crypto/provider_core.c

   1 /*
   2  * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
   3  *
   4  * Licensed under the Apache License 2.0 (the "License").  You may not use
   5  * this file except in compliance with the License.  You can obtain a copy
   6  * in the file LICENSE in the source distribution or at
   7  * https://www.openssl.org/source/license.html
   8  */
   9
  10 #include <openssl/core.h>
  11 #include <openssl/core_numbers.h>
  12 #include <openssl/opensslv.h>
  13 #include "internal/cryptlib.h"
  14 #include "internal/thread_once.h"
  15 #include "internal/provider.h"
  16 #include "internal/refcount.h"
  17
  18 /*-
  19  * Provider Object structure
  20  * =========================
  21  */
  22
  23 struct provider_store_st;        /* Forward declaration */
  24
  25 struct ossl_provider_st {
  26     /* Flag bits */
  27     unsigned int flag_initialized:1;
  28
  29     /* OpenSSL library side data */
  30     CRYPTO_REF_COUNT refcnt;
  31 #ifndef HAVE_ATOMICS
  32     CRYPTO_RWLOCK refcnt_lock;   /* For the ref counter */
  33 #endif
  34     char *name;
  35     DSO *module;
  36     OSSL_provider_init_fn *init_function;
  37
  38     /* Provider side functions */
  39     OSSL_provider_teardown_fn *teardown;
  40     OSSL_provider_get_param_types_fn *get_param_types;
  41     OSSL_provider_get_params_fn *get_params;
  42     OSSL_provider_query_operation_fn *query_operation;
  43 };
  44 DEFINE_STACK_OF(OSSL_PROVIDER)
  45
  46 static int ossl_provider_cmp(const OSSL_PROVIDER * const *a,
  47                              const OSSL_PROVIDER * const *b)
  48 {
  49     return strcmp((*a)->name, (*b)->name);
  50 }
  51
  52 /*-
  53  * Provider Object store
  54  * =====================
  55  *
  56  * The Provider Object store is a library context object, and therefore needs
  57  * an index.
  58  */
  59
  60 struct provider_store_st {
  61     STACK_OF(OSSL_PROVIDER) *providers;
  62     CRYPTO_RWLOCK *lock;
  63 };
  64 static int provider_store_index = -1;
  65
  66 static void provider_store_free(void *vstore)
  67 {
  68     struct provider_store_st *store = vstore;
  69
  70     if (store == NULL)
  71         return;
  72     sk_OSSL_PROVIDER_pop_free(store->providers, ossl_provider_free);
  73     CRYPTO_THREAD_lock_free(store->lock);
  74     OPENSSL_free(store);
  75 }
  76
  77 static void *provider_store_new(void)
  78 {
  79     struct provider_store_st *store = OPENSSL_zalloc(sizeof(*store));
  80
  81     if (store == NULL
  82         || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL
  83         || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) {
  84         provider_store_free(store);
  85         store = NULL;
  86     }
  87     return store;
  88 }
  89
  90 static const OPENSSL_CTX_METHOD provider_store_method = {
  91     provider_store_new,
  92     provider_store_free,
  93 };
  94
  95 static CRYPTO_ONCE provider_store_init_flag = CRYPTO_ONCE_STATIC_INIT;
  96 DEFINE_RUN_ONCE_STATIC(do_provider_store_init)
  97 {
  98     return OPENSSL_init_crypto(0, NULL)
  99         && (provider_store_index =
 100             openssl_ctx_new_index(&provider_store_method)) != -1;
 101 }
 102
 103
 104 static struct provider_store_st *get_provider_store(OPENSSL_CTX *libctx)
 105 {
 106     struct provider_store_st *store = NULL;
 107
 108     if (!RUN_ONCE(&provider_store_init_flag, do_provider_store_init))
 109         return NULL;
 110
 111     store = openssl_ctx_get_data(libctx, provider_store_index);
 112     if (store == NULL)
 113         CRYPTOerr(CRYPTO_F_GET_PROVIDER_STORE, ERR_R_INTERNAL_ERROR);
 114     return store;
 115 }
 116
 117 /*-
 118  * Provider Object methods
 119  * =======================
 120  */
 121
 122 int ossl_provider_upref(OSSL_PROVIDER *prov)
 123 {
 124     int ref = 0;
 125
 126 #ifndef HAVE_ATOMICS
 127     CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock);
 128 #else
 129     CRYPTO_UP_REF(&prov->refcnt, &ref, NULL);
 130 #endif
 131     return ref;
 132 }
 133
 134 /* Finder, constructor and destructor */
 135 OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
 136 {
 137     struct provider_store_st *store = NULL;
 138     OSSL_PROVIDER *prov = NULL;
 139
 140     if ((store = get_provider_store(libctx)) != NULL) {
 141         OSSL_PROVIDER tmpl = { 0, };
 142         int i;
 143
 144         tmpl.name = (char *)name;
 145         CRYPTO_THREAD_write_lock(store->lock);
 146         if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
 147             || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL
 148             || !ossl_provider_upref(prov))
 149             prov = NULL;
 150         CRYPTO_THREAD_unlock(store->lock);
 151     }
 152
 153     return prov;
 154 }
 155
 156 OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
 157                                  OSSL_provider_init_fn *init_function)
 158 {
 159     struct provider_store_st *store = NULL;
 160     OSSL_PROVIDER *prov = NULL;
 161
 162     if ((store = get_provider_store(libctx)) == NULL)
 163         return NULL;
 164
 165     if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
 166         ossl_provider_free(prov); /* refcount -1 */
 167         CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW,
 168                   CRYPTO_R_PROVIDER_ALREADY_EXISTS);
 169         ERR_add_error_data(2, "name=", name);
 170         return NULL;
 171     }
 172
 173     if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL
 174         || !ossl_provider_upref(prov) /* +1 One reference to be returned */
 175         || (prov->name = OPENSSL_strdup(name)) == NULL) {
 176         ossl_provider_free(prov);
 177         CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW, ERR_R_MALLOC_FAILURE);
 178         return NULL;
 179     }
 180
 181     prov->init_function = init_function;
 182
 183     CRYPTO_THREAD_write_lock(store->lock);
 184     if (!ossl_provider_upref(prov)) { /* +1 One reference for the store */
 185         ossl_provider_free(prov); /* -1 Reference that was to be returned */
 186         prov = NULL;
 187     } else if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) {
 188         ossl_provider_free(prov); /* -1 Store reference */
 189         ossl_provider_free(prov); /* -1 Reference that was to be returned */
 190         prov = NULL;
 191     }
 192     CRYPTO_THREAD_unlock(store->lock);
 193
 194     if (prov == NULL)
 195         CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW, ERR_R_MALLOC_FAILURE);
 196
 197     /*
 198      * At this point, the provider is only partially "loaded".  To be
 199      * fully "loaded", ossl_provider_activate() must also be called.
 200      */
 201
 202     return prov;
 203 }
 204
 205 void ossl_provider_free(OSSL_PROVIDER *prov)
 206 {
 207     if (prov != NULL) {
 208         int ref = 0;
 209
 210 #ifndef HAVE_ATOMICS
 211         CRYPTO_DOWN_REF(&prov->refcnt, &ref, provider_lock);
 212 #else
 213         CRYPTO_DOWN_REF(&prov->refcnt, &ref, NULL);
 214 #endif
 215
 216         /*
 217          * When the refcount drops down to one, there is only one reference,
 218          * the store.
 219          * When that happens, the provider is inactivated.
 220          */
 221         if (ref == 1 && prov->flag_initialized) {
 222             if (prov->teardown != NULL)
 223                 prov->teardown();
 224             prov->flag_initialized = 0;
 225         }
 226
 227         /*
 228          * When the refcount drops to zero, it has been taken out of
 229          * the store.  All we have to do here is clean it out.
 230          */
 231         if (ref == 0) {
 232             DSO_free(prov->module);
 233             OPENSSL_free(prov->name);
 234             OPENSSL_free(prov);
 235         }
 236     }
 237 }
 238
 239 /*
 240  * Provider activation.
 241  *
 242  * What "activation" means depends on the provider form; for built in
 243  * providers (in the library or the application alike), the provider
 244  * can already be considered to be loaded, all that's needed is to
 245  * initialize it.  However, for dynamically loadable provider modules,
 246  * we must first load that module.
 247  *
 248  * Built in modules are distinguished from dynamically loaded modules
 249  * with an already assigned init function.
 250  */
 251 static const OSSL_DISPATCH *core_dispatch; /* Define further down */
 252
 253 int ossl_provider_activate(OSSL_PROVIDER *prov)
 254 {
 255     const OSSL_DISPATCH *provider_dispatch = NULL;
 256
 257     if (prov->flag_initialized)
 258         return 1;
 259
 260     /*
 261      * If the init function isn't set, it indicates that this provider is
 262      * a loadable module.
 263      */
 264     if (prov->init_function == NULL) {
 265         if (prov->module == NULL) {
 266             char *platform_module_name = NULL;
 267             char *module_path = NULL;
 268             const char *load_dir = ossl_safe_getenv("OPENSSL_MODULES");
 269
 270             if ((prov->module = DSO_new()) == NULL) {
 271                 /* DSO_new() generates an error already */
 272                 return 0;
 273             }
 274
 275             if (load_dir == NULL)
 276                 load_dir = MODULESDIR;
 277
 278             DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS,
 279                      DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
 280             if ((platform_module_name =
 281                  DSO_convert_filename(prov->module, prov->name)) == NULL
 282                 || (module_path =
 283                     DSO_merge(prov->module, platform_module_name,
 284                               load_dir)) == NULL
 285                 || DSO_load(prov->module, module_path, NULL,
 286                             DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == NULL) {
 287                 DSO_free(prov->module);
 288                 prov->module = NULL;
 289             }
 290
 291             OPENSSL_free(platform_module_name);
 292             OPENSSL_free(module_path);
 293         }
 294
 295         if (prov->module != NULL)
 296             prov->init_function = (OSSL_provider_init_fn *)
 297                 DSO_bind_func(prov->module, "OSSL_provider_init");
 298     }
 299
 300     if (prov->init_function == NULL
 301         || !prov->init_function(prov, core_dispatch, &provider_dispatch)) {
 302         CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ACTIVATE, ERR_R_INIT_FAIL);
 303         ERR_add_error_data(2, "name=", prov->name);
 304         DSO_free(prov->module);
 305         prov->module = NULL;
 306         return 0;
 307     }
 308
 309     for (; provider_dispatch->function_id != 0; provider_dispatch++) {
 310         switch (provider_dispatch->function_id) {
 311         case OSSL_FUNC_PROVIDER_TEARDOWN:
 312             prov->teardown =
 313                 OSSL_get_provider_teardown(provider_dispatch);
 314             break;
 315         case OSSL_FUNC_PROVIDER_GET_PARAM_TYPES:
 316             prov->get_param_types =
 317                 OSSL_get_provider_get_param_types(provider_dispatch);
 318             break;
 319         case OSSL_FUNC_PROVIDER_GET_PARAMS:
 320             prov->get_params =
 321                 OSSL_get_provider_get_params(provider_dispatch);
 322             break;
 323         case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
 324             prov->query_operation =
 325                 OSSL_get_provider_query_operation(provider_dispatch);
 326             break;
 327         }
 328     }
 329
 330     /* With this flag set, this provider has become fully "loaded". */
 331     prov->flag_initialized = 1;
 332
 333     return 1;
 334 }
 335
 336 int ossl_provider_forall_loaded(OPENSSL_CTX *ctx,
 337                                 int (*cb)(OSSL_PROVIDER *provider,
 338                                           void *cbdata),
 339                                 void *cbdata)
 340 {
 341     int ret = 1;
 342     int i;
 343     struct provider_store_st *store = get_provider_store(ctx);
 344
 345     if (store != NULL) {
 346         CRYPTO_THREAD_read_lock(store->lock);
 347         for (i = 0; i < sk_OSSL_PROVIDER_num(store->providers); i++) {
 348             OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(store->providers, i);
 349
 350             if (prov->flag_initialized
 351                 && !(ret = cb(prov, cbdata)))
 352                 break;
 353         }
 354         CRYPTO_THREAD_unlock(store->lock);
 355     }
 356
 357     return ret;
 358 }
 359
 360 /* Getters of Provider Object data */
 361 const char *ossl_provider_name(OSSL_PROVIDER *prov)
 362 {
 363     return prov->name;
 364 }
 365
 366 const DSO *ossl_provider_dso(OSSL_PROVIDER *prov)
 367 {
 368     return prov->module;
 369 }
 370
 371 const char *ossl_provider_module_name(OSSL_PROVIDER *prov)
 372 {
 373     return DSO_get_filename(prov->module);
 374 }
 375
 376 const char *ossl_provider_module_path(OSSL_PROVIDER *prov)
 377 {
 378     /* FIXME: Ensure it's a full path */
 379     return DSO_get_filename(prov->module);
 380 }
 381
 382 /* Wrappers around calls to the provider */
 383 void ossl_provider_teardown(const OSSL_PROVIDER *prov)
 384 {
 385     if (prov->teardown != NULL)
 386         prov->teardown();
 387 }
 388
 389 const OSSL_ITEM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov)
 390 {
 391     return prov->get_param_types == NULL ? NULL : prov->get_param_types(prov);
 392 }
 393
 394 int ossl_provider_get_params(const OSSL_PROVIDER *prov,
 395                              const OSSL_PARAM params[])
 396 {
 397     return prov->get_params == NULL ? 0 : prov->get_params(prov, params);
 398 }
 399
 400
 401 const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
 402                                                     int operation_id,
 403                                                     int *no_cache)
 404 {
 405     return prov->query_operation(prov, operation_id, no_cache);
 406 }
 407
 408 /*-
 409  * Core functions for the provider
 410  * ===============================
 411  *
 412  * This is the set of functions that the core makes available to the provider
 413  */
 414
 415 /*
 416  * This returns a list of Provider Object parameters with their types, for
 417  * discovery.  We do not expect that many providers will use this, but one
 418  * never knows.
 419  */
 420 static const OSSL_ITEM param_types[] = {
 421     { OSSL_PARAM_UTF8_PTR, "openssl-version" },
 422     { OSSL_PARAM_UTF8_PTR, "provider-name" },
 423     { 0, NULL }
 424 };
 425
 426 static const OSSL_ITEM *core_get_param_types(const OSSL_PROVIDER *prov)
 427 {
 428     return param_types;
 429 }
 430
 431 static int core_get_params(const OSSL_PROVIDER *prov, const OSSL_PARAM params[])
 432 {
 433     int i;
 434
 435     for (i = 0; params[i].key != NULL; i++) {
 436         if (strcmp(params[i].key, "openssl-version") == 0) {
 437             *(void **)params[i].data = OPENSSL_VERSION_STR;
 438             if (params[i].return_size)
 439                 *params[i].return_size = sizeof(OPENSSL_VERSION_STR);
 440         } else if (strcmp(params[i].key, "provider-name") == 0) {
 441             *(void **)params[i].data = prov->name;
 442             if (params[i].return_size)
 443                 *params[i].return_size = strlen(prov->name) + 1;
 444         }
 445     }
 446
 447     return 1;
 448 }
 449
 450 static const OSSL_DISPATCH core_dispatch_[] = {
 451     { OSSL_FUNC_CORE_GET_PARAM_TYPES, (void (*)(void))core_get_param_types },
 452     { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params },
 453     { 0, NULL }
 454 };
 455 static const OSSL_DISPATCH *core_dispatch = core_dispatch_;