From 296f54ee211edbf8d21479091b4c20a9ee7698ad Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Fri, 29 May 2015 08:07:10 +0200 Subject: [PATCH] Restore module loading The module loading feature got broken a while ago, so restore it, but have it a bit more explicit this time around. Reviewed-by: Stephen Henson --- apps/apps.c | 53 +++++++++++++++++++++++++++++++++++++++++------- apps/apps.h | 5 ++++- apps/asn1pars.c | 5 ++++- apps/ca.c | 2 ++ apps/ciphers.c | 3 +++ apps/cms.c | 4 +++- apps/crl.c | 3 +++ apps/crl2p7.c | 3 +++ apps/dgst.c | 3 +++ apps/dhparam.c | 3 +++ apps/dsa.c | 3 +++ apps/dsaparam.c | 3 +++ apps/ec.c | 3 +++ apps/ecparam.c | 3 +++ apps/enc.c | 3 +++ apps/engine.c | 3 +++ apps/gendsa.c | 3 +++ apps/genpkey.c | 3 +++ apps/genrsa.c | 3 +++ apps/nseq.c | 3 +++ apps/ocsp.c | 3 +++ apps/openssl.c | 18 +++++++++++++++- apps/passwd.c | 3 +++ apps/pkcs12.c | 3 +++ apps/pkcs7.c | 3 +++ apps/pkcs8.c | 3 +++ apps/pkey.c | 3 +++ apps/pkeyparam.c | 3 +++ apps/pkeyutl.c | 3 +++ apps/prime.c | 3 +++ apps/rand.c | 3 +++ apps/req.c | 3 +++ apps/rsa.c | 3 +++ apps/rsautl.c | 3 +++ apps/s_client.c | 3 +++ apps/s_server.c | 3 +++ apps/smime.c | 3 +++ apps/speed.c | 3 +++ apps/spkac.c | 2 ++ apps/srp.c | 2 ++ apps/ts.c | 7 ++++--- apps/verify.c | 3 +++ apps/x509.c | 3 +++ 43 files changed, 186 insertions(+), 14 deletions(-) diff --git a/apps/apps.c b/apps/apps.c index 74646afae..60f71c3b8 100644 --- a/apps/apps.c +++ b/apps/apps.c @@ -496,20 +496,14 @@ static char *app_get_pass(char *arg, int keepbio) return BUF_strdup(tpass); } -CONF *app_load_config(const char *filename) +static CONF *app_load_config_(BIO *in, const char *filename) { long errorline = -1; CONF *conf; int i; - BIO *in; - - in = bio_open_default(filename, "r"); - if (in == NULL) - return NULL; conf = NCONF_new(NULL); i = NCONF_load_bio(conf, in, &errorline); - BIO_free(in); if (i > 0) return conf; @@ -522,6 +516,51 @@ CONF *app_load_config(const char *filename) NCONF_free(conf); return NULL; } +CONF *app_load_config(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default(filename, "r"); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} +CONF *app_load_config_quiet(const char *filename) +{ + BIO *in; + CONF *conf; + + in = bio_open_default_quiet(filename, "r"); + if (in == NULL) + return NULL; + + conf = app_load_config_(in, filename); + BIO_free(in); + return conf; +} + +int app_load_modules(const CONF *config) +{ + CONF *to_free = NULL; + + if (config == NULL) + config = to_free = app_load_config_quiet(default_config_file); + if (config == NULL) + return 1; + + if (CONF_modules_load(config, NULL, 0) <= 0) { + BIO_printf(bio_err, "Error configuring OpenSSL modules\n"); + ERR_print_errors(bio_err); + NCONF_free(to_free); + return 0; + } + NCONF_free(to_free); + return 1; +} int add_oid_section(CONF *conf) { diff --git a/apps/apps.h b/apps/apps.h index a8e0071f4..a8652a1bb 100644 --- a/apps/apps.h +++ b/apps/apps.h @@ -154,7 +154,10 @@ extern BIO *bio_err; BIO *dup_bio_in(void); BIO *dup_bio_out(void); BIO *bio_open_default(const char *filename, const char *mode); -CONF *app_load_config(const char* filename); +BIO *bio_open_default_quiet(const char *filename, const char *mode); +CONF *app_load_config(const char *filename); +CONF *app_load_config_quiet(const char *filename); +int app_load_modules(const CONF *config); void unbuffer(FILE *fp); /* Often used in calls to bio_open_default. */ diff --git a/apps/asn1pars.c b/apps/asn1pars.c index d188f4a5c..bf53a349b 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -186,8 +186,11 @@ int asn1parse_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (oidfile != NULL) { - in = bio_open_default(oidfile, "r"); + in = bio_open_default(oidfile, "r"); if (in == NULL) goto end; OBJ_create_objects(in); diff --git a/apps/ca.c b/apps/ca.c index 437a37542..4dc9176c8 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -485,6 +485,8 @@ end_of_options: BIO_printf(bio_err, "Using configuration from %s\n", configfile); if ((conf = app_load_config(configfile)) == NULL) goto end; + if (!app_load_modules(conf)) + goto end; /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/ciphers.c b/apps/ciphers.c index 47132fdfc..b1b3bddd7 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -148,6 +148,9 @@ int ciphers_main(int argc, char **argv) else if (argc != 0) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + ctx = SSL_CTX_new(meth); if (ctx == NULL) goto err; diff --git a/apps/cms.c b/apps/cms.c index 5293fbdc6..7ccca5be9 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -664,12 +664,14 @@ int cms_main(int argc, char **argv) } else if (!operation) goto opthelp; - if (!app_passwd(passinarg, NULL, &passin, NULL)) { BIO_printf(bio_err, "Error getting password\n"); goto end; } + if (!app_load_modules(NULL)) + goto end; + if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/crl.c b/apps/crl.c index 443889a75..17391e24c 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -217,6 +217,9 @@ int crl_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + x = load_crl(infile, informat); if (x == NULL) goto end; diff --git a/apps/crl2p7.c b/apps/crl2p7.c index f05ad4ae5..e4e39cfe3 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -148,6 +148,9 @@ int crl2pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (!nocrl) { in = bio_open_default(infile, RB(informat)); if (in == NULL) diff --git a/apps/dgst.c b/apps/dgst.c index 5d2349277..308555c46 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -236,6 +236,9 @@ int dgst_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (do_verify && !sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); diff --git a/apps/dhparam.c b/apps/dhparam.c index c66c5916c..931bf1022 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -230,6 +230,9 @@ int dhparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) goto end; diff --git a/apps/dsa.c b/apps/dsa.c index d864c7502..f02f29399 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -196,6 +196,9 @@ int dsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index cf29b800d..ffd81ff7e 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -185,6 +185,9 @@ int dsaparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (argc == 1) { if (!opt_int(argv[0], &num)) goto end; diff --git a/apps/ec.c b/apps/ec.c index 31a50eea9..83a6aa4ba 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -199,6 +199,9 @@ int ec_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; diff --git a/apps/ecparam.c b/apps/ecparam.c index 755b1be18..ae755735b 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -220,6 +220,9 @@ int ecparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; diff --git a/apps/enc.c b/apps/enc.c index e4d490f25..d045d1596 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -294,6 +294,9 @@ int enc_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; diff --git a/apps/engine.c b/apps/engine.c index 832cb0afa..91af7bff7 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -369,6 +369,9 @@ int engine_main(int argc, char **argv) } } + if (!app_load_modules(NULL)) + goto end; + for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) { const char *id = sk_OPENSSL_STRING_value(engines, i); if ((e = ENGINE_by_id(id)) != NULL) { diff --git a/apps/gendsa.c b/apps/gendsa.c index 75bd802e6..a832ec3de 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -143,6 +143,9 @@ int gendsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(dsaparams, "r"); if (in == NULL) goto end2; diff --git a/apps/genpkey.c b/apps/genpkey.c index de14bd381..b9843cfef 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -179,6 +179,9 @@ int genpkey_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "wb"); if (out == NULL) goto end; diff --git a/apps/genrsa.c b/apps/genrsa.c index e09e576c8..80d9ea6f0 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -166,6 +166,9 @@ int genrsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "w"); if (out == NULL) goto end; diff --git a/apps/nseq.c b/apps/nseq.c index 3fa496c48..5c8ed172c 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -109,6 +109,9 @@ int nseq_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, "r"); if (in == NULL) goto end; diff --git a/apps/ocsp.c b/apps/ocsp.c index c71b0d6d2..4c3aa3941 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -482,6 +482,9 @@ int ocsp_main(int argc, char **argv) if (!req && !reqin && !respin && !(port && ridx_filename)) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "w"); if (out == NULL) goto end; diff --git a/apps/openssl.c b/apps/openssl.c index 7713f9fbd..e04ddce3c 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -289,12 +289,16 @@ void unbuffer(FILE *fp) setbuf(fp, NULL); } -BIO *bio_open_default(const char *filename, const char *mode) +static BIO *bio_open_default_(const char *filename, const char *mode, int quiet) { BIO *ret; if (filename == NULL || strcmp(filename, "-") == 0) { ret = *mode == 'r' ? dup_bio_in() : dup_bio_out(); + if (quiet) { + ERR_clear_error(); + return ret; + } if (ret != NULL) return ret; BIO_printf(bio_err, @@ -302,6 +306,10 @@ BIO *bio_open_default(const char *filename, const char *mode) *mode == 'r' ? "stdin" : "stdout", strerror(errno)); } else { ret = BIO_new_file(filename, mode); + if (quiet) { + ERR_clear_error(); + return ret; + } if (ret != NULL) return ret; BIO_printf(bio_err, @@ -312,6 +320,14 @@ BIO *bio_open_default(const char *filename, const char *mode) ERR_print_errors(bio_err); return NULL; } +BIO *bio_open_default(const char *filename, const char *mode) +{ + return bio_open_default_(filename, mode, 0); +} +BIO *bio_open_default_quiet(const char *filename, const char *mode) +{ + return bio_open_default_(filename, mode, 1); +} #if defined( OPENSSL_SYS_VMS) extern char **copy_argv(int *argc, char **argv); diff --git a/apps/passwd.c b/apps/passwd.c index 8dd854287..f34ef9f53 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -202,6 +202,9 @@ int passwd_main(int argc, char **argv) goto opthelp; # endif + if (!app_load_modules(NULL)) + goto end; + if (infile && in_stdin) { BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); goto end; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index 367ba8775..82131e852 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -342,6 +342,9 @@ int pkcs12_main(int argc, char **argv) mpass = macpass; } + if (!app_load_modules(NULL)) + goto end; + if (export_cert || inrand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index 7c62a8658..248e0d6db 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -193,6 +193,9 @@ int pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, RB(informat)); if (in == NULL) goto end; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index b4af16003..f8a340eda 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -223,6 +223,9 @@ int pkcs8_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; diff --git a/apps/pkey.c b/apps/pkey.c index f0930a74f..875087fd1 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -165,6 +165,9 @@ int pkey_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "wb"); if (out == NULL) goto end; diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index fbd19a78c..6039dad9d 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -118,6 +118,9 @@ int pkeyparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + in = bio_open_default(infile, "r"); if (in == NULL) goto end; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index 87e49501a..4c267c1ee 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -229,6 +229,9 @@ int pkeyutl_main(int argc, char **argv) if (ctx == NULL) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "%s: Signature file specified for non verify\n", prog); diff --git a/apps/prime.c b/apps/prime.c index 04a83ab04..d7f3869fd 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -109,6 +109,9 @@ int prime_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (argc == 0 && !generate) { BIO_printf(bio_err, "%s: No prime specified\n", prog); goto end; diff --git a/apps/rand.c b/apps/rand.c index 498e7dae7..432e78449 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -126,6 +126,9 @@ int rand_main(int argc, char **argv) if (sscanf(argv[0], "%d", &num) != 1 || num < 0) goto opthelp; + if (!app_load_modules(NULL)) + goto end; + app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", diff --git a/apps/req.c b/apps/req.c index a4cf3125f..3bae59ec8 100644 --- a/apps/req.c +++ b/apps/req.c @@ -380,6 +380,9 @@ int req_main(int argc, char **argv) if (verbose) BIO_printf(bio_err, "Using configuration from %s\n", template); req_conf = app_load_config(template); + if (!app_load_modules(req_conf)) + goto end; + if (req_conf != NULL) { p = NCONF_get_string(req_conf, NULL, "oid_file"); if (p == NULL) diff --git a/apps/rsa.c b/apps/rsa.c index 858699bc1..87cb70254 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -254,6 +254,9 @@ int rsa_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + if (check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; diff --git a/apps/rsautl.c b/apps/rsautl.c index 0ef61050c..8ba838b43 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -214,6 +214,9 @@ int rsautl_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, 0); diff --git a/apps/s_client.c b/apps/s_client.c index 6c14af0e2..009e5fe89 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1059,6 +1059,9 @@ int s_client_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if (proxystr) { if (connectstr == NULL) { BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog); diff --git a/apps/s_server.c b/apps/s_server.c index 6bbabcc5f..189019d1b 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1438,6 +1438,9 @@ int s_server_main(int argc, char *argv[]) goto end; } + if (!app_load_modules(NULL)) + goto end; + if (s_key_file == NULL) s_key_file = s_cert_file; diff --git a/apps/smime.c b/apps/smime.c index 3f48278cd..45898de4c 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -411,6 +411,9 @@ int smime_main(int argc, char **argv) goto end; } + if (!app_load_modules(NULL)) + goto end; + if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/speed.c b/apps/speed.c index 4b3da8758..b93237e59 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -856,6 +856,9 @@ int speed_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + /* Remaining arguments are algorithms. */ for ( ; *argv; argv++) { if (found(*argv, doit_choices, &i)) { diff --git a/apps/spkac.c b/apps/spkac.c index bd99f0e66..d41331cab 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -186,6 +186,8 @@ int spkac_main(int argc, char **argv) if ((conf = app_load_config(infile)) == NULL) goto end; + if (!app_load_modules(conf)) + goto end; spkstr = NCONF_get_string(conf, spksect, spkac); diff --git a/apps/srp.c b/apps/srp.c index b91d7d076..c730d6d15 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -354,6 +354,8 @@ int srp_main(int argc, char **argv) conf = app_load_config(configfile); if (conf == NULL) goto end; + if (!app_load_modules(conf)) + goto end; /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/ts.c b/apps/ts.c index be2482c6c..dfbf7eaeb 100644 --- a/apps/ts.c +++ b/apps/ts.c @@ -316,6 +316,10 @@ int ts_main(int argc, char **argv) goto end; } + conf = load_config_file(configfile); + if (!app_load_modules(conf)) + goto end; + /* * Check consistency of parameters and execute the appropriate function. */ @@ -331,13 +335,10 @@ int ts_main(int argc, char **argv) ret = data != NULL && digest != NULL; if (ret) goto opthelp; - /* Load the config file for possible policy OIDs. */ - conf = load_config_file(configfile); ret = !query_command(data, digest, md, policy, no_nonce, cert, in, out, text); break; case OPT_REPLY: - conf = load_config_file(configfile); if (in == NULL) { ret = !(queryfile != NULL && conf != NULL && !token_in); if (ret) diff --git a/apps/verify.c b/apps/verify.c index cb1be9a76..023519456 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -177,6 +177,9 @@ int verify_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); + if (!app_load_modules(NULL)) + goto end; + if ((store = setup_verify(CAfile, CApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cb); diff --git a/apps/x509.c b/apps/x509.c index 1a6e32782..77a2a6b43 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -489,6 +489,9 @@ int x509_main(int argc, char **argv) goto opthelp; } + if (!app_load_modules(NULL)) + goto end; + out = bio_open_default(outfile, "w"); if (out == NULL) goto end;