diff options
| author |   jsing <jsing@openbsd.org> | 2016-04-28 17:05:59 +0000 |
|---|---|---|
| committer | jsing <jsing@openbsd.org> | 2016-04-28 17:05:59 +0000 |
| commit | 1fe9fea1ebab074cc3d3b296dff1b39b81ee8307 (patch) | |
| tree | d064948ebfbe97d2ec9510ce60af63742ca24e77 /lib/libtls/tls_config.c | |
| parent | Rework the error handling in libtls so that we can associate errors with (diff) | |
| download | wireguard-openbsd-1fe9fea1ebab074cc3d3b296dff1b39b81ee8307.tar.xz wireguard-openbsd-1fe9fea1ebab074cc3d3b296dff1b39b81ee8307.zip | |
Factor our the keypair handling in libtls. This results in more readable
and self-contained code, while preparing for the ability to handle
multiple keypairs. Also provide two additional functions that allow
a public certificate and private key to be set with a single function
call.
ok beck@
Diffstat (limited to 'lib/libtls/tls_config.c')
| -rw-r--r-- | lib/libtls/tls_config.c | 114 |
1 files changed, 100 insertions, 14 deletions
diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c index 9c2b5810f68..b395337f498 100644 --- a/lib/libtls/tls_config.c +++ b/lib/libtls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.15 2016/04/28 16:48:44 jsing Exp $ */ +/* $OpenBSD: tls_config.c,v 1.16 2016/04/28 17:05:59 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -57,6 +57,63 @@ set_mem(char **dest, size_t *destlen, const void *src, size_t srclen) return 0; } +static struct tls_keypair * +tls_keypair_new() +{ + return calloc(1, sizeof(struct tls_keypair)); +} + +static int +tls_keypair_set_cert_file(struct tls_keypair *keypair, const char *cert_file) +{ + return set_string(&keypair->cert_file, cert_file); +} + +static int +tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert, + size_t len) +{ + return set_mem(&keypair->cert_mem, &keypair->cert_len, cert, len); +} + +static int +tls_keypair_set_key_file(struct tls_keypair *keypair, const char *key_file) +{ + return set_string(&keypair->key_file, key_file); +} + +static int +tls_keypair_set_key_mem(struct tls_keypair *keypair, const uint8_t *key, + size_t len) +{ + if (keypair->key_mem != NULL) + explicit_bzero(keypair->key_mem, keypair->key_len); + return set_mem(&keypair->key_mem, &keypair->key_len, key, len); +} + +static void +tls_keypair_clear(struct tls_keypair *keypair) +{ + tls_keypair_set_cert_mem(keypair, NULL, 0); + tls_keypair_set_key_mem(keypair, NULL, 0); +} + +static void +tls_keypair_free(struct tls_keypair *keypair) +{ + if (keypair == NULL) + return; + + tls_keypair_clear(keypair); + + free((char *)keypair->cert_file); + free(keypair->cert_mem); + free((char *)keypair->key_file); + free(keypair->key_mem); + + free(keypair); +} + struct tls_config * tls_config_new(void) { @@ -65,6 +122,9 @@ tls_config_new(void) if ((config = calloc(1, sizeof(*config))) == NULL) return (NULL); + if ((config->keypair = tls_keypair_new()) == NULL) + goto err; + /* * Default configuration. */ @@ -94,20 +154,21 @@ tls_config_new(void) void tls_config_free(struct tls_config *config) { + struct tls_keypair *kp, *nkp; + if (config == NULL) return; - tls_config_clear_keys(config); + for (kp = config->keypair; kp != NULL; kp = nkp) { + nkp = kp->next; + tls_keypair_free(kp); + } free(config->error.msg); free((char *)config->ca_file); free((char *)config->ca_path); - free((char *)config->cert_file); - free(config->cert_mem); free((char *)config->ciphers); - free((char *)config->key_file); - free(config->key_mem); free(config); } @@ -121,9 +182,12 @@ tls_config_error(struct tls_config *config) void tls_config_clear_keys(struct tls_config *config) { + struct tls_keypair *kp; + + for (kp = config->keypair; kp != NULL; kp = kp->next) + tls_keypair_clear(kp); + tls_config_set_ca_mem(config, NULL, 0); - tls_config_set_cert_mem(config, NULL, 0); - tls_config_set_key_mem(config, NULL, 0); } int @@ -205,14 +269,14 @@ tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len) int tls_config_set_cert_file(struct tls_config *config, const char *cert_file) { - return set_string(&config->cert_file, cert_file); + return tls_keypair_set_cert_file(config->keypair, cert_file); } int tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert, size_t len) { - return set_mem(&config->cert_mem, &config->cert_len, cert, len); + return tls_keypair_set_cert_mem(config->keypair, cert, len); } int @@ -272,16 +336,38 @@ tls_config_set_ecdhecurve(struct tls_config *config, const char *name) int tls_config_set_key_file(struct tls_config *config, const char *key_file) { - return set_string(&config->key_file, key_file); + return tls_keypair_set_key_file(config->keypair, key_file); } int tls_config_set_key_mem(struct tls_config *config, const uint8_t *key, size_t len) { - if (config->key_mem) - explicit_bzero(config->key_mem, config->key_len); - return set_mem(&config->key_mem, &config->key_len, key, len); + return tls_keypair_set_key_mem(config->keypair, key, len); +} + +int +tls_config_set_keypair_file(struct tls_config *config, + const char *cert_file, const char *key_file) +{ + if (tls_config_set_cert_file(config, cert_file) != 0) + return (-1); + if (tls_config_set_key_file(config, key_file) != 0) + return (-1); + + return (0); +} + +int +tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert, + size_t cert_len, const uint8_t *key, size_t key_len) +{ + if (tls_config_set_cert_mem(config, cert, cert_len) != 0) + return (-1); + if (tls_config_set_key_mem(config, key, key_len) != 0) + return (-1); + + return (0); } void |