]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/provider_conf.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
make struct provider_info_st a full type
[thirdparty/openssl.git] / crypto / provider_conf.c
1 /*
2 * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <string.h>
11 #include <openssl/trace.h>
12 #include <openssl/err.h>
13 #include <openssl/conf.h>
14 #include <openssl/safestack.h>
15 #include "internal/provider.h"
16 #include "internal/cryptlib.h"
17 #include "provider_local.h"
18
19 DEFINE_STACK_OF(OSSL_PROVIDER)
20
21 /* PROVIDER config module */
22
23 typedef struct {
24 STACK_OF(OSSL_PROVIDER) *activated_providers;
25 } PROVIDER_CONF_GLOBAL;
26
27 static void *prov_conf_ossl_ctx_new(OSSL_LIB_CTX *libctx)
28 {
29 PROVIDER_CONF_GLOBAL *pcgbl = OPENSSL_zalloc(sizeof(*pcgbl));
30
31 if (pcgbl == NULL)
32 return NULL;
33
34 return pcgbl;
35 }
36
37 static void prov_conf_ossl_ctx_free(void *vpcgbl)
38 {
39 PROVIDER_CONF_GLOBAL *pcgbl = vpcgbl;
40
41 sk_OSSL_PROVIDER_pop_free(pcgbl->activated_providers,
42 ossl_provider_free);
43
44 OSSL_TRACE(CONF, "Cleaned up providers\n");
45 OPENSSL_free(pcgbl);
46 }
47
48 static const OSSL_LIB_CTX_METHOD provider_conf_ossl_ctx_method = {
49 /* Must be freed before the provider store is freed */
50 OSSL_LIB_CTX_METHOD_PRIORITY_2,
51 prov_conf_ossl_ctx_new,
52 prov_conf_ossl_ctx_free,
53 };
54
55 static const char *skip_dot(const char *name)
56 {
57 const char *p = strchr(name, '.');
58
59 if (p != NULL)
60 return p + 1;
61 return name;
62 }
63
64 static int provider_conf_params(OSSL_PROVIDER *prov,
65 OSSL_PROVIDER_INFO *provinfo,
66 const char *name, const char *value,
67 const CONF *cnf)
68 {
69 STACK_OF(CONF_VALUE) *sect;
70 int ok = 1;
71
72 sect = NCONF_get_section(cnf, value);
73 if (sect != NULL) {
74 int i;
75 char buffer[512];
76 size_t buffer_len = 0;
77
78 OSSL_TRACE1(CONF, "Provider params: start section %s\n", value);
79
80 if (name != NULL) {
81 OPENSSL_strlcpy(buffer, name, sizeof(buffer));
82 OPENSSL_strlcat(buffer, ".", sizeof(buffer));
83 buffer_len = strlen(buffer);
84 }
85
86 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
87 CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i);
88
89 if (buffer_len + strlen(sectconf->name) >= sizeof(buffer))
90 return 0;
91 buffer[buffer_len] = '\0';
92 OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer));
93 if (!provider_conf_params(prov, provinfo, buffer, sectconf->value,
94 cnf))
95 return 0;
96 }
97
98 OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value);
99 } else {
100 OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value);
101 if (prov != NULL)
102 ok = ossl_provider_add_parameter(prov, name, value);
103 else
104 ok = ossl_provider_info_add_parameter(provinfo, name, value);
105 }
106
107 return ok;
108 }
109
110 static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
111 const char *value, const CONF *cnf)
112 {
113 int i;
114 STACK_OF(CONF_VALUE) *ecmds;
115 int soft = 0;
116 OSSL_PROVIDER *prov = NULL;
117 const char *path = NULL;
118 long activate = 0;
119 int ok = 0;
120 PROVIDER_CONF_GLOBAL *pcgbl
121 = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX,
122 &provider_conf_ossl_ctx_method);
123
124 name = skip_dot(name);
125 OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
126 /* Value is a section containing PROVIDER commands */
127 ecmds = NCONF_get_section(cnf, value);
128
129 if (!ecmds) {
130 ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
131 "section=%s not found", value);
132 return 0;
133 }
134
135 /* Find the needed data first */
136 for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
137 CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
138 const char *confname = skip_dot(ecmd->name);
139 const char *confvalue = ecmd->value;
140
141 OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
142 confname, confvalue);
143
144 /* First handle some special pseudo confs */
145
146 /* Override provider name to use */
147 if (strcmp(confname, "identity") == 0)
148 name = confvalue;
149 else if (strcmp(confname, "soft_load") == 0)
150 soft = 1;
151 /* Load a dynamic PROVIDER */
152 else if (strcmp(confname, "module") == 0)
153 path = confvalue;
154 else if (strcmp(confname, "activate") == 0)
155 activate = 1;
156 }
157
158 if (activate) {
159 prov = ossl_provider_find(libctx, name, 1);
160 if (prov == NULL)
161 prov = ossl_provider_new(libctx, name, NULL, 1);
162 if (prov == NULL) {
163 if (soft)
164 ERR_clear_error();
165 return 0;
166 }
167
168 if (path != NULL)
169 ossl_provider_set_module_path(prov, path);
170
171 ok = provider_conf_params(prov, NULL, NULL, value, cnf);
172
173 if (ok) {
174 if (!ossl_provider_activate(prov, 1, 0)) {
175 ok = 0;
176 } else if (!ossl_provider_add_to_store(prov, 0)) {
177 ossl_provider_deactivate(prov);
178 ok = 0;
179 } else {
180 if (pcgbl->activated_providers == NULL)
181 pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
182 sk_OSSL_PROVIDER_push(pcgbl->activated_providers, prov);
183 ok = 1;
184 }
185 }
186
187 if (!ok)
188 ossl_provider_free(prov);
189 } else {
190 OSSL_PROVIDER_INFO entry;
191
192 memset(&entry, 0, sizeof(entry));
193 ok = 1;
194 if (name != NULL) {
195 entry.name = OPENSSL_strdup(name);
196 if (entry.name == NULL) {
197 ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
198 ok = 0;
199 }
200 }
201 if (ok && path != NULL) {
202 entry.path = OPENSSL_strdup(path);
203 if (entry.path == NULL) {
204 ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
205 ok = 0;
206 }
207 }
208 if (ok)
209 ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
210 if (ok && (entry.path != NULL || entry.parameters != NULL))
211 ok = ossl_provider_info_add_to_store(libctx, &entry);
212 if (!ok || (entry.path == NULL && entry.parameters == NULL)) {
213 ossl_provider_info_clear(&entry);
214 }
215
216 }
217
218 return ok;
219 }
220
221 static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf)
222 {
223 STACK_OF(CONF_VALUE) *elist;
224 CONF_VALUE *cval;
225 int i;
226
227 OSSL_TRACE1(CONF, "Loading providers module: section %s\n",
228 CONF_imodule_get_value(md));
229
230 /* Value is a section containing PROVIDERs to configure */
231 elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
232
233 if (!elist) {
234 ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR);
235 return 0;
236 }
237
238 for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
239 cval = sk_CONF_VALUE_value(elist, i);
240 if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf),
241 cval->name, cval->value, cnf))
242 return 0;
243 }
244
245 return 1;
246 }
247
248 void ossl_provider_add_conf_module(void)
249 {
250 OSSL_TRACE(CONF, "Adding config module 'providers'\n");
251 CONF_module_add("providers", provider_conf_init, NULL);
252 }
A mirror of the official openssl repository