diff options
Diffstat (limited to 'crypto/evp/evp_fetch.c')
| -rw-r--r-- | crypto/evp/evp_fetch.c | 129 |
1 files changed, 52 insertions, 77 deletions
diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 6eeafd948ea1..fbebca1b634c 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -1,5 +1,5 @@ /* - * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -17,30 +17,12 @@ #include "internal/core.h" #include "internal/provider.h" #include "internal/namemap.h" -#include "internal/property.h" +#include "crypto/decoder.h" #include "crypto/evp.h" /* evp_local.h needs it */ #include "evp_local.h" #define NAME_SEPARATOR ':' -static void evp_method_store_free(void *vstore) -{ - ossl_method_store_free(vstore); -} - -static void *evp_method_store_new(OSSL_LIB_CTX *ctx) -{ - return ossl_method_store_new(ctx); -} - - -static const OSSL_LIB_CTX_METHOD evp_method_store_method = { - /* We want evp_method_store to be cleaned up before the provider store */ - OSSL_LIB_CTX_METHOD_PRIORITY_2, - evp_method_store_new, - evp_method_store_free, -}; - /* Data to be passed through ossl_method_construct() */ struct evp_method_data_st { OSSL_LIB_CTX *libctx; @@ -66,21 +48,25 @@ static void *get_tmp_evp_method_store(void *data) { struct evp_method_data_st *methdata = data; - if (methdata->tmp_store == NULL) + if (methdata->tmp_store == NULL) { methdata->tmp_store = ossl_method_store_new(methdata->libctx); + OSSL_TRACE1(QUERY, "Allocating a new tmp_store %p\n", (void *)methdata->tmp_store); + } else { + OSSL_TRACE1(QUERY, "Using the existing tmp_store %p\n", (void *)methdata->tmp_store); + } return methdata->tmp_store; } static void dealloc_tmp_evp_method_store(void *store) { + OSSL_TRACE1(QUERY, "Deallocating the tmp_store %p\n", store); if (store != NULL) ossl_method_store_free(store); } static OSSL_METHOD_STORE *get_evp_method_store(OSSL_LIB_CTX *libctx) { - return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX, - &evp_method_store_method); + return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_EVP_METHOD_STORE_INDEX); } static int reserve_evp_method_store(void *store, void *data) @@ -142,7 +128,7 @@ static void *get_evp_method_from_store(void *store, const OSSL_PROVIDER **prov, { struct evp_method_data_st *methdata = data; void *method = NULL; - int name_id = 0; + int name_id; uint32_t meth_id; /* @@ -203,10 +189,15 @@ static int put_evp_method_in_store(void *store, void *method, || (meth_id = evp_method_id(name_id, methdata->operation_id)) == 0) return 0; + OSSL_TRACE1(QUERY, "put_evp_method_in_store: original store: %p\n", store); if (store == NULL && (store = get_evp_method_store(methdata->libctx)) == NULL) return 0; + OSSL_TRACE5(QUERY, + "put_evp_method_in_store: " + "store: %p, names: %s, operation_id %d, method_id: %d, properties: %s\n", + store, names, methdata->operation_id, meth_id, propdef ? propdef : "<null>"); return ossl_method_store_add(store, prov, meth_id, propdef, method, methdata->refcnt_up_method, methdata->destruct_method); @@ -259,8 +250,7 @@ static void destruct_evp_method(void *method, void *data) static void * inner_evp_generic_fetch(struct evp_method_data_st *methdata, OSSL_PROVIDER *prov, int operation_id, - int name_id, const char *name, - const char *properties, + const char *name, ossl_unused const char *properties, void *(*new_method)(int name_id, const OSSL_ALGORITHM *algodef, OSSL_PROVIDER *prov), @@ -269,10 +259,20 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, { OSSL_METHOD_STORE *store = get_evp_method_store(methdata->libctx); OSSL_NAMEMAP *namemap = ossl_namemap_stored(methdata->libctx); +#ifdef FIPS_MODULE + /* + * The FIPS provider has its own internal library context where only it + * is loaded. Consequently, property queries aren't relevant because + * there is only one fetchable algorithm and it is assumed that the + * FIPS-ness is handled by the using algorithm. + */ + const char *const propq = ""; +#else const char *const propq = properties != NULL ? properties : ""; +#endif /* FIPS_MODULE */ uint32_t meth_id = 0; void *method = NULL; - int unsupported = 0; + int unsupported, name_id; if (store == NULL || namemap == NULL) { ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); @@ -288,18 +288,8 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, return NULL; } - /* - * If we have been passed both a name_id and a name, we have an - * internal programming error. - */ - if (!ossl_assert(name_id == 0 || name == NULL)) { - ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); - return NULL; - } - /* If we haven't received a name id yet, try to get one for the name */ - if (name_id == 0 && name != NULL) - name_id = ossl_namemap_name2num(namemap, name); + name_id = name != NULL ? ossl_namemap_name2num(namemap, name) : 0; /* * If we have a name id, calculate a method id with evp_method_id(). @@ -318,8 +308,7 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, * If we haven't found the name yet, chances are that the algorithm to * be fetched is unsupported. */ - if (name_id == 0) - unsupported = 1; + unsupported = name_id == 0; if (meth_id == 0 || !ossl_method_store_cache_get(store, prov, meth_id, propq, &method)) { @@ -354,7 +343,7 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, * will create a method against all names, but the lookup will fail * as ossl_namemap_name2num treats the name string as a single name * rather than introducing new features where in the EVP_<obj>_fetch - * parses the string and querys for each, return an error. + * parses the string and queries for each, return an error. */ if (name_id == 0) name_id = ossl_namemap_name2num(namemap, name); @@ -388,6 +377,11 @@ inner_evp_generic_fetch(struct evp_method_data_st *methdata, ossl_lib_ctx_get_descriptor(methdata->libctx), name == NULL ? "<null>" : name, name_id, properties == NULL ? "<null>" : properties); + } else { + OSSL_TRACE4(QUERY, "%s, Algorithm (%s : %d), Properties (%s)\n", + ossl_lib_ctx_get_descriptor(methdata->libctx), + name == NULL ? "<null>" : name, name_id, + properties == NULL ? "<null>" : properties); } return method; @@ -407,34 +401,7 @@ void *evp_generic_fetch(OSSL_LIB_CTX *libctx, int operation_id, methdata.libctx = libctx; methdata.tmp_store = NULL; method = inner_evp_generic_fetch(&methdata, NULL, operation_id, - 0, name, properties, - new_method, up_ref_method, free_method); - dealloc_tmp_evp_method_store(methdata.tmp_store); - return method; -} - -/* - * evp_generic_fetch_by_number() is special, and only returns methods for - * already known names, i.e. it refuses to work if no name_id can be found - * (it's considered an internal programming error). - * This is meant to be used when one method needs to fetch an associated - * method. - */ -void *evp_generic_fetch_by_number(OSSL_LIB_CTX *libctx, int operation_id, - int name_id, const char *properties, - void *(*new_method)(int name_id, - const OSSL_ALGORITHM *algodef, - OSSL_PROVIDER *prov), - int (*up_ref_method)(void *), - void (*free_method)(void *)) -{ - struct evp_method_data_st methdata; - void *method; - - methdata.libctx = libctx; - methdata.tmp_store = NULL; - method = inner_evp_generic_fetch(&methdata, NULL, operation_id, - name_id, NULL, properties, + name, properties, new_method, up_ref_method, free_method); dealloc_tmp_evp_method_store(methdata.tmp_store); return method; @@ -460,7 +427,7 @@ void *evp_generic_fetch_from_prov(OSSL_PROVIDER *prov, int operation_id, methdata.libctx = ossl_provider_libctx(prov); methdata.tmp_store = NULL; method = inner_evp_generic_fetch(&methdata, prov, operation_id, - 0, name, properties, + name, properties, new_method, up_ref_method, free_method); dealloc_tmp_evp_method_store(methdata.tmp_store); return method; @@ -494,6 +461,7 @@ static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx, OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); if (plp != NULL && store != NULL) { + int ret; #ifndef FIPS_MODULE char *propstr = NULL; size_t strsz; @@ -527,8 +495,12 @@ static int evp_set_parsed_default_properties(OSSL_LIB_CTX *libctx, #endif ossl_property_free(*plp); *plp = def_prop; - if (store != NULL) - return ossl_method_store_cache_flush_all(store); + + ret = ossl_method_store_cache_flush_all(store); +#ifndef FIPS_MODULE + ossl_decoder_cache_flush(libctx); +#endif + return ret; } ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); return 0; @@ -572,7 +544,7 @@ static int evp_default_properties_merge(OSSL_LIB_CTX *libctx, const char *propq, pl2 = ossl_property_merge(pl1, *plp); ossl_property_free(pl1); if (pl2 == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_EVP, ERR_R_CRYPTO_LIB); return 0; } if (!evp_set_parsed_default_properties(libctx, pl2, 0, 0)) { @@ -624,10 +596,8 @@ char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig) } propstr = OPENSSL_malloc(sz); - if (propstr == NULL) { - ERR_raise(ERR_LIB_EVP, ERR_R_MALLOC_FAILURE); + if (propstr == NULL) return NULL; - } if (ossl_property_list_to_string(libctx, *plp, propstr, sz) == 0) { ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR); OPENSSL_free(propstr); @@ -636,6 +606,11 @@ char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig) return propstr; } +char *EVP_get1_default_properties(OSSL_LIB_CTX *libctx) +{ + return evp_get_global_properties_str(libctx, ossl_lib_ctx_is_global_default(libctx)); +} + struct filter_data_st { int operation_id; void (*user_fn)(void *method, void *arg); @@ -664,7 +639,7 @@ void evp_generic_do_all(OSSL_LIB_CTX *libctx, int operation_id, methdata.libctx = libctx; methdata.tmp_store = NULL; - (void)inner_evp_generic_fetch(&methdata, NULL, operation_id, 0, NULL, NULL, + (void)inner_evp_generic_fetch(&methdata, NULL, operation_id, NULL, NULL, new_method, up_ref_method, free_method); data.operation_id = operation_id; |