1 files changed, 84 insertions, 37 deletions
diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c
index aa353be01f..5deb8d187f 100644
--- a/src/lib/libressl/ressl_config.c
+++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */
+/* $OpenBSD: ressl_config.c,v 1.9 2014/09/28 06:24:00 tedu Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -21,27 +21,60 @@
 #include <ressl.h>
 #include "ressl_internal.h"
-/*
+static int
- * Default configuration.
+set_string(const char **dest, const char *src)
- */
+{
-struct ressl_config ressl_config_default = {
+        free((char *)*dest);
-        .ca_file = _PATH_SSL_CA_FILE,
+        *dest = NULL;
-        .ca_path = NULL,
+        if (src != NULL)
-        .ciphers = NULL,
+                if ((*dest = strdup(src)) == NULL)
-        .ecdhcurve = NID_X9_62_prime256v1,
+                        return -1;
-        .verify = 1,
+        return 0;
-        .verify_depth = 6,
+}
-};
+static void *
+memdup(const void *in, size_t len)
+{
+        void *out;
+        if ((out = malloc(len)) == NULL)
+                return NULL;
+        memcpy(out, in, len);
+        return out;
+}
+static int
+set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
+{
+        free(*dest);
+        *dest = NULL;
+        *destlen = 0;
+        if (src != NULL)
+                if ((*dest = memdup(src, srclen)) == NULL)
+                        return -1;
+        *destlen = srclen;
+        return 0;
+}
 struct ressl_config *
 ressl_config_new(void)
 {
        struct ressl_config *config;
-        if ((config = malloc(sizeof(*config))) == NULL)
+        if ((config = calloc(1, sizeof(*config))) == NULL)
                return (NULL);
-        memcpy(config, &ressl_config_default, sizeof(*config));
+        /*
+         * Default configuration.
+         */
+        if (ressl_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
+                ressl_config_free(config);
+                return (NULL);
+        }
+        ressl_config_verify(config);
+        ressl_config_set_verify_depth(config, 6);
+        /* ? use function ? */
+        config->ecdhcurve = NID_X9_62_prime256v1;
        
        return (config);
 }
@@ -49,38 +82,50 @@ ressl_config_new(void)
 void
 ressl_config_free(struct ressl_config *config)
 {
+        if (config == NULL)
+                return;
+        free((char *)config->ca_file);
+        free((char *)config->ca_path);
+        free((char *)config->cert_file);
+        free(config->cert_mem);
+        free((char *)config->ciphers);
+        free((char *)config->key_file);
+        if (config->key_mem != NULL) {
+                explicit_bzero(config->key_mem, config->key_len);
+                free(config->key_mem);
+        }
        free(config);
 }
-void
+int
-ressl_config_set_ca_file(struct ressl_config *config, char *ca_file)
+ressl_config_set_ca_file(struct ressl_config *config, const char *ca_file)
 {
-        config->ca_file = ca_file;
+        return set_string(&config->ca_file, ca_file);
 }
-void
+int
-ressl_config_set_ca_path(struct ressl_config *config, char *ca_path)
+ressl_config_set_ca_path(struct ressl_config *config, const char *ca_path)
 {
-        config->ca_path = ca_path;
+        return set_string(&config->ca_path, ca_path);
 }
-void
+int
-ressl_config_set_cert_file(struct ressl_config *config, char *cert_file)
+ressl_config_set_cert_file(struct ressl_config *config, const char *cert_file)
 {
-        config->cert_file = cert_file;
+        return set_string(&config->cert_file, cert_file);
 }
-void
+int
-ressl_config_set_cert_mem(struct ressl_config *config, char *cert, size_t len)
+ressl_config_set_cert_mem(struct ressl_config *config, const uint8_t *cert,
+    size_t len)
 {
-        config->cert_mem = cert;
+        return set_mem(&config->cert_mem, &config->cert_len, cert, len);
-        config->cert_len = len;
 }
-void
+int
-ressl_config_set_ciphers(struct ressl_config *config, char *ciphers)
+ressl_config_set_ciphers(struct ressl_config *config, const char *ciphers)
 {
-        config->ciphers = ciphers;
+        return set_string(&config->ciphers, ciphers);
 }
 int
@@ -95,17 +140,19 @@ ressl_config_set_ecdhcurve(struct ressl_config *config, const char *name)
        return (0);
 }
-void
+int
-ressl_config_set_key_file(struct ressl_config *config, char *key_file)
+ressl_config_set_key_file(struct ressl_config *config, const char *key_file)
 {
-        config->key_file = key_file;
+        return set_string(&config->key_file, key_file);
 }
-void
+int
-ressl_config_set_key_mem(struct ressl_config *config, char *key, size_t len)
+ressl_config_set_key_mem(struct ressl_config *config, const uint8_t *key,
+    size_t len)
 {
-        config->key_mem = key;
+        if (config->key_mem)
-        config->key_len = len;
+                explicit_bzero(config->key_mem, config->key_len);
+        return set_mem(&config->key_mem, &config->key_len, key, len);
 }
 void

diff --git a/src/lib/libressl/ressl_config.c b/src/lib/libressl/ressl_config.c index aa353be01f..5deb8d187f 100644 --- a/src/lib/libressl/ressl_config.c +++ b/src/lib/libressl/ressl_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ressl_config.c,v 1.8 2014/08/27 10:46:53 reyk Exp $ */	1	/* $OpenBSD: ressl_config.c,v 1.9 2014/09/28 06:24:00 tedu Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -21,27 +21,60 @@
21	#include <ressl.h>	21	#include <ressl.h>
22	#include "ressl_internal.h"	22	#include "ressl_internal.h"
23		23
24	/*	24	static int
25	* Default configuration.	25	set_string(const char *dest, const char src)
26	*/	26	{
27	struct ressl_config ressl_config_default = {	27	free((char )dest);
28	.ca_file = _PATH_SSL_CA_FILE,	28	*dest = NULL;
29	.ca_path = NULL,	29	if (src != NULL)
30	.ciphers = NULL,	30	if ((*dest = strdup(src)) == NULL)
31	.ecdhcurve = NID_X9_62_prime256v1,	31	return -1;
32	.verify = 1,	32	return 0;
33	.verify_depth = 6,	33	}
34	};	34
		35	static void *
		36	memdup(const void *in, size_t len)
		37	{
		38	void *out;
		39
		40	if ((out = malloc(len)) == NULL)
		41	return NULL;
		42	memcpy(out, in, len);
		43	return out;
		44	}
		45
		46	static int
		47	set_mem(char *dest, size_t destlen, const void *src, size_t srclen)
		48	{
		49	free(*dest);
		50	*dest = NULL;
		51	*destlen = 0;
		52	if (src != NULL)
		53	if ((*dest = memdup(src, srclen)) == NULL)
		54	return -1;
		55	*destlen = srclen;
		56	return 0;
		57	}
35		58
36	struct ressl_config *	59	struct ressl_config *
37	ressl_config_new(void)	60	ressl_config_new(void)
38	{	61	{
39	struct ressl_config *config;	62	struct ressl_config *config;
40		63
41	if ((config = malloc(sizeof(*config))) == NULL)	64	if ((config = calloc(1, sizeof(*config))) == NULL)
42	return (NULL);	65	return (NULL);
43		66
44	memcpy(config, &ressl_config_default, sizeof(*config));	67	/*
		68	* Default configuration.
		69	*/
		70	if (ressl_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
		71	ressl_config_free(config);
		72	return (NULL);
		73	}
		74	ressl_config_verify(config);
		75	ressl_config_set_verify_depth(config, 6);
		76	/* ? use function ? */
		77	config->ecdhcurve = NID_X9_62_prime256v1;
45		78
46	return (config);	79	return (config);
47	}	80	}
@@ -49,38 +82,50 @@ ressl_config_new(void)
49	void	82	void
50	ressl_config_free(struct ressl_config *config)	83	ressl_config_free(struct ressl_config *config)
51	{	84	{
		85	if (config == NULL)
		86	return;
		87	free((char *)config->ca_file);
		88	free((char *)config->ca_path);
		89	free((char *)config->cert_file);
		90	free(config->cert_mem);
		91	free((char *)config->ciphers);
		92	free((char *)config->key_file);
		93	if (config->key_mem != NULL) {
		94	explicit_bzero(config->key_mem, config->key_len);
		95	free(config->key_mem);
		96	}
52	free(config);	97	free(config);
53	}	98	}
54		99
55	void	100	int
56	ressl_config_set_ca_file(struct ressl_config config, char ca_file)	101	ressl_config_set_ca_file(struct ressl_config config, const char ca_file)
57	{	102	{
58	config->ca_file = ca_file;	103	return set_string(&config->ca_file, ca_file);
59	}	104	}
60		105
61	void	106	int
62	ressl_config_set_ca_path(struct ressl_config config, char ca_path)	107	ressl_config_set_ca_path(struct ressl_config config, const char ca_path)
63	{	108	{
64	config->ca_path = ca_path;	109	return set_string(&config->ca_path, ca_path);
65	}	110	}
66		111
67	void	112	int
68	ressl_config_set_cert_file(struct ressl_config config, char cert_file)	113	ressl_config_set_cert_file(struct ressl_config config, const char cert_file)
69	{	114	{
70	config->cert_file = cert_file;	115	return set_string(&config->cert_file, cert_file);
71	}	116	}
72		117
73	void	118	int
74	ressl_config_set_cert_mem(struct ressl_config config, char cert, size_t len)	119	ressl_config_set_cert_mem(struct ressl_config config, const uint8_t cert,
		120	size_t len)
75	{	121	{
76	config->cert_mem = cert;	122	return set_mem(&config->cert_mem, &config->cert_len, cert, len);
77	config->cert_len = len;
78	}	123	}
79		124
80	void	125	int
81	ressl_config_set_ciphers(struct ressl_config config, char ciphers)	126	ressl_config_set_ciphers(struct ressl_config config, const char ciphers)
82	{	127	{
83	config->ciphers = ciphers;	128	return set_string(&config->ciphers, ciphers);
84	}	129	}
85		130
86	int	131	int
@@ -95,17 +140,19 @@ ressl_config_set_ecdhcurve(struct ressl_config config, const char name)
95	return (0);	140	return (0);
96	}	141	}
97		142
98	void	143	int
99	ressl_config_set_key_file(struct ressl_config config, char key_file)	144	ressl_config_set_key_file(struct ressl_config config, const char key_file)
100	{	145	{
101	config->key_file = key_file;	146	return set_string(&config->key_file, key_file);
102	}	147	}
103		148
104	void	149	int
105	ressl_config_set_key_mem(struct ressl_config config, char key, size_t len)	150	ressl_config_set_key_mem(struct ressl_config config, const uint8_t key,
		151	size_t len)
106	{	152	{
107	config->key_mem = key;	153	if (config->key_mem)
108	config->key_len = len;	154	explicit_bzero(config->key_mem, config->key_len);
		155	return set_mem(&config->key_mem, &config->key_len, key, len);
109	}	156	}
110		157
111	void	158	void