2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/conf.h>
13 #include <openssl/err.h>
14 #include "internal/sslconf.h"
15 #include "conf_local.h"
17 DEFINE_STACK_OF(CONF_VALUE
)
20 * SSL library configuration module placeholder. We load it here but defer
21 * all decisions about its contents to libssl.
24 struct ssl_conf_name_st
{
25 /* Name of this set of commands */
27 /* List of commands */
29 /* Number of commands */
33 struct ssl_conf_cmd_st
{
40 static struct ssl_conf_name_st
*ssl_names
;
41 static size_t ssl_names_count
;
43 static void ssl_module_free(CONF_IMODULE
*md
)
46 if (ssl_names
== NULL
)
48 for (i
= 0; i
< ssl_names_count
; i
++) {
49 struct ssl_conf_name_st
*tname
= ssl_names
+ i
;
51 OPENSSL_free(tname
->name
);
52 for (j
= 0; j
< tname
->cmd_count
; j
++) {
53 OPENSSL_free(tname
->cmds
[j
].cmd
);
54 OPENSSL_free(tname
->cmds
[j
].arg
);
56 OPENSSL_free(tname
->cmds
);
58 OPENSSL_free(ssl_names
);
63 static int ssl_module_init(CONF_IMODULE
*md
, const CONF
*cnf
)
67 const char *ssl_conf_section
;
68 STACK_OF(CONF_VALUE
) *cmd_lists
;
70 ssl_conf_section
= CONF_imodule_get_value(md
);
71 cmd_lists
= NCONF_get_section(cnf
, ssl_conf_section
);
72 if (sk_CONF_VALUE_num(cmd_lists
) <= 0) {
73 if (cmd_lists
== NULL
)
74 CONFerr(CONF_F_SSL_MODULE_INIT
, CONF_R_SSL_SECTION_NOT_FOUND
);
76 CONFerr(CONF_F_SSL_MODULE_INIT
, CONF_R_SSL_SECTION_EMPTY
);
77 ERR_add_error_data(2, "section=", ssl_conf_section
);
80 cnt
= sk_CONF_VALUE_num(cmd_lists
);
82 ssl_names
= OPENSSL_zalloc(sizeof(*ssl_names
) * cnt
);
83 if (ssl_names
== NULL
)
85 ssl_names_count
= cnt
;
86 for (i
= 0; i
< ssl_names_count
; i
++) {
87 struct ssl_conf_name_st
*ssl_name
= ssl_names
+ i
;
88 CONF_VALUE
*sect
= sk_CONF_VALUE_value(cmd_lists
, (int)i
);
89 STACK_OF(CONF_VALUE
) *cmds
= NCONF_get_section(cnf
, sect
->value
);
91 if (sk_CONF_VALUE_num(cmds
) <= 0) {
93 CONFerr(CONF_F_SSL_MODULE_INIT
,
94 CONF_R_SSL_COMMAND_SECTION_NOT_FOUND
);
96 CONFerr(CONF_F_SSL_MODULE_INIT
,
97 CONF_R_SSL_COMMAND_SECTION_EMPTY
);
98 ERR_add_error_data(4, "name=", sect
->name
, ", value=", sect
->value
);
101 ssl_name
->name
= OPENSSL_strdup(sect
->name
);
102 if (ssl_name
->name
== NULL
)
104 cnt
= sk_CONF_VALUE_num(cmds
);
105 ssl_name
->cmds
= OPENSSL_zalloc(cnt
* sizeof(struct ssl_conf_cmd_st
));
106 if (ssl_name
->cmds
== NULL
)
108 ssl_name
->cmd_count
= cnt
;
109 for (j
= 0; j
< cnt
; j
++) {
111 CONF_VALUE
*cmd_conf
= sk_CONF_VALUE_value(cmds
, (int)j
);
112 struct ssl_conf_cmd_st
*cmd
= ssl_name
->cmds
+ j
;
114 /* Skip any initial dot in name */
115 name
= strchr(cmd_conf
->name
, '.');
119 name
= cmd_conf
->name
;
120 cmd
->cmd
= OPENSSL_strdup(name
);
121 cmd
->arg
= OPENSSL_strdup(cmd_conf
->value
);
122 if (cmd
->cmd
== NULL
|| cmd
->arg
== NULL
)
135 * Returns the set of commands with index |idx| previously searched for via
136 * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
137 * and the number of commands in the set in |*cnt|.
139 const SSL_CONF_CMD
*conf_ssl_get(size_t idx
, const char **name
, size_t *cnt
)
141 *name
= ssl_names
[idx
].name
;
142 *cnt
= ssl_names
[idx
].cmd_count
;
143 return ssl_names
[idx
].cmds
;
147 * Search for the named set of commands given in |name|. On success return the
148 * index for the command set in |*idx|.
149 * Returns 1 on success or 0 on failure.
151 int conf_ssl_name_find(const char *name
, size_t *idx
)
154 const struct ssl_conf_name_st
*nm
;
158 for (i
= 0, nm
= ssl_names
; i
< ssl_names_count
; i
++, nm
++) {
159 if (strcmp(nm
->name
, name
) == 0) {
168 * Given a command set |cmd|, return details on the command at index |idx| which
169 * must be less than the number of commands in the set (as returned by
170 * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
171 * argument is returned in |*arg|.
173 void conf_ssl_get_cmd(const SSL_CONF_CMD
*cmd
, size_t idx
, char **cmdstr
,
176 *cmdstr
= cmd
[idx
].cmd
;
180 void conf_add_ssl_module(void)
182 CONF_module_add("ssl_conf", ssl_module_init
, ssl_module_free
);