/src/openssl/ssl/ssl_mcnf.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include <openssl/conf.h> |
12 | | #include <openssl/ssl.h> |
13 | | #include "ssl_local.h" |
14 | | #include "internal/sslconf.h" |
15 | | |
16 | | /* SSL library configuration module. */ |
17 | | |
18 | | void SSL_add_ssl_module(void) |
19 | 0 | { |
20 | | /* Do nothing. This will be added automatically by libcrypto */ |
21 | 0 | } |
22 | | |
23 | | static int ssl_do_config(SSL *s, SSL_CTX *ctx, const char *name, int system) |
24 | 31.0k | { |
25 | 31.0k | SSL_CONF_CTX *cctx = NULL; |
26 | 31.0k | size_t i, idx, cmd_count; |
27 | 31.0k | int err = 1; |
28 | 31.0k | unsigned int flags; |
29 | 31.0k | unsigned int conf_diagnostics = 0; |
30 | 31.0k | const SSL_METHOD *meth; |
31 | 31.0k | const SSL_CONF_CMD *cmds; |
32 | 31.0k | OSSL_LIB_CTX *prev_libctx = NULL; |
33 | 31.0k | OSSL_LIB_CTX *libctx = NULL; |
34 | | |
35 | 31.0k | if (s == NULL && ctx == NULL) { |
36 | 0 | ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); |
37 | 0 | goto err; |
38 | 0 | } |
39 | | |
40 | 31.0k | if (name == NULL && system) |
41 | 31.0k | name = "system_default"; |
42 | 31.0k | if (!conf_ssl_name_find(name, &idx)) { |
43 | 31.0k | if (!system) |
44 | 0 | ERR_raise_data(ERR_LIB_SSL, SSL_R_INVALID_CONFIGURATION_NAME, |
45 | 0 | "name=%s", name); |
46 | 31.0k | goto err; |
47 | 31.0k | } |
48 | 0 | cmds = conf_ssl_get(idx, &name, &cmd_count); |
49 | 0 | cctx = SSL_CONF_CTX_new(); |
50 | 0 | if (cctx == NULL) { |
51 | | /* this is a fatal error, always report */ |
52 | 0 | system = 0; |
53 | 0 | goto err; |
54 | 0 | } |
55 | 0 | flags = SSL_CONF_FLAG_FILE; |
56 | 0 | if (!system) |
57 | 0 | flags |= SSL_CONF_FLAG_CERTIFICATE | SSL_CONF_FLAG_REQUIRE_PRIVATE; |
58 | 0 | if (s != NULL) { |
59 | 0 | meth = s->method; |
60 | 0 | SSL_CONF_CTX_set_ssl(cctx, s); |
61 | 0 | libctx = s->ctx->libctx; |
62 | 0 | } else { |
63 | 0 | meth = ctx->method; |
64 | 0 | SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); |
65 | 0 | libctx = ctx->libctx; |
66 | 0 | } |
67 | 0 | conf_diagnostics = OSSL_LIB_CTX_get_conf_diagnostics(libctx); |
68 | 0 | if (conf_diagnostics) |
69 | 0 | flags |= SSL_CONF_FLAG_SHOW_ERRORS; |
70 | 0 | if (meth->ssl_accept != ssl_undefined_function) |
71 | 0 | flags |= SSL_CONF_FLAG_SERVER; |
72 | 0 | if (meth->ssl_connect != ssl_undefined_function) |
73 | 0 | flags |= SSL_CONF_FLAG_CLIENT; |
74 | 0 | SSL_CONF_CTX_set_flags(cctx, flags); |
75 | 0 | prev_libctx = OSSL_LIB_CTX_set0_default(libctx); |
76 | 0 | err = 0; |
77 | 0 | for (i = 0; i < cmd_count; i++) { |
78 | 0 | char *cmdstr, *arg; |
79 | 0 | int rv; |
80 | |
|
81 | 0 | conf_ssl_get_cmd(cmds, i, &cmdstr, &arg); |
82 | 0 | rv = SSL_CONF_cmd(cctx, cmdstr, arg); |
83 | 0 | if (rv <= 0) |
84 | 0 | ++err; |
85 | 0 | } |
86 | 0 | if (!SSL_CONF_CTX_finish(cctx)) |
87 | 0 | ++err; |
88 | 31.0k | err: |
89 | 31.0k | OSSL_LIB_CTX_set0_default(prev_libctx); |
90 | 31.0k | SSL_CONF_CTX_free(cctx); |
91 | 31.0k | return err == 0 || (system && !conf_diagnostics); |
92 | 0 | } |
93 | | |
94 | | int SSL_config(SSL *s, const char *name) |
95 | 0 | { |
96 | 0 | return ssl_do_config(s, NULL, name, 0); |
97 | 0 | } |
98 | | |
99 | | int SSL_CTX_config(SSL_CTX *ctx, const char *name) |
100 | 0 | { |
101 | 0 | return ssl_do_config(NULL, ctx, name, 0); |
102 | 0 | } |
103 | | |
104 | | int ssl_ctx_system_config(SSL_CTX *ctx) |
105 | 31.0k | { |
106 | 31.0k | return ssl_do_config(NULL, ctx, NULL, 1); |
107 | 31.0k | } |