Replumbing: offer a core upcall to get the provider object's library context#9160
Replumbing: offer a core upcall to get the provider object's library context#9160levitte wants to merge 7 commits intoopenssl:masterfrom
Conversation
…context The FIPS module currently has "magic" support to have the library context become the provider context within the core code, for the FIPS module's inner provider. We replace that with a core upcall that returns the library context associated with a provider object. That way, the FIPS module can handle the assignment of the inner provider context itself. This allows the FIPS module (and any other provider module that wishes to use a similar mechanism) to define for itself what the provider context is. It's currently simply a pointer to a library context, but may contain other stuff as well in the future.
|
The link that chains this whole thing together is that for the FIPS module, every call of functions taking an Why that macro? Well yeah, for the moment it's a no-op, but imagine a future where the provider context we use is a structure in its own right, that contains more than just the library context... if we don't nip that bud now, we'll have a hell of a fun time chasing down every use of the provider context some time in the future. |
| * To be used anywhere the library context needs to be passed, such as to | ||
| * fetching functions. | ||
| */ | ||
| #define PROV_LIBRARY_CONTEXT_OF(provctx) (provctx) |
There was a problem hiding this comment.
I'm missing the point of this macro
There was a problem hiding this comment.
Ok, I get it now. Perhaps add an explicit cast to OPENSSL_CTX?
There was a problem hiding this comment.
Dunno... I'll leave that alone for now, I have some ideas on how to make the provider context more secure, type wise. That's a matter for another PR
|
We might as well use |
|
Ping |
…context The FIPS module currently has "magic" support to have the library context become the provider context within the core code, for the FIPS module's inner provider. We replace that with a core upcall that returns the library context associated with a provider object. That way, the FIPS module can handle the assignment of the inner provider context itself. This allows the FIPS module (and any other provider module that wishes to use a similar mechanism) to define for itself what the provider context is. It's currently simply a pointer to a library context, but may contain other stuff as well in the future. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #9160)
Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #9160)
…text upcall Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #9160)
The FIPS module currently has "magic" support to have the library
context become the provider context within the core code, for the FIPS
module's inner provider.
We replace that with a core upcall that returns the library context
associated with a provider object. That way, the FIPS module can
handle the assignment of the inner provider context itself. This
allows the FIPS module (and any other provider module that wishes to
use a similar mechanism) to define for itself what the provider
context is. It's currently simply a pointer to a library context,
but may contain other stuff as well in the future.