From b4d6f713d6c5b55a2887d79435490a503da39ae5 Mon Sep 17 00:00:00 2001 From: Rich Salz Date: Fri, 7 Apr 2017 12:39:02 -0400 Subject: [PATCH] Make default_method mostly compile-time Document thread-safety issues Cherry-pick from 076fc55527a1499391fa6de109c8387895199ee9 but keeps the RSA_null method. Reviewed-by: Geoff Thorpe (Merged from https://github.com/openssl/openssl/pull/3146) --- apps/speed.c | 6 +----- crypto/dh/dh_key.c | 12 ++++++++++++ crypto/dh/dh_lib.c | 14 -------------- crypto/dsa/dsa_lib.c | 14 -------------- crypto/dsa/dsa_ossl.c | 12 ++++++++++++ crypto/rsa/rsa_lib.c | 24 +----------------------- crypto/rsa/rsa_ossl.c | 18 +++++++++++++----- crypto/ui/ui_lib.c | 15 --------------- crypto/ui/ui_openssl.c | 12 ++++++++++++ doc/crypto/DH_set_method.pod | 5 ++++- doc/crypto/DSA_set_method.pod | 5 ++++- doc/crypto/RSA_set_method.pod | 14 ++++++++++---- 12 files changed, 69 insertions(+), 82 deletions(-) diff --git a/apps/speed.c b/apps/speed.c index ad2daab1c1..a73696946f 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -1465,12 +1465,8 @@ int speed_main(int argc, char **argv) continue; } #ifndef OPENSSL_NO_RSA -# ifndef RSA_NULL - if (strcmp(*argv, "openssl") == 0) { - RSA_set_default_method(RSA_PKCS1_OpenSSL()); + if (strcmp(*argv, "openssl") == 0) continue; - } -# endif if (strcmp(*argv, "rsa") == 0) { rsa_doit[R_RSA_512] = rsa_doit[R_RSA_1024] = rsa_doit[R_RSA_2048] = rsa_doit[R_RSA_3072] = diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index 204e5a7a42..fce9ff47f3 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -56,11 +56,23 @@ static DH_METHOD dh_ossl = { NULL }; +static const DH_METHOD *default_DH_method = &dh_ossl; + const DH_METHOD *DH_OpenSSL(void) { return &dh_ossl; } +void DH_set_default_method(const DH_METHOD *meth) +{ + default_DH_method = meth; +} + +const DH_METHOD *DH_get_default_method(void) +{ + return default_DH_method; +} + static int generate_key(DH *dh) { int ok = 0; diff --git a/crypto/dh/dh_lib.c b/crypto/dh/dh_lib.c index adf1771514..344eab275d 100644 --- a/crypto/dh/dh_lib.c +++ b/crypto/dh/dh_lib.c @@ -13,20 +13,6 @@ #include "dh_locl.h" #include -static const DH_METHOD *default_DH_method = NULL; - -void DH_set_default_method(const DH_METHOD *meth) -{ - default_DH_method = meth; -} - -const DH_METHOD *DH_get_default_method(void) -{ - if (!default_DH_method) - default_DH_method = DH_OpenSSL(); - return default_DH_method; -} - int DH_set_method(DH *dh, const DH_METHOD *meth) { /* diff --git a/crypto/dsa/dsa_lib.c b/crypto/dsa/dsa_lib.c index 42324c70fb..9598846e3b 100644 --- a/crypto/dsa/dsa_lib.c +++ b/crypto/dsa/dsa_lib.c @@ -17,20 +17,6 @@ #include #include -static const DSA_METHOD *default_DSA_method = NULL; - -void DSA_set_default_method(const DSA_METHOD *meth) -{ - default_DSA_method = meth; -} - -const DSA_METHOD *DSA_get_default_method(void) -{ - if (!default_DSA_method) - default_DSA_method = DSA_OpenSSL(); - return default_DSA_method; -} - DSA *DSA_new(void) { return DSA_new_method(NULL); diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index f9f6a136fb..479337763b 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -41,6 +41,18 @@ static DSA_METHOD openssl_dsa_meth = { NULL }; +static const DSA_METHOD *default_DSA_method = &openssl_dsa_meth; + +void DSA_set_default_method(const DSA_METHOD *meth) +{ + default_DSA_method = meth; +} + +const DSA_METHOD *DSA_get_default_method(void) +{ + return default_DSA_method; +} + const DSA_METHOD *DSA_OpenSSL(void) { return &openssl_dsa_meth; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 48e9100a97..e1377a0690 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -15,31 +15,9 @@ #include #include "rsa_locl.h" -static const RSA_METHOD *default_RSA_meth = NULL; - RSA *RSA_new(void) { - RSA *r = RSA_new_method(NULL); - - return r; -} - -void RSA_set_default_method(const RSA_METHOD *meth) -{ - default_RSA_meth = meth; -} - -const RSA_METHOD *RSA_get_default_method(void) -{ - if (default_RSA_meth == NULL) { -#ifdef RSA_NULL - default_RSA_meth = RSA_null_method(); -#else - default_RSA_meth = RSA_PKCS1_OpenSSL(); -#endif - } - - return default_RSA_meth; + return RSA_new_method(NULL); } const RSA_METHOD *RSA_get_method(const RSA *rsa) diff --git a/crypto/rsa/rsa_ossl.c b/crypto/rsa/rsa_ossl.c index 782606645b..793e2f9c87 100644 --- a/crypto/rsa/rsa_ossl.c +++ b/crypto/rsa/rsa_ossl.c @@ -11,8 +11,6 @@ #include "internal/bn_int.h" #include "rsa_locl.h" -#ifndef RSA_NULL - static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding); static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, @@ -26,7 +24,7 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, static int rsa_ossl_init(RSA *rsa); static int rsa_ossl_finish(RSA *rsa); static RSA_METHOD rsa_pkcs1_ossl_meth = { - "OpenSSL PKCS#1 RSA (from Eric Young)", + "OpenSSL PKCS#1 RSA", rsa_ossl_public_encrypt, rsa_ossl_public_decrypt, /* signature verification */ rsa_ossl_private_encrypt, /* signing */ @@ -43,6 +41,18 @@ static RSA_METHOD rsa_pkcs1_ossl_meth = { NULL /* rsa_keygen */ }; +static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth; + +void RSA_set_default_method(const RSA_METHOD *meth) +{ + default_RSA_meth = meth; +} + +const RSA_METHOD *RSA_get_default_method(void) +{ + return default_RSA_meth; +} + const RSA_METHOD *RSA_PKCS1_OpenSSL(void) { return &rsa_pkcs1_ossl_meth; @@ -786,5 +796,3 @@ static int rsa_ossl_finish(RSA *rsa) BN_MONT_CTX_free(rsa->_method_mod_q); return (1); } - -#endif diff --git a/crypto/ui/ui_lib.c b/crypto/ui/ui_lib.c index c06baa0551..24d30e1592 100644 --- a/crypto/ui/ui_lib.c +++ b/crypto/ui/ui_lib.c @@ -15,8 +15,6 @@ #include #include "ui_locl.h" -static const UI_METHOD *default_UI_meth = NULL; - UI *UI_new(void) { return (UI_new_method(NULL)); @@ -531,19 +529,6 @@ void *UI_get_ex_data(UI *r, int idx) return (CRYPTO_get_ex_data(&r->ex_data, idx)); } -void UI_set_default_method(const UI_METHOD *meth) -{ - default_UI_meth = meth; -} - -const UI_METHOD *UI_get_default_method(void) -{ - if (default_UI_meth == NULL) { - default_UI_meth = UI_OpenSSL(); - } - return default_UI_meth; -} - const UI_METHOD *UI_get_method(UI *ui) { return ui->meth; diff --git a/crypto/ui/ui_openssl.c b/crypto/ui/ui_openssl.c index ed0bfa0b35..8fa8deca66 100644 --- a/crypto/ui/ui_openssl.c +++ b/crypto/ui/ui_openssl.c @@ -202,6 +202,18 @@ static UI_METHOD ui_openssl = { NULL }; +static const UI_METHOD *default_UI_meth = &ui_openssl; + +void UI_set_default_method(const UI_METHOD *meth) +{ + default_UI_meth = meth; +} + +const UI_METHOD *UI_get_default_method(void) +{ + return default_UI_meth; +} + /* The method with all the built-in thingies */ UI_METHOD *UI_OpenSSL(void) { diff --git a/doc/crypto/DH_set_method.pod b/doc/crypto/DH_set_method.pod index cd75a9b549..2100608674 100644 --- a/doc/crypto/DH_set_method.pod +++ b/doc/crypto/DH_set_method.pod @@ -31,8 +31,11 @@ Initially, the default DH_METHOD is the OpenSSL internal implementation, as returned by DH_OpenSSL(). DH_set_default_method() makes B the default method for all DH -structures created later. B: This is true only whilst no ENGINE has been set +structures created later. +B: This is true only whilst no ENGINE has been set as a default for DH, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. DH_get_default_method() returns a pointer to the current default DH_METHOD. However, the meaningfulness of this result is dependent on whether the ENGINE diff --git a/doc/crypto/DSA_set_method.pod b/doc/crypto/DSA_set_method.pod index a64725f7e4..d870f56f26 100644 --- a/doc/crypto/DSA_set_method.pod +++ b/doc/crypto/DSA_set_method.pod @@ -31,8 +31,11 @@ Initially, the default DSA_METHOD is the OpenSSL internal implementation, as returned by DSA_OpenSSL(). DSA_set_default_method() makes B the default method for all DSA -structures created later. B: This is true only whilst no ENGINE has +structures created later. +B: This is true only whilst no ENGINE has been set as a default for DSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. DSA_get_default_method() returns a pointer to the current default DSA_METHOD. However, the meaningfulness of this result is dependent on diff --git a/doc/crypto/RSA_set_method.pod b/doc/crypto/RSA_set_method.pod index 7e7d27cf93..668ad7a16b 100644 --- a/doc/crypto/RSA_set_method.pod +++ b/doc/crypto/RSA_set_method.pod @@ -3,7 +3,7 @@ =head1 NAME RSA_set_default_method, RSA_get_default_method, RSA_set_method, -RSA_get_method, RSA_PKCS1_OpenSSL, RSA_null_method, RSA_flags, +RSA_get_method, RSA_PKCS1_OpenSSL, RSA_flags, RSA_new_method - select RSA method =head1 SYNOPSIS @@ -20,8 +20,6 @@ RSA_new_method - select RSA method RSA_METHOD *RSA_PKCS1_OpenSSL(void); - RSA_METHOD *RSA_null_method(void); - int RSA_flags(const RSA *rsa); RSA *RSA_new_method(ENGINE *engine); @@ -38,8 +36,11 @@ Initially, the default RSA_METHOD is the OpenSSL internal implementation, as returned by RSA_PKCS1_OpenSSL(). RSA_set_default_method() makes B the default method for all RSA -structures created later. B: This is true only whilst no ENGINE has +structures created later. +B: This is true only whilst no ENGINE has been set as a default for RSA, so this function is no longer recommended. +This function is not thread-safe and should not be called at the same time +as other OpenSSL functions. RSA_get_default_method() returns a pointer to the current default RSA_METHOD. However, the meaningfulness of this result is dependent on @@ -168,6 +169,11 @@ not currently exist). L +=head1 HISTORY + +The RSA_null_method(), which was a partial attempt to avoid patent issues, +was replaced to always return NULL in OpenSSL 1.1.0f. + =head1 COPYRIGHT Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. -- 2.25.1