[openssl] master update

Dr. Paul Dale pauli at openssl.org
Wed May 12 08:21:25 UTC 2021


The branch master has been updated
       via  63ac53aa51f326f6599573f597957be7114ec139 (commit)
       via  5725ab808713abd79fc49d70a9f4ac79a83d3103 (commit)
       via  1f12bf71fecf77c3d0def0fd4211be1dc85a53a1 (commit)
      from  ab6db11e63485e8dc17f768f9be35a9120f20c91 (commit)


- Log -----------------------------------------------------------------
commit 63ac53aa51f326f6599573f597957be7114ec139
Author: Pauli <pauli at openssl.org>
Date:   Wed May 12 18:20:55 2021 +1000

    Checksum update
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>

commit 5725ab808713abd79fc49d70a9f4ac79a83d3103
Author: Matt Caswell <matt at openssl.org>
Date:   Tue May 11 17:45:10 2021 +1000

    property: add test case for setting default user properties before fetching
    
    Shamelessly culled from #15218.
    
    Co-authored-by: Dr Paul Dale <pauli at openssl.org>
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15222)

commit 1f12bf71fecf77c3d0def0fd4211be1dc85a53a1
Author: Pauli <pauli at openssl.org>
Date:   Tue May 11 09:48:22 2021 +1000

    property: create property names more eagerly.
    
    User defined property names were not created before the first fetch.  The
    rationale for this was to only maintain the user names defined by providers.
    This was intended to prevent malicious memory use attacks.
    
    Not being able to specify a default query before the first fetch is wrong.  This
    changes the behaviour of the property query parsing to always create property
    names.
    
    Fixes #15218
    
    Reviewed-by: Tim Hudson <tjh at openssl.org>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15222)

-----------------------------------------------------------------------

Summary of changes:
 crypto/property/property_parse.c |   4 +-
 providers/fips-sources.checksums |   2 +-
 providers/fips.checksum          |   2 +-
 test/build.info                  |   6 +-
 test/recipes/03-test_property.t  |  17 +++--
 test/user_property_test.c        | 132 +++++++++++++++++++++++++++++++++++++++
 6 files changed, 154 insertions(+), 9 deletions(-)
 create mode 100644 test/user_property_test.c

diff --git a/crypto/property/property_parse.c b/crypto/property/property_parse.c
index a41d6331b1..dfae76518f 100644
--- a/crypto/property/property_parse.c
+++ b/crypto/property/property_parse.c
@@ -407,12 +407,12 @@ OSSL_PROPERTY_LIST *ossl_parse_query(OSSL_LIB_CTX *ctx, const char *s,
         if (match_ch(&s, '-')) {
             prop->oper = PROPERTY_OVERRIDE;
             prop->optional = 0;
-            if (!parse_name(ctx, &s, 0, &prop->name_idx))
+            if (!parse_name(ctx, &s, 1, &prop->name_idx))
                 goto err;
             goto skip_value;
         }
         prop->optional = match_ch(&s, '?');
-        if (!parse_name(ctx, &s, 0, &prop->name_idx))
+        if (!parse_name(ctx, &s, 1, &prop->name_idx))
             goto err;
 
         if (match_ch(&s, '=')) {
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index dfcfb83178..13b1d901ca 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -230,7 +230,7 @@ d0f6af3e89a693f0327e1bf073666cbec6786220ef3b3688ef0be9539d5ab6bf  crypto/params_
 0dd202ec1def47c12852a8ae4bfaadb74f7fe968d68def631fe3ac671aac943f  crypto/passphrase.c
 2140778d5f35e503e22b173736e18ff84406f6657463e8ff9e7b91a78aa686d3  crypto/property/defn_cache.c
 85b314961fa249dcaa2847294d1903447a3f5f73c0dd5ab10f7cd9641c925219  crypto/property/property.c
-51bc907d992893f03f35774178d2c8dc98cf3cf9503ff839ee1561640e6b274a  crypto/property/property_parse.c
+a46f67bd5b1f6a6567a71aa42753708f1180d1c85007d1038fa11bb207781d1a  crypto/property/property_parse.c
 e703fec7e28de11c89e131503eb75095472e8c03563105ca8767c34db22a105c  crypto/property/property_string.c
 c9d4d0adb3313c5c90c7db9bce9af59d02efc5fe8181c18a778625b1cc296d6f  crypto/provider_core.c
 3ebbf42baa3722f86298960c7b14b49cefc25c38fce326a0c4666546539da231  crypto/provider_predefined.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 2a2fc21d65..99a3468e9b 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-4d519901583d7281047570278c491370463f04412f648f2862d41d04a99ad4e8  providers/fips-sources.checksums
+b388b982a3a40d326d76d89e0776aefea46084f936f1aed03293e057d5f2a6de  providers/fips-sources.checksums
diff --git a/test/build.info b/test/build.info
index 2279b4e14d..842a7bbe35 100644
--- a/test/build.info
+++ b/test/build.info
@@ -56,7 +56,7 @@ IF[{- !$disabled{tests} -}]
           sysdefaulttest errtest ssl_ctx_test gosttest \
           context_internal_test aesgcmtest params_test evp_pkey_dparams_test \
           keymgmt_internal_test hexstr_test provider_status_test defltfips_test \
-          bio_readbuffer_test
+          bio_readbuffer_test user_property_test
 
   IF[{- !$disabled{'deprecated-3.0'} -}]
     PROGRAMS{noinst}=enginetest
@@ -129,6 +129,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[tls13ccstest]=../include ../apps/include
   DEPEND[tls13ccstest]=../libcrypto ../libssl libtestutil.a
 
+  SOURCE[user_property_test]=user_property_test.c
+  INCLUDE[user_property_test]=../include ../apps/include
+  DEPEND[user_property_test]=../libcrypto libtestutil.a
+
   SOURCE[evp_test]=evp_test.c
   INCLUDE[evp_test]=../include ../apps/include
   DEPEND[evp_test]=../libcrypto libtestutil.a
diff --git a/test/recipes/03-test_property.t b/test/recipes/03-test_property.t
index 2654215619..f11602873e 100644
--- a/test/recipes/03-test_property.t
+++ b/test/recipes/03-test_property.t
@@ -1,12 +1,21 @@
 #! /usr/bin/env perl
-# Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
-# Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
 # in the file LICENSE in the source distribution or at
 # https://www.openssl.org/source/license.html
 
-use OpenSSL::Test::Simple;
+use strict;
+use warnings;
 
-simple_test("test_property", "property_test");
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+
+setup('test_property');
+
+plan tests => 2;
+
+ok(run(test(["property_test"])), "running property_test");
+
+ok(run(test(["user_property_test"])), "running user_property_test");
diff --git a/test/user_property_test.c b/test/user_property_test.c
new file mode 100644
index 0000000000..7b7ab62832
--- /dev/null
+++ b/test/user_property_test.c
@@ -0,0 +1,132 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/core.h>
+#include <openssl/core_dispatch.h>
+#include <openssl/core_names.h>
+#include <openssl/provider.h>
+#include <openssl/crypto.h>
+#include <openssl/evp.h>
+#include "testutil.h"
+
+#define MYPROPERTIES "foo.bar=yes"
+
+static OSSL_FUNC_provider_query_operation_fn testprov_query;
+static OSSL_FUNC_digest_get_params_fn tmpmd_get_params;
+static OSSL_FUNC_digest_digest_fn tmpmd_digest;
+
+static int tmpmd_get_params(OSSL_PARAM params[])
+{
+    OSSL_PARAM *p = NULL;
+
+    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_BLOCK_SIZE);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, 1))
+        return 0;
+
+    p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, 1))
+        return 0;
+
+    return 1;
+}
+
+static int tmpmd_digest(void *provctx, const unsigned char *in, size_t inl,
+                 unsigned char *out, size_t *outl, size_t outsz)
+{
+    return 0;
+}
+
+static const OSSL_DISPATCH testprovmd_functions[] = {
+    { OSSL_FUNC_DIGEST_GET_PARAMS, (void (*)(void))tmpmd_get_params },
+    { OSSL_FUNC_DIGEST_DIGEST, (void (*)(void))tmpmd_digest },
+    { 0, NULL }
+};
+
+static const OSSL_ALGORITHM testprov_digests[] = {
+    { "testprovmd", MYPROPERTIES, testprovmd_functions },
+    { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM *testprov_query(void *provctx,
+                                          int operation_id,
+                                          int *no_cache)
+{
+    *no_cache = 0;
+    return operation_id == OSSL_OP_DIGEST ? testprov_digests : NULL;
+}
+
+static const OSSL_DISPATCH testprov_dispatch_table[] = {
+    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))testprov_query },
+    { 0, NULL }
+};
+
+static int testprov_provider_init(const OSSL_CORE_HANDLE *handle,
+                                  const OSSL_DISPATCH *in,
+                                  const OSSL_DISPATCH **out,
+                                  void **provctx)
+{
+    *provctx = (void *)handle;
+    *out = testprov_dispatch_table;
+    return 1;
+}
+
+enum {
+    DEFAULT_PROPS_FIRST = 0,
+    DEFAULT_PROPS_AFTER_LOAD,
+    DEFAULT_PROPS_AFTER_FETCH,
+    DEFAULT_PROPS_FINAL
+};
+
+static int test_default_props_and_providers(int propsorder)
+{
+    OSSL_LIB_CTX *libctx;
+    OSSL_PROVIDER *testprov = NULL;
+    EVP_MD *testprovmd = NULL;
+    int res = 0;
+
+    if (!TEST_ptr(libctx = OSSL_LIB_CTX_new())
+            || !TEST_true(OSSL_PROVIDER_add_builtin(libctx, "testprov",
+                                                    testprov_provider_init)))
+        goto err;
+
+    if (propsorder == DEFAULT_PROPS_FIRST
+            && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES)))
+        goto err;
+
+    if (!TEST_ptr(testprov = OSSL_PROVIDER_load(libctx, "testprov")))
+        goto err;
+
+    if (propsorder == DEFAULT_PROPS_AFTER_LOAD
+            && !TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES)))
+        goto err;
+
+    if (!TEST_ptr(testprovmd = EVP_MD_fetch(libctx, "testprovmd", NULL)))
+        goto err;
+
+    if (propsorder == DEFAULT_PROPS_AFTER_FETCH) {
+        if (!TEST_true(EVP_set_default_properties(libctx, MYPROPERTIES)))
+            goto err;
+        EVP_MD_free(testprovmd);
+        if (!TEST_ptr(testprovmd = EVP_MD_fetch(libctx, "testprovmd", NULL)))
+            goto err;
+    }
+
+    res = 1;
+ err:
+    EVP_MD_free(testprovmd);
+    OSSL_PROVIDER_unload(testprov);
+    OSSL_LIB_CTX_free(libctx);
+    return res;
+}
+
+int setup_tests(void)
+{
+    ADD_ALL_TESTS(test_default_props_and_providers, DEFAULT_PROPS_FINAL);
+    return 1;
+}


More information about the openssl-commits mailing list