diff options
author | Matt Caswell <matt@openssl.org> | 2019-05-27 16:31:27 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-06-17 16:19:44 +0100 |
commit | da747958c5db57dbe22c015d058be9db8a90f8f9 (patch) | |
tree | 94eb46b99a0b7b586f7ed7aa1c0fc867d248b337 /providers | |
parent | e41faf5784382a5d2bc23abebcf81b9f4708f6ec (diff) | |
download | openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.zip openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.tar.gz openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.tar.bz2 |
Tell the FIPS provider about thread stop events
The RAND code needs to know about threads stopping in order to cleanup
local thread data. Therefore we add a callback for libcrypto to tell
providers about such events.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9040)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/common/include/internal/providercommon.h | 10 | ||||
-rw-r--r-- | providers/fips/fipsprov.c | 63 |
2 files changed, 72 insertions, 1 deletions
diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h index e69de29..663d9c6 100644 --- a/providers/common/include/internal/providercommon.h +++ b/providers/common/include/internal/providercommon.h @@ -0,0 +1,10 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx); diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 51246d5..9f9b428 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -22,13 +22,44 @@ #include "internal/evp_int.h" #include "internal/provider_algs.h" #include "internal/provider_ctx.h" +#include "internal/providercommon.h" +/* + * TODO(3.0): Should these be stored in the provider side provctx? Could they + * ever be different from one init to the next? Unfortunately we can't do this + * at the moment because c_put_error/c_add_error_vdata do not provide us with + * the OPENSSL_CTX as a parameter. + */ /* Functions provided by the core */ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; static OSSL_core_get_params_fn *c_get_params = NULL; +extern OSSL_core_thread_start_fn *c_thread_start; +OSSL_core_thread_start_fn *c_thread_start = NULL; static OSSL_core_put_error_fn *c_put_error = NULL; static OSSL_core_add_error_vdata_fn *c_add_error_vdata = NULL; +typedef struct fips_global_st { + const OSSL_PROVIDER *prov; +} FIPS_GLOBAL; + +static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx) +{ + FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); + + return fgbl; +} + +static void fips_prov_ossl_ctx_free(void *fgbl) +{ + OPENSSL_free(fgbl); +} + +static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = { + fips_prov_ossl_ctx_new, + fips_prov_ossl_ctx_free, +}; + + /* Parameters we provide to the core */ static const OSSL_ITEM fips_param_types[] = { { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, @@ -184,7 +215,19 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, const OSSL_DISPATCH **out, void **provctx) { - OPENSSL_CTX *ctx; + FIPS_GLOBAL *fgbl; + OPENSSL_CTX *ctx = OPENSSL_CTX_new(); + + if (ctx == NULL) + return 0; + + fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method); + + if (fgbl == NULL) + goto err; + + fgbl->prov = provider; for (; in->function_id != 0; in++) { switch (in->function_id) { @@ -194,6 +237,9 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, case OSSL_FUNC_CORE_GET_PARAMS: c_get_params = OSSL_get_core_get_params(in); break; + case OSSL_FUNC_CORE_THREAD_START: + c_thread_start = OSSL_get_core_thread_start(in); + break; case OSSL_FUNC_CORE_PUT_ERROR: c_put_error = OSSL_get_core_put_error(in); break; @@ -224,6 +270,10 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } return 1; + + err: + OPENSSL_CTX_free(ctx); + return 0; } /* @@ -290,3 +340,14 @@ void ERR_add_error_vdata(int num, va_list args) { c_add_error_vdata(num, args); } + +const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx) +{ + FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX, + &fips_prov_ossl_ctx_method); + + if (fgbl == NULL) + return NULL; + + return fgbl->prov; +} |