int idx;
ASN1_STRING_TABLE fnd;
+ /* "stable" can be impacted by config, so load the config file first */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
fnd.nid = nid;
if (stable) {
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
ENGINE_PILE tmplate, *fnd = NULL;
int initres, loop = 0;
+ /* Load the config before trying to check if engines are available */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
if (!(*table)) {
OSSL_TRACE3(ENGINE_TABLE,
"%s:%d, nid=%d, nothing registered!\n",
return NULL;
}
return (ASN1_OBJECT *)&(nid_objs[n]);
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj;
- else {
- OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
}
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj;
+
+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
const char *OBJ_nid2sn(int n)
return NULL;
}
return nid_objs[n].sn;
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj->sn;
- else {
- OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
}
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj->sn;
+
+ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
const char *OBJ_nid2ln(int n)
return NULL;
}
return nid_objs[n].ln;
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj->ln;
- else {
- OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
}
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj->ln;
+
+ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
if (a->length == 0)
return NID_undef;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
ADDED_OBJ ad, *adp;
const unsigned int *op;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
o.ln = s;
if (added != NULL) {
ad.type = ADDED_LNAME;
ADDED_OBJ ad, *adp;
const unsigned int *op;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
o.sn = s;
if (added != NULL) {
ad.type = ADDED_SNAME;
int ret = 0;
int j, best = -1, score, optional;
+#ifndef FIPS_MODE
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
if (nid <= 0 || method == NULL || store == NULL)
return 0;
OSSL_PROVIDER *prov = NULL;
/* Find it or create it */
- if ((prov = ossl_provider_find(libctx, name)) == NULL
- && (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
+ if ((prov = ossl_provider_find(libctx, name, 0)) == NULL
+ && (prov = ossl_provider_new(libctx, name, NULL, 0)) == NULL)
return NULL;
if (!ossl_provider_activate(prov)) {
int available = 0;
/* Find it or create it */
- prov = ossl_provider_find(libctx, name);
+ prov = ossl_provider_find(libctx, name, 0);
available = ossl_provider_available(prov);
ossl_provider_free(prov);
return available;
}
/* Create it */
- if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
+ if ((prov = ossl_provider_new(libctx, name, init_fn, 0)) == NULL)
return 0;
/*
activate = 1;
}
- prov = ossl_provider_find(libctx, name);
+ prov = ossl_provider_find(libctx, name, 1);
if (prov == NULL)
- prov = ossl_provider_new(libctx, name, NULL);
+ prov = ossl_provider_new(libctx, name, NULL, 1);
if (prov == NULL) {
if (soft)
ERR_clear_error();
return store;
}
-OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
+OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+ int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
OSSL_PROVIDER tmpl = { 0, };
int i;
+#ifndef FIPS_MODE
+ /*
+ * Make sure any providers are loaded from config before we try to find
+ * them.
+ */
+ if (!noconfig)
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
tmpl.name = (char *)name;
CRYPTO_THREAD_write_lock(store->lock);
if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
}
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
- OSSL_provider_init_fn *init_function)
+ OSSL_provider_init_fn *init_function,
+ int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
if ((store = get_provider_store(libctx)) == NULL)
return NULL;
- if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
+ if ((prov = ossl_provider_find(libctx, name,
+ noconfig)) != NULL) { /* refcount +1 */
ossl_provider_free(prov); /* refcount -1 */
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL,
"name=%s", name);
{
int i;
int ret = 1;
- int num_provs = sk_OSSL_PROVIDER_num(store->providers);
+ int num_provs;
+
+#ifndef FIPS_MODE
+ /*
+ * Make sure any providers are loaded from config before we try to use
+ * them.
+ */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
+ num_provs = sk_OSSL_PROVIDER_num(store->providers);
if (found_activated != NULL)
*found_activated = 0;
int i;
OSSL_PARAM *p;
+#ifndef FIPS_MODE
+ /* Load config before we attempt to read any provider parameters */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR);
if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
#include "internal/provider.h"
- OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name);
+ OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+ int noconfig);
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
- ossl_provider_init_fn *init_function);
+ ossl_provider_init_fn *init_function
+ int noconfig);
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
void ossl_provider_free(OSSL_PROVIDER *prov);
=head2 Functions
ossl_provider_find() finds an existing provider object in the provider
-object store by I<name>.
+object store by I<name>.
+The config file will be automatically loaded unless I<noconfig> is set.
+Typically I<noconfig> should be 0.
+We set I<noconfig> to 1 only when calling these functions while processing a
+config file in order to avoid recursively attempting to load the file.
The provider object it finds has its reference count incremented.
ossl_provider_new() creates a new provider object named I<name> and
there with the same name.
If there already is one with the same name, it's returned with its
reference count incremented.
+The config file will be automatically loaded unless I<noconfig> is set.
+Typically I<noconfig> should be 0.
+We set I<noconfig> to 1 only when calling these functions while processing a
+config file in order to avoid recursively attempting to load the file.
The reference count of a newly created provider object will always
be 2; one for being added to the store, and one for the returned
reference.
=item OPENSSL_INIT_LOAD_CONFIG
With this option an OpenSSL configuration file will be automatically loaded and
-used by calling OPENSSL_config(). This is not a default option for libcrypto.
-As of OpenSSL 1.1.1 this is a default option for libssl (see
-L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
-description of OPENSSL_INIT_new(), below.
+used by calling OPENSSL_config(). This is a default option.
+Note that in OpenSSL 1.1.1 this was the default for libssl but not for
+libcrypto (see L<OPENSSL_init_ssl(3)> for further details about libssl
+initialisation).
+In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto.
+See the description of OPENSSL_INIT_new(), below.
=item OPENSSL_INIT_NO_LOAD_CONFIG
B<CONF_MFLAGS_DEFAULT_SECTION> flags.
The filename, application name, and flags can be customized by providing a
non-null B<OPENSSL_INIT_SETTINGS> object.
-The object can be allocated via B<OPENSSL_init_new()>.
+The object can be allocated via B<OPENSSL_INIT_new()>.
The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
non-default filename, which is copied and need not refer to persistent storage.
Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
*/
/* Provider Object finder, constructor and destructor */
-OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name);
+OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+ int noconfig);
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
- OSSL_provider_init_fn *init_function);
+ OSSL_provider_init_fn *init_function,
+ int noconfig);
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
void ossl_provider_free(OSSL_PROVIDER *prov);
return
TEST_ptr(prov =
- ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME))
+ ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME, 0))
&& test_provider(prov, expected_greeting1(name));
}
OSSL_PROVIDER *prov = NULL;
return
- TEST_ptr(prov = ossl_provider_new(NULL, name, NULL))
+ TEST_ptr(prov = ossl_provider_new(NULL, name, NULL, 0))
&& test_provider(prov, expected_greeting1(name));
}
"Hello OpenSSL, greetings from Test Provider";
return
- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)
- && TEST_ptr(prov = ossl_provider_find(NULL, name))
+ TEST_ptr(prov = ossl_provider_find(NULL, name, 0))
&& test_provider(prov, expected_greeting);
}
#endif
projects / openssl.git / commitdiff