From 9a62ccbe8a73101d2cfcdf7902b6fe10da7602c9 Mon Sep 17 00:00:00 2001
From: Shane Lontis <shane.lontis@oracle.com>
Date: Fri, 11 Sep 2020 03:50:09 +1000
Subject: [PATCH] Fix fipsinstall module path

If a path is specified with the -module option it will use this path to load the library when the provider is activated,
instead of also having to set the environment variable OPENSSL_MODULES.

Added a platform specific opt_path_end() function that uses existing functionality used by opt_progname().

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12761)
---
 apps/fipsinstall.c                  | 14 +++++++++-
 apps/include/opt.h                  |  1 +
 apps/lib/opt.c                      | 43 +++++++++++++++++++++++------
 doc/man1/openssl-fipsinstall.pod.in |  2 ++
 4 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/apps/fipsinstall.c b/apps/fipsinstall.c
index bd1cd684778..104806c1b78 100644
--- a/apps/fipsinstall.c
+++ b/apps/fipsinstall.c
@@ -277,7 +277,8 @@ int fipsinstall_main(int argc, char **argv)
     const char *prov_name = "fips";
     BIO *module_bio = NULL, *mem_bio = NULL, *fout = NULL;
     char *in_fname = NULL, *out_fname = NULL, *prog;
-    char *module_fname = NULL, *parent_config = NULL;
+    char *module_fname = NULL, *parent_config = NULL, *module_path = NULL;
+    const char *tail;
     EVP_MAC_CTX *ctx = NULL, *ctx2 = NULL;
     STACK_OF(OPENSSL_STRING) *opts = NULL;
     OPTION_CHOICE o;
@@ -368,6 +369,16 @@ opthelp:
         || argc != 0)
         goto opthelp;
 
+    tail = opt_path_end(module_fname);
+    if (tail != NULL) {
+        module_path = OPENSSL_strdup(module_fname);
+        if (module_path == NULL)
+            goto end;
+        module_path[tail - module_fname] = '\0';
+        if (!OSSL_PROVIDER_set_default_search_path(NULL, module_path))
+            goto end;
+    }
+
     if (self_test_log
             || self_test_corrupt_desc != NULL
             || self_test_corrupt_type != NULL)
@@ -474,6 +485,7 @@ end:
     }
 
 cleanup:
+    OPENSSL_free(module_path);
     BIO_free(fout);
     BIO_free(mem_bio);
     BIO_free(module_bio);
diff --git a/apps/include/opt.h b/apps/include/opt.h
index a35fe327cf5..56de57cf4cc 100644
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -339,6 +339,7 @@ typedef struct string_int_pair_st {
 #define OPT_SECTION(sec) { OPT_SECTION_STR, 1, '-', sec " options:\n" }
 #define OPT_PARAMETERS() { OPT_PARAM_STR, 1, '-', "Parameters:\n" }
 
+const char *opt_path_end(const char *filename);
 char *opt_progname(const char *argv0);
 char *opt_getprog(void);
 char *opt_init(int ac, char **av, const OPTIONS * o);
diff --git a/apps/lib/opt.c b/apps/lib/opt.c
index d6bfecc8ff7..260ff3b1c24 100644
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@@ -46,18 +46,27 @@ static char prog[40];
  * Return the simple name of the program; removing various platform gunk.
  */
 #if defined(OPENSSL_SYS_WIN32)
-char *opt_progname(const char *argv0)
+
+const char *opt_path_end(const char *filename)
 {
-    size_t i, n;
     const char *p;
-    char *q;
 
     /* find the last '/', '\' or ':' */
-    for (p = argv0 + strlen(argv0); --p > argv0;)
+    for (p = filename + strlen(filename); --p > filename; )
         if (*p == '/' || *p == '\\' || *p == ':') {
             p++;
             break;
         }
+    return p;
+}
+
+char *opt_progname(const char *argv0)
+{
+    size_t i, n;
+    const char *p;
+    char *q;
+
+    p = opt_path_end(argv0);
 
     /* Strip off trailing nonsense. */
     n = strlen(p);
@@ -76,17 +85,25 @@ char *opt_progname(const char *argv0)
 
 #elif defined(OPENSSL_SYS_VMS)
 
-char *opt_progname(const char *argv0)
+const char *opt_path_end(const char *filename)
 {
-    const char *p, *q;
+    const char *p;
 
     /* Find last special character sys:[foo.bar]openssl */
-    for (p = argv0 + strlen(argv0); --p > argv0;)
+    for (p = filename + strlen(filename); --p > filename;)
         if (*p == ':' || *p == ']' || *p == '>') {
             p++;
             break;
         }
+    return p;
+}
 
+char *opt_progname(const char *argv0)
+{
+    const char *p, *q;
+
+    /* Find last special character sys:[foo.bar]openssl */
+    p = opt_path_end(argv0);
     q = strrchr(p, '.');
     strncpy(prog, p, sizeof(prog) - 1);
     prog[sizeof(prog) - 1] = '\0';
@@ -97,16 +114,24 @@ char *opt_progname(const char *argv0)
 
 #else
 
-char *opt_progname(const char *argv0)
+const char *opt_path_end(const char *filename)
 {
     const char *p;
 
     /* Could use strchr, but this is like the ones above. */
-    for (p = argv0 + strlen(argv0); --p > argv0;)
+    for (p = filename + strlen(filename); --p > filename;)
         if (*p == '/') {
             p++;
             break;
         }
+    return p;
+}
+
+char *opt_progname(const char *argv0)
+{
+    const char *p;
+
+    p = opt_path_end(argv0);
     strncpy(prog, p, sizeof(prog) - 1);
     prog[sizeof(prog) - 1] = '\0';
     return prog;
diff --git a/doc/man1/openssl-fipsinstall.pod.in b/doc/man1/openssl-fipsinstall.pod.in
index 8120fd299a3..451e8a775d3 100644
--- a/doc/man1/openssl-fipsinstall.pod.in
+++ b/doc/man1/openssl-fipsinstall.pod.in
@@ -58,6 +58,8 @@ Print a usage message.
 =item B<-module> I<filename>
 
 Filename of the FIPS module to perform an integrity check on.
+The path provided in the filename is used to load the module when it is
+activated, and this overrides the environment variable B<OPENSSL_MODULES>.
 
 =item B<-out> I<configfilename>
 
-- 
2.47.2