The FIPS module currently has "magic" support to have the library
context become the provider context within the core code, for the FIPS
module's inner provider.
We replace that with a core upcall that returns the library context
associated with a provider object. That way, the FIPS module can
handle the assignment of the inner provider context itself. This
allows the FIPS module (and any other provider module that wishes to
use a similar mechanism) to define for itself what the provider
context is. It's currently simply a pointer to a library context,
but may contain other stuff as well in the future.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9160)
covID 1445689 Resource leak (in error path)
covID 1445318 Resource leak (in test - minor)
covID 1443705 Unchecked return value (Needed if CRYPTO_atomic_add() was used)
covID 1443691 Resource leak (in app - minor)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9071)
Some OSSL_PROVIDER getters took a non-const OSSL_PROVIDER parameter.
There's no reason to do so.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/9054)
In addition this commit ensures that the "provctx" value is defaulted to the current
library context when we are recurively initialising the FIPS provider when already inside
the FIPS module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8728)
Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)
OSSL_provider_init() gets another output parameter, holding a pointer
to a provider side context. It's entirely up to the provider to
define the context and what it's being used for. This pointer is
passed back to other provider functions, typically the provider global
get_params and set_params functions, and also the diverse algorithm
context creators, and of course, the teardown function.
With this, a provider can be instantiated more than once, or be
re-loaded as the case may be, while maintaining instance state.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8848)
Provider parameters are parameters set by the core that the provider
can retrieve. The primary use it to support making OpenSSL
configuration data available to the provider.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8549)
OpenSSL will come with a set of well known providers, some of which
need to be accessible from the start. These are typically built in
providers, or providers that will work as fallbacks.
We do this when creating a new provider store, which means that this
will happen in every library context, regardless of if it's the global
default one, or an explicitely created one.
We keep the data about the known providers we want to make accessible
this way in crypto/provider_predefined.h, which may become generated.
For now, though, we make it simple and edited manually.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8480)
To ensure that old applications aren't left without any provider, and
at the same time not forcing any default provider on applications that
know how to deal with them, we device the concept of fallback
providers, which are automatically activated if no other provider is
already activated.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8480)
The OSSL_PARAM attribute names |buffer| and |buffer_size| may lead to
confusion, as they may make some think that the memory pointed at is
an intermediate memory are. This is not generally the case, so we
rename |buffer| and |buffer_size| to |data| and |data_size|
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8451)
The OSSL_PROVIDER is the core object involved in loading a provider
module, initialize a provider and do the initial communication of
provider wide and core wide dispatch tables.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)
Richard Levitte
Shane Lontis
Matt Caswell