in multiple locations.
ok beck@
-# $OpenBSD: Makefile,v 1.32 2017/08/13 19:42:33 doug Exp $
+# $OpenBSD: Makefile,v 1.33 2018/02/08 05:56:49 jsing Exp $
.include <bsd.own.mk>
.ifndef NOMAN
tls_client.c \
tls_config.c \
tls_conninfo.c \
+ tls_keypair.c \
tls_peer.c \
tls_server.c \
tls_util.c \
-/* $OpenBSD: tls_config.c,v 1.46 2018/02/05 00:52:24 jsing Exp $ */
+/* $OpenBSD: tls_config.c,v 1.47 2018/02/08 05:56:49 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
#include <unistd.h>
#include <tls.h>
-#include "tls_internal.h"
-
-static int
-set_string(const char **dest, const char *src)
-{
- free((char *)*dest);
- *dest = NULL;
- if (src != NULL)
- if ((*dest = strdup(src)) == NULL)
- return -1;
- return 0;
-}
-
-static void *
-memdup(const void *in, size_t len)
-{
- void *out;
-
- if ((out = malloc(len)) == NULL)
- return NULL;
- memcpy(out, in, len);
- return out;
-}
-
-static int
-set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
-{
- free(*dest);
- *dest = NULL;
- *destlen = 0;
- if (src != NULL)
- if ((*dest = memdup(src, srclen)) == NULL)
- return -1;
- *destlen = srclen;
- return 0;
-}
-
-static struct tls_keypair *
-tls_keypair_new(void)
-{
- return calloc(1, sizeof(struct tls_keypair));
-}
-
-static void
-tls_keypair_clear_key(struct tls_keypair *keypair)
-{
- freezero(keypair->key_mem, keypair->key_len);
- keypair->key_mem = NULL;
- keypair->key_len = 0;
-}
-
-static int
-tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
- const char *cert_file)
-{
- return tls_config_load_file(error, "certificate", cert_file,
- &keypair->cert_mem, &keypair->cert_len);
-}
-
-static int
-tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
- size_t len)
-{
- return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
-}
-static int
-tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
- const char *key_file)
-{
- tls_keypair_clear_key(keypair);
- return tls_config_load_file(error, "key", key_file,
- &keypair->key_mem, &keypair->key_len);
-}
-
-static int
-tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
- size_t len)
-{
- tls_keypair_clear_key(keypair);
- return set_mem(&keypair->key_mem, &keypair->key_len, key, len);
-}
-
-static int
-tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
- struct tls_error *error, const char *ocsp_file)
-{
- return tls_config_load_file(error, "ocsp", ocsp_file,
- &keypair->ocsp_staple, &keypair->ocsp_staple_len);
-}
-
-static int
-tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
- const uint8_t *staple, size_t len)
-{
- return set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len, staple,
- len);
-}
-
-static void
-tls_keypair_clear(struct tls_keypair *keypair)
-{
- tls_keypair_set_cert_mem(keypair, NULL, 0);
- tls_keypair_set_key_mem(keypair, NULL, 0);
-}
-
-static void
-tls_keypair_free(struct tls_keypair *keypair)
-{
- if (keypair == NULL)
- return;
-
- tls_keypair_clear(keypair);
-
- free(keypair->cert_mem);
- free(keypair->key_mem);
- free(keypair->ocsp_staple);
- free(keypair->pubkey_hash);
-
- free(keypair);
-}
+#include "tls_internal.h"
int
tls_config_load_file(struct tls_error *error, const char *filetype,
int
tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
{
- return set_string(&config->ca_path, ca_path);
+ return tls_set_string(&config->ca_path, ca_path);
}
int
tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)
{
- return set_mem(&config->ca_mem, &config->ca_len, ca, len);
+ return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);
}
int
}
SSL_CTX_free(ssl_ctx);
- return set_string(&config->ciphers, ciphers);
+ return tls_set_string(&config->ciphers, ciphers);
err:
SSL_CTX_free(ssl_ctx);
tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,
size_t len)
{
- return set_mem(&config->crl_mem, &config->crl_len, crl, len);
+ return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);
}
int
-/* $OpenBSD: tls_internal.h,v 1.65 2017/09/20 17:05:17 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.66 2018/02/08 05:56:49 jsing Exp $ */
/*
* Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
void *cb_arg;
};
+int tls_set_mem(char **_dest, size_t *_destlen, const void *_src,
+ size_t _srclen);
+int tls_set_string(const char **_dest, const char *_src);
+
+struct tls_keypair *tls_keypair_new(void);
+void tls_keypair_clear_key(struct tls_keypair *_keypair);
+int tls_keypair_set_cert_file(struct tls_keypair *_keypair,
+ struct tls_error *_error, const char *_cert_file);
+int tls_keypair_set_cert_mem(struct tls_keypair *_keypair, const uint8_t *_cert,
+ size_t _len);
+int tls_keypair_set_key_file(struct tls_keypair *_keypair,
+ struct tls_error *_error, const char *_key_file);
+int tls_keypair_set_key_mem(struct tls_keypair *_keypair, const uint8_t *_key,
+ size_t _len);
+int tls_keypair_set_ocsp_staple_file(struct tls_keypair *_keypair,
+ struct tls_error *_error, const char *_ocsp_file);
+int tls_keypair_set_ocsp_staple_mem(struct tls_keypair *_keypair,
+ const uint8_t *_staple, size_t _len);
+void tls_keypair_clear(struct tls_keypair *_keypair);
+void tls_keypair_free(struct tls_keypair *_keypair);
+int tls_keypair_load_cert(struct tls_keypair *_keypair,
+ struct tls_error *_error, X509 **_cert);
+
struct tls_sni_ctx *tls_sni_ctx_new(void);
void tls_sni_ctx_free(struct tls_sni_ctx *sni_ctx);
--- /dev/null
+/* $OpenBSD: tls_keypair.c,v 1.1 2018/02/08 05:56:49 jsing Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pem.h>
+
+#include <tls.h>
+
+#include "tls_internal.h"
+
+struct tls_keypair *
+tls_keypair_new(void)
+{
+ return calloc(1, sizeof(struct tls_keypair));
+}
+
+void
+tls_keypair_clear_key(struct tls_keypair *keypair)
+{
+ freezero(keypair->key_mem, keypair->key_len);
+ keypair->key_mem = NULL;
+ keypair->key_len = 0;
+}
+
+int
+tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error,
+ const char *cert_file)
+{
+ return tls_config_load_file(error, "certificate", cert_file,
+ &keypair->cert_mem, &keypair->cert_len);
+}
+
+int
+tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert,
+ size_t len)
+{
+ return tls_set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len);
+}
+
+int
+tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error,
+ const char *key_file)
+{
+ tls_keypair_clear_key(keypair);
+ return tls_config_load_file(error, "key", key_file,
+ &keypair->key_mem, &keypair->key_len);
+}
+
+int
+tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key,
+ size_t len)
+{
+ tls_keypair_clear_key(keypair);
+ return tls_set_mem(&keypair->key_mem, &keypair->key_len, key, len);
+}
+
+int
+tls_keypair_set_ocsp_staple_file(struct tls_keypair *keypair,
+ struct tls_error *error, const char *ocsp_file)
+{
+ return tls_config_load_file(error, "ocsp", ocsp_file,
+ &keypair->ocsp_staple, &keypair->ocsp_staple_len);
+}
+
+int
+tls_keypair_set_ocsp_staple_mem(struct tls_keypair *keypair,
+ const uint8_t *staple, size_t len)
+{
+ return tls_set_mem(&keypair->ocsp_staple, &keypair->ocsp_staple_len,
+ staple, len);
+}
+
+void
+tls_keypair_clear(struct tls_keypair *keypair)
+{
+ tls_keypair_set_cert_mem(keypair, NULL, 0);
+ tls_keypair_set_key_mem(keypair, NULL, 0);
+}
+
+void
+tls_keypair_free(struct tls_keypair *keypair)
+{
+ if (keypair == NULL)
+ return;
+
+ tls_keypair_clear(keypair);
+
+ free(keypair->cert_mem);
+ free(keypair->key_mem);
+ free(keypair->ocsp_staple);
+ free(keypair->pubkey_hash);
+
+ free(keypair);
+}
+
+int
+tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
+ X509 **cert)
+{
+ char *errstr = "unknown";
+ BIO *cert_bio = NULL;
+ int ssl_err;
+ int rv = -1;
+
+ X509_free(*cert);
+ *cert = NULL;
+
+ if (keypair->cert_mem == NULL) {
+ tls_error_set(error, "keypair has no certificate");
+ goto err;
+ }
+ if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
+ keypair->cert_len)) == NULL) {
+ tls_error_set(error, "failed to create certificate bio");
+ goto err;
+ }
+ if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
+ NULL)) == NULL) {
+ if ((ssl_err = ERR_peek_error()) != 0)
+ errstr = ERR_error_string(ssl_err, NULL);
+ tls_error_set(error, "failed to load certificate: %s", errstr);
+ goto err;
+ }
+
+ rv = 0;
+
+ err:
+ BIO_free(cert_bio);
+
+ return (rv);
+}
-/* $OpenBSD: tls_server.c,v 1.42 2017/09/20 17:05:17 jsing Exp $ */
+/* $OpenBSD: tls_server.c,v 1.43 2018/02/08 05:56:49 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
}
}
-static int
-tls_keypair_load_cert(struct tls_keypair *keypair, struct tls_error *error,
- X509 **cert)
-{
- char *errstr = "unknown";
- BIO *cert_bio = NULL;
- int ssl_err;
- int rv = -1;
-
- X509_free(*cert);
- *cert = NULL;
-
- if (keypair->cert_mem == NULL) {
- tls_error_set(error, "keypair has no certificate");
- goto err;
- }
- if ((cert_bio = BIO_new_mem_buf(keypair->cert_mem,
- keypair->cert_len)) == NULL) {
- tls_error_set(error, "failed to create certificate bio");
- goto err;
- }
- if ((*cert = PEM_read_bio_X509(cert_bio, NULL, tls_password_cb,
- NULL)) == NULL) {
- if ((ssl_err = ERR_peek_error()) != 0)
- errstr = ERR_error_string(ssl_err, NULL);
- tls_error_set(error, "failed to load certificate: %s", errstr);
- goto err;
- }
-
- rv = 0;
-
- err:
- BIO_free(cert_bio);
-
- return (rv);
-}
-
static int
tls_configure_server_ssl(struct tls *ctx, SSL_CTX **ssl_ctx,
struct tls_keypair *keypair)
-/* $OpenBSD: tls_util.c,v 1.10 2018/02/05 00:52:24 jsing Exp $ */
+/* $OpenBSD: tls_util.c,v 1.11 2018/02/08 05:56:49 jsing Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
* Copyright (c) 2015 Reyk Floeter <reyk@openbsd.org>
#include "tls.h"
#include "tls_internal.h"
+static void *
+memdup(const void *in, size_t len)
+{
+ void *out;
+
+ if ((out = malloc(len)) == NULL)
+ return NULL;
+ memcpy(out, in, len);
+ return out;
+}
+
+int
+tls_set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
+{
+ free(*dest);
+ *dest = NULL;
+ *destlen = 0;
+ if (src != NULL)
+ if ((*dest = memdup(src, srclen)) == NULL)
+ return -1;
+ *destlen = srclen;
+ return 0;
+}
+
+int
+tls_set_string(const char **dest, const char *src)
+{
+ free((char *)*dest);
+ *dest = NULL;
+ if (src != NULL)
+ if ((*dest = strdup(src)) == NULL)
+ return -1;
+ return 0;
+}
+
/*
* Extract the host and port from a colon separated value. For a literal IPv6
* address the address must be contained with square braces. If a host and
projects / openbsd / commitdiff