Load the config file by default
Previously we only loaded the config file by default for libssl. Now we do it for libcrypto too. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
This commit is contained in:
parent
988b29850b
commit
29dc6e00f2
11 changed files with 131 additions and 63 deletions
|
@ -129,6 +129,9 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
|
|||
int idx;
|
||||
ASN1_STRING_TABLE fnd;
|
||||
|
||||
/* "stable" can be impacted by config, so load the config file first */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
fnd.nid = nid;
|
||||
if (stable) {
|
||||
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
|
||||
|
|
|
@ -197,6 +197,9 @@ ENGINE *engine_table_select_int(ENGINE_TABLE **table, int nid, const char *f,
|
|||
ENGINE_PILE tmplate, *fnd = NULL;
|
||||
int initres, loop = 0;
|
||||
|
||||
/* Load the config before trying to check if engines are available */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
if (!(*table)) {
|
||||
OSSL_TRACE3(ENGINE_TABLE,
|
||||
"%s:%d, nid=%d, nothing registered!\n",
|
||||
|
|
|
@ -228,20 +228,23 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
|
|||
return NULL;
|
||||
}
|
||||
return (ASN1_OBJECT *)&(nid_objs[n]);
|
||||
} else if (added == NULL)
|
||||
return NULL;
|
||||
else {
|
||||
ad.type = ADDED_NID;
|
||||
ad.obj = &ob;
|
||||
ob.nid = n;
|
||||
adp = lh_ADDED_OBJ_retrieve(added, &ad);
|
||||
if (adp != NULL)
|
||||
return adp->obj;
|
||||
else {
|
||||
OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Make sure we've loaded config before checking for any "added" objects */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
if (added == NULL)
|
||||
return NULL;
|
||||
|
||||
ad.type = ADDED_NID;
|
||||
ad.obj = &ob;
|
||||
ob.nid = n;
|
||||
adp = lh_ADDED_OBJ_retrieve(added, &ad);
|
||||
if (adp != NULL)
|
||||
return adp->obj;
|
||||
|
||||
OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *OBJ_nid2sn(int n)
|
||||
|
@ -255,20 +258,23 @@ const char *OBJ_nid2sn(int n)
|
|||
return NULL;
|
||||
}
|
||||
return nid_objs[n].sn;
|
||||
} else if (added == NULL)
|
||||
return NULL;
|
||||
else {
|
||||
ad.type = ADDED_NID;
|
||||
ad.obj = &ob;
|
||||
ob.nid = n;
|
||||
adp = lh_ADDED_OBJ_retrieve(added, &ad);
|
||||
if (adp != NULL)
|
||||
return adp->obj->sn;
|
||||
else {
|
||||
OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Make sure we've loaded config before checking for any "added" objects */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
if (added == NULL)
|
||||
return NULL;
|
||||
|
||||
ad.type = ADDED_NID;
|
||||
ad.obj = &ob;
|
||||
ob.nid = n;
|
||||
adp = lh_ADDED_OBJ_retrieve(added, &ad);
|
||||
if (adp != NULL)
|
||||
return adp->obj->sn;
|
||||
|
||||
OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
const char *OBJ_nid2ln(int n)
|
||||
|
@ -282,20 +288,23 @@ const char *OBJ_nid2ln(int n)
|
|||
return NULL;
|
||||
}
|
||||
return nid_objs[n].ln;
|
||||
} else if (added == NULL)
|
||||
return NULL;
|
||||
else {
|
||||
ad.type = ADDED_NID;
|
||||
ad.obj = &ob;
|
||||
ob.nid = n;
|
||||
adp = lh_ADDED_OBJ_retrieve(added, &ad);
|
||||
if (adp != NULL)
|
||||
return adp->obj->ln;
|
||||
else {
|
||||
OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
|
||||
/* Make sure we've loaded config before checking for any "added" objects */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
if (added == NULL)
|
||||
return NULL;
|
||||
|
||||
ad.type = ADDED_NID;
|
||||
ad.obj = &ob;
|
||||
ob.nid = n;
|
||||
adp = lh_ADDED_OBJ_retrieve(added, &ad);
|
||||
if (adp != NULL)
|
||||
return adp->obj->ln;
|
||||
|
||||
OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
|
||||
|
@ -327,6 +336,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
|
|||
if (a->length == 0)
|
||||
return NID_undef;
|
||||
|
||||
/* Make sure we've loaded config before checking for any "added" objects */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
if (added != NULL) {
|
||||
ad.type = ADDED_DATA;
|
||||
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
|
||||
|
@ -544,6 +556,9 @@ int OBJ_ln2nid(const char *s)
|
|||
ADDED_OBJ ad, *adp;
|
||||
const unsigned int *op;
|
||||
|
||||
/* Make sure we've loaded config before checking for any "added" objects */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
o.ln = s;
|
||||
if (added != NULL) {
|
||||
ad.type = ADDED_LNAME;
|
||||
|
@ -565,6 +580,9 @@ int OBJ_sn2nid(const char *s)
|
|||
ADDED_OBJ ad, *adp;
|
||||
const unsigned int *op;
|
||||
|
||||
/* Make sure we've loaded config before checking for any "added" objects */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
|
||||
o.sn = s;
|
||||
if (added != NULL) {
|
||||
ad.type = ADDED_SNAME;
|
||||
|
|
|
@ -279,6 +279,10 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid,
|
|||
int ret = 0;
|
||||
int j, best = -1, score, optional;
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
#endif
|
||||
|
||||
if (nid <= 0 || method == NULL || store == NULL)
|
||||
return 0;
|
||||
|
||||
|
|
|
@ -17,8 +17,8 @@ OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
|
|||
OSSL_PROVIDER *prov = NULL;
|
||||
|
||||
/* Find it or create it */
|
||||
if ((prov = ossl_provider_find(libctx, name)) == NULL
|
||||
&& (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
|
||||
if ((prov = ossl_provider_find(libctx, name, 0)) == NULL
|
||||
&& (prov = ossl_provider_new(libctx, name, NULL, 0)) == NULL)
|
||||
return NULL;
|
||||
|
||||
if (!ossl_provider_activate(prov)) {
|
||||
|
@ -41,7 +41,7 @@ int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name)
|
|||
int available = 0;
|
||||
|
||||
/* Find it or create it */
|
||||
prov = ossl_provider_find(libctx, name);
|
||||
prov = ossl_provider_find(libctx, name, 0);
|
||||
available = ossl_provider_available(prov);
|
||||
ossl_provider_free(prov);
|
||||
return available;
|
||||
|
@ -69,7 +69,7 @@ int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
|
|||
}
|
||||
|
||||
/* Create it */
|
||||
if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
|
||||
if ((prov = ossl_provider_new(libctx, name, init_fn, 0)) == NULL)
|
||||
return 0;
|
||||
|
||||
/*
|
||||
|
|
|
@ -113,9 +113,9 @@ static int provider_conf_load(OPENSSL_CTX *libctx, const char *name,
|
|||
activate = 1;
|
||||
}
|
||||
|
||||
prov = ossl_provider_find(libctx, name);
|
||||
prov = ossl_provider_find(libctx, name, 1);
|
||||
if (prov == NULL)
|
||||
prov = ossl_provider_new(libctx, name, NULL);
|
||||
prov = ossl_provider_new(libctx, name, NULL, 1);
|
||||
if (prov == NULL) {
|
||||
if (soft)
|
||||
ERR_clear_error();
|
||||
|
|
|
@ -159,7 +159,8 @@ static struct provider_store_st *get_provider_store(OPENSSL_CTX *libctx)
|
|||
return store;
|
||||
}
|
||||
|
||||
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
|
||||
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
|
||||
int noconfig)
|
||||
{
|
||||
struct provider_store_st *store = NULL;
|
||||
OSSL_PROVIDER *prov = NULL;
|
||||
|
@ -168,6 +169,15 @@ OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
|
|||
OSSL_PROVIDER tmpl = { 0, };
|
||||
int i;
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
/*
|
||||
* Make sure any providers are loaded from config before we try to find
|
||||
* them.
|
||||
*/
|
||||
if (!noconfig)
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
#endif
|
||||
|
||||
tmpl.name = (char *)name;
|
||||
CRYPTO_THREAD_write_lock(store->lock);
|
||||
if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
|
||||
|
@ -215,7 +225,8 @@ int ossl_provider_up_ref(OSSL_PROVIDER *prov)
|
|||
}
|
||||
|
||||
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
|
||||
OSSL_provider_init_fn *init_function)
|
||||
OSSL_provider_init_fn *init_function,
|
||||
int noconfig)
|
||||
{
|
||||
struct provider_store_st *store = NULL;
|
||||
OSSL_PROVIDER *prov = NULL;
|
||||
|
@ -223,7 +234,8 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
|
|||
if ((store = get_provider_store(libctx)) == NULL)
|
||||
return NULL;
|
||||
|
||||
if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
|
||||
if ((prov = ossl_provider_find(libctx, name,
|
||||
noconfig)) != NULL) { /* refcount +1 */
|
||||
ossl_provider_free(prov); /* refcount -1 */
|
||||
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL,
|
||||
"name=%s", name);
|
||||
|
@ -552,7 +564,17 @@ static int provider_forall_loaded(struct provider_store_st *store,
|
|||
{
|
||||
int i;
|
||||
int ret = 1;
|
||||
int num_provs = sk_OSSL_PROVIDER_num(store->providers);
|
||||
int num_provs;
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
/*
|
||||
* Make sure any providers are loaded from config before we try to use
|
||||
* them.
|
||||
*/
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
#endif
|
||||
|
||||
num_provs = sk_OSSL_PROVIDER_num(store->providers);
|
||||
|
||||
if (found_activated != NULL)
|
||||
*found_activated = 0;
|
||||
|
@ -754,6 +776,11 @@ static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
|
|||
int i;
|
||||
OSSL_PARAM *p;
|
||||
|
||||
#ifndef FIPS_MODE
|
||||
/* Load config before we attempt to read any provider parameters */
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
|
||||
#endif
|
||||
|
||||
if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL)
|
||||
OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR);
|
||||
if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
|
||||
|
|
|
@ -19,9 +19,11 @@ ossl_provider_get_params, ossl_provider_query_operation
|
|||
|
||||
#include "internal/provider.h"
|
||||
|
||||
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name);
|
||||
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
|
||||
int noconfig);
|
||||
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
|
||||
ossl_provider_init_fn *init_function);
|
||||
ossl_provider_init_fn *init_function
|
||||
int noconfig);
|
||||
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
|
||||
void ossl_provider_free(OSSL_PROVIDER *prov);
|
||||
|
||||
|
@ -82,6 +84,10 @@ times as ossl_provider_activate() has.
|
|||
|
||||
ossl_provider_find() finds an existing provider object in the provider
|
||||
object store by I<name>.
|
||||
The config file will be automatically loaded unless I<noconfig> is set.
|
||||
Typically I<noconfig> should be 0.
|
||||
We set I<noconfig> to 1 only when calling these functions while processing a
|
||||
config file in order to avoid recursively attempting to load the file.
|
||||
The provider object it finds has its reference count incremented.
|
||||
|
||||
ossl_provider_new() creates a new provider object named I<name> and
|
||||
|
@ -89,6 +95,10 @@ stores it in the provider object store, unless there already is one
|
|||
there with the same name.
|
||||
If there already is one with the same name, it's returned with its
|
||||
reference count incremented.
|
||||
The config file will be automatically loaded unless I<noconfig> is set.
|
||||
Typically I<noconfig> should be 0.
|
||||
We set I<noconfig> to 1 only when calling these functions while processing a
|
||||
config file in order to avoid recursively attempting to load the file.
|
||||
The reference count of a newly created provider object will always
|
||||
be 2; one for being added to the store, and one for the returned
|
||||
reference.
|
||||
|
|
|
@ -101,10 +101,12 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
|
|||
=item OPENSSL_INIT_LOAD_CONFIG
|
||||
|
||||
With this option an OpenSSL configuration file will be automatically loaded and
|
||||
used by calling OPENSSL_config(). This is not a default option for libcrypto.
|
||||
As of OpenSSL 1.1.1 this is a default option for libssl (see
|
||||
L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
|
||||
description of OPENSSL_INIT_new(), below.
|
||||
used by calling OPENSSL_config(). This is a default option.
|
||||
Note that in OpenSSL 1.1.1 this was the default for libssl but not for
|
||||
libcrypto (see L<OPENSSL_init_ssl(3)> for further details about libssl
|
||||
initialisation).
|
||||
In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto.
|
||||
See the description of OPENSSL_INIT_new(), below.
|
||||
|
||||
=item OPENSSL_INIT_NO_LOAD_CONFIG
|
||||
|
||||
|
@ -229,7 +231,7 @@ B<CONF_MFLAGS_IGNORE_MISSING_FILE>, B<CONF_MFLAGS_IGNORE_RETURN_CODES> and
|
|||
B<CONF_MFLAGS_DEFAULT_SECTION> flags.
|
||||
The filename, application name, and flags can be customized by providing a
|
||||
non-null B<OPENSSL_INIT_SETTINGS> object.
|
||||
The object can be allocated via B<OPENSSL_init_new()>.
|
||||
The object can be allocated via B<OPENSSL_INIT_new()>.
|
||||
The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
|
||||
non-default filename, which is copied and need not refer to persistent storage.
|
||||
Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
|
||||
|
|
|
@ -26,9 +26,11 @@ extern "C" {
|
|||
*/
|
||||
|
||||
/* Provider Object finder, constructor and destructor */
|
||||
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name);
|
||||
OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
|
||||
int noconfig);
|
||||
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
|
||||
OSSL_provider_init_fn *init_function);
|
||||
OSSL_provider_init_fn *init_function,
|
||||
int noconfig);
|
||||
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
|
||||
void ossl_provider_free(OSSL_PROVIDER *prov);
|
||||
|
||||
|
|
|
@ -55,7 +55,7 @@ static int test_builtin_provider(void)
|
|||
|
||||
return
|
||||
TEST_ptr(prov =
|
||||
ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME))
|
||||
ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME, 0))
|
||||
&& test_provider(prov, expected_greeting1(name));
|
||||
}
|
||||
|
||||
|
@ -66,7 +66,7 @@ static int test_loaded_provider(void)
|
|||
OSSL_PROVIDER *prov = NULL;
|
||||
|
||||
return
|
||||
TEST_ptr(prov = ossl_provider_new(NULL, name, NULL))
|
||||
TEST_ptr(prov = ossl_provider_new(NULL, name, NULL, 0))
|
||||
&& test_provider(prov, expected_greeting1(name));
|
||||
}
|
||||
|
||||
|
@ -79,8 +79,7 @@ static int test_configured_provider(void)
|
|||
"Hello OpenSSL, greetings from Test Provider";
|
||||
|
||||
return
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)
|
||||
&& TEST_ptr(prov = ossl_provider_find(NULL, name))
|
||||
TEST_ptr(prov = ossl_provider_find(NULL, name, 0))
|
||||
&& test_provider(prov, expected_greeting);
|
||||
}
|
||||
#endif
|
||||
|
|
Loading…
Reference in a new issue