diff options
author | Matt Caswell <matt@openssl.org> | 2019-07-30 17:42:53 +0200 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2019-08-01 10:59:20 +0200 |
commit | 29dc6e00f2a1ec93bbacc5127cecf3412e95e57f (patch) | |
tree | e14982624eb7d057b64d73fdc7a617f49a0ff178 /crypto | |
parent | Suppress loading the FIPS module in evp_test (diff) | |
download | openssl-29dc6e00f2a1ec93bbacc5127cecf3412e95e57f.tar.xz openssl-29dc6e00f2a1ec93bbacc5127cecf3412e95e57f.zip |
Load the config file by default
Previously we only loaded the config file by default for libssl. Now we do
it for libcrypto too.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/a_strnid.c | 3 | ||||
-rw-r--r-- | crypto/engine/eng_table.c | 3 | ||||
-rw-r--r-- | crypto/objects/obj_dat.c | 96 | ||||
-rw-r--r-- | crypto/property/property.c | 4 | ||||
-rw-r--r-- | crypto/provider.c | 8 | ||||
-rw-r--r-- | crypto/provider_conf.c | 4 | ||||
-rw-r--r-- | crypto/provider_core.c | 35 |
7 files changed, 104 insertions, 49 deletions
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index 209e1ed491..630ac19259 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -129,6 +129,9 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) int idx; ASN1_STRING_TABLE fnd; + /* "stable" can be impacted by config, so load the config file first */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + fnd.nid = nid; if (stable) { idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c index c3afa583d0..62e9416869 100644 --- a/crypto/engine/eng_table.c +++ b/crypto/engine/eng_table.c @@ -197,6 +197,9 @@ ENGINE *engine_table_select_int(ENGINE_TABLE **table, int nid, const char *f, ENGINE_PILE tmplate, *fnd = NULL; int initres, loop = 0; + /* Load the config before trying to check if engines are available */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + if (!(*table)) { OSSL_TRACE3(ENGINE_TABLE, "%s:%d, nid=%d, nothing registered!\n", diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c index ec9e131337..c4155a3dfc 100644 --- a/crypto/objects/obj_dat.c +++ b/crypto/objects/obj_dat.c @@ -228,20 +228,23 @@ ASN1_OBJECT *OBJ_nid2obj(int n) return NULL; } return (ASN1_OBJECT *)&(nid_objs[n]); - } else if (added == NULL) - return NULL; - else { - ad.type = ADDED_NID; - ad.obj = &ob; - ob.nid = n; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return adp->obj; - else { - OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); - return NULL; - } } + + /* Make sure we've loaded config before checking for any "added" objects */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + + if (added == NULL) + return NULL; + + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; + adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return adp->obj; + + OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID); + return NULL; } const char *OBJ_nid2sn(int n) @@ -255,20 +258,23 @@ const char *OBJ_nid2sn(int n) return NULL; } return nid_objs[n].sn; - } else if (added == NULL) - return NULL; - else { - ad.type = ADDED_NID; - ad.obj = &ob; - ob.nid = n; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return adp->obj->sn; - else { - OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); - return NULL; - } } + + /* Make sure we've loaded config before checking for any "added" objects */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + + if (added == NULL) + return NULL; + + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; + adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return adp->obj->sn; + + OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID); + return NULL; } const char *OBJ_nid2ln(int n) @@ -282,20 +288,23 @@ const char *OBJ_nid2ln(int n) return NULL; } return nid_objs[n].ln; - } else if (added == NULL) - return NULL; - else { - ad.type = ADDED_NID; - ad.obj = &ob; - ob.nid = n; - adp = lh_ADDED_OBJ_retrieve(added, &ad); - if (adp != NULL) - return adp->obj->ln; - else { - OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); - return NULL; - } } + + /* Make sure we've loaded config before checking for any "added" objects */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + + if (added == NULL) + return NULL; + + ad.type = ADDED_NID; + ad.obj = &ob; + ob.nid = n; + adp = lh_ADDED_OBJ_retrieve(added, &ad); + if (adp != NULL) + return adp->obj->ln; + + OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID); + return NULL; } static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp) @@ -327,6 +336,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a) if (a->length == 0) return NID_undef; + /* Make sure we've loaded config before checking for any "added" objects */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + if (added != NULL) { ad.type = ADDED_DATA; ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */ @@ -544,6 +556,9 @@ int OBJ_ln2nid(const char *s) ADDED_OBJ ad, *adp; const unsigned int *op; + /* Make sure we've loaded config before checking for any "added" objects */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + o.ln = s; if (added != NULL) { ad.type = ADDED_LNAME; @@ -565,6 +580,9 @@ int OBJ_sn2nid(const char *s) ADDED_OBJ ad, *adp; const unsigned int *op; + /* Make sure we've loaded config before checking for any "added" objects */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + o.sn = s; if (added != NULL) { ad.type = ADDED_SNAME; diff --git a/crypto/property/property.c b/crypto/property/property.c index cab2ab243e..c3fa8df9c6 100644 --- a/crypto/property/property.c +++ b/crypto/property/property.c @@ -279,6 +279,10 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid, int ret = 0; int j, best = -1, score, optional; +#ifndef FIPS_MODE + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif + if (nid <= 0 || method == NULL || store == NULL) return 0; diff --git a/crypto/provider.c b/crypto/provider.c index 0250955a70..25ded2df99 100644 --- a/crypto/provider.c +++ b/crypto/provider.c @@ -17,8 +17,8 @@ OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name) OSSL_PROVIDER *prov = NULL; /* Find it or create it */ - if ((prov = ossl_provider_find(libctx, name)) == NULL - && (prov = ossl_provider_new(libctx, name, NULL)) == NULL) + if ((prov = ossl_provider_find(libctx, name, 0)) == NULL + && (prov = ossl_provider_new(libctx, name, NULL, 0)) == NULL) return NULL; if (!ossl_provider_activate(prov)) { @@ -41,7 +41,7 @@ int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name) int available = 0; /* Find it or create it */ - prov = ossl_provider_find(libctx, name); + prov = ossl_provider_find(libctx, name, 0); available = ossl_provider_available(prov); ossl_provider_free(prov); return available; @@ -69,7 +69,7 @@ int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name, } /* Create it */ - if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL) + if ((prov = ossl_provider_new(libctx, name, init_fn, 0)) == NULL) return 0; /* diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c index 25881d6de8..9b7a1fff7c 100644 --- a/crypto/provider_conf.c +++ b/crypto/provider_conf.c @@ -113,9 +113,9 @@ static int provider_conf_load(OPENSSL_CTX *libctx, const char *name, activate = 1; } - prov = ossl_provider_find(libctx, name); + prov = ossl_provider_find(libctx, name, 1); if (prov == NULL) - prov = ossl_provider_new(libctx, name, NULL); + prov = ossl_provider_new(libctx, name, NULL, 1); if (prov == NULL) { if (soft) ERR_clear_error(); diff --git a/crypto/provider_core.c b/crypto/provider_core.c index 803406d7f7..76d526eaf0 100644 --- a/crypto/provider_core.c +++ b/crypto/provider_core.c @@ -159,7 +159,8 @@ static struct provider_store_st *get_provider_store(OPENSSL_CTX *libctx) return store; } -OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name) +OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name, + int noconfig) { struct provider_store_st *store = NULL; OSSL_PROVIDER *prov = NULL; @@ -168,6 +169,15 @@ OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name) OSSL_PROVIDER tmpl = { 0, }; int i; +#ifndef FIPS_MODE + /* + * Make sure any providers are loaded from config before we try to find + * them. + */ + if (!noconfig) + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif + tmpl.name = (char *)name; CRYPTO_THREAD_write_lock(store->lock); if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1 @@ -215,7 +225,8 @@ int ossl_provider_up_ref(OSSL_PROVIDER *prov) } OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, - OSSL_provider_init_fn *init_function) + OSSL_provider_init_fn *init_function, + int noconfig) { struct provider_store_st *store = NULL; OSSL_PROVIDER *prov = NULL; @@ -223,7 +234,8 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name, if ((store = get_provider_store(libctx)) == NULL) return NULL; - if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */ + if ((prov = ossl_provider_find(libctx, name, + noconfig)) != NULL) { /* refcount +1 */ ossl_provider_free(prov); /* refcount -1 */ ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL, "name=%s", name); @@ -552,7 +564,17 @@ static int provider_forall_loaded(struct provider_store_st *store, { int i; int ret = 1; - int num_provs = sk_OSSL_PROVIDER_num(store->providers); + int num_provs; + +#ifndef FIPS_MODE + /* + * Make sure any providers are loaded from config before we try to use + * them. + */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif + + num_provs = sk_OSSL_PROVIDER_num(store->providers); if (found_activated != NULL) *found_activated = 0; @@ -754,6 +776,11 @@ static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[]) int i; OSSL_PARAM *p; +#ifndef FIPS_MODE + /* Load config before we attempt to read any provider parameters */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif + if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL) OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR); if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL) |