diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
| -rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 113 |
1 files changed, 63 insertions, 50 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 503bea9b..06ee8635 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
| @@ -103,7 +103,7 @@ check_bits (MHD_gnutls_x509_crt_t crt, unsigned int max_bits) | |||
| 103 | -*/ | 103 | -*/ |
| 104 | int | 104 | int |
| 105 | MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | 105 | MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, |
| 106 | unsigned int *status) | 106 | unsigned int *status) |
| 107 | { | 107 | { |
| 108 | cert_auth_info_t info; | 108 | cert_auth_info_t info; |
| 109 | MHD_gtls_cert_credentials_t cred; | 109 | MHD_gtls_cert_credentials_t cred; |
| @@ -142,7 +142,8 @@ MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | |||
| 142 | peer_certificate_list_size = info->ncerts; | 142 | peer_certificate_list_size = info->ncerts; |
| 143 | peer_certificate_list = | 143 | peer_certificate_list = |
| 144 | MHD_gnutls_calloc (1, | 144 | MHD_gnutls_calloc (1, |
| 145 | peer_certificate_list_size * sizeof (MHD_gnutls_x509_crt_t)); | 145 | peer_certificate_list_size * |
| 146 | sizeof (MHD_gnutls_x509_crt_t)); | ||
| 146 | if (peer_certificate_list == NULL) | 147 | if (peer_certificate_list == NULL) |
| 147 | { | 148 | { |
| 148 | MHD_gnutls_assert (); | 149 | MHD_gnutls_assert (); |
| @@ -161,8 +162,8 @@ MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | |||
| 161 | 162 | ||
| 162 | ret = | 163 | ret = |
| 163 | MHD_gnutls_x509_crt_import (peer_certificate_list[i], | 164 | MHD_gnutls_x509_crt_import (peer_certificate_list[i], |
| 164 | &info->raw_certificate_list[i], | 165 | &info->raw_certificate_list[i], |
| 165 | GNUTLS_X509_FMT_DER); | 166 | GNUTLS_X509_FMT_DER); |
| 166 | if (ret < 0) | 167 | if (ret < 0) |
| 167 | { | 168 | { |
| 168 | MHD_gnutls_assert (); | 169 | MHD_gnutls_assert (); |
| @@ -184,10 +185,10 @@ MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | |||
| 184 | */ | 185 | */ |
| 185 | ret = | 186 | ret = |
| 186 | MHD_gnutls_x509_crt_list_verify (peer_certificate_list, | 187 | MHD_gnutls_x509_crt_list_verify (peer_certificate_list, |
| 187 | peer_certificate_list_size, | 188 | peer_certificate_list_size, |
| 188 | cred->x509_ca_list, cred->x509_ncas, | 189 | cred->x509_ca_list, cred->x509_ncas, |
| 189 | cred->x509_crl_list, cred->x509_ncrls, | 190 | cred->x509_crl_list, cred->x509_ncrls, |
| 190 | cred->verify_flags, status); | 191 | cred->verify_flags, status); |
| 191 | 192 | ||
| 192 | CLEAR_CERTS; | 193 | CLEAR_CERTS; |
| 193 | 194 | ||
| @@ -221,13 +222,14 @@ MHD__gnutls_check_key_cert_match (MHD_gtls_cert_credentials_t res) | |||
| 221 | } | 222 | } |
| 222 | 223 | ||
| 223 | MHD__gnutls_x509_write_rsa_params (res->pkey[res->ncerts - 1].params, | 224 | MHD__gnutls_x509_write_rsa_params (res->pkey[res->ncerts - 1].params, |
| 224 | res->pkey[res->ncerts - | 225 | res->pkey[res->ncerts - |
| 225 | 1].params_size, &kid); | 226 | 1].params_size, &kid); |
| 226 | 227 | ||
| 227 | 228 | ||
| 228 | MHD__gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0].params, | 229 | MHD__gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0]. |
| 229 | res->cert_list[res->ncerts - | 230 | params, |
| 230 | 1][0].params_size, &cid); | 231 | res->cert_list[res->ncerts - |
| 232 | 1][0].params_size, &cid); | ||
| 231 | 233 | ||
| 232 | if (cid.size != kid.size) | 234 | if (cid.size != kid.size) |
| 233 | { | 235 | { |
| @@ -265,7 +267,7 @@ parse_crt_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
| 265 | 267 | ||
| 266 | *cert_list = | 268 | *cert_list = |
| 267 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, | 269 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, |
| 268 | i * sizeof (MHD_gnutls_cert)); | 270 | i * sizeof (MHD_gnutls_cert)); |
| 269 | 271 | ||
| 270 | if (*cert_list == NULL) | 272 | if (*cert_list == NULL) |
| 271 | { | 273 | { |
| @@ -286,7 +288,7 @@ parse_crt_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
| 286 | } | 288 | } |
| 287 | 289 | ||
| 288 | /* Reads a DER encoded certificate list from memory and stores it to | 290 | /* Reads a DER encoded certificate list from memory and stores it to |
| 289 | * a MHD_gnutls_cert structure. | 291 | * a MHD_gnutls_cert structure. |
| 290 | * Returns the number of certificates parsed. | 292 | * Returns the number of certificates parsed. |
| 291 | */ | 293 | */ |
| 292 | static int | 294 | static int |
| @@ -355,7 +357,9 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
| 355 | do | 357 | do |
| 356 | { | 358 | { |
| 357 | 359 | ||
| 358 | siz2 = MHD__gnutls_fbase64_decode (NULL, (const unsigned char*) ptr, size, &ptr2); | 360 | siz2 = |
| 361 | MHD__gnutls_fbase64_decode (NULL, (const unsigned char *) ptr, size, | ||
| 362 | &ptr2); | ||
| 359 | 363 | ||
| 360 | if (siz2 < 0) | 364 | if (siz2 < 0) |
| 361 | { | 365 | { |
| @@ -365,7 +369,8 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
| 365 | 369 | ||
| 366 | *cert_list = | 370 | *cert_list = |
| 367 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, | 371 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, |
| 368 | i * sizeof (MHD_gnutls_cert)); | 372 | i * |
| 373 | sizeof (MHD_gnutls_cert)); | ||
| 369 | 374 | ||
| 370 | if (*cert_list == NULL) | 375 | if (*cert_list == NULL) |
| 371 | { | 376 | { |
| @@ -382,7 +387,7 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
| 382 | MHD_gnutls_assert (); | 387 | MHD_gnutls_assert (); |
| 383 | return ret; | 388 | return ret; |
| 384 | } | 389 | } |
| 385 | MHD__gnutls_free_datum (&tmp); /* free ptr2 */ | 390 | MHD__gnutls_free_datum (&tmp); /* free ptr2 */ |
| 386 | 391 | ||
| 387 | /* now we move ptr after the pem header | 392 | /* now we move ptr after the pem header |
| 388 | */ | 393 | */ |
| @@ -453,8 +458,8 @@ read_cert_mem (MHD_gtls_cert_credentials_t res, const void *cert, | |||
| 453 | 458 | ||
| 454 | if (type == GNUTLS_X509_FMT_DER) | 459 | if (type == GNUTLS_X509_FMT_DER) |
| 455 | ret = parse_der_cert_mem (&res->cert_list[res->ncerts], | 460 | ret = parse_der_cert_mem (&res->cert_list[res->ncerts], |
| 456 | &res->cert_list_length[res->ncerts], | 461 | &res->cert_list_length[res->ncerts], |
| 457 | cert, cert_size); | 462 | cert, cert_size); |
| 458 | else | 463 | else |
| 459 | ret = | 464 | ret = |
| 460 | parse_pem_cert_mem (&res->cert_list[res->ncerts], | 465 | parse_pem_cert_mem (&res->cert_list[res->ncerts], |
| @@ -473,7 +478,7 @@ read_cert_mem (MHD_gtls_cert_credentials_t res, const void *cert, | |||
| 473 | 478 | ||
| 474 | int | 479 | int |
| 475 | MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * dest, | 480 | MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * dest, |
| 476 | MHD_gnutls_x509_privkey_t src) | 481 | MHD_gnutls_x509_privkey_t src) |
| 477 | { | 482 | { |
| 478 | int i, ret; | 483 | int i, ret; |
| 479 | 484 | ||
| @@ -519,8 +524,8 @@ MHD_gtls_gkey_deinit (MHD_gnutls_privkey * key) | |||
| 519 | 524 | ||
| 520 | int | 525 | int |
| 521 | MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, | 526 | MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, |
| 522 | const MHD_gnutls_datum_t * raw_key, | 527 | const MHD_gnutls_datum_t * raw_key, |
| 523 | MHD_gnutls_x509_crt_fmt_t type) | 528 | MHD_gnutls_x509_crt_fmt_t type) |
| 524 | { | 529 | { |
| 525 | MHD_gnutls_x509_privkey_t tmpkey; | 530 | MHD_gnutls_x509_privkey_t tmpkey; |
| 526 | int ret; | 531 | int ret; |
| @@ -539,7 +544,7 @@ MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, | |||
| 539 | if (ret < 0) | 544 | if (ret < 0) |
| 540 | ret = | 545 | ret = |
| 541 | MHD_gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type, NULL, | 546 | MHD_gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type, NULL, |
| 542 | GNUTLS_PKCS_PLAIN); | 547 | GNUTLS_PKCS_PLAIN); |
| 543 | #endif | 548 | #endif |
| 544 | 549 | ||
| 545 | if (ret < 0) | 550 | if (ret < 0) |
| @@ -591,7 +596,7 @@ read_key_mem (MHD_gtls_cert_credentials_t res, | |||
| 591 | 596 | ||
| 592 | ret = | 597 | ret = |
| 593 | MHD__gnutls_x509_raw_privkey_to_gkey (&res->pkey[res->ncerts], &tmp, | 598 | MHD__gnutls_x509_raw_privkey_to_gkey (&res->pkey[res->ncerts], &tmp, |
| 594 | type); | 599 | type); |
| 595 | if (ret < 0) | 600 | if (ret < 0) |
| 596 | { | 601 | { |
| 597 | MHD_gnutls_assert (); | 602 | MHD_gnutls_assert (); |
| @@ -636,9 +641,10 @@ read_key_mem (MHD_gtls_cert_credentials_t res, | |||
| 636 | **/ | 641 | **/ |
| 637 | int | 642 | int |
| 638 | MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t | 643 | MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t |
| 639 | res, const MHD_gnutls_datum_t * cert, | 644 | res, |
| 640 | const MHD_gnutls_datum_t * key, | 645 | const MHD_gnutls_datum_t * cert, |
| 641 | MHD_gnutls_x509_crt_fmt_t type) | 646 | const MHD_gnutls_datum_t * key, |
| 647 | MHD_gnutls_x509_crt_fmt_t type) | ||
| 642 | { | 648 | { |
| 643 | int ret; | 649 | int ret; |
| 644 | 650 | ||
| @@ -684,7 +690,8 @@ generate_rdn_seq (MHD_gtls_cert_credentials_t res) | |||
| 684 | size = 0; | 690 | size = 0; |
| 685 | for (i = 0; i < res->x509_ncas; i++) | 691 | for (i = 0; i < res->x509_ncas; i++) |
| 686 | { | 692 | { |
| 687 | if ((ret = MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | 693 | if ((ret = |
| 694 | MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | ||
| 688 | { | 695 | { |
| 689 | MHD_gnutls_assert (); | 696 | MHD_gnutls_assert (); |
| 690 | return ret; | 697 | return ret; |
| @@ -708,7 +715,8 @@ generate_rdn_seq (MHD_gtls_cert_credentials_t res) | |||
| 708 | 715 | ||
| 709 | for (i = 0; i < res->x509_ncas; i++) | 716 | for (i = 0; i < res->x509_ncas; i++) |
| 710 | { | 717 | { |
| 711 | if ((ret = MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | 718 | if ((ret = |
| 719 | MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | ||
| 712 | { | 720 | { |
| 713 | MHD__gnutls_free_datum (&res->x509_rdn_sequence); | 721 | MHD__gnutls_free_datum (&res->x509_rdn_sequence); |
| 714 | MHD_gnutls_assert (); | 722 | MHD_gnutls_assert (); |
| @@ -728,7 +736,7 @@ generate_rdn_seq (MHD_gtls_cert_credentials_t res) | |||
| 728 | */ | 736 | */ |
| 729 | int | 737 | int |
| 730 | MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, | 738 | MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, |
| 731 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg) | 739 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg) |
| 732 | { | 740 | { |
| 733 | unsigned int key_usage = 0; | 741 | unsigned int key_usage = 0; |
| 734 | int encipher_type; | 742 | int encipher_type; |
| @@ -814,9 +822,9 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
| 814 | 822 | ||
| 815 | *cert_list = | 823 | *cert_list = |
| 816 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, | 824 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, |
| 817 | i * | 825 | i * |
| 818 | sizeof | 826 | sizeof |
| 819 | (MHD_gnutls_x509_crt_t)); | 827 | (MHD_gnutls_x509_crt_t)); |
| 820 | 828 | ||
| 821 | if (*cert_list == NULL) | 829 | if (*cert_list == NULL) |
| 822 | { | 830 | { |
| @@ -836,7 +844,7 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
| 836 | 844 | ||
| 837 | ret = | 845 | ret = |
| 838 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], | 846 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], |
| 839 | &tmp, GNUTLS_X509_FMT_PEM); | 847 | &tmp, GNUTLS_X509_FMT_PEM); |
| 840 | if (ret < 0) | 848 | if (ret < 0) |
| 841 | { | 849 | { |
| 842 | MHD_gnutls_assert (); | 850 | MHD_gnutls_assert (); |
| @@ -892,8 +900,9 @@ parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
| 892 | 900 | ||
| 893 | *cert_list = | 901 | *cert_list = |
| 894 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, | 902 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, |
| 895 | i * | 903 | i * |
| 896 | sizeof (MHD_gnutls_x509_crt_t)); | 904 | sizeof |
| 905 | (MHD_gnutls_x509_crt_t)); | ||
| 897 | 906 | ||
| 898 | if (*cert_list == NULL) | 907 | if (*cert_list == NULL) |
| 899 | { | 908 | { |
| @@ -912,7 +921,8 @@ parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
| 912 | } | 921 | } |
| 913 | 922 | ||
| 914 | ret = | 923 | ret = |
| 915 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp, GNUTLS_X509_FMT_DER); | 924 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp, |
| 925 | GNUTLS_X509_FMT_DER); | ||
| 916 | if (ret < 0) | 926 | if (ret < 0) |
| 917 | { | 927 | { |
| 918 | MHD_gnutls_assert (); | 928 | MHD_gnutls_assert (); |
| @@ -945,8 +955,9 @@ parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
| 945 | **/ | 955 | **/ |
| 946 | int | 956 | int |
| 947 | MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t | 957 | MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t |
| 948 | res, const MHD_gnutls_datum_t * ca, | 958 | res, |
| 949 | MHD_gnutls_x509_crt_fmt_t type) | 959 | const MHD_gnutls_datum_t * ca, |
| 960 | MHD_gnutls_x509_crt_fmt_t type) | ||
| 950 | { | 961 | { |
| 951 | int ret, ret2; | 962 | int ret, ret2; |
| 952 | 963 | ||
| @@ -994,9 +1005,9 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
| 994 | 1005 | ||
| 995 | *crl_list = | 1006 | *crl_list = |
| 996 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, | 1007 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, |
| 997 | i * | 1008 | i * |
| 998 | sizeof | 1009 | sizeof |
| 999 | (MHD_gnutls_x509_crl_t)); | 1010 | (MHD_gnutls_x509_crl_t)); |
| 1000 | 1011 | ||
| 1001 | if (*crl_list == NULL) | 1012 | if (*crl_list == NULL) |
| 1002 | { | 1013 | { |
| @@ -1010,13 +1021,13 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
| 1010 | MHD_gnutls_assert (); | 1021 | MHD_gnutls_assert (); |
| 1011 | return ret; | 1022 | return ret; |
| 1012 | } | 1023 | } |
| 1013 | 1024 | ||
| 1014 | tmp.data = (unsigned char *) ptr; | 1025 | tmp.data = (unsigned char *) ptr; |
| 1015 | tmp.size = size; | 1026 | tmp.size = size; |
| 1016 | 1027 | ||
| 1017 | ret = | 1028 | ret = |
| 1018 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], | 1029 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], |
| 1019 | &tmp, GNUTLS_X509_FMT_PEM); | 1030 | &tmp, GNUTLS_X509_FMT_PEM); |
| 1020 | if (ret < 0) | 1031 | if (ret < 0) |
| 1021 | { | 1032 | { |
| 1022 | MHD_gnutls_assert (); | 1033 | MHD_gnutls_assert (); |
| @@ -1062,8 +1073,9 @@ parse_der_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
| 1062 | 1073 | ||
| 1063 | *crl_list = | 1074 | *crl_list = |
| 1064 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, | 1075 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, |
| 1065 | i * | 1076 | i * |
| 1066 | sizeof (MHD_gnutls_x509_crl_t)); | 1077 | sizeof |
| 1078 | (MHD_gnutls_x509_crl_t)); | ||
| 1067 | 1079 | ||
| 1068 | if (*crl_list == NULL) | 1080 | if (*crl_list == NULL) |
| 1069 | { | 1081 | { |
| @@ -1082,7 +1094,8 @@ parse_der_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
| 1082 | } | 1094 | } |
| 1083 | 1095 | ||
| 1084 | ret = | 1096 | ret = |
| 1085 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], &tmp, GNUTLS_X509_FMT_DER); | 1097 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], &tmp, |
| 1098 | GNUTLS_X509_FMT_DER); | ||
| 1086 | if (ret < 0) | 1099 | if (ret < 0) |
| 1087 | { | 1100 | { |
| 1088 | MHD_gnutls_assert (); | 1101 | MHD_gnutls_assert (); |
| @@ -1147,8 +1160,8 @@ read_crl_mem (MHD_gtls_cert_credentials_t res, const void *crl, | |||
| 1147 | **/ | 1160 | **/ |
| 1148 | int | 1161 | int |
| 1149 | MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t | 1162 | MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t |
| 1150 | res, const MHD_gnutls_datum_t * CRL, | 1163 | res, const MHD_gnutls_datum_t * CRL, |
| 1151 | MHD_gnutls_x509_crt_fmt_t type) | 1164 | MHD_gnutls_x509_crt_fmt_t type) |
| 1152 | { | 1165 | { |
| 1153 | int ret; | 1166 | int ret; |
| 1154 | 1167 | ||