{ "feature": "TLS", "total_removable_lines": 1743, "files_affected": 18, "files": [ { "file": "conf.c", "removable_lines": 326, "line_numbers": [ 275, 276, 278, 279, 280, 281, 282, 283, 284, 285, 286, 287, 288, 289, 294, 331, 332, 334, 335, 336, 338, 339, 342, 486, 487, 489, 490, 491, 492, 493, 494, 495, 496, 497, 498, 499, 500, 501, 502, 503, 504, 505, 507, 508, 696, 699, 700, 701, 703, 704, 705, 708, 756, 762, 768, 769, 770, 771, 772, 773, 776, 777, 833, 834, 836, 837, 839, 840, 841, 883, 884, 887, 888, 889, 899, 900, 901, 903, 904, 905, 906, 908, 910, 911, 912, 914, 915, 918, 919, 921, 923, 924, 925, 927, 928, 932, 933, 940, 941, 951, 952, 953, 954, 957, 958, 959, 962, 964, 968, 969, 970, 971, 973, 975, 979, 980, 981, 982, 984, 986, 990, 991, 992, 993, 996, 997, 998, 1001, 1003, 1007, 1008, 1009, 1010, 1013, 1014, 1015, 1018, 1020, 1024, 1025, 1026, 1027, 1029, 1030, 1031, 1033, 1035, 1039, 1040, 1041, 1042, 1044, 1045, 1046, 1047, 1049, 1053, 1054, 1055, 1056, 1058, 1060, 1064, 1065, 1077, 1078, 1088, 1089, 1090, 1091, 1094, 1095, 1096, 1099, 1101, 1105, 1106, 1131, 1132, 1133, 1134, 1136, 1137, 1138, 1140, 1142, 1146, 1147, 1148, 1149, 1151, 1153, 1159, 1160, 1164, 1168, 1169, 1171, 1177, 1178, 1182, 1185, 1186, 1189, 1190, 1192, 1196, 1197, 1199, 1203, 1204, 1214, 1215, 1225, 1226, 1235, 1236, 1237, 1238, 1239, 1240, 1243, 1244, 1290, 1293, 1294, 1296, 1300, 1301, 1303, 1310, 1314, 1315, 1328, 1330, 1354, 1355, 1356, 1359, 1360, 1382, 1860, 1862, 1863, 1864, 1865, 1866, 1867, 1869, 1871, 1873, 1874, 1876, 1878, 1879, 1880, 1882, 1883, 1885, 1887, 2001, 2003, 2004, 2006, 2008, 2010, 2011, 2012, 2013, 2014, 2016, 2017, 2019, 2021, 2023, 2024, 2025, 2026, 2027, 2028, 2030, 2032, 2034, 2035, 2037, 2039, 2137, 2138, 2140, 2141, 2143, 2145, 2147, 2148, 2150, 2152, 2153, 2188, 2189, 2362, 2363, 2365, 2369, 2370, 2371, 2372, 2373, 2376, 2377, 2378, 2379, 2382, 2383, 2384, 2386, 2387, 2388, 2390, 2391, 2392, 2393, 2395, 2396, 2397, 2399, 2400 ], "source_snippets": [ "\t\t\tmosquitto__free(config->listeners[i].security_options.password_file);", "\t\t\tmosquitto__free(config->listeners[i].security_options.psk_file);", "\t\t\tmosquitto__free(config->listeners[i].cafile);", "\t\t\tmosquitto__free(config->listeners[i].capath);", "\t\t\tmosquitto__free(config->listeners[i].certfile);", "\t\t\tmosquitto__free(config->listeners[i].keyfile);", "\t\t\tmosquitto__free(config->listeners[i].ciphers);", "\t\t\tmosquitto__free(config->listeners[i].ciphers_tls13);", "\t\t\tmosquitto__free(config->listeners[i].psk_hint);", "\t\t\tmosquitto__free(config->listeners[i].crlfile);", "\t\t\tmosquitto__free(config->listeners[i].dhparamfile);", "\t\t\tmosquitto__free(config->listeners[i].tls_version);", "\t\t\tmosquitto__free(config->listeners[i].tls_engine);", "\t\t\tmosquitto__free(config->listeners[i].tls_engine_kpass_sha1);", "\t\t\t\tSSL_CTX_free(config->listeners[i].ssl_ctx);", "\t\t\t}", "\t\t\tmosquitto__free(config->bridges[i].notification_topic);", "\t\t\tmosquitto__free(config->bridges[i].tls_version);", "\t\t\tmosquitto__free(config->bridges[i].tls_cafile);", "\t\t\tmosquitto__free(config->bridges[i].tls_alpn);", "\t\t\tmosquitto__free(config->bridges[i].tls_psk_identity);", "\t\t\tmosquitto__free(config->bridges[i].tls_psk);", "\t\t}", "\t\tconfig->listeners[config->listener_count-1].max_qos = config->default_listener.max_qos;", "\t\tconfig->listeners[config->listener_count-1].max_topic_alias = config->default_listener.max_topic_alias;", "\t\tconfig->listeners[config->listener_count-1].tls_version = config->default_listener.tls_version;", "\t\tconfig->listeners[config->listener_count-1].tls_engine = config->default_listener.tls_engine;", "\t\tconfig->listeners[config->listener_count-1].tls_keyform = config->default_listener.tls_keyform;", "\t\tconfig->listeners[config->listener_count-1].tls_engine_kpass_sha1 = config->default_listener.tls_engine_kpass_sha1;", "\t\tconfig->listeners[config->listener_count-1].cafile = config->default_listener.cafile;", "\t\tconfig->listeners[config->listener_count-1].capath = config->default_listener.capath;", "\t\tconfig->listeners[config->listener_count-1].certfile = config->default_listener.certfile;", "\t\tconfig->listeners[config->listener_count-1].keyfile = config->default_listener.keyfile;", "\t\tconfig->listeners[config->listener_count-1].ciphers = config->default_listener.ciphers;", "\t\tconfig->listeners[config->listener_count-1].ciphers_tls13 = config->default_listener.ciphers_tls13;", "\t\tconfig->listeners[config->listener_count-1].dhparamfile = config->default_listener.dhparamfile;", "\t\tconfig->listeners[config->listener_count-1].psk_hint = config->default_listener.psk_hint;", "\t\tconfig->listeners[config->listener_count-1].require_certificate = config->default_listener.require_certificate;", "\t\tconfig->listeners[config->listener_count-1].ssl_ctx = NULL;", "\t\tconfig->listeners[config->listener_count-1].crlfile = config->default_listener.crlfile;", "\t\tconfig->listeners[config->listener_count-1].use_identity_as_username = config->default_listener.use_identity_as_username;", "\t\tconfig->listeners[config->listener_count-1].use_subject_as_username = config->default_listener.use_subject_as_username;", "\t\tconfig->listeners[config->listener_count-1].security_options.acl_file = config->default_listener.security_options.acl_file;", "\t\tconfig->listeners[config->listener_count-1].security_options.password_file = config->default_listener.security_options.password_file;", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\tif(config->bridges[i].tls_psk && !config->bridges[i].tls_psk_identity){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration: missing bridge_identity.\\\");", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\tif(config->bridges[i].tls_psk_identity && !config->bridges[i].tls_psk){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration: missing bridge_psk.\\\");", "\t\t\treturn MOSQ_ERR_INVAL;", "\t}", "\t\t\t\tcontinue;", "\t\t\t\t\tcontinue;", "\t\t\t\t\tconf__set_cur_security_options(config, cur_listener, &cur_security_options);", "\t\t\t\t\tif(reload){", "\t\t\t\t\t\tmosquitto__free(cur_security_options->acl_file);", "\t\t\t\t\t\tcur_security_options->acl_file = NULL;", "\t\t\t\t\t}", "\t\t\t\t\tif(conf__parse_string(&token, \\\"acl_file\\\", &cur_security_options->acl_file, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge || cur_bridge->addresses){", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_NOTICE, \\\"The 'allow_duplicate_messages' option is now deprecated and will be removed in a future version. The behaviour will default to true.\\\");", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"allow_duplicate_messages\\\", &config->allow_duplicate_messages, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tconf__set_cur_security_options(config, cur_listener, &cur_security_options);", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"allow_zero_length_clientid\\\", &cur_security_options->allow_zero_length_clientid, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* Auth plugin not currently valid for reloading. */", "\t\t\t\t\tif(!cur_auth_plugin_config){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: An auth_opt_ option exists in the config file without an auth_plugin.\\\");", "\t\t\t\t\t\tmosquitto__free(key);", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* Auth plugin not currently valid for reloading. */", "\t\t\t\t\tconf__set_cur_security_options(config, cur_listener, &cur_security_options);", "\t\t\t\t\tcur_security_options->auth_plugin_configs = mosquitto__realloc(cur_security_options->auth_plugin_configs, (size_t)(cur_security_options->auth_plugin_config_count+1)*sizeof(struct mosquitto__auth_plugin_config));", "\t\t\t\t\tcur_auth_plugin_config->deny_special_chars = true;", "\t\t\t\t\tcur_security_options->auth_plugin_config_count++;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"auth_plugin\\\", &cur_auth_plugin_config->path, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* Auth plugin not currently valid for reloading. */", "\t\t\t\t\tif(!cur_auth_plugin_config){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: An auth_plugin_deny_special_chars option exists in the config file without an auth_plugin.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"auth_plugin_deny_special_chars\\\", &cur_auth_plugin_config->deny_special_chars, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tconf__set_cur_security_options(config, cur_listener, &cur_security_options);", "\t\t\t\t\tif(conf__parse_string(&token, \\\"auto_id_prefix\\\", &cur_security_options->auto_id_prefix, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_security_options->auto_id_prefix){", "\t\t\t\t\t}else{", "\t\t\t\t\t\tcur_security_options->auto_id_prefix_len = 0;", "\t\t\t\t\tif(conf__parse_int(&token, \\\"autosave_interval\\\", &config->autosave_interval, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(config->autosave_interval < 0) config->autosave_interval = 0;", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"autosave_on_changes\\\", &config->autosave_on_changes, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_NOTICE, \\\"The 'bind_address' option is now deprecated and will be removed in a future version. The behaviour will default to true.\\\");", "\t\t\t\t\tconfig->local_only = false;", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__attempt_resolve(config->default_listener.host, \\\"bind_address\\\", MOSQ_LOG_ERR, \\\"Error\\\")){", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bind_interface\\\", &cur_listener->bind_interface, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and psk encryption in a single bridge.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_cafile\\\", &cur_bridge->tls_cafile, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_alpn\\\", &cur_bridge->tls_alpn, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_bind_address\\\", &cur_bridge->bind_address, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and psk encryption in a single bridge.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_capath\\\", &cur_bridge->tls_capath, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and psk encryption in a single bridge.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_certfile\\\", &cur_bridge->tls_certfile, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_bridge->tls_cafile || cur_bridge->tls_capath || cur_bridge->tls_certfile || cur_bridge->tls_keyfile){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and identity encryption in a single bridge.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_identity\\\", &cur_bridge->tls_psk_identity, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS-PSK support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"bridge_insecure\\\", &cur_bridge->tls_insecure, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_bridge->tls_insecure){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge %s using insecure mode.\\\", cur_bridge->name);", "\t\t\t\t\t}", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS-PSK support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"bridge_require_ocsp\\\", &cur_bridge->tls_ocsp_required, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* Bridges not valid for reloading. */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_bridge->tls_psk_identity || cur_bridge->tls_psk){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and psk encryption in a single bridge.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_keyfile\\\", &cur_bridge->tls_keyfile, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(cur_bridge->tls_cafile || cur_bridge->tls_capath || cur_bridge->tls_certfile || cur_bridge->tls_keyfile){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and psk encryption in a single bridge.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_psk\\\", &cur_bridge->tls_psk, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS-PSK support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid bridge configuration.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"bridge_tls_version\\\", &cur_bridge->tls_version, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Bridge and/or TLS support not available.\\\");", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and psk encryption in a single listener.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"capath\\\", &cur_listener->capath, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Cannot use both certificate and psk encryption in a single listener.\\\");", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t\tconf__set_cur_security_options(config, cur_listener, &cur_security_options);", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"check_retain_source\\\", &config->check_retain_source, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"ciphers\\\", &cur_listener->ciphers, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"ciphers_tls1.3\\\", &cur_listener->ciphers_tls13, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: ciphers_tls1.3 support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_NOTICE, \\\"The 'clientid_prefixes' option is now deprecated and will be removed in a future version.\\\");", "\t\t\t\t\tif(reload){", "\t\t\t\t\t\tmosquitto__free(config->clientid_prefixes);", "\t\t\t\t\t\tconfig->clientid_prefixes = NULL;", "\t\t\t\t\t}", "\t\t\t\t\tif(conf__parse_string(&token, \\\"clientid_prefixes\\\", &config->clientid_prefixes, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\ttoken = strtok_r(NULL, \\\" \\\", &saveptr);", "\t\t\t\t\tif(conf__parse_bool(&token, token, &config->connection_messages, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"crlfile\\\", &cur_listener->crlfile, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"dhparamfile\\\", &cur_listener->dhparamfile, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: Websockets support not available.\\\");", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tif(level == 0){", "\t\t\t\t\t\ttoken = strtok_r(NULL, \\\"\\\", &saveptr);", "\t\t\t\t\t\tmosquitto__free(files);", "\t\t\t\t\t\tif(rc) return rc; /* This returns if config__read_file() fails above */", "\t\t\t\t\t}", "\t\t\t\t\tif(reload) continue; /* FIXME */", "\t\t\t\t\tif(!cur_bridge){", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"psk_file\\\")){", "\t\t\t\t\tconf__set_cur_security_options(config, cur_listener, &cur_security_options);", "\t\t\t\t\tif(reload){", "\t\t\t\t\t\tmosquitto__free(cur_security_options->psk_file);", "\t\t\t\t\t\tcur_security_options->psk_file = NULL;", "\t\t\t\t\t}", "\t\t\t\t\tif(conf__parse_string(&token, \\\"psk_file\\\", &cur_security_options->psk_file, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS/TLS-PSK support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"psk_hint\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"psk_hint\\\", &cur_listener->psk_hint, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS/TLS-PSK support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"queue_qos0_messages\\\")){", "\t\t\t\t\tif(conf__parse_bool(&token, token, &config->queue_qos0_messages, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t}else if(!strcmp(token, \\\"require_certificate\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"require_certificate\\\", &cur_listener->require_certificate, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"restart_timeout\\\")){", "\t\t\t\t}else if(!strcmp(token, \\\"tls_engine\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"tls_engine\\\", &cur_listener->tls_engine, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"tls_engine_kpass_sha1\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"tls_engine_kpass_sha1\\\", &kpass_sha, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tif(mosquitto__hex2bin_sha1(kpass_sha, (unsigned char**)&kpass_sha_bin) != MOSQ_ERR_SUCCESS){", "\t\t\t\t\t\tmosquitto__free(kpass_sha);", "\t\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\t\tcur_listener->tls_engine_kpass_sha1 = kpass_sha_bin;", "\t\t\t\t\tmosquitto__free(kpass_sha);", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"tls_keyform\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tkeyform = NULL;", "\t\t\t\t\tif(conf__parse_string(&token, \\\"tls_keyform\\\", &keyform, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tcur_listener->tls_keyform = mosq_k_pem;", "\t\t\t\t\tif(!strcmp(keyform, \\\"engine\\\")) cur_listener->tls_keyform = mosq_k_engine;", "\t\t\t\t\tmosquitto__free(keyform);", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"tls_version\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_string(&token, \\\"tls_version\\\", &cur_listener->tls_version, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"topic\\\")){", "\t\t\t\t\tif(conf__parse_bool(&token, token, &config->upgrade_outgoing_qos, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t}else if(!strcmp(token, \\\"use_identity_as_username\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"use_identity_as_username\\\", &cur_listener->use_identity_as_username, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"use_subject_as_username\\\")){", "\t\t\t\t\tif(reload) continue; /* Listeners not valid for reloading. */", "\t\t\t\t\tif(conf__parse_bool(&token, \\\"use_subject_as_username\\\", &cur_listener->use_subject_as_username, saveptr)) return MOSQ_ERR_INVAL;", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_WARNING, \\\"Warning: TLS support not available.\\\");", "\t\t\t\t}else if(!strcmp(token, \\\"user\\\")){", "\t\t\t\t\tif(reload) continue; /* Drop privileges user not valid for reloading. */", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unknown configuration variable \\\\\"%s\\\\\".\\\", token);", "\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\treturn MOSQ_ERR_SUCCESS;", "}", "static int conf__parse_string(char **token, const char *name, char **value, char *saveptr)", "\t*token = strtok_r(NULL, \\\"\\\", &saveptr);", "\tif(*token){", "\t\tif(*value){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Duplicate %s value in configuration.\\\", name);", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\t*token = misc__trimblanks(*token);", "\t\tif(strlen(*token) == 0){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Empty %s value in configuration.\\\", name);", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\ttlen = strlen(*token);", "\t\tif(tlen > UINT16_MAX){", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\tif(mosquitto_validate_utf8(*token, (uint16_t)tlen)){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Malformed UTF-8 in configuration.\\\");", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\t*value = mosquitto__strdup(*token);", "\t\tif(!*value){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Out of memory.\\\");", "\t\t\treturn MOSQ_ERR_NOMEM;", "\t}else{", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Empty %s value in configuration.\\\", name);", "\t\treturn MOSQ_ERR_INVAL;", "\treturn MOSQ_ERR_SUCCESS;", "}" ] }, { "file": "net_mosq.c", "removable_lines": 291, "line_numbers": [ 87, 89, 92, 94, 97, 99, 102, 104, 107, 109, 110, 111, 112, 113, 114, 119, 120, 121, 124, 126, 176, 178, 185, 190, 192, 193, 194, 195, 197, 198, 218, 219, 220, 221, 222, 223, 224, 262, 269, 271, 272, 274, 276, 277, 278, 279, 536, 540, 542, 543, 544, 545, 546, 548, 551, 556, 557, 559, 560, 561, 563, 564, 565, 567, 568, 569, 571, 572, 573, 574, 579, 583, 584, 585, 611, 612, 613, 617, 619, 621, 622, 623, 624, 628, 630, 632, 634, 635, 638, 641, 649, 650, 651, 652, 653, 654, 655, 657, 663, 664, 665, 670, 673, 674, 675, 676, 678, 681, 682, 683, 686, 687, 689, 690, 692, 693, 694, 695, 696, 697, 698, 703, 706, 709, 710, 711, 712, 713, 714, 718, 722, 723, 724, 725, 726, 728, 729, 730, 731, 733, 734, 735, 738, 739, 740, 741, 743, 745, 746, 748, 749, 750, 751, 753, 755, 756, 758, 759, 760, 761, 764, 765, 766, 767, 769, 770, 771, 775, 778, 780, 781, 783, 784, 785, 787, 788, 789, 790, 791, 792, 793, 795, 796, 797, 798, 799, 801, 802, 803, 804, 805, 806, 807, 808, 810, 811, 812, 813, 814, 817, 818, 819, 823, 826, 828, 829, 832, 833, 834, 836, 838, 839, 841, 843, 844, 845, 846, 847, 849, 850, 852, 853, 862, 863, 864, 865, 868, 869, 870, 871, 872, 873, 874, 875, 876, 879, 880, 881, 882, 883, 884, 886, 891, 892, 893, 896, 897, 898, 901, 903, 904, 906, 907, 939, 943, 944, 945, 946, 947, 948, 949, 953, 955, 956, 958, 959, 961, 966, 975, 976, 978, 979, 980, 981, 982, 983, 998, 1000, 1007, 1009, 1010, 1011, 1012, 1013, 1014, 1015, 1025, 1189, 1192, 1194, 1196 ], "source_snippets": [ "static int ui_open(UI *ui)", "\treturn UI_method_get_opener(UI_OpenSSL())(ui);", "static int ui_read(UI *ui, UI_STRING *uis)", "\treturn UI_method_get_reader(UI_OpenSSL())(ui, uis);", "static int ui_write(UI *ui, UI_STRING *uis)", "\treturn UI_method_get_writer(UI_OpenSSL())(ui, uis);", "static int ui_close(UI *ui)", "\treturn UI_method_get_closer(UI_OpenSSL())(ui);", "static void setup_ui_method(void)", "\t_ui_method = UI_create_method(\\\"OpenSSL application user interface\\\");", "\tUI_method_set_opener(_ui_method, ui_open);", "\tUI_method_set_reader(_ui_method, ui_read);", "\tUI_method_set_writer(_ui_method, ui_write);", "\tUI_method_set_closer(_ui_method, ui_close);", "}", "\t\tUI_destroy_method(_ui_method);", "\t\t_ui_method = NULL;", "\t}", "UI_METHOD *net__get_ui_method(void)", "\treturn _ui_method;", "void net__init_tls(void)", "\tif(is_tls_initialized) return;", "\tOPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS \\", "\tENGINE_load_builtin_engines();", "\tsetup_ui_method();", "\tif(tls_ex_index_mosq == -1){", "\t\ttls_ex_index_mosq = SSL_get_ex_new_index(0, \\\"client context\\\", NULL, NULL, NULL);", "\t}", "\tis_tls_initialized = true;", "}", "\t\tif(mosq->ssl){", "\t\t\tif(!SSL_in_init(mosq->ssl)){", "\t\t\t\tSSL_shutdown(mosq->ssl);", "\t\t\t}", "\t\t\tSSL_free(mosq->ssl);", "\t\t\tmosq->ssl = NULL;", "\t\t}", "static unsigned int psk_client_callback(SSL *ssl, const char *hint,", "\tUNUSED(hint);", "\tmosq = SSL_get_ex_data(ssl, tls_ex_index_mosq);", "\tif(!mosq) return 0;", "\tsnprintf(identity, max_identity_len, \\\"%s\\\", mosq->tls_psk_identity);", "\tlen = mosquitto__hex2bin(mosq->tls_psk, psk, (int)max_psk_len);", "\tif (len < 0) return 0;", "\treturn (unsigned int)len;", "}", "void net__print_ssl_error(struct mosquitto *mosq)", "\tint num = 0;", "\te = ERR_get_error();", "\twhile(e){", "\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"OpenSSL Error[%d]: %s\\\", num, ERR_error_string(e, ebuf));", "\t\te = ERR_get_error();", "\t\tnum++;", "}", "int net__socket_connect_tls(struct mosquitto *mosq)", "\tERR_clear_error();", "\tif (mosq->tls_ocsp_required) {", "\t\tif ((res=SSL_set_tlsext_status_type(mosq->ssl, TLSEXT_STATUSTYPE_ocsp)) != 1) {", "\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Could not activate OCSP (error: %ld)\\\", res);", "\t\t\treturn MOSQ_ERR_OCSP;", "\t\tif ((res=SSL_CTX_set_tlsext_status_cb(mosq->ssl_ctx, mosquitto__verify_ocsp_status_cb)) != 1) {", "\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Could not activate OCSP (error: %ld)\\\", res);", "\t\t\treturn MOSQ_ERR_OCSP;", "\t\tif ((res=SSL_CTX_set_tlsext_status_arg(mosq->ssl_ctx, mosq)) != 1) {", "\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Could not activate OCSP (error: %ld)\\\", res);", "\t\t\treturn MOSQ_ERR_OCSP;", "\t}", "\tSSL_set_connect_state(mosq->ssl);", "\treturn MOSQ_ERR_SUCCESS;", "}", "static int net__tls_load_ca(struct mosquitto *mosq)", "\tif(mosq->tls_use_os_certs){", "\t\tSSL_CTX_set_default_verify_paths(mosq->ssl_ctx);", "\t}", "\tif(mosq->tls_cafile){", "\t\tret = SSL_CTX_load_verify_file(mosq->ssl_ctx, mosq->tls_cafile);", "\t\tif(ret == 0){", "\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to load CA certificates, check cafile \\\\\"%s\\\\\".\\\", mosq->tls_cafile);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\tif(mosq->tls_capath){", "\t\tret = SSL_CTX_load_verify_dir(mosq->ssl_ctx, mosq->tls_capath);", "\t\tif(ret == 0){", "\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to load CA certificates, check capath \\\\\"%s\\\\\".\\\", mosq->tls_capath);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\treturn MOSQ_ERR_SUCCESS;", "}", "static int net__init_ssl_ctx(struct mosquitto *mosq)", "\tENGINE *engine = NULL;", "\tif(mosq->user_ssl_ctx){", "\t\tmosq->ssl_ctx = mosq->user_ssl_ctx;", "\t\tif(!mosq->ssl_ctx_defaults){", "\t\t\treturn MOSQ_ERR_SUCCESS;", "\t\t}else if(!mosq->tls_cafile && !mosq->tls_capath && !mosq->tls_psk){", "\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: If you use MOSQ_OPT_SSL_CTX then MOSQ_OPT_SSL_CTX_WITH_DEFAULTS must be true, or at least one of cafile, capath or psk must be specified.\\\");", "\t\t\treturn MOSQ_ERR_INVAL;", "\t}", "\tif(mosq->tls_cafile || mosq->tls_capath || mosq->tls_psk || mosq->tls_use_os_certs){", "\t\tnet__init_tls();", "\t\tif(!mosq->ssl_ctx){", "\t\t\tmosq->ssl_ctx = SSL_CTX_new(TLS_client_method());", "\t\t\tif(!mosq->ssl_ctx){", "\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to create TLS context.\\\");", "\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t}", "\t\tif(mosq->tls_psk){", "\t\t\tSSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_TLSv1_3);", "\t\t}", "\t\tif(!mosq->tls_version){", "\t\t\tSSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);", "\t\t}else if(!strcmp(mosq->tls_version, \\\"tlsv1.3\\\")){", "\t\t\tSSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2);", "\t\t}else if(!strcmp(mosq->tls_version, \\\"tlsv1.2\\\")){", "\t\t\tSSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);", "\t\t}else if(!strcmp(mosq->tls_version, \\\"tlsv1.1\\\")){", "\t\t\tSSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);", "\t\t}else{", "\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Protocol %s not supported.\\\", mosq->tls_version);", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\tSSL_CTX_set_dh_auto(mosq->ssl_ctx, 1);", "\t\tSSL_CTX_set_options(mosq->ssl_ctx, SSL_OP_NO_COMPRESSION);", "\t\tif(mosq->tls_alpn) {", "\t\t\ttls_alpn_len = (uint8_t) strnlen(mosq->tls_alpn, 254);", "\t\t\ttls_alpn_wire[0] = tls_alpn_len; /* first byte is length of string */", "\t\t\tmemcpy(tls_alpn_wire + 1, mosq->tls_alpn, tls_alpn_len);", "\t\t\tSSL_CTX_set_alpn_protos(mosq->ssl_ctx, tls_alpn_wire, tls_alpn_len + 1U);", "\t\t}", "\t\t\tSSL_CTX_set_mode(mosq->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);", "\t\tif(mosq->tls_engine){", "\t\t\tengine = ENGINE_by_id(mosq->tls_engine);", "\t\t\tif(!engine){", "\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error loading %s engine\\n\\\", mosq->tls_engine);", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\tif(!ENGINE_init(engine)){", "\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Failed engine initialisation\\n\\\");", "\t\t\t\tENGINE_free(engine);", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\tENGINE_set_default(engine, ENGINE_METHOD_ALL);", "\t\t\tENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */", "\t\t}", "\t\tif(mosq->tls_ciphers){", "\t\t\tret = SSL_CTX_set_cipher_list(mosq->ssl_ctx, mosq->tls_ciphers);", "\t\t\tif(ret == 0){", "\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to set TLS ciphers. Check cipher list \\\\\"%s\\\\\".\\\", mosq->tls_ciphers);", "\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t}", "\t\tif(mosq->tls_cafile || mosq->tls_capath || mosq->tls_use_os_certs){", "\t\t\tret = net__tls_load_ca(mosq);", "\t\t\tif(ret != MOSQ_ERR_SUCCESS){", "\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\tif(mosq->tls_cert_reqs == 0){", "\t\t\t\tSSL_CTX_set_verify(mosq->ssl_ctx, SSL_VERIFY_NONE, NULL);", "\t\t\t}else{", "\t\t\t\tSSL_CTX_set_verify(mosq->ssl_ctx, SSL_VERIFY_PEER, mosquitto__server_certificate_verify);", "\t\t\tif(mosq->tls_pw_callback){", "\t\t\t\tSSL_CTX_set_default_passwd_cb(mosq->ssl_ctx, mosq->tls_pw_callback);", "\t\t\t\tSSL_CTX_set_default_passwd_cb_userdata(mosq->ssl_ctx, mosq);", "\t\t\t}", "\t\t\tif(mosq->tls_certfile){", "\t\t\t\tret = SSL_CTX_use_certificate_chain_file(mosq->ssl_ctx, mosq->tls_certfile);", "\t\t\t\tif(ret != 1){", "\t\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to load client certificate \\\\\"%s\\\\\".\\\", mosq->tls_certfile);", "\t\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\t}", "\t\t\tif(mosq->tls_keyfile){", "\t\t\t\tif(mosq->tls_keyform == mosq_k_engine){", "\t\t\t\t\tUI_METHOD *ui_method = net__get_ui_method();", "\t\t\t\t\tif(mosq->tls_engine_kpass_sha1){", "\t\t\t\t\t\tif(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){", "\t\t\t\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to set engine secret mode sha1\\\");", "\t\t\t\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\t\t\t\tif(!ENGINE_ctrl_cmd(engine, ENGINE_PIN, 0, mosq->tls_engine_kpass_sha1, NULL, 0)){", "\t\t\t\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to set engine pin\\\");", "\t\t\t\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\t\t\t\tui_method = NULL;", "\t\t\t\t\t}", "\t\t\t\t\tpkey = ENGINE_load_private_key(engine, mosq->tls_keyfile, ui_method, NULL);", "\t\t\t\t\tif(!pkey){", "\t\t\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to load engine private key file \\\\\"%s\\\\\".\\\", mosq->tls_keyfile);", "\t\t\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\t\t\tif(SSL_CTX_use_PrivateKey(mosq->ssl_ctx, pkey) <= 0){", "\t\t\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to use engine private key file \\\\\"%s\\\\\".\\\", mosq->tls_keyfile);", "\t\t\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\t\t}else{", "\t\t\t\t\tret = SSL_CTX_use_PrivateKey_file(mosq->ssl_ctx, mosq->tls_keyfile, SSL_FILETYPE_PEM);", "\t\t\t\t\tif(ret != 1){", "\t\t\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Unable to load client key file \\\\\"%s\\\\\".\\\", mosq->tls_keyfile);", "\t\t\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\t\tret = SSL_CTX_check_private_key(mosq->ssl_ctx);", "\t\t\t\tif(ret != 1){", "\t\t\t\t\tlog__printf(mosq, MOSQ_LOG_ERR, \\\"Error: Client certificate/key are inconsistent.\\\");", "\t\t\t\t\tENGINE_FINISH(engine);", "\t\t\t\t\tnet__print_ssl_error(mosq);", "\t\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\t}", "\t\t}else if(mosq->tls_psk){", "\t\t\tSSL_CTX_set_psk_client_callback(mosq->ssl_ctx, psk_client_callback);", "\t\t\tif(mosq->tls_ciphers == NULL){", "\t\t\t\tSSL_CTX_set_cipher_list(mosq->ssl_ctx, \\\"PSK\\\");", "\t\t\t}", "\t\t}", "\t}", "\treturn MOSQ_ERR_SUCCESS;", "}", "\tint rc = net__init_ssl_ctx(mosq);", "\tif(rc){", "\t\tnet__socket_close(mosq);", "\t\treturn rc;", "\tif(mosq->ssl_ctx){", "\t\tif(mosq->ssl){", "\t\t\tSSL_free(mosq->ssl);", "\t\t}", "\t\tmosq->ssl = SSL_new(mosq->ssl_ctx);", "\t\tif(!mosq->ssl){", "\t\t\tnet__socket_close(mosq);", "\t\t\tnet__print_ssl_error(mosq);", "\t\t\treturn MOSQ_ERR_TLS;", "\t\tSSL_set_ex_data(mosq->ssl, tls_ex_index_mosq, mosq);", "\t\tbio = BIO_new_socket(mosq->sock, BIO_NOCLOSE);", "\t\tif(!bio){", "\t\t\tnet__socket_close(mosq);", "\t\t\tnet__print_ssl_error(mosq);", "\t\t\treturn MOSQ_ERR_TLS;", "\t\tSSL_set_bio(mosq->ssl, bio, bio);", "\t\tif(SSL_set_tlsext_host_name(mosq->ssl, host) != 1) {", "\t\t\tnet__socket_close(mosq);", "\t\t\treturn MOSQ_ERR_TLS;", "\t\tif(net__socket_connect_tls(mosq)){", "\t\t\tnet__socket_close(mosq);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\tUNUSED(mosq);", "\tUNUSED(host);", "\treturn MOSQ_ERR_SUCCESS;", "}", "static int net__handle_ssl(struct mosquitto* mosq, int ret)", "\terr = SSL_get_error(mosq->ssl, ret);", "\tif (err == SSL_ERROR_WANT_READ) {", "\t\tret = -1;", "\t\terrno = EAGAIN;", "\t}", "\telse if (err == SSL_ERROR_WANT_WRITE) {", "\t\tret = -1;", "\t\tmosq->want_write = true;", "\t\terrno = EAGAIN;", "\t}", "\t\tnet__print_ssl_error(mosq);", "\t\terrno = EPROTO;", "\tERR_clear_error();", "\treturn ret;", "\tassert(mosq);", "\terrno = 0;", "\tif(mosq->ssl){", "\t\tret = SSL_read(mosq->ssl, buf, (int)count);", "\t\tif(ret <= 0){", "\t\t\tret = net__handle_ssl(mosq, ret);", "\t\t}", "\t\treturn (ssize_t )ret;", "}", "ssize_t net__write(struct mosquitto *mosq, const void *buf, size_t count)", "\terrno = 0;", "\tif(mosq->ssl){", "\t\tmosq->want_write = false;", "\t\tret = SSL_write(mosq->ssl, buf, (int)count);", "\t\tif(ret < 0){", "\t\t\tret = net__handle_ssl(mosq, ret);", "\t\t}", "\t\treturn (ssize_t )ret;", "}", "void *mosquitto_ssl_get(struct mosquitto *mosq)", "\treturn mosq->ssl;", "\tUNUSED(mosq);", "\treturn NULL;" ] }, { "file": "net.c", "removable_lines": 257, "line_numbers": [ 208, 209, 210, 211, 212, 214, 215, 216, 217, 218, 219, 220, 221, 222, 223, 225, 226, 227, 228, 229, 230, 231, 233, 234, 236, 237, 238, 240, 241, 244, 250, 253, 255, 258, 263, 267, 271, 273, 274, 276, 277, 279, 283, 284, 286, 287, 288, 291, 292, 293, 294, 297, 298, 299, 300, 301, 303, 305, 306, 307, 311, 316, 318, 319, 320, 325, 328, 329, 330, 334, 335, 336, 337, 338, 339, 340, 341, 345, 346, 348, 349, 351, 352, 353, 354, 355, 356, 357, 363, 367, 371, 376, 385, 389, 392, 393, 395, 396, 397, 398, 399, 401, 402, 403, 404, 405, 409, 410, 411, 412, 413, 415, 418, 419, 420, 421, 422, 424, 425, 427, 428, 429, 430, 432, 433, 434, 439, 445, 446, 447, 448, 449, 451, 452, 453, 454, 455, 456, 457, 459, 461, 462, 471, 472, 473, 474, 476, 477, 478, 479, 480, 482, 483, 484, 485, 486, 487, 489, 490, 491, 492, 493, 494, 497, 498, 499, 500, 502, 504, 506, 507, 511, 513, 517, 518, 521, 522, 523, 524, 525, 527, 528, 529, 530, 532, 534, 535, 536, 537, 538, 539, 540, 542, 543, 544, 545, 547, 548, 549, 550, 551, 552, 553, 555, 556, 557, 558, 560, 561, 563, 564, 587, 588, 589, 590, 591, 592, 594, 595, 596, 597, 598, 599, 600, 602, 606, 607, 611, 612, 884, 886, 887, 888, 891, 892, 894, 896, 897, 898, 899, 900, 901, 902, 904, 905, 906, 908, 909, 910, 911, 912, 913, 914, 915, 917, 918, 921 ], "source_snippets": [ "\tif(new_context->listener->ssl_ctx){", "\t\tnew_context->ssl = SSL_new(new_context->listener->ssl_ctx);", "\t\tif(!new_context->ssl){", "\t\t\tcontext__cleanup(new_context, true);", "\t\t\treturn NULL;", "\t\tSSL_set_ex_data(new_context->ssl, tls_ex_index_context, new_context);", "\t\tSSL_set_ex_data(new_context->ssl, tls_ex_index_listener, new_context->listener);", "\t\tnew_context->want_write = true;", "\t\tbio = BIO_new_socket(new_sock, BIO_NOCLOSE);", "\t\tSSL_set_bio(new_context->ssl, bio, bio);", "\t\tERR_clear_error();", "\t\trc = SSL_accept(new_context->ssl);", "\t\tif(rc != 1){", "\t\t\trc = SSL_get_error(new_context->ssl, rc);", "\t\t\tif(rc == SSL_ERROR_WANT_READ){", "\t\t\t}else if(rc == SSL_ERROR_WANT_WRITE){", "\t\t\t\tnew_context->want_write = true;", "\t\t\t}else{", "\t\t\t\tif(db.config->connection_messages == true){", "\t\t\t\t\te = ERR_get_error();", "\t\t\t\t\twhile(e){", "\t\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_NOTICE,", "\t\t\t\t\t\t\t\tnew_context->address, ERR_error_string(e, ebuf));", "\t\t\t\t\t\te = ERR_get_error();", "\t\t\t\t}", "\t\t\t\tcontext__cleanup(new_context, true);", "\t\t\t\treturn NULL;", "\t\t}", "\t}", "\tif(db.config->connection_messages == true){", "}", "static int client_certificate_verify(int preverify_ok, X509_STORE_CTX *ctx)", "\tUNUSED(ctx);", "\treturn preverify_ok;", "static unsigned int psk_server_callback(SSL *ssl, const char *identity, unsigned char *psk, unsigned int max_psk_len)", "\tchar *psk_key = NULL;", "\tif(!identity) return 0;", "\tcontext = SSL_get_ex_data(ssl, tls_ex_index_context);", "\tif(!context) return 0;", "\tlistener = SSL_get_ex_data(ssl, tls_ex_index_listener);", "\tif(!listener) return 0;", "\tpsk_hint = listener->psk_hint;", "\tpsk_key = mosquitto__calloc(1, (size_t)max_psk_len*2 + 1);", "\tif(!psk_key) return 0;", "\tif(mosquitto_psk_key_get(context, psk_hint, identity, psk_key, (int)max_psk_len*2) != MOSQ_ERR_SUCCESS){", "\t\tmosquitto__free(psk_key);", "\t\treturn 0;", "\tlen = mosquitto__hex2bin(psk_key, psk, (int)max_psk_len);", "\tif (len < 0){", "\t\tmosquitto__free(psk_key);", "\t\treturn 0;", "\tif(listener->use_identity_as_username){", "\t\tcontext->username = mosquitto__strdup(identity);", "\t\tif(!context->username){", "\t\t\tmosquitto__free(psk_key);", "\t\t\treturn 0;", "\t}", "\tmosquitto__free(psk_key);", "\treturn (unsigned int)len;", "}", "int net__tls_server_ctx(struct mosquitto__listener *listener)", "\tDH *dhparam = NULL;", "\tif(listener->ssl_ctx){", "\t\tSSL_CTX_free(listener->ssl_ctx);", "\t}", "\tlistener->ssl_ctx = SSL_CTX_new(TLS_server_method());", "\tif(!listener->ssl_ctx){", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to create TLS context.\\\");", "\t\treturn MOSQ_ERR_TLS;", "\tif(db.config->per_listener_settings){", "\t\tif(listener->security_options.psk_file){", "\t\t\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_TLSv1_3);", "\t\t}", "\t}else{", "\t\tif(db.config->security_options.psk_file){", "\t\t\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_TLSv1_3);", "\t\t}", "\tif(listener->tls_version == NULL){", "\t\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);", "\t}else if(!strcmp(listener->tls_version, \\\"tlsv1.3\\\")){", "\t\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1 | SSL_OP_NO_TLSv1_2);", "\t}else if(!strcmp(listener->tls_version, \\\"tlsv1.2\\\")){", "\t\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);", "\t}else if(!strcmp(listener->tls_version, \\\"tlsv1.1\\\")){", "\t\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);", "\t}else{", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unsupported tls_version \\\\\"%s\\\\\".\\\", listener->tls_version);", "\t\treturn MOSQ_ERR_TLS;", "\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_SINGLE_DH_USE);", "\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_COMPRESSION);", "\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);", "\tSSL_CTX_set_mode(listener->ssl_ctx, SSL_MODE_RELEASE_BUFFERS);", "\tSSL_CTX_set_dh_auto(listener->ssl_ctx, 1);", "\tSSL_CTX_set_options(listener->ssl_ctx, SSL_OP_NO_RENEGOTIATION);", "\tsnprintf(buf, 256, \\\"mosquitto-%d\\\", listener->port);", "\tSSL_CTX_set_session_id_context(listener->ssl_ctx, (unsigned char *)buf, (unsigned int)strlen(buf));", "\tif(listener->ciphers){", "\t\trc = SSL_CTX_set_cipher_list(listener->ssl_ctx, listener->ciphers);", "\t\tif(rc == 0){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to set TLS ciphers. Check cipher list \\\\\"%s\\\\\".\\\", listener->ciphers);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}else{", "\t\trc = SSL_CTX_set_cipher_list(listener->ssl_ctx, \\\"DEFAULT:!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2:@STRENGTH\\\");", "\t\tif(rc == 0){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to set TLS ciphers. Check cipher list \\\\\"%s\\\\\".\\\", listener->ciphers);", "\t\t\treturn MOSQ_ERR_TLS;", "\tif(listener->ciphers_tls13){", "\t\trc = SSL_CTX_set_ciphersuites(listener->ssl_ctx, listener->ciphers_tls13);", "\t\tif(rc == 0){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to set TLS 1.3 ciphersuites. Check cipher_tls13 list \\\\\"%s\\\\\".\\\", listener->ciphers_tls13);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\tif(listener->dhparamfile){", "\t\tdhparamfile = fopen(listener->dhparamfile, \\\"r\\\");", "\t\tif(!dhparamfile){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error loading dhparamfile \\\\\"%s\\\\\".\\\", listener->dhparamfile);", "\t\t\treturn MOSQ_ERR_TLS;", "\t\tdhparam = PEM_read_DHparams(dhparamfile, NULL, NULL, NULL);", "\t\tfclose(dhparamfile);", "\t\tif(dhparam == NULL || SSL_CTX_set_tmp_dh(listener->ssl_ctx, dhparam) != 1){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error loading dhparamfile \\\\\"%s\\\\\".\\\", listener->dhparamfile);", "\t\t\tnet__print_ssl_error(NULL);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\treturn MOSQ_ERR_SUCCESS;", "}", "static int net__load_crl_file(struct mosquitto__listener *listener)", "\tstore = SSL_CTX_get_cert_store(listener->ssl_ctx);", "\tif(!store){", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to obtain TLS store.\\\");", "\t\tnet__print_error(MOSQ_LOG_ERR, \\\"Error: %s\\\");", "\t\treturn MOSQ_ERR_TLS;", "\tlookup = X509_STORE_add_lookup(store, X509_LOOKUP_file());", "\trc = X509_load_crl_file(lookup, listener->crlfile, X509_FILETYPE_PEM);", "\tif(rc < 1){", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to load certificate revocation file \\\\\"%s\\\\\". Check crlfile.\\\", listener->crlfile);", "\t\tnet__print_error(MOSQ_LOG_ERR, \\\"Error: %s\\\");", "\t\tnet__print_ssl_error(NULL);", "\t\treturn MOSQ_ERR_TLS;", "\tX509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK);", "\treturn MOSQ_ERR_SUCCESS;", "}", "\tif(listener->require_certificate){", "\t\tSSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, client_certificate_verify);", "\t}else{", "\t\tSSL_CTX_set_verify(listener->ssl_ctx, SSL_VERIFY_NONE, client_certificate_verify);", "\trc = SSL_CTX_use_certificate_chain_file(listener->ssl_ctx, listener->certfile);", "\tif(rc != 1){", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to load server certificate \\\\\"%s\\\\\". Check certfile.\\\", listener->certfile);", "\t\tnet__print_ssl_error(NULL);", "\t\treturn MOSQ_ERR_TLS;", "\tif(listener->tls_engine == NULL){", "\t\trc = SSL_CTX_use_PrivateKey_file(listener->ssl_ctx, listener->keyfile, SSL_FILETYPE_PEM);", "\t\tif(rc != 1){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to load server key file \\\\\"%s\\\\\". Check keyfile.\\\", listener->keyfile);", "\t\t\tnet__print_ssl_error(NULL);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\trc = SSL_CTX_check_private_key(listener->ssl_ctx);", "\tif(rc != 1){", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Server certificate/key are inconsistent.\\\");", "\t\tnet__print_ssl_error(NULL);", "\t\treturn MOSQ_ERR_TLS;", "\tif(listener->crlfile){", "\t\trc = net__load_crl_file(listener);", "\t\tif(rc){", "\t\t\treturn rc;", "\t}", "\tUNUSED(listener);", "\treturn MOSQ_ERR_SUCCESS;", "}", "static int net__load_engine(struct mosquitto__listener *listener)", "\tENGINE *engine = NULL;", "\tif(!listener->tls_engine){", "\t\treturn MOSQ_ERR_SUCCESS;", "\tengine = ENGINE_by_id(listener->tls_engine);", "\tif(!engine){", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error loading %s engine\\n\\\", listener->tls_engine);", "\t\tnet__print_ssl_error(NULL);", "\t\treturn MOSQ_ERR_TLS;", "\tif(!ENGINE_init(engine)){", "\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Failed engine initialisation\\n\\\");", "\t\tnet__print_ssl_error(NULL);", "\t\treturn MOSQ_ERR_TLS;", "\tENGINE_set_default(engine, ENGINE_METHOD_ALL);", "\tif(listener->tls_keyform == mosq_k_engine){", "\t\tui_method = net__get_ui_method();", "\t\tif(listener->tls_engine_kpass_sha1){", "\t\t\tif(!ENGINE_ctrl_cmd(engine, ENGINE_SECRET_MODE, ENGINE_SECRET_MODE_SHA, NULL, NULL, 0)){", "\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to set engine secret mode sha\\\");", "\t\t\t\tnet__print_ssl_error(NULL);", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\tif(!ENGINE_ctrl_cmd(engine, ENGINE_PIN, 0, listener->tls_engine_kpass_sha1, NULL, 0)){", "\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to set engine pin\\\");", "\t\t\t\tnet__print_ssl_error(NULL);", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\tui_method = NULL;", "\t\t}", "\t\tpkey = ENGINE_load_private_key(engine, listener->keyfile, ui_method, NULL);", "\t\tif(!pkey){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to load engine private key file \\\\\"%s\\\\\".\\\", listener->keyfile);", "\t\t\tnet__print_ssl_error(NULL);", "\t\t\treturn MOSQ_ERR_TLS;", "\t\tif(SSL_CTX_use_PrivateKey(listener->ssl_ctx, pkey) <= 0){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to use engine private key file \\\\\"%s\\\\\".\\\", listener->keyfile);", "\t\t\tnet__print_ssl_error(NULL);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\tENGINE_free(engine); /* release the structural reference from ENGINE_by_id() */", "\treturn MOSQ_ERR_SUCCESS;", "}", "\tif(listener->cafile){", "\t\trc = SSL_CTX_load_verify_file(listener->ssl_ctx, listener->cafile);", "\t\tif(rc == 0){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to load CA certificates. Check cafile \\\\\"%s\\\\\".\\\", listener->cafile);", "\t\t\tnet__print_ssl_error(NULL);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\tif(listener->capath){", "\t\trc = SSL_CTX_load_verify_dir(listener->ssl_ctx, listener->capath);", "\t\tif(rc == 0){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to load CA certificates. Check capath \\\\\"%s\\\\\".\\\", listener->capath);", "\t\t\tnet__print_ssl_error(NULL);", "\t\t\treturn MOSQ_ERR_TLS;", "\t}", "\tif(net__load_engine(listener)){", "\t\treturn MOSQ_ERR_TLS;", "\treturn net__load_certificates(listener);", "}", "\tif(listener->sock_count > 0){", "\t\tif(listener->certfile && listener->keyfile){", "\t\t\tif(net__tls_server_ctx(listener)){", "\t\t\t\treturn 1;", "\t\t\tif(net__tls_load_verify(listener)){", "\t\t\t\treturn 1;", "\t\t}", "\t\tif(listener->psk_hint){", "\t\t\tif(tls_ex_index_context == -1){", "\t\t\t\ttls_ex_index_context = SSL_get_ex_new_index(0, \\\"client context\\\", NULL, NULL, NULL);", "\t\t\t}", "\t\t\tif(tls_ex_index_listener == -1){", "\t\t\t\ttls_ex_index_listener = SSL_get_ex_new_index(0, \\\"listener\\\", NULL, NULL, NULL);", "\t\t\t}", "\t\t\tif(listener->certfile == NULL || listener->keyfile == NULL){", "\t\t\t\tif(net__tls_server_ctx(listener)){", "\t\t\t\t\treturn 1;", "\t\t\t}", "\t\t\tSSL_CTX_set_psk_server_callback(listener->ssl_ctx, psk_server_callback);", "\t\t\tif(listener->psk_hint){", "\t\t\t\trc = SSL_CTX_use_psk_identity_hint(listener->ssl_ctx, listener->psk_hint);", "\t\t\t\tif(rc == 0){", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to set TLS PSK hint.\\\");", "\t\t\t\t\tnet__print_ssl_error(NULL);", "\t\t\t\t\treturn 1;", "\t\t\t}", "\t\t}", "\t\treturn 0;" ] }, { "file": "security_default.c", "removable_lines": 223, "line_numbers": [ 830, 831, 833, 835, 836, 841, 843, 852, 854, 855, 856, 857, 860, 861, 862, 863, 864, 867, 868, 869, 870, 871, 872, 873, 874, 877, 878, 879, 880, 881, 882, 884, 885, 886, 887, 888, 890, 892, 893, 894, 895, 896, 898, 899, 900, 901, 902, 903, 904, 905, 906, 907, 908, 909, 910, 911, 912, 914, 915, 916, 918, 919, 920, 922, 924, 936, 939, 940, 943, 975, 978, 980, 982, 983, 984, 985, 986, 987, 988, 1020, 1021, 1023, 1024, 1025, 1026, 1028, 1031, 1034, 1035, 1038, 1039, 1041, 1042, 1044, 1046, 1047, 1059, 1060, 1062, 1064, 1065, 1074, 1076, 1077, 1078, 1079, 1080, 1081, 1095, 1098, 1101, 1110, 1111, 1112, 1113, 1114, 1117, 1118, 1120, 1121, 1124, 1149, 1151, 1152, 1153, 1154, 1155, 1156, 1157, 1160, 1162, 1163, 1164, 1166, 1170, 1171, 1172, 1173, 1175, 1176, 1177, 1178, 1180, 1181, 1182, 1183, 1184, 1185, 1187, 1188, 1189, 1190, 1191, 1192, 1193, 1195, 1196, 1197, 1198, 1199, 1200, 1201, 1202, 1207, 1209, 1210, 1211, 1212, 1213, 1216, 1217, 1218, 1219, 1220, 1222, 1223, 1224, 1225, 1226, 1227, 1228, 1229, 1230, 1231, 1232, 1233, 1234, 1236, 1237, 1238, 1239, 1241, 1242, 1243, 1244, 1245, 1247, 1248, 1250, 1295, 1296, 1297, 1298, 1300, 1323, 1326, 1335, 1336, 1338, 1341, 1351, 1352, 1353, 1354, 1356, 1357, 1359, 1360, 1361, 1362, 1363, 1366, 1367 ], "source_snippets": [ "\tmosquitto__free(item->username);", "\tmosquitto__free(item->password);", "\tmosquitto__free(item->salt);", "\tHASH_DEL(*unpwd, item);", "\tmosquitto__free(item);", "static int unpwd__decode_passwords(struct mosquitto__unpwd **unpwd)", "\tstruct mosquitto__unpwd *u, *tmp = NULL;", "\tHASH_ITER(hh, *unpwd, u, tmp){", "\t\tif(u->password == NULL){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Missing password hash for user %s, removing entry.\\\", u->username);", "\t\t\tunpwd__free_item(unpwd, u);", "\t\t\tcontinue;", "\t\ttoken = strtok(u->password, \\\"$\\\");", "\t\tif(token == NULL){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid password hash for user %s, removing entry.\\\", u->username);", "\t\t\tunpwd__free_item(unpwd, u);", "\t\t\tcontinue;", "\t\tif(!strcmp(token, \\\"6\\\")){", "\t\t\thashtype = pw_sha512;", "\t\t}else if(!strcmp(token, \\\"7\\\")){", "\t\t\thashtype = pw_sha512_pbkdf2;", "\t\t}else{", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid password hash type for user %s, removing entry.\\\", u->username);", "\t\t\tunpwd__free_item(unpwd, u);", "\t\t\tcontinue;", "\t\tif(hashtype == pw_sha512_pbkdf2){", "\t\t\ttoken = strtok(NULL, \\\"$\\\");", "\t\t\tif(token == NULL){", "\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid password hash for user %s, removing entry.\\\", u->username);", "\t\t\t\tunpwd__free_item(unpwd, u);", "\t\t\t\tcontinue;", "\t\t\tu->iterations = atoi(token);", "\t\t\tif(u->iterations < 1){", "\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid hash iterations for user %s, removing entry.\\\", u->username);", "\t\t\t\tunpwd__free_item(unpwd, u);", "\t\t\t\tcontinue;", "\t\t}", "\t\ttoken = strtok(NULL, \\\"$\\\");", "\t\tif(token == NULL){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid password hash for user %s, removing entry.\\\", u->username);", "\t\t\tunpwd__free_item(unpwd, u);", "\t\t\tcontinue;", "\t\trc = base64__decode(token, &salt, &salt_len);", "\t\tif(rc == MOSQ_ERR_SUCCESS && salt_len == 12){", "\t\t\tu->salt = salt;", "\t\t\tu->salt_len = salt_len;", "\t\t\ttoken = strtok(NULL, \\\"$\\\");", "\t\t\tif(token){", "\t\t\t\trc = base64__decode(token, &password, &password_len);", "\t\t\t\tif(rc == MOSQ_ERR_SUCCESS && password_len == 64){", "\t\t\t\t\tmosquitto__free(u->password);", "\t\t\t\t\tu->password = (char *)password;", "\t\t\t\t\tu->password_len = password_len;", "\t\t\t\t\tu->hashtype = hashtype;", "\t\t\t\t}else{", "\t\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to decode password for user %s, removing entry.\\\", u->username);", "\t\t\t\t\tunpwd__free_item(unpwd, u);", "\t\t\t}else{", "\t\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Invalid password hash for user %s, removing entry.\\\", u->username);", "\t\t\t\tunpwd__free_item(unpwd, u);", "\t\t}else{", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: Unable to decode password salt for user %s, removing entry.\\\", u->username);", "\t\t\tunpwd__free_item(unpwd, u);", "\t}", "\treturn MOSQ_ERR_SUCCESS;", "\trc = pwfile__parse(password_file, unpwd);", "\tif(rc) return rc;", "\trc = unpwd__decode_passwords(unpwd);", "\treturn rc;", "static int mosquitto__memcmp_const(const void *a, const void *b, size_t len)", "\tint rc = 0;", "\tif(!a || !b) return 1;", "\tfor(i=0; ipassword){", "\t\t\tif(ed->client->password){", "\t\t\t\trc = pw__digest(ed->client->password, u->salt, u->salt_len, hash, &hash_len, u->hashtype, u->iterations);", "\t\t\t\tif(rc == MOSQ_ERR_SUCCESS){", "\t\t\t\t\tif(hash_len == u->password_len && !mosquitto__memcmp_const(u->password, hash, hash_len)){", "\t\t\t\t\t\treturn MOSQ_ERR_SUCCESS;", "\t\t\t\t\t\treturn MOSQ_ERR_AUTH;", "\t\t\t\t\treturn rc;", "\t\t\t\tif(!strcmp(u->password, ed->client->password)){", "\t\t\t\t\treturn MOSQ_ERR_SUCCESS;", "\t\t\t}else{", "\t\t\t\treturn MOSQ_ERR_AUTH;", "\t\t}else{", "\t\t\treturn MOSQ_ERR_SUCCESS;", "\t}", "\treturn MOSQ_ERR_AUTH;", "}", "\t\tmosquitto__free(u->password);", "\t\tmosquitto__free(u->username);", "\t\tmosquitto__free(u->salt);", "\t\tmosquitto__free(u);", "\t}", "static void security__disconnect_auth(struct mosquitto *context)", "\tif(context->protocol == mosq_p_mqtt5){", "\t\tsend__disconnect(context, MQTT_RC_ADMINISTRATIVE_ACTION, NULL);", "\t}", "\tmosquitto__set_state(context, mosq_cs_disconnecting);", "\tdo_disconnect(context, MOSQ_ERR_AUTH);", "}", "\tstruct mosquitto__security_options *security_opts = NULL;", "\tX509 *client_cert = NULL;", "\tASN1_STRING *name_asn1 = NULL;", "\tfor(i=0; ilistener_count; i++){", "\t\tlistener = &db.config->listeners[i];", "\t\tif(listener && listener->ssl_ctx && listener->certfile && listener->keyfile && listener->crlfile && listener->require_certificate){", "\t\t\tif(net__tls_server_ctx(listener)){", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t\tif(net__tls_load_verify(listener)){", "\t\t\t\treturn MOSQ_ERR_TLS;", "\t\t}", "\t}", "\tHASH_ITER(hh_id, db.contexts_by_id, context, ctxt_tmp){", "\t\tif(context->listener && context->listener->ssl_ctx && (context->listener->use_identity_as_username || context->listener->use_subject_as_username)){", "\t\t\tif(!context->ssl){", "\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\tsend__disconnect(context, MQTT_RC_ADMINISTRATIVE_ACTION, NULL);", "\t\t\t\t}", "\t\t\t\tmosquitto__set_state(context, mosq_cs_disconnecting);", "\t\t\t\tdo_disconnect(context, MOSQ_ERR_AUTH);", "\t\t\t\tcontinue;", "\t\t\tif(context->listener->psk_hint){", "\t\t\t\tif(!context->username){", "\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\tcontinue;", "\t\t\t}else", "\t\t\t\tmosquitto__free(context->username);", "\t\t\t\tcontext->username = NULL;", "\t\t\t\tmosquitto__free(context->password);", "\t\t\t\tcontext->password = NULL;", "\t\t\t\tclient_cert = SSL_get_peer_certificate(context->ssl);", "\t\t\t\tif(!client_cert){", "\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\tcontinue;", "\t\t\t\tname = X509_get_subject_name(client_cert);", "\t\t\t\tif(!name){", "\t\t\t\t\tX509_free(client_cert);", "\t\t\t\t\tclient_cert = NULL;", "\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\tcontinue;", "\t\t\t\tif (context->listener->use_identity_as_username) { /* use_identity_as_username */", "\t\t\t\t\ti = X509_NAME_get_index_by_NID(name, NID_commonName, -1);", "\t\t\t\t\tif(i == -1){", "\t\t\t\t\t\tX509_free(client_cert);", "\t\t\t\t\t\tclient_cert = NULL;", "\t\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\t\tcontinue;", "\t\t\t\t\tname_entry = X509_NAME_get_entry(name, i);", "\t\t\t\t\tif(name_entry){", "\t\t\t\t\t\tname_asn1 = X509_NAME_ENTRY_get_data(name_entry);", "\t\t\t\t\t\tif (name_asn1 == NULL) {", "\t\t\t\t\t\t\tX509_free(client_cert);", "\t\t\t\t\t\t\tclient_cert = NULL;", "\t\t\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\t\t\tcontinue;", "\t\t\t\t\t\tcontext->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1));", "\t\t\t\t\t\tif(!context->username){", "\t\t\t\t\t\t\tX509_free(client_cert);", "\t\t\t\t\t\t\tclient_cert = NULL;", "\t\t\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\t\t\tcontinue;", "\t\t\t\t\t\tif ((size_t)ASN1_STRING_length(name_asn1) != strlen(context->username)) {", "\t\t\t\t\t\t\tX509_free(client_cert);", "\t\t\t\t\t\t\tclient_cert = NULL;", "\t\t\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\t\t\tcontinue;", "\t\t\t\t\t}", "\t\t\t\t} else { /* use_subject_as_username */", "\t\t\t\t\tsubject_bio = BIO_new(BIO_s_mem());", "\t\t\t\t\tX509_NAME_print_ex(subject_bio, X509_get_subject_name(client_cert), 0, XN_FLAG_RFC2253);", "\t\t\t\t\tdata_start = NULL;", "\t\t\t\t\tname_length = (size_t)BIO_get_mem_data(subject_bio, &data_start);", "\t\t\t\t\tsubject = mosquitto__malloc(sizeof(char)*name_length+1);", "\t\t\t\t\tif(!subject){", "\t\t\t\t\t\tBIO_free(subject_bio);", "\t\t\t\t\t\tX509_free(client_cert);", "\t\t\t\t\t\tclient_cert = NULL;", "\t\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\t\tcontinue;", "\t\t\t\t\tmemcpy(subject, data_start, name_length);", "\t\t\t\t\tsubject[name_length] = '\\0';", "\t\t\t\t\tBIO_free(subject_bio);", "\t\t\t\t\tcontext->username = subject;", "\t\t\t\tif(!context->username){", "\t\t\t\t\tX509_free(client_cert);", "\t\t\t\t\tclient_cert = NULL;", "\t\t\t\t\tsecurity__disconnect_auth(context);", "\t\t\t\t\tcontinue;", "\t\t\t\tX509_free(client_cert);", "\t\t\t\tclient_cert = NULL;", "\t\t}else", "\t\t}", "\t}", "\treturn MOSQ_ERR_SUCCESS;", "}", "int mosquitto_psk_key_get_default(struct mosquitto *context, const char *hint, const char *identity, char *key, int max_key_len)", "}", "int pw__digest(const char *password, const unsigned char *salt, unsigned int salt_len, unsigned char *hash, unsigned int *hash_len, enum mosquitto_pwhash_type hashtype, int iterations)", "\tdigest = EVP_get_digestbyname(\\\"sha512\\\");", "\tif(!digest){", "\t\treturn 1;", "\tif(hashtype == pw_sha512){", "\t\tcontext = EVP_MD_CTX_new();", "\t\tEVP_DigestInit_ex(context, digest, NULL);", "\t\tEVP_DigestUpdate(context, password, strlen(password));", "\t\tEVP_DigestUpdate(context, salt, salt_len);", "\t\tEVP_DigestFinal_ex(context, hash, hash_len);", "\t\tEVP_MD_CTX_free(context);", "\t}else{", "\t\t*hash_len = EVP_MAX_MD_SIZE;", "\t\tPKCS5_PBKDF2_HMAC(password, (int)strlen(password),", "\t\t\tsalt, (int)salt_len, iterations,", "\t\t\tdigest, (int)(*hash_len), hash);", "\treturn MOSQ_ERR_SUCCESS;", "}" ] }, { "file": "client_shared.c", "removable_lines": 160, "line_numbers": [ 389, 393, 394, 397, 398, 401, 402, 407, 408, 411, 412, 532, 533, 534, 538, 542, 543, 549, 550, 551, 553, 555, 557, 558, 559, 561, 563, 565, 566, 567, 569, 571, 574, 575, 587, 590, 592, 594, 595, 596, 598, 600, 601, 611, 613, 614, 616, 618, 619, 635, 637, 638, 653, 655, 658, 659, 669, 703, 706, 707, 708, 710, 712, 714, 715, 716, 718, 720, 723, 733, 734, 736, 737, 738, 740, 741, 743, 744, 745, 884, 885, 886, 888, 890, 892, 893, 894, 896, 898, 901, 1035, 1037, 1038, 1039, 1040, 1042, 1044, 1045, 1046, 1047, 1048, 1050, 1052, 1053, 1054, 1055, 1056, 1058, 1060, 1061, 1062, 1063, 1064, 1065, 1066, 1068, 1070, 1072, 1073, 1220, 1221, 1253, 1259, 1260, 1261, 1262, 1264, 1265, 1269, 1270, 1271, 1272, 1275, 1276, 1277, 1279, 1280, 1283, 1284, 1285, 1288, 1289, 1290, 1293, 1294, 1295, 1298, 1299, 1300, 1303, 1304, 1305, 1308, 1309, 1310, 1362, 1364, 1367, 1368, 1371 ], "source_snippets": [ "\t\treturn 1;", "\t\tfprintf(stderr, \\\"Error: Both certfile and keyfile must be provided if one of them is set.\\n\\\");", "\t\treturn 1;", "\t\tfprintf(stderr, \\\"Error: If keyform is set, keyfile must be also specified.\\n\\\");", "\t\treturn 1;", "\t\tfprintf(stderr, \\\"Error: when using tls-engine-kpass-sha1, both tls-engine and keyform must also be provided.\\n\\\");", "\t\treturn 1;", "\t\tfprintf(stderr, \\\"Error: Only one of --psk or --cafile/--capath may be used at once.\\n\\\");", "\t\treturn 1;", "\t\tfprintf(stderr, \\\"Error: --psk-identity required if --psk used.\\n\\\");", "\t\treturn 1;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: -A argument given but no address specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\ti++;", "\t\t\t\tfprintf(stderr, \\\"Error: --cafile argument given but no file specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --capath argument given but no directory specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->capath = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --cert argument given but no file specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->certfile = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --ciphers argument given but no ciphers specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->ciphers = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t\tif(pub_or_sub != CLIENT_SUB){", "\t\t\t\tgoto unknown_option;", "\t\t\t\ti++;", "\t\t\tcfg->clean_session = false;", "\t\t\tcfg->debug = true;", "\t\t\ti++;", "\t\t\tif(cfg_parse_property(cfg, argc, argv, &i)){", "\t\t\t\treturn 1;", "\t\t\tcfg->protocol_version = MQTT_PROTOCOL_V5;", "\t\t\tif(pub_or_sub != CLIENT_RR){", "\t\t\t\tgoto unknown_option;", "\t\t\ti++;", "\t\t\tif(pub_or_sub != CLIENT_SUB){", "\t\t\t\tgoto unknown_option;", "\t\t\tcfg->exit_after_sub = true;", "\t\t\tif(pub_or_sub == CLIENT_SUB){", "\t\t\t\tgoto unknown_option;", "\t\t\ti++;", "\t\t\tif(pub_or_sub == CLIENT_PUB){", "\t\t\t\tgoto unknown_option;", "\t\t\ti++;", "\t\t\treturn 2;", "\t\t\t\tfprintf(stderr, \\\"Error: -h argument given but no host specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\tif(cfg->id_prefix){", "\t\t\ti++;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --key argument given but no file specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->keyfile = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --keyform argument given but no keyform specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->keyform = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t\tif(i==argc-1){", "\t\t\t\t\tcfg->port = 1883;", "\t\t\t\t} else if(!strncasecmp(url, \\\"mqtts://\\\", 8)) {", "\t\t\t\t\turl += 8;", "\t\t\t\t\tcfg->port = 8883;", "\t\t\t\t\tcfg->tls_use_os_certs = true;", "\t\t\t\t\tfprintf(stderr, \\\"Error: TLS support not available.\\n\\n\\\");", "\t\t\t\t\treturn 1;", "\t\t\t\t} else {", "\t\t\t\t\tfprintf(stderr, \\\"Error: unsupported URL scheme.\\n\\n\\\");", "\t\t\t\t\treturn 1;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --psk argument given but no key specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->psk = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --psk-identity argument given but no identity specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->psk_identity = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t\tif(i==argc-1){", "\t\t\ti++;", "\t\t}else if(!strcmp(argv[i], \\\"--tls-alpn\\\")){", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --tls-alpn argument given but no protocol specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->tls_alpn = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t}else if(!strcmp(argv[i], \\\"--tls-engine\\\")){", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --tls-engine argument given but no engine_id specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->tls_engine = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t}else if(!strcmp(argv[i], \\\"--tls-engine-kpass-sha1\\\")){", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --tls-engine-kpass-sha1 argument given but no kpass sha1 specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->tls_engine_kpass_sha1 = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t}else if(!strcmp(argv[i], \\\"--tls-use-os-certs\\\")){", "\t\t\tcfg->tls_use_os_certs = true;", "\t\t}else if(!strcmp(argv[i], \\\"--tls-version\\\")){", "\t\t\tif(i==argc-1){", "\t\t\t\tfprintf(stderr, \\\"Error: --tls-version argument given but no version specified.\\n\\n\\\");", "\t\t\t\treturn 1;", "\t\t\t\tcfg->tls_version = strdup(argv[i+1]);", "\t\t\ti++;", "\t\t}else if(!strcmp(argv[i], \\\"-U\\\") || !strcmp(argv[i], \\\"--unsubscribe\\\")){", "\t\t\tif(pub_or_sub != CLIENT_SUB){", "\t\t}else{", "\t\t\tgoto unknown_option;", "\t\treturn 1;", "\t\t\tif(rc == MOSQ_ERR_INVAL){", "\t\t\t\terr_printf(cfg, \\\"Error: Problem setting TLS options: File not found.\\n\\\");", "\t\t\t}else{", "\t\t\t\terr_printf(cfg, \\\"Error: Problem setting TLS options: %s.\\n\\\", mosquitto_strerror(rc));", "\t\t\tmosquitto_lib_cleanup();", "\t\t\treturn 1;", "\t\tif(mosquitto_tls_psk_set(mosq, cfg->psk, cfg->psk_identity, NULL)){", "\t\t\terr_printf(cfg, \\\"Error: Problem setting TLS-PSK options.\\n\\\");", "\t\t\tmosquitto_lib_cleanup();", "\t\t\treturn 1;", "\t}else if(cfg->port == 8883){", "\t\tmosquitto_int_option(mosq, MOSQ_OPT_TLS_USE_OS_CERTS, 1);", "\t}", "\t\tmosquitto_int_option(mosq, MOSQ_OPT_TLS_USE_OS_CERTS, 1);", "\t}", "\t\terr_printf(cfg, \\\"Error: Problem setting TLS insecure option.\\n\\\");", "\t\tmosquitto_lib_cleanup();", "\t\treturn 1;", "\t\terr_printf(cfg, \\\"Error: Problem setting TLS engine, is %s a valid engine?\\n\\\", cfg->tls_engine);", "\t\tmosquitto_lib_cleanup();", "\t\treturn 1;", "\t\terr_printf(cfg, \\\"Error: Problem setting key form, it must be one of 'pem' or 'engine'.\\n\\\");", "\t\tmosquitto_lib_cleanup();", "\t\treturn 1;", "\t\terr_printf(cfg, \\\"Error: Problem setting TLS engine key pass sha, is it a 40 character hex string?\\n\\\");", "\t\tmosquitto_lib_cleanup();", "\t\treturn 1;", "\t\terr_printf(cfg, \\\"Error: Problem setting TLS ALPN protocol.\\n\\\");", "\t\tmosquitto_lib_cleanup();", "\t\treturn 1;", "\t\terr_printf(cfg, \\\"Error: Problem setting TLS options, check the options are valid.\\n\\\");", "\t\tmosquitto_lib_cleanup();", "\t\treturn 1;", "\t\tif(cfg->cafile || cfg->capath", "\t\t\t\t|| cfg->psk", "\t\t\tport = 8883;", "\t\t}else", "\t\t\tport = 1883;" ] }, { "file": "options.c", "removable_lines": 155, "line_numbers": [ 124, 127, 141, 146, 153, 154, 155, 157, 162, 163, 164, 165, 166, 167, 169, 170, 171, 173, 174, 175, 177, 182, 183, 184, 185, 186, 187, 189, 190, 192, 193, 194, 196, 197, 198, 200, 207, 208, 209, 210, 211, 212, 214, 220, 223, 225, 226, 227, 228, 229, 231, 232, 233, 234, 236, 237, 238, 240, 241, 242, 243, 244, 248, 250, 251, 252, 253, 255, 257, 260, 267, 268, 270, 275, 284, 287, 288, 289, 290, 291, 293, 294, 295, 296, 298, 299, 301, 307, 308, 309, 310, 311, 312, 313, 315, 317, 324, 325, 327, 328, 330, 336, 337, 338, 340, 342, 366, 369, 372, 373, 375, 376, 378, 379, 380, 381, 383, 384, 385, 386, 387, 390, 392, 393, 394, 395, 397, 399, 402, 465, 466, 467, 468, 470, 472, 477, 478, 479, 480, 482, 484, 489, 491, 493, 496, 510, 513, 514, 516, 520, 521, 523, 526, 528, 529 ], "source_snippets": [ "}", "int mosquitto_tls_set(struct mosquitto *mosq, const char *cafile, const char *capath, const char *certfile, const char *keyfile, int (*pw_callback)(char *buf, int size, int rwflag, void *userdata))", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\treturn MOSQ_ERR_NOMEM;", "\t\tmosq->tls_capath = mosquitto__strdup(capath);", "\t\tif(!mosq->tls_capath){", "\t\t\treturn MOSQ_ERR_NOMEM;", "\t}", "\t\tfptr = mosquitto__fopen(certfile, \\\"rt\\\", false);", "\t\tif(fptr){", "\t\t\tfclose(fptr);", "\t\t}else{", "\t\t\tmosquitto__free(mosq->tls_cafile);", "\t\t\tmosq->tls_cafile = NULL;", "\t\t\tmosquitto__free(mosq->tls_capath);", "\t\t\tmosq->tls_capath = NULL;", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\tmosq->tls_certfile = mosquitto__strdup(certfile);", "\t\tif(!mosq->tls_certfile){", "\t\t\treturn MOSQ_ERR_NOMEM;", "\t}", "\t\tfptr = mosquitto__fopen(keyfile, \\\"rt\\\", false);", "\t\tif(fptr){", "\t\t\tfclose(fptr);", "\t\t}else{", "\t\t\tmosquitto__free(mosq->tls_cafile);", "\t\t\tmosq->tls_cafile = NULL;", "\t\t\tmosquitto__free(mosq->tls_capath);", "\t\t\tmosq->tls_capath = NULL;", "\t\t\tmosquitto__free(mosq->tls_certfile);", "\t\t\tmosq->tls_certfile = NULL;", "\t\t\treturn MOSQ_ERR_INVAL;", "\t\tmosq->tls_keyfile = mosquitto__strdup(keyfile);", "\t\tif(!mosq->tls_keyfile){", "\t\t\treturn MOSQ_ERR_NOMEM;", "\t}", "\tUNUSED(mosq);", "\tUNUSED(cafile);", "\tUNUSED(capath);", "\tUNUSED(certfile);", "\tUNUSED(keyfile);", "\tUNUSED(pw_callback);", "\treturn MOSQ_ERR_NOT_SUPPORTED;", "int mosquitto_tls_opts_set(struct mosquitto *mosq, int cert_reqs, const char *tls_version, const char *ciphers)", "\tif(!mosq) return MOSQ_ERR_INVAL;", "\tmosq->tls_cert_reqs = cert_reqs;", "\tif(tls_version){", "\t\tif(!strcasecmp(tls_version, \\\"tlsv1.3\\\")", "\t\t\t\t|| !strcasecmp(tls_version, \\\"tlsv1.2\\\")", "\t\t\t\t|| !strcasecmp(tls_version, \\\"tlsv1.1\\\")){", "\t\t\tmosq->tls_version = mosquitto__strdup(tls_version);", "\t\t\tif(!mosq->tls_version) return MOSQ_ERR_NOMEM;", "\t\t}else{", "\t\t\treturn MOSQ_ERR_INVAL;", "\t}else{", "\t\tmosq->tls_version = mosquitto__strdup(\\\"tlsv1.2\\\");", "\t\tif(!mosq->tls_version) return MOSQ_ERR_NOMEM;", "\tif(ciphers){", "\t\tmosq->tls_ciphers = mosquitto__strdup(ciphers);", "\t\tif(!mosq->tls_ciphers) return MOSQ_ERR_NOMEM;", "\t}else{", "\t\tmosq->tls_ciphers = NULL;", "\treturn MOSQ_ERR_SUCCESS;", "\tUNUSED(mosq);", "\tUNUSED(cert_reqs);", "\tUNUSED(tls_version);", "\tUNUSED(ciphers);", "\treturn MOSQ_ERR_NOT_SUPPORTED;", "}", "int mosquitto_tls_insecure_set(struct mosquitto *mosq, bool value)", "\tUNUSED(mosq);", "\tUNUSED(value);", "\treturn MOSQ_ERR_NOT_SUPPORTED;", "int mosquitto_string_option(struct mosquitto *mosq, enum mosq_opt_t option, const char *value)", "\tswitch(option){", "\t\t\tmosquitto__free(mosq->tls_engine);", "\t\t\tif(value){", "\t\t\t\teng = ENGINE_by_id(value);", "\t\t\t\tif(!eng){", "\t\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\t\tENGINE_free(eng); /* release the structural reference from ENGINE_by_id() */", "\t\t\t\tmosq->tls_engine = mosquitto__strdup(value);", "\t\t\t\tif(!mosq->tls_engine){", "\t\t\t\t\treturn MOSQ_ERR_NOMEM;", "\t\t\t}", "\t\t\treturn MOSQ_ERR_SUCCESS;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "\t\t\tif(!value) return MOSQ_ERR_INVAL;", "\t\t\tif(!strcasecmp(value, \\\"pem\\\")){", "\t\t\t\tmosq->tls_keyform = mosq_k_pem;", "\t\t\t}else if (!strcasecmp(value, \\\"engine\\\")){", "\t\t\t\tmosq->tls_keyform = mosq_k_engine;", "\t\t\t}else{", "\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\treturn MOSQ_ERR_SUCCESS;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "\t\t\tif(mosquitto__hex2bin_sha1(value, (unsigned char**)&str) != MOSQ_ERR_SUCCESS){", "\t\t\t\treturn MOSQ_ERR_INVAL;", "\t\t\tmosq->tls_engine_kpass_sha1 = str;", "\t\t\treturn MOSQ_ERR_SUCCESS;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "\t\t\tmosq->tls_alpn = mosquitto__strdup(value);", "\t\t\tif(!mosq->tls_alpn){", "\t\t\t\treturn MOSQ_ERR_NOMEM;", "\t\t\treturn MOSQ_ERR_SUCCESS;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "int mosquitto_tls_psk_set(struct mosquitto *mosq, const char *psk, const char *identity, const char *ciphers)", "\tif(!mosq || !psk || !identity) return MOSQ_ERR_INVAL;", "\tif(strspn(psk, \\\"0123456789abcdefABCDEF\\\") < strlen(psk)){", "\t\treturn MOSQ_ERR_INVAL;", "\tmosq->tls_psk = mosquitto__strdup(psk);", "\tif(!mosq->tls_psk) return MOSQ_ERR_NOMEM;", "\tmosq->tls_psk_identity = mosquitto__strdup(identity);", "\tif(!mosq->tls_psk_identity){", "\t\tmosquitto__free(mosq->tls_psk);", "\t\treturn MOSQ_ERR_NOMEM;", "\tif(ciphers){", "\t\tmosq->tls_ciphers = mosquitto__strdup(ciphers);", "\t\tif(!mosq->tls_ciphers) return MOSQ_ERR_NOMEM;", "\t}else{", "\t\tmosq->tls_ciphers = NULL;", "\treturn MOSQ_ERR_SUCCESS;", "\tUNUSED(mosq);", "\tUNUSED(psk);", "\tUNUSED(identity);", "\tUNUSED(ciphers);", "\treturn MOSQ_ERR_NOT_SUPPORTED;", "}", "int mosquitto_opts_set(struct mosquitto *mosq, enum mosq_opt_t option, void *value)", "\t\t\tif(value){", "\t\t\t\tmosq->ssl_ctx_defaults = true;", "\t\t\t}else{", "\t\t\t\tmosq->ssl_ctx_defaults = false;", "\t\t\tbreak;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "\t\t\tif(value){", "\t\t\t\tmosq->tls_use_os_certs = true;", "\t\t\t}else{", "\t\t\t\tmosq->tls_use_os_certs = false;", "\t\t\tbreak;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "\t\t\tmosq->tls_ocsp_required = (bool)value;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "\t\t\tbreak;", "\t\t\tmosq->tcp_nodelay = (bool)value;", "\tswitch(option){", "\t\t\tmosq->user_ssl_ctx = (SSL_CTX *)value;", "\t\t\tif(mosq->user_ssl_ctx){", "\t\t\t\tSSL_CTX_up_ref(mosq->user_ssl_ctx);", "\t\t\t}", "\t\t\tbreak;", "\t\t\treturn MOSQ_ERR_NOT_SUPPORTED;", "\t\t\treturn MOSQ_ERR_INVAL;", "\treturn MOSQ_ERR_SUCCESS;", "}" ] }, { "file": "handle_connect.c", "removable_lines": 102, "line_numbers": [ 444, 447, 717, 720, 722, 723, 724, 725, 727, 728, 729, 730, 731, 733, 734, 737, 739, 740, 741, 742, 743, 745, 746, 748, 750, 751, 752, 753, 754, 755, 757, 758, 760, 761, 762, 763, 764, 765, 767, 768, 770, 771, 772, 773, 774, 775, 776, 778, 779, 781, 782, 783, 784, 785, 786, 787, 788, 790, 791, 796, 798, 799, 800, 801, 802, 804, 805, 808, 809, 810, 811, 812, 814, 815, 817, 818, 819, 820, 821, 822, 823, 824, 825, 826, 827, 829, 830, 831, 832, 834, 835, 836, 838, 839, 843, 910, 912, 915, 948, 949, 951, 954 ], "source_snippets": [ "\tX509 *client_cert = NULL;", "\tASN1_STRING *name_asn1 = NULL;", "\tclient_id = NULL;", "\tif(context->listener->ssl_ctx && (context->listener->use_identity_as_username || context->listener->use_subject_as_username)){", "\t\tmosquitto__free(username);", "\t\tusername = NULL;", "\t\tmosquitto__free(password);", "\t\tpassword = NULL;", "\t\tif(!context->ssl){", "\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\tsend__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);", "\t\t\t}else{", "\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);", "\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\tgoto handle_connect_error;", "\t\tif(context->listener->psk_hint){", "\t\t\tif(!context->username){", "\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\tsend__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);", "\t\t\t\t}else{", "\t\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);", "\t\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\t\tgoto handle_connect_error;", "\t\t}else{", "\t\t\tclient_cert = SSL_get_peer_certificate(context->ssl);", "\t\t\tif(!client_cert){", "\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\tsend__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);", "\t\t\t\t}else{", "\t\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);", "\t\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\t\tgoto handle_connect_error;", "\t\t\tname = X509_get_subject_name(client_cert);", "\t\t\tif(!name){", "\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\tsend__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);", "\t\t\t\t}else{", "\t\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);", "\t\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\t\tgoto handle_connect_error;", "\t\t\tif (context->listener->use_identity_as_username) { /* use_identity_as_username */", "\t\t\t\ti = X509_NAME_get_index_by_NID(name, NID_commonName, -1);", "\t\t\t\tif(i == -1){", "\t\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\t\tsend__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);", "\t\t\t\t\t}else{", "\t\t\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);", "\t\t\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\t\t\tgoto handle_connect_error;", "\t\t\t\tname_entry = X509_NAME_get_entry(name, i);", "\t\t\t\tif(name_entry){", "\t\t\t\t\tname_asn1 = X509_NAME_ENTRY_get_data(name_entry);", "\t\t\t\t\tif (name_asn1 == NULL) {", "\t\t\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\t\t\tsend__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);", "\t\t\t\t\t\t}else{", "\t\t\t\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);", "\t\t\t\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\t\t\t\tgoto handle_connect_error;", "\t\t\t\t\tcontext->username = mosquitto__strdup((char *) ASN1_STRING_get0_data(name_asn1));", "\t\t\t\t\tif(!context->username){", "\t\t\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\t\t\tsend__connack(context, 0, MQTT_RC_SERVER_UNAVAILABLE, NULL);", "\t\t\t\t\t\t}else{", "\t\t\t\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_SERVER_UNAVAILABLE, NULL);", "\t\t\t\t\t\trc = MOSQ_ERR_NOMEM;", "\t\t\t\t\t\tgoto handle_connect_error;", "\t\t\t\t\tif ((size_t)ASN1_STRING_length(name_asn1) != strlen(context->username)) {", "\t\t\t\t\t\tif(context->protocol == mosq_p_mqtt5){", "\t\t\t\t\t\t\tsend__connack(context, 0, MQTT_RC_BAD_USERNAME_OR_PASSWORD, NULL);", "\t\t\t\t\t\t}else{", "\t\t\t\t\t\t\tsend__connack(context, 0, CONNACK_REFUSED_BAD_USERNAME_PASSWORD, NULL);", "\t\t\t\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\t\t\t\tgoto handle_connect_error;", "\t\t\t\t}", "\t\t\t} else { /* use_subject_as_username */", "\t\t\t\tsubject_bio = BIO_new(BIO_s_mem());", "\t\t\t\tX509_NAME_print_ex(subject_bio, X509_get_subject_name(client_cert), 0, XN_FLAG_RFC2253);", "\t\t\t\tdata_start = NULL;", "\t\t\t\tname_length = BIO_get_mem_data(subject_bio, &data_start);", "\t\t\t\tsubject = mosquitto__malloc(sizeof(char)*(size_t)(name_length+1));", "\t\t\t\tif(!subject){", "\t\t\t\t\tBIO_free(subject_bio);", "\t\t\t\t\trc = MOSQ_ERR_NOMEM;", "\t\t\t\t\tgoto handle_connect_error;", "\t\t\t\tmemcpy(subject, data_start, (size_t)name_length);", "\t\t\t\tsubject[name_length] = '\\0';", "\t\t\t\tBIO_free(subject_bio);", "\t\t\t\tcontext->username = subject;", "\t\t\tif(!context->username){", "\t\t\t\trc = MOSQ_ERR_AUTH;", "\t\t\t\tgoto handle_connect_error;", "\t\t\tX509_free(client_cert);", "\t\t\tclient_cert = NULL;", "\t}else", "\t\tif(context->listener->ssl_ctx && (context->listener->use_identity_as_username || context->listener->use_subject_as_username)){", "\t\t}else", "\t\t\trc = mosquitto_unpwd_check(context);", "\t}", "\tcontext->will = NULL;", "\tif(client_cert) X509_free(client_cert);", "\tcontext->clean_start = true;" ] }, { "file": "password_mosq.c", "removable_lines": 77, "line_numbers": [ 63, 68, 69, 70, 71, 72, 73, 74, 75, 77, 78, 79, 80, 81, 83, 84, 85, 87, 88, 91, 97, 99, 100, 101, 103, 105, 106, 107, 108, 110, 111, 113, 114, 115, 117, 118, 119, 120, 122, 123, 125, 126, 127, 128, 129, 131, 133, 134, 138, 150, 151, 152, 153, 155, 156, 157, 159, 160, 163, 164, 165, 168, 177, 178, 179, 180, 181, 182, 184, 185, 186, 187, 188, 189, 192, 193, 196 ], "source_snippets": [ "int base64__encode(unsigned char *in, unsigned int in_len, char **encoded)", "\tb64 = BIO_new(BIO_f_base64());", "\tBIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);", "\tbmem = BIO_new(BIO_s_mem());", "\tb64 = BIO_push(b64, bmem);", "\tBIO_write(b64, in, (int)in_len);", "\tif(BIO_flush(b64) != 1){", "\t\tBIO_free_all(b64);", "\t\treturn 1;", "\tBIO_get_mem_ptr(b64, &bptr);", "\t*encoded = malloc(bptr->length+1);", "\tif(!(*encoded)){", "\t\tBIO_free_all(b64);", "\t\treturn 1;", "\tmemcpy(*encoded, bptr->data, bptr->length);", "\t(*encoded)[bptr->length] = '\\0';", "\tBIO_free_all(b64);", "\treturn 0;", "}", "int base64__decode(char *in, unsigned char **decoded, unsigned int *decoded_len)", "\tslen = strlen(in);", "\tb64 = BIO_new(BIO_f_base64());", "\tif(!b64){", "\t\treturn 1;", "\tBIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);", "\tbmem = BIO_new(BIO_s_mem());", "\tif(!bmem){", "\t\tBIO_free_all(b64);", "\t\treturn 1;", "\tb64 = BIO_push(b64, bmem);", "\tBIO_write(bmem, in, (int)slen);", "\tif(BIO_flush(bmem) != 1){", "\t\tBIO_free_all(b64);", "\t\treturn 1;", "\t*decoded = mosquitto_calloc(slen, 1);", "\tif(!(*decoded)){", "\t\tBIO_free_all(b64);", "\t\treturn 1;", "\tlen = BIO_read(b64, *decoded, (int)slen);", "\tBIO_free_all(b64);", "\tif(len <= 0){", "\t\tmosquitto_free(*decoded);", "\t\t*decoded = NULL;", "\t\t*decoded_len = 0;", "\t\treturn 1;", "\t*decoded_len = (unsigned int)len;", "\treturn 0;", "}", "int pw__hash(const char *password, struct mosquitto_pw *pw, bool new_password, int new_iterations)", "\tif(new_password){", "\t\trc = RAND_bytes(pw->salt, sizeof(pw->salt));", "\t\tif(!rc){", "\t\t\treturn MOSQ_ERR_UNKNOWN;", "\t\titerations = new_iterations;", "\t}else{", "\t\titerations = pw->iterations;", "\tif(iterations < 1){", "\t\treturn MOSQ_ERR_INVAL;", "\tdigest = EVP_get_digestbyname(\\\"sha512\\\");", "\tif(!digest){", "\t\treturn MOSQ_ERR_UNKNOWN;", "\tif(pw->hashtype == pw_sha512){", "\t\tcontext = EVP_MD_CTX_new();", "\t\tEVP_DigestInit_ex(context, digest, NULL);", "\t\tEVP_DigestUpdate(context, password, strlen(password));", "\t\tEVP_DigestUpdate(context, pw->salt, sizeof(pw->salt));", "\t\tEVP_DigestFinal_ex(context, pw->password_hash, &hash_len);", "\t\tEVP_MD_CTX_free(context);", "\t}else{", "\t\tpw->iterations = iterations;", "\t\thash_len = sizeof(pw->password_hash);", "\t\tPKCS5_PBKDF2_HMAC(password, (int)strlen(password),", "\t\t\tpw->salt, sizeof(pw->salt), iterations,", "\t\t\tdigest, (int)hash_len, pw->password_hash);", "\treturn MOSQ_ERR_SUCCESS;", "}", "int pw__memcmp_const(const void *a, const void *b, size_t len)" ] }, { "file": "util_mosq.c", "removable_lines": 42, "line_numbers": [ 164, 168, 169, 172, 173, 174, 176, 177, 178, 179, 181, 183, 185, 186, 187, 190, 191, 192, 194, 195, 196, 198, 200, 201, 202, 204, 205, 206, 209, 210, 211, 212, 215, 247, 250, 251, 252, 272, 273, 274, 275, 277 ], "source_snippets": [ "int mosquitto__hex2bin_sha1(const char *hex, unsigned char **bin)", "\tif(mosquitto__hex2bin(hex, tmp, SHA_DIGEST_LENGTH) != SHA_DIGEST_LENGTH){", "\t\treturn MOSQ_ERR_INVAL;", "\tsha = mosquitto__malloc(SHA_DIGEST_LENGTH);", "\tif(!sha){", "\t\treturn MOSQ_ERR_NOMEM;", "\tmemcpy(sha, tmp, SHA_DIGEST_LENGTH);", "\t*bin = sha;", "\treturn MOSQ_ERR_SUCCESS;", "}", "int mosquitto__hex2bin(const char *hex, unsigned char *bin, int bin_max_len)", "\tBIGNUM *bn = NULL;", "\tint leading_zero = 0;", "\tint start = 0;", "\tsize_t i = 0;", "\tfor(i=0; i bin_max_len){", "\t\tBN_free(bn);", "\t\treturn 0;", "\tlen = BN_bn2bin(bn, bin + leading_zero);", "\tBN_free(bn);", "\treturn len + leading_zero;", "}", "void util__increment_receive_quota(struct mosquitto *mosq)", "\tint rc = MOSQ_ERR_UNKNOWN;", "\tif(RAND_bytes(bytes, count) == 1){", "\t\trc = MOSQ_ERR_SUCCESS;", "\t}", "\tfor(i=0; ipassword = new_context->bridge->remote_password;", "\tnew_context->tls_cafile = new_context->bridge->tls_cafile;", "\tnew_context->tls_capath = new_context->bridge->tls_capath;", "\tnew_context->tls_certfile = new_context->bridge->tls_certfile;", "\tnew_context->tls_keyfile = new_context->bridge->tls_keyfile;", "\tnew_context->tls_cert_reqs = SSL_VERIFY_PEER;", "\tnew_context->tls_ocsp_required = new_context->bridge->tls_ocsp_required;", "\tnew_context->tls_version = new_context->bridge->tls_version;", "\tnew_context->tls_insecure = new_context->bridge->tls_insecure;", "\tnew_context->tls_alpn = new_context->bridge->tls_alpn;", "\tnew_context->tls_engine = db.config->default_listener.tls_engine;", "\tnew_context->tls_keyform = db.config->default_listener.tls_keyform;", "\tnew_context->ssl_ctx_defaults = true;", "\tnew_context->tls_psk_identity = new_context->bridge->tls_psk_identity;", "\tnew_context->tls_psk = new_context->bridge->tls_psk;", "\t}", "\tcontext->bridge->remote_password = NULL;", "\tif(context->ssl_ctx){", "\t\tSSL_CTX_free(context->ssl_ctx);", "\t\tcontext->ssl_ctx = NULL;", "\t}", "}" ] }, { "file": "misc_mosq.c", "removable_lines": 13, "line_numbers": [ 44, 129, 131, 132, 135, 136, 137, 139, 141, 149, 151, 154, 157 ], "source_snippets": [ "FILE *mosquitto__fopen(const char *path, const char *mode, bool restrict_read)", "\tif(mode[0] == 'r'){", "\t\tif(stat(path, &statbuf) < 0){", "\t\t\treturn NULL;", "\t\tif(!S_ISREG(statbuf.st_mode) && !S_ISLNK(statbuf.st_mode)){", "\t\t\tlog__printf(NULL, MOSQ_LOG_ERR, \\\"Error: %s is not a file.\\\", path);", "\t\t\treturn NULL;", "\t}", "\tif (restrict_read) {", "\t\treturn fptr;", "\t\treturn fopen(path, mode);", "}", "char *misc__trimblanks(char *str)" ] }, { "file": "mosquitto.c", "removable_lines": 12, "line_numbers": [ 265, 266, 268, 269, 334, 335, 337, 338, 339, 340, 341, 343 ], "source_snippets": [ "\t\tSSL_free(mosq->ssl);", "\t}", "\t\tSSL_CTX_free(mosq->ssl_ctx);", "\t}", "\t\tresult = true;", "\t}", "\tif(mosq->ssl){", "\t\tif (mosq->want_write) {", "\t\t\tresult = true;", "\t\t}", "\t}", "\treturn result;" ] }, { "file": "mux_poll.c", "removable_lines": 11, "line_numbers": [ 290, 291, 292, 294, 296, 297, 333, 334, 336, 338, 339 ], "source_snippets": [ "\t\tif(pollfds[context->pollfd_index].revents & POLLOUT ||", "\t\t\t\tcontext->want_write ||", "\t\t\t\t(context->ssl && context->state == mosq_cs_new)){", "\t\tif(pollfds[context->pollfd_index].revents & POLLOUT){", "\t\t\tif(context->state == mosq_cs_connect_pending){", "\t\t\t\tlen = sizeof(int);", "\t\tif(pollfds[context->pollfd_index].revents & POLLIN ||", "\t\t\t\t(context->ssl && context->state == mosq_cs_new)){", "\t\tif(pollfds[context->pollfd_index].revents & POLLIN){", "\t\t\tdo{", "\t\t\t\trc = packet__read(context);" ] }, { "file": "loop.c", "removable_lines": 9, "line_numbers": [ 69, 70, 72, 73, 74, 75, 76, 78, 79 ], "source_snippets": [ "\t\t\tFD_SET(mosq->sock, &writefds);", "\t\t}", "\t\tif(mosq->ssl){", "\t\t\tif(mosq->want_write){", "\t\t\t\tFD_SET(mosq->sock, &writefds);", "\t\t\t}", "\t\t}", "\t\tpthread_mutex_unlock(&mosq->out_packet_mutex);", "\t\tpthread_mutex_unlock(&mosq->current_out_packet_mutex);" ] }, { "file": "plugin_public.c", "removable_lines": 8, "line_numbers": [ 74, 77, 78, 80, 83, 85, 87, 90 ], "source_snippets": [ "void *mosquitto_client_certificate(const struct mosquitto *client)", "\tif(client && client->ssl){", "\t\treturn SSL_get_peer_certificate(client->ssl);", "\t\treturn NULL;", "\tUNUSED(client);", "\treturn NULL;", "}", "int mosquitto_client_protocol(const struct mosquitto *client)" ] }, { "file": "context.c", "removable_lines": 4, "line_numbers": [ 89, 90, 92, 95 ], "source_snippets": [ "\tcontext->msgs_out.inflight_quota = db.config->max_inflight_messages;", "\tcontext->max_qos = 2;", "\tcontext->ssl = NULL;", "\tif((int)context->sock >= 0){" ] }, { "file": "memory_mosq.c", "removable_lines": 2, "line_numbers": [ 83, 141 ], "source_snippets": [ "void *mosquitto__malloc(size_t size)", "\treturn mem;" ] } ] }