Hide OPENSSL_INIT_SETTINGS.

Make OPENSSL_INIT_SETTINGS an opaque structure.
Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2016-02-10 09:55:48 -05:00 committed by Rich Salz
parent 5caef3b502
commit 7253fd550c
11 changed files with 65 additions and 73 deletions

View file

@ -57,6 +57,8 @@
*/
#include <stdio.h>
#include <string.h>
#include <internal/conf.h>
#include <openssl/crypto.h>
#include <openssl/err.h>
#include <openssl/conf.h>
@ -370,3 +372,29 @@ int NCONF_dump_bio(const CONF *conf, BIO *out)
return conf->meth->dump(conf, out);
}
/*
* These routines call the C malloc/free, to avoid intermixing with
* OpenSSL function pointers before the library is initialized.
*/
OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
{
OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
memset(ret, 0, sizeof(*ret));
return ret;
}
void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
const char *config_file)
{
free(settings->config_name);
settings->config_name = config_file == NULL ? NULL : strdup(config_file);
}
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
{
free(settings->config_name);
free(settings);
}

View file

@ -77,13 +77,11 @@ static int openssl_configured = 0;
void OPENSSL_config(const char *config_name)
{
OPENSSL_INIT_SETTINGS settings[2];
OPENSSL_INIT_SETTINGS settings;
settings[0].name = OPENSSL_INIT_SET_CONF_FILENAME;
settings[0].value.type_string = config_name;
settings[1].name = OPENSSL_INIT_SET_END;
settings[1].value.type_int = 0;
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
memset(&settings, 0, sizeof(settings));
settings.config_name = strdup(config_name);
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
}
void openssl_config_internal(const char *config_name)

View file

@ -253,6 +253,7 @@ static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
#endif
typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
struct ossl_init_stop_st {
void (*handler)(void);
OPENSSL_INIT_STOP *next;
@ -606,21 +607,6 @@ void OPENSSL_cleanup(void)
base_inited = 0;
}
static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting(
const OPENSSL_INIT_SETTINGS *settings, int name)
{
if (settings == NULL)
return NULL;
while (settings->name != OPENSSL_INIT_SET_END) {
if (settings->name == name)
return settings;
settings++;
}
return NULL;
}
/*
* If this function is called with a non NULL settings value then it must be
* called prior to any threads making calls to any OpenSSL functions,
@ -670,14 +656,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
if (opts & OPENSSL_INIT_LOAD_CONFIG) {
CRYPTO_w_lock(CRYPTO_LOCK_INIT);
if (settings != NULL) {
const OPENSSL_INIT_SETTINGS *curr;
curr = ossl_init_get_setting(settings,
OPENSSL_INIT_SET_CONF_FILENAME);
config_filename = (curr == NULL) ? NULL : curr->value.type_string;
} else {
config_filename = NULL;
}
config_filename = (settings == NULL) ? NULL : settings->config_name;
ossl_init_once_run(&config, ossl_init_config);
CRYPTO_w_unlock(CRYPTO_LOCK_INIT);
}

View file

@ -15,6 +15,10 @@ initialisation and deinitialisation functions
int OPENSSL_atexit(void (*handler)(void));
void OPENSSL_thread_stop(void);
OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void);
OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, const char* name);
OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
=head1 DESCRIPTION
During normal operation OpenSSL (libcrypto) will allocate various resources at
@ -90,6 +94,7 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
With this option an OpenSSL configuration file will be automatically loaded and
used by calling OPENSSL_config(). This is not a default option.
See the description of OPENSSL_init_new(), below.
=item OPENSSL_INIT_NO_LOAD_CONFIG
@ -151,23 +156,6 @@ OPENSSL_init_crypto(). For example:
OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
| OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
The B<settings> parameter to OPENSSL_init_crypto() may be used to provide
optional settings values to an option. Currently the only option this
applies to is OPENSSL_INIT_LOAD_CONFIG. This provides the optional
OPENSSL_INIT_SET_CONF_FILENAME parameter to provide a filename to load
configuration from. If no filename is provided then the system default
configuration file is assumed. For example
const OPENSSL_INIT_SETTINGS settings[2] = {
{ OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" },
{ OPENSSL_INIT_SET_END, .value.type_int = 0 }
};
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
The B<settings> parameter must be an array of OPENSSL_INIT_SETTINGS values
terminated with an OPENSSL_INIT_SET_END entry.
The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
and libssl). All resources allocated by OpenSSL are freed. Typically there
should be no need to call this function directly as it is initiated
@ -199,6 +187,13 @@ the library when the thread exits. This should only be called directly if
resources should be freed at an earlier time, or under the circumstances
described in the NOTES section below.
The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
file. To specify a different file, an B<OPENSSL_INIT_SETTINGS> must
be created and used. The routines
OPENSSL_init_new() and OPENSSL_INIT_set_config_filename() can be used to
allocate the object and set the configuration filename, and then the
object can be released with OPENSSL_INIT_free() when done.
=head1 NOTES
Resources local to a thread are deallocated automatically when the thread exits

View file

@ -57,11 +57,8 @@ B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
=back
The B<settings> parameter specifies optional settings values to an option.
Currently no such settings are available for libssl specific options. However
these settings will also be passed internally to a call to
L<OPENSSL_init_crypto(3)>, so this parameter can also be used to
provide libcrypto settings values.
OPENSSL_init_ssl() takes a B<settings> parameter which can be used to
set parameter values. See L<OPENSSL_init_crypto(3)> for details.
=head1 RETURN VALUES

View file

@ -46,6 +46,11 @@
extern "C" {
#endif
struct ossl_init_settings_st {
char *config_name;
};
void openssl_config_internal(const char *config_name);
void openssl_no_config_internal(void);

View file

@ -139,6 +139,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
#if OPENSSL_API_COMPAT < 0x10100000L
void OPENSSL_config(const char *config_name);
# define OPENSSL_no_config() \
OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
#endif

View file

@ -575,34 +575,18 @@ int CRYPTO_memcmp(const volatile void * volatile in_a,
OPENSSL_INIT_ENGINE_PADLOCK)
/* Optional settings for initialisation */
# define OPENSSL_INIT_SET_END 0
# define OPENSSL_INIT_SET_CONF_FILENAME 1
typedef struct ossl_init_settings_st {
int name;
union {
int type_int;
long type_long;
int32_t type_int32_t;
uint32_t type_uint32_t;
int64_t type_int64_t;
uint64_t type_uint64_t;
size_t type_size_t;
const char *type_string;
void *type_void_ptr;
} value;
} OPENSSL_INIT_SETTINGS;
typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
/* Library initialisation functions */
void OPENSSL_cleanup(void);
int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
int OPENSSL_atexit(void (*handler)(void));
void OPENSSL_thread_stop(void);
/* Low-level control of initialization */
OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
const char *config_file);
void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
/* BEGIN ERROR CODES */
/*
* The following lines are auto generated by the script mkerr.pl. Any changes

View file

@ -172,6 +172,7 @@ typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
typedef struct v3_ext_ctx X509V3_CTX;
typedef struct conf_st CONF;
typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
typedef struct ui_st UI;
typedef struct ui_method_st UI_METHOD;

View file

@ -294,6 +294,7 @@ static void ssl_library_stop(void)
}
}
/*
* If this function is called with a non NULL settings value then it must be
* called prior to any threads making calls to any OpenSSL functions,

View file

@ -4729,3 +4729,6 @@ OPENSSL_cleanup 5210 1_1_0 EXIST::FUNCTION:
OPENSSL_atexit 5211 1_1_0 EXIST::FUNCTION:
OPENSSL_init_crypto 5212 1_1_0 EXIST::FUNCTION:
OPENSSL_thread_stop 5213 1_1_0 EXIST::FUNCTION:
OPENSSL_INIT_new 5215 1_1_0 EXIST::FUNCTION:
OPENSSL_INIT_free 5216 1_1_0 EXIST::FUNCTION:
OPENSSL_INIT_set_config_filename 5217 1_1_0 EXIST::FUNCTION: