]>
Commit | Line | Data |
---|---|---|
abbc2c40 | 1 | /* |
8020d79b | 2 | * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. |
abbc2c40 RL |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <string.h> | |
11 | #include <openssl/trace.h> | |
12 | #include <openssl/err.h> | |
13 | #include <openssl/conf.h> | |
14 | #include <openssl/safestack.h> | |
15 | #include "internal/provider.h" | |
460d2fbc | 16 | #include "internal/cryptlib.h" |
352d482a | 17 | #include "provider_local.h" |
abbc2c40 | 18 | |
852c2ed2 | 19 | DEFINE_STACK_OF(OSSL_PROVIDER) |
852c2ed2 | 20 | |
abbc2c40 RL |
21 | /* PROVIDER config module */ |
22 | ||
460d2fbc MC |
23 | typedef struct { |
24 | STACK_OF(OSSL_PROVIDER) *activated_providers; | |
25 | } PROVIDER_CONF_GLOBAL; | |
26 | ||
27 | static void *prov_conf_ossl_ctx_new(OSSL_LIB_CTX *libctx) | |
28 | { | |
29 | PROVIDER_CONF_GLOBAL *pcgbl = OPENSSL_zalloc(sizeof(*pcgbl)); | |
30 | ||
31 | if (pcgbl == NULL) | |
32 | return NULL; | |
33 | ||
34 | return pcgbl; | |
35 | } | |
36 | ||
37 | static void prov_conf_ossl_ctx_free(void *vpcgbl) | |
38 | { | |
39 | PROVIDER_CONF_GLOBAL *pcgbl = vpcgbl; | |
40 | ||
41 | sk_OSSL_PROVIDER_pop_free(pcgbl->activated_providers, | |
42 | ossl_provider_free); | |
43 | ||
44 | OSSL_TRACE(CONF, "Cleaned up providers\n"); | |
45 | OPENSSL_free(pcgbl); | |
46 | } | |
47 | ||
48 | static const OSSL_LIB_CTX_METHOD provider_conf_ossl_ctx_method = { | |
a16d2174 | 49 | /* Must be freed before the provider store is freed */ |
8c627075 | 50 | OSSL_LIB_CTX_METHOD_PRIORITY_2, |
460d2fbc MC |
51 | prov_conf_ossl_ctx_new, |
52 | prov_conf_ossl_ctx_free, | |
53 | }; | |
abbc2c40 RL |
54 | |
55 | static const char *skip_dot(const char *name) | |
56 | { | |
57 | const char *p = strchr(name, '.'); | |
58 | ||
59 | if (p != NULL) | |
60 | return p + 1; | |
61 | return name; | |
62 | } | |
63 | ||
64 | static int provider_conf_params(OSSL_PROVIDER *prov, | |
b7248964 | 65 | OSSL_PROVIDER_INFO *provinfo, |
abbc2c40 RL |
66 | const char *name, const char *value, |
67 | const CONF *cnf) | |
68 | { | |
69 | STACK_OF(CONF_VALUE) *sect; | |
70 | int ok = 1; | |
71 | ||
abbc2c40 RL |
72 | sect = NCONF_get_section(cnf, value); |
73 | if (sect != NULL) { | |
74 | int i; | |
75 | char buffer[512]; | |
76 | size_t buffer_len = 0; | |
77 | ||
71849dff RL |
78 | OSSL_TRACE1(CONF, "Provider params: start section %s\n", value); |
79 | ||
abbc2c40 RL |
80 | if (name != NULL) { |
81 | OPENSSL_strlcpy(buffer, name, sizeof(buffer)); | |
82 | OPENSSL_strlcat(buffer, ".", sizeof(buffer)); | |
83 | buffer_len = strlen(buffer); | |
84 | } | |
85 | ||
86 | for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { | |
87 | CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i); | |
88 | ||
89 | if (buffer_len + strlen(sectconf->name) >= sizeof(buffer)) | |
90 | return 0; | |
91 | buffer[buffer_len] = '\0'; | |
92 | OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer)); | |
352d482a MC |
93 | if (!provider_conf_params(prov, provinfo, buffer, sectconf->value, |
94 | cnf)) | |
abbc2c40 RL |
95 | return 0; |
96 | } | |
71849dff RL |
97 | |
98 | OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value); | |
abbc2c40 | 99 | } else { |
71849dff | 100 | OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value); |
352d482a MC |
101 | if (prov != NULL) |
102 | ok = ossl_provider_add_parameter(prov, name, value); | |
103 | else | |
104 | ok = ossl_provider_info_add_parameter(provinfo, name, value); | |
abbc2c40 RL |
105 | } |
106 | ||
107 | return ok; | |
108 | } | |
109 | ||
b4250010 | 110 | static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, |
abbc2c40 RL |
111 | const char *value, const CONF *cnf) |
112 | { | |
113 | int i; | |
114 | STACK_OF(CONF_VALUE) *ecmds; | |
115 | int soft = 0; | |
59a783d0 | 116 | OSSL_PROVIDER *prov = NULL, *actual = NULL; |
abbc2c40 RL |
117 | const char *path = NULL; |
118 | long activate = 0; | |
119 | int ok = 0; | |
460d2fbc MC |
120 | PROVIDER_CONF_GLOBAL *pcgbl |
121 | = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX, | |
122 | &provider_conf_ossl_ctx_method); | |
abbc2c40 RL |
123 | |
124 | name = skip_dot(name); | |
71849dff | 125 | OSSL_TRACE1(CONF, "Configuring provider %s\n", name); |
abbc2c40 RL |
126 | /* Value is a section containing PROVIDER commands */ |
127 | ecmds = NCONF_get_section(cnf, value); | |
128 | ||
129 | if (!ecmds) { | |
a150f8e1 RL |
130 | ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, |
131 | "section=%s not found", value); | |
abbc2c40 RL |
132 | return 0; |
133 | } | |
134 | ||
135 | /* Find the needed data first */ | |
136 | for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) { | |
137 | CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i); | |
138 | const char *confname = skip_dot(ecmd->name); | |
139 | const char *confvalue = ecmd->value; | |
140 | ||
71849dff | 141 | OSSL_TRACE2(CONF, "Provider command: %s = %s\n", |
abbc2c40 RL |
142 | confname, confvalue); |
143 | ||
144 | /* First handle some special pseudo confs */ | |
145 | ||
146 | /* Override provider name to use */ | |
147 | if (strcmp(confname, "identity") == 0) | |
148 | name = confvalue; | |
149 | else if (strcmp(confname, "soft_load") == 0) | |
150 | soft = 1; | |
151 | /* Load a dynamic PROVIDER */ | |
152 | else if (strcmp(confname, "module") == 0) | |
153 | path = confvalue; | |
154 | else if (strcmp(confname, "activate") == 0) | |
155 | activate = 1; | |
156 | } | |
157 | ||
352d482a | 158 | if (activate) { |
123ed334 MC |
159 | /* |
160 | * There is an attempt to activate a provider, so we should disable | |
161 | * loading of fallbacks. Otherwise a misconfiguration could mean the | |
162 | * intended provider does not get loaded. Subsequent fetches could then | |
163 | * fallback to the default provider - which may be the wrong thing. | |
164 | */ | |
165 | if (!ossl_provider_disable_fallback_loading(libctx)) { | |
166 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR); | |
167 | return 0; | |
168 | } | |
352d482a MC |
169 | prov = ossl_provider_find(libctx, name, 1); |
170 | if (prov == NULL) | |
171 | prov = ossl_provider_new(libctx, name, NULL, 1); | |
172 | if (prov == NULL) { | |
173 | if (soft) | |
174 | ERR_clear_error(); | |
175 | return 0; | |
176 | } | |
abbc2c40 | 177 | |
352d482a MC |
178 | if (path != NULL) |
179 | ossl_provider_set_module_path(prov, path); | |
abbc2c40 | 180 | |
352d482a | 181 | ok = provider_conf_params(prov, NULL, NULL, value, cnf); |
abbc2c40 | 182 | |
352d482a | 183 | if (ok) { |
814c2018 | 184 | if (!ossl_provider_activate(prov, 1, 0)) { |
352d482a | 185 | ok = 0; |
59a783d0 | 186 | } else if (!ossl_provider_add_to_store(prov, &actual, 0)) { |
29aff653 MC |
187 | ossl_provider_deactivate(prov); |
188 | ok = 0; | |
352d482a MC |
189 | } else { |
190 | if (pcgbl->activated_providers == NULL) | |
191 | pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null(); | |
59a783d0 | 192 | sk_OSSL_PROVIDER_push(pcgbl->activated_providers, actual); |
352d482a MC |
193 | ok = 1; |
194 | } | |
abbc2c40 | 195 | } |
abbc2c40 | 196 | |
29aff653 | 197 | if (!ok) |
352d482a MC |
198 | ossl_provider_free(prov); |
199 | } else { | |
b7248964 | 200 | OSSL_PROVIDER_INFO entry; |
352d482a MC |
201 | |
202 | memset(&entry, 0, sizeof(entry)); | |
203 | ok = 1; | |
204 | if (name != NULL) { | |
205 | entry.name = OPENSSL_strdup(name); | |
206 | if (entry.name == NULL) { | |
207 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); | |
208 | ok = 0; | |
209 | } | |
210 | } | |
211 | if (ok && path != NULL) { | |
212 | entry.path = OPENSSL_strdup(path); | |
213 | if (entry.path == NULL) { | |
214 | ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE); | |
215 | ok = 0; | |
216 | } | |
217 | } | |
218 | if (ok) | |
219 | ok = provider_conf_params(NULL, &entry, NULL, value, cnf); | |
220 | if (ok && (entry.path != NULL || entry.parameters != NULL)) | |
221 | ok = ossl_provider_info_add_to_store(libctx, &entry); | |
222 | if (!ok || (entry.path == NULL && entry.parameters == NULL)) { | |
223 | ossl_provider_info_clear(&entry); | |
224 | } | |
225 | ||
226 | } | |
abbc2c40 | 227 | |
123ed334 MC |
228 | /* |
229 | * Even if ok is 0, we still return success. Failure to load a provider is | |
230 | * not fatal. We want to continue to load the rest of the config file. | |
231 | */ | |
232 | return 1; | |
abbc2c40 RL |
233 | } |
234 | ||
235 | static int provider_conf_init(CONF_IMODULE *md, const CONF *cnf) | |
236 | { | |
237 | STACK_OF(CONF_VALUE) *elist; | |
238 | CONF_VALUE *cval; | |
239 | int i; | |
240 | ||
71849dff RL |
241 | OSSL_TRACE1(CONF, "Loading providers module: section %s\n", |
242 | CONF_imodule_get_value(md)); | |
243 | ||
abbc2c40 RL |
244 | /* Value is a section containing PROVIDERs to configure */ |
245 | elist = NCONF_get_section(cnf, CONF_imodule_get_value(md)); | |
246 | ||
247 | if (!elist) { | |
9311d0c4 | 248 | ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR); |
abbc2c40 RL |
249 | return 0; |
250 | } | |
251 | ||
252 | for (i = 0; i < sk_CONF_VALUE_num(elist); i++) { | |
253 | cval = sk_CONF_VALUE_value(elist, i); | |
6b750b89 RS |
254 | if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf), |
255 | cval->name, cval->value, cnf)) | |
abbc2c40 RL |
256 | return 0; |
257 | } | |
258 | ||
259 | return 1; | |
260 | } | |
261 | ||
abbc2c40 RL |
262 | void ossl_provider_add_conf_module(void) |
263 | { | |
71849dff | 264 | OSSL_TRACE(CONF, "Adding config module 'providers'\n"); |
460d2fbc | 265 | CONF_module_add("providers", provider_conf_init, NULL); |
abbc2c40 | 266 | } |