1 /* conf_mod.c */
2 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5 /* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60 #include <ctype.h>
61 #include <openssl/crypto.h>
62 #include "cryptlib.h"
63 #include <openssl/conf.h>
64 #include <openssl/dso.h>
65 #include <openssl/x509.h>
66
67
68 #define DSO_mod_init_name "OPENSSL_init"
69 #define DSO_mod_finish_name "OPENSSL_finish"
70
71
72 /* This structure contains a data about supported modules.
73 * entries in this table correspond to either dynamic or
74 * static modules.
75 */
76
77 struct conf_module_st
78 {
79 /* DSO of this module or NULL if static */
80 DSO *dso;
81 /* Name of the module */
82 char *name;
83 /* Init function */
84 conf_init_func *init;
85 /* Finish function */
86 conf_finish_func *finish;
87 /* Number of successfully initialized modules */
88 int links;
89 void *usr_data;
90 };
91
92
93 /* This structure contains information about modules that have been
94 * successfully initialized. There may be more than one entry for a
95 * given module.
96 */
97
98 struct conf_imodule_st
99 {
100 CONF_MODULE *pmod;
101 char *name;
102 char *value;
103 unsigned long flags;
104 void *usr_data;
105 };
106
107 static STACK_OF(CONF_MODULE) *supported_modules = NULL;
108 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
109
110 static void module_free(CONF_MODULE *md);
111 static void module_finish(CONF_IMODULE *imod);
112 static int module_run(const CONF *cnf, char *name, char *value,
113 unsigned long flags);
114 static CONF_MODULE *module_add(DSO *dso, const char *name,
115 conf_init_func *ifunc, conf_finish_func *ffunc);
116 static CONF_MODULE *module_find(char *name);
117 static int module_init(CONF_MODULE *pmod, char *name, char *value,
118 const CONF *cnf);
119 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
120 unsigned long flags);
121
122 /* Main function: load modules from a CONF structure */
123
124 int CONF_modules_load(const CONF *cnf, const char *appname,
125 unsigned long flags)
126 {
127 STACK_OF(CONF_VALUE) *values;
128 CONF_VALUE *vl;
129 char *vsection = NULL;
130
131 int ret, i;
132
133 if (!cnf)
134 return 1;
135
136 if (appname)
137 vsection = NCONF_get_string(cnf, NULL, appname);
138
139 if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
140 vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
141
142 if (!vsection)
143 {
144 ERR_clear_error();
145 return 1;
146 }
147
148 values = NCONF_get_section(cnf, vsection);
149
150 if (!values)
151 return 0;
152
153 for (i = 0; i < sk_CONF_VALUE_num(values); i++)
154 {
155 vl = sk_CONF_VALUE_value(values, i);
156 ret = module_run(cnf, vl->name, vl->value, flags);
157 if (ret <= 0)
158 if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
159 return ret;
160 }
161
162 return 1;
163
164 }
165
166 int CONF_modules_load_file(const char *filename, const char *appname,
167 unsigned long flags)
168 {
169 char *file = NULL;
170 CONF *conf = NULL;
171 int ret = 0;
172 conf = NCONF_new(NULL);
173 if (!conf)
174 goto err;
175
176 if (filename == NULL)
177 {
178 file = CONF_get1_default_config_file();
179 if (!file)
180 goto err;
181 }
182 else
183 file = (char *)filename;
184
185 if (NCONF_load(conf, file, NULL) <= 0)
186 {
187 if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
188 (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
189 {
190 ERR_clear_error();
191 ret = 1;
192 }
193 goto err;
194 }
195
196 ret = CONF_modules_load(conf, appname, flags);
197
198 err:
199 if (filename == NULL)
200 OPENSSL_free(file);
201 NCONF_free(conf);
202
203 return ret;
204 }
205
206 static int module_run(const CONF *cnf, char *name, char *value,
207 unsigned long flags)
208 {
209 CONF_MODULE *md;
210 int ret;
211
212 md = module_find(name);
213
214 /* Module not found: try to load DSO */
215 if (!md && !(flags & CONF_MFLAGS_NO_DSO))
216 md = module_load_dso(cnf, name, value, flags);
217
218 if (!md)
219 {
220 if (!(flags & CONF_MFLAGS_SILENT))
221 {
222 CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
223 ERR_add_error_data(2, "module=", name);
224 }
225 return -1;
226 }
227
228 ret = module_init(md, name, value, cnf);
229
230 if (ret <= 0)
231 {
232 if (!(flags & CONF_MFLAGS_SILENT))
233 {
234 char rcode[DECIMAL_SIZE(ret)+1];
235 CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
236 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
237 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
238 }
239 }
240
241 return ret;
242 }
243
244 /* Load a module from a DSO */
245 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
246 unsigned long flags)
247 {
248 DSO *dso = NULL;
249 conf_init_func *ifunc;
250 conf_finish_func *ffunc;
251 char *path = NULL;
252 int errcode = 0;
253 CONF_MODULE *md;
254 /* Look for alternative path in module section */
255 path = NCONF_get_string(cnf, value, "path");
256 if (!path)
257 {
258 ERR_clear_error();
259 path = name;
260 }
261 dso = DSO_load(NULL, path, NULL, 0);
262 if (!dso)
263 {
264 errcode = CONF_R_ERROR_LOADING_DSO;
265 goto err;
266 }
267 ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
268 if (!ifunc)
269 {
270 errcode = CONF_R_MISSING_INIT_FUNCTION;
271 goto err;
272 }
273 ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
274 /* All OK, add module */
275 md = module_add(dso, name, ifunc, ffunc);
276
277 if (!md)
278 goto err;
279
280 return md;
281
282 err:
283 if (dso)
284 DSO_free(dso);
285 CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
286 ERR_add_error_data(4, "module=", name, ", path=", path);
287 return NULL;
288 }
289
290 /* add module to list */
291 static CONF_MODULE *module_add(DSO *dso, const char *name,
292 conf_init_func *ifunc, conf_finish_func *ffunc)
293 {
294 CONF_MODULE *tmod = NULL;
295 if (supported_modules == NULL)
296 supported_modules = sk_CONF_MODULE_new_null();
297 if (supported_modules == NULL)
298 return NULL;
299 tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
300 if (tmod == NULL)
301 return NULL;
302
303 tmod->dso = dso;
304 tmod->name = BUF_strdup(name);
305 tmod->init = ifunc;
306 tmod->finish = ffunc;
307 tmod->links = 0;
308
309 if (!sk_CONF_MODULE_push(supported_modules, tmod))
310 {
311 OPENSSL_free(tmod);
312 return NULL;
313 }
314
315 return tmod;
316 }
317
318 /* Find a module from the list. We allow module names of the
319 * form modname.XXXX to just search for modname to allow the
320 * same module to be initialized more than once.
321 */
322
323 static CONF_MODULE *module_find(char *name)
324 {
325 CONF_MODULE *tmod;
326 int i, nchar;
327 char *p;
328 p = strrchr(name, '.');
329
330 if (p)
331 nchar = p - name;
332 else
333 nchar = strlen(name);
334
335 for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
336 {
337 tmod = sk_CONF_MODULE_value(supported_modules, i);
338 if (!strncmp(tmod->name, name, nchar))
339 return tmod;
340 }
341
342 return NULL;
343
344 }
345
346 /* initialize a module */
347 static int module_init(CONF_MODULE *pmod, char *name, char *value,
348 const CONF *cnf)
349 {
350 int ret = 1;
351 int init_called = 0;
352 CONF_IMODULE *imod = NULL;
353
354 /* Otherwise add initialized module to list */
355 imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
356 if (!imod)
357 goto err;
358
359 imod->pmod = pmod;
360 imod->name = BUF_strdup(name);
361 imod->value = BUF_strdup(value);
362 imod->usr_data = NULL;
363
364 if (!imod->name || !imod->value)
365 goto memerr;
366
367 /* Try to initialize module */
368 if(pmod->init)
369 {
370 ret = pmod->init(imod, cnf);
371 init_called = 1;
372 /* Error occurred, exit */
373 if (ret <= 0)
374 goto err;
375 }
376
377 if (initialized_modules == NULL)
378 {
379 initialized_modules = sk_CONF_IMODULE_new_null();
380 if (!initialized_modules)
381 {
382 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
383 goto err;
384 }
385 }
386
387 if (!sk_CONF_IMODULE_push(initialized_modules, imod))
388 {
389 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
390 goto err;
391 }
392
393 pmod->links++;
394
395 return ret;
396
397 err:
398
399 /* We've started the module so we'd better finish it */
400 if (pmod->finish && init_called)
401 pmod->finish(imod);
402
403 memerr:
404 if (imod)
405 {
406 if (imod->name)
407 OPENSSL_free(imod->name);
408 if (imod->value)
409 OPENSSL_free(imod->value);
410 OPENSSL_free(imod);
411 }
412
413 return -1;
414
415 }
416
417 /* Unload any dynamic modules that have a link count of zero:
418 * i.e. have no active initialized modules. If 'all' is set
419 * then all modules are unloaded including static ones.
420 */
421
422 void CONF_modules_unload(int all)
423 {
424 int i;
425 CONF_MODULE *md;
426 CONF_modules_finish();
427 /* unload modules in reverse order */
428 for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
429 {
430 md = sk_CONF_MODULE_value(supported_modules, i);
431 /* If static or in use and 'all' not set ignore it */
432 if (((md->links > 0) || !md->dso) && !all)
433 continue;
434 /* Since we're working in reverse this is OK */
435 (void)sk_CONF_MODULE_delete(supported_modules, i);
436 module_free(md);
437 }
438 if (sk_CONF_MODULE_num(supported_modules) == 0)
439 {
440 sk_CONF_MODULE_free(supported_modules);
441 supported_modules = NULL;
442 }
443 }
444
445 /* unload a single module */
446 static void module_free(CONF_MODULE *md)
447 {
448 if (md->dso)
449 DSO_free(md->dso);
450 OPENSSL_free(md->name);
451 OPENSSL_free(md);
452 }
453
454 /* finish and free up all modules instances */
455
456 void CONF_modules_finish(void)
457 {
458 CONF_IMODULE *imod;
459 while (sk_CONF_IMODULE_num(initialized_modules) > 0)
460 {
461 imod = sk_CONF_IMODULE_pop(initialized_modules);
462 module_finish(imod);
463 }
464 sk_CONF_IMODULE_free(initialized_modules);
465 initialized_modules = NULL;
466 }
467
468 /* finish a module instance */
469
470 static void module_finish(CONF_IMODULE *imod)
471 {
472 if (imod->pmod->finish)
473 imod->pmod->finish(imod);
474 imod->pmod->links--;
475 OPENSSL_free(imod->name);
476 OPENSSL_free(imod->value);
477 OPENSSL_free(imod);
478 }
479
480 /* Add a static module to OpenSSL */
481
482 int CONF_module_add(const char *name, conf_init_func *ifunc,
483 conf_finish_func *ffunc)
484 {
485 if (module_add(NULL, name, ifunc, ffunc))
486 return 1;
487 else
488 return 0;
489 }
490
491 void CONF_modules_free(void)
492 {
493 CONF_modules_finish();
494 CONF_modules_unload(1);
495 }
496
497 /* Utility functions */
498
499 const char *CONF_imodule_get_name(const CONF_IMODULE *md)
500 {
501 return md->name;
502 }
503
504 const char *CONF_imodule_get_value(const CONF_IMODULE *md)
505 {
506 return md->value;
507 }
508
509 void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
510 {
511 return md->usr_data;
512 }
513
514 void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
515 {
516 md->usr_data = usr_data;
517 }
518
519 CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
520 {
521 return md->pmod;
522 }
523
524 unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
525 {
526 return md->flags;
527 }
528
529 void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
530 {
531 md->flags = flags;
532 }
533
534 void *CONF_module_get_usr_data(CONF_MODULE *pmod)
535 {
536 return pmod->usr_data;
537 }
538
539 void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
540 {
541 pmod->usr_data = usr_data;
542 }
543
544 /* Return default config file name */
545
546 char *CONF_get1_default_config_file(void)
547 {
548 char *file;
549 int len;
550
551 file = getenv("OPENSSL_CONF");
552 if (file)
553 return BUF_strdup(file);
554
555 len = strlen(X509_get_default_cert_area());
556 #ifndef OPENSSL_SYS_VMS
557 len++;
558 #endif
559 len += strlen(OPENSSL_CONF);
560
561 file = OPENSSL_malloc(len + 1);
562
563 if (!file)
564 return NULL;
565 BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
566 #ifndef OPENSSL_SYS_VMS
567 BUF_strlcat(file,"/",len + 1);
568 #endif
569 BUF_strlcat(file,OPENSSL_CONF,len + 1);
570
571 return file;
572 }
573
574 /* This function takes a list separated by 'sep' and calls the
575 * callback function giving the start and length of each member
576 * optionally stripping leading and trailing whitespace. This can
577 * be used to parse comma separated lists for example.
578 */
579
580 int CONF_parse_list(const char *list_, int sep, int nospc,
581 int (*list_cb)(const char *elem, int len, void *usr), void *arg)
582 {
583 int ret;
584 const char *lstart, *tmpend, *p;
585
586 if(list_ == NULL)
587 {
588 CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
589 return 0;
590 }
591
592 lstart = list_;
593 for(;;)
594 {
595 if (nospc)
596 {
597 while(*lstart && isspace((unsigned char)*lstart))
598 lstart++;
599 }
600 p = strchr(lstart, sep);
601 if (p == lstart || !*lstart)
602 ret = list_cb(NULL, 0, arg);
603 else
604 {
605 if (p)
606 tmpend = p - 1;
607 else
608 tmpend = lstart + strlen(lstart) - 1;
609 if (nospc)
610 {
611 while(isspace((unsigned char)*tmpend))
612 tmpend--;
613 }
614 ret = list_cb(lstart, tmpend - lstart + 1, arg);
615 }
616 if (ret <= 0)
617 return ret;
618 if (p == NULL)
619 return 1;
620 lstart = p + 1;
621 }
622 }