From: Matt Caswell Date: Mon, 12 Oct 2015 11:40:15 +0000 (+0100) Subject: Centralise loading default apps config file X-Git-Tag: OpenSSL_1_1_0-pre1~435 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a0a82324f965bbcc4faed4e1ee3fcaf81ea52166;p=thirdparty%2Fopenssl.git Centralise loading default apps config file Loading the config file after processing command line options can cause problems, e.g. where an engine provides new ciphers/digests these are not then recoginised on the command line. Move the default config file loading to before the command line option processing. Whilst we're doing this we might as well centralise this instead of doing it individually for each application. Finally if we do it before the OpenSSL_add_ssl_algorithms() call then ciphersuites provided by an engine (e.g. GOST) can be available to the apps. RT#4085 RT#4086 Reviewed-by: Richard Levitte --- diff --git a/apps/asn1pars.c b/apps/asn1pars.c index 574b03f5593..6f88a1dca4b 100644 --- a/apps/asn1pars.c +++ b/apps/asn1pars.c @@ -186,9 +186,6 @@ int asn1parse_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (oidfile != NULL) { in = bio_open_default(oidfile, 'r', FORMAT_TEXT); if (in == NULL) diff --git a/apps/ca.c b/apps/ca.c index defbf007f67..586fbe4b568 100644 --- a/apps/ca.c +++ b/apps/ca.c @@ -484,10 +484,13 @@ end_of_options: argv = opt_rest(); BIO_printf(bio_err, "Using configuration from %s\n", configfile); - if ((conf = app_load_config(configfile)) == NULL) - goto end; - if (!app_load_modules(conf)) - goto end; + /* We already loaded the default config file */ + if (configfile != default_config_file) { + if ((conf = app_load_config(configfile)) == NULL) + goto end; + if (!app_load_modules(conf)) + goto end; + } /* Lets get the config section we are using */ if (section == NULL) { diff --git a/apps/ciphers.c b/apps/ciphers.c index a2ccf2842d8..bf3c20499e1 100644 --- a/apps/ciphers.c +++ b/apps/ciphers.c @@ -144,9 +144,6 @@ int ciphers_main(int argc, char **argv) else if (argc != 0) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - ctx = SSL_CTX_new(meth); if (ctx == NULL) goto err; diff --git a/apps/cms.c b/apps/cms.c index 6ed9338685c..fef34034bc0 100644 --- a/apps/cms.c +++ b/apps/cms.c @@ -684,9 +684,6 @@ int cms_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/crl.c b/apps/crl.c index 253f7a5b75c..b2a5d7f54db 100644 --- a/apps/crl.c +++ b/apps/crl.c @@ -232,9 +232,6 @@ int crl_main(int argc, char **argv) if (!nmflag_set) nmflag = XN_FLAG_ONELINE; - if (!app_load_modules(NULL)) - goto end; - x = load_crl(infile, informat); if (x == NULL) goto end; diff --git a/apps/crl2p7.c b/apps/crl2p7.c index 8cc1b62efe0..930875ac84e 100644 --- a/apps/crl2p7.c +++ b/apps/crl2p7.c @@ -148,9 +148,6 @@ int crl2pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (!nocrl) { in = bio_open_default(infile, 'r', informat); if (in == NULL) diff --git a/apps/dgst.c b/apps/dgst.c index 1e3a72ccb46..e62a8de4133 100644 --- a/apps/dgst.c +++ b/apps/dgst.c @@ -236,9 +236,6 @@ int dgst_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (do_verify && !sigfile) { BIO_printf(bio_err, "No signature to verify: use the -signature option\n"); diff --git a/apps/dhparam.c b/apps/dhparam.c index 334a129b1bf..17c0b5b4200 100644 --- a/apps/dhparam.c +++ b/apps/dhparam.c @@ -230,9 +230,6 @@ int dhparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (argv[0] && (!opt_int(argv[0], &num) || num <= 0)) goto end; diff --git a/apps/dsa.c b/apps/dsa.c index d829f980fa4..9dcc75e88ab 100644 --- a/apps/dsa.c +++ b/apps/dsa.c @@ -202,9 +202,6 @@ int dsa_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - BIO_printf(bio_err, "read DSA key\n"); { EVP_PKEY *pkey; diff --git a/apps/dsaparam.c b/apps/dsaparam.c index 1ba93e603f7..a0a3372f80b 100644 --- a/apps/dsaparam.c +++ b/apps/dsaparam.c @@ -183,9 +183,6 @@ int dsaparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (argc == 1) { if (!opt_int(argv[0], &num)) goto end; diff --git a/apps/ec.c b/apps/ec.c index a30d3f0a40d..3c38e6157bc 100644 --- a/apps/ec.c +++ b/apps/ec.c @@ -202,9 +202,6 @@ int ec_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; diff --git a/apps/ecparam.c b/apps/ecparam.c index 5a98f454fb5..9d13447283a 100644 --- a/apps/ecparam.c +++ b/apps/ecparam.c @@ -220,9 +220,6 @@ int ecparam_main(int argc, char **argv) argv = opt_rest(); private = genkey ? 1 : 0; - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; diff --git a/apps/enc.c b/apps/enc.c index 5ffb1f030c3..b0c82d6a34e 100644 --- a/apps/enc.c +++ b/apps/enc.c @@ -295,9 +295,6 @@ int enc_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (cipher && EVP_CIPHER_flags(cipher) & EVP_CIPH_FLAG_AEAD_CIPHER) { BIO_printf(bio_err, "%s: AEAD ciphers not supported\n", prog); goto end; diff --git a/apps/engine.c b/apps/engine.c index b1c13715287..b4da23ee891 100644 --- a/apps/engine.c +++ b/apps/engine.c @@ -369,9 +369,6 @@ int engine_main(int argc, char **argv) } } - if (!app_load_modules(NULL)) - goto end; - for (i = 0; i < sk_OPENSSL_STRING_num(engines); i++) { const char *id = sk_OPENSSL_STRING_value(engines, i); if ((e = ENGINE_by_id(id)) != NULL) { diff --git a/apps/gendsa.c b/apps/gendsa.c index f1e1f54b8a4..5d5cb5efddc 100644 --- a/apps/gendsa.c +++ b/apps/gendsa.c @@ -144,9 +144,6 @@ int gendsa_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(dsaparams, 'r', FORMAT_PEM); if (in == NULL) goto end2; diff --git a/apps/genpkey.c b/apps/genpkey.c index d80983350a8..333cea92d26 100644 --- a/apps/genpkey.c +++ b/apps/genpkey.c @@ -181,9 +181,6 @@ int genpkey_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - out = bio_open_owner(outfile, outformat, private); if (out == NULL) goto end; diff --git a/apps/genrsa.c b/apps/genrsa.c index 54484b5273c..b0e5e19b7e1 100644 --- a/apps/genrsa.c +++ b/apps/genrsa.c @@ -169,9 +169,6 @@ int genrsa_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - out = bio_open_owner(outfile, FORMAT_PEM, private); if (out == NULL) goto end; diff --git a/apps/nseq.c b/apps/nseq.c index 06893c82ce6..e8cf69dac9e 100644 --- a/apps/nseq.c +++ b/apps/nseq.c @@ -109,9 +109,6 @@ int nseq_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', FORMAT_PEM); if (in == NULL) goto end; diff --git a/apps/ocsp.c b/apps/ocsp.c index 960b77681af..0f8ddcc33ff 100644 --- a/apps/ocsp.c +++ b/apps/ocsp.c @@ -494,9 +494,6 @@ int ocsp_main(int argc, char **argv) if (!req && !reqin && !respin && !(port && ridx_filename)) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - out = bio_open_default(outfile, 'w', FORMAT_TEXT); if (out == NULL) goto end; diff --git a/apps/openssl.c b/apps/openssl.c index 81a37629d17..565903f9f70 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -166,7 +166,7 @@ BIO *bio_in = NULL; BIO *bio_out = NULL; BIO *bio_err = NULL; -static void apps_startup() +static int apps_startup() { #ifdef SIGPIPE signal(SIGPIPE, SIG_IGN); @@ -174,6 +174,13 @@ static void apps_startup() CRYPTO_malloc_init(); ERR_load_crypto_strings(); ERR_load_SSL_strings(); + + if (!app_load_modules(NULL)) { + ERR_print_errors(bio_err); + BIO_printf(bio_err, "Error loading default configuration\n"); + return 0; + } + OpenSSL_add_all_algorithms(); OpenSSL_add_ssl_algorithms(); OPENSSL_load_builtin_modules(); @@ -182,6 +189,7 @@ static void apps_startup() #ifndef OPENSSL_NO_ENGINE ENGINE_load_builtin_engines(); #endif + return 1; } static void apps_shutdown() @@ -328,7 +336,9 @@ int main(int argc, char *argv[]) #endif } - apps_startup(); + if (!apps_startup()) + goto end; + prog = prog_init(); pname = opt_progname(argv[0]); diff --git a/apps/passwd.c b/apps/passwd.c index 89883133756..372e0e804e7 100644 --- a/apps/passwd.c +++ b/apps/passwd.c @@ -201,9 +201,6 @@ int passwd_main(int argc, char **argv) goto opthelp; # endif - if (!app_load_modules(NULL)) - goto end; - if (infile && in_stdin) { BIO_printf(bio_err, "%s: Can't combine -in and -stdin\n", prog); goto end; diff --git a/apps/pkcs12.c b/apps/pkcs12.c index e1f663a058a..11930e9e16e 100644 --- a/apps/pkcs12.c +++ b/apps/pkcs12.c @@ -354,9 +354,6 @@ int pkcs12_main(int argc, char **argv) mpass = macpass; } - if (!app_load_modules(NULL)) - goto end; - if (export_cert || inrand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/pkcs7.c b/apps/pkcs7.c index fff14dc9595..1ed0b013395 100644 --- a/apps/pkcs7.c +++ b/apps/pkcs7.c @@ -193,9 +193,6 @@ int pkcs7_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', informat); if (in == NULL) goto end; diff --git a/apps/pkcs8.c b/apps/pkcs8.c index 765744ffbe2..3d7282eabbc 100644 --- a/apps/pkcs8.c +++ b/apps/pkcs8.c @@ -233,9 +233,6 @@ int pkcs8_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if ((pbe_nid == -1) && !cipher) pbe_nid = NID_pbeWithMD5AndDES_CBC; diff --git a/apps/pkey.c b/apps/pkey.c index d2a66eb4a0e..694cdd12c7e 100644 --- a/apps/pkey.c +++ b/apps/pkey.c @@ -169,9 +169,6 @@ int pkey_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - out = bio_open_owner(outfile, outformat, private); if (out == NULL) goto end; diff --git a/apps/pkeyparam.c b/apps/pkeyparam.c index 215611eb347..abb40d1ab29 100644 --- a/apps/pkeyparam.c +++ b/apps/pkeyparam.c @@ -118,9 +118,6 @@ int pkeyparam_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - in = bio_open_default(infile, 'r', FORMAT_PEM); if (in == NULL) goto end; diff --git a/apps/pkeyutl.c b/apps/pkeyutl.c index c3e18895a78..82ebdeee9ec 100644 --- a/apps/pkeyutl.c +++ b/apps/pkeyutl.c @@ -230,9 +230,6 @@ int pkeyutl_main(int argc, char **argv) if (ctx == NULL) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - if (sigfile && (pkey_op != EVP_PKEY_OP_VERIFY)) { BIO_printf(bio_err, "%s: Signature file specified for non verify\n", prog); diff --git a/apps/prime.c b/apps/prime.c index 2ce4e94f898..b6c5ad58b8f 100644 --- a/apps/prime.c +++ b/apps/prime.c @@ -109,9 +109,6 @@ int prime_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (argc == 0 && !generate) { BIO_printf(bio_err, "%s: No prime specified\n", prog); goto end; diff --git a/apps/rand.c b/apps/rand.c index 315e6be02f6..150eef4fb15 100644 --- a/apps/rand.c +++ b/apps/rand.c @@ -126,9 +126,6 @@ int rand_main(int argc, char **argv) if (sscanf(argv[0], "%d", &num) != 1 || num < 0) goto opthelp; - if (!app_load_modules(NULL)) - goto end; - app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) BIO_printf(bio_err, "%ld semi-random bytes loaded\n", diff --git a/apps/rsa.c b/apps/rsa.c index f8a0deceb65..0640ba4fad4 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -256,10 +256,6 @@ int rsa_main(int argc, char **argv) BIO_printf(bio_err, "Error getting passwords\n"); goto end; } - - if (!app_load_modules(NULL)) - goto end; - if (check && pubin) { BIO_printf(bio_err, "Only private keys can be checked\n"); goto end; diff --git a/apps/rsautl.c b/apps/rsautl.c index 84a1de1ae96..5d6bdc02422 100644 --- a/apps/rsautl.c +++ b/apps/rsautl.c @@ -214,9 +214,6 @@ int rsautl_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - /* FIXME: seed PRNG only if needed */ app_RAND_load_file(NULL, 0); diff --git a/apps/s_client.c b/apps/s_client.c index d76f921db6c..9bad1b51cf0 100644 --- a/apps/s_client.c +++ b/apps/s_client.c @@ -1063,9 +1063,6 @@ int s_client_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - if (proxystr) { if (connectstr == NULL) { BIO_printf(bio_err, "%s: -proxy requires use of -connect\n", prog); diff --git a/apps/s_server.c b/apps/s_server.c index aa43541501b..bfc8b1fcd28 100644 --- a/apps/s_server.c +++ b/apps/s_server.c @@ -1475,9 +1475,6 @@ int s_server_main(int argc, char *argv[]) goto end; } - if (!app_load_modules(NULL)) - goto end; - if (s_key_file == NULL) s_key_file = s_cert_file; diff --git a/apps/smime.c b/apps/smime.c index db645d0e168..551a8fd44d6 100644 --- a/apps/smime.c +++ b/apps/smime.c @@ -422,9 +422,6 @@ int smime_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if (need_rand) { app_RAND_load_file(NULL, (inrand != NULL)); if (inrand != NULL) diff --git a/apps/speed.c b/apps/speed.c index 046c0b26149..faa3e159ae1 100644 --- a/apps/speed.c +++ b/apps/speed.c @@ -850,9 +850,6 @@ int speed_main(int argc, char **argv) argc = opt_num_rest(); argv = opt_rest(); - if (!app_load_modules(NULL)) - goto end; - /* Remaining arguments are algorithms. */ for ( ; *argv; argv++) { if (found(*argv, doit_choices, &i)) { diff --git a/apps/spkac.c b/apps/spkac.c index 180f80fcb7b..eaeb3c15d03 100644 --- a/apps/spkac.c +++ b/apps/spkac.c @@ -186,8 +186,6 @@ int spkac_main(int argc, char **argv) if ((conf = app_load_config(infile)) == NULL) goto end; - if (!app_load_modules(conf)) - goto end; spkstr = NCONF_get_string(conf, spksect, spkac); diff --git a/apps/verify.c b/apps/verify.c index 61f8cf75794..bd4ed050650 100644 --- a/apps/verify.c +++ b/apps/verify.c @@ -198,9 +198,6 @@ int verify_main(int argc, char **argv) goto end; } - if (!app_load_modules(NULL)) - goto end; - if ((store = setup_verify(CAfile, CApath, noCAfile, noCApath)) == NULL) goto end; X509_STORE_set_verify_cb(store, cb); diff --git a/apps/x509.c b/apps/x509.c index 9472b68da52..ff1e8cbe821 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -493,9 +493,6 @@ int x509_main(int argc, char **argv) if (!nmflag_set) nmflag = XN_FLAG_ONELINE; - if (!app_load_modules(NULL)) - goto end; - out = bio_open_default(outfile, 'w', outformat); if (out == NULL) goto end;