Fix a race in ossl_provider_add_to_store()

If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it

Fix a race in ossl_provider_add_to_store()

If two threads both attempt to load the same provider at the same time,
they will first both check to see if the provider already exists. If it
doesn't then they will both then create new provider objects and call the
init function. However only one of the threads will be successful in adding
the provider to the store. For the "losing" thread we should still return
"success", but we should deinitialise and free the no longer required
provider object, and return the object that exists in the store.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Move OPENSSL_add_builtin back into provider.c

An earlier stage of the refactor in the last few commits moved this
function out of provider.c because it needed access to the provider

Move OPENSSL_add_builtin back into provider.c

An earlier stage of the refactor in the last few commits moved this
function out of provider.c because it needed access to the provider
structure internals. The final version however no longer needs this so
it is moved back again.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Update documentation following updates to the provider code

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/ope

Update documentation following updates to the provider code

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

make struct provider_info_st a full type

Create the OSSL_PROVIDER_INFO to replace struct provider_info_st.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <to

make struct provider_info_st a full type

Create the OSSL_PROVIDER_INFO to replace struct provider_info_st.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Don't skip the current provider in ossl_provider_register_child_cb

This restriction was in place to avoid problems with recursive attempts
to aquire the flag lock/store lock from within

Don't skip the current provider in ossl_provider_register_child_cb

This restriction was in place to avoid problems with recursive attempts
to aquire the flag lock/store lock from within a provider's init function.
Since those locks are no longer held when calling the init function there
is no reason for the restriction any more.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Add a test to check that RAND_bytes_ex() works with a child lib ctx

Previously, when locks were held while calling a provider init function,
then RAND_bytes_ex() would fail if called fro

Add a test to check that RAND_bytes_ex() works with a child lib ctx

Previously, when locks were held while calling a provider init function,
then RAND_bytes_ex() would fail if called from the init function and
used in conjunction with a child lib ctx. We add an explicit test of that.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Don't hold any locks while calling the provider init function

Previously providers were added to the store first, and then subsequently
initialised. This meant that during initialisation

Don't hold any locks while calling the provider init function

Previously providers were added to the store first, and then subsequently
initialised. This meant that during initialisation the provider object
could be shared between multiple threads and hence the locks needed to be
held. However this causes problems because the provider init function is
essentially a user callback and could do virtually anything. There are
many API calls that could be invoked that could subsequently attempt to
acquire the locks. This will fail because the locks are already held.

However, now we have refactored things so that the provider is created and
initialised before being added to the store. Therefore at the point of
initialisation the provider object is not shared with other threads and so
no locks need to be held.

Fixes #15793
Fixes #15712

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Only associate a provider with a store once it has been added to it

This means we can distinguish providers that have been added to the
store, and those which haven't yet been.

Only associate a provider with a store once it has been added to it

This means we can distinguish providers that have been added to the
store, and those which haven't yet been.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Merge ossl_provider_activate() and ossl_provider_activate_child()

These 2 functions have become so close to each other that they may as well
be just one function.

Reviewed-by: P

Merge ossl_provider_activate() and ossl_provider_activate_child()

These 2 functions have become so close to each other that they may as well
be just one function.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Set use_fallbacks to zero when we add a provider to the store

Update use_fallbacks to zero when we add a provider to the store rather
than when we activate it. Its only at the point that

Set use_fallbacks to zero when we add a provider to the store

Update use_fallbacks to zero when we add a provider to the store rather
than when we activate it. Its only at the point that we add it to the store
that it is actually usable and visible to other threads.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Remove flag_couldbechild

Now that a provider is no longer put into the store until after it has
been activated we don't need flag_couldbechild any more. This flag was
used to indicat

Remove flag_couldbechild

Now that a provider is no longer put into the store until after it has
been activated we don't need flag_couldbechild any more. This flag was
used to indicate whether a provider was eligible for conversion into a
child provider or not. This was only really interesting for predefined
providers that were automatically created.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Add a new provider to the store only after we activate it

Rather than creating the provider, adding to the store and then activating
it, we do things the other way around, i.e. activate

Add a new provider to the store only after we activate it

Rather than creating the provider, adding to the store and then activating
it, we do things the other way around, i.e. activate first and then add to
the store. This means that the activation should occur before other threads
are aware of the provider.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Instantiate configuration supplied providers when we need them

If provider specified in a config file are not "activated" then we defer
instantiating the provider object until it is actu

Instantiate configuration supplied providers when we need them

If provider specified in a config file are not "activated" then we defer
instantiating the provider object until it is actually needed.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Instantiate user-added builtin providers when we need them

Previously we created the provider object for builtin providers at the
point that OPENSSL_add_builtin() was called. Instead we

Instantiate user-added builtin providers when we need them

Previously we created the provider object for builtin providers at the
point that OPENSSL_add_builtin() was called. Instead we delay that until
the provider is actually loaded.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

Instantiate predefined providers just-in-time

Previously we instantiated all the predefined providers at the point that
we create the provider store. Instead we move them to be instantia

Instantiate predefined providers just-in-time

Previously we instantiated all the predefined providers at the point that
we create the provider store. Instead we move them to be instantiated as we
need them.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15854)

show more ...

OSSL_DECODER_from_bio: Avoid spurious decoder error

If there are any new errors reported we avoid raising the
OSSL_DECODER_from_bio:unsupported error.

Fixes #14566

Revi

OSSL_DECODER_from_bio: Avoid spurious decoder error

If there are any new errors reported we avoid raising the
OSSL_DECODER_from_bio:unsupported error.

Fixes #14566

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15878)

show more ...

epki2pki_decode: passphrase callback failure is fatal error

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15878)

ossl_pw_get_passphrase: No ui method does not necessarily mean internal error

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15878)

Documentation: SM2 keys can use only the SM2 curve

Fixes #14411

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15875)

simpledynamic: Add missing include for AIX builds

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.o

simpledynamic: Add missing include for AIX builds

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15874)

show more ...

TEST: Modify simpledynamic.[ch] to allow use on VMS as well

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/ope

TEST: Modify simpledynamic.[ch] to allow use on VMS as well

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15872)

show more ...

test/recipes/90-test_shlibload.t: Modify to work with known file names

Using File::Temp::tempfile() is admirable, but isn't necessary for the
sort of thing we use it for.

Furthe

test/recipes/90-test_shlibload.t: Modify to work with known file names

Using File::Temp::tempfile() is admirable, but isn't necessary for the
sort of thing we use it for.

Furthermore, since tempfile() returns an opened file handle for
reading for the file in question, it may have effect that the file
becomes unwritable. This is the default on VMS, and since tempfile()
doesn't seem to have any option to affect this, it means that
test/shlibloadtest.c can't write the magic line to that file.

Also, if we consider forensics, to be able to see what a test produced
to determine what went wrong, it's better to use specific and known
file names.

Therefore, this test is modified to use well known file names, and to
open them for reading after the shlibloadtest program has been run
instead of before.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15872)

show more ...

property: remove spurious incorrect comments

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15871)

property: add locking for the property string database

This previously relied on the caller locking the property store correctly.
This is no longer the case so the string database now re

property: add locking for the property string database

This previously relied on the caller locking the property store correctly.
This is no longer the case so the string database now requires locking.

Fixes #15866

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15871)

show more ...

err: add unable to get lock errors

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15871)