xref: /freebsd/crypto/openssl/ssl/ssl_mcnf.c (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6) 
1e71b7053SJung-uk Kim /*
2b077aed3SPierre Pronchery  * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3e71b7053SJung-uk Kim  *
4b077aed3SPierre Pronchery  * Licensed under the Apache License 2.0 (the "License").  You may not use
5e71b7053SJung-uk Kim  * this file except in compliance with the License.  You can obtain a copy
6e71b7053SJung-uk Kim  * in the file LICENSE in the source distribution or at
7e71b7053SJung-uk Kim  * https://www.openssl.org/source/license.html
8e71b7053SJung-uk Kim  */
9e71b7053SJung-uk Kim 
10e71b7053SJung-uk Kim #include <stdio.h>
11e71b7053SJung-uk Kim #include <openssl/conf.h>
12e71b7053SJung-uk Kim #include <openssl/ssl.h>
1317f01e99SJung-uk Kim #include "ssl_local.h"
14e71b7053SJung-uk Kim #include "internal/sslconf.h"
15e71b7053SJung-uk Kim 
16e71b7053SJung-uk Kim /* SSL library configuration module. */
17e71b7053SJung-uk Kim 
SSL_add_ssl_module(void)18e71b7053SJung-uk Kim void SSL_add_ssl_module(void)
19e71b7053SJung-uk Kim {
20e71b7053SJung-uk Kim     /* Do nothing. This will be added automatically by libcrypto */
21e71b7053SJung-uk Kim }
22e71b7053SJung-uk Kim 
ssl_do_config(SSL * s,SSL_CTX * ctx,const char * name,int system)23e71b7053SJung-uk Kim static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
24e71b7053SJung-uk Kim {
25e71b7053SJung-uk Kim     SSL_CONF_CTX *cctx = NULL;
26e71b7053SJung-uk Kim     size_t i, idx, cmd_count;
27*e0c4386eSCy Schubert     int err = 1;
28e71b7053SJung-uk Kim     unsigned int flags;
29e71b7053SJung-uk Kim     const SSL_METHOD *meth;
30e71b7053SJung-uk Kim     const SSL_CONF_CMD *cmds;
31b077aed3SPierre Pronchery     OSSL_LIB_CTX *prev_libctx = NULL;
32b077aed3SPierre Pronchery     OSSL_LIB_CTX *libctx = NULL;
33e71b7053SJung-uk Kim 
34e71b7053SJung-uk Kim     if (s == NULL && ctx == NULL) {
35b077aed3SPierre Pronchery         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
36e71b7053SJung-uk Kim         goto err;
37e71b7053SJung-uk Kim     }
38e71b7053SJung-uk Kim 
39e71b7053SJung-uk Kim     if (name == NULL && system)
40e71b7053SJung-uk Kim         name = "system_default";
41e71b7053SJung-uk Kim     if (!conf_ssl_name_find(name, &idx)) {
42b077aed3SPierre Pronchery         if (!system)
43b077aed3SPierre Pronchery             ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME,
44b077aed3SPierre Pronchery                            "name=%s", name);
45e71b7053SJung-uk Kim         goto err;
46e71b7053SJung-uk Kim     }
47e71b7053SJung-uk Kim     cmds = conf_ssl_get(idx, &name, &cmd_count);
48e71b7053SJung-uk Kim     cctx = SSL_CONF_CTX_new();
49e71b7053SJung-uk Kim     if (cctx == NULL)
50e71b7053SJung-uk Kim         goto err;
51e71b7053SJung-uk Kim     flags = SSL_CONF_FLAG_FILE;
52e71b7053SJung-uk Kim     if (!system)
53e71b7053SJung-uk Kim         flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
54e71b7053SJung-uk Kim     if (s != NULL) {
55e71b7053SJung-uk Kim         meth = s->method;
56e71b7053SJung-uk Kim         SSL_CONF_CTX_set_ssl(cctx, s);
57b077aed3SPierre Pronchery         libctx = s->ctx->libctx;
58e71b7053SJung-uk Kim     } else {
59e71b7053SJung-uk Kim         meth = ctx->method;
60e71b7053SJung-uk Kim         SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
61b077aed3SPierre Pronchery         libctx = ctx->libctx;
62e71b7053SJung-uk Kim     }
63e71b7053SJung-uk Kim     if (meth->ssl_accept != ssl_undefined_function)
64e71b7053SJung-uk Kim         flags |= SSL_CONF_FLAG_SERVER;
65e71b7053SJung-uk Kim     if (meth->ssl_connect != ssl_undefined_function)
66e71b7053SJung-uk Kim         flags |= SSL_CONF_FLAG_CLIENT;
67e71b7053SJung-uk Kim     SSL_CONF_CTX_set_flags(cctx, flags);
68b077aed3SPierre Pronchery     prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
69*e0c4386eSCy Schubert     err = 0;
70e71b7053SJung-uk Kim     for (i = 0; i < cmd_count; i++) {
71e71b7053SJung-uk Kim         char *cmdstr, *arg;
72*e0c4386eSCy Schubert         int rv;
73e71b7053SJung-uk Kim 
74e71b7053SJung-uk Kim         conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
75e71b7053SJung-uk Kim         rv = SSL_CONF_cmd(cctx, cmdstr, arg);
76*e0c4386eSCy Schubert         if (rv <= 0)
77*e0c4386eSCy Schubert             ++err;
78e71b7053SJung-uk Kim     }
79*e0c4386eSCy Schubert     if (!SSL_CONF_CTX_finish(cctx))
80*e0c4386eSCy Schubert         ++err;
81e71b7053SJung-uk Kim  err:
82b077aed3SPierre Pronchery     OSSL_LIB_CTX_set0_default(prev_libctx);
83e71b7053SJung-uk Kim     SSL_CONF_CTX_free(cctx);
84*e0c4386eSCy Schubert     return err == 0;
85e71b7053SJung-uk Kim }
86e71b7053SJung-uk Kim 
SSL_config(SSL * s,const char * name)87e71b7053SJung-uk Kim int SSL_config(SSL *s, const char *name)
88e71b7053SJung-uk Kim {
89e71b7053SJung-uk Kim     return ssl_do_config(s, NULL, name, 0);
90e71b7053SJung-uk Kim }
91e71b7053SJung-uk Kim 
SSL_CTX_config(SSL_CTX * ctx,const char * name)92e71b7053SJung-uk Kim int SSL_CTX_config(SSL_CTX *ctx, const char *name)
93e71b7053SJung-uk Kim {
94e71b7053SJung-uk Kim     return ssl_do_config(NULL, ctx, name, 0);
95e71b7053SJung-uk Kim }
96e71b7053SJung-uk Kim 
ssl_ctx_system_config(SSL_CTX * ctx)97e71b7053SJung-uk Kim void ssl_ctx_system_config(SSL_CTX *ctx)
98e71b7053SJung-uk Kim {
99e71b7053SJung-uk Kim     ssl_do_config(NULL, ctx, NULL, 1);
100e71b7053SJung-uk Kim }
101