summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
988b298)
Previously we only loaded the config file by default for libssl. Now we do
it for libcrypto too.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9492)
int idx;
ASN1_STRING_TABLE fnd;
int idx;
ASN1_STRING_TABLE fnd;
+ /* "stable" can be impacted by config, so load the config file first */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
fnd.nid = nid;
if (stable) {
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
fnd.nid = nid;
if (stable) {
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
ENGINE_PILE tmplate, *fnd = NULL;
int initres, loop = 0;
ENGINE_PILE tmplate, *fnd = NULL;
int initres, loop = 0;
+ /* Load the config before trying to check if engines are available */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
if (!(*table)) {
OSSL_TRACE3(ENGINE_TABLE,
"%s:%d, nid=%d, nothing registered!\n",
if (!(*table)) {
OSSL_TRACE3(ENGINE_TABLE,
"%s:%d, nid=%d, nothing registered!\n",
return NULL;
}
return (ASN1_OBJECT *)&(nid_objs[n]);
return NULL;
}
return (ASN1_OBJECT *)&(nid_objs[n]);
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj;
- else {
- OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj;
+
+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
const char *OBJ_nid2sn(int n)
}
const char *OBJ_nid2sn(int n)
return NULL;
}
return nid_objs[n].sn;
return NULL;
}
return nid_objs[n].sn;
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj->sn;
- else {
- OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj->sn;
+
+ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
const char *OBJ_nid2ln(int n)
}
const char *OBJ_nid2ln(int n)
return NULL;
}
return nid_objs[n].ln;
return NULL;
}
return nid_objs[n].ln;
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj->ln;
- else {
- OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj->ln;
+
+ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
}
static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
if (a->length == 0)
return NID_undef;
if (a->length == 0)
return NID_undef;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
ADDED_OBJ ad, *adp;
const unsigned int *op;
ADDED_OBJ ad, *adp;
const unsigned int *op;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
o.ln = s;
if (added != NULL) {
ad.type = ADDED_LNAME;
o.ln = s;
if (added != NULL) {
ad.type = ADDED_LNAME;
ADDED_OBJ ad, *adp;
const unsigned int *op;
ADDED_OBJ ad, *adp;
const unsigned int *op;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
o.sn = s;
if (added != NULL) {
ad.type = ADDED_SNAME;
o.sn = s;
if (added != NULL) {
ad.type = ADDED_SNAME;
int ret = 0;
int j, best = -1, score, optional;
int ret = 0;
int j, best = -1, score, optional;
+#ifndef FIPS_MODE
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
if (nid <= 0 || method == NULL || store == NULL)
return 0;
if (nid <= 0 || method == NULL || store == NULL)
return 0;
OSSL_PROVIDER *prov = NULL;
/* Find it or create it */
OSSL_PROVIDER *prov = NULL;
/* Find it or create it */
- if ((prov = ossl_provider_find(libctx, name)) == NULL
- && (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
+ if ((prov = ossl_provider_find(libctx, name, 0)) == NULL
+ && (prov = ossl_provider_new(libctx, name, NULL, 0)) == NULL)
return NULL;
if (!ossl_provider_activate(prov)) {
return NULL;
if (!ossl_provider_activate(prov)) {
int available = 0;
/* Find it or create it */
int available = 0;
/* Find it or create it */
- prov = ossl_provider_find(libctx, name);
+ prov = ossl_provider_find(libctx, name, 0);
available = ossl_provider_available(prov);
ossl_provider_free(prov);
return available;
available = ossl_provider_available(prov);
ossl_provider_free(prov);
return available;
- if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
+ if ((prov = ossl_provider_new(libctx, name, init_fn, 0)) == NULL)
- prov = ossl_provider_find(libctx, name);
+ prov = ossl_provider_find(libctx, name, 1);
- prov = ossl_provider_new(libctx, name, NULL);
+ prov = ossl_provider_new(libctx, name, NULL, 1);
if (prov == NULL) {
if (soft)
ERR_clear_error();
if (prov == NULL) {
if (soft)
ERR_clear_error();
-OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
+OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+ int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
OSSL_PROVIDER tmpl = { 0, };
int i;
OSSL_PROVIDER tmpl = { 0, };
int i;
+#ifndef FIPS_MODE
+ /*
+ * Make sure any providers are loaded from config before we try to find
+ * them.
+ */
+ if (!noconfig)
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
tmpl.name = (char *)name;
CRYPTO_THREAD_write_lock(store->lock);
if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
tmpl.name = (char *)name;
CRYPTO_THREAD_write_lock(store->lock);
if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
}
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
}
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
- OSSL_provider_init_fn *init_function)
+ OSSL_provider_init_fn *init_function,
+ int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
if ((store = get_provider_store(libctx)) == NULL)
return NULL;
if ((store = get_provider_store(libctx)) == NULL)
return NULL;
- if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
+ if ((prov = ossl_provider_find(libctx, name,
+ noconfig)) != NULL) { /* refcount +1 */
ossl_provider_free(prov); /* refcount -1 */
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL,
"name=%s", name);
ossl_provider_free(prov); /* refcount -1 */
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL,
"name=%s", name);
- int num_provs = sk_OSSL_PROVIDER_num(store->providers);
+ int num_provs;
+
+#ifndef FIPS_MODE
+ /*
+ * Make sure any providers are loaded from config before we try to use
+ * them.
+ */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
+ num_provs = sk_OSSL_PROVIDER_num(store->providers);
if (found_activated != NULL)
*found_activated = 0;
if (found_activated != NULL)
*found_activated = 0;
+#ifndef FIPS_MODE
+ /* Load config before we attempt to read any provider parameters */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR);
if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR);
if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
#include "internal/provider.h"
#include "internal/provider.h"
- OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name);
+ OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+ int noconfig);
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
- ossl_provider_init_fn *init_function);
+ ossl_provider_init_fn *init_function
+ int noconfig);
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
void ossl_provider_free(OSSL_PROVIDER *prov);
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
void ossl_provider_free(OSSL_PROVIDER *prov);
=head2 Functions
ossl_provider_find() finds an existing provider object in the provider
=head2 Functions
ossl_provider_find() finds an existing provider object in the provider
-object store by I<name>.
+object store by I<name>.
+The config file will be automatically loaded unless I<noconfig> is set.
+Typically I<noconfig> should be 0.
+We set I<noconfig> to 1 only when calling these functions while processing a
+config file in order to avoid recursively attempting to load the file.
The provider object it finds has its reference count incremented.
ossl_provider_new() creates a new provider object named I<name> and
The provider object it finds has its reference count incremented.
ossl_provider_new() creates a new provider object named I<name> and
there with the same name.
If there already is one with the same name, it's returned with its
reference count incremented.
there with the same name.
If there already is one with the same name, it's returned with its
reference count incremented.
+The config file will be automatically loaded unless I<noconfig> is set.
+Typically I<noconfig> should be 0.
+We set I<noconfig> to 1 only when calling these functions while processing a
+config file in order to avoid recursively attempting to load the file.
The reference count of a newly created provider object will always
be 2; one for being added to the store, and one for the returned
reference.
The reference count of a newly created provider object will always
be 2; one for being added to the store, and one for the returned
reference.
=item OPENSSL_INIT_LOAD_CONFIG
With this option an OpenSSL configuration file will be automatically loaded and
=item OPENSSL_INIT_LOAD_CONFIG
With this option an OpenSSL configuration file will be automatically loaded and
-used by calling OPENSSL_config(). This is not a default option for libcrypto.
-As of OpenSSL 1.1.1 this is a default option for libssl (see
-L<OPENSSL_init_ssl(3)> for further details about libssl initialisation). See the
-description of OPENSSL_INIT_new(), below.
+used by calling OPENSSL_config(). This is a default option.
+Note that in OpenSSL 1.1.1 this was the default for libssl but not for
+libcrypto (see L<OPENSSL_init_ssl(3)> for further details about libssl
+initialisation).
+In OpenSSL 1.1.0 this was a non-default option for both libssl and libcrypto.
+See the description of OPENSSL_INIT_new(), below.
=item OPENSSL_INIT_NO_LOAD_CONFIG
=item OPENSSL_INIT_NO_LOAD_CONFIG
B<CONF_MFLAGS_DEFAULT_SECTION> flags.
The filename, application name, and flags can be customized by providing a
non-null B<OPENSSL_INIT_SETTINGS> object.
B<CONF_MFLAGS_DEFAULT_SECTION> flags.
The filename, application name, and flags can be customized by providing a
non-null B<OPENSSL_INIT_SETTINGS> object.
-The object can be allocated via B<OPENSSL_init_new()>.
+The object can be allocated via B<OPENSSL_INIT_new()>.
The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
non-default filename, which is copied and need not refer to persistent storage.
Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
The B<OPENSSL_INIT_set_config_filename()> function can be used to specify a
non-default filename, which is copied and need not refer to persistent storage.
Similarly, OPENSSL_INIT_set_config_appname() can be used to specify a
*/
/* Provider Object finder, constructor and destructor */
*/
/* Provider Object finder, constructor and destructor */
-OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name);
+OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+ int noconfig);
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
- OSSL_provider_init_fn *init_function);
+ OSSL_provider_init_fn *init_function,
+ int noconfig);
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
void ossl_provider_free(OSSL_PROVIDER *prov);
int ossl_provider_up_ref(OSSL_PROVIDER *prov);
void ossl_provider_free(OSSL_PROVIDER *prov);
- ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME))
+ ossl_provider_new(NULL, name, PROVIDER_INIT_FUNCTION_NAME, 0))
&& test_provider(prov, expected_greeting1(name));
}
&& test_provider(prov, expected_greeting1(name));
}
OSSL_PROVIDER *prov = NULL;
return
OSSL_PROVIDER *prov = NULL;
return
- TEST_ptr(prov = ossl_provider_new(NULL, name, NULL))
+ TEST_ptr(prov = ossl_provider_new(NULL, name, NULL, 0))
&& test_provider(prov, expected_greeting1(name));
}
&& test_provider(prov, expected_greeting1(name));
}
"Hello OpenSSL, greetings from Test Provider";
return
"Hello OpenSSL, greetings from Test Provider";
return
- OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL)
- && TEST_ptr(prov = ossl_provider_find(NULL, name))
+ TEST_ptr(prov = ossl_provider_find(NULL, name, 0))
&& test_provider(prov, expected_greeting);
}
#endif
&& test_provider(prov, expected_greeting);
}
#endif