Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

corner case object creation added #243

Merged
merged 5 commits into from
Sep 4, 2023
Merged

corner case object creation added #243

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
7882dd1
corner case object creation added
baentsch Sep 2, 2023
696d944
enable 3.1.0 workaround
baentsch Sep 3, 2023
bb196e7
output more info on error
baentsch Sep 4, 2023
62fec76
correct format error
baentsch Sep 4, 2023
4f841a2
enhanced bug report template [skip ci]
baentsch Sep 4, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,16 @@ Please run the following commands to obtain the version information:
If `oqsprovider` is not listed as active, be sure to first follow all
[USAGE guidance](https://github.com/open-quantum-safe/oqs-provider/blob/main/USAGE.md).

If reporting bugs triggered by OpenSSL API integrations, e.g. running
a provider build [statically](https://github.com/open-quantum-safe/oqs-provider/blob/main/CONFIGURE.md#oqs_provider_build_static)
or directly invoking any OpenSSL API, be sure to retrieve and report all errors
reported by using the OpenSSL [ERR_get_error_all](https://www.openssl.org/docs/man3.1/man3/ERR_get_error_all.html)
function.

Bug reports generated from [Debug builds](https://github.com/open-quantum-safe/oqs-provider/wiki/Debugging)
wth the debug environment variable "OQSPROV=1" set will be particularly helpful to find underlying
problems.

**Additional context**
Add any other context about the problem here.

Expand Down
57 changes: 44 additions & 13 deletions oqsprov/oqsprov.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -691,21 +691,26 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
BIO_METHOD *corebiometh;
OSSL_LIB_CTX *libctx = NULL;
int i, rc = 0;
char *opensslv;
const char *ossl_versionp = NULL;
OSSL_PARAM version_request[] = {{"openssl-version", OSSL_PARAM_UTF8_PTR,
&opensslv, sizeof(&opensslv), 0},
{NULL, 0, NULL, 0, 0}};

OQS_init();

if (!oqs_prov_bio_from_dispatch(in))
return 0;
goto end_init;

if (!oqs_patch_codepoints())
return 0;
goto end_init;

if (!oqs_patch_oids())
return 0;
goto end_init;

#ifdef USE_ENCODING_LIB
if (!oqs_patch_encodings())
return 0;
goto end_init;
#endif

for (; in->function_id != 0; in++) {
Expand All @@ -729,8 +734,14 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
}

// we need these functions:
if (c_obj_create == NULL || c_obj_add_sigid == NULL)
return 0;
if (c_obj_create == NULL || c_obj_add_sigid == NULL || c_get_params == NULL)
goto end_init;

// we need to know the version of the calling core to activate
// suitable bug workarounds
if (c_get_params(handle, version_request)) {
ossl_versionp = *(void **)version_request[0].data;
}

// insert all OIDs to the global objects list
for (i = 0; i < OQS_OID_CNT; i += 2) {
Expand All @@ -739,21 +750,31 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
fprintf(stderr, "error registering NID for %s\n",
oqs_oid_alg_list[i + 1]);
return 0;
goto end_init;
}

/* create object (NID) again to avoid setup corner case problems
* see https://github.com/openssl/openssl/discussions/21903
* Not testing for errors is intentional.
* At least one core version hangs up; so don't do this there:
*/
if (strcmp("3.1.0", ossl_versionp)) {
bhess marked this conversation as resolved.
Show resolved Hide resolved
OBJ_create(oqs_oid_alg_list[i], oqs_oid_alg_list[i + 1],
oqs_oid_alg_list[i + 1]);
}

if (!oqs_set_nid((char *)oqs_oid_alg_list[i + 1],
OBJ_sn2nid(oqs_oid_alg_list[i + 1]))) {
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
return 0;
goto end_init;
}

if (!c_obj_add_sigid(handle, oqs_oid_alg_list[i + 1], "",
oqs_oid_alg_list[i + 1])) {
fprintf(stderr, "error registering %s with no hash\n",
oqs_oid_alg_list[i + 1]);
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
return 0;
goto end_init;
}

if (OBJ_sn2nid(oqs_oid_alg_list[i + 1]) != 0) {
Expand All @@ -764,7 +785,8 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,
fprintf(stderr,
"OQS PROV: Impossible error: NID unregistered for %s.\n",
oqs_oid_alg_list[i + 1]);
return 0;
ERR_raise(ERR_LIB_USER, OQSPROV_R_OBJ_CREATE_ERR);
goto end_init;
}
}

Expand Down Expand Up @@ -792,9 +814,18 @@ int OQS_PROVIDER_ENTRYPOINT_NAME(const OSSL_CORE_HANDLE *handle,

end_init:
if (!rc) {
OSSL_LIB_CTX_free(libctx);
oqsprovider_teardown(*provctx);
*provctx = NULL;
if (ossl_versionp)
OQS_PROV_PRINTF2(
"oqsprovider init failed for OpenSSL core version %s\n",
ossl_versionp);
else
OQS_PROV_PRINTF("oqsprovider init failed for OpenSSL\n");
if (libctx)
OSSL_LIB_CTX_free(libctx);
if (provctx && *provctx) {
oqsprovider_teardown(*provctx);
*provctx = NULL;
}
}
return rc;
}