From a0a82324f965bbcc4faed4e1ee3fcaf81ea52166 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 12 Oct 2015 12:40:15 +0100 Subject: [PATCH] Centralise loading default apps config file Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: Richard Levitte --- apps/asn1pars.c | 3 --- apps/ca.c | 11 +++++++---- apps/ciphers.c | 3 --- apps/cms.c | 3 --- apps/crl.c | 3 --- apps/crl2p7.c | 3 --- apps/dgst.c | 3 --- apps/dhparam.c | 3 --- apps/dsa.c | 3 --- apps/dsaparam.c | 3 --- apps/ec.c | 3 --- apps/ecparam.c | 3 --- apps/enc.c | 3 --- apps/engine.c | 3 --- apps/gendsa.c | 3 --- apps/genpkey.c | 3 --- apps/genrsa.c | 3 --- apps/nseq.c | 3 --- apps/ocsp.c | 3 --- apps/openssl.c | 14 ++++++++++++-- apps/passwd.c | 3 --- apps/pkcs12.c | 3 --- apps/pkcs7.c | 3 --- apps/pkcs8.c | 3 --- apps/pkey.c | 3 --- apps/pkeyparam.c | 3 --- apps/pkeyutl.c | 3 --- apps/prime.c | 3 --- apps/rand.c | 3 --- apps/rsa.c | 4 ---- apps/rsautl.c | 3 --- apps/s_client.c | 3 --- apps/s_server.c | 3 --- apps/smime.c | 3 --- apps/speed.c | 3 --- apps/spkac.c | 2 -- apps/verify.c | 3 --- apps/x509.c | 3 --- 38 files changed, 19 insertions(+), 114 deletions(-) diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 574b03f559..6f88a1dca4 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -186,9 +186,6 @@ int asn1parse_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (oidfile != NULL) { in = bio_open_default(oidfile, 'r', FORMAT_TEXT); if (in == NULL) diff --git a/apps/ca.c b/apps/ca.c index defbf007f6..586fbe4b56 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -484,10 +484,13 @@ end_of_options: argv = opt_rest(); BIO_printf(bio_err, "Using configuration from %s\n", configfile); - if ((conf = app_load_config(configfile)) == NULL) - goto end; - if (!app_load_modules(conf)) - goto end; + /* We already loaded the default config file */ + if (configfile != default_config_file) { + if ((conf = app_load_config(configfile)) == NULL) + goto end; + if (!app_load_modules(conf)) + goto end; + } /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/ciphers.c b/apps/ciphers.c index a2ccf2842d..bf3c20499e 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -144,9 +144,6 @@ int ciphers_main(int argc, char **argv) else if (argc != 0) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - ctx = SSL_CTX_new(meth); if (ctx == NULL) goto err; diff --git a/apps/cms.c b/apps/cms.c index 6ed9338685..fef34034bc 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -684,9 +684,6 @@ int cms_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/crl.c b/apps/crl.c index 253f7a5b75..b2a5d7f54d 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -232,9 +232,6 @@ int crl_main(int argc, char **argv) if (!nmflag_set) nmflag = XN_FLAG_ONELINE; - if (!app_load_modules(NULL)) - goto end; - x = load_crl(infile, informat); if (x == NULL) goto end; diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 8cc1b62efe..930875ac84 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -148,9 +148,6 @@ int crl2pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (!nocrl) { in = bio_open_default(infile, 'r', informat); if (in == NULL) diff --git a/apps/dgst.c b/apps/dgst.c index 1e3a72ccb4..e62a8de413 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -236,9 +236,6 @@ int dgst_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (do_verify && !sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); diff --git a/apps/dhparam.c b/apps/dhparam.c index 334a129b1b..17c0b5b420 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -230,9 +230,6 @@ int dhparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) goto end; diff --git a/apps/dsa.c b/apps/dsa.c index d829f980fa..9dcc75e88a 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -202,9 +202,6 @@ int dsa_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 1ba93e603f..a0a3372f80 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -183,9 +183,6 @@ int dsaparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (argc == 1) { if (!opt_int(argv[0], &num)) goto end; diff --git a/apps/ec.c b/apps/ec.c index a30d3f0a40..3c38e6157b 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -202,9 +202,6 @@ int ec_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; diff --git a/apps/ecparam.c b/apps/ecparam.c index 5a98f454fb..9d13447283 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -220,9 +220,6 @@ int ecparam_main(int argc, char **argv) argv = opt_rest(); private = genkey ? 1 : 0; - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; diff --git a/apps/enc.c b/apps/enc.c index 5ffb1f030c..b0c82d6a34 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -295,9 +295,6 @@ int enc_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; diff --git a/apps/engine.c b/apps/engine.c index b1c1371528..b4da23ee89 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -369,9 +369,6 @@ int engine_main(int argc, char **argv) } } - if (!app_load_modules(NULL)) - goto end; - for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) { const char *id = sk_OPENSSL_STRING_value(engines, i); if ((e = ENGINE_by_id(id)) != NULL) { diff --git a/apps/gendsa.c b/apps/gendsa.c index f1e1f54b8a..5d5cb5efdd 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -144,9 +144,6 @@ int gendsa_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(dsaparams, 'r', FORMAT_PEM); if (in == NULL) goto end2; diff --git a/apps/genpkey.c b/apps/genpkey.c index d80983350a..333cea92d2 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -181,9 +181,6 @@ int genpkey_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - out = bio_open_owner(outfile, outformat, private); if (out == NULL) goto end; diff --git a/apps/genrsa.c b/apps/genrsa.c index 54484b5273..b0e5e19b7e 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -169,9 +169,6 @@ int genrsa_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - out = bio_open_owner(outfile, FORMAT_PEM, private); if (out == NULL) goto end; diff --git a/apps/nseq.c b/apps/nseq.c index 06893c82ce..e8cf69dac9 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -109,9 +109,6 @@ int nseq_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', FORMAT_PEM); if (in == NULL) goto end; diff --git a/apps/ocsp.c b/apps/ocsp.c index 960b77681a..0f8ddcc33f 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -494,9 +494,6 @@ int ocsp_main(int argc, char **argv) if (!req && !reqin && !respin && !(port && ridx_filename)) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - out = bio_open_default(outfile, 'w', FORMAT_TEXT); if (out == NULL) goto end; diff --git a/apps/openssl.c b/apps/openssl.c index 81a37629d1..565903f9f7 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -166,7 +166,7 @@ BIO *bio_in = NULL; BIO *bio_out = NULL; BIO *bio_err = NULL; -static void apps_startup() +static int apps_startup() { #ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); @@ -174,6 +174,13 @@ static void apps_startup() CRYPTO_malloc_init(); ERR_load_crypto_strings(); ERR_load_SSL_strings(); + + if (!app_load_modules(NULL)) { + ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error loading default configuration\n"); + return 0; + } + OpenSSL_add_all_algorithms(); OpenSSL_add_ssl_algorithms(); OPENSSL_load_builtin_modules(); @@ -182,6 +189,7 @@ static void apps_startup() #ifndef OPENSSL_NO_ENGINE ENGINE_load_builtin_engines(); #endif + return 1; } static void apps_shutdown() @@ -328,7 +336,9 @@ int main(int argc, char *argv[]) #endif } - apps_startup(); + if (!apps_startup()) + goto end; + prog = prog_init(); pname = opt_progname(argv[0]); diff --git a/apps/passwd.c b/apps/passwd.c index 8988313375..372e0e804e 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -201,9 +201,6 @@ int passwd_main(int argc, char **argv) goto opthelp; # endif - if (!app_load_modules(NULL)) - goto end; - if (infile && in_stdin) { BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); goto end; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e1f663a058..11930e9e16 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -354,9 +354,6 @@ int pkcs12_main(int argc, char **argv) mpass = macpass; } - if (!app_load_modules(NULL)) - goto end; - if (export_cert || inrand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index fff14dc959..1ed0b01339 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -193,9 +193,6 @@ int pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 765744ffbe..3d7282eabb 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -233,9 +233,6 @@ int pkcs8_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; diff --git a/apps/pkey.c b/apps/pkey.c index d2a66eb4a0..694cdd12c7 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -169,9 +169,6 @@ int pkey_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - out = bio_open_owner(outfile, outformat, private); if (out == NULL) goto end; diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index 215611eb34..abb40d1ab2 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -118,9 +118,6 @@ int pkeyparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', FORMAT_PEM); if (in == NULL) goto end; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index c3e18895a7..82ebdeee9e 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -230,9 +230,6 @@ int pkeyutl_main(int argc, char **argv) if (ctx == NULL) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "%s: Signature file specified for non verify\n", prog); diff --git a/apps/prime.c b/apps/prime.c index 2ce4e94f89..b6c5ad58b8 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -109,9 +109,6 @@ int prime_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (argc == 0 && !generate) { BIO_printf(bio_err, "%s: No prime specified\n", prog); goto end; diff --git a/apps/rand.c b/apps/rand.c index 315e6be02f..150eef4fb1 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -126,9 +126,6 @@ int rand_main(int argc, char **argv) if (sscanf(argv[0], "%d", &num) != 1 || num < 0) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", diff --git a/apps/rsa.c b/apps/rsa.c index f8a0deceb6..0640ba4fad 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -256,10 +256,6 @@ int rsa_main(int argc, char **argv) BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - - if (!app_load_modules(NULL)) - goto end; - if (check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; diff --git a/apps/rsautl.c b/apps/rsautl.c index 84a1de1ae9..5d6bdc0242 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -214,9 +214,6 @@ int rsautl_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, 0); diff --git a/apps/s_client.c b/apps/s_client.c index d76f921db6..9bad1b51cf 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1063,9 +1063,6 @@ int s_client_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (proxystr) { if (connectstr == NULL) { BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog); diff --git a/apps/s_server.c b/apps/s_server.c index aa43541501..bfc8b1fcd2 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1475,9 +1475,6 @@ int s_server_main(int argc, char *argv[]) goto end; } - if (!app_load_modules(NULL)) - goto end; - if (s_key_file == NULL) s_key_file = s_cert_file; diff --git a/apps/smime.c b/apps/smime.c index db645d0e16..551a8fd44d 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -422,9 +422,6 @@ int smime_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/speed.c b/apps/speed.c index 046c0b2614..faa3e159ae 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -850,9 +850,6 @@ int speed_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - /* Remaining arguments are algorithms. */ for ( ; *argv; argv++) { if (found(*argv, doit_choices, &i)) { diff --git a/apps/spkac.c b/apps/spkac.c index 180f80fcb7..eaeb3c15d0 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -186,8 +186,6 @@ int spkac_main(int argc, char **argv) if ((conf = app_load_config(infile)) == NULL) goto end; - if (!app_load_modules(conf)) - goto end; spkstr = NCONF_get_string(conf, spksect, spkac); diff --git a/apps/verify.c b/apps/verify.c index 61f8cf7579..bd4ed05065 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -198,9 +198,6 @@ int verify_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cb); diff --git a/apps/x509.c b/apps/x509.c index 9472b68da5..ff1e8cbe82 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -493,9 +493,6 @@ int x509_main(int argc, char **argv) if (!nmflag_set) nmflag = XN_FLAG_ONELINE; - if (!app_load_modules(NULL)) - goto end; - out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end; -- 2.34.1