/src/openssl34/crypto/provider_core.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <assert.h> |
11 | | #include <openssl/core.h> |
12 | | #include <openssl/core_dispatch.h> |
13 | | #include <openssl/core_names.h> |
14 | | #include <openssl/provider.h> |
15 | | #include <openssl/params.h> |
16 | | #include <openssl/opensslv.h> |
17 | | #include "crypto/cryptlib.h" |
18 | | #ifndef FIPS_MODULE |
19 | | #include "crypto/decoder.h" /* ossl_decoder_store_cache_flush */ |
20 | | #include "crypto/encoder.h" /* ossl_encoder_store_cache_flush */ |
21 | | #include "crypto/store.h" /* ossl_store_loader_store_cache_flush */ |
22 | | #endif |
23 | | #include "crypto/evp.h" /* evp_method_store_cache_flush */ |
24 | | #include "crypto/rand.h" |
25 | | #include "internal/nelem.h" |
26 | | #include "internal/thread_once.h" |
27 | | #include "internal/provider.h" |
28 | | #include "internal/refcount.h" |
29 | | #include "internal/bio.h" |
30 | | #include "internal/core.h" |
31 | | #include "provider_local.h" |
32 | | #include "crypto/context.h" |
33 | | #ifndef FIPS_MODULE |
34 | | #include <openssl/self_test.h> |
35 | | #include <openssl/indicator.h> |
36 | | #endif |
37 | | |
38 | | /* |
39 | | * This file defines and uses a number of different structures: |
40 | | * |
41 | | * OSSL_PROVIDER (provider_st): Used to represent all information related to a |
42 | | * single instance of a provider. |
43 | | * |
44 | | * provider_store_st: Holds information about the collection of providers that |
45 | | * are available within the current library context (OSSL_LIB_CTX). It also |
46 | | * holds configuration information about providers that could be loaded at some |
47 | | * future point. |
48 | | * |
49 | | * OSSL_PROVIDER_CHILD_CB: An instance of this structure holds the callbacks |
50 | | * that have been registered for a child library context and the associated |
51 | | * provider that registered those callbacks. |
52 | | * |
53 | | * Where a child library context exists then it has its own instance of the |
54 | | * provider store. Each provider that exists in the parent provider store, has |
55 | | * an associated child provider in the child library context's provider store. |
56 | | * As providers get activated or deactivated this needs to be mirrored in the |
57 | | * associated child providers. |
58 | | * |
59 | | * LOCKING |
60 | | * ======= |
61 | | * |
62 | | * There are a number of different locks used in this file and it is important |
63 | | * to understand how they should be used in order to avoid deadlocks. |
64 | | * |
65 | | * Fields within a structure can often be "write once" on creation, and then |
66 | | * "read many". Creation of a structure is done by a single thread, and |
67 | | * therefore no lock is required for the "write once/read many" fields. It is |
68 | | * safe for multiple threads to read these fields without a lock, because they |
69 | | * will never be changed. |
70 | | * |
71 | | * However some fields may be changed after a structure has been created and |
72 | | * shared between multiple threads. Where this is the case a lock is required. |
73 | | * |
74 | | * The locks available are: |
75 | | * |
76 | | * The provider flag_lock: Used to control updates to the various provider |
77 | | * "flags" (flag_initialized and flag_activated). |
78 | | * |
79 | | * The provider activatecnt_lock: Used to control updates to the provider |
80 | | * activatecnt value. |
81 | | * |
82 | | * The provider optbits_lock: Used to control access to the provider's |
83 | | * operation_bits and operation_bits_sz fields. |
84 | | * |
85 | | * The store default_path_lock: Used to control access to the provider store's |
86 | | * default search path value (default_path) |
87 | | * |
88 | | * The store lock: Used to control the stack of provider's held within the |
89 | | * provider store, as well as the stack of registered child provider callbacks. |
90 | | * |
91 | | * As a general rule-of-thumb it is best to: |
92 | | * - keep the scope of the code that is protected by a lock to the absolute |
93 | | * minimum possible; |
94 | | * - try to keep the scope of the lock to within a single function (i.e. avoid |
95 | | * making calls to other functions while holding a lock); |
96 | | * - try to only ever hold one lock at a time. |
97 | | * |
98 | | * Unfortunately, it is not always possible to stick to the above guidelines. |
99 | | * Where they are not adhered to there is always a danger of inadvertently |
100 | | * introducing the possibility of deadlock. The following rules MUST be adhered |
101 | | * to in order to avoid that: |
102 | | * - Holding multiple locks at the same time is only allowed for the |
103 | | * provider store lock, the provider activatecnt_lock and the provider flag_lock. |
104 | | * - When holding multiple locks they must be acquired in the following order of |
105 | | * precedence: |
106 | | * 1) provider store lock |
107 | | * 2) provider flag_lock |
108 | | * 3) provider activatecnt_lock |
109 | | * - When releasing locks they must be released in the reverse order to which |
110 | | * they were acquired |
111 | | * - No locks may be held when making an upcall. NOTE: Some common functions |
112 | | * can make upcalls as part of their normal operation. If you need to call |
113 | | * some other function while holding a lock make sure you know whether it |
114 | | * will make any upcalls or not. For example ossl_provider_up_ref() can call |
115 | | * ossl_provider_up_ref_parent() which can call the c_prov_up_ref() upcall. |
116 | | * - It is permissible to hold the store and flag locks when calling child |
117 | | * provider callbacks. No other locks may be held during such callbacks. |
118 | | */ |
119 | | |
120 | | static OSSL_PROVIDER *provider_new(const char *name, |
121 | | OSSL_provider_init_fn *init_function, |
122 | | STACK_OF(INFOPAIR) *parameters); |
123 | | |
124 | | /*- |
125 | | * Provider Object structure |
126 | | * ========================= |
127 | | */ |
128 | | |
129 | | #ifndef FIPS_MODULE |
130 | | typedef struct { |
131 | | OSSL_PROVIDER *prov; |
132 | | int (*create_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata); |
133 | | int (*remove_cb)(const OSSL_CORE_HANDLE *provider, void *cbdata); |
134 | | int (*global_props_cb)(const char *props, void *cbdata); |
135 | | void *cbdata; |
136 | | } OSSL_PROVIDER_CHILD_CB; |
137 | | DEFINE_STACK_OF(OSSL_PROVIDER_CHILD_CB) |
138 | | #endif |
139 | | |
140 | | struct provider_store_st; /* Forward declaration */ |
141 | | |
142 | | struct ossl_provider_st { |
143 | | /* Flag bits */ |
144 | | unsigned int flag_initialized : 1; |
145 | | unsigned int flag_activated : 1; |
146 | | |
147 | | /* Getting and setting the flags require synchronization */ |
148 | | CRYPTO_RWLOCK *flag_lock; |
149 | | |
150 | | /* OpenSSL library side data */ |
151 | | CRYPTO_REF_COUNT refcnt; |
152 | | CRYPTO_RWLOCK *activatecnt_lock; /* For the activatecnt counter */ |
153 | | int activatecnt; |
154 | | char *name; |
155 | | char *path; |
156 | | DSO *module; |
157 | | OSSL_provider_init_fn *init_function; |
158 | | STACK_OF(INFOPAIR) *parameters; |
159 | | OSSL_LIB_CTX *libctx; /* The library context this instance is in */ |
160 | | struct provider_store_st *store; /* The store this instance belongs to */ |
161 | | #ifndef FIPS_MODULE |
162 | | /* |
163 | | * In the FIPS module inner provider, this isn't needed, since the |
164 | | * error upcalls are always direct calls to the outer provider. |
165 | | */ |
166 | | int error_lib; /* ERR library number, one for each provider */ |
167 | | #ifndef OPENSSL_NO_ERR |
168 | | ERR_STRING_DATA *error_strings; /* Copy of what the provider gives us */ |
169 | | #endif |
170 | | #endif |
171 | | |
172 | | /* Provider side functions */ |
173 | | OSSL_FUNC_provider_teardown_fn *teardown; |
174 | | OSSL_FUNC_provider_gettable_params_fn *gettable_params; |
175 | | OSSL_FUNC_provider_get_params_fn *get_params; |
176 | | OSSL_FUNC_provider_get_capabilities_fn *get_capabilities; |
177 | | OSSL_FUNC_provider_self_test_fn *self_test; |
178 | | OSSL_FUNC_provider_query_operation_fn *query_operation; |
179 | | OSSL_FUNC_provider_unquery_operation_fn *unquery_operation; |
180 | | |
181 | | /* |
182 | | * Cache of bit to indicate of query_operation() has been called on |
183 | | * a specific operation or not. |
184 | | */ |
185 | | unsigned char *operation_bits; |
186 | | size_t operation_bits_sz; |
187 | | CRYPTO_RWLOCK *opbits_lock; |
188 | | |
189 | | #ifndef FIPS_MODULE |
190 | | /* Whether this provider is the child of some other provider */ |
191 | | const OSSL_CORE_HANDLE *handle; |
192 | | unsigned int ischild : 1; |
193 | | #endif |
194 | | |
195 | | /* Provider side data */ |
196 | | void *provctx; |
197 | | const OSSL_DISPATCH *dispatch; |
198 | | }; |
199 | | DEFINE_STACK_OF(OSSL_PROVIDER) |
200 | | |
201 | | static int ossl_provider_cmp(const OSSL_PROVIDER *const *a, |
202 | | const OSSL_PROVIDER *const *b) |
203 | 479 | { |
204 | 479 | return strcmp((*a)->name, (*b)->name); |
205 | 479 | } |
206 | | |
207 | | /*- |
208 | | * Provider Object store |
209 | | * ===================== |
210 | | * |
211 | | * The Provider Object store is a library context object, and therefore needs |
212 | | * an index. |
213 | | */ |
214 | | |
215 | | struct provider_store_st { |
216 | | OSSL_LIB_CTX *libctx; |
217 | | STACK_OF(OSSL_PROVIDER) *providers; |
218 | | STACK_OF(OSSL_PROVIDER_CHILD_CB) *child_cbs; |
219 | | CRYPTO_RWLOCK *default_path_lock; |
220 | | CRYPTO_RWLOCK *lock; |
221 | | char *default_path; |
222 | | OSSL_PROVIDER_INFO *provinfo; |
223 | | size_t numprovinfo; |
224 | | size_t provinfosz; |
225 | | unsigned int use_fallbacks : 1; |
226 | | unsigned int freeing : 1; |
227 | | }; |
228 | | |
229 | | /* |
230 | | * provider_deactivate_free() is a wrapper around ossl_provider_deactivate() |
231 | | * and ossl_provider_free(), called as needed. |
232 | | * Since this is only called when the provider store is being emptied, we |
233 | | * don't need to care about any lock. |
234 | | */ |
235 | | static void provider_deactivate_free(OSSL_PROVIDER *prov) |
236 | 182 | { |
237 | 182 | if (prov->flag_activated) |
238 | 182 | ossl_provider_deactivate(prov, 1); |
239 | 182 | ossl_provider_free(prov); |
240 | 182 | } |
241 | | |
242 | | #ifndef FIPS_MODULE |
243 | | static void ossl_provider_child_cb_free(OSSL_PROVIDER_CHILD_CB *cb) |
244 | 0 | { |
245 | 0 | OPENSSL_free(cb); |
246 | 0 | } |
247 | | #endif |
248 | | |
249 | | static void infopair_free(INFOPAIR *pair) |
250 | 0 | { |
251 | 0 | OPENSSL_free(pair->name); |
252 | 0 | OPENSSL_free(pair->value); |
253 | 0 | OPENSSL_free(pair); |
254 | 0 | } |
255 | | |
256 | | static INFOPAIR *infopair_copy(const INFOPAIR *src) |
257 | 0 | { |
258 | 0 | INFOPAIR *dest = OPENSSL_zalloc(sizeof(*dest)); |
259 | |
|
260 | 0 | if (dest == NULL) |
261 | 0 | return NULL; |
262 | 0 | if (src->name != NULL) { |
263 | 0 | dest->name = OPENSSL_strdup(src->name); |
264 | 0 | if (dest->name == NULL) |
265 | 0 | goto err; |
266 | 0 | } |
267 | 0 | if (src->value != NULL) { |
268 | 0 | dest->value = OPENSSL_strdup(src->value); |
269 | 0 | if (dest->value == NULL) |
270 | 0 | goto err; |
271 | 0 | } |
272 | 0 | return dest; |
273 | 0 | err: |
274 | 0 | OPENSSL_free(dest->name); |
275 | 0 | OPENSSL_free(dest); |
276 | 0 | return NULL; |
277 | 0 | } |
278 | | |
279 | | void ossl_provider_info_clear(OSSL_PROVIDER_INFO *info) |
280 | 110 | { |
281 | 110 | OPENSSL_free(info->name); |
282 | 110 | OPENSSL_free(info->path); |
283 | 110 | sk_INFOPAIR_pop_free(info->parameters, infopair_free); |
284 | 110 | } |
285 | | |
286 | | void ossl_provider_store_free(void *vstore) |
287 | 196 | { |
288 | 196 | struct provider_store_st *store = vstore; |
289 | 196 | size_t i; |
290 | | |
291 | 196 | if (store == NULL) |
292 | 0 | return; |
293 | 196 | store->freeing = 1; |
294 | 196 | OPENSSL_free(store->default_path); |
295 | 196 | sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free); |
296 | 196 | #ifndef FIPS_MODULE |
297 | 196 | sk_OSSL_PROVIDER_CHILD_CB_pop_free(store->child_cbs, |
298 | 196 | ossl_provider_child_cb_free); |
299 | 196 | #endif |
300 | 196 | CRYPTO_THREAD_lock_free(store->default_path_lock); |
301 | 196 | CRYPTO_THREAD_lock_free(store->lock); |
302 | 296 | for (i = 0; i < store->numprovinfo; i++) |
303 | 100 | ossl_provider_info_clear(&store->provinfo[i]); |
304 | 196 | OPENSSL_free(store->provinfo); |
305 | 196 | OPENSSL_free(store); |
306 | 196 | } |
307 | | |
308 | | void *ossl_provider_store_new(OSSL_LIB_CTX *ctx) |
309 | 378 | { |
310 | 378 | struct provider_store_st *store = OPENSSL_zalloc(sizeof(*store)); |
311 | | |
312 | 378 | if (store == NULL |
313 | 378 | || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL |
314 | 378 | || (store->default_path_lock = CRYPTO_THREAD_lock_new()) == NULL |
315 | 378 | #ifndef FIPS_MODULE |
316 | 378 | || (store->child_cbs = sk_OSSL_PROVIDER_CHILD_CB_new_null()) == NULL |
317 | 378 | #endif |
318 | 378 | || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) { |
319 | 0 | ossl_provider_store_free(store); |
320 | 0 | return NULL; |
321 | 0 | } |
322 | 378 | store->libctx = ctx; |
323 | 378 | store->use_fallbacks = 1; |
324 | | |
325 | 378 | return store; |
326 | 378 | } |
327 | | |
328 | | static struct provider_store_st *get_provider_store(OSSL_LIB_CTX *libctx) |
329 | 5.69M | { |
330 | 5.69M | struct provider_store_st *store = NULL; |
331 | | |
332 | 5.69M | store = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_STORE_INDEX); |
333 | 5.69M | if (store == NULL) |
334 | 5.69M | ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); |
335 | 5.69M | return store; |
336 | 5.69M | } |
337 | | |
338 | | int ossl_provider_disable_fallback_loading(OSSL_LIB_CTX *libctx) |
339 | 0 | { |
340 | 0 | struct provider_store_st *store; |
341 | |
|
342 | 0 | if ((store = get_provider_store(libctx)) != NULL) { |
343 | 0 | if (!CRYPTO_THREAD_write_lock(store->lock)) |
344 | 0 | return 0; |
345 | 0 | store->use_fallbacks = 0; |
346 | 0 | CRYPTO_THREAD_unlock(store->lock); |
347 | 0 | return 1; |
348 | 0 | } |
349 | 0 | return 0; |
350 | 0 | } |
351 | | |
352 | 136 | #define BUILTINS_BLOCK_SIZE 10 |
353 | | |
354 | | int ossl_provider_info_add_to_store(OSSL_LIB_CTX *libctx, |
355 | | OSSL_PROVIDER_INFO *entry) |
356 | 136 | { |
357 | 136 | struct provider_store_st *store = get_provider_store(libctx); |
358 | 136 | int ret = 0; |
359 | | |
360 | 136 | if (entry->name == NULL) { |
361 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); |
362 | 0 | return 0; |
363 | 0 | } |
364 | | |
365 | 136 | if (store == NULL) { |
366 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); |
367 | 0 | return 0; |
368 | 0 | } |
369 | | |
370 | 136 | if (!CRYPTO_THREAD_write_lock(store->lock)) |
371 | 0 | return 0; |
372 | 136 | if (store->provinfosz == 0) { |
373 | 136 | store->provinfo = OPENSSL_zalloc(sizeof(*store->provinfo) |
374 | 136 | * BUILTINS_BLOCK_SIZE); |
375 | 136 | if (store->provinfo == NULL) |
376 | 0 | goto err; |
377 | 136 | store->provinfosz = BUILTINS_BLOCK_SIZE; |
378 | 136 | } else if (store->numprovinfo == store->provinfosz) { |
379 | 0 | OSSL_PROVIDER_INFO *tmpbuiltins; |
380 | 0 | size_t newsz = store->provinfosz + BUILTINS_BLOCK_SIZE; |
381 | |
|
382 | 0 | tmpbuiltins = OPENSSL_realloc(store->provinfo, |
383 | 0 | sizeof(*store->provinfo) * newsz); |
384 | 0 | if (tmpbuiltins == NULL) |
385 | 0 | goto err; |
386 | 0 | store->provinfo = tmpbuiltins; |
387 | 0 | store->provinfosz = newsz; |
388 | 0 | } |
389 | 136 | store->provinfo[store->numprovinfo] = *entry; |
390 | 136 | store->numprovinfo++; |
391 | | |
392 | 136 | ret = 1; |
393 | 136 | err: |
394 | 136 | CRYPTO_THREAD_unlock(store->lock); |
395 | 136 | return ret; |
396 | 136 | } |
397 | | |
398 | | OSSL_PROVIDER *ossl_provider_find(OSSL_LIB_CTX *libctx, const char *name, |
399 | | ossl_unused int noconfig) |
400 | 336 | { |
401 | 336 | struct provider_store_st *store = NULL; |
402 | 336 | OSSL_PROVIDER *prov = NULL; |
403 | | |
404 | 336 | if ((store = get_provider_store(libctx)) != NULL) { |
405 | 336 | OSSL_PROVIDER tmpl = { |
406 | 336 | 0, |
407 | 336 | }; |
408 | 336 | int i; |
409 | | |
410 | 336 | #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) |
411 | | /* |
412 | | * Make sure any providers are loaded from config before we try to find |
413 | | * them. |
414 | | */ |
415 | 336 | if (!noconfig) { |
416 | 110 | if (ossl_lib_ctx_is_default(libctx)) |
417 | 110 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); |
418 | 110 | } |
419 | 336 | #endif |
420 | | |
421 | 336 | tmpl.name = (char *)name; |
422 | 336 | if (!CRYPTO_THREAD_write_lock(store->lock)) |
423 | 0 | return NULL; |
424 | 336 | sk_OSSL_PROVIDER_sort(store->providers); |
425 | 336 | if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) != -1) |
426 | 42 | prov = sk_OSSL_PROVIDER_value(store->providers, i); |
427 | 336 | CRYPTO_THREAD_unlock(store->lock); |
428 | 336 | if (prov != NULL && !ossl_provider_up_ref(prov)) |
429 | 0 | prov = NULL; |
430 | 336 | } |
431 | | |
432 | 336 | return prov; |
433 | 336 | } |
434 | | |
435 | | /*- |
436 | | * Provider Object methods |
437 | | * ======================= |
438 | | */ |
439 | | |
440 | | static OSSL_PROVIDER *provider_new(const char *name, |
441 | | OSSL_provider_init_fn *init_function, |
442 | | STACK_OF(INFOPAIR) *parameters) |
443 | 218 | { |
444 | 218 | OSSL_PROVIDER *prov = NULL; |
445 | | |
446 | 218 | if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL) |
447 | 0 | return NULL; |
448 | 218 | if (!CRYPTO_NEW_REF(&prov->refcnt, 1)) { |
449 | 0 | OPENSSL_free(prov); |
450 | 0 | return NULL; |
451 | 0 | } |
452 | 218 | if ((prov->activatecnt_lock = CRYPTO_THREAD_lock_new()) == NULL) { |
453 | 0 | ossl_provider_free(prov); |
454 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); |
455 | 0 | return NULL; |
456 | 0 | } |
457 | | |
458 | 218 | if ((prov->opbits_lock = CRYPTO_THREAD_lock_new()) == NULL |
459 | 218 | || (prov->flag_lock = CRYPTO_THREAD_lock_new()) == NULL |
460 | 218 | || (prov->parameters = sk_INFOPAIR_deep_copy(parameters, |
461 | 218 | infopair_copy, |
462 | 218 | infopair_free)) |
463 | 218 | == NULL) { |
464 | 0 | ossl_provider_free(prov); |
465 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); |
466 | 0 | return NULL; |
467 | 0 | } |
468 | 218 | if ((prov->name = OPENSSL_strdup(name)) == NULL) { |
469 | 0 | ossl_provider_free(prov); |
470 | 0 | return NULL; |
471 | 0 | } |
472 | | |
473 | 218 | prov->init_function = init_function; |
474 | | |
475 | 218 | return prov; |
476 | 218 | } |
477 | | |
478 | | int ossl_provider_up_ref(OSSL_PROVIDER *prov) |
479 | 24.7k | { |
480 | 24.7k | int ref = 0; |
481 | | |
482 | 24.7k | if (CRYPTO_UP_REF(&prov->refcnt, &ref) <= 0) |
483 | 0 | return 0; |
484 | | |
485 | 24.7k | #ifndef FIPS_MODULE |
486 | 24.7k | if (prov->ischild) { |
487 | 0 | if (!ossl_provider_up_ref_parent(prov, 0)) { |
488 | 0 | ossl_provider_free(prov); |
489 | 0 | return 0; |
490 | 0 | } |
491 | 0 | } |
492 | 24.7k | #endif |
493 | | |
494 | 24.7k | return ref; |
495 | 24.7k | } |
496 | | |
497 | | #ifndef FIPS_MODULE |
498 | | static int provider_up_ref_intern(OSSL_PROVIDER *prov, int activate) |
499 | 0 | { |
500 | 0 | if (activate) |
501 | 0 | return ossl_provider_activate(prov, 1, 0); |
502 | | |
503 | 0 | return ossl_provider_up_ref(prov); |
504 | 0 | } |
505 | | |
506 | | static int provider_free_intern(OSSL_PROVIDER *prov, int deactivate) |
507 | 0 | { |
508 | 0 | if (deactivate) |
509 | 0 | return ossl_provider_deactivate(prov, 1); |
510 | | |
511 | 0 | ossl_provider_free(prov); |
512 | 0 | return 1; |
513 | 0 | } |
514 | | #endif |
515 | | |
516 | | /* |
517 | | * We assume that the requested provider does not already exist in the store. |
518 | | * The caller should check. If it does exist then adding it to the store later |
519 | | * will fail. |
520 | | */ |
521 | | OSSL_PROVIDER *ossl_provider_new(OSSL_LIB_CTX *libctx, const char *name, |
522 | | OSSL_provider_init_fn *init_function, |
523 | | OSSL_PARAM *params, int noconfig) |
524 | 48 | { |
525 | 48 | struct provider_store_st *store = NULL; |
526 | 48 | OSSL_PROVIDER_INFO template; |
527 | 48 | OSSL_PROVIDER *prov = NULL; |
528 | | |
529 | 48 | if ((store = get_provider_store(libctx)) == NULL) |
530 | 0 | return NULL; |
531 | | |
532 | 48 | memset(&template, 0, sizeof(template)); |
533 | 48 | if (init_function == NULL) { |
534 | 48 | const OSSL_PROVIDER_INFO *p; |
535 | 48 | size_t i; |
536 | | |
537 | | /* Check if this is a predefined builtin provider */ |
538 | 192 | for (p = ossl_predefined_providers; p->name != NULL; p++) { |
539 | 144 | if (strcmp(p->name, name) == 0) { |
540 | 0 | template = *p; |
541 | 0 | break; |
542 | 0 | } |
543 | 144 | } |
544 | 48 | if (p->name == NULL) { |
545 | | /* Check if this is a user added provider */ |
546 | 48 | if (!CRYPTO_THREAD_read_lock(store->lock)) |
547 | 0 | return NULL; |
548 | 48 | for (i = 0, p = store->provinfo; i < store->numprovinfo; p++, i++) { |
549 | 48 | if (strcmp(p->name, name) == 0) { |
550 | 48 | template = *p; |
551 | 48 | break; |
552 | 48 | } |
553 | 48 | } |
554 | 48 | CRYPTO_THREAD_unlock(store->lock); |
555 | 48 | } |
556 | 48 | } else { |
557 | 0 | template.init = init_function; |
558 | 0 | } |
559 | | |
560 | 48 | if (params != NULL) { |
561 | 0 | int i; |
562 | |
|
563 | 0 | template.parameters = sk_INFOPAIR_new_null(); |
564 | 0 | if (template.parameters == NULL) |
565 | 0 | return NULL; |
566 | | |
567 | 0 | for (i = 0; params[i].key != NULL; i++) { |
568 | 0 | if (params[i].data_type != OSSL_PARAM_UTF8_STRING) |
569 | 0 | continue; |
570 | 0 | if (ossl_provider_info_add_parameter(&template, params[i].key, |
571 | 0 | (char *)params[i].data) |
572 | 0 | <= 0) { |
573 | 0 | sk_INFOPAIR_pop_free(template.parameters, infopair_free); |
574 | 0 | return NULL; |
575 | 0 | } |
576 | 0 | } |
577 | 0 | } |
578 | | |
579 | | /* provider_new() generates an error, so no need here */ |
580 | 48 | prov = provider_new(name, template.init, template.parameters); |
581 | | |
582 | 48 | if (params != NULL) /* We copied the parameters, let's free them */ |
583 | 0 | sk_INFOPAIR_pop_free(template.parameters, infopair_free); |
584 | | |
585 | 48 | if (prov == NULL) |
586 | 0 | return NULL; |
587 | | |
588 | 48 | if (!ossl_provider_set_module_path(prov, template.path)) { |
589 | 0 | ossl_provider_free(prov); |
590 | 0 | return NULL; |
591 | 0 | } |
592 | | |
593 | 48 | prov->libctx = libctx; |
594 | 48 | #ifndef FIPS_MODULE |
595 | 48 | prov->error_lib = ERR_get_next_error_library(); |
596 | 48 | #endif |
597 | | |
598 | | /* |
599 | | * At this point, the provider is only partially "loaded". To be |
600 | | * fully "loaded", ossl_provider_activate() must also be called and it must |
601 | | * then be added to the provider store. |
602 | | */ |
603 | | |
604 | 48 | return prov; |
605 | 48 | } |
606 | | |
607 | | /* Assumes that the store lock is held */ |
608 | | static int create_provider_children(OSSL_PROVIDER *prov) |
609 | 136 | { |
610 | 136 | int ret = 1; |
611 | 136 | #ifndef FIPS_MODULE |
612 | 136 | struct provider_store_st *store = prov->store; |
613 | 136 | OSSL_PROVIDER_CHILD_CB *child_cb; |
614 | 136 | int i, max; |
615 | | |
616 | 136 | max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); |
617 | 136 | for (i = 0; i < max; i++) { |
618 | | /* |
619 | | * This is newly activated (activatecnt == 1), so we need to |
620 | | * create child providers as necessary. |
621 | | */ |
622 | 0 | child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); |
623 | 0 | ret &= child_cb->create_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); |
624 | 0 | } |
625 | 136 | #endif |
626 | | |
627 | 136 | return ret; |
628 | 136 | } |
629 | | |
630 | | int ossl_provider_add_to_store(OSSL_PROVIDER *prov, OSSL_PROVIDER **actualprov, |
631 | | int retain_fallbacks) |
632 | 126 | { |
633 | 126 | struct provider_store_st *store; |
634 | 126 | int idx; |
635 | 126 | OSSL_PROVIDER tmpl = { |
636 | 126 | 0, |
637 | 126 | }; |
638 | 126 | OSSL_PROVIDER *actualtmp = NULL; |
639 | | |
640 | 126 | if (actualprov != NULL) |
641 | 126 | *actualprov = NULL; |
642 | | |
643 | 126 | if ((store = get_provider_store(prov->libctx)) == NULL) |
644 | 0 | return 0; |
645 | | |
646 | 126 | if (!CRYPTO_THREAD_write_lock(store->lock)) |
647 | 0 | return 0; |
648 | | |
649 | 126 | tmpl.name = (char *)prov->name; |
650 | 126 | idx = sk_OSSL_PROVIDER_find(store->providers, &tmpl); |
651 | 126 | if (idx == -1) |
652 | 126 | actualtmp = prov; |
653 | 0 | else |
654 | 0 | actualtmp = sk_OSSL_PROVIDER_value(store->providers, idx); |
655 | | |
656 | 126 | if (idx == -1) { |
657 | 126 | if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) |
658 | 0 | goto err; |
659 | 126 | prov->store = store; |
660 | 126 | if (!create_provider_children(prov)) { |
661 | 0 | sk_OSSL_PROVIDER_delete_ptr(store->providers, prov); |
662 | 0 | goto err; |
663 | 0 | } |
664 | 126 | if (!retain_fallbacks) |
665 | 0 | store->use_fallbacks = 0; |
666 | 126 | } |
667 | | |
668 | 126 | CRYPTO_THREAD_unlock(store->lock); |
669 | | |
670 | 126 | if (actualprov != NULL) { |
671 | 126 | if (!ossl_provider_up_ref(actualtmp)) { |
672 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); |
673 | 0 | actualtmp = NULL; |
674 | 0 | return 0; |
675 | 0 | } |
676 | 126 | *actualprov = actualtmp; |
677 | 126 | } |
678 | | |
679 | 126 | if (idx >= 0) { |
680 | | /* |
681 | | * The provider is already in the store. Probably two threads |
682 | | * independently initialised their own provider objects with the same |
683 | | * name and raced to put them in the store. This thread lost. We |
684 | | * deactivate the one we just created and use the one that already |
685 | | * exists instead. |
686 | | * If we get here then we know we did not create provider children |
687 | | * above, so we inform ossl_provider_deactivate not to attempt to remove |
688 | | * any. |
689 | | */ |
690 | 0 | ossl_provider_deactivate(prov, 0); |
691 | 0 | ossl_provider_free(prov); |
692 | 0 | } |
693 | 126 | #ifndef FIPS_MODULE |
694 | 126 | else { |
695 | | /* |
696 | | * This can be done outside the lock. We tolerate other threads getting |
697 | | * the wrong result briefly when creating OSSL_DECODER_CTXs. |
698 | | */ |
699 | 126 | ossl_decoder_cache_flush(prov->libctx); |
700 | 126 | } |
701 | 126 | #endif |
702 | | |
703 | 126 | return 1; |
704 | | |
705 | 0 | err: |
706 | 0 | CRYPTO_THREAD_unlock(store->lock); |
707 | 0 | return 0; |
708 | 126 | } |
709 | | |
710 | | void ossl_provider_free(OSSL_PROVIDER *prov) |
711 | 17.2k | { |
712 | 17.2k | if (prov != NULL) { |
713 | 17.2k | int ref = 0; |
714 | | |
715 | 17.2k | CRYPTO_DOWN_REF(&prov->refcnt, &ref); |
716 | | |
717 | | /* |
718 | | * When the refcount drops to zero, we clean up the provider. |
719 | | * Note that this also does teardown, which may seem late, |
720 | | * considering that init happens on first activation. However, |
721 | | * there may be other structures hanging on to the provider after |
722 | | * the last deactivation and may therefore need full access to the |
723 | | * provider's services. Therefore, we deinit late. |
724 | | */ |
725 | 17.2k | if (ref == 0) { |
726 | 72 | if (prov->flag_initialized) { |
727 | 72 | ossl_provider_teardown(prov); |
728 | 72 | #ifndef OPENSSL_NO_ERR |
729 | 72 | #ifndef FIPS_MODULE |
730 | 72 | if (prov->error_strings != NULL) { |
731 | 0 | ERR_unload_strings(prov->error_lib, prov->error_strings); |
732 | 0 | OPENSSL_free(prov->error_strings); |
733 | 0 | prov->error_strings = NULL; |
734 | 0 | } |
735 | 72 | #endif |
736 | 72 | #endif |
737 | 72 | OPENSSL_free(prov->operation_bits); |
738 | 72 | prov->operation_bits = NULL; |
739 | 72 | prov->operation_bits_sz = 0; |
740 | 72 | prov->flag_initialized = 0; |
741 | 72 | } |
742 | | |
743 | 72 | #ifndef FIPS_MODULE |
744 | | /* |
745 | | * We deregister thread handling whether or not the provider was |
746 | | * initialized. If init was attempted but was not successful then |
747 | | * the provider may still have registered a thread handler. |
748 | | */ |
749 | 72 | ossl_init_thread_deregister(prov); |
750 | 72 | DSO_free(prov->module); |
751 | 72 | #endif |
752 | 72 | OPENSSL_free(prov->name); |
753 | 72 | OPENSSL_free(prov->path); |
754 | 72 | sk_INFOPAIR_pop_free(prov->parameters, infopair_free); |
755 | 72 | CRYPTO_THREAD_lock_free(prov->opbits_lock); |
756 | 72 | CRYPTO_THREAD_lock_free(prov->flag_lock); |
757 | 72 | CRYPTO_THREAD_lock_free(prov->activatecnt_lock); |
758 | 72 | CRYPTO_FREE_REF(&prov->refcnt); |
759 | 72 | OPENSSL_free(prov); |
760 | 72 | } |
761 | 17.1k | #ifndef FIPS_MODULE |
762 | 17.1k | else if (prov->ischild) { |
763 | 0 | ossl_provider_free_parent(prov, 0); |
764 | 0 | } |
765 | 17.2k | #endif |
766 | 17.2k | } |
767 | 17.2k | } |
768 | | |
769 | | /* Setters */ |
770 | | int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path) |
771 | 136 | { |
772 | 136 | OPENSSL_free(prov->path); |
773 | 136 | prov->path = NULL; |
774 | 136 | if (module_path == NULL) |
775 | 136 | return 1; |
776 | 0 | if ((prov->path = OPENSSL_strdup(module_path)) != NULL) |
777 | 0 | return 1; |
778 | 0 | return 0; |
779 | 0 | } |
780 | | |
781 | | static int infopair_add(STACK_OF(INFOPAIR) **infopairsk, const char *name, |
782 | | const char *value) |
783 | 0 | { |
784 | 0 | INFOPAIR *pair = NULL; |
785 | |
|
786 | 0 | if ((pair = OPENSSL_zalloc(sizeof(*pair))) == NULL |
787 | 0 | || (pair->name = OPENSSL_strdup(name)) == NULL |
788 | 0 | || (pair->value = OPENSSL_strdup(value)) == NULL) |
789 | 0 | goto err; |
790 | | |
791 | 0 | if ((*infopairsk == NULL |
792 | 0 | && (*infopairsk = sk_INFOPAIR_new_null()) == NULL) |
793 | 0 | || sk_INFOPAIR_push(*infopairsk, pair) <= 0) { |
794 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_CRYPTO_LIB); |
795 | 0 | goto err; |
796 | 0 | } |
797 | | |
798 | 0 | return 1; |
799 | | |
800 | 0 | err: |
801 | 0 | if (pair != NULL) { |
802 | 0 | OPENSSL_free(pair->name); |
803 | 0 | OPENSSL_free(pair->value); |
804 | 0 | OPENSSL_free(pair); |
805 | 0 | } |
806 | 0 | return 0; |
807 | 0 | } |
808 | | |
809 | | int ossl_provider_add_parameter(OSSL_PROVIDER *prov, |
810 | | const char *name, const char *value) |
811 | 0 | { |
812 | 0 | return infopair_add(&prov->parameters, name, value); |
813 | 0 | } |
814 | | |
815 | | int ossl_provider_info_add_parameter(OSSL_PROVIDER_INFO *provinfo, |
816 | | const char *name, |
817 | | const char *value) |
818 | 0 | { |
819 | 0 | return infopair_add(&provinfo->parameters, name, value); |
820 | 0 | } |
821 | | |
822 | | /* |
823 | | * Provider activation. |
824 | | * |
825 | | * What "activation" means depends on the provider form; for built in |
826 | | * providers (in the library or the application alike), the provider |
827 | | * can already be considered to be loaded, all that's needed is to |
828 | | * initialize it. However, for dynamically loadable provider modules, |
829 | | * we must first load that module. |
830 | | * |
831 | | * Built in modules are distinguished from dynamically loaded modules |
832 | | * with an already assigned init function. |
833 | | */ |
834 | | static const OSSL_DISPATCH *core_dispatch; /* Define further down */ |
835 | | |
836 | | int OSSL_PROVIDER_set_default_search_path(OSSL_LIB_CTX *libctx, |
837 | | const char *path) |
838 | 0 | { |
839 | 0 | struct provider_store_st *store; |
840 | 0 | char *p = NULL; |
841 | |
|
842 | 0 | if (path != NULL) { |
843 | 0 | p = OPENSSL_strdup(path); |
844 | 0 | if (p == NULL) |
845 | 0 | return 0; |
846 | 0 | } |
847 | 0 | if ((store = get_provider_store(libctx)) != NULL |
848 | 0 | && CRYPTO_THREAD_write_lock(store->default_path_lock)) { |
849 | 0 | OPENSSL_free(store->default_path); |
850 | 0 | store->default_path = p; |
851 | 0 | CRYPTO_THREAD_unlock(store->default_path_lock); |
852 | 0 | return 1; |
853 | 0 | } |
854 | 0 | OPENSSL_free(p); |
855 | 0 | return 0; |
856 | 0 | } |
857 | | |
858 | | const char *OSSL_PROVIDER_get0_default_search_path(OSSL_LIB_CTX *libctx) |
859 | 0 | { |
860 | 0 | struct provider_store_st *store; |
861 | 0 | char *path = NULL; |
862 | |
|
863 | 0 | if ((store = get_provider_store(libctx)) != NULL |
864 | 0 | && CRYPTO_THREAD_read_lock(store->default_path_lock)) { |
865 | 0 | path = store->default_path; |
866 | 0 | CRYPTO_THREAD_unlock(store->default_path_lock); |
867 | 0 | } |
868 | 0 | return path; |
869 | 0 | } |
870 | | |
871 | | /* |
872 | | * Internal version that doesn't affect the store flags, and thereby avoid |
873 | | * locking. Direct callers must remember to set the store flags when |
874 | | * appropriate. |
875 | | */ |
876 | | static int provider_init(OSSL_PROVIDER *prov) |
877 | 94 | { |
878 | 94 | const OSSL_DISPATCH *provider_dispatch = NULL; |
879 | 94 | void *tmp_provctx = NULL; /* safety measure */ |
880 | 94 | #ifndef OPENSSL_NO_ERR |
881 | 94 | #ifndef FIPS_MODULE |
882 | 94 | OSSL_FUNC_provider_get_reason_strings_fn *p_get_reason_strings = NULL; |
883 | 94 | #endif |
884 | 94 | #endif |
885 | 94 | int ok = 0; |
886 | | |
887 | 94 | if (!ossl_assert(!prov->flag_initialized)) { |
888 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); |
889 | 0 | goto end; |
890 | 0 | } |
891 | | |
892 | | /* |
893 | | * If the init function isn't set, it indicates that this provider is |
894 | | * a loadable module. |
895 | | */ |
896 | 94 | if (prov->init_function == NULL) { |
897 | | #ifdef FIPS_MODULE |
898 | | goto end; |
899 | | #else |
900 | 0 | if (prov->module == NULL) { |
901 | 0 | char *allocated_path = NULL; |
902 | 0 | const char *module_path = NULL; |
903 | 0 | char *merged_path = NULL; |
904 | 0 | const char *load_dir = NULL; |
905 | 0 | char *allocated_load_dir = NULL; |
906 | 0 | struct provider_store_st *store; |
907 | |
|
908 | 0 | if ((prov->module = DSO_new()) == NULL) { |
909 | | /* DSO_new() generates an error already */ |
910 | 0 | goto end; |
911 | 0 | } |
912 | | |
913 | 0 | if ((store = get_provider_store(prov->libctx)) == NULL |
914 | 0 | || !CRYPTO_THREAD_read_lock(store->default_path_lock)) |
915 | 0 | goto end; |
916 | | |
917 | 0 | if (store->default_path != NULL) { |
918 | 0 | allocated_load_dir = OPENSSL_strdup(store->default_path); |
919 | 0 | CRYPTO_THREAD_unlock(store->default_path_lock); |
920 | 0 | if (allocated_load_dir == NULL) |
921 | 0 | goto end; |
922 | 0 | load_dir = allocated_load_dir; |
923 | 0 | } else { |
924 | 0 | CRYPTO_THREAD_unlock(store->default_path_lock); |
925 | 0 | } |
926 | | |
927 | 0 | if (load_dir == NULL) { |
928 | 0 | load_dir = ossl_safe_getenv("OPENSSL_MODULES"); |
929 | 0 | if (load_dir == NULL) |
930 | 0 | load_dir = ossl_get_modulesdir(); |
931 | 0 | } |
932 | |
|
933 | 0 | DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS, |
934 | 0 | DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL); |
935 | |
|
936 | 0 | module_path = prov->path; |
937 | 0 | if (module_path == NULL) |
938 | 0 | module_path = allocated_path = DSO_convert_filename(prov->module, prov->name); |
939 | 0 | if (module_path != NULL) |
940 | 0 | merged_path = DSO_merge(prov->module, module_path, load_dir); |
941 | |
|
942 | 0 | if (merged_path == NULL |
943 | 0 | || (DSO_load(prov->module, merged_path, NULL, 0)) == NULL) { |
944 | 0 | DSO_free(prov->module); |
945 | 0 | prov->module = NULL; |
946 | 0 | } |
947 | |
|
948 | 0 | OPENSSL_free(merged_path); |
949 | 0 | OPENSSL_free(allocated_path); |
950 | 0 | OPENSSL_free(allocated_load_dir); |
951 | 0 | } |
952 | | |
953 | 0 | if (prov->module == NULL) { |
954 | | /* DSO has already recorded errors, this is just a tracepoint */ |
955 | 0 | ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_DSO_LIB, |
956 | 0 | "name=%s", prov->name); |
957 | 0 | goto end; |
958 | 0 | } |
959 | | |
960 | 0 | prov->init_function = (OSSL_provider_init_fn *) |
961 | 0 | DSO_bind_func(prov->module, "OSSL_provider_init"); |
962 | 0 | #endif |
963 | 0 | } |
964 | | |
965 | | /* Check for and call the initialise function for the provider. */ |
966 | 94 | if (prov->init_function == NULL) { |
967 | 0 | ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED, |
968 | 0 | "name=%s, provider has no provider init function", |
969 | 0 | prov->name); |
970 | 0 | goto end; |
971 | 0 | } |
972 | | |
973 | 94 | if (!prov->init_function((OSSL_CORE_HANDLE *)prov, core_dispatch, |
974 | 94 | &provider_dispatch, &tmp_provctx)) { |
975 | 0 | ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, |
976 | 0 | "name=%s", prov->name); |
977 | 0 | goto end; |
978 | 0 | } |
979 | 94 | prov->provctx = tmp_provctx; |
980 | 94 | prov->dispatch = provider_dispatch; |
981 | | |
982 | 94 | if (provider_dispatch != NULL) { |
983 | 390 | for (; provider_dispatch->function_id != 0; provider_dispatch++) { |
984 | 296 | switch (provider_dispatch->function_id) { |
985 | 94 | case OSSL_FUNC_PROVIDER_TEARDOWN: |
986 | 94 | prov->teardown = OSSL_FUNC_provider_teardown(provider_dispatch); |
987 | 94 | break; |
988 | 36 | case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS: |
989 | 36 | prov->gettable_params = OSSL_FUNC_provider_gettable_params(provider_dispatch); |
990 | 36 | break; |
991 | 36 | case OSSL_FUNC_PROVIDER_GET_PARAMS: |
992 | 36 | prov->get_params = OSSL_FUNC_provider_get_params(provider_dispatch); |
993 | 36 | break; |
994 | 0 | case OSSL_FUNC_PROVIDER_SELF_TEST: |
995 | 0 | prov->self_test = OSSL_FUNC_provider_self_test(provider_dispatch); |
996 | 0 | break; |
997 | 36 | case OSSL_FUNC_PROVIDER_GET_CAPABILITIES: |
998 | 36 | prov->get_capabilities = OSSL_FUNC_provider_get_capabilities(provider_dispatch); |
999 | 36 | break; |
1000 | 94 | case OSSL_FUNC_PROVIDER_QUERY_OPERATION: |
1001 | 94 | prov->query_operation = OSSL_FUNC_provider_query_operation(provider_dispatch); |
1002 | 94 | break; |
1003 | 0 | case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: |
1004 | 0 | prov->unquery_operation = OSSL_FUNC_provider_unquery_operation(provider_dispatch); |
1005 | 0 | break; |
1006 | 0 | #ifndef OPENSSL_NO_ERR |
1007 | 0 | #ifndef FIPS_MODULE |
1008 | 0 | case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: |
1009 | 0 | p_get_reason_strings = OSSL_FUNC_provider_get_reason_strings(provider_dispatch); |
1010 | 0 | break; |
1011 | 296 | #endif |
1012 | 296 | #endif |
1013 | 296 | } |
1014 | 296 | } |
1015 | 94 | } |
1016 | | |
1017 | 94 | #ifndef OPENSSL_NO_ERR |
1018 | 94 | #ifndef FIPS_MODULE |
1019 | 94 | if (p_get_reason_strings != NULL) { |
1020 | 0 | const OSSL_ITEM *reasonstrings = p_get_reason_strings(prov->provctx); |
1021 | 0 | size_t cnt, cnt2; |
1022 | | |
1023 | | /* |
1024 | | * ERR_load_strings() handles ERR_STRING_DATA rather than OSSL_ITEM, |
1025 | | * although they are essentially the same type. |
1026 | | * Furthermore, ERR_load_strings() patches the array's error number |
1027 | | * with the error library number, so we need to make a copy of that |
1028 | | * array either way. |
1029 | | */ |
1030 | 0 | cnt = 0; |
1031 | 0 | while (reasonstrings[cnt].id != 0) { |
1032 | 0 | if (ERR_GET_LIB(reasonstrings[cnt].id) != 0) |
1033 | 0 | goto end; |
1034 | 0 | cnt++; |
1035 | 0 | } |
1036 | 0 | cnt++; /* One for the terminating item */ |
1037 | | |
1038 | | /* Allocate one extra item for the "library" name */ |
1039 | 0 | prov->error_strings = OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1)); |
1040 | 0 | if (prov->error_strings == NULL) |
1041 | 0 | goto end; |
1042 | | |
1043 | | /* |
1044 | | * Set the "library" name. |
1045 | | */ |
1046 | 0 | prov->error_strings[0].error = ERR_PACK(prov->error_lib, 0, 0); |
1047 | 0 | prov->error_strings[0].string = prov->name; |
1048 | | /* |
1049 | | * Copy reasonstrings item 0..cnt-1 to prov->error_trings positions |
1050 | | * 1..cnt. |
1051 | | */ |
1052 | 0 | for (cnt2 = 1; cnt2 <= cnt; cnt2++) { |
1053 | 0 | prov->error_strings[cnt2].error = (int)reasonstrings[cnt2 - 1].id; |
1054 | 0 | prov->error_strings[cnt2].string = reasonstrings[cnt2 - 1].ptr; |
1055 | 0 | } |
1056 | |
|
1057 | 0 | ERR_load_strings(prov->error_lib, prov->error_strings); |
1058 | 0 | } |
1059 | 94 | #endif |
1060 | 94 | #endif |
1061 | | |
1062 | | /* With this flag set, this provider has become fully "loaded". */ |
1063 | 94 | prov->flag_initialized = 1; |
1064 | 94 | ok = 1; |
1065 | | |
1066 | 94 | end: |
1067 | 94 | return ok; |
1068 | 94 | } |
1069 | | |
1070 | | /* |
1071 | | * Deactivate a provider. If upcalls is 0 then we suppress any upcalls to a |
1072 | | * parent provider. If removechildren is 0 then we suppress any calls to remove |
1073 | | * child providers. |
1074 | | * Return -1 on failure and the activation count on success |
1075 | | */ |
1076 | | static int provider_deactivate(OSSL_PROVIDER *prov, int upcalls, |
1077 | | int removechildren) |
1078 | 75 | { |
1079 | 75 | int count; |
1080 | 75 | struct provider_store_st *store; |
1081 | 75 | #ifndef FIPS_MODULE |
1082 | 75 | int freeparent = 0; |
1083 | 75 | #endif |
1084 | 75 | int lock = 1; |
1085 | | |
1086 | 75 | if (!ossl_assert(prov != NULL)) |
1087 | 0 | return -1; |
1088 | | |
1089 | | /* |
1090 | | * No need to lock if we've got no store because we've not been shared with |
1091 | | * other threads. |
1092 | | */ |
1093 | 75 | store = get_provider_store(prov->libctx); |
1094 | 75 | if (store == NULL) |
1095 | 0 | lock = 0; |
1096 | | |
1097 | 75 | if (lock && !CRYPTO_THREAD_read_lock(store->lock)) |
1098 | 0 | return -1; |
1099 | 75 | if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) { |
1100 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1101 | 0 | return -1; |
1102 | 0 | } |
1103 | | |
1104 | 75 | CRYPTO_atomic_add(&prov->activatecnt, -1, &count, prov->activatecnt_lock); |
1105 | 75 | #ifndef FIPS_MODULE |
1106 | 75 | if (count >= 1 && prov->ischild && upcalls) { |
1107 | | /* |
1108 | | * We have had a direct activation in this child libctx so we need to |
1109 | | * now down the ref count in the parent provider. We do the actual down |
1110 | | * ref outside of the flag_lock, since it could involve getting other |
1111 | | * locks. |
1112 | | */ |
1113 | 0 | freeparent = 1; |
1114 | 0 | } |
1115 | 75 | #endif |
1116 | | |
1117 | 75 | if (count < 1) |
1118 | 75 | prov->flag_activated = 0; |
1119 | 0 | #ifndef FIPS_MODULE |
1120 | 0 | else |
1121 | 0 | removechildren = 0; |
1122 | 75 | #endif |
1123 | | |
1124 | 75 | #ifndef FIPS_MODULE |
1125 | 75 | if (removechildren && store != NULL) { |
1126 | 75 | int i, max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); |
1127 | 75 | OSSL_PROVIDER_CHILD_CB *child_cb; |
1128 | | |
1129 | 75 | for (i = 0; i < max; i++) { |
1130 | 0 | child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); |
1131 | 0 | child_cb->remove_cb((OSSL_CORE_HANDLE *)prov, child_cb->cbdata); |
1132 | 0 | } |
1133 | 75 | } |
1134 | 75 | #endif |
1135 | 75 | if (lock) { |
1136 | 75 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1137 | 75 | CRYPTO_THREAD_unlock(store->lock); |
1138 | | /* |
1139 | | * This can be done outside the lock. We tolerate other threads getting |
1140 | | * the wrong result briefly when creating OSSL_DECODER_CTXs. |
1141 | | */ |
1142 | 75 | #ifndef FIPS_MODULE |
1143 | 75 | if (count < 1) |
1144 | 75 | ossl_decoder_cache_flush(prov->libctx); |
1145 | 75 | #endif |
1146 | 75 | } |
1147 | 75 | #ifndef FIPS_MODULE |
1148 | 75 | if (freeparent) |
1149 | 0 | ossl_provider_free_parent(prov, 1); |
1150 | 75 | #endif |
1151 | | |
1152 | | /* We don't deinit here, that's done in ossl_provider_free() */ |
1153 | 75 | return count; |
1154 | 75 | } |
1155 | | |
1156 | | /* |
1157 | | * Activate a provider. |
1158 | | * Return -1 on failure and the activation count on success |
1159 | | */ |
1160 | | static int provider_activate(OSSL_PROVIDER *prov, int lock, int upcalls) |
1161 | 77 | { |
1162 | 77 | int count = -1; |
1163 | 77 | struct provider_store_st *store; |
1164 | 77 | int ret = 1; |
1165 | | |
1166 | 77 | store = prov->store; |
1167 | | /* |
1168 | | * If the provider hasn't been added to the store, then we don't need |
1169 | | * any locks because we've not shared it with other threads. |
1170 | | */ |
1171 | 77 | if (store == NULL) { |
1172 | 77 | lock = 0; |
1173 | 77 | if (!provider_init(prov)) |
1174 | 0 | return -1; |
1175 | 77 | } |
1176 | | |
1177 | 77 | #ifndef FIPS_MODULE |
1178 | 77 | if (prov->ischild && upcalls && !ossl_provider_up_ref_parent(prov, 1)) |
1179 | 0 | return -1; |
1180 | 77 | #endif |
1181 | | |
1182 | 77 | if (lock && !CRYPTO_THREAD_read_lock(store->lock)) { |
1183 | 0 | #ifndef FIPS_MODULE |
1184 | 0 | if (prov->ischild && upcalls) |
1185 | 0 | ossl_provider_free_parent(prov, 1); |
1186 | 0 | #endif |
1187 | 0 | return -1; |
1188 | 0 | } |
1189 | | |
1190 | 77 | if (lock && !CRYPTO_THREAD_write_lock(prov->flag_lock)) { |
1191 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1192 | 0 | #ifndef FIPS_MODULE |
1193 | 0 | if (prov->ischild && upcalls) |
1194 | 0 | ossl_provider_free_parent(prov, 1); |
1195 | 0 | #endif |
1196 | 0 | return -1; |
1197 | 0 | } |
1198 | 77 | if (CRYPTO_atomic_add(&prov->activatecnt, 1, &count, prov->activatecnt_lock)) { |
1199 | 77 | prov->flag_activated = 1; |
1200 | | |
1201 | 77 | if (count == 1 && store != NULL) { |
1202 | 0 | ret = create_provider_children(prov); |
1203 | 0 | } |
1204 | 77 | } |
1205 | 77 | if (lock) { |
1206 | 0 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1207 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1208 | | /* |
1209 | | * This can be done outside the lock. We tolerate other threads getting |
1210 | | * the wrong result briefly when creating OSSL_DECODER_CTXs. |
1211 | | */ |
1212 | 0 | #ifndef FIPS_MODULE |
1213 | 0 | if (count == 1) |
1214 | 0 | ossl_decoder_cache_flush(prov->libctx); |
1215 | 0 | #endif |
1216 | 0 | } |
1217 | | |
1218 | 77 | if (!ret) |
1219 | 0 | return -1; |
1220 | | |
1221 | 77 | return count; |
1222 | 77 | } |
1223 | | |
1224 | | static int provider_flush_store_cache(const OSSL_PROVIDER *prov) |
1225 | 136 | { |
1226 | 136 | struct provider_store_st *store; |
1227 | 136 | int freeing; |
1228 | | |
1229 | 136 | if ((store = get_provider_store(prov->libctx)) == NULL) |
1230 | 0 | return 0; |
1231 | | |
1232 | 136 | if (!CRYPTO_THREAD_read_lock(store->lock)) |
1233 | 0 | return 0; |
1234 | 136 | freeing = store->freeing; |
1235 | 136 | CRYPTO_THREAD_unlock(store->lock); |
1236 | | |
1237 | 136 | if (!freeing) { |
1238 | 136 | int acc |
1239 | 136 | = evp_method_store_cache_flush(prov->libctx) |
1240 | 136 | #ifndef FIPS_MODULE |
1241 | 136 | + ossl_encoder_store_cache_flush(prov->libctx) |
1242 | 136 | + ossl_decoder_store_cache_flush(prov->libctx) |
1243 | 136 | + ossl_store_loader_store_cache_flush(prov->libctx) |
1244 | 136 | #endif |
1245 | 136 | ; |
1246 | | |
1247 | 136 | #ifndef FIPS_MODULE |
1248 | 136 | return acc == 4; |
1249 | | #else |
1250 | | return acc == 1; |
1251 | | #endif |
1252 | 136 | } |
1253 | 0 | return 1; |
1254 | 136 | } |
1255 | | |
1256 | | static int provider_remove_store_methods(OSSL_PROVIDER *prov) |
1257 | 182 | { |
1258 | 182 | struct provider_store_st *store; |
1259 | 182 | int freeing; |
1260 | | |
1261 | 182 | if ((store = get_provider_store(prov->libctx)) == NULL) |
1262 | 0 | return 0; |
1263 | | |
1264 | 182 | if (!CRYPTO_THREAD_read_lock(store->lock)) |
1265 | 0 | return 0; |
1266 | 182 | freeing = store->freeing; |
1267 | 182 | CRYPTO_THREAD_unlock(store->lock); |
1268 | | |
1269 | 182 | if (!freeing) { |
1270 | 0 | int acc; |
1271 | |
|
1272 | 0 | if (!CRYPTO_THREAD_write_lock(prov->opbits_lock)) |
1273 | 0 | return 0; |
1274 | 0 | OPENSSL_free(prov->operation_bits); |
1275 | 0 | prov->operation_bits = NULL; |
1276 | 0 | prov->operation_bits_sz = 0; |
1277 | 0 | CRYPTO_THREAD_unlock(prov->opbits_lock); |
1278 | |
|
1279 | 0 | acc = evp_method_store_remove_all_provided(prov) |
1280 | 0 | #ifndef FIPS_MODULE |
1281 | 0 | + ossl_encoder_store_remove_all_provided(prov) |
1282 | 0 | + ossl_decoder_store_remove_all_provided(prov) |
1283 | 0 | + ossl_store_loader_store_remove_all_provided(prov) |
1284 | 0 | #endif |
1285 | 0 | ; |
1286 | |
|
1287 | 0 | #ifndef FIPS_MODULE |
1288 | 0 | return acc == 4; |
1289 | | #else |
1290 | | return acc == 1; |
1291 | | #endif |
1292 | 0 | } |
1293 | 182 | return 1; |
1294 | 182 | } |
1295 | | |
1296 | | int ossl_provider_activate(OSSL_PROVIDER *prov, int upcalls, int aschild) |
1297 | 136 | { |
1298 | 136 | int count; |
1299 | | |
1300 | 136 | if (prov == NULL) |
1301 | 0 | return 0; |
1302 | 136 | #ifndef FIPS_MODULE |
1303 | | /* |
1304 | | * If aschild is true, then we only actually do the activation if the |
1305 | | * provider is a child. If its not, this is still success. |
1306 | | */ |
1307 | 136 | if (aschild && !prov->ischild) |
1308 | 0 | return 1; |
1309 | 136 | #endif |
1310 | 136 | if ((count = provider_activate(prov, 1, upcalls)) > 0) |
1311 | 136 | return count == 1 ? provider_flush_store_cache(prov) : 1; |
1312 | | |
1313 | 0 | return 0; |
1314 | 136 | } |
1315 | | |
1316 | | int ossl_provider_deactivate(OSSL_PROVIDER *prov, int removechildren) |
1317 | 182 | { |
1318 | 182 | int count; |
1319 | | |
1320 | 182 | if (prov == NULL |
1321 | 182 | || (count = provider_deactivate(prov, 1, removechildren)) < 0) |
1322 | 0 | return 0; |
1323 | 182 | return count == 0 ? provider_remove_store_methods(prov) : 1; |
1324 | 182 | } |
1325 | | |
1326 | | void *ossl_provider_ctx(const OSSL_PROVIDER *prov) |
1327 | 30.5M | { |
1328 | 30.5M | return prov != NULL ? prov->provctx : NULL; |
1329 | 30.5M | } |
1330 | | |
1331 | | /* |
1332 | | * This function only does something once when store->use_fallbacks == 1, |
1333 | | * and then sets store->use_fallbacks = 0, so the second call and so on is |
1334 | | * effectively a no-op. |
1335 | | */ |
1336 | | static int provider_activate_fallbacks(struct provider_store_st *store) |
1337 | 2.16M | { |
1338 | 2.16M | int use_fallbacks; |
1339 | 2.16M | int activated_fallback_count = 0; |
1340 | 2.16M | int ret = 0; |
1341 | 2.16M | const OSSL_PROVIDER_INFO *p; |
1342 | | |
1343 | 2.16M | if (!CRYPTO_THREAD_read_lock(store->lock)) |
1344 | 0 | return 0; |
1345 | 2.16M | use_fallbacks = store->use_fallbacks; |
1346 | 2.16M | CRYPTO_THREAD_unlock(store->lock); |
1347 | 2.16M | if (!use_fallbacks) |
1348 | 2.16M | return 1; |
1349 | | |
1350 | 36 | if (!CRYPTO_THREAD_write_lock(store->lock)) |
1351 | 0 | return 0; |
1352 | | /* Check again, just in case another thread changed it */ |
1353 | 36 | use_fallbacks = store->use_fallbacks; |
1354 | 36 | if (!use_fallbacks) { |
1355 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1356 | 0 | return 1; |
1357 | 0 | } |
1358 | | |
1359 | 144 | for (p = ossl_predefined_providers; p->name != NULL; p++) { |
1360 | 108 | OSSL_PROVIDER *prov = NULL; |
1361 | | |
1362 | 108 | if (!p->is_fallback) |
1363 | 72 | continue; |
1364 | | /* |
1365 | | * We use the internal constructor directly here, |
1366 | | * otherwise we get a call loop |
1367 | | */ |
1368 | 36 | prov = provider_new(p->name, p->init, NULL); |
1369 | 36 | if (prov == NULL) |
1370 | 0 | goto err; |
1371 | 36 | prov->libctx = store->libctx; |
1372 | 36 | #ifndef FIPS_MODULE |
1373 | 36 | prov->error_lib = ERR_get_next_error_library(); |
1374 | 36 | #endif |
1375 | | |
1376 | | /* |
1377 | | * We are calling provider_activate while holding the store lock. This |
1378 | | * means the init function will be called while holding a lock. Normally |
1379 | | * we try to avoid calling a user callback while holding a lock. |
1380 | | * However, fallbacks are never third party providers so we accept this. |
1381 | | */ |
1382 | 36 | if (provider_activate(prov, 0, 0) < 0) { |
1383 | 0 | ossl_provider_free(prov); |
1384 | 0 | goto err; |
1385 | 0 | } |
1386 | 36 | prov->store = store; |
1387 | 36 | if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) { |
1388 | 0 | ossl_provider_free(prov); |
1389 | 0 | goto err; |
1390 | 0 | } |
1391 | 36 | activated_fallback_count++; |
1392 | 36 | } |
1393 | | |
1394 | 36 | if (activated_fallback_count > 0) { |
1395 | 36 | store->use_fallbacks = 0; |
1396 | 36 | ret = 1; |
1397 | 36 | } |
1398 | 36 | err: |
1399 | 36 | CRYPTO_THREAD_unlock(store->lock); |
1400 | 36 | return ret; |
1401 | 36 | } |
1402 | | |
1403 | | int ossl_provider_doall_activated(OSSL_LIB_CTX *ctx, |
1404 | | int (*cb)(OSSL_PROVIDER *provider, |
1405 | | void *cbdata), |
1406 | | void *cbdata) |
1407 | 2.95M | { |
1408 | 2.95M | int ret = 0, curr, max, ref = 0; |
1409 | 2.95M | struct provider_store_st *store = get_provider_store(ctx); |
1410 | 2.95M | STACK_OF(OSSL_PROVIDER) *provs = NULL; |
1411 | | |
1412 | 2.95M | #if !defined(FIPS_MODULE) && !defined(OPENSSL_NO_AUTOLOAD_CONFIG) |
1413 | | /* |
1414 | | * Make sure any providers are loaded from config before we try to use |
1415 | | * them. |
1416 | | */ |
1417 | 2.95M | if (ossl_lib_ctx_is_default(ctx)) |
1418 | 2.94M | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); |
1419 | 2.95M | #endif |
1420 | | |
1421 | 2.95M | if (store == NULL) |
1422 | 0 | return 1; |
1423 | 2.95M | if (!provider_activate_fallbacks(store)) |
1424 | 0 | return 0; |
1425 | | |
1426 | | /* |
1427 | | * Under lock, grab a copy of the provider list and up_ref each |
1428 | | * provider so that they don't disappear underneath us. |
1429 | | */ |
1430 | 2.95M | if (!CRYPTO_THREAD_read_lock(store->lock)) |
1431 | 0 | return 0; |
1432 | 2.95M | provs = sk_OSSL_PROVIDER_dup(store->providers); |
1433 | 2.95M | if (provs == NULL) { |
1434 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1435 | 0 | return 0; |
1436 | 0 | } |
1437 | 2.95M | max = sk_OSSL_PROVIDER_num(provs); |
1438 | | /* |
1439 | | * We work backwards through the stack so that we can safely delete items |
1440 | | * as we go. |
1441 | | */ |
1442 | 8.85M | for (curr = max - 1; curr >= 0; curr--) { |
1443 | 5.89M | OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); |
1444 | | |
1445 | 5.89M | if (!CRYPTO_THREAD_read_lock(prov->flag_lock)) |
1446 | 0 | goto err_unlock; |
1447 | 5.89M | if (prov->flag_activated) { |
1448 | | /* |
1449 | | * We call CRYPTO_UP_REF directly rather than ossl_provider_up_ref |
1450 | | * to avoid upping the ref count on the parent provider, which we |
1451 | | * must not do while holding locks. |
1452 | | */ |
1453 | 5.89M | if (CRYPTO_UP_REF(&prov->refcnt, &ref) <= 0) { |
1454 | 0 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1455 | 0 | goto err_unlock; |
1456 | 0 | } |
1457 | | /* |
1458 | | * It's already activated, but we up the activated count to ensure |
1459 | | * it remains activated until after we've called the user callback. |
1460 | | * In theory this could mean the parent provider goes inactive, |
1461 | | * whilst still activated in the child for a short period. That's ok. |
1462 | | */ |
1463 | 5.89M | if (!CRYPTO_atomic_add(&prov->activatecnt, 1, &ref, |
1464 | 5.89M | prov->activatecnt_lock)) { |
1465 | 0 | CRYPTO_DOWN_REF(&prov->refcnt, &ref); |
1466 | 0 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1467 | 0 | goto err_unlock; |
1468 | 0 | } |
1469 | 5.89M | } else { |
1470 | 0 | sk_OSSL_PROVIDER_delete(provs, curr); |
1471 | 0 | max--; |
1472 | 0 | } |
1473 | 5.89M | CRYPTO_THREAD_unlock(prov->flag_lock); |
1474 | 5.89M | } |
1475 | 2.95M | CRYPTO_THREAD_unlock(store->lock); |
1476 | | |
1477 | | /* |
1478 | | * Now, we sweep through all providers not under lock |
1479 | | */ |
1480 | 8.85M | for (curr = 0; curr < max; curr++) { |
1481 | 5.89M | OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); |
1482 | | |
1483 | 5.89M | if (!cb(prov, cbdata)) { |
1484 | 0 | curr = -1; |
1485 | 0 | goto finish; |
1486 | 0 | } |
1487 | 5.89M | } |
1488 | 2.95M | curr = -1; |
1489 | | |
1490 | 2.95M | ret = 1; |
1491 | 2.95M | goto finish; |
1492 | | |
1493 | 0 | err_unlock: |
1494 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1495 | 2.95M | finish: |
1496 | | /* |
1497 | | * The pop_free call doesn't do what we want on an error condition. We |
1498 | | * either start from the first item in the stack, or part way through if |
1499 | | * we only processed some of the items. |
1500 | | */ |
1501 | 8.85M | for (curr++; curr < max; curr++) { |
1502 | 5.89M | OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr); |
1503 | | |
1504 | 5.89M | if (!CRYPTO_atomic_add(&prov->activatecnt, -1, &ref, |
1505 | 5.89M | prov->activatecnt_lock)) { |
1506 | 0 | ret = 0; |
1507 | 0 | continue; |
1508 | 0 | } |
1509 | 5.89M | if (ref < 1) { |
1510 | | /* |
1511 | | * Looks like we need to deactivate properly. We could just have |
1512 | | * done this originally, but it involves taking a write lock so |
1513 | | * we avoid it. We up the count again and do a full deactivation |
1514 | | */ |
1515 | 0 | if (CRYPTO_atomic_add(&prov->activatecnt, 1, &ref, |
1516 | 0 | prov->activatecnt_lock)) |
1517 | 0 | provider_deactivate(prov, 0, 1); |
1518 | 0 | else |
1519 | 0 | ret = 0; |
1520 | 0 | } |
1521 | | /* |
1522 | | * As above where we did the up-ref, we don't call ossl_provider_free |
1523 | | * to avoid making upcalls. There should always be at least one ref |
1524 | | * to the provider in the store, so this should never drop to 0. |
1525 | | */ |
1526 | 5.89M | if (!CRYPTO_DOWN_REF(&prov->refcnt, &ref)) { |
1527 | 0 | ret = 0; |
1528 | 0 | continue; |
1529 | 0 | } |
1530 | | /* |
1531 | | * Not much we can do if this assert ever fails. So we don't use |
1532 | | * ossl_assert here. |
1533 | | */ |
1534 | 5.89M | assert(ref > 0); |
1535 | 5.89M | } |
1536 | 2.95M | sk_OSSL_PROVIDER_free(provs); |
1537 | 2.95M | return ret; |
1538 | 2.95M | } |
1539 | | |
1540 | | int OSSL_PROVIDER_available(OSSL_LIB_CTX *libctx, const char *name) |
1541 | 0 | { |
1542 | 0 | OSSL_PROVIDER *prov = NULL; |
1543 | 0 | int available = 0; |
1544 | 0 | struct provider_store_st *store = get_provider_store(libctx); |
1545 | |
|
1546 | 0 | if (store == NULL || !provider_activate_fallbacks(store)) |
1547 | 0 | return 0; |
1548 | | |
1549 | 0 | prov = ossl_provider_find(libctx, name, 0); |
1550 | 0 | if (prov != NULL) { |
1551 | 0 | if (!CRYPTO_THREAD_read_lock(prov->flag_lock)) |
1552 | 0 | return 0; |
1553 | 0 | available = prov->flag_activated; |
1554 | 0 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1555 | 0 | ossl_provider_free(prov); |
1556 | 0 | } |
1557 | 0 | return available; |
1558 | 0 | } |
1559 | | |
1560 | | /* Getters of Provider Object data */ |
1561 | | const char *ossl_provider_name(const OSSL_PROVIDER *prov) |
1562 | 1.32k | { |
1563 | 1.32k | return prov->name; |
1564 | 1.32k | } |
1565 | | |
1566 | | const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov) |
1567 | 0 | { |
1568 | 0 | return prov->module; |
1569 | 0 | } |
1570 | | |
1571 | | const char *ossl_provider_module_name(const OSSL_PROVIDER *prov) |
1572 | 0 | { |
1573 | | #ifdef FIPS_MODULE |
1574 | | return NULL; |
1575 | | #else |
1576 | 0 | return DSO_get_filename(prov->module); |
1577 | 0 | #endif |
1578 | 0 | } |
1579 | | |
1580 | | const char *ossl_provider_module_path(const OSSL_PROVIDER *prov) |
1581 | 0 | { |
1582 | | #ifdef FIPS_MODULE |
1583 | | return NULL; |
1584 | | #else |
1585 | | /* FIXME: Ensure it's a full path */ |
1586 | 0 | return DSO_get_filename(prov->module); |
1587 | 0 | #endif |
1588 | 0 | } |
1589 | | |
1590 | | void *ossl_provider_prov_ctx(const OSSL_PROVIDER *prov) |
1591 | 201M | { |
1592 | 201M | if (prov != NULL) |
1593 | 201M | return prov->provctx; |
1594 | | |
1595 | 0 | return NULL; |
1596 | 201M | } |
1597 | | |
1598 | | const OSSL_DISPATCH *ossl_provider_get0_dispatch(const OSSL_PROVIDER *prov) |
1599 | 0 | { |
1600 | 0 | if (prov != NULL) |
1601 | 0 | return prov->dispatch; |
1602 | | |
1603 | 0 | return NULL; |
1604 | 0 | } |
1605 | | |
1606 | | OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov) |
1607 | 256M | { |
1608 | 256M | return prov != NULL ? prov->libctx : NULL; |
1609 | 256M | } |
1610 | | |
1611 | | /* Wrappers around calls to the provider */ |
1612 | | void ossl_provider_teardown(const OSSL_PROVIDER *prov) |
1613 | 34 | { |
1614 | 34 | if (prov->teardown != NULL |
1615 | 34 | #ifndef FIPS_MODULE |
1616 | 34 | && !prov->ischild |
1617 | 34 | #endif |
1618 | 34 | ) |
1619 | 34 | prov->teardown(prov->provctx); |
1620 | 34 | } |
1621 | | |
1622 | | const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov) |
1623 | 0 | { |
1624 | 0 | return prov->gettable_params == NULL |
1625 | 0 | ? NULL |
1626 | 0 | : prov->gettable_params(prov->provctx); |
1627 | 0 | } |
1628 | | |
1629 | | int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) |
1630 | 0 | { |
1631 | 0 | return prov->get_params == NULL |
1632 | 0 | ? 0 |
1633 | 0 | : prov->get_params(prov->provctx, params); |
1634 | 0 | } |
1635 | | |
1636 | | int ossl_provider_self_test(const OSSL_PROVIDER *prov) |
1637 | 0 | { |
1638 | 0 | int ret; |
1639 | |
|
1640 | 0 | if (prov->self_test == NULL) |
1641 | 0 | return 1; |
1642 | 0 | ret = prov->self_test(prov->provctx); |
1643 | 0 | if (ret == 0) |
1644 | 0 | (void)provider_remove_store_methods((OSSL_PROVIDER *)prov); |
1645 | 0 | return ret; |
1646 | 0 | } |
1647 | | |
1648 | | int ossl_provider_get_capabilities(const OSSL_PROVIDER *prov, |
1649 | | const char *capability, |
1650 | | OSSL_CALLBACK *cb, |
1651 | | void *arg) |
1652 | 268k | { |
1653 | 268k | return prov->get_capabilities == NULL |
1654 | 268k | ? 1 |
1655 | 268k | : prov->get_capabilities(prov->provctx, capability, cb, arg); |
1656 | 268k | } |
1657 | | |
1658 | | const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, |
1659 | | int operation_id, |
1660 | | int *no_cache) |
1661 | 3.87M | { |
1662 | 3.87M | const OSSL_ALGORITHM *res; |
1663 | | |
1664 | 3.87M | if (prov->query_operation == NULL) |
1665 | 0 | return NULL; |
1666 | 3.87M | res = prov->query_operation(prov->provctx, operation_id, no_cache); |
1667 | | #if defined(OPENSSL_NO_CACHED_FETCH) |
1668 | | /* Forcing the non-caching of queries */ |
1669 | | if (no_cache != NULL) |
1670 | | *no_cache = 1; |
1671 | | #endif |
1672 | 3.87M | return res; |
1673 | 3.87M | } |
1674 | | |
1675 | | void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, |
1676 | | int operation_id, |
1677 | | const OSSL_ALGORITHM *algs) |
1678 | 3.87M | { |
1679 | 3.87M | if (prov->unquery_operation != NULL) |
1680 | 0 | prov->unquery_operation(prov->provctx, operation_id, algs); |
1681 | 3.87M | } |
1682 | | |
1683 | | int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum) |
1684 | 1.04k | { |
1685 | 1.04k | size_t byte = bitnum / 8; |
1686 | 1.04k | unsigned char bit = (1 << (bitnum % 8)) & 0xFF; |
1687 | | |
1688 | 1.04k | if (!CRYPTO_THREAD_write_lock(provider->opbits_lock)) |
1689 | 0 | return 0; |
1690 | 1.04k | if (provider->operation_bits_sz <= byte) { |
1691 | 358 | unsigned char *tmp = OPENSSL_realloc(provider->operation_bits, |
1692 | 358 | byte + 1); |
1693 | | |
1694 | 358 | if (tmp == NULL) { |
1695 | 0 | CRYPTO_THREAD_unlock(provider->opbits_lock); |
1696 | 0 | return 0; |
1697 | 0 | } |
1698 | 358 | provider->operation_bits = tmp; |
1699 | 358 | memset(provider->operation_bits + provider->operation_bits_sz, |
1700 | 358 | '\0', byte + 1 - provider->operation_bits_sz); |
1701 | 358 | provider->operation_bits_sz = byte + 1; |
1702 | 358 | } |
1703 | 1.04k | provider->operation_bits[byte] |= bit; |
1704 | 1.04k | CRYPTO_THREAD_unlock(provider->opbits_lock); |
1705 | 1.04k | return 1; |
1706 | 1.04k | } |
1707 | | |
1708 | | int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, |
1709 | | int *result) |
1710 | 7.02M | { |
1711 | 7.02M | size_t byte = bitnum / 8; |
1712 | 7.02M | unsigned char bit = (1 << (bitnum % 8)) & 0xFF; |
1713 | | |
1714 | 7.02M | if (!ossl_assert(result != NULL)) { |
1715 | 0 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); |
1716 | 0 | return 0; |
1717 | 0 | } |
1718 | | |
1719 | 7.02M | *result = 0; |
1720 | 7.02M | if (!CRYPTO_THREAD_read_lock(provider->opbits_lock)) |
1721 | 0 | return 0; |
1722 | 7.02M | if (provider->operation_bits_sz > byte) |
1723 | 7.02M | *result = ((provider->operation_bits[byte] & bit) != 0); |
1724 | 7.02M | CRYPTO_THREAD_unlock(provider->opbits_lock); |
1725 | 7.02M | return 1; |
1726 | 7.02M | } |
1727 | | |
1728 | | #ifndef FIPS_MODULE |
1729 | | const OSSL_CORE_HANDLE *ossl_provider_get_parent(OSSL_PROVIDER *prov) |
1730 | 0 | { |
1731 | 0 | return prov->handle; |
1732 | 0 | } |
1733 | | |
1734 | | int ossl_provider_is_child(const OSSL_PROVIDER *prov) |
1735 | 0 | { |
1736 | 0 | return prov->ischild; |
1737 | 0 | } |
1738 | | |
1739 | | int ossl_provider_set_child(OSSL_PROVIDER *prov, const OSSL_CORE_HANDLE *handle) |
1740 | 0 | { |
1741 | 0 | prov->handle = handle; |
1742 | 0 | prov->ischild = 1; |
1743 | |
|
1744 | 0 | return 1; |
1745 | 0 | } |
1746 | | |
1747 | | int ossl_provider_default_props_update(OSSL_LIB_CTX *libctx, const char *props) |
1748 | 0 | { |
1749 | 0 | #ifndef FIPS_MODULE |
1750 | 0 | struct provider_store_st *store = NULL; |
1751 | 0 | int i, max; |
1752 | 0 | OSSL_PROVIDER_CHILD_CB *child_cb; |
1753 | |
|
1754 | 0 | if ((store = get_provider_store(libctx)) == NULL) |
1755 | 0 | return 0; |
1756 | | |
1757 | 0 | if (!CRYPTO_THREAD_read_lock(store->lock)) |
1758 | 0 | return 0; |
1759 | | |
1760 | 0 | max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); |
1761 | 0 | for (i = 0; i < max; i++) { |
1762 | 0 | child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); |
1763 | 0 | child_cb->global_props_cb(props, child_cb->cbdata); |
1764 | 0 | } |
1765 | |
|
1766 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1767 | 0 | #endif |
1768 | 0 | return 1; |
1769 | 0 | } |
1770 | | |
1771 | | static int ossl_provider_register_child_cb(const OSSL_CORE_HANDLE *handle, |
1772 | | int (*create_cb)( |
1773 | | const OSSL_CORE_HANDLE *provider, |
1774 | | void *cbdata), |
1775 | | int (*remove_cb)( |
1776 | | const OSSL_CORE_HANDLE *provider, |
1777 | | void *cbdata), |
1778 | | int (*global_props_cb)( |
1779 | | const char *props, |
1780 | | void *cbdata), |
1781 | | void *cbdata) |
1782 | 0 | { |
1783 | | /* |
1784 | | * This is really an OSSL_PROVIDER that we created and cast to |
1785 | | * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back. |
1786 | | */ |
1787 | 0 | OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle; |
1788 | 0 | OSSL_PROVIDER *prov; |
1789 | 0 | OSSL_LIB_CTX *libctx = thisprov->libctx; |
1790 | 0 | struct provider_store_st *store = NULL; |
1791 | 0 | int ret = 0, i, max; |
1792 | 0 | OSSL_PROVIDER_CHILD_CB *child_cb; |
1793 | 0 | char *propsstr = NULL; |
1794 | |
|
1795 | 0 | if ((store = get_provider_store(libctx)) == NULL) |
1796 | 0 | return 0; |
1797 | | |
1798 | 0 | child_cb = OPENSSL_malloc(sizeof(*child_cb)); |
1799 | 0 | if (child_cb == NULL) |
1800 | 0 | return 0; |
1801 | 0 | child_cb->prov = thisprov; |
1802 | 0 | child_cb->create_cb = create_cb; |
1803 | 0 | child_cb->remove_cb = remove_cb; |
1804 | 0 | child_cb->global_props_cb = global_props_cb; |
1805 | 0 | child_cb->cbdata = cbdata; |
1806 | |
|
1807 | 0 | if (!CRYPTO_THREAD_write_lock(store->lock)) { |
1808 | 0 | OPENSSL_free(child_cb); |
1809 | 0 | return 0; |
1810 | 0 | } |
1811 | 0 | propsstr = evp_get_global_properties_str(libctx, 0); |
1812 | |
|
1813 | 0 | if (propsstr != NULL) { |
1814 | 0 | global_props_cb(propsstr, cbdata); |
1815 | 0 | OPENSSL_free(propsstr); |
1816 | 0 | } |
1817 | 0 | max = sk_OSSL_PROVIDER_num(store->providers); |
1818 | 0 | for (i = 0; i < max; i++) { |
1819 | 0 | int activated; |
1820 | |
|
1821 | 0 | prov = sk_OSSL_PROVIDER_value(store->providers, i); |
1822 | |
|
1823 | 0 | if (!CRYPTO_THREAD_read_lock(prov->flag_lock)) |
1824 | 0 | break; |
1825 | 0 | activated = prov->flag_activated; |
1826 | 0 | CRYPTO_THREAD_unlock(prov->flag_lock); |
1827 | | /* |
1828 | | * We hold the store lock while calling the user callback. This means |
1829 | | * that the user callback must be short and simple and not do anything |
1830 | | * likely to cause a deadlock. We don't hold the flag_lock during this |
1831 | | * call. In theory this means that another thread could deactivate it |
1832 | | * while we are calling create. This is ok because the other thread |
1833 | | * will also call remove_cb, but won't be able to do so until we release |
1834 | | * the store lock. |
1835 | | */ |
1836 | 0 | if (activated && !create_cb((OSSL_CORE_HANDLE *)prov, cbdata)) |
1837 | 0 | break; |
1838 | 0 | } |
1839 | 0 | if (i == max) { |
1840 | | /* Success */ |
1841 | 0 | ret = sk_OSSL_PROVIDER_CHILD_CB_push(store->child_cbs, child_cb); |
1842 | 0 | } |
1843 | 0 | if (i != max || ret <= 0) { |
1844 | | /* Failed during creation. Remove everything we just added */ |
1845 | 0 | for (; i >= 0; i--) { |
1846 | 0 | prov = sk_OSSL_PROVIDER_value(store->providers, i); |
1847 | 0 | remove_cb((OSSL_CORE_HANDLE *)prov, cbdata); |
1848 | 0 | } |
1849 | 0 | OPENSSL_free(child_cb); |
1850 | 0 | ret = 0; |
1851 | 0 | } |
1852 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1853 | |
|
1854 | 0 | return ret; |
1855 | 0 | } |
1856 | | |
1857 | | static void ossl_provider_deregister_child_cb(const OSSL_CORE_HANDLE *handle) |
1858 | 0 | { |
1859 | | /* |
1860 | | * This is really an OSSL_PROVIDER that we created and cast to |
1861 | | * OSSL_CORE_HANDLE originally. Therefore it is safe to cast it back. |
1862 | | */ |
1863 | 0 | OSSL_PROVIDER *thisprov = (OSSL_PROVIDER *)handle; |
1864 | 0 | OSSL_LIB_CTX *libctx = thisprov->libctx; |
1865 | 0 | struct provider_store_st *store = NULL; |
1866 | 0 | int i, max; |
1867 | 0 | OSSL_PROVIDER_CHILD_CB *child_cb; |
1868 | |
|
1869 | 0 | if ((store = get_provider_store(libctx)) == NULL) |
1870 | 0 | return; |
1871 | | |
1872 | 0 | if (!CRYPTO_THREAD_write_lock(store->lock)) |
1873 | 0 | return; |
1874 | 0 | max = sk_OSSL_PROVIDER_CHILD_CB_num(store->child_cbs); |
1875 | 0 | for (i = 0; i < max; i++) { |
1876 | 0 | child_cb = sk_OSSL_PROVIDER_CHILD_CB_value(store->child_cbs, i); |
1877 | 0 | if (child_cb->prov == thisprov) { |
1878 | | /* Found an entry */ |
1879 | 0 | sk_OSSL_PROVIDER_CHILD_CB_delete(store->child_cbs, i); |
1880 | 0 | OPENSSL_free(child_cb); |
1881 | 0 | break; |
1882 | 0 | } |
1883 | 0 | } |
1884 | 0 | CRYPTO_THREAD_unlock(store->lock); |
1885 | 0 | } |
1886 | | #endif |
1887 | | |
1888 | | /*- |
1889 | | * Core functions for the provider |
1890 | | * =============================== |
1891 | | * |
1892 | | * This is the set of functions that the core makes available to the provider |
1893 | | */ |
1894 | | |
1895 | | /* |
1896 | | * This returns a list of Provider Object parameters with their types, for |
1897 | | * discovery. We do not expect that many providers will use this, but one |
1898 | | * never knows. |
1899 | | */ |
1900 | | static const OSSL_PARAM param_types[] = { |
1901 | | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_VERSION, OSSL_PARAM_UTF8_PTR, NULL, 0), |
1902 | | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_PROV_NAME, OSSL_PARAM_UTF8_PTR, |
1903 | | NULL, 0), |
1904 | | #ifndef FIPS_MODULE |
1905 | | OSSL_PARAM_DEFN(OSSL_PROV_PARAM_CORE_MODULE_FILENAME, OSSL_PARAM_UTF8_PTR, |
1906 | | NULL, 0), |
1907 | | #endif |
1908 | | OSSL_PARAM_END |
1909 | | }; |
1910 | | |
1911 | | /* |
1912 | | * Forward declare all the functions that are provided aa dispatch. |
1913 | | * This ensures that the compiler will complain if they aren't defined |
1914 | | * with the correct signature. |
1915 | | */ |
1916 | | static OSSL_FUNC_core_gettable_params_fn core_gettable_params; |
1917 | | static OSSL_FUNC_core_get_params_fn core_get_params; |
1918 | | static OSSL_FUNC_core_get_libctx_fn core_get_libctx; |
1919 | | static OSSL_FUNC_core_thread_start_fn core_thread_start; |
1920 | | #ifndef FIPS_MODULE |
1921 | | static OSSL_FUNC_core_new_error_fn core_new_error; |
1922 | | static OSSL_FUNC_core_set_error_debug_fn core_set_error_debug; |
1923 | | static OSSL_FUNC_core_vset_error_fn core_vset_error; |
1924 | | static OSSL_FUNC_core_set_error_mark_fn core_set_error_mark; |
1925 | | static OSSL_FUNC_core_clear_last_error_mark_fn core_clear_last_error_mark; |
1926 | | static OSSL_FUNC_core_pop_error_to_mark_fn core_pop_error_to_mark; |
1927 | | OSSL_FUNC_BIO_new_file_fn ossl_core_bio_new_file; |
1928 | | OSSL_FUNC_BIO_new_membuf_fn ossl_core_bio_new_mem_buf; |
1929 | | OSSL_FUNC_BIO_read_ex_fn ossl_core_bio_read_ex; |
1930 | | OSSL_FUNC_BIO_write_ex_fn ossl_core_bio_write_ex; |
1931 | | OSSL_FUNC_BIO_gets_fn ossl_core_bio_gets; |
1932 | | OSSL_FUNC_BIO_puts_fn ossl_core_bio_puts; |
1933 | | OSSL_FUNC_BIO_up_ref_fn ossl_core_bio_up_ref; |
1934 | | OSSL_FUNC_BIO_free_fn ossl_core_bio_free; |
1935 | | OSSL_FUNC_BIO_vprintf_fn ossl_core_bio_vprintf; |
1936 | | OSSL_FUNC_BIO_vsnprintf_fn BIO_vsnprintf; |
1937 | | static OSSL_FUNC_indicator_cb_fn core_indicator_get_callback; |
1938 | | static OSSL_FUNC_self_test_cb_fn core_self_test_get_callback; |
1939 | | static OSSL_FUNC_get_entropy_fn rand_get_entropy; |
1940 | | static OSSL_FUNC_get_user_entropy_fn rand_get_user_entropy; |
1941 | | static OSSL_FUNC_cleanup_entropy_fn rand_cleanup_entropy; |
1942 | | static OSSL_FUNC_cleanup_user_entropy_fn rand_cleanup_user_entropy; |
1943 | | static OSSL_FUNC_get_nonce_fn rand_get_nonce; |
1944 | | static OSSL_FUNC_get_user_nonce_fn rand_get_user_nonce; |
1945 | | static OSSL_FUNC_cleanup_nonce_fn rand_cleanup_nonce; |
1946 | | static OSSL_FUNC_cleanup_user_nonce_fn rand_cleanup_user_nonce; |
1947 | | #endif |
1948 | | OSSL_FUNC_CRYPTO_malloc_fn CRYPTO_malloc; |
1949 | | OSSL_FUNC_CRYPTO_zalloc_fn CRYPTO_zalloc; |
1950 | | OSSL_FUNC_CRYPTO_free_fn CRYPTO_free; |
1951 | | OSSL_FUNC_CRYPTO_clear_free_fn CRYPTO_clear_free; |
1952 | | OSSL_FUNC_CRYPTO_realloc_fn CRYPTO_realloc; |
1953 | | OSSL_FUNC_CRYPTO_clear_realloc_fn CRYPTO_clear_realloc; |
1954 | | OSSL_FUNC_CRYPTO_secure_malloc_fn CRYPTO_secure_malloc; |
1955 | | OSSL_FUNC_CRYPTO_secure_zalloc_fn CRYPTO_secure_zalloc; |
1956 | | OSSL_FUNC_CRYPTO_secure_free_fn CRYPTO_secure_free; |
1957 | | OSSL_FUNC_CRYPTO_secure_clear_free_fn CRYPTO_secure_clear_free; |
1958 | | OSSL_FUNC_CRYPTO_secure_allocated_fn CRYPTO_secure_allocated; |
1959 | | OSSL_FUNC_OPENSSL_cleanse_fn OPENSSL_cleanse; |
1960 | | #ifndef FIPS_MODULE |
1961 | | OSSL_FUNC_provider_register_child_cb_fn ossl_provider_register_child_cb; |
1962 | | OSSL_FUNC_provider_deregister_child_cb_fn ossl_provider_deregister_child_cb; |
1963 | | static OSSL_FUNC_provider_name_fn core_provider_get0_name; |
1964 | | static OSSL_FUNC_provider_get0_provider_ctx_fn core_provider_get0_provider_ctx; |
1965 | | static OSSL_FUNC_provider_get0_dispatch_fn core_provider_get0_dispatch; |
1966 | | static OSSL_FUNC_provider_up_ref_fn core_provider_up_ref_intern; |
1967 | | static OSSL_FUNC_provider_free_fn core_provider_free_intern; |
1968 | | static OSSL_FUNC_core_obj_add_sigid_fn core_obj_add_sigid; |
1969 | | static OSSL_FUNC_core_obj_create_fn core_obj_create; |
1970 | | #endif |
1971 | | |
1972 | | static const OSSL_PARAM *core_gettable_params(const OSSL_CORE_HANDLE *handle) |
1973 | 0 | { |
1974 | 0 | return param_types; |
1975 | 0 | } |
1976 | | |
1977 | | static int core_get_params(const OSSL_CORE_HANDLE *handle, OSSL_PARAM params[]) |
1978 | 0 | { |
1979 | 0 | int i; |
1980 | 0 | OSSL_PARAM *p; |
1981 | | /* |
1982 | | * We created this object originally and we know it is actually an |
1983 | | * OSSL_PROVIDER *, so the cast is safe |
1984 | | */ |
1985 | 0 | OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; |
1986 | |
|
1987 | 0 | if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_VERSION)) != NULL) |
1988 | 0 | OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR); |
1989 | 0 | if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_CORE_PROV_NAME)) != NULL) |
1990 | 0 | OSSL_PARAM_set_utf8_ptr(p, prov->name); |
1991 | |
|
1992 | 0 | #ifndef FIPS_MODULE |
1993 | 0 | if ((p = OSSL_PARAM_locate(params, |
1994 | 0 | OSSL_PROV_PARAM_CORE_MODULE_FILENAME)) |
1995 | 0 | != NULL) |
1996 | 0 | OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov)); |
1997 | 0 | #endif |
1998 | |
|
1999 | 0 | if (prov->parameters == NULL) |
2000 | 0 | return 1; |
2001 | | |
2002 | 0 | for (i = 0; i < sk_INFOPAIR_num(prov->parameters); i++) { |
2003 | 0 | INFOPAIR *pair = sk_INFOPAIR_value(prov->parameters, i); |
2004 | |
|
2005 | 0 | if ((p = OSSL_PARAM_locate(params, pair->name)) != NULL) |
2006 | 0 | OSSL_PARAM_set_utf8_ptr(p, pair->value); |
2007 | 0 | } |
2008 | 0 | return 1; |
2009 | 0 | } |
2010 | | |
2011 | | static OPENSSL_CORE_CTX *core_get_libctx(const OSSL_CORE_HANDLE *handle) |
2012 | 3.04k | { |
2013 | | /* |
2014 | | * We created this object originally and we know it is actually an |
2015 | | * OSSL_PROVIDER *, so the cast is safe |
2016 | | */ |
2017 | 3.04k | OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; |
2018 | | |
2019 | | /* |
2020 | | * Using ossl_provider_libctx would be wrong as that returns |
2021 | | * NULL for |prov| == NULL and NULL libctx has a special meaning |
2022 | | * that does not apply here. Here |prov| == NULL can happen only in |
2023 | | * case of a coding error. |
2024 | | */ |
2025 | 3.04k | assert(prov != NULL); |
2026 | 3.04k | return (OPENSSL_CORE_CTX *)prov->libctx; |
2027 | 3.04k | } |
2028 | | |
2029 | | static int core_thread_start(const OSSL_CORE_HANDLE *handle, |
2030 | | OSSL_thread_stop_handler_fn handfn, |
2031 | | void *arg) |
2032 | 0 | { |
2033 | | /* |
2034 | | * We created this object originally and we know it is actually an |
2035 | | * OSSL_PROVIDER *, so the cast is safe |
2036 | | */ |
2037 | 0 | OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; |
2038 | |
|
2039 | 0 | return ossl_init_thread_start(prov, arg, handfn); |
2040 | 0 | } |
2041 | | |
2042 | | /* |
2043 | | * The FIPS module inner provider doesn't implement these. They aren't |
2044 | | * needed there, since the FIPS module upcalls are always the outer provider |
2045 | | * ones. |
2046 | | */ |
2047 | | #ifndef FIPS_MODULE |
2048 | | /* |
2049 | | * These error functions should use |handle| to select the proper |
2050 | | * library context to report in the correct error stack if error |
2051 | | * stacks become tied to the library context. |
2052 | | * We cannot currently do that since there's no support for it in the |
2053 | | * ERR subsystem. |
2054 | | */ |
2055 | | static void core_new_error(const OSSL_CORE_HANDLE *handle) |
2056 | 0 | { |
2057 | 0 | ERR_new(); |
2058 | 0 | } |
2059 | | |
2060 | | static void core_set_error_debug(const OSSL_CORE_HANDLE *handle, |
2061 | | const char *file, int line, const char *func) |
2062 | 0 | { |
2063 | 0 | ERR_set_debug(file, line, func); |
2064 | 0 | } |
2065 | | |
2066 | | static void core_vset_error(const OSSL_CORE_HANDLE *handle, |
2067 | | uint32_t reason, const char *fmt, va_list args) |
2068 | 0 | { |
2069 | | /* |
2070 | | * We created this object originally and we know it is actually an |
2071 | | * OSSL_PROVIDER *, so the cast is safe |
2072 | | */ |
2073 | 0 | OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle; |
2074 | | |
2075 | | /* |
2076 | | * If the uppermost 8 bits are non-zero, it's an OpenSSL library |
2077 | | * error and will be treated as such. Otherwise, it's a new style |
2078 | | * provider error and will be treated as such. |
2079 | | */ |
2080 | 0 | if (ERR_GET_LIB(reason) != 0) { |
2081 | 0 | ERR_vset_error(ERR_GET_LIB(reason), ERR_GET_REASON(reason), fmt, args); |
2082 | 0 | } else { |
2083 | 0 | ERR_vset_error(prov->error_lib, (int)reason, fmt, args); |
2084 | 0 | } |
2085 | 0 | } |
2086 | | |
2087 | | static int core_set_error_mark(const OSSL_CORE_HANDLE *handle) |
2088 | 0 | { |
2089 | 0 | return ERR_set_mark(); |
2090 | 0 | } |
2091 | | |
2092 | | static int core_clear_last_error_mark(const OSSL_CORE_HANDLE *handle) |
2093 | 0 | { |
2094 | 0 | return ERR_clear_last_mark(); |
2095 | 0 | } |
2096 | | |
2097 | | static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle) |
2098 | 0 | { |
2099 | 0 | return ERR_pop_to_mark(); |
2100 | 0 | } |
2101 | | |
2102 | | static void core_indicator_get_callback(OPENSSL_CORE_CTX *libctx, |
2103 | | OSSL_INDICATOR_CALLBACK **cb) |
2104 | 0 | { |
2105 | 0 | OSSL_INDICATOR_get_callback((OSSL_LIB_CTX *)libctx, cb); |
2106 | 0 | } |
2107 | | |
2108 | | static void core_self_test_get_callback(OPENSSL_CORE_CTX *libctx, |
2109 | | OSSL_CALLBACK **cb, void **cbarg) |
2110 | 0 | { |
2111 | 0 | OSSL_SELF_TEST_get_callback((OSSL_LIB_CTX *)libctx, cb, cbarg); |
2112 | 0 | } |
2113 | | |
2114 | | static size_t rand_get_entropy(const OSSL_CORE_HANDLE *handle, |
2115 | | unsigned char **pout, int entropy, |
2116 | | size_t min_len, size_t max_len) |
2117 | 0 | { |
2118 | 0 | return ossl_rand_get_entropy((OSSL_LIB_CTX *)core_get_libctx(handle), |
2119 | 0 | pout, entropy, min_len, max_len); |
2120 | 0 | } |
2121 | | |
2122 | | static size_t rand_get_user_entropy(const OSSL_CORE_HANDLE *handle, |
2123 | | unsigned char **pout, int entropy, |
2124 | | size_t min_len, size_t max_len) |
2125 | 996 | { |
2126 | 996 | return ossl_rand_get_user_entropy((OSSL_LIB_CTX *)core_get_libctx(handle), |
2127 | 996 | pout, entropy, min_len, max_len); |
2128 | 996 | } |
2129 | | |
2130 | | static void rand_cleanup_entropy(const OSSL_CORE_HANDLE *handle, |
2131 | | unsigned char *buf, size_t len) |
2132 | 0 | { |
2133 | 0 | ossl_rand_cleanup_entropy((OSSL_LIB_CTX *)core_get_libctx(handle), |
2134 | 0 | buf, len); |
2135 | 0 | } |
2136 | | |
2137 | | static void rand_cleanup_user_entropy(const OSSL_CORE_HANDLE *handle, |
2138 | | unsigned char *buf, size_t len) |
2139 | 996 | { |
2140 | 996 | ossl_rand_cleanup_user_entropy((OSSL_LIB_CTX *)core_get_libctx(handle), |
2141 | 996 | buf, len); |
2142 | 996 | } |
2143 | | |
2144 | | static size_t rand_get_nonce(const OSSL_CORE_HANDLE *handle, |
2145 | | unsigned char **pout, |
2146 | | size_t min_len, size_t max_len, |
2147 | | const void *salt, size_t salt_len) |
2148 | 0 | { |
2149 | 0 | return ossl_rand_get_nonce((OSSL_LIB_CTX *)core_get_libctx(handle), |
2150 | 0 | pout, min_len, max_len, salt, salt_len); |
2151 | 0 | } |
2152 | | |
2153 | | static size_t rand_get_user_nonce(const OSSL_CORE_HANDLE *handle, |
2154 | | unsigned char **pout, |
2155 | | size_t min_len, size_t max_len, |
2156 | | const void *salt, size_t salt_len) |
2157 | 477 | { |
2158 | 477 | return ossl_rand_get_user_nonce((OSSL_LIB_CTX *)core_get_libctx(handle), |
2159 | 477 | pout, min_len, max_len, salt, salt_len); |
2160 | 477 | } |
2161 | | |
2162 | | static void rand_cleanup_nonce(const OSSL_CORE_HANDLE *handle, |
2163 | | unsigned char *buf, size_t len) |
2164 | 0 | { |
2165 | 0 | ossl_rand_cleanup_nonce((OSSL_LIB_CTX *)core_get_libctx(handle), |
2166 | 0 | buf, len); |
2167 | 0 | } |
2168 | | |
2169 | | static void rand_cleanup_user_nonce(const OSSL_CORE_HANDLE *handle, |
2170 | | unsigned char *buf, size_t len) |
2171 | 477 | { |
2172 | 477 | ossl_rand_cleanup_user_nonce((OSSL_LIB_CTX *)core_get_libctx(handle), |
2173 | 477 | buf, len); |
2174 | 477 | } |
2175 | | |
2176 | | static const char *core_provider_get0_name(const OSSL_CORE_HANDLE *prov) |
2177 | 0 | { |
2178 | 0 | return OSSL_PROVIDER_get0_name((const OSSL_PROVIDER *)prov); |
2179 | 0 | } |
2180 | | |
2181 | | static void *core_provider_get0_provider_ctx(const OSSL_CORE_HANDLE *prov) |
2182 | 0 | { |
2183 | 0 | return OSSL_PROVIDER_get0_provider_ctx((const OSSL_PROVIDER *)prov); |
2184 | 0 | } |
2185 | | |
2186 | | static const OSSL_DISPATCH * |
2187 | | core_provider_get0_dispatch(const OSSL_CORE_HANDLE *prov) |
2188 | 0 | { |
2189 | 0 | return OSSL_PROVIDER_get0_dispatch((const OSSL_PROVIDER *)prov); |
2190 | 0 | } |
2191 | | |
2192 | | static int core_provider_up_ref_intern(const OSSL_CORE_HANDLE *prov, |
2193 | | int activate) |
2194 | 0 | { |
2195 | 0 | return provider_up_ref_intern((OSSL_PROVIDER *)prov, activate); |
2196 | 0 | } |
2197 | | |
2198 | | static int core_provider_free_intern(const OSSL_CORE_HANDLE *prov, |
2199 | | int deactivate) |
2200 | 0 | { |
2201 | 0 | return provider_free_intern((OSSL_PROVIDER *)prov, deactivate); |
2202 | 0 | } |
2203 | | |
2204 | | static int core_obj_add_sigid(const OSSL_CORE_HANDLE *prov, |
2205 | | const char *sign_name, const char *digest_name, |
2206 | | const char *pkey_name) |
2207 | 0 | { |
2208 | 0 | int sign_nid = OBJ_txt2nid(sign_name); |
2209 | 0 | int digest_nid = NID_undef; |
2210 | 0 | int pkey_nid = OBJ_txt2nid(pkey_name); |
2211 | |
|
2212 | 0 | if (digest_name != NULL && digest_name[0] != '\0' |
2213 | 0 | && (digest_nid = OBJ_txt2nid(digest_name)) == NID_undef) |
2214 | 0 | return 0; |
2215 | | |
2216 | 0 | if (sign_nid == NID_undef) |
2217 | 0 | return 0; |
2218 | | |
2219 | | /* |
2220 | | * Check if it already exists. This is a success if so (even if we don't |
2221 | | * have nids for the digest/pkey) |
2222 | | */ |
2223 | 0 | if (OBJ_find_sigid_algs(sign_nid, NULL, NULL)) |
2224 | 0 | return 1; |
2225 | | |
2226 | 0 | if (pkey_nid == NID_undef) |
2227 | 0 | return 0; |
2228 | | |
2229 | 0 | return OBJ_add_sigid(sign_nid, digest_nid, pkey_nid); |
2230 | 0 | } |
2231 | | |
2232 | | static int core_obj_create(const OSSL_CORE_HANDLE *prov, const char *oid, |
2233 | | const char *sn, const char *ln) |
2234 | 0 | { |
2235 | | /* Check if it already exists and create it if not */ |
2236 | 0 | return OBJ_txt2nid(oid) != NID_undef |
2237 | 0 | || OBJ_create(oid, sn, ln) != NID_undef; |
2238 | 0 | } |
2239 | | #endif /* FIPS_MODULE */ |
2240 | | |
2241 | | /* |
2242 | | * Functions provided by the core. |
2243 | | */ |
2244 | | static const OSSL_DISPATCH core_dispatch_[] = { |
2245 | | { OSSL_FUNC_CORE_GETTABLE_PARAMS, (void (*)(void))core_gettable_params }, |
2246 | | { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params }, |
2247 | | { OSSL_FUNC_CORE_GET_LIBCTX, (void (*)(void))core_get_libctx }, |
2248 | | { OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start }, |
2249 | | #ifndef FIPS_MODULE |
2250 | | { OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error }, |
2251 | | { OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug }, |
2252 | | { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error }, |
2253 | | { OSSL_FUNC_CORE_SET_ERROR_MARK, (void (*)(void))core_set_error_mark }, |
2254 | | { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK, |
2255 | | (void (*)(void))core_clear_last_error_mark }, |
2256 | | { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark }, |
2257 | | { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file }, |
2258 | | { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf }, |
2259 | | { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex }, |
2260 | | { OSSL_FUNC_BIO_WRITE_EX, (void (*)(void))ossl_core_bio_write_ex }, |
2261 | | { OSSL_FUNC_BIO_GETS, (void (*)(void))ossl_core_bio_gets }, |
2262 | | { OSSL_FUNC_BIO_PUTS, (void (*)(void))ossl_core_bio_puts }, |
2263 | | { OSSL_FUNC_BIO_CTRL, (void (*)(void))ossl_core_bio_ctrl }, |
2264 | | { OSSL_FUNC_BIO_UP_REF, (void (*)(void))ossl_core_bio_up_ref }, |
2265 | | { OSSL_FUNC_BIO_FREE, (void (*)(void))ossl_core_bio_free }, |
2266 | | { OSSL_FUNC_BIO_VPRINTF, (void (*)(void))ossl_core_bio_vprintf }, |
2267 | | { OSSL_FUNC_BIO_VSNPRINTF, (void (*)(void))BIO_vsnprintf }, |
2268 | | { OSSL_FUNC_SELF_TEST_CB, (void (*)(void))core_self_test_get_callback }, |
2269 | | { OSSL_FUNC_INDICATOR_CB, (void (*)(void))core_indicator_get_callback }, |
2270 | | { OSSL_FUNC_GET_ENTROPY, (void (*)(void))rand_get_entropy }, |
2271 | | { OSSL_FUNC_GET_USER_ENTROPY, (void (*)(void))rand_get_user_entropy }, |
2272 | | { OSSL_FUNC_CLEANUP_ENTROPY, (void (*)(void))rand_cleanup_entropy }, |
2273 | | { OSSL_FUNC_CLEANUP_USER_ENTROPY, (void (*)(void))rand_cleanup_user_entropy }, |
2274 | | { OSSL_FUNC_GET_NONCE, (void (*)(void))rand_get_nonce }, |
2275 | | { OSSL_FUNC_GET_USER_NONCE, (void (*)(void))rand_get_user_nonce }, |
2276 | | { OSSL_FUNC_CLEANUP_NONCE, (void (*)(void))rand_cleanup_nonce }, |
2277 | | { OSSL_FUNC_CLEANUP_USER_NONCE, (void (*)(void))rand_cleanup_user_nonce }, |
2278 | | #endif |
2279 | | { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc }, |
2280 | | { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc }, |
2281 | | { OSSL_FUNC_CRYPTO_FREE, (void (*)(void))CRYPTO_free }, |
2282 | | { OSSL_FUNC_CRYPTO_CLEAR_FREE, (void (*)(void))CRYPTO_clear_free }, |
2283 | | { OSSL_FUNC_CRYPTO_REALLOC, (void (*)(void))CRYPTO_realloc }, |
2284 | | { OSSL_FUNC_CRYPTO_CLEAR_REALLOC, (void (*)(void))CRYPTO_clear_realloc }, |
2285 | | { OSSL_FUNC_CRYPTO_SECURE_MALLOC, (void (*)(void))CRYPTO_secure_malloc }, |
2286 | | { OSSL_FUNC_CRYPTO_SECURE_ZALLOC, (void (*)(void))CRYPTO_secure_zalloc }, |
2287 | | { OSSL_FUNC_CRYPTO_SECURE_FREE, (void (*)(void))CRYPTO_secure_free }, |
2288 | | { OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE, |
2289 | | (void (*)(void))CRYPTO_secure_clear_free }, |
2290 | | { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED, |
2291 | | (void (*)(void))CRYPTO_secure_allocated }, |
2292 | | { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse }, |
2293 | | #ifndef FIPS_MODULE |
2294 | | { OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB, |
2295 | | (void (*)(void))ossl_provider_register_child_cb }, |
2296 | | { OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB, |
2297 | | (void (*)(void))ossl_provider_deregister_child_cb }, |
2298 | | { OSSL_FUNC_PROVIDER_NAME, |
2299 | | (void (*)(void))core_provider_get0_name }, |
2300 | | { OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX, |
2301 | | (void (*)(void))core_provider_get0_provider_ctx }, |
2302 | | { OSSL_FUNC_PROVIDER_GET0_DISPATCH, |
2303 | | (void (*)(void))core_provider_get0_dispatch }, |
2304 | | { OSSL_FUNC_PROVIDER_UP_REF, |
2305 | | (void (*)(void))core_provider_up_ref_intern }, |
2306 | | { OSSL_FUNC_PROVIDER_FREE, |
2307 | | (void (*)(void))core_provider_free_intern }, |
2308 | | { OSSL_FUNC_CORE_OBJ_ADD_SIGID, (void (*)(void))core_obj_add_sigid }, |
2309 | | { OSSL_FUNC_CORE_OBJ_CREATE, (void (*)(void))core_obj_create }, |
2310 | | #endif |
2311 | | OSSL_DISPATCH_END |
2312 | | }; |
2313 | | static const OSSL_DISPATCH *core_dispatch = core_dispatch_; |