* https://www.openssl.org/source/license.html
*/
+#include <assert.h>
#include <openssl/core.h>
#include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
unsigned int flag_initialized:1;
unsigned int flag_activated:1;
unsigned int flag_fallback:1; /* Can be used as fallback */
- unsigned int flag_activated_as_fallback:1;
/* Getting and setting the flags require synchronization */
CRYPTO_RWLOCK *flag_lock;
/* OpenSSL library side data */
CRYPTO_REF_COUNT refcnt;
CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */
- CRYPTO_REF_COUNT activatecnt;
- CRYPTO_RWLOCK *activatecnt_lock; /* For the activate counter */
+ int activatecnt;
char *name;
char *path;
DSO *module;
struct provider_store_st {
STACK_OF(OSSL_PROVIDER) *providers;
+ CRYPTO_RWLOCK *default_path_lock;
CRYPTO_RWLOCK *lock;
char *default_path;
unsigned int use_fallbacks:1;
return;
OPENSSL_free(store->default_path);
sk_OSSL_PROVIDER_pop_free(store->providers, provider_deactivate_free);
+ CRYPTO_THREAD_lock_free(store->default_path_lock);
CRYPTO_THREAD_lock_free(store->lock);
OPENSSL_free(store);
}
if (store == NULL
|| (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL
+ || (store->default_path_lock = CRYPTO_THREAD_lock_new()) == NULL
|| (store->lock = CRYPTO_THREAD_lock_new()) == NULL) {
provider_store_free(store);
return NULL;
}
store->use_fallbacks = 1;
- for (p = predefined_providers; p->name != NULL; p++) {
+ for (p = ossl_predefined_providers; p->name != NULL; p++) {
OSSL_PROVIDER *prov = NULL;
/*
struct provider_store_st *store;
if ((store = get_provider_store(libctx)) != NULL) {
- CRYPTO_THREAD_write_lock(store->lock);
+ if (!CRYPTO_THREAD_write_lock(store->lock))
+ return 0;
store->use_fallbacks = 0;
CRYPTO_THREAD_unlock(store->lock);
return 1;
#endif
tmpl.name = (char *)name;
- CRYPTO_THREAD_write_lock(store->lock);
+ if (!CRYPTO_THREAD_write_lock(store->lock))
+ return NULL;
if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
|| (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL
|| !ossl_provider_up_ref(prov))
if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL
#ifndef HAVE_ATOMICS
|| (prov->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL
- || (prov->activatecnt_lock = CRYPTO_THREAD_lock_new()) == NULL
#endif
|| !ossl_provider_up_ref(prov) /* +1 One reference to be returned */
|| (prov->opbits_lock = CRYPTO_THREAD_lock_new()) == NULL
if ((prov = provider_new(name, init_function)) == NULL)
return NULL;
- CRYPTO_THREAD_write_lock(store->lock);
+ if (!CRYPTO_THREAD_write_lock(store->lock))
+ return NULL;
if (!ossl_provider_up_ref(prov)) { /* +1 One reference for the store */
ossl_provider_free(prov); /* -1 Reference that was to be returned */
prov = NULL;
*/
if (ref == 0) {
if (prov->flag_initialized) {
-#ifndef FIPS_MODULE
- ossl_init_thread_deregister(prov);
-#endif
if (prov->teardown != NULL)
prov->teardown(prov->provctx);
#ifndef OPENSSL_NO_ERR
}
#ifndef FIPS_MODULE
+ /*
+ * We deregister thread handling whether or not the provider was
+ * initialized. If init was attempted but was not successful then
+ * the provider may still have registered a thread handler.
+ */
+ ossl_init_thread_deregister(prov);
DSO_free(prov->module);
#endif
OPENSSL_free(prov->name);
CRYPTO_THREAD_lock_free(prov->flag_lock);
#ifndef HAVE_ATOMICS
CRYPTO_THREAD_lock_free(prov->refcnt_lock);
- CRYPTO_THREAD_lock_free(prov->activatecnt_lock);
#endif
OPENSSL_free(prov);
}
}
}
if ((store = get_provider_store(libctx)) != NULL
- && CRYPTO_THREAD_write_lock(store->lock)) {
+ && CRYPTO_THREAD_write_lock(store->default_path_lock)) {
OPENSSL_free(store->default_path);
store->default_path = p;
- CRYPTO_THREAD_unlock(store->lock);
+ CRYPTO_THREAD_unlock(store->default_path_lock);
return 1;
}
OPENSSL_free(p);
* locking. Direct callers must remember to set the store flags when
* appropriate.
*/
-static int provider_init(OSSL_PROVIDER *prov)
+static int provider_init(OSSL_PROVIDER *prov, int flag_lock)
{
const OSSL_DISPATCH *provider_dispatch = NULL;
void *tmp_provctx = NULL; /* safety measure */
* modifies a number of things in the provider structure that this
* function needs to perform under lock anyway.
*/
- CRYPTO_THREAD_write_lock(prov->flag_lock);
+ if (flag_lock && !CRYPTO_THREAD_write_lock(prov->flag_lock))
+ goto end;
if (prov->flag_initialized) {
ok = 1;
goto end;
const char *module_path = NULL;
char *merged_path = NULL;
const char *load_dir = NULL;
+ char *allocated_load_dir = NULL;
struct provider_store_st *store;
if ((prov->module = DSO_new()) == NULL) {
}
if ((store = get_provider_store(prov->libctx)) == NULL
- || !CRYPTO_THREAD_read_lock(store->lock))
+ || !CRYPTO_THREAD_read_lock(store->default_path_lock))
goto end;
- load_dir = store->default_path;
- CRYPTO_THREAD_unlock(store->lock);
+
+ if (store->default_path != NULL) {
+ allocated_load_dir = OPENSSL_strdup(store->default_path);
+ CRYPTO_THREAD_unlock(store->default_path_lock);
+ if (allocated_load_dir == NULL) {
+ ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
+ goto end;
+ }
+ load_dir = allocated_load_dir;
+ } else {
+ CRYPTO_THREAD_unlock(store->default_path_lock);
+ }
if (load_dir == NULL) {
load_dir = ossl_safe_getenv("OPENSSL_MODULES");
OPENSSL_free(merged_path);
OPENSSL_free(allocated_path);
+ OPENSSL_free(allocated_load_dir);
}
if (prov->module != NULL)
&provider_dispatch, &tmp_provctx)) {
ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL,
"name=%s", prov->name);
-#ifndef FIPS_MODULE
- DSO_free(prov->module);
- prov->module = NULL;
-#endif
goto end;
}
prov->provctx = tmp_provctx;
ok = 1;
end:
- CRYPTO_THREAD_unlock(prov->flag_lock);
+ if (flag_lock)
+ CRYPTO_THREAD_unlock(prov->flag_lock);
return ok;
}
static int provider_deactivate(OSSL_PROVIDER *prov)
{
- int ref = 0;
-
if (!ossl_assert(prov != NULL))
return 0;
- if (CRYPTO_DOWN_REF(&prov->activatecnt, &ref, prov->activatecnt_lock) <= 0)
+ if (!CRYPTO_THREAD_write_lock(prov->flag_lock))
return 0;
- if (ref < 1) {
- CRYPTO_THREAD_write_lock(prov->flag_lock);
+ if (--prov->activatecnt < 1)
prov->flag_activated = 0;
- CRYPTO_THREAD_unlock(prov->flag_lock);
- }
+
+ CRYPTO_THREAD_unlock(prov->flag_lock);
/* We don't deinit here, that's done in ossl_provider_free() */
return 1;
}
-static int provider_activate(OSSL_PROVIDER *prov)
+static int provider_activate(OSSL_PROVIDER *prov, int flag_lock)
{
- int ref = 0;
-
- if (CRYPTO_UP_REF(&prov->activatecnt, &ref, prov->activatecnt_lock) <= 0)
- return 0;
-
- if (provider_init(prov)) {
- CRYPTO_THREAD_write_lock(prov->flag_lock);
+ if (provider_init(prov, flag_lock)) {
+ if (flag_lock && !CRYPTO_THREAD_write_lock(prov->flag_lock))
+ return 0;
+ prov->activatecnt++;
prov->flag_activated = 1;
- CRYPTO_THREAD_unlock(prov->flag_lock);
+ if (flag_lock)
+ CRYPTO_THREAD_unlock(prov->flag_lock);
return 1;
}
- provider_deactivate(prov);
return 0;
}
{
if (prov == NULL)
return 0;
- if (provider_activate(prov)) {
+ if (provider_activate(prov, 1)) {
if (!retain_fallbacks) {
- CRYPTO_THREAD_write_lock(prov->store->lock);
+ if (!CRYPTO_THREAD_write_lock(prov->store->lock)) {
+ provider_deactivate(prov);
+ return 0;
+ }
prov->store->use_fallbacks = 0;
CRYPTO_THREAD_unlock(prov->store->lock);
}
int activated_fallback_count = 0;
int i;
- CRYPTO_THREAD_read_lock(store->lock);
+ if (!CRYPTO_THREAD_read_lock(store->lock))
+ return;
use_fallbacks = store->use_fallbacks;
CRYPTO_THREAD_unlock(store->lock);
if (!use_fallbacks)
return;
- CRYPTO_THREAD_write_lock(store->lock);
+ if (!CRYPTO_THREAD_write_lock(store->lock))
+ return;
/* Check again, just in case another thread changed it */
use_fallbacks = store->use_fallbacks;
if (!use_fallbacks) {
if (ossl_provider_up_ref(prov)) {
if (prov->flag_fallback) {
- if (provider_activate(prov)) {
- prov->flag_activated_as_fallback = 1;
+ if (provider_activate(prov, 1))
activated_fallback_count++;
- }
}
ossl_provider_free(prov);
}
void *cbdata),
void *cbdata)
{
- int ret = 0, i, j;
+ int ret = 0, curr, max;
struct provider_store_st *store = get_provider_store(ctx);
STACK_OF(OSSL_PROVIDER) *provs = NULL;
* Under lock, grab a copy of the provider list and up_ref each
* provider so that they don't disappear underneath us.
*/
- CRYPTO_THREAD_read_lock(store->lock);
+ if (!CRYPTO_THREAD_read_lock(store->lock))
+ return 0;
provs = sk_OSSL_PROVIDER_dup(store->providers);
if (provs == NULL) {
CRYPTO_THREAD_unlock(store->lock);
return 0;
}
- j = sk_OSSL_PROVIDER_num(provs);
- for (i = 0; i < j; i++)
- if (!ossl_provider_up_ref(sk_OSSL_PROVIDER_value(provs, i)))
+ max = sk_OSSL_PROVIDER_num(provs);
+ /*
+ * We work backwards through the stack so that we can safely delete items
+ * as we go.
+ */
+ for (curr = max - 1; curr >= 0; curr--) {
+ OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr);
+
+ if (!CRYPTO_THREAD_write_lock(prov->flag_lock))
goto err_unlock;
+ if (prov->flag_activated) {
+ if (!ossl_provider_up_ref(prov)){
+ CRYPTO_THREAD_unlock(prov->flag_lock);
+ goto err_unlock;
+ }
+ /*
+ * It's already activated, but we up the activated count to ensure
+ * it remains activated until after we've called the user callback.
+ */
+ if (!provider_activate(prov, 0)) {
+ ossl_provider_free(prov);
+ CRYPTO_THREAD_unlock(prov->flag_lock);
+ goto err_unlock;
+ }
+ } else {
+ sk_OSSL_PROVIDER_delete(provs, curr);
+ max--;
+ }
+ CRYPTO_THREAD_unlock(prov->flag_lock);
+ }
CRYPTO_THREAD_unlock(store->lock);
/*
* Now, we sweep through all providers not under lock
*/
- for (j = 0; j < i; j++) {
- OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, j);
+ for (curr = 0; curr < max; curr++) {
+ OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr);
- if (prov->flag_activated && !cb(prov, cbdata))
+ if (!cb(prov, cbdata))
goto finish;
}
+ curr = -1;
ret = 1;
goto finish;
err_unlock:
CRYPTO_THREAD_unlock(store->lock);
finish:
- /* The pop_free call doesn't do what we want on an error condition */
- for (j = 0; j < i; j++)
- ossl_provider_free(sk_OSSL_PROVIDER_value(provs, j));
+ /*
+ * The pop_free call doesn't do what we want on an error condition. We
+ * either start from the first item in the stack, or part way through if
+ * we only processed some of the items.
+ */
+ for (curr++; curr < max; curr++) {
+ OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(provs, curr);
+
+ provider_deactivate(prov);
+ ossl_provider_free(prov);
+ }
sk_OSSL_PROVIDER_free(provs);
return ret;
}
int ossl_provider_available(OSSL_PROVIDER *prov)
{
+ int ret;
+
if (prov != NULL) {
provider_activate_fallbacks(prov->store);
- return prov->flag_activated;
+ if (!CRYPTO_THREAD_read_lock(prov->flag_lock))
+ return 0;
+ ret = prov->flag_activated;
+ CRYPTO_THREAD_unlock(prov->flag_lock);
+ return ret;
}
return 0;
}
OSSL_LIB_CTX *ossl_provider_libctx(const OSSL_PROVIDER *prov)
{
- /* TODO(3.0) just: return prov->libctx; */
return prov != NULL ? prov->libctx : NULL;
}
return 1;
ret = prov->self_test(prov->provctx);
if (ret == 0)
- evp_method_store_flush(ossl_provider_libctx(prov));
+ (void)evp_method_store_flush(ossl_provider_libctx(prov));
return ret;
}
size_t byte = bitnum / 8;
unsigned char bit = (1 << (bitnum % 8)) & 0xFF;
- CRYPTO_THREAD_write_lock(provider->opbits_lock);
+ if (!CRYPTO_THREAD_write_lock(provider->opbits_lock))
+ return 0;
if (provider->operation_bits_sz <= byte) {
unsigned char *tmp = OPENSSL_realloc(provider->operation_bits,
byte + 1);
}
*result = 0;
- CRYPTO_THREAD_read_lock(provider->opbits_lock);
+ if (!CRYPTO_THREAD_read_lock(provider->opbits_lock))
+ return 0;
if (provider->operation_bits_sz > byte)
*result = ((provider->operation_bits[byte] & bit) != 0);
CRYPTO_THREAD_unlock(provider->opbits_lock);
*/
OSSL_PROVIDER *prov = (OSSL_PROVIDER *)handle;
- return (OPENSSL_CORE_CTX *)ossl_provider_libctx(prov);
+ /*
+ * Using ossl_provider_libctx would be wrong as that returns
+ * NULL for |prov| == NULL and NULL libctx has a special meaning
+ * that does not apply here. Here |prov| == NULL can happen only in
+ * case of a coding error.
+ */
+ assert(prov != NULL);
+ return (OPENSSL_CORE_CTX *)prov->libctx;
}
static int core_thread_start(const OSSL_CORE_HANDLE *handle,
*/
#ifndef FIPS_MODULE
/*
- * TODO(3.0) These error functions should use |handle| to select the proper
- * library context to report in the correct error stack, at least if error
+ * These error functions should use |handle| to select the proper
+ * library context to report in the correct error stack if error
* stacks become tied to the library context.
* We cannot currently do that since there's no support for it in the
* ERR subsystem.