Skip to content

Commit

Permalink
corner case object creation added (#243)
Browse files Browse the repository at this point in the history
* corner case object creation added

* enable 3.1.0 workaround

* enhanced bug report template [skip ci]
  • Loading branch information
baentsch authored Sep 4, 2023
1 parent 3750149 commit 4c5b78b
Show file tree
Hide file tree
Showing 2 changed files with 54 additions and 13 deletions.
10 changes: 10 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@ Please run the following commands to obtain the version information:
If `oqsprovider` is not listed as active, be sure to first follow all
[USAGE guidance](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md).

If reporting bugs triggered by OpenSSL API integrations, e.g. running
a provider build [statically](https://github.com/open-quantum-safe/oqs-provider/blob/main/CONFIGURE.md#oqs_provider_build_static)
or directly invoking any OpenSSL API, be sure to retrieve and report all errors
reported by using the OpenSSL [ERR_get_error_all](https://www.openssl.org/docs/man3.1/man3/ERR_get_error_all.html)
function.

Bug reports generated from [Debug builds](https://github.com/open-quantum-safe/oqs-provider/wiki/Debugging)
wth the debug environment variable "OQSPROV=1" set will be particularly helpful to find underlying
problems.

**Additional context**
Add any other context about the problem here.

Expand Down
57 changes: 44 additions & 13 deletions oqsprov/oqsprov.c
Original file line number Diff line number Diff line change
Expand Up @@ -691,21 +691,26 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
BIO_METHOD *corebiometh;
OSSL_LIB_CTX *libctx = NULL;
int i, rc = 0;
char *opensslv;
const char *ossl_versionp = NULL;
OSSL_PARAM version_request[] = {{"openssl-version", OSSL_PARAM_UTF8_PTR,
&opensslv, sizeof(&opensslv), 0},
{NULL, 0, NULL, 0, 0}};

OQS_init();

if (!oqs_prov_bio_from_dispatch(in))
return 0;
goto end_init;

if (!oqs_patch_codepoints())
return 0;
goto end_init;

if (!oqs_patch_oids())
return 0;
goto end_init;

#ifdef USE_ENCODING_LIB
if (!oqs_patch_encodings())
return 0;
goto end_init;
#endif

for (; in->function_id != 0; in++) {
Expand All @@ -729,8 +734,14 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
}

// we need these functions:
if (c_obj_create == NULL || c_obj_add_sigid == NULL)
return 0;
if (c_obj_create == NULL || c_obj_add_sigid == NULL || c_get_params == NULL)
goto end_init;

// we need to know the version of the calling core to activate
// suitable bug workarounds
if (c_get_params(handle, version_request)) {
ossl_versionp = *(void **)version_request[0].data;
}

// insert all OIDs to the global objects list
for (i = 0; i < OQS_OID_CNT; i += 2) {
Expand All @@ -739,21 +750,31 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
fprintf(stderr, "error registering NID for %s\n",
oqs_oid_alg_list[i + 1]);
return 0;
goto end_init;
}

/* create object (NID) again to avoid setup corner case problems
* see https://github.com/openssl/openssl/discussions/21903
* Not testing for errors is intentional.
* At least one core version hangs up; so don't do this there:
*/
if (strcmp("3.1.0", ossl_versionp)) {
OBJ_create(oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1],
oqs_oid_alg_list[i + 1]);
}

if (!oqs_set_nid((char *)oqs_oid_alg_list[i + 1],
OBJ_sn2nid(oqs_oid_alg_list[i + 1]))) {
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
return 0;
goto end_init;
}

if (!c_obj_add_sigid(handle, oqs_oid_alg_list[i + 1], "",
oqs_oid_alg_list[i + 1])) {
fprintf(stderr, "error registering %s with no hash\n",
oqs_oid_alg_list[i + 1]);
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
return 0;
goto end_init;
}

if (OBJ_sn2nid(oqs_oid_alg_list[i + 1]) != 0) {
Expand All @@ -764,7 +785,8 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
fprintf(stderr,
"OQS PROV: Impossible error: NID unregistered for %s.\n",
oqs_oid_alg_list[i + 1]);
return 0;
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
goto end_init;
}
}

Expand Down Expand Up @@ -792,9 +814,18 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,

end_init:
if (!rc) {
OSSL_LIB_CTX_free(libctx);
oqsprovider_teardown(*provctx);
*provctx = NULL;
if (ossl_versionp)
OQS_PROV_PRINTF2(
"oqsprovider init failed for OpenSSL core version %s\n",
ossl_versionp);
else
OQS_PROV_PRINTF("oqsprovider init failed for OpenSSL\n");
if (libctx)
OSSL_LIB_CTX_free(libctx);
if (provctx && *provctx) {
oqsprovider_teardown(*provctx);
*provctx = NULL;
}
}
return rc;
}

0 comments on commit 4c5b78b

Please sign in to comment.