From 35d8fa563c9abc80c6e8d87396ab48dbd1a4c78d Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Tue, 9 Feb 2016 13:12:34 +0000 Subject: [PATCH] Updates for auto init/deinit review comments Fixes for the auto-init/deinit code based on review comments Reviewed-by: Richard Levitte --- INSTALL | 2 +- INSTALL.WIN | 16 ---------------- apps/openssl.c | 2 +- crypto/conf/conf_sap.c | 3 +-- crypto/init.c | 11 ----------- .../OPENSSL_INIT_crypto_library_start.pod | 17 +++++++++-------- doc/ssl/OPENSSL_INIT_ssl_library_start.pod | 12 +++++++----- include/openssl/evp.h | 2 +- ssl/ssl_init.c | 11 +---------- util/libeay.num | 1 + 10 files changed, 22 insertions(+), 55 deletions(-) diff --git a/INSTALL b/INSTALL index 5bb720995f..520de7bf67 100644 --- a/INSTALL +++ b/INSTALL @@ -340,7 +340,7 @@ you can still use "no-threads" to suppress an annoying warning message from the Configure script.) - OpenSSL provides in built support for two threading models: pthreads (found on + OpenSSL provides built-in support for two threading models: pthreads (found on most UNIX/Linux systems), and Windows threads. No other threading models are supported. If your platform does not provide pthreads or Windows threads then you should Configure with the "no-threads" option. diff --git a/INSTALL.WIN b/INSTALL.WIN index ceb8d1ee39..d57923886c 100644 --- a/INSTALL.WIN +++ b/INSTALL.WIN @@ -190,19 +190,3 @@ your application code small "shim" snippet, which provides glue between OpenSSL BIO layer and your compiler run-time. See the OPENSSL_Applink manual page for further details. - - Support for older Windows platforms - ----------------------------------- - - By default OpenSSL will use functions and capabilities of the Windows platform - only available in Windows Vista, Windows Server 2008 or later. It is possible - to enable support for older platforms by defining _WIN32_WINNT at Configure - time. - - > perl Configure VC-WIN32 --prefix=c:\some\openssl\dir -D_WIN32_WINNT=0x0501 - - The value 0x0501 above corresponds to Windows XP which is the oldest supported - platform. The value 0x0600 corresponds to Windows Vista and Windows Server - 2008. Refer to the Windows documentation for other possible values. Note that - by forcing support for an older OpenSSL version this may mean less optimal - approaches are used instead. diff --git a/apps/openssl.c b/apps/openssl.c index febfc598e8..e558b71d22 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -173,7 +173,7 @@ static int apps_startup() /* Set non-default library initialisation settings */ OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ENGINE_ALL_BUILTIN - | OPENSSL_INIT_LOAD_CONFIG, NULL); + | OPENSSL_INIT_LOAD_CONFIG, NULL); setup_ui_method(); diff --git a/crypto/conf/conf_sap.c b/crypto/conf/conf_sap.c index bb1dcc502f..ff19167e24 100644 --- a/crypto/conf/conf_sap.c +++ b/crypto/conf/conf_sap.c @@ -81,8 +81,7 @@ void OPENSSL_config(const char *config_name) { OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = config_name }, { OPENSSL_INIT_SET_END, .value.type_int = 0 } }; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CONFIG, - (const OPENSSL_INIT_SETTINGS *)&settings); + OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CONFIG, settings); } void openssl_config_internal(const char *config_name) diff --git a/crypto/init.c b/crypto/init.c index 1bfde6973c..b9cc6a1f76 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -55,17 +55,6 @@ * */ -#include - -#if defined(OPENSSL_SYS_WINDOWS) && !defined(_WIN32_WINNT) -/* - * We default to requiring Windows Vista, Windows Server 2008 or later. We can - * support lower versions if _WIN32_WINNT is explicity defined to something - * less - */ -# define _WIN32_WINNT 0x0600 -#endif - #include #include #include diff --git a/doc/crypto/OPENSSL_INIT_crypto_library_start.pod b/doc/crypto/OPENSSL_INIT_crypto_library_start.pod index bea0e62f93..16f95fe604 100644 --- a/doc/crypto/OPENSSL_INIT_crypto_library_start.pod +++ b/doc/crypto/OPENSSL_INIT_crypto_library_start.pod @@ -2,7 +2,7 @@ =head1 NAME -OPENSSL_INIT_library_stop, OPENSSL_INIT_crypto_library_start, +OPENSSL_INIT_crypto_library_start, OPENSSL_INIT_library_stop, OPENSSL_INIT_register_stop_handler, OPENSSL_INIT_thread_stop - OpenSSL initialisation and deinitialisation functions @@ -32,10 +32,12 @@ However, there way be situations when explicit initialisation is desirable or needed, for example when some non-default initialisation is required. The function OPENSSL_INIT_crypto_library_start() can be used for this purpose for libcrypto (see also L for the libssl -equivalent). In order to perform non-default initialisation it MUST be called -prior to any other calls of this function. As numerous internal OpenSSL -functions also call this, this usually means you should call it prior to ANY -other OpenSSL function calls. +equivalent). + +Numerous internal OpenSSL functions call OPENSSL_INIT_crypto_library_start(). +Therefore, in order to perform non-default initialisation, +OPENSSL_INIT_crypto_library_start() MUST be called by application code prior to +any other OpenSSL function calls. The B parameter specifies which aspects of libcrypto should be initialised. Valid options are: @@ -166,8 +168,7 @@ configuration file is assumed. For example { OPENSSL_INIT_SET_CONF_FILENAME, .value.type_string = "myconf.cnf" }, { OPENSSL_INIT_SET_END, .value.type_int = 0 } }; - OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CONFIG, - (const OPENSSL_INIT_SETTINGS *)&settings); + OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_LOAD_CONFIG, settings); The B parameter must be an array of OPENSSL_INIT_SETTINGS values terminated with an OPENSSL_INIT_SET_END entry. @@ -221,6 +222,6 @@ L The OPENSSL_INIT_library_stop, OPENSSL_INIT_crypto_library_start, OPENSSL_INIT_register_stop_handler and OPENSSL_INIT_thread_stop functions were -first added in OpenSSL 1.1.0. +added in OpenSSL 1.1.0. =cut diff --git a/doc/ssl/OPENSSL_INIT_ssl_library_start.pod b/doc/ssl/OPENSSL_INIT_ssl_library_start.pod index bcd39127f7..c0f598df30 100644 --- a/doc/ssl/OPENSSL_INIT_ssl_library_start.pod +++ b/doc/ssl/OPENSSL_INIT_ssl_library_start.pod @@ -28,10 +28,12 @@ needed, for example when some non-default initialisation is required. The function OPENSSL_INIT_ssl_library_start() can be used for this purpose. Calling this function will explicitly initialise BOTH libcrypto and libssl. To explicitly initialise ONLY libcrypto see the -L function. In order to perform -non-default initialisation it MUST be called prior to any other calls of this -function. As numerous internal OpenSSL functions also call this, this usually -means you should call it prior to ANY other OpenSSL function calls. +L function. + +Numerous internal OpenSSL functions call OPENSSL_INIT_ssl_library_start(). +Therefore, in order to perform non-default initialisation, +OPENSSL_INIT_ssl_library_start() MUST be called by application code prior to +any other OpenSSL function calls. The B parameter specifies which aspects of libssl and libcrypto should be initialised. Valid options for libcrypto are described on the @@ -73,6 +75,6 @@ L =head1 HISTORY -The OPENSSL_INIT_ssl_library_start function was first added in OpenSSL 1.1.0. +The OPENSSL_INIT_ssl_library_start function was added in OpenSSL 1.1.0. =cut diff --git a/include/openssl/evp.h b/include/openssl/evp.h index 91305b87b9..e3c75e9d30 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -876,7 +876,7 @@ const EVP_CIPHER *EVP_seed_ofb(void); | OPENSSL_INIT_LOAD_CONFIG, NULL) # define OPENSSL_add_all_algorithms_noconf() \ OPENSSL_INIT_crypto_library_start(OPENSSL_INIT_ADD_ALL_CIPHERS \ - OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) + | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL) # ifdef OPENSSL_LOAD_CONF # define OpenSSL_add_all_algorithms() \ diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index 1bccba1cd8..f1aa2c401a 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -55,16 +55,7 @@ * */ -#include - -#if defined(OPENSSL_SYS_WINDOWS) && !defined(_WIN32_WINNT) -/* - * We default to requiring Windows Vista, Windows Server 2008 or later. We can - * support lower versions if _WIN32_WINNT is explicity defined to something - * less - */ -# define _WIN32_WINNT 0x0600 -#endif +#include "e_os.h" #include #include diff --git a/util/libeay.num b/util/libeay.num index fdb48fb81f..48b235bf71 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -4815,3 +4815,4 @@ PKCS12_SAFEBAG_get0_pkcs8 5209 1_1_0 EXIST::FUNCTION: OPENSSL_INIT_library_stop 5210 1_1_0 EXIST::FUNCTION: OPENSSL_INIT_register_stop_handler 5211 1_1_0 EXIST::FUNCTION: OPENSSL_INIT_crypto_library_start 5212 1_1_0 EXIST::FUNCTION: +OPENSSL_INIT_thread_stop 5213 1_1_0 EXIST::FUNCTION: -- 2.40.0