conf_ssl.c 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183
  1. /*
  2. * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include <openssl/conf.h>
  12. #include <openssl/err.h>
  13. #include "internal/sslconf.h"
  14. #include "conf_local.h"
  15. DEFINE_STACK_OF(CONF_VALUE)
  16. /*
  17. * SSL library configuration module placeholder. We load it here but defer
  18. * all decisions about its contents to libssl.
  19. */
  20. struct ssl_conf_name_st {
  21. /* Name of this set of commands */
  22. char *name;
  23. /* List of commands */
  24. SSL_CONF_CMD *cmds;
  25. /* Number of commands */
  26. size_t cmd_count;
  27. };
  28. struct ssl_conf_cmd_st {
  29. /* Command */
  30. char *cmd;
  31. /* Argument */
  32. char *arg;
  33. };
  34. static struct ssl_conf_name_st *ssl_names;
  35. static size_t ssl_names_count;
  36. static void ssl_module_free(CONF_IMODULE *md)
  37. {
  38. size_t i, j;
  39. if (ssl_names == NULL)
  40. return;
  41. for (i = 0; i < ssl_names_count; i++) {
  42. struct ssl_conf_name_st *tname = ssl_names + i;
  43. OPENSSL_free(tname->name);
  44. for (j = 0; j < tname->cmd_count; j++) {
  45. OPENSSL_free(tname->cmds[j].cmd);
  46. OPENSSL_free(tname->cmds[j].arg);
  47. }
  48. OPENSSL_free(tname->cmds);
  49. }
  50. OPENSSL_free(ssl_names);
  51. ssl_names = NULL;
  52. ssl_names_count = 0;
  53. }
  54. static int ssl_module_init(CONF_IMODULE *md, const CONF *cnf)
  55. {
  56. size_t i, j, cnt;
  57. int rv = 0;
  58. const char *ssl_conf_section;
  59. STACK_OF(CONF_VALUE) *cmd_lists;
  60. ssl_conf_section = CONF_imodule_get_value(md);
  61. cmd_lists = NCONF_get_section(cnf, ssl_conf_section);
  62. if (sk_CONF_VALUE_num(cmd_lists) <= 0) {
  63. if (cmd_lists == NULL)
  64. CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_NOT_FOUND);
  65. else
  66. CONFerr(CONF_F_SSL_MODULE_INIT, CONF_R_SSL_SECTION_EMPTY);
  67. ERR_add_error_data(2, "section=", ssl_conf_section);
  68. goto err;
  69. }
  70. cnt = sk_CONF_VALUE_num(cmd_lists);
  71. ssl_module_free(md);
  72. ssl_names = OPENSSL_zalloc(sizeof(*ssl_names) * cnt);
  73. if (ssl_names == NULL)
  74. goto err;
  75. ssl_names_count = cnt;
  76. for (i = 0; i < ssl_names_count; i++) {
  77. struct ssl_conf_name_st *ssl_name = ssl_names + i;
  78. CONF_VALUE *sect = sk_CONF_VALUE_value(cmd_lists, (int)i);
  79. STACK_OF(CONF_VALUE) *cmds = NCONF_get_section(cnf, sect->value);
  80. if (sk_CONF_VALUE_num(cmds) <= 0) {
  81. if (cmds == NULL)
  82. CONFerr(CONF_F_SSL_MODULE_INIT,
  83. CONF_R_SSL_COMMAND_SECTION_NOT_FOUND);
  84. else
  85. CONFerr(CONF_F_SSL_MODULE_INIT,
  86. CONF_R_SSL_COMMAND_SECTION_EMPTY);
  87. ERR_add_error_data(4, "name=", sect->name, ", value=", sect->value);
  88. goto err;
  89. }
  90. ssl_name->name = OPENSSL_strdup(sect->name);
  91. if (ssl_name->name == NULL)
  92. goto err;
  93. cnt = sk_CONF_VALUE_num(cmds);
  94. ssl_name->cmds = OPENSSL_zalloc(cnt * sizeof(struct ssl_conf_cmd_st));
  95. if (ssl_name->cmds == NULL)
  96. goto err;
  97. ssl_name->cmd_count = cnt;
  98. for (j = 0; j < cnt; j++) {
  99. const char *name;
  100. CONF_VALUE *cmd_conf = sk_CONF_VALUE_value(cmds, (int)j);
  101. struct ssl_conf_cmd_st *cmd = ssl_name->cmds + j;
  102. /* Skip any initial dot in name */
  103. name = strchr(cmd_conf->name, '.');
  104. if (name != NULL)
  105. name++;
  106. else
  107. name = cmd_conf->name;
  108. cmd->cmd = OPENSSL_strdup(name);
  109. cmd->arg = OPENSSL_strdup(cmd_conf->value);
  110. if (cmd->cmd == NULL || cmd->arg == NULL)
  111. goto err;
  112. }
  113. }
  114. rv = 1;
  115. err:
  116. if (rv == 0)
  117. ssl_module_free(md);
  118. return rv;
  119. }
  120. /*
  121. * Returns the set of commands with index |idx| previously searched for via
  122. * conf_ssl_name_find. Also stores the name of the set of commands in |*name|
  123. * and the number of commands in the set in |*cnt|.
  124. */
  125. const SSL_CONF_CMD *conf_ssl_get(size_t idx, const char **name, size_t *cnt)
  126. {
  127. *name = ssl_names[idx].name;
  128. *cnt = ssl_names[idx].cmd_count;
  129. return ssl_names[idx].cmds;
  130. }
  131. /*
  132. * Search for the named set of commands given in |name|. On success return the
  133. * index for the command set in |*idx|.
  134. * Returns 1 on success or 0 on failure.
  135. */
  136. int conf_ssl_name_find(const char *name, size_t *idx)
  137. {
  138. size_t i;
  139. const struct ssl_conf_name_st *nm;
  140. if (name == NULL)
  141. return 0;
  142. for (i = 0, nm = ssl_names; i < ssl_names_count; i++, nm++) {
  143. if (strcmp(nm->name, name) == 0) {
  144. *idx = i;
  145. return 1;
  146. }
  147. }
  148. return 0;
  149. }
  150. /*
  151. * Given a command set |cmd|, return details on the command at index |idx| which
  152. * must be less than the number of commands in the set (as returned by
  153. * conf_ssl_get). The name of the command will be returned in |*cmdstr| and the
  154. * argument is returned in |*arg|.
  155. */
  156. void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
  157. char **arg)
  158. {
  159. *cmdstr = cmd[idx].cmd;
  160. *arg = cmd[idx].arg;
  161. }
  162. void conf_add_ssl_module(void)
  163. {
  164. CONF_module_add("ssl_conf", ssl_module_init, ssl_module_free);
  165. }