[openssl] master update
Richard Levitte
levitte at openssl.org
Tue Mar 12 19:26:28 UTC 2019
The branch master has been updated
via 9e11fe0d85c7d8bd2b77076c8b2e93433091e765 (commit)
via 099bd33920e775eb75f4daee5f09b24f17bc136d (commit)
via 85e2417c0d81cfe97586b74c410ef37595aea72d (commit)
from e2146e120f5bab21dcedfb34741141897f80e1ee (commit)
- Log -----------------------------------------------------------------
commit 9e11fe0d85c7d8bd2b77076c8b2e93433091e765
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Feb 25 01:59:02 2019 +0100
Replumbing: Add constructor of libcrypto internal method structures
This queries the provider for its available functionality (unless a
matching method structured is already cached, in which case that's
used instead), and creates method structure with the help of a passed
constructor. The result is cached if the provider allows it (or if
caching is forced).
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8340)
commit 099bd33920e775eb75f4daee5f09b24f17bc136d
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Feb 25 01:57:28 2019 +0100
Replumbing: Add support for the provider query_operation function
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8340)
commit 85e2417c0d81cfe97586b74c410ef37595aea72d
Author: Richard Levitte <levitte at openssl.org>
Date: Mon Feb 25 01:53:34 2019 +0100
Replumbing: Add an OSSL_PROVIDER iterator with callback
Reviewed-by: Paul Dale <paul.dale at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8340)
-----------------------------------------------------------------------
Summary of changes:
crypto/build.info | 2 +-
crypto/core_fetch.c | 97 ++++++++++++++++++++
crypto/provider_core.c | 37 ++++++++
doc/internal/man3/ossl_method_construct.pod | 133 ++++++++++++++++++++++++++++
doc/internal/man3/ossl_provider_new.pod | 23 ++++-
include/internal/core.h | 52 +++++++++++
include/internal/provider.h | 9 ++
include/openssl/core_numbers.h | 4 +
8 files changed, 354 insertions(+), 3 deletions(-)
create mode 100644 crypto/core_fetch.c
create mode 100644 doc/internal/man3/ossl_method_construct.pod
create mode 100644 include/internal/core.h
diff --git a/crypto/build.info b/crypto/build.info
index 6497c2f..39cd91b 100644
--- a/crypto/build.info
+++ b/crypto/build.info
@@ -9,7 +9,7 @@ SUBDIRS=objects buffer bio stack lhash rand evp asn1 pem x509 x509v3 conf \
LIBS=../libcrypto
# The Core
-SOURCE[../libcrypto]=provider_core.c
+SOURCE[../libcrypto]=provider_core.c core_fetch.c
# Central utilities
SOURCE[../libcrypto]=\
diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c
new file mode 100644
index 0000000..d2d7766
--- /dev/null
+++ b/crypto/core_fetch.c
@@ -0,0 +1,97 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stddef.h>
+
+#include <openssl/core.h>
+#include "internal/cryptlib.h"
+#include "internal/core.h"
+#include "internal/property.h"
+#include "internal/provider.h"
+
+struct construct_data_st {
+ OPENSSL_CTX *libctx;
+ OSSL_METHOD_STORE *store;
+ int operation_id;
+ int force_store;
+ OSSL_METHOD_CONSTRUCT_METHOD *mcm;
+ void *mcm_data;
+};
+
+static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata)
+{
+ struct construct_data_st *data = cbdata;
+ int no_store = 0; /* Assume caching is ok */
+ const OSSL_ALGORITHM *map =
+ ossl_provider_query_operation(provider, data->operation_id, &no_store);
+
+ while (map->algorithm_name != NULL) {
+ const OSSL_ALGORITHM *thismap = map++;
+ void *method = NULL;
+
+ if ((method = data->mcm->construct(thismap->implementation, provider,
+ data->mcm_data)) == NULL)
+ continue;
+
+ if (data->force_store || !no_store) {
+ /*
+ * If we haven't been told not to store,
+ * add to the global store
+ */
+ if (!data->mcm->put(data->libctx, NULL,
+ thismap->property_definition,
+ method, data->mcm_data)) {
+ data->mcm->destruct(method);
+ continue;
+ }
+ }
+
+ if (!data->mcm->put(data->libctx, data->store,
+ thismap->property_definition,
+ method, data->mcm_data)) {
+ data->mcm->destruct(method);
+ continue;
+ }
+ }
+
+ return 1;
+}
+
+void *ossl_method_construct(OPENSSL_CTX *libctx, int operation_id,
+ const char *name, const char *propquery,
+ int force_store,
+ OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data)
+{
+ void *method = NULL;
+
+ if ((method = mcm->get(libctx, NULL, propquery, mcm_data)) == NULL) {
+ struct construct_data_st cbdata;
+
+ /*
+ * We have a temporary store to be able to easily search among new
+ * items, or items that should find themselves in the global store.
+ */
+ if ((cbdata.store = mcm->alloc_tmp_store()) == NULL)
+ goto fin;
+
+ cbdata.libctx = libctx;
+ cbdata.operation_id = operation_id;
+ cbdata.force_store = force_store;
+ cbdata.mcm = mcm;
+ cbdata.mcm_data = mcm_data;
+ ossl_provider_forall_loaded(libctx, ossl_method_construct_this,
+ &cbdata);
+
+ method = mcm->get(libctx, cbdata.store, propquery, mcm_data);
+ mcm->dealloc_tmp_store(cbdata.store);
+ }
+
+ fin:
+ return method;
+}
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 05a6bff..fb4be55 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -39,6 +39,7 @@ struct ossl_provider_st {
OSSL_provider_teardown_fn *teardown;
OSSL_provider_get_param_types_fn *get_param_types;
OSSL_provider_get_params_fn *get_params;
+ OSSL_provider_query_operation_fn *query_operation;
};
DEFINE_STACK_OF(OSSL_PROVIDER)
@@ -319,6 +320,10 @@ int ossl_provider_activate(OSSL_PROVIDER *prov)
prov->get_params =
OSSL_get_provider_get_params(provider_dispatch);
break;
+ case OSSL_FUNC_PROVIDER_QUERY_OPERATION:
+ prov->query_operation =
+ OSSL_get_provider_query_operation(provider_dispatch);
+ break;
}
}
@@ -328,6 +333,30 @@ int ossl_provider_activate(OSSL_PROVIDER *prov)
return 1;
}
+int ossl_provider_forall_loaded(OPENSSL_CTX *ctx,
+ int (*cb)(OSSL_PROVIDER *provider,
+ void *cbdata),
+ void *cbdata)
+{
+ int ret = 1;
+ int i;
+ struct provider_store_st *store = get_provider_store(ctx);
+
+ if (store != NULL) {
+ CRYPTO_THREAD_read_lock(store->lock);
+ for (i = 0; i < sk_OSSL_PROVIDER_num(store->providers); i++) {
+ OSSL_PROVIDER *prov = sk_OSSL_PROVIDER_value(store->providers, i);
+
+ if (prov->flag_initialized
+ && !(ret = cb(prov, cbdata)))
+ break;
+ }
+ CRYPTO_THREAD_unlock(store->lock);
+ }
+
+ return ret;
+}
+
/* Getters of Provider Object data */
const char *ossl_provider_name(OSSL_PROVIDER *prov)
{
@@ -368,6 +397,14 @@ int ossl_provider_get_params(const OSSL_PROVIDER *prov,
return prov->get_params == NULL ? 0 : prov->get_params(prov, params);
}
+
+const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ int *no_cache)
+{
+ return prov->query_operation(prov, operation_id, no_cache);
+}
+
/*-
* Core functions for the provider
* ===============================
diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod
new file mode 100644
index 0000000..e91cfcd
--- /dev/null
+++ b/doc/internal/man3/ossl_method_construct.pod
@@ -0,0 +1,133 @@
+=pod
+
+=head1 NAME
+
+OSSL_METHOD_CONSTRUCT_METHOD, ossl_method_construct
+- generic method constructor
+
+=head1 SYNOPSIS
+
+ #include "internal/core.h"
+
+ struct ossl_method_construct_method_st {
+ /* Create store */
+ void *(*alloc_tmp_store)(void);
+ /* Remove a store */
+ void (*dealloc_tmp_store)(void *store);
+ /* Get an already existing method from a store */
+ void *(*get)(OPENSSL_CTX *libctx, void *store, const char *propquery,
+ void *data);
+ /* Store a method in a store */
+ int (*put)(OPENSSL_CTX *libctx, void *store, const char *propdef,
+ void *method, void *data);
+ /* Construct a new method */
+ void *(*construct)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov,
+ void *data);
+ /* Destruct a method */
+ void (*destruct)(void *method);
+ };
+ typedef struct ossl_method_construct_method OSSL_METHOD_CONSTRUCT_METHOD;
+
+ void *ossl_method_construct(OPENSSL_CTX *ctx, int operation_id,
+ const char *name, const char *properties,
+ int force_cache,
+ OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data);
+
+=head1 DESCRIPTION
+
+All libcrypto sub-systems that want to create their own methods based
+on provider dispatch tables need to do so in exactly the same way.
+ossl_method_construct() does this while leaving it to the sub-systems
+to define more precisely how the methods are created, stored, etc.
+
+=head2 Functions
+
+ossl_method_construct() creates a method by asking all available
+providers for a dispatch table given an C<operation_id>, an algorithm
+C<name> and a set of C<properties>, and then calling appropriate
+functions given by the sub-system specific method creator through
+C<mcm> and the data in C<mcm_data> (which is passed by
+ossl_method_construct()).
+
+=head2 Structures
+
+A central part of constructing a sub-system specific method is to give
+ossl_method_construct a set of functions, all in the
+C<OSSL_METHOD_CONSTRUCT_METHOD> structure, which holds the following
+function pointers:
+
+=over 4
+
+=item alloc_tmp_store()
+
+Create a temporary method store.
+This store is used to temporarily store methods for easier lookup, for
+when the provider doesn't want its dispatch table stored in a longer
+term cache.
+
+=item dealloc_tmp_store()
+
+Remove a temporary store.
+
+=item get()
+
+Look up an already existing method from a store.
+
+The store may be given with C<store>.
+B<NULL> is a valid value and means that a sub-system default store
+must be used.
+This default store should be stored in the library context C<libctx>.
+
+The method to be looked up should be identified with data from C<data>
+(which is the C<mcm_data> that was passed to ossl_construct_method())
+and the provided property query C<propquery>.
+
+=item put()
+
+Places the C<method> created by the construct() function (see below)
+in a store.
+
+The store may be given with C<store>.
+B<NULL> is a valid value and means that a sub-system default store
+must be used.
+This default store should be stored in the library context C<libctx>.
+
+The method should be associated with the given property definition
+C<propdef> and any identification data given through C<data> (which is
+the C<mcm_data> that was passed to ossl_construct_method()).
+
+=item construct()
+
+Constructs a sub-system method given a dispatch table C<fns>.
+
+The associated I<provider object> C<prov> is passed as well, to make
+it possible for the sub-system constructor to keep a reference, which
+is recommended.
+If such a reference is kept, the I<provider object> reference counter
+must be incremented, using ossl_provider_upref().
+
+=item desctruct()
+
+Destruct the given C<method>.
+
+=back
+
+=head1 RETURN VALUES
+
+ossl_method_construct() returns a constructed method on success, or
+B<NULL> on error.
+
+=head1 HISTORY
+
+This functionality was added to OpenSSL 3.0.0.
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License"). You may not use this
+file except in compliance with the License. You can obtain a copy in the file
+LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod
index 79964d6..7633e0e 100644
--- a/doc/internal/man3/ossl_provider_new.pod
+++ b/doc/internal/man3/ossl_provider_new.pod
@@ -4,10 +4,12 @@
ossl_provider_find, ossl_provider_new, ossl_provider_upref,
ossl_provider_free, ossl_provider_add_module_location,
-ossl_provider_activate, ossl_provider_name, ossl_provider_dso,
+ossl_provider_activate, ossl_provider_forall_loaded,
+ossl_provider_name, ossl_provider_dso,
ossl_provider_module_name, ossl_provider_module_path,
ossl_provider_teardown, ossl_provider_get_param_types,
-ossl_provider_get_params - internal provider routines
+ossl_provider_get_params, ossl_provider_query_operation
+- internal provider routines
=head1 SYNOPSIS
@@ -25,6 +27,12 @@ ossl_provider_get_params - internal provider routines
/* Load and initialize the Provider */
int ossl_provider_activate(OSSL_PROVIDER *prov);
+ /* Iterate over all loaded providers */
+ int ossl_provider_forall_loaded(OPENSSL_CTX *,
+ int (*cb)(OSSL_PROVIDER *provider,
+ void *cbdata),
+ void *cbdata);
+
/* Getters for other library functions */
const char *ossl_provider_name(OSSL_PROVIDER *prov);
const DSO *ossl_provider_dso(OSSL_PROVIDER *prov);
@@ -36,6 +44,9 @@ ossl_provider_get_params - internal provider routines
const OSSL_ITEM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov);
int ossl_provider_get_params(const OSSL_PROVIDER *prov,
const OSSL_PARAM params[]);
+ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ int *no_cache);
=head1 DESCRIPTION
@@ -102,6 +113,9 @@ be located in that module, and called.
=back
+ossl_provider_forall_loaded() iterates over all the currently
+"activated" providers, and calls C<cb> for each of them.
+
ossl_provider_name() returns the name that was given with
ossl_provider_new().
@@ -127,6 +141,11 @@ responder.
It should treat the given C<OSSL_PARAM> array as described in
L<OSSL_PARAM(3)>.
+ossl_provider_query_operation() calls the provider's
+C<query_operation> function, if the provider has one.
+It should return an array of C<OSSL_ALGORITHM> for the given
+C<operation_id>.
+
=head1 NOTES
Locating a provider module happens as follows:
diff --git a/include/internal/core.h b/include/internal/core.h
new file mode 100644
index 0000000..2f0df37
--- /dev/null
+++ b/include/internal/core.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef OSSL_INTERNAL_CORE_H
+# define OSSL_INTERNAL_CORE_H
+
+/*
+ * namespaces:
+ *
+ * ossl_method_ Core Method API
+ */
+
+/*
+ * construct an arbitrary method from a dispatch table found by looking
+ * up a match for the < operation_id, name, property > combination.
+ * constructor and destructor are the constructor and destructor for that
+ * arbitrary object.
+ *
+ * These objects are normally cached, unless the provider says not to cache.
+ * However, force_cache can be used to force caching whatever the provider
+ * says (for example, because the application knows better).
+ */
+typedef struct ossl_method_construct_method_st {
+ /* Create store */
+ void *(*alloc_tmp_store)(void);
+ /* Remove a store */
+ void (*dealloc_tmp_store)(void *store);
+ /* Get an already existing method from a store */
+ void *(*get)(OPENSSL_CTX *libctx, void *store, const char *propquery,
+ void *data);
+ /* Store a method in a store */
+ int (*put)(OPENSSL_CTX *libctx, void *store, const char *propdef,
+ void *method, void *data);
+ /* Construct a new method */
+ void *(*construct)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov,
+ void *data);
+ /* Destruct a method */
+ void (*destruct)(void *method);
+} OSSL_METHOD_CONSTRUCT_METHOD;
+
+void *ossl_method_construct(OPENSSL_CTX *ctx, int operation_id,
+ const char *name, const char *properties,
+ int force_cache,
+ OSSL_METHOD_CONSTRUCT_METHOD *mcm, void *mcm_data);
+
+#endif
diff --git a/include/internal/provider.h b/include/internal/provider.h
index 44d1d70..ac70fcc 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -42,6 +42,12 @@ int ossl_provider_add_module_location(OSSL_PROVIDER *prov, const char *loc);
*/
int ossl_provider_activate(OSSL_PROVIDER *prov);
+/* Iterate over all loaded providers */
+int ossl_provider_forall_loaded(OPENSSL_CTX *,
+ int (*cb)(OSSL_PROVIDER *provider,
+ void *cbdata),
+ void *cbdata);
+
/* Getters for other library functions */
const char *ossl_provider_name(OSSL_PROVIDER *prov);
const DSO *ossl_provider_dso(OSSL_PROVIDER *prov);
@@ -53,6 +59,9 @@ void ossl_provider_teardown(const OSSL_PROVIDER *prov);
const OSSL_ITEM *ossl_provider_get_param_types(const OSSL_PROVIDER *prov);
int ossl_provider_get_params(const OSSL_PROVIDER *prov,
const OSSL_PARAM params[]);
+const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ int *no_cache);
# ifdef __cplusplus
}
diff --git a/include/openssl/core_numbers.h b/include/openssl/core_numbers.h
index cd10938..7be2a2b 100644
--- a/include/openssl/core_numbers.h
+++ b/include/openssl/core_numbers.h
@@ -67,6 +67,10 @@ OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,
# define OSSL_FUNC_PROVIDER_GET_PARAMS 1026
OSSL_CORE_MAKE_FUNC(int,provider_get_params,(const OSSL_PROVIDER *prov,
const OSSL_PARAM params[]))
+# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027
+OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
+ (const OSSL_PROVIDER *, int operation_id,
+ const int *no_store))
# ifdef __cplusplus
More information about the openssl-commits
mailing list