123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617 |
- /* conf_mod.c */
- /* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
- * project 2001.
- */
- /* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
- #include <stdio.h>
- #include <ctype.h>
- #include <openssl/crypto.h>
- #include "cryptlib.h"
- #include <openssl/conf.h>
- #include <openssl/dso.h>
- #include <openssl/x509.h>
- #define DSO_mod_init_name "OPENSSL_init"
- #define DSO_mod_finish_name "OPENSSL_finish"
- /* This structure contains a data about supported modules.
- * entries in this table correspond to either dynamic or
- * static modules.
- */
- struct conf_module_st
- {
- /* DSO of this module or NULL if static */
- DSO *dso;
- /* Name of the module */
- char *name;
- /* Init function */
- conf_init_func *init;
- /* Finish function */
- conf_finish_func *finish;
- /* Number of successfully initialized modules */
- int links;
- void *usr_data;
- };
- /* This structure contains information about modules that have been
- * successfully initialized. There may be more than one entry for a
- * given module.
- */
- struct conf_imodule_st
- {
- CONF_MODULE *pmod;
- char *name;
- char *value;
- unsigned long flags;
- void *usr_data;
- };
- static STACK_OF(CONF_MODULE) *supported_modules = NULL;
- static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
- static void module_free(CONF_MODULE *md);
- static void module_finish(CONF_IMODULE *imod);
- static int module_run(const CONF *cnf, char *name, char *value,
- unsigned long flags);
- static CONF_MODULE *module_add(DSO *dso, const char *name,
- conf_init_func *ifunc, conf_finish_func *ffunc);
- static CONF_MODULE *module_find(char *name);
- static int module_init(CONF_MODULE *pmod, char *name, char *value,
- const CONF *cnf);
- static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags);
- /* Main function: load modules from a CONF structure */
- int CONF_modules_load(const CONF *cnf, const char *appname,
- unsigned long flags)
- {
- STACK_OF(CONF_VALUE) *values;
- CONF_VALUE *vl;
- char *vsection = NULL;
- int ret, i;
- if (!cnf)
- return 1;
- if (appname)
- vsection = NCONF_get_string(cnf, NULL, appname);
- if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
- vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
- if (!vsection)
- {
- ERR_clear_error();
- return 1;
- }
- values = NCONF_get_section(cnf, vsection);
- if (!values)
- return 0;
- for (i = 0; i < sk_CONF_VALUE_num(values); i++)
- {
- vl = sk_CONF_VALUE_value(values, i);
- ret = module_run(cnf, vl->name, vl->value, flags);
- if (ret <= 0)
- if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
- return ret;
- }
- return 1;
- }
- int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags)
- {
- char *file = NULL;
- CONF *conf = NULL;
- int ret = 0;
- conf = NCONF_new(NULL);
- if (!conf)
- goto err;
- if (filename == NULL)
- {
- file = CONF_get1_default_config_file();
- if (!file)
- goto err;
- }
- else
- file = (char *)filename;
- if (NCONF_load(conf, file, NULL) <= 0)
- {
- if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
- (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE))
- {
- ERR_clear_error();
- ret = 1;
- }
- goto err;
- }
- ret = CONF_modules_load(conf, appname, flags);
- err:
- if (filename == NULL)
- OPENSSL_free(file);
- NCONF_free(conf);
- return ret;
- }
- static int module_run(const CONF *cnf, char *name, char *value,
- unsigned long flags)
- {
- CONF_MODULE *md;
- int ret;
- md = module_find(name);
- /* Module not found: try to load DSO */
- if (!md && !(flags & CONF_MFLAGS_NO_DSO))
- md = module_load_dso(cnf, name, value, flags);
- if (!md)
- {
- if (!(flags & CONF_MFLAGS_SILENT))
- {
- CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
- ERR_add_error_data(2, "module=", name);
- }
- return -1;
- }
- ret = module_init(md, name, value, cnf);
- if (ret <= 0)
- {
- if (!(flags & CONF_MFLAGS_SILENT))
- {
- char rcode[DECIMAL_SIZE(ret)+1];
- CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
- BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
- ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
- }
- }
- return ret;
- }
- /* Load a module from a DSO */
- static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags)
- {
- DSO *dso = NULL;
- conf_init_func *ifunc;
- conf_finish_func *ffunc;
- char *path = NULL;
- int errcode = 0;
- CONF_MODULE *md;
- /* Look for alternative path in module section */
- path = NCONF_get_string(cnf, value, "path");
- if (!path)
- {
- ERR_clear_error();
- path = name;
- }
- dso = DSO_load(NULL, path, NULL, 0);
- if (!dso)
- {
- errcode = CONF_R_ERROR_LOADING_DSO;
- goto err;
- }
- ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
- if (!ifunc)
- {
- errcode = CONF_R_MISSING_INIT_FUNCTION;
- goto err;
- }
- ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
- /* All OK, add module */
- md = module_add(dso, name, ifunc, ffunc);
- if (!md)
- goto err;
- return md;
- err:
- if (dso)
- DSO_free(dso);
- CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
- ERR_add_error_data(4, "module=", name, ", path=", path);
- return NULL;
- }
- /* add module to list */
- static CONF_MODULE *module_add(DSO *dso, const char *name,
- conf_init_func *ifunc, conf_finish_func *ffunc)
- {
- CONF_MODULE *tmod = NULL;
- if (supported_modules == NULL)
- supported_modules = sk_CONF_MODULE_new_null();
- if (supported_modules == NULL)
- return NULL;
- tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
- if (tmod == NULL)
- return NULL;
- tmod->dso = dso;
- tmod->name = BUF_strdup(name);
- tmod->init = ifunc;
- tmod->finish = ffunc;
- tmod->links = 0;
- if (!sk_CONF_MODULE_push(supported_modules, tmod))
- {
- OPENSSL_free(tmod);
- return NULL;
- }
- return tmod;
- }
- /* Find a module from the list. We allow module names of the
- * form modname.XXXX to just search for modname to allow the
- * same module to be initialized more than once.
- */
- static CONF_MODULE *module_find(char *name)
- {
- CONF_MODULE *tmod;
- int i, nchar;
- char *p;
- p = strrchr(name, '.');
- if (p)
- nchar = p - name;
- else
- nchar = strlen(name);
- for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
- {
- tmod = sk_CONF_MODULE_value(supported_modules, i);
- if (!strncmp(tmod->name, name, nchar))
- return tmod;
- }
- return NULL;
- }
- /* initialize a module */
- static int module_init(CONF_MODULE *pmod, char *name, char *value,
- const CONF *cnf)
- {
- int ret = 1;
- int init_called = 0;
- CONF_IMODULE *imod = NULL;
- /* Otherwise add initialized module to list */
- imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
- if (!imod)
- goto err;
- imod->pmod = pmod;
- imod->name = BUF_strdup(name);
- imod->value = BUF_strdup(value);
- imod->usr_data = NULL;
- if (!imod->name || !imod->value)
- goto memerr;
- /* Try to initialize module */
- if(pmod->init)
- {
- ret = pmod->init(imod, cnf);
- init_called = 1;
- /* Error occurred, exit */
- if (ret <= 0)
- goto err;
- }
- if (initialized_modules == NULL)
- {
- initialized_modules = sk_CONF_IMODULE_new_null();
- if (!initialized_modules)
- {
- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- }
- if (!sk_CONF_IMODULE_push(initialized_modules, imod))
- {
- CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- pmod->links++;
- return ret;
- err:
- /* We've started the module so we'd better finish it */
- if (pmod->finish && init_called)
- pmod->finish(imod);
- memerr:
- if (imod)
- {
- if (imod->name)
- OPENSSL_free(imod->name);
- if (imod->value)
- OPENSSL_free(imod->value);
- OPENSSL_free(imod);
- }
- return -1;
- }
- /* Unload any dynamic modules that have a link count of zero:
- * i.e. have no active initialized modules. If 'all' is set
- * then all modules are unloaded including static ones.
- */
- void CONF_modules_unload(int all)
- {
- int i;
- CONF_MODULE *md;
- CONF_modules_finish();
- /* unload modules in reverse order */
- for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
- {
- md = sk_CONF_MODULE_value(supported_modules, i);
- /* If static or in use and 'all' not set ignore it */
- if (((md->links > 0) || !md->dso) && !all)
- continue;
- /* Since we're working in reverse this is OK */
- sk_CONF_MODULE_delete(supported_modules, i);
- module_free(md);
- }
- if (sk_CONF_MODULE_num(supported_modules) == 0)
- {
- sk_CONF_MODULE_free(supported_modules);
- supported_modules = NULL;
- }
- }
- /* unload a single module */
- static void module_free(CONF_MODULE *md)
- {
- if (md->dso)
- DSO_free(md->dso);
- OPENSSL_free(md->name);
- OPENSSL_free(md);
- }
- /* finish and free up all modules instances */
- void CONF_modules_finish(void)
- {
- CONF_IMODULE *imod;
- while (sk_CONF_IMODULE_num(initialized_modules) > 0)
- {
- imod = sk_CONF_IMODULE_pop(initialized_modules);
- module_finish(imod);
- }
- sk_CONF_IMODULE_free(initialized_modules);
- initialized_modules = NULL;
- }
- /* finish a module instance */
- static void module_finish(CONF_IMODULE *imod)
- {
- if (imod->pmod->finish)
- imod->pmod->finish(imod);
- imod->pmod->links--;
- OPENSSL_free(imod->name);
- OPENSSL_free(imod->value);
- OPENSSL_free(imod);
- }
- /* Add a static module to OpenSSL */
- int CONF_module_add(const char *name, conf_init_func *ifunc,
- conf_finish_func *ffunc)
- {
- if (module_add(NULL, name, ifunc, ffunc))
- return 1;
- else
- return 0;
- }
- void CONF_modules_free(void)
- {
- CONF_modules_finish();
- CONF_modules_unload(1);
- }
- /* Utility functions */
- const char *CONF_imodule_get_name(const CONF_IMODULE *md)
- {
- return md->name;
- }
- const char *CONF_imodule_get_value(const CONF_IMODULE *md)
- {
- return md->value;
- }
- void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
- {
- return md->usr_data;
- }
- void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
- {
- md->usr_data = usr_data;
- }
- CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
- {
- return md->pmod;
- }
- unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
- {
- return md->flags;
- }
- void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
- {
- md->flags = flags;
- }
- void *CONF_module_get_usr_data(CONF_MODULE *pmod)
- {
- return pmod->usr_data;
- }
- void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
- {
- pmod->usr_data = usr_data;
- }
- /* Return default config file name */
- char *CONF_get1_default_config_file(void)
- {
- char *file;
- int len;
- file = getenv("OPENSSL_CONF");
- if (file)
- return BUF_strdup(file);
- len = strlen(X509_get_default_cert_area());
- #ifndef OPENSSL_SYS_VMS
- len++;
- #endif
- len += strlen(OPENSSL_CONF);
- file = OPENSSL_malloc(len + 1);
- if (!file)
- return NULL;
- BUF_strlcpy(file,X509_get_default_cert_area(),len + 1);
- #ifndef OPENSSL_SYS_VMS
- BUF_strlcat(file,"/",len + 1);
- #endif
- BUF_strlcat(file,OPENSSL_CONF,len + 1);
- return file;
- }
- /* This function takes a list separated by 'sep' and calls the
- * callback function giving the start and length of each member
- * optionally stripping leading and trailing whitespace. This can
- * be used to parse comma separated lists for example.
- */
- int CONF_parse_list(const char *list_, int sep, int nospc,
- int (*list_cb)(const char *elem, int len, void *usr), void *arg)
- {
- int ret;
- const char *lstart, *tmpend, *p;
- lstart = list_;
- for(;;)
- {
- if (nospc)
- {
- while(*lstart && isspace((unsigned char)*lstart))
- lstart++;
- }
- p = strchr(lstart, sep);
- if (p == lstart || !*lstart)
- ret = list_cb(NULL, 0, arg);
- else
- {
- if (p)
- tmpend = p - 1;
- else
- tmpend = lstart + strlen(lstart) - 1;
- if (nospc)
- {
- while(isspace((unsigned char)*tmpend))
- tmpend--;
- }
- ret = list_cb(lstart, tmpend - lstart + 1, arg);
- }
- if (ret <= 0)
- return ret;
- if (p == NULL)
- return 1;
- lstart = p + 1;
- }
- }
|