diff options
| author | Laurent Bercot <ska-skaware@skarnet.org> | 2016-11-25 20:16:06 +0000 |
|---|---|---|
| committer | Laurent Bercot <ska-skaware@skarnet.org> | 2016-11-25 20:16:06 +0000 |
| commit | 8d532683386121e70810b0d7c6642cc2c2b89cb0 (patch) | |
| tree | 866010763c829a35b18603c5af58896bd14afd18 | |
| parent | 018025f0f36a4847df265c9948dbaf7073ed3245 (diff) | |
| download | s6-networking-8d532683386121e70810b0d7c6642cc2c2b89cb0.tar.xz | |
Fix build bugs. It builds!
Two things remain to do:
- how to pass SNI information to libtls
- how to detect cert issuer key type for ECC in bearssl
38 files changed, 166 insertions, 142 deletions
diff --git a/package/deps.mak b/package/deps.mak index 2f9d76f..f56b053 100644 --- a/package/deps.mak +++ b/package/deps.mak @@ -3,6 +3,7 @@ # src/include/s6-networking/s6net.h: src/include/s6-networking/ident.h +src/sbearssl/sbearssl-internal.h: src/include/s6-networking/sbearssl.h src/clock/s6-clockadd.o src/clock/s6-clockadd.lo: src/clock/s6-clockadd.c src/clock/s6-clockview.o src/clock/s6-clockview.lo: src/clock/s6-clockview.c src/clock/s6-sntpclock.o src/clock/s6-sntpclock.lo: src/clock/s6-sntpclock.c @@ -30,7 +31,7 @@ src/libs6net/s6net_ident_reply_parse.o src/libs6net/s6net_ident_reply_parse.lo: src/minidentd/mgetuid-default.o src/minidentd/mgetuid-default.lo: src/minidentd/mgetuid-default.c src/minidentd/mgetuid.h src/minidentd/mgetuid-linux.o src/minidentd/mgetuid-linux.lo: src/minidentd/mgetuid-linux.c src/minidentd/mgetuid.h src/minidentd/minidentd.o src/minidentd/minidentd.lo: src/minidentd/minidentd.c src/minidentd/mgetuid.h -src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_append.lo: src/sbearssl/sbearssl_append.c +src/sbearssl/sbearssl_append.o src/sbearssl/sbearssl_append.lo: src/sbearssl/sbearssl_append.c src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_cert_from.o src/sbearssl/sbearssl_cert_from.lo: src/sbearssl/sbearssl_cert_from.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_cert_readfile.o src/sbearssl/sbearssl_cert_readfile.lo: src/sbearssl/sbearssl_cert_readfile.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_cert_to.o src/sbearssl/sbearssl_cert_to.lo: src/sbearssl/sbearssl_cert_to.c src/include/s6-networking/sbearssl.h @@ -55,9 +56,9 @@ src/sbearssl/sbearssl_s6tlsd.o src/sbearssl/sbearssl_s6tlsd.lo: src/sbearssl/sbe src/sbearssl/sbearssl_skey_from.o src/sbearssl/sbearssl_skey_from.lo: src/sbearssl/sbearssl_skey_from.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_skey_readfile.o src/sbearssl/sbearssl_skey_readfile.lo: src/sbearssl/sbearssl_skey_readfile.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl_skey_to.o src/sbearssl/sbearssl_skey_to.lo: src/sbearssl/sbearssl_skey_to.c src/include/s6-networking/sbearssl.h -src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_cert.lo: src/sbearssl/sbearssl_ta_cert.c src/include/s6-networking/sbearssl.h +src/sbearssl/sbearssl_ta_cert.o src/sbearssl/sbearssl_ta_cert.lo: src/sbearssl/sbearssl_ta_cert.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ta_from.o src/sbearssl/sbearssl_ta_from.lo: src/sbearssl/sbearssl_ta_from.c src/include/s6-networking/sbearssl.h -src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readdir.lo: src/sbearssl/sbearssl_ta_readdir.c src/include/s6-networking/sbearssl.h +src/sbearssl/sbearssl_ta_readdir.o src/sbearssl/sbearssl_ta_readdir.lo: src/sbearssl/sbearssl_ta_readdir.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ta_readfile.o src/sbearssl/sbearssl_ta_readfile.lo: src/sbearssl/sbearssl_ta_readfile.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ta_readfile_internal.o src/sbearssl/sbearssl_ta_readfile_internal.lo: src/sbearssl/sbearssl_ta_readfile_internal.c src/include/s6-networking/sbearssl.h src/sbearssl/sbearssl-internal.h src/sbearssl/sbearssl_ta_to.o src/sbearssl/sbearssl_ta_to.lo: src/sbearssl/sbearssl_ta_to.c src/include/s6-networking/sbearssl.h diff --git a/package/targets.mak b/package/targets.mak index 5ab8c07..12f9065 100644 --- a/package/targets.mak +++ b/package/targets.mak @@ -36,15 +36,13 @@ BIN_TARGETS += s6-tlsclient s6-tlsc s6-tlsserver s6-tlsd ifeq ($(SSL_IMPL),tls) -LIB_DEFS += STLS=stls +LIB_DEFS += CRYPTOSUPPORT=stls CRYPTO_LIB := -ltls -lssl -lcrypto -LIBCRYPTOSUPPORT := -lstls else ifeq ($(SSL_IMPL),bearssl) -LIB_DEFS += SBEARSSL=sbearssl +LIB_DEFS += CRYPTOSUPPORT=sbearssl CRYPTO_LIB := -lbearssl -LIBCRYPTOSUPPORT := -lsbearssl endif endif diff --git a/src/conn-tools/s6-tlsc.c b/src/conn-tools/s6-tlsc.c index e2b6f7f..4476690 100644 --- a/src/conn-tools/s6-tlsc.c +++ b/src/conn-tools/s6-tlsc.c @@ -31,11 +31,12 @@ #endif -#define USAGE "s6-tlsc [ -S | -s ] [ -Y | -y ] [ -v verbosity ] [ -K timeout ] [ -6 rfd ] [ -7 wfd ] prog..." +#define USAGE "s6-tlsc [ -S | -s ] [ -Y | -y ] [ -v verbosity ] [ -K timeout ] [ -k servername ] [ -6 rfd ] [ -7 wfd ] prog..." #define dieusage() strerr_dieusage(100, USAGE) int main (int argc, char const *const *argv, char const *const *envp) { + char const *servername = 0 ; tain_t tto ; unsigned int verbosity = 1 ; uid_t uid = 0 ; @@ -50,7 +51,7 @@ int main (int argc, char const *const *argv, char const *const *envp) unsigned int t = 0 ; for (;;) { - register int opt = subgetopt_r(argc, argv, "SsYyv:K:6:7:", &l) ; + register int opt = subgetopt_r(argc, argv, "SsYyv:K:k:6:7:", &l) ; if (opt == -1) break ; switch (opt) { @@ -60,6 +61,7 @@ int main (int argc, char const *const *argv, char const *const *envp) case 'y' : preoptions |= 1 ; break ; case 'v' : if (!uint0_scan(l.arg, &verbosity)) dieusage() ; break ; case 'K' : if (!uint0_scan(l.arg, &t)) dieusage() ; break ; + case 'k' : servername = l.arg ; break ; case '6' : { unsigned int fd ; @@ -84,7 +86,7 @@ int main (int argc, char const *const *argv, char const *const *envp) if (!getuid()) { - x = env_get2(envp, "TLS_UID") ; + char const *x = env_get2(envp, "TLS_UID") ; if (x) { uint64 u ; @@ -98,5 +100,5 @@ int main (int argc, char const *const *argv, char const *const *envp) } } - return s6tlsc(argv, envp, &tto, preoptions, options, uid, gid, verbosity) ; + return s6tlsc(argv, envp, &tto, preoptions, options, uid, gid, verbosity, servername, fds) ; } diff --git a/src/conn-tools/s6-tlsclient.c b/src/conn-tools/s6-tlsclient.c index 6d2249a..a1cd75d 100644 --- a/src/conn-tools/s6-tlsclient.c +++ b/src/conn-tools/s6-tlsclient.c @@ -9,9 +9,9 @@ #include <skalibs/ip46.h> #include <s6-networking/config.h> -#define USAGE "s6-tlsclient [ options ] ip port prog...\n" \ +#define USAGE "s6-tlsclient [ options ] host port prog...\n" \ "s6-tcpclient options: [ -q | -Q | -v ] [ -4 | -6 ] [ -d | -D ] [ -r | -R ] [ -h | -H ] [ -n | -N ] [ -t timeout ] [ -l localname ] [ -T timeoutconn ] [ -i localip ] [ -p localport ]\n" \ -"s6-tlsc options: [ -S | -s ] [ -Y | -y ] [ -K timeout ]" +"s6-tlsc options: [ -S | -s ] [ -Y | -y ] [ -K timeout ] [ -k servername ]" #define dieusage() strerr_dieusage(100, USAGE) @@ -19,6 +19,7 @@ typedef struct options_s options_t, *options_t_ref ; struct options_s { char const *localname ; + char const *servername ; unsigned int timeout ; unsigned int ximeout ; unsigned int yimeout ; @@ -40,6 +41,7 @@ struct options_s #define OPTIONS_ZERO \ { \ .localname = 0, \ + .servername = 0, \ .timeout = 0, \ .ximeout = 2, \ .yimeout = 58, \ @@ -66,7 +68,7 @@ int main (int argc, char const *const *argv, char const *const *envp) subgetopt_t l = SUBGETOPT_ZERO ; for (;;) { - register int opt = subgetopt_r(argc, argv, "qQv46DdHhRrnNt:l:T:i:p:SsYyK:", &l) ; + register int opt = subgetopt_r(argc, argv, "qQv46DdHhRrnNt:l:T:i:p:SsYyK:k:", &l) ; if (opt == -1) break ; switch (opt) { @@ -78,7 +80,7 @@ int main (int argc, char const *const *argv, char const *const *envp) case 'D' : o.flagD = 1 ; break ; case 'd' : o.flagD = 0 ; break ; case 'H' : o.flagH = 1 ; break ; - case 'h' : o.flagh = 0 ; break ; + case 'h' : o.flagH = 0 ; break ; case 'R' : o.flagr = 0 ; break ; case 'r' : o.flagr = 1 ; break ; case 'n' : o.flagN = 0 ; break ; @@ -106,6 +108,7 @@ int main (int argc, char const *const *argv, char const *const *envp) case 'Y' : o.flagy = 0 ; break ; case 'y' : o.flagy = 1 ; break ; case 'K' : if (!uint0_scan(l.arg, &o.kimeout)) dieusage() ; break ; + case 'k' : o.servername = l.arg ; break ; default : dieusage() ; } } @@ -113,13 +116,20 @@ int main (int argc, char const *const *argv, char const *const *envp) if (argc < 3) dieusage() ; } + if (!o.servername && !o.flagH) + { + ip46full_t ip ; + if (!ip46full_scan(argv[0], &ip)) + o.servername = argv[0] ; + } + { unsigned int m = 0 ; unsigned int pos = 0 ; char fmt[UINT_FMT * 4 + UINT16_FMT + IP46_FMT] ; - char const *newargv[26 + argc] ; + char const *newargv[28 + argc] ; newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tcpclient" ; - if (o.verbosity != 1) newargv[m++] = o.verbosity ? "-v" ; "-q" ; + if (o.verbosity != 1) newargv[m++] = o.verbosity ? "-v" : "-q" ; if (o.flag4) newargv[m++] = "-4" ; if (o.flag6) newargv[m++] = "-6" ; if (o.flagD) newargv[m++] = "-D" ; @@ -172,6 +182,11 @@ int main (int argc, char const *const *argv, char const *const *envp) pos += uint_fmt(fmt + pos, o.kimeout) ; fmt[pos++] = 0 ; } + if (o.servername) + { + newargv[m++] = "-k" ; + newargv[m++] = o.servername ; + } newargv[m++] = "--" ; while (*argv) newargv[m++] = *argv++ ; newargv[m++] = 0 ; diff --git a/src/conn-tools/s6-tlsd.c b/src/conn-tools/s6-tlsd.c index 73758a2..6a6d4ef 100644 --- a/src/conn-tools/s6-tlsd.c +++ b/src/conn-tools/s6-tlsd.c @@ -68,7 +68,7 @@ int main (int argc, char const *const *argv, char const *const *envp) if (!getuid()) { - x = env_get2(envp, "TLS_UID") ; + char const *x = env_get2(envp, "TLS_UID") ; if (x) { uint64 u ; diff --git a/src/conn-tools/s6-tlsserver.c b/src/conn-tools/s6-tlsserver.c index 0154e24..5ba5b0c 100644 --- a/src/conn-tools/s6-tlsserver.c +++ b/src/conn-tools/s6-tlsserver.c @@ -105,7 +105,7 @@ int main (int argc, char const *const *argv, char const *const *envp) case 'D' : o.flagD = 1 ; o.doaccess = 1 ; break ; case 'd' : o.flagD = 0 ; break ; case 'H' : o.flagH = 1 ; o.doaccess = 1 ; break ; - case 'h' : o.flagh = 0 ; break ; + case 'h' : o.flagH = 0 ; break ; case 'R' : o.flagr = 0 ; break ; case 'r' : o.flagr = 1 ; o.doaccess = 1 ; break ; case 'P' : o.flagp = 0 ; break ; @@ -133,14 +133,14 @@ int main (int argc, char const *const *argv, char const *const *envp) char fmt[UINT_FMT * 5 + GID_FMT * (NGROUPS_MAX + 1) + UINT64_FMT] ; char const *newargv[44 + argc] ; newargv[m++] = S6_NETWORKING_BINPREFIX "s6-tcpserver" ; - if (o.verbosity != 1) newargv[m++] = o.verbosity ? "-v" ; "-q" ; + if (o.verbosity != 1) newargv[m++] = o.verbosity ? "-v" : "-q" ; if (o.flag46) newargv[m++] = o.flag46 == 1 ? "-4" : "-6" ; if (o.flag1) newargv[m++] = "-1" ; if (o.maxconn) { newargv[m++] = "-c" ; newargv[m++] = fmt + pos ; - pos += uint_fmt(fmt + pos, maxconn) ; + pos += uint_fmt(fmt + pos, o.maxconn) ; fmt[pos++] = 0 ; } if (o.localmaxconn) @@ -150,11 +150,11 @@ int main (int argc, char const *const *argv, char const *const *envp) pos += uint_fmt(fmt + pos, o.localmaxconn) ; fmt[pos++] = 0 ; } - if (backlog != (unsigned int)-1) + if (o.backlog != (unsigned int)-1) { newargv[m++] = "-b" ; newargv[m++] = fmt + pos ; - pos += uint_fmt(fmt + pos, backlog) ; + pos += uint_fmt(fmt + pos, o.backlog) ; fmt[pos++] = 0 ; } if (o.gidn != (unsigned int)-1) diff --git a/src/include/s6-networking/sbearssl.h b/src/include/s6-networking/sbearssl.h index a41ebd2..4589822 100644 --- a/src/include/s6-networking/sbearssl.h +++ b/src/include/s6-networking/sbearssl.h @@ -44,7 +44,7 @@ struct sbearssl_rsa_skey_s } ; extern int sbearssl_rsa_skey_from (sbearssl_rsa_skey *, br_rsa_private_key const *, stralloc *) ; -extern void sbearssl_rsa_privkey_to (sbearssl_rsa_skey const *, br_rsa_private_key *, char const *, size_t) ; +extern void sbearssl_rsa_skey_to (sbearssl_rsa_skey const *, br_rsa_private_key *, char *) ; typedef struct sbearssl_ec_skey_s sbearssl_ec_skey, *sbearssl_ec_skey_ref ; @@ -56,10 +56,10 @@ struct sbearssl_ec_skey_s } ; extern int sbearssl_ec_skey_from (sbearssl_ec_skey *, br_ec_private_key const *, stralloc *) ; -extern void sbearssl_ec_skey_to (sbearssl_ec_skey const *, br_ec_private_key *, char const *, size_t) ; +extern void sbearssl_ec_skey_to (sbearssl_ec_skey const *, br_ec_private_key *, char *) ; -union sbearssl_skey_data_u +union sbearssl_skey_u { sbearssl_rsa_skey rsa ; sbearssl_ec_skey ec ; @@ -86,7 +86,7 @@ struct br_skey_s } ; extern int sbearssl_skey_from (sbearssl_skey *, br_skey const *, stralloc *) ; -extern int sbearssl_skey_to (sbearssl_skey const *, br_skey *, char const *) ; +extern int sbearssl_skey_to (sbearssl_skey const *, br_skey *, char *) ; extern int sbearssl_skey_readfile (char const *, sbearssl_skey *, stralloc *) ; @@ -103,7 +103,7 @@ struct sbearssl_rsa_pkey_s } ; extern int sbearssl_rsa_pkey_from (sbearssl_rsa_pkey *, br_rsa_public_key const *, stralloc *) ; -extern void sbearssl_rsa_pkey_to (sbearssl_rsa_pkey const *, br_rsa_public_key *, char const *) ; +extern void sbearssl_rsa_pkey_to (sbearssl_rsa_pkey const *, br_rsa_public_key *, char *) ; typedef struct sbearssl_ec_pkey_s sbearssl_ec_pkey, *sbearssl_ec_pkey_ref ; @@ -115,12 +115,12 @@ struct sbearssl_ec_pkey_s } ; extern int sbearssl_ec_pkey_from (sbearssl_ec_pkey *, br_ec_public_key const *, stralloc *) ; -extern void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *, br_ec_public_key *, char const *) ; +extern void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *, br_ec_public_key *, char *) ; -union sbearssl_pkey_data_u +union sbearssl_pkey_u { -' sbearssl_rsa_pkey rsa ; + sbearssl_rsa_pkey rsa ; sbearssl_ec_pkey ec ; } ; @@ -132,7 +132,7 @@ struct sbearssl_pkey_s } ; extern int sbearssl_pkey_from (sbearssl_pkey *, br_x509_pkey const *, stralloc *) ; -extern int sbearssl_pkey_to (sbearssl_pkey const *, br_x509_pkey *, char const *) ; +extern int sbearssl_pkey_to (sbearssl_pkey const *, br_x509_pkey *, char *) ; /* Certificates (x509-encoded) */ @@ -145,7 +145,7 @@ struct sbearssl_cert_s } ; extern int sbearssl_cert_from (sbearssl_cert *, br_x509_certificate const *, stralloc *) ; -extern void sbearssl_cert_to (sbearssl_cert const *, br_x509_certificate *, char const *) ; +extern void sbearssl_cert_to (sbearssl_cert const *, br_x509_certificate *, char *) ; extern int sbearssl_cert_readfile (char const *, genalloc *, stralloc *) ; @@ -153,7 +153,7 @@ extern int sbearssl_cert_readfile (char const *, genalloc *, stralloc *) ; /* Generic PEM */ typedef struct sbearssl_pemobject_s sbearssl_pemobject, *sbearssl_pemobject_ref ; -struct sbearssl_s +struct sbearssl_pemobject_s { size_t name ; size_t data ; @@ -176,7 +176,7 @@ struct sbearssl_ta_s } ; extern int sbearssl_ta_from (sbearssl_ta *, br_x509_trust_anchor const *, stralloc *) ; -extern void sbearssl_ta_to (sbearssl_ta const *, br_x509_trust_anchor *, char const *) ; +extern void sbearssl_ta_to (sbearssl_ta const *, br_x509_trust_anchor *, char *) ; extern int sbearssl_ta_cert (sbearssl_ta *, sbearssl_cert const *, char const *, stralloc *) ; @@ -196,7 +196,7 @@ extern int sbearssl_run (br_ssl_engine_context *, int *, unsigned int, uint32, t /* s6-tlsc and s6-tlsd implementations */ -extern int sbearssl_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, int *) ; +extern int sbearssl_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, char const *, int *) ; extern int sbearssl_s6tlsd (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int) ; #endif diff --git a/src/include/s6-networking/stls.h b/src/include/s6-networking/stls.h index 80c3df2..dff3bcf 100644 --- a/src/include/s6-networking/stls.h +++ b/src/include/s6-networking/stls.h @@ -17,7 +17,7 @@ extern int stls_run (struct tls *, int *, unsigned int, uint32_t, tain_t const * /* s6-tlsc and s6-tlsd implementations */ -extern int stls_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, int *) ; +extern int stls_s6tlsc (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int, char const *, int *) ; extern int stls_s6tlsd (char const *const *, char const *const *, tain_t const *, uint32_t, uint32_t, uid_t, gid_t, unsigned int) ; #endif diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h index bffcb16..d2757b1 100644 --- a/src/sbearssl/sbearssl-internal.h +++ b/src/sbearssl/sbearssl-internal.h @@ -7,6 +7,7 @@ #include <bearssl.h> #include <skalibs/stralloc.h> #include <skalibs/genalloc.h> +#include <s6-networking/sbearssl.h> typedef struct sbearssl_strallocerr_s sbearssl_strallocerr, *sbearssl_strallocerr_ref ; struct sbearssl_strallocerr_s diff --git a/src/sbearssl/sbearssl_append.c b/src/sbearssl/sbearssl_append.c index d0a6d64..ae4aac0 100644 --- a/src/sbearssl/sbearssl_append.c +++ b/src/sbearssl/sbearssl_append.c @@ -3,7 +3,7 @@ #include <sys/types.h> #include <errno.h> #include <skalibs/stralloc.h> -#include "sbearssl-internal.h> +#include "sbearssl-internal.h" void sbearssl_append (void *stuff, void const *src, size_t len) { diff --git a/src/sbearssl/sbearssl_cert_from.c b/src/sbearssl/sbearssl_cert_from.c index b57dca6..3822e05 100644 --- a/src/sbearssl/sbearssl_cert_from.c +++ b/src/sbearssl/sbearssl_cert_from.c @@ -6,7 +6,7 @@ int sbearssl_cert_from (sbearssl_cert *sc, br_x509_certificate const *bc, stralloc *sa) { - if (!stralloc_catb(sa, bc->data, bc->data_len)) return 0 ; + if (!stralloc_catb(sa, (char const *)bc->data, bc->data_len)) return 0 ; sc->data = sa->len - bc->data_len ; sc->datalen = bc->data_len ; return 1 ; diff --git a/src/sbearssl/sbearssl_cert_readfile.c b/src/sbearssl/sbearssl_cert_readfile.c index 6090624..6cc78c1 100644 --- a/src/sbearssl/sbearssl_cert_readfile.c +++ b/src/sbearssl/sbearssl_cert_readfile.c @@ -10,7 +10,7 @@ #include <skalibs/djbunix.h> #include <s6-networking/sbearssl.h> -int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ; +int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) { char buf[BUFFER_INSIZE] ; int fd = open_readb(fn) ; @@ -18,12 +18,14 @@ int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ; genalloc pems = GENALLOC_ZERO ; sbearssl_pemobject *p ; size_t certsbase = genalloc_len(sbearssl_cert, certs) ; + size_t sabase = sa->len ; size_t n ; size_t i = 0 ; int certswasnull = !genalloc_s(sbearssl_cert, certs) ; + int sawasnull = !sa->s ; int r ; if (fd < 0) return -1 ; - r = sbearssl_pem_decode_from_buffer(buf, n, &pems, sa) ; + r = sbearssl_pem_decode_from_buffer(&b, &pems, sa) ; if (r) { fd_close(fd) ; return r ; } fd_close(fd) ; p = genalloc_s(sbearssl_pemobject, &pems) ; @@ -46,7 +48,8 @@ int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ; fail: if (certswasnull) genalloc_free(sbearssl_cert, certs) ; else genalloc_setlen(sbearssl_cert, certs, certsbase) ; - stralloc_free(&sa) ; - genalloc_free(sbearssl_pemobject, pems) ; + if (sawasnull) stralloc_free(sa) ; + else sa->len = sabase ; + genalloc_free(sbearssl_pemobject, &pems) ; return r ; } diff --git a/src/sbearssl/sbearssl_cert_to.c b/src/sbearssl/sbearssl_cert_to.c index ee0eeeb..1ab2d00 100644 --- a/src/sbearssl/sbearssl_cert_to.c +++ b/src/sbearssl/sbearssl_cert_to.c @@ -3,8 +3,8 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_cert_to (sbearssl_cert const *sc, br_x509_certificate *bc, char const *s) +void sbearssl_cert_to (sbearssl_cert const *sc, br_x509_certificate *bc, char *s) { - bc->data = s + sc->data ; + bc->data = (unsigned char *)s + sc->data ; bc->data_len = sc->datalen ; } diff --git a/src/sbearssl/sbearssl_ec_pkey_from.c b/src/sbearssl/sbearssl_ec_pkey_from.c index 55c5651..fb97bfb 100644 --- a/src/sbearssl/sbearssl_ec_pkey_from.c +++ b/src/sbearssl/sbearssl_ec_pkey_from.c @@ -6,7 +6,7 @@ int sbearssl_ec_pkey_from (sbearssl_ec_pkey *l, br_ec_public_key const *k, stralloc *sa) { - if (!stralloc_catb(sa, k->q, k->qlen)) return 0 ; + if (!stralloc_catb(sa, (char const *)k->q, k->qlen)) return 0 ; l->curve = k->curve ; l->q = sa->len - k->qlen ; l->qlen = k->qlen ; diff --git a/src/sbearssl/sbearssl_ec_pkey_to.c b/src/sbearssl/sbearssl_ec_pkey_to.c index 4cc1e65..df3d799 100644 --- a/src/sbearssl/sbearssl_ec_pkey_to.c +++ b/src/sbearssl/sbearssl_ec_pkey_to.c @@ -3,9 +3,9 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *l, br_ec_public_key *k, char const *s) +void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *l, br_ec_public_key *k, char *s) { k->curve = l->curve ; - k->q = s + l->q ; + k->q = (unsigned char *)s + l->q ; k->qlen = l->qlen ; } diff --git a/src/sbearssl/sbearssl_ec_skey_from.c b/src/sbearssl/sbearssl_ec_skey_from.c index 79c326f..b579f7d 100644 --- a/src/sbearssl/sbearssl_ec_skey_from.c +++ b/src/sbearssl/sbearssl_ec_skey_from.c @@ -6,7 +6,7 @@ int sbearssl_ec_skey_from (sbearssl_ec_skey *l, br_ec_private_key const *k, stralloc *sa) { - if (!stralloc_catb(sa, k->x, k->xlen)) return 0 ; + if (!stralloc_catb(sa, (char const *)k->x, k->xlen)) return 0 ; l->curve = k->curve ; l->x = sa->len - k->xlen ; l->xlen = k->xlen ; diff --git a/src/sbearssl/sbearssl_ec_skey_to.c b/src/sbearssl/sbearssl_ec_skey_to.c index 54b059c..7cba7ba 100644 --- a/src/sbearssl/sbearssl_ec_skey_to.c +++ b/src/sbearssl/sbearssl_ec_skey_to.c @@ -3,9 +3,9 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_ec_skey_to (sbearssl_ec_skey const *l, br_ec_private_key *k, char const *s) +void sbearssl_ec_skey_to (sbearssl_ec_skey const *l, br_ec_private_key *k, char *s) { k->curve = l->curve ; - k->x = s + l->x ; + k->x = (unsigned char *)s + l->x ; k->xlen = l->xlen ; } diff --git a/src/sbearssl/sbearssl_error_str.c b/src/sbearssl/sbearssl_error_str.c index 7e1e22c..7d2fd21 100644 --- a/src/sbearssl/sbearssl_error_str.c +++ b/src/sbearssl/sbearssl_error_str.c @@ -265,7 +265,7 @@ static struct error_s errors[] = BR_ERR_X509_BAD_BOOLEAN, "Decoding error: BOOLEAN value has invalid length." " (BR_ERR_X509_BAD_BOOLEAN)" - } + }, { BR_ERR_X509_OVERFLOW, "Decoding error: value is off-limits." diff --git a/src/sbearssl/sbearssl_pem_push.c b/src/sbearssl/sbearssl_pem_push.c index b4903de..cd9eba5 100644 --- a/src/sbearssl/sbearssl_pem_push.c +++ b/src/sbearssl/sbearssl_pem_push.c @@ -16,11 +16,11 @@ int sbearssl_pem_push (br_pem_decoder_context *ctx, char const *s, size_t len, s s += tlen ; len -= tlen ; switch (br_pem_decoder_event(ctx)) { - case BR_PEM_BEGIN_OBJ ; + case BR_PEM_BEGIN_OBJ : po->name = blah->sa->len ; if (!stralloc_cats(blah->sa, br_pem_decoder_name(ctx)) || !stralloc_0(blah->sa)) return -1 ; po->data = blah->sa->len ; - br_pem_decoder_setdest(&ctx, &sbearssl_append, blah) ; + br_pem_decoder_setdest(ctx, &sbearssl_append, blah) ; *inobj = 1 ; break ; case BR_PEM_END_OBJ : diff --git a/src/sbearssl/sbearssl_pkey_from.c b/src/sbearssl/sbearssl_pkey_from.c index e9745e8..a1d1076 100644 --- a/src/sbearssl/sbearssl_pkey_from.c +++ b/src/sbearssl/sbearssl_pkey_from.c @@ -5,15 +5,15 @@ #include <skalibs/stralloc.h> #include <s6-networking/sbearssl.h> -int sbearssl_pkey_from (sbearssl_pkey *l, br_x509_key const *k, stralloc *sa) +int sbearssl_pkey_from (sbearssl_pkey *l, br_x509_pkey const *k, stralloc *sa) { switch (k->key_type) { case BR_KEYTYPE_RSA : - if (!sbearssl_rsa_pkey_from(&l->data.rsa, &k->key.rsa, sa) return 0 ; + if (!sbearssl_rsa_pkey_from(&l->data.rsa, &k->key.rsa, sa)) return 0 ; break ; case BR_KEYTYPE_EC : - if (!sbearssl_ec_pkey_from(&l->data.ec, &k->key.ec, sa) return 0 ; + if (!sbearssl_ec_pkey_from(&l->data.ec, &k->key.ec, sa)) return 0 ; break ; default : return (errno = EINVAL, 0) ; diff --git a/src/sbearssl/sbearssl_pkey_to.c b/src/sbearssl/sbearssl_pkey_to.c index 491901b..54570aa 100644 --- a/src/sbearssl/sbearssl_pkey_to.c +++ b/src/sbearssl/sbearssl_pkey_to.c @@ -4,7 +4,7 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -int sbearssl_pkey_to (sbearssl_pkey const *l, br_x509_pkey *k, char const *s) +int sbearssl_pkey_to (sbearssl_pkey const *l, br_x509_pkey *k, char *s) { switch (l->type) { diff --git a/src/sbearssl/sbearssl_rsa_pkey_from.c b/src/sbearssl/sbearssl_rsa_pkey_from.c index a991f0c..3032bb3 100644 --- a/src/sbearssl/sbearssl_rsa_pkey_from.c +++ b/src/sbearssl/sbearssl_rsa_pkey_from.c @@ -6,12 +6,12 @@ int sbearssl_rsa_pkey_from (sbearssl_rsa_pkey *l, br_rsa_public_key const *k, stralloc *sa) { - if (!stralloc_readyplus(k->nlen + k->elen)) return 0 ; + if (!stralloc_readyplus(sa, k->nlen + k->elen)) return 0 ; l->n = sa->len ; - stralloc_catb(sa, k->n, k->nlen) ; + stralloc_catb(sa, (char const *)k->n, k->nlen) ; l->nlen = k->nlen ; l->e = sa->len ; - stralloc_catb(sa, k->e, k->elen) ; + stralloc_catb(sa, (char const *)k->e, k->elen) ; l->elen = k->elen ; return 1 ; } diff --git a/src/sbearssl/sbearssl_rsa_pkey_to.c b/src/sbearssl/sbearssl_rsa_pkey_to.c index 13d567e..2f80997 100644 --- a/src/sbearssl/sbearssl_rsa_pkey_to.c +++ b/src/sbearssl/sbearssl_rsa_pkey_to.c @@ -3,10 +3,10 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_rsa_pkey_ro (sbearssl_rsa_pkey const *l, br_rsa_public_key *k, char const *s) +void sbearssl_rsa_pkey_to (sbearssl_rsa_pkey const *l, br_rsa_public_key *k, char *s) { - k->n = s + l->n ; + k->n = (unsigned char *)s + l->n ; k->nlen = l->nlen ; - k->e = s + l->e ; + k->e = (unsigned char *)s + l->e ; k->elen = l->elen ; } diff --git a/src/sbearssl/sbearssl_rsa_skey_from.c b/src/sbearssl/sbearssl_rsa_skey_from.c index 3e6a04b..c9f1c0c 100644 --- a/src/sbearssl/sbearssl_rsa_skey_from.c +++ b/src/sbearssl/sbearssl_rsa_skey_from.c @@ -7,22 +7,22 @@ int sbearssl_rsa_skey_from (sbearssl_rsa_skey *l, br_rsa_private_key const *k, stralloc *sa) { - if (!stralloc_readyplus(k->plen + k->qlen + k->dplen + k->dqlen + k->iqlen)) return 0 ; + if (!stralloc_readyplus(sa, k->plen + k->qlen + k->dplen + k->dqlen + k->iqlen)) return 0 ; l->n_bitlen = k->n_bitlen ; l->p = sa->len ; - stralloc_catb(sa, k->p, k->plen) ; + stralloc_catb(sa, (char const *)k->p, k->plen) ; l->plen = k->plen ; l->q = sa->len ; - stralloc_catb(sa, k->q, k->qlen) ; + stralloc_catb(sa, (char const *)k->q, k->qlen) ; l->qlen = k->qlen ; l->dp = sa->len ; - stralloc_catb(sa, k->dp, k->dplen) ; + stralloc_catb(sa, (char const *)k->dp, k->dplen) ; l->dplen = k->dplen ; l->dq = sa->len ; - stralloc_catb(sa, k->dq, k->dqlen) ; + stralloc_catb(sa, (char const *)k->dq, k->dqlen) ; l->dqlen = k->dqlen ; l->iq = sa->len ; - stralloc_catb(sa, k->iq, k->iqlen) ; + stralloc_catb(sa, (char const *)k->iq, k->iqlen) ; l->iqlen = k->iqlen ; return 1 ; } diff --git a/src/sbearssl/sbearssl_rsa_skey_to.c b/src/sbearssl/sbearssl_rsa_skey_to.c index 3c4139b..93c90b0 100644 --- a/src/sbearssl/sbearssl_rsa_skey_to.c +++ b/src/sbearssl/sbearssl_rsa_skey_to.c @@ -3,17 +3,17 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_rsa_skey (sbearssl_rsa_skey const *l, br_rsa_private_key *k, char const *s) +void sbearssl_rsa_skey_to (sbearssl_rsa_skey const *l, br_rsa_private_key *k, char *s) { k->n_bitlen = l->n_bitlen ; - k->p = s + l->p ; + k->p = (unsigned char *)s + l->p ; k->plen = l->plen ; - k->q = s + l->q ; + k->q = (unsigned char *)s + l->q ; k->qlen = l->qlen ; - k->dp = s + l->dp ; + k->dp = (unsigned char *)s + l->dp ; k->dplen = l->dplen ; - k->dq = s + l->dq ; + k->dq = (unsigned char *)s + l->dq ; k->dqlen = l->dqlen ; - k->iq = s + l->iq ; + k->iq = (unsigned char *)s + l->iq ; k->iqlen = l->iqlen ; } diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c index af221b5..3ea4a95 100644 --- a/src/sbearssl/sbearssl_run.c +++ b/src/sbearssl/sbearssl_run.c @@ -31,30 +31,30 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, unsigned int state = br_ssl_engine_current_state(ctx) ; int r ; - tain_add_g(&deadline, isopen[0] && isopen[1] && state & (BR_SSL_SENDAPP | BR_SSL_REVREC) ? tto : &tain_infinite_relative) ; + tain_add_g(&deadline, fds[0] >= 0 && fds[2] >= 0 && state & (BR_SSL_SENDAPP | BR_SSL_RECVREC) ? tto : &tain_infinite_relative) ; - if (fds[0] >= 0 && st & BR_SSL_SENDAPP) + if (fds[0] >= 0 && state & BR_SSL_SENDAPP) { x[j].fd = fds[0] ; x[j].events = IOPAUSE_READ ; xindex[0] = j++ ; } else xindex[0] = 4 ; - if (fds[1] >= 0 && st & BR_SSL_RECVAPP) + if (fds[1] >= 0 && state & BR_SSL_RECVAPP) { x[j].fd = fds[1] ; x[j].events = IOPAUSE_WRITE ; xindex[1] = j++ ; } else xindex[1] = 4 ; - if (fds[2] >= 0 && st & BR_SSL_RECVREC) + if (fds[2] >= 0 && state & BR_SSL_RECVREC) { x[j].fd = fds[2] ; x[j].events = IOPAUSE_READ ; xindex[2] = j++ ; } else xindex[2] = 4 ; - if (fds[3] >= 0 && st & BR_SSL_SENDREC) + if (fds[3] >= 0 && state & BR_SSL_SENDREC) { x[j].fd = fds[3] ; x[j].events = IOPAUSE_WRITE ; @@ -68,7 +68,7 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, else if (!r) { fd_close(fds[0]) ; fds[0] = -1 ; - br_ssl_engine_close(&ctx) ; + br_ssl_engine_close(ctx) ; continue ; } @@ -82,8 +82,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_RECVAPP && x[xindex[1]].revents & IOPAUSE_WRITE) { size_t len ; - char const *s = br_ssl_engine_recvapp_buf(ctx, &len) ; - size_t w = allwrite(fds[1], s, len) ; + unsigned char const *s = br_ssl_engine_recvapp_buf(ctx, &len) ; + size_t w = allwrite(fds[1], (char const *)s, len) ; if (!w) { if (!error_isagain(errno)) @@ -106,8 +106,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_SENDREC && x[xindex[3]].revents & IOPAUSE_WRITE) { size_t len ; - char const *s = br_ssl_engine_sendrec_buf(ctx, &len) ; - size_t w = allwrite(fds[3], s, len) ; + unsigned char const *s = br_ssl_engine_sendrec_buf(ctx, &len) ; + size_t w = allwrite(fds[3], (char const *)s, len) ; if (!w) { if (!error_isagain(errno)) @@ -131,8 +131,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_SENDAPP & x[xindex[0]].revents & IOPAUSE_READ) { size_t len ; - char *s = br_ssl_engine_sendapp_buf(ctx, &len) ; - size_t w = allread(fds[0], s, len) ; + unsigned char *s = br_ssl_engine_sendapp_buf(ctx, &len) ; + size_t w = allread(fds[0], (char *)s, len) ; if (!w) { if (!error_isagain(errno)) @@ -160,8 +160,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_RECVREC & x[xindex[2]].revents & IOPAUSE_READ) { size_t len ; - char *s = br_ssl_engine_recvrec_buf(ctx, &len) ; - size_t w = allread(fds[2], s, len) ; + unsigned char *s = br_ssl_engine_recvrec_buf(ctx, &len) ; + size_t w = allread(fds[2], (char *)s, len) ; if (!w) { if (!error_isagain(errno)) diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c index a8a6582..8bc8f65 100644 --- a/src/sbearssl/sbearssl_s6tlsc.c +++ b/src/sbearssl/sbearssl_s6tlsc.c @@ -13,35 +13,37 @@ #include <skalibs/random.h> #include <s6-networking/sbearssl.h> -int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, int *sfd) +int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd) { int fds[4] = { sfd[0], sfd[1], sfd[0], sfd[1] } ; stralloc storage = STRALLOC_ZERO ; genalloc tas = GENALLOC_ZERO ; - size_t chainlen ; - int r ; + size_t talen ; if (preoptions & 1) strerr_dief1x(100, "client certificates are not supported by BearSSL yet") ; - x = env_get2(envp, "CADIR") ; - if (x) - r = sbearssl_ta_readdir(x, &tas, &storage) ; - else { - x = env_get2(envp, "CAFILE") ; - if (!x) strerr_dienotset(100, "CADIR or CAFILE") ; - r = sbearssl_ta_readfile(x, &tas, &storage) ; - } + int r ; + char const *x = env_get2(envp, "CADIR") ; + if (x) + r = sbearssl_ta_readdir(x, &tas, &storage) ; + else + { + x = env_get2(envp, "CAFILE") ; + if (!x) strerr_dienotset(100, "CADIR or CAFILE") ; + r = sbearssl_ta_readfile(x, &tas, &storage) ; + } - if (r < 0) - strerr_diefu2sys(111, "read trust anchors in ", x) ; - else if (r) - strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ; + if (r < 0) + strerr_diefu2sys(111, "read trust anchors in ", x) ; + else if (r) + strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ; - talen = genalloc_len(sbearssl_ta, &tas) ; - if (!talen) - strerr_dief2x(96, "no trust anchor found in ", x) ; + talen = genalloc_len(sbearssl_ta, &tas) ; + if (!talen) + strerr_dief2x(96, "no trust anchor found in ", x) ; + } { unsigned char buf[BR_SSL_BUFSIZE_BIDI] ; @@ -59,7 +61,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co if (!random_init()) strerr_diefu1sys(111, "initialize random generator") ; - random_string(buf, 32) ; + random_string((char *)buf, 32) ; br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ; random_finish() ; @@ -68,7 +70,8 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ; br_ssl_engine_set_buffer(&cc.eng, buf, sizeof(buf), 1) ; - br_ssl_client_reset(&cc) ; + if (!br_ssl_client_reset(&cc, servername, 0)) + strerr_diefu2x(97, "reset client context: ", sbearssl_error_str(br_ssl_engine_last_error(&cc.eng))) ; { int wstat ; diff --git a/src/sbearssl/sbearssl_s6tlsd.c b/src/sbearssl/sbearssl_s6tlsd.c index 1bc1114..1198349 100644 --- a/src/sbearssl/sbearssl_s6tlsd.c +++ b/src/sbearssl/sbearssl_s6tlsd.c @@ -62,12 +62,12 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co switch (skey.type) { case BR_KEYTYPE_RSA : - sbearssl_rsa_skey_to(&skey.rsa, &key.rsa, storage.s) ; + sbearssl_rsa_skey_to(&skey.data.rsa, &key.rsa, storage.s) ; br_ssl_server_init_full_rsa(&sc, chain, chainlen, &key.rsa) ; break ; case BR_KEYTYPE_EC : - sbearssl_ec_skey_to(&skey.ec, &key.ec, storage.s) ; - br_ssl_server_init_full_ec(&sc, chain, chainlen, &key.ec) ; + sbearssl_ec_skey_to(&skey.data.ec, &key.ec, storage.s) ; + br_ssl_server_init_full_ec(&sc, chain, chainlen, BR_KEYTYPE_EC, &key.ec) ; break ; default : strerr_dief1x(96, "unsupported private key type") ; @@ -75,7 +75,7 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co if (!random_init()) strerr_diefu1sys(111, "initialize random generator") ; - random_string(buf, 32) ; + random_string((char *)buf, 32) ; br_ssl_engine_inject_entropy(&sc.eng, buf, 32) ; random_finish() ; diff --git a/src/sbearssl/sbearssl_skey_from.c b/src/sbearssl/sbearssl_skey_from.c index 26b2788..b1bc938 100644 --- a/src/sbearssl/sbearssl_skey_from.c +++ b/src/sbearssl/sbearssl_skey_from.c @@ -10,10 +10,10 @@ int sbearssl_skey_from (sbearssl_skey *l, br_skey const *k, stralloc *sa) switch (k->type) { case BR_KEYTYPE_RSA : - if (!sbearssl_rsa_skey_from(&l->data.rsa, &k->data.rsa, sa) return 0 ; + if (!sbearssl_rsa_skey_from(&l->data.rsa, &k->data.rsa, sa)) return 0 ; break ; case BR_KEYTYPE_EC : - if (!sbearssl_ec_pkey_from(&l->data.ec, &k->data.ec, sa) return 0 ; + if (!sbearssl_ec_skey_from(&l->data.ec, &k->data.ec, sa)) return 0 ; break ; default : return (errno = EINVAL, 0) ; diff --git a/src/sbearssl/sbearssl_skey_readfile.c b/src/sbearssl/sbearssl_skey_readfile.c index 64ac28d..d5cf2b5 100644 --- a/src/sbearssl/sbearssl_skey_readfile.c +++ b/src/sbearssl/sbearssl_skey_readfile.c @@ -22,17 +22,17 @@ static int decode_key (sbearssl_skey *key, char const *s, size_t len, stralloc * { case 0 : return br_skey_decoder_last_error(&ctx) ; case BR_KEYTYPE_RSA : - if (!sbearssl_rsa_skey_from(&key->data.rsa, ctx.key.rsa, sa) return -1 ; + if (!sbearssl_rsa_skey_from(&key->data.rsa, &ctx.key.rsa, sa)) return -1 ; break ; case BR_KEYTYPE_EC : - if (!sbearssl_ec_skey_from(&key->data.ec, ctx.key.ec, sa) return -1 ; + if (!sbearssl_ec_skey_from(&key->data.ec, &ctx.key.ec, sa)) return -1 ; break ; } key->type = ktype ; return 0 ; } -int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ; +int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) { char buf[MAXKEYFILESIZE] ; stralloc tmp = STRALLOC_ZERO ; @@ -40,10 +40,10 @@ int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ; sbearssl_pemobject *p ; size_t n ; size_t i = 0 ; - int r = openreadnclose(fn, buf, MAKKEYFILESIZE) ; + int r = openreadnclose(fn, buf, MAXKEYFILESIZE) ; if (r < 0) return r ; n = r ; - if (sbearssl_isder(buf, n)) return decode_key(key, buf, n) ; + if (sbearssl_isder((unsigned char *)buf, n)) return decode_key(key, buf, n, sa) ; r = sbearssl_pem_decode_from_string(buf, n, &list, &tmp) ; if (r) return r ; p = genalloc_s(sbearssl_pemobject, &list) ; @@ -66,6 +66,6 @@ int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ; r = -1 ; errno = EINVAL ; fail: stralloc_free(&tmp) ; - genalloc_free(sbearssl_pemobject, list) ; + genalloc_free(sbearssl_pemobject, &list) ; return r ; } diff --git a/src/sbearssl/sbearssl_skey_to.c b/src/sbearssl/sbearssl_skey_to.c index 9886606..b588578 100644 --- a/src/sbearssl/sbearssl_skey_to.c +++ b/src/sbearssl/sbearssl_skey_to.c @@ -4,15 +4,15 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -int sbearssl_skey_to (sbearssl_skey const *l, br_skey *k, char const *s) +int sbearssl_skey_to (sbearssl_skey const *l, br_skey *k, char *s) { switch (l->type) { case BR_KEYTYPE_RSA : - sbearssl_rsa_pkey_to(&l->data.rsa, &k->data.rsa, s) ; + sbearssl_rsa_skey_to(&l->data.rsa, &k->data.rsa, s) ; break ; case BR_KEYTYPE_EC : - sbearssl_ec_pkey_to(&l->data.ec, &k->data.ec, s) ; + sbearssl_ec_skey_to(&l->data.ec, &k->data.ec, s) ; break ; default : return (errno = EINVAL, 0) ; diff --git a/src/sbearssl/sbearssl_ta_cert.c b/src/sbearssl/sbearssl_ta_cert.c index d8f26e5..82019ef 100644 --- a/src/sbearssl/sbearssl_ta_cert.c +++ b/src/sbearssl/sbearssl_ta_cert.c @@ -5,6 +5,7 @@ #include <bearssl.h> #include <skalibs/stralloc.h> #include <s6-networking/sbearssl.h> +#include "sbearssl-internal.h" int sbearssl_ta_cert (sbearssl_ta *ta, sbearssl_cert const *cert, char const *certstorage, stralloc *tastorage) { @@ -13,15 +14,14 @@ int sbearssl_ta_cert (sbearssl_ta *ta, sbearssl_cert const *cert, char const *ce struct sbearssl_strallocerr_s blah = { .sa = tastorage } ; size_t tastoragebase = tastorage->len ; int tastoragewasnull = !tastorage->s ; - br_x509_pkey bpk ; - int r ; + br_x509_pkey *bpk ; + int r = -1 ; br_x509_decoder_init(&ctx, &sbearssl_append, &blah) ; br_x509_decoder_push(&ctx, certstorage + cert->data, cert->datalen) ; - if (blah->err) + if (blah.err) { - r = -1 ; - errno = blah->err ; + errno = blah.err ; goto fail ; } bpk = br_x509_decoder_get_pkey(&ctx) ; diff --git a/src/sbearssl/sbearssl_ta_from.c b/src/sbearssl/sbearssl_ta_from.c index d044c27..001b958 100644 --- a/src/sbearssl/sbearssl_ta_from.c +++ b/src/sbearssl/sbearssl_ta_from.c @@ -9,8 +9,8 @@ int sbearssl_ta_from (sbearssl_ta *l, br_x509_trust_anchor const *k, stralloc *s { size_t sabase = sa->len ; int sawasnull = !sa->s ; - sbearssl_ta ta = { .dn = sa->len, .dnlen = k->dn_len, .flags = k.flags } ; - if (!stralloc_catb(sa, k->dn, k->dn_len)) return 0 ; + sbearssl_ta ta = { .dn = sa->len, .dnlen = k->dn_len, .flags = k->flags } ; + if (!stralloc_catb(sa, (char const *)k->dn, k->dn_len)) return 0 ; if (!sbearssl_pkey_from(&ta.pkey, &k->pkey, sa)) goto fail ; *l = ta ; return 1 ; diff --git a/src/sbearssl/sbearssl_ta_readdir.c b/src/sbearssl/sbearssl_ta_readdir.c index 9821dd2..3d01dc8 100644 --- a/src/sbearssl/sbearssl_ta_readdir.c +++ b/src/sbearssl/sbearssl_ta_readdir.c @@ -8,6 +8,7 @@ #include <skalibs/direntry.h> #include <skalibs/djbunix.h> #include <s6-networking/sbearssl.h> +#include "sbearssl-internal.h" int sbearssl_ta_readdir (char const *dirfn, genalloc *taga, stralloc *tasa) { diff --git a/src/sbearssl/sbearssl_ta_readfile_internal.c b/src/sbearssl/sbearssl_ta_readfile_internal.c index acbba9a..70a0453 100644 --- a/src/sbearssl/sbearssl_ta_readfile_internal.c +++ b/src/sbearssl/sbearssl_ta_readfile_internal.c @@ -16,7 +16,7 @@ int sbearssl_ta_readfile_internal (char const *file, genalloc *taga, stralloc *t size_t tagabase = genalloc_len(sbearssl_ta, taga) ; int tasawasnull = !tasa->s ; int tagawasnull = !genalloc_s(sbearssl_ta, taga) ; - int r = sbearssl_cert_read(file, certga, certsa) ; + int r = sbearssl_cert_readfile(file, certga, certsa) ; sbearssl_cert *p = genalloc_s(sbearssl_cert, certga) ; size_t n = genalloc_len(sbearssl_cert, certga) ; if (r) return r ; diff --git a/src/sbearssl/sbearssl_ta_to.c b/src/sbearssl/sbearssl_ta_to.c index 4714b47..8c37119 100644 --- a/src/sbearssl/sbearssl_ta_to.c +++ b/src/sbearssl/sbearssl_ta_to.c @@ -3,9 +3,9 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_ta_to (sbearssl_ta const *sta, br_x509_trust_anchor *bta, char const *s) +void sbearssl_ta_to (sbearssl_ta const *sta, br_x509_trust_anchor *bta, char *s) { - bta->dn = s + sta->dn ; + bta->dn = (unsigned char *)s + sta->dn ; bta->dn_len = sta->dnlen ; bta->flags = sta->flags ; sbearssl_pkey_to(&sta->pkey, &bta->pkey, s) ; diff --git a/src/stls/stls_s6tlsc.c b/src/stls/stls_s6tlsc.c index 7fd4325..3f8e9cd 100644 --- a/src/stls/stls_s6tlsc.c +++ b/src/stls/stls_s6tlsc.c @@ -24,7 +24,7 @@ int stls_s6tlsc (char const *const *argv, char const *const *envp, tain_t const if (tls_init() < 0) strerr_diefu1sys(111, "tls_init") ; cfg = tls_config_new() ; - if (!cfg) strerr_diefu1sys(111, "tls_config_new") + if (!cfg) strerr_diefu1sys(111, "tls_config_new") ; x = env_get2(envp, "CADIR") ; if (x) @@ -63,7 +63,7 @@ int stls_s6tlsc (char const *const *argv, char const *const *envp, tain_t const diecfg(cfg, "tls_config_set_dheparams") ; if (tls_config_set_ecdhecurve(cfg, "auto") < 0) - diecfg("tls_config_set_ecdhecurve") ; + diecfg(cfg, "tls_config_set_ecdhecurve") ; tls_config_verify(cfg) ; tls_config_set_protocols(cfg, TLS_PROTOCOLS_DEFAULT) ; @@ -71,7 +71,7 @@ int stls_s6tlsc (char const *const *argv, char const *const *envp, tain_t const ctx = tls_client() ; if (!ctx) strerr_diefu1sys(111, "tls_client") ; - if (tls_configure(ctx, cfg) < 0) diectx(97, ctx, "tls_configure) ; + if (tls_configure(ctx, cfg) < 0) diectx(97, ctx, "tls_configure") ; tls_config_free(cfg) ; pid = child_spawn2(argv[0], argv, envp, fds) ; @@ -80,7 +80,7 @@ int stls_s6tlsc (char const *const *argv, char const *const *envp, tain_t const if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ; if (tls_accept_fds(ctx, &cctx, fds[2], fds[3]) < 0) - diectx(ctx, "tls_accept_fds") ; + diectx(97, ctx, "tls_accept_fds") ; tls_free(ctx) ; diff --git a/src/stls/stls_s6tlsd.c b/src/stls/stls_s6tlsd.c index f6d5e7c..dcee5f4 100644 --- a/src/stls/stls_s6tlsd.c +++ b/src/stls/stls_s6tlsd.c @@ -24,7 +24,7 @@ int stls_s6tlsd (char const *const *argv, char const *const *envp, tain_t const if (tls_init() < 0) strerr_diefu1sys(111, "tls_init") ; cfg = tls_config_new() ; - if (!cfg) strerr_diefu1sys(111, "tls_config_new") + if (!cfg) strerr_diefu1sys(111, "tls_config_new") ; x = env_get2(envp, "CAFILE") ; if (x) @@ -57,7 +57,7 @@ int stls_s6tlsd (char const *const *argv, char const *const *envp, tain_t const diecfg(cfg, "tls_config_set_dheparams") ; if (tls_config_set_ecdhecurve(cfg, "auto") < 0) - diecfg("tls_config_set_ecdhecurve") ; + diecfg(cfg, "tls_config_set_ecdhecurve") ; if (preoptions & 1) tls_config_verify_client(cfg) ; else tls_config_verify_client_optional(cfg) ; @@ -76,7 +76,7 @@ int stls_s6tlsd (char const *const *argv, char const *const *envp, tain_t const if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ; if (tls_accept_fds(ctx, &cctx, fds[2], fds[3]) < 0) - diectx(ctx, "tls_accept_fds") ; + diectx(97, ctx, "tls_accept_fds") ; tls_free(ctx) ; |