mirror of
git://git.psyced.org/git/psyclpc
synced 2024-08-15 03:20:16 +00:00
do not use funny jargon string for DHE
use larger buffer and limit strings to buffer length for OBJ_obj2txt
This commit is contained in:
Philipp Hancke
parent
08edfd513f
commit
b50fd22a63
1 changed files with 27 additions and 34 deletions
|
|
@ -106,28 +106,11 @@ set_dhe1024 (void)
|
|||
int i;
|
||||
DSA *dsaparams;
|
||||
DH *dhparams;
|
||||
const char *seed[] = { ";-) :-( :-) :-( ",
|
||||
";-) :-( :-) :-( ",
|
||||
"Random String no. 12",
|
||||
";-) :-( :-) :-( ",
|
||||
"hackers have even mo", /* from jargon file */
|
||||
};
|
||||
unsigned char seedbuf[20];
|
||||
|
||||
if (dhe1024 != NULL)
|
||||
return MY_TRUE;
|
||||
|
||||
RAND_bytes((unsigned char *) &i, sizeof i);
|
||||
|
||||
/* Make sure that i is non-negative - pick one of the provided seeds */
|
||||
if (i < 0)
|
||||
i = -1;
|
||||
if (i < 0) /* happens if i == MININT */
|
||||
i = 0;
|
||||
|
||||
i %= sizeof seed / sizeof seed[0];
|
||||
memcpy(seedbuf, seed[i], 20);
|
||||
dsaparams = DSA_generate_parameters(1024, seedbuf, 20, NULL, NULL, 0, NULL);
|
||||
dsaparams = DSA_generate_parameters(1024, NULL, 0, NULL, NULL, 0, NULL);
|
||||
|
||||
if (dsaparams == NULL)
|
||||
return MY_FALSE;
|
||||
|
|
@ -1125,7 +1108,8 @@ f_tls_check_certificate(svalue_t *sp)
|
|||
if (peer != NULL)
|
||||
{
|
||||
int i, j, len;
|
||||
char buf[256];
|
||||
// used by OBJ_obj2txt - anything larger than 4096 bytes will be trimmed
|
||||
char buf[4096];
|
||||
vector_t *extra = NULL;
|
||||
|
||||
v = allocate_array(2 + more);
|
||||
|
|
@ -1150,13 +1134,15 @@ f_tls_check_certificate(svalue_t *sp)
|
|||
ob = X509_NAME_ENTRY_get_object(entry);
|
||||
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ob, 1);
|
||||
if (len > sizeof buf) len = sizeof buf;
|
||||
put_c_n_string(&(extra->item[3 * i]), buf, len);
|
||||
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ob, 0);
|
||||
put_c_n_string(&(extra->item[3 * i + 1]), buf, len);
|
||||
|
||||
put_c_string(&(extra->item[3 * i + 2])
|
||||
, (char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)));
|
||||
put_c_n_string(&(extra->item[3 * i + 2]),
|
||||
(char *)ASN1_STRING_data(X509_NAME_ENTRY_get_data(entry)),
|
||||
ASN1_STRING_length(X509_NAME_ENTRY_get_data(entry)));
|
||||
}
|
||||
put_array(&(v->item[1]), extra);
|
||||
|
||||
|
|
@ -1182,10 +1168,12 @@ f_tls_check_certificate(svalue_t *sp)
|
|||
break;
|
||||
}
|
||||
/* extension name */
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext->object, 1),
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext->object, 1);
|
||||
if (len > sizeof buf) len = sizeof buf;
|
||||
put_c_n_string(&(extensions->item[3 * i]), (char *)buf, len);
|
||||
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext->object, 0),
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext->object, 0);
|
||||
if (len > sizeof buf) len = sizeof buf;
|
||||
put_c_n_string(&(extensions->item[3 * i + 1]), (char *)buf, len);
|
||||
|
||||
/* extension values */
|
||||
|
|
@ -1208,34 +1196,39 @@ f_tls_check_certificate(svalue_t *sp)
|
|||
case GEN_OTHERNAME:
|
||||
value = ext_val->d.otherName->value->value.asn1_string;
|
||||
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 1),
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 1);
|
||||
if (len > sizeof buf) len = sizeof buf;
|
||||
put_c_n_string(&(extension->item[3 * iter]), buf, len);
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 0),
|
||||
len = OBJ_obj2txt(buf, sizeof buf, ext_val->d.otherName->type_id, 0);
|
||||
if (len > sizeof buf) len = sizeof buf;
|
||||
put_c_n_string(&(extension->item[3 * iter + 1]), buf, len);
|
||||
put_c_string(&(extension->item[3 * iter + 2])
|
||||
, (char*)ASN1_STRING_data(value));
|
||||
put_c_n_string(&(extension->item[3 * iter + 2]),
|
||||
(char*)ASN1_STRING_data(value),
|
||||
ASN1_STRING_length(value));
|
||||
break;
|
||||
case GEN_DNS:
|
||||
value = ext_val->d.dNSName;
|
||||
put_c_n_string(&(extension->item[3 * iter]), "dNSName", 7);
|
||||
put_c_n_string(&(extension->item[3 * iter + 1]), "dNSName", 7);
|
||||
put_c_string(&(extension->item[3 * iter + 2])
|
||||
, (char*)ASN1_STRING_data(value));
|
||||
|
||||
put_c_n_string(&(extension->item[3 * iter + 2]),
|
||||
(char*)ASN1_STRING_data(value),
|
||||
ASN1_STRING_length(value));
|
||||
break;
|
||||
case GEN_EMAIL:
|
||||
value = ext_val->d.rfc822Name;
|
||||
put_c_n_string(&(extension->item[3 * iter]), "rfc822Name", 10);
|
||||
put_c_n_string(&(extension->item[3 * iter + 1]), "rfc822Name", 10);
|
||||
put_c_string(&(extension->item[3 * iter + 2])
|
||||
, (char*)ASN1_STRING_data(value));
|
||||
put_c_n_string(&(extension->item[3 * iter + 2]),
|
||||
(char*)ASN1_STRING_data(value),
|
||||
ASN1_STRING_length(value));
|
||||
break;
|
||||
case GEN_URI:
|
||||
value = ext_val->d.uniformResourceIdentifier;
|
||||
put_c_n_string(&(extension->item[3 * iter]), "uniformResourceIdentifier", 25);
|
||||
put_c_n_string(&(extension->item[3 * iter + 1]), "uniformResourceIdentifier", 25);
|
||||
put_c_string(&(extension->item[3 * iter + 2])
|
||||
, (char*)ASN1_STRING_data(value));
|
||||
put_c_n_string(&(extension->item[3 * iter + 2]),
|
||||
(char*)ASN1_STRING_data(value),
|
||||
ASN1_STRING_length(value));
|
||||
break;
|
||||
|
||||
/* TODO: the following are unimplemented
|
||||
|
|
|
|||
Loading…
Reference in a new issue