diff options
Diffstat (limited to 'src/daemon/https/tls')
-rw-r--r-- | src/daemon/https/tls/auth_cert.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/auth_rsa.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/debug.c | 2 | ||||
-rw-r--r-- | src/daemon/https/tls/ext_cert_type.c | 3 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_cipher.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_cipher_int.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_compress_int.c | 18 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_constate.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_hash_int.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_pk.c | 4 | ||||
-rw-r--r-- | src/daemon/https/tls/gnutls_x509.c | 21 | ||||
-rw-r--r-- | src/daemon/https/tls/x509_b64.c | 233 | ||||
-rw-r--r-- | src/daemon/https/tls/x509_b64.h | 2 |
13 files changed, 63 insertions, 244 deletions
diff --git a/src/daemon/https/tls/auth_cert.c b/src/daemon/https/tls/auth_cert.c index f3bbeba9..6f34a120 100644 --- a/src/daemon/https/tls/auth_cert.c +++ b/src/daemon/https/tls/auth_cert.c | |||
@@ -808,9 +808,9 @@ MHD__gnutls_check_supported_sign_algo (CertificateSigType algo) | |||
808 | { | 808 | { |
809 | case RSA_SIGN: | 809 | case RSA_SIGN: |
810 | return MHD_GNUTLS_PK_RSA; | 810 | return MHD_GNUTLS_PK_RSA; |
811 | default: | ||
812 | return -1; | ||
811 | } | 813 | } |
812 | |||
813 | return -1; | ||
814 | } | 814 | } |
815 | 815 | ||
816 | int | 816 | int |
diff --git a/src/daemon/https/tls/auth_rsa.c b/src/daemon/https/tls/auth_rsa.c index 7a66eae6..97f1901d 100644 --- a/src/daemon/https/tls/auth_rsa.c +++ b/src/daemon/https/tls/auth_rsa.c | |||
@@ -291,7 +291,7 @@ MHD__gnutls_proc_rsa_client_kx (MHD_gtls_session_t session, opaque * data, | |||
291 | 291 | ||
292 | /* we do not need strong random numbers here. | 292 | /* we do not need strong random numbers here. |
293 | */ | 293 | */ |
294 | if (MHD_gc_nonce (session->key->key.data, session->key->key.size) != GC_OK) | 294 | if (MHD_gc_nonce ((char*) session->key->key.data, session->key->key.size) != GC_OK) |
295 | { | 295 | { |
296 | MHD_gnutls_assert (); | 296 | MHD_gnutls_assert (); |
297 | return GNUTLS_E_RANDOM_FAILED; | 297 | return GNUTLS_E_RANDOM_FAILED; |
@@ -352,7 +352,7 @@ MHD__gnutls_gen_rsa_client_kx (MHD_gtls_session_t session, opaque ** data) | |||
352 | return GNUTLS_E_MEMORY_ERROR; | 352 | return GNUTLS_E_MEMORY_ERROR; |
353 | } | 353 | } |
354 | 354 | ||
355 | if (MHD_gc_pseudo_random (session->key->key.data, | 355 | if (MHD_gc_pseudo_random ((char*) session->key->key.data, |
356 | session->key->key.size) != GC_OK) | 356 | session->key->key.size) != GC_OK) |
357 | { | 357 | { |
358 | MHD_gnutls_assert (); | 358 | MHD_gnutls_assert (); |
diff --git a/src/daemon/https/tls/debug.c b/src/daemon/https/tls/debug.c index 21cd945f..b7408e39 100644 --- a/src/daemon/https/tls/debug.c +++ b/src/daemon/https/tls/debug.c | |||
@@ -123,6 +123,6 @@ MHD__gnutls_dump_mpi (const char *prefix, mpi_t a) | |||
123 | size_t n = sizeof buf; | 123 | size_t n = sizeof buf; |
124 | 124 | ||
125 | if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, n, &n, a)) | 125 | if (gcry_mpi_print (GCRYMPI_FMT_HEX, buf, n, &n, a)) |
126 | strcpy (buf, "[can't print value]"); /* Flawfinder: ignore */ | 126 | strcpy ((char*) buf, "[can't print value]"); /* Flawfinder: ignore */ |
127 | MHD__gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix, buf); | 127 | MHD__gnutls_hard_log ("MPI: length: %d\n\t%s%s\n", (n - 1) / 2, prefix, buf); |
128 | } | 128 | } |
diff --git a/src/daemon/https/tls/ext_cert_type.c b/src/daemon/https/tls/ext_cert_type.c index 4feeb18f..a104b00b 100644 --- a/src/daemon/https/tls/ext_cert_type.c +++ b/src/daemon/https/tls/ext_cert_type.c | |||
@@ -147,10 +147,11 @@ int | |||
147 | MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data, | 147 | MHD_gtls_cert_type_send_params (MHD_gtls_session_t session, opaque * data, |
148 | size_t data_size) | 148 | size_t data_size) |
149 | { | 149 | { |
150 | unsigned len, i; | 150 | unsigned int len; |
151 | 151 | ||
152 | /* this function sends the client extension data (dnsname) */ | 152 | /* this function sends the client extension data (dnsname) */ |
153 | #if MHD_DEBUG_TLS | 153 | #if MHD_DEBUG_TLS |
154 | unsigned int i; | ||
154 | if (session->security_parameters.entity == GNUTLS_CLIENT) | 155 | if (session->security_parameters.entity == GNUTLS_CLIENT) |
155 | { | 156 | { |
156 | 157 | ||
diff --git a/src/daemon/https/tls/gnutls_cipher.c b/src/daemon/https/tls/gnutls_cipher.c index 94e87eb3..9ff19759 100644 --- a/src/daemon/https/tls/gnutls_cipher.c +++ b/src/daemon/https/tls/gnutls_cipher.c | |||
@@ -244,7 +244,7 @@ calc_enc_length (MHD_gtls_session_t session, int data_size, | |||
244 | 244 | ||
245 | break; | 245 | break; |
246 | case CIPHER_BLOCK: | 246 | case CIPHER_BLOCK: |
247 | if (MHD_gc_nonce (&rnd, 1) != GC_OK) | 247 | if (MHD_gc_nonce ((char*) &rnd, 1) != GC_OK) |
248 | { | 248 | { |
249 | MHD_gnutls_assert (); | 249 | MHD_gnutls_assert (); |
250 | return GNUTLS_E_RANDOM_FAILED; | 250 | return GNUTLS_E_RANDOM_FAILED; |
@@ -377,7 +377,7 @@ MHD_gtls_compressed2ciphertext (MHD_gtls_session_t session, | |||
377 | { | 377 | { |
378 | /* copy the random IV. | 378 | /* copy the random IV. |
379 | */ | 379 | */ |
380 | if (MHD_gc_nonce (data_ptr, blocksize) != GC_OK) | 380 | if (MHD_gc_nonce ((char*) data_ptr, blocksize) != GC_OK) |
381 | { | 381 | { |
382 | MHD_gnutls_assert (); | 382 | MHD_gnutls_assert (); |
383 | return GNUTLS_E_RANDOM_FAILED; | 383 | return GNUTLS_E_RANDOM_FAILED; |
diff --git a/src/daemon/https/tls/gnutls_cipher_int.c b/src/daemon/https/tls/gnutls_cipher_int.c index fef2c1d9..21fda10c 100644 --- a/src/daemon/https/tls/gnutls_cipher_int.c +++ b/src/daemon/https/tls/gnutls_cipher_int.c | |||
@@ -80,9 +80,9 @@ MHD_gtls_cipher_init (enum MHD_GNUTLS_CipherAlgorithm cipher, | |||
80 | 80 | ||
81 | if (err == 0) | 81 | if (err == 0) |
82 | { | 82 | { |
83 | MHD_gc_cipher_setkey (ret, key->size, key->data); | 83 | MHD_gc_cipher_setkey (ret, key->size, (const char*) key->data); |
84 | if (iv->data != NULL && iv->size > 0) | 84 | if (iv->data != NULL && iv->size > 0) |
85 | MHD_gc_cipher_setiv (ret, iv->size, iv->data); | 85 | MHD_gc_cipher_setiv (ret, iv->size, (const char*) iv->data); |
86 | } | 86 | } |
87 | else if (cipher != MHD_GNUTLS_CIPHER_NULL) | 87 | else if (cipher != MHD_GNUTLS_CIPHER_NULL) |
88 | { | 88 | { |
diff --git a/src/daemon/https/tls/gnutls_compress_int.c b/src/daemon/https/tls/gnutls_compress_int.c index 6b97fac4..07ffd5e1 100644 --- a/src/daemon/https/tls/gnutls_compress_int.c +++ b/src/daemon/https/tls/gnutls_compress_int.c | |||
@@ -52,6 +52,7 @@ MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod method, int d) | |||
52 | { | 52 | { |
53 | int window_bits, mem_level; | 53 | int window_bits, mem_level; |
54 | int comp_level; | 54 | int comp_level; |
55 | int err; | ||
55 | z_stream *zhandle; | 56 | z_stream *zhandle; |
56 | 57 | ||
57 | window_bits = MHD_gtls_compression_get_wbits (method); | 58 | window_bits = MHD_gtls_compression_get_wbits (method); |
@@ -73,12 +74,10 @@ MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod method, int d) | |||
73 | 74 | ||
74 | if (d) | 75 | if (d) |
75 | err = inflateInit2 (zhandle, window_bits); | 76 | err = inflateInit2 (zhandle, window_bits); |
76 | else | 77 | else |
77 | { | 78 | err = deflateInit2 (zhandle, |
78 | err = deflateInit2 (zhandle, | 79 | comp_level, Z_DEFLATED, |
79 | comp_level, Z_DEFLATED, | 80 | window_bits, mem_level, Z_DEFAULT_STRATEGY); |
80 | window_bits, mem_level, Z_DEFAULT_STRATEGY); | ||
81 | } | ||
82 | if (err != Z_OK) | 81 | if (err != Z_OK) |
83 | { | 82 | { |
84 | MHD_gnutls_assert (); | 83 | MHD_gnutls_assert (); |
@@ -90,6 +89,9 @@ MHD_gtls_comp_init (enum MHD_GNUTLS_CompressionMethod method, int d) | |||
90 | #endif | 89 | #endif |
91 | case MHD_GNUTLS_COMP_NULL: | 90 | case MHD_GNUTLS_COMP_NULL: |
92 | break; | 91 | break; |
92 | default: | ||
93 | /* not supported! */ | ||
94 | goto cleanup_ret; | ||
93 | } | 95 | } |
94 | return ret; | 96 | return ret; |
95 | 97 | ||
@@ -109,6 +111,7 @@ MHD_gtls_comp_deinit (comp_hd_t handle, int d) | |||
109 | switch (handle->algo) | 111 | switch (handle->algo) |
110 | { | 112 | { |
111 | #ifdef HAVE_LIBZ | 113 | #ifdef HAVE_LIBZ |
114 | int err; | ||
112 | case MHD_GNUTLS_COMP_DEFLATE: | 115 | case MHD_GNUTLS_COMP_DEFLATE: |
113 | if (d) | 116 | if (d) |
114 | err = inflateEnd (handle->handle); | 117 | err = inflateEnd (handle->handle); |
@@ -151,6 +154,7 @@ MHD_gtls_compress (comp_hd_t handle, const opaque * plain, | |||
151 | { | 154 | { |
152 | uLongf size; | 155 | uLongf size; |
153 | z_stream *zhandle; | 156 | z_stream *zhandle; |
157 | int err; | ||
154 | 158 | ||
155 | size = (plain_size + plain_size) + 10; | 159 | size = (plain_size + plain_size) + 10; |
156 | *compressed = MHD_gnutls_malloc (size); | 160 | *compressed = MHD_gnutls_malloc (size); |
@@ -230,8 +234,10 @@ MHD_gtls_decompress (comp_hd_t handle, opaque * compressed, | |||
230 | #ifdef HAVE_LIBZ | 234 | #ifdef HAVE_LIBZ |
231 | case MHD_GNUTLS_COMP_DEFLATE: | 235 | case MHD_GNUTLS_COMP_DEFLATE: |
232 | { | 236 | { |
237 | int err; | ||
233 | uLongf out_size; | 238 | uLongf out_size; |
234 | z_stream *zhandle; | 239 | z_stream *zhandle; |
240 | unsigned int cur_pos; | ||
235 | 241 | ||
236 | *plain = NULL; | 242 | *plain = NULL; |
237 | out_size = compressed_size + compressed_size; | 243 | out_size = compressed_size + compressed_size; |
diff --git a/src/daemon/https/tls/gnutls_constate.c b/src/daemon/https/tls/gnutls_constate.c index e38b720f..41aff98c 100644 --- a/src/daemon/https/tls/gnutls_constate.c +++ b/src/daemon/https/tls/gnutls_constate.c | |||
@@ -107,7 +107,7 @@ MHD__gnutls_set_keys (MHD_gtls_session_t session, int hash_size, int IV_size, | |||
107 | else | 107 | else |
108 | { /* TLS 1.0 */ | 108 | { /* TLS 1.0 */ |
109 | ret = | 109 | ret = |
110 | MHD_gtls_PRF (session, session->security_parameters.master_secret, | 110 | MHD_gtls_PRF (session, (const unsigned char*) session->security_parameters.master_secret, |
111 | TLS_MASTER_SIZE, keyexp, keyexp_length, | 111 | TLS_MASTER_SIZE, keyexp, keyexp_length, |
112 | rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); | 112 | rnd, 2 * TLS_RANDOM_SIZE, block_size, key_block); |
113 | } | 113 | } |
@@ -342,7 +342,7 @@ MHD__gnutls_set_keys (MHD_gtls_session_t session, int hash_size, int IV_size, | |||
342 | } | 342 | } |
343 | else | 343 | else |
344 | { /* TLS 1.0 */ | 344 | { /* TLS 1.0 */ |
345 | ret = MHD_gtls_PRF (session, "", 0, | 345 | ret = MHD_gtls_PRF (session, (const unsigned char*) "", 0, |
346 | ivblock, ivblock_length, rrnd, | 346 | ivblock, ivblock_length, rrnd, |
347 | 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); | 347 | 2 * TLS_RANDOM_SIZE, IV_size * 2, iv_block); |
348 | } | 348 | } |
diff --git a/src/daemon/https/tls/gnutls_hash_int.c b/src/daemon/https/tls/gnutls_hash_int.c index 158f0843..97b6680d 100644 --- a/src/daemon/https/tls/gnutls_hash_int.c +++ b/src/daemon/https/tls/gnutls_hash_int.c | |||
@@ -133,7 +133,7 @@ MHD_gnutls_hash_deinit (GNUTLS_HASH_HANDLE handle, void *digest) | |||
133 | 133 | ||
134 | maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); | 134 | maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); |
135 | 135 | ||
136 | mac = MHD_gc_hash_read (handle->handle); | 136 | mac = (unsigned char*) MHD_gc_hash_read (handle->handle); |
137 | if (digest != NULL) | 137 | if (digest != NULL) |
138 | memcpy (digest, mac, maclen); | 138 | memcpy (digest, mac, maclen); |
139 | 139 | ||
@@ -178,7 +178,7 @@ MHD_gnutls_MHD_hmac_deinit (mac_hd_t handle, void *digest) | |||
178 | 178 | ||
179 | maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); | 179 | maclen = MHD_gnutls_hash_get_algo_len (handle->algorithm); |
180 | 180 | ||
181 | mac = MHD_gc_hash_read (handle->handle); | 181 | mac = (unsigned char*) MHD_gc_hash_read (handle->handle); |
182 | 182 | ||
183 | if (digest != NULL) | 183 | if (digest != NULL) |
184 | memcpy (digest, mac, maclen); | 184 | memcpy (digest, mac, maclen); |
diff --git a/src/daemon/https/tls/gnutls_pk.c b/src/daemon/https/tls/gnutls_pk.c index 53bc6394..c4ec508a 100644 --- a/src/daemon/https/tls/gnutls_pk.c +++ b/src/daemon/https/tls/gnutls_pk.c | |||
@@ -104,7 +104,7 @@ MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext, | |||
104 | return GNUTLS_E_INTERNAL_ERROR; | 104 | return GNUTLS_E_INTERNAL_ERROR; |
105 | } | 105 | } |
106 | 106 | ||
107 | if (MHD_gc_pseudo_random (ps, psize) != GC_OK) | 107 | if (MHD_gc_pseudo_random ((char*)ps, psize) != GC_OK) |
108 | { | 108 | { |
109 | MHD_gnutls_assert (); | 109 | MHD_gnutls_assert (); |
110 | MHD_gnutls_afree (edata); | 110 | MHD_gnutls_afree (edata); |
@@ -113,7 +113,7 @@ MHD_gtls_pkcs1_rsa_encrypt (MHD_gnutls_datum_t * ciphertext, | |||
113 | for (i = 0; i < psize; i++) | 113 | for (i = 0; i < psize; i++) |
114 | while (ps[i] == 0) | 114 | while (ps[i] == 0) |
115 | { | 115 | { |
116 | if (MHD_gc_pseudo_random (&ps[i], 1) != GC_OK) | 116 | if (MHD_gc_pseudo_random ((char*) &ps[i], 1) != GC_OK) |
117 | { | 117 | { |
118 | MHD_gnutls_assert (); | 118 | MHD_gnutls_assert (); |
119 | MHD_gnutls_afree (edata); | 119 | MHD_gnutls_afree (edata); |
diff --git a/src/daemon/https/tls/gnutls_x509.c b/src/daemon/https/tls/gnutls_x509.c index 183f12ba..503bea9b 100644 --- a/src/daemon/https/tls/gnutls_x509.c +++ b/src/daemon/https/tls/gnutls_x509.c | |||
@@ -46,7 +46,6 @@ | |||
46 | #include <sys/stat.h> | 46 | #include <sys/stat.h> |
47 | #include <fcntl.h> | 47 | #include <fcntl.h> |
48 | 48 | ||
49 | |||
50 | /* x509 */ | 49 | /* x509 */ |
51 | #include "common.h" | 50 | #include "common.h" |
52 | #include "x509.h" | 51 | #include "x509.h" |
@@ -337,10 +336,10 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
337 | 336 | ||
338 | /* move to the certificate | 337 | /* move to the certificate |
339 | */ | 338 | */ |
340 | ptr = MHD_memmem (input_cert, input_cert_size, | 339 | ptr = memmem (input_cert, input_cert_size, |
341 | PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | 340 | PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); |
342 | if (ptr == NULL) | 341 | if (ptr == NULL) |
343 | ptr = MHD_memmem (input_cert, input_cert_size, | 342 | ptr = memmem (input_cert, input_cert_size, |
344 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | 343 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); |
345 | 344 | ||
346 | if (ptr == NULL) | 345 | if (ptr == NULL) |
@@ -396,9 +395,9 @@ parse_pem_cert_mem (MHD_gnutls_cert ** cert_list, unsigned *ncerts, | |||
396 | { | 395 | { |
397 | char *ptr3; | 396 | char *ptr3; |
398 | 397 | ||
399 | ptr3 = MHD_memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | 398 | ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); |
400 | if (ptr3 == NULL) | 399 | if (ptr3 == NULL) |
401 | ptr3 = MHD_memmem (ptr, size, PEM_CERT_SEP2, | 400 | ptr3 = memmem (ptr, size, PEM_CERT_SEP2, |
402 | sizeof (PEM_CERT_SEP2) - 1); | 401 | sizeof (PEM_CERT_SEP2) - 1); |
403 | 402 | ||
404 | ptr = ptr3; | 403 | ptr = ptr3; |
@@ -794,10 +793,10 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
794 | 793 | ||
795 | /* move to the certificate | 794 | /* move to the certificate |
796 | */ | 795 | */ |
797 | ptr = MHD_memmem (input_cert, input_cert_size, | 796 | ptr = memmem (input_cert, input_cert_size, |
798 | PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | 797 | PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); |
799 | if (ptr == NULL) | 798 | if (ptr == NULL) |
800 | ptr = MHD_memmem (input_cert, input_cert_size, | 799 | ptr = memmem (input_cert, input_cert_size, |
801 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | 800 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); |
802 | 801 | ||
803 | if (ptr == NULL) | 802 | if (ptr == NULL) |
@@ -855,9 +854,9 @@ parse_pem_ca_mem (MHD_gnutls_x509_crt_t ** cert_list, unsigned *ncerts, | |||
855 | { | 854 | { |
856 | char *ptr3; | 855 | char *ptr3; |
857 | 856 | ||
858 | ptr3 = MHD_memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); | 857 | ptr3 = memmem (ptr, size, PEM_CERT_SEP, sizeof (PEM_CERT_SEP) - 1); |
859 | if (ptr3 == NULL) | 858 | if (ptr3 == NULL) |
860 | ptr3 = MHD_memmem (ptr, size, | 859 | ptr3 = memmem (ptr, size, |
861 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); | 860 | PEM_CERT_SEP2, sizeof (PEM_CERT_SEP2) - 1); |
862 | 861 | ||
863 | ptr = (const opaque *) ptr3; | 862 | ptr = (const opaque *) ptr3; |
@@ -977,7 +976,7 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
977 | 976 | ||
978 | /* move to the certificate | 977 | /* move to the certificate |
979 | */ | 978 | */ |
980 | ptr = MHD_memmem (input_crl, input_crl_size, | 979 | ptr = memmem (input_crl, input_crl_size, |
981 | PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); | 980 | PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); |
982 | if (ptr == NULL) | 981 | if (ptr == NULL) |
983 | { | 982 | { |
@@ -1033,7 +1032,7 @@ parse_pem_crl_mem (MHD_gnutls_x509_crl_t ** crl_list, unsigned *ncrls, | |||
1033 | size = input_crl_size - (ptr - input_crl); | 1032 | size = input_crl_size - (ptr - input_crl); |
1034 | 1033 | ||
1035 | if (size > 0) | 1034 | if (size > 0) |
1036 | ptr = MHD_memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); | 1035 | ptr = memmem (ptr, size, PEM_CRL_SEP, sizeof (PEM_CRL_SEP) - 1); |
1037 | else | 1036 | else |
1038 | ptr = NULL; | 1037 | ptr = NULL; |
1039 | i++; | 1038 | i++; |
diff --git a/src/daemon/https/tls/x509_b64.c b/src/daemon/https/tls/x509_b64.c index b19e301f..abe3fb40 100644 --- a/src/daemon/https/tls/x509_b64.c +++ b/src/daemon/https/tls/x509_b64.c | |||
@@ -58,6 +58,17 @@ static const uint8_t asciitable[128] = { | |||
58 | 0xff, 0xff | 58 | 0xff, 0xff |
59 | }; | 59 | }; |
60 | 60 | ||
61 | #define INCR(what, size) \ | ||
62 | do { \ | ||
63 | what+=size; \ | ||
64 | if (what > ret) { \ | ||
65 | MHD_gnutls_assert(); \ | ||
66 | MHD_gnutls_free( (*result)); *result = NULL; \ | ||
67 | return GNUTLS_E_INTERNAL_ERROR; \ | ||
68 | } \ | ||
69 | } while(0) | ||
70 | |||
71 | |||
61 | inline static int | 72 | inline static int |
62 | encode (char *result, const uint8_t * data, int left) | 73 | encode (char *result, const uint8_t * data, int left) |
63 | { | 74 | { |
@@ -139,48 +150,6 @@ decode (uint8_t * result, const opaque * data) | |||
139 | } | 150 | } |
140 | 151 | ||
141 | /* encodes data and puts the result into result (locally allocated) | 152 | /* encodes data and puts the result into result (locally allocated) |
142 | * The result_size is the return value | ||
143 | */ | ||
144 | int | ||
145 | MHD__gnutls_base64_encode (const uint8_t * data, size_t data_size, | ||
146 | uint8_t ** result) | ||
147 | { | ||
148 | unsigned int i, j; | ||
149 | int ret, tmp; | ||
150 | char tmpres[4]; | ||
151 | |||
152 | ret = B64SIZE (data_size); | ||
153 | |||
154 | (*result) = MHD_gnutls_malloc (ret + 1); | ||
155 | if ((*result) == NULL) | ||
156 | return GNUTLS_E_MEMORY_ERROR; | ||
157 | |||
158 | for (i = j = 0; i < data_size; i += 3, j += 4) | ||
159 | { | ||
160 | tmp = encode (tmpres, &data[i], data_size - i); | ||
161 | if (tmp == -1) | ||
162 | { | ||
163 | MHD_gnutls_free ((*result)); | ||
164 | return GNUTLS_E_MEMORY_ERROR; | ||
165 | } | ||
166 | memcpy (&(*result)[j], tmpres, tmp); | ||
167 | } | ||
168 | (*result)[ret] = 0; /* null terminated */ | ||
169 | |||
170 | return ret; | ||
171 | } | ||
172 | |||
173 | #define INCR(what, size) \ | ||
174 | do { \ | ||
175 | what+=size; \ | ||
176 | if (what > ret) { \ | ||
177 | MHD_gnutls_assert(); \ | ||
178 | MHD_gnutls_free( (*result)); *result = NULL; \ | ||
179 | return GNUTLS_E_INTERNAL_ERROR; \ | ||
180 | } \ | ||
181 | } while(0) | ||
182 | |||
183 | /* encodes data and puts the result into result (locally allocated) | ||
184 | * The result_size (including the null terminator) is the return value. | 153 | * The result_size (including the null terminator) is the return value. |
185 | */ | 154 | */ |
186 | int | 155 | int |
@@ -204,16 +173,16 @@ MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, | |||
204 | memset (bottom, 0, sizeof (bottom)); | 173 | memset (bottom, 0, sizeof (bottom)); |
205 | memset (top, 0, sizeof (top)); | 174 | memset (top, 0, sizeof (top)); |
206 | 175 | ||
207 | strcat (top, "-----BEGIN "); /* Flawfinder: ignore */ | 176 | strcat ((char*) top, "-----BEGIN "); /* Flawfinder: ignore */ |
208 | strcat (top, msg); /* Flawfinder: ignore */ | 177 | strcat ((char*)top, msg); /* Flawfinder: ignore */ |
209 | strcat (top, "-----"); /* Flawfinder: ignore */ | 178 | strcat ((char*)top, "-----"); /* Flawfinder: ignore */ |
210 | 179 | ||
211 | strcat (bottom, "\n-----END "); /* Flawfinder: ignore */ | 180 | strcat ((char*)bottom, "\n-----END "); /* Flawfinder: ignore */ |
212 | strcat (bottom, msg); /* Flawfinder: ignore */ | 181 | strcat ((char*)bottom, msg); /* Flawfinder: ignore */ |
213 | strcat (bottom, "-----\n"); /* Flawfinder: ignore */ | 182 | strcat ((char*)bottom, "-----\n"); /* Flawfinder: ignore */ |
214 | 183 | ||
215 | top_len = strlen (top); | 184 | top_len = strlen ((char*)top); |
216 | bottom_len = strlen (bottom); | 185 | bottom_len = strlen ((char*)bottom); |
217 | 186 | ||
218 | ret = B64FSIZE (msglen, data_size); | 187 | ret = B64FSIZE (msglen, data_size); |
219 | 188 | ||
@@ -228,7 +197,7 @@ MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, | |||
228 | INCR (bytes, top_len); | 197 | INCR (bytes, top_len); |
229 | pos = top_len; | 198 | pos = top_len; |
230 | 199 | ||
231 | strcpy (*result, top); /* Flawfinder: ignore */ | 200 | strcpy ((char*)*result,(char*) top); /* Flawfinder: ignore */ |
232 | 201 | ||
233 | for (i = j = 0; i < data_size; i += 3, j += 4) | 202 | for (i = j = 0; i < data_size; i += 3, j += 4) |
234 | { | 203 | { |
@@ -286,82 +255,6 @@ MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, | |||
286 | return ret + 1; | 255 | return ret + 1; |
287 | } | 256 | } |
288 | 257 | ||
289 | /** | ||
290 | * MHD_gtls_pem_base64_encode - This function will convert raw data to Base64 encoded | ||
291 | * @msg: is a message to be put in the header | ||
292 | * @data: contain the raw data | ||
293 | * @result: the place where base64 data will be copied | ||
294 | * @result_size: holds the size of the result | ||
295 | * | ||
296 | * This function will convert the given data to printable data, using the base64 | ||
297 | * encoding. This is the encoding used in PEM messages. If the provided | ||
298 | * buffer is not long enough GNUTLS_E_SHORT_MEMORY_BUFFER is returned. | ||
299 | * | ||
300 | * The output string will be null terminated, although the size will not include | ||
301 | * the terminating null. | ||
302 | * | ||
303 | **/ | ||
304 | int | ||
305 | MHD_gtls_pem_base64_encode (const char *msg, const MHD_gnutls_datum_t * data, | ||
306 | char *result, size_t * result_size) | ||
307 | { | ||
308 | opaque *ret; | ||
309 | int size; | ||
310 | |||
311 | size = MHD__gnutls_fbase64_encode (msg, data->data, data->size, &ret); | ||
312 | if (size < 0) | ||
313 | return size; | ||
314 | |||
315 | if (result == NULL || *result_size < (unsigned) size) | ||
316 | { | ||
317 | MHD_gnutls_free (ret); | ||
318 | *result_size = size; | ||
319 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
320 | } | ||
321 | else | ||
322 | { | ||
323 | memcpy (result, ret, size); | ||
324 | MHD_gnutls_free (ret); | ||
325 | *result_size = size - 1; | ||
326 | } | ||
327 | |||
328 | return 0; | ||
329 | } | ||
330 | |||
331 | /** | ||
332 | * MHD_gtls_pem_base64_encode_alloc - This function will convert raw data to Base64 encoded | ||
333 | * @msg: is a message to be put in the encoded header | ||
334 | * @data: contains the raw data | ||
335 | * @result: will hold the newly allocated encoded data | ||
336 | * | ||
337 | * This function will convert the given data to printable data, using the base64 | ||
338 | * encoding. This is the encoding used in PEM messages. This function will | ||
339 | * allocate the required memory to hold the encoded data. | ||
340 | * | ||
341 | * You should use MHD_gnutls_free() to free the returned data. | ||
342 | * | ||
343 | **/ | ||
344 | int | ||
345 | MHD_gtls_pem_base64_encode_alloc (const char *msg, | ||
346 | const MHD_gnutls_datum_t * data, | ||
347 | MHD_gnutls_datum_t * result) | ||
348 | { | ||
349 | opaque *ret; | ||
350 | int size; | ||
351 | |||
352 | if (result == NULL) | ||
353 | return GNUTLS_E_INVALID_REQUEST; | ||
354 | |||
355 | size = MHD__gnutls_fbase64_encode (msg, data->data, data->size, &ret); | ||
356 | if (size < 0) | ||
357 | return size; | ||
358 | |||
359 | result->data = ret; | ||
360 | result->size = size - 1; | ||
361 | return 0; | ||
362 | } | ||
363 | |||
364 | |||
365 | /* decodes data and puts the result into result (locally allocated) | 258 | /* decodes data and puts the result into result (locally allocated) |
366 | * The result_size is the return value | 259 | * The result_size is the return value |
367 | */ | 260 | */ |
@@ -440,7 +333,7 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data, | |||
440 | if (header != NULL) | 333 | if (header != NULL) |
441 | MHD_gtls_str_cat (pem_header, sizeof (pem_header), header); | 334 | MHD_gtls_str_cat (pem_header, sizeof (pem_header), header); |
442 | 335 | ||
443 | rdata = MHD_memmem (data, data_size, pem_header, strlen (pem_header)); | 336 | rdata = memmem (data, data_size, pem_header, strlen (pem_header)); |
444 | 337 | ||
445 | if (rdata == NULL) | 338 | if (rdata == NULL) |
446 | { | 339 | { |
@@ -457,11 +350,11 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data, | |||
457 | return GNUTLS_E_BASE64_DECODING_ERROR; | 350 | return GNUTLS_E_BASE64_DECODING_ERROR; |
458 | } | 351 | } |
459 | 352 | ||
460 | kdata = MHD_memmem (rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1); | 353 | kdata = memmem (rdata, data_size, ENDSTR, sizeof (ENDSTR) - 1); |
461 | /* allow CR as well. | 354 | /* allow CR as well. |
462 | */ | 355 | */ |
463 | if (kdata == NULL) | 356 | if (kdata == NULL) |
464 | kdata = MHD_memmem (rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1); | 357 | kdata = memmem (rdata, data_size, ENDSTR2, sizeof (ENDSTR2) - 1); |
465 | 358 | ||
466 | if (kdata == NULL) | 359 | if (kdata == NULL) |
467 | { | 360 | { |
@@ -476,7 +369,7 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data, | |||
476 | 369 | ||
477 | /* position is now after the ---BEGIN--- headers */ | 370 | /* position is now after the ---BEGIN--- headers */ |
478 | 371 | ||
479 | kdata = MHD_memmem (rdata, data_size, bottom, strlen (bottom)); | 372 | kdata = memmem (rdata, data_size, bottom, strlen (bottom)); |
480 | if (kdata == NULL) | 373 | if (kdata == NULL) |
481 | { | 374 | { |
482 | MHD_gnutls_assert (); | 375 | MHD_gnutls_assert (); |
@@ -519,81 +412,3 @@ MHD__gnutls_fbase64_decode (const char *header, const opaque * data, | |||
519 | return ret; | 412 | return ret; |
520 | } | 413 | } |
521 | 414 | ||
522 | /** | ||
523 | * MHD_gtls_pem_base64_decode - This function will decode base64 encoded data | ||
524 | * @header: A null terminated string with the PEM header (eg. CERTIFICATE) | ||
525 | * @b64_data: contain the encoded data | ||
526 | * @result: the place where decoded data will be copied | ||
527 | * @result_size: holds the size of the result | ||
528 | * | ||
529 | * This function will decode the given encoded data. If the header given | ||
530 | * is non null this function will search for "-----BEGIN header" and decode | ||
531 | * only this part. Otherwise it will decode the first PEM packet found. | ||
532 | * | ||
533 | * Returns GNUTLS_E_SHORT_MEMORY_BUFFER if the buffer given is not long enough, | ||
534 | * or 0 on success. | ||
535 | **/ | ||
536 | int | ||
537 | MHD_gtls_pem_base64_decode (const char *header, | ||
538 | const MHD_gnutls_datum_t * b64_data, | ||
539 | unsigned char *result, size_t * result_size) | ||
540 | { | ||
541 | opaque *ret; | ||
542 | int size; | ||
543 | |||
544 | size = | ||
545 | MHD__gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret); | ||
546 | if (size < 0) | ||
547 | return size; | ||
548 | |||
549 | if (result == NULL || *result_size < (unsigned) size) | ||
550 | { | ||
551 | MHD_gnutls_free (ret); | ||
552 | *result_size = size; | ||
553 | return GNUTLS_E_SHORT_MEMORY_BUFFER; | ||
554 | } | ||
555 | else | ||
556 | { | ||
557 | memcpy (result, ret, size); | ||
558 | MHD_gnutls_free (ret); | ||
559 | *result_size = size; | ||
560 | } | ||
561 | |||
562 | return 0; | ||
563 | } | ||
564 | |||
565 | /** | ||
566 | * MHD_gtls_pem_base64_decode_alloc - This function will decode base64 encoded data | ||
567 | * @header: The PEM header (eg. CERTIFICATE) | ||
568 | * @b64_data: contains the encoded data | ||
569 | * @result: the place where decoded data lie | ||
570 | * | ||
571 | * This function will decode the given encoded data. The decoded data | ||
572 | * will be allocated, and stored into result. | ||
573 | * If the header given is non null this function will search for | ||
574 | * "-----BEGIN header" and decode only this part. Otherwise it will decode the | ||
575 | * first PEM packet found. | ||
576 | * | ||
577 | * You should use MHD_gnutls_free() to free the returned data. | ||
578 | * | ||
579 | **/ | ||
580 | int | ||
581 | MHD_gtls_pem_base64_decode_alloc (const char *header, | ||
582 | const MHD_gnutls_datum_t * b64_data, | ||
583 | MHD_gnutls_datum_t * result) | ||
584 | { | ||
585 | opaque *ret; | ||
586 | int size; | ||
587 | |||
588 | if (result == NULL) | ||
589 | return GNUTLS_E_INVALID_REQUEST; | ||
590 | |||
591 | size = | ||
592 | MHD__gnutls_fbase64_decode (header, b64_data->data, b64_data->size, &ret); | ||
593 | if (size < 0) | ||
594 | return size; | ||
595 | |||
596 | result->data = ret; | ||
597 | result->size = size; | ||
598 | return 0; | ||
599 | } | ||
diff --git a/src/daemon/https/tls/x509_b64.h b/src/daemon/https/tls/x509_b64.h index 8638420b..9cb27c86 100644 --- a/src/daemon/https/tls/x509_b64.h +++ b/src/daemon/https/tls/x509_b64.h | |||
@@ -22,8 +22,6 @@ | |||
22 | * | 22 | * |
23 | */ | 23 | */ |
24 | 24 | ||
25 | int MHD__gnutls_base64_encode (const uint8_t * data, size_t data_size, | ||
26 | uint8_t ** result); | ||
27 | int MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, | 25 | int MHD__gnutls_fbase64_encode (const char *msg, const uint8_t * data, |
28 | int data_size, uint8_t ** result); | 26 | int data_size, uint8_t ** result); |
29 | int MHD__gnutls_base64_decode (const uint8_t * data, size_t data_size, | 27 | int MHD__gnutls_base64_decode (const uint8_t * data, size_t data_size, |