/src/openssl/crypto/provider_conf.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <string.h>
#include <openssl/trace.h>
#include <openssl/err.h>
#include <openssl/conf.h>
#include <openssl/safestack.h>
#include "internal/provider.h"

DEFINE_STACK_OF(OSSL_PROVIDER)
DEFINE_STACK_OF(CONF_VALUE)

/* PROVIDER config module */

static STACK_OF(OSSL_PROVIDER) *activated_providers = NULL;

static const char *skip_dot(const char *name)
{
    const char *p = strchr(name, '.');

    if (p != NULL)
        return p + 1;
    return name;
}

static int provider_conf_params(OSSL_PROVIDER *prov,
                                const char *name, const char *value,
                                const CONF *cnf)
{
    STACK_OF(CONF_VALUE) *sect;
    int ok = 1;

    sect = NCONF_get_section(cnf, value);
    if (sect != NULL) {
        int i;
        char buffer[512];
        size_t buffer_len = 0;

        OSSL_TRACE1(CONF, "Provider params: start section %s\n", value);

        if (name != NULL) {
            OPENSSL_strlcpy(buffer, name, sizeof(buffer));
            OPENSSL_strlcat(buffer, ".", sizeof(buffer));
            buffer_len = strlen(buffer);
        }

        for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
            CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i);

            if (buffer_len + strlen(sectconf->name) >= sizeof(buffer))
                return 0;
            buffer[buffer_len] = '\0';
            OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer));
            if (!provider_conf_params(prov, buffer, sectconf->value, cnf))
                return 0;
        }

        OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value);
    } else {
        OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value);
        ok = ossl_provider_add_parameter(prov, name, value);
    }

    return ok;
}

static int provider_conf_load(OPENSSL_CTX *libctx, const char *name,
                              const char *value, const CONF *cnf)
{
    int i;
    STACK_OF(CONF_VALUE) *ecmds;
    int soft = 0;
    OSSL_PROVIDER *prov = NULL;
    const char *path = NULL;
    long activate = 0;
    int ok = 0;

    name = skip_dot(name);
    OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
    /* Value is a section containing PROVIDER commands */
    ecmds = NCONF_get_section(cnf, value);

    if (!ecmds) {
        CRYPTOerr(CRYPTO_F_PROVIDER_CONF_LOAD, CRYPTO_R_PROVIDER_SECTION_ERROR);
        return 0;
    }

    /* Find the needed data first */
    for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
        CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
        const char *confname = skip_dot(ecmd->name);
        const char *confvalue = ecmd->value;

        OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
                    confname, confvalue);

        /* First handle some special pseudo confs */

        /* Override provider name to use */
        if (strcmp(confname, "identity") == 0)
            name = confvalue;
        else if (strcmp(confname, "soft_load") == 0)
            soft = 1;
        /* Load a dynamic PROVIDER */
        else if (strcmp(confname, "module") == 0)
            path = confvalue;
        else if (strcmp(confname, "activate") == 0)
            activate = 1;
    }

    prov = ossl_provider_find(libctx, name, 1);
    if (prov == NULL)
        prov = ossl_provider_new(libctx, name, NULL, 1);
    if (prov == NULL) {
        if (soft)
            ERR_clear_error();
        return 0;
    }

    if (path != NULL)
        ossl_provider_set_module_path(prov, path);

    ok = provider_conf_params(prov, NULL, value, cnf);

    if (ok && activate) {
        if (!ossl_provider_activate(prov)) {
            ok = 0;
        } else {
            if (activated_providers == NULL)
                activated_providers = sk_OSSL_PROVIDER_new_null();
            sk_OSSL_PROVIDER_push(activated_providers, prov);
            ok = 1;
        }
    }

    if (!(activate && ok))
        ossl_provider_free(prov);

    return ok;
}

static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
{
    STACK_OF(CONF_VALUE) *elist;
    CONF_VALUE *cval;
    int i;

    OSSL_TRACE1(CONF, "Loading providers module: section %s\n",
                CONF_imodule_get_value(md));

    /* Value is a section containing PROVIDERs to configure */
    elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));

    if (!elist) {
        CRYPTOerr(CRYPTO_F_PROVIDER_CONF_INIT,
                  CRYPTO_R_PROVIDER_SECTION_ERROR);
        return 0;
    }

    for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
        cval = sk_CONF_VALUE_value(elist, i);
        if (!provider_conf_load(cnf->libctx, cval->name, cval->value, cnf))
            return 0;
    }

    return 1;
}


static void provider_conf_deinit(CONF_IMODULE *md)
{
    sk_OSSL_PROVIDER_pop_free(activated_providers, ossl_provider_free);
    activated_providers = NULL;
    OSSL_TRACE(CONF, "Cleaned up providers\n");
}

void ossl_provider_add_conf_module(void)
{
    OSSL_TRACE(CONF, "Adding config module 'providers'\n");
    CONF_module_add("providers", provider_conf_init, provider_conf_deinit);
}

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <string.h>
11		#include <openssl/trace.h>
12		#include <openssl/err.h>
13		#include <openssl/conf.h>
14		#include <openssl/safestack.h>
15		#include "internal/provider.h"
16
17		DEFINE_STACK_OF(OSSL_PROVIDER)
18		DEFINE_STACK_OF(CONF_VALUE)
19
20		/* PROVIDER config module */
21
22		static STACK_OF(OSSL_PROVIDER) *activated_providers = NULL;
23	0
24	0	static const char skip_dot(const char name)
25	0	{
26	0	const char *p = strchr(name, '.');
27	0
28	0	if (p != NULL)
29	0	return p + 1;
30		return name;
31		}
32
33		static int provider_conf_params(OSSL_PROVIDER *prov,
34	0	const char name, const char value,
35	0	const CONF *cnf)
36	0	{
37	0	STACK_OF(CONF_VALUE) *sect;
38	0	int ok = 1;
39	0
40	0	sect = NCONF_get_section(cnf, value);
41	0	if (sect != NULL) {
42	0	int i;
43	0	char buffer[512];
44	0	size_t buffer_len = 0;
45	0
46	0	OSSL_TRACE1(CONF, "Provider params: start section %s\n", value);
47	0
48	0	if (name != NULL) {
49	0	OPENSSL_strlcpy(buffer, name, sizeof(buffer));
50	0	OPENSSL_strlcat(buffer, ".", sizeof(buffer));
51	0	buffer_len = strlen(buffer);
52	0	}
53	0
54	0	for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
55	0	CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i);
56	0
57	0	if (buffer_len + strlen(sectconf->name) >= sizeof(buffer))
58	0	return 0;
59	0	buffer[buffer_len] = '\0';
60	0	OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer));
61	0	if (!provider_conf_params(prov, buffer, sectconf->value, cnf))
62	0	return 0;
63	0	}
64	0
65	0	OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value);
66	0	} else {
67	0	OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value);
68	0	ok = ossl_provider_add_parameter(prov, name, value);
69	0	}
70	0
71		return ok;
72		}
73
74		static int provider_conf_load(OPENSSL_CTX libctx, const char name,
75		const char value, const CONF cnf)
76		{
77		int i;
78		STACK_OF(CONF_VALUE) *ecmds;
79		int soft = 0;
80		OSSL_PROVIDER *prov = NULL;
81		const char *path = NULL;
82		long activate = 0;
83		int ok = 0;
84
85		name = skip_dot(name);
86		OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
87		/* Value is a section containing PROVIDER commands */
88		ecmds = NCONF_get_section(cnf, value);
89
90		if (!ecmds) {
91		CRYPTOerr(CRYPTO_F_PROVIDER_CONF_LOAD, CRYPTO_R_PROVIDER_SECTION_ERROR);
92		return 0;
93		}
94
95		/* Find the needed data first */
96		for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
97		CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
98		const char *confname = skip_dot(ecmd->name);
99		const char *confvalue = ecmd->value;
100
101		OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
102		confname, confvalue);
103
104		/* First handle some special pseudo confs */
105
106		/* Override provider name to use */
107		if (strcmp(confname, "identity") == 0)
108		name = confvalue;
109		else if (strcmp(confname, "soft_load") == 0)
110		soft = 1;
111		/* Load a dynamic PROVIDER */
112		else if (strcmp(confname, "module") == 0)
113		path = confvalue;
114		else if (strcmp(confname, "activate") == 0)
115		activate = 1;
116		}
117
118		prov = ossl_provider_find(libctx, name, 1);
119		if (prov == NULL)
120		prov = ossl_provider_new(libctx, name, NULL, 1);
121		if (prov == NULL) {
122		if (soft)
123		ERR_clear_error();
124		return 0;
125		}
126
127		if (path != NULL)
128		ossl_provider_set_module_path(prov, path);
129
130		ok = provider_conf_params(prov, NULL, value, cnf);
131
132		if (ok && activate) {
133		if (!ossl_provider_activate(prov)) {
134		ok = 0;
135		} else {
136		if (activated_providers == NULL)
137		activated_providers = sk_OSSL_PROVIDER_new_null();
138		sk_OSSL_PROVIDER_push(activated_providers, prov);
139		ok = 1;
140		}
141		}
142
143		if (!(activate && ok))
144		ossl_provider_free(prov);
145
146		return ok;
147		}
148	0
149	0	static int provider_conf_init(CONF_IMODULE md, const CONF cnf)
150	0	{
151	0	STACK_OF(CONF_VALUE) *elist;
152	0	CONF_VALUE *cval;
153	0	int i;
154	0
155	0	OSSL_TRACE1(CONF, "Loading providers module: section %s\n",
156	0	CONF_imodule_get_value(md));
157	0
158	0	/* Value is a section containing PROVIDERs to configure */
159	0	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
160	0
161	0	if (!elist) {
162	0	CRYPTOerr(CRYPTO_F_PROVIDER_CONF_INIT,
163	0	CRYPTO_R_PROVIDER_SECTION_ERROR);
164	0	return 0;
165	0	}
166	0
167	0	for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
168	0	cval = sk_CONF_VALUE_value(elist, i);
169	0	if (!provider_conf_load(cnf->libctx, cval->name, cval->value, cnf))
170	0	return 0;
171	0	}
172	0
173		return 1;
174		}
175
176	0
177	0	static void provider_conf_deinit(CONF_IMODULE *md)
178	0	{
179	0	sk_OSSL_PROVIDER_pop_free(activated_providers, ossl_provider_free);
180	0	activated_providers = NULL;
181		OSSL_TRACE(CONF, "Cleaned up providers\n");
182		}
183	4
184	4	void ossl_provider_add_conf_module(void)
185	4	{
186	4	OSSL_TRACE(CONF, "Adding config module 'providers'\n");
187		CONF_module_add("providers", provider_conf_init, provider_conf_deinit);
188		}

Coverage Report

Created: 2020-08-14 21:15