96 	struct tls_config *config;  in tls_config_new_internal()  local
99 	if ((config = calloc(1, sizeof(*config))) == NULL)  in tls_config_new_internal()
102 	if (pthread_mutex_init(&config->mutex, NULL) != 0)  in tls_config_new_internal()
105 	config->refcount = 1;  in tls_config_new_internal()
106 	config->session_fd = -1;  in tls_config_new_internal()
108 	if ((config->keypair = tls_keypair_new()) == NULL)  in tls_config_new_internal()
114 	if (tls_config_set_dheparams(config, "none") != 0)  in tls_config_new_internal()
116 	if (tls_config_set_ecdhecurves(config, "default") != 0)  in tls_config_new_internal()
118 	if (tls_config_set_ciphers(config, "secure") != 0)  in tls_config_new_internal()
121 	if (tls_config_set_protocols(config, TLS_PROTOCOLS_DEFAULT) != 0)  in tls_config_new_internal()
123 	if (tls_config_set_verify_depth(config, 6) != 0)  in tls_config_new_internal()
132 	if (tls_config_set_session_id(config, sid, sizeof(sid)) != 0)  in tls_config_new_internal()
134 	config->ticket_keyrev = arc4random();  in tls_config_new_internal()
135 	config->ticket_autorekey = 1;  in tls_config_new_internal()
137 	tls_config_prefer_ciphers_server(config);  in tls_config_new_internal()
139 	tls_config_verify(config);  in tls_config_new_internal()
141 	return (config);  in tls_config_new_internal()
144 	tls_config_free(config);  in tls_config_new_internal()
158 tls_config_free(struct tls_config *config)  in tls_config_free()  argument
163 	if (config == NULL)  in tls_config_free()
166 	pthread_mutex_lock(&config->mutex);  in tls_config_free()
167 	refcount = --config->refcount;  in tls_config_free()
168 	pthread_mutex_unlock(&config->mutex);  in tls_config_free()
173 	for (kp = config->keypair; kp != NULL; kp = nkp) {  in tls_config_free()
178 	free(config->error.msg);  in tls_config_free()
180 	free(config->alpn);  in tls_config_free()
181 	free((char *)config->ca_mem);  in tls_config_free()
182 	free((char *)config->ca_path);  in tls_config_free()
183 	free((char *)config->ciphers);  in tls_config_free()
184 	free((char *)config->crl_mem);  in tls_config_free()
185 	free(config->ecdhecurves);  in tls_config_free()
187 	pthread_mutex_destroy(&config->mutex);  in tls_config_free()
189 	free(config);  in tls_config_free()
193 tls_config_keypair_add(struct tls_config *config, struct tls_keypair *keypair)  in tls_config_keypair_add()  argument
197 	kp = config->keypair;  in tls_config_keypair_add()
205 tls_config_error(struct tls_config *config)  in tls_config_error()  argument
207 	return config->error.msg;  in tls_config_error()
211 tls_config_error_code(struct tls_config *config)  in tls_config_error_code()  argument
213 	return config->error.code;  in tls_config_error_code()
217 tls_config_clear_keys(struct tls_config *config)  in tls_config_clear_keys()  argument
221 	for (kp = config->keypair; kp != NULL; kp = kp->next)  in tls_config_clear_keys()
291 tls_config_parse_alpn(struct tls_config *config, const char *alpn,  in tls_config_parse_alpn()  argument
304 		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,  in tls_config_parse_alpn()
310 		tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,  in tls_config_parse_alpn()
316 		tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,  in tls_config_parse_alpn()
325 			tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,  in tls_config_parse_alpn()
330 			tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,  in tls_config_parse_alpn()
354 tls_config_set_alpn(struct tls_config *config, const char *alpn)  in tls_config_set_alpn()  argument
356 	return tls_config_parse_alpn(config, alpn, &config->alpn,  in tls_config_set_alpn()
357 	    &config->alpn_len);  in tls_config_set_alpn()
361 tls_config_add_keypair_file_internal(struct tls_config *config,  in tls_config_add_keypair_file_internal()  argument
368 	if (tls_keypair_set_cert_file(keypair, &config->error, cert_file) != 0)  in tls_config_add_keypair_file_internal()
371 	    tls_keypair_set_key_file(keypair, &config->error, key_file) != 0)  in tls_config_add_keypair_file_internal()
374 	    tls_keypair_set_ocsp_staple_file(keypair, &config->error,  in tls_config_add_keypair_file_internal()
378 	tls_config_keypair_add(config, keypair);  in tls_config_add_keypair_file_internal()
388 tls_config_add_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,  in tls_config_add_keypair_mem_internal()  argument
396 	if (tls_keypair_set_cert_mem(keypair, &config->error, cert, cert_len) != 0)  in tls_config_add_keypair_mem_internal()
399 	    tls_keypair_set_key_mem(keypair, &config->error, key, key_len) != 0)  in tls_config_add_keypair_mem_internal()
402 	    tls_keypair_set_ocsp_staple_mem(keypair, &config->error, staple,  in tls_config_add_keypair_mem_internal()
406 	tls_config_keypair_add(config, keypair);  in tls_config_add_keypair_mem_internal()
416 tls_config_add_keypair_mem(struct tls_config *config, const uint8_t *cert,  in tls_config_add_keypair_mem()  argument
419 	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,  in tls_config_add_keypair_mem()
424 tls_config_add_keypair_file(struct tls_config *config,  in tls_config_add_keypair_file()  argument
427 	return tls_config_add_keypair_file_internal(config, cert_file,  in tls_config_add_keypair_file()
432 tls_config_add_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,  in tls_config_add_keypair_ocsp_mem()  argument
436 	return tls_config_add_keypair_mem_internal(config, cert, cert_len, key,  in tls_config_add_keypair_ocsp_mem()
441 tls_config_add_keypair_ocsp_file(struct tls_config *config,  in tls_config_add_keypair_ocsp_file()  argument
444 	return tls_config_add_keypair_file_internal(config, cert_file,  in tls_config_add_keypair_ocsp_file()
449 tls_config_set_ca_file(struct tls_config *config, const char *ca_file)  in tls_config_set_ca_file()  argument
451 	return tls_config_load_file(&config->error, "CA", ca_file,  in tls_config_set_ca_file()
452 	    &config->ca_mem, &config->ca_len);  in tls_config_set_ca_file()
456 tls_config_set_ca_path(struct tls_config *config, const char *ca_path)  in tls_config_set_ca_path()  argument
458 	return tls_set_string(&config->ca_path, ca_path);  in tls_config_set_ca_path()
462 tls_config_set_ca_mem(struct tls_config *config, const uint8_t *ca, size_t len)  in tls_config_set_ca_mem()  argument
464 	return tls_set_mem(&config->ca_mem, &config->ca_len, ca, len);  in tls_config_set_ca_mem()
468 tls_config_set_cert_file(struct tls_config *config, const char *cert_file)  in tls_config_set_cert_file()  argument
470 	return tls_keypair_set_cert_file(config->keypair, &config->error,  in tls_config_set_cert_file()
475 tls_config_set_cert_mem(struct tls_config *config, const uint8_t *cert,  in tls_config_set_cert_mem()  argument
478 	return tls_keypair_set_cert_mem(config->keypair, &config->error,  in tls_config_set_cert_mem()
483 tls_config_set_ciphers(struct tls_config *config, const char *ciphers)  in tls_config_set_ciphers()  argument
500 		tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,  in tls_config_set_ciphers()
505 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_set_ciphers()
511 	return tls_set_string(&config->ciphers, ciphers);  in tls_config_set_ciphers()
519 tls_config_set_crl_file(struct tls_config *config, const char *crl_file)  in tls_config_set_crl_file()  argument
521 	return tls_config_load_file(&config->error, "CRL", crl_file,  in tls_config_set_crl_file()
522 	    &config->crl_mem, &config->crl_len);  in tls_config_set_crl_file()
526 tls_config_set_crl_mem(struct tls_config *config, const uint8_t *crl,  in tls_config_set_crl_mem()  argument
529 	return tls_set_mem(&config->crl_mem, &config->crl_len, crl, len);  in tls_config_set_crl_mem()
533 tls_config_set_dheparams(struct tls_config *config, const char *params)  in tls_config_set_dheparams()  argument
544 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_set_dheparams()
549 	config->dheparams = keylen;  in tls_config_set_dheparams()
555 tls_config_set_ecdhecurve(struct tls_config *config, const char *curve)  in tls_config_set_ecdhecurve()  argument
562 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_set_ecdhecurve()
567 	return tls_config_set_ecdhecurves(config, curve);  in tls_config_set_ecdhecurve()
571 tls_config_set_ecdhecurves(struct tls_config *config, const char *curves)  in tls_config_set_ecdhecurves()  argument
580 	free(config->ecdhecurves);  in tls_config_set_ecdhecurves()
581 	config->ecdhecurves = NULL;  in tls_config_set_ecdhecurves()
582 	config->ecdhecurves_len = 0;  in tls_config_set_ecdhecurves()
588 		tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,  in tls_config_set_ecdhecurves()
604 			tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_set_ecdhecurves()
611 			tls_config_set_errorx(config, TLS_ERROR_OUT_OF_MEMORY,  in tls_config_set_ecdhecurves()
620 	config->ecdhecurves = curves_list;  in tls_config_set_ecdhecurves()
621 	config->ecdhecurves_len = curves_num;  in tls_config_set_ecdhecurves()
634 tls_config_set_key_file(struct tls_config *config, const char *key_file)  in tls_config_set_key_file()  argument
636 	return tls_keypair_set_key_file(config->keypair, &config->error,  in tls_config_set_key_file()
641 tls_config_set_key_mem(struct tls_config *config, const uint8_t *key,  in tls_config_set_key_mem()  argument
644 	return tls_keypair_set_key_mem(config->keypair, &config->error,  in tls_config_set_key_mem()
649 tls_config_set_keypair_file_internal(struct tls_config *config,  in tls_config_set_keypair_file_internal()  argument
652 	if (tls_config_set_cert_file(config, cert_file) != 0)  in tls_config_set_keypair_file_internal()
654 	if (tls_config_set_key_file(config, key_file) != 0)  in tls_config_set_keypair_file_internal()
657 	    tls_config_set_ocsp_staple_file(config, ocsp_file) != 0)  in tls_config_set_keypair_file_internal()
664 tls_config_set_keypair_mem_internal(struct tls_config *config, const uint8_t *cert,  in tls_config_set_keypair_mem_internal()  argument
668 	if (tls_config_set_cert_mem(config, cert, cert_len) != 0)  in tls_config_set_keypair_mem_internal()
670 	if (tls_config_set_key_mem(config, key, key_len) != 0)  in tls_config_set_keypair_mem_internal()
673 	    (tls_config_set_ocsp_staple_mem(config, staple, staple_len) != 0))  in tls_config_set_keypair_mem_internal()
680 tls_config_set_keypair_file(struct tls_config *config,  in tls_config_set_keypair_file()  argument
683 	return tls_config_set_keypair_file_internal(config, cert_file, key_file,  in tls_config_set_keypair_file()
688 tls_config_set_keypair_mem(struct tls_config *config, const uint8_t *cert,  in tls_config_set_keypair_mem()  argument
691 	return tls_config_set_keypair_mem_internal(config, cert, cert_len,  in tls_config_set_keypair_mem()
696 tls_config_set_keypair_ocsp_file(struct tls_config *config,  in tls_config_set_keypair_ocsp_file()  argument
699 	return tls_config_set_keypair_file_internal(config, cert_file, key_file,  in tls_config_set_keypair_ocsp_file()
704 tls_config_set_keypair_ocsp_mem(struct tls_config *config, const uint8_t *cert,  in tls_config_set_keypair_ocsp_mem()  argument
708 	return tls_config_set_keypair_mem_internal(config, cert, cert_len,  in tls_config_set_keypair_ocsp_mem()
714 tls_config_set_protocols(struct tls_config *config, uint32_t protocols)  in tls_config_set_protocols()  argument
716 	config->protocols = protocols;  in tls_config_set_protocols()
722 tls_config_set_session_fd(struct tls_config *config, int session_fd)  in tls_config_set_session_fd()  argument
728 		config->session_fd = session_fd;  in tls_config_set_session_fd()
733 		tls_config_set_error(config, TLS_ERROR_UNKNOWN,  in tls_config_set_session_fd()
738 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_set_session_fd()
744 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_set_session_fd()
751 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_set_session_fd()
756 	config->session_fd = session_fd;  in tls_config_set_session_fd()
762 tls_config_set_sign_cb(struct tls_config *config, tls_sign_cb cb, void *cb_arg)  in tls_config_set_sign_cb()  argument
764 	config->use_fake_private_key = 1;  in tls_config_set_sign_cb()
765 	config->skip_private_key_check = 1;  in tls_config_set_sign_cb()
766 	config->sign_cb = cb;  in tls_config_set_sign_cb()
767 	config->sign_cb_arg = cb_arg;  in tls_config_set_sign_cb()
773 tls_config_set_verify_depth(struct tls_config *config, int verify_depth)  in tls_config_set_verify_depth()  argument
775 	config->verify_depth = verify_depth;  in tls_config_set_verify_depth()
781 tls_config_prefer_ciphers_client(struct tls_config *config)  in tls_config_prefer_ciphers_client()  argument
783 	config->ciphers_server = 0;  in tls_config_prefer_ciphers_client()
787 tls_config_prefer_ciphers_server(struct tls_config *config)  in tls_config_prefer_ciphers_server()  argument
789 	config->ciphers_server = 1;  in tls_config_prefer_ciphers_server()
793 tls_config_insecure_noverifycert(struct tls_config *config)  in tls_config_insecure_noverifycert()  argument
795 	config->verify_cert = 0;  in tls_config_insecure_noverifycert()
799 tls_config_insecure_noverifyname(struct tls_config *config)  in tls_config_insecure_noverifyname()  argument
801 	config->verify_name = 0;  in tls_config_insecure_noverifyname()
805 tls_config_insecure_noverifytime(struct tls_config *config)  in tls_config_insecure_noverifytime()  argument
807 	config->verify_time = 0;  in tls_config_insecure_noverifytime()
811 tls_config_verify(struct tls_config *config)  in tls_config_verify()  argument
813 	config->verify_cert = 1;  in tls_config_verify()
814 	config->verify_name = 1;  in tls_config_verify()
815 	config->verify_time = 1;  in tls_config_verify()
819 tls_config_ocsp_require_stapling(struct tls_config *config)  in tls_config_ocsp_require_stapling()  argument
821 	config->ocsp_require_stapling = 1;  in tls_config_ocsp_require_stapling()
825 tls_config_verify_client(struct tls_config *config)  in tls_config_verify_client()  argument
827 	config->verify_client = 1;  in tls_config_verify_client()
831 tls_config_verify_client_optional(struct tls_config *config)  in tls_config_verify_client_optional()  argument
833 	config->verify_client = 2;  in tls_config_verify_client_optional()
837 tls_config_skip_private_key_check(struct tls_config *config)  in tls_config_skip_private_key_check()  argument
839 	config->skip_private_key_check = 1;  in tls_config_skip_private_key_check()
843 tls_config_use_fake_private_key(struct tls_config *config)  in tls_config_use_fake_private_key()  argument
845 	config->use_fake_private_key = 1;  in tls_config_use_fake_private_key()
846 	config->skip_private_key_check = 1;  in tls_config_use_fake_private_key()
850 tls_config_set_ocsp_staple_file(struct tls_config *config, const char *staple_file)  in tls_config_set_ocsp_staple_file()  argument
852 	return tls_keypair_set_ocsp_staple_file(config->keypair, &config->error,  in tls_config_set_ocsp_staple_file()
857 tls_config_set_ocsp_staple_mem(struct tls_config *config, const uint8_t *staple,  in tls_config_set_ocsp_staple_mem()  argument
860 	return tls_keypair_set_ocsp_staple_mem(config->keypair, &config->error,  in tls_config_set_ocsp_staple_mem()
865 tls_config_set_session_id(struct tls_config *config,  in tls_config_set_session_id()  argument
869 		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,  in tls_config_set_session_id()
873 	memset(config->session_id, 0, sizeof(config->session_id));  in tls_config_set_session_id()
874 	memcpy(config->session_id, session_id, len);  in tls_config_set_session_id()
879 tls_config_set_session_lifetime(struct tls_config *config, int lifetime)  in tls_config_set_session_lifetime()  argument
882 		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,  in tls_config_set_session_lifetime()
887 		tls_config_set_errorx(config, TLS_ERROR_INVALID_ARGUMENT,  in tls_config_set_session_lifetime()
892 	config->session_lifetime = lifetime;  in tls_config_set_session_lifetime()
897 tls_config_add_ticket_key(struct tls_config *config, uint32_t keyrev,  in tls_config_add_ticket_key()  argument
905 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_add_ticket_key()
919 		struct tls_ticket_key *tk = &config->ticket_keys[i];  in tls_config_add_ticket_key()
929 		tls_config_set_errorx(config, TLS_ERROR_UNKNOWN,  in tls_config_add_ticket_key()
934 	memmove(&config->ticket_keys[1], &config->ticket_keys[0],  in tls_config_add_ticket_key()
935 	    sizeof(config->ticket_keys) - sizeof(config->ticket_keys[0]));  in tls_config_add_ticket_key()
936 	config->ticket_keys[0] = newkey;  in tls_config_add_ticket_key()
938 	config->ticket_autorekey = 0;  in tls_config_add_ticket_key()
944 tls_config_ticket_autorekey(struct tls_config *config)  in tls_config_ticket_autorekey()  argument
950 	rv = tls_config_add_ticket_key(config, config->ticket_keyrev++, key,  in tls_config_ticket_autorekey()
952 	config->ticket_autorekey = 1;  in tls_config_ticket_autorekey()