Add method store cache flush and method removal to non-EVP operations

evp_method_store_flush() and evp_method_store_remove_all_provided()
only cover EVP operations, but not encoders, decoders and store loaders.
This adds corresponding methods for those as well.  Without this, their
method stores are never cleaned up when the corresponding providers are
deactivated or otherwise modified.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18151)

diff --git a/crypto/encode_decode/decoder_meth.c b/crypto/encode_decode/decoder_meth.c
index 06a6bdaa2daba57d4d11b2c65136b68573b19b6c..d622fffb2f714a60c0a33d26639c02b57dc7852e 100644 (file)
--- a/crypto/encode_decode/decoder_meth.c
+++ b/crypto/encode_decode/decoder_meth.c
@@ -427,6 +427,25 @@ OSSL_DECODER *ossl_decoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id,
     return method;
 }
 
+int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx)
+{
+    OSSL_METHOD_STORE *store = get_decoder_store(libctx);
+
+    if (store != NULL)
+        return ossl_method_store_cache_flush_all(store);
+    return 1;
+}
+
+int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov)
+{
+    OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
+    OSSL_METHOD_STORE *store = get_decoder_store(libctx);
+
+    if (store != NULL)
+        return ossl_method_store_remove_all_provided(store, prov);
+    return 1;
+}
+
 /*
  * Library of basic method functions
  */

diff --git a/crypto/encode_decode/encoder_meth.c b/crypto/encode_decode/encoder_meth.c
index aa5fb13e00ba740c1f345b7535f1066ce6bd6b7e..ad7df225442d7916a5628c088ea463da2363dbdf 100644 (file)
--- a/crypto/encode_decode/encoder_meth.c
+++ b/crypto/encode_decode/encoder_meth.c
@@ -436,6 +436,25 @@ OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id,
     return method;
 }
 
+int ossl_encoder_store_cache_flush(OSSL_LIB_CTX *libctx)
+{
+    OSSL_METHOD_STORE *store = get_encoder_store(libctx);
+
+    if (store != NULL)
+        return ossl_method_store_cache_flush_all(store);
+    return 1;
+}
+
+int ossl_encoder_store_remove_all_provided(const OSSL_PROVIDER *prov)
+{
+    OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
+    OSSL_METHOD_STORE *store = get_encoder_store(libctx);
+
+    if (store != NULL)
+        return ossl_method_store_remove_all_provided(store, prov);
+    return 1;
+}
+
 /*
  * Library of basic method functions
  */

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 8e7ed6265e23e48b7ba896d51596a9210c929933..3e2738fb32a4aad15e8ee63d4fb62c158a2c08cc 100644 (file)
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -15,7 +15,10 @@
 #include <openssl/params.h>
 #include <openssl/opensslv.h>
 #include "crypto/cryptlib.h"
+#include "crypto/decoder.h" /* ossl_decoder_store_cache_flush */
+#include "crypto/encoder.h" /* ossl_encoder_store_cache_flush */
 #include "crypto/evp.h" /* evp_method_store_cache_flush */
+#include "crypto/store.h" /* ossl_store_loader_store_cache_flush */
 #include "crypto/rand.h"
 #include "internal/nelem.h"
 #include "internal/thread_once.h"
@@ -1151,8 +1154,22 @@ static int provider_flush_store_cache(const OSSL_PROVIDER *prov)
     freeing = store->freeing;
     CRYPTO_THREAD_unlock(store->lock);
 
-    if (!freeing)
-        return evp_method_store_cache_flush(prov->libctx);
+    if (!freeing) {
+        int acc
+            = evp_method_store_cache_flush(prov->libctx)
+#ifndef FIPS_MODULE
+            + ossl_encoder_store_cache_flush(prov->libctx)
+            + ossl_decoder_store_cache_flush(prov->libctx)
+            + ossl_store_loader_store_cache_flush(prov->libctx)
+#endif
+            ;
+
+#ifndef FIPS_MODULE
+        return acc == 4;
+#else
+        return acc == 1;
+#endif
+    }
     return 1;
 }
 
@@ -1170,12 +1187,28 @@ static int provider_remove_store_methods(OSSL_PROVIDER *prov)
     CRYPTO_THREAD_unlock(store->lock);
 
     if (!freeing) {
+        int acc;
+
+        if (!CRYPTO_THREAD_read_lock(prov->opbits_lock))
+            return 0;
         OPENSSL_free(prov->operation_bits);
         prov->operation_bits = NULL;
         prov->operation_bits_sz = 0;
         CRYPTO_THREAD_unlock(prov->opbits_lock);
 
-        return evp_method_store_remove_all_provided(prov);
+        acc = evp_method_store_remove_all_provided(prov)
+#ifndef FIPS_MODULE
+            + ossl_encoder_store_remove_all_provided(prov)
+            + ossl_decoder_store_remove_all_provided(prov)
+            + ossl_store_loader_store_remove_all_provided(prov)
+#endif
+            ;
+
+#ifndef FIPS_MODULE
+        return acc == 4;
+#else
+        return acc == 1;
+#endif
     }
     return 1;
 }

diff --git a/crypto/store/store_meth.c b/crypto/store/store_meth.c
index 51af5a056ec3f0e950e1584540256ca1dc9a083c..fc9f1e60e44e7720d131c97289f7c6b71407a901 100644 (file)
--- a/crypto/store/store_meth.c
+++ b/crypto/store/store_meth.c
@@ -376,6 +376,25 @@ OSSL_STORE_LOADER *ossl_store_loader_fetch_by_number(OSSL_LIB_CTX *libctx,
     return method;
 }
 
+int ossl_store_loader_store_cache_flush(OSSL_LIB_CTX *libctx)
+{
+    OSSL_METHOD_STORE *store = get_loader_store(libctx);
+
+    if (store != NULL)
+        return ossl_method_store_cache_flush_all(store);
+    return 1;
+}
+
+int ossl_store_loader_store_remove_all_provided(const OSSL_PROVIDER *prov)
+{
+    OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
+    OSSL_METHOD_STORE *store = get_loader_store(libctx);
+
+    if (store != NULL)
+        return ossl_method_store_remove_all_provided(store, prov);
+    return 1;
+}
+
 /*
  * Library of basic method functions
  */

diff --git a/include/crypto/decoder.h b/include/crypto/decoder.h
index cc06ef29261b5c8510e722aad1e3eacdd2ff5c94..95afd25b0bcb41acf7ba6defc709626c9d1e4c41 100644 (file)
--- a/include/crypto/decoder.h
+++ b/include/crypto/decoder.h
@@ -38,5 +38,7 @@ int ossl_decoder_ctx_setup_for_pkey(OSSL_DECODER_CTX *ctx,
                                     const char *propquery);
 
 int ossl_decoder_get_number(const OSSL_DECODER *encoder);
+int ossl_decoder_store_cache_flush(OSSL_LIB_CTX *libctx);
+int ossl_decoder_store_remove_all_provided(const OSSL_PROVIDER *prov);
 
 #endif

diff --git a/include/crypto/encoder.h b/include/crypto/encoder.h
index 09d445d21039ff5e768795828687f59cf5509ab8..ae56131eb34e4cd92c90d71e7a926c2cc1a05cc8 100644 (file)
--- a/include/crypto/encoder.h
+++ b/include/crypto/encoder.h
@@ -7,8 +7,16 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/types.h>
+#ifndef OSSL_CRYPTO_ENCODER_H
+# define OSSL_CRYPTO_ENCODER_H
+# pragma once
+
+# include <openssl/types.h>
 
 OSSL_ENCODER *ossl_encoder_fetch_by_number(OSSL_LIB_CTX *libctx, int id,
                                            const char *properties);
 int ossl_encoder_get_number(const OSSL_ENCODER *encoder);
+int ossl_encoder_store_cache_flush(OSSL_LIB_CTX *libctx);
+int ossl_encoder_store_remove_all_provided(const OSSL_PROVIDER *prov);
+
+#endif

diff --git a/include/crypto/store.h b/include/crypto/store.h
index 13d2646bba468bbf5a04775741498f8b9d321a65..9b7be71acd6f60ab4dc21cf158e1c0e17a82482b 100644 (file)
--- a/include/crypto/store.h
+++ b/include/crypto/store.h
@@ -17,5 +17,7 @@
 
 void ossl_store_cleanup_int(void);
 int ossl_store_loader_get_number(const OSSL_STORE_LOADER *loader);
+int ossl_store_loader_store_cache_flush(OSSL_LIB_CTX *libctx);
+int ossl_store_loader_store_remove_all_provided(const OSSL_PROVIDER *prov);
 
 #endif