mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
e788c772b1
Fix issue #20063. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20163)
317 lines
9.7 KiB
C
317 lines
9.7 KiB
C
/*
|
|
* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#include <assert.h>
|
|
#include <openssl/crypto.h>
|
|
#include <openssl/core_dispatch.h>
|
|
#include <openssl/core_names.h>
|
|
#include <openssl/provider.h>
|
|
#include <openssl/evp.h>
|
|
#include "internal/provider.h"
|
|
#include "internal/cryptlib.h"
|
|
#include "crypto/evp.h"
|
|
#include "crypto/context.h"
|
|
|
|
DEFINE_STACK_OF(OSSL_PROVIDER)
|
|
|
|
struct child_prov_globals {
|
|
const OSSL_CORE_HANDLE *handle;
|
|
const OSSL_CORE_HANDLE *curr_prov;
|
|
CRYPTO_RWLOCK *lock;
|
|
OSSL_FUNC_core_get_libctx_fn *c_get_libctx;
|
|
OSSL_FUNC_provider_register_child_cb_fn *c_provider_register_child_cb;
|
|
OSSL_FUNC_provider_deregister_child_cb_fn *c_provider_deregister_child_cb;
|
|
OSSL_FUNC_provider_name_fn *c_prov_name;
|
|
OSSL_FUNC_provider_get0_provider_ctx_fn *c_prov_get0_provider_ctx;
|
|
OSSL_FUNC_provider_get0_dispatch_fn *c_prov_get0_dispatch;
|
|
OSSL_FUNC_provider_up_ref_fn *c_prov_up_ref;
|
|
OSSL_FUNC_provider_free_fn *c_prov_free;
|
|
};
|
|
|
|
void *ossl_child_prov_ctx_new(OSSL_LIB_CTX *libctx)
|
|
{
|
|
return OPENSSL_zalloc(sizeof(struct child_prov_globals));
|
|
}
|
|
|
|
void ossl_child_prov_ctx_free(void *vgbl)
|
|
{
|
|
struct child_prov_globals *gbl = vgbl;
|
|
|
|
CRYPTO_THREAD_lock_free(gbl->lock);
|
|
OPENSSL_free(gbl);
|
|
}
|
|
|
|
static OSSL_provider_init_fn ossl_child_provider_init;
|
|
|
|
static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle,
|
|
const OSSL_DISPATCH *in,
|
|
const OSSL_DISPATCH **out,
|
|
void **provctx)
|
|
{
|
|
OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
|
|
OSSL_LIB_CTX *ctx;
|
|
struct child_prov_globals *gbl;
|
|
|
|
for (; in->function_id != 0; in++) {
|
|
switch (in->function_id) {
|
|
case OSSL_FUNC_CORE_GET_LIBCTX:
|
|
c_get_libctx = OSSL_FUNC_core_get_libctx(in);
|
|
break;
|
|
default:
|
|
/* Just ignore anything we don't understand */
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (c_get_libctx == NULL)
|
|
return 0;
|
|
|
|
/*
|
|
* We need an OSSL_LIB_CTX but c_get_libctx returns OPENSSL_CORE_CTX. We are
|
|
* a built-in provider and so we can get away with this cast. Normal
|
|
* providers can't do this.
|
|
*/
|
|
ctx = (OSSL_LIB_CTX *)c_get_libctx(handle);
|
|
|
|
gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
|
|
if (gbl == NULL)
|
|
return 0;
|
|
|
|
*provctx = gbl->c_prov_get0_provider_ctx(gbl->curr_prov);
|
|
*out = gbl->c_prov_get0_dispatch(gbl->curr_prov);
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int provider_create_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
|
|
{
|
|
OSSL_LIB_CTX *ctx = cbdata;
|
|
struct child_prov_globals *gbl;
|
|
const char *provname;
|
|
OSSL_PROVIDER *cprov;
|
|
int ret = 0;
|
|
|
|
gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
|
|
if (gbl == NULL)
|
|
return 0;
|
|
|
|
if (!CRYPTO_THREAD_write_lock(gbl->lock))
|
|
return 0;
|
|
|
|
provname = gbl->c_prov_name(prov);
|
|
|
|
/*
|
|
* We're operating under a lock so we can store the "current" provider in
|
|
* the global data.
|
|
*/
|
|
gbl->curr_prov = prov;
|
|
|
|
if ((cprov = ossl_provider_find(ctx, provname, 1)) != NULL) {
|
|
/*
|
|
* We free the newly created ref. We rely on the provider sticking around
|
|
* in the provider store.
|
|
*/
|
|
ossl_provider_free(cprov);
|
|
|
|
/*
|
|
* The provider already exists. It could be a previously created child,
|
|
* or it could have been explicitly loaded. If explicitly loaded we
|
|
* ignore it - i.e. we don't start treating it like a child.
|
|
*/
|
|
if (!ossl_provider_activate(cprov, 0, 1))
|
|
goto err;
|
|
} else {
|
|
/*
|
|
* Create it - passing 1 as final param so we don't try and recursively
|
|
* init children
|
|
*/
|
|
if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init,
|
|
1)) == NULL)
|
|
goto err;
|
|
|
|
if (!ossl_provider_activate(cprov, 0, 0)) {
|
|
ossl_provider_free(cprov);
|
|
goto err;
|
|
}
|
|
|
|
if (!ossl_provider_set_child(cprov, prov)
|
|
|| !ossl_provider_add_to_store(cprov, NULL, 0)) {
|
|
ossl_provider_deactivate(cprov, 0);
|
|
ossl_provider_free(cprov);
|
|
goto err;
|
|
}
|
|
}
|
|
|
|
ret = 1;
|
|
err:
|
|
CRYPTO_THREAD_unlock(gbl->lock);
|
|
return ret;
|
|
}
|
|
|
|
static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
|
|
{
|
|
OSSL_LIB_CTX *ctx = cbdata;
|
|
struct child_prov_globals *gbl;
|
|
const char *provname;
|
|
OSSL_PROVIDER *cprov;
|
|
|
|
gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
|
|
if (gbl == NULL)
|
|
return 0;
|
|
|
|
provname = gbl->c_prov_name(prov);
|
|
cprov = ossl_provider_find(ctx, provname, 1);
|
|
if (cprov == NULL)
|
|
return 0;
|
|
/*
|
|
* ossl_provider_find ups the ref count, so we free it again here. We can
|
|
* rely on the provider store reference count.
|
|
*/
|
|
ossl_provider_free(cprov);
|
|
if (ossl_provider_is_child(cprov)
|
|
&& !ossl_provider_deactivate(cprov, 1))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
static int provider_global_props_cb(const char *props, void *cbdata)
|
|
{
|
|
OSSL_LIB_CTX *ctx = cbdata;
|
|
|
|
return evp_set_default_properties_int(ctx, props, 0, 1);
|
|
}
|
|
|
|
int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
|
|
const OSSL_CORE_HANDLE *handle,
|
|
const OSSL_DISPATCH *in)
|
|
{
|
|
struct child_prov_globals *gbl;
|
|
|
|
if (ctx == NULL)
|
|
return 0;
|
|
|
|
gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
|
|
if (gbl == NULL)
|
|
return 0;
|
|
|
|
gbl->handle = handle;
|
|
for (; in->function_id != 0; in++) {
|
|
switch (in->function_id) {
|
|
case OSSL_FUNC_CORE_GET_LIBCTX:
|
|
gbl->c_get_libctx = OSSL_FUNC_core_get_libctx(in);
|
|
break;
|
|
case OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB:
|
|
gbl->c_provider_register_child_cb
|
|
= OSSL_FUNC_provider_register_child_cb(in);
|
|
break;
|
|
case OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB:
|
|
gbl->c_provider_deregister_child_cb
|
|
= OSSL_FUNC_provider_deregister_child_cb(in);
|
|
break;
|
|
case OSSL_FUNC_PROVIDER_NAME:
|
|
gbl->c_prov_name = OSSL_FUNC_provider_name(in);
|
|
break;
|
|
case OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX:
|
|
gbl->c_prov_get0_provider_ctx
|
|
= OSSL_FUNC_provider_get0_provider_ctx(in);
|
|
break;
|
|
case OSSL_FUNC_PROVIDER_GET0_DISPATCH:
|
|
gbl->c_prov_get0_dispatch = OSSL_FUNC_provider_get0_dispatch(in);
|
|
break;
|
|
case OSSL_FUNC_PROVIDER_UP_REF:
|
|
gbl->c_prov_up_ref
|
|
= OSSL_FUNC_provider_up_ref(in);
|
|
break;
|
|
case OSSL_FUNC_PROVIDER_FREE:
|
|
gbl->c_prov_free = OSSL_FUNC_provider_free(in);
|
|
break;
|
|
default:
|
|
/* Just ignore anything we don't understand */
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (gbl->c_get_libctx == NULL
|
|
|| gbl->c_provider_register_child_cb == NULL
|
|
|| gbl->c_prov_name == NULL
|
|
|| gbl->c_prov_get0_provider_ctx == NULL
|
|
|| gbl->c_prov_get0_dispatch == NULL
|
|
|| gbl->c_prov_up_ref == NULL
|
|
|| gbl->c_prov_free == NULL)
|
|
return 0;
|
|
|
|
gbl->lock = CRYPTO_THREAD_lock_new();
|
|
if (gbl->lock == NULL)
|
|
return 0;
|
|
|
|
if (!gbl->c_provider_register_child_cb(gbl->handle,
|
|
provider_create_child_cb,
|
|
provider_remove_child_cb,
|
|
provider_global_props_cb,
|
|
ctx))
|
|
return 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx)
|
|
{
|
|
struct child_prov_globals *gbl
|
|
= ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
|
|
if (gbl == NULL)
|
|
return;
|
|
|
|
gbl->c_provider_deregister_child_cb(gbl->handle);
|
|
}
|
|
|
|
/*
|
|
* ossl_provider_up_ref_parent() and ossl_provider_free_parent() do
|
|
* nothing in "self-referencing" child providers, i.e. when the parent
|
|
* of the child provider is the same as the provider where this child
|
|
* provider was created.
|
|
* This allows the teardown function in the parent provider to be called
|
|
* at the correct moment.
|
|
* For child providers in other providers, the reference count is done to
|
|
* ensure that cross referencing is recorded. These should be cleared up
|
|
* through that providers teardown, as part of freeing its child libctx.
|
|
*/
|
|
|
|
int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate)
|
|
{
|
|
struct child_prov_globals *gbl;
|
|
const OSSL_CORE_HANDLE *parent_handle;
|
|
|
|
gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
|
|
OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
|
|
if (gbl == NULL)
|
|
return 0;
|
|
|
|
parent_handle = ossl_provider_get_parent(prov);
|
|
if (parent_handle == gbl->handle)
|
|
return 1;
|
|
return gbl->c_prov_up_ref(parent_handle, activate);
|
|
}
|
|
|
|
int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate)
|
|
{
|
|
struct child_prov_globals *gbl;
|
|
const OSSL_CORE_HANDLE *parent_handle;
|
|
|
|
gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
|
|
OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
|
|
if (gbl == NULL)
|
|
return 0;
|
|
|
|
parent_handle = ossl_provider_get_parent(prov);
|
|
if (parent_handle == gbl->handle)
|
|
return 1;
|
|
return gbl->c_prov_free(ossl_provider_get_parent(prov), deactivate);
|
|
}
|