[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Sun Jul 11 23:15:13 UTC 2021
The branch master has been updated
via d19dacd55f03cb36974fe69e6649bca16d80ab35 (commit)
via 09b430cd87bc3b018fb97879eb6a2ea540c8e923 (commit)
via ff215713655e721be505cc884aed5d1230c7759e (commit)
via 242dfd8a1b93326d200383948a8d57db5ce57de0 (commit)
via ac1e85f464568d14962162fe97670a53f11f6bfc (commit)
via 2f8f8e6fc941b4cc80e29fc1d553445b13a6a789 (commit)
via 12aa352f091c25bcc1a8d7518a33e10b9375313f (commit)
from 5303aa51c015ab7590187ac3e441b6d3c47a6e79 (commit)
- Log -----------------------------------------------------------------
commit d19dacd55f03cb36974fe69e6649bca16d80ab35
Author: Pauli <pauli at openssl.org>
Date: Thu Jul 8 11:38:06 2021 +1000
doc: document the new opt_legacy_okay() function's behaviour
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
commit 09b430cd87bc3b018fb97879eb6a2ea540c8e923
Author: Pauli <pauli at openssl.org>
Date: Thu Jul 8 11:25:11 2021 +1000
app: add library context and propq arguments to opt_md() and opt_cipher()
Also avoid calling EVP_get_XXXbyname() if legacy paths aren't allowed.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
commit ff215713655e721be505cc884aed5d1230c7759e
Author: Pauli <pauli at openssl.org>
Date: Thu Jul 8 11:24:05 2021 +1000
apps: add a function opt_legacy_okay() that indicates if legacy paths are permitted or not
By default they are. However, if a provider, provider path or a property query has been specified
they are not. Likewise, if a library context or a property query has been
specified by the command, they are not.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
commit 242dfd8a1b93326d200383948a8d57db5ce57de0
Author: Pauli <pauli at openssl.org>
Date: Thu Jul 8 11:22:14 2021 +1000
apps: add query to allow a command to know of a provider command line option was processed
Better fixing:
Fixing #15683
Fixing #15686
Replacing rather than fixing:
Fixing #15414
Since that claims to fix another:
Fixing #15372
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
commit ac1e85f464568d14962162fe97670a53f11f6bfc
Author: Pauli <pauli at openssl.org>
Date: Thu Jul 8 11:09:39 2021 +1000
test: make build descriptions more consistent
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
commit 2f8f8e6fc941b4cc80e29fc1d553445b13a6a789
Author: Pauli <pauli at openssl.org>
Date: Thu Jul 8 10:55:01 2021 +1000
test: add a shim function for the apps's opt_legacy_okay() function
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
commit 12aa352f091c25bcc1a8d7518a33e10b9375313f
Author: Pauli <pauli at openssl.org>
Date: Thu Jul 8 10:53:05 2021 +1000
test: rename apps_mem.c to be apps_shims.c in anticipation of additonal functions
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16022)
-----------------------------------------------------------------------
Summary of changes:
apps/include/opt.h | 5 +++++
apps/lib/app_provider.c | 13 ++++++++++++
apps/lib/apps.c | 32 ++++++++++++++++++++++++++++++
apps/lib/opt.c | 19 +++++++++++++-----
doc/internal/man3/OPTIONS.pod | 10 +++++++++-
test/build.info | 6 +++---
test/testutil/{apps_mem.c => apps_shims.c} | 26 ++++++++++++++++++++++++
7 files changed, 102 insertions(+), 9 deletions(-)
rename test/testutil/{apps_mem.c => apps_shims.c} (68%)
diff --git a/apps/include/opt.h b/apps/include/opt.h
index ce0e35cd72..4f83a0ed53 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -388,8 +388,13 @@ int opt_pair(const char *arg, const OPT_PAIR * pairs, int *result);
int opt_verify(int i, X509_VERIFY_PARAM *vpm);
int opt_rand(int i);
int opt_provider(int i);
+int opt_provider_option_given(void);
char **opt_rest(void);
int opt_num_rest(void);
+/* Returns non-zero if legacy paths are still available */
+int opt_legacy_okay(void);
+
+
#endif /* OSSL_APPS_OPT_H */
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index c3100b2fa8..63f78ae07d 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -13,6 +13,9 @@
#include <openssl/provider.h>
#include <openssl/safestack.h>
+/* Non-zero if any of the provider options have been seen */
+static int provider_option_given = 0;
+
DEFINE_STACK_OF(OSSL_PROVIDER)
/*
@@ -64,6 +67,9 @@ static int opt_provider_path(const char *path)
int opt_provider(int opt)
{
+ const int given = provider_option_given;
+
+ provider_option_given = 1;
switch ((enum prov_range)opt) {
case OPT_PROV__FIRST:
case OPT_PROV__LAST:
@@ -75,5 +81,12 @@ int opt_provider(int opt)
case OPT_PROV_PROPQUERY:
return app_set_propq(opt_arg());
}
+ /* Should never get here but if we do, undo what we did earlier */
+ provider_option_given = given;
return 0;
}
+
+int opt_provider_option_given(void)
+{
+ return provider_option_given;
+}
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index a767023197..a29d582990 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -15,6 +15,12 @@
# define _POSIX_C_SOURCE 2
#endif
+#ifndef OPENSSL_NO_ENGINE
+/* We need to use some deprecated APIs */
+# define OPENSSL_SUPPRESS_DEPRECATED
+# include <openssl/engine.h>
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -3295,3 +3301,29 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
opt_getprog(), alg != NULL ? alg : "asymmetric");
return res;
}
+
+/*
+ * Return non-zero if the legacy path is still an option.
+ * This decision is based on the global command line operations and the
+ * behaviour thus far.
+ */
+int opt_legacy_okay(void)
+{
+ int provider_options = opt_provider_option_given();
+ int libctx = app_get0_libctx() != NULL || app_get0_propq() != NULL;
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE *e = ENGINE_get_first();
+
+ if (e != NULL) {
+ ENGINE_free(e);
+ return 1;
+ }
+#endif
+ /*
+ * Having a provider option specified or a custom library context or
+ * property query, is a sure sign we're not using legacy.
+ */
+ if (provider_options || libctx)
+ return 0;
+ return 1;
+}
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index adb0417bd8..157367982d 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -378,8 +378,10 @@ int opt_cipher_silent(const char *name, EVP_CIPHER **cipherp)
EVP_CIPHER *c;
ERR_set_mark();
- if ((c = EVP_CIPHER_fetch(NULL, name, NULL)) != NULL
- || (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL) {
+ if ((c = EVP_CIPHER_fetch(app_get0_libctx(), name,
+ app_get0_propq())) != NULL
+ || (opt_legacy_okay()
+ && (c = (EVP_CIPHER *)EVP_get_cipherbyname(name)) != NULL)) {
ERR_pop_to_mark();
if (cipherp != NULL) {
EVP_CIPHER_free(*cipherp);
@@ -429,12 +431,19 @@ int opt_cipher(const char *name, EVP_CIPHER **cipherp)
*/
int opt_md_silent(const char *name, EVP_MD **mdp)
{
- EVP_MD_free(*mdp);
+ EVP_MD *md;
ERR_set_mark();
- if ((*mdp = EVP_MD_fetch(NULL, name, NULL)) != NULL
- || (*mdp = (EVP_MD *)EVP_get_digestbyname(name)) != NULL) {
+ if ((md = EVP_MD_fetch(app_get0_libctx(), name, app_get0_propq())) != NULL
+ || (opt_legacy_okay()
+ && (md = (EVP_MD *)EVP_get_digestbyname(name)) != NULL)) {
ERR_pop_to_mark();
+ if (mdp != NULL) {
+ EVP_MD_free(*mdp);
+ *mdp = md;
+ } else {
+ EVP_MD_free(md);
+ }
return 1;
}
ERR_clear_last_mark();
diff --git a/doc/internal/man3/OPTIONS.pod b/doc/internal/man3/OPTIONS.pod
index d615aa3c28..1971c76241 100644
--- a/doc/internal/man3/OPTIONS.pod
+++ b/doc/internal/man3/OPTIONS.pod
@@ -8,7 +8,7 @@ opt_begin, opt_next, opt_flag, opt_arg, opt_unknown, opt_cipher,
opt_cipher_any, opt_cipher_silent, opt_md,
opt_int, opt_int_arg, opt_long, opt_ulong, opt_intmax, opt_uintmax,
opt_format, opt_isdir, opt_string, opt_pair,
-opt_num_rest, opt_rest
+opt_num_rest, opt_rest, opt_legacy_okay
- Option parsing for commands and tests
=head1 SYNOPSIS
@@ -53,6 +53,8 @@ opt_num_rest, opt_rest
int opt_num_rest(void);
char **opt_rest(void);
+ int opt_legacy_okay(void);
+
=head1 DESCRIPTION
The functions on this page provide a common set of option-parsing for
@@ -290,6 +292,12 @@ The opt_rest() function returns a pointer to the first non-option.
If there were no parameters, it will point to the NULL that is
at the end of the standard I<argv> array.
+The opt_legacy_okay() function returns true if no options have been
+specified that would preclude using legacy code paths. Currently,
+the various provider options preclude legacy operation. This means,
+for example, that specifying both B<-provider> and B<-engine> in the
+same command line will not work as expected.
+
=head2 Common Options
There are a few groups of options that are common to many OpenSSL programs.
diff --git a/test/build.info b/test/build.info
index 568fcff3ed..af21e03255 100644
--- a/test/build.info
+++ b/test/build.info
@@ -21,7 +21,7 @@ IF[{- !$disabled{tests} -}]
testutil/format_output.c testutil/load.c testutil/fake_random.c \
testutil/test_cleanup.c testutil/main.c testutil/testutil_init.c \
testutil/options.c testutil/test_options.c testutil/provider.c \
- testutil/apps_mem.c testutil/random.c $LIBAPPSSRC
+ testutil/apps_shims.c testutil/random.c $LIBAPPSSRC
INCLUDE[libtestutil.a]=../include ../apps/include ..
DEPEND[libtestutil.a]=../libcrypto
@@ -859,9 +859,9 @@ IF[{- !$disabled{tests} -}]
DEPEND[namemap_internal_test]=../libcrypto.a libtestutil.a
PROGRAMS{noinst}=bio_prefix_text
- SOURCE[bio_prefix_text]=bio_prefix_text.c $LIBAPPSSRC
+ SOURCE[bio_prefix_text]=bio_prefix_text.c
INCLUDE[bio_prefix_text]=.. ../include ../apps/include
- DEPEND[bio_prefix_text]=../libcrypto
+ DEPEND[bio_prefix_text]=../libcrypto libtestutil.a
IF[{- !$disabled{'deprecated-3.0'} -}]
PROGRAMS{noinst}=pem_read_depr_test
diff --git a/test/testutil/apps_mem.c b/test/testutil/apps_shims.c
similarity index 68%
rename from test/testutil/apps_mem.c
rename to test/testutil/apps_shims.c
index ef5e266b25..53d851ffda 100644
--- a/test/testutil/apps_mem.c
+++ b/test/testutil/apps_shims.c
@@ -28,3 +28,29 @@ void *app_malloc(size_t sz, const char *what)
}
return vp;
}
+
+/* shim to prevent sucking in too much from apps */
+
+int opt_legacy_okay(void)
+{
+ return 1;
+}
+
+/*
+ * These three functions are defined here so that they don't need to come from
+ * the apps source code and pull in a lot of additional things.
+ */
+int opt_provider_option_given(void)
+{
+ return 0;
+}
+
+const char *app_get0_propq(void)
+{
+ return NULL;
+}
+
+OSSL_LIB_CTX *app_get0_libctx(void)
+{
+ return NULL;
+}
More information about the openssl-commits
mailing list