[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Thu Apr 9 02:50:21 UTC 2020
The branch master has been updated
via f5056577ba08b3694aab2722eae1c97bf00acc80 (commit)
from cc45a884bd499e8b84de0c0133746591c3712f4c (commit)
- Log -----------------------------------------------------------------
commit f5056577ba08b3694aab2722eae1c97bf00acc80
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Thu Apr 9 12:47:46 2020 +1000
Move legacy ciphers into the legacy provider
DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider.
Code shared between desx and tdes has been moved into a seperate file (cipher_tdes_common.c).
3 test recipes failed due to using app/openssl calls that used legacy ciphers.
These calls have been updated to supply both the default and legacy providers.
Fixed openssl app '-provider' memory leak
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11419)
-----------------------------------------------------------------------
Summary of changes:
apps/include/apps.h | 1 +
apps/include/opt.h | 4 +-
apps/lib/app_provider.c | 23 ++++++
apps/openssl.c | 1 +
crypto/bf/build.info | 10 ++-
crypto/cast/build.info | 10 ++-
crypto/des/build.info | 17 ++--
crypto/idea/build.info | 11 ++-
crypto/rc2/build.info | 12 ++-
crypto/rc4/build.info | 6 ++
crypto/rc5/build.info | 11 ++-
crypto/seed/build.info | 10 ++-
providers/build.info | 2 +-
providers/defltprov.c | 54 +------------
providers/implementations/ciphers/build.info | 20 ++---
providers/implementations/ciphers/cipher_tdes.c | 93 +---------------------
.../{cipher_tdes.c => cipher_tdes_common.c} | 20 ++---
providers/legacyprov.c | 75 ++++++++++++++---
test/recipes/20-test_enc.t | 8 +-
test/recipes/20-test_enc_more.t | 8 +-
test/recipes/80-test_cms.t | 15 ++--
21 files changed, 202 insertions(+), 209 deletions(-)
copy providers/implementations/ciphers/{cipher_tdes.c => cipher_tdes_common.c} (87%)
diff --git a/apps/include/apps.h b/apps/include/apps.h
index 90f9c2bbe6..f43c12dbf1 100644
--- a/apps/include/apps.h
+++ b/apps/include/apps.h
@@ -286,5 +286,6 @@ extern VERIFY_CB_ARGS verify_args;
OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
const OSSL_PARAM *paramdefs);
void app_params_free(OSSL_PARAM *params);
+void app_providers_cleanup(void);
#endif
diff --git a/apps/include/opt.h b/apps/include/opt.h
index b4257cca7d..9f82b6f04f 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -275,8 +275,8 @@
# define OPT_PROV_OPTIONS \
OPT_SECTION("Provider"), \
- { "provider", OPT_PROV_PROVIDER, 's', "Provder to load (can be specified multiple times)" }, \
- { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path" }
+ { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
+ { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }
# define OPT_PROV_CASES \
OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index ac01e8826b..ca24328a2e 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -10,12 +10,17 @@
#include "apps.h"
#include <openssl/err.h>
#include <openssl/provider.h>
+#include <openssl/safestack.h>
+
+DEFINE_STACK_OF(OSSL_PROVIDER)
/*
* See comments in opt_verify for explanation of this.
*/
enum prov_range { OPT_PROV_ENUM };
+static STACK_OF(OSSL_PROVIDER) *app_providers = NULL;
+
static int opt_provider_load(const char *provider)
{
OSSL_PROVIDER *prov;
@@ -26,9 +31,27 @@ static int opt_provider_load(const char *provider)
opt_getprog(), provider);
return 0;
}
+ if (app_providers == NULL)
+ app_providers = sk_OSSL_PROVIDER_new_null();
+ if (app_providers == NULL
+ || !sk_OSSL_PROVIDER_push(app_providers, prov)) {
+ app_providers_cleanup();
+ return 0;
+ }
return 1;
}
+static void provider_free(OSSL_PROVIDER *prov)
+{
+ OSSL_PROVIDER_unload(prov);
+}
+
+void app_providers_cleanup(void)
+{
+ sk_OSSL_PROVIDER_pop_free(app_providers, provider_free);
+ app_providers = NULL;
+}
+
static int opt_provider_path(const char *path)
{
if (path != NULL && *path == '\0')
diff --git a/apps/openssl.c b/apps/openssl.c
index cafe4046e6..558f662e14 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -368,6 +368,7 @@ int main(int argc, char *argv[])
}
ret = 1;
end:
+ app_providers_cleanup();
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
diff --git a/crypto/bf/build.info b/crypto/bf/build.info
index 59d5bbcfe3..9fa8187818 100644
--- a/crypto/bf/build.info
+++ b/crypto/bf/build.info
@@ -11,7 +11,15 @@ IF[{- !$disabled{asm} -}]
ENDIF
ENDIF
-SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c $BFASM
+$ALL=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c $BFASM
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# blowfish functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
GENERATE[bf-586.s]=asm/bf-586.pl
DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/crypto/cast/build.info b/crypto/cast/build.info
index e21e6d55ee..8763f22405 100644
--- a/crypto/cast/build.info
+++ b/crypto/cast/build.info
@@ -12,7 +12,15 @@ IF[{- !$disabled{asm} && !$disabled{pic} -}]
ENDIF
ENDIF
-SOURCE[../../libcrypto]=c_skey.c c_ecb.c $CASTASM c_cfb64.c c_ofb64.c
+$ALL=c_skey.c c_ecb.c $CASTASM c_cfb64.c c_ofb64.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# cast functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
GENERATE[cast-586.s]=asm/cast-586.pl
DEPEND[cast-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/crypto/des/build.info b/crypto/des/build.info
index 1fbbcdf2f9..0e5fd171e2 100644
--- a/crypto/des/build.info
+++ b/crypto/des/build.info
@@ -15,20 +15,23 @@ ENDIF
LIBS=../../libcrypto
$COMMON=set_key.c ecb3_enc.c $DESASM
-SOURCE[../../libcrypto]=$COMMON\
- ecb_enc.c cbc_enc.c \
- cfb64enc.c cfb64ede.c cfb_enc.c \
- ofb64ede.c ofb64enc.c ofb_enc.c \
- str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
- fcrypt.c xcbc_enc.c cbc_cksm.c
+$ALL=$COMMON\
+ ecb_enc.c cbc_enc.c \
+ cfb64enc.c cfb64ede.c cfb_enc.c \
+ ofb64ede.c ofb64enc.c ofb_enc.c \
+ str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
+ fcrypt.c xcbc_enc.c cbc_cksm.c
+
+SOURCE[../../libcrypto]=$ALL
SOURCE[../../providers/libfips.a]=$COMMON
DEFINE[../../libcrypto]=$DESDEF
DEFINE[../../providers/libfips.a]=$DESDEF
+DEFINE[../../providers/liblegacy.a]=$DESDEF
# When all deprecated symbols are removed, libcrypto doesn't export the
# DES functions, so we must include them directly in liblegacy.a
IF[{- $disabled{'deprecated-3.0'} && !$disabled{"mdc2"} -}]
- SOURCE[../../providers/liblegacy.a]=set_key.c $DESASM
+ SOURCE[../../providers/liblegacy.a]=$ALL
DEFINE[../../providers/liblegacy.a]=$DESDEF
ENDIF
diff --git a/crypto/idea/build.info b/crypto/idea/build.info
index 2326123797..5441351b9c 100644
--- a/crypto/idea/build.info
+++ b/crypto/idea/build.info
@@ -1,3 +1,10 @@
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+$ALL=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# idea functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
diff --git a/crypto/rc2/build.info b/crypto/rc2/build.info
index 47a3fd0d4e..b6d60d6ee3 100644
--- a/crypto/rc2/build.info
+++ b/crypto/rc2/build.info
@@ -1,3 +1,11 @@
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+
+$ALL=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# rc2 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
diff --git a/crypto/rc4/build.info b/crypto/rc4/build.info
index abc0c52d0c..c7f17ca5f5 100644
--- a/crypto/rc4/build.info
+++ b/crypto/rc4/build.info
@@ -19,6 +19,12 @@ ENDIF
SOURCE[../../libcrypto]=$RC4ASM
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# rc4 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$RC4ASM
+ENDIF
+
GENERATE[rc4-586.s]=asm/rc4-586.pl
DEPEND[rc4-586.s]=../perlasm/x86asm.pl
diff --git a/crypto/rc5/build.info b/crypto/rc5/build.info
index c684d1ee2e..3e2def8a65 100644
--- a/crypto/rc5/build.info
+++ b/crypto/rc5/build.info
@@ -12,8 +12,15 @@ IF[{- !$disabled{asm} -}]
ENDIF
ENDIF
-SOURCE[../../libcrypto]=\
- rc5_skey.c rc5_ecb.c $RC5ASM rc5cfb64.c rc5ofb64.c
+$ALL=rc5_skey.c rc5_ecb.c $RC5ASM rc5cfb64.c rc5ofb64.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# rc5 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
GENERATE[rc5-586.s]=asm/rc5-586.pl
DEPEND[rc5-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
diff --git a/crypto/seed/build.info b/crypto/seed/build.info
index abdcbcaa94..5336f0399c 100644
--- a/crypto/seed/build.info
+++ b/crypto/seed/build.info
@@ -1,2 +1,10 @@
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+$ALL=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# seed functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
diff --git a/providers/build.info b/providers/build.info
index a58c8eae75..54c3381bca 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -47,7 +47,7 @@ $COMMON_INCLUDES=../crypto ../include implementations/include common/include
INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES
-INCLUDE[$LIBLEGACY]=$COMMON_INCLUDES
+INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES
INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
DEFINE[$LIBFIPS]=FIPS_MODE
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 2ec229e16b..f93bd31d57 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -254,43 +254,12 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
ALG("DES-EDE3-CFB", tdes_ede3_cfb_functions),
ALG("DES-EDE3-CFB8", tdes_ede3_cfb8_functions),
ALG("DES-EDE3-CFB1", tdes_ede3_cfb1_functions),
+ ALG("DES3-WRAP:id-smime-alg-CMS3DESwrap", tdes_wrap_cbc_functions),
ALG("DES-EDE-ECB:DES-EDE", tdes_ede2_ecb_functions),
ALG("DES-EDE-CBC", tdes_ede2_cbc_functions),
ALG("DES-EDE-OFB", tdes_ede2_ofb_functions),
ALG("DES-EDE-CFB", tdes_ede2_cfb_functions),
- ALG("DESX-CBC:DESX", tdes_desx_cbc_functions),
- ALG("DES3-WRAP:id-smime-alg-CMS3DESwrap", tdes_wrap_cbc_functions),
- ALG("DES-ECB", des_ecb_functions),
- ALG("DES-CBC:DES", des_cbc_functions),
- ALG("DES-OFB", des_ofb64_functions),
- ALG("DES-CFB", des_cfb64_functions),
- ALG("DES-CFB1", des_cfb1_functions),
- ALG("DES-CFB8", des_cfb8_functions),
#endif /* OPENSSL_NO_DES */
-#ifndef OPENSSL_NO_BF
- ALG("BF-ECB", blowfish128ecb_functions),
- ALG("BF-CBC:BF:BLOWFISH", blowfish128cbc_functions),
- ALG("BF-OFB", blowfish64ofb64_functions),
- ALG("BF-CFB", blowfish64cfb64_functions),
-#endif /* OPENSSL_NO_BF */
-#ifndef OPENSSL_NO_IDEA
- ALG("IDEA-ECB", idea128ecb_functions),
- ALG("IDEA-CBC:IDEA", idea128cbc_functions),
- ALG("IDEA-OFB:IDEA-OFB64", idea128ofb64_functions),
- ALG("IDEA-CFB:IDEA-CFB64", idea128cfb64_functions),
-#endif /* OPENSSL_NO_IDEA */
-#ifndef OPENSSL_NO_CAST
- ALG("CAST5-ECB", cast5128ecb_functions),
- ALG("CAST5-CBC:CAST-CBC:CAST", cast5128cbc_functions),
- ALG("CAST5-OFB", cast564ofb64_functions),
- ALG("CAST5-CFB", cast564cfb64_functions),
-#endif /* OPENSSL_NO_CAST */
-#ifndef OPENSSL_NO_SEED
- ALG("SEED-ECB", seed128ecb_functions),
- ALG("SEED-CBC:SEED", seed128cbc_functions),
- ALG("SEED-OFB:SEED-OFB128", seed128ofb128_functions),
- ALG("SEED-CFB:SEED-CFB128", seed128cfb128_functions),
-#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_SM4
ALG("SM4-ECB", sm4128ecb_functions),
ALG("SM4-CBC:SM4", sm4128cbc_functions),
@@ -298,27 +267,6 @@ static const OSSL_ALGORITHM_CAPABLE deflt_ciphers[] = {
ALG("SM4-OFB:SM4-OFB128", sm4128ofb128_functions),
ALG("SM4-CFB:SM4-CFB128", sm4128cfb128_functions),
#endif /* OPENSSL_NO_SM4 */
-#ifndef OPENSSL_NO_RC4
- ALG("RC4", rc4128_functions),
- ALG("RC4-40", rc440_functions),
-# ifndef OPENSSL_NO_MD5
- ALG("RC4-HMAC-MD5", rc4_hmac_md5_functions),
-# endif /* OPENSSL_NO_MD5 */
-#endif /* OPENSSL_NO_RC4 */
-#ifndef OPENSSL_NO_RC5
- ALG("RC5-ECB", rc5128ecb_functions),
- ALG("RC5-CBC", rc5128cbc_functions),
- ALG("RC5-OFB", rc5128ofb64_functions),
- ALG("RC5-CFB", rc5128cfb64_functions),
-#endif /* OPENSSL_NO_RC5 */
-#ifndef OPENSSL_NO_RC2
- ALG("RC2-ECB", rc2128ecb_functions),
- ALG("RC2-CBC", rc2128cbc_functions),
- ALG("RC2-40-CBC", rc240cbc_functions),
- ALG("RC2-64-CBC", rc264cbc_functions),
- ALG("RC2-CFB", rc2128cfb128_functions),
- ALG("RC2-OFB", rc2128ofb128_functions),
-#endif /* OPENSSL_NO_RC2 */
#ifndef OPENSSL_NO_CHACHA
ALG("ChaCha20", chacha20_functions),
# ifndef OPENSSL_NO_POLY1305
diff --git a/providers/implementations/ciphers/build.info b/providers/implementations/ciphers/build.info
index c45ea00f16..c97008c330 100644
--- a/providers/implementations/ciphers/build.info
+++ b/providers/implementations/ciphers/build.info
@@ -11,17 +11,17 @@ $NULL_GOAL=../../libimplementations.a
$AES_GOAL=../../libimplementations.a
$TDES_1_GOAL=../../libimplementations.a
$TDES_2_GOAL=../../libimplementations.a
-$DES_GOAL=../../libimplementations.a
$ARIA_GOAL=../../libimplementations.a
$CAMELLIA_GOAL=../../libimplementations.a
-$BLOWFISH_GOAL=../../libimplementations.a
-$IDEA_GOAL=../../libimplementations.a
-$CAST5_GOAL=../../libimplementations.a
-$SEED_GOAL=../../libimplementations.a
+$DES_GOAL=../../liblegacy.a
+$BLOWFISH_GOAL=../../liblegacy.a
+$IDEA_GOAL=../../liblegacy.a
+$CAST5_GOAL=../../liblegacy.a
+$RC2_GOAL=../../liblegacy.a
+$RC4_GOAL=../../liblegacy.a
+$RC5_GOAL=../../liblegacy.a
+$SEED_GOAL=../../liblegacy.a
$SM4_GOAL=../../libimplementations.a
-$RC4_GOAL=../../libimplementations.a
-$RC5_GOAL=../../libimplementations.a
-$RC2_GOAL=../../libimplementations.a
$CHACHA_GOAL=../../libimplementations.a
$CHACHAPOLY_GOAL=../../libimplementations.a
$SIV_GOAL=../../libimplementations.a
@@ -33,7 +33,7 @@ SOURCE[$COMMON_GOAL]=\
ciphercommon_ccm.c ciphercommon_ccm_hw.c
IF[{- !$disabled{des} -}]
- SOURCE[$TDES_1_GOAL]=cipher_tdes.c cipher_tdes_hw.c
+ SOURCE[$TDES_1_GOAL]=cipher_tdes.c cipher_tdes_common.c cipher_tdes_hw.c
ENDIF
SOURCE[$NULL_GOAL]=\
@@ -63,7 +63,7 @@ IF[{- !$disabled{des} -}]
cipher_tdes_default.c cipher_tdes_default_hw.c \
cipher_tdes_wrap.c cipher_tdes_wrap_hw.c
SOURCE[$DES_GOAL]=\
- cipher_desx.c cipher_desx_hw.c \
+ cipher_desx.c cipher_desx_hw.c cipher_tdes_common.c\
cipher_des.c cipher_des_hw.c
ENDIF
diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes.c
index ea0c987a80..82af8bdc16 100644
--- a/providers/implementations/ciphers/cipher_tdes.c
+++ b/providers/implementations/ciphers/cipher_tdes.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -19,101 +19,10 @@
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
-void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
- size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw)
-{
- PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx));
-
- if (tctx != NULL)
- cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, hw,
- provctx);
- return tctx;
-}
-
-void tdes_freectx(void *vctx)
-{
- PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx;
-
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
- const unsigned char *iv, size_t ivlen, int enc)
-{
- PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
-
- ctx->enc = enc;
-
- if (iv != NULL) {
- if (!cipher_generic_initiv(ctx, iv, ivlen))
- return 0;
- }
-
- if (key != NULL) {
- if (keylen != ctx->keylen) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
- return 0;
- }
- return ctx->hw->init(ctx, key, ctx->keylen);
- }
- return 1;
-}
-
-int tdes_einit(void *vctx, const unsigned char *key, size_t keylen,
- const unsigned char *iv, size_t ivlen)
-{
- return tdes_init(vctx, key, keylen, iv, ivlen, 1);
-}
-
-int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
- const unsigned char *iv, size_t ivlen)
-{
- return tdes_init(vctx, key, keylen, iv, ivlen, 0);
-}
-
-static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
-{
-
- DES_cblock *deskey = ptr;
- size_t kl = ctx->keylen;
-
- if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
- return 0;
- DES_set_odd_parity(deskey);
- if (kl >= 16)
- DES_set_odd_parity(deskey + 1);
- if (kl >= 24) {
- DES_set_odd_parity(deskey + 2);
- return 1;
- }
- return 0;
-}
-
-CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
- OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
-CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
-
-int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
-{
- PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
- OSSL_PARAM *p;
-
- if (!cipher_generic_get_ctx_params(vctx, params))
- return 0;
-
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RANDOM_KEY);
- if (p != NULL && !tdes_generatekey(ctx, p->data)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
- return 0;
- }
- return 1;
-}
-
/*
* TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
* an IV. Fixing this could potentially make applications break.
*/
-
/* tdes_ede3_ecb_functions */
IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
/* tdes_ede3_cbc_functions */
diff --git a/providers/implementations/ciphers/cipher_tdes.c b/providers/implementations/ciphers/cipher_tdes_common.c
similarity index 87%
copy from providers/implementations/ciphers/cipher_tdes.c
copy to providers/implementations/ciphers/cipher_tdes_common.c
index ea0c987a80..36a8962e03 100644
--- a/providers/implementations/ciphers/cipher_tdes.c
+++ b/providers/implementations/ciphers/cipher_tdes_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -71,6 +71,10 @@ int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
return tdes_init(vctx, key, keylen, iv, ivlen, 0);
}
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
+
static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
{
@@ -89,10 +93,6 @@ static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
return 0;
}
-CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
- OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
-CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
-
int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
{
PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
@@ -108,13 +108,3 @@ int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
}
return 1;
}
-
-/*
- * TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
- * an IV. Fixing this could potentially make applications break.
- */
-
-/* tdes_ede3_ecb_functions */
-IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
-/* tdes_ede3_cbc_functions */
-IMPLEMENT_tdes_cipher(ede3, EDE3, cbc, CBC, TDES_FLAGS, 64*3, 64, 64, block);
diff --git a/providers/legacyprov.c b/providers/legacyprov.c
index 3494a8801c..a439cfd32f 100644
--- a/providers/legacyprov.c
+++ b/providers/legacyprov.c
@@ -15,6 +15,8 @@
#include <openssl/params.h>
#include "prov/implementations.h"
+#define ALG(NAMES, FUNC) { NAMES, "provider=legacy", FUNC }
+
#ifdef STATIC_LEGACY
OSSL_provider_init_fn ossl_legacy_provider_init;
# define OSSL_provider_init ossl_legacy_provider_init
@@ -56,25 +58,78 @@ static int legacy_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
static const OSSL_ALGORITHM legacy_digests[] = {
#ifndef OPENSSL_NO_MD2
- { "MD2", "provider=legacy", md2_functions },
+ ALG("MD2", md2_functions),
#endif
-
#ifndef OPENSSL_NO_MD4
- { "MD4", "provider=legacy", md4_functions },
+ ALG("MD4", md4_functions),
#endif
-
#ifndef OPENSSL_NO_MDC2
- { "MDC2", "provider=legacy", mdc2_functions },
+ ALG("MDC2", mdc2_functions),
#endif /* OPENSSL_NO_MDC2 */
-
#ifndef OPENSSL_NO_WHIRLPOOL
- { "WHIRLPOOL", "provider=legacy", wp_functions },
+ ALG("WHIRLPOOL", wp_functions),
#endif /* OPENSSL_NO_WHIRLPOOL */
-
#ifndef OPENSSL_NO_RMD160
- { "RIPEMD-160:RIPEMD160:RIPEMD:RMD160", "provider=legacy", ripemd160_functions },
+ ALG("RIPEMD-160:RIPEMD160:RIPEMD:RMD160", ripemd160_functions),
#endif /* OPENSSL_NO_RMD160 */
+ { NULL, NULL, NULL }
+};
+static const OSSL_ALGORITHM legacy_ciphers[] = {
+#ifndef OPENSSL_NO_CAST
+ ALG("CAST5-ECB", cast5128ecb_functions),
+ ALG("CAST5-CBC:CAST-CBC:CAST", cast5128cbc_functions),
+ ALG("CAST5-OFB", cast564ofb64_functions),
+ ALG("CAST5-CFB", cast564cfb64_functions),
+#endif /* OPENSSL_NO_CAST */
+#ifndef OPENSSL_NO_BF
+ ALG("BF-ECB", blowfish128ecb_functions),
+ ALG("BF-CBC:BF:BLOWFISH", blowfish128cbc_functions),
+ ALG("BF-OFB", blowfish64ofb64_functions),
+ ALG("BF-CFB", blowfish64cfb64_functions),
+#endif /* OPENSSL_NO_BF */
+#ifndef OPENSSL_NO_IDEA
+ ALG("IDEA-ECB", idea128ecb_functions),
+ ALG("IDEA-CBC:IDEA", idea128cbc_functions),
+ ALG("IDEA-OFB:IDEA-OFB64", idea128ofb64_functions),
+ ALG("IDEA-CFB:IDEA-CFB64", idea128cfb64_functions),
+#endif /* OPENSSL_NO_IDEA */
+#ifndef OPENSSL_NO_SEED
+ ALG("SEED-ECB", seed128ecb_functions),
+ ALG("SEED-CBC:SEED", seed128cbc_functions),
+ ALG("SEED-OFB:SEED-OFB128", seed128ofb128_functions),
+ ALG("SEED-CFB:SEED-CFB128", seed128cfb128_functions),
+#endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_RC2
+ ALG("RC2-ECB", rc2128ecb_functions),
+ ALG("RC2-CBC", rc2128cbc_functions),
+ ALG("RC2-40-CBC", rc240cbc_functions),
+ ALG("RC2-64-CBC", rc264cbc_functions),
+ ALG("RC2-CFB", rc2128cfb128_functions),
+ ALG("RC2-OFB", rc2128ofb128_functions),
+#endif /* OPENSSL_NO_RC2 */
+#ifndef OPENSSL_NO_RC4
+ ALG("RC4", rc4128_functions),
+ ALG("RC4-40", rc440_functions),
+# ifndef OPENSSL_NO_MD5
+ ALG("RC4-HMAC-MD5", rc4_hmac_md5_functions),
+# endif /* OPENSSL_NO_MD5 */
+#endif /* OPENSSL_NO_RC4 */
+#ifndef OPENSSL_NO_RC5
+ ALG("RC5-ECB", rc5128ecb_functions),
+ ALG("RC5-CBC", rc5128cbc_functions),
+ ALG("RC5-OFB", rc5128ofb64_functions),
+ ALG("RC5-CFB", rc5128cfb64_functions),
+#endif /* OPENSSL_NO_RC5 */
+#ifndef OPENSSL_NO_DES
+ ALG("DESX-CBC:DESX", tdes_desx_cbc_functions),
+ ALG("DES-ECB", des_ecb_functions),
+ ALG("DES-CBC:DES", des_cbc_functions),
+ ALG("DES-OFB", des_ofb64_functions),
+ ALG("DES-CFB", des_cfb64_functions),
+ ALG("DES-CFB1", des_cfb1_functions),
+ ALG("DES-CFB8", des_cfb8_functions),
+#endif /* OPENSSL_NO_DES */
{ NULL, NULL, NULL }
};
@@ -86,6 +141,8 @@ static const OSSL_ALGORITHM *legacy_query(OSSL_PROVIDER *prov,
switch (operation_id) {
case OSSL_OP_DIGEST:
return legacy_digests;
+ case OSSL_OP_CIPHER:
+ return legacy_ciphers;
}
return NULL;
}
diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t
index b4a8e01878..896de8cde3 100644
--- a/test/recipes/20-test_enc.t
+++ b/test/recipes/20-test_enc.t
@@ -14,7 +14,7 @@ use File::Spec::Functions qw/catfile/;
use File::Copy;
use File::Compare qw/compare_text/;
use File::Basename;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
setup("test_enc");
@@ -26,6 +26,8 @@ my $testsrc = srctop_file("test","recipes",basename($0));
my $test = catfile(".", "p");
my $cmd = "openssl";
+my $provpath = bldtop_dir("providers");
+my @prov = ("-provider_path", $provpath, "-provider", "default", "-provider", "legacy");
my $ciphersstatus = undef;
my @ciphers =
@@ -59,8 +61,8 @@ plan tests => 2 + (scalar @ciphers)*2;
@d = ( "enc", @{$variant{$t}}, "-d" );
}
- ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile]))
- && run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile]))
+ ok(run(app([$cmd, @e, @prov, "-in", $test, "-out", $cipherfile]))
+ && run(app([$cmd, @d, @prov, "-in", $cipherfile, "-out", $clearfile]))
&& compare_text($test,$clearfile) == 0, $t);
}
}
diff --git a/test/recipes/20-test_enc_more.t b/test/recipes/20-test_enc_more.t
index a59663412a..7edcff01c8 100644
--- a/test/recipes/20-test_enc_more.t
+++ b/test/recipes/20-test_enc_more.t
@@ -15,7 +15,7 @@ use File::Spec::Functions qw/catfile/;
use File::Copy;
use File::Compare qw/compare_text/;
use File::Basename;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
setup("test_evp_more");
@@ -25,6 +25,8 @@ my $cipherlist = undef;
my $plaintext = catfile(".", "testdatafile");
my $fail = "";
my $cmd = "openssl";
+my $provpath = bldtop_dir("providers");
+my @prov = ("-provider_path", $provpath, "-provider", "default", "-provider", "legacy");
my $ciphersstatus = undef;
my @ciphers =
@@ -49,9 +51,9 @@ SKIP: {
my $clearfile = "$plaintext.$ciphername.clear";
my @common = ( $cmd, "enc", "$cipher", "-k", "test" );
- ok(run(app([@common, "-e", "-in", $plaintext, "-out", $cipherfile]))
+ ok(run(app([@common, @prov, "-e", "-in", $plaintext, "-out", $cipherfile]))
&& compare_text($plaintext, $cipherfile) != 0
- && run(app([@common, "-d", "-in", $cipherfile, "-out", $clearfile]))
+ && run(app([@common, @prov, "-d", "-in", $cipherfile, "-out", $clearfile]))
&& compare_text($plaintext, $clearfile) == 0
, $ciphername);
}
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index fd66557616..0e2969dee0 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -13,7 +13,7 @@ use warnings;
use POSIX;
use File::Spec::Functions qw/catfile/;
use File::Compare qw/compare_text/;
-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;
setup("test_cms");
@@ -21,6 +21,9 @@ setup("test_cms");
plan skip_all => "CMS is not supported by this OpenSSL build"
if disabled("cms");
+my $provpath = bldtop_dir("providers");
+my @prov = ("-provider_path", $provpath, "-provider", "default", "-provider", "legacy");
+
my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
my $smdir = srctop_dir("test", "smime-certs");
my $smcont = srctop_file("test", "smcont.txt");
@@ -311,10 +314,11 @@ my @smime_cms_tests = (
],
[ "encrypted content test streaming PEM format, 128 bit RC2 key",
- [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ [ "{cmd1}", @prov, "-EncryptedData_encrypt",
+ "-in", $smcont, "-outform", "PEM",
"-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
"-stream", "-out", "{output}.cms" ],
- [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ [ "{cmd2}", @prov, "-EncryptedData_decrypt", "-in", "{output}.cms",
"-inform", "PEM",
"-secretkey", "000102030405060708090A0B0C0D0E0F",
"-out", "{output}.txt" ],
@@ -322,10 +326,11 @@ my @smime_cms_tests = (
],
[ "encrypted content test streaming PEM format, 40 bit RC2 key",
- [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ [ "{cmd1}", @prov, "-EncryptedData_encrypt",
+ "-in", $smcont, "-outform", "PEM",
"-rc2", "-secretkey", "0001020304",
"-stream", "-out", "{output}.cms" ],
- [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ [ "{cmd2}", @prov, "-EncryptedData_decrypt", "-in", "{output}.cms",
"-inform", "PEM",
"-secretkey", "0001020304", "-out", "{output}.txt" ],
\&final_compare
More information about the openssl-commits
mailing list