always activate default provider

open-quantum-safe · Oct 24, 2021 · 48acf32 · 48acf32
1 parent 77af5dd
commit 48acf32
Show file tree

Hide file tree

Showing 4 changed files with 59 additions and 27 deletions.
diff --git a/oqsprov/oqs_prov.h b/oqsprov/oqs_prov.h
@@ -32,6 +32,7 @@
 #define OQSPROV_R_OBJ_CREATE_ERR                            6
 #define OQSPROV_R_INVALID_ENCODING                          7
 #define OQSPROV_R_SIGN_ERROR				    8
+#define OQSPROV_R_LIB_CREATE_ERR			    9
 
 /* Extras for OQS extension */
 

diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c
@@ -16,6 +16,7 @@
 #include <openssl/params.h>
 #include <openssl/objects.h>
 #include <openssl/err.h>
+#include <openssl/provider.h>
 #include "oqs_prov.h"
 
 #ifdef NDEBUG
@@ -318,12 +319,14 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
                        void **provctx)
 {
     const OSSL_DISPATCH *orig_in=in;
-    OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
     OSSL_FUNC_core_obj_create_fn *c_obj_create= NULL;
+    OSSL_FUNC_core_get_libctx_fn *c_get_libctx = NULL;
+
     OSSL_FUNC_core_obj_add_sigid_fn *c_obj_add_sigid= NULL;
     BIO_METHOD *corebiometh;
     OSSL_LIB_CTX *libctx = NULL;
     int i;
+    int rc = 0;
 
     if (!oqs_prov_bio_from_dispatch(in))
         return 0;
@@ -333,12 +336,12 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         case OSSL_FUNC_CORE_GETTABLE_PARAMS:
             c_gettable_params = OSSL_FUNC_core_gettable_params(in);
             break;
-        case OSSL_FUNC_CORE_GET_PARAMS:
-            c_get_params = OSSL_FUNC_core_get_params(in);
-            break;
         case OSSL_FUNC_CORE_GET_LIBCTX:
             c_get_libctx = OSSL_FUNC_core_get_libctx(in);
             break;
+        case OSSL_FUNC_CORE_GET_PARAMS:
+            c_get_params = OSSL_FUNC_core_get_params(in);
+            break;
         case OSSL_FUNC_CORE_OBJ_CREATE:
             c_obj_create = OSSL_FUNC_core_obj_create(in);
             break;
@@ -352,9 +355,12 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
     }
 
     // we need these functions:
-    if (c_obj_create == NULL || c_obj_add_sigid==NULL)
+    if (c_obj_create == NULL || c_obj_add_sigid==NULL || c_get_libctx==NULL)
         return 0;
 
+    // try to get pre-existing context
+    libctx = (OSSL_LIB_CTX *)c_get_libctx(handle);
+
     // insert all OIDs to the global objects list
     for (i=0; i<OQS_OID_CNT;i+=2) {
 	if (!c_obj_create(handle, oqs_oid_alg_list[i], oqs_oid_alg_list[i+1], oqs_oid_alg_list[i+1]))
@@ -370,16 +376,32 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
 
     }
 
+    // if libctx not yet existing, create a new one
     if ( ((corebiometh = oqs_bio_prov_init_bio_method()) == NULL) ||
-         ((libctx = OSSL_LIB_CTX_new_child(handle, orig_in)) == NULL) ||
+         ((libctx = libctx?libctx:OSSL_LIB_CTX_new_child(handle, orig_in)) == NULL) ||
          ((*provctx = oqsx_newprovctx(libctx, handle, corebiometh)) == NULL ) ) { 
-        OSSL_LIB_CTX_free(libctx);
-        oqsprovider_teardown(*provctx);
-        *provctx = NULL;
-        return 0;
+        OQS_PROV_PRINTF("OQS PROV: error creating new provider context\n");
+        ERR_raise(ERR_LIB_USER, OQSPROV_R_LIB_CREATE_ERR);
+	goto end_init;
     }
 
     *out = oqsprovider_dispatch_table;
 
-    return 1;
+    // finally, check availability of default provider: Without it, this provider won't function:
+    if (!OSSL_PROVIDER_available(libctx, "default")) {
+        OQS_PROV_PRINTF("OQS PROV: Default provider not available. Activating.\n");
+        rc = (OSSL_PROVIDER_load(libctx, "default") != NULL);
+    }
+    else {
+        OQS_PROV_PRINTF("OQS PROV: Default provider available.\n");
+        rc = 1;
+    }
+
+end_init:
+    if (!rc) {
+        OSSL_LIB_CTX_free(libctx);
+        oqsprovider_teardown(*provctx);
+        *provctx = NULL;
+    }
+    return rc;
 }
diff --git a/test/oqs_test_groups.c b/test/oqs_test_groups.c
@@ -146,13 +146,8 @@ int main(int argc, char *argv[])
 
   T(OSSL_LIB_CTX_load_config(libctx, configfile));
 
-  /* Check we have the expected providers available:
-   * Note: default only needed if liboqs built using openssl,
-   * so may be left away (in test/oqs.cnf if suitably build, see
-   * https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs#OQS_USE_OPENSSL
-   */
   T(OSSL_PROVIDER_available(libctx, modulename));
-  T(OSSL_PROVIDER_available(libctx, "default"));
+  T(OSSL_PROVIDER_available(libctx, "default")); 
 
   T(OSSL_PROVIDER_do_all(libctx, test_provider_groups, &errcnt));
 

diff --git a/test/oqs_test_signatures.c b/test/oqs_test_signatures.c
@@ -33,6 +33,7 @@ static const char *sigalg_names[] = {
 ///// OQS_TEMPLATE_FRAGMENT_SIGNATURE_CASES_END
 };
 
+// sign-and-hash must work with and without providing a digest algorithm
 static int test_oqs_signatures(const char *sigalg_name)
 {
   EVP_MD_CTX *mdctx = NULL;
@@ -42,17 +43,37 @@ static int test_oqs_signatures(const char *sigalg_name)
   unsigned char *sig;
   size_t siglen;
 
-  int testresult =
+  int testresult = 1;
+
+  // test with built-in digest only if default provider is active:
+  // TBD revisit when hybrids are activated: They always need default provider
+  if (OSSL_PROVIDER_available(libctx, "default"))
+    testresult  &=
+      (mdctx = EVP_MD_CTX_new()) != NULL
+      && (ctx = EVP_PKEY_CTX_new_from_name(libctx, sigalg_name, NULL)) != NULL
+      && EVP_PKEY_keygen_init(ctx)
+      && EVP_PKEY_generate(ctx, &key)
+      && EVP_DigestSignInit_ex(mdctx, NULL, "SHA512", libctx, NULL, key, NULL)
+      && EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))
+      && EVP_DigestSignFinal(mdctx, NULL, &siglen)
+      && (sig = OPENSSL_malloc(siglen)) != NULL
+      && EVP_DigestSignFinal(mdctx, sig, &siglen)
+      && EVP_DigestVerifyInit_ex(mdctx, NULL, "SHA512", libctx, NULL, key, NULL)
+      && EVP_DigestVerifyUpdate(mdctx, msg, sizeof(msg))
+      && EVP_DigestVerifyFinal(mdctx, sig, siglen);
+
+  // this test must work also with default provider inactive:
+  testresult &=
     (mdctx = EVP_MD_CTX_new()) != NULL
     && (ctx = EVP_PKEY_CTX_new_from_name(libctx, sigalg_name, NULL)) != NULL
     && EVP_PKEY_keygen_init(ctx)
     && EVP_PKEY_generate(ctx, &key)
-    && EVP_DigestSignInit_ex(mdctx, NULL, "SHA512", libctx, NULL, key, NULL)
+    && EVP_DigestSignInit_ex(mdctx, NULL, NULL, libctx, NULL, key, NULL)
     && EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))
     && EVP_DigestSignFinal(mdctx, NULL, &siglen)
     && (sig = OPENSSL_malloc(siglen)) != NULL
     && EVP_DigestSignFinal(mdctx, sig, &siglen)
-    && EVP_DigestVerifyInit_ex(mdctx, NULL, "SHA512", libctx, NULL, key, NULL)
+    && EVP_DigestVerifyInit_ex(mdctx, NULL, NULL, libctx, NULL, key, NULL)
     && EVP_DigestVerifyUpdate(mdctx, msg, sizeof(msg))
     && EVP_DigestVerifyFinal(mdctx, sig, siglen);
 
@@ -76,14 +97,7 @@ int main(int argc, char *argv[])
 
   T(OSSL_LIB_CTX_load_config(libctx, configfile));
 
-  /* Check we have the expected providers available:
-   * Note: default only needed if liboqs built using openssl,
-   * so may be left away (in test/oqs.cnf if suitably build, see
-   * https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs#OQS_USE_OPENSSL
-   */
-  T(OSSL_PROVIDER_load(libctx, modulename));
   T(OSSL_PROVIDER_available(libctx, modulename));
-  T(OSSL_PROVIDER_available(libctx, "default"));
 
   for (i = 0; i < nelem(sigalg_names); i++) {
     if (test_oqs_signatures(sigalg_names[i])) {