* Author: Viktor Dukhovni
* License: THIS CODE IS IN THE PUBLIC DOMAIN.
*
- * Copyright (c) The Exim Maintainers 2014 - 2016
+ * Copyright (c) The Exim Maintainers 2014 - 2017
*/
#include <stdio.h>
#include <string.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
# define X509_up_ref(x) CRYPTO_add(&((x)->references), 1, CRYPTO_LOCK_X509)
#endif
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
# define EXIM_HAVE_ASN1_MACROS
# define EXIM_OPAQUE_X509
#else
#ifndef OPENSSL_NO_ERR
#define DANESSL_F_PLACEHOLDER 0 /* FIRST! Value TBD */
static ERR_STRING_DATA dane_str_functs[] = {
+ /* error string */
{DANESSL_F_PLACEHOLDER, "DANE library"}, /* FIRST!!! */
{DANESSL_F_ADD_SKID, "add_skid"},
{DANESSL_F_ADD_TLSA, "DANESSL_add_tlsa"},
{0, NULL}
};
static ERR_STRING_DATA dane_str_reasons[] = {
+ /* error string */
{DANESSL_R_BAD_CERT, "Bad TLSA record certificate"},
{DANESSL_R_BAD_CERT_PKEY, "Bad TLSA record certificate public key"},
{DANESSL_R_BAD_DATA_LENGTH, "Bad TLSA record digest length"},
{
case DANESSL_SELECTOR_CERT:
len = i2d_X509(cert, NULL);
- buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
+ buf2 = buf = US OPENSSL_malloc(len);
if(buf) i2d_X509(cert, &buf2);
break;
case DANESSL_SELECTOR_SPKI:
len = i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), NULL);
- buf2 = buf = (unsigned char *) OPENSSL_malloc(len);
+ buf2 = buf = US OPENSSL_malloc(len);
if(buf) i2d_X509_PUBKEY(X509_get_X509_PUBKEY(cert), &buf2);
break;
}
}
static int
-set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid)
+set_issuer_name(X509 *cert, AUTHORITY_KEYID *akid, X509_NAME *subj)
{
X509_NAME *name = akid_issuer_name(akid);
* must use that.
*/
return X509_set_issuer_name(cert,
- name ? name : X509_get_subject_name(cert));
+ name ? name : subj);
}
static int
*/
if ( !X509_set_version(cert, 2)
|| !set_serial(cert, akid, subject)
- || !set_issuer_name(cert, akid)
+ || !set_issuer_name(cert, akid, name)
|| !X509_gmtime_adj(X509_getm_notBefore(cert), -30 * 86400L)
|| !X509_gmtime_adj(X509_getm_notAfter(cert), 30 * 86400L)
|| !X509_set_subject_name(cert, name)
/*
* If the TA certificate is self-issued, or need not be, use it directly.
- * Otherwise, synthesize requisuite ancestors.
+ * Otherwise, synthesize requisite ancestors.
*/
if ( !wrap_to_root
|| X509_check_issued(tacert, tacert) == X509_V_OK)
{
if (grow_chain(dane, UNTRUSTED, ca))
{
- if (!X509_check_issued(ca, ca) == X509_V_OK)
+ if (X509_check_issued(ca, ca) != X509_V_OK)
{
/* Restart with issuer as subject */
cert = ca;
return 0;
if (ASN1_STRING_type(gn->d.ia5) != V_ASN1_IA5STRING)
return 0;
-return check_name((const char *) ASN1_STRING_get0_data(gn->d.ia5),
+return check_name(CCS ASN1_STRING_get0_data(gn->d.ia5),
ASN1_STRING_length(gn->d.ia5));
}
if ((len = ASN1_STRING_to_UTF8(&namebuf, entry_str)) < 0)
return 0;
-if (len <= 0 || check_name((char *) namebuf, len) == 0)
+if (len <= 0 || check_name(CS namebuf, len) == 0)
{
OPENSSL_free(namebuf);
return 0;
}
-return (char *) namebuf;
+return CS namebuf;
}
static int
return 0;
}
- /* Support built-in standard one-digit mtypes */
- if (mdname && *mdname && mdname[1] == '\0')
- switch (*mdname - '0')
- {
- case DANESSL_MATCHING_FULL: mdname = 0; break;
- case DANESSL_MATCHING_2256: mdname = "sha256"; break;
- case DANESSL_MATCHING_2512: mdname = "sha512"; break;
- }
- if (mdname && *mdname && (md = EVP_get_digestbyname(mdname)) == 0)
- {
- DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DIGEST);
- return 0;
- }
- if (mdname && *mdname && dlen != EVP_MD_size(md))
- {
- DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DATA_LENGTH);
- return 0;
- }
- if (!data)
- {
- DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_NULL_DATA);
- return 0;
- }
+/* Support built-in standard one-digit mtypes */
+if (mdname && *mdname && mdname[1] == '\0')
+ switch (*mdname - '0')
+ {
+ case DANESSL_MATCHING_FULL: mdname = 0; break;
+ case DANESSL_MATCHING_2256: mdname = "sha256"; break;
+ case DANESSL_MATCHING_2512: mdname = "sha512"; break;
+ }
+if (mdname && *mdname && !(md = EVP_get_digestbyname(mdname)))
+ {
+ DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DIGEST);
+ return 0;
+ }
+if (mdname && *mdname && dlen != EVP_MD_size(md))
+ {
+ DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_DATA_LENGTH);
+ return 0;
+ }
+if (!data)
+ {
+ DANEerr(DANESSL_F_ADD_TLSA, DANESSL_R_BAD_NULL_DATA);
+ return 0;
+ }
- /*
- * Full Certificate or Public Key when NULL or empty digest name
- */
- if (!mdname || !*mdname)
- {
- X509 *x = 0;
- EVP_PKEY *k = 0;
- const unsigned char *p = data;
+/*
+ * Full Certificate or Public Key when NULL or empty digest name
+ */
+if (!mdname || !*mdname)
+ {
+ X509 *x = 0;
+ EVP_PKEY *k = 0;
+ const unsigned char *p = data;
#define xklistinit(lvar, ltype, var, freeFunc) do { \
(lvar) = (ltype) OPENSSL_malloc(sizeof(*(lvar))); \
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
static void
run_once(volatile int * once, void (*init)(void))
{
git://git.exim.org / users / heiko / exim.git / blobdiff