-
-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OSSL_PROVIDER_load_ex #21604
OSSL_PROVIDER_load_ex #21604
Conversation
It's an attempt to implement #21350 function using available API. @openssl/committers the comments wanted. I tried to implement as an extension of |
I've pushed a draft of API design for better clarity |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My feeling is this really needs some active discussion within the OTC to find out what we want to do here. We should avoid requiring changes to existing providers if they would like to use this functionality if at all possible. I assume some changes will be inevitable if we want to support setting the parameters to providers after they are loaded & initialized but at least for the initial load it should be possible to use the current callback.
756dc6f
to
25e0bfa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So having thought about this some more I think I agree with a OSSL_LIB_CTX_load_provider() call where the provider config is entirely provided via the params option.
However I am entirely against OSSL_PROVIDER_set_params_by_name(), I think mixing static and dynamic config or attempting to change config will be error prone, difficult to debug for all involved (openssl, provider and application developers), and ultimately not a good pattern.
If a provider is already loaded this call should fail, btw, up to the app to decide what to do with it.
In general I think if the config is in a config file users should tweak the config file. |
Note that if you decide something like OSSL_PROVIDER_set_params() is the way you want to go you really need to also add a OSSL_PROVIDER_settable_params() so the provider can tell you what params can be set, and be prepared for that list to change after initialization... |
ece77c3
to
a108c78
Compare
Thanks, added |
a0fcdec
to
66c79cd
Compare
OK, I realized how to pass the data to the provider in more or less standard way. |
This test failure seems to be unrelated to the patch but may be of interest for @hlandau https://github.com/openssl/openssl/actions/runs/5741052478/job/15560296780?pr=21604 |
e9e8369
to
d83a0bd
Compare
@openssl/committers any review/feedback, please? |
1553eac
to
f5578c4
Compare
Rebased to resolve the trivial conflict in util/libcrypto.num |
This pull request is ready to merge |
Merged. Thanks for the review! |
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from #21604)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from #21604)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from #21604)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#21604)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#21604)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from openssl#21604)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @beldmit, sorry once again for my late review, I didn't manage to get it done earlier. Hope you find something useful in it nevertheless.
Several instances of the same provider in the same context using different | ||
section names, module names (e.g. via symlinks) and provider names. But unless | ||
the provider does not support some configuration options, the algorithms in | ||
this case will have the same `provider` property and the result of fetching is | ||
not determined. We strongly discourage against this trick. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The intention of this paragraph is not obvious to me. Is this a suggested or discouraged scenario?
Several instances of the same provider in the same context using different | |
section names, module names (e.g. via symlinks) and provider names. But unless | |
the provider does not support some configuration options, the algorithms in | |
this case will have the same `provider` property and the result of fetching is | |
not determined. We strongly discourage against this trick. | |
Several instances of the same provider can be loaded in the same context using different | |
section names, module names (e.g. via symlinks) and provider names. But unless | |
the provider supports some configuration options, the algorithms in | |
this case will have the same `provider` property and the result of fetching is | |
not determined. We strongly discourage against this trick. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added, but is this indeed what you meant to say? (You may answer this question in PR #22029)
OSSL_PARAM_BLD_push_utf8_string(bld, "greeting", custom_buf, strlen(custom_buf)); | ||
params = OSSL_PARAM_BLD_to_param(bld); | ||
|
||
OSSL_PARAM_BLD_free(bld); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test just passes an unknown parameter to the provider which gets ignored. So it does not actually prove the usefulnes of the api, it's just a "hello world" example.
Would it be possible to add a proof-of-concept test that loads the "default" or "fips" provider using extra parameters that actually changes the behaviour of the provider in a measurable (testable) effect?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The parameter is not unknown, but I understand your reasons and yes, a FIPS provider test would be better.
We need a possibility to initialize providers on per-application level | ||
according to per-application parameters. It's necessary for example for PKCS#11 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at provider-base, it seems possible to dispense of the configuration file entirely using the new extended api.
Additionally, provider specific configuration parameters from the
config file are available, in dotted name form.
The dotted name form is a concatenation of section names and final
config command name separated by periods.
If that's the case, it would be great to have a test case and/or example as a proof-of concept to show that this can be achieved using your new extended API.
Probably some example of its usage could also be added to the ossl-guide-libcrypto-introduction
manpage?
(If you agree, I will create a separate issue for this)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree though I totally missed this point
@mspncp could you please raise your documentation updates as a PR? |
Late review comments for pull request openssl#21604, sort of.
Late review comments for pull request openssl#21604, sort of.
See PR #22029. Please also reconsider the conversations which I did not mark as resolved yet. |
Late review comments for pull request openssl#21604, sort of.
to configure provider in load-time.
The tests are to be written, the documentation is also to be written.
Checklist