]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/provider_core.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Suppress loading the FIPS module in evp_test
[thirdparty/openssl.git] / crypto / provider_core.c
CommitLineData
4c2883a9
RL		 1/*
2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <openssl/core.h>
11#include <openssl/core_numbers.h>
ac1055ef 12#include <openssl/params.h>
4c2883a9 13#include <openssl/opensslv.h>
da747958 14#include "internal/cryptlib_int.h"
c41f3ae0 15#include "internal/nelem.h"
4c2883a9
RL		 16#include "internal/thread_once.h"
17#include "internal/provider.h"
18#include "internal/refcount.h"
c41f3ae0
RL		 19#include "provider_local.h"
20
21static OSSL_PROVIDER *provider_new(const char *name,
22 OSSL_provider_init_fn *init_function);
4c2883a9
RL		 23
24/*-
25 * Provider Object structure
26 * =========================
27 */
28
ac1055ef
RL		 29typedef struct {
30 char *name;
31 char *value;
32} INFOPAIR;
33DEFINE_STACK_OF(INFOPAIR)
34
4c2883a9
RL		 35struct provider_store_st; /* Forward declaration */
36
37struct ossl_provider_st {
38 /* Flag bits */
39 unsigned int flag_initialized:1;
e55008a9 40 unsigned int flag_fallback:1;
4c2883a9
RL		 41
42 /* OpenSSL library side data */
43 CRYPTO_REF_COUNT refcnt;
085bef9f 44 CRYPTO_RWLOCK *refcnt_lock; /* For the ref counter */
4c2883a9 45 char *name;
ac1055ef 46 char *path;
4c2883a9
RL		 47 DSO *module;
48 OSSL_provider_init_fn *init_function;
ac1055ef 49 STACK_OF(INFOPAIR) *parameters;
e7706e63 50 OPENSSL_CTX *libctx; /* The library context this instance is in */
e55008a9 51 struct provider_store_st *store; /* The store this instance belongs to */
6592ab81
RL		 52#ifndef FIPS_MODE
53 /*
54 * In the FIPS module inner provider, this isn't needed, since the
55 * error upcalls are always direct calls to the outer provider.
56 */
6ebc2f56 57 int error_lib; /* ERR library number, one for each provider */
6592ab81 58# ifndef OPENSSL_NO_ERR
6ebc2f56 59 ERR_STRING_DATA *error_strings; /* Copy of what the provider gives us */
6592ab81 60# endif
6ebc2f56 61#endif
4c2883a9
RL		 62
63 /* Provider side functions */
64 OSSL_provider_teardown_fn *teardown;
65 OSSL_provider_get_param_types_fn *get_param_types;
66 OSSL_provider_get_params_fn *get_params;
099bd339 67 OSSL_provider_query_operation_fn *query_operation;
a39eb840
RL		 68
69 /* Provider side data */
70 void *provctx;
4c2883a9
RL		 71};
72DEFINE_STACK_OF(OSSL_PROVIDER)
73
74static int ossl_provider_cmp(const OSSL_PROVIDER * const *a,
75 const OSSL_PROVIDER * const *b)
76{
77 return strcmp((*a)->name, (*b)->name);
78}
79
80/*-
81 * Provider Object store
82 * =====================
83 *
84 * The Provider Object store is a library context object, and therefore needs
85 * an index.
86 */
87
88struct provider_store_st {
89 STACK_OF(OSSL_PROVIDER) *providers;
90 CRYPTO_RWLOCK *lock;
e55008a9 91 unsigned int use_fallbacks:1;
4c2883a9 92};
4c2883a9
RL		 93
94static void provider_store_free(void *vstore)
95{
96 struct provider_store_st *store = vstore;
97
98 if (store == NULL)
99 return;
100 sk_OSSL_PROVIDER_pop_free(store->providers, ossl_provider_free);
101 CRYPTO_THREAD_lock_free(store->lock);
102 OPENSSL_free(store);
103}
104
1aedc35f 105static void *provider_store_new(OPENSSL_CTX *ctx)
4c2883a9
RL		 106{
107 struct provider_store_st *store = OPENSSL_zalloc(sizeof(*store));
c41f3ae0 108 const struct predefined_providers_st *p = NULL;
4c2883a9
RL		 109
110 if (store == NULL
111 || (store->providers = sk_OSSL_PROVIDER_new(ossl_provider_cmp)) == NULL
112 || (store->lock = CRYPTO_THREAD_lock_new()) == NULL) {
113 provider_store_free(store);
e55008a9 114 return NULL;
4c2883a9 115 }
e55008a9 116 store->use_fallbacks = 1;
c41f3ae0
RL		 117
118 for (p = predefined_providers; p->name != NULL; p++) {
119 OSSL_PROVIDER *prov = NULL;
120
121 /*
122 * We use the internal constructor directly here,
123 * otherwise we get a call loop
124 */
125 prov = provider_new(p->name, p->init);
126
127 if (prov == NULL
128 || sk_OSSL_PROVIDER_push(store->providers, prov) == 0) {
129 ossl_provider_free(prov);
130 provider_store_free(store);
131 CRYPTOerr(CRYPTO_F_PROVIDER_STORE_NEW, ERR_R_INTERNAL_ERROR);
132 return NULL;
133 }
e7706e63 134 prov->libctx = ctx;
c41f3ae0 135 prov->store = store;
6592ab81 136#ifndef FIPS_MODE
6ebc2f56 137 prov->error_lib = ERR_get_next_error_library();
6592ab81 138#endif
c41f3ae0
RL		 139 if(p->is_fallback)
140 ossl_provider_set_fallback(prov);
141 }
142
4c2883a9
RL		 143 return store;
144}
145
146static const OPENSSL_CTX_METHOD provider_store_method = {
147 provider_store_new,
148 provider_store_free,
149};
150
4c2883a9
RL		 151static struct provider_store_st *get_provider_store(OPENSSL_CTX *libctx)
152{
153 struct provider_store_st *store = NULL;
154
1aedc35f
MC		 155 store = openssl_ctx_get_data(libctx, OPENSSL_CTX_PROVIDER_STORE_INDEX,
156 &provider_store_method);
4c2883a9
RL		 157 if (store == NULL)
158 CRYPTOerr(CRYPTO_F_GET_PROVIDER_STORE, ERR_R_INTERNAL_ERROR);
159 return store;
160}
161
4c2883a9
RL		 162OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
163{
164 struct provider_store_st *store = NULL;
165 OSSL_PROVIDER *prov = NULL;
166
167 if ((store = get_provider_store(libctx)) != NULL) {
168 OSSL_PROVIDER tmpl = { 0, };
169 int i;
170
171 tmpl.name = (char *)name;
172 CRYPTO_THREAD_write_lock(store->lock);
173 if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
174 || (prov = sk_OSSL_PROVIDER_value(store->providers, i)) == NULL
7c95390e 175 || !ossl_provider_up_ref(prov))
4c2883a9
RL		 176 prov = NULL;
177 CRYPTO_THREAD_unlock(store->lock);
178 }
179
180 return prov;
181}
182
c41f3ae0
RL		 183/*-
184 * Provider Object methods
185 * =======================
186 */
187
188static OSSL_PROVIDER *provider_new(const char *name,
189 OSSL_provider_init_fn *init_function)
190{
191 OSSL_PROVIDER *prov = NULL;
192
193 if ((prov = OPENSSL_zalloc(sizeof(*prov))) == NULL
194#ifndef HAVE_ATOMICS
195 || (prov->refcnt_lock = CRYPTO_THREAD_lock_new()) == NULL
196#endif
7c95390e 197 || !ossl_provider_up_ref(prov) /* +1 One reference to be returned */
c41f3ae0
RL		 198 || (prov->name = OPENSSL_strdup(name)) == NULL) {
199 ossl_provider_free(prov);
200 CRYPTOerr(CRYPTO_F_PROVIDER_NEW, ERR_R_MALLOC_FAILURE);
201 return NULL;
202 }
203
204 prov->init_function = init_function;
205 return prov;
206}
207
7c95390e 208int ossl_provider_up_ref(OSSL_PROVIDER *prov)
c41f3ae0
RL		 209{
210 int ref = 0;
211
ad14e8e5
SL		 212 if (CRYPTO_UP_REF(&prov->refcnt, &ref, prov->refcnt_lock) <= 0)
213 return 0;
c41f3ae0
RL		 214 return ref;
215}
216
4c2883a9
RL		 217OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
218 OSSL_provider_init_fn *init_function)
219{
220 struct provider_store_st *store = NULL;
221 OSSL_PROVIDER *prov = NULL;
222
223 if ((store = get_provider_store(libctx)) == NULL)
224 return NULL;
225
226 if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
227 ossl_provider_free(prov); /* refcount -1 */
49c64346
RL		 228 ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL,
229 "name=%s", name);
4c2883a9
RL		 230 return NULL;
231 }
232
c41f3ae0
RL		 233 /* provider_new() generates an error, so no need here */
234 if ((prov = provider_new(name, init_function)) == NULL)
4c2883a9 235 return NULL;
4c2883a9
RL		 236
237 CRYPTO_THREAD_write_lock(store->lock);
7c95390e 238 if (!ossl_provider_up_ref(prov)) { /* +1 One reference for the store */
4c2883a9
RL		 239 ossl_provider_free(prov); /* -1 Reference that was to be returned */
240 prov = NULL;
241 } else if (sk_OSSL_PROVIDER_push(store->providers, prov) == 0) {
242 ossl_provider_free(prov); /* -1 Store reference */
243 ossl_provider_free(prov); /* -1 Reference that was to be returned */
244 prov = NULL;
e55008a9 245 } else {
e7706e63 246 prov->libctx = libctx;
e55008a9 247 prov->store = store;
6592ab81 248#ifndef FIPS_MODE
6ebc2f56 249 prov->error_lib = ERR_get_next_error_library();
6592ab81 250#endif
4c2883a9
RL		 251 }
252 CRYPTO_THREAD_unlock(store->lock);
253
254 if (prov == NULL)
255 CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_NEW, ERR_R_MALLOC_FAILURE);
256
257 /*
258 * At this point, the provider is only partially "loaded". To be
259 * fully "loaded", ossl_provider_activate() must also be called.
260 */
261
262 return prov;
263}
264
ac1055ef
RL		 265static void free_infopair(INFOPAIR *pair)
266{
267 OPENSSL_free(pair->name);
268 OPENSSL_free(pair->value);
269 OPENSSL_free(pair);
270}
271
4c2883a9
RL		 272void ossl_provider_free(OSSL_PROVIDER *prov)
273{
274 if (prov != NULL) {
275 int ref = 0;
276
085bef9f 277 CRYPTO_DOWN_REF(&prov->refcnt, &ref, prov->refcnt_lock);
4c2883a9
RL		 278
279 /*
e55008a9
RL		 280 * When the refcount drops below two, the store is the only
281 * possible reference, or it has already been taken away from
282 * the store (this may happen if a provider was activated
283 * because it's a fallback, but isn't currently used)
4c2883a9
RL		 284 * When that happens, the provider is inactivated.
285 */
e55008a9 286 if (ref < 2 && prov->flag_initialized) {
6913f5fe
MC		 287#ifndef FIPS_MODE
288 ossl_init_thread_deregister(prov);
289#endif
4c2883a9 290 if (prov->teardown != NULL)
a39eb840 291 prov->teardown(prov->provctx);
6ebc2f56
RL		 292#ifndef OPENSSL_NO_ERR
293# ifndef FIPS_MODE
294 if (prov->error_strings != NULL) {
295 ERR_unload_strings(prov->error_lib, prov->error_strings);
296 OPENSSL_free(prov->error_strings);
297 prov->error_strings = NULL;
298 }
299# endif
300#endif
4c2883a9
RL		 301 prov->flag_initialized = 0;
302 }
303
304 /*
305 * When the refcount drops to zero, it has been taken out of
306 * the store. All we have to do here is clean it out.
307 */
308 if (ref == 0) {
3593266d 309#ifndef FIPS_MODE
4c2883a9 310 DSO_free(prov->module);
3593266d 311#endif
4c2883a9 312 OPENSSL_free(prov->name);
ac1055ef
RL		 313 OPENSSL_free(prov->path);
314 sk_INFOPAIR_pop_free(prov->parameters, free_infopair);
085bef9f
RL		 315#ifndef HAVE_ATOMICS
316 CRYPTO_THREAD_lock_free(prov->refcnt_lock);
317#endif
4c2883a9
RL		 318 OPENSSL_free(prov);
319 }
320 }
321}
322
ac1055ef
RL		 323/* Setters */
324int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path)
325{
326 OPENSSL_free(prov->path);
327 if (module_path == NULL)
328 return 1;
329 if ((prov->path = OPENSSL_strdup(module_path)) != NULL)
330 return 1;
331 CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_SET_MODULE_PATH, ERR_R_MALLOC_FAILURE);
332 return 0;
333}
334
335int ossl_provider_add_parameter(OSSL_PROVIDER *prov,
336 const char *name, const char *value)
337{
338 INFOPAIR *pair = NULL;
339
340 if ((pair = OPENSSL_zalloc(sizeof(*pair))) != NULL
341 && (prov->parameters != NULL
342 || (prov->parameters = sk_INFOPAIR_new_null()) != NULL)
343 && (pair->name = OPENSSL_strdup(name)) != NULL
344 && (pair->value = OPENSSL_strdup(value)) != NULL
345 && sk_INFOPAIR_push(prov->parameters, pair) > 0)
346 return 1;
347
348 if (pair != NULL) {
349 OPENSSL_free(pair->name);
350 OPENSSL_free(pair->value);
351 OPENSSL_free(pair);
352 }
353 CRYPTOerr(CRYPTO_F_OSSL_PROVIDER_ADD_PARAMETER, ERR_R_MALLOC_FAILURE);
354 return 0;
355}
356
4c2883a9
RL		 357/*
358 * Provider activation.
359 *
360 * What "activation" means depends on the provider form; for built in
361 * providers (in the library or the application alike), the provider
362 * can already be considered to be loaded, all that's needed is to
363 * initialize it. However, for dynamically loadable provider modules,
364 * we must first load that module.
365 *
366 * Built in modules are distinguished from dynamically loaded modules
367 * with an already assigned init function.
368 */
369static const OSSL_DISPATCH *core_dispatch; /* Define further down */
370
e55008a9
RL		 371/*
372 * Internal version that doesn't affect the store flags, and thereby avoid
373 * locking. Direct callers must remember to set the store flags when
e7706e63 374 * appropriate.
e55008a9 375 */
e7706e63 376static int provider_activate(OSSL_PROVIDER *prov)
4c2883a9
RL		 377{
378 const OSSL_DISPATCH *provider_dispatch = NULL;
6ebc2f56 379#ifndef OPENSSL_NO_ERR
6592ab81 380# ifndef FIPS_MODE
6ebc2f56 381 OSSL_provider_get_reason_strings_fn *p_get_reason_strings = NULL;
6592ab81 382# endif
6ebc2f56 383#endif
4c2883a9
RL		 384
385 if (prov->flag_initialized)
386 return 1;
387
388 /*
389 * If the init function isn't set, it indicates that this provider is
390 * a loadable module.
391 */
392 if (prov->init_function == NULL) {
3593266d
MC		 393#ifdef FIPS_MODE
394 return 0;
395#else
4c2883a9 396 if (prov->module == NULL) {
ac1055ef
RL		 397 char *allocated_path = NULL;
398 const char *module_path = NULL;
399 char *merged_path = NULL;
4c2883a9
RL		 400 const char *load_dir = ossl_safe_getenv("OPENSSL_MODULES");
401
402 if ((prov->module = DSO_new()) == NULL) {
403 /* DSO_new() generates an error already */
404 return 0;
405 }
406
407 if (load_dir == NULL)
408 load_dir = MODULESDIR;
409
410 DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS,
411 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
ac1055ef
RL		 412
413 module_path = prov->path;
414 if (module_path == NULL)
415 module_path = allocated_path =
416 DSO_convert_filename(prov->module, prov->name);
417 if (module_path != NULL)
418 merged_path = DSO_merge(prov->module, module_path, load_dir);
419
420 if (merged_path == NULL
421 || (DSO_load(prov->module, merged_path, NULL, 0)) == NULL) {
4c2883a9
RL		 422 DSO_free(prov->module);
423 prov->module = NULL;
424 }
425
ac1055ef
RL		 426 OPENSSL_free(merged_path);
427 OPENSSL_free(allocated_path);
4c2883a9
RL		 428 }
429
430 if (prov->module != NULL)
431 prov->init_function = (OSSL_provider_init_fn *)
432 DSO_bind_func(prov->module, "OSSL_provider_init");
3593266d 433#endif
4c2883a9
RL		 434 }
435
e7706e63 436 /* Call the initialise function for the provider. */
4c2883a9 437 if (prov->init_function == NULL
a39eb840
RL		 438 || !prov->init_function(prov, core_dispatch, &provider_dispatch,
439 &prov->provctx)) {
49c64346
RL		 440 ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_INIT_FAIL, NULL,
441 "name=%s", prov->name);
3593266d 442#ifndef FIPS_MODE
4c2883a9
RL		 443 DSO_free(prov->module);
444 prov->module = NULL;
3593266d 445#endif
4c2883a9
RL		 446 return 0;
447 }
448
449 for (; provider_dispatch->function_id != 0; provider_dispatch++) {
450 switch (provider_dispatch->function_id) {
451 case OSSL_FUNC_PROVIDER_TEARDOWN:
452 prov->teardown =
453 OSSL_get_provider_teardown(provider_dispatch);
454 break;
455 case OSSL_FUNC_PROVIDER_GET_PARAM_TYPES:
456 prov->get_param_types =
457 OSSL_get_provider_get_param_types(provider_dispatch);
458 break;
459 case OSSL_FUNC_PROVIDER_GET_PARAMS:
460 prov->get_params =
461 OSSL_get_provider_get_params(provider_dispatch);
462 break;
099bd339
RL		 463 case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
464 prov->query_operation =
465 OSSL_get_provider_query_operation(provider_dispatch);
466 break;
6ebc2f56 467#ifndef OPENSSL_NO_ERR
6592ab81 468# ifndef FIPS_MODE
6ebc2f56
RL		 469 case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
470 p_get_reason_strings =
471 OSSL_get_provider_get_reason_strings(provider_dispatch);
472 break;
6592ab81 473# endif
6ebc2f56
RL		 474#endif
475 }
476 }
477
478#ifndef OPENSSL_NO_ERR
6592ab81 479# ifndef FIPS_MODE
6ebc2f56
RL		 480 if (p_get_reason_strings != NULL) {
481 const OSSL_ITEM *reasonstrings = p_get_reason_strings(prov->provctx);
482 size_t cnt, cnt2;
483
484 /*
485 * ERR_load_strings() handles ERR_STRING_DATA rather than OSSL_ITEM,
486 * although they are essentially the same type.
487 * Furthermore, ERR_load_strings() patches the array's error number
488 * with the error library number, so we need to make a copy of that
489 * array either way.
490 */
491 cnt = 1; /* One for the terminating item */
492 while (reasonstrings[cnt].id != 0) {
493 if (ERR_GET_LIB(reasonstrings[cnt].id) != 0)
494 return 0;
495 cnt++;
496 }
497
498 /* Allocate one extra item for the "library" name */
499 prov->error_strings =
500 OPENSSL_zalloc(sizeof(ERR_STRING_DATA) * (cnt + 1));
501 if (prov->error_strings == NULL)
502 return 0;
503
504 /*
505 * Set the "library" name.
506 */
507 prov->error_strings[0].error = ERR_PACK(prov->error_lib, 0, 0);
508 prov->error_strings[0].string = prov->name;
509 /*
510 * Copy reasonstrings item 0..cnt-1 to prov->error_trings positions
511 * 1..cnt.
512 */
513 for (cnt2 = 1; cnt2 <= cnt; cnt2++) {
514 prov->error_strings[cnt2].error = (int)reasonstrings[cnt2-1].id;
515 prov->error_strings[cnt2].string = reasonstrings[cnt2-1].ptr;
4c2883a9 516 }
6ebc2f56
RL		 517
518 ERR_load_strings(prov->error_lib, prov->error_strings);
4c2883a9 519 }
6592ab81 520# endif
6ebc2f56 521#endif
4c2883a9
RL		 522
523 /* With this flag set, this provider has become fully "loaded". */
524 prov->flag_initialized = 1;
525
526 return 1;
527}
528
e55008a9
RL		 529int ossl_provider_activate(OSSL_PROVIDER *prov)
530{
e7706e63 531 if (provider_activate(prov)) {
e55008a9
RL		 532 CRYPTO_THREAD_write_lock(prov->store->lock);
533 prov->store->use_fallbacks = 0;
534 CRYPTO_THREAD_unlock(prov->store->lock);
535 return 1;
536 }
537
538 return 0;
539}
540
a39eb840
RL		 541void *ossl_provider_ctx(const OSSL_PROVIDER *prov)
542{
543 return prov->provctx;
544}
545
e55008a9
RL		 546
547static int provider_forall_loaded(struct provider_store_st *store,
548 int *found_activated,
549 int (*cb)(OSSL_PROVIDER *provider,
550 void *cbdata),
551 void *cbdata)
552{
553 int i;
554 int ret = 1;
555 int num_provs = sk_OSSL_PROVIDER_num(store->providers);
556
557 if (found_activated != NULL)
558 *found_activated = 0;
559 for (i = 0; i < num_provs; i++) {
560 OSSL_PROVIDER *prov =
561 sk_OSSL_PROVIDER_value(store->providers, i);
562
563 if (prov->flag_initialized) {
564 if (found_activated != NULL)
565 *found_activated = 1;
566 if (!(ret = cb(prov, cbdata)))
567 break;
568 }
569 }
570
571 return ret;
572}
573
36f5ec55
RL		 574/*
575 * This function only does something once when store->use_fallbacks == 1,
576 * and then sets store->use_fallbacks = 0, so the second call and so on is
577 * effectively a no-op.
578 */
579static void provider_activate_fallbacks(struct provider_store_st *store)
580{
581 if (store->use_fallbacks) {
582 int num_provs = sk_OSSL_PROVIDER_num(store->providers);
583 int activated_fallback_count = 0;
584 int i;
585
586 for (i = 0; i < num_provs; i++) {
587 OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(store->providers, i);
588
589 /*
590 * Note that we don't care if the activation succeeds or not.
591 * If it doesn't succeed, then any attempt to use any of the
592 * fallback providers will fail anyway.
593 */
594 if (prov->flag_fallback) {
595 activated_fallback_count++;
596 provider_activate(prov);
597 }
598 }
599
600 /*
601 * We assume that all fallbacks have been added to the store before
602 * any fallback is activated.
603 * TODO: We may have to reconsider this, IF we find ourselves adding
604 * fallbacks after any previous fallback has been activated.
605 */
606 if (activated_fallback_count > 0)
607 store->use_fallbacks = 0;
608 }
609}
610
85e2417c
RL		 611int ossl_provider_forall_loaded(OPENSSL_CTX *ctx,
612 int (*cb)(OSSL_PROVIDER *provider,
613 void *cbdata),
614 void *cbdata)
615{
616 int ret = 1;
85e2417c
RL		 617 struct provider_store_st *store = get_provider_store(ctx);
618
619 if (store != NULL) {
620 CRYPTO_THREAD_read_lock(store->lock);
36f5ec55
RL		 621
622 provider_activate_fallbacks(store);
85e2417c 623
e55008a9 624 /*
36f5ec55 625 * Now, we sweep through all providers
e55008a9 626 */
36f5ec55 627 ret = provider_forall_loaded(store, NULL, cb, cbdata);
e55008a9 628
85e2417c
RL		 629 CRYPTO_THREAD_unlock(store->lock);
630 }
631
632 return ret;
633}
634
36f5ec55
RL		 635int ossl_provider_available(OSSL_PROVIDER *prov)
636{
637 if (prov != NULL) {
638 CRYPTO_THREAD_read_lock(prov->store->lock);
639 provider_activate_fallbacks(prov->store);
640 CRYPTO_THREAD_unlock(prov->store->lock);
641
642 return prov->flag_initialized;
643 }
644 return 0;
645}
646
e55008a9
RL		 647/* Setters of Provider Object data */
648int ossl_provider_set_fallback(OSSL_PROVIDER *prov)
649{
650 if (prov == NULL)
651 return 0;
652
653 prov->flag_fallback = 1;
654 return 1;
655}
656
4c2883a9 657/* Getters of Provider Object data */
24626a47 658const char *ossl_provider_name(const OSSL_PROVIDER *prov)
4c2883a9
RL		 659{
660 return prov->name;
661}
662
24626a47 663const DSO *ossl_provider_dso(const OSSL_PROVIDER *prov)
4c2883a9
RL		 664{
665 return prov->module;
666}
667
24626a47 668const char *ossl_provider_module_name(const OSSL_PROVIDER *prov)
4c2883a9 669{
3593266d
MC		 670#ifdef FIPS_MODE
671 return NULL;
672#else
4c2883a9 673 return DSO_get_filename(prov->module);
3593266d 674#endif
4c2883a9
RL		 675}
676
24626a47 677const char *ossl_provider_module_path(const OSSL_PROVIDER *prov)
4c2883a9 678{
3593266d
MC		 679#ifdef FIPS_MODE
680 return NULL;
681#else
4c2883a9
RL		 682 /* FIXME: Ensure it's a full path */
683 return DSO_get_filename(prov->module);
3593266d 684#endif
4c2883a9
RL		 685}
686
687/* Wrappers around calls to the provider */
688void ossl_provider_teardown(const OSSL_PROVIDER *prov)
689{
690 if (prov->teardown != NULL)
a39eb840 691 prov->teardown(prov->provctx);
4c2883a9
RL		 692}
693
26175013 694const OSSL_PARAM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov)
4c2883a9 695{
a39eb840
RL		 696 return prov->get_param_types == NULL
697 ? NULL : prov->get_param_types(prov->provctx);
4c2883a9
RL		 698}
699
4e7991b4 700int ossl_provider_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
4c2883a9 701{
a39eb840
RL		 702 return prov->get_params == NULL
703 ? 0 : prov->get_params(prov->provctx, params);
4c2883a9
RL		 704}
705
099bd339
RL		 706
707const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
708 int operation_id,
709 int *no_cache)
710{
a39eb840 711 return prov->query_operation(prov->provctx, operation_id, no_cache);
099bd339
RL		 712}
713
4c2883a9
RL		 714/*-
715 * Core functions for the provider
716 * ===============================
717 *
718 * This is the set of functions that the core makes available to the provider
719 */
720
721/*
722 * This returns a list of Provider Object parameters with their types, for
723 * discovery. We do not expect that many providers will use this, but one
724 * never knows.
725 */
26175013
RL		 726static const OSSL_PARAM param_types[] = {
727 OSSL_PARAM_DEFN("openssl-verstion", OSSL_PARAM_UTF8_PTR, NULL, 0),
728 OSSL_PARAM_DEFN("provider-name", OSSL_PARAM_UTF8_PTR, NULL, 0),
729 OSSL_PARAM_END
4c2883a9
RL		 730};
731
49c64346
RL		 732/*
733 * Forward declare all the functions that are provided aa dispatch.
734 * This ensures that the compiler will complain if they aren't defined
735 * with the correct signature.
736 */
737static OSSL_core_get_param_types_fn core_get_param_types;
738static OSSL_core_get_params_fn core_get_params;
739static OSSL_core_thread_start_fn core_thread_start;
740static OSSL_core_get_library_context_fn core_get_libctx;
741#ifndef FIPS_MODE
742static OSSL_core_new_error_fn core_new_error;
743static OSSL_core_set_error_debug_fn core_set_error_debug;
744static OSSL_core_vset_error_fn core_vset_error;
745#endif
746
26175013 747static const OSSL_PARAM *core_get_param_types(const OSSL_PROVIDER *prov)
4c2883a9
RL		 748{
749 return param_types;
750}
751
4e7991b4 752static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
4c2883a9
RL		 753{
754 int i;
4e7991b4 755 OSSL_PARAM *p;
4c2883a9 756
ac1055ef
RL		 757 if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL)
758 OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR);
759 if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
760 OSSL_PARAM_set_utf8_ptr(p, prov->name);
761
762 if (prov->parameters == NULL)
763 return 1;
764
765 for (i = 0; i < sk_INFOPAIR_num(prov->parameters); i++) {
766 INFOPAIR *pair = sk_INFOPAIR_value(prov->parameters, i);
767
768 if ((p = OSSL_PARAM_locate(params, pair->name)) != NULL)
769 OSSL_PARAM_set_utf8_ptr(p, pair->value);
4c2883a9
RL		 770 }
771
772 return 1;
773}
774
e7706e63
RL		 775static OPENSSL_CTX *core_get_libctx(const OSSL_PROVIDER *prov)
776{
777 return prov->libctx;
778}
779
da747958
MC		 780static int core_thread_start(const OSSL_PROVIDER *prov,
781 OSSL_thread_stop_handler_fn handfn)
782{
6913f5fe 783 return ossl_init_thread_start(prov, prov->provctx, handfn);
da747958
MC		 784}
785
6592ab81
RL		 786/*
787 * The FIPS module inner provider doesn't implement these. They aren't
788 * needed there, since the FIPS module upcalls are always the outer provider
789 * ones.
790 */
791#ifndef FIPS_MODE
49c64346
RL		 792/*
793 * TODO(3.0) These error functions should use |prov| to select the proper
794 * library context to report in the correct error stack, at least if error
795 * stacks become tied to the library context.
796 * We cannot currently do that since there's no support for it in the
797 * ERR subsystem.
798 */
799static void core_new_error(const OSSL_PROVIDER *prov)
800{
801 ERR_new();
802}
803
804static void core_set_error_debug(const OSSL_PROVIDER *prov,
805 const char *file, int line, const char *func)
806{
807 ERR_set_debug(file, line, func);
808}
809
810static void core_vset_error(const OSSL_PROVIDER *prov,
811 uint32_t reason, const char *fmt, va_list args)
6ebc2f56
RL		 812{
813 /*
814 * If the uppermost 8 bits are non-zero, it's an OpenSSL library
815 * error and will be treated as such. Otherwise, it's a new style
816 * provider error and will be treated as such.
817 */
818 if (ERR_GET_LIB(reason) != 0) {
49c64346 819 ERR_vset_error(ERR_GET_LIB(reason), ERR_GET_REASON(reason), fmt, args);
6ebc2f56 820 } else {
49c64346 821 ERR_vset_error(prov->error_lib, (int)reason, fmt, args);
6ebc2f56
RL		 822 }
823}
6592ab81 824#endif
6ebc2f56 825
b60cba3c
RS		 826/*
827 * Functions provided by the core. Blank line separates "families" of related
828 * functions.
829 */
4c2883a9
RL		 830static const OSSL_DISPATCH core_dispatch_[] = {
831 { OSSL_FUNC_CORE_GET_PARAM_TYPES, (void (*)(void))core_get_param_types },
832 { OSSL_FUNC_CORE_GET_PARAMS, (void (*)(void))core_get_params },
e7706e63 833 { OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT, (void (*)(void))core_get_libctx },
da747958 834 { OSSL_FUNC_CORE_THREAD_START, (void (*)(void))core_thread_start },
6592ab81 835#ifndef FIPS_MODE
49c64346
RL		 836 { OSSL_FUNC_CORE_NEW_ERROR, (void (*)(void))core_new_error },
837 { OSSL_FUNC_CORE_SET_ERROR_DEBUG, (void (*)(void))core_set_error_debug },
838 { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error },
6592ab81 839#endif
b60cba3c
RS		 840
841 { OSSL_FUNC_CRYPTO_MALLOC, (void (*)(void))CRYPTO_malloc },
842 { OSSL_FUNC_CRYPTO_ZALLOC, (void (*)(void))CRYPTO_zalloc },
b60cba3c
RS		 843 { OSSL_FUNC_CRYPTO_FREE, (void (*)(void))CRYPTO_free },
844 { OSSL_FUNC_CRYPTO_CLEAR_FREE, (void (*)(void))CRYPTO_clear_free },
845 { OSSL_FUNC_CRYPTO_REALLOC, (void (*)(void))CRYPTO_realloc },
846 { OSSL_FUNC_CRYPTO_CLEAR_REALLOC, (void (*)(void))CRYPTO_clear_realloc },
847 { OSSL_FUNC_CRYPTO_SECURE_MALLOC, (void (*)(void))CRYPTO_secure_malloc },
848 { OSSL_FUNC_CRYPTO_SECURE_ZALLOC, (void (*)(void))CRYPTO_secure_zalloc },
849 { OSSL_FUNC_CRYPTO_SECURE_FREE, (void (*)(void))CRYPTO_secure_free },
850 { OSSL_FUNC_CRYPTO_SECURE_CLEAR_FREE,
851 (void (*)(void))CRYPTO_secure_clear_free },
852 { OSSL_FUNC_CRYPTO_SECURE_ALLOCATED,
853 (void (*)(void))CRYPTO_secure_allocated },
854 { OSSL_FUNC_OPENSSL_CLEANSE, (void (*)(void))OPENSSL_cleanse },
b60cba3c 855
4c2883a9
RL		 856 { 0, NULL }
857};
858static const OSSL_DISPATCH *core_dispatch = core_dispatch_;
A mirror of the official openssl repository