diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index b405f5803..0d1348c85 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -181,12 +181,12 @@ static inline void chunk_clear(chunk_t *chunk) /** * Clone a chunk on heap */ -#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc(chunk.len) : NULL, chunk) +#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk) /** * Clone a chunk on stack */ -#define chunk_clonea(chunk) chunk_create_clone(alloca(chunk.len), chunk) +#define chunk_clonea(chunk) chunk_create_clone(alloca((chunk).len), chunk) /** * Concatenate chunks into a chunk on heap diff --git a/src/pluto/ac.c b/src/pluto/ac.c index eb99fc70a..fadfa9e08 100644 --- a/src/pluto/ac.c +++ b/src/pluto/ac.c @@ -258,7 +258,7 @@ add_ietfAttr(ietfAttr_t *attr) ietfAttrList_t *el = malloc_thing(ietfAttrList_t); /* new attribute, unshare value */ - attr->value.ptr = clone_bytes(attr->value.ptr, attr->value.len); + attr->value = chunk_clone(attr->value); attr->count = 1; time(&attr->installed); diff --git a/src/pluto/asn1.c b/src/pluto/asn1.c index bb4ca8bfe..d00a24d6f 100644 --- a/src/pluto/asn1.c +++ b/src/pluto/asn1.c @@ -33,9 +33,9 @@ static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 }; static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 }; static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 }; -const chunk_t ASN1_INTEGER_0 = strchunk(ASN1_INTEGER_0_str); -const chunk_t ASN1_INTEGER_1 = strchunk(ASN1_INTEGER_1_str); -const chunk_t ASN1_INTEGER_2 = strchunk(ASN1_INTEGER_2_str); +const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str); +const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str); +const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str); /* some popular algorithmIdentifiers */ @@ -69,11 +69,11 @@ static u_char ASN1_rsaEncryption_id_str[] = { 0x05, 0x00 }; -const chunk_t ASN1_md5_id = strchunk(ASN1_md5_id_str); -const chunk_t ASN1_sha1_id = strchunk(ASN1_sha1_id_str); -const chunk_t ASN1_rsaEncryption_id = strchunk(ASN1_rsaEncryption_id_str); -const chunk_t ASN1_md5WithRSA_id = strchunk(ASN1_md5WithRSA_id_str); -const chunk_t ASN1_sha1WithRSA_id = strchunk(ASN1_sha1WithRSA_id_str); +const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str); +const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str); +const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str); +const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str); +const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str); /* ASN.1 definition of an algorithmIdentifier */ diff --git a/src/pluto/ca.c b/src/pluto/ca.c index 85f31c0bd..0c070823d 100644 --- a/src/pluto/ca.c +++ b/src/pluto/ca.c @@ -452,11 +452,9 @@ free_ca_info(ca_info_t* ca_info) free(ca_info->ldaphost); free(ca_info->ldapbase); free(ca_info->ocspuri); - - freeanychunk(ca_info->authName); - freeanychunk(ca_info->authKeyID); - freeanychunk(ca_info->authKeySerialNumber); - + free(ca_info->authName.ptr); + free(ca_info->authKeyID.ptr); + free(ca_info->authKeySerialNumber.ptr); free_generalNames(ca_info->crluri, TRUE); free(ca_info); } @@ -564,21 +562,19 @@ add_ca_info(const whack_message_t *msg) ca->name = clone_str(msg->name); /* authName */ - clonetochunk(ca->authName, cacert->subject.ptr, cacert->subject.len); + ca->authName = chunk_clone(cacert->subject); dntoa(buf, BUF_LEN, ca->authName); DBG(DBG_CONTROL, DBG_log("authname: '%s'", buf) ) /* authSerialNumber */ - clonetochunk(ca->authKeySerialNumber, cacert->serialNumber.ptr, - cacert->serialNumber.len); + ca->authKeySerialNumber = chunk_clone(cacert->serialNumber); /* authKeyID */ if (cacert->subjectKeyID.ptr != NULL) { - clonetochunk(ca->authKeyID, cacert->subjectKeyID.ptr, - cacert->subjectKeyID.len); + ca->authKeyID = chunk_clone(cacert->subjectKeyID); datatot(cacert->subjectKeyID.ptr, cacert->subjectKeyID.len, ':' , buf, BUF_LEN); DBG(DBG_CONTROL | DBG_PARSING , diff --git a/src/pluto/connections.c b/src/pluto/connections.c index cac45d1af..b51515d17 100644 --- a/src/pluto/connections.c +++ b/src/pluto/connections.c @@ -338,11 +338,11 @@ delete_connection(struct connection *c, bool relations) free(c->name); free_id_content(&c->spd.this.id); free(c->spd.this.updown); - freeanychunk(c->spd.this.ca); + free(c->spd.this.ca.ptr); free_ietfAttrList(c->spd.this.groups); free_id_content(&c->spd.that.id); free(c->spd.that.updown); - freeanychunk(c->spd.that.ca); + free(c->spd.that.ca.ptr); free_ietfAttrList(c->spd.that.groups); free_generalNames(c->requested_ca, TRUE); gw_delref(&c->gw_info); @@ -688,17 +688,13 @@ unshare_connection_strings(struct connection *c) c->spd.this.updown = clone_str(c->spd.this.updown); scx_share(c->spd.this.sc); share_cert(c->spd.this.cert); - if (c->spd.this.ca.ptr != NULL) - clonetochunk(c->spd.this.ca, c->spd.this.ca.ptr, c->spd.this.ca.len); + c->spd.this.ca = chunk_clone(c->spd.this.ca); unshare_id_content(&c->spd.that.id); c->spd.that.updown = clone_str(c->spd.that.updown); scx_share(c->spd.that.sc); share_cert(c->spd.that.cert); - if (c->spd.that.ca.ptr != NULL) - { - clonetochunk(c->spd.that.ca, c->spd.that.ca.ptr, c->spd.that.ca.len); - } + c->spd.that.ca = chunk_clone(c->spd.that.ca); /* increment references to algo's */ alg_info_addref((struct alg_info *)c->alg_info_esp); diff --git a/src/pluto/defs.c b/src/pluto/defs.c index e2f65e8c4..c6dde5a62 100644 --- a/src/pluto/defs.c +++ b/src/pluto/defs.c @@ -29,8 +29,27 @@ #include "log.h" #include "whack.h" /* for RC_LOG_SERIOUS */ +/** + * Empty chunk. + */ const chunk_t chunk_empty = { NULL, 0 }; +/** + * Create a clone of a chunk pointing to "ptr" + */ +chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk) +{ + chunk_t clone = chunk_empty; + + if (chunk.ptr && chunk.len > 0) + { + clone.ptr = ptr; + clone.len = chunk.len; + memcpy(clone.ptr, chunk.ptr, chunk.len); + } + return clone; +} + bool all_zero(const unsigned char *m, size_t len) { @@ -86,17 +105,17 @@ concatenate_paths(const char *a, const char *b) /* compare two chunks, returns zero if a equals b * negative/positive if a is earlier/later in the alphabet than b */ -int -cmp_chunk(chunk_t a, chunk_t b) +int chunk_compare(chunk_t a, chunk_t b) { - int cmp_len, len, cmp_value; - - cmp_len = a.len - b.len; - len = (cmp_len < 0)? a.len : b.len; - cmp_value = memcmp(a.ptr, b.ptr, len); + int compare_len = a.len - b.len; + int len = (compare_len < 0)? a.len : b.len; - return (cmp_value == 0)? cmp_len : cmp_value; -}; + if (compare_len != 0 || len == 0) + { + return compare_len; + } + return memcmp(a.ptr, b.ptr, len); +} /* moves a chunk to a memory position, chunk is freed afterwards * position pointer is advanced after the insertion point @@ -107,7 +126,7 @@ mv_chunk(u_char **pos, chunk_t content) if (content.len > 0) { chunkcpy(*pos, content); - freeanychunk(content); + free(content.ptr); } } diff --git a/src/pluto/defs.h b/src/pluto/defs.h index 4ce2bf7b3..145634e6e 100644 --- a/src/pluto/defs.h +++ b/src/pluto/defs.h @@ -49,7 +49,8 @@ extern void *clone_bytes(const void *orig, size_t size); #define clone_str(str) \ ((str) == NULL? NULL : strdup(str)) -#define replace(p, q) { free(p); (p) = (q); } +#define replace(p, q) \ + { free(p); (p) = (q); } /* chunk is a simple pointer-and-size abstraction */ @@ -60,32 +61,50 @@ struct chunk { }; typedef struct chunk chunk_t; -#define setchunk(ch, addr, size) { (ch).ptr = (addr); (ch).len = (size); } +extern const chunk_t chunk_empty; -#define strchunk(str) { str, sizeof(str) } +static inline chunk_t chunk_create(u_char *ptr, size_t len) +{ + chunk_t chunk = {ptr, len}; + return chunk; +} -/* NOTE: freeanychunk NULLs .ptr */ -#define freeanychunk(ch) { free((ch).ptr); (ch).ptr = NULL; } +static inline void chunk_free(chunk_t *chunk) +{ + free(chunk->ptr); + *chunk = chunk_empty; +} -#define clonetochunk(ch, addr, size) \ - { (ch).ptr = clone_bytes((addr), (ch).len = (size)); } +static inline void chunk_clear(chunk_t *chunk) +{ + if (chunk->ptr) + { + memset(chunk->ptr, 0, chunk->len); + chunk_free(chunk); + } +} -#define clonereplacechunk(ch, addr, size) \ - { free((ch).ptr); clonetochunk(ch, addr, size); } +static inline bool chunk_equals(chunk_t a, chunk_t b) +{ + return a.ptr != NULL && b.ptr != NULL && + a.len == b.len && memeq(a.ptr, b.ptr, a.len); +} + +extern chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk); + +#define chunk_clone(chunk) \ + chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk) + +#define chunk_from_buf(str) { str, sizeof(str) } #define chunkcpy(dst, chunk) \ { memcpy(dst, chunk.ptr, chunk.len); dst += chunk.len;} -#define same_chunk(a, b) \ - ( (a).len == (b).len && memcmp((a).ptr, (b).ptr, (b).len) == 0 ) - extern char* temporary_cyclic_buffer(void); extern const char* concatenate_paths(const char *a, const char *b); -extern const chunk_t chunk_empty; - /* compare two chunks */ -extern int cmp_chunk(chunk_t a, chunk_t b); +extern int chunk_compare(chunk_t a, chunk_t b); /* move a chunk to a memory position and free it after insertion */ extern void mv_chunk(u_char **pos, chunk_t content); diff --git a/src/pluto/demux.c b/src/pluto/demux.c index 7e2afac66..c943a11a5 100644 --- a/src/pluto/demux.c +++ b/src/pluto/demux.c @@ -990,7 +990,7 @@ malloc_md(void) void release_md(struct msg_digest *md) { - freeanychunk(md->raw_packet); + chunk_free(&md->raw_packet); free(md->packet_pbs.start); md->packet_pbs.start = NULL; md->next = md_pool; @@ -1793,7 +1793,8 @@ process_packet(struct msg_digest **mdp) /* XXX Detect weak keys */ /* grab a copy of raw packet (for duplicate packet detection) */ - clonetochunk(md->raw_packet, md->packet_pbs.start, pbs_room(&md->packet_pbs)); + md->raw_packet = chunk_create(md->packet_pbs.start, pbs_room(&md->packet_pbs)); + md->raw_packet = chunk_clone(md->raw_packet); /* Decrypt everything after header */ if (!new_iv_set) @@ -2137,20 +2138,21 @@ complete_state_transition(struct msg_digest **mdp, stf_status result) } else { - clonetochunk(st->st_rpacket - , md->packet_pbs.start - , pbs_room(&md->packet_pbs)); + st->st_rpacket = chunk_create(md->packet_pbs.start, + pbs_room(&md->packet_pbs)); + st->st_rpacket = chunk_clone(st->st_rpacket); } /* free previous transmit packet */ - freeanychunk(st->st_tpacket); + chunk_free(&st->st_tpacket); /* if requested, send the new reply packet */ if (smc->flags & SMF_REPLY) { close_output_pbs(&md->reply); /* good form, but actually a no-op */ - clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply)); + st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply)); + st->st_tpacket = chunk_clone(st->st_tpacket); if (nat_traversal_enabled) nat_traversal_change_port_lookup(md, md->st); diff --git a/src/pluto/dnskey.c b/src/pluto/dnskey.c index d26327338..18e36ab94 100644 --- a/src/pluto/dnskey.c +++ b/src/pluto/dnskey.c @@ -927,9 +927,8 @@ process_key_rr(u_char *ptr, size_t len if (doit) { - chunk_t k; + chunk_t k = { pbs.cur, pbs_left(&pbs) }; - setchunk(k, pbs.cur, pbs_left(&pbs)); TRY(add_public_key(&cr->id, dns_auth_level, PUBKEY_ALG_RSA, &k , &cr->keys_from_dns)); } diff --git a/src/pluto/fetch.c b/src/pluto/fetch.c index c5aa9b437..64e67c06b 100644 --- a/src/pluto/fetch.c +++ b/src/pluto/fetch.c @@ -341,7 +341,6 @@ fetch_curl(char *url, chunk_t *blob) plog("fetching uri (%s) with libcurl failed: %s", url, errorbuffer); } curl_easy_cleanup(curl); - /* not using freeanychunk because of realloc (no leak detective) */ curl_free(response.ptr); } return strlen(errorbuffer) > 0 ? "libcurl error" : NULL; @@ -628,9 +627,8 @@ fetch_crls(bool cache_crls) } else { - chunk_t crl_uri; + chunk_t crl_uri = chunk_clone(gn->name); - clonetochunk(crl_uri, gn->name.ptr, gn->name.len); if (insert_crl(blob, crl_uri, cache_crls)) { DBG(DBG_CONTROL, @@ -730,11 +728,10 @@ fetch_ocsp_status(ocsp_location_t* location) curl_slist_free_all(headers); curl_easy_cleanup(curl); free(uri); - /* not using freeanychunk because of realloc (no leak detective) */ curl_free(response.ptr); } - freeanychunk(location->nonce); - freeanychunk(request); + free(request.ptr); + chunk_free(&location->nonce); /* increment the trial counter of the unresolved fetch requests */ { @@ -918,7 +915,7 @@ add_distribution_points(const generalName_t *newPoints ,generalName_t **distribu { /* clone additional distribution point */ gn = clone_thing(*newPoints); - clonetochunk(gn->name, newPoints->name.ptr, newPoints->name.len); + gn->name = chunk_clone(newPoints->name); /* insert additional CRL distribution point */ gn->next = *distributionPoints; @@ -940,17 +937,10 @@ build_crl_fetch_request(chunk_t issuer, chunk_t authKeySerialNumber req->installed = time(NULL); /* clone fields */ - clonetochunk(req->issuer, issuer.ptr, issuer.len); - if (authKeySerialNumber.ptr != NULL) - { - clonetochunk(req->authKeySerialNumber, authKeySerialNumber.ptr - , authKeySerialNumber.len); - } - if (authKeyID.ptr != NULL) - { - clonetochunk(req->authKeyID, authKeyID.ptr, authKeyID.len); - } - + req->issuer = chunk_clone(issuer); + req->authKeySerialNumber = chunk_clone(authKeySerialNumber); + req->authKeyID = chunk_clone(authKeyID); + /* copy distribution points */ add_distribution_points(gn, &req->distributionPoints); diff --git a/src/pluto/id.c b/src/pluto/id.c index d299f3780..dfffefcca 100644 --- a/src/pluto/id.c +++ b/src/pluto/id.c @@ -145,7 +145,9 @@ set_myFQDN(void) if (!strcaseeq(FQDN, "localhost.localdomain")) { - clonetochunk(myids[MYID_HOSTNAME].name, FQDN, strlen(FQDN)); + chunk_t myid_name = { FQDN, strlen(FQDN) }; + + myids[MYID_HOSTNAME].name = chunk_clone(myid_name); myids[MYID_HOSTNAME].kind = ID_FQDN; calc_myid_str(MYID_HOSTNAME); } @@ -365,7 +367,7 @@ unshare_id_content(struct id *id) case ID_USER_FQDN: case ID_DER_ASN1_DN: case ID_KEY_ID: - id->name.ptr = clone_bytes(id->name.ptr, id->name.len); + id->name = chunk_clone(id->name); break; case ID_MYID: case ID_NONE: @@ -386,7 +388,7 @@ free_id_content(struct id *id) case ID_USER_FQDN: case ID_DER_ASN1_DN: case ID_KEY_ID: - freeanychunk(id->name); + free(id->name.ptr); break; case ID_MYID: case ID_NONE: diff --git a/src/pluto/ipsec_doi.c b/src/pluto/ipsec_doi.c index f7ba9f247..c392f19e2 100644 --- a/src/pluto/ipsec_doi.c +++ b/src/pluto/ipsec_doi.c @@ -136,7 +136,7 @@ compute_dh_shared(struct state *st, const chunk_t g mpz_init(&mp_shared); mpz_powm(&mp_shared, &mp_g, &st->st_sec, group->modulus); mpz_clear(&mp_g); - freeanychunk(st->st_shared); /* happens in odd error cases */ + free(st->st_shared.ptr); /* happens in odd error cases */ st->st_shared = mpz_to_n(&mp_shared, group->bytes); mpz_clear(&mp_shared); gettimeofday(&tv1, NULL); @@ -175,7 +175,7 @@ build_and_ship_KE(struct state *st, chunk_t *g mpz_init(&mp_g); mpz_powm(&mp_g, &groupgenerator, &st->st_sec, group->modulus); - freeanychunk(*g); /* happens in odd error cases */ + free(g->ptr); /* happens in odd error cases */ *g = mpz_to_n(&mp_g, group->bytes); mpz_clear(&mp_g); DBG(DBG_CRYPT, @@ -206,7 +206,9 @@ accept_KE(chunk_t *dest, const char *val_name /* XXX Could send notification back */ return INVALID_KEY_INFORMATION; } - clonereplacechunk(*dest, pbs->cur, pbs_left(pbs)); + free(dest->ptr); + *dest = chunk_create(pbs->cur, pbs_left(pbs)); + *dest = chunk_clone(*dest); DBG_cond_dump_chunk(DBG_CRYPT, "DH public value received:\n", *dest); return NOTHING_WRONG; } @@ -253,8 +255,8 @@ static bool build_and_ship_nonce(chunk_t *n, pb_stream *outs, u_int8_t np , const char *name) { - freeanychunk(*n); - setchunk(*n, malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE); + free(n->ptr); + *n = chunk_create(malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE); get_rnd_bytes(n->ptr, DEFAULT_NONCE_SIZE); return out_generic_chunk(np, &isakmp_nonce_desc, outs, *n, name); } @@ -445,7 +447,7 @@ send_notification(struct state *sndst, u_int16_t type, struct state *encst, { chunk_t saved_tpacket = sndst->st_tpacket; - setchunk(sndst->st_tpacket, pbs.start, pbs_offset(&pbs)); + sndst->st_tpacket = chunk_create(pbs.start, pbs_offset(&pbs)); send_packet(sndst, "ISAKMP notify"); sndst->st_tpacket = saved_tpacket; } @@ -677,7 +679,7 @@ send_delete(struct state *st) if (!encrypt_message(&r_hdr_pbs, p1st)) impossible(); - setchunk(p1st->st_tpacket, reply_pbs.start, pbs_offset(&reply_pbs)); + p1st->st_tpacket = chunk_create(reply_pbs.start, pbs_offset(&reply_pbs)); send_packet(p1st, "delete notify"); p1st->st_tpacket = saved_tpacket; @@ -962,7 +964,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor /* save initiator SA for later HASH */ passert(st->st_p1isa.ptr == NULL); /* no leak! (MUST be first time) */ - clonetochunk(st->st_p1isa, sa_start, rbody.cur - sa_start); + st->st_p1isa = chunk_create(sa_start, rbody.cur - sa_start); + st->st_p1isa = chunk_clone(st->st_p1isa); } /* if enabled send Pluto Vendor ID */ @@ -1033,7 +1036,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor close_message(&rbody); close_output_pbs(&reply); - clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply)); + st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply)); + st->st_tpacket = chunk_clone(st->st_tpacket); /* Transmit */ @@ -1316,7 +1320,9 @@ generate_skeyids_iv(struct state *st) } k = keytemp; } - clonereplacechunk(st->st_enc_key, k, keysize); + free(st->st_enc_key.ptr); + st->st_enc_key = chunk_create(k, keysize); + st->st_enc_key = chunk_clone(st->st_enc_key); } DBG(DBG_CRYPT, @@ -1846,7 +1852,9 @@ accept_nonce(struct msg_digest *md, chunk_t *dest, const char *name) , name , MINIMUM_NONCE_SIZE, MAXIMUM_NONCE_SIZE); return PAYLOAD_MALFORMED; /* ??? */ } - clonereplacechunk(*dest, nonce_pbs->cur, len); + free(dest->ptr); + *dest = chunk_create(nonce_pbs->cur, len); + *dest = chunk_clone(*dest); return NOTHING_WRONG; } @@ -2203,7 +2211,8 @@ quick_outI1(int whack_sock } /* save packet, now that we know its size */ - clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply)); + st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply)); + st->st_tpacket = chunk_clone(st->st_tpacket); /* send the packet */ @@ -2311,7 +2320,7 @@ decode_cr(struct msg_digest *md, struct connection *c) continue; gn = malloc_thing(generalName_t); - clonetochunk(ca_name, ca_name.ptr,ca_name.len); + ca_name = chunk_clone(ca_name); gn->kind = GN_DIRECTORY_NAME; gn->name = ca_name; gn->next = c->requested_ca; @@ -2409,17 +2418,17 @@ decode_peer_id(struct msg_digest *md, struct id *peer) /* ??? ought to do some more sanity check, but what? */ - setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs)); + peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs)); break; case ID_KEY_ID: - setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs)); + peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs)); DBG(DBG_PARSING, DBG_dump_chunk("KEY ID:", peer->name)); break; case ID_DER_ASN1_DN: - setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs)); + peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs)); DBG(DBG_PARSING, DBG_dump_chunk("DER ASN1 DN:", peer->name)); break; @@ -3221,7 +3230,9 @@ main_inI1_outR1(struct msg_digest *md) close_message(&md->rbody); /* save initiator SA for HASH */ - clonereplacechunk(st->st_p1isa, sa_pd->pbs.start, pbs_room(&sa_pd->pbs)); + free(st->st_p1isa.ptr); + st->st_p1isa = chunk_create(sa_pd->pbs.start, pbs_room(&sa_pd->pbs)); + st->st_p1isa = chunk_clone(st->st_p1isa); return STF_OK; } @@ -5332,7 +5343,7 @@ send_isakmp_notification(struct state *st, u_int16_t type { chunk_t saved_tpacket = st->st_tpacket; - setchunk(st->st_tpacket, reply.start, pbs_offset(&reply)); + st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply)); send_packet(st, "ISAKMP notify"); st->st_tpacket = saved_tpacket; } diff --git a/src/pluto/kernel.c b/src/pluto/kernel.c index c830485d9..4dcad1fef 100644 --- a/src/pluto/kernel.c +++ b/src/pluto/kernel.c @@ -1467,7 +1467,7 @@ scan_proc_shunts(void) cp += strspn(cp, sep); /* find start of field */ w = strcspn(cp, sep); /* find width of field */ - setchunk(field[fi], cp, w); + field[fi] = chunk_create(cp, w); cp += w; if (w == 0) break; diff --git a/src/pluto/keys.c b/src/pluto/keys.c index a974697ec..2d51b524a 100644 --- a/src/pluto/keys.c +++ b/src/pluto/keys.c @@ -120,8 +120,8 @@ static void free_public_key(pubkey_t *pk) { free_id_content(&pk->id); - freeanychunk(pk->issuer); - freeanychunk(pk->serial); + free(pk->issuer.ptr); + free(pk->serial.ptr); /* algorithm-specific freeing */ switch (pk->alg) @@ -411,7 +411,9 @@ process_psk_secret(chunk_t *psk) if (*tok == '"' || *tok == '\'') { - clonetochunk(*psk, tok+1, flp->cur - tok - 2); + chunk_t secret = { tok + 1, flp->cur - tok -2 }; + + *psk = chunk_clone(secret); (void) shift(); } else @@ -428,7 +430,8 @@ process_psk_secret(chunk_t *psk) } else { - clonetochunk(*psk, buf, sz); + chunk_t secret = { buf, sz }; + *psk = chunk_clone(secret); (void) shift(); } } @@ -488,7 +491,7 @@ process_rsa_secret(RSA_private_key_t *rsak) if (eb_next - ebytes + sz > sizeof(ebytes)) return "public key takes too many bytes"; - setchunk(*pb_next, eb_next, sz); + *pb_next = chunk_create(eb_next, sz); memcpy(eb_next, buf, sz); eb_next += sz; pb_next++; @@ -609,8 +612,7 @@ process_xauth(secret_t *s) plog(" loaded xauth credentials of user '%.*s'" , user_name.len , user_name.ptr); - clonetochunk(s->u.xauth_secret.user_name - , user_name.ptr, user_name.len); + s->u.xauth_secret.user_name = chunk_clone(user_name); if (!shift()) return "missing xauth user password"; @@ -657,10 +659,10 @@ xauth_verify_secret(const xauth_peer_t *peer, const xauth_t *xauth_secret) { if (s->kind == PPK_XAUTH) { - if (!same_chunk(xauth_secret->user_name, s->u.xauth_secret.user_name)) + if (!chunk_equals(xauth_secret->user_name, s->u.xauth_secret.user_name)) continue; found = TRUE; - if (same_chunk(xauth_secret->user_password, s->u.xauth_secret.user_password)) + if (chunk_equals(xauth_secret->user_password, s->u.xauth_secret.user_password)) return TRUE; } } @@ -736,14 +738,19 @@ process_pin(secret_t *s, int whackfd) } else if (tokeqword("%pinpad")) { + chunk_t empty_pin = { "", 0 }; + shift(); + /* pin will be entered via pin pad during verification */ - clonetochunk(sc->pin, "", 0); + sc->pin = chunk_clone(empty_pin); sc->pinpad = TRUE; sc->valid = TRUE; pin_status = "pin entry via pad"; if (pkcs11_keep_state) + { scx_verify_pin(sc); + } } else { @@ -937,7 +944,7 @@ process_secret_records(int whackfd) zero(s); s->ids = NULL; s->kind = PPK_PSK; /* default */ - setchunk(s->u.preshared_secret, NULL, 0); + s->u.preshared_secret = chunk_empty; s->next = NULL; for (;;) @@ -1239,16 +1246,18 @@ unpack_RSA_public_key(RSA_public_key_t *rsa, const chunk_t *pubkey) if (pubkey->ptr[0] != 0x00) { - setchunk(exp, pubkey->ptr + 1, pubkey->ptr[0]); + exp = chunk_create(pubkey->ptr + 1, pubkey->ptr[0]); } else { - setchunk(exp, pubkey->ptr + 3 - , (pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]); + exp = chunk_create(pubkey->ptr + 3, + (pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]); } if (pubkey->len - (exp.ptr - pubkey->ptr) < exp.len + RSA_MIN_OCTETS_RFC) + { return "RSA public key blob too short"; + } mod.ptr = exp.ptr + exp.len; mod.len = &pubkey->ptr[pubkey->len] - mod.ptr; @@ -1284,16 +1293,10 @@ install_public_key(pubkey_t *pk, pubkey_list_t **head) unshare_id_content(&pk->id); /* copy issuer dn */ - if (pk->issuer.ptr != NULL) - { - pk->issuer.ptr = clone_bytes(pk->issuer.ptr, pk->issuer.len); - } + pk->issuer = chunk_clone(pk->issuer); /* copy serial number */ - if (pk->serial.ptr != NULL) - { - pk->serial.ptr = clone_bytes(pk->serial.ptr, pk->serial.len); - } + pk->serial = chunk_clone(pk->serial); /* store the time the public key was installed */ time(&pk->installed_time); diff --git a/src/pluto/modecfg.c b/src/pluto/modecfg.c index eb94aa6b0..4707de34b 100644 --- a/src/pluto/modecfg.c +++ b/src/pluto/modecfg.c @@ -530,8 +530,9 @@ modecfg_send_msg(struct state *st, int isama_type, internal_addr_t *ia) , 0 /* XXX isama_id */ ); - freeanychunk(st->st_tpacket); - clonetochunk(st->st_tpacket, msg.start, pbs_offset(&msg)); + free(st->st_tpacket.ptr); + st->st_tpacket = chunk_create(msg.start, pbs_offset(&msg)); + st->st_tpacket = chunk_clone(st->st_tpacket); /* Transmit */ send_packet(st, "ModeCfg msg"); @@ -675,11 +676,11 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia) ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE); break; case XAUTH_USER_NAME: - setchunk(ia->xauth_secret.user_name, strattr.cur, attr_len); + ia->xauth_secret.user_name = chunk_create(strattr.cur, attr_len); ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE); break; case XAUTH_USER_PASSWORD: - setchunk(ia->xauth_secret.user_password, strattr.cur, attr_len); + ia->xauth_secret.user_password = chunk_create(strattr.cur, attr_len); ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE); break; case XAUTH_STATUS: @@ -1092,8 +1093,9 @@ xauth_inI0(struct msg_digest *md) else { /* send XAUTH reply msg and then delete ISAKMP SA */ - freeanychunk(st->st_tpacket); - clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply)); + free(st->st_tpacket.ptr); + st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply)); + st->st_tpacket = chunk_clone(st->st_tpacket); send_packet(st, "XAUTH reply msg"); delete_state(st); return STF_IGNORE; @@ -1223,8 +1225,9 @@ xauth_inI1(struct msg_digest *md) else { /* send XAUTH ack msg and then delete ISAKMP SA */ - freeanychunk(st->st_tpacket); - clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply)); + free(st->st_tpacket.ptr); + st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply)); + st->st_tpacket = chunk_clone(st->st_tpacket); send_packet(st, "XAUTH ack msg"); delete_state(st); return STF_IGNORE; diff --git a/src/pluto/nat_traversal.c b/src/pluto/nat_traversal.c index 1a5085eeb..3317d30f4 100644 --- a/src/pluto/nat_traversal.c +++ b/src/pluto/nat_traversal.c @@ -575,14 +575,14 @@ static void nat_traversal_send_ka (struct state *st) ) /* save state chunk */ - setchunk(sav, st->st_tpacket.ptr, st->st_tpacket.len); + sav = st->st_tpacket; /* send keep alive */ - setchunk(st->st_tpacket, &ka_payload, 1); + st->st_tpacket = chunk_create(&ka_payload, 1); send_packet(st, "NAT-T Keep Alive"); /* restore state chunk */ - setchunk(st->st_tpacket, sav.ptr, sav.len); + st->st_tpacket = sav; } /** diff --git a/src/pluto/ocsp.c b/src/pluto/ocsp.c index 41c0cbdc3..b706dc95d 100644 --- a/src/pluto/ocsp.c +++ b/src/pluto/ocsp.c @@ -131,13 +131,13 @@ static u_char ASN1_nonce_oid_str[] = { 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02 }; -static const chunk_t ASN1_nonce_oid = strchunk(ASN1_nonce_oid_str); +static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str); static u_char ASN1_response_oid_str[] = { 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04 }; -static const chunk_t ASN1_response_oid = strchunk(ASN1_response_oid_str); +static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str); static u_char ASN1_response_content_str[] = { 0x04, 0x0D, @@ -145,7 +145,7 @@ static u_char ASN1_response_content_str[] = { 0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01 }; -static const chunk_t ASN1_response_content = strchunk(ASN1_response_content_str); +static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str); /* default OCSP uri */ static chunk_t ocsp_default_uri; @@ -295,13 +295,16 @@ build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location) ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber , cert->authKeyID); if (ca != NULL && ca->ocspuri != NULL) - setchunk(location->uri, ca->ocspuri, strlen(ca->ocspuri)) + { + location->uri = chunk_create(ca->ocspuri, strlen(ca->ocspuri)); + } else - /* abort if no ocsp location uri is defined */ + { /* abort if no ocsp location uri is defined */ return FALSE; + } } - setchunk(location->authNameID, digest, SHA1_DIGEST_SIZE); + location->authNameID = chunk_create(digest, SHA1_DIGEST_SIZE); compute_digest(cert->issuer, OID_SHA1, &location->authNameID); location->next = NULL; @@ -337,7 +340,7 @@ same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t *b) ? same_keyid(a->authKeyID, b->authKeyID) : (same_dn(a->issuer, b->issuer) && same_serial(a->authKeySerialNumber, b->authKeySerialNumber))) - && same_chunk(a->uri, b->uri); + && chunk_equals(a->uri, b->uri); } /* @@ -378,7 +381,7 @@ get_ocsp_status(const ocsp_location_t *loc, chunk_t serialNumber while (certinfo != NULL) { - cmp = cmp_chunk(serialNumber, certinfo->serialNumber); + cmp = chunk_compare(serialNumber, certinfo->serialNumber); if (cmp <= 0) break; certinfop = &certinfo->next; @@ -488,7 +491,7 @@ check_ocsp(void) static void free_certinfo(ocsp_certinfo_t *certinfo) { - freeanychunk(certinfo->serialNumber); + free(certinfo->serialNumber.ptr); free(certinfo); } @@ -514,11 +517,11 @@ free_certinfos(ocsp_certinfo_t *chain) static void free_ocsp_location(ocsp_location_t* location) { - freeanychunk(location->issuer); - freeanychunk(location->authNameID); - freeanychunk(location->authKeyID); - freeanychunk(location->authKeySerialNumber); - freeanychunk(location->uri); + free(location->issuer.ptr); + free(location->authNameID.ptr); + free(location->authKeyID.ptr); + free(location->authKeySerialNumber.ptr); + free(location->uri.ptr); free_certinfos(location->certinfo); free(location); } @@ -792,7 +795,7 @@ build_signature(chunk_t tbsRequest) sigdata = generate_signature(digest_info , ocsp_requestor_sc , ocsp_requestor_pri); - freeanychunk(digest_info); + free(digest_info.ptr); /* has the RSA signature generation been successful? */ if (sigdata.ptr == NULL) @@ -1154,10 +1157,9 @@ parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res) break; case BASIC_RESPONSE_CERTIFICATE: { - chunk_t blob; + chunk_t blob = chunk_clone(object); x509cert_t *cert = malloc_thing(x509cert_t); - clonetochunk(blob, object.ptr, object.len); *cert = empty_x509cert; if (parse_x509cert(blob, level+1, cert) @@ -1327,30 +1329,11 @@ add_ocsp_location(const ocsp_location_t *loc, ocsp_location_t **chain) ocsp_location_t *location = malloc_thing(ocsp_location_t); /* unshare location fields */ - clonetochunk(location->issuer, loc->issuer.ptr, loc->issuer.len); - - clonetochunk(location->authNameID, loc->authNameID.ptr, loc->authNameID.len); - - if (loc->authKeyID.ptr == NULL) - { - location->authKeyID = chunk_empty; - } - else - { - clonetochunk(location->authKeyID, loc->authKeyID.ptr, loc->authKeyID.len); - } - - if (loc->authKeySerialNumber.ptr == NULL) - { - location->authKeySerialNumber = chunk_empty; - } - else - { - clonetochunk(location->authKeySerialNumber - , loc->authKeySerialNumber.ptr, loc->authKeySerialNumber.len); - } - - clonetochunk(location->uri, loc->uri.ptr, loc->uri.len); + location->issuer = chunk_clone(loc->issuer); + location->authNameID = chunk_clone(loc->authNameID); + location->authKeyID = chunk_clone(loc->authKeyID); + location->authKeySerialNumber = chunk_clone(loc->authKeySerialNumber); + location->uri = chunk_clone(loc->uri); location->certinfo = NULL; /* insert new ocsp location in front of chain */ @@ -1387,7 +1370,7 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai while (certinfo != NULL) { - cmp = cmp_chunk(info->serialNumber, certinfo->serialNumber); + cmp = chunk_compare(info->serialNumber, certinfo->serialNumber); if (cmp <= 0) break; certinfop = &certinfo->next; @@ -1398,7 +1381,8 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai { /* add a new certinfo entry */ ocsp_certinfo_t *cnew = malloc_thing(ocsp_certinfo_t); - clonetochunk(cnew->serialNumber, info->serialNumber.ptr, info->serialNumber.len); + + cnew->serialNumber = chunk_clone(info->serialNumber); cnew->next = certinfo; *certinfop = cnew; certinfo = cnew; @@ -1454,8 +1438,8 @@ process_single_response(ocsp_location_t *location, single_response_t *sres) plog("only SHA-1 hash supported in OCSP single response"); return; } - if (!(same_chunk(sres->issuer_name_hash, location->authNameID) - && same_chunk(sres->issuer_key_hash, location->authKeyID))) + if (!(chunk_equals(sres->issuer_name_hash, location->authNameID) + && chunk_equals(sres->issuer_key_hash, location->authKeyID))) { plog("ocsp single response has wrong issuer"); return; @@ -1467,7 +1451,7 @@ process_single_response(ocsp_location_t *location, single_response_t *sres) while (certinfo != NULL) { - cmp = cmp_chunk(sres->serialNumber, certinfo->serialNumber); + cmp = chunk_compare(sres->serialNumber, certinfo->serialNumber); if (cmp <= 0) break; certinfop = &certinfo->next; @@ -1522,7 +1506,7 @@ parse_ocsp(ocsp_location_t *location, chunk_t blob) plog("ocsp response contains no nonce, replay attack possible"); } /* check if the nonce is identical */ - if (res.nonce.ptr != NULL && !same_chunk(res.nonce, location->nonce)) + if (res.nonce.ptr != NULL && !chunk_equals(res.nonce, location->nonce)) { plog("invalid nonce in ocsp response"); return; diff --git a/src/pluto/pem.c b/src/pluto/pem.c index e9edb9134..8c607cfa4 100644 --- a/src/pluto/pem.c +++ b/src/pluto/pem.c @@ -286,7 +286,7 @@ pem_decrypt(chunk_t *blob, chunk_t *iv, prompt_pass_t *pass, const char* label) return ugh; } - clonetochunk(blob_copy, blob->ptr, blob->len); + blob_copy = chunk_clone(*blob); if (pem_decrypt_3des(blob, iv, pass->secret)) { diff --git a/src/pluto/pkcs1.c b/src/pluto/pkcs1.c index 9516d120a..842896bf9 100644 --- a/src/pluto/pkcs1.c +++ b/src/pluto/pkcs1.c @@ -491,7 +491,7 @@ RSA_encrypt(const RSA_public_key_t *key, chunk_t in) bool RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out) { - chunk_t padded; + chunk_t padded, plaintext; u_char *pos; mpz_t t1, t2; @@ -530,7 +530,7 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out) if ((*pos++ != 0x00) || (*(pos++) != 0x02)) { plog("incorrect padding - probably wrong RSA key"); - freeanychunk(padded); + chunk_clear(&padded); return FALSE; } padded.len -= 2; @@ -541,12 +541,13 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out) if (padded.len == 0) { plog("no plaintext data"); - freeanychunk(padded); + free(padded.ptr); return FALSE; } - clonetochunk(*out, pos, padded.len); - freeanychunk(padded); + plaintext = chunk_create(pos, padded.len); + *out = chunk_clone(plaintext); + chunk_clear(&padded); return TRUE; } diff --git a/src/pluto/pkcs7.c b/src/pluto/pkcs7.c index fae8ca842..fc8790358 100644 --- a/src/pluto/pkcs7.c +++ b/src/pluto/pkcs7.c @@ -155,17 +155,17 @@ static char ASN1_pkcs7_encrypted_data_oid_str[] = { }; static const chunk_t ASN1_pkcs7_data_oid = - strchunk(ASN1_pkcs7_data_oid_str); + chunk_from_buf(ASN1_pkcs7_data_oid_str); static const chunk_t ASN1_pkcs7_signed_data_oid = - strchunk(ASN1_pkcs7_signed_data_oid_str); + chunk_from_buf(ASN1_pkcs7_signed_data_oid_str); static const chunk_t ASN1_pkcs7_enveloped_data_oid = - strchunk(ASN1_pkcs7_enveloped_data_oid_str); + chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str); static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = - strchunk(ASN1_pkcs7_signed_enveloped_data_oid_str); + chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str); static const chunk_t ASN1_pkcs7_digested_data_oid = - strchunk(ASN1_pkcs7_digested_data_oid_str); + chunk_from_buf(ASN1_pkcs7_digested_data_oid_str); static const chunk_t ASN1_pkcs7_encrypted_data_oid = - strchunk(ASN1_pkcs7_encrypted_data_oid_str); + chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str); /* 3DES and DES encryption OIDs */ @@ -178,9 +178,9 @@ static u_char ASN1_des_cbc_oid_str[] = { }; static const chunk_t ASN1_3des_ede_cbc_oid = - strchunk(ASN1_3des_ede_cbc_oid_str); + chunk_from_buf(ASN1_3des_ede_cbc_oid_str); static const chunk_t ASN1_des_cbc_oid = - strchunk(ASN1_des_cbc_oid_str); + chunk_from_buf(ASN1_des_cbc_oid_str); /* PKCS#7 attribute type OIDs */ @@ -193,9 +193,9 @@ static u_char ASN1_messageDigest_oid_str[] = { }; static const chunk_t ASN1_contentType_oid = - strchunk(ASN1_contentType_oid_str); + chunk_from_buf(ASN1_contentType_oid_str); static const chunk_t ASN1_messageDigest_oid = - strchunk(ASN1_messageDigest_oid_str); + chunk_from_buf(ASN1_messageDigest_oid_str); /* * Parse PKCS#7 ContentInfo object @@ -283,11 +283,9 @@ pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert case PKCS7_SIGNED_CERT: if (cert != NULL) { - chunk_t cert_blob; - + chunk_t cert_blob = chunk_clone(object); x509cert_t *newcert = malloc_thing(x509cert_t); - clonetochunk(cert_blob, object.ptr, object.len); *newcert = empty_x509cert; DBG(DBG_CONTROL | DBG_PARSING, @@ -431,7 +429,7 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data ) break; case PKCS7_SERIAL_NUMBER: - if (!same_chunk(serialNumber, object)) + if (!chunk_equals(serialNumber, object)) { plog("serial numbers do not match"); goto failed; @@ -561,11 +559,11 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data } } } - freeanychunk(symmetric_key); + chunk_clear(&symmetric_key); return TRUE; failed: - freeanychunk(symmetric_key); + chunk_clear(&symmetric_key); free(data->ptr); return FALSE; } @@ -677,7 +675,7 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert { encryptedDigest = pkcs1_build_signature(attributes, digest_alg , key, FALSE); - clonetochunk(authenticatedAttributes, attributes.ptr, attributes.len); + authenticatedAttributes = chunk_clone(attributes); *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0; } else @@ -712,8 +710,8 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert DBG_dump_chunk("signedData:\n", cInfo) ) - freeanychunk(pkcs7Data.content); - freeanychunk(signedData.content); + free(pkcs7Data.content.ptr); + free(signedData.content.ptr); return cInfo; } @@ -853,7 +851,7 @@ pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher) ) free_RSA_public_content(&public_key); - freeanychunk(envelopedData.content); + free(envelopedData.content.ptr); return cInfo; } } diff --git a/src/pluto/smartcard.c b/src/pluto/smartcard.c index ee8312d3a..f2f2860c0 100644 --- a/src/pluto/smartcard.c +++ b/src/pluto/smartcard.c @@ -1479,9 +1479,12 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen memcpy(out, cipher_text.ptr, cipher_text.len); *outlen = cipher_text.len; - freeanychunk(cipher_text); + free(cipher_text.ptr); + if (!pkcs11_keep_state) + { scx_release_context(sc); + } return TRUE; } else @@ -1759,7 +1762,8 @@ scx_get_pin(smartcard_t *sc, int whackfd) /* verify the pin */ if (scx_verify_pin(sc)) { - clonetochunk(sc->pin, pin, strlen(pin)); + sc->pin = chunk_create(pin, strlen(pin)); + sc->pin = chunk_clone(sc->pin); break; } diff --git a/src/pluto/state.c b/src/pluto/state.c index c506ebc5b..56c66675a 100644 --- a/src/pluto/state.c +++ b/src/pluto/state.c @@ -537,16 +537,10 @@ duplicate_state(struct state *st) nst->st_clonedfrom = st->st_serialno; nst->st_oakley = st->st_oakley; nst->st_modecfg = st->st_modecfg; - -# define clone_chunk(ch) \ - clonetochunk(nst->ch, st->ch.ptr, st->ch.len) - - clone_chunk(st_skeyid_d); - clone_chunk(st_skeyid_a); - clone_chunk(st_skeyid_e); - clone_chunk(st_enc_key); - -# undef clone_chunk + nst->st_skeyid_d = chunk_clone(st->st_skeyid_d); + nst->st_skeyid_a = chunk_clone(st->st_skeyid_a); + nst->st_skeyid_e = chunk_clone(st->st_skeyid_e); + nst->st_enc_key = chunk_clone(st->st_enc_key); return nst; } diff --git a/src/pluto/x509.c b/src/pluto/x509.c index 52ff9f011..f849be702 100644 --- a/src/pluto/x509.c +++ b/src/pluto/x509.c @@ -394,7 +394,7 @@ static u_char ASN1_subjectAltName_oid_str[] = { 0x06, 0x03, 0x55, 0x1D, 0x11 }; -static const chunk_t ASN1_subjectAltName_oid = strchunk(ASN1_subjectAltName_oid_str); +static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str); static void update_chunk(chunk_t *ch, int n) @@ -987,7 +987,7 @@ match_dn(chunk_t a, chunk_t b, int *wildcards) bool same_x509cert(const x509cert_t *a, const x509cert_t *b) { - return same_chunk(a->signature, b->signature); + return chunk_equals(a->signature, b->signature); } /* for each link pointing to the certificate @@ -1083,7 +1083,7 @@ same_keyid(chunk_t a, chunk_t b) { return FALSE; } - return same_chunk(a, b); + return chunk_equals(a, b); } /* @@ -1097,7 +1097,7 @@ same_serial(chunk_t a, chunk_t b) { return TRUE; } - return same_chunk(a, b); + return chunk_equals(a, b); } /* diff --git a/src/scepclient/pkcs10.c b/src/scepclient/pkcs10.c index 4a56e701b..f7c4cca36 100644 --- a/src/scepclient/pkcs10.c +++ b/src/scepclient/pkcs10.c @@ -43,13 +43,13 @@ static u_char ASN1_challengePassword_oid_str[] = { 0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07 }; -static const chunk_t ASN1_challengePassword_oid = strchunk(ASN1_challengePassword_oid_str); +static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str); static u_char ASN1_extensionRequest_oid_str[] = { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E }; -static const chunk_t ASN1_extensionRequest_oid = strchunk(ASN1_extensionRequest_oid_str); +static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str); /** * @brief Adds a subjectAltName in DER-coded form to a linked list @@ -214,7 +214,7 @@ pkcs10_free(pkcs10_t *pkcs10) { if (pkcs10 != NULL) { - freeanychunk(pkcs10->request); + free(pkcs10->request.ptr); free(pkcs10); } } diff --git a/src/scepclient/rsakey.c b/src/scepclient/rsakey.c index a7c6321f5..dff405f59 100644 --- a/src/scepclient/rsakey.c +++ b/src/scepclient/rsakey.c @@ -321,10 +321,12 @@ generate_rsa_private_key(int nbits, RSA_private_key_t *key) size_t n_len = (mpz_sizeinbase(n,2)+BITS_PER_BYTE-1)/BITS_PER_BYTE; chunk_t e_ch = mpz_to_n(e, e_len); chunk_t n_ch = mpz_to_n(n, n_len); + form_keyid(e_ch, n_ch, key->pub.keyid, &key->pub.k); - freeanychunk(e_ch); - freeanychunk(n_ch); + free(e_ch.ptr); + free(n_ch.ptr); } + /* fill in the elements of the RSA private key */ key->p = *p; key->q = *q; diff --git a/src/scepclient/scep.c b/src/scepclient/scep.c index d9d872225..f603b5c29 100644 --- a/src/scepclient/scep.c +++ b/src/scepclient/scep.c @@ -53,11 +53,11 @@ static char ASN1_transId_oid_str[] = { }; static const chunk_t ASN1_messageType_oid = - strchunk(ASN1_messageType_oid_str); + chunk_from_buf(ASN1_messageType_oid_str); static const chunk_t ASN1_senderNonce_oid = - strchunk(ASN1_senderNonce_oid_str); + chunk_from_buf(ASN1_senderNonce_oid_str); static const chunk_t ASN1_transId_oid = - strchunk(ASN1_transId_oid_str); + chunk_from_buf(ASN1_transId_oid_str); static const char *pkiStatus_values[] = { "0", "2", "3" }; @@ -395,8 +395,8 @@ scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg request = pkcs7_build_signedData(envelopedData, attributes , signer_cert, digest_alg, private_key); - freeanychunk(envelopedData); - freeanychunk(attributes); + free(envelopedData.ptr); + free(attributes.ptr); return request; } @@ -590,7 +590,7 @@ scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data { return "error parsing the scep response attributes"; } - if (!same_chunk(transID, attrs->transID)) + if (!chunk_equals(transID, attrs->transID)) { return "transaction ID of scep response does not match"; } diff --git a/src/scepclient/scepclient.c b/src/scepclient/scepclient.c index fe979234e..7d1c2e544 100644 --- a/src/scepclient/scepclient.c +++ b/src/scepclient/scepclient.c @@ -148,21 +148,21 @@ exit_scepclient(err_t message, ...) free_RSA_private_content(private_key); free(private_key); } - freeanychunk(pkcs1); - freeanychunk(pkcs7); - freeanychunk(subject); - freeanychunk(serialNumber); - freeanychunk(transID); - freeanychunk(fingerprint); - freeanychunk(issuerAndSubject); - freeanychunk(getCertInitial); - if (scep_response.ptr != NULL) - free(scep_response.ptr); + free(pkcs1.ptr); + free(pkcs7.ptr); + free(subject.ptr); + free(serialNumber.ptr); + free(transID.ptr); + free(fingerprint.ptr); + free(issuerAndSubject.ptr); + free(getCertInitial.ptr); + free(scep_response.ptr); free_generalNames(subjectAltNames, TRUE); if (x509_signer != NULL) + { x509_signer->subjectAltName = NULL; - + } free_x509cert(x509_signer); free_x509cert(x509_ca_enc); free_x509cert(x509_ca_sig); @@ -801,7 +801,7 @@ int main(int argc, char **argv) exit_scepclient(ugh); } - clonetochunk(subject, dn.ptr, dn.len); + subject = chunk_clone(dn); DBG(DBG_CONTROL, DBG_log("building pkcs10 object:") @@ -1007,7 +1007,7 @@ int main(int argc, char **argv) DBG_log("transaction ID: %.*s", (int)transID.len, transID.ptr) ) - freeanychunk(getCertInitial); + chunk_free(&getCertInitial); getCertInitial = scep_build_request(issuerAndSubject , transID, SCEP_GetCertInitial_MSG , x509_ca_enc, pkcs7_symmetric_cipher @@ -1047,7 +1047,7 @@ int main(int argc, char **argv) { exit_scepclient("error parsing the scep response"); } - freeanychunk(certData); + chunk_free(&certData); /* store the end entity certificate */ path = concatenate_paths(HOST_CERT_PATH, file_out_cert);