diff --git a/apps/ca.c b/apps/ca.c index f580d97e2d..d97be7568e 100755 --- a/apps/ca.c +++ b/apps/ca.c @@ -494,9 +494,7 @@ end_of_options: argc = opt_num_rest(); argv = opt_rest(); - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - - if ((conf = app_load_config(configfile)) == NULL) + if ((conf = app_load_config_verbose(configfile, 1)) == NULL) goto end; if (configfile != default_config_file && !app_load_modules(conf)) goto end; diff --git a/apps/include/apps.h b/apps/include/apps.h index 30dc5d85f7..4bed7d7540 100644 --- a/apps/include/apps.h +++ b/apps/include/apps.h @@ -48,7 +48,7 @@ void app_RAND_load_conf(CONF *c, const char *section); void app_RAND_write(void); -extern char *default_config_file; +extern char *default_config_file; /* may be "" */ extern BIO *bio_in; extern BIO *bio_out; extern BIO *bio_err; @@ -63,8 +63,10 @@ BIO *bio_open_owner(const char *filename, int format, int private); BIO *bio_open_default(const char *filename, char mode, int format); BIO *bio_open_default_quiet(const char *filename, char mode, int format); CONF *app_load_config_bio(BIO *in, const char *filename); -CONF *app_load_config(const char *filename); -CONF *app_load_config_quiet(const char *filename); +#define app_load_config(filename) app_load_config_internal(filename, 0) +#define app_load_config_quiet(filename) app_load_config_internal(filename, 1) +CONF *app_load_config_internal(const char *filename, int quiet); +CONF *app_load_config_verbose(const char *filename, int verbose); int app_load_modules(const CONF *config); CONF *app_load_config_modules(const char *configfile); void unbuffer(FILE *fp); diff --git a/apps/lib/apps.c b/apps/lib/apps.c index 6ae35bac73..d5654d9dc9 100644 --- a/apps/lib/apps.c +++ b/apps/lib/apps.c @@ -54,6 +54,9 @@ static int WIN32_rename(const char *from, const char *to); # define _kbhit kbhit #endif +static BIO *bio_open_default_(const char *filename, char mode, int format, + int quiet); + #define PASS_SOURCE_SIZE_MAX 4 DEFINE_STACK_OF(CONF) @@ -379,29 +382,25 @@ CONF *app_load_config_bio(BIO *in, const char *filename) return NULL; } -CONF *app_load_config(const char *filename) +CONF *app_load_config_verbose(const char *filename, int verbose) { - BIO *in; - CONF *conf; - - in = bio_open_default(filename, 'r', FORMAT_TEXT); - if (in == NULL) - return NULL; - - conf = app_load_config_bio(in, filename); - BIO_free(in); - return conf; + if (verbose) { + if (*filename == '\0') + BIO_printf(bio_err, "No configuration used\n"); + else + BIO_printf(bio_err, "Using configuration from %s\n", filename); + } + return app_load_config_internal(filename, 0); } -CONF *app_load_config_quiet(const char *filename) +CONF *app_load_config_internal(const char *filename, int quiet) { - BIO *in; + BIO *in = NULL; /* leads to empty config in case filename == "" */ CONF *conf; - in = bio_open_default_quiet(filename, 'r', FORMAT_TEXT); - if (in == NULL) + if (*filename != '\0' + && (in = bio_open_default_(filename, 'r', FORMAT_TEXT, quiet)) == NULL) return NULL; - conf = app_load_config_bio(in, filename); BIO_free(in); return conf; @@ -457,9 +456,7 @@ CONF *app_load_config_modules(const char *configfile) CONF *conf = NULL; if (configfile != NULL) { - BIO_printf(bio_err, "Using configuration from %s\n", configfile); - - if ((conf = app_load_config(configfile)) == NULL) + if ((conf = app_load_config_verbose(configfile, 1)) == NULL) return NULL; if (configfile != default_config_file && !app_load_modules(conf)) { NCONF_free(conf); @@ -2789,7 +2786,7 @@ static BIO *bio_open_default_(const char *filename, char mode, int format, if (ret != NULL) return ret; BIO_printf(bio_err, - "Can't open %s for %s, %s\n", + "Can't open \"%s\" for %s, %s\n", filename, modeverb(mode), strerror(errno)); } ERR_print_errors(bio_err); diff --git a/apps/req.c b/apps/req.c index 5a065ad843..b645cc1039 100644 --- a/apps/req.c +++ b/apps/req.c @@ -466,9 +466,7 @@ int req_main(int argc, char **argv) goto end; } - if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", template); - if ((req_conf = app_load_config(template)) == NULL) + if ((req_conf = app_load_config_verbose(template, verbose)) == NULL) goto end; if (addext_bio != NULL) { if (verbose) @@ -635,7 +633,7 @@ int req_main(int argc, char **argv) if (genctx == NULL) { genctx = set_keygen_ctx(NULL, &pkey_type, &newkey, &keyalgstr, gen_eng); - if (!genctx) + if (genctx == NULL) goto end; } @@ -645,7 +643,6 @@ int req_main(int argc, char **argv) genopt = sk_OPENSSL_STRING_value(pkeyopts, i); if (pkey_ctrl_string(genctx, genopt) <= 0) { BIO_printf(bio_err, "parameter error \"%s\"\n", genopt); - ERR_print_errors(bio_err); goto end; } } @@ -743,7 +740,6 @@ int req_main(int argc, char **argv) if ((x509ss = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL) goto end; - /* Set version to V3 */ if (serial != NULL) { if (!X509_set_serialNumber(x509ss, serial)) goto end; @@ -768,7 +764,6 @@ int req_main(int argc, char **argv) goto end; /* Set up V3 context struct */ - X509V3_set_ctx(&ext_ctx, x509ss, x509ss, NULL, NULL, X509V3_CTX_REPLACE); X509V3_set_nconf(&ext_ctx, req_conf); @@ -797,10 +792,8 @@ int req_main(int argc, char **argv) } i = do_X509_sign(x509ss, pkey, digest, sigopts, &ext_ctx); - if (!i) { - ERR_print_errors(bio_err); + if (!i) goto end; - } } else { X509V3_CTX ext_ctx; @@ -824,10 +817,8 @@ int req_main(int argc, char **argv) goto end; } i = do_X509_REQ_sign(req, pkey, digest, sigopts); - if (!i) { - ERR_print_errors(bio_err); + if (!i) goto end; - } } } @@ -893,7 +884,6 @@ int req_main(int argc, char **argv) if (tpubkey == NULL) { BIO_printf(bio_err, "Error getting public key\n"); - ERR_print_errors(bio_err); goto end; } PEM_write_bio_PUBKEY(out, tpubkey); @@ -911,7 +901,6 @@ int req_main(int argc, char **argv) else BIO_printf(bio_err, "Error printing certificate request\n"); - ERR_print_errors(bio_err); goto end; } } @@ -1008,7 +997,7 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, { int ret = 0, i; char no_prompt = 0; - STACK_OF(CONF_VALUE) *dn_sk, *attr_sk = NULL; + STACK_OF(CONF_VALUE) *dn_sk = NULL, *attr_sk = NULL; char *tmp, *dn_sect, *attr_sect; tmp = NCONF_get_string(req_conf, section, PROMPT); @@ -1019,20 +1008,18 @@ static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, char *subj, int multirdn, dn_sect = NCONF_get_string(req_conf, section, DISTINGUISHED_NAME); if (dn_sect == NULL) { - BIO_printf(bio_err, "unable to find '%s' in config\n", - DISTINGUISHED_NAME); - goto err; - } - dn_sk = NCONF_get_section(req_conf, dn_sect); - if (dn_sk == NULL) { - BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect); - goto err; + ERR_clear_error(); + } else { + dn_sk = NCONF_get_section(req_conf, dn_sect); + if (dn_sk == NULL) { + BIO_printf(bio_err, "unable to get '%s' section\n", dn_sect); + goto err; + } } attr_sect = NCONF_get_string(req_conf, section, ATTRIBUTES); if (attr_sect == NULL) { ERR_clear_error(); - attr_sk = NULL; } else { attr_sk = NCONF_get_section(req_conf, attr_sect); if (attr_sk == NULL) { @@ -1583,20 +1570,17 @@ static EVP_PKEY_CTX *set_keygen_ctx(const char *gstr, if (gctx == NULL) { BIO_puts(bio_err, "Error allocating keygen context\n"); - ERR_print_errors(bio_err); return NULL; } if (EVP_PKEY_keygen_init(gctx) <= 0) { BIO_puts(bio_err, "Error initializing keygen context\n"); - ERR_print_errors(bio_err); EVP_PKEY_CTX_free(gctx); return NULL; } if ((*pkey_type == EVP_PKEY_RSA) && (keylen != -1)) { if (EVP_PKEY_CTX_set_rsa_keygen_bits(gctx, keylen) <= 0) { BIO_puts(bio_err, "Error setting RSA keysize\n"); - ERR_print_errors(bio_err); EVP_PKEY_CTX_free(gctx); return NULL; } diff --git a/apps/srp.c b/apps/srp.c index 3d8ce3e7c6..f7edfa9930 100644 --- a/apps/srp.c +++ b/apps/srp.c @@ -338,10 +338,7 @@ int srp_main(int argc, char **argv) if (configfile == NULL) configfile = default_config_file; - if (verbose) - BIO_printf(bio_err, "Using configuration from %s\n", - configfile); - conf = app_load_config(configfile); + conf = app_load_config_verbose(configfile, verbose); if (conf == NULL) goto end; if (configfile != default_config_file && !app_load_modules(conf)) diff --git a/crypto/conf/conf_api.c b/crypto/conf/conf_api.c index d64cc5031a..5133114fc8 100644 --- a/crypto/conf/conf_api.c +++ b/crypto/conf/conf_api.c @@ -27,7 +27,7 @@ CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) return NULL; vv.name = NULL; vv.section = (char *)section; - return lh_CONF_VALUE_retrieve(conf->data, &vv); + return conf->data != NULL ? lh_CONF_VALUE_retrieve(conf->data, &vv) : NULL; } STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, @@ -72,6 +72,8 @@ char *_CONF_get_string(const CONF *conf, const char *section, return NULL; if (conf == NULL) return ossl_safe_getenv(name); + if (conf->data == NULL) + return NULL; if (section != NULL) { vv.name = (char *)name; vv.section = (char *)section; diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c index 3f63a5f88d..a7f5677a26 100644 --- a/crypto/conf/conf_def.c +++ b/crypto/conf/conf_def.c @@ -239,11 +239,12 @@ static int def_load_bio(CONF *conf, BIO *in, long *line) p = &(buff->data[bufnum]); *p = '\0'; read_retry: - BIO_gets(in, p, CONFBUFSIZE - 1); + if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0) + goto err; p[CONFBUFSIZE - 1] = '\0'; ii = i = strlen(p); if (i == 0 && !again) { - /* the currently processed BIO is at EOF */ + /* the currently processed BIO is NULL or at EOF */ BIO *parent; #ifndef OPENSSL_NO_POSIX_IO diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c index cb1bf7cd3c..8de3222c34 100644 --- a/crypto/conf/conf_mod.c +++ b/crypto/conf/conf_mod.c @@ -156,11 +156,6 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, CONF *conf = NULL; int ret = 0, diagnostics = 0; - ERR_set_mark(); - conf = NCONF_new_ex(libctx, NULL); - if (conf == NULL) - goto err; - if (filename == NULL) { file = CONF_get1_default_config_file(); if (file == NULL) @@ -169,6 +164,11 @@ int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, file = (char *)filename; } + ERR_set_mark(); + conf = NCONF_new_ex(libctx, NULL); + if (conf == NULL) + goto err; + if (NCONF_load(conf, file, NULL) <= 0) { if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { @@ -539,7 +539,6 @@ void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) } /* Return default config file name */ - char *CONF_get1_default_config_file(void) { const char *t; diff --git a/doc/man1/openssl.pod b/doc/man1/openssl.pod index abb5d5e3e4..3396f684f9 100644 --- a/doc/man1/openssl.pod +++ b/doc/man1/openssl.pod @@ -83,10 +83,13 @@ Many commands use an external configuration file for some or all of their arguments and have a B<-config> option to specify that file. The default name of the file is F in the default certificate storage area, which can be determined from the L -command. This can be used to load modules. -The environment variable B can be used to specify -a different location of the file. -See L. +command using the B<-d> or B<-a> option. +The environment variable B can be used to specify a different +file location or to disable loading a configuration (using the empty string). + +Among others, the configuration file can be used to load modules +and to specify parameters for generating certificates and random numbers. +See L for details. =head2 Standard Commands diff --git a/doc/man3/CONF_modules_load_file.pod b/doc/man3/CONF_modules_load_file.pod index fff60c192e..59e8f6f34c 100644 --- a/doc/man3/CONF_modules_load_file.pod +++ b/doc/man3/CONF_modules_load_file.pod @@ -2,6 +2,7 @@ =head1 NAME +CONF_get1_default_config_file, CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load - OpenSSL configuration functions @@ -9,6 +10,7 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load #include + char *CONF_get1_default_config_file(void); int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename, const char *appname, unsigned long flags); int CONF_modules_load_file(const char *filename, const char *appname, @@ -18,9 +20,17 @@ CONF_modules_load_file_ex, CONF_modules_load_file, CONF_modules_load =head1 DESCRIPTION +The function CONF_get1_default_config_file() determines the default +configuration file pathname as follows. +If the B environment variable is set its value is returned. +Else the function returns the path obtained using +L with the filename C<"openssl.cnf"> appended. +The caller is responsible for freeing any string returned. + The function CONF_modules_load_file_ex() configures OpenSSL using library context B file B and application name B. -If B is NULL the standard OpenSSL configuration file is used. +If B is NULL the standard OpenSSL configuration file is used +as determined by calling CONF_get1_default_config_file(). If B is NULL the standard OpenSSL application name B is used. The behaviour can be customized using B. Note that, the error suppressing diff --git a/doc/man5/config.pod b/doc/man5/config.pod index 45165f20ec..de4b5aec59 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -502,7 +502,7 @@ F. =item B -The path to the config file. +The path to the config file, or the empty string for none. Ignored in set-user-ID and set-group-ID programs. =item B diff --git a/doc/man7/openssl-env.pod b/doc/man7/openssl-env.pod index 8e131affb7..4702615e8a 100644 --- a/doc/man7/openssl-env.pod +++ b/doc/man7/openssl-env.pod @@ -28,7 +28,7 @@ and by the B script (see L Specifies the path to a configuration file and the directory for included files. -See L and L. +See L. =item B diff --git a/util/missingcrypto.txt b/util/missingcrypto.txt index b547e52858..a4da3bc3fb 100644 --- a/util/missingcrypto.txt +++ b/util/missingcrypto.txt @@ -379,7 +379,6 @@ COMP_zlib(3) CONF_dump_bio(3) CONF_dump_fp(3) CONF_free(3) -CONF_get1_default_config_file(3) CONF_get_number(3) CONF_get_section(3) CONF_get_string(3) diff --git a/util/missingcrypto111.txt b/util/missingcrypto111.txt index 9e945703dc..4be52cf25c 100644 --- a/util/missingcrypto111.txt +++ b/util/missingcrypto111.txt @@ -403,7 +403,6 @@ COMP_zlib(3) CONF_dump_bio(3) CONF_dump_fp(3) CONF_free(3) -CONF_get1_default_config_file(3) CONF_get_number(3) CONF_get_section(3) CONF_get_string(3)