diff options
author | Matt Caswell <matt@openssl.org> | 2019-11-01 15:13:49 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-11-06 11:11:31 +0100 |
commit | 7606bed9047935d0e3c0b5ede9d4ce92a136b5e2 (patch) | |
tree | 6f65b6e46717981d7580bdc5f90658dc53a0405e /crypto/evp/names.c | |
parent | test/recipes/02-test_ordinals.t: Take '?' and '?+' into account (diff) | |
download | openssl-7606bed9047935d0e3c0b5ede9d4ce92a136b5e2.tar.xz openssl-7606bed9047935d0e3c0b5ede9d4ce92a136b5e2.zip |
Ensure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases
Now that we have an EVP namemap containing all aliases that providers
know about for any given algorithm, it is possible that an application
attempts to look up a digest or a cipher via EVP_get_digestbyname() or
EVP_get_cipherbyname() with an algorithm name that is unknown to the
legacy method database. Therefore we extend those functions to
additionally check the aliases in the namemap when searching for a
method in the event that our initial lookup attempt fails.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10324)
Diffstat (limited to 'crypto/evp/names.c')
-rw-r--r-- | crypto/evp/names.c | 79 |
1 files changed, 74 insertions, 5 deletions
diff --git a/crypto/evp/names.c b/crypto/evp/names.c index 901899ad3b..5eb7a39ae0 100644 --- a/crypto/evp/names.c +++ b/crypto/evp/names.c @@ -8,11 +8,12 @@ */ #include <stdio.h> -#include "internal/cryptlib.h" #include <openssl/evp.h> #include <openssl/kdf.h> -#include "crypto/objects.h" #include <openssl/x509.h> +#include "internal/cryptlib.h" +#include "internal/namemap.h" +#include "crypto/objects.h" #include "crypto/evp.h" int EVP_add_cipher(const EVP_CIPHER *c) @@ -56,26 +57,94 @@ int EVP_add_digest(const EVP_MD *md) return r; } +static void cipher_from_name(const char *name, void *data) +{ + const EVP_CIPHER **cipher = data; + + if (*cipher != NULL) + return; + + *cipher = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); +} + const EVP_CIPHER *EVP_get_cipherbyname(const char *name) { + return evp_get_cipherbyname_ex(NULL, name); +} + +const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name) +{ const EVP_CIPHER *cp; + OSSL_NAMEMAP *namemap; + int id; if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL)) return NULL; cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH); + + if (cp != NULL) + return cp; + + /* + * It's not in the method database, but it might be there under a different + * name. So we check for aliases in the EVP namemap and try all of those + * in turn. + */ + + namemap = ossl_namemap_stored(libctx); + id = ossl_namemap_name2num(namemap, name); + if (id == 0) + return NULL; + + ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp); + return cp; } +static void digest_from_name(const char *name, void *data) +{ + const EVP_MD **md = data; + + if (*md != NULL) + return; + + *md = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); +} + const EVP_MD *EVP_get_digestbyname(const char *name) { - const EVP_MD *cp; + return evp_get_digestbyname_ex(NULL, name); +} + +const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name) +{ + const EVP_MD *dp; + OSSL_NAMEMAP *namemap; + int id; if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL)) return NULL; - cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); - return cp; + dp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH); + + if (dp != NULL) + return dp; + + /* + * It's not in the method database, but it might be there under a different + * name. So we check for aliases in the EVP namemap and try all of those + * in turn. + */ + + namemap = ossl_namemap_stored(libctx); + id = ossl_namemap_name2num(namemap, name); + if (id == 0) + return NULL; + + ossl_namemap_doall_names(namemap, id, digest_from_name, &dp); + + return dp; } void evp_cleanup_int(void) |