DES, idea, seed, rc2, rc4, rc5, cast and blowfish have been moved out of the default provider.
Code shared between desx and tdes has been moved into a seperate file (cipher_tdes_common.c).
3 test recipes failed due to using app/openssl calls that used legacy ciphers.
These calls have been updated to supply both the default and legacy providers.
Fixed openssl app '-provider' memory leak
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11419)
OSSL_PARAM *app_params_new_from_opts(STACK_OF(OPENSSL_STRING) *opts,
const OSSL_PARAM *paramdefs);
void app_params_free(OSSL_PARAM *params);
+void app_providers_cleanup(void);
#endif
# define OPT_PROV_OPTIONS \
OPT_SECTION("Provider"), \
- { "provider", OPT_PROV_PROVIDER, 's', "Provder to load (can be specified multiple times)" }, \
- { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path" }
+ { "provider_path", OPT_PROV_PROVIDER_PATH, 's', "Provider load path (must be before 'provider' argument if required)" }, \
+ { "provider", OPT_PROV_PROVIDER, 's', "Provider to load (can be specified multiple times)" }
# define OPT_PROV_CASES \
OPT_PROV__FIRST: case OPT_PROV__LAST: break; \
#include "apps.h"
#include <openssl/err.h>
#include <openssl/provider.h>
+#include <openssl/safestack.h>
+
+DEFINE_STACK_OF(OSSL_PROVIDER)
/*
* See comments in opt_verify for explanation of this.
*/
enum prov_range { OPT_PROV_ENUM };
+static STACK_OF(OSSL_PROVIDER) *app_providers = NULL;
+
static int opt_provider_load(const char *provider)
{
OSSL_PROVIDER *prov;
opt_getprog(), provider);
return 0;
}
+ if (app_providers == NULL)
+ app_providers = sk_OSSL_PROVIDER_new_null();
+ if (app_providers == NULL
+ || !sk_OSSL_PROVIDER_push(app_providers, prov)) {
+ app_providers_cleanup();
+ return 0;
+ }
return 1;
}
+static void provider_free(OSSL_PROVIDER *prov)
+{
+ OSSL_PROVIDER_unload(prov);
+}
+
+void app_providers_cleanup(void)
+{
+ sk_OSSL_PROVIDER_pop_free(app_providers, provider_free);
+ app_providers = NULL;
+}
+
static int opt_provider_path(const char *path)
{
if (path != NULL && *path == '\0')
}
ret = 1;
end:
+ app_providers_cleanup();
OPENSSL_free(default_config_file);
lh_FUNCTION_free(prog);
OPENSSL_free(arg.argv);
ENDIF
ENDIF
-SOURCE[../../libcrypto]=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c $BFASM
+$ALL=bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c $BFASM
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# blowfish functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
GENERATE[bf-586.s]=asm/bf-586.pl
DEPEND[bf-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
ENDIF
ENDIF
-SOURCE[../../libcrypto]=c_skey.c c_ecb.c $CASTASM c_cfb64.c c_ofb64.c
+$ALL=c_skey.c c_ecb.c $CASTASM c_cfb64.c c_ofb64.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# cast functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
GENERATE[cast-586.s]=asm/cast-586.pl
DEPEND[cast-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
LIBS=../../libcrypto
$COMMON=set_key.c ecb3_enc.c $DESASM
-SOURCE[../../libcrypto]=$COMMON\
- ecb_enc.c cbc_enc.c \
- cfb64enc.c cfb64ede.c cfb_enc.c \
- ofb64ede.c ofb64enc.c ofb_enc.c \
- str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
- fcrypt.c xcbc_enc.c cbc_cksm.c
+$ALL=$COMMON\
+ ecb_enc.c cbc_enc.c \
+ cfb64enc.c cfb64ede.c cfb_enc.c \
+ ofb64ede.c ofb64enc.c ofb_enc.c \
+ str2key.c pcbc_enc.c qud_cksm.c rand_key.c \
+ fcrypt.c xcbc_enc.c cbc_cksm.c
+
+SOURCE[../../libcrypto]=$ALL
SOURCE[../../providers/libfips.a]=$COMMON
DEFINE[../../libcrypto]=$DESDEF
DEFINE[../../providers/libfips.a]=$DESDEF
+DEFINE[../../providers/liblegacy.a]=$DESDEF
# When all deprecated symbols are removed, libcrypto doesn't export the
# DES functions, so we must include them directly in liblegacy.a
IF[{- $disabled{'deprecated-3.0'} && !$disabled{"mdc2"} -}]
- SOURCE[../../providers/liblegacy.a]=set_key.c $DESASM
+ SOURCE[../../providers/liblegacy.a]=$ALL
DEFINE[../../providers/liblegacy.a]=$DESDEF
ENDIF
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+$ALL=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# idea functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=\
- rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+
+$ALL=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# rc2 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
SOURCE[../../libcrypto]=$RC4ASM
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# rc4 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$RC4ASM
+ENDIF
+
GENERATE[rc4-586.s]=asm/rc4-586.pl
DEPEND[rc4-586.s]=../perlasm/x86asm.pl
ENDIF
ENDIF
-SOURCE[../../libcrypto]=\
- rc5_skey.c rc5_ecb.c $RC5ASM rc5cfb64.c rc5ofb64.c
+$ALL=rc5_skey.c rc5_ecb.c $RC5ASM rc5cfb64.c rc5ofb64.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# rc5 functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
GENERATE[rc5-586.s]=asm/rc5-586.pl
DEPEND[rc5-586.s]=../perlasm/x86asm.pl ../perlasm/cbc.pl
LIBS=../../libcrypto
-SOURCE[../../libcrypto]=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+$ALL=seed.c seed_ecb.c seed_cbc.c seed_cfb.c seed_ofb.c
+
+SOURCE[../../libcrypto]=$ALL
+
+# When all deprecated symbols are removed, libcrypto doesn't export the
+# seed functions, so we must include them directly in liblegacy.a
+IF[{- $disabled{'deprecated-3.0'} -}]
+ SOURCE[../../providers/liblegacy.a]=$ALL
+ENDIF
INCLUDE[$LIBCOMMON]=$COMMON_INCLUDES
INCLUDE[$LIBIMPLEMENTATIONS]=.. $COMMON_INCLUDES
-INCLUDE[$LIBLEGACY]=$COMMON_INCLUDES
+INCLUDE[$LIBLEGACY]=.. $COMMON_INCLUDES
INCLUDE[$LIBNONFIPS]=$COMMON_INCLUDES
INCLUDE[$LIBFIPS]=.. $COMMON_INCLUDES
DEFINE[$LIBFIPS]=FIPS_MODE
ALG("DES-EDE3-CFB", tdes_ede3_cfb_functions),
ALG("DES-EDE3-CFB8", tdes_ede3_cfb8_functions),
ALG("DES-EDE3-CFB1", tdes_ede3_cfb1_functions),
+ ALG("DES3-WRAP:id-smime-alg-CMS3DESwrap", tdes_wrap_cbc_functions),
ALG("DES-EDE-ECB:DES-EDE", tdes_ede2_ecb_functions),
ALG("DES-EDE-CBC", tdes_ede2_cbc_functions),
ALG("DES-EDE-OFB", tdes_ede2_ofb_functions),
ALG("DES-EDE-CFB", tdes_ede2_cfb_functions),
- ALG("DESX-CBC:DESX", tdes_desx_cbc_functions),
- ALG("DES3-WRAP:id-smime-alg-CMS3DESwrap", tdes_wrap_cbc_functions),
- ALG("DES-ECB", des_ecb_functions),
- ALG("DES-CBC:DES", des_cbc_functions),
- ALG("DES-OFB", des_ofb64_functions),
- ALG("DES-CFB", des_cfb64_functions),
- ALG("DES-CFB1", des_cfb1_functions),
- ALG("DES-CFB8", des_cfb8_functions),
#endif /* OPENSSL_NO_DES */
-#ifndef OPENSSL_NO_BF
- ALG("BF-ECB", blowfish128ecb_functions),
- ALG("BF-CBC:BF:BLOWFISH", blowfish128cbc_functions),
- ALG("BF-OFB", blowfish64ofb64_functions),
- ALG("BF-CFB", blowfish64cfb64_functions),
-#endif /* OPENSSL_NO_BF */
-#ifndef OPENSSL_NO_IDEA
- ALG("IDEA-ECB", idea128ecb_functions),
- ALG("IDEA-CBC:IDEA", idea128cbc_functions),
- ALG("IDEA-OFB:IDEA-OFB64", idea128ofb64_functions),
- ALG("IDEA-CFB:IDEA-CFB64", idea128cfb64_functions),
-#endif /* OPENSSL_NO_IDEA */
-#ifndef OPENSSL_NO_CAST
- ALG("CAST5-ECB", cast5128ecb_functions),
- ALG("CAST5-CBC:CAST-CBC:CAST", cast5128cbc_functions),
- ALG("CAST5-OFB", cast564ofb64_functions),
- ALG("CAST5-CFB", cast564cfb64_functions),
-#endif /* OPENSSL_NO_CAST */
-#ifndef OPENSSL_NO_SEED
- ALG("SEED-ECB", seed128ecb_functions),
- ALG("SEED-CBC:SEED", seed128cbc_functions),
- ALG("SEED-OFB:SEED-OFB128", seed128ofb128_functions),
- ALG("SEED-CFB:SEED-CFB128", seed128cfb128_functions),
-#endif /* OPENSSL_NO_SEED */
#ifndef OPENSSL_NO_SM4
ALG("SM4-ECB", sm4128ecb_functions),
ALG("SM4-CBC:SM4", sm4128cbc_functions),
ALG("SM4-OFB:SM4-OFB128", sm4128ofb128_functions),
ALG("SM4-CFB:SM4-CFB128", sm4128cfb128_functions),
#endif /* OPENSSL_NO_SM4 */
-#ifndef OPENSSL_NO_RC4
- ALG("RC4", rc4128_functions),
- ALG("RC4-40", rc440_functions),
-# ifndef OPENSSL_NO_MD5
- ALG("RC4-HMAC-MD5", rc4_hmac_md5_functions),
-# endif /* OPENSSL_NO_MD5 */
-#endif /* OPENSSL_NO_RC4 */
-#ifndef OPENSSL_NO_RC5
- ALG("RC5-ECB", rc5128ecb_functions),
- ALG("RC5-CBC", rc5128cbc_functions),
- ALG("RC5-OFB", rc5128ofb64_functions),
- ALG("RC5-CFB", rc5128cfb64_functions),
-#endif /* OPENSSL_NO_RC5 */
-#ifndef OPENSSL_NO_RC2
- ALG("RC2-ECB", rc2128ecb_functions),
- ALG("RC2-CBC", rc2128cbc_functions),
- ALG("RC2-40-CBC", rc240cbc_functions),
- ALG("RC2-64-CBC", rc264cbc_functions),
- ALG("RC2-CFB", rc2128cfb128_functions),
- ALG("RC2-OFB", rc2128ofb128_functions),
-#endif /* OPENSSL_NO_RC2 */
#ifndef OPENSSL_NO_CHACHA
ALG("ChaCha20", chacha20_functions),
# ifndef OPENSSL_NO_POLY1305
$AES_GOAL=../../libimplementations.a
$TDES_1_GOAL=../../libimplementations.a
$TDES_2_GOAL=../../libimplementations.a
-$DES_GOAL=../../libimplementations.a
$ARIA_GOAL=../../libimplementations.a
$CAMELLIA_GOAL=../../libimplementations.a
-$BLOWFISH_GOAL=../../libimplementations.a
-$IDEA_GOAL=../../libimplementations.a
-$CAST5_GOAL=../../libimplementations.a
-$SEED_GOAL=../../libimplementations.a
+$DES_GOAL=../../liblegacy.a
+$BLOWFISH_GOAL=../../liblegacy.a
+$IDEA_GOAL=../../liblegacy.a
+$CAST5_GOAL=../../liblegacy.a
+$RC2_GOAL=../../liblegacy.a
+$RC4_GOAL=../../liblegacy.a
+$RC5_GOAL=../../liblegacy.a
+$SEED_GOAL=../../liblegacy.a
$SM4_GOAL=../../libimplementations.a
-$RC4_GOAL=../../libimplementations.a
-$RC5_GOAL=../../libimplementations.a
-$RC2_GOAL=../../libimplementations.a
$CHACHA_GOAL=../../libimplementations.a
$CHACHAPOLY_GOAL=../../libimplementations.a
$SIV_GOAL=../../libimplementations.a
ciphercommon_ccm.c ciphercommon_ccm_hw.c
IF[{- !$disabled{des} -}]
- SOURCE[$TDES_1_GOAL]=cipher_tdes.c cipher_tdes_hw.c
+ SOURCE[$TDES_1_GOAL]=cipher_tdes.c cipher_tdes_common.c cipher_tdes_hw.c
ENDIF
SOURCE[$NULL_GOAL]=\
cipher_tdes_default.c cipher_tdes_default_hw.c \
cipher_tdes_wrap.c cipher_tdes_wrap_hw.c
SOURCE[$DES_GOAL]=\
- cipher_desx.c cipher_desx_hw.c \
+ cipher_desx.c cipher_desx_hw.c cipher_tdes_common.c\
cipher_des.c cipher_des_hw.c
ENDIF
/*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
#include "prov/implementations.h"
#include "prov/providercommonerr.h"
-void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
- size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw)
-{
- PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx));
-
- if (tctx != NULL)
- cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, hw,
- provctx);
- return tctx;
-}
-
-void tdes_freectx(void *vctx)
-{
- PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx;
-
- OPENSSL_clear_free(ctx, sizeof(*ctx));
-}
-
-static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
- const unsigned char *iv, size_t ivlen, int enc)
-{
- PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
-
- ctx->enc = enc;
-
- if (iv != NULL) {
- if (!cipher_generic_initiv(ctx, iv, ivlen))
- return 0;
- }
-
- if (key != NULL) {
- if (keylen != ctx->keylen) {
- ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
- return 0;
- }
- return ctx->hw->init(ctx, key, ctx->keylen);
- }
- return 1;
-}
-
-int tdes_einit(void *vctx, const unsigned char *key, size_t keylen,
- const unsigned char *iv, size_t ivlen)
-{
- return tdes_init(vctx, key, keylen, iv, ivlen, 1);
-}
-
-int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
- const unsigned char *iv, size_t ivlen)
-{
- return tdes_init(vctx, key, keylen, iv, ivlen, 0);
-}
-
-static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
-{
-
- DES_cblock *deskey = ptr;
- size_t kl = ctx->keylen;
-
- if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
- return 0;
- DES_set_odd_parity(deskey);
- if (kl >= 16)
- DES_set_odd_parity(deskey + 1);
- if (kl >= 24) {
- DES_set_odd_parity(deskey + 2);
- return 1;
- }
- return 0;
-}
-
-CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
- OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
-CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
-
-int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
-{
- PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
- OSSL_PARAM *p;
-
- if (!cipher_generic_get_ctx_params(vctx, params))
- return 0;
-
- p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RANDOM_KEY);
- if (p != NULL && !tdes_generatekey(ctx, p->data)) {
- ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
- return 0;
- }
- return 1;
-}
-
/*
* TODO(3.0) - ECB mode does not use an IV - but existing test code is setting
* an IV. Fixing this could potentially make applications break.
*/
-
/* tdes_ede3_ecb_functions */
IMPLEMENT_tdes_cipher(ede3, EDE3, ecb, ECB, TDES_FLAGS, 64*3, 64, 64, block);
/* tdes_ede3_cbc_functions */
--- /dev/null
+/*
+ * Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+/*
+ * DES low level APIs are deprecated for public use, but still ok for internal
+ * use.
+ */
+#include "internal/deprecated.h"
+
+#include "prov/ciphercommon.h"
+#include "cipher_tdes.h"
+#include <openssl/rand.h>
+#include "prov/implementations.h"
+#include "prov/providercommonerr.h"
+
+void *tdes_newctx(void *provctx, int mode, size_t kbits, size_t blkbits,
+ size_t ivbits, uint64_t flags, const PROV_CIPHER_HW *hw)
+{
+ PROV_TDES_CTX *tctx = OPENSSL_zalloc(sizeof(*tctx));
+
+ if (tctx != NULL)
+ cipher_generic_initkey(tctx, kbits, blkbits, ivbits, mode, flags, hw,
+ provctx);
+ return tctx;
+}
+
+void tdes_freectx(void *vctx)
+{
+ PROV_TDES_CTX *ctx = (PROV_TDES_CTX *)vctx;
+
+ OPENSSL_clear_free(ctx, sizeof(*ctx));
+}
+
+static int tdes_init(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen, int enc)
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+
+ ctx->enc = enc;
+
+ if (iv != NULL) {
+ if (!cipher_generic_initiv(ctx, iv, ivlen))
+ return 0;
+ }
+
+ if (key != NULL) {
+ if (keylen != ctx->keylen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEYLEN);
+ return 0;
+ }
+ return ctx->hw->init(ctx, key, ctx->keylen);
+ }
+ return 1;
+}
+
+int tdes_einit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen)
+{
+ return tdes_init(vctx, key, keylen, iv, ivlen, 1);
+}
+
+int tdes_dinit(void *vctx, const unsigned char *key, size_t keylen,
+ const unsigned char *iv, size_t ivlen)
+{
+ return tdes_init(vctx, key, keylen, iv, ivlen, 0);
+}
+
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_START(tdes)
+ OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_RANDOM_KEY, NULL, 0),
+CIPHER_DEFAULT_GETTABLE_CTX_PARAMS_END(tdes)
+
+static int tdes_generatekey(PROV_CIPHER_CTX *ctx, void *ptr)
+{
+
+ DES_cblock *deskey = ptr;
+ size_t kl = ctx->keylen;
+
+ if (kl == 0 || RAND_priv_bytes_ex(ctx->libctx, ptr, kl) <= 0)
+ return 0;
+ DES_set_odd_parity(deskey);
+ if (kl >= 16)
+ DES_set_odd_parity(deskey + 1);
+ if (kl >= 24) {
+ DES_set_odd_parity(deskey + 2);
+ return 1;
+ }
+ return 0;
+}
+
+int tdes_get_ctx_params(void *vctx, OSSL_PARAM params[])
+{
+ PROV_CIPHER_CTX *ctx = (PROV_CIPHER_CTX *)vctx;
+ OSSL_PARAM *p;
+
+ if (!cipher_generic_get_ctx_params(vctx, params))
+ return 0;
+
+ p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_RANDOM_KEY);
+ if (p != NULL && !tdes_generatekey(ctx, p->data)) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY);
+ return 0;
+ }
+ return 1;
+}
#include <openssl/params.h>
#include "prov/implementations.h"
+#define ALG(NAMES, FUNC) { NAMES, "provider=legacy", FUNC }
+
#ifdef STATIC_LEGACY
OSSL_provider_init_fn ossl_legacy_provider_init;
# define OSSL_provider_init ossl_legacy_provider_init
static const OSSL_ALGORITHM legacy_digests[] = {
#ifndef OPENSSL_NO_MD2
- { "MD2", "provider=legacy", md2_functions },
+ ALG("MD2", md2_functions),
#endif
-
#ifndef OPENSSL_NO_MD4
- { "MD4", "provider=legacy", md4_functions },
+ ALG("MD4", md4_functions),
#endif
-
#ifndef OPENSSL_NO_MDC2
- { "MDC2", "provider=legacy", mdc2_functions },
+ ALG("MDC2", mdc2_functions),
#endif /* OPENSSL_NO_MDC2 */
-
#ifndef OPENSSL_NO_WHIRLPOOL
- { "WHIRLPOOL", "provider=legacy", wp_functions },
+ ALG("WHIRLPOOL", wp_functions),
#endif /* OPENSSL_NO_WHIRLPOOL */
-
#ifndef OPENSSL_NO_RMD160
- { "RIPEMD-160:RIPEMD160:RIPEMD:RMD160", "provider=legacy", ripemd160_functions },
+ ALG("RIPEMD-160:RIPEMD160:RIPEMD:RMD160", ripemd160_functions),
#endif /* OPENSSL_NO_RMD160 */
+ { NULL, NULL, NULL }
+};
+static const OSSL_ALGORITHM legacy_ciphers[] = {
+#ifndef OPENSSL_NO_CAST
+ ALG("CAST5-ECB", cast5128ecb_functions),
+ ALG("CAST5-CBC:CAST-CBC:CAST", cast5128cbc_functions),
+ ALG("CAST5-OFB", cast564ofb64_functions),
+ ALG("CAST5-CFB", cast564cfb64_functions),
+#endif /* OPENSSL_NO_CAST */
+#ifndef OPENSSL_NO_BF
+ ALG("BF-ECB", blowfish128ecb_functions),
+ ALG("BF-CBC:BF:BLOWFISH", blowfish128cbc_functions),
+ ALG("BF-OFB", blowfish64ofb64_functions),
+ ALG("BF-CFB", blowfish64cfb64_functions),
+#endif /* OPENSSL_NO_BF */
+#ifndef OPENSSL_NO_IDEA
+ ALG("IDEA-ECB", idea128ecb_functions),
+ ALG("IDEA-CBC:IDEA", idea128cbc_functions),
+ ALG("IDEA-OFB:IDEA-OFB64", idea128ofb64_functions),
+ ALG("IDEA-CFB:IDEA-CFB64", idea128cfb64_functions),
+#endif /* OPENSSL_NO_IDEA */
+#ifndef OPENSSL_NO_SEED
+ ALG("SEED-ECB", seed128ecb_functions),
+ ALG("SEED-CBC:SEED", seed128cbc_functions),
+ ALG("SEED-OFB:SEED-OFB128", seed128ofb128_functions),
+ ALG("SEED-CFB:SEED-CFB128", seed128cfb128_functions),
+#endif /* OPENSSL_NO_SEED */
+#ifndef OPENSSL_NO_RC2
+ ALG("RC2-ECB", rc2128ecb_functions),
+ ALG("RC2-CBC", rc2128cbc_functions),
+ ALG("RC2-40-CBC", rc240cbc_functions),
+ ALG("RC2-64-CBC", rc264cbc_functions),
+ ALG("RC2-CFB", rc2128cfb128_functions),
+ ALG("RC2-OFB", rc2128ofb128_functions),
+#endif /* OPENSSL_NO_RC2 */
+#ifndef OPENSSL_NO_RC4
+ ALG("RC4", rc4128_functions),
+ ALG("RC4-40", rc440_functions),
+# ifndef OPENSSL_NO_MD5
+ ALG("RC4-HMAC-MD5", rc4_hmac_md5_functions),
+# endif /* OPENSSL_NO_MD5 */
+#endif /* OPENSSL_NO_RC4 */
+#ifndef OPENSSL_NO_RC5
+ ALG("RC5-ECB", rc5128ecb_functions),
+ ALG("RC5-CBC", rc5128cbc_functions),
+ ALG("RC5-OFB", rc5128ofb64_functions),
+ ALG("RC5-CFB", rc5128cfb64_functions),
+#endif /* OPENSSL_NO_RC5 */
+#ifndef OPENSSL_NO_DES
+ ALG("DESX-CBC:DESX", tdes_desx_cbc_functions),
+ ALG("DES-ECB", des_ecb_functions),
+ ALG("DES-CBC:DES", des_cbc_functions),
+ ALG("DES-OFB", des_ofb64_functions),
+ ALG("DES-CFB", des_cfb64_functions),
+ ALG("DES-CFB1", des_cfb1_functions),
+ ALG("DES-CFB8", des_cfb8_functions),
+#endif /* OPENSSL_NO_DES */
{ NULL, NULL, NULL }
};
switch (operation_id) {
case OSSL_OP_DIGEST:
return legacy_digests;
+ case OSSL_OP_CIPHER:
+ return legacy_ciphers;
}
return NULL;
}
use File::Copy;
use File::Compare qw/compare_text/;
use File::Basename;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
setup("test_enc");
my $test = catfile(".", "p");
my $cmd = "openssl";
+my $provpath = bldtop_dir("providers");
+my @prov = ("-provider_path", $provpath, "-provider", "default", "-provider", "legacy");
my $ciphersstatus = undef;
my @ciphers =
@d = ( "enc", @{$variant{$t}}, "-d" );
}
- ok(run(app([$cmd, @e, "-in", $test, "-out", $cipherfile]))
- && run(app([$cmd, @d, "-in", $cipherfile, "-out", $clearfile]))
+ ok(run(app([$cmd, @e, @prov, "-in", $test, "-out", $cipherfile]))
+ && run(app([$cmd, @d, @prov, "-in", $cipherfile, "-out", $clearfile]))
&& compare_text($test,$clearfile) == 0, $t);
}
}
use File::Copy;
use File::Compare qw/compare_text/;
use File::Basename;
-use OpenSSL::Test qw/:DEFAULT srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_file bldtop_dir/;
setup("test_evp_more");
my $plaintext = catfile(".", "testdatafile");
my $fail = "";
my $cmd = "openssl";
+my $provpath = bldtop_dir("providers");
+my @prov = ("-provider_path", $provpath, "-provider", "default", "-provider", "legacy");
my $ciphersstatus = undef;
my @ciphers =
my $clearfile = "$plaintext.$ciphername.clear";
my @common = ( $cmd, "enc", "$cipher", "-k", "test" );
- ok(run(app([@common, "-e", "-in", $plaintext, "-out", $cipherfile]))
+ ok(run(app([@common, @prov, "-e", "-in", $plaintext, "-out", $cipherfile]))
&& compare_text($plaintext, $cipherfile) != 0
- && run(app([@common, "-d", "-in", $cipherfile, "-out", $clearfile]))
+ && run(app([@common, @prov, "-d", "-in", $cipherfile, "-out", $clearfile]))
&& compare_text($plaintext, $clearfile) == 0
, $ciphername);
}
use POSIX;
use File::Spec::Functions qw/catfile/;
use File::Compare qw/compare_text/;
-use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file/;
+use OpenSSL::Test qw/:DEFAULT srctop_dir srctop_file bldtop_dir/;
use OpenSSL::Test::Utils;
setup("test_cms");
plan skip_all => "CMS is not supported by this OpenSSL build"
if disabled("cms");
+my $provpath = bldtop_dir("providers");
+my @prov = ("-provider_path", $provpath, "-provider", "default", "-provider", "legacy");
+
my $datadir = srctop_dir("test", "recipes", "80-test_cms_data");
my $smdir = srctop_dir("test", "smime-certs");
my $smcont = srctop_file("test", "smcont.txt");
],
[ "encrypted content test streaming PEM format, 128 bit RC2 key",
- [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ [ "{cmd1}", @prov, "-EncryptedData_encrypt",
+ "-in", $smcont, "-outform", "PEM",
"-rc2", "-secretkey", "000102030405060708090A0B0C0D0E0F",
"-stream", "-out", "{output}.cms" ],
- [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ [ "{cmd2}", @prov, "-EncryptedData_decrypt", "-in", "{output}.cms",
"-inform", "PEM",
"-secretkey", "000102030405060708090A0B0C0D0E0F",
"-out", "{output}.txt" ],
],
[ "encrypted content test streaming PEM format, 40 bit RC2 key",
- [ "{cmd1}", "-EncryptedData_encrypt", "-in", $smcont, "-outform", "PEM",
+ [ "{cmd1}", @prov, "-EncryptedData_encrypt",
+ "-in", $smcont, "-outform", "PEM",
"-rc2", "-secretkey", "0001020304",
"-stream", "-out", "{output}.cms" ],
- [ "{cmd2}", "-EncryptedData_decrypt", "-in", "{output}.cms",
+ [ "{cmd2}", @prov, "-EncryptedData_decrypt", "-in", "{output}.cms",
"-inform", "PEM",
"-secretkey", "0001020304", "-out", "{output}.txt" ],
\&final_compare
projects / oweals / openssl.git / commitdiff