[thirdparty/openssl.git] / crypto / conf / conf_mod.c

/*
 * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/* We need to use some engine deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED

#include "internal/cryptlib.h"
#include <stdio.h>
#include <ctype.h>
#include <openssl/crypto.h>
#include "internal/conf.h"
#include <openssl/conf_api.h>
#include "internal/dso.h"
#include "internal/thread_once.h"
#include <openssl/x509.h>
#include <openssl/trace.h>
#include <openssl/engine.h>
#include "conf_local.h"

DEFINE_STACK_OF(CONF_MODULE)
DEFINE_STACK_OF(CONF_IMODULE)

#define DSO_mod_init_name "OPENSSL_init"
#define DSO_mod_finish_name "OPENSSL_finish"

/*
 * This structure contains a data about supported modules. entries in this
 * table correspond to either dynamic or static modules.
 */

struct conf_module_st {
    /* DSO of this module or NULL if static */
    DSO *dso;
    /* Name of the module */
    char *name;
    /* Init function */
    conf_init_func *init;
    /* Finish function */
    conf_finish_func *finish;
    /* Number of successfully initialized modules */
    int links;
    void *usr_data;
};

/*
 * This structure contains information about modules that have been
 * successfully initialized. There may be more than one entry for a given
 * module.
 */

struct conf_imodule_st {
    CONF_MODULE *pmod;
    char *name;
    char *value;
    unsigned long flags;
    void *usr_data;
};

static CRYPTO_ONCE init_module_list_lock = CRYPTO_ONCE_STATIC_INIT;
static CRYPTO_RWLOCK *module_list_lock = NULL;
static STACK_OF(CONF_MODULE) *supported_modules = NULL; /* protected by lock */
static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; /* protected by lock */

static CRYPTO_ONCE load_builtin_modules = CRYPTO_ONCE_STATIC_INIT;

static void module_free(CONF_MODULE *md);
static void module_finish(CONF_IMODULE *imod);
static int module_run(const CONF *cnf, const char *name, const char *value,
                      unsigned long flags);
static CONF_MODULE *module_add(DSO *dso, const char *name,
                               conf_init_func *ifunc,
                               conf_finish_func *ffunc);
static CONF_MODULE *module_find(const char *name);
static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
                       const CONF *cnf);
static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
                                    const char *value);

static int conf_modules_finish_int(void);

static void module_lists_free(void)
{
    CRYPTO_THREAD_lock_free(module_list_lock);
    module_list_lock = NULL;

    sk_CONF_MODULE_free(supported_modules);
    supported_modules = NULL;

    sk_CONF_IMODULE_free(initialized_modules);
    initialized_modules = NULL;
}

DEFINE_RUN_ONCE_STATIC(do_init_module_list_lock)
{
    module_list_lock = CRYPTO_THREAD_lock_new();
    if (module_list_lock == NULL) {
        ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
        return 0;
    }

    return 1;
}

static int conf_diagnostics(const CONF *cnf)
{
    return _CONF_get_number(cnf, NULL, "config_diagnostics") != 0;
}

/* Main function: load modules from a CONF structure */

int CONF_modules_load(const CONF *cnf, const char *appname,
                      unsigned long flags)
{
    STACK_OF(CONF_VALUE) *values;
    CONF_VALUE *vl;
    char *vsection = NULL;
    int ret, i;

    if (!cnf)
        return 1;

    if (conf_diagnostics(cnf))
        flags &= ~(CONF_MFLAGS_IGNORE_ERRORS
                   | CONF_MFLAGS_IGNORE_RETURN_CODES
                   | CONF_MFLAGS_SILENT
                   | CONF_MFLAGS_IGNORE_MISSING_FILE);

    ERR_set_mark();
    if (appname)
        vsection = NCONF_get_string(cnf, NULL, appname);

    if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
        vsection = NCONF_get_string(cnf, NULL, "openssl_conf");

    if (!vsection) {
        ERR_pop_to_mark();
        return 1;
    }

    OSSL_TRACE1(CONF, "Configuration in section %s\n", vsection);
    values = NCONF_get_section(cnf, vsection);

    if (values == NULL) {
        if (!(flags & CONF_MFLAGS_SILENT)) {
            ERR_clear_last_mark();
            ERR_raise_data(ERR_LIB_CONF,
                           CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION,
                           "openssl_conf=%s", vsection);
        } else {
            ERR_pop_to_mark();
        }
        return 0;
    }
    ERR_pop_to_mark();

    for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
        vl = sk_CONF_VALUE_value(values, i);
        ERR_set_mark();
        ret = module_run(cnf, vl->name, vl->value, flags);
        OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n",
                    vl->name, vl->value, ret);
        if (ret <= 0)
            if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) {
                ERR_clear_last_mark();
                return ret;
            }
        ERR_pop_to_mark();
    }

    return 1;

}

int CONF_modules_load_file_ex(OSSL_LIB_CTX *libctx, const char *filename,
                              const char *appname, unsigned long flags)
{
    char *file = NULL;
    CONF *conf = NULL;
    int ret = 0, diagnostics = 0;

    ERR_set_mark();

    if (filename == NULL) {
        file = CONF_get1_default_config_file();
        if (file == NULL)
            goto err;
        if (*file == '\0') {
            /* Do not try to load an empty file name but do not error out */
            ret = 1;
            goto err;
        }
    } else {
        file = (char *)filename;
    }

    conf = NCONF_new_ex(libctx, NULL);
    if (conf == NULL)
        goto err;

    if (NCONF_load(conf, file, NULL) <= 0) {
        if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
            (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
            ret = 1;
        }
        goto err;
    }

    ret = CONF_modules_load(conf, appname, flags);
    diagnostics = conf_diagnostics(conf);

 err:
    if (filename == NULL)
        OPENSSL_free(file);
    NCONF_free(conf);

    if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics)
        ret = 1;

    if (ret > 0)
        ERR_pop_to_mark();
    else
        ERR_clear_last_mark();

    return ret;
}

int CONF_modules_load_file(const char *filename,
                           const char *appname, unsigned long flags)
{
    return CONF_modules_load_file_ex(NULL, filename, appname, flags);
}

DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules)
{
    OPENSSL_load_builtin_modules();
#ifndef OPENSSL_NO_ENGINE
    /* Need to load ENGINEs */
    ENGINE_load_builtin_engines();
#endif
    return 1;
}

static int module_run(const CONF *cnf, const char *name, const char *value,
                      unsigned long flags)
{
    CONF_MODULE *md;
    int ret;

    if (!RUN_ONCE(&load_builtin_modules, do_load_builtin_modules))
        return -1;

    md = module_find(name);

    /* Module not found: try to load DSO */
    if (!md && !(flags & CONF_MFLAGS_NO_DSO))
        md = module_load_dso(cnf, name, value);

    if (!md) {
        if (!(flags & CONF_MFLAGS_SILENT)) {
            ERR_raise_data(ERR_LIB_CONF, CONF_R_UNKNOWN_MODULE_NAME,
                           "module=%s", name);
        }
        return -1;
    }

    ret = module_init(md, name, value, cnf);

    if (ret <= 0) {
        if (!(flags & CONF_MFLAGS_SILENT))
            ERR_raise_data(ERR_LIB_CONF, CONF_R_MODULE_INITIALIZATION_ERROR,
                           "module=%s, value=%s retcode=%-8d",
                           name, value, ret);
    }

    return ret;
}

/* Load a module from a DSO */
static CONF_MODULE *module_load_dso(const CONF *cnf,
                                    const char *name, const char *value)
{
    DSO *dso = NULL;
    conf_init_func *ifunc;
    conf_finish_func *ffunc;
    const char *path = NULL;
    int errcode = 0;
    CONF_MODULE *md;

    /* Look for alternative path in module section */
    path = _CONF_get_string(cnf, value, "path");
    if (path == NULL) {
        path = name;
    }
    dso = DSO_load(NULL, path, NULL, 0);
    if (dso == NULL) {
        errcode = CONF_R_ERROR_LOADING_DSO;
        goto err;
    }
    ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
    if (ifunc == NULL) {
        errcode = CONF_R_MISSING_INIT_FUNCTION;
        goto err;
    }
    ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
    /* All OK, add module */
    md = module_add(dso, name, ifunc, ffunc);

    if (md == NULL)
        goto err;

    return md;

 err:
    DSO_free(dso);
    ERR_raise_data(ERR_LIB_CONF, errcode, "module=%s, path=%s", name, path);
    return NULL;
}

/* add module to list */
static CONF_MODULE *module_add(DSO *dso, const char *name,
                               conf_init_func *ifunc, conf_finish_func *ffunc)
{
    CONF_MODULE *tmod = NULL;

    if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
        return NULL;

    if (!CRYPTO_THREAD_write_lock(module_list_lock))
        return NULL;

    if (supported_modules == NULL)
        supported_modules = sk_CONF_MODULE_new_null();
    if (supported_modules == NULL)
        goto err;
    if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL)
        goto err;

    tmod->dso = dso;
    tmod->name = OPENSSL_strdup(name);
    tmod->init = ifunc;
    tmod->finish = ffunc;
    if (tmod->name == NULL)
        goto err;

    if (!sk_CONF_MODULE_push(supported_modules, tmod))
        goto err;

    CRYPTO_THREAD_unlock(module_list_lock);
    return tmod;

 err:
    CRYPTO_THREAD_unlock(module_list_lock);
    if (tmod != NULL) {
        OPENSSL_free(tmod->name);
        OPENSSL_free(tmod);
    }
    return NULL;
}

/*
 * Find a module from the list. We allow module names of the form
 * modname.XXXX to just search for modname to allow the same module to be
 * initialized more than once.
 */

static CONF_MODULE *module_find(const char *name)
{
    CONF_MODULE *tmod;
    int i, nchar;
    char *p;
    p = strrchr(name, '.');

    if (p)
        nchar = p - name;
    else
        nchar = strlen(name);

    if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
        return NULL;

    if (!CRYPTO_THREAD_read_lock(module_list_lock))
        return NULL;

    for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
        tmod = sk_CONF_MODULE_value(supported_modules, i);
        if (strncmp(tmod->name, name, nchar) == 0) {
            CRYPTO_THREAD_unlock(module_list_lock);
            return tmod;
        }
    }

    CRYPTO_THREAD_unlock(module_list_lock);
    return NULL;
}

/* initialize a module */
static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
                       const CONF *cnf)
{
    int ret = 1;
    int init_called = 0;
    CONF_IMODULE *imod = NULL;

    /* Otherwise add initialized module to list */
    imod = OPENSSL_malloc(sizeof(*imod));
    if (imod == NULL)
        goto err;

    imod->pmod = pmod;
    imod->name = OPENSSL_strdup(name);
    imod->value = OPENSSL_strdup(value);
    imod->usr_data = NULL;

    if (!imod->name || !imod->value)
        goto memerr;

    /* Try to initialize module */
    if (pmod->init) {
        ret = pmod->init(imod, cnf);
        init_called = 1;
        /* Error occurred, exit */
        if (ret <= 0)
            goto err;
    }

    if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
        goto err;

    if (!CRYPTO_THREAD_write_lock(module_list_lock))
        goto err;

    if (initialized_modules == NULL) {
        initialized_modules = sk_CONF_IMODULE_new_null();
        if (initialized_modules == NULL) {
            CRYPTO_THREAD_unlock(module_list_lock);
            ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
            goto err;
        }
    }

    if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
        CRYPTO_THREAD_unlock(module_list_lock);
        ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
        goto err;
    }

    pmod->links++;

    CRYPTO_THREAD_unlock(module_list_lock);
    return ret;

 err:

    /* We've started the module so we'd better finish it */
    if (pmod->finish && init_called)
        pmod->finish(imod);

 memerr:
    if (imod) {
        OPENSSL_free(imod->name);
        OPENSSL_free(imod->value);
        OPENSSL_free(imod);
    }

    return -1;

}

/*
 * Unload any dynamic modules that have a link count of zero: i.e. have no
 * active initialized modules. If 'all' is set then all modules are unloaded
 * including static ones.
 */

void CONF_modules_unload(int all)
{
    int i;
    CONF_MODULE *md;

    if (!conf_modules_finish_int()) /* also inits module list lock */
        return;

    if (!CRYPTO_THREAD_write_lock(module_list_lock))
        return;

    /* unload modules in reverse order */
    for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
        md = sk_CONF_MODULE_value(supported_modules, i);
        /* If static or in use and 'all' not set ignore it */
        if (((md->links > 0) || !md->dso) && !all)
            continue;
        /* Since we're working in reverse this is OK */
        (void)sk_CONF_MODULE_delete(supported_modules, i);
        module_free(md);
    }

    if (sk_CONF_MODULE_num(supported_modules) == 0) {
        sk_CONF_MODULE_free(supported_modules);
        supported_modules = NULL;
    }

    CRYPTO_THREAD_unlock(module_list_lock);
}

/* unload a single module */
static void module_free(CONF_MODULE *md)
{
    DSO_free(md->dso);
    OPENSSL_free(md->name);
    OPENSSL_free(md);
}

/* finish and free up all modules instances */

static int conf_modules_finish_int(void)
{
    CONF_IMODULE *imod;

    if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
        return 0;

    /* If module_list_lock is NULL here it means we were already unloaded */
    if (module_list_lock == NULL
        || !CRYPTO_THREAD_write_lock(module_list_lock))
        return 0;

    while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
        imod = sk_CONF_IMODULE_pop(initialized_modules);
        module_finish(imod);
    }
    sk_CONF_IMODULE_free(initialized_modules);
    initialized_modules = NULL;

    CRYPTO_THREAD_unlock(module_list_lock);

    return 1;
}

void CONF_modules_finish(void)
{
    conf_modules_finish_int();
}

/* finish a module instance */

static void module_finish(CONF_IMODULE *imod)
{
    if (!imod)
        return;
    if (imod->pmod->finish)
        imod->pmod->finish(imod);
    imod->pmod->links--;
    OPENSSL_free(imod->name);
    OPENSSL_free(imod->value);
    OPENSSL_free(imod);
}

/* Add a static module to OpenSSL */

int CONF_module_add(const char *name, conf_init_func *ifunc,
                    conf_finish_func *ffunc)
{
    if (module_add(NULL, name, ifunc, ffunc))
        return 1;
    else
        return 0;
}

void ossl_config_modules_free(void)
{
    CONF_modules_unload(1); /* calls CONF_modules_finish */
    module_lists_free();
}

/* Utility functions */

const char *CONF_imodule_get_name(const CONF_IMODULE *md)
{
    return md->name;
}

const char *CONF_imodule_get_value(const CONF_IMODULE *md)
{
    return md->value;
}

void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
{
    return md->usr_data;
}

void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
{
    md->usr_data = usr_data;
}

CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
{
    return md->pmod;
}

unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
{
    return md->flags;
}

void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
{
    md->flags = flags;
}

void *CONF_module_get_usr_data(CONF_MODULE *pmod)
{
    return pmod->usr_data;
}

void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
{
    pmod->usr_data = usr_data;
}

/* Return default config file name */
char *CONF_get1_default_config_file(void)
{
    const char *t;
    char *file, *sep = "";
    size_t size;

    if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
        return OPENSSL_strdup(file);

    t = X509_get_default_cert_area();
#ifndef OPENSSL_SYS_VMS
    sep = "/";
#endif
    size = strlen(t) + strlen(sep) + strlen(OPENSSL_CONF) + 1;
    file = OPENSSL_malloc(size);

    if (file == NULL)
        return NULL;
    BIO_snprintf(file, size, "%s%s%s", t, sep, OPENSSL_CONF);

    return file;
}

/*
 * This function takes a list separated by 'sep' and calls the callback
 * function giving the start and length of each member optionally stripping
 * leading and trailing whitespace. This can be used to parse comma separated
 * lists for example.
 */

int CONF_parse_list(const char *list_, int sep, int nospc,
                    int (*list_cb) (const char *elem, int len, void *usr),
                    void *arg)
{
    int ret;
    const char *lstart, *tmpend, *p;

    if (list_ == NULL) {
        ERR_raise(ERR_LIB_CONF, CONF_R_LIST_CANNOT_BE_NULL);
        return 0;
    }

    lstart = list_;
    for (;;) {
        if (nospc) {
            while (*lstart && isspace((unsigned char)*lstart))
                lstart++;
        }
        p = strchr(lstart, sep);
        if (p == lstart || *lstart == '\0')
            ret = list_cb(NULL, 0, arg);
        else {
            if (p)
                tmpend = p - 1;
            else
                tmpend = lstart + strlen(lstart) - 1;
            if (nospc) {
                while (isspace((unsigned char)*tmpend))
                    tmpend--;
            }
            ret = list_cb(lstart, tmpend - lstart + 1, arg);
        }
        if (ret <= 0)
            return ret;
        if (p == NULL)
            return 1;
        lstart = p + 1;
    }
}
Commit	Line	Data
0f113f3e	1	/*
4333b89f	2	* Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
bc37d996	3	*
2044d382	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
62867571 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
bc37d996 DSH	8	*/
bc37d996 DSH	9
e4468e6d P	10	/* We need to use some engine deprecated APIs */
	11	#define OPENSSL_SUPPRESS_DEPRECATED
	12
07016a8a	13	#include "internal/cryptlib.h"
bc37d996	14	#include <stdio.h>
df5eaa8a	15	#include <ctype.h>
bc37d996	16	#include <openssl/crypto.h>
cbf6959f	17	#include "internal/conf.h"
6229815a	18	#include <openssl/conf_api.h>
921de151	19	#include "internal/dso.h"
22e27978	20	#include "internal/thread_once.h"
bc37d996	21	#include <openssl/x509.h>
0196ad63	22	#include <openssl/trace.h>
22e27978	23	#include <openssl/engine.h>
ff234c68	24	#include "conf_local.h"
bc37d996	25
852c2ed2 RS	26	DEFINE_STACK_OF(CONF_MODULE)
	27	DEFINE_STACK_OF(CONF_IMODULE)
	28
bc37d996 DSH	29	#define DSO_mod_init_name "OPENSSL_init"
	30	#define DSO_mod_finish_name "OPENSSL_finish"
	31
0f113f3e MC	32	/*
	33	* This structure contains a data about supported modules. entries in this
	34	* table correspond to either dynamic or static modules.
bc37d996 DSH	35	*/
bc37d996 DSH	36
0f113f3e MC	37	struct conf_module_st {
	38	/* DSO of this module or NULL if static */
	39	DSO *dso;
	40	/* Name of the module */
	41	char *name;
	42	/* Init function */
	43	conf_init_func *init;
	44	/* Finish function */
	45	conf_finish_func *finish;
	46	/* Number of successfully initialized modules */
	47	int links;
	48	void *usr_data;
	49	};
	50
	51	/*
	52	* This structure contains information about modules that have been
	53	* successfully initialized. There may be more than one entry for a given
	54	* module.
bc37d996 DSH	55	*/
bc37d996 DSH	56
0f113f3e MC	57	struct conf_imodule_st {
	58	CONF_MODULE *pmod;
	59	char *name;
	60	char *value;
	61	unsigned long flags;
	62	void *usr_data;
	63	};
bc37d996	64
ef7a9b44 HL	65	static CRYPTO_ONCE init_module_list_lock = CRYPTO_ONCE_STATIC_INIT;
	66	static CRYPTO_RWLOCK *module_list_lock = NULL;
	67	static STACK_OF(CONF_MODULE) supported_modules = NULL; / protected by lock */
	68	static STACK_OF(CONF_IMODULE) initialized_modules = NULL; / protected by lock */
bc37d996	69
22e27978 SL	70	static CRYPTO_ONCE load_builtin_modules = CRYPTO_ONCE_STATIC_INIT;
22e27978 SL	71
bc37d996 DSH	72	static void module_free(CONF_MODULE *md);
bc37d996 DSH	73	static void module_finish(CONF_IMODULE *imod);
159b9a4d	74	static int module_run(const CONF cnf, const char name, const char *value,
0f113f3e	75	unsigned long flags);
cca28b29	76	static CONF_MODULE module_add(DSO dso, const char *name,
0f113f3e MC	77	conf_init_func *ifunc,
0f113f3e MC	78	conf_finish_func *ffunc);
159b9a4d F	79	static CONF_MODULE module_find(const char name);
159b9a4d F	80	static int module_init(CONF_MODULE pmod, const char name, const char *value,
0f113f3e	81	const CONF *cnf);
02e112a8	82	static CONF_MODULE module_load_dso(const CONF cnf, const char *name,
159b9a4d	83	const char *value);
bc37d996	84
697d0b5b MC	85	static int conf_modules_finish_int(void);
697d0b5b MC	86
ef7a9b44 HL	87	static void module_lists_free(void)
	88	{
	89	CRYPTO_THREAD_lock_free(module_list_lock);
	90	module_list_lock = NULL;
	91
	92	sk_CONF_MODULE_free(supported_modules);
	93	supported_modules = NULL;
	94
	95	sk_CONF_IMODULE_free(initialized_modules);
	96	initialized_modules = NULL;
	97	}
	98
	99	DEFINE_RUN_ONCE_STATIC(do_init_module_list_lock)
	100	{
	101	module_list_lock = CRYPTO_THREAD_lock_new();
	102	if (module_list_lock == NULL) {
e077455e	103	ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
ef7a9b44 HL	104	return 0;
	105	}
	106
	107	return 1;
	108	}
	109
33855c0a P	110	static int conf_diagnostics(const CONF *cnf)
33855c0a P	111	{
55c61473	112	return _CONF_get_number(cnf, NULL, "config_diagnostics") != 0;
33855c0a P	113	}
33855c0a P	114
bc37d996 DSH	115	/* Main function: load modules from a CONF structure */
bc37d996 DSH	116
9dd5ae65	117	int CONF_modules_load(const CONF cnf, const char appname,
0f113f3e MC	118	unsigned long flags)
	119	{
	120	STACK_OF(CONF_VALUE) *values;
	121	CONF_VALUE *vl;
	122	char *vsection = NULL;
0f113f3e	123	int ret, i;
bc37d996	124
0f113f3e MC	125	if (!cnf)
0f113f3e MC	126	return 1;
bc37d996	127
33855c0a P	128	if (conf_diagnostics(cnf))
	129	flags &= ~(CONF_MFLAGS_IGNORE_ERRORS
	130	\| CONF_MFLAGS_IGNORE_RETURN_CODES
	131	\| CONF_MFLAGS_SILENT
	132	\| CONF_MFLAGS_IGNORE_MISSING_FILE);
	133
55c61473	134	ERR_set_mark();
0f113f3e MC	135	if (appname)
0f113f3e MC	136	vsection = NCONF_get_string(cnf, NULL, appname);
bc37d996	137
0f113f3e MC	138	if (!appname \|\| (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
0f113f3e MC	139	vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
bc37d996	140
0f113f3e	141	if (!vsection) {
55c61473	142	ERR_pop_to_mark();
0f113f3e MC	143	return 1;
0f113f3e MC	144	}
bc37d996	145
0196ad63	146	OSSL_TRACE1(CONF, "Configuration in section %s\n", vsection);
0f113f3e	147	values = NCONF_get_section(cnf, vsection);
bc37d996	148
33b4f731 P	149	if (values == NULL) {
33b4f731 P	150	if (!(flags & CONF_MFLAGS_SILENT)) {
55c61473	151	ERR_clear_last_mark();
a150f8e1 RL	152	ERR_raise_data(ERR_LIB_CONF,
	153	CONF_R_OPENSSL_CONF_REFERENCES_MISSING_SECTION,
	154	"openssl_conf=%s", vsection);
55c61473 DDO	155	} else {
55c61473 DDO	156	ERR_pop_to_mark();
33b4f731	157	}
0f113f3e	158	return 0;
33b4f731	159	}
55c61473	160	ERR_pop_to_mark();
bc37d996	161
0f113f3e MC	162	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
0f113f3e MC	163	vl = sk_CONF_VALUE_value(values, i);
55c61473	164	ERR_set_mark();
0f113f3e	165	ret = module_run(cnf, vl->name, vl->value, flags);
0196ad63 RL	166	OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n",
0196ad63 RL	167	vl->name, vl->value, ret);
0f113f3e	168	if (ret <= 0)
55c61473 DDO	169	if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) {
55c61473 DDO	170	ERR_clear_last_mark();
0f113f3e	171	return ret;
55c61473 DDO	172	}
55c61473 DDO	173	ERR_pop_to_mark();
0f113f3e	174	}
bc37d996	175
0f113f3e	176	return 1;
bc37d996	177
0f113f3e	178	}
bc37d996	179
b4250010	180	int CONF_modules_load_file_ex(OSSL_LIB_CTX libctx, const char filename,
d8652be0	181	const char *appname, unsigned long flags)
0f113f3e MC	182	{
	183	char *file = NULL;
	184	CONF *conf = NULL;
33855c0a	185	int ret = 0, diagnostics = 0;
22e27978	186
8b7d5ea7 TM	187	ERR_set_mark();
8b7d5ea7 TM	188
0f113f3e MC	189	if (filename == NULL) {
0f113f3e MC	190	file = CONF_get1_default_config_file();
22e27978	191	if (file == NULL)
0f113f3e	192	goto err;
8b7d5ea7 TM	193	if (*file == '\0') {
	194	/* Do not try to load an empty file name but do not error out */
	195	ret = 1;
	196	goto err;
	197	}
22e27978	198	} else {
0f113f3e	199	file = (char *)filename;
22e27978	200	}
0f113f3e	201
15795943 DDO	202	conf = NCONF_new_ex(libctx, NULL);
	203	if (conf == NULL)
	204	goto err;
	205
0f113f3e MC	206	if (NCONF_load(conf, file, NULL) <= 0) {
	207	if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
	208	(ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
0f113f3e MC	209	ret = 1;
	210	}
	211	goto err;
	212	}
	213
	214	ret = CONF_modules_load(conf, appname, flags);
33855c0a	215	diagnostics = conf_diagnostics(conf);
0f113f3e MC	216
	217	err:
	218	if (filename == NULL)
	219	OPENSSL_free(file);
	220	NCONF_free(conf);
	221
33855c0a	222	if ((flags & CONF_MFLAGS_IGNORE_RETURN_CODES) != 0 && !diagnostics)
55c61473	223	ret = 1;
df1f538f	224
b8ae4a83	225	if (ret > 0)
55c61473 DDO	226	ERR_pop_to_mark();
	227	else
	228	ERR_clear_last_mark();
b8ae4a83	229
0f113f3e MC	230	return ret;
0f113f3e MC	231	}
bc37d996	232
22e27978 SL	233	int CONF_modules_load_file(const char *filename,
	234	const char *appname, unsigned long flags)
	235	{
d8652be0	236	return CONF_modules_load_file_ex(NULL, filename, appname, flags);
22e27978 SL	237	}
	238
	239	DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules)
	240	{
	241	OPENSSL_load_builtin_modules();
	242	#ifndef OPENSSL_NO_ENGINE
	243	/* Need to load ENGINEs */
	244	ENGINE_load_builtin_engines();
	245	#endif
22e27978 SL	246	return 1;
	247	}
	248
159b9a4d	249	static int module_run(const CONF cnf, const char name, const char *value,
0f113f3e MC	250	unsigned long flags)
	251	{
	252	CONF_MODULE *md;
	253	int ret;
	254
22e27978 SL	255	if (!RUN_ONCE(&load_builtin_modules, do_load_builtin_modules))
	256	return -1;
	257
0f113f3e MC	258	md = module_find(name);
	259
	260	/* Module not found: try to load DSO */
	261	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
a773b52a	262	md = module_load_dso(cnf, name, value);
0f113f3e MC	263
	264	if (!md) {
	265	if (!(flags & CONF_MFLAGS_SILENT)) {
a150f8e1 RL	266	ERR_raise_data(ERR_LIB_CONF, CONF_R_UNKNOWN_MODULE_NAME,
a150f8e1 RL	267	"module=%s", name);
0f113f3e MC	268	}
	269	return -1;
	270	}
	271
	272	ret = module_init(md, name, value, cnf);
	273
	274	if (ret <= 0) {
a150f8e1 RL	275	if (!(flags & CONF_MFLAGS_SILENT))
	276	ERR_raise_data(ERR_LIB_CONF, CONF_R_MODULE_INITIALIZATION_ERROR,
	277	"module=%s, value=%s retcode=%-8d",
	278	name, value, ret);
0f113f3e MC	279	}
	280
	281	return ret;
	282	}
bc37d996 DSH	283
bc37d996 DSH	284	/* Load a module from a DSO */
02e112a8	285	static CONF_MODULE module_load_dso(const CONF cnf,
159b9a4d	286	const char name, const char value)
0f113f3e MC	287	{
	288	DSO *dso = NULL;
	289	conf_init_func *ifunc;
	290	conf_finish_func *ffunc;
159b9a4d	291	const char *path = NULL;
0f113f3e MC	292	int errcode = 0;
0f113f3e MC	293	CONF_MODULE *md;
12a765a5	294
0f113f3e	295	/* Look for alternative path in module section */
55c61473	296	path = _CONF_get_string(cnf, value, "path");
12a765a5	297	if (path == NULL) {
0f113f3e MC	298	path = name;
	299	}
	300	dso = DSO_load(NULL, path, NULL, 0);
12a765a5	301	if (dso == NULL) {
0f113f3e MC	302	errcode = CONF_R_ERROR_LOADING_DSO;
	303	goto err;
	304	}
	305	ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
12a765a5	306	if (ifunc == NULL) {
0f113f3e MC	307	errcode = CONF_R_MISSING_INIT_FUNCTION;
	308	goto err;
	309	}
	310	ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
	311	/* All OK, add module */
	312	md = module_add(dso, name, ifunc, ffunc);
	313
12a765a5	314	if (md == NULL)
0f113f3e MC	315	goto err;
	316
	317	return md;
	318
	319	err:
efa7dd64	320	DSO_free(dso);
a150f8e1	321	ERR_raise_data(ERR_LIB_CONF, errcode, "module=%s, path=%s", name, path);
0f113f3e MC	322	return NULL;
0f113f3e MC	323	}
bc37d996 DSH	324
bc37d996 DSH	325	/* add module to list */
cca28b29	326	static CONF_MODULE module_add(DSO dso, const char *name,
0f113f3e MC	327	conf_init_func ifunc, conf_finish_func ffunc)
	328	{
	329	CONF_MODULE *tmod = NULL;
ef7a9b44 HL	330
	331	if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
	332	return NULL;
	333
	334	if (!CRYPTO_THREAD_write_lock(module_list_lock))
	335	return NULL;
	336
0f113f3e MC	337	if (supported_modules == NULL)
	338	supported_modules = sk_CONF_MODULE_new_null();
	339	if (supported_modules == NULL)
ef7a9b44	340	goto err;
e077455e	341	if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL)
ef7a9b44	342	goto err;
0f113f3e MC	343
0f113f3e MC	344	tmod->dso = dso;
7644a9ae	345	tmod->name = OPENSSL_strdup(name);
0f113f3e MC	346	tmod->init = ifunc;
0f113f3e MC	347	tmod->finish = ffunc;
ef7a9b44 HL	348	if (tmod->name == NULL)
	349	goto err;
	350
	351	if (!sk_CONF_MODULE_push(supported_modules, tmod))
	352	goto err;
0f113f3e	353
ef7a9b44 HL	354	CRYPTO_THREAD_unlock(module_list_lock);
	355	return tmod;
	356
	357	err:
	358	CRYPTO_THREAD_unlock(module_list_lock);
	359	if (tmod != NULL) {
b7b8e948	360	OPENSSL_free(tmod->name);
0f113f3e	361	OPENSSL_free(tmod);
0f113f3e	362	}
ef7a9b44	363	return NULL;
0f113f3e MC	364	}
	365
	366	/*
	367	* Find a module from the list. We allow module names of the form
	368	* modname.XXXX to just search for modname to allow the same module to be
	369	* initialized more than once.
bc37d996 DSH	370	*/
bc37d996 DSH	371
159b9a4d	372	static CONF_MODULE module_find(const char name)
0f113f3e MC	373	{
	374	CONF_MODULE *tmod;
	375	int i, nchar;
	376	char *p;
	377	p = strrchr(name, '.');
bc37d996	378
0f113f3e MC	379	if (p)
	380	nchar = p - name;
	381	else
	382	nchar = strlen(name);
bc37d996	383
ef7a9b44 HL	384	if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
	385	return NULL;
	386
	387	if (!CRYPTO_THREAD_read_lock(module_list_lock))
	388	return NULL;
	389
0f113f3e MC	390	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
0f113f3e MC	391	tmod = sk_CONF_MODULE_value(supported_modules, i);
ef7a9b44 HL	392	if (strncmp(tmod->name, name, nchar) == 0) {
ef7a9b44 HL	393	CRYPTO_THREAD_unlock(module_list_lock);
0f113f3e	394	return tmod;
ef7a9b44	395	}
0f113f3e	396	}
bc37d996	397
ef7a9b44	398	CRYPTO_THREAD_unlock(module_list_lock);
0f113f3e	399	return NULL;
0f113f3e	400	}
bc37d996 DSH	401
bc37d996 DSH	402	/* initialize a module */
159b9a4d	403	static int module_init(CONF_MODULE pmod, const char name, const char *value,
0f113f3e MC	404	const CONF *cnf)
	405	{
	406	int ret = 1;
	407	int init_called = 0;
	408	CONF_IMODULE *imod = NULL;
	409
	410	/* Otherwise add initialized module to list */
b4faea50	411	imod = OPENSSL_malloc(sizeof(*imod));
90945fa3	412	if (imod == NULL)
0f113f3e MC	413	goto err;
	414
	415	imod->pmod = pmod;
7644a9ae RS	416	imod->name = OPENSSL_strdup(name);
7644a9ae RS	417	imod->value = OPENSSL_strdup(value);
0f113f3e MC	418	imod->usr_data = NULL;
	419
	420	if (!imod->name \|\| !imod->value)
	421	goto memerr;
	422
	423	/* Try to initialize module */
	424	if (pmod->init) {
	425	ret = pmod->init(imod, cnf);
	426	init_called = 1;
	427	/* Error occurred, exit */
	428	if (ret <= 0)
	429	goto err;
	430	}
	431
ef7a9b44 HL	432	if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
	433	goto err;
	434
	435	if (!CRYPTO_THREAD_write_lock(module_list_lock))
	436	goto err;
	437
0f113f3e MC	438	if (initialized_modules == NULL) {
0f113f3e MC	439	initialized_modules = sk_CONF_IMODULE_new_null();
ef7a9b44 HL	440	if (initialized_modules == NULL) {
ef7a9b44 HL	441	CRYPTO_THREAD_unlock(module_list_lock);
e077455e	442	ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
0f113f3e MC	443	goto err;
	444	}
	445	}
	446
	447	if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
ef7a9b44	448	CRYPTO_THREAD_unlock(module_list_lock);
e077455e	449	ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
0f113f3e MC	450	goto err;
	451	}
	452
	453	pmod->links++;
	454
ef7a9b44	455	CRYPTO_THREAD_unlock(module_list_lock);
0f113f3e MC	456	return ret;
	457
	458	err:
	459
	460	/* We've started the module so we'd better finish it */
	461	if (pmod->finish && init_called)
	462	pmod->finish(imod);
	463
	464	memerr:
	465	if (imod) {
b548a1f1 RS	466	OPENSSL_free(imod->name);
b548a1f1 RS	467	OPENSSL_free(imod->value);
0f113f3e MC	468	OPENSSL_free(imod);
	469	}
	470
	471	return -1;
	472
	473	}
	474
	475	/*
	476	* Unload any dynamic modules that have a link count of zero: i.e. have no
	477	* active initialized modules. If 'all' is set then all modules are unloaded
	478	* including static ones.
bc37d996 DSH	479	*/
	480
	481	void CONF_modules_unload(int all)
0f113f3e MC	482	{
	483	int i;
	484	CONF_MODULE *md;
ef7a9b44	485
697d0b5b MC	486	if (!conf_modules_finish_int()) /* also inits module list lock */
697d0b5b MC	487	return;
ef7a9b44 HL	488
	489	if (!CRYPTO_THREAD_write_lock(module_list_lock))
	490	return;
	491
0f113f3e MC	492	/* unload modules in reverse order */
	493	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
	494	md = sk_CONF_MODULE_value(supported_modules, i);
	495	/* If static or in use and 'all' not set ignore it */
	496	if (((md->links > 0) \|\| !md->dso) && !all)
	497	continue;
	498	/* Since we're working in reverse this is OK */
	499	(void)sk_CONF_MODULE_delete(supported_modules, i);
	500	module_free(md);
	501	}
ef7a9b44	502
0f113f3e MC	503	if (sk_CONF_MODULE_num(supported_modules) == 0) {
	504	sk_CONF_MODULE_free(supported_modules);
	505	supported_modules = NULL;
	506	}
ef7a9b44 HL	507
ef7a9b44 HL	508	CRYPTO_THREAD_unlock(module_list_lock);
0f113f3e	509	}
bc37d996 DSH	510
	511	/* unload a single module */
	512	static void module_free(CONF_MODULE *md)
0f113f3e	513	{
efa7dd64	514	DSO_free(md->dso);
0f113f3e MC	515	OPENSSL_free(md->name);
	516	OPENSSL_free(md);
	517	}
bc37d996 DSH	518
	519	/* finish and free up all modules instances */
	520
697d0b5b	521	static int conf_modules_finish_int(void)
0f113f3e MC	522	{
0f113f3e MC	523	CONF_IMODULE *imod;
ef7a9b44 HL	524
ef7a9b44 HL	525	if (!RUN_ONCE(&init_module_list_lock, do_init_module_list_lock))
697d0b5b	526	return 0;
ef7a9b44	527
d840f07b TM	528	/* If module_list_lock is NULL here it means we were already unloaded */
	529	if (module_list_lock == NULL
	530	\|\| !CRYPTO_THREAD_write_lock(module_list_lock))
697d0b5b	531	return 0;
ef7a9b44	532
0f113f3e MC	533	while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
	534	imod = sk_CONF_IMODULE_pop(initialized_modules);
	535	module_finish(imod);
	536	}
	537	sk_CONF_IMODULE_free(initialized_modules);
	538	initialized_modules = NULL;
ef7a9b44 HL	539
ef7a9b44 HL	540	CRYPTO_THREAD_unlock(module_list_lock);
697d0b5b MC	541
	542	return 1;
	543	}
	544
	545	void CONF_modules_finish(void)
	546	{
	547	conf_modules_finish_int();
0f113f3e	548	}
bc37d996 DSH	549
	550	/* finish a module instance */
	551
	552	static void module_finish(CONF_IMODULE *imod)
0f113f3e	553	{
efa7dd64 RS	554	if (!imod)
efa7dd64 RS	555	return;
0f113f3e MC	556	if (imod->pmod->finish)
	557	imod->pmod->finish(imod);
	558	imod->pmod->links--;
	559	OPENSSL_free(imod->name);
	560	OPENSSL_free(imod->value);
	561	OPENSSL_free(imod);
	562	}
bc37d996 DSH	563
	564	/* Add a static module to OpenSSL */
	565
0f113f3e MC	566	int CONF_module_add(const char name, conf_init_func ifunc,
	567	conf_finish_func *ffunc)
	568	{
	569	if (module_add(NULL, name, ifunc, ffunc))
	570	return 1;
	571	else
	572	return 0;
	573	}
bc37d996	574
f148f703	575	void ossl_config_modules_free(void)
0f113f3e	576	{
ef7a9b44 HL	577	CONF_modules_unload(1); /* calls CONF_modules_finish */
ef7a9b44 HL	578	module_lists_free();
0f113f3e	579	}
bc37d996 DSH	580
	581	/* Utility functions */
	582
9dd5ae65	583	const char CONF_imodule_get_name(const CONF_IMODULE md)
0f113f3e MC	584	{
	585	return md->name;
	586	}
bc37d996	587
9dd5ae65	588	const char CONF_imodule_get_value(const CONF_IMODULE md)
0f113f3e MC	589	{
	590	return md->value;
	591	}
bc37d996	592
9dd5ae65	593	void CONF_imodule_get_usr_data(const CONF_IMODULE md)
0f113f3e MC	594	{
	595	return md->usr_data;
	596	}
bc37d996 DSH	597
bc37d996 DSH	598	void CONF_imodule_set_usr_data(CONF_IMODULE md, void usr_data)
0f113f3e MC	599	{
	600	md->usr_data = usr_data;
	601	}
bc37d996	602
9dd5ae65	603	CONF_MODULE CONF_imodule_get_module(const CONF_IMODULE md)
0f113f3e MC	604	{
	605	return md->pmod;
	606	}
bc37d996	607
9dd5ae65	608	unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
0f113f3e MC	609	{
	610	return md->flags;
	611	}
bc37d996 DSH	612
bc37d996 DSH	613	void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
0f113f3e MC	614	{
	615	md->flags = flags;
	616	}
bc37d996 DSH	617
bc37d996 DSH	618	void CONF_module_get_usr_data(CONF_MODULE pmod)
0f113f3e MC	619	{
	620	return pmod->usr_data;
	621	}
bc37d996 DSH	622
bc37d996 DSH	623	void CONF_module_set_usr_data(CONF_MODULE pmod, void usr_data)
0f113f3e MC	624	{
	625	pmod->usr_data = usr_data;
	626	}
bc37d996	627
c9501c22	628	/* Return default config file name */
c9501c22	629	char *CONF_get1_default_config_file(void)
0f113f3e	630	{
e306f83c	631	const char *t;
a2371fa9	632	char file, sep = "";
e306f83c	633	size_t size;
c9501c22	634
5c39a55d P	635	if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
5c39a55d P	636	return OPENSSL_strdup(file);
c9501c22	637
e306f83c	638	t = X509_get_default_cert_area();
c9501c22	639	#ifndef OPENSSL_SYS_VMS
a2371fa9	640	sep = "/";
c9501c22	641	#endif
e306f83c RL	642	size = strlen(t) + strlen(sep) + strlen(OPENSSL_CONF) + 1;
e306f83c RL	643	file = OPENSSL_malloc(size);
c9501c22	644
90945fa3	645	if (file == NULL)
0f113f3e	646	return NULL;
e306f83c	647	BIO_snprintf(file, size, "%s%s%s", t, sep, OPENSSL_CONF);
c9501c22	648
0f113f3e MC	649	return file;
0f113f3e MC	650	}
df5eaa8a	651
0f113f3e MC	652	/*
	653	* This function takes a list separated by 'sep' and calls the callback
	654	* function giving the start and length of each member optionally stripping
	655	* leading and trailing whitespace. This can be used to parse comma separated
	656	* lists for example.
df5eaa8a DSH	657	*/
df5eaa8a DSH	658
3822740c	659	int CONF_parse_list(const char *list_, int sep, int nospc,
0f113f3e MC	660	int (list_cb) (const char elem, int len, void *usr),
	661	void *arg)
	662	{
	663	int ret;
	664	const char lstart, tmpend, *p;
	665
	666	if (list_ == NULL) {
9311d0c4	667	ERR_raise(ERR_LIB_CONF, CONF_R_LIST_CANNOT_BE_NULL);
0f113f3e MC	668	return 0;
	669	}
	670
	671	lstart = list_;
	672	for (;;) {
	673	if (nospc) {
	674	while (lstart && isspace((unsigned char)lstart))
	675	lstart++;
	676	}
	677	p = strchr(lstart, sep);
12a765a5	678	if (p == lstart \|\| *lstart == '\0')
0f113f3e MC	679	ret = list_cb(NULL, 0, arg);
	680	else {
	681	if (p)
	682	tmpend = p - 1;
	683	else
	684	tmpend = lstart + strlen(lstart) - 1;
	685	if (nospc) {
	686	while (isspace((unsigned char)*tmpend))
	687	tmpend--;
	688	}
	689	ret = list_cb(lstart, tmpend - lstart + 1, arg);
	690	}
	691	if (ret <= 0)
	692	return ret;
	693	if (p == NULL)
	694	return 1;
	695	lstart = p + 1;
	696	}
	697	}