diff options
| author | Joel Sing <jsing@cvs.openbsd.org> | 2016-07-07 14:09:04 +0000 |
|---|---|---|
| committer | Joel Sing <jsing@cvs.openbsd.org> | 2016-07-07 14:09:04 +0000 |
| commit | 7b6bfb3c8edf7d7561c51e47b4450f800c437dfb (patch) | |
| tree | 98d8c2543b6ef07b28e08367d9af318df9c58988 /lib/libtls/tls_config.c | |
| parent | 70b9256c2534020ca9dbf13f6553234fd5dba1c1 (diff) | |
Revert previous - it introduces problems with a common privsep use case.
Diffstat (limited to 'lib/libtls/tls_config.c')
| -rw-r--r-- | lib/libtls/tls_config.c | 79 |
1 files changed, 11 insertions, 68 deletions
diff --git a/lib/libtls/tls_config.c b/lib/libtls/tls_config.c index a348b826d57..6b47eeb8d11 100644 --- a/lib/libtls/tls_config.c +++ b/lib/libtls/tls_config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls_config.c,v 1.20 2016/07/06 16:47:18 jsing Exp $ */ +/* $OpenBSD: tls_config.c,v 1.21 2016/07/07 14:09:03 jsing Exp $ */ /* * Copyright (c) 2014 Joel Sing <jsing@openbsd.org> * @@ -15,13 +15,9 @@ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#include <sys/stat.h> - #include <ctype.h> #include <errno.h> -#include <fcntl.h> #include <stdlib.h> -#include <unistd.h> #include <tls.h> #include "tls_internal.h" @@ -61,53 +57,6 @@ set_mem(char **dest, size_t *destlen, const void *src, size_t srclen) return 0; } -static int -load_file(struct tls_error *error, const char *filetype, const char *filename, - char **buf, size_t *len) -{ - struct stat st; - int fd = -1; - - free(*buf); - *buf = NULL; - *len = 0; - - if ((fd = open(filename, O_RDONLY)) == -1) { - tls_error_set(error, "failed to open %s file '%s'", - filetype, filename); - goto fail; - } - if (fstat(fd, &st) != 0) { - tls_error_set(error, "failed to stat %s file '%s'", - filetype, filename); - goto fail; - } - *len = (size_t)st.st_size; - if ((*buf = malloc(*len)) == NULL) { - tls_error_set(error, "failed to allocate buffer for " - "%s file '%s'", filetype, filename); - goto fail; - } - if (read(fd, *buf, *len) != *len) { - tls_error_set(error, "failed to read %s file '%s'", - filetype, filename); - goto fail; - } - close(fd); - return 0; - - fail: - if (fd != -1) - close(fd); - if (*buf != NULL) - explicit_bzero(*buf, *len); - free(*buf); - *buf = NULL; - *len = 0; - - return -1; -} - static struct tls_keypair * tls_keypair_new() { @@ -115,11 +64,9 @@ tls_keypair_new() } static int -tls_keypair_set_cert_file(struct tls_keypair *keypair, struct tls_error *error, - const char *cert_file) +tls_keypair_set_cert_file(struct tls_keypair *keypair, const char *cert_file) { - return load_file(error, "certificate", cert_file, &keypair->cert_mem, - &keypair->cert_len); + return set_string(&keypair->cert_file, cert_file); } static int @@ -130,13 +77,9 @@ tls_keypair_set_cert_mem(struct tls_keypair *keypair, const uint8_t *cert, } static int -tls_keypair_set_key_file(struct tls_keypair *keypair, struct tls_error *error, - const char *key_file) +tls_keypair_set_key_file(struct tls_keypair *keypair, const char *key_file) { - if (keypair->key_mem != NULL) - explicit_bzero(keypair->key_mem, keypair->key_len); - return load_file(error, "key", key_file, &keypair->key_mem, - &keypair->key_len); + return set_string(&keypair->key_file, key_file); } static int @@ -163,7 +106,9 @@ tls_keypair_free(struct tls_keypair *keypair) tls_keypair_clear(keypair); + free((char *)keypair->cert_file); free(keypair->cert_mem); + free((char *)keypair->key_file); free(keypair->key_mem); free(keypair); @@ -221,6 +166,7 @@ tls_config_free(struct tls_config *config) free(config->error.msg); + free((char *)config->ca_file); free((char *)config->ca_mem); free((char *)config->ca_path); free((char *)config->ciphers); @@ -306,8 +252,7 @@ tls_config_parse_protocols(uint32_t *protocols, const char *protostr) int tls_config_set_ca_file(struct tls_config *config, const char *ca_file) { - return load_file(&config->error, "CA", ca_file, &config->ca_mem, - &config->ca_len); + return set_string(&config->ca_file, ca_file); } int @@ -325,8 +270,7 @@ tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len) int tls_config_set_cert_file(struct tls_config *config, const char *cert_file) { - return tls_keypair_set_cert_file(config->keypair, &config->error, - cert_file); + return tls_keypair_set_cert_file(config->keypair, cert_file); } int @@ -409,8 +353,7 @@ tls_config_set_ecdhecurve(struct tls_config *config, const char *name) int tls_config_set_key_file(struct tls_config *config, const char *key_file) { - return tls_keypair_set_key_file(config->keypair, &config->error, - key_file); + return tls_keypair_set_key_file(config->keypair, key_file); } int |