/*
- * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project
- * 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
+ * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
*
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
*/
+#include "internal/cryptlib.h"
#include <stdio.h>
#include <ctype.h>
#include <openssl/crypto.h>
-#include "internal/cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/dso.h>
+#include "internal/conf.h"
+#include "internal/dso.h"
+#include "internal/thread_once.h"
#include <openssl/x509.h>
+#include <openssl/trace.h>
+#include <openssl/engine.h>
+
+DEFINE_STACK_OF(CONF_VALUE)
+DEFINE_STACK_OF(CONF_MODULE)
+DEFINE_STACK_OF(CONF_IMODULE)
#define DSO_mod_init_name "OPENSSL_init"
#define DSO_mod_finish_name "OPENSSL_finish"
static STACK_OF(CONF_MODULE) *supported_modules = NULL;
static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+static CRYPTO_ONCE load_builtin_modules = CRYPTO_ONCE_STATIC_INIT;
+
static void module_free(CONF_MODULE *md);
static void module_finish(CONF_IMODULE *imod);
-static int module_run(const CONF *cnf, char *name, char *value,
+static int module_run(const CONF *cnf, const char *name, const char *value,
unsigned long flags);
static CONF_MODULE *module_add(DSO *dso, const char *name,
conf_init_func *ifunc,
conf_finish_func *ffunc);
-static CONF_MODULE *module_find(char *name);
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
+static CONF_MODULE *module_find(const char *name);
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
const CONF *cnf);
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags);
+static CONF_MODULE *module_load_dso(const CONF *cnf, const char *name,
+ const char *value);
/* Main function: load modules from a CONF structure */
return 1;
}
+ OSSL_TRACE1(CONF, "Configuration in section %s\n", vsection);
values = NCONF_get_section(cnf, vsection);
if (!values)
for (i = 0; i < sk_CONF_VALUE_num(values); i++) {
vl = sk_CONF_VALUE_value(values, i);
ret = module_run(cnf, vl->name, vl->value, flags);
+ OSSL_TRACE3(CONF, "Running module %s (%s) returned %d\n",
+ vl->name, vl->value, ret);
if (ret <= 0)
if (!(flags & CONF_MFLAGS_IGNORE_ERRORS))
return ret;
}
-int CONF_modules_load_file(const char *filename, const char *appname,
- unsigned long flags)
+int CONF_modules_load_file_with_libctx(OPENSSL_CTX *libctx,
+ const char *filename,
+ const char *appname, unsigned long flags)
{
char *file = NULL;
CONF *conf = NULL;
int ret = 0;
- conf = NCONF_new(NULL);
+
+ conf = NCONF_new_with_libctx(libctx, NULL);
if (conf == NULL)
goto err;
if (filename == NULL) {
file = CONF_get1_default_config_file();
- if (!file)
+ if (file == NULL)
goto err;
- } else
+ } else {
file = (char *)filename;
+ }
if (NCONF_load(conf, file, NULL) <= 0) {
if ((flags & CONF_MFLAGS_IGNORE_MISSING_FILE) &&
OPENSSL_free(file);
NCONF_free(conf);
+ if (flags & CONF_MFLAGS_IGNORE_RETURN_CODES)
+ return 1;
+
return ret;
}
-static int module_run(const CONF *cnf, char *name, char *value,
+int CONF_modules_load_file(const char *filename,
+ const char *appname, unsigned long flags)
+{
+ return CONF_modules_load_file_with_libctx(NULL, filename, appname, flags);
+}
+
+DEFINE_RUN_ONCE_STATIC(do_load_builtin_modules)
+{
+ OPENSSL_load_builtin_modules();
+#ifndef OPENSSL_NO_ENGINE
+ /* Need to load ENGINEs */
+ ENGINE_load_builtin_engines();
+#endif
+ ERR_clear_error();
+ return 1;
+}
+
+static int module_run(const CONF *cnf, const char *name, const char *value,
unsigned long flags)
{
CONF_MODULE *md;
int ret;
+ if (!RUN_ONCE(&load_builtin_modules, do_load_builtin_modules))
+ return -1;
+
md = module_find(name);
/* Module not found: try to load DSO */
if (!md && !(flags & CONF_MFLAGS_NO_DSO))
- md = module_load_dso(cnf, name, value, flags);
+ md = module_load_dso(cnf, name, value);
if (!md) {
if (!(flags & CONF_MFLAGS_SILENT)) {
if (ret <= 0) {
if (!(flags & CONF_MFLAGS_SILENT)) {
char rcode[DECIMAL_SIZE(ret) + 1];
+
CONFerr(CONF_F_MODULE_RUN, CONF_R_MODULE_INITIALIZATION_ERROR);
- BIO_snprintf(rcode, sizeof rcode, "%-8d", ret);
+ BIO_snprintf(rcode, sizeof(rcode), "%-8d", ret);
ERR_add_error_data(6, "module=", name, ", value=", value,
", retcode=", rcode);
}
}
/* Load a module from a DSO */
-static CONF_MODULE *module_load_dso(const CONF *cnf, char *name, char *value,
- unsigned long flags)
+static CONF_MODULE *module_load_dso(const CONF *cnf,
+ const char *name, const char *value)
{
DSO *dso = NULL;
conf_init_func *ifunc;
conf_finish_func *ffunc;
- char *path = NULL;
+ const char *path = NULL;
int errcode = 0;
CONF_MODULE *md;
+
/* Look for alternative path in module section */
path = NCONF_get_string(cnf, value, "path");
- if (!path) {
+ if (path == NULL) {
ERR_clear_error();
path = name;
}
dso = DSO_load(NULL, path, NULL, 0);
- if (!dso) {
+ if (dso == NULL) {
errcode = CONF_R_ERROR_LOADING_DSO;
goto err;
}
ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
- if (!ifunc) {
+ if (ifunc == NULL) {
errcode = CONF_R_MISSING_INIT_FUNCTION;
goto err;
}
/* All OK, add module */
md = module_add(dso, name, ifunc, ffunc);
- if (!md)
+ if (md == NULL)
goto err;
return md;
supported_modules = sk_CONF_MODULE_new_null();
if (supported_modules == NULL)
return NULL;
- tmod = OPENSSL_zalloc(sizeof(*tmod));
- if (tmod == NULL)
+ if ((tmod = OPENSSL_zalloc(sizeof(*tmod))) == NULL) {
+ CONFerr(CONF_F_MODULE_ADD, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
tmod->dso = dso;
tmod->name = OPENSSL_strdup(name);
tmod->init = ifunc;
tmod->finish = ffunc;
+ if (tmod->name == NULL) {
+ OPENSSL_free(tmod);
+ return NULL;
+ }
if (!sk_CONF_MODULE_push(supported_modules, tmod)) {
+ OPENSSL_free(tmod->name);
OPENSSL_free(tmod);
return NULL;
}
* initialized more than once.
*/
-static CONF_MODULE *module_find(char *name)
+static CONF_MODULE *module_find(const char *name)
{
CONF_MODULE *tmod;
int i, nchar;
}
/* initialize a module */
-static int module_init(CONF_MODULE *pmod, char *name, char *value,
+static int module_init(CONF_MODULE *pmod, const char *name, const char *value,
const CONF *cnf)
{
int ret = 1;
return 0;
}
-void CONF_modules_free(void)
+void conf_modules_free_int(void)
{
CONF_modules_finish();
CONF_modules_unload(1);
char *CONF_get1_default_config_file(void)
{
- char *file;
- int len;
+ const char *t;
+ char *file, *sep = "";
+ size_t size;
- file = getenv("OPENSSL_CONF");
- if (file)
+ if ((file = ossl_safe_getenv("OPENSSL_CONF")) != NULL)
return OPENSSL_strdup(file);
- len = strlen(X509_get_default_cert_area());
+ t = X509_get_default_cert_area();
#ifndef OPENSSL_SYS_VMS
- len++;
+ sep = "/";
#endif
- len += strlen(OPENSSL_CONF);
-
- file = OPENSSL_malloc(len + 1);
+ size = strlen(t) + strlen(sep) + strlen(OPENSSL_CONF) + 1;
+ file = OPENSSL_malloc(size);
if (file == NULL)
return NULL;
- OPENSSL_strlcpy(file, X509_get_default_cert_area(), len + 1);
-#ifndef OPENSSL_SYS_VMS
- OPENSSL_strlcat(file, "/", len + 1);
-#endif
- OPENSSL_strlcat(file, OPENSSL_CONF, len + 1);
+ BIO_snprintf(file, size, "%s%s%s", t, sep, OPENSSL_CONF);
return file;
}
lstart++;
}
p = strchr(lstart, sep);
- if (p == lstart || !*lstart)
+ if (p == lstart || *lstart == '\0')
ret = list_cb(NULL, 0, arg);
else {
if (p)