Experimental configuration code.

Incomplete, largely untested and subject to change/deletion.

CHANGES

@@ -12,6 +12,9 @@
          *) applies to 0.9.6a/0.9.6b/0.9.6c and 0.9.7
          +) applies to 0.9.7 only
 
+  +) New experimental application configuration code.
+     [Steve Henson]
+
   *) New 'shared_ldflag' column in Configure platform table.
      [Richard Levitte]
 

crypto/asn1/Makefile.ssl

@@ -34,7 +34,7 @@ LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
 	f_int.c f_string.c n_pkey.c \
 	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
 	asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
 LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o \
 	a_enum.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
@@ -46,7 +46,7 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
 	f_int.o f_string.o n_pkey.o \
 	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
 	asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
+	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o asn_moid.o
 
 SRC= $(LIBSRC)
 

crypto/asn1/asn1.h

@@ -933,6 +933,7 @@ void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
 ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it);
 int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
 
+void ASN1_add_oid_module(void);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes

crypto/asn1/asn_moid.c

+/* asn_moid.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+/* Simple ASN1 OID module: add all objects in a given section */
+
+/* NOTE: doesn't do anything other than print debug messages yet... */
+static int oid_module_init(CONF_IMODULE *md, CONF *cnf)
+	{
+	fprintf(stderr, "Called oid_module_init: name %s, value %s\n",
+			CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+	return 1;
+	}
+
+static void oid_module_finish(CONF_IMODULE *md)
+	{
+	fprintf(stderr, "Called oid_module_finish: name %s, value %s\n",
+			CONF_imodule_get_name(md), CONF_imodule_get_value(md));
+	}
+
+void ASN1_add_oid_module(void)
+	{
+	CONF_module_add("oid_section", oid_module_init, oid_module_finish);
+	}

crypto/conf/Makefile.ssl

@@ -23,9 +23,9 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c
+LIBSRC= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c conf_mall.c
 
-LIBOBJ=	conf_err.o conf_lib.o conf_api.o conf_def.o
+LIBOBJ=	conf_err.o conf_lib.o conf_api.o conf_def.o conf_mod.o conf_mall.o
 
 SRC= $(LIBSRC)
 

crypto/conf/README

+WARNING WARNING WARNING!!!
+
+This stuff is experimental, may change radically or be deleted altogether
+before OpenSSL 0.9.7 release. You have been warned!
+
+Configuration modules. These are a set of modules which can perform
+various configuration functions.
+
+Currently the routines should be called at most once when an application
+starts up: that is before it starts any threads.
+
+The routines read a configuration file set up like this:
+
+-----
+#default section
+openssl_init=init_section
+
+[init_section]
+
+module1=value1
+#Second instance of module1
+module1.1=valueX
+module2=value2
+module3=dso_literal
+module4=dso_section
+
+[dso_section]
+
+path=/some/path/to/some/dso.so
+other_stuff=other_value
+----
+
+When this file is loaded a configuration module with the specified
+string (module* in the above example) is looked up and its init
+function called as:
+
+int conf_init_func(CONF_IMODULE *md, CONF *cnf);
+
+The function can then take whatever action is appropriate, for example
+further lookups based on the value. Multiple instances of the same 
+config module can be loaded.
+
+When the application closes down the modules are cleaned up by calling
+an optional finish function:
+
+void conf_finish_func(CONF_IMODULE *md);
+
+The finish functions are called in reverse order: that is the last module
+loaded is the first one cleaned up.
+
+If no module exists with a given name then an attempt is made to load
+a DSO with the supplied name. This might mean that "module3" attempts
+to load a DSO called libmodule3.so or module3.dll for example. An explicit
+DSO name can be given by including a separate section as in the module4 example
+above.
+
+The DSO is expected to at least contain an initialization function:
+
+int OPENSSL_init(CONF_IMODULE *md, CONF *cnf);
+
+and may also include a finish function:
+
+void OPENSSL_finish(CONF_IMODULE *md);
+
+Static modules can also be added using,
+
+int CONF_module_add(char *name, dso_mod_init_func *ifunc, dso_mod_finish_func *ffunc);
+
+where "name" is the name in the configuration file this function corresponds to.
+
+A set of builtin modules (currently only an ASN1 non functional test module) can be 
+added by calling OPENSSL_load_builtin_modules(). 
+
+The function OPENSSL_config() is intended as a simple configuration function that
+any application can call to perform various default configuration tasks. It uses the
+file openssl.cnf in the usual locations.
+
+

crypto/conf/conf.h

@@ -77,6 +77,8 @@ typedef struct
 	} CONF_VALUE;
 
 DECLARE_STACK_OF(CONF_VALUE)
+DECLARE_STACK_OF(CONF_MODULE)
+DECLARE_STACK_OF(CONF_IMODULE)
 
 struct conf_st;
 typedef struct conf_st CONF;
@@ -97,6 +99,20 @@ struct conf_method_st
 	int (*load)(CONF *conf, const char *name, long *eline);
 	};
 
+/* Module definitions */
+
+typedef struct conf_imodule_st CONF_IMODULE;
+typedef struct conf_module_st CONF_MODULE;
+
+/* DSO module function typedefs */
+typedef int conf_init_func(CONF_IMODULE *md, CONF *cnf);
+typedef void conf_finish_func(CONF_IMODULE *md);
+
+#define	CONF_MFLAGS_IGNORE_ERRORS	0x1
+#define CONF_MFLAGS_IGNORE_RETURN_CODES	0x2
+#define CONF_MFLAGS_SILENT		0x4
+#define CONF_MFLAGS_NO_DSO		0x8
+
 int CONF_set_default_method(CONF_METHOD *meth);
 void CONF_set_nconf(CONF *conf,LHASH *hash);
 LHASH *CONF_load(LHASH *conf,const char *file,long *eline);
@@ -147,14 +163,30 @@ long NCONF_get_number(CONF *conf,char *group,char *name);
 #else
 #define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r)
 #endif
-
+  
+/* Module functions */
+
+int CONF_modules_load(CONF *cnf, char *appname, unsigned long flags);
+int CONF_modules_load_file(char *filename, char *appname, unsigned long flags);
+void CONF_modules_unload(int all);
+void CONF_modules_finish(void);
+int CONF_module_add(char *name, conf_init_func *ifunc, conf_finish_func *ffunc);
+
+char *CONF_imodule_get_name(CONF_IMODULE *md);
+char *CONF_imodule_get_value(CONF_IMODULE *md);
+void *CONF_imodule_get_usr_data(CONF_IMODULE *md);
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data);
+CONF_MODULE *CONF_imodule_get_module(CONF_IMODULE *md);
+unsigned long CONF_imodule_get_flags(CONF_IMODULE *md);
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags);
+void *CONF_module_get_usr_data(CONF_MODULE *pmod);
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data);
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
  * made after this point may be overwritten when the script is next run.
  */
 void ERR_load_CONF_strings(void);
-
 /* Error codes for the CONF functions. */
 
 /* Function codes. */
@@ -162,6 +194,10 @@ void ERR_load_CONF_strings(void);
 #define CONF_F_CONF_LOAD				 100
 #define CONF_F_CONF_LOAD_BIO				 102
 #define CONF_F_CONF_LOAD_FP				 103
+#define CONF_F_CONF_MODULES_LOAD			 116
+#define CONF_F_MODULE_INIT				 115
+#define CONF_F_MODULE_LOAD_DSO				 117
+#define CONF_F_MODULE_RUN				 118
 #define CONF_F_NCONF_DUMP_BIO				 105
 #define CONF_F_NCONF_DUMP_FP				 106
 #define CONF_F_NCONF_GET_NUMBER				 107
@@ -175,14 +211,19 @@ void ERR_load_CONF_strings(void);
 #define CONF_F_STR_COPY					 101
 
 /* Reason codes. */
+#define CONF_R_ERROR_LOADING_DSO			 110
 #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET		 100
 #define CONF_R_MISSING_EQUAL_SIGN			 101
+#define CONF_R_MISSING_FINISH_FUNCTION			 111
+#define CONF_R_MISSING_INIT_FUNCTION			 112
+#define CONF_R_MODULE_INITIALIZATION_ERROR		 109
 #define CONF_R_NO_CLOSE_BRACE				 102
 #define CONF_R_NO_CONF					 105
 #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE		 106
 #define CONF_R_NO_SECTION				 107
 #define CONF_R_NO_VALUE					 108
 #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION		 103
+#define CONF_R_UNKNOWN_MODULE_NAME			 113
 #define CONF_R_VARIABLE_HAS_NO_VALUE			 104
 
 #ifdef  __cplusplus

crypto/conf/conf_err.c

@@ -70,6 +70,10 @@ static ERR_STRING_DATA CONF_str_functs[]=
 {ERR_PACK(0,CONF_F_CONF_LOAD,0),	"CONF_load"},
 {ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0),	"CONF_load_bio"},
 {ERR_PACK(0,CONF_F_CONF_LOAD_FP,0),	"CONF_load_fp"},
+{ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0),	"CONF_modules_load"},
+{ERR_PACK(0,CONF_F_MODULE_INIT,0),	"MODULE_INIT"},
+{ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0),	"MODULE_LOAD_DSO"},
+{ERR_PACK(0,CONF_F_MODULE_RUN,0),	"MODULE_RUN"},
 {ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0),	"NCONF_dump_bio"},
 {ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0),	"NCONF_dump_fp"},
 {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0),	"NCONF_get_number"},
@@ -86,14 +90,19 @@ static ERR_STRING_DATA CONF_str_functs[]=
 
 static ERR_STRING_DATA CONF_str_reasons[]=
 	{
+{CONF_R_ERROR_LOADING_DSO                ,"error loading dso"},
 {CONF_R_MISSING_CLOSE_SQUARE_BRACKET     ,"missing close square bracket"},
 {CONF_R_MISSING_EQUAL_SIGN               ,"missing equal sign"},
+{CONF_R_MISSING_FINISH_FUNCTION          ,"missing finish function"},
+{CONF_R_MISSING_INIT_FUNCTION            ,"missing init function"},
+{CONF_R_MODULE_INITIALIZATION_ERROR      ,"module initialization error"},
 {CONF_R_NO_CLOSE_BRACE                   ,"no close brace"},
 {CONF_R_NO_CONF                          ,"no conf"},
 {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE  ,"no conf or environment variable"},
 {CONF_R_NO_SECTION                       ,"no section"},
 {CONF_R_NO_VALUE                         ,"no value"},
 {CONF_R_UNABLE_TO_CREATE_NEW_SECTION     ,"unable to create new section"},
+{CONF_R_UNKNOWN_MODULE_NAME              ,"unknown module name"},
 {CONF_R_VARIABLE_HAS_NO_VALUE            ,"variable has no value"},
 {0,NULL}
 	};

crypto/conf/conf_mall.c

+/* conf_mall.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+#include <openssl/asn1.h>
+
+void OPENSSL_load_builtin_modules(void)
+	{
+	/* Add builtin modules here */
+	ASN1_add_oid_module();
+	}
+
+/* This is the automatic configuration loader: it is called automatically by
+ * OpenSSL when any of a number of standard initialisation functions are called,
+ * unless this is overridden by calling OPENSSL_no_config()
+ */
+
+static int openssl_configured = 0;
+
+void OPENSSL_config(void)
+	{
+	char *file, config_name[256];
+	if (openssl_configured)
+		return;
+
+	OPENSSL_load_builtin_modules();
+
+	file = getenv("OPENSSL_CONF");
+	if (!file)
+                {
+		strcpy(config_name,X509_get_default_cert_area());
+#ifndef OPENSSL_SYS_VMS
+		strcat(config_name,"/");
+#endif
+		strcat(config_name,OPENSSL_CONF);
+		file=config_name;
+                }
+
+	CONF_modules_load_file(file, "openssl_config", CONF_MFLAGS_IGNORE_ERRORS);
+
+	return;
+
+	}
+
+void OPENSSL_no_config()
+	{
+	openssl_configured = 1;
+	}

crypto/conf/conf_mod.c

+/* conf_mod.c */
+/* Written by Stephen Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <openssl/crypto.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/dso.h>
+#include <openssl/x509.h>
+
+
+#define DSO_mod_init_name "OPENSSL_init"
+#define DSO_mod_finish_name "OPENSSL_finish"
+
+
+/* This structure contains a data about supported modules.
+ * entries in this table correspond to either dynamic or
+ * static modules.
+ */
+
+struct conf_module_st
+	{
+	/* DSO of this module or NULL if static */
+	DSO *dso;
+	/* Name of the module */
+	char *name;
+	/* Init function */
+	conf_init_func *init; 
+	/* Finish function */
+	conf_finish_func *finish;
+	/* Number of successfully initialized modules */
+	int links;
+	void *usr_data;
+	};
+
+
+/* This structure contains information about modules that have been
+ * successfully initialized. There may be more than one entry for a
+ * given module.
+ */
+
+struct conf_imodule_st
+	{
+	CONF_MODULE *pmod;
+	char *name;
+	char *value;
+	unsigned long flags;
+	void *usr_data;
+	};
+
+static STACK_OF(CONF_MODULE) *supported_modules = NULL;
+static STACK_OF(CONF_IMODULE) *initialized_modules = NULL;
+
+static void module_free(CONF_MODULE *md);
+static void module_finish(CONF_IMODULE *imod);
+static int module_run(CONF *cnf, char *name, char *value, unsigned long flags);
+static CONF_MODULE *module_add(DSO *dso, char *name,
+			conf_init_func *ifunc, conf_finish_func *ffunc);
+static CONF_MODULE *module_find(char *name);
+static int module_init(CONF_MODULE *pmod, char *name, char *value, CONF *cnf);
+static CONF_MODULE *module_load_dso(CONF *cnf, char *name, char *value, unsigned long flags);
+
+/* Main function: load modules from a CONF structure */
+
+int CONF_modules_load(CONF *cnf, char *appname, unsigned long flags)
+	{
+	STACK_OF(CONF_VALUE) *values;
+	CONF_VALUE *vl;
+	char *vsection;
+
+	int ret, i;
+
+	if (!cnf || !appname)
+		return 1;
+
+
+	vsection = NCONF_get_string(cnf, NULL, appname); 
+
+	if (!vsection)
+		{
+		ERR_clear_error();
+		return 1;
+		}
+
+	values = NCONF_get_section(cnf, vsection);
+
+	if (!values)
+		return 0;
+
+	for (i = 0; i < sk_CONF_VALUE_num(values); i++)
+		{
+		vl = sk_CONF_VALUE_value(values, i);
+		ret = module_run(cnf, vl->name, vl->value, flags);
+		if (ret <= 0)
+			if(!(flags & CONF_MFLAGS_IGNORE_ERRORS))
+				return ret;
+		}
+
+	return 1;
+
+	}
+
+int CONF_modules_load_file(char *filename, char *appname, unsigned long flags)
+	{
+	CONF *conf = NULL;
+	int ret = 0;
+	conf = NCONF_new(NULL);
+	if (!conf)
+		goto err;
+
+	if (NCONF_load(conf, filename, NULL) <= 0)
+		goto err;
+
+	ret = CONF_modules_load(conf, appname, flags);
+
+	err:
+	NCONF_free(conf);
+
+	return ret;
+	}
+
+static int module_run(CONF *cnf, char *name, char *value, unsigned long flags)
+	{
+	CONF_MODULE *md;
+	int ret;
+
+	md = module_find(name);
+
+	/* Module not found: try to load DSO */
+	if (!md)
+		md = module_load_dso(cnf, name, value, flags);
+
+	if (!md)
+		{
+		if (!(flags & CONF_MFLAGS_SILENT))
+			{
+			CONFerr(CONF_F_MODULE_RUN, CONF_R_UNKNOWN_MODULE_NAME);
+			ERR_add_error_data(2, "module=", name);
+			}
+		return -1;
+		}
+
+	ret = module_init(md, name, value, cnf);
+
+	if (ret <= 0)
+		{
+		if (!(flags & CONF_MFLAGS_SILENT))
+			{
+			char rcode[10];
+			CONFerr(CONF_F_CONF_MODULES_LOAD, CONF_R_MODULE_INITIALIZATION_ERROR);
+			sprintf(rcode, "%-8d", ret);
+			ERR_add_error_data(6, "module=", name, ", value=", value, ", retcode=", rcode);
+			}
+		}
+
+	return ret;
+	}
+
+/* Load a module from a DSO */
+static CONF_MODULE *module_load_dso(CONF *cnf, char *name, char *value, unsigned long flags)
+	{
+	DSO *dso = NULL;
+	conf_init_func *ifunc;
+	conf_finish_func *ffunc;
+	char *path = NULL;
+	int errcode = 0;
+	CONF_MODULE *md;
+	/* Look for alternative path in module section */
+	path = NCONF_get_string(cnf, value, "path");
+	if (!path)
+		{
+		ERR_get_error();
+		path = name;
+		}
+	dso = DSO_load(NULL, path, NULL, 0);
+	if (!dso)
+		{
+		errcode = CONF_R_ERROR_LOADING_DSO;
+		goto err;
+		}
+        ifunc = (conf_init_func *)DSO_bind_func(dso, DSO_mod_init_name);
+	if (!ifunc)
+		{
+		errcode = CONF_R_MISSING_INIT_FUNCTION;
+		goto err;
+		}
+        ffunc = (conf_finish_func *)DSO_bind_func(dso, DSO_mod_finish_name);
+	if (!ffunc)
+		{
+		errcode = CONF_R_MISSING_FINISH_FUNCTION;
+		goto err;
+		}
+	/* All OK, add module */
+	md = module_add(dso, name, ifunc, ffunc);
+
+	if (!md)
+		goto err;
+
+	return md;
+
+	err:
+	if (dso)
+		DSO_free(dso);
+	CONFerr(CONF_F_MODULE_LOAD_DSO, errcode);
+	ERR_add_error_data(4, "module=", name, ", path=", path);
+	return NULL;
+	}
+
+/* add module to list */
+static CONF_MODULE *module_add(DSO *dso, char *name,
+			conf_init_func *ifunc, conf_finish_func *ffunc)
+	{
+	CONF_MODULE *tmod = NULL;
+	if (supported_modules == NULL)
+		supported_modules = sk_CONF_MODULE_new_null();
+	if (supported_modules == NULL)
+		return NULL;
+	tmod = OPENSSL_malloc(sizeof(CONF_MODULE));
+	if (tmod == NULL)
+		return NULL;
+
+	tmod->dso = dso;
+	tmod->name = BUF_strdup(name);
+	tmod->init = ifunc;
+	tmod->finish = ffunc;
+	tmod->links = 0;
+
+	if (!sk_CONF_MODULE_push(supported_modules, tmod))
+		{
+		OPENSSL_free(tmod);
+		return NULL;
+		}
+
+	return tmod;
+	}
+
+/* Find a module from the list. We allow module names of the
+ * form modname.XXXX to just search for modname to allow the
+ * same module to be initialized more than once.
+ */
+
+static CONF_MODULE *module_find(char *name)
+	{
+	CONF_MODULE *tmod;
+	int i, nchar;
+	char *p;
+	p = strrchr(name, '.');
+
+	if (p)
+		nchar = p - name;
+	else 
+		nchar = strlen(name);
+
+	for (i = 0; i < sk_CONF_MODULE_num(supported_modules); i++)
+		{
+		tmod = sk_CONF_MODULE_value(supported_modules, i);
+		if (!strncmp(tmod->name, name, nchar))
+			return tmod;
+		}
+
+	return NULL;
+
+	}
+
+/* initialize a module */
+static int module_init(CONF_MODULE *pmod, char *name, char *value, CONF *cnf)
+	{
+	int ret, init_called = 0;
+	CONF_IMODULE *imod = NULL;
+
+	/* Otherwise add initialized module to list */
+	imod = OPENSSL_malloc(sizeof(CONF_IMODULE));
+	if (!imod)
+		goto err;
+
+	imod->pmod = pmod;
+	imod->name = BUF_strdup(name);
+	imod->value = BUF_strdup(value);
+	imod->usr_data = NULL;
+
+	if (!imod->name || !imod->value)
+		goto memerr;
+
+	/* Try to initialize module */
+	if(pmod->init)
+		{
+		ret = pmod->init(imod, cnf);
+		init_called = 1;
+		/* Error occurred, exit */
+		if (ret <= 0)
+			goto err;
+		}
+
+	if (initialized_modules == NULL)
+		initialized_modules = sk_CONF_IMODULE_new_null();
+
+	if (!initialized_modules)
+		goto err;
+
+	if (!sk_CONF_IMODULE_push(initialized_modules, imod))
+		goto err;
+
+	pmod->links++;
+
+	return ret;
+
+	err:
+
+	CONFerr(CONF_F_MODULE_INIT, ERR_R_MALLOC_FAILURE);
+
+	/* We've started the module so we'd better finish it */
+	if (pmod->finish && init_called)
+		pmod->finish(imod);
+
+	memerr:
+	if (imod)
+		{
+		if (imod->name)
+			OPENSSL_free(imod->name);
+		if (imod->value)
+			OPENSSL_free(imod->value);
+		OPENSSL_free(imod);
+		}
+
+	return -1;
+
+	}
+
+/* Unload any dynamic modules that have a link count of zero:
+ * i.e. have no active initialized modules. If 'all' is set
+ * then all modules are unloaded including static ones.
+ */
+
+void CONF_modules_unload(int all)
+	{
+	int i;
+	CONF_MODULE *md;
+	/* unload modules in reverse order */
+	for (i = sk_CONF_MODULE_num(supported_modules) - 1; i >= 0; i--)
+		{
+		md = sk_CONF_MODULE_value(supported_modules, i);
+		/* If static or in use and 'all' not set ignore it */
+		if (((md->links > 0) || !md->dso) && !all)
+			continue;
+		/* Since we're working in reverse this is OK */
+		sk_CONF_MODULE_delete(supported_modules, i);
+		module_free(md);
+		}
+	if (sk_CONF_MODULE_num(supported_modules) == 0)
+		{
+		sk_CONF_MODULE_free(supported_modules);
+		supported_modules = NULL;
+		}
+	}
+
+/* unload a single module */
+static void module_free(CONF_MODULE *md)
+	{
+	if (md->dso)
+		DSO_free(md->dso);
+	OPENSSL_free(md->name);
+	OPENSSL_free(md);
+	}
+
+/* finish and free up all modules instances */
+
+void CONF_modules_finish(void)
+	{
+	CONF_IMODULE *imod;
+	while (sk_CONF_IMODULE_num(initialized_modules) > 0)
+		{
+		imod = sk_CONF_IMODULE_pop(initialized_modules);
+		module_finish(imod);
+		}
+	sk_CONF_IMODULE_free(initialized_modules);
+	initialized_modules = NULL;
+	}
+
+/* finish a module instance */
+
+static void module_finish(CONF_IMODULE *imod)
+	{
+	imod->pmod->finish(imod);
+	imod->pmod->links--;
+	OPENSSL_free(imod->name);
+	OPENSSL_free(imod->value);
+	OPENSSL_free(imod);
+	}
+
+/* Add a static module to OpenSSL */
+
+int CONF_module_add(char *name, conf_init_func *ifunc, conf_finish_func *ffunc)
+	{
+	if (module_add(NULL, name, ifunc, ffunc))
+		return 1;
+	else
+		return 0;
+	}
+
+void CONF_modules_free(void)
+	{
+	CONF_modules_finish();
+	CONF_modules_unload(1);
+	}
+
+/* Utility functions */
+
+char *CONF_imodule_get_name(CONF_IMODULE *md)
+	{
+	return md->name;
+	}
+
+char *CONF_imodule_get_value(CONF_IMODULE *md)
+	{
+	return md->value;
+	}
+
+void *CONF_imodule_get_usr_data(CONF_IMODULE *md)
+	{
+	return md->usr_data;
+	}
+
+void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data)
+	{
+	md->usr_data = usr_data;
+	}
+
+CONF_MODULE *CONF_imodule_get_module(CONF_IMODULE *md)
+	{
+	return md->pmod;
+	}
+
+unsigned long CONF_imodule_get_flags(CONF_IMODULE *md)
+	{
+	return md->flags;
+	}
+
+void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags)
+	{
+	md->flags = flags;
+	}
+
+void *CONF_module_get_usr_data(CONF_MODULE *pmod)
+	{
+	return pmod->usr_data;
+	}
+
+void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data)
+	{
+	pmod->usr_data = usr_data;
+	}
+

crypto/stack/safestack.h

@@ -344,6 +344,46 @@ STACK_OF(type) \
 #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st))
 #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st))
 
+#define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE)
+#define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val))
+#define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val))
+#define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i))
+#define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr))
+#define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i))
+#define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp))
+#define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st)
+#define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func))
+#define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st))
+#define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st))
+
+#define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st))
+#define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE)
+#define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st))
+#define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st))
+#define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val))
+#define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st))
+#define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val))
+#define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i))
+#define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr))
+#define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i))
+#define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp))
+#define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st)
+#define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func))
+#define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st))
+#define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st))
+#define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st))
+
 #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st))
 #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE)
 #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st))