Coverage Report

Created: 2024-05-15 07:16

/src/openssl/crypto/provider_conf.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License").  You may not use
5
 * this file except in compliance with the License.  You can obtain a copy
6
 * in the file LICENSE in the source distribution or at
7
 * https://www.openssl.org/source/license.html
8
 */
9
10
#include <string.h>
11
#include <openssl/trace.h>
12
#include <openssl/err.h>
13
#include <openssl/conf.h>
14
#include <openssl/safestack.h>
15
#include "internal/provider.h"
16
17
/* PROVIDER config module */
18
19
DEFINE_STACK_OF(OSSL_PROVIDER)
20
static STACK_OF(OSSL_PROVIDER) *activated_providers = NULL;
21
22
static const char *skip_dot(const char *name)
23
0
{
24
0
    const char *p = strchr(name, '.');
25
26
0
    if (p != NULL)
27
0
        return p + 1;
28
0
    return name;
29
0
}
30
31
static int provider_conf_params(OSSL_PROVIDER *prov,
32
                                const char *name, const char *value,
33
                                const CONF *cnf)
34
0
{
35
0
    STACK_OF(CONF_VALUE) *sect;
36
0
    int ok = 1;
37
38
0
    sect = NCONF_get_section(cnf, value);
39
0
    if (sect != NULL) {
40
0
        int i;
41
0
        char buffer[512];
42
0
        size_t buffer_len = 0;
43
44
0
        OSSL_TRACE1(CONF, "Provider params: start section %s\n", value);
45
46
0
        if (name != NULL) {
47
0
            OPENSSL_strlcpy(buffer, name, sizeof(buffer));
48
0
            OPENSSL_strlcat(buffer, ".", sizeof(buffer));
49
0
            buffer_len = strlen(buffer);
50
0
        }
51
52
0
        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
53
0
            CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i);
54
55
0
            if (buffer_len + strlen(sectconf->name) >= sizeof(buffer))
56
0
                return 0;
57
0
            buffer[buffer_len] = '\0';
58
0
            OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer));
59
0
            if (!provider_conf_params(prov, buffer, sectconf->value, cnf))
60
0
                return 0;
61
0
        }
62
63
0
        OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value);
64
0
    } else {
65
0
        OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value);
66
0
        ok = ossl_provider_add_parameter(prov, name, value);
67
0
    }
68
69
0
    return ok;
70
0
}
71
72
static int provider_conf_load(OPENSSL_CTX *libctx, const char *name,
73
                              const char *value, const CONF *cnf)
74
0
{
75
0
    int i;
76
0
    STACK_OF(CONF_VALUE) *ecmds;
77
0
    int soft = 0;
78
0
    OSSL_PROVIDER *prov = NULL;
79
0
    const char *path = NULL;
80
0
    long activate = 0;
81
0
    int ok = 0;
82
83
0
    name = skip_dot(name);
84
0
    OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
85
    /* Value is a section containing PROVIDER commands */
86
0
    ecmds = NCONF_get_section(cnf, value);
87
88
0
    if (!ecmds) {
89
0
        CRYPTOerr(CRYPTO_F_PROVIDER_CONF_LOAD, CRYPTO_R_PROVIDER_SECTION_ERROR);
90
0
        return 0;
91
0
    }
92
93
    /* Find the needed data first */
94
0
    for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
95
0
        CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
96
0
        const char *confname = skip_dot(ecmd->name);
97
0
        const char *confvalue = ecmd->value;
98
99
0
        OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
100
0
                    confname, confvalue);
101
102
        /* First handle some special pseudo confs */
103
104
        /* Override provider name to use */
105
0
        if (strcmp(confname, "identity") == 0)
106
0
            name = confvalue;
107
0
        else if (strcmp(confname, "soft_load") == 0)
108
0
            soft = 1;
109
        /* Load a dynamic PROVIDER */
110
0
        else if (strcmp(confname, "module") == 0)
111
0
            path = confvalue;
112
0
        else if (strcmp(confname, "activate") == 0)
113
0
            activate = 1;
114
0
    }
115
116
0
    prov = ossl_provider_find(libctx, name, 1);
117
0
    if (prov == NULL)
118
0
        prov = ossl_provider_new(libctx, name, NULL, 1);
119
0
    if (prov == NULL) {
120
0
        if (soft)
121
0
            ERR_clear_error();
122
0
        return 0;
123
0
    }
124
125
0
    if (path != NULL)
126
0
        ossl_provider_set_module_path(prov, path);
127
128
0
    ok = provider_conf_params(prov, NULL, value, cnf);
129
130
0
    if (ok && activate) {
131
0
        if (!ossl_provider_activate(prov)) {
132
0
            ok = 0;
133
0
        } else {
134
0
            if (activated_providers == NULL)
135
0
                activated_providers = sk_OSSL_PROVIDER_new_null();
136
0
            sk_OSSL_PROVIDER_push(activated_providers, prov);
137
0
            ok = 1;
138
0
        }
139
0
    }
140
141
0
    if (!(activate && ok))
142
0
        ossl_provider_free(prov);
143
144
0
    return ok;
145
0
}
146
147
static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
148
0
{
149
0
    STACK_OF(CONF_VALUE) *elist;
150
0
    CONF_VALUE *cval;
151
0
    int i;
152
153
0
    OSSL_TRACE1(CONF, "Loading providers module: section %s\n",
154
0
                CONF_imodule_get_value(md));
155
156
    /* Value is a section containing PROVIDERs to configure */
157
0
    elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
158
159
0
    if (!elist) {
160
0
        CRYPTOerr(CRYPTO_F_PROVIDER_CONF_INIT,
161
0
                  CRYPTO_R_PROVIDER_SECTION_ERROR);
162
0
        return 0;
163
0
    }
164
165
0
    for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
166
0
        cval = sk_CONF_VALUE_value(elist, i);
167
0
        if (!provider_conf_load(NULL, cval->name, cval->value, cnf))
168
0
            return 0;
169
0
    }
170
171
0
    return 1;
172
0
}
173
174
175
static void provider_conf_deinit(CONF_IMODULE *md)
176
0
{
177
0
    sk_OSSL_PROVIDER_pop_free(activated_providers, ossl_provider_free);
178
0
    activated_providers = NULL;
179
0
    OSSL_TRACE(CONF, "Cleaned up providers\n");
180
0
}
181
182
void ossl_provider_add_conf_module(void)
183
502
{
184
502
    OSSL_TRACE(CONF, "Adding config module 'providers'\n");
185
502
    CONF_module_add("providers", provider_conf_init, provider_conf_deinit);
186
502
}