1/* 2 * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include <stdio.h> 11#include <openssl/crypto.h> 12#include "internal/cryptlib.h" 13#include <openssl/conf.h> 14#include <openssl/x509.h> 15#include <openssl/x509v3.h> 16#include <openssl/trace.h> 17#include "crypto/evp.h" 18 19/* Algorithm configuration module. */ 20 21static int alg_module_init(CONF_IMODULE *md, const CONF *cnf) 22{ 23 int i; 24 const char *oid_section; 25 STACK_OF(CONF_VALUE) *sktmp; 26 CONF_VALUE *oval; 27 28 OSSL_TRACE2(CONF, "Loading EVP module: name %s, value %s\n", 29 CONF_imodule_get_name(md), CONF_imodule_get_value(md)); 30 31 oid_section = CONF_imodule_get_value(md); 32 if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { 33 ERR_raise(ERR_LIB_EVP, EVP_R_ERROR_LOADING_SECTION); 34 return 0; 35 } 36 for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { 37 oval = sk_CONF_VALUE_value(sktmp, i); 38 if (strcmp(oval->name, "fips_mode") == 0) { 39 int m; 40 41 /* Detailed error already reported. */ 42 if (!X509V3_get_value_bool(oval, &m)) 43 return 0; 44 45 /* 46 * fips_mode is deprecated and should not be used in new 47 * configurations. 48 */ 49 if (!evp_default_properties_enable_fips_int( 50 NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) { 51 ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); 52 return 0; 53 } 54 } else if (strcmp(oval->name, "default_properties") == 0) { 55 if (!evp_set_default_properties_int(NCONF_get0_libctx((CONF *)cnf), 56 oval->value, 0, 0)) { 57 ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE); 58 return 0; 59 } 60 } else { 61 ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, 62 "name=%s, value=%s", oval->name, oval->value); 63 return 0; 64 } 65 66 } 67 return 1; 68} 69 70void EVP_add_alg_module(void) 71{ 72 OSSL_TRACE(CONF, "Adding config module 'alg_section'\n"); 73 CONF_module_add("alg_section", alg_module_init, 0); 74} 75