Correct mistake of loading the default openssl.conf by default during autoinit.

This brings in the OPENSSL_INIT_LOAD_CONFIG flag with the same semantics as OpenSSL. As a result, by default the openssl.conf file is not loaded during autoinit, which makes autoinit safe for pledge(stdio). ok jsing@
author: beck <> 2018-03-19 03:35:38 +0000
committer: beck <> 2018-03-19 03:35:38 +0000
commit: 02fd65d9fc788d4e8e18c251840f300031577d70 (patch)
tree: c2587bdba8d5d81576ed1d6536ed36f021b869cf
parent: ed245d2c282aafe5e3349f16ecc45562fa1c61cf (diff)
download: openbsd-02fd65d9fc788d4e8e18c251840f300031577d70.tar.gz
openbsd-02fd65d9fc788d4e8e18c251840f300031577d70.tar.bz2
openbsd-02fd65d9fc788d4e8e18c251840f300031577d70.zip
3 files changed, 37 insertions, 13 deletions
diff --git a/src/lib/libcrypto/conf/conf_sap.c b/src/lib/libcrypto/conf/conf_sap.c
index f1844f69f4..98497025ee 100644
--- a/src/lib/libcrypto/conf/conf_sap.c
+++ b/src/lib/libcrypto/conf/conf_sap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_sap.c,v 1.12 2018/03/17 16:20:01 beck Exp $ */
+/* $OpenBSD: conf_sap.c,v 1.13 2018/03/19 03:35:38 beck Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -108,8 +108,8 @@ OPENSSL_config_internal(void)
        return;
 }
-void
+int
-OPENSSL_config(const char *config_name)
+OpenSSL_config(const char *config_name)
 {
        /* Don't override if NULL */
        /*
@@ -120,11 +120,19 @@ OPENSSL_config(const char *config_name)
        if (config_name != NULL)
                openssl_config_name = config_name;
-        (void) OPENSSL_init_crypto(0, NULL);
+        if (OPENSSL_init_crypto(0, NULL) == 0)
+                return 0;
-        (void) pthread_once(&openssl_configured, OPENSSL_config_internal);
+        if (pthread_once(&openssl_configured, OPENSSL_config_internal) != 0)
+                return 0;
-        return;
+        return 1;
+}
+void
+OPENSSL_config(const char *config_name)
+{
+        (void) OpenSSL_config(config_name);
 }
 static void
@@ -132,8 +140,17 @@ OPENSSL_no_config_internal(void)
 {
 }
+int
+OpenSSL_no_config(void)
+{
+        if (pthread_once(&openssl_configured, OPENSSL_no_config_internal) != 0)
+                return 0;
+        return 1;
+}
 void
 OPENSSL_no_config(void)
 {
-        (void) pthread_once(&openssl_configured, OPENSSL_no_config_internal);
+        (void) OpenSSL_no_config();
 }
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h
index f13ce92584..67e06a1509 100644
--- a/src/lib/libcrypto/crypto.h
+++ b/src/lib/libcrypto/crypto.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: crypto.h,v 1.44 2018/03/18 01:39:26 tb Exp $ */
+/* $OpenBSD: crypto.h,v 1.45 2018/03/19 03:35:38 beck Exp $ */
 /* ====================================================================
 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
 *
@@ -547,6 +547,7 @@ void ERR_load_CRYPTO_strings(void);
 */
 #define OPENSSL_INIT_NO_LOAD_CONFIG             0x00000001L
+#define OPENSSL_INIT_LOAD_CONFIG                0x00000002L
 /* LibreSSL specific */
 #define _OPENSSL_INIT_FLAG_NOOP                 0x80000000L
@@ -555,7 +556,6 @@ void ERR_load_CRYPTO_strings(void);
 * These are provided for compatibiliy, but have no effect
 * on how LibreSSL is initialized.
 */
-#define OPENSSL_INIT_LOAD_CONFIG                _OPENSSL_INIT_FLAG_NOOP
 #define OPENSSL_INIT_NO_LOAD_CRYPTO_STRINGS     _OPENSSL_INIT_FLAG_NOOP
 #define OPENSSL_INIT_LOAD_CRYPTO_STRINGS        _OPENSSL_INIT_FLAG_NOOP
 #define OPENSSL_INIT_ADD_ALL_CIPHERS            _OPENSSL_INIT_FLAG_NOOP
diff --git a/src/lib/libcrypto/crypto_init.c b/src/lib/libcrypto/crypto_init.c
index f3d1a2bce9..ed2b5d4810 100644
--- a/src/lib/libcrypto/crypto_init.c
+++ b/src/lib/libcrypto/crypto_init.c
@@ -25,6 +25,9 @@
 #include <openssl/err.h>
 #include "cryptlib.h"
+int OpenSSL_config(char *);
+int OpenSSL_no_config(char *);
 static pthread_t crypto_init_thread;
 static void
@@ -35,7 +38,6 @@ OPENSSL_init_crypto_internal(void)
        ERR_load_crypto_strings();
        OpenSSL_add_all_ciphers();
        OpenSSL_add_all_digests();
-        OPENSSL_config(NULL);
 }
 int
@@ -46,11 +48,16 @@ OPENSSL_init_crypto(uint64_t opts, const void *settings)
        if (pthread_equal(pthread_self(), crypto_init_thread))
                return 1; /* don't recurse */
-        if (opts & OPENSSL_INIT_NO_LOAD_CONFIG)
-                OPENSSL_no_config();
        if (pthread_once(&once, OPENSSL_init_crypto_internal) != 0)
                return 0;
+        if ((opts & OPENSSL_INIT_NO_LOAD_CONFIG) &&
+            (OpenSSL_no_config(NULL) == 0))
+                return 0;
+        if ((opts & OPENSSL_INIT_LOAD_CONFIG) &&
+            (OpenSSL_config(NULL) == 0))
+                return 0;
        return 1;
 }
author	beck <>	2018-03-19 03:35:38 +0000
committer	beck <>	2018-03-19 03:35:38 +0000
commit	02fd65d9fc788d4e8e18c251840f300031577d70 (patch)
tree	c2587bdba8d5d81576ed1d6536ed36f021b869cf
parent	ed245d2c282aafe5e3349f16ecc45562fa1c61cf (diff)
download	openbsd-02fd65d9fc788d4e8e18c251840f300031577d70.tar.gz openbsd-02fd65d9fc788d4e8e18c251840f300031577d70.tar.bz2 openbsd-02fd65d9fc788d4e8e18c251840f300031577d70.zip