diff options
| author | Matt Caswell <matt@openssl.org> | 2020-07-31 17:29:21 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2020-08-17 11:27:51 +0100 |
| commit | e6c54619d151eeec32055bbd713cda11a9182246 (patch) | |
| tree | 7d1e275da8ee5d4ecbe66ae3c5593573b48dc1f2 /crypto/evp | |
| parent | ebe3f24b3d53e503bd37a2a08a8b1f896014c30d (diff) | |
Load the default config file before working with default properties
A config file can change the global default properties. Therefore we
must ensure that the config file is loaded before reading or amending
them.
Fixes #12565
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12567)
Diffstat (limited to 'crypto/evp')
| -rw-r--r-- | crypto/evp/evp_cnf.c | 3 | ||||
| -rw-r--r-- | crypto/evp/evp_fetch.c | 22 |
2 files changed, 16 insertions, 9 deletions
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 27815553bd..455b258a9a 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -14,6 +14,7 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> #include <openssl/trace.h> +#include "crypto/evp.h" DEFINE_STACK_OF(CONF_VALUE) @@ -52,7 +53,7 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) return 0; } } else if (strcmp(oval->name, "default_properties") == 0) { - if (!EVP_set_default_properties(cnf->libctx, oval->value)) { + if (!evp_set_default_properties_int(cnf->libctx, oval->value, 0)) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); return 0; } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 4c3992ab40..7b0cea7f0b 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -377,11 +377,12 @@ void evp_method_store_flush(OPENSSL_CTX *libctx) ossl_method_store_flush_cache(store, 1); } -static int evp_set_default_properties(OPENSSL_CTX *libctx, - OSSL_PROPERTY_LIST *def_prop) +static int evp_set_parsed_default_properties(OPENSSL_CTX *libctx, + OSSL_PROPERTY_LIST *def_prop, + int loadconfig) { OSSL_METHOD_STORE *store = get_evp_method_store(libctx); - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); if (plp != NULL) { ossl_property_free(*plp); @@ -394,7 +395,8 @@ static int evp_set_default_properties(OPENSSL_CTX *libctx, return 0; } -int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) +int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq, + int loadconfig) { OSSL_PROPERTY_LIST *pl = NULL; @@ -402,13 +404,17 @@ int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) EVPerr(0, EVP_R_DEFAULT_QUERY_PARSE_ERROR); return 0; } - return evp_set_default_properties(libctx, pl); + return evp_set_parsed_default_properties(libctx, pl, loadconfig); } +int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) +{ + return evp_set_default_properties_int(libctx, propq, 1); +} static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) { - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1); OSSL_PROPERTY_LIST *pl1, *pl2; if (propq == NULL) @@ -425,13 +431,13 @@ static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) EVPerr(0, ERR_R_MALLOC_FAILURE); return 0; } - return evp_set_default_properties(libctx, pl2); + return evp_set_parsed_default_properties(libctx, pl2, 0); } static int evp_default_property_is_enabled(OPENSSL_CTX *libctx, const char *prop_name) { - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1); return plp != NULL && ossl_property_is_enabled(libctx, prop_name, *plp); } |