diff options
| author | Hugo Landau <hlandau@openssl.org> | 2022-03-14 08:13:12 +0000 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-04-01 10:49:19 +1100 |
| commit | 927d0566ded0dff9d6c5abc8a40bb84068446b76 (patch) | |
| tree | c6d898a04aaa2062c9a74cb9c89ce25fa9680a41 /providers/fips | |
| parent | 9c140a33663f319ad4000a6a985c3e14297c7389 (diff) | |
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA
This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized
eagerly rather than lazily, which avoids the need for locking on access
in most cases.
Fixes #17116.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17881)
Diffstat (limited to 'providers/fips')
| -rw-r--r-- | providers/fips/fipsprov.c | 27 |
1 files changed, 8 insertions, 19 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index f4605dcd6c..8bd61654e8 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -22,6 +22,7 @@ #include "prov/provider_util.h" #include "prov/seeding.h" #include "self_test.h" +#include "crypto/context.h" static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; @@ -78,7 +79,7 @@ typedef struct fips_global_st { const char *fips_security_check_option; } FIPS_GLOBAL; -static void *fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) +void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); @@ -90,18 +91,11 @@ static void *fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) return fgbl; } -static void fips_prov_ossl_ctx_free(void *fgbl) +void ossl_fips_prov_ossl_ctx_free(void *fgbl) { OPENSSL_free(fgbl); } -static const OSSL_LIB_CTX_METHOD fips_prov_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - fips_prov_ossl_ctx_new, - fips_prov_ossl_ctx_free, -}; - - /* Parameters we provide to the core */ static const OSSL_PARAM fips_param_types[] = { OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), @@ -170,8 +164,7 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) { OSSL_PARAM *p; FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) @@ -208,8 +201,7 @@ static void set_self_test_cb(FIPS_GLOBAL *fgbl) static int fips_self_test(void *provctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); set_self_test_cb(fgbl); return SELF_TEST_post(&fgbl->selftest_params, 1) ? 1 : 0; @@ -666,8 +658,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, goto err; } - if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method)) == NULL) + if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX)) == NULL) goto err; fgbl->handle = handle; @@ -812,8 +803,7 @@ int ERR_pop_to_mark(void) const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); if (fgbl == NULL) return NULL; @@ -891,8 +881,7 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); return fgbl->fips_security_checks; } |