[openssl] master update
Matt Caswell
matt at openssl.org
Fri Nov 6 10:35:00 UTC 2020
The branch master has been updated
via b9b2135d22b93f949fd77f293925fc66158416ff (commit)
via b8ae4a83de0de38fd382f3981e503f2ab5461c07 (commit)
from 3309c4b716c922172b6a7ae0cef88fad0203886d (commit)
- Log -----------------------------------------------------------------
commit b9b2135d22b93f949fd77f293925fc66158416ff
Author: Matt Caswell <matt at openssl.org>
Date: Wed Nov 4 11:34:15 2020 +0000
Don't clear the whole error stack when loading engines
Loading the various built-in engines was unconditionally clearing the
whole error stack. During config file processing processing a .include
directive which fails results in errors being added to the stack - but
we carry on anyway. These errors were then later being removed by the
engine loading code, meaning that problems with the .include directive
never get shown.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)
commit b8ae4a83de0de38fd382f3981e503f2ab5461c07
Author: Matt Caswell <matt at openssl.org>
Date: Wed Nov 4 11:31:55 2020 +0000
Don't clear errors on failure in CONF_modules_load_file_ex()
The call to CONF_modules_load() in CONF_modules_load_file_ex() can
return a negative number to indicate failure. This was incorrectly
being interpreted as "success" and therefore errors were being cleared
incorrectly.
Reviewed-by: Paul Dale <paul.dale at oracle.com>
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13311)
-----------------------------------------------------------------------
Summary of changes:
crypto/conf/conf_mod.c | 4 ++--
crypto/engine/eng_dyn.c | 4 +++-
crypto/engine/eng_openssl.c | 9 ++++++++-
crypto/engine/eng_rdrand.c | 12 +++++++++++-
engines/e_afalg.c | 12 +++++++++++-
engines/e_capi.c | 12 +++++++++++-
engines/e_dasync.c | 12 +++++++++++-
engines/e_devcrypto.c | 13 ++++++++++++-
engines/e_padlock.c | 12 +++++++++++-
9 files changed, 80 insertions(+), 10 deletions(-)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index bd945766b8..f287cb28eb 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -187,10 +187,11 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics)
ret = 1;
- if (ret)
+ if (ret > 0)
ERR_pop_to_mark();
else
ERR_clear_last_mark();
+
return ret;
}
@@ -207,7 +208,6 @@ DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules)
/* Need to load ENGINEs */
ENGINE_load_builtin_engines();
#endif
- ERR_clear_error();
return 1;
}
diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c
index 01935578c2..3b0d8eb91f 100644
--- a/crypto/engine/eng_dyn.c
+++ b/crypto/engine/eng_dyn.c
@@ -257,6 +257,8 @@ void engine_load_dynamic_int(void)
ENGINE *toadd = engine_dynamic();
if (!toadd)
return;
+
+ ERR_set_mark();
ENGINE_add(toadd);
/*
* If the "add" worked, it gets a structural reference. So either way, we
@@ -268,7 +270,7 @@ void engine_load_dynamic_int(void)
* already added (eg. someone calling ENGINE_load_blah then calling
* ENGINE_load_builtin_engines() perhaps).
*/
- ERR_clear_error();
+ ERR_pop_to_mark();
}
static int dynamic_init(ENGINE *e)
diff --git a/crypto/engine/eng_openssl.c b/crypto/engine/eng_openssl.c
index 2374af8ae9..a51ccf129f 100644
--- a/crypto/engine/eng_openssl.c
+++ b/crypto/engine/eng_openssl.c
@@ -152,13 +152,20 @@ void engine_load_openssl_int(void)
ENGINE *toadd = engine_openssl();
if (!toadd)
return;
+
+ ERR_set_mark();
ENGINE_add(toadd);
/*
* If the "add" worked, it gets a structural reference. So either way, we
* release our just-created reference.
*/
ENGINE_free(toadd);
- ERR_clear_error();
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_pop_to_mark();
}
/*
diff --git a/crypto/engine/eng_rdrand.c b/crypto/engine/eng_rdrand.c
index 39e4055a90..f46a514597 100644
--- a/crypto/engine/eng_rdrand.c
+++ b/crypto/engine/eng_rdrand.c
@@ -87,9 +87,19 @@ void engine_load_rdrand_int(void)
ENGINE *toadd = ENGINE_rdrand();
if (!toadd)
return;
+ ERR_set_mark();
ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
ENGINE_free(toadd);
- ERR_clear_error();
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_pop_to_mark();
}
}
#else
diff --git a/engines/e_afalg.c b/engines/e_afalg.c
index 24a1aa900c..9480d7c24b 100644
--- a/engines/e_afalg.c
+++ b/engines/e_afalg.c
@@ -851,9 +851,19 @@ void engine_load_afalg_int(void)
toadd = engine_afalg();
if (toadd == NULL)
return;
+ ERR_set_mark();
ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
ENGINE_free(toadd);
- ERR_clear_error();
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_pop_to_mark();
}
# endif
diff --git a/engines/e_capi.c b/engines/e_capi.c
index 8e5693d25e..dd66518d3f 100644
--- a/engines/e_capi.c
+++ b/engines/e_capi.c
@@ -600,9 +600,19 @@ void engine_load_capi_int(void)
ENGINE *toadd = engine_capi();
if (!toadd)
return;
+ ERR_set_mark();
ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
ENGINE_free(toadd);
- ERR_clear_error();
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_pop_to_mark();
}
# endif
diff --git a/engines/e_dasync.c b/engines/e_dasync.c
index b817b2ba5f..4eb50d055c 100644
--- a/engines/e_dasync.c
+++ b/engines/e_dasync.c
@@ -348,9 +348,19 @@ void engine_load_dasync_int(void)
ENGINE *toadd = engine_dasync();
if (!toadd)
return;
+ ERR_set_mark();
ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
ENGINE_free(toadd);
- ERR_clear_error();
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_pop_to_mark();
}
static int dasync_init(ENGINE *e)
diff --git a/engines/e_devcrypto.c b/engines/e_devcrypto.c
index 729bb1fe95..85815e2e5a 100644
--- a/engines/e_devcrypto.c
+++ b/engines/e_devcrypto.c
@@ -1287,9 +1287,20 @@ void engine_load_devcrypto_int(void)
return;
}
+ ERR_set_mark();
ENGINE_add(e);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
ENGINE_free(e); /* Loose our local reference */
- ERR_clear_error();
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_pop_to_mark();
+}
}
#else
diff --git a/engines/e_padlock.c b/engines/e_padlock.c
index 713a79a368..572ff90935 100644
--- a/engines/e_padlock.c
+++ b/engines/e_padlock.c
@@ -49,9 +49,19 @@ void engine_load_padlock_int(void)
ENGINE *toadd = ENGINE_padlock();
if (!toadd)
return;
+ ERR_set_mark();
ENGINE_add(toadd);
+ /*
+ * If the "add" worked, it gets a structural reference. So either way, we
+ * release our just-created reference.
+ */
ENGINE_free(toadd);
- ERR_clear_error();
+ /*
+ * If the "add" didn't work, it was probably a conflict because it was
+ * already added (eg. someone calling ENGINE_load_blah then calling
+ * ENGINE_load_builtin_engines() perhaps).
+ */
+ ERR_pop_to_mark();
# endif
}
More information about the openssl-commits
mailing list