Browse Source

[TLS] use fdevent_load_file_bytes() for STEK file

remove direct dependency on <unistd.h> from lighttpd TLS modules
master
Glenn Strauss 1 year ago
parent
commit
874707cd66
  1. 12
      src/mod_gnutls.c
  2. 12
      src/mod_mbedtls.c
  3. 1
      src/mod_nss.c
  4. 12
      src/mod_openssl.c
  5. 12
      src/mod_wolfssl.c

12
src/mod_gnutls.c

@ -36,7 +36,6 @@
#include <stdlib.h>
#include <stdio.h> /* vsnprintf() */
#include <string.h>
#include <unistd.h>
#include <gnutls/gnutls.h>
#include <gnutls/ocsp.h>
@ -339,15 +338,10 @@ mod_gnutls_session_ticket_key_file (const char *fn)
* admin should activate keys immediately (without +300).
*/
int buf[23]; /* 92 bytes */
int fd = fdevent_open_cloexec(fn, 1, O_RDONLY, 0);
if (fd < 0)
return 0;
ssize_t rd = read(fd, buf, sizeof(buf));
close(fd);
int rc = 0; /*(will retry on next check interval upon any error)*/
if (rd == sizeof(buf) && buf[0] == 0) { /*(format version 0)*/
if (0 != fdevent_load_file_bytes((char *)buf,(off_t)sizeof(buf),0,fn,NULL))
return rc;
if (buf[0] == 0) { /*(format version 0)*/
session_ticket_keys[0].active_ts = buf[1];
session_ticket_keys[0].expire_ts = buf[2];
memcpy(&session_ticket_keys[0].tick_key_name, buf+3, 80);

12
src/mod_mbedtls.c

@ -54,7 +54,6 @@
#include <stdlib.h>
#include <stdio.h> /* vsnprintf() */
#include <string.h>
#include <unistd.h>
#include <mbedtls/ctr_drbg.h>
#include <mbedtls/dhm.h>
@ -305,15 +304,10 @@ mod_mbedtls_session_ticket_key_file (const char *fn)
* admin should activate keys immediately (without +300).
*/
int buf[23]; /* 92 bytes */
int fd = fdevent_open_cloexec(fn, 1, O_RDONLY, 0);
if (fd < 0)
return 0;
ssize_t rd = read(fd, buf, sizeof(buf));
close(fd);
int rc = 0; /*(will retry on next check interval upon any error)*/
if (rd == sizeof(buf) && buf[0] == 0) { /*(format version 0)*/
if (0 != fdevent_load_file_bytes((char *)buf,(off_t)sizeof(buf),0,fn,NULL))
return rc;
if (buf[0] == 0) { /*(format version 0)*/
session_ticket_keys[0].active_ts = buf[1];
session_ticket_keys[0].expire_ts = buf[2];
memcpy(&session_ticket_keys[0].tick_key_name, buf+3, 80);

1
src/mod_nss.c

@ -77,7 +77,6 @@
#include <stdlib.h>
#include <stdio.h> /* vsnprintf() */
#include <string.h>
#include <unistd.h>
#if defined(__CYGWIN__)
#include <nspr/nspr.h>

12
src/mod_openssl.c

@ -35,7 +35,6 @@
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/*(not needed)*/
/* correction; needed for:
@ -385,15 +384,10 @@ mod_openssl_session_ticket_key_file (const char *fn)
* admin should activate keys immediately (without +300).
*/
int buf[23]; /* 92 bytes */
int fd = fdevent_open_cloexec(fn, 1, O_RDONLY, 0);
if (fd < 0)
return 0;
ssize_t rd = read(fd, buf, sizeof(buf));
close(fd);
int rc = 0; /*(will retry on next check interval upon any error)*/
if (rd == sizeof(buf) && buf[0] == 0) { /*(format version 0)*/
if (0 != fdevent_load_file_bytes((char *)buf,(off_t)sizeof(buf),0,fn,NULL))
return rc;
if (buf[0] == 0) { /*(format version 0)*/
session_ticket_keys[3].active_ts = buf[1];
session_ticket_keys[3].expire_ts = buf[2];
#ifndef __COVERITY__ /* intentional; hide from Coverity Scan */

12
src/mod_wolfssl.c

@ -34,7 +34,6 @@
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
/*
* Note: mod_wolfssl.c is forked from mod_openssl.c
@ -386,15 +385,10 @@ mod_openssl_session_ticket_key_file (const char *fn)
* admin should activate keys immediately (without +300).
*/
int buf[23]; /* 92 bytes */
int fd = fdevent_open_cloexec(fn, 1, O_RDONLY, 0);
if (fd < 0)
return 0;
ssize_t rd = read(fd, buf, sizeof(buf));
close(fd);
int rc = 0; /*(will retry on next check interval upon any error)*/
if (rd == sizeof(buf) && buf[0] == 0) { /*(format version 0)*/
if (0 != fdevent_load_file_bytes((char *)buf,(off_t)sizeof(buf),0,fn,NULL))
return rc;
if (buf[0] == 0) { /*(format version 0)*/
session_ticket_keys[3].active_ts = buf[1];
session_ticket_keys[3].expire_ts = buf[2];
#ifndef __COVERITY__ /* intentional; hide from Coverity Scan */

Loading…
Cancel
Save