From f4470c187e09c2ca1bfcf671080ac97b7fc86df2 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Thu, 28 Apr 2016 17:05:59 +0000 Subject: Factor our the keypair handling in libtls. This results in more readable and self-contained code, while preparing for the ability to handle multiple keypairs. Also provide two additional functions that allow a public certificate and private key to be set with a single function call. ok beck@ --- src/lib/libtls/tls_config.c | 114 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 100 insertions(+), 14 deletions(-) (limited to 'src/lib/libtls/tls_config.c') diff --git a/src/lib/libtls/tls_config.c b/src/lib/libtls/tls_config.c index 9c2b5810f6..b395337f49 100644 --- a/src/lib/libtls/tls_config.c +++ b/src/lib/libtls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.15 2016/04/28 16:48:44 jsing Exp $ */ +/* $OpenBSD: tls_config.c,v 1.16 2016/04/28 17:05:59 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing * @@ -57,6 +57,63 @@ set_mem(char **dest, size_t *destlen, const void *src, size_t srclen) return 0; } +static struct tls_keypair * +tls_keypair_new() +{ + return calloc(1, sizeof(struct tls_keypair)); +} + +static int +tls_keypair_set_cert_file(struct tls_keypair *keypair, const char *cert_file) +{ + return set_string(&keypair->cert_file, cert_file); +} + +static int +tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert, + size_t len) +{ + return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len); +} + +static int +tls_keypair_set_key_file(struct tls_keypair *keypair, const char *key_file) +{ + return set_string(&keypair->key_file, key_file); +} + +static int +tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key, + size_t len) +{ + if (keypair->key_mem != NULL) + explicit_bzero(keypair->key_mem, keypair->key_len); + return set_mem(&keypair->key_mem, &keypair->key_len, key, len); +} + +static void +tls_keypair_clear(struct tls_keypair *keypair) +{ + tls_keypair_set_cert_mem(keypair, NULL, 0); + tls_keypair_set_key_mem(keypair, NULL, 0); +} + +static void +tls_keypair_free(struct tls_keypair *keypair) +{ + if (keypair == NULL) + return; + + tls_keypair_clear(keypair); + + free((char *)keypair->cert_file); + free(keypair->cert_mem); + free((char *)keypair->key_file); + free(keypair->key_mem); + + free(keypair); +} + struct tls_config * tls_config_new(void) { @@ -65,6 +122,9 @@ tls_config_new(void) if ((config = calloc(1, sizeof(*config))) == NULL) return (NULL); + if ((config->keypair = tls_keypair_new()) == NULL) + goto err; + /* * Default configuration. */ @@ -94,20 +154,21 @@ tls_config_new(void) void tls_config_free(struct tls_config *config) { + struct tls_keypair *kp, *nkp; + if (config == NULL) return; - tls_config_clear_keys(config); + for (kp = config->keypair; kp != NULL; kp = nkp) { + nkp = kp->next; + tls_keypair_free(kp); + } free(config->error.msg); free((char *)config->ca_file); free((char *)config->ca_path); - free((char *)config->cert_file); - free(config->cert_mem); free((char *)config->ciphers); - free((char *)config->key_file); - free(config->key_mem); free(config); } @@ -121,9 +182,12 @@ tls_config_error(struct tls_config *config) void tls_config_clear_keys(struct tls_config *config) { + struct tls_keypair *kp; + + for (kp = config->keypair; kp != NULL; kp = kp->next) + tls_keypair_clear(kp); + tls_config_set_ca_mem(config, NULL, 0); - tls_config_set_cert_mem(config, NULL, 0); - tls_config_set_key_mem(config, NULL, 0); } int @@ -205,14 +269,14 @@ tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len) int tls_config_set_cert_file(struct tls_config *config, const char *cert_file) { - return set_string(&config->cert_file, cert_file); + return tls_keypair_set_cert_file(config->keypair, cert_file); } int tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert, size_t len) { - return set_mem(&config->cert_mem, &config->cert_len, cert, len); + return tls_keypair_set_cert_mem(config->keypair, cert, len); } int @@ -272,16 +336,38 @@ tls_config_set_ecdhecurve(struct tls_config *config, const char *name) int tls_config_set_key_file(struct tls_config *config, const char *key_file) { - return set_string(&config->key_file, key_file); + return tls_keypair_set_key_file(config->keypair, key_file); } int tls_config_set_key_mem(struct tls_config *config, const uint8_t *key, size_t len) { - if (config->key_mem) - explicit_bzero(config->key_mem, config->key_len); - return set_mem(&config->key_mem, &config->key_len, key, len); + return tls_keypair_set_key_mem(config->keypair, key, len); +} + +int +tls_config_set_keypair_file(struct tls_config *config, + const char *cert_file, const char *key_file) +{ + if (tls_config_set_cert_file(config, cert_file) != 0) + return (-1); + if (tls_config_set_key_file(config, key_file) != 0) + return (-1); + + return (0); +} + +int +tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len) +{ + if (tls_config_set_cert_mem(config, cert, cert_len) != 0) + return (-1); + if (tls_config_set_key_mem(config, key, key_len) != 0) + return (-1); + + return (0); } void -- cgit v1.2.3-55-g6feb