[openssl] master update

dev at ddvo.net dev at ddvo.net
Thu Oct 8 15:06:57 UTC 2020


The branch master has been updated
       via  55c61473b52aff9fd5217aec543b3d25beea0531 (commit)
      from  02a2567173a451d8d00c276e6d8c1d1cb171234d (commit)


- Log -----------------------------------------------------------------
commit 55c61473b52aff9fd5217aec543b3d25beea0531
Author: Dr. David von Oheimb <David.von.Oheimb at siemens.com>
Date:   Wed Sep 30 13:50:34 2020 +0200

    Correct and simplify use of ERR_clear_error() etc. for loading DSO libs
    
    Reviewed-by: Richard Levitte <levitte at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/13045)

-----------------------------------------------------------------------

Summary of changes:
 apps/cmp.c             |  1 -
 crypto/conf/conf_lib.c | 16 ++++++++++++++++
 crypto/conf/conf_mod.c | 34 ++++++++++++++++++++--------------
 crypto/ts/ts_conf.c    |  7 +++----
 include/openssl/ts.h   |  2 +-
 5 files changed, 40 insertions(+), 20 deletions(-)

diff --git a/apps/cmp.c b/apps/cmp.c
index 1137ed0a84..e52eff3c28 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -2626,7 +2626,6 @@ int cmp_main(int argc, char **argv)
     char mock_server[] = "mock server:1";
     int ret = 0; /* default: failure */
 
-    ERR_clear_error(); /* clear leftover errors on loading libengines.so etc. */
     if (argc <= 1) {
         opt_help(cmp_options);
         goto err;
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 4cc698400c..54ba692462 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -101,6 +101,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf,
         return NULL;
     } else {
         CONF ctmp;
+
         CONF_set_nconf(&ctmp, conf);
         return NCONF_get_section(&ctmp, section);
     }
@@ -113,6 +114,7 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group,
         return NCONF_get_string(NULL, group, name);
     } else {
         CONF ctmp;
+
         CONF_set_nconf(&ctmp, conf);
         return NCONF_get_string(&ctmp, group, name);
     }
@@ -129,6 +131,7 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group,
         status = NCONF_get_number_e(NULL, group, name, &result);
     } else {
         CONF ctmp;
+
         CONF_set_nconf(&ctmp, conf);
         status = NCONF_get_number_e(&ctmp, group, name, &result);
     }
@@ -162,6 +165,7 @@ int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out)
 int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
 {
     CONF ctmp;
+
     CONF_set_nconf(&ctmp, conf);
     return NCONF_dump_bio(&ctmp, out);
 }
@@ -329,6 +333,18 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name,
     return 1;
 }
 
+long _CONF_get_number(const CONF *conf, const char *section,
+                      const char *name)
+{
+    int status;
+    long result = 0;
+
+    ERR_set_mark();
+    status = NCONF_get_number_e(conf, section, name, &result);
+    ERR_pop_to_mark();
+    return status == 0 ? 0L : result;
+}
+
 #ifndef OPENSSL_NO_STDIO
 int NCONF_dump_fp(const CONF *conf, FILE *out)
 {
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 5359a7e06d..a1cb4c5f7b 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -15,6 +15,7 @@
 #include <ctype.h>
 #include <openssl/crypto.h>
 #include "internal/conf.h"
+#include "openssl/conf_api.h"
 #include "internal/dso.h"
 #include "internal/thread_once.h"
 #include <openssl/x509.h>
@@ -80,14 +81,7 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
 
 static int conf_diagnostics(const CONF *cnf)
 {
-    long int lflag = 0;
-    int res;
-
-    ERR_set_mark();
-    res = NCONF_get_number(cnf, NULL, "config_diagnostics", &lflag)
-          && lflag != 0;
-    ERR_pop_to_mark();
-    return res;
+    return _CONF_get_number(cnf, NULL, "config_diagnostics") != 0;
 }
 
 /* Main function: load modules from a CONF structure */
@@ -109,6 +103,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
                    | CONF_MFLAGS_SILENT
                    | CONF_MFLAGS_IGNORE_MISSING_FILE);
 
+    ERR_set_mark();
     if (appname)
         vsection = NCONF_get_string(cnf, NULL, appname);
 
@@ -116,7 +111,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
         vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
 
     if (!vsection) {
-        ERR_clear_error();
+        ERR_pop_to_mark();
         return 1;
     }
 
@@ -125,20 +120,28 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 
     if (values == NULL) {
         if (!(flags & CONF_MFLAGS_SILENT)) {
+            ERR_clear_last_mark();
             CONFerr(0, CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION);
             ERR_add_error_data(2, "openssl_conf=", vsection);
+        } else {
+            ERR_pop_to_mark();
         }
         return 0;
     }
+    ERR_pop_to_mark();
 
     for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
         vl = sk_CONF_VALUE_value(values, i);
+        ERR_set_mark();
         ret = module_run(cnf, vl->name, vl->value, flags);
         OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n",
                     vl->name, vl->value, ret);
         if (ret <= 0)
-            if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+            if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) {
+                ERR_clear_last_mark();
                 return ret;
+            }
+        ERR_pop_to_mark();
     }
 
     return 1;
@@ -152,6 +155,7 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename,
     CONF *conf = NULL;
     int ret = 0, diagnostics = 0;
 
+    ERR_set_mark();
     conf = NCONF_new_ex(libctx, NULL);
     if (conf == NULL)
         goto err;
@@ -167,7 +171,6 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename,
     if (NCONF_load(conf, file, NULL) <= 0) {
         if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
             (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
-            ERR_clear_error();
             ret = 1;
         }
         goto err;
@@ -182,8 +185,12 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename,
     NCONF_free(conf);
 
     if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics)
-        return 1;
+        ret = 1;
 
+    if (ret)
+        ERR_pop_to_mark();
+    else
+        ERR_clear_last_mark();
     return ret;
 }
 
@@ -255,9 +262,8 @@ static CONF_MODULE *module_load_dso(const CONF *cnf,
     CONF_MODULE *md;
 
     /* Look for alternative path in module section */
-    path = NCONF_get_string(cnf, value, "path");
+    path = _CONF_get_string(cnf, value, "path");
     if (path == NULL) {
-        ERR_clear_error();
         path = name;
     }
     dso = DSO_load(NULL, path, NULL, 0);
diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c
index 5418bc8bbf..55fae481e1 100644
--- a/crypto/ts/ts_conf.c
+++ b/crypto/ts/ts_conf.c
@@ -17,6 +17,7 @@
 #include <openssl/pem.h>
 #include <openssl/engine.h>
 #include <openssl/ts.h>
+#include <openssl/conf_api.h>
 
 /* Macro definitions for the configuration file. */
 #define BASE_SECTION                    "tsa"
@@ -418,7 +419,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
     return ret;
 }
 
-int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section,
                                        TS_RESP_CTX *ctx)
 {
     int ret = 0;
@@ -427,9 +428,7 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
     /*
      * If not specified, set the default value to 0, i.e. sec precision
      */
-    if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS,
-                            &digits))
-        digits = 0;
+    digits = _CONF_get_number(conf, section, ENV_CLOCK_PRECISION_DIGITS);
     if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) {
         ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS);
         goto err;
diff --git a/include/openssl/ts.h b/include/openssl/ts.h
index 48cea0f503..e88ad44cfd 100644
--- a/include/openssl/ts.h
+++ b/include/openssl/ts.h
@@ -486,7 +486,7 @@ int TS_CONF_set_def_policy(CONF *conf, const char *section,
 int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx);
-int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section,
+int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section,
                                        TS_RESP_CTX *ctx);
 int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx);
 int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);


More information about the openssl-commits mailing list