1 files changed, 201 insertions, 0 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
new file mode 100644
index 0000000000..0e435f616a
--- /dev/null
+++ b/src/lib/libtls/tls_config.c
@@ -0,0 +1,201 @@
+/* $OpenBSD: tls_config.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <errno.h>
+#include <stdlib.h>
+#include <tls.h>
+#include "tls_internal.h"
+static int
+set_string(const char **dest, const char *src)
+{
+        free((char *)*dest);
+        *dest = NULL;
+        if (src != NULL)
+                if ((*dest = strdup(src)) == NULL)
+                        return -1;
+        return 0;
+}
+static void *
+memdup(const void *in, size_t len)
+{
+        void *out;
+        if ((out = malloc(len)) == NULL)
+                return NULL;
+        memcpy(out, in, len);
+        return out;
+}
+static int
+set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
+{
+        free(*dest);
+        *dest = NULL;
+        *destlen = 0;
+        if (src != NULL)
+                if ((*dest = memdup(src, srclen)) == NULL)
+                        return -1;
+        *destlen = srclen;
+        return 0;
+}
+struct tls_config *
+tls_config_new(void)
+{
+        struct tls_config *config;
+        if ((config = calloc(1, sizeof(*config))) == NULL)
+                return (NULL);
+        /*
+         * Default configuration.
+         */
+        if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
+                tls_config_free(config);
+                return (NULL);
+        }
+        tls_config_set_ecdhcurve(config, "auto");
+        tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
+        tls_config_set_verify_depth(config, 6);
+        
+        tls_config_verify(config);
+        return (config);
+}
+void
+tls_config_free(struct tls_config *config)
+{
+        if (config == NULL)
+                return;
+        tls_config_clear_keys(config);
+        free((char *)config->ca_file);
+        free((char *)config->ca_path);
+        free((char *)config->cert_file);
+        free(config->cert_mem);
+        free((char *)config->ciphers);
+        free((char *)config->key_file);
+        free(config->key_mem);
+        free(config);
+}
+void
+tls_config_clear_keys(struct tls_config *config)
+{
+        tls_config_set_cert_mem(config, NULL, 0);
+        tls_config_set_key_mem(config, NULL, 0);
+}
+int
+tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
+{
+        return set_string(&config->ca_file, ca_file);
+}
+int
+tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
+{
+        return set_string(&config->ca_path, ca_path);
+}
+int
+tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
+{
+        return set_string(&config->cert_file, cert_file);
+}
+int
+tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
+    size_t len)
+{
+        return set_mem(&config->cert_mem, &config->cert_len, cert, len);
+}
+int
+tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
+{
+        return set_string(&config->ciphers, ciphers);
+}
+int
+tls_config_set_ecdhcurve(struct tls_config *config, const char *name)
+{
+        int nid;
+        if (name == NULL)
+                nid = NID_undef;
+        else if (strcasecmp(name, "auto") == 0)
+                nid = -1;
+        else if ((nid = OBJ_txt2nid(name)) == NID_undef)
+                return (-1);
+        config->ecdhcurve = nid;
+        return (0);
+}
+int
+tls_config_set_key_file(struct tls_config *config, const char *key_file)
+{
+        return set_string(&config->key_file, key_file);
+}
+int
+tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
+    size_t len)
+{
+        if (config->key_mem)
+                explicit_bzero(config->key_mem, config->key_len);
+        return set_mem(&config->key_mem, &config->key_len, key, len);
+}
+void
+tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
+{
+        config->protocols = protocols;
+}
+void
+tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
+{
+        config->verify_depth = verify_depth;
+}
+void
+tls_config_insecure_noverifyhost(struct tls_config *config)
+{
+        config->verify_host = 0;
+}
+void
+tls_config_insecure_noverifycert(struct tls_config *config)
+{
+        config->verify_cert = 0;
+}
+void
+tls_config_verify(struct tls_config *config)
+{
+        config->verify_host = 1;
+        config->verify_cert = 1;
+}

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c new file mode 100644 index 0000000000..0e435f616a --- /dev/null +++ b/src/lib/libtls/tls_config.c
@@ -0,0 +1,201 @@
	1	/* $OpenBSD: tls_config.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */
	2	/*
	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
	4	*
	5	* Permission to use, copy, modify, and distribute this software for any
	6	* purpose with or without fee is hereby granted, provided that the above
	7	* copyright notice and this permission notice appear in all copies.
	8	*
	9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
	10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
	12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
	15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
	16	*/
	17
	18	#include <errno.h>
	19	#include <stdlib.h>
	20
	21	#include <tls.h>
	22	#include "tls_internal.h"
	23
	24	static int
	25	set_string(const char *dest, const char src)
	26	{
	27	free((char )dest);
	28	*dest = NULL;
	29	if (src != NULL)
	30	if ((*dest = strdup(src)) == NULL)
	31	return -1;
	32	return 0;
	33	}
	34
	35	static void *
	36	memdup(const void *in, size_t len)
	37	{
	38	void *out;
	39
	40	if ((out = malloc(len)) == NULL)
	41	return NULL;
	42	memcpy(out, in, len);
	43	return out;
	44	}
	45
	46	static int
	47	set_mem(char *dest, size_t destlen, const void *src, size_t srclen)
	48	{
	49	free(*dest);
	50	*dest = NULL;
	51	*destlen = 0;
	52	if (src != NULL)
	53	if ((*dest = memdup(src, srclen)) == NULL)
	54	return -1;
	55	*destlen = srclen;
	56	return 0;
	57	}
	58
	59	struct tls_config *
	60	tls_config_new(void)
	61	{
	62	struct tls_config *config;
	63
	64	if ((config = calloc(1, sizeof(*config))) == NULL)
	65	return (NULL);
	66
	67	/*
	68	* Default configuration.
	69	*/
	70	if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
	71	tls_config_free(config);
	72	return (NULL);
	73	}
	74	tls_config_set_ecdhcurve(config, "auto");
	75	tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
	76	tls_config_set_verify_depth(config, 6);
	77
	78	tls_config_verify(config);
	79
	80	return (config);
	81	}
	82
	83	void
	84	tls_config_free(struct tls_config *config)
	85	{
	86	if (config == NULL)
	87	return;
	88
	89	tls_config_clear_keys(config);
	90
	91	free((char *)config->ca_file);
	92	free((char *)config->ca_path);
	93	free((char *)config->cert_file);
	94	free(config->cert_mem);
	95	free((char *)config->ciphers);
	96	free((char *)config->key_file);
	97	free(config->key_mem);
	98
	99	free(config);
	100	}
	101
	102	void
	103	tls_config_clear_keys(struct tls_config *config)
	104	{
	105	tls_config_set_cert_mem(config, NULL, 0);
	106	tls_config_set_key_mem(config, NULL, 0);
	107	}
	108
	109	int
	110	tls_config_set_ca_file(struct tls_config config, const char ca_file)
	111	{
	112	return set_string(&config->ca_file, ca_file);
	113	}
	114
	115	int
	116	tls_config_set_ca_path(struct tls_config config, const char ca_path)
	117	{
	118	return set_string(&config->ca_path, ca_path);
	119	}
	120
	121	int
	122	tls_config_set_cert_file(struct tls_config config, const char cert_file)
	123	{
	124	return set_string(&config->cert_file, cert_file);
	125	}
	126
	127	int
	128	tls_config_set_cert_mem(struct tls_config config, const uint8_t cert,
	129	size_t len)
	130	{
	131	return set_mem(&config->cert_mem, &config->cert_len, cert, len);
	132	}
	133
	134	int
	135	tls_config_set_ciphers(struct tls_config config, const char ciphers)
	136	{
	137	return set_string(&config->ciphers, ciphers);
	138	}
	139
	140	int
	141	tls_config_set_ecdhcurve(struct tls_config config, const char name)
	142	{
	143	int nid;
	144
	145	if (name == NULL)
	146	nid = NID_undef;
	147	else if (strcasecmp(name, "auto") == 0)
	148	nid = -1;
	149	else if ((nid = OBJ_txt2nid(name)) == NID_undef)
	150	return (-1);
	151
	152	config->ecdhcurve = nid;
	153
	154	return (0);
	155	}
	156
	157	int
	158	tls_config_set_key_file(struct tls_config config, const char key_file)
	159	{
	160	return set_string(&config->key_file, key_file);
	161	}
	162
	163	int
	164	tls_config_set_key_mem(struct tls_config config, const uint8_t key,
	165	size_t len)
	166	{
	167	if (config->key_mem)
	168	explicit_bzero(config->key_mem, config->key_len);
	169	return set_mem(&config->key_mem, &config->key_len, key, len);
	170	}
	171
	172	void
	173	tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
	174	{
	175	config->protocols = protocols;
	176	}
	177
	178	void
	179	tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
	180	{
	181	config->verify_depth = verify_depth;
	182	}
	183
	184	void
	185	tls_config_insecure_noverifyhost(struct tls_config *config)
	186	{
	187	config->verify_host = 0;
	188	}
	189
	190	void
	191	tls_config_insecure_noverifycert(struct tls_config *config)
	192	{
	193	config->verify_cert = 0;
	194	}
	195
	196	void
	197	tls_config_verify(struct tls_config *config)
	198	{
	199	config->verify_host = 1;
	200	config->verify_cert = 1;
	201	}