[openssl] master update

tomas at openssl.org tomas at openssl.org
Fri Mar 12 14:13:52 UTC 2021 

The branch master has been updated
       via  0413b7bb9cbc63859972451e7a554171c2c1fddb (commit)
       via  061ae2f6a2f6c59eae6fd5cbc501f916a49f48b2 (commit)
       via  12b4e5821d59b5d0c35f830e078d842583be6486 (commit)
      from  343475126e55b4e814acb495196b92680df70a88 (commit)


- Log -----------------------------------------------------------------
commit 0413b7bb9cbc63859972451e7a554171c2c1fddb
Author: Tomas Mraz <tomas at openssl.org>
Date:   Fri Mar 12 13:49:28 2021 +0100

    acvp_test: Do not expect exact number of self tests
    
    There might be more because internal instances of the DRBG
    might be initialized for the first time and thus
    self-tested as well.
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14497)

commit 061ae2f6a2f6c59eae6fd5cbc501f916a49f48b2
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Mar 11 20:04:06 2021 +0100

    Remove the RAND_get0_public() from fips provider initialization
    
    It is not needed anymore and it causes leaks because
    it is called when the FIPS provider libctx is not yet
    properly set up.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14497)

commit 12b4e5821d59b5d0c35f830e078d842583be6486
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Mar 11 18:02:52 2021 +0100

    Use OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL) in libcrypto
    
    Calling OPENSSL_init_crypto(0, NULL) is a no-op and will
    not properly initialize thread local handling.
    
    Only the calls that are needed to initialize thread locals
    are kept, the rest of the no-op calls are removed.
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14497)

-----------------------------------------------------------------------

Summary of changes:
 crypto/bio/b_addr.c           |  2 --
 crypto/engine/eng_lib.c       |  2 --
 crypto/err/err.c              |  2 +-
 crypto/rand/rand_lib.c        |  2 +-
 crypto/store/store_init.c     | 16 ----------------
 crypto/store/store_local.h    |  7 -------
 crypto/store/store_register.c |  7 -------
 providers/fips/fipsprov.c     |  3 ---
 test/acvp_test.c              |  2 +-
 9 files changed, 3 insertions(+), 40 deletions(-)

diff --git a/crypto/bio/b_addr.c b/crypto/bio/b_addr.c
index 841cc58100..635f84e183 100644
--- a/crypto/bio/b_addr.c
+++ b/crypto/bio/b_addr.c
@@ -616,8 +616,6 @@ static int addrinfo_wrap(int family, int socktype,
 
 DEFINE_RUN_ONCE_STATIC(do_bio_lookup_init)
 {
-    if (!OPENSSL_init_crypto(0, NULL))
-        return 0;
     bio_lookup_lock = CRYPTO_THREAD_lock_new();
     return bio_lookup_lock != NULL;
 }
diff --git a/crypto/engine/eng_lib.c b/crypto/engine/eng_lib.c
index 72e463a899..4a01104462 100644
--- a/crypto/engine/eng_lib.c
+++ b/crypto/engine/eng_lib.c
@@ -20,8 +20,6 @@ CRYPTO_ONCE engine_lock_init = CRYPTO_ONCE_STATIC_INIT;
 
 DEFINE_RUN_ONCE(do_engine_lock_init)
 {
-    if (!OPENSSL_init_crypto(0, NULL))
-        return 0;
     global_engine_lock = CRYPTO_THREAD_lock_new();
     return global_engine_lock != NULL;
 }
diff --git a/crypto/err/err.c b/crypto/err/err.c
index e5f9866813..a8bde92674 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -197,7 +197,7 @@ static void ERR_STATE_free(ERR_STATE *s)
 
 DEFINE_RUN_ONCE_STATIC(do_err_strings_init)
 {
-    if (!OPENSSL_init_crypto(0, NULL))
+    if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
         return 0;
     err_string_lock = CRYPTO_THREAD_lock_new();
     if (err_string_lock == NULL)
diff --git a/crypto/rand/rand_lib.c b/crypto/rand/rand_lib.c
index 0ee57dc460..e248d5753a 100644
--- a/crypto/rand/rand_lib.c
+++ b/crypto/rand/rand_lib.c
@@ -429,7 +429,7 @@ static void *rand_ossl_ctx_new(OSSL_LIB_CTX *libctx)
      * We need to ensure that base libcrypto thread handling has been
      * initialised.
      */
-     OPENSSL_init_crypto(0, NULL);
+     OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL);
 #endif
 
     dgbl->lock = CRYPTO_THREAD_lock_new();
diff --git a/crypto/store/store_init.c b/crypto/store/store_init.c
index d308dc5d0b..dc507c6751 100644
--- a/crypto/store/store_init.c
+++ b/crypto/store/store_init.c
@@ -7,25 +7,9 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/err.h>
 #include "crypto/store.h"
 #include "store_local.h"
 
-static CRYPTO_ONCE store_init = CRYPTO_ONCE_STATIC_INIT;
-DEFINE_RUN_ONCE_STATIC(do_store_init)
-{
-    return OPENSSL_init_crypto(0, NULL);
-}
-
-int ossl_store_init_once(void)
-{
-    if (!RUN_ONCE(&store_init, do_store_init)) {
-        ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
-        return 0;
-    }
-    return 1;
-}
-
 void ossl_store_cleanup_int(void)
 {
     ossl_store_destroy_loaders_int();
diff --git a/crypto/store/store_local.h b/crypto/store/store_local.h
index 56a90a125b..16989707d6 100644
--- a/crypto/store/store_local.h
+++ b/crypto/store/store_local.h
@@ -152,13 +152,6 @@ struct ossl_store_ctx_st {
     struct ossl_passphrase_data_st pwdata;
 };
 
-/*-
- *  OSSL_STORE init stuff
- *  ---------------------
- */
-
-int ossl_store_init_once(void);
-
 /*-
  *  'file' scheme stuff
  *  -------------------
diff --git a/crypto/store/store_register.c b/crypto/store/store_register.c
index f426a82ecc..51bd591790 100644
--- a/crypto/store/store_register.c
+++ b/crypto/store/store_register.c
@@ -207,8 +207,6 @@ int ossl_store_register_loader_int(OSSL_STORE_LOADER *loader)
 }
 int OSSL_STORE_register_loader(OSSL_STORE_LOADER *loader)
 {
-    if (!ossl_store_init_once())
-        return 0;
     return ossl_store_register_loader_int(loader);
 }
 
@@ -224,9 +222,6 @@ const OSSL_STORE_LOADER *ossl_store_get0_loader_int(const char *scheme)
     template.close = NULL;
     template.open_ex = NULL;
 
-    if (!ossl_store_init_once())
-        return NULL;
-
     if (!RUN_ONCE(&registry_init, do_registry_init)) {
         ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_MALLOC_FAILURE);
         return NULL;
@@ -275,8 +270,6 @@ OSSL_STORE_LOADER *ossl_store_unregister_loader_int(const char *scheme)
 }
 OSSL_STORE_LOADER *OSSL_STORE_unregister_loader(const char *scheme)
 {
-    if (!ossl_store_init_once())
-        return 0;
     return ossl_store_unregister_loader_int(scheme);
 }
 
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 90491b0e5f..70826181e5 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -632,9 +632,6 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         goto err;
     }
 
-    /* TODO(3.0): Tests will hang if this is removed */
-    (void)RAND_get0_public(libctx);
-
     *out = fips_dispatch_table;
     return 1;
  err:
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 02ef638ddd..0be26f699b 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -127,7 +127,7 @@ static int ecdsa_keygen_test(int id)
         || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
         || !TEST_true(EVP_PKEY_CTX_set_group_name(ctx, tst->curve_name))
         || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)
-        || !TEST_int_eq(self_test_args.called, 3)
+        || !TEST_int_ge(self_test_args.called, 3)
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_PRIV_KEY, &priv,
                                         &priv_len))
         || !TEST_true(pkey_get_bn_bytes(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &pubx,

More information about the openssl-commits mailing list