/src/openssl/crypto/provider_child.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <assert.h> |
11 | | #include <openssl/crypto.h> |
12 | | #include <openssl/core_dispatch.h> |
13 | | #include <openssl/core_names.h> |
14 | | #include <openssl/provider.h> |
15 | | #include <openssl/evp.h> |
16 | | #include "internal/provider.h" |
17 | | #include "internal/cryptlib.h" |
18 | | #include "crypto/evp.h" |
19 | | #include "crypto/context.h" |
20 | | |
21 | | DEFINE_STACK_OF(OSSL_PROVIDER) |
22 | | |
23 | | struct child_prov_globals { |
24 | | const OSSL_CORE_HANDLE *handle; |
25 | | const OSSL_CORE_HANDLE *curr_prov; |
26 | | CRYPTO_RWLOCK *lock; |
27 | | OSSL_FUNC_core_get_libctx_fn *c_get_libctx; |
28 | | OSSL_FUNC_provider_register_child_cb_fn *c_provider_register_child_cb; |
29 | | OSSL_FUNC_provider_deregister_child_cb_fn *c_provider_deregister_child_cb; |
30 | | OSSL_FUNC_provider_name_fn *c_prov_name; |
31 | | OSSL_FUNC_provider_get0_provider_ctx_fn *c_prov_get0_provider_ctx; |
32 | | OSSL_FUNC_provider_get0_dispatch_fn *c_prov_get0_dispatch; |
33 | | OSSL_FUNC_provider_up_ref_fn *c_prov_up_ref; |
34 | | OSSL_FUNC_provider_free_fn *c_prov_free; |
35 | | }; |
36 | | |
37 | | void *ossl_child_prov_ctx_new(OSSL_LIB_CTX *libctx) |
38 | 4 | { |
39 | 4 | return OPENSSL_zalloc(sizeof(struct child_prov_globals)); |
40 | 4 | } |
41 | | |
42 | | void ossl_child_prov_ctx_free(void *vgbl) |
43 | 4 | { |
44 | 4 | struct child_prov_globals *gbl = vgbl; |
45 | | |
46 | 4 | CRYPTO_THREAD_lock_free(gbl->lock); |
47 | 4 | OPENSSL_free(gbl); |
48 | 4 | } |
49 | | |
50 | | static OSSL_provider_init_fn ossl_child_provider_init; |
51 | | |
52 | | static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle, |
53 | | const OSSL_DISPATCH *in, |
54 | | const OSSL_DISPATCH **out, |
55 | | void **provctx) |
56 | 0 | { |
57 | 0 | OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL; |
58 | 0 | OSSL_LIB_CTX *ctx; |
59 | 0 | struct child_prov_globals *gbl; |
60 | |
|
61 | 0 | for (; in->function_id != 0; in++) { |
62 | 0 | switch (in->function_id) { |
63 | 0 | case OSSL_FUNC_CORE_GET_LIBCTX: |
64 | 0 | c_get_libctx = OSSL_FUNC_core_get_libctx(in); |
65 | 0 | break; |
66 | 0 | default: |
67 | | /* Just ignore anything we don't understand */ |
68 | 0 | break; |
69 | 0 | } |
70 | 0 | } |
71 | | |
72 | 0 | if (c_get_libctx == NULL) |
73 | 0 | return 0; |
74 | | |
75 | | /* |
76 | | * We need an OSSL_LIB_CTX but c_get_libctx returns OPENSSL_CORE_CTX. We are |
77 | | * a built-in provider and so we can get away with this cast. Normal |
78 | | * providers can't do this. |
79 | | */ |
80 | 0 | ctx = (OSSL_LIB_CTX *)c_get_libctx(handle); |
81 | |
|
82 | 0 | gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX); |
83 | 0 | if (gbl == NULL) |
84 | 0 | return 0; |
85 | | |
86 | 0 | *provctx = gbl->c_prov_get0_provider_ctx(gbl->curr_prov); |
87 | 0 | *out = gbl->c_prov_get0_dispatch(gbl->curr_prov); |
88 | |
|
89 | 0 | return 1; |
90 | 0 | } |
91 | | |
92 | | static int provider_create_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata) |
93 | 0 | { |
94 | 0 | OSSL_LIB_CTX *ctx = cbdata; |
95 | 0 | struct child_prov_globals *gbl; |
96 | 0 | const char *provname; |
97 | 0 | OSSL_PROVIDER *cprov; |
98 | 0 | int ret = 0; |
99 | |
|
100 | 0 | gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX); |
101 | 0 | if (gbl == NULL) |
102 | 0 | return 0; |
103 | | |
104 | 0 | if (!CRYPTO_THREAD_write_lock(gbl->lock)) |
105 | 0 | return 0; |
106 | | |
107 | 0 | provname = gbl->c_prov_name(prov); |
108 | | |
109 | | /* |
110 | | * We're operating under a lock so we can store the "current" provider in |
111 | | * the global data. |
112 | | */ |
113 | 0 | gbl->curr_prov = prov; |
114 | |
|
115 | 0 | if ((cprov = ossl_provider_find(ctx, provname, 1)) != NULL) { |
116 | | /* |
117 | | * We free the newly created ref. We rely on the provider sticking around |
118 | | * in the provider store. |
119 | | */ |
120 | 0 | ossl_provider_free(cprov); |
121 | | |
122 | | /* |
123 | | * The provider already exists. It could be a previously created child, |
124 | | * or it could have been explicitly loaded. If explicitly loaded we |
125 | | * ignore it - i.e. we don't start treating it like a child. |
126 | | */ |
127 | 0 | if (!ossl_provider_activate(cprov, 0, 1)) |
128 | 0 | goto err; |
129 | 0 | } else { |
130 | | /* |
131 | | * Create it - passing 1 as final param so we don't try and recursively |
132 | | * init children |
133 | | */ |
134 | 0 | if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init, |
135 | 0 | NULL, 1)) == NULL) |
136 | 0 | goto err; |
137 | | |
138 | 0 | if (!ossl_provider_activate(cprov, 0, 0)) { |
139 | 0 | ossl_provider_free(cprov); |
140 | 0 | goto err; |
141 | 0 | } |
142 | | |
143 | 0 | if (!ossl_provider_set_child(cprov, prov) |
144 | 0 | || !ossl_provider_add_to_store(cprov, NULL, 0)) { |
145 | 0 | ossl_provider_deactivate(cprov, 0); |
146 | 0 | ossl_provider_free(cprov); |
147 | 0 | goto err; |
148 | 0 | } |
149 | 0 | } |
150 | | |
151 | 0 | ret = 1; |
152 | 0 | err: |
153 | 0 | CRYPTO_THREAD_unlock(gbl->lock); |
154 | 0 | return ret; |
155 | 0 | } |
156 | | |
157 | | static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata) |
158 | 0 | { |
159 | 0 | OSSL_LIB_CTX *ctx = cbdata; |
160 | 0 | struct child_prov_globals *gbl; |
161 | 0 | const char *provname; |
162 | 0 | OSSL_PROVIDER *cprov; |
163 | |
|
164 | 0 | gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX); |
165 | 0 | if (gbl == NULL) |
166 | 0 | return 0; |
167 | | |
168 | 0 | provname = gbl->c_prov_name(prov); |
169 | 0 | cprov = ossl_provider_find(ctx, provname, 1); |
170 | 0 | if (cprov == NULL) |
171 | 0 | return 0; |
172 | | /* |
173 | | * ossl_provider_find ups the ref count, so we free it again here. We can |
174 | | * rely on the provider store reference count. |
175 | | */ |
176 | 0 | ossl_provider_free(cprov); |
177 | 0 | if (ossl_provider_is_child(cprov) |
178 | 0 | && !ossl_provider_deactivate(cprov, 1)) |
179 | 0 | return 0; |
180 | | |
181 | 0 | return 1; |
182 | 0 | } |
183 | | |
184 | | static int provider_global_props_cb(const char *props, void *cbdata) |
185 | 0 | { |
186 | 0 | OSSL_LIB_CTX *ctx = cbdata; |
187 | |
|
188 | 0 | return evp_set_default_properties_int(ctx, props, 0, 1); |
189 | 0 | } |
190 | | |
191 | | int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx, |
192 | | const OSSL_CORE_HANDLE *handle, |
193 | | const OSSL_DISPATCH *in) |
194 | 0 | { |
195 | 0 | struct child_prov_globals *gbl; |
196 | |
|
197 | 0 | if (ctx == NULL) |
198 | 0 | return 0; |
199 | | |
200 | 0 | gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX); |
201 | 0 | if (gbl == NULL) |
202 | 0 | return 0; |
203 | | |
204 | 0 | gbl->handle = handle; |
205 | 0 | for (; in->function_id != 0; in++) { |
206 | 0 | switch (in->function_id) { |
207 | 0 | case OSSL_FUNC_CORE_GET_LIBCTX: |
208 | 0 | gbl->c_get_libctx = OSSL_FUNC_core_get_libctx(in); |
209 | 0 | break; |
210 | 0 | case OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB: |
211 | 0 | gbl->c_provider_register_child_cb |
212 | 0 | = OSSL_FUNC_provider_register_child_cb(in); |
213 | 0 | break; |
214 | 0 | case OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB: |
215 | 0 | gbl->c_provider_deregister_child_cb |
216 | 0 | = OSSL_FUNC_provider_deregister_child_cb(in); |
217 | 0 | break; |
218 | 0 | case OSSL_FUNC_PROVIDER_NAME: |
219 | 0 | gbl->c_prov_name = OSSL_FUNC_provider_name(in); |
220 | 0 | break; |
221 | 0 | case OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX: |
222 | 0 | gbl->c_prov_get0_provider_ctx |
223 | 0 | = OSSL_FUNC_provider_get0_provider_ctx(in); |
224 | 0 | break; |
225 | 0 | case OSSL_FUNC_PROVIDER_GET0_DISPATCH: |
226 | 0 | gbl->c_prov_get0_dispatch = OSSL_FUNC_provider_get0_dispatch(in); |
227 | 0 | break; |
228 | 0 | case OSSL_FUNC_PROVIDER_UP_REF: |
229 | 0 | gbl->c_prov_up_ref |
230 | 0 | = OSSL_FUNC_provider_up_ref(in); |
231 | 0 | break; |
232 | 0 | case OSSL_FUNC_PROVIDER_FREE: |
233 | 0 | gbl->c_prov_free = OSSL_FUNC_provider_free(in); |
234 | 0 | break; |
235 | 0 | default: |
236 | | /* Just ignore anything we don't understand */ |
237 | 0 | break; |
238 | 0 | } |
239 | 0 | } |
240 | | |
241 | 0 | if (gbl->c_get_libctx == NULL |
242 | 0 | || gbl->c_provider_register_child_cb == NULL |
243 | 0 | || gbl->c_prov_name == NULL |
244 | 0 | || gbl->c_prov_get0_provider_ctx == NULL |
245 | 0 | || gbl->c_prov_get0_dispatch == NULL |
246 | 0 | || gbl->c_prov_up_ref == NULL |
247 | 0 | || gbl->c_prov_free == NULL) |
248 | 0 | return 0; |
249 | | |
250 | 0 | gbl->lock = CRYPTO_THREAD_lock_new(); |
251 | 0 | if (gbl->lock == NULL) |
252 | 0 | return 0; |
253 | | |
254 | 0 | if (!gbl->c_provider_register_child_cb(gbl->handle, |
255 | 0 | provider_create_child_cb, |
256 | 0 | provider_remove_child_cb, |
257 | 0 | provider_global_props_cb, |
258 | 0 | ctx)) |
259 | 0 | return 0; |
260 | | |
261 | 0 | return 1; |
262 | 0 | } |
263 | | |
264 | | void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx) |
265 | 0 | { |
266 | 0 | struct child_prov_globals *gbl |
267 | 0 | = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX); |
268 | 0 | if (gbl == NULL) |
269 | 0 | return; |
270 | | |
271 | 0 | gbl->c_provider_deregister_child_cb(gbl->handle); |
272 | 0 | } |
273 | | |
274 | | /* |
275 | | * ossl_provider_up_ref_parent() and ossl_provider_free_parent() do |
276 | | * nothing in "self-referencing" child providers, i.e. when the parent |
277 | | * of the child provider is the same as the provider where this child |
278 | | * provider was created. |
279 | | * This allows the teardown function in the parent provider to be called |
280 | | * at the correct moment. |
281 | | * For child providers in other providers, the reference count is done to |
282 | | * ensure that cross referencing is recorded. These should be cleared up |
283 | | * through that providers teardown, as part of freeing its child libctx. |
284 | | */ |
285 | | |
286 | | int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate) |
287 | 0 | { |
288 | 0 | struct child_prov_globals *gbl; |
289 | 0 | const OSSL_CORE_HANDLE *parent_handle; |
290 | |
|
291 | 0 | gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov), |
292 | 0 | OSSL_LIB_CTX_CHILD_PROVIDER_INDEX); |
293 | 0 | if (gbl == NULL) |
294 | 0 | return 0; |
295 | | |
296 | 0 | parent_handle = ossl_provider_get_parent(prov); |
297 | 0 | if (parent_handle == gbl->handle) |
298 | 0 | return 1; |
299 | 0 | return gbl->c_prov_up_ref(parent_handle, activate); |
300 | 0 | } |
301 | | |
302 | | int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate) |
303 | 0 | { |
304 | 0 | struct child_prov_globals *gbl; |
305 | 0 | const OSSL_CORE_HANDLE *parent_handle; |
306 | |
|
307 | 0 | gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov), |
308 | 0 | OSSL_LIB_CTX_CHILD_PROVIDER_INDEX); |
309 | 0 | if (gbl == NULL) |
310 | 0 | return 0; |
311 | | |
312 | 0 | parent_handle = ossl_provider_get_parent(prov); |
313 | 0 | if (parent_handle == gbl->handle) |
314 | 0 | return 1; |
315 | 0 | return gbl->c_prov_free(ossl_provider_get_parent(prov), deactivate); |
316 | 0 | } |