The branch master has been updated via d030892312a2e7076511205e7fe1a5eae98e5102 (commit) via dc46e3dde58c781b5f29942d787a2c8765ba5514 (commit) from 68ca1737ce58173001f2146b913388f872842f69 (commit)
- Log ----------------------------------------------------------------- commit d030892312a2e7076511205e7fe1a5eae98e5102 Author: Matt Caswell <m...@openssl.org> Date: Fri Apr 5 10:47:05 2019 +0100 Add a legacy provider and put MD2 in it Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8541) commit dc46e3dde58c781b5f29942d787a2c8765ba5514 Author: Matt Caswell <m...@openssl.org> Date: Wed Mar 20 17:51:29 2019 +0000 Use the right NID when putting a method in the store When we attempt to fetch a method with a given NID we will ask the providers for it if we don't already know about it. During that process we may be told about other methods with a different NID. We need to make sure we don't confuse the two. Reviewed-by: Richard Levitte <levi...@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8541) ----------------------------------------------------------------------- Summary of changes: Configure | 6 ++- INSTALL | 4 ++ crypto/core_fetch.c | 5 +- crypto/evp/digest.c | 10 +++- crypto/evp/evp_fetch.c | 27 ++++++---- crypto/evp/evp_locl.h | 3 +- crypto/property/property_parse.c | 1 + doc/internal/man3/evp_generic_fetch.pod | 7 ++- doc/internal/man3/ossl_method_construct.pod | 7 +-- include/internal/core.h | 4 +- providers/build.info | 11 ++++ providers/legacy/build.info | 4 ++ providers/legacy/digests/build.info | 4 ++ providers/legacy/digests/md2.c | 63 ++++++++++++++++++++++ providers/{fips/fipsprov.c => legacy/legacyprov.c} | 36 +++++++------ test/md2test.c | 14 +++++ test/recipes/05-test_md2.t | 5 ++ 17 files changed, 173 insertions(+), 38 deletions(-) create mode 100644 providers/legacy/build.info create mode 100644 providers/legacy/digests/build.info create mode 100644 providers/legacy/digests/md2.c copy providers/{fips/fipsprov.c => legacy/legacyprov.c} (68%) diff --git a/Configure b/Configure index 6702bc6..3b7ca36 100755 --- a/Configure +++ b/Configure @@ -374,6 +374,7 @@ my @disablables = ( "fuzz-afl", "gost", "idea", + "legacy", "makedepend", "md2", "md4", @@ -513,7 +514,7 @@ my @disable_cascades = ( # or modules. "pic" => [ "shared", "module" ], - "module" => [ "fips" ], + "module" => [ "fips", "legacy" ], "engine" => [ grep /eng$/, @disablables ], "hw" => [ "padlockeng" ], @@ -532,6 +533,7 @@ my @disable_cascades = ( sub { !$disabled{"msan"} } => [ "asm" ], sub { $disabled{cmac}; } => [ "siv" ], + "legacy" => [ "md2" ], ); # Avoid protocol support holes. Also disable all versions below N, if version @@ -1226,7 +1228,7 @@ foreach my $what (sort keys %disabled) { if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared', 'module', 'pic', 'dynamic-engine', 'makedepend', - 'zlib-dynamic', 'zlib', 'sse2' )) { + 'zlib-dynamic', 'zlib', 'sse2', 'legacy' )) { (my $WHAT = uc $what) =~ s|-|_|g; my $skipdir = $what; diff --git a/INSTALL b/INSTALL index c496e79..50722a1 100644 --- a/INSTALL +++ b/INSTALL @@ -409,6 +409,10 @@ available if the GOST algorithms are also available through loading an externally supplied engine. + no-legacy + Don't build the legacy provider. Disabling this also disables + the legacy algorithms: MD2 (already disabled by default). + no-makedepend Don't generate dependencies. diff --git a/crypto/core_fetch.c b/crypto/core_fetch.c index d38e132..2c4b0d7 100644 --- a/crypto/core_fetch.c +++ b/crypto/core_fetch.c @@ -35,8 +35,9 @@ static int ossl_method_construct_this(OSSL_PROVIDER *provider, void *cbdata) const OSSL_ALGORITHM *thismap = map++; void *method = NULL; - if ((method = data->mcm->construct(thismap->implementation, provider, - data->mcm_data)) == NULL) + if ((method = data->mcm->construct(thismap->algorithm_name, + thismap->implementation, provider, + data->mcm_data)) == NULL) continue; /* diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c index b93a014..527c5d6 100644 --- a/crypto/evp/digest.c +++ b/crypto/evp/digest.c @@ -145,6 +145,7 @@ int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) if (type->prov == NULL) { switch(type->type) { case NID_sha256: + case NID_md2: break; default: goto legacy; @@ -585,10 +586,17 @@ static void evp_md_free(void *md) EVP_MD_meth_free(md); } +static int evp_md_nid(void *vmd) +{ + EVP_MD *md = vmd; + + return md->type; +} + EVP_MD *EVP_MD_fetch(OPENSSL_CTX *ctx, const char *algorithm, const char *properties) { return evp_generic_fetch(ctx, OSSL_OP_DIGEST, algorithm, properties, evp_md_from_dispatch, evp_md_upref, - evp_md_free); + evp_md_free, evp_md_nid); } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 329129d..012383f 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -62,6 +62,7 @@ struct method_data_st { OSSL_PROVIDER *); int (*refcnt_up_method)(void *method); void (*destruct_method)(void *method); + int (*nid_method)(void *method); }; /* @@ -106,29 +107,35 @@ static void *get_method_from_store(OPENSSL_CTX *libctx, void *store, } static int put_method_in_store(OPENSSL_CTX *libctx, void *store, - const char *propdef, void *method, - void *data) + const char *propdef, + void *method, void *data) { struct method_data_st *methdata = data; + int nid = methdata->nid_method(method); + + if (nid == NID_undef) + return 0; if (store == NULL && (store = get_default_method_store(libctx)) == NULL) return 0; if (methdata->refcnt_up_method(method) - && ossl_method_store_add(store, methdata->nid, propdef, method, + && ossl_method_store_add(store, nid, propdef, method, methdata->destruct_method)) return 1; return 0; } -static void *construct_method(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, +static void *construct_method(const char *algorithm_name, + const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, void *data) { struct method_data_st *methdata = data; void *method = NULL; + int nid = OBJ_sn2nid(algorithm_name); - if (methdata->nid == NID_undef) { + if (nid == NID_undef) { /* Create a new NID for that name on the fly */ ASN1_OBJECT tmpobj; @@ -139,13 +146,13 @@ static void *construct_method(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, tmpobj.length = 0; tmpobj.data = NULL; - methdata->nid = OBJ_add_object(&tmpobj); + nid = OBJ_add_object(&tmpobj); } - if (methdata->nid == NID_undef) + if (nid == NID_undef) return NULL; - method = methdata->method_from_dispatch(methdata->nid, fns, prov); + method = methdata->method_from_dispatch(nid, fns, prov); if (method == NULL) return NULL; return method; @@ -163,7 +170,8 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, void *(*new_method)(int nid, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*upref_method)(void *), - void (*free_method)(void *)) + void (*free_method)(void *), + int (*nid_method)(void *)) { int nid = OBJ_sn2nid(algorithm); void *method = NULL; @@ -186,6 +194,7 @@ void *evp_generic_fetch(OPENSSL_CTX *libctx, int operation_id, mcmdata.destruct_method = free_method; mcmdata.refcnt_up_method = upref_method; mcmdata.destruct_method = free_method; + mcmdata.nid_method = nid_method; method = ossl_method_construct(libctx, operation_id, algorithm, properties, 0 /* !force_cache */, &mcm, &mcmdata); diff --git a/crypto/evp/evp_locl.h b/crypto/evp/evp_locl.h index 2453eff..efa2db8 100644 --- a/crypto/evp/evp_locl.h +++ b/crypto/evp/evp_locl.h @@ -90,4 +90,5 @@ void *evp_generic_fetch(OPENSSL_CTX *ctx, int operation_id, void *(*new_method)(int nid, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*upref_method)(void *), - void (*free_method)(void *)); + void (*free_method)(void *), + int (*nid_method)(void *)); diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c index 074da51..faaaee8 100644 --- a/crypto/property/property_parse.c +++ b/crypto/property/property_parse.c @@ -523,6 +523,7 @@ int ossl_property_parse_init(void) { static const char *const predefined_names[] = { "default", /* Being provided by the default built-in provider */ + "legacy", /* Provided by the legacy provider */ "provider", /* Name of provider (default, fips) */ "version", /* Version number of this provider */ "fips", /* FIPS supporting provider */ diff --git a/doc/internal/man3/evp_generic_fetch.pod b/doc/internal/man3/evp_generic_fetch.pod index b871cd1..881aaf9 100644 --- a/doc/internal/man3/evp_generic_fetch.pod +++ b/doc/internal/man3/evp_generic_fetch.pod @@ -14,7 +14,8 @@ evp_generic_fetch - generic algorithm fetcher and method creator for EVP void *(*new_method)(int nid, const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov), int (*upref_method)(void *), - void (*free_method)(void *)); + void (*free_method)(void *), + int (*nid_method)(void *)); =head1 DESCRIPTION @@ -41,6 +42,10 @@ one. frees the given method. +=item nid_method() + +returns the nid associated with the given method. + =back =head1 RETURN VALUES diff --git a/doc/internal/man3/ossl_method_construct.pod b/doc/internal/man3/ossl_method_construct.pod index 3664635..7b682dd 100644 --- a/doc/internal/man3/ossl_method_construct.pod +++ b/doc/internal/man3/ossl_method_construct.pod @@ -21,8 +21,8 @@ OSSL_METHOD_CONSTRUCT_METHOD, ossl_method_construct int (*put)(OPENSSL_CTX *libctx, void *store, const char *propdef, void *method, void *data); /* Construct a new method */ - void *(*construct)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, - void *data); + void *(*construct)(const char *algorithm_name, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov, void *data); /* Destruct a method */ void (*destruct)(void *method); }; @@ -107,7 +107,8 @@ This function is expected to increment the C<method>'s reference count. =item construct() -Constructs a sub-system method given a dispatch table C<fns>. +Constructs a sub-system method for the given C<algorithm_name> and the given +dispatch table C<fns>. The associated I<provider object> C<prov> is passed as well, to make it possible for the sub-system constructor to keep a reference, which diff --git a/include/internal/core.h b/include/internal/core.h index b395025..06a0775 100644 --- a/include/internal/core.h +++ b/include/internal/core.h @@ -38,8 +38,8 @@ typedef struct ossl_method_construct_method_st { int (*put)(OPENSSL_CTX *libctx, void *store, const char *propdef, void *method, void *data); /* Construct a new method */ - void *(*construct)(const OSSL_DISPATCH *fns, OSSL_PROVIDER *prov, - void *data); + void *(*construct)(const char *algorithm_name, const OSSL_DISPATCH *fns, + OSSL_PROVIDER *prov, void *data); /* Destruct a method */ void (*destruct)(void *method, void *data); } OSSL_METHOD_CONSTRUCT_METHOD; diff --git a/providers/build.info b/providers/build.info index b2b5384..1628e1f 100644 --- a/providers/build.info +++ b/providers/build.info @@ -10,3 +10,14 @@ IF[{- !$disabled{fips} -}] INCLUDE[fips]=.. ../include ../crypto/include DEFINE[fips]=FIPS_MODE ENDIF + +IF[{- !$disabled{legacy} -}] + SUBDIRS=legacy + MODULES=legacy + IF[{- defined $target{shared_defflag} -}] + SOURCE[legacy]=legacy.ld + GENERATE[legacy.ld]=../util/providers.num + ENDIF + INCLUDE[legacy]=.. ../include ../crypto/include + DEPEND[legacy]=../libcrypto +ENDIF diff --git a/providers/legacy/build.info b/providers/legacy/build.info new file mode 100644 index 0000000..df7e9ac --- /dev/null +++ b/providers/legacy/build.info @@ -0,0 +1,4 @@ +SUBDIRS=digests + +SOURCE[../legacy]=\ + legacyprov.c diff --git a/providers/legacy/digests/build.info b/providers/legacy/digests/build.info new file mode 100644 index 0000000..c4e1278 --- /dev/null +++ b/providers/legacy/digests/build.info @@ -0,0 +1,4 @@ +IF[{- !$disabled{md2} -}] + SOURCE[../../legacy]=\ + md2.c +ENDIF diff --git a/providers/legacy/digests/md2.c b/providers/legacy/digests/md2.c new file mode 100644 index 0000000..c941dd7 --- /dev/null +++ b/providers/legacy/digests/md2.c @@ -0,0 +1,63 @@ +/* + * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/md2.h> +#include <openssl/crypto.h> +#include <openssl/core_numbers.h> + +static int md2_final(void *ctx, unsigned char *md, size_t *size) +{ + if (MD2_Final(md, ctx)) { + *size = MD2_DIGEST_LENGTH; + return 1; + } + + return 0; +} + +static void *md2_newctx(void) +{ + MD2_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); + + return ctx; +} + +static void md2_freectx(void *vctx) +{ + MD2_CTX *ctx = (MD2_CTX *)vctx; + + OPENSSL_clear_free(ctx, sizeof(*ctx)); +} + +static void *md2_dupctx(void *ctx) +{ + MD2_CTX *in = (MD2_CTX *)ctx; + MD2_CTX *ret = OPENSSL_malloc(sizeof(*ret)); + + *ret = *in; + + return ret; +} + +static size_t md2_size(void) +{ + return MD2_DIGEST_LENGTH; +} + +extern const OSSL_DISPATCH md2_functions[]; +const OSSL_DISPATCH md2_functions[] = { + { OSSL_FUNC_DIGEST_NEWCTX, (void (*)(void))md2_newctx }, + { OSSL_FUNC_DIGEST_INIT, (void (*)(void))MD2_Init }, + { OSSL_FUNC_DIGEST_UPDDATE, (void (*)(void))MD2_Update }, + { OSSL_FUNC_DIGEST_FINAL, (void (*)(void))md2_final }, + { OSSL_FUNC_DIGEST_FREECTX, (void (*)(void))md2_freectx }, + { OSSL_FUNC_DIGEST_DUPCTX, (void (*)(void))md2_dupctx }, + { OSSL_FUNC_DIGEST_SIZE, (void (*)(void))md2_size }, + { 0, NULL } +}; diff --git a/providers/fips/fipsprov.c b/providers/legacy/legacyprov.c similarity index 68% copy from providers/fips/fipsprov.c copy to providers/legacy/legacyprov.c index d3671b5..48e8933 100644 --- a/providers/fips/fipsprov.c +++ b/providers/legacy/legacyprov.c @@ -19,25 +19,25 @@ static OSSL_core_get_param_types_fn *c_get_param_types = NULL; static OSSL_core_get_params_fn *c_get_params = NULL; /* Parameters we provide to the core */ -static const OSSL_ITEM fips_param_types[] = { +static const OSSL_ITEM legacy_param_types[] = { { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME }, { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION }, { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO }, { 0, NULL } }; -static const OSSL_ITEM *fips_get_param_types(const OSSL_PROVIDER *prov) +static const OSSL_ITEM *legacy_get_param_types(const OSSL_PROVIDER *prov) { - return fips_param_types; + return legacy_param_types; } -static int fips_get_params(const OSSL_PROVIDER *prov, +static int legacy_get_params(const OSSL_PROVIDER *prov, const OSSL_PARAM params[]) { const OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME); - if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL FIPS Provider")) + if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Legacy Provider")) return 0; p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION); if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR)) @@ -49,30 +49,32 @@ static int fips_get_params(const OSSL_PROVIDER *prov, return 1; } -extern const OSSL_DISPATCH sha256_functions[]; +extern const OSSL_DISPATCH md2_functions[]; -static const OSSL_ALGORITHM fips_digests[] = { - { "SHA256", "fips=yes", sha256_functions }, +static const OSSL_ALGORITHM legacy_digests[] = { +#ifndef OPENSSL_NO_MD2 + { "MD2", "legacy=yes", md2_functions }, +#endif { NULL, NULL, NULL } }; -static const OSSL_ALGORITHM *fips_query(OSSL_PROVIDER *prov, - int operation_id, - int *no_cache) +static const OSSL_ALGORITHM *legacy_query(OSSL_PROVIDER *prov, + int operation_id, + int *no_cache) { *no_cache = 0; switch (operation_id) { case OSSL_OP_DIGEST: - return fips_digests; + return legacy_digests; } return NULL; } /* Functions we provide to the core */ -static const OSSL_DISPATCH fips_dispatch_table[] = { - { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))fips_get_param_types }, - { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params }, - { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query }, +static const OSSL_DISPATCH legacy_dispatch_table[] = { + { OSSL_FUNC_PROVIDER_GET_PARAM_TYPES, (void (*)(void))legacy_get_param_types }, + { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))legacy_get_params }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))legacy_query }, { 0, NULL } }; @@ -94,6 +96,6 @@ int OSSL_provider_init(const OSSL_PROVIDER *provider, } } - *out = fips_dispatch_table; + *out = legacy_dispatch_table; return 1; } diff --git a/test/md2test.c b/test/md2test.c index 3491e13..47f55b7 100644 --- a/test/md2test.c +++ b/test/md2test.c @@ -9,9 +9,12 @@ #include <string.h> +#include <openssl/provider.h> #include "internal/nelem.h" #include "testutil.h" +static OSSL_PROVIDER *prov = NULL; + #ifndef OPENSSL_NO_MD2 # include <openssl/evp.h> # include <openssl/md2.h> @@ -58,6 +61,17 @@ static int test_md2(int n) } #endif +int global_init(void) +{ + prov = OSSL_PROVIDER_load(NULL, "legacy"); + + return prov != NULL; +} +void cleanup_tests(void) +{ + OSSL_PROVIDER_unload(prov); +} + int setup_tests(void) { #ifndef OPENSSL_NO_MD2 diff --git a/test/recipes/05-test_md2.t b/test/recipes/05-test_md2.t index 8ac4f38..e60e791 100644 --- a/test/recipes/05-test_md2.t +++ b/test/recipes/05-test_md2.t @@ -8,5 +8,10 @@ use OpenSSL::Test::Simple; +use OpenSSL::Test qw/:DEFAULT bldtop_dir/; + +setup("test_md2"); + +$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); simple_test("test_md2", "md2test", "md2");