diff options
author | James Yonan <james@openvpn.net> | 2010-12-09 11:21:04 +0000 |
---|---|---|
committer | James Yonan <james@openvpn.net> | 2010-12-09 11:21:04 +0000 |
commit | 2a3d17ed182608cf60d731a237f9f926c28db522 (patch) | |
tree | 6ffd2d41156ecafe4715447b4b4c006112d6f514 /base64.c | |
parent | Fixes to prevent compile breakage when --disable-crypto is used. (diff) | |
download | openvpn-2a3d17ed182608cf60d731a237f9f926c28db522.tar.xz |
Added "management-external-key" option. This option can be used
instead of "key" in client mode, and allows the client to run
without the need to load the actual private key. When the SSL
protocol needs to perform an RSA sign operation, the data to
be signed will be sent to the management interface via a
notification as follows:
>RSA_SIGN:[BASE64_DATA]
The management interface client should then sign BASE64_DATA
using the private key and return the signature as follows:
rsa-sig
[BASE64_SIG_LINE]
.
.
.
END
This capability is intended to allow the use of arbitrary
cryptographic service providers with OpenVPN via the
management interface.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6708 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to 'base64.c')
-rw-r--r-- | base64.c | 17 |
1 files changed, 15 insertions, 2 deletions
@@ -33,7 +33,7 @@ #include "syshead.h" -#if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_PKCS11) || defined(ENABLE_CLIENT_CR) +#if defined(ENABLE_HTTP_PROXY) || defined(ENABLE_PKCS11) || defined(ENABLE_CLIENT_CR) || defined(MANAGMENT_EXTERNAL_KEY) #include "base64.h" @@ -115,22 +115,35 @@ token_decode(const char *token) } int -base64_decode(const char *str, void *data) +base64_decode(const char *str, void *data, int size) { const char *p; unsigned char *q; + unsigned char *e = NULL; q = data; + if (size >= 0) + e = q + size; for (p = str; *p && (*p == '=' || strchr(base64_chars, *p)); p += 4) { unsigned int val = token_decode(p); unsigned int marker = (val >> 24) & 0xff; if (val == DECODE_ERROR) return -1; + if (e && q >= e) + return -1; *q++ = (val >> 16) & 0xff; if (marker < 2) + { + if (e && q >= e) + return -1; *q++ = (val >> 8) & 0xff; + } if (marker < 1) + { + if (e && q >= e) + return -1; *q++ = val & 0xff; + } } return q - (unsigned char *) data; } |