Factor our the keypair handling in libtls. This results in more readable

and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@
author: jsing <> 2016-04-28 17:05:59 +0000
committer: jsing <> 2016-04-28 17:05:59 +0000
commit: f4470c187e09c2ca1bfcf671080ac97b7fc86df2 (patch)
tree: 046b15c71afb290bae07f4b238cfdc296f78ca6b /src/lib/libtls/tls_config.c
parent: 2666540eb58ec0e76b541248bed9d159e6a2ccea (diff)
download: openbsd-f4470c187e09c2ca1bfcf671080ac97b7fc86df2.tar.gz
openbsd-f4470c187e09c2ca1bfcf671080ac97b7fc86df2.tar.bz2
openbsd-f4470c187e09c2ca1bfcf671080ac97b7fc86df2.zip
1 files changed, 100 insertions, 14 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 9c2b5810f6..b395337f49 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.15 2016/04/28 16:48:44 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.16 2016/04/28 17:05:59 jsing Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -57,6 +57,63 @@ set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
        return 0;
 }
+static struct tls_keypair *
+tls_keypair_new()
+{
+        return calloc(1, sizeof(struct tls_keypair));
+}
+static int
+tls_keypair_set_cert_file(struct tls_keypair *keypair, const char *cert_file)
+{
+        return set_string(&keypair->cert_file, cert_file);
+}
+static int
+tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
+    size_t len)
+{
+        return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
+}
+static int
+tls_keypair_set_key_file(struct tls_keypair *keypair, const char *key_file)
+{
+        return set_string(&keypair->key_file, key_file);
+}
+static int
+tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
+    size_t len)
+{
+        if (keypair->key_mem != NULL)
+                explicit_bzero(keypair->key_mem, keypair->key_len);
+        return set_mem(&keypair->key_mem, &keypair->key_len, key, len);
+}
+static void
+tls_keypair_clear(struct tls_keypair *keypair)
+{
+        tls_keypair_set_cert_mem(keypair, NULL, 0);
+        tls_keypair_set_key_mem(keypair, NULL, 0);
+}
+static void
+tls_keypair_free(struct tls_keypair *keypair)
+{
+        if (keypair == NULL)
+                return;
+        tls_keypair_clear(keypair);
+        free((char *)keypair->cert_file);
+        free(keypair->cert_mem);
+        free((char *)keypair->key_file);
+        free(keypair->key_mem);
+        free(keypair);
+}
 struct tls_config *
 tls_config_new(void)
 {
@@ -65,6 +122,9 @@ tls_config_new(void)
        if ((config = calloc(1, sizeof(*config))) == NULL)
                return (NULL);
+        if ((config->keypair = tls_keypair_new()) == NULL)
+                goto err;
        /*
         * Default configuration.
         */
@@ -94,20 +154,21 @@ tls_config_new(void)
 void
 tls_config_free(struct tls_config *config)
 {
+        struct tls_keypair *kp, *nkp;
        if (config == NULL)
                return;
-        tls_config_clear_keys(config);
+        for (kp = config->keypair; kp != NULL; kp = nkp) {
+                nkp = kp->next;
+                tls_keypair_free(kp);
+        }
        free(config->error.msg);
        free((char *)config->ca_file);
        free((char *)config->ca_path);
-        free((char *)config->cert_file);
-        free(config->cert_mem);
        free((char *)config->ciphers);
-        free((char *)config->key_file);
-        free(config->key_mem);
        free(config);
 }
@@ -121,9 +182,12 @@ tls_config_error(struct tls_config *config)
 void
 tls_config_clear_keys(struct tls_config *config)
 {
+        struct tls_keypair *kp;
+        for (kp = config->keypair; kp != NULL; kp = kp->next)
+                tls_keypair_clear(kp);
        tls_config_set_ca_mem(config, NULL, 0);
-        tls_config_set_cert_mem(config, NULL, 0);
-        tls_config_set_key_mem(config, NULL, 0);
 }
 int
@@ -205,14 +269,14 @@ tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
 int
 tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
 {
-        return set_string(&config->cert_file, cert_file);
+        return tls_keypair_set_cert_file(config->keypair, cert_file);
 }
 int
 tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
    size_t len)
 {
-        return set_mem(&config->cert_mem, &config->cert_len, cert, len);
+        return tls_keypair_set_cert_mem(config->keypair, cert, len);
 }
 int
@@ -272,16 +336,38 @@ tls_config_set_ecdhecurve(struct tls_config *config, const char *name)
 int
 tls_config_set_key_file(struct tls_config *config, const char *key_file)
 {
-        return set_string(&config->key_file, key_file);
+        return tls_keypair_set_key_file(config->keypair, key_file);
 }
 int
 tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
    size_t len)
 {
-        if (config->key_mem)
+        return tls_keypair_set_key_mem(config->keypair, key, len);
-                explicit_bzero(config->key_mem, config->key_len);
+}
-        return set_mem(&config->key_mem, &config->key_len, key, len);
+int
+tls_config_set_keypair_file(struct tls_config *config,
+    const char *cert_file, const char *key_file)
+{
+        if (tls_config_set_cert_file(config, cert_file) != 0)
+                return (-1);
+        if (tls_config_set_key_file(config, key_file) != 0)
+                return (-1);
+        return (0);
+}
+int
+tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len)
+{
+        if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
+                return (-1);
+        if (tls_config_set_key_mem(config, key, key_len) != 0)
+                return (-1);
+        return (0);
 }
 void
author	jsing <>	2016-04-28 17:05:59 +0000
committer	jsing <>	2016-04-28 17:05:59 +0000
commit	f4470c187e09c2ca1bfcf671080ac97b7fc86df2 (patch)
tree	046b15c71afb290bae07f4b238cfdc296f78ca6b /src/lib/libtls/tls_config.c
parent	2666540eb58ec0e76b541248bed9d159e6a2ccea (diff)
download	openbsd-f4470c187e09c2ca1bfcf671080ac97b7fc86df2.tar.gz openbsd-f4470c187e09c2ca1bfcf671080ac97b7fc86df2.tar.bz2 openbsd-f4470c187e09c2ca1bfcf671080ac97b7fc86df2.zip

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 9c2b5810f6..b395337f49 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_config.c,v 1.15 2016/04/28 16:48:44 jsing Exp $ */	1	/* $OpenBSD: tls_config.c,v 1.16 2016/04/28 17:05:59 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -57,6 +57,63 @@ set_mem(char *dest, size_t destlen, const void *src, size_t srclen)
57	return 0;	57	return 0;
58	}	58	}
59		59
		60	static struct tls_keypair *
		61	tls_keypair_new()
		62	{
		63	return calloc(1, sizeof(struct tls_keypair));
		64	}
		65
		66	static int
		67	tls_keypair_set_cert_file(struct tls_keypair keypair, const char cert_file)
		68	{
		69	return set_string(&keypair->cert_file, cert_file);
		70	}
		71
		72	static int
		73	tls_keypair_set_cert_mem(struct tls_keypair keypair, const uint8_t cert,
		74	size_t len)
		75	{
		76	return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
		77	}
		78
		79	static int
		80	tls_keypair_set_key_file(struct tls_keypair keypair, const char key_file)
		81	{
		82	return set_string(&keypair->key_file, key_file);
		83	}
		84
		85	static int
		86	tls_keypair_set_key_mem(struct tls_keypair keypair, const uint8_t key,
		87	size_t len)
		88	{
		89	if (keypair->key_mem != NULL)
		90	explicit_bzero(keypair->key_mem, keypair->key_len);
		91	return set_mem(&keypair->key_mem, &keypair->key_len, key, len);
		92	}
		93
		94	static void
		95	tls_keypair_clear(struct tls_keypair *keypair)
		96	{
		97	tls_keypair_set_cert_mem(keypair, NULL, 0);
		98	tls_keypair_set_key_mem(keypair, NULL, 0);
		99	}
		100
		101	static void
		102	tls_keypair_free(struct tls_keypair *keypair)
		103	{
		104	if (keypair == NULL)
		105	return;
		106
		107	tls_keypair_clear(keypair);
		108
		109	free((char *)keypair->cert_file);
		110	free(keypair->cert_mem);
		111	free((char *)keypair->key_file);
		112	free(keypair->key_mem);
		113
		114	free(keypair);
		115	}
		116
60	struct tls_config *	117	struct tls_config *
61	tls_config_new(void)	118	tls_config_new(void)
62	{	119	{
@@ -65,6 +122,9 @@ tls_config_new(void)
65	if ((config = calloc(1, sizeof(*config))) == NULL)	122	if ((config = calloc(1, sizeof(*config))) == NULL)
66	return (NULL);	123	return (NULL);
67		124
		125	if ((config->keypair = tls_keypair_new()) == NULL)
		126	goto err;
		127
68	/*	128	/*
69	* Default configuration.	129	* Default configuration.
70	*/	130	*/
@@ -94,20 +154,21 @@ tls_config_new(void)
94	void	154	void
95	tls_config_free(struct tls_config *config)	155	tls_config_free(struct tls_config *config)
96	{	156	{
		157	struct tls_keypair kp, nkp;
		158
97	if (config == NULL)	159	if (config == NULL)
98	return;	160	return;
99		161
100	tls_config_clear_keys(config);	162	for (kp = config->keypair; kp != NULL; kp = nkp) {
		163	nkp = kp->next;
		164	tls_keypair_free(kp);
		165	}
101		166
102	free(config->error.msg);	167	free(config->error.msg);
103		168
104	free((char *)config->ca_file);	169	free((char *)config->ca_file);
105	free((char *)config->ca_path);	170	free((char *)config->ca_path);
106	free((char *)config->cert_file);
107	free(config->cert_mem);
108	free((char *)config->ciphers);	171	free((char *)config->ciphers);
109	free((char *)config->key_file);
110	free(config->key_mem);
111		172
112	free(config);	173	free(config);
113	}	174	}
@@ -121,9 +182,12 @@ tls_config_error(struct tls_config *config)
121	void	182	void
122	tls_config_clear_keys(struct tls_config *config)	183	tls_config_clear_keys(struct tls_config *config)
123	{	184	{
		185	struct tls_keypair *kp;
		186
		187	for (kp = config->keypair; kp != NULL; kp = kp->next)
		188	tls_keypair_clear(kp);
		189
124	tls_config_set_ca_mem(config, NULL, 0);	190	tls_config_set_ca_mem(config, NULL, 0);
125	tls_config_set_cert_mem(config, NULL, 0);
126	tls_config_set_key_mem(config, NULL, 0);
127	}	191	}
128		192
129	int	193	int
@@ -205,14 +269,14 @@ tls_config_set_ca_mem(struct tls_config config, const uint8_t ca, size_t len)
205	int	269	int
206	tls_config_set_cert_file(struct tls_config config, const char cert_file)	270	tls_config_set_cert_file(struct tls_config config, const char cert_file)
207	{	271	{
208	return set_string(&config->cert_file, cert_file);	272	return tls_keypair_set_cert_file(config->keypair, cert_file);
209	}	273	}
210		274
211	int	275	int
212	tls_config_set_cert_mem(struct tls_config config, const uint8_t cert,	276	tls_config_set_cert_mem(struct tls_config config, const uint8_t cert,
213	size_t len)	277	size_t len)
214	{	278	{
215	return set_mem(&config->cert_mem, &config->cert_len, cert, len);	279	return tls_keypair_set_cert_mem(config->keypair, cert, len);
216	}	280	}
217		281
218	int	282	int
@@ -272,16 +336,38 @@ tls_config_set_ecdhecurve(struct tls_config config, const char name)
272	int	336	int
273	tls_config_set_key_file(struct tls_config config, const char key_file)	337	tls_config_set_key_file(struct tls_config config, const char key_file)
274	{	338	{
275	return set_string(&config->key_file, key_file);	339	return tls_keypair_set_key_file(config->keypair, key_file);
276	}	340	}
277		341
278	int	342	int
279	tls_config_set_key_mem(struct tls_config config, const uint8_t key,	343	tls_config_set_key_mem(struct tls_config config, const uint8_t key,
280	size_t len)	344	size_t len)
281	{	345	{
282	if (config->key_mem)	346	return tls_keypair_set_key_mem(config->keypair, key, len);
283	explicit_bzero(config->key_mem, config->key_len);	347	}
284	return set_mem(&config->key_mem, &config->key_len, key, len);	348
		349	int
		350	tls_config_set_keypair_file(struct tls_config *config,
		351	const char cert_file, const char key_file)
		352	{
		353	if (tls_config_set_cert_file(config, cert_file) != 0)
		354	return (-1);
		355	if (tls_config_set_key_file(config, key_file) != 0)
		356	return (-1);
		357
		358	return (0);
		359	}
		360
		361	int
		362	tls_config_set_keypair_mem(struct tls_config config, const uint8_t cert,
		363	size_t cert_len, const uint8_t *key, size_t key_len)
		364	{
		365	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
		366	return (-1);
		367	if (tls_config_set_key_mem(config, key, key_len) != 0)
		368	return (-1);
		369
		370	return (0);
285	}	371	}
286		372
287	void	373	void