[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Jun 10 22:53:10 UTC 2021
The branch master has been updated
via b19fcc66d382357617744690dc3363947de2cb6f (commit)
via d475a9efcfb98fe2d207dbc56bed931ee35b74a6 (commit)
via 6cf811e8678b23d03621c94a562181eb73ccc2e0 (commit)
from 7afef721ff93018a66f8e2e6b9e1ce3d48321bdf (commit)
- Log -----------------------------------------------------------------
commit b19fcc66d382357617744690dc3363947de2cb6f
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Jun 9 17:04:12 2021 +0200
Document that provider name can be a full path
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)
commit d475a9efcfb98fe2d207dbc56bed931ee35b74a6
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Jun 9 16:42:35 2021 +0200
dl_name_converter: Avoid unnecessary overallocation
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)
commit 6cf811e8678b23d03621c94a562181eb73ccc2e0
Author: Tomas Mraz <tomas at openssl.org>
Date: Wed Jun 9 16:27:05 2021 +0200
ossl_provider_set_module_path: Prevent potential UAF
Reviewed-by: Matt Caswell <matt at openssl.org>
Reviewed-by: Paul Dale <pauli at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15680)
-----------------------------------------------------------------------
Summary of changes:
crypto/dso/dso_dl.c | 2 +-
crypto/provider_core.c | 1 +
doc/man1/openssl.pod | 7 ++++++-
doc/man3/OSSL_PROVIDER.pod | 7 ++++++-
4 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/crypto/dso/dso_dl.c b/crypto/dso/dso_dl.c
index e41648548e..8d440ab3e2 100644
--- a/crypto/dso/dso_dl.c
+++ b/crypto/dso/dso_dl.c
@@ -224,7 +224,7 @@ static char *dl_name_converter(DSO *dso, const char *filename)
len = strlen(filename);
rsize = len + 1;
transform = (strstr(filename, "/") == NULL);
- {
+ if (transform) {
/* We will convert this to "%s.s?" or "lib%s.s?" */
rsize += strlen(DSO_EXTENSION); /* The length of ".s?" */
if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0)
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 30fa44d789..c6a8fa3f26 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -483,6 +483,7 @@ void ossl_provider_free(OSSL_PROVIDER *prov)
int ossl_provider_set_module_path(OSSL_PROVIDER *prov, const char *module_path)
{
OPENSSL_free(prov->path);
+ prov->path = NULL;
if (module_path == NULL)
return 1;
if ((prov->path = OPENSSL_strdup(module_path)) != NULL)
diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod
index 3b47ae9729..b6f4029a67 100644
--- a/doc/man1/openssl.pod
+++ b/doc/man1/openssl.pod
@@ -651,7 +651,12 @@ the PKCS#11 URI as defined in RFC 7512 should be possible to use directly:
=item B<-provider> I<name>
-Load and initialize the provider identified by I<name>.
+Load and initialize the provider identified by I<name>. The I<name>
+can be also a path to the provider module. In that case the provider name
+will be the specified path and not just the provider module name.
+Interpretation of relative paths is platform specific. The configured
+"MODULESDIR" path, B<OPENSSL_MODULES> environment variable, or the path
+specified by B<-provider-path> is prepended to relative paths.
See L<provider(7)> for a more detailed description.
=item B<-provider-path> I<path>
diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod
index 2b014c4671..bc4cc1641e 100644
--- a/doc/man3/OSSL_PROVIDER.pod
+++ b/doc/man3/OSSL_PROVIDER.pod
@@ -81,7 +81,12 @@ OSSL_PROVIDER_load() loads and initializes a provider.
This may simply initialize a provider that was previously added with
OSSL_PROVIDER_add_builtin() and run its given initialization function,
or load a provider module with the given name and run its provider
-entry point, C<OSSL_provider_init>.
+entry point, C<OSSL_provider_init>. The I<name> can be a path
+to a provider module, in that case the provider name as returned
+by OSSL_PROVIDER_get0_name() will be the path. Interpretation
+of relative paths is platform dependent and they are relative
+to the configured "MODULESDIR" directory or the path set in
+the environment variable OPENSSL_MODULES if set.
OSSL_PROVIDER_try_load() functions like OSSL_PROVIDER_load(), except that
it does not disable the fallback providers if the provider cannot be
More information about the openssl-commits
mailing list