1 /*
2 * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/crypto.h>
11 #include "crypto/store.h"
12 #include "internal/core.h"
13 #include "internal/namemap.h"
14 #include "internal/property.h"
15 #include "internal/provider.h"
16 #include "store_local.h"
17
OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER * loader)18 int OSSL_STORE_LOADER_up_ref(OSSL_STORE_LOADER *loader)
19 {
20 int ref = 0;
21
22 if (loader->prov != NULL)
23 CRYPTO_UP_REF(&loader->refcnt, &ref, loader->lock);
24 return 1;
25 }
26
OSSL_STORE_LOADER_free(OSSL_STORE_LOADER * loader)27 void OSSL_STORE_LOADER_free(OSSL_STORE_LOADER *loader)
28 {
29 if (loader != NULL && loader->prov != NULL) {
30 int i;
31
32 CRYPTO_DOWN_REF(&loader->refcnt, &i, loader->lock);
33 if (i > 0)
34 return;
35 ossl_provider_free(loader->prov);
36 CRYPTO_THREAD_lock_free(loader->lock);
37 }
38 OPENSSL_free(loader);
39 }
40
41 /*
42 * OSSL_STORE_LOADER_new() expects the scheme as a constant string,
43 * which we currently don't have, so we need an alternative allocator.
44 */
new_loader(OSSL_PROVIDER * prov)45 static OSSL_STORE_LOADER *new_loader(OSSL_PROVIDER *prov)
46 {
47 OSSL_STORE_LOADER *loader;
48
49 if ((loader = OPENSSL_zalloc(sizeof(*loader))) == NULL
50 || (loader->lock = CRYPTO_THREAD_lock_new()) == NULL) {
51 OPENSSL_free(loader);
52 return NULL;
53 }
54 loader->prov = prov;
55 ossl_provider_up_ref(prov);
56 loader->refcnt = 1;
57
58 return loader;
59 }
60
up_ref_loader(void * method)61 static int up_ref_loader(void *method)
62 {
63 return OSSL_STORE_LOADER_up_ref(method);
64 }
65
free_loader(void * method)66 static void free_loader(void *method)
67 {
68 OSSL_STORE_LOADER_free(method);
69 }
70
71 /* Permanent loader method store, constructor and destructor */
loader_store_free(void * vstore)72 static void loader_store_free(void *vstore)
73 {
74 ossl_method_store_free(vstore);
75 }
76
loader_store_new(OSSL_LIB_CTX * ctx)77 static void *loader_store_new(OSSL_LIB_CTX *ctx)
78 {
79 return ossl_method_store_new(ctx);
80 }
81
82
83 static const OSSL_LIB_CTX_METHOD loader_store_method = {
84 /* We want loader_store to be cleaned up before the provider store */
85 OSSL_LIB_CTX_METHOD_PRIORITY_2,
86 loader_store_new,
87 loader_store_free,
88 };
89
90 /* Data to be passed through ossl_method_construct() */
91 struct loader_data_st {
92 OSSL_LIB_CTX *libctx;
93 int scheme_id; /* For get_loader_from_store() */
94 const char *scheme; /* For get_loader_from_store() */
95 const char *propquery; /* For get_loader_from_store() */
96
97 OSSL_METHOD_STORE *tmp_store; /* For get_tmp_loader_store() */
98
99 unsigned int flag_construct_error_occurred : 1;
100 };
101
102 /*
103 * Generic routines to fetch / create OSSL_STORE methods with
104 * ossl_method_construct()
105 */
106
107 /* Temporary loader method store, constructor and destructor */
get_tmp_loader_store(void * data)108 static void *get_tmp_loader_store(void *data)
109 {
110 struct loader_data_st *methdata = data;
111
112 if (methdata->tmp_store == NULL)
113 methdata->tmp_store = ossl_method_store_new(methdata->libctx);
114 return methdata->tmp_store;
115 }
116
dealloc_tmp_loader_store(void * store)117 static void dealloc_tmp_loader_store(void *store)
118 {
119 if (store != NULL)
120 ossl_method_store_free(store);
121 }
122
123 /* Get the permanent loader store */
get_loader_store(OSSL_LIB_CTX * libctx)124 static OSSL_METHOD_STORE *get_loader_store(OSSL_LIB_CTX *libctx)
125 {
126 return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_STORE_LOADER_STORE_INDEX,
127 &loader_store_method);
128 }
129
130 /* Get loader methods from a store, or put one in */
get_loader_from_store(void * store,const OSSL_PROVIDER ** prov,void * data)131 static void *get_loader_from_store(void *store, const OSSL_PROVIDER **prov,
132 void *data)
133 {
134 struct loader_data_st *methdata = data;
135 void *method = NULL;
136 int id;
137
138 if ((id = methdata->scheme_id) == 0) {
139 OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx);
140
141 id = ossl_namemap_name2num(namemap, methdata->scheme);
142 }
143
144 if (store == NULL
145 && (store = get_loader_store(methdata->libctx)) == NULL)
146 return NULL;
147
148 if (!ossl_method_store_fetch(store, id, methdata->propquery, prov, &method))
149 return NULL;
150 return method;
151 }
152
put_loader_in_store(void * store,void * method,const OSSL_PROVIDER * prov,const char * scheme,const char * propdef,void * data)153 static int put_loader_in_store(void *store, void *method,
154 const OSSL_PROVIDER *prov,
155 const char *scheme, const char *propdef,
156 void *data)
157 {
158 struct loader_data_st *methdata = data;
159 OSSL_NAMEMAP *namemap;
160 int id;
161
162 if ((namemap = ossl_namemap_stored(methdata->libctx)) == NULL
163 || (id = ossl_namemap_name2num(namemap, scheme)) == 0)
164 return 0;
165
166 if (store == NULL && (store = get_loader_store(methdata->libctx)) == NULL)
167 return 0;
168
169 return ossl_method_store_add(store, prov, id, propdef, method,
170 up_ref_loader, free_loader);
171 }
172
loader_from_algorithm(int scheme_id,const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov)173 static void *loader_from_algorithm(int scheme_id, const OSSL_ALGORITHM *algodef,
174 OSSL_PROVIDER *prov)
175 {
176 OSSL_STORE_LOADER *loader = NULL;
177 const OSSL_DISPATCH *fns = algodef->implementation;
178
179 if ((loader = new_loader(prov)) == NULL)
180 return NULL;
181 loader->scheme_id = scheme_id;
182 loader->propdef = algodef->property_definition;
183 loader->description = algodef->algorithm_description;
184
185 for (; fns->function_id != 0; fns++) {
186 switch (fns->function_id) {
187 case OSSL_FUNC_STORE_OPEN:
188 if (loader->p_open == NULL)
189 loader->p_open = OSSL_FUNC_store_open(fns);
190 break;
191 case OSSL_FUNC_STORE_ATTACH:
192 if (loader->p_attach == NULL)
193 loader->p_attach = OSSL_FUNC_store_attach(fns);
194 break;
195 case OSSL_FUNC_STORE_SETTABLE_CTX_PARAMS:
196 if (loader->p_settable_ctx_params == NULL)
197 loader->p_settable_ctx_params =
198 OSSL_FUNC_store_settable_ctx_params(fns);
199 break;
200 case OSSL_FUNC_STORE_SET_CTX_PARAMS:
201 if (loader->p_set_ctx_params == NULL)
202 loader->p_set_ctx_params = OSSL_FUNC_store_set_ctx_params(fns);
203 break;
204 case OSSL_FUNC_STORE_LOAD:
205 if (loader->p_load == NULL)
206 loader->p_load = OSSL_FUNC_store_load(fns);
207 break;
208 case OSSL_FUNC_STORE_EOF:
209 if (loader->p_eof == NULL)
210 loader->p_eof = OSSL_FUNC_store_eof(fns);
211 break;
212 case OSSL_FUNC_STORE_CLOSE:
213 if (loader->p_close == NULL)
214 loader->p_close = OSSL_FUNC_store_close(fns);
215 break;
216 case OSSL_FUNC_STORE_EXPORT_OBJECT:
217 if (loader->p_export_object == NULL)
218 loader->p_export_object = OSSL_FUNC_store_export_object(fns);
219 break;
220 }
221 }
222
223 if ((loader->p_open == NULL && loader->p_attach == NULL)
224 || loader->p_load == NULL
225 || loader->p_eof == NULL
226 || loader->p_close == NULL) {
227 /* Only set_ctx_params is optionaal */
228 OSSL_STORE_LOADER_free(loader);
229 ERR_raise(ERR_LIB_OSSL_STORE, OSSL_STORE_R_LOADER_INCOMPLETE);
230 return NULL;
231 }
232 return loader;
233 }
234
235 /*
236 * The core fetching functionality passes the scheme of the implementation.
237 * This function is responsible to getting an identity number for them,
238 * then call loader_from_algorithm() with that identity number.
239 */
construct_loader(const OSSL_ALGORITHM * algodef,OSSL_PROVIDER * prov,void * data)240 static void *construct_loader(const OSSL_ALGORITHM *algodef,
241 OSSL_PROVIDER *prov, void *data)
242 {
243 /*
244 * This function is only called if get_loader_from_store() returned
245 * NULL, so it's safe to say that of all the spots to create a new
246 * namemap entry, this is it. Should the scheme already exist there, we
247 * know that ossl_namemap_add() will return its corresponding number.
248 */
249 struct loader_data_st *methdata = data;
250 OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
251 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
252 const char *scheme = algodef->algorithm_names;
253 int id = ossl_namemap_add_name(namemap, 0, scheme);
254 void *method = NULL;
255
256 if (id != 0)
257 method = loader_from_algorithm(id, algodef, prov);
258
259 /*
260 * Flag to indicate that there was actual construction errors. This
261 * helps inner_loader_fetch() determine what error it should
262 * record on inaccessible algorithms.
263 */
264 if (method == NULL)
265 methdata->flag_construct_error_occurred = 1;
266
267 return method;
268 }
269
270 /* Intermediary function to avoid ugly casts, used below */
destruct_loader(void * method,void * data)271 static void destruct_loader(void *method, void *data)
272 {
273 OSSL_STORE_LOADER_free(method);
274 }
275
276 /* Fetching support. Can fetch by numeric identity or by scheme */
277 static OSSL_STORE_LOADER *
inner_loader_fetch(struct loader_data_st * methdata,int id,const char * scheme,const char * properties)278 inner_loader_fetch(struct loader_data_st *methdata, int id,
279 const char *scheme, const char *properties)
280 {
281 OSSL_METHOD_STORE *store = get_loader_store(methdata->libctx);
282 OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx);
283 void *method = NULL;
284 int unsupported = 0;
285
286 if (store == NULL || namemap == NULL) {
287 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_INVALID_ARGUMENT);
288 return NULL;
289 }
290
291 /*
292 * If we have been passed both an id and a scheme, we have an
293 * internal programming error.
294 */
295 if (!ossl_assert(id == 0 || scheme == NULL)) {
296 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_INTERNAL_ERROR);
297 return NULL;
298 }
299
300 /* If we haven't received a name id yet, try to get one for the name */
301 if (id == 0 && scheme != NULL)
302 id = ossl_namemap_name2num(namemap, scheme);
303
304 /*
305 * If we haven't found the name yet, chances are that the algorithm to
306 * be fetched is unsupported.
307 */
308 if (id == 0)
309 unsupported = 1;
310
311 if (id == 0
312 || !ossl_method_store_cache_get(store, NULL, id, properties, &method)) {
313 OSSL_METHOD_CONSTRUCT_METHOD mcm = {
314 get_tmp_loader_store,
315 get_loader_from_store,
316 put_loader_in_store,
317 construct_loader,
318 destruct_loader
319 };
320
321 methdata->scheme_id = id;
322 methdata->scheme = scheme;
323 methdata->propquery = properties;
324 methdata->flag_construct_error_occurred = 0;
325 if ((method = ossl_method_construct(methdata->libctx, OSSL_OP_STORE,
326 NULL, 0 /* !force_cache */,
327 &mcm, methdata)) != NULL) {
328 /*
329 * If construction did create a method for us, we know that there
330 * is a correct scheme_id, since those have already been calculated
331 * in get_loader_from_store() and put_loader_in_store() above.
332 */
333 if (id == 0)
334 id = ossl_namemap_name2num(namemap, scheme);
335 ossl_method_store_cache_set(store, NULL, id, properties, method,
336 up_ref_loader, free_loader);
337 }
338
339 /*
340 * If we never were in the constructor, the algorithm to be fetched
341 * is unsupported.
342 */
343 unsupported = !methdata->flag_construct_error_occurred;
344 }
345
346 if ((id != 0 || scheme != NULL) && method == NULL) {
347 int code = unsupported ? ERR_R_UNSUPPORTED : ERR_R_FETCH_FAILED;
348 const char *helpful_msg =
349 unsupported
350 ? ( "No store loader found. For standard store loaders you need "
351 "at least one of the default or base providers available. "
352 "Did you forget to load them? Info: " )
353 : "";
354
355 if (scheme == NULL)
356 scheme = ossl_namemap_num2name(namemap, id, 0);
357 ERR_raise_data(ERR_LIB_OSSL_STORE, code,
358 "%s%s, Scheme (%s : %d), Properties (%s)",
359 helpful_msg,
360 ossl_lib_ctx_get_descriptor(methdata->libctx),
361 scheme = NULL ? "<null>" : scheme, id,
362 properties == NULL ? "<null>" : properties);
363 }
364
365 return method;
366 }
367
OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX * libctx,const char * scheme,const char * properties)368 OSSL_STORE_LOADER *OSSL_STORE_LOADER_fetch(OSSL_LIB_CTX *libctx,
369 const char *scheme,
370 const char *properties)
371 {
372 struct loader_data_st methdata;
373 void *method;
374
375 methdata.libctx = libctx;
376 methdata.tmp_store = NULL;
377 method = inner_loader_fetch(&methdata, 0, scheme, properties);
378 dealloc_tmp_loader_store(methdata.tmp_store);
379 return method;
380 }
381
ossl_store_loader_fetch_by_number(OSSL_LIB_CTX * libctx,int scheme_id,const char * properties)382 OSSL_STORE_LOADER *ossl_store_loader_fetch_by_number(OSSL_LIB_CTX *libctx,
383 int scheme_id,
384 const char *properties)
385 {
386 struct loader_data_st methdata;
387 void *method;
388
389 methdata.libctx = libctx;
390 methdata.tmp_store = NULL;
391 method = inner_loader_fetch(&methdata, scheme_id, NULL, properties);
392 dealloc_tmp_loader_store(methdata.tmp_store);
393 return method;
394 }
395
396 /*
397 * Library of basic method functions
398 */
399
OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER * loader)400 const OSSL_PROVIDER *OSSL_STORE_LOADER_get0_provider(const OSSL_STORE_LOADER *loader)
401 {
402 if (!ossl_assert(loader != NULL)) {
403 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
404 return 0;
405 }
406
407 return loader->prov;
408 }
409
OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER * loader)410 const char *OSSL_STORE_LOADER_get0_properties(const OSSL_STORE_LOADER *loader)
411 {
412 if (!ossl_assert(loader != NULL)) {
413 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
414 return 0;
415 }
416
417 return loader->propdef;
418 }
419
ossl_store_loader_get_number(const OSSL_STORE_LOADER * loader)420 int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader)
421 {
422 if (!ossl_assert(loader != NULL)) {
423 ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
424 return 0;
425 }
426
427 return loader->scheme_id;
428 }
429
OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER * loader)430 const char *OSSL_STORE_LOADER_get0_description(const OSSL_STORE_LOADER *loader)
431 {
432 return loader->description;
433 }
434
OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER * loader,const char * name)435 int OSSL_STORE_LOADER_is_a(const OSSL_STORE_LOADER *loader, const char *name)
436 {
437 if (loader->prov != NULL) {
438 OSSL_LIB_CTX *libctx = ossl_provider_libctx(loader->prov);
439 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
440
441 return ossl_namemap_name2num(namemap, name) == loader->scheme_id;
442 }
443 return 0;
444 }
445
446 struct do_one_data_st {
447 void (*user_fn)(OSSL_STORE_LOADER *loader, void *arg);
448 void *user_arg;
449 };
450
do_one(ossl_unused int id,void * method,void * arg)451 static void do_one(ossl_unused int id, void *method, void *arg)
452 {
453 struct do_one_data_st *data = arg;
454
455 data->user_fn(method, data->user_arg);
456 }
457
OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX * libctx,void (* user_fn)(OSSL_STORE_LOADER * loader,void * arg),void * user_arg)458 void OSSL_STORE_LOADER_do_all_provided(OSSL_LIB_CTX *libctx,
459 void (*user_fn)(OSSL_STORE_LOADER *loader,
460 void *arg),
461 void *user_arg)
462 {
463 struct loader_data_st methdata;
464 struct do_one_data_st data;
465
466 methdata.libctx = libctx;
467 methdata.tmp_store = NULL;
468 (void)inner_loader_fetch(&methdata, 0, NULL, NULL /* properties */);
469
470 data.user_fn = user_fn;
471 data.user_arg = user_arg;
472 if (methdata.tmp_store != NULL)
473 ossl_method_store_do_all(methdata.tmp_store, &do_one, &data);
474 ossl_method_store_do_all(get_loader_store(libctx), &do_one, &data);
475 dealloc_tmp_loader_store(methdata.tmp_store);
476 }
477
OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER * loader,void (* fn)(const char * name,void * data),void * data)478 int OSSL_STORE_LOADER_names_do_all(const OSSL_STORE_LOADER *loader,
479 void (*fn)(const char *name, void *data),
480 void *data)
481 {
482 if (loader == NULL)
483 return 0;
484
485 if (loader->prov != NULL) {
486 OSSL_LIB_CTX *libctx = ossl_provider_libctx(loader->prov);
487 OSSL_NAMEMAP *namemap = ossl_namemap_stored(libctx);
488
489 return ossl_namemap_doall_names(namemap, loader->scheme_id, fn, data);
490 }
491
492 return 1;
493 }
494