summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
authorMatt Caswell <matt@openssl.org>2019-07-30 16:42:53 +0100
committerMatt Caswell <matt@openssl.org>2019-08-01 09:59:20 +0100
commit29dc6e00f2a1ec93bbacc5127cecf3412e95e57f (patch)
treee14982624eb7d057b64d73fdc7a617f49a0ff178 /crypto
parent988b29850b9e7b2b21d680545aeed76273a42a16 (diff)
Load the config file by default
Previously we only loaded the config file by default for libssl. Now we do it for libcrypto too. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9492)
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/a_strnid.c3
-rw-r--r--crypto/engine/eng_table.c3
-rw-r--r--crypto/objects/obj_dat.c96
-rw-r--r--crypto/property/property.c4
-rw-r--r--crypto/provider.c8
-rw-r--r--crypto/provider_conf.c4
-rw-r--r--crypto/provider_core.c35
7 files changed, 104 insertions, 49 deletions
diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c
index 209e1ed491..630ac19259 100644
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@@ -129,6 +129,9 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
int idx;
ASN1_STRING_TABLE fnd;
+ /* "stable" can be impacted by config, so load the config file first */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
fnd.nid = nid;
if (stable) {
idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
diff --git a/crypto/engine/eng_table.c b/crypto/engine/eng_table.c
index c3afa583d0..62e9416869 100644
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@@ -197,6 +197,9 @@ ENGINE *engine_table_select_int(ENGINE_TABLE **table, int nid, const char *f,
ENGINE_PILE tmplate, *fnd = NULL;
int initres, loop = 0;
+ /* Load the config before trying to check if engines are available */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
if (!(*table)) {
OSSL_TRACE3(ENGINE_TABLE,
"%s:%d, nid=%d, nothing registered!\n",
diff --git a/crypto/objects/obj_dat.c b/crypto/objects/obj_dat.c
index ec9e131337..c4155a3dfc 100644
--- a/crypto/objects/obj_dat.c
+++ b/crypto/objects/obj_dat.c
@@ -228,20 +228,23 @@ ASN1_OBJECT *OBJ_nid2obj(int n)
return NULL;
}
return (ASN1_OBJECT *)&(nid_objs[n]);
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj;
- else {
- OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
}
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj;
+
+ OBJerr(OBJ_F_OBJ_NID2OBJ, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
const char *OBJ_nid2sn(int n)
@@ -255,20 +258,23 @@ const char *OBJ_nid2sn(int n)
return NULL;
}
return nid_objs[n].sn;
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj->sn;
- else {
- OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
}
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj->sn;
+
+ OBJerr(OBJ_F_OBJ_NID2SN, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
const char *OBJ_nid2ln(int n)
@@ -282,20 +288,23 @@ const char *OBJ_nid2ln(int n)
return NULL;
}
return nid_objs[n].ln;
- } else if (added == NULL)
- return NULL;
- else {
- ad.type = ADDED_NID;
- ad.obj = &ob;
- ob.nid = n;
- adp = lh_ADDED_OBJ_retrieve(added, &ad);
- if (adp != NULL)
- return adp->obj->ln;
- else {
- OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
- return NULL;
- }
}
+
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
+ if (added == NULL)
+ return NULL;
+
+ ad.type = ADDED_NID;
+ ad.obj = &ob;
+ ob.nid = n;
+ adp = lh_ADDED_OBJ_retrieve(added, &ad);
+ if (adp != NULL)
+ return adp->obj->ln;
+
+ OBJerr(OBJ_F_OBJ_NID2LN, OBJ_R_UNKNOWN_NID);
+ return NULL;
}
static int obj_cmp(const ASN1_OBJECT *const *ap, const unsigned int *bp)
@@ -327,6 +336,9 @@ int OBJ_obj2nid(const ASN1_OBJECT *a)
if (a->length == 0)
return NID_undef;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
if (added != NULL) {
ad.type = ADDED_DATA;
ad.obj = (ASN1_OBJECT *)a; /* XXX: ugly but harmless */
@@ -544,6 +556,9 @@ int OBJ_ln2nid(const char *s)
ADDED_OBJ ad, *adp;
const unsigned int *op;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
o.ln = s;
if (added != NULL) {
ad.type = ADDED_LNAME;
@@ -565,6 +580,9 @@ int OBJ_sn2nid(const char *s)
ADDED_OBJ ad, *adp;
const unsigned int *op;
+ /* Make sure we've loaded config before checking for any "added" objects */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+
o.sn = s;
if (added != NULL) {
ad.type = ADDED_SNAME;
diff --git a/crypto/property/property.c b/crypto/property/property.c
index cab2ab243e..c3fa8df9c6 100644
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@@ -279,6 +279,10 @@ int ossl_method_store_fetch(OSSL_METHOD_STORE *store, int nid,
int ret = 0;
int j, best = -1, score, optional;
+#ifndef FIPS_MODE
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
if (nid <= 0 || method == NULL || store == NULL)
return 0;
diff --git a/crypto/provider.c b/crypto/provider.c
index 0250955a70..25ded2df99 100644
--- a/crypto/provider.c
+++ b/crypto/provider.c
@@ -17,8 +17,8 @@ OSSL_PROVIDER *OSSL_PROVIDER_load(OPENSSL_CTX *libctx, const char *name)
OSSL_PROVIDER *prov = NULL;
/* Find it or create it */
- if ((prov = ossl_provider_find(libctx, name)) == NULL
- && (prov = ossl_provider_new(libctx, name, NULL)) == NULL)
+ if ((prov = ossl_provider_find(libctx, name, 0)) == NULL
+ && (prov = ossl_provider_new(libctx, name, NULL, 0)) == NULL)
return NULL;
if (!ossl_provider_activate(prov)) {
@@ -41,7 +41,7 @@ int OSSL_PROVIDER_available(OPENSSL_CTX *libctx, const char *name)
int available = 0;
/* Find it or create it */
- prov = ossl_provider_find(libctx, name);
+ prov = ossl_provider_find(libctx, name, 0);
available = ossl_provider_available(prov);
ossl_provider_free(prov);
return available;
@@ -69,7 +69,7 @@ int OSSL_PROVIDER_add_builtin(OPENSSL_CTX *libctx, const char *name,
}
/* Create it */
- if ((prov = ossl_provider_new(libctx, name, init_fn)) == NULL)
+ if ((prov = ossl_provider_new(libctx, name, init_fn, 0)) == NULL)
return 0;
/*
diff --git a/crypto/provider_conf.c b/crypto/provider_conf.c
index 25881d6de8..9b7a1fff7c 100644
--- a/crypto/provider_conf.c
+++ b/crypto/provider_conf.c
@@ -113,9 +113,9 @@ static int provider_conf_load(OPENSSL_CTX *libctx, const char *name,
activate = 1;
}
- prov = ossl_provider_find(libctx, name);
+ prov = ossl_provider_find(libctx, name, 1);
if (prov == NULL)
- prov = ossl_provider_new(libctx, name, NULL);
+ prov = ossl_provider_new(libctx, name, NULL, 1);
if (prov == NULL) {
if (soft)
ERR_clear_error();
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 803406d7f7..76d526eaf0 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -159,7 +159,8 @@ static struct provider_store_st *get_provider_store(OPENSSL_CTX *libctx)
return store;
}
-OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
+OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name,
+ int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
@@ -168,6 +169,15 @@ OSSL_PROVIDER *ossl_provider_find(OPENSSL_CTX *libctx, const char *name)
OSSL_PROVIDER tmpl = { 0, };
int i;
+#ifndef FIPS_MODE
+ /*
+ * Make sure any providers are loaded from config before we try to find
+ * them.
+ */
+ if (!noconfig)
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
tmpl.name = (char *)name;
CRYPTO_THREAD_write_lock(store->lock);
if ((i = sk_OSSL_PROVIDER_find(store->providers, &tmpl)) == -1
@@ -215,7 +225,8 @@ int ossl_provider_up_ref(OSSL_PROVIDER *prov)
}
OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
- OSSL_provider_init_fn *init_function)
+ OSSL_provider_init_fn *init_function,
+ int noconfig)
{
struct provider_store_st *store = NULL;
OSSL_PROVIDER *prov = NULL;
@@ -223,7 +234,8 @@ OSSL_PROVIDER *ossl_provider_new(OPENSSL_CTX *libctx, const char *name,
if ((store = get_provider_store(libctx)) == NULL)
return NULL;
- if ((prov = ossl_provider_find(libctx, name)) != NULL) { /* refcount +1 */
+ if ((prov = ossl_provider_find(libctx, name,
+ noconfig)) != NULL) { /* refcount +1 */
ossl_provider_free(prov); /* refcount -1 */
ERR_raise_data(ERR_LIB_CRYPTO, CRYPTO_R_PROVIDER_ALREADY_EXISTS, NULL,
"name=%s", name);
@@ -552,7 +564,17 @@ static int provider_forall_loaded(struct provider_store_st *store,
{
int i;
int ret = 1;
- int num_provs = sk_OSSL_PROVIDER_num(store->providers);
+ int num_provs;
+
+#ifndef FIPS_MODE
+ /*
+ * Make sure any providers are loaded from config before we try to use
+ * them.
+ */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
+ num_provs = sk_OSSL_PROVIDER_num(store->providers);
if (found_activated != NULL)
*found_activated = 0;
@@ -754,6 +776,11 @@ static int core_get_params(const OSSL_PROVIDER *prov, OSSL_PARAM params[])
int i;
OSSL_PARAM *p;
+#ifndef FIPS_MODE
+ /* Load config before we attempt to read any provider parameters */
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
+
if ((p = OSSL_PARAM_locate(params, "openssl-version")) != NULL)
OSSL_PARAM_set_utf8_ptr(p, OPENSSL_VERSION_STR);
if ((p = OSSL_PARAM_locate(params, "provider-name")) != NULL)
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-02 22:38:07 +0000