summaryrefslogtreecommitdiff
path: root/src/lib/libtls/tls_config.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libtls/tls_config.c')
-rw-r--r--src/lib/libtls/tls_config.c79
1 files changed, 68 insertions, 11 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 8f73a5a45b..cfd054b024 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls_config.c,v 1.18 2016/05/27 14:38:40 jsing Exp $ */ 1/* $OpenBSD: tls_config.c,v 1.19 2016/07/06 16:16:36 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4 * 4 *
@@ -15,9 +15,13 @@
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */ 16 */
17 17
18#include <sys/stat.h>
19
18#include <ctype.h> 20#include <ctype.h>
19#include <errno.h> 21#include <errno.h>
22#include <fcntl.h>
20#include <stdlib.h> 23#include <stdlib.h>
24#include <unistd.h>
21 25
22#include <tls.h> 26#include <tls.h>
23#include "tls_internal.h" 27#include "tls_internal.h"
@@ -57,6 +61,53 @@ set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
57 return 0; 61 return 0;
58} 62}
59 63
64static int
65load_file(struct tls_error *error, const char *filetype, const char *filename,
66 char **buf, size_t *len)
67{
68 struct stat st;
69 int fd = -1;
70
71 free(*buf);
72 *buf = NULL;
73 *len = 0;
74
75 if ((fd = open(filename, O_RDONLY)) == -1) {
76 tls_error_set(error, "failed to open %s file '%s'",
77 filetype, filename);
78 goto fail;
79 }
80 if (fstat(fd, &st) != 0) {
81 tls_error_set(error, "failed to stat %s file '%s'",
82 filetype, filename);
83 goto fail;
84 }
85 *len = (size_t)st.st_size;
86 if ((*buf = malloc(*len)) == NULL) {
87 tls_error_set(error, "failed to allocate buffer for "
88 "%s file '%s'", filetype, filename);
89 goto fail;
90 }
91 if (read(fd, *buf, *len) != *len) {
92 tls_error_set(error, "failed to read %s file '%s'",
93 filetype, filename);
94 goto fail;
95 }
96 close(fd);
97 return 0;
98
99 fail:
100 if (fd != -1)
101 close(fd);
102 if (*buf != NULL)
103 explicit_bzero(*buf, *len);
104 free(*buf);
105 *buf = NULL;
106 *len = 0;
107
108 return -1;
109}
110
60static struct tls_keypair * 111static struct tls_keypair *
61tls_keypair_new() 112tls_keypair_new()
62{ 113{
@@ -64,9 +115,11 @@ tls_keypair_new()
64} 115}
65 116
66static int 117static int
67tls_keypair_set_cert_file(struct tls_keypair *keypair, const char *cert_file) 118tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
119 const char *cert_file)
68{ 120{
69 return set_string(&keypair->cert_file, cert_file); 121 return load_file(error, "certificate", cert_file, &keypair->cert_mem,
122 &keypair->cert_len);
70} 123}
71 124
72static int 125static int
@@ -77,9 +130,13 @@ tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
77} 130}
78 131
79static int 132static int
80tls_keypair_set_key_file(struct tls_keypair *keypair, const char *key_file) 133tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
134 const char *key_file)
81{ 135{
82 return set_string(&keypair->key_file, key_file); 136 if (keypair->key_mem != NULL)
137 explicit_bzero(keypair->key_mem, keypair->key_len);
138 return load_file(error, "key", key_file, &keypair->key_mem,
139 &keypair->key_len);
83} 140}
84 141
85static int 142static int
@@ -106,9 +163,7 @@ tls_keypair_free(struct tls_keypair *keypair)
106 163
107 tls_keypair_clear(keypair); 164 tls_keypair_clear(keypair);
108 165
109 free((char *)keypair->cert_file);
110 free(keypair->cert_mem); 166 free(keypair->cert_mem);
111 free((char *)keypair->key_file);
112 free(keypair->key_mem); 167 free(keypair->key_mem);
113 168
114 free(keypair); 169 free(keypair);
@@ -166,7 +221,6 @@ tls_config_free(struct tls_config *config)
166 221
167 free(config->error.msg); 222 free(config->error.msg);
168 223
169 free((char *)config->ca_file);
170 free((char *)config->ca_mem); 224 free((char *)config->ca_mem);
171 free((char *)config->ca_path); 225 free((char *)config->ca_path);
172 free((char *)config->ciphers); 226 free((char *)config->ciphers);
@@ -252,7 +306,8 @@ tls_config_parse_protocols(uint32_t *protocols, const char *protostr)
252int 306int
253tls_config_set_ca_file(struct tls_config *config, const char *ca_file) 307tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
254{ 308{
255 return set_string(&config->ca_file, ca_file); 309 return load_file(&config->error, "CA", ca_file, &config->ca_mem,
310 &config->ca_len);
256} 311}
257 312
258int 313int
@@ -270,7 +325,8 @@ tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
270int 325int
271tls_config_set_cert_file(struct tls_config *config, const char *cert_file) 326tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
272{ 327{
273 return tls_keypair_set_cert_file(config->keypair, cert_file); 328 return tls_keypair_set_cert_file(config->keypair, &config->error,
329 cert_file);
274} 330}
275 331
276int 332int
@@ -337,7 +393,8 @@ tls_config_set_ecdhecurve(struct tls_config *config, const char *name)
337int 393int
338tls_config_set_key_file(struct tls_config *config, const char *key_file) 394tls_config_set_key_file(struct tls_config *config, const char *key_file)
339{ 395{
340 return tls_keypair_set_key_file(config->keypair, key_file); 396 return tls_keypair_set_key_file(config->keypair, &config->error,
397 key_file);
341} 398}
342 399
343int 400int
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 03:20:48 +0000