mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix remaining provider config settings to be decisive in value

Browse Source 
There is one remaining config setting for providers, soft_load, which is
enabled when provided in a config, regardless of its value.  Augment it
to require a decisive value 1/0, yes/no, on/off, true/false, as we've
recently done for the activate setting.

Also, since it wasn't previously documented, add docs for it.

Fixes #23105

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23111)
This commit is contained in:
Neil Horman 2023-12-20 13:00:57 -05:00 committed by Tomas Mraz
parent 62457fd941
commit 9277ed0a4f
3 changed files with 55 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CHANGES.md
View File

@ -28,11 +28,11 @@ OpenSSL 3.3
### Changes between 3.2 and 3.3 [xx XXX xxxx] ### Changes between 3.2 and 3.3 [xx XXX xxxx]
* The activate configuration setting for providers in openssl.cnf has been * The activate and soft_load configuration settings for providers in
updated to require a value of [1|yes|true|on] (in lower or UPPER case) to openssl.cnf have been updated to require a value of [1|yes|true|on]
activate the provider. Conversely a setting [0|no|false|off] will prevent (in lower or UPPER case) to enable the setting. Conversely a value
provider activation. All other values, or the omission of a value for this of [0|no|false|off] will disable the setting. All other values, or the
setting will result in an error. omission of a value for these settings will result in an error.
*Neil Horman* *Neil Horman*

71
crypto/provider_conf.c
View File

@ -272,6 +272,42 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name,
return ok; return ok;
} }
static int provider_conf_parse_bool_setting(const char *confname,
const char *confvalue, int *val)
{
if (confvalue == NULL) {
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
"directive %s set to unrecognized value",
confname);
return 0;
}
if ((strcmp(confvalue, "1") == 0)
|| (strcmp(confvalue, "yes") == 0)
|| (strcmp(confvalue, "YES") == 0)
|| (strcmp(confvalue, "true") == 0)
|| (strcmp(confvalue, "TRUE") == 0)
|| (strcmp(confvalue, "on") == 0)
|| (strcmp(confvalue, "ON") == 0)) {
*val = 1;
} else if ((strcmp(confvalue, "0") == 0)
|| (strcmp(confvalue, "no") == 0)
|| (strcmp(confvalue, "NO") == 0)
|| (strcmp(confvalue, "false") == 0)
|| (strcmp(confvalue, "FALSE") == 0)
|| (strcmp(confvalue, "off") == 0)
|| (strcmp(confvalue, "OFF") == 0)) {
*val = 0;
} else {
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
"directive %s set to unrecognized value",
confname);
return 0;
}
return 1;
}
static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
const char *value, const CONF *cnf) const char *value, const CONF *cnf)
{ {
@ -279,7 +315,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
STACK_OF(CONF_VALUE) *ecmds; STACK_OF(CONF_VALUE) *ecmds;
int soft = 0; int soft = 0;
const char *path = NULL; const char *path = NULL;
long activate = 0; int activate = 0;
int ok = 0; int ok = 0;
int added = 0; int added = 0;
@ -309,40 +345,17 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
if (strcmp(confname, "identity") == 0) { if (strcmp(confname, "identity") == 0) {
name = confvalue; name = confvalue;
} else if (strcmp(confname, "soft_load") == 0) { } else if (strcmp(confname, "soft_load") == 0) {
soft = 1; if (!provider_conf_parse_bool_setting(confname,
confvalue, &soft))
return 0;
/* Load a dynamic PROVIDER */ /* Load a dynamic PROVIDER */
} else if (strcmp(confname, "module") == 0) { } else if (strcmp(confname, "module") == 0) {
path = confvalue; path = confvalue;
} else if (strcmp(confname, "activate") == 0) { } else if (strcmp(confname, "activate") == 0) {
if (confvalue == NULL) { if (!provider_conf_parse_bool_setting(confname,
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, confvalue, &activate))
"section=%s activate set to unrecognized value",
value);
return 0; return 0;
} }
if ((strcmp(confvalue, "1") == 0)
|| (strcmp(confvalue, "yes") == 0)
|| (strcmp(confvalue, "YES") == 0)
|| (strcmp(confvalue, "true") == 0)
|| (strcmp(confvalue, "TRUE") == 0)
|| (strcmp(confvalue, "on") == 0)
|| (strcmp(confvalue, "ON") == 0)) {
activate = 1;
} else if ((strcmp(confvalue, "0") == 0)
|| (strcmp(confvalue, "no") == 0)
|| (strcmp(confvalue, "NO") == 0)
|| (strcmp(confvalue, "false") == 0)
|| (strcmp(confvalue, "FALSE") == 0)
|| (strcmp(confvalue, "off") == 0)
|| (strcmp(confvalue, "OFF") == 0)) {
activate = 0;
} else {
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR,
"section=%s activate set to unrecognized value",
value);
return 0;
}
}
} }
if (activate) { if (activate) {

8
doc/man5/config.pod
View File

@ -271,6 +271,14 @@ provider will be activated. Conversely, setting this value to no, off, false, or
or uppercase. Setting activate to any other setting, or omitting a setting or uppercase. Setting activate to any other setting, or omitting a setting
value will result in an error. value will result in an error.
= item B<soft_load>
If enabled, informs the library to clear the error stack on failure to activate
requested provider. A value of 1, yes, true or on (in lower or uppercase) will
activate this setting, while a value of 0, no, false, of off (again in lower or
uppercase) will disable this setting. Any other value will produce an error.
Note this setting defaults to off if not provided
=back =back
All parameters in the section as well as sub-sections are made All parameters in the section as well as sub-sections are made