/* * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #include #include #include #include #include "internal/cryptlib.h" #include "internal/thread_once.h" #include "internal/property.h" #include "internal/core.h" #include "internal/provider.h" #include "internal/namemap.h" #include "internal/evp_int.h" /* evp_locl.h needs it */ #include "evp_locl.h" static void default_method_store_free(void *vstore) { ossl_method_store_free(vstore); } static void *default_method_store_new(OPENSSL_CTX *ctx) { return ossl_method_store_new(ctx); } static const OPENSSL_CTX_METHOD default_method_store_method = { default_method_store_new, default_method_store_free, }; /* Data to be passed through ossl_method_construct() */ struct method_data_st { OPENSSL_CTX *libctx; OSSL_METHOD_CONSTRUCT_METHOD *mcm; int operation_id; /* For get_method_from_store() */ int name_id; /* For get_method_from_store() */ const char *name; /* For get_method_from_store() */ const char *propquery; /* For get_method_from_store() */ void *(*method_from_dispatch)(int name_id, const OSSL_DISPATCH *, OSSL_PROVIDER *, void *); void *method_data; int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); }; /* * Generic routines to fetch / create EVP methods with ossl_method_construct() */ static void *alloc_tmp_method_store(OPENSSL_CTX *ctx) { return ossl_method_store_new(ctx); } static void dealloc_tmp_method_store(void *store) { if (store != NULL) ossl_method_store_free(store); } static OSSL_METHOD_STORE *get_default_method_store(OPENSSL_CTX *libctx) { return openssl_ctx_get_data(libctx, OPENSSL_CTX_DEFAULT_METHOD_STORE_INDEX, &default_method_store_method); } /* * To identity the method in the method store, we mix the name identity * with the operation identity, with the assumption that we don't have * more than 2^24 names or more than 2^8 operation types. * * The resulting identity is a 32-bit integer, composed like this: * * +---------24 bits--------+-8 bits-+ * | name identity | op id | * +------------------------+--------+ */ static uint32_t method_id(unsigned int operation_id, int name_id) { if (!ossl_assert(name_id < (1 << 24) || operation_id < (1 << 8)) || !ossl_assert(name_id > 0 && operation_id > 0)) return 0; return ((name_id << 8) & 0xFFFFFF00) | (operation_id & 0x000000FF); } static void *get_method_from_store(OPENSSL_CTX *libctx, void *store, void *data) { struct method_data_st *methdata = data; void *method = NULL; int name_id; uint32_t meth_id; /* * get_method_from_store() is only called to try and get the method * that evp_generic_fetch() is asking for, and the operation id as * well as the name or name id are passed via methdata. */ if ((name_id = methdata->name_id) == 0) { OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); if (namemap == 0) return NULL; name_id = ossl_namemap_name2num(namemap, methdata->name); } if (name_id == 0 || (meth_id = method_id(methdata->operation_id, name_id)) == 0) return NULL; if (store == NULL && (store = get_default_method_store(libctx)) == NULL) return NULL; (void)ossl_method_store_fetch(store, meth_id, methdata->propquery, &method); if (method != NULL && !methdata->refcnt_up_method(method)) { method = NULL; } return method; } static int put_method_in_store(OPENSSL_CTX *libctx, void *store, void *method, const OSSL_PROVIDER *prov, int operation_id, const char *name, const char *propdef, void *data) { struct method_data_st *methdata = data; OSSL_NAMEMAP *namemap; int name_id; uint32_t meth_id; /* * put_method_in_store() is only called with a method that was * successfully created by construct_method() below, which means * the name should already be stored in the namemap, so just use it. */ if ((namemap = ossl_namemap_stored(libctx)) == NULL || (name_id = ossl_namemap_name2num(namemap, name)) == 0 || (meth_id = method_id(operation_id, name_id)) == 0) return 0; if (store == NULL && (store = get_default_method_store(libctx)) == NULL) return 0; return ossl_method_store_add(store, prov, meth_id, propdef, method, methdata->refcnt_up_method, methdata->destruct_method); } /* * The core fetching functionality passes the name of the implementation. * This function is responsible to getting an identity number for it. */ static void *construct_method(const char *name, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *data) { /* * This function is only called if get_method_from_store() returned * NULL, so it's safe to say that of all the spots to create a new * namemap entry, this is it. Should the name already exist there, we * know that ossl_namemap_add() will return its corresponding number. * * TODO(3.0): If this function gets an array of names instead of just * one, we need to check through all the names to see if at least one * of them has an associated number, and use that. If several names * have associated numbers that differ from each other, it's an error. */ struct method_data_st *methdata = data; OPENSSL_CTX *libctx = ossl_provider_library_context(prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); int name_id = ossl_namemap_add(namemap, 0, name); return methdata->method_from_dispatch(name_id, fns, prov, methdata->method_data); } static void destruct_method(void *method, void *data) { struct method_data_st *methdata = data; methdata->destruct_method(method); } static void *inner_generic_fetch(OPENSSL_CTX *libctx, int operation_id, int name_id, const char *name, const char *properties, void *(*new_method)(int name_id, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *method_data), void *method_data, int (*up_ref_method)(void *), void (*free_method)(void *)) { OSSL_METHOD_STORE *store = get_default_method_store(libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); uint32_t meth_id = 0; void *method = NULL; if (store == NULL || namemap == NULL) return NULL; /* * If there's ever an operation_id == 0 passed, we have an internal * programming error. */ if (!ossl_assert(operation_id > 0)) return NULL; /* * If we have been passed neither a name_id or a name, we have an * internal programming error. */ if (!ossl_assert(name_id != 0 || name != NULL)) return NULL; /* If we haven't received a name id yet, try to get one for the name */ if (name_id == 0) name_id = ossl_namemap_name2num(namemap, name); /* * If we have a name id, calculate a method id with method_id(). * * method_id returns 0 if we have too many operations (more than * about 2^8) or too many names (more than about 2^24). In that * case, we can't create any new method. */ if (name_id != 0 && (meth_id = method_id(operation_id, name_id)) == 0) return NULL; if (meth_id == 0 || !ossl_method_store_cache_get(store, meth_id, properties, &method)) { OSSL_METHOD_CONSTRUCT_METHOD mcm = { alloc_tmp_method_store, dealloc_tmp_method_store, get_method_from_store, put_method_in_store, construct_method, destruct_method }; struct method_data_st mcmdata; mcmdata.mcm = &mcm; mcmdata.libctx = libctx; mcmdata.operation_id = operation_id; mcmdata.name_id = name_id; mcmdata.name = name; mcmdata.propquery = properties; mcmdata.method_from_dispatch = new_method; mcmdata.destruct_method = free_method; mcmdata.refcnt_up_method = up_ref_method; mcmdata.destruct_method = free_method; mcmdata.method_data = method_data; if ((method = ossl_method_construct(libctx, operation_id, 0 /* !force_cache */, &mcm, &mcmdata)) != NULL) { /* * If construction did create a method for us, we know that * there is a correct name_id and methodid, since those have * already been calculated in get_method_from_store() and * put_method_in_store() above. */ if (name_id == 0) name_id = ossl_namemap_name2num(namemap, name); meth_id = method_id(operation_id, name_id); ossl_method_store_cache_set(store, meth_id, properties, method); } } else { up_ref_method(method); } return method; } void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, const char *name, const char *properties, void *(*new_method)(int name_id, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *method_data), void *method_data, int (*up_ref_method)(void *), void (*free_method)(void *)) { return inner_generic_fetch(libctx, operation_id, 0, name, properties, new_method, method_data, up_ref_method, free_method); } /* * evp_generic_fetch_by_number() is special, and only returns methods for * already known names, i.e. it refuses to work if no name_id can be found * (it's considered an internal programming error). * This is meant to be used when one method needs to fetch an associated * other method. */ void *evp_generic_fetch_by_number(OPENSSL_CTX *libctx, int operation_id, int name_id, const char *properties, void *(*new_method)(int name_id, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *method_data), void *method_data, int (*up_ref_method)(void *), void (*free_method)(void *)) { return inner_generic_fetch(libctx, operation_id, name_id, NULL, properties, new_method, method_data, up_ref_method, free_method); } int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) { OSSL_METHOD_STORE *store = get_default_method_store(libctx); if (store != NULL) return ossl_method_store_set_global_properties(store, propq); EVPerr(EVP_F_EVP_SET_DEFAULT_PROPERTIES, ERR_R_INTERNAL_ERROR); return 0; } struct do_all_data_st { void (*user_fn)(void *method, void *arg); void *user_arg; void *(*new_method)(const int name_id, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *method_data); void (*free_method)(void *); }; static void do_one(OSSL_PROVIDER *provider, const OSSL_ALGORITHM *algo, int no_store, void *vdata) { struct do_all_data_st *data = vdata; OPENSSL_CTX *libctx = ossl_provider_library_context(provider); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); int name_id = ossl_namemap_add(namemap, 0, algo->algorithm_name); void *method = NULL; if (name_id != 0) method = data->new_method(name_id, algo->implementation, provider, NULL); if (method != NULL) { data->user_fn(method, data->user_arg); data->free_method(method); } } void evp_generic_do_all(OPENSSL_CTX *libctx, int operation_id, void (*user_fn)(void *method, void *arg), void *user_arg, void *(*new_method)(int name_id, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *method_data), void *method_data, void (*free_method)(void *)) { struct do_all_data_st data; data.new_method = new_method; data.free_method = free_method; data.user_fn = user_fn; data.user_arg = user_arg; ossl_algorithm_do_all(libctx, operation_id, method_data, do_one, &data); } const char *evp_first_name(OSSL_PROVIDER *prov, int name_id) { OPENSSL_CTX *libctx = ossl_provider_library_context(prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); return ossl_namemap_num2name(namemap, name_id, 0); } int evp_is_a(OSSL_PROVIDER *prov, int number, const char *name) { OPENSSL_CTX *libctx = ossl_provider_library_context(prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); return ossl_namemap_name2num(namemap, name) == number; } void evp_doall_names(OSSL_PROVIDER *prov, int number, void (*fn)(const char *name, void *data), void *data) { OPENSSL_CTX *libctx = ossl_provider_library_context(prov); OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx); ossl_namemap_doall_names(namemap, number, fn, data); }