ported most of the libstrongswan chunk_t macros to pluto
This commit is contained in:
parent
c04e75487f
commit
9b91b81870
|
@ -181,12 +181,12 @@ static inline void chunk_clear(chunk_t *chunk)
|
|||
/**
|
||||
* Clone a chunk on heap
|
||||
*/
|
||||
#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc(chunk.len) : NULL, chunk)
|
||||
#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk)
|
||||
|
||||
/**
|
||||
* Clone a chunk on stack
|
||||
*/
|
||||
#define chunk_clonea(chunk) chunk_create_clone(alloca(chunk.len), chunk)
|
||||
#define chunk_clonea(chunk) chunk_create_clone(alloca((chunk).len), chunk)
|
||||
|
||||
/**
|
||||
* Concatenate chunks into a chunk on heap
|
||||
|
|
|
@ -258,7 +258,7 @@ add_ietfAttr(ietfAttr_t *attr)
|
|||
ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
|
||||
|
||||
/* new attribute, unshare value */
|
||||
attr->value.ptr = clone_bytes(attr->value.ptr, attr->value.len);
|
||||
attr->value = chunk_clone(attr->value);
|
||||
attr->count = 1;
|
||||
time(&attr->installed);
|
||||
|
||||
|
|
|
@ -33,9 +33,9 @@ static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 };
|
|||
static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 };
|
||||
static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 };
|
||||
|
||||
const chunk_t ASN1_INTEGER_0 = strchunk(ASN1_INTEGER_0_str);
|
||||
const chunk_t ASN1_INTEGER_1 = strchunk(ASN1_INTEGER_1_str);
|
||||
const chunk_t ASN1_INTEGER_2 = strchunk(ASN1_INTEGER_2_str);
|
||||
const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
|
||||
const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
|
||||
const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
|
||||
|
||||
/* some popular algorithmIdentifiers */
|
||||
|
||||
|
@ -69,11 +69,11 @@ static u_char ASN1_rsaEncryption_id_str[] = {
|
|||
0x05, 0x00
|
||||
};
|
||||
|
||||
const chunk_t ASN1_md5_id = strchunk(ASN1_md5_id_str);
|
||||
const chunk_t ASN1_sha1_id = strchunk(ASN1_sha1_id_str);
|
||||
const chunk_t ASN1_rsaEncryption_id = strchunk(ASN1_rsaEncryption_id_str);
|
||||
const chunk_t ASN1_md5WithRSA_id = strchunk(ASN1_md5WithRSA_id_str);
|
||||
const chunk_t ASN1_sha1WithRSA_id = strchunk(ASN1_sha1WithRSA_id_str);
|
||||
const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
|
||||
const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
|
||||
const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
|
||||
const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
|
||||
const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
|
||||
|
||||
/* ASN.1 definition of an algorithmIdentifier */
|
||||
|
||||
|
|
|
@ -452,11 +452,9 @@ free_ca_info(ca_info_t* ca_info)
|
|||
free(ca_info->ldaphost);
|
||||
free(ca_info->ldapbase);
|
||||
free(ca_info->ocspuri);
|
||||
|
||||
freeanychunk(ca_info->authName);
|
||||
freeanychunk(ca_info->authKeyID);
|
||||
freeanychunk(ca_info->authKeySerialNumber);
|
||||
|
||||
free(ca_info->authName.ptr);
|
||||
free(ca_info->authKeyID.ptr);
|
||||
free(ca_info->authKeySerialNumber.ptr);
|
||||
free_generalNames(ca_info->crluri, TRUE);
|
||||
free(ca_info);
|
||||
}
|
||||
|
@ -564,21 +562,19 @@ add_ca_info(const whack_message_t *msg)
|
|||
ca->name = clone_str(msg->name);
|
||||
|
||||
/* authName */
|
||||
clonetochunk(ca->authName, cacert->subject.ptr, cacert->subject.len);
|
||||
ca->authName = chunk_clone(cacert->subject);
|
||||
dntoa(buf, BUF_LEN, ca->authName);
|
||||
DBG(DBG_CONTROL,
|
||||
DBG_log("authname: '%s'", buf)
|
||||
)
|
||||
|
||||
/* authSerialNumber */
|
||||
clonetochunk(ca->authKeySerialNumber, cacert->serialNumber.ptr,
|
||||
cacert->serialNumber.len);
|
||||
ca->authKeySerialNumber = chunk_clone(cacert->serialNumber);
|
||||
|
||||
/* authKeyID */
|
||||
if (cacert->subjectKeyID.ptr != NULL)
|
||||
{
|
||||
clonetochunk(ca->authKeyID, cacert->subjectKeyID.ptr,
|
||||
cacert->subjectKeyID.len);
|
||||
ca->authKeyID = chunk_clone(cacert->subjectKeyID);
|
||||
datatot(cacert->subjectKeyID.ptr, cacert->subjectKeyID.len, ':'
|
||||
, buf, BUF_LEN);
|
||||
DBG(DBG_CONTROL | DBG_PARSING ,
|
||||
|
|
|
@ -338,11 +338,11 @@ delete_connection(struct connection *c, bool relations)
|
|||
free(c->name);
|
||||
free_id_content(&c->spd.this.id);
|
||||
free(c->spd.this.updown);
|
||||
freeanychunk(c->spd.this.ca);
|
||||
free(c->spd.this.ca.ptr);
|
||||
free_ietfAttrList(c->spd.this.groups);
|
||||
free_id_content(&c->spd.that.id);
|
||||
free(c->spd.that.updown);
|
||||
freeanychunk(c->spd.that.ca);
|
||||
free(c->spd.that.ca.ptr);
|
||||
free_ietfAttrList(c->spd.that.groups);
|
||||
free_generalNames(c->requested_ca, TRUE);
|
||||
gw_delref(&c->gw_info);
|
||||
|
@ -688,17 +688,13 @@ unshare_connection_strings(struct connection *c)
|
|||
c->spd.this.updown = clone_str(c->spd.this.updown);
|
||||
scx_share(c->spd.this.sc);
|
||||
share_cert(c->spd.this.cert);
|
||||
if (c->spd.this.ca.ptr != NULL)
|
||||
clonetochunk(c->spd.this.ca, c->spd.this.ca.ptr, c->spd.this.ca.len);
|
||||
c->spd.this.ca = chunk_clone(c->spd.this.ca);
|
||||
|
||||
unshare_id_content(&c->spd.that.id);
|
||||
c->spd.that.updown = clone_str(c->spd.that.updown);
|
||||
scx_share(c->spd.that.sc);
|
||||
share_cert(c->spd.that.cert);
|
||||
if (c->spd.that.ca.ptr != NULL)
|
||||
{
|
||||
clonetochunk(c->spd.that.ca, c->spd.that.ca.ptr, c->spd.that.ca.len);
|
||||
}
|
||||
c->spd.that.ca = chunk_clone(c->spd.that.ca);
|
||||
|
||||
/* increment references to algo's */
|
||||
alg_info_addref((struct alg_info *)c->alg_info_esp);
|
||||
|
|
|
@ -29,8 +29,27 @@
|
|||
#include "log.h"
|
||||
#include "whack.h" /* for RC_LOG_SERIOUS */
|
||||
|
||||
/**
|
||||
* Empty chunk.
|
||||
*/
|
||||
const chunk_t chunk_empty = { NULL, 0 };
|
||||
|
||||
/**
|
||||
* Create a clone of a chunk pointing to "ptr"
|
||||
*/
|
||||
chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk)
|
||||
{
|
||||
chunk_t clone = chunk_empty;
|
||||
|
||||
if (chunk.ptr && chunk.len > 0)
|
||||
{
|
||||
clone.ptr = ptr;
|
||||
clone.len = chunk.len;
|
||||
memcpy(clone.ptr, chunk.ptr, chunk.len);
|
||||
}
|
||||
return clone;
|
||||
}
|
||||
|
||||
bool
|
||||
all_zero(const unsigned char *m, size_t len)
|
||||
{
|
||||
|
@ -86,17 +105,17 @@ concatenate_paths(const char *a, const char *b)
|
|||
/* compare two chunks, returns zero if a equals b
|
||||
* negative/positive if a is earlier/later in the alphabet than b
|
||||
*/
|
||||
int
|
||||
cmp_chunk(chunk_t a, chunk_t b)
|
||||
int chunk_compare(chunk_t a, chunk_t b)
|
||||
{
|
||||
int cmp_len, len, cmp_value;
|
||||
int compare_len = a.len - b.len;
|
||||
int len = (compare_len < 0)? a.len : b.len;
|
||||
|
||||
cmp_len = a.len - b.len;
|
||||
len = (cmp_len < 0)? a.len : b.len;
|
||||
cmp_value = memcmp(a.ptr, b.ptr, len);
|
||||
|
||||
return (cmp_value == 0)? cmp_len : cmp_value;
|
||||
};
|
||||
if (compare_len != 0 || len == 0)
|
||||
{
|
||||
return compare_len;
|
||||
}
|
||||
return memcmp(a.ptr, b.ptr, len);
|
||||
}
|
||||
|
||||
/* moves a chunk to a memory position, chunk is freed afterwards
|
||||
* position pointer is advanced after the insertion point
|
||||
|
@ -107,7 +126,7 @@ mv_chunk(u_char **pos, chunk_t content)
|
|||
if (content.len > 0)
|
||||
{
|
||||
chunkcpy(*pos, content);
|
||||
freeanychunk(content);
|
||||
free(content.ptr);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -49,7 +49,8 @@ extern void *clone_bytes(const void *orig, size_t size);
|
|||
#define clone_str(str) \
|
||||
((str) == NULL? NULL : strdup(str))
|
||||
|
||||
#define replace(p, q) { free(p); (p) = (q); }
|
||||
#define replace(p, q) \
|
||||
{ free(p); (p) = (q); }
|
||||
|
||||
|
||||
/* chunk is a simple pointer-and-size abstraction */
|
||||
|
@ -60,32 +61,50 @@ struct chunk {
|
|||
};
|
||||
typedef struct chunk chunk_t;
|
||||
|
||||
#define setchunk(ch, addr, size) { (ch).ptr = (addr); (ch).len = (size); }
|
||||
extern const chunk_t chunk_empty;
|
||||
|
||||
#define strchunk(str) { str, sizeof(str) }
|
||||
static inline chunk_t chunk_create(u_char *ptr, size_t len)
|
||||
{
|
||||
chunk_t chunk = {ptr, len};
|
||||
return chunk;
|
||||
}
|
||||
|
||||
/* NOTE: freeanychunk NULLs .ptr */
|
||||
#define freeanychunk(ch) { free((ch).ptr); (ch).ptr = NULL; }
|
||||
static inline void chunk_free(chunk_t *chunk)
|
||||
{
|
||||
free(chunk->ptr);
|
||||
*chunk = chunk_empty;
|
||||
}
|
||||
|
||||
#define clonetochunk(ch, addr, size) \
|
||||
{ (ch).ptr = clone_bytes((addr), (ch).len = (size)); }
|
||||
static inline void chunk_clear(chunk_t *chunk)
|
||||
{
|
||||
if (chunk->ptr)
|
||||
{
|
||||
memset(chunk->ptr, 0, chunk->len);
|
||||
chunk_free(chunk);
|
||||
}
|
||||
}
|
||||
|
||||
#define clonereplacechunk(ch, addr, size) \
|
||||
{ free((ch).ptr); clonetochunk(ch, addr, size); }
|
||||
static inline bool chunk_equals(chunk_t a, chunk_t b)
|
||||
{
|
||||
return a.ptr != NULL && b.ptr != NULL &&
|
||||
a.len == b.len && memeq(a.ptr, b.ptr, a.len);
|
||||
}
|
||||
|
||||
extern chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk);
|
||||
|
||||
#define chunk_clone(chunk) \
|
||||
chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk)
|
||||
|
||||
#define chunk_from_buf(str) { str, sizeof(str) }
|
||||
|
||||
#define chunkcpy(dst, chunk) \
|
||||
{ memcpy(dst, chunk.ptr, chunk.len); dst += chunk.len;}
|
||||
|
||||
#define same_chunk(a, b) \
|
||||
( (a).len == (b).len && memcmp((a).ptr, (b).ptr, (b).len) == 0 )
|
||||
|
||||
extern char* temporary_cyclic_buffer(void);
|
||||
extern const char* concatenate_paths(const char *a, const char *b);
|
||||
|
||||
extern const chunk_t chunk_empty;
|
||||
|
||||
/* compare two chunks */
|
||||
extern int cmp_chunk(chunk_t a, chunk_t b);
|
||||
extern int chunk_compare(chunk_t a, chunk_t b);
|
||||
|
||||
/* move a chunk to a memory position and free it after insertion */
|
||||
extern void mv_chunk(u_char **pos, chunk_t content);
|
||||
|
|
|
@ -990,7 +990,7 @@ malloc_md(void)
|
|||
void
|
||||
release_md(struct msg_digest *md)
|
||||
{
|
||||
freeanychunk(md->raw_packet);
|
||||
chunk_free(&md->raw_packet);
|
||||
free(md->packet_pbs.start);
|
||||
md->packet_pbs.start = NULL;
|
||||
md->next = md_pool;
|
||||
|
@ -1793,7 +1793,8 @@ process_packet(struct msg_digest **mdp)
|
|||
/* XXX Detect weak keys */
|
||||
|
||||
/* grab a copy of raw packet (for duplicate packet detection) */
|
||||
clonetochunk(md->raw_packet, md->packet_pbs.start, pbs_room(&md->packet_pbs));
|
||||
md->raw_packet = chunk_create(md->packet_pbs.start, pbs_room(&md->packet_pbs));
|
||||
md->raw_packet = chunk_clone(md->raw_packet);
|
||||
|
||||
/* Decrypt everything after header */
|
||||
if (!new_iv_set)
|
||||
|
@ -2137,20 +2138,21 @@ complete_state_transition(struct msg_digest **mdp, stf_status result)
|
|||
}
|
||||
else
|
||||
{
|
||||
clonetochunk(st->st_rpacket
|
||||
, md->packet_pbs.start
|
||||
, pbs_room(&md->packet_pbs));
|
||||
st->st_rpacket = chunk_create(md->packet_pbs.start,
|
||||
pbs_room(&md->packet_pbs));
|
||||
st->st_rpacket = chunk_clone(st->st_rpacket);
|
||||
}
|
||||
|
||||
/* free previous transmit packet */
|
||||
freeanychunk(st->st_tpacket);
|
||||
chunk_free(&st->st_tpacket);
|
||||
|
||||
/* if requested, send the new reply packet */
|
||||
if (smc->flags & SMF_REPLY)
|
||||
{
|
||||
close_output_pbs(&md->reply); /* good form, but actually a no-op */
|
||||
|
||||
clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
|
||||
st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
|
||||
st->st_tpacket = chunk_clone(st->st_tpacket);
|
||||
|
||||
if (nat_traversal_enabled)
|
||||
nat_traversal_change_port_lookup(md, md->st);
|
||||
|
|
|
@ -927,9 +927,8 @@ process_key_rr(u_char *ptr, size_t len
|
|||
|
||||
if (doit)
|
||||
{
|
||||
chunk_t k;
|
||||
chunk_t k = { pbs.cur, pbs_left(&pbs) };
|
||||
|
||||
setchunk(k, pbs.cur, pbs_left(&pbs));
|
||||
TRY(add_public_key(&cr->id, dns_auth_level, PUBKEY_ALG_RSA, &k
|
||||
, &cr->keys_from_dns));
|
||||
}
|
||||
|
|
|
@ -341,7 +341,6 @@ fetch_curl(char *url, chunk_t *blob)
|
|||
plog("fetching uri (%s) with libcurl failed: %s", url, errorbuffer);
|
||||
}
|
||||
curl_easy_cleanup(curl);
|
||||
/* not using freeanychunk because of realloc (no leak detective) */
|
||||
curl_free(response.ptr);
|
||||
}
|
||||
return strlen(errorbuffer) > 0 ? "libcurl error" : NULL;
|
||||
|
@ -628,9 +627,8 @@ fetch_crls(bool cache_crls)
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t crl_uri;
|
||||
chunk_t crl_uri = chunk_clone(gn->name);
|
||||
|
||||
clonetochunk(crl_uri, gn->name.ptr, gn->name.len);
|
||||
if (insert_crl(blob, crl_uri, cache_crls))
|
||||
{
|
||||
DBG(DBG_CONTROL,
|
||||
|
@ -730,11 +728,10 @@ fetch_ocsp_status(ocsp_location_t* location)
|
|||
curl_slist_free_all(headers);
|
||||
curl_easy_cleanup(curl);
|
||||
free(uri);
|
||||
/* not using freeanychunk because of realloc (no leak detective) */
|
||||
curl_free(response.ptr);
|
||||
}
|
||||
freeanychunk(location->nonce);
|
||||
freeanychunk(request);
|
||||
free(request.ptr);
|
||||
chunk_free(&location->nonce);
|
||||
|
||||
/* increment the trial counter of the unresolved fetch requests */
|
||||
{
|
||||
|
@ -918,7 +915,7 @@ add_distribution_points(const generalName_t *newPoints ,generalName_t **distribu
|
|||
{
|
||||
/* clone additional distribution point */
|
||||
gn = clone_thing(*newPoints);
|
||||
clonetochunk(gn->name, newPoints->name.ptr, newPoints->name.len);
|
||||
gn->name = chunk_clone(newPoints->name);
|
||||
|
||||
/* insert additional CRL distribution point */
|
||||
gn->next = *distributionPoints;
|
||||
|
@ -940,16 +937,9 @@ build_crl_fetch_request(chunk_t issuer, chunk_t authKeySerialNumber
|
|||
req->installed = time(NULL);
|
||||
|
||||
/* clone fields */
|
||||
clonetochunk(req->issuer, issuer.ptr, issuer.len);
|
||||
if (authKeySerialNumber.ptr != NULL)
|
||||
{
|
||||
clonetochunk(req->authKeySerialNumber, authKeySerialNumber.ptr
|
||||
, authKeySerialNumber.len);
|
||||
}
|
||||
if (authKeyID.ptr != NULL)
|
||||
{
|
||||
clonetochunk(req->authKeyID, authKeyID.ptr, authKeyID.len);
|
||||
}
|
||||
req->issuer = chunk_clone(issuer);
|
||||
req->authKeySerialNumber = chunk_clone(authKeySerialNumber);
|
||||
req->authKeyID = chunk_clone(authKeyID);
|
||||
|
||||
/* copy distribution points */
|
||||
add_distribution_points(gn, &req->distributionPoints);
|
||||
|
|
|
@ -145,7 +145,9 @@ set_myFQDN(void)
|
|||
|
||||
if (!strcaseeq(FQDN, "localhost.localdomain"))
|
||||
{
|
||||
clonetochunk(myids[MYID_HOSTNAME].name, FQDN, strlen(FQDN));
|
||||
chunk_t myid_name = { FQDN, strlen(FQDN) };
|
||||
|
||||
myids[MYID_HOSTNAME].name = chunk_clone(myid_name);
|
||||
myids[MYID_HOSTNAME].kind = ID_FQDN;
|
||||
calc_myid_str(MYID_HOSTNAME);
|
||||
}
|
||||
|
@ -365,7 +367,7 @@ unshare_id_content(struct id *id)
|
|||
case ID_USER_FQDN:
|
||||
case ID_DER_ASN1_DN:
|
||||
case ID_KEY_ID:
|
||||
id->name.ptr = clone_bytes(id->name.ptr, id->name.len);
|
||||
id->name = chunk_clone(id->name);
|
||||
break;
|
||||
case ID_MYID:
|
||||
case ID_NONE:
|
||||
|
@ -386,7 +388,7 @@ free_id_content(struct id *id)
|
|||
case ID_USER_FQDN:
|
||||
case ID_DER_ASN1_DN:
|
||||
case ID_KEY_ID:
|
||||
freeanychunk(id->name);
|
||||
free(id->name.ptr);
|
||||
break;
|
||||
case ID_MYID:
|
||||
case ID_NONE:
|
||||
|
|
|
@ -136,7 +136,7 @@ compute_dh_shared(struct state *st, const chunk_t g
|
|||
mpz_init(&mp_shared);
|
||||
mpz_powm(&mp_shared, &mp_g, &st->st_sec, group->modulus);
|
||||
mpz_clear(&mp_g);
|
||||
freeanychunk(st->st_shared); /* happens in odd error cases */
|
||||
free(st->st_shared.ptr); /* happens in odd error cases */
|
||||
st->st_shared = mpz_to_n(&mp_shared, group->bytes);
|
||||
mpz_clear(&mp_shared);
|
||||
gettimeofday(&tv1, NULL);
|
||||
|
@ -175,7 +175,7 @@ build_and_ship_KE(struct state *st, chunk_t *g
|
|||
|
||||
mpz_init(&mp_g);
|
||||
mpz_powm(&mp_g, &groupgenerator, &st->st_sec, group->modulus);
|
||||
freeanychunk(*g); /* happens in odd error cases */
|
||||
free(g->ptr); /* happens in odd error cases */
|
||||
*g = mpz_to_n(&mp_g, group->bytes);
|
||||
mpz_clear(&mp_g);
|
||||
DBG(DBG_CRYPT,
|
||||
|
@ -206,7 +206,9 @@ accept_KE(chunk_t *dest, const char *val_name
|
|||
/* XXX Could send notification back */
|
||||
return INVALID_KEY_INFORMATION;
|
||||
}
|
||||
clonereplacechunk(*dest, pbs->cur, pbs_left(pbs));
|
||||
free(dest->ptr);
|
||||
*dest = chunk_create(pbs->cur, pbs_left(pbs));
|
||||
*dest = chunk_clone(*dest);
|
||||
DBG_cond_dump_chunk(DBG_CRYPT, "DH public value received:\n", *dest);
|
||||
return NOTHING_WRONG;
|
||||
}
|
||||
|
@ -253,8 +255,8 @@ static bool
|
|||
build_and_ship_nonce(chunk_t *n, pb_stream *outs, u_int8_t np
|
||||
, const char *name)
|
||||
{
|
||||
freeanychunk(*n);
|
||||
setchunk(*n, malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE);
|
||||
free(n->ptr);
|
||||
*n = chunk_create(malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE);
|
||||
get_rnd_bytes(n->ptr, DEFAULT_NONCE_SIZE);
|
||||
return out_generic_chunk(np, &isakmp_nonce_desc, outs, *n, name);
|
||||
}
|
||||
|
@ -445,7 +447,7 @@ send_notification(struct state *sndst, u_int16_t type, struct state *encst,
|
|||
{
|
||||
chunk_t saved_tpacket = sndst->st_tpacket;
|
||||
|
||||
setchunk(sndst->st_tpacket, pbs.start, pbs_offset(&pbs));
|
||||
sndst->st_tpacket = chunk_create(pbs.start, pbs_offset(&pbs));
|
||||
send_packet(sndst, "ISAKMP notify");
|
||||
sndst->st_tpacket = saved_tpacket;
|
||||
}
|
||||
|
@ -677,7 +679,7 @@ send_delete(struct state *st)
|
|||
if (!encrypt_message(&r_hdr_pbs, p1st))
|
||||
impossible();
|
||||
|
||||
setchunk(p1st->st_tpacket, reply_pbs.start, pbs_offset(&reply_pbs));
|
||||
p1st->st_tpacket = chunk_create(reply_pbs.start, pbs_offset(&reply_pbs));
|
||||
send_packet(p1st, "delete notify");
|
||||
p1st->st_tpacket = saved_tpacket;
|
||||
|
||||
|
@ -962,7 +964,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
|
|||
|
||||
/* save initiator SA for later HASH */
|
||||
passert(st->st_p1isa.ptr == NULL); /* no leak! (MUST be first time) */
|
||||
clonetochunk(st->st_p1isa, sa_start, rbody.cur - sa_start);
|
||||
st->st_p1isa = chunk_create(sa_start, rbody.cur - sa_start);
|
||||
st->st_p1isa = chunk_clone(st->st_p1isa);
|
||||
}
|
||||
|
||||
/* if enabled send Pluto Vendor ID */
|
||||
|
@ -1033,7 +1036,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
|
|||
|
||||
close_message(&rbody);
|
||||
close_output_pbs(&reply);
|
||||
clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply));
|
||||
st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
|
||||
st->st_tpacket = chunk_clone(st->st_tpacket);
|
||||
|
||||
/* Transmit */
|
||||
|
||||
|
@ -1316,7 +1320,9 @@ generate_skeyids_iv(struct state *st)
|
|||
}
|
||||
k = keytemp;
|
||||
}
|
||||
clonereplacechunk(st->st_enc_key, k, keysize);
|
||||
free(st->st_enc_key.ptr);
|
||||
st->st_enc_key = chunk_create(k, keysize);
|
||||
st->st_enc_key = chunk_clone(st->st_enc_key);
|
||||
}
|
||||
|
||||
DBG(DBG_CRYPT,
|
||||
|
@ -1846,7 +1852,9 @@ accept_nonce(struct msg_digest *md, chunk_t *dest, const char *name)
|
|||
, name , MINIMUM_NONCE_SIZE, MAXIMUM_NONCE_SIZE);
|
||||
return PAYLOAD_MALFORMED; /* ??? */
|
||||
}
|
||||
clonereplacechunk(*dest, nonce_pbs->cur, len);
|
||||
free(dest->ptr);
|
||||
*dest = chunk_create(nonce_pbs->cur, len);
|
||||
*dest = chunk_clone(*dest);
|
||||
return NOTHING_WRONG;
|
||||
}
|
||||
|
||||
|
@ -2203,7 +2211,8 @@ quick_outI1(int whack_sock
|
|||
}
|
||||
|
||||
/* save packet, now that we know its size */
|
||||
clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply));
|
||||
st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
|
||||
st->st_tpacket = chunk_clone(st->st_tpacket);
|
||||
|
||||
/* send the packet */
|
||||
|
||||
|
@ -2311,7 +2320,7 @@ decode_cr(struct msg_digest *md, struct connection *c)
|
|||
continue;
|
||||
|
||||
gn = malloc_thing(generalName_t);
|
||||
clonetochunk(ca_name, ca_name.ptr,ca_name.len);
|
||||
ca_name = chunk_clone(ca_name);
|
||||
gn->kind = GN_DIRECTORY_NAME;
|
||||
gn->name = ca_name;
|
||||
gn->next = c->requested_ca;
|
||||
|
@ -2409,17 +2418,17 @@ decode_peer_id(struct msg_digest *md, struct id *peer)
|
|||
|
||||
/* ??? ought to do some more sanity check, but what? */
|
||||
|
||||
setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
|
||||
peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
|
||||
break;
|
||||
|
||||
case ID_KEY_ID:
|
||||
setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
|
||||
peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
|
||||
DBG(DBG_PARSING,
|
||||
DBG_dump_chunk("KEY ID:", peer->name));
|
||||
break;
|
||||
|
||||
case ID_DER_ASN1_DN:
|
||||
setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
|
||||
peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
|
||||
DBG(DBG_PARSING,
|
||||
DBG_dump_chunk("DER ASN1 DN:", peer->name));
|
||||
break;
|
||||
|
@ -3221,7 +3230,9 @@ main_inI1_outR1(struct msg_digest *md)
|
|||
close_message(&md->rbody);
|
||||
|
||||
/* save initiator SA for HASH */
|
||||
clonereplacechunk(st->st_p1isa, sa_pd->pbs.start, pbs_room(&sa_pd->pbs));
|
||||
free(st->st_p1isa.ptr);
|
||||
st->st_p1isa = chunk_create(sa_pd->pbs.start, pbs_room(&sa_pd->pbs));
|
||||
st->st_p1isa = chunk_clone(st->st_p1isa);
|
||||
|
||||
return STF_OK;
|
||||
}
|
||||
|
@ -5332,7 +5343,7 @@ send_isakmp_notification(struct state *st, u_int16_t type
|
|||
{
|
||||
chunk_t saved_tpacket = st->st_tpacket;
|
||||
|
||||
setchunk(st->st_tpacket, reply.start, pbs_offset(&reply));
|
||||
st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
|
||||
send_packet(st, "ISAKMP notify");
|
||||
st->st_tpacket = saved_tpacket;
|
||||
}
|
||||
|
|
|
@ -1467,7 +1467,7 @@ scan_proc_shunts(void)
|
|||
|
||||
cp += strspn(cp, sep); /* find start of field */
|
||||
w = strcspn(cp, sep); /* find width of field */
|
||||
setchunk(field[fi], cp, w);
|
||||
field[fi] = chunk_create(cp, w);
|
||||
cp += w;
|
||||
if (w == 0)
|
||||
break;
|
||||
|
|
|
@ -120,8 +120,8 @@ static void
|
|||
free_public_key(pubkey_t *pk)
|
||||
{
|
||||
free_id_content(&pk->id);
|
||||
freeanychunk(pk->issuer);
|
||||
freeanychunk(pk->serial);
|
||||
free(pk->issuer.ptr);
|
||||
free(pk->serial.ptr);
|
||||
|
||||
/* algorithm-specific freeing */
|
||||
switch (pk->alg)
|
||||
|
@ -411,7 +411,9 @@ process_psk_secret(chunk_t *psk)
|
|||
|
||||
if (*tok == '"' || *tok == '\'')
|
||||
{
|
||||
clonetochunk(*psk, tok+1, flp->cur - tok - 2);
|
||||
chunk_t secret = { tok + 1, flp->cur - tok -2 };
|
||||
|
||||
*psk = chunk_clone(secret);
|
||||
(void) shift();
|
||||
}
|
||||
else
|
||||
|
@ -428,7 +430,8 @@ process_psk_secret(chunk_t *psk)
|
|||
}
|
||||
else
|
||||
{
|
||||
clonetochunk(*psk, buf, sz);
|
||||
chunk_t secret = { buf, sz };
|
||||
*psk = chunk_clone(secret);
|
||||
(void) shift();
|
||||
}
|
||||
}
|
||||
|
@ -488,7 +491,7 @@ process_rsa_secret(RSA_private_key_t *rsak)
|
|||
if (eb_next - ebytes + sz > sizeof(ebytes))
|
||||
return "public key takes too many bytes";
|
||||
|
||||
setchunk(*pb_next, eb_next, sz);
|
||||
*pb_next = chunk_create(eb_next, sz);
|
||||
memcpy(eb_next, buf, sz);
|
||||
eb_next += sz;
|
||||
pb_next++;
|
||||
|
@ -609,8 +612,7 @@ process_xauth(secret_t *s)
|
|||
plog(" loaded xauth credentials of user '%.*s'"
|
||||
, user_name.len
|
||||
, user_name.ptr);
|
||||
clonetochunk(s->u.xauth_secret.user_name
|
||||
, user_name.ptr, user_name.len);
|
||||
s->u.xauth_secret.user_name = chunk_clone(user_name);
|
||||
|
||||
if (!shift())
|
||||
return "missing xauth user password";
|
||||
|
@ -657,10 +659,10 @@ xauth_verify_secret(const xauth_peer_t *peer, const xauth_t *xauth_secret)
|
|||
{
|
||||
if (s->kind == PPK_XAUTH)
|
||||
{
|
||||
if (!same_chunk(xauth_secret->user_name, s->u.xauth_secret.user_name))
|
||||
if (!chunk_equals(xauth_secret->user_name, s->u.xauth_secret.user_name))
|
||||
continue;
|
||||
found = TRUE;
|
||||
if (same_chunk(xauth_secret->user_password, s->u.xauth_secret.user_password))
|
||||
if (chunk_equals(xauth_secret->user_password, s->u.xauth_secret.user_password))
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
@ -736,15 +738,20 @@ process_pin(secret_t *s, int whackfd)
|
|||
}
|
||||
else if (tokeqword("%pinpad"))
|
||||
{
|
||||
chunk_t empty_pin = { "", 0 };
|
||||
|
||||
shift();
|
||||
|
||||
/* pin will be entered via pin pad during verification */
|
||||
clonetochunk(sc->pin, "", 0);
|
||||
sc->pin = chunk_clone(empty_pin);
|
||||
sc->pinpad = TRUE;
|
||||
sc->valid = TRUE;
|
||||
pin_status = "pin entry via pad";
|
||||
if (pkcs11_keep_state)
|
||||
{
|
||||
scx_verify_pin(sc);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
/* we read the pin directly from ipsec.secrets */
|
||||
|
@ -937,7 +944,7 @@ process_secret_records(int whackfd)
|
|||
zero(s);
|
||||
s->ids = NULL;
|
||||
s->kind = PPK_PSK; /* default */
|
||||
setchunk(s->u.preshared_secret, NULL, 0);
|
||||
s->u.preshared_secret = chunk_empty;
|
||||
s->next = NULL;
|
||||
|
||||
for (;;)
|
||||
|
@ -1239,16 +1246,18 @@ unpack_RSA_public_key(RSA_public_key_t *rsa, const chunk_t *pubkey)
|
|||
|
||||
if (pubkey->ptr[0] != 0x00)
|
||||
{
|
||||
setchunk(exp, pubkey->ptr + 1, pubkey->ptr[0]);
|
||||
exp = chunk_create(pubkey->ptr + 1, pubkey->ptr[0]);
|
||||
}
|
||||
else
|
||||
{
|
||||
setchunk(exp, pubkey->ptr + 3
|
||||
, (pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]);
|
||||
exp = chunk_create(pubkey->ptr + 3,
|
||||
(pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]);
|
||||
}
|
||||
|
||||
if (pubkey->len - (exp.ptr - pubkey->ptr) < exp.len + RSA_MIN_OCTETS_RFC)
|
||||
{
|
||||
return "RSA public key blob too short";
|
||||
}
|
||||
|
||||
mod.ptr = exp.ptr + exp.len;
|
||||
mod.len = &pubkey->ptr[pubkey->len] - mod.ptr;
|
||||
|
@ -1284,16 +1293,10 @@ install_public_key(pubkey_t *pk, pubkey_list_t **head)
|
|||
unshare_id_content(&pk->id);
|
||||
|
||||
/* copy issuer dn */
|
||||
if (pk->issuer.ptr != NULL)
|
||||
{
|
||||
pk->issuer.ptr = clone_bytes(pk->issuer.ptr, pk->issuer.len);
|
||||
}
|
||||
pk->issuer = chunk_clone(pk->issuer);
|
||||
|
||||
/* copy serial number */
|
||||
if (pk->serial.ptr != NULL)
|
||||
{
|
||||
pk->serial.ptr = clone_bytes(pk->serial.ptr, pk->serial.len);
|
||||
}
|
||||
pk->serial = chunk_clone(pk->serial);
|
||||
|
||||
/* store the time the public key was installed */
|
||||
time(&pk->installed_time);
|
||||
|
|
|
@ -530,8 +530,9 @@ modecfg_send_msg(struct state *st, int isama_type, internal_addr_t *ia)
|
|||
, 0 /* XXX isama_id */
|
||||
);
|
||||
|
||||
freeanychunk(st->st_tpacket);
|
||||
clonetochunk(st->st_tpacket, msg.start, pbs_offset(&msg));
|
||||
free(st->st_tpacket.ptr);
|
||||
st->st_tpacket = chunk_create(msg.start, pbs_offset(&msg));
|
||||
st->st_tpacket = chunk_clone(st->st_tpacket);
|
||||
|
||||
/* Transmit */
|
||||
send_packet(st, "ModeCfg msg");
|
||||
|
@ -675,11 +676,11 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia)
|
|||
ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
|
||||
break;
|
||||
case XAUTH_USER_NAME:
|
||||
setchunk(ia->xauth_secret.user_name, strattr.cur, attr_len);
|
||||
ia->xauth_secret.user_name = chunk_create(strattr.cur, attr_len);
|
||||
ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
|
||||
break;
|
||||
case XAUTH_USER_PASSWORD:
|
||||
setchunk(ia->xauth_secret.user_password, strattr.cur, attr_len);
|
||||
ia->xauth_secret.user_password = chunk_create(strattr.cur, attr_len);
|
||||
ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
|
||||
break;
|
||||
case XAUTH_STATUS:
|
||||
|
@ -1092,8 +1093,9 @@ xauth_inI0(struct msg_digest *md)
|
|||
else
|
||||
{
|
||||
/* send XAUTH reply msg and then delete ISAKMP SA */
|
||||
freeanychunk(st->st_tpacket);
|
||||
clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
|
||||
free(st->st_tpacket.ptr);
|
||||
st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
|
||||
st->st_tpacket = chunk_clone(st->st_tpacket);
|
||||
send_packet(st, "XAUTH reply msg");
|
||||
delete_state(st);
|
||||
return STF_IGNORE;
|
||||
|
@ -1223,8 +1225,9 @@ xauth_inI1(struct msg_digest *md)
|
|||
else
|
||||
{
|
||||
/* send XAUTH ack msg and then delete ISAKMP SA */
|
||||
freeanychunk(st->st_tpacket);
|
||||
clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
|
||||
free(st->st_tpacket.ptr);
|
||||
st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
|
||||
st->st_tpacket = chunk_clone(st->st_tpacket);
|
||||
send_packet(st, "XAUTH ack msg");
|
||||
delete_state(st);
|
||||
return STF_IGNORE;
|
||||
|
|
|
@ -575,14 +575,14 @@ static void nat_traversal_send_ka (struct state *st)
|
|||
)
|
||||
|
||||
/* save state chunk */
|
||||
setchunk(sav, st->st_tpacket.ptr, st->st_tpacket.len);
|
||||
sav = st->st_tpacket;
|
||||
|
||||
/* send keep alive */
|
||||
setchunk(st->st_tpacket, &ka_payload, 1);
|
||||
st->st_tpacket = chunk_create(&ka_payload, 1);
|
||||
send_packet(st, "NAT-T Keep Alive");
|
||||
|
||||
/* restore state chunk */
|
||||
setchunk(st->st_tpacket, sav.ptr, sav.len);
|
||||
st->st_tpacket = sav;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -131,13 +131,13 @@ static u_char ASN1_nonce_oid_str[] = {
|
|||
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02
|
||||
};
|
||||
|
||||
static const chunk_t ASN1_nonce_oid = strchunk(ASN1_nonce_oid_str);
|
||||
static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str);
|
||||
|
||||
static u_char ASN1_response_oid_str[] = {
|
||||
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04
|
||||
};
|
||||
|
||||
static const chunk_t ASN1_response_oid = strchunk(ASN1_response_oid_str);
|
||||
static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str);
|
||||
|
||||
static u_char ASN1_response_content_str[] = {
|
||||
0x04, 0x0D,
|
||||
|
@ -145,7 +145,7 @@ static u_char ASN1_response_content_str[] = {
|
|||
0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
|
||||
};
|
||||
|
||||
static const chunk_t ASN1_response_content = strchunk(ASN1_response_content_str);
|
||||
static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str);
|
||||
|
||||
/* default OCSP uri */
|
||||
static chunk_t ocsp_default_uri;
|
||||
|
@ -295,13 +295,16 @@ build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location)
|
|||
ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber
|
||||
, cert->authKeyID);
|
||||
if (ca != NULL && ca->ocspuri != NULL)
|
||||
setchunk(location->uri, ca->ocspuri, strlen(ca->ocspuri))
|
||||
{
|
||||
location->uri = chunk_create(ca->ocspuri, strlen(ca->ocspuri));
|
||||
}
|
||||
else
|
||||
/* abort if no ocsp location uri is defined */
|
||||
{ /* abort if no ocsp location uri is defined */
|
||||
return FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
setchunk(location->authNameID, digest, SHA1_DIGEST_SIZE);
|
||||
location->authNameID = chunk_create(digest, SHA1_DIGEST_SIZE);
|
||||
compute_digest(cert->issuer, OID_SHA1, &location->authNameID);
|
||||
|
||||
location->next = NULL;
|
||||
|
@ -337,7 +340,7 @@ same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t *b)
|
|||
? same_keyid(a->authKeyID, b->authKeyID)
|
||||
: (same_dn(a->issuer, b->issuer)
|
||||
&& same_serial(a->authKeySerialNumber, b->authKeySerialNumber)))
|
||||
&& same_chunk(a->uri, b->uri);
|
||||
&& chunk_equals(a->uri, b->uri);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -378,7 +381,7 @@ get_ocsp_status(const ocsp_location_t *loc, chunk_t serialNumber
|
|||
|
||||
while (certinfo != NULL)
|
||||
{
|
||||
cmp = cmp_chunk(serialNumber, certinfo->serialNumber);
|
||||
cmp = chunk_compare(serialNumber, certinfo->serialNumber);
|
||||
if (cmp <= 0)
|
||||
break;
|
||||
certinfop = &certinfo->next;
|
||||
|
@ -488,7 +491,7 @@ check_ocsp(void)
|
|||
static void
|
||||
free_certinfo(ocsp_certinfo_t *certinfo)
|
||||
{
|
||||
freeanychunk(certinfo->serialNumber);
|
||||
free(certinfo->serialNumber.ptr);
|
||||
free(certinfo);
|
||||
}
|
||||
|
||||
|
@ -514,11 +517,11 @@ free_certinfos(ocsp_certinfo_t *chain)
|
|||
static void
|
||||
free_ocsp_location(ocsp_location_t* location)
|
||||
{
|
||||
freeanychunk(location->issuer);
|
||||
freeanychunk(location->authNameID);
|
||||
freeanychunk(location->authKeyID);
|
||||
freeanychunk(location->authKeySerialNumber);
|
||||
freeanychunk(location->uri);
|
||||
free(location->issuer.ptr);
|
||||
free(location->authNameID.ptr);
|
||||
free(location->authKeyID.ptr);
|
||||
free(location->authKeySerialNumber.ptr);
|
||||
free(location->uri.ptr);
|
||||
free_certinfos(location->certinfo);
|
||||
free(location);
|
||||
}
|
||||
|
@ -792,7 +795,7 @@ build_signature(chunk_t tbsRequest)
|
|||
sigdata = generate_signature(digest_info
|
||||
, ocsp_requestor_sc
|
||||
, ocsp_requestor_pri);
|
||||
freeanychunk(digest_info);
|
||||
free(digest_info.ptr);
|
||||
|
||||
/* has the RSA signature generation been successful? */
|
||||
if (sigdata.ptr == NULL)
|
||||
|
@ -1154,10 +1157,9 @@ parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res)
|
|||
break;
|
||||
case BASIC_RESPONSE_CERTIFICATE:
|
||||
{
|
||||
chunk_t blob;
|
||||
chunk_t blob = chunk_clone(object);
|
||||
x509cert_t *cert = malloc_thing(x509cert_t);
|
||||
|
||||
clonetochunk(blob, object.ptr, object.len);
|
||||
*cert = empty_x509cert;
|
||||
|
||||
if (parse_x509cert(blob, level+1, cert)
|
||||
|
@ -1327,30 +1329,11 @@ add_ocsp_location(const ocsp_location_t *loc, ocsp_location_t **chain)
|
|||
ocsp_location_t *location = malloc_thing(ocsp_location_t);
|
||||
|
||||
/* unshare location fields */
|
||||
clonetochunk(location->issuer, loc->issuer.ptr, loc->issuer.len);
|
||||
|
||||
clonetochunk(location->authNameID, loc->authNameID.ptr, loc->authNameID.len);
|
||||
|
||||
if (loc->authKeyID.ptr == NULL)
|
||||
{
|
||||
location->authKeyID = chunk_empty;
|
||||
}
|
||||
else
|
||||
{
|
||||
clonetochunk(location->authKeyID, loc->authKeyID.ptr, loc->authKeyID.len);
|
||||
}
|
||||
|
||||
if (loc->authKeySerialNumber.ptr == NULL)
|
||||
{
|
||||
location->authKeySerialNumber = chunk_empty;
|
||||
}
|
||||
else
|
||||
{
|
||||
clonetochunk(location->authKeySerialNumber
|
||||
, loc->authKeySerialNumber.ptr, loc->authKeySerialNumber.len);
|
||||
}
|
||||
|
||||
clonetochunk(location->uri, loc->uri.ptr, loc->uri.len);
|
||||
location->issuer = chunk_clone(loc->issuer);
|
||||
location->authNameID = chunk_clone(loc->authNameID);
|
||||
location->authKeyID = chunk_clone(loc->authKeyID);
|
||||
location->authKeySerialNumber = chunk_clone(loc->authKeySerialNumber);
|
||||
location->uri = chunk_clone(loc->uri);
|
||||
location->certinfo = NULL;
|
||||
|
||||
/* insert new ocsp location in front of chain */
|
||||
|
@ -1387,7 +1370,7 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai
|
|||
|
||||
while (certinfo != NULL)
|
||||
{
|
||||
cmp = cmp_chunk(info->serialNumber, certinfo->serialNumber);
|
||||
cmp = chunk_compare(info->serialNumber, certinfo->serialNumber);
|
||||
if (cmp <= 0)
|
||||
break;
|
||||
certinfop = &certinfo->next;
|
||||
|
@ -1398,7 +1381,8 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai
|
|||
{
|
||||
/* add a new certinfo entry */
|
||||
ocsp_certinfo_t *cnew = malloc_thing(ocsp_certinfo_t);
|
||||
clonetochunk(cnew->serialNumber, info->serialNumber.ptr, info->serialNumber.len);
|
||||
|
||||
cnew->serialNumber = chunk_clone(info->serialNumber);
|
||||
cnew->next = certinfo;
|
||||
*certinfop = cnew;
|
||||
certinfo = cnew;
|
||||
|
@ -1454,8 +1438,8 @@ process_single_response(ocsp_location_t *location, single_response_t *sres)
|
|||
plog("only SHA-1 hash supported in OCSP single response");
|
||||
return;
|
||||
}
|
||||
if (!(same_chunk(sres->issuer_name_hash, location->authNameID)
|
||||
&& same_chunk(sres->issuer_key_hash, location->authKeyID)))
|
||||
if (!(chunk_equals(sres->issuer_name_hash, location->authNameID)
|
||||
&& chunk_equals(sres->issuer_key_hash, location->authKeyID)))
|
||||
{
|
||||
plog("ocsp single response has wrong issuer");
|
||||
return;
|
||||
|
@ -1467,7 +1451,7 @@ process_single_response(ocsp_location_t *location, single_response_t *sres)
|
|||
|
||||
while (certinfo != NULL)
|
||||
{
|
||||
cmp = cmp_chunk(sres->serialNumber, certinfo->serialNumber);
|
||||
cmp = chunk_compare(sres->serialNumber, certinfo->serialNumber);
|
||||
if (cmp <= 0)
|
||||
break;
|
||||
certinfop = &certinfo->next;
|
||||
|
@ -1522,7 +1506,7 @@ parse_ocsp(ocsp_location_t *location, chunk_t blob)
|
|||
plog("ocsp response contains no nonce, replay attack possible");
|
||||
}
|
||||
/* check if the nonce is identical */
|
||||
if (res.nonce.ptr != NULL && !same_chunk(res.nonce, location->nonce))
|
||||
if (res.nonce.ptr != NULL && !chunk_equals(res.nonce, location->nonce))
|
||||
{
|
||||
plog("invalid nonce in ocsp response");
|
||||
return;
|
||||
|
|
|
@ -286,7 +286,7 @@ pem_decrypt(chunk_t *blob, chunk_t *iv, prompt_pass_t *pass, const char* label)
|
|||
return ugh;
|
||||
}
|
||||
|
||||
clonetochunk(blob_copy, blob->ptr, blob->len);
|
||||
blob_copy = chunk_clone(*blob);
|
||||
|
||||
if (pem_decrypt_3des(blob, iv, pass->secret))
|
||||
{
|
||||
|
|
|
@ -491,7 +491,7 @@ RSA_encrypt(const RSA_public_key_t *key, chunk_t in)
|
|||
bool
|
||||
RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
|
||||
{
|
||||
chunk_t padded;
|
||||
chunk_t padded, plaintext;
|
||||
u_char *pos;
|
||||
mpz_t t1, t2;
|
||||
|
||||
|
@ -530,7 +530,7 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
|
|||
if ((*pos++ != 0x00) || (*(pos++) != 0x02))
|
||||
{
|
||||
plog("incorrect padding - probably wrong RSA key");
|
||||
freeanychunk(padded);
|
||||
chunk_clear(&padded);
|
||||
return FALSE;
|
||||
}
|
||||
padded.len -= 2;
|
||||
|
@ -541,12 +541,13 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
|
|||
if (padded.len == 0)
|
||||
{
|
||||
plog("no plaintext data");
|
||||
freeanychunk(padded);
|
||||
free(padded.ptr);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
clonetochunk(*out, pos, padded.len);
|
||||
freeanychunk(padded);
|
||||
plaintext = chunk_create(pos, padded.len);
|
||||
*out = chunk_clone(plaintext);
|
||||
chunk_clear(&padded);
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
|
|
@ -155,17 +155,17 @@ static char ASN1_pkcs7_encrypted_data_oid_str[] = {
|
|||
};
|
||||
|
||||
static const chunk_t ASN1_pkcs7_data_oid =
|
||||
strchunk(ASN1_pkcs7_data_oid_str);
|
||||
chunk_from_buf(ASN1_pkcs7_data_oid_str);
|
||||
static const chunk_t ASN1_pkcs7_signed_data_oid =
|
||||
strchunk(ASN1_pkcs7_signed_data_oid_str);
|
||||
chunk_from_buf(ASN1_pkcs7_signed_data_oid_str);
|
||||
static const chunk_t ASN1_pkcs7_enveloped_data_oid =
|
||||
strchunk(ASN1_pkcs7_enveloped_data_oid_str);
|
||||
chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str);
|
||||
static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid =
|
||||
strchunk(ASN1_pkcs7_signed_enveloped_data_oid_str);
|
||||
chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str);
|
||||
static const chunk_t ASN1_pkcs7_digested_data_oid =
|
||||
strchunk(ASN1_pkcs7_digested_data_oid_str);
|
||||
chunk_from_buf(ASN1_pkcs7_digested_data_oid_str);
|
||||
static const chunk_t ASN1_pkcs7_encrypted_data_oid =
|
||||
strchunk(ASN1_pkcs7_encrypted_data_oid_str);
|
||||
chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
|
||||
|
||||
/* 3DES and DES encryption OIDs */
|
||||
|
||||
|
@ -178,9 +178,9 @@ static u_char ASN1_des_cbc_oid_str[] = {
|
|||
};
|
||||
|
||||
static const chunk_t ASN1_3des_ede_cbc_oid =
|
||||
strchunk(ASN1_3des_ede_cbc_oid_str);
|
||||
chunk_from_buf(ASN1_3des_ede_cbc_oid_str);
|
||||
static const chunk_t ASN1_des_cbc_oid =
|
||||
strchunk(ASN1_des_cbc_oid_str);
|
||||
chunk_from_buf(ASN1_des_cbc_oid_str);
|
||||
|
||||
/* PKCS#7 attribute type OIDs */
|
||||
|
||||
|
@ -193,9 +193,9 @@ static u_char ASN1_messageDigest_oid_str[] = {
|
|||
};
|
||||
|
||||
static const chunk_t ASN1_contentType_oid =
|
||||
strchunk(ASN1_contentType_oid_str);
|
||||
chunk_from_buf(ASN1_contentType_oid_str);
|
||||
static const chunk_t ASN1_messageDigest_oid =
|
||||
strchunk(ASN1_messageDigest_oid_str);
|
||||
chunk_from_buf(ASN1_messageDigest_oid_str);
|
||||
|
||||
/*
|
||||
* Parse PKCS#7 ContentInfo object
|
||||
|
@ -283,11 +283,9 @@ pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
|
|||
case PKCS7_SIGNED_CERT:
|
||||
if (cert != NULL)
|
||||
{
|
||||
chunk_t cert_blob;
|
||||
|
||||
chunk_t cert_blob = chunk_clone(object);
|
||||
x509cert_t *newcert = malloc_thing(x509cert_t);
|
||||
|
||||
clonetochunk(cert_blob, object.ptr, object.len);
|
||||
*newcert = empty_x509cert;
|
||||
|
||||
DBG(DBG_CONTROL | DBG_PARSING,
|
||||
|
@ -431,7 +429,7 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
|
|||
)
|
||||
break;
|
||||
case PKCS7_SERIAL_NUMBER:
|
||||
if (!same_chunk(serialNumber, object))
|
||||
if (!chunk_equals(serialNumber, object))
|
||||
{
|
||||
plog("serial numbers do not match");
|
||||
goto failed;
|
||||
|
@ -561,11 +559,11 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
|
|||
}
|
||||
}
|
||||
}
|
||||
freeanychunk(symmetric_key);
|
||||
chunk_clear(&symmetric_key);
|
||||
return TRUE;
|
||||
|
||||
failed:
|
||||
freeanychunk(symmetric_key);
|
||||
chunk_clear(&symmetric_key);
|
||||
free(data->ptr);
|
||||
return FALSE;
|
||||
}
|
||||
|
@ -677,7 +675,7 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
|
|||
{
|
||||
encryptedDigest = pkcs1_build_signature(attributes, digest_alg
|
||||
, key, FALSE);
|
||||
clonetochunk(authenticatedAttributes, attributes.ptr, attributes.len);
|
||||
authenticatedAttributes = chunk_clone(attributes);
|
||||
*authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
|
||||
}
|
||||
else
|
||||
|
@ -712,8 +710,8 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
|
|||
DBG_dump_chunk("signedData:\n", cInfo)
|
||||
)
|
||||
|
||||
freeanychunk(pkcs7Data.content);
|
||||
freeanychunk(signedData.content);
|
||||
free(pkcs7Data.content.ptr);
|
||||
free(signedData.content.ptr);
|
||||
return cInfo;
|
||||
}
|
||||
|
||||
|
@ -853,7 +851,7 @@ pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher)
|
|||
)
|
||||
|
||||
free_RSA_public_content(&public_key);
|
||||
freeanychunk(envelopedData.content);
|
||||
free(envelopedData.content.ptr);
|
||||
return cInfo;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1479,9 +1479,12 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen
|
|||
|
||||
memcpy(out, cipher_text.ptr, cipher_text.len);
|
||||
*outlen = cipher_text.len;
|
||||
freeanychunk(cipher_text);
|
||||
free(cipher_text.ptr);
|
||||
|
||||
if (!pkcs11_keep_state)
|
||||
{
|
||||
scx_release_context(sc);
|
||||
}
|
||||
return TRUE;
|
||||
}
|
||||
else
|
||||
|
@ -1759,7 +1762,8 @@ scx_get_pin(smartcard_t *sc, int whackfd)
|
|||
/* verify the pin */
|
||||
if (scx_verify_pin(sc))
|
||||
{
|
||||
clonetochunk(sc->pin, pin, strlen(pin));
|
||||
sc->pin = chunk_create(pin, strlen(pin));
|
||||
sc->pin = chunk_clone(sc->pin);
|
||||
break;
|
||||
}
|
||||
|
||||
|
|
|
@ -537,16 +537,10 @@ duplicate_state(struct state *st)
|
|||
nst->st_clonedfrom = st->st_serialno;
|
||||
nst->st_oakley = st->st_oakley;
|
||||
nst->st_modecfg = st->st_modecfg;
|
||||
|
||||
# define clone_chunk(ch) \
|
||||
clonetochunk(nst->ch, st->ch.ptr, st->ch.len)
|
||||
|
||||
clone_chunk(st_skeyid_d);
|
||||
clone_chunk(st_skeyid_a);
|
||||
clone_chunk(st_skeyid_e);
|
||||
clone_chunk(st_enc_key);
|
||||
|
||||
# undef clone_chunk
|
||||
nst->st_skeyid_d = chunk_clone(st->st_skeyid_d);
|
||||
nst->st_skeyid_a = chunk_clone(st->st_skeyid_a);
|
||||
nst->st_skeyid_e = chunk_clone(st->st_skeyid_e);
|
||||
nst->st_enc_key = chunk_clone(st->st_enc_key);
|
||||
|
||||
return nst;
|
||||
}
|
||||
|
|
|
@ -394,7 +394,7 @@ static u_char ASN1_subjectAltName_oid_str[] = {
|
|||
0x06, 0x03, 0x55, 0x1D, 0x11
|
||||
};
|
||||
|
||||
static const chunk_t ASN1_subjectAltName_oid = strchunk(ASN1_subjectAltName_oid_str);
|
||||
static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
|
||||
|
||||
static void
|
||||
update_chunk(chunk_t *ch, int n)
|
||||
|
@ -987,7 +987,7 @@ match_dn(chunk_t a, chunk_t b, int *wildcards)
|
|||
bool
|
||||
same_x509cert(const x509cert_t *a, const x509cert_t *b)
|
||||
{
|
||||
return same_chunk(a->signature, b->signature);
|
||||
return chunk_equals(a->signature, b->signature);
|
||||
}
|
||||
|
||||
/* for each link pointing to the certificate
|
||||
|
@ -1083,7 +1083,7 @@ same_keyid(chunk_t a, chunk_t b)
|
|||
{
|
||||
return FALSE;
|
||||
}
|
||||
return same_chunk(a, b);
|
||||
return chunk_equals(a, b);
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1097,7 +1097,7 @@ same_serial(chunk_t a, chunk_t b)
|
|||
{
|
||||
return TRUE;
|
||||
}
|
||||
return same_chunk(a, b);
|
||||
return chunk_equals(a, b);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -43,13 +43,13 @@ static u_char ASN1_challengePassword_oid_str[] = {
|
|||
0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07
|
||||
};
|
||||
|
||||
static const chunk_t ASN1_challengePassword_oid = strchunk(ASN1_challengePassword_oid_str);
|
||||
static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str);
|
||||
|
||||
static u_char ASN1_extensionRequest_oid_str[] = {
|
||||
0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E
|
||||
};
|
||||
|
||||
static const chunk_t ASN1_extensionRequest_oid = strchunk(ASN1_extensionRequest_oid_str);
|
||||
static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str);
|
||||
|
||||
/**
|
||||
* @brief Adds a subjectAltName in DER-coded form to a linked list
|
||||
|
@ -214,7 +214,7 @@ pkcs10_free(pkcs10_t *pkcs10)
|
|||
{
|
||||
if (pkcs10 != NULL)
|
||||
{
|
||||
freeanychunk(pkcs10->request);
|
||||
free(pkcs10->request.ptr);
|
||||
free(pkcs10);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -321,10 +321,12 @@ generate_rsa_private_key(int nbits, RSA_private_key_t *key)
|
|||
size_t n_len = (mpz_sizeinbase(n,2)+BITS_PER_BYTE-1)/BITS_PER_BYTE;
|
||||
chunk_t e_ch = mpz_to_n(e, e_len);
|
||||
chunk_t n_ch = mpz_to_n(n, n_len);
|
||||
|
||||
form_keyid(e_ch, n_ch, key->pub.keyid, &key->pub.k);
|
||||
freeanychunk(e_ch);
|
||||
freeanychunk(n_ch);
|
||||
free(e_ch.ptr);
|
||||
free(n_ch.ptr);
|
||||
}
|
||||
|
||||
/* fill in the elements of the RSA private key */
|
||||
key->p = *p;
|
||||
key->q = *q;
|
||||
|
|
|
@ -53,11 +53,11 @@ static char ASN1_transId_oid_str[] = {
|
|||
};
|
||||
|
||||
static const chunk_t ASN1_messageType_oid =
|
||||
strchunk(ASN1_messageType_oid_str);
|
||||
chunk_from_buf(ASN1_messageType_oid_str);
|
||||
static const chunk_t ASN1_senderNonce_oid =
|
||||
strchunk(ASN1_senderNonce_oid_str);
|
||||
chunk_from_buf(ASN1_senderNonce_oid_str);
|
||||
static const chunk_t ASN1_transId_oid =
|
||||
strchunk(ASN1_transId_oid_str);
|
||||
chunk_from_buf(ASN1_transId_oid_str);
|
||||
|
||||
static const char *pkiStatus_values[] = { "0", "2", "3" };
|
||||
|
||||
|
@ -395,8 +395,8 @@ scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg
|
|||
|
||||
request = pkcs7_build_signedData(envelopedData, attributes
|
||||
, signer_cert, digest_alg, private_key);
|
||||
freeanychunk(envelopedData);
|
||||
freeanychunk(attributes);
|
||||
free(envelopedData.ptr);
|
||||
free(attributes.ptr);
|
||||
return request;
|
||||
}
|
||||
|
||||
|
@ -590,7 +590,7 @@ scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data
|
|||
{
|
||||
return "error parsing the scep response attributes";
|
||||
}
|
||||
if (!same_chunk(transID, attrs->transID))
|
||||
if (!chunk_equals(transID, attrs->transID))
|
||||
{
|
||||
return "transaction ID of scep response does not match";
|
||||
}
|
||||
|
|
|
@ -148,21 +148,21 @@ exit_scepclient(err_t message, ...)
|
|||
free_RSA_private_content(private_key);
|
||||
free(private_key);
|
||||
}
|
||||
freeanychunk(pkcs1);
|
||||
freeanychunk(pkcs7);
|
||||
freeanychunk(subject);
|
||||
freeanychunk(serialNumber);
|
||||
freeanychunk(transID);
|
||||
freeanychunk(fingerprint);
|
||||
freeanychunk(issuerAndSubject);
|
||||
freeanychunk(getCertInitial);
|
||||
if (scep_response.ptr != NULL)
|
||||
free(pkcs1.ptr);
|
||||
free(pkcs7.ptr);
|
||||
free(subject.ptr);
|
||||
free(serialNumber.ptr);
|
||||
free(transID.ptr);
|
||||
free(fingerprint.ptr);
|
||||
free(issuerAndSubject.ptr);
|
||||
free(getCertInitial.ptr);
|
||||
free(scep_response.ptr);
|
||||
|
||||
free_generalNames(subjectAltNames, TRUE);
|
||||
if (x509_signer != NULL)
|
||||
{
|
||||
x509_signer->subjectAltName = NULL;
|
||||
|
||||
}
|
||||
free_x509cert(x509_signer);
|
||||
free_x509cert(x509_ca_enc);
|
||||
free_x509cert(x509_ca_sig);
|
||||
|
@ -801,7 +801,7 @@ int main(int argc, char **argv)
|
|||
exit_scepclient(ugh);
|
||||
}
|
||||
|
||||
clonetochunk(subject, dn.ptr, dn.len);
|
||||
subject = chunk_clone(dn);
|
||||
|
||||
DBG(DBG_CONTROL,
|
||||
DBG_log("building pkcs10 object:")
|
||||
|
@ -1007,7 +1007,7 @@ int main(int argc, char **argv)
|
|||
DBG_log("transaction ID: %.*s", (int)transID.len, transID.ptr)
|
||||
)
|
||||
|
||||
freeanychunk(getCertInitial);
|
||||
chunk_free(&getCertInitial);
|
||||
getCertInitial = scep_build_request(issuerAndSubject
|
||||
, transID, SCEP_GetCertInitial_MSG
|
||||
, x509_ca_enc, pkcs7_symmetric_cipher
|
||||
|
@ -1047,7 +1047,7 @@ int main(int argc, char **argv)
|
|||
{
|
||||
exit_scepclient("error parsing the scep response");
|
||||
}
|
||||
freeanychunk(certData);
|
||||
chunk_free(&certData);
|
||||
|
||||
/* store the end entity certificate */
|
||||
path = concatenate_paths(HOST_CERT_PATH, file_out_cert);
|
||||
|
|
Loading…
Reference in New Issue