123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602 |
- /* conf.c
- *
- * Copyright (C) 2006-2023 wolfSSL Inc.
- *
- * This file is part of wolfSSL.
- *
- * wolfSSL is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * wolfSSL is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
- */
- #ifdef HAVE_CONFIG_H
- #include <config.h>
- #endif
- #include <wolfssl/wolfcrypt/settings.h>
- #if !defined(WOLFSSL_CONF_INCLUDED)
- #ifndef WOLFSSL_IGNORE_FILE_WARN
- #warning conf.c does not need to be compiled separately from ssl.c
- #endif
- #else
- /*******************************************************************************
- * START OF TXT_DB API
- ******************************************************************************/
- #if defined(OPENSSL_ALL) && !defined(NO_BIO)
- /**
- * This function reads a tab delimetered CSV input and returns
- * a populated WOLFSSL_TXT_DB structure.
- * @param in Tab delimetered CSV input
- * @param num Number of fields in each row.
- * @return
- */
- WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
- {
- WOLFSSL_TXT_DB *ret = NULL;
- char *buf = NULL;
- char *bufEnd = NULL;
- char *idx = NULL;
- char* lineEnd = NULL;
- int bufSz;
- int failed = 1;
- /* Space in front of str reserved for field pointers + \0 */
- int fieldsSz = (num + 1) * sizeof(char *);
- WOLFSSL_ENTER("wolfSSL_TXT_DB_read");
- if (!in || num <= 0 || num > WOLFSSL_TXT_DB_MAX_FIELDS) {
- WOLFSSL_MSG("Bad parameter or too many fields");
- return NULL;
- }
- if (!(ret = (WOLFSSL_TXT_DB*)XMALLOC(sizeof(WOLFSSL_TXT_DB), NULL,
- DYNAMIC_TYPE_OPENSSL))) {
- WOLFSSL_MSG("malloc error");
- goto error;
- }
- XMEMSET (ret, 0, sizeof(WOLFSSL_TXT_DB));
- ret->num_fields = num;
- if (!(ret->data = wolfSSL_sk_WOLFSSL_STRING_new())) {
- WOLFSSL_MSG("wolfSSL_sk_WOLFSSL_STRING_new error");
- goto error;
- }
- bufSz = wolfSSL_BIO_get_len(in);
- if (bufSz <= 0 ||
- !(buf = (char*)XMALLOC(bufSz+1, NULL,
- DYNAMIC_TYPE_TMP_BUFFER))) {
- WOLFSSL_MSG("malloc error or no data in BIO");
- goto error;
- }
- if (wolfSSL_BIO_read(in, buf, bufSz) != bufSz) {
- WOLFSSL_MSG("malloc error or no data in BIO");
- goto error;
- }
- buf[bufSz] = '\0';
- idx = buf;
- for (bufEnd = buf + bufSz; idx < bufEnd; idx = lineEnd + 1) {
- char* strBuf = NULL;
- char** fieldPtr = NULL;
- int fieldPtrIdx = 0;
- char* fieldCheckIdx = NULL;
- lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx));
- if (!lineEnd)
- lineEnd = bufEnd;
- if (idx == lineEnd) /* empty line */
- continue;
- if (*idx == '#')
- continue;
- *lineEnd = '\0';
- strBuf = (char*)XMALLOC(fieldsSz + lineEnd - idx + 1, NULL,
- DYNAMIC_TYPE_OPENSSL);
- if (!strBuf) {
- WOLFSSL_MSG("malloc error");
- goto error;
- }
- XMEMCPY(strBuf + fieldsSz, idx, lineEnd - idx + 1); /* + 1 for NULL */
- XMEMSET(strBuf, 0, fieldsSz);
- /* Check for appropriate number of fields */
- fieldPtr = (char**)strBuf;
- fieldCheckIdx = strBuf + fieldsSz;
- fieldPtr[fieldPtrIdx++] = fieldCheckIdx;
- while (*fieldCheckIdx != '\0') {
- /* Handle escaped tabs */
- if (*fieldCheckIdx == '\t' && fieldCheckIdx[-1] != '\\') {
- fieldPtr[fieldPtrIdx++] = fieldCheckIdx + 1;
- *fieldCheckIdx = '\0';
- if (fieldPtrIdx > num) {
- WOLFSSL_MSG("too many fields");
- XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
- goto error;
- }
- }
- fieldCheckIdx++;
- }
- if (fieldPtrIdx != num) {
- WOLFSSL_MSG("wrong number of fields");
- XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
- goto error;
- }
- if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) {
- WOLFSSL_MSG("wolfSSL_sk_push error");
- XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
- goto error;
- }
- }
- failed = 0;
- error:
- if (failed && ret) {
- XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
- ret = NULL;
- }
- if (buf) {
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- }
- return ret;
- }
- long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
- {
- const WOLF_STACK_OF(WOLFSSL_STRING)* data;
- long totalLen = 0;
- char buf[512]; /* Should be more than enough for a single row */
- char* bufEnd = buf + sizeof(buf);
- int sz;
- int i;
- WOLFSSL_ENTER("wolfSSL_TXT_DB_write");
- if (!out || !db || !db->num_fields) {
- WOLFSSL_MSG("Bad parameter");
- return WOLFSSL_FAILURE;
- }
- data = db->data;
- while (data) {
- char** fields = (char**)data->data.string;
- char* idx = buf;
- if (!fields) {
- WOLFSSL_MSG("Missing row");
- return WOLFSSL_FAILURE;
- }
- for (i = 0; i < db->num_fields; i++) {
- const char* fieldValue = fields[i];
- if (!fieldValue) {
- fieldValue = "";
- }
- /* Copy over field escaping tabs */
- while (*fieldValue != '\0') {
- if (idx+1 < bufEnd) {
- if (*fieldValue == '\t')
- *idx++ = '\\';
- *idx++ = *fieldValue++;
- }
- else {
- WOLFSSL_MSG("Data row is too big");
- return WOLFSSL_FAILURE;
- }
- }
- if (idx < bufEnd) {
- *idx++ = '\t';
- }
- else {
- WOLFSSL_MSG("Data row is too big");
- return WOLFSSL_FAILURE;
- }
- }
- idx[-1] = '\n';
- sz = (int)(idx - buf);
- if (wolfSSL_BIO_write(out, buf, sz) != sz) {
- WOLFSSL_MSG("wolfSSL_BIO_write error");
- return WOLFSSL_FAILURE;
- }
- totalLen += sz;
- data = data->next;
- }
- return totalLen;
- }
- int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row)
- {
- WOLFSSL_ENTER("wolfSSL_TXT_DB_insert");
- if (!db || !row || !db->data) {
- WOLFSSL_MSG("Bad parameter");
- return WOLFSSL_FAILURE;
- }
- if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) {
- WOLFSSL_MSG("wolfSSL_sk_push error");
- return WOLFSSL_FAILURE;
- }
- return WOLFSSL_SUCCESS;
- }
- void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db)
- {
- WOLFSSL_ENTER("wolfSSL_TXT_DB_free");
- if (db) {
- if (db->data) {
- wolfSSL_sk_pop_free(db->data, NULL);
- }
- XFREE(db, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field,
- void* qual, wolf_sk_hash_cb hash, wolf_lh_compare_cb cmp)
- {
- WOLFSSL_ENTER("wolfSSL_TXT_DB_create_index");
- (void)qual;
- (void)cmp;
- if (!db || !hash || !cmp || field >= db->num_fields || field < 0) {
- WOLFSSL_MSG("Bad parameter");
- return WOLFSSL_FAILURE;
- }
- db->hash_fn[field] = hash;
- return WOLFSSL_SUCCESS;
- }
- WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, int idx,
- WOLFSSL_STRING *value)
- {
- WOLFSSL_ENTER("wolfSSL_TXT_DB_get_by_index");
- if (!db || !db->data || idx < 0 || idx >= db->num_fields) {
- WOLFSSL_MSG("Bad parameter");
- return NULL;
- }
- if (!db->hash_fn[idx]) {
- WOLFSSL_MSG("Missing hash functions");
- return NULL;
- }
- /* If first data struct has correct hash function
- * then assume others do too */
- if (db->data->hash_fn != db->hash_fn[idx]) {
- /* Set the hash and comp functions */
- WOLF_STACK_OF(WOLFSSL_STRING)* data = db->data;
- while (data) {
- if (data->hash_fn != db->hash_fn[idx]) {
- data->hash_fn = db->hash_fn[idx];
- data->hash = 0;
- }
- data= data->next;
- }
- }
- return (WOLFSSL_STRING*) wolfSSL_lh_retrieve(db->data, value);
- }
- #endif /* OPENSSL_ALL && !NO_BIO */
- /*******************************************************************************
- * END OF TXT_DB API
- ******************************************************************************/
- /*******************************************************************************
- * START OF CONF API
- ******************************************************************************/
- #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
- || defined(HAVE_STUNNEL)
- #ifndef NO_WOLFSSL_STUB
- void wolfSSL_OPENSSL_config(char *config_name)
- {
- (void)config_name;
- WOLFSSL_STUB("OPENSSL_config");
- }
- #endif /* !NO_WOLFSSL_STUB */
- #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_STUNNEL*/
- #if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL)
- /**
- * This is the same hashing algo for WOLFSSL_CONF_VALUE as OpenSSL
- */
- static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
- {
- if (val)
- return (wolfSSL_LH_strhash(val->section) << 2) ^
- wolfSSL_LH_strhash(val->name);
- else
- return 0;
- }
- /* Use SHA[256] for hashing as OpenSSL uses a hash algorithm that is
- * "not as good as MD5, but still good" so using SHA should be more
- * than good enough for this application. The produced hashes don't
- * need to line up between OpenSSL and wolfSSL. The hashes are for
- * internal indexing only */
- unsigned long wolfSSL_LH_strhash(const char *str)
- {
- unsigned long ret = 0;
- int strLen;
- #if !defined(NO_SHA)
- wc_Sha sha;
- byte digest[WC_SHA_DIGEST_SIZE];
- #elif !defined(NO_SHA256)
- wc_Sha256 sha;
- byte digest[WC_SHA256_DIGEST_SIZE];
- #endif
- WOLFSSL_ENTER("wolfSSL_LH_strhash");
- if (!str)
- return 0;
- strLen = (int)XSTRLEN(str);
- #if !defined(NO_SHA)
- if (wc_InitSha_ex(&sha, NULL, 0) != 0) {
- WOLFSSL_MSG("SHA1 Init failed");
- return 0;
- }
- ret = wc_ShaUpdate(&sha, (const byte *)str, (word32)strLen);
- if (ret != 0) {
- WOLFSSL_MSG("SHA1 Update failed");
- } else {
- ret = wc_ShaFinal(&sha, digest);
- if (ret != 0) {
- WOLFSSL_MSG("SHA1 Final failed");
- }
- }
- wc_ShaFree(&sha);
- #elif !defined(NO_SHA256)
- if (wc_InitSha256_ex(&sha, NULL, 0) != 0) {
- WOLFSSL_MSG("SHA256 Init failed");
- return 0;
- }
- ret = wc_Sha256Update(&sha, (const byte *)str, (word32)strLen);
- if (ret != 0) {
- WOLFSSL_MSG("SHA256 Update failed");
- } else {
- ret = wc_Sha256Final(&sha, digest);
- if (ret != 0) {
- WOLFSSL_MSG("SHA256 Final failed");
- }
- }
- wc_Sha256Free(&sha);
- #endif
- #if !defined(NO_SHA) || !defined(NO_SHA256)
- if (ret != 0)
- return 0;
- /* Take first 4 bytes in small endian as unsigned long */
- ret = (unsigned int)digest[0];
- ret |= ((unsigned int)digest[1] << 8 );
- ret |= ((unsigned int)digest[2] << 16);
- ret |= ((unsigned int)digest[3] << 24);
- #else
- WOLFSSL_MSG("No SHA available for wolfSSL_LH_strhash");
- #endif
- return ret;
- }
- WOLFSSL_CONF_VALUE *wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(
- WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *sk, WOLFSSL_CONF_VALUE *data)
- {
- WOLFSSL_ENTER("wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve");
- if (!sk || !data) {
- WOLFSSL_MSG("Bad parameter");
- return NULL;
- }
- return (WOLFSSL_CONF_VALUE*)wolfSSL_lh_retrieve(sk, data);
- }
- int wolfSSL_CONF_modules_load(const WOLFSSL_CONF *cnf, const char *appname,
- unsigned long flags)
- {
- WOLFSSL_ENTER("wolfSSL_CONF_modules_load");
- WOLFSSL_MSG("All wolfSSL modules are already compiled in. "
- "wolfSSL_CONF_modules_load doesn't load anything new.");
- (void)cnf;
- (void)appname;
- (void)flags;
- return WOLFSSL_SUCCESS;
- }
- WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void)
- {
- WOLFSSL_CONF_VALUE* ret;
- WOLFSSL_ENTER("wolfSSL_CONF_new");
- ret = (WOLFSSL_CONF_VALUE*)XMALLOC(sizeof(WOLFSSL_CONF_VALUE),
- NULL, DYNAMIC_TYPE_OPENSSL);
- if (ret)
- XMEMSET(ret, 0, sizeof(WOLFSSL_CONF_VALUE));
- return ret;
- }
- int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
- WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value)
- {
- WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
- if (!conf || !section || !value) {
- WOLFSSL_MSG("Bad parameter");
- return WOLFSSL_FAILURE;
- }
- sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value;
- value->section = section->section;
- if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) {
- WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
- return WOLFSSL_FAILURE;
- }
- if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
- WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
- return WOLFSSL_FAILURE;
- }
- return WOLFSSL_SUCCESS;
- }
- WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
- const char *section)
- {
- WOLFSSL_CONF_VALUE* ret = NULL;
- WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
- int slen;
- WOLFSSL_ENTER("wolfSSL_CONF_new_section");
- if (!conf || !section) {
- WOLFSSL_MSG("Bad parameter");
- return NULL;
- }
- slen = (int)XSTRLEN(section);
- if (!(ret = wolfSSL_CONF_VALUE_new())) {
- WOLFSSL_MSG("wolfSSL_CONF_new error");
- goto error;
- }
- if (!(ret->section = (char*)XMALLOC(slen+1, NULL, DYNAMIC_TYPE_OPENSSL))) {
- WOLFSSL_MSG("section malloc error");
- goto error;
- }
- XMEMCPY(ret->section, section, slen+1);
- if (!(sk = wolfSSL_sk_CONF_VALUE_new(NULL))) {
- WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_new error");
- goto error;
- }
- ret->value = (char*)sk;
- if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) {
- WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
- goto error;
- }
- return ret;
- error:
- if (ret) {
- /* NULL so that wolfSSL_X509V3_conf_free doesn't attempt to free it */
- ret->value = NULL;
- wolfSSL_X509V3_conf_free(ret);
- }
- if (sk) {
- wolfSSL_sk_CONF_VALUE_free(sk);
- }
- return NULL;
- }
- WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
- const char *section)
- {
- WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
- WOLFSSL_ENTER("wolfSSL_CONF_get_section");
- if (!conf || !section) {
- WOLFSSL_MSG("Bad parameter");
- return NULL;
- }
- sk = conf->data;
- while (sk) {
- WOLFSSL_CONF_VALUE* val = sk->data.conf;
- if (val) {
- if (!val->name && XSTRCMP(section, val->section) == 0) {
- return val;
- }
- }
- sk = sk->next;
- }
- return NULL;
- }
- WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth)
- {
- WOLFSSL_CONF* ret;
- WOLFSSL_ENTER("wolfSSL_NCONF_new");
- if (meth) {
- WOLFSSL_MSG("wolfSSL does not support CONF_METHOD");
- }
- ret = (WOLFSSL_CONF*)XMALLOC(sizeof(WOLFSSL_CONF), NULL, DYNAMIC_TYPE_OPENSSL);
- if (ret) {
- XMEMSET(ret, 0, sizeof(WOLFSSL_CONF));
- ret->data = wolfSSL_sk_CONF_VALUE_new(NULL);
- if (!ret->data) {
- wolfSSL_NCONF_free(ret);
- return NULL;
- }
- }
- return ret;
- }
- char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
- const char *group, const char *name)
- {
- WOLFSSL_CONF_VALUE find_val;
- WOLFSSL_CONF_VALUE *val;
- WOLFSSL_ENTER("wolfSSL_NCONF_get_string");
- if (!conf) {
- #ifdef HAVE_SECURE_GETENV
- return secure_getenv(name);
- #else
- WOLFSSL_MSG("Missing secure_getenv");
- return NULL;
- #endif
- }
- find_val.name = (char *)name;
- if (group) {
- find_val.section = (char *)group;
- val = wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(conf->data, &find_val);
- if (val)
- return val->value;
- if (XSTRCMP(group, "ENV") == 0) {
- #ifdef HAVE_SECURE_GETENV
- return secure_getenv(name);
- #else
- WOLFSSL_MSG("Missing secure_getenv");
- return NULL;
- #endif
- }
- }
- find_val.section = (char *)"default";
- val = wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(conf->data, &find_val);
- if (val)
- return val->value;
- else
- return NULL;
- }
- int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
- const char *name, long *result)
- {
- char *str;
- WOLFSSL_ENTER("wolfSSL_NCONF_get_number");
- if (!conf || !name || !result) {
- WOLFSSL_MSG("Bad parameter");
- return WOLFSSL_FAILURE;
- }
- if (!(str = wolfSSL_NCONF_get_string(conf, group, name))) {
- WOLFSSL_MSG("wolfSSL_NCONF_get_string error");
- return WOLFSSL_FAILURE;
- }
- *result = atol(str);
- return WOLFSSL_SUCCESS;
- }
- /**
- * The WOLFSSL_CONF->value member is treated as a
- * WOLFSSL_STACK_OF(WOLFSSL_CONF_VALUE) which becomes
- * the return value.
- * @param conf
- * @param section
- * @return WOLFSSL_STACK_OF(WOLFSSL_CONF_VALUE)
- */
- WOLFSSL_STACK *wolfSSL_NCONF_get_section(
- const WOLFSSL_CONF *conf, const char *section)
- {
- WOLFSSL_CONF_VALUE *val;
- WOLFSSL_CONF_VALUE find_val;
- WOLFSSL_ENTER("wolfSSL_NCONF_get_section");
- if (!conf || !section) {
- WOLFSSL_MSG("Bad parameter");
- return NULL;
- }
- find_val.name = NULL;
- find_val.section = (char*)section;
- val = wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(conf->data, &find_val);
- if (val)
- return (WOLFSSL_STACK*)val->value;
- else
- return NULL;
- }
- #if !defined(NO_BIO)
- static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
- char* name, char* value)
- {
- WOLFSSL_CONF_VALUE* ret;
- int len;
- WOLFSSL_ENTER("wolfSSL_CONF_VALUE_new_values");
- if (!(ret = wolfSSL_CONF_VALUE_new())) {
- WOLFSSL_MSG("wolfSSL_CONF_VALUE_new error");
- return NULL;
- }
- if (section) {
- len = (int)XSTRLEN(section);
- ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
- if (!ret->section) {
- WOLFSSL_MSG("malloc error");
- wolfSSL_X509V3_conf_free(ret);
- return NULL;
- }
- XMEMCPY(ret->section, section, len+1);
- }
- if (name) {
- len = (int)XSTRLEN(name);
- ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
- if (!ret->name) {
- WOLFSSL_MSG("malloc error");
- wolfSSL_X509V3_conf_free(ret);
- return NULL;
- }
- XMEMCPY(ret->name, name, len+1);
- }
- if (value) {
- len = (int)XSTRLEN(value);
- ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
- if (!ret->value) {
- WOLFSSL_MSG("malloc error");
- wolfSSL_X509V3_conf_free(ret);
- return NULL;
- }
- XMEMCPY(ret->value, value, len+1);
- }
- return ret;
- }
- static char* expandValue(WOLFSSL_CONF *conf, const char* section,
- char *str)
- {
- int strLen = (int)XSTRLEN(str);
- char* ret = NULL;
- /* Check to see if there is anything to expand */
- if (XSTRNSTR(str, "$", strLen)) {
- int idx = 0;
- char* strIdx = str;
- ret = (char*)XMALLOC(strLen + 1, NULL, DYNAMIC_TYPE_OPENSSL);
- if (!ret) {
- WOLFSSL_MSG("malloc error");
- return str;
- }
- while (*strIdx) {
- if (*strIdx == '$') {
- /* Expand variable */
- char* startIdx = ++strIdx;
- char* endIdx;
- const char* s = section;
- const char* value;
- char prevValue;
- if (*startIdx == '{') {
- /* First read the section.
- * format: ${section_name::var_name} */
- s = ++startIdx;
- while (*strIdx && *strIdx != ':') strIdx++;
- if (!*strIdx || s == strIdx || strIdx[1] != ':') {
- WOLFSSL_MSG("invalid section name in "
- "variable expansion");
- goto expand_cleanup;
- }
- *strIdx = '\0';
- strIdx += 2;
- startIdx = strIdx;
- }
- while (*strIdx && (XISALNUM(*strIdx) || *strIdx == '_'))
- strIdx++;
- endIdx = strIdx;
- if (startIdx == endIdx) {
- WOLFSSL_MSG("invalid variable name in config");
- goto expand_cleanup;
- }
- if (s != section) {
- /* We are expecting a trailing '}' */
- if (*strIdx != '}') {
- WOLFSSL_MSG("Missing '}' in variable");
- goto expand_cleanup;
- }
- strIdx++;
- }
- /* Save char value at the end of the name so that we can place
- * a null char there. */
- prevValue = *endIdx;
- *endIdx = '\0';
- value = wolfSSL_NCONF_get_string(conf, s, startIdx);
- *endIdx = prevValue;
- /* Skip copy if no value or zero-length value */
- if (value && *value) {
- int valueLen = (int)XSTRLEN(value);
- char* newRet;
- /* This will allocate slightly more memory than necessary
- * but better be safe */
- strLen += valueLen;
- newRet = (char*)XREALLOC(ret, strLen + 1, NULL,
- DYNAMIC_TYPE_OPENSSL);
- if (!newRet) {
- WOLFSSL_MSG("realloc error");
- goto expand_cleanup;
- }
- ret = newRet;
- XMEMCPY(ret + idx, value, valueLen);
- idx += valueLen;
- }
- }
- else {
- ret[idx++] = *strIdx++;
- }
- }
- ret[idx] = '\0';
- }
- return ret ? ret : str;
- expand_cleanup:
- if (ret)
- XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
- return NULL;
- }
- #define SKIP_WHITESPACE(idx, max_idx) \
- while ((idx) < (max_idx) && (*(idx) == ' ' || *(idx) == '\t')) \
- {(idx)++;}
- int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
- {
- int ret = WOLFSSL_FAILURE;
- WOLFSSL_BIO *in = NULL;
- char* buf = NULL;
- char* idx = NULL;
- char* bufEnd = NULL;
- CONF_VALUE* section = NULL;
- long line = 0;
- int bufLen = 0;
- if (!conf || !file) {
- WOLFSSL_MSG("Bad parameter");
- return WOLFSSL_FAILURE;
- }
- /* Open file */
- if (!(in = wolfSSL_BIO_new_file(file, "rb"))) {
- WOLFSSL_MSG("wolfSSL_BIO_new_file error");
- return WOLFSSL_FAILURE;
- }
- /* Read file */
- bufLen = wolfSSL_BIO_get_len(in);
- if (bufLen <= 0) {
- WOLFSSL_MSG("wolfSSL_BIO_get_len error");
- goto cleanup;
- }
- if (!(buf = (char*)XMALLOC(bufLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
- WOLFSSL_MSG("malloc error");
- goto cleanup;
- }
- if (wolfSSL_BIO_read(in, buf, bufLen) != bufLen) {
- WOLFSSL_MSG("wolfSSL_BIO_read error");
- goto cleanup;
- }
- if (!(section = wolfSSL_CONF_new_section(conf, "default"))) {
- WOLFSSL_MSG("wolfSSL_CONF_new_section error");
- goto cleanup;
- }
- /* LETS START READING SOME CONFIGS */
- idx = buf;
- bufEnd = buf + bufLen;
- while (idx < bufEnd) {
- char* lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx));
- char* maxIdx;
- if (!lineEnd)
- lineEnd = bufEnd; /* Last line in file */
- maxIdx = XSTRNSTR(idx, "#", (unsigned int)(lineEnd - idx));
- if (!maxIdx)
- maxIdx = lineEnd;
- line++;
- SKIP_WHITESPACE(idx, maxIdx);
- if (idx == maxIdx) {
- /* Empty line */
- idx = lineEnd + 1;
- continue;
- }
- if (*idx == '[') {
- /* New section. Spaces not allowed in section name. */
- char* sectionName;
- int sectionNameLen;
- if (idx < maxIdx)
- idx++;
- else {
- WOLFSSL_MSG("Invalid section definition.");
- goto cleanup;
- }
- SKIP_WHITESPACE(idx, maxIdx);
- sectionName = idx;
- /* Find end of section name */
- while (idx < maxIdx && *idx != ' ' && *idx != ']')
- idx++;
- sectionNameLen = (int)(idx - sectionName);
- SKIP_WHITESPACE(idx, maxIdx);
- if (*idx != ']') {
- WOLFSSL_MSG("Section definition error. "
- "Closing brace not found.");
- goto cleanup;
- }
- sectionName[sectionNameLen] = '\0';
- if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) {
- section = wolfSSL_CONF_new_section(conf, sectionName);
- if (!section)
- goto cleanup;
- }
- }
- else {
- char* name;
- int nameLen;
- char* value;
- char* exValue; /* expanded value */
- int valueLen;
- WOLFSSL_CONF_VALUE* newVal = NULL;
- SKIP_WHITESPACE(idx, maxIdx);
- name = idx;
- /* Find end of name */
- while (idx < maxIdx && *idx != ' ' && *idx != '=')
- idx++;
- nameLen = (int)(idx - name);
- SKIP_WHITESPACE(idx, maxIdx);
- if (*idx != '=') {
- WOLFSSL_MSG("Missing equals sign");
- goto cleanup;
- }
- idx++;
- SKIP_WHITESPACE(idx, maxIdx);
- value = idx;
- /* Find end of value */
- idx = maxIdx-1;
- while (idx >= value && (*idx == ' ' || *idx == '\t' || *idx == '\r'))
- idx--;
- valueLen = (int)(idx - value + 1);
- /* Sanity checks */
- if (nameLen <= 0 || valueLen <= 0) {
- WOLFSSL_MSG("Sanity checks failed");
- goto cleanup;
- }
- name[nameLen] = '\0';
- value[valueLen] = '\0';
- if (!(exValue = expandValue(conf, section->section, value))) {
- WOLFSSL_MSG("Variable expansion failed");
- goto cleanup;
- }
- if (!(newVal = wolfSSL_CONF_VALUE_new_values(NULL,
- name, exValue))) {
- WOLFSSL_MSG("wolfSSL_CONF_VALUE_new_values error");
- if (exValue != value)
- XFREE(exValue, NULL, DYNAMIC_TYPE_OPENSSL);
- goto cleanup;
- }
- if (exValue != value)
- XFREE(exValue, NULL, DYNAMIC_TYPE_OPENSSL);
- if (wolfSSL_CONF_add_string(conf, section, newVal) !=
- WOLFSSL_SUCCESS) {
- WOLFSSL_MSG("wolfSSL_CONF_add_string error");
- goto cleanup;
- }
- }
- idx = lineEnd + 1;
- }
- ret = WOLFSSL_SUCCESS;
- cleanup:
- if (in)
- wolfSSL_BIO_free(in);
- if (buf)
- XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
- if (eline)
- *eline = line;
- return ret;
- }
- #endif /* !NO_BIO */
- void wolfSSL_NCONF_free(WOLFSSL_CONF *conf)
- {
- WOLFSSL_ENTER("wolfSSL_NCONF_free");
- if (conf) {
- wolfSSL_sk_CONF_VALUE_free(conf->data);
- XFREE(conf, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val)
- {
- WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
- if (val) {
- if (val->name) {
- /* Not a section. Don't free section as it is a shared pointer. */
- XFREE(val->name, NULL, DYNAMIC_TYPE_OPENSSL);
- if (val->value)
- XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- else {
- /* Section so val->value is a stack */
- if (val->section)
- XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL);
- /* Only free the stack structures. The contained conf values
- * will be freed in wolfSSL_NCONF_free */
- sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value;
- while (sk) {
- WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *tmp = sk->next;
- XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
- sk = tmp;
- }
- }
- XFREE(val, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- }
- WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(
- WOLF_SK_COMPARE_CB(WOLFSSL_CONF_VALUE, compFunc))
- {
- WOLFSSL_STACK* ret;
- WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_new");
- ret = wolfSSL_sk_new_node(NULL);
- if (!ret)
- return NULL;
- ret->hash_fn = (wolf_sk_hash_cb)wolfSSL_CONF_VALUE_hash;
- ret->type = STACK_TYPE_CONF_VALUE;
- (void)compFunc;
- return ret;
- }
- /* Free the structure for WOLFSSL_CONF_VALUE stack
- *
- * sk stack to free nodes in
- */
- void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk)
- {
- WOLFSSL_STACK* tmp;
- WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_free");
- if (sk == NULL)
- return;
- /* parse through stack freeing each node */
- while (sk) {
- tmp = sk->next;
- wolfSSL_X509V3_conf_free(sk->data.conf);
- XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
- sk = tmp;
- }
- }
- int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk)
- {
- WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_num");
- if (sk)
- return wolfSSL_sk_num(sk);
- return 0;
- }
- WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(const WOLFSSL_STACK *sk, int i)
- {
- WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_value");
- if (sk)
- return (WOLFSSL_CONF_VALUE*)wolfSSL_sk_value(sk, i);
- return NULL;
- }
- /* return 1 on success 0 on fail */
- int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
- WOLFSSL_CONF_VALUE* val)
- {
- WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_push");
- if (sk == NULL || val == NULL) {
- return WOLFSSL_FAILURE;
- }
- return wolfSSL_sk_push(sk, val);
- }
- #endif /* !NO_CERTS && OPENSSL_EXTRA && OPENSSL_ALL */
- #ifdef OPENSSL_EXTRA
- #ifndef NO_WOLFSSL_STUB
- /* Returns default file name and path of config file. However
- a wolfssl.cnf file is not currently supported */
- char* wolfSSL_CONF_get1_default_config_file(void)
- {
- WOLFSSL_ENTER("wolfSSL_CONF_get1_default_config_file");
- WOLFSSL_STUB("CONF_get1_default_config_file");
- return NULL;
- }
- #endif
- /**
- * Allocate WOLFSSL_CONF_CTX instance
- * @return pointer to WOLFSSL_CONF_CTX structure on success and NULL on fail
- */
- WOLFSSL_CONF_CTX* wolfSSL_CONF_CTX_new(void)
- {
- WOLFSSL_CONF_CTX* cctx;
- WOLFSSL_ENTER("wolfSSL_CONF_CTX_new");
- cctx = (WOLFSSL_CONF_CTX*)XMALLOC(sizeof(WOLFSSL_CONF_CTX), NULL,
- DYNAMIC_TYPE_OPENSSL);
- if (!cctx) {
- WOLFSSL_MSG("malloc error");
- return NULL;
- }
- XMEMSET(cctx, 0, sizeof(WOLFSSL_CONF_CTX));
- return cctx;
- }
- /**
- * Release WOLFSSL_CONF_CTX instance
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure to be freed
- */
- void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx)
- {
- WOLFSSL_ENTER("wolfSSL_CONF_CTX_free");
- if (cctx) {
- XFREE(cctx, NULL, DYNAMIC_TYPE_OPENSSL);
- }
- WOLFSSL_LEAVE("wolfSSL_CONF_CTX_free", 1);
- }
- /**
- * Set WOLFSSL_CTX instance to WOLFSSL_CONF_CTX
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure to set a WOLFSSL_CTX
- * pointer to its ctx
- * @param ctx a pointer to WOLFSSL_CTX structure to be set
- */
- void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx)
- {
- WOLFSSL_ENTER("wolfSSL_CONF_CTX_set_ssl_ctx");
- /* sanity check */
- if (cctx == NULL) {
- WOLFSSL_MSG("cctx is null");
- return;
- }
- cctx->ctx = ctx;
- WOLFSSL_LEAVE("wolfSSL_CONF_CTX_set_ssl_ctx", 1);
- }
- /**
- * set flag value into WOLFSSL_CONF_CTX
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure to be set
- * @param flags falg value to be OR'd
- * @return OR'd flag value, otherwise 0
- */
- unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx,
- unsigned int flags)
- {
- /* sanity check */
- if (cctx == NULL)
- return 0;
- cctx->flags |= flags;
- return cctx->flags;
- }
- /**
- * finish configuration command operation
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure to be set
- * @return WOLFSSL_SUCCESS on success
- */
- int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx)
- {
- (void)cctx;
- return WOLFSSL_SUCCESS;
- }
- /*
- * The following definitions and static functions are used for
- * wolfSSL_CONF_cmd() to handle command.
- *
- * Definitions below are a part of conf_cmds_tbl[] contents.
- * WOLFSSL_CONF_FILE_CMDx represents command name in configuration file
- * WOLFSSL_CONF_CMDL_CMDx represents command name on command line
- *
- * The static functions after the definition section process
- * those FILE or CMDL which are defined in the conf_cmds_tbl.
- *
- * To add a new command handling:
- * 1. Add new #define to a section of WOLFSSL_CONF_FILE_CMD* and
- * WOLFSSL_CONF_CMDL_CMD*
- * 2. Add new static function after #define section, before
- * "typedef struct conf_cmd_tbl {" line
- * 3. Add new entry to conf_cmds_tbl[] by following other command entries
- */
- #define WOLFSSL_CONF_FILE_CMD1 "Curves"
- #define WOLFSSL_CONF_FILE_CMD2 "Certificate"
- #define WOLFSSL_CONF_FILE_CMD3 "PrivateKey"
- #define WOLFSSL_CONF_FILE_CMD4 "Protocol"
- #define WOLFSSL_CONF_FILE_CMD5 "Options"
- #define WOLFSSL_CONF_FILE_CMD6 "ServerInfoFile"
- #define WOLFSSL_CONF_FILE_CMD7 "SignatureAlgorithms"
- #define WOLFSSL_CONF_FILE_CMD8 "ClientSignatureAlgorithms"
- #define WOLFSSL_CONF_FILE_CMD9 "CipherString"
- #define WOLFSSL_CONF_CMDL_CMD1 "curves"
- #define WOLFSSL_CONF_CMDL_CMD2 "cert"
- #define WOLFSSL_CONF_CMDL_CMD3 "key"
- #define WOLFSSL_CONF_CMDL_CMD4 NULL
- #define WOLFSSL_CONF_CMDL_CMD5 NULL
- #define WOLFSSL_CONF_CMDL_CMD6 NULL
- #define WOLFSSL_CONF_CMDL_CMD7 "sigalgs"
- #define WOLFSSL_CONF_CMDL_CMD8 "client_sigalgs"
- #define WOLFSSL_CONF_CMDL_CMD9 "cipher"
- #if !defined(NO_DH) && !defined(NO_BIO)
- #define WOLFSSL_CONF_FILE_CMD10 "DHParameters"
- #define WOLFSSL_CONF_CMDL_CMD10 "dhparam"
- #endif
- #ifdef HAVE_ECC
- #define WOLFSSL_CONF_FILE_CMD11 "ECDHParameters"
- #define WOLFSSL_CONF_CMDL_CMD11 "named_curves"
- #endif
- /**
- * process Cipher String command
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure
- * @param value arguments for cmd
- * @return WOLFSSL_SUCCESS on success,
- * otherwise WOLFSSL_FAILURE or
- * -3 if value is null or
- * negative value on other failure
- */
- static int cmdfunc_cipherstring(WOLFSSL_CONF_CTX* cctx, const char* value)
- {
- int ret = -3;
- WOLFSSL_ENTER("cmdfunc_cipherstring");
- /* sanity check */
- if (cctx == NULL)
- return WOLFSSL_FAILURE;
- if (value == NULL) {
- WOLFSSL_MSG("bad arguments");
- return ret;
- }
- if (cctx->ctx) {
- ret = wolfSSL_CTX_set_cipher_list(cctx->ctx, value);
- }
- if (((cctx->ctx && ret == WOLFSSL_SUCCESS) ||
- (!cctx->ctx && ret == -3)) &&
- cctx->ssl) {
- ret = wolfSSL_set_cipher_list(cctx->ssl, value);
- }
- WOLFSSL_LEAVE("cmdfunc_cipherstring", ret);
- return ret;
- }
- /**
- * process curves command
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure
- * @param value arguments for cmd
- * @return WOLFSSL_SUCCESS on success,
- * otherwise WOLFSSL_FAILURE or
- * -3 if value is null or
- * negative value on other failure
- */
- #if defined(HAVE_ECC)
- static int cmdfunc_curves(WOLFSSL_CONF_CTX* cctx, const char* value)
- {
- int ret = -3;
- WOLFSSL_ENTER("cmdfunc_curves");
- /* sanity check */
- if (cctx == NULL)
- return WOLFSSL_FAILURE;
- if (value == NULL) {
- WOLFSSL_MSG("bad arguments");
- return ret;
- }
- if (cctx->ctx) {
- ret = wolfSSL_CTX_set1_curves_list(cctx->ctx, value);
- }
- if (((cctx->ctx && ret == WOLFSSL_SUCCESS) ||
- (!cctx->ctx && ret == -3)) &&
- cctx->ssl) {
- ret = wolfSSL_set1_curves_list(cctx->ssl, value);
- }
- WOLFSSL_LEAVE("cmdfunc_curves", ret);
- return ret;
- }
- #endif
- #ifndef NO_FILESYSTEM
- /**
- * process cert command
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure
- * @param value arguments for cmd
- * @return WOLFSSL_SUCCESS on success,
- * otherwise WOLFSSL_FAILURE or
- * -3 if value is null or
- * negative value on other failure
- */
- static int cmdfunc_cert(WOLFSSL_CONF_CTX* cctx, const char* value)
- {
- int ret = -3;
- WOLFSSL_ENTER("cmdfunc_cert");
- /* sanity check */
- if (cctx == NULL)
- return WOLFSSL_FAILURE;
- if (value == NULL) {
- WOLFSSL_MSG("bad arguments");
- return ret;
- }
- if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
- WOLFSSL_MSG("certificate flag is not set");
- return -2;
- }
- if (cctx->ctx) {
- ret = wolfSSL_CTX_use_certificate_chain_file(cctx->ctx, value);
- }
- if (((cctx->ctx && ret == WOLFSSL_SUCCESS) ||
- (!cctx->ctx && ret == -3)) &&
- cctx->ssl) {
- ret = wolfSSL_use_certificate_file(cctx->ssl, value,
- WOLFSSL_FILETYPE_PEM);
- }
- WOLFSSL_LEAVE("cmdfunc_cert", ret);
- return ret;
- }
- /**
- * process key command
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure
- * @param value arguments for cmd
- * @return WOLFSSL_SUCCESS on success,
- * otherwise WOLFSSL_FAILURE or
- * -3 if value is null or
- * negative value on other failure
- */
- static int cmdfunc_key(WOLFSSL_CONF_CTX* cctx, const char* value)
- {
- int ret = -3;
- WOLFSSL_ENTER("cmdfunc_key");
- /* sanity check */
- if (cctx == NULL)
- return WOLFSSL_FAILURE;
- if (value == NULL) {
- WOLFSSL_MSG("bad arguments");
- return ret;
- }
- if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
- WOLFSSL_MSG("certificate flag is not set");
- return -2;
- }
- if (cctx->ctx) {
- ret = wolfSSL_CTX_use_PrivateKey_file(cctx->ctx, value,
- WOLFSSL_FILETYPE_PEM);
- }
- if (((cctx->ctx && ret == WOLFSSL_SUCCESS) ||
- (!cctx->ctx && ret == -3)) &&
- cctx->ssl) {
- ret = wolfSSL_use_PrivateKey_file(cctx->ssl, value,
- WOLFSSL_FILETYPE_PEM);
- }
- WOLFSSL_LEAVE("cmdfunc_key", ret);
- return ret;
- }
- #endif /* NO_FILESYSTEM */
- /**
- * process DH parameter command
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure
- * @param value arguments for cmd
- * @return WOLFSSL_SUCCESS on success,
- * otherwise WOLFSSL_FAILURE or
- * -3 if value is null or
- * negative value on other failure
- */
- #if !defined(NO_DH) && !defined(NO_BIO)
- static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value)
- {
- int ret = -3;
- WOLFSSL_DH* dh = NULL;
- WOLFSSL_BIO* bio = NULL;
- WOLFSSL_MSG("cmdfunc_dhparam");
- /* sanity check */
- if (cctx == NULL)
- return WOLFSSL_FAILURE;
- if (value == NULL) {
- WOLFSSL_MSG("bad arguments");
- return ret;
- }
- if (cctx->ctx || cctx->ssl) {
- bio = wolfSSL_BIO_new_file(value, "rb");
- if (!bio) {
- WOLFSSL_MSG("bio new file failed");
- return WOLFSSL_FAILURE;
- }
- dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
- if (!dh) {
- wolfSSL_BIO_free(bio);
- WOLFSSL_MSG("PEM read bio failed");
- return WOLFSSL_FAILURE;
- }
- } else {
- return 1;
- }
- if (cctx->ctx) {
- ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh);
- }
- if (((cctx->ctx && ret == WOLFSSL_SUCCESS) ||
- (!cctx->ctx && ret == -3)) &&
- cctx->ssl) {
- ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ssl->ctx, dh);
- }
- if (dh)
- wolfSSL_DH_free(dh);
- if (bio)
- wolfSSL_BIO_free(bio);
- WOLFSSL_LEAVE("cmdfunc_dhparam", ret);
- return ret;
- }
- #endif /* !NO_DH && !NO_BIO */
- /**
- * command table
- */
- typedef struct conf_cmd_tbl {
- const char* file_cmd;
- const char* cmdline_cmd;
- word32 data_type;
- int (*cmdfunc)(WOLFSSL_CONF_CTX* cctx, const char* value);
- }conf_cmd_tbl;
- static const conf_cmd_tbl conf_cmds_tbl[] = {
- #if defined(HAVE_ECC)
- /* cmd Curves */
- {WOLFSSL_CONF_FILE_CMD1, WOLFSSL_CONF_CMDL_CMD1,
- WOLFSSL_CONF_TYPE_STRING, cmdfunc_curves},
- #endif
- #if !defined(NO_FILESYSTEM)
- /* cmd Certificate */
- {WOLFSSL_CONF_FILE_CMD2, WOLFSSL_CONF_CMDL_CMD2,
- WOLFSSL_CONF_TYPE_FILE, cmdfunc_cert},
- /* cmd PrivateKey */
- {WOLFSSL_CONF_FILE_CMD3, WOLFSSL_CONF_CMDL_CMD3,
- WOLFSSL_CONF_TYPE_FILE, cmdfunc_key},
- #endif
- /* cmd Protocol */
- {WOLFSSL_CONF_FILE_CMD4, WOLFSSL_CONF_CMDL_CMD4,
- WOLFSSL_CONF_TYPE_STRING, NULL},
- /* cmd Options */
- {WOLFSSL_CONF_FILE_CMD5, WOLFSSL_CONF_CMDL_CMD5,
- WOLFSSL_CONF_TYPE_STRING, NULL},
- /* cmd ServerInfoFile */
- {WOLFSSL_CONF_FILE_CMD6, WOLFSSL_CONF_CMDL_CMD6,
- WOLFSSL_CONF_TYPE_FILE, NULL},
- /* cmd SignatureAlgorithms */
- {WOLFSSL_CONF_FILE_CMD7, WOLFSSL_CONF_CMDL_CMD7,
- WOLFSSL_CONF_TYPE_STRING, NULL},
- /* cmd ClientSignatureAlgorithms */
- {WOLFSSL_CONF_FILE_CMD8, WOLFSSL_CONF_CMDL_CMD8,
- WOLFSSL_CONF_TYPE_STRING, NULL},
- /* cmd CipherString */
- {WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9,
- WOLFSSL_CONF_TYPE_STRING, cmdfunc_cipherstring},
- #if !defined(NO_DH) && !defined(NO_BIO)
- /* cmd DHParameters */
- {WOLFSSL_CONF_FILE_CMD10, WOLFSSL_CONF_CMDL_CMD10,
- WOLFSSL_CONF_TYPE_FILE, cmdfunc_dhparam},
- #endif
- #ifdef HAVE_ECC
- /* cmd ECHDParameters */
- {WOLFSSL_CONF_FILE_CMD11, WOLFSSL_CONF_CMDL_CMD11,
- WOLFSSL_CONF_TYPE_STRING, NULL},
- #endif
- };
- /* size of command table */
- static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl)
- / sizeof(conf_cmd_tbl);
- static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx,
- const char* cmd)
- {
- size_t i = 0;
- size_t cmdlen = 0;
- if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
- cmdlen = XSTRLEN(cmd);
- if (cmdlen < 2) {
- WOLFSSL_MSG("bad cmdline command");
- return NULL;
- }
- /* skip "-" prefix */
- ++cmd;
- }
- for (i = 0; i < size_of_cmd_tbls; i++) {
- /* check if the cmd is valid */
- if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
- if (conf_cmds_tbl[i].cmdline_cmd != NULL &&
- XSTRCMP(cmd, conf_cmds_tbl[i].cmdline_cmd) == 0) {
- return &conf_cmds_tbl[i];
- }
- }
- if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) {
- if (conf_cmds_tbl[i].file_cmd != NULL &&
- XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) {
- return &conf_cmds_tbl[i];
- }
- }
- }
- return NULL;
- }
- /**
- * send configuration command
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure
- * @param cmd configuration command
- * @param value arguments for cmd
- * @return 1 when cmd is recognised, but value is not used
- * 2 both cmd and value are used
- * otherwise WOLFSSL_FAILURE
- * -2 if cmd is not recognised
- * -3 if value is NULL, but cmd is recognized
- */
- int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
- {
- int ret = WOLFSSL_FAILURE;
- const conf_cmd_tbl* confcmd = NULL;
- WOLFSSL_ENTER("wolfSSL_CONF_cmd");
- /* sanity check */
- if (cctx == NULL || cmd == NULL) {
- WOLFSSL_MSG("bad arguments");
- return ret;
- }
- confcmd = wolfssl_conf_find_cmd(cctx, cmd);
- if (confcmd == NULL)
- return -2;
- if (confcmd->cmdfunc == NULL) {
- WOLFSSL_MSG("cmd not yet implemented");
- return -2;
- }
- ret = confcmd->cmdfunc(cctx, value);
- /* return code compliant with OpenSSL */
- if (ret < -3)
- ret = 0;
- WOLFSSL_LEAVE("wolfSSL_CONF_cmd", ret);
- return ret;
- }
- /**
- *
- * @param cctx a pointer to WOLFSSL_CONF_CTX structure
- * @param cmd configuration command
- * @return The SSL_CONF_TYPE_* type or SSL_CONF_TYPE_UNKNOWN if an
- * unvalid command
- */
- int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
- {
- const conf_cmd_tbl* confcmd = NULL;
- WOLFSSL_ENTER("wolfSSL_CONF_cmd_value_type");
- confcmd = wolfssl_conf_find_cmd(cctx, cmd);
- if (confcmd == NULL)
- return SSL_CONF_TYPE_UNKNOWN;
- return (int)confcmd->data_type;
- }
- #endif /* OPENSSL_EXTRA */
- /*******************************************************************************
- * END OF CONF API
- ******************************************************************************/
- #endif /* WOLFSSL_CONF_INCLUDED */
|