diff options
Diffstat (limited to 'src/daemon/https/tls/gnutls_x509.c')
-rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 113 |
1 files changed, 63 insertions, 50 deletions
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 503bea9b..06ee8635 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -103,7 +103,7 @@ check_bits (MHD_gnutls_x509_crt_t crt, unsigned int max_bits) | |||
103 | -*/ | 103 | -*/ |
104 | int | 104 | int |
105 | MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | 105 | MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, |
106 | unsigned int *status) | 106 | unsigned int *status) |
107 | { | 107 | { |
108 | cert_auth_info_t info; | 108 | cert_auth_info_t info; |
109 | MHD_gtls_cert_credentials_t cred; | 109 | MHD_gtls_cert_credentials_t cred; |
@@ -142,7 +142,8 @@ MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | |||
142 | peer_certificate_list_size = info->ncerts; | 142 | peer_certificate_list_size = info->ncerts; |
143 | peer_certificate_list = | 143 | peer_certificate_list = |
144 | MHD_gnutls_calloc (1, | 144 | MHD_gnutls_calloc (1, |
145 | peer_certificate_list_size * sizeof (MHD_gnutls_x509_crt_t)); | 145 | peer_certificate_list_size * |
146 | sizeof (MHD_gnutls_x509_crt_t)); | ||
146 | if (peer_certificate_list == NULL) | 147 | if (peer_certificate_list == NULL) |
147 | { | 148 | { |
148 | MHD_gnutls_assert (); | 149 | MHD_gnutls_assert (); |
@@ -161,8 +162,8 @@ MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | |||
161 | 162 | ||
162 | ret = | 163 | ret = |
163 | MHD_gnutls_x509_crt_import (peer_certificate_list[i], | 164 | MHD_gnutls_x509_crt_import (peer_certificate_list[i], |
164 | &info->raw_certificate_list[i], | 165 | &info->raw_certificate_list[i], |
165 | GNUTLS_X509_FMT_DER); | 166 | GNUTLS_X509_FMT_DER); |
166 | if (ret < 0) | 167 | if (ret < 0) |
167 | { | 168 | { |
168 | MHD_gnutls_assert (); | 169 | MHD_gnutls_assert (); |
@@ -184,10 +185,10 @@ MHD__gnutls_x509_cert_verify_peers (MHD_gtls_session_t session, | |||
184 | */ | 185 | */ |
185 | ret = | 186 | ret = |
186 | MHD_gnutls_x509_crt_list_verify (peer_certificate_list, | 187 | MHD_gnutls_x509_crt_list_verify (peer_certificate_list, |
187 | peer_certificate_list_size, | 188 | peer_certificate_list_size, |
188 | cred->x509_ca_list, cred->x509_ncas, | 189 | cred->x509_ca_list, cred->x509_ncas, |
189 | cred->x509_crl_list, cred->x509_ncrls, | 190 | cred->x509_crl_list, cred->x509_ncrls, |
190 | cred->verify_flags, status); | 191 | cred->verify_flags, status); |
191 | 192 | ||
192 | CLEAR_CERTS; | 193 | CLEAR_CERTS; |
193 | 194 | ||
@@ -221,13 +222,14 @@ MHD__gnutls_check_key_cert_match (MHD_gtls_cert_credentials_t res) | |||
221 | } | 222 | } |
222 | 223 | ||
223 | MHD__gnutls_x509_write_rsa_params (res->pkey[res->ncerts - 1].params, | 224 | MHD__gnutls_x509_write_rsa_params (res->pkey[res->ncerts - 1].params, |
224 | res->pkey[res->ncerts - | 225 | res->pkey[res->ncerts - |
225 | 1].params_size, &kid); | 226 | 1].params_size, &kid); |
226 | 227 | ||
227 | 228 | ||
228 | MHD__gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0].params, | 229 | MHD__gnutls_x509_write_rsa_params (res->cert_list[res->ncerts - 1][0]. |
229 | res->cert_list[res->ncerts - | 230 | params, |
230 | 1][0].params_size, &cid); | 231 | res->cert_list[res->ncerts - |
232 | 1][0].params_size, &cid); | ||
231 | 233 | ||
232 | if (cid.size != kid.size) | 234 | if (cid.size != kid.size) |
233 | { | 235 | { |
@@ -265,7 +267,7 @@ parse_crt_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
265 | 267 | ||
266 | *cert_list = | 268 | *cert_list = |
267 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, | 269 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, |
268 | i * sizeof (MHD_gnutls_cert)); | 270 | i * sizeof (MHD_gnutls_cert)); |
269 | 271 | ||
270 | if (*cert_list == NULL) | 272 | if (*cert_list == NULL) |
271 | { | 273 | { |
@@ -286,7 +288,7 @@ parse_crt_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
286 | } | 288 | } |
287 | 289 | ||
288 | /* Reads a DER encoded certificate list from memory and stores it to | 290 | /* Reads a DER encoded certificate list from memory and stores it to |
289 | * a MHD_gnutls_cert structure. | 291 | * a MHD_gnutls_cert structure. |
290 | * Returns the number of certificates parsed. | 292 | * Returns the number of certificates parsed. |
291 | */ | 293 | */ |
292 | static int | 294 | static int |
@@ -355,7 +357,9 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
355 | do | 357 | do |
356 | { | 358 | { |
357 | 359 | ||
358 | siz2 = MHD__gnutls_fbase64_decode (NULL, (const unsigned char*) ptr, size, &ptr2); | 360 | siz2 = |
361 | MHD__gnutls_fbase64_decode (NULL, (const unsigned char *) ptr, size, | ||
362 | &ptr2); | ||
359 | 363 | ||
360 | if (siz2 < 0) | 364 | if (siz2 < 0) |
361 | { | 365 | { |
@@ -365,7 +369,8 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
365 | 369 | ||
366 | *cert_list = | 370 | *cert_list = |
367 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, | 371 | (MHD_gnutls_cert *) MHD_gtls_realloc_fast (*cert_list, |
368 | i * sizeof (MHD_gnutls_cert)); | 372 | i * |
373 | sizeof (MHD_gnutls_cert)); | ||
369 | 374 | ||
370 | if (*cert_list == NULL) | 375 | if (*cert_list == NULL) |
371 | { | 376 | { |
@@ -382,7 +387,7 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
382 | MHD_gnutls_assert (); | 387 | MHD_gnutls_assert (); |
383 | return ret; | 388 | return ret; |
384 | } | 389 | } |
385 | MHD__gnutls_free_datum (&tmp); /* free ptr2 */ | 390 | MHD__gnutls_free_datum (&tmp); /* free ptr2 */ |
386 | 391 | ||
387 | /* now we move ptr after the pem header | 392 | /* now we move ptr after the pem header |
388 | */ | 393 | */ |
@@ -453,8 +458,8 @@ read_cert_mem (MHD_gtls_cert_credentials_t res, const void *cert, | |||
453 | 458 | ||
454 | if (type == GNUTLS_X509_FMT_DER) | 459 | if (type == GNUTLS_X509_FMT_DER) |
455 | ret = parse_der_cert_mem (&res->cert_list[res->ncerts], | 460 | ret = parse_der_cert_mem (&res->cert_list[res->ncerts], |
456 | &res->cert_list_length[res->ncerts], | 461 | &res->cert_list_length[res->ncerts], |
457 | cert, cert_size); | 462 | cert, cert_size); |
458 | else | 463 | else |
459 | ret = | 464 | ret = |
460 | parse_pem_cert_mem (&res->cert_list[res->ncerts], | 465 | parse_pem_cert_mem (&res->cert_list[res->ncerts], |
@@ -473,7 +478,7 @@ read_cert_mem (MHD_gtls_cert_credentials_t res, const void *cert, | |||
473 | 478 | ||
474 | int | 479 | int |
475 | MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * dest, | 480 | MHD__gnutls_x509_privkey_to_gkey (MHD_gnutls_privkey * dest, |
476 | MHD_gnutls_x509_privkey_t src) | 481 | MHD_gnutls_x509_privkey_t src) |
477 | { | 482 | { |
478 | int i, ret; | 483 | int i, ret; |
479 | 484 | ||
@@ -519,8 +524,8 @@ MHD_gtls_gkey_deinit (MHD_gnutls_privkey * key) | |||
519 | 524 | ||
520 | int | 525 | int |
521 | MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, | 526 | MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, |
522 | const MHD_gnutls_datum_t * raw_key, | 527 | const MHD_gnutls_datum_t * raw_key, |
523 | MHD_gnutls_x509_crt_fmt_t type) | 528 | MHD_gnutls_x509_crt_fmt_t type) |
524 | { | 529 | { |
525 | MHD_gnutls_x509_privkey_t tmpkey; | 530 | MHD_gnutls_x509_privkey_t tmpkey; |
526 | int ret; | 531 | int ret; |
@@ -539,7 +544,7 @@ MHD__gnutls_x509_raw_privkey_to_gkey (MHD_gnutls_privkey * privkey, | |||
539 | if (ret < 0) | 544 | if (ret < 0) |
540 | ret = | 545 | ret = |
541 | MHD_gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type, NULL, | 546 | MHD_gnutls_x509_privkey_import_pkcs8 (tmpkey, raw_key, type, NULL, |
542 | GNUTLS_PKCS_PLAIN); | 547 | GNUTLS_PKCS_PLAIN); |
543 | #endif | 548 | #endif |
544 | 549 | ||
545 | if (ret < 0) | 550 | if (ret < 0) |
@@ -591,7 +596,7 @@ read_key_mem (MHD_gtls_cert_credentials_t res, | |||
591 | 596 | ||
592 | ret = | 597 | ret = |
593 | MHD__gnutls_x509_raw_privkey_to_gkey (&res->pkey[res->ncerts], &tmp, | 598 | MHD__gnutls_x509_raw_privkey_to_gkey (&res->pkey[res->ncerts], &tmp, |
594 | type); | 599 | type); |
595 | if (ret < 0) | 600 | if (ret < 0) |
596 | { | 601 | { |
597 | MHD_gnutls_assert (); | 602 | MHD_gnutls_assert (); |
@@ -636,9 +641,10 @@ read_key_mem (MHD_gtls_cert_credentials_t res, | |||
636 | **/ | 641 | **/ |
637 | int | 642 | int |
638 | MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t | 643 | MHD__gnutls_certificate_set_x509_key_mem (MHD_gtls_cert_credentials_t |
639 | res, const MHD_gnutls_datum_t * cert, | 644 | res, |
640 | const MHD_gnutls_datum_t * key, | 645 | const MHD_gnutls_datum_t * cert, |
641 | MHD_gnutls_x509_crt_fmt_t type) | 646 | const MHD_gnutls_datum_t * key, |
647 | MHD_gnutls_x509_crt_fmt_t type) | ||
642 | { | 648 | { |
643 | int ret; | 649 | int ret; |
644 | 650 | ||
@@ -684,7 +690,8 @@ generate_rdn_seq (MHD_gtls_cert_credentials_t res) | |||
684 | size = 0; | 690 | size = 0; |
685 | for (i = 0; i < res->x509_ncas; i++) | 691 | for (i = 0; i < res->x509_ncas; i++) |
686 | { | 692 | { |
687 | if ((ret = MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | 693 | if ((ret = |
694 | MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | ||
688 | { | 695 | { |
689 | MHD_gnutls_assert (); | 696 | MHD_gnutls_assert (); |
690 | return ret; | 697 | return ret; |
@@ -708,7 +715,8 @@ generate_rdn_seq (MHD_gtls_cert_credentials_t res) | |||
708 | 715 | ||
709 | for (i = 0; i < res->x509_ncas; i++) | 716 | for (i = 0; i < res->x509_ncas; i++) |
710 | { | 717 | { |
711 | if ((ret = MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | 718 | if ((ret = |
719 | MHD_gnutls_x509_crt_get_raw_dn (res->x509_ca_list[i], &tmp)) < 0) | ||
712 | { | 720 | { |
713 | MHD__gnutls_free_datum (&res->x509_rdn_sequence); | 721 | MHD__gnutls_free_datum (&res->x509_rdn_sequence); |
714 | MHD_gnutls_assert (); | 722 | MHD_gnutls_assert (); |
@@ -728,7 +736,7 @@ generate_rdn_seq (MHD_gtls_cert_credentials_t res) | |||
728 | */ | 736 | */ |
729 | int | 737 | int |
730 | MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, | 738 | MHD__gnutls_check_key_usage (const MHD_gnutls_cert * cert, |
731 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg) | 739 | enum MHD_GNUTLS_KeyExchangeAlgorithm alg) |
732 | { | 740 | { |
733 | unsigned int key_usage = 0; | 741 | unsigned int key_usage = 0; |
734 | int encipher_type; | 742 | int encipher_type; |
@@ -814,9 +822,9 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
814 | 822 | ||
815 | *cert_list = | 823 | *cert_list = |
816 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, | 824 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, |
817 | i * | 825 | i * |
818 | sizeof | 826 | sizeof |
819 | (MHD_gnutls_x509_crt_t)); | 827 | (MHD_gnutls_x509_crt_t)); |
820 | 828 | ||
821 | if (*cert_list == NULL) | 829 | if (*cert_list == NULL) |
822 | { | 830 | { |
@@ -836,7 +844,7 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
836 | 844 | ||
837 | ret = | 845 | ret = |
838 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], | 846 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], |
839 | &tmp, GNUTLS_X509_FMT_PEM); | 847 | &tmp, GNUTLS_X509_FMT_PEM); |
840 | if (ret < 0) | 848 | if (ret < 0) |
841 | { | 849 | { |
842 | MHD_gnutls_assert (); | 850 | MHD_gnutls_assert (); |
@@ -892,8 +900,9 @@ parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
892 | 900 | ||
893 | *cert_list = | 901 | *cert_list = |
894 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, | 902 | (MHD_gnutls_x509_crt_t *) MHD_gtls_realloc_fast (*cert_list, |
895 | i * | 903 | i * |
896 | sizeof (MHD_gnutls_x509_crt_t)); | 904 | sizeof |
905 | (MHD_gnutls_x509_crt_t)); | ||
897 | 906 | ||
898 | if (*cert_list == NULL) | 907 | if (*cert_list == NULL) |
899 | { | 908 | { |
@@ -912,7 +921,8 @@ parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
912 | } | 921 | } |
913 | 922 | ||
914 | ret = | 923 | ret = |
915 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp, GNUTLS_X509_FMT_DER); | 924 | MHD_gnutls_x509_crt_import (cert_list[0][i - 1], &tmp, |
925 | GNUTLS_X509_FMT_DER); | ||
916 | if (ret < 0) | 926 | if (ret < 0) |
917 | { | 927 | { |
918 | MHD_gnutls_assert (); | 928 | MHD_gnutls_assert (); |
@@ -945,8 +955,9 @@ parse_der_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
945 | **/ | 955 | **/ |
946 | int | 956 | int |
947 | MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t | 957 | MHD__gnutls_certificate_set_x509_trust_mem (MHD_gtls_cert_credentials_t |
948 | res, const MHD_gnutls_datum_t * ca, | 958 | res, |
949 | MHD_gnutls_x509_crt_fmt_t type) | 959 | const MHD_gnutls_datum_t * ca, |
960 | MHD_gnutls_x509_crt_fmt_t type) | ||
950 | { | 961 | { |
951 | int ret, ret2; | 962 | int ret, ret2; |
952 | 963 | ||
@@ -994,9 +1005,9 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
994 | 1005 | ||
995 | *crl_list = | 1006 | *crl_list = |
996 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, | 1007 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, |
997 | i * | 1008 | i * |
998 | sizeof | 1009 | sizeof |
999 | (MHD_gnutls_x509_crl_t)); | 1010 | (MHD_gnutls_x509_crl_t)); |
1000 | 1011 | ||
1001 | if (*crl_list == NULL) | 1012 | if (*crl_list == NULL) |
1002 | { | 1013 | { |
@@ -1010,13 +1021,13 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1010 | MHD_gnutls_assert (); | 1021 | MHD_gnutls_assert (); |
1011 | return ret; | 1022 | return ret; |
1012 | } | 1023 | } |
1013 | 1024 | ||
1014 | tmp.data = (unsigned char *) ptr; | 1025 | tmp.data = (unsigned char *) ptr; |
1015 | tmp.size = size; | 1026 | tmp.size = size; |
1016 | 1027 | ||
1017 | ret = | 1028 | ret = |
1018 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], | 1029 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], |
1019 | &tmp, GNUTLS_X509_FMT_PEM); | 1030 | &tmp, GNUTLS_X509_FMT_PEM); |
1020 | if (ret < 0) | 1031 | if (ret < 0) |
1021 | { | 1032 | { |
1022 | MHD_gnutls_assert (); | 1033 | MHD_gnutls_assert (); |
@@ -1062,8 +1073,9 @@ parse_der_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1062 | 1073 | ||
1063 | *crl_list = | 1074 | *crl_list = |
1064 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, | 1075 | (MHD_gnutls_x509_crl_t *) MHD_gtls_realloc_fast (*crl_list, |
1065 | i * | 1076 | i * |
1066 | sizeof (MHD_gnutls_x509_crl_t)); | 1077 | sizeof |
1078 | (MHD_gnutls_x509_crl_t)); | ||
1067 | 1079 | ||
1068 | if (*crl_list == NULL) | 1080 | if (*crl_list == NULL) |
1069 | { | 1081 | { |
@@ -1082,7 +1094,8 @@ parse_der_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1082 | } | 1094 | } |
1083 | 1095 | ||
1084 | ret = | 1096 | ret = |
1085 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], &tmp, GNUTLS_X509_FMT_DER); | 1097 | MHD_gnutls_x509_crl_import (crl_list[0][i - 1], &tmp, |
1098 | GNUTLS_X509_FMT_DER); | ||
1086 | if (ret < 0) | 1099 | if (ret < 0) |
1087 | { | 1100 | { |
1088 | MHD_gnutls_assert (); | 1101 | MHD_gnutls_assert (); |
@@ -1147,8 +1160,8 @@ read_crl_mem (MHD_gtls_cert_credentials_t res, const void *crl, | |||
1147 | **/ | 1160 | **/ |
1148 | int | 1161 | int |
1149 | MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t | 1162 | MHD__gnutls_certificate_set_x509_crl_mem (MHD_gtls_cert_credentials_t |
1150 | res, const MHD_gnutls_datum_t * CRL, | 1163 | res, const MHD_gnutls_datum_t * CRL, |
1151 | MHD_gnutls_x509_crt_fmt_t type) | 1164 | MHD_gnutls_x509_crt_fmt_t type) |
1152 | { | 1165 | { |
1153 | int ret; | 1166 | int ret; |
1154 | 1167 | ||