diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-09-30 13:50:34 +0200 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-10-08 16:57:34 +0200 |
| commit | 55c61473b52aff9fd5217aec543b3d25beea0531 (patch) | |
| tree | f13404802a058fa10cfe9b2d486149bca9ad0fc4 /crypto/conf | |
| parent | 02a2567173a451d8d00c276e6d8c1d1cb171234d (diff) | |
Correct and simplify use of ERR_clear_error() etc. for loading DSO libs
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13045)
Diffstat (limited to 'crypto/conf')
| -rw-r--r-- | crypto/conf/conf_lib.c | 16 | ||||
| -rw-r--r-- | crypto/conf/conf_mod.c | 34 |
2 files changed, 36 insertions, 14 deletions
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 4cc698400c..54ba692462 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -101,6 +101,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, return NULL; } else { CONF ctmp; + CONF_set_nconf(&ctmp, conf); return NCONF_get_section(&ctmp, section); } @@ -113,6 +114,7 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, return NCONF_get_string(NULL, group, name); } else { CONF ctmp; + CONF_set_nconf(&ctmp, conf); return NCONF_get_string(&ctmp, group, name); } @@ -129,6 +131,7 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, status = NCONF_get_number_e(NULL, group, name, &result); } else { CONF ctmp; + CONF_set_nconf(&ctmp, conf); status = NCONF_get_number_e(&ctmp, group, name, &result); } @@ -162,6 +165,7 @@ int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out) { CONF ctmp; + CONF_set_nconf(&ctmp, conf); return NCONF_dump_bio(&ctmp, out); } @@ -329,6 +333,18 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, return 1; } +long _CONF_get_number(const CONF *conf, const char *section, + const char *name) +{ + int status; + long result = 0; + + ERR_set_mark(); + status = NCONF_get_number_e(conf, section, name, &result); + ERR_pop_to_mark(); + return status == 0 ? 0L : result; +} + #ifndef OPENSSL_NO_STDIO int NCONF_dump_fp(const CONF *conf, FILE *out) { diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 5359a7e06d..a1cb4c5f7b 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -15,6 +15,7 @@ #include <ctype.h> #include <openssl/crypto.h> #include "internal/conf.h" +#include "openssl/conf_api.h" #include "internal/dso.h" #include "internal/thread_once.h" #include <openssl/x509.h> @@ -80,14 +81,7 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name, static int conf_diagnostics(const CONF *cnf) { - long int lflag = 0; - int res; - - ERR_set_mark(); - res = NCONF_get_number(cnf, NULL, "config_diagnostics", &lflag) - && lflag != 0; - ERR_pop_to_mark(); - return res; + return _CONF_get_number(cnf, NULL, "config_diagnostics") != 0; } /* Main function: load modules from a CONF structure */ @@ -109,6 +103,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, | CONF_MFLAGS_SILENT | CONF_MFLAGS_IGNORE_MISSING_FILE); + ERR_set_mark(); if (appname) vsection = NCONF_get_string(cnf, NULL, appname); @@ -116,7 +111,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); if (!vsection) { - ERR_clear_error(); + ERR_pop_to_mark(); return 1; } @@ -125,20 +120,28 @@ int CONF_modules_load(const CONF *cnf, const char *appname, if (values == NULL) { if (!(flags & CONF_MFLAGS_SILENT)) { + ERR_clear_last_mark(); CONFerr(0, CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION); ERR_add_error_data(2, "openssl_conf=", vsection); + } else { + ERR_pop_to_mark(); } return 0; } + ERR_pop_to_mark(); for (i = 0; i < sk_CONF_VALUE_num(values); i++) { vl = sk_CONF_VALUE_value(values, i); + ERR_set_mark(); ret = module_run(cnf, vl->name, vl->value, flags); OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n", vl->name, vl->value, ret); if (ret <= 0) - if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) + if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) { + ERR_clear_last_mark(); return ret; + } + ERR_pop_to_mark(); } return 1; @@ -152,6 +155,7 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename, CONF *conf = NULL; int ret = 0, diagnostics = 0; + ERR_set_mark(); conf = NCONF_new_ex(libctx, NULL); if (conf == NULL) goto err; @@ -167,7 +171,6 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename, if (NCONF_load(conf, file, NULL) <= 0) { if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { - ERR_clear_error(); ret = 1; } goto err; @@ -182,8 +185,12 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename, NCONF_free(conf); if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics) - return 1; + ret = 1; + if (ret) + ERR_pop_to_mark(); + else + ERR_clear_last_mark(); return ret; } @@ -255,9 +262,8 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, CONF_MODULE *md; /* Look for alternative path in module section */ - path = NCONF_get_string(cnf, value, "path"); + path = _CONF_get_string(cnf, value, "path"); if (path == NULL) { - ERR_clear_error(); path = name; } dso = DSO_load(NULL, path, NULL, 0); |