1 /*
2 * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <assert.h>
11 #include <openssl/crypto.h>
12 #include <openssl/core_dispatch.h>
13 #include <openssl/core_names.h>
14 #include <openssl/provider.h>
15 #include <openssl/evp.h>
16 #include "internal/provider.h"
17 #include "internal/cryptlib.h"
18 #include "crypto/evp.h"
19
20 DEFINE_STACK_OF(OSSL_PROVIDER)
21
22 struct child_prov_globals {
23 const OSSL_CORE_HANDLE *handle;
24 const OSSL_CORE_HANDLE *curr_prov;
25 CRYPTO_RWLOCK *lock;
26 OSSL_FUNC_core_get_libctx_fn *c_get_libctx;
27 OSSL_FUNC_provider_register_child_cb_fn *c_provider_register_child_cb;
28 OSSL_FUNC_provider_deregister_child_cb_fn *c_provider_deregister_child_cb;
29 OSSL_FUNC_provider_name_fn *c_prov_name;
30 OSSL_FUNC_provider_get0_provider_ctx_fn *c_prov_get0_provider_ctx;
31 OSSL_FUNC_provider_get0_dispatch_fn *c_prov_get0_dispatch;
32 OSSL_FUNC_provider_up_ref_fn *c_prov_up_ref;
33 OSSL_FUNC_provider_free_fn *c_prov_free;
34 };
35
child_prov_ossl_ctx_new(OSSL_LIB_CTX * libctx)36 static void *child_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx)
37 {
38 return OPENSSL_zalloc(sizeof(struct child_prov_globals));
39 }
40
child_prov_ossl_ctx_free(void * vgbl)41 static void child_prov_ossl_ctx_free(void *vgbl)
42 {
43 struct child_prov_globals *gbl = vgbl;
44
45 CRYPTO_THREAD_lock_free(gbl->lock);
46 OPENSSL_free(gbl);
47 }
48
49 static const OSSL_LIB_CTX_METHOD child_prov_ossl_ctx_method = {
50 OSSL_LIB_CTX_METHOD_LOW_PRIORITY,
51 child_prov_ossl_ctx_new,
52 child_prov_ossl_ctx_free,
53 };
54
55 static OSSL_provider_init_fn ossl_child_provider_init;
56
ossl_child_provider_init(const OSSL_CORE_HANDLE * handle,const OSSL_DISPATCH * in,const OSSL_DISPATCH ** out,void ** provctx)57 static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle,
58 const OSSL_DISPATCH *in,
59 const OSSL_DISPATCH **out,
60 void **provctx)
61 {
62 OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
63 OSSL_LIB_CTX *ctx;
64 struct child_prov_globals *gbl;
65
66 for (; in->function_id != 0; in++) {
67 switch (in->function_id) {
68 case OSSL_FUNC_CORE_GET_LIBCTX:
69 c_get_libctx = OSSL_FUNC_core_get_libctx(in);
70 break;
71 default:
72 /* Just ignore anything we don't understand */
73 break;
74 }
75 }
76
77 if (c_get_libctx == NULL)
78 return 0;
79
80 /*
81 * We need an OSSL_LIB_CTX but c_get_libctx returns OPENSSL_CORE_CTX. We are
82 * a built-in provider and so we can get away with this cast. Normal
83 * providers can't do this.
84 */
85 ctx = (OSSL_LIB_CTX *)c_get_libctx(handle);
86
87 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
88 &child_prov_ossl_ctx_method);
89 if (gbl == NULL)
90 return 0;
91
92 *provctx = gbl->c_prov_get0_provider_ctx(gbl->curr_prov);
93 *out = gbl->c_prov_get0_dispatch(gbl->curr_prov);
94
95 return 1;
96 }
97
provider_create_child_cb(const OSSL_CORE_HANDLE * prov,void * cbdata)98 static int provider_create_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
99 {
100 OSSL_LIB_CTX *ctx = cbdata;
101 struct child_prov_globals *gbl;
102 const char *provname;
103 OSSL_PROVIDER *cprov;
104 int ret = 0;
105
106 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
107 &child_prov_ossl_ctx_method);
108 if (gbl == NULL)
109 return 0;
110
111 if (!CRYPTO_THREAD_write_lock(gbl->lock))
112 return 0;
113
114 provname = gbl->c_prov_name(prov);
115
116 /*
117 * We're operating under a lock so we can store the "current" provider in
118 * the global data.
119 */
120 gbl->curr_prov = prov;
121
122 if ((cprov = ossl_provider_find(ctx, provname, 1)) != NULL) {
123 /*
124 * We free the newly created ref. We rely on the provider sticking around
125 * in the provider store.
126 */
127 ossl_provider_free(cprov);
128
129 /*
130 * The provider already exists. It could be a previously created child,
131 * or it could have been explicitly loaded. If explicitly loaded we
132 * ignore it - i.e. we don't start treating it like a child.
133 */
134 if (!ossl_provider_activate(cprov, 0, 1))
135 goto err;
136 } else {
137 /*
138 * Create it - passing 1 as final param so we don't try and recursively
139 * init children
140 */
141 if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init,
142 1)) == NULL)
143 goto err;
144
145 if (!ossl_provider_activate(cprov, 0, 0))
146 goto err;
147
148 if (!ossl_provider_set_child(cprov, prov)
149 || !ossl_provider_add_to_store(cprov, NULL, 0)) {
150 ossl_provider_deactivate(cprov, 0);
151 ossl_provider_free(cprov);
152 goto err;
153 }
154 }
155
156 ret = 1;
157 err:
158 CRYPTO_THREAD_unlock(gbl->lock);
159 return ret;
160 }
161
provider_remove_child_cb(const OSSL_CORE_HANDLE * prov,void * cbdata)162 static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
163 {
164 OSSL_LIB_CTX *ctx = cbdata;
165 struct child_prov_globals *gbl;
166 const char *provname;
167 OSSL_PROVIDER *cprov;
168
169 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
170 &child_prov_ossl_ctx_method);
171 if (gbl == NULL)
172 return 0;
173
174 provname = gbl->c_prov_name(prov);
175 cprov = ossl_provider_find(ctx, provname, 1);
176 if (cprov == NULL)
177 return 0;
178 /*
179 * ossl_provider_find ups the ref count, so we free it again here. We can
180 * rely on the provider store reference count.
181 */
182 ossl_provider_free(cprov);
183 if (ossl_provider_is_child(cprov)
184 && !ossl_provider_deactivate(cprov, 1))
185 return 0;
186
187 return 1;
188 }
189
provider_global_props_cb(const char * props,void * cbdata)190 static int provider_global_props_cb(const char *props, void *cbdata)
191 {
192 OSSL_LIB_CTX *ctx = cbdata;
193
194 return evp_set_default_properties_int(ctx, props, 0, 1);
195 }
196
ossl_provider_init_as_child(OSSL_LIB_CTX * ctx,const OSSL_CORE_HANDLE * handle,const OSSL_DISPATCH * in)197 int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
198 const OSSL_CORE_HANDLE *handle,
199 const OSSL_DISPATCH *in)
200 {
201 struct child_prov_globals *gbl;
202
203 if (ctx == NULL)
204 return 0;
205
206 gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
207 &child_prov_ossl_ctx_method);
208 if (gbl == NULL)
209 return 0;
210
211 gbl->handle = handle;
212 for (; in->function_id != 0; in++) {
213 switch (in->function_id) {
214 case OSSL_FUNC_CORE_GET_LIBCTX:
215 gbl->c_get_libctx = OSSL_FUNC_core_get_libctx(in);
216 break;
217 case OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB:
218 gbl->c_provider_register_child_cb
219 = OSSL_FUNC_provider_register_child_cb(in);
220 break;
221 case OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB:
222 gbl->c_provider_deregister_child_cb
223 = OSSL_FUNC_provider_deregister_child_cb(in);
224 break;
225 case OSSL_FUNC_PROVIDER_NAME:
226 gbl->c_prov_name = OSSL_FUNC_provider_name(in);
227 break;
228 case OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX:
229 gbl->c_prov_get0_provider_ctx
230 = OSSL_FUNC_provider_get0_provider_ctx(in);
231 break;
232 case OSSL_FUNC_PROVIDER_GET0_DISPATCH:
233 gbl->c_prov_get0_dispatch = OSSL_FUNC_provider_get0_dispatch(in);
234 break;
235 case OSSL_FUNC_PROVIDER_UP_REF:
236 gbl->c_prov_up_ref
237 = OSSL_FUNC_provider_up_ref(in);
238 break;
239 case OSSL_FUNC_PROVIDER_FREE:
240 gbl->c_prov_free = OSSL_FUNC_provider_free(in);
241 break;
242 default:
243 /* Just ignore anything we don't understand */
244 break;
245 }
246 }
247
248 if (gbl->c_get_libctx == NULL
249 || gbl->c_provider_register_child_cb == NULL
250 || gbl->c_prov_name == NULL
251 || gbl->c_prov_get0_provider_ctx == NULL
252 || gbl->c_prov_get0_dispatch == NULL
253 || gbl->c_prov_up_ref == NULL
254 || gbl->c_prov_free == NULL)
255 return 0;
256
257 gbl->lock = CRYPTO_THREAD_lock_new();
258 if (gbl->lock == NULL)
259 return 0;
260
261 if (!gbl->c_provider_register_child_cb(gbl->handle,
262 provider_create_child_cb,
263 provider_remove_child_cb,
264 provider_global_props_cb,
265 ctx))
266 return 0;
267
268 return 1;
269 }
270
ossl_provider_deinit_child(OSSL_LIB_CTX * ctx)271 void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx)
272 {
273 struct child_prov_globals *gbl
274 = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
275 &child_prov_ossl_ctx_method);
276 if (gbl == NULL)
277 return;
278
279 gbl->c_provider_deregister_child_cb(gbl->handle);
280 }
281
282 /*
283 * ossl_provider_up_ref_parent() and ossl_provider_free_parent() do
284 * nothing in "self-referencing" child providers, i.e. when the parent
285 * of the child provider is the same as the provider where this child
286 * provider was created.
287 * This allows the teardown function in the parent provider to be called
288 * at the correct moment.
289 * For child providers in other providers, the reference count is done to
290 * ensure that cross referencing is recorded. These should be cleared up
291 * through that providers teardown, as part of freeing its child libctx.
292 */
293
ossl_provider_up_ref_parent(OSSL_PROVIDER * prov,int activate)294 int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate)
295 {
296 struct child_prov_globals *gbl;
297 const OSSL_CORE_HANDLE *parent_handle;
298
299 gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
300 OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
301 &child_prov_ossl_ctx_method);
302 if (gbl == NULL)
303 return 0;
304
305 parent_handle = ossl_provider_get_parent(prov);
306 if (parent_handle == gbl->handle)
307 return 1;
308 return gbl->c_prov_up_ref(parent_handle, activate);
309 }
310
ossl_provider_free_parent(OSSL_PROVIDER * prov,int deactivate)311 int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate)
312 {
313 struct child_prov_globals *gbl;
314 const OSSL_CORE_HANDLE *parent_handle;
315
316 gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
317 OSSL_LIB_CTX_CHILD_PROVIDER_INDEX,
318 &child_prov_ossl_ctx_method);
319 if (gbl == NULL)
320 return 0;
321
322 parent_handle = ossl_provider_get_parent(prov);
323 if (parent_handle == gbl->handle)
324 return 1;
325 return gbl->c_prov_free(ossl_provider_get_parent(prov), deactivate);
326 }
327