xref: /openbsd-src/lib/libtls/tls_config.c (revision e5157e49389faebcb42b7237d55fbf096d9c2523) 
1 /* $OpenBSD: tls_config.c,v 1.1 2014/10/31 13:46:17 jsing Exp $ */
2 /*
3  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <errno.h>
19 #include <stdlib.h>
20 
21 #include <tls.h>
22 #include "tls_internal.h"
23 
24 static int
25 set_string(const char **dest, const char *src)
26 {
27 	free((char *)*dest);
28 	*dest = NULL;
29 	if (src != NULL)
30 		if ((*dest = strdup(src)) == NULL)
31 			return -1;
32 	return 0;
33 }
34 
35 static void *
36 memdup(const void *in, size_t len)
37 {
38 	void *out;
39 
40 	if ((out = malloc(len)) == NULL)
41 		return NULL;
42 	memcpy(out, in, len);
43 	return out;
44 }
45 
46 static int
47 set_mem(char **dest, size_t *destlen, const void *src, size_t srclen)
48 {
49 	free(*dest);
50 	*dest = NULL;
51 	*destlen = 0;
52 	if (src != NULL)
53 		if ((*dest = memdup(src, srclen)) == NULL)
54 			return -1;
55 	*destlen = srclen;
56 	return 0;
57 }
58 
59 struct tls_config *
60 tls_config_new(void)
61 {
62 	struct tls_config *config;
63 
64 	if ((config = calloc(1, sizeof(*config))) == NULL)
65 		return (NULL);
66 
67 	/*
68 	 * Default configuration.
69 	 */
70 	if (tls_config_set_ca_file(config, _PATH_SSL_CA_FILE) != 0) {
71 		tls_config_free(config);
72 		return (NULL);
73 	}
74 	tls_config_set_ecdhcurve(config, "auto");
75 	tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT);
76 	tls_config_set_verify_depth(config, 6);
77 
78 	tls_config_verify(config);
79 
80 	return (config);
81 }
82 
83 void
84 tls_config_free(struct tls_config *config)
85 {
86 	if (config == NULL)
87 		return;
88 
89 	tls_config_clear_keys(config);
90 
91 	free((char *)config->ca_file);
92 	free((char *)config->ca_path);
93 	free((char *)config->cert_file);
94 	free(config->cert_mem);
95 	free((char *)config->ciphers);
96 	free((char *)config->key_file);
97 	free(config->key_mem);
98 
99 	free(config);
100 }
101 
102 void
103 tls_config_clear_keys(struct tls_config *config)
104 {
105 	tls_config_set_cert_mem(config, NULL, 0);
106 	tls_config_set_key_mem(config, NULL, 0);
107 }
108 
109 int
110 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)
111 {
112 	return set_string(&config->ca_file, ca_file);
113 }
114 
115 int
116 tls_config_set_ca_path(struct tls_config *config, const char *ca_path)
117 {
118 	return set_string(&config->ca_path, ca_path);
119 }
120 
121 int
122 tls_config_set_cert_file(struct tls_config *config, const char *cert_file)
123 {
124 	return set_string(&config->cert_file, cert_file);
125 }
126 
127 int
128 tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,
129     size_t len)
130 {
131 	return set_mem(&config->cert_mem, &config->cert_len, cert, len);
132 }
133 
134 int
135 tls_config_set_ciphers(struct tls_config *config, const char *ciphers)
136 {
137 	return set_string(&config->ciphers, ciphers);
138 }
139 
140 int
141 tls_config_set_ecdhcurve(struct tls_config *config, const char *name)
142 {
143 	int nid;
144 
145 	if (name == NULL)
146 		nid = NID_undef;
147 	else if (strcasecmp(name, "auto") == 0)
148 		nid = -1;
149 	else if ((nid = OBJ_txt2nid(name)) == NID_undef)
150 		return (-1);
151 
152 	config->ecdhcurve = nid;
153 
154 	return (0);
155 }
156 
157 int
158 tls_config_set_key_file(struct tls_config *config, const char *key_file)
159 {
160 	return set_string(&config->key_file, key_file);
161 }
162 
163 int
164 tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,
165     size_t len)
166 {
167 	if (config->key_mem)
168 		explicit_bzero(config->key_mem, config->key_len);
169 	return set_mem(&config->key_mem, &config->key_len, key, len);
170 }
171 
172 void
173 tls_config_set_protocols(struct tls_config *config, uint32_t protocols)
174 {
175 	config->protocols = protocols;
176 }
177 
178 void
179 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)
180 {
181 	config->verify_depth = verify_depth;
182 }
183 
184 void
185 tls_config_insecure_noverifyhost(struct tls_config *config)
186 {
187 	config->verify_host = 0;
188 }
189 
190 void
191 tls_config_insecure_noverifycert(struct tls_config *config)
192 {
193 	config->verify_cert = 0;
194 }
195 
196 void
197 tls_config_verify(struct tls_config *config)
198 {
199 	config->verify_host = 1;
200 	config->verify_cert = 1;
201 }
202