xref: /freebsd/crypto/openssl/ssl/ssl_mcnf.c (revision 6580f5c38dd5b01aeeaed16b370f1a12423437f0) 
1 /*
2  * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <openssl/conf.h>
12 #include <openssl/ssl.h>
13 #include "ssl_local.h"
14 #include "internal/sslconf.h"
15 
16 /* SSL library configuration module. */
17 
18 void SSL_add_ssl_module(void)
19 {
20     /* Do nothing. This will be added automatically by libcrypto */
21 }
22 
23 static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system)
24 {
25     SSL_CONF_CTX *cctx = NULL;
26     size_t i, idx, cmd_count;
27     int err = 1;
28     unsigned int flags;
29     const SSL_METHOD *meth;
30     const SSL_CONF_CMD *cmds;
31     OSSL_LIB_CTX *prev_libctx = NULL;
32     OSSL_LIB_CTX *libctx = NULL;
33 
34     if (s == NULL && ctx == NULL) {
35         ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER);
36         goto err;
37     }
38 
39     if (name == NULL && system)
40         name = "system_default";
41     if (!conf_ssl_name_find(name, &idx)) {
42         if (!system)
43             ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME,
44                            "name=%s", name);
45         goto err;
46     }
47     cmds = conf_ssl_get(idx, &name, &cmd_count);
48     cctx = SSL_CONF_CTX_new();
49     if (cctx == NULL)
50         goto err;
51     flags = SSL_CONF_FLAG_FILE;
52     if (!system)
53         flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE;
54     if (s != NULL) {
55         meth = s->method;
56         SSL_CONF_CTX_set_ssl(cctx, s);
57         libctx = s->ctx->libctx;
58     } else {
59         meth = ctx->method;
60         SSL_CONF_CTX_set_ssl_ctx(cctx, ctx);
61         libctx = ctx->libctx;
62     }
63     if (meth->ssl_accept != ssl_undefined_function)
64         flags |= SSL_CONF_FLAG_SERVER;
65     if (meth->ssl_connect != ssl_undefined_function)
66         flags |= SSL_CONF_FLAG_CLIENT;
67     SSL_CONF_CTX_set_flags(cctx, flags);
68     prev_libctx = OSSL_LIB_CTX_set0_default(libctx);
69     err = 0;
70     for (i = 0; i < cmd_count; i++) {
71         char *cmdstr, *arg;
72         int rv;
73 
74         conf_ssl_get_cmd(cmds, i, &cmdstr, &arg);
75         rv = SSL_CONF_cmd(cctx, cmdstr, arg);
76         if (rv <= 0)
77             ++err;
78     }
79     if (!SSL_CONF_CTX_finish(cctx))
80         ++err;
81  err:
82     OSSL_LIB_CTX_set0_default(prev_libctx);
83     SSL_CONF_CTX_free(cctx);
84     return err == 0;
85 }
86 
87 int SSL_config(SSL *s, const char *name)
88 {
89     return ssl_do_config(s, NULL, name, 0);
90 }
91 
92 int SSL_CTX_config(SSL_CTX *ctx, const char *name)
93 {
94     return ssl_do_config(NULL, ctx, name, 0);
95 }
96 
97 void ssl_ctx_system_config(SSL_CTX *ctx)
98 {
99     ssl_do_config(NULL, ctx, NULL, 1);
100 }
101