Commit Graph

211 Commits

Author SHA1 Message Date
Pauli
16ff70a58c Remove the _fetch_by_number functions
These functions are unused and untested.  They are also implemented rather
inefficiently.  If we ever needed them in the future, they'd almost surely
need to be rewritten more efficiently.

Fixes #18227

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18237)
2022-05-06 10:38:55 +10:00
Richard Levitte
2e4d0677ea Make it possible to remove methods by the provider that provides them
This adds ossl_method_store_remove_all_provided(), which selectively
removes methods from the given store that are provided by the given
provider.

This also adds the EVP specific evp_method_store_remove_all_provided(),
which matches ossl_method_store_remove_all_provided() but can also
retrieve the correct store to manipulate for EVP functions.

This allows us to modify ossl_provider_self_test() to do the job it's
supposed to do, but through clearly defined functions instead of a
cache flushing call that previously did more than that.

ossl_provider_deactivate() is also modified to remove methods associated
with the deactivated provider, and not just clearing the cache.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
2022-05-05 15:05:55 +02:00
Richard Levitte
60640d79ca Don't empty the method store when flushing the query cache
When evp_method_store_flush() flushed the query cache, it also freed
all methods in the EVP method store, through an unfortunate call of
ossl_method_store_flush_cache() with an argument saying that all
methods should indeed be dropped.

To undo some of the confusion, ossl_method_store_flush_cache() is
renamed to ossl_method_store_cache_flush_all(), and limited to do
only that.  Some if the items in the internal ALGORITHM structure are
also renamed and commented to clarify what they are for.

Fixes #18150

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
2022-05-05 15:05:54 +02:00
Richard Levitte
20b6d85ab2 Drop ossl_provider_clear_all_operation_bits() and all uses of it
This is a misused function, as it was called during query cache flush,
when the provider operation bits were meant to record if methods for a
certain operation has already been added to the method store.

Fixes #18150

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
2022-05-05 15:05:54 +02:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Hugo Landau
927d0566de Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA
This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized
eagerly rather than lazily, which avoids the need for locking on access
in most cases.

Fixes #17116.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17881)
2022-04-01 10:49:19 +11:00
Pauli
87639c6bdf document the safe_div_round_up_TYPE functions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17884)
2022-03-30 10:10:25 +11:00
Pauli
af788ad6c3 fetch: convert a NULL property query to ""
Previously, a NULL property query was never cached and this lead to a
performance degregation.  Now, such a query is converted to an empty string
and cached.

Fixes #17752
Fixes https://github.openssl.org/openssl/openssl/issues/26

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17769)
2022-02-28 16:20:33 +11:00
Dimitris Apostolou
e304aa87b3 Fix typos
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17392)
2022-01-05 12:37:20 +01:00
Dr. David von Oheimb
b971d4198d CMP mock server: add -ref_cert option and corresponding ossl_cmp_mock_srv_set1_refCert()
Fixes #16041

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16050)
2022-01-04 17:04:56 +01:00
Dr. David von Oheimb
6be83cc655 OSSL_CMP_CTX: rename get/set function for trustedStore
This makes the naming more consistent, in a backward-compatible way

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17277)
2021-12-30 09:37:05 +01:00
Matt Caswell
cad22202a3 Stop receiving child callbacks in a child libctx when appropriate
We should stop receiving child callbacks if we're about to free up
the child libctx. Otherwise we can get callbacks when the libctx is half
freed up.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16980)
2021-11-12 17:16:14 +00:00
Matt Caswell
c59fc87b33 Don't attempt to deactive child providers if we don't need to
If a provider doesn't have any child providers then there is no need
to attempt to remove them - so we should not do so. This removes some
potentialy thread races.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16980)
2021-11-12 17:16:14 +00:00
Pauli
cccfc66828 doc: document the internal integer overflow helpers
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16930)
2021-11-12 19:49:46 +10:00
Pauli
90c311315c prov: remove unused field flag_fallback and function ossl_provider_set_fallback
These are legacy of older versions of the code and are currently not used
anywhere.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16985)
2021-11-10 09:26:11 +10:00
Richard Levitte
dc010ca6ec CORE: Encure that cached fetches can be done per provider
This mostly entails passing around a provider pointer, and handling
queries that includes a pointer to a provider, where NULL means "any".

This also means that there's a need to pass the provider pointer, not
just down to the cache functions, but also be able to get it from
ossl_method_store_fetch().  To this end, that function's OSSL_PROVIDER
pointer argument is modified to be a pointer reference, so the
function can answer back what provider the method comes from.

Test added.

Fixes #16614

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-27 12:41:15 +02:00
Richard Levitte
2fd3392c8f EVP: Add the internal function evp_generic_fetch_from_prov()
This function leverages the generic possibility to fetch EVP methods
from a specific provider.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-27 12:41:10 +02:00
Richard Levitte
cfce50f791 CORE: add a provider argument to ossl_method_construct()
This makes it possible to limit the search of methods to that
particular provider.  This uses already available possibilities in
ossl_algorithm_do_all().

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
2021-10-27 12:41:10 +02:00
Kinshuk Dua
089df6f135 Doc: replace NULL terminated with NUL
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16885)
2021-10-26 17:06:17 +02:00
Pauli
50aba7ffde doc: Fix include syntax
Internal headers should be included using "" instead of <>.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16647)
2021-09-22 18:55:34 +10:00
Pauli
57cd10dd1e doc: remove end of line whitespace
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16641)
2021-09-22 16:22:50 +10:00
Richard Levitte
a8d9bd8114 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16534)

(cherry picked from commit 54d987b92c)
2021-09-07 13:35:43 +02:00
PW Hu
6d55d27b2d fix documentation error caused by commit 6882652e65
CLA:trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16502)
2021-09-07 11:11:52 +02:00
PW Hu
48b3ad0568 fix documentation error caused by commit 9067cf6ccd
CLA:trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16502)
2021-09-07 11:11:52 +02:00
Matt Caswell
54b4053130 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16176)
2021-07-29 15:41:35 +01:00
Pauli
d19dacd55f doc: document the new opt_legacy_okay() function's behaviour
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
2021-07-12 09:13:41 +10:00
Dr. David von Oheimb
991519aeb9 CMP: Improve reporting of error codes and related strings via 'error' msg
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
2021-06-25 07:44:50 +02:00
Dr. David von Oheimb
7b3990e3f8 CMP: Clean up internal message creation API and its documentation
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15879)
2021-06-25 07:44:50 +02:00
Matt Caswell
59a783d05a Fix a race in ossl_provider_add_to_store()
If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it
doesn't then they will both then create new provider objects and call the
init function. However only one of the threads will be successful in adding
the provider to the store. For the "losing" thread we should still return
"success", but we should deinitialise and free the no longer required
provider object, and return the object that exists in the store.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
2021-06-24 14:48:15 +01:00
Matt Caswell
29d46e09ce Update documentation following updates to the provider code
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
2021-06-24 14:48:15 +01:00
Matt Caswell
eb2263da9a Set use_fallbacks to zero when we add a provider to the store
Update use_fallbacks to zero when we add a provider to the store rather
than when we activate it. Its only at the point that we add it to the store
that it is actually usable and visible to other threads.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
2021-06-24 14:48:14 +01:00
Matt Caswell
8d4dec0d4b Instantiate predefined providers just-in-time
Previously we instantiated all the predefined providers at the point that
we create the provider store. Instead we move them to be instantiated as we
need them.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)
2021-06-24 14:48:14 +01:00
Pauli
6920055ec3 doc: document the various get_cipher functions in the commands lib.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15747)
2021-06-16 18:32:30 +10:00
Pauli
7f0dc8da7d doc: remove empty section
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15637)
2021-06-08 18:55:32 +10:00
Pauli
c768893e7d doc: move XXX_get_number() documentation to internal
These functions are effectively useless for users outside of libcrypto.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
2021-06-02 20:45:39 +10:00
Matt Caswell
0789c7d834 Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15381)
2021-05-20 14:22:33 +01:00
Matt Caswell
b195677073 Update documentation for global properties mirroring
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)
2021-05-20 09:35:41 +01:00
Matt Caswell
366bf9aedb Documentation updates for mirroring of global properties
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15242)
2021-05-20 09:35:41 +01:00
Matt Caswell
36a89c0439 Init the child providers immediately on creation of the child libctx
We were deferring the initial creation of the child providers until the
first fetch. This is a carry over from an earlier iteration of the child
lib ctx development and is no longer necessary. In fact we need to init
the child providers immediately otherwise not all providers quite init
correctly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15270)
2021-05-15 10:33:42 +01:00
Rich Salz
36c5bb1aff Fix cut/paste (?) error.
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15232)
2021-05-13 11:18:27 +10:00
Matt Caswell
878be71c2d Update documentation following addition of OSSL_LIB_CTX_new_child()
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
2021-05-11 15:03:13 +01:00
Pauli
2876528de5 doc: document the new ossl_provider_clear_all_operation_bits() function
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15042)
2021-05-07 23:53:18 +10:00
Dr. David von Oheimb
b0f960189b APPS: Replace 'OPT_ERR = -1, OPT_EOF = 0, OPT_HELP' by OPT_COMMON macro
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
2021-05-05 20:48:20 +02:00
Dr. David von Oheimb
284076982d APPS: Slightly extend and improve documentation of the opt_ API
Also remove redundant opt_name() and make names of opt_{i,u}ntmax() consistent.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15111)
2021-05-05 20:48:20 +02:00
Rich Salz
f4407385f5 APPS: Document the core of the opt_ API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/14995)
2021-05-01 13:11:49 +02:00
Matt Caswell
f5afac4bda Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14986)
2021-04-22 14:38:44 +01:00
Dr. David von Oheimb
1c0eede982 Improve ossl_cmp_build_cert_chain(); publish it as X509_build_chain()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14128)
2021-04-20 10:47:24 +02:00
Shane Lontis
a732a4c329 Add EVP_PKEY_todata() and EVP_PKEY_export() functions.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14800)
2021-04-15 18:42:04 +02:00
Matt Caswell
3c2bdd7df9 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14801)
2021-04-08 13:04:41 +01:00
Pauli
860ecfd700 property: check return values from the property locking calls.
A failure to obtain a lock would have resulted in much badness, now it results
in a failure return.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14773)
2021-04-08 17:46:35 +10:00