diff options
author | Neil Horman <nhorman@openssl.org> | 2023-12-20 13:00:57 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-27 09:32:48 +0100 |
commit | 9277ed0a4fc082807ad8d8f66925fb7968437cf6 (patch) | |
tree | 997facda414af0b3ea29f0b31e82d5e512ab55fa | |
parent | 62457fd9415d707baf76f219bbb9a29106ba092b (diff) |
Fix remaining provider config settings to be decisive in value
There is one remaining config setting for providers, soft_load, which is
enabled when provided in a config, regardless of its value. Augment it
to require a decisive value 1/0, yes/no, on/off, true/false, as we've
recently done for the activate setting.
Also, since it wasn't previously documented, add docs for it.
Fixes #23105
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23111)
-rw-r--r-- | CHANGES.md | 10 | ||||
-rw-r--r-- | crypto/provider_conf.c | 71 | ||||
-rw-r--r-- | doc/man5/config.pod | 8 |
3 files changed, 55 insertions, 34 deletions
diff --git a/CHANGES.md b/CHANGES.md index 271af03894..6f7c66dbce 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -28,11 +28,11 @@ OpenSSL 3.3 ### Changes between 3.2 and 3.3 [xx XXX xxxx] - * The activate configuration setting for providers in openssl.cnf has been - updated to require a value of [1|yes|true|on] (in lower or UPPER case) to - activate the provider. Conversely a setting [0|no|false|off] will prevent - provider activation. All other values, or the omission of a value for this - setting will result in an error. + * The activate and soft_load configuration settings for providers in + openssl.cnf have been updated to require a value of [1|yes|true|on] + (in lower or UPPER case) to enable the setting. Conversely a value + of [0|no|false|off] will disable the setting. All other values, or the + omission of a value for these settings will result in an error. *Neil Horman* diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index a4a5c5122b..6a8b88e2e5 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -272,6 +272,42 @@ static int provider_conf_activate(OSSL_LIB_CTX *libctx, const char *name, return ok; } +static int provider_conf_parse_bool_setting(const char *confname, + const char *confvalue, int *val) +{ + + if (confvalue == NULL) { + ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, + "directive %s set to unrecognized value", + confname); + return 0; + } + if ((strcmp(confvalue, "1") == 0) + || (strcmp(confvalue, "yes") == 0) + || (strcmp(confvalue, "YES") == 0) + || (strcmp(confvalue, "true") == 0) + || (strcmp(confvalue, "TRUE") == 0) + || (strcmp(confvalue, "on") == 0) + || (strcmp(confvalue, "ON") == 0)) { + *val = 1; + } else if ((strcmp(confvalue, "0") == 0) + || (strcmp(confvalue, "no") == 0) + || (strcmp(confvalue, "NO") == 0) + || (strcmp(confvalue, "false") == 0) + || (strcmp(confvalue, "FALSE") == 0) + || (strcmp(confvalue, "off") == 0) + || (strcmp(confvalue, "OFF") == 0)) { + *val = 0; + } else { + ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, + "directive %s set to unrecognized value", + confname); + return 0; + } + + return 1; +} + static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, const char *value, const CONF *cnf) { @@ -279,7 +315,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, STACK_OF(CONF_VALUE) *ecmds; int soft = 0; const char *path = NULL; - long activate = 0; + int activate = 0; int ok = 0; int added = 0; @@ -309,39 +345,16 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name, if (strcmp(confname, "identity") == 0) { name = confvalue; } else if (strcmp(confname, "soft_load") == 0) { - soft = 1; + if (!provider_conf_parse_bool_setting(confname, + confvalue, &soft)) + return 0; /* Load a dynamic PROVIDER */ } else if (strcmp(confname, "module") == 0) { path = confvalue; } else if (strcmp(confname, "activate") == 0) { - if (confvalue == NULL) { - ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, - "section=%s activate set to unrecognized value", - value); + if (!provider_conf_parse_bool_setting(confname, + confvalue, &activate)) return 0; - } - if ((strcmp(confvalue, "1") == 0) - || (strcmp(confvalue, "yes") == 0) - || (strcmp(confvalue, "YES") == 0) - || (strcmp(confvalue, "true") == 0) - || (strcmp(confvalue, "TRUE") == 0) - || (strcmp(confvalue, "on") == 0) - || (strcmp(confvalue, "ON") == 0)) { - activate = 1; - } else if ((strcmp(confvalue, "0") == 0) - || (strcmp(confvalue, "no") == 0) - || (strcmp(confvalue, "NO") == 0) - || (strcmp(confvalue, "false") == 0) - || (strcmp(confvalue, "FALSE") == 0) - || (strcmp(confvalue, "off") == 0) - || (strcmp(confvalue, "OFF") == 0)) { - activate = 0; - } else { - ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_SECTION_ERROR, - "section=%s activate set to unrecognized value", - value); - return 0; - } } } diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 96eaa6ffd3..8b3bf20cee 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -271,6 +271,14 @@ provider will be activated. Conversely, setting this value to no, off, false, or or uppercase. Setting activate to any other setting, or omitting a setting value will result in an error. += item B<soft_load> + +If enabled, informs the library to clear the error stack on failure to activate +requested provider. A value of 1, yes, true or on (in lower or uppercase) will +activate this setting, while a value of 0, no, false, of off (again in lower or +uppercase) will disable this setting. Any other value will produce an error. +Note this setting defaults to off if not provided + =back All parameters in the section as well as sub-sections are made |