[openssl] master update

Richard Levitte levitte at openssl.org
Fri May 21 10:09:06 UTC 2021 

The branch master has been updated
       via  b938544969577e3b74da6f8c689c87c90ceced22 (commit)
      from  d2f82495a25d835e4821c0c1a79e8e39b66eed66 (commit)


- Log -----------------------------------------------------------------
commit b938544969577e3b74da6f8c689c87c90ceced22
Author: Richard Levitte <levitte at openssl.org>
Date:   Wed May 19 18:51:07 2021 +0200

    PROV: Relegate most of the FIPS provider code to libfips.a
    
    provider/fips/fipsprov.c contains a number of symbols that get used by
    anything that's included in libfips.a, at least on Unix.
    Unfortunately, there are platforms that do not support resolving
    symbols to things that are already included in the end product (module
    in this case) being built; they only support resolving symbols with
    what comes next in the linking process.
    
    The offending symbols in this case are FIPS_security_check_enabled,
    c_thread_start and ossl_fips_intern_provider_init.
    
    We resolve this by placing provider/fips/fipsprov.c in libfips.a along
    with everything else there.  That takes care of the offending symbols.
    What remains is to ensure that there is an entry point in an object
    file used directly when linking the module, providers/fips/fips_entry.c
    
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15370)

-----------------------------------------------------------------------

Summary of changes:
 providers/fips/build.info                        |  8 ++++++--
 test/filterprov.h => providers/fips/fips_entry.c | 13 +++++++++----
 providers/fips/fipsprov.c                        | 24 ++++++++++++++++++++----
 3 files changed, 35 insertions(+), 10 deletions(-)
 copy test/filterprov.h => providers/fips/fips_entry.c (50%)

diff --git a/providers/fips/build.info b/providers/fips/build.info
index 8d3c5e2049..2bfc58501e 100644
--- a/providers/fips/build.info
+++ b/providers/fips/build.info
@@ -1,2 +1,6 @@
-SOURCE[../fips]=fipsprov.c self_test.c self_test_kats.c
-INCLUDE[../fips]=../implementations/include ../common/include ../..
+# We include the provider implementation into ../libfips.a, so that all
+# platforms can resolve symbols in other members of that library.
+SOURCE[../libfips.a]=fipsprov.c self_test.c self_test_kats.c
+
+# It is necessary to have an explicit entry point
+SOURCE[../fips]=fips_entry.c
diff --git a/test/filterprov.h b/providers/fips/fips_entry.c
similarity index 50%
copy from test/filterprov.h
copy to providers/fips/fips_entry.c
index 3c63071556..c2c8d5de2c 100644
--- a/test/filterprov.h
+++ b/providers/fips/fips_entry.c
@@ -7,8 +7,13 @@
  * https://www.openssl.org/source/license.html
  */
 
-#include <openssl/core_dispatch.h>
+#include <openssl/core.h>
 
-OSSL_provider_init_fn filter_provider_init;
-int filter_provider_set_filter(int operation, const char *name);
-int filter_provider_check_clean_finish(void);
+OSSL_provider_init_fn OSSL_provider_init_int;
+int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
+                       const OSSL_DISPATCH *in,
+                       const OSSL_DISPATCH **out,
+                       void **provctx)
+{
+    return OSSL_provider_init_int(handle, in, out, provctx);
+}
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index c28995fc44..580eea574f 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -518,10 +518,26 @@ static const OSSL_DISPATCH intern_dispatch_table[] = {
     { 0, NULL }
 };
 
-int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
-                       const OSSL_DISPATCH *in,
-                       const OSSL_DISPATCH **out,
-                       void **provctx)
+/*
+ * On VMS, the provider init function name is expected to be uppercase,
+ * see the pragmas in <openssl/core.h>.  Let's do the same with this
+ * internal name.  This is how symbol names are treated by default
+ * by the compiler if nothing else is said, but since this is part
+ * of libfips, and we build our libraries with mixed case symbol names,
+ * we must switch back to this default explicitly here.
+ */
+#ifdef __VMS
+# pragma names save
+# pragma names uppercase,truncated
+#endif
+OSSL_provider_init_fn OSSL_provider_init_int;
+#ifdef __VMS
+# pragma names restore
+#endif
+int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
+                           const OSSL_DISPATCH *in,
+                           const OSSL_DISPATCH **out,
+                           void **provctx)
 {
     FIPS_GLOBAL *fgbl;
     OSSL_LIB_CTX *libctx = NULL;

More information about the openssl-commits mailing list