1 /* crypto/engine/engine_dyn.c */
2 /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
61 #include <openssl/crypto.h>
64 #include <openssl/engine.h>
65 #include <openssl/dso.h>
67 /* Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE loader
68 * should implement the hook-up functions with the following prototypes. */
70 /* Our ENGINE handlers */
71 static int dynamic_init(ENGINE
*e
);
72 static int dynamic_finish(ENGINE
*e
);
73 static int dynamic_ctrl(ENGINE
*e
, int cmd
, long i
, void *p
, void (*f
)());
74 /* Predeclare our context type */
75 typedef struct st_dynamic_data_ctx dynamic_data_ctx
;
76 /* The implementation for the important control command */
77 static int dynamic_load(ENGINE
*e
, dynamic_data_ctx
*ctx
);
79 #define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
80 #define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
81 #define DYNAMIC_CMD_ENGINE_ID (ENGINE_CMD_BASE + 2)
82 #define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
83 #define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 4)
85 /* The constants used when creating the ENGINE */
86 static const char *engine_dynamic_id
= "dynamic";
87 static const char *engine_dynamic_name
= "Dynamic engine loading support";
88 static const ENGINE_CMD_DEFN dynamic_cmd_defns
[] = {
91 "Specifies the path to the new ENGINE shared library",
92 ENGINE_CMD_FLAG_STRING
},
93 {DYNAMIC_CMD_NO_VCHECK
,
95 "Specifies to continue even if version checking fails (boolean)",
96 ENGINE_CMD_FLAG_NUMERIC
},
97 {DYNAMIC_CMD_ENGINE_ID
,
99 "Specifies an ENGINE id name for loading",
100 ENGINE_CMD_FLAG_STRING
},
101 {DYNAMIC_CMD_LIST_ADD
,
103 "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
104 ENGINE_CMD_FLAG_NUMERIC
},
107 "Load up the ENGINE specified by other settings",
108 ENGINE_CMD_FLAG_NO_INPUT
},
112 /* Loading code stores state inside the ENGINE structure via the "ex_data"
113 * element. We load all our state into a single structure and use that as a
114 * single context in the "ex_data" stack. */
115 struct st_dynamic_data_ctx
117 /* The DSO object we load that supplies the ENGINE code */
119 /* The function pointer to the version checking shared library function */
120 dynamic_v_check_fn v_check
;
121 /* The function pointer to the engine-binding shared library function */
122 dynamic_bind_engine bind_engine
;
123 /* The default name/path for loading the shared library */
124 const char *DYNAMIC_LIBNAME
;
125 /* Whether to continue loading on a version check failure */
127 /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
128 const char *engine_id
;
129 /* If non-zero, a successfully loaded ENGINE should be added to the internal
130 * ENGINE list. If 2, the add must succeed or the entire load should fail. */
132 /* The symbol name for the version checking function */
133 const char *DYNAMIC_F1
;
134 /* The symbol name for the "initialise ENGINE structure" function */
135 const char *DYNAMIC_F2
;
138 /* This is the "ex_data" index we obtain and reserve for use with our context
140 static int dynamic_ex_data_idx
= -1;
142 /* Because our ex_data element may or may not get allocated depending on whether
143 * a "first-use" occurs before the ENGINE is freed, we have a memory leak
144 * problem to solve. We can't declare a "new" handler for the ex_data as we
145 * don't want a dynamic_data_ctx in *all* ENGINE structures of all types (this
146 * is a bug in the design of CRYPTO_EX_DATA). As such, we just declare a "free"
147 * handler and that will get called if an ENGINE is being destroyed and there
148 * was an ex_data element corresponding to our context type. */
149 static void dynamic_data_ctx_free_func(void *parent
, void *ptr
,
150 CRYPTO_EX_DATA
*ad
, int idx
, long argl
, void *argp
)
154 dynamic_data_ctx
*ctx
= (dynamic_data_ctx
*)ptr
;
156 DSO_free(ctx
->dynamic_dso
);
161 /* Construct the per-ENGINE context. We create it blindly and then use a lock to
162 * check for a race - if so, all but one of the threads "racing" will have
163 * wasted their time. The alternative involves creating everything inside the
164 * lock which is far worse. */
165 static int dynamic_set_data_ctx(ENGINE
*e
, dynamic_data_ctx
**ctx
)
168 c
= OPENSSL_malloc(sizeof(dynamic_data_ctx
));
171 ENGINEerr(ENGINE_F_SET_DATA_CTX
,ERR_R_MALLOC_FAILURE
);
174 memset(c
, 0, sizeof(dynamic_data_ctx
));
175 c
->dynamic_dso
= NULL
;
177 c
->bind_engine
= NULL
;
178 c
->DYNAMIC_LIBNAME
= NULL
;
181 c
->list_add_value
= 0;
182 c
->DYNAMIC_F1
= "v_check";
183 c
->DYNAMIC_F2
= "bind_engine";
184 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE
);
185 if((*ctx
= (dynamic_data_ctx
*)ENGINE_get_ex_data(e
,
186 dynamic_ex_data_idx
)) == NULL
)
188 /* Good, we're the first */
189 ENGINE_set_ex_data(e
, dynamic_ex_data_idx
, c
);
193 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE
);
194 /* If we lost the race to set the context, c is non-NULL and *ctx is the
195 * context of the thread that won. */
201 /* This function retrieves the context structure from an ENGINE's "ex_data", or
202 * if it doesn't exist yet, sets it up. */
203 static dynamic_data_ctx
*dynamic_get_data_ctx(ENGINE
*e
)
205 dynamic_data_ctx
*ctx
;
206 if(dynamic_ex_data_idx
< 0)
208 /* Create and register the ENGINE ex_data, and associate our
209 * "free" function with it to ensure any allocated contexts get
210 * freed when an ENGINE goes underground. */
211 int new_idx
= ENGINE_get_ex_new_index(0, NULL
, NULL
, NULL
,
212 dynamic_data_ctx_free_func
);
215 ENGINEerr(ENGINE_F_DYNAMIC_GET_DATA_CTX
,ENGINE_R_NO_INDEX
);
218 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE
);
219 /* Avoid a race by checking again inside this lock */
220 if(dynamic_ex_data_idx
< 0)
222 /* Good, someone didn't beat us to it */
223 dynamic_ex_data_idx
= new_idx
;
226 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE
);
227 /* In theory we could "give back" the index here if
228 * (new_idx>-1), but it's not possible and wouldn't gain us much
231 ctx
= (dynamic_data_ctx
*)ENGINE_get_ex_data(e
, dynamic_ex_data_idx
);
232 /* Check if the context needs to be created */
233 if((ctx
== NULL
) && !dynamic_set_data_ctx(e
, &ctx
))
234 /* "set_data" will set errors if necessary */
239 /* As this is only ever called once, there's no need for locking
240 * (indeed - the lock will already be held by our caller!!!) */
241 ENGINE
*ENGINE_dynamic(void)
243 ENGINE
*ret
= ENGINE_new();
246 if(!ENGINE_set_id(ret
, engine_dynamic_id
) ||
247 !ENGINE_set_name(ret
, engine_dynamic_name
) ||
248 !ENGINE_set_init_function(ret
, dynamic_init
) ||
249 !ENGINE_set_finish_function(ret
, dynamic_finish
) ||
250 !ENGINE_set_ctrl_function(ret
, dynamic_ctrl
) ||
251 !ENGINE_set_flags(ret
, ENGINE_FLAGS_BY_ID_COPY
) ||
252 !ENGINE_set_cmd_defns(ret
, dynamic_cmd_defns
))
260 static int dynamic_init(ENGINE
*e
)
262 /* We always return failure - the "dyanamic" engine itself can't be used
267 static int dynamic_finish(ENGINE
*e
)
269 /* This should never be called on account of "dynamic_init" always
274 static int dynamic_ctrl(ENGINE
*e
, int cmd
, long i
, void *p
, void (*f
)())
276 dynamic_data_ctx
*ctx
= dynamic_get_data_ctx(e
);
281 ENGINEerr(ENGINE_F_DYNAMIC_CTRL
,ENGINE_R_NOT_LOADED
);
284 initialised
= ((ctx
->dynamic_dso
== NULL
) ? 0 : 1);
285 /* All our control commands require the ENGINE to be uninitialised */
288 ENGINEerr(ENGINE_F_DYNAMIC_CTRL
,
289 ENGINE_R_ALREADY_LOADED
);
294 case DYNAMIC_CMD_SO_PATH
:
295 /* a NULL 'p' or a string of zero-length is the same thing */
296 if(p
&& (strlen((const char *)p
) < 1))
298 ctx
->DYNAMIC_LIBNAME
= (const char *)p
;
300 case DYNAMIC_CMD_NO_VCHECK
:
301 ctx
->no_vcheck
= ((i
== 0) ? 0 : 1);
303 case DYNAMIC_CMD_ENGINE_ID
:
304 /* a NULL 'p' or a string of zero-length is the same thing */
305 if(p
&& (strlen((const char *)p
) < 1))
307 ctx
->engine_id
= (const char *)p
;
309 case DYNAMIC_CMD_LIST_ADD
:
310 if((i
< 0) || (i
> 2))
312 ENGINEerr(ENGINE_F_DYNAMIC_CTRL
,
313 ENGINE_R_INVALID_ARGUMENT
);
316 ctx
->list_add_value
= (int)i
;
318 case DYNAMIC_CMD_LOAD
:
319 return dynamic_load(e
, ctx
);
323 ENGINEerr(ENGINE_F_DYNAMIC_CTRL
,ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED
);
327 static int dynamic_load(ENGINE
*e
, dynamic_data_ctx
*ctx
)
332 if(!ctx
->DYNAMIC_LIBNAME
|| ((ctx
->dynamic_dso
= DSO_load(NULL
,
333 ctx
->DYNAMIC_LIBNAME
, NULL
, 0)) == NULL
))
335 ENGINEerr(ENGINE_F_DYNAMIC_LOAD
,
336 ENGINE_R_DSO_NOT_FOUND
);
339 /* We have to find a bind function otherwise it'll always end badly */
340 if(!(ctx
->bind_engine
= (dynamic_bind_engine
)DSO_bind_func(
341 ctx
->dynamic_dso
, ctx
->DYNAMIC_F2
)))
343 ctx
->bind_engine
= NULL
;
344 DSO_free(ctx
->dynamic_dso
);
345 ctx
->dynamic_dso
= NULL
;
346 ENGINEerr(ENGINE_F_DYNAMIC_LOAD
,
347 ENGINE_R_DSO_FAILURE
);
350 /* Do we perform version checking? */
353 unsigned long vcheck_res
= 0;
354 /* Now we try to find a version checking function and decide how
355 * to cope with failure if/when it fails. */
356 ctx
->v_check
= (dynamic_v_check_fn
)DSO_bind_func(
357 ctx
->dynamic_dso
, ctx
->DYNAMIC_F1
);
359 vcheck_res
= ctx
->v_check(OSSL_DYNAMIC_VERSION
);
360 /* We fail if the version checker veto'd the load *or* if it is
361 * deferring to us (by returning its version) and we think it is
363 if(vcheck_res
< OSSL_DYNAMIC_OLDEST
)
366 ctx
->bind_engine
= NULL
;
368 DSO_free(ctx
->dynamic_dso
);
369 ctx
->dynamic_dso
= NULL
;
370 ENGINEerr(ENGINE_F_DYNAMIC_LOAD
,
371 ENGINE_R_VERSION_INCOMPATIBILITY
);
375 /* First binary copy the ENGINE structure so that we can roll back if
376 * the hand-over fails */
377 memcpy(&cpy
, e
, sizeof(ENGINE
));
378 /* Provide the ERR, "ex_data", memory, and locking callbacks so the
379 * loaded library uses our state rather than its own. FIXME: As noted in
380 * engine.h, much of this would be simplified if each area of code
381 * provided its own "summary" structure of all related callbacks. It
382 * would also increase opaqueness. */
383 fns
.err_fns
= ERR_get_implementation();
384 fns
.ex_data_fns
= CRYPTO_get_ex_data_implementation();
385 CRYPTO_get_mem_functions(&fns
.mem_fns
.malloc_cb
,
386 &fns
.mem_fns
.realloc_cb
,
387 &fns
.mem_fns
.free_cb
);
388 fns
.lock_fns
.lock_locking_cb
= CRYPTO_get_locking_callback();
389 fns
.lock_fns
.lock_add_lock_cb
= CRYPTO_get_add_lock_callback();
390 fns
.lock_fns
.dynlock_create_cb
= CRYPTO_get_dynlock_create_callback();
391 fns
.lock_fns
.dynlock_lock_cb
= CRYPTO_get_dynlock_lock_callback();
392 fns
.lock_fns
.dynlock_destroy_cb
= CRYPTO_get_dynlock_destroy_callback();
393 /* Try to bind the ENGINE onto our own ENGINE structure */
394 if(!ctx
->bind_engine(e
, ctx
->engine_id
, &fns
))
396 ctx
->bind_engine
= NULL
;
398 DSO_free(ctx
->dynamic_dso
);
399 ctx
->dynamic_dso
= NULL
;
400 ENGINEerr(ENGINE_F_DYNAMIC_LOAD
,ENGINE_R_INIT_FAILED
);
401 /* Copy the original ENGINE structure back */
402 memcpy(e
, &cpy
, sizeof(ENGINE
));
405 /* Do we try to add this ENGINE to the internal list too? */
406 if(ctx
->list_add_value
> 0)
410 /* Do we tolerate this or fail? */
411 if(ctx
->list_add_value
> 1)
413 /* Fail - NB: By this time, it's too late to
414 * rollback, and trying to do so allows the
415 * bind_engine() code to have created leaks. We
416 * just have to fail where we are, after the
417 * ENGINE has changed. */
418 ENGINEerr(ENGINE_F_DYNAMIC_LOAD
,
419 ENGINE_R_CONFLICTING_ENGINE_ID
);