]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/conf/conf_mod.c
projects / thirdparty / openssl.git / blob
? search:


99f552ce61f60c0bce318e1580612d678f7bd770
[thirdparty/openssl.git] / crypto / conf / conf_mod.c
1 /*
2 * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
3 * 2001.
4 */
5 /* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60 #include <ctype.h>
61 #include <openssl/crypto.h>
62 #include "internal/cryptlib.h"
63 #include "internal/conf.h"
64 #include "internal/dso.h"
65 #include <openssl/x509.h>
66
67 #define DSO_mod_init_name "OPENSSL_init"
68 #define DSO_mod_finish_name "OPENSSL_finish"
69
70 /*
71 * This structure contains a data about supported modules. entries in this
72 * table correspond to either dynamic or static modules.
73 */
74
75 struct conf_module_st {
76 /* DSO of this module or NULL if static */
77 DSO *dso;
78 /* Name of the module */
79 char *name;
80 /* Init function */
81 conf_init_func *init;
82 /* Finish function */
83 conf_finish_func *finish;
84 /* Number of successfully initialized modules */
85 int links;
86 void *usr_data;
87 };
88
89 /*
90 * This structure contains information about modules that have been
91 * successfully initialized. There may be more than one entry for a given
92 * module.
93 */
94
95 struct conf_imodule_st {
96 CONF_MODULE *pmod;
97 char *name;
98 char *value;
99 unsigned long flags;
100 void *usr_data;
101 };
102
103 static STACK_OF(CONF_MODULE) *supported_modules = NULL;
104 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
105
106 static void module_free(CONF_MODULE *md);
107 static void module_finish(CONF_IMODULE *imod);
108 static int module_run(const CONF *cnf, char *name, char *value,
109 unsigned long flags);
110 static CONF_MODULE *module_add(DSO *dso, const char *name,
111 conf_init_func *ifunc,
112 conf_finish_func *ffunc);
113 static CONF_MODULE *module_find(char *name);
114 static int module_init(CONF_MODULE *pmod, char *name, char *value,
115 const CONF *cnf);
116 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value);
117
118 /* Main function: load modules from a CONF structure */
119
120 int CONF_modules_load(const CONF *cnf, const char *appname,
121 unsigned long flags)
122 {
123 STACK_OF(CONF_VALUE) *values;
124 CONF_VALUE *vl;
125 char *vsection = NULL;
126
127 int ret, i;
128
129 if (!cnf)
130 return 1;
131
132 if (appname)
133 vsection = NCONF_get_string(cnf, NULL, appname);
134
135 if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
136 vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
137
138 if (!vsection) {
139 ERR_clear_error();
140 return 1;
141 }
142
143 values = NCONF_get_section(cnf, vsection);
144
145 if (!values)
146 return 0;
147
148 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
149 vl = sk_CONF_VALUE_value(values, i);
150 ret = module_run(cnf, vl->name, vl->value, flags);
151 if (ret <= 0)
152 if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
153 return ret;
154 }
155
156 return 1;
157
158 }
159
160 int CONF_modules_load_file(const char *filename, const char *appname,
161 unsigned long flags)
162 {
163 char *file = NULL;
164 CONF *conf = NULL;
165 int ret = 0;
166 conf = NCONF_new(NULL);
167 if (conf == NULL)
168 goto err;
169
170 if (filename == NULL) {
171 file = CONF_get1_default_config_file();
172 if (!file)
173 goto err;
174 } else
175 file = (char *)filename;
176
177 if (NCONF_load(conf, file, NULL) <= 0) {
178 if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
179 (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
180 ERR_clear_error();
181 ret = 1;
182 }
183 goto err;
184 }
185
186 ret = CONF_modules_load(conf, appname, flags);
187
188 err:
189 if (filename == NULL)
190 OPENSSL_free(file);
191 NCONF_free(conf);
192
193 return ret;
194 }
195
196 static int module_run(const CONF *cnf, char *name, char *value,
197 unsigned long flags)
198 {
199 CONF_MODULE *md;
200 int ret;
201
202 md = module_find(name);
203
204 /* Module not found: try to load DSO */
205 if (!md && !(flags & CONF_MFLAGS_NO_DSO))
206 md = module_load_dso(cnf, name, value);
207
208 if (!md) {
209 if (!(flags & CONF_MFLAGS_SILENT)) {
210 CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
211 ERR_add_error_data(2, "module=", name);
212 }
213 return -1;
214 }
215
216 ret = module_init(md, name, value, cnf);
217
218 if (ret <= 0) {
219 if (!(flags & CONF_MFLAGS_SILENT)) {
220 char rcode[DECIMAL_SIZE(ret) + 1];
221 CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
222 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
223 ERR_add_error_data(6, "module=", name, ", value=", value,
224 ", retcode=", rcode);
225 }
226 }
227
228 return ret;
229 }
230
231 /* Load a module from a DSO */
232 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value)
233 {
234 DSO *dso = NULL;
235 conf_init_func *ifunc;
236 conf_finish_func *ffunc;
237 char *path = NULL;
238 int errcode = 0;
239 CONF_MODULE *md;
240 /* Look for alternative path in module section */
241 path = NCONF_get_string(cnf, value, "path");
242 if (!path) {
243 ERR_clear_error();
244 path = name;
245 }
246 dso = DSO_load(NULL, path, NULL, 0);
247 if (!dso) {
248 errcode = CONF_R_ERROR_LOADING_DSO;
249 goto err;
250 }
251 ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
252 if (!ifunc) {
253 errcode = CONF_R_MISSING_INIT_FUNCTION;
254 goto err;
255 }
256 ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
257 /* All OK, add module */
258 md = module_add(dso, name, ifunc, ffunc);
259
260 if (!md)
261 goto err;
262
263 return md;
264
265 err:
266 DSO_free(dso);
267 CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
268 ERR_add_error_data(4, "module=", name, ", path=", path);
269 return NULL;
270 }
271
272 /* add module to list */
273 static CONF_MODULE *module_add(DSO *dso, const char *name,
274 conf_init_func *ifunc, conf_finish_func *ffunc)
275 {
276 CONF_MODULE *tmod = NULL;
277 if (supported_modules == NULL)
278 supported_modules = sk_CONF_MODULE_new_null();
279 if (supported_modules == NULL)
280 return NULL;
281 tmod = OPENSSL_zalloc(sizeof(*tmod));
282 if (tmod == NULL)
283 return NULL;
284
285 tmod->dso = dso;
286 tmod->name = OPENSSL_strdup(name);
287 tmod->init = ifunc;
288 tmod->finish = ffunc;
289
290 if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
291 OPENSSL_free(tmod);
292 return NULL;
293 }
294
295 return tmod;
296 }
297
298 /*
299 * Find a module from the list. We allow module names of the form
300 * modname.XXXX to just search for modname to allow the same module to be
301 * initialized more than once.
302 */
303
304 static CONF_MODULE *module_find(char *name)
305 {
306 CONF_MODULE *tmod;
307 int i, nchar;
308 char *p;
309 p = strrchr(name, '.');
310
311 if (p)
312 nchar = p - name;
313 else
314 nchar = strlen(name);
315
316 for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
317 tmod = sk_CONF_MODULE_value(supported_modules, i);
318 if (strncmp(tmod->name, name, nchar) == 0)
319 return tmod;
320 }
321
322 return NULL;
323
324 }
325
326 /* initialize a module */
327 static int module_init(CONF_MODULE *pmod, char *name, char *value,
328 const CONF *cnf)
329 {
330 int ret = 1;
331 int init_called = 0;
332 CONF_IMODULE *imod = NULL;
333
334 /* Otherwise add initialized module to list */
335 imod = OPENSSL_malloc(sizeof(*imod));
336 if (imod == NULL)
337 goto err;
338
339 imod->pmod = pmod;
340 imod->name = OPENSSL_strdup(name);
341 imod->value = OPENSSL_strdup(value);
342 imod->usr_data = NULL;
343
344 if (!imod->name || !imod->value)
345 goto memerr;
346
347 /* Try to initialize module */
348 if (pmod->init) {
349 ret = pmod->init(imod, cnf);
350 init_called = 1;
351 /* Error occurred, exit */
352 if (ret <= 0)
353 goto err;
354 }
355
356 if (initialized_modules == NULL) {
357 initialized_modules = sk_CONF_IMODULE_new_null();
358 if (!initialized_modules) {
359 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
360 goto err;
361 }
362 }
363
364 if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
365 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
366 goto err;
367 }
368
369 pmod->links++;
370
371 return ret;
372
373 err:
374
375 /* We've started the module so we'd better finish it */
376 if (pmod->finish && init_called)
377 pmod->finish(imod);
378
379 memerr:
380 if (imod) {
381 OPENSSL_free(imod->name);
382 OPENSSL_free(imod->value);
383 OPENSSL_free(imod);
384 }
385
386 return -1;
387
388 }
389
390 /*
391 * Unload any dynamic modules that have a link count of zero: i.e. have no
392 * active initialized modules. If 'all' is set then all modules are unloaded
393 * including static ones.
394 */
395
396 void CONF_modules_unload(int all)
397 {
398 int i;
399 CONF_MODULE *md;
400 CONF_modules_finish();
401 /* unload modules in reverse order */
402 for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
403 md = sk_CONF_MODULE_value(supported_modules, i);
404 /* If static or in use and 'all' not set ignore it */
405 if (((md->links > 0) || !md->dso) && !all)
406 continue;
407 /* Since we're working in reverse this is OK */
408 (void)sk_CONF_MODULE_delete(supported_modules, i);
409 module_free(md);
410 }
411 if (sk_CONF_MODULE_num(supported_modules) == 0) {
412 sk_CONF_MODULE_free(supported_modules);
413 supported_modules = NULL;
414 }
415 }
416
417 /* unload a single module */
418 static void module_free(CONF_MODULE *md)
419 {
420 DSO_free(md->dso);
421 OPENSSL_free(md->name);
422 OPENSSL_free(md);
423 }
424
425 /* finish and free up all modules instances */
426
427 void CONF_modules_finish(void)
428 {
429 CONF_IMODULE *imod;
430 while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
431 imod = sk_CONF_IMODULE_pop(initialized_modules);
432 module_finish(imod);
433 }
434 sk_CONF_IMODULE_free(initialized_modules);
435 initialized_modules = NULL;
436 }
437
438 /* finish a module instance */
439
440 static void module_finish(CONF_IMODULE *imod)
441 {
442 if (!imod)
443 return;
444 if (imod->pmod->finish)
445 imod->pmod->finish(imod);
446 imod->pmod->links--;
447 OPENSSL_free(imod->name);
448 OPENSSL_free(imod->value);
449 OPENSSL_free(imod);
450 }
451
452 /* Add a static module to OpenSSL */
453
454 int CONF_module_add(const char *name, conf_init_func *ifunc,
455 conf_finish_func *ffunc)
456 {
457 if (module_add(NULL, name, ifunc, ffunc))
458 return 1;
459 else
460 return 0;
461 }
462
463 void conf_modules_free_intern(void)
464 {
465 CONF_modules_finish();
466 CONF_modules_unload(1);
467 }
468
469 /* Utility functions */
470
471 const char *CONF_imodule_get_name(const CONF_IMODULE *md)
472 {
473 return md->name;
474 }
475
476 const char *CONF_imodule_get_value(const CONF_IMODULE *md)
477 {
478 return md->value;
479 }
480
481 void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
482 {
483 return md->usr_data;
484 }
485
486 void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
487 {
488 md->usr_data = usr_data;
489 }
490
491 CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
492 {
493 return md->pmod;
494 }
495
496 unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
497 {
498 return md->flags;
499 }
500
501 void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
502 {
503 md->flags = flags;
504 }
505
506 void *CONF_module_get_usr_data(CONF_MODULE *pmod)
507 {
508 return pmod->usr_data;
509 }
510
511 void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
512 {
513 pmod->usr_data = usr_data;
514 }
515
516 /* Return default config file name */
517
518 char *CONF_get1_default_config_file(void)
519 {
520 char *file;
521 int len;
522
523 file = getenv("OPENSSL_CONF");
524 if (file)
525 return OPENSSL_strdup(file);
526
527 len = strlen(X509_get_default_cert_area());
528 #ifndef OPENSSL_SYS_VMS
529 len++;
530 #endif
531 len += strlen(OPENSSL_CONF);
532
533 file = OPENSSL_malloc(len + 1);
534
535 if (file == NULL)
536 return NULL;
537 OPENSSL_strlcpy(file, X509_get_default_cert_area(), len + 1);
538 #ifndef OPENSSL_SYS_VMS
539 OPENSSL_strlcat(file, "/", len + 1);
540 #endif
541 OPENSSL_strlcat(file, OPENSSL_CONF, len + 1);
542
543 return file;
544 }
545
546 /*
547 * This function takes a list separated by 'sep' and calls the callback
548 * function giving the start and length of each member optionally stripping
549 * leading and trailing whitespace. This can be used to parse comma separated
550 * lists for example.
551 */
552
553 int CONF_parse_list(const char *list_, int sep, int nospc,
554 int (*list_cb) (const char *elem, int len, void *usr),
555 void *arg)
556 {
557 int ret;
558 const char *lstart, *tmpend, *p;
559
560 if (list_ == NULL) {
561 CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
562 return 0;
563 }
564
565 lstart = list_;
566 for (;;) {
567 if (nospc) {
568 while (*lstart && isspace((unsigned char)*lstart))
569 lstart++;
570 }
571 p = strchr(lstart, sep);
572 if (p == lstart || !*lstart)
573 ret = list_cb(NULL, 0, arg);
574 else {
575 if (p)
576 tmpend = p - 1;
577 else
578 tmpend = lstart + strlen(lstart) - 1;
579 if (nospc) {
580 while (isspace((unsigned char)*tmpend))
581 tmpend--;
582 }
583 ret = list_cb(lstart, tmpend - lstart + 1, arg);
584 }
585 if (ret <= 0)
586 return ret;
587 if (p == NULL)
588 return 1;
589 lstart = p + 1;
590 }
591 }
A mirror of the official openssl repository