New upstream version 5.5.3

6 files changed, 188 insertions, 163 deletions

diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
index 8393d5b18..1cd4b9d03 100644
--- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
+++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c
@@ -112,15 +112,15 @@ static bool fetch_cert(wrapper_enumerator_t *enumerator,
 	return TRUE;
 }
 
-/**
- * enumerate function for wrapper_enumerator_t
- */
-static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
+METHOD(enumerator_t, enumerate, bool,
+	wrapper_enumerator_t *this, va_list args)
 {
 	auth_rule_t rule;
-	certificate_t *current;
+	certificate_t *current, **cert;
 	public_key_t *public;
 
+	VA_ARGS_VGET(args, cert);
+
 	while (this->inner->enumerate(this->inner, &rule, &current))
 	{
 		if (rule == AUTH_HELPER_IM_HASH_URL ||
@@ -164,10 +164,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
 	return FALSE;
 }
 
-/**
- * destroy function for wrapper_enumerator_t
- */
-static void wrapper_enumerator_destroy(wrapper_enumerator_t *this)
+METHOD(enumerator_t, wrapper_enumerator_destroy, void,
+	wrapper_enumerator_t *this)
 {
 	this->inner->destroy(this->inner);
 	free(this);
@@ -183,14 +181,18 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*,
 	{
 		return NULL;
 	}
-	enumerator = malloc_thing(wrapper_enumerator_t);
-	enumerator->auth = this->auth;
-	enumerator->cert = cert;
-	enumerator->key = key;
-	enumerator->id = id;
-	enumerator->inner = this->auth->create_enumerator(this->auth);
-	enumerator->public.enumerate = (void*)enumerate;
-	enumerator->public.destroy = (void*)wrapper_enumerator_destroy;
+	INIT(enumerator,
+		.public = {
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _enumerate,
+			.destroy = _wrapper_enumerator_destroy,
+		},
+		.auth = this->auth,
+		.cert = cert,
+		.key = key,
+		.id = id,
+		.inner = this->auth->create_enumerator(this->auth),
+	);
 	return &enumerator->public;
 }
 
diff --git a/src/libstrongswan/credentials/sets/callback_cred.c b/src/libstrongswan/credentials/sets/callback_cred.c
index bff33f029..0d72452da 100644
--- a/src/libstrongswan/credentials/sets/callback_cred.c
+++ b/src/libstrongswan/credentials/sets/callback_cred.c
@@ -60,9 +60,12 @@ typedef struct {
 } shared_enumerator_t;
 
 METHOD(enumerator_t, shared_enumerate, bool,
-	shared_enumerator_t *this, shared_key_t **out,
-	id_match_t *match_me, id_match_t *match_other)
+	shared_enumerator_t *this, va_list args)
 {
+	shared_key_t **out;
+	id_match_t *match_me, *match_other;
+
+	VA_ARGS_VGET(args, out, match_me, match_other);
 	DESTROY_IF(this->current);
 	this->current = this->this->cb.shared(this->this->data, this->type,
 								this->me, this->other, match_me, match_other);
@@ -89,7 +92,8 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 
 	INIT(enumerator,
 		.public = {
-			.enumerate = (void*)_shared_enumerate,
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _shared_enumerate,
 			.destroy = _shared_destroy,
 		},
 		.this = this,
diff --git a/src/libstrongswan/credentials/sets/cert_cache.c b/src/libstrongswan/credentials/sets/cert_cache.c
index 24fdb194b..92d5efdc6 100644
--- a/src/libstrongswan/credentials/sets/cert_cache.c
+++ b/src/libstrongswan/credentials/sets/cert_cache.c
@@ -252,13 +252,14 @@ typedef struct {
 	int locked;
 } cert_enumerator_t;
 
-/**
- * filter function for certs enumerator
- */
-static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
+METHOD(enumerator_t, cert_enumerate, bool,
+	cert_enumerator_t *this, va_list args)
 {
 	public_key_t *public;
 	relation_t *rel;
+	certificate_t **out;
+
+	VA_ARGS_VGET(args, out);
 
 	if (this->locked >= 0)
 	{
@@ -311,10 +312,8 @@ static bool cert_enumerate(cert_enumerator_t *this, certificate_t **out)
 	return FALSE;
 }
 
-/**
- * clean up enumeration data
- */
-static void cert_enumerator_destroy(cert_enumerator_t *this)
+METHOD(enumerator_t, cert_enumerator_destroy, void,
+	cert_enumerator_t *this)
 {
 	relation_t *rel;
 
@@ -336,16 +335,19 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*,
 	{
 		return NULL;
 	}
-	enumerator = malloc_thing(cert_enumerator_t);
-	enumerator->public.enumerate = (void*)cert_enumerate;
-	enumerator->public.destroy = (void*)cert_enumerator_destroy;
-	enumerator->cert = cert;
-	enumerator->key = key;
-	enumerator->id = id;
-	enumerator->relations = this->relations;
-	enumerator->index = -1;
-	enumerator->locked = -1;
-
+	INIT(enumerator,
+		.public = {
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _cert_enumerate,
+			.destroy = _cert_enumerator_destroy,
+		},
+		.cert = cert,
+		.key = key,
+		.id = id,
+		.relations = this->relations,
+		.index = -1,
+		.locked = -1,
+	);
 	return &enumerator->public;
 }
 
diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c
index 53e035f98..4d594e439 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.c
+++ b/src/libstrongswan/credentials/sets/mem_cred.c
@@ -74,25 +74,27 @@ typedef struct {
 	identification_t *id;
 } cert_data_t;
 
-/**
- * destroy cert_data
- */
-static void cert_data_destroy(cert_data_t *data)
+CALLBACK(cert_data_destroy, void,
+	cert_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
 
-/**
- * filter function for certs enumerator
- */
-static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **out)
+CALLBACK(certs_filter, bool,
+	cert_data_t *data, enumerator_t *orig, va_list args)
 {
 	public_key_t *public;
-	certificate_t *cert = *in;
+	certificate_t *cert, **out;
+
+	VA_ARGS_VGET(args, out);
 
-	if (data->cert == CERT_ANY || data->cert == cert->get_type(cert))
+	while (orig->enumerate(orig, &cert))
 	{
+		if (data->cert != CERT_ANY && data->cert != cert->get_type(cert))
+		{
+			continue;
+		}
 		public = cert->get_public_key(cert);
 		if (public)
 		{
@@ -102,7 +104,7 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **
 											data->id->get_encoding(data->id)))
 				{
 					public->destroy(public);
-					*out = *in;
+					*out = cert;
 					return TRUE;
 				}
 			}
@@ -110,11 +112,11 @@ static bool certs_filter(cert_data_t *data, certificate_t **in, certificate_t **
 		}
 		else if (data->key != KEY_ANY)
 		{
-			return FALSE;
+			continue;
 		}
-		if (data->id == NULL || cert->has_subject(cert, data->id))
+		if (!data->id || cert->has_subject(cert, data->id))
 		{
-			*out = *in;
+			*out = cert;
 			return TRUE;
 		}
 	}
@@ -143,12 +145,16 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*,
 	{
 		enumerator = this->untrusted->create_enumerator(this->untrusted);
 	}
-	return enumerator_create_filter(enumerator, (void*)certs_filter, data,
-									(void*)cert_data_destroy);
+	return enumerator_create_filter(enumerator, certs_filter, data,
+									cert_data_destroy);
 }
 
-static bool certificate_equals(certificate_t *item, certificate_t *cert)
+CALLBACK(certificate_equals, bool,
+	certificate_t *item, va_list args)
 {
+	certificate_t *cert;
+
+	VA_ARGS_VGET(args, cert);
 	return item->equals(item, cert);
 }
 
@@ -161,9 +167,8 @@ static certificate_t *add_cert_internal(private_mem_cred_t *this, bool trusted,
 {
 	certificate_t *cached;
 	this->lock->write_lock(this->lock);
-	if (this->untrusted->find_first(this->untrusted,
-									(linked_list_match_t)certificate_equals,
-									(void**)&cached, cert) == SUCCESS)
+	if (this->untrusted->find_first(this->untrusted, certificate_equals,
+									(void**)&cached, cert))
 	{
 		cert->destroy(cert);
 		cert = cached->get_ref(cached);
@@ -199,9 +204,8 @@ METHOD(mem_cred_t, get_cert_ref, certificate_t*,
 	certificate_t *cached;
 
 	this->lock->read_lock(this->lock);
-	if (this->untrusted->find_first(this->untrusted,
-									(linked_list_match_t)certificate_equals,
-									(void**)&cached, cert) == SUCCESS)
+	if (this->untrusted->find_first(this->untrusted, certificate_equals,
+									(void**)&cached, cert))
 	{
 		cert->destroy(cert);
 		cert = cached->get_ref(cached);
@@ -301,30 +305,30 @@ typedef struct {
 	identification_t *id;
 } key_data_t;
 
-/**
- * Destroy key enumerator data
- */
-static void key_data_destroy(key_data_t *data)
+CALLBACK(key_data_destroy, void,
+	key_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
 
-/**
- * filter function for private key enumerator
- */
-static bool key_filter(key_data_t *data, private_key_t **in, private_key_t **out)
+CALLBACK(key_filter, bool,
+	key_data_t *data, enumerator_t *orig, va_list args)
 {
-	private_key_t *key;
+	private_key_t *key, **out;
+
+	VA_ARGS_VGET(args, out);
 
-	key = *in;
-	if (data->type == KEY_ANY || data->type == key->get_type(key))
+	while (orig->enumerate(orig, &key))
 	{
-		if (data->id == NULL ||
-			key->has_fingerprint(key, data->id->get_encoding(data->id)))
+		if (data->type == KEY_ANY || data->type == key->get_type(key))
 		{
-			*out = key;
-			return TRUE;
+			if (data->id == NULL ||
+				key->has_fingerprint(key, data->id->get_encoding(data->id)))
+			{
+				*out = key;
+				return TRUE;
+			}
 		}
 	}
 	return FALSE;
@@ -342,7 +346,7 @@ METHOD(credential_set_t, create_private_enumerator, enumerator_t*,
 	);
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->keys->create_enumerator(this->keys),
-							(void*)key_filter, data, (void*)key_data_destroy);
+									key_filter, data, key_data_destroy);
 }
 
 METHOD(mem_cred_t, add_key, void,
@@ -468,10 +472,8 @@ typedef struct {
 	shared_key_type_t type;
 } shared_data_t;
 
-/**
- * free shared key enumerator data and unlock list
- */
-static void shared_data_destroy(shared_data_t *data)
+CALLBACK(shared_data_destroy, void,
+	shared_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
@@ -499,44 +501,47 @@ static id_match_t has_owner(shared_entry_t *entry, identification_t *owner)
 	return best;
 }
 
-/**
- * enumerator filter function for shared entries
- */
-static bool shared_filter(shared_data_t *data,
-						  shared_entry_t **in, shared_key_t **out,
-						  void **unused1, id_match_t *me,
-						  void **unused2, id_match_t *other)
+CALLBACK(shared_filter, bool,
+	shared_data_t *data, enumerator_t *orig, va_list args)
 {
 	id_match_t my_match = ID_MATCH_NONE, other_match = ID_MATCH_NONE;
-	shared_entry_t *entry = *in;
+	shared_entry_t *entry;
+	shared_key_t **out;
+	id_match_t *me, *other;
 
-	if (data->type != SHARED_ANY &&
-		entry->shared->get_type(entry->shared) != data->type)
-	{
-		return FALSE;
-	}
-	if (data->me)
-	{
-		my_match = has_owner(entry, data->me);
-	}
-	if (data->other)
-	{
-		other_match = has_owner(entry, data->other);
-	}
-	if ((data->me || data->other) && (!my_match && !other_match))
-	{
-		return FALSE;
-	}
-	*out = entry->shared;
-	if (me)
-	{
-		*me = my_match;
-	}
-	if (other)
+	VA_ARGS_VGET(args, out, me, other);
+
+	while (orig->enumerate(orig, &entry))
 	{
-		*other = other_match;
+		if (data->type != SHARED_ANY &&
+			entry->shared->get_type(entry->shared) != data->type)
+		{
+			continue;
+		}
+		if (data->me)
+		{
+			my_match = has_owner(entry, data->me);
+		}
+		if (data->other)
+		{
+			other_match = has_owner(entry, data->other);
+		}
+		if ((data->me || data->other) && (!my_match && !other_match))
+		{
+			continue;
+		}
+		*out = entry->shared;
+		if (me)
+		{
+			*me = my_match;
+		}
+		if (other)
+		{
+			*other = other_match;
+		}
+		return TRUE;
 	}
-	return TRUE;
+	return FALSE;
 }
 
 METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
@@ -554,7 +559,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
 	data->lock->read_lock(data->lock);
 	return enumerator_create_filter(
 						this->shared->create_enumerator(this->shared),
-						(void*)shared_filter, data, (void*)shared_data_destroy);
+						shared_filter, data, shared_data_destroy);
 }
 
 METHOD(mem_cred_t, add_shared_unique, void,
@@ -648,23 +653,27 @@ METHOD(mem_cred_t, remove_shared_unique, void,
 	this->lock->unlock(this->lock);
 }
 
-/**
- * Filter unique ids of shared keys (ingore secrets without unique id)
- */
-static bool unique_filter(void *unused,
-						  shared_entry_t **in, char **id)
+CALLBACK(unique_filter, bool,
+	void *unused, enumerator_t *orig, va_list args)
 {
-	shared_entry_t *entry = *in;
+	shared_entry_t *entry;
+	char **id;
 
-	if (!entry->id)
-	{
-		return FALSE;
-	}
-	if (id)
+	VA_ARGS_VGET(args, id);
+
+	while (orig->enumerate(orig, &entry))
 	{
-		*id = entry->id;
+		if (!entry->id)
+		{
+			continue;
+		}
+		if (id)
+		{
+			*id = entry->id;
+		}
+		return TRUE;
 	}
-	return TRUE;
+	return FALSE;
 }
 
 METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*,
@@ -673,7 +682,7 @@ METHOD(mem_cred_t, create_unique_shared_enumerator, enumerator_t*,
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(
 								this->shared->create_enumerator(this->shared),
-								(void*)unique_filter, this->lock,
+								unique_filter, this->lock,
 								(void*)this->lock->unlock);
 }
 
@@ -721,30 +730,35 @@ typedef struct {
 	rwlock_t *lock;
 } cdp_data_t;
 
-/**
- * Clean up CDP enumerator data
- */
-static void cdp_data_destroy(cdp_data_t *data)
+CALLBACK(cdp_data_destroy, void,
+	cdp_data_t *data)
 {
 	data->lock->unlock(data->lock);
 	free(data);
 }
 
-/**
- * CDP enumerator filter
- */
-static bool cdp_filter(cdp_data_t *data, cdp_t **cdp, char **uri)
+CALLBACK(cdp_filter, bool,
+	cdp_data_t *data, enumerator_t *orig, va_list args)
 {
-	if (data->type != CERT_ANY && data->type != (*cdp)->type)
-	{
-		return FALSE;
-	}
-	if (data->id && !(*cdp)->id->matches((*cdp)->id, data->id))
+	cdp_t *cdp;
+	char **uri;
+
+	VA_ARGS_VGET(args, uri);
+
+	while (orig->enumerate(orig, &cdp))
 	{
-		return FALSE;
+		if (data->type != CERT_ANY && data->type != cdp->type)
+		{
+			continue;
+		}
+		if (data->id && !cdp->id->matches(cdp->id, data->id))
+		{
+			continue;
+		}
+		*uri = cdp->uri;
+		return TRUE;
 	}
-	*uri = (*cdp)->uri;
-	return TRUE;
+	return FALSE;
 }
 
 METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
@@ -759,7 +773,7 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*,
 	);
 	this->lock->read_lock(this->lock);
 	return enumerator_create_filter(this->cdps->create_enumerator(this->cdps),
-							(void*)cdp_filter, data, (void*)cdp_data_destroy);
+									cdp_filter, data, cdp_data_destroy);
 
 }
 
diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h
index 135515260..f55c3ccdf 100644
--- a/src/libstrongswan/credentials/sets/mem_cred.h
+++ b/src/libstrongswan/credentials/sets/mem_cred.h
@@ -62,7 +62,7 @@ struct mem_cred_t {
 	/**
 	 * Get an existing reference to the same certificate.
 	 *
-	 * Searches for the same certficate in the set, and returns a reference
+	 * Searches for the same certificate in the set, and returns a reference
 	 * to it, destroying the passed certificate. If the passed certificate
 	 * is not found, it is just returned.
 	 *
diff --git a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
index 151d69216..12d3f8156 100644
--- a/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
+++ b/src/libstrongswan/credentials/sets/ocsp_response_wrapper.c
@@ -49,14 +49,15 @@ typedef struct {
 	identification_t *id;
 } wrapper_enumerator_t;
 
-/**
- * enumerate function wrapper_enumerator_t
- */
-static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
+METHOD(enumerator_t, enumerate, bool,
+	wrapper_enumerator_t *this, va_list args)
 {
-	certificate_t *current;
+	certificate_t *current, **cert;
 	public_key_t *public;
 
+
+	VA_ARGS_VGET(args, cert);
+
 	while (this->inner->enumerate(this->inner, &current))
 	{
 		if (this->cert != CERT_ANY && this->cert != current->get_type(current))
@@ -85,10 +86,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert)
 	return FALSE;
 }
 
-/**
- * destroy function for wrapper_enumerator_t
- */
-static void enumerator_destroy(wrapper_enumerator_t *this)
+METHOD(enumerator_t, enumerator_destroy, void,
+	wrapper_enumerator_t *this)
 {
 	this->inner->destroy(this->inner);
 	free(this);
@@ -105,13 +104,17 @@ METHOD(credential_set_t, create_enumerator, enumerator_t*,
 		return NULL;
 	}
 
-	enumerator = malloc_thing(wrapper_enumerator_t);
-	enumerator->cert = cert;
-	enumerator->key = key;
-	enumerator->id = id;
-	enumerator->inner = this->response->create_cert_enumerator(this->response);
-	enumerator->public.enumerate = (void*)enumerate;
-	enumerator->public.destroy = (void*)enumerator_destroy;
+	INIT(enumerator,
+		.public = {
+			.enumerate = enumerator_enumerate_default,
+			.venumerate = _enumerate,
+			.destroy = _enumerator_destroy,
+		},
+		.cert = cert,
+		.key = key,
+		.id = id,
+		.inner = this->response->create_cert_enumerator(this->response),
+	);
 	return &enumerator->public;
 }