diff options
| author | beck <> | 2016-11-05 14:50:05 +0000 |
|---|---|---|
| committer | beck <> | 2016-11-05 14:50:05 +0000 |
| commit | 857e056d8e939aab5d14f1aadf80c28fe9a4f805 (patch) | |
| tree | f8562aaa3f17de87e3eca50e4d128c22873832f0 | |
| parent | 31aa40a36a1a6abcd16ec90eba9325e1bdc5edc8 (diff) | |
| download | openbsd-857e056d8e939aab5d14f1aadf80c28fe9a4f805.tar.gz openbsd-857e056d8e939aab5d14f1aadf80c28fe9a4f805.tar.bz2 openbsd-857e056d8e939aab5d14f1aadf80c28fe9a4f805.zip | |
rename ocsp_ctx to ocsp
ok jsing@
| -rw-r--r-- | src/lib/libtls/tls.c | 12 | ||||
| -rw-r--r-- | src/lib/libtls/tls_internal.h | 10 | ||||
| -rw-r--r-- | src/lib/libtls/tls_ocsp.c | 114 |
3 files changed, 68 insertions, 68 deletions
diff --git a/src/lib/libtls/tls.c b/src/lib/libtls/tls.c index 6893e95b08..51717a79cb 100644 --- a/src/lib/libtls/tls.c +++ b/src/lib/libtls/tls.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls.c,v 1.51 2016/11/03 10:05:32 jsing Exp $ */ | 1 | /* $OpenBSD: tls.c,v 1.52 2016/11/05 14:50:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -446,9 +446,9 @@ tls_reset(struct tls *ctx) | |||
| 446 | tls_conninfo_free(ctx->conninfo); | 446 | tls_conninfo_free(ctx->conninfo); |
| 447 | ctx->conninfo = NULL; | 447 | ctx->conninfo = NULL; |
| 448 | 448 | ||
| 449 | tls_ocsp_ctx_free(ctx->ocsp_ctx); | 449 | tls_ocsp_free(ctx->ocsp); |
| 450 | ctx->ocsp_ctx = NULL; | 450 | ctx->ocsp = NULL; |
| 451 | 451 | ||
| 452 | for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) { | 452 | for (sni = ctx->sni_ctx; sni != NULL; sni = nsni) { |
| 453 | nsni = sni->next; | 453 | nsni = sni->next; |
| 454 | tls_sni_ctx_free(sni); | 454 | tls_sni_ctx_free(sni); |
| @@ -531,8 +531,8 @@ tls_handshake(struct tls *ctx) | |||
| 531 | ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); | 531 | ctx->ssl_peer_cert = SSL_get_peer_certificate(ctx->ssl_conn); |
| 532 | if (tls_conninfo_populate(ctx) == -1) | 532 | if (tls_conninfo_populate(ctx) == -1) |
| 533 | rv = -1; | 533 | rv = -1; |
| 534 | if (ctx->ocsp_ctx == NULL) | 534 | if (ctx->ocsp == NULL) |
| 535 | ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); | 535 | ctx->ocsp = tls_ocsp_setup_from_peer(ctx); |
| 536 | } | 536 | } |
| 537 | out: | 537 | out: |
| 538 | /* Prevent callers from performing incorrect error handling */ | 538 | /* Prevent callers from performing incorrect error handling */ |
diff --git a/src/lib/libtls/tls_internal.h b/src/lib/libtls/tls_internal.h index 4fe4ee7811..65b65371b2 100644 --- a/src/lib/libtls/tls_internal.h +++ b/src/lib/libtls/tls_internal.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls_internal.h,v 1.48 2016/11/04 18:23:32 guenther Exp $ */ | 1 | /* $OpenBSD: tls_internal.h,v 1.49 2016/11/05 14:50:05 beck Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> | 3 | * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org> |
| 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | 4 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> |
| @@ -106,7 +106,7 @@ struct tls_ocsp_result { | |||
| 106 | time_t revocation_time; | 106 | time_t revocation_time; |
| 107 | }; | 107 | }; |
| 108 | 108 | ||
| 109 | struct tls_ocsp_ctx { | 109 | struct tls_ocsp { |
| 110 | /* responder location */ | 110 | /* responder location */ |
| 111 | char *ocsp_url; | 111 | char *ocsp_url; |
| 112 | 112 | ||
| @@ -147,7 +147,7 @@ struct tls { | |||
| 147 | 147 | ||
| 148 | struct tls_conninfo *conninfo; | 148 | struct tls_conninfo *conninfo; |
| 149 | 149 | ||
| 150 | struct tls_ocsp_ctx *ocsp_ctx; | 150 | struct tls_ocsp *ocsp; |
| 151 | 151 | ||
| 152 | tls_read_cb read_cb; | 152 | tls_read_cb read_cb; |
| 153 | tls_write_cb write_cb; | 153 | tls_write_cb write_cb; |
| @@ -208,8 +208,8 @@ int tls_conninfo_populate(struct tls *ctx); | |||
| 208 | void tls_conninfo_free(struct tls_conninfo *conninfo); | 208 | void tls_conninfo_free(struct tls_conninfo *conninfo); |
| 209 | 209 | ||
| 210 | int tls_ocsp_verify_cb(SSL *ssl, void *arg); | 210 | int tls_ocsp_verify_cb(SSL *ssl, void *arg); |
| 211 | void tls_ocsp_ctx_free(struct tls_ocsp_ctx *ctx); | 211 | void tls_ocsp_free(struct tls_ocsp *ctx); |
| 212 | struct tls_ocsp_ctx *tls_ocsp_setup_from_peer(struct tls *ctx); | 212 | struct tls_ocsp *tls_ocsp_setup_from_peer(struct tls *ctx); |
| 213 | 213 | ||
| 214 | __END_HIDDEN_DECLS | 214 | __END_HIDDEN_DECLS |
| 215 | 215 | ||
diff --git a/src/lib/libtls/tls_ocsp.c b/src/lib/libtls/tls_ocsp.c index 52e90364a7..2da88f4281 100644 --- a/src/lib/libtls/tls_ocsp.c +++ b/src/lib/libtls/tls_ocsp.c | |||
| @@ -34,25 +34,25 @@ | |||
| 34 | * State for request. | 34 | * State for request. |
| 35 | */ | 35 | */ |
| 36 | 36 | ||
| 37 | static struct tls_ocsp_ctx * | 37 | static struct tls_ocsp * |
| 38 | tls_ocsp_ctx_new(void) | 38 | tls_ocsp_new(void) |
| 39 | { | 39 | { |
| 40 | return (calloc(1, sizeof(struct tls_ocsp_ctx))); | 40 | return (calloc(1, sizeof(struct tls_ocsp))); |
| 41 | } | 41 | } |
| 42 | 42 | ||
| 43 | void | 43 | void |
| 44 | tls_ocsp_ctx_free(struct tls_ocsp_ctx *ocsp_ctx) | 44 | tls_ocsp_free(struct tls_ocsp *ocsp) |
| 45 | { | 45 | { |
| 46 | if (ocsp_ctx == NULL) | 46 | if (ocsp == NULL) |
| 47 | return; | 47 | return; |
| 48 | 48 | ||
| 49 | free(ocsp_ctx->ocsp_result); | 49 | free(ocsp->ocsp_result); |
| 50 | ocsp_ctx->ocsp_result = NULL; | 50 | ocsp->ocsp_result = NULL; |
| 51 | free(ocsp_ctx->ocsp_url); | 51 | free(ocsp->ocsp_url); |
| 52 | ocsp_ctx->ocsp_url = NULL; | 52 | ocsp->ocsp_url = NULL; |
| 53 | free(ocsp_ctx->request_data); | 53 | free(ocsp->request_data); |
| 54 | ocsp_ctx->request_data = NULL; | 54 | ocsp->request_data = NULL; |
| 55 | free(ocsp_ctx); | 55 | free(ocsp); |
| 56 | } | 56 | } |
| 57 | 57 | ||
| 58 | static int | 58 | static int |
| @@ -78,8 +78,8 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status, | |||
| 78 | { | 78 | { |
| 79 | struct tls_ocsp_result *info = NULL; | 79 | struct tls_ocsp_result *info = NULL; |
| 80 | 80 | ||
| 81 | free(ctx->ocsp_ctx->ocsp_result); | 81 | free(ctx->ocsp->ocsp_result); |
| 82 | ctx->ocsp_ctx->ocsp_result = NULL; | 82 | ctx->ocsp->ocsp_result = NULL; |
| 83 | 83 | ||
| 84 | if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) { | 84 | if ((info = calloc(1, sizeof (struct tls_ocsp_result))) == NULL) { |
| 85 | tls_set_error(ctx, "calloc"); | 85 | tls_set_error(ctx, "calloc"); |
| @@ -115,7 +115,7 @@ tls_ocsp_fill_info(struct tls *ctx, int response_status, int cert_status, | |||
| 115 | "unable to parse next update time in OCSP reply"); | 115 | "unable to parse next update time in OCSP reply"); |
| 116 | goto error; | 116 | goto error; |
| 117 | } | 117 | } |
| 118 | ctx->ocsp_ctx->ocsp_result = info; | 118 | ctx->ocsp->ocsp_result = info; |
| 119 | return 0; | 119 | return 0; |
| 120 | error: | 120 | error: |
| 121 | free(info); | 121 | free(info); |
| @@ -155,37 +155,37 @@ tls_ocsp_get_certid(X509 *main_cert, STACK_OF(X509) *extra_certs, | |||
| 155 | return cid; | 155 | return cid; |
| 156 | } | 156 | } |
| 157 | 157 | ||
| 158 | struct tls_ocsp_ctx * | 158 | struct tls_ocsp * |
| 159 | tls_ocsp_setup_from_peer(struct tls *ctx) | 159 | tls_ocsp_setup_from_peer(struct tls *ctx) |
| 160 | { | 160 | { |
| 161 | struct tls_ocsp_ctx *ocsp_ctx = NULL; | 161 | struct tls_ocsp *ocsp = NULL; |
| 162 | STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL; | 162 | STACK_OF(OPENSSL_STRING) *ocsp_urls = NULL; |
| 163 | 163 | ||
| 164 | if ((ocsp_ctx = tls_ocsp_ctx_new()) == NULL) | 164 | if ((ocsp = tls_ocsp_new()) == NULL) |
| 165 | goto failed; | 165 | goto failed; |
| 166 | 166 | ||
| 167 | /* steal state from ctx struct */ | 167 | /* steal state from ctx struct */ |
| 168 | ocsp_ctx->main_cert = SSL_get_peer_certificate(ctx->ssl_conn); | 168 | ocsp->main_cert = SSL_get_peer_certificate(ctx->ssl_conn); |
| 169 | ocsp_ctx->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn); | 169 | ocsp->extra_certs = SSL_get_peer_cert_chain(ctx->ssl_conn); |
| 170 | if (ocsp_ctx->main_cert == NULL) { | 170 | if (ocsp->main_cert == NULL) { |
| 171 | tls_set_errorx(ctx, "no peer certificate for OCSP"); | 171 | tls_set_errorx(ctx, "no peer certificate for OCSP"); |
| 172 | goto failed; | 172 | goto failed; |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | ocsp_urls = X509_get1_ocsp(ocsp_ctx->main_cert); | 175 | ocsp_urls = X509_get1_ocsp(ocsp->main_cert); |
| 176 | if (ocsp_urls == NULL) | 176 | if (ocsp_urls == NULL) |
| 177 | goto failed; | 177 | goto failed; |
| 178 | ocsp_ctx->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); | 178 | ocsp->ocsp_url = strdup(sk_OPENSSL_STRING_value(ocsp_urls, 0)); |
| 179 | if (ocsp_ctx->ocsp_url == NULL) { | 179 | if (ocsp->ocsp_url == NULL) { |
| 180 | tls_set_errorx(ctx, "out of memory"); | 180 | tls_set_errorx(ctx, "out of memory"); |
| 181 | goto failed; | 181 | goto failed; |
| 182 | } | 182 | } |
| 183 | 183 | ||
| 184 | X509_email_free(ocsp_urls); | 184 | X509_email_free(ocsp_urls); |
| 185 | return ocsp_ctx; | 185 | return ocsp; |
| 186 | 186 | ||
| 187 | failed: | 187 | failed: |
| 188 | tls_ocsp_ctx_free(ocsp_ctx); | 188 | tls_ocsp_free(ocsp); |
| 189 | X509_email_free(ocsp_urls); | 189 | X509_email_free(ocsp_urls); |
| 190 | return NULL; | 190 | return NULL; |
| 191 | } | 191 | } |
| @@ -213,7 +213,7 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) | |||
| 213 | flags = OCSP_TRUSTOTHER; | 213 | flags = OCSP_TRUSTOTHER; |
| 214 | 214 | ||
| 215 | /* now verify */ | 215 | /* now verify */ |
| 216 | if (OCSP_basic_verify(br, ctx->ocsp_ctx->extra_certs, | 216 | if (OCSP_basic_verify(br, ctx->ocsp->extra_certs, |
| 217 | SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) { | 217 | SSL_CTX_get_cert_store(ctx->ssl_ctx), flags) != 1) { |
| 218 | tls_set_error(ctx, "ocsp verify failed"); | 218 | tls_set_error(ctx, "ocsp verify failed"); |
| 219 | goto error; | 219 | goto error; |
| @@ -227,8 +227,8 @@ tls_ocsp_verify_response(struct tls *ctx, OCSP_RESPONSE *resp) | |||
| 227 | goto error; | 227 | goto error; |
| 228 | } | 228 | } |
| 229 | 229 | ||
| 230 | cid = tls_ocsp_get_certid(ctx->ocsp_ctx->main_cert, | 230 | cid = tls_ocsp_get_certid(ctx->ocsp->main_cert, |
| 231 | ctx->ocsp_ctx->extra_certs, ctx->ssl_ctx); | 231 | ctx->ocsp->extra_certs, ctx->ssl_ctx); |
| 232 | if (cid == NULL) { | 232 | if (cid == NULL) { |
| 233 | tls_set_errorx(ctx, "ocsp verify failed: no issuer cert"); | 233 | tls_set_errorx(ctx, "ocsp verify failed: no issuer cert"); |
| 234 | goto error; | 234 | goto error; |
| @@ -281,8 +281,8 @@ tls_ocsp_process_response_internal(struct tls *ctx, const unsigned char *respons | |||
| 281 | 281 | ||
| 282 | resp = d2i_OCSP_RESPONSE(NULL, &response, size); | 282 | resp = d2i_OCSP_RESPONSE(NULL, &response, size); |
| 283 | if (resp == NULL) { | 283 | if (resp == NULL) { |
| 284 | tls_ocsp_ctx_free(ctx->ocsp_ctx); | 284 | tls_ocsp_free(ctx->ocsp); |
| 285 | ctx->ocsp_ctx = NULL; | 285 | ctx->ocsp = NULL; |
| 286 | tls_set_error(ctx, "unable to parse OCSP response"); | 286 | tls_set_error(ctx, "unable to parse OCSP response"); |
| 287 | return -1; | 287 | return -1; |
| 288 | } | 288 | } |
| @@ -311,9 +311,9 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg) | |||
| 311 | return 1; | 311 | return 1; |
| 312 | } | 312 | } |
| 313 | 313 | ||
| 314 | tls_ocsp_ctx_free(ctx->ocsp_ctx); | 314 | tls_ocsp_free(ctx->ocsp); |
| 315 | ctx->ocsp_ctx = tls_ocsp_setup_from_peer(ctx); | 315 | ctx->ocsp = tls_ocsp_setup_from_peer(ctx); |
| 316 | if (ctx->ocsp_ctx != NULL) { | 316 | if (ctx->ocsp != NULL) { |
| 317 | if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0) | 317 | if (ctx->config->verify_cert == 0 || ctx->config->verify_time == 0) |
| 318 | return 1; | 318 | return 1; |
| 319 | res = tls_ocsp_process_response_internal(ctx, raw, size); | 319 | res = tls_ocsp_process_response_internal(ctx, raw, size); |
| @@ -330,79 +330,79 @@ tls_ocsp_verify_cb(SSL *ssl, void *arg) | |||
| 330 | const char * | 330 | const char * |
| 331 | tls_peer_ocsp_url(struct tls *ctx) | 331 | tls_peer_ocsp_url(struct tls *ctx) |
| 332 | { | 332 | { |
| 333 | if (ctx->ocsp_ctx == NULL) | 333 | if (ctx->ocsp == NULL) |
| 334 | return NULL; | 334 | return NULL; |
| 335 | return ctx->ocsp_ctx->ocsp_url; | 335 | return ctx->ocsp->ocsp_url; |
| 336 | } | 336 | } |
| 337 | 337 | ||
| 338 | const char * | 338 | const char * |
| 339 | tls_peer_ocsp_result(struct tls *ctx) | 339 | tls_peer_ocsp_result(struct tls *ctx) |
| 340 | { | 340 | { |
| 341 | if (ctx->ocsp_ctx == NULL) | 341 | if (ctx->ocsp == NULL) |
| 342 | return NULL; | 342 | return NULL; |
| 343 | if (ctx->ocsp_ctx->ocsp_result == NULL) | 343 | if (ctx->ocsp->ocsp_result == NULL) |
| 344 | return NULL; | 344 | return NULL; |
| 345 | return ctx->ocsp_ctx->ocsp_result->result_msg; | 345 | return ctx->ocsp->ocsp_result->result_msg; |
| 346 | } | 346 | } |
| 347 | 347 | ||
| 348 | int | 348 | int |
| 349 | tls_peer_ocsp_response_status(struct tls *ctx) | 349 | tls_peer_ocsp_response_status(struct tls *ctx) |
| 350 | { | 350 | { |
| 351 | if (ctx->ocsp_ctx == NULL) | 351 | if (ctx->ocsp == NULL) |
| 352 | return -1; | 352 | return -1; |
| 353 | if (ctx->ocsp_ctx->ocsp_result == NULL) | 353 | if (ctx->ocsp->ocsp_result == NULL) |
| 354 | return -1; | 354 | return -1; |
| 355 | return ctx->ocsp_ctx->ocsp_result->response_status; | 355 | return ctx->ocsp->ocsp_result->response_status; |
| 356 | } | 356 | } |
| 357 | 357 | ||
| 358 | int | 358 | int |
| 359 | tls_peer_ocsp_cert_status(struct tls *ctx) | 359 | tls_peer_ocsp_cert_status(struct tls *ctx) |
| 360 | { | 360 | { |
| 361 | if (ctx->ocsp_ctx == NULL) | 361 | if (ctx->ocsp == NULL) |
| 362 | return -1; | 362 | return -1; |
| 363 | if (ctx->ocsp_ctx->ocsp_result == NULL) | 363 | if (ctx->ocsp->ocsp_result == NULL) |
| 364 | return -1; | 364 | return -1; |
| 365 | return ctx->ocsp_ctx->ocsp_result->cert_status; | 365 | return ctx->ocsp->ocsp_result->cert_status; |
| 366 | } | 366 | } |
| 367 | 367 | ||
| 368 | int | 368 | int |
| 369 | tls_peer_ocsp_crl_reason(struct tls *ctx) | 369 | tls_peer_ocsp_crl_reason(struct tls *ctx) |
| 370 | { | 370 | { |
| 371 | if (ctx->ocsp_ctx == NULL) | 371 | if (ctx->ocsp == NULL) |
| 372 | return -1; | 372 | return -1; |
| 373 | if (ctx->ocsp_ctx->ocsp_result == NULL) | 373 | if (ctx->ocsp->ocsp_result == NULL) |
| 374 | return -1; | 374 | return -1; |
| 375 | return ctx->ocsp_ctx->ocsp_result->crl_reason; | 375 | return ctx->ocsp->ocsp_result->crl_reason; |
| 376 | } | 376 | } |
| 377 | 377 | ||
| 378 | time_t | 378 | time_t |
| 379 | tls_peer_ocsp_this_update(struct tls *ctx) | 379 | tls_peer_ocsp_this_update(struct tls *ctx) |
| 380 | { | 380 | { |
| 381 | if (ctx->ocsp_ctx == NULL) | 381 | if (ctx->ocsp == NULL) |
| 382 | return -1; | 382 | return -1; |
| 383 | if (ctx->ocsp_ctx->ocsp_result == NULL) | 383 | if (ctx->ocsp->ocsp_result == NULL) |
| 384 | return -1; | 384 | return -1; |
| 385 | return ctx->ocsp_ctx->ocsp_result->this_update; | 385 | return ctx->ocsp->ocsp_result->this_update; |
| 386 | } | 386 | } |
| 387 | 387 | ||
| 388 | time_t | 388 | time_t |
| 389 | tls_peer_ocsp_next_update(struct tls *ctx) | 389 | tls_peer_ocsp_next_update(struct tls *ctx) |
| 390 | { | 390 | { |
| 391 | if (ctx->ocsp_ctx == NULL) | 391 | if (ctx->ocsp == NULL) |
| 392 | return -1; | 392 | return -1; |
| 393 | if (ctx->ocsp_ctx->ocsp_result == NULL) | 393 | if (ctx->ocsp->ocsp_result == NULL) |
| 394 | return -1; | 394 | return -1; |
| 395 | return ctx->ocsp_ctx->ocsp_result->next_update; | 395 | return ctx->ocsp->ocsp_result->next_update; |
| 396 | } | 396 | } |
| 397 | 397 | ||
| 398 | time_t | 398 | time_t |
| 399 | tls_peer_ocsp_revocation_time(struct tls *ctx) | 399 | tls_peer_ocsp_revocation_time(struct tls *ctx) |
| 400 | { | 400 | { |
| 401 | if (ctx->ocsp_ctx == NULL) | 401 | if (ctx->ocsp == NULL) |
| 402 | return -1; | 402 | return -1; |
| 403 | if (ctx->ocsp_ctx->ocsp_result == NULL) | 403 | if (ctx->ocsp->ocsp_result == NULL) |
| 404 | return -1; | 404 | return -1; |
| 405 | return ctx->ocsp_ctx->ocsp_result->revocation_time; | 405 | return ctx->ocsp->ocsp_result->revocation_time; |
| 406 | } | 406 | } |
| 407 | 407 | ||
| 408 | int | 408 | int |