[openssl/openssl] 749691: Drop ossl_provider_clear_all_operation_bits() and ...

Richard Levitte noreply at reply.github.openssl.org
Thu May 5 13:14:54 UTC 2022 

  Branch: refs/heads/openssl-3.0
  Home:   https://github.openssl.org/openssl/openssl
  Commit: 749691374ccf87418ca0e6664a9b9c831dcfe108
      https://github.openssl.org/openssl/openssl/commit/749691374ccf87418ca0e6664a9b9c831dcfe108
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-05-05 (Thu, 05 May 2022)

  Changed paths:
    M crypto/property/property.c
    M crypto/provider_core.c
    M doc/internal/man3/ossl_provider_new.pod
    M include/internal/provider.h

  Log Message:
  -----------
  Drop ossl_provider_clear_all_operation_bits() and all uses of it

This is a misused function, as it was called during query cache flush,
when the provider operation bits were meant to record if methods for a
certain operation has already been added to the method store.

Fixes #18150

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

(cherry picked from commit 20b6d85ab2b9cfa4cd29d2422d69c3e3f4db0a41)


  Commit: 27c4ac706a059aab81f3d1d8cc0ba0b3693bf155
      https://github.openssl.org/openssl/openssl/commit/27c4ac706a059aab81f3d1d8cc0ba0b3693bf155
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-05-05 (Thu, 05 May 2022)

  Changed paths:
    M crypto/core_algorithm.c
    M crypto/core_fetch.c
    M include/internal/core.h

  Log Message:
  -----------
  Refactor method construction pre- and post-condition

The existing pre- and post-condition functions are supposed to check if
methods have already been created and stored, using provider operation
bits.  This is supposed to only be done for "permanent" method stores.

However, the way the pre-condition was called, it could not know if the
set of implementations to be stored is likely to end up in a "permanent"
or a temporary store.  It needs access to the |no_store| flag returned
by the provider's operation query function, because that call was done
after the pre-condition was called.

This requires a bit of refactoring, primarly of |algorithm_do_this()|,
but also of |ossl_method_construct_precondition()|.

Fixes #18150

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

(cherry picked from commit 10937d5867039afbf869c8514245ed7599b61307)


  Commit: 8b76db9e2618225f78c84ed2b338cd005f6ef310
      https://github.openssl.org/openssl/openssl/commit/8b76db9e2618225f78c84ed2b338cd005f6ef310
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-05-05 (Thu, 05 May 2022)

  Changed paths:
    M crypto/evp/evp_fetch.c
    M crypto/property/property.c
    M crypto/provider_core.c
    M doc/internal/man3/OSSL_METHOD_STORE.pod
    M include/crypto/evp.h
    M include/internal/property.h

  Log Message:
  -----------
  Don't empty the method store when flushing the query cache

When evp_method_store_flush() flushed the query cache, it also freed
all methods in the EVP method store, through an unfortunate call of
ossl_method_store_flush_cache() with an argument saying that all
methods should indeed be dropped.

To undo some of the confusion, ossl_method_store_flush_cache() is
renamed to ossl_method_store_cache_flush_all(), and limited to do
only that.  Some if the items in the internal ALGORITHM structure are
also renamed and commented to clarify what they are for.

Fixes #18150

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

(cherry picked from commit 60640d79ca7ea0980dc09c71fe6a297b5f8588a2)


  Commit: 215708c53bc3d62fd29ec842d80fa929910178ee
      https://github.openssl.org/openssl/openssl/commit/215708c53bc3d62fd29ec842d80fa929910178ee
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-05-05 (Thu, 05 May 2022)

  Changed paths:
    M crypto/evp/evp_fetch.c
    M crypto/property/property.c
    M crypto/provider_core.c
    M doc/internal/man3/OSSL_METHOD_STORE.pod
    M include/crypto/evp.h
    M include/internal/property.h

  Log Message:
  -----------
  Make it possible to remove methods by the provider that provides them

This adds ossl_method_store_remove_all_provided(), which selectively
removes methods from the given store that are provided by the given
provider.

This also adds the EVP specific evp_method_store_remove_all_provided(),
which matches ossl_method_store_remove_all_provided() but can also
retrieve the correct store to manipulate for EVP functions.

This allows us to modify ossl_provider_self_test() to do the job it's
supposed to do, but through clearly defined functions instead of a
cache flushing call that previously did more than that.

ossl_provider_deactivate() is also modified to remove methods associated
with the deactivated provider, and not just clearing the cache.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

(cherry picked from commit 2e4d0677ea858c619a33235265dbee19520a9d35)


  Commit: 106f5c231ccf7103564c8f81f169e372c444351b
      https://github.openssl.org/openssl/openssl/commit/106f5c231ccf7103564c8f81f169e372c444351b
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-05-05 (Thu, 05 May 2022)

  Changed paths:
    M crypto/property/property.c

  Log Message:
  -----------
  Complete the cleanup of an algorithm in OSSL_METHOD_STORE

The `alg_cleanup` didn't properly clear the OPENSSL_SA leaf that it
had just freed the contents of.  Fortunately, `ossl_sa_ALGORITHM_doall_arg()`
allows us to pass the store pointer itself as an extra argument, which
allows a modified `alg_cleanup` to complete the job.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

(cherry picked from commit 03454ba2a234197c961920f1bac37cc9f4cf3f54)


  Commit: a860a5807adf61f624872fa26aeb31585c17aa72
      https://github.openssl.org/openssl/openssl/commit/a860a5807adf61f624872fa26aeb31585c17aa72
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-05-05 (Thu, 05 May 2022)

  Changed paths:
    M crypto/provider_child.c

  Log Message:
  -----------
  For child libctx / provider, don't count self-references in parent

In child library contexts, which contain child "clones" of the
providers the application has in store, one of these children will
always be the provider that creates the child library context; let's
call them self-refering child providers.

For these self-refering child providers, we don't increment the parent
provider reference count, nor do we free the parent provider, as those
become self defeating and hinder the teardown and unloading process
when the application cleans up.

For non self-refering child providers, we must retain this propagation
of reference count to the parent, so that aren't torn down too early,
i.e. when there's still a "foreign" reference (fetched algorithm).

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

(cherry picked from commit 4da7663b02bf05542830e85db6f74cf90daf1f49)


  Commit: 37a6e9efe013f9e6a840e38beb81e44b9fee3629
      https://github.openssl.org/openssl/openssl/commit/37a6e9efe013f9e6a840e38beb81e44b9fee3629
  Author: Richard Levitte <levitte at openssl.org>
  Date:   2022-05-05 (Thu, 05 May 2022)

  Changed paths:
    M crypto/encode_decode/decoder_meth.c
    M crypto/encode_decode/encoder_meth.c
    M crypto/provider_core.c
    M crypto/store/store_meth.c
    M include/crypto/decoder.h
    M include/crypto/encoder.h
    M include/crypto/store.h

  Log Message:
  -----------
  Add method store cache flush and method removal to non-EVP operations

evp_method_store_flush() and evp_method_store_remove_all_provided()
only cover EVP operations, but not encoders, decoders and store loaders.
This adds corresponding methods for those as well.  Without this, their
method stores are never cleaned up when the corresponding providers are
deactivated or otherwise modified.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

(cherry picked from commit 32e3c071373280b69be02ba91fc3204495e2e1bf)


Compare: https://github.openssl.org/openssl/openssl/compare/2ff09a3f7b87...37a6e9efe013

More information about the openssl-commits mailing list