DANE support structures, constructructors and accessors (919ba009) · Commits · CYBER - Cyber Security / TS 103 523 MSP / ETS / ETS OpenSSL

crypto/x509/x509_vfy.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -70,6 +70,7 @@
		#include <openssl/x509.h>
		#include <openssl/x509v3.h>
		#include <openssl/objects.h>
		#include <internal/dane.h>
		#include <internal/x509_int.h>
		#include "x509_lcl.h"

		@@ -2072,6 +2073,7 @@ int X509_STORE_CTX_init(X509_STORE_CTX ctx, X509_STORE store, X509 *x509,
		ctx->current_reasons = 0;
		ctx->tree = NULL;
		ctx->parent = NULL;
		ctx->dane = NULL;
		/* Zero ex_data to make sure we're cleanup-safe */
		memset(&ctx->ex_data, 0, sizeof(ctx->ex_data));

		@@ -2263,6 +2265,11 @@ void X509_STORE_CTX_set0_param(X509_STORE_CTX ctx, X509_VERIFY_PARAM param)
		ctx->param = param;
		}

		void X509_STORE_CTX_set0_dane(X509_STORE_CTX ctx, struct dane_st dane)
		{
		ctx->dane = dane;
		}

		static int build_chain(X509_STORE_CTX *ctx)
		{
		int (cb) (int, X509_STORE_CTX ) = ctx->verify_cb;

+18 −0

Original line number	Diff line number	Diff line
		@@ -444,6 +444,24 @@ char X509_VERIFY_PARAM_get0_peername(X509_VERIFY_PARAM param)
		return param->peername;
		}

		/*
		* Move peername from one param structure to another, freeing any name present
		* at the target. If the source is a NULL parameter structure, free and zero
		* the target peername.
		*/
		void X509_VERIFY_PARAM_move_peername(X509_VERIFY_PARAM *to,
		X509_VERIFY_PARAM *from)
		{
		char *peername = (from != NULL) ? from->peername : NULL;

		if (to->peername != peername) {
		OPENSSL_free(to->peername);
		to->peername = peername;
		}
		if (from)
		from->peername = NULL;
		}

		int X509_VERIFY_PARAM_set1_email(X509_VERIFY_PARAM *param,
		const char *email, size_t emaillen)
		{

+2 −1

Original line number	Diff line number	Diff line
		#include <string.h>
		#include <openssl/err.h>
		#include <openssl/ssl.h>

		@@ -56,7 +57,7 @@ int main(int argc, char **argv)
		if (!SSL_CONF_CTX_finish(cctx)) {
		fprintf(stderr, "Finish error\n");
		ERR_print_errors_fp(stderr);
		goto err;
		goto end;
		}

		/*

+2 −1

Original line number	Diff line number	Diff line
		#include <string.h>
		#include <openssl/err.h>
		#include <openssl/ssl.h>
		#include <openssl/conf.h>
		@@ -64,7 +65,7 @@ int main(int argc, char **argv)
		if (!SSL_CONF_CTX_finish(cctx)) {
		fprintf(stderr, "Finish error\n");
		ERR_print_errors_fp(stderr);
		goto err;
		goto end;
		}

		/*

+22 −7

Original line number	Diff line number	Diff line
		@@ -18,16 +18,30 @@

		#define CERT_FILE "server.pem"

		BIO *in = NULL;
		static int done = 0;

		void close_up()
		void interrupt()
		{
		BIO_free(in);
		done = 1;
		}

		void sigsetup(void)
		{
		struct sigaction sa;

		/*
		* Catch at most once, and don't restart the accept system call.
		*/
		sa.sa_flags = SA_RESETHAND;
		sa.sa_handler = interrupt;
		sigemptyset(&sa.sa_mask);
		sigaction(SIGINT, &sa, NULL);
		}

		int main(int argc, char *argv[])
		{
		char *port = NULL;
		BIO *in = NULL;
		BIO ssl_bio, tmp;
		SSL_CTX *ctx;
		char buf[512];
		@@ -38,15 +52,13 @@ int main(int argc, char *argv[])
		else
		port = argv[1];

		signal(SIGINT, close_up);

		SSL_load_error_strings();

		/* Add ciphers and message digests */
		OpenSSL_add_ssl_algorithms();

		ctx = SSL_CTX_new(TLS_server_method());
		if (!SSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
		if (!SSL_CTX_use_certificate_chain_file(ctx, CERT_FILE))
		goto err;
		if (!SSL_CTX_use_PrivateKey_file(ctx, CERT_FILE, SSL_FILETYPE_PEM))
		goto err;
		@@ -66,6 +78,9 @@ int main(int argc, char *argv[])
		*/
		BIO_set_accept_bios(in, ssl_bio);

		/* Arrange to leave server loop on interrupt */
		sigsetup();

		again:
		/*
		* The first call will setup the accept socket, and the second will get a
		@@ -76,7 +91,7 @@ int main(int argc, char *argv[])
		if (BIO_do_accept(in) <= 0)
		goto err;

		for (;;) {
		while (!done) {
		i = BIO_read(in, buf, 512);
		if (i == 0) {
		/*