provider_conf.c@ 100908

最後變更在這個檔案從100908是 99366,由 vboxsync 提交於 22 月前
openssl-3.1.0: Applied and adjusted our OpenSSL changes to 3.0.7. bugref:10418
檔案大小: 9.6 KB

行
1	/*
2	* Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#include <string.h>
11	#include <openssl/trace.h>
12	#include <openssl/err.h>
13	#include <openssl/conf.h>
14	#include <openssl/safestack.h>
15	#include <openssl/provider.h>
16	#include "internal/provider.h"
17	#include "internal/cryptlib.h"
18	#include "provider_local.h"
19	#include "crypto/context.h"
20
21	DEFINE_STACK_OF(OSSL_PROVIDER)
22
23	/* PROVIDER config module */
24
25	typedef struct {
26	CRYPTO_RWLOCK *lock;
27	STACK_OF(OSSL_PROVIDER) *activated_providers;
28	} PROVIDER_CONF_GLOBAL;
29
30	void ossl_prov_conf_ctx_new(OSSL_LIB_CTX libctx)
31	{
32	PROVIDER_CONF_GLOBAL pcgbl = OPENSSL_zalloc(sizeof(pcgbl));
33
34	if (pcgbl == NULL)
35	return NULL;
36
37	pcgbl->lock = CRYPTO_THREAD_lock_new();
38	if (pcgbl->lock == NULL) {
39	OPENSSL_free(pcgbl);
40	return NULL;
41	}
42
43	return pcgbl;
44	}
45
46	void ossl_prov_conf_ctx_free(void *vpcgbl)
47	{
48	PROVIDER_CONF_GLOBAL *pcgbl = vpcgbl;
49
50	sk_OSSL_PROVIDER_pop_free(pcgbl->activated_providers,
51	ossl_provider_free);
52
53	OSSL_TRACE(CONF, "Cleaned up providers\n");
54	CRYPTO_THREAD_lock_free(pcgbl->lock);
55	OPENSSL_free(pcgbl);
56	}
57
58	static const char skip_dot(const char name)
59	{
60	const char *p = strchr(name, '.');
61
62	if (p != NULL)
63	return p + 1;
64	return name;
65	}
66
67	static int provider_conf_params(OSSL_PROVIDER *prov,
68	OSSL_PROVIDER_INFO *provinfo,
69	const char name, const char value,
70	const CONF *cnf)
71	{
72	STACK_OF(CONF_VALUE) *sect;
73	int ok = 1;
74
75	sect = NCONF_get_section(cnf, value);
76	if (sect != NULL) {
77	int i;
78	char buffer[512];
79	size_t buffer_len = 0;
80
81	OSSL_TRACE1(CONF, "Provider params: start section %s\n", value);
82
83	if (name != NULL) {
84	OPENSSL_strlcpy(buffer, name, sizeof(buffer));
85	OPENSSL_strlcat(buffer, ".", sizeof(buffer));
86	buffer_len = strlen(buffer);
87	}
88
89	for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
90	CONF_VALUE *sectconf = sk_CONF_VALUE_value(sect, i);
91
92	if (buffer_len + strlen(sectconf->name) >= sizeof(buffer))
93	return 0;
94	buffer[buffer_len] = '\0';
95	OPENSSL_strlcat(buffer, sectconf->name, sizeof(buffer));
96	if (!provider_conf_params(prov, provinfo, buffer, sectconf->value,
97	cnf))
98	return 0;
99	}
100
101	OSSL_TRACE1(CONF, "Provider params: finish section %s\n", value);
102	} else {
103	OSSL_TRACE2(CONF, "Provider params: %s = %s\n", name, value);
104	if (prov != NULL)
105	ok = ossl_provider_add_parameter(prov, name, value);
106	else
107	ok = ossl_provider_info_add_parameter(provinfo, name, value);
108	}
109
110	return ok;
111	}
112
113	static int prov_already_activated(const char *name,
114	STACK_OF(OSSL_PROVIDER) *activated)
115	{
116	int i, max;
117
118	if (activated == NULL)
119	return 0;
120
121	max = sk_OSSL_PROVIDER_num(activated);
122	for (i = 0; i < max; i++) {
123	OSSL_PROVIDER *tstprov = sk_OSSL_PROVIDER_value(activated, i);
124
125	if (strcmp(OSSL_PROVIDER_get0_name(tstprov), name) == 0) {
126	return 1;
127	}
128	}
129
130	return 0;
131	}
132
133	static int provider_conf_activate(OSSL_LIB_CTX libctx, const char name,
134	const char value, const char path,
135	int soft, const CONF *cnf)
136	{
137	PROVIDER_CONF_GLOBAL *pcgbl
138	= ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_PROVIDER_CONF_INDEX);
139	OSSL_PROVIDER prov = NULL, actual = NULL;
140	int ok = 0;
141
142	if (pcgbl == NULL \|\| !CRYPTO_THREAD_write_lock(pcgbl->lock)) {
143	ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
144	return 0;
145	}
146	if (!prov_already_activated(name, pcgbl->activated_providers)) {
147	/*
148	* There is an attempt to activate a provider, so we should disable
149	* loading of fallbacks. Otherwise a misconfiguration could mean the
150	* intended provider does not get loaded. Subsequent fetches could
151	* then fallback to the default provider - which may be the wrong
152	* thing.
153	*/
154	if (!ossl_provider_disable_fallback_loading(libctx)) {
155	CRYPTO_THREAD_unlock(pcgbl->lock);
156	ERR_raise(ERR_LIB_CRYPTO, ERR_R_INTERNAL_ERROR);
157	return 0;
158	}
159	prov = ossl_provider_find(libctx, name, 1);
160	if (prov == NULL)
161	prov = ossl_provider_new(libctx, name, NULL, 1);
162	if (prov == NULL) {
163	CRYPTO_THREAD_unlock(pcgbl->lock);
164	if (soft)
165	ERR_clear_error();
166	return 0;
167	}
168
169	if (path != NULL)
170	ossl_provider_set_module_path(prov, path);
171
172	ok = provider_conf_params(prov, NULL, NULL, value, cnf);
173
174	if (ok) {
175	if (!ossl_provider_activate(prov, 1, 0)) {
176	ok = 0;
177	} else if (!ossl_provider_add_to_store(prov, &actual, 0)) {
178	ossl_provider_deactivate(prov, 1);
179	ok = 0;
180	} else if (actual != prov
181	&& !ossl_provider_activate(actual, 1, 0)) {
182	ossl_provider_free(actual);
183	ok = 0;
184	} else {
185	if (pcgbl->activated_providers == NULL)
186	pcgbl->activated_providers = sk_OSSL_PROVIDER_new_null();
187	if (pcgbl->activated_providers == NULL
188	\|\| !sk_OSSL_PROVIDER_push(pcgbl->activated_providers,
189	actual)) {
190	ossl_provider_deactivate(actual, 1);
191	ossl_provider_free(actual);
192	ok = 0;
193	} else {
194	ok = 1;
195	}
196	}
197	}
198	if (!ok)
199	ossl_provider_free(prov);
200	}
201	CRYPTO_THREAD_unlock(pcgbl->lock);
202
203	return ok;
204	}
205
206	static int provider_conf_load(OSSL_LIB_CTX libctx, const char name,
207	const char value, const CONF cnf)
208	{
209	int i;
210	STACK_OF(CONF_VALUE) *ecmds;
211	int soft = 0;
212	const char *path = NULL;
213	long activate = 0;
214	int ok = 0;
215
216	name = skip_dot(name);
217	OSSL_TRACE1(CONF, "Configuring provider %s\n", name);
218	/* Value is a section containing PROVIDER commands */
219	ecmds = NCONF_get_section(cnf, value);
220
221	if (!ecmds) {
222	ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
223	"section=%s not found", value);
224	return 0;
225	}
226
227	/* Find the needed data first */
228	for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
229	CONF_VALUE *ecmd = sk_CONF_VALUE_value(ecmds, i);
230	const char *confname = skip_dot(ecmd->name);
231	const char *confvalue = ecmd->value;
232
233	OSSL_TRACE2(CONF, "Provider command: %s = %s\n",
234	confname, confvalue);
235
236	/* First handle some special pseudo confs */
237
238	/* Override provider name to use */
239	if (strcmp(confname, "identity") == 0)
240	name = confvalue;
241	else if (strcmp(confname, "soft_load") == 0)
242	soft = 1;
243	/* Load a dynamic PROVIDER */
244	else if (strcmp(confname, "module") == 0)
245	path = confvalue;
246	else if (strcmp(confname, "activate") == 0)
247	activate = 1;
248	}
249
250	if (activate) {
251	ok = provider_conf_activate(libctx, name, value, path, soft, cnf);
252	} else {
253	OSSL_PROVIDER_INFO entry;
254
255	memset(&entry, 0, sizeof(entry));
256	ok = 1;
257	if (name != NULL) {
258	entry.name = OPENSSL_strdup(name);
259	if (entry.name == NULL) {
260	ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
261	ok = 0;
262	}
263	}
264	if (ok && path != NULL) {
265	entry.path = OPENSSL_strdup(path);
266	if (entry.path == NULL) {
267	ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
268	ok = 0;
269	}
270	}
271	if (ok)
272	ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
273	if (ok && (entry.path != NULL \|\| entry.parameters != NULL))
274	ok = ossl_provider_info_add_to_store(libctx, &entry);
275	if (!ok \|\| (entry.path == NULL && entry.parameters == NULL)) {
276	ossl_provider_info_clear(&entry);
277	}
278
279	}
280
281	/*
282	* Even if ok is 0, we still return success. Failure to load a provider is
283	* not fatal. We want to continue to load the rest of the config file.
284	*/
285	return 1;
286	}
287
288	static int provider_conf_init(CONF_IMODULE md, const CONF cnf)
289	{
290	STACK_OF(CONF_VALUE) *elist;
291	CONF_VALUE *cval;
292	int i;
293
294	OSSL_TRACE1(CONF, "Loading providers module: section %s\n",
295	CONF_imodule_get_value(md));
296
297	/* Value is a section containing PROVIDERs to configure */
298	elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
299
300	if (!elist) {
301	ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR);
302	return 0;
303	}
304
305	for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
306	cval = sk_CONF_VALUE_value(elist, i);
307	if (!provider_conf_load(NCONF_get0_libctx((CONF *)cnf),
308	cval->name, cval->value, cnf))
309	return 0;
310	}
311
312	return 1;
313	}
314
315	void ossl_provider_add_conf_module(void)
316	{
317	OSSL_TRACE(CONF, "Adding config module 'providers'\n");
318	CONF_module_add("providers", provider_conf_init, NULL);
319	}

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/src/libs/openssl-3.1.0/crypto/provider_conf.c@ 100908

以其他格式下載: