From: Neil Horman <nhorman@openssl.org>
Date: Mon, 1 Jul 2024 14:36:57 +0000 (-0400)
Subject: Allow openssl version to function in the absence of a config file
X-Git-Tag: openssl-3.4.0-alpha1~382
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=97bfbb98b0f9f2a381a47a01ae4e20f511adae05;p=thirdparty%2Fopenssl.git

Allow openssl version to function in the absence of a config file

the openssl application attempts to load a config file on startup
always, calling x509_get_default_cert_area() to locate the file.  On
Windows builds with -DOSSL_WINCTX set, this fails if the corresponding
registry keys are unset. allow openssl to continue to function properly
for applets that don't actually require a configuration file.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
---

diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
index fc194ebcbbf..a65229fb010 100644
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -54,7 +54,6 @@ jobs:
     - name: Gather openssl version info
       working-directory: _build
       run: |
-        $Env:OPENSSL_CONF="apps\openssl.cnf"
         apps/openssl.exe version -v
         apps/openssl.exe version -v | %{($_ -split '\s+')[1]} 
         apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'} 
diff --git a/.github/workflows/windows_comp.yml b/.github/workflows/windows_comp.yml
index 36f4caf084a..e7f8922ccfb 100644
--- a/.github/workflows/windows_comp.yml
+++ b/.github/workflows/windows_comp.yml
@@ -36,7 +36,6 @@ jobs:
     - name: Gather openssl version info
       working-directory: _build
       run: |
-        $Env:OPENSSL_CONF="apps\openssl.cnf"
         apps/openssl.exe version -v
         apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
         apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'} 
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 5e0681e6db3..9d49a5f69d1 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -692,8 +692,18 @@ char *CONF_get1_default_config_file(void)
         return OPENSSL_strdup(file);
 
     t = X509_get_default_cert_area();
+    /*
+     * On windows systems with -DOSSL_WINCTX set, if the needed registry
+     * keys are not yet set, openssl applets will return, due to an inability
+     * to locate various directories, like the default cert area.  In that
+     * event, clone an empty string here, so that commands like openssl version
+     * continue to operate properly without needing to set OPENSSL_CONF.
+     * Applets like cms will fail gracefully later when they try to parse an
+     * empty config file
+     */
     if (t == NULL)
-        return NULL;
+        return OPENSSL_strdup("");
+
 #ifndef OPENSSL_SYS_VMS
     sep = "/";
 #endif