Hide OPENSSL_INIT_SETTINGS.
Make OPENSSL_INIT_SETTINGS an opaque structure. Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
parent
5caef3b502
commit
7253fd550c
11 changed files with 65 additions and 73 deletions
|
@ -57,6 +57,8 @@
|
|||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include <internal/conf.h>
|
||||
#include <openssl/crypto.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/conf.h>
|
||||
|
@ -370,3 +372,29 @@ int NCONF_dump_bio(const CONF *conf, BIO *out)
|
|||
|
||||
return conf->meth->dump(conf, out);
|
||||
}
|
||||
|
||||
/*
|
||||
* These routines call the C malloc/free, to avoid intermixing with
|
||||
* OpenSSL function pointers before the library is initialized.
|
||||
*/
|
||||
OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
|
||||
{
|
||||
OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
|
||||
|
||||
memset(ret, 0, sizeof(*ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
||||
void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
|
||||
const char *config_file)
|
||||
{
|
||||
free(settings->config_name);
|
||||
settings->config_name = config_file == NULL ? NULL : strdup(config_file);
|
||||
}
|
||||
|
||||
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
|
||||
{
|
||||
free(settings->config_name);
|
||||
free(settings);
|
||||
}
|
||||
|
|
|
@ -77,13 +77,11 @@ static int openssl_configured = 0;
|
|||
|
||||
void OPENSSL_config(const char *config_name)
|
||||
{
|
||||
OPENSSL_INIT_SETTINGS settings[2];
|
||||
OPENSSL_INIT_SETTINGS settings;
|
||||
|
||||
settings[0].name = OPENSSL_INIT_SET_CONF_FILENAME;
|
||||
settings[0].value.type_string = config_name;
|
||||
settings[1].name = OPENSSL_INIT_SET_END;
|
||||
settings[1].value.type_int = 0;
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
|
||||
memset(&settings, 0, sizeof(settings));
|
||||
settings.config_name = strdup(config_name);
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
|
||||
}
|
||||
|
||||
void openssl_config_internal(const char *config_name)
|
||||
|
|
|
@ -253,6 +253,7 @@ static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
|
|||
|
||||
#endif
|
||||
|
||||
typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
|
||||
struct ossl_init_stop_st {
|
||||
void (*handler)(void);
|
||||
OPENSSL_INIT_STOP *next;
|
||||
|
@ -606,21 +607,6 @@ void OPENSSL_cleanup(void)
|
|||
base_inited = 0;
|
||||
}
|
||||
|
||||
static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting(
|
||||
const OPENSSL_INIT_SETTINGS *settings, int name)
|
||||
{
|
||||
if (settings == NULL)
|
||||
return NULL;
|
||||
|
||||
while (settings->name != OPENSSL_INIT_SET_END) {
|
||||
if (settings->name == name)
|
||||
return settings;
|
||||
settings++;
|
||||
}
|
||||
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/*
|
||||
* If this function is called with a non NULL settings value then it must be
|
||||
* called prior to any threads making calls to any OpenSSL functions,
|
||||
|
@ -670,14 +656,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
|
|||
|
||||
if (opts & OPENSSL_INIT_LOAD_CONFIG) {
|
||||
CRYPTO_w_lock(CRYPTO_LOCK_INIT);
|
||||
if (settings != NULL) {
|
||||
const OPENSSL_INIT_SETTINGS *curr;
|
||||
curr = ossl_init_get_setting(settings,
|
||||
OPENSSL_INIT_SET_CONF_FILENAME);
|
||||
config_filename = (curr == NULL) ? NULL : curr->value.type_string;
|
||||
} else {
|
||||
config_filename = NULL;
|
||||
}
|
||||
config_filename = (settings == NULL) ? NULL : settings->config_name;
|
||||
ossl_init_once_run(&config, ossl_init_config);
|
||||
CRYPTO_w_unlock(CRYPTO_LOCK_INIT);
|
||||
}
|
||||
|
|
|
@ -15,6 +15,10 @@ initialisation and deinitialisation functions
|
|||
int OPENSSL_atexit(void (*handler)(void));
|
||||
void OPENSSL_thread_stop(void);
|
||||
|
||||
OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void);
|
||||
OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, const char* name);
|
||||
OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
During normal operation OpenSSL (libcrypto) will allocate various resources at
|
||||
|
@ -90,6 +94,7 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
|
|||
|
||||
With this option an OpenSSL configuration file will be automatically loaded and
|
||||
used by calling OPENSSL_config(). This is not a default option.
|
||||
See the description of OPENSSL_init_new(), below.
|
||||
|
||||
=item OPENSSL_INIT_NO_LOAD_CONFIG
|
||||
|
||||
|
@ -151,23 +156,6 @@ OPENSSL_init_crypto(). For example:
|
|||
OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
|
||||
| OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
|
||||
|
||||
|
||||
The B<settings> parameter to OPENSSL_init_crypto() may be used to provide
|
||||
optional settings values to an option. Currently the only option this
|
||||
applies to is OPENSSL_INIT_LOAD_CONFIG. This provides the optional
|
||||
OPENSSL_INIT_SET_CONF_FILENAME parameter to provide a filename to load
|
||||
configuration from. If no filename is provided then the system default
|
||||
configuration file is assumed. For example
|
||||
|
||||
const OPENSSL_INIT_SETTINGS settings[2] = {
|
||||
{ OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" },
|
||||
{ OPENSSL_INIT_SET_END, .value.type_int = 0 }
|
||||
};
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
|
||||
|
||||
The B<settings> parameter must be an array of OPENSSL_INIT_SETTINGS values
|
||||
terminated with an OPENSSL_INIT_SET_END entry.
|
||||
|
||||
The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
|
||||
and libssl). All resources allocated by OpenSSL are freed. Typically there
|
||||
should be no need to call this function directly as it is initiated
|
||||
|
@ -199,6 +187,13 @@ the library when the thread exits. This should only be called directly if
|
|||
resources should be freed at an earlier time, or under the circumstances
|
||||
described in the NOTES section below.
|
||||
|
||||
The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
|
||||
file. To specify a different file, an B<OPENSSL_INIT_SETTINGS> must
|
||||
be created and used. The routines
|
||||
OPENSSL_init_new() and OPENSSL_INIT_set_config_filename() can be used to
|
||||
allocate the object and set the configuration filename, and then the
|
||||
object can be released with OPENSSL_INIT_free() when done.
|
||||
|
||||
=head1 NOTES
|
||||
|
||||
Resources local to a thread are deallocated automatically when the thread exits
|
||||
|
|
|
@ -57,11 +57,8 @@ B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
|
|||
|
||||
=back
|
||||
|
||||
The B<settings> parameter specifies optional settings values to an option.
|
||||
Currently no such settings are available for libssl specific options. However
|
||||
these settings will also be passed internally to a call to
|
||||
L<OPENSSL_init_crypto(3)>, so this parameter can also be used to
|
||||
provide libcrypto settings values.
|
||||
OPENSSL_init_ssl() takes a B<settings> parameter which can be used to
|
||||
set parameter values. See L<OPENSSL_init_crypto(3)> for details.
|
||||
|
||||
=head1 RETURN VALUES
|
||||
|
||||
|
|
|
@ -46,6 +46,11 @@
|
|||
extern "C" {
|
||||
#endif
|
||||
|
||||
|
||||
struct ossl_init_settings_st {
|
||||
char *config_name;
|
||||
};
|
||||
|
||||
void openssl_config_internal(const char *config_name);
|
||||
void openssl_no_config_internal(void);
|
||||
|
||||
|
|
|
@ -139,6 +139,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
|
|||
|
||||
#if OPENSSL_API_COMPAT < 0x10100000L
|
||||
void OPENSSL_config(const char *config_name);
|
||||
|
||||
# define OPENSSL_no_config() \
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
|
||||
#endif
|
||||
|
|
|
@ -575,34 +575,18 @@ int CRYPTO_memcmp(const volatile void * volatile in_a,
|
|||
OPENSSL_INIT_ENGINE_PADLOCK)
|
||||
|
||||
|
||||
|
||||
/* Optional settings for initialisation */
|
||||
# define OPENSSL_INIT_SET_END 0
|
||||
# define OPENSSL_INIT_SET_CONF_FILENAME 1
|
||||
|
||||
typedef struct ossl_init_settings_st {
|
||||
int name;
|
||||
union {
|
||||
int type_int;
|
||||
long type_long;
|
||||
int32_t type_int32_t;
|
||||
uint32_t type_uint32_t;
|
||||
int64_t type_int64_t;
|
||||
uint64_t type_uint64_t;
|
||||
size_t type_size_t;
|
||||
const char *type_string;
|
||||
void *type_void_ptr;
|
||||
} value;
|
||||
} OPENSSL_INIT_SETTINGS;
|
||||
|
||||
typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
|
||||
|
||||
/* Library initialisation functions */
|
||||
void OPENSSL_cleanup(void);
|
||||
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
|
||||
int OPENSSL_atexit(void (*handler)(void));
|
||||
void OPENSSL_thread_stop(void);
|
||||
|
||||
/* Low-level control of initialization */
|
||||
OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
|
||||
void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
|
||||
const char *config_file);
|
||||
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
|
||||
|
||||
/* BEGIN ERROR CODES */
|
||||
/*
|
||||
* The following lines are auto generated by the script mkerr.pl. Any changes
|
||||
|
|
|
@ -172,6 +172,7 @@ typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
|
|||
|
||||
typedef struct v3_ext_ctx X509V3_CTX;
|
||||
typedef struct conf_st CONF;
|
||||
typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
|
||||
|
||||
typedef struct ui_st UI;
|
||||
typedef struct ui_method_st UI_METHOD;
|
||||
|
|
|
@ -294,6 +294,7 @@ static void ssl_library_stop(void)
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* If this function is called with a non NULL settings value then it must be
|
||||
* called prior to any threads making calls to any OpenSSL functions,
|
||||
|
|
|
@ -4729,3 +4729,6 @@ OPENSSL_cleanup 5210 1_1_0 EXIST::FUNCTION:
|
|||
OPENSSL_atexit 5211 1_1_0 EXIST::FUNCTION:
|
||||
OPENSSL_init_crypto 5212 1_1_0 EXIST::FUNCTION:
|
||||
OPENSSL_thread_stop 5213 1_1_0 EXIST::FUNCTION:
|
||||
OPENSSL_INIT_new 5215 1_1_0 EXIST::FUNCTION:
|
||||
OPENSSL_INIT_free 5216 1_1_0 EXIST::FUNCTION:
|
||||
OPENSSL_INIT_set_config_filename 5217 1_1_0 EXIST::FUNCTION:
|
||||
|
|
Loading…
Reference in a new issue