xref: /openssl/crypto/provider_child.c (revision da1c088f)
1 /*
2  * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <assert.h>
11 #include <openssl/crypto.h>
12 #include <openssl/core_dispatch.h>
13 #include <openssl/core_names.h>
14 #include <openssl/provider.h>
15 #include <openssl/evp.h>
16 #include "internal/provider.h"
17 #include "internal/cryptlib.h"
18 #include "crypto/evp.h"
19 #include "crypto/context.h"
20 
21 DEFINE_STACK_OF(OSSL_PROVIDER)
22 
23 struct child_prov_globals {
24     const OSSL_CORE_HANDLE *handle;
25     const OSSL_CORE_HANDLE *curr_prov;
26     CRYPTO_RWLOCK *lock;
27     OSSL_FUNC_core_get_libctx_fn *c_get_libctx;
28     OSSL_FUNC_provider_register_child_cb_fn *c_provider_register_child_cb;
29     OSSL_FUNC_provider_deregister_child_cb_fn *c_provider_deregister_child_cb;
30     OSSL_FUNC_provider_name_fn *c_prov_name;
31     OSSL_FUNC_provider_get0_provider_ctx_fn *c_prov_get0_provider_ctx;
32     OSSL_FUNC_provider_get0_dispatch_fn *c_prov_get0_dispatch;
33     OSSL_FUNC_provider_up_ref_fn *c_prov_up_ref;
34     OSSL_FUNC_provider_free_fn *c_prov_free;
35 };
36 
ossl_child_prov_ctx_new(OSSL_LIB_CTX * libctx)37 void *ossl_child_prov_ctx_new(OSSL_LIB_CTX *libctx)
38 {
39     return OPENSSL_zalloc(sizeof(struct child_prov_globals));
40 }
41 
ossl_child_prov_ctx_free(void * vgbl)42 void ossl_child_prov_ctx_free(void *vgbl)
43 {
44     struct child_prov_globals *gbl = vgbl;
45 
46     CRYPTO_THREAD_lock_free(gbl->lock);
47     OPENSSL_free(gbl);
48 }
49 
50 static OSSL_provider_init_fn ossl_child_provider_init;
51 
ossl_child_provider_init(const OSSL_CORE_HANDLE * handle,const OSSL_DISPATCH * in,const OSSL_DISPATCH ** out,void ** provctx)52 static int ossl_child_provider_init(const OSSL_CORE_HANDLE *handle,
53                                     const OSSL_DISPATCH *in,
54                                     const OSSL_DISPATCH **out,
55                                     void **provctx)
56 {
57     OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
58     OSSL_LIB_CTX *ctx;
59     struct child_prov_globals *gbl;
60 
61     for (; in->function_id != 0; in++) {
62         switch (in->function_id) {
63         case OSSL_FUNC_CORE_GET_LIBCTX:
64             c_get_libctx = OSSL_FUNC_core_get_libctx(in);
65             break;
66         default:
67             /* Just ignore anything we don't understand */
68             break;
69         }
70     }
71 
72     if (c_get_libctx == NULL)
73         return 0;
74 
75     /*
76      * We need an OSSL_LIB_CTX but c_get_libctx returns OPENSSL_CORE_CTX. We are
77      * a built-in provider and so we can get away with this cast. Normal
78      * providers can't do this.
79      */
80     ctx = (OSSL_LIB_CTX *)c_get_libctx(handle);
81 
82     gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
83     if (gbl == NULL)
84         return 0;
85 
86     *provctx = gbl->c_prov_get0_provider_ctx(gbl->curr_prov);
87     *out = gbl->c_prov_get0_dispatch(gbl->curr_prov);
88 
89     return 1;
90 }
91 
provider_create_child_cb(const OSSL_CORE_HANDLE * prov,void * cbdata)92 static int provider_create_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
93 {
94     OSSL_LIB_CTX *ctx = cbdata;
95     struct child_prov_globals *gbl;
96     const char *provname;
97     OSSL_PROVIDER *cprov;
98     int ret = 0;
99 
100     gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
101     if (gbl == NULL)
102         return 0;
103 
104     if (!CRYPTO_THREAD_write_lock(gbl->lock))
105         return 0;
106 
107     provname = gbl->c_prov_name(prov);
108 
109     /*
110      * We're operating under a lock so we can store the "current" provider in
111      * the global data.
112      */
113     gbl->curr_prov = prov;
114 
115     if ((cprov = ossl_provider_find(ctx, provname, 1)) != NULL) {
116         /*
117          * We free the newly created ref. We rely on the provider sticking around
118          * in the provider store.
119          */
120         ossl_provider_free(cprov);
121 
122         /*
123          * The provider already exists. It could be a previously created child,
124          * or it could have been explicitly loaded. If explicitly loaded we
125          * ignore it - i.e. we don't start treating it like a child.
126          */
127         if (!ossl_provider_activate(cprov, 0, 1))
128             goto err;
129     } else {
130         /*
131          * Create it - passing 1 as final param so we don't try and recursively
132          * init children
133          */
134         if ((cprov = ossl_provider_new(ctx, provname, ossl_child_provider_init,
135                                        NULL, 1)) == NULL)
136             goto err;
137 
138         if (!ossl_provider_activate(cprov, 0, 0)) {
139             ossl_provider_free(cprov);
140             goto err;
141         }
142 
143         if (!ossl_provider_set_child(cprov, prov)
144             || !ossl_provider_add_to_store(cprov, NULL, 0)) {
145             ossl_provider_deactivate(cprov, 0);
146             ossl_provider_free(cprov);
147             goto err;
148         }
149     }
150 
151     ret = 1;
152  err:
153     CRYPTO_THREAD_unlock(gbl->lock);
154     return ret;
155 }
156 
provider_remove_child_cb(const OSSL_CORE_HANDLE * prov,void * cbdata)157 static int provider_remove_child_cb(const OSSL_CORE_HANDLE *prov, void *cbdata)
158 {
159     OSSL_LIB_CTX *ctx = cbdata;
160     struct child_prov_globals *gbl;
161     const char *provname;
162     OSSL_PROVIDER *cprov;
163 
164     gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
165     if (gbl == NULL)
166         return 0;
167 
168     provname = gbl->c_prov_name(prov);
169     cprov = ossl_provider_find(ctx, provname, 1);
170     if (cprov == NULL)
171         return 0;
172     /*
173      * ossl_provider_find ups the ref count, so we free it again here. We can
174      * rely on the provider store reference count.
175      */
176     ossl_provider_free(cprov);
177     if (ossl_provider_is_child(cprov)
178             && !ossl_provider_deactivate(cprov, 1))
179         return 0;
180 
181     return 1;
182 }
183 
provider_global_props_cb(const char * props,void * cbdata)184 static int provider_global_props_cb(const char *props, void *cbdata)
185 {
186     OSSL_LIB_CTX *ctx = cbdata;
187 
188     return evp_set_default_properties_int(ctx, props, 0, 1);
189 }
190 
ossl_provider_init_as_child(OSSL_LIB_CTX * ctx,const OSSL_CORE_HANDLE * handle,const OSSL_DISPATCH * in)191 int ossl_provider_init_as_child(OSSL_LIB_CTX *ctx,
192                                 const OSSL_CORE_HANDLE *handle,
193                                 const OSSL_DISPATCH *in)
194 {
195     struct child_prov_globals *gbl;
196 
197     if (ctx == NULL)
198         return 0;
199 
200     gbl = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
201     if (gbl == NULL)
202         return 0;
203 
204     gbl->handle = handle;
205     for (; in->function_id != 0; in++) {
206         switch (in->function_id) {
207         case OSSL_FUNC_CORE_GET_LIBCTX:
208             gbl->c_get_libctx = OSSL_FUNC_core_get_libctx(in);
209             break;
210         case OSSL_FUNC_PROVIDER_REGISTER_CHILD_CB:
211             gbl->c_provider_register_child_cb
212                 = OSSL_FUNC_provider_register_child_cb(in);
213             break;
214         case OSSL_FUNC_PROVIDER_DEREGISTER_CHILD_CB:
215             gbl->c_provider_deregister_child_cb
216                 = OSSL_FUNC_provider_deregister_child_cb(in);
217             break;
218         case OSSL_FUNC_PROVIDER_NAME:
219             gbl->c_prov_name = OSSL_FUNC_provider_name(in);
220             break;
221         case OSSL_FUNC_PROVIDER_GET0_PROVIDER_CTX:
222             gbl->c_prov_get0_provider_ctx
223                 = OSSL_FUNC_provider_get0_provider_ctx(in);
224             break;
225         case OSSL_FUNC_PROVIDER_GET0_DISPATCH:
226             gbl->c_prov_get0_dispatch = OSSL_FUNC_provider_get0_dispatch(in);
227             break;
228         case OSSL_FUNC_PROVIDER_UP_REF:
229             gbl->c_prov_up_ref
230                 = OSSL_FUNC_provider_up_ref(in);
231             break;
232         case OSSL_FUNC_PROVIDER_FREE:
233             gbl->c_prov_free = OSSL_FUNC_provider_free(in);
234             break;
235         default:
236             /* Just ignore anything we don't understand */
237             break;
238         }
239     }
240 
241     if (gbl->c_get_libctx == NULL
242             || gbl->c_provider_register_child_cb == NULL
243             || gbl->c_prov_name == NULL
244             || gbl->c_prov_get0_provider_ctx == NULL
245             || gbl->c_prov_get0_dispatch == NULL
246             || gbl->c_prov_up_ref == NULL
247             || gbl->c_prov_free == NULL)
248         return 0;
249 
250     gbl->lock = CRYPTO_THREAD_lock_new();
251     if (gbl->lock == NULL)
252         return 0;
253 
254     if (!gbl->c_provider_register_child_cb(gbl->handle,
255                                            provider_create_child_cb,
256                                            provider_remove_child_cb,
257                                            provider_global_props_cb,
258                                            ctx))
259         return 0;
260 
261     return 1;
262 }
263 
ossl_provider_deinit_child(OSSL_LIB_CTX * ctx)264 void ossl_provider_deinit_child(OSSL_LIB_CTX *ctx)
265 {
266     struct child_prov_globals *gbl
267         = ossl_lib_ctx_get_data(ctx, OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
268     if (gbl == NULL)
269         return;
270 
271     gbl->c_provider_deregister_child_cb(gbl->handle);
272 }
273 
274 /*
275  * ossl_provider_up_ref_parent() and ossl_provider_free_parent() do
276  * nothing in "self-referencing" child providers, i.e. when the parent
277  * of the child provider is the same as the provider where this child
278  * provider was created.
279  * This allows the teardown function in the parent provider to be called
280  * at the correct moment.
281  * For child providers in other providers, the reference count is done to
282  * ensure that cross referencing is recorded.  These should be cleared up
283  * through that providers teardown, as part of freeing its child libctx.
284  */
285 
ossl_provider_up_ref_parent(OSSL_PROVIDER * prov,int activate)286 int ossl_provider_up_ref_parent(OSSL_PROVIDER *prov, int activate)
287 {
288     struct child_prov_globals *gbl;
289     const OSSL_CORE_HANDLE *parent_handle;
290 
291     gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
292                                 OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
293     if (gbl == NULL)
294         return 0;
295 
296     parent_handle = ossl_provider_get_parent(prov);
297     if (parent_handle == gbl->handle)
298         return 1;
299     return gbl->c_prov_up_ref(parent_handle, activate);
300 }
301 
ossl_provider_free_parent(OSSL_PROVIDER * prov,int deactivate)302 int ossl_provider_free_parent(OSSL_PROVIDER *prov, int deactivate)
303 {
304     struct child_prov_globals *gbl;
305     const OSSL_CORE_HANDLE *parent_handle;
306 
307     gbl = ossl_lib_ctx_get_data(ossl_provider_libctx(prov),
308                                 OSSL_LIB_CTX_CHILD_PROVIDER_INDEX);
309     if (gbl == NULL)
310         return 0;
311 
312     parent_handle = ossl_provider_get_parent(prov);
313     if (parent_handle == gbl->handle)
314         return 1;
315     return gbl->c_prov_free(ossl_provider_get_parent(prov), deactivate);
316 }
317