X-Git-Url: http://www.privoxy.org/gitweb/?p=privoxy.git;a=blobdiff_plain;f=ssl.c;h=a7f92ebd73d117510529cb74b81a39cff2493277;hp=220e099a037b5f025438f37539321fbfb48ee328;hb=85176660eb9e4c56b9553c40729bb8c874cc97ab;hpb=14dc0fd27b7c45cd46be3a14e617b186405ebd51 diff --git a/ssl.c b/ssl.c index 220e099a..a7f92ebd 100644 --- a/ssl.c +++ b/ssl.c @@ -42,11 +42,11 @@ #include "mbedtls/base64.h" #include "mbedtls/error.h" +#include "config.h" #include "project.h" #include "miscutil.h" #include "errlog.h" #include "jcc.h" -#include "config.h" #include "ssl.h" @@ -107,7 +107,7 @@ typedef struct { char *key_file_path; /* filename of the key file */ } key_options; -extern int generate_webpage_certificate(struct client_state *csp); +static int generate_webpage_certificate(struct client_state *csp); static char *make_certs_path(const char *conf_dir, const char *file_name, const char *suffix); static int file_exists(const char *path); static int host_to_hash(struct client_state *csp); @@ -241,7 +241,6 @@ extern int ssl_send_data(mbedtls_ssl_context *ssl, const unsigned char *buf, siz { char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); mbedtls_strerror(ret, err_buf, sizeof(err_buf)); log_error(LOG_LEVEL_ERROR, "Sending data over TLS/SSL failed: %s", err_buf); @@ -290,7 +289,6 @@ extern int ssl_recv_data(mbedtls_ssl_context *ssl, unsigned char *buf, size_t ma { char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); mbedtls_strerror(ret, err_buf, sizeof(err_buf)); log_error(LOG_LEVEL_ERROR, "Receiving data over TLS/SSL failed: %s", err_buf); @@ -385,8 +383,6 @@ extern int create_client_ssl_connection(struct client_state *csp) int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); - /* * Initializing mbedtls structures for TLS/SSL connection */ @@ -679,8 +675,6 @@ extern int create_server_ssl_connection(struct client_state *csp) char *trusted_cas_file = NULL; int auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; - memset(err_buf, 0, sizeof(err_buf)); - csp->server_cert_verification_result = SSL_CERT_NOT_VERIFIED; csp->server_certs_chain.next = NULL; @@ -693,7 +687,7 @@ extern int create_server_ssl_connection(struct client_state *csp) mbedtls_net_init(&(csp->mbedtls_server_attr.socket_fd)); mbedtls_ssl_init(&(csp->mbedtls_server_attr.ssl)); mbedtls_ssl_config_init(&(csp->mbedtls_server_attr.conf)); - mbedtls_x509_crt_init( &(csp->mbedtls_server_attr.ca_cert)); + mbedtls_x509_crt_init(&(csp->mbedtls_server_attr.ca_cert)); /* * Setting socket fd in mbedtls_net_context structure. This structure @@ -961,7 +955,6 @@ static int write_certificate(mbedtls_x509write_cert *crt, const char *output_fil int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); memset(cert_buf, 0, sizeof(cert_buf)); /* @@ -1029,8 +1022,6 @@ static int write_private_key(mbedtls_pk_context *key, unsigned char **ret_buf, int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); - /* Initializing buffer for key file content */ *ret_buf = zalloc_or_die(PRIVATE_KEY_BUF_SIZE + 1); @@ -1110,7 +1101,6 @@ static int generate_key(unsigned char **key_buf, struct client_state *csp) char err_buf[ERROR_BUF_SIZE]; key_opt.key_file_path = NULL; - memset(err_buf, 0, sizeof(err_buf)); /* * Initializing structures for key generating @@ -1209,11 +1199,11 @@ exit: * 1 : csp = Current client state (buffers, headers, etc...) * * Returns : -1 => Error while creating certificate. - * 0 => Certificate alreaday exist. + * 0 => Certificate already exists. * >0 => Length of created certificate. * *********************************************************************/ -extern int generate_webpage_certificate(struct client_state *csp) +static int generate_webpage_certificate(struct client_state *csp) { mbedtls_x509_crt issuer_cert; mbedtls_pk_context loaded_issuer_key, loaded_subject_key; @@ -1228,8 +1218,6 @@ extern int generate_webpage_certificate(struct client_state *csp) char err_buf[ERROR_BUF_SIZE]; cert_options cert_opt; - memset(err_buf, 0, sizeof(err_buf)); - /* Paths to keys and certificates needed to create certificate */ cert_opt.issuer_key = NULL; cert_opt.subject_key = NULL; @@ -1250,7 +1238,7 @@ extern int generate_webpage_certificate(struct client_state *csp) * Initializing structures for certificate generating */ mbedtls_x509write_crt_init(&cert); - mbedtls_x509write_crt_set_md_alg( &cert, CERT_SIGNATURE_ALGORITHM); + mbedtls_x509write_crt_set_md_alg(&cert, CERT_SIGNATURE_ALGORITHM); mbedtls_pk_init(&loaded_issuer_key); mbedtls_pk_init(&loaded_subject_key); mbedtls_mpi_init(&serial); @@ -1419,8 +1407,8 @@ extern int generate_webpage_certificate(struct client_state *csp) if (!mbedtls_pk_can_do(&issuer_cert.pk, MBEDTLS_PK_RSA) || mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->N, &mbedtls_pk_rsa(*issuer_key)->N) != 0 || - mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa(issuer_cert.pk)->E, - &mbedtls_pk_rsa(*issuer_key )->E) != 0) + mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->E, + &mbedtls_pk_rsa(*issuer_key)->E) != 0) { log_error(LOG_LEVEL_ERROR, "Issuer key doesn't match issuer certificate"); @@ -1829,38 +1817,28 @@ static int ssl_verify_callback(void *csp_void, mbedtls_x509_crt *crt, /* * Preparing next item in linked list for next certificate - * If malloc fails, we are continuing without this certificate */ - last->next = (struct certs_chain *)malloc(sizeof(struct certs_chain)); - if (last->next != NULL) - { - last->next->next = NULL; - memset(last->next->text_buf, 0, sizeof(last->next->text_buf)); - memset(last->next->file_buf, 0, sizeof(last->next->file_buf)); + last->next = malloc_or_die(sizeof(struct certs_chain)); + last->next->next = NULL; + memset(last->next->text_buf, 0, sizeof(last->next->text_buf)); + memset(last->next->file_buf, 0, sizeof(last->next->file_buf)); - /* - * Saving certificate file into buffer - */ - if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, - crt->raw.p, crt->raw.len, (unsigned char *)last->file_buf, - sizeof(last->file_buf)-1, &olen)) != 0) - { - return(ret); - } - - /* - * Saving certificate information into buffer - */ - mbedtls_x509_crt_info(last->text_buf, sizeof(last->text_buf) - 1, - CERT_INFO_PREFIX, crt); - } - else + /* + * Saving certificate file into buffer + */ + if ((ret = mbedtls_pem_write_buffer(PEM_BEGIN_CRT, PEM_END_CRT, + crt->raw.p, crt->raw.len, (unsigned char *)last->file_buf, + sizeof(last->file_buf)-1, &olen)) != 0) { - log_error(LOG_LEVEL_ERROR, - "Malloc memory for server certificate informations failed"); - return -1; + return(ret); } + /* + * Saving certificate information into buffer + */ + mbedtls_x509_crt_info(last->text_buf, sizeof(last->text_buf) - 1, + CERT_INFO_PREFIX, crt); + return 0; } @@ -1886,7 +1864,7 @@ static void free_certificate_chain(struct client_state *csp) /* Cleaning buffers */ memset(csp->server_certs_chain.text_buf, 0, sizeof(csp->server_certs_chain.text_buf)); - memset(csp->server_certs_chain.text_buf, 0, + memset(csp->server_certs_chain.file_buf, 0, sizeof(csp->server_certs_chain.file_buf)); csp->server_certs_chain.next = NULL; @@ -2052,8 +2030,6 @@ static int seed_rng(struct client_state *csp) int ret = 0; char err_buf[ERROR_BUF_SIZE]; - memset(err_buf, 0, sizeof(err_buf)); - if (rng_seeded == 0) { privoxy_mutex_lock(&rng_mutex);