evp_cnf.c revision 302408
1145519Sdarrenr/* evp_cnf.c */ 2145510Sdarrenr/* 322514Sdarrenr * Written by Stephen Henson (steve@openssl.org) for the OpenSSL project 453024Sguido * 2007. 522514Sdarrenr */ 6145510Sdarrenr/* ==================================================================== 722514Sdarrenr * Copyright (c) 2007 The OpenSSL Project. All rights reserved. 822514Sdarrenr * 9145510Sdarrenr * Redistribution and use in source and binary forms, with or without 10145510Sdarrenr * modification, are permitted provided that the following conditions 11153881Sguido * are met: 1292686Sdarrenr * 1355924Sguido * 1. Redistributions of source code must retain the above copyright 1422514Sdarrenr * notice, this list of conditions and the following disclaimer. 1522514Sdarrenr * 1622514Sdarrenr * 2. Redistributions in binary form must reproduce the above copyright 1722514Sdarrenr * notice, this list of conditions and the following disclaimer in 1822514Sdarrenr * the documentation and/or other materials provided with the 1922514Sdarrenr * distribution. 2022514Sdarrenr * 2122514Sdarrenr * 3. All advertising materials mentioning features or use of this 2222514Sdarrenr * software must display the following acknowledgment: 2322514Sdarrenr * "This product includes software developed by the OpenSSL Project 2422514Sdarrenr * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 2522514Sdarrenr * 2622514Sdarrenr * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27145510Sdarrenr * endorse or promote products derived from this software without 28145510Sdarrenr * prior written permission. For written permission, please contact 29145510Sdarrenr * licensing@OpenSSL.org. 30145510Sdarrenr * 31145510Sdarrenr * 5. Products derived from this software may not be called "OpenSSL" 3224583Sdarrenr * nor may "OpenSSL" appear in their names without prior written 3322514Sdarrenr * permission of the OpenSSL Project. 3422514Sdarrenr * 3522514Sdarrenr * 6. Redistributions of any form whatsoever must retain the following 3622514Sdarrenr * acknowledgment: 3722514Sdarrenr * "This product includes software developed by the OpenSSL Project 3822514Sdarrenr * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 3922514Sdarrenr * 4022514Sdarrenr * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 4122514Sdarrenr * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 4222514Sdarrenr * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 4322514Sdarrenr * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 4422514Sdarrenr * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 4522514Sdarrenr * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 4622514Sdarrenr * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 4722514Sdarrenr * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 4822514Sdarrenr * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 4922514Sdarrenr * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 5022514Sdarrenr * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 5131183Speter * OF THE POSSIBILITY OF SUCH DAMAGE. 5231183Speter * ==================================================================== 5331183Speter * 5422514Sdarrenr * This product includes cryptographic software written by Eric Young 5531183Speter * (eay@cryptsoft.com). This product includes software written by Tim 5622514Sdarrenr * Hudson (tjh@cryptsoft.com). 5722514Sdarrenr * 5822514Sdarrenr */ 5922514Sdarrenr 6022514Sdarrenr#include <stdio.h> 6124583Sdarrenr#include <ctype.h> 6224583Sdarrenr#include <openssl/crypto.h> 6322514Sdarrenr#include "cryptlib.h" 6424583Sdarrenr#include <openssl/conf.h> 6524583Sdarrenr#include <openssl/dso.h> 6624583Sdarrenr#include <openssl/x509.h> 6722514Sdarrenr#include <openssl/x509v3.h> 6822514Sdarrenr#ifdef OPENSSL_FIPS 6922514Sdarrenr# include <openssl/fips.h> 7022514Sdarrenr#endif 7122514Sdarrenr 7222514Sdarrenr/* Algorithm configuration module. */ 7322514Sdarrenr 7422514Sdarrenrstatic int alg_module_init(CONF_IMODULE *md, const CONF *cnf) 7522514Sdarrenr{ 7622514Sdarrenr int i; 7722514Sdarrenr const char *oid_section; 7822514Sdarrenr STACK_OF(CONF_VALUE) *sktmp; 7922514Sdarrenr CONF_VALUE *oval; 8022514Sdarrenr oid_section = CONF_imodule_get_value(md); 8122514Sdarrenr if (!(sktmp = NCONF_get_section(cnf, oid_section))) { 8222514Sdarrenr EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_ERROR_LOADING_SECTION); 8322514Sdarrenr return 0; 8422514Sdarrenr } 8522514Sdarrenr for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { 8622514Sdarrenr oval = sk_CONF_VALUE_value(sktmp, i); 8722514Sdarrenr if (!strcmp(oval->name, "fips_mode")) { 8824583Sdarrenr int m; 8924583Sdarrenr if (!X509V3_get_value_bool(oval, &m)) { 9022514Sdarrenr EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_INVALID_FIPS_MODE); 9122514Sdarrenr return 0; 9222514Sdarrenr } 9322514Sdarrenr if (m > 0) { 9455924Sguido#ifdef OPENSSL_FIPS 9555924Sguido if (!FIPS_mode() && !FIPS_mode_set(1)) { 9631183Speter EVPerr(EVP_F_ALG_MODULE_INIT, 9731183Speter EVP_R_ERROR_SETTING_FIPS_MODE); 9822514Sdarrenr return 0; 9922514Sdarrenr } 10022514Sdarrenr#else 10122514Sdarrenr EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_FIPS_MODE_NOT_SUPPORTED); 10222514Sdarrenr return 0; 10322514Sdarrenr#endif 10422514Sdarrenr } 105145510Sdarrenr } else { 10622514Sdarrenr EVPerr(EVP_F_ALG_MODULE_INIT, EVP_R_UNKNOWN_OPTION); 10731183Speter ERR_add_error_data(4, "name=", oval->name, 10822514Sdarrenr ", value=", oval->value); 10922514Sdarrenr } 11022514Sdarrenr 11122514Sdarrenr } 11222514Sdarrenr return 1; 11322514Sdarrenr} 11422514Sdarrenr 11522514Sdarrenrvoid EVP_add_alg_module(void) 11622514Sdarrenr{ 11722514Sdarrenr CONF_module_add("alg_section", alg_module_init, 0); 11822514Sdarrenr} 11922514Sdarrenr