From 05aa8790ac1ef2bb39c15ae241a591704664039c Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 12 May 2020 08:46:23 +0200 Subject: [PATCH] PROV: Add a proper provider context structure for OpenSSL providers The provider context structure is made to include the following information: - The core provider handle (first argument to the provider init function). This handle is meant to be used in all upcalls that need it. - A library context, used for any libcrypto calls that need it, done in the provider itself. Regarding the library context, that's generally only needed if the provider makes any libcrypto calls, i.e. is linked with libcrypto. That happens to be the case for all OpenSSL providers, but is applicable for other providers that use libcrypto internally as well. The normal thing to do for a provider init function is to create its own library context. For a provider that's meant to become a dynamically loadable module, this is what MUST be done. However, we do not do that in the default provider; it uses the library context associated with the core provider handle instead. This is permissible, although generally discouraged, as long as the provider in question is guaranteed to be built-in, into libcrypto or into the application that uses it. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/11803) --- providers/common/include/prov/provider_ctx.h | 18 +++++++- providers/common/provider_ctx.c | 48 ++++++++++++++++++++ 2 files changed, 65 insertions(+), 1 deletion(-) create mode 100644 providers/common/provider_ctx.c diff --git a/providers/common/include/prov/provider_ctx.h b/providers/common/include/prov/provider_ctx.h index 365667d19e..0984f13635 100644 --- a/providers/common/include/prov/provider_ctx.h +++ b/providers/common/include/prov/provider_ctx.h @@ -7,8 +7,24 @@ * https://www.openssl.org/source/license.html */ +#include +#include + +typedef struct prov_ctx_st { + const OSSL_PROVIDER *provider; + OPENSSL_CTX *libctx; /* For all provider modules */ +} PROV_CTX; + /* * To be used anywhere the library context needs to be passed, such as to * fetching functions. */ -#define PROV_LIBRARY_CONTEXT_OF(provctx) (provctx) +#define PROV_LIBRARY_CONTEXT_OF(provctx) \ + PROV_CTX_get0_library_context((provctx)) + +PROV_CTX *PROV_CTX_new(void); +void PROV_CTX_free(PROV_CTX *ctx); +void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx); +void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *libctx); +OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx); +const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx); diff --git a/providers/common/provider_ctx.c b/providers/common/provider_ctx.c new file mode 100644 index 0000000000..66c7c74890 --- /dev/null +++ b/providers/common/provider_ctx.c @@ -0,0 +1,48 @@ +/* + * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include "prov/provider_ctx.h" + +PROV_CTX *PROV_CTX_new(void) +{ + return OPENSSL_zalloc(sizeof(PROV_CTX)); +} + +void PROV_CTX_free(PROV_CTX *ctx) +{ + OPENSSL_free(ctx); +} + +void PROV_CTX_set0_library_context(PROV_CTX *ctx, OPENSSL_CTX *libctx) +{ + if (ctx != NULL) + ctx->libctx = libctx; +} + +void PROV_CTX_set0_provider(PROV_CTX *ctx, const OSSL_PROVIDER *provider) +{ + if (ctx != NULL) + ctx->provider = provider; +} + + +OPENSSL_CTX *PROV_CTX_get0_library_context(PROV_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->libctx; +} + +const OSSL_PROVIDER *PROV_CTX_get0_provider(PROV_CTX *ctx) +{ + if (ctx == NULL) + return NULL; + return ctx->provider; +} -- 2.25.1