Fix new typos found by codespell Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23545)
evp_fetch.c: Check meth_id instead of name_id Fixes #23226 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23238)
gate calling of evp_method_id on having a non-zero name id If a name is passed to EVP_<OBJ>_fetch of the form: name1:name2:name3 The names are parsed on the separator ':' and added to the store, but during the lookup in inner_evp_generic_fetch, the subsequent search of the store uses the full name1:name2:name3 string, which fails lookup, and causes subsequent assertion failures in evp_method_id. instead catch the failure in inner_evp_generic_fetch and return an error code if the name_id against a colon separated list of names fails. This provides a graceful error return path without asserts, and leaves room for a future feature in which such formatted names can be parsed and searched for iteratively Add a simple test to verify that providing a colon separated name results in an error indicating an invalid lookup. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/23110)
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
Remove include/internal/decoder.h, as it's superfluous The routines declared in there are entirely libcrypto internal, so include/crypto/decoder.h is better suited for them. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/21733)
Optimise PKEY decoders The most expensive part of using a PKEY decoder is the OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder chains, which is a complex and time consuming operation. However, if no new providers have been loaded/unloaded since the last time it was called we can expect the same results for the same parameters. Note that this operation takes place *before* we event parse the data for decoding so it is not dependent on the parsed data at all. We introduce a cache for OSSL_DECODER_CTX objects. If we have been called with the same parameters then we just duplicate an existing OSSL_DECODER_CTX. This should be significantly faster than creating a new one every time. Partially addressed the issue in #15199 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21426)
Stop raising ERR_R_MALLOC_FAILURE in most places Since OPENSSL_malloc() and friends report ERR_R_MALLOC_FAILURE, and at least handle the file name and line number they are called from, there's no need to report ERR_R_MALLOC_FAILURE where they are called directly, or when SSLfatal() and RLAYERfatal() is used, the reason `ERR_R_MALLOC_FAILURE` is changed to `ERR_R_CRYPTO_LIB`. There were a number of places where `ERR_R_MALLOC_FAILURE` was reported even though it was a function from a different sub-system that was called. Those places are changed to report ERR_R_{lib}_LIB, where {lib} is the name of that sub-system. Some of them are tricky to get right, as we have a lot of functions that belong in the ASN1 sub-system, and all the `sk_` calls or from the CRYPTO sub-system. Some extra adaptation was necessary where there were custom OPENSSL_malloc() wrappers, and some bugs are fixed alongside these changes. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19301)
"Reserve" the method store when constructing methods Introducing the concept of reserving the store where a number of provided operation methods are to be stored. This avoids racing when constructing provided methods, which is especially pertinent when multiple threads are trying to fetch the same method, or even any implementation for the same given operation type. This introduces a |biglock| in OSSL_METHOD_STORE, which is separate from the |lock| which is used for more internal and finer grained locking. Fixes #18152 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18153)
Remove the _fetch_by_number functions These functions are unused and untested. They are also implemented rather inefficiently. If we ever needed them in the future, they'd almost surely need to be rewritten more efficiently. Fixes #18227 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18237)
Make it possible to remove methods by the provider that provides them This adds ossl_method_store_remove_all_provided(), which selectively removes methods from the given store that are provided by the given provider. This also adds the EVP specific evp_method_store_remove_all_provided(), which matches ossl_method_store_remove_all_provided() but can also retrieve the correct store to manipulate for EVP functions. This allows us to modify ossl_provider_self_test() to do the job it's supposed to do, but through clearly defined functions instead of a cache flushing call that previously did more than that. ossl_provider_deactivate() is also modified to remove methods associated with the deactivated provider, and not just clearing the cache. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18151)
Don't empty the method store when flushing the query cache When evp_method_store_flush() flushed the query cache, it also freed all methods in the EVP method store, through an unfortunate call of ossl_method_store_flush_cache() with an argument saying that all methods should indeed be dropped. To undo some of the confusion, ossl_method_store_flush_cache() is renamed to ossl_method_store_cache_flush_all(), and limited to do only that. Some if the items in the internal ALGORITHM structure are also renamed and commented to clarify what they are for. Fixes #18150 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18151)
Remove duplicated #include headers CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18220)
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized eagerly rather than lazily, which avoids the need for locking on access in most cases. Fixes #17116. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17881)
Fixed typo in inner_evp_generic_fetch() error handling Fixes #17876 CLA: trivial Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17877)
fetch: convert a NULL property query to "" Previously, a NULL property query was never cached and this lead to a performance degregation. Now, such a query is converted to an empty string and cached. Fixes #17752 Fixes https://github.openssl.org/openssl/openssl/issues/26 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17769)
CORE: Encure that cached fetches can be done per provider This mostly entails passing around a provider pointer, and handling queries that includes a pointer to a provider, where NULL means "any". This also means that there's a need to pass the provider pointer, not just down to the cache functions, but also be able to get it from ossl_method_store_fetch(). To this end, that function's OSSL_PROVIDER pointer argument is modified to be a pointer reference, so the function can answer back what provider the method comes from. Test added. Fixes #16614 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
EVP: Add the internal function evp_generic_fetch_from_prov() This function leverages the generic possibility to fetch EVP methods from a specific provider. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
CORE: add a provider argument to ossl_method_construct() This makes it possible to limit the search of methods to that particular provider. This uses already available possibilities in ossl_algorithm_do_all(). Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16725)
Don't try and load the config file while already loading the config file Calls to the API function EVP_default_properties_enable_fips() will automatically attempt to load the default config file if it is not already loaded. Therefore this function should not be called from inside code to process the config file. Fixes #16165 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16168)