Add callback-based interface to libtls.

This allows working with buffers and callback functions instead of directly on sockets or file descriptors. Original patch from Tobias Pape <tobias_at_netshed.de>. ok beck@
author: bcook <> 2016-09-04 12:26:43 +0000
committer: bcook <> 2016-09-04 12:26:43 +0000
commit: ad909e37b20a2c933e88e0e359b2fdb401d05092 (patch)
tree: 00adeae01265c1c035072ffd2eb37000b9640ece /src/lib/libtls/tls_server.c
parent: 50df0f10141bc06d1ff2d6bd98be2f5ab87857e6 (diff)
download: openbsd-ad909e37b20a2c933e88e0e359b2fdb401d05092.tar.gz
openbsd-ad909e37b20a2c933e88e0e359b2fdb401d05092.tar.bz2
openbsd-ad909e37b20a2c933e88e0e359b2fdb401d05092.zip
1 files changed, 50 insertions, 10 deletions
diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c
index 044678c705..01f9ed3b7f 100644
--- a/src/lib/libtls/tls_server.c
+++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.25 2016/08/22 14:51:37 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.26 2016/09/04 12:26:43 bcook Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -279,14 +279,8 @@ tls_configure_server(struct tls *ctx)
        return (-1);
 }
-int
+static struct tls *
-tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
+accept_common(struct tls *ctx)
-{
-        return (tls_accept_fds(ctx, cctx, socket, socket));
-}
-int
-tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
 {
        struct tls *conn_ctx = NULL;
@@ -304,10 +298,34 @@ tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
                tls_set_errorx(ctx, "ssl failure");
                goto err;
        }
        if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
                tls_set_errorx(ctx, "ssl application data failure");
                goto err;
        }
+        return conn_ctx;
+ err:
+        tls_free(conn_ctx);
+        return (NULL);
+}
+int
+tls_accept_socket(struct tls *ctx, struct tls **cctx, int socket)
+{
+        return (tls_accept_fds(ctx, cctx, socket, socket));
+}
+int
+tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
+{
+        struct tls *conn_ctx;
+        if ((conn_ctx = accept_common(ctx)) == NULL)
+                goto err;
        if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 ||
            SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
                tls_set_errorx(ctx, "ssl file descriptor failure");
@@ -317,10 +335,32 @@ tls_accept_fds(struct tls *ctx, struct tls **cctx, int fd_read, int fd_write)
        *cctx = conn_ctx;
        return (0);
 err:
        tls_free(conn_ctx);
+        *cctx = NULL;
+        return (-1);
+}
+int
+tls_accept_cbs(struct tls *ctx, struct tls **cctx,
+    tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
+{
+        struct tls *conn_ctx;
+        if ((conn_ctx = accept_common(ctx)) == NULL)
+                goto err;
+        if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) {
+                tls_set_errorx(ctx, "callback registration failure");
+                goto err;
+        }
+        *cctx = conn_ctx;
+        return (0);
+ err:
+        tls_free(conn_ctx);
        *cctx = NULL;
        return (-1);
author	bcook <>	2016-09-04 12:26:43 +0000
committer	bcook <>	2016-09-04 12:26:43 +0000
commit	ad909e37b20a2c933e88e0e359b2fdb401d05092 (patch)
tree	00adeae01265c1c035072ffd2eb37000b9640ece /src/lib/libtls/tls_server.c
parent	50df0f10141bc06d1ff2d6bd98be2f5ab87857e6 (diff)
download	openbsd-ad909e37b20a2c933e88e0e359b2fdb401d05092.tar.gz openbsd-ad909e37b20a2c933e88e0e359b2fdb401d05092.tar.bz2 openbsd-ad909e37b20a2c933e88e0e359b2fdb401d05092.zip

diff --git a/src/lib/libtls/tls_server.c b/src/lib/libtls/tls_server.c index 044678c705..01f9ed3b7f 100644 --- a/src/lib/libtls/tls_server.c +++ b/src/lib/libtls/tls_server.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_server.c,v 1.25 2016/08/22 14:51:37 jsing Exp $ */	1	/* $OpenBSD: tls_server.c,v 1.26 2016/09/04 12:26:43 bcook Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -279,14 +279,8 @@ tls_configure_server(struct tls *ctx)
279	return (-1);	279	return (-1);
280	}	280	}
281		281
282	int	282	static struct tls *
283	tls_accept_socket(struct tls ctx, struct tls *cctx, int socket)	283	accept_common(struct tls *ctx)
284	{
285	return (tls_accept_fds(ctx, cctx, socket, socket));
286	}
287
288	int
289	tls_accept_fds(struct tls ctx, struct tls *cctx, int fd_read, int fd_write)
290	{	284	{
291	struct tls *conn_ctx = NULL;	285	struct tls *conn_ctx = NULL;
292		286
@@ -304,10 +298,34 @@ tls_accept_fds(struct tls ctx, struct tls *cctx, int fd_read, int fd_write)
304	tls_set_errorx(ctx, "ssl failure");	298	tls_set_errorx(ctx, "ssl failure");
305	goto err;	299	goto err;
306	}	300	}
		301
307	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {	302	if (SSL_set_app_data(conn_ctx->ssl_conn, conn_ctx) != 1) {
308	tls_set_errorx(ctx, "ssl application data failure");	303	tls_set_errorx(ctx, "ssl application data failure");
309	goto err;	304	goto err;
310	}	305	}
		306
		307	return conn_ctx;
		308
		309	err:
		310	tls_free(conn_ctx);
		311
		312	return (NULL);
		313	}
		314
		315	int
		316	tls_accept_socket(struct tls ctx, struct tls *cctx, int socket)
		317	{
		318	return (tls_accept_fds(ctx, cctx, socket, socket));
		319	}
		320
		321	int
		322	tls_accept_fds(struct tls ctx, struct tls *cctx, int fd_read, int fd_write)
		323	{
		324	struct tls *conn_ctx;
		325
		326	if ((conn_ctx = accept_common(ctx)) == NULL)
		327	goto err;
		328
311	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 \|\|	329	if (SSL_set_rfd(conn_ctx->ssl_conn, fd_read) != 1 \|\|
312	SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {	330	SSL_set_wfd(conn_ctx->ssl_conn, fd_write) != 1) {
313	tls_set_errorx(ctx, "ssl file descriptor failure");	331	tls_set_errorx(ctx, "ssl file descriptor failure");
@@ -317,10 +335,32 @@ tls_accept_fds(struct tls ctx, struct tls *cctx, int fd_read, int fd_write)
317	*cctx = conn_ctx;	335	*cctx = conn_ctx;
318		336
319	return (0);	337	return (0);
320
321	err:	338	err:
322	tls_free(conn_ctx);	339	tls_free(conn_ctx);
		340	*cctx = NULL;
		341
		342	return (-1);
		343	}
		344
		345	int
		346	tls_accept_cbs(struct tls ctx, struct tls *cctx,
		347	tls_read_cb read_cb, tls_write_cb write_cb, void *cb_arg)
		348	{
		349	struct tls *conn_ctx;
		350
		351	if ((conn_ctx = accept_common(ctx)) == NULL)
		352	goto err;
		353
		354	if (tls_set_cbs(ctx, read_cb, write_cb, cb_arg) != 0) {
		355	tls_set_errorx(ctx, "callback registration failure");
		356	goto err;
		357	}
		358
		359	*cctx = conn_ctx;
323		360
		361	return (0);
		362	err:
		363	tls_free(conn_ctx);
324	*cctx = NULL;	364	*cctx = NULL;
325		365
326	return (-1);	366	return (-1);