[openssl] master update

Dr. Paul Dale pauli at openssl.org
Thu Jun 10 22:53:10 UTC 2021


The branch master has been updated
       via  b19fcc66d382357617744690dc3363947de2cb6f (commit)
       via  d475a9efcfb98fe2d207dbc56bed931ee35b74a6 (commit)
       via  6cf811e8678b23d03621c94a562181eb73ccc2e0 (commit)
      from  7afef721ff93018a66f8e2e6b9e1ce3d48321bdf (commit)


- Log -----------------------------------------------------------------
commit b19fcc66d382357617744690dc3363947de2cb6f
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jun 9 17:04:12 2021 +0200

    Document that provider name can be a full path
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15680)

commit d475a9efcfb98fe2d207dbc56bed931ee35b74a6
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jun 9 16:42:35 2021 +0200

    dl_name_converter: Avoid unnecessary overallocation
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15680)

commit 6cf811e8678b23d03621c94a562181eb73ccc2e0
Author: Tomas Mraz <tomas at openssl.org>
Date:   Wed Jun 9 16:27:05 2021 +0200

    ossl_provider_set_module_path: Prevent potential UAF
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/15680)

-----------------------------------------------------------------------

Summary of changes:
 crypto/dso/dso_dl.c        | 2 +-
 crypto/provider_core.c     | 1 +
 doc/man1/openssl.pod       | 7 ++++++-
 doc/man3/OSSL_PROVIDER.pod | 7 ++++++-
 4 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
index e41648548e..8d440ab3e2 100644
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -224,7 +224,7 @@ static char *dl_name_converter(DSO *dso, const char *filename)
     len = strlen(filename);
     rsize = len + 1;
     transform = (strstr(filename, "/") == NULL);
-    {
+    if (transform) {
         /* We will convert this to "%s.s?" or "lib%s.s?" */
         rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */
         if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 30fa44d789..c6a8fa3f26 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -483,6 +483,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
 int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path)
 {
     OPENSSL_free(prov->path);
+    prov->path = NULL;
     if (module_path == NULL)
         return 1;
     if ((prov->path = OPENSSL_strdup(module_path)) != NULL)
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 3b47ae9729..b6f4029a67 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -651,7 +651,12 @@ the PKCS#11 URI as defined in RFC 7512 should be possible to use directly:
 
 =item B<-provider> I<name>
 
-Load and initialize the provider identified by I<name>.
+Load and initialize the provider identified by I<name>. The I<name>
+can be also a path to the provider module. In that case the provider name
+will be the specified path and not just the provider module name.
+Interpretation of relative paths is platform specific. The configured
+"MODULESDIR" path, B<OPENSSL_MODULES> environment variable, or the path
+specified by B<-provider-path> is prepended to relative paths.
 See L<provider(7)> for a more detailed description.
 
 =item B<-provider-path> I<path>
diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod
index 2b014c4671..bc4cc1641e 100644
--- a/doc/man3/OSSL_PROVIDER.pod
+++ b/doc/man3/OSSL_PROVIDER.pod
@@ -81,7 +81,12 @@ OSSL_PROVIDER_load() loads and initializes a provider.
 This may simply initialize a provider that was previously added with
 OSSL_PROVIDER_add_builtin() and run its given initialization function,
 or load a provider module with the given name and run its provider
-entry point, C<OSSL_provider_init>.
+entry point, C<OSSL_provider_init>. The I<name> can be a path
+to a provider module, in that case the provider name as returned
+by OSSL_PROVIDER_get0_name() will be the path. Interpretation
+of relative paths is platform dependent and they are relative
+to the configured "MODULESDIR" directory or the path set in
+the environment variable OPENSSL_MODULES if set.
 
 OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that
 it does not disable the fallback providers if the provider cannot be


More information about the openssl-commits mailing list