xref: /freebsd/crypto/openssl/ssl/ssl_conf.c (revision 66fd12cf4896eb08ad8e7a2627537f84ead84dd3)
1 /*
2  * Copyright 2012-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include "ssl_local.h"
12 #include <openssl/conf.h>
13 #include <openssl/objects.h>
14 #include <openssl/decoder.h>
15 #include <openssl/core_dispatch.h>
16 #include "internal/nelem.h"
17 
18 /*
19  * structure holding name tables. This is used for permitted elements in lists
20  * such as TLSv1.
21  */
22 
23 typedef struct {
24     const char *name;
25     int namelen;
26     unsigned int name_flags;
27     uint64_t option_value;
28 } ssl_flag_tbl;
29 
30 /* Switch table: use for single command line switches like no_tls2 */
31 typedef struct {
32     uint64_t option_value;
33     unsigned int name_flags;
34 } ssl_switch_tbl;
35 
36 /* Sense of name is inverted e.g. "TLSv1" will clear SSL_OP_NO_TLSv1 */
37 #define SSL_TFLAG_INV   0x1
38 /* Mask for type of flag referred to */
39 #define SSL_TFLAG_TYPE_MASK 0xf00
40 /* Flag is for options */
41 #define SSL_TFLAG_OPTION    0x000
42 /* Flag is for cert_flags */
43 #define SSL_TFLAG_CERT      0x100
44 /* Flag is for verify mode */
45 #define SSL_TFLAG_VFY       0x200
46 /* Option can only be used for clients */
47 #define SSL_TFLAG_CLIENT SSL_CONF_FLAG_CLIENT
48 /* Option can only be used for servers */
49 #define SSL_TFLAG_SERVER SSL_CONF_FLAG_SERVER
50 #define SSL_TFLAG_BOTH (SSL_TFLAG_CLIENT|SSL_TFLAG_SERVER)
51 
52 #define SSL_FLAG_TBL(str, flag) \
53         {str, (int)(sizeof(str) - 1), SSL_TFLAG_BOTH, flag}
54 #define SSL_FLAG_TBL_SRV(str, flag) \
55         {str, (int)(sizeof(str) - 1), SSL_TFLAG_SERVER, flag}
56 #define SSL_FLAG_TBL_CLI(str, flag) \
57         {str, (int)(sizeof(str) - 1), SSL_TFLAG_CLIENT, flag}
58 #define SSL_FLAG_TBL_INV(str, flag) \
59         {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_BOTH, flag}
60 #define SSL_FLAG_TBL_SRV_INV(str, flag) \
61         {str, (int)(sizeof(str) - 1), SSL_TFLAG_INV|SSL_TFLAG_SERVER, flag}
62 #define SSL_FLAG_TBL_CERT(str, flag) \
63         {str, (int)(sizeof(str) - 1), SSL_TFLAG_CERT|SSL_TFLAG_BOTH, flag}
64 
65 #define SSL_FLAG_VFY_CLI(str, flag) \
66         {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_CLIENT, flag}
67 #define SSL_FLAG_VFY_SRV(str, flag) \
68         {str, (int)(sizeof(str) - 1), SSL_TFLAG_VFY | SSL_TFLAG_SERVER, flag}
69 
70 /*
71  * Opaque structure containing SSL configuration context.
72  */
73 
74 struct ssl_conf_ctx_st {
75     /*
76      * Various flags indicating (among other things) which options we will
77      * recognise.
78      */
79     unsigned int flags;
80     /* Prefix and length of commands */
81     char *prefix;
82     size_t prefixlen;
83     /* SSL_CTX or SSL structure to perform operations on */
84     SSL_CTX *ctx;
85     SSL *ssl;
86     /* Pointer to SSL or SSL_CTX options field or NULL if none */
87     uint64_t *poptions;
88     /* Certificate filenames for each type */
89     char *cert_filename[SSL_PKEY_NUM];
90     /* Pointer to SSL or SSL_CTX cert_flags or NULL if none */
91     uint32_t *pcert_flags;
92     /* Pointer to SSL or SSL_CTX verify_mode or NULL if none */
93     uint32_t *pvfy_flags;
94     /* Pointer to SSL or SSL_CTX min_version field or NULL if none */
95     int *min_version;
96     /* Pointer to SSL or SSL_CTX max_version field or NULL if none */
97     int *max_version;
98     /* Current flag table being worked on */
99     const ssl_flag_tbl *tbl;
100     /* Size of table */
101     size_t ntbl;
102     /* Client CA names */
103     STACK_OF(X509_NAME) *canames;
104 };
105 
106 static void ssl_set_option(SSL_CONF_CTX *cctx, unsigned int name_flags,
107                            uint64_t option_value, int onoff)
108 {
109     uint32_t *pflags;
110 
111     if (cctx->poptions == NULL)
112         return;
113     if (name_flags & SSL_TFLAG_INV)
114         onoff ^= 1;
115     switch (name_flags & SSL_TFLAG_TYPE_MASK) {
116 
117     case SSL_TFLAG_CERT:
118         pflags = cctx->pcert_flags;
119         break;
120 
121     case SSL_TFLAG_VFY:
122         pflags = cctx->pvfy_flags;
123         break;
124 
125     case SSL_TFLAG_OPTION:
126         if (onoff)
127             *cctx->poptions |= option_value;
128         else
129             *cctx->poptions &= ~option_value;
130         return;
131 
132     default:
133         return;
134 
135     }
136     if (onoff)
137         *pflags |= option_value;
138     else
139         *pflags &= ~option_value;
140 }
141 
142 static int ssl_match_option(SSL_CONF_CTX *cctx, const ssl_flag_tbl *tbl,
143                             const char *name, int namelen, int onoff)
144 {
145     /* If name not relevant for context skip */
146     if (!(cctx->flags & tbl->name_flags & SSL_TFLAG_BOTH))
147         return 0;
148     if (namelen == -1) {
149         if (strcmp(tbl->name, name))
150             return 0;
151     } else if (tbl->namelen != namelen
152                || OPENSSL_strncasecmp(tbl->name, name, namelen))
153         return 0;
154     ssl_set_option(cctx, tbl->name_flags, tbl->option_value, onoff);
155     return 1;
156 }
157 
158 static int ssl_set_option_list(const char *elem, int len, void *usr)
159 {
160     SSL_CONF_CTX *cctx = usr;
161     size_t i;
162     const ssl_flag_tbl *tbl;
163     int onoff = 1;
164     /*
165      * len == -1 indicates not being called in list context, just for single
166      * command line switches, so don't allow +, -.
167      */
168     if (elem == NULL)
169         return 0;
170     if (len != -1) {
171         if (*elem == '+') {
172             elem++;
173             len--;
174             onoff = 1;
175         } else if (*elem == '-') {
176             elem++;
177             len--;
178             onoff = 0;
179         }
180     }
181     for (i = 0, tbl = cctx->tbl; i < cctx->ntbl; i++, tbl++) {
182         if (ssl_match_option(cctx, tbl, elem, len, onoff))
183             return 1;
184     }
185     return 0;
186 }
187 
188 /* Set supported signature algorithms */
189 static int cmd_SignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
190 {
191     int rv;
192     if (cctx->ssl)
193         rv = SSL_set1_sigalgs_list(cctx->ssl, value);
194     /* NB: ctx == NULL performs syntax checking only */
195     else
196         rv = SSL_CTX_set1_sigalgs_list(cctx->ctx, value);
197     return rv > 0;
198 }
199 
200 /* Set supported client signature algorithms */
201 static int cmd_ClientSignatureAlgorithms(SSL_CONF_CTX *cctx, const char *value)
202 {
203     int rv;
204     if (cctx->ssl)
205         rv = SSL_set1_client_sigalgs_list(cctx->ssl, value);
206     /* NB: ctx == NULL performs syntax checking only */
207     else
208         rv = SSL_CTX_set1_client_sigalgs_list(cctx->ctx, value);
209     return rv > 0;
210 }
211 
212 static int cmd_Groups(SSL_CONF_CTX *cctx, const char *value)
213 {
214     int rv;
215     if (cctx->ssl)
216         rv = SSL_set1_groups_list(cctx->ssl, value);
217     /* NB: ctx == NULL performs syntax checking only */
218     else
219         rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
220     return rv > 0;
221 }
222 
223 /* This is the old name for cmd_Groups - retained for backwards compatibility */
224 static int cmd_Curves(SSL_CONF_CTX *cctx, const char *value)
225 {
226     return cmd_Groups(cctx, value);
227 }
228 
229 /* ECDH temporary parameters */
230 static int cmd_ECDHParameters(SSL_CONF_CTX *cctx, const char *value)
231 {
232     int rv = 1;
233 
234     /* Ignore values supported by 1.0.2 for the automatic selection */
235     if ((cctx->flags & SSL_CONF_FLAG_FILE)
236             && (OPENSSL_strcasecmp(value, "+automatic") == 0
237                 || OPENSSL_strcasecmp(value, "automatic") == 0))
238         return 1;
239     if ((cctx->flags & SSL_CONF_FLAG_CMDLINE) &&
240         strcmp(value, "auto") == 0)
241         return 1;
242 
243     /* ECDHParameters accepts a single group name */
244     if (strstr(value, ":") != NULL)
245         return 0;
246 
247     if (cctx->ctx)
248         rv = SSL_CTX_set1_groups_list(cctx->ctx, value);
249     else if (cctx->ssl)
250         rv = SSL_set1_groups_list(cctx->ssl, value);
251 
252     return rv > 0;
253 }
254 
255 static int cmd_CipherString(SSL_CONF_CTX *cctx, const char *value)
256 {
257     int rv = 1;
258 
259     if (cctx->ctx)
260         rv = SSL_CTX_set_cipher_list(cctx->ctx, value);
261     if (cctx->ssl)
262         rv = SSL_set_cipher_list(cctx->ssl, value);
263     return rv > 0;
264 }
265 
266 static int cmd_Ciphersuites(SSL_CONF_CTX *cctx, const char *value)
267 {
268     int rv = 1;
269 
270     if (cctx->ctx)
271         rv = SSL_CTX_set_ciphersuites(cctx->ctx, value);
272     if (cctx->ssl)
273         rv = SSL_set_ciphersuites(cctx->ssl, value);
274     return rv > 0;
275 }
276 
277 static int cmd_Protocol(SSL_CONF_CTX *cctx, const char *value)
278 {
279     static const ssl_flag_tbl ssl_protocol_list[] = {
280         SSL_FLAG_TBL_INV("ALL", SSL_OP_NO_SSL_MASK),
281         SSL_FLAG_TBL_INV("SSLv2", SSL_OP_NO_SSLv2),
282         SSL_FLAG_TBL_INV("SSLv3", SSL_OP_NO_SSLv3),
283         SSL_FLAG_TBL_INV("TLSv1", SSL_OP_NO_TLSv1),
284         SSL_FLAG_TBL_INV("TLSv1.1", SSL_OP_NO_TLSv1_1),
285         SSL_FLAG_TBL_INV("TLSv1.2", SSL_OP_NO_TLSv1_2),
286         SSL_FLAG_TBL_INV("TLSv1.3", SSL_OP_NO_TLSv1_3),
287         SSL_FLAG_TBL_INV("DTLSv1", SSL_OP_NO_DTLSv1),
288         SSL_FLAG_TBL_INV("DTLSv1.2", SSL_OP_NO_DTLSv1_2)
289     };
290     cctx->tbl = ssl_protocol_list;
291     cctx->ntbl = OSSL_NELEM(ssl_protocol_list);
292     return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
293 }
294 
295 /*
296  * protocol_from_string - converts a protocol version string to a number
297  *
298  * Returns -1 on failure or the version on success
299  */
300 static int protocol_from_string(const char *value)
301 {
302     struct protocol_versions {
303         const char *name;
304         int version;
305     };
306     /*
307      * Note: To avoid breaking previously valid configurations, we must retain
308      * legacy entries in this table even if the underlying protocol is no
309      * longer supported.  This also means that the constants SSL3_VERSION, ...
310      * need to be retained indefinitely.  This table can only grow, never
311      * shrink.
312      */
313     static const struct protocol_versions versions[] = {
314         {"None", 0},
315         {"SSLv3", SSL3_VERSION},
316         {"TLSv1", TLS1_VERSION},
317         {"TLSv1.1", TLS1_1_VERSION},
318         {"TLSv1.2", TLS1_2_VERSION},
319         {"TLSv1.3", TLS1_3_VERSION},
320         {"DTLSv1", DTLS1_VERSION},
321         {"DTLSv1.2", DTLS1_2_VERSION}
322     };
323     size_t i;
324     size_t n = OSSL_NELEM(versions);
325 
326     for (i = 0; i < n; i++)
327         if (strcmp(versions[i].name, value) == 0)
328             return versions[i].version;
329     return -1;
330 }
331 
332 static int min_max_proto(SSL_CONF_CTX *cctx, const char *value, int *bound)
333 {
334     int method_version;
335     int new_version;
336 
337     if (cctx->ctx != NULL)
338         method_version = cctx->ctx->method->version;
339     else if (cctx->ssl != NULL)
340         method_version = cctx->ssl->ctx->method->version;
341     else
342         return 0;
343     if ((new_version = protocol_from_string(value)) < 0)
344         return 0;
345     return ssl_set_version_bound(method_version, new_version, bound);
346 }
347 
348 /*
349  * cmd_MinProtocol - Set min protocol version
350  * @cctx: config structure to save settings in
351  * @value: The min protocol version in string form
352  *
353  * Returns 1 on success and 0 on failure.
354  */
355 static int cmd_MinProtocol(SSL_CONF_CTX *cctx, const char *value)
356 {
357     return min_max_proto(cctx, value, cctx->min_version);
358 }
359 
360 /*
361  * cmd_MaxProtocol - Set max protocol version
362  * @cctx: config structure to save settings in
363  * @value: The max protocol version in string form
364  *
365  * Returns 1 on success and 0 on failure.
366  */
367 static int cmd_MaxProtocol(SSL_CONF_CTX *cctx, const char *value)
368 {
369     return min_max_proto(cctx, value, cctx->max_version);
370 }
371 
372 static int cmd_Options(SSL_CONF_CTX *cctx, const char *value)
373 {
374     static const ssl_flag_tbl ssl_option_list[] = {
375         SSL_FLAG_TBL_INV("SessionTicket", SSL_OP_NO_TICKET),
376         SSL_FLAG_TBL_INV("EmptyFragments",
377                          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS),
378         SSL_FLAG_TBL("Bugs", SSL_OP_ALL),
379         SSL_FLAG_TBL_INV("Compression", SSL_OP_NO_COMPRESSION),
380         SSL_FLAG_TBL_SRV("ServerPreference", SSL_OP_CIPHER_SERVER_PREFERENCE),
381         SSL_FLAG_TBL_SRV("NoResumptionOnRenegotiation",
382                          SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION),
383         SSL_FLAG_TBL_SRV("DHSingle", SSL_OP_SINGLE_DH_USE),
384         SSL_FLAG_TBL_SRV("ECDHSingle", SSL_OP_SINGLE_ECDH_USE),
385         SSL_FLAG_TBL("UnsafeLegacyRenegotiation",
386                      SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION),
387         SSL_FLAG_TBL("UnsafeLegacyServerConnect",
388                      SSL_OP_LEGACY_SERVER_CONNECT),
389         SSL_FLAG_TBL("ClientRenegotiation",
390                      SSL_OP_ALLOW_CLIENT_RENEGOTIATION),
391         SSL_FLAG_TBL_INV("EncryptThenMac", SSL_OP_NO_ENCRYPT_THEN_MAC),
392         SSL_FLAG_TBL("NoRenegotiation", SSL_OP_NO_RENEGOTIATION),
393         SSL_FLAG_TBL("AllowNoDHEKEX", SSL_OP_ALLOW_NO_DHE_KEX),
394         SSL_FLAG_TBL("PrioritizeChaCha", SSL_OP_PRIORITIZE_CHACHA),
395         SSL_FLAG_TBL("MiddleboxCompat", SSL_OP_ENABLE_MIDDLEBOX_COMPAT),
396         SSL_FLAG_TBL_INV("AntiReplay", SSL_OP_NO_ANTI_REPLAY),
397         SSL_FLAG_TBL_INV("ExtendedMasterSecret", SSL_OP_NO_EXTENDED_MASTER_SECRET),
398         SSL_FLAG_TBL_INV("CANames", SSL_OP_DISABLE_TLSEXT_CA_NAMES),
399         SSL_FLAG_TBL("KTLS", SSL_OP_ENABLE_KTLS)
400     };
401     if (value == NULL)
402         return -3;
403     cctx->tbl = ssl_option_list;
404     cctx->ntbl = OSSL_NELEM(ssl_option_list);
405     return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
406 }
407 
408 static int cmd_VerifyMode(SSL_CONF_CTX *cctx, const char *value)
409 {
410     static const ssl_flag_tbl ssl_vfy_list[] = {
411         SSL_FLAG_VFY_CLI("Peer", SSL_VERIFY_PEER),
412         SSL_FLAG_VFY_SRV("Request", SSL_VERIFY_PEER),
413         SSL_FLAG_VFY_SRV("Require",
414                          SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
415         SSL_FLAG_VFY_SRV("Once", SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE),
416         SSL_FLAG_VFY_SRV("RequestPostHandshake",
417                          SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE),
418         SSL_FLAG_VFY_SRV("RequirePostHandshake",
419                          SSL_VERIFY_PEER | SSL_VERIFY_POST_HANDSHAKE |
420                          SSL_VERIFY_FAIL_IF_NO_PEER_CERT),
421     };
422     if (value == NULL)
423         return -3;
424     cctx->tbl = ssl_vfy_list;
425     cctx->ntbl = OSSL_NELEM(ssl_vfy_list);
426     return CONF_parse_list(value, ',', 1, ssl_set_option_list, cctx);
427 }
428 
429 static int cmd_Certificate(SSL_CONF_CTX *cctx, const char *value)
430 {
431     int rv = 1;
432     CERT *c = NULL;
433     if (cctx->ctx) {
434         rv = SSL_CTX_use_certificate_chain_file(cctx->ctx, value);
435         c = cctx->ctx->cert;
436     }
437     if (cctx->ssl) {
438         rv = SSL_use_certificate_chain_file(cctx->ssl, value);
439         c = cctx->ssl->cert;
440     }
441     if (rv > 0 && c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
442         char **pfilename = &cctx->cert_filename[c->key - c->pkeys];
443         OPENSSL_free(*pfilename);
444         *pfilename = OPENSSL_strdup(value);
445         if (*pfilename == NULL)
446             rv = 0;
447     }
448 
449     return rv > 0;
450 }
451 
452 static int cmd_PrivateKey(SSL_CONF_CTX *cctx, const char *value)
453 {
454     int rv = 1;
455     if (!(cctx->flags & SSL_CONF_FLAG_CERTIFICATE))
456         return -2;
457     if (cctx->ctx)
458         rv = SSL_CTX_use_PrivateKey_file(cctx->ctx, value, SSL_FILETYPE_PEM);
459     if (cctx->ssl)
460         rv = SSL_use_PrivateKey_file(cctx->ssl, value, SSL_FILETYPE_PEM);
461     return rv > 0;
462 }
463 
464 static int cmd_ServerInfoFile(SSL_CONF_CTX *cctx, const char *value)
465 {
466     int rv = 1;
467     if (cctx->ctx)
468         rv = SSL_CTX_use_serverinfo_file(cctx->ctx, value);
469     return rv > 0;
470 }
471 
472 static int do_store(SSL_CONF_CTX *cctx,
473                     const char *CAfile, const char *CApath, const char *CAstore,
474                     int verify_store)
475 {
476     CERT *cert;
477     X509_STORE **st;
478     SSL_CTX *ctx;
479     OSSL_LIB_CTX *libctx = NULL;
480     const char *propq = NULL;
481 
482     if (cctx->ctx != NULL) {
483         cert = cctx->ctx->cert;
484         ctx = cctx->ctx;
485     } else if (cctx->ssl != NULL) {
486         cert = cctx->ssl->cert;
487         ctx = cctx->ssl->ctx;
488     } else {
489         return 1;
490     }
491     if (ctx != NULL) {
492         libctx = ctx->libctx;
493         propq = ctx->propq;
494     }
495     st = verify_store ? &cert->verify_store : &cert->chain_store;
496     if (*st == NULL) {
497         *st = X509_STORE_new();
498         if (*st == NULL)
499             return 0;
500     }
501 
502     if (CAfile != NULL && !X509_STORE_load_file_ex(*st, CAfile, libctx, propq))
503         return 0;
504     if (CApath != NULL && !X509_STORE_load_path(*st, CApath))
505         return 0;
506     if (CAstore != NULL && !X509_STORE_load_store_ex(*st, CAstore, libctx,
507                                                      propq))
508         return 0;
509     return 1;
510 }
511 
512 static int cmd_ChainCAPath(SSL_CONF_CTX *cctx, const char *value)
513 {
514     return do_store(cctx, NULL, value, NULL, 0);
515 }
516 
517 static int cmd_ChainCAFile(SSL_CONF_CTX *cctx, const char *value)
518 {
519     return do_store(cctx, value, NULL, NULL, 0);
520 }
521 
522 static int cmd_ChainCAStore(SSL_CONF_CTX *cctx, const char *value)
523 {
524     return do_store(cctx, NULL, NULL, value, 0);
525 }
526 
527 static int cmd_VerifyCAPath(SSL_CONF_CTX *cctx, const char *value)
528 {
529     return do_store(cctx, NULL, value, NULL, 1);
530 }
531 
532 static int cmd_VerifyCAFile(SSL_CONF_CTX *cctx, const char *value)
533 {
534     return do_store(cctx, value, NULL, NULL, 1);
535 }
536 
537 static int cmd_VerifyCAStore(SSL_CONF_CTX *cctx, const char *value)
538 {
539     return do_store(cctx, NULL, NULL, value, 1);
540 }
541 
542 static int cmd_RequestCAFile(SSL_CONF_CTX *cctx, const char *value)
543 {
544     if (cctx->canames == NULL)
545         cctx->canames = sk_X509_NAME_new_null();
546     if (cctx->canames == NULL)
547         return 0;
548     return SSL_add_file_cert_subjects_to_stack(cctx->canames, value);
549 }
550 
551 static int cmd_ClientCAFile(SSL_CONF_CTX *cctx, const char *value)
552 {
553     return cmd_RequestCAFile(cctx, value);
554 }
555 
556 static int cmd_RequestCAPath(SSL_CONF_CTX *cctx, const char *value)
557 {
558     if (cctx->canames == NULL)
559         cctx->canames = sk_X509_NAME_new_null();
560     if (cctx->canames == NULL)
561         return 0;
562     return SSL_add_dir_cert_subjects_to_stack(cctx->canames, value);
563 }
564 
565 static int cmd_ClientCAPath(SSL_CONF_CTX *cctx, const char *value)
566 {
567     return cmd_RequestCAPath(cctx, value);
568 }
569 
570 static int cmd_RequestCAStore(SSL_CONF_CTX *cctx, const char *value)
571 {
572     if (cctx->canames == NULL)
573         cctx->canames = sk_X509_NAME_new_null();
574     if (cctx->canames == NULL)
575         return 0;
576     return SSL_add_store_cert_subjects_to_stack(cctx->canames, value);
577 }
578 
579 static int cmd_ClientCAStore(SSL_CONF_CTX *cctx, const char *value)
580 {
581     return cmd_RequestCAStore(cctx, value);
582 }
583 
584 static int cmd_DHParameters(SSL_CONF_CTX *cctx, const char *value)
585 {
586     int rv = 0;
587     EVP_PKEY *dhpkey = NULL;
588     BIO *in = NULL;
589     SSL_CTX *sslctx = (cctx->ssl != NULL) ? cctx->ssl->ctx : cctx->ctx;
590     OSSL_DECODER_CTX *decoderctx = NULL;
591 
592     if (cctx->ctx != NULL || cctx->ssl != NULL) {
593         in = BIO_new(BIO_s_file());
594         if (in == NULL)
595             goto end;
596         if (BIO_read_filename(in, value) <= 0)
597             goto end;
598 
599         decoderctx
600             = OSSL_DECODER_CTX_new_for_pkey(&dhpkey, "PEM", NULL, "DH",
601                                             OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS,
602                                             sslctx->libctx, sslctx->propq);
603         if (decoderctx == NULL)
604             goto end;
605         ERR_set_mark();
606         while (!OSSL_DECODER_from_bio(decoderctx, in)
607                && dhpkey == NULL
608                && !BIO_eof(in));
609         OSSL_DECODER_CTX_free(decoderctx);
610 
611         if (dhpkey == NULL) {
612             ERR_clear_last_mark();
613             goto end;
614         }
615         ERR_pop_to_mark();
616     } else {
617         return 1;
618     }
619 
620     if (cctx->ctx != NULL) {
621         if ((rv = SSL_CTX_set0_tmp_dh_pkey(cctx->ctx, dhpkey)) > 0)
622             dhpkey = NULL;
623     }
624     if (cctx->ssl != NULL) {
625         if ((rv = SSL_set0_tmp_dh_pkey(cctx->ssl, dhpkey)) > 0)
626             dhpkey = NULL;
627     }
628  end:
629     EVP_PKEY_free(dhpkey);
630     BIO_free(in);
631     return rv > 0;
632 }
633 
634 static int cmd_RecordPadding(SSL_CONF_CTX *cctx, const char *value)
635 {
636     int rv = 0;
637     int block_size = atoi(value);
638 
639     /*
640      * All we care about is a non-negative value,
641      * the setters check the range
642      */
643     if (block_size >= 0) {
644         if (cctx->ctx)
645             rv = SSL_CTX_set_block_padding(cctx->ctx, block_size);
646         if (cctx->ssl)
647             rv = SSL_set_block_padding(cctx->ssl, block_size);
648     }
649     return rv;
650 }
651 
652 
653 static int cmd_NumTickets(SSL_CONF_CTX *cctx, const char *value)
654 {
655     int rv = 0;
656     int num_tickets = atoi(value);
657 
658     if (num_tickets >= 0) {
659         if (cctx->ctx)
660             rv = SSL_CTX_set_num_tickets(cctx->ctx, num_tickets);
661         if (cctx->ssl)
662             rv = SSL_set_num_tickets(cctx->ssl, num_tickets);
663     }
664     return rv;
665 }
666 
667 typedef struct {
668     int (*cmd) (SSL_CONF_CTX *cctx, const char *value);
669     const char *str_file;
670     const char *str_cmdline;
671     unsigned short flags;
672     unsigned short value_type;
673 } ssl_conf_cmd_tbl;
674 
675 /* Table of supported parameters */
676 
677 #define SSL_CONF_CMD(name, cmdopt, flags, type) \
678         {cmd_##name, #name, cmdopt, flags, type}
679 
680 #define SSL_CONF_CMD_STRING(name, cmdopt, flags) \
681         SSL_CONF_CMD(name, cmdopt, flags, SSL_CONF_TYPE_STRING)
682 
683 #define SSL_CONF_CMD_SWITCH(name, flags) \
684         {0, NULL, name, flags, SSL_CONF_TYPE_NONE}
685 
686 /* See apps/include/opt.h if you change this table. */
687 /* The SSL_CONF_CMD_SWITCH should be the same order as ssl_cmd_switches */
688 static const ssl_conf_cmd_tbl ssl_conf_cmds[] = {
689     SSL_CONF_CMD_SWITCH("no_ssl3", 0),
690     SSL_CONF_CMD_SWITCH("no_tls1", 0),
691     SSL_CONF_CMD_SWITCH("no_tls1_1", 0),
692     SSL_CONF_CMD_SWITCH("no_tls1_2", 0),
693     SSL_CONF_CMD_SWITCH("no_tls1_3", 0),
694     SSL_CONF_CMD_SWITCH("bugs", 0),
695     SSL_CONF_CMD_SWITCH("no_comp", 0),
696     SSL_CONF_CMD_SWITCH("comp", 0),
697     SSL_CONF_CMD_SWITCH("ecdh_single", SSL_CONF_FLAG_SERVER),
698     SSL_CONF_CMD_SWITCH("no_ticket", 0),
699     SSL_CONF_CMD_SWITCH("serverpref", SSL_CONF_FLAG_SERVER),
700     SSL_CONF_CMD_SWITCH("legacy_renegotiation", 0),
701     SSL_CONF_CMD_SWITCH("client_renegotiation", SSL_CONF_FLAG_SERVER),
702     SSL_CONF_CMD_SWITCH("legacy_server_connect", SSL_CONF_FLAG_CLIENT),
703     SSL_CONF_CMD_SWITCH("no_renegotiation", 0),
704     SSL_CONF_CMD_SWITCH("no_resumption_on_reneg", SSL_CONF_FLAG_SERVER),
705     SSL_CONF_CMD_SWITCH("no_legacy_server_connect", SSL_CONF_FLAG_CLIENT),
706     SSL_CONF_CMD_SWITCH("allow_no_dhe_kex", 0),
707     SSL_CONF_CMD_SWITCH("prioritize_chacha", SSL_CONF_FLAG_SERVER),
708     SSL_CONF_CMD_SWITCH("strict", 0),
709     SSL_CONF_CMD_SWITCH("no_middlebox", 0),
710     SSL_CONF_CMD_SWITCH("anti_replay", SSL_CONF_FLAG_SERVER),
711     SSL_CONF_CMD_SWITCH("no_anti_replay", SSL_CONF_FLAG_SERVER),
712     SSL_CONF_CMD_SWITCH("no_etm", 0),
713     SSL_CONF_CMD_STRING(SignatureAlgorithms, "sigalgs", 0),
714     SSL_CONF_CMD_STRING(ClientSignatureAlgorithms, "client_sigalgs", 0),
715     SSL_CONF_CMD_STRING(Curves, "curves", 0),
716     SSL_CONF_CMD_STRING(Groups, "groups", 0),
717     SSL_CONF_CMD_STRING(ECDHParameters, "named_curve", SSL_CONF_FLAG_SERVER),
718     SSL_CONF_CMD_STRING(CipherString, "cipher", 0),
719     SSL_CONF_CMD_STRING(Ciphersuites, "ciphersuites", 0),
720     SSL_CONF_CMD_STRING(Protocol, NULL, 0),
721     SSL_CONF_CMD_STRING(MinProtocol, "min_protocol", 0),
722     SSL_CONF_CMD_STRING(MaxProtocol, "max_protocol", 0),
723     SSL_CONF_CMD_STRING(Options, NULL, 0),
724     SSL_CONF_CMD_STRING(VerifyMode, NULL, 0),
725     SSL_CONF_CMD(Certificate, "cert", SSL_CONF_FLAG_CERTIFICATE,
726                  SSL_CONF_TYPE_FILE),
727     SSL_CONF_CMD(PrivateKey, "key", SSL_CONF_FLAG_CERTIFICATE,
728                  SSL_CONF_TYPE_FILE),
729     SSL_CONF_CMD(ServerInfoFile, NULL,
730                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
731                  SSL_CONF_TYPE_FILE),
732     SSL_CONF_CMD(ChainCAPath, "chainCApath", SSL_CONF_FLAG_CERTIFICATE,
733                  SSL_CONF_TYPE_DIR),
734     SSL_CONF_CMD(ChainCAFile, "chainCAfile", SSL_CONF_FLAG_CERTIFICATE,
735                  SSL_CONF_TYPE_FILE),
736     SSL_CONF_CMD(ChainCAStore, "chainCAstore", SSL_CONF_FLAG_CERTIFICATE,
737                  SSL_CONF_TYPE_STORE),
738     SSL_CONF_CMD(VerifyCAPath, "verifyCApath", SSL_CONF_FLAG_CERTIFICATE,
739                  SSL_CONF_TYPE_DIR),
740     SSL_CONF_CMD(VerifyCAFile, "verifyCAfile", SSL_CONF_FLAG_CERTIFICATE,
741                  SSL_CONF_TYPE_FILE),
742     SSL_CONF_CMD(VerifyCAStore, "verifyCAstore", SSL_CONF_FLAG_CERTIFICATE,
743                  SSL_CONF_TYPE_STORE),
744     SSL_CONF_CMD(RequestCAFile, "requestCAFile", SSL_CONF_FLAG_CERTIFICATE,
745                  SSL_CONF_TYPE_FILE),
746     SSL_CONF_CMD(ClientCAFile, NULL,
747                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
748                  SSL_CONF_TYPE_FILE),
749     SSL_CONF_CMD(RequestCAPath, NULL, SSL_CONF_FLAG_CERTIFICATE,
750                  SSL_CONF_TYPE_DIR),
751     SSL_CONF_CMD(ClientCAPath, NULL,
752                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
753                  SSL_CONF_TYPE_DIR),
754     SSL_CONF_CMD(RequestCAStore, "requestCAStore", SSL_CONF_FLAG_CERTIFICATE,
755                  SSL_CONF_TYPE_STORE),
756     SSL_CONF_CMD(ClientCAStore, NULL,
757                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
758                  SSL_CONF_TYPE_STORE),
759     SSL_CONF_CMD(DHParameters, "dhparam",
760                  SSL_CONF_FLAG_SERVER | SSL_CONF_FLAG_CERTIFICATE,
761                  SSL_CONF_TYPE_FILE),
762     SSL_CONF_CMD_STRING(RecordPadding, "record_padding", 0),
763     SSL_CONF_CMD_STRING(NumTickets, "num_tickets", SSL_CONF_FLAG_SERVER),
764 };
765 
766 /* Supported switches: must match order of switches in ssl_conf_cmds */
767 static const ssl_switch_tbl ssl_cmd_switches[] = {
768     {SSL_OP_NO_SSLv3, 0},       /* no_ssl3 */
769     {SSL_OP_NO_TLSv1, 0},       /* no_tls1 */
770     {SSL_OP_NO_TLSv1_1, 0},     /* no_tls1_1 */
771     {SSL_OP_NO_TLSv1_2, 0},     /* no_tls1_2 */
772     {SSL_OP_NO_TLSv1_3, 0},     /* no_tls1_3 */
773     {SSL_OP_ALL, 0},            /* bugs */
774     {SSL_OP_NO_COMPRESSION, 0}, /* no_comp */
775     {SSL_OP_NO_COMPRESSION, SSL_TFLAG_INV}, /* comp */
776     {SSL_OP_SINGLE_ECDH_USE, 0}, /* ecdh_single */
777     {SSL_OP_NO_TICKET, 0},      /* no_ticket */
778     {SSL_OP_CIPHER_SERVER_PREFERENCE, 0}, /* serverpref */
779     /* legacy_renegotiation */
780     {SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION, 0},
781     /* Allow client renegotiation */
782     {SSL_OP_ALLOW_CLIENT_RENEGOTIATION, 0},
783     /* legacy_server_connect */
784     {SSL_OP_LEGACY_SERVER_CONNECT, 0},
785     /* no_renegotiation */
786     {SSL_OP_NO_RENEGOTIATION, 0},
787     /* no_resumption_on_reneg */
788     {SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION, 0},
789     /* no_legacy_server_connect */
790     {SSL_OP_LEGACY_SERVER_CONNECT, SSL_TFLAG_INV},
791     /* allow_no_dhe_kex */
792     {SSL_OP_ALLOW_NO_DHE_KEX, 0},
793     /* chacha reprioritization */
794     {SSL_OP_PRIORITIZE_CHACHA, 0},
795     {SSL_CERT_FLAG_TLS_STRICT, SSL_TFLAG_CERT}, /* strict */
796     /* no_middlebox */
797     {SSL_OP_ENABLE_MIDDLEBOX_COMPAT, SSL_TFLAG_INV},
798     /* anti_replay */
799     {SSL_OP_NO_ANTI_REPLAY, SSL_TFLAG_INV},
800     /* no_anti_replay */
801     {SSL_OP_NO_ANTI_REPLAY, 0},
802     /* no Encrypt-then-Mac */
803     {SSL_OP_NO_ENCRYPT_THEN_MAC, 0},
804 };
805 
806 static int ssl_conf_cmd_skip_prefix(SSL_CONF_CTX *cctx, const char **pcmd)
807 {
808     if (pcmd == NULL || *pcmd == NULL)
809         return 0;
810     /* If a prefix is set, check and skip */
811     if (cctx->prefix) {
812         if (strlen(*pcmd) <= cctx->prefixlen)
813             return 0;
814         if (cctx->flags & SSL_CONF_FLAG_CMDLINE &&
815             strncmp(*pcmd, cctx->prefix, cctx->prefixlen))
816             return 0;
817         if (cctx->flags & SSL_CONF_FLAG_FILE &&
818             OPENSSL_strncasecmp(*pcmd, cctx->prefix, cctx->prefixlen))
819             return 0;
820         *pcmd += cctx->prefixlen;
821     } else if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
822         if (**pcmd != '-' || !(*pcmd)[1])
823             return 0;
824         *pcmd += 1;
825     }
826     return 1;
827 }
828 
829 /* Determine if a command is allowed according to cctx flags */
830 static int ssl_conf_cmd_allowed(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * t)
831 {
832     unsigned int tfl = t->flags;
833     unsigned int cfl = cctx->flags;
834     if ((tfl & SSL_CONF_FLAG_SERVER) && !(cfl & SSL_CONF_FLAG_SERVER))
835         return 0;
836     if ((tfl & SSL_CONF_FLAG_CLIENT) && !(cfl & SSL_CONF_FLAG_CLIENT))
837         return 0;
838     if ((tfl & SSL_CONF_FLAG_CERTIFICATE)
839         && !(cfl & SSL_CONF_FLAG_CERTIFICATE))
840         return 0;
841     return 1;
842 }
843 
844 static const ssl_conf_cmd_tbl *ssl_conf_cmd_lookup(SSL_CONF_CTX *cctx,
845                                                    const char *cmd)
846 {
847     const ssl_conf_cmd_tbl *t;
848     size_t i;
849     if (cmd == NULL)
850         return NULL;
851 
852     /* Look for matching parameter name in table */
853     for (i = 0, t = ssl_conf_cmds; i < OSSL_NELEM(ssl_conf_cmds); i++, t++) {
854         if (ssl_conf_cmd_allowed(cctx, t)) {
855             if (cctx->flags & SSL_CONF_FLAG_CMDLINE) {
856                 if (t->str_cmdline && strcmp(t->str_cmdline, cmd) == 0)
857                     return t;
858             }
859             if (cctx->flags & SSL_CONF_FLAG_FILE) {
860                 if (t->str_file && OPENSSL_strcasecmp(t->str_file, cmd) == 0)
861                     return t;
862             }
863         }
864     }
865     return NULL;
866 }
867 
868 static int ctrl_switch_option(SSL_CONF_CTX *cctx, const ssl_conf_cmd_tbl * cmd)
869 {
870     /* Find index of command in table */
871     size_t idx = cmd - ssl_conf_cmds;
872     const ssl_switch_tbl *scmd;
873     /* Sanity check index */
874     if (idx >= OSSL_NELEM(ssl_cmd_switches))
875         return 0;
876     /* Obtain switches entry with same index */
877     scmd = ssl_cmd_switches + idx;
878     ssl_set_option(cctx, scmd->name_flags, scmd->option_value, 1);
879     return 1;
880 }
881 
882 int SSL_CONF_cmd(SSL_CONF_CTX *cctx, const char *cmd, const char *value)
883 {
884     const ssl_conf_cmd_tbl *runcmd;
885     if (cmd == NULL) {
886         ERR_raise(ERR_LIB_SSL, SSL_R_INVALID_NULL_CMD_NAME);
887         return 0;
888     }
889 
890     if (!ssl_conf_cmd_skip_prefix(cctx, &cmd))
891         return -2;
892 
893     runcmd = ssl_conf_cmd_lookup(cctx, cmd);
894 
895     if (runcmd) {
896         int rv;
897         if (runcmd->value_type == SSL_CONF_TYPE_NONE) {
898             return ctrl_switch_option(cctx, runcmd);
899         }
900         if (value == NULL)
901             return -3;
902         rv = runcmd->cmd(cctx, value);
903         if (rv > 0)
904             return 2;
905         if (rv == -2)
906             return -2;
907         if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
908             ERR_raise_data(ERR_LIB_SSL, SSL_R_BAD_VALUE,
909                            "cmd=%s, value=%s", cmd, value);
910         return 0;
911     }
912 
913     if (cctx->flags & SSL_CONF_FLAG_SHOW_ERRORS)
914         ERR_raise_data(ERR_LIB_SSL, SSL_R_UNKNOWN_CMD_NAME, "cmd=%s", cmd);
915 
916     return -2;
917 }
918 
919 int SSL_CONF_cmd_argv(SSL_CONF_CTX *cctx, int *pargc, char ***pargv)
920 {
921     int rv;
922     const char *arg = NULL, *argn;
923 
924     if (pargc != NULL && *pargc == 0)
925         return 0;
926     if (pargc == NULL || *pargc > 0)
927         arg = **pargv;
928     if (arg == NULL)
929         return 0;
930     if (pargc == NULL || *pargc > 1)
931         argn = (*pargv)[1];
932     else
933         argn = NULL;
934     cctx->flags &= ~SSL_CONF_FLAG_FILE;
935     cctx->flags |= SSL_CONF_FLAG_CMDLINE;
936     rv = SSL_CONF_cmd(cctx, arg, argn);
937     if (rv > 0) {
938         /* Success: update pargc, pargv */
939         (*pargv) += rv;
940         if (pargc)
941             (*pargc) -= rv;
942         return rv;
943     }
944     /* Unknown switch: indicate no arguments processed */
945     if (rv == -2)
946         return 0;
947     /* Some error occurred processing command, return fatal error */
948     if (rv == 0)
949         return -1;
950     return rv;
951 }
952 
953 int SSL_CONF_cmd_value_type(SSL_CONF_CTX *cctx, const char *cmd)
954 {
955     if (ssl_conf_cmd_skip_prefix(cctx, &cmd)) {
956         const ssl_conf_cmd_tbl *runcmd;
957         runcmd = ssl_conf_cmd_lookup(cctx, cmd);
958         if (runcmd)
959             return runcmd->value_type;
960     }
961     return SSL_CONF_TYPE_UNKNOWN;
962 }
963 
964 SSL_CONF_CTX *SSL_CONF_CTX_new(void)
965 {
966     SSL_CONF_CTX *ret = OPENSSL_zalloc(sizeof(*ret));
967 
968     return ret;
969 }
970 
971 int SSL_CONF_CTX_finish(SSL_CONF_CTX *cctx)
972 {
973     /* See if any certificates are missing private keys */
974     size_t i;
975     CERT *c = NULL;
976     if (cctx->ctx)
977         c = cctx->ctx->cert;
978     else if (cctx->ssl)
979         c = cctx->ssl->cert;
980     if (c && cctx->flags & SSL_CONF_FLAG_REQUIRE_PRIVATE) {
981         for (i = 0; i < SSL_PKEY_NUM; i++) {
982             const char *p = cctx->cert_filename[i];
983             /*
984              * If missing private key try to load one from certificate file
985              */
986             if (p && !c->pkeys[i].privatekey) {
987                 if (!cmd_PrivateKey(cctx, p))
988                     return 0;
989             }
990         }
991     }
992     if (cctx->canames) {
993         if (cctx->ssl)
994             SSL_set0_CA_list(cctx->ssl, cctx->canames);
995         else if (cctx->ctx)
996             SSL_CTX_set0_CA_list(cctx->ctx, cctx->canames);
997         else
998             sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
999         cctx->canames = NULL;
1000     }
1001     return 1;
1002 }
1003 
1004 void SSL_CONF_CTX_free(SSL_CONF_CTX *cctx)
1005 {
1006     if (cctx) {
1007         size_t i;
1008         for (i = 0; i < SSL_PKEY_NUM; i++)
1009             OPENSSL_free(cctx->cert_filename[i]);
1010         OPENSSL_free(cctx->prefix);
1011         sk_X509_NAME_pop_free(cctx->canames, X509_NAME_free);
1012         OPENSSL_free(cctx);
1013     }
1014 }
1015 
1016 unsigned int SSL_CONF_CTX_set_flags(SSL_CONF_CTX *cctx, unsigned int flags)
1017 {
1018     cctx->flags |= flags;
1019     return cctx->flags;
1020 }
1021 
1022 unsigned int SSL_CONF_CTX_clear_flags(SSL_CONF_CTX *cctx, unsigned int flags)
1023 {
1024     cctx->flags &= ~flags;
1025     return cctx->flags;
1026 }
1027 
1028 int SSL_CONF_CTX_set1_prefix(SSL_CONF_CTX *cctx, const char *pre)
1029 {
1030     char *tmp = NULL;
1031     if (pre) {
1032         tmp = OPENSSL_strdup(pre);
1033         if (tmp == NULL)
1034             return 0;
1035     }
1036     OPENSSL_free(cctx->prefix);
1037     cctx->prefix = tmp;
1038     if (tmp)
1039         cctx->prefixlen = strlen(tmp);
1040     else
1041         cctx->prefixlen = 0;
1042     return 1;
1043 }
1044 
1045 void SSL_CONF_CTX_set_ssl(SSL_CONF_CTX *cctx, SSL *ssl)
1046 {
1047     cctx->ssl = ssl;
1048     cctx->ctx = NULL;
1049     if (ssl) {
1050         cctx->poptions = &ssl->options;
1051         cctx->min_version = &ssl->min_proto_version;
1052         cctx->max_version = &ssl->max_proto_version;
1053         cctx->pcert_flags = &ssl->cert->cert_flags;
1054         cctx->pvfy_flags = &ssl->verify_mode;
1055     } else {
1056         cctx->poptions = NULL;
1057         cctx->min_version = NULL;
1058         cctx->max_version = NULL;
1059         cctx->pcert_flags = NULL;
1060         cctx->pvfy_flags = NULL;
1061     }
1062 }
1063 
1064 void SSL_CONF_CTX_set_ssl_ctx(SSL_CONF_CTX *cctx, SSL_CTX *ctx)
1065 {
1066     cctx->ctx = ctx;
1067     cctx->ssl = NULL;
1068     if (ctx) {
1069         cctx->poptions = &ctx->options;
1070         cctx->min_version = &ctx->min_proto_version;
1071         cctx->max_version = &ctx->max_proto_version;
1072         cctx->pcert_flags = &ctx->cert->cert_flags;
1073         cctx->pvfy_flags = &ctx->verify_mode;
1074     } else {
1075         cctx->poptions = NULL;
1076         cctx->min_version = NULL;
1077         cctx->max_version = NULL;
1078         cctx->pcert_flags = NULL;
1079         cctx->pvfy_flags = NULL;
1080     }
1081 }
1082