conf_mod.c revision 331638
1/* conf_mod.c */ 2/* 3 * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project 4 * 2001. 5 */ 6/* ==================================================================== 7 * Copyright (c) 2001 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#include <stdio.h> 61#include <ctype.h> 62#include <openssl/crypto.h> 63#include "cryptlib.h" 64#include <openssl/conf.h> 65#include <openssl/dso.h> 66#include <openssl/x509.h> 67 68#define DSO_mod_init_name "OPENSSL_init" 69#define DSO_mod_finish_name "OPENSSL_finish" 70 71/* 72 * This structure contains a data about supported modules. entries in this 73 * table correspond to either dynamic or static modules. 74 */ 75 76struct conf_module_st { 77 /* DSO of this module or NULL if static */ 78 DSO *dso; 79 /* Name of the module */ 80 char *name; 81 /* Init function */ 82 conf_init_func *init; 83 /* Finish function */ 84 conf_finish_func *finish; 85 /* Number of successfully initialized modules */ 86 int links; 87 void *usr_data; 88}; 89 90/* 91 * This structure contains information about modules that have been 92 * successfully initialized. There may be more than one entry for a given 93 * module. 94 */ 95 96struct conf_imodule_st { 97 CONF_MODULE *pmod; 98 char *name; 99 char *value; 100 unsigned long flags; 101 void *usr_data; 102}; 103 104static STACK_OF(CONF_MODULE) *supported_modules = NULL; 105static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; 106 107static void module_free(CONF_MODULE *md); 108static void module_finish(CONF_IMODULE *imod); 109static int module_run(const CONF *cnf, char *name, char *value, 110 unsigned long flags); 111static CONF_MODULE *module_add(DSO *dso, const char *name, 112 conf_init_func *ifunc, 113 conf_finish_func *ffunc); 114static CONF_MODULE *module_find(char *name); 115static int module_init(CONF_MODULE *pmod, char *name, char *value, 116 const CONF *cnf); 117static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, 118 unsigned long flags); 119 120/* Main function: load modules from a CONF structure */ 121 122int CONF_modules_load(const CONF *cnf, const char *appname, 123 unsigned long flags) 124{ 125 STACK_OF(CONF_VALUE) *values; 126 CONF_VALUE *vl; 127 char *vsection = NULL; 128 129 int ret, i; 130 131 if (!cnf) 132 return 1; 133 134 if (appname) 135 vsection = NCONF_get_string(cnf, NULL, appname); 136 137 if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION))) 138 vsection = NCONF_get_string(cnf, NULL, "openssl_conf"); 139 140 if (!vsection) { 141 ERR_clear_error(); 142 return 1; 143 } 144 145 values = NCONF_get_section(cnf, vsection); 146 147 if (!values) 148 return 0; 149 150 for (i = 0; i < sk_CONF_VALUE_num(values); i++) { 151 vl = sk_CONF_VALUE_value(values, i); 152 ret = module_run(cnf, vl->name, vl->value, flags); 153 if (ret <= 0) 154 if (!(flags & CONF_MFLAGS_IGNORE_ERRORS)) 155 return ret; 156 } 157 158 return 1; 159 160} 161 162int CONF_modules_load_file(const char *filename, const char *appname, 163 unsigned long flags) 164{ 165 char *file = NULL; 166 CONF *conf = NULL; 167 int ret = 0; 168 conf = NCONF_new(NULL); 169 if (!conf) 170 goto err; 171 172 if (filename == NULL) { 173 file = CONF_get1_default_config_file(); 174 if (!file) 175 goto err; 176 } else 177 file = (char *)filename; 178 179 if (NCONF_load(conf, file, NULL) <= 0) { 180 if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) && 181 (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) { 182 ERR_clear_error(); 183 ret = 1; 184 } 185 goto err; 186 } 187 188 ret = CONF_modules_load(conf, appname, flags); 189 190 err: 191 if (filename == NULL) 192 OPENSSL_free(file); 193 NCONF_free(conf); 194 195 return ret; 196} 197 198static int module_run(const CONF *cnf, char *name, char *value, 199 unsigned long flags) 200{ 201 CONF_MODULE *md; 202 int ret; 203 204 md = module_find(name); 205 206 /* Module not found: try to load DSO */ 207 if (!md && !(flags & CONF_MFLAGS_NO_DSO)) 208 md = module_load_dso(cnf, name, value, flags); 209 210 if (!md) { 211 if (!(flags & CONF_MFLAGS_SILENT)) { 212 CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); 213 ERR_add_error_data(2, "module=", name); 214 } 215 return -1; 216 } 217 218 ret = module_init(md, name, value, cnf); 219 220 if (ret <= 0) { 221 if (!(flags & CONF_MFLAGS_SILENT)) { 222 char rcode[DECIMAL_SIZE(ret) + 1]; 223 CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR); 224 BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret); 225 ERR_add_error_data(6, "module=", name, ", value=", value, 226 ", retcode=", rcode); 227 } 228 } 229 230 return ret; 231} 232 233/* Load a module from a DSO */ 234static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value, 235 unsigned long flags) 236{ 237 DSO *dso = NULL; 238 conf_init_func *ifunc; 239 conf_finish_func *ffunc; 240 char *path = NULL; 241 int errcode = 0; 242 CONF_MODULE *md; 243 /* Look for alternative path in module section */ 244 path = NCONF_get_string(cnf, value, "path"); 245 if (!path) { 246 ERR_clear_error(); 247 path = name; 248 } 249 dso = DSO_load(NULL, path, NULL, 0); 250 if (!dso) { 251 errcode = CONF_R_ERROR_LOADING_DSO; 252 goto err; 253 } 254 ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); 255 if (!ifunc) { 256 errcode = CONF_R_MISSING_INIT_FUNCTION; 257 goto err; 258 } 259 ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); 260 /* All OK, add module */ 261 md = module_add(dso, name, ifunc, ffunc); 262 263 if (!md) 264 goto err; 265 266 return md; 267 268 err: 269 if (dso) 270 DSO_free(dso); 271 CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); 272 ERR_add_error_data(4, "module=", name, ", path=", path); 273 return NULL; 274} 275 276/* add module to list */ 277static CONF_MODULE *module_add(DSO *dso, const char *name, 278 conf_init_func *ifunc, conf_finish_func *ffunc) 279{ 280 CONF_MODULE *tmod = NULL; 281 if (supported_modules == NULL) 282 supported_modules = sk_CONF_MODULE_new_null(); 283 if (supported_modules == NULL) 284 return NULL; 285 tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); 286 if (tmod == NULL) 287 return NULL; 288 289 tmod->dso = dso; 290 tmod->name = BUF_strdup(name); 291 if (tmod->name == NULL) { 292 OPENSSL_free(tmod); 293 return NULL; 294 } 295 tmod->init = ifunc; 296 tmod->finish = ffunc; 297 tmod->links = 0; 298 299 if (!sk_CONF_MODULE_push(supported_modules, tmod)) { 300 OPENSSL_free(tmod); 301 return NULL; 302 } 303 304 return tmod; 305} 306 307/* 308 * Find a module from the list. We allow module names of the form 309 * modname.XXXX to just search for modname to allow the same module to be 310 * initialized more than once. 311 */ 312 313static CONF_MODULE *module_find(char *name) 314{ 315 CONF_MODULE *tmod; 316 int i, nchar; 317 char *p; 318 p = strrchr(name, '.'); 319 320 if (p) 321 nchar = p - name; 322 else 323 nchar = strlen(name); 324 325 for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) { 326 tmod = sk_CONF_MODULE_value(supported_modules, i); 327 if (!strncmp(tmod->name, name, nchar)) 328 return tmod; 329 } 330 331 return NULL; 332 333} 334 335/* initialize a module */ 336static int module_init(CONF_MODULE *pmod, char *name, char *value, 337 const CONF *cnf) 338{ 339 int ret = 1; 340 int init_called = 0; 341 CONF_IMODULE *imod = NULL; 342 343 /* Otherwise add initialized module to list */ 344 imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); 345 if (!imod) 346 goto err; 347 348 imod->pmod = pmod; 349 imod->name = BUF_strdup(name); 350 imod->value = BUF_strdup(value); 351 imod->usr_data = NULL; 352 353 if (!imod->name || !imod->value) 354 goto memerr; 355 356 /* Try to initialize module */ 357 if (pmod->init) { 358 ret = pmod->init(imod, cnf); 359 init_called = 1; 360 /* Error occurred, exit */ 361 if (ret <= 0) 362 goto err; 363 } 364 365 if (initialized_modules == NULL) { 366 initialized_modules = sk_CONF_IMODULE_new_null(); 367 if (!initialized_modules) { 368 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); 369 goto err; 370 } 371 } 372 373 if (!sk_CONF_IMODULE_push(initialized_modules, imod)) { 374 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); 375 goto err; 376 } 377 378 pmod->links++; 379 380 return ret; 381 382 err: 383 384 /* We've started the module so we'd better finish it */ 385 if (pmod->finish && init_called) 386 pmod->finish(imod); 387 388 memerr: 389 if (imod) { 390 if (imod->name) 391 OPENSSL_free(imod->name); 392 if (imod->value) 393 OPENSSL_free(imod->value); 394 OPENSSL_free(imod); 395 } 396 397 return -1; 398 399} 400 401/* 402 * Unload any dynamic modules that have a link count of zero: i.e. have no 403 * active initialized modules. If 'all' is set then all modules are unloaded 404 * including static ones. 405 */ 406 407void CONF_modules_unload(int all) 408{ 409 int i; 410 CONF_MODULE *md; 411 CONF_modules_finish(); 412 /* unload modules in reverse order */ 413 for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) { 414 md = sk_CONF_MODULE_value(supported_modules, i); 415 /* If static or in use and 'all' not set ignore it */ 416 if (((md->links > 0) || !md->dso) && !all) 417 continue; 418 /* Since we're working in reverse this is OK */ 419 (void)sk_CONF_MODULE_delete(supported_modules, i); 420 module_free(md); 421 } 422 if (sk_CONF_MODULE_num(supported_modules) == 0) { 423 sk_CONF_MODULE_free(supported_modules); 424 supported_modules = NULL; 425 } 426} 427 428/* unload a single module */ 429static void module_free(CONF_MODULE *md) 430{ 431 if (md->dso) 432 DSO_free(md->dso); 433 OPENSSL_free(md->name); 434 OPENSSL_free(md); 435} 436 437/* finish and free up all modules instances */ 438 439void CONF_modules_finish(void) 440{ 441 CONF_IMODULE *imod; 442 while (sk_CONF_IMODULE_num(initialized_modules) > 0) { 443 imod = sk_CONF_IMODULE_pop(initialized_modules); 444 module_finish(imod); 445 } 446 sk_CONF_IMODULE_free(initialized_modules); 447 initialized_modules = NULL; 448} 449 450/* finish a module instance */ 451 452static void module_finish(CONF_IMODULE *imod) 453{ 454 if (imod->pmod->finish) 455 imod->pmod->finish(imod); 456 imod->pmod->links--; 457 OPENSSL_free(imod->name); 458 OPENSSL_free(imod->value); 459 OPENSSL_free(imod); 460} 461 462/* Add a static module to OpenSSL */ 463 464int CONF_module_add(const char *name, conf_init_func *ifunc, 465 conf_finish_func *ffunc) 466{ 467 if (module_add(NULL, name, ifunc, ffunc)) 468 return 1; 469 else 470 return 0; 471} 472 473void CONF_modules_free(void) 474{ 475 CONF_modules_finish(); 476 CONF_modules_unload(1); 477} 478 479/* Utility functions */ 480 481const char *CONF_imodule_get_name(const CONF_IMODULE *md) 482{ 483 return md->name; 484} 485 486const char *CONF_imodule_get_value(const CONF_IMODULE *md) 487{ 488 return md->value; 489} 490 491void *CONF_imodule_get_usr_data(const CONF_IMODULE *md) 492{ 493 return md->usr_data; 494} 495 496void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) 497{ 498 md->usr_data = usr_data; 499} 500 501CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md) 502{ 503 return md->pmod; 504} 505 506unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md) 507{ 508 return md->flags; 509} 510 511void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) 512{ 513 md->flags = flags; 514} 515 516void *CONF_module_get_usr_data(CONF_MODULE *pmod) 517{ 518 return pmod->usr_data; 519} 520 521void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) 522{ 523 pmod->usr_data = usr_data; 524} 525 526/* Return default config file name */ 527 528char *CONF_get1_default_config_file(void) 529{ 530 char *file; 531 int len; 532 533 file = getenv("OPENSSL_CONF"); 534 if (file) 535 return BUF_strdup(file); 536 537 len = strlen(X509_get_default_cert_area()); 538#ifndef OPENSSL_SYS_VMS 539 len++; 540#endif 541 len += strlen(OPENSSL_CONF); 542 543 file = OPENSSL_malloc(len + 1); 544 545 if (!file) 546 return NULL; 547 BUF_strlcpy(file, X509_get_default_cert_area(), len + 1); 548#ifndef OPENSSL_SYS_VMS 549 BUF_strlcat(file, "/", len + 1); 550#endif 551 BUF_strlcat(file, OPENSSL_CONF, len + 1); 552 553 return file; 554} 555 556/* 557 * This function takes a list separated by 'sep' and calls the callback 558 * function giving the start and length of each member optionally stripping 559 * leading and trailing whitespace. This can be used to parse comma separated 560 * lists for example. 561 */ 562 563int CONF_parse_list(const char *list_, int sep, int nospc, 564 int (*list_cb) (const char *elem, int len, void *usr), 565 void *arg) 566{ 567 int ret; 568 const char *lstart, *tmpend, *p; 569 570 if (list_ == NULL) { 571 CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL); 572 return 0; 573 } 574 575 lstart = list_; 576 for (;;) { 577 if (nospc) { 578 while (*lstart && isspace((unsigned char)*lstart)) 579 lstart++; 580 } 581 p = strchr(lstart, sep); 582 if (p == lstart || !*lstart) 583 ret = list_cb(NULL, 0, arg); 584 else { 585 if (p) 586 tmpend = p - 1; 587 else 588 tmpend = lstart + strlen(lstart) - 1; 589 if (nospc) { 590 while (isspace((unsigned char)*tmpend)) 591 tmpend--; 592 } 593 ret = list_cb(lstart, tmpend - lstart + 1, arg); 594 } 595 if (ret <= 0) 596 return ret; 597 if (p == NULL) 598 return 1; 599 lstart = p + 1; 600 } 601} 602