Domů Procházet Nápověda
Přihlásit se
OWEALs
/
wolfssl
zrcadlo https://github.com/wolfSSL/wolfssl.git
2
0
Rozštěpit 0
Soubory Úkoly 8 Wiki
Větev: revert-5549-fix_sha256_debug
Větve Značky
wolfssl
/
src
/
conf.c

conf.c 45 KB
Trvalý odkaz Historie Surový

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609 
  1. /* conf.c
    2. 

  2.  *
    3. 

  3.  * Copyright (C) 2006-2022 wolfSSL Inc.
    4. 

  4.  *
    5. 

  5.  * This file is part of wolfSSL.
    6. 

  6.  *
    7. 

  7.  * wolfSSL is free software; you can redistribute it and/or modify
    8. 

  8.  * it under the terms of the GNU General Public License as published by
    9. 

  9.  * the Free Software Foundation; either version 2 of the License, or
    10. 

  10.  * (at your option) any later version.
    11. 

  11.  *
    12. 

  12.  * wolfSSL is distributed in the hope that it will be useful,
    13. 

  13.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    14. 

  14.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    15. 

  15.  * GNU General Public License for more details.
    16. 

  16.  *
    17. 

  17.  * You should have received a copy of the GNU General Public License
    18. 

  18.  * along with this program; if not, write to the Free Software
    19. 

  19.  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
    20. 

  20.  */
    21. 

  21. 

  22. 

  23. #ifdef HAVE_CONFIG_H
    24. 

  24.     #include <config.h>
    25. 

  25. #endif
    26. 

  26. 

  27. #include <wolfssl/wolfcrypt/settings.h>
    28. 

  28. 

  29. #if !defined(WOLFSSL_CONF_INCLUDED)
    30. 

  30.     #ifndef WOLFSSL_IGNORE_FILE_WARN
    31. 

  31.         #warning conf.c does not need to be compiled separately from ssl.c
    32. 

  32.     #endif
    33. 

  33. #else
    34. 

  34. 

  35. /*******************************************************************************
    36. 

  36.  * START OF TXT_DB API
    37. 

  37.  ******************************************************************************/
    38. 

  38. 

  39. #if defined(OPENSSL_ALL) && !defined(NO_BIO)
    40. 

  40. /**
    41. 

  41.  * This function reads a tab delimetered CSV input and returns
    42. 

  42.  * a populated WOLFSSL_TXT_DB structure.
    43. 

  43.  * @param in Tab delimetered CSV input
    44. 

  44.  * @param num Number of fields in each row.
    45. 

  45.  * @return
    46. 

  46.  */
    47. 

  47. WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num)
    48. 

  48. {
    49. 

  49.     WOLFSSL_TXT_DB *ret = NULL;
    50. 

  50.     char *buf = NULL;
    51. 

  51.     char *bufEnd = NULL;
    52. 

  52.     char *idx = NULL;
    53. 

  53.     char* lineEnd = NULL;
    54. 

  54.     int bufSz;
    55. 

  55.     int failed = 1;
    56. 

  56.     /* Space in front of str reserved for field pointers + \0 */
    57. 

  57.     int fieldsSz = (num + 1) * sizeof(char *);
    58. 

  58.     WOLFSSL_ENTER("wolfSSL_TXT_DB_read");
    59. 

  59. 

  60.     if (!in || num <= 0 || num > WOLFSSL_TXT_DB_MAX_FIELDS) {
    61. 

  61.         WOLFSSL_MSG("Bad parameter or too many fields");
    62. 

  62.         return NULL;
    63. 

  63.     }
    64. 

  64. 

  65.     if (!(ret = (WOLFSSL_TXT_DB*)XMALLOC(sizeof(WOLFSSL_TXT_DB), NULL,
    66. 

  66.             DYNAMIC_TYPE_OPENSSL))) {
    67. 

  67.         WOLFSSL_MSG("malloc error");
    68. 

  68.         goto error;
    69. 

  69.     }
    70. 

  70.     XMEMSET (ret, 0, sizeof(WOLFSSL_TXT_DB));
    71. 

  71.     ret->num_fields = num;
    72. 

  72. 

  73.     if (!(ret->data = wolfSSL_sk_WOLFSSL_STRING_new())) {
    74. 

  74.         WOLFSSL_MSG("wolfSSL_sk_WOLFSSL_STRING_new error");
    75. 

  75.         goto error;
    76. 

  76.     }
    77. 

  77. 

  78.     bufSz = wolfSSL_BIO_get_len(in);
    79. 

  79.     if (bufSz <= 0 ||
    80. 

  80.             !(buf = (char*)XMALLOC(bufSz+1, NULL,
    81. 

  81.                     DYNAMIC_TYPE_TMP_BUFFER))) {
    82. 

  82.         WOLFSSL_MSG("malloc error or no data in BIO");
    83. 

  83.         goto error;
    84. 

  84.     }
    85. 

  85. 

  86.     if (wolfSSL_BIO_read(in, buf, bufSz) != bufSz) {
    87. 

  87.         WOLFSSL_MSG("malloc error or no data in BIO");
    88. 

  88.         goto error;
    89. 

  89.     }
    90. 

  90. 

  91.     buf[bufSz] = '\0';
    92. 

  92.     idx = buf;
    93. 

  93.     for (bufEnd = buf + bufSz; idx < bufEnd; idx = lineEnd + 1) {
    94. 

  94.         char* strBuf = NULL;
    95. 

  95.         char** fieldPtr = NULL;
    96. 

  96.         int fieldPtrIdx = 0;
    97. 

  97.         char* fieldCheckIdx = NULL;
    98. 

  98.         lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx));
    99. 

  99.         if (!lineEnd)
    100. 

  100.             lineEnd = bufEnd;
    101. 

  101.         if (idx == lineEnd) /* empty line */
    102. 

  102.             continue;
    103. 

  103.         if (*idx == '#')
    104. 

  104.             continue;
    105. 

  105.         *lineEnd = '\0';
    106. 

  106.         strBuf = (char*)XMALLOC(fieldsSz + lineEnd - idx + 1, NULL,
    107. 

  107.                                 DYNAMIC_TYPE_OPENSSL);
    108. 

  108.         if (!strBuf) {
    109. 

  109.             WOLFSSL_MSG("malloc error");
    110. 

  110.             goto error;
    111. 

  111.         }
    112. 

  112.         XMEMCPY(strBuf + fieldsSz, idx, lineEnd - idx + 1); /* + 1 for NULL */
    113. 

  113.         XMEMSET(strBuf, 0, fieldsSz);
    114. 

  114.         /* Check for appropriate number of fields */
    115. 

  115.         fieldPtr = (char**)strBuf;
    116. 

  116.         fieldCheckIdx = strBuf + fieldsSz;
    117. 

  117.         fieldPtr[fieldPtrIdx++] = fieldCheckIdx;
    118. 

  118.         while (*fieldCheckIdx != '\0') {
    119. 

  119.             /* Handle escaped tabs */
    120. 

  120.             if (*fieldCheckIdx == '\t' && fieldCheckIdx[-1] != '\\') {
    121. 

  121.                 fieldPtr[fieldPtrIdx++] = fieldCheckIdx + 1;
    122. 

  122.                 *fieldCheckIdx = '\0';
    123. 

  123.                 if (fieldPtrIdx > num) {
    124. 

  124.                     WOLFSSL_MSG("too many fields");
    125. 

  125.                     XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
    126. 

  126.                     goto error;
    127. 

  127.                 }
    128. 

  128.             }
    129. 

  129.             fieldCheckIdx++;
    130. 

  130.         }
    131. 

  131.         if (fieldPtrIdx != num) {
    132. 

  132.             WOLFSSL_MSG("wrong number of fields");
    133. 

  133.             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
    134. 

  134.             goto error;
    135. 

  135.         }
    136. 

  136.         if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) {
    137. 

  137.             WOLFSSL_MSG("wolfSSL_sk_push error");
    138. 

  138.             XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL);
    139. 

  139.             goto error;
    140. 

  140.         }
    141. 

  141.     }
    142. 

  142. 

  143.     failed = 0;
    144. 

  144. error:
    145. 

  145.     if (failed && ret) {
    146. 

  146.         XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
    147. 

  147.         ret = NULL;
    148. 

  148.     }
    149. 

  149.     if (buf) {
    150. 

  150.         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    151. 

  151.     }
    152. 

  152.     return ret;
    153. 

  153. }
    154. 

  154. 

  155. long wolfSSL_TXT_DB_write(WOLFSSL_BIO *out, WOLFSSL_TXT_DB *db)
    156. 

  156. {
    157. 

  157.     const WOLF_STACK_OF(WOLFSSL_STRING)* data;
    158. 

  158.     long totalLen = 0;
    159. 

  159.     char buf[512]; /* Should be more than enough for a single row */
    160. 

  160.     char* bufEnd = buf + sizeof(buf);
    161. 

  161.     int sz;
    162. 

  162.     int i;
    163. 

  163. 

  164.     WOLFSSL_ENTER("wolfSSL_TXT_DB_write");
    165. 

  165. 

  166.     if (!out || !db || !db->num_fields) {
    167. 

  167.         WOLFSSL_MSG("Bad parameter");
    168. 

  168.         return WOLFSSL_FAILURE;
    169. 

  169.     }
    170. 

  170. 

  171.     data = db->data;
    172. 

  172.     while (data) {
    173. 

  173.         char** fields = (char**)data->data.string;
    174. 

  174.         char* idx = buf;
    175. 

  175. 

  176.         if (!fields) {
    177. 

  177.             WOLFSSL_MSG("Missing row");
    178. 

  178.             return WOLFSSL_FAILURE;
    179. 

  179.         }
    180. 

  180. 

  181.         for (i = 0; i < db->num_fields; i++) {
    182. 

  182.             const char* fieldValue = fields[i];
    183. 

  183.             if (!fieldValue) {
    184. 

  184.                 fieldValue = "";
    185. 

  185.             }
    186. 

  186. 

  187.             /* Copy over field escaping tabs */
    188. 

  188.             while (*fieldValue != '\0') {
    189. 

  189.                 if (idx+1 < bufEnd) {
    190. 

  190.                     if (*fieldValue == '\t')
    191. 

  191.                         *idx++ = '\\';
    192. 

  192.                     *idx++ = *fieldValue++;
    193. 

  193.                 }
    194. 

  194.                 else {
    195. 

  195.                     WOLFSSL_MSG("Data row is too big");
    196. 

  196.                     return WOLFSSL_FAILURE;
    197. 

  197.                 }
    198. 

  198.             }
    199. 

  199.             if (idx < bufEnd) {
    200. 

  200.                 *idx++ = '\t';
    201. 

  201.             }
    202. 

  202.             else {
    203. 

  203.                 WOLFSSL_MSG("Data row is too big");
    204. 

  204.                 return WOLFSSL_FAILURE;
    205. 

  205.             }
    206. 

  206.         }
    207. 

  207.         idx[-1] = '\n';
    208. 

  208.         sz = (int)(idx - buf);
    209. 

  209. 

  210.         if (wolfSSL_BIO_write(out, buf, sz) != sz) {
    211. 

  211.             WOLFSSL_MSG("wolfSSL_BIO_write error");
    212. 

  212.             return WOLFSSL_FAILURE;
    213. 

  213.         }
    214. 

  214.         totalLen += sz;
    215. 

  215. 

  216.         data = data->next;
    217. 

  217.     }
    218. 

  218. 

  219.     return totalLen;
    220. 

  220. }
    221. 

  221. 

  222. int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row)
    223. 

  223. {
    224. 

  224.     WOLFSSL_ENTER("wolfSSL_TXT_DB_insert");
    225. 

  225. 

  226.     if (!db || !row || !db->data) {
    227. 

  227.         WOLFSSL_MSG("Bad parameter");
    228. 

  228.         return WOLFSSL_FAILURE;
    229. 

  229.     }
    230. 

  230. 

  231.     if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) {
    232. 

  232.         WOLFSSL_MSG("wolfSSL_sk_push error");
    233. 

  233.         return WOLFSSL_FAILURE;
    234. 

  234.     }
    235. 

  235. 

  236.     return WOLFSSL_SUCCESS;
    237. 

  237. }
    238. 

  238. 

  239. void wolfSSL_TXT_DB_free(WOLFSSL_TXT_DB *db)
    240. 

  240. {
    241. 

  241.     WOLFSSL_ENTER("wolfSSL_TXT_DB_free");
    242. 

  242.     if (db) {
    243. 

  243.         if (db->data) {
    244. 

  244.             wolfSSL_sk_pop_free(db->data, NULL);
    245. 

  245.         }
    246. 

  246.         XFREE(db, NULL, DYNAMIC_TYPE_OPENSSL);
    247. 

  247.     }
    248. 

  248. }
    249. 

  249. 

  250. int wolfSSL_TXT_DB_create_index(WOLFSSL_TXT_DB *db, int field,
    251. 

  251.         void* qual, wolf_sk_hash_cb hash, wolf_sk_compare_cb cmp)
    252. 

  252. {
    253. 

  253.     WOLFSSL_ENTER("wolfSSL_TXT_DB_create_index");
    254. 

  254.     (void)qual;
    255. 

  255. 

  256.     if (!db || !hash || !cmp || field >= db->num_fields || field < 0) {
    257. 

  257.         WOLFSSL_MSG("Bad parameter");
    258. 

  258.         return WOLFSSL_FAILURE;
    259. 

  259.     }
    260. 

  260. 

  261.     db->hash_fn[field] = hash;
    262. 

  262.     db->comp[field] = cmp;
    263. 

  263. 

  264.     return WOLFSSL_SUCCESS;
    265. 

  265. }
    266. 

  266. 

  267. WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, int idx,
    268. 

  268.         WOLFSSL_STRING *value)
    269. 

  269. {
    270. 

  270.     WOLFSSL_ENTER("wolfSSL_TXT_DB_get_by_index");
    271. 

  271. 

  272.     if (!db || !db->data || idx < 0 || idx >= db->num_fields) {
    273. 

  273.         WOLFSSL_MSG("Bad parameter");
    274. 

  274.         return NULL;
    275. 

  275.     }
    276. 

  276. 

  277.     if (!db->hash_fn[idx] || !db->comp[idx]) {
    278. 

  278.         WOLFSSL_MSG("Missing hash or cmp functions");
    279. 

  279.         return NULL;
    280. 

  280.     }
    281. 

  281. 

  282.     /* If first data struct has correct hash and cmp function then
    283. 

  283.      * assume others do too */
    284. 

  284.     if (db->data->hash_fn != db->hash_fn[idx] ||
    285. 

  285.             db->data->comp != db->comp[idx]) {
    286. 

  286.         /* Set the hash and comp functions */
    287. 

  287.         WOLF_STACK_OF(WOLFSSL_STRING)* data = db->data;
    288. 

  288.         while (data) {
    289. 

  289.             if (data->comp != db->comp[idx] ||
    290. 

  290.                     data->hash_fn != db->hash_fn[idx]) {
    291. 

  291.                 data->comp = db->comp[idx];
    292. 

  292.                 data->hash_fn = db->hash_fn[idx];
    293. 

  293.                 data->hash = 0;
    294. 

  294.             }
    295. 

  295.             data= data->next;
    296. 

  296.         }
    297. 

  297.     }
    298. 

  298.     return (WOLFSSL_STRING*) wolfSSL_lh_retrieve(db->data, value);
    299. 

  299. }
    300. 

  300. 

  301. #endif /* OPENSSL_ALL && !NO_BIO */
    302. 

  302. 

  303. /*******************************************************************************
    304. 

  304.  * END OF TXT_DB API
    305. 

  305.  ******************************************************************************/
    306. 

  306. 

  307. /*******************************************************************************
    308. 

  308.  * START OF CONF API
    309. 

  309.  ******************************************************************************/
    310. 

  310. 

  311. #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
    312. 

  312.  || defined(HAVE_STUNNEL)
    313. 

  313. #ifndef NO_WOLFSSL_STUB
    314. 

  314. void wolfSSL_OPENSSL_config(char *config_name)
    315. 

  315. {
    316. 

  316.     (void)config_name;
    317. 

  317.     WOLFSSL_STUB("OPENSSL_config");
    318. 

  318. }
    319. 

  319. #endif /* !NO_WOLFSSL_STUB */
    320. 

  320. #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_STUNNEL*/
    321. 

  321. 

  322. #if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL)
    323. 

  323. 

  324. /**
    325. 

  325.  * This is the same hashing algo for WOLFSSL_CONF_VALUE as OpenSSL
    326. 

  326.  */
    327. 

  327. static unsigned long wolfSSL_CONF_VALUE_hash(const WOLFSSL_CONF_VALUE *val)
    328. 

  328. {
    329. 

  329.     if (val)
    330. 

  330.         return (wolfSSL_LH_strhash(val->section) << 2) ^
    331. 

  331.                 wolfSSL_LH_strhash(val->name);
    332. 

  332.     else
    333. 

  333.         return 0;
    334. 

  334. }
    335. 

  335. 

  336. static int wolfssl_conf_value_cmp(const WOLFSSL_CONF_VALUE *a,
    337. 

  337.                                   const WOLFSSL_CONF_VALUE *b)
    338. 

  338. {
    339. 

  339.     int cmp_val;
    340. 

  340. 

  341.     if (!a || !b) {
    342. 

  342.         return WOLFSSL_FATAL_ERROR;
    343. 

  343.     }
    344. 

  344. 

  345.     if (a->section != b->section) {
    346. 

  346.         if ((cmp_val = XSTRCMP(a->section, b->section)) != 0) {
    347. 

  347.             return cmp_val;
    348. 

  348.         }
    349. 

  349.     }
    350. 

  350. 

  351.     if (a->name && b->name) {
    352. 

  352.         return XSTRCMP(a->name, b->name);
    353. 

  353.     }
    354. 

  354.     else if (a->name == b->name) {
    355. 

  355.         return 0;
    356. 

  356.     }
    357. 

  357.     else {
    358. 

  358.         return a->name ? 1 : -1;
    359. 

  359.     }
    360. 

  360. }
    361. 

  361. 

  362. /* Use SHA for hashing as OpenSSL uses a hash algorithm that is
    363. 

  363.  * "not as good as MD5, but still good" so using SHA should be more
    364. 

  364.  * than good enough for this application. The produced hashes don't
    365. 

  365.  * need to line up between OpenSSL and wolfSSL. The hashes are for
    366. 

  366.  * internal indexing only */
    367. 

  367. unsigned long wolfSSL_LH_strhash(const char *str)
    368. 

  368. {
    369. 

  369.     unsigned long ret = 0;
    370. 

  370. #ifndef NO_SHA
    371. 

  371.     wc_Sha sha;
    372. 

  372.     int strLen;
    373. 

  373.     byte digest[WC_SHA_DIGEST_SIZE];
    374. 

  374. #endif
    375. 

  375.     WOLFSSL_ENTER("wolfSSL_LH_strhash");
    376. 

  376. 

  377.     if (!str)
    378. 

  378.         return 0;
    379. 

  379. 

  380. #ifndef NO_SHA
    381. 

  381.     strLen = (int)XSTRLEN(str);
    382. 

  382. 

  383.     if (wc_InitSha_ex(&sha, NULL, 0) != 0) {
    384. 

  384.         WOLFSSL_MSG("SHA1 Init failed");
    385. 

  385.         return 0;
    386. 

  386.     }
    387. 

  387. 

  388.     ret = wc_ShaUpdate(&sha, (const byte *)str, (word32)strLen);
    389. 

  389.     if (ret != 0) {
    390. 

  390.         WOLFSSL_MSG("SHA1 Update failed");
    391. 

  391.     } else {
    392. 

  392.         ret = wc_ShaFinal(&sha, digest);
    393. 

  393.         if (ret != 0) {
    394. 

  394.             WOLFSSL_MSG("SHA1 Final failed");
    395. 

  395.         }
    396. 

  396.     }
    397. 

  397.     wc_ShaFree(&sha);
    398. 

  398.     if (ret != 0)
    399. 

  399.         return 0;
    400. 

  400. 

  401.     /* Take first 4 bytes in small endian as unsigned long */
    402. 

  402.     ret  =  (unsigned int)digest[0];
    403. 

  403.     ret |= ((unsigned int)digest[1] << 8 );
    404. 

  404.     ret |= ((unsigned int)digest[2] << 16);
    405. 

  405.     ret |= ((unsigned int)digest[3] << 24);
    406. 

  406. #else
    407. 

  407.     WOLFSSL_MSG("No SHA available for wolfSSL_LH_strhash");
    408. 

  408. #endif
    409. 

  409.     return ret;
    410. 

  410. }
    411. 

  411. 

  412. WOLFSSL_CONF_VALUE *wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(
    413. 

  413.         WOLF_LHASH_OF(WOLFSSL_CONF_VALUE) *sk, WOLFSSL_CONF_VALUE *data)
    414. 

  414. {
    415. 

  415.     WOLFSSL_ENTER("wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve");
    416. 

  416. 

  417.     if (!sk || !data) {
    418. 

  418.         WOLFSSL_MSG("Bad parameter");
    419. 

  419.         return NULL;
    420. 

  420.     }
    421. 

  421. 

  422.     return (WOLFSSL_CONF_VALUE*)wolfSSL_lh_retrieve(sk, data);
    423. 

  423. }
    424. 

  424. 

  425. int wolfSSL_CONF_modules_load(const WOLFSSL_CONF *cnf, const char *appname,
    426. 

  426.                       unsigned long flags)
    427. 

  427. {
    428. 

  428.     WOLFSSL_ENTER("wolfSSL_CONF_modules_load");
    429. 

  429.     WOLFSSL_MSG("All wolfSSL modules are already compiled in. "
    430. 

  430.                 "wolfSSL_CONF_modules_load doesn't load anything new.");
    431. 

  431.     (void)cnf;
    432. 

  432.     (void)appname;
    433. 

  433.     (void)flags;
    434. 

  434.     return WOLFSSL_SUCCESS;
    435. 

  435. }
    436. 

  436. 

  437. WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new(void)
    438. 

  438. {
    439. 

  439.     WOLFSSL_CONF_VALUE* ret;
    440. 

  440. 

  441.     WOLFSSL_ENTER("wolfSSL_CONF_new");
    442. 

  442. 

  443.     ret = (WOLFSSL_CONF_VALUE*)XMALLOC(sizeof(WOLFSSL_CONF_VALUE),
    444. 

  444.             NULL, DYNAMIC_TYPE_OPENSSL);
    445. 

  445.     if (ret)
    446. 

  446.         XMEMSET(ret, 0, sizeof(WOLFSSL_CONF_VALUE));
    447. 

  447.     return ret;
    448. 

  448. }
    449. 

  449. 

  450. int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf,
    451. 

  451.         WOLFSSL_CONF_VALUE *section, WOLFSSL_CONF_VALUE *value)
    452. 

  452. {
    453. 

  453.     WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
    454. 

  454. 

  455.     if (!conf || !section || !value) {
    456. 

  456.         WOLFSSL_MSG("Bad parameter");
    457. 

  457.         return WOLFSSL_FAILURE;
    458. 

  458.     }
    459. 

  459. 

  460.     sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value;
    461. 

  461.     value->section = section->section;
    462. 

  462. 

  463.     if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) {
    464. 

  464.         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
    465. 

  465.         return WOLFSSL_FAILURE;
    466. 

  466.     }
    467. 

  467.     if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) {
    468. 

  468.         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
    469. 

  469.         return WOLFSSL_FAILURE;
    470. 

  470.     }
    471. 

  471. 

  472.     return WOLFSSL_SUCCESS;
    473. 

  473. }
    474. 

  474. 

  475. WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf,
    476. 

  476.         const char *section)
    477. 

  477. {
    478. 

  478.     WOLFSSL_CONF_VALUE* ret = NULL;
    479. 

  479.     WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
    480. 

  480.     int slen;
    481. 

  481. 

  482.     WOLFSSL_ENTER("wolfSSL_CONF_new_section");
    483. 

  483. 

  484.     if (!conf || !section) {
    485. 

  485.         WOLFSSL_MSG("Bad parameter");
    486. 

  486.         return NULL;
    487. 

  487.     }
    488. 

  488. 

  489.     slen = (int)XSTRLEN(section);
    490. 

  490. 

  491.     if (!(ret = wolfSSL_CONF_VALUE_new())) {
    492. 

  492.         WOLFSSL_MSG("wolfSSL_CONF_new error");
    493. 

  493.         goto error;
    494. 

  494.     }
    495. 

  495. 

  496.     if (!(ret->section = (char*)XMALLOC(slen+1, NULL, DYNAMIC_TYPE_OPENSSL))) {
    497. 

  497.         WOLFSSL_MSG("section malloc error");
    498. 

  498.         goto error;
    499. 

  499.     }
    500. 

  500.     XMEMCPY(ret->section, section, slen+1);
    501. 

  501. 

  502.     if (!(sk = wolfSSL_sk_CONF_VALUE_new(NULL))) {
    503. 

  503.         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_new error");
    504. 

  504.         goto error;
    505. 

  505.     }
    506. 

  506. 

  507.     ret->value = (char*)sk;
    508. 

  508. 

  509.     if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) {
    510. 

  510.         WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error");
    511. 

  511.         goto error;
    512. 

  512.     }
    513. 

  513. 

  514.     return ret;
    515. 

  515. error:
    516. 

  516.     if (ret) {
    517. 

  517.         /* NULL so that wolfSSL_X509V3_conf_free doesn't attempt to free it */
    518. 

  518.         ret->value = NULL;
    519. 

  519.         wolfSSL_X509V3_conf_free(ret);
    520. 

  520.     }
    521. 

  521.     if (sk) {
    522. 

  522.         wolfSSL_sk_CONF_VALUE_free(sk);
    523. 

  523.     }
    524. 

  524.     return NULL;
    525. 

  525. }
    526. 

  526. 

  527. WOLFSSL_CONF_VALUE *wolfSSL_CONF_get_section(WOLFSSL_CONF *conf,
    528. 

  528.         const char *section)
    529. 

  529. {
    530. 

  530.     WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
    531. 

  531. 

  532.     WOLFSSL_ENTER("wolfSSL_CONF_get_section");
    533. 

  533. 

  534.     if (!conf || !section) {
    535. 

  535.         WOLFSSL_MSG("Bad parameter");
    536. 

  536.         return NULL;
    537. 

  537.     }
    538. 

  538. 

  539.     sk = conf->data;
    540. 

  540. 

  541.     while (sk) {
    542. 

  542.         WOLFSSL_CONF_VALUE* val = sk->data.conf;
    543. 

  543.         if (val) {
    544. 

  544.             if (!val->name && XSTRCMP(section, val->section) == 0) {
    545. 

  545.                 return val;
    546. 

  546.             }
    547. 

  547.         }
    548. 

  548.         sk = sk->next;
    549. 

  549.     }
    550. 

  550. 

  551.     return NULL;
    552. 

  552. }
    553. 

  553. 

  554. WOLFSSL_CONF *wolfSSL_NCONF_new(void *meth)
    555. 

  555. {
    556. 

  556.     WOLFSSL_CONF* ret;
    557. 

  557.     WOLFSSL_ENTER("wolfSSL_NCONF_new");
    558. 

  558. 

  559.     if (meth) {
    560. 

  560.         WOLFSSL_MSG("wolfSSL does not support CONF_METHOD");
    561. 

  561.     }
    562. 

  562. 

  563.     ret = (WOLFSSL_CONF*)XMALLOC(sizeof(WOLFSSL_CONF), NULL, DYNAMIC_TYPE_OPENSSL);
    564. 

  564.     if (ret) {
    565. 

  565.         XMEMSET(ret, 0, sizeof(WOLFSSL_CONF));
    566. 

  566.         ret->data = wolfSSL_sk_CONF_VALUE_new(NULL);
    567. 

  567.         if (!ret->data) {
    568. 

  568.             wolfSSL_NCONF_free(ret);
    569. 

  569.             return NULL;
    570. 

  570.         }
    571. 

  571.     }
    572. 

  572.     return ret;
    573. 

  573. }
    574. 

  574. 

  575. char *wolfSSL_NCONF_get_string(const WOLFSSL_CONF *conf,
    576. 

  576.         const char *group, const char *name)
    577. 

  577. {
    578. 

  578.     WOLFSSL_CONF_VALUE find_val;
    579. 

  579.     WOLFSSL_CONF_VALUE *val;
    580. 

  580.     WOLFSSL_ENTER("wolfSSL_NCONF_get_string");
    581. 

  581. 

  582.     if (!conf) {
    583. 

  583. #ifdef HAVE_SECURE_GETENV
    584. 

  584.         return secure_getenv(name);
    585. 

  585. #else
    586. 

  586.         WOLFSSL_MSG("Missing secure_getenv");
    587. 

  587.         return NULL;
    588. 

  588. #endif
    589. 

  589.     }
    590. 

  590. 

  591.     find_val.name = (char *)name;
    592. 

  592.     if (group) {
    593. 

  593.         find_val.section = (char *)group;
    594. 

  594.         val = wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(conf->data, &find_val);
    595. 

  595.         if (val)
    596. 

  596.             return val->value;
    597. 

  597.         if (XSTRCMP(group, "ENV") == 0) {
    598. 

  598. #ifdef HAVE_SECURE_GETENV
    599. 

  599.             return secure_getenv(name);
    600. 

  600. #else
    601. 

  601.         WOLFSSL_MSG("Missing secure_getenv");
    602. 

  602.             return NULL;
    603. 

  603. #endif
    604. 

  604.         }
    605. 

  605.     }
    606. 

  606. 

  607.     find_val.section = (char *)"default";
    608. 

  608.     val = wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(conf->data, &find_val);
    609. 

  609.     if (val)
    610. 

  610.         return val->value;
    611. 

  611.     else
    612. 

  612.         return NULL;
    613. 

  613. }
    614. 

  614. 

  615. int wolfSSL_NCONF_get_number(const CONF *conf, const char *group,
    616. 

  616.         const char *name, long *result)
    617. 

  617. {
    618. 

  618.     char *str;
    619. 

  619.     WOLFSSL_ENTER("wolfSSL_NCONF_get_number");
    620. 

  620. 

  621.     if (!conf || !name || !result) {
    622. 

  622.         WOLFSSL_MSG("Bad parameter");
    623. 

  623.         return WOLFSSL_FAILURE;
    624. 

  624.     }
    625. 

  625. 

  626.     if (!(str = wolfSSL_NCONF_get_string(conf, group, name))) {
    627. 

  627.         WOLFSSL_MSG("wolfSSL_NCONF_get_string error");
    628. 

  628.         return WOLFSSL_FAILURE;
    629. 

  629.     }
    630. 

  630. 

  631.     *result = atol(str);
    632. 

  632.     return WOLFSSL_SUCCESS;
    633. 

  633. }
    634. 

  634. 

  635. /**
    636. 

  636.  * The WOLFSSL_CONF->value member is treated as a
    637. 

  637.  * WOLFSSL_STACK_OF(WOLFSSL_CONF_VALUE) which becomes
    638. 

  638.  * the return value.
    639. 

  639.  * @param conf
    640. 

  640.  * @param section
    641. 

  641.  * @return WOLFSSL_STACK_OF(WOLFSSL_CONF_VALUE)
    642. 

  642.  */
    643. 

  643. WOLFSSL_STACK *wolfSSL_NCONF_get_section(
    644. 

  644.         const WOLFSSL_CONF *conf, const char *section)
    645. 

  645. {
    646. 

  646.     WOLFSSL_CONF_VALUE *val;
    647. 

  647.     WOLFSSL_CONF_VALUE find_val;
    648. 

  648. 

  649.     WOLFSSL_ENTER("wolfSSL_NCONF_get_section");
    650. 

  650. 

  651.     if (!conf || !section) {
    652. 

  652.         WOLFSSL_MSG("Bad parameter");
    653. 

  653.         return NULL;
    654. 

  654.     }
    655. 

  655. 

  656.     find_val.name = NULL;
    657. 

  657.     find_val.section = (char*)section;
    658. 

  658.     val = wolfSSL_lh_WOLFSSL_CONF_VALUE_retrieve(conf->data, &find_val);
    659. 

  659.     if (val)
    660. 

  660.         return (WOLFSSL_STACK*)val->value;
    661. 

  661.     else
    662. 

  662.         return NULL;
    663. 

  663. }
    664. 

  664. 

  665. #if  !defined(NO_BIO)
    666. 

  666. static WOLFSSL_CONF_VALUE *wolfSSL_CONF_VALUE_new_values(char* section,
    667. 

  667.         char* name, char* value)
    668. 

  668. {
    669. 

  669.     WOLFSSL_CONF_VALUE* ret;
    670. 

  670.     int len;
    671. 

  671. 

  672.     WOLFSSL_ENTER("wolfSSL_CONF_VALUE_new_values");
    673. 

  673. 

  674.     if (!(ret = wolfSSL_CONF_VALUE_new())) {
    675. 

  675.         WOLFSSL_MSG("wolfSSL_CONF_VALUE_new error");
    676. 

  676.         return NULL;
    677. 

  677.     }
    678. 

  678. 

  679.     if (section) {
    680. 

  680.         len = (int)XSTRLEN(section);
    681. 

  681.         ret->section = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
    682. 

  682.         if (!ret->section) {
    683. 

  683.             WOLFSSL_MSG("malloc error");
    684. 

  684.             wolfSSL_X509V3_conf_free(ret);
    685. 

  685.             return NULL;
    686. 

  686.         }
    687. 

  687.         XMEMCPY(ret->section, section, len+1);
    688. 

  688.     }
    689. 

  689. 

  690.     if (name) {
    691. 

  691.         len = (int)XSTRLEN(name);
    692. 

  692.         ret->name = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
    693. 

  693.         if (!ret->name) {
    694. 

  694.             WOLFSSL_MSG("malloc error");
    695. 

  695.             wolfSSL_X509V3_conf_free(ret);
    696. 

  696.             return NULL;
    697. 

  697.         }
    698. 

  698.         XMEMCPY(ret->name, name, len+1);
    699. 

  699.     }
    700. 

  700. 

  701.     if (value) {
    702. 

  702.         len = (int)XSTRLEN(value);
    703. 

  703.         ret->value = (char*)XMALLOC(len+1, NULL, DYNAMIC_TYPE_OPENSSL);
    704. 

  704.         if (!ret->value) {
    705. 

  705.             WOLFSSL_MSG("malloc error");
    706. 

  706.             wolfSSL_X509V3_conf_free(ret);
    707. 

  707.             return NULL;
    708. 

  708.         }
    709. 

  709.         XMEMCPY(ret->value, value, len+1);
    710. 

  710.     }
    711. 

  711. 

  712.     return ret;
    713. 

  713. }
    714. 

  714. 

  715. static char* expandValue(WOLFSSL_CONF *conf, const char* section,
    716. 

  716.         char *str)
    717. 

  717. {
    718. 

  718.     int strLen = (int)XSTRLEN(str);
    719. 

  719.     char* ret = NULL;
    720. 

  720. 

  721.     /* Check to see if there is anything to expand */
    722. 

  722.     if (XSTRNSTR(str, "$", strLen)) {
    723. 

  723.         int idx = 0;
    724. 

  724.         char* strIdx = str;
    725. 

  725.         ret = (char*)XMALLOC(strLen + 1, NULL, DYNAMIC_TYPE_OPENSSL);
    726. 

  726.         if (!ret) {
    727. 

  727.             WOLFSSL_MSG("malloc error");
    728. 

  728.             return str;
    729. 

  729.         }
    730. 

  730. 

  731.         while (*strIdx) {
    732. 

  732.             if (*strIdx == '$') {
    733. 

  733.                 /* Expand variable */
    734. 

  734.                 char* startIdx = ++strIdx;
    735. 

  735.                 char* endIdx;
    736. 

  736.                 const char* s = section;
    737. 

  737.                 const char* value;
    738. 

  738.                 char prevValue;
    739. 

  739. 

  740.                 if (*startIdx == '{') {
    741. 

  741.                     /* First read the section.
    742. 

  742.                      * format: ${section_name::var_name} */
    743. 

  743.                     s = ++startIdx;
    744. 

  744.                     while (*strIdx && *strIdx != ':') strIdx++;
    745. 

  745.                     if (!*strIdx || s == strIdx || strIdx[1] != ':') {
    746. 

  746.                         WOLFSSL_MSG("invalid section name in "
    747. 

  747.                                     "variable expansion");
    748. 

  748.                         goto expand_cleanup;
    749. 

  749.                     }
    750. 

  750.                     *strIdx = '\0';
    751. 

  751.                     strIdx += 2;
    752. 

  752.                     startIdx = strIdx;
    753. 

  753.                 }
    754. 

  754.                 while (*strIdx && (XISALNUM(*strIdx) || *strIdx == '_'))
    755. 

  755.                     strIdx++;
    756. 

  756.                 endIdx = strIdx;
    757. 

  757.                 if (startIdx == endIdx) {
    758. 

  758.                     WOLFSSL_MSG("invalid variable name in config");
    759. 

  759.                     goto expand_cleanup;
    760. 

  760.                 }
    761. 

  761.                 if (s != section) {
    762. 

  762.                     /* We are expecting a trailing '}' */
    763. 

  763.                     if (*strIdx != '}') {
    764. 

  764.                         WOLFSSL_MSG("Missing '}' in variable");
    765. 

  765.                         goto expand_cleanup;
    766. 

  766.                     }
    767. 

  767.                     strIdx++;
    768. 

  768.                 }
    769. 

  769.                 /* Save char value at the end of the name so that we can place
    770. 

  770.                  * a null char there. */
    771. 

  771.                 prevValue = *endIdx;
    772. 

  772.                 *endIdx = '\0';
    773. 

  773.                 value = wolfSSL_NCONF_get_string(conf, s, startIdx);
    774. 

  774.                 *endIdx = prevValue;
    775. 

  775.                 /* Skip copy if no value or zero-length value */
    776. 

  776.                 if (value && *value) {
    777. 

  777.                     int valueLen = (int)XSTRLEN(value);
    778. 

  778.                     char* newRet;
    779. 

  779.                     /* This will allocate slightly more memory than necessary
    780. 

  780.                      * but better be safe */
    781. 

  781.                     strLen += valueLen;
    782. 

  782.                     newRet = (char*)XREALLOC(ret, strLen + 1, NULL,
    783. 

  783.                             DYNAMIC_TYPE_OPENSSL);
    784. 

  784.                     if (!newRet) {
    785. 

  785.                         WOLFSSL_MSG("realloc error");
    786. 

  786.                         goto expand_cleanup;
    787. 

  787.                     }
    788. 

  788.                     ret = newRet;
    789. 

  789.                     XMEMCPY(ret + idx, value, valueLen);
    790. 

  790.                     idx += valueLen;
    791. 

  791.                 }
    792. 

  792.             }
    793. 

  793.             else {
    794. 

  794.                 ret[idx++] = *strIdx++;
    795. 

  795.             }
    796. 

  796.         }
    797. 

  797.         ret[idx] = '\0';
    798. 

  798.     }
    799. 

  799. 

  800.     return ret ? ret : str;
    801. 

  801. 

  802. expand_cleanup:
    803. 

  803.     if (ret)
    804. 

  804.         XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL);
    805. 

  805.     return NULL;
    806. 

  806. }
    807. 

  807. 

  808. #define SKIP_WHITESPACE(idx, max_idx) \
    809. 

  809.     while ((idx) < (max_idx) && (*(idx) == ' ' || *(idx) == '\t'))      \
    810. 

  810.         {(idx)++;}
    811. 

  811. int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline)
    812. 

  812. {
    813. 

  813.     int ret = WOLFSSL_FAILURE;
    814. 

  814.     WOLFSSL_BIO *in = NULL;
    815. 

  815.     char* buf = NULL;
    816. 

  816.     char* idx = NULL;
    817. 

  817.     char* bufEnd = NULL;
    818. 

  818.     CONF_VALUE* section = NULL;
    819. 

  819.     long line = 0;
    820. 

  820.     int bufLen = 0;
    821. 

  821. 

  822.     if (!conf || !file) {
    823. 

  823.         WOLFSSL_MSG("Bad parameter");
    824. 

  824.         return WOLFSSL_FAILURE;
    825. 

  825.     }
    826. 

  826. 

  827.     /* Open file */
    828. 

  828.     if (!(in = wolfSSL_BIO_new_file(file, "rb"))) {
    829. 

  829.         WOLFSSL_MSG("wolfSSL_BIO_new_file error");
    830. 

  830.         return WOLFSSL_FAILURE;
    831. 

  831.     }
    832. 

  832. 

  833.     /* Read file */
    834. 

  834.     bufLen = wolfSSL_BIO_get_len(in);
    835. 

  835.     if (bufLen <= 0) {
    836. 

  836.         WOLFSSL_MSG("wolfSSL_BIO_get_len error");
    837. 

  837.         goto cleanup;
    838. 

  838.     }
    839. 

  839.     if (!(buf = (char*)XMALLOC(bufLen + 1, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
    840. 

  840.         WOLFSSL_MSG("malloc error");
    841. 

  841.         goto cleanup;
    842. 

  842.     }
    843. 

  843.     if (wolfSSL_BIO_read(in, buf, bufLen) != bufLen) {
    844. 

  844.         WOLFSSL_MSG("wolfSSL_BIO_read error");
    845. 

  845.         goto cleanup;
    846. 

  846.     }
    847. 

  847. 

  848.     if (!(section = wolfSSL_CONF_new_section(conf, "default"))) {
    849. 

  849.         WOLFSSL_MSG("wolfSSL_CONF_new_section error");
    850. 

  850.         goto cleanup;
    851. 

  851.     }
    852. 

  852. 

  853.     /* LETS START READING SOME CONFIGS */
    854. 

  854.     idx = buf;
    855. 

  855.     bufEnd = buf + bufLen;
    856. 

  856.     while (idx < bufEnd) {
    857. 

  857.         char* lineEnd = XSTRNSTR(idx, "\n", (unsigned int)(bufEnd - idx));
    858. 

  858.         char* maxIdx;
    859. 

  859.         if (!lineEnd)
    860. 

  860.             lineEnd = bufEnd; /* Last line in file */
    861. 

  861.         maxIdx = XSTRNSTR(idx, "#", (unsigned int)(lineEnd - idx));
    862. 

  862.         if (!maxIdx)
    863. 

  863.             maxIdx = lineEnd;
    864. 

  864.         line++;
    865. 

  865.         SKIP_WHITESPACE(idx, maxIdx);
    866. 

  866.         if (idx == maxIdx) {
    867. 

  867.             /* Empty line */
    868. 

  868.             idx = lineEnd + 1;
    869. 

  869.             continue;
    870. 

  870.         }
    871. 

  871. 

  872.         if (*idx == '[') {
    873. 

  873.             /* New section. Spaces not allowed in section name. */
    874. 

  874.             char* sectionName;
    875. 

  875.             int sectionNameLen;
    876. 

  876. 

  877.             if (idx < maxIdx)
    878. 

  878.                 idx++;
    879. 

  879.             else {
    880. 

  880.                 WOLFSSL_MSG("Invalid section definition.");
    881. 

  881.                 goto cleanup;
    882. 

  882.             }
    883. 

  883. 

  884.             SKIP_WHITESPACE(idx, maxIdx);
    885. 

  885.             sectionName = idx;
    886. 

  886.             /* Find end of section name */
    887. 

  887.             while (idx < maxIdx && *idx != ' ' && *idx != ']')
    888. 

  888.                 idx++;
    889. 

  889.             sectionNameLen = (int)(idx - sectionName);
    890. 

  890.             SKIP_WHITESPACE(idx, maxIdx);
    891. 

  891. 

  892.             if (*idx != ']') {
    893. 

  893.                 WOLFSSL_MSG("Section definition error. "
    894. 

  894.                             "Closing brace not found.");
    895. 

  895.                 goto cleanup;
    896. 

  896.             }
    897. 

  897. 

  898.             sectionName[sectionNameLen] = '\0';
    899. 

  899.             if (!(section = wolfSSL_CONF_get_section(conf, sectionName))) {
    900. 

  900.                 section = wolfSSL_CONF_new_section(conf, sectionName);
    901. 

  901.                 if (!section)
    902. 

  902.                     goto cleanup;
    903. 

  903.             }
    904. 

  904.         }
    905. 

  905.         else {
    906. 

  906.             char* name;
    907. 

  907.             int   nameLen;
    908. 

  908.             char* value;
    909. 

  909.             char* exValue; /* expanded value */
    910. 

  910.             int   valueLen;
    911. 

  911.             WOLFSSL_CONF_VALUE* newVal = NULL;
    912. 

  912. 

  913.             SKIP_WHITESPACE(idx, maxIdx);
    914. 

  914.             name = idx;
    915. 

  915.             /* Find end of name */
    916. 

  916.             while (idx < maxIdx && *idx != ' ' && *idx != '=')
    917. 

  917.                 idx++;
    918. 

  918.             nameLen = (int)(idx - name);
    919. 

  919.             SKIP_WHITESPACE(idx, maxIdx);
    920. 

  920.             if (*idx != '=') {
    921. 

  921.                 WOLFSSL_MSG("Missing equals sign");
    922. 

  922.                 goto cleanup;
    923. 

  923.             }
    924. 

  924.             idx++;
    925. 

  925.             SKIP_WHITESPACE(idx, maxIdx);
    926. 

  926.             value = idx;
    927. 

  927.             /* Find end of value */
    928. 

  928.             idx = maxIdx-1;
    929. 

  929.             while (idx >= value && (*idx == ' ' || *idx == '\t' || *idx == '\r'))
    930. 

  930.                 idx--;
    931. 

  931.             valueLen = (int)(idx - value + 1);
    932. 

  932. 

  933.             /* Sanity checks */
    934. 

  934.             if (nameLen <= 0 || valueLen <= 0) {
    935. 

  935.                 WOLFSSL_MSG("Sanity checks failed");
    936. 

  936.                 goto cleanup;
    937. 

  937.             }
    938. 

  938.             name[nameLen] = '\0';
    939. 

  939.             value[valueLen] = '\0';
    940. 

  940. 

  941.             if (!(exValue = expandValue(conf, section->section, value))) {
    942. 

  942.                 WOLFSSL_MSG("Variable expansion failed");
    943. 

  943.                 goto cleanup;
    944. 

  944.             }
    945. 

  945. 

  946.             if (!(newVal = wolfSSL_CONF_VALUE_new_values(NULL,
    947. 

  947.                     name, exValue))) {
    948. 

  948.                 WOLFSSL_MSG("wolfSSL_CONF_VALUE_new_values error");
    949. 

  949.                 if (exValue != value)
    950. 

  950.                     XFREE(exValue, NULL, DYNAMIC_TYPE_OPENSSL);
    951. 

  951.                 goto cleanup;
    952. 

  952.             }
    953. 

  953. 

  954.             if (exValue != value)
    955. 

  955.                 XFREE(exValue, NULL, DYNAMIC_TYPE_OPENSSL);
    956. 

  956. 

  957.             if (wolfSSL_CONF_add_string(conf, section, newVal) !=
    958. 

  958.                     WOLFSSL_SUCCESS) {
    959. 

  959.                 WOLFSSL_MSG("wolfSSL_CONF_add_string error");
    960. 

  960.                 goto cleanup;
    961. 

  961.             }
    962. 

  962.         }
    963. 

  963.         idx = lineEnd + 1;
    964. 

  964.     }
    965. 

  965. 

  966.     ret = WOLFSSL_SUCCESS;
    967. 

  967. cleanup:
    968. 

  968.     if (in)
    969. 

  969.         wolfSSL_BIO_free(in);
    970. 

  970.     if (buf)
    971. 

  971.         XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    972. 

  972.     if (eline)
    973. 

  973.         *eline = line;
    974. 

  974.     return ret;
    975. 

  975. }
    976. 

  976. #endif /* !NO_BIO */
    977. 

  977. 

  978. void wolfSSL_NCONF_free(WOLFSSL_CONF *conf)
    979. 

  979. {
    980. 

  980.     WOLFSSL_ENTER("wolfSSL_NCONF_free");
    981. 

  981.     if (conf) {
    982. 

  982.         wolfSSL_sk_CONF_VALUE_free(conf->data);
    983. 

  983.         XFREE(conf, NULL, DYNAMIC_TYPE_OPENSSL);
    984. 

  984.     }
    985. 

  985. }
    986. 

  986. 

  987. void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val)
    988. 

  988. {
    989. 

  989.     WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *sk = NULL;
    990. 

  990. 

  991.     if (val) {
    992. 

  992.         if (val->name) {
    993. 

  993.             /* Not a section. Don't free section as it is a shared pointer. */
    994. 

  994.             XFREE(val->name, NULL, DYNAMIC_TYPE_OPENSSL);
    995. 

  995.             if (val->value)
    996. 

  996.                 XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL);
    997. 

  997.         }
    998. 

  998.         else {
    999. 

  999.             /* Section so val->value is a stack */
    1000. 

  1000.             if (val->section)
    1001. 

  1001.                 XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL);
    1002. 

  1002.             /* Only free the stack structures. The contained conf values
    1003. 

  1003.              * will be freed in wolfSSL_NCONF_free */
    1004. 

  1004.             sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value;
    1005. 

  1005.             while (sk) {
    1006. 

  1006.                 WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *tmp = sk->next;
    1007. 

  1007.                 XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
    1008. 

  1008.                 sk = tmp;
    1009. 

  1009.             }
    1010. 

  1010.         }
    1011. 

  1011.         XFREE(val, NULL, DYNAMIC_TYPE_OPENSSL);
    1012. 

  1012.     }
    1013. 

  1013. }
    1014. 

  1014. 

  1015. WOLFSSL_STACK *wolfSSL_sk_CONF_VALUE_new(wolf_sk_compare_cb compFunc)
    1016. 

  1016. {
    1017. 

  1017.     WOLFSSL_STACK* ret;
    1018. 

  1018.     WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_new");
    1019. 

  1019.     ret = wolfSSL_sk_new_node(NULL);
    1020. 

  1020.     if (!ret)
    1021. 

  1021.         return NULL;
    1022. 

  1022.     ret->comp = compFunc ? compFunc : (wolf_sk_compare_cb)wolfssl_conf_value_cmp;
    1023. 

  1023.     ret->hash_fn = (wolf_sk_hash_cb)wolfSSL_CONF_VALUE_hash;
    1024. 

  1024.     ret->type = STACK_TYPE_CONF_VALUE;
    1025. 

  1025.     return ret;
    1026. 

  1026. }
    1027. 

  1027. 

  1028. /* Free the structure for WOLFSSL_CONF_VALUE stack
    1029. 

  1029.  *
    1030. 

  1030.  * sk  stack to free nodes in
    1031. 

  1031.  */
    1032. 

  1032. void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk)
    1033. 

  1033. {
    1034. 

  1034.     WOLFSSL_STACK* tmp;
    1035. 

  1035.     WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_free");
    1036. 

  1036. 

  1037.     if (sk == NULL)
    1038. 

  1038.         return;
    1039. 

  1039. 

  1040.     /* parse through stack freeing each node */
    1041. 

  1041.     while (sk) {
    1042. 

  1042.         tmp = sk->next;
    1043. 

  1043.         wolfSSL_X509V3_conf_free(sk->data.conf);
    1044. 

  1044.         XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
    1045. 

  1045.         sk = tmp;
    1046. 

  1046.     }
    1047. 

  1047. }
    1048. 

  1048. 

  1049. int wolfSSL_sk_CONF_VALUE_num(const WOLFSSL_STACK *sk)
    1050. 

  1050. {
    1051. 

  1051.     WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_num");
    1052. 

  1052.     if (sk)
    1053. 

  1053.         return wolfSSL_sk_num(sk);
    1054. 

  1054.     return 0;
    1055. 

  1055. }
    1056. 

  1056. 

  1057. WOLFSSL_CONF_VALUE *wolfSSL_sk_CONF_VALUE_value(const WOLFSSL_STACK *sk, int i)
    1058. 

  1058. {
    1059. 

  1059.     WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_value");
    1060. 

  1060.     if (sk)
    1061. 

  1061.         return (WOLFSSL_CONF_VALUE*)wolfSSL_sk_value(sk, i);
    1062. 

  1062.     return NULL;
    1063. 

  1063. }
    1064. 

  1064. 

  1065. /* return 1 on success 0 on fail */
    1066. 

  1066. int wolfSSL_sk_CONF_VALUE_push(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk,
    1067. 

  1067.         WOLFSSL_CONF_VALUE* val)
    1068. 

  1068. {
    1069. 

  1069.     WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_push");
    1070. 

  1070. 

  1071.     if (sk == NULL || val == NULL) {
    1072. 

  1072.         return WOLFSSL_FAILURE;
    1073. 

  1073.     }
    1074. 

  1074. 

  1075.     return wolfSSL_sk_push(sk, val);
    1076. 

  1076. }
    1077. 

  1077. 

  1078. #endif /* !NO_CERTS && OPENSSL_EXTRA && OPENSSL_ALL */
    1079. 

  1079. 

  1080. #ifdef OPENSSL_EXTRA
    1081. 

  1081. #ifndef NO_WOLFSSL_STUB
    1082. 

  1082. /* Returns default file name and path of config file. However
    1083. 

  1083.    a wolfssl.cnf file is not currently supported */
    1084. 

  1084. char* wolfSSL_CONF_get1_default_config_file(void)
    1085. 

  1085. {
    1086. 

  1086.     WOLFSSL_ENTER("wolfSSL_CONF_get1_default_config_file");
    1087. 

  1087.     WOLFSSL_STUB("CONF_get1_default_config_file");
    1088. 

  1088.     return NULL;
    1089. 

  1089. }
    1090. 

  1090. #endif
    1091. 

  1091. 

  1092. /**
    1093. 

  1093.  * Allocate WOLFSSL_CONF_CTX instance
    1094. 

  1094.  * @return pointer to WOLFSSL_CONF_CTX structure on success and NULL on fail
    1095. 

  1095.  */
    1096. 

  1096. WOLFSSL_CONF_CTX* wolfSSL_CONF_CTX_new(void)
    1097. 

  1097. {
    1098. 

  1098.     WOLFSSL_CONF_CTX* cctx;
    1099. 

  1099. 

  1100.     WOLFSSL_ENTER("wolfSSL_CONF_CTX_new");
    1101. 

  1101. 

  1102.     cctx = (WOLFSSL_CONF_CTX*)XMALLOC(sizeof(WOLFSSL_CONF_CTX), NULL,
    1103. 

  1103.                                                     DYNAMIC_TYPE_OPENSSL);
    1104. 

  1104.     if (!cctx) {
    1105. 

  1105.         WOLFSSL_MSG("malloc error");
    1106. 

  1106.         return NULL;
    1107. 

  1107.     }
    1108. 

  1108.     XMEMSET(cctx, 0, sizeof(WOLFSSL_CONF_CTX));
    1109. 

  1109. 

  1110.     return cctx;
    1111. 

  1111. }
    1112. 

  1112. /**
    1113. 

  1113.  * Release WOLFSSL_CONF_CTX instance
    1114. 

  1114.  * @param cctx a pointer to WOLFSSL_CONF_CTX structure to be freed
    1115. 

  1115.  */
    1116. 

  1116. void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx)
    1117. 

  1117. {
    1118. 

  1118.     WOLFSSL_ENTER("wolfSSL_CONF_CTX_free");
    1119. 

  1119. 

  1120.     if (cctx) {
    1121. 

  1121.         XFREE(cctx, NULL, DYNAMIC_TYPE_OPENSSL);
    1122. 

  1122.     }
    1123. 

  1123.     WOLFSSL_LEAVE("wolfSSL_CONF_CTX_free", 1);
    1124. 

  1124. }
    1125. 

  1125. /**
    1126. 

  1126.  * Set WOLFSSL_CTX instance to WOLFSSL_CONF_CTX
    1127. 

  1127.  * @param cctx a pointer to WOLFSSL_CONF_CTX structure to set a WOLFSSL_CTX
    1128. 

  1128.  *             pointer to its ctx
    1129. 

  1129.  * @param ctx  a pointer to WOLFSSL_CTX structure to be set
    1130. 

  1130.  */
    1131. 

  1131. void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx)
    1132. 

  1132. {
    1133. 

  1133.     WOLFSSL_ENTER("wolfSSL_CONF_CTX_set_ssl_ctx");
    1134. 

  1134. 

  1135.     /* sanity check */
    1136. 

  1136.     if (cctx == NULL) {
    1137. 

  1137.         WOLFSSL_MSG("cctx is null");
    1138. 

  1138.         return;
    1139. 

  1139.     }
    1140. 

  1140. 

  1141.     cctx->ctx = ctx;
    1142. 

  1142.     WOLFSSL_LEAVE("wolfSSL_CONF_CTX_set_ssl_ctx", 1);
    1143. 

  1143. }
    1144. 

  1144. /**
    1145. 

  1145.  * set flag value into WOLFSSL_CONF_CTX
    1146. 

  1146.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure to be set
    1147. 

  1147.  * @param flags falg value to be OR'd
    1148. 

  1148.  * @return OR'd flag value, otherwise 0
    1149. 

  1149.  */
    1150. 

  1150. unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx,
    1151. 

  1151.                                                             unsigned int flags)
    1152. 

  1152. {
    1153. 

  1153.     /* sanity check */
    1154. 

  1154.     if (cctx == NULL)
    1155. 

  1155.         return 0;
    1156. 

  1156. 

  1157.     cctx->flags |= flags;
    1158. 

  1158.     return cctx->flags;
    1159. 

  1159. }
    1160. 

  1160. 

  1161. /**
    1162. 

  1162.  * finish configuration command operation
    1163. 

  1163.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure to be set
    1164. 

  1164.  * @return WOLFSSL_SUCCESS on success
    1165. 

  1165.  */
    1166. 

  1166. int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx)
    1167. 

  1167. {
    1168. 

  1168.     (void)cctx;
    1169. 

  1169.     return WOLFSSL_SUCCESS;
    1170. 

  1170. }
    1171. 

  1171. /*
    1172. 

  1172.  * The following definitions and static functions are used for
    1173. 

  1173.  * wolfSSL_CONF_cmd() to handle command.
    1174. 

  1174.  *
    1175. 

  1175.  * Definitions below are a part of conf_cmds_tbl[] contents.
    1176. 

  1176.  *  WOLFSSL_CONF_FILE_CMDx  represents command name in configuration file
    1177. 

  1177.  *  WOLFSSL_CONF_CMDL_CMDx  represents command name on command line
    1178. 

  1178.  *
    1179. 

  1179.  * The static functions after the definition section process
    1180. 

  1180.  *                 those FILE or CMDL which are defined in the conf_cmds_tbl.
    1181. 

  1181.  *
    1182. 

  1182.  * To add a new command handling:
    1183. 

  1183.  *  1. Add new #define to a section of WOLFSSL_CONF_FILE_CMD* and
    1184. 

  1184.  *                                      WOLFSSL_CONF_CMDL_CMD*
    1185. 

  1185.  *  2. Add new static function after #define section, before
    1186. 

  1186.  *                      "typedef struct conf_cmd_tbl {" line
    1187. 

  1187.  *  3. Add new entry to conf_cmds_tbl[] by following other command entries
    1188. 

  1188.  */
    1189. 

  1189. #define WOLFSSL_CONF_FILE_CMD1  "Curves"
    1190. 

  1190. #define WOLFSSL_CONF_FILE_CMD2  "Certificate"
    1191. 

  1191. #define WOLFSSL_CONF_FILE_CMD3  "PrivateKey"
    1192. 

  1192. #define WOLFSSL_CONF_FILE_CMD4  "Protocol"
    1193. 

  1193. #define WOLFSSL_CONF_FILE_CMD5  "Options"
    1194. 

  1194. #define WOLFSSL_CONF_FILE_CMD6  "ServerInfoFile"
    1195. 

  1195. #define WOLFSSL_CONF_FILE_CMD7  "SignatureAlgorithms"
    1196. 

  1196. #define WOLFSSL_CONF_FILE_CMD8  "ClientSignatureAlgorithms"
    1197. 

  1197. #define WOLFSSL_CONF_FILE_CMD9  "CipherString"
    1198. 

  1198. 

  1199. #define WOLFSSL_CONF_CMDL_CMD1  "curves"
    1200. 

  1200. #define WOLFSSL_CONF_CMDL_CMD2  "cert"
    1201. 

  1201. #define WOLFSSL_CONF_CMDL_CMD3  "key"
    1202. 

  1202. #define WOLFSSL_CONF_CMDL_CMD4  NULL
    1203. 

  1203. #define WOLFSSL_CONF_CMDL_CMD5  NULL
    1204. 

  1204. #define WOLFSSL_CONF_CMDL_CMD6  NULL
    1205. 

  1205. #define WOLFSSL_CONF_CMDL_CMD7  "sigalgs"
    1206. 

  1206. #define WOLFSSL_CONF_CMDL_CMD8  "client_sigalgs"
    1207. 

  1207. #define WOLFSSL_CONF_CMDL_CMD9  "cipher"
    1208. 

  1208. 

  1209. #if !defined(NO_DH) && !defined(NO_BIO)
    1210. 

  1210. #define WOLFSSL_CONF_FILE_CMD10 "DHParameters"
    1211. 

  1211. #define WOLFSSL_CONF_CMDL_CMD10 "dhparam"
    1212. 

  1212. #endif
    1213. 

  1213. 

  1214. #ifdef HAVE_ECC
    1215. 

  1215. #define WOLFSSL_CONF_FILE_CMD11 "ECDHParameters"
    1216. 

  1216. #define WOLFSSL_CONF_CMDL_CMD11 "named_curves"
    1217. 

  1217. #endif
    1218. 

  1218. 

  1219. /**
    1220. 

  1220.  * process Cipher String command
    1221. 

  1221.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
    1222. 

  1222.  * @param value arguments for cmd
    1223. 

  1223.  * @return WOLFSSL_SUCCESS on success,
    1224. 

  1224.  *     otherwise WOLFSSL_FAILURE or
    1225. 

  1225.  *               -3 if value is null or
    1226. 

  1226.  *               negative value on other failure
    1227. 

  1227.  */
    1228. 

  1228. static int cmdfunc_cipherstring(WOLFSSL_CONF_CTX* cctx, const char* value)
    1229. 

  1229. {
    1230. 

  1230.     int ret = -3;
    1231. 

  1231. 

  1232.     WOLFSSL_ENTER("cmdfunc_cipherstring");
    1233. 

  1233. 

  1234.      /* sanity check */
    1235. 

  1235.     if (cctx == NULL)
    1236. 

  1236.         return WOLFSSL_FAILURE;
    1237. 

  1237. 

  1238.     if (value == NULL) {
    1239. 

  1239.         WOLFSSL_MSG("bad arguments");
    1240. 

  1240.         return ret;
    1241. 

  1241.     }
    1242. 

  1242. 

  1243.     if (cctx->ctx) {
    1244. 

  1244.         ret = wolfSSL_CTX_set_cipher_list(cctx->ctx, value);
    1245. 

  1245.     }
    1246. 

  1246. 

  1247.     if (((cctx->ctx  && ret == WOLFSSL_SUCCESS) ||
    1248. 

  1248.          (!cctx->ctx && ret == -3)) &&
    1249. 

  1249.         cctx->ssl) {
    1250. 

  1250.         ret = wolfSSL_set_cipher_list(cctx->ssl, value);
    1251. 

  1251.     }
    1252. 

  1252. 

  1253.     WOLFSSL_LEAVE("cmdfunc_cipherstring", ret);
    1254. 

  1254.     return ret;
    1255. 

  1255. }
    1256. 

  1256. 

  1257. /**
    1258. 

  1258.  * process curves command
    1259. 

  1259.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
    1260. 

  1260.  * @param value arguments for cmd
    1261. 

  1261.  * @return WOLFSSL_SUCCESS on success,
    1262. 

  1262.  *     otherwise WOLFSSL_FAILURE or
    1263. 

  1263.  *               -3 if value is null or
    1264. 

  1264.  *               negative value on other failure
    1265. 

  1265.  */
    1266. 

  1266. #if defined(HAVE_ECC)
    1267. 

  1267. static int cmdfunc_curves(WOLFSSL_CONF_CTX* cctx, const char* value)
    1268. 

  1268. {
    1269. 

  1269.     int ret = -3;
    1270. 

  1270. 

  1271.     WOLFSSL_ENTER("cmdfunc_curves");
    1272. 

  1272. 

  1273.      /* sanity check */
    1274. 

  1274.     if (cctx == NULL)
    1275. 

  1275.         return WOLFSSL_FAILURE;
    1276. 

  1276. 

  1277.     if (value == NULL) {
    1278. 

  1278.         WOLFSSL_MSG("bad arguments");
    1279. 

  1279.         return ret;
    1280. 

  1280.     }
    1281. 

  1281. 

  1282.     if (cctx->ctx) {
    1283. 

  1283.         ret = wolfSSL_CTX_set1_curves_list(cctx->ctx, value);
    1284. 

  1284.     }
    1285. 

  1285. 

  1286.     if (((cctx->ctx  && ret == WOLFSSL_SUCCESS) ||
    1287. 

  1287.          (!cctx->ctx && ret == -3)) &&
    1288. 

  1288.         cctx->ssl) {
    1289. 

  1289.         ret = wolfSSL_set1_curves_list(cctx->ssl, value);
    1290. 

  1290.     }
    1291. 

  1291. 

  1292.     WOLFSSL_LEAVE("cmdfunc_curves", ret);
    1293. 

  1293.     return ret;
    1294. 

  1294. }
    1295. 

  1295. #endif
    1296. 

  1296. 

  1297. #ifndef NO_FILESYSTEM
    1298. 

  1298. /**
    1299. 

  1299.  * process cert command
    1300. 

  1300.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
    1301. 

  1301.  * @param value arguments for cmd
    1302. 

  1302.  * @return WOLFSSL_SUCCESS on success,
    1303. 

  1303.  *     otherwise WOLFSSL_FAILURE or
    1304. 

  1304.  *               -3 if value is null or
    1305. 

  1305.  *               negative value on other failure
    1306. 

  1306.  */
    1307. 

  1307. static int cmdfunc_cert(WOLFSSL_CONF_CTX* cctx, const char* value)
    1308. 

  1308. {
    1309. 

  1309.     int ret = -3;
    1310. 

  1310. 

  1311.     WOLFSSL_ENTER("cmdfunc_cert");
    1312. 

  1312. 

  1313.     /* sanity check */
    1314. 

  1314.     if (cctx == NULL)
    1315. 

  1315.         return WOLFSSL_FAILURE;
    1316. 

  1316. 

  1317.     if (value == NULL) {
    1318. 

  1318.         WOLFSSL_MSG("bad arguments");
    1319. 

  1319.         return ret;
    1320. 

  1320.     }
    1321. 

  1321. 

  1322.     if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
    1323. 

  1323.         WOLFSSL_MSG("certificate flag is not set");
    1324. 

  1324.         return -2;
    1325. 

  1325.     }
    1326. 

  1326. 

  1327.     if (cctx->ctx) {
    1328. 

  1328.         ret = wolfSSL_CTX_use_certificate_chain_file(cctx->ctx, value);
    1329. 

  1329.     }
    1330. 

  1330. 

  1331.     if (((cctx->ctx  && ret == WOLFSSL_SUCCESS) ||
    1332. 

  1332.          (!cctx->ctx && ret == -3)) &&
    1333. 

  1333.         cctx->ssl) {
    1334. 

  1334.         ret = wolfSSL_use_certificate_file(cctx->ssl, value,
    1335. 

  1335.                                                     WOLFSSL_FILETYPE_PEM);
    1336. 

  1336.     }
    1337. 

  1337. 

  1338.     WOLFSSL_LEAVE("cmdfunc_cert", ret);
    1339. 

  1339.     return ret;
    1340. 

  1340. }
    1341. 

  1341. /**
    1342. 

  1342.  * process key command
    1343. 

  1343.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
    1344. 

  1344.  * @param value arguments for cmd
    1345. 

  1345.  * @return WOLFSSL_SUCCESS on success,
    1346. 

  1346.  *     otherwise WOLFSSL_FAILURE or
    1347. 

  1347.  *               -3 if value is null or
    1348. 

  1348.  *               negative value on other failure
    1349. 

  1349.  */
    1350. 

  1350. static int cmdfunc_key(WOLFSSL_CONF_CTX* cctx, const char* value)
    1351. 

  1351. {
    1352. 

  1352.     int ret = -3;
    1353. 

  1353. 

  1354.     WOLFSSL_ENTER("cmdfunc_key");
    1355. 

  1355. 

  1356.      /* sanity check */
    1357. 

  1357.     if (cctx == NULL)
    1358. 

  1358.         return WOLFSSL_FAILURE;
    1359. 

  1359. 

  1360.     if (value == NULL) {
    1361. 

  1361.         WOLFSSL_MSG("bad arguments");
    1362. 

  1362.         return ret;
    1363. 

  1363.     }
    1364. 

  1364. 

  1365.     if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
    1366. 

  1366.         WOLFSSL_MSG("certificate flag is not set");
    1367. 

  1367.         return -2;
    1368. 

  1368.     }
    1369. 

  1369. 

  1370.     if (cctx->ctx) {
    1371. 

  1371.         ret = wolfSSL_CTX_use_PrivateKey_file(cctx->ctx, value,
    1372. 

  1372.                                                     WOLFSSL_FILETYPE_PEM);
    1373. 

  1373.     }
    1374. 

  1374. 

  1375.     if (((cctx->ctx  && ret == WOLFSSL_SUCCESS) ||
    1376. 

  1376.          (!cctx->ctx && ret == -3)) &&
    1377. 

  1377.         cctx->ssl) {
    1378. 

  1378.         ret = wolfSSL_use_PrivateKey_file(cctx->ssl, value,
    1379. 

  1379.                                                     WOLFSSL_FILETYPE_PEM);
    1380. 

  1380.     }
    1381. 

  1381. 

  1382.     WOLFSSL_LEAVE("cmdfunc_key", ret);
    1383. 

  1383.     return ret;
    1384. 

  1384. }
    1385. 

  1385. #endif /* NO_FILESYSTEM */
    1386. 

  1386. /**
    1387. 

  1387.  * process DH parameter command
    1388. 

  1388.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
    1389. 

  1389.  * @param value arguments for cmd
    1390. 

  1390.  * @return WOLFSSL_SUCCESS on success,
    1391. 

  1391.  *     otherwise WOLFSSL_FAILURE or
    1392. 

  1392.  *               -3 if value is null or
    1393. 

  1393.  *               negative value on other failure
    1394. 

  1394.  */
    1395. 

  1395. #if !defined(NO_DH) && !defined(NO_BIO)
    1396. 

  1396. static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value)
    1397. 

  1397. {
    1398. 

  1398.     int ret = -3;
    1399. 

  1399.     WOLFSSL_DH* dh = NULL;
    1400. 

  1400.     WOLFSSL_BIO* bio = NULL;
    1401. 

  1401. 

  1402.     WOLFSSL_MSG("cmdfunc_dhparam");
    1403. 

  1403. 

  1404.      /* sanity check */
    1405. 

  1405.     if (cctx == NULL)
    1406. 

  1406.         return WOLFSSL_FAILURE;
    1407. 

  1407. 

  1408.     if (value == NULL) {
    1409. 

  1409.         WOLFSSL_MSG("bad arguments");
    1410. 

  1410.         return ret;
    1411. 

  1411.     }
    1412. 

  1412. 

  1413.     if (cctx->ctx || cctx->ssl) {
    1414. 

  1414.         bio = wolfSSL_BIO_new_file(value, "rb");
    1415. 

  1415.         if (!bio) {
    1416. 

  1416.             WOLFSSL_MSG("bio new file failed");
    1417. 

  1417.             return WOLFSSL_FAILURE;
    1418. 

  1418.         }
    1419. 

  1419.         dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
    1420. 

  1420.         if (!dh) {
    1421. 

  1421.             wolfSSL_BIO_free(bio);
    1422. 

  1422.             WOLFSSL_MSG("PEM read bio failed");
    1423. 

  1423.             return WOLFSSL_FAILURE;
    1424. 

  1424.         }
    1425. 

  1425.     } else {
    1426. 

  1426.         return 1;
    1427. 

  1427.     }
    1428. 

  1428. 

  1429.     if (cctx->ctx) {
    1430. 

  1430.         ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh);
    1431. 

  1431.     }
    1432. 

  1432. 

  1433.     if (((cctx->ctx  && ret == WOLFSSL_SUCCESS) ||
    1434. 

  1434.          (!cctx->ctx && ret == -3)) &&
    1435. 

  1435.         cctx->ssl) {
    1436. 

  1436.         ret = (int)wolfSSL_CTX_set_tmp_dh(cctx->ssl->ctx, dh);
    1437. 

  1437.     }
    1438. 

  1438. 

  1439.     if (dh)
    1440. 

  1440.         wolfSSL_DH_free(dh);
    1441. 

  1441.     if (bio)
    1442. 

  1442.         wolfSSL_BIO_free(bio);
    1443. 

  1443. 

  1444.     WOLFSSL_LEAVE("cmdfunc_dhparam", ret);
    1445. 

  1445.     return ret;
    1446. 

  1446. }
    1447. 

  1447. #endif /* !NO_DH && !NO_BIO */
    1448. 

  1448. /**
    1449. 

  1449.  * command table
    1450. 

  1450.  */
    1451. 

  1451. typedef struct conf_cmd_tbl {
    1452. 

  1452.     const char* file_cmd;
    1453. 

  1453.     const char* cmdline_cmd;
    1454. 

  1454.     word32 data_type;
    1455. 

  1455.     int (*cmdfunc)(WOLFSSL_CONF_CTX* cctx, const char* value);
    1456. 

  1456. }conf_cmd_tbl;
    1457. 

  1457. 

  1458. static const conf_cmd_tbl conf_cmds_tbl[] = {
    1459. 

  1459. #if defined(HAVE_ECC)
    1460. 

  1460.     /* cmd Curves */
    1461. 

  1461.     {WOLFSSL_CONF_FILE_CMD1, WOLFSSL_CONF_CMDL_CMD1,
    1462. 

  1462.                                     WOLFSSL_CONF_TYPE_STRING, cmdfunc_curves},
    1463. 

  1463. #endif
    1464. 

  1464. #if !defined(NO_FILESYSTEM)
    1465. 

  1465.     /* cmd Certificate */
    1466. 

  1466.     {WOLFSSL_CONF_FILE_CMD2, WOLFSSL_CONF_CMDL_CMD2,
    1467. 

  1467.                                     WOLFSSL_CONF_TYPE_FILE, cmdfunc_cert},
    1468. 

  1468.     /* cmd PrivateKey */
    1469. 

  1469.     {WOLFSSL_CONF_FILE_CMD3, WOLFSSL_CONF_CMDL_CMD3,
    1470. 

  1470.                                     WOLFSSL_CONF_TYPE_FILE, cmdfunc_key},
    1471. 

  1471. #endif
    1472. 

  1472.     /* cmd Protocol */
    1473. 

  1473.     {WOLFSSL_CONF_FILE_CMD4, WOLFSSL_CONF_CMDL_CMD4,
    1474. 

  1474.                                     WOLFSSL_CONF_TYPE_STRING, NULL},
    1475. 

  1475.     /* cmd Options */
    1476. 

  1476.     {WOLFSSL_CONF_FILE_CMD5, WOLFSSL_CONF_CMDL_CMD5,
    1477. 

  1477.                                     WOLFSSL_CONF_TYPE_STRING, NULL},
    1478. 

  1478.     /* cmd ServerInfoFile */
    1479. 

  1479.     {WOLFSSL_CONF_FILE_CMD6, WOLFSSL_CONF_CMDL_CMD6,
    1480. 

  1480.                                     WOLFSSL_CONF_TYPE_FILE, NULL},
    1481. 

  1481.     /* cmd SignatureAlgorithms */
    1482. 

  1482.     {WOLFSSL_CONF_FILE_CMD7, WOLFSSL_CONF_CMDL_CMD7,
    1483. 

  1483.                                     WOLFSSL_CONF_TYPE_STRING, NULL},
    1484. 

  1484.     /* cmd ClientSignatureAlgorithms */
    1485. 

  1485.     {WOLFSSL_CONF_FILE_CMD8, WOLFSSL_CONF_CMDL_CMD8,
    1486. 

  1486.                                     WOLFSSL_CONF_TYPE_STRING, NULL},
    1487. 

  1487.     /* cmd CipherString */
    1488. 

  1488.     {WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9,
    1489. 

  1489.                               WOLFSSL_CONF_TYPE_STRING, cmdfunc_cipherstring},
    1490. 

  1490. #if !defined(NO_DH) && !defined(NO_BIO)
    1491. 

  1491.     /* cmd DHParameters */
    1492. 

  1492.     {WOLFSSL_CONF_FILE_CMD10, WOLFSSL_CONF_CMDL_CMD10,
    1493. 

  1493.                                     WOLFSSL_CONF_TYPE_FILE, cmdfunc_dhparam},
    1494. 

  1494. #endif
    1495. 

  1495. #ifdef HAVE_ECC
    1496. 

  1496.     /* cmd ECHDParameters */
    1497. 

  1497.     {WOLFSSL_CONF_FILE_CMD11, WOLFSSL_CONF_CMDL_CMD11,
    1498. 

  1498.                                     WOLFSSL_CONF_TYPE_STRING, NULL},
    1499. 

  1499. #endif
    1500. 

  1500. };
    1501. 

  1501. /* size of command table */
    1502. 

  1502. static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl)
    1503. 

  1503.                                                     / sizeof(conf_cmd_tbl);
    1504. 

  1504. 

  1505. static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx,
    1506. 

  1506.                                          const char* cmd)
    1507. 

  1507. {
    1508. 

  1508.     size_t i = 0;
    1509. 

  1509.     size_t cmdlen = 0;
    1510. 

  1510. 

  1511.     if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
    1512. 

  1512.         cmdlen = XSTRLEN(cmd);
    1513. 

  1513. 

  1514.         if (cmdlen < 2) {
    1515. 

  1515.             WOLFSSL_MSG("bad cmdline command");
    1516. 

  1516.             return NULL;
    1517. 

  1517.         }
    1518. 

  1518.         /* skip "-" prefix */
    1519. 

  1519.         ++cmd;
    1520. 

  1520.     }
    1521. 

  1521. 

  1522.     for (i = 0; i < size_of_cmd_tbls; i++) {
    1523. 

  1523.         /* check if the cmd is valid */
    1524. 

  1524.         if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
    1525. 

  1525.             if (conf_cmds_tbl[i].cmdline_cmd != NULL &&
    1526. 

  1526.                 XSTRCMP(cmd, conf_cmds_tbl[i].cmdline_cmd) == 0) {
    1527. 

  1527.                 return &conf_cmds_tbl[i];
    1528. 

  1528.             }
    1529. 

  1529.         }
    1530. 

  1530. 

  1531.         if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) {
    1532. 

  1532.             if (conf_cmds_tbl[i].file_cmd != NULL &&
    1533. 

  1533.                 XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) {
    1534. 

  1534.                 return &conf_cmds_tbl[i];
    1535. 

  1535.             }
    1536. 

  1536.         }
    1537. 

  1537.     }
    1538. 

  1538. 

  1539.     return NULL;
    1540. 

  1540. }
    1541. 

  1541. 

  1542. /**
    1543. 

  1543.  * send configuration command
    1544. 

  1544.  * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
    1545. 

  1545.  * @param cmd   configuration command
    1546. 

  1546.  * @param value arguments for cmd
    1547. 

  1547.  * @return 1 when cmd is recognised, but value is not used
    1548. 

  1548.  *         2 both cmd and value are used
    1549. 

  1549.  *  otherwise WOLFSSL_FAILURE
    1550. 

  1550.  *         -2 if cmd is not recognised
    1551. 

  1551.  *         -3 if value is NULL, but cmd is recognized
    1552. 

  1552.  */
    1553. 

  1553. int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
    1554. 

  1554. {
    1555. 

  1555.     int ret = WOLFSSL_FAILURE;
    1556. 

  1556.     const conf_cmd_tbl* confcmd = NULL;
    1557. 

  1557.     WOLFSSL_ENTER("wolfSSL_CONF_cmd");
    1558. 

  1558. 

  1559.     /* sanity check */
    1560. 

  1560.     if (cctx == NULL || cmd == NULL) {
    1561. 

  1561.         WOLFSSL_MSG("bad arguments");
    1562. 

  1562.         return ret;
    1563. 

  1563.     }
    1564. 

  1564. 

  1565.     confcmd = wolfssl_conf_find_cmd(cctx, cmd);
    1566. 

  1566.     if (confcmd == NULL)
    1567. 

  1567.         return -2;
    1568. 

  1568. 

  1569.     if (confcmd->cmdfunc == NULL) {
    1570. 

  1570.         WOLFSSL_MSG("cmd not yet implemented");
    1571. 

  1571.         return -2;
    1572. 

  1572.     }
    1573. 

  1573. 

  1574.     ret = confcmd->cmdfunc(cctx, value);
    1575. 

  1575. 

  1576.     /* return code compliant with OpenSSL */
    1577. 

  1577.     if (ret < -3)
    1578. 

  1578.         ret = 0;
    1579. 

  1579. 

  1580.     WOLFSSL_LEAVE("wolfSSL_CONF_cmd", ret);
    1581. 

  1581.     return ret;
    1582. 

  1582. }
    1583. 

  1583. 

  1584. /**
    1585. 

  1585.  *
    1586. 

  1586.  * @param cctx a pointer to WOLFSSL_CONF_CTX structure
    1587. 

  1587.  * @param cmd  configuration command
    1588. 

  1588.  * @return The SSL_CONF_TYPE_* type or SSL_CONF_TYPE_UNKNOWN if an
    1589. 

  1589.  *         unvalid command
    1590. 

  1590.  */
    1591. 

  1591. int wolfSSL_CONF_cmd_value_type(WOLFSSL_CONF_CTX *cctx, const char *cmd)
    1592. 

  1592. {
    1593. 

  1593.     const conf_cmd_tbl* confcmd = NULL;
    1594. 

  1594.     WOLFSSL_ENTER("wolfSSL_CONF_cmd_value_type");
    1595. 

  1595. 

  1596.     confcmd = wolfssl_conf_find_cmd(cctx, cmd);
    1597. 

  1597.     if (confcmd == NULL)
    1598. 

  1598.         return SSL_CONF_TYPE_UNKNOWN;
    1599. 

  1599.     return (int)confcmd->data_type;
    1600. 

  1600. }
    1601. 

  1601. 

  1602. #endif /* OPENSSL_EXTRA */
    1603. 

  1603. 

  1604. 

  1605. /*******************************************************************************
    1606. 

  1606.  * END OF CONF API
    1607. 

  1607.  ******************************************************************************/
    1608. 

  1608. 

  1609. #endif /* WOLFSSL_CONF_INCLUDED */
    1610.