Commit Graph

25 Commits

Author SHA1 Message Date
Richard Levitte
0cd1b144f9 util/mkerr.pl: make it not depend on the function code
The output C code was made to use ERR_func_error_string() to see if a
string table was already loaded or not.  Since this function returns
NULL always, this check became useless.

Change it to use ERR_reason_error_string() instead, as there's no
reason to believe we will get rid of reason strings, ever.

To top it off, we rebuild all affected C sources.

Fixes #9756

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9756)
2019-09-12 17:59:52 +02:00
Matt Caswell
505f466020 Make sure we pre-initialise properties
Simplify the initialisation of the core by pre-initialising properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9590)
2019-08-29 10:50:47 +01:00
Richard Levitte
c1d56231ef Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it
If ossl_method_store_add() gets called with a method that already exists
(i.e. the store has one with matching provider, nid and properties), that
method should not be stored.  We do this check inside ossl_method_store_add()
because it has all the locking required to do so safely.

Fixes #9561

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9650)
2019-08-22 01:50:30 +02:00
Richard Levitte
b1d40ddfe2 Modify ossl_method_store_add() to handle reference counting
Because this function affects the reference count on failure (the call
to impl_free() does this), it may as well handle incrementing it as
well to indicate the extra reference in the method store.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9650)
2019-08-22 01:50:30 +02:00
Matt Caswell
29dc6e00f2 Load the config file by default
Previously we only loaded the config file by default for libssl. Now we do
it for libcrypto too.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)
2019-08-01 09:59:20 +01:00
Pauli
e2e5abe47a Prevent an infinite recursion when the query cache is flushed.
The problem being that the "requires flush" flag was being cleared after the
the flush.  The fix is to clear it before.  This is a problem because the
cache flushing called RAND_bytes and if the DRBG hadn't been created yet, it
would be queried and added to the cache causing the flush code to repeat.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)
2019-08-01 15:41:30 +10:00
Pauli
f06cf3c414 The query cache has been updated to not depend on RAND_bytes being available.
The alternative is to use a fast and small xorshift
random number generator.  The stochastic flushing doesn't require good
random numbers, just enough variety to avoid causing problems.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9477)
2019-08-01 15:41:30 +10:00
Richard Levitte
49c6434673 Refactor provider support for reporting errors
The core now supplies its own versions of ERR_new(), ERR_set_debug()
and ERR_vset_error().  This should suffice for a provider to have any
OpenSSL compatible functionlity it desires.

The main difference between the ERR functions and the core
counterparts is that the core counterparts take an OSSL_PROVIDER
parameter instead of the library number.  That way, providers do not
need to know what number they have been assigned, that information
stays in the core.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9452)
2019-07-31 06:45:04 +02:00
Rich Salz
cbfa5b0398 Regenerate mkerr files
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)
2019-07-16 05:26:28 +02:00
Richard Levitte
4cdb302fef Add extra error text in the property parser
With properties being specified in all kinds of places, including hard
coded in providers, it's not always easy to figure out exactly what
string was incorrect when the parser would just say something like
'parse failed' with no more details.

Adding extra data to the error, showing exactly what string is
incorrect, helps a bit.  At the very least, this gives anyone
interested something to grep for.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9190)
2019-06-19 11:25:27 +02:00
Richard Levitte
07c244f0cd Use variables in build.info files where it's worth the while
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9144)
2019-06-15 00:34:02 +02:00
Pauli
b6db5b3d50 Remove file reference from property documentation.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9066)
2019-06-03 16:42:50 +10:00
Pauli
915bf45ee3 Fix a typo in the property grammar that creates an ambiguous parse.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9065)
2019-06-03 08:30:49 +10:00
Pauli
cec3901aa2 Add man 7 page about properties.
Add a page about properties in the man7 section of the public documentation.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/9011)
2019-05-30 10:57:53 +10:00
Matt Caswell
319e518a5a Make some EVP code available from within the FIPS module
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)
2019-05-23 11:02:04 +01:00
Pauli
da89ac0b25 Optional property query support.
Add the possibility of a property query clause to be optional by preceding
it with a question mark.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8943)
2019-05-22 10:45:39 +10:00
Matt Caswell
1aedc35fd6 Instead of global data store it in an OPENSSL_CTX
Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
2019-05-02 22:42:09 +01:00
Richard Levitte
1393722af3 ossl_method_store_cache_get(): ensure non-NULL property query
The comparator further down the call stack doesn't tolerate NULL, so
if we got that as input, use the empty string.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)
2019-04-19 10:24:16 +02:00
Matt Caswell
d030892312 Add a legacy provider and put MD2 in it
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)
2019-04-09 10:24:43 +01:00
Pauli
8ab53b193a Make the sparse array code use ossl_uintmax_t as its index rather than size_t.
This should never reduce the range covered and might increase it on some
platforms.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8415)
2019-03-06 13:50:54 +10:00
Pauli
71d1b229e9 CID 1442835: Integer Overflow
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8318)
2019-02-24 21:26:39 +10:00
Pauli
909f2e5983 CID 1442836: Resource leaks
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8318)
2019-02-24 21:26:20 +10:00
Richard Levitte
0a79572a29 Property: naming and manual clarifiations
- Add a bit more text about that is expected of the user or
  OSSL_METHOD_STOREs.
- Clarify what a method and what a numeric identity are.
- Change all mentions of 'implementation' and 'result' to 'method'.

To clarify further: OpenSSL has used the term 'method' for structures
that mainly contains function pointers.  Those are the methods that
are expected to be stored away in OSSL_METHOD_STOREs.  In the end,
however, it's the caller's responsibility to define exactly what they
want to store, as long as its 'methods' are associated with a numeric
identity and properties.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8265)
2019-02-18 10:58:57 +01:00
Pauli
3037d0aadf generated files
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8224)
2019-02-18 13:28:14 +10:00
Pauli
1bdbdaffdc Properties for implementation selection.
Properties are a sequence of comma separated name=value pairs.  A name
without a corresponding value is assumed to be a Boolean and have the
true value 'yes'.  Values are either strings or numbers.  Strings can be
quoted either _"_ or _'_ or unquoted (with restrictions).  There are no
escape characters inside strings.  Number are either decimal digits or
'0x' followed by hexidecimal digits.  Numbers are represented internally
as signed sixty four bit values.

Queries on properties are a sequence comma separated conditional tests.
These take the form of name=value (equality test), name!=value (inequality
test) or name (Boolean test for truth).  Queries can be parsed, compared
against a definition or merged pairwise.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8224)
2019-02-18 13:28:14 +10:00