implemented CONF_cmd

2021-04-22 15:27:56 +09:00
parent 956a0f2b5f
commit 394c0b5cdc
4 changed files with 431 additions and 19 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -56073,6 +56073,7 @@ void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx)
    if (cctx) {
        XFREE(cctx, NULL, DYNAMIC_TYPE_OPENSSL);
    }
+    WOLFSSL_LEAVE("wolfSSL_CONF_CTX_free", 1);
 }
 /**
 * Set WOLFSSL_CTX instance to WOLFSSL_CONF_CTX
@ -56092,6 +56093,7 @@ void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx)
    }
    
    cctx->ctx = ctx;
+    WOLFSSL_LEAVE("wolfSSL_CONF_CTX_set_ssl_ctx", 1);
 }
 /**
 * set flag value into WOLFSSL_CONF_CTX
@ -56110,36 +56112,397 @@ unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx,
    return cctx->flags;
 }

-#ifndef NO_WOLFSSL_STUB
 /**
 * finish configuration command operation
 * @param cctx  a pointer to WOLFSSL_CONF_CTX structure to be set
- * @return WOLFSSL_SUCCESS on success, 
- *     otherwise WOLFSSL_FAILURE (stub currently returns WOLFSSL_FAILURE always)
+ * @return WOLFSSL_SUCCESS on success
 */
 int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx)
 {
-    WOLFSSL_STUB("wolfSSL_CONF_CTX_finish");
    (void)cctx;
-    return WOLFSSL_FAILURE;
+    return WOLFSSL_SUCCESS;
 }
+
+#define WOLFSSL_CONF_FILE_CMD1  "Curves"
+#define WOLFSSL_CONF_FILE_CMD2  "Certificate"
+#define WOLFSSL_CONF_FILE_CMD3  "PrivateKey"
+#define WOLFSSL_CONF_FILE_CMD4  "Protocol"
+#define WOLFSSL_CONF_FILE_CMD5  "Options"
+#define WOLFSSL_CONF_FILE_CMD6  "ServerInfoFile"
+#define WOLFSSL_CONF_FILE_CMD7  "SignatureAlgorithms"
+#define WOLFSSL_CONF_FILE_CMD8  "ClientSignatureAlgorithms"
+#define WOLFSSL_CONF_FILE_CMD9  "CipherString"
+
+#define WOLFSSL_CONF_CMDL_CMD1  "curves"
+#define WOLFSSL_CONF_CMDL_CMD2  "cert"
+#define WOLFSSL_CONF_CMDL_CMD3  "key"
+#define WOLFSSL_CONF_CMDL_CMD4  NULL
+#define WOLFSSL_CONF_CMDL_CMD5  NULL
+#define WOLFSSL_CONF_CMDL_CMD6  NULL
+#define WOLFSSL_CONF_CMDL_CMD7  "sigalgs"
+#define WOLFSSL_CONF_CMDL_CMD8  "client_sigalgs"
+#define WOLFSSL_CONF_CMDL_CMD9  "cipher"
+
+#if !defined(NO_DH) && !defined(NO_BIO)
+#define WOLFSSL_CONF_FILE_CMD10 "DHParameters"
+#define WOLFSSL_CONF_CMDL_CMD10 "dhparam"
+#endif
+
+#ifdef HAVE_ECC
+#define WOLFSSL_CONF_FILE_CMD11 "ECDHParameters"
+#define WOLFSSL_CONF_CMDL_CMD11 "named_curves"
+#endif
+
+/**
+ * process Cipher String command
+ * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
+ * @param value arguments for cmd
+ * @return WOLFSSL_SUCCESS on success, 
+ *     otherwise WOLFSSL_FAILURE or
+ *               -3 if value is null or
+ *               negative value on other failure
+ */
+static int cmdfunc_cipherstring(WOLFSSL_CONF_CTX* cctx, const char* value)
+{
+    int ret = -3;
+    
+    WOLFSSL_ENTER("cmdfunc_cipherstring");
+    
+     /* sanity check */
+    if (cctx == NULL)
+        return WOLFSSL_FAILURE;
+    
+    if (value == NULL) {
+        WOLFSSL_MSG("bad arguments");
+        return ret;
+    }
+    
+    if (cctx->ctx) {
+        ret = wolfSSL_CTX_set_cipher_list(cctx->ctx, value);
+    }
+    
+    if (cctx->ssl) {
+        ret = wolfSSL_set_cipher_list(cctx->ssl, value);
+    }
+    
+    WOLFSSL_LEAVE("cmdfunc_cipherstring", ret);
+    return ret;
+}
+
+/**
+ * process curves command
+ * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
+ * @param value arguments for cmd
+ * @return WOLFSSL_SUCCESS on success, 
+ *     otherwise WOLFSSL_FAILURE or
+ *               -3 if value is null or
+ *               negative value on other failure
+ */
+#if defined(HAVE_ECC)
+static int cmdfunc_curves(WOLFSSL_CONF_CTX* cctx, const char* value)
+{
+    int ret = -3;
+    
+    WOLFSSL_ENTER("cmdfunc_curves");
+    
+     /* sanity check */
+    if (cctx == NULL)
+        return WOLFSSL_FAILURE;
+    
+    if (value == NULL) {
+        WOLFSSL_MSG("bad arguments");
+        return ret;
+    }
+    
+    if (cctx->ctx) {
+        ret = wolfSSL_CTX_set1_curves_list(cctx->ctx, value);
+    }
+    
+    if (cctx->ssl) {
+        ret = wolfSSL_set1_curves_list(cctx->ssl, value);
+    }
+    
+    WOLFSSL_LEAVE("cmdfunc_curves", ret);
+    return ret;
+}
+#endif
+/**
+ * process cert command
+ * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
+ * @param value arguments for cmd
+ * @return WOLFSSL_SUCCESS on success, 
+ *     otherwise WOLFSSL_FAILURE or
+ *               -3 if value is null or
+ *               negative value on other failure
+ */
+static int cmdfunc_cert(WOLFSSL_CONF_CTX* cctx, const char* value)
+{
+    int ret = -3;
+    
+    WOLFSSL_ENTER("cmdfunc_cert");
+    
+    /* sanity check */
+    if (cctx == NULL)
+        return WOLFSSL_FAILURE;
+    
+    if (value == NULL) {
+        WOLFSSL_MSG("bad arguments");
+        return ret;
+    }
+    
+    if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
+        WOLFSSL_MSG("certificate flag is not set");
+        return -2;
+    }
+    
+    if (cctx->ctx) {
+        ret = wolfSSL_CTX_use_certificate_chain_file(cctx->ctx, value);
+    }
+    
+    if (cctx->ssl) {
+        ret = wolfSSL_use_certificate_file(cctx->ssl, value, 
+                                                    WOLFSSL_FILETYPE_PEM);
+    }
+    
+    WOLFSSL_LEAVE("cmdfunc_cert", ret);
+    return ret;
+}
+/**
+ * process key command
+ * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
+ * @param value arguments for cmd
+ * @return WOLFSSL_SUCCESS on success, 
+ *     otherwise WOLFSSL_FAILURE or
+ *               -3 if value is null or
+ *               negative value on other failure
+ */
+static int cmdfunc_key(WOLFSSL_CONF_CTX* cctx, const char* value)
+{
+    int ret = -3;
+    
+    WOLFSSL_ENTER("cmdfunc_key");
+    
+     /* sanity check */
+    if (cctx == NULL)
+        return WOLFSSL_FAILURE;
+    
+    if (value == NULL) {
+        WOLFSSL_MSG("bad arguments");
+        return ret;
+    }
+    
+    if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
+        WOLFSSL_MSG("certificate flag is not set");
+        return -2;
+    }
+    
+    if (cctx->ctx) {
+        ret = wolfSSL_CTX_use_PrivateKey_file(cctx->ctx, value, 
+                                                    WOLFSSL_FILETYPE_PEM);
+    }
+    
+    if (cctx->ssl) {
+        ret = wolfSSL_use_PrivateKey_file(cctx->ssl, value, 
+                                                    WOLFSSL_FILETYPE_PEM);
+    }
+    
+    WOLFSSL_LEAVE("cmdfunc_key", ret);
+    return ret;
+}
+/**
+ * process DH parameter command
+ * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
+ * @param value arguments for cmd
+ * @return WOLFSSL_SUCCESS on success, 
+ *     otherwise WOLFSSL_FAILURE or
+ *               -3 if value is null or
+ *               negative value on other failure
+ */
+#if !defined(NO_DH) && !defined(NO_BIO)
+static int cmdfunc_dhparam(WOLFSSL_CONF_CTX* cctx, const char* value)
+{
+    int ret = -3;
+    WOLFSSL_DH* dh = NULL;
+    WOLFSSL_BIO* bio = NULL;
+    
+    WOLFSSL_MSG("cmdfunc_dhparam");
+    
+     /* sanity check */
+    if (cctx == NULL)
+        return WOLFSSL_FAILURE;
+    
+    if (value == NULL) {
+        WOLFSSL_MSG("bad arguments");
+        return ret;
+    }
+    
+    if (!(cctx->flags & WOLFSSL_CONF_FLAG_CERTIFICATE)) {
+        WOLFSSL_MSG("certificate flag is not set");
+        return -2;
+    }
+    
+    if (cctx->ctx || cctx->ssl) {
+        bio = wolfSSL_BIO_new_file(value, "rb");
+        if (!bio) {
+            WOLFSSL_MSG("bio new file failed");
+            return WOLFSSL_FAILURE;
+        }
+        dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
+        if (!dh) {
+            wolfSSL_BIO_free(bio);
+            WOLFSSL_MSG("PEM read bio failed");
+            return WOLFSSL_FAILURE;
+        }
+    } else
+        return 1;
+    
+    if (cctx->ctx) {
+        ret = wolfSSL_CTX_set_tmp_dh(cctx->ctx, dh);
+    }
+    
+    if (cctx->ssl) {
+        /* wolfSSL_use_set_tmp_dh not yet implemented */
+        ret = WOLFSSL_FAILURE;
+    }
+    
+    if (dh)
+        wolfSSL_DH_free(dh);
+    if (bio)
+        wolfSSL_BIO_free(bio);
+        
+    WOLFSSL_LEAVE("cmdfunc_dhparam", ret);
+    return ret;
+}
+#endif /* !NO_DH && !NO_BIO */
+/**
+ * command table
+ */
+typedef struct conf_cmd_tbl {
+    const char* file_cmd;
+    const char* cmdline_cmd;
+    word32 data_type;
+    int (*cmdfunc)(WOLFSSL_CONF_CTX* cctx, const char* value);
+}conf_cmd_tbl;
+
+static const conf_cmd_tbl conf_cmds_tbl[] = {
+    /* cmd Curves */
+    {WOLFSSL_CONF_FILE_CMD1, WOLFSSL_CONF_CMDL_CMD1, 
+                                    WOLFSSL_CONF_TYPE_STRING, cmdfunc_curves},
+    /* cmd Certificate */
+    {WOLFSSL_CONF_FILE_CMD2, WOLFSSL_CONF_CMDL_CMD2, 
+                                    WOLFSSL_CONF_TYPE_FILE, cmdfunc_cert},
+    /* cmd PrivateKey */
+    {WOLFSSL_CONF_FILE_CMD3, WOLFSSL_CONF_CMDL_CMD3, 
+                                    WOLFSSL_CONF_TYPE_FILE, cmdfunc_key},
+    /* cmd Protocol */
+    {WOLFSSL_CONF_FILE_CMD4, WOLFSSL_CONF_CMDL_CMD4, 
+                                    WOLFSSL_CONF_TYPE_STRING, NULL},
+    /* cmd Options */
+    {WOLFSSL_CONF_FILE_CMD5, WOLFSSL_CONF_CMDL_CMD5, 
+                                    WOLFSSL_CONF_TYPE_STRING, NULL},
+    /* cmd ServerInfoFile */
+    {WOLFSSL_CONF_FILE_CMD6, WOLFSSL_CONF_CMDL_CMD6, 
+                                    WOLFSSL_CONF_TYPE_FILE, NULL},
+    /* cmd SignatureAlgorithms */
+    {WOLFSSL_CONF_FILE_CMD7, WOLFSSL_CONF_CMDL_CMD7, 
+                                    WOLFSSL_CONF_TYPE_STRING, NULL},
+    /* cmd ClientSignatureAlgorithms */
+    {WOLFSSL_CONF_FILE_CMD8, WOLFSSL_CONF_CMDL_CMD8, 
+                                    WOLFSSL_CONF_TYPE_STRING, NULL},
+    /* cmd CipherString */
+    {WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9, 
+                              WOLFSSL_CONF_TYPE_STRING, cmdfunc_cipherstring},
+#if !defined(NO_DH) && !defined(NO_BIO)
+    /* cmd DHParameters */
+    {WOLFSSL_CONF_FILE_CMD9, WOLFSSL_CONF_CMDL_CMD9, 
+                                    WOLFSSL_CONF_TYPE_FILE, NULL},
+#endif
+#ifdef HAVE_ECC
+    /* cmd ECHDParameters */
+    {WOLFSSL_CONF_FILE_CMD10, WOLFSSL_CONF_CMDL_CMD10, 
+                                    WOLFSSL_CONF_TYPE_STRING, cmdfunc_dhparam},
+#endif
+};
+/* size of command table */
+static const size_t size_of_cmd_tbls = sizeof(conf_cmds_tbl) 
+                                                    / sizeof(conf_cmd_tbl);
+
 /**
 * send configuration command
 * @param cctx  a pointer to WOLFSSL_CONF_CTX structure
 * @param cmd   configuration command
 * @param value arguments for cmd
- * @return WOLFSSL_SUCCESS on success, 
- *     otherwise WOLFSSL_FAILURE (stub currently returns WOLFSSL_FAILURE always)
+ * @return 1 when cmd is recognised, but value is not used
+ *         2 both cmd and value are used
+ *  otherwise WOLFSSL_FAILURE
+ *         -2 if cmd is not recognised
+ *         -3 if value is NULL, but cmd is recognized
 */
 int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
 {
-    WOLFSSL_STUB("wolfSSL_CONF_cmd");
+    int ret = WOLFSSL_FAILURE;
+    size_t i;
+    size_t cmdlen;
+    const char* c;
+    WOLFSSL_ENTER("wolfSSL_CONF_cmd");
+    
    (void)cctx;
    (void)cmd;
    (void)value;
-    return WOLFSSL_FAILURE;
+    
+    /* sanity check */
+    if (cctx == NULL || cmd == NULL) {
+        WOLFSSL_MSG("bad arguments");
+        return ret;
+    }
+    
+    for (i = 0; i < size_of_cmd_tbls; i++) {
+        /* check if the cmd is valid */
+        if (cctx->flags & WOLFSSL_CONF_FLAG_CMDLINE) {
+            cmdlen = XSTRLEN(cmd);
+            if (cmdlen < 2) {
+                WOLFSSL_MSG("bad cmdline command");
+                return ret;
+            }
+            /* skip "-" prefix */
+            c = ++cmd;
+            
+            if (XSTRCMP(c, conf_cmds_tbl[i].cmdline_cmd) == 0) {
+                if (conf_cmds_tbl[i].cmdfunc != NULL) {
+                    ret = conf_cmds_tbl[i].cmdfunc(cctx, value);
+                    break;
+                } else {
+                    WOLFSSL_MSG("cmd not yet implemented");
+                    return ret;
+                }
+            }
+        }
+        
+        if (cctx->flags & WOLFSSL_CONF_FLAG_FILE) {
+            if (XSTRCMP(cmd, conf_cmds_tbl[i].file_cmd) == 0) {
+                if (conf_cmds_tbl[i].cmdfunc != NULL) {
+                    ret = conf_cmds_tbl[i].cmdfunc(cctx, value);
+                    break;
+                } else {
+                    WOLFSSL_MSG("cmd not yet implemented");
+                    return ret;
+                }
+            }
+        }
+    }
+    
+    if (i == size_of_cmd_tbls) {
+        WOLFSSL_MSG("invalid command");
+        ret = -2;
+    }
+    
+    /* return code compliant with OpenSSL */
+    if (ret < -3)
+        ret = 0;
+    
+    WOLFSSL_LEAVE("wolfSSL_CONF_cmd", ret);
+    return ret;
 }
-#endif /* !NO_WOLFSSL_STUB */

 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
 /**
--- a/tests/api.c
+++ b/tests/api.c
@ -43085,7 +43085,7 @@ static void test_wolfSSL_OpenSSL_version(void)
 #endif
 }

-static void test_CONF_CTX(void)
+static void test_CONF_CTX_FILE(void)
 {
 #if defined(OPENSSL_ALL)
    printf(testingFmt, "test_CONF_CTX");
@ -43107,14 +43107,51 @@ static void test_CONF_CTX(void)
        #endif
    #endif
    
-    AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, 0x1), 0x1);
-    
-    /* STUB */
-    #if !defined(NO_WOLFSSL_STUB)
-    AssertIntEQ(SSL_CONF_cmd(cctx, "TEST", "TEST1"), WOLFSSL_FAILURE);
-    AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_FAILURE);
+    /* set flags */
+    AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), 
+                                            WOLFSSL_CONF_FLAG_FILE);
+    AssertIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), 
+                       WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE);
+    /* cmd Certificate and Private Key*/
+    {
+    #ifndef NO_CERTS
+        const char*  ourCert = svrCertFile;
+        const char*  ourKey  = svrKeyFile;
+        AssertIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert), 
+                                                            WOLFSSL_SUCCESS);
+        AssertIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS);
+        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
    #endif
+    }
    
+    /* cmd curves */
+    {
+    #if defined(HAVE_ECC)
+        const char* curve = "secp256r1";
+        
+        AssertIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS);
+        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
+    #endif
+    }
+    
+    /* cmd CipherString */
+    {
+        char* cipher = wolfSSL_get_cipher_list(0/*top priority*/);
+        AssertIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), WOLFSSL_SUCCESS);
+        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
+    }
+    
+    /* cmd DH parameter */
+    {
+    #if !defined(NO_DH) && !defined(NO_BIO)
+        const char* ourdhcert = "./certs/dh3072.pem";
+        
+        AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert), 
+                                                        WOLFSSL_SUCCESS);
+        AssertIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS);
+        
+    #endif
+    }
    SSL_CTX_free(ctx);
    SSL_CONF_CTX_free(cctx);
    
@ -43768,7 +43805,7 @@ void ApiTest(void)
    test_wolfSSL_OpenSSL_version();
    test_wolfSSL_set_psk_use_session_callback();
    
-    test_CONF_CTX();
+    test_CONF_CTX_FILE();
    test_wolfSSL_CRYPTO_get_ex_new_index();
    test_wolfSSL_DH_get0_pqg();
    
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@ -1157,7 +1157,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define DTLS1_2_VERSION                  0xFEFD
 #define DTLS_MAX_VERSION                 DTLS1_2_VERSION

-#define SSL_CONF_FLAG_FILE               0x2
+#define SSL_CONF_FLAG_CMDLINE            WOLFSSL_CONF_FLAG_CMDLINE
+#define SSL_CONF_FLAG_FILE               WOLFSSL_CONF_FLAG_FILE
+#define SSL_CONF_FLAG_CERTIFICATE        WOLFSSL_CONF_FLAG_CERTIFICATE
+#define SSL_CONF_TYPE_STRING             WOLFSSL_CONF_TYPE_STRING
+#define SSL_CONF_TYPE_FILE               WOLFSSL_CONF_TYPE_FILE

 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \
                                                         || defined(OPENSSL_ALL)
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -4415,6 +4415,14 @@ WOLFSSL_API void wolfSSL_CONF_CTX_free(WOLFSSL_CONF_CTX* cctx);
 WOLFSSL_API void wolfSSL_CONF_CTX_set_ssl_ctx(WOLFSSL_CONF_CTX* cctx, WOLFSSL_CTX *ctx);
 WOLFSSL_API unsigned int wolfSSL_CONF_CTX_set_flags(WOLFSSL_CONF_CTX* cctx, unsigned int flags);
 WOLFSSL_API int wolfSSL_CONF_CTX_finish(WOLFSSL_CONF_CTX* cctx);
+
+#define WOLFSSL_CONF_FLAG_CMDLINE       0x1
+#define WOLFSSL_CONF_FLAG_FILE          0x2
+#define WOLFSSL_CONF_FLAG_CERTIFICATE   0x20
+
+#define WOLFSSL_CONF_TYPE_STRING        0x1
+#define WOLFSSL_CONF_TYPE_FILE          0x2
+
 WOLFSSL_API int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value);
 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
 WOLFSSL_API int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp,