From: Viktor Dukhovni <openssl-users@dukhovni.org>
Date: Fri, 17 Jan 2025 11:58:43 +0000 (+1100)
Subject: Support boolean queries against provider config
X-Git-Tag: openssl-3.5.0-alpha1~710
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6855e1d79088152a39df72cf0e67845095df7e3;p=thirdparty%2Fopenssl.git

Support boolean queries against provider config

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26455)
---

diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 787b83b7184..4ce64c88529 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -806,7 +806,8 @@ int OSSL_PROVIDER_add_conf_parameter(OSSL_PROVIDER *prov,
     return infopair_add(&prov->parameters, name, value);
 }
 
-int OSSL_PROVIDER_get_conf_parameters(OSSL_PROVIDER *prov, OSSL_PARAM params[])
+int OSSL_PROVIDER_get_conf_parameters(const OSSL_PROVIDER *prov,
+                                      OSSL_PARAM params[])
 {
     int i;
 
@@ -824,6 +825,36 @@ int OSSL_PROVIDER_get_conf_parameters(OSSL_PROVIDER *prov, OSSL_PARAM params[])
     return 1;
 }
 
+int OSSL_PROVIDER_conf_get_bool(const OSSL_PROVIDER *prov,
+                                const char *name, int defval)
+{
+    char *val = NULL;
+    OSSL_PARAM param[2] = { OSSL_PARAM_END, OSSL_PARAM_END };
+
+    param[0].key = (char *)name;
+    param[0].data_type = OSSL_PARAM_UTF8_PTR;
+    param[0].data = (void *) &val;
+    param[0].data_size = sizeof(val);
+    param[0].return_size = OSSL_PARAM_UNMODIFIED;
+
+    /* Errors are ignored, returning the default value */
+    if (OSSL_PROVIDER_get_conf_parameters(prov, param)
+        && OSSL_PARAM_modified(param)
+        && val != NULL) {
+        if ((strcmp(val, "1") == 0)
+            || (OPENSSL_strcasecmp(val, "yes") == 0)
+            || (OPENSSL_strcasecmp(val, "true") == 0)
+            || (OPENSSL_strcasecmp(val, "on") == 0))
+            return 1;
+        else if ((strcmp(val, "0") == 0)
+                   || (OPENSSL_strcasecmp(val, "no") == 0)
+                   || (OPENSSL_strcasecmp(val, "false") == 0)
+                   || (OPENSSL_strcasecmp(val, "off") == 0))
+            return 0;
+    }
+    return defval;
+}
+
 int ossl_provider_info_add_parameter(OSSL_PROVIDER_INFO *provinfo,
                                      const char *name,
                                      const char *value)
diff --git a/doc/man3/OSSL_PROVIDER.pod b/doc/man3/OSSL_PROVIDER.pod
index b3889b1ca97..e1dfc32a4bb 100644
--- a/doc/man3/OSSL_PROVIDER.pod
+++ b/doc/man3/OSSL_PROVIDER.pod
@@ -12,7 +12,7 @@ OSSL_PROVIDER_query_operation, OSSL_PROVIDER_unquery_operation,
 OSSL_PROVIDER_get0_provider_ctx, OSSL_PROVIDER_get0_dispatch,
 OSSL_PROVIDER_add_builtin, OSSL_PROVIDER_get0_name, OSSL_PROVIDER_get_capabilities,
 OSSL_PROVIDER_add_conf_parameter, OSSL_PROVIDER_get_conf_parameters,
-OSSL_PROVIDER_self_test
+OSSL_PROVIDER_conf_get_bool, OSSL_PROVIDER_self_test
 - provider routines
 
 =head1 SYNOPSIS
@@ -64,6 +64,8 @@ OSSL_PROVIDER_self_test
                                       const char *value);
  int OSSL_PROVIDER_get_conf_parameters(OSSL_PROVIDER *prov,
                                        OSSL_PARAM params[]);
+ int OSSL_PROVIDER_conf_get_bool(const OSSL_PROVIDER *prov,
+                                 const char *name, int defval);
  int OSSL_PROVIDER_self_test(const OSSL_PROVIDER *prov);
 
 =head1 DESCRIPTION
@@ -143,7 +145,7 @@ function, and the variables acting as buffers for this parameter array
 should be filled with data when it returns successfully.
 
 OSSL_PROVIDER_add_conf_parameter() sets the provider configuration parameter
-I<name> to B<value>.
+I<name> to I<value>.
 Provider configuration parameters are managed by the OpenSSL core and normally
 set in the configuration file, but can also be set early in the main program
 before a provider is in use by multiple threads.
@@ -154,13 +156,21 @@ Only text parameters can be given, and it's up to the provider to
 interpret them.
 
 OSSL_PROVIDER_get_conf_parameters() retrieves global configuration parameters
-associated with B<prov>.
+associated with I<prov>.
 These configuration parameters are stored for each provider by the OpenSSL core,
 not the provider itself, parameters managed by the provider are queried via
 B<OSSL_PROVIDER_get_params()> described above.
 The parameters are returned by reference, not as copies, and so the elements of
 the I<param> array must have B<OSSL_PARAM_UTF8_PTR> as their B<data_type>.
 
+OSSL_PROVIDER_conf_get_bool() parses the global configuration parameter I<name>
+associated with provider I<prov> as a boolean value, returning a default value
+I<defval> when unable to retrieve or parse the parameter.
+Parameter values equal (case-insensitively) to C<1>, C<on>, C<yes>, or C<true>
+yield a true (nonzero) result.
+Parameter values equal (case-insensitively) to C<0>, C<off>, C<no>, or C<false>
+yield a false (zero) result.
+
 OSSL_PROVIDER_self_test() is used to run a provider's self tests on demand.
 If the self tests fail then the provider will fail to provide any further
 services and algorithms. L<OSSL_SELF_TEST_set_callback(3)> may be called
@@ -263,6 +273,12 @@ The type and functions described here were added in OpenSSL 3.0.
 The I<OSSL_PROVIDER_load_ex> and I<OSSL_PROVIDER_try_load_ex> functions were
 added in OpenSSL 3.2.
 
+The
+I<OSSL_PROVIDER_add_conf_parameter>,
+I<OSSL_PROVIDER_get_conf_parameters>, and
+I<OSSL_PROVIDER_conf_get_bool> functions
+were added in OpenSSL 3.5.
+
 =head1 COPYRIGHT
 
 Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
diff --git a/include/openssl/provider.h b/include/openssl/provider.h
index 202e672d024..22579c7c61c 100644
--- a/include/openssl/provider.h
+++ b/include/openssl/provider.h
@@ -61,7 +61,16 @@ int OSSL_PROVIDER_add_conf_parameter(OSSL_PROVIDER *prov, const char *name,
  * The |params| array elements MUST have type OSSL_PARAM_UTF8_PTR, values are
  * returned by reference, not as copies.
  */
-int OSSL_PROVIDER_get_conf_parameters(OSSL_PROVIDER *prov, OSSL_PARAM params[]);
+int OSSL_PROVIDER_get_conf_parameters(const OSSL_PROVIDER *prov,
+                                      OSSL_PARAM params[]);
+/*
+ * Parse a provider configuration parameter as a boolean value,
+ * or return a default value if unable to retrieve the parameter.
+ * Values like "1", "yes", "true", ... are true (nonzero).
+ * Values like "0", "no", "false", ... are false (zero).
+ */
+int OSSL_PROVIDER_conf_get_bool(const OSSL_PROVIDER *prov,
+                                const char *name, int defval);
 
 const OSSL_ALGORITHM *OSSL_PROVIDER_query_operation(const OSSL_PROVIDER *prov,
                                                     int operation_id,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index d0b8f4eca7e..7e4d850800a 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5879,6 +5879,7 @@ OSSL_ALLOWED_ATTRIBUTES_SYNTAX_new      ?	3_5_0	EXIST::FUNCTION:
 OSSL_ALLOWED_ATTRIBUTES_SYNTAX_it       ?	3_5_0	EXIST::FUNCTION:
 OSSL_PROVIDER_add_conf_parameter        ?	3_5_0	EXIST::FUNCTION:
 OSSL_PROVIDER_get_conf_parameters       ?	3_5_0	EXIST::FUNCTION:
+OSSL_PROVIDER_conf_get_bool             ?	3_5_0	EXIST::FUNCTION:
 d2i_OSSL_AA_DIST_POINT                  ?	3_5_0	EXIST::FUNCTION:
 i2d_OSSL_AA_DIST_POINT                  ?	3_5_0	EXIST::FUNCTION:
 OSSL_AA_DIST_POINT_free                 ?	3_5_0	EXIST::FUNCTION: