[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Apr 9 07:13:18 UTC 2020
The branch master has been updated
via 7b4344ac3e4d34c3086dfc46c92ebf73acfc390e (commit)
from f5056577ba08b3694aab2722eae1c97bf00acc80 (commit)
- Log -----------------------------------------------------------------
commit 7b4344ac3e4d34c3086dfc46c92ebf73acfc390e
Author: Pauli <paul.dale at oracle.com>
Date: Wed Apr 8 12:02:34 2020 +1000
Add a null provider which implements no algorithms.
By loading the null provider into the default context, it is possible
to verify that it is not accidentally being used.
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Richard Levitte <levitte at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11488)
-----------------------------------------------------------------------
Summary of changes:
crypto/provider_predefined.c | 2 +
.../{EVP_MD-MD2.pod => OSSL_PROVIDER-null.pod} | 19 ++--
providers/build.info | 10 ++
providers/nullprov.c | 106 +++++++++++++++++++++
test/recipes/20-test_provider.t | 17 +++-
5 files changed, 144 insertions(+), 10 deletions(-)
copy doc/man7/{EVP_MD-MD2.pod => OSSL_PROVIDER-null.pod} (50%)
create mode 100644 providers/nullprov.c
diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c
index e65f461008..fdf9a7e1ea 100644
--- a/crypto/provider_predefined.c
+++ b/crypto/provider_predefined.c
@@ -11,6 +11,7 @@
#include "provider_local.h"
OSSL_provider_init_fn ossl_default_provider_init;
+OSSL_provider_init_fn ossl_null_provider_init;
OSSL_provider_init_fn fips_intern_provider_init;
#ifdef STATIC_LEGACY
OSSL_provider_init_fn ossl_legacy_provider_init;
@@ -23,6 +24,7 @@ const struct predefined_providers_st predefined_providers[] = {
# ifdef STATIC_LEGACY
{ "legacy", ossl_legacy_provider_init, 0 },
# endif
+ { "null", ossl_null_provider_init, 0 },
#endif
{ NULL, NULL, 0 }
};
diff --git a/doc/man7/EVP_MD-MD2.pod b/doc/man7/OSSL_PROVIDER-null.pod
similarity index 50%
copy from doc/man7/EVP_MD-MD2.pod
copy to doc/man7/OSSL_PROVIDER-null.pod
index 61fc42fc4d..10ce5844f1 100644
--- a/doc/man7/EVP_MD-MD2.pod
+++ b/doc/man7/OSSL_PROVIDER-null.pod
@@ -2,25 +2,26 @@
=head1 NAME
-EVP_MD-MD2 - The MD2 EVP_MD implementation
+OSSL_PROVIDER-null - OpenSSL null provider
=head1 DESCRIPTION
-Support for computing MD2 digests through the B<EVP_MD> API.
+The OpenSSL null provider supplies no algorithms.
-=head2 Identity
+It can used to guarantee that the default library context and a fallback
+provider will not be accidentally accessed.
-This implementation is only available with the legacy provider, and is
-identified with the name "MD2".
+=head2 Properties
-=head2 Gettable Parameters
+The null provider defines no properties.
-This implementation supports the common gettable parameters described
-in L<EVP_MD-common(7)>.
+=head1 OPERATIONS AND ALGORITHMS
+
+The OpenSSL null provider supports no operations and algorithms.
=head1 SEE ALSO
-L<provider-digest(7)>, L<OSSL_PROVIDER-default(7)>
+L<provider(7)>
=head1 COPYRIGHT
diff --git a/providers/build.info b/providers/build.info
index 54c3381bca..45faecf6e9 100644
--- a/providers/build.info
+++ b/providers/build.info
@@ -151,3 +151,13 @@ IF[{- !$disabled{legacy} -}]
SOURCE[$LEGACYGOAL]=legacyprov.c
INCLUDE[$LEGACYGOAL]=../include implementations/include
ENDIF
+
+#
+# Null provider stuff
+#
+# Because the null provider is built in, it means that libcrypto must
+# include all the object files that are needed.
+$NULLGOAL=../libcrypto
+SOURCE[$NULLGOAL]=nullprov.c
+
+
diff --git a/providers/nullprov.c b/providers/nullprov.c
new file mode 100644
index 0000000000..a1a2681173
--- /dev/null
+++ b/providers/nullprov.c
@@ -0,0 +1,106 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <string.h>
+#include <stdio.h>
+#include <openssl/core.h>
+#include <openssl/core_numbers.h>
+#include <openssl/core_names.h>
+#include <openssl/params.h>
+#include "prov/implementations.h"
+
+OSSL_provider_init_fn ossl_null_provider_init;
+
+/* Functions provided by the core */
+static OSSL_core_gettable_params_fn *c_gettable_params = NULL;
+static OSSL_core_get_params_fn *c_get_params = NULL;
+
+/* Parameters we provide to the core */
+static const OSSL_ITEM null_param_types[] = {
+ { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_NAME },
+ { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_VERSION },
+ { OSSL_PARAM_UTF8_PTR, OSSL_PROV_PARAM_BUILDINFO },
+ { 0, NULL }
+};
+
+static const OSSL_ITEM *null_gettable_params(const OSSL_PROVIDER *prov)
+{
+ return null_param_types;
+}
+
+static int null_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
+{
+ OSSL_PARAM *p;
+
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, "OpenSSL Null Provider"))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_VERSION);
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR))
+ return 0;
+ p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_BUILDINFO);
+ if (p != NULL && !OSSL_PARAM_set_utf8_ptr(p, OPENSSL_FULL_VERSION_STR))
+ return 0;
+
+ return 1;
+}
+
+static const OSSL_ALGORITHM *null_query(OSSL_PROVIDER *prov,
+ int operation_id,
+ int *no_cache)
+{
+ *no_cache = 0;
+ return NULL;
+}
+
+/* Functions we provide to the core */
+static const OSSL_DISPATCH null_dispatch_table[] = {
+ { OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))null_gettable_params },
+ { OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))null_get_params },
+ { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))null_query },
+ { 0, NULL }
+};
+
+int ossl_null_provider_init(const OSSL_PROVIDER *provider,
+ const OSSL_DISPATCH *in,
+ const OSSL_DISPATCH **out,
+ void **provctx)
+{
+ OSSL_core_get_library_context_fn *c_get_libctx = NULL;
+
+ for (; in->function_id != 0; in++) {
+ switch (in->function_id) {
+ case OSSL_FUNC_CORE_GETTABLE_PARAMS:
+ c_gettable_params = OSSL_get_core_gettable_params(in);
+ break;
+ case OSSL_FUNC_CORE_GET_PARAMS:
+ c_get_params = OSSL_get_core_get_params(in);
+ break;
+ case OSSL_FUNC_CORE_GET_LIBRARY_CONTEXT:
+ c_get_libctx = OSSL_get_core_get_library_context(in);
+ break;
+ /* Just ignore anything we don't understand */
+ default:
+ break;
+ }
+ }
+
+ if (c_get_libctx == NULL)
+ return 0;
+
+ *out = null_dispatch_table;
+
+ /*
+ * We want to make sure that all calls from this provider that requires
+ * a library context use the same context as the one used to call our
+ * functions. We do that by passing it along as the provider context.
+ */
+ *provctx = c_get_libctx(provider);
+ return 1;
+}
diff --git a/test/recipes/20-test_provider.t b/test/recipes/20-test_provider.t
index 0cfd81d09b..d7a0821441 100644
--- a/test/recipes/20-test_provider.t
+++ b/test/recipes/20-test_provider.t
@@ -14,7 +14,7 @@ use OpenSSL::Test;
setup("test_provider");
-plan tests => 7;
+plan tests => 9;
SKIP: {
skip "No default provider?", 6
@@ -45,3 +45,18 @@ plan tests => 7;
}
}
+ SKIP: {
+ skip "No null provider?", 1
+ unless ok(run(app([qw(openssl provider null)])),
+ "try running 'openssl provider null'");
+
+ my @cmd = ('openssl', 'provider', '-vvv', 'null');
+ my @lines = ( map { (my $x = $_) =~ s|\R$||; $x }
+ run(app([@cmd]), capture => 1) );
+
+ my $curr = scalar @lines;
+ my $cmp = "$curr == 1";
+ ok(eval $cmp,
+ "'openssl provider $_ default' line count == 1");
+}
+
More information about the openssl-commits
mailing list