1 files changed, 99 insertions, 14 deletions
diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c
index 83c649fd51..87c2166f9e 100644
--- a/src/lib/libtls/tls_config.c
+++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.35 2017/01/29 17:52:11 beck Exp $ */
+/* $OpenBSD: tls_config.c,v 1.36 2017/01/31 16:18:57 beck Exp $ */
 /*
 * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
 *
@@ -416,9 +416,9 @@ tls_config_set_alpn(struct tls_config *config, const char *alpn)
            &config->alpn_len);
 }
-int
+static int
-tls_config_add_keypair_file(struct tls_config *config,
+tls_config_add_keypair_file_internal(struct tls_config *config,
-    const char *cert_file, const char *key_file)
+    const char *cert_file, const char *key_file, const char *ocsp_file)
 {
        struct tls_keypair *keypair;
@@ -428,6 +428,10 @@ tls_config_add_keypair_file(struct tls_config *config,
                goto err;
        if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
                goto err;
+        if (ocsp_file != NULL &&
+            tls_keypair_set_ocsp_staple_file(keypair, &config->error,
+                ocsp_file) != 0)
+                goto err;
        tls_config_keypair_add(config, keypair);
@@ -438,9 +442,10 @@ tls_config_add_keypair_file(struct tls_config *config,
        return (-1);
 }
-int
+static int
-tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
+tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
-    size_t cert_len, const uint8_t *key, size_t key_len)
+    size_t cert_len, const uint8_t *key, size_t key_len,
+    const uint8_t *staple, size_t staple_len)
 {
        struct tls_keypair *keypair;
@@ -450,6 +455,9 @@ tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
                goto err;
        if (tls_keypair_set_key_mem(keypair, key, key_len) != 0)
                goto err;
+        if (staple != NULL &&
+            tls_keypair_set_ocsp_staple_mem(keypair, staple, staple_len) != 0)
+                goto err;
        tls_config_keypair_add(config, keypair);
@@ -461,6 +469,39 @@ tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
 }
 int
+tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len)
+{
+        return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
+            key_len, NULL, 0);
+}
+int
+tls_config_add_keypair_file(struct tls_config *config,
+    const char *cert_file, const char *key_file)
+{
+        return tls_config_add_keypair_file_internal(config, cert_file,
+            key_file, NULL);
+}
+int
+tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len, const uint8_t *staple,
+    size_t staple_len)
+{
+        return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
+            key_len, staple, staple_len);
+}
+int
+tls_config_add_keypair_ocsp_file(struct tls_config *config,
+    const char *cert_file, const char *key_file, const char *ocsp_file)
+{
+        return tls_config_add_keypair_file_internal(config, cert_file,
+            key_file, ocsp_file);
+}
+int
 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
 {
        return tls_config_load_file(&config->error, "CA", ca_file,
@@ -581,31 +622,74 @@ tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
        return tls_keypair_set_key_mem(config->keypair, key, len);
 }
-int
+static int
-tls_config_set_keypair_file(struct tls_config *config,
+tls_config_set_keypair_file_internal(struct tls_config *config,
-    const char *cert_file, const char *key_file)
+    const char *cert_file, const char *key_file, const char *ocsp_file)
 {
        if (tls_config_set_cert_file(config, cert_file) != 0)
                return (-1);
        if (tls_config_set_key_file(config, key_file) != 0)
                return (-1);
+        if (tls_config_set_key_file(config, key_file) != 0)
+                return (-1);
+        if (ocsp_file != NULL &&
+            tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
+                return (-1);
        return (0);
 }
-int
+static int
-tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
+tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,
-    size_t cert_len, const uint8_t *key, size_t key_len)
+    size_t cert_len, const uint8_t *key, size_t key_len,
+    const uint8_t *staple, size_t staple_len)
 {
        if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
                return (-1);
        if (tls_config_set_key_mem(config, key, key_len) != 0)
                return (-1);
+        if ((staple != NULL) &&
+            (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
+                return (-1);
        return (0);
 }
 int
+tls_config_set_keypair_file(struct tls_config *config,
+    const char *cert_file, const char *key_file)
+{
+        return tls_config_set_keypair_file_internal(config, cert_file, key_file,
+            NULL);
+}
+int
+tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len)
+{
+        return tls_config_set_keypair_mem_internal(config, cert, cert_len,
+            key, key_len, NULL, 0);
+}
+int
+tls_config_set_keypair_ocsp_file(struct tls_config *config,
+    const char *cert_file, const char *key_file, const char *ocsp_file)
+{
+        return tls_config_set_keypair_file_internal(config, cert_file, key_file,
+            ocsp_file);
+}
+int
+tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,
+    size_t cert_len, const uint8_t *key, size_t key_len,
+    const uint8_t *staple, size_t staple_len)
+{
+        return tls_config_set_keypair_mem_internal(config, cert, cert_len,
+            key, key_len, staple, staple_len);
+}
+int
 tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
 {
        config->protocols = protocols;
@@ -685,7 +769,8 @@ tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_fi
 }
 int
-tls_config_set_ocsp_staple_mem(struct tls_config *config, char *staple, size_t len)
+tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,
+    size_t len)
 {
        return tls_keypair_set_ocsp_staple_mem(config->keypair, staple, len);
 }

diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 83c649fd51..87c2166f9e 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_config.c,v 1.35 2017/01/29 17:52:11 beck Exp $ */	1	/* $OpenBSD: tls_config.c,v 1.36 2017/01/31 16:18:57 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -416,9 +416,9 @@ tls_config_set_alpn(struct tls_config config, const char alpn)
416	&config->alpn_len);	416	&config->alpn_len);
417	}	417	}
418		418
419	int	419	static int
420	tls_config_add_keypair_file(struct tls_config *config,	420	tls_config_add_keypair_file_internal(struct tls_config *config,
421	const char cert_file, const char key_file)	421	const char cert_file, const char key_file, const char *ocsp_file)
422	{	422	{
423	struct tls_keypair *keypair;	423	struct tls_keypair *keypair;
424		424
@@ -428,6 +428,10 @@ tls_config_add_keypair_file(struct tls_config *config,
428	goto err;	428	goto err;
429	if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)	429	if (tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)
430	goto err;	430	goto err;
		431	if (ocsp_file != NULL &&
		432	tls_keypair_set_ocsp_staple_file(keypair, &config->error,
		433	ocsp_file) != 0)
		434	goto err;
431		435
432	tls_config_keypair_add(config, keypair);	436	tls_config_keypair_add(config, keypair);
433		437
@@ -438,9 +442,10 @@ tls_config_add_keypair_file(struct tls_config *config,
438	return (-1);	442	return (-1);
439	}	443	}
440		444
441	int	445	static int
442	tls_config_add_keypair_mem(struct tls_config config, const uint8_t cert,	446	tls_config_add_keypair_mem_internal(struct tls_config config, const uint8_t cert,
443	size_t cert_len, const uint8_t *key, size_t key_len)	447	size_t cert_len, const uint8_t *key, size_t key_len,
		448	const uint8_t *staple, size_t staple_len)
444	{	449	{
445	struct tls_keypair *keypair;	450	struct tls_keypair *keypair;
446		451
@@ -450,6 +455,9 @@ tls_config_add_keypair_mem(struct tls_config config, const uint8_t cert,
450	goto err;	455	goto err;
451	if (tls_keypair_set_key_mem(keypair, key, key_len) != 0)	456	if (tls_keypair_set_key_mem(keypair, key, key_len) != 0)
452	goto err;	457	goto err;
		458	if (staple != NULL &&
		459	tls_keypair_set_ocsp_staple_mem(keypair, staple, staple_len) != 0)
		460	goto err;
453		461
454	tls_config_keypair_add(config, keypair);	462	tls_config_keypair_add(config, keypair);
455		463
@@ -461,6 +469,39 @@ tls_config_add_keypair_mem(struct tls_config config, const uint8_t cert,
461	}	469	}
462		470
463	int	471	int
		472	tls_config_add_keypair_mem(struct tls_config config, const uint8_t cert,
		473	size_t cert_len, const uint8_t *key, size_t key_len)
		474	{
		475	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
		476	key_len, NULL, 0);
		477	}
		478
		479	int
		480	tls_config_add_keypair_file(struct tls_config *config,
		481	const char cert_file, const char key_file)
		482	{
		483	return tls_config_add_keypair_file_internal(config, cert_file,
		484	key_file, NULL);
		485	}
		486
		487	int
		488	tls_config_add_keypair_ocsp_mem(struct tls_config config, const uint8_t cert,
		489	size_t cert_len, const uint8_t key, size_t key_len, const uint8_t staple,
		490	size_t staple_len)
		491	{
		492	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,
		493	key_len, staple, staple_len);
		494	}
		495
		496	int
		497	tls_config_add_keypair_ocsp_file(struct tls_config *config,
		498	const char cert_file, const char key_file, const char *ocsp_file)
		499	{
		500	return tls_config_add_keypair_file_internal(config, cert_file,
		501	key_file, ocsp_file);
		502	}
		503
		504	int
464	tls_config_set_ca_file(struct tls_config config, const char ca_file)	505	tls_config_set_ca_file(struct tls_config config, const char ca_file)
465	{	506	{
466	return tls_config_load_file(&config->error, "CA", ca_file,	507	return tls_config_load_file(&config->error, "CA", ca_file,
@@ -581,31 +622,74 @@ tls_config_set_key_mem(struct tls_config config, const uint8_t key,
581	return tls_keypair_set_key_mem(config->keypair, key, len);	622	return tls_keypair_set_key_mem(config->keypair, key, len);
582	}	623	}
583		624
584	int	625	static int
585	tls_config_set_keypair_file(struct tls_config *config,	626	tls_config_set_keypair_file_internal(struct tls_config *config,
586	const char cert_file, const char key_file)	627	const char cert_file, const char key_file, const char *ocsp_file)
587	{	628	{
588	if (tls_config_set_cert_file(config, cert_file) != 0)	629	if (tls_config_set_cert_file(config, cert_file) != 0)
589	return (-1);	630	return (-1);
590	if (tls_config_set_key_file(config, key_file) != 0)	631	if (tls_config_set_key_file(config, key_file) != 0)
591	return (-1);	632	return (-1);
		633	if (tls_config_set_key_file(config, key_file) != 0)
		634	return (-1);
		635	if (ocsp_file != NULL &&
		636	tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)
		637	return (-1);
592		638
593	return (0);	639	return (0);
594	}	640	}
595		641
596	int	642	static int
597	tls_config_set_keypair_mem(struct tls_config config, const uint8_t cert,	643	tls_config_set_keypair_mem_internal(struct tls_config config, const uint8_t cert,
598	size_t cert_len, const uint8_t *key, size_t key_len)	644	size_t cert_len, const uint8_t *key, size_t key_len,
		645	const uint8_t *staple, size_t staple_len)
599	{	646	{
600	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)	647	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)
601	return (-1);	648	return (-1);
602	if (tls_config_set_key_mem(config, key, key_len) != 0)	649	if (tls_config_set_key_mem(config, key, key_len) != 0)
603	return (-1);	650	return (-1);
		651	if ((staple != NULL) &&
		652	(tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))
		653	return (-1);
604		654
605	return (0);	655	return (0);
606	}	656	}
607		657
608	int	658	int
		659	tls_config_set_keypair_file(struct tls_config *config,
		660	const char cert_file, const char key_file)
		661	{
		662	return tls_config_set_keypair_file_internal(config, cert_file, key_file,
		663	NULL);
		664	}
		665
		666	int
		667	tls_config_set_keypair_mem(struct tls_config config, const uint8_t cert,
		668	size_t cert_len, const uint8_t *key, size_t key_len)
		669	{
		670	return tls_config_set_keypair_mem_internal(config, cert, cert_len,
		671	key, key_len, NULL, 0);
		672	}
		673
		674	int
		675	tls_config_set_keypair_ocsp_file(struct tls_config *config,
		676	const char cert_file, const char key_file, const char *ocsp_file)
		677	{
		678	return tls_config_set_keypair_file_internal(config, cert_file, key_file,
		679	ocsp_file);
		680	}
		681
		682	int
		683	tls_config_set_keypair_ocsp_mem(struct tls_config config, const uint8_t cert,
		684	size_t cert_len, const uint8_t *key, size_t key_len,
		685	const uint8_t *staple, size_t staple_len)
		686	{
		687	return tls_config_set_keypair_mem_internal(config, cert, cert_len,
		688	key, key_len, staple, staple_len);
		689	}
		690
		691
		692	int
609	tls_config_set_protocols(struct tls_config *config, uint32_t protocols)	693	tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
610	{	694	{
611	config->protocols = protocols;	695	config->protocols = protocols;
@@ -685,7 +769,8 @@ tls_config_set_ocsp_staple_file(struct tls_config config, const char staple_fi
685	}	769	}
686		770
687	int	771	int
688	tls_config_set_ocsp_staple_mem(struct tls_config config, char staple, size_t len)	772	tls_config_set_ocsp_staple_mem(struct tls_config config, const uint8_t staple,
		773	size_t len)
689	{	774	{
690	return tls_keypair_set_ocsp_staple_mem(config->keypair, staple, len);	775	return tls_keypair_set_ocsp_staple_mem(config->keypair, staple, len);
691	}	776	}