Move connection info into it's own private structure allocated and filled in

at handshake time. change accessors to return const char * to remove need for caller to free memory. ok jsing@
author: beck <> 2015-09-12 21:00:38 +0000
committer: beck <> 2015-09-12 21:00:38 +0000
commit: 843b2711f954203e88a74d8355945a89c1ab90f1 (patch)
tree: 926c057595ea50242eb49f4f725d0bf1a0488e65 /src/lib/libtls/tls_peer.c
parent: 87d776f0b17643e885aed2915eeed7dd80555478 (diff)
download: openbsd-843b2711f954203e88a74d8355945a89c1ab90f1.tar.gz
openbsd-843b2711f954203e88a74d8355945a89c1ab90f1.tar.bz2
openbsd-843b2711f954203e88a74d8355945a89c1ab90f1.zip
1 files changed, 18 insertions, 90 deletions
diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c
index cd1984f215..3145e500c4 100644
--- a/src/lib/libtls/tls_peer.c
+++ b/src/lib/libtls/tls_peer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_peer.c,v 1.3 2015/09/11 13:22:39 beck Exp $ */
+/* $OpenBSD: tls_peer.c,v 1.4 2015/09/12 21:00:38 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -23,68 +23,27 @@
 #include <tls.h>
 #include "tls_internal.h"
-static int
+const char *
-tls_hex_string(const unsigned char *in, size_t inlen, char **out,
+tls_peer_cert_hash(struct tls *ctx)
-    size_t *outlen)
 {
-        static const char hex[] = "0123456789abcdef";
+        if (ctx->conninfo)
-        size_t i, len;
+                return (ctx->conninfo->hash);
-        char *p;
+        return NULL;
-        if (outlen != NULL)
-                *outlen = 0;
-        if (inlen >= SIZE_MAX)
-                return (-1);
-        if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL)
-                return (-1);
-        p = *out;
-        len = 0;
-        for (i = 0; i < inlen; i++) {
-                p[len++] = hex[(in[i] >> 4) & 0x0f];
-                p[len++] = hex[in[i] & 0x0f];
-        }
-        p[len++] = 0;
-        if (outlen != NULL)
-                *outlen = len;
-        return (0);
 }
+const char *
-int
+tls_peer_cert_issuer(struct tls *ctx)
-tls_peer_cert_hash(struct tls *ctx, char **hash)
 {
-        char d[EVP_MAX_MD_SIZE], *dhex = NULL;
+        if (ctx->conninfo)
-        int dlen, rv = -1;
+                return (ctx->conninfo->issuer);
+        return NULL;
-        *hash = NULL;
+}
-        if (ctx->ssl_peer_cert == NULL)
-                return (0);
-        if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {
-                tls_set_errorx(ctx, "digest failed");
-                goto err;
-        }
-        if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
-                tls_set_errorx(ctx, "digest hex string failed");
-                goto err;
-        }
-        if (asprintf(hash, "SHA256:%s", dhex) == -1) {
-                tls_set_errorx(ctx, "out of memory");
-                *hash = NULL;
-                goto err;
-        }
-        rv = 0;
-err:
-        free(dhex);
-        return (rv);
+const char *
+tls_peer_cert_subject(struct tls *ctx)
+{
+        if (ctx->conninfo)
+                return (ctx->conninfo->subject);
+        return NULL;
 }
 int
@@ -102,34 +61,3 @@ tls_peer_cert_contains_name(struct tls *ctx, const char *name)
        return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
 }
-int
-tls_peer_cert_issuer(struct tls *ctx,  char **issuer)
-{
-        X509_NAME *name = NULL;
-        *issuer = NULL;
-        if (ctx->ssl_peer_cert == NULL)
-                return (-1);
-        if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL)
-                return (-1);
-        *issuer = X509_NAME_oneline(name, 0, 0);
-        if (*issuer == NULL)
-                return (-1);
-        return (0);
-}
-int
-tls_peer_cert_subject(struct tls *ctx, char **subject)
-{
-        X509_NAME *name = NULL;
-        *subject = NULL;
-        if (ctx->ssl_peer_cert == NULL)
-                return (-1);
-        if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL)
-                return (-1);
-        *subject = X509_NAME_oneline(name, 0, 0);
-        if (*subject == NULL)
-                return (-1);
-        return (0);
-}
author	beck <>	2015-09-12 21:00:38 +0000
committer	beck <>	2015-09-12 21:00:38 +0000
commit	843b2711f954203e88a74d8355945a89c1ab90f1 (patch)
tree	926c057595ea50242eb49f4f725d0bf1a0488e65 /src/lib/libtls/tls_peer.c
parent	87d776f0b17643e885aed2915eeed7dd80555478 (diff)
download	openbsd-843b2711f954203e88a74d8355945a89c1ab90f1.tar.gz openbsd-843b2711f954203e88a74d8355945a89c1ab90f1.tar.bz2 openbsd-843b2711f954203e88a74d8355945a89c1ab90f1.zip

diff --git a/src/lib/libtls/tls_peer.c b/src/lib/libtls/tls_peer.c index cd1984f215..3145e500c4 100644 --- a/src/lib/libtls/tls_peer.c +++ b/src/lib/libtls/tls_peer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_peer.c,v 1.3 2015/09/11 13:22:39 beck Exp $ */	1	/* $OpenBSD: tls_peer.c,v 1.4 2015/09/12 21:00:38 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -23,68 +23,27 @@
23	#include <tls.h>	23	#include <tls.h>
24	#include "tls_internal.h"	24	#include "tls_internal.h"
25		25
26	static int	26	const char *
27	tls_hex_string(const unsigned char in, size_t inlen, char *out,	27	tls_peer_cert_hash(struct tls *ctx)
28	size_t *outlen)
29	{	28	{
30	static const char hex[] = "0123456789abcdef";	29	if (ctx->conninfo)
31	size_t i, len;	30	return (ctx->conninfo->hash);
32	char *p;	31	return NULL;
33
34	if (outlen != NULL)
35	*outlen = 0;
36
37	if (inlen >= SIZE_MAX)
38	return (-1);
39	if ((*out = reallocarray(NULL, inlen + 1, 2)) == NULL)
40	return (-1);
41
42	p = *out;
43	len = 0;
44	for (i = 0; i < inlen; i++) {
45	p[len++] = hex[(in[i] >> 4) & 0x0f];
46	p[len++] = hex[in[i] & 0x0f];
47	}
48	p[len++] = 0;
49
50	if (outlen != NULL)
51	*outlen = len;
52
53	return (0);
54	}	32	}
55		33	const char *
56	int	34	tls_peer_cert_issuer(struct tls *ctx)
57	tls_peer_cert_hash(struct tls ctx, char *hash)
58	{	35	{
59	char d[EVP_MAX_MD_SIZE], *dhex = NULL;	36	if (ctx->conninfo)
60	int dlen, rv = -1;	37	return (ctx->conninfo->issuer);
61		38	return NULL;
62	*hash = NULL;	39	}
63	if (ctx->ssl_peer_cert == NULL)
64	return (0);
65
66	if (X509_digest(ctx->ssl_peer_cert, EVP_sha256(), d, &dlen) != 1) {
67	tls_set_errorx(ctx, "digest failed");
68	goto err;
69	}
70
71	if (tls_hex_string(d, dlen, &dhex, NULL) != 0) {
72	tls_set_errorx(ctx, "digest hex string failed");
73	goto err;
74	}
75
76	if (asprintf(hash, "SHA256:%s", dhex) == -1) {
77	tls_set_errorx(ctx, "out of memory");
78	*hash = NULL;
79	goto err;
80	}
81
82	rv = 0;
83
84	err:
85	free(dhex);
86		40
87	return (rv);	41	const char *
		42	tls_peer_cert_subject(struct tls *ctx)
		43	{
		44	if (ctx->conninfo)
		45	return (ctx->conninfo->subject);
		46	return NULL;
88	}	47	}
89		48
90	int	49	int
@@ -102,34 +61,3 @@ tls_peer_cert_contains_name(struct tls ctx, const char name)
102	return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);	61	return (tls_check_name(ctx, ctx->ssl_peer_cert, name) == 0);
103	}	62	}
104		63
105	int
106	tls_peer_cert_issuer(struct tls ctx, char *issuer)
107	{
108	X509_NAME *name = NULL;
109
110	*issuer = NULL;
111	if (ctx->ssl_peer_cert == NULL)
112	return (-1);
113	if ((name = X509_get_issuer_name(ctx->ssl_peer_cert)) == NULL)
114	return (-1);
115	*issuer = X509_NAME_oneline(name, 0, 0);
116	if (*issuer == NULL)
117	return (-1);
118	return (0);
119	}
120
121	int
122	tls_peer_cert_subject(struct tls ctx, char *subject)
123	{
124	X509_NAME *name = NULL;
125
126	*subject = NULL;
127	if (ctx->ssl_peer_cert == NULL)
128	return (-1);
129	if ((name = X509_get_subject_name(ctx->ssl_peer_cert)) == NULL)
130	return (-1);
131	*subject = X509_NAME_oneline(name, 0, 0);
132	if (*subject == NULL)
133	return (-1);
134	return (0);
135	}