Tell the FIPS provider about thread stop events

The RAND code needs to know about threads stopping in order to cleanup local thread data. Therefore we add a callback for libcrypto to tell providers about such events. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9040)
author: Matt Caswell <matt@openssl.org> 2019-05-27 16:31:27 +0100
committer: Matt Caswell <matt@openssl.org> 2019-06-17 16:19:44 +0100
commit: da747958c5db57dbe22c015d058be9db8a90f8f9 (patch)
tree: 94eb46b99a0b7b586f7ed7aa1c0fc867d248b337 /providers
parent: e41faf5784382a5d2bc23abebcf81b9f4708f6ec (diff)
download: openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.zip
openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.tar.gz
openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.tar.bz2
2 files changed, 72 insertions, 1 deletions
diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h
index e69de29..663d9c6 100644
--- a/providers/common/include/internal/providercommon.h
+++ b/providers/common/include/internal/providercommon.h
@@ -0,0 +1,10 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx);
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 51246d5..9f9b428 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -22,13 +22,44 @@
 #include "internal/evp_int.h"
 #include "internal/provider_algs.h"
 #include "internal/provider_ctx.h"
+#include "internal/providercommon.h"
 
+/*
+ * TODO(3.0): Should these be stored in the provider side provctx? Could they
+ * ever be different from one init to the next? Unfortunately we can't do this
+ * at the moment because c_put_error/c_add_error_vdata do not provide us with
+ * the OPENSSL_CTX as a parameter.
+ */
 /* Functions provided by the core */
 static OSSL_core_get_param_types_fn *c_get_param_types = NULL;
 static OSSL_core_get_params_fn *c_get_params = NULL;
+extern OSSL_core_thread_start_fn *c_thread_start;
+OSSL_core_thread_start_fn *c_thread_start = NULL;
 static OSSL_core_put_error_fn *c_put_error = NULL;
 static OSSL_core_add_error_vdata_fn *c_add_error_vdata = NULL;
 
+typedef struct fips_global_st {
+    const OSSL_PROVIDER *prov;
+} FIPS_GLOBAL;
+
+static void *fips_prov_ossl_ctx_new(OPENSSL_CTX *libctx)
+{
+    FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl));
+
+    return fgbl;
+}
+
+static void fips_prov_ossl_ctx_free(void *fgbl)
+{
+    OPENSSL_free(fgbl);
+}
+
+static const OPENSSL_CTX_METHOD fips_prov_ossl_ctx_method = {
+    fips_prov_ossl_ctx_new,
+    fips_prov_ossl_ctx_free,
+};
+
+
 /* Parameters we provide to the core */
 static const OSSL_ITEM fips_param_types[] = {
     { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME },
@@ -184,7 +215,19 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
                        const OSSL_DISPATCH **out,
                        void **provctx)
 {
-    OPENSSL_CTX *ctx;
+    FIPS_GLOBAL *fgbl;
+    OPENSSL_CTX *ctx = OPENSSL_CTX_new();
+
+    if (ctx == NULL)
+        return 0;
+
+    fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
+                                &fips_prov_ossl_ctx_method);
+
+    if (fgbl == NULL)
+        goto err;
+
+    fgbl->prov = provider;
 
     for (; in->function_id != 0; in++) {
         switch (in->function_id) {
@@ -194,6 +237,9 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
         case OSSL_FUNC_CORE_GET_PARAMS:
             c_get_params = OSSL_get_core_get_params(in);
             break;
+        case OSSL_FUNC_CORE_THREAD_START:
+            c_thread_start = OSSL_get_core_thread_start(in);
+            break;
         case OSSL_FUNC_CORE_PUT_ERROR:
             c_put_error = OSSL_get_core_put_error(in);
             break;
@@ -224,6 +270,10 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider,
     }
 
     return 1;
+
+ err:
+    OPENSSL_CTX_free(ctx);
+    return 0;
 }
 
 /*
@@ -290,3 +340,14 @@ void ERR_add_error_vdata(int num, va_list args)
 {
     c_add_error_vdata(num, args);
 }
+
+const OSSL_PROVIDER *FIPS_get_provider(OPENSSL_CTX *ctx)
+{
+    FIPS_GLOBAL *fgbl = openssl_ctx_get_data(ctx, OPENSSL_CTX_FIPS_PROV_INDEX,
+                                             &fips_prov_ossl_ctx_method);
+
+    if (fgbl == NULL)
+        return NULL;
+
+    return fgbl->prov;
+}
author	Matt Caswell <matt@openssl.org>	2019-05-27 16:31:27 +0100
committer	Matt Caswell <matt@openssl.org>	2019-06-17 16:19:44 +0100
commit	da747958c5db57dbe22c015d058be9db8a90f8f9 (patch)
tree	94eb46b99a0b7b586f7ed7aa1c0fc867d248b337 /providers
parent	e41faf5784382a5d2bc23abebcf81b9f4708f6ec (diff)
download	openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.zip openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.tar.gz openssl-da747958c5db57dbe22c015d058be9db8a90f8f9.tar.bz2