[openssl] master update
shane.lontis at oracle.com
shane.lontis at oracle.com
Thu Sep 10 17:51:24 UTC 2020
The branch master has been updated
via 9a62ccbe8a73101d2cfcdf7902b6fe10da7602c9 (commit)
from 9f604ca13ddc99e17ba37fed9281fbd1b71149a9 (commit)
- Log -----------------------------------------------------------------
commit 9a62ccbe8a73101d2cfcdf7902b6fe10da7602c9
Author: Shane Lontis <shane.lontis at oracle.com>
Date: Fri Sep 11 03:50:09 2020 +1000
Fix fipsinstall module path
If a path is specified with the -module option it will use this path to load the library when the provider is activated,
instead of also having to set the environment variable OPENSSL_MODULES.
Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname().
Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12761)
-----------------------------------------------------------------------
Summary of changes:
apps/fipsinstall.c | 14 +++++++++++-
apps/include/opt.h | 1 +
apps/lib/opt.c | 43 +++++++++++++++++++++++++++++--------
doc/man1/openssl-fipsinstall.pod.in | 2 ++
4 files changed, 50 insertions(+), 10 deletions(-)
diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index bd1cd68477..104806c1b7 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -277,7 +277,8 @@ int fipsinstall_main(int argc, char **argv)
const char *prov_name = "fips";
BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL;
char *in_fname = NULL, *out_fname = NULL, *prog;
- char *module_fname = NULL, *parent_config = NULL;
+ char *module_fname = NULL, *parent_config = NULL, *module_path = NULL;
+ const char *tail;
EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL;
STACK_OF(OPENSSL_STRING) *opts = NULL;
OPTION_CHOICE o;
@@ -368,6 +369,16 @@ opthelp:
|| argc != 0)
goto opthelp;
+ tail = opt_path_end(module_fname);
+ if (tail != NULL) {
+ module_path = OPENSSL_strdup(module_fname);
+ if (module_path == NULL)
+ goto end;
+ module_path[tail - module_fname] = '\0';
+ if (!OSSL_PROVIDER_set_default_search_path(NULL, module_path))
+ goto end;
+ }
+
if (self_test_log
|| self_test_corrupt_desc != NULL
|| self_test_corrupt_type != NULL)
@@ -474,6 +485,7 @@ end:
}
cleanup:
+ OPENSSL_free(module_path);
BIO_free(fout);
BIO_free(mem_bio);
BIO_free(module_bio);
diff --git a/apps/include/opt.h b/apps/include/opt.h
index a35fe327cf..56de57cf4c 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -339,6 +339,7 @@ typedef struct string_int_pair_st {
#define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }
#define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" }
+const char *opt_path_end(const char *filename);
char *opt_progname(const char *argv0);
char *opt_getprog(void);
char *opt_init(int ac, char **av, const OPTIONS * o);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index d6bfecc8ff..260ff3b1c2 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -46,18 +46,27 @@ static char prog[40];
* Return the simple name of the program; removing various platform gunk.
*/
#if defined(OPENSSL_SYS_WIN32)
-char *opt_progname(const char *argv0)
+
+const char *opt_path_end(const char *filename)
{
- size_t i, n;
const char *p;
- char *q;
/* find the last '/', '\' or ':' */
- for (p = argv0 + strlen(argv0); --p > argv0;)
+ for (p = filename + strlen(filename); --p > filename; )
if (*p == '/' || *p == '\\' || *p == ':') {
p++;
break;
}
+ return p;
+}
+
+char *opt_progname(const char *argv0)
+{
+ size_t i, n;
+ const char *p;
+ char *q;
+
+ p = opt_path_end(argv0);
/* Strip off trailing nonsense. */
n = strlen(p);
@@ -76,17 +85,25 @@ char *opt_progname(const char *argv0)
#elif defined(OPENSSL_SYS_VMS)
-char *opt_progname(const char *argv0)
+const char *opt_path_end(const char *filename)
{
- const char *p, *q;
+ const char *p;
/* Find last special character sys:[foo.bar]openssl */
- for (p = argv0 + strlen(argv0); --p > argv0;)
+ for (p = filename + strlen(filename); --p > filename;)
if (*p == ':' || *p == ']' || *p == '>') {
p++;
break;
}
+ return p;
+}
+char *opt_progname(const char *argv0)
+{
+ const char *p, *q;
+
+ /* Find last special character sys:[foo.bar]openssl */
+ p = opt_path_end(argv0);
q = strrchr(p, '.');
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
@@ -97,16 +114,24 @@ char *opt_progname(const char *argv0)
#else
-char *opt_progname(const char *argv0)
+const char *opt_path_end(const char *filename)
{
const char *p;
/* Could use strchr, but this is like the ones above. */
- for (p = argv0 + strlen(argv0); --p > argv0;)
+ for (p = filename + strlen(filename); --p > filename;)
if (*p == '/') {
p++;
break;
}
+ return p;
+}
+
+char *opt_progname(const char *argv0)
+{
+ const char *p;
+
+ p = opt_path_end(argv0);
strncpy(prog, p, sizeof(prog) - 1);
prog[sizeof(prog) - 1] = '\0';
return prog;
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index 8120fd299a..451e8a775d 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -58,6 +58,8 @@ Print a usage message.
=item B<-module> I<filename>
Filename of the FIPS module to perform an integrity check on.
+The path provided in the filename is used to load the module when it is
+activated, and this overrides the environment variable B<OPENSSL_MODULES>.
=item B<-out> I<configfilename>
More information about the openssl-commits
mailing list