2 * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/conf.h>
13 #include <openssl/err.h>
14 #include "internal/sslconf.h"
18 * SSL library configuration module placeholder. We load it here but defer
19 * all decisions about its contents to libssl.
22 struct ssl_conf_name_st
{
23 /* Name of this set of commands */
25 /* List of commands */
27 /* Number of commands */
31 struct ssl_conf_cmd_st
{
38 static struct ssl_conf_name_st
*ssl_names
;
39 static size_t ssl_names_count
;
41 static void ssl_module_free(CONF_IMODULE
*md
)
44 if (ssl_names
== NULL
)
46 for (i
= 0; i
< ssl_names_count
; i
++) {
47 struct ssl_conf_name_st
*tname
= ssl_names
+ i
;
49 OPENSSL_free(tname
->name
);
50 for (j
= 0; j
< tname
->cmd_count
; j
++) {
51 OPENSSL_free(tname
->cmds
[j
].cmd
);
52 OPENSSL_free(tname
->cmds
[j
].arg
);
54 OPENSSL_free(tname
->cmds
);
56 OPENSSL_free(ssl_names
);
61 static int ssl_module_init(CONF_IMODULE
*md
, const CONF
*cnf
)
65 const char *ssl_conf_section
;
66 STACK_OF(CONF_VALUE
) *cmd_lists
;
68 ssl_conf_section
= CONF_imodule_get_value(md
);
69 cmd_lists
= NCONF_get_section(cnf
, ssl_conf_section
);
70 if (sk_CONF_VALUE_num(cmd_lists
) <= 0) {
71 if (cmd_lists
== NULL
)
72 CONFerr(CONF_F_SSL_MODULE_INIT
, CONF_R_SSL_SECTION_NOT_FOUND
);
74 CONFerr(CONF_F_SSL_MODULE_INIT
, CONF_R_SSL_SECTION_EMPTY
);
75 ERR_add_error_data(2, "section=", ssl_conf_section
);
78 cnt
= sk_CONF_VALUE_num(cmd_lists
);
80 ssl_names
= OPENSSL_zalloc(sizeof(*ssl_names
) * cnt
);
81 if (ssl_names
== NULL
)
83 ssl_names_count
= cnt
;
84 for (i
= 0; i
< ssl_names_count
; i
++) {
85 struct ssl_conf_name_st
*ssl_name
= ssl_names
+ i
;
86 CONF_VALUE
*sect
= sk_CONF_VALUE_value(cmd_lists
, (int)i
);
87 STACK_OF(CONF_VALUE
) *cmds
= NCONF_get_section(cnf
, sect
->value
);
89 if (sk_CONF_VALUE_num(cmds
) <= 0) {
91 CONFerr(CONF_F_SSL_MODULE_INIT
,
92 CONF_R_SSL_COMMAND_SECTION_NOT_FOUND
);
94 CONFerr(CONF_F_SSL_MODULE_INIT
,
95 CONF_R_SSL_COMMAND_SECTION_EMPTY
);
96 ERR_add_error_data(4, "name=", sect
->name
, ", value=", sect
->value
);
99 ssl_name
->name
= OPENSSL_strdup(sect
->name
);
100 if (ssl_name
->name
== NULL
)
102 cnt
= sk_CONF_VALUE_num(cmds
);
103 ssl_name
->cmds
= OPENSSL_zalloc(cnt
* sizeof(struct ssl_conf_cmd_st
));
104 if (ssl_name
->cmds
== NULL
)
106 ssl_name
->cmd_count
= cnt
;
107 for (j
= 0; j
< cnt
; j
++) {
109 CONF_VALUE
*cmd_conf
= sk_CONF_VALUE_value(cmds
, (int)j
);
110 struct ssl_conf_cmd_st
*cmd
= ssl_name
->cmds
+ j
;
112 /* Skip any initial dot in name */
113 name
= strchr(cmd_conf
->name
, '.');
117 name
= cmd_conf
->name
;
118 cmd
->cmd
= OPENSSL_strdup(name
);
119 cmd
->arg
= OPENSSL_strdup(cmd_conf
->value
);
120 if (cmd
->cmd
== NULL
|| cmd
->arg
== NULL
)
133 * Returns the set of commands with index |idx| previously searched for via
134 * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
135 * and the number of commands in the set in |*cnt|.
137 const SSL_CONF_CMD
*conf_ssl_get(size_t idx
, const char **name
, size_t *cnt
)
139 *name
= ssl_names
[idx
].name
;
140 *cnt
= ssl_names
[idx
].cmd_count
;
141 return ssl_names
[idx
].cmds
;
145 * Search for the named set of commands given in |name|. On success return the
146 * index for the command set in |*idx|.
147 * Returns 1 on success or 0 on failure.
149 int conf_ssl_name_find(const char *name
, size_t *idx
)
152 const struct ssl_conf_name_st
*nm
;
156 for (i
= 0, nm
= ssl_names
; i
< ssl_names_count
; i
++, nm
++) {
157 if (strcmp(nm
->name
, name
) == 0) {
166 * Given a command set |cmd|, return details on the command at index |idx| which
167 * must be less than the number of commands in the set (as returned by
168 * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
169 * argument is returned in |*arg|.
171 void conf_ssl_get_cmd(const SSL_CONF_CMD
*cmd
, size_t idx
, char **cmdstr
,
174 *cmdstr
= cmd
[idx
].cmd
;
178 void conf_add_ssl_module(void)
180 CONF_module_add("ssl_conf", ssl_module_init
, ssl_module_free
);