xref: /openbsd-src/lib/libcrypto/conf/conf_mod.c (revision 2a59c28f1eda4417570b8d10bbffcb8558777f77) 
1 /* $OpenBSD: conf_mod.c,v 1.40 2024/10/10 06:51:22 tb Exp $ */
2 /* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
3  * project 2001.
4  */
5 /* ====================================================================
6  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in
17  *    the documentation and/or other materials provided with the
18  *    distribution.
19  *
20  * 3. All advertising materials mentioning features or use of this
21  *    software must display the following acknowledgment:
22  *    "This product includes software developed by the OpenSSL Project
23  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24  *
25  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26  *    endorse or promote products derived from this software without
27  *    prior written permission. For written permission, please contact
28  *    licensing@OpenSSL.org.
29  *
30  * 5. Products derived from this software may not be called "OpenSSL"
31  *    nor may "OpenSSL" appear in their names without prior written
32  *    permission of the OpenSSL Project.
33  *
34  * 6. Redistributions of any form whatsoever must retain the following
35  *    acknowledgment:
36  *    "This product includes software developed by the OpenSSL Project
37  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38  *
39  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
43  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50  * OF THE POSSIBILITY OF SUCH DAMAGE.
51  * ====================================================================
52  *
53  * This product includes cryptographic software written by Eric Young
54  * (eay@cryptsoft.com).  This product includes software written by Tim
55  * Hudson (tjh@cryptsoft.com).
56  *
57  */
58 
59 #include <ctype.h>
60 #include <stdio.h>
61 #include <string.h>
62 #include <unistd.h>
63 
64 #include <openssl/conf.h>
65 #include <openssl/crypto.h>
66 #include <openssl/err.h>
67 #include <openssl/x509.h>
68 
69 /* This structure contains data about supported modules. */
70 struct conf_module_st {
71 	/* Name of the module */
72 	char *name;
73 	/* Init function */
74 	conf_init_func *init;
75 	/* Finish function */
76 	conf_finish_func *finish;
77 	/* Number of successfully initialized modules */
78 	int links;
79 };
80 
81 
82 /* This structure contains information about modules that have been
83  * successfully initialized. There may be more than one entry for a
84  * given module.
85  */
86 
87 struct conf_imodule_st {
88 	CONF_MODULE *mod;
89 	char *value;
90 };
91 
92 static STACK_OF(CONF_MODULE) *supported_modules = NULL;
93 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
94 
95 static void module_free(CONF_MODULE *mod);
96 static void imodule_free(CONF_IMODULE *imod);
97 static void module_finish(CONF_IMODULE *imod);
98 static int module_run(const CONF *cnf, char *name, char *value,
99     unsigned long flags);
100 static int module_add(const char *name, conf_init_func *ifunc,
101     conf_finish_func *ffunc);
102 static CONF_MODULE *module_find(char *name);
103 static int module_init(CONF_MODULE *mod, char *name, char *value,
104     const CONF *cnf);
105 
106 /* Main function: load modules from a CONF structure */
107 
108 int
109 CONF_modules_load(const CONF *cnf, const char *appname, unsigned long flags)
110 {
111 	STACK_OF(CONF_VALUE) *values;
112 	CONF_VALUE *vl;
113 	char *vsection = NULL;
114 
115 	int ret, i;
116 
117 	if (!cnf)
118 		return 1;
119 
120 	if (appname)
121 		vsection = NCONF_get_string(cnf, NULL, appname);
122 
123 	if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
124 		vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
125 
126 	if (!vsection) {
127 		ERR_clear_error();
128 		return 1;
129 	}
130 
131 	values = NCONF_get_section(cnf, vsection);
132 
133 	if (!values)
134 		return 0;
135 
136 	for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
137 		vl = sk_CONF_VALUE_value(values, i);
138 		ret = module_run(cnf, vl->name, vl->value, flags);
139 		if (ret <= 0)
140 			if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
141 				return ret;
142 	}
143 
144 	return 1;
145 }
146 LCRYPTO_ALIAS(CONF_modules_load);
147 
148 int
149 CONF_modules_load_file(const char *filename, const char *appname,
150     unsigned long flags)
151 {
152 	char *file = NULL;
153 	CONF *conf = NULL;
154 	int ret = 0;
155 	conf = NCONF_new(NULL);
156 	if (!conf)
157 		goto err;
158 
159 	if (filename == NULL) {
160 		file = CONF_get1_default_config_file();
161 		if (!file)
162 			goto err;
163 	} else
164 		file = (char *)filename;
165 
166 	if (NCONF_load(conf, file, NULL) <= 0) {
167 		if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
168 		    (ERR_GET_REASON(ERR_peek_last_error()) ==
169 		    CONF_R_NO_SUCH_FILE)) {
170 			ERR_clear_error();
171 			ret = 1;
172 		}
173 		goto err;
174 	}
175 
176 	ret = CONF_modules_load(conf, appname, flags);
177 
178 err:
179 	if (filename == NULL)
180 		free(file);
181 	NCONF_free(conf);
182 
183 	return ret;
184 }
185 LCRYPTO_ALIAS(CONF_modules_load_file);
186 
187 static int
188 module_run(const CONF *cnf, char *name, char *value, unsigned long flags)
189 {
190 	CONF_MODULE *mod;
191 	int ret;
192 
193 	if ((mod = module_find(name)) == NULL) {
194 		if (!(flags & CONF_MFLAGS_SILENT)) {
195 			CONFerror(CONF_R_UNKNOWN_MODULE_NAME);
196 			ERR_asprintf_error_data("module=%s", name);
197 		}
198 		return -1;
199 	}
200 
201 	ret = module_init(mod, name, value, cnf);
202 
203 	if (ret <= 0) {
204 		if (!(flags & CONF_MFLAGS_SILENT)) {
205 			CONFerror(CONF_R_MODULE_INITIALIZATION_ERROR);
206 			ERR_asprintf_error_data
207 			    ("module=%s, value=%s, retcode=%-8d",
208 			    name, value, ret);
209 		}
210 	}
211 
212 	return ret;
213 }
214 
215 static int
216 module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc)
217 {
218 	CONF_MODULE *mod = NULL;
219 	int ret = 0;
220 
221 	if (name == NULL)
222 		goto err;
223 
224 	if (supported_modules == NULL)
225 		supported_modules = sk_CONF_MODULE_new_null();
226 	if (supported_modules == NULL)
227 		goto err;
228 
229 	if ((mod = calloc(1, sizeof(*mod))) == NULL)
230 		goto err;
231 	if ((mod->name = strdup(name)) == NULL)
232 		goto err;
233 	mod->init = ifunc;
234 	mod->finish = ffunc;
235 
236 	if (!sk_CONF_MODULE_push(supported_modules, mod))
237 		goto err;
238 	mod = NULL;
239 
240 	ret = 1;
241 
242  err:
243 	module_free(mod);
244 
245 	return ret;
246 }
247 
248 /* Find a module from the list. We allow module names of the
249  * form modname.XXXX to just search for modname to allow the
250  * same module to be initialized more than once.
251  */
252 
253 static CONF_MODULE *
254 module_find(char *name)
255 {
256 	CONF_MODULE *mod;
257 	int i, nchar;
258 	char *p;
259 
260 	p = strrchr(name, '.');
261 
262 	if (p)
263 		nchar = p - name;
264 	else
265 		nchar = strlen(name);
266 
267 	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
268 		mod = sk_CONF_MODULE_value(supported_modules, i);
269 		if (!strncmp(mod->name, name, nchar))
270 			return mod;
271 	}
272 
273 	return NULL;
274 }
275 
276 /* initialize a module */
277 static int
278 module_init(CONF_MODULE *mod, char *name, char *value, const CONF *cnf)
279 {
280 	CONF_IMODULE *imod = NULL;
281 	int need_finish = 0;
282 	int ret = -1;
283 
284 	if (name == NULL || value == NULL)
285 		goto err;
286 
287 	if ((imod = calloc(1, sizeof(*imod))) == NULL)
288 		goto err;
289 
290 	imod->mod = mod;
291 
292 	if ((imod->value = strdup(value)) == NULL)
293 		goto err;
294 
295 	if (mod->init != NULL) {
296 		need_finish = 1;
297 		if (mod->init(imod, cnf) <= 0)
298 			goto err;
299 	}
300 
301 	if (initialized_modules == NULL)
302 		initialized_modules = sk_CONF_IMODULE_new_null();
303 	if (initialized_modules == NULL)
304 		goto err;
305 
306 	if (!sk_CONF_IMODULE_push(initialized_modules, imod))
307 		goto err;
308 	imod = NULL;
309 	need_finish = 0;
310 
311 	mod->links++;
312 
313 	ret = 1;
314 
315  err:
316 	if (need_finish && mod->finish != NULL)
317 		mod->finish(imod);
318 
319 	imodule_free(imod);
320 
321 	return ret;
322 }
323 
324 /* Unload any dynamic modules that have a link count of zero:
325  * i.e. have no active initialized modules. If 'all' is set
326  * then all modules are unloaded including static ones.
327  */
328 
329 void
330 CONF_modules_unload(int all)
331 {
332 	int i;
333 	CONF_MODULE *mod;
334 
335 	CONF_modules_finish();
336 
337 	/* unload modules in reverse order */
338 	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
339 		mod = sk_CONF_MODULE_value(supported_modules, i);
340 		if (!all)
341 			continue;
342 		/* Since we're working in reverse this is OK */
343 		(void)sk_CONF_MODULE_delete(supported_modules, i);
344 		module_free(mod);
345 	}
346 	if (sk_CONF_MODULE_num(supported_modules) == 0) {
347 		sk_CONF_MODULE_free(supported_modules);
348 		supported_modules = NULL;
349 	}
350 }
351 LCRYPTO_ALIAS(CONF_modules_unload);
352 
353 /* unload a single module */
354 static void
355 module_free(CONF_MODULE *mod)
356 {
357 	if (mod == NULL)
358 		return;
359 
360 	free(mod->name);
361 	free(mod);
362 }
363 
364 static void
365 imodule_free(CONF_IMODULE *imod)
366 {
367 	if (imod == NULL)
368 		return;
369 
370 	free(imod->value);
371 	free(imod);
372 }
373 
374 /* finish and free up all modules instances */
375 
376 void
377 CONF_modules_finish(void)
378 {
379 	CONF_IMODULE *imod;
380 
381 	while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
382 		imod = sk_CONF_IMODULE_pop(initialized_modules);
383 		module_finish(imod);
384 	}
385 	sk_CONF_IMODULE_free(initialized_modules);
386 	initialized_modules = NULL;
387 }
388 LCRYPTO_ALIAS(CONF_modules_finish);
389 
390 /* finish a module instance */
391 
392 static void
393 module_finish(CONF_IMODULE *imod)
394 {
395 	if (imod->mod->finish)
396 		imod->mod->finish(imod);
397 	imod->mod->links--;
398 
399 	imodule_free(imod);
400 }
401 
402 /* Add a static module to OpenSSL */
403 
404 int
405 CONF_module_add(const char *name, conf_init_func *ifunc, conf_finish_func *ffunc)
406 {
407 	return module_add(name, ifunc, ffunc);
408 }
409 
410 void
411 CONF_modules_free(void)
412 {
413 	CONF_modules_finish();
414 	CONF_modules_unload(1);
415 }
416 LCRYPTO_ALIAS(CONF_modules_free);
417 
418 const char *
419 CONF_imodule_get_value(const CONF_IMODULE *imod)
420 {
421 	return imod->value;
422 }
423 
424 char *
425 CONF_get1_default_config_file(void)
426 {
427 	char *file = NULL;
428 
429 	if (asprintf(&file, "%s/openssl.cnf",
430 	    X509_get_default_cert_area()) == -1)
431 		return (NULL);
432 	return file;
433 }
434 LCRYPTO_ALIAS(CONF_get1_default_config_file);
435 
436 /* This function takes a list separated by 'sep' and calls the
437  * callback function giving the start and length of each member
438  * optionally stripping leading and trailing whitespace. This can
439  * be used to parse comma separated lists for example.
440  */
441 
442 int
443 CONF_parse_list(const char *list_, int sep, int nospc,
444     int (*list_cb)(const char *elem, int len, void *usr), void *arg)
445 {
446 	int ret;
447 	const char *lstart, *tmpend, *p;
448 
449 	if (list_ == NULL) {
450 		CONFerror(CONF_R_LIST_CANNOT_BE_NULL);
451 		return 0;
452 	}
453 
454 	lstart = list_;
455 	for (;;) {
456 		if (nospc) {
457 			while (*lstart && isspace((unsigned char)*lstart))
458 				lstart++;
459 		}
460 		p = strchr(lstart, sep);
461 		if (p == lstart || !*lstart)
462 			ret = list_cb(NULL, 0, arg);
463 		else {
464 			if (p)
465 				tmpend = p - 1;
466 			else
467 				tmpend = lstart + strlen(lstart) - 1;
468 			if (nospc) {
469 				while (isspace((unsigned char)*tmpend))
470 					tmpend--;
471 			}
472 			ret = list_cb(lstart, tmpend - lstart + 1, arg);
473 		}
474 		if (ret <= 0)
475 			return ret;
476 		if (p == NULL)
477 			return 1;
478 		lstart = p + 1;
479 	}
480 }
481