diff options
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | crypto/asn1/Makefile.ssl | 4 | ||||
-rw-r--r-- | crypto/asn1/asn1.h | 1 | ||||
-rw-r--r-- | crypto/asn1/asn_moid.c | 85 | ||||
-rw-r--r-- | crypto/conf/Makefile.ssl | 4 | ||||
-rw-r--r-- | crypto/conf/README | 78 | ||||
-rw-r--r-- | crypto/conf/conf.h | 45 | ||||
-rw-r--r-- | crypto/conf/conf_err.c | 9 | ||||
-rw-r--r-- | crypto/conf/conf_mall.c | 108 | ||||
-rw-r--r-- | crypto/conf/conf_mod.c | 507 | ||||
-rw-r--r-- | crypto/stack/safestack.h | 40 |
11 files changed, 878 insertions, 6 deletions
@@ -12,6 +12,9 @@ *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7 +) applies to 0.9.7 only + +) New experimental application configuration code. + [Steve Henson] + *) New 'shared_ldflag' column in Configure platform table. [Richard Levitte] diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index 9642803a42..27c422c51e 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -34,7 +34,7 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ f_int.c f_string.c n_pkey.c \ f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \ asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \ - evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c + evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \ a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \ @@ -46,7 +46,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ f_int.o f_string.o n_pkey.o \ f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \ asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \ - evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o + evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o SRC= $(LIBSRC) diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index cdfca6cf12..d8474dc685 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -933,6 +933,7 @@ void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it); int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); +void ASN1_add_oid_module(void); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c new file mode 100644 index 0000000000..e27b7affc2 --- /dev/null +++ b/crypto/asn1/asn_moid.c @@ -0,0 +1,85 @@ +/* asn_moid.c */ +/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <openssl/crypto.h> +#include "cryptlib.h" +#include <openssl/conf.h> +#include <openssl/dso.h> +#include <openssl/x509.h> + +/* Simple ASN1 OID module: add all objects in a given section */ + +/* NOTE: doesn't do anything other than print debug messages yet... */ +static int oid_module_init(CONF_IMODULE *md, CONF *cnf) + { + fprintf(stderr, "Called oid_module_init: name %s, value %s\n", + CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + return 1; + } + +static void oid_module_finish(CONF_IMODULE *md) + { + fprintf(stderr, "Called oid_module_finish: name %s, value %s\n", + CONF_imodule_get_name(md), CONF_imodule_get_value(md)); + } + +void ASN1_add_oid_module(void) + { + CONF_module_add("oid_section", oid_module_init, oid_module_finish); + } diff --git a/crypto/conf/Makefile.ssl b/crypto/conf/Makefile.ssl index 4e7904cfee..6028106a54 100644 --- a/crypto/conf/Makefile.ssl +++ b/crypto/conf/Makefile.ssl @@ -23,9 +23,9 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c +LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c conf_mall.c -LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o +LIBOBJ= conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o conf_mall.o SRC= $(LIBSRC) diff --git a/crypto/conf/README b/crypto/conf/README new file mode 100644 index 0000000000..ca58d0240f --- /dev/null +++ b/crypto/conf/README @@ -0,0 +1,78 @@ +WARNING WARNING WARNING!!! + +This stuff is experimental, may change radically or be deleted altogether +before OpenSSL 0.9.7 release. You have been warned! + +Configuration modules. These are a set of modules which can perform +various configuration functions. + +Currently the routines should be called at most once when an application +starts up: that is before it starts any threads. + +The routines read a configuration file set up like this: + +----- +#default section +openssl_init=init_section + +[init_section] + +module1=value1 +#Second instance of module1 +module1.1=valueX +module2=value2 +module3=dso_literal +module4=dso_section + +[dso_section] + +path=/some/path/to/some/dso.so +other_stuff=other_value +---- + +When this file is loaded a configuration module with the specified +string (module* in the above example) is looked up and its init +function called as: + +int conf_init_func(CONF_IMODULE *md, CONF *cnf); + +The function can then take whatever action is appropriate, for example +further lookups based on the value. Multiple instances of the same +config module can be loaded. + +When the application closes down the modules are cleaned up by calling +an optional finish function: + +void conf_finish_func(CONF_IMODULE *md); + +The finish functions are called in reverse order: that is the last module +loaded is the first one cleaned up. + +If no module exists with a given name then an attempt is made to load +a DSO with the supplied name. This might mean that "module3" attempts +to load a DSO called libmodule3.so or module3.dll for example. An explicit +DSO name can be given by including a separate section as in the module4 example +above. + +The DSO is expected to at least contain an initialization function: + +int OPENSSL_init(CONF_IMODULE *md, CONF *cnf); + +and may also include a finish function: + +void OPENSSL_finish(CONF_IMODULE *md); + +Static modules can also be added using, + +int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc); + +where "name" is the name in the configuration file this function corresponds to. + +A set of builtin modules (currently only an ASN1 non functional test module) can be +added by calling OPENSSL_load_builtin_modules(). + +The function OPENSSL_config() is intended as a simple configuration function that +any application can call to perform various default configuration tasks. It uses the +file openssl.cnf in the usual locations. + + diff --git a/crypto/conf/conf.h b/crypto/conf/conf.h index 3b767c1dcf..02db41823b 100644 --- a/crypto/conf/conf.h +++ b/crypto/conf/conf.h @@ -77,6 +77,8 @@ typedef struct } CONF_VALUE; DECLARE_STACK_OF(CONF_VALUE) +DECLARE_STACK_OF(CONF_MODULE) +DECLARE_STACK_OF(CONF_IMODULE) struct conf_st; typedef struct conf_st CONF; @@ -97,6 +99,20 @@ struct conf_method_st int (*load)(CONF *conf, const char *name, long *eline); }; +/* Module definitions */ + +typedef struct conf_imodule_st CONF_IMODULE; +typedef struct conf_module_st CONF_MODULE; + +/* DSO module function typedefs */ +typedef int conf_init_func(CONF_IMODULE *md, CONF *cnf); +typedef void conf_finish_func(CONF_IMODULE *md); + +#define CONF_MFLAGS_IGNORE_ERRORS 0x1 +#define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 +#define CONF_MFLAGS_SILENT 0x4 +#define CONF_MFLAGS_NO_DSO 0x8 + int CONF_set_default_method(CONF_METHOD *meth); void CONF_set_nconf(CONF *conf,LHASH *hash); LHASH *CONF_load(LHASH *conf,const char *file,long *eline); @@ -147,14 +163,30 @@ long NCONF_get_number(CONF *conf,char *group,char *name); #else #define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) #endif - + +/* Module functions */ + +int CONF_modules_load(CONF *cnf, char *appname, unsigned long flags); +int CONF_modules_load_file(char *filename, char *appname, unsigned long flags); +void CONF_modules_unload(int all); +void CONF_modules_finish(void); +int CONF_module_add(char *name, conf_init_func *ifunc, conf_finish_func *ffunc); + +char *CONF_imodule_get_name(CONF_IMODULE *md); +char *CONF_imodule_get_value(CONF_IMODULE *md); +void *CONF_imodule_get_usr_data(CONF_IMODULE *md); +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); +CONF_MODULE *CONF_imodule_get_module(CONF_IMODULE *md); +unsigned long CONF_imodule_get_flags(CONF_IMODULE *md); +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); +void *CONF_module_get_usr_data(CONF_MODULE *pmod); +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ void ERR_load_CONF_strings(void); - /* Error codes for the CONF functions. */ /* Function codes. */ @@ -162,6 +194,10 @@ void ERR_load_CONF_strings(void); #define CONF_F_CONF_LOAD 100 #define CONF_F_CONF_LOAD_BIO 102 #define CONF_F_CONF_LOAD_FP 103 +#define CONF_F_CONF_MODULES_LOAD 116 +#define CONF_F_MODULE_INIT 115 +#define CONF_F_MODULE_LOAD_DSO 117 +#define CONF_F_MODULE_RUN 118 #define CONF_F_NCONF_DUMP_BIO 105 #define CONF_F_NCONF_DUMP_FP 106 #define CONF_F_NCONF_GET_NUMBER 107 @@ -175,14 +211,19 @@ void ERR_load_CONF_strings(void); #define CONF_F_STR_COPY 101 /* Reason codes. */ +#define CONF_R_ERROR_LOADING_DSO 110 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 #define CONF_R_MISSING_EQUAL_SIGN 101 +#define CONF_R_MISSING_FINISH_FUNCTION 111 +#define CONF_R_MISSING_INIT_FUNCTION 112 +#define CONF_R_MODULE_INITIALIZATION_ERROR 109 #define CONF_R_NO_CLOSE_BRACE 102 #define CONF_R_NO_CONF 105 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 #define CONF_R_NO_SECTION 107 #define CONF_R_NO_VALUE 108 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 +#define CONF_R_UNKNOWN_MODULE_NAME 113 #define CONF_R_VARIABLE_HAS_NO_VALUE 104 #ifdef __cplusplus diff --git a/crypto/conf/conf_err.c b/crypto/conf/conf_err.c index d00340f9c8..e1bd8b3b2c 100644 --- a/crypto/conf/conf_err.c +++ b/crypto/conf/conf_err.c @@ -70,6 +70,10 @@ static ERR_STRING_DATA CONF_str_functs[]= {ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"}, {ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"}, {ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"}, +{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"}, +{ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"}, +{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"}, +{ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"}, {ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"}, {ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"}, {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"}, @@ -86,14 +90,19 @@ static ERR_STRING_DATA CONF_str_functs[]= static ERR_STRING_DATA CONF_str_reasons[]= { +{CONF_R_ERROR_LOADING_DSO ,"error loading dso"}, {CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"}, {CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, +{CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"}, +{CONF_R_MISSING_INIT_FUNCTION ,"missing init function"}, +{CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"}, {CONF_R_NO_CLOSE_BRACE ,"no close brace"}, {CONF_R_NO_CONF ,"no conf"}, {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, {CONF_R_NO_SECTION ,"no section"}, {CONF_R_NO_VALUE ,"no value"}, {CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, +{CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"}, {CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, {0,NULL} }; diff --git a/crypto/conf/conf_mall.c b/crypto/conf/conf_mall.c new file mode 100644 index 0000000000..01a653252c --- /dev/null +++ b/crypto/conf/conf_mall.c @@ -0,0 +1,108 @@ +/* conf_mall.c */ +/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <openssl/crypto.h> +#include "cryptlib.h" +#include <openssl/conf.h> +#include <openssl/dso.h> +#include <openssl/x509.h> +#include <openssl/asn1.h> + +void OPENSSL_load_builtin_modules(void) + { + /* Add builtin modules here */ + ASN1_add_oid_module(); + } + +/* This is the automatic configuration loader: it is called automatically by + * OpenSSL when any of a number of standard initialisation functions are called, + * unless this is overridden by calling OPENSSL_no_config() + */ + +static int openssl_configured = 0; + +void OPENSSL_config(void) + { + char *file, config_name[256]; + if (openssl_configured) + return; + + OPENSSL_load_builtin_modules(); + + file = getenv("OPENSSL_CONF"); + if (!file) + { + strcpy(config_name,X509_get_default_cert_area()); +#ifndef OPENSSL_SYS_VMS + strcat(config_name,"/"); +#endif + strcat(config_name,OPENSSL_CONF); + file=config_name; + } + + CONF_modules_load_file(file, "openssl_config", CONF_MFLAGS_IGNORE_ERRORS); + + return; + + } + +void OPENSSL_no_config() + { + openssl_configured = 1; + } diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c new file mode 100644 index 0000000000..cbbaf64f3c --- /dev/null +++ b/crypto/conf/conf_mod.c @@ -0,0 +1,507 @@ +/* conf_mod.c */ +/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL + * project 2001. + */ +/* ==================================================================== + * Copyright (c) 2001 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include <openssl/crypto.h> +#include "cryptlib.h" +#include <openssl/conf.h> +#include <openssl/dso.h> +#include <openssl/x509.h> + + +#define DSO_mod_init_name "OPENSSL_init" +#define DSO_mod_finish_name "OPENSSL_finish" + + +/* This structure contains a data about supported modules. + * entries in this table correspond to either dynamic or + * static modules. + */ + +struct conf_module_st + { + /* DSO of this module or NULL if static */ + DSO *dso; + /* Name of the module */ + char *name; + /* Init function */ + conf_init_func *init; + /* Finish function */ + conf_finish_func *finish; + /* Number of successfully initialized modules */ + int links; + void *usr_data; + }; + + +/* This structure contains information about modules that have been + * successfully initialized. There may be more than one entry for a + * given module. + */ + +struct conf_imodule_st + { + CONF_MODULE *pmod; + char *name; + char *value; + unsigned long flags; + void *usr_data; + }; + +static STACK_OF(CONF_MODULE) *supported_modules = NULL; +static STACK_OF(CONF_IMODULE) *initialized_modules = NULL; + +static void module_free(CONF_MODULE *md); +static void module_finish(CONF_IMODULE *imod); +static int module_run(CONF *cnf, char *name, char *value, unsigned long flags); +static CONF_MODULE *module_add(DSO *dso, char *name, + conf_init_func *ifunc, conf_finish_func *ffunc); +static CONF_MODULE *module_find(char *name); +static int module_init(CONF_MODULE *pmod, char *name, char *value, CONF *cnf); +static CONF_MODULE *module_load_dso(CONF *cnf, char *name, char *value, unsigned long flags); + +/* Main function: load modules from a CONF structure */ + +int CONF_modules_load(CONF *cnf, char *appname, unsigned long flags) + { + STACK_OF(CONF_VALUE) *values; + CONF_VALUE *vl; + char *vsection; + + int ret, i; + + if (!cnf || !appname) + return 1; + + + vsection = NCONF_get_string(cnf, NULL, appname); + + if (!vsection) + { + ERR_clear_error(); + return 1; + } + + values = NCONF_get_section(cnf, vsection); + + if (!values) + return 0; + + for (i = 0; i < sk_CONF_VALUE_num(values); i++) + { + vl = sk_CONF_VALUE_value(values, i); + ret = module_run(cnf, vl->name, vl->value, flags); + if (ret <= 0) + if(!(flags & CONF_MFLAGS_IGNORE_ERRORS)) + return ret; + } + + return 1; + + } + +int CONF_modules_load_file(char *filename, char *appname, unsigned long flags) + { + CONF *conf = NULL; + int ret = 0; + conf = NCONF_new(NULL); + if (!conf) + goto err; + + if (NCONF_load(conf, filename, NULL) <= 0) + goto err; + + ret = CONF_modules_load(conf, appname, flags); + + err: + NCONF_free(conf); + + return ret; + } + +static int module_run(CONF *cnf, char *name, char *value, unsigned long flags) + { + CONF_MODULE *md; + int ret; + + md = module_find(name); + + /* Module not found: try to load DSO */ + if (!md) + md = module_load_dso(cnf, name, value, flags); + + if (!md) + { + if (!(flags & CONF_MFLAGS_SILENT)) + { + CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME); + ERR_add_error_data(2, "module=", name); + } + return -1; + } + + ret = module_init(md, name, value, cnf); + + if (ret <= 0) + { + if (!(flags & CONF_MFLAGS_SILENT)) + { + char rcode[10]; + CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR); + sprintf(rcode, "%-8d", ret); + ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode); + } + } + + return ret; + } + +/* Load a module from a DSO */ +static CONF_MODULE *module_load_dso(CONF *cnf, char *name, char *value, unsigned long flags) + { + DSO *dso = NULL; + conf_init_func *ifunc; + conf_finish_func *ffunc; + char *path = NULL; + int errcode = 0; + CONF_MODULE *md; + /* Look for alternative path in module section */ + path = NCONF_get_string(cnf, value, "path"); + if (!path) + { + ERR_get_error(); + path = name; + } + dso = DSO_load(NULL, path, NULL, 0); + if (!dso) + { + errcode = CONF_R_ERROR_LOADING_DSO; + goto err; + } + ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name); + if (!ifunc) + { + errcode = CONF_R_MISSING_INIT_FUNCTION; + goto err; + } + ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name); + if (!ffunc) + { + errcode = CONF_R_MISSING_FINISH_FUNCTION; + goto err; + } + /* All OK, add module */ + md = module_add(dso, name, ifunc, ffunc); + + if (!md) + goto err; + + return md; + + err: + if (dso) + DSO_free(dso); + CONFerr(CONF_F_MODULE_LOAD_DSO, errcode); + ERR_add_error_data(4, "module=", name, ", path=", path); + return NULL; + } + +/* add module to list */ +static CONF_MODULE *module_add(DSO *dso, char *name, + conf_init_func *ifunc, conf_finish_func *ffunc) + { + CONF_MODULE *tmod = NULL; + if (supported_modules == NULL) + supported_modules = sk_CONF_MODULE_new_null(); + if (supported_modules == NULL) + return NULL; + tmod = OPENSSL_malloc(sizeof(CONF_MODULE)); + if (tmod == NULL) + return NULL; + + tmod->dso = dso; + tmod->name = BUF_strdup(name); + tmod->init = ifunc; + tmod->finish = ffunc; + tmod->links = 0; + + if (!sk_CONF_MODULE_push(supported_modules, tmod)) + { + OPENSSL_free(tmod); + return NULL; + } + + return tmod; + } + +/* Find a module from the list. We allow module names of the + * form modname.XXXX to just search for modname to allow the + * same module to be initialized more than once. + */ + +static CONF_MODULE *module_find(char *name) + { + CONF_MODULE *tmod; + int i, nchar; + char *p; + p = strrchr(name, '.'); + + if (p) + nchar = p - name; + else + nchar = strlen(name); + + for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++) + { + tmod = sk_CONF_MODULE_value(supported_modules, i); + if (!strncmp(tmod->name, name, nchar)) + return tmod; + } + + return NULL; + + } + +/* initialize a module */ +static int module_init(CONF_MODULE *pmod, char *name, char *value, CONF *cnf) + { + int ret, init_called = 0; + CONF_IMODULE *imod = NULL; + + /* Otherwise add initialized module to list */ + imod = OPENSSL_malloc(sizeof(CONF_IMODULE)); + if (!imod) + goto err; + + imod->pmod = pmod; + imod->name = BUF_strdup(name); + imod->value = BUF_strdup(value); + imod->usr_data = NULL; + + if (!imod->name || !imod->value) + goto memerr; + + /* Try to initialize module */ + if(pmod->init) + { + ret = pmod->init(imod, cnf); + init_called = 1; + /* Error occurred, exit */ + if (ret <= 0) + goto err; + } + + if (initialized_modules == NULL) + initialized_modules = sk_CONF_IMODULE_new_null(); + + if (!initialized_modules) + goto err; + + if (!sk_CONF_IMODULE_push(initialized_modules, imod)) + goto err; + + pmod->links++; + + return ret; + + err: + + CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE); + + /* We've started the module so we'd better finish it */ + if (pmod->finish && init_called) + pmod->finish(imod); + + memerr: + if (imod) + { + if (imod->name) + OPENSSL_free(imod->name); + if (imod->value) + OPENSSL_free(imod->value); + OPENSSL_free(imod); + } + + return -1; + + } + +/* Unload any dynamic modules that have a link count of zero: + * i.e. have no active initialized modules. If 'all' is set + * then all modules are unloaded including static ones. + */ + +void CONF_modules_unload(int all) + { + int i; + CONF_MODULE *md; + /* unload modules in reverse order */ + for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--) + { + md = sk_CONF_MODULE_value(supported_modules, i); + /* If static or in use and 'all' not set ignore it */ + if (((md->links > 0) || !md->dso) && !all) + continue; + /* Since we're working in reverse this is OK */ + sk_CONF_MODULE_delete(supported_modules, i); + module_free(md); + } + if (sk_CONF_MODULE_num(supported_modules) == 0) + { + sk_CONF_MODULE_free(supported_modules); + supported_modules = NULL; + } + } + +/* unload a single module */ +static void module_free(CONF_MODULE *md) + { + if (md->dso) + DSO_free(md->dso); + OPENSSL_free(md->name); + OPENSSL_free(md); + } + +/* finish and free up all modules instances */ + +void CONF_modules_finish(void) + { + CONF_IMODULE *imod; + while (sk_CONF_IMODULE_num(initialized_modules) > 0) + { + imod = sk_CONF_IMODULE_pop(initialized_modules); + module_finish(imod); + } + sk_CONF_IMODULE_free(initialized_modules); + initialized_modules = NULL; + } + +/* finish a module instance */ + +static void module_finish(CONF_IMODULE *imod) + { + imod->pmod->finish(imod); + imod->pmod->links--; + OPENSSL_free(imod->name); + OPENSSL_free(imod->value); + OPENSSL_free(imod); + } + +/* Add a static module to OpenSSL */ + +int CONF_module_add(char *name, conf_init_func *ifunc, conf_finish_func *ffunc) + { + if (module_add(NULL, name, ifunc, ffunc)) + return 1; + else + return 0; + } + +void CONF_modules_free(void) + { + CONF_modules_finish(); + CONF_modules_unload(1); + } + +/* Utility functions */ + +char *CONF_imodule_get_name(CONF_IMODULE *md) + { + return md->name; + } + +char *CONF_imodule_get_value(CONF_IMODULE *md) + { + return md->value; + } + +void *CONF_imodule_get_usr_data(CONF_IMODULE *md) + { + return md->usr_data; + } + +void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data) + { + md->usr_data = usr_data; + } + +CONF_MODULE *CONF_imodule_get_module(CONF_IMODULE *md) + { + return md->pmod; + } + +unsigned long CONF_imodule_get_flags(CONF_IMODULE *md) + { + return md->flags; + } + +void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags) + { + md->flags = flags; + } + +void *CONF_module_get_usr_data(CONF_MODULE *pmod) + { + return pmod->usr_data; + } + +void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data) + { + pmod->usr_data = usr_data; + } + diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h index f598b0c0d0..b931414560 100644 --- a/crypto/stack/safestack.h +++ b/crypto/stack/safestack.h @@ -344,6 +344,46 @@ STACK_OF(type) \ #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) +#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) +#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) +#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) +#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) +#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) +#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) +#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) +#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) +#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) +#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) +#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) +#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) + +#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) +#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) +#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) +#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) +#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) +#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) +#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) +#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) +#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) +#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) +#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) +#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) +#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) +#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) +#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) +#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) +#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) + #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) |