Maintain strict type discipline between the core and providers

A provider could be linked against a different version of libcrypto than
the version of libcrypto that loaded the provider. Different versions of
libcrypto could define opaque types differently. It must never occur that
a type created in one libcrypto is used directly by the other libcrypto.
This will cause crashes.

We can "cheat" for "built-in" providers that are part of libcrypto itself,
because we know that the two libcrypto versions are the same - but not for
other providers.

To ensure this does not occur we use different types names for the handful
of opaque types that are passed between the core and providers.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11758)

4 files changed, 38 insertions, 28 deletions

diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
index 03f147888a..b479b58a84 100644
--- a/include/internal/cryptlib.h
+++ b/include/internal/cryptlib.h
@@ -157,7 +157,8 @@ typedef struct ossl_ex_data_global_st {
 # define OPENSSL_CTX_FIPS_PROV_INDEX                9
 # define OPENSSL_CTX_SERIALIZER_STORE_INDEX        10
 # define OPENSSL_CTX_SELF_TEST_CB_INDEX            11
-# define OPENSSL_CTX_MAX_INDEXES                   12
+# define OPENSSL_CTX_BIO_PROV_INDEX                12
+# define OPENSSL_CTX_MAX_INDEXES                   13
 
 typedef struct openssl_ctx_method {
     void *(*new_func)(OPENSSL_CTX *ctx);
diff --git a/include/openssl/bio.h b/include/openssl/bio.h
index b4047d55b9..19f9311c68 100644
--- a/include/openssl/bio.h
+++ b/include/openssl/bio.h
@@ -61,6 +61,7 @@ extern "C" {
 # ifndef OPENSSL_NO_SCTP
 #  define BIO_TYPE_DGRAM_SCTP    (24|BIO_TYPE_SOURCE_SINK|BIO_TYPE_DESCRIPTOR)
 # endif
+# define BIO_TYPE_CORE_TO_PROV   (25|BIO_TYPE_FILTER)
 
 #define BIO_TYPE_START           128
 
diff --git a/include/openssl/core.h b/include/openssl/core.h
index 2d653dd60f..5eb992a5c2 100644
--- a/include/openssl/core.h
+++ b/include/openssl/core.h
@@ -25,6 +25,11 @@ extern "C" {
  * to communicate data between them.
  */
 
+/* Opaque handles to be used with core upcall functions from providers */
+typedef struct ossl_core_handle_st OSSL_CORE_HANDLE;
+typedef struct openssl_core_ctx_st OPENSSL_CORE_CTX;
+typedef struct ossl_core_bio_st OSSL_CORE_BIO;
+
 /*
  * Dispatch table element.  function_id numbers are defined further down,
  * see macros with '_FUNC' in their names.
@@ -171,7 +176,7 @@ typedef void (*OSSL_thread_stop_handler_fn)(void *arg);
  * module, that module is not an OpenSSL provider module.
  */
 /*-
- * |provider|   pointer to opaque type OSSL_PROVIDER.  This can be used
+ * |handle|     pointer to opaque type OSSL_CORE_HANDLE.  This can be used
  *              together with some functions passed via |in| to query data.
  * |in|         is the array of functions that the Core passes to the provider.
  * |out|        will be the array of base functions that the provider passes
@@ -180,7 +185,7 @@ typedef void (*OSSL_thread_stop_handler_fn)(void *arg);
  *              provider needs it.  This value is passed to other provider
  *              functions, notably other context constructors.
  */
-typedef int (OSSL_provider_init_fn)(const OSSL_PROVIDER *provider,
+typedef int (OSSL_provider_init_fn)(const OSSL_CORE_HANDLE *handle,
                                     const OSSL_DISPATCH *in,
                                     const OSSL_DISPATCH **out,
                                     void **provctx);
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index 3d91741601..f7025d1c1d 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -12,7 +12,6 @@
 
 # include <stdarg.h>
 # include <openssl/core.h>
-# include <openssl/self_test.h>
 
 # ifdef __cplusplus
 extern "C" {
@@ -60,33 +59,33 @@ extern "C" {
 /* Functions provided by the Core to the provider, reserved numbers 1-1023 */
 # define OSSL_FUNC_CORE_GETTABLE_PARAMS        1
 OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *,
-                    core_gettable_params,(const OSSL_PROVIDER *prov))
+                    core_gettable_params,(const OSSL_CORE_HANDLE *prov))
 # define OSSL_FUNC_CORE_GET_PARAMS             2
-OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_PROVIDER *prov,
+OSSL_CORE_MAKE_FUNC(int,core_get_params,(const OSSL_CORE_HANDLE *prov,
                                          OSSL_PARAM params[]))
 # define OSSL_FUNC_CORE_THREAD_START           3
-OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_PROVIDER *prov,
+OSSL_CORE_MAKE_FUNC(int,core_thread_start,(const OSSL_CORE_HANDLE *prov,
                                            OSSL_thread_stop_handler_fn handfn))
 # define OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT    4
-OSSL_CORE_MAKE_FUNC(OPENSSL_CTX *,core_get_library_context,
-                    (const OSSL_PROVIDER *prov))
+OSSL_CORE_MAKE_FUNC(OPENSSL_CORE_CTX *,core_get_library_context,
+                    (const OSSL_CORE_HANDLE *prov))
 # define OSSL_FUNC_CORE_NEW_ERROR              5
-OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_PROVIDER *prov))
+OSSL_CORE_MAKE_FUNC(void,core_new_error,(const OSSL_CORE_HANDLE *prov))
 # define OSSL_FUNC_CORE_SET_ERROR_DEBUG        6
 OSSL_CORE_MAKE_FUNC(void,core_set_error_debug,
-                    (const OSSL_PROVIDER *prov,
+                    (const OSSL_CORE_HANDLE *prov,
                      const char *file, int line, const char *func))
 # define OSSL_FUNC_CORE_VSET_ERROR             7
 OSSL_CORE_MAKE_FUNC(void,core_vset_error,
-                    (const OSSL_PROVIDER *prov,
+                    (const OSSL_CORE_HANDLE *prov,
                      uint32_t reason, const char *fmt, va_list args))
 # define OSSL_FUNC_CORE_SET_ERROR_MARK         8
-OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_PROVIDER *prov))
+OSSL_CORE_MAKE_FUNC(int, core_set_error_mark, (const OSSL_CORE_HANDLE *prov))
 # define OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK  9
 OSSL_CORE_MAKE_FUNC(int, core_clear_last_error_mark,
-                    (const OSSL_PROVIDER *prov))
+                    (const OSSL_CORE_HANDLE *prov))
 # define OSSL_FUNC_CORE_POP_ERROR_TO_MARK     10
-OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_PROVIDER *prov))
+OSSL_CORE_MAKE_FUNC(int, core_pop_error_to_mark, (const OSSL_CORE_HANDLE *prov))
 
 /* Memory allocation, freeing, clearing. */
 #define OSSL_FUNC_CRYPTO_MALLOC               20
@@ -132,22 +131,26 @@ OSSL_CORE_MAKE_FUNC(void,
 #define OSSL_FUNC_BIO_NEW_FILE                40
 #define OSSL_FUNC_BIO_NEW_MEMBUF              41
 #define OSSL_FUNC_BIO_READ_EX                 42
-#define OSSL_FUNC_BIO_FREE                    43
-#define OSSL_FUNC_BIO_VPRINTF                 44
-#define OSSL_FUNC_BIO_VSNPRINTF               45
-
-OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_file, (const char *filename, const char *mode))
-OSSL_CORE_MAKE_FUNC(BIO *, BIO_new_membuf, (const void *buf, int len))
-OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (BIO *bio, void *data, size_t data_len,
-                                       size_t *bytes_read))
-OSSL_CORE_MAKE_FUNC(int, BIO_free, (BIO *bio))
-OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (BIO *bio, const char *format,
+#define OSSL_FUNC_BIO_WRITE_EX                43
+#define OSSL_FUNC_BIO_FREE                    44
+#define OSSL_FUNC_BIO_VPRINTF                 45
+#define OSSL_FUNC_BIO_VSNPRINTF               46
+
+OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename,
+                                                    const char *mode))
+OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len))
+OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data,
+                                       size_t data_len, size_t *bytes_read))
+OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data,
+                                        size_t data_len, size_t *written))
+OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format,
                                        va_list args))
 OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf,
                    (char *buf, size_t n, const char *fmt, va_list args))
 
 #define OSSL_FUNC_SELF_TEST_CB               100
-OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CTX *ctx, OSSL_CALLBACK **cb,
+OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb,
                                          void **cbarg))
 
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
@@ -637,10 +640,10 @@ OSSL_CORE_MAKE_FUNC(const OSSL_PARAM *, OP_serializer_settable_ctx_params,
                     (void))
 
 OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_data,
-                    (void *ctx, const OSSL_PARAM[], BIO *out,
+                    (void *ctx, const OSSL_PARAM[], OSSL_CORE_BIO *out,
                      OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg))
 OSSL_CORE_MAKE_FUNC(int, OP_serializer_serialize_object,
-                    (void *ctx, void *obj, BIO *out,
+                    (void *ctx, void *obj, OSSL_CORE_BIO *out,
                      OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg))
 
 # ifdef __cplusplus