diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 10:06:52 +0200 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-08-09 10:06:52 +0200 |
commit | 04cb5ec0b74896fe806625ac4d87e3396890f246 (patch) | |
tree | 558c92ddf1b1fb2421d9f3f9aae3c82595a94830 /crypto/provider.c | |
parent | Add some of the missing CMS API documentation (diff) | |
download | openssl-04cb5ec0b74896fe806625ac4d87e3396890f246.tar.xz openssl-04cb5ec0b74896fe806625ac4d87e3396890f246.zip |
Add 'on demand self test' and status test to providers
The default and legacy providers currently return 1 for status and self test checks.
Added test to show the 3 different stages the self test can be run (for installation, loading and on demand).
For the fips provider:
- If the on demand self test fails, then any subsequent fetches should also fail. To implement this the
cached algorithms are flushed on failure.
- getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core
libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at
any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11752)
Diffstat (limited to 'crypto/provider.c')
-rw-r--r-- | crypto/provider.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/provider.c b/crypto/provider.c index 8646aef771..40c837d8c0 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -10,6 +10,7 @@ #include <openssl/err.h> #include <openssl/cryptoerr.h> #include <openssl/provider.h> +#include <openssl/core_names.h> #include "internal/provider.h" OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) @@ -69,6 +70,11 @@ void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov) return ossl_provider_prov_ctx(prov); } +int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov) +{ + return ossl_provider_self_test(prov); +} + int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov, const char *capability, OSSL_CALLBACK *cb, |