[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Wed Feb 24 11:25:04 UTC 2021
The branch master has been updated
via b0001d0cf2539b9309712e3e04f407dcbb04352c (commit)
from 8b3facd7324b6c2f36f6414c0552da26378aae4a (commit)
- Log -----------------------------------------------------------------
commit b0001d0cf2539b9309712e3e04f407dcbb04352c
Author: Pauli <paul.dale at oracle.com>
Date: Fri Sep 25 10:19:19 2020 +1000
provider: add an unquery function to allow providers to clean up.
Without this, a provider has no way to know that an application
has finished with the array it returned earlier. A non-caching provider
requires this information.
Fixes #12974
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12974)
-----------------------------------------------------------------------
Summary of changes:
crypto/core_algorithm.c | 1 +
crypto/provider.c | 7 +++++
crypto/provider_core.c | 13 +++++++++
doc/internal/man3/ossl_provider_new.pod | 10 ++++++-
doc/man3/OSSL_PROVIDER.pod | 11 ++++++--
doc/man7/provider-base.pod | 8 ++++++
include/internal/provider.h | 3 +++
include/openssl/core_dispatch.h | 9 ++++---
include/openssl/provider.h | 2 ++
test/filterprov.c | 42 ++++++++++++++++++++++++++----
test/{testutil/apps_mem.c => filterprov.h} | 15 ++++-------
test/sslapitest.c | 7 ++---
util/libcrypto.num | 1 +
13 files changed, 103 insertions(+), 26 deletions(-)
copy test/{testutil/apps_mem.c => filterprov.h} (51%)
diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c
index ddb9e5ae43..59f6dddb14 100644
--- a/crypto/core_algorithm.c
+++ b/crypto/core_algorithm.c
@@ -65,6 +65,7 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata)
data->fn(provider, thismap, no_store, data->data);
}
}
+ ossl_provider_unquery_operation(provider, cur_operation, map);
/* Do we fulfill post-conditions? */
if (data->post == NULL) {
diff --git a/crypto/provider.c b/crypto/provider.c
index 90c31f3ac5..8eca9d3581 100644
--- a/crypto/provider.c
+++ b/crypto/provider.c
@@ -76,6 +76,13 @@ const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
return ossl_provider_query_operation(prov, operation_id, no_cache);
}
+void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ const OSSL_ALGORITHM *algs)
+{
+ ossl_provider_unquery_operation(prov, operation_id, algs);
+}
+
void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov)
{
return ossl_provider_prov_ctx(prov);
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index da751e60ce..d210026e25 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -78,6 +78,7 @@ struct ossl_provider_st {
OSSL_FUNC_provider_get_capabilities_fn *get_capabilities;
OSSL_FUNC_provider_self_test_fn *self_test;
OSSL_FUNC_provider_query_operation_fn *query_operation;
+ OSSL_FUNC_provider_unquery_operation_fn *unquery_operation;
/*
* Cache of bit to indicate of query_operation() has been called on
@@ -571,6 +572,10 @@ static int provider_init(OSSL_PROVIDER *prov)
prov->query_operation =
OSSL_FUNC_provider_query_operation(provider_dispatch);
break;
+ case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION:
+ prov->unquery_operation =
+ OSSL_FUNC_provider_unquery_operation(provider_dispatch);
+ break;
#ifndef OPENSSL_NO_ERR
# ifndef FIPS_MODULE
case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS:
@@ -929,6 +934,14 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
return res;
}
+void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ const OSSL_ALGORITHM *algs)
+{
+ if (prov->unquery_operation != NULL)
+ prov->unquery_operation(prov->provctx, operation_id, algs);
+}
+
int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum)
{
size_t byte = bitnum / 8;
diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod
index d74ce57fef..40a2ebe7e3 100644
--- a/doc/internal/man3/ossl_provider_new.pod
+++ b/doc/internal/man3/ossl_provider_new.pod
@@ -13,7 +13,8 @@ ossl_provider_name, ossl_provider_dso,
ossl_provider_module_name, ossl_provider_module_path,
ossl_provider_libctx,
ossl_provider_teardown, ossl_provider_gettable_params,
-ossl_provider_get_params, ossl_provider_query_operation,
+ossl_provider_get_params,
+ossl_provider_query_operation, ossl_provider_unquery_operation,
ossl_provider_set_operation_bit, ossl_provider_test_operation_bit,
ossl_provider_get_capabilities
- internal provider routines
@@ -72,6 +73,9 @@ ossl_provider_get_capabilities
const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
int operation_id,
int *no_cache);
+ void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ const OSSL_ALGORITHM *algs);
int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum);
int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum,
@@ -234,6 +238,10 @@ I<query_operation> function, if the provider has one.
It should return an array of I<OSSL_ALGORITHM> for the given
I<operation_id>.
+ossl_provider_unquery_operation() informs the provider that the result of
+ossl_provider_query_operation() is no longer going to be directly accessed and
+that all relevant information has been copied.
+
ossl_provider_set_operation_bit() registers a 1 for operation I<bitnum>
in a bitstring that's internal to I<provider>.
diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod
index e5c451259a..d5317ee3f5 100644
--- a/doc/man3/OSSL_PROVIDER.pod
+++ b/doc/man3/OSSL_PROVIDER.pod
@@ -6,8 +6,8 @@ OSSL_PROVIDER_set_default_search_path,
OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload,
OSSL_PROVIDER_available, OSSL_PROVIDER_do_all,
OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params,
-OSSL_PROVIDER_query_operation, OSSL_PROVIDER_get0_provider_ctx,
-OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name,
+OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation,
+OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name,
OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test
- provider routines
@@ -35,6 +35,9 @@ OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test
const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
int operation_id,
int *no_cache);
+ void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ const OSSL_ALGORITHM *algs);
void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name,
@@ -119,6 +122,10 @@ array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all
NULL OSSL_ALGORITHM entry. This is considered a low-level function that most
applications should not need to call.
+OSSL_PROVIDER_unquery_operation() calls the provider's I<unquery_operation>
+function (see L<provider(7)>), if the provider has one. This is considered a
+low-level function that most applications should not need to call.
+
OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given
provider. The provider context is an opaque handle set by the provider itself
and is passed back to the provider by libcrypto in various function calls.
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 8659431437..3b4416dac0 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -86,6 +86,8 @@ provider-base
const OSSL_ALGORITHM *provider_query_operation(void *provctx,
int operation_id,
const int *no_store);
+ void provider_unquery_operation(void *provctx, int operation_id,
+ const OSSL_ALGORITHM *algs);
const OSSL_ITEM *provider_get_reason_strings(void *provctx);
int provider_get_capabilities(void *provctx, const char *capability,
OSSL_CALLBACK *cb, void *arg);
@@ -154,6 +156,7 @@ F<libcrypto>):
provider_gettable_params OSSL_FUNC_PROVIDER_GETTABLE_PARAMS
provider_get_params OSSL_FUNC_PROVIDER_GET_PARAMS
provider_query_operation OSSL_FUNC_PROVIDER_QUERY_OPERATION
+ provider_unquery_operation OSSL_FUNC_PROVIDER_UNQUERY_OPERATION
provider_get_reason_strings OSSL_FUNC_PROVIDER_GET_REASON_STRINGS
provider_get_capabilities OSSL_FUNC_PROVIDER_GET_CAPABILITIES
provider_self_test OSSL_FUNC_PROVIDER_SELF_TEST
@@ -274,6 +277,11 @@ It should indicate if the core may store a reference to this array by
setting I<*no_store> to 0 (core may store a reference) or 1 (core may
not store a reference).
+provider_unquery_operation() informs the provider that the result of a
+provider_query_operation() is no longer directly required and that the function
+pointers have been copied. The I<operation_id> should match that passed to
+provider_query_operation() and I<algs> should be its return value.
+
provider_get_reason_strings() should return a constant B<OSSL_ITEM>
array that provides reason strings for reason codes the provider may
use when reporting errors using core_put_error().
diff --git a/include/internal/provider.h b/include/internal/provider.h
index fbe3154b53..7441bf26f0 100644
--- a/include/internal/provider.h
+++ b/include/internal/provider.h
@@ -83,6 +83,9 @@ int ossl_provider_self_test(const OSSL_PROVIDER *prov);
const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov,
int operation_id,
int *no_cache);
+void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov,
+ int operation_id,
+ const OSSL_ALGORITHM *algs);
/* Cache of bits to see if we already queried an operation */
int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum);
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index 6f12d6fecf..4d1d89ca82 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -193,13 +193,16 @@ OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx,
# define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027
OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation,
(void *provctx, int operation_id, int *no_store))
-# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028
+# define OSSL_FUNC_PROVIDER_UNQUERY_OPERATION 1028
+OSSL_CORE_MAKE_FUNC(void, provider_unquery_operation,
+ (void *provctx, int operation_id, const OSSL_ALGORITHM *))
+# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1029
OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings,
(void *provctx))
-# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1029
+# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1030
OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx,
const char *capability, OSSL_CALLBACK *cb, void *arg))
-# define OSSL_FUNC_PROVIDER_SELF_TEST 1030
+# define OSSL_FUNC_PROVIDER_SELF_TEST 1031
OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx))
/* Operations */
diff --git a/include/openssl/provider.h b/include/openssl/provider.h
index a8720aaa7e..56b430710f 100644
--- a/include/openssl/provider.h
+++ b/include/openssl/provider.h
@@ -41,6 +41,8 @@ int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
int operation_id,
int *no_cache);
+void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov,
+ int operation_id, const OSSL_ALGORITHM *algs);
void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov);
/* Add a built in providers */
diff --git a/test/filterprov.c b/test/filterprov.c
index 71606ecc93..e14c802b1d 100644
--- a/test/filterprov.c
+++ b/test/filterprov.c
@@ -14,13 +14,10 @@
#include <string.h>
#include <openssl/core.h>
-#include <openssl/core_dispatch.h>
#include <openssl/provider.h>
#include <openssl/crypto.h>
-
-OSSL_provider_init_fn filter_provider_init;
-
-int filter_provider_set_filter(int operation, const char *name);
+#include "testutil.h"
+#include "filterprov.h"
#define MAX_FILTERS 10
#define MAX_ALG_FILTERS 5
@@ -34,6 +31,8 @@ struct filter_prov_globals_st {
} dispatch[MAX_FILTERS];
int num_dispatch;
int no_cache;
+ unsigned long int query_count;
+ int error;
};
static struct filter_prov_globals_st ourglobals;
@@ -51,6 +50,7 @@ static struct filter_prov_globals_st *get_globals(void)
static OSSL_FUNC_provider_gettable_params_fn filter_gettable_params;
static OSSL_FUNC_provider_get_params_fn filter_get_params;
static OSSL_FUNC_provider_query_operation_fn filter_query;
+static OSSL_FUNC_provider_unquery_operation_fn filter_unquery;
static OSSL_FUNC_provider_teardown_fn filter_teardown;
static const OSSL_PARAM *filter_gettable_params(void *provctx)
@@ -82,6 +82,7 @@ static const OSSL_ALGORITHM *filter_query(void *provctx,
struct filter_prov_globals_st *globs = get_globals();
int i;
+ globs->query_count++;
for (i = 0; i < globs->num_dispatch; i++) {
if (globs->dispatch[i].operation == operation_id) {
*no_cache = globs->no_cache;
@@ -93,12 +94,30 @@ static const OSSL_ALGORITHM *filter_query(void *provctx,
return OSSL_PROVIDER_query_operation(globs->deflt, operation_id, no_cache);
}
+static void filter_unquery(void *provctx, int operation_id,
+ const OSSL_ALGORITHM *algs)
+{
+ struct filter_prov_globals_st *globs = get_globals();
+ int i;
+
+ if (!TEST_ulong_gt(globs->query_count, 0))
+ globs->error = 1;
+ else
+ globs->query_count--;
+
+ for (i = 0; i < globs->num_dispatch; i++)
+ if (globs->dispatch[i].alg == algs)
+ return;
+ OSSL_PROVIDER_unquery_operation(globs->deflt, operation_id, algs);
+}
+
static void filter_teardown(void *provctx)
{
struct filter_prov_globals_st *globs = get_globals();
OSSL_PROVIDER_unload(globs->deflt);
OSSL_LIB_CTX_free(globs->libctx);
+ memset(globs, 0, sizeof(*globs));
}
/* Functions we provide to the core */
@@ -106,6 +125,7 @@ static const OSSL_DISPATCH filter_dispatch_table[] = {
{ OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))filter_gettable_params },
{ OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))filter_get_params },
{ OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))filter_query },
+ { OSSL_FUNC_PROVIDER_UNQUERY_OPERATION, (void (*)(void))filter_unquery },
{ OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))filter_get_capabilities },
{ OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))filter_teardown },
{ 0, NULL }
@@ -201,6 +221,18 @@ int filter_provider_set_filter(int operation, const char *filterstr)
ret = 1;
err:
+ OSSL_PROVIDER_unquery_operation(globs->deflt, operation, provalgs);
OPENSSL_free(filterstrtmp);
return ret;
}
+
+/*
+ * Test if a filter provider is in a clean finishing state.
+ * If it is return 1, otherwise return 0.
+ */
+int filter_provider_check_clean_finish(void)
+{
+ struct filter_prov_globals_st *globs = get_globals();
+
+ return TEST_ulong_eq(globs->query_count, 0) && !globs->error;
+}
diff --git a/test/testutil/apps_mem.c b/test/filterprov.h
similarity index 51%
copy from test/testutil/apps_mem.c
copy to test/filterprov.h
index fa60bc6848..3c63071556 100644
--- a/test/testutil/apps_mem.c
+++ b/test/filterprov.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -7,13 +7,8 @@
* https://www.openssl.org/source/license.html
*/
-#include "apps.h"
+#include <openssl/core_dispatch.h>
-/* shim that avoids sucking in too much from apps/apps.c */
-
-void* app_malloc(int sz, const char *what)
-{
- void *vp = OPENSSL_malloc(sz);
-
- return vp;
-}
+OSSL_provider_init_fn filter_provider_init;
+int filter_provider_set_filter(int operation, const char *name);
+int filter_provider_check_clean_finish(void);
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 6f30a7efd1..b6eb6c16db 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -38,6 +38,7 @@
#include "internal/nelem.h"
#include "internal/ktls.h"
#include "../ssl/ssl_local.h"
+#include "filterprov.h"
#undef OSSL_NO_USABLE_TLS1_3
#if defined(OPENSSL_NO_TLS1_3) \
@@ -49,10 +50,6 @@
# define OSSL_NO_USABLE_TLS1_3
#endif
-/* Defined in filterprov.c */
-OSSL_provider_init_fn filter_provider_init;
-int filter_provider_set_filter(int operation, const char *name);
-
/* Defined in tls-provider.c */
int tls_provider_init(const OSSL_CORE_HANDLE *handle,
const OSSL_DISPATCH *in,
@@ -8058,7 +8055,7 @@ static int test_sigalgs_available(int idx)
: NID_rsassaPss))
goto end;
- testresult = 1;
+ testresult = filter_provider_check_clean_finish();
end:
SSL_free(serverssl);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 0403a6944b..2f04e81152 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5078,6 +5078,7 @@ X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION:
EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION:
+OSSL_PROVIDER_unquery_operation ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION:
OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION:
EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC
More information about the openssl-commits
mailing list