1 /* 2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include <openssl/conf.h> 12 #include <openssl/ssl.h> 13 #include "ssl_local.h" 14 #include "internal/sslconf.h" 15 16 /* SSL library configuration module. */ 17 18 void SSL_add_ssl_module(void) 19 { 20 /* Do nothing. This will be added automatically by libcrypto */ 21 } 22 23 static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) 24 { 25 SSL_CONF_CTX *cctx = NULL; 26 size_t i, idx, cmd_count; 27 int rv = 0; 28 unsigned int flags; 29 const SSL_METHOD *meth; 30 const SSL_CONF_CMD *cmds; 31 OSSL_LIB_CTX *prev_libctx = NULL; 32 OSSL_LIB_CTX *libctx = NULL; 33 34 if (s == NULL && ctx == NULL) { 35 ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 36 goto err; 37 } 38 39 if (name == NULL && system) 40 name = "system_default"; 41 if (!conf_ssl_name_find(name, &idx)) { 42 if (!system) 43 ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME, 44 "name=%s", name); 45 goto err; 46 } 47 cmds = conf_ssl_get(idx, &name, &cmd_count); 48 cctx = SSL_CONF_CTX_new(); 49 if (cctx == NULL) 50 goto err; 51 flags = SSL_CONF_FLAG_FILE; 52 if (!system) 53 flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; 54 if (s != NULL) { 55 meth = s->method; 56 SSL_CONF_CTX_set_ssl(cctx, s); 57 libctx = s->ctx->libctx; 58 } else { 59 meth = ctx->method; 60 SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); 61 libctx = ctx->libctx; 62 } 63 if (meth->ssl_accept != ssl_undefined_function) 64 flags |= SSL_CONF_FLAG_SERVER; 65 if (meth->ssl_connect != ssl_undefined_function) 66 flags |= SSL_CONF_FLAG_CLIENT; 67 SSL_CONF_CTX_set_flags(cctx, flags); 68 prev_libctx = OSSL_LIB_CTX_set0_default(libctx); 69 for (i = 0; i < cmd_count; i++) { 70 char *cmdstr, *arg; 71 72 conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); 73 rv = SSL_CONF_cmd(cctx, cmdstr, arg); 74 if (rv <= 0) { 75 int errcode = rv == -2 ? SSL_R_UNKNOWN_COMMAND : SSL_R_BAD_VALUE; 76 77 ERR_raise_data(ERR_LIB_SSL, errcode, 78 "section=%s, cmd=%s, arg=%s", name, cmdstr, arg); 79 goto err; 80 } 81 } 82 rv = SSL_CONF_CTX_finish(cctx); 83 err: 84 OSSL_LIB_CTX_set0_default(prev_libctx); 85 SSL_CONF_CTX_free(cctx); 86 return rv <= 0 ? 0 : 1; 87 } 88 89 int SSL_config(SSL *s, const char *name) 90 { 91 return ssl_do_config(s, NULL, name, 0); 92 } 93 94 int SSL_CTX_config(SSL_CTX *ctx, const char *name) 95 { 96 return ssl_do_config(NULL, ctx, name, 0); 97 } 98 99 void ssl_ctx_system_config(SSL_CTX *ctx) 100 { 101 ssl_do_config(NULL, ctx, NULL, 1); 102 } 103