Hide OPENSSL_INIT_SETTINGS.

Make OPENSSL_INIT_SETTINGS an opaque structure. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-10 09:55:48 -05:00
parent 5caef3b502
commit 7253fd550c
11 changed files with 65 additions and 73 deletions
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -57,6 +57,8 @@
 */
 #include <stdio.h>
 #include <string.h>
 #include <internal/conf.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
 #include <openssl/conf.h>
@@ -370,3 +372,29 @@ int NCONF_dump_bio(const CONF *conf, BIO *out)
    return conf->meth->dump(conf, out);
 }
 /*
 * These routines call the C malloc/free, to avoid intermixing with
 * OpenSSL function pointers before the library is initialized.
 */
 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void)
 {
    OPENSSL_INIT_SETTINGS *ret = malloc(sizeof(*ret));
    memset(ret, 0, sizeof(*ret));
    return ret;
 }
 void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
                                      const char *config_file)
 {
    free(settings->config_name);
    settings->config_name = config_file == NULL ? NULL : strdup(config_file);
 }
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
 {
    free(settings->config_name);
    free(settings);
 }
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@@ -77,13 +77,11 @@ static int openssl_configured = 0;
 void OPENSSL_config(const char *config_name)
 {
-    OPENSSL_INIT_SETTINGS settings[2];
+    OPENSSL_INIT_SETTINGS settings;
-    settings[0].name = OPENSSL_INIT_SET_CONF_FILENAME;
+    memset(&settings, 0, sizeof(settings));
-    settings[0].value.type_string = config_name;
+    settings.config_name = strdup(config_name);
-    settings[1].name = OPENSSL_INIT_SET_END;
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
    settings[1].value.type_int = 0;
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
 }
 void openssl_config_internal(const char *config_name)
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -253,6 +253,7 @@ static struct thread_local_inits_st *ossl_init_get_thread_local(int alloc)
 #endif
 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
 struct ossl_init_stop_st {
    void (*handler)(void);
    OPENSSL_INIT_STOP *next;
@@ -606,21 +607,6 @@ void OPENSSL_cleanup(void)
    base_inited = 0;
 }
 static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting(
        const OPENSSL_INIT_SETTINGS *settings, int name)
 {
    if (settings == NULL)
        return NULL;
    while (settings->name != OPENSSL_INIT_SET_END) {
        if (settings->name == name)
            return settings;
        settings++;
    }
    return NULL;
 }
 /*
 * If this function is called with a non NULL settings value then it must be
 * called prior to any threads making calls to any OpenSSL functions,
@@ -670,14 +656,7 @@ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings)
    if (opts & OPENSSL_INIT_LOAD_CONFIG) {
        CRYPTO_w_lock(CRYPTO_LOCK_INIT);
-        if (settings != NULL) {
+        config_filename = (settings == NULL) ? NULL : settings->config_name;
            const OPENSSL_INIT_SETTINGS *curr;
            curr = ossl_init_get_setting(settings,
                                         OPENSSL_INIT_SET_CONF_FILENAME);
            config_filename = (curr == NULL) ? NULL : curr->value.type_string;
        } else {
            config_filename = NULL;
        }
        ossl_init_once_run(&config, ossl_init_config);
        CRYPTO_w_unlock(CRYPTO_LOCK_INIT);
    }
--- a/doc/crypto/OPENSSL_init_crypto.pod
+++ b/doc/crypto/OPENSSL_init_crypto.pod
@@ -15,6 +15,10 @@ initialisation and deinitialisation functions
 int OPENSSL_atexit(void (*handler)(void));
 void OPENSSL_thread_stop(void);
 OPENSSL_INIT_SETTINGS *OPENSSL_init_new(void);
 OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *init, const char* name);
 OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *init);
 =head1 DESCRIPTION
 During normal operation OpenSSL (libcrypto) will allocate various resources at
@@ -90,6 +94,7 @@ B<OPENSSL_INIT_ADD_ALL_DIGESTS> will be ignored.
 With this option an OpenSSL configuration file will be automatically loaded and
 used by calling OPENSSL_config(). This is not a default option.
 See the description of OPENSSL_init_new(), below.
 =item OPENSSL_INIT_NO_LOAD_CONFIG
@@ -151,23 +156,6 @@ OPENSSL_init_crypto(). For example:
 OPENSSL_init_crypto(OPENSSL_INIT_NO_ADD_ALL_CIPHERS
                     | OPENSSL_INIT_NO_ADD_ALL_DIGESTS, NULL);
 The B<settings> parameter to OPENSSL_init_crypto() may be used to provide
 optional settings values to an option. Currently the only option this
 applies to is OPENSSL_INIT_LOAD_CONFIG. This provides the optional
 OPENSSL_INIT_SET_CONF_FILENAME parameter to provide a filename to load
 configuration from. If no filename is provided then the system default
 configuration file is assumed. For example
 const OPENSSL_INIT_SETTINGS settings[2] = {
     { OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" },
     { OPENSSL_INIT_SET_END, .value.type_int = 0 }
 };
 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, settings);
 The B<settings> parameter must be an array of OPENSSL_INIT_SETTINGS values
 terminated with an OPENSSL_INIT_SET_END entry.
 The OPENSSL_cleanup() function deinitialises OpenSSL (both libcrypto
 and libssl). All resources allocated by OpenSSL are freed. Typically there
 should be no need to call this function directly as it is initiated
@@ -199,6 +187,13 @@ the library when the thread exits. This should only be called directly if
 resources should be freed at an earlier time, or under the circumstances
 described in the NOTES section below.
 The B<OPENSSL_INIT_LOAD_CONFIG> flag will load a default configuration
 file.  To specify a different file, an B<OPENSSL_INIT_SETTINGS> must
 be created and used. The routines
 OPENSSL_init_new() and OPENSSL_INIT_set_config_filename() can be used to
 allocate the object and set the configuration filename, and then the
 object can be released with OPENSSL_INIT_free() when done.
 =head1 NOTES
 Resources local to a thread are deallocated automatically when the thread exits
--- a/doc/ssl/OPENSSL_init_ssl.pod
+++ b/doc/ssl/OPENSSL_init_ssl.pod
@@ -57,11 +57,8 @@ B<OPENSSL_INIT_LOAD_SSL_STRINGS> will be ignored.
 =back
-The B<settings> parameter specifies optional settings values to an option.
+OPENSSL_init_ssl() takes a B<settings> parameter which can be used to
-Currently no such settings are available for libssl specific options. However
+set parameter values.  See L<OPENSSL_init_crypto(3)> for details.
 these settings will also be passed internally to a call to
 L<OPENSSL_init_crypto(3)>, so this parameter can also be used to
 provide libcrypto settings values.
 =head1 RETURN VALUES
--- a/include/internal/conf.h
+++ b/include/internal/conf.h
@@ -46,6 +46,11 @@
 extern "C" {
 #endif
 struct ossl_init_settings_st {
    char *config_name;
 };
 void openssl_config_internal(const char *config_name);
 void openssl_no_config_internal(void);
--- a/include/openssl/conf.h
+++ b/include/openssl/conf.h
@@ -139,6 +139,7 @@ int CONF_dump_bio(LHASH_OF(CONF_VALUE) *conf, BIO *out);
 #if OPENSSL_API_COMPAT < 0x10100000L
 void OPENSSL_config(const char *config_name);
 # define OPENSSL_no_config() \
    OPENSSL_init_crypto(OPENSSL_INIT_NO_LOAD_CONFIG, NULL)
 #endif
--- a/include/openssl/crypto.h
+++ b/include/openssl/crypto.h
@@ -575,34 +575,18 @@ int CRYPTO_memcmp(const volatile void * volatile in_a,
    OPENSSL_INIT_ENGINE_PADLOCK)
 /* Optional settings for initialisation */
 # define OPENSSL_INIT_SET_END                0
 # define OPENSSL_INIT_SET_CONF_FILENAME      1
 typedef struct ossl_init_settings_st {
    int name;
    union {
        int type_int;
        long type_long;
        int32_t type_int32_t;
        uint32_t type_uint32_t;
        int64_t type_int64_t;
        uint64_t type_uint64_t;
        size_t type_size_t;
        const char *type_string;
        void *type_void_ptr;
    } value;
 } OPENSSL_INIT_SETTINGS;
 typedef struct ossl_init_stop_st OPENSSL_INIT_STOP;
 /* Library initialisation functions */
 void OPENSSL_cleanup(void);
 int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
 int OPENSSL_atexit(void (*handler)(void));
 void OPENSSL_thread_stop(void);
 /* Low-level control of initialization */
 OPENSSL_INIT_SETTINGS *OPENSSL_INIT_new(void);
 void OPENSSL_INIT_set_config_filename(OPENSSL_INIT_SETTINGS *settings,
                                      const char *config_file);
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings);
 /* BEGIN ERROR CODES */
 /*
 * The following lines are auto generated by the script mkerr.pl. Any changes
--- a/include/openssl/ossl_typ.h
+++ b/include/openssl/ossl_typ.h
@@ -172,6 +172,7 @@ typedef struct pkcs8_priv_key_info_st PKCS8_PRIV_KEY_INFO;
 typedef struct v3_ext_ctx X509V3_CTX;
 typedef struct conf_st CONF;
 typedef struct ossl_init_settings_st OPENSSL_INIT_SETTINGS;
 typedef struct ui_st UI;
 typedef struct ui_method_st UI_METHOD;
--- a/ssl/ssl_init.c
+++ b/ssl/ssl_init.c
@@ -294,6 +294,7 @@ static void ssl_library_stop(void)
    }
 }
 /*
 * If this function is called with a non NULL settings value then it must be
 * called prior to any threads making calls to any OpenSSL functions,
--- a/util/libeay.num
+++ b/util/libeay.num
@@ -4729,3 +4729,6 @@ OPENSSL_cleanup                         5210	1_1_0	EXIST::FUNCTION:
 OPENSSL_atexit                          5211	1_1_0	EXIST::FUNCTION:
 OPENSSL_init_crypto                     5212	1_1_0	EXIST::FUNCTION:
 OPENSSL_thread_stop                     5213	1_1_0	EXIST::FUNCTION:
 OPENSSL_INIT_new                        5215	1_1_0	EXIST::FUNCTION:
 OPENSSL_INIT_free                       5216	1_1_0	EXIST::FUNCTION:
 OPENSSL_INIT_set_config_filename        5217	1_1_0	EXIST::FUNCTION: