From: Dr. Stephen Henson <steve@openssl.org>
Date: Fri, 22 Feb 2002 14:01:21 +0000 (+0000)
Subject: Config code updates.
X-Git-Tag: OpenSSL-engine-0_9_6d~4^2~138
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3647bee263ebfef8694f7df07498a17b03ad883d;p=thirdparty%2Fopenssl.git

Config code updates.

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.
---

diff --git a/CHANGES b/CHANGES
index c7997c122d9..91b01bc9193 100644
--- a/CHANGES
+++ b/CHANGES
@@ -43,7 +43,19 @@
          *) applies to 0.9.6a ... 0.9.6d and 0.9.7
          +) applies to 0.9.7 only
 
-  +) Move default behaviour to CONF_modules_load_file(). Is appname is NULL
+  +) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  +) Move default behaviour from OPENSSL_config(). If appname is NULL
      use "openssl_conf" if filename is NULL use default openssl config file.
      [Steve Henson]
 
diff --git a/apps/apps.c b/apps/apps.c
index 7864e792e31..8c9726ebd7b 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1314,3 +1314,21 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 		}
         return e;
         }
+
+int load_config(BIO *err, CONF *cnf)
+	{
+	if (!cnf)
+		cnf = config;
+	if (!cnf)
+		return 1;
+
+	OPENSSL_load_builtin_modules();
+
+	if (CONF_modules_load(cnf, NULL, 0) <= 0)
+		{
+		BIO_printf(err, "Error configuring OpenSSL\n");
+		ERR_print_errors(err);
+		return 0;
+		}
+	return 1;
+	}
diff --git a/apps/apps.h b/apps/apps.h
index db75538a033..aad2862123f 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -196,7 +196,8 @@ extern BIO *bio_err;
 #  define apps_shutdown() \
 		do { destroy_ui_method(); EVP_cleanup(); \
 		ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); \
-		ERR_remove_state(0); ERR_free_strings(); } while(0)
+		ERR_remove_state(0); ERR_free_strings(); \
+		CONF_modules_unload(1); } while(0)
 #endif
 
 typedef struct args_st
@@ -244,6 +245,8 @@ STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
 
+int load_config(BIO *err, CONF *cnf);
+
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 			ASN1_GENERALIZEDTIME **pinvtm, char *str);
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 4918bcb1c06..0e6167d2d44 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -103,6 +103,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
diff --git a/apps/ca.c b/apps/ca.c
index 3417e328d20..182c29e8c63 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -590,6 +590,9 @@ bad:
 		goto err;
 		}
 
+	if (!load_config(bio_err, conf))
+		goto err;
+
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
diff --git a/apps/crl.c b/apps/crl.c
index 5ea59d0169a..f25b1877b59 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -120,6 +120,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			{
diff --git a/apps/dgst.c b/apps/dgst.c
index 7989a1dcd38..c3e37be41fa 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -112,6 +112,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
 	program_name(argv[0],pname,PROG_NAME_SIZE);
 
diff --git a/apps/dh.c b/apps/dh.c
index dc854264f0b..27c3dc8df22 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -100,6 +100,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dhparam.c b/apps/dhparam.c
index e55d0ce0cbb..f1664a59b7a 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -166,6 +166,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/dsa.c b/apps/dsa.c
index 9d10a7c8608..9da1a41645b 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -109,6 +109,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 84a5ac6286a..d54c77d93e5 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -106,6 +106,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/ecdsa.c b/apps/ecdsa.c
index 80cbdb2e4a9..8f15ee2f12d 100644
--- a/apps/ecdsa.c
+++ b/apps/ecdsa.c
@@ -177,6 +177,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine = NULL;
 	infile = NULL;
 	outfile = NULL;
diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c
index 9e9c1cb7cbb..8594d8f8e75 100644
--- a/apps/ecdsaparam.c
+++ b/apps/ecdsaparam.c
@@ -178,6 +178,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/enc.c b/apps/enc.c
index a8b33874b0a..d01060f226b 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -127,6 +127,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
 	program_name(argv[0],pname,PROG_NAME_SIZE);
 	if (strcmp(pname,"base64") == 0)
diff --git a/apps/engine.c b/apps/engine.c
index f71076b13b0..734ecb3e5db 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -356,6 +356,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	{
diff --git a/apps/gendh.c b/apps/gendh.c
index 83cbff91200..f2542960bf2 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -96,6 +96,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
diff --git a/apps/gendsa.c b/apps/gendsa.c
index ebee7f02695..1e1e9f3e4c4 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -93,6 +93,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 5a58235e0c6..515bd7c9017 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -99,6 +99,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to create BIO for output\n");
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 66460391fbf..c87edbc44b6 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -145,6 +145,9 @@ int MAIN(int argc, char **argv)
 	int nmin = 0, ndays = -1;
 
 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	SSL_load_error_strings();
 	args = argv + 1;
 	reqnames = sk_new_null();
diff --git a/apps/passwd.c b/apps/passwd.c
index d3fa228bdb4..2023b76f5bf 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -79,6 +79,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	out = BIO_new(BIO_s_file());
 	if (out == NULL)
 		goto err;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a4242180341..6a23b64f5e1 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -127,6 +127,9 @@ int MAIN(int argc, char **argv)
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
     args = argv + 1;
 
 
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index c0becce9033..ea8c04dffa1 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -90,6 +90,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 
@@ -347,6 +350,7 @@ int MAIN(int argc, char **argv)
 			return (1);
 	}
 
+	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
diff --git a/apps/rand.c b/apps/rand.c
index 68622165eb8..f51f5bec356 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -92,6 +92,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto err;
+
 	badopt = 0;
 	i = 0;
 	while (!badopt && argv[++i] != NULL)
diff --git a/apps/req.c b/apps/req.c
index 27a7bba1064..a6daf6287e2 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -560,6 +560,8 @@ bad:
 
 	if (req_conf != NULL)
 		{
+		if (!load_config(bio_err, req_conf))
+			goto end;
 		p=NCONF_get_string(req_conf,NULL,"oid_file");
 		if (p == NULL)
 			ERR_clear_error();
diff --git a/apps/rsa.c b/apps/rsa.c
index 6cadcb21747..60a33815276 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -113,6 +113,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/rsautl.c b/apps/rsautl.c
index e079dc87f8f..9b02e6782e0 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -104,6 +104,9 @@ int MAIN(int argc, char **argv)
 	argv++;
 
 	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	pad = RSA_PKCS1_PADDING;
diff --git a/apps/s_client.c b/apps/s_client.c
index 15a63cc9e6a..9c0dbc2bf6f 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -271,6 +271,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
 		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
 		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
diff --git a/apps/s_server.c b/apps/s_server.c
index 078e220c037..65525572e27 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -504,6 +504,9 @@ int MAIN(int argc, char *argv[])
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	verify_depth=0;
 #ifdef FIONBIO
 	s_nbio=0;
diff --git a/apps/smime.c b/apps/smime.c
index 731f9dd5d04..cd750e32b7c 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -109,6 +109,9 @@ int MAIN(int argc, char **argv)
 	args = argv + 1;
 	ret = 1;
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	while (!badarg && *args && *args[0] == '-') {
 		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
 		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
diff --git a/apps/speed.c b/apps/speed.c
index 5e536680255..1c2b4eeda29 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -515,6 +515,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 #ifndef OPENSSL_NO_RSA
 	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
diff --git a/apps/spkac.c b/apps/spkac.c
index fa5dc248c88..049a37963c2 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -98,6 +98,9 @@ int MAIN(int argc, char **argv)
 
 	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
diff --git a/apps/verify.c b/apps/verify.c
index 255bf5ad280..215ef84fc75 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -100,6 +100,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argc--;
 	argv++;
 	for (;;)
diff --git a/apps/x509.c b/apps/x509.c
index a56f037b899..12888c0486f 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -191,6 +191,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	{
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index 4e14cd000f1..3c03fb19c02 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -194,6 +194,8 @@ char *CONF_get1_default_config_file(void);
 int CONF_parse_list(const char *list, int sep, int nospc,
 	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
 
+void OPENSSL_load_builtin_modules(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 7e88cfb6250..459a2d7df19 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -130,9 +130,11 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 
 	int ret, i;
 
-	if (!cnf || !appname)
+	if (!cnf)
 		return 1;
 
+	if (appname == NULL)
+		appname = "openssl_conf";
 
 	vsection = NCONF_get_string(cnf, NULL, appname); 
 
@@ -178,8 +180,6 @@ int CONF_modules_load_file(const char *filename, const char *appname,
 		}
 	else
 		file = (char *)filename;
-	if (appname == NULL)
-		appname = "openssl_conf";
 
 	if (NCONF_load(conf, file, NULL) <= 0)
 		{
@@ -422,6 +422,7 @@ void CONF_modules_unload(int all)
 	{
 	int i;
 	CONF_MODULE *md;
+	CONF_modules_finish();
 	/* unload modules in reverse order */
 	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
 		{