[openssl] master update

Matt Caswell matt at openssl.org
Wed Nov 6 10:15:47 UTC 2019


The branch master has been updated
       via  eee5f32f37764ffb94e7989536e7022c9a800986 (commit)
       via  7606bed9047935d0e3c0b5ede9d4ce92a136b5e2 (commit)
      from  6af1b11848f000c900877f1289a42948d415f21c (commit)


- Log -----------------------------------------------------------------
commit eee5f32f37764ffb94e7989536e7022c9a800986
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Nov 1 16:09:21 2019 +0000

    Test EVP_get_[digest|cipher]byname() use the namemap
    
    Following on from the previous commit, we test that if an algorithm has
    a provider supplied alias in the namemap then EVP_get_digestbyname() and
    EVP_get_cipherbyname() can still find it.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10324)

commit 7606bed9047935d0e3c0b5ede9d4ce92a136b5e2
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Nov 1 14:13:49 2019 +0000

    Ensure EVP_get_digestbyname() and EVP_get_cipherbyname() know all aliases
    
    Now that we have an EVP namemap containing all aliases that providers
    know about for any given algorithm, it is possible that an application
    attempts to look up a digest or a cipher via EVP_get_digestbyname() or
    EVP_get_cipherbyname() with an algorithm name that is unknown to the
    legacy method database. Therefore we extend those functions to
    additionally check the aliases in the namemap when searching for a
    method in the event that our initial lookup attempt fails.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/10324)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/names.c           | 79 +++++++++++++++++++++++++++++++++++++++++---
 crypto/evp/pmeth_lib.c       |  2 +-
 include/crypto/evp.h         |  3 ++
 test/namemap_internal_test.c | 56 +++++++++++++++++++++++++++++++
 4 files changed, 134 insertions(+), 6 deletions(-)

diff --git a/crypto/evp/names.c b/crypto/evp/names.c
index 901899ad3b..5eb7a39ae0 100644
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@@ -8,11 +8,12 @@
  */
 
 #include <stdio.h>
-#include "internal/cryptlib.h"
 #include <openssl/evp.h>
 #include <openssl/kdf.h>
-#include "crypto/objects.h"
 #include <openssl/x509.h>
+#include "internal/cryptlib.h"
+#include "internal/namemap.h"
+#include "crypto/objects.h"
 #include "crypto/evp.h"
 
 int EVP_add_cipher(const EVP_CIPHER *c)
@@ -56,26 +57,94 @@ int EVP_add_digest(const EVP_MD *md)
     return r;
 }
 
+static void cipher_from_name(const char *name, void *data)
+{
+    const EVP_CIPHER **cipher = data;
+
+    if (*cipher != NULL)
+        return;
+
+    *cipher = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
+}
+
 const EVP_CIPHER *EVP_get_cipherbyname(const char *name)
+{
+    return evp_get_cipherbyname_ex(NULL, name);
+}
+
+const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name)
 {
     const EVP_CIPHER *cp;
+    OSSL_NAMEMAP *namemap;
+    int id;
 
     if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
         return NULL;
 
     cp = (const EVP_CIPHER *)OBJ_NAME_get(name, OBJ_NAME_TYPE_CIPHER_METH);
+
+    if (cp != NULL)
+        return cp;
+
+    /*
+     * It's not in the method database, but it might be there under a different
+     * name. So we check for aliases in the EVP namemap and try all of those
+     * in turn.
+     */
+
+    namemap = ossl_namemap_stored(libctx);
+    id = ossl_namemap_name2num(namemap, name);
+    if (id == 0)
+        return NULL;
+
+    ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp);
+
     return cp;
 }
 
+static void digest_from_name(const char *name, void *data)
+{
+    const EVP_MD **md = data;
+
+    if (*md != NULL)
+        return;
+
+    *md = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
+}
+
 const EVP_MD *EVP_get_digestbyname(const char *name)
 {
-    const EVP_MD *cp;
+    return evp_get_digestbyname_ex(NULL, name);
+}
+
+const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name)
+{
+    const EVP_MD *dp;
+    OSSL_NAMEMAP *namemap;
+    int id;
 
     if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
         return NULL;
 
-    cp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
-    return cp;
+    dp = (const EVP_MD *)OBJ_NAME_get(name, OBJ_NAME_TYPE_MD_METH);
+
+    if (dp != NULL)
+        return dp;
+
+    /*
+     * It's not in the method database, but it might be there under a different
+     * name. So we check for aliases in the EVP namemap and try all of those
+     * in turn.
+     */
+
+    namemap = ossl_namemap_stored(libctx);
+    id = ossl_namemap_name2num(namemap, name);
+    if (id == 0)
+        return NULL;
+
+    ossl_namemap_doall_names(namemap, id, digest_from_name, &dp);
+
+    return dp;
 }
 
 void evp_cleanup_int(void)
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index cc0707e052..30cff95077 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -594,7 +594,7 @@ int EVP_PKEY_CTX_get_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD **md)
     if (!EVP_PKEY_CTX_get_params(ctx, sig_md_params))
         return 0;
 
-    tmp = EVP_get_digestbyname(name);
+    tmp = evp_get_digestbyname_ex(ctx->libctx, name);
     if (tmp == NULL)
         return 0;
 
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index dfbcf149de..8f8def2655 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -622,3 +622,6 @@ void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
 #define EVP_ENCODE_CTX_NO_NEWLINES          1
 /* Use the SRP base64 alphabet instead of the standard one */
 #define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
+
+const EVP_CIPHER *evp_get_cipherbyname_ex(OPENSSL_CTX *libctx, const char *name);
+const EVP_MD *evp_get_digestbyname_ex(OPENSSL_CTX *libctx, const char *name);
diff --git a/test/namemap_internal_test.c b/test/namemap_internal_test.c
index 1aee01ed0b..16bc571265 100644
--- a/test/namemap_internal_test.c
+++ b/test/namemap_internal_test.c
@@ -7,6 +7,7 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/evp.h>
 #include "internal/namemap.h"
 #include "testutil.h"
 
@@ -55,9 +56,64 @@ static int test_namemap_stored(void)
         && test_namemap(nm);
 }
 
+/*
+ * Test that EVP_get_digestbyname() will use the namemap when it can't find
+ * entries in the legacy method database.
+ */
+static int test_digestbyname(void)
+{
+    int id;
+    OSSL_NAMEMAP *nm = ossl_namemap_stored(NULL);
+    const EVP_MD *sha256, *foo;
+
+    id = ossl_namemap_add(nm, 0, "SHA256");
+    if (!TEST_int_ne(id, 0))
+        return 0;
+    if (!TEST_int_eq(ossl_namemap_add(nm, id, "foo"), id))
+        return 0;
+
+    sha256 = EVP_get_digestbyname("SHA256");
+    if (!TEST_ptr(sha256))
+        return 0;
+    foo = EVP_get_digestbyname("foo");
+    if (!TEST_ptr_eq(sha256, foo))
+        return 0;
+
+    return 1;
+}
+
+/*
+ * Test that EVP_get_cipherbyname() will use the namemap when it can't find
+ * entries in the legacy method database.
+ */
+static int test_cipherbyname(void)
+{
+    int id;
+    OSSL_NAMEMAP *nm = ossl_namemap_stored(NULL);
+    const EVP_CIPHER *aes128, *bar;
+
+    id = ossl_namemap_add(nm, 0, "AES-128-CBC");
+    if (!TEST_int_ne(id, 0))
+        return 0;
+    if (!TEST_int_eq(ossl_namemap_add(nm, id, "bar"), id))
+        return 0;
+
+    aes128 = EVP_get_cipherbyname("AES-128-CBC");
+    if (!TEST_ptr(aes128))
+        return 0;
+    bar = EVP_get_cipherbyname("bar");
+    if (!TEST_ptr_eq(aes128, bar))
+        return 0;
+
+    return 1;
+}
+
+
 int setup_tests(void)
 {
     ADD_TEST(test_namemap_independent);
     ADD_TEST(test_namemap_stored);
+    ADD_TEST(test_digestbyname);
+    ADD_TEST(test_cipherbyname);
     return 1;
 }


More information about the openssl-commits mailing list