1/* conf_mod.c */
2/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 *    notice, this list of conditions and the following disclaimer in
17 *    the documentation and/or other materials provided with the
18 *    distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 *    software must display the following acknowledgment:
22 *    "This product includes software developed by the OpenSSL Project
23 *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 *    endorse or promote products derived from this software without
27 *    prior written permission. For written permission, please contact
28 *    licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 *    nor may "OpenSSL" appear in their names without prior written
32 *    permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 *    acknowledgment:
36 *    "This product includes software developed by the OpenSSL Project
37 *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com).  This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <ctype.h>
61#include <openssl/crypto.h>
62#include "cryptlib.h"
63#include <openssl/conf.h>
64#include <openssl/dso.h>
65#include <openssl/x509.h>
66
67
68#define DSO_mod_init_name "OPENSSL_init"
69#define DSO_mod_finish_name "OPENSSL_finish"
70
71
72/* This structure contains a data about supported modules.
73 * entries in this table correspond to either dynamic or
74 * static modules.
75 */
76
77struct conf_module_st
78	{
79	/* DSO of this module or NULL if static */
80	DSO *dso;
81	/* Name of the module */
82	char *name;
83	/* Init function */
84	conf_init_func *init;
85	/* Finish function */
86	conf_finish_func *finish;
87	/* Number of successfully initialized modules */
88	int links;
89	void *usr_data;
90	};
91
92
93/* This structure contains information about modules that have been
94 * successfully initialized. There may be more than one entry for a
95 * given module.
96 */
97
98struct conf_imodule_st
99	{
100	CONF_MODULE *pmod;
101	char *name;
102	char *value;
103	unsigned long flags;
104	void *usr_data;
105	};
106
107static STACK_OF(CONF_MODULE) *supported_modules = NULL;
108static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
109
110static void module_free(CONF_MODULE *md);
111static void module_finish(CONF_IMODULE *imod);
112static int module_run(const CONF *cnf, char *name, char *value,
113					  unsigned long flags);
114static CONF_MODULE *module_add(DSO *dso, const char *name,
115			conf_init_func *ifunc, conf_finish_func *ffunc);
116static CONF_MODULE *module_find(char *name);
117static int module_init(CONF_MODULE *pmod, char *name, char *value,
118					   const CONF *cnf);
119static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
120									unsigned long flags);
121
122/* Main function: load modules from a CONF structure */
123
124int CONF_modules_load(const CONF *cnf, const char *appname,
125		      unsigned long flags)
126	{
127	STACK_OF(CONF_VALUE) *values;
128	CONF_VALUE *vl;
129	char *vsection;
130
131	int ret, i;
132
133	if (!cnf)
134		return 1;
135
136	if (appname == NULL)
137		appname = "openssl_conf";
138
139	vsection = NCONF_get_string(cnf, NULL, appname);
140
141	if (!vsection)
142		{
143		ERR_clear_error();
144		return 1;
145		}
146
147	values = NCONF_get_section(cnf, vsection);
148
149	if (!values)
150		return 0;
151
152	for (i = 0; i < sk_CONF_VALUE_num(values); i++)
153		{
154		vl = sk_CONF_VALUE_value(values, i);
155		ret = module_run(cnf, vl->name, vl->value, flags);
156		if (ret <= 0)
157			if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
158				return ret;
159		}
160
161	return 1;
162
163	}
164
165int CONF_modules_load_file(const char *filename, const char *appname,
166			   unsigned long flags)
167	{
168	char *file = NULL;
169	CONF *conf = NULL;
170	int ret = 0;
171	conf = NCONF_new(NULL);
172	if (!conf)
173		goto err;
174
175	if (filename == NULL)
176		{
177		file = CONF_get1_default_config_file();
178		if (!file)
179			goto err;
180		}
181	else
182		file = (char *)filename;
183
184	if (NCONF_load(conf, file, NULL) <= 0)
185		{
186		if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
187		  (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
188			{
189			ERR_clear_error();
190			ret = 1;
191			}
192		goto err;
193		}
194
195	ret = CONF_modules_load(conf, appname, flags);
196
197	err:
198	if (filename == NULL)
199		OPENSSL_free(file);
200	NCONF_free(conf);
201
202	return ret;
203	}
204
205static int module_run(const CONF *cnf, char *name, char *value,
206		      unsigned long flags)
207	{
208	CONF_MODULE *md;
209	int ret;
210
211	md = module_find(name);
212
213	/* Module not found: try to load DSO */
214	if (!md && !(flags & CONF_MFLAGS_NO_DSO))
215		md = module_load_dso(cnf, name, value, flags);
216
217	if (!md)
218		{
219		if (!(flags & CONF_MFLAGS_SILENT))
220			{
221			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
222			ERR_add_error_data(2, "module=", name);
223			}
224		return -1;
225		}
226
227	ret = module_init(md, name, value, cnf);
228
229	if (ret <= 0)
230		{
231		if (!(flags & CONF_MFLAGS_SILENT))
232			{
233			char rcode[DECIMAL_SIZE(ret)+1];
234			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
235			BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
236			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
237			}
238		}
239
240	return ret;
241	}
242
243/* Load a module from a DSO */
244static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
245				    unsigned long flags)
246	{
247	DSO *dso = NULL;
248	conf_init_func *ifunc;
249	conf_finish_func *ffunc;
250	char *path = NULL;
251	int errcode = 0;
252	CONF_MODULE *md;
253	/* Look for alternative path in module section */
254	path = NCONF_get_string(cnf, value, "path");
255	if (!path)
256		{
257		ERR_get_error();
258		path = name;
259		}
260	dso = DSO_load(NULL, path, NULL, 0);
261	if (!dso)
262		{
263		errcode = CONF_R_ERROR_LOADING_DSO;
264		goto err;
265		}
266        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
267	if (!ifunc)
268		{
269		errcode = CONF_R_MISSING_INIT_FUNCTION;
270		goto err;
271		}
272        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
273	/* All OK, add module */
274	md = module_add(dso, name, ifunc, ffunc);
275
276	if (!md)
277		goto err;
278
279	return md;
280
281	err:
282	if (dso)
283		DSO_free(dso);
284	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
285	ERR_add_error_data(4, "module=", name, ", path=", path);
286	return NULL;
287	}
288
289/* add module to list */
290static CONF_MODULE *module_add(DSO *dso, const char *name,
291			       conf_init_func *ifunc, conf_finish_func *ffunc)
292	{
293	CONF_MODULE *tmod = NULL;
294	if (supported_modules == NULL)
295		supported_modules = sk_CONF_MODULE_new_null();
296	if (supported_modules == NULL)
297		return NULL;
298	tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
299	if (tmod == NULL)
300		return NULL;
301
302	tmod->dso = dso;
303	tmod->name = BUF_strdup(name);
304	tmod->init = ifunc;
305	tmod->finish = ffunc;
306	tmod->links = 0;
307
308	if (!sk_CONF_MODULE_push(supported_modules, tmod))
309		{
310		OPENSSL_free(tmod);
311		return NULL;
312		}
313
314	return tmod;
315	}
316
317/* Find a module from the list. We allow module names of the
318 * form modname.XXXX to just search for modname to allow the
319 * same module to be initialized more than once.
320 */
321
322static CONF_MODULE *module_find(char *name)
323	{
324	CONF_MODULE *tmod;
325	int i, nchar;
326	char *p;
327	p = strrchr(name, '.');
328
329	if (p)
330		nchar = p - name;
331	else
332		nchar = strlen(name);
333
334	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
335		{
336		tmod = sk_CONF_MODULE_value(supported_modules, i);
337		if (!strncmp(tmod->name, name, nchar))
338			return tmod;
339		}
340
341	return NULL;
342
343	}
344
345/* initialize a module */
346static int module_init(CONF_MODULE *pmod, char *name, char *value,
347		       const CONF *cnf)
348	{
349	int ret = 1;
350	int init_called = 0;
351	CONF_IMODULE *imod = NULL;
352
353	/* Otherwise add initialized module to list */
354	imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
355	if (!imod)
356		goto err;
357
358	imod->pmod = pmod;
359	imod->name = BUF_strdup(name);
360	imod->value = BUF_strdup(value);
361	imod->usr_data = NULL;
362
363	if (!imod->name || !imod->value)
364		goto memerr;
365
366	/* Try to initialize module */
367	if(pmod->init)
368		{
369		ret = pmod->init(imod, cnf);
370		init_called = 1;
371		/* Error occurred, exit */
372		if (ret <= 0)
373			goto err;
374		}
375
376	if (initialized_modules == NULL)
377		{
378		initialized_modules = sk_CONF_IMODULE_new_null();
379		if (!initialized_modules)
380			{
381			CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
382			goto err;
383			}
384		}
385
386	if (!sk_CONF_IMODULE_push(initialized_modules, imod))
387		{
388		CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
389		goto err;
390		}
391
392	pmod->links++;
393
394	return ret;
395
396	err:
397
398	/* We've started the module so we'd better finish it */
399	if (pmod->finish && init_called)
400		pmod->finish(imod);
401
402	memerr:
403	if (imod)
404		{
405		if (imod->name)
406			OPENSSL_free(imod->name);
407		if (imod->value)
408			OPENSSL_free(imod->value);
409		OPENSSL_free(imod);
410		}
411
412	return -1;
413
414	}
415
416/* Unload any dynamic modules that have a link count of zero:
417 * i.e. have no active initialized modules. If 'all' is set
418 * then all modules are unloaded including static ones.
419 */
420
421void CONF_modules_unload(int all)
422	{
423	int i;
424	CONF_MODULE *md;
425	CONF_modules_finish();
426	/* unload modules in reverse order */
427	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
428		{
429		md = sk_CONF_MODULE_value(supported_modules, i);
430		/* If static or in use and 'all' not set ignore it */
431		if (((md->links > 0) || !md->dso) && !all)
432			continue;
433		/* Since we're working in reverse this is OK */
434		sk_CONF_MODULE_delete(supported_modules, i);
435		module_free(md);
436		}
437	if (sk_CONF_MODULE_num(supported_modules) == 0)
438		{
439		sk_CONF_MODULE_free(supported_modules);
440		supported_modules = NULL;
441		}
442	}
443
444/* unload a single module */
445static void module_free(CONF_MODULE *md)
446	{
447	if (md->dso)
448		DSO_free(md->dso);
449	OPENSSL_free(md->name);
450	OPENSSL_free(md);
451	}
452
453/* finish and free up all modules instances */
454
455void CONF_modules_finish(void)
456	{
457	CONF_IMODULE *imod;
458	while (sk_CONF_IMODULE_num(initialized_modules) > 0)
459		{
460		imod = sk_CONF_IMODULE_pop(initialized_modules);
461		module_finish(imod);
462		}
463	sk_CONF_IMODULE_free(initialized_modules);
464	initialized_modules = NULL;
465	}
466
467/* finish a module instance */
468
469static void module_finish(CONF_IMODULE *imod)
470	{
471	if (imod->pmod->finish)
472		imod->pmod->finish(imod);
473	imod->pmod->links--;
474	OPENSSL_free(imod->name);
475	OPENSSL_free(imod->value);
476	OPENSSL_free(imod);
477	}
478
479/* Add a static module to OpenSSL */
480
481int CONF_module_add(const char *name, conf_init_func *ifunc,
482		    conf_finish_func *ffunc)
483	{
484	if (module_add(NULL, name, ifunc, ffunc))
485		return 1;
486	else
487		return 0;
488	}
489
490void CONF_modules_free(void)
491	{
492	CONF_modules_finish();
493	CONF_modules_unload(1);
494	}
495
496/* Utility functions */
497
498const char *CONF_imodule_get_name(const CONF_IMODULE *md)
499	{
500	return md->name;
501	}
502
503const char *CONF_imodule_get_value(const CONF_IMODULE *md)
504	{
505	return md->value;
506	}
507
508void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
509	{
510	return md->usr_data;
511	}
512
513void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
514	{
515	md->usr_data = usr_data;
516	}
517
518CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
519	{
520	return md->pmod;
521	}
522
523unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
524	{
525	return md->flags;
526	}
527
528void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
529	{
530	md->flags = flags;
531	}
532
533void *CONF_module_get_usr_data(CONF_MODULE *pmod)
534	{
535	return pmod->usr_data;
536	}
537
538void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
539	{
540	pmod->usr_data = usr_data;
541	}
542
543/* Return default config file name */
544
545char *CONF_get1_default_config_file(void)
546	{
547	char *file;
548	int len;
549
550	file = getenv("OPENSSL_CONF");
551	if (file)
552		return BUF_strdup(file);
553
554	len = strlen(X509_get_default_cert_area());
555#ifndef OPENSSL_SYS_VMS
556	len++;
557#endif
558	len += strlen(OPENSSL_CONF);
559
560	file = OPENSSL_malloc(len + 1);
561
562	if (!file)
563		return NULL;
564	BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
565#ifndef OPENSSL_SYS_VMS
566	BUF_strlcat(file,"/",len + 1);
567#endif
568	BUF_strlcat(file,OPENSSL_CONF,len + 1);
569
570	return file;
571	}
572
573/* This function takes a list separated by 'sep' and calls the
574 * callback function giving the start and length of each member
575 * optionally stripping leading and trailing whitespace. This can
576 * be used to parse comma separated lists for example.
577 */
578
579int CONF_parse_list(const char *list_, int sep, int nospc,
580	int (*list_cb)(const char *elem, int len, void *usr), void *arg)
581	{
582	int ret;
583	const char *lstart, *tmpend, *p;
584	lstart = list_;
585
586	for(;;)
587		{
588		if (nospc)
589			{
590			while(*lstart && isspace((unsigned char)*lstart))
591				lstart++;
592			}
593		p = strchr(lstart, sep);
594		if (p == lstart || !*lstart)
595			ret = list_cb(NULL, 0, arg);
596		else
597			{
598			if (p)
599				tmpend = p - 1;
600			else
601				tmpend = lstart + strlen(lstart) - 1;
602			if (nospc)
603				{
604				while(isspace((unsigned char)*tmpend))
605					tmpend--;
606				}
607			ret = list_cb(lstart, tmpend - lstart + 1, arg);
608			}
609		if (ret <= 0)
610			return ret;
611		if (p == NULL)
612			return 1;
613		lstart = p + 1;
614		}
615	}
616
617