1e71b7053SJung-uk Kim /* 2*b077aed3SPierre Pronchery * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 3e71b7053SJung-uk Kim * 4*b077aed3SPierre Pronchery * Licensed under the Apache License 2.0 (the "License"). You may not use 5e71b7053SJung-uk Kim * this file except in compliance with the License. You can obtain a copy 6e71b7053SJung-uk Kim * in the file LICENSE in the source distribution or at 7e71b7053SJung-uk Kim * https://www.openssl.org/source/license.html 8e71b7053SJung-uk Kim */ 9e71b7053SJung-uk Kim 10e71b7053SJung-uk Kim #include <stdio.h> 11e71b7053SJung-uk Kim #include <openssl/conf.h> 12e71b7053SJung-uk Kim #include <openssl/ssl.h> 1317f01e99SJung-uk Kim #include "ssl_local.h" 14e71b7053SJung-uk Kim #include "internal/sslconf.h" 15e71b7053SJung-uk Kim 16e71b7053SJung-uk Kim /* SSL library configuration module. */ 17e71b7053SJung-uk Kim 18e71b7053SJung-uk Kim void SSL_add_ssl_module(void) 19e71b7053SJung-uk Kim { 20e71b7053SJung-uk Kim /* Do nothing. This will be added automatically by libcrypto */ 21e71b7053SJung-uk Kim } 22e71b7053SJung-uk Kim 23e71b7053SJung-uk Kim static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) 24e71b7053SJung-uk Kim { 25e71b7053SJung-uk Kim SSL_CONF_CTX *cctx = NULL; 26e71b7053SJung-uk Kim size_t i, idx, cmd_count; 27e71b7053SJung-uk Kim int rv = 0; 28e71b7053SJung-uk Kim unsigned int flags; 29e71b7053SJung-uk Kim const SSL_METHOD *meth; 30e71b7053SJung-uk Kim const SSL_CONF_CMD *cmds; 31*b077aed3SPierre Pronchery OSSL_LIB_CTX *prev_libctx = NULL; 32*b077aed3SPierre Pronchery OSSL_LIB_CTX *libctx = NULL; 33e71b7053SJung-uk Kim 34e71b7053SJung-uk Kim if (s == NULL && ctx == NULL) { 35*b077aed3SPierre Pronchery ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 36e71b7053SJung-uk Kim goto err; 37e71b7053SJung-uk Kim } 38e71b7053SJung-uk Kim 39e71b7053SJung-uk Kim if (name == NULL && system) 40e71b7053SJung-uk Kim name = "system_default"; 41e71b7053SJung-uk Kim if (!conf_ssl_name_find(name, &idx)) { 42*b077aed3SPierre Pronchery if (!system) 43*b077aed3SPierre Pronchery ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME, 44*b077aed3SPierre Pronchery "name=%s", name); 45e71b7053SJung-uk Kim goto err; 46e71b7053SJung-uk Kim } 47e71b7053SJung-uk Kim cmds = conf_ssl_get(idx, &name, &cmd_count); 48e71b7053SJung-uk Kim cctx = SSL_CONF_CTX_new(); 49e71b7053SJung-uk Kim if (cctx == NULL) 50e71b7053SJung-uk Kim goto err; 51e71b7053SJung-uk Kim flags = SSL_CONF_FLAG_FILE; 52e71b7053SJung-uk Kim if (!system) 53e71b7053SJung-uk Kim flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; 54e71b7053SJung-uk Kim if (s != NULL) { 55e71b7053SJung-uk Kim meth = s->method; 56e71b7053SJung-uk Kim SSL_CONF_CTX_set_ssl(cctx, s); 57*b077aed3SPierre Pronchery libctx = s->ctx->libctx; 58e71b7053SJung-uk Kim } else { 59e71b7053SJung-uk Kim meth = ctx->method; 60e71b7053SJung-uk Kim SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 61*b077aed3SPierre Pronchery libctx = ctx->libctx; 62e71b7053SJung-uk Kim } 63e71b7053SJung-uk Kim if (meth->ssl_accept != ssl_undefined_function) 64e71b7053SJung-uk Kim flags |= SSL_CONF_FLAG_SERVER; 65e71b7053SJung-uk Kim if (meth->ssl_connect != ssl_undefined_function) 66e71b7053SJung-uk Kim flags |= SSL_CONF_FLAG_CLIENT; 67e71b7053SJung-uk Kim SSL_CONF_CTX_set_flags(cctx, flags); 68*b077aed3SPierre Pronchery prev_libctx = OSSL_LIB_CTX_set0_default(libctx); 69e71b7053SJung-uk Kim for (i = 0; i < cmd_count; i++) { 70e71b7053SJung-uk Kim char *cmdstr, *arg; 71e71b7053SJung-uk Kim 72e71b7053SJung-uk Kim conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); 73e71b7053SJung-uk Kim rv = SSL_CONF_cmd(cctx, cmdstr, arg); 74e71b7053SJung-uk Kim if (rv <= 0) { 75*b077aed3SPierre Pronchery int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE; 76*b077aed3SPierre Pronchery 77*b077aed3SPierre Pronchery ERR_raise_data(ERR_LIB_SSL, errcode, 78*b077aed3SPierre Pronchery "section=%s, cmd=%s, arg=%s", name, cmdstr, arg); 79e71b7053SJung-uk Kim goto err; 80e71b7053SJung-uk Kim } 81e71b7053SJung-uk Kim } 82e71b7053SJung-uk Kim rv = SSL_CONF_CTX_finish(cctx); 83e71b7053SJung-uk Kim err: 84*b077aed3SPierre Pronchery OSSL_LIB_CTX_set0_default(prev_libctx); 85e71b7053SJung-uk Kim SSL_CONF_CTX_free(cctx); 86e71b7053SJung-uk Kim return rv <= 0 ? 0 : 1; 87e71b7053SJung-uk Kim } 88e71b7053SJung-uk Kim 89e71b7053SJung-uk Kim int SSL_config(SSL *s, const char *name) 90e71b7053SJung-uk Kim { 91e71b7053SJung-uk Kim return ssl_do_config(s, NULL, name, 0); 92e71b7053SJung-uk Kim } 93e71b7053SJung-uk Kim 94e71b7053SJung-uk Kim int SSL_CTX_config(SSL_CTX *ctx, const char *name) 95e71b7053SJung-uk Kim { 96e71b7053SJung-uk Kim return ssl_do_config(NULL, ctx, name, 0); 97e71b7053SJung-uk Kim } 98e71b7053SJung-uk Kim 99e71b7053SJung-uk Kim void ssl_ctx_system_config(SSL_CTX *ctx) 100e71b7053SJung-uk Kim { 101e71b7053SJung-uk Kim ssl_do_config(NULL, ctx, NULL, 1); 102e71b7053SJung-uk Kim } 103