From e84be9b495f1672eac43642687bfa05491d53cff Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 23 Feb 2002 01:00:44 +0000 Subject: [PATCH] New OPENSSL_LOAD_CONF define to load openssl.cnf when OpenSSL_add_all_algorithms() is called. --- CHANGES | 9 ++++ crypto/conf/Makefile.ssl | 6 ++- crypto/conf/conf_mall.c | 41 +-------------- crypto/conf/conf_sap.c | 107 +++++++++++++++++++++++++++++++++++++++ crypto/evp/Makefile.ssl | 4 +- crypto/evp/c_all.c | 11 +++- crypto/evp/evp.h | 12 ++++- crypto/evp/evp_acnf.c | 74 +++++++++++++++++++++++++++ 8 files changed, 218 insertions(+), 46 deletions(-) create mode 100644 crypto/conf/conf_sap.c create mode 100644 crypto/evp/evp_acnf.c diff --git a/CHANGES b/CHANGES index 91b01bc91..8f7374e26 100644 --- a/CHANGES +++ b/CHANGES @@ -43,6 +43,15 @@ *) applies to 0.9.6a ... 0.9.6d and 0.9.7 +) applies to 0.9.7 only + +) Add and OPENSSL_LOAD_CONF define which will cause + OpenSSL_add_all_algorithms() to load the openssl.cnf config file. + This allows older applications to transparently support certain + OpenSSL features: such as crypto acceleration and dynamic ENGINE loading. + Two new functions OPENSSL_add_all_algorithms_noconf() which will never + load the config file and OPENSSL_add_all_algorithms_conf() which will + always load it have also been added. + [Steve Henson] + +) Config modules support in openssl utility. Most commands now load modules from the config file, diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index 81cbbc0b5..a660c562f 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -23,9 +23,11 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c conf_mall.c +LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c \ + conf_mall.c conf_sap.c -LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o conf_mall.o +LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o \ + conf_mall.o conf_sap.o SRC= $(LIBSRC) diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c index c1bab7df3..d702af689 100644 --- a/crypto/conf/conf_mall.c +++ b/crypto/conf/conf_mall.c @@ -65,6 +65,8 @@ #include #include +/* Load all OpenSSL builtin modules */ + void OPENSSL_load_builtin_modules(void) { /* Add builtin modules here */ @@ -72,42 +74,3 @@ void OPENSSL_load_builtin_modules(void) ENGINE_add_conf_module(); } -#if 0 /* not yet */ -/* This is the automatic configuration loader: it is called automatically by - * OpenSSL when any of a number of standard initialisation functions are called, - * unless this is overridden by calling OPENSSL_no_config() - */ -#endif - -static int openssl_configured = 0; - -void OPENSSL_config(const char *config_name) - { - if (openssl_configured) - return; - - OPENSSL_load_builtin_modules(); - - ERR_clear_error(); - if (CONF_modules_load_file(NULL, NULL, - CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) - { - BIO *bio_err; - ERR_load_crypto_strings(); - if ((bio_err=BIO_new(BIO_s_file())) != NULL) - { - BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); - BIO_printf(bio_err,"Auto configuration failed\n"); - ERR_print_errors(bio_err); - BIO_free(bio_err); - } - exit(1); - } - - return; - } - -void OPENSSL_no_config() - { - openssl_configured = 1; - } diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c new file mode 100644 index 000000000..97fb17430 --- /dev/null +++ b/crypto/conf/conf_sap.c @@ -0,0 +1,107 @@ +/* conf_sap.c */ +/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include "cryptlib.h" +#include +#include +#include +#include +#include + +/* This is the automatic configuration loader: it is called automatically by + * OpenSSL when any of a number of standard initialisation functions are called, + * unless this is overridden by calling OPENSSL_no_config() + */ + +static int openssl_configured = 0; + +void OPENSSL_config(const char *config_name) + { + if (openssl_configured) + return; + + OPENSSL_load_builtin_modules(); + /* Need to load ENGINEs */ + ENGINE_load_builtin_engines(); + /* Add others here? */ + + + ERR_clear_error(); + if (CONF_modules_load_file(NULL, NULL, + CONF_MFLAGS_IGNORE_MISSING_FILE) <= 0) + { + BIO *bio_err; + ERR_load_crypto_strings(); + if ((bio_err=BIO_new_fp(stderr, BIO_NOCLOSE)) != NULL) + { + BIO_printf(bio_err,"Auto configuration failed\n"); + ERR_print_errors(bio_err); + BIO_free(bio_err); + } + exit(1); + } + + return; + } + +void OPENSSL_no_config() + { + openssl_configured = 1; + } diff --git a/crypto/evp/Makefile.ssl b/crypto/evp/Makefile.ssl index e5ee36d3e..eb6251681 100644 --- a/crypto/evp/Makefile.ssl +++ b/crypto/evp/Makefile.ssl @@ -24,7 +24,7 @@ TESTDATA=evptests.txt APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= encode.c digest.c evp_enc.c evp_key.c \ +LIBSRC= encode.c digest.c evp_enc.c evp_key.c evp_acnf.c \ e_des.c e_bf.c e_idea.c e_des3.c \ e_rc4.c e_aes.c names.c \ e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \ @@ -35,7 +35,7 @@ LIBSRC= encode.c digest.c evp_enc.c evp_key.c \ c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \ evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c -LIBOBJ= encode.o digest.o evp_enc.o evp_key.o \ +LIBOBJ= encode.o digest.o evp_enc.o evp_key.o evp_acnf.o \ e_des.o e_bf.o e_idea.o e_des3.o \ e_rc4.o e_aes.o names.o \ e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \ diff --git a/crypto/evp/c_all.c b/crypto/evp/c_all.c index 1e185830a..5ffd352ea 100644 --- a/crypto/evp/c_all.c +++ b/crypto/evp/c_all.c @@ -60,8 +60,15 @@ #include "cryptlib.h" #include +#undef OpenSSL_add_all_algorithms + void OpenSSL_add_all_algorithms(void) -{ + { + OPENSSL_add_all_algorithms_noconf(); + } + +void OPENSSL_add_all_algorithms_noconf(void) + { OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); -} + } diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index cc521feb6..8d99c29f5 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -664,7 +664,17 @@ const EVP_CIPHER *EVP_aes_256_ecb(void); const EVP_CIPHER *EVP_aes_256_cbc(void); #endif -void OpenSSL_add_all_algorithms(void); +void OPENSSL_add_all_algorithms_noconf(void); +void OPENSSL_add_all_algorithms_conf(void); + +#ifdef OPENSSL_LOAD_CONF +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_conf() +#else +#define OpenSSL_add_all_algorithms() \ + OPENSSL_add_all_algorithms_noconf() +#endif + void OpenSSL_add_all_ciphers(void); void OpenSSL_add_all_digests(void); #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() diff --git a/crypto/evp/evp_acnf.c b/crypto/evp/evp_acnf.c new file mode 100644 index 000000000..a68b979bd --- /dev/null +++ b/crypto/evp/evp_acnf.c @@ -0,0 +1,74 @@ +/* evp_acnf.c */ +/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include "cryptlib.h" +#include +#include +#include + + +/* Load all algorithms and configure OpenSSL. + * This function is called automatically when + * OPENSSL_LOAD_CONF is set. + */ + +void OPENSSL_add_all_algorithms_conf(void) + { + OPENSSL_add_all_algorithms_noconf(); + OPENSSL_config(NULL); + }