diff options
Diffstat (limited to 'src/libmowgli')
| -rw-r--r-- | src/libmowgli/base/formatter.c | 2 | ||||
| -rw-r--r-- | src/libmowgli/base/hash.c | 4 | ||||
| -rw-r--r-- | src/libmowgli/base/hook.c | 2 | ||||
| -rw-r--r-- | src/libmowgli/container/patricia.c | 6 | ||||
| -rw-r--r-- | src/libmowgli/dns/evloop_res.c | 8 | ||||
| -rw-r--r-- | src/libmowgli/ext/json.c | 10 | ||||
| -rw-r--r-- | src/libmowgli/ext/program_opts.c | 18 | ||||
| -rw-r--r-- | src/libmowgli/object/class.c | 2 | ||||
| -rw-r--r-- | src/libmowgli/platform/machine.h | 2 | ||||
| -rw-r--r-- | src/libmowgli/vio/vio.c | 2 | ||||
| -rw-r--r-- | src/libmowgli/vio/vio.h | 12 | ||||
| -rw-r--r-- | src/libmowgli/vio/vio_openssl.c | 115 |
12 files changed, 90 insertions, 93 deletions
diff --git a/src/libmowgli/base/formatter.c b/src/libmowgli/base/formatter.c index db908e7..f4c0e4c 100644 --- a/src/libmowgli/base/formatter.c +++ b/src/libmowgli/base/formatter.c @@ -50,7 +50,7 @@ mowgli_formatter_format_from_argstack(char *buf, size_t bufstr, const char *fmts arg = atoi(fiter); e = mowgli_node_nth_data(&stack->stack, arg - 1); - while (isdigit(*fiter)) + while (isdigit((unsigned char)*fiter)) { fiter++; } diff --git a/src/libmowgli/base/hash.c b/src/libmowgli/base/hash.c index a2734d0..7de115c 100644 --- a/src/libmowgli/base/hash.c +++ b/src/libmowgli/base/hash.c @@ -46,7 +46,7 @@ mowgli_fnv_hash_string(const char *p) for (; *p != '\0'; ++p) { hval += (hval << 1) + (hval << 4) + (hval << 7) + (hval << 8) + (hval << 24); - hval ^= (tolower(*p) ^ htoast); + hval ^= (tolower((unsigned char)*p) ^ htoast); } return (hval >> HASHBITS) ^ (hval & ((1 << HASHBITS) - 1)) % HASHSIZE; @@ -71,7 +71,7 @@ mowgli_fnv_hash(unsigned int *p) for (; *p != '\0'; ++p) { hval += (hval << 1) + (hval << 4) + (hval << 7) + (hval << 8) + (hval << 24); - hval ^= (tolower(*p) ^ htoast); + hval ^= (tolower((unsigned char)*p) ^ htoast); } return (hval >> HASHBITS) ^ (hval & ((1 << HASHBITS) - 1)) % HASHSIZE; diff --git a/src/libmowgli/base/hook.c b/src/libmowgli/base/hook.c index 315266a..7083bd7 100644 --- a/src/libmowgli/base/hook.c +++ b/src/libmowgli/base/hook.c @@ -32,7 +32,7 @@ _hook_key_canon(char *str) { while (*str) { - *str = toupper(*str); + *str = toupper((unsigned char)*str); str++; } } diff --git a/src/libmowgli/container/patricia.c b/src/libmowgli/container/patricia.c index 5d5ec3d..8e16efd 100644 --- a/src/libmowgli/container/patricia.c +++ b/src/libmowgli/container/patricia.c @@ -710,9 +710,9 @@ mowgli_patricia_elem_add(mowgli_patricia_t *dict, const char *key, void *data) int val, keylen; int i, j; - return_val_if_fail(dict != NULL, FALSE); - return_val_if_fail(key != NULL, FALSE); - return_val_if_fail(data != NULL, FALSE); + return_val_if_fail(dict != NULL, NULL); + return_val_if_fail(key != NULL, NULL); + return_val_if_fail(data != NULL, NULL); keylen = strlen(key); ckey = mowgli_strdup(key); diff --git a/src/libmowgli/dns/evloop_res.c b/src/libmowgli/dns/evloop_res.c index f3292dc..2432ee1 100644 --- a/src/libmowgli/dns/evloop_res.c +++ b/src/libmowgli/dns/evloop_res.c @@ -236,7 +236,7 @@ parse_resvconf(mowgli_dns_t *dns) p = input; /* skip until something thats not a space is seen */ - while (isspace(*p)) + while (isspace((unsigned char)*p)) { p++; } @@ -252,7 +252,7 @@ parse_resvconf(mowgli_dns_t *dns) /* skip until a space is found */ opt = p; - while (!isspace(*p) && *p != '\0') + while (!isspace((unsigned char)*p) && *p != '\0') { p++; } @@ -264,7 +264,7 @@ parse_resvconf(mowgli_dns_t *dns) *p++ = '\0'; /* skip these spaces that are before the argument */ - while (isspace(*p)) + while (isspace((unsigned char)*p)) { p++; } @@ -713,7 +713,7 @@ do_query_number(mowgli_dns_t *dns, mowgli_dns_query_t *query, const struct socka (unsigned int) (cp[i] & 0xf), (unsigned int) (cp[i] >> 4)); - strcpy(rqptr, ".ip6.arpa"); + strcpy(rqptr, "ip6.arpa"); } else { diff --git a/src/libmowgli/ext/json.c b/src/libmowgli/ext/json.c index 3e273a4..0470463 100644 --- a/src/libmowgli/ext/json.c +++ b/src/libmowgli/ext/json.c @@ -1179,12 +1179,12 @@ lex_char(mowgli_json_parse_t *parse, char c) case ',': lex_easy(parse, TS_VALUE_SEP); return false; } - if ((c == '-') || (c == '.') || isdigit(c)) + if ((c == '-') || (c == '.') || isdigit((unsigned char)c)) { parse->lex = LEX_NUMBER; return true; } - else if (isalpha(c)) + else if (isalpha((unsigned char)c)) { parse->lex = LEX_IDENTIFIER; return true; @@ -1194,7 +1194,7 @@ lex_char(mowgli_json_parse_t *parse, char c) parse->lex = LEX_STRING; return false; } - else if (isspace(c)) + else if (isspace((unsigned char)c)) { return false; } @@ -1248,7 +1248,7 @@ lex_char(mowgli_json_parse_t *parse, char c) case LEX_NUMBER: - if ((c == '-') || (c == '.') || isdigit(c) || (toupper(c) == 'E')) + if ((c == '-') || (c == '.') || isdigit((unsigned char)c) || (toupper((unsigned char)c) == 'E')) { lex_append(parse, c); return false; @@ -1263,7 +1263,7 @@ lex_char(mowgli_json_parse_t *parse, char c) case LEX_IDENTIFIER: - if (isalpha(c)) + if (isalpha((unsigned char)c)) { lex_append(parse, c); return false; diff --git a/src/libmowgli/ext/program_opts.c b/src/libmowgli/ext/program_opts.c index d07c063..93b04ac 100644 --- a/src/libmowgli/ext/program_opts.c +++ b/src/libmowgli/ext/program_opts.c @@ -52,24 +52,6 @@ mowgli_program_opts_consumer_bool(const char *arg, void *userdata) *(bool *) userdata = true; } -static inline mowgli_program_opts_t * -mowgli_program_opts_lookup_name(mowgli_program_opts_t *opts, size_t opts_size, const char *name) -{ - size_t i; - - if (strlen(name) > 1) - for (i = 0; i < opts_size; i++) - if (!strcasecmp(name, opts[i].longopt)) - return &opts[i]; - - else - for (i = 0; i < opts_size; i++) - if (*name == opts[i].smallopt) - return &opts[i]; - - return NULL; -} - static inline mowgli_getopt_option_t * mowgli_program_opts_convert(const mowgli_program_opts_t *opts, size_t opts_size) { diff --git a/src/libmowgli/object/class.c b/src/libmowgli/object/class.c index 627b59d..a7694bb 100644 --- a/src/libmowgli/object/class.c +++ b/src/libmowgli/object/class.c @@ -30,7 +30,7 @@ _object_key_canon(char *str) { while (*str) { - *str = toupper(*str); + *str = toupper((unsigned char)*str); str++; } } diff --git a/src/libmowgli/platform/machine.h b/src/libmowgli/platform/machine.h index 6b23514..8763bb2 100644 --- a/src/libmowgli/platform/machine.h +++ b/src/libmowgli/platform/machine.h @@ -186,7 +186,7 @@ # if defined _LP64 || defined __LP64 # define MOWGLI_CPU_BITS 64 # define MOWGLI_CPU_BITS_64 -# elif +# else # define MOWGLI_CPU_BITS 32 # define MOWGLI_CPU_BITS_32 # endif diff --git a/src/libmowgli/vio/vio.c b/src/libmowgli/vio/vio.c index 2570e22..da6802b 100644 --- a/src/libmowgli/vio/vio.c +++ b/src/libmowgli/vio/vio.c @@ -226,7 +226,7 @@ mowgli_vio_err_sslerrcode(mowgli_vio_t *vio, unsigned long int errcode) int mowgli_vio_err_sslerrcode(mowgli_vio_t *vio, unsigned long int errcode) { - return_if_fail(vio); + return_val_if_fail(vio, -255); vio->error.type = MOWGLI_VIO_ERR_ERRCODE; vio->error.code = errcode; diff --git a/src/libmowgli/vio/vio.h b/src/libmowgli/vio/vio.h index aafab2a..0fc3aa6 100644 --- a/src/libmowgli/vio/vio.h +++ b/src/libmowgli/vio/vio.h @@ -162,7 +162,6 @@ typedef struct _mowgli_vio_ssl_settings { const char *cert_path; const char *privatekey_path; - int ssl_version; int (*password_func)(char *, int, int, void *); int (*verify_func)(int, void *); } mowgli_vio_ssl_settings_t; @@ -180,22 +179,15 @@ typedef struct _mowgli_vio_ssl_settings #define MOWGLI_VIO_FLAGS_NEEDREAD 0x00040 #define MOWGLI_VIO_FLAGS_NEEDWRITE 0x00080 -/* SSL flags */ -#define MOWGLI_VIO_SSLFLAGS_SSLV2 0x00001 -#define MOWGLI_VIO_SSLFLAGS_SSLV3 0x00002 -#define MOWGLI_VIO_SSLFLAGS_TLSV10 0x00004 -#define MOWGLI_VIO_SSLFLAGS_TLSV11 0x00008 -#define MOWGLI_VIO_SSLFLAGS_TLSV12 0x00010 - /* Flag setting/getting */ static inline bool -mowgli_vio_hasflag(mowgli_vio_t *vio, int flag) +mowgli_vio_hasflag(mowgli_vio_t *vio, unsigned int flag) { return (vio->flags & flag) != 0 ? true : false; } static inline void -mowgli_vio_setflag(mowgli_vio_t *vio, int flag, bool setting) +mowgli_vio_setflag(mowgli_vio_t *vio, unsigned int flag, bool setting) { if (setting) vio->flags |= flag; diff --git a/src/libmowgli/vio/vio_openssl.c b/src/libmowgli/vio/vio_openssl.c index d492c9f..15f4519 100644 --- a/src/libmowgli/vio/vio_openssl.c +++ b/src/libmowgli/vio/vio_openssl.c @@ -30,6 +30,27 @@ #ifdef HAVE_OPENSSL +#include <openssl/opensslv.h> + +#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) +# include <openssl/ec.h> +#endif + +#if defined(LIBRESSL_VERSION_NUMBER) && (LIBRESSL_VERSION_NUMBER >= 0x20020002L) +# define MOWGLI_HAVE_OPENSSL_TLS_METHOD_API 1 +#else +# if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10100000L) +# define MOWGLI_HAVE_OPENSSL_TLS_METHOD_API 1 +# endif +#endif + +#if (OPENSSL_VERSION_NUMBER >= 0x10000000L) && defined(NID_X9_62_prime256v1) +# define MOWGLI_HAVE_OPENSSL_ECDH_SUPPORT 1 +# if !defined(LIBRESSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER >= 0x10002001L) +# define MOWGLI_HAVE_OPENSSL_ECDH_AUTO 1 +# endif +#endif + typedef struct { SSL *ssl_handle; @@ -61,9 +82,6 @@ mowgli_vio_openssl_setssl(mowgli_vio_t *vio, mowgli_vio_ssl_settings_t *settings if (settings) memcpy(&connection->settings, settings, sizeof(mowgli_vio_ssl_settings_t)); - else - /* Greatest compat without being terribly insecure */ - connection->settings.ssl_version = MOWGLI_VIO_SSLFLAGS_SSLV3; if (ops == NULL) { @@ -161,35 +179,28 @@ mowgli_vio_openssl_default_listen(mowgli_vio_t *vio, int backlog) return_val_if_fail(vio, -255); mowgli_ssl_connection_t *connection = vio->privdata; - const SSL_METHOD *method; const int fd = mowgli_vio_getfd(vio); vio->error.op = MOWGLI_VIO_ERR_OP_LISTEN; - switch (connection->settings.ssl_version) - { - case MOWGLI_VIO_SSLFLAGS_SSLV2: - method = SSLv23_server_method(); - break; - case MOWGLI_VIO_SSLFLAGS_SSLV3: - method = SSLv3_server_method(); - break; - case MOWGLI_VIO_SSLFLAGS_TLSV10: - case MOWGLI_VIO_SSLFLAGS_TLSV11: - case MOWGLI_VIO_SSLFLAGS_TLSV12: - method = TLSv1_server_method(); - break; - default: - - /* Compat method */ - method = SSLv23_server_method(); - } - - connection->ssl_context = SSL_CTX_new((SSL_METHOD *) method); +#ifndef MOWGLI_HAVE_OPENSSL_TLS_METHOD_API + connection->ssl_context = SSL_CTX_new(SSLv23_server_method()); +#else + connection->ssl_context = SSL_CTX_new(TLS_server_method()); +#endif if (connection->ssl_context == NULL) return mowgli_vio_err_sslerrcode(vio, ERR_get_error()); +#ifndef MOWGLI_HAVE_OPENSSL_TLS_METHOD_API +# ifdef SSL_OP_NO_SSLv2 + SSL_CTX_set_options(connection->ssl_context, SSL_OP_NO_SSLv2); +# endif +# ifdef SSL_OP_NO_SSLv3 + SSL_CTX_set_options(connection->ssl_context, SSL_OP_NO_SSLv3); +# endif +#endif + connection->ssl_handle = SSL_new(connection->ssl_context); if (connection->ssl_handle == NULL) @@ -198,6 +209,26 @@ mowgli_vio_openssl_default_listen(mowgli_vio_t *vio, int backlog) SSL_set_accept_state(connection->ssl_handle); SSL_CTX_set_options(connection->ssl_context, SSL_OP_SINGLE_DH_USE); +#ifdef MOWGLI_HAVE_OPENSSL_ECDH_SUPPORT +# ifdef MOWGLI_HAVE_OPENSSL_ECDH_AUTO + SSL_CTX_set_ecdh_auto(connection->ssl_context, 1); +# else + + EC_KEY *ec_key_p256 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + + if (ec_key_p256 != NULL) + { + SSL_CTX_set_tmp_ecdh(connection->ssl_context, ec_key_p256); + EC_KEY_free(ec_key_p256); + ec_key_p256 = NULL; + } + +# endif +# ifdef SSL_OP_SINGLE_ECDH_USE + SSL_CTX_set_options(connection->ssl_context, SSL_OP_SINGLE_ECDH_USE); +# endif +#endif + if (connection->settings.password_func) { SSL_CTX_set_default_passwd_cb(connection->ssl_context, connection->settings.password_func); @@ -306,35 +337,27 @@ mowgli_vio_openssl_client_handshake(mowgli_vio_t *vio, mowgli_ssl_connection_t * { const int fd = mowgli_vio_getfd(vio); int ret; - const SSL_METHOD *method; vio->error.op = MOWGLI_VIO_ERR_OP_CONNECT; - switch (connection->settings.ssl_version) - { - case MOWGLI_VIO_SSLFLAGS_SSLV2: - method = SSLv23_client_method(); - break; - case MOWGLI_VIO_SSLFLAGS_SSLV3: - method = SSLv3_client_method(); - break; - case MOWGLI_VIO_SSLFLAGS_TLSV10: - case MOWGLI_VIO_SSLFLAGS_TLSV11: - case MOWGLI_VIO_SSLFLAGS_TLSV12: - method = TLSv1_client_method(); - break; - default: - - /* Compat method */ - method = SSLv23_client_method(); - } - - /* Cast is to eliminate an excessively bogus warning on old OpenSSL --Elizacat */ - connection->ssl_context = SSL_CTX_new((SSL_METHOD *) method); +#ifndef MOWGLI_HAVE_OPENSSL_TLS_METHOD_API + connection->ssl_context = SSL_CTX_new(SSLv23_client_method()); +#else + connection->ssl_context = SSL_CTX_new(TLS_client_method()); +#endif if (connection->ssl_context == NULL) return mowgli_vio_err_sslerrcode(vio, ERR_get_error()); +#ifndef MOWGLI_HAVE_OPENSSL_TLS_METHOD_API +# ifdef SSL_OP_NO_SSLv2 + SSL_CTX_set_options(connection->ssl_context, SSL_OP_NO_SSLv2); +# endif +# ifdef SSL_OP_NO_SSLv3 + SSL_CTX_set_options(connection->ssl_context, SSL_OP_NO_SSLv3); +# endif +#endif + connection->ssl_handle = SSL_new(connection->ssl_context); if (connection->ssl_handle == NULL) |