Config code updates.

CONF_modules_unload() now calls CONF_modules_finish()
automatically.

Default use of section openssl_conf moved to
CONF_modules_load()

Load config file in several openssl utilities.

Most utilities now load modules from the config file,
though in a few (such as version) this isn't done
because it couldn't be used for anything.

In the case of ca and req the config file used is
the same as the utility itself: that is the -config
command line option can be used to specify an
alternative file.

35 files changed, 131 insertions, 5 deletions

diff --git a/CHANGES b/CHANGES
index c7997c122d..91b01bc919 100644
--- a/CHANGES
+++ b/CHANGES
@@ -43,7 +43,19 @@
          *) applies to 0.9.6a ... 0.9.6d and 0.9.7
          +) applies to 0.9.7 only
 
-  +) Move default behaviour to CONF_modules_load_file(). Is appname is NULL
+  +) Config modules support in openssl utility.
+
+     Most commands now load modules from the config file,
+     though in a few (such as version) this isn't done 
+     because it couldn't be used for anything.
+
+     In the case of ca and req the config file used is
+     the same as the utility itself: that is the -config
+     command line option can be used to specify an
+     alternative file.
+     [Steve Henson]
+
+  +) Move default behaviour from OPENSSL_config(). If appname is NULL
      use "openssl_conf" if filename is NULL use default openssl config file.
      [Steve Henson]
 
diff --git a/apps/apps.c b/apps/apps.c
index 7864e792e3..8c9726ebd7 100644
--- a/apps/apps.c
+++ b/apps/apps.c
@@ -1314,3 +1314,21 @@ ENGINE *setup_engine(BIO *err, const char *engine, int debug)
 		}
         return e;
         }
+
+int load_config(BIO *err, CONF *cnf)
+	{
+	if (!cnf)
+		cnf = config;
+	if (!cnf)
+		return 1;
+
+	OPENSSL_load_builtin_modules();
+
+	if (CONF_modules_load(cnf, NULL, 0) <= 0)
+		{
+		BIO_printf(err, "Error configuring OpenSSL\n");
+		ERR_print_errors(err);
+		return 0;
+		}
+	return 1;
+	}
diff --git a/apps/apps.h b/apps/apps.h
index db75538a03..aad2862123 100644
--- a/apps/apps.h
+++ b/apps/apps.h
@@ -196,7 +196,8 @@ extern BIO *bio_err;
 #  define apps_shutdown() \
 		do { destroy_ui_method(); EVP_cleanup(); \
 		ENGINE_cleanup(); CRYPTO_cleanup_all_ex_data(); \
-		ERR_remove_state(0); ERR_free_strings(); } while(0)
+		ERR_remove_state(0); ERR_free_strings(); \
+		CONF_modules_unload(1); } while(0)
 #endif
 
 typedef struct args_st
@@ -244,6 +245,8 @@ STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
 X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
 ENGINE *setup_engine(BIO *err, const char *engine, int debug);
 
+int load_config(BIO *err, CONF *cnf);
+
 /* Functions defined in ca.c and also used in ocsp.c */
 int unpack_revinfo(ASN1_TIME **prevtm, int *preason, ASN1_OBJECT **phold,
 			ASN1_GENERALIZEDTIME **pinvtm, char *str);
diff --git a/apps/asn1pars.c b/apps/asn1pars.c
index 4918bcb1c0..0e6167d2d4 100644
--- a/apps/asn1pars.c
+++ b/apps/asn1pars.c
@@ -103,6 +103,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
diff --git a/apps/ca.c b/apps/ca.c
index 3417e328d2..182c29e8c6 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -590,6 +590,9 @@ bad:
 		goto err;
 		}
 
+	if (!load_config(bio_err, conf))
+		goto err;
+
 	/* Lets get the config section we are using */
 	if (section == NULL)
 		{
diff --git a/apps/crl.c b/apps/crl.c
index 5ea59d0169..f25b1877b5 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -120,6 +120,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (bio_out == NULL)
 		if ((bio_out=BIO_new(BIO_s_file())) != NULL)
 			{
diff --git a/apps/dgst.c b/apps/dgst.c
index 7989a1dcd3..c3e37be41f 100644
--- a/apps/dgst.c
+++ b/apps/dgst.c
@@ -112,6 +112,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
 	program_name(argv[0],pname,PROG_NAME_SIZE);
 
diff --git a/apps/dh.c b/apps/dh.c
index dc854264f0..27c3dc8df2 100644
--- a/apps/dh.c
+++ b/apps/dh.c
@@ -100,6 +100,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dhparam.c b/apps/dhparam.c
index e55d0ce0cb..f1664a59b7 100644
--- a/apps/dhparam.c
+++ b/apps/dhparam.c
@@ -166,6 +166,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/dsa.c b/apps/dsa.c
index 9d10a7c860..9da1a41645 100644
--- a/apps/dsa.c
+++ b/apps/dsa.c
@@ -109,6 +109,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine=NULL;
 	infile=NULL;
 	outfile=NULL;
diff --git a/apps/dsaparam.c b/apps/dsaparam.c
index 84a5ac6286..d54c77d93e 100644
--- a/apps/dsaparam.c
+++ b/apps/dsaparam.c
@@ -106,6 +106,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/ecdsa.c b/apps/ecdsa.c
index 80cbdb2e4a..8f15ee2f12 100644
--- a/apps/ecdsa.c
+++ b/apps/ecdsa.c
@@ -177,6 +177,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	engine = NULL;
 	infile = NULL;
 	outfile = NULL;
diff --git a/apps/ecdsaparam.c b/apps/ecdsaparam.c
index 9e9c1cb7cb..8594d8f8e7 100644
--- a/apps/ecdsaparam.c
+++ b/apps/ecdsaparam.c
@@ -178,6 +178,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/enc.c b/apps/enc.c
index a8b33874b0..d01060f226 100644
--- a/apps/enc.c
+++ b/apps/enc.c
@@ -127,6 +127,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	/* first check the program name */
 	program_name(argv[0],pname,PROG_NAME_SIZE);
 	if (strcmp(pname,"base64") == 0)
diff --git a/apps/engine.c b/apps/engine.c
index f71076b13b..734ecb3e5d 100644
--- a/apps/engine.c
+++ b/apps/engine.c
@@ -356,6 +356,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	bio_out=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	{
diff --git a/apps/gendh.c b/apps/gendh.c
index 83cbff9120..f2542960bf 100644
--- a/apps/gendh.c
+++ b/apps/gendh.c
@@ -96,6 +96,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
diff --git a/apps/gendsa.c b/apps/gendsa.c
index ebee7f0269..1e1e9f3e4c 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -93,6 +93,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argv++;
 	argc--;
 	for (;;)
diff --git a/apps/genrsa.c b/apps/genrsa.c
index 5a58235e0c..515bd7c901 100644
--- a/apps/genrsa.c
+++ b/apps/genrsa.c
@@ -99,6 +99,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	if ((out=BIO_new(BIO_s_file())) == NULL)
 		{
 		BIO_printf(bio_err,"unable to create BIO for output\n");
diff --git a/apps/ocsp.c b/apps/ocsp.c
index 66460391fb..c87edbc44b 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -145,6 +145,9 @@ int MAIN(int argc, char **argv)
 	int nmin = 0, ndays = -1;
 
 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	SSL_load_error_strings();
 	args = argv + 1;
 	reqnames = sk_new_null();
diff --git a/apps/passwd.c b/apps/passwd.c
index d3fa228bdb..2023b76f5b 100644
--- a/apps/passwd.c
+++ b/apps/passwd.c
@@ -79,6 +79,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+
+	if (!load_config(bio_err, NULL))
+		goto err;
 	out = BIO_new(BIO_s_file());
 	if (out == NULL)
 		goto err;
diff --git a/apps/pkcs12.c b/apps/pkcs12.c
index a424218034..6a23b64f5e 100644
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@@ -127,6 +127,9 @@ int MAIN(int argc, char **argv)
     enc = EVP_des_ede3_cbc();
     if (bio_err == NULL ) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
     args = argv + 1;
 
 
diff --git a/apps/pkcs8.c b/apps/pkcs8.c
index c0becce903..ea8c04dffa 100644
--- a/apps/pkcs8.c
+++ b/apps/pkcs8.c
@@ -90,6 +90,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	informat=FORMAT_PEM;
 	outformat=FORMAT_PEM;
 
@@ -347,6 +350,7 @@ int MAIN(int argc, char **argv)
 			return (1);
 	}
 
+	end:
 	EVP_PKEY_free(pkey);
 	BIO_free_all(out);
 	BIO_free(in);
diff --git a/apps/rand.c b/apps/rand.c
index 68622165eb..f51f5bec35 100644
--- a/apps/rand.c
+++ b/apps/rand.c
@@ -92,6 +92,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err = BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err, stderr, BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto err;
+
 	badopt = 0;
 	i = 0;
 	while (!badopt && argv[++i] != NULL)
diff --git a/apps/req.c b/apps/req.c
index 27a7bba106..a6daf6287e 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -560,6 +560,8 @@ bad:
 
 	if (req_conf != NULL)
 		{
+		if (!load_config(bio_err, req_conf))
+			goto end;
 		p=NCONF_get_string(req_conf,NULL,"oid_file");
 		if (p == NULL)
 			ERR_clear_error();
diff --git a/apps/rsa.c b/apps/rsa.c
index 6cadcb2174..60a3381527 100644
--- a/apps/rsa.c
+++ b/apps/rsa.c
@@ -113,6 +113,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	infile=NULL;
 	outfile=NULL;
 	informat=FORMAT_PEM;
diff --git a/apps/rsautl.c b/apps/rsautl.c
index e079dc87f8..9b02e6782e 100644
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -104,6 +104,9 @@ int MAIN(int argc, char **argv)
 	argv++;
 
 	if(!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_algorithms();
 	pad = RSA_PKCS1_PADDING;
diff --git a/apps/s_client.c b/apps/s_client.c
index 15a63cc9e6..9c0dbc2bf6 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -271,6 +271,9 @@ int MAIN(int argc, char **argv)
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	if (	((cbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
 		((sbuf=OPENSSL_malloc(BUFSIZZ)) == NULL) ||
 		((mbuf=OPENSSL_malloc(BUFSIZZ)) == NULL))
diff --git a/apps/s_server.c b/apps/s_server.c
index 078e220c03..65525572e2 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -504,6 +504,9 @@ int MAIN(int argc, char *argv[])
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	verify_depth=0;
 #ifdef FIONBIO
 	s_nbio=0;
diff --git a/apps/smime.c b/apps/smime.c
index 731f9dd5d0..cd750e32b7 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -109,6 +109,9 @@ int MAIN(int argc, char **argv)
 	args = argv + 1;
 	ret = 1;
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	while (!badarg && *args && *args[0] == '-') {
 		if (!strcmp (*args, "-encrypt")) operation = SMIME_ENCRYPT;
 		else if (!strcmp (*args, "-decrypt")) operation = SMIME_DECRYPT;
diff --git a/apps/speed.c b/apps/speed.c
index 5e53668025..1c2b4eeda2 100644
--- a/apps/speed.c
+++ b/apps/speed.c
@@ -515,6 +515,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 #ifndef OPENSSL_NO_RSA
 	memset(rsa_key,0,sizeof(rsa_key));
 	for (i=0; i<RSA_NUM; i++)
diff --git a/apps/spkac.c b/apps/spkac.c
index fa5dc248c8..049a37963c 100644
--- a/apps/spkac.c
+++ b/apps/spkac.c
@@ -98,6 +98,9 @@ int MAIN(int argc, char **argv)
 
 	if (!bio_err) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	prog=argv[0];
 	argc--;
 	argv++;
diff --git a/apps/verify.c b/apps/verify.c
index 255bf5ad28..215ef84fc7 100644
--- a/apps/verify.c
+++ b/apps/verify.c
@@ -100,6 +100,9 @@ int MAIN(int argc, char **argv)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
 
+	if (!load_config(bio_err, NULL))
+		goto end;
+
 	argc--;
 	argv++;
 	for (;;)
diff --git a/apps/x509.c b/apps/x509.c
index a56f037b89..12888c0486 100644
--- a/apps/x509.c
+++ b/apps/x509.c
@@ -191,6 +191,9 @@ int MAIN(int argc, char **argv)
 
 	if (bio_err == NULL)
 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+
+	if (!load_config(bio_err, NULL))
+		goto end;
 	STDout=BIO_new_fp(stdout,BIO_NOCLOSE);
 #ifdef OPENSSL_SYS_VMS
 	{
diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h
index 4e14cd000f..3c03fb19c0 100644
--- a/crypto/conf/conf.h
+++ b/crypto/conf/conf.h
@@ -194,6 +194,8 @@ char *CONF_get1_default_config_file(void);
 int CONF_parse_list(const char *list, int sep, int nospc,
 	int (*list_cb)(const char *elem, int len, void *usr), void *arg);
 
+void OPENSSL_load_builtin_modules(void);
+
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 7e88cfb625..459a2d7df1 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -130,9 +130,11 @@ int CONF_modules_load(const CONF *cnf, const char *appname,
 
 	int ret, i;
 
-	if (!cnf || !appname)
+	if (!cnf)
 		return 1;
 
+	if (appname == NULL)
+		appname = "openssl_conf";
 
 	vsection = NCONF_get_string(cnf, NULL, appname); 
 
@@ -178,8 +180,6 @@ int CONF_modules_load_file(const char *filename, const char *appname,
 		}
 	else
 		file = (char *)filename;
-	if (appname == NULL)
-		appname = "openssl_conf";
 
 	if (NCONF_load(conf, file, NULL) <= 0)
 		{
@@ -422,6 +422,7 @@ void CONF_modules_unload(int all)
 	{
 	int i;
 	CONF_MODULE *md;
+	CONF_modules_finish();
 	/* unload modules in reverse order */
 	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
 		{