Don't create an OPENSSL_CTX twice

[openssl.git] / providers / fips / fipsprov.c

diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 51246d54992cd371169cd956959af33d2e8c9d06..61729e58172c53a29472ebbbbac5b03b55471906 100644 (file)
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -22,13 +22,44 @@
 #include "internal/evp_int.h"
 #include "internal/provider_algs.h"
 #include "internal/provider_ctx.h"
+#include "internal/providercommon.h"
 
+/*
+ * TODO(3.0): Should these be stored in the provider side provctx? Could they
+ * ever be different from one init to the next? Unfortunately we can't do this
+ * at the moment because c_put_error/c_add_error_vdata do not provide us with
+ * the OPENSSL_CTX as a parameter.
+ */
 /* Functions provided by the core */
 static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
 static OSSL_core_get_params_fn *c_get_params = NULL;
+extern OSSL_core_thread_start_fn *c_thread_start;
+OSSL_core_thread_start_fn *c_thread_start = NULL;
 static OSSL_core_put_error_fn *c_put_error = NULL;
 static OSSL_core_add_error_vdata_fn *c_add_error_vdata = NULL;
 
+typedef struct fips_global_st {
+    const OSSL_PROVIDER *prov;
+} FIPS_GLOBAL;
+
+static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
+{
+    FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
+
+    return fgbl;
+}
+
+static void fips_prov_ossl_ctx_free(void *fgbl)
+{
+    OPENSSL_free(fgbl);
+}
+
+static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
+    fips_prov_ossl_ctx_new,
+    fips_prov_ossl_ctx_free,
+};
+
+
 /* Parameters we provide to the core */
 static const OSSL_ITEM fips_param_types[] = {
     { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME },
@@ -184,6 +215,7 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
                        const OSSL_DISPATCH **out,
                        void **provctx)
 {
+    FIPS_GLOBAL *fgbl;
     OPENSSL_CTX *ctx;
 
     for (; in->function_id != 0; in++) {
@@ -194,6 +226,9 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
         case OSSL_FUNC_CORE_GET_PARAMS:
             c_get_params = OSSL_get_core_get_params(in);
             break;
+        case OSSL_FUNC_CORE_THREAD_START:
+            c_thread_start = OSSL_get_core_thread_start(in);
+            break;
         case OSSL_FUNC_CORE_PUT_ERROR:
             c_put_error = OSSL_get_core_put_error(in);
             break;
@@ -210,6 +245,14 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
     if (ctx == NULL)
         return 0;
 
+    fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
+                                &fips_prov_ossl_ctx_method);
+
+    if (fgbl == NULL)
+        goto err;
+
+    fgbl->prov = provider;
+
     *out = fips_dispatch_table;
     *provctx = ctx;
 
@@ -224,6 +267,10 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
     }
 
     return 1;
+
+ err:
+    OPENSSL_CTX_free(ctx);
+    return 0;
 }
 
 /*
@@ -276,11 +323,13 @@ void ERR_put_error(int lib, int func, int reason, const char *file, int line)
      * so we'll need to come up with something else for them.
      */
     c_put_error(lib, func, reason, file, line);
+    ERR_add_error_data(1, "(in the FIPS module)");
 }
 
 void ERR_add_error_data(int num, ...)
 {
     va_list args;
+
     va_start(args, num);
     ERR_add_error_vdata(num, args);
     va_end(args);
@@ -290,3 +339,14 @@ void ERR_add_error_vdata(int num, va_list args)
 {
     c_add_error_vdata(num, args);
 }
+
+const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
+{
+    FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
+                                             &fips_prov_ossl_ctx_method);
+
+    if (fgbl == NULL)
+        return NULL;
+
+    return fgbl->prov;
+}