3 * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
6 /* ====================================================================
7 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
35 * 6. Redistributions of any form whatsoever must retain the following
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
62 #include <openssl/crypto.h>
63 #include "internal/cryptlib.h"
64 #include <openssl/conf.h>
65 #include <openssl/dso.h>
66 #include <openssl/x509.h>
68 #define DSO_mod_init_name "OPENSSL_init"
69 #define DSO_mod_finish_name "OPENSSL_finish"
72 * This structure contains a data about supported modules. entries in this
73 * table correspond to either dynamic or static modules.
76 struct conf_module_st {
77 /* DSO of this module or NULL if static */
79 /* Name of the module */
84 conf_finish_func *finish;
85 /* Number of successfully initialized modules */
91 * This structure contains information about modules that have been
92 * successfully initialized. There may be more than one entry for a given
96 struct conf_imodule_st {
104 static STACK_OF(CONF_MODULE) *supported_modules = NULL;
105 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
107 static void module_free(CONF_MODULE *md);
108 static void module_finish(CONF_IMODULE *imod);
109 static int module_run(const CONF *cnf, char *name, char *value,
110 unsigned long flags);
111 static CONF_MODULE *module_add(DSO *dso, const char *name,
112 conf_init_func *ifunc,
113 conf_finish_func *ffunc);
114 static CONF_MODULE *module_find(char *name);
115 static int module_init(CONF_MODULE *pmod, char *name, char *value,
117 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
118 unsigned long flags);
120 /* Main function: load modules from a CONF structure */
122 int CONF_modules_load(const CONF *cnf, const char *appname,
125 STACK_OF(CONF_VALUE) *values;
127 char *vsection = NULL;
135 vsection = NCONF_get_string(cnf, NULL, appname);
137 if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
138 vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
145 values = NCONF_get_section(cnf, vsection);
150 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
151 vl = sk_CONF_VALUE_value(values, i);
152 ret = module_run(cnf, vl->name, vl->value, flags);
154 if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
162 int CONF_modules_load_file(const char *filename, const char *appname,
168 conf = NCONF_new(NULL);
172 if (filename == NULL) {
173 file = CONF_get1_default_config_file();
177 file = (char *)filename;
179 if (NCONF_load(conf, file, NULL) <= 0) {
180 if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
181 (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
188 ret = CONF_modules_load(conf, appname, flags);
191 if (filename == NULL)
198 static int module_run(const CONF *cnf, char *name, char *value,
204 md = module_find(name);
206 /* Module not found: try to load DSO */
207 if (!md && !(flags & CONF_MFLAGS_NO_DSO))
208 md = module_load_dso(cnf, name, value, flags);
211 if (!(flags & CONF_MFLAGS_SILENT)) {
212 CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
213 ERR_add_error_data(2, "module=", name);
218 ret = module_init(md, name, value, cnf);
221 if (!(flags & CONF_MFLAGS_SILENT)) {
222 char rcode[DECIMAL_SIZE(ret) + 1];
223 CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
224 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
225 ERR_add_error_data(6, "module=", name, ", value=", value,
226 ", retcode=", rcode);
233 /* Load a module from a DSO */
234 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
238 conf_init_func *ifunc;
239 conf_finish_func *ffunc;
243 /* Look for alternative path in module section */
244 path = NCONF_get_string(cnf, value, "path");
249 dso = DSO_load(NULL, path, NULL, 0);
251 errcode = CONF_R_ERROR_LOADING_DSO;
254 ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
256 errcode = CONF_R_MISSING_INIT_FUNCTION;
259 ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
260 /* All OK, add module */
261 md = module_add(dso, name, ifunc, ffunc);
270 CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
271 ERR_add_error_data(4, "module=", name, ", path=", path);
275 /* add module to list */
276 static CONF_MODULE *module_add(DSO *dso, const char *name,
277 conf_init_func *ifunc, conf_finish_func *ffunc)
279 CONF_MODULE *tmod = NULL;
280 if (supported_modules == NULL)
281 supported_modules = sk_CONF_MODULE_new_null();
282 if (supported_modules == NULL)
284 tmod = OPENSSL_zalloc(sizeof(*tmod));
289 tmod->name = BUF_strdup(name);
291 tmod->finish = ffunc;
293 if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
302 * Find a module from the list. We allow module names of the form
303 * modname.XXXX to just search for modname to allow the same module to be
304 * initialized more than once.
307 static CONF_MODULE *module_find(char *name)
312 p = strrchr(name, '.');
317 nchar = strlen(name);
319 for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
320 tmod = sk_CONF_MODULE_value(supported_modules, i);
321 if (strncmp(tmod->name, name, nchar) == 0)
329 /* initialize a module */
330 static int module_init(CONF_MODULE *pmod, char *name, char *value,
335 CONF_IMODULE *imod = NULL;
337 /* Otherwise add initialized module to list */
338 imod = OPENSSL_malloc(sizeof(*imod));
343 imod->name = BUF_strdup(name);
344 imod->value = BUF_strdup(value);
345 imod->usr_data = NULL;
347 if (!imod->name || !imod->value)
350 /* Try to initialize module */
352 ret = pmod->init(imod, cnf);
354 /* Error occurred, exit */
359 if (initialized_modules == NULL) {
360 initialized_modules = sk_CONF_IMODULE_new_null();
361 if (!initialized_modules) {
362 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
367 if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
368 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
378 /* We've started the module so we'd better finish it */
379 if (pmod->finish && init_called)
384 OPENSSL_free(imod->name);
385 OPENSSL_free(imod->value);
394 * Unload any dynamic modules that have a link count of zero: i.e. have no
395 * active initialized modules. If 'all' is set then all modules are unloaded
396 * including static ones.
399 void CONF_modules_unload(int all)
403 CONF_modules_finish();
404 /* unload modules in reverse order */
405 for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
406 md = sk_CONF_MODULE_value(supported_modules, i);
407 /* If static or in use and 'all' not set ignore it */
408 if (((md->links > 0) || !md->dso) && !all)
410 /* Since we're working in reverse this is OK */
411 (void)sk_CONF_MODULE_delete(supported_modules, i);
414 if (sk_CONF_MODULE_num(supported_modules) == 0) {
415 sk_CONF_MODULE_free(supported_modules);
416 supported_modules = NULL;
420 /* unload a single module */
421 static void module_free(CONF_MODULE *md)
424 OPENSSL_free(md->name);
428 /* finish and free up all modules instances */
430 void CONF_modules_finish(void)
433 while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
434 imod = sk_CONF_IMODULE_pop(initialized_modules);
437 sk_CONF_IMODULE_free(initialized_modules);
438 initialized_modules = NULL;
441 /* finish a module instance */
443 static void module_finish(CONF_IMODULE *imod)
447 if (imod->pmod->finish)
448 imod->pmod->finish(imod);
450 OPENSSL_free(imod->name);
451 OPENSSL_free(imod->value);
455 /* Add a static module to OpenSSL */
457 int CONF_module_add(const char *name, conf_init_func *ifunc,
458 conf_finish_func *ffunc)
460 if (module_add(NULL, name, ifunc, ffunc))
466 void CONF_modules_free(void)
468 CONF_modules_finish();
469 CONF_modules_unload(1);
472 /* Utility functions */
474 const char *CONF_imodule_get_name(const CONF_IMODULE *md)
479 const char *CONF_imodule_get_value(const CONF_IMODULE *md)
484 void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
489 void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
491 md->usr_data = usr_data;
494 CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
499 unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
504 void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
509 void *CONF_module_get_usr_data(CONF_MODULE *pmod)
511 return pmod->usr_data;
514 void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
516 pmod->usr_data = usr_data;
519 /* Return default config file name */
521 char *CONF_get1_default_config_file(void)
526 file = getenv("OPENSSL_CONF");
528 return BUF_strdup(file);
530 len = strlen(X509_get_default_cert_area());
531 #ifndef OPENSSL_SYS_VMS
534 len += strlen(OPENSSL_CONF);
536 file = OPENSSL_malloc(len + 1);
540 BUF_strlcpy(file, X509_get_default_cert_area(), len + 1);
541 #ifndef OPENSSL_SYS_VMS
542 BUF_strlcat(file, "/", len + 1);
544 BUF_strlcat(file, OPENSSL_CONF, len + 1);
550 * This function takes a list separated by 'sep' and calls the callback
551 * function giving the start and length of each member optionally stripping
552 * leading and trailing whitespace. This can be used to parse comma separated
556 int CONF_parse_list(const char *list_, int sep, int nospc,
557 int (*list_cb) (const char *elem, int len, void *usr),
561 const char *lstart, *tmpend, *p;
564 CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
571 while (*lstart && isspace((unsigned char)*lstart))
574 p = strchr(lstart, sep);
575 if (p == lstart || !*lstart)
576 ret = list_cb(NULL, 0, arg);
581 tmpend = lstart + strlen(lstart) - 1;
583 while (isspace((unsigned char)*tmpend))
586 ret = list_cb(lstart, tmpend - lstart + 1, arg);