diff options
Diffstat (limited to 'include/internal')
40 files changed, 2994 insertions, 190 deletions
diff --git a/include/internal/__DECC_INCLUDE_EPILOGUE.H b/include/internal/__DECC_INCLUDE_EPILOGUE.H index c350018ad190..e57c0eab3e3a 100644 --- a/include/internal/__DECC_INCLUDE_EPILOGUE.H +++ b/include/internal/__DECC_INCLUDE_EPILOGUE.H @@ -1,7 +1,7 @@ /* * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/include/internal/__DECC_INCLUDE_PROLOGUE.H b/include/internal/__DECC_INCLUDE_PROLOGUE.H index 9a9c777f93f8..a01395755713 100644 --- a/include/internal/__DECC_INCLUDE_PROLOGUE.H +++ b/include/internal/__DECC_INCLUDE_PROLOGUE.H @@ -1,7 +1,7 @@ /* * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/include/internal/asn1.h b/include/internal/asn1.h new file mode 100644 index 000000000000..3143e3405f1d --- /dev/null +++ b/include/internal/asn1.h @@ -0,0 +1,16 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_ASN1_H +# define OSSL_INTERNAL_ASN1_H +# pragma once + +int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); + +#endif diff --git a/include/internal/bio.h b/include/internal/bio.h index c343b276295c..547a73d02d4e 100644 --- a/include/internal/bio.h +++ b/include/internal/bio.h @@ -1,13 +1,18 @@ /* - * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#include <openssl/bio.h> +#ifndef OSSL_INTERNAL_BIO_H +# define OSSL_INTERNAL_BIO_H +# pragma once + +# include <openssl/core.h> +# include <openssl/bio.h> struct bio_method_st { int type; @@ -31,3 +36,56 @@ void bio_cleanup(void); /* Old style to new style BIO_METHOD conversion functions */ int bwrite_conv(BIO *bio, const char *data, size_t datal, size_t *written); int bread_conv(BIO *bio, char *data, size_t datal, size_t *read); + +/* Changes to these internal BIOs must also update include/openssl/bio.h */ +# define BIO_CTRL_SET_KTLS 72 +# define BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG 74 +# define BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG 75 + +/* + * This is used with socket BIOs: + * BIO_FLAGS_KTLS_TX means we are using ktls with this BIO for sending. + * BIO_FLAGS_KTLS_TX_CTRL_MSG means we are about to send a ctrl message next. + * BIO_FLAGS_KTLS_RX means we are using ktls with this BIO for receiving. + */ +# define BIO_FLAGS_KTLS_TX_CTRL_MSG 0x1000 +# define BIO_FLAGS_KTLS_RX 0x2000 +# define BIO_FLAGS_KTLS_TX 0x4000 + +/* KTLS related controls and flags */ +# define BIO_set_ktls_flag(b, is_tx) \ + BIO_set_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) +# define BIO_should_ktls_flag(b, is_tx) \ + BIO_test_flags(b, (is_tx) ? BIO_FLAGS_KTLS_TX : BIO_FLAGS_KTLS_RX) +# define BIO_set_ktls_ctrl_msg_flag(b) \ + BIO_set_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) +# define BIO_should_ktls_ctrl_msg_flag(b) \ + BIO_test_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) +# define BIO_clear_ktls_ctrl_msg_flag(b) \ + BIO_clear_flags(b, BIO_FLAGS_KTLS_TX_CTRL_MSG) + +# define BIO_set_ktls(b, keyblob, is_tx) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS, is_tx, keyblob) +# define BIO_set_ktls_ctrl_msg(b, record_type) \ + BIO_ctrl(b, BIO_CTRL_SET_KTLS_TX_SEND_CTRL_MSG, record_type, NULL) +# define BIO_clear_ktls_ctrl_msg(b) \ + BIO_ctrl(b, BIO_CTRL_CLEAR_KTLS_TX_CTRL_MSG, 0, NULL) + +/* Functions to allow the core to offer the CORE_BIO type to providers */ +OSSL_CORE_BIO *ossl_core_bio_new_from_bio(BIO *bio); +OSSL_CORE_BIO *ossl_core_bio_new_file(const char *filename, const char *mode); +OSSL_CORE_BIO *ossl_core_bio_new_mem_buf(const void *buf, int len); +int ossl_core_bio_read_ex(OSSL_CORE_BIO *cb, void *data, size_t dlen, + size_t *readbytes); +int ossl_core_bio_write_ex(OSSL_CORE_BIO *cb, const void *data, size_t dlen, + size_t *written); +int ossl_core_bio_gets(OSSL_CORE_BIO *cb, char *buf, int size); +int ossl_core_bio_puts(OSSL_CORE_BIO *cb, const char *buf); +long ossl_core_bio_ctrl(OSSL_CORE_BIO *cb, int cmd, long larg, void *parg); +int ossl_core_bio_up_ref(OSSL_CORE_BIO *cb); +int ossl_core_bio_free(OSSL_CORE_BIO *cb); +int ossl_core_bio_vprintf(OSSL_CORE_BIO *cb, const char *format, va_list args); + +int ossl_bio_init_core(OSSL_LIB_CTX *libctx, const OSSL_DISPATCH *fns); + +#endif diff --git a/include/internal/comp.h b/include/internal/comp.h index ac6e38b47415..3ad86fc7b1f1 100644 --- a/include/internal/comp.h +++ b/include/internal/comp.h @@ -1,7 +1,7 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,4 +9,4 @@ #include <openssl/comp.h> -void comp_zlib_cleanup_int(void); +void ossl_comp_zlib_cleanup(void); diff --git a/include/internal/conf.h b/include/internal/conf.h index 163fea8de418..8c6c29cd2c5f 100644 --- a/include/internal/conf.h +++ b/include/internal/conf.h @@ -1,7 +1,7 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,10 +9,11 @@ #ifndef OSSL_INTERNAL_CONF_H # define OSSL_INTERNAL_CONF_H +# pragma once -#include <openssl/conf.h> +# include <openssl/conf.h> -#define DEFAULT_CONF_MFLAGS \ +# define DEFAULT_CONF_MFLAGS \ (CONF_MFLAGS_DEFAULT_SECTION | \ CONF_MFLAGS_IGNORE_MISSING_FILE | \ CONF_MFLAGS_IGNORE_RETURN_CODES) @@ -23,8 +24,8 @@ struct ossl_init_settings_st { unsigned long flags; }; -int openssl_config_int(const OPENSSL_INIT_SETTINGS *); -void openssl_no_config_int(void); -void conf_modules_free_int(void); +int ossl_config_int(const OPENSSL_INIT_SETTINGS *); +void ossl_no_config_int(void); +void ossl_config_modules_free(void); #endif diff --git a/include/internal/constant_time.h b/include/internal/constant_time.h index 6600a1d72aeb..0ed6f823c11e 100644 --- a/include/internal/constant_time.h +++ b/include/internal/constant_time.h @@ -1,7 +1,7 @@ /* - * Copyright 2014-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,6 +9,7 @@ #ifndef OSSL_INTERNAL_CONSTANT_TIME_H # define OSSL_INTERNAL_CONSTANT_TIME_H +# pragma once # include <stdlib.h> # include <string.h> @@ -181,6 +182,11 @@ static ossl_inline uint32_t constant_time_is_zero_32(uint32_t a) return constant_time_msb_32(~a & (a - 1)); } +static ossl_inline uint64_t constant_time_is_zero_64(uint64_t a) +{ + return constant_time_msb_64(~a & (a - 1)); +} + static ossl_inline unsigned int constant_time_eq(unsigned int a, unsigned int b) { @@ -353,6 +359,34 @@ static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a, } /* + * mask must be 0xFF or 0x00. + * "constant time" is per len. + * + * if (mask) { + * unsigned char tmp[len]; + * + * memcpy(tmp, a, len); + * memcpy(a, b); + * memcpy(b, tmp); + * } + */ +static ossl_inline void constant_time_cond_swap_buff(unsigned char mask, + unsigned char *a, + unsigned char *b, + size_t len) +{ + size_t i; + unsigned char tmp; + + for (i = 0; i < len; i++) { + tmp = a[i] ^ b[i]; + tmp &= mask; + a[i] ^= tmp; + b[i] ^= tmp; + } +} + +/* * table is a two dimensional array of bytes. Each row has rowsize elements. * Copies row number idx into out. rowsize and numrows are not considered * private. diff --git a/include/internal/core.h b/include/internal/core.h new file mode 100644 index 000000000000..03adb66bd342 --- /dev/null +++ b/include/internal/core.h @@ -0,0 +1,71 @@ +/* + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_CORE_H +# define OSSL_INTERNAL_CORE_H +# pragma once + +/* + * namespaces: + * + * ossl_method_ Core Method API + */ + +/* + * construct an arbitrary method from a dispatch table found by looking + * up a match for the < operation_id, name, property > combination. + * constructor and destructor are the constructor and destructor for that + * arbitrary object. + * + * These objects are normally cached, unless the provider says not to cache. + * However, force_cache can be used to force caching whatever the provider + * says (for example, because the application knows better). + */ +typedef struct ossl_method_construct_method_st { + /* Get a temporary store */ + void *(*get_tmp_store)(void *data); + /* Reserve the appropriate method store */ + int (*lock_store)(void *store, void *data); + /* Unreserve the appropriate method store */ + int (*unlock_store)(void *store, void *data); + /* Get an already existing method from a store */ + void *(*get)(void *store, const OSSL_PROVIDER **prov, void *data); + /* Store a method in a store */ + int (*put)(void *store, void *method, const OSSL_PROVIDER *prov, + const char *name, const char *propdef, void *data); + /* Construct a new method */ + void *(*construct)(const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov, + void *data); + /* Destruct a method */ + void (*destruct)(void *method, void *data); +} OSSL_METHOD_CONSTRUCT_METHOD; + +void *ossl_method_construct(OSSL_LIB_CTX *ctx, int operation_id, + OSSL_PROVIDER **provider_rw, int force_cache, + OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data); + +void ossl_algorithm_do_all(OSSL_LIB_CTX *libctx, int operation_id, + OSSL_PROVIDER *provider, + int (*pre)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + int (*reserve_store)(int no_store, void *data), + void (*fn)(OSSL_PROVIDER *provider, + const OSSL_ALGORITHM *algo, + int no_store, void *data), + int (*unreserve_store)(void *data), + int (*post)(OSSL_PROVIDER *, int operation_id, + int no_store, void *data, int *result), + void *data); +char *ossl_algorithm_get1_first_name(const OSSL_ALGORITHM *algo); + +__owur int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx); +__owur int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx); +#endif diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h index 6e7291ae41bc..934d4b089c20 100644 --- a/include/internal/cryptlib.h +++ b/include/internal/cryptlib.h @@ -1,7 +1,7 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,19 +9,22 @@ #ifndef OSSL_INTERNAL_CRYPTLIB_H # define OSSL_INTERNAL_CRYPTLIB_H +# pragma once # include <stdlib.h> # include <string.h> # ifdef OPENSSL_USE_APPLINK -# undef BIO_FLAGS_UPLINK -# define BIO_FLAGS_UPLINK 0x8000 +# define BIO_FLAGS_UPLINK_INTERNAL 0x8000 # include "ms/uplink.h" +# else +# define BIO_FLAGS_UPLINK_INTERNAL 0 # endif # include <openssl/crypto.h> # include <openssl/buffer.h> # include <openssl/bio.h> +# include <openssl/asn1.h> # include <openssl/err.h> # include "internal/nelem.h" @@ -42,12 +45,19 @@ __owur static ossl_inline int ossl_assert_int(int expr, const char *exprstr, #endif -typedef struct ex_callback_st EX_CALLBACK; +/* + * Use this inside a union with the field that needs to be aligned to a + * reasonable boundary for the platform. The most pessimistic alignment + * of the listed types will be used by the compiler. + */ +# define OSSL_UNION_ALIGN \ + double align; \ + ossl_uintmax_t align_int; \ + void *align_ptr +typedef struct ex_callback_st EX_CALLBACK; DEFINE_STACK_OF(EX_CALLBACK) -typedef struct app_mem_info_st APP_INFO; - typedef struct mem_st MEM; DEFINE_LHASH_OF(MEM); @@ -76,9 +86,14 @@ DEFINE_LHASH_OF(MEM); # define HEX_SIZE(type) (sizeof(type)*2) void OPENSSL_cpuid_setup(void); +#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || \ + defined(__x86_64) || defined(__x86_64__) || \ + defined(_M_AMD64) || defined(_M_X64) extern unsigned int OPENSSL_ia32cap_P[]; +#endif void OPENSSL_showfatal(const char *fmta, ...); -void crypto_cleanup_all_ex_data_int(void); +int ossl_do_ex_data_init(OSSL_LIB_CTX *ctx); +void ossl_crypto_cleanup_all_ex_data_int(OSSL_LIB_CTX *ctx); int openssl_init_fork_handlers(void); int openssl_get_fork_id(void); @@ -96,4 +111,153 @@ uint32_t OPENSSL_rdtsc(void); size_t OPENSSL_instrument_bus(unsigned int *, size_t); size_t OPENSSL_instrument_bus2(unsigned int *, size_t, size_t); +/* ex_data structures */ + +/* + * Each structure type (sometimes called a class), that supports + * exdata has a stack of callbacks for each instance. + */ +struct ex_callback_st { + long argl; /* Arbitrary long */ + void *argp; /* Arbitrary void * */ + int priority; /* Priority ordering for freeing */ + CRYPTO_EX_new *new_func; + CRYPTO_EX_free *free_func; + CRYPTO_EX_dup *dup_func; +}; + +/* + * The state for each class. This could just be a typedef, but + * a structure allows future changes. + */ +typedef struct ex_callbacks_st { + STACK_OF(EX_CALLBACK) *meth; +} EX_CALLBACKS; + +typedef struct ossl_ex_data_global_st { + CRYPTO_RWLOCK *ex_data_lock; + EX_CALLBACKS ex_data[CRYPTO_EX_INDEX__COUNT]; +} OSSL_EX_DATA_GLOBAL; + + +/* OSSL_LIB_CTX */ + +# define OSSL_LIB_CTX_PROVIDER_STORE_RUN_ONCE_INDEX 0 +# define OSSL_LIB_CTX_DEFAULT_METHOD_STORE_RUN_ONCE_INDEX 1 +# define OSSL_LIB_CTX_METHOD_STORE_RUN_ONCE_INDEX 2 +# define OSSL_LIB_CTX_MAX_RUN_ONCE 3 + +# define OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX 0 +# define OSSL_LIB_CTX_PROVIDER_STORE_INDEX 1 +# define OSSL_LIB_CTX_PROPERTY_DEFN_INDEX 2 +# define OSSL_LIB_CTX_PROPERTY_STRING_INDEX 3 +# define OSSL_LIB_CTX_NAMEMAP_INDEX 4 +# define OSSL_LIB_CTX_DRBG_INDEX 5 +# define OSSL_LIB_CTX_DRBG_NONCE_INDEX 6 +# define OSSL_LIB_CTX_RAND_CRNGT_INDEX 7 +# ifdef FIPS_MODULE +# define OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX 8 +# endif +# define OSSL_LIB_CTX_FIPS_PROV_INDEX 9 +# define OSSL_LIB_CTX_ENCODER_STORE_INDEX 10 +# define OSSL_LIB_CTX_DECODER_STORE_INDEX 11 +# define OSSL_LIB_CTX_SELF_TEST_CB_INDEX 12 +# define OSSL_LIB_CTX_BIO_PROV_INDEX 13 +# define OSSL_LIB_CTX_GLOBAL_PROPERTIES 14 +# define OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX 15 +# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16 +# define OSSL_LIB_CTX_BIO_CORE_INDEX 17 +# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18 +# define OSSL_LIB_CTX_MAX_INDEXES 19 + +# define OSSL_LIB_CTX_METHOD_LOW_PRIORITY -1 +# define OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY 0 +# define OSSL_LIB_CTX_METHOD_PRIORITY_1 1 +# define OSSL_LIB_CTX_METHOD_PRIORITY_2 2 + +typedef struct ossl_lib_ctx_method { + int priority; + void *(*new_func)(OSSL_LIB_CTX *ctx); + void (*free_func)(void *); +} OSSL_LIB_CTX_METHOD; + +OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx); +int ossl_lib_ctx_is_global_default(OSSL_LIB_CTX *ctx); + +/* Functions to retrieve pointers to data by index */ +void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *, int /* index */, + const OSSL_LIB_CTX_METHOD * ctx); + +void ossl_lib_ctx_default_deinit(void); +OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx); +typedef int (ossl_lib_ctx_run_once_fn)(OSSL_LIB_CTX *ctx); +typedef void (ossl_lib_ctx_onfree_fn)(OSSL_LIB_CTX *ctx); + +int ossl_lib_ctx_run_once(OSSL_LIB_CTX *ctx, unsigned int idx, + ossl_lib_ctx_run_once_fn run_once_fn); +int ossl_lib_ctx_onfree(OSSL_LIB_CTX *ctx, ossl_lib_ctx_onfree_fn onfreefn); +const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx); + +void ossl_release_default_drbg_ctx(void); + +OSSL_LIB_CTX *ossl_crypto_ex_data_get_ossl_lib_ctx(const CRYPTO_EX_DATA *ad); +int ossl_crypto_new_ex_data_ex(OSSL_LIB_CTX *ctx, int class_index, void *obj, + CRYPTO_EX_DATA *ad); +int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index, + long argl, void *argp, + CRYPTO_EX_new *new_func, + CRYPTO_EX_dup *dup_func, + CRYPTO_EX_free *free_func, + int priority); +int ossl_crypto_free_ex_index_ex(OSSL_LIB_CTX *ctx, int class_index, int idx); + +/* Function for simple binary search */ + +/* Flags */ +# define OSSL_BSEARCH_VALUE_ON_NOMATCH 0x01 +# define OSSL_BSEARCH_FIRST_VALUE_ON_MATCH 0x02 + +const void *ossl_bsearch(const void *key, const void *base, int num, + int size, int (*cmp) (const void *, const void *), + int flags); + +char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, + const char *sep, size_t max_len); +char *ossl_ipaddr_to_asc(unsigned char *p, int len); + +char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep); +unsigned char *ossl_hexstr2buf_sep(const char *str, long *buflen, + const char sep); + +static ossl_inline int ossl_ends_with_dirsep(const char *path) +{ + if (*path != '\0') + path += strlen(path) - 1; +# if defined __VMS + if (*path == ']' || *path == '>' || *path == ':') + return 1; +# elif defined _WIN32 + if (*path == '\\') + return 1; +# endif + return *path == '/'; +} + +static ossl_inline int ossl_is_absolute_path(const char *path) +{ +# if defined __VMS + if (strchr(path, ':') != NULL + || ((path[0] == '[' || path[0] == '<') + && path[1] != '.' && path[1] != '-' + && path[1] != ']' && path[1] != '>')) + return 1; +# elif defined _WIN32 + if (path[0] == '\\' + || (path[0] != '\0' && path[1] == ':')) + return 1; +# endif + return path[0] == '/'; +} + #endif diff --git a/include/internal/dane.h b/include/internal/dane.h index 7a39bd7d7d46..a3d78a7f8050 100644 --- a/include/internal/dane.h +++ b/include/internal/dane.h @@ -1,7 +1,7 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,8 +9,9 @@ #ifndef OSSL_INTERNAL_DANE_H #define OSSL_INTERNAL_DANE_H +# pragma once -#include <openssl/safestack.h> +# include <openssl/safestack.h> /*- * Certificate usages: diff --git a/include/internal/deprecated.h b/include/internal/deprecated.h new file mode 100644 index 000000000000..a313a015459e --- /dev/null +++ b/include/internal/deprecated.h @@ -0,0 +1,30 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * This header file should be included by internal code that needs to use APIs + * that have been deprecated for public use, but where those symbols will still + * be available internally. For example the EVP and provider code needs to use + * low level APIs that are otherwise deprecated. + * + * This header *must* be the first OpenSSL header included by a source file. + */ + +#ifndef OSSL_INTERNAL_DEPRECATED_H +# define OSSL_INTERNAL_DEPRECATED_H +# pragma once + +# include <openssl/configuration.h> + +# undef OPENSSL_NO_DEPRECATED +# define OPENSSL_SUPPRESS_DEPRECATED + +# include <openssl/macros.h> + +#endif diff --git a/include/internal/der.h b/include/internal/der.h new file mode 100644 index 000000000000..f23fabc29022 --- /dev/null +++ b/include/internal/der.h @@ -0,0 +1,88 @@ +/* + * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/bn.h> +#include "internal/packet.h" + +/* + * NOTE: X.690 numbers the identifier octet bits 1 to 8. + * We use the same numbering in comments here. + */ + +/* Well known primitive tags */ + +/* + * DER UNIVERSAL tags, occupying bits 1-5 in the DER identifier byte + * These are only valid for the UNIVERSAL class. With the other classes, + * these bits have a different meaning. + */ +#define DER_P_EOC 0 /* BER End Of Contents tag */ +#define DER_P_BOOLEAN 1 +#define DER_P_INTEGER 2 +#define DER_P_BIT_STRING 3 +#define DER_P_OCTET_STRING 4 +#define DER_P_NULL 5 +#define DER_P_OBJECT 6 +#define DER_P_OBJECT_DESCRIPTOR 7 +#define DER_P_EXTERNAL 8 +#define DER_P_REAL 9 +#define DER_P_ENUMERATED 10 +#define DER_P_UTF8STRING 12 +#define DER_P_SEQUENCE 16 +#define DER_P_SET 17 +#define DER_P_NUMERICSTRING 18 +#define DER_P_PRINTABLESTRING 19 +#define DER_P_T61STRING 20 +#define DER_P_VIDEOTEXSTRING 21 +#define DER_P_IA5STRING 22 +#define DER_P_UTCTIME 23 +#define DER_P_GENERALIZEDTIME 24 +#define DER_P_GRAPHICSTRING 25 +#define DER_P_ISO64STRING 26 +#define DER_P_GENERALSTRING 27 +#define DER_P_UNIVERSALSTRING 28 +#define DER_P_BMPSTRING 30 + +/* DER Flags, occupying bit 6 in the DER identifier byte */ +#define DER_F_PRIMITIVE 0x00 +#define DER_F_CONSTRUCTED 0x20 + +/* DER classes tags, occupying bits 7-8 in the DER identifier byte */ +#define DER_C_UNIVERSAL 0x00 +#define DER_C_APPLICATION 0x40 +#define DER_C_CONTEXT 0x80 +#define DER_C_PRIVATE 0xC0 + +/* + * Run-time constructors. + * + * They all construct DER backwards, so care should be taken to use them + * that way. + */ + +/* This can be used for all items that don't have a context */ +#define DER_NO_CONTEXT -1 + +int ossl_DER_w_precompiled(WPACKET *pkt, int tag, + const unsigned char *precompiled, + size_t precompiled_n); + +int ossl_DER_w_boolean(WPACKET *pkt, int tag, int b); +int ossl_DER_w_uint32(WPACKET *pkt, int tag, uint32_t v); +int ossl_DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v); +int ossl_DER_w_null(WPACKET *pkt, int tag); +int ossl_DER_w_octet_string(WPACKET *pkt, int tag, + const unsigned char *data, size_t data_n); +int ossl_DER_w_octet_string_uint32(WPACKET *pkt, int tag, uint32_t value); + +/* + * All constructors for constructed elements have a begin and a end function + */ +int ossl_DER_w_begin_sequence(WPACKET *pkt, int tag); +int ossl_DER_w_end_sequence(WPACKET *pkt, int tag); diff --git a/include/internal/dso.h b/include/internal/dso.h index c57c0c407592..160ddb98db14 100644 --- a/include/internal/dso.h +++ b/include/internal/dso.h @@ -1,7 +1,7 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,6 +9,7 @@ #ifndef OSSL_INTERNAL_DSO_H # define OSSL_INTERNAL_DSO_H +# pragma once # include <openssl/crypto.h> # include "internal/dsoerr.h" @@ -160,6 +161,4 @@ DSO *DSO_dsobyaddr(void *addr, int flags); */ void *DSO_global_lookup(const char *name); -int ERR_load_DSO_strings(void); - #endif diff --git a/include/internal/dsoerr.h b/include/internal/dsoerr.h index 94d642a22d8c..b1719e8377f4 100644 --- a/include/internal/dsoerr.h +++ b/include/internal/dsoerr.h @@ -1,8 +1,8 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -10,73 +10,39 @@ #ifndef OSSL_INTERNAL_DSOERR_H # define OSSL_INTERNAL_DSOERR_H +# pragma once -# ifndef HEADER_SYMHACKS_H -# include <openssl/symhacks.h> -# endif +# include <openssl/opensslconf.h> +# include <openssl/symhacks.h> # ifdef __cplusplus -extern "C" +extern "C" { # endif -int ERR_load_DSO_strings(void); -/* - * DSO function codes. - */ -# define DSO_F_DLFCN_BIND_FUNC 100 -# define DSO_F_DLFCN_LOAD 102 -# define DSO_F_DLFCN_MERGER 130 -# define DSO_F_DLFCN_NAME_CONVERTER 123 -# define DSO_F_DLFCN_UNLOAD 103 -# define DSO_F_DL_BIND_FUNC 104 -# define DSO_F_DL_LOAD 106 -# define DSO_F_DL_MERGER 131 -# define DSO_F_DL_NAME_CONVERTER 124 -# define DSO_F_DL_UNLOAD 107 -# define DSO_F_DSO_BIND_FUNC 108 -# define DSO_F_DSO_CONVERT_FILENAME 126 -# define DSO_F_DSO_CTRL 110 -# define DSO_F_DSO_FREE 111 -# define DSO_F_DSO_GET_FILENAME 127 -# define DSO_F_DSO_GLOBAL_LOOKUP 139 -# define DSO_F_DSO_LOAD 112 -# define DSO_F_DSO_MERGE 132 -# define DSO_F_DSO_NEW_METHOD 113 -# define DSO_F_DSO_PATHBYADDR 105 -# define DSO_F_DSO_SET_FILENAME 129 -# define DSO_F_DSO_UP_REF 114 -# define DSO_F_VMS_BIND_SYM 115 -# define DSO_F_VMS_LOAD 116 -# define DSO_F_VMS_MERGER 133 -# define DSO_F_VMS_UNLOAD 117 -# define DSO_F_WIN32_BIND_FUNC 101 -# define DSO_F_WIN32_GLOBALLOOKUP 142 -# define DSO_F_WIN32_JOINER 135 -# define DSO_F_WIN32_LOAD 120 -# define DSO_F_WIN32_MERGER 134 -# define DSO_F_WIN32_NAME_CONVERTER 125 -# define DSO_F_WIN32_PATHBYADDR 109 -# define DSO_F_WIN32_SPLITTER 136 -# define DSO_F_WIN32_UNLOAD 121 +int ossl_err_load_DSO_strings(void); /* * DSO reason codes. */ -# define DSO_R_CTRL_FAILED 100 -# define DSO_R_DSO_ALREADY_LOADED 110 -# define DSO_R_EMPTY_FILE_STRUCTURE 113 -# define DSO_R_FAILURE 114 -# define DSO_R_FILENAME_TOO_BIG 101 -# define DSO_R_FINISH_FAILED 102 -# define DSO_R_INCORRECT_FILE_SYNTAX 115 -# define DSO_R_LOAD_FAILED 103 -# define DSO_R_NAME_TRANSLATION_FAILED 109 -# define DSO_R_NO_FILENAME 111 -# define DSO_R_NULL_HANDLE 104 -# define DSO_R_SET_FILENAME_FAILED 112 -# define DSO_R_STACK_ERROR 105 -# define DSO_R_SYM_FAILURE 106 -# define DSO_R_UNLOAD_FAILED 107 -# define DSO_R_UNSUPPORTED 108 +# define DSO_R_CTRL_FAILED 100 +# define DSO_R_DSO_ALREADY_LOADED 110 +# define DSO_R_EMPTY_FILE_STRUCTURE 113 +# define DSO_R_FAILURE 114 +# define DSO_R_FILENAME_TOO_BIG 101 +# define DSO_R_FINISH_FAILED 102 +# define DSO_R_INCORRECT_FILE_SYNTAX 115 +# define DSO_R_LOAD_FAILED 103 +# define DSO_R_NAME_TRANSLATION_FAILED 109 +# define DSO_R_NO_FILENAME 111 +# define DSO_R_NULL_HANDLE 104 +# define DSO_R_SET_FILENAME_FAILED 112 +# define DSO_R_STACK_ERROR 105 +# define DSO_R_SYM_FAILURE 106 +# define DSO_R_UNLOAD_FAILED 107 +# define DSO_R_UNSUPPORTED 108 + +# ifdef __cplusplus +} +# endif #endif diff --git a/include/internal/endian.h b/include/internal/endian.h new file mode 100644 index 000000000000..8b34e03e4404 --- /dev/null +++ b/include/internal/endian.h @@ -0,0 +1,51 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_ENDIAN_H +# define OSSL_INTERNAL_ENDIAN_H +# pragma once + +/* + * IS_LITTLE_ENDIAN and IS_BIG_ENDIAN can be used to detect the endiannes + * at compile time. To use it, DECLARE_IS_ENDIAN must be used to declare + * a variable. + * + * L_ENDIAN and B_ENDIAN can be used at preprocessor time. They can be set + * in the configarion using the lib_cppflags variable. If neither is + * set, it will fall back to code works with either endianness. + */ + +# if defined(__BYTE_ORDER__) && defined(__ORDER_LITTLE_ENDIAN__) +# define DECLARE_IS_ENDIAN const int ossl_is_little_endian = __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ +# define IS_LITTLE_ENDIAN (ossl_is_little_endian) +# define IS_BIG_ENDIAN (!ossl_is_little_endian) +# if defined(L_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +# error "L_ENDIAN defined on a big endian machine" +# endif +# if defined(B_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) +# error "B_ENDIAN defined on a little endian machine" +# endif +# if !defined(L_ENDIAN) && (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__) +# define L_ENDIAN +# endif +# if !defined(B_ENDIAN) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +# define B_ENDIAN +# endif +# else +# define DECLARE_IS_ENDIAN \ + const union { \ + long one; \ + char little; \ + } ossl_is_endian = { 1 } + +# define IS_LITTLE_ENDIAN (ossl_is_endian.little != 0) +# define IS_BIG_ENDIAN (ossl_is_endian.little == 0) +# endif + +#endif diff --git a/include/internal/err.h b/include/internal/err.h index 88dde7059157..d8a308f0b46f 100644 --- a/include/internal/err.h +++ b/include/internal/err.h @@ -1,7 +1,7 @@ /* - * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,6 +9,7 @@ #ifndef OSSL_INTERNAL_ERR_H # define OSSL_INTERNAL_ERR_H +# pragma once void err_free_strings_int(void); diff --git a/include/internal/ffc.h b/include/internal/ffc.h new file mode 100644 index 000000000000..c4f090875f33 --- /dev/null +++ b/include/internal/ffc.h @@ -0,0 +1,216 @@ +/* + * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_FFC_H +# define OSSL_INTERNAL_FFC_H +# pragma once + +# include <openssl/core.h> +# include <openssl/bn.h> +# include <openssl/evp.h> +# include <openssl/dh.h> /* Uses Error codes from DH */ +# include <openssl/params.h> +# include <openssl/param_build.h> +# include "internal/sizes.h" + +/* Default value for gindex when canonical generation of g is not used */ +# define FFC_UNVERIFIABLE_GINDEX -1 + +/* The different types of FFC keys */ +# define FFC_PARAM_TYPE_DSA 0 +# define FFC_PARAM_TYPE_DH 1 + +/* + * The mode used by functions that share code for both generation and + * verification. See ossl_ffc_params_FIPS186_4_gen_verify(). + */ +#define FFC_PARAM_MODE_VERIFY 0 +#define FFC_PARAM_MODE_GENERATE 1 + +/* Return codes for generation and validation of FFC parameters */ +#define FFC_PARAM_RET_STATUS_FAILED 0 +#define FFC_PARAM_RET_STATUS_SUCCESS 1 +/* Returned if validating and g is only partially verifiable */ +#define FFC_PARAM_RET_STATUS_UNVERIFIABLE_G 2 + +/* Validation flags */ +# define FFC_PARAM_FLAG_VALIDATE_PQ 0x01 +# define FFC_PARAM_FLAG_VALIDATE_G 0x02 +# define FFC_PARAM_FLAG_VALIDATE_PQG \ + (FFC_PARAM_FLAG_VALIDATE_PQ | FFC_PARAM_FLAG_VALIDATE_G) +#define FFC_PARAM_FLAG_VALIDATE_LEGACY 0x04 + +/* + * NB: These values must align with the equivalently named macros in + * openssl/dh.h. We cannot use those macros here in case DH has been disabled. + */ +# define FFC_CHECK_P_NOT_PRIME 0x00001 +# define FFC_CHECK_P_NOT_SAFE_PRIME 0x00002 +# define FFC_CHECK_UNKNOWN_GENERATOR 0x00004 +# define FFC_CHECK_NOT_SUITABLE_GENERATOR 0x00008 +# define FFC_CHECK_Q_NOT_PRIME 0x00010 +# define FFC_CHECK_INVALID_Q_VALUE 0x00020 +# define FFC_CHECK_INVALID_J_VALUE 0x00040 + +# define FFC_CHECK_BAD_LN_PAIR 0x00080 +# define FFC_CHECK_INVALID_SEED_SIZE 0x00100 +# define FFC_CHECK_MISSING_SEED_OR_COUNTER 0x00200 +# define FFC_CHECK_INVALID_G 0x00400 +# define FFC_CHECK_INVALID_PQ 0x00800 +# define FFC_CHECK_INVALID_COUNTER 0x01000 +# define FFC_CHECK_P_MISMATCH 0x02000 +# define FFC_CHECK_Q_MISMATCH 0x04000 +# define FFC_CHECK_G_MISMATCH 0x08000 +# define FFC_CHECK_COUNTER_MISMATCH 0x10000 + +/* Validation Return codes */ +# define FFC_ERROR_PUBKEY_TOO_SMALL 0x01 +# define FFC_ERROR_PUBKEY_TOO_LARGE 0x02 +# define FFC_ERROR_PUBKEY_INVALID 0x04 +# define FFC_ERROR_NOT_SUITABLE_GENERATOR 0x08 +# define FFC_ERROR_PRIVKEY_TOO_SMALL 0x10 +# define FFC_ERROR_PRIVKEY_TOO_LARGE 0x20 +# define FFC_ERROR_PASSED_NULL_PARAM 0x40 + +/* + * Finite field cryptography (FFC) domain parameters are used by DH and DSA. + * Refer to FIPS186_4 Appendix A & B. + */ +typedef struct ffc_params_st { + /* Primes */ + BIGNUM *p; + BIGNUM *q; + /* Generator */ + BIGNUM *g; + /* DH X9.42 Optional Subgroup factor j >= 2 where p = j * q + 1 */ + BIGNUM *j; + + /* Required for FIPS186_4 validation of p, q and optionally canonical g */ + unsigned char *seed; + /* If this value is zero the hash size is used as the seed length */ + size_t seedlen; + /* Required for FIPS186_4 validation of p and q */ + int pcounter; + int nid; /* The identity of a named group */ + + /* + * Required for FIPS186_4 generation & validation of canonical g. + * It uses unverifiable g if this value is -1. + */ + int gindex; + int h; /* loop counter for unverifiable g */ + + unsigned int flags; + /* + * The digest to use for generation or validation. If this value is NULL, + * then the digest is chosen using the value of N. + */ + const char *mdname; + const char *mdprops; + /* Default key length for known named groups according to RFC7919 */ + int keylength; +} FFC_PARAMS; + +void ossl_ffc_params_init(FFC_PARAMS *params); +void ossl_ffc_params_cleanup(FFC_PARAMS *params); +void ossl_ffc_params_set0_pqg(FFC_PARAMS *params, BIGNUM *p, BIGNUM *q, + BIGNUM *g); +void ossl_ffc_params_get0_pqg(const FFC_PARAMS *params, const BIGNUM **p, + const BIGNUM **q, const BIGNUM **g); +void ossl_ffc_params_set0_j(FFC_PARAMS *d, BIGNUM *j); +int ossl_ffc_params_set_seed(FFC_PARAMS *params, + const unsigned char *seed, size_t seedlen); +void ossl_ffc_params_set_gindex(FFC_PARAMS *params, int index); +void ossl_ffc_params_set_pcounter(FFC_PARAMS *params, int index); +void ossl_ffc_params_set_h(FFC_PARAMS *params, int index); +void ossl_ffc_params_set_flags(FFC_PARAMS *params, unsigned int flags); +void ossl_ffc_params_enable_flags(FFC_PARAMS *params, unsigned int flags, + int enable); +int ossl_ffc_set_digest(FFC_PARAMS *params, const char *alg, const char *props); + +int ossl_ffc_params_set_validate_params(FFC_PARAMS *params, + const unsigned char *seed, + size_t seedlen, int counter); +void ossl_ffc_params_get_validate_params(const FFC_PARAMS *params, + unsigned char **seed, size_t *seedlen, + int *pcounter); + +int ossl_ffc_params_copy(FFC_PARAMS *dst, const FFC_PARAMS *src); +int ossl_ffc_params_cmp(const FFC_PARAMS *a, const FFC_PARAMS *b, int ignore_q); + +#ifndef FIPS_MODULE +int ossl_ffc_params_print(BIO *bp, const FFC_PARAMS *ffc, int indent); +#endif /* FIPS_MODULE */ + + +int ossl_ffc_params_FIPS186_4_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, + int type, size_t L, size_t N, + int *res, BN_GENCB *cb); +int ossl_ffc_params_FIPS186_2_generate(OSSL_LIB_CTX *libctx, FFC_PARAMS *params, + int type, size_t L, size_t N, + int *res, BN_GENCB *cb); + +int ossl_ffc_params_FIPS186_4_gen_verify(OSSL_LIB_CTX *libctx, + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb); +int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx, + FFC_PARAMS *params, int mode, int type, + size_t L, size_t N, int *res, + BN_GENCB *cb); + +int ossl_ffc_params_simple_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int paramstype, int *res); +int ossl_ffc_params_full_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int paramstype, int *res); +int ossl_ffc_params_FIPS186_4_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); +int ossl_ffc_params_FIPS186_2_validate(OSSL_LIB_CTX *libctx, + const FFC_PARAMS *params, + int type, int *res, BN_GENCB *cb); + +int ossl_ffc_generate_private_key(BN_CTX *ctx, const FFC_PARAMS *params, + int N, int s, BIGNUM *priv); + +int ossl_ffc_params_validate_unverifiable_g(BN_CTX *ctx, BN_MONT_CTX *mont, + const BIGNUM *p, const BIGNUM *q, + const BIGNUM *g, BIGNUM *tmp, + int *ret); + +int ossl_ffc_validate_public_key(const FFC_PARAMS *params, + const BIGNUM *pub_key, int *ret); +int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params, + const BIGNUM *pub_key, int *ret); +int ossl_ffc_validate_private_key(const BIGNUM *upper, const BIGNUM *priv_key, + int *ret); + +int ossl_ffc_params_todata(const FFC_PARAMS *ffc, OSSL_PARAM_BLD *tmpl, + OSSL_PARAM params[]); +int ossl_ffc_params_fromdata(FFC_PARAMS *ffc, const OSSL_PARAM params[]); + +typedef struct dh_named_group_st DH_NAMED_GROUP; +const DH_NAMED_GROUP *ossl_ffc_name_to_dh_named_group(const char *name); +const DH_NAMED_GROUP *ossl_ffc_uid_to_dh_named_group(int uid); +#ifndef OPENSSL_NO_DH +const DH_NAMED_GROUP *ossl_ffc_numbers_to_dh_named_group(const BIGNUM *p, + const BIGNUM *q, + const BIGNUM *g); +#endif +int ossl_ffc_named_group_get_uid(const DH_NAMED_GROUP *group); +const char *ossl_ffc_named_group_get_name(const DH_NAMED_GROUP *); +#ifndef OPENSSL_NO_DH +int ossl_ffc_named_group_get_keylength(const DH_NAMED_GROUP *group); +const BIGNUM *ossl_ffc_named_group_get_q(const DH_NAMED_GROUP *group); +int ossl_ffc_named_group_set(FFC_PARAMS *ffc, const DH_NAMED_GROUP *group); +#endif + +#endif /* OSSL_INTERNAL_FFC_H */ diff --git a/include/internal/ktls.h b/include/internal/ktls.h new file mode 100644 index 000000000000..95492fd0659f --- /dev/null +++ b/include/internal/ktls.h @@ -0,0 +1,404 @@ +/* + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#if defined(OPENSSL_SYS_LINUX) +# ifndef OPENSSL_NO_KTLS +# include <linux/version.h> +# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 13, 0) +# define OPENSSL_NO_KTLS +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 4.13.0" +# warning "Skipping Compilation of KTLS" +# endif +# endif +# endif +#endif + +#ifndef HEADER_INTERNAL_KTLS +# define HEADER_INTERNAL_KTLS +# pragma once + +# ifndef OPENSSL_NO_KTLS + +# if defined(__FreeBSD__) +# include <sys/types.h> +# include <sys/socket.h> +# include <sys/ktls.h> +# include <netinet/in.h> +# include <netinet/tcp.h> +# include <openssl/ssl3.h> + +# ifndef TCP_RXTLS_ENABLE +# define OPENSSL_NO_KTLS_RX +# endif +# define OPENSSL_KTLS_AES_GCM_128 +# define OPENSSL_KTLS_AES_GCM_256 +# define OPENSSL_KTLS_TLS13 + +typedef struct tls_enable ktls_crypto_info_t; + +/* + * FreeBSD does not require any additional steps to enable KTLS before + * setting keys. + */ +static ossl_inline int ktls_enable(int fd) +{ + return 1; +} + +/* + * The TCP_TXTLS_ENABLE socket option marks the outgoing socket buffer + * as using TLS. If successful, then data sent using this socket will + * be encrypted and encapsulated in TLS records using the tls_en + * provided here. + * + * The TCP_RXTLS_ENABLE socket option marks the incoming socket buffer + * as using TLS. If successful, then data received for this socket will + * be authenticated and decrypted using the tls_en provided here. + */ +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *tls_en, int is_tx) +{ + if (is_tx) + return setsockopt(fd, IPPROTO_TCP, TCP_TXTLS_ENABLE, + tls_en, sizeof(*tls_en)) ? 0 : 1; +# ifndef OPENSSL_NO_KTLS_RX + return setsockopt(fd, IPPROTO_TCP, TCP_RXTLS_ENABLE, tls_en, + sizeof(*tls_en)) ? 0 : 1; +# else + return 0; +# endif +} + +/* + * Send a TLS record using the tls_en provided in ktls_start and use + * record_type instead of the default SSL3_RT_APPLICATION_DATA. + * When the socket is non-blocking, then this call either returns EAGAIN or + * the entire record is pushed to TCP. It is impossible to send a partial + * record using this control message. + */ +static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, + const void *data, size_t length) +{ + struct msghdr msg = { 0 }; + int cmsg_len = sizeof(record_type); + struct cmsghdr *cmsg; + char buf[CMSG_SPACE(cmsg_len)]; + struct iovec msg_iov; /* Vector of data to send/receive into */ + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = IPPROTO_TCP; + cmsg->cmsg_type = TLS_SET_RECORD_TYPE; + cmsg->cmsg_len = CMSG_LEN(cmsg_len); + *((unsigned char *)CMSG_DATA(cmsg)) = record_type; + msg.msg_controllen = cmsg->cmsg_len; + + msg_iov.iov_base = (void *)data; + msg_iov.iov_len = length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + return sendmsg(fd, &msg, 0); +} + +# ifdef OPENSSL_NO_KTLS_RX + +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + return -1; +} + +# else /* !defined(OPENSSL_NO_KTLS_RX) */ + +/* + * Receive a TLS record using the tls_en provided in ktls_start. The + * kernel strips any explicit IV and authentication tag, but provides + * the TLS record header via a control message. If there is an error + * with the TLS record such as an invalid header, invalid padding, or + * authentication failure recvmsg() will fail with an error. + */ +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + struct msghdr msg = { 0 }; + int cmsg_len = sizeof(struct tls_get_record); + struct tls_get_record *tgr; + struct cmsghdr *cmsg; + char buf[CMSG_SPACE(cmsg_len)]; + struct iovec msg_iov; /* Vector of data to send/receive into */ + int ret; + unsigned char *p = data; + const size_t prepend_length = SSL3_RT_HEADER_LENGTH; + + if (length <= prepend_length) { + errno = EINVAL; + return -1; + } + + msg.msg_control = buf; + msg.msg_controllen = sizeof(buf); + + msg_iov.iov_base = p + prepend_length; + msg_iov.iov_len = length - prepend_length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + ret = recvmsg(fd, &msg, 0); + if (ret <= 0) + return ret; + + if ((msg.msg_flags & (MSG_EOR | MSG_CTRUNC)) != MSG_EOR) { + errno = EMSGSIZE; + return -1; + } + + if (msg.msg_controllen == 0) { + errno = EBADMSG; + return -1; + } + + cmsg = CMSG_FIRSTHDR(&msg); + if (cmsg->cmsg_level != IPPROTO_TCP || cmsg->cmsg_type != TLS_GET_RECORD + || cmsg->cmsg_len != CMSG_LEN(cmsg_len)) { + errno = EBADMSG; + return -1; + } + + tgr = (struct tls_get_record *)CMSG_DATA(cmsg); + p[0] = tgr->tls_type; + p[1] = tgr->tls_vmajor; + p[2] = tgr->tls_vminor; + *(uint16_t *)(p + 3) = htons(ret); + + return ret + prepend_length; +} + +# endif /* OPENSSL_NO_KTLS_RX */ + +/* + * KTLS enables the sendfile system call to send data from a file over + * TLS. + */ +static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, + size_t size, int flags) +{ + off_t sbytes = 0; + int ret; + + ret = sendfile(fd, s, off, size, NULL, &sbytes, flags); + if (ret == -1 && sbytes == 0) + return -1; + return sbytes; +} + +# endif /* __FreeBSD__ */ + +# if defined(OPENSSL_SYS_LINUX) + +# include <linux/tls.h> +# if LINUX_VERSION_CODE < KERNEL_VERSION(4, 17, 0) +# define OPENSSL_NO_KTLS_RX +# ifndef PEDANTIC +# warning "KTLS requires Kernel Headers >= 4.17.0 for receiving" +# warning "Skipping Compilation of KTLS receive data path" +# endif +# endif +# define OPENSSL_KTLS_AES_GCM_128 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) +# define OPENSSL_KTLS_AES_GCM_256 +# define OPENSSL_KTLS_TLS13 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 2, 0) +# define OPENSSL_KTLS_AES_CCM_128 +# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 11, 0) +# ifndef OPENSSL_NO_CHACHA +# define OPENSSL_KTLS_CHACHA20_POLY1305 +# endif +# endif +# endif +# endif + +# include <sys/sendfile.h> +# include <netinet/tcp.h> +# include <linux/socket.h> +# include <openssl/ssl3.h> +# include <openssl/tls1.h> +# include <openssl/evp.h> + +# ifndef SOL_TLS +# define SOL_TLS 282 +# endif + +# ifndef TCP_ULP +# define TCP_ULP 31 +# endif + +# ifndef TLS_RX +# define TLS_RX 2 +# endif + +struct tls_crypto_info_all { + union { +# ifdef OPENSSL_KTLS_AES_GCM_128 + struct tls12_crypto_info_aes_gcm_128 gcm128; +# endif +# ifdef OPENSSL_KTLS_AES_GCM_256 + struct tls12_crypto_info_aes_gcm_256 gcm256; +# endif +# ifdef OPENSSL_KTLS_AES_CCM_128 + struct tls12_crypto_info_aes_ccm_128 ccm128; +# endif +# ifdef OPENSSL_KTLS_CHACHA20_POLY1305 + struct tls12_crypto_info_chacha20_poly1305 chacha20poly1305; +# endif + }; + size_t tls_crypto_info_len; +}; + +typedef struct tls_crypto_info_all ktls_crypto_info_t; + +/* + * When successful, this socket option doesn't change the behaviour of the + * TCP socket, except changing the TCP setsockopt handler to enable the + * processing of SOL_TLS socket options. All other functionality remains the + * same. + */ +static ossl_inline int ktls_enable(int fd) +{ + return setsockopt(fd, SOL_TCP, TCP_ULP, "tls", sizeof("tls")) ? 0 : 1; +} + +/* + * The TLS_TX socket option changes the send/sendmsg handlers of the TCP socket. + * If successful, then data sent using this socket will be encrypted and + * encapsulated in TLS records using the crypto_info provided here. + * The TLS_RX socket option changes the recv/recvmsg handlers of the TCP socket. + * If successful, then data received using this socket will be decrypted, + * authenticated and decapsulated using the crypto_info provided here. + */ +static ossl_inline int ktls_start(int fd, ktls_crypto_info_t *crypto_info, + int is_tx) +{ + return setsockopt(fd, SOL_TLS, is_tx ? TLS_TX : TLS_RX, + crypto_info, crypto_info->tls_crypto_info_len) ? 0 : 1; +} + +/* + * Send a TLS record using the crypto_info provided in ktls_start and use + * record_type instead of the default SSL3_RT_APPLICATION_DATA. + * When the socket is non-blocking, then this call either returns EAGAIN or + * the entire record is pushed to TCP. It is impossible to send a partial + * record using this control message. + */ +static ossl_inline int ktls_send_ctrl_message(int fd, unsigned char record_type, + const void *data, size_t length) +{ + struct msghdr msg; + int cmsg_len = sizeof(record_type); + struct cmsghdr *cmsg; + union { + struct cmsghdr hdr; + char buf[CMSG_SPACE(sizeof(unsigned char))]; + } cmsgbuf; + struct iovec msg_iov; /* Vector of data to send/receive into */ + + memset(&msg, 0, sizeof(msg)); + msg.msg_control = cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); + cmsg = CMSG_FIRSTHDR(&msg); + cmsg->cmsg_level = SOL_TLS; + cmsg->cmsg_type = TLS_SET_RECORD_TYPE; + cmsg->cmsg_len = CMSG_LEN(cmsg_len); + *((unsigned char *)CMSG_DATA(cmsg)) = record_type; + msg.msg_controllen = cmsg->cmsg_len; + + msg_iov.iov_base = (void *)data; + msg_iov.iov_len = length; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + return sendmsg(fd, &msg, 0); +} + +/* + * KTLS enables the sendfile system call to send data from a file over TLS. + * @flags are ignored on Linux. (placeholder for FreeBSD sendfile) + * */ +static ossl_inline ossl_ssize_t ktls_sendfile(int s, int fd, off_t off, size_t size, int flags) +{ + return sendfile(s, fd, &off, size); +} + +# ifdef OPENSSL_NO_KTLS_RX + + +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + return -1; +} + +# else /* !defined(OPENSSL_NO_KTLS_RX) */ + +/* + * Receive a TLS record using the crypto_info provided in ktls_start. + * The kernel strips the TLS record header, IV and authentication tag, + * returning only the plaintext data or an error on failure. + * We add the TLS record header here to satisfy routines in rec_layer_s3.c + */ +static ossl_inline int ktls_read_record(int fd, void *data, size_t length) +{ + struct msghdr msg; + struct cmsghdr *cmsg; + union { + struct cmsghdr hdr; + char buf[CMSG_SPACE(sizeof(unsigned char))]; + } cmsgbuf; + struct iovec msg_iov; + int ret; + unsigned char *p = data; + const size_t prepend_length = SSL3_RT_HEADER_LENGTH; + + if (length < prepend_length + EVP_GCM_TLS_TAG_LEN) { + errno = EINVAL; + return -1; + } + + memset(&msg, 0, sizeof(msg)); + msg.msg_control = cmsgbuf.buf; + msg.msg_controllen = sizeof(cmsgbuf.buf); + + msg_iov.iov_base = p + prepend_length; + msg_iov.iov_len = length - prepend_length - EVP_GCM_TLS_TAG_LEN; + msg.msg_iov = &msg_iov; + msg.msg_iovlen = 1; + + ret = recvmsg(fd, &msg, 0); + if (ret < 0) + return ret; + + if (msg.msg_controllen > 0) { + cmsg = CMSG_FIRSTHDR(&msg); + if (cmsg->cmsg_type == TLS_GET_RECORD_TYPE) { + p[0] = *((unsigned char *)CMSG_DATA(cmsg)); + p[1] = TLS1_2_VERSION_MAJOR; + p[2] = TLS1_2_VERSION_MINOR; + /* returned length is limited to msg_iov.iov_len above */ + p[3] = (ret >> 8) & 0xff; + p[4] = ret & 0xff; + ret += prepend_length; + } + } + + return ret; +} + +# endif /* OPENSSL_NO_KTLS_RX */ + +# endif /* OPENSSL_SYS_LINUX */ +# endif /* OPENSSL_NO_KTLS */ +#endif /* HEADER_INTERNAL_KTLS */ diff --git a/include/internal/namemap.h b/include/internal/namemap.h new file mode 100644 index 000000000000..a4c60ae695c9 --- /dev/null +++ b/include/internal/namemap.h @@ -0,0 +1,43 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include "internal/cryptlib.h" + +typedef struct ossl_namemap_st OSSL_NAMEMAP; + +OSSL_NAMEMAP *ossl_namemap_stored(OSSL_LIB_CTX *libctx); + +OSSL_NAMEMAP *ossl_namemap_new(void); +void ossl_namemap_free(OSSL_NAMEMAP *namemap); +int ossl_namemap_empty(OSSL_NAMEMAP *namemap); + +int ossl_namemap_add_name(OSSL_NAMEMAP *namemap, int number, const char *name); +int ossl_namemap_add_name_n(OSSL_NAMEMAP *namemap, int number, + const char *name, size_t name_len); + +/* + * The number<->name relationship is 1<->many + * Therefore, the name->number mapping is a simple function, while the + * number->name mapping is an iterator. + */ +int ossl_namemap_name2num(const OSSL_NAMEMAP *namemap, const char *name); +int ossl_namemap_name2num_n(const OSSL_NAMEMAP *namemap, + const char *name, size_t name_len); +const char *ossl_namemap_num2name(const OSSL_NAMEMAP *namemap, int number, + size_t idx); +int ossl_namemap_doall_names(const OSSL_NAMEMAP *namemap, int number, + void (*fn)(const char *name, void *data), + void *data); + +/* + * A utility that handles several names in a string, divided by a given + * separator. + */ +int ossl_namemap_add_names(OSSL_NAMEMAP *namemap, int number, + const char *names, const char separator); diff --git a/include/internal/nelem.h b/include/internal/nelem.h index 699ef88ee523..b758513b4cae 100644 --- a/include/internal/nelem.h +++ b/include/internal/nelem.h @@ -1,7 +1,7 @@ /* - * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,6 +9,7 @@ #ifndef OSSL_INTERNAL_NELEM_H # define OSSL_INTERNAL_NELEM_H +# pragma once # define OSSL_NELEM(x) (sizeof(x)/sizeof((x)[0])) #endif diff --git a/include/internal/numbers.h b/include/internal/numbers.h index f5ade5226e5b..4f4d3306d5da 100644 --- a/include/internal/numbers.h +++ b/include/internal/numbers.h @@ -1,7 +1,7 @@ /* - * Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,22 +9,23 @@ #ifndef OSSL_INTERNAL_NUMBERS_H # define OSSL_INTERNAL_NUMBERS_H +# pragma once # include <limits.h> -# if (-1 & 3) == 0x03 /* Two's complement */ +# if (-1 & 3) == 0x03 /* Two's complement */ # define __MAXUINT__(T) ((T) -1) # define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) # define __MININT__(T) (-__MAXINT__(T) - 1) -# elif (-1 & 3) == 0x02 /* One's complement */ +# elif (-1 & 3) == 0x02 /* One's complement */ # define __MAXUINT__(T) (((T) -1) + 1) # define __MAXINT__(T) ((T) ((((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)) ^ __MAXUINT__(T))) # define __MININT__(T) (-__MAXINT__(T)) -# elif (-1 & 3) == 0x01 /* Sign/magnitude */ +# elif (-1 & 3) == 0x01 /* Sign/magnitude */ # define __MAXINT__(T) ((T) (((((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)) - 1) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 2)))) # define __MAXUINT__(T) ((T) (__MAXINT__(T) | (((T) 1) << ((sizeof(T) * CHAR_BIT) - 1)))) @@ -60,9 +61,25 @@ # define UINT64_MAX __MAXUINT__(uint64_t) # endif +# ifndef INT128_MAX +# if defined(__SIZEOF_INT128__) && __SIZEOF_INT128__ == 16 +typedef __int128_t int128_t; +typedef __uint128_t uint128_t; +# define INT128_MIN __MININT__(int128_t) +# define INT128_MAX __MAXINT__(int128_t) +# define UINT128_MAX __MAXUINT__(uint128_t) +# endif +# endif + # ifndef SIZE_MAX # define SIZE_MAX __MAXUINT__(size_t) # endif +# ifndef OSSL_INTMAX_MAX +# define OSSL_INTMAX_MIN __MININT__(ossl_intmax_t) +# define OSSL_INTMAX_MAX __MAXINT__(ossl_intmax_t) +# define OSSL_UINTMAX_MAX __MAXUINT__(ossl_uintmax_t) +# endif + #endif diff --git a/include/internal/o_dir.h b/include/internal/o_dir.h index dafc8dd2e74b..add34d14be11 100644 --- a/include/internal/o_dir.h +++ b/include/internal/o_dir.h @@ -1,7 +1,7 @@ /* - * Copyright 2004-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2004-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -38,6 +38,7 @@ #ifndef OSSL_INTERNAL_O_DIR_H # define OSSL_INTERNAL_O_DIR_H +# pragma once typedef struct OPENSSL_dir_context_st OPENSSL_DIR_CTX; diff --git a/include/internal/o_str.h b/include/internal/o_str.h deleted file mode 100644 index 15c12e820d2b..000000000000 --- a/include/internal/o_str.h +++ /dev/null @@ -1,17 +0,0 @@ -/* - * Copyright 2003-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_INTERNAL_O_STR_H -# define OSSL_INTERNAL_O_STR_H - -# include <stddef.h> /* to get size_t */ - -int OPENSSL_memcmp(const void *p1, const void *p2, size_t n); - -#endif diff --git a/include/internal/packet.h b/include/internal/packet.h new file mode 100644 index 000000000000..ed76172078a4 --- /dev/null +++ b/include/internal/packet.h @@ -0,0 +1,937 @@ +/* + * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PACKET_H +# define OSSL_INTERNAL_PACKET_H +# pragma once + +# include <string.h> +# include <openssl/bn.h> +# include <openssl/buffer.h> +# include <openssl/crypto.h> +# include <openssl/e_os2.h> + +# include "internal/numbers.h" + +typedef struct { + /* Pointer to where we are currently reading from */ + const unsigned char *curr; + /* Number of bytes remaining */ + size_t remaining; +} PACKET; + +/* Internal unchecked shorthand; don't use outside this file. */ +static ossl_inline void packet_forward(PACKET *pkt, size_t len) +{ + pkt->curr += len; + pkt->remaining -= len; +} + +/* + * Returns the number of bytes remaining to be read in the PACKET + */ +static ossl_inline size_t PACKET_remaining(const PACKET *pkt) +{ + return pkt->remaining; +} + +/* + * Returns a pointer to the first byte after the packet data. + * Useful for integrating with non-PACKET parsing code. + * Specifically, we use PACKET_end() to verify that a d2i_... call + * has consumed the entire packet contents. + */ +static ossl_inline const unsigned char *PACKET_end(const PACKET *pkt) +{ + return pkt->curr + pkt->remaining; +} + +/* + * Returns a pointer to the PACKET's current position. + * For use in non-PACKETized APIs. + */ +static ossl_inline const unsigned char *PACKET_data(const PACKET *pkt) +{ + return pkt->curr; +} + +/* + * Initialise a PACKET with |len| bytes held in |buf|. This does not make a + * copy of the data so |buf| must be present for the whole time that the PACKET + * is being used. + */ +__owur static ossl_inline int PACKET_buf_init(PACKET *pkt, + const unsigned char *buf, + size_t len) +{ + /* Sanity check for negative values. */ + if (len > (size_t)(SIZE_MAX / 2)) + return 0; + + pkt->curr = buf; + pkt->remaining = len; + return 1; +} + +/* Initialize a PACKET to hold zero bytes. */ +static ossl_inline void PACKET_null_init(PACKET *pkt) +{ + pkt->curr = NULL; + pkt->remaining = 0; +} + +/* + * Returns 1 if the packet has length |num| and its contents equal the |num| + * bytes read from |ptr|. Returns 0 otherwise (lengths or contents not equal). + * If lengths are equal, performs the comparison in constant time. + */ +__owur static ossl_inline int PACKET_equal(const PACKET *pkt, const void *ptr, + size_t num) +{ + if (PACKET_remaining(pkt) != num) + return 0; + return CRYPTO_memcmp(pkt->curr, ptr, num) == 0; +} + +/* + * Peek ahead and initialize |subpkt| with the next |len| bytes read from |pkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + */ +__owur static ossl_inline int PACKET_peek_sub_packet(const PACKET *pkt, + PACKET *subpkt, size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + return PACKET_buf_init(subpkt, pkt->curr, len); +} + +/* + * Initialize |subpkt| with the next |len| bytes read from |pkt|. Data is not + * copied: the |subpkt| packet will share its underlying buffer with the + * original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + */ +__owur static ossl_inline int PACKET_get_sub_packet(PACKET *pkt, + PACKET *subpkt, size_t len) +{ + if (!PACKET_peek_sub_packet(pkt, subpkt, len)) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* + * Peek ahead at 2 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_2(const PACKET *pkt, + unsigned int *data) +{ + if (PACKET_remaining(pkt) < 2) + return 0; + + *data = ((unsigned int)(*pkt->curr)) << 8; + *data |= *(pkt->curr + 1); + + return 1; +} + +/* Equivalent of n2s */ +/* Get 2 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_2(PACKET *pkt, unsigned int *data) +{ + if (!PACKET_peek_net_2(pkt, data)) + return 0; + + packet_forward(pkt, 2); + + return 1; +} + +/* Same as PACKET_get_net_2() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_2_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_net_2(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* + * Peek ahead at 3 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_3(const PACKET *pkt, + unsigned long *data) +{ + if (PACKET_remaining(pkt) < 3) + return 0; + + *data = ((unsigned long)(*pkt->curr)) << 16; + *data |= ((unsigned long)(*(pkt->curr + 1))) << 8; + *data |= *(pkt->curr + 2); + + return 1; +} + +/* Equivalent of n2l3 */ +/* Get 3 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_3(PACKET *pkt, unsigned long *data) +{ + if (!PACKET_peek_net_3(pkt, data)) + return 0; + + packet_forward(pkt, 3); + + return 1; +} + +/* Same as PACKET_get_net_3() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_3_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_3(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* + * Peek ahead at 4 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_4(const PACKET *pkt, + unsigned long *data) +{ + if (PACKET_remaining(pkt) < 4) + return 0; + + *data = ((unsigned long)(*pkt->curr)) << 24; + *data |= ((unsigned long)(*(pkt->curr + 1))) << 16; + *data |= ((unsigned long)(*(pkt->curr + 2))) << 8; + *data |= *(pkt->curr + 3); + + return 1; +} + +/* + * Peek ahead at 8 bytes in network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_peek_net_8(const PACKET *pkt, + uint64_t *data) +{ + if (PACKET_remaining(pkt) < 8) + return 0; + + *data = ((uint64_t)(*pkt->curr)) << 56; + *data |= ((uint64_t)(*(pkt->curr + 1))) << 48; + *data |= ((uint64_t)(*(pkt->curr + 2))) << 40; + *data |= ((uint64_t)(*(pkt->curr + 3))) << 32; + *data |= ((uint64_t)(*(pkt->curr + 4))) << 24; + *data |= ((uint64_t)(*(pkt->curr + 5))) << 16; + *data |= ((uint64_t)(*(pkt->curr + 6))) << 8; + *data |= *(pkt->curr + 7); + + return 1; +} + +/* Equivalent of n2l */ +/* Get 4 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_4(PACKET *pkt, unsigned long *data) +{ + if (!PACKET_peek_net_4(pkt, data)) + return 0; + + packet_forward(pkt, 4); + + return 1; +} + +/* Same as PACKET_get_net_4() but for a size_t */ +__owur static ossl_inline int PACKET_get_net_4_len(PACKET *pkt, size_t *data) +{ + unsigned long i; + int ret = PACKET_get_net_4(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* Get 8 bytes in network order from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_net_8(PACKET *pkt, uint64_t *data) +{ + if (!PACKET_peek_net_8(pkt, data)) + return 0; + + packet_forward(pkt, 8); + + return 1; +} + +/* Peek ahead at 1 byte from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_peek_1(const PACKET *pkt, + unsigned int *data) +{ + if (!PACKET_remaining(pkt)) + return 0; + + *data = *pkt->curr; + + return 1; +} + +/* Get 1 byte from |pkt| and store the value in |*data| */ +__owur static ossl_inline int PACKET_get_1(PACKET *pkt, unsigned int *data) +{ + if (!PACKET_peek_1(pkt, data)) + return 0; + + packet_forward(pkt, 1); + + return 1; +} + +/* Same as PACKET_get_1() but for a size_t */ +__owur static ossl_inline int PACKET_get_1_len(PACKET *pkt, size_t *data) +{ + unsigned int i; + int ret = PACKET_get_1(pkt, &i); + + if (ret) + *data = (size_t)i; + + return ret; +} + +/* + * Peek ahead at 4 bytes in reverse network order from |pkt| and store the value + * in |*data| + */ +__owur static ossl_inline int PACKET_peek_4(const PACKET *pkt, + unsigned long *data) +{ + if (PACKET_remaining(pkt) < 4) + return 0; + + *data = *pkt->curr; + *data |= ((unsigned long)(*(pkt->curr + 1))) << 8; + *data |= ((unsigned long)(*(pkt->curr + 2))) << 16; + *data |= ((unsigned long)(*(pkt->curr + 3))) << 24; + + return 1; +} + +/* Equivalent of c2l */ +/* + * Get 4 bytes in reverse network order from |pkt| and store the value in + * |*data| + */ +__owur static ossl_inline int PACKET_get_4(PACKET *pkt, unsigned long *data) +{ + if (!PACKET_peek_4(pkt, data)) + return 0; + + packet_forward(pkt, 4); + + return 1; +} + +/* + * Peek ahead at |len| bytes from the |pkt| and store a pointer to them in + * |*data|. This just points at the underlying buffer that |pkt| is using. The + * caller should not free this data directly (it will be freed when the + * underlying buffer gets freed + */ +__owur static ossl_inline int PACKET_peek_bytes(const PACKET *pkt, + const unsigned char **data, + size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + *data = pkt->curr; + + return 1; +} + +/* + * Read |len| bytes from the |pkt| and store a pointer to them in |*data|. This + * just points at the underlying buffer that |pkt| is using. The caller should + * not free this data directly (it will be freed when the underlying buffer gets + * freed + */ +__owur static ossl_inline int PACKET_get_bytes(PACKET *pkt, + const unsigned char **data, + size_t len) +{ + if (!PACKET_peek_bytes(pkt, data, len)) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* Peek ahead at |len| bytes from |pkt| and copy them to |data| */ +__owur static ossl_inline int PACKET_peek_copy_bytes(const PACKET *pkt, + unsigned char *data, + size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + memcpy(data, pkt->curr, len); + + return 1; +} + +/* + * Read |len| bytes from |pkt| and copy them to |data|. + * The caller is responsible for ensuring that |data| can hold |len| bytes. + */ +__owur static ossl_inline int PACKET_copy_bytes(PACKET *pkt, + unsigned char *data, size_t len) +{ + if (!PACKET_peek_copy_bytes(pkt, data, len)) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* + * Copy packet data to |dest|, and set |len| to the number of copied bytes. + * If the packet has more than |dest_len| bytes, nothing is copied. + * Returns 1 if the packet data fits in |dest_len| bytes, 0 otherwise. + * Does not forward PACKET position (because it is typically the last thing + * done with a given PACKET). + */ +__owur static ossl_inline int PACKET_copy_all(const PACKET *pkt, + unsigned char *dest, + size_t dest_len, size_t *len) +{ + if (PACKET_remaining(pkt) > dest_len) { + *len = 0; + return 0; + } + *len = pkt->remaining; + memcpy(dest, pkt->curr, pkt->remaining); + return 1; +} + +/* + * Copy |pkt| bytes to a newly allocated buffer and store a pointer to the + * result in |*data|, and the length in |len|. + * If |*data| is not NULL, the old data is OPENSSL_free'd. + * If the packet is empty, or malloc fails, |*data| will be set to NULL. + * Returns 1 if the malloc succeeds and 0 otherwise. + * Does not forward PACKET position (because it is typically the last thing + * done with a given PACKET). + */ +__owur static ossl_inline int PACKET_memdup(const PACKET *pkt, + unsigned char **data, size_t *len) +{ + size_t length; + + OPENSSL_free(*data); + *data = NULL; + *len = 0; + + length = PACKET_remaining(pkt); + + if (length == 0) + return 1; + + *data = OPENSSL_memdup(pkt->curr, length); + if (*data == NULL) + return 0; + + *len = length; + return 1; +} + +/* + * Read a C string from |pkt| and copy to a newly allocated, NUL-terminated + * buffer. Store a pointer to the result in |*data|. + * If |*data| is not NULL, the old data is OPENSSL_free'd. + * If the data in |pkt| does not contain a NUL-byte, the entire data is + * copied and NUL-terminated. + * Returns 1 if the malloc succeeds and 0 otherwise. + * Does not forward PACKET position (because it is typically the last thing done + * with a given PACKET). + */ +__owur static ossl_inline int PACKET_strndup(const PACKET *pkt, char **data) +{ + OPENSSL_free(*data); + + /* This will succeed on an empty packet, unless pkt->curr == NULL. */ + *data = OPENSSL_strndup((const char *)pkt->curr, PACKET_remaining(pkt)); + return (*data != NULL); +} + +/* Returns 1 if |pkt| contains at least one 0-byte, 0 otherwise. */ +static ossl_inline int PACKET_contains_zero_byte(const PACKET *pkt) +{ + return memchr(pkt->curr, 0, pkt->remaining) != NULL; +} + +/* Move the current reading position forward |len| bytes */ +__owur static ossl_inline int PACKET_forward(PACKET *pkt, size_t len) +{ + if (PACKET_remaining(pkt) < len) + return 0; + + packet_forward(pkt, len); + + return 1; +} + +/* + * Reads a variable-length vector prefixed with a one-byte length, and stores + * the contents in |subpkt|. |pkt| can equal |subpkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + * Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_length_prefixed_1(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + if (!PACKET_get_1(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Like PACKET_get_length_prefixed_1, but additionally, fails when there are + * leftover bytes in |pkt|. + */ +__owur static ossl_inline int PACKET_as_length_prefixed_1(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + if (!PACKET_get_1(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length) || + PACKET_remaining(&tmp) != 0) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Reads a variable-length vector prefixed with a two-byte length, and stores + * the contents in |subpkt|. |pkt| can equal |subpkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + * Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_length_prefixed_2(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + + if (!PACKET_get_net_2(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Like PACKET_get_length_prefixed_2, but additionally, fails when there are + * leftover bytes in |pkt|. + */ +__owur static ossl_inline int PACKET_as_length_prefixed_2(PACKET *pkt, + PACKET *subpkt) +{ + unsigned int length; + const unsigned char *data; + PACKET tmp = *pkt; + + if (!PACKET_get_net_2(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length) || + PACKET_remaining(&tmp) != 0) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* + * Reads a variable-length vector prefixed with a three-byte length, and stores + * the contents in |subpkt|. |pkt| can equal |subpkt|. + * Data is not copied: the |subpkt| packet will share its underlying buffer with + * the original |pkt|, so data wrapped by |pkt| must outlive the |subpkt|. + * Upon failure, the original |pkt| and |subpkt| are not modified. + */ +__owur static ossl_inline int PACKET_get_length_prefixed_3(PACKET *pkt, + PACKET *subpkt) +{ + unsigned long length; + const unsigned char *data; + PACKET tmp = *pkt; + if (!PACKET_get_net_3(&tmp, &length) || + !PACKET_get_bytes(&tmp, &data, (size_t)length)) { + return 0; + } + + *pkt = tmp; + subpkt->curr = data; + subpkt->remaining = length; + + return 1; +} + +/* Writeable packets */ + +typedef struct wpacket_sub WPACKET_SUB; +struct wpacket_sub { + /* The parent WPACKET_SUB if we have one or NULL otherwise */ + WPACKET_SUB *parent; + + /* + * Offset into the buffer where the length of this WPACKET goes. We use an + * offset in case the buffer grows and gets reallocated. + */ + size_t packet_len; + + /* Number of bytes in the packet_len or 0 if we don't write the length */ + size_t lenbytes; + + /* Number of bytes written to the buf prior to this packet starting */ + size_t pwritten; + + /* Flags for this sub-packet */ + unsigned int flags; +}; + +typedef struct wpacket_st WPACKET; +struct wpacket_st { + /* The buffer where we store the output data */ + BUF_MEM *buf; + + /* Fixed sized buffer which can be used as an alternative to buf */ + unsigned char *staticbuf; + + /* + * Offset into the buffer where we are currently writing. We use an offset + * in case the buffer grows and gets reallocated. + */ + size_t curr; + + /* Number of bytes written so far */ + size_t written; + + /* Maximum number of bytes we will allow to be written to this WPACKET */ + size_t maxsize; + + /* Our sub-packets (always at least one if not finished) */ + WPACKET_SUB *subs; + + /* Writing from the end first? */ + unsigned int endfirst : 1; +}; + +/* Flags */ + +/* Default */ +#define WPACKET_FLAGS_NONE 0 + +/* Error on WPACKET_close() if no data written to the WPACKET */ +#define WPACKET_FLAGS_NON_ZERO_LENGTH 1 + +/* + * Abandon all changes on WPACKET_close() if no data written to the WPACKET, + * i.e. this does not write out a zero packet length + */ +#define WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH 2 + + +/* + * Initialise a WPACKET with the buffer in |buf|. The buffer must exist + * for the whole time that the WPACKET is being used. Additionally |lenbytes| of + * data is preallocated at the start of the buffer to store the length of the + * WPACKET once we know it. + */ +int WPACKET_init_len(WPACKET *pkt, BUF_MEM *buf, size_t lenbytes); + +/* + * Same as WPACKET_init_len except there is no preallocation of the WPACKET + * length. + */ +int WPACKET_init(WPACKET *pkt, BUF_MEM *buf); + +/* + * Same as WPACKET_init_len except there is no underlying buffer. No data is + * ever actually written. We just keep track of how much data would have been + * written if a buffer was there. + */ +int WPACKET_init_null(WPACKET *pkt, size_t lenbytes); + +/* + * Same as WPACKET_init_null except we set the WPACKET to assume DER length + * encoding for sub-packets. + */ +int WPACKET_init_null_der(WPACKET *pkt); + +/* + * Same as WPACKET_init_len except we do not use a growable BUF_MEM structure. + * A fixed buffer of memory |buf| of size |len| is used instead. A failure will + * occur if you attempt to write beyond the end of the buffer + */ +int WPACKET_init_static_len(WPACKET *pkt, unsigned char *buf, size_t len, + size_t lenbytes); + +/* + * Same as WPACKET_init_static_len except lenbytes is always 0, and we set the + * WPACKET to write to the end of the buffer moving towards the start and use + * DER length encoding for sub-packets. + */ +int WPACKET_init_der(WPACKET *pkt, unsigned char *buf, size_t len); + +/* + * Set the flags to be applied to the current sub-packet + */ +int WPACKET_set_flags(WPACKET *pkt, unsigned int flags); + +/* + * Closes the most recent sub-packet. It also writes out the length of the + * packet to the required location (normally the start of the WPACKET) if + * appropriate. The top level WPACKET should be closed using WPACKET_finish() + * instead of this function. + */ +int WPACKET_close(WPACKET *pkt); + +/* + * The same as WPACKET_close() but only for the top most WPACKET. Additionally + * frees memory resources for this WPACKET. + */ +int WPACKET_finish(WPACKET *pkt); + +/* + * Iterate through all the sub-packets and write out their lengths as if they + * were being closed. The lengths will be overwritten with the final lengths + * when the sub-packets are eventually closed (which may be different if more + * data is added to the WPACKET). This function fails if a sub-packet is of 0 + * length and WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH is set. + */ +int WPACKET_fill_lengths(WPACKET *pkt); + +/* + * Initialise a new sub-packet. Additionally |lenbytes| of data is preallocated + * at the start of the sub-packet to store its length once we know it. Don't + * call this directly. Use the convenience macros below instead. + */ +int WPACKET_start_sub_packet_len__(WPACKET *pkt, size_t lenbytes); + +/* + * Convenience macros for calling WPACKET_start_sub_packet_len with different + * lengths + */ +#define WPACKET_start_sub_packet_u8(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 1) +#define WPACKET_start_sub_packet_u16(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 2) +#define WPACKET_start_sub_packet_u24(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 3) +#define WPACKET_start_sub_packet_u32(pkt) \ + WPACKET_start_sub_packet_len__((pkt), 4) + +/* + * Same as WPACKET_start_sub_packet_len__() except no bytes are pre-allocated + * for the sub-packet length. + */ +int WPACKET_start_sub_packet(WPACKET *pkt); + +/* + * Allocate bytes in the WPACKET for the output. This reserves the bytes + * and counts them as "written", but doesn't actually do the writing. A pointer + * to the allocated bytes is stored in |*allocbytes|. |allocbytes| may be NULL. + * WARNING: the allocated bytes must be filled in immediately, without further + * WPACKET_* calls. If not then the underlying buffer may be realloc'd and + * change its location. + */ +int WPACKET_allocate_bytes(WPACKET *pkt, size_t len, + unsigned char **allocbytes); + +/* + * The same as WPACKET_allocate_bytes() except additionally a new sub-packet is + * started for the allocated bytes, and then closed immediately afterwards. The + * number of length bytes for the sub-packet is in |lenbytes|. Don't call this + * directly. Use the convenience macros below instead. + */ +int WPACKET_sub_allocate_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes); + +/* + * Convenience macros for calling WPACKET_sub_allocate_bytes with different + * lengths + */ +#define WPACKET_sub_allocate_bytes_u8(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 1) +#define WPACKET_sub_allocate_bytes_u16(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 2) +#define WPACKET_sub_allocate_bytes_u24(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 3) +#define WPACKET_sub_allocate_bytes_u32(pkt, len, bytes) \ + WPACKET_sub_allocate_bytes__((pkt), (len), (bytes), 4) + +/* + * The same as WPACKET_allocate_bytes() except the reserved bytes are not + * actually counted as written. Typically this will be for when we don't know + * how big arbitrary data is going to be up front, but we do know what the + * maximum size will be. If this function is used, then it should be immediately + * followed by a WPACKET_allocate_bytes() call before any other WPACKET + * functions are called (unless the write to the allocated bytes is abandoned). + * + * For example: If we are generating a signature, then the size of that + * signature may not be known in advance. We can use WPACKET_reserve_bytes() to + * handle this: + * + * if (!WPACKET_sub_reserve_bytes_u16(&pkt, EVP_PKEY_get_size(pkey), &sigbytes1) + * || EVP_SignFinal(md_ctx, sigbytes1, &siglen, pkey) <= 0 + * || !WPACKET_sub_allocate_bytes_u16(&pkt, siglen, &sigbytes2) + * || sigbytes1 != sigbytes2) + * goto err; + */ +int WPACKET_reserve_bytes(WPACKET *pkt, size_t len, unsigned char **allocbytes); + +/* + * The "reserve_bytes" equivalent of WPACKET_sub_allocate_bytes__() + */ +int WPACKET_sub_reserve_bytes__(WPACKET *pkt, size_t len, + unsigned char **allocbytes, size_t lenbytes); + +/* + * Convenience macros for WPACKET_sub_reserve_bytes with different lengths + */ +#define WPACKET_sub_reserve_bytes_u8(pkt, len, bytes) \ + WPACKET_reserve_bytes__((pkt), (len), (bytes), 1) +#define WPACKET_sub_reserve_bytes_u16(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 2) +#define WPACKET_sub_reserve_bytes_u24(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 3) +#define WPACKET_sub_reserve_bytes_u32(pkt, len, bytes) \ + WPACKET_sub_reserve_bytes__((pkt), (len), (bytes), 4) + +/* + * Write the value stored in |val| into the WPACKET. The value will consume + * |bytes| amount of storage. An error will occur if |val| cannot be + * accommodated in |bytes| storage, e.g. attempting to write the value 256 into + * 1 byte will fail. Don't call this directly. Use the convenience macros below + * instead. + */ +int WPACKET_put_bytes__(WPACKET *pkt, uint64_t val, size_t bytes); + +/* + * Convenience macros for calling WPACKET_put_bytes with different + * lengths + */ +#define WPACKET_put_bytes_u8(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 1) +#define WPACKET_put_bytes_u16(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 2) +#define WPACKET_put_bytes_u24(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 3) +#define WPACKET_put_bytes_u32(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 4) +#define WPACKET_put_bytes_u64(pkt, val) \ + WPACKET_put_bytes__((pkt), (val), 8) + +/* Set a maximum size that we will not allow the WPACKET to grow beyond */ +int WPACKET_set_max_size(WPACKET *pkt, size_t maxsize); + +/* Copy |len| bytes of data from |*src| into the WPACKET. */ +int WPACKET_memcpy(WPACKET *pkt, const void *src, size_t len); + +/* Set |len| bytes of data to |ch| into the WPACKET. */ +int WPACKET_memset(WPACKET *pkt, int ch, size_t len); + +/* + * Copy |len| bytes of data from |*src| into the WPACKET and prefix with its + * length (consuming |lenbytes| of data for the length). Don't call this + * directly. Use the convenience macros below instead. + */ +int WPACKET_sub_memcpy__(WPACKET *pkt, const void *src, size_t len, + size_t lenbytes); + +/* Convenience macros for calling WPACKET_sub_memcpy with different lengths */ +#define WPACKET_sub_memcpy_u8(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 1) +#define WPACKET_sub_memcpy_u16(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 2) +#define WPACKET_sub_memcpy_u24(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 3) +#define WPACKET_sub_memcpy_u32(pkt, src, len) \ + WPACKET_sub_memcpy__((pkt), (src), (len), 4) + +/* + * Return the total number of bytes written so far to the underlying buffer + * including any storage allocated for length bytes + */ +int WPACKET_get_total_written(WPACKET *pkt, size_t *written); + +/* + * Returns the length of the current sub-packet. This excludes any bytes + * allocated for the length itself. + */ +int WPACKET_get_length(WPACKET *pkt, size_t *len); + +/* + * Returns a pointer to the current write location, but does not allocate any + * bytes. + */ +unsigned char *WPACKET_get_curr(WPACKET *pkt); + +/* Returns true if the underlying buffer is actually NULL */ +int WPACKET_is_null_buf(WPACKET *pkt); + +/* Release resources in a WPACKET if a failure has occurred. */ +void WPACKET_cleanup(WPACKET *pkt); + +#endif /* OSSL_INTERNAL_PACKET_H */ diff --git a/include/internal/param_build_set.h b/include/internal/param_build_set.h new file mode 100644 index 000000000000..126211b7f298 --- /dev/null +++ b/include/internal/param_build_set.h @@ -0,0 +1,46 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PARAM_BUILD_SET_H +# define OSSL_INTERNAL_PARAM_BUILD_SET_H +# pragma once + +# include <openssl/safestack.h> +# include <openssl/param_build.h> +# include "internal/cryptlib.h" + +typedef union { + OSSL_UNION_ALIGN; +} OSSL_PARAM_ALIGNED_BLOCK; + +# define OSSL_PARAM_ALIGN_SIZE sizeof(OSSL_PARAM_ALIGNED_BLOCK) + +size_t ossl_param_bytes_to_blocks(size_t bytes); +void ossl_param_set_secure_block(OSSL_PARAM *last, void *secure_buffer, + size_t secure_buffer_sz); + +int ossl_param_build_set_int(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, int num); +int ossl_param_build_set_long(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, long num); +int ossl_param_build_set_utf8_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const char *buf); +int ossl_param_build_set_octet_string(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, + const unsigned char *data, + size_t data_len); +int ossl_param_build_set_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn); +int ossl_param_build_set_bn_pad(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *key, const BIGNUM *bn, size_t sz); +int ossl_param_build_set_multi_key_bn(OSSL_PARAM_BLD *bld, OSSL_PARAM *p, + const char *names[], + STACK_OF(BIGNUM_const) *stk); + +#endif /* OSSL_INTERNAL_PARAM_BUILD_SET_H */ diff --git a/include/internal/passphrase.h b/include/internal/passphrase.h new file mode 100644 index 000000000000..54d997b0d90b --- /dev/null +++ b/include/internal/passphrase.h @@ -0,0 +1,122 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PASSPHRASE_H +# define OSSL_INTERNAL_PASSPHRASE_H +# pragma once + +/* + * This is a passphrase reader bridge with bells and whistles. + * + * On one hand, an API may wish to offer all sorts of passphrase callback + * possibilities to users, or may have to do so for historical reasons. + * On the other hand, that same API may have demands from other interfaces, + * notably from the libcrypto <-> provider interface, which uses + * OSSL_PASSPHRASE_CALLBACK consistently. + * + * The structure and functions below are the fundaments for bridging one + * passphrase callback form to another. + * + * In addition, extra features are included (this may be a growing list): + * + * - password caching. This is to be used by APIs where it's likely + * that the same passphrase may be asked for more than once, but the + * user shouldn't get prompted more than once. For example, this is + * useful for OSSL_DECODER, which may have to use a passphrase while + * trying to find out what input it has. + */ + +/* + * Structure to hold whatever the calling user may specify. This structure + * is intended to be integrated into API specific structures or to be used + * as a local on-stack variable type. Therefore, no functions to allocate + * or freed it on the heap is offered. + */ +struct ossl_passphrase_data_st { + enum { + is_expl_passphrase = 1, /* Explicit passphrase given by user */ + is_pem_password, /* pem_password_cb given by user */ + is_ossl_passphrase, /* OSSL_PASSPHRASE_CALLBACK given by user */ + is_ui_method /* UI_METHOD given by user */ + } type; + union { + struct { + char *passphrase_copy; + size_t passphrase_len; + } expl_passphrase; + + struct { + pem_password_cb *password_cb; + void *password_cbarg; + } pem_password; + + struct { + OSSL_PASSPHRASE_CALLBACK *passphrase_cb; + void *passphrase_cbarg; + } ossl_passphrase; + + struct { + const UI_METHOD *ui_method; + void *ui_method_data; + } ui_method; + } _; + + /*- + * Flags section + */ + + /* Set to indicate that caching should be done */ + unsigned int flag_cache_passphrase:1; + + /*- + * Misc section: caches and other + */ + + char *cached_passphrase; + size_t cached_passphrase_len; +}; + +/* Structure manipulation */ + +void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data); +void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data); + +int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data, + const unsigned char *passphrase, + size_t passphrase_len); +int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data, + pem_password_cb *cb, void *cbarg); +int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data, + OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg); +int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data, + const UI_METHOD *ui_method, void *ui_data); + +int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data); +int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data); + +/* Central function for direct calls */ + +int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len, + const OSSL_PARAM params[], int verify, + struct ossl_passphrase_data_st *data); + +/* Callback functions */ + +/* + * All of these callback expect that the callback argument is a + * struct ossl_passphrase_data_st + */ + +pem_password_cb ossl_pw_pem_password; +pem_password_cb ossl_pw_pvk_password; +/* One callback for encoding (verification prompt) and one for decoding */ +OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc; +OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec; + +#endif diff --git a/include/internal/property.h b/include/internal/property.h new file mode 100644 index 000000000000..d09274d0c92c --- /dev/null +++ b/include/internal/property.h @@ -0,0 +1,99 @@ +/* + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PROPERTY_H +# define OSSL_INTERNAL_PROPERTY_H +# pragma once + +# include "internal/cryptlib.h" + +typedef struct ossl_method_store_st OSSL_METHOD_STORE; +typedef struct ossl_property_list_st OSSL_PROPERTY_LIST; + +typedef enum { + OSSL_PROPERTY_TYPE_STRING, OSSL_PROPERTY_TYPE_NUMBER, + OSSL_PROPERTY_TYPE_VALUE_UNDEFINED +} OSSL_PROPERTY_TYPE; +typedef struct ossl_property_definition_st OSSL_PROPERTY_DEFINITION; + +/* Initialisation */ +int ossl_property_parse_init(OSSL_LIB_CTX *ctx); + +/* Property definition parser */ +OSSL_PROPERTY_LIST *ossl_parse_property(OSSL_LIB_CTX *ctx, const char *defn); +/* Property query parser */ +OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s, + int create_values); +/* Property checker of query vs definition */ +int ossl_property_match_count(const OSSL_PROPERTY_LIST *query, + const OSSL_PROPERTY_LIST *defn); +int ossl_property_is_enabled(OSSL_LIB_CTX *ctx, const char *property_name, + const OSSL_PROPERTY_LIST *prop_list); +/* Free a parsed property list */ +void ossl_property_free(OSSL_PROPERTY_LIST *p); + +/* Get a property from a property list */ +const OSSL_PROPERTY_DEFINITION * +ossl_property_find_property(const OSSL_PROPERTY_LIST *list, + OSSL_LIB_CTX *libctx, const char *name); +OSSL_PROPERTY_TYPE ossl_property_get_type(const OSSL_PROPERTY_DEFINITION *prop); +const char *ossl_property_get_string_value(OSSL_LIB_CTX *libctx, + const OSSL_PROPERTY_DEFINITION *prop); +int64_t ossl_property_get_number_value(const OSSL_PROPERTY_DEFINITION *prop); + + +/* Implementation store functions */ +OSSL_METHOD_STORE *ossl_method_store_new(OSSL_LIB_CTX *ctx); +void ossl_method_store_free(OSSL_METHOD_STORE *store); + +int ossl_method_lock_store(OSSL_METHOD_STORE *store); +int ossl_method_unlock_store(OSSL_METHOD_STORE *store); + +int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov, + int nid, const char *properties, void *method, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)); +int ossl_method_store_remove(OSSL_METHOD_STORE *store, int nid, + const void *method); +void ossl_method_store_do_all(OSSL_METHOD_STORE *store, + void (*fn)(int id, void *method, void *fnarg), + void *fnarg); +int ossl_method_store_fetch(OSSL_METHOD_STORE *store, + int nid, const char *prop_query, + const OSSL_PROVIDER **prov, void **method); +int ossl_method_store_remove_all_provided(OSSL_METHOD_STORE *store, + const OSSL_PROVIDER *prov); + +/* Get the global properties associate with the specified library context */ +OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OSSL_LIB_CTX *ctx, + int loadconfig); + +/* property query cache functions */ +int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, + int nid, const char *prop_query, void **result); +int ossl_method_store_cache_set(OSSL_METHOD_STORE *store, OSSL_PROVIDER *prov, + int nid, const char *prop_query, void *result, + int (*method_up_ref)(void *), + void (*method_destruct)(void *)); + +__owur int ossl_method_store_cache_flush_all(OSSL_METHOD_STORE *store); + +/* Merge two property queries together */ +OSSL_PROPERTY_LIST *ossl_property_merge(const OSSL_PROPERTY_LIST *a, + const OSSL_PROPERTY_LIST *b); + +size_t ossl_property_list_to_string(OSSL_LIB_CTX *ctx, + const OSSL_PROPERTY_LIST *list, char *buf, + size_t bufsize); + +int ossl_global_properties_no_mirrored(OSSL_LIB_CTX *libctx); +void ossl_global_properties_stop_mirroring(OSSL_LIB_CTX *libctx); + +#endif diff --git a/include/internal/propertyerr.h b/include/internal/propertyerr.h new file mode 100644 index 000000000000..fbee53f11e84 --- /dev/null +++ b/include/internal/propertyerr.h @@ -0,0 +1,43 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PROPERTYERR_H +# define OSSL_INTERNAL_PROPERTYERR_H +# pragma once + +# include <openssl/opensslconf.h> +# include <openssl/symhacks.h> + +# ifdef __cplusplus +extern "C" { +# endif + +int ossl_err_load_PROP_strings(void); + +/* + * PROP reason codes. + */ +# define PROP_R_NAME_TOO_LONG 100 +# define PROP_R_NOT_AN_ASCII_CHARACTER 101 +# define PROP_R_NOT_AN_HEXADECIMAL_DIGIT 102 +# define PROP_R_NOT_AN_IDENTIFIER 103 +# define PROP_R_NOT_AN_OCTAL_DIGIT 104 +# define PROP_R_NOT_A_DECIMAL_DIGIT 105 +# define PROP_R_NO_MATCHING_STRING_DELIMITER 106 +# define PROP_R_NO_VALUE 107 +# define PROP_R_PARSE_FAILED 108 +# define PROP_R_STRING_TOO_LONG 109 +# define PROP_R_TRAILING_CHARACTERS 110 + + +# ifdef __cplusplus +} +# endif +#endif diff --git a/include/internal/provider.h b/include/internal/provider.h new file mode 100644 index 000000000000..a0d9b8f8682d --- /dev/null +++ b/include/internal/provider.h @@ -0,0 +1,120 @@ +/* + * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_PROVIDER_H +# define OSSL_INTERNAL_PROVIDER_H +# pragma once + +# include <openssl/core.h> +# include <openssl/core_dispatch.h> +# include "internal/dso.h" +# include "internal/symhacks.h" + +# ifdef __cplusplus +extern "C" { +# endif + +/* + * namespaces: + * + * ossl_provider_ Provider Object internal API + * OSSL_PROVIDER Provider Object + */ + +/* Provider Object finder, constructor and destructor */ +OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, + int noconfig); +OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, + OSSL_provider_init_fn *init_function, + int noconfig); +int ossl_provider_up_ref(OSSL_PROVIDER *prov); +void ossl_provider_free(OSSL_PROVIDER *prov); + +/* Setters */ +int ossl_provider_set_fallback(OSSL_PROVIDER *prov); +int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path); +int ossl_provider_add_parameter(OSSL_PROVIDER *prov, const char *name, + const char *value); + +int ossl_provider_is_child(const OSSL_PROVIDER *prov); +int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle); +const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov); +int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate); +int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate); +int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, const char *props); + +/* Disable fallback loading */ +int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx); + +/* + * Activate the Provider + * If the Provider is a module, the module will be loaded + */ +int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild); +int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren); +int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, + int retain_fallbacks); + +/* Return pointer to the provider's context */ +void *ossl_provider_ctx(const OSSL_PROVIDER *prov); + +/* Iterate over all loaded providers */ +int ossl_provider_doall_activated(OSSL_LIB_CTX *, + int (*cb)(OSSL_PROVIDER *provider, + void *cbdata), + void *cbdata); + +/* Getters for other library functions */ +const char *ossl_provider_name(const OSSL_PROVIDER *prov); +const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov); +const char *ossl_provider_module_name(const OSSL_PROVIDER *prov); +const char *ossl_provider_module_path(const OSSL_PROVIDER *prov); +void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov); +const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov); +OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov); + +/* Thin wrappers around calls to the provider */ +void ossl_provider_teardown(const OSSL_PROVIDER *prov); +const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov); +int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]); +int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, + const char *capability, + OSSL_CALLBACK *cb, + void *arg); +int ossl_provider_self_test(const OSSL_PROVIDER *prov); +const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, + int operation_id, + int *no_cache); +void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, + const OSSL_ALGORITHM *algs); + +/* + * Cache of bits to see if we already added methods for an operation in + * the "permanent" method store. + * They should never be called for temporary method stores! + */ +int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); +int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, + int *result); + +/* Configuration */ +void ossl_provider_add_conf_module(void); + +/* Child providers */ +int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, + const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in); +void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx); + +# ifdef __cplusplus +} +# endif + +#endif diff --git a/include/internal/refcount.h b/include/internal/refcount.h index 8fb536eadc07..7412d62f56fd 100644 --- a/include/internal/refcount.h +++ b/include/internal/refcount.h @@ -1,35 +1,34 @@ /* - * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ #ifndef OSSL_INTERNAL_REFCOUNT_H # define OSSL_INTERNAL_REFCOUNT_H +# pragma once -/* Used to checking reference counts, most while doing perl5 stuff :-) */ -# if defined(OPENSSL_NO_STDIO) -# if defined(REF_PRINT) -# error "REF_PRINT requires stdio" -# endif -# endif +# include <openssl/e_os2.h> +# include <openssl/trace.h> -# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ - && !defined(__STDC_NO_ATOMICS__) -# include <stdatomic.h> -# define HAVE_C11_ATOMICS -# endif +# ifndef OPENSSL_DEV_NO_ATOMICS +# if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L \ + && !defined(__STDC_NO_ATOMICS__) +# include <stdatomic.h> +# define HAVE_C11_ATOMICS +# endif -# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ - && ATOMIC_INT_LOCK_FREE > 0 +# if defined(HAVE_C11_ATOMICS) && defined(ATOMIC_INT_LOCK_FREE) \ + && ATOMIC_INT_LOCK_FREE > 0 -# define HAVE_ATOMICS 1 +# define HAVE_ATOMICS 1 typedef _Atomic int CRYPTO_REF_COUNT; -static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock) +static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, + ossl_unused void *lock) { *ret = atomic_fetch_add_explicit(val, 1, memory_order_relaxed) + 1; return 1; @@ -45,7 +44,8 @@ static inline int CRYPTO_UP_REF(_Atomic int *val, int *ret, void *lock) * to mutable members doesn't have to be serialized anymore, which would * otherwise imply an acquire fence. Hence conditional acquire fence... */ -static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock) +static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, + ossl_unused void *lock) { *ret = atomic_fetch_sub_explicit(val, 1, memory_order_relaxed) - 1; if (*ret == 0) @@ -53,78 +53,108 @@ static inline int CRYPTO_DOWN_REF(_Atomic int *val, int *ret, void *lock) return 1; } -# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 +# elif defined(__GNUC__) && defined(__ATOMIC_RELAXED) && __GCC_ATOMIC_INT_LOCK_FREE > 0 -# define HAVE_ATOMICS 1 +# define HAVE_ATOMICS 1 typedef int CRYPTO_REF_COUNT; -static __inline__ int CRYPTO_UP_REF(int *val, int *ret, void *lock) +static __inline__ int CRYPTO_UP_REF(int *val, int *ret, ossl_unused void *lock) { *ret = __atomic_fetch_add(val, 1, __ATOMIC_RELAXED) + 1; return 1; } -static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, void *lock) +static __inline__ int CRYPTO_DOWN_REF(int *val, int *ret, + ossl_unused void *lock) { *ret = __atomic_fetch_sub(val, 1, __ATOMIC_RELAXED) - 1; if (*ret == 0) __atomic_thread_fence(__ATOMIC_ACQUIRE); return 1; } +# elif defined(__ICL) && defined(_WIN32) +# define HAVE_ATOMICS 1 +typedef volatile int CRYPTO_REF_COUNT; + +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, + ossl_unused void *lock) +{ + *ret = _InterlockedExchangeAdd((void *)val, 1) + 1; + return 1; +} -# elif defined(_MSC_VER) && _MSC_VER>=1200 +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, + ossl_unused void *lock) +{ + *ret = _InterlockedExchangeAdd((void *)val, -1) - 1; + return 1; +} -# define HAVE_ATOMICS 1 +# elif defined(_MSC_VER) && _MSC_VER>=1200 + +# define HAVE_ATOMICS 1 typedef volatile int CRYPTO_REF_COUNT; -# if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) -# include <intrin.h> -# if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) -# define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH -# endif +# if (defined(_M_ARM) && _M_ARM>=7 && !defined(_WIN32_WCE)) || defined(_M_ARM64) +# include <intrin.h> +# if defined(_M_ARM64) && !defined(_ARM_BARRIER_ISH) +# define _ARM_BARRIER_ISH _ARM64_BARRIER_ISH +# endif -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd_nf(val, 1) + 1; return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd_nf(val, -1) - 1; if (*ret == 0) __dmb(_ARM_BARRIER_ISH); return 1; } -# else -# if !defined(_WIN32_WCE) -# pragma intrinsic(_InterlockedExchangeAdd) # else -# if _WIN32_WCE >= 0x600 - extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); +# if !defined(_WIN32_WCE) +# pragma intrinsic(_InterlockedExchangeAdd) # else - /* under Windows CE we still have old-style Interlocked* functions */ - extern long __cdecl InterlockedExchangeAdd(long volatile*, long); -# define _InterlockedExchangeAdd InterlockedExchangeAdd +# if _WIN32_WCE >= 0x600 + extern long __cdecl _InterlockedExchangeAdd(long volatile*, long); +# else + /* under Windows CE we still have old-style Interlocked* functions */ + extern long __cdecl InterlockedExchangeAdd(long volatile*, long); +# define _InterlockedExchangeAdd InterlockedExchangeAdd +# endif # endif -# endif -static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, void *lock) +static __inline int CRYPTO_UP_REF(volatile int *val, int *ret, + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd(val, 1) + 1; return 1; } -static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, void *lock) +static __inline int CRYPTO_DOWN_REF(volatile int *val, int *ret, + ossl_unused void *lock) { *ret = _InterlockedExchangeAdd(val, -1) - 1; return 1; } +# endif + # endif +# endif /* !OPENSSL_DEV_NO_ATOMICS */ -# else +/* + * All the refcounting implementations above define HAVE_ATOMICS, so if it's + * still undefined here (such as when OPENSSL_DEV_NO_ATOMICS is defined), it + * means we need to implement a fallback. This fallback uses locks. + */ +# ifndef HAVE_ATOMICS typedef int CRYPTO_REF_COUNT; @@ -140,11 +170,9 @@ typedef int CRYPTO_REF_COUNT; # define REF_ASSERT_ISNT(i) # endif -# ifdef REF_PRINT -# define REF_PRINT_COUNT(a, b) \ - fprintf(stderr, "%p:%4d:%s\n", b, b->references, a) -# else -# define REF_PRINT_COUNT(a, b) -# endif +# define REF_PRINT_EX(text, count, object) \ + OSSL_TRACE3(REF_COUNT, "%p:%4d:%s\n", (object), (count), (text)); +# define REF_PRINT_COUNT(text, object) \ + REF_PRINT_EX(text, object->references, (void *)object) #endif diff --git a/include/internal/sha3.h b/include/internal/sha3.h new file mode 100644 index 000000000000..80ad86e58e3e --- /dev/null +++ b/include/internal/sha3.h @@ -0,0 +1,54 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* This header can move into provider when legacy support is removed */ +#ifndef OSSL_INTERNAL_SHA3_H +# define OSSL_INTERNAL_SHA3_H +# pragma once + +# include <openssl/e_os2.h> +# include <stddef.h> + +# define KECCAK1600_WIDTH 1600 +# define SHA3_MDSIZE(bitlen) (bitlen / 8) +# define KMAC_MDSIZE(bitlen) 2 * (bitlen / 8) +# define SHA3_BLOCKSIZE(bitlen) (KECCAK1600_WIDTH - bitlen * 2) / 8 + +typedef struct keccak_st KECCAK1600_CTX; + +typedef size_t (sha3_absorb_fn)(void *vctx, const void *inp, size_t len); +typedef int (sha3_final_fn)(unsigned char *md, void *vctx); + +typedef struct prov_sha3_meth_st +{ + sha3_absorb_fn *absorb; + sha3_final_fn *final; +} PROV_SHA3_METHOD; + +struct keccak_st { + uint64_t A[5][5]; + size_t block_size; /* cached ctx->digest->block_size */ + size_t md_size; /* output length, variable in XOF */ + size_t bufsz; /* used bytes in below buffer */ + unsigned char buf[KECCAK1600_WIDTH / 8 - 32]; + unsigned char pad; + PROV_SHA3_METHOD meth; +}; + +void ossl_sha3_reset(KECCAK1600_CTX *ctx); +int ossl_sha3_init(KECCAK1600_CTX *ctx, unsigned char pad, size_t bitlen); +int ossl_keccak_kmac_init(KECCAK1600_CTX *ctx, unsigned char pad, + size_t bitlen); +int ossl_sha3_update(KECCAK1600_CTX *ctx, const void *_inp, size_t len); +int ossl_sha3_final(unsigned char *md, KECCAK1600_CTX *ctx); + +size_t SHA3_absorb(uint64_t A[5][5], const unsigned char *inp, size_t len, + size_t r); + +#endif /* OSSL_INTERNAL_SHA3_H */ diff --git a/include/internal/sizes.h b/include/internal/sizes.h new file mode 100644 index 000000000000..f6496c818265 --- /dev/null +++ b/include/internal/sizes.h @@ -0,0 +1,22 @@ +/* + * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SIZES_H +# define OSSL_INTERNAL_SIZES_H +# pragma once + +/* + * Max sizes used to allocate buffers with a fixed sizes, for example for + * stack allocations, structure fields, ... + */ +# define OSSL_MAX_NAME_SIZE 50 /* Algorithm name */ +# define OSSL_MAX_PROPQUERY_SIZE 256 /* Property query strings */ +# define OSSL_MAX_ALGORITHM_ID_SIZE 256 /* AlgorithmIdentifier DER */ + +#endif diff --git a/include/internal/sm3.h b/include/internal/sm3.h new file mode 100644 index 000000000000..db1d61f0523c --- /dev/null +++ b/include/internal/sm3.h @@ -0,0 +1,39 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017 Ribose Inc. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* This header can move into provider when legacy support is removed */ +#ifndef OSSL_INTERNAL_SM3_H +# define OSSL_INTERNAL_SM3_H +# pragma once + +# include <openssl/opensslconf.h> + +# ifdef OPENSSL_NO_SM3 +# error SM3 is disabled. +# endif + +# define SM3_DIGEST_LENGTH 32 +# define SM3_WORD unsigned int + +# define SM3_CBLOCK 64 +# define SM3_LBLOCK (SM3_CBLOCK/4) + +typedef struct SM3state_st { + SM3_WORD A, B, C, D, E, F, G, H; + SM3_WORD Nl, Nh; + SM3_WORD data[SM3_LBLOCK]; + unsigned int num; +} SM3_CTX; + +int ossl_sm3_init(SM3_CTX *c); +int ossl_sm3_update(SM3_CTX *c, const void *data, size_t len); +int ossl_sm3_final(unsigned char *md, SM3_CTX *c); + +#endif /* OSSL_INTERNAL_SM3_H */ diff --git a/include/internal/sockets.h b/include/internal/sockets.h index 4fc1aecdbb20..1876af8fafec 100644 --- a/include/internal/sockets.h +++ b/include/internal/sockets.h @@ -1,15 +1,17 @@ /* * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ - #ifndef OSSL_INTERNAL_SOCKETS_H # define OSSL_INTERNAL_SOCKETS_H +# pragma once + +# include <openssl/opensslconf.h> # if defined(OPENSSL_SYS_VXWORKS) || defined(OPENSSL_SYS_UEFI) # define NO_SYS_PARAM_H @@ -26,6 +28,8 @@ # elif defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_MSDOS) # if defined(__DJGPP__) +# define WATT32 +# define WATT32_NO_OLDIES # include <sys/socket.h> # include <sys/un.h> # include <tcp.h> @@ -132,8 +136,6 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define readsocket(s,b,n) recv((s),(b),(n),0) # define writesocket(s,b,n) send((s),(b),(n),0) # elif defined(__DJGPP__) -# define WATT32 -# define WATT32_NO_OLDIES # define closesocket(s) close_s(s) # define readsocket(s,b,n) read_s(s,b,n) # define writesocket(s,b,n) send(s,b,n,0) @@ -147,6 +149,17 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define closesocket(s) close(s) # define readsocket(s,b,n) read((s),(b),(n)) # define writesocket(s,b,n) write((s),(char *)(b),(n)) +# elif defined(OPENSSL_SYS_TANDEM) +# if defined(OPENSSL_TANDEM_FLOSS) +# include <floss.h(floss_read, floss_write)> +# define readsocket(s,b,n) floss_read((s),(b),(n)) +# define writesocket(s,b,n) floss_write((s),(b),(n)) +# else +# define readsocket(s,b,n) read((s),(b),(n)) +# define writesocket(s,b,n) write((s),(b),(n)) +# endif +# define ioctlsocket(a,b,c) ioctl(a,b,c) +# define closesocket(s) close(s) # else # define ioctlsocket(a,b,c) ioctl(a,b,c) # define closesocket(s) close(s) @@ -154,4 +167,11 @@ struct servent *PASCAL getservbyname(const char *, const char *); # define writesocket(s,b,n) write((s),(b),(n)) # endif +/* also in apps/include/apps.h */ +# if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WINCE) +# define openssl_fdset(a, b) FD_SET((unsigned int)(a), b) +# else +# define openssl_fdset(a, b) FD_SET(a, b) +# endif + #endif diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h index 92c8941d0250..fd7f7e333183 100644 --- a/include/internal/sslconf.h +++ b/include/internal/sslconf.h @@ -1,7 +1,7 @@ /* - * Copyright 2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,6 +9,7 @@ #ifndef OSSL_INTERNAL_SSLCONF_H # define OSSL_INTERNAL_SSLCONF_H +# pragma once typedef struct ssl_conf_cmd_st SSL_CONF_CMD; diff --git a/include/internal/symhacks.h b/include/internal/symhacks.h new file mode 100644 index 000000000000..33bae51e49cc --- /dev/null +++ b/include/internal/symhacks.h @@ -0,0 +1,27 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_SYMHACKS_H +# define OSSL_INTERNAL_SYMHACKS_H +# pragma once + +# include <openssl/e_os2.h> + +# if defined(OPENSSL_SYS_VMS) + +/* ossl_provider_gettable_params vs OSSL_PROVIDER_gettable_params */ +# undef ossl_provider_gettable_params +# define ossl_provider_gettable_params ossl_int_prov_gettable_params +/* ossl_provider_get_params vs OSSL_PROVIDER_get_params */ +# undef ossl_provider_get_params +# define ossl_provider_get_params ossl_int_prov_get_params + +# endif + +#endif /* ! defined HEADER_VMS_IDHACKS_H */ diff --git a/include/internal/thread_once.h b/include/internal/thread_once.h index 8f8aa6e1c4b1..d6cb2eeec3bc 100644 --- a/include/internal/thread_once.h +++ b/include/internal/thread_once.h @@ -1,17 +1,28 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#include <openssl/crypto.h> +#ifndef OSSL_INTERNAL_THREAD_ONCE_H +# define OSSL_INTERNAL_THREAD_ONCE_H +# pragma once +# include <openssl/crypto.h> + +/* + * Initialisation of global data should never happen via "RUN_ONCE" inside the + * FIPS module. Global data should instead always be associated with a specific + * OSSL_LIB_CTX object. In this way data will get cleaned up correctly when the + * module gets unloaded. + */ +# if !defined(FIPS_MODULE) || defined(ALLOW_RUN_ONCE_IN_FIPS) /* * DEFINE_RUN_ONCE: Define an initialiser function that should be run exactly - * once. It takes no arguments and returns and int result (1 for success or + * once. It takes no arguments and returns an int result (1 for success or * 0 for failure). Typical usage might be: * * DEFINE_RUN_ONCE(myinitfunc) @@ -23,7 +34,7 @@ * return 0; * } */ -#define DEFINE_RUN_ONCE(init) \ +# define DEFINE_RUN_ONCE(init) \ static int init(void); \ int init##_ossl_ret_ = 0; \ void init##_ossl_(void) \ @@ -36,14 +47,14 @@ * DECLARE_RUN_ONCE: Declare an initialiser function that should be run exactly * once that has been defined in another file via DEFINE_RUN_ONCE(). */ -#define DECLARE_RUN_ONCE(init) \ +# define DECLARE_RUN_ONCE(init) \ extern int init##_ossl_ret_; \ void init##_ossl_(void); /* * DEFINE_RUN_ONCE_STATIC: Define an initialiser function that should be run * exactly once. This function will be declared as static within the file. It - * takes no arguments and returns and int result (1 for success or 0 for + * takes no arguments and returns an int result (1 for success or 0 for * failure). Typical usage might be: * * DEFINE_RUN_ONCE_STATIC(myinitfunc) @@ -55,7 +66,7 @@ * return 0; * } */ -#define DEFINE_RUN_ONCE_STATIC(init) \ +# define DEFINE_RUN_ONCE_STATIC(init) \ static int init(void); \ static int init##_ossl_ret_ = 0; \ static void init##_ossl_(void) \ @@ -96,7 +107,7 @@ * return 0; * } */ -#define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ +# define DEFINE_RUN_ONCE_STATIC_ALT(initalt, init) \ static int initalt(void); \ static void initalt##_ossl_(void) \ { \ @@ -115,7 +126,7 @@ * * (*) by convention, since the init function must return 1 on success. */ -#define RUN_ONCE(once, init) \ +# define RUN_ONCE(once, init) \ (CRYPTO_THREAD_run_once(once, init##_ossl_) ? init##_ossl_ret_ : 0) /* @@ -133,5 +144,8 @@ * * (*) by convention, since the init function must return 1 on success. */ -#define RUN_ONCE_ALT(once, initalt, init) \ +# define RUN_ONCE_ALT(once, initalt, init) \ (CRYPTO_THREAD_run_once(once, initalt##_ossl_) ? init##_ossl_ret_ : 0) + +# endif /* FIPS_MODULE */ +#endif /* OSSL_INTERNAL_THREAD_ONCE_H */ diff --git a/include/internal/tlsgroups.h b/include/internal/tlsgroups.h new file mode 100644 index 000000000000..8a35ced12270 --- /dev/null +++ b/include/internal/tlsgroups.h @@ -0,0 +1,50 @@ +/* + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_TLSGROUPS_H +# define OSSL_INTERNAL_TLSGROUPS_H +# pragma once + +# define OSSL_TLS_GROUP_ID_sect163k1 0x0001 +# define OSSL_TLS_GROUP_ID_sect163r1 0x0002 +# define OSSL_TLS_GROUP_ID_sect163r2 0x0003 +# define OSSL_TLS_GROUP_ID_sect193r1 0x0004 +# define OSSL_TLS_GROUP_ID_sect193r2 0x0005 +# define OSSL_TLS_GROUP_ID_sect233k1 0x0006 +# define OSSL_TLS_GROUP_ID_sect233r1 0x0007 +# define OSSL_TLS_GROUP_ID_sect239k1 0x0008 +# define OSSL_TLS_GROUP_ID_sect283k1 0x0009 +# define OSSL_TLS_GROUP_ID_sect283r1 0x000A +# define OSSL_TLS_GROUP_ID_sect409k1 0x000B +# define OSSL_TLS_GROUP_ID_sect409r1 0x000C +# define OSSL_TLS_GROUP_ID_sect571k1 0x000D +# define OSSL_TLS_GROUP_ID_sect571r1 0x000E +# define OSSL_TLS_GROUP_ID_secp160k1 0x000F +# define OSSL_TLS_GROUP_ID_secp160r1 0x0010 +# define OSSL_TLS_GROUP_ID_secp160r2 0x0011 +# define OSSL_TLS_GROUP_ID_secp192k1 0x0012 +# define OSSL_TLS_GROUP_ID_secp192r1 0x0013 +# define OSSL_TLS_GROUP_ID_secp224k1 0x0014 +# define OSSL_TLS_GROUP_ID_secp224r1 0x0015 +# define OSSL_TLS_GROUP_ID_secp256k1 0x0016 +# define OSSL_TLS_GROUP_ID_secp256r1 0x0017 +# define OSSL_TLS_GROUP_ID_secp384r1 0x0018 +# define OSSL_TLS_GROUP_ID_secp521r1 0x0019 +# define OSSL_TLS_GROUP_ID_brainpoolP256r1 0x001A +# define OSSL_TLS_GROUP_ID_brainpoolP384r1 0x001B +# define OSSL_TLS_GROUP_ID_brainpoolP512r1 0x001C +# define OSSL_TLS_GROUP_ID_x25519 0x001D +# define OSSL_TLS_GROUP_ID_x448 0x001E +# define OSSL_TLS_GROUP_ID_ffdhe2048 0x0100 +# define OSSL_TLS_GROUP_ID_ffdhe3072 0x0101 +# define OSSL_TLS_GROUP_ID_ffdhe4096 0x0102 +# define OSSL_TLS_GROUP_ID_ffdhe6144 0x0103 +# define OSSL_TLS_GROUP_ID_ffdhe8192 0x0104 + +#endif diff --git a/include/internal/tsan_assist.h b/include/internal/tsan_assist.h index cc30162eb74e..60ecbd5f04f3 100644 --- a/include/internal/tsan_assist.h +++ b/include/internal/tsan_assist.h @@ -1,7 +1,7 @@ /* - * Copyright 2018-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -130,7 +130,13 @@ #ifndef TSAN_QUALIFIER -# define TSAN_QUALIFIER volatile +# ifdef OPENSSL_THREADS +# define TSAN_QUALIFIER volatile +# define TSAN_REQUIRES_LOCKING +# else /* OPENSSL_THREADS */ +# define TSAN_QUALIFIER +# endif /* OPENSSL_THREADS */ + # define tsan_load(ptr) (*(ptr)) # define tsan_store(ptr, val) (*(ptr) = (val)) # define tsan_counter(ptr) ((*(ptr))++) diff --git a/include/internal/unicode.h b/include/internal/unicode.h new file mode 100644 index 000000000000..a6de8352d680 --- /dev/null +++ b/include/internal/unicode.h @@ -0,0 +1,31 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef OSSL_INTERNAL_UNICODE_H +# define OSSL_INTERNAL_UNICODE_H +# pragma once + +typedef enum { + SURROGATE_MIN = 0xd800UL, + SURROGATE_MAX = 0xdfffUL, + UNICODE_MAX = 0x10ffffUL, + UNICODE_LIMIT +} UNICODE_CONSTANTS; + +static ossl_unused ossl_inline int is_unicode_surrogate(unsigned long value) +{ + return value >= SURROGATE_MIN && value <= SURROGATE_MAX; +} + +static ossl_unused ossl_inline int is_unicode_valid(unsigned long value) +{ + return value <= UNICODE_MAX && !is_unicode_surrogate(value); +} + +#endif |