projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
crypto/evp/pkey_kdf.c: Redo parameter processing
[openssl.git] / crypto / provider_core.c
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index d96e2144f493052c45e513ac99279570371454a2..356327f375cf1aca784c2709a5e4076d6a162e69 100644 (file)
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -9,6 +9,7 @@
 
 #include <openssl/core.h>
 #include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
 #include <openssl/params.h>
 #include <openssl/opensslv.h>
 #include "internal/cryptlib_int.h"
@@ -62,7 +63,7 @@ struct ossl_provider_st {
 
     /* Provider side functions */
     OSSL_provider_teardown_fn *teardown;
-    OSSL_provider_get_param_types_fn *get_param_types;
+    OSSL_provider_gettable_params_fn *gettable_params;
     OSSL_provider_get_params_fn *get_params;
     OSSL_provider_query_operation_fn *query_operation;
 
@@ -159,7 +160,8 @@ static struct provider_store_st *get_provider_store(OPENSSL_CTX *libctx)
     return store;
 }
 
-OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
+OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+                                  int noconfig)
 {
     struct provider_store_st *store = NULL;
     OSSL_PROVIDER *prov = NULL;
@@ -168,6 +170,15 @@ OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
         OSSL_PROVIDER tmpl = { 0, };
         int i;
 
+#ifndef FIPS_MODE
+        /*
+         * Make sure any providers are loaded from config before we try to find
+         * them.
+         */
+        if (!noconfig)
+            OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
         tmpl.name = (char *)name;
         CRYPTO_THREAD_write_lock(store->lock);
         if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
@@ -215,7 +226,8 @@ int ossl_provider_up_ref(OSSL_PROVIDER *prov)
 }
 
 OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
-                                 OSSL_provider_init_fn *init_function)
+                                 OSSL_provider_init_fn *init_function,
+                                 int noconfig)
 {
     struct provider_store_st *store = NULL;
     OSSL_PROVIDER *prov = NULL;
@@ -223,11 +235,11 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
     if ((store = get_provider_store(libctx)) == NULL)
         return NULL;
 
-    if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
+    if ((prov = ossl_provider_find(libctx, name,
+                                   noconfig)) != NULL) { /* refcount +1 */
         ossl_provider_free(prov); /* refcount -1 */
-        CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW,
-                  CRYPTO_R_PROVIDER_ALREADY_EXISTS);
-        ERR_add_error_data(2, "name=", name);
+        ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL,
+                       "name=%s", name);
         return NULL;
     }
 
@@ -438,8 +450,8 @@ static int provider_activate(OSSL_PROVIDER *prov)
     if (prov->init_function == NULL
         || !prov->init_function(prov, core_dispatch, &provider_dispatch,
                                 &prov->provctx)) {
-        CRYPTOerr(CRYPTO_F_PROVIDER_ACTIVATE, ERR_R_INIT_FAIL);
-        ERR_add_error_data(2, "name=", prov->name);
+        ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, NULL,
+                       "name=%s", prov->name);
 #ifndef FIPS_MODE
         DSO_free(prov->module);
         prov->module = NULL;
@@ -453,9 +465,9 @@ static int provider_activate(OSSL_PROVIDER *prov)
             prov->teardown =
                 OSSL_get_provider_teardown(provider_dispatch);
             break;
-        case OSSL_FUNC_PROVIDER_GET_PARAM_TYPES:
-            prov->get_param_types =
-                OSSL_get_provider_get_param_types(provider_dispatch);
+        case OSSL_FUNC_PROVIDER_GETTABLE_PARAMS:
+            prov->gettable_params =
+                OSSL_get_provider_gettable_params(provider_dispatch);
             break;
         case OSSL_FUNC_PROVIDER_GET_PARAMS:
             prov->get_params =
@@ -553,7 +565,9 @@ static int provider_forall_loaded(struct provider_store_st *store,
 {
     int i;
     int ret = 1;
-    int num_provs = sk_OSSL_PROVIDER_num(store->providers);
+    int num_provs;
+
+    num_provs = sk_OSSL_PROVIDER_num(store->providers);
 
     if (found_activated != NULL)
         *found_activated = 0;
@@ -572,67 +586,87 @@ static int provider_forall_loaded(struct provider_store_st *store,
     return ret;
 }
 
+/*
+ * This function only does something once when store->use_fallbacks == 1,
+ * and then sets store->use_fallbacks = 0, so the second call and so on is
+ * effectively a no-op.
+ */
+static void provider_activate_fallbacks(struct provider_store_st *store)
+{
+    if (store->use_fallbacks) {
+        int num_provs = sk_OSSL_PROVIDER_num(store->providers);
+        int activated_fallback_count = 0;
+        int i;
+
+        for (i = 0; i < num_provs; i++) {
+            OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(store->providers, i);
+
+            /*
+             * Note that we don't care if the activation succeeds or not.
+             * If it doesn't succeed, then any attempt to use any of the
+             * fallback providers will fail anyway.
+             */
+            if (prov->flag_fallback) {
+                activated_fallback_count++;
+                provider_activate(prov);
+            }
+        }
+
+        /*
+         * We assume that all fallbacks have been added to the store before
+         * any fallback is activated.
+         * TODO: We may have to reconsider this, IF we find ourselves adding
+         * fallbacks after any previous fallback has been activated.
+         */
+        if (activated_fallback_count > 0)
+            store->use_fallbacks = 0;
+    }
+}
+
 int ossl_provider_forall_loaded(OPENSSL_CTX *ctx,
                                 int (*cb)(OSSL_PROVIDER *provider,
                                           void *cbdata),
                                 void *cbdata)
 {
     int ret = 1;
-    int i;
     struct provider_store_st *store = get_provider_store(ctx);
 
-    if (store != NULL) {
-        int found_activated = 0;
+#ifndef FIPS_MODE
+    /*
+     * Make sure any providers are loaded from config before we try to use
+     * them.
+     */
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 
+    if (store != NULL) {
         CRYPTO_THREAD_read_lock(store->lock);
-        ret = provider_forall_loaded(store, &found_activated, cb, cbdata);
+
+        provider_activate_fallbacks(store);
 
         /*
-         * If there's nothing activated ever in this store, try to activate
-         * all fallbacks.
+         * Now, we sweep through all providers
          */
-        if (!found_activated && store->use_fallbacks) {
-            int num_provs = sk_OSSL_PROVIDER_num(store->providers);
-            int activated_fallback_count = 0;
-
-            for (i = 0; i < num_provs; i++) {
-                OSSL_PROVIDER *prov =
-                    sk_OSSL_PROVIDER_value(store->providers, i);
-
-                /*
-                 * Note that we don't care if the activation succeeds or
-                 * not.  If it doesn't succeed, then the next loop will
-                 * fail anyway.
-                 */
-                if (prov->flag_fallback) {
-                    activated_fallback_count++;
-                    provider_activate(prov);
-                }
-            }
+        ret = provider_forall_loaded(store, NULL, cb, cbdata);
 
-            if (activated_fallback_count > 0) {
-                /*
-                 * We assume that all fallbacks have been added to the store
-                 * before any fallback is activated.
-                 * TODO: We may have to reconsider this, IF we find ourselves
-                 * adding fallbacks after any previous fallback has been
-                 * activated.
-                 */
-                store->use_fallbacks = 0;
-
-                /*
-                 * Now that we've activated available fallbacks, try a
-                 * second sweep
-                 */
-                ret = provider_forall_loaded(store, NULL, cb, cbdata);
-            }
-        }
         CRYPTO_THREAD_unlock(store->lock);
     }
 
     return ret;
 }
 
+int ossl_provider_available(OSSL_PROVIDER *prov)
+{
+    if (prov != NULL) {
+        CRYPTO_THREAD_read_lock(prov->store->lock);
+        provider_activate_fallbacks(prov->store);
+        CRYPTO_THREAD_unlock(prov->store->lock);
+
+        return prov->flag_initialized;
+    }
+    return 0;
+}
+
 /* Setters of Provider Object data */
 int ossl_provider_set_fallback(OSSL_PROVIDER *prov)
 {
@@ -673,6 +707,12 @@ const char *ossl_provider_module_path(const OSSL_PROVIDER *prov)
 #endif
 }
 
+OPENSSL_CTX *ossl_provider_library_context(const OSSL_PROVIDER *prov)
+{
+    /* TODO(3.0) just: return prov->libctx; */
+    return prov != NULL ? prov->libctx : NULL;
+}
+
 /* Wrappers around calls to the provider */
 void ossl_provider_teardown(const OSSL_PROVIDER *prov)
 {
@@ -680,10 +720,10 @@ void ossl_provider_teardown(const OSSL_PROVIDER *prov)
         prov->teardown(prov->provctx);
 }
 
-const OSSL_PARAM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov)
+const OSSL_PARAM *ossl_provider_gettable_params(const OSSL_PROVIDER *prov)
 {
-    return prov->get_param_types == NULL
-        ? NULL : prov->get_param_types(prov->provctx);
+    return prov->gettable_params == NULL
+        ? NULL : prov->gettable_params(prov->provctx);
 }
 
 int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
@@ -713,12 +753,27 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
  * never knows.
  */
 static const OSSL_PARAM param_types[] = {
-    OSSL_PARAM_DEFN("openssl-verstion", OSSL_PARAM_UTF8_PTR, NULL, 0),
+    OSSL_PARAM_DEFN("openssl-version", OSSL_PARAM_UTF8_PTR, NULL, 0),
     OSSL_PARAM_DEFN("provider-name", OSSL_PARAM_UTF8_PTR, NULL, 0),
     OSSL_PARAM_END
 };
 
-static const OSSL_PARAM *core_get_param_types(const OSSL_PROVIDER *prov)
+/*
+ * Forward declare all the functions that are provided aa dispatch.
+ * This ensures that the compiler will complain if they aren't defined
+ * with the correct signature.
+ */
+static OSSL_core_gettable_params_fn core_gettable_params;
+static OSSL_core_get_params_fn core_get_params;
+static OSSL_core_thread_start_fn core_thread_start;
+static OSSL_core_get_library_context_fn core_get_libctx;
+#ifndef FIPS_MODE
+static OSSL_core_new_error_fn core_new_error;
+static OSSL_core_set_error_debug_fn core_set_error_debug;
+static OSSL_core_vset_error_fn core_vset_error;
+#endif
+
+static const OSSL_PARAM *core_gettable_params(const OSSL_PROVIDER *prov)
 {
     return param_types;
 }
@@ -733,6 +788,11 @@ static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
     if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
         OSSL_PARAM_set_utf8_ptr(p, prov->name);
 
+#ifndef FIPS_MODE
+    if ((p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_MODULE_FILENAME)) != NULL)
+        OSSL_PARAM_set_utf8_ptr(p, ossl_provider_module_path(prov));
+#endif
+
     if (prov->parameters == NULL)
         return 1;
 
@@ -742,14 +802,12 @@ static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
         if ((p = OSSL_PARAM_locate(params, pair->name)) != NULL)
             OSSL_PARAM_set_utf8_ptr(p, pair->value);
     }
-
     return 1;
 }
 
-static OSSL_core_get_library_context_fn core_get_libctx; /* Check */
 static OPENSSL_CTX *core_get_libctx(const OSSL_PROVIDER *prov)
 {
-    return prov->libctx;
+    return ossl_provider_library_context(prov);
 }
 
 static int core_thread_start(const OSSL_PROVIDER *prov,
@@ -764,8 +822,26 @@ static int core_thread_start(const OSSL_PROVIDER *prov,
  * ones.
  */
 #ifndef FIPS_MODE
-static void core_put_error(const OSSL_PROVIDER *prov,
-                           uint32_t reason, const char *file, int line)
+/*
+ * TODO(3.0) These error functions should use |prov| to select the proper
+ * library context to report in the correct error stack, at least if error
+ * stacks become tied to the library context.
+ * We cannot currently do that since there's no support for it in the
+ * ERR subsystem.
+ */
+static void core_new_error(const OSSL_PROVIDER *prov)
+{
+    ERR_new();
+}
+
+static void core_set_error_debug(const OSSL_PROVIDER *prov,
+                                 const char *file, int line, const char *func)
+{
+    ERR_set_debug(file, line, func);
+}
+
+static void core_vset_error(const OSSL_PROVIDER *prov,
+                            uint32_t reason, const char *fmt, va_list args)
 {
     /*
      * If the uppermost 8 bits are non-zero, it's an OpenSSL library
@@ -773,27 +849,11 @@ static void core_put_error(const OSSL_PROVIDER *prov,
      * provider error and will be treated as such.
      */
     if (ERR_GET_LIB(reason) != 0) {
-        ERR_PUT_error(ERR_GET_LIB(reason),
-                      ERR_GET_FUNC(reason),
-                      ERR_GET_REASON(reason),
-                      file, line);
+        ERR_vset_error(ERR_GET_LIB(reason), ERR_GET_REASON(reason), fmt, args);
     } else {
-        ERR_PUT_error(prov->error_lib, 0, (int)reason, file, line);
+        ERR_vset_error(prov->error_lib, (int)reason, fmt, args);
     }
 }
-
-/*
- * TODO(3.0) This, as well as core_put_error above, should use |prov|
- * to select the proper library context to report in the correct error
- * stack, at least if error stacks become tied to the library context.
- * We cannot currently do that since there's no support for it in the
- * ERR subsystem.
- */
-static void core_add_error_vdata(const OSSL_PROVIDER *prov,
-                                 int num, va_list args)
-{
-    ERR_add_error_vdata(num, args);
-}
 #endif
 
 /*
@@ -801,20 +861,22 @@ static void core_add_error_vdata(const OSSL_PROVIDER *prov,
  * functions.
  */
 static const OSSL_DISPATCH core_dispatch_[] = {
-    { OSSL_FUNC_CORE_GET_PARAM_TYPES, (void (*)(void))core_get_param_types },
+    { OSSL_FUNC_CORE_GETTABLE_PARAMS, (void (*)(void))core_gettable_params },
     { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params },
     { OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT, (void (*)(void))core_get_libctx },
     { OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start },
 #ifndef FIPS_MODE
-    { OSSL_FUNC_CORE_PUT_ERROR, (void (*)(void))core_put_error },
-    { OSSL_FUNC_CORE_ADD_ERROR_VDATA, (void (*)(void))core_add_error_vdata },
+    { OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error },
+    { OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug },
+    { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error },
+    { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))BIO_new_file },
+    { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf },
+    { OSSL_FUNC_BIO_READ, (void (*)(void))BIO_read },
+    { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free },
 #endif
 
     { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc },
     { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc },
-    { OSSL_FUNC_CRYPTO_MEMDUP, (void (*)(void))CRYPTO_memdup },
-    { OSSL_FUNC_CRYPTO_STRDUP, (void (*)(void))CRYPTO_strdup },
-    { OSSL_FUNC_CRYPTO_STRNDUP, (void (*)(void))CRYPTO_strndup },
     { OSSL_FUNC_CRYPTO_FREE, (void (*)(void))CRYPTO_free },
     { OSSL_FUNC_CRYPTO_CLEAR_FREE, (void (*)(void))CRYPTO_clear_free },
     { OSSL_FUNC_CRYPTO_REALLOC, (void (*)(void))CRYPTO_realloc },
@@ -827,7 +889,6 @@ static const OSSL_DISPATCH core_dispatch_[] = {
     { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED,
         (void (*)(void))CRYPTO_secure_allocated },
     { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse },
-    { OSSL_FUNC_OPENSSL_HEXSTR2BUF, (void (*)(void))OPENSSL_hexstr2buf },
 
     { 0, NULL }
 };
Unnamed repository; edit this file 'description' to name the repository.