2
0

eng_dyn.c 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534
  1. /*
  2. * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some engine deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include "eng_local.h"
  12. #include "internal/dso.h"
  13. #include <openssl/crypto.h>
  14. /*
  15. * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
  16. * loader should implement the hook-up functions with the following
  17. * prototypes.
  18. */
  19. /* Our ENGINE handlers */
  20. static int dynamic_init(ENGINE *e);
  21. static int dynamic_finish(ENGINE *e);
  22. static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
  23. void (*f) (void));
  24. /* Predeclare our context type */
  25. typedef struct st_dynamic_data_ctx dynamic_data_ctx;
  26. /* The implementation for the important control command */
  27. static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
  28. #define DYNAMIC_CMD_SO_PATH ENGINE_CMD_BASE
  29. #define DYNAMIC_CMD_NO_VCHECK (ENGINE_CMD_BASE + 1)
  30. #define DYNAMIC_CMD_ID (ENGINE_CMD_BASE + 2)
  31. #define DYNAMIC_CMD_LIST_ADD (ENGINE_CMD_BASE + 3)
  32. #define DYNAMIC_CMD_DIR_LOAD (ENGINE_CMD_BASE + 4)
  33. #define DYNAMIC_CMD_DIR_ADD (ENGINE_CMD_BASE + 5)
  34. #define DYNAMIC_CMD_LOAD (ENGINE_CMD_BASE + 6)
  35. /* The constants used when creating the ENGINE */
  36. static const char *engine_dynamic_id = "dynamic";
  37. static const char *engine_dynamic_name = "Dynamic engine loading support";
  38. static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
  39. {DYNAMIC_CMD_SO_PATH,
  40. "SO_PATH",
  41. "Specifies the path to the new ENGINE shared library",
  42. ENGINE_CMD_FLAG_STRING},
  43. {DYNAMIC_CMD_NO_VCHECK,
  44. "NO_VCHECK",
  45. "Specifies to continue even if version checking fails (boolean)",
  46. ENGINE_CMD_FLAG_NUMERIC},
  47. {DYNAMIC_CMD_ID,
  48. "ID",
  49. "Specifies an ENGINE id name for loading",
  50. ENGINE_CMD_FLAG_STRING},
  51. {DYNAMIC_CMD_LIST_ADD,
  52. "LIST_ADD",
  53. "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
  54. ENGINE_CMD_FLAG_NUMERIC},
  55. {DYNAMIC_CMD_DIR_LOAD,
  56. "DIR_LOAD",
  57. "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
  58. ENGINE_CMD_FLAG_NUMERIC},
  59. {DYNAMIC_CMD_DIR_ADD,
  60. "DIR_ADD",
  61. "Adds a directory from which ENGINEs can be loaded",
  62. ENGINE_CMD_FLAG_STRING},
  63. {DYNAMIC_CMD_LOAD,
  64. "LOAD",
  65. "Load up the ENGINE specified by other settings",
  66. ENGINE_CMD_FLAG_NO_INPUT},
  67. {0, NULL, NULL, 0}
  68. };
  69. /*
  70. * Loading code stores state inside the ENGINE structure via the "ex_data"
  71. * element. We load all our state into a single structure and use that as a
  72. * single context in the "ex_data" stack.
  73. */
  74. struct st_dynamic_data_ctx {
  75. /* The DSO object we load that supplies the ENGINE code */
  76. DSO *dynamic_dso;
  77. /*
  78. * The function pointer to the version checking shared library function
  79. */
  80. dynamic_v_check_fn v_check;
  81. /*
  82. * The function pointer to the engine-binding shared library function
  83. */
  84. dynamic_bind_engine bind_engine;
  85. /* The default name/path for loading the shared library */
  86. char *DYNAMIC_LIBNAME;
  87. /* Whether to continue loading on a version check failure */
  88. int no_vcheck;
  89. /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
  90. char *engine_id;
  91. /*
  92. * If non-zero, a successfully loaded ENGINE should be added to the
  93. * internal ENGINE list. If 2, the add must succeed or the entire load
  94. * should fail.
  95. */
  96. int list_add_value;
  97. /* The symbol name for the version checking function */
  98. const char *DYNAMIC_F1;
  99. /* The symbol name for the "initialise ENGINE structure" function */
  100. const char *DYNAMIC_F2;
  101. /*
  102. * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
  103. * 'dirs' for loading. Default is to use 'dirs' as a fallback.
  104. */
  105. int dir_load;
  106. /* A stack of directories from which ENGINEs could be loaded */
  107. STACK_OF(OPENSSL_STRING) *dirs;
  108. };
  109. /*
  110. * This is the "ex_data" index we obtain and reserve for use with our context
  111. * structure.
  112. */
  113. static int dynamic_ex_data_idx = -1;
  114. static void int_free_str(char *s)
  115. {
  116. OPENSSL_free(s);
  117. }
  118. /*
  119. * Because our ex_data element may or may not get allocated depending on
  120. * whether a "first-use" occurs before the ENGINE is freed, we have a memory
  121. * leak problem to solve. We can't declare a "new" handler for the ex_data as
  122. * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
  123. * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
  124. * a "free" handler and that will get called if an ENGINE is being destroyed
  125. * and there was an ex_data element corresponding to our context type.
  126. */
  127. static void dynamic_data_ctx_free_func(void *parent, void *ptr,
  128. CRYPTO_EX_DATA *ad, int idx, long argl,
  129. void *argp)
  130. {
  131. if (ptr) {
  132. dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
  133. DSO_free(ctx->dynamic_dso);
  134. OPENSSL_free(ctx->DYNAMIC_LIBNAME);
  135. OPENSSL_free(ctx->engine_id);
  136. sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str);
  137. OPENSSL_free(ctx);
  138. }
  139. }
  140. /*
  141. * Construct the per-ENGINE context. We create it blindly and then use a lock
  142. * to check for a race - if so, all but one of the threads "racing" will have
  143. * wasted their time. The alternative involves creating everything inside the
  144. * lock which is far worse.
  145. */
  146. static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
  147. {
  148. dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c));
  149. int ret = 0;
  150. if (c == NULL)
  151. return 0;
  152. c->dirs = sk_OPENSSL_STRING_new_null();
  153. if (c->dirs == NULL) {
  154. ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
  155. goto end;
  156. }
  157. c->DYNAMIC_F1 = "v_check";
  158. c->DYNAMIC_F2 = "bind_engine";
  159. c->dir_load = 1;
  160. if (!CRYPTO_THREAD_write_lock(global_engine_lock))
  161. goto end;
  162. if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
  163. dynamic_ex_data_idx))
  164. == NULL) {
  165. /* Good, we're the first */
  166. ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
  167. if (ret) {
  168. *ctx = c;
  169. c = NULL;
  170. }
  171. }
  172. CRYPTO_THREAD_unlock(global_engine_lock);
  173. ret = 1;
  174. /*
  175. * If we lost the race to set the context, c is non-NULL and *ctx is the
  176. * context of the thread that won.
  177. */
  178. end:
  179. if (c != NULL)
  180. sk_OPENSSL_STRING_free(c->dirs);
  181. OPENSSL_free(c);
  182. return ret;
  183. }
  184. /*
  185. * This function retrieves the context structure from an ENGINE's "ex_data",
  186. * or if it doesn't exist yet, sets it up.
  187. */
  188. static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
  189. {
  190. dynamic_data_ctx *ctx;
  191. if (dynamic_ex_data_idx < 0) {
  192. /*
  193. * Create and register the ENGINE ex_data, and associate our "free"
  194. * function with it to ensure any allocated contexts get freed when
  195. * an ENGINE goes underground.
  196. */
  197. int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,
  198. dynamic_data_ctx_free_func);
  199. if (new_idx == -1) {
  200. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_INDEX);
  201. return NULL;
  202. }
  203. if (!CRYPTO_THREAD_write_lock(global_engine_lock))
  204. return NULL;
  205. /* Avoid a race by checking again inside this lock */
  206. if (dynamic_ex_data_idx < 0) {
  207. /* Good, someone didn't beat us to it */
  208. dynamic_ex_data_idx = new_idx;
  209. new_idx = -1;
  210. }
  211. CRYPTO_THREAD_unlock(global_engine_lock);
  212. /*
  213. * In theory we could "give back" the index here if (new_idx>-1), but
  214. * it's not possible and wouldn't gain us much if it were.
  215. */
  216. }
  217. ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
  218. /* Check if the context needs to be created */
  219. if ((ctx == NULL) && !dynamic_set_data_ctx(e, &ctx))
  220. /* "set_data" will set errors if necessary */
  221. return NULL;
  222. return ctx;
  223. }
  224. static ENGINE *engine_dynamic(void)
  225. {
  226. ENGINE *ret = ENGINE_new();
  227. if (ret == NULL)
  228. return NULL;
  229. if (!ENGINE_set_id(ret, engine_dynamic_id) ||
  230. !ENGINE_set_name(ret, engine_dynamic_name) ||
  231. !ENGINE_set_init_function(ret, dynamic_init) ||
  232. !ENGINE_set_finish_function(ret, dynamic_finish) ||
  233. !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
  234. !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY) ||
  235. !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
  236. ENGINE_free(ret);
  237. return NULL;
  238. }
  239. return ret;
  240. }
  241. void engine_load_dynamic_int(void)
  242. {
  243. ENGINE *toadd = engine_dynamic();
  244. if (!toadd)
  245. return;
  246. ERR_set_mark();
  247. ENGINE_add(toadd);
  248. /*
  249. * If the "add" worked, it gets a structural reference. So either way, we
  250. * release our just-created reference.
  251. */
  252. ENGINE_free(toadd);
  253. /*
  254. * If the "add" didn't work, it was probably a conflict because it was
  255. * already added (eg. someone calling ENGINE_load_blah then calling
  256. * ENGINE_load_builtin_engines() perhaps).
  257. */
  258. ERR_pop_to_mark();
  259. }
  260. static int dynamic_init(ENGINE *e)
  261. {
  262. /*
  263. * We always return failure - the "dynamic" engine itself can't be used
  264. * for anything.
  265. */
  266. return 0;
  267. }
  268. static int dynamic_finish(ENGINE *e)
  269. {
  270. /*
  271. * This should never be called on account of "dynamic_init" always
  272. * failing.
  273. */
  274. return 0;
  275. }
  276. static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
  277. {
  278. dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
  279. int initialised;
  280. if (!ctx) {
  281. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_LOADED);
  282. return 0;
  283. }
  284. initialised = ((ctx->dynamic_dso == NULL) ? 0 : 1);
  285. /* All our control commands require the ENGINE to be uninitialised */
  286. if (initialised) {
  287. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ALREADY_LOADED);
  288. return 0;
  289. }
  290. switch (cmd) {
  291. case DYNAMIC_CMD_SO_PATH:
  292. /* a NULL 'p' or a string of zero-length is the same thing */
  293. if (p && (strlen((const char *)p) < 1))
  294. p = NULL;
  295. OPENSSL_free(ctx->DYNAMIC_LIBNAME);
  296. if (p)
  297. ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p);
  298. else
  299. ctx->DYNAMIC_LIBNAME = NULL;
  300. return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
  301. case DYNAMIC_CMD_NO_VCHECK:
  302. ctx->no_vcheck = ((i == 0) ? 0 : 1);
  303. return 1;
  304. case DYNAMIC_CMD_ID:
  305. /* a NULL 'p' or a string of zero-length is the same thing */
  306. if (p && (strlen((const char *)p) < 1))
  307. p = NULL;
  308. OPENSSL_free(ctx->engine_id);
  309. if (p)
  310. ctx->engine_id = OPENSSL_strdup(p);
  311. else
  312. ctx->engine_id = NULL;
  313. return (ctx->engine_id ? 1 : 0);
  314. case DYNAMIC_CMD_LIST_ADD:
  315. if ((i < 0) || (i > 2)) {
  316. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT);
  317. return 0;
  318. }
  319. ctx->list_add_value = (int)i;
  320. return 1;
  321. case DYNAMIC_CMD_LOAD:
  322. return dynamic_load(e, ctx);
  323. case DYNAMIC_CMD_DIR_LOAD:
  324. if ((i < 0) || (i > 2)) {
  325. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT);
  326. return 0;
  327. }
  328. ctx->dir_load = (int)i;
  329. return 1;
  330. case DYNAMIC_CMD_DIR_ADD:
  331. /* a NULL 'p' or a string of zero-length is the same thing */
  332. if (p == NULL || (strlen((const char *)p) < 1)) {
  333. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT);
  334. return 0;
  335. }
  336. {
  337. char *tmp_str = OPENSSL_strdup(p);
  338. if (tmp_str == NULL)
  339. return 0;
  340. if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)) {
  341. OPENSSL_free(tmp_str);
  342. ERR_raise(ERR_LIB_ENGINE, ERR_R_CRYPTO_LIB);
  343. return 0;
  344. }
  345. }
  346. return 1;
  347. default:
  348. break;
  349. }
  350. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED);
  351. return 0;
  352. }
  353. static int int_load(dynamic_data_ctx *ctx)
  354. {
  355. int num, loop;
  356. /* Unless told not to, try a direct load */
  357. if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
  358. ctx->DYNAMIC_LIBNAME, NULL,
  359. 0)) != NULL)
  360. return 1;
  361. /* If we're not allowed to use 'dirs' or we have none, fail */
  362. if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)) < 1)
  363. return 0;
  364. for (loop = 0; loop < num; loop++) {
  365. const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop);
  366. char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
  367. if (!merge)
  368. return 0;
  369. if (DSO_load(ctx->dynamic_dso, merge, NULL, 0)) {
  370. /* Found what we're looking for */
  371. OPENSSL_free(merge);
  372. return 1;
  373. }
  374. OPENSSL_free(merge);
  375. }
  376. return 0;
  377. }
  378. /*
  379. * Unfortunately the version checker does not distinguish between
  380. * engines built for openssl 1.1.x and openssl 3.x, but loading
  381. * an engine that is built for openssl 1.1.x will cause a fatal
  382. * error. Detect such engines, since EVP_PKEY_base_id is exported
  383. * as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id
  384. * in openssl 3.x. Therefore we take the presence of that symbol
  385. * as an indication that the engine will be incompatible.
  386. */
  387. static int using_libcrypto_11(dynamic_data_ctx *ctx)
  388. {
  389. int ret;
  390. ERR_set_mark();
  391. ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL;
  392. ERR_pop_to_mark();
  393. return ret;
  394. }
  395. static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
  396. {
  397. ENGINE cpy;
  398. dynamic_fns fns;
  399. if (ctx->dynamic_dso == NULL)
  400. ctx->dynamic_dso = DSO_new();
  401. if (ctx->dynamic_dso == NULL)
  402. return 0;
  403. if (!ctx->DYNAMIC_LIBNAME) {
  404. if (!ctx->engine_id)
  405. return 0;
  406. DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS,
  407. DSO_FLAG_NAME_TRANSLATION_EXT_ONLY, NULL);
  408. ctx->DYNAMIC_LIBNAME =
  409. DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
  410. }
  411. if (!int_load(ctx)) {
  412. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND);
  413. DSO_free(ctx->dynamic_dso);
  414. ctx->dynamic_dso = NULL;
  415. return 0;
  416. }
  417. /* We have to find a bind function otherwise it'll always end badly */
  418. if (!
  419. (ctx->bind_engine =
  420. (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
  421. ctx->DYNAMIC_F2))) {
  422. ctx->bind_engine = NULL;
  423. DSO_free(ctx->dynamic_dso);
  424. ctx->dynamic_dso = NULL;
  425. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_FAILURE);
  426. return 0;
  427. }
  428. /* Do we perform version checking? */
  429. if (!ctx->no_vcheck) {
  430. unsigned long vcheck_res = 0;
  431. /*
  432. * Now we try to find a version checking function and decide how to
  433. * cope with failure if/when it fails.
  434. */
  435. ctx->v_check =
  436. (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
  437. ctx->DYNAMIC_F1);
  438. if (ctx->v_check)
  439. vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION);
  440. /*
  441. * We fail if the version checker veto'd the load *or* if it is
  442. * deferring to us (by returning its version) and we think it is too
  443. * old. Also fail if this is engine for openssl 1.1.x.
  444. */
  445. if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_11(ctx)) {
  446. /* Fail */
  447. ctx->bind_engine = NULL;
  448. ctx->v_check = NULL;
  449. DSO_free(ctx->dynamic_dso);
  450. ctx->dynamic_dso = NULL;
  451. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_VERSION_INCOMPATIBILITY);
  452. return 0;
  453. }
  454. }
  455. /*
  456. * First binary copy the ENGINE structure so that we can roll back if the
  457. * hand-over fails
  458. */
  459. memcpy(&cpy, e, sizeof(ENGINE));
  460. /*
  461. * Provide the ERR, "ex_data", memory, and locking callbacks so the
  462. * loaded library uses our state rather than its own. FIXME: As noted in
  463. * engine.h, much of this would be simplified if each area of code
  464. * provided its own "summary" structure of all related callbacks. It
  465. * would also increase opaqueness.
  466. */
  467. fns.static_state = ENGINE_get_static_state();
  468. CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn,
  469. &fns.mem_fns.free_fn);
  470. /*
  471. * Now that we've loaded the dynamic engine, make sure no "dynamic"
  472. * ENGINE elements will show through.
  473. */
  474. engine_set_all_null(e);
  475. /* Try to bind the ENGINE onto our own ENGINE structure */
  476. if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
  477. || !ctx->bind_engine(e, ctx->engine_id, &fns)) {
  478. engine_remove_dynamic_id(e, 1);
  479. ctx->bind_engine = NULL;
  480. ctx->v_check = NULL;
  481. DSO_free(ctx->dynamic_dso);
  482. ctx->dynamic_dso = NULL;
  483. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED);
  484. /* Copy the original ENGINE structure back */
  485. memcpy(e, &cpy, sizeof(ENGINE));
  486. return 0;
  487. }
  488. /* Do we try to add this ENGINE to the internal list too? */
  489. if (ctx->list_add_value > 0) {
  490. if (!ENGINE_add(e)) {
  491. /* Do we tolerate this or fail? */
  492. if (ctx->list_add_value > 1) {
  493. /*
  494. * Fail - NB: By this time, it's too late to rollback, and
  495. * trying to do so allows the bind_engine() code to have
  496. * created leaks. We just have to fail where we are, after
  497. * the ENGINE has changed.
  498. */
  499. ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID);
  500. return 0;
  501. }
  502. /* Tolerate */
  503. ERR_clear_error();
  504. }
  505. }
  506. return 1;
  507. }