conf_def.c 28 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013
  1. /*
  2. * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* Part of the code in here was originally in conf.c, which is now removed */
  10. #include <stdio.h>
  11. #include <string.h>
  12. #include "internal/e_os.h" /* struct stat */
  13. #ifdef __TANDEM
  14. # include <sys/types.h> /* needed for stat.h */
  15. # include <sys/stat.h> /* struct stat */
  16. #endif
  17. #include "internal/cryptlib.h"
  18. #include "internal/o_dir.h"
  19. #include <openssl/lhash.h>
  20. #include <openssl/conf.h>
  21. #include <openssl/conf_api.h>
  22. #include "conf_local.h"
  23. #include "conf_def.h"
  24. #include <openssl/buffer.h>
  25. #include <openssl/err.h>
  26. #ifndef OPENSSL_NO_POSIX_IO
  27. # include <sys/stat.h>
  28. # ifdef _WIN32
  29. # define stat _stat
  30. # endif
  31. #endif
  32. #ifndef S_ISDIR
  33. # define S_ISDIR(a) (((a) & S_IFMT) == S_IFDIR)
  34. #endif
  35. /*
  36. * The maximum length we can grow a value to after variable expansion. 64k
  37. * should be more than enough for all reasonable uses.
  38. */
  39. #define MAX_CONF_VALUE_LENGTH 65536
  40. static int is_keytype(const CONF *conf, char c, unsigned short type);
  41. static char *eat_ws(CONF *conf, char *p);
  42. static void trim_ws(CONF *conf, char *start);
  43. static char *eat_alpha_numeric(CONF *conf, char *p);
  44. static void clear_comments(CONF *conf, char *p);
  45. static int str_copy(CONF *conf, char *section, char **to, char *from);
  46. static char *scan_quote(CONF *conf, char *p);
  47. static char *scan_dquote(CONF *conf, char *p);
  48. #define scan_esc(conf,p) (((IS_EOF((conf),(p)[1]))?((p)+1):((p)+2)))
  49. #ifndef OPENSSL_NO_POSIX_IO
  50. static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
  51. char **dirpath);
  52. static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx);
  53. #endif
  54. static CONF *def_create(CONF_METHOD *meth);
  55. static int def_init_default(CONF *conf);
  56. #ifndef OPENSSL_NO_DEPRECATED_3_0
  57. static int def_init_WIN32(CONF *conf);
  58. #endif
  59. static int def_destroy(CONF *conf);
  60. static int def_destroy_data(CONF *conf);
  61. static int def_load(CONF *conf, const char *name, long *eline);
  62. static int def_load_bio(CONF *conf, BIO *bp, long *eline);
  63. static int def_dump(const CONF *conf, BIO *bp);
  64. static int def_is_number(const CONF *conf, char c);
  65. static int def_to_int(const CONF *conf, char c);
  66. static CONF_METHOD default_method = {
  67. "OpenSSL default",
  68. def_create,
  69. def_init_default,
  70. def_destroy,
  71. def_destroy_data,
  72. def_load_bio,
  73. def_dump,
  74. def_is_number,
  75. def_to_int,
  76. def_load
  77. };
  78. CONF_METHOD *NCONF_default(void)
  79. {
  80. return &default_method;
  81. }
  82. #ifndef OPENSSL_NO_DEPRECATED_3_0
  83. static CONF_METHOD WIN32_method = {
  84. "WIN32",
  85. def_create,
  86. def_init_WIN32,
  87. def_destroy,
  88. def_destroy_data,
  89. def_load_bio,
  90. def_dump,
  91. def_is_number,
  92. def_to_int,
  93. def_load
  94. };
  95. CONF_METHOD *NCONF_WIN32(void)
  96. {
  97. return &WIN32_method;
  98. }
  99. #endif
  100. static CONF *def_create(CONF_METHOD *meth)
  101. {
  102. CONF *ret;
  103. ret = OPENSSL_malloc(sizeof(*ret));
  104. if (ret != NULL)
  105. if (meth->init(ret) == 0) {
  106. OPENSSL_free(ret);
  107. ret = NULL;
  108. }
  109. return ret;
  110. }
  111. static int def_init_default(CONF *conf)
  112. {
  113. if (conf == NULL)
  114. return 0;
  115. memset(conf, 0, sizeof(*conf));
  116. conf->meth = &default_method;
  117. conf->meth_data = (void *)CONF_type_default;
  118. return 1;
  119. }
  120. #ifndef OPENSSL_NO_DEPRECATED_3_0
  121. static int def_init_WIN32(CONF *conf)
  122. {
  123. if (conf == NULL)
  124. return 0;
  125. memset(conf, 0, sizeof(*conf));
  126. conf->meth = &WIN32_method;
  127. conf->meth_data = (void *)CONF_type_win32;
  128. return 1;
  129. }
  130. #endif
  131. static int def_destroy(CONF *conf)
  132. {
  133. if (def_destroy_data(conf)) {
  134. OPENSSL_free(conf);
  135. return 1;
  136. }
  137. return 0;
  138. }
  139. static int def_destroy_data(CONF *conf)
  140. {
  141. if (conf == NULL)
  142. return 0;
  143. _CONF_free_data(conf);
  144. return 1;
  145. }
  146. static int def_load(CONF *conf, const char *name, long *line)
  147. {
  148. int ret;
  149. BIO *in = NULL;
  150. #ifdef OPENSSL_SYS_VMS
  151. in = BIO_new_file(name, "r");
  152. #else
  153. in = BIO_new_file(name, "rb");
  154. #endif
  155. if (in == NULL) {
  156. if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE)
  157. ERR_raise(ERR_LIB_CONF, CONF_R_NO_SUCH_FILE);
  158. else
  159. ERR_raise(ERR_LIB_CONF, ERR_R_SYS_LIB);
  160. return 0;
  161. }
  162. ret = def_load_bio(conf, in, line);
  163. BIO_free(in);
  164. return ret;
  165. }
  166. /* Parse a boolean value and fill in *flag. Return 0 on error. */
  167. static int parsebool(const char *pval, int *flag)
  168. {
  169. if (OPENSSL_strcasecmp(pval, "on") == 0
  170. || OPENSSL_strcasecmp(pval, "true") == 0) {
  171. *flag = 1;
  172. } else if (OPENSSL_strcasecmp(pval, "off") == 0
  173. || OPENSSL_strcasecmp(pval, "false") == 0) {
  174. *flag = 0;
  175. } else {
  176. ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);
  177. return 0;
  178. }
  179. return 1;
  180. }
  181. static int def_load_bio(CONF *conf, BIO *in, long *line)
  182. {
  183. /* The macro BUFSIZE conflicts with a system macro in VxWorks */
  184. #define CONFBUFSIZE 512
  185. int bufnum = 0, i, ii;
  186. BUF_MEM *buff = NULL;
  187. char *s, *p, *end;
  188. int again;
  189. int first_call = 1;
  190. long eline = 0;
  191. char btmp[DECIMAL_SIZE(eline) + 1];
  192. CONF_VALUE *v = NULL, *tv;
  193. CONF_VALUE *sv = NULL;
  194. char *section = NULL, *buf;
  195. char *start, *psection, *pname;
  196. void *h = (void *)(conf->data);
  197. STACK_OF(BIO) *biosk = NULL;
  198. #ifndef OPENSSL_NO_POSIX_IO
  199. char *dirpath = NULL;
  200. OPENSSL_DIR_CTX *dirctx = NULL;
  201. #endif
  202. #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  203. int numincludes = 0;
  204. #endif
  205. if ((buff = BUF_MEM_new()) == NULL) {
  206. ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
  207. goto err;
  208. }
  209. section = OPENSSL_strdup("default");
  210. if (section == NULL)
  211. goto err;
  212. if (_CONF_new_data(conf) == 0) {
  213. ERR_raise(ERR_LIB_CONF, ERR_R_CONF_LIB);
  214. goto err;
  215. }
  216. sv = _CONF_new_section(conf, section);
  217. if (sv == NULL) {
  218. ERR_raise(ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
  219. goto err;
  220. }
  221. bufnum = 0;
  222. again = 0;
  223. for (;;) {
  224. if (!BUF_MEM_grow(buff, bufnum + CONFBUFSIZE)) {
  225. ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
  226. goto err;
  227. }
  228. p = &(buff->data[bufnum]);
  229. *p = '\0';
  230. read_retry:
  231. if (in != NULL && BIO_gets(in, p, CONFBUFSIZE - 1) < 0)
  232. goto err;
  233. p[CONFBUFSIZE - 1] = '\0';
  234. ii = i = strlen(p);
  235. if (first_call) {
  236. /* Other BOMs imply unsupported multibyte encoding,
  237. * so don't strip them and let the error raise */
  238. const unsigned char utf8_bom[3] = {0xEF, 0xBB, 0xBF};
  239. if (i >= 3 && memcmp(p, utf8_bom, 3) == 0) {
  240. memmove(p, p + 3, i - 3);
  241. p[i - 3] = 0;
  242. i -= 3;
  243. ii -= 3;
  244. }
  245. first_call = 0;
  246. }
  247. if (i == 0 && !again) {
  248. /* the currently processed BIO is NULL or at EOF */
  249. BIO *parent;
  250. #ifndef OPENSSL_NO_POSIX_IO
  251. /* continue processing with the next file from directory */
  252. if (dirctx != NULL) {
  253. BIO *next;
  254. if ((next = get_next_file(dirpath, &dirctx)) != NULL) {
  255. BIO_vfree(in);
  256. in = next;
  257. goto read_retry;
  258. } else {
  259. OPENSSL_free(dirpath);
  260. dirpath = NULL;
  261. }
  262. }
  263. #endif
  264. /* no more files in directory, continue with processing parent */
  265. if ((parent = sk_BIO_pop(biosk)) == NULL) {
  266. /* everything processed get out of the loop */
  267. break;
  268. } else {
  269. BIO_vfree(in);
  270. in = parent;
  271. goto read_retry;
  272. }
  273. }
  274. again = 0;
  275. while (i > 0) {
  276. if ((p[i - 1] != '\r') && (p[i - 1] != '\n'))
  277. break;
  278. else
  279. i--;
  280. }
  281. /*
  282. * we removed some trailing stuff so there is a new line on the end.
  283. */
  284. if (ii && i == ii)
  285. again = 1; /* long line */
  286. else {
  287. p[i] = '\0';
  288. eline++; /* another input line */
  289. }
  290. /* we now have a line with trailing \r\n removed */
  291. /* i is the number of bytes */
  292. bufnum += i;
  293. v = NULL;
  294. /* check for line continuation */
  295. if (bufnum >= 1) {
  296. /*
  297. * If we have bytes and the last char '\\' and second last char
  298. * is not '\\'
  299. */
  300. p = &(buff->data[bufnum - 1]);
  301. if (IS_ESC(conf, p[0]) && ((bufnum <= 1) || !IS_ESC(conf, p[-1]))) {
  302. bufnum--;
  303. again = 1;
  304. }
  305. }
  306. if (again)
  307. continue;
  308. bufnum = 0;
  309. buf = buff->data;
  310. clear_comments(conf, buf);
  311. s = eat_ws(conf, buf);
  312. if (IS_EOF(conf, *s))
  313. continue; /* blank line */
  314. if (*s == '[') {
  315. char *ss;
  316. s++;
  317. start = eat_ws(conf, s);
  318. ss = start;
  319. again:
  320. end = eat_alpha_numeric(conf, ss);
  321. p = eat_ws(conf, end);
  322. if (*p != ']') {
  323. if (*p != '\0' && ss != p) {
  324. ss = p;
  325. goto again;
  326. }
  327. ERR_raise(ERR_LIB_CONF, CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
  328. goto err;
  329. }
  330. *end = '\0';
  331. if (!str_copy(conf, NULL, &section, start))
  332. goto err;
  333. if ((sv = _CONF_get_section(conf, section)) == NULL)
  334. sv = _CONF_new_section(conf, section);
  335. if (sv == NULL) {
  336. ERR_raise(ERR_LIB_CONF, CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
  337. goto err;
  338. }
  339. continue;
  340. } else {
  341. pname = s;
  342. end = eat_alpha_numeric(conf, s);
  343. if ((end[0] == ':') && (end[1] == ':')) {
  344. *end = '\0';
  345. end += 2;
  346. psection = pname;
  347. pname = end;
  348. end = eat_alpha_numeric(conf, end);
  349. } else {
  350. psection = section;
  351. }
  352. p = eat_ws(conf, end);
  353. if (CHECK_AND_SKIP_PREFIX(pname, ".pragma")
  354. && (p != pname || *p == '=')) {
  355. char *pval;
  356. if (*p == '=') {
  357. p++;
  358. p = eat_ws(conf, p);
  359. }
  360. trim_ws(conf, p);
  361. /* Pragma values take the form keyword:value */
  362. pval = strchr(p, ':');
  363. if (pval == NULL || pval == p || pval[1] == '\0') {
  364. ERR_raise(ERR_LIB_CONF, CONF_R_INVALID_PRAGMA);
  365. goto err;
  366. }
  367. *pval++ = '\0';
  368. trim_ws(conf, p);
  369. pval = eat_ws(conf, pval);
  370. /*
  371. * Known pragmas:
  372. *
  373. * dollarid takes "on", "true or "off", "false"
  374. * abspath takes "on", "true or "off", "false"
  375. * includedir directory prefix
  376. */
  377. if (strcmp(p, "dollarid") == 0) {
  378. if (!parsebool(pval, &conf->flag_dollarid))
  379. goto err;
  380. } else if (strcmp(p, "abspath") == 0) {
  381. if (!parsebool(pval, &conf->flag_abspath))
  382. goto err;
  383. } else if (strcmp(p, "includedir") == 0) {
  384. OPENSSL_free(conf->includedir);
  385. if ((conf->includedir = OPENSSL_strdup(pval)) == NULL)
  386. goto err;
  387. }
  388. /*
  389. * We *ignore* any unknown pragma.
  390. */
  391. continue;
  392. } else if (CHECK_AND_SKIP_PREFIX(pname, ".include")
  393. && (p != pname || *p == '=')) {
  394. char *include = NULL;
  395. BIO *next;
  396. const char *include_dir = ossl_safe_getenv("OPENSSL_CONF_INCLUDE");
  397. char *include_path = NULL;
  398. #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  399. /*
  400. * The include processing below can cause the "conf" fuzzer to
  401. * timeout due to the fuzzer inserting large and complicated
  402. * includes - with a large amount of time spent in
  403. * OPENSSL_strlcat/OPENSSL_strcpy. This is not a security
  404. * concern because config files should never come from untrusted
  405. * sources. We just set an arbitrary limit on the allowed
  406. * number of includes when fuzzing to prevent this timeout.
  407. */
  408. if (numincludes++ > 10)
  409. goto err;
  410. #endif
  411. if (include_dir == NULL)
  412. include_dir = conf->includedir;
  413. if (*p == '=') {
  414. p++;
  415. p = eat_ws(conf, p);
  416. }
  417. trim_ws(conf, p);
  418. if (!str_copy(conf, psection, &include, p))
  419. goto err;
  420. if (include_dir != NULL && !ossl_is_absolute_path(include)) {
  421. size_t newlen = strlen(include_dir) + strlen(include) + 2;
  422. include_path = OPENSSL_malloc(newlen);
  423. if (include_path == NULL) {
  424. OPENSSL_free(include);
  425. goto err;
  426. }
  427. OPENSSL_strlcpy(include_path, include_dir, newlen);
  428. if (!ossl_ends_with_dirsep(include_path))
  429. OPENSSL_strlcat(include_path, "/", newlen);
  430. OPENSSL_strlcat(include_path, include, newlen);
  431. OPENSSL_free(include);
  432. } else {
  433. include_path = include;
  434. }
  435. if (conf->flag_abspath
  436. && !ossl_is_absolute_path(include_path)) {
  437. ERR_raise(ERR_LIB_CONF, CONF_R_RELATIVE_PATH);
  438. OPENSSL_free(include_path);
  439. goto err;
  440. }
  441. /* get the BIO of the included file */
  442. #ifndef OPENSSL_NO_POSIX_IO
  443. next = process_include(include_path, &dirctx, &dirpath);
  444. if (include_path != dirpath) {
  445. /* dirpath will contain include in case of a directory */
  446. OPENSSL_free(include_path);
  447. }
  448. #else
  449. next = BIO_new_file(include_path, "r");
  450. OPENSSL_free(include_path);
  451. #endif
  452. if (next != NULL) {
  453. /* push the currently processing BIO onto stack */
  454. if (biosk == NULL) {
  455. if ((biosk = sk_BIO_new_null()) == NULL) {
  456. ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
  457. BIO_free(next);
  458. goto err;
  459. }
  460. }
  461. if (!sk_BIO_push(biosk, in)) {
  462. ERR_raise(ERR_LIB_CONF, ERR_R_CRYPTO_LIB);
  463. BIO_free(next);
  464. goto err;
  465. }
  466. /* continue with reading from the included BIO */
  467. in = next;
  468. }
  469. continue;
  470. } else if (*p != '=') {
  471. ERR_raise_data(ERR_LIB_CONF, CONF_R_MISSING_EQUAL_SIGN,
  472. "HERE-->%s", p);
  473. goto err;
  474. }
  475. *end = '\0';
  476. p++;
  477. start = eat_ws(conf, p);
  478. trim_ws(conf, start);
  479. if ((v = OPENSSL_malloc(sizeof(*v))) == NULL)
  480. goto err;
  481. v->name = OPENSSL_strdup(pname);
  482. v->value = NULL;
  483. if (v->name == NULL)
  484. goto err;
  485. if (!str_copy(conf, psection, &(v->value), start))
  486. goto err;
  487. if (strcmp(psection, section) != 0) {
  488. if ((tv = _CONF_get_section(conf, psection))
  489. == NULL)
  490. tv = _CONF_new_section(conf, psection);
  491. if (tv == NULL) {
  492. ERR_raise(ERR_LIB_CONF,
  493. CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
  494. goto err;
  495. }
  496. } else
  497. tv = sv;
  498. if (_CONF_add_string(conf, tv, v) == 0) {
  499. ERR_raise(ERR_LIB_CONF, ERR_R_CONF_LIB);
  500. goto err;
  501. }
  502. v = NULL;
  503. }
  504. }
  505. BUF_MEM_free(buff);
  506. OPENSSL_free(section);
  507. /*
  508. * No need to pop, since we only get here if the stack is empty.
  509. * If this causes a BIO leak, THE ISSUE IS SOMEWHERE ELSE!
  510. */
  511. sk_BIO_free(biosk);
  512. return 1;
  513. err:
  514. BUF_MEM_free(buff);
  515. OPENSSL_free(section);
  516. /*
  517. * Since |in| is the first element of the stack and should NOT be freed
  518. * here, we cannot use sk_BIO_pop_free(). Instead, we pop and free one
  519. * BIO at a time, making sure that the last one popped isn't.
  520. */
  521. while (sk_BIO_num(biosk) > 0) {
  522. BIO *popped = sk_BIO_pop(biosk);
  523. BIO_vfree(in);
  524. in = popped;
  525. }
  526. sk_BIO_free(biosk);
  527. #ifndef OPENSSL_NO_POSIX_IO
  528. OPENSSL_free(dirpath);
  529. if (dirctx != NULL)
  530. OPENSSL_DIR_end(&dirctx);
  531. #endif
  532. if (line != NULL)
  533. *line = eline;
  534. BIO_snprintf(btmp, sizeof(btmp), "%ld", eline);
  535. ERR_add_error_data(2, "line ", btmp);
  536. if (h != conf->data) {
  537. CONF_free(conf->data);
  538. conf->data = NULL;
  539. }
  540. if (v != NULL) {
  541. OPENSSL_free(v->name);
  542. OPENSSL_free(v->value);
  543. OPENSSL_free(v);
  544. }
  545. return 0;
  546. }
  547. static void clear_comments(CONF *conf, char *p)
  548. {
  549. for (;;) {
  550. if (IS_FCOMMENT(conf, *p)) {
  551. *p = '\0';
  552. return;
  553. }
  554. if (!IS_WS(conf, *p)) {
  555. break;
  556. }
  557. p++;
  558. }
  559. for (;;) {
  560. if (IS_COMMENT(conf, *p)) {
  561. *p = '\0';
  562. return;
  563. }
  564. if (IS_DQUOTE(conf, *p)) {
  565. p = scan_dquote(conf, p);
  566. continue;
  567. }
  568. if (IS_QUOTE(conf, *p)) {
  569. p = scan_quote(conf, p);
  570. continue;
  571. }
  572. if (IS_ESC(conf, *p)) {
  573. p = scan_esc(conf, p);
  574. continue;
  575. }
  576. if (IS_EOF(conf, *p))
  577. return;
  578. else
  579. p++;
  580. }
  581. }
  582. static int str_copy(CONF *conf, char *section, char **pto, char *from)
  583. {
  584. int q, r, rr = 0, to = 0, len = 0;
  585. char *s, *e, *rp, *p, *rrp, *np, *cp, v;
  586. BUF_MEM *buf;
  587. if ((buf = BUF_MEM_new()) == NULL)
  588. return 0;
  589. len = strlen(from) + 1;
  590. if (!BUF_MEM_grow(buf, len))
  591. goto err;
  592. for (;;) {
  593. if (IS_QUOTE(conf, *from)) {
  594. q = *from;
  595. from++;
  596. while (!IS_EOF(conf, *from) && (*from != q)) {
  597. if (IS_ESC(conf, *from)) {
  598. from++;
  599. if (IS_EOF(conf, *from))
  600. break;
  601. }
  602. buf->data[to++] = *(from++);
  603. }
  604. if (*from == q)
  605. from++;
  606. } else if (IS_DQUOTE(conf, *from)) {
  607. q = *from;
  608. from++;
  609. while (!IS_EOF(conf, *from)) {
  610. if (*from == q) {
  611. if (*(from + 1) == q) {
  612. from++;
  613. } else {
  614. break;
  615. }
  616. }
  617. buf->data[to++] = *(from++);
  618. }
  619. if (*from == q)
  620. from++;
  621. } else if (IS_ESC(conf, *from)) {
  622. from++;
  623. v = *(from++);
  624. if (IS_EOF(conf, v))
  625. break;
  626. else if (v == 'r')
  627. v = '\r';
  628. else if (v == 'n')
  629. v = '\n';
  630. else if (v == 'b')
  631. v = '\b';
  632. else if (v == 't')
  633. v = '\t';
  634. buf->data[to++] = v;
  635. } else if (IS_EOF(conf, *from))
  636. break;
  637. else if (*from == '$'
  638. && (!conf->flag_dollarid
  639. || from[1] == '{'
  640. || from[1] == '(')) {
  641. size_t newsize;
  642. /* try to expand it */
  643. rrp = NULL;
  644. s = &(from[1]);
  645. if (*s == '{')
  646. q = '}';
  647. else if (*s == '(')
  648. q = ')';
  649. else
  650. q = 0;
  651. if (q)
  652. s++;
  653. cp = section;
  654. e = np = s;
  655. while (IS_ALNUM(conf, *e)
  656. || (conf->flag_dollarid && IS_DOLLAR(conf, *e)))
  657. e++;
  658. if ((e[0] == ':') && (e[1] == ':')) {
  659. cp = np;
  660. rrp = e;
  661. rr = *e;
  662. *rrp = '\0';
  663. e += 2;
  664. np = e;
  665. while (IS_ALNUM(conf, *e)
  666. || (conf->flag_dollarid && IS_DOLLAR(conf, *e)))
  667. e++;
  668. }
  669. r = *e;
  670. *e = '\0';
  671. rp = e;
  672. if (q) {
  673. if (r != q) {
  674. ERR_raise(ERR_LIB_CONF, CONF_R_NO_CLOSE_BRACE);
  675. goto err;
  676. }
  677. e++;
  678. }
  679. /*-
  680. * So at this point we have
  681. * np which is the start of the name string which is
  682. * '\0' terminated.
  683. * cp which is the start of the section string which is
  684. * '\0' terminated.
  685. * e is the 'next point after'.
  686. * r and rr are the chars replaced by the '\0'
  687. * rp and rrp is where 'r' and 'rr' came from.
  688. */
  689. p = _CONF_get_string(conf, cp, np);
  690. if (rrp != NULL)
  691. *rrp = rr;
  692. *rp = r;
  693. if (p == NULL) {
  694. ERR_raise(ERR_LIB_CONF, CONF_R_VARIABLE_HAS_NO_VALUE);
  695. goto err;
  696. }
  697. newsize = strlen(p) + buf->length - (e - from);
  698. if (newsize > MAX_CONF_VALUE_LENGTH) {
  699. ERR_raise(ERR_LIB_CONF, CONF_R_VARIABLE_EXPANSION_TOO_LONG);
  700. goto err;
  701. }
  702. if (!BUF_MEM_grow_clean(buf, newsize)) {
  703. ERR_raise(ERR_LIB_CONF, ERR_R_BUF_LIB);
  704. goto err;
  705. }
  706. while (*p)
  707. buf->data[to++] = *(p++);
  708. /*
  709. * Since we change the pointer 'from', we also have to change the
  710. * perceived length of the string it points at. /RL
  711. */
  712. len -= e - from;
  713. from = e;
  714. /*
  715. * In case there were no braces or parenthesis around the
  716. * variable reference, we have to put back the character that was
  717. * replaced with a '\0'. /RL
  718. */
  719. *rp = r;
  720. } else
  721. buf->data[to++] = *(from++);
  722. }
  723. buf->data[to] = '\0';
  724. OPENSSL_free(*pto);
  725. *pto = buf->data;
  726. OPENSSL_free(buf);
  727. return 1;
  728. err:
  729. BUF_MEM_free(buf);
  730. return 0;
  731. }
  732. #ifndef OPENSSL_NO_POSIX_IO
  733. /*
  734. * Check whether included path is a directory.
  735. * Returns next BIO to process and in case of a directory
  736. * also an opened directory context and the include path.
  737. */
  738. static BIO *process_include(char *include, OPENSSL_DIR_CTX **dirctx,
  739. char **dirpath)
  740. {
  741. struct stat st;
  742. BIO *next;
  743. if (stat(include, &st) < 0) {
  744. ERR_raise_data(ERR_LIB_SYS, errno, "calling stat(%s)", include);
  745. /* missing include file is not fatal error */
  746. return NULL;
  747. }
  748. if (S_ISDIR(st.st_mode)) {
  749. if (*dirctx != NULL) {
  750. ERR_raise_data(ERR_LIB_CONF, CONF_R_RECURSIVE_DIRECTORY_INCLUDE,
  751. "%s", include);
  752. return NULL;
  753. }
  754. /* a directory, load its contents */
  755. if ((next = get_next_file(include, dirctx)) != NULL)
  756. *dirpath = include;
  757. return next;
  758. }
  759. next = BIO_new_file(include, "r");
  760. return next;
  761. }
  762. /*
  763. * Get next file from the directory path.
  764. * Returns BIO of the next file to read and updates dirctx.
  765. */
  766. static BIO *get_next_file(const char *path, OPENSSL_DIR_CTX **dirctx)
  767. {
  768. const char *filename;
  769. size_t pathlen;
  770. pathlen = strlen(path);
  771. while ((filename = OPENSSL_DIR_read(dirctx, path)) != NULL) {
  772. size_t namelen;
  773. namelen = strlen(filename);
  774. if ((namelen > 5
  775. && OPENSSL_strcasecmp(filename + namelen - 5, ".conf") == 0)
  776. || (namelen > 4
  777. && OPENSSL_strcasecmp(filename + namelen - 4, ".cnf") == 0)) {
  778. size_t newlen;
  779. char *newpath;
  780. BIO *bio;
  781. newlen = pathlen + namelen + 2;
  782. newpath = OPENSSL_zalloc(newlen);
  783. if (newpath == NULL)
  784. break;
  785. #ifdef OPENSSL_SYS_VMS
  786. /*
  787. * If the given path isn't clear VMS syntax,
  788. * we treat it as on Unix.
  789. */
  790. if (path[pathlen - 1] == ']'
  791. || path[pathlen - 1] == '>'
  792. || path[pathlen - 1] == ':') {
  793. /* Clear VMS directory syntax, just copy as is */
  794. OPENSSL_strlcpy(newpath, path, newlen);
  795. }
  796. #endif
  797. if (newpath[0] == '\0') {
  798. OPENSSL_strlcpy(newpath, path, newlen);
  799. OPENSSL_strlcat(newpath, "/", newlen);
  800. }
  801. OPENSSL_strlcat(newpath, filename, newlen);
  802. bio = BIO_new_file(newpath, "r");
  803. OPENSSL_free(newpath);
  804. /* Errors when opening files are non-fatal. */
  805. if (bio != NULL)
  806. return bio;
  807. }
  808. }
  809. OPENSSL_DIR_end(dirctx);
  810. *dirctx = NULL;
  811. return NULL;
  812. }
  813. #endif
  814. static int is_keytype(const CONF *conf, char c, unsigned short type)
  815. {
  816. const unsigned short *keytypes = (const unsigned short *) conf->meth_data;
  817. unsigned char key = (unsigned char)c;
  818. #ifdef CHARSET_EBCDIC
  819. # if CHAR_BIT > 8
  820. if (key > 255) {
  821. /* key is out of range for os_toascii table */
  822. return 0;
  823. }
  824. # endif
  825. /* convert key from ebcdic to ascii */
  826. key = os_toascii[key];
  827. #endif
  828. if (key > 127) {
  829. /* key is not a seven bit ascii character */
  830. return 0;
  831. }
  832. return (keytypes[key] & type) ? 1 : 0;
  833. }
  834. static char *eat_ws(CONF *conf, char *p)
  835. {
  836. while (IS_WS(conf, *p) && (!IS_EOF(conf, *p)))
  837. p++;
  838. return p;
  839. }
  840. static void trim_ws(CONF *conf, char *start)
  841. {
  842. char *p = start;
  843. while (!IS_EOF(conf, *p))
  844. p++;
  845. p--;
  846. while ((p >= start) && IS_WS(conf, *p))
  847. p--;
  848. p++;
  849. *p = '\0';
  850. }
  851. static char *eat_alpha_numeric(CONF *conf, char *p)
  852. {
  853. for (;;) {
  854. if (IS_ESC(conf, *p)) {
  855. p = scan_esc(conf, p);
  856. continue;
  857. }
  858. if (!(IS_ALNUM_PUNCT(conf, *p)
  859. || (conf->flag_dollarid && IS_DOLLAR(conf, *p))))
  860. return p;
  861. p++;
  862. }
  863. }
  864. static char *scan_quote(CONF *conf, char *p)
  865. {
  866. int q = *p;
  867. p++;
  868. while (!(IS_EOF(conf, *p)) && (*p != q)) {
  869. if (IS_ESC(conf, *p)) {
  870. p++;
  871. if (IS_EOF(conf, *p))
  872. return p;
  873. }
  874. p++;
  875. }
  876. if (*p == q)
  877. p++;
  878. return p;
  879. }
  880. static char *scan_dquote(CONF *conf, char *p)
  881. {
  882. int q = *p;
  883. p++;
  884. while (!(IS_EOF(conf, *p))) {
  885. if (*p == q) {
  886. if (*(p + 1) == q) {
  887. p++;
  888. } else {
  889. break;
  890. }
  891. }
  892. p++;
  893. }
  894. if (*p == q)
  895. p++;
  896. return p;
  897. }
  898. static void dump_value_doall_arg(const CONF_VALUE *a, BIO *out)
  899. {
  900. if (a->name)
  901. BIO_printf(out, "[%s] %s=%s\n", a->section, a->name, a->value);
  902. else
  903. BIO_printf(out, "[[%s]]\n", a->section);
  904. }
  905. IMPLEMENT_LHASH_DOALL_ARG_CONST(CONF_VALUE, BIO);
  906. static int def_dump(const CONF *conf, BIO *out)
  907. {
  908. lh_CONF_VALUE_doall_BIO(conf->data, dump_value_doall_arg, out);
  909. return 1;
  910. }
  911. static int def_is_number(const CONF *conf, char c)
  912. {
  913. return IS_NUMBER(conf, c);
  914. }
  915. static int def_to_int(const CONF *conf, char c)
  916. {
  917. return c - '0';
  918. }