2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/conf.h>
13 #include <openssl/err.h>
14 #include "internal/sslconf.h"
15 #include "conf_local.h"
18 * SSL library configuration module placeholder. We load it here but defer
19 * all decisions about its contents to libssl.
22 struct ssl_conf_name_st
{
23 /* Name of this set of commands */
25 /* List of commands */
27 /* Number of commands */
31 struct ssl_conf_cmd_st
{
38 static struct ssl_conf_name_st
*ssl_names
;
39 static size_t ssl_names_count
;
41 static void ssl_module_free(CONF_IMODULE
*md
)
44 if (ssl_names
== NULL
)
46 for (i
= 0; i
< ssl_names_count
; i
++) {
47 struct ssl_conf_name_st
*tname
= ssl_names
+ i
;
49 OPENSSL_free(tname
->name
);
50 for (j
= 0; j
< tname
->cmd_count
; j
++) {
51 OPENSSL_free(tname
->cmds
[j
].cmd
);
52 OPENSSL_free(tname
->cmds
[j
].arg
);
54 OPENSSL_free(tname
->cmds
);
56 OPENSSL_free(ssl_names
);
61 static int ssl_module_init(CONF_IMODULE
*md
, const CONF
*cnf
)
65 const char *ssl_conf_section
;
66 STACK_OF(CONF_VALUE
) *cmd_lists
;
68 ssl_conf_section
= CONF_imodule_get_value(md
);
69 cmd_lists
= NCONF_get_section(cnf
, ssl_conf_section
);
70 if (sk_CONF_VALUE_num(cmd_lists
) <= 0) {
73 ? CONF_R_SSL_SECTION_NOT_FOUND
74 : CONF_R_SSL_SECTION_EMPTY
;
76 ERR_raise_data(ERR_LIB_CONF
, rcode
, "section=%s", ssl_conf_section
);
79 cnt
= sk_CONF_VALUE_num(cmd_lists
);
81 ssl_names
= OPENSSL_zalloc(sizeof(*ssl_names
) * cnt
);
82 if (ssl_names
== NULL
)
84 ssl_names_count
= cnt
;
85 for (i
= 0; i
< ssl_names_count
; i
++) {
86 struct ssl_conf_name_st
*ssl_name
= ssl_names
+ i
;
87 CONF_VALUE
*sect
= sk_CONF_VALUE_value(cmd_lists
, (int)i
);
88 STACK_OF(CONF_VALUE
) *cmds
= NCONF_get_section(cnf
, sect
->value
);
90 if (sk_CONF_VALUE_num(cmds
) <= 0) {
93 ? CONF_R_SSL_COMMAND_SECTION_NOT_FOUND
94 : CONF_R_SSL_COMMAND_SECTION_EMPTY
;
96 ERR_raise_data(ERR_LIB_CONF
, rcode
,
97 "name=%s, value=%s", sect
->name
, sect
->value
);
100 ssl_name
->name
= OPENSSL_strdup(sect
->name
);
101 if (ssl_name
->name
== NULL
)
103 cnt
= sk_CONF_VALUE_num(cmds
);
104 ssl_name
->cmds
= OPENSSL_zalloc(cnt
* sizeof(struct ssl_conf_cmd_st
));
105 if (ssl_name
->cmds
== NULL
)
107 ssl_name
->cmd_count
= cnt
;
108 for (j
= 0; j
< cnt
; j
++) {
110 CONF_VALUE
*cmd_conf
= sk_CONF_VALUE_value(cmds
, (int)j
);
111 struct ssl_conf_cmd_st
*cmd
= ssl_name
->cmds
+ j
;
113 /* Skip any initial dot in name */
114 name
= strchr(cmd_conf
->name
, '.');
118 name
= cmd_conf
->name
;
119 cmd
->cmd
= OPENSSL_strdup(name
);
120 cmd
->arg
= OPENSSL_strdup(cmd_conf
->value
);
121 if (cmd
->cmd
== NULL
|| cmd
->arg
== NULL
)
134 * Returns the set of commands with index |idx| previously searched for via
135 * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
136 * and the number of commands in the set in |*cnt|.
138 const SSL_CONF_CMD
*conf_ssl_get(size_t idx
, const char **name
, size_t *cnt
)
140 *name
= ssl_names
[idx
].name
;
141 *cnt
= ssl_names
[idx
].cmd_count
;
142 return ssl_names
[idx
].cmds
;
146 * Search for the named set of commands given in |name|. On success return the
147 * index for the command set in |*idx|.
148 * Returns 1 on success or 0 on failure.
150 int conf_ssl_name_find(const char *name
, size_t *idx
)
153 const struct ssl_conf_name_st
*nm
;
157 for (i
= 0, nm
= ssl_names
; i
< ssl_names_count
; i
++, nm
++) {
158 if (strcmp(nm
->name
, name
) == 0) {
167 * Given a command set |cmd|, return details on the command at index |idx| which
168 * must be less than the number of commands in the set (as returned by
169 * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
170 * argument is returned in |*arg|.
172 void conf_ssl_get_cmd(const SSL_CONF_CMD
*cmd
, size_t idx
, char **cmdstr
,
175 *cmdstr
= cmd
[idx
].cmd
;
179 void ossl_config_add_ssl_module(void)
181 CONF_module_add("ssl_conf", ssl_module_init
, ssl_module_free
);