revamp the config interface to own memory. easier to use correctly without

caller worrying about leaks or lifetimes. after feedback from jsing
author: tedu <> 2014-09-28 06:24:00 +0000
committer: tedu <> 2014-09-28 06:24:00 +0000
commit: 9db6a5b9d7bcae094827d75a94a39b0626456b92 (patch)
tree: 572254b10f62c9115d52cc5b067e5bf17ecb93ce
parent: 15ab81987c18dd77372bb5bdd8b201d0aa2f72b3 (diff)
download: openbsd-9db6a5b9d7bcae094827d75a94a39b0626456b92.tar.gz
openbsd-9db6a5b9d7bcae094827d75a94a39b0626456b92.tar.bz2
openbsd-9db6a5b9d7bcae094827d75a94a39b0626456b92.zip
3 files changed, 99 insertions, 49 deletions
diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c
index c5e28a4f36..1bf971419b 100644
--- a/src/lib/libressl/ressl.c
+++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.c,v 1.12 2014/08/15 16:55:32 tedu Exp $ */
+/* $OpenBSD: ressl.c,v 1.13 2014/09/28 06:24:00 tedu Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -29,7 +29,7 @@
 #include <ressl.h>
 #include "ressl_internal.h"
-extern struct ressl_config ressl_config_default;
+static struct ressl_config *ressl_config_default;
 int
 ressl_init(void)
@@ -42,6 +42,9 @@ ressl_init(void)
        SSL_load_error_strings();
        SSL_library_init();
+        if ((ressl_config_default = ressl_config_new()) == NULL)
+                return (-1);
        ressl_initialised = 1;
        return (0);
@@ -78,7 +81,7 @@ ressl_new(void)
        if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
                return (NULL);
-        ctx->config = &ressl_config_default;
+        ctx->config = ressl_config_default;
        ressl_reset(ctx);
@@ -89,7 +92,7 @@ int
 ressl_configure(struct ressl *ctx, struct ressl_config *config)
 {
        if (config == NULL)
-                config = &ressl_config_default;
+                config = ressl_config_default;
        ctx->config = config;
diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h
index ebd589313b..192f863f44 100644
--- a/src/lib/libressl/ressl.h
+++ b/src/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl.h,v 1.13 2014/08/27 10:46:53 reyk Exp $ */
+/* $OpenBSD: ressl.h,v 1.14 2014/09/28 06:24:00 tedu Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -31,15 +31,15 @@ const char *ressl_error(struct ressl *ctx);
 struct ressl_config *ressl_config_new(void);
 void ressl_config_free(struct ressl_config *config);
-void ressl_config_set_ca_file(struct ressl_config *config, char *ca_file);
+int ressl_config_set_ca_file(struct ressl_config *config, const char *ca_file);
-void ressl_config_set_ca_path(struct ressl_config *config, char *ca_path);
+int ressl_config_set_ca_path(struct ressl_config *config, const char *ca_path);
-void ressl_config_set_cert_file(struct ressl_config *config, char *cert_file);
+int ressl_config_set_cert_file(struct ressl_config *config, const char *cert_file);
-void ressl_config_set_cert_mem(struct ressl_config *config, char *cert,
+int ressl_config_set_cert_mem(struct ressl_config *config, const uint8_t *cert,
    size_t len);
-void ressl_config_set_ciphers(struct ressl_config *config, char *ciphers);
+int ressl_config_set_ciphers(struct ressl_config *config, const char *ciphers);
 int ressl_config_set_ecdhcurve(struct ressl_config *config, const char *);
-void ressl_config_set_key_file(struct ressl_config *config, char *key_file);
+int ressl_config_set_key_file(struct ressl_config *config, const char *key_file);
-void ressl_config_set_key_mem(struct ressl_config *config, char *key,
+int ressl_config_set_key_mem(struct ressl_config *config, const uint8_t *key,
    size_t len);
 void ressl_config_set_verify_depth(struct ressl_config *config,
    int verify_depth);
diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c
index aa353be01f..5deb8d187f 100644
--- a/src/lib/libressl/ressl_config.c
+++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */
+/* $OpenBSD: ressl_config.c,v 1.9 2014/09/28 06:24:00 tedu Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -21,27 +21,60 @@
 #include <ressl.h>
 #include "ressl_internal.h"
-/*
+static int
- * Default configuration.
+set_string(const char **dest, const char *src)
- */
+{
-struct ressl_config ressl_config_default = {
+        free((char *)*dest);
-        .ca_file = _PATH_SSL_CA_FILE,
+        *dest = NULL;
-        .ca_path = NULL,
+        if (src != NULL)
-        .ciphers = NULL,
+                if ((*dest = strdup(src)) == NULL)
-        .ecdhcurve = NID_X9_62_prime256v1,
+                        return -1;
-        .verify = 1,
+        return 0;
-        .verify_depth = 6,
+}
-};
+static void *
+memdup(const void *in, size_t len)
+{
+        void *out;
+        if ((out = malloc(len)) == NULL)
+                return NULL;
+        memcpy(out, in, len);
+        return out;
+}
+static int
+set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
+{
+        free(*dest);
+        *dest = NULL;
+        *destlen = 0;
+        if (src != NULL)
+                if ((*dest = memdup(src, srclen)) == NULL)
+                        return -1;
+        *destlen = srclen;
+        return 0;
+}
 struct ressl_config *
 ressl_config_new(void)
 {
        struct ressl_config *config;
-        if ((config = malloc(sizeof(*config))) == NULL)
+        if ((config = calloc(1, sizeof(*config))) == NULL)
                return (NULL);
-        memcpy(config, &ressl_config_default, sizeof(*config));
+        /*
+         * Default configuration.
+         */
+        if (ressl_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
+                ressl_config_free(config);
+                return (NULL);
+        }
+        ressl_config_verify(config);
+        ressl_config_set_verify_depth(config, 6);
+        /* ? use function ? */
+        config->ecdhcurve = NID_X9_62_prime256v1;
        
        return (config);
 }
@@ -49,38 +82,50 @@ ressl_config_new(void)
 void
 ressl_config_free(struct ressl_config *config)
 {
+        if (config == NULL)
+                return;
+        free((char *)config->ca_file);
+        free((char *)config->ca_path);
+        free((char *)config->cert_file);
+        free(config->cert_mem);
+        free((char *)config->ciphers);
+        free((char *)config->key_file);
+        if (config->key_mem != NULL) {
+                explicit_bzero(config->key_mem, config->key_len);
+                free(config->key_mem);
+        }
        free(config);
 }
-void
+int
-ressl_config_set_ca_file(struct ressl_config *config, char *ca_file)
+ressl_config_set_ca_file(struct ressl_config *config, const char *ca_file)
 {
-        config->ca_file = ca_file;
+        return set_string(&config->ca_file, ca_file);
 }
-void
+int
-ressl_config_set_ca_path(struct ressl_config *config, char *ca_path)
+ressl_config_set_ca_path(struct ressl_config *config, const char *ca_path)
 {
-        config->ca_path = ca_path;
+        return set_string(&config->ca_path, ca_path);
 }
-void
+int
-ressl_config_set_cert_file(struct ressl_config *config, char *cert_file)
+ressl_config_set_cert_file(struct ressl_config *config, const char *cert_file)
 {
-        config->cert_file = cert_file;
+        return set_string(&config->cert_file, cert_file);
 }
-void
+int
-ressl_config_set_cert_mem(struct ressl_config *config, char *cert, size_t len)
+ressl_config_set_cert_mem(struct ressl_config *config, const uint8_t *cert,
+    size_t len)
 {
-        config->cert_mem = cert;
+        return set_mem(&config->cert_mem, &config->cert_len, cert, len);
-        config->cert_len = len;
 }
-void
+int
-ressl_config_set_ciphers(struct ressl_config *config, char *ciphers)
+ressl_config_set_ciphers(struct ressl_config *config, const char *ciphers)
 {
-        config->ciphers = ciphers;
+        return set_string(&config->ciphers, ciphers);
 }
 int
@@ -95,17 +140,19 @@ ressl_config_set_ecdhcurve(struct ressl_config *config, const char *name)
        return (0);
 }
-void
+int
-ressl_config_set_key_file(struct ressl_config *config, char *key_file)
+ressl_config_set_key_file(struct ressl_config *config, const char *key_file)
 {
-        config->key_file = key_file;
+        return set_string(&config->key_file, key_file);
 }
-void
+int
-ressl_config_set_key_mem(struct ressl_config *config, char *key, size_t len)
+ressl_config_set_key_mem(struct ressl_config *config, const uint8_t *key,
+    size_t len)
 {
-        config->key_mem = key;
+        if (config->key_mem)
-        config->key_len = len;
+                explicit_bzero(config->key_mem, config->key_len);
+        return set_mem(&config->key_mem, &config->key_len, key, len);
 }
 void
author	tedu <>	2014-09-28 06:24:00 +0000
committer	tedu <>	2014-09-28 06:24:00 +0000
commit	9db6a5b9d7bcae094827d75a94a39b0626456b92 (patch)
tree	572254b10f62c9115d52cc5b067e5bf17ecb93ce
parent	15ab81987c18dd77372bb5bdd8b201d0aa2f72b3 (diff)
download	openbsd-9db6a5b9d7bcae094827d75a94a39b0626456b92.tar.gz openbsd-9db6a5b9d7bcae094827d75a94a39b0626456b92.tar.bz2 openbsd-9db6a5b9d7bcae094827d75a94a39b0626456b92.zip

diff --git a/src/lib/libressl/ressl.c b/src/lib/libressl/ressl.c index c5e28a4f36..1bf971419b 100644 --- a/src/lib/libressl/ressl.c +++ b/src/lib/libressl/ressl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl.c,v 1.12 2014/08/15 16:55:32 tedu Exp $ */	1	/* $OpenBSD: ressl.c,v 1.13 2014/09/28 06:24:00 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -29,7 +29,7 @@
29	#include <ressl.h>	29	#include <ressl.h>
30	#include "ressl_internal.h"	30	#include "ressl_internal.h"
31		31
32	extern struct ressl_config ressl_config_default;	32	static struct ressl_config *ressl_config_default;
33		33
34	int	34	int
35	ressl_init(void)	35	ressl_init(void)
@@ -42,6 +42,9 @@ ressl_init(void)
42	SSL_load_error_strings();	42	SSL_load_error_strings();
43	SSL_library_init();	43	SSL_library_init();
44		44
		45	if ((ressl_config_default = ressl_config_new()) == NULL)
		46	return (-1);
		47
45	ressl_initialised = 1;	48	ressl_initialised = 1;
46		49
47	return (0);	50	return (0);
@@ -78,7 +81,7 @@ ressl_new(void)
78	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)	81	if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
79	return (NULL);	82	return (NULL);
80		83
81	ctx->config = &ressl_config_default;	84	ctx->config = ressl_config_default;
82		85
83	ressl_reset(ctx);	86	ressl_reset(ctx);
84		87
@@ -89,7 +92,7 @@ int
89	ressl_configure(struct ressl ctx, struct ressl_config config)	92	ressl_configure(struct ressl ctx, struct ressl_config config)
90	{	93	{
91	if (config == NULL)	94	if (config == NULL)
92	config = &ressl_config_default;	95	config = ressl_config_default;
93		96
94	ctx->config = config;	97	ctx->config = config;
95		98


diff --git a/src/lib/libressl/ressl.h b/src/lib/libressl/ressl.h index ebd589313b..192f863f44 100644 --- a/src/lib/libressl/ressl.h +++ b/src/lib/libressl/ressl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl.h,v 1.13 2014/08/27 10:46:53 reyk Exp $ */	1	/* $OpenBSD: ressl.h,v 1.14 2014/09/28 06:24:00 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -31,15 +31,15 @@ const char ressl_error(struct ressl ctx);
31	struct ressl_config *ressl_config_new(void);	31	struct ressl_config *ressl_config_new(void);
32	void ressl_config_free(struct ressl_config *config);	32	void ressl_config_free(struct ressl_config *config);
33		33
34	void ressl_config_set_ca_file(struct ressl_config config, char ca_file);	34	int ressl_config_set_ca_file(struct ressl_config config, const char ca_file);
35	void ressl_config_set_ca_path(struct ressl_config config, char ca_path);	35	int ressl_config_set_ca_path(struct ressl_config config, const char ca_path);
36	void ressl_config_set_cert_file(struct ressl_config config, char cert_file);	36	int ressl_config_set_cert_file(struct ressl_config config, const char cert_file);
37	void ressl_config_set_cert_mem(struct ressl_config config, char cert,	37	int ressl_config_set_cert_mem(struct ressl_config config, const uint8_t cert,
38	size_t len);	38	size_t len);
39	void ressl_config_set_ciphers(struct ressl_config config, char ciphers);	39	int ressl_config_set_ciphers(struct ressl_config config, const char ciphers);
40	int ressl_config_set_ecdhcurve(struct ressl_config config, const char );	40	int ressl_config_set_ecdhcurve(struct ressl_config config, const char );
41	void ressl_config_set_key_file(struct ressl_config config, char key_file);	41	int ressl_config_set_key_file(struct ressl_config config, const char key_file);
42	void ressl_config_set_key_mem(struct ressl_config config, char key,	42	int ressl_config_set_key_mem(struct ressl_config config, const uint8_t key,
43	size_t len);	43	size_t len);
44	void ressl_config_set_verify_depth(struct ressl_config *config,	44	void ressl_config_set_verify_depth(struct ressl_config *config,
45	int verify_depth);	45	int verify_depth);


diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c index aa353be01f..5deb8d187f 100644 --- a/src/lib/libressl/ressl_config.c +++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */	1	/* $OpenBSD: ressl_config.c,v 1.9 2014/09/28 06:24:00 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -21,27 +21,60 @@
21	#include <ressl.h>	21	#include <ressl.h>
22	#include "ressl_internal.h"	22	#include "ressl_internal.h"
23		23
24	/*	24	static int
25	* Default configuration.	25	set_string(const char *dest, const char src)
26	*/	26	{
27	struct ressl_config ressl_config_default = {	27	free((char )dest);
28	.ca_file = _PATH_SSL_CA_FILE,	28	*dest = NULL;
29	.ca_path = NULL,	29	if (src != NULL)
30	.ciphers = NULL,	30	if ((*dest = strdup(src)) == NULL)
31	.ecdhcurve = NID_X9_62_prime256v1,	31	return -1;
32	.verify = 1,	32	return 0;
33	.verify_depth = 6,	33	}
34	};	34
		35	static void *
		36	memdup(const void *in, size_t len)
		37	{
		38	void *out;
		39
		40	if ((out = malloc(len)) == NULL)
		41	return NULL;
		42	memcpy(out, in, len);
		43	return out;
		44	}
		45
		46	static int
		47	set_mem(char *dest, size_t destlen, const void *src, size_t srclen)
		48	{
		49	free(*dest);
		50	*dest = NULL;
		51	*destlen = 0;
		52	if (src != NULL)
		53	if ((*dest = memdup(src, srclen)) == NULL)
		54	return -1;
		55	*destlen = srclen;
		56	return 0;
		57	}
35		58
36	struct ressl_config *	59	struct ressl_config *
37	ressl_config_new(void)	60	ressl_config_new(void)
38	{	61	{
39	struct ressl_config *config;	62	struct ressl_config *config;
40		63
41	if ((config = malloc(sizeof(*config))) == NULL)	64	if ((config = calloc(1, sizeof(*config))) == NULL)
42	return (NULL);	65	return (NULL);
43		66
44	memcpy(config, &ressl_config_default, sizeof(*config));	67	/*
		68	* Default configuration.
		69	*/
		70	if (ressl_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
		71	ressl_config_free(config);
		72	return (NULL);
		73	}
		74	ressl_config_verify(config);
		75	ressl_config_set_verify_depth(config, 6);
		76	/* ? use function ? */
		77	config->ecdhcurve = NID_X9_62_prime256v1;
45		78
46	return (config);	79	return (config);
47	}	80	}
@@ -49,38 +82,50 @@ ressl_config_new(void)
49	void	82	void
50	ressl_config_free(struct ressl_config *config)	83	ressl_config_free(struct ressl_config *config)
51	{	84	{
		85	if (config == NULL)
		86	return;
		87	free((char *)config->ca_file);
		88	free((char *)config->ca_path);
		89	free((char *)config->cert_file);
		90	free(config->cert_mem);
		91	free((char *)config->ciphers);
		92	free((char *)config->key_file);
		93	if (config->key_mem != NULL) {
		94	explicit_bzero(config->key_mem, config->key_len);
		95	free(config->key_mem);
		96	}
52	free(config);	97	free(config);
53	}	98	}
54		99
55	void	100	int
56	ressl_config_set_ca_file(struct ressl_config config, char ca_file)	101	ressl_config_set_ca_file(struct ressl_config config, const char ca_file)
57	{	102	{
58	config->ca_file = ca_file;	103	return set_string(&config->ca_file, ca_file);
59	}	104	}
60		105
61	void	106	int
62	ressl_config_set_ca_path(struct ressl_config config, char ca_path)	107	ressl_config_set_ca_path(struct ressl_config config, const char ca_path)
63	{	108	{
64	config->ca_path = ca_path;	109	return set_string(&config->ca_path, ca_path);
65	}	110	}
66		111
67	void	112	int
68	ressl_config_set_cert_file(struct ressl_config config, char cert_file)	113	ressl_config_set_cert_file(struct ressl_config config, const char cert_file)
69	{	114	{
70	config->cert_file = cert_file;	115	return set_string(&config->cert_file, cert_file);
71	}	116	}
72		117
73	void	118	int
74	ressl_config_set_cert_mem(struct ressl_config config, char cert, size_t len)	119	ressl_config_set_cert_mem(struct ressl_config config, const uint8_t cert,
		120	size_t len)
75	{	121	{
76	config->cert_mem = cert;	122	return set_mem(&config->cert_mem, &config->cert_len, cert, len);
77	config->cert_len = len;
78	}	123	}
79		124
80	void	125	int
81	ressl_config_set_ciphers(struct ressl_config config, char ciphers)	126	ressl_config_set_ciphers(struct ressl_config config, const char ciphers)
82	{	127	{
83	config->ciphers = ciphers;	128	return set_string(&config->ciphers, ciphers);
84	}	129	}
85		130
86	int	131	int
@@ -95,17 +140,19 @@ ressl_config_set_ecdhcurve(struct ressl_config config, const char name)
95	return (0);	140	return (0);
96	}	141	}
97		142
98	void	143	int
99	ressl_config_set_key_file(struct ressl_config config, char key_file)	144	ressl_config_set_key_file(struct ressl_config config, const char key_file)
100	{	145	{
101	config->key_file = key_file;	146	return set_string(&config->key_file, key_file);
102	}	147	}
103		148
104	void	149	int
105	ressl_config_set_key_mem(struct ressl_config config, char key, size_t len)	150	ressl_config_set_key_mem(struct ressl_config config, const uint8_t key,
		151	size_t len)
106	{	152	{
107	config->key_mem = key;	153	if (config->key_mem)
108	config->key_len = len;	154	explicit_bzero(config->key_mem, config->key_len);
		155	return set_mem(&config->key_mem, &config->key_len, key, len);
109	}	156	}
110		157
111	void	158	void