Remove last internal consumer of DSO

It is currently possible to extend libcrypto by having it load a shared object via dlopen() either from a config file on library initialization or when an application calls the relevant API. Recent and not so recent events showed how dangerous an idea dlopen() is. Independently of such concerns, this should not be handled in the characteristically convoluted way of this toolkit. DSO will go away in the upcoming bump. This commit clears the road for a plain cvs rm of the dso code. ok jsing
author: tb <> 2023-07-20 15:05:30 +0000
committer: tb <> 2023-07-20 15:05:30 +0000
commit: 69b88fa820740938ec4b283898dd728fbae64b2d (patch)
tree: 9f0ab2508a6f9edaeca7ccebbec7fe670f25fa99 /src/lib
parent: 2ff796228545d91878cdda87d6e7baee806fb5ba (diff)
download: openbsd-69b88fa820740938ec4b283898dd728fbae64b2d.tar.gz
openbsd-69b88fa820740938ec4b283898dd728fbae64b2d.tar.bz2
openbsd-69b88fa820740938ec4b283898dd728fbae64b2d.zip
1 files changed, 9 insertions, 80 deletions
diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c
index 9f252385e8..aab108a260 100644
--- a/src/lib/libcrypto/conf/conf_mod.c
+++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: conf_mod.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */
+/* $OpenBSD: conf_mod.c,v 1.28 2023/07/20 15:05:30 tb Exp $ */
 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
 * project 2001.
 */
@@ -63,21 +63,11 @@
 #include <openssl/conf.h>
 #include <openssl/crypto.h>
-#include <openssl/dso.h>
 #include <openssl/err.h>
 #include <openssl/x509.h>
-#define DSO_mod_init_name "OPENSSL_init"
+/* This structure contains data about supported modules. */
-#define DSO_mod_finish_name "OPENSSL_finish"
-/* This structure contains a data about supported modules.
- * entries in this table correspond to either dynamic or
- * static modules.
- */
 struct conf_module_st {
-        /* DSO of this module or NULL if static */
-        DSO *dso;
        /* Name of the module */
        char *name;
        /* Init function */
@@ -110,13 +100,11 @@ static void module_free(CONF_MODULE *md);
 static void module_finish(CONF_IMODULE *imod);
 static int module_run(const CONF *cnf, char *name, char *value,
    unsigned long flags);
-static CONF_MODULE *module_add(DSO *dso, const char *name,
+static CONF_MODULE *module_add(const char *name, conf_init_func *ifunc,
-    conf_init_func *ifunc, conf_finish_func *ffunc);
+    conf_finish_func *ffunc);
 static CONF_MODULE *module_find(char *name);
 static int module_init(CONF_MODULE *pmod, char *name, char *value,
    const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
-    unsigned long flags);
 /* Main function: load modules from a CONF structure */
@@ -203,13 +191,7 @@ module_run(const CONF *cnf, char *name, char *value, unsigned long flags)
        CONF_MODULE *md;
        int ret;
-        md = module_find(name);
+        if ((md = module_find(name)) == NULL) {
-        /* Module not found: try to load DSO */
-        if (!md && !(flags & CONF_MFLAGS_NO_DSO))
-                md = module_load_dso(cnf, name, value, flags);
-        if (!md) {
                if (!(flags & CONF_MFLAGS_SILENT)) {
                        CONFerror(CONF_R_UNKNOWN_MODULE_NAME);
                        ERR_asprintf_error_data("module=%s", name);
@@ -231,54 +213,9 @@ module_run(const CONF *cnf, char *name, char *value, unsigned long flags)
        return ret;
 }
-/* Load a module from a DSO */
-static CONF_MODULE *
-module_load_dso(const CONF *cnf, char *name, char *value, unsigned long flags)
-{
-        DSO *dso = NULL;
-        conf_init_func *ifunc;
-        conf_finish_func *ffunc;
-        char *path = NULL;
-        int errcode = 0;
-        CONF_MODULE *md;
-        /* Look for alternative path in module section */
-        path = NCONF_get_string(cnf, value, "path");
-        if (!path) {
-                ERR_clear_error();
-                path = name;
-        }
-        dso = DSO_load(NULL, path, NULL, 0);
-        if (!dso) {
-                errcode = CONF_R_ERROR_LOADING_DSO;
-                goto err;
-        }
-        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
-        if (!ifunc) {
-                errcode = CONF_R_MISSING_INIT_FUNCTION;
-                goto err;
-        }
-        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
-        /* All OK, add module */
-        md = module_add(dso, name, ifunc, ffunc);
-        if (!md)
-                goto err;
-        return md;
-err:
-        if (dso)
-                DSO_free(dso);
-        CONFerror(errcode);
-        ERR_asprintf_error_data("module=%s, path=%s", name, path);
-        return NULL;
-}
 /* add module to list */
 static CONF_MODULE *
-module_add(DSO *dso, const char *name, conf_init_func *ifunc,
+module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc)
-    conf_finish_func *ffunc)
 {
        CONF_MODULE *tmod = NULL;
@@ -292,7 +229,6 @@ module_add(DSO *dso, const char *name, conf_init_func *ifunc,
        if (tmod == NULL)
                return NULL;
-        tmod->dso = dso;
        tmod->name = strdup(name);
        tmod->init = ifunc;
        tmod->finish = ffunc;
@@ -412,8 +348,7 @@ CONF_modules_unload(int all)
        /* unload modules in reverse order */
        for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
                md = sk_CONF_MODULE_value(supported_modules, i);
-                /* If static or in use and 'all' not set ignore it */
+                if (!all)
-                if (((md->links > 0) || !md->dso) && !all)
                        continue;
                /* Since we're working in reverse this is OK */
                (void)sk_CONF_MODULE_delete(supported_modules, i);
@@ -429,8 +364,6 @@ CONF_modules_unload(int all)
 static void
 module_free(CONF_MODULE *md)
 {
-        if (md->dso)
-                DSO_free(md->dso);
        free(md->name);
        free(md);
 }
@@ -466,13 +399,9 @@ module_finish(CONF_IMODULE *imod)
 /* Add a static module to OpenSSL */
 int
-CONF_module_add(const char *name, conf_init_func *ifunc,
+CONF_module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc)
-    conf_finish_func *ffunc)
 {
-        if (module_add(NULL, name, ifunc, ffunc))
+        return module_add(name, ifunc, ffunc) != NULL;
-                return 1;
-        else
-                return 0;
 }
 void
author	tb <>	2023-07-20 15:05:30 +0000
committer	tb <>	2023-07-20 15:05:30 +0000
commit	69b88fa820740938ec4b283898dd728fbae64b2d (patch)
tree	9f0ab2508a6f9edaeca7ccebbec7fe670f25fa99 /src/lib
parent	2ff796228545d91878cdda87d6e7baee806fb5ba (diff)
download	openbsd-69b88fa820740938ec4b283898dd728fbae64b2d.tar.gz openbsd-69b88fa820740938ec4b283898dd728fbae64b2d.tar.bz2 openbsd-69b88fa820740938ec4b283898dd728fbae64b2d.zip

diff --git a/src/lib/libcrypto/conf/conf_mod.c b/src/lib/libcrypto/conf/conf_mod.c index 9f252385e8..aab108a260 100644 --- a/src/lib/libcrypto/conf/conf_mod.c +++ b/src/lib/libcrypto/conf/conf_mod.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: conf_mod.c,v 1.27 2017/01/29 17:49:22 beck Exp $ */	1	/* $OpenBSD: conf_mod.c,v 1.28 2023/07/20 15:05:30 tb Exp $ */
2	/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.	3	* project 2001.
4	*/	4	*/
@@ -63,21 +63,11 @@
63		63
64	#include <openssl/conf.h>	64	#include <openssl/conf.h>
65	#include <openssl/crypto.h>	65	#include <openssl/crypto.h>
66	#include <openssl/dso.h>
67	#include <openssl/err.h>	66	#include <openssl/err.h>
68	#include <openssl/x509.h>	67	#include <openssl/x509.h>
69		68
70	#define DSO_mod_init_name "OPENSSL_init"	69	/* This structure contains data about supported modules. */
71	#define DSO_mod_finish_name "OPENSSL_finish"
72
73	/* This structure contains a data about supported modules.
74	* entries in this table correspond to either dynamic or
75	* static modules.
76	*/
77
78	struct conf_module_st {	70	struct conf_module_st {
79	/* DSO of this module or NULL if static */
80	DSO *dso;
81	/* Name of the module */	71	/* Name of the module */
82	char *name;	72	char *name;
83	/* Init function */	73	/* Init function */
@@ -110,13 +100,11 @@ static void module_free(CONF_MODULE *md);
110	static void module_finish(CONF_IMODULE *imod);	100	static void module_finish(CONF_IMODULE *imod);
111	static int module_run(const CONF cnf, char name, char *value,	101	static int module_run(const CONF cnf, char name, char *value,
112	unsigned long flags);	102	unsigned long flags);
113	static CONF_MODULE module_add(DSO dso, const char *name,	103	static CONF_MODULE module_add(const char name, conf_init_func *ifunc,
114	conf_init_func ifunc, conf_finish_func ffunc);	104	conf_finish_func *ffunc);
115	static CONF_MODULE module_find(char name);	105	static CONF_MODULE module_find(char name);
116	static int module_init(CONF_MODULE pmod, char name, char *value,	106	static int module_init(CONF_MODULE pmod, char name, char *value,
117	const CONF *cnf);	107	const CONF *cnf);
118	static CONF_MODULE module_load_dso(const CONF cnf, char name, char value,
119	unsigned long flags);
120		108
121	/* Main function: load modules from a CONF structure */	109	/* Main function: load modules from a CONF structure */
122		110
@@ -203,13 +191,7 @@ module_run(const CONF cnf, char name, char *value, unsigned long flags)
203	CONF_MODULE *md;	191	CONF_MODULE *md;
204	int ret;	192	int ret;
205		193
206	md = module_find(name);	194	if ((md = module_find(name)) == NULL) {
207
208	/* Module not found: try to load DSO */
209	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
210	md = module_load_dso(cnf, name, value, flags);
211
212	if (!md) {
213	if (!(flags & CONF_MFLAGS_SILENT)) {	195	if (!(flags & CONF_MFLAGS_SILENT)) {
214	CONFerror(CONF_R_UNKNOWN_MODULE_NAME);	196	CONFerror(CONF_R_UNKNOWN_MODULE_NAME);
215	ERR_asprintf_error_data("module=%s", name);	197	ERR_asprintf_error_data("module=%s", name);
@@ -231,54 +213,9 @@ module_run(const CONF cnf, char name, char *value, unsigned long flags)
231	return ret;	213	return ret;
232	}	214	}
233		215
234	/* Load a module from a DSO */
235	static CONF_MODULE *
236	module_load_dso(const CONF cnf, char name, char *value, unsigned long flags)
237	{
238	DSO *dso = NULL;
239	conf_init_func *ifunc;
240	conf_finish_func *ffunc;
241	char *path = NULL;
242	int errcode = 0;
243	CONF_MODULE *md;
244
245	/* Look for alternative path in module section */
246	path = NCONF_get_string(cnf, value, "path");
247	if (!path) {
248	ERR_clear_error();
249	path = name;
250	}
251	dso = DSO_load(NULL, path, NULL, 0);
252	if (!dso) {
253	errcode = CONF_R_ERROR_LOADING_DSO;
254	goto err;
255	}
256	ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
257	if (!ifunc) {
258	errcode = CONF_R_MISSING_INIT_FUNCTION;
259	goto err;
260	}
261	ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
262	/* All OK, add module */
263	md = module_add(dso, name, ifunc, ffunc);
264
265	if (!md)
266	goto err;
267
268	return md;
269
270	err:
271	if (dso)
272	DSO_free(dso);
273	CONFerror(errcode);
274	ERR_asprintf_error_data("module=%s, path=%s", name, path);
275	return NULL;
276	}
277
278	/* add module to list */	216	/* add module to list */
279	static CONF_MODULE *	217	static CONF_MODULE *
280	module_add(DSO dso, const char name, conf_init_func *ifunc,	218	module_add(const char name, conf_init_func ifunc, conf_finish_func *ffunc)
281	conf_finish_func *ffunc)
282	{	219	{
283	CONF_MODULE *tmod = NULL;	220	CONF_MODULE *tmod = NULL;
284		221
@@ -292,7 +229,6 @@ module_add(DSO dso, const char name, conf_init_func *ifunc,
292	if (tmod == NULL)	229	if (tmod == NULL)
293	return NULL;	230	return NULL;
294		231
295	tmod->dso = dso;
296	tmod->name = strdup(name);	232	tmod->name = strdup(name);
297	tmod->init = ifunc;	233	tmod->init = ifunc;
298	tmod->finish = ffunc;	234	tmod->finish = ffunc;
@@ -412,8 +348,7 @@ CONF_modules_unload(int all)
412	/* unload modules in reverse order */	348	/* unload modules in reverse order */
413	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {	349	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
414	md = sk_CONF_MODULE_value(supported_modules, i);	350	md = sk_CONF_MODULE_value(supported_modules, i);
415	/* If static or in use and 'all' not set ignore it */	351	if (!all)
416	if (((md->links > 0) \|\| !md->dso) && !all)
417	continue;	352	continue;
418	/* Since we're working in reverse this is OK */	353	/* Since we're working in reverse this is OK */
419	(void)sk_CONF_MODULE_delete(supported_modules, i);	354	(void)sk_CONF_MODULE_delete(supported_modules, i);
@@ -429,8 +364,6 @@ CONF_modules_unload(int all)
429	static void	364	static void
430	module_free(CONF_MODULE *md)	365	module_free(CONF_MODULE *md)
431	{	366	{
432	if (md->dso)
433	DSO_free(md->dso);
434	free(md->name);	367	free(md->name);
435	free(md);	368	free(md);
436	}	369	}
@@ -466,13 +399,9 @@ module_finish(CONF_IMODULE *imod)
466	/* Add a static module to OpenSSL */	399	/* Add a static module to OpenSSL */
467		400
468	int	401	int
469	CONF_module_add(const char name, conf_init_func ifunc,	402	CONF_module_add(const char name, conf_init_func ifunc, conf_finish_func *ffunc)
470	conf_finish_func *ffunc)
471	{	403	{
472	if (module_add(NULL, name, ifunc, ffunc))	404	return module_add(name, ifunc, ffunc) != NULL;
473	return 1;
474	else
475	return 0;
476	}	405	}
477		406
478	void	407	void