summaryrefslogtreecommitdiffstats
path: root/crypto/provider.c
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2020-08-09 10:06:52 +0200
committerShane Lontis <shane.lontis@oracle.com>2020-08-09 10:06:52 +0200
commit04cb5ec0b74896fe806625ac4d87e3396890f246 (patch)
tree558c92ddf1b1fb2421d9f3f9aae3c82595a94830 /crypto/provider.c
parentAdd some of the missing CMS API documentation (diff)
downloadopenssl-04cb5ec0b74896fe806625ac4d87e3396890f246.tar.xz
openssl-04cb5ec0b74896fe806625ac4d87e3396890f246.zip
Add 'on demand self test' and status test to providers
The default and legacy providers currently return 1 for status and self test checks. Added test to show the 3 different stages the self test can be run (for installation, loading and on demand). For the fips provider: - If the on demand self test fails, then any subsequent fetches should also fail. To implement this the cached algorithms are flushed on failure. - getting the self test callback in the fips provider is a bit complicated since the callback hangs off the core libctx (as it is set by the application) not the actual fips library context. Also the callback can be set at any time not just during the OSSL_provider_init() so it is calculated each time before doing any self test. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11752)
Diffstat (limited to 'crypto/provider.c')
-rw-r--r--crypto/provider.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/crypto/provider.c b/crypto/provider.c
index 8646aef771..40c837d8c0 100644
--- a/crypto/provider.c
+++ b/crypto/provider.c
@@ -10,6 +10,7 @@
#include <openssl/err.h>
#include <openssl/cryptoerr.h>
#include <openssl/provider.h>
+#include <openssl/core_names.h>
#include "internal/provider.h"
OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
@@ -69,6 +70,11 @@ void *OSSL_PROVIDER_get0_provider_ctx(const OSSL_PROVIDER *prov)
return ossl_provider_prov_ctx(prov);
}
+int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov)
+{
+ return ossl_provider_self_test(prov);
+}
+
int OSSL_PROVIDER_get_capabilities(const OSSL_PROVIDER *prov,
const char *capability,
OSSL_CALLBACK *cb,