summaryrefslogtreecommitdiff
path: root/src/sbearssl
diff options
context:
space:
mode:
Diffstat (limited to 'src/sbearssl')
-rw-r--r--src/sbearssl/sbearssl-internal.h1
-rw-r--r--src/sbearssl/sbearssl_append.c2
-rw-r--r--src/sbearssl/sbearssl_cert_from.c2
-rw-r--r--src/sbearssl/sbearssl_cert_readfile.c11
-rw-r--r--src/sbearssl/sbearssl_cert_to.c4
-rw-r--r--src/sbearssl/sbearssl_ec_pkey_from.c2
-rw-r--r--src/sbearssl/sbearssl_ec_pkey_to.c4
-rw-r--r--src/sbearssl/sbearssl_ec_skey_from.c2
-rw-r--r--src/sbearssl/sbearssl_ec_skey_to.c4
-rw-r--r--src/sbearssl/sbearssl_error_str.c2
-rw-r--r--src/sbearssl/sbearssl_pem_push.c4
-rw-r--r--src/sbearssl/sbearssl_pkey_from.c6
-rw-r--r--src/sbearssl/sbearssl_pkey_to.c2
-rw-r--r--src/sbearssl/sbearssl_rsa_pkey_from.c6
-rw-r--r--src/sbearssl/sbearssl_rsa_pkey_to.c6
-rw-r--r--src/sbearssl/sbearssl_rsa_skey_from.c12
-rw-r--r--src/sbearssl/sbearssl_rsa_skey_to.c12
-rw-r--r--src/sbearssl/sbearssl_run.c28
-rw-r--r--src/sbearssl/sbearssl_s6tlsc.c43
-rw-r--r--src/sbearssl/sbearssl_s6tlsd.c8
-rw-r--r--src/sbearssl/sbearssl_skey_from.c4
-rw-r--r--src/sbearssl/sbearssl_skey_readfile.c12
-rw-r--r--src/sbearssl/sbearssl_skey_to.c6
-rw-r--r--src/sbearssl/sbearssl_ta_cert.c10
-rw-r--r--src/sbearssl/sbearssl_ta_from.c4
-rw-r--r--src/sbearssl/sbearssl_ta_readdir.c1
-rw-r--r--src/sbearssl/sbearssl_ta_readfile_internal.c2
-rw-r--r--src/sbearssl/sbearssl_ta_to.c4
28 files changed, 106 insertions, 98 deletions
diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h
index bffcb16..d2757b1 100644
--- a/src/sbearssl/sbearssl-internal.h
+++ b/src/sbearssl/sbearssl-internal.h
@@ -7,6 +7,7 @@
#include <bearssl.h>
#include <skalibs/stralloc.h>
#include <skalibs/genalloc.h>
+#include <s6-networking/sbearssl.h>
typedef struct sbearssl_strallocerr_s sbearssl_strallocerr, *sbearssl_strallocerr_ref ;
struct sbearssl_strallocerr_s
diff --git a/src/sbearssl/sbearssl_append.c b/src/sbearssl/sbearssl_append.c
index d0a6d64..ae4aac0 100644
--- a/src/sbearssl/sbearssl_append.c
+++ b/src/sbearssl/sbearssl_append.c
@@ -3,7 +3,7 @@
#include <sys/types.h>
#include <errno.h>
#include <skalibs/stralloc.h>
-#include "sbearssl-internal.h>
+#include "sbearssl-internal.h"
void sbearssl_append (void *stuff, void const *src, size_t len)
{
diff --git a/src/sbearssl/sbearssl_cert_from.c b/src/sbearssl/sbearssl_cert_from.c
index b57dca6..3822e05 100644
--- a/src/sbearssl/sbearssl_cert_from.c
+++ b/src/sbearssl/sbearssl_cert_from.c
@@ -6,7 +6,7 @@
int sbearssl_cert_from (sbearssl_cert *sc, br_x509_certificate const *bc, stralloc *sa)
{
- if (!stralloc_catb(sa, bc->data, bc->data_len)) return 0 ;
+ if (!stralloc_catb(sa, (char const *)bc->data, bc->data_len)) return 0 ;
sc->data = sa->len - bc->data_len ;
sc->datalen = bc->data_len ;
return 1 ;
diff --git a/src/sbearssl/sbearssl_cert_readfile.c b/src/sbearssl/sbearssl_cert_readfile.c
index 6090624..6cc78c1 100644
--- a/src/sbearssl/sbearssl_cert_readfile.c
+++ b/src/sbearssl/sbearssl_cert_readfile.c
@@ -10,7 +10,7 @@
#include <skalibs/djbunix.h>
#include <s6-networking/sbearssl.h>
-int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ;
+int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa)
{
char buf[BUFFER_INSIZE] ;
int fd = open_readb(fn) ;
@@ -18,12 +18,14 @@ int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ;
genalloc pems = GENALLOC_ZERO ;
sbearssl_pemobject *p ;
size_t certsbase = genalloc_len(sbearssl_cert, certs) ;
+ size_t sabase = sa->len ;
size_t n ;
size_t i = 0 ;
int certswasnull = !genalloc_s(sbearssl_cert, certs) ;
+ int sawasnull = !sa->s ;
int r ;
if (fd < 0) return -1 ;
- r = sbearssl_pem_decode_from_buffer(buf, n, &pems, sa) ;
+ r = sbearssl_pem_decode_from_buffer(&b, &pems, sa) ;
if (r) { fd_close(fd) ; return r ; }
fd_close(fd) ;
p = genalloc_s(sbearssl_pemobject, &pems) ;
@@ -46,7 +48,8 @@ int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ;
fail:
if (certswasnull) genalloc_free(sbearssl_cert, certs) ;
else genalloc_setlen(sbearssl_cert, certs, certsbase) ;
- stralloc_free(&sa) ;
- genalloc_free(sbearssl_pemobject, pems) ;
+ if (sawasnull) stralloc_free(sa) ;
+ else sa->len = sabase ;
+ genalloc_free(sbearssl_pemobject, &pems) ;
return r ;
}
diff --git a/src/sbearssl/sbearssl_cert_to.c b/src/sbearssl/sbearssl_cert_to.c
index ee0eeeb..1ab2d00 100644
--- a/src/sbearssl/sbearssl_cert_to.c
+++ b/src/sbearssl/sbearssl_cert_to.c
@@ -3,8 +3,8 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-void sbearssl_cert_to (sbearssl_cert const *sc, br_x509_certificate *bc, char const *s)
+void sbearssl_cert_to (sbearssl_cert const *sc, br_x509_certificate *bc, char *s)
{
- bc->data = s + sc->data ;
+ bc->data = (unsigned char *)s + sc->data ;
bc->data_len = sc->datalen ;
}
diff --git a/src/sbearssl/sbearssl_ec_pkey_from.c b/src/sbearssl/sbearssl_ec_pkey_from.c
index 55c5651..fb97bfb 100644
--- a/src/sbearssl/sbearssl_ec_pkey_from.c
+++ b/src/sbearssl/sbearssl_ec_pkey_from.c
@@ -6,7 +6,7 @@
int sbearssl_ec_pkey_from (sbearssl_ec_pkey *l, br_ec_public_key const *k, stralloc *sa)
{
- if (!stralloc_catb(sa, k->q, k->qlen)) return 0 ;
+ if (!stralloc_catb(sa, (char const *)k->q, k->qlen)) return 0 ;
l->curve = k->curve ;
l->q = sa->len - k->qlen ;
l->qlen = k->qlen ;
diff --git a/src/sbearssl/sbearssl_ec_pkey_to.c b/src/sbearssl/sbearssl_ec_pkey_to.c
index 4cc1e65..df3d799 100644
--- a/src/sbearssl/sbearssl_ec_pkey_to.c
+++ b/src/sbearssl/sbearssl_ec_pkey_to.c
@@ -3,9 +3,9 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *l, br_ec_public_key *k, char const *s)
+void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *l, br_ec_public_key *k, char *s)
{
k->curve = l->curve ;
- k->q = s + l->q ;
+ k->q = (unsigned char *)s + l->q ;
k->qlen = l->qlen ;
}
diff --git a/src/sbearssl/sbearssl_ec_skey_from.c b/src/sbearssl/sbearssl_ec_skey_from.c
index 79c326f..b579f7d 100644
--- a/src/sbearssl/sbearssl_ec_skey_from.c
+++ b/src/sbearssl/sbearssl_ec_skey_from.c
@@ -6,7 +6,7 @@
int sbearssl_ec_skey_from (sbearssl_ec_skey *l, br_ec_private_key const *k, stralloc *sa)
{
- if (!stralloc_catb(sa, k->x, k->xlen)) return 0 ;
+ if (!stralloc_catb(sa, (char const *)k->x, k->xlen)) return 0 ;
l->curve = k->curve ;
l->x = sa->len - k->xlen ;
l->xlen = k->xlen ;
diff --git a/src/sbearssl/sbearssl_ec_skey_to.c b/src/sbearssl/sbearssl_ec_skey_to.c
index 54b059c..7cba7ba 100644
--- a/src/sbearssl/sbearssl_ec_skey_to.c
+++ b/src/sbearssl/sbearssl_ec_skey_to.c
@@ -3,9 +3,9 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-void sbearssl_ec_skey_to (sbearssl_ec_skey const *l, br_ec_private_key *k, char const *s)
+void sbearssl_ec_skey_to (sbearssl_ec_skey const *l, br_ec_private_key *k, char *s)
{
k->curve = l->curve ;
- k->x = s + l->x ;
+ k->x = (unsigned char *)s + l->x ;
k->xlen = l->xlen ;
}
diff --git a/src/sbearssl/sbearssl_error_str.c b/src/sbearssl/sbearssl_error_str.c
index 7e1e22c..7d2fd21 100644
--- a/src/sbearssl/sbearssl_error_str.c
+++ b/src/sbearssl/sbearssl_error_str.c
@@ -265,7 +265,7 @@ static struct error_s errors[] =
BR_ERR_X509_BAD_BOOLEAN,
"Decoding error: BOOLEAN value has invalid length."
" (BR_ERR_X509_BAD_BOOLEAN)"
- }
+ },
{
BR_ERR_X509_OVERFLOW,
"Decoding error: value is off-limits."
diff --git a/src/sbearssl/sbearssl_pem_push.c b/src/sbearssl/sbearssl_pem_push.c
index b4903de..cd9eba5 100644
--- a/src/sbearssl/sbearssl_pem_push.c
+++ b/src/sbearssl/sbearssl_pem_push.c
@@ -16,11 +16,11 @@ int sbearssl_pem_push (br_pem_decoder_context *ctx, char const *s, size_t len, s
s += tlen ; len -= tlen ;
switch (br_pem_decoder_event(ctx))
{
- case BR_PEM_BEGIN_OBJ ;
+ case BR_PEM_BEGIN_OBJ :
po->name = blah->sa->len ;
if (!stralloc_cats(blah->sa, br_pem_decoder_name(ctx)) || !stralloc_0(blah->sa)) return -1 ;
po->data = blah->sa->len ;
- br_pem_decoder_setdest(&ctx, &sbearssl_append, blah) ;
+ br_pem_decoder_setdest(ctx, &sbearssl_append, blah) ;
*inobj = 1 ;
break ;
case BR_PEM_END_OBJ :
diff --git a/src/sbearssl/sbearssl_pkey_from.c b/src/sbearssl/sbearssl_pkey_from.c
index e9745e8..a1d1076 100644
--- a/src/sbearssl/sbearssl_pkey_from.c
+++ b/src/sbearssl/sbearssl_pkey_from.c
@@ -5,15 +5,15 @@
#include <skalibs/stralloc.h>
#include <s6-networking/sbearssl.h>
-int sbearssl_pkey_from (sbearssl_pkey *l, br_x509_key const *k, stralloc *sa)
+int sbearssl_pkey_from (sbearssl_pkey *l, br_x509_pkey const *k, stralloc *sa)
{
switch (k->key_type)
{
case BR_KEYTYPE_RSA :
- if (!sbearssl_rsa_pkey_from(&l->data.rsa, &k->key.rsa, sa) return 0 ;
+ if (!sbearssl_rsa_pkey_from(&l->data.rsa, &k->key.rsa, sa)) return 0 ;
break ;
case BR_KEYTYPE_EC :
- if (!sbearssl_ec_pkey_from(&l->data.ec, &k->key.ec, sa) return 0 ;
+ if (!sbearssl_ec_pkey_from(&l->data.ec, &k->key.ec, sa)) return 0 ;
break ;
default :
return (errno = EINVAL, 0) ;
diff --git a/src/sbearssl/sbearssl_pkey_to.c b/src/sbearssl/sbearssl_pkey_to.c
index 491901b..54570aa 100644
--- a/src/sbearssl/sbearssl_pkey_to.c
+++ b/src/sbearssl/sbearssl_pkey_to.c
@@ -4,7 +4,7 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-int sbearssl_pkey_to (sbearssl_pkey const *l, br_x509_pkey *k, char const *s)
+int sbearssl_pkey_to (sbearssl_pkey const *l, br_x509_pkey *k, char *s)
{
switch (l->type)
{
diff --git a/src/sbearssl/sbearssl_rsa_pkey_from.c b/src/sbearssl/sbearssl_rsa_pkey_from.c
index a991f0c..3032bb3 100644
--- a/src/sbearssl/sbearssl_rsa_pkey_from.c
+++ b/src/sbearssl/sbearssl_rsa_pkey_from.c
@@ -6,12 +6,12 @@
int sbearssl_rsa_pkey_from (sbearssl_rsa_pkey *l, br_rsa_public_key const *k, stralloc *sa)
{
- if (!stralloc_readyplus(k->nlen + k->elen)) return 0 ;
+ if (!stralloc_readyplus(sa, k->nlen + k->elen)) return 0 ;
l->n = sa->len ;
- stralloc_catb(sa, k->n, k->nlen) ;
+ stralloc_catb(sa, (char const *)k->n, k->nlen) ;
l->nlen = k->nlen ;
l->e = sa->len ;
- stralloc_catb(sa, k->e, k->elen) ;
+ stralloc_catb(sa, (char const *)k->e, k->elen) ;
l->elen = k->elen ;
return 1 ;
}
diff --git a/src/sbearssl/sbearssl_rsa_pkey_to.c b/src/sbearssl/sbearssl_rsa_pkey_to.c
index 13d567e..2f80997 100644
--- a/src/sbearssl/sbearssl_rsa_pkey_to.c
+++ b/src/sbearssl/sbearssl_rsa_pkey_to.c
@@ -3,10 +3,10 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-void sbearssl_rsa_pkey_ro (sbearssl_rsa_pkey const *l, br_rsa_public_key *k, char const *s)
+void sbearssl_rsa_pkey_to (sbearssl_rsa_pkey const *l, br_rsa_public_key *k, char *s)
{
- k->n = s + l->n ;
+ k->n = (unsigned char *)s + l->n ;
k->nlen = l->nlen ;
- k->e = s + l->e ;
+ k->e = (unsigned char *)s + l->e ;
k->elen = l->elen ;
}
diff --git a/src/sbearssl/sbearssl_rsa_skey_from.c b/src/sbearssl/sbearssl_rsa_skey_from.c
index 3e6a04b..c9f1c0c 100644
--- a/src/sbearssl/sbearssl_rsa_skey_from.c
+++ b/src/sbearssl/sbearssl_rsa_skey_from.c
@@ -7,22 +7,22 @@
int sbearssl_rsa_skey_from (sbearssl_rsa_skey *l, br_rsa_private_key const *k, stralloc *sa)
{
- if (!stralloc_readyplus(k->plen + k->qlen + k->dplen + k->dqlen + k->iqlen)) return 0 ;
+ if (!stralloc_readyplus(sa, k->plen + k->qlen + k->dplen + k->dqlen + k->iqlen)) return 0 ;
l->n_bitlen = k->n_bitlen ;
l->p = sa->len ;
- stralloc_catb(sa, k->p, k->plen) ;
+ stralloc_catb(sa, (char const *)k->p, k->plen) ;
l->plen = k->plen ;
l->q = sa->len ;
- stralloc_catb(sa, k->q, k->qlen) ;
+ stralloc_catb(sa, (char const *)k->q, k->qlen) ;
l->qlen = k->qlen ;
l->dp = sa->len ;
- stralloc_catb(sa, k->dp, k->dplen) ;
+ stralloc_catb(sa, (char const *)k->dp, k->dplen) ;
l->dplen = k->dplen ;
l->dq = sa->len ;
- stralloc_catb(sa, k->dq, k->dqlen) ;
+ stralloc_catb(sa, (char const *)k->dq, k->dqlen) ;
l->dqlen = k->dqlen ;
l->iq = sa->len ;
- stralloc_catb(sa, k->iq, k->iqlen) ;
+ stralloc_catb(sa, (char const *)k->iq, k->iqlen) ;
l->iqlen = k->iqlen ;
return 1 ;
}
diff --git a/src/sbearssl/sbearssl_rsa_skey_to.c b/src/sbearssl/sbearssl_rsa_skey_to.c
index 3c4139b..93c90b0 100644
--- a/src/sbearssl/sbearssl_rsa_skey_to.c
+++ b/src/sbearssl/sbearssl_rsa_skey_to.c
@@ -3,17 +3,17 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-void sbearssl_rsa_skey (sbearssl_rsa_skey const *l, br_rsa_private_key *k, char const *s)
+void sbearssl_rsa_skey_to (sbearssl_rsa_skey const *l, br_rsa_private_key *k, char *s)
{
k->n_bitlen = l->n_bitlen ;
- k->p = s + l->p ;
+ k->p = (unsigned char *)s + l->p ;
k->plen = l->plen ;
- k->q = s + l->q ;
+ k->q = (unsigned char *)s + l->q ;
k->qlen = l->qlen ;
- k->dp = s + l->dp ;
+ k->dp = (unsigned char *)s + l->dp ;
k->dplen = l->dplen ;
- k->dq = s + l->dq ;
+ k->dq = (unsigned char *)s + l->dq ;
k->dqlen = l->dqlen ;
- k->iq = s + l->iq ;
+ k->iq = (unsigned char *)s + l->iq ;
k->iqlen = l->iqlen ;
}
diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c
index af221b5..3ea4a95 100644
--- a/src/sbearssl/sbearssl_run.c
+++ b/src/sbearssl/sbearssl_run.c
@@ -31,30 +31,30 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity,
unsigned int state = br_ssl_engine_current_state(ctx) ;
int r ;
- tain_add_g(&deadline, isopen[0] && isopen[1] && state & (BR_SSL_SENDAPP | BR_SSL_REVREC) ? tto : &tain_infinite_relative) ;
+ tain_add_g(&deadline, fds[0] >= 0 && fds[2] >= 0 && state & (BR_SSL_SENDAPP | BR_SSL_RECVREC) ? tto : &tain_infinite_relative) ;
- if (fds[0] >= 0 && st & BR_SSL_SENDAPP)
+ if (fds[0] >= 0 && state & BR_SSL_SENDAPP)
{
x[j].fd = fds[0] ;
x[j].events = IOPAUSE_READ ;
xindex[0] = j++ ;
}
else xindex[0] = 4 ;
- if (fds[1] >= 0 && st & BR_SSL_RECVAPP)
+ if (fds[1] >= 0 && state & BR_SSL_RECVAPP)
{
x[j].fd = fds[1] ;
x[j].events = IOPAUSE_WRITE ;
xindex[1] = j++ ;
}
else xindex[1] = 4 ;
- if (fds[2] >= 0 && st & BR_SSL_RECVREC)
+ if (fds[2] >= 0 && state & BR_SSL_RECVREC)
{
x[j].fd = fds[2] ;
x[j].events = IOPAUSE_READ ;
xindex[2] = j++ ;
}
else xindex[2] = 4 ;
- if (fds[3] >= 0 && st & BR_SSL_SENDREC)
+ if (fds[3] >= 0 && state & BR_SSL_SENDREC)
{
x[j].fd = fds[3] ;
x[j].events = IOPAUSE_WRITE ;
@@ -68,7 +68,7 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity,
else if (!r)
{
fd_close(fds[0]) ; fds[0] = -1 ;
- br_ssl_engine_close(&ctx) ;
+ br_ssl_engine_close(ctx) ;
continue ;
}
@@ -82,8 +82,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity,
if (state & BR_SSL_RECVAPP && x[xindex[1]].revents & IOPAUSE_WRITE)
{
size_t len ;
- char const *s = br_ssl_engine_recvapp_buf(ctx, &len) ;
- size_t w = allwrite(fds[1], s, len) ;
+ unsigned char const *s = br_ssl_engine_recvapp_buf(ctx, &len) ;
+ size_t w = allwrite(fds[1], (char const *)s, len) ;
if (!w)
{
if (!error_isagain(errno))
@@ -106,8 +106,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity,
if (state & BR_SSL_SENDREC && x[xindex[3]].revents & IOPAUSE_WRITE)
{
size_t len ;
- char const *s = br_ssl_engine_sendrec_buf(ctx, &len) ;
- size_t w = allwrite(fds[3], s, len) ;
+ unsigned char const *s = br_ssl_engine_sendrec_buf(ctx, &len) ;
+ size_t w = allwrite(fds[3], (char const *)s, len) ;
if (!w)
{
if (!error_isagain(errno))
@@ -131,8 +131,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity,
if (state & BR_SSL_SENDAPP & x[xindex[0]].revents & IOPAUSE_READ)
{
size_t len ;
- char *s = br_ssl_engine_sendapp_buf(ctx, &len) ;
- size_t w = allread(fds[0], s, len) ;
+ unsigned char *s = br_ssl_engine_sendapp_buf(ctx, &len) ;
+ size_t w = allread(fds[0], (char *)s, len) ;
if (!w)
{
if (!error_isagain(errno))
@@ -160,8 +160,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity,
if (state & BR_SSL_RECVREC & x[xindex[2]].revents & IOPAUSE_READ)
{
size_t len ;
- char *s = br_ssl_engine_recvrec_buf(ctx, &len) ;
- size_t w = allread(fds[2], s, len) ;
+ unsigned char *s = br_ssl_engine_recvrec_buf(ctx, &len) ;
+ size_t w = allread(fds[2], (char *)s, len) ;
if (!w)
{
if (!error_isagain(errno))
diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c
index a8a6582..8bc8f65 100644
--- a/src/sbearssl/sbearssl_s6tlsc.c
+++ b/src/sbearssl/sbearssl_s6tlsc.c
@@ -13,35 +13,37 @@
#include <skalibs/random.h>
#include <s6-networking/sbearssl.h>
-int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, int *sfd)
+int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd)
{
int fds[4] = { sfd[0], sfd[1], sfd[0], sfd[1] } ;
stralloc storage = STRALLOC_ZERO ;
genalloc tas = GENALLOC_ZERO ;
- size_t chainlen ;
- int r ;
+ size_t talen ;
if (preoptions & 1)
strerr_dief1x(100, "client certificates are not supported by BearSSL yet") ;
- x = env_get2(envp, "CADIR") ;
- if (x)
- r = sbearssl_ta_readdir(x, &tas, &storage) ;
- else
{
- x = env_get2(envp, "CAFILE") ;
- if (!x) strerr_dienotset(100, "CADIR or CAFILE") ;
- r = sbearssl_ta_readfile(x, &tas, &storage) ;
- }
+ int r ;
+ char const *x = env_get2(envp, "CADIR") ;
+ if (x)
+ r = sbearssl_ta_readdir(x, &tas, &storage) ;
+ else
+ {
+ x = env_get2(envp, "CAFILE") ;
+ if (!x) strerr_dienotset(100, "CADIR or CAFILE") ;
+ r = sbearssl_ta_readfile(x, &tas, &storage) ;
+ }
- if (r < 0)
- strerr_diefu2sys(111, "read trust anchors in ", x) ;
- else if (r)
- strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ;
+ if (r < 0)
+ strerr_diefu2sys(111, "read trust anchors in ", x) ;
+ else if (r)
+ strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ;
- talen = genalloc_len(sbearssl_ta, &tas) ;
- if (!talen)
- strerr_dief2x(96, "no trust anchor found in ", x) ;
+ talen = genalloc_len(sbearssl_ta, &tas) ;
+ if (!talen)
+ strerr_dief2x(96, "no trust anchor found in ", x) ;
+ }
{
unsigned char buf[BR_SSL_BUFSIZE_BIDI] ;
@@ -59,7 +61,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
if (!random_init())
strerr_diefu1sys(111, "initialize random generator") ;
- random_string(buf, 32) ;
+ random_string((char *)buf, 32) ;
br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ;
random_finish() ;
@@ -68,7 +70,8 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co
if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
br_ssl_engine_set_buffer(&cc.eng, buf, sizeof(buf), 1) ;
- br_ssl_client_reset(&cc) ;
+ if (!br_ssl_client_reset(&cc, servername, 0))
+ strerr_diefu2x(97, "reset client context: ", sbearssl_error_str(br_ssl_engine_last_error(&cc.eng))) ;
{
int wstat ;
diff --git a/src/sbearssl/sbearssl_s6tlsd.c b/src/sbearssl/sbearssl_s6tlsd.c
index 1bc1114..1198349 100644
--- a/src/sbearssl/sbearssl_s6tlsd.c
+++ b/src/sbearssl/sbearssl_s6tlsd.c
@@ -62,12 +62,12 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co
switch (skey.type)
{
case BR_KEYTYPE_RSA :
- sbearssl_rsa_skey_to(&skey.rsa, &key.rsa, storage.s) ;
+ sbearssl_rsa_skey_to(&skey.data.rsa, &key.rsa, storage.s) ;
br_ssl_server_init_full_rsa(&sc, chain, chainlen, &key.rsa) ;
break ;
case BR_KEYTYPE_EC :
- sbearssl_ec_skey_to(&skey.ec, &key.ec, storage.s) ;
- br_ssl_server_init_full_ec(&sc, chain, chainlen, &key.ec) ;
+ sbearssl_ec_skey_to(&skey.data.ec, &key.ec, storage.s) ;
+ br_ssl_server_init_full_ec(&sc, chain, chainlen, BR_KEYTYPE_EC, &key.ec) ;
break ;
default :
strerr_dief1x(96, "unsupported private key type") ;
@@ -75,7 +75,7 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co
if (!random_init())
strerr_diefu1sys(111, "initialize random generator") ;
- random_string(buf, 32) ;
+ random_string((char *)buf, 32) ;
br_ssl_engine_inject_entropy(&sc.eng, buf, 32) ;
random_finish() ;
diff --git a/src/sbearssl/sbearssl_skey_from.c b/src/sbearssl/sbearssl_skey_from.c
index 26b2788..b1bc938 100644
--- a/src/sbearssl/sbearssl_skey_from.c
+++ b/src/sbearssl/sbearssl_skey_from.c
@@ -10,10 +10,10 @@ int sbearssl_skey_from (sbearssl_skey *l, br_skey const *k, stralloc *sa)
switch (k->type)
{
case BR_KEYTYPE_RSA :
- if (!sbearssl_rsa_skey_from(&l->data.rsa, &k->data.rsa, sa) return 0 ;
+ if (!sbearssl_rsa_skey_from(&l->data.rsa, &k->data.rsa, sa)) return 0 ;
break ;
case BR_KEYTYPE_EC :
- if (!sbearssl_ec_pkey_from(&l->data.ec, &k->data.ec, sa) return 0 ;
+ if (!sbearssl_ec_skey_from(&l->data.ec, &k->data.ec, sa)) return 0 ;
break ;
default :
return (errno = EINVAL, 0) ;
diff --git a/src/sbearssl/sbearssl_skey_readfile.c b/src/sbearssl/sbearssl_skey_readfile.c
index 64ac28d..d5cf2b5 100644
--- a/src/sbearssl/sbearssl_skey_readfile.c
+++ b/src/sbearssl/sbearssl_skey_readfile.c
@@ -22,17 +22,17 @@ static int decode_key (sbearssl_skey *key, char const *s, size_t len, stralloc *
{
case 0 : return br_skey_decoder_last_error(&ctx) ;
case BR_KEYTYPE_RSA :
- if (!sbearssl_rsa_skey_from(&key->data.rsa, ctx.key.rsa, sa) return -1 ;
+ if (!sbearssl_rsa_skey_from(&key->data.rsa, &ctx.key.rsa, sa)) return -1 ;
break ;
case BR_KEYTYPE_EC :
- if (!sbearssl_ec_skey_from(&key->data.ec, ctx.key.ec, sa) return -1 ;
+ if (!sbearssl_ec_skey_from(&key->data.ec, &ctx.key.ec, sa)) return -1 ;
break ;
}
key->type = ktype ;
return 0 ;
}
-int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ;
+int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa)
{
char buf[MAXKEYFILESIZE] ;
stralloc tmp = STRALLOC_ZERO ;
@@ -40,10 +40,10 @@ int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ;
sbearssl_pemobject *p ;
size_t n ;
size_t i = 0 ;
- int r = openreadnclose(fn, buf, MAKKEYFILESIZE) ;
+ int r = openreadnclose(fn, buf, MAXKEYFILESIZE) ;
if (r < 0) return r ;
n = r ;
- if (sbearssl_isder(buf, n)) return decode_key(key, buf, n) ;
+ if (sbearssl_isder((unsigned char *)buf, n)) return decode_key(key, buf, n, sa) ;
r = sbearssl_pem_decode_from_string(buf, n, &list, &tmp) ;
if (r) return r ;
p = genalloc_s(sbearssl_pemobject, &list) ;
@@ -66,6 +66,6 @@ int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ;
r = -1 ; errno = EINVAL ;
fail:
stralloc_free(&tmp) ;
- genalloc_free(sbearssl_pemobject, list) ;
+ genalloc_free(sbearssl_pemobject, &list) ;
return r ;
}
diff --git a/src/sbearssl/sbearssl_skey_to.c b/src/sbearssl/sbearssl_skey_to.c
index 9886606..b588578 100644
--- a/src/sbearssl/sbearssl_skey_to.c
+++ b/src/sbearssl/sbearssl_skey_to.c
@@ -4,15 +4,15 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-int sbearssl_skey_to (sbearssl_skey const *l, br_skey *k, char const *s)
+int sbearssl_skey_to (sbearssl_skey const *l, br_skey *k, char *s)
{
switch (l->type)
{
case BR_KEYTYPE_RSA :
- sbearssl_rsa_pkey_to(&l->data.rsa, &k->data.rsa, s) ;
+ sbearssl_rsa_skey_to(&l->data.rsa, &k->data.rsa, s) ;
break ;
case BR_KEYTYPE_EC :
- sbearssl_ec_pkey_to(&l->data.ec, &k->data.ec, s) ;
+ sbearssl_ec_skey_to(&l->data.ec, &k->data.ec, s) ;
break ;
default :
return (errno = EINVAL, 0) ;
diff --git a/src/sbearssl/sbearssl_ta_cert.c b/src/sbearssl/sbearssl_ta_cert.c
index d8f26e5..82019ef 100644
--- a/src/sbearssl/sbearssl_ta_cert.c
+++ b/src/sbearssl/sbearssl_ta_cert.c
@@ -5,6 +5,7 @@
#include <bearssl.h>
#include <skalibs/stralloc.h>
#include <s6-networking/sbearssl.h>
+#include "sbearssl-internal.h"
int sbearssl_ta_cert (sbearssl_ta *ta, sbearssl_cert const *cert, char const *certstorage, stralloc *tastorage)
{
@@ -13,15 +14,14 @@ int sbearssl_ta_cert (sbearssl_ta *ta, sbearssl_cert const *cert, char const *ce
struct sbearssl_strallocerr_s blah = { .sa = tastorage } ;
size_t tastoragebase = tastorage->len ;
int tastoragewasnull = !tastorage->s ;
- br_x509_pkey bpk ;
- int r ;
+ br_x509_pkey *bpk ;
+ int r = -1 ;
br_x509_decoder_init(&ctx, &sbearssl_append, &blah) ;
br_x509_decoder_push(&ctx, certstorage + cert->data, cert->datalen) ;
- if (blah->err)
+ if (blah.err)
{
- r = -1 ;
- errno = blah->err ;
+ errno = blah.err ;
goto fail ;
}
bpk = br_x509_decoder_get_pkey(&ctx) ;
diff --git a/src/sbearssl/sbearssl_ta_from.c b/src/sbearssl/sbearssl_ta_from.c
index d044c27..001b958 100644
--- a/src/sbearssl/sbearssl_ta_from.c
+++ b/src/sbearssl/sbearssl_ta_from.c
@@ -9,8 +9,8 @@ int sbearssl_ta_from (sbearssl_ta *l, br_x509_trust_anchor const *k, stralloc *s
{
size_t sabase = sa->len ;
int sawasnull = !sa->s ;
- sbearssl_ta ta = { .dn = sa->len, .dnlen = k->dn_len, .flags = k.flags } ;
- if (!stralloc_catb(sa, k->dn, k->dn_len)) return 0 ;
+ sbearssl_ta ta = { .dn = sa->len, .dnlen = k->dn_len, .flags = k->flags } ;
+ if (!stralloc_catb(sa, (char const *)k->dn, k->dn_len)) return 0 ;
if (!sbearssl_pkey_from(&ta.pkey, &k->pkey, sa)) goto fail ;
*l = ta ;
return 1 ;
diff --git a/src/sbearssl/sbearssl_ta_readdir.c b/src/sbearssl/sbearssl_ta_readdir.c
index 9821dd2..3d01dc8 100644
--- a/src/sbearssl/sbearssl_ta_readdir.c
+++ b/src/sbearssl/sbearssl_ta_readdir.c
@@ -8,6 +8,7 @@
#include <skalibs/direntry.h>
#include <skalibs/djbunix.h>
#include <s6-networking/sbearssl.h>
+#include "sbearssl-internal.h"
int sbearssl_ta_readdir (char const *dirfn, genalloc *taga, stralloc *tasa)
{
diff --git a/src/sbearssl/sbearssl_ta_readfile_internal.c b/src/sbearssl/sbearssl_ta_readfile_internal.c
index acbba9a..70a0453 100644
--- a/src/sbearssl/sbearssl_ta_readfile_internal.c
+++ b/src/sbearssl/sbearssl_ta_readfile_internal.c
@@ -16,7 +16,7 @@ int sbearssl_ta_readfile_internal (char const *file, genalloc *taga, stralloc *t
size_t tagabase = genalloc_len(sbearssl_ta, taga) ;
int tasawasnull = !tasa->s ;
int tagawasnull = !genalloc_s(sbearssl_ta, taga) ;
- int r = sbearssl_cert_read(file, certga, certsa) ;
+ int r = sbearssl_cert_readfile(file, certga, certsa) ;
sbearssl_cert *p = genalloc_s(sbearssl_cert, certga) ;
size_t n = genalloc_len(sbearssl_cert, certga) ;
if (r) return r ;
diff --git a/src/sbearssl/sbearssl_ta_to.c b/src/sbearssl/sbearssl_ta_to.c
index 4714b47..8c37119 100644
--- a/src/sbearssl/sbearssl_ta_to.c
+++ b/src/sbearssl/sbearssl_ta_to.c
@@ -3,9 +3,9 @@
#include <bearssl.h>
#include <s6-networking/sbearssl.h>
-void sbearssl_ta_to (sbearssl_ta const *sta, br_x509_trust_anchor *bta, char const *s)
+void sbearssl_ta_to (sbearssl_ta const *sta, br_x509_trust_anchor *bta, char *s)
{
- bta->dn = s + sta->dn ;
+ bta->dn = (unsigned char *)s + sta->dn ;
bta->dn_len = sta->dnlen ;
bta->flags = sta->flags ;
sbearssl_pkey_to(&sta->pkey, &bta->pkey, s) ;