VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/crypto/provider_child.c@ 107935

Last change on this file since 107935 was 104078, checked in by vboxsync, 11 months ago

openssl-3.1.5: Applied and adjusted our OpenSSL changes to 3.1.4. bugref:10638
File size: 9.7 KB
Line 
1/*
2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <assert.h>
11#include <openssl/crypto.h>
12#include <openssl/core_dispatch.h>
13#include <openssl/core_names.h>
14#include <openssl/provider.h>
15#include <openssl/evp.h>
16#include "internal/provider.h"
17#include "internal/cryptlib.h"
18#include "crypto/evp.h"
19#include "crypto/context.h"
20
21DEFINE_STACK_OF(OSSL_PROVIDER)
22
23struct child_prov_globals {
24 const OSSL_CORE_HANDLE *handle;
25 const OSSL_CORE_HANDLE *curr_prov;
26 CRYPTO_RWLOCK *lock;
27 OSSL_FUNC_core_get_libctx_fn *c_get_libctx;
28 OSSL_FUNC_provider_register_child_cb_fn *c_provider_register_child_cb;
29 OSSL_FUNC_provider_deregister_child_cb_fn *c_provider_deregister_child_cb;
30 OSSL_FUNC_provider_name_fn *c_prov_name;
31 OSSL_FUNC_provider_get0_provider_ctx_fn *c_prov_get0_provider_ctx;
32 OSSL_FUNC_provider_get0_dispatch_fn *c_prov_get0_dispatch;
33 OSSL_FUNC_provider_up_ref_fn *c_prov_up_ref;
34 OSSL_FUNC_provider_free_fn *c_prov_free;
35};
36
37void *ossl_child_prov_ctx_new(OSSL_LIB_CTX *libctx)
38{
39 return OPENSSL_zalloc(sizeof(struct child_prov_globals));
40}
41
42void ossl_child_prov_ctx_free(void *vgbl)
43{
44 struct child_prov_globals *gbl = vgbl;
45
46 CRYPTO_THREAD_lock_free(gbl->lock);
47 OPENSSL_free(gbl);
48}
49
50static OSSL_provider_init_fn ossl_child_provider_init;
51
52static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle,
53 const OSSL_DISPATCH *in,
54 const OSSL_DISPATCH **out,
55 void **provctx)
56{
57 OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
58 OSSL_LIB_CTX *ctx;
59 struct child_prov_globals *gbl;
60
61 for (; in->function_id != 0; in++) {
62 switch (in->function_id) {
63 case OSSL_FUNC_CORE_GET_LIBCTX:
64 c_get_libctx = OSSL_FUNC_core_get_libctx(in);
65 break;
66 default:
67 /* Just ignore anything we don't understand */
68 break;
69 }
70 }
71
72 if (c_get_libctx == NULL)
73 return 0;
74
75 /*
76 * We need an OSSL_LIB_CTX but c_get_libctx returns OPENSSL_CORE_CTX. We are
77 * a built-in provider and so we can get away with this cast. Normal
78 * providers can't do this.
79 */
80 ctx = (OSSL_LIB_CTX *)c_get_libctx(handle);
81
82 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
83 if (gbl == NULL)
84 return 0;
85
86 *provctx = gbl->c_prov_get0_provider_ctx(gbl->curr_prov);
87 *out = gbl->c_prov_get0_dispatch(gbl->curr_prov);
88
89 return 1;
90}
91
92static int provider_create_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
93{
94 OSSL_LIB_CTX *ctx = cbdata;
95 struct child_prov_globals *gbl;
96 const char *provname;
97 OSSL_PROVIDER *cprov;
98 int ret = 0;
99
100 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
101 if (gbl == NULL)
102 return 0;
103
104 if (!CRYPTO_THREAD_write_lock(gbl->lock))
105 return 0;
106
107 provname = gbl->c_prov_name(prov);
108
109 /*
110 * We're operating under a lock so we can store the "current" provider in
111 * the global data.
112 */
113 gbl->curr_prov = prov;
114
115 if ((cprov = ossl_provider_find(ctx, provname, 1)) != NULL) {
116 /*
117 * We free the newly created ref. We rely on the provider sticking around
118 * in the provider store.
119 */
120 ossl_provider_free(cprov);
121
122 /*
123 * The provider already exists. It could be a previously created child,
124 * or it could have been explicitly loaded. If explicitly loaded we
125 * ignore it - i.e. we don't start treating it like a child.
126 */
127 if (!ossl_provider_activate(cprov, 0, 1))
128 goto err;
129 } else {
130 /*
131 * Create it - passing 1 as final param so we don't try and recursively
132 * init children
133 */
134 if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init,
135 1)) == NULL)
136 goto err;
137
138 if (!ossl_provider_activate(cprov, 0, 0)) {
139 ossl_provider_free(cprov);
140 goto err;
141 }
142
143 if (!ossl_provider_set_child(cprov, prov)
144 || !ossl_provider_add_to_store(cprov, NULL, 0)) {
145 ossl_provider_deactivate(cprov, 0);
146 ossl_provider_free(cprov);
147 goto err;
148 }
149 }
150
151 ret = 1;
152 err:
153 CRYPTO_THREAD_unlock(gbl->lock);
154 return ret;
155}
156
157static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
158{
159 OSSL_LIB_CTX *ctx = cbdata;
160 struct child_prov_globals *gbl;
161 const char *provname;
162 OSSL_PROVIDER *cprov;
163
164 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
165 if (gbl == NULL)
166 return 0;
167
168 provname = gbl->c_prov_name(prov);
169 cprov = ossl_provider_find(ctx, provname, 1);
170 if (cprov == NULL)
171 return 0;
172 /*
173 * ossl_provider_find ups the ref count, so we free it again here. We can
174 * rely on the provider store reference count.
175 */
176 ossl_provider_free(cprov);
177 if (ossl_provider_is_child(cprov)
178 && !ossl_provider_deactivate(cprov, 1))
179 return 0;
180
181 return 1;
182}
183
184static int provider_global_props_cb(const char *props, void *cbdata)
185{
186 OSSL_LIB_CTX *ctx = cbdata;
187
188 return evp_set_default_properties_int(ctx, props, 0, 1);
189}
190
191int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
192 const OSSL_CORE_HANDLE *handle,
193 const OSSL_DISPATCH *in)
194{
195 struct child_prov_globals *gbl;
196
197 if (ctx == NULL)
198 return 0;
199
200 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
201 if (gbl == NULL)
202 return 0;
203
204 gbl->handle = handle;
205 for (; in->function_id != 0; in++) {
206 switch (in->function_id) {
207 case OSSL_FUNC_CORE_GET_LIBCTX:
208 gbl->c_get_libctx = OSSL_FUNC_core_get_libctx(in);
209 break;
210 case OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB:
211 gbl->c_provider_register_child_cb
212 = OSSL_FUNC_provider_register_child_cb(in);
213 break;
214 case OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB:
215 gbl->c_provider_deregister_child_cb
216 = OSSL_FUNC_provider_deregister_child_cb(in);
217 break;
218 case OSSL_FUNC_PROVIDER_NAME:
219 gbl->c_prov_name = OSSL_FUNC_provider_name(in);
220 break;
221 case OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX:
222 gbl->c_prov_get0_provider_ctx
223 = OSSL_FUNC_provider_get0_provider_ctx(in);
224 break;
225 case OSSL_FUNC_PROVIDER_GET0_DISPATCH:
226 gbl->c_prov_get0_dispatch = OSSL_FUNC_provider_get0_dispatch(in);
227 break;
228 case OSSL_FUNC_PROVIDER_UP_REF:
229 gbl->c_prov_up_ref
230 = OSSL_FUNC_provider_up_ref(in);
231 break;
232 case OSSL_FUNC_PROVIDER_FREE:
233 gbl->c_prov_free = OSSL_FUNC_provider_free(in);
234 break;
235 default:
236 /* Just ignore anything we don't understand */
237 break;
238 }
239 }
240
241 if (gbl->c_get_libctx == NULL
242 || gbl->c_provider_register_child_cb == NULL
243 || gbl->c_prov_name == NULL
244 || gbl->c_prov_get0_provider_ctx == NULL
245 || gbl->c_prov_get0_dispatch == NULL
246 || gbl->c_prov_up_ref == NULL
247 || gbl->c_prov_free == NULL)
248 return 0;
249
250 gbl->lock = CRYPTO_THREAD_lock_new();
251 if (gbl->lock == NULL)
252 return 0;
253
254 if (!gbl->c_provider_register_child_cb(gbl->handle,
255 provider_create_child_cb,
256 provider_remove_child_cb,
257 provider_global_props_cb,
258 ctx))
259 return 0;
260
261 return 1;
262}
263
264void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx)
265{
266 struct child_prov_globals *gbl
267 = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
268 if (gbl == NULL)
269 return;
270
271 gbl->c_provider_deregister_child_cb(gbl->handle);
272}
273
274/*
275 * ossl_provider_up_ref_parent() and ossl_provider_free_parent() do
276 * nothing in "self-referencing" child providers, i.e. when the parent
277 * of the child provider is the same as the provider where this child
278 * provider was created.
279 * This allows the teardown function in the parent provider to be called
280 * at the correct moment.
281 * For child providers in other providers, the reference count is done to
282 * ensure that cross referencing is recorded. These should be cleared up
283 * through that providers teardown, as part of freeing its child libctx.
284 */
285
286int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate)
287{
288 struct child_prov_globals *gbl;
289 const OSSL_CORE_HANDLE *parent_handle;
290
291 gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
292 OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
293 if (gbl == NULL)
294 return 0;
295
296 parent_handle = ossl_provider_get_parent(prov);
297 if (parent_handle == gbl->handle)
298 return 1;
299 return gbl->c_prov_up_ref(parent_handle, activate);
300}
301
302int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate)
303{
304 struct child_prov_globals *gbl;
305 const OSSL_CORE_HANDLE *parent_handle;
306
307 gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
308 OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
309 if (gbl == NULL)
310 return 0;
311
312 parent_handle = ossl_provider_get_parent(prov);
313 if (parent_handle == gbl->handle)
314 return 1;
315 return gbl->c_prov_free(ossl_provider_get_parent(prov), deactivate);
316}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette