[thirdparty/openssl.git] / ssl / ssl_mcnf.c

/*
 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <openssl/conf.h>
#include <openssl/ssl.h>
#include "ssl_local.h"
#include "internal/sslconf.h"

/* SSL library configuration module. */

void SSL_add_ssl_module(void)
{
    /* Do nothing. This will be added automatically by libcrypto */
}

static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
{
    SSL_CONF_CTX *cctx = NULL;
    size_t i, idx, cmd_count;
    int rv = 0;
    unsigned int flags;
    const SSL_METHOD *meth;
    const SSL_CONF_CMD *cmds;
    OSSL_LIB_CTX *prev_libctx = NULL;
    OSSL_LIB_CTX *libctx = NULL;

    if (s == NULL && ctx == NULL) {
        ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
        goto err;
    }

    if (name == NULL && system)
        name = "system_default";
    if (!conf_ssl_name_find(name, &idx)) {
        if (!system) {
            ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME);
            ERR_add_error_data(2, "name=", name);
        }
        goto err;
    }
    cmds = conf_ssl_get(idx, &name, &cmd_count);
    cctx = SSL_CONF_CTX_new();
    if (cctx == NULL)
        goto err;
    flags = SSL_CONF_FLAG_FILE;
    if (!system)
        flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
    if (s != NULL) {
        meth = s->method;
        SSL_CONF_CTX_set_ssl(cctx, s);
        libctx = s->ctx->libctx;
    } else {
        meth = ctx->method;
        SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
        libctx = ctx->libctx;
    }
    if (meth->ssl_accept != ssl_undefined_function)
        flags |= SSL_CONF_FLAG_SERVER;
    if (meth->ssl_connect != ssl_undefined_function)
        flags |= SSL_CONF_FLAG_CLIENT;
    SSL_CONF_CTX_set_flags(cctx, flags);
    prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
    for (i = 0; i < cmd_count; i++) {
        char *cmdstr, *arg;

        conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
        rv = SSL_CONF_cmd(cctx, cmdstr, arg);
        if (rv <= 0) {
            if (rv == -2)
                ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_COMMAND);
            else
                ERR_raise(ERR_LIB_SSL, SSL_R_BAD_VALUE);
            ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr,
                               ", arg=", arg);
            goto err;
        }
    }
    rv = SSL_CONF_CTX_finish(cctx);
 err:
    OSSL_LIB_CTX_set0_default(prev_libctx);
    SSL_CONF_CTX_free(cctx);
    return rv <= 0 ? 0 : 1;
}

int SSL_config(SSL *s, const char *name)
{
    return ssl_do_config(s, NULL, name, 0);
}

int SSL_CTX_config(SSL_CTX *ctx, const char *name)
{
    return ssl_do_config(NULL, ctx, name, 0);
}

void ssl_ctx_system_config(SSL_CTX *ctx)
{
    ssl_do_config(NULL, ctx, NULL, 1);
}
Commit	Line	Data
59b1696c	1	/*
0f84cbc3	2	* Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
59b1696c	3	*
2c18d164	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
846e33c7 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
59b1696c DSH	8	*/
	9
	10	#include <stdio.h>
	11	#include <openssl/conf.h>
	12	#include <openssl/ssl.h>
706457b7	13	#include "ssl_local.h"
d8f031e8	14	#include "internal/sslconf.h"
59b1696c DSH	15
	16	/* SSL library configuration module. */
	17
59b1696c DSH	18	void SSL_add_ssl_module(void)
59b1696c DSH	19	{
d8f031e8	20	/* Do nothing. This will be added automatically by libcrypto */
59b1696c DSH	21	}
59b1696c DSH	22
8a5ed9dc	23	static int ssl_do_config(SSL s, SSL_CTX ctx, const char *name, int system)
59b1696c DSH	24	{
59b1696c DSH	25	SSL_CONF_CTX *cctx = NULL;
d8f031e8	26	size_t i, idx, cmd_count;
59b1696c DSH	27	int rv = 0;
	28	unsigned int flags;
	29	const SSL_METHOD *meth;
d8f031e8	30	const SSL_CONF_CMD *cmds;
b4250010 DMSP	31	OSSL_LIB_CTX *prev_libctx = NULL;
b4250010 DMSP	32	OSSL_LIB_CTX *libctx = NULL;
8a5ed9dc	33
59b1696c	34	if (s == NULL && ctx == NULL) {
6849b73c	35	ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
59b1696c DSH	36	goto err;
59b1696c DSH	37	}
8a5ed9dc TM	38
	39	if (name == NULL && system)
	40	name = "system_default";
d8f031e8	41	if (!conf_ssl_name_find(name, &idx)) {
8a5ed9dc	42	if (!system) {
6849b73c	43	ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME);
8a5ed9dc TM	44	ERR_add_error_data(2, "name=", name);
8a5ed9dc TM	45	}
59b1696c DSH	46	goto err;
59b1696c DSH	47	}
d8f031e8	48	cmds = conf_ssl_get(idx, &name, &cmd_count);
59b1696c DSH	49	cctx = SSL_CONF_CTX_new();
	50	if (cctx == NULL)
	51	goto err;
	52	flags = SSL_CONF_FLAG_FILE;
8a5ed9dc TM	53	if (!system)
8a5ed9dc TM	54	flags \|= SSL_CONF_FLAG_CERTIFICATE \| SSL_CONF_FLAG_REQUIRE_PRIVATE;
59b1696c DSH	55	if (s != NULL) {
	56	meth = s->method;
	57	SSL_CONF_CTX_set_ssl(cctx, s);
6725682d	58	libctx = s->ctx->libctx;
59b1696c DSH	59	} else {
	60	meth = ctx->method;
	61	SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
6725682d	62	libctx = ctx->libctx;
59b1696c DSH	63	}
59b1696c DSH	64	if (meth->ssl_accept != ssl_undefined_function)
a230b26e	65	flags \|= SSL_CONF_FLAG_SERVER;
59b1696c	66	if (meth->ssl_connect != ssl_undefined_function)
a230b26e	67	flags \|= SSL_CONF_FLAG_CLIENT;
59b1696c	68	SSL_CONF_CTX_set_flags(cctx, flags);
b4250010	69	prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
d8f031e8 MC	70	for (i = 0; i < cmd_count; i++) {
	71	char cmdstr, arg;
	72
	73	conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
	74	rv = SSL_CONF_cmd(cctx, cmdstr, arg);
59b1696c DSH	75	if (rv <= 0) {
59b1696c DSH	76	if (rv == -2)
6849b73c	77	ERR_raise(ERR_LIB_SSL, SSL_R_UNKNOWN_COMMAND);
0485d540	78	else
6849b73c	79	ERR_raise(ERR_LIB_SSL, SSL_R_BAD_VALUE);
d8f031e8 MC	80	ERR_add_error_data(6, "section=", name, ", cmd=", cmdstr,
d8f031e8 MC	81	", arg=", arg);
59b1696c DSH	82	goto err;
	83	}
	84	}
	85	rv = SSL_CONF_CTX_finish(cctx);
a230b26e	86	err:
b4250010	87	OSSL_LIB_CTX_set0_default(prev_libctx);
59b1696c DSH	88	SSL_CONF_CTX_free(cctx);
	89	return rv <= 0 ? 0 : 1;
	90	}
	91
	92	int SSL_config(SSL s, const char name)
	93	{
8a5ed9dc	94	return ssl_do_config(s, NULL, name, 0);
59b1696c DSH	95	}
	96
	97	int SSL_CTX_config(SSL_CTX ctx, const char name)
	98	{
8a5ed9dc TM	99	return ssl_do_config(NULL, ctx, name, 0);
	100	}
	101
	102	void ssl_ctx_system_config(SSL_CTX *ctx)
	103	{
	104	ssl_do_config(NULL, ctx, NULL, 1);
59b1696c	105	}