diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 10:06:52 +0200 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 10:06:52 +0200 |
| commit | 04cb5ec0b74896fe806625ac4d87e3396890f246 (patch) | |
| tree | 558c92ddf1b1fb2421d9f3f9aae3c82595a94830 /crypto/property | |
| parent | Add some of the missing CMS API documentation (diff) | |
| download | openssl-04cb5ec0b74896fe806625ac4d87e3396890f246.tar.xz openssl-04cb5ec0b74896fe806625ac4d87e3396890f246.zip | |
Add 'on demand self test' and status test to providers
The default and legacy providers currently return 1 for status and self test checks.
Added test to show the 3 different stages the self test can be run (for installation, loading and on demand).
For the fips provider:
- If the on demand self test fails, then any subsequent fetches should also fail. To implement this the
cached algorithms are flushed on failure.
- getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core
libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at
any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11752)
Diffstat (limited to 'crypto/property')
| -rw-r--r-- | crypto/property/property.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/crypto/property/property.c b/crypto/property/property.c index 645e361b0a..cb82f8956b 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -394,10 +394,19 @@ fin: return ret; } -static void impl_cache_flush_alg(ossl_uintmax_t idx, ALGORITHM *alg) +static void impl_cache_flush_alg(ossl_uintmax_t idx, ALGORITHM *alg, void *arg) { + SPARSE_ARRAY_OF(ALGORITHM) *algs = arg; + lh_QUERY_doall(alg->cache, &impl_cache_free); - lh_QUERY_flush(alg->cache); + if (algs != NULL) { + sk_IMPLEMENTATION_pop_free(alg->impls, &impl_free); + lh_QUERY_free(alg->cache); + OPENSSL_free(alg); + ossl_sa_ALGORITHM_set(algs, idx, NULL); + } else { + lh_QUERY_flush(alg->cache); + } } static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid) @@ -406,14 +415,16 @@ static void ossl_method_cache_flush(OSSL_METHOD_STORE *store, int nid) if (alg != NULL) { store->nelem -= lh_QUERY_num_items(alg->cache); - impl_cache_flush_alg(0, alg); + impl_cache_flush_alg(0, alg, NULL); } } -void ossl_method_store_flush_cache(OSSL_METHOD_STORE *store) +void ossl_method_store_flush_cache(OSSL_METHOD_STORE *store, int all) { + void *arg = (all != 0 ? store->algs : NULL); + ossl_property_write_lock(store); - ossl_sa_ALGORITHM_doall(store->algs, &impl_cache_flush_alg); + ossl_sa_ALGORITHM_doall_arg(store->algs, &impl_cache_flush_alg, arg); store->nelem = 0; ossl_property_unlock(store); } |