generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

RT3876: Only load config when needed

Browse Source 
Create app_load_config(), a routine to load config file.  Remove the
"always load config" from the main app.  Change the places that used to
load config to call the new common routine.

Reviewed-by: Richard Levitte <levitte@openssl.org>
This commit is contained in:
Rich Salz 2015-05-28 13:52:55 -04:00 committed by Rich Salz
parent f097f81c89
commit cc01d21756
10 changed files with 73 additions and 241 deletions

47
apps/apps.c

@ -496,6 +496,33 @@ static char *app_get_pass(char *arg, int keepbio)
return BUF_strdup(tpass); return BUF_strdup(tpass);
} }
CONF *app_load_config(const char *filename)
{
long errorline = -1;
CONF *conf;
int i;
BIO *in;
in = bio_open_default(filename, "r");
if (in == NULL)
return NULL;
conf = NCONF_new(NULL);
i = NCONF_load_bio(conf, in, &errorline);
BIO_free(in);
if (i > 0)
return conf;
if (errorline <= 0)
BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n",
opt_getprog(), filename);
else
BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n",
opt_getprog(), errorline, filename);
NCONF_free(conf);
return NULL;
}
int add_oid_section(CONF *conf) int add_oid_section(CONF *conf)
{ {
char *p; char *p;
@ -1559,8 +1586,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
TXT_DB *tmpdb = NULL; TXT_DB *tmpdb = NULL;
BIO *in; BIO *in;
CONF *dbattr_conf = NULL; CONF *dbattr_conf = NULL;
char buf[1][BSIZE]; char buf[BSIZE];
long errorline = -1;
in = BIO_new_file(dbfile, "r"); in = BIO_new_file(dbfile, "r");
if (in == NULL) { if (in == NULL) {
@ -1571,22 +1597,11 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err; goto err;
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile); BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
#else #else
BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile); BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
#endif #endif
dbattr_conf = NCONF_new(NULL); dbattr_conf = app_load_config(buf);
if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
if (errorline > 0) {
BIO_printf(bio_err,
"error on line %ld of db attribute file '%s'\n",
errorline, buf[0]);
goto err;
} else {
NCONF_free(dbattr_conf);
dbattr_conf = NULL;
}
}
retdb = app_malloc(sizeof(*retdb), "new DB"); retdb = app_malloc(sizeof(*retdb), "new DB");
retdb->db = tmpdb; retdb->db = tmpdb;

2
apps/apps.h

@ -147,7 +147,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* (see e_os.h). The string is * (see e_os.h). The string is
* destroyed! */ * destroyed! */
extern CONF *config;
extern char *default_config_file; extern char *default_config_file;
extern BIO *bio_in; extern BIO *bio_in;
extern BIO *bio_out; extern BIO *bio_out;
@ -155,6 +154,7 @@ extern BIO *bio_err;
BIO *dup_bio_in(void); BIO *dup_bio_in(void);
BIO *dup_bio_out(void); BIO *dup_bio_out(void);
BIO *bio_open_default(const char *filename, const char *mode); BIO *bio_open_default(const char *filename, const char *mode);
CONF *app_load_config(const char* filename);
void unbuffer(FILE *fp); void unbuffer(FILE *fp);
/* Often used in calls to bio_open_default. */ /* Often used in calls to bio_open_default. */

16
apps/asn1pars.c

@ -334,14 +334,12 @@ static int do_generate(char *genstr, char *genconf, BUF_MEM *buf)
{ {
CONF *cnf = NULL; CONF *cnf = NULL;
int len; int len;
long errline = 0;
unsigned char *p; unsigned char *p;
ASN1_TYPE *atyp = NULL; ASN1_TYPE *atyp = NULL;
if (genconf) { if (genconf) {
cnf = NCONF_new(NULL); if ((cnf = app_load_config(genconf)) == NULL)
if (!NCONF_load(cnf, genconf, &errline)) goto err;
goto conferr;
if (!genstr) if (!genstr)
genstr = NCONF_get_string(cnf, "default", "asn1"); genstr = NCONF_get_string(cnf, "default", "asn1");
if (!genstr) { if (!genstr) {
@ -372,18 +370,8 @@ static int do_generate(char *genstr, char *genconf, BUF_MEM *buf)
ASN1_TYPE_free(atyp); ASN1_TYPE_free(atyp);
return len; return len;
conferr:
if (errline > 0)
BIO_printf(bio_err, "Error on line %ld of config file '%s'\n",
errline, genconf);
else
BIO_printf(bio_err, "Error loading config file '%s'\n", genconf);
err: err:
NCONF_free(cnf); NCONF_free(cnf);
ASN1_TYPE_free(atyp); ASN1_TYPE_free(atyp);
return -1; return -1;
} }

51
apps/ca.c

@ -99,7 +99,6 @@
#define BSIZE 256 #define BSIZE 256
#define BASE_SECTION "ca" #define BASE_SECTION "ca"
#define CONFIG_FILE "openssl.cnf"
#define ENV_DEFAULT_CA "default_ca" #define ENV_DEFAULT_CA "default_ca"
@ -285,7 +284,8 @@ int ca_main(int argc, char **argv)
STACK_OF(X509) *cert_sk = NULL; STACK_OF(X509) *cert_sk = NULL;
X509_CRL *crl = NULL; X509_CRL *crl = NULL;
const EVP_MD *dgst = NULL; const EVP_MD *dgst = NULL;
char *configfile = NULL, *md = NULL, *policy = NULL, *keyfile = NULL; char *configfile = default_config_file;
char *md = NULL, *policy = NULL, *keyfile = NULL;
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL; char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL; char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL; char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
@ -301,7 +301,7 @@ int ca_main(int argc, char **argv)
int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0; int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0; int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
int i, j, rev_type = REV_NONE, selfsign = 0; int i, j, rev_type = REV_NONE, selfsign = 0;
long crldays = 0, crlhours = 0, crlsec = 0, errorline = -1, days = 0; long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0; unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;
X509 *x509 = NULL, *x509p = NULL, *x = NULL; X509 *x509 = NULL, *x509p = NULL, *x = NULL;
X509_REVOKED *r = NULL; X509_REVOKED *r = NULL;
@ -482,40 +482,9 @@ end_of_options:
argc = opt_num_rest(); argc = opt_num_rest();
argv = opt_rest(); argv = opt_rest();
tofree = NULL;
if (configfile == NULL)
configfile = getenv("OPENSSL_CONF");
if (configfile == NULL)
configfile = getenv("SSLEAY_CONF");
if (configfile == NULL) {
const char *s = X509_get_default_cert_area();
size_t len;
len = strlen(s) + 1 + sizeof(CONFIG_FILE);
tofree = app_malloc(len, "config filename");
#ifdef OPENSSL_SYS_VMS
strcpy(tofree, s);
#else
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
#endif
BUF_strlcat(tofree, CONFIG_FILE, len);
configfile = tofree;
}
BIO_printf(bio_err, "Using configuration from %s\n", configfile); BIO_printf(bio_err, "Using configuration from %s\n", configfile);
conf = NCONF_new(NULL); if ((conf = app_load_config(configfile)) == NULL)
if (NCONF_load(conf, configfile, &errorline) <= 0) {
if (errorline <= 0)
BIO_printf(bio_err, "error loading the config file '%s'\n",
configfile);
else
BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
errorline, configfile);
goto end; goto end;
}
OPENSSL_free(tofree);
tofree = NULL;
/* Lets get the config section we are using */ /* Lets get the config section we are using */
if (section == NULL) { if (section == NULL) {
@ -800,18 +769,10 @@ end_of_options:
} }
} }
/*****************************************************************/ /*****************************************************************/
/* Read extensions config file */ /* Read extensions config file */
if (extfile) { if (extfile) {
extconf = NCONF_new(NULL); if ((extconf = app_load_config(extfile)) == NULL) {
if (NCONF_load(extconf, extfile, &errorline) <= 0) {
if (errorline <= 0)
BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
extfile);
else
BIO_printf(bio_err,
"ERROR: on line %ld of config file '%s'\n",
errorline, extfile);
ret = 1; ret = 1;
goto end; goto end;
} }

70
apps/openssl.c

@ -172,6 +172,7 @@ static void apps_startup()
ERR_load_SSL_strings(); ERR_load_SSL_strings();
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
OpenSSL_add_ssl_algorithms(); OpenSSL_add_ssl_algorithms();
OPENSSL_load_builtin_modules();
setup_ui_method(); setup_ui_method();
/*SSL_library_init();*/ /*SSL_library_init();*/
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
@ -199,43 +200,26 @@ static void apps_shutdown()
static char *make_config_name() static char *make_config_name()
{ {
const char *t = X509_get_default_cert_area(); const char *t;
size_t len; size_t len;
char *p; char *p;
len = strlen(t) + strlen(OPENSSL_CONF) + 2; if ((t = getenv("OPENSSL_CONF")) != NULL
|| (t = getenv("SSLEAY_CONF")) != NULL)
return BUF_strdup(t);
t = X509_get_default_cert_area();
len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1;
p = app_malloc(len, "config filename buffer"); p = app_malloc(len, "config filename buffer");
BUF_strlcpy(p, t, len); strcpy(p, t);
#ifndef OPENSSL_SYS_VMS #ifndef OPENSSL_SYS_VMS
BUF_strlcat(p, "/", len); strcat(p, "/");
#endif #endif
BUF_strlcat(p, OPENSSL_CONF, len); strcat(p, OPENSSL_CONF);
return p; return p;
} }
static int load_config(CONF *cnf)
{
static int load_config_called = 0;
if (load_config_called)
return 1;
load_config_called = 1;
if (!cnf)
cnf = config;
if (!cnf)
return 1;
OPENSSL_load_builtin_modules();
if (CONF_modules_load(cnf, NULL, 0) <= 0) {
BIO_printf(bio_err, "Error configuring OpenSSL\n");
ERR_print_errors(bio_err);
return 0;
}
return 1;
}
static void lock_dbg_cb(int mode, int type, const char *file, int line) static void lock_dbg_cb(int mode, int type, const char *file, int line)
{ {
static int modes[CRYPTO_NUM_LOCKS]; static int modes[CRYPTO_NUM_LOCKS];
@ -338,12 +322,11 @@ int main(int argc, char *argv[])
FUNCTION f, *fp; FUNCTION f, *fp;
LHASH_OF(FUNCTION) *prog = NULL; LHASH_OF(FUNCTION) *prog = NULL;
char **copied_argv = NULL; char **copied_argv = NULL;
char *p, *pname, *to_free = NULL; char *p, *pname;
char buf[1024]; char buf[1024];
const char *prompt; const char *prompt;
ARGS arg; ARGS arg;
int first, n, i, ret = 0; int first, n, i, ret = 0;
long errline;
arg.argv = NULL; arg.argv = NULL;
arg.size = 0; arg.size = 0;
@ -394,36 +377,11 @@ int main(int argc, char *argv[])
pname = opt_progname(argv[0]); pname = opt_progname(argv[0]);
/* Lets load up our environment a little */ /* Lets load up our environment a little */
default_config_file = make_config_name();
bio_in = dup_bio_in(); bio_in = dup_bio_in();
bio_out = dup_bio_out(); bio_out = dup_bio_out();
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT); bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
/* Determine and load the config file. */
default_config_file = getenv("OPENSSL_CONF");
if (default_config_file == NULL)
default_config_file = getenv("SSLEAY_CONF");
if (default_config_file == NULL)
default_config_file = to_free = make_config_name();
if (!load_config(NULL))
goto end;
config = NCONF_new(NULL);
i = NCONF_load(config, default_config_file, &errline);
if (i == 0) {
if (ERR_GET_REASON(ERR_peek_last_error())
== CONF_R_NO_SUCH_FILE) {
BIO_printf(bio_err,
"%s: WARNING: can't open config file: %s\n",
pname, default_config_file);
ERR_clear_error();
NCONF_free(config);
config = NULL;
} else {
ERR_print_errors(bio_err);
NCONF_free(config);
exit(1);
}
}
/* first check the program name */ /* first check the program name */
f.name = pname; f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f); fp = lh_FUNCTION_retrieve(prog, &f);
@ -510,7 +468,7 @@ int main(int argc, char *argv[])
ret = 1; ret = 1;
end: end:
OPENSSL_free(copied_argv); OPENSSL_free(copied_argv);
OPENSSL_free(to_free); OPENSSL_free(default_config_file);
NCONF_free(config); NCONF_free(config);
config = NULL; config = NULL;
lh_FUNCTION_free(prog); lh_FUNCTION_free(prog);

33
apps/req.c

@ -200,7 +200,7 @@ int req_main(int argc, char **argv)
char *outfile = NULL, *keyfile = NULL, *inrand = NULL; char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL; char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL; char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL;
char *template = NULL, *keyout = NULL; char *template = default_config_file, *keyout = NULL;
const char *keyalg = NULL; const char *keyalg = NULL;
OPTION_CHOICE o; OPTION_CHOICE o;
int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose = int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose =
@ -377,31 +377,9 @@ int req_main(int argc, char **argv)
goto end; goto end;
} }
if (template != NULL) { if (verbose)
long errline = -1; BIO_printf(bio_err, "Using configuration from %s\n", template);
req_conf = app_load_config(template);
if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", template);
req_conf = NCONF_new(NULL);
i = NCONF_load(req_conf, template, &errline);
if (i == 0) {
BIO_printf(bio_err, "error on line %ld of %s\n", errline,
template);
goto end;
}
} else {
req_conf = config;
if (req_conf == NULL) {
BIO_printf(bio_err, "Unable to load config info from %s\n",
default_config_file);
if (newreq)
goto end;
} else if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n",
default_config_file);
}
if (req_conf != NULL) { if (req_conf != NULL) {
p = NCONF_get_string(req_conf, NULL, "oid_file"); p = NCONF_get_string(req_conf, NULL, "oid_file");
if (p == NULL) if (p == NULL)
@ -873,8 +851,7 @@ int req_main(int argc, char **argv)
if (ret) { if (ret) {
ERR_print_errors(bio_err); ERR_print_errors(bio_err);
} }
if (req_conf != config) NCONF_free(req_conf);
NCONF_free(req_conf);
BIO_free(in); BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);

14
apps/spkac.c

@ -95,7 +95,7 @@ OPTIONS spkac_options[] = {
int spkac_main(int argc, char **argv) int spkac_main(int argc, char **argv)
{ {
BIO *in = NULL, *out = NULL; BIO *out = NULL;
CONF *conf = NULL; CONF *conf = NULL;
ENGINE *e = NULL; ENGINE *e = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
@ -184,18 +184,9 @@ int spkac_main(int argc, char **argv)
goto end; goto end;
} }
in = bio_open_default(infile, "r"); if ((conf = app_load_config(infile)) == NULL)
if (in == NULL)
goto end; goto end;
conf = NCONF_new(NULL);
i = NCONF_load_bio(conf, in, NULL);
if (!i) {
BIO_printf(bio_err, "Error parsing config file\n");
ERR_print_errors(bio_err);
goto end;
}
spkstr = NCONF_get_string(conf, spksect, spkac); spkstr = NCONF_get_string(conf, spksect, spkac);
if (!spkstr) { if (!spkstr) {
@ -237,7 +228,6 @@ int spkac_main(int argc, char **argv)
end: end:
NCONF_free(conf); NCONF_free(conf);
NETSCAPE_SPKI_free(spki); NETSCAPE_SPKI_free(spki);
BIO_free(in);
BIO_free_all(out); BIO_free_all(out);
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
OPENSSL_free(passin); OPENSSL_free(passin);

47
apps/srp.c

@ -255,14 +255,13 @@ int srp_main(int argc, char **argv)
CA_DB *db = NULL; CA_DB *db = NULL;
DB_ATTR db_attr; DB_ATTR db_attr;
CONF *conf = NULL; CONF *conf = NULL;
int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
0, i, doupdatedb = 0; int doupdatedb = 0, mode = OPT_ERR;
int mode = OPT_ERR;
char *user = NULL, *passinarg = NULL, *passoutarg = NULL; char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL; char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
char *randfile = NULL, *tofree = NULL, *section = NULL; char *randfile = NULL, *tofree = NULL, *section = NULL;
char **gNrow = NULL, *configfile = NULL, *dbfile = NULL, **pp, *prog; char **gNrow = NULL, *configfile = default_config_file;
long errorline = -1; char *dbfile = NULL, **pp, *prog;
OPTION_CHOICE o; OPTION_CHOICE o;
prog = opt_init(argc, argv, srp_options); prog = opt_init(argc, argv, srp_options);
@ -349,42 +348,12 @@ int srp_main(int argc, char **argv)
} }
if (!dbfile) { if (!dbfile) {
/*****************************************************************/
tofree = NULL;
if (configfile == NULL)
configfile = getenv("OPENSSL_CONF");
if (configfile == NULL)
configfile = getenv("SSLEAY_CONF");
if (configfile == NULL) {
const char *s = X509_get_default_cert_area();
size_t len = strlen(s) + 1 + sizeof(CONFIG_FILE);
tofree = app_malloc(len, "config filename space");
# ifdef OPENSSL_SYS_VMS
strcpy(tofree, s);
# else
BUF_strlcpy(tofree, s, len);
BUF_strlcat(tofree, "/", len);
# endif
BUF_strlcat(tofree, CONFIG_FILE, len);
configfile = tofree;
}
if (verbose) if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", configfile); BIO_printf(bio_err, "Using configuration from %s\n",
conf = NCONF_new(NULL); configfile);
if (NCONF_load(conf, configfile, &errorline) <= 0) { conf = app_load_config(configfile);
if (errorline <= 0) if (conf == NULL)
BIO_printf(bio_err, "error loading the config file '%s'\n",
configfile);
else
BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
errorline, configfile);
goto end; goto end;
}
OPENSSL_free(tofree);
tofree = NULL;
/* Lets get the config section we are using */ /* Lets get the config section we are using */
if (section == NULL) { if (section == NULL) {

22
apps/ts.c

@ -188,7 +188,8 @@ int ts_main(int argc, char **argv)
{ {
CONF *conf = NULL; CONF *conf = NULL;
char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp; char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp;
char *configfile = NULL, *section = NULL, *password = NULL; char *configfile = default_config_file;
char *section = NULL, *password = NULL;
char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL; char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL;
char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL; char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL; char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
@ -389,24 +390,7 @@ static ASN1_OBJECT *txt2obj(const char *oid)
static CONF *load_config_file(const char *configfile) static CONF *load_config_file(const char *configfile)
{ {
CONF *conf = NULL; CONF *conf = app_load_config(configfile);
long errorline = -1;
if (!configfile)
configfile = getenv("OPENSSL_CONF");
if (!configfile)
configfile = getenv("SSLEAY_CONF");
if (configfile &&
((conf = NCONF_new(NULL)) == NULL
|| NCONF_load(conf, configfile, &errorline) <= 0)) {
if (errorline <= 0)
BIO_printf(bio_err, "error loading the config file "
"'%s'\n", configfile);
else
BIO_printf(bio_err, "error on line %ld of config file "
"'%s'\n", errorline, configfile);
}
if (conf != NULL) { if (conf != NULL) {
const char *p; const char *p;

12
apps/x509.c

@ -521,19 +521,9 @@ int x509_main(int argc, char **argv)
} }
if (extfile) { if (extfile) {
long errorline = -1;
X509V3_CTX ctx2; X509V3_CTX ctx2;
extconf = NCONF_new(NULL); if ((extconf = app_load_config(extfile)) == NULL)
if (!NCONF_load(extconf, extfile, &errorline)) {
if (errorline <= 0)
BIO_printf(bio_err,
"error loading the config file '%s'\n", extfile);
else
BIO_printf(bio_err,
"error on line %ld of config file '%s'\n",
errorline, extfile);
goto end; goto end;
}
if (!extsect) { if (!extsect) {
extsect = NCONF_get_string(extconf, "default", "extensions"); extsect = NCONF_get_string(extconf, "default", "extensions");
if (!extsect) { if (!extsect) {