int number,
456 void (*fn)(const char *name, void *data),
457 void *data)
458{
459 OPENSSL_CTX *libctx = ossl_provider_library_context(prov);
460 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
461
462 ossl_namemap_doall_names(namemap, number, fn, data);
463}
464