X-Git-Url: http://www.privoxy.org/gitweb/?a=blobdiff_plain;f=ssl.c;h=56360fc8937fd4e8016654eef6bf9cacc7142d96;hb=8f3d47e4a70173eb51d5ecfc02d2f3263f7b768d;hp=eb85ff2f584912c72f249748188f05afcda8c6e2;hpb=906e31d202882a9e8712ea57edbf13163bab05b3;p=privoxy.git diff --git a/ssl.c b/ssl.c index eb85ff2f..56360fc8 100644 --- a/ssl.c +++ b/ssl.c @@ -42,11 +42,11 @@ #include "mbedtls/base64.h" #include "mbedtls/error.h" +#include "config.h" #include "project.h" #include "miscutil.h" #include "errlog.h" #include "jcc.h" -#include "config.h" #include "ssl.h" @@ -107,7 +107,7 @@ typedef struct { char *key_file_path; /* filename of the key file */ } key_options; -extern int generate_webpage_certificate(struct client_state *csp); +static int generate_webpage_certificate(struct client_state *csp); static char *make_certs_path(const char *conf_dir, const char *file_name, const char *suffix); static int file_exists(const char *path); static int host_to_hash(struct client_state *csp); @@ -241,7 +241,6 @@ extern int ssl_send_data(mbedtls_ssl_context *ssl, const unsigned char *buf, siz { char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); mbedtls_strerror(ret, err_buf, sizeof(err_buf)); log_error(LOG_LEVEL_ERROR, "Sending data over TLS/SSL failed: %s", err_buf); @@ -290,7 +289,6 @@ extern int ssl_recv_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t ma { char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); mbedtls_strerror(ret, err_buf, sizeof(err_buf)); log_error(LOG_LEVEL_ERROR, "Receiving data over TLS/SSL failed: %s", err_buf); @@ -385,8 +383,6 @@ extern int create_client_ssl_connection(struct client_state *csp) int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); - /* * Initializing mbedtls structures for TLS/SSL connection */ @@ -679,8 +675,6 @@ extern int create_server_ssl_connection(struct client_state *csp) char *trusted_cas_file = NULL; int auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; - memset(err_buf, 0, sizeof(err_buf)); - csp->server_cert_verification_result = SSL_CERT_NOT_VERIFIED; csp->server_certs_chain.next = NULL; @@ -693,7 +687,7 @@ extern int create_server_ssl_connection(struct client_state *csp) mbedtls_net_init(&(csp->mbedtls_server_attr.socket_fd)); mbedtls_ssl_init(&(csp->mbedtls_server_attr.ssl)); mbedtls_ssl_config_init(&(csp->mbedtls_server_attr.conf)); - mbedtls_x509_crt_init( &(csp->mbedtls_server_attr.ca_cert)); + mbedtls_x509_crt_init(&(csp->mbedtls_server_attr.ca_cert)); /* * Setting socket fd in mbedtls_net_context structure. This structure @@ -961,7 +955,6 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); memset(cert_buf, 0, sizeof(cert_buf)); /* @@ -1029,8 +1022,6 @@ static int write_private_key(mbedtls_pk_context *key, unsigned char **ret_buf, int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); - /* Initializing buffer for key file content */ *ret_buf = zalloc_or_die(PRIVATE_KEY_BUF_SIZE + 1); @@ -1094,15 +1085,15 @@ exit: * contain NULL and no private key is generated. * * Parameters : - * 1 : key_buf = buffer to save new generated key - * 2 : csp = Current client state (buffers, headers, etc...) + * 1 : csp = Current client state (buffers, headers, etc...) + * 2 : key_buf = buffer to save new generated key * * Returns : -1 => Error while generating private key * 0 => Key already exists * >0 => Length of generated private key * *********************************************************************/ -static int generate_key(unsigned char **key_buf, struct client_state *csp) +static int generate_key(struct client_state *csp, unsigned char **key_buf) { mbedtls_pk_context key; key_options key_opt; @@ -1110,7 +1101,6 @@ static int generate_key(unsigned char **key_buf, struct client_state *csp) char err_buf[ERROR_BUF_SIZE]; key_opt.key_file_path = NULL; - memset(err_buf, 0, sizeof(err_buf)); /* * Initializing structures for key generating @@ -1209,11 +1199,11 @@ exit: * 1 : csp = Current client state (buffers, headers, etc...) * * Returns : -1 => Error while creating certificate. - * 0 => Certificate alreaday exist. + * 0 => Certificate already exists. * >0 => Length of created certificate. * *********************************************************************/ -extern int generate_webpage_certificate(struct client_state *csp) +static int generate_webpage_certificate(struct client_state *csp) { mbedtls_x509_crt issuer_cert; mbedtls_pk_context loaded_issuer_key, loaded_subject_key; @@ -1228,8 +1218,6 @@ extern int generate_webpage_certificate(struct client_state *csp) char err_buf[ERROR_BUF_SIZE]; cert_options cert_opt; - memset(err_buf, 0, sizeof(err_buf)); - /* Paths to keys and certificates needed to create certificate */ cert_opt.issuer_key = NULL; cert_opt.subject_key = NULL; @@ -1239,7 +1227,7 @@ extern int generate_webpage_certificate(struct client_state *csp) /* * Create key for requested host */ - int subject_key_len = generate_key(&key_buf, csp); + int subject_key_len = generate_key(csp, &key_buf); if (subject_key_len < 0) { log_error(LOG_LEVEL_ERROR, "Key generating failed"); @@ -1250,7 +1238,7 @@ extern int generate_webpage_certificate(struct client_state *csp) * Initializing structures for certificate generating */ mbedtls_x509write_crt_init(&cert); - mbedtls_x509write_crt_set_md_alg( &cert, CERT_SIGNATURE_ALGORITHM); + mbedtls_x509write_crt_set_md_alg(&cert, CERT_SIGNATURE_ALGORITHM); mbedtls_pk_init(&loaded_issuer_key); mbedtls_pk_init(&loaded_subject_key); mbedtls_mpi_init(&serial); @@ -1419,8 +1407,8 @@ extern int generate_webpage_certificate(struct client_state *csp) if (!mbedtls_pk_can_do(&issuer_cert.pk, MBEDTLS_PK_RSA) || mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->N, &mbedtls_pk_rsa(*issuer_key)->N) != 0 || - mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa(issuer_cert.pk)->E, - &mbedtls_pk_rsa(*issuer_key )->E) != 0) + mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->E, + &mbedtls_pk_rsa(*issuer_key)->E) != 0) { log_error(LOG_LEVEL_ERROR, "Issuer key doesn't match issuer certificate"); @@ -1876,7 +1864,7 @@ static void free_certificate_chain(struct client_state *csp) /* Cleaning buffers */ memset(csp->server_certs_chain.text_buf, 0, sizeof(csp->server_certs_chain.text_buf)); - memset(csp->server_certs_chain.text_buf, 0, + memset(csp->server_certs_chain.file_buf, 0, sizeof(csp->server_certs_chain.file_buf)); csp->server_certs_chain.next = NULL; @@ -2042,8 +2030,6 @@ static int seed_rng(struct client_state *csp) int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); - if (rng_seeded == 0) { privoxy_mutex_lock(&rng_mutex);