From e6c54619d151eeec32055bbd713cda11a9182246 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 31 Jul 2020 17:29:21 +0100 Subject: [PATCH] Load the default config file before working with default properties A config file can change the global default properties. Therefore we must ensure that the config file is loaded before reading or amending them. Fixes #12565 Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/12567) --- crypto/evp/evp_cnf.c | 3 ++- crypto/evp/evp_fetch.c | 22 ++++++++++++++-------- crypto/property/property.c | 9 +++++++-- include/crypto/evp.h | 2 ++ include/internal/property.h | 2 +- 5 files changed, 26 insertions(+), 12 deletions(-) diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 27815553bd1..455b258a9a1 100644 --- a/crypto/evp/evp_cnf.c +++ b/crypto/evp/evp_cnf.c @@ -14,6 +14,7 @@ #include #include #include +#include "crypto/evp.h" DEFINE_STACK_OF(CONF_VALUE) @@ -52,7 +53,7 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) return 0; } } else if (strcmp(oval->name, "default_properties") == 0) { - if (!EVP_set_default_properties(cnf->libctx, oval->value)) { + if (!evp_set_default_properties_int(cnf->libctx, oval->value, 0)) { EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); return 0; } diff --git a/crypto/evp/evp_fetch.c b/crypto/evp/evp_fetch.c index 4c3992ab408..7b0cea7f0b7 100644 --- a/crypto/evp/evp_fetch.c +++ b/crypto/evp/evp_fetch.c @@ -377,11 +377,12 @@ void evp_method_store_flush(OPENSSL_CTX *libctx) ossl_method_store_flush_cache(store, 1); } -static int evp_set_default_properties(OPENSSL_CTX *libctx, - OSSL_PROPERTY_LIST *def_prop) +static int evp_set_parsed_default_properties(OPENSSL_CTX *libctx, + OSSL_PROPERTY_LIST *def_prop, + int loadconfig) { OSSL_METHOD_STORE *store = get_evp_method_store(libctx); - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, loadconfig); if (plp != NULL) { ossl_property_free(*plp); @@ -394,7 +395,8 @@ static int evp_set_default_properties(OPENSSL_CTX *libctx, return 0; } -int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) +int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq, + int loadconfig) { OSSL_PROPERTY_LIST *pl = NULL; @@ -402,13 +404,17 @@ int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) EVPerr(0, EVP_R_DEFAULT_QUERY_PARSE_ERROR); return 0; } - return evp_set_default_properties(libctx, pl); + return evp_set_parsed_default_properties(libctx, pl, loadconfig); } +int EVP_set_default_properties(OPENSSL_CTX *libctx, const char *propq) +{ + return evp_set_default_properties_int(libctx, propq, 1); +} static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) { - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1); OSSL_PROPERTY_LIST *pl1, *pl2; if (propq == NULL) @@ -425,13 +431,13 @@ static int evp_default_properties_merge(OPENSSL_CTX *libctx, const char *propq) EVPerr(0, ERR_R_MALLOC_FAILURE); return 0; } - return evp_set_default_properties(libctx, pl2); + return evp_set_parsed_default_properties(libctx, pl2, 0); } static int evp_default_property_is_enabled(OPENSSL_CTX *libctx, const char *prop_name) { - OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx); + OSSL_PROPERTY_LIST **plp = ossl_ctx_global_properties(libctx, 1); return plp != NULL && ossl_property_is_enabled(libctx, prop_name, *plp); } diff --git a/crypto/property/property.c b/crypto/property/property.c index cb82f8956ba..608a909d49c 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -96,8 +96,13 @@ static const OPENSSL_CTX_METHOD ossl_ctx_global_properties_method = { ossl_ctx_global_properties_free, }; -OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OPENSSL_CTX *libctx) +OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OPENSSL_CTX *libctx, + int loadconfig) { +#ifndef FIPS_MODULE + if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)) + return NULL; +#endif return openssl_ctx_get_data(libctx, OPENSSL_CTX_GLOBAL_PROPERTIES, &ossl_ctx_global_properties_method); } @@ -352,7 +357,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, if (prop_query != NULL) p2 = pq = ossl_parse_query(store->ctx, prop_query); - plp = ossl_ctx_global_properties(store->ctx); + plp = ossl_ctx_global_properties(store->ctx, 1); if (plp != NULL && *plp != NULL) { if (pq == NULL) { pq = *plp; diff --git a/include/crypto/evp.h b/include/crypto/evp.h index f170e59324a..d2b2584357e 100644 --- a/include/crypto/evp.h +++ b/include/crypto/evp.h @@ -771,3 +771,5 @@ EVP_PKEY *evp_pkcs82pkey_int(const PKCS8_PRIV_KEY_INFO *p8, OPENSSL_CTX *libctx, const char *propq); #endif /* !defined(FIPS_MODULE) */ void evp_method_store_flush(OPENSSL_CTX *libctx); +int evp_set_default_properties_int(OPENSSL_CTX *libctx, const char *propq, + int loadconfig); diff --git a/include/internal/property.h b/include/internal/property.h index ca1d1e055c0..cd3982549d4 100644 --- a/include/internal/property.h +++ b/include/internal/property.h @@ -45,7 +45,7 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, const char *prop_query, void **method); /* Get the global properties associate with the specified library context */ -OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OPENSSL_CTX *ctx); +OSSL_PROPERTY_LIST **ossl_ctx_global_properties(OPENSSL_CTX *ctx, int loadconfig); /* property query cache functions */ int ossl_method_store_cache_get(OSSL_METHOD_STORE *store, int nid, -- 2.47.2