From 6ea299d887d56841223d7f4b8330e3fc2e3050be Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Mon, 6 Nov 2023 07:07:07 +0900 Subject: [PATCH] Add option to dynamically load libcrypto.so.* This adds OQS_DLOPEN_OPENSSL build option to use OpenSSL through dynamically loaded libcrypto.so.* with dlopen, instead of linking to the library at build time. That way the applications could use their favorite implementation of common cryptographic primitives without pulling in the OpenSSL as a hard dependency. Signed-off-by: Daiki Ueno --- .CMake/alg_support.cmake | 2 + .github/workflows/unix.yml | 4 + CMakeLists.txt | 14 +++ src/CMakeLists.txt | 5 + src/common/aes/aes_ossl.c | 37 ++++--- src/common/common.c | 2 - src/common/ossl_functions.h | 50 +++++++++ src/common/ossl_helpers.c | 155 +++++++++++++++++++++------- src/common/ossl_helpers.h | 22 ++++ src/common/rand/rand.c | 8 +- src/common/rand/rand_nist.c | 13 +-- src/common/sha2/sha2_ossl.c | 62 ++++++----- src/common/sha3/ossl_sha3.c | 121 +++++++++++----------- src/common/sha3/ossl_sha3x4.c | 188 +++++++++++++++++----------------- src/oqsconfig.h.cmake | 2 + 15 files changed, 429 insertions(+), 256 deletions(-) create mode 100644 src/common/ossl_functions.h diff --git a/.CMake/alg_support.cmake b/.CMake/alg_support.cmake index 6f8e07ba8d..e57ca93708 100644 --- a/.CMake/alg_support.cmake +++ b/.CMake/alg_support.cmake @@ -69,6 +69,8 @@ cmake_dependent_option(OQS_USE_SHA3_OPENSSL "" OFF "OQS_USE_OPENSSL" OFF) # sanity check: Disable OpenSSL if not a single OpenSSL component define is on cmake_dependent_option(OQS_USE_OPENSSL "" ON "OQS_USE_AES_OPENSSL OR OQS_USE_SHA2_OPENSSL OR OQS_USE_SHA3_OPENSSL" OFF) +option(OQS_DLOPEN_OPENSSL "Enable OpenSSL with dlopen" OFF) + if(CMAKE_SYSTEM_NAME MATCHES "Linux|Darwin") if(OQS_DIST_X86_64_BUILD OR OQS_USE_AVX2_INSTRUCTIONS) cmake_dependent_option(OQS_ENABLE_SHA3_xkcp_low_avx2 "" ON "NOT OQS_USE_SHA3_OPENSSL" OFF) diff --git a/.github/workflows/unix.yml b/.github/workflows/unix.yml index 5e4b9fc4e1..4d9428c44e 100644 --- a/.github/workflows/unix.yml +++ b/.github/workflows/unix.yml @@ -92,6 +92,10 @@ jobs: container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py + - name: jammy-std-openssl3-dlopen + container: openquantumsafe/ci-ubuntu-jammy:latest + CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON + PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: address-sanitizer container: openquantumsafe/ci-ubuntu-focal-x86_64:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=clang-9 -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address diff --git a/CMakeLists.txt b/CMakeLists.txt index 06e5bd193c..81cf1578dc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -134,6 +134,20 @@ if(${OQS_USE_OPENSSL}) endif() endif() find_package(OpenSSL 1.1.1 REQUIRED) + + if(OQS_DLOPEN_OPENSSL) + find_program(OBJDUMP objdump) + if(NOT OBJDUMP) + message(FATAL_ERROR "objdump not found. Please install it from binutils.") + endif() + execute_process( + COMMAND ${OBJDUMP} -p ${OPENSSL_CRYPTO_LIBRARY} + COMMAND sed -n "s/[ ]\\{1,\\}SONAME[ ]\\{1,\\}//p" + OUTPUT_VARIABLE OQS_OPENSSL_CRYPTO_SONAME + OUTPUT_STRIP_TRAILING_WHITESPACE + COMMAND_ERROR_IS_FATAL ANY) + message(STATUS "OpenSSL dlopen SONAME: " ${OQS_OPENSSL_CRYPTO_SONAME}) + endif() endif() set(PUBLIC_HEADERS ${PROJECT_SOURCE_DIR}/src/oqs.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 1f9ed06e5c..caee498285 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -70,8 +70,13 @@ if(DEFINED SANITIZER_LD_FLAGS) target_link_libraries(oqs-internal PUBLIC ${SANITIZER_LD_FLAGS}) endif() if(${OQS_USE_OPENSSL}) + if(${OQS_DLOPEN_OPENSSL}) + target_link_libraries(oqs PRIVATE ${CMAKE_DL_LIBS}) + target_link_libraries(oqs-internal PRIVATE ${CMAKE_DL_LIBS}) + else() target_link_libraries(oqs PRIVATE ${OPENSSL_CRYPTO_LIBRARY}) target_link_libraries(oqs-internal PRIVATE ${OPENSSL_CRYPTO_LIBRARY}) + endif() endif() target_include_directories(oqs diff --git a/src/common/aes/aes_ossl.c b/src/common/aes/aes_ossl.c index 0696b53624..d49231f149 100644 --- a/src/common/aes/aes_ossl.c +++ b/src/common/aes/aes_ossl.c @@ -7,7 +7,6 @@ #include "aes.h" -#include #include "../ossl_helpers.h" struct key_schedule { @@ -33,17 +32,17 @@ static void AES128_ECB_load_schedule(const uint8_t *key, void **schedule) { OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL"); struct key_schedule *ks = (struct key_schedule *) *schedule; ks->for_ECB = 1; - ks->ctx = EVP_CIPHER_CTX_new(); + ks->ctx = OSSL_FUNCALL(EVP_CIPHER_CTX_new()); OQS_EXIT_IF_NULLPTR(ks->ctx, "OpenSSL"); - OQS_OPENSSL_GUARD(EVP_EncryptInit_ex(ks->ctx, oqs_aes_128_ecb(), NULL, key, NULL)); - EVP_CIPHER_CTX_set_padding(ks->ctx, 0); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptInit_ex(ks->ctx, oqs_aes_128_ecb(), NULL, key, NULL))); + OSSL_FUNCALL(EVP_CIPHER_CTX_set_padding(ks->ctx, 0)); } static void AES128_free_schedule(void *schedule) { if (schedule != NULL) { struct key_schedule *ks = (struct key_schedule *) schedule; if (ks->ctx != NULL) { - EVP_CIPHER_CTX_free(ks->ctx); + OSSL_FUNCALL(EVP_CIPHER_CTX_free(ks->ctx)); } OQS_MEM_cleanse(ks->key, 32); OQS_MEM_secure_free(schedule, sizeof(struct key_schedule)); @@ -62,9 +61,9 @@ static void AES128_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_ int outlen; const struct key_schedule *ks = (const struct key_schedule *) schedule; SIZE_T_TO_INT_OR_EXIT(plaintext_len, plaintext_len_int) - OQS_OPENSSL_GUARD(EVP_EncryptUpdate(ks->ctx, ciphertext, &outlen, plaintext, plaintext_len_int)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptUpdate(ks->ctx, ciphertext, &outlen, plaintext, plaintext_len_int))); assert(outlen == plaintext_len_int); - OQS_OPENSSL_GUARD(EVP_EncryptFinal_ex(ks->ctx, ciphertext, &outlen)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptFinal_ex(ks->ctx, ciphertext, &outlen))); } static void AES256_ECB_load_schedule(const uint8_t *key, void **schedule) { @@ -72,16 +71,16 @@ static void AES256_ECB_load_schedule(const uint8_t *key, void **schedule) { OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL"); struct key_schedule *ks = (struct key_schedule *) *schedule; ks->for_ECB = 1; - ks->ctx = EVP_CIPHER_CTX_new(); + ks->ctx = OSSL_FUNCALL(EVP_CIPHER_CTX_new()); OQS_EXIT_IF_NULLPTR(ks->ctx, "OpenSSL"); - OQS_OPENSSL_GUARD(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ecb(), NULL, key, NULL)); - EVP_CIPHER_CTX_set_padding(ks->ctx, 0); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ecb(), NULL, key, NULL))); + OSSL_FUNCALL(EVP_CIPHER_CTX_set_padding(ks->ctx, 0)); } static void AES256_CTR_inc_init(const uint8_t *key, void **schedule) { *schedule = malloc(sizeof(struct key_schedule)); struct key_schedule *ks = (struct key_schedule *) *schedule; - EVP_CIPHER_CTX *ctr_ctx = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *ctr_ctx = OSSL_FUNCALL(EVP_CIPHER_CTX_new()); assert(ctr_ctx != NULL); OQS_EXIT_IF_NULLPTR(*schedule, "OpenSSL"); @@ -101,7 +100,7 @@ static void AES256_CTR_inc_iv(const uint8_t *iv, size_t iv_len, void *schedule) } else { exit(EXIT_FAILURE); } - OQS_OPENSSL_GUARD(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ctr(), NULL, ks->key, ks->iv)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ctr(), NULL, ks->key, ks->iv))); } static void AES256_CTR_inc_ivu64(uint64_t iv, void *schedule) { @@ -109,7 +108,7 @@ static void AES256_CTR_inc_ivu64(uint64_t iv, void *schedule) { struct key_schedule *ks = (struct key_schedule *) schedule; br_enc64be(ks->iv, iv); memset(&ks->iv[8], 0, 8); - OQS_OPENSSL_GUARD(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ctr(), NULL, ks->key, ks->iv)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptInit_ex(ks->ctx, oqs_aes_256_ctr(), NULL, ks->key, ks->iv))); } static void AES256_free_schedule(void *schedule) { @@ -130,7 +129,7 @@ static void AES256_ECB_enc_sch(const uint8_t *plaintext, const size_t plaintext_ } static void AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const void *schedule, uint8_t *out, size_t out_len) { - EVP_CIPHER_CTX *ctr_ctx = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *ctr_ctx = OSSL_FUNCALL(EVP_CIPHER_CTX_new()); assert(ctr_ctx != NULL); uint8_t iv_ctr[16]; if (iv_len == 12) { @@ -145,14 +144,14 @@ static void AES256_CTR_inc_stream_iv(const uint8_t *iv, size_t iv_len, const voi exit(EXIT_FAILURE); } const struct key_schedule *ks = (const struct key_schedule *) schedule; - OQS_OPENSSL_GUARD(EVP_EncryptInit_ex(ctr_ctx, oqs_aes_256_ctr(), NULL, ks->key, iv_ctr)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptInit_ex(ctr_ctx, oqs_aes_256_ctr(), NULL, ks->key, iv_ctr))); SIZE_T_TO_INT_OR_EXIT(out_len, out_len_input_int) memset(out, 0, (size_t)out_len_input_int); int out_len_output; - OQS_OPENSSL_GUARD(EVP_EncryptUpdate(ctr_ctx, out, &out_len_output, out, out_len_input_int)); - OQS_OPENSSL_GUARD(EVP_EncryptFinal_ex(ctr_ctx, out + out_len_output, &out_len_output)); - EVP_CIPHER_CTX_free(ctr_ctx); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptUpdate(ctr_ctx, out, &out_len_output, out, out_len_input_int))); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptFinal_ex(ctr_ctx, out + out_len_output, &out_len_output))); + OSSL_FUNCALL(EVP_CIPHER_CTX_free(ctr_ctx)); } static void AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_blks) { @@ -161,7 +160,7 @@ static void AES256_CTR_inc_stream_blks(void *schedule, uint8_t *out, size_t out_ int out_len_output; SIZE_T_TO_INT_OR_EXIT(out_len, out_len_input_int); memset(out, 0, (size_t)out_len_input_int); - OQS_OPENSSL_GUARD(EVP_EncryptUpdate(ks->ctx, out, &out_len_output, out, (int) out_len)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_EncryptUpdate(ks->ctx, out, &out_len_output, out, (int) out_len))); } struct OQS_AES_callbacks aes_default_callbacks = { diff --git a/src/common/common.c b/src/common/common.c index 78119afb1d..7de1e65815 100644 --- a/src/common/common.c +++ b/src/common/common.c @@ -26,7 +26,6 @@ #endif #if defined(OQS_USE_OPENSSL) -#include #include "ossl_helpers.h" #endif @@ -232,7 +231,6 @@ OQS_API void OQS_init(void) { #if defined(OQS_DIST_BUILD) OQS_CPU_has_extension(OQS_CPU_EXT_INIT); #endif - return; } OQS_API const char *OQS_version(void) { diff --git a/src/common/ossl_functions.h b/src/common/ossl_functions.h new file mode 100644 index 0000000000..a347082eeb --- /dev/null +++ b/src/common/ossl_functions.h @@ -0,0 +1,50 @@ +// SPDX-License-Identifier: MIT + +// This file lists all OpenSSL functions used throughout the liboqs source code. +// +// Note that this file is included multiple times to generate custom +// code by definining the FUNC macro, so no header guard should be +// added here. + +VOID_FUNC(void, ERR_print_errors_fp, (FILE *fp), (fp)) +VOID_FUNC(void, EVP_CIPHER_CTX_free, (EVP_CIPHER_CTX *c), (c)) +FUNC(EVP_CIPHER_CTX *, EVP_CIPHER_CTX_new, (void), ()) +FUNC(int, EVP_CIPHER_CTX_set_padding, (EVP_CIPHER_CTX *c, int pad), (c, pad)) +FUNC(int, EVP_DigestFinalXOF, (EVP_MD_CTX *ctx, unsigned char *md, size_t len), (ctx, md, len)) +FUNC(int, EVP_DigestFinal_ex, (EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s), (ctx, md, s)) +FUNC(int, EVP_DigestInit_ex, (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl), (ctx, type, impl)) +FUNC(int, EVP_DigestUpdate, (EVP_MD_CTX *ctx, const void *d, size_t cnt), (ctx, d, cnt)) +FUNC(int, EVP_EncryptFinal_ex, (EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl), (ctx, out, outl)) +FUNC(int, EVP_EncryptInit_ex, (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, const unsigned char *key, const unsigned char *iv), + (ctx, cipher, impl, key, iv)) +FUNC(int, EVP_EncryptUpdate, (EVP_CIPHER_CTX *ctx, unsigned char *out, + int *outl, const unsigned char *in, int inl), + (ctx, out, outl, in, inl)) +FUNC(int, EVP_MD_CTX_copy_ex, (EVP_MD_CTX *out, const EVP_MD_CTX *in), (out, in)) +VOID_FUNC(void, EVP_MD_CTX_free, (EVP_MD_CTX *ctx), (ctx)) +FUNC(EVP_MD_CTX *, EVP_MD_CTX_new, (void), ()) +FUNC(const EVP_CIPHER *, EVP_aes_128_ecb, (void), ()) +FUNC(const EVP_CIPHER *, EVP_aes_256_ecb, (void), ()) +FUNC(const EVP_CIPHER *, EVP_aes_256_ctr, (void), ()) +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +FUNC(EVP_CIPHER *, EVP_CIPHER_fetch, (OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties), + (ctx, algorithm, properties)) +VOID_FUNC(void, EVP_CIPHER_free, (EVP_CIPHER *cipher), (cipher)) +FUNC(EVP_MD *, EVP_MD_fetch, (OSSL_LIB_CTX *ctx, const char *algorithm, + const char *properties), + (ctx, algorithm, properties)) +VOID_FUNC(void, EVP_MD_free, (EVP_MD *md), (md)) +#else +FUNC(const EVP_MD *, EVP_sha256, (void), ()) +FUNC(const EVP_MD *, EVP_sha384, (void), ()) +FUNC(const EVP_MD *, EVP_sha3_256, (void), ()) +FUNC(const EVP_MD *, EVP_sha3_384, (void), ()) +FUNC(const EVP_MD *, EVP_sha3_512, (void), ()) +FUNC(const EVP_MD *, EVP_sha512, (void), ()) +FUNC(const EVP_MD *, EVP_shake128, (void), ()) +FUNC(const EVP_MD *, EVP_shake256, (void), ()) +#endif +FUNC(int, RAND_bytes, (unsigned char *buf, int num), (buf, num)) +FUNC(int, RAND_poll, (void), ()) +FUNC(int, RAND_status, (void), ()) diff --git a/src/common/ossl_helpers.c b/src/common/ossl_helpers.c index 420a8f8c37..abcceaa5e4 100644 --- a/src/common/ossl_helpers.c +++ b/src/common/ossl_helpers.c @@ -1,8 +1,10 @@ // SPDX-License-Identifier: MIT #include #if defined(OQS_USE_OPENSSL) -#include +#define OQS_OSSL_NO_EXTERN 1 #include "ossl_helpers.h" +#include +#include #if OPENSSL_VERSION_NUMBER >= 0x30000000L #if defined(OQS_USE_PTHREADS) @@ -19,19 +21,19 @@ static EVP_MD *sha256_ptr, *sha384_ptr, *sha512_ptr, static EVP_CIPHER *aes128_ecb_ptr, *aes256_ecb_ptr, *aes256_ctr_ptr; static void fetch_ossl_objects(void) { - sha256_ptr = EVP_MD_fetch(NULL, "SHA256", NULL); - sha384_ptr = EVP_MD_fetch(NULL, "SHA384", NULL); - sha512_ptr = EVP_MD_fetch(NULL, "SHA512", NULL); + sha256_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHA256", NULL)); + sha384_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHA384", NULL)); + sha512_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHA512", NULL)); - sha3_256_ptr = EVP_MD_fetch(NULL, "SHA3-256", NULL); - sha3_384_ptr = EVP_MD_fetch(NULL, "SHA3-384", NULL); - sha3_512_ptr = EVP_MD_fetch(NULL, "SHA3-512", NULL); - shake128_ptr = EVP_MD_fetch(NULL, "SHAKE128", NULL); - shake256_ptr = EVP_MD_fetch(NULL, "SHAKE256", NULL); + sha3_256_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHA3-256", NULL)); + sha3_384_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHA3-384", NULL)); + sha3_512_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHA3-512", NULL)); + shake128_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHAKE128", NULL)); + shake256_ptr = OSSL_FUNCALL(EVP_MD_fetch(NULL, "SHAKE256", NULL)); - aes128_ecb_ptr = EVP_CIPHER_fetch(NULL, "AES-128-ECB", NULL); - aes256_ecb_ptr = EVP_CIPHER_fetch(NULL, "AES-256-ECB", NULL); - aes256_ctr_ptr = EVP_CIPHER_fetch(NULL, "AES-256-CTR", NULL); + aes128_ecb_ptr = OSSL_FUNCALL(EVP_CIPHER_fetch(NULL, "AES-128-ECB", NULL)); + aes256_ecb_ptr = OSSL_FUNCALL(EVP_CIPHER_fetch(NULL, "AES-256-ECB", NULL)); + aes256_ctr_ptr = OSSL_FUNCALL(EVP_CIPHER_fetch(NULL, "AES-256-CTR", NULL)); if (!sha256_ptr || !sha384_ptr || !sha512_ptr || !sha3_256_ptr || !sha3_384_ptr || !sha3_512_ptr || !shake128_ptr || !shake256_ptr || @@ -40,28 +42,28 @@ static void fetch_ossl_objects(void) { } } -void free_ossl_objects(void) { - EVP_MD_free(sha256_ptr); +static void free_ossl_objects(void) { + OSSL_FUNCALL(EVP_MD_free(sha256_ptr)); sha256_ptr = NULL; - EVP_MD_free(sha384_ptr); + OSSL_FUNCALL(EVP_MD_free(sha384_ptr)); sha384_ptr = NULL; - EVP_MD_free(sha512_ptr); + OSSL_FUNCALL(EVP_MD_free(sha512_ptr)); sha512_ptr = NULL; - EVP_MD_free(sha3_256_ptr); + OSSL_FUNCALL(EVP_MD_free(sha3_256_ptr)); sha3_256_ptr = NULL; - EVP_MD_free(sha3_384_ptr); + OSSL_FUNCALL(EVP_MD_free(sha3_384_ptr)); sha3_384_ptr = NULL; - EVP_MD_free(sha3_512_ptr); + OSSL_FUNCALL(EVP_MD_free(sha3_512_ptr)); sha3_512_ptr = NULL; - EVP_MD_free(shake128_ptr); + OSSL_FUNCALL(EVP_MD_free(shake128_ptr)); shake128_ptr = NULL; - EVP_MD_free(shake256_ptr); + OSSL_FUNCALL(EVP_MD_free(shake256_ptr)); shake256_ptr = NULL; - EVP_CIPHER_free(aes128_ecb_ptr); + OSSL_FUNCALL(EVP_CIPHER_free(aes128_ecb_ptr)); aes128_ecb_ptr = NULL; - EVP_CIPHER_free(aes256_ecb_ptr); + OSSL_FUNCALL(EVP_CIPHER_free(aes256_ecb_ptr)); aes256_ecb_ptr = NULL; - EVP_CIPHER_free(aes256_ctr_ptr); + OSSL_FUNCALL(EVP_CIPHER_free(aes256_ctr_ptr)); aes256_ctr_ptr = NULL; } #endif // OPENSSL_VERSION_NUMBER >= 0x30000000L @@ -93,7 +95,7 @@ const EVP_MD *oqs_sha256(void) { #endif return sha256_ptr; #else - return EVP_sha256(); + return OSSL_FUNCALL(EVP_sha256()); #endif } @@ -110,7 +112,7 @@ const EVP_MD *oqs_sha384(void) { #endif return sha384_ptr; #else - return EVP_sha384(); + return OSSL_FUNCALL(EVP_sha384()); #endif } @@ -127,7 +129,7 @@ const EVP_MD *oqs_sha512(void) { #endif return sha512_ptr; #else - return EVP_sha512(); + return OSSL_FUNCALL(EVP_sha512()); #endif } @@ -144,7 +146,7 @@ const EVP_MD *oqs_shake128(void) { #endif return shake128_ptr; #else - return EVP_shake128(); + return OSSL_FUNCALL(EVP_shake128()); #endif } @@ -161,7 +163,7 @@ const EVP_MD *oqs_shake256(void) { #endif return shake256_ptr; #else - return EVP_shake256(); + return OSSL_FUNCALL(EVP_shake256()); #endif } @@ -178,7 +180,7 @@ const EVP_MD *oqs_sha3_256(void) { #endif return sha3_256_ptr; #else - return EVP_sha3_256(); + return OSSL_FUNCALL(EVP_sha3_256()); #endif } @@ -195,7 +197,7 @@ const EVP_MD *oqs_sha3_384(void) { #endif return sha3_384_ptr; #else - return EVP_sha3_384(); + return OSSL_FUNCALL(EVP_sha3_384()); #endif } @@ -212,7 +214,7 @@ const EVP_MD *oqs_sha3_512(void) { #endif return sha3_512_ptr; #else - return EVP_sha3_512(); + return OSSL_FUNCALL(EVP_sha3_512()); #endif } @@ -229,7 +231,7 @@ const EVP_CIPHER *oqs_aes_128_ecb(void) { #endif return aes128_ecb_ptr; #else - return EVP_aes_128_ecb(); + return OSSL_FUNCALL(EVP_aes_128_ecb()); #endif } @@ -246,7 +248,7 @@ const EVP_CIPHER *oqs_aes_256_ecb(void) { #endif return aes256_ecb_ptr; #else - return EVP_aes_256_ecb(); + return OSSL_FUNCALL(EVP_aes_256_ecb()); #endif } @@ -263,7 +265,90 @@ const EVP_CIPHER *oqs_aes_256_ctr(void) { #endif return aes256_ctr_ptr; #else - return EVP_aes_256_ctr(); + return OSSL_FUNCALL(EVP_aes_256_ctr()); #endif } + +#if defined(OQS_DLOPEN_OPENSSL) + +static void *libcrypto_dlhandle; + +static void ensure_library(void); + +#if defined(OQS_USE_PTHREADS) +static pthread_once_t dlopen_once_control = PTHREAD_ONCE_INIT; + +#define ENSURE_LIBRARY pthread_once(&dlopen_once_control, ensure_library) +#else +#define ENSURE_LIBRARY do { \ + if (!libcrypto_dlhandle) { \ + ensure_library(); \ + } \ + } while (0) +#endif // OQS_USE_PTHREADS + +/* Define redirection symbols */ +#if (2 <= __GNUC__ || (4 <= __clang_major__)) +#define FUNC(ret, name, args, cargs) \ + static __typeof__(name)(*_oqs_ossl_sym_##name); +#else +#define FUNC(ret, name, args, cargs) \ + static ret(*_oqs_ossl_sym_##name)args; +#endif +#define VOID_FUNC FUNC +#include "ossl_functions.h" +#undef VOID_FUNC +#undef FUNC + +/* Define redirection wrapper functions */ +#define FUNC(ret, name, args, cargs) \ +ret _oqs_ossl_##name args \ +{ \ + ENSURE_LIBRARY; \ + assert(_oqs_ossl_sym_##name); \ + return _oqs_ossl_sym_##name cargs; \ +} +#define VOID_FUNC(ret, name, args, cargs) \ +ret _oqs_ossl_##name args \ +{ \ + ENSURE_LIBRARY; \ + assert(_oqs_ossl_sym_##name); \ + _oqs_ossl_sym_##name cargs; \ +} +#include "ossl_functions.h" +#undef VOID_FUNC +#undef FUNC + +static void ensure_symbol(const char *name, void **symp) { + if (!*symp) { + void *sym = dlsym(libcrypto_dlhandle, name); + if (!sym) { + exit(EXIT_FAILURE); + } + *symp = sym; + } +} + +static void ensure_library(void) { + if (!libcrypto_dlhandle) { + libcrypto_dlhandle = dlopen(OQS_OPENSSL_CRYPTO_SONAME, + RTLD_LAZY | RTLD_LOCAL); + if (!libcrypto_dlhandle) { + exit(EXIT_FAILURE); + } + } + +#define ENSURE_SYMBOL(name) \ + ensure_symbol(#name, (void **)&_oqs_ossl_sym_##name) +#define FUNC(ret, name, args, cargs) \ + ENSURE_SYMBOL(name); +#define VOID_FUNC FUNC +#include "ossl_functions.h" +#undef VOID_FUNC +#undef FUNC +#undef ENSURE_SYMBOL +} + +#endif // OQS_DLOPEN_OPENSSL + #endif diff --git a/src/common/ossl_helpers.h b/src/common/ossl_helpers.h index b29d795c5b..5adbe465c2 100644 --- a/src/common/ossl_helpers.h +++ b/src/common/ossl_helpers.h @@ -6,6 +6,10 @@ extern "C" { #endif +#include +#include +#include + #if defined(OQS_USE_OPENSSL) void oqs_ossl_destroy(void); @@ -30,6 +34,24 @@ const EVP_CIPHER *oqs_aes_128_ecb(void); const EVP_CIPHER *oqs_aes_256_ecb(void); const EVP_CIPHER *oqs_aes_256_ctr(void); + +#ifdef OQS_DLOPEN_OPENSSL + +#define FUNC(ret, name, args, cargs) \ + ret _oqs_ossl_##name args; +#define VOID_FUNC FUNC +#include "ossl_functions.h" +#undef VOID_FUNC +#undef FUNC + +#define OSSL_FUNCALL(call) _oqs_ossl_##call + +#else + +#define OSSL_FUNCALL(call) call + +#endif + #endif #if defined(__cplusplus) diff --git a/src/common/rand/rand.c b/src/common/rand/rand.c index b48d8030d3..2f1d16e37d 100644 --- a/src/common/rand/rand.c +++ b/src/common/rand/rand.c @@ -23,7 +23,7 @@ void OQS_randombytes_openssl(uint8_t *random_array, size_t bytes_to_read); #endif #ifdef OQS_USE_OPENSSL -#include +#include "../ossl_helpers.h" // Use OpenSSL's RAND_bytes as the default PRNG static void (*oqs_randombytes_algorithm)(uint8_t *, size_t) = &OQS_randombytes_openssl; #else @@ -113,12 +113,12 @@ void OQS_randombytes_openssl(uint8_t *random_array, size_t bytes_to_read) { int rep = OQS_RAND_POLL_RETRY; SIZE_T_TO_INT_OR_EXIT(bytes_to_read, bytes_to_read_int) do { - if (RAND_status() == 1) { + if (OSSL_FUNCALL(RAND_status()) == 1) { break; } - RAND_poll(); + OSSL_FUNCALL(RAND_poll()); } while (rep-- >= 0); - if (RAND_bytes(random_array, bytes_to_read_int) != 1) { + if (OSSL_FUNCALL(RAND_bytes(random_array, bytes_to_read_int)) != 1) { fprintf(stderr, "No OpenSSL randomness retrieved. DRBG available?\n"); // because of void signature we have no other way to signal the problem // we cannot possibly return without randomness diff --git a/src/common/rand/rand_nist.c b/src/common/rand/rand_nist.c index 5e74b45b95..4da3ac119f 100644 --- a/src/common/rand/rand_nist.c +++ b/src/common/rand/rand_nist.c @@ -22,9 +22,6 @@ You are solely responsible for determining the appropriateness of using and dist #include #ifdef OQS_USE_OPENSSL -#include -#include -#include #include "../ossl_helpers.h" #else #include @@ -42,7 +39,7 @@ __declspec(noreturn) __attribute__((noreturn)) # endif static void handleErrors(void) { - ERR_print_errors_fp(stderr); + OSSL_FUNCALL(ERR_print_errors_fp(stderr)); abort(); } #endif @@ -58,20 +55,20 @@ static void AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *bu int len; /* Create and initialise the context */ - if (!(ctx = EVP_CIPHER_CTX_new())) { + if (!(ctx = OSSL_FUNCALL(EVP_CIPHER_CTX_new()))) { handleErrors(); } - if (1 != EVP_EncryptInit_ex(ctx, oqs_aes_256_ecb(), NULL, key, NULL)) { + if (1 != OSSL_FUNCALL(EVP_EncryptInit_ex(ctx, oqs_aes_256_ecb(), NULL, key, NULL))) { handleErrors(); } - if (1 != EVP_EncryptUpdate(ctx, buffer, &len, ctr, 16)) { + if (1 != OSSL_FUNCALL(EVP_EncryptUpdate(ctx, buffer, &len, ctr, 16))) { handleErrors(); } /* Clean up */ - EVP_CIPHER_CTX_free(ctx); + OSSL_FUNCALL(EVP_CIPHER_CTX_free(ctx)); #else void *schedule = NULL; OQS_AES256_ECB_load_schedule(key, &schedule); diff --git a/src/common/sha2/sha2_ossl.c b/src/common/sha2/sha2_ossl.c index 93ee91d4c8..60b314d00f 100644 --- a/src/common/sha2/sha2_ossl.c +++ b/src/common/sha2/sha2_ossl.c @@ -11,18 +11,17 @@ #include "sha2.h" -#include #include "../ossl_helpers.h" static void do_hash(uint8_t *output, const uint8_t *input, size_t inplen, const EVP_MD *md) { EVP_MD_CTX *mdctx; unsigned int outlen; - mdctx = EVP_MD_CTX_new(); + mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); OQS_EXIT_IF_NULLPTR(mdctx, "OpenSSL"); - OQS_OPENSSL_GUARD(EVP_DigestInit_ex(mdctx, md, NULL)); - OQS_OPENSSL_GUARD(EVP_DigestUpdate(mdctx, input, inplen)); - OQS_OPENSSL_GUARD(EVP_DigestFinal_ex(mdctx, output, &outlen)); - EVP_MD_CTX_free(mdctx); + OSSL_FUNCALL(EVP_DigestInit_ex(mdctx, md, NULL)); + OSSL_FUNCALL(EVP_DigestUpdate(mdctx, input, inplen)); + OSSL_FUNCALL(EVP_DigestFinal_ex(mdctx, output, &outlen)); + OSSL_FUNCALL(EVP_MD_CTX_free(mdctx)); } static void SHA2_sha256(uint8_t *output, const uint8_t *input, size_t inplen) { @@ -53,34 +52,33 @@ static void SHA2_sha256_inc_init(OQS_SHA2_sha256_ctx *state) { const EVP_MD *md = NULL; md = oqs_sha256(); OQS_EXIT_IF_NULLPTR(md, "OpenSSL"); - mdctx = EVP_MD_CTX_new(); + mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); OQS_EXIT_IF_NULLPTR(mdctx, "OpenSSL"); - OQS_OPENSSL_GUARD(EVP_DigestInit_ex(mdctx, md, NULL)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestInit_ex(mdctx, md, NULL))); state->ctx = mdctx; } static void SHA2_sha256_inc_blocks(OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inblocks) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE))); } static void SHA2_sha256_inc_finalize(uint8_t *out, OQS_SHA2_sha256_ctx *state, const uint8_t *in, size_t inlen) { unsigned int md_len; if (inlen > 0) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen))); } - OQS_OPENSSL_GUARD(EVP_DigestFinal_ex((EVP_MD_CTX *) state->ctx, out, &md_len)); - EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); - state->ctx = NULL; + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestFinal_ex((EVP_MD_CTX *) state->ctx, out, &md_len))); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx)); } static void SHA2_sha256_inc_ctx_release(OQS_SHA2_sha256_ctx *state) { - EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx)); state->ctx = NULL; } static void SHA2_sha256_inc_ctx_clone(OQS_SHA2_sha256_ctx *dest, const OQS_SHA2_sha256_ctx *src) { SHA2_sha256_inc_init(dest); - OQS_OPENSSL_GUARD(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx))); } static void SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { @@ -88,34 +86,33 @@ static void SHA2_sha384_inc_init(OQS_SHA2_sha384_ctx *state) { const EVP_MD *md = NULL; md = oqs_sha384(); OQS_EXIT_IF_NULLPTR(md, "OpenSSL"); - mdctx = EVP_MD_CTX_new(); + mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); OQS_EXIT_IF_NULLPTR(mdctx, "OpenSSL"); - OQS_OPENSSL_GUARD(EVP_DigestInit_ex(mdctx, md, NULL)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestInit_ex(mdctx, md, NULL))); state->ctx = mdctx; } static void SHA2_sha384_inc_blocks(OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inblocks) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE))); } static void SHA2_sha384_inc_finalize(uint8_t *out, OQS_SHA2_sha384_ctx *state, const uint8_t *in, size_t inlen) { unsigned int md_len; if (inlen > 0) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen))); } - OQS_OPENSSL_GUARD(EVP_DigestFinal_ex((EVP_MD_CTX *) state->ctx, out, &md_len)); - EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); - state->ctx = NULL; + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestFinal_ex((EVP_MD_CTX *) state->ctx, out, &md_len))); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx)); } static void SHA2_sha384_inc_ctx_release(OQS_SHA2_sha384_ctx *state) { - EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx)); state->ctx = NULL; } static void SHA2_sha384_inc_ctx_clone(OQS_SHA2_sha384_ctx *dest, const OQS_SHA2_sha384_ctx *src) { SHA2_sha384_inc_init(dest); - OQS_OPENSSL_GUARD(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx))); } static void SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { @@ -123,34 +120,33 @@ static void SHA2_sha512_inc_init(OQS_SHA2_sha512_ctx *state) { const EVP_MD *md = NULL; md = oqs_sha512(); OQS_EXIT_IF_NULLPTR(md, "OpenSSL"); - mdctx = EVP_MD_CTX_new(); + mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); OQS_EXIT_IF_NULLPTR(mdctx, "OpenSSL"); - OQS_OPENSSL_GUARD(EVP_DigestInit_ex(mdctx, md, NULL)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestInit_ex(mdctx, md, NULL))); state->ctx = mdctx; } static void SHA2_sha512_inc_blocks(OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inblocks) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inblocks * SHA2_BLOCK_SIZE))); } static void SHA2_sha512_inc_finalize(uint8_t *out, OQS_SHA2_sha512_ctx *state, const uint8_t *in, size_t inlen) { unsigned int md_len; if (inlen > 0) { - OQS_OPENSSL_GUARD(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *) state->ctx, in, inlen))); } - OQS_OPENSSL_GUARD(EVP_DigestFinal_ex((EVP_MD_CTX *) state->ctx, out, &md_len)); - EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); - state->ctx = NULL; + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_DigestFinal_ex((EVP_MD_CTX *) state->ctx, out, &md_len))); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx)); } static void SHA2_sha512_inc_ctx_release(OQS_SHA2_sha512_ctx *state) { - EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *) state->ctx)); state->ctx = NULL; } static void SHA2_sha512_inc_ctx_clone(OQS_SHA2_sha512_ctx *dest, const OQS_SHA2_sha512_ctx *src) { SHA2_sha512_inc_init(dest); - OQS_OPENSSL_GUARD(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx)); + OQS_OPENSSL_GUARD(OSSL_FUNCALL(EVP_MD_CTX_copy_ex((EVP_MD_CTX *) dest->ctx, (EVP_MD_CTX *) src->ctx))); } struct OQS_SHA2_callbacks sha2_default_callbacks = { diff --git a/src/common/sha3/ossl_sha3.c b/src/common/sha3/ossl_sha3.c index 9a39894539..c9be5fdc89 100644 --- a/src/common/sha3/ossl_sha3.c +++ b/src/common/sha3/ossl_sha3.c @@ -11,26 +11,25 @@ #include "sha3.h" -#include #include "../ossl_helpers.h" #include static void do_hash(uint8_t *output, const uint8_t *input, size_t inplen, const EVP_MD *md) { EVP_MD_CTX *mdctx; - mdctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex(mdctx, md, NULL); - EVP_DigestUpdate(mdctx, input, inplen); - EVP_DigestFinal_ex(mdctx, output, NULL); - EVP_MD_CTX_free(mdctx); + mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(mdctx, md, NULL)); + OSSL_FUNCALL(EVP_DigestUpdate(mdctx, input, inplen)); + OSSL_FUNCALL(EVP_DigestFinal_ex(mdctx, output, NULL)); + OSSL_FUNCALL(EVP_MD_CTX_free(mdctx)); } static void do_xof(uint8_t *output, size_t outlen, const uint8_t *input, size_t inplen, const EVP_MD *md) { EVP_MD_CTX *mdctx; - mdctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex(mdctx, md, NULL); - EVP_DigestUpdate(mdctx, input, inplen); - EVP_DigestFinalXOF(mdctx, output, outlen); - EVP_MD_CTX_free(mdctx); + mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(mdctx, md, NULL)); + OSSL_FUNCALL(EVP_DigestUpdate(mdctx, input, inplen)); + OSSL_FUNCALL(EVP_DigestFinalXOF(mdctx, output, outlen)); + OSSL_FUNCALL(EVP_MD_CTX_free(mdctx)); } /* SHA3-256 */ @@ -42,31 +41,31 @@ static void SHA3_sha3_256(uint8_t *output, const uint8_t *input, size_t inplen) /* SHA3-256 incremental */ static void SHA3_sha3_256_inc_init(OQS_SHA3_sha3_256_inc_ctx *state) { - state->ctx = EVP_MD_CTX_new(); + state->ctx = OSSL_FUNCALL(EVP_MD_CTX_new()); EVP_MD_CTX *s = (EVP_MD_CTX *)state->ctx; - EVP_DigestInit_ex(s, oqs_sha3_256(), NULL); + OSSL_FUNCALL(EVP_DigestInit_ex(s, oqs_sha3_256(), NULL)); } static void SHA3_sha3_256_inc_absorb(OQS_SHA3_sha3_256_inc_ctx *state, const uint8_t *input, size_t inplen) { - EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen); + OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen)); } static void SHA3_sha3_256_inc_finalize(uint8_t *output, OQS_SHA3_sha3_256_inc_ctx *state) { - EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL); + OSSL_FUNCALL(EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL)); } static void SHA3_sha3_256_inc_ctx_release(OQS_SHA3_sha3_256_inc_ctx *state) { - EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx)); } static void SHA3_sha3_256_inc_ctx_clone(OQS_SHA3_sha3_256_inc_ctx *dest, const OQS_SHA3_sha3_256_inc_ctx *src) { - EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx)); } static void SHA3_sha3_256_inc_ctx_reset(OQS_SHA3_sha3_256_inc_ctx *state) { EVP_MD_CTX *s = state->ctx; - EVP_MD_CTX_reset(s); - EVP_DigestInit_ex(s, oqs_sha3_256(), NULL); + OSSL_FUNCALL(EVP_MD_CTX_reset(s)); + OSSL_FUNCALL(EVP_DigestInit_ex(s, oqs_sha3_256(), NULL)); } /* SHA3-384 */ @@ -77,30 +76,30 @@ static void SHA3_sha3_384(uint8_t *output, const uint8_t *input, size_t inplen) /* SHA3-384 incremental */ static void SHA3_sha3_384_inc_init(OQS_SHA3_sha3_384_inc_ctx *state) { - state->ctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex((EVP_MD_CTX *)state->ctx, oqs_sha3_384(), NULL); + state->ctx = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex((EVP_MD_CTX *)state->ctx, oqs_sha3_384(), NULL)); } static void SHA3_sha3_384_inc_absorb(OQS_SHA3_sha3_384_inc_ctx *state, const uint8_t *input, size_t inplen) { - EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen); + OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen)); } static void SHA3_sha3_384_inc_finalize(uint8_t *output, OQS_SHA3_sha3_384_inc_ctx *state) { - EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL); + OSSL_FUNCALL(EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL)); } static void SHA3_sha3_384_inc_ctx_release(OQS_SHA3_sha3_384_inc_ctx *state) { - EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx)); } static void SHA3_sha3_384_inc_ctx_clone(OQS_SHA3_sha3_384_inc_ctx *dest, const OQS_SHA3_sha3_384_inc_ctx *src) { - EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx)); } static void SHA3_sha3_384_inc_ctx_reset(OQS_SHA3_sha3_384_inc_ctx *state) { EVP_MD_CTX *s = state->ctx; - EVP_MD_CTX_reset(s); - EVP_DigestInit_ex(s, oqs_sha3_384(), NULL); + OSSL_FUNCALL(EVP_MD_CTX_reset(s)); + OSSL_FUNCALL(EVP_DigestInit_ex(s, oqs_sha3_384(), NULL)); } /* SHA3-512 */ @@ -112,30 +111,30 @@ static void SHA3_sha3_512(uint8_t *output, const uint8_t *input, size_t inplen) /* SHA3-512 incremental */ static void SHA3_sha3_512_inc_init(OQS_SHA3_sha3_512_inc_ctx *state) { - state->ctx = EVP_MD_CTX_new(); - EVP_DigestInit_ex((EVP_MD_CTX *)state->ctx, oqs_sha3_512(), NULL); + state->ctx = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex((EVP_MD_CTX *)state->ctx, oqs_sha3_512(), NULL)); } static void SHA3_sha3_512_inc_absorb(OQS_SHA3_sha3_512_inc_ctx *state, const uint8_t *input, size_t inplen) { - EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen); + OSSL_FUNCALL(EVP_DigestUpdate((EVP_MD_CTX *)state->ctx, input, inplen)); } static void SHA3_sha3_512_inc_finalize(uint8_t *output, OQS_SHA3_sha3_512_inc_ctx *state) { - EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL); + OSSL_FUNCALL(EVP_DigestFinal_ex((EVP_MD_CTX *)state->ctx, output, NULL)); } static void SHA3_sha3_512_inc_ctx_release(OQS_SHA3_sha3_512_inc_ctx *state) { - EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx); + OSSL_FUNCALL(EVP_MD_CTX_free((EVP_MD_CTX *)state->ctx)); } static void SHA3_sha3_512_inc_ctx_clone(OQS_SHA3_sha3_512_inc_ctx *dest, const OQS_SHA3_sha3_512_inc_ctx *src) { - EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex((EVP_MD_CTX *)dest->ctx, (EVP_MD_CTX *)src->ctx)); } static void SHA3_sha3_512_inc_ctx_reset(OQS_SHA3_sha3_512_inc_ctx *state) { EVP_MD_CTX *s = state->ctx; - EVP_MD_CTX_reset(s); - EVP_DigestInit_ex(s, oqs_sha3_512(), NULL); + OSSL_FUNCALL(EVP_MD_CTX_reset(s)); + OSSL_FUNCALL(EVP_DigestInit_ex(s, oqs_sha3_512(), NULL)); } /* SHAKE-128 */ @@ -170,14 +169,14 @@ static void SHA3_shake128_inc_init(OQS_SHA3_shake128_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake128_inc_ctx)); intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; - s->mdctx = EVP_MD_CTX_new(); + s->mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); s->n_out = 0; - EVP_DigestInit_ex(s->mdctx, oqs_shake128(), NULL); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx, oqs_shake128(), NULL)); } static void SHA3_shake128_inc_absorb(OQS_SHA3_shake128_inc_ctx *state, const uint8_t *input, size_t inplen) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; - EVP_DigestUpdate(s->mdctx, input, inplen); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx, input, inplen)); } static void SHA3_shake128_inc_finalize(OQS_SHA3_shake128_inc_ctx *state) { @@ -188,42 +187,42 @@ static void SHA3_shake128_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_s intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; EVP_MD_CTX *clone; - clone = EVP_MD_CTX_new(); - EVP_DigestInit_ex(clone, oqs_shake128(), NULL); - EVP_MD_CTX_copy_ex(clone, s->mdctx); + clone = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(clone, oqs_shake128(), NULL)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx)); if (s->n_out == 0) { - EVP_DigestFinalXOF(clone, output, outlen); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, output, outlen)); } else { uint8_t *tmp; tmp = malloc(s->n_out + outlen); if (tmp == NULL) { exit(111); } - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(output, tmp + s->n_out, outlen); free(tmp); // IGNORE free-check } - EVP_MD_CTX_free(clone); + OSSL_FUNCALL(EVP_MD_CTX_free(clone)); s->n_out += outlen; } static void SHA3_shake128_inc_ctx_release(OQS_SHA3_shake128_inc_ctx *state) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; - EVP_MD_CTX_free(s->mdctx); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx)); free(s); // IGNORE free-check } static void SHA3_shake128_inc_ctx_clone(OQS_SHA3_shake128_inc_ctx *dest, const OQS_SHA3_shake128_inc_ctx *src) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)src->ctx; intrn_shake128_inc_ctx *d = (intrn_shake128_inc_ctx *)dest->ctx; - EVP_MD_CTX_copy_ex(d->mdctx, s->mdctx); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx, s->mdctx)); d->n_out = s->n_out; } static void SHA3_shake128_inc_ctx_reset(OQS_SHA3_shake128_inc_ctx *state) { intrn_shake128_inc_ctx *s = (intrn_shake128_inc_ctx *)state->ctx; - EVP_MD_CTX_reset(s->mdctx); - EVP_DigestInit_ex(s->mdctx, oqs_shake128(), NULL); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx, oqs_shake128(), NULL)); s->n_out = 0; } @@ -247,14 +246,14 @@ static void SHA3_shake256_inc_init(OQS_SHA3_shake256_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake256_inc_ctx)); intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; - s->mdctx = EVP_MD_CTX_new(); + s->mdctx = OSSL_FUNCALL(EVP_MD_CTX_new()); s->n_out = 0; - EVP_DigestInit_ex(s->mdctx, oqs_shake256(), NULL); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx, oqs_shake256(), NULL)); } static void SHA3_shake256_inc_absorb(OQS_SHA3_shake256_inc_ctx *state, const uint8_t *input, size_t inplen) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; - EVP_DigestUpdate(s->mdctx, input, inplen); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx, input, inplen)); } static void SHA3_shake256_inc_finalize(OQS_SHA3_shake256_inc_ctx *state) { @@ -265,42 +264,42 @@ static void SHA3_shake256_inc_squeeze(uint8_t *output, size_t outlen, OQS_SHA3_s intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; EVP_MD_CTX *clone; - clone = EVP_MD_CTX_new(); - EVP_DigestInit_ex(clone, oqs_shake256(), NULL); - EVP_MD_CTX_copy_ex(clone, s->mdctx); + clone = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(clone, oqs_shake256(), NULL)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx)); if (s->n_out == 0) { - EVP_DigestFinalXOF(clone, output, outlen); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, output, outlen)); } else { uint8_t *tmp; tmp = malloc(s->n_out + outlen); if (tmp == NULL) { exit(111); } - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(output, tmp + s->n_out, outlen); free(tmp); // IGNORE free-check } - EVP_MD_CTX_free(clone); + OSSL_FUNCALL(EVP_MD_CTX_free(clone)); s->n_out += outlen; } static void SHA3_shake256_inc_ctx_release(OQS_SHA3_shake256_inc_ctx *state) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; - EVP_MD_CTX_free(s->mdctx); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx)); free(s); // IGNORE free-check } static void SHA3_shake256_inc_ctx_clone(OQS_SHA3_shake256_inc_ctx *dest, const OQS_SHA3_shake256_inc_ctx *src) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)src->ctx; intrn_shake256_inc_ctx *d = (intrn_shake256_inc_ctx *)dest->ctx; - EVP_MD_CTX_copy_ex(d->mdctx, s->mdctx); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx, s->mdctx)); d->n_out = s->n_out; } static void SHA3_shake256_inc_ctx_reset(OQS_SHA3_shake256_inc_ctx *state) { intrn_shake256_inc_ctx *s = (intrn_shake256_inc_ctx *)state->ctx; - EVP_MD_CTX_reset(s->mdctx); - EVP_DigestInit_ex(s->mdctx, oqs_shake256(), NULL); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx, oqs_shake256(), NULL)); s->n_out = 0; } diff --git a/src/common/sha3/ossl_sha3x4.c b/src/common/sha3/ossl_sha3x4.c index 6674397a04..880edfbeb2 100644 --- a/src/common/sha3/ossl_sha3x4.c +++ b/src/common/sha3/ossl_sha3x4.c @@ -36,23 +36,23 @@ static void SHA3_shake128_x4_inc_init(OQS_SHA3_shake128_x4_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake128_x4_inc_ctx)); intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; - s->mdctx0 = EVP_MD_CTX_new(); - s->mdctx1 = EVP_MD_CTX_new(); - s->mdctx2 = EVP_MD_CTX_new(); - s->mdctx3 = EVP_MD_CTX_new(); - EVP_DigestInit_ex(s->mdctx0, oqs_shake128(), NULL); - EVP_DigestInit_ex(s->mdctx1, oqs_shake128(), NULL); - EVP_DigestInit_ex(s->mdctx2, oqs_shake128(), NULL); - EVP_DigestInit_ex(s->mdctx3, oqs_shake128(), NULL); + s->mdctx0 = OSSL_FUNCALL(EVP_MD_CTX_new()); + s->mdctx1 = OSSL_FUNCALL(EVP_MD_CTX_new()); + s->mdctx2 = OSSL_FUNCALL(EVP_MD_CTX_new()); + s->mdctx3 = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx0, oqs_shake128(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx1, oqs_shake128(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx2, oqs_shake128(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx3, oqs_shake128(), NULL)); s->n_out = 0; } static void SHA3_shake128_x4_inc_absorb(OQS_SHA3_shake128_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; - EVP_DigestUpdate(s->mdctx0, in0, inplen); - EVP_DigestUpdate(s->mdctx1, in1, inplen); - EVP_DigestUpdate(s->mdctx2, in2, inplen); - EVP_DigestUpdate(s->mdctx3, in3, inplen); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx0, in0, inplen)); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx1, in1, inplen)); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx2, in2, inplen)); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx3, in3, inplen)); } static void SHA3_shake128_x4_inc_finalize(OQS_SHA3_shake128_x4_inc_ctx *state) { @@ -63,70 +63,70 @@ static void SHA3_shake128_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t * intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; EVP_MD_CTX *clone; - clone = EVP_MD_CTX_new(); - EVP_DigestInit_ex(clone, oqs_shake128(), NULL); + clone = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(clone, oqs_shake128(), NULL)); if (s->n_out == 0) { - EVP_MD_CTX_copy_ex(clone, s->mdctx0); - EVP_DigestFinalXOF(clone, out0, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx1); - EVP_DigestFinalXOF(clone, out1, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx2); - EVP_DigestFinalXOF(clone, out2, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx3); - EVP_DigestFinalXOF(clone, out3, outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx0)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out0, outlen)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx1)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out1, outlen)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx2)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out2, outlen)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx3)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out3, outlen)); } else { uint8_t *tmp; tmp = malloc(s->n_out + outlen); if (tmp == NULL) { exit(111); } - EVP_MD_CTX_copy_ex(clone, s->mdctx0); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx0)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out0, tmp + s->n_out, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx1); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx1)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out1, tmp + s->n_out, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx2); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx2)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out2, tmp + s->n_out, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx3); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx3)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out3, tmp + s->n_out, outlen); free(tmp); // IGNORE free-check } - EVP_MD_CTX_free(clone); + OSSL_FUNCALL(EVP_MD_CTX_free(clone)); s->n_out += outlen; } static void SHA3_shake128_x4_inc_ctx_clone(OQS_SHA3_shake128_x4_inc_ctx *dest, const OQS_SHA3_shake128_x4_inc_ctx *src) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)src->ctx; intrn_shake128_x4_inc_ctx *d = (intrn_shake128_x4_inc_ctx *)dest->ctx; - EVP_MD_CTX_copy_ex(d->mdctx0, s->mdctx0); - EVP_MD_CTX_copy_ex(d->mdctx1, s->mdctx1); - EVP_MD_CTX_copy_ex(d->mdctx2, s->mdctx2); - EVP_MD_CTX_copy_ex(d->mdctx3, s->mdctx3); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx0, s->mdctx0)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx1, s->mdctx1)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx2, s->mdctx2)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx3, s->mdctx3)); d->n_out = s->n_out; } static void SHA3_shake128_x4_inc_ctx_release(OQS_SHA3_shake128_x4_inc_ctx *state) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; - EVP_MD_CTX_free(s->mdctx0); - EVP_MD_CTX_free(s->mdctx1); - EVP_MD_CTX_free(s->mdctx2); - EVP_MD_CTX_free(s->mdctx3); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx0)); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx1)); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx2)); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx3)); free(s); // IGNORE free-check } static void SHA3_shake128_x4_inc_ctx_reset(OQS_SHA3_shake128_x4_inc_ctx *state) { intrn_shake128_x4_inc_ctx *s = (intrn_shake128_x4_inc_ctx *)state->ctx; - EVP_MD_CTX_reset(s->mdctx0); - EVP_MD_CTX_reset(s->mdctx1); - EVP_MD_CTX_reset(s->mdctx2); - EVP_MD_CTX_reset(s->mdctx3); - EVP_DigestInit_ex(s->mdctx0, oqs_shake128(), NULL); - EVP_DigestInit_ex(s->mdctx1, oqs_shake128(), NULL); - EVP_DigestInit_ex(s->mdctx2, oqs_shake128(), NULL); - EVP_DigestInit_ex(s->mdctx3, oqs_shake128(), NULL); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx0)); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx1)); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx2)); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx3)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx0, oqs_shake128(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx1, oqs_shake128(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx2, oqs_shake128(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx3, oqs_shake128(), NULL)); s->n_out = 0; } @@ -154,23 +154,23 @@ static void SHA3_shake256_x4_inc_init(OQS_SHA3_shake256_x4_inc_ctx *state) { state->ctx = malloc(sizeof(intrn_shake256_x4_inc_ctx)); intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; - s->mdctx0 = EVP_MD_CTX_new(); - s->mdctx1 = EVP_MD_CTX_new(); - s->mdctx2 = EVP_MD_CTX_new(); - s->mdctx3 = EVP_MD_CTX_new(); - EVP_DigestInit_ex(s->mdctx0, oqs_shake256(), NULL); - EVP_DigestInit_ex(s->mdctx1, oqs_shake256(), NULL); - EVP_DigestInit_ex(s->mdctx2, oqs_shake256(), NULL); - EVP_DigestInit_ex(s->mdctx3, oqs_shake256(), NULL); + s->mdctx0 = OSSL_FUNCALL(EVP_MD_CTX_new()); + s->mdctx1 = OSSL_FUNCALL(EVP_MD_CTX_new()); + s->mdctx2 = OSSL_FUNCALL(EVP_MD_CTX_new()); + s->mdctx3 = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx0, oqs_shake256(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx1, oqs_shake256(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx2, oqs_shake256(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx3, oqs_shake256(), NULL)); s->n_out = 0; } static void SHA3_shake256_x4_inc_absorb(OQS_SHA3_shake256_x4_inc_ctx *state, const uint8_t *in0, const uint8_t *in1, const uint8_t *in2, const uint8_t *in3, size_t inplen) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; - EVP_DigestUpdate(s->mdctx0, in0, inplen); - EVP_DigestUpdate(s->mdctx1, in1, inplen); - EVP_DigestUpdate(s->mdctx2, in2, inplen); - EVP_DigestUpdate(s->mdctx3, in3, inplen); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx0, in0, inplen)); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx1, in1, inplen)); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx2, in2, inplen)); + OSSL_FUNCALL(EVP_DigestUpdate(s->mdctx3, in3, inplen)); } static void SHA3_shake256_x4_inc_finalize(OQS_SHA3_shake256_x4_inc_ctx *state) { @@ -181,70 +181,70 @@ static void SHA3_shake256_x4_inc_squeeze(uint8_t *out0, uint8_t *out1, uint8_t * intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; EVP_MD_CTX *clone; - clone = EVP_MD_CTX_new(); - EVP_DigestInit_ex(clone, oqs_shake256(), NULL); + clone = OSSL_FUNCALL(EVP_MD_CTX_new()); + OSSL_FUNCALL(EVP_DigestInit_ex(clone, oqs_shake256(), NULL)); if (s->n_out == 0) { - EVP_MD_CTX_copy_ex(clone, s->mdctx0); - EVP_DigestFinalXOF(clone, out0, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx1); - EVP_DigestFinalXOF(clone, out1, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx2); - EVP_DigestFinalXOF(clone, out2, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx3); - EVP_DigestFinalXOF(clone, out3, outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx0)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out0, outlen)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx1)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out1, outlen)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx2)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out2, outlen)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx3)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, out3, outlen)); } else { uint8_t *tmp; tmp = malloc(s->n_out + outlen); if (tmp == NULL) { exit(111); } - EVP_MD_CTX_copy_ex(clone, s->mdctx0); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx0)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out0, tmp + s->n_out, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx1); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx1)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out1, tmp + s->n_out, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx2); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx2)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out2, tmp + s->n_out, outlen); - EVP_MD_CTX_copy_ex(clone, s->mdctx3); - EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(clone, s->mdctx3)); + OSSL_FUNCALL(EVP_DigestFinalXOF(clone, tmp, s->n_out + outlen)); memcpy(out3, tmp + s->n_out, outlen); free(tmp); // IGNORE free-check } - EVP_MD_CTX_free(clone); + OSSL_FUNCALL(EVP_MD_CTX_free(clone)); s->n_out += outlen; } static void SHA3_shake256_x4_inc_ctx_clone(OQS_SHA3_shake256_x4_inc_ctx *dest, const OQS_SHA3_shake256_x4_inc_ctx *src) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)src->ctx; intrn_shake256_x4_inc_ctx *d = (intrn_shake256_x4_inc_ctx *)dest->ctx; - EVP_MD_CTX_copy_ex(d->mdctx0, s->mdctx0); - EVP_MD_CTX_copy_ex(d->mdctx1, s->mdctx1); - EVP_MD_CTX_copy_ex(d->mdctx2, s->mdctx2); - EVP_MD_CTX_copy_ex(d->mdctx3, s->mdctx3); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx0, s->mdctx0)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx1, s->mdctx1)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx2, s->mdctx2)); + OSSL_FUNCALL(EVP_MD_CTX_copy_ex(d->mdctx3, s->mdctx3)); d->n_out = s->n_out; } static void SHA3_shake256_x4_inc_ctx_release(OQS_SHA3_shake256_x4_inc_ctx *state) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; - EVP_MD_CTX_free(s->mdctx0); - EVP_MD_CTX_free(s->mdctx1); - EVP_MD_CTX_free(s->mdctx2); - EVP_MD_CTX_free(s->mdctx3); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx0)); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx1)); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx2)); + OSSL_FUNCALL(EVP_MD_CTX_free(s->mdctx3)); free(s); // IGNORE free-check } static void SHA3_shake256_x4_inc_ctx_reset(OQS_SHA3_shake256_x4_inc_ctx *state) { intrn_shake256_x4_inc_ctx *s = (intrn_shake256_x4_inc_ctx *)state->ctx; - EVP_MD_CTX_reset(s->mdctx0); - EVP_MD_CTX_reset(s->mdctx1); - EVP_MD_CTX_reset(s->mdctx2); - EVP_MD_CTX_reset(s->mdctx3); - EVP_DigestInit_ex(s->mdctx0, oqs_shake256(), NULL); - EVP_DigestInit_ex(s->mdctx1, oqs_shake256(), NULL); - EVP_DigestInit_ex(s->mdctx2, oqs_shake256(), NULL); - EVP_DigestInit_ex(s->mdctx3, oqs_shake256(), NULL); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx0)); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx1)); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx2)); + OSSL_FUNCALL(EVP_MD_CTX_reset(s->mdctx3)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx0, oqs_shake256(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx1, oqs_shake256(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx2, oqs_shake256(), NULL)); + OSSL_FUNCALL(EVP_DigestInit_ex(s->mdctx3, oqs_shake256(), NULL)); s->n_out = 0; } diff --git a/src/oqsconfig.h.cmake b/src/oqsconfig.h.cmake index 4abe5c2aed..2109948638 100644 --- a/src/oqsconfig.h.cmake +++ b/src/oqsconfig.h.cmake @@ -22,6 +22,8 @@ #cmakedefine OQS_USE_AES_OPENSSL 1 #cmakedefine OQS_USE_SHA2_OPENSSL 1 #cmakedefine OQS_USE_SHA3_OPENSSL 1 +#cmakedefine OQS_DLOPEN_OPENSSL 1 +#cmakedefine OQS_OPENSSL_CRYPTO_SONAME "@OQS_OPENSSL_CRYPTO_SONAME@" #cmakedefine OQS_EMBEDDED_BUILD 1