pal/tlsio_options.c (279 lines of code) (raw):
// Copyright (c) Microsoft. All rights reserved.
// Licensed under the MIT license. See LICENSE file in the project root for full license information.
#include <stdlib.h>
#include "azure_c_shared_utility/gballoc.h"
#include "azure_c_shared_utility/tlsio_options.h"
#include "azure_c_shared_utility/shared_util_options.h"
#include "azure_c_shared_utility/xlogging.h"
#include "azure_c_shared_utility/crt_abstractions.h"
// Initialize the TLSIO_OPTIONS struct
void tlsio_options_initialize(TLSIO_OPTIONS* options, int supported_options)
{
// Using static function rules, so 'options' is not checked for NULL
//
// The supported_options value does not need validation because undefined bits are
// ignored, while any valid missing bits result in an "option not supported" error
// that will show up in unit testing.
options->supported_options = supported_options;
options->trusted_certs = NULL;
options->x509_type = TLSIO_OPTIONS_x509_TYPE_UNSPECIFIED;
options->x509_cert = NULL;
options->x509_key = NULL;
}
static int set_and_validate_x509_type(TLSIO_OPTIONS* options, TLSIO_OPTIONS_x509_TYPE x509_type)
{
int result;
if ((options->supported_options & x509_type) == 0)
{
// This case also rejects the nonsensical TLSIO_OPTIONS_x509_TYPE_UNSPECIFIED
LogError("Unsupported x509 type: %d", x509_type);
result = MU_FAILURE;
}
else if (options->x509_type == TLSIO_OPTIONS_x509_TYPE_UNSPECIFIED)
{
// Initial type setting
options->x509_type = x509_type;
result = 0;
}
else if (options->x509_type != x509_type)
{
LogError("Supplied x509 type conflicts with previously set x509");
result = MU_FAILURE;
}
else
{
// The types match okay
result = 0;
}
return result;
}
void tlsio_options_release_resources(TLSIO_OPTIONS* options)
{
if (options != NULL)
{
free((void*)options->trusted_certs);
free((void*)options->x509_cert);
free((void*)options->x509_key);
options->trusted_certs = NULL;
options->x509_cert = NULL;
options->x509_key = NULL;
}
else
{
LogError("NULL options");
}
}
static bool is_supported_string_option(const char* name)
{
return
(strcmp(name, OPTION_TRUSTED_CERT) == 0) ||
(strcmp(name, OPTION_OPENSSL_CIPHER_SUITE) == 0) ||
(strcmp(name, OPTION_OPENSSL_ENGINE) == 0) ||
(strcmp(name, OPTION_OPENSSL_PRIVATE_KEY_TYPE) == 0) ||
(strcmp(name, SU_OPTION_X509_CERT) == 0) ||
(strcmp(name, SU_OPTION_X509_PRIVATE_KEY) == 0) ||
(strcmp(name, OPTION_X509_ECC_CERT) == 0) ||
(strcmp(name, OPTION_X509_ECC_KEY) == 0);
}
TLSIO_OPTIONS_RESULT tlsio_options_destroy_option(const char* name, const void* value)
{
TLSIO_OPTIONS_RESULT result;
if (name == NULL || value == NULL)
{
LogError("NULL parameter: name: %p, value: %p", name, value);
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else if (is_supported_string_option(name))
{
free((void*)value);
result = TLSIO_OPTIONS_RESULT_SUCCESS;
}
else
{
result = TLSIO_OPTIONS_RESULT_NOT_HANDLED;
}
return result;
}
TLSIO_OPTIONS_RESULT tlsio_options_clone_option(const char* name, const void* value, void** out_value)
{
TLSIO_OPTIONS_RESULT result;
if (name == NULL || value == NULL || out_value == NULL)
{
LogError("NULL parameter: name: %p, value: %p, out_value: %p",
name, value, out_value);
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else if (is_supported_string_option(name))
{
*out_value = NULL;
if (mallocAndStrcpy_s((char**)out_value, value) != 0)
{
LogError("unable to mallocAndStrcpy_s option value");
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else
{
result = TLSIO_OPTIONS_RESULT_SUCCESS;
}
}
else
{
result = TLSIO_OPTIONS_RESULT_NOT_HANDLED;
}
return result;
}
TLSIO_OPTIONS_RESULT tlsio_options_set(TLSIO_OPTIONS* options,
const char* optionName, const void* value)
{
TLSIO_OPTIONS_RESULT result;
char* copied_value = NULL;
if (options == NULL || optionName == NULL || value == NULL)
{
LogError("NULL parameter: options: %p, optionName: %p, value: %p",
options, optionName, value);
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else if (!is_supported_string_option(optionName))
{
result = TLSIO_OPTIONS_RESULT_NOT_HANDLED;
}
else if(mallocAndStrcpy_s(&copied_value, value) != 0)
{
LogError("unable to mallocAndStrcpy_s option value");
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else if (strcmp(OPTION_TRUSTED_CERT, optionName) == 0)
{
if ((options->supported_options & TLSIO_OPTION_BIT_TRUSTED_CERTS) == 0)
{
LogError("Trusted certs option not supported");
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else if (options->trusted_certs != NULL)
{
LogError("unable to set trusted cert option more than once");
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else
{
options->trusted_certs = copied_value;
result = TLSIO_OPTIONS_RESULT_SUCCESS;
}
}
else if (strcmp(SU_OPTION_X509_CERT, optionName) == 0 || strcmp(OPTION_X509_ECC_CERT, optionName) == 0)
{
TLSIO_OPTIONS_x509_TYPE this_type = (strcmp(SU_OPTION_X509_CERT, optionName) == 0) ? TLSIO_OPTIONS_x509_TYPE_RSA : TLSIO_OPTIONS_x509_TYPE_ECC;
if (options->x509_cert != NULL)
{
LogError("unable to set x509 cert more than once");
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else if (set_and_validate_x509_type(options, this_type) != 0)
{
// Error logged by helper
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else
{
options->x509_cert = copied_value;
result = TLSIO_OPTIONS_RESULT_SUCCESS;
}
}
else if (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0 || strcmp(OPTION_X509_ECC_KEY, optionName) == 0)
{
TLSIO_OPTIONS_x509_TYPE this_type = (strcmp(SU_OPTION_X509_PRIVATE_KEY, optionName) == 0) ? TLSIO_OPTIONS_x509_TYPE_RSA : TLSIO_OPTIONS_x509_TYPE_ECC;
if (options->x509_key != NULL)
{
LogError("unable to set x509 key more than once");
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else if (set_and_validate_x509_type(options, this_type) != 0)
{
// Error logged by helper
result = TLSIO_OPTIONS_RESULT_ERROR;
}
else
{
options->x509_key = copied_value;
result = TLSIO_OPTIONS_RESULT_SUCCESS;
}
}
else
{
// This is logically impossible due to earlier tests, so just quiet the compiler
result = TLSIO_OPTIONS_RESULT_ERROR;
}
if (result != TLSIO_OPTIONS_RESULT_SUCCESS)
{
free(copied_value);
}
return result;
}
// A helper that works if the tlsio does not use any extra options
static void* local_clone_option(const char* name, const void* value)
{
void* result = NULL;
if (tlsio_options_clone_option(name, value, &result) != TLSIO_OPTIONS_RESULT_SUCCESS)
{
LogError("Unexpected local_clone_option failure");
}
return result;
}
// A helper that works if the tlsio does not use any extra options
void local_destroy_option(const char* name, const void* value)
{
if (tlsio_options_destroy_option(name, value) != TLSIO_OPTIONS_RESULT_SUCCESS)
{
LogError("Unexpected local_destroy_option failure");
}
}
OPTIONHANDLER_HANDLE tlsio_options_retrieve_options(TLSIO_OPTIONS* options, pfSetOption setOption)
{
return tlsio_options_retrieve_options_ex(options, local_clone_option, local_destroy_option, setOption);
}
OPTIONHANDLER_HANDLE tlsio_options_retrieve_options_ex(TLSIO_OPTIONS* options,
pfCloneOption cloneOption, pfDestroyOption destroyOption, pfSetOption setOption)
{
OPTIONHANDLER_HANDLE result;
if (options == NULL || cloneOption == NULL || destroyOption == NULL || setOption == NULL)
{
LogError("Null parameter in options: %p, cloneOption: %p, destroyOption: %p, setOption: %p",
options, cloneOption, destroyOption, setOption);
result = NULL;
}
else
{
result = OptionHandler_Create(cloneOption, destroyOption, setOption);
if (result == NULL)
{
LogError("OptionHandler_Create failed");
/*return as is*/
}
else if (
(options->trusted_certs != NULL) &&
(OptionHandler_AddOption(result, OPTION_TRUSTED_CERT, options->trusted_certs) != OPTIONHANDLER_OK)
)
{
LogError("unable to save TrustedCerts option");
OptionHandler_Destroy(result);
result = NULL;
}
else if (options->x509_type != TLSIO_OPTIONS_x509_TYPE_UNSPECIFIED)
{
const char* x509_cert_option;
const char* x509_key_option;
if (options->x509_type == TLSIO_OPTIONS_x509_TYPE_ECC)
{
x509_cert_option = OPTION_X509_ECC_CERT;
x509_key_option = OPTION_X509_ECC_KEY;
}
else
{
x509_cert_option = SU_OPTION_X509_CERT;
x509_key_option = SU_OPTION_X509_PRIVATE_KEY;
}
if (
(options->x509_cert != NULL) &&
(OptionHandler_AddOption(result, x509_cert_option, options->x509_cert) != OPTIONHANDLER_OK)
)
{
LogError("unable to save x509 cert option");
OptionHandler_Destroy(result);
result = NULL;
}
else if (
(options->x509_key != NULL) &&
(OptionHandler_AddOption(result, x509_key_option, options->x509_key) != OPTIONHANDLER_OK)
)
{
LogError("unable to save x509 key option");
OptionHandler_Destroy(result);
result = NULL;
}
}
}
return result;
}