From c8830891e6cb8d0782986662ca50b8fa7c97f49f Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Tue, 9 Mar 2021 15:26:17 +1000
Subject: [PATCH] Add ossl_provider symbols
Partial fix for #12964
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14473)
---
crypto/http/http_local.h | 1 +
crypto/provider_core.c | 2 +-
crypto/provider_local.h | 2 +-
crypto/provider_predefined.c | 6 +++---
providers/common/capabilities.c | 4 ++--
providers/common/include/prov/providercommon.h | 2 +-
providers/defltprov.c | 3 ++-
providers/fips/fipsprov.c | 12 ++++++------
.../implementations/ciphers/cipher_aes_xts.c | 2 +-
.../implementations/ciphers/cipher_aes_xts.h | 2 +-
.../ciphers/cipher_aes_xts_fips.c | 4 ++--
test/curve448_internal_test.c | 16 +++++++++-------
12 files changed, 30 insertions(+), 26 deletions(-)
diff --git a/crypto/http/http_local.h b/crypto/http/http_local.h
index 1dfa03ce8e..3164f62a77 100644
--- a/crypto/http/http_local.h
+++ b/crypto/http/http_local.h
@@ -14,6 +14,7 @@
# include <openssl/ocsp.h>
BIO *ossl_http_asn1_item2bio(const ASN1_ITEM *it, const ASN1_VALUE *val);
+
OSSL_HTTP_REQ_CTX
*ossl_http_req_ctx_new(BIO *wbio, BIO *rbio, int use_http_proxy,
const char *server, const char *port,
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index cd295809be..4d77108c33 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -157,7 +157,7 @@ static void *provider_store_new(OSSL_LIB_CTX *ctx)
}
store->use_fallbacks = 1;
- for (p = predefined_providers; p->name != NULL; p++) {
+ for (p = ossl_predefined_providers; p->name != NULL; p++) {
OSSL_PROVIDER *prov = NULL;
/*
diff --git a/crypto/provider_local.h b/crypto/provider_local.h
index e4c649a736..b0130eadc5 100644
--- a/crypto/provider_local.h
+++ b/crypto/provider_local.h
@@ -15,4 +15,4 @@ struct predefined_providers_st {
unsigned int is_fallback:1;
};
-extern const struct predefined_providers_st predefined_providers[];
+extern const struct predefined_providers_st ossl_predefined_providers[];
diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c
index 6acf2ea1af..cfb67d9fe3 100644
--- a/crypto/provider_predefined.c
+++ b/crypto/provider_predefined.c
@@ -13,13 +13,13 @@
OSSL_provider_init_fn ossl_default_provider_init;
OSSL_provider_init_fn ossl_base_provider_init;
OSSL_provider_init_fn ossl_null_provider_init;
-OSSL_provider_init_fn fips_intern_provider_init;
+OSSL_provider_init_fn ossl_fips_intern_provider_init;
#ifdef STATIC_LEGACY
OSSL_provider_init_fn ossl_legacy_provider_init;
#endif
-const struct predefined_providers_st predefined_providers[] = {
+const struct predefined_providers_st ossl_predefined_providers[] = {
#ifdef FIPS_MODULE
- { "fips", fips_intern_provider_init, 1 },
+ { "fips", ossl_fips_intern_provider_init, 1 },
#else
{ "default", ossl_default_provider_init, 1 },
# ifdef STATIC_LEGACY
diff --git a/providers/common/capabilities.c b/providers/common/capabilities.c
index d455d498ea..781acae8db 100644
--- a/providers/common/capabilities.c
+++ b/providers/common/capabilities.c
@@ -214,8 +214,8 @@ static int tls_group_capability(OSSL_CALLBACK *cb, void *arg)
return 1;
}
-int provider_get_capabilities(void *provctx, const char *capability,
- OSSL_CALLBACK *cb, void *arg)
+int ossl_prov_get_capabilities(void *provctx, const char *capability,
+ OSSL_CALLBACK *cb, void *arg)
{
if (strcasecmp(capability, "TLS-GROUP") == 0)
return tls_group_capability(cb, arg);
diff --git a/providers/common/include/prov/providercommon.h b/providers/common/include/prov/providercommon.h
index 33bd8bd732..6906554b0e 100644
--- a/providers/common/include/prov/providercommon.h
+++ b/providers/common/include/prov/providercommon.h
@@ -15,7 +15,7 @@ const OSSL_CORE_HANDLE *FIPS_get_core_handle(OSSL_LIB_CTX *ctx);
int ossl_cipher_capable_aes_cbc_hmac_sha1(void);
int ossl_cipher_capable_aes_cbc_hmac_sha256(void);
-OSSL_FUNC_provider_get_capabilities_fn provider_get_capabilities;
+OSSL_FUNC_provider_get_capabilities_fn ossl_prov_get_capabilities;
/* Set the error state if this is a FIPS module */
void ossl_set_error_state(const char *type);
diff --git a/providers/defltprov.c b/providers/defltprov.c
index 01e3f9ced4..63e8f67509 100644
--- a/providers/defltprov.c
+++ b/providers/defltprov.c
@@ -512,7 +512,8 @@ static const OSSL_DISPATCH deflt_dispatch_table[] = {
{ OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))deflt_gettable_params },
{ OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))deflt_get_params },
{ OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))deflt_query },
- { OSSL_FUNC_PROVIDER_GET_CAPABILITIES, (void (*)(void))provider_get_capabilities },
+ { OSSL_FUNC_PROVIDER_GET_CAPABILITIES,
+ (void (*)(void))ossl_prov_get_capabilities },
{ 0, NULL }
};
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 70826181e5..56892aa4c8 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -477,7 +477,7 @@ static const OSSL_DISPATCH fips_dispatch_table[] = {
{ OSSL_FUNC_PROVIDER_GET_PARAMS, (void (*)(void))fips_get_params },
{ OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fips_query },
{ OSSL_FUNC_PROVIDER_GET_CAPABILITIES,
- (void (*)(void))provider_get_capabilities },
+ (void (*)(void))ossl_prov_get_capabilities },
{ OSSL_FUNC_PROVIDER_SELF_TEST, (void (*)(void))fips_self_test },
{ 0, NULL }
};
@@ -647,11 +647,11 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
* the provider context of this inner instance with the same library context
* that was used in the EVP call that initiated this recursive call.
*/
-OSSL_provider_init_fn fips_intern_provider_init;
-int fips_intern_provider_init(const OSSL_CORE_HANDLE *handle,
- const OSSL_DISPATCH *in,
- const OSSL_DISPATCH **out,
- void **provctx)
+OSSL_provider_init_fn ossl_fips_intern_provider_init;
+int ossl_fips_intern_provider_init(const OSSL_CORE_HANDLE *handle,
+ const OSSL_DISPATCH *in,
+ const OSSL_DISPATCH **out,
+ void **provctx)
{
OSSL_FUNC_core_get_libctx_fn *c_internal_get_libctx = NULL;
diff --git a/providers/implementations/ciphers/cipher_aes_xts.c b/providers/implementations/ciphers/cipher_aes_xts.c
index 5cfb22778e..dce2032986 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.c
+++ b/providers/implementations/ciphers/cipher_aes_xts.c
@@ -54,7 +54,7 @@ static OSSL_FUNC_cipher_settable_ctx_params_fn aes_xts_settable_ctx_params;
static int aes_xts_check_keys_differ(const unsigned char *key, size_t bytes,
int enc)
{
- if ((!allow_insecure_decrypt || enc)
+ if ((!ossl_aes_xts_allow_insecure_decrypt || enc)
&& CRYPTO_memcmp(key, key + bytes, bytes) == 0) {
ERR_raise(ERR_LIB_PROV, PROV_R_XTS_DUPLICATED_KEYS);
return 0;
diff --git a/providers/implementations/ciphers/cipher_aes_xts.h b/providers/implementations/ciphers/cipher_aes_xts.h
index 95b5c9074c..8fca63bc4b 100644
--- a/providers/implementations/ciphers/cipher_aes_xts.h
+++ b/providers/implementations/ciphers/cipher_aes_xts.h
@@ -15,7 +15,7 @@
* Available in cipher_fips.c, and compiled with different values depending
* on we're in the FIPS module or not.
*/
-extern const int allow_insecure_decrypt;
+extern const int ossl_aes_xts_allow_insecure_decrypt;
PROV_CIPHER_FUNC(void, xts_stream,
(const unsigned char *in, unsigned char *out, size_t len,
diff --git a/providers/implementations/ciphers/cipher_aes_xts_fips.c b/providers/implementations/ciphers/cipher_aes_xts_fips.c
index b294bdecaf..60d4d0772a 100644
--- a/providers/implementations/ciphers/cipher_aes_xts_fips.c
+++ b/providers/implementations/ciphers/cipher_aes_xts_fips.c
@@ -17,7 +17,7 @@
#include "cipher_aes_xts.h"
#ifdef FIPS_MODULE
-const int allow_insecure_decrypt = 0;
+const int ossl_aes_xts_allow_insecure_decrypt = 0;
#else
-const int allow_insecure_decrypt = 1;
+const int ossl_aes_xts_allow_insecure_decrypt = 1;
#endif /* FIPS_MODULE */
diff --git a/test/curve448_internal_test.c b/test/curve448_internal_test.c
index 561ab71e8f..bcf3f87389 100644
--- a/test/curve448_internal_test.c
+++ b/test/curve448_internal_test.c
@@ -629,14 +629,16 @@ static int test_ed448(void)
|| !TEST_true(ossl_ed448_sign(NULL, outsig, msg9, sizeof(msg9),
pubkey9, privkey9, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(sig9, outsig, sizeof(sig9)), 0)
- || !TEST_true(ossl_ed448ph_sign(NULL, outsig, dohash(hashctx, phmsg1,
- sizeof(phmsg1)), phpubkey1,
- phprivkey1, NULL, 0, NULL))
+ || !TEST_true(ossl_ed448ph_sign(NULL, outsig,
+ dohash(hashctx, phmsg1,
+ sizeof(phmsg1)), phpubkey1,
+ phprivkey1, NULL, 0, NULL))
|| !TEST_int_eq(memcmp(phsig1, outsig, sizeof(phsig1)), 0)
- || !TEST_true(ossl_ed448ph_sign(NULL, outsig, dohash(hashctx, phmsg2,
- sizeof(phmsg2)), phpubkey2,
- phprivkey2, phcontext2,
- sizeof(phcontext2), NULL))
+ || !TEST_true(ossl_ed448ph_sign(NULL, outsig,
+ dohash(hashctx, phmsg2,
+ sizeof(phmsg2)), phpubkey2,
+ phprivkey2, phcontext2,
+ sizeof(phcontext2), NULL))
|| !TEST_int_eq(memcmp(phsig2, outsig, sizeof(phsig2)), 0)) {
EVP_MD_CTX_free(hashctx);
return 0;