2
0

context.c 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621
  1. /*
  2. * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include "crypto/cryptlib.h"
  10. #include <openssl/conf.h>
  11. #include "internal/thread_once.h"
  12. #include "internal/property.h"
  13. #include "internal/core.h"
  14. #include "internal/bio.h"
  15. #include "internal/provider.h"
  16. #include "crypto/context.h"
  17. struct ossl_lib_ctx_st {
  18. CRYPTO_RWLOCK *lock, *rand_crngt_lock;
  19. OSSL_EX_DATA_GLOBAL global;
  20. void *property_string_data;
  21. void *evp_method_store;
  22. void *provider_store;
  23. void *namemap;
  24. void *property_defns;
  25. void *global_properties;
  26. void *drbg;
  27. void *drbg_nonce;
  28. #ifndef FIPS_MODULE
  29. void *provider_conf;
  30. void *bio_core;
  31. void *child_provider;
  32. OSSL_METHOD_STORE *decoder_store;
  33. OSSL_METHOD_STORE *encoder_store;
  34. OSSL_METHOD_STORE *store_loader_store;
  35. void *self_test_cb;
  36. #endif
  37. #if defined(OPENSSL_THREADS)
  38. void *threads;
  39. #endif
  40. void *rand_crngt;
  41. #ifdef FIPS_MODULE
  42. void *thread_event_handler;
  43. void *fips_prov;
  44. #endif
  45. unsigned int ischild:1;
  46. };
  47. int ossl_lib_ctx_write_lock(OSSL_LIB_CTX *ctx)
  48. {
  49. return CRYPTO_THREAD_write_lock(ossl_lib_ctx_get_concrete(ctx)->lock);
  50. }
  51. int ossl_lib_ctx_read_lock(OSSL_LIB_CTX *ctx)
  52. {
  53. return CRYPTO_THREAD_read_lock(ossl_lib_ctx_get_concrete(ctx)->lock);
  54. }
  55. int ossl_lib_ctx_unlock(OSSL_LIB_CTX *ctx)
  56. {
  57. return CRYPTO_THREAD_unlock(ossl_lib_ctx_get_concrete(ctx)->lock);
  58. }
  59. int ossl_lib_ctx_is_child(OSSL_LIB_CTX *ctx)
  60. {
  61. ctx = ossl_lib_ctx_get_concrete(ctx);
  62. if (ctx == NULL)
  63. return 0;
  64. return ctx->ischild;
  65. }
  66. static void context_deinit_objs(OSSL_LIB_CTX *ctx);
  67. static int context_init(OSSL_LIB_CTX *ctx)
  68. {
  69. int exdata_done = 0;
  70. ctx->lock = CRYPTO_THREAD_lock_new();
  71. if (ctx->lock == NULL)
  72. return 0;
  73. ctx->rand_crngt_lock = CRYPTO_THREAD_lock_new();
  74. if (ctx->rand_crngt_lock == NULL)
  75. goto err;
  76. /* Initialize ex_data. */
  77. if (!ossl_do_ex_data_init(ctx))
  78. goto err;
  79. exdata_done = 1;
  80. /* P2. We want evp_method_store to be cleaned up before the provider store */
  81. ctx->evp_method_store = ossl_method_store_new(ctx);
  82. if (ctx->evp_method_store == NULL)
  83. goto err;
  84. #ifndef FIPS_MODULE
  85. /* P2. Must be freed before the provider store is freed */
  86. ctx->provider_conf = ossl_prov_conf_ctx_new(ctx);
  87. if (ctx->provider_conf == NULL)
  88. goto err;
  89. #endif
  90. /* P2. */
  91. ctx->drbg = ossl_rand_ctx_new(ctx);
  92. if (ctx->drbg == NULL)
  93. goto err;
  94. #ifndef FIPS_MODULE
  95. /* P2. We want decoder_store to be cleaned up before the provider store */
  96. ctx->decoder_store = ossl_method_store_new(ctx);
  97. if (ctx->decoder_store == NULL)
  98. goto err;
  99. /* P2. We want encoder_store to be cleaned up before the provider store */
  100. ctx->encoder_store = ossl_method_store_new(ctx);
  101. if (ctx->encoder_store == NULL)
  102. goto err;
  103. /* P2. We want loader_store to be cleaned up before the provider store */
  104. ctx->store_loader_store = ossl_method_store_new(ctx);
  105. if (ctx->store_loader_store == NULL)
  106. goto err;
  107. #endif
  108. /* P1. Needs to be freed before the child provider data is freed */
  109. ctx->provider_store = ossl_provider_store_new(ctx);
  110. if (ctx->provider_store == NULL)
  111. goto err;
  112. /* Default priority. */
  113. ctx->property_string_data = ossl_property_string_data_new(ctx);
  114. if (ctx->property_string_data == NULL)
  115. goto err;
  116. ctx->namemap = ossl_stored_namemap_new(ctx);
  117. if (ctx->namemap == NULL)
  118. goto err;
  119. ctx->property_defns = ossl_property_defns_new(ctx);
  120. if (ctx->property_defns == NULL)
  121. goto err;
  122. ctx->global_properties = ossl_ctx_global_properties_new(ctx);
  123. if (ctx->global_properties == NULL)
  124. goto err;
  125. #ifndef FIPS_MODULE
  126. ctx->bio_core = ossl_bio_core_globals_new(ctx);
  127. if (ctx->bio_core == NULL)
  128. goto err;
  129. #endif
  130. ctx->drbg_nonce = ossl_prov_drbg_nonce_ctx_new(ctx);
  131. if (ctx->drbg_nonce == NULL)
  132. goto err;
  133. #ifndef FIPS_MODULE
  134. ctx->self_test_cb = ossl_self_test_set_callback_new(ctx);
  135. if (ctx->self_test_cb == NULL)
  136. goto err;
  137. #endif
  138. #ifdef FIPS_MODULE
  139. ctx->thread_event_handler = ossl_thread_event_ctx_new(ctx);
  140. if (ctx->thread_event_handler == NULL)
  141. goto err;
  142. ctx->fips_prov = ossl_fips_prov_ossl_ctx_new(ctx);
  143. if (ctx->fips_prov == NULL)
  144. goto err;
  145. #endif
  146. #if defined(OPENSSL_THREADS)
  147. ctx->threads = ossl_threads_ctx_new(ctx);
  148. if (ctx->threads == NULL)
  149. goto err;
  150. #endif
  151. /* Low priority. */
  152. #ifndef FIPS_MODULE
  153. ctx->child_provider = ossl_child_prov_ctx_new(ctx);
  154. if (ctx->child_provider == NULL)
  155. goto err;
  156. #endif
  157. /* Everything depends on properties, so we also pre-initialise that */
  158. if (!ossl_property_parse_init(ctx))
  159. goto err;
  160. return 1;
  161. err:
  162. context_deinit_objs(ctx);
  163. if (exdata_done)
  164. ossl_crypto_cleanup_all_ex_data_int(ctx);
  165. CRYPTO_THREAD_lock_free(ctx->rand_crngt_lock);
  166. CRYPTO_THREAD_lock_free(ctx->lock);
  167. memset(ctx, '\0', sizeof(*ctx));
  168. return 0;
  169. }
  170. static void context_deinit_objs(OSSL_LIB_CTX *ctx)
  171. {
  172. /* P2. We want evp_method_store to be cleaned up before the provider store */
  173. if (ctx->evp_method_store != NULL) {
  174. ossl_method_store_free(ctx->evp_method_store);
  175. ctx->evp_method_store = NULL;
  176. }
  177. /* P2. */
  178. if (ctx->drbg != NULL) {
  179. ossl_rand_ctx_free(ctx->drbg);
  180. ctx->drbg = NULL;
  181. }
  182. #ifndef FIPS_MODULE
  183. /* P2. */
  184. if (ctx->provider_conf != NULL) {
  185. ossl_prov_conf_ctx_free(ctx->provider_conf);
  186. ctx->provider_conf = NULL;
  187. }
  188. /* P2. We want decoder_store to be cleaned up before the provider store */
  189. if (ctx->decoder_store != NULL) {
  190. ossl_method_store_free(ctx->decoder_store);
  191. ctx->decoder_store = NULL;
  192. }
  193. /* P2. We want encoder_store to be cleaned up before the provider store */
  194. if (ctx->encoder_store != NULL) {
  195. ossl_method_store_free(ctx->encoder_store);
  196. ctx->encoder_store = NULL;
  197. }
  198. /* P2. We want loader_store to be cleaned up before the provider store */
  199. if (ctx->store_loader_store != NULL) {
  200. ossl_method_store_free(ctx->store_loader_store);
  201. ctx->store_loader_store = NULL;
  202. }
  203. #endif
  204. /* P1. Needs to be freed before the child provider data is freed */
  205. if (ctx->provider_store != NULL) {
  206. ossl_provider_store_free(ctx->provider_store);
  207. ctx->provider_store = NULL;
  208. }
  209. /* Default priority. */
  210. if (ctx->property_string_data != NULL) {
  211. ossl_property_string_data_free(ctx->property_string_data);
  212. ctx->property_string_data = NULL;
  213. }
  214. if (ctx->namemap != NULL) {
  215. ossl_stored_namemap_free(ctx->namemap);
  216. ctx->namemap = NULL;
  217. }
  218. if (ctx->property_defns != NULL) {
  219. ossl_property_defns_free(ctx->property_defns);
  220. ctx->property_defns = NULL;
  221. }
  222. if (ctx->global_properties != NULL) {
  223. ossl_ctx_global_properties_free(ctx->global_properties);
  224. ctx->global_properties = NULL;
  225. }
  226. #ifndef FIPS_MODULE
  227. if (ctx->bio_core != NULL) {
  228. ossl_bio_core_globals_free(ctx->bio_core);
  229. ctx->bio_core = NULL;
  230. }
  231. #endif
  232. if (ctx->drbg_nonce != NULL) {
  233. ossl_prov_drbg_nonce_ctx_free(ctx->drbg_nonce);
  234. ctx->drbg_nonce = NULL;
  235. }
  236. #ifndef FIPS_MODULE
  237. if (ctx->self_test_cb != NULL) {
  238. ossl_self_test_set_callback_free(ctx->self_test_cb);
  239. ctx->self_test_cb = NULL;
  240. }
  241. #endif
  242. if (ctx->rand_crngt != NULL) {
  243. ossl_rand_crng_ctx_free(ctx->rand_crngt);
  244. ctx->rand_crngt = NULL;
  245. }
  246. #ifdef FIPS_MODULE
  247. if (ctx->thread_event_handler != NULL) {
  248. ossl_thread_event_ctx_free(ctx->thread_event_handler);
  249. ctx->thread_event_handler = NULL;
  250. }
  251. if (ctx->fips_prov != NULL) {
  252. ossl_fips_prov_ossl_ctx_free(ctx->fips_prov);
  253. ctx->fips_prov = NULL;
  254. }
  255. #endif
  256. #if defined(OPENSSL_THREADS)
  257. if (ctx->threads != NULL) {
  258. ossl_threads_ctx_free(ctx->threads);
  259. ctx->threads = NULL;
  260. }
  261. #endif
  262. /* Low priority. */
  263. #ifndef FIPS_MODULE
  264. if (ctx->child_provider != NULL) {
  265. ossl_child_prov_ctx_free(ctx->child_provider);
  266. ctx->child_provider = NULL;
  267. }
  268. #endif
  269. }
  270. static int context_deinit(OSSL_LIB_CTX *ctx)
  271. {
  272. if (ctx == NULL)
  273. return 1;
  274. ossl_ctx_thread_stop(ctx);
  275. context_deinit_objs(ctx);
  276. ossl_crypto_cleanup_all_ex_data_int(ctx);
  277. CRYPTO_THREAD_lock_free(ctx->rand_crngt_lock);
  278. CRYPTO_THREAD_lock_free(ctx->lock);
  279. ctx->rand_crngt_lock = NULL;
  280. ctx->lock = NULL;
  281. return 1;
  282. }
  283. #ifndef FIPS_MODULE
  284. /* The default default context */
  285. static OSSL_LIB_CTX default_context_int;
  286. static CRYPTO_ONCE default_context_init = CRYPTO_ONCE_STATIC_INIT;
  287. static CRYPTO_THREAD_LOCAL default_context_thread_local;
  288. DEFINE_RUN_ONCE_STATIC(default_context_do_init)
  289. {
  290. return CRYPTO_THREAD_init_local(&default_context_thread_local, NULL)
  291. && context_init(&default_context_int);
  292. }
  293. void ossl_lib_ctx_default_deinit(void)
  294. {
  295. context_deinit(&default_context_int);
  296. CRYPTO_THREAD_cleanup_local(&default_context_thread_local);
  297. }
  298. static OSSL_LIB_CTX *get_thread_default_context(void)
  299. {
  300. if (!RUN_ONCE(&default_context_init, default_context_do_init))
  301. return NULL;
  302. return CRYPTO_THREAD_get_local(&default_context_thread_local);
  303. }
  304. static OSSL_LIB_CTX *get_default_context(void)
  305. {
  306. OSSL_LIB_CTX *current_defctx = get_thread_default_context();
  307. if (current_defctx == NULL)
  308. current_defctx = &default_context_int;
  309. return current_defctx;
  310. }
  311. static int set_default_context(OSSL_LIB_CTX *defctx)
  312. {
  313. if (defctx == &default_context_int)
  314. defctx = NULL;
  315. return CRYPTO_THREAD_set_local(&default_context_thread_local, defctx);
  316. }
  317. #endif
  318. OSSL_LIB_CTX *OSSL_LIB_CTX_new(void)
  319. {
  320. OSSL_LIB_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx));
  321. if (ctx != NULL && !context_init(ctx)) {
  322. OPENSSL_free(ctx);
  323. ctx = NULL;
  324. }
  325. return ctx;
  326. }
  327. #ifndef FIPS_MODULE
  328. OSSL_LIB_CTX *OSSL_LIB_CTX_new_from_dispatch(const OSSL_CORE_HANDLE *handle,
  329. const OSSL_DISPATCH *in)
  330. {
  331. OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
  332. if (ctx == NULL)
  333. return NULL;
  334. if (!ossl_bio_init_core(ctx, in)) {
  335. OSSL_LIB_CTX_free(ctx);
  336. return NULL;
  337. }
  338. return ctx;
  339. }
  340. OSSL_LIB_CTX *OSSL_LIB_CTX_new_child(const OSSL_CORE_HANDLE *handle,
  341. const OSSL_DISPATCH *in)
  342. {
  343. OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new_from_dispatch(handle, in);
  344. if (ctx == NULL)
  345. return NULL;
  346. if (!ossl_provider_init_as_child(ctx, handle, in)) {
  347. OSSL_LIB_CTX_free(ctx);
  348. return NULL;
  349. }
  350. ctx->ischild = 1;
  351. return ctx;
  352. }
  353. int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file)
  354. {
  355. return CONF_modules_load_file_ex(ctx, config_file, NULL, 0) > 0;
  356. }
  357. #endif
  358. void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx)
  359. {
  360. if (ossl_lib_ctx_is_default(ctx))
  361. return;
  362. #ifndef FIPS_MODULE
  363. if (ctx->ischild)
  364. ossl_provider_deinit_child(ctx);
  365. #endif
  366. context_deinit(ctx);
  367. OPENSSL_free(ctx);
  368. }
  369. #ifndef FIPS_MODULE
  370. OSSL_LIB_CTX *OSSL_LIB_CTX_get0_global_default(void)
  371. {
  372. if (!RUN_ONCE(&default_context_init, default_context_do_init))
  373. return NULL;
  374. return &default_context_int;
  375. }
  376. OSSL_LIB_CTX *OSSL_LIB_CTX_set0_default(OSSL_LIB_CTX *libctx)
  377. {
  378. OSSL_LIB_CTX *current_defctx;
  379. if ((current_defctx = get_default_context()) != NULL) {
  380. if (libctx != NULL)
  381. set_default_context(libctx);
  382. return current_defctx;
  383. }
  384. return NULL;
  385. }
  386. void ossl_release_default_drbg_ctx(void)
  387. {
  388. /* early release of the DRBG in global default libctx */
  389. if (default_context_int.drbg != NULL) {
  390. ossl_rand_ctx_free(default_context_int.drbg);
  391. default_context_int.drbg = NULL;
  392. }
  393. }
  394. #endif
  395. OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx)
  396. {
  397. #ifndef FIPS_MODULE
  398. if (ctx == NULL)
  399. return get_default_context();
  400. #endif
  401. return ctx;
  402. }
  403. int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx)
  404. {
  405. #ifndef FIPS_MODULE
  406. if (ctx == NULL || ctx == get_default_context())
  407. return 1;
  408. #endif
  409. return 0;
  410. }
  411. int ossl_lib_ctx_is_global_default(OSSL_LIB_CTX *ctx)
  412. {
  413. #ifndef FIPS_MODULE
  414. if (ossl_lib_ctx_get_concrete(ctx) == &default_context_int)
  415. return 1;
  416. #endif
  417. return 0;
  418. }
  419. void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
  420. {
  421. void *p;
  422. ctx = ossl_lib_ctx_get_concrete(ctx);
  423. if (ctx == NULL)
  424. return NULL;
  425. switch (index) {
  426. case OSSL_LIB_CTX_PROPERTY_STRING_INDEX:
  427. return ctx->property_string_data;
  428. case OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX:
  429. return ctx->evp_method_store;
  430. case OSSL_LIB_CTX_PROVIDER_STORE_INDEX:
  431. return ctx->provider_store;
  432. case OSSL_LIB_CTX_NAMEMAP_INDEX:
  433. return ctx->namemap;
  434. case OSSL_LIB_CTX_PROPERTY_DEFN_INDEX:
  435. return ctx->property_defns;
  436. case OSSL_LIB_CTX_GLOBAL_PROPERTIES:
  437. return ctx->global_properties;
  438. case OSSL_LIB_CTX_DRBG_INDEX:
  439. return ctx->drbg;
  440. case OSSL_LIB_CTX_DRBG_NONCE_INDEX:
  441. return ctx->drbg_nonce;
  442. #ifndef FIPS_MODULE
  443. case OSSL_LIB_CTX_PROVIDER_CONF_INDEX:
  444. return ctx->provider_conf;
  445. case OSSL_LIB_CTX_BIO_CORE_INDEX:
  446. return ctx->bio_core;
  447. case OSSL_LIB_CTX_CHILD_PROVIDER_INDEX:
  448. return ctx->child_provider;
  449. case OSSL_LIB_CTX_DECODER_STORE_INDEX:
  450. return ctx->decoder_store;
  451. case OSSL_LIB_CTX_ENCODER_STORE_INDEX:
  452. return ctx->encoder_store;
  453. case OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX:
  454. return ctx->store_loader_store;
  455. case OSSL_LIB_CTX_SELF_TEST_CB_INDEX:
  456. return ctx->self_test_cb;
  457. #endif
  458. #if defined(OPENSSL_THREADS)
  459. case OSSL_LIB_CTX_THREAD_INDEX:
  460. return ctx->threads;
  461. #endif
  462. case OSSL_LIB_CTX_RAND_CRNGT_INDEX: {
  463. /*
  464. * rand_crngt must be lazily initialized because it calls into
  465. * libctx, so must not be called from context_init, else a deadlock
  466. * will occur.
  467. *
  468. * We use a separate lock because code called by the instantiation
  469. * of rand_crngt is liable to try and take the libctx lock.
  470. */
  471. if (CRYPTO_THREAD_read_lock(ctx->rand_crngt_lock) != 1)
  472. return NULL;
  473. if (ctx->rand_crngt == NULL) {
  474. CRYPTO_THREAD_unlock(ctx->rand_crngt_lock);
  475. if (CRYPTO_THREAD_write_lock(ctx->rand_crngt_lock) != 1)
  476. return NULL;
  477. if (ctx->rand_crngt == NULL)
  478. ctx->rand_crngt = ossl_rand_crng_ctx_new(ctx);
  479. }
  480. p = ctx->rand_crngt;
  481. CRYPTO_THREAD_unlock(ctx->rand_crngt_lock);
  482. return p;
  483. }
  484. #ifdef FIPS_MODULE
  485. case OSSL_LIB_CTX_THREAD_EVENT_HANDLER_INDEX:
  486. return ctx->thread_event_handler;
  487. case OSSL_LIB_CTX_FIPS_PROV_INDEX:
  488. return ctx->fips_prov;
  489. #endif
  490. default:
  491. return NULL;
  492. }
  493. }
  494. OSSL_EX_DATA_GLOBAL *ossl_lib_ctx_get_ex_data_global(OSSL_LIB_CTX *ctx)
  495. {
  496. ctx = ossl_lib_ctx_get_concrete(ctx);
  497. if (ctx == NULL)
  498. return NULL;
  499. return &ctx->global;
  500. }
  501. const char *ossl_lib_ctx_get_descriptor(OSSL_LIB_CTX *libctx)
  502. {
  503. #ifdef FIPS_MODULE
  504. return "FIPS internal library context";
  505. #else
  506. if (ossl_lib_ctx_is_global_default(libctx))
  507. return "Global default library context";
  508. if (ossl_lib_ctx_is_default(libctx))
  509. return "Thread-local default library context";
  510. return "Non-default library context";
  511. #endif
  512. }