DragonFly On-Line Manual Pages
TLS(2) DragonFly System Calls Manual TLS(2)
NAME
set_tls_area, get_tls_area -- kernel TLS (thread local storage) support
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <sys/tls.h>
int
set_tls_area(int which, struct tls_info *info, size_t infosize);
int
get_tls_area(int which, struct tls_info *info, size_t infosize);
DESCRIPTION
The set_tls_area() system call creates an entry for the TLS facility
which representing thread local storage as specified by the info
structure. A descriptor representing the facility is returned, or -1 if
an error occurred. The facility may be cleared by specifying a NULL
pointer and an infosize of 0. The get_tls_area() system call retrieves
the requested TLS facility. A descriptor representing the facility is
returned, or -1 if an error occurred. If you simply want the descriptor
you may specify a NULL pointer and an infosize of 0.
The returned descriptor and the TLS mechanism is machine-dependent. On
IA32 three global segment descriptors are supported (0, 1, and 2) and
the %gs load value is returned.
The tls_info structure passed to set_tls_area() should first be zerod (to
remain compatible with future extensions) and then initialized.
struct tls_info {
void *base; /* base address of TLS area */
int size; /* size of TLS area in bytes */
};
The actual implementation of the area is machine-dependent. If the
kernel is unable to accommodate the supplied size it may create a larger
area. If the kernel is unable to accommodate the supplied base address
an error will be returned.
RETURN VALUES
A return value of 0 is returned on success, -1 on error.
EXAMPLES
/*
* Pseudo example showing how the TLS system calls work on IA32.
*/
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/tls.h>
int X;
static int getdata(int offset);
int
main(int ac, char **av)
{
int i;
int gs;
struct tls_info info;
info.base = &X;
info.size = sizeof(X);
if ((gs = set_tls_area(0, &info, sizeof(info))) < 0) {
perror("setarea");
exit(1);
}
printf("gs = %04x\n", gs);
__asm __volatile("mov %0,%%gs" : : "g" (gs) );
if (get_tls_area(0, &info, sizeof(info)) < 0) {
perror("getarea");
exit(1);
}
printf("%p/%d\n", info.base, info.size);
X = 1;
printf("should be 1: %d\n", getdata(0));
X = 2;
printf("should be 2: %d\n", getdata(0));
printf("this should fault:\n");
fflush(stdout);
getdata(4);
return(0);
}
static int
getdata(int offset)
{
int rv;
__asm __volatile("movl %%gs:(%0),%%eax; movl %%eax,%1" : "+r" (offset) : "m"
(rv) : "ax");
return (rv);
}
ERRORS
[ERANGE] The specified facility index, which, is not supported.
[EINVAL] An invalid parameter has been specified.
[ENOENT] (get_tls_area) The specified facility has not been
initialized with sys_set_tls_area().
SEE ALSO
umtx(2)
HISTORY
The set_tls_area(), and get_tls_area() function calls first appeared in
DragonFly 1.1.
DragonFly 5.5 February 21, 2005 DragonFly 5.5
TLS_OCSP_PROCESS_R... DragonFly Library Functions Manual TLS_OCSP_PROCESS_R...
NAME
tls_ocsp_process_response, tls_peer_ocsp_url,
tls_peer_ocsp_response_status, tls_peer_ocsp_cert_status,
tls_peer_ocsp_crl_reason, tls_peer_ocsp_result,
tls_peer_ocsp_revocation_time, tls_peer_ocsp_this_update,
tls_peer_ocsp_next_update -- inspect an OCSP response
SYNOPSIS
#include <tls.h>
int
tls_ocsp_process_response(struct tls *ctx, const unsigned char *response,
size_t size);
const char *
tls_peer_ocsp_url(struct tls *ctx);
int
tls_peer_ocsp_response_status(struct tls *ctx);
int
tls_peer_ocsp_cert_status(struct tls *ctx);
int
tls_peer_ocsp_crl_reason(struct tls *ctx);
const char *
tls_peer_ocsp_result(struct tls *ctx);
time_t
tls_peer_ocsp_revocation_time(struct tls *ctx);
time_t
tls_peer_ocsp_this_update(struct tls *ctx);
time_t
tls_peer_ocsp_next_update(struct tls *ctx);
DESCRIPTION
tls_ocsp_process_response() processes a raw OCSP response in response of
size size to check the revocation status of the peer certificate from
ctx. A successful return code of 0 indicates that the certificate has
not been revoked.
tls_peer_ocsp_url() returns the URL for OCSP validation of the peer cer-
tificate from ctx.
The following functions return information about the peer certificate
from ctx that was obtained by validating a stapled OCSP response during
the handshake, or via a previous call to tls_ocsp_process_response().
tls_peer_ocsp_response_status() returns the OCSP response status as per
RFC 6960 section 2.3.
tls_peer_ocsp_cert_status() returns the OCSP certificate status code as
per RFC 6960 section 2.2.
tls_peer_ocsp_crl_reason() returns the OCSP certificate revocation reason
status code as per RFC 5280 section 5.3.1.
tls_peer_ocsp_result() returns a textual representation of the OCSP sta-
tus code returned by one of the previous three functions. If the OCSP
response was valid and the certificate was not revoked, the string indi-
cates the OCSP certificate status. Otherwise, the string indicates the
OCSP certificate revocation reason or the OCSP error.
tls_peer_ocsp_revocation_time() returns the OCSP revocation time.
tls_peer_ocsp_this_update() returns the OCSP this update time.
tls_peer_ocsp_next_update() returns the OCSP next update time.
RETURN VALUES
tls_ocsp_process_response() returns 0 on success or -1 on error.
tls_peer_ocsp_url() and tls_peer_ocsp_result() return NULL on error or an
out of memory condition.
The tls_peer_ocsp_response_status() function returns one of
TLS_OCSP_RESPONSE_SUCCESSFUL, TLS_OCSP_RESPONSE_MALFORMED,
TLS_OCSP_RESPONSE_INTERNALERROR, TLS_OCSP_RESPONSE_TRYLATER,
TLS_OCSP_RESPONSE_SIGREQUIRED, or TLS_OCSP_RESPONSE_UNAUTHORIZED on suc-
cess or -1 on error.
The tls_peer_ocsp_cert_status() function returns one of
TLS_OCSP_CERT_GOOD, TLS_OCSP_CERT_REVOKED, or TLS_OCSP_CERT_UNKNOWN on
success, and -1 on error.
The tls_peer_ocsp_crl_reason() function returns one of
TLS_CRL_REASON_UNSPECIFIED, TLS_CRL_REASON_KEY_COMPROMISE,
TLS_CRL_REASON_CA_COMPROMISE, TLS_CRL_REASON_AFFILIATION_CHANGED,
TLS_CRL_REASON_SUPERSEDED, TLS_CRL_REASON_CESSATION_OF_OPERATION,
TLS_CRL_REASON_CERTIFICATE_HOLD, TLS_CRL_REASON_REMOVE_FROM_CRL,
TLS_CRL_REASON_PRIVILEGE_WITHDRAWN, or TLS_CRL_REASON_AA_COMPROMISE on
success or -1 on error.
tls_peer_ocsp_revocation_time(), tls_peer_ocsp_this_update(), and
tls_peer_ocsp_next_update() return a time in epoch-seconds on success or
-1 on error.
SEE ALSO
tls_client(3), tls_config_ocsp_require_stapling(3), tls_conn_version(3),
tls_connect(3), tls_handshake(3), tls_init(3)
HISTORY
These functions appeared in OpenBSD 6.1.
AUTHORS
Bob Beck <beck@openbsd.org>
Marko Kreen <markokr@gmail.com>
DragonFly 5.5 July 24, 2018 DragonFly 5.5