1 /* conf_mod.c */ 2 /* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL 3 * project 2001. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include <ctype.h> 61 #include <openssl/crypto.h> 62 #include "cryptlib.h" 63 #include <openssl/conf.h> 64 #include <openssl/dso.h> 65 #include <openssl/x509.h> 66 67 68 #define DSO_mod_init_name "OPENSSL_init" 69 #define DSO_mod_finish_name "OPENSSL_finish" 70 71 72 /* This structure contains a data about supported modules. 73 * entries in this table correspond to either dynamic or 74 * static modules. 75 */ 76 77 struct conf_module_st 78 { 79 /* DSO of this module or NULL if static */ 80 DSO *dso; 81 /* Name of the module */ 82 char *name; 83 /* Init function */ 84 conf_init_func *init; 85 /* Finish function */ 86 conf_finish_func *finish; 87 /* Number of successfully initialized modules */ 88 int links; 89 void *usr_data; 90 }; 91 92 93 /* This structure contains information about modules that have been 94 * successfully initialized. There may be more than one entry for a 95 * given module. 96 */ 97 98 struct conf_imodule_st 99 { 100 CONF_MODULE *pmod; 101 char *name; 102 char *value; 103 unsigned long flags; 104 void *usr_data; 105 }; 106 107 static STACK_OF(CONF_MODULE) *supported_modules = NULL; 108 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; 109 110 static void module_free(CONF_MODULE *md); 111 static void module_finish(CONF_IMODULE *imod); 112 static int module_run(const CONF *cnf, char *name, char *value, 113 unsigned long flags); 114 static CONF_MODULE *module_add(DSO *dso, const char *name, 115 conf_init_func *ifunc, conf_finish_func *ffunc); 116 static CONF_MODULE *module_find(char *name); 117 static int module_init(CONF_MODULE *pmod, char *name, char *value, 118 const CONF *cnf); 119 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, 120 unsigned long flags); 121 122 /* Main function: load modules from a CONF structure */ 123 124 int CONF_modules_load(const CONF *cnf, const char *appname, 125 unsigned long flags) 126 { 127 STACK_OF(CONF_VALUE) *values; 128 CONF_VALUE *vl; 129 char *vsection; 130 131 int ret, i; 132 133 if (!cnf) 134 return 1; 135 136 if (appname == NULL) 137 appname = "openssl_conf"; 138 139 vsection = NCONF_get_string(cnf, NULL, appname); 140 141 if (!vsection) 142 { 143 ERR_clear_error(); 144 return 1; 145 } 146 147 values = NCONF_get_section(cnf, vsection); 148 149 if (!values) 150 return 0; 151 152 for (i = 0; i < sk_CONF_VALUE_num(values); i++) 153 { 154 vl = sk_CONF_VALUE_value(values, i); 155 ret = module_run(cnf, vl->name, vl->value, flags); 156 if (ret <= 0) 157 if(!(flags & CONF_MFLAGS_IGNORE_ERRORS)) 158 return ret; 159 } 160 161 return 1; 162 163 } 164 165 int CONF_modules_load_file(const char *filename, const char *appname, 166 unsigned long flags) 167 { 168 char *file = NULL; 169 CONF *conf = NULL; 170 int ret = 0; 171 conf = NCONF_new(NULL); 172 if (!conf) 173 goto err; 174 175 if (filename == NULL) 176 { 177 file = CONF_get1_default_config_file(); 178 if (!file) 179 goto err; 180 } 181 else 182 file = (char *)filename; 183 184 if (NCONF_load(conf, file, NULL) <= 0) 185 { 186 if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && 187 (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) 188 { 189 ERR_clear_error(); 190 ret = 1; 191 } 192 goto err; 193 } 194 195 ret = CONF_modules_load(conf, appname, flags); 196 197 err: 198 if (filename == NULL) 199 OPENSSL_free(file); 200 NCONF_free(conf); 201 202 return ret; 203 } 204 205 static int module_run(const CONF *cnf, char *name, char *value, 206 unsigned long flags) 207 { 208 CONF_MODULE *md; 209 int ret; 210 211 md = module_find(name); 212 213 /* Module not found: try to load DSO */ 214 if (!md && !(flags & CONF_MFLAGS_NO_DSO)) 215 md = module_load_dso(cnf, name, value, flags); 216 217 if (!md) 218 { 219 if (!(flags & CONF_MFLAGS_SILENT)) 220 { 221 CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); 222 ERR_add_error_data(2, "module=", name); 223 } 224 return -1; 225 } 226 227 ret = module_init(md, name, value, cnf); 228 229 if (ret <= 0) 230 { 231 if (!(flags & CONF_MFLAGS_SILENT)) 232 { 233 char rcode[DECIMAL_SIZE(ret)+1]; 234 CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); 235 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret); 236 ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); 237 } 238 } 239 240 return ret; 241 } 242 243 /* Load a module from a DSO */ 244 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, 245 unsigned long flags) 246 { 247 DSO *dso = NULL; 248 conf_init_func *ifunc; 249 conf_finish_func *ffunc; 250 char *path = NULL; 251 int errcode = 0; 252 CONF_MODULE *md; 253 /* Look for alternative path in module section */ 254 path = NCONF_get_string(cnf, value, "path"); 255 if (!path) 256 { 257 ERR_clear_error(); 258 path = name; 259 } 260 dso = DSO_load(NULL, path, NULL, 0); 261 if (!dso) 262 { 263 errcode = CONF_R_ERROR_LOADING_DSO; 264 goto err; 265 } 266 ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); 267 if (!ifunc) 268 { 269 errcode = CONF_R_MISSING_INIT_FUNCTION; 270 goto err; 271 } 272 ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); 273 /* All OK, add module */ 274 md = module_add(dso, name, ifunc, ffunc); 275 276 if (!md) 277 goto err; 278 279 return md; 280 281 err: 282 if (dso) 283 DSO_free(dso); 284 CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); 285 ERR_add_error_data(4, "module=", name, ", path=", path); 286 return NULL; 287 } 288 289 /* add module to list */ 290 static CONF_MODULE *module_add(DSO *dso, const char *name, 291 conf_init_func *ifunc, conf_finish_func *ffunc) 292 { 293 CONF_MODULE *tmod = NULL; 294 if (supported_modules == NULL) 295 supported_modules = sk_CONF_MODULE_new_null(); 296 if (supported_modules == NULL) 297 return NULL; 298 tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); 299 if (tmod == NULL) 300 return NULL; 301 302 tmod->dso = dso; 303 tmod->name = BUF_strdup(name); 304 tmod->init = ifunc; 305 tmod->finish = ffunc; 306 tmod->links = 0; 307 308 if (!sk_CONF_MODULE_push(supported_modules, tmod)) 309 { 310 OPENSSL_free(tmod); 311 return NULL; 312 } 313 314 return tmod; 315 } 316 317 /* Find a module from the list. We allow module names of the 318 * form modname.XXXX to just search for modname to allow the 319 * same module to be initialized more than once. 320 */ 321 322 static CONF_MODULE *module_find(char *name) 323 { 324 CONF_MODULE *tmod; 325 int i, nchar; 326 char *p; 327 p = strrchr(name, '.'); 328 329 if (p) 330 nchar = p - name; 331 else 332 nchar = strlen(name); 333 334 for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) 335 { 336 tmod = sk_CONF_MODULE_value(supported_modules, i); 337 if (!strncmp(tmod->name, name, nchar)) 338 return tmod; 339 } 340 341 return NULL; 342 343 } 344 345 /* initialize a module */ 346 static int module_init(CONF_MODULE *pmod, char *name, char *value, 347 const CONF *cnf) 348 { 349 int ret = 1; 350 int init_called = 0; 351 CONF_IMODULE *imod = NULL; 352 353 /* Otherwise add initialized module to list */ 354 imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); 355 if (!imod) 356 goto err; 357 358 imod->pmod = pmod; 359 imod->name = BUF_strdup(name); 360 imod->value = BUF_strdup(value); 361 imod->usr_data = NULL; 362 363 if (!imod->name || !imod->value) 364 goto memerr; 365 366 /* Try to initialize module */ 367 if(pmod->init) 368 { 369 ret = pmod->init(imod, cnf); 370 init_called = 1; 371 /* Error occurred, exit */ 372 if (ret <= 0) 373 goto err; 374 } 375 376 if (initialized_modules == NULL) 377 { 378 initialized_modules = sk_CONF_IMODULE_new_null(); 379 if (!initialized_modules) 380 { 381 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); 382 goto err; 383 } 384 } 385 386 if (!sk_CONF_IMODULE_push(initialized_modules, imod)) 387 { 388 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); 389 goto err; 390 } 391 392 pmod->links++; 393 394 return ret; 395 396 err: 397 398 /* We've started the module so we'd better finish it */ 399 if (pmod->finish && init_called) 400 pmod->finish(imod); 401 402 memerr: 403 if (imod) 404 { 405 if (imod->name) 406 OPENSSL_free(imod->name); 407 if (imod->value) 408 OPENSSL_free(imod->value); 409 OPENSSL_free(imod); 410 } 411 412 return -1; 413 414 } 415 416 /* Unload any dynamic modules that have a link count of zero: 417 * i.e. have no active initialized modules. If 'all' is set 418 * then all modules are unloaded including static ones. 419 */ 420 421 void CONF_modules_unload(int all) 422 { 423 int i; 424 CONF_MODULE *md; 425 CONF_modules_finish(); 426 /* unload modules in reverse order */ 427 for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) 428 { 429 md = sk_CONF_MODULE_value(supported_modules, i); 430 /* If static or in use and 'all' not set ignore it */ 431 if (((md->links > 0) || !md->dso) && !all) 432 continue; 433 /* Since we're working in reverse this is OK */ 434 sk_CONF_MODULE_delete(supported_modules, i); 435 module_free(md); 436 } 437 if (sk_CONF_MODULE_num(supported_modules) == 0) 438 { 439 sk_CONF_MODULE_free(supported_modules); 440 supported_modules = NULL; 441 } 442 } 443 444 /* unload a single module */ 445 static void module_free(CONF_MODULE *md) 446 { 447 if (md->dso) 448 DSO_free(md->dso); 449 OPENSSL_free(md->name); 450 OPENSSL_free(md); 451 } 452 453 /* finish and free up all modules instances */ 454 455 void CONF_modules_finish(void) 456 { 457 CONF_IMODULE *imod; 458 while (sk_CONF_IMODULE_num(initialized_modules) > 0) 459 { 460 imod = sk_CONF_IMODULE_pop(initialized_modules); 461 module_finish(imod); 462 } 463 sk_CONF_IMODULE_free(initialized_modules); 464 initialized_modules = NULL; 465 } 466 467 /* finish a module instance */ 468 469 static void module_finish(CONF_IMODULE *imod) 470 { 471 if (imod->pmod->finish) 472 imod->pmod->finish(imod); 473 imod->pmod->links--; 474 OPENSSL_free(imod->name); 475 OPENSSL_free(imod->value); 476 OPENSSL_free(imod); 477 } 478 479 /* Add a static module to OpenSSL */ 480 481 int CONF_module_add(const char *name, conf_init_func *ifunc, 482 conf_finish_func *ffunc) 483 { 484 if (module_add(NULL, name, ifunc, ffunc)) 485 return 1; 486 else 487 return 0; 488 } 489 490 void CONF_modules_free(void) 491 { 492 CONF_modules_finish(); 493 CONF_modules_unload(1); 494 } 495 496 /* Utility functions */ 497 498 const char *CONF_imodule_get_name(const CONF_IMODULE *md) 499 { 500 return md->name; 501 } 502 503 const char *CONF_imodule_get_value(const CONF_IMODULE *md) 504 { 505 return md->value; 506 } 507 508 void *CONF_imodule_get_usr_data(const CONF_IMODULE *md) 509 { 510 return md->usr_data; 511 } 512 513 void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) 514 { 515 md->usr_data = usr_data; 516 } 517 518 CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md) 519 { 520 return md->pmod; 521 } 522 523 unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md) 524 { 525 return md->flags; 526 } 527 528 void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) 529 { 530 md->flags = flags; 531 } 532 533 void *CONF_module_get_usr_data(CONF_MODULE *pmod) 534 { 535 return pmod->usr_data; 536 } 537 538 void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) 539 { 540 pmod->usr_data = usr_data; 541 } 542 543 /* Return default config file name */ 544 545 char *CONF_get1_default_config_file(void) 546 { 547 char *file; 548 int len; 549 550 file = getenv("OPENSSL_CONF"); 551 if (file) 552 return BUF_strdup(file); 553 554 len = strlen(X509_get_default_cert_area()); 555 #ifndef OPENSSL_SYS_VMS 556 len++; 557 #endif 558 len += strlen(OPENSSL_CONF); 559 560 file = OPENSSL_malloc(len + 1); 561 562 if (!file) 563 return NULL; 564 BUF_strlcpy(file,X509_get_default_cert_area(),len + 1); 565 #ifndef OPENSSL_SYS_VMS 566 BUF_strlcat(file,"/",len + 1); 567 #endif 568 BUF_strlcat(file,OPENSSL_CONF,len + 1); 569 570 return file; 571 } 572 573 /* This function takes a list separated by 'sep' and calls the 574 * callback function giving the start and length of each member 575 * optionally stripping leading and trailing whitespace. This can 576 * be used to parse comma separated lists for example. 577 */ 578 579 int CONF_parse_list(const char *list_, int sep, int nospc, 580 int (*list_cb)(const char *elem, int len, void *usr), void *arg) 581 { 582 int ret; 583 const char *lstart, *tmpend, *p; 584 lstart = list_; 585 586 for(;;) 587 { 588 if (nospc) 589 { 590 while(*lstart && isspace((unsigned char)*lstart)) 591 lstart++; 592 } 593 p = strchr(lstart, sep); 594 if (p == lstart || !*lstart) 595 ret = list_cb(NULL, 0, arg); 596 else 597 { 598 if (p) 599 tmpend = p - 1; 600 else 601 tmpend = lstart + strlen(lstart) - 1; 602 if (nospc) 603 { 604 while(isspace((unsigned char)*tmpend)) 605 tmpend--; 606 } 607 ret = list_cb(lstart, tmpend - lstart + 1, arg); 608 } 609 if (ret <= 0) 610 return ret; 611 if (p == NULL) 612 return 1; 613 lstart = p + 1; 614 } 615 } 616 617