[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu May 28 21:28:41 UTC 2015
The branch master has been updated
via cc01d21756cc9c79231ef21039782c5fe42008a2 (commit)
from f097f81c891bb1f479426d8ac9c9541390334983 (commit)
- Log -----------------------------------------------------------------
commit cc01d21756cc9c79231ef21039782c5fe42008a2
Author: Rich Salz <rsalz at akamai.com>
Date: Thu May 28 13:52:55 2015 -0400
RT3876: Only load config when needed
Create app_load_config(), a routine to load config file. Remove the
"always load config" from the main app. Change the places that used to
load config to call the new common routine.
Reviewed-by: Richard Levitte <levitte at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
apps/apps.c | 47 +++++++++++++++++++++++++-------------
apps/apps.h | 2 +-
apps/asn1pars.c | 16 ++-----------
apps/ca.c | 51 +++++------------------------------------
apps/openssl.c | 70 ++++++++++++---------------------------------------------
apps/req.c | 33 +++++----------------------
apps/spkac.c | 14 ++----------
apps/srp.c | 47 +++++++-------------------------------
apps/ts.c | 22 +++---------------
apps/x509.c | 12 +---------
10 files changed, 73 insertions(+), 241 deletions(-)
diff --git a/apps/apps.c b/apps/apps.c
index 593c036..74646af 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -496,6 +496,33 @@ static char *app_get_pass(char *arg, int keepbio)
return BUF_strdup(tpass);
}
+CONF *app_load_config(const char *filename)
+{
+ long errorline = -1;
+ CONF *conf;
+ int i;
+ BIO *in;
+
+ in = bio_open_default(filename, "r");
+ if (in == NULL)
+ return NULL;
+
+ conf = NCONF_new(NULL);
+ i = NCONF_load_bio(conf, in, &errorline);
+ BIO_free(in);
+ if (i > 0)
+ return conf;
+
+ if (errorline <= 0)
+ BIO_printf(bio_err, "%s: Can't load config file \"%s\"\n",
+ opt_getprog(), filename);
+ else
+ BIO_printf(bio_err, "%s: Error on line %ld of config file \"%s\"\n",
+ opt_getprog(), errorline, filename);
+ NCONF_free(conf);
+ return NULL;
+}
+
int add_oid_section(CONF *conf)
{
char *p;
@@ -1559,8 +1586,7 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
TXT_DB *tmpdb = NULL;
BIO *in;
CONF *dbattr_conf = NULL;
- char buf[1][BSIZE];
- long errorline = -1;
+ char buf[BSIZE];
in = BIO_new_file(dbfile, "r");
if (in == NULL) {
@@ -1571,22 +1597,11 @@ CA_DB *load_index(char *dbfile, DB_ATTR *db_attr)
goto err;
#ifndef OPENSSL_SYS_VMS
- BIO_snprintf(buf[0], sizeof buf[0], "%s.attr", dbfile);
+ BIO_snprintf(buf, sizeof buf, "%s.attr", dbfile);
#else
- BIO_snprintf(buf[0], sizeof buf[0], "%s-attr", dbfile);
+ BIO_snprintf(buf, sizeof buf, "%s-attr", dbfile);
#endif
- dbattr_conf = NCONF_new(NULL);
- if (NCONF_load(dbattr_conf, buf[0], &errorline) <= 0) {
- if (errorline > 0) {
- BIO_printf(bio_err,
- "error on line %ld of db attribute file '%s'\n",
- errorline, buf[0]);
- goto err;
- } else {
- NCONF_free(dbattr_conf);
- dbattr_conf = NULL;
- }
- }
+ dbattr_conf = app_load_config(buf);
retdb = app_malloc(sizeof(*retdb), "new DB");
retdb->db = tmpdb;
diff --git a/apps/apps.h b/apps/apps.h
index 33b2e65..a8e0071 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -147,7 +147,6 @@ long app_RAND_load_files(char *file); /* `file' is a list of files to read,
* (see e_os.h). The string is
* destroyed! */
-extern CONF *config;
extern char *default_config_file;
extern BIO *bio_in;
extern BIO *bio_out;
@@ -155,6 +154,7 @@ extern BIO *bio_err;
BIO *dup_bio_in(void);
BIO *dup_bio_out(void);
BIO *bio_open_default(const char *filename, const char *mode);
+CONF *app_load_config(const char* filename);
void unbuffer(FILE *fp);
/* Often used in calls to bio_open_default. */
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 42338da..d188f4a 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -334,14 +334,12 @@ static int do_generate(char *genstr, char *genconf, BUF_MEM *buf)
{
CONF *cnf = NULL;
int len;
- long errline = 0;
unsigned char *p;
ASN1_TYPE *atyp = NULL;
if (genconf) {
- cnf = NCONF_new(NULL);
- if (!NCONF_load(cnf, genconf, &errline))
- goto conferr;
+ if ((cnf = app_load_config(genconf)) == NULL)
+ goto err;
if (!genstr)
genstr = NCONF_get_string(cnf, "default", "asn1");
if (!genstr) {
@@ -372,18 +370,8 @@ static int do_generate(char *genstr, char *genconf, BUF_MEM *buf)
ASN1_TYPE_free(atyp);
return len;
- conferr:
-
- if (errline > 0)
- BIO_printf(bio_err, "Error on line %ld of config file '%s'\n",
- errline, genconf);
- else
- BIO_printf(bio_err, "Error loading config file '%s'\n", genconf);
-
err:
NCONF_free(cnf);
ASN1_TYPE_free(atyp);
-
return -1;
-
}
diff --git a/apps/ca.c b/apps/ca.c
index 58f1243..437a375 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -99,7 +99,6 @@
#define BSIZE 256
#define BASE_SECTION "ca"
-#define CONFIG_FILE "openssl.cnf"
#define ENV_DEFAULT_CA "default_ca"
@@ -285,7 +284,8 @@ int ca_main(int argc, char **argv)
STACK_OF(X509) *cert_sk = NULL;
X509_CRL *crl = NULL;
const EVP_MD *dgst = NULL;
- char *configfile = NULL, *md = NULL, *policy = NULL, *keyfile = NULL;
+ char *configfile = default_config_file;
+ char *md = NULL, *policy = NULL, *keyfile = NULL;
char *certfile = NULL, *crl_ext = NULL, *crlnumberfile = NULL;
char *infile = NULL, *spkac_file = NULL, *ss_cert_file = NULL;
char *extensions = NULL, *extfile = NULL, *key = NULL, *passinarg = NULL;
@@ -301,7 +301,7 @@ int ca_main(int argc, char **argv)
int keyformat = FORMAT_PEM, multirdn = 0, notext = 0, output_der = 0;
int ret = 1, email_dn = 1, req = 0, verbose = 0, gencrl = 0, dorevoke = 0;
int i, j, rev_type = REV_NONE, selfsign = 0;
- long crldays = 0, crlhours = 0, crlsec = 0, errorline = -1, days = 0;
+ long crldays = 0, crlhours = 0, crlsec = 0, days = 0;
unsigned long chtype = MBSTRING_ASC, nameopt = 0, certopt = 0;
X509 *x509 = NULL, *x509p = NULL, *x = NULL;
X509_REVOKED *r = NULL;
@@ -482,40 +482,9 @@ end_of_options:
argc = opt_num_rest();
argv = opt_rest();
- tofree = NULL;
- if (configfile == NULL)
- configfile = getenv("OPENSSL_CONF");
- if (configfile == NULL)
- configfile = getenv("SSLEAY_CONF");
- if (configfile == NULL) {
- const char *s = X509_get_default_cert_area();
- size_t len;
-
- len = strlen(s) + 1 + sizeof(CONFIG_FILE);
- tofree = app_malloc(len, "config filename");
-#ifdef OPENSSL_SYS_VMS
- strcpy(tofree, s);
-#else
- BUF_strlcpy(tofree, s, len);
- BUF_strlcat(tofree, "/", len);
-#endif
- BUF_strlcat(tofree, CONFIG_FILE, len);
- configfile = tofree;
- }
-
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
- conf = NCONF_new(NULL);
- if (NCONF_load(conf, configfile, &errorline) <= 0) {
- if (errorline <= 0)
- BIO_printf(bio_err, "error loading the config file '%s'\n",
- configfile);
- else
- BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
- errorline, configfile);
+ if ((conf = app_load_config(configfile)) == NULL)
goto end;
- }
- OPENSSL_free(tofree);
- tofree = NULL;
/* Lets get the config section we are using */
if (section == NULL) {
@@ -800,18 +769,10 @@ end_of_options:
}
}
- /*****************************************************************/
+ /*****************************************************************/
/* Read extensions config file */
if (extfile) {
- extconf = NCONF_new(NULL);
- if (NCONF_load(extconf, extfile, &errorline) <= 0) {
- if (errorline <= 0)
- BIO_printf(bio_err, "ERROR: loading the config file '%s'\n",
- extfile);
- else
- BIO_printf(bio_err,
- "ERROR: on line %ld of config file '%s'\n",
- errorline, extfile);
+ if ((extconf = app_load_config(extfile)) == NULL) {
ret = 1;
goto end;
}
diff --git a/apps/openssl.c b/apps/openssl.c
index fa3b683..7713f9f 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -172,6 +172,7 @@ static void apps_startup()
ERR_load_SSL_strings();
OpenSSL_add_all_algorithms();
OpenSSL_add_ssl_algorithms();
+ OPENSSL_load_builtin_modules();
setup_ui_method();
/*SSL_library_init();*/
#ifndef OPENSSL_NO_ENGINE
@@ -199,43 +200,26 @@ static void apps_shutdown()
static char *make_config_name()
{
- const char *t = X509_get_default_cert_area();
+ const char *t;
size_t len;
char *p;
- len = strlen(t) + strlen(OPENSSL_CONF) + 2;
+ if ((t = getenv("OPENSSL_CONF")) != NULL
+ || (t = getenv("SSLEAY_CONF")) != NULL)
+ return BUF_strdup(t);
+
+ t = X509_get_default_cert_area();
+ len = strlen(t) + 1 + strlen(OPENSSL_CONF) + 1;
p = app_malloc(len, "config filename buffer");
- BUF_strlcpy(p, t, len);
+ strcpy(p, t);
#ifndef OPENSSL_SYS_VMS
- BUF_strlcat(p, "/", len);
+ strcat(p, "/");
#endif
- BUF_strlcat(p, OPENSSL_CONF, len);
+ strcat(p, OPENSSL_CONF);
return p;
}
-static int load_config(CONF *cnf)
-{
- static int load_config_called = 0;
-
- if (load_config_called)
- return 1;
- load_config_called = 1;
- if (!cnf)
- cnf = config;
- if (!cnf)
- return 1;
-
- OPENSSL_load_builtin_modules();
-
- if (CONF_modules_load(cnf, NULL, 0) <= 0) {
- BIO_printf(bio_err, "Error configuring OpenSSL\n");
- ERR_print_errors(bio_err);
- return 0;
- }
- return 1;
-}
-
static void lock_dbg_cb(int mode, int type, const char *file, int line)
{
static int modes[CRYPTO_NUM_LOCKS];
@@ -338,12 +322,11 @@ int main(int argc, char *argv[])
FUNCTION f, *fp;
LHASH_OF(FUNCTION) *prog = NULL;
char **copied_argv = NULL;
- char *p, *pname, *to_free = NULL;
+ char *p, *pname;
char buf[1024];
const char *prompt;
ARGS arg;
int first, n, i, ret = 0;
- long errline;
arg.argv = NULL;
arg.size = 0;
@@ -394,36 +377,11 @@ int main(int argc, char *argv[])
pname = opt_progname(argv[0]);
/* Lets load up our environment a little */
+ default_config_file = make_config_name();
bio_in = dup_bio_in();
bio_out = dup_bio_out();
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
- /* Determine and load the config file. */
- default_config_file = getenv("OPENSSL_CONF");
- if (default_config_file == NULL)
- default_config_file = getenv("SSLEAY_CONF");
- if (default_config_file == NULL)
- default_config_file = to_free = make_config_name();
- if (!load_config(NULL))
- goto end;
- config = NCONF_new(NULL);
- i = NCONF_load(config, default_config_file, &errline);
- if (i == 0) {
- if (ERR_GET_REASON(ERR_peek_last_error())
- == CONF_R_NO_SUCH_FILE) {
- BIO_printf(bio_err,
- "%s: WARNING: can't open config file: %s\n",
- pname, default_config_file);
- ERR_clear_error();
- NCONF_free(config);
- config = NULL;
- } else {
- ERR_print_errors(bio_err);
- NCONF_free(config);
- exit(1);
- }
- }
-
/* first check the program name */
f.name = pname;
fp = lh_FUNCTION_retrieve(prog, &f);
@@ -510,7 +468,7 @@ int main(int argc, char *argv[])
ret = 1;
end:
OPENSSL_free(copied_argv);
- OPENSSL_free(to_free);
+ OPENSSL_free(default_config_file);
NCONF_free(config);
config = NULL;
lh_FUNCTION_free(prog);
diff --git a/apps/req.c b/apps/req.c
index 5514ee3..a0e0cc9 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -200,7 +200,7 @@ int req_main(int argc, char **argv)
char *outfile = NULL, *keyfile = NULL, *inrand = NULL;
char *keyalgstr = NULL, *p, *prog, *passargin = NULL, *passargout = NULL;
char *passin = NULL, *passout = NULL, *req_exts = NULL, *subj = NULL;
- char *template = NULL, *keyout = NULL;
+ char *template = default_config_file, *keyout = NULL;
const char *keyalg = NULL;
OPTION_CHOICE o;
int ret = 1, x509 = 0, days = 30, i = 0, newreq = 0, verbose =
@@ -377,31 +377,9 @@ int req_main(int argc, char **argv)
goto end;
}
- if (template != NULL) {
- long errline = -1;
-
- if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n", template);
- req_conf = NCONF_new(NULL);
- i = NCONF_load(req_conf, template, &errline);
- if (i == 0) {
- BIO_printf(bio_err, "error on line %ld of %s\n", errline,
- template);
- goto end;
- }
- } else {
- req_conf = config;
-
- if (req_conf == NULL) {
- BIO_printf(bio_err, "Unable to load config info from %s\n",
- default_config_file);
- if (newreq)
- goto end;
- } else if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n",
- default_config_file);
- }
-
+ if (verbose)
+ BIO_printf(bio_err, "Using configuration from %s\n", template);
+ req_conf = app_load_config(template);
if (req_conf != NULL) {
p = NCONF_get_string(req_conf, NULL, "oid_file");
if (p == NULL)
@@ -873,8 +851,7 @@ int req_main(int argc, char **argv)
if (ret) {
ERR_print_errors(bio_err);
}
- if (req_conf != config)
- NCONF_free(req_conf);
+ NCONF_free(req_conf);
BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
diff --git a/apps/spkac.c b/apps/spkac.c
index abae0e1..bd99f0e 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -95,7 +95,7 @@ OPTIONS spkac_options[] = {
int spkac_main(int argc, char **argv)
{
- BIO *in = NULL, *out = NULL;
+ BIO *out = NULL;
CONF *conf = NULL;
ENGINE *e = NULL;
EVP_PKEY *pkey = NULL;
@@ -184,18 +184,9 @@ int spkac_main(int argc, char **argv)
goto end;
}
- in = bio_open_default(infile, "r");
- if (in == NULL)
+ if ((conf = app_load_config(infile)) == NULL)
goto end;
- conf = NCONF_new(NULL);
- i = NCONF_load_bio(conf, in, NULL);
- if (!i) {
- BIO_printf(bio_err, "Error parsing config file\n");
- ERR_print_errors(bio_err);
- goto end;
- }
-
spkstr = NCONF_get_string(conf, spksect, spkac);
if (!spkstr) {
@@ -237,7 +228,6 @@ int spkac_main(int argc, char **argv)
end:
NCONF_free(conf);
NETSCAPE_SPKI_free(spki);
- BIO_free(in);
BIO_free_all(out);
EVP_PKEY_free(pkey);
OPENSSL_free(passin);
diff --git a/apps/srp.c b/apps/srp.c
index 161f2b8..b91d7d0 100644
--- a/apps/srp.c
+++ b/apps/srp.c
@@ -255,14 +255,13 @@ int srp_main(int argc, char **argv)
CA_DB *db = NULL;
DB_ATTR db_attr;
CONF *conf = NULL;
- int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose =
- 0, i, doupdatedb = 0;
- int mode = OPT_ERR;
+ int gNindex = -1, maxgN = -1, ret = 1, errors = 0, verbose = 0, i;
+ int doupdatedb = 0, mode = OPT_ERR;
char *user = NULL, *passinarg = NULL, *passoutarg = NULL;
char *passin = NULL, *passout = NULL, *gN = NULL, *userinfo = NULL;
char *randfile = NULL, *tofree = NULL, *section = NULL;
- char **gNrow = NULL, *configfile = NULL, *dbfile = NULL, **pp, *prog;
- long errorline = -1;
+ char **gNrow = NULL, *configfile = default_config_file;
+ char *dbfile = NULL, **pp, *prog;
OPTION_CHOICE o;
prog = opt_init(argc, argv, srp_options);
@@ -349,42 +348,12 @@ int srp_main(int argc, char **argv)
}
if (!dbfile) {
-
- /*****************************************************************/
- tofree = NULL;
- if (configfile == NULL)
- configfile = getenv("OPENSSL_CONF");
- if (configfile == NULL)
- configfile = getenv("SSLEAY_CONF");
- if (configfile == NULL) {
- const char *s = X509_get_default_cert_area();
- size_t len = strlen(s) + 1 + sizeof(CONFIG_FILE);
-
- tofree = app_malloc(len, "config filename space");
-# ifdef OPENSSL_SYS_VMS
- strcpy(tofree, s);
-# else
- BUF_strlcpy(tofree, s, len);
- BUF_strlcat(tofree, "/", len);
-# endif
- BUF_strlcat(tofree, CONFIG_FILE, len);
- configfile = tofree;
- }
-
if (verbose)
- BIO_printf(bio_err, "Using configuration from %s\n", configfile);
- conf = NCONF_new(NULL);
- if (NCONF_load(conf, configfile, &errorline) <= 0) {
- if (errorline <= 0)
- BIO_printf(bio_err, "error loading the config file '%s'\n",
- configfile);
- else
- BIO_printf(bio_err, "error on line %ld of config file '%s'\n",
- errorline, configfile);
+ BIO_printf(bio_err, "Using configuration from %s\n",
+ configfile);
+ conf = app_load_config(configfile);
+ if (conf == NULL)
goto end;
- }
- OPENSSL_free(tofree);
- tofree = NULL;
/* Lets get the config section we are using */
if (section == NULL) {
diff --git a/apps/ts.c b/apps/ts.c
index 5c42ff5..be2482c 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -188,7 +188,8 @@ int ts_main(int argc, char **argv)
{
CONF *conf = NULL;
char *CAfile = NULL, *untrusted = NULL, *engine = NULL, *prog, **helpp;
- char *configfile = NULL, *section = NULL, *password = NULL;
+ char *configfile = default_config_file;
+ char *section = NULL, *password = NULL;
char *data = NULL, *digest = NULL, *rnd = NULL, *policy = NULL;
char *in = NULL, *out = NULL, *queryfile = NULL, *passin = NULL;
char *inkey = NULL, *signer = NULL, *chain = NULL, *CApath = NULL;
@@ -389,24 +390,7 @@ static ASN1_OBJECT *txt2obj(const char *oid)
static CONF *load_config_file(const char *configfile)
{
- CONF *conf = NULL;
- long errorline = -1;
-
- if (!configfile)
- configfile = getenv("OPENSSL_CONF");
- if (!configfile)
- configfile = getenv("SSLEAY_CONF");
-
- if (configfile &&
- ((conf = NCONF_new(NULL)) == NULL
- || NCONF_load(conf, configfile, &errorline) <= 0)) {
- if (errorline <= 0)
- BIO_printf(bio_err, "error loading the config file "
- "'%s'\n", configfile);
- else
- BIO_printf(bio_err, "error on line %ld of config file "
- "'%s'\n", errorline, configfile);
- }
+ CONF *conf = app_load_config(configfile);
if (conf != NULL) {
const char *p;
diff --git a/apps/x509.c b/apps/x509.c
index f22eef1..1a6e327 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -521,19 +521,9 @@ int x509_main(int argc, char **argv)
}
if (extfile) {
- long errorline = -1;
X509V3_CTX ctx2;
- extconf = NCONF_new(NULL);
- if (!NCONF_load(extconf, extfile, &errorline)) {
- if (errorline <= 0)
- BIO_printf(bio_err,
- "error loading the config file '%s'\n", extfile);
- else
- BIO_printf(bio_err,
- "error on line %ld of config file '%s'\n",
- errorline, extfile);
+ if ((extconf = app_load_config(extfile)) == NULL)
goto end;
- }
if (!extsect) {
extsect = NCONF_get_string(extconf, "default", "extensions");
if (!extsect) {
More information about the openssl-commits
mailing list