Imported Upstream version 5.0.1

author: Yves-Alexis Perez <corsac@debian.org> 2013-01-02 14:18:20 +0100
committer: Yves-Alexis Perez <corsac@debian.org> 2013-01-02 14:18:20 +0100
commit: c1343b3278cdf99533b7902744d15969f9d6fdc1 (patch)
tree: d5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /src/libstrongswan/plugins/pkcs8
parent: b34738ed08c2227300d554b139e2495ca5da97d6 (diff)
download: vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz
vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip
2 files changed, 54 insertions, 20 deletions
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index 2b9c6cf95..60d7ae643 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -49,6 +49,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \
 am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
 	$(ACLOCAL_M4)
 mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = $(top_builddir)/config.h
 CONFIG_CLEAN_FILES =
 CONFIG_CLEAN_VPATH_FILES =
 am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
@@ -83,7 +84,7 @@ libstrongswan_pkcs8_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
 @MONOLITHIC_FALSE@am_libstrongswan_pkcs8_la_rpath = -rpath \
 @MONOLITHIC_FALSE@	$(plugindir)
 @MONOLITHIC_TRUE@am_libstrongswan_pkcs8_la_rpath =
-DEFAULT_INCLUDES = -I.@am__isrc@
+DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)
 depcomp = $(SHELL) $(top_srcdir)/depcomp
 am__depfiles_maybe = depfiles
 am__mv = mv -f
@@ -109,6 +110,7 @@ AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BFDLIB = @BFDLIB@
 BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
@@ -203,11 +205,14 @@ build_os = @build_os@
 build_vendor = @build_vendor@
 builddir = @builddir@
 c_plugins = @c_plugins@
+charon_natt_port = @charon_natt_port@
+charon_plugins = @charon_plugins@
+charon_udp_port = @charon_udp_port@
 clearsilver_LIBS = @clearsilver_LIBS@
 datadir = @datadir@
 datarootdir = @datarootdir@
 dbusservicedir = @dbusservicedir@
-default_pkcs11 = @default_pkcs11@
+dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
@@ -224,11 +229,12 @@ imcvdir = @imcvdir@
 includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
+ipsec_script = @ipsec_script@
+ipsec_script_upper = @ipsec_script_upper@
 ipsecdir = @ipsecdir@
 ipsecgroup = @ipsecgroup@
 ipseclibdir = @ipseclibdir@
 ipsecuser = @ipsecuser@
-libcharon_plugins = @libcharon_plugins@
 libdir = @libdir@
 libexecdir = @libexecdir@
 linux_headers = @linux_headers@
@@ -244,6 +250,7 @@ mkdir_p = @mkdir_p@
 nm_CFLAGS = @nm_CFLAGS@
 nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
+nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
 openac_plugins = @openac_plugins@
 p_plugins = @p_plugins@
@@ -253,7 +260,6 @@ pdfdir = @pdfdir@
 piddir = @piddir@
 pki_plugins = @pki_plugins@
 plugindir = @plugindir@
-pluto_plugins = @pluto_plugins@
 pool_plugins = @pool_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
diff --git a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
index 346240ae1..a501423b1 100644
--- a/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
+++ b/src/libstrongswan/plugins/pkcs8/pkcs8_builder.c
@@ -126,7 +126,7 @@ static bool verify_padding(chunk_t *blob)
 /**
  * Prototype for key derivation functions.
  */
-typedef void (*kdf_t)(void *generator, chunk_t password, chunk_t salt,
+typedef bool (*kdf_t)(void *generator, chunk_t password, chunk_t salt,
 					  u_int64_t iterations, chunk_t key);
 
 /**
@@ -164,10 +164,15 @@ static private_key_t *decrypt_private_key(chunk_t blob,
 	{
 		chunk_t decrypted;
 
-		kdf(generator, shared->get_key(shared), salt, iterations, keymat);
-
-		crypter->set_key(crypter, key);
-		crypter->decrypt(crypter, blob, iv, &decrypted);
+		if (!kdf(generator, shared->get_key(shared), salt, iterations, keymat))
+		{
+			continue;
+		}
+		if (!crypter->set_key(crypter, key) ||
+			!crypter->decrypt(crypter, blob, iv, &decrypted))
+		{
+			continue;
+		}
 		if (verify_padding(&decrypted))
 		{
 			private_key = parse_private_key(decrypted);
@@ -188,34 +193,44 @@ static private_key_t *decrypt_private_key(chunk_t blob,
 /**
  * Function F of PBKDF2
  */
-static void pbkdf2_f(chunk_t block, prf_t *prf, chunk_t seed,
+static bool pbkdf2_f(chunk_t block, prf_t *prf, chunk_t seed,
 					 u_int64_t iterations)
 {
 	chunk_t u;
 	u_int64_t i;
 
 	u = chunk_alloca(prf->get_block_size(prf));
-	prf->get_bytes(prf, seed, u.ptr);
+	if (!prf->get_bytes(prf, seed, u.ptr))
+	{
+		return FALSE;
+	}
 	memcpy(block.ptr, u.ptr, block.len);
 
 	for (i = 1; i < iterations; i++)
 	{
-		prf->get_bytes(prf, u, u.ptr);
+		if (!prf->get_bytes(prf, u, u.ptr))
+		{
+			return FALSE;
+		}
 		memxor(block.ptr, u.ptr, block.len);
 	}
+	return TRUE;
 }
 
 /**
  * PBKDF2 key derivation function
  */
-static void pbkdf2(prf_t *prf, chunk_t password, chunk_t salt,
+static bool pbkdf2(prf_t *prf, chunk_t password, chunk_t salt,
 				   u_int64_t iterations, chunk_t key)
 {
 	chunk_t keymat, block, seed;
 	size_t blocks;
 	u_int32_t i = 0, *ni;
 
-	prf->set_key(prf, password);
+	if (!prf->set_key(prf, password))
+	{
+		return FALSE;
+	}
 
 	block.len = prf->get_block_size(prf);
 	blocks = (key.len - 1) / block.len + 1;
@@ -228,10 +243,15 @@ static void pbkdf2(prf_t *prf, chunk_t password, chunk_t salt,
 	{
 		*ni = htonl(i + 1);
 		block.ptr = keymat.ptr + (i * block.len);
-		pbkdf2_f(block, prf, seed, iterations);
+		if (!pbkdf2_f(block, prf, seed, iterations))
+		{
+			return FALSE;
+		}
 	}
 
 	memcpy(key.ptr, keymat.ptr, key.len);
+
+	return TRUE;
 }
 
 /**
@@ -266,22 +286,30 @@ static private_key_t *decrypt_private_key_pbes2(chunk_t blob,
 /**
  * PBKDF1 key derivation function
  */
-static void pbkdf1(hasher_t *hasher, chunk_t password, chunk_t salt,
+static bool pbkdf1(hasher_t *hasher, chunk_t password, chunk_t salt,
 				   u_int64_t iterations, chunk_t key)
 {
 	chunk_t hash;
 	u_int64_t i;
 
 	hash = chunk_alloca(hasher->get_hash_size(hasher));
-	hasher->get_hash(hasher, password, NULL);
-	hasher->get_hash(hasher, salt, hash.ptr);
+	if (!hasher->get_hash(hasher, password, NULL) ||
+		!hasher->get_hash(hasher, salt, hash.ptr))
+	{
+		return FALSE;
+	}
 
 	for (i = 1; i < iterations; i++)
 	{
-		hasher->get_hash(hasher, hash, hash.ptr);
+		if (!hasher->get_hash(hasher, hash, hash.ptr))
+		{
+			return FALSE;
+		}
 	}
 
 	memcpy(key.ptr, hash.ptr, key.len);
+
+	return TRUE;
 }
 
 /**
@@ -535,7 +563,7 @@ static const asn1Object_t encryptedPKIObjects[] = {
 static private_key_t *parse_encrypted_private_key(chunk_t blob)
 {
 	asn1_parser_t *parser;
-	chunk_t object, params, salt, iv;
+	chunk_t object, params, salt = chunk_empty, iv = chunk_empty;
 	u_int64_t iterations = 0;
 	int objectID;
 	encryption_algorithm_t encr = ENCR_UNDEFINED;
author	Yves-Alexis Perez <corsac@debian.org>	2013-01-02 14:18:20 +0100
committer	Yves-Alexis Perez <corsac@debian.org>	2013-01-02 14:18:20 +0100
commit	c1343b3278cdf99533b7902744d15969f9d6fdc1 (patch)
tree	d5ed3dc5677a59260ec41cd39bb284d3e94c91b3 /src/libstrongswan/plugins/pkcs8
parent	b34738ed08c2227300d554b139e2495ca5da97d6 (diff)
download	vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.tar.gz vyos-strongswan-c1343b3278cdf99533b7902744d15969f9d6fdc1.zip