Commit Graph

27 Commits

Author SHA1 Message Date
Richard Levitte
e1eafe8c87 "Reserve" the method store when constructing methods
Introducing the concept of reserving the store where a number of
provided operation methods are to be stored.

This avoids racing when constructing provided methods, which is
especially pertinent when multiple threads are trying to fetch the
same method, or even any implementation for the same given operation
type.

This introduces a |biglock| in OSSL_METHOD_STORE, which is separate
from the |lock| which is used for more internal and finer grained
locking.

Fixes #18152

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18153)
2022-07-20 07:28:17 +01:00
Tomas Mraz
26ccb0e4e0 Avoid code duplication for locale initialization
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18282)
2022-05-13 08:30:48 +02:00
Richard Levitte
10937d5867 Refactor method construction pre- and post-condition
The existing pre- and post-condition functions are supposed to check if
methods have already been created and stored, using provider operation
bits.  This is supposed to only be done for "permanent" method stores.

However, the way the pre-condition was called, it could not know if the
set of implementations to be stored is likely to end up in a "permanent"
or a temporary store.  It needs access to the |no_store| flag returned
by the provider's operation query function, because that call was done
after the pre-condition was called.

This requires a bit of refactoring, primarly of |algorithm_do_this()|,
but also of |ossl_method_construct_precondition()|.

Fixes #18150

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
2022-05-05 15:05:54 +02:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Dmitry Belyavskiy
4b2bd2722b Public API functions OPENSSL_str[n]casecmp
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
2022-04-22 11:34:41 +02:00
Richard Levitte
dc010ca6ec CORE: Encure that cached fetches can be done per provider
This mostly entails passing around a provider pointer, and handling
queries that includes a pointer to a provider, where NULL means "any".

This also means that there's a need to pass the provider pointer, not
just down to the cache functions, but also be able to get it from
ossl_method_store_fetch().  To this end, that function's OSSL_PROVIDER
pointer argument is modified to be a pointer reference, so the
function can answer back what provider the method comes from.

Test added.

Fixes #16614

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-27 12:41:15 +02:00
Richard Levitte
cfce50f791 CORE: add a provider argument to ossl_method_construct()
This makes it possible to limit the search of methods to that
particular provider.  This uses already available possibilities in
ossl_algorithm_do_all().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-27 12:41:10 +02:00
Richard Levitte
6882652e65 CORE: Do a bit of cleanup of core fetching
Some data, like the library context, were passed both through higher
level callback structures and through arguments to those same higher
level callbacks.  This is a bit unnecessary, so we rearrange the
callback arguments to simply pass that callback structure and rely on
the higher level fetching functionality to pick out what data they
need from that structure.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15750)
2021-06-16 12:32:53 +01:00
Richard Levitte
9067cf6ccd CORE: Move away the allocation of the temporary no_cache method store
The responsibility for managing the temporary store for methods from
algorithm implementations flaged "no_store" is moved up to the diverse
method fetching functions.  This allows them to allocate it "just in
time", or in other words not at all if there is not such algorithm
implementation.

This makes this temporary store more flexible if it's needed outside
of the core fetching functionality, and slightly faster when this
temporary store isn't necessary at all.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15737)
2021-06-15 15:06:04 +02:00
Matt Caswell
f12a5690de Add the concept of a child OSSL_LIB_CTX
Add a child OSSL_LIB_CTX that will mirror the providers loaded into the
parent libctx. This is useful for providers that want to use algorithms
from other providers and just need to inherit the providers used by the
application.

Fixes #14925

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
2021-05-11 14:56:55 +01:00
Tomas Mraz
6c9bc258d2 Add type_name member to provided methods and use it
Fixes #14701

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14898)
2021-04-26 12:05:05 +02:00
Pauli
4b1f34f11f property: lock the lib ctx when updating the property definition cache
Although the store being used is adequately and properly locked, the library
context is not.  Due to the mechanisms used for fetching, it is possible for
multiple stores to live within the same library context for short periods.
This fix prevents threading issues resulting from such coincidences.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)
2021-04-08 17:46:35 +10:00
Matt Caswell
a28d06f3e9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14235)
2021-02-18 15:05:17 +00:00
FdaSilvaYY
3a111aadc3 include/internal: add a few missing #pragma once directives
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/14096)
2021-02-10 23:20:58 +01:00
Dr. Matthias St. Pierre
b425001010 Rename OPENSSL_CTX prefix to OSSL_LIB_CTX
Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix,
e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.

The OPENSSL_CTX type stands out a little by using a different prefix.
For consistency reasons, this type is renamed to OSSL_LIB_CTX.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12621)
2020-10-15 11:59:53 +01:00
Matt Caswell
00c405b365 Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12043)
2020-06-04 14:33:57 +01:00
Richard Levitte
5a29b6286f CORE: query for operations only once per provider (unless no_store is true)
When a desired algorithm wasn't available, we didn't register anywhere
that an attempt had been made, with the result that next time the same
attempt was made, the whole process would be done again.

To avoid this churn, we register a bit for each operation that has
been queried in the libcrypto provider object, and test it before
trying the same query and method construction loop again.

If course, if the provider has told us not to cache, we don't register
this bit.

Fixes #11814

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11842)
2020-05-19 11:02:41 +02:00
Richard Levitte
36fa4d8a0d CORE: pass the full algorithm definition to the method constructor
So far, the API level method constructors that are called by
ossl_method_construct_this() were passed the algorithm name string and
the dispatch table and had no access to anything else.

This change gives them access to the full OSSL_ALGORITHM item, thereby
giving them access to the property definition.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10394)
2019-11-29 20:42:12 +01:00
Richard Levitte
f7c16d48a9 In provider implemented methods, save the name number, not the name string
Multiple names per implementation is already supported in the namemap,
but hasn't been used yet.  However, as soon as we have multiple names,
we will get an issue with what name should be saved in the method.

The solution is to not save the name itself, but rather the number
it's associated with.  This number is supposed to be unique for each
set of names, and we assume that algorithm names are globally unique,
i.e. there can be no name overlap between different algorithm types.

Incidently, it was also found that the 'get' function used by
ossl_construct_method() doesn't need all the parameters it was given;
most of what it needs, it can now get through the data structure given
by the caller of ossl_construct_method().  As a consequence,
ossl_construct_method() itself doesn't need all the parameters it was
given either.

There are some added internal functions that are expected to disappear
as soon as legacy code is removed, such as evp_first_name() and
ossl_namemap_num2name().

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9897)
2019-09-19 14:58:17 +02:00
Richard Levitte
c1d56231ef Modify ossl_method_store_add() to accept an OSSL_PROVIDER and check for it
If ossl_method_store_add() gets called with a method that already exists
(i.e. the store has one with matching provider, nid and properties), that
method should not be stored.  We do this check inside ossl_method_store_add()
because it has all the locking required to do so safely.

Fixes #9561

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9650)
2019-08-22 01:50:30 +02:00
Richard Levitte
a883c02faa Add internal function ossl_algorithm_do_all()
This function is used to traverse all the implementations provided by
one provider, or all implementation for a specific operation across
all loaded providers, or both, and execute a given function for each
occurence.

This will be used by ossl_method_construct(), but also by information
processing functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)
2019-07-23 06:34:09 +02:00
Richard Levitte
2ccb1b4eca EVP fetching: make operation_id part of the method identity
Because the operation identity wasn't integrated with the created
methods, the following code would give unexpected results:

    EVP_MD *md = EVP_MD_fetch(NULL, "MD5", NULL);
    EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "MD5", NULL);

    if (md != NULL)
        printf("MD5 is a digest\n");
    if (cipher != NULL)
        printf("MD5 is a cipher\n");

The message is that MD5 is both a digest and a cipher.

Partially fixes #9106

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9109)
2019-06-10 08:01:19 +02:00
Richard Levitte
2e49c05472 EVP_FETCH: deal with names without pre-defined NIDs
We didn't deal very well with names that didn't have pre-defined NIDs,
as the NID zero travelled through the full process and resulted in an
inaccessible method.  By consequence, we need to refactor the method
construction callbacks to rely more on algorithm names.

We must, however, still store the legacy NID with the method, for the
sake of other code that depend on it (for example, CMS).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)
2019-05-12 13:43:38 -07:00
Matt Caswell
1aedc35fd6 Instead of global data store it in an OPENSSL_CTX
Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
2019-05-02 22:42:09 +01:00
Matt Caswell
dc46e3dde5 Use the right NID when putting a method in the store
When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that process
we may be told about other methods with a different NID. We need to
make sure we don't confuse the two.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)
2019-04-09 10:24:43 +01:00
Richard Levitte
7bb19a0f95 Replumbing: pass callback data to the algo destructor too
All relevant OSSL_METHOD_CONSTRUCT_METHOD callbacks got the callback
data passed to them, except 'destruct'.  There's no reason why it
shouldn't get that pointer passed, so we make a small adjustment.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8341)
2019-03-18 14:27:02 +01:00
Richard Levitte
9e11fe0d85 Replumbing: Add constructor of libcrypto internal method structures
This queries the provider for its available functionality (unless a
matching method structured is already cached, in which case that's
used instead), and creates method structure with the help of a passed
constructor.  The result is cached if the provider allows it (or if
caching is forced).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8340)
2019-03-12 20:25:46 +01:00