summaryrefslogtreecommitdiffstats
path: root/crypto/conf
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2020-03-20 11:25:39 +0100
committerShane Lontis <shane.lontis@oracle.com>2020-03-20 11:25:39 +0100
commit22e27978b29b2cdc1db79659ed653d6cf31834ab (patch)
treef156d63b1f889794d723167e59108d088fbe5907 /crypto/conf
parentUse RAND_bytes_ex in crypto/rsa (diff)
downloadopenssl-22e27978b29b2cdc1db79659ed653d6cf31834ab.tar.xz
openssl-22e27978b29b2cdc1db79659ed653d6cf31834ab.zip
Add support for passing the libctx to the config loader
The self tests for the fips module are triggered on startup and they need to know the core's libctx in order to function correctly. As the provider can be autoloaded via configuration it then needs to propagate the callers libctx down to the provider via the config load. Note that OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, ..) is still called, but will only load the default configuration if the OPENSSL_CONF environment variable is set. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11240)
Diffstat (limited to 'crypto/conf')
-rw-r--r--crypto/conf/conf_lib.c10
-rw-r--r--crypto/conf/conf_mod.c39
-rw-r--r--crypto/conf/conf_sap.c6
3 files changed, 41 insertions, 14 deletions
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 833b7a6551..c06718d249 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -174,7 +174,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out)
* the "CONF classic" functions, for consistency.
*/
-CONF *NCONF_new(CONF_METHOD *meth)
+CONF *NCONF_new_with_libctx(OPENSSL_CTX *libctx, CONF_METHOD *meth)
{
CONF *ret;
@@ -183,13 +183,19 @@ CONF *NCONF_new(CONF_METHOD *meth)
ret = meth->create(meth);
if (ret == NULL) {
- CONFerr(CONF_F_NCONF_NEW, ERR_R_MALLOC_FAILURE);
+ CONFerr(0, ERR_R_MALLOC_FAILURE);
return NULL;
}
+ ret->libctx = libctx;
return ret;
}
+CONF *NCONF_new(CONF_METHOD *meth)
+{
+ return NCONF_new_with_libctx(NULL, meth);
+}
+
void NCONF_free(CONF *conf)
{
if (conf == NULL)
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 86924c1bff..2bbf43b908 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -13,8 +13,10 @@
#include <openssl/crypto.h>
#include "internal/conf.h"
#include "internal/dso.h"
+#include "internal/thread_once.h"
#include <openssl/x509.h>
#include <openssl/trace.h>
+#include <openssl/engine.h>
#define DSO_mod_init_name "OPENSSL_init"
#define DSO_mod_finish_name "OPENSSL_finish"
@@ -55,6 +57,8 @@ struct conf_imodule_st {
static STACK_OF(CONF_MODULE) *supported_modules = NULL;
static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+static CRYPTO_ONCE load_builtin_modules = CRYPTO_ONCE_STATIC_INIT;
+
static void module_free(CONF_MODULE *md);
static void module_finish(CONF_IMODULE *imod);
static int module_run(const CONF *cnf, const char *name, const char *value,
@@ -113,22 +117,25 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
}
-int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags)
+int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
+ const char *filename,
+ const char *appname, unsigned long flags)
{
char *file = NULL;
CONF *conf = NULL;
int ret = 0;
- conf = NCONF_new(NULL);
+
+ conf = NCONF_new_with_libctx(libctx, NULL);
if (conf == NULL)
goto err;
if (filename == NULL) {
file = CONF_get1_default_config_file();
- if (!file)
+ if (file == NULL)
goto err;
- } else
+ } else {
file = (char *)filename;
+ }
if (NCONF_load(conf, file, NULL) <= 0) {
if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
@@ -152,12 +159,32 @@ int CONF_modules_load_file(const char *filename, const char *appname,
return ret;
}
+int CONF_modules_load_file(const char *filename,
+ const char *appname, unsigned long flags)
+{
+ return CONF_modules_load_file_with_libctx(NULL, filename, appname, flags);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules)
+{
+ OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
+ /* Need to load ENGINEs */
+ ENGINE_load_builtin_engines();
+#endif
+ ERR_clear_error();
+ return 1;
+}
+
static int module_run(const CONF *cnf, const char *name, const char *value,
unsigned long flags)
{
CONF_MODULE *md;
int ret;
+ if (!RUN_ONCE(&load_builtin_modules, do_load_builtin_modules))
+ return -1;
+
md = module_find(name);
/* Module not found: try to load DSO */
diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c
index 2c5ee2a131..f628896222 100644
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -59,12 +59,6 @@ int openssl_config_int(const OPENSSL_INIT_SETTINGS *settings)
filename, appname, flags);
#endif
- OPENSSL_load_builtin_modules();
-#ifndef OPENSSL_NO_ENGINE
- /* Need to load ENGINEs */
- ENGINE_load_builtin_engines();
-#endif
- ERR_clear_error();
#ifndef OPENSSL_SYS_UEFI
ret = CONF_modules_load_file(filename, appname, flags);
#endif