| #
96e67808 |
| 23-Jan-2023 |
Simo Sorce |
Allow to pass a passprase callback at store open
Some PKCS11 modules require authentication early on to be able to
preload objects, which we want to do to avoid costly roundtrips when th
Allow to pass a passprase callback at store open
Some PKCS11 modules require authentication early on to be able to
preload objects, which we want to do to avoid costly roundtrips when the
HSM is actually reached over a network (Cloud HSM).
Unfortunately at open time we can't interact with the user becaue the
callbacks are only passed at object load time. later on.
This patch corrects this issue by providing a more feature rich open
call for providers.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20131)
show more ...
|
| #
0a8807b4 |
| 28-Aug-2023 |
Dmitry Belyavskiy |
Store: API for deletion
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21901)
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
2a1f467c |
| 21-Jun-2023 |
Pauli |
store: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull
store: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
show more ...
|
| #
e1eafe8c |
| 14-Apr-2022 |
Richard Levitte |
"Reserve" the method store when constructing methods
Introducing the concept of reserving the store where a number of
provided operation methods are to be stored.
This avoids ra
"Reserve" the method store when constructing methods
Introducing the concept of reserving the store where a number of
provided operation methods are to be stored.
This avoids racing when constructing provided methods, which is
especially pertinent when multiple threads are trying to fetch the
same method, or even any implementation for the same given operation
type.
This introduces a |biglock| in OSSL_METHOD_STORE, which is separate
from the |lock| which is used for more internal and finer grained
locking.
Fixes #18152
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18153)
show more ...
|
| #
1a01e5c2 |
| 03-Jun-2022 |
Clemens Lang |
Fix inadvertent NULL assignments in ternary ops
As identified by both clang with a warning and
$> git grep -P '(?<![!=])= NULL \?'
Signed-off-by: Clemens Lang <cllang@redhat.com
Fix inadvertent NULL assignments in ternary ops
As identified by both clang with a warning and
$> git grep -P '(?<![!=])= NULL \?'
Signed-off-by: Clemens Lang <cllang@redhat.com>
CLA: trivial
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18469)
show more ...
|
| #
16ff70a5 |
| 04-May-2022 |
Pauli |
Remove the _fetch_by_number functions
These functions are unused and untested. They are also implemented rather
inefficiently. If we ever needed them in the future, they'd almost surel
Remove the _fetch_by_number functions
These functions are unused and untested. They are also implemented rather
inefficiently. If we ever needed them in the future, they'd almost surely
need to be rewritten more efficiently.
Fixes #18227
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18237)
show more ...
|
| #
32e3c071 |
| 04-May-2022 |
Richard Levitte |
Add method store cache flush and method removal to non-EVP operations
evp_method_store_flush() and evp_method_store_remove_all_provided()
only cover EVP operations, but not encoders, dec
Add method store cache flush and method removal to non-EVP operations
evp_method_store_flush() and evp_method_store_remove_all_provided()
only cover EVP operations, but not encoders, decoders and store loaders.
This adds corresponding methods for those as well. Without this, their
method stores are never cleaned up when the corresponding providers are
deactivated or otherwise modified.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
927d0566 |
| 14-Mar-2022 |
Hugo Landau |
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA
This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are in
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA
This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized
eagerly rather than lazily, which avoids the need for locking on access
in most cases.
Fixes #17116.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17881)
show more ...
|
| #
af788ad6 |
| 25-Feb-2022 |
Pauli |
fetch: convert a NULL property query to ""
Previously, a NULL property query was never cached and this lead to a
performance degregation. Now, such a query is converted to an empty stri
fetch: convert a NULL property query to ""
Previously, a NULL property query was never cached and this lead to a
performance degregation. Now, such a query is converted to an empty string
and cached.
Fixes #17752
Fixes https://github.openssl.org/openssl/openssl/issues/26
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17769)
show more ...
|
| #
cd1981a0 |
| 10-Jan-2022 |
Matt Caswell |
Fix Decoder, Encoder and Store loader fetching
Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give
Fix Decoder, Encoder and Store loader fetching
Attempting to fetch one of the above and providing a query string was
failing with an internal assertion error. We must ensure that we give the
provider when calling ossl_method_store_cache_set()
Fixes #17456
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17459)
show more ...
|
| #
dc010ca6 |
| 04-Oct-2021 |
Richard Levitte |
CORE: Encure that cached fetches can be done per provider
This mostly entails passing around a provider pointer, and handling
queries that includes a pointer to a provider, where NULL me
CORE: Encure that cached fetches can be done per provider
This mostly entails passing around a provider pointer, and handling
queries that includes a pointer to a provider, where NULL means "any".
This also means that there's a need to pass the provider pointer, not
just down to the cache functions, but also be able to get it from
ossl_method_store_fetch(). To this end, that function's OSSL_PROVIDER
pointer argument is modified to be a pointer reference, so the
function can answer back what provider the method comes from.
Test added.
Fixes #16614
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
show more ...
|
| #
cfce50f7 |
| 30-Sep-2021 |
Richard Levitte |
CORE: add a provider argument to ossl_method_construct()
This makes it possible to limit the search of methods to that
particular provider. This uses already available possibilities in
CORE: add a provider argument to ossl_method_construct()
This makes it possible to limit the search of methods to that
particular provider. This uses already available possibilities in
ossl_algorithm_do_all().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16725)
show more ...
|
| #
ecd699b6 |
| 18-Jun-2021 |
Richard Levitte |
STORE: Fix OSSL_STORE_open_ex() error reporting
OSSL_STORE_open_ex() could result in reports like this:
80722AA3927F0000:error:80000002:system library:file_open_ex:No such file
STORE: Fix OSSL_STORE_open_ex() error reporting
OSSL_STORE_open_ex() could result in reports like this:
80722AA3927F0000:error:80000002:system library:file_open_ex:No such file or directory:engines/e_loader_attic.c:1016:calling stat(file:test/blahdibleh.der)
80722AA3927F0000:error:41800069:lib(131)::path must be absolute:engines/e_loader_attic.c:1010:test/blahdibleh.der
80722AA3927F0000:error:1600007B:STORE routines:OSSL_STORE_open_ex:no loaders found:crypto/store/store_lib.c:148:No store loaders were found. For standard store loaders you need at least one of the default or base providers available. Did you forget to load them?
The last one turns out to be a bit too generically reported. It
should only be reported when no loader were loaded at all, not when
loader_ctx happens to be NULL (which may happen for other reasons).
We also move the helpful message to the OSSL_STORE_LOADER fetcher.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15820)
show more ...
|
| #
6882652e |
| 15-Jun-2021 |
Richard Levitte |
CORE: Do a bit of cleanup of core fetching
Some data, like the library context, were passed both through higher
level callback structures and through arguments to those same higher
l
CORE: Do a bit of cleanup of core fetching
Some data, like the library context, were passed both through higher
level callback structures and through arguments to those same higher
level callbacks. This is a bit unnecessary, so we rearrange the
callback arguments to simply pass that callback structure and rely on
the higher level fetching functionality to pick out what data they
need from that structure.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15750)
show more ...
|
| #
5a5d90ff |
| 14-Jun-2021 |
Matt Caswell |
Clean up the encoder/decoder/loader stores before providers
We already had the evp method store being cleaned up before the provider
store was. This prevents issues where the method clea
Clean up the encoder/decoder/loader stores before providers
We already had the evp method store being cleaned up before the provider
store was. This prevents issues where the method clean up functions cause
providers to clean up, which then needs access to the provider store. We
extend the same thinking to the encoder/decoder/loader stores.
Fixes #15727
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15741)
show more ...
|
| #
29b3fdad |
| 10-Jun-2021 |
Richard Levitte |
Refactor OSSL_STORE_LOADER_do_all_provided() to behave like OSSL_STORE_LOADER_fetch()
This is refactored to use inner_loader_fetch() without any given name,
which is just there to ensure
Refactor OSSL_STORE_LOADER_do_all_provided() to behave like OSSL_STORE_LOADER_fetch()
This is refactored to use inner_loader_fetch() without any given name,
which is just there to ensure all decoder implementations are made
into methods, and then use ossl_method_store_do_all() to list them
all.
This also adds the internal ossl_store_loader_do_all_prefetched(),
which can be used if pre-fetching needs to be done separately from
listing all the decoder implementations, or if listing may happen
multiple times.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15604)
show more ...
|
| #
9067cf6c |
| 14-Jun-2021 |
Richard Levitte |
CORE: Move away the allocation of the temporary no_cache method store
The responsibility for managing the temporary store for methods from
algorithm implementations flaged "no_store" is
CORE: Move away the allocation of the temporary no_cache method store
The responsibility for managing the temporary store for methods from
algorithm implementations flaged "no_store" is moved up to the diverse
method fetching functions. This allows them to allocate it "just in
time", or in other words not at all if there is not such algorithm
implementation.
This makes this temporary store more flexible if it's needed outside
of the core fetching functionality, and slightly faster when this
temporary store isn't necessary at all.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15737)
show more ...
|
| #
6309b799 |
| 10-Jun-2021 |
Richard Levitte |
STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions
The argument order was different on this one.
Fixes #15688
Reviewed-by: Matt Caswell <matt@o
STORE: Make OSSL_STORE_LOADER_fetch() consistent with all other fetch functions
The argument order was different on this one.
Fixes #15688
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15689)
show more ...
|
| #
45e6e507 |
| 01-Jun-2021 |
Pauli |
store: include internal header
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
|
| #
bcd5d3a2 |
| 01-Jun-2021 |
Pauli |
libcrypto: make XXX_get_number() internal
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15564)
|
| #
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name
For functions that exist in 1.1.1 provide a simple aliases via #define.
Fixes #15236
Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_,
EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_,
EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_,
EVP_MD_, and EVP_CIPHER_ prefixes are renamed.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16 |
|
| #
a16d2174 |
| 26-Apr-2021 |
Matt Caswell |
Add the ability for ex_data to have a priority
Where an object has multiple ex_data associated with it, then we free that
ex_data in order of priority (high priority first).
Rev
Add the ability for ex_data to have a priority
Where an object has multiple ex_data associated with it, then we free that
ex_data in order of priority (high priority first).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
| #
30573117 |
| 06-Apr-2021 |
Nan Xiao |
Fix typo in store_meth.c
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/o
Fix typo in store_meth.c
CLA: trivial
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14776)
show more ...
|
