]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/conf/conf_ssl.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update copyright year
[thirdparty/openssl.git] / crypto / conf / conf_ssl.c
1 /*
2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include <string.h>
12 #include <openssl/conf.h>
13 #include <openssl/err.h>
14 #include "internal/sslconf.h"
15 #include "conf_local.h"
16
17 DEFINE_STACK_OF(CONF_VALUE)
18
19 /*
20 * SSL library configuration module placeholder. We load it here but defer
21 * all decisions about its contents to libssl.
22 */
23
24 struct ssl_conf_name_st {
25 /* Name of this set of commands */
26 char *name;
27 /* List of commands */
28 SSL_CONF_CMD *cmds;
29 /* Number of commands */
30 size_t cmd_count;
31 };
32
33 struct ssl_conf_cmd_st {
34 /* Command */
35 char *cmd;
36 /* Argument */
37 char *arg;
38 };
39
40 static struct ssl_conf_name_st *ssl_names;
41 static size_t ssl_names_count;
42
43 static void ssl_module_free(CONF_IMODULE *md)
44 {
45 size_t i, j;
46 if (ssl_names == NULL)
47 return;
48 for (i = 0; i < ssl_names_count; i++) {
49 struct ssl_conf_name_st *tname = ssl_names + i;
50
51 OPENSSL_free(tname->name);
52 for (j = 0; j < tname->cmd_count; j++) {
53 OPENSSL_free(tname->cmds[j].cmd);
54 OPENSSL_free(tname->cmds[j].arg);
55 }
56 OPENSSL_free(tname->cmds);
57 }
58 OPENSSL_free(ssl_names);
59 ssl_names = NULL;
60 ssl_names_count = 0;
61 }
62
63 static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
64 {
65 size_t i, j, cnt;
66 int rv = 0;
67 const char *ssl_conf_section;
68 STACK_OF(CONF_VALUE) *cmd_lists;
69
70 ssl_conf_section = CONF_imodule_get_value(md);
71 cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
72 if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
73 if (cmd_lists == NULL)
74 CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND);
75 else
76 CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY);
77 ERR_add_error_data(2, "section=", ssl_conf_section);
78 goto err;
79 }
80 cnt = sk_CONF_VALUE_num(cmd_lists);
81 ssl_module_free(md);
82 ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
83 if (ssl_names == NULL)
84 goto err;
85 ssl_names_count = cnt;
86 for (i = 0; i < ssl_names_count; i++) {
87 struct ssl_conf_name_st *ssl_name = ssl_names + i;
88 CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
89 STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
90
91 if (sk_CONF_VALUE_num(cmds) <= 0) {
92 if (cmds == NULL)
93 CONFerr(CONF_F_SSL_MODULE_INIT,
94 CONF_R_SSL_COMMAND_SECTION_NOT_FOUND);
95 else
96 CONFerr(CONF_F_SSL_MODULE_INIT,
97 CONF_R_SSL_COMMAND_SECTION_EMPTY);
98 ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
99 goto err;
100 }
101 ssl_name->name = OPENSSL_strdup(sect->name);
102 if (ssl_name->name == NULL)
103 goto err;
104 cnt = sk_CONF_VALUE_num(cmds);
105 ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
106 if (ssl_name->cmds == NULL)
107 goto err;
108 ssl_name->cmd_count = cnt;
109 for (j = 0; j < cnt; j++) {
110 const char *name;
111 CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
112 struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j;
113
114 /* Skip any initial dot in name */
115 name = strchr(cmd_conf->name, '.');
116 if (name != NULL)
117 name++;
118 else
119 name = cmd_conf->name;
120 cmd->cmd = OPENSSL_strdup(name);
121 cmd->arg = OPENSSL_strdup(cmd_conf->value);
122 if (cmd->cmd == NULL || cmd->arg == NULL)
123 goto err;
124 }
125
126 }
127 rv = 1;
128 err:
129 if (rv == 0)
130 ssl_module_free(md);
131 return rv;
132 }
133
134 /*
135 * Returns the set of commands with index |idx| previously searched for via
136 * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
137 * and the number of commands in the set in |*cnt|.
138 */
139 const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt)
140 {
141 *name = ssl_names[idx].name;
142 *cnt = ssl_names[idx].cmd_count;
143 return ssl_names[idx].cmds;
144 }
145
146 /*
147 * Search for the named set of commands given in |name|. On success return the
148 * index for the command set in |*idx|.
149 * Returns 1 on success or 0 on failure.
150 */
151 int conf_ssl_name_find(const char *name, size_t *idx)
152 {
153 size_t i;
154 const struct ssl_conf_name_st *nm;
155
156 if (name == NULL)
157 return 0;
158 for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
159 if (strcmp(nm->name, name) == 0) {
160 *idx = i;
161 return 1;
162 }
163 }
164 return 0;
165 }
166
167 /*
168 * Given a command set |cmd|, return details on the command at index |idx| which
169 * must be less than the number of commands in the set (as returned by
170 * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
171 * argument is returned in |*arg|.
172 */
173 void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
174 char **arg)
175 {
176 *cmdstr = cmd[idx].cmd;
177 *arg = cmd[idx].arg;
178 }
179
180 void conf_add_ssl_module(void)
181 {
182 CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
183 }
A mirror of the official openssl repository