Bug Summary

File:out/../deps/openssl/openssl/crypto/engine/eng_dyn.c
Warning:line 224, column 13
Value stored to 'new_idx' is never read

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name eng_dyn.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/engine/eng_dyn.c
1/*
2 * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some engine deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13#include "eng_local.h"
14#include "internal/dso.h"
15#include <openssl/crypto.h>
16
17/*
18 * Shared libraries implementing ENGINEs for use by the "dynamic" ENGINE
19 * loader should implement the hook-up functions with the following
20 * prototypes.
21 */
22
23/* Our ENGINE handlers */
24static int dynamic_init(ENGINE *e);
25static int dynamic_finish(ENGINE *e);
26static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p,
27 void (*f) (void));
28/* Predeclare our context type */
29typedef struct st_dynamic_data_ctx dynamic_data_ctx;
30/* The implementation for the important control command */
31static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx);
32
33#define DYNAMIC_CMD_SO_PATH200 ENGINE_CMD_BASE200
34#define DYNAMIC_CMD_NO_VCHECK(200 + 1) (ENGINE_CMD_BASE200 + 1)
35#define DYNAMIC_CMD_ID(200 + 2) (ENGINE_CMD_BASE200 + 2)
36#define DYNAMIC_CMD_LIST_ADD(200 + 3) (ENGINE_CMD_BASE200 + 3)
37#define DYNAMIC_CMD_DIR_LOAD(200 + 4) (ENGINE_CMD_BASE200 + 4)
38#define DYNAMIC_CMD_DIR_ADD(200 + 5) (ENGINE_CMD_BASE200 + 5)
39#define DYNAMIC_CMD_LOAD(200 + 6) (ENGINE_CMD_BASE200 + 6)
40
41/* The constants used when creating the ENGINE */
42static const char *engine_dynamic_id = "dynamic";
43static const char *engine_dynamic_name = "Dynamic engine loading support";
44static const ENGINE_CMD_DEFN dynamic_cmd_defns[] = {
45 {DYNAMIC_CMD_SO_PATH200,
46 "SO_PATH",
47 "Specifies the path to the new ENGINE shared library",
48 ENGINE_CMD_FLAG_STRING(unsigned int)0x0002},
49 {DYNAMIC_CMD_NO_VCHECK(200 + 1),
50 "NO_VCHECK",
51 "Specifies to continue even if version checking fails (boolean)",
52 ENGINE_CMD_FLAG_NUMERIC(unsigned int)0x0001},
53 {DYNAMIC_CMD_ID(200 + 2),
54 "ID",
55 "Specifies an ENGINE id name for loading",
56 ENGINE_CMD_FLAG_STRING(unsigned int)0x0002},
57 {DYNAMIC_CMD_LIST_ADD(200 + 3),
58 "LIST_ADD",
59 "Whether to add a loaded ENGINE to the internal list (0=no,1=yes,2=mandatory)",
60 ENGINE_CMD_FLAG_NUMERIC(unsigned int)0x0001},
61 {DYNAMIC_CMD_DIR_LOAD(200 + 4),
62 "DIR_LOAD",
63 "Specifies whether to load from 'DIR_ADD' directories (0=no,1=yes,2=mandatory)",
64 ENGINE_CMD_FLAG_NUMERIC(unsigned int)0x0001},
65 {DYNAMIC_CMD_DIR_ADD(200 + 5),
66 "DIR_ADD",
67 "Adds a directory from which ENGINEs can be loaded",
68 ENGINE_CMD_FLAG_STRING(unsigned int)0x0002},
69 {DYNAMIC_CMD_LOAD(200 + 6),
70 "LOAD",
71 "Load up the ENGINE specified by other settings",
72 ENGINE_CMD_FLAG_NO_INPUT(unsigned int)0x0004},
73 {0, NULL((void*)0), NULL((void*)0), 0}
74};
75
76/*
77 * Loading code stores state inside the ENGINE structure via the "ex_data"
78 * element. We load all our state into a single structure and use that as a
79 * single context in the "ex_data" stack.
80 */
81struct st_dynamic_data_ctx {
82 /* The DSO object we load that supplies the ENGINE code */
83 DSO *dynamic_dso;
84 /*
85 * The function pointer to the version checking shared library function
86 */
87 dynamic_v_check_fn v_check;
88 /*
89 * The function pointer to the engine-binding shared library function
90 */
91 dynamic_bind_engine bind_engine;
92 /* The default name/path for loading the shared library */
93 char *DYNAMIC_LIBNAME;
94 /* Whether to continue loading on a version check failure */
95 int no_vcheck;
96 /* If non-NULL, stipulates the 'id' of the ENGINE to be loaded */
97 char *engine_id;
98 /*
99 * If non-zero, a successfully loaded ENGINE should be added to the
100 * internal ENGINE list. If 2, the add must succeed or the entire load
101 * should fail.
102 */
103 int list_add_value;
104 /* The symbol name for the version checking function */
105 const char *DYNAMIC_F1;
106 /* The symbol name for the "initialise ENGINE structure" function */
107 const char *DYNAMIC_F2;
108 /*
109 * Whether to never use 'dirs', use 'dirs' as a fallback, or only use
110 * 'dirs' for loading. Default is to use 'dirs' as a fallback.
111 */
112 int dir_load;
113 /* A stack of directories from which ENGINEs could be loaded */
114 STACK_OF(OPENSSL_STRING)struct stack_st_OPENSSL_STRING *dirs;
115};
116
117/*
118 * This is the "ex_data" index we obtain and reserve for use with our context
119 * structure.
120 */
121static int dynamic_ex_data_idx = -1;
122
123static void int_free_str(char *s)
124{
125 OPENSSL_free(s)CRYPTO_free(s, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 125);
126}
127
128/*
129 * Because our ex_data element may or may not get allocated depending on
130 * whether a "first-use" occurs before the ENGINE is freed, we have a memory
131 * leak problem to solve. We can't declare a "new" handler for the ex_data as
132 * we don't want a dynamic_data_ctx in *all* ENGINE structures of all types
133 * (this is a bug in the design of CRYPTO_EX_DATA). As such, we just declare
134 * a "free" handler and that will get called if an ENGINE is being destroyed
135 * and there was an ex_data element corresponding to our context type.
136 */
137static void dynamic_data_ctx_free_func(void *parent, void *ptr,
138 CRYPTO_EX_DATA *ad, int idx, long argl,
139 void *argp)
140{
141 if (ptr) {
142 dynamic_data_ctx *ctx = (dynamic_data_ctx *)ptr;
143 DSO_free(ctx->dynamic_dso);
144 OPENSSL_free(ctx->DYNAMIC_LIBNAME)CRYPTO_free(ctx->DYNAMIC_LIBNAME, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 144);
145 OPENSSL_free(ctx->engine_id)CRYPTO_free(ctx->engine_id, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 145);
146 sk_OPENSSL_STRING_pop_free(ctx->dirs, int_free_str)OPENSSL_sk_pop_free(ossl_check_OPENSSL_STRING_sk_type(ctx->
dirs),ossl_check_OPENSSL_STRING_freefunc_type(int_free_str));
147 OPENSSL_free(ctx)CRYPTO_free(ctx, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 147);
148 }
149}
150
151/*
152 * Construct the per-ENGINE context. We create it blindly and then use a lock
153 * to check for a race - if so, all but one of the threads "racing" will have
154 * wasted their time. The alternative involves creating everything inside the
155 * lock which is far worse.
156 */
157static int dynamic_set_data_ctx(ENGINE *e, dynamic_data_ctx **ctx)
158{
159 dynamic_data_ctx *c = OPENSSL_zalloc(sizeof(*c))CRYPTO_zalloc(sizeof(*c), "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 159);
160 int ret = 0;
161
162 if (c == NULL((void*)0)) {
163 ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,163,__func__), ERR_set_error)((38),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
164 return 0;
165 }
166 c->dirs = sk_OPENSSL_STRING_new_null()((struct stack_st_OPENSSL_STRING *)OPENSSL_sk_new_null());
167 if (c->dirs == NULL((void*)0)) {
168 ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,168,__func__), ERR_set_error)((38),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
169 goto end;
170 }
171 c->DYNAMIC_F1 = "v_check";
172 c->DYNAMIC_F2 = "bind_engine";
173 c->dir_load = 1;
174 if (!CRYPTO_THREAD_write_lock(global_engine_lock))
175 goto end;
176 if ((*ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e,
177 dynamic_ex_data_idx))
178 == NULL((void*)0)) {
179 /* Good, we're the first */
180 ret = ENGINE_set_ex_data(e, dynamic_ex_data_idx, c);
181 if (ret) {
182 *ctx = c;
183 c = NULL((void*)0);
184 }
185 }
186 CRYPTO_THREAD_unlock(global_engine_lock);
187 ret = 1;
188 /*
189 * If we lost the race to set the context, c is non-NULL and *ctx is the
190 * context of the thread that won.
191 */
192end:
193 if (c != NULL((void*)0))
194 sk_OPENSSL_STRING_free(c->dirs)OPENSSL_sk_free(ossl_check_OPENSSL_STRING_sk_type(c->dirs)
);
195 OPENSSL_free(c)CRYPTO_free(c, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 195);
196 return ret;
197}
198
199/*
200 * This function retrieves the context structure from an ENGINE's "ex_data",
201 * or if it doesn't exist yet, sets it up.
202 */
203static dynamic_data_ctx *dynamic_get_data_ctx(ENGINE *e)
204{
205 dynamic_data_ctx *ctx;
206 if (dynamic_ex_data_idx < 0) {
207 /*
208 * Create and register the ENGINE ex_data, and associate our "free"
209 * function with it to ensure any allocated contexts get freed when
210 * an ENGINE goes underground.
211 */
212 int new_idx = ENGINE_get_ex_new_index(0, NULL, NULL, NULL,CRYPTO_get_ex_new_index(10, 0, ((void*)0), ((void*)0), ((void
*)0), dynamic_data_ctx_free_func)
213 dynamic_data_ctx_free_func)CRYPTO_get_ex_new_index(10, 0, ((void*)0), ((void*)0), ((void
*)0), dynamic_data_ctx_free_func);
214 if (new_idx == -1) {
215 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NO_INDEX)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,215,__func__), ERR_set_error)((38),(144),((void*)0));
216 return NULL((void*)0);
217 }
218 if (!CRYPTO_THREAD_write_lock(global_engine_lock))
219 return NULL((void*)0);
220 /* Avoid a race by checking again inside this lock */
221 if (dynamic_ex_data_idx < 0) {
222 /* Good, someone didn't beat us to it */
223 dynamic_ex_data_idx = new_idx;
224 new_idx = -1;
Value stored to 'new_idx' is never read
225 }
226 CRYPTO_THREAD_unlock(global_engine_lock);
227 /*
228 * In theory we could "give back" the index here if (new_idx>-1), but
229 * it's not possible and wouldn't gain us much if it were.
230 */
231 }
232 ctx = (dynamic_data_ctx *)ENGINE_get_ex_data(e, dynamic_ex_data_idx);
233 /* Check if the context needs to be created */
234 if ((ctx == NULL((void*)0)) && !dynamic_set_data_ctx(e, &ctx))
235 /* "set_data" will set errors if necessary */
236 return NULL((void*)0);
237 return ctx;
238}
239
240static ENGINE *engine_dynamic(void)
241{
242 ENGINE *ret = ENGINE_new();
243 if (ret == NULL((void*)0))
244 return NULL((void*)0);
245 if (!ENGINE_set_id(ret, engine_dynamic_id) ||
246 !ENGINE_set_name(ret, engine_dynamic_name) ||
247 !ENGINE_set_init_function(ret, dynamic_init) ||
248 !ENGINE_set_finish_function(ret, dynamic_finish) ||
249 !ENGINE_set_ctrl_function(ret, dynamic_ctrl) ||
250 !ENGINE_set_flags(ret, ENGINE_FLAGS_BY_ID_COPY(int)0x0004) ||
251 !ENGINE_set_cmd_defns(ret, dynamic_cmd_defns)) {
252 ENGINE_free(ret);
253 return NULL((void*)0);
254 }
255 return ret;
256}
257
258void engine_load_dynamic_int(void)
259{
260 ENGINE *toadd = engine_dynamic();
261 if (!toadd)
262 return;
263
264 ERR_set_mark();
265 ENGINE_add(toadd);
266 /*
267 * If the "add" worked, it gets a structural reference. So either way, we
268 * release our just-created reference.
269 */
270 ENGINE_free(toadd);
271 /*
272 * If the "add" didn't work, it was probably a conflict because it was
273 * already added (eg. someone calling ENGINE_load_blah then calling
274 * ENGINE_load_builtin_engines() perhaps).
275 */
276 ERR_pop_to_mark();
277}
278
279static int dynamic_init(ENGINE *e)
280{
281 /*
282 * We always return failure - the "dynamic" engine itself can't be used
283 * for anything.
284 */
285 return 0;
286}
287
288static int dynamic_finish(ENGINE *e)
289{
290 /*
291 * This should never be called on account of "dynamic_init" always
292 * failing.
293 */
294 return 0;
295}
296
297static int dynamic_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f) (void))
298{
299 dynamic_data_ctx *ctx = dynamic_get_data_ctx(e);
300 int initialised;
301
302 if (!ctx) {
303 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_NOT_LOADED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,303,__func__), ERR_set_error)((38),(112),((void*)0));
304 return 0;
305 }
306 initialised = ((ctx->dynamic_dso == NULL((void*)0)) ? 0 : 1);
307 /* All our control commands require the ENGINE to be uninitialised */
308 if (initialised) {
309 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_ALREADY_LOADED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,309,__func__), ERR_set_error)((38),(100),((void*)0));
310 return 0;
311 }
312 switch (cmd) {
313 case DYNAMIC_CMD_SO_PATH200:
314 /* a NULL 'p' or a string of zero-length is the same thing */
315 if (p && (strlen((const char *)p) < 1))
316 p = NULL((void*)0);
317 OPENSSL_free(ctx->DYNAMIC_LIBNAME)CRYPTO_free(ctx->DYNAMIC_LIBNAME, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 317);
318 if (p)
319 ctx->DYNAMIC_LIBNAME = OPENSSL_strdup(p)CRYPTO_strdup(p, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 319);
320 else
321 ctx->DYNAMIC_LIBNAME = NULL((void*)0);
322 return (ctx->DYNAMIC_LIBNAME ? 1 : 0);
323 case DYNAMIC_CMD_NO_VCHECK(200 + 1):
324 ctx->no_vcheck = ((i == 0) ? 0 : 1);
325 return 1;
326 case DYNAMIC_CMD_ID(200 + 2):
327 /* a NULL 'p' or a string of zero-length is the same thing */
328 if (p && (strlen((const char *)p) < 1))
329 p = NULL((void*)0);
330 OPENSSL_free(ctx->engine_id)CRYPTO_free(ctx->engine_id, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 330);
331 if (p)
332 ctx->engine_id = OPENSSL_strdup(p)CRYPTO_strdup(p, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 332);
333 else
334 ctx->engine_id = NULL((void*)0);
335 return (ctx->engine_id ? 1 : 0);
336 case DYNAMIC_CMD_LIST_ADD(200 + 3):
337 if ((i < 0) || (i > 2)) {
338 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,338,__func__), ERR_set_error)((38),(143),((void*)0));
339 return 0;
340 }
341 ctx->list_add_value = (int)i;
342 return 1;
343 case DYNAMIC_CMD_LOAD(200 + 6):
344 return dynamic_load(e, ctx);
345 case DYNAMIC_CMD_DIR_LOAD(200 + 4):
346 if ((i < 0) || (i > 2)) {
347 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,347,__func__), ERR_set_error)((38),(143),((void*)0));
348 return 0;
349 }
350 ctx->dir_load = (int)i;
351 return 1;
352 case DYNAMIC_CMD_DIR_ADD(200 + 5):
353 /* a NULL 'p' or a string of zero-length is the same thing */
354 if (p == NULL((void*)0) || (strlen((const char *)p) < 1)) {
355 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INVALID_ARGUMENT)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,355,__func__), ERR_set_error)((38),(143),((void*)0));
356 return 0;
357 }
358 {
359 char *tmp_str = OPENSSL_strdup(p)CRYPTO_strdup(p, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 359);
360 if (tmp_str == NULL((void*)0)) {
361 ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,361,__func__), ERR_set_error)((38),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
362 return 0;
363 }
364 if (!sk_OPENSSL_STRING_push(ctx->dirs, tmp_str)OPENSSL_sk_push(ossl_check_OPENSSL_STRING_sk_type(ctx->dirs
), ossl_check_OPENSSL_STRING_type(tmp_str))) {
365 OPENSSL_free(tmp_str)CRYPTO_free(tmp_str, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 365);
366 ERR_raise(ERR_LIB_ENGINE, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,366,__func__), ERR_set_error)((38),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
367 return 0;
368 }
369 }
370 return 1;
371 default:
372 break;
373 }
374 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,374,__func__), ERR_set_error)((38),(119),((void*)0));
375 return 0;
376}
377
378static int int_load(dynamic_data_ctx *ctx)
379{
380 int num, loop;
381 /* Unless told not to, try a direct load */
382 if ((ctx->dir_load != 2) && (DSO_load(ctx->dynamic_dso,
383 ctx->DYNAMIC_LIBNAME, NULL((void*)0),
384 0)) != NULL((void*)0))
385 return 1;
386 /* If we're not allowed to use 'dirs' or we have none, fail */
387 if (!ctx->dir_load || (num = sk_OPENSSL_STRING_num(ctx->dirs)OPENSSL_sk_num(ossl_check_const_OPENSSL_STRING_sk_type(ctx->
dirs))) < 1)
388 return 0;
389 for (loop = 0; loop < num; loop++) {
390 const char *s = sk_OPENSSL_STRING_value(ctx->dirs, loop)((char *)OPENSSL_sk_value(ossl_check_const_OPENSSL_STRING_sk_type
(ctx->dirs), (loop)));
391 char *merge = DSO_merge(ctx->dynamic_dso, ctx->DYNAMIC_LIBNAME, s);
392 if (!merge)
393 return 0;
394 if (DSO_load(ctx->dynamic_dso, merge, NULL((void*)0), 0)) {
395 /* Found what we're looking for */
396 OPENSSL_free(merge)CRYPTO_free(merge, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 396);
397 return 1;
398 }
399 OPENSSL_free(merge)CRYPTO_free(merge, "../deps/openssl/openssl/crypto/engine/eng_dyn.c"
, 399);
400 }
401 return 0;
402}
403
404/*
405 * Unfortunately the version checker does not distinguish between
406 * engines built for openssl 1.1.x and openssl 3.x, but loading
407 * an engine that is built for openssl 1.1.x will cause a fatal
408 * error. Detect such engines, since EVP_PKEY_base_id is exported
409 * as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id
410 * in openssl 3.x. Therefore we take the presence of that symbol
411 * as an indication that the engine will be incompatible.
412 */
413static int using_libcrypto_11(dynamic_data_ctx *ctx)
414{
415 int ret;
416
417 ERR_set_mark();
418 ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL((void*)0);
419 ERR_pop_to_mark();
420
421 return ret;
422}
423
424static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
425{
426 ENGINE cpy;
427 dynamic_fns fns;
428
429 if (ctx->dynamic_dso == NULL((void*)0))
430 ctx->dynamic_dso = DSO_new();
431 if (ctx->dynamic_dso == NULL((void*)0))
432 return 0;
433 if (!ctx->DYNAMIC_LIBNAME) {
434 if (!ctx->engine_id)
435 return 0;
436 DSO_ctrl(ctx->dynamic_dso, DSO_CTRL_SET_FLAGS2,
437 DSO_FLAG_NAME_TRANSLATION_EXT_ONLY0x02, NULL((void*)0));
438 ctx->DYNAMIC_LIBNAME =
439 DSO_convert_filename(ctx->dynamic_dso, ctx->engine_id);
440 }
441 if (!int_load(ctx)) {
442 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_NOT_FOUND)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,442,__func__), ERR_set_error)((38),(132),((void*)0));
443 DSO_free(ctx->dynamic_dso);
444 ctx->dynamic_dso = NULL((void*)0);
445 return 0;
446 }
447 /* We have to find a bind function otherwise it'll always end badly */
448 if (!
449 (ctx->bind_engine =
450 (dynamic_bind_engine) DSO_bind_func(ctx->dynamic_dso,
451 ctx->DYNAMIC_F2))) {
452 ctx->bind_engine = NULL((void*)0);
453 DSO_free(ctx->dynamic_dso);
454 ctx->dynamic_dso = NULL((void*)0);
455 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_DSO_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,455,__func__), ERR_set_error)((38),(104),((void*)0));
456 return 0;
457 }
458 /* Do we perform version checking? */
459 if (!ctx->no_vcheck) {
460 unsigned long vcheck_res = 0;
461 /*
462 * Now we try to find a version checking function and decide how to
463 * cope with failure if/when it fails.
464 */
465 ctx->v_check =
466 (dynamic_v_check_fn) DSO_bind_func(ctx->dynamic_dso,
467 ctx->DYNAMIC_F1);
468 if (ctx->v_check)
469 vcheck_res = ctx->v_check(OSSL_DYNAMIC_VERSION(unsigned long)0x00030000);
470 /*
471 * We fail if the version checker veto'd the load *or* if it is
472 * deferring to us (by returning its version) and we think it is too
473 * old. Also fail if this is engine for openssl 1.1.x.
474 */
475 if (vcheck_res < OSSL_DYNAMIC_OLDEST(unsigned long)0x00030000 || using_libcrypto_11(ctx)) {
476 /* Fail */
477 ctx->bind_engine = NULL((void*)0);
478 ctx->v_check = NULL((void*)0);
479 DSO_free(ctx->dynamic_dso);
480 ctx->dynamic_dso = NULL((void*)0);
481 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_VERSION_INCOMPATIBILITY)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,481,__func__), ERR_set_error)((38),(145),((void*)0));
482 return 0;
483 }
484 }
485 /*
486 * First binary copy the ENGINE structure so that we can roll back if the
487 * hand-over fails
488 */
489 memcpy(&cpy, e, sizeof(ENGINE));
490 /*
491 * Provide the ERR, "ex_data", memory, and locking callbacks so the
492 * loaded library uses our state rather than its own. FIXME: As noted in
493 * engine.h, much of this would be simplified if each area of code
494 * provided its own "summary" structure of all related callbacks. It
495 * would also increase opaqueness.
496 */
497 fns.static_state = ENGINE_get_static_state();
498 CRYPTO_get_mem_functions(&fns.mem_fns.malloc_fn, &fns.mem_fns.realloc_fn,
499 &fns.mem_fns.free_fn);
500 /*
501 * Now that we've loaded the dynamic engine, make sure no "dynamic"
502 * ENGINE elements will show through.
503 */
504 engine_set_all_null(e);
505
506 /* Try to bind the ENGINE onto our own ENGINE structure */
507 if (!engine_add_dynamic_id(e, (ENGINE_DYNAMIC_ID)ctx->bind_engine, 1)
508 || !ctx->bind_engine(e, ctx->engine_id, &fns)) {
509 engine_remove_dynamic_id(e, 1);
510 ctx->bind_engine = NULL((void*)0);
511 ctx->v_check = NULL((void*)0);
512 DSO_free(ctx->dynamic_dso);
513 ctx->dynamic_dso = NULL((void*)0);
514 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_INIT_FAILED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,514,__func__), ERR_set_error)((38),(109),((void*)0));
515 /* Copy the original ENGINE structure back */
516 memcpy(e, &cpy, sizeof(ENGINE));
517 return 0;
518 }
519 /* Do we try to add this ENGINE to the internal list too? */
520 if (ctx->list_add_value > 0) {
521 if (!ENGINE_add(e)) {
522 /* Do we tolerate this or fail? */
523 if (ctx->list_add_value > 1) {
524 /*
525 * Fail - NB: By this time, it's too late to rollback, and
526 * trying to do so allows the bind_engine() code to have
527 * created leaks. We just have to fail where we are, after
528 * the ENGINE has changed.
529 */
530 ERR_raise(ERR_LIB_ENGINE, ENGINE_R_CONFLICTING_ENGINE_ID)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/engine/eng_dyn.c"
,530,__func__), ERR_set_error)((38),(103),((void*)0));
531 return 0;
532 }
533 /* Tolerate */
534 ERR_clear_error();
535 }
536 }
537 return 1;
538}