#
20b6d85a |
| 20-Apr-2022 |
Richard Levitte |
Drop ossl_provider_clear_all_operation_bits() and all uses of it This is a misused function, as it was called during query cache flush, when the provider operation bits were meant to rec
Drop ossl_provider_clear_all_operation_bits() and all uses of it This is a misused function, as it was called during query cache flush, when the provider operation bits were meant to record if methods for a certain operation has already been added to the method store. Fixes #18150 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18151)
show more ...
|
#
cad22202 |
| 09-Nov-2021 |
Matt Caswell |
Stop receiving child callbacks in a child libctx when appropriate We should stop receiving child callbacks if we're about to free up the child libctx. Otherwise we can get callbacks when
Stop receiving child callbacks in a child libctx when appropriate We should stop receiving child callbacks if we're about to free up the child libctx. Otherwise we can get callbacks when the libctx is half freed up. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16980)
show more ...
|
#
c59fc87b |
| 05-Nov-2021 |
Matt Caswell |
Don't attempt to deactive child providers if we don't need to If a provider doesn't have any child providers then there is no need to attempt to remove them - so we should not do so. Thi
Don't attempt to deactive child providers if we don't need to If a provider doesn't have any child providers then there is no need to attempt to remove them - so we should not do so. This removes some potentialy thread races. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16980)
show more ...
|
#
90c31131 |
| 07-Nov-2021 |
Pauli |
prov: remove unused field `flag_fallback` and function `ossl_provider_set_fallback` These are legacy of older versions of the code and are currently not used anywhere. Reviewed-
prov: remove unused field `flag_fallback` and function `ossl_provider_set_fallback` These are legacy of older versions of the code and are currently not used anywhere. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16985)
show more ...
|
#
59a783d0 |
| 22-Jun-2021 |
Matt Caswell |
Fix a race in ossl_provider_add_to_store() If two threads both attempt to load the same provider at the same time, they will first both check to see if the provider already exists. If it
Fix a race in ossl_provider_add_to_store() If two threads both attempt to load the same provider at the same time, they will first both check to see if the provider already exists. If it doesn't then they will both then create new provider objects and call the init function. However only one of the threads will be successful in adding the provider to the store. For the "losing" thread we should still return "success", but we should deinitialise and free the no longer required provider object, and return the object that exists in the store. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
show more ...
|
#
814c2018 |
| 21-Jun-2021 |
Matt Caswell |
Merge ossl_provider_activate() and ossl_provider_activate_child() These 2 functions have become so close to each other that they may as well be just one function. Reviewed-by: P
Merge ossl_provider_activate() and ossl_provider_activate_child() These 2 functions have become so close to each other that they may as well be just one function. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
show more ...
|
#
eb2263da |
| 21-Jun-2021 |
Matt Caswell |
Set use_fallbacks to zero when we add a provider to the store Update use_fallbacks to zero when we add a provider to the store rather than when we activate it. Its only at the point that
Set use_fallbacks to zero when we add a provider to the store Update use_fallbacks to zero when we add a provider to the store rather than when we activate it. Its only at the point that we add it to the store that it is actually usable and visible to other threads. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
show more ...
|
#
d5fbd5b4 |
| 21-Jun-2021 |
Matt Caswell |
Remove flag_couldbechild Now that a provider is no longer put into the store until after it has been activated we don't need flag_couldbechild any more. This flag was used to indicat
Remove flag_couldbechild Now that a provider is no longer put into the store until after it has been activated we don't need flag_couldbechild any more. This flag was used to indicate whether a provider was eligible for conversion into a child provider or not. This was only really interesting for predefined providers that were automatically created. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
show more ...
|
#
29aff653 |
| 21-Jun-2021 |
Matt Caswell |
Add a new provider to the store only after we activate it Rather than creating the provider, adding to the store and then activating it, we do things the other way around, i.e. activate
Add a new provider to the store only after we activate it Rather than creating the provider, adding to the store and then activating it, we do things the other way around, i.e. activate first and then add to the store. This means that the activation should occur before other threads are aware of the provider. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
show more ...
|
#
8d4dec0d |
| 18-Jun-2021 |
Matt Caswell |
Instantiate predefined providers just-in-time Previously we instantiated all the predefined providers at the point that we create the provider store. Instead we move them to be instantia
Instantiate predefined providers just-in-time Previously we instantiated all the predefined providers at the point that we create the provider store. Instead we move them to be instantiated as we need them. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15854)
show more ...
|
Revision tags: openssl-3.0.0-alpha17 |
|
#
447588b6 |
| 07-May-2021 |
Matt Caswell |
Add a callback for providers to know about global properties changes Where a child libctx is in use it needs to know what the current global properties are. Reviewed-by: Paul Da
Add a callback for providers to know about global properties changes Where a child libctx is in use it needs to know what the current global properties are. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15242)
show more ...
|
#
36a89c04 |
| 13-May-2021 |
Matt Caswell |
Init the child providers immediately on creation of the child libctx We were deferring the initial creation of the child providers until the first fetch. This is a carry over from an ear
Init the child providers immediately on creation of the child libctx We were deferring the initial creation of the child providers until the first fetch. This is a carry over from an earlier iteration of the child lib ctx development and is no longer necessary. In fact we need to init the child providers immediately otherwise not all providers quite init correctly. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15270)
show more ...
|
Revision tags: openssl-3.0.0-alpha16 |
|
#
abaa2dd2 |
| 04-May-2021 |
Matt Caswell |
Don't convert pre-existing providers into children If a provider explicitly loads another provider into a child libctx where it wasn't previously loaded then we don't start treating it l
Don't convert pre-existing providers into children If a provider explicitly loads another provider into a child libctx where it wasn't previously loaded then we don't start treating it like a child if the parent libctx subsequently loads the same provider. Fixes #14925 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
#
8c627075 |
| 29-Apr-2021 |
Matt Caswell |
Add support for child provider to up_ref/free their parent If the ref counts on a child provider change, then this needs to be reflected in the parent so we add callbacks to do this.
Add support for child provider to up_ref/free their parent If the ref counts on a child provider change, then this needs to be reflected in the parent so we add callbacks to do this. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
Revision tags: openssl-3.0.0-alpha15 |
|
#
f12a5690 |
| 21-Apr-2021 |
Matt Caswell |
Add the concept of a child OSSL_LIB_CTX Add a child OSSL_LIB_CTX that will mirror the providers loaded into the parent libctx. This is useful for providers that want to use algorithms
Add the concept of a child OSSL_LIB_CTX Add a child OSSL_LIB_CTX that will mirror the providers loaded into the parent libctx. This is useful for providers that want to use algorithms from other providers and just need to inherit the providers used by the application. Fixes #14925 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14991)
show more ...
|
#
0090e508 |
| 27-Apr-2021 |
Pauli |
provider: flush the store cache when providers are loaded/unloaded. When the providers change, the method cache needs to be flushed. This also impacts the cache is full partial flushes
provider: flush the store cache when providers are loaded/unloaded. When the providers change, the method cache needs to be flushed. This also impacts the cache is full partial flushes and the algorithm flushing by ID. A new function is introduced to clear all of the operation bits in all providers in a library context. Fixes #15032 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15042)
show more ...
|
Revision tags: openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
8f089576 |
| 10-Mar-2021 |
Pauli |
rename ossl_provider_forall_loaded to ossl_provider_doall_activated Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14489)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7 |
|
#
b0001d0c |
| 25-Sep-2020 |
Pauli |
provider: add an unquery function to allow providers to clean up. Without this, a provider has no way to know that an application has finished with the array it returned earlier. A non
provider: add an unquery function to allow providers to clean up. Without this, a provider has no way to know that an application has finished with the array it returned earlier. A non-caching provider requires this information. Fixes #12974 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12974)
show more ...
|
#
299f5ff3 |
| 17-Feb-2021 |
Pauli |
provider: add option to load a provider without disabling the fallbacks. Add an argument to PROVIDER_try_load() that permits a provider to be loaded without changing the fallback status.
provider: add option to load a provider without disabling the fallbacks. Add an argument to PROVIDER_try_load() that permits a provider to be loaded without changing the fallback status. This is useful when an additional provider needs to be loaded without perturbing any other setup. E.g. adding mock providers as part of unit testing. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652)
show more ...
|
#
a28d06f3 |
| 18-Feb-2021 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235)
|
#
3a111aad |
| 06-Feb-2021 |
FdaSilvaYY |
include/internal: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from ht
include/internal: add a few missing #pragma once directives Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/14096)
show more ...
|
#
390f9bad |
| 16-Dec-2020 |
Richard Levitte |
CORE: Separate OSSL_PROVIDER activation from OSSL_PROVIDER reference This introduces a separate activation counter, and the function ossl_provider_deactivate() for provider deactivation.
CORE: Separate OSSL_PROVIDER activation from OSSL_PROVIDER reference This introduces a separate activation counter, and the function ossl_provider_deactivate() for provider deactivation. Something to be noted is that if the reference count goes down to zero, we don't care if the activation count is non-zero (i.e. someone forgot to call ossl_provider_deactivate()). Since there are no more references to the provider, it doesn't matter. The important thing is that deactivation doesn't remove the provider as long as there are references to it, for example because there are live methods associated with that provider, but still makes the provider unavailable to create new methods from. Fixes #13503 Fixes #12157 Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13661)
show more ...
|
#
a829b735 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term
Rename some occurrences of 'library_context' and 'lib_ctx' to 'libctx' This change makes the naming more consistent, because three different terms were used for the same thing. (The term libctx was used by far most often.) Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
#
b4250010 |
| 15-Oct-2020 |
Dr. Matthias St. Pierre |
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER.
Rename OPENSSL_CTX prefix to OSSL_LIB_CTX Many of the new types introduced by OpenSSL 3.0 have an OSSL_ prefix, e.g., OSSL_CALLBACK, OSSL_PARAM, OSSL_ALGORITHM, OSSL_SERIALIZER. The OPENSSL_CTX type stands out a little by using a different prefix. For consistency reasons, this type is renamed to OSSL_LIB_CTX. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12621)
show more ...
|
Revision tags: OpenSSL_1_1_1h |
|
#
ebe3f24b |
| 13-Aug-2020 |
Pauli |
provider: disable fall-backs if OSSL_PROVIDER_load() fails. If an attempt is made to load a provider and it fails, the fall-back mechanism should be disabled to prevent the user getting
provider: disable fall-backs if OSSL_PROVIDER_load() fails. If an attempt is made to load a provider and it fails, the fall-back mechanism should be disabled to prevent the user getting some weird happening. E.g. a failure to load the FIPS provider should not allow the default to load as a fall-back. The OSSL_PROVIDER_try_load() call has been added, to allow a provider to be loaded without disabling the fall-back mechanism if it fails. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12625)
show more ...
|