diff options
Diffstat (limited to 'src/sbearssl')
28 files changed, 106 insertions, 98 deletions
diff --git a/src/sbearssl/sbearssl-internal.h b/src/sbearssl/sbearssl-internal.h index bffcb16..d2757b1 100644 --- a/src/sbearssl/sbearssl-internal.h +++ b/src/sbearssl/sbearssl-internal.h @@ -7,6 +7,7 @@ #include <bearssl.h> #include <skalibs/stralloc.h> #include <skalibs/genalloc.h> +#include <s6-networking/sbearssl.h> typedef struct sbearssl_strallocerr_s sbearssl_strallocerr, *sbearssl_strallocerr_ref ; struct sbearssl_strallocerr_s diff --git a/src/sbearssl/sbearssl_append.c b/src/sbearssl/sbearssl_append.c index d0a6d64..ae4aac0 100644 --- a/src/sbearssl/sbearssl_append.c +++ b/src/sbearssl/sbearssl_append.c @@ -3,7 +3,7 @@ #include <sys/types.h> #include <errno.h> #include <skalibs/stralloc.h> -#include "sbearssl-internal.h> +#include "sbearssl-internal.h" void sbearssl_append (void *stuff, void const *src, size_t len) { diff --git a/src/sbearssl/sbearssl_cert_from.c b/src/sbearssl/sbearssl_cert_from.c index b57dca6..3822e05 100644 --- a/src/sbearssl/sbearssl_cert_from.c +++ b/src/sbearssl/sbearssl_cert_from.c @@ -6,7 +6,7 @@ int sbearssl_cert_from (sbearssl_cert *sc, br_x509_certificate const *bc, stralloc *sa) { - if (!stralloc_catb(sa, bc->data, bc->data_len)) return 0 ; + if (!stralloc_catb(sa, (char const *)bc->data, bc->data_len)) return 0 ; sc->data = sa->len - bc->data_len ; sc->datalen = bc->data_len ; return 1 ; diff --git a/src/sbearssl/sbearssl_cert_readfile.c b/src/sbearssl/sbearssl_cert_readfile.c index 6090624..6cc78c1 100644 --- a/src/sbearssl/sbearssl_cert_readfile.c +++ b/src/sbearssl/sbearssl_cert_readfile.c @@ -10,7 +10,7 @@ #include <skalibs/djbunix.h> #include <s6-networking/sbearssl.h> -int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ; +int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) { char buf[BUFFER_INSIZE] ; int fd = open_readb(fn) ; @@ -18,12 +18,14 @@ int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ; genalloc pems = GENALLOC_ZERO ; sbearssl_pemobject *p ; size_t certsbase = genalloc_len(sbearssl_cert, certs) ; + size_t sabase = sa->len ; size_t n ; size_t i = 0 ; int certswasnull = !genalloc_s(sbearssl_cert, certs) ; + int sawasnull = !sa->s ; int r ; if (fd < 0) return -1 ; - r = sbearssl_pem_decode_from_buffer(buf, n, &pems, sa) ; + r = sbearssl_pem_decode_from_buffer(&b, &pems, sa) ; if (r) { fd_close(fd) ; return r ; } fd_close(fd) ; p = genalloc_s(sbearssl_pemobject, &pems) ; @@ -46,7 +48,8 @@ int sbearssl_cert_readfile (char const *fn, genalloc *certs, stralloc *sa) ; fail: if (certswasnull) genalloc_free(sbearssl_cert, certs) ; else genalloc_setlen(sbearssl_cert, certs, certsbase) ; - stralloc_free(&sa) ; - genalloc_free(sbearssl_pemobject, pems) ; + if (sawasnull) stralloc_free(sa) ; + else sa->len = sabase ; + genalloc_free(sbearssl_pemobject, &pems) ; return r ; } diff --git a/src/sbearssl/sbearssl_cert_to.c b/src/sbearssl/sbearssl_cert_to.c index ee0eeeb..1ab2d00 100644 --- a/src/sbearssl/sbearssl_cert_to.c +++ b/src/sbearssl/sbearssl_cert_to.c @@ -3,8 +3,8 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_cert_to (sbearssl_cert const *sc, br_x509_certificate *bc, char const *s) +void sbearssl_cert_to (sbearssl_cert const *sc, br_x509_certificate *bc, char *s) { - bc->data = s + sc->data ; + bc->data = (unsigned char *)s + sc->data ; bc->data_len = sc->datalen ; } diff --git a/src/sbearssl/sbearssl_ec_pkey_from.c b/src/sbearssl/sbearssl_ec_pkey_from.c index 55c5651..fb97bfb 100644 --- a/src/sbearssl/sbearssl_ec_pkey_from.c +++ b/src/sbearssl/sbearssl_ec_pkey_from.c @@ -6,7 +6,7 @@ int sbearssl_ec_pkey_from (sbearssl_ec_pkey *l, br_ec_public_key const *k, stralloc *sa) { - if (!stralloc_catb(sa, k->q, k->qlen)) return 0 ; + if (!stralloc_catb(sa, (char const *)k->q, k->qlen)) return 0 ; l->curve = k->curve ; l->q = sa->len - k->qlen ; l->qlen = k->qlen ; diff --git a/src/sbearssl/sbearssl_ec_pkey_to.c b/src/sbearssl/sbearssl_ec_pkey_to.c index 4cc1e65..df3d799 100644 --- a/src/sbearssl/sbearssl_ec_pkey_to.c +++ b/src/sbearssl/sbearssl_ec_pkey_to.c @@ -3,9 +3,9 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *l, br_ec_public_key *k, char const *s) +void sbearssl_ec_pkey_to (sbearssl_ec_pkey const *l, br_ec_public_key *k, char *s) { k->curve = l->curve ; - k->q = s + l->q ; + k->q = (unsigned char *)s + l->q ; k->qlen = l->qlen ; } diff --git a/src/sbearssl/sbearssl_ec_skey_from.c b/src/sbearssl/sbearssl_ec_skey_from.c index 79c326f..b579f7d 100644 --- a/src/sbearssl/sbearssl_ec_skey_from.c +++ b/src/sbearssl/sbearssl_ec_skey_from.c @@ -6,7 +6,7 @@ int sbearssl_ec_skey_from (sbearssl_ec_skey *l, br_ec_private_key const *k, stralloc *sa) { - if (!stralloc_catb(sa, k->x, k->xlen)) return 0 ; + if (!stralloc_catb(sa, (char const *)k->x, k->xlen)) return 0 ; l->curve = k->curve ; l->x = sa->len - k->xlen ; l->xlen = k->xlen ; diff --git a/src/sbearssl/sbearssl_ec_skey_to.c b/src/sbearssl/sbearssl_ec_skey_to.c index 54b059c..7cba7ba 100644 --- a/src/sbearssl/sbearssl_ec_skey_to.c +++ b/src/sbearssl/sbearssl_ec_skey_to.c @@ -3,9 +3,9 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_ec_skey_to (sbearssl_ec_skey const *l, br_ec_private_key *k, char const *s) +void sbearssl_ec_skey_to (sbearssl_ec_skey const *l, br_ec_private_key *k, char *s) { k->curve = l->curve ; - k->x = s + l->x ; + k->x = (unsigned char *)s + l->x ; k->xlen = l->xlen ; } diff --git a/src/sbearssl/sbearssl_error_str.c b/src/sbearssl/sbearssl_error_str.c index 7e1e22c..7d2fd21 100644 --- a/src/sbearssl/sbearssl_error_str.c +++ b/src/sbearssl/sbearssl_error_str.c @@ -265,7 +265,7 @@ static struct error_s errors[] = BR_ERR_X509_BAD_BOOLEAN, "Decoding error: BOOLEAN value has invalid length." " (BR_ERR_X509_BAD_BOOLEAN)" - } + }, { BR_ERR_X509_OVERFLOW, "Decoding error: value is off-limits." diff --git a/src/sbearssl/sbearssl_pem_push.c b/src/sbearssl/sbearssl_pem_push.c index b4903de..cd9eba5 100644 --- a/src/sbearssl/sbearssl_pem_push.c +++ b/src/sbearssl/sbearssl_pem_push.c @@ -16,11 +16,11 @@ int sbearssl_pem_push (br_pem_decoder_context *ctx, char const *s, size_t len, s s += tlen ; len -= tlen ; switch (br_pem_decoder_event(ctx)) { - case BR_PEM_BEGIN_OBJ ; + case BR_PEM_BEGIN_OBJ : po->name = blah->sa->len ; if (!stralloc_cats(blah->sa, br_pem_decoder_name(ctx)) || !stralloc_0(blah->sa)) return -1 ; po->data = blah->sa->len ; - br_pem_decoder_setdest(&ctx, &sbearssl_append, blah) ; + br_pem_decoder_setdest(ctx, &sbearssl_append, blah) ; *inobj = 1 ; break ; case BR_PEM_END_OBJ : diff --git a/src/sbearssl/sbearssl_pkey_from.c b/src/sbearssl/sbearssl_pkey_from.c index e9745e8..a1d1076 100644 --- a/src/sbearssl/sbearssl_pkey_from.c +++ b/src/sbearssl/sbearssl_pkey_from.c @@ -5,15 +5,15 @@ #include <skalibs/stralloc.h> #include <s6-networking/sbearssl.h> -int sbearssl_pkey_from (sbearssl_pkey *l, br_x509_key const *k, stralloc *sa) +int sbearssl_pkey_from (sbearssl_pkey *l, br_x509_pkey const *k, stralloc *sa) { switch (k->key_type) { case BR_KEYTYPE_RSA : - if (!sbearssl_rsa_pkey_from(&l->data.rsa, &k->key.rsa, sa) return 0 ; + if (!sbearssl_rsa_pkey_from(&l->data.rsa, &k->key.rsa, sa)) return 0 ; break ; case BR_KEYTYPE_EC : - if (!sbearssl_ec_pkey_from(&l->data.ec, &k->key.ec, sa) return 0 ; + if (!sbearssl_ec_pkey_from(&l->data.ec, &k->key.ec, sa)) return 0 ; break ; default : return (errno = EINVAL, 0) ; diff --git a/src/sbearssl/sbearssl_pkey_to.c b/src/sbearssl/sbearssl_pkey_to.c index 491901b..54570aa 100644 --- a/src/sbearssl/sbearssl_pkey_to.c +++ b/src/sbearssl/sbearssl_pkey_to.c @@ -4,7 +4,7 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -int sbearssl_pkey_to (sbearssl_pkey const *l, br_x509_pkey *k, char const *s) +int sbearssl_pkey_to (sbearssl_pkey const *l, br_x509_pkey *k, char *s) { switch (l->type) { diff --git a/src/sbearssl/sbearssl_rsa_pkey_from.c b/src/sbearssl/sbearssl_rsa_pkey_from.c index a991f0c..3032bb3 100644 --- a/src/sbearssl/sbearssl_rsa_pkey_from.c +++ b/src/sbearssl/sbearssl_rsa_pkey_from.c @@ -6,12 +6,12 @@ int sbearssl_rsa_pkey_from (sbearssl_rsa_pkey *l, br_rsa_public_key const *k, stralloc *sa) { - if (!stralloc_readyplus(k->nlen + k->elen)) return 0 ; + if (!stralloc_readyplus(sa, k->nlen + k->elen)) return 0 ; l->n = sa->len ; - stralloc_catb(sa, k->n, k->nlen) ; + stralloc_catb(sa, (char const *)k->n, k->nlen) ; l->nlen = k->nlen ; l->e = sa->len ; - stralloc_catb(sa, k->e, k->elen) ; + stralloc_catb(sa, (char const *)k->e, k->elen) ; l->elen = k->elen ; return 1 ; } diff --git a/src/sbearssl/sbearssl_rsa_pkey_to.c b/src/sbearssl/sbearssl_rsa_pkey_to.c index 13d567e..2f80997 100644 --- a/src/sbearssl/sbearssl_rsa_pkey_to.c +++ b/src/sbearssl/sbearssl_rsa_pkey_to.c @@ -3,10 +3,10 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_rsa_pkey_ro (sbearssl_rsa_pkey const *l, br_rsa_public_key *k, char const *s) +void sbearssl_rsa_pkey_to (sbearssl_rsa_pkey const *l, br_rsa_public_key *k, char *s) { - k->n = s + l->n ; + k->n = (unsigned char *)s + l->n ; k->nlen = l->nlen ; - k->e = s + l->e ; + k->e = (unsigned char *)s + l->e ; k->elen = l->elen ; } diff --git a/src/sbearssl/sbearssl_rsa_skey_from.c b/src/sbearssl/sbearssl_rsa_skey_from.c index 3e6a04b..c9f1c0c 100644 --- a/src/sbearssl/sbearssl_rsa_skey_from.c +++ b/src/sbearssl/sbearssl_rsa_skey_from.c @@ -7,22 +7,22 @@ int sbearssl_rsa_skey_from (sbearssl_rsa_skey *l, br_rsa_private_key const *k, stralloc *sa) { - if (!stralloc_readyplus(k->plen + k->qlen + k->dplen + k->dqlen + k->iqlen)) return 0 ; + if (!stralloc_readyplus(sa, k->plen + k->qlen + k->dplen + k->dqlen + k->iqlen)) return 0 ; l->n_bitlen = k->n_bitlen ; l->p = sa->len ; - stralloc_catb(sa, k->p, k->plen) ; + stralloc_catb(sa, (char const *)k->p, k->plen) ; l->plen = k->plen ; l->q = sa->len ; - stralloc_catb(sa, k->q, k->qlen) ; + stralloc_catb(sa, (char const *)k->q, k->qlen) ; l->qlen = k->qlen ; l->dp = sa->len ; - stralloc_catb(sa, k->dp, k->dplen) ; + stralloc_catb(sa, (char const *)k->dp, k->dplen) ; l->dplen = k->dplen ; l->dq = sa->len ; - stralloc_catb(sa, k->dq, k->dqlen) ; + stralloc_catb(sa, (char const *)k->dq, k->dqlen) ; l->dqlen = k->dqlen ; l->iq = sa->len ; - stralloc_catb(sa, k->iq, k->iqlen) ; + stralloc_catb(sa, (char const *)k->iq, k->iqlen) ; l->iqlen = k->iqlen ; return 1 ; } diff --git a/src/sbearssl/sbearssl_rsa_skey_to.c b/src/sbearssl/sbearssl_rsa_skey_to.c index 3c4139b..93c90b0 100644 --- a/src/sbearssl/sbearssl_rsa_skey_to.c +++ b/src/sbearssl/sbearssl_rsa_skey_to.c @@ -3,17 +3,17 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_rsa_skey (sbearssl_rsa_skey const *l, br_rsa_private_key *k, char const *s) +void sbearssl_rsa_skey_to (sbearssl_rsa_skey const *l, br_rsa_private_key *k, char *s) { k->n_bitlen = l->n_bitlen ; - k->p = s + l->p ; + k->p = (unsigned char *)s + l->p ; k->plen = l->plen ; - k->q = s + l->q ; + k->q = (unsigned char *)s + l->q ; k->qlen = l->qlen ; - k->dp = s + l->dp ; + k->dp = (unsigned char *)s + l->dp ; k->dplen = l->dplen ; - k->dq = s + l->dq ; + k->dq = (unsigned char *)s + l->dq ; k->dqlen = l->dqlen ; - k->iq = s + l->iq ; + k->iq = (unsigned char *)s + l->iq ; k->iqlen = l->iqlen ; } diff --git a/src/sbearssl/sbearssl_run.c b/src/sbearssl/sbearssl_run.c index af221b5..3ea4a95 100644 --- a/src/sbearssl/sbearssl_run.c +++ b/src/sbearssl/sbearssl_run.c @@ -31,30 +31,30 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, unsigned int state = br_ssl_engine_current_state(ctx) ; int r ; - tain_add_g(&deadline, isopen[0] && isopen[1] && state & (BR_SSL_SENDAPP | BR_SSL_REVREC) ? tto : &tain_infinite_relative) ; + tain_add_g(&deadline, fds[0] >= 0 && fds[2] >= 0 && state & (BR_SSL_SENDAPP | BR_SSL_RECVREC) ? tto : &tain_infinite_relative) ; - if (fds[0] >= 0 && st & BR_SSL_SENDAPP) + if (fds[0] >= 0 && state & BR_SSL_SENDAPP) { x[j].fd = fds[0] ; x[j].events = IOPAUSE_READ ; xindex[0] = j++ ; } else xindex[0] = 4 ; - if (fds[1] >= 0 && st & BR_SSL_RECVAPP) + if (fds[1] >= 0 && state & BR_SSL_RECVAPP) { x[j].fd = fds[1] ; x[j].events = IOPAUSE_WRITE ; xindex[1] = j++ ; } else xindex[1] = 4 ; - if (fds[2] >= 0 && st & BR_SSL_RECVREC) + if (fds[2] >= 0 && state & BR_SSL_RECVREC) { x[j].fd = fds[2] ; x[j].events = IOPAUSE_READ ; xindex[2] = j++ ; } else xindex[2] = 4 ; - if (fds[3] >= 0 && st & BR_SSL_SENDREC) + if (fds[3] >= 0 && state & BR_SSL_SENDREC) { x[j].fd = fds[3] ; x[j].events = IOPAUSE_WRITE ; @@ -68,7 +68,7 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, else if (!r) { fd_close(fds[0]) ; fds[0] = -1 ; - br_ssl_engine_close(&ctx) ; + br_ssl_engine_close(ctx) ; continue ; } @@ -82,8 +82,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_RECVAPP && x[xindex[1]].revents & IOPAUSE_WRITE) { size_t len ; - char const *s = br_ssl_engine_recvapp_buf(ctx, &len) ; - size_t w = allwrite(fds[1], s, len) ; + unsigned char const *s = br_ssl_engine_recvapp_buf(ctx, &len) ; + size_t w = allwrite(fds[1], (char const *)s, len) ; if (!w) { if (!error_isagain(errno)) @@ -106,8 +106,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_SENDREC && x[xindex[3]].revents & IOPAUSE_WRITE) { size_t len ; - char const *s = br_ssl_engine_sendrec_buf(ctx, &len) ; - size_t w = allwrite(fds[3], s, len) ; + unsigned char const *s = br_ssl_engine_sendrec_buf(ctx, &len) ; + size_t w = allwrite(fds[3], (char const *)s, len) ; if (!w) { if (!error_isagain(errno)) @@ -131,8 +131,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_SENDAPP & x[xindex[0]].revents & IOPAUSE_READ) { size_t len ; - char *s = br_ssl_engine_sendapp_buf(ctx, &len) ; - size_t w = allread(fds[0], s, len) ; + unsigned char *s = br_ssl_engine_sendapp_buf(ctx, &len) ; + size_t w = allread(fds[0], (char *)s, len) ; if (!w) { if (!error_isagain(errno)) @@ -160,8 +160,8 @@ int sbearssl_run (br_ssl_engine_context *ctx, int *fds, unsigned int verbosity, if (state & BR_SSL_RECVREC & x[xindex[2]].revents & IOPAUSE_READ) { size_t len ; - char *s = br_ssl_engine_recvrec_buf(ctx, &len) ; - size_t w = allread(fds[2], s, len) ; + unsigned char *s = br_ssl_engine_recvrec_buf(ctx, &len) ; + size_t w = allread(fds[2], (char *)s, len) ; if (!w) { if (!error_isagain(errno)) diff --git a/src/sbearssl/sbearssl_s6tlsc.c b/src/sbearssl/sbearssl_s6tlsc.c index a8a6582..8bc8f65 100644 --- a/src/sbearssl/sbearssl_s6tlsc.c +++ b/src/sbearssl/sbearssl_s6tlsc.c @@ -13,35 +13,37 @@ #include <skalibs/random.h> #include <s6-networking/sbearssl.h> -int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, int *sfd) +int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t const *tto, uint32_t preoptions, uint32_t options, uid_t uid, gid_t gid, unsigned int verbosity, char const *servername, int *sfd) { int fds[4] = { sfd[0], sfd[1], sfd[0], sfd[1] } ; stralloc storage = STRALLOC_ZERO ; genalloc tas = GENALLOC_ZERO ; - size_t chainlen ; - int r ; + size_t talen ; if (preoptions & 1) strerr_dief1x(100, "client certificates are not supported by BearSSL yet") ; - x = env_get2(envp, "CADIR") ; - if (x) - r = sbearssl_ta_readdir(x, &tas, &storage) ; - else { - x = env_get2(envp, "CAFILE") ; - if (!x) strerr_dienotset(100, "CADIR or CAFILE") ; - r = sbearssl_ta_readfile(x, &tas, &storage) ; - } + int r ; + char const *x = env_get2(envp, "CADIR") ; + if (x) + r = sbearssl_ta_readdir(x, &tas, &storage) ; + else + { + x = env_get2(envp, "CAFILE") ; + if (!x) strerr_dienotset(100, "CADIR or CAFILE") ; + r = sbearssl_ta_readfile(x, &tas, &storage) ; + } - if (r < 0) - strerr_diefu2sys(111, "read trust anchors in ", x) ; - else if (r) - strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ; + if (r < 0) + strerr_diefu2sys(111, "read trust anchors in ", x) ; + else if (r) + strerr_diefu4x(96, "read trust anchors in ", x, ": ", sbearssl_error_str(r)) ; - talen = genalloc_len(sbearssl_ta, &tas) ; - if (!talen) - strerr_dief2x(96, "no trust anchor found in ", x) ; + talen = genalloc_len(sbearssl_ta, &tas) ; + if (!talen) + strerr_dief2x(96, "no trust anchor found in ", x) ; + } { unsigned char buf[BR_SSL_BUFSIZE_BIDI] ; @@ -59,7 +61,7 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co if (!random_init()) strerr_diefu1sys(111, "initialize random generator") ; - random_string(buf, 32) ; + random_string((char *)buf, 32) ; br_ssl_engine_inject_entropy(&cc.eng, buf, 32) ; random_finish() ; @@ -68,7 +70,8 @@ int sbearssl_s6tlsc (char const *const *argv, char const *const *envp, tain_t co if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ; br_ssl_engine_set_buffer(&cc.eng, buf, sizeof(buf), 1) ; - br_ssl_client_reset(&cc) ; + if (!br_ssl_client_reset(&cc, servername, 0)) + strerr_diefu2x(97, "reset client context: ", sbearssl_error_str(br_ssl_engine_last_error(&cc.eng))) ; { int wstat ; diff --git a/src/sbearssl/sbearssl_s6tlsd.c b/src/sbearssl/sbearssl_s6tlsd.c index 1bc1114..1198349 100644 --- a/src/sbearssl/sbearssl_s6tlsd.c +++ b/src/sbearssl/sbearssl_s6tlsd.c @@ -62,12 +62,12 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co switch (skey.type) { case BR_KEYTYPE_RSA : - sbearssl_rsa_skey_to(&skey.rsa, &key.rsa, storage.s) ; + sbearssl_rsa_skey_to(&skey.data.rsa, &key.rsa, storage.s) ; br_ssl_server_init_full_rsa(&sc, chain, chainlen, &key.rsa) ; break ; case BR_KEYTYPE_EC : - sbearssl_ec_skey_to(&skey.ec, &key.ec, storage.s) ; - br_ssl_server_init_full_ec(&sc, chain, chainlen, &key.ec) ; + sbearssl_ec_skey_to(&skey.data.ec, &key.ec, storage.s) ; + br_ssl_server_init_full_ec(&sc, chain, chainlen, BR_KEYTYPE_EC, &key.ec) ; break ; default : strerr_dief1x(96, "unsupported private key type") ; @@ -75,7 +75,7 @@ int sbearssl_s6tlsd (char const *const *argv, char const *const *envp, tain_t co if (!random_init()) strerr_diefu1sys(111, "initialize random generator") ; - random_string(buf, 32) ; + random_string((char *)buf, 32) ; br_ssl_engine_inject_entropy(&sc.eng, buf, 32) ; random_finish() ; diff --git a/src/sbearssl/sbearssl_skey_from.c b/src/sbearssl/sbearssl_skey_from.c index 26b2788..b1bc938 100644 --- a/src/sbearssl/sbearssl_skey_from.c +++ b/src/sbearssl/sbearssl_skey_from.c @@ -10,10 +10,10 @@ int sbearssl_skey_from (sbearssl_skey *l, br_skey const *k, stralloc *sa) switch (k->type) { case BR_KEYTYPE_RSA : - if (!sbearssl_rsa_skey_from(&l->data.rsa, &k->data.rsa, sa) return 0 ; + if (!sbearssl_rsa_skey_from(&l->data.rsa, &k->data.rsa, sa)) return 0 ; break ; case BR_KEYTYPE_EC : - if (!sbearssl_ec_pkey_from(&l->data.ec, &k->data.ec, sa) return 0 ; + if (!sbearssl_ec_skey_from(&l->data.ec, &k->data.ec, sa)) return 0 ; break ; default : return (errno = EINVAL, 0) ; diff --git a/src/sbearssl/sbearssl_skey_readfile.c b/src/sbearssl/sbearssl_skey_readfile.c index 64ac28d..d5cf2b5 100644 --- a/src/sbearssl/sbearssl_skey_readfile.c +++ b/src/sbearssl/sbearssl_skey_readfile.c @@ -22,17 +22,17 @@ static int decode_key (sbearssl_skey *key, char const *s, size_t len, stralloc * { case 0 : return br_skey_decoder_last_error(&ctx) ; case BR_KEYTYPE_RSA : - if (!sbearssl_rsa_skey_from(&key->data.rsa, ctx.key.rsa, sa) return -1 ; + if (!sbearssl_rsa_skey_from(&key->data.rsa, &ctx.key.rsa, sa)) return -1 ; break ; case BR_KEYTYPE_EC : - if (!sbearssl_ec_skey_from(&key->data.ec, ctx.key.ec, sa) return -1 ; + if (!sbearssl_ec_skey_from(&key->data.ec, &ctx.key.ec, sa)) return -1 ; break ; } key->type = ktype ; return 0 ; } -int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ; +int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) { char buf[MAXKEYFILESIZE] ; stralloc tmp = STRALLOC_ZERO ; @@ -40,10 +40,10 @@ int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ; sbearssl_pemobject *p ; size_t n ; size_t i = 0 ; - int r = openreadnclose(fn, buf, MAKKEYFILESIZE) ; + int r = openreadnclose(fn, buf, MAXKEYFILESIZE) ; if (r < 0) return r ; n = r ; - if (sbearssl_isder(buf, n)) return decode_key(key, buf, n) ; + if (sbearssl_isder((unsigned char *)buf, n)) return decode_key(key, buf, n, sa) ; r = sbearssl_pem_decode_from_string(buf, n, &list, &tmp) ; if (r) return r ; p = genalloc_s(sbearssl_pemobject, &list) ; @@ -66,6 +66,6 @@ int sbearssl_skey_readfile (char const *fn, sbearssl_skey *key, stralloc *sa) ; r = -1 ; errno = EINVAL ; fail: stralloc_free(&tmp) ; - genalloc_free(sbearssl_pemobject, list) ; + genalloc_free(sbearssl_pemobject, &list) ; return r ; } diff --git a/src/sbearssl/sbearssl_skey_to.c b/src/sbearssl/sbearssl_skey_to.c index 9886606..b588578 100644 --- a/src/sbearssl/sbearssl_skey_to.c +++ b/src/sbearssl/sbearssl_skey_to.c @@ -4,15 +4,15 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -int sbearssl_skey_to (sbearssl_skey const *l, br_skey *k, char const *s) +int sbearssl_skey_to (sbearssl_skey const *l, br_skey *k, char *s) { switch (l->type) { case BR_KEYTYPE_RSA : - sbearssl_rsa_pkey_to(&l->data.rsa, &k->data.rsa, s) ; + sbearssl_rsa_skey_to(&l->data.rsa, &k->data.rsa, s) ; break ; case BR_KEYTYPE_EC : - sbearssl_ec_pkey_to(&l->data.ec, &k->data.ec, s) ; + sbearssl_ec_skey_to(&l->data.ec, &k->data.ec, s) ; break ; default : return (errno = EINVAL, 0) ; diff --git a/src/sbearssl/sbearssl_ta_cert.c b/src/sbearssl/sbearssl_ta_cert.c index d8f26e5..82019ef 100644 --- a/src/sbearssl/sbearssl_ta_cert.c +++ b/src/sbearssl/sbearssl_ta_cert.c @@ -5,6 +5,7 @@ #include <bearssl.h> #include <skalibs/stralloc.h> #include <s6-networking/sbearssl.h> +#include "sbearssl-internal.h" int sbearssl_ta_cert (sbearssl_ta *ta, sbearssl_cert const *cert, char const *certstorage, stralloc *tastorage) { @@ -13,15 +14,14 @@ int sbearssl_ta_cert (sbearssl_ta *ta, sbearssl_cert const *cert, char const *ce struct sbearssl_strallocerr_s blah = { .sa = tastorage } ; size_t tastoragebase = tastorage->len ; int tastoragewasnull = !tastorage->s ; - br_x509_pkey bpk ; - int r ; + br_x509_pkey *bpk ; + int r = -1 ; br_x509_decoder_init(&ctx, &sbearssl_append, &blah) ; br_x509_decoder_push(&ctx, certstorage + cert->data, cert->datalen) ; - if (blah->err) + if (blah.err) { - r = -1 ; - errno = blah->err ; + errno = blah.err ; goto fail ; } bpk = br_x509_decoder_get_pkey(&ctx) ; diff --git a/src/sbearssl/sbearssl_ta_from.c b/src/sbearssl/sbearssl_ta_from.c index d044c27..001b958 100644 --- a/src/sbearssl/sbearssl_ta_from.c +++ b/src/sbearssl/sbearssl_ta_from.c @@ -9,8 +9,8 @@ int sbearssl_ta_from (sbearssl_ta *l, br_x509_trust_anchor const *k, stralloc *s { size_t sabase = sa->len ; int sawasnull = !sa->s ; - sbearssl_ta ta = { .dn = sa->len, .dnlen = k->dn_len, .flags = k.flags } ; - if (!stralloc_catb(sa, k->dn, k->dn_len)) return 0 ; + sbearssl_ta ta = { .dn = sa->len, .dnlen = k->dn_len, .flags = k->flags } ; + if (!stralloc_catb(sa, (char const *)k->dn, k->dn_len)) return 0 ; if (!sbearssl_pkey_from(&ta.pkey, &k->pkey, sa)) goto fail ; *l = ta ; return 1 ; diff --git a/src/sbearssl/sbearssl_ta_readdir.c b/src/sbearssl/sbearssl_ta_readdir.c index 9821dd2..3d01dc8 100644 --- a/src/sbearssl/sbearssl_ta_readdir.c +++ b/src/sbearssl/sbearssl_ta_readdir.c @@ -8,6 +8,7 @@ #include <skalibs/direntry.h> #include <skalibs/djbunix.h> #include <s6-networking/sbearssl.h> +#include "sbearssl-internal.h" int sbearssl_ta_readdir (char const *dirfn, genalloc *taga, stralloc *tasa) { diff --git a/src/sbearssl/sbearssl_ta_readfile_internal.c b/src/sbearssl/sbearssl_ta_readfile_internal.c index acbba9a..70a0453 100644 --- a/src/sbearssl/sbearssl_ta_readfile_internal.c +++ b/src/sbearssl/sbearssl_ta_readfile_internal.c @@ -16,7 +16,7 @@ int sbearssl_ta_readfile_internal (char const *file, genalloc *taga, stralloc *t size_t tagabase = genalloc_len(sbearssl_ta, taga) ; int tasawasnull = !tasa->s ; int tagawasnull = !genalloc_s(sbearssl_ta, taga) ; - int r = sbearssl_cert_read(file, certga, certsa) ; + int r = sbearssl_cert_readfile(file, certga, certsa) ; sbearssl_cert *p = genalloc_s(sbearssl_cert, certga) ; size_t n = genalloc_len(sbearssl_cert, certga) ; if (r) return r ; diff --git a/src/sbearssl/sbearssl_ta_to.c b/src/sbearssl/sbearssl_ta_to.c index 4714b47..8c37119 100644 --- a/src/sbearssl/sbearssl_ta_to.c +++ b/src/sbearssl/sbearssl_ta_to.c @@ -3,9 +3,9 @@ #include <bearssl.h> #include <s6-networking/sbearssl.h> -void sbearssl_ta_to (sbearssl_ta const *sta, br_x509_trust_anchor *bta, char const *s) +void sbearssl_ta_to (sbearssl_ta const *sta, br_x509_trust_anchor *bta, char *s) { - bta->dn = s + sta->dn ; + bta->dn = (unsigned char *)s + sta->dn ; bta->dn_len = sta->dnlen ; bta->flags = sta->flags ; sbearssl_pkey_to(&sta->pkey, &bta->pkey, s) ; |