diff options
| author | Shane Lontis <shane.lontis@oracle.com> | 2019-09-15 19:55:10 +1000 |
|---|---|---|
| committer | Shane Lontis <shane.lontis@oracle.com> | 2019-09-15 19:55:10 +1000 |
| commit | 7bb82f92d94375e7673fe02cb8186595b2c539f2 (patch) | |
| tree | 9ad368205615d359374430b91906e4c704135fae /crypto | |
| parent | dd11c5f0fa809063b152cd2851c4c1e56fbd20c8 (diff) | |
Add fips module integrity check
Add environment variable for setting CONF .include path
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9769)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/conf/conf_def.c | 25 | ||||
| -rw-r--r-- | crypto/provider_core.c | 2 |
2 files changed, 23 insertions, 4 deletions
diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index cbf0b2b183..ff4c43fc75 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -352,6 +352,8 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) && (p != pname + 8 || *p == '=')) { char *include = NULL; BIO *next; + const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE"); + char *include_path = NULL; if (*p == '=') { p++; @@ -360,17 +362,34 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) trim_ws(conf, p); if (!str_copy(conf, psection, &include, p)) goto err; + + if (include_dir != NULL) { + size_t newlen = strlen(include_dir) + strlen(include) + 2; + + include_path = OPENSSL_malloc(newlen); + OPENSSL_strlcpy(include_path, include_dir, newlen); + OPENSSL_strlcat(include_path, "/", newlen); + OPENSSL_strlcat(include_path, include, newlen); + } else { + include_path = include; + } + /* get the BIO of the included file */ #ifndef OPENSSL_NO_POSIX_IO - next = process_include(include, &dirctx, &dirpath); - if (include != dirpath) { + next = process_include(include_path, &dirctx, &dirpath); + if (include_path != dirpath) { /* dirpath will contain include in case of a directory */ OPENSSL_free(include); + if (include_path != include) + OPENSSL_free(include_path); } #else - next = BIO_new_file(include, "r"); + next = BIO_new_file(include_path, "r"); OPENSSL_free(include); + if (include_path != include) + OPENSSL_free(include_path); #endif + if (next != NULL) { /* push the currently processing BIO onto stack */ if (biosk == NULL) { diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 356327f375..f8a002aa16 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -871,7 +871,7 @@ static const OSSL_DISPATCH core_dispatch_[] = { { OSSL_FUNC_CORE_VSET_ERROR, (void (*)(void))core_vset_error }, { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))BIO_new_file }, { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))BIO_new_mem_buf }, - { OSSL_FUNC_BIO_READ, (void (*)(void))BIO_read }, + { OSSL_FUNC_BIO_READ_EX, (void (*)(void))BIO_read_ex }, { OSSL_FUNC_BIO_FREE, (void (*)(void))BIO_free }, #endif |