[openssl] master update
tomas at openssl.org
tomas at openssl.org
Wed May 5 11:11:52 UTC 2021
The branch master has been updated
via f7050588bc76901e0a147c158e64ac3140dc8bfd (commit)
via 3fb985fd04611082bbfc3622a078e8c5e5edb378 (commit)
from 1127754e4877b2a4bd53112de115041d1952fa12 (commit)
- Log -----------------------------------------------------------------
commit f7050588bc76901e0a147c158e64ac3140dc8bfd
Author: Rich Salz <rsalz at akamai.com>
Date: Fri Apr 30 12:18:00 2021 -0400
Add .includedir pragma
Also add a negative test, and fix typo's.
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
commit 3fb985fd04611082bbfc3622a078e8c5e5edb378
Author: Rich Salz <rsalz at akamai.com>
Date: Thu Apr 29 16:22:30 2021 -0400
Allow absolute paths to be set
It was a mistake to allow relative paths for include files (just
like root shouldn't have "." in its PATH), but we probably can't
change it now. Add a new pragma "abspath" that someone can put
in the system-wide config file to require absolute paths.
Also update the config documentation to better explain how file
inclusion works.
Reviewed-by: Dmitry Belyavskiy <beldmit at gmail.com>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15090)
-----------------------------------------------------------------------
Summary of changes:
CHANGES.md | 5 +++
crypto/conf/conf_api.c | 1 +
crypto/conf/conf_def.c | 46 ++++++++++++++++++++++-----
crypto/conf/conf_err.c | 3 +-
crypto/err/openssl.txt | 1 +
doc/man5/config.pod | 44 ++++++++++++++-----------
include/crypto/conferr.h | 2 +-
include/openssl/conf.h.in | 4 ++-
include/openssl/conferr.h | 1 +
test/recipes/90-test_includes.t | 3 +-
test/recipes/90-test_includes_data/incdir.cnf | 6 ++++
11 files changed, 85 insertions(+), 31 deletions(-)
create mode 100644 test/recipes/90-test_includes_data/incdir.cnf
diff --git a/CHANGES.md b/CHANGES.md
index 0e7b09432b..7b6c7c5ffb 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -23,6 +23,11 @@ OpenSSL 3.0
### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
+ * Add "abspath" and "includedir" pragma's to config files, to prevent,
+ or modify relative pathname inclusion.
+
+ * Rich Salz *
+
* OpenSSL includes a cryptographic module that is intended to be FIPS 140-2
validated. The module is implemented as an OpenSSL provider, the so-called
FIPS provider. A list of all changes related to the FIPS provider would go
diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c
index c2c461d832..41a09c42bc 100644
--- a/crypto/conf/conf_api.c
+++ b/crypto/conf/conf_api.c
@@ -146,6 +146,7 @@ void _CONF_free_data(CONF *conf)
* with
*/
+ OPENSSL_free(conf->includedir);
lh_CONF_VALUE_doall(conf->data, value_free_stack_doall);
lh_CONF_VALUE_free(conf->data);
}
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index bfb718753b..ea6b5bf244 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -188,6 +188,23 @@ static int def_load(CONF *conf, const char *name, long *line)
return ret;
}
+
+/* Parse a boolean value and fill in *flag. Return 0 on error. */
+static int parsebool(const char *pval, int *flag)
+{
+ if (strcasecmp(pval, "on") == 0
+ || strcasecmp(pval, "true") == 0) {
+ *flag = 1;
+ } else if (strcasecmp(pval, "off") == 0
+ || strcasecmp(pval, "false") == 0) {
+ *flag = 0;
+ } else {
+ ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);
+ return 0;
+ }
+ return 1;
+}
+
static int def_load_bio(CONF *conf, BIO *in, long *line)
{
/* The macro BUFSIZE conflicts with a system macro in VxWorks */
@@ -397,19 +414,22 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
* Known pragmas:
*
* dollarid takes "on", "true or "off", "false"
+ * abspath takes "on", "true or "off", "false"
+ * includedir directory prefix
*/
if (strcmp(p, "dollarid") == 0) {
- if (strcmp(pval, "on") == 0
- || strcmp(pval, "true") == 0) {
- conf->flag_dollarid = 1;
- } else if (strcmp(pval, "off") == 0
- || strcmp(pval, "false") == 0) {
- conf->flag_dollarid = 0;
- } else {
- ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);
+ if (!parsebool(pval, &conf->flag_dollarid))
+ goto err;
+ } else if (strcmp(p, "abspath") == 0) {
+ if (!parsebool(pval, &conf->flag_abspath))
+ goto err;
+ } else if (strcmp(p, "includedir") == 0) {
+ if ((conf->includedir = OPENSSL_strdup(pval)) == NULL) {
+ ERR_raise(ERR_LIB_CONF, ERR_R_MALLOC_FAILURE);
goto err;
}
}
+
/*
* We *ignore* any unknown pragma.
*/
@@ -421,6 +441,9 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
char *include_path = NULL;
+ if (include_dir == NULL)
+ include_dir = conf->includedir;
+
if (*p == '=') {
p++;
p = eat_ws(conf, p);
@@ -448,6 +471,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
include_path = include;
}
+ if (conf->flag_abspath
+ && !ossl_is_absolute_path(include_path)) {
+ ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH);
+ goto err;
+ }
+
/* get the BIO of the included file */
#ifndef OPENSSL_NO_POSIX_IO
next = process_include(include_path, &dirctx, &dirpath);
@@ -527,6 +556,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
*/
sk_BIO_free(biosk);
return 1;
+
err:
BUF_MEM_free(buff);
OPENSSL_free(section);
diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c
index 417ae58efb..a06f55b104 100644
--- a/crypto/conf/conf_err.c
+++ b/crypto/conf/conf_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -41,6 +41,7 @@ static const ERR_STRING_DATA CONF_str_reasons[] = {
"openssl conf references missing section"},
{ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RECURSIVE_DIRECTORY_INCLUDE),
"recursive directory include"},
+ {ERR_PACK(ERR_LIB_CONF, 0, CONF_R_RELATIVE_PATH), "relative path"},
{ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_EMPTY),
"ssl command section empty"},
{ERR_PACK(ERR_LIB_CONF, 0, CONF_R_SSL_COMMAND_SECTION_NOT_FOUND),
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d964b9adc4..1e51d23219 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -393,6 +393,7 @@ CONF_R_NUMBER_TOO_LARGE:121:number too large
CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION:124:\
openssl conf references missing section
CONF_R_RECURSIVE_DIRECTORY_INCLUDE:111:recursive directory include
+CONF_R_RELATIVE_PATH:125:relative path
CONF_R_SSL_COMMAND_SECTION_EMPTY:117:ssl command section empty
CONF_R_SSL_COMMAND_SECTION_NOT_FOUND:118:ssl command section not found
CONF_R_SSL_SECTION_EMPTY:119:ssl section empty
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 39da6dcb74..ad7d7e1e01 100644
--- a/doc/man5/config.pod
+++ b/doc/man5/config.pod
@@ -47,11 +47,21 @@ inside the B<pathname> are B<ignored>. Similarly, if a file is opened
while scanning a directory, and that file has an B<.include> directive
that specifies a directory, that is also ignored.
-As a general rule, the B<pathname> should be an absolute path. Relative
-paths are evaluated based on the current working directory, so unless the
-file with the B<.include> directive is application-specific, the inclusion
-will not work as expected. The environment variable B<OPENSSL_CONF_INCLUDE>,
-if it exists, will be prepended to all B<.include> B<pathname>'s.
+As a general rule, the B<pathname> should be an absolute path; this can
+be enforced with the B<abspath> and B<includedir> pragmas, described below.
+The environment variable B<OPENSSL_CONF_INCLUDE>, if it exists,
+is prepended to all relative pathnames.
+If the pathname is still relative, it is interpreted based on the
+current working directory.
+
+To require all file inclusions to name absolute paths, use the following
+directive:
+
+ .pragma [=] abspath:value
+
+The default behavior, where the B<value> is B<false> or B<off>, is to allow
+relative paths. To require all B<.include> pathnames to be absolute paths,
+use a B<value> of B<true> or B<on>.
In these files, the dollar sign, B<$>, is used to reference a variable, as
described below. On some platforms, however, it is common to treat B<$>
@@ -60,22 +70,18 @@ done with the following directive:
.pragma [=] dollarid:value
-Where B<value> is one of the following:
-
-=over 4
-
-=item B<off> or B<false>
-
-This is the default behavior. For example, C<foo$bar> is interpreted as
-C<foo> followed by the expansion of the variable C<bar>.
-
-=item B<on> or B<true>
-
-This specifies that dollar signs are part of the symbol name and
+The default behavior, where the B<value> is B<false> or B<off>, is to treat
+the dollarsign as indicating a variable name; C<foo$bar> is interpreted as
+C<foo> followed by the expansion of the variable C<bar>. If B<value> is
+B<true> or B<on>, then C<foo$bar> is a single seven-character name nad
variable expansions must be specified using braces or parentheses.
-For example, C<foo$bar> is treated as a single seven-character name.
-=back
+ .pragma [=] includedir:value
+
+If a relative pathname is specified in the B<.include> directive, and
+the B<OPENSSL_CONF_INCLUDE> environment variable doesn't exist, then
+the value of the B<includedir> pragma, if it exists, is prepended to the
+pathname.
=head2 Settings
diff --git a/include/crypto/conferr.h b/include/crypto/conferr.h
index 48e689191a..0e7a02a1e0 100644
--- a/include/crypto/conferr.h
+++ b/include/crypto/conferr.h
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
diff --git a/include/openssl/conf.h.in b/include/openssl/conf.h.in
index b82a915626..ee7cbb00e4 100644
--- a/include/openssl/conf.h.in
+++ b/include/openssl/conf.h.in
@@ -119,7 +119,9 @@ struct conf_st {
CONF_METHOD *meth;
void *meth_data;
LHASH_OF(CONF_VALUE) *data;
- unsigned int flag_dollarid:1;
+ int flag_dollarid;
+ int flag_abspath;
+ char *includedir;
OSSL_LIB_CTX *libctx;
};
diff --git a/include/openssl/conferr.h b/include/openssl/conferr.h
index bf5961e72a..496e2e1efd 100644
--- a/include/openssl/conferr.h
+++ b/include/openssl/conferr.h
@@ -38,6 +38,7 @@
# define CONF_R_NUMBER_TOO_LARGE 121
# define CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION 124
# define CONF_R_RECURSIVE_DIRECTORY_INCLUDE 111
+# define CONF_R_RELATIVE_PATH 125
# define CONF_R_SSL_COMMAND_SECTION_EMPTY 117
# define CONF_R_SSL_COMMAND_SECTION_NOT_FOUND 118
# define CONF_R_SSL_SECTION_EMPTY 119
diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t
index add3813a64..13c5c84202 100644
--- a/test/recipes/90-test_includes.t
+++ b/test/recipes/90-test_includes.t
@@ -13,7 +13,7 @@ plan skip_all => "test_includes doesn't work without posix-io"
delete $ENV{OPENSSL_CONF_INCLUDE};
plan tests => # The number of tests being performed
- 5
+ 6
+ ($^O eq "VMS" ? 2 : 0);
ok(run(test(["conf_include_test", data_file("includes.cnf")])), "test directory includes");
@@ -27,3 +27,4 @@ if ($^O eq "VMS") {
"test file includes, VMS syntax");
}
ok(run(test(["conf_include_test", "-f", data_file("includes-broken.cnf")])), "test broken includes");
+ok(run(test(["conf_include_test", "-f", data_file("incdir.cnf")])), "test includedir");
diff --git a/test/recipes/90-test_includes_data/incdir.cnf b/test/recipes/90-test_includes_data/incdir.cnf
new file mode 100644
index 0000000000..0d882eddcf
--- /dev/null
+++ b/test/recipes/90-test_includes_data/incdir.cnf
@@ -0,0 +1,6 @@
+#
+# Set includedir and expect to fail
+#
+.pragma includedir:/
+
+.include includes.cnf
More information about the openssl-commits
mailing list