QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-28 10:44:38 +00:00
Code Issues Projects Releases Wiki Activity

APPS: Allow OPENSSL_CONF to be empty, not loading a config file

Browse Source 
Also document the function CONF_get1_default_config_file()

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13658)
This commit is contained in:
Dr. David von Oheimb 2020-12-10 21:02:47 +01:00 committed by Dr. David von Oheimb
parent ec2bfb7d23
commit 1579594383
14 changed files with 67 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
apps/ca.c
View File

@ -494,9 +494,7 @@ end_of_options:
argc = opt_num_rest();
argv = opt_rest();
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
if ((conf = app_load_config(configfile)) == NULL)
if ((conf = app_load_config_verbose(configfile, 1)) == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf))
goto end;

8
apps/include/apps.h
View File

@ -48,7 +48,7 @@
void app_RAND_load_conf(CONF *c, const char *section);
void app_RAND_write(void);
extern char *default_config_file;
extern char *default_config_file; /* may be "" */
extern BIO *bio_in;
extern BIO *bio_out;
extern BIO *bio_err;
@ -63,8 +63,10 @@ BIO *bio_open_owner(const char *filename, int format, int private);
BIO *bio_open_default(const char *filename, char mode, int format);
BIO *bio_open_default_quiet(const char *filename, char mode, int format);
CONF *app_load_config_bio(BIO *in, const char *filename);
CONF *app_load_config(const char *filename);
CONF *app_load_config_quiet(const char *filename);
#define app_load_config(filename) app_load_config_internal(filename, 0)
#define app_load_config_quiet(filename) app_load_config_internal(filename, 1)
CONF *app_load_config_internal(const char *filename, int quiet);
CONF *app_load_config_verbose(const char *filename, int verbose);
int app_load_modules(const CONF *config);
CONF *app_load_config_modules(const char *configfile);
void unbuffer(FILE *fp);

37
apps/lib/apps.c
View File

@ -54,6 +54,9 @@ static int WIN32_rename(const char *from, const char *to);
# define _kbhit kbhit
#endif
static BIO *bio_open_default_(const char *filename, char mode, int format,
int quiet);
#define PASS_SOURCE_SIZE_MAX 4
DEFINE_STACK_OF(CONF)
@ -379,29 +382,25 @@ CONF *app_load_config_bio(BIO *in, const char *filename)
return NULL;
}
CONF *app_load_config(const char *filename)
CONF *app_load_config_verbose(const char *filename, int verbose)
{
BIO *in;
CONF *conf;
in = bio_open_default(filename, 'r', FORMAT_TEXT);
if (in == NULL)
return NULL;
conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
if (verbose) {
if (*filename == '\0')
BIO_printf(bio_err, "No configuration used\n");
else
BIO_printf(bio_err, "Using configuration from %s\n", filename);
}
return app_load_config_internal(filename, 0);
}
CONF *app_load_config_quiet(const char *filename)
CONF *app_load_config_internal(const char *filename, int quiet)
{
BIO *in;
BIO *in = NULL; /* leads to empty config in case filename == "" */
CONF *conf;
in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT);
if (in == NULL)
if (*filename != '\0'
&& (in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL)
return NULL;
conf = app_load_config_bio(in, filename);
BIO_free(in);
return conf;
@ -457,9 +456,7 @@ CONF *app_load_config_modules(const char *configfile)
CONF *conf = NULL;
if (configfile != NULL) {
BIO_printf(bio_err, "Using configuration from %s\n", configfile);
if ((conf = app_load_config(configfile)) == NULL)
if ((conf = app_load_config_verbose(configfile, 1)) == NULL)
return NULL;
if (configfile != default_config_file && !app_load_modules(conf)) {
NCONF_free(conf);
@ -2789,7 +2786,7 @@ static BIO *bio_open_default_(const char *filename, char mode, int format,
if (ret != NULL)
return ret;
BIO_printf(bio_err,
"Can't open %s for %s, %s\n",
"Can't open \"%s\" for %s, %s\n",
filename, modeverb(mode), strerror(errno));
}
ERR_print_errors(bio_err);

40
apps/req.c
View File

@ -466,9 +466,7 @@ int req_main(int argc, char **argv)
goto end;
}
if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n", template);
if ((req_conf = app_load_config(template)) == NULL)
if ((req_conf = app_load_config_verbose(template, verbose)) == NULL)
goto end;
if (addext_bio != NULL) {
if (verbose)
@ -635,7 +633,7 @@ int req_main(int argc, char **argv)
if (genctx == NULL) {
genctx = set_keygen_ctx(NULL, &pkey_type, &newkey,
&keyalgstr, gen_eng);
if (!genctx)
if (genctx == NULL)
goto end;
}
@ -645,7 +643,6 @@ int req_main(int argc, char **argv)
genopt = sk_OPENSSL_STRING_value(pkeyopts, i);
if (pkey_ctrl_string(genctx, genopt) <= 0) {
BIO_printf(bio_err, "parameter error \"%s\"\n", genopt);
ERR_print_errors(bio_err);
goto end;
}
}
@ -743,7 +740,6 @@ int req_main(int argc, char **argv)
if ((x509ss = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
goto end;
/* Set version to V3 */
if (serial != NULL) {
if (!X509_set_serialNumber(x509ss, serial))
goto end;
@ -768,7 +764,6 @@ int req_main(int argc, char **argv)
goto end;
/* Set up V3 context struct */
X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, X509V3_CTX_REPLACE);
X509V3_set_nconf(&ext_ctx, req_conf);
@ -797,10 +792,8 @@ int req_main(int argc, char **argv)
}
i = do_X509_sign(x509ss, pkey, digest, sigopts, &ext_ctx);
if (!i) {
ERR_print_errors(bio_err);
if (!i)
goto end;
}
} else {
X509V3_CTX ext_ctx;
@ -824,10 +817,8 @@ int req_main(int argc, char **argv)
goto end;
}
i = do_X509_REQ_sign(req, pkey, digest, sigopts);
if (!i) {
ERR_print_errors(bio_err);
if (!i)
goto end;
}
}
}
@ -893,7 +884,6 @@ int req_main(int argc, char **argv)
if (tpubkey == NULL) {
BIO_printf(bio_err, "Error getting public key\n");
ERR_print_errors(bio_err);
goto end;
}
PEM_write_bio_PUBKEY(out, tpubkey);
@ -911,7 +901,6 @@ int req_main(int argc, char **argv)
else
BIO_printf(bio_err, "Error printing certificate request\n");
ERR_print_errors(bio_err);
goto end;
}
}
@ -1008,7 +997,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
{
int ret = 0, i;
char no_prompt = 0;
STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL;
STACK_OF(CONF_VALUE) *dn_sk = NULL, *attr_sk = NULL;
char *tmp, *dn_sect, *attr_sect;
tmp = NCONF_get_string(req_conf, section, PROMPT);
@ -1019,20 +1008,18 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn,
dn_sect = NCONF_get_string(req_conf, section, DISTINGUISHED_NAME);
if (dn_sect == NULL) {
BIO_printf(bio_err, "unable to find '%s' in config\n",
DISTINGUISHED_NAME);
goto err;
}
dn_sk = NCONF_get_section(req_conf, dn_sect);
if (dn_sk == NULL) {
BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
goto err;
ERR_clear_error();
} else {
dn_sk = NCONF_get_section(req_conf, dn_sect);
if (dn_sk == NULL) {
BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect);
goto err;
}
}
attr_sect = NCONF_get_string(req_conf, section, ATTRIBUTES);
if (attr_sect == NULL) {
ERR_clear_error();
attr_sk = NULL;
} else {
attr_sk = NCONF_get_section(req_conf, attr_sect);
if (attr_sk == NULL) {
@ -1583,20 +1570,17 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr,
if (gctx == NULL) {
BIO_puts(bio_err, "Error allocating keygen context\n");
ERR_print_errors(bio_err);
return NULL;
}
if (EVP_PKEY_keygen_init(gctx) <= 0) {
BIO_puts(bio_err, "Error initializing keygen context\n");
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(gctx);
return NULL;
}
if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) {
if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) {
BIO_puts(bio_err, "Error setting RSA keysize\n");
ERR_print_errors(bio_err);
EVP_PKEY_CTX_free(gctx);
return NULL;
}

5
apps/srp.c
View File

@ -338,10 +338,7 @@ int srp_main(int argc, char **argv)
if (configfile == NULL)
configfile = default_config_file;
if (verbose)
BIO_printf(bio_err, "Using configuration from %s\n",
configfile);
conf = app_load_config(configfile);
conf = app_load_config_verbose(configfile, verbose);
if (conf == NULL)
goto end;
if (configfile != default_config_file && !app_load_modules(conf))

4
crypto/conf/conf_api.c
View File

@ -27,7 +27,7 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section)
return NULL;
vv.name = NULL;
vv.section = (char *)section;
return lh_CONF_VALUE_retrieve(conf->data, &vv);
return conf->data != NULL ? lh_CONF_VALUE_retrieve(conf->data, &vv) : NULL;
}
STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf,
@ -72,6 +72,8 @@ char *_CONF_get_string(const CONF *conf, const char *section,
return NULL;
if (conf == NULL)
return ossl_safe_getenv(name);
if (conf->data == NULL)
return NULL;
if (section != NULL) {
vv.name = (char *)name;
vv.section = (char *)section;

5
crypto/conf/conf_def.c
View File

@ -239,11 +239,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
p = &(buff->data[bufnum]);
*p = '\0';
read_retry:
BIO_gets(in, p, CONFBUFSIZE - 1);
if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0)
goto err;
p[CONFBUFSIZE - 1] = '\0';
ii = i = strlen(p);
if (i == 0 && !again) {
/* the currently processed BIO is at EOF */
/* the currently processed BIO is NULL or at EOF */
BIO *parent;
#ifndef OPENSSL_NO_POSIX_IO

11
crypto/conf/conf_mod.c
View File

@ -156,11 +156,6 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
CONF *conf = NULL;
int ret = 0, diagnostics = 0;
ERR_set_mark();
conf = NCONF_new_ex(libctx, NULL);
if (conf == NULL)
goto err;
if (filename == NULL) {
file = CONF_get1_default_config_file();
if (file == NULL)
@ -169,6 +164,11 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
file = (char *)filename;
}
ERR_set_mark();
conf = NCONF_new_ex(libctx, NULL);
if (conf == NULL)
goto err;
if (NCONF_load(conf, file, NULL) <= 0) {
if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
(ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
@ -539,7 +539,6 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
}
/* Return default config file name */
char *CONF_get1_default_config_file(void)
{
const char *t;

11
doc/man1/openssl.pod
View File

@ -83,10 +83,13 @@ Many commands use an external configuration file for some or all of their
arguments and have a B<-config> option to specify that file.
The default name of the file is F<openssl.cnf> in the default certificate
storage area, which can be determined from the L<openssl-version(1)>
command. This can be used to load modules.
The environment variable B<OPENSSL_CONF> can be used to specify
a different location of the file.
See L<openssl-env(7)>.
command using the B<-d> or B<-a> option.
The environment variable B<OPENSSL_CONF> can be used to specify a different
file location or to disable loading a configuration (using the empty string).
Among others, the configuration file can be used to load modules
and to specify parameters for generating certificates and random numbers.
See L<config(5)> for details.
=head2 Standard Commands

12
doc/man3/CONF_modules_load_file.pod
View File

@ -2,6 +2,7 @@
=head1 NAME
CONF_get1_default_config_file,
CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
- OpenSSL configuration functions
@ -9,6 +10,7 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
#include <openssl/conf.h>
char *CONF_get1_default_config_file(void);
int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
const char *appname, unsigned long flags);
int CONF_modules_load_file(const char *filename, const char *appname,
@ -18,9 +20,17 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load
=head1 DESCRIPTION
The function CONF_get1_default_config_file() determines the default
configuration file pathname as follows.
If the B<OPENSSL_CONF> environment variable is set its value is returned.
Else the function returns the path obtained using
L<X509_get_default_cert_area(3)> with the filename C<"openssl.cnf"> appended.
The caller is responsible for freeing any string returned.
The function CONF_modules_load_file_ex() configures OpenSSL using
library context B<libctx> file B<filename> and application name B<appname>.
If B<filename> is NULL the standard OpenSSL configuration file is used.
If B<filename> is NULL the standard OpenSSL configuration file is used
as determined by calling CONF_get1_default_config_file().
If B<appname> is NULL the standard OpenSSL application name B<openssl_conf> is
used.
The behaviour can be customized using B<flags>. Note that, the error suppressing

2
doc/man5/config.pod
View File

@ -502,7 +502,7 @@ F<sample>.
=item B<OPENSSL_CONF>
The path to the config file.
The path to the config file, or the empty string for none.
Ignored in set-user-ID and set-group-ID programs.
=item B<OPENSSL_ENGINES>

2
doc/man7/openssl-env.pod
View File

@ -28,7 +28,7 @@ and by the B<CA.pl> script (see L<CA.pl(1)/NOTES>
Specifies the path to a configuration file and the directory for
included files.
See L<openssl(1)> and L<config(5)>.
See L<config(5)>.
=item B<OPENSSL_CONFIG>

1
util/missingcrypto.txt
View File

@ -379,7 +379,6 @@ COMP_zlib(3)
CONF_dump_bio(3)
CONF_dump_fp(3)
CONF_free(3)
CONF_get1_default_config_file(3)
CONF_get_number(3)
CONF_get_section(3)
CONF_get_string(3)

1
util/missingcrypto111.txt
View File

@ -403,7 +403,6 @@ COMP_zlib(3)
CONF_dump_bio(3)
CONF_dump_fp(3)
CONF_free(3)
CONF_get1_default_config_file(3)
CONF_get_number(3)
CONF_get_section(3)
CONF_get_string(3)