Add internal function evp_generic_do_all()

This function is used to traverse all algorithm implementations for a
given operation type, and execute the given function for each of them.

Add internal function evp_generic_do_all()

This function is used to traverse all algorithm implementations for a
given operation type, and execute the given function for each of them.

For each algorithm implementation, a method is created and passed to
the given function, and then freed after that function's return. If
the caller wishes to keep the method for longer, they must call the
appropriate up_ref function on the method, and they must also make
sure to free the passed methods at some point.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

show more ...

Add a mechnism to save the name of fetched methods

This will be useful for information display, as well as for code that
want to check the name of an algorithm. This can eventually repl

Add a mechnism to save the name of fetched methods

This will be useful for information display, as well as for code that
want to check the name of an algorithm. This can eventually replace
all NID checks.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9356)

show more ...

ossl_provider_upref to ossl_provider_up_ref

Common pattern is that the routines to increment the reference count
are called something_up_ref, not something_upref. Adapt
ossl_provide

ossl_provider_upref to ossl_provider_up_ref

Common pattern is that the routines to increment the reference count
are called something_up_ref, not something_upref. Adapt
ossl_provider_upref() accordingly.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9293)

show more ...

Only cache a method if we actually created one

We were attempting to cache a method after we failed to create it
which leads to an assertion failure.

Fixes #9264

Review

Only cache a method if we actually created one

We were attempting to cache a method after we failed to create it
which leads to an assertion failure.

Fixes #9264

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9269)

show more ...

Replumbing: add support for multiple names per algorithm

Algorithms may have multiple names, as seen in the legacy names
database. We need to support that as well.

This impleme

Replumbing: add support for multiple names per algorithm

Algorithms may have multiple names, as seen in the legacy names
database. We need to support that as well.

This implementations modifies ossl_namemap to support multiple names
for the same identifier.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8967)

show more ...

EVP fetching: make operation_id part of the method identity

Because the operation identity wasn't integrated with the created
methods, the following code would give unexpected results:

EVP fetching: make operation_id part of the method identity

Because the operation identity wasn't integrated with the created
methods, the following code would give unexpected results:

EVP_MD *md = EVP_MD_fetch(NULL, "MD5", NULL);
EVP_CIPHER *cipher = EVP_CIPHER_fetch(NULL, "MD5", NULL);

if (md != NULL)
printf("MD5 is a digest\n");
if (cipher != NULL)
printf("MD5 is a cipher\n");

The message is that MD5 is both a digest and a cipher.

Partially fixes #9106

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9109)

show more ...

Move digests to providers

Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers aft

Move digests to providers

Move digest code into the relevant providers (fips, default, legacy).
The headers are temporarily moved to be internal, and will be moved
into providers after all external references are resolved. The deprecated
digest code can not be removed until EVP_PKEY (signing) is supported by
providers. EVP_MD data can also not yet be cleaned up for the same reasons.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8763)

show more ...

EVP_FETCH: remove the need to transport the legacy NID through construction

Now that the legacy NID isn't used as a main index for fetched
algorithms, the legacy NID was just transported

EVP_FETCH: remove the need to transport the legacy NID through construction

Now that the legacy NID isn't used as a main index for fetched
algorithms, the legacy NID was just transported around unnecessarily.
This is removed, and the legacy NID is simply set by EVP_{API}_fetch()
after the construction process is done.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

show more ...

EVP_FETCH: deal with names without pre-defined NIDs

We didn't deal very well with names that didn't have pre-defined NIDs,
as the NID zero travelled through the full process and resulted

EVP_FETCH: deal with names without pre-defined NIDs

We didn't deal very well with names that didn't have pre-defined NIDs,
as the NID zero travelled through the full process and resulted in an
inaccessible method. By consequence, we need to refactor the method
construction callbacks to rely more on algorithm names.

We must, however, still store the legacy NID with the method, for the
sake of other code that depend on it (for example, CMS).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

show more ...

Make the generic EVP fetching mechanism use the namenum map

This avoids using the ASN1_OBJECT database, which is bloated for the
purpose of a simple number <-> name database.

Re

Make the generic EVP fetching mechanism use the namenum map

This avoids using the ASN1_OBJECT database, which is bloated for the
purpose of a simple number <-> name database.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8878)

show more ...

Instead of global data store it in an OPENSSL_CTX

Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.

Reviewed-

Instead of global data store it in an OPENSSL_CTX

Various core and property related code files used global data. We should
store all of that in an OPENSSL_CTX instead.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8857)

show more ...

Fix the generic EVP algorithm fetch to actually cache them

ossl_method_store_cache_get() and ossl_method_store_cache_set() were
called with a NULL argument for store, which means no cach

Fix the generic EVP algorithm fetch to actually cache them

ossl_method_store_cache_get() and ossl_method_store_cache_set() were
called with a NULL argument for store, which means no caching is
done. Give them a real store instead.

Also, increment the refcount when we do get a method out of the cache.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8781)

show more ...

Use the right NID when putting a method in the store

When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that pr

Use the right NID when putting a method in the store

When we attempt to fetch a method with a given NID we will ask the
providers for it if we don't already know about it. During that process
we may be told about other methods with a different NID. We need to
make sure we don't confuse the two.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)

show more ...

EVP_set_default_properties(): New function to set global properties

EVP_MD_fetch() can be given a property query string. However, there
are cases when it won't, for example in implicit

EVP_set_default_properties(): New function to set global properties

EVP_MD_fetch() can be given a property query string. However, there
are cases when it won't, for example in implicit fetches. Therefore,
we also need a way to set a global property query string to be used in
all subsequent fetches. This also applies to all future algorithm
fetching functions.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8681)

show more ...

Add generic EVP method fetcher

This is an interface between Core dispatch table fetching and
EVP_{method}_fetch(). All that's needed from the diverse method
fetchers are the functio

Add generic EVP method fetcher

This is an interface between Core dispatch table fetching and
EVP_{method}_fetch(). All that's needed from the diverse method
fetchers are the functions to create a method structure from a
dispatch table, a function that ups the method reference counter and a
function to free the method (in case of failure).

This routine is internal to the EVP API andis therefore only made
accessible within crypto/evp, by including evp_locl.h

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8341)

show more ...