]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/context.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Raise an error on syscall failure in tls_retry_write_records
[thirdparty/openssl.git] / crypto / context.c
1 /*
2 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include "crypto/cryptlib.h"
11 #include <openssl/conf.h>
12 #include "internal/thread_once.h"
13 #include "internal/property.h"
14 #include "internal/core.h"
15 #include "internal/bio.h"
16 #include "internal/provider.h"
17 #include "crypto/decoder.h"
18 #include "crypto/context.h"
19
20 struct ossl_lib_ctx_st {
21 CRYPTO_RWLOCK *lock, *rand_crngt_lock;
22 OSSL_EX_DATA_GLOBAL global;
23
24 void *property_string_data;
25 void *evp_method_store;
26 void *provider_store;
27 void *namemap;
28 void *property_defns;
29 void *global_properties;
30 void *drbg;
31 void *drbg_nonce;
32 CRYPTO_THREAD_LOCAL rcu_local_key;
33 #ifndef FIPS_MODULE
34 void *provider_conf;
35 void *bio_core;
36 void *child_provider;
37 OSSL_METHOD_STORE *decoder_store;
38 void *decoder_cache;
39 OSSL_METHOD_STORE *encoder_store;
40 OSSL_METHOD_STORE *store_loader_store;
41 void *self_test_cb;
42 #endif
43 #if defined(OPENSSL_THREADS)
44 void *threads;
45 #endif
46 void *rand_crngt;
47 #ifdef FIPS_MODULE
48 void *thread_event_handler;
49 void *fips_prov;
50 #endif
51
52 unsigned int ischild:1;
53 };
54
55 int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx)
56 {
57 return CRYPTO_THREAD_write_lock(ossl_lib_ctx_get_concrete(ctx)->lock);
58 }
59
60 int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx)
61 {
62 return CRYPTO_THREAD_read_lock(ossl_lib_ctx_get_concrete(ctx)->lock);
63 }
64
65 int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx)
66 {
67 return CRYPTO_THREAD_unlock(ossl_lib_ctx_get_concrete(ctx)->lock);
68 }
69
70 int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx)
71 {
72 ctx = ossl_lib_ctx_get_concrete(ctx);
73
74 if (ctx == NULL)
75 return 0;
76 return ctx->ischild;
77 }
78
79 static void context_deinit_objs(OSSL_LIB_CTX *ctx);
80
81 static int context_init(OSSL_LIB_CTX *ctx)
82 {
83 int exdata_done = 0;
84
85 if (!CRYPTO_THREAD_init_local(&ctx->rcu_local_key, NULL))
86 return 0;
87
88 ctx->lock = CRYPTO_THREAD_lock_new();
89 if (ctx->lock == NULL)
90 goto err;
91
92 ctx->rand_crngt_lock = CRYPTO_THREAD_lock_new();
93 if (ctx->rand_crngt_lock == NULL)
94 goto err;
95
96 /* Initialize ex_data. */
97 if (!ossl_do_ex_data_init(ctx))
98 goto err;
99 exdata_done = 1;
100
101 /* P2. We want evp_method_store to be cleaned up before the provider store */
102 ctx->evp_method_store = ossl_method_store_new(ctx);
103 if (ctx->evp_method_store == NULL)
104 goto err;
105
106 #ifndef FIPS_MODULE
107 /* P2. Must be freed before the provider store is freed */
108 ctx->provider_conf = ossl_prov_conf_ctx_new(ctx);
109 if (ctx->provider_conf == NULL)
110 goto err;
111 #endif
112
113 /* P2. */
114 ctx->drbg = ossl_rand_ctx_new(ctx);
115 if (ctx->drbg == NULL)
116 goto err;
117
118 #ifndef FIPS_MODULE
119 /*
120 * P2. We want decoder_store/decoder_cache to be cleaned up before the
121 * provider store
122 */
123 ctx->decoder_store = ossl_method_store_new(ctx);
124 if (ctx->decoder_store == NULL)
125 goto err;
126 ctx->decoder_cache = ossl_decoder_cache_new(ctx);
127 if (ctx->decoder_cache == NULL)
128 goto err;
129
130 /* P2. We want encoder_store to be cleaned up before the provider store */
131 ctx->encoder_store = ossl_method_store_new(ctx);
132 if (ctx->encoder_store == NULL)
133 goto err;
134
135 /* P2. We want loader_store to be cleaned up before the provider store */
136 ctx->store_loader_store = ossl_method_store_new(ctx);
137 if (ctx->store_loader_store == NULL)
138 goto err;
139 #endif
140
141 /* P1. Needs to be freed before the child provider data is freed */
142 ctx->provider_store = ossl_provider_store_new(ctx);
143 if (ctx->provider_store == NULL)
144 goto err;
145
146 /* Default priority. */
147 ctx->property_string_data = ossl_property_string_data_new(ctx);
148 if (ctx->property_string_data == NULL)
149 goto err;
150
151 ctx->namemap = ossl_stored_namemap_new(ctx);
152 if (ctx->namemap == NULL)
153 goto err;
154
155 ctx->property_defns = ossl_property_defns_new(ctx);
156 if (ctx->property_defns == NULL)
157 goto err;
158
159 ctx->global_properties = ossl_ctx_global_properties_new(ctx);
160 if (ctx->global_properties == NULL)
161 goto err;
162
163 #ifndef FIPS_MODULE
164 ctx->bio_core = ossl_bio_core_globals_new(ctx);
165 if (ctx->bio_core == NULL)
166 goto err;
167 #endif
168
169 ctx->drbg_nonce = ossl_prov_drbg_nonce_ctx_new(ctx);
170 if (ctx->drbg_nonce == NULL)
171 goto err;
172
173 #ifndef FIPS_MODULE
174 ctx->self_test_cb = ossl_self_test_set_callback_new(ctx);
175 if (ctx->self_test_cb == NULL)
176 goto err;
177 #endif
178
179 #ifdef FIPS_MODULE
180 ctx->thread_event_handler = ossl_thread_event_ctx_new(ctx);
181 if (ctx->thread_event_handler == NULL)
182 goto err;
183
184 ctx->fips_prov = ossl_fips_prov_ossl_ctx_new(ctx);
185 if (ctx->fips_prov == NULL)
186 goto err;
187 #endif
188
189 #ifndef OPENSSL_NO_THREAD_POOL
190 ctx->threads = ossl_threads_ctx_new(ctx);
191 if (ctx->threads == NULL)
192 goto err;
193 #endif
194
195 /* Low priority. */
196 #ifndef FIPS_MODULE
197 ctx->child_provider = ossl_child_prov_ctx_new(ctx);
198 if (ctx->child_provider == NULL)
199 goto err;
200 #endif
201
202 /* Everything depends on properties, so we also pre-initialise that */
203 if (!ossl_property_parse_init(ctx))
204 goto err;
205
206 return 1;
207
208 err:
209 context_deinit_objs(ctx);
210
211 if (exdata_done)
212 ossl_crypto_cleanup_all_ex_data_int(ctx);
213
214 CRYPTO_THREAD_lock_free(ctx->rand_crngt_lock);
215 CRYPTO_THREAD_lock_free(ctx->lock);
216 CRYPTO_THREAD_cleanup_local(&ctx->rcu_local_key);
217 memset(ctx, '\0', sizeof(*ctx));
218 return 0;
219 }
220
221 static void context_deinit_objs(OSSL_LIB_CTX *ctx)
222 {
223 /* P2. We want evp_method_store to be cleaned up before the provider store */
224 if (ctx->evp_method_store != NULL) {
225 ossl_method_store_free(ctx->evp_method_store);
226 ctx->evp_method_store = NULL;
227 }
228
229 /* P2. */
230 if (ctx->drbg != NULL) {
231 ossl_rand_ctx_free(ctx->drbg);
232 ctx->drbg = NULL;
233 }
234
235 #ifndef FIPS_MODULE
236 /* P2. */
237 if (ctx->provider_conf != NULL) {
238 ossl_prov_conf_ctx_free(ctx->provider_conf);
239 ctx->provider_conf = NULL;
240 }
241
242 /*
243 * P2. We want decoder_store/decoder_cache to be cleaned up before the
244 * provider store
245 */
246 if (ctx->decoder_store != NULL) {
247 ossl_method_store_free(ctx->decoder_store);
248 ctx->decoder_store = NULL;
249 }
250 if (ctx->decoder_cache != NULL) {
251 ossl_decoder_cache_free(ctx->decoder_cache);
252 ctx->decoder_cache = NULL;
253 }
254
255
256 /* P2. We want encoder_store to be cleaned up before the provider store */
257 if (ctx->encoder_store != NULL) {
258 ossl_method_store_free(ctx->encoder_store);
259 ctx->encoder_store = NULL;
260 }
261
262 /* P2. We want loader_store to be cleaned up before the provider store */
263 if (ctx->store_loader_store != NULL) {
264 ossl_method_store_free(ctx->store_loader_store);
265 ctx->store_loader_store = NULL;
266 }
267 #endif
268
269 /* P1. Needs to be freed before the child provider data is freed */
270 if (ctx->provider_store != NULL) {
271 ossl_provider_store_free(ctx->provider_store);
272 ctx->provider_store = NULL;
273 }
274
275 /* Default priority. */
276 if (ctx->property_string_data != NULL) {
277 ossl_property_string_data_free(ctx->property_string_data);
278 ctx->property_string_data = NULL;
279 }
280
281 if (ctx->namemap != NULL) {
282 ossl_stored_namemap_free(ctx->namemap);
283 ctx->namemap = NULL;
284 }
285
286 if (ctx->property_defns != NULL) {
287 ossl_property_defns_free(ctx->property_defns);
288 ctx->property_defns = NULL;
289 }
290
291 if (ctx->global_properties != NULL) {
292 ossl_ctx_global_properties_free(ctx->global_properties);
293 ctx->global_properties = NULL;
294 }
295
296 #ifndef FIPS_MODULE
297 if (ctx->bio_core != NULL) {
298 ossl_bio_core_globals_free(ctx->bio_core);
299 ctx->bio_core = NULL;
300 }
301 #endif
302
303 if (ctx->drbg_nonce != NULL) {
304 ossl_prov_drbg_nonce_ctx_free(ctx->drbg_nonce);
305 ctx->drbg_nonce = NULL;
306 }
307
308 #ifndef FIPS_MODULE
309 if (ctx->self_test_cb != NULL) {
310 ossl_self_test_set_callback_free(ctx->self_test_cb);
311 ctx->self_test_cb = NULL;
312 }
313 #endif
314
315 if (ctx->rand_crngt != NULL) {
316 ossl_rand_crng_ctx_free(ctx->rand_crngt);
317 ctx->rand_crngt = NULL;
318 }
319
320 #ifdef FIPS_MODULE
321 if (ctx->thread_event_handler != NULL) {
322 ossl_thread_event_ctx_free(ctx->thread_event_handler);
323 ctx->thread_event_handler = NULL;
324 }
325
326 if (ctx->fips_prov != NULL) {
327 ossl_fips_prov_ossl_ctx_free(ctx->fips_prov);
328 ctx->fips_prov = NULL;
329 }
330 #endif
331
332 #ifndef OPENSSL_NO_THREAD_POOL
333 if (ctx->threads != NULL) {
334 ossl_threads_ctx_free(ctx->threads);
335 ctx->threads = NULL;
336 }
337 #endif
338
339 /* Low priority. */
340 #ifndef FIPS_MODULE
341 if (ctx->child_provider != NULL) {
342 ossl_child_prov_ctx_free(ctx->child_provider);
343 ctx->child_provider = NULL;
344 }
345 #endif
346 }
347
348 static int context_deinit(OSSL_LIB_CTX *ctx)
349 {
350 if (ctx == NULL)
351 return 1;
352
353 ossl_ctx_thread_stop(ctx);
354
355 context_deinit_objs(ctx);
356
357 ossl_crypto_cleanup_all_ex_data_int(ctx);
358
359 CRYPTO_THREAD_lock_free(ctx->rand_crngt_lock);
360 CRYPTO_THREAD_lock_free(ctx->lock);
361 ctx->rand_crngt_lock = NULL;
362 ctx->lock = NULL;
363 CRYPTO_THREAD_cleanup_local(&ctx->rcu_local_key);
364 return 1;
365 }
366
367 #ifndef FIPS_MODULE
368 /* The default default context */
369 static OSSL_LIB_CTX default_context_int;
370
371 static CRYPTO_ONCE default_context_init = CRYPTO_ONCE_STATIC_INIT;
372 static CRYPTO_THREAD_LOCAL default_context_thread_local;
373 static int default_context_inited = 0;
374
375 DEFINE_RUN_ONCE_STATIC(default_context_do_init)
376 {
377 if (!CRYPTO_THREAD_init_local(&default_context_thread_local, NULL))
378 goto err;
379
380 if (!context_init(&default_context_int))
381 goto deinit_thread;
382
383 default_context_inited = 1;
384 return 1;
385
386 deinit_thread:
387 CRYPTO_THREAD_cleanup_local(&default_context_thread_local);
388 err:
389 return 0;
390 }
391
392 void ossl_lib_ctx_default_deinit(void)
393 {
394 if (!default_context_inited)
395 return;
396 context_deinit(&default_context_int);
397 CRYPTO_THREAD_cleanup_local(&default_context_thread_local);
398 default_context_inited = 0;
399 }
400
401 static OSSL_LIB_CTX *get_thread_default_context(void)
402 {
403 if (!RUN_ONCE(&default_context_init, default_context_do_init))
404 return NULL;
405
406 return CRYPTO_THREAD_get_local(&default_context_thread_local);
407 }
408
409 static OSSL_LIB_CTX *get_default_context(void)
410 {
411 OSSL_LIB_CTX *current_defctx = get_thread_default_context();
412
413 if (current_defctx == NULL)
414 current_defctx = &default_context_int;
415 return current_defctx;
416 }
417
418 static int set_default_context(OSSL_LIB_CTX *defctx)
419 {
420 if (defctx == &default_context_int)
421 defctx = NULL;
422
423 return CRYPTO_THREAD_set_local(&default_context_thread_local, defctx);
424 }
425 #endif
426
427 OSSL_LIB_CTX *OSSL_LIB_CTX_new(void)
428 {
429 OSSL_LIB_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
430
431 if (ctx != NULL && !context_init(ctx)) {
432 OPENSSL_free(ctx);
433 ctx = NULL;
434 }
435 return ctx;
436 }
437
438 #ifndef FIPS_MODULE
439 OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle,
440 const OSSL_DISPATCH *in)
441 {
442 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
443
444 if (ctx == NULL)
445 return NULL;
446
447 if (!ossl_bio_init_core(ctx, in)) {
448 OSSL_LIB_CTX_free(ctx);
449 return NULL;
450 }
451
452 return ctx;
453 }
454
455 OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle,
456 const OSSL_DISPATCH *in)
457 {
458 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new_from_dispatch(handle, in);
459
460 if (ctx == NULL)
461 return NULL;
462
463 if (!ossl_provider_init_as_child(ctx, handle, in)) {
464 OSSL_LIB_CTX_free(ctx);
465 return NULL;
466 }
467 ctx->ischild = 1;
468
469 return ctx;
470 }
471
472 int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file)
473 {
474 return CONF_modules_load_file_ex(ctx, config_file, NULL, 0) > 0;
475 }
476 #endif
477
478 void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx)
479 {
480 if (ossl_lib_ctx_is_default(ctx))
481 return;
482
483 #ifndef FIPS_MODULE
484 if (ctx->ischild)
485 ossl_provider_deinit_child(ctx);
486 #endif
487 context_deinit(ctx);
488 OPENSSL_free(ctx);
489 }
490
491 #ifndef FIPS_MODULE
492 OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void)
493 {
494 if (!RUN_ONCE(&default_context_init, default_context_do_init))
495 return NULL;
496
497 return &default_context_int;
498 }
499
500 OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)
501 {
502 OSSL_LIB_CTX *current_defctx;
503
504 if ((current_defctx = get_default_context()) != NULL) {
505 if (libctx != NULL)
506 set_default_context(libctx);
507 return current_defctx;
508 }
509
510 return NULL;
511 }
512
513 void ossl_release_default_drbg_ctx(void)
514 {
515 /* early release of the DRBG in global default libctx */
516 if (default_context_int.drbg != NULL) {
517 ossl_rand_ctx_free(default_context_int.drbg);
518 default_context_int.drbg = NULL;
519 }
520 }
521 #endif
522
523 OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx)
524 {
525 #ifndef FIPS_MODULE
526 if (ctx == NULL)
527 return get_default_context();
528 #endif
529 return ctx;
530 }
531
532 int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx)
533 {
534 #ifndef FIPS_MODULE
535 if (ctx == NULL || ctx == get_default_context())
536 return 1;
537 #endif
538 return 0;
539 }
540
541 int ossl_lib_ctx_is_global_default(OSSL_LIB_CTX *ctx)
542 {
543 #ifndef FIPS_MODULE
544 if (ossl_lib_ctx_get_concrete(ctx) == &default_context_int)
545 return 1;
546 #endif
547 return 0;
548 }
549
550 void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
551 {
552 void *p;
553
554 ctx = ossl_lib_ctx_get_concrete(ctx);
555 if (ctx == NULL)
556 return NULL;
557
558 switch (index) {
559 case OSSL_LIB_CTX_PROPERTY_STRING_INDEX:
560 return ctx->property_string_data;
561 case OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX:
562 return ctx->evp_method_store;
563 case OSSL_LIB_CTX_PROVIDER_STORE_INDEX:
564 return ctx->provider_store;
565 case OSSL_LIB_CTX_NAMEMAP_INDEX:
566 return ctx->namemap;
567 case OSSL_LIB_CTX_PROPERTY_DEFN_INDEX:
568 return ctx->property_defns;
569 case OSSL_LIB_CTX_GLOBAL_PROPERTIES:
570 return ctx->global_properties;
571 case OSSL_LIB_CTX_DRBG_INDEX:
572 return ctx->drbg;
573 case OSSL_LIB_CTX_DRBG_NONCE_INDEX:
574 return ctx->drbg_nonce;
575 #ifndef FIPS_MODULE
576 case OSSL_LIB_CTX_PROVIDER_CONF_INDEX:
577 return ctx->provider_conf;
578 case OSSL_LIB_CTX_BIO_CORE_INDEX:
579 return ctx->bio_core;
580 case OSSL_LIB_CTX_CHILD_PROVIDER_INDEX:
581 return ctx->child_provider;
582 case OSSL_LIB_CTX_DECODER_STORE_INDEX:
583 return ctx->decoder_store;
584 case OSSL_LIB_CTX_DECODER_CACHE_INDEX:
585 return ctx->decoder_cache;
586 case OSSL_LIB_CTX_ENCODER_STORE_INDEX:
587 return ctx->encoder_store;
588 case OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX:
589 return ctx->store_loader_store;
590 case OSSL_LIB_CTX_SELF_TEST_CB_INDEX:
591 return ctx->self_test_cb;
592 #endif
593 #ifndef OPENSSL_NO_THREAD_POOL
594 case OSSL_LIB_CTX_THREAD_INDEX:
595 return ctx->threads;
596 #endif
597
598 case OSSL_LIB_CTX_RAND_CRNGT_INDEX: {
599
600 /*
601 * rand_crngt must be lazily initialized because it calls into
602 * libctx, so must not be called from context_init, else a deadlock
603 * will occur.
604 *
605 * We use a separate lock because code called by the instantiation
606 * of rand_crngt is liable to try and take the libctx lock.
607 */
608 if (CRYPTO_THREAD_read_lock(ctx->rand_crngt_lock) != 1)
609 return NULL;
610
611 if (ctx->rand_crngt == NULL) {
612 CRYPTO_THREAD_unlock(ctx->rand_crngt_lock);
613
614 if (CRYPTO_THREAD_write_lock(ctx->rand_crngt_lock) != 1)
615 return NULL;
616
617 if (ctx->rand_crngt == NULL)
618 ctx->rand_crngt = ossl_rand_crng_ctx_new(ctx);
619 }
620
621 p = ctx->rand_crngt;
622
623 CRYPTO_THREAD_unlock(ctx->rand_crngt_lock);
624
625 return p;
626 }
627
628 #ifdef FIPS_MODULE
629 case OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX:
630 return ctx->thread_event_handler;
631
632 case OSSL_LIB_CTX_FIPS_PROV_INDEX:
633 return ctx->fips_prov;
634 #endif
635
636 default:
637 return NULL;
638 }
639 }
640
641 OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx)
642 {
643 ctx = ossl_lib_ctx_get_concrete(ctx);
644 if (ctx == NULL)
645 return NULL;
646 return &ctx->global;
647 }
648
649 const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx)
650 {
651 #ifdef FIPS_MODULE
652 return "FIPS internal library context";
653 #else
654 if (ossl_lib_ctx_is_global_default(libctx))
655 return "Global default library context";
656 if (ossl_lib_ctx_is_default(libctx))
657 return "Thread-local default library context";
658 return "Non-default library context";
659 #endif
660 }
661
662 CRYPTO_THREAD_LOCAL *ossl_lib_ctx_get_rcukey(OSSL_LIB_CTX *libctx)
663 {
664 libctx = ossl_lib_ctx_get_concrete(libctx);
665 if (libctx == NULL)
666 return NULL;
667 return &libctx->rcu_local_key;
668 }
A mirror of the official openssl repository