Add the function openssl_ctx_get_concrete()

This adds the ability to take an OPENSSL_CTX parameter and either return it
as is (unchanged), or if it is NULL return a pointer to the default ctx.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)

diff --git a/crypto/context.c b/crypto/context.c
index 7a976c027057c23060d6ee0d90f224030df95787..d441c8b4e5e50edb7fed17bdbf7a43f1c95b6fe7 100644 (file)
--- a/crypto/context.c
+++ b/crypto/context.c
@@ -129,6 +129,18 @@ void OPENSSL_CTX_free(OPENSSL_CTX *ctx)
     OPENSSL_free(ctx);
 }
 
+OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx)
+{
+#ifndef FIPS_MODE
+    if (ctx == NULL) {
+        if (!RUN_ONCE(&default_context_init, do_default_context_init))
+            return 0;
+        return default_context;
+    }
+#endif
+    return ctx;
+}
+
 static void openssl_ctx_generic_new(void *parent_ign, void *ptr_ign,
                                     CRYPTO_EX_DATA *ad, int index,
                                     long argl_ign, void *argp)
@@ -154,13 +166,7 @@ static int openssl_ctx_init_index(OPENSSL_CTX *ctx, int static_index,
 {
     int idx;
 
-#ifndef FIPS_MODE
-    if (ctx == NULL) {
-        if (!RUN_ONCE(&default_context_init, do_default_context_init))
-            return 0;
-        ctx = default_context;
-    }
-#endif
+    ctx = openssl_ctx_get_concrete(ctx);
     if (ctx == NULL)
         return 0;
 
@@ -180,13 +186,7 @@ void *openssl_ctx_get_data(OPENSSL_CTX *ctx, int index,
 {
     void *data = NULL;
 
-#ifndef FIPS_MODE
-    if (ctx == NULL) {
-        if (!RUN_ONCE(&default_context_init, do_default_context_init))
-            return NULL;
-        ctx = default_context;
-    }
-#endif
+    ctx = openssl_ctx_get_concrete(ctx);
     if (ctx == NULL)
         return NULL;
 
@@ -210,18 +210,7 @@ void *openssl_ctx_get_data(OPENSSL_CTX *ctx, int index,
 
 OSSL_EX_DATA_GLOBAL *openssl_ctx_get_ex_data_global(OPENSSL_CTX *ctx)
 {
-    /*
-     * The default context code is not needed in FIPS_MODE and ctx should never
-     * be NULL in the FIPS provider. However we compile this code out to ensure
-     * we fail immediately if ctx == NULL in FIPS_MODE
-     */
-#ifndef FIPS_MODE
-    if (ctx == NULL) {
-        if (!RUN_ONCE(&default_context_init, do_default_context_init))
-            return NULL;
-        ctx = default_context;
-    }
-#endif
+    ctx = openssl_ctx_get_concrete(ctx);
     if (ctx == NULL)
         return NULL;
     return &ctx->global;
@@ -232,13 +221,7 @@ int openssl_ctx_run_once(OPENSSL_CTX *ctx, unsigned int idx,
 {
     int done = 0, ret = 0;
 
-#ifndef FIPS_MODE
-    if (ctx == NULL) {
-        if (!RUN_ONCE(&default_context_init, do_default_context_init))
-            return 0;
-        ctx = default_context;
-    }
-#endif
+    ctx = openssl_ctx_get_concrete(ctx);
     if (ctx == NULL)
         return 0;
 

diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index d76f9e1704cec7c1a78085a1961addcc5ee75288..025e1acdfe9f4de19f13ea1917488f06c4dde2af 100644 (file)
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -156,6 +156,8 @@ typedef struct openssl_ctx_method {
     void (*free_func)(void *);
 } OPENSSL_CTX_METHOD;
 
+OPENSSL_CTX *openssl_ctx_get_concrete(OPENSSL_CTX *ctx);
+
 /* Functions to retrieve pointers to data by index */
 void *openssl_ctx_get_data(OPENSSL_CTX *, int /* index */,
                            const OPENSSL_CTX_METHOD * ctx);