From: Neil Horman <nhorman@openssl.org>
Date: Thu, 6 Jun 2024 18:38:43 +0000 (-0400)
Subject: convert users of build time defaults to use new defaults api
X-Git-Tag: openssl-3.4.0-alpha1~401
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e6c77f26855661ec4bfe0a91fcf1c718ac48967f;p=thirdparty%2Fopenssl.git

convert users of build time defaults to use new defaults api

Now that we can query for install time registry keys on windows, convert
users of these macros to use the api instead

Add a unit test to validate the functionality of our reg key lookups

Add a test to check to make sure our registry key lookups work.  note
this test only runs on windows (clearly), but also only if the registry
keys are set via an installer or some other manual process (to be done
in the CI workflow)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24450)
---

diff --git a/apps/version.c b/apps/version.c
index 7185e9edcd1..50ae1388be0 100644
--- a/apps/version.c
+++ b/apps/version.c
@@ -18,7 +18,7 @@
 
 typedef enum OPTION_choice {
     OPT_COMMON,
-    OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C
+    OPT_B, OPT_D, OPT_E, OPT_M, OPT_F, OPT_O, OPT_P, OPT_V, OPT_A, OPT_R, OPT_C, OPT_W
 } OPTION_CHOICE;
 
 const OPTIONS version_options[] = {
@@ -37,6 +37,7 @@ const OPTIONS version_options[] = {
     {"r", OPT_R, '-', "Show random seeding options"},
     {"v", OPT_V, '-', "Show library version"},
     {"c", OPT_C, '-', "Show CPU settings info"},
+    {"w", OPT_W, '-', "Show Windows install context"},
     {NULL}
 };
 
@@ -44,7 +45,7 @@ int version_main(int argc, char **argv)
 {
     int ret = 1, dirty = 0, seed = 0;
     int cflags = 0, version = 0, date = 0, options = 0, platform = 0, dir = 0;
-    int engdir = 0, moddir = 0, cpuinfo = 0;
+    int engdir = 0, moddir = 0, cpuinfo = 0, windows = 0;
     char *prog;
     OPTION_CHOICE o;
 
@@ -90,6 +91,9 @@ opthelp:
         case OPT_C:
             dirty = cpuinfo = 1;
             break;
+	case OPT_W:
+	    dirty = windows = 1;
+	    break;
         case OPT_A:
             seed = options = cflags = version = date = platform
                 = dir = engdir = moddir = cpuinfo
@@ -120,17 +124,19 @@ opthelp:
     if (cflags)
         printf("%s\n", OpenSSL_version(OPENSSL_CFLAGS));
     if (dir)
-        printf("%s\n", OpenSSL_version(OPENSSL_DIR));
+        printf("OPENSSLDIR: %s\n", OpenSSL_version(OPENSSL_DIR));
     if (engdir)
-        printf("%s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
+        printf("ENGINESDIR: %s\n", OpenSSL_version(OPENSSL_ENGINES_DIR));
     if (moddir)
-        printf("%s\n", OpenSSL_version(OPENSSL_MODULES_DIR));
+        printf("MODULESDIR: %s\n", OpenSSL_version(OPENSSL_MODULES_DIR));
     if (seed) {
         const char *src = OPENSSL_info(OPENSSL_INFO_SEED_SOURCE);
         printf("Seeding source: %s\n", src ? src : "N/A");
     }
     if (cpuinfo)
         printf("%s\n", OpenSSL_version(OPENSSL_CPU_INFO));
+    if (windows)
+	printf("WININSTALLCONTEXT: %s\n", OpenSSL_version(OPENSSL_WININSTALLCONTEXT));
     ret = 0;
  end:
     return ret;
diff --git a/crypto/cversion.c b/crypto/cversion.c
index 530b0e805e8..d3f193a9efb 100644
--- a/crypto/cversion.c
+++ b/crypto/cversion.c
@@ -8,6 +8,7 @@
  */
 
 #include "internal/cryptlib.h"
+#include "internal/common.h"
 
 #include "buildinf.h"
 
@@ -59,28 +60,18 @@ const char *OpenSSL_version(int t)
     case OPENSSL_PLATFORM:
         return PLATFORM;
     case OPENSSL_DIR:
-#ifdef OPENSSLDIR
-        return "OPENSSLDIR: \"" OPENSSLDIR "\"";
-#else
-        return "OPENSSLDIR: N/A";
-#endif
+        return ossl_get_openssldir();
     case OPENSSL_ENGINES_DIR:
-#ifdef ENGINESDIR
-        return "ENGINESDIR: \"" ENGINESDIR "\"";
-#else
-        return "ENGINESDIR: N/A";
-#endif
+        return ossl_get_enginesdir();
     case OPENSSL_MODULES_DIR:
-#ifdef MODULESDIR
-        return "MODULESDIR: \"" MODULESDIR "\"";
-#else
-        return "MODULESDIR: N/A";
-#endif
+        return ossl_get_modulesdir();
     case OPENSSL_CPU_INFO:
         if (OPENSSL_info(OPENSSL_INFO_CPU_SETTINGS) != NULL)
             return ossl_cpu_info_str;
         else
             return "CPUINFO: N/A";
+    case OPENSSL_WININSTALLCONTEXT:
+	return ossl_get_wininstallcontext();
     }
     return "not available";
 }
diff --git a/crypto/engine/eng_list.c b/crypto/engine/eng_list.c
index eafca3ec49c..b46403e556a 100644
--- a/crypto/engine/eng_list.c
+++ b/crypto/engine/eng_list.c
@@ -408,7 +408,7 @@ static void engine_cpy(ENGINE *dest, const ENGINE *src)
 ENGINE *ENGINE_by_id(const char *id)
 {
     ENGINE *iterator;
-    char *load_dir = NULL;
+    const char *load_dir = NULL;
     if (id == NULL) {
         ERR_raise(ERR_LIB_ENGINE, ERR_R_PASSED_NULL_PARAMETER);
         return NULL;
@@ -459,7 +459,7 @@ ENGINE *ENGINE_by_id(const char *id)
      */
     if (strcmp(id, "dynamic")) {
         if ((load_dir = ossl_safe_getenv("OPENSSL_ENGINES")) == NULL)
-            load_dir = ENGINESDIR;
+            load_dir = ossl_get_enginesdir();
         iterator = ENGINE_by_id("dynamic");
         if (!iterator || !ENGINE_ctrl_cmd_string(iterator, "ID", id, 0) ||
             !ENGINE_ctrl_cmd_string(iterator, "DIR_LOAD", "2", 0) ||
diff --git a/crypto/info.c b/crypto/info.c
index c823283279b..0dc26bd6f58 100644
--- a/crypto/info.c
+++ b/crypto/info.c
@@ -199,11 +199,11 @@ const char *OPENSSL_info(int t)
 
     switch (t) {
     case OPENSSL_INFO_CONFIG_DIR:
-        return OPENSSLDIR;
+        return ossl_get_openssldir();
     case OPENSSL_INFO_ENGINES_DIR:
-        return ENGINESDIR;
+        return ossl_get_enginesdir();
     case OPENSSL_INFO_MODULES_DIR:
-        return MODULESDIR;
+        return ossl_get_modulesdir();
     case OPENSSL_INFO_DSO_EXTENSION:
         return DSO_EXTENSION;
     case OPENSSL_INFO_DIR_FILENAME_SEPARATOR:
diff --git a/crypto/provider_core.c b/crypto/provider_core.c
index 297b281a39f..693e2913d54 100644
--- a/crypto/provider_core.c
+++ b/crypto/provider_core.c
@@ -920,7 +920,7 @@ static int provider_init(OSSL_PROVIDER *prov)
             if (load_dir == NULL) {
                 load_dir = ossl_safe_getenv("OPENSSL_MODULES");
                 if (load_dir == NULL)
-                    load_dir = MODULESDIR;
+                    load_dir = ossl_get_modulesdir();
             }
 
             DSO_ctrl(prov->module, DSO_CTRL_SET_FLAGS,
diff --git a/crypto/x509/x509_def.c b/crypto/x509/x509_def.c
index 2851fbcd9f9..874c61d7f13 100644
--- a/crypto/x509/x509_def.c
+++ b/crypto/x509/x509_def.c
@@ -8,28 +8,79 @@
  */
 
 #include <stdio.h>
+#include "internal/e_os.h"
 #include "internal/cryptlib.h"
+#include "internal/thread_once.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
 
+#if defined(_WIN32)
+
+static char x509_private_dir[MAX_PATH + 1]; 
+static char x509_cert_area[MAX_PATH + 1];
+static char x509_cert_dir[MAX_PATH + 1];
+static char x509_cert_file[MAX_PATH + 1];
+
+static void get_windows_default_path(char *pathname, const char *suffix)
+{
+    char *ossldir;
+
+    ossldir = ossl_get_openssldir();
+
+    OPENSSL_strlcpy(pathname, ossldir, MAX_PATH - 1);
+    if (MAX_PATH - strlen(pathname) > strlen(suffix))
+        strcat(pathname, suffix);
+}
+
+static CRYPTO_ONCE openssldir_setup_init = CRYPTO_ONCE_STATIC_INIT;
+DEFINE_RUN_ONCE_STATIC(do_openssldir_setup)
+{
+    get_windows_default_path(x509_private_dir, "\\private");
+    get_windows_default_path(x509_cert_area, "\\");
+    get_windows_default_path(x509_cert_dir, "\\certs");
+    get_windows_default_path(x509_cert_file, "\\cert.pem");
+    return 1;
+}
+#endif
+
 const char *X509_get_default_private_dir(void)
 {
+#if defined (_WIN32)
+    RUN_ONCE(&openssldir_setup_init, do_openssldir_setup);
+    return x509_private_dir;
+#else
     return X509_PRIVATE_DIR;
+#endif
 }
 
 const char *X509_get_default_cert_area(void)
 {
+#if defined (_WIN32)
+    RUN_ONCE(&openssldir_setup_init, do_openssldir_setup);
+    return x509_cert_area;
+#else
     return X509_CERT_AREA;
+#endif
 }
 
 const char *X509_get_default_cert_dir(void)
 {
+#if defined (_WIN32)
+    RUN_ONCE(&openssldir_setup_init, do_openssldir_setup);
+    return x509_cert_dir;
+#else
     return X509_CERT_DIR;
+#endif
 }
 
 const char *X509_get_default_cert_file(void)
 {
+#if defined (_WIN32)
+    RUN_ONCE(&openssldir_setup_init, do_openssldir_setup);
+    return x509_cert_file;
+#else
     return X509_CERT_FILE;
+#endif
 }
 
 const char *X509_get_default_cert_dir_env(void)
diff --git a/doc/man1/openssl-version.pod.in b/doc/man1/openssl-version.pod.in
index b2f09107242..7b6e2e9788b 100644
--- a/doc/man1/openssl-version.pod.in
+++ b/doc/man1/openssl-version.pod.in
@@ -20,6 +20,7 @@ B<openssl version>
 [B<-m>]
 [B<-r>]
 [B<-c>]
+[B<-w>]
 
 =head1 DESCRIPTION
 
@@ -77,6 +78,11 @@ The random number generator source settings.
 
 The OpenSSL CPU settings info.
 
+=item B<-w>
+
+The OpenSSL WININSTALLCONTEXT build time variable, if set.
+Used for computing Windows registry key names
+
 =back
 
 =head1 NOTES
diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in
index 1bc8ae4cce0..ee92bf61d22 100644
--- a/include/openssl/crypto.h.in
+++ b/include/openssl/crypto.h.in
@@ -170,6 +170,7 @@ const char *OpenSSL_version(int type);
 # define OPENSSL_FULL_VERSION_STRING    7
 # define OPENSSL_MODULES_DIR            8
 # define OPENSSL_CPU_INFO               9
+# define OPENSSL_WININSTALLCONTEXT	10
 
 const char *OPENSSL_info(int type);
 /*