Split keypair handling out into its own file - it had already appeared

in multiple locations. ok beck@
author: jsing <> 2018-02-08 05:56:49 +0000
committer: jsing <> 2018-02-08 05:56:49 +0000
commit: 301cd3fd1c4d17417a8493c71729c759ffcaf161 (patch)
tree: 0abe458cace64c392a0381ff03a5068a69ab19c6
parent: 427ccd3eed962ca8e1dcfdbedde0f36b48b047de (diff)
download: openbsd-301cd3fd1c4d17417a8493c71729c759ffcaf161.tar.gz
openbsd-301cd3fd1c4d17417a8493c71729c759ffcaf161.tar.bz2
openbsd-301cd3fd1c4d17417a8493c71729c759ffcaf161.zip
6 files changed, 215 insertions, 166 deletions
diff --git a/src/lib/libtls/Makefile b/src/lib/libtls/Makefile
index 9e7b4fc7a6..c47119685e 100644
--- a/src/lib/libtls/Makefile
+++ b/src/lib/libtls/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.32 2017/08/13 19:42:33 doug Exp $
+#       $OpenBSD: Makefile,v 1.33 2018/02/08 05:56:49 jsing Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -32,6 +32,7 @@ SRCS=	tls.c \
        tls_client.c \
        tls_config.c \
        tls_conninfo.c \
+        tls_keypair.c \
        tls_peer.c \
        tls_server.c \
        tls_util.c \
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index d44b8dde49..3db75dc62f 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.46 2018/02/05 00:52:24 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.47 2018/02/08 05:56:49 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -24,127 +24,8 @@
 #include <unistd.h>
 #include <tls.h>
-#include "tls_internal.h"
-static int
-set_string(const char **dest, const char *src)
-{
-        free((char *)*dest);
-        *dest = NULL;
-        if (src != NULL)
-                if ((*dest = strdup(src)) == NULL)
-                        return -1;
-        return 0;
-}
-static void *
-memdup(const void *in, size_t len)
-{
-        void *out;
-        if ((out = malloc(len)) == NULL)
-                return NULL;
-        memcpy(out, in, len);
-        return out;
-}
-static int
-set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
-{
-        free(*dest);
-        *dest = NULL;
-        *destlen = 0;
-        if (src != NULL)
-                if ((*dest = memdup(src, srclen)) == NULL)
-                        return -1;
-        *destlen = srclen;
-        return 0;
-}
-static struct tls_keypair *
-tls_keypair_new(void)
-{
-        return calloc(1, sizeof(struct tls_keypair));
-}
-static void
-tls_keypair_clear_key(struct tls_keypair *keypair)
-{
-        freezero(keypair->key_mem, keypair->key_len);
-        keypair->key_mem = NULL;
-        keypair->key_len = 0;
-}
-static int
-tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
-    const char *cert_file)
-{
-        return tls_config_load_file(error, "certificate", cert_file,
-            &keypair->cert_mem, &keypair->cert_len);
-}
-static int
-tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
-    size_t len)
-{
-        return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
-}
-static int
+#include "tls_internal.h"
-tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
-    const char *key_file)
-{
-        tls_keypair_clear_key(keypair);
-        return tls_config_load_file(error, "key", key_file,
-            &keypair->key_mem, &keypair->key_len);
-}
-static int
-tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
-    size_t len)
-{
-        tls_keypair_clear_key(keypair);
-        return set_mem(&keypair->key_mem, &keypair->key_len, key, len);
-}
-static int
-tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
-    struct tls_error *error, const char *ocsp_file)
-{
-        return tls_config_load_file(error, "ocsp", ocsp_file,
-            &keypair->ocsp_staple, &keypair->ocsp_staple_len);
-}
-static int
-tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
-    const uint8_t *staple, size_t len)
-{
-        return set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len, staple,
-            len);
-}
-static void
-tls_keypair_clear(struct tls_keypair *keypair)
-{
-        tls_keypair_set_cert_mem(keypair, NULL, 0);
-        tls_keypair_set_key_mem(keypair, NULL, 0);
-}
-static void
-tls_keypair_free(struct tls_keypair *keypair)
-{
-        if (keypair == NULL)
-                return;
-        tls_keypair_clear(keypair);
-        free(keypair->cert_mem);
-        free(keypair->key_mem);
-        free(keypair->ocsp_staple);
-        free(keypair->pubkey_hash);
-        free(keypair);
-}
 int
 tls_config_load_file(struct tls_error *error, const char *filetype,
@@ -529,13 +410,13 @@ tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
 int
 tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
 {
-        return set_string(&config->ca_path, ca_path);
+        return tls_set_string(&config->ca_path, ca_path);
 }
 int
 tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
 {
-        return set_mem(&config->ca_mem, &config->ca_len, ca, len);
+        return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
 }
 int
@@ -579,7 +460,7 @@ tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
        }
        SSL_CTX_free(ssl_ctx);
-        return set_string(&config->ciphers, ciphers);
+        return tls_set_string(&config->ciphers, ciphers);
 err:
        SSL_CTX_free(ssl_ctx);
@@ -597,7 +478,7 @@ int
 tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
    size_t len)
 {
-        return set_mem(&config->crl_mem, &config->crl_len, crl, len);
+        return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
 }
 int
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h
index f378ea5466..67a31b2efd 100644
--- a/src/lib/libtls/tls_internal.h
+++ b/src/lib/libtls/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.65 2017/09/20 17:05:17 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.66 2018/02/08 05:56:49 jsing Exp $ */
 /*
 * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -192,6 +192,29 @@ struct tls {
        void *cb_arg;
 };
+int tls_set_mem(char **_dest, size_t *_destlen, const void *_src,
+    size_t _srclen);
+int tls_set_string(const char **_dest, const char *_src);
+struct tls_keypair *tls_keypair_new(void);
+void tls_keypair_clear_key(struct tls_keypair *_keypair);
+int tls_keypair_set_cert_file(struct tls_keypair *_keypair,
+    struct tls_error *_error, const char *_cert_file);
+int tls_keypair_set_cert_mem(struct tls_keypair *_keypair, const uint8_t *_cert,
+    size_t _len);
+int tls_keypair_set_key_file(struct tls_keypair *_keypair,
+    struct tls_error *_error, const char *_key_file);
+int tls_keypair_set_key_mem(struct tls_keypair *_keypair, const uint8_t *_key,
+    size_t _len);
+int tls_keypair_set_ocsp_staple_file(struct tls_keypair *_keypair,
+    struct tls_error *_error, const char *_ocsp_file);
+int tls_keypair_set_ocsp_staple_mem(struct tls_keypair *_keypair,
+    const uint8_t *_staple, size_t _len);
+void tls_keypair_clear(struct tls_keypair *_keypair);
+void tls_keypair_free(struct tls_keypair *_keypair);
+int tls_keypair_load_cert(struct tls_keypair *_keypair,
+    struct tls_error *_error, X509 **_cert);
 struct tls_sni_ctx *tls_sni_ctx_new(void);
 void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);
diff --git a/src/lib/libtls/tls_keypair.c b/src/lib/libtls/tls_keypair.c
new file mode 100644
index 0000000000..eef92b3b24
--- /dev/null
+++ b/src/lib/libtls/tls_keypair.c
@@ -0,0 +1,146 @@
+/* $OpenBSD: tls_keypair.c,v 1.1 2018/02/08 05:56:49 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+#include <tls.h>
+#include "tls_internal.h"
+struct tls_keypair *
+tls_keypair_new(void)
+{
+        return calloc(1, sizeof(struct tls_keypair));
+}
+void
+tls_keypair_clear_key(struct tls_keypair *keypair)
+{
+        freezero(keypair->key_mem, keypair->key_len);
+        keypair->key_mem = NULL;
+        keypair->key_len = 0;
+}
+int
+tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
+    const char *cert_file)
+{
+        return tls_config_load_file(error, "certificate", cert_file,
+            &keypair->cert_mem, &keypair->cert_len);
+}
+int
+tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
+    size_t len)
+{
+        return tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
+}
+int
+tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
+    const char *key_file)
+{
+        tls_keypair_clear_key(keypair);
+        return tls_config_load_file(error, "key", key_file,
+            &keypair->key_mem, &keypair->key_len);
+}
+int
+tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
+    size_t len)
+{
+        tls_keypair_clear_key(keypair);
+        return tls_set_mem(&keypair->key_mem, &keypair->key_len, key, len);
+}
+int
+tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
+    struct tls_error *error, const char *ocsp_file)
+{
+        return tls_config_load_file(error, "ocsp", ocsp_file,
+            &keypair->ocsp_staple, &keypair->ocsp_staple_len);
+}
+int
+tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
+    const uint8_t *staple, size_t len)
+{
+        return tls_set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len,
+            staple, len);
+}
+void
+tls_keypair_clear(struct tls_keypair *keypair)
+{
+        tls_keypair_set_cert_mem(keypair, NULL, 0);
+        tls_keypair_set_key_mem(keypair, NULL, 0);
+}
+void
+tls_keypair_free(struct tls_keypair *keypair)
+{
+        if (keypair == NULL)
+                return;
+        tls_keypair_clear(keypair);
+        free(keypair->cert_mem);
+        free(keypair->key_mem);
+        free(keypair->ocsp_staple);
+        free(keypair->pubkey_hash);
+        free(keypair);
+}
+int
+tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
+    X509 **cert)
+{
+        char *errstr = "unknown";
+        BIO *cert_bio = NULL;
+        int ssl_err;
+        int rv = -1;
+        X509_free(*cert);
+        *cert = NULL;
+        if (keypair->cert_mem == NULL) {
+                tls_error_set(error, "keypair has no certificate");
+                goto err;
+        }
+        if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
+            keypair->cert_len)) == NULL) {
+                tls_error_set(error, "failed to create certificate bio");
+                goto err;
+        }
+        if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
+            NULL)) == NULL) {
+                if ((ssl_err = ERR_peek_error()) != 0)
+                    errstr = ERR_error_string(ssl_err, NULL);
+                tls_error_set(error, "failed to load certificate: %s", errstr);
+                goto err;
+        }
+        rv = 0;
+ err:
+        BIO_free(cert_bio);
+        return (rv);
+}
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index e1011769f6..98b0957437 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.42 2017/09/20 17:05:17 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.43 2018/02/08 05:56:49 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -204,43 +204,6 @@ tls_server_ticket_cb(SSL *ssl, unsigned char *keyname, unsigned char *iv,
 }
 static int
-tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
-    X509 **cert)
-{
-        char *errstr = "unknown";
-        BIO *cert_bio = NULL;
-        int ssl_err;
-        int rv = -1;
-        X509_free(*cert);
-        *cert = NULL;
-        if (keypair->cert_mem == NULL) {
-                tls_error_set(error, "keypair has no certificate");
-                goto err;
-        }
-        if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
-            keypair->cert_len)) == NULL) {
-                tls_error_set(error, "failed to create certificate bio");
-                goto err;
-        }
-        if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
-            NULL)) == NULL) {
-                if ((ssl_err = ERR_peek_error()) != 0)
-                    errstr = ERR_error_string(ssl_err, NULL);
-                tls_error_set(error, "failed to load certificate: %s", errstr);
-                goto err;
-        }
-        rv = 0;
- err:
-        BIO_free(cert_bio);
-        return (rv);
-}
-static int
 tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
    struct tls_keypair *keypair)
 {
diff --git a/src/lib/libtls/tls_util.c b/src/lib/libtls/tls_util.c
index f9df287ca8..06b60597af 100644
--- a/src/lib/libtls/tls_util.c
+++ b/src/lib/libtls/tls_util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_util.c,v 1.10 2018/02/05 00:52:24 jsing Exp $ */
+/* $OpenBSD: tls_util.c,v 1.11 2018/02/08 05:56:49 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
@@ -25,6 +25,41 @@
 #include "tls.h"
 #include "tls_internal.h"
+static void *
+memdup(const void *in, size_t len)
+{
+        void *out;
+        if ((out = malloc(len)) == NULL)
+                return NULL;
+        memcpy(out, in, len);
+        return out;
+}
+int
+tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
+{
+        free(*dest);
+        *dest = NULL;
+        *destlen = 0;
+        if (src != NULL)
+                if ((*dest = memdup(src, srclen)) == NULL)
+                        return -1;
+        *destlen = srclen;
+        return 0;
+}
+int
+tls_set_string(const char **dest, const char *src)
+{
+        free((char *)*dest);
+        *dest = NULL;
+        if (src != NULL)
+                if ((*dest = strdup(src)) == NULL)
+                        return -1;
+        return 0;
+}
 /*
 * Extract the host and port from a colon separated value. For a literal IPv6
 * address the address must be contained with square braces. If a host and
author	jsing <>	2018-02-08 05:56:49 +0000
committer	jsing <>	2018-02-08 05:56:49 +0000
commit	301cd3fd1c4d17417a8493c71729c759ffcaf161 (patch)
tree	0abe458cace64c392a0381ff03a5068a69ab19c6
parent	427ccd3eed962ca8e1dcfdbedde0f36b48b047de (diff)
download	openbsd-301cd3fd1c4d17417a8493c71729c759ffcaf161.tar.gz openbsd-301cd3fd1c4d17417a8493c71729c759ffcaf161.tar.bz2 openbsd-301cd3fd1c4d17417a8493c71729c759ffcaf161.zip