diff options
| -rw-r--r-- | crypto/core_algorithm.c | 1 | ||||
| -rw-r--r-- | crypto/provider.c | 7 | ||||
| -rw-r--r-- | crypto/provider_core.c | 13 | ||||
| -rw-r--r-- | doc/internal/man3/ossl_provider_new.pod | 10 | ||||
| -rw-r--r-- | doc/man3/OSSL_PROVIDER.pod | 11 | ||||
| -rw-r--r-- | doc/man7/provider-base.pod | 8 | ||||
| -rw-r--r-- | include/internal/provider.h | 3 | ||||
| -rw-r--r-- | include/openssl/core_dispatch.h | 9 | ||||
| -rw-r--r-- | include/openssl/provider.h | 2 | ||||
| -rw-r--r-- | test/filterprov.c | 42 | ||||
| -rw-r--r-- | test/filterprov.h | 14 | ||||
| -rw-r--r-- | test/sslapitest.c | 7 | ||||
| -rw-r--r-- | util/libcrypto.num | 1 |
13 files changed, 112 insertions, 16 deletions
diff --git a/crypto/core_algorithm.c b/crypto/core_algorithm.c index ddb9e5ae43..59f6dddb14 100644 --- a/crypto/core_algorithm.c +++ b/crypto/core_algorithm.c @@ -65,6 +65,7 @@ static int algorithm_do_this(OSSL_PROVIDER *provider, void *cbdata) data->fn(provider, thismap, no_store, data->data); } } + ossl_provider_unquery_operation(provider, cur_operation, map); /* Do we fulfill post-conditions? */ if (data->post == NULL) { diff --git a/crypto/provider.c b/crypto/provider.c index 90c31f3ac5..8eca9d3581 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -76,6 +76,13 @@ const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, return ossl_provider_query_operation(prov, operation_id, no_cache); } +void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, + const OSSL_ALGORITHM *algs) +{ + ossl_provider_unquery_operation(prov, operation_id, algs); +} + void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov) { return ossl_provider_prov_ctx(prov); diff --git a/crypto/provider_core.c b/crypto/provider_core.c index da751e60ce..d210026e25 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -78,6 +78,7 @@ struct ossl_provider_st { OSSL_FUNC_provider_get_capabilities_fn *get_capabilities; OSSL_FUNC_provider_self_test_fn *self_test; OSSL_FUNC_provider_query_operation_fn *query_operation; + OSSL_FUNC_provider_unquery_operation_fn *unquery_operation; /* * Cache of bit to indicate of query_operation() has been called on @@ -571,6 +572,10 @@ static int provider_init(OSSL_PROVIDER *prov) prov->query_operation = OSSL_FUNC_provider_query_operation(provider_dispatch); break; + case OSSL_FUNC_PROVIDER_UNQUERY_OPERATION: + prov->unquery_operation = + OSSL_FUNC_provider_unquery_operation(provider_dispatch); + break; #ifndef OPENSSL_NO_ERR # ifndef FIPS_MODULE case OSSL_FUNC_PROVIDER_GET_REASON_STRINGS: @@ -929,6 +934,14 @@ const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, return res; } +void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, + const OSSL_ALGORITHM *algs) +{ + if (prov->unquery_operation != NULL) + prov->unquery_operation(prov->provctx, operation_id, algs); +} + int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum) { size_t byte = bitnum / 8; diff --git a/doc/internal/man3/ossl_provider_new.pod b/doc/internal/man3/ossl_provider_new.pod index d74ce57fef..40a2ebe7e3 100644 --- a/doc/internal/man3/ossl_provider_new.pod +++ b/doc/internal/man3/ossl_provider_new.pod @@ -13,7 +13,8 @@ ossl_provider_name, ossl_provider_dso, ossl_provider_module_name, ossl_provider_module_path, ossl_provider_libctx, ossl_provider_teardown, ossl_provider_gettable_params, -ossl_provider_get_params, ossl_provider_query_operation, +ossl_provider_get_params, +ossl_provider_query_operation, ossl_provider_unquery_operation, ossl_provider_set_operation_bit, ossl_provider_test_operation_bit, ossl_provider_get_capabilities - internal provider routines @@ -72,6 +73,9 @@ ossl_provider_get_capabilities const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); + void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, + const OSSL_ALGORITHM *algs); int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); int ossl_provider_test_operation_bit(OSSL_PROVIDER *provider, size_t bitnum, @@ -234,6 +238,10 @@ I<query_operation> function, if the provider has one. It should return an array of I<OSSL_ALGORITHM> for the given I<operation_id>. +ossl_provider_unquery_operation() informs the provider that the result of +ossl_provider_query_operation() is no longer going to be directly accessed and +that all relevant information has been copied. + ossl_provider_set_operation_bit() registers a 1 for operation I<bitnum> in a bitstring that's internal to I<provider>. diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod index e5c451259a..d5317ee3f5 100644 --- a/doc/man3/OSSL_PROVIDER.pod +++ b/doc/man3/OSSL_PROVIDER.pod @@ -6,8 +6,8 @@ OSSL_PROVIDER_set_default_search_path, OSSL_PROVIDER, OSSL_PROVIDER_load, OSSL_PROVIDER_try_load, OSSL_PROVIDER_unload, OSSL_PROVIDER_available, OSSL_PROVIDER_do_all, OSSL_PROVIDER_gettable_params, OSSL_PROVIDER_get_params, -OSSL_PROVIDER_query_operation, OSSL_PROVIDER_get0_provider_ctx, -OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name, +OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation, +OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_name, OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test - provider routines @@ -35,6 +35,9 @@ OSSL_PROVIDER_get_capabilities, OSSL_PROVIDER_self_test const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); + void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, + const OSSL_ALGORITHM *algs); void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov); int OSSL_PROVIDER_add_builtin(OSSL_LIB_CTX *libctx, const char *name, @@ -119,6 +122,10 @@ array of I<OSSL_ALGORITHM> for the given I<operation_id> terminated by an all NULL OSSL_ALGORITHM entry. This is considered a low-level function that most applications should not need to call. +OSSL_PROVIDER_unquery_operation() calls the provider's I<unquery_operation> +function (see L<provider(7)>), if the provider has one. This is considered a +low-level function that most applications should not need to call. + OSSL_PROVIDER_get0_provider_ctx() returns the provider context for the given provider. The provider context is an opaque handle set by the provider itself and is passed back to the provider by libcrypto in various function calls. diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod index 8659431437..3b4416dac0 100644 --- a/doc/man7/provider-base.pod +++ b/doc/man7/provider-base.pod @@ -86,6 +86,8 @@ provider-base const OSSL_ALGORITHM *provider_query_operation(void *provctx, int operation_id, const int *no_store); + void provider_unquery_operation(void *provctx, int operation_id, + const OSSL_ALGORITHM *algs); const OSSL_ITEM *provider_get_reason_strings(void *provctx); int provider_get_capabilities(void *provctx, const char *capability, OSSL_CALLBACK *cb, void *arg); @@ -154,6 +156,7 @@ F<libcrypto>): provider_gettable_params OSSL_FUNC_PROVIDER_GETTABLE_PARAMS provider_get_params OSSL_FUNC_PROVIDER_GET_PARAMS provider_query_operation OSSL_FUNC_PROVIDER_QUERY_OPERATION + provider_unquery_operation OSSL_FUNC_PROVIDER_UNQUERY_OPERATION provider_get_reason_strings OSSL_FUNC_PROVIDER_GET_REASON_STRINGS provider_get_capabilities OSSL_FUNC_PROVIDER_GET_CAPABILITIES provider_self_test OSSL_FUNC_PROVIDER_SELF_TEST @@ -274,6 +277,11 @@ It should indicate if the core may store a reference to this array by setting I<*no_store> to 0 (core may store a reference) or 1 (core may not store a reference). +provider_unquery_operation() informs the provider that the result of a +provider_query_operation() is no longer directly required and that the function +pointers have been copied. The I<operation_id> should match that passed to +provider_query_operation() and I<algs> should be its return value. + provider_get_reason_strings() should return a constant B<OSSL_ITEM> array that provides reason strings for reason codes the provider may use when reporting errors using core_put_error(). diff --git a/include/internal/provider.h b/include/internal/provider.h index fbe3154b53..7441bf26f0 100644 --- a/include/internal/provider.h +++ b/include/internal/provider.h @@ -83,6 +83,9 @@ int ossl_provider_self_test(const OSSL_PROVIDER *prov); const OSSL_ALGORITHM *ossl_provider_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); +void ossl_provider_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, + const OSSL_ALGORITHM *algs); /* Cache of bits to see if we already queried an operation */ int ossl_provider_set_operation_bit(OSSL_PROVIDER *provider, size_t bitnum); diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h index 6f12d6fecf..4d1d89ca82 100644 --- a/include/openssl/core_dispatch.h +++ b/include/openssl/core_dispatch.h @@ -193,13 +193,16 @@ OSSL_CORE_MAKE_FUNC(int,provider_get_params,(void *provctx, # define OSSL_FUNC_PROVIDER_QUERY_OPERATION 1027 OSSL_CORE_MAKE_FUNC(const OSSL_ALGORITHM *,provider_query_operation, (void *provctx, int operation_id, int *no_store)) -# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1028 +# define OSSL_FUNC_PROVIDER_UNQUERY_OPERATION 1028 +OSSL_CORE_MAKE_FUNC(void, provider_unquery_operation, + (void *provctx, int operation_id, const OSSL_ALGORITHM *)) +# define OSSL_FUNC_PROVIDER_GET_REASON_STRINGS 1029 OSSL_CORE_MAKE_FUNC(const OSSL_ITEM *,provider_get_reason_strings, (void *provctx)) -# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1029 +# define OSSL_FUNC_PROVIDER_GET_CAPABILITIES 1030 OSSL_CORE_MAKE_FUNC(int, provider_get_capabilities, (void *provctx, const char *capability, OSSL_CALLBACK *cb, void *arg)) -# define OSSL_FUNC_PROVIDER_SELF_TEST 1030 +# define OSSL_FUNC_PROVIDER_SELF_TEST 1031 OSSL_CORE_MAKE_FUNC(int, provider_self_test, (void *provctx)) /* Operations */ diff --git a/include/openssl/provider.h b/include/openssl/provider.h index a8720aaa7e..56b430710f 100644 --- a/include/openssl/provider.h +++ b/include/openssl/provider.h @@ -41,6 +41,8 @@ int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov, int operation_id, int *no_cache); +void OSSL_PROVIDER_unquery_operation(const OSSL_PROVIDER *prov, + int operation_id, const OSSL_ALGORITHM *algs); void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov); /* Add a built in providers */ diff --git a/test/filterprov.c b/test/filterprov.c index 71606ecc93..e14c802b1d 100644 --- a/test/filterprov.c +++ b/test/filterprov.c @@ -14,13 +14,10 @@ #include <string.h> #include <openssl/core.h> -#include <openssl/core_dispatch.h> #include <openssl/provider.h> #include <openssl/crypto.h> - -OSSL_provider_init_fn filter_provider_init; - -int filter_provider_set_filter(int operation, const char *name); +#include "testutil.h" +#include "filterprov.h" #define MAX_FILTERS 10 #define MAX_ALG_FILTERS 5 @@ -34,6 +31,8 @@ struct filter_prov_globals_st { } dispatch[MAX_FILTERS]; int num_dispatch; int no_cache; + unsigned long int query_count; + int error; }; static struct filter_prov_globals_st ourglobals; @@ -51,6 +50,7 @@ static struct filter_prov_globals_st *get_globals(void) static OSSL_FUNC_provider_gettable_params_fn filter_gettable_params; static OSSL_FUNC_provider_get_params_fn filter_get_params; static OSSL_FUNC_provider_query_operation_fn filter_query; +static OSSL_FUNC_provider_unquery_operation_fn filter_unquery; static OSSL_FUNC_provider_teardown_fn filter_teardown; static const OSSL_PARAM *filter_gettable_params(void *provctx) @@ -82,6 +82,7 @@ static const OSSL_ALGORITHM *filter_query(void *provctx, struct filter_prov_globals_st *globs = get_globals(); int i; + globs->query_count++; for (i = 0; i < globs->num_dispatch; i++) { if (globs->dispatch[i].operation == operation_id) { *no_cache = globs->no_cache; @@ -93,12 +94,30 @@ static const OSSL_ALGORITHM *filter_query(void *provctx, return OSSL_PROVIDER_query_operation(globs->deflt, operation_id, no_cache); } +static void filter_unquery(void *provctx, int operation_id, + const OSSL_ALGORITHM *algs) +{ + struct filter_prov_globals_st *globs = get_globals(); + int i; + + if (!TEST_ulong_gt(globs->query_count, 0)) + globs->error = 1; + else + globs->query_count--; + + for (i = 0; i < globs->num_dispatch; i++) + if (globs->dispatch[i].alg == algs) + return; + OSSL_PROVIDER_unquery_operation(globs->deflt, operation_id, algs); +} + static void filter_teardown(void *provctx) { struct filter_prov_globals_st *globs = get_globals(); OSSL_PROVIDER_unload(globs->deflt); OSSL_LIB_CTX_free(globs->libctx); + memset(globs, 0, sizeof(*globs)); } /* Functions we provide to the core */ @@ -106,6 +125,7 @@ static const OSSL_DISPATCH filter_dispatch_table[] = { { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))filter_gettable_params }, { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))filter_get_params }, { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))filter_query }, + { OSSL_FUNC_PROVIDER_UNQUERY_OPERATION, (void (*)(void))filter_unquery }, { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))filter_get_capabilities }, { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))filter_teardown }, { 0, NULL } @@ -201,6 +221,18 @@ int filter_provider_set_filter(int operation, const char *filterstr) ret = 1; err: + OSSL_PROVIDER_unquery_operation(globs->deflt, operation, provalgs); OPENSSL_free(filterstrtmp); return ret; } + +/* + * Test if a filter provider is in a clean finishing state. + * If it is return 1, otherwise return 0. + */ +int filter_provider_check_clean_finish(void) +{ + struct filter_prov_globals_st *globs = get_globals(); + + return TEST_ulong_eq(globs->query_count, 0) && !globs->error; +} diff --git a/test/filterprov.h b/test/filterprov.h new file mode 100644 index 0000000000..3c63071556 --- /dev/null +++ b/test/filterprov.h @@ -0,0 +1,14 @@ +/* + * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/core_dispatch.h> + +OSSL_provider_init_fn filter_provider_init; +int filter_provider_set_filter(int operation, const char *name); +int filter_provider_check_clean_finish(void); diff --git a/test/sslapitest.c b/test/sslapitest.c index 6f30a7efd1..b6eb6c16db 100644 --- a/test/sslapitest.c +++ b/test/sslapitest.c @@ -38,6 +38,7 @@ #include "internal/nelem.h" #include "internal/ktls.h" #include "../ssl/ssl_local.h" +#include "filterprov.h" #undef OSSL_NO_USABLE_TLS1_3 #if defined(OPENSSL_NO_TLS1_3) \ @@ -49,10 +50,6 @@ # define OSSL_NO_USABLE_TLS1_3 #endif -/* Defined in filterprov.c */ -OSSL_provider_init_fn filter_provider_init; -int filter_provider_set_filter(int operation, const char *name); - /* Defined in tls-provider.c */ int tls_provider_init(const OSSL_CORE_HANDLE *handle, const OSSL_DISPATCH *in, @@ -8058,7 +8055,7 @@ static int test_sigalgs_available(int idx) : NID_rsassaPss)) goto end; - testresult = 1; + testresult = filter_provider_check_clean_finish(); end: SSL_free(serverssl); diff --git a/util/libcrypto.num b/util/libcrypto.num index 0403a6944b..2f04e81152 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5078,6 +5078,7 @@ X509_PUBKEY_eq ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_eq ? 3_0_0 EXIST::FUNCTION: EVP_PKEY_parameters_eq ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_query_operation ? 3_0_0 EXIST::FUNCTION: +OSSL_PROVIDER_unquery_operation ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_get0_provider_ctx ? 3_0_0 EXIST::FUNCTION: OSSL_PROVIDER_get_capabilities ? 3_0_0 EXIST::FUNCTION: EC_GROUP_new_by_curve_name_ex ? 3_0_0 EXIST::FUNCTION:EC |