diff options
| author | jsing <> | 2014-10-31 13:46:17 +0000 |
|---|---|---|
| committer | jsing <> | 2014-10-31 13:46:17 +0000 |
| commit | cd85e00508e178758948e7a759609d0f1e7764df (patch) | |
| tree | 44ea21a19ccf529a3e38fb107d3a2d1330f58d8e /src/lib/libtls/tls_config.c | |
| parent | e83bdb8edcd9388f13b71372b277fdcce386a9b0 (diff) | |
| download | openbsd-cd85e00508e178758948e7a759609d0f1e7764df.tar.gz openbsd-cd85e00508e178758948e7a759609d0f1e7764df.tar.bz2 openbsd-cd85e00508e178758948e7a759609d0f1e7764df.zip | |
Rename libressl to libtls to avoid confusion and to make it easier to
distinguish between LibreSSL (the project) and libressl (the library).
Discussed with many.
Diffstat (limited to 'src/lib/libtls/tls_config.c')
| -rw-r--r-- | src/lib/libtls/tls_config.c | 201 |
1 files changed, 201 insertions, 0 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c new file mode 100644 index 0000000000..0e435f616a --- /dev/null +++ b/src/lib/libtls/tls_config.c | |||
| @@ -0,0 +1,201 @@ | |||
| 1 | /* $OpenBSD: tls_config.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */ | ||
| 2 | /* | ||
| 3 | * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> | ||
| 4 | * | ||
| 5 | * Permission to use, copy, modify, and distribute this software for any | ||
| 6 | * purpose with or without fee is hereby granted, provided that the above | ||
| 7 | * copyright notice and this permission notice appear in all copies. | ||
| 8 | * | ||
| 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | ||
| 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | ||
| 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | ||
| 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | ||
| 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | ||
| 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | ||
| 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | ||
| 16 | */ | ||
| 17 | |||
| 18 | #include <errno.h> | ||
| 19 | #include <stdlib.h> | ||
| 20 | |||
| 21 | #include <tls.h> | ||
| 22 | #include "tls_internal.h" | ||
| 23 | |||
| 24 | static int | ||
| 25 | set_string(const char **dest, const char *src) | ||
| 26 | { | ||
| 27 | free((char *)*dest); | ||
| 28 | *dest = NULL; | ||
| 29 | if (src != NULL) | ||
| 30 | if ((*dest = strdup(src)) == NULL) | ||
| 31 | return -1; | ||
| 32 | return 0; | ||
| 33 | } | ||
| 34 | |||
| 35 | static void * | ||
| 36 | memdup(const void *in, size_t len) | ||
| 37 | { | ||
| 38 | void *out; | ||
| 39 | |||
| 40 | if ((out = malloc(len)) == NULL) | ||
| 41 | return NULL; | ||
| 42 | memcpy(out, in, len); | ||
| 43 | return out; | ||
| 44 | } | ||
| 45 | |||
| 46 | static int | ||
| 47 | set_mem(char **dest, size_t *destlen, const void *src, size_t srclen) | ||
| 48 | { | ||
| 49 | free(*dest); | ||
| 50 | *dest = NULL; | ||
| 51 | *destlen = 0; | ||
| 52 | if (src != NULL) | ||
| 53 | if ((*dest = memdup(src, srclen)) == NULL) | ||
| 54 | return -1; | ||
| 55 | *destlen = srclen; | ||
| 56 | return 0; | ||
| 57 | } | ||
| 58 | |||
| 59 | struct tls_config * | ||
| 60 | tls_config_new(void) | ||
| 61 | { | ||
| 62 | struct tls_config *config; | ||
| 63 | |||
| 64 | if ((config = calloc(1, sizeof(*config))) == NULL) | ||
| 65 | return (NULL); | ||
| 66 | |||
| 67 | /* | ||
| 68 | * Default configuration. | ||
| 69 | */ | ||
| 70 | if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) { | ||
| 71 | tls_config_free(config); | ||
| 72 | return (NULL); | ||
| 73 | } | ||
| 74 | tls_config_set_ecdhcurve(config, "auto"); | ||
| 75 | tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT); | ||
| 76 | tls_config_set_verify_depth(config, 6); | ||
| 77 | |||
| 78 | tls_config_verify(config); | ||
| 79 | |||
| 80 | return (config); | ||
| 81 | } | ||
| 82 | |||
| 83 | void | ||
| 84 | tls_config_free(struct tls_config *config) | ||
| 85 | { | ||
| 86 | if (config == NULL) | ||
| 87 | return; | ||
| 88 | |||
| 89 | tls_config_clear_keys(config); | ||
| 90 | |||
| 91 | free((char *)config->ca_file); | ||
| 92 | free((char *)config->ca_path); | ||
| 93 | free((char *)config->cert_file); | ||
| 94 | free(config->cert_mem); | ||
| 95 | free((char *)config->ciphers); | ||
| 96 | free((char *)config->key_file); | ||
| 97 | free(config->key_mem); | ||
| 98 | |||
| 99 | free(config); | ||
| 100 | } | ||
| 101 | |||
| 102 | void | ||
| 103 | tls_config_clear_keys(struct tls_config *config) | ||
| 104 | { | ||
| 105 | tls_config_set_cert_mem(config, NULL, 0); | ||
| 106 | tls_config_set_key_mem(config, NULL, 0); | ||
| 107 | } | ||
| 108 | |||
| 109 | int | ||
| 110 | tls_config_set_ca_file(struct tls_config *config, const char *ca_file) | ||
| 111 | { | ||
| 112 | return set_string(&config->ca_file, ca_file); | ||
| 113 | } | ||
| 114 | |||
| 115 | int | ||
| 116 | tls_config_set_ca_path(struct tls_config *config, const char *ca_path) | ||
| 117 | { | ||
| 118 | return set_string(&config->ca_path, ca_path); | ||
| 119 | } | ||
| 120 | |||
| 121 | int | ||
| 122 | tls_config_set_cert_file(struct tls_config *config, const char *cert_file) | ||
| 123 | { | ||
| 124 | return set_string(&config->cert_file, cert_file); | ||
| 125 | } | ||
| 126 | |||
| 127 | int | ||
| 128 | tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert, | ||
| 129 | size_t len) | ||
| 130 | { | ||
| 131 | return set_mem(&config->cert_mem, &config->cert_len, cert, len); | ||
| 132 | } | ||
| 133 | |||
| 134 | int | ||
| 135 | tls_config_set_ciphers(struct tls_config *config, const char *ciphers) | ||
| 136 | { | ||
| 137 | return set_string(&config->ciphers, ciphers); | ||
| 138 | } | ||
| 139 | |||
| 140 | int | ||
| 141 | tls_config_set_ecdhcurve(struct tls_config *config, const char *name) | ||
| 142 | { | ||
| 143 | int nid; | ||
| 144 | |||
| 145 | if (name == NULL) | ||
| 146 | nid = NID_undef; | ||
| 147 | else if (strcasecmp(name, "auto") == 0) | ||
| 148 | nid = -1; | ||
| 149 | else if ((nid = OBJ_txt2nid(name)) == NID_undef) | ||
| 150 | return (-1); | ||
| 151 | |||
| 152 | config->ecdhcurve = nid; | ||
| 153 | |||
| 154 | return (0); | ||
| 155 | } | ||
| 156 | |||
| 157 | int | ||
| 158 | tls_config_set_key_file(struct tls_config *config, const char *key_file) | ||
| 159 | { | ||
| 160 | return set_string(&config->key_file, key_file); | ||
| 161 | } | ||
| 162 | |||
| 163 | int | ||
| 164 | tls_config_set_key_mem(struct tls_config *config, const uint8_t *key, | ||
| 165 | size_t len) | ||
| 166 | { | ||
| 167 | if (config->key_mem) | ||
| 168 | explicit_bzero(config->key_mem, config->key_len); | ||
| 169 | return set_mem(&config->key_mem, &config->key_len, key, len); | ||
| 170 | } | ||
| 171 | |||
| 172 | void | ||
| 173 | tls_config_set_protocols(struct tls_config *config, uint32_t protocols) | ||
| 174 | { | ||
| 175 | config->protocols = protocols; | ||
| 176 | } | ||
| 177 | |||
| 178 | void | ||
| 179 | tls_config_set_verify_depth(struct tls_config *config, int verify_depth) | ||
| 180 | { | ||
| 181 | config->verify_depth = verify_depth; | ||
| 182 | } | ||
| 183 | |||
| 184 | void | ||
| 185 | tls_config_insecure_noverifyhost(struct tls_config *config) | ||
| 186 | { | ||
| 187 | config->verify_host = 0; | ||
| 188 | } | ||
| 189 | |||
| 190 | void | ||
| 191 | tls_config_insecure_noverifycert(struct tls_config *config) | ||
| 192 | { | ||
| 193 | config->verify_cert = 0; | ||
| 194 | } | ||
| 195 | |||
| 196 | void | ||
| 197 | tls_config_verify(struct tls_config *config) | ||
| 198 | { | ||
| 199 | config->verify_host = 1; | ||
| 200 | config->verify_cert = 1; | ||
| 201 | } | ||