]> git.proxmox.com Git - efi-boot-shim.git/blob - Cryptlib/OpenSSL/crypto/conf/conf_mod.c
projects / efi-boot-shim.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Import Upstream version 0.9+1474479173.6c180c6
[efi-boot-shim.git] / Cryptlib / OpenSSL / crypto / conf / conf_mod.c
1 /* conf_mod.c */
2 /*
3 * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
4 * 2001.
5 */
6 /* ====================================================================
7 * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com).
57 *
58 */
59
60 #include <stdio.h>
61 #include <ctype.h>
62 #include <openssl/crypto.h>
63 #include "cryptlib.h"
64 #include <openssl/conf.h>
65 #include <openssl/dso.h>
66 #include <openssl/x509.h>
67
68 #define DSO_mod_init_name "OPENSSL_init"
69 #define DSO_mod_finish_name "OPENSSL_finish"
70
71 /*
72 * This structure contains a data about supported modules. entries in this
73 * table correspond to either dynamic or static modules.
74 */
75
76 struct conf_module_st {
77 /* DSO of this module or NULL if static */
78 DSO *dso;
79 /* Name of the module */
80 char *name;
81 /* Init function */
82 conf_init_func *init;
83 /* Finish function */
84 conf_finish_func *finish;
85 /* Number of successfully initialized modules */
86 int links;
87 void *usr_data;
88 };
89
90 /*
91 * This structure contains information about modules that have been
92 * successfully initialized. There may be more than one entry for a given
93 * module.
94 */
95
96 struct conf_imodule_st {
97 CONF_MODULE *pmod;
98 char *name;
99 char *value;
100 unsigned long flags;
101 void *usr_data;
102 };
103
104 static STACK_OF(CONF_MODULE) *supported_modules = NULL;
105 static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
106
107 static void module_free(CONF_MODULE *md);
108 static void module_finish(CONF_IMODULE *imod);
109 static int module_run(const CONF *cnf, char *name, char *value,
110 unsigned long flags);
111 static CONF_MODULE *module_add(DSO *dso, const char *name,
112 conf_init_func *ifunc,
113 conf_finish_func *ffunc);
114 static CONF_MODULE *module_find(char *name);
115 static int module_init(CONF_MODULE *pmod, char *name, char *value,
116 const CONF *cnf);
117 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
118 unsigned long flags);
119
120 /* Main function: load modules from a CONF structure */
121
122 int CONF_modules_load(const CONF *cnf, const char *appname,
123 unsigned long flags)
124 {
125 STACK_OF(CONF_VALUE) *values;
126 CONF_VALUE *vl;
127 char *vsection = NULL;
128
129 int ret, i;
130
131 if (!cnf)
132 return 1;
133
134 if (appname)
135 vsection = NCONF_get_string(cnf, NULL, appname);
136
137 if (!appname || (!vsection && (flags & CONF_MFLAGS_DEFAULT_SECTION)))
138 vsection = NCONF_get_string(cnf, NULL, "openssl_conf");
139
140 if (!vsection) {
141 ERR_clear_error();
142 return 1;
143 }
144
145 values = NCONF_get_section(cnf, vsection);
146
147 if (!values)
148 return 0;
149
150 for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
151 vl = sk_CONF_VALUE_value(values, i);
152 ret = module_run(cnf, vl->name, vl->value, flags);
153 if (ret <= 0)
154 if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
155 return ret;
156 }
157
158 return 1;
159
160 }
161
162 #ifndef OPENSSL_NO_STDIO
163 int CONF_modules_load_file(const char *filename, const char *appname,
164 unsigned long flags)
165 {
166 char *file = NULL;
167 CONF *conf = NULL;
168 int ret = 0;
169 conf = NCONF_new(NULL);
170 if (!conf)
171 goto err;
172
173 if (filename == NULL) {
174 file = CONF_get1_default_config_file();
175 if (!file)
176 goto err;
177 } else
178 file = (char *)filename;
179
180 if (NCONF_load(conf, file, NULL) <= 0) {
181 if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
182 (ERR_GET_REASON(ERR_peek_last_error()) == CONF_R_NO_SUCH_FILE)) {
183 ERR_clear_error();
184 ret = 1;
185 }
186 goto err;
187 }
188
189 ret = CONF_modules_load(conf, appname, flags);
190
191 err:
192 if (filename == NULL)
193 OPENSSL_free(file);
194 NCONF_free(conf);
195
196 return ret;
197 }
198 #endif
199
200 static int module_run(const CONF *cnf, char *name, char *value,
201 unsigned long flags)
202 {
203 CONF_MODULE *md;
204 int ret;
205
206 md = module_find(name);
207
208 /* Module not found: try to load DSO */
209 if (!md && !(flags & CONF_MFLAGS_NO_DSO))
210 md = module_load_dso(cnf, name, value, flags);
211
212 if (!md) {
213 if (!(flags & CONF_MFLAGS_SILENT)) {
214 CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
215 ERR_add_error_data(2, "module=", name);
216 }
217 return -1;
218 }
219
220 ret = module_init(md, name, value, cnf);
221
222 if (ret <= 0) {
223 if (!(flags & CONF_MFLAGS_SILENT)) {
224 char rcode[DECIMAL_SIZE(ret) + 1];
225 CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
226 BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
227 ERR_add_error_data(6, "module=", name, ", value=", value,
228 ", retcode=", rcode);
229 }
230 }
231
232 return ret;
233 }
234
235 /* Load a module from a DSO */
236 static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
237 unsigned long flags)
238 {
239 DSO *dso = NULL;
240 conf_init_func *ifunc;
241 conf_finish_func *ffunc;
242 char *path = NULL;
243 int errcode = 0;
244 CONF_MODULE *md;
245 /* Look for alternative path in module section */
246 path = NCONF_get_string(cnf, value, "path");
247 if (!path) {
248 ERR_clear_error();
249 path = name;
250 }
251 dso = DSO_load(NULL, path, NULL, 0);
252 if (!dso) {
253 errcode = CONF_R_ERROR_LOADING_DSO;
254 goto err;
255 }
256 ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
257 if (!ifunc) {
258 errcode = CONF_R_MISSING_INIT_FUNCTION;
259 goto err;
260 }
261 ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
262 /* All OK, add module */
263 md = module_add(dso, name, ifunc, ffunc);
264
265 if (!md)
266 goto err;
267
268 return md;
269
270 err:
271 if (dso)
272 DSO_free(dso);
273 CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
274 ERR_add_error_data(4, "module=", name, ", path=", path);
275 return NULL;
276 }
277
278 /* add module to list */
279 static CONF_MODULE *module_add(DSO *dso, const char *name,
280 conf_init_func *ifunc, conf_finish_func *ffunc)
281 {
282 CONF_MODULE *tmod = NULL;
283 if (supported_modules == NULL)
284 supported_modules = sk_CONF_MODULE_new_null();
285 if (supported_modules == NULL)
286 return NULL;
287 tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
288 if (tmod == NULL)
289 return NULL;
290
291 tmod->dso = dso;
292 tmod->name = BUF_strdup(name);
293 tmod->init = ifunc;
294 tmod->finish = ffunc;
295 tmod->links = 0;
296
297 if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
298 OPENSSL_free(tmod);
299 return NULL;
300 }
301
302 return tmod;
303 }
304
305 /*
306 * Find a module from the list. We allow module names of the form
307 * modname.XXXX to just search for modname to allow the same module to be
308 * initialized more than once.
309 */
310
311 static CONF_MODULE *module_find(char *name)
312 {
313 CONF_MODULE *tmod;
314 int i, nchar;
315 char *p;
316 p = strrchr(name, '.');
317
318 if (p)
319 nchar = p - name;
320 else
321 nchar = strlen(name);
322
323 for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) {
324 tmod = sk_CONF_MODULE_value(supported_modules, i);
325 if (!strncmp(tmod->name, name, nchar))
326 return tmod;
327 }
328
329 return NULL;
330
331 }
332
333 /* initialize a module */
334 static int module_init(CONF_MODULE *pmod, char *name, char *value,
335 const CONF *cnf)
336 {
337 int ret = 1;
338 int init_called = 0;
339 CONF_IMODULE *imod = NULL;
340
341 /* Otherwise add initialized module to list */
342 imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
343 if (!imod)
344 goto err;
345
346 imod->pmod = pmod;
347 imod->name = BUF_strdup(name);
348 imod->value = BUF_strdup(value);
349 imod->usr_data = NULL;
350
351 if (!imod->name || !imod->value)
352 goto memerr;
353
354 /* Try to initialize module */
355 if (pmod->init) {
356 ret = pmod->init(imod, cnf);
357 init_called = 1;
358 /* Error occurred, exit */
359 if (ret <= 0)
360 goto err;
361 }
362
363 if (initialized_modules == NULL) {
364 initialized_modules = sk_CONF_IMODULE_new_null();
365 if (!initialized_modules) {
366 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
367 goto err;
368 }
369 }
370
371 if (!sk_CONF_IMODULE_push(initialized_modules, imod)) {
372 CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
373 goto err;
374 }
375
376 pmod->links++;
377
378 return ret;
379
380 err:
381
382 /* We've started the module so we'd better finish it */
383 if (pmod->finish && init_called)
384 pmod->finish(imod);
385
386 memerr:
387 if (imod) {
388 if (imod->name)
389 OPENSSL_free(imod->name);
390 if (imod->value)
391 OPENSSL_free(imod->value);
392 OPENSSL_free(imod);
393 }
394
395 return -1;
396
397 }
398
399 /*
400 * Unload any dynamic modules that have a link count of zero: i.e. have no
401 * active initialized modules. If 'all' is set then all modules are unloaded
402 * including static ones.
403 */
404
405 void CONF_modules_unload(int all)
406 {
407 int i;
408 CONF_MODULE *md;
409 CONF_modules_finish();
410 /* unload modules in reverse order */
411 for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) {
412 md = sk_CONF_MODULE_value(supported_modules, i);
413 /* If static or in use and 'all' not set ignore it */
414 if (((md->links > 0) || !md->dso) && !all)
415 continue;
416 /* Since we're working in reverse this is OK */
417 (void)sk_CONF_MODULE_delete(supported_modules, i);
418 module_free(md);
419 }
420 if (sk_CONF_MODULE_num(supported_modules) == 0) {
421 sk_CONF_MODULE_free(supported_modules);
422 supported_modules = NULL;
423 }
424 }
425
426 /* unload a single module */
427 static void module_free(CONF_MODULE *md)
428 {
429 if (md->dso)
430 DSO_free(md->dso);
431 OPENSSL_free(md->name);
432 OPENSSL_free(md);
433 }
434
435 /* finish and free up all modules instances */
436
437 void CONF_modules_finish(void)
438 {
439 CONF_IMODULE *imod;
440 while (sk_CONF_IMODULE_num(initialized_modules) > 0) {
441 imod = sk_CONF_IMODULE_pop(initialized_modules);
442 module_finish(imod);
443 }
444 sk_CONF_IMODULE_free(initialized_modules);
445 initialized_modules = NULL;
446 }
447
448 /* finish a module instance */
449
450 static void module_finish(CONF_IMODULE *imod)
451 {
452 if (imod->pmod->finish)
453 imod->pmod->finish(imod);
454 imod->pmod->links--;
455 OPENSSL_free(imod->name);
456 OPENSSL_free(imod->value);
457 OPENSSL_free(imod);
458 }
459
460 /* Add a static module to OpenSSL */
461
462 int CONF_module_add(const char *name, conf_init_func *ifunc,
463 conf_finish_func *ffunc)
464 {
465 if (module_add(NULL, name, ifunc, ffunc))
466 return 1;
467 else
468 return 0;
469 }
470
471 void CONF_modules_free(void)
472 {
473 CONF_modules_finish();
474 CONF_modules_unload(1);
475 }
476
477 /* Utility functions */
478
479 const char *CONF_imodule_get_name(const CONF_IMODULE *md)
480 {
481 return md->name;
482 }
483
484 const char *CONF_imodule_get_value(const CONF_IMODULE *md)
485 {
486 return md->value;
487 }
488
489 void *CONF_imodule_get_usr_data(const CONF_IMODULE *md)
490 {
491 return md->usr_data;
492 }
493
494 void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
495 {
496 md->usr_data = usr_data;
497 }
498
499 CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md)
500 {
501 return md->pmod;
502 }
503
504 unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md)
505 {
506 return md->flags;
507 }
508
509 void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
510 {
511 md->flags = flags;
512 }
513
514 void *CONF_module_get_usr_data(CONF_MODULE *pmod)
515 {
516 return pmod->usr_data;
517 }
518
519 void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
520 {
521 pmod->usr_data = usr_data;
522 }
523
524 /* Return default config file name */
525
526 char *CONF_get1_default_config_file(void)
527 {
528 char *file;
529 int len;
530
531 file = getenv("OPENSSL_CONF");
532 if (file)
533 return BUF_strdup(file);
534
535 len = strlen(X509_get_default_cert_area());
536 #ifndef OPENSSL_SYS_VMS
537 len++;
538 #endif
539 len += strlen(OPENSSL_CONF);
540
541 file = OPENSSL_malloc(len + 1);
542
543 if (!file)
544 return NULL;
545 BUF_strlcpy(file, X509_get_default_cert_area(), len + 1);
546 #ifndef OPENSSL_SYS_VMS
547 BUF_strlcat(file, "/", len + 1);
548 #endif
549 BUF_strlcat(file, OPENSSL_CONF, len + 1);
550
551 return file;
552 }
553
554 /*
555 * This function takes a list separated by 'sep' and calls the callback
556 * function giving the start and length of each member optionally stripping
557 * leading and trailing whitespace. This can be used to parse comma separated
558 * lists for example.
559 */
560
561 int CONF_parse_list(const char *list_, int sep, int nospc,
562 int (*list_cb) (const char *elem, int len, void *usr),
563 void *arg)
564 {
565 int ret;
566 const char *lstart, *tmpend, *p;
567
568 if (list_ == NULL) {
569 CONFerr(CONF_F_CONF_PARSE_LIST, CONF_R_LIST_CANNOT_BE_NULL);
570 return 0;
571 }
572
573 lstart = list_;
574 for (;;) {
575 if (nospc) {
576 while (*lstart && isspace((unsigned char)*lstart))
577 lstart++;
578 }
579 p = strchr(lstart, sep);
580 if (p == lstart || !*lstart)
581 ret = list_cb(NULL, 0, arg);
582 else {
583 if (p)
584 tmpend = p - 1;
585 else
586 tmpend = lstart + strlen(lstart) - 1;
587 if (nospc) {
588 while (isspace((unsigned char)*tmpend))
589 tmpend--;
590 }
591 ret = list_cb(lstart, tmpend - lstart + 1, arg);
592 }
593 if (ret <= 0)
594 return ret;
595 if (p == NULL)
596 return 1;
597 lstart = p + 1;
598 }
599 }
shim, a first-stage UEFI bootloader adapted for Proxmox projects