From: Dr. David von Oheimb Date: Wed, 30 Sep 2020 11:50:34 +0000 (+0200) Subject: Correct and simplify use of ERR_clear_error() etc. for loading DSO libs X-Git-Tag: openssl-3.0.0-alpha7~47 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=55c61473b52aff9fd5217aec543b3d25beea0531;p=thirdparty%2Fopenssl.git Correct and simplify use of ERR_clear_error() etc. for loading DSO libs Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/13045) --- diff --git a/apps/cmp.c b/apps/cmp.c index 1137ed0a845..e52eff3c284 100644 --- a/apps/cmp.c +++ b/apps/cmp.c @@ -2626,7 +2626,6 @@ int cmp_main(int argc, char **argv) char mock_server[] = "mock server:1"; int ret = 0; /* default: failure */ - ERR_clear_error(); /* clear leftover errors on loading libengines.so etc. */ if (argc <= 1) { opt_help(cmp_options); goto err; diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c index 4cc698400c6..54ba692462f 100644 --- a/crypto/conf/conf_lib.c +++ b/crypto/conf/conf_lib.c @@ -101,6 +101,7 @@ STACK_OF(CONF_VALUE) *CONF_get_section(LHASH_OF(CONF_VALUE) *conf, return NULL; } else { CONF ctmp; + CONF_set_nconf(&ctmp, conf); return NCONF_get_section(&ctmp, section); } @@ -113,6 +114,7 @@ char *CONF_get_string(LHASH_OF(CONF_VALUE) *conf, const char *group, return NCONF_get_string(NULL, group, name); } else { CONF ctmp; + CONF_set_nconf(&ctmp, conf); return NCONF_get_string(&ctmp, group, name); } @@ -129,6 +131,7 @@ long CONF_get_number(LHASH_OF(CONF_VALUE) *conf, const char *group, status = NCONF_get_number_e(NULL, group, name, &result); } else { CONF ctmp; + CONF_set_nconf(&ctmp, conf); status = NCONF_get_number_e(&ctmp, group, name, &result); } @@ -162,6 +165,7 @@ int CONF_dump_fp(LHASH_OF(CONF_VALUE) *conf, FILE *out) int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out) { CONF ctmp; + CONF_set_nconf(&ctmp, conf); return NCONF_dump_bio(&ctmp, out); } @@ -329,6 +333,18 @@ int NCONF_get_number_e(const CONF *conf, const char *group, const char *name, return 1; } +long _CONF_get_number(const CONF *conf, const char *section, + const char *name) +{ + int status; + long result = 0; + + ERR_set_mark(); + status = NCONF_get_number_e(conf, section, name, &result); + ERR_pop_to_mark(); + return status == 0 ? 0L : result; +} + #ifndef OPENSSL_NO_STDIO int NCONF_dump_fp(const CONF *conf, FILE *out) { diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index 5359a7e06dd..a1cb4c5f7b3 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -15,6 +15,7 @@ #include #include #include "internal/conf.h" +#include "openssl/conf_api.h" #include "internal/dso.h" #include "internal/thread_once.h" #include @@ -80,14 +81,7 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name, static int conf_diagnostics(const CONF *cnf) { - long int lflag = 0; - int res; - - ERR_set_mark(); - res = NCONF_get_number(cnf, NULL, "config_diagnostics", &lflag) - && lflag != 0; - ERR_pop_to_mark(); - return res; + return _CONF_get_number(cnf, NULL, "config_diagnostics") != 0; } /* Main function: load modules from a CONF structure */ @@ -109,6 +103,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, | CONF_MFLAGS_SILENT | CONF_MFLAGS_IGNORE_MISSING_FILE); + ERR_set_mark(); if (appname) vsection = NCONF_get_string(cnf, NULL, appname); @@ -116,7 +111,7 @@ int CONF_modules_load(const CONF *cnf, const char *appname, vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); if (!vsection) { - ERR_clear_error(); + ERR_pop_to_mark(); return 1; } @@ -125,20 +120,28 @@ int CONF_modules_load(const CONF *cnf, const char *appname, if (values == NULL) { if (!(flags & CONF_MFLAGS_SILENT)) { + ERR_clear_last_mark(); CONFerr(0, CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION); ERR_add_error_data(2, "openssl_conf=", vsection); + } else { + ERR_pop_to_mark(); } return 0; } + ERR_pop_to_mark(); for (i = 0; i < sk_CONF_VALUE_num(values); i++) { vl = sk_CONF_VALUE_value(values, i); + ERR_set_mark(); ret = module_run(cnf, vl->name, vl->value, flags); OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n", vl->name, vl->value, ret); if (ret <= 0) - if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) + if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) { + ERR_clear_last_mark(); return ret; + } + ERR_pop_to_mark(); } return 1; @@ -152,6 +155,7 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename, CONF *conf = NULL; int ret = 0, diagnostics = 0; + ERR_set_mark(); conf = NCONF_new_ex(libctx, NULL); if (conf == NULL) goto err; @@ -167,7 +171,6 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename, if (NCONF_load(conf, file, NULL) <= 0) { if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { - ERR_clear_error(); ret = 1; } goto err; @@ -182,8 +185,12 @@ int CONF_modules_load_file_ex(OPENSSL_CTX *libctx, const char *filename, NCONF_free(conf); if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics) - return 1; + ret = 1; + if (ret) + ERR_pop_to_mark(); + else + ERR_clear_last_mark(); return ret; } @@ -255,9 +262,8 @@ static CONF_MODULE *module_load_dso(const CONF *cnf, CONF_MODULE *md; /* Look for alternative path in module section */ - path = NCONF_get_string(cnf, value, "path"); + path = _CONF_get_string(cnf, value, "path"); if (path == NULL) { - ERR_clear_error(); path = name; } dso = DSO_load(NULL, path, NULL, 0); diff --git a/crypto/ts/ts_conf.c b/crypto/ts/ts_conf.c index 5418bc8bbf4..55fae481e13 100644 --- a/crypto/ts/ts_conf.c +++ b/crypto/ts/ts_conf.c @@ -17,6 +17,7 @@ #include #include #include +#include /* Macro definitions for the configuration file. */ #define BASE_SECTION "tsa" @@ -418,7 +419,7 @@ int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx) return ret; } -int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, +int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, TS_RESP_CTX *ctx) { int ret = 0; @@ -427,9 +428,7 @@ int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, /* * If not specified, set the default value to 0, i.e. sec precision */ - if (!NCONF_get_number_e(conf, section, ENV_CLOCK_PRECISION_DIGITS, - &digits)) - digits = 0; + digits = _CONF_get_number(conf, section, ENV_CLOCK_PRECISION_DIGITS); if (digits < 0 || digits > TS_MAX_CLOCK_PRECISION_DIGITS) { ts_CONF_invalid(section, ENV_CLOCK_PRECISION_DIGITS); goto err; diff --git a/include/openssl/ts.h b/include/openssl/ts.h index 48cea0f503a..e88ad44cfd6 100644 --- a/include/openssl/ts.h +++ b/include/openssl/ts.h @@ -486,7 +486,7 @@ int TS_CONF_set_def_policy(CONF *conf, const char *section, int TS_CONF_set_policies(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_digests(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx); -int TS_CONF_set_clock_precision_digits(CONF *conf, const char *section, +int TS_CONF_set_clock_precision_digits(const CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_ordering(CONF *conf, const char *section, TS_RESP_CTX *ctx); int TS_CONF_set_tsa_name(CONF *conf, const char *section, TS_RESP_CTX *ctx);