diff options
| author | Hugo Landau <hlandau@openssl.org> | 2022-03-14 09:13:12 +0100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2022-04-01 01:49:19 +0200 |
| commit | 927d0566ded0dff9d6c5abc8a40bb84068446b76 (patch) | |
| tree | c6d898a04aaa2062c9a74cb9c89ce25fa9680a41 /providers | |
| parent | disable 5x interleave on buffers shorter than 512 bytes: 3% speedup on Graviton2 (diff) | |
| download | openssl-927d0566ded0dff9d6c5abc8a40bb84068446b76.tar.xz openssl-927d0566ded0dff9d6c5abc8a40bb84068446b76.zip | |
Refactor OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA
This refactors OSSL_LIB_CTX to avoid using CRYPTO_EX_DATA. The assorted
objects to be managed by OSSL_LIB_CTX are hardcoded and are initialized
eagerly rather than lazily, which avoids the need for locking on access
in most cases.
Fixes #17116.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17881)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/fips/fipsprov.c | 27 | ||||
| -rw-r--r-- | providers/implementations/rands/crngt.c | 14 | ||||
| -rw-r--r-- | providers/implementations/rands/drbg.c | 14 |
3 files changed, 16 insertions, 39 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index f4605dcd6c..8bd61654e8 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -22,6 +22,7 @@ #include "prov/provider_util.h" #include "prov/seeding.h" #include "self_test.h" +#include "crypto/context.h" static const char FIPS_DEFAULT_PROPERTIES[] = "provider=fips,fips=yes"; static const char FIPS_UNAPPROVED_PROPERTIES[] = "provider=fips,fips=no"; @@ -78,7 +79,7 @@ typedef struct fips_global_st { const char *fips_security_check_option; } FIPS_GLOBAL; -static void *fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) +void *ossl_fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = OPENSSL_zalloc(sizeof(*fgbl)); @@ -90,18 +91,11 @@ static void *fips_prov_ossl_ctx_new(OSSL_LIB_CTX *libctx) return fgbl; } -static void fips_prov_ossl_ctx_free(void *fgbl) +void ossl_fips_prov_ossl_ctx_free(void *fgbl) { OPENSSL_free(fgbl); } -static const OSSL_LIB_CTX_METHOD fips_prov_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - fips_prov_ossl_ctx_new, - fips_prov_ossl_ctx_free, -}; - - /* Parameters we provide to the core */ static const OSSL_PARAM fips_param_types[] = { OSSL_PARAM_DEFN(OSSL_PROV_PARAM_NAME, OSSL_PARAM_UTF8_PTR, NULL, 0), @@ -170,8 +164,7 @@ static int fips_get_params(void *provctx, OSSL_PARAM params[]) { OSSL_PARAM *p; FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) @@ -208,8 +201,7 @@ static void set_self_test_cb(FIPS_GLOBAL *fgbl) static int fips_self_test(void *provctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(ossl_prov_ctx_get0_libctx(provctx), - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); set_self_test_cb(fgbl); return SELF_TEST_post(&fgbl->selftest_params, 1) ? 1 : 0; @@ -666,8 +658,7 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle, goto err; } - if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method)) == NULL) + if ((fgbl = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_FIPS_PROV_INDEX)) == NULL) goto err; fgbl->handle = handle; @@ -812,8 +803,7 @@ int ERR_pop_to_mark(void) const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); if (fgbl == NULL) return NULL; @@ -891,8 +881,7 @@ int BIO_snprintf(char *buf, size_t n, const char *format, ...) int FIPS_security_check_enabled(OSSL_LIB_CTX *libctx) { FIPS_GLOBAL *fgbl = ossl_lib_ctx_get_data(libctx, - OSSL_LIB_CTX_FIPS_PROV_INDEX, - &fips_prov_ossl_ctx_method); + OSSL_LIB_CTX_FIPS_PROV_INDEX); return fgbl->fips_security_checks; } diff --git a/providers/implementations/rands/crngt.c b/providers/implementations/rands/crngt.c index 4095994bda..50d4a429da 100644 --- a/providers/implementations/rands/crngt.c +++ b/providers/implementations/rands/crngt.c @@ -23,6 +23,7 @@ #include "crypto/rand_pool.h" #include "drbg_local.h" #include "prov/seeding.h" +#include "crypto/context.h" typedef struct crng_test_global_st { unsigned char crngt_prev[EVP_MAX_MD_SIZE]; @@ -52,7 +53,7 @@ static int crngt_get_entropy(PROV_CTX *provctx, const EVP_MD *digest, return 0; } -static void rand_crng_ossl_ctx_free(void *vcrngt_glob) +void ossl_rand_crng_ctx_free(void *vcrngt_glob) { CRNG_TEST_GLOBAL *crngt_glob = vcrngt_glob; @@ -61,7 +62,7 @@ static void rand_crng_ossl_ctx_free(void *vcrngt_glob) OPENSSL_free(crngt_glob); } -static void *rand_crng_ossl_ctx_new(OSSL_LIB_CTX *ctx) +void *ossl_rand_crng_ctx_new(OSSL_LIB_CTX *ctx) { CRNG_TEST_GLOBAL *crngt_glob = OPENSSL_zalloc(sizeof(*crngt_glob)); @@ -82,12 +83,6 @@ static void *rand_crng_ossl_ctx_new(OSSL_LIB_CTX *ctx) return crngt_glob; } -static const OSSL_LIB_CTX_METHOD rand_crng_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - rand_crng_ossl_ctx_new, - rand_crng_ossl_ctx_free, -}; - static int prov_crngt_compare_previous(const unsigned char *prev, const unsigned char *cur, size_t sz) @@ -113,8 +108,7 @@ size_t ossl_crngt_get_entropy(PROV_DRBG *drbg, int crng_test_pass = 1; OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx); CRNG_TEST_GLOBAL *crngt_glob - = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_RAND_CRNGT_INDEX, - &rand_crng_ossl_ctx_method); + = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_RAND_CRNGT_INDEX); OSSL_CALLBACK *stcb = NULL; void *stcbarg = NULL; OSSL_SELF_TEST *st = NULL; diff --git a/providers/implementations/rands/drbg.c b/providers/implementations/rands/drbg.c index 16d382dced..99e37d7bbf 100644 --- a/providers/implementations/rands/drbg.c +++ b/providers/implementations/rands/drbg.c @@ -21,6 +21,7 @@ #include "crypto/rand_pool.h" #include "prov/provider_ctx.h" #include "prov/providercommon.h" +#include "crypto/context.h" /* * Support framework for NIST SP 800-90A DRBG @@ -274,7 +275,7 @@ typedef struct prov_drbg_nonce_global_st { * to be in a different global data object. Otherwise we will go into an * infinite recursion loop. */ -static void *prov_drbg_nonce_ossl_ctx_new(OSSL_LIB_CTX *libctx) +void *ossl_prov_drbg_nonce_ctx_new(OSSL_LIB_CTX *libctx) { PROV_DRBG_NONCE_GLOBAL *dngbl = OPENSSL_zalloc(sizeof(*dngbl)); @@ -290,7 +291,7 @@ static void *prov_drbg_nonce_ossl_ctx_new(OSSL_LIB_CTX *libctx) return dngbl; } -static void prov_drbg_nonce_ossl_ctx_free(void *vdngbl) +void ossl_prov_drbg_nonce_ctx_free(void *vdngbl) { PROV_DRBG_NONCE_GLOBAL *dngbl = vdngbl; @@ -302,12 +303,6 @@ static void prov_drbg_nonce_ossl_ctx_free(void *vdngbl) OPENSSL_free(dngbl); } -static const OSSL_LIB_CTX_METHOD drbg_nonce_ossl_ctx_method = { - OSSL_LIB_CTX_METHOD_DEFAULT_PRIORITY, - prov_drbg_nonce_ossl_ctx_new, - prov_drbg_nonce_ossl_ctx_free, -}; - /* Get a nonce from the operating system */ static size_t prov_drbg_get_nonce(PROV_DRBG *drbg, unsigned char **pout, size_t min_len, size_t max_len) @@ -316,8 +311,7 @@ static size_t prov_drbg_get_nonce(PROV_DRBG *drbg, unsigned char **pout, unsigned char *buf = NULL; OSSL_LIB_CTX *libctx = ossl_prov_ctx_get0_libctx(drbg->provctx); PROV_DRBG_NONCE_GLOBAL *dngbl - = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DRBG_NONCE_INDEX, - &drbg_nonce_ossl_ctx_method); + = ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_DRBG_NONCE_INDEX); struct { void *drbg; int count; |