diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-07-04 23:47:20 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2007-07-04 23:47:20 +0000 |
commit | 7b0305f59ddab9ea026b202a8c569912e5bf9a90 (patch) | |
tree | 131d39a22cf97e9e8c6da58ddefabc8138a731c2 /src/libstrongswan | |
parent | 08ee5250bd9c43fda5f24d10b791ca2c4c17fcee (diff) | |
download | vyos-strongswan-7b0305f59ddab9ea026b202a8c569912e5bf9a90.tar.gz vyos-strongswan-7b0305f59ddab9ea026b202a8c569912e5bf9a90.zip |
[svn-upgrade] Integrating new upstream version, strongswan (4.1.4)
Diffstat (limited to 'src/libstrongswan')
-rw-r--r-- | src/libstrongswan/Makefile.in | 1 | ||||
-rw-r--r-- | src/libstrongswan/asn1/oid.c | 265 | ||||
-rw-r--r-- | src/libstrongswan/asn1/oid.h | 102 | ||||
-rw-r--r-- | src/libstrongswan/asn1/oid.txt | 5 | ||||
-rwxr-xr-x | src/libstrongswan/asn1/pem.c | 2 | ||||
-rw-r--r-- | src/libstrongswan/crypto/ca.c | 12 | ||||
-rw-r--r-- | src/libstrongswan/crypto/crypters/des_crypter.c | 5 | ||||
-rw-r--r-- | src/libstrongswan/utils/identification.c | 28 | ||||
-rw-r--r-- | src/libstrongswan/utils/iterator.h | 42 | ||||
-rw-r--r-- | src/libstrongswan/utils/leak_detective.c | 17 | ||||
-rw-r--r-- | src/libstrongswan/utils/linked_list.c | 59 |
11 files changed, 313 insertions, 225 deletions
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 015308449..f1144144e 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -144,6 +144,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ RANLIB = @RANLIB@ +SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 48df1b7c4..6b16d5a64 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -62,137 +62,142 @@ const oid_t oid_names[] = { { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */ { 0x37, 51, 0, "targetInformation" }, /* 50 */ { 0x38, 0, 0, "noRevAvail" }, /* 51 */ - {0x2A, 89, 1, "" }, /* 52 */ + {0x2A, 94, 1, "" }, /* 52 */ { 0x86, 0, 1, "" }, /* 53 */ { 0x48, 0, 1, "" }, /* 54 */ { 0x86, 0, 1, "" }, /* 55 */ - { 0xF7, 0, 1, "" }, /* 56 */ - { 0x0D, 0, 1, "RSADSI" }, /* 57 */ - { 0x01, 84, 1, "PKCS" }, /* 58 */ - { 0x01, 67, 1, "PKCS-1" }, /* 59 */ - { 0x01, 61, 0, "rsaEncryption" }, /* 60 */ - { 0x02, 62, 0, "md2WithRSAEncryption" }, /* 61 */ - { 0x04, 63, 0, "md5WithRSAEncryption" }, /* 62 */ - { 0x05, 64, 0, "sha-1WithRSAEncryption" }, /* 63 */ - { 0x0B, 65, 0, "sha256WithRSAEncryption"}, /* 64 */ - { 0x0C, 66, 0, "sha384WithRSAEncryption"}, /* 65 */ - { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 66 */ - { 0x07, 74, 1, "PKCS-7" }, /* 67 */ - { 0x01, 69, 0, "data" }, /* 68 */ - { 0x02, 70, 0, "signedData" }, /* 69 */ - { 0x03, 71, 0, "envelopedData" }, /* 70 */ - { 0x04, 72, 0, "signedAndEnvelopedData" }, /* 71 */ - { 0x05, 73, 0, "digestedData" }, /* 72 */ - { 0x06, 0, 0, "encryptedData" }, /* 73 */ - { 0x09, 0, 1, "PKCS-9" }, /* 74 */ - { 0x01, 76, 0, "E" }, /* 75 */ - { 0x02, 77, 0, "unstructuredName" }, /* 76 */ - { 0x03, 78, 0, "contentType" }, /* 77 */ - { 0x04, 79, 0, "messageDigest" }, /* 78 */ - { 0x05, 80, 0, "signingTime" }, /* 79 */ - { 0x06, 81, 0, "counterSignature" }, /* 80 */ - { 0x07, 82, 0, "challengePassword" }, /* 81 */ - { 0x08, 83, 0, "unstructuredAddress" }, /* 82 */ - { 0x0E, 0, 0, "extensionRequest" }, /* 83 */ - { 0x02, 87, 1, "digestAlgorithm" }, /* 84 */ - { 0x02, 86, 0, "md2" }, /* 85 */ - { 0x05, 0, 0, "md5" }, /* 86 */ - { 0x03, 0, 1, "encryptionAlgorithm" }, /* 87 */ - { 0x07, 0, 0, "3des-ede-cbc" }, /* 88 */ - {0x2B, 150, 1, "" }, /* 89 */ - { 0x06, 137, 1, "dod" }, /* 90 */ - { 0x01, 0, 1, "internet" }, /* 91 */ - { 0x04, 106, 1, "private" }, /* 92 */ - { 0x01, 0, 1, "enterprise" }, /* 93 */ - { 0x82, 99, 1, "" }, /* 94 */ - { 0x37, 0, 1, "Microsoft" }, /* 95 */ - { 0x0A, 0, 1, "" }, /* 96 */ - { 0x03, 0, 1, "" }, /* 97 */ - { 0x03, 0, 0, "msSGC" }, /* 98 */ - { 0x89, 0, 1, "" }, /* 99 */ - { 0x31, 0, 1, "" }, /* 100 */ - { 0x01, 0, 1, "" }, /* 101 */ - { 0x01, 0, 1, "" }, /* 102 */ - { 0x02, 0, 1, "" }, /* 103 */ - { 0x02, 105, 0, "" }, /* 104 */ - { 0x4B, 0, 0, "TCGID" }, /* 105 */ - { 0x05, 0, 1, "security" }, /* 106 */ - { 0x05, 0, 1, "mechanisms" }, /* 107 */ - { 0x07, 0, 1, "id-pkix" }, /* 108 */ - { 0x01, 111, 1, "id-pe" }, /* 109 */ - { 0x01, 0, 0, "authorityInfoAccess" }, /* 110 */ - { 0x03, 121, 1, "id-kp" }, /* 111 */ - { 0x01, 113, 0, "serverAuth" }, /* 112 */ - { 0x02, 114, 0, "clientAuth" }, /* 113 */ - { 0x03, 115, 0, "codeSigning" }, /* 114 */ - { 0x04, 116, 0, "emailProtection" }, /* 115 */ - { 0x05, 117, 0, "ipsecEndSystem" }, /* 116 */ - { 0x06, 118, 0, "ipsecTunnel" }, /* 117 */ - { 0x07, 119, 0, "ipsecUser" }, /* 118 */ - { 0x08, 120, 0, "timeStamping" }, /* 119 */ - { 0x09, 0, 0, "ocspSigning" }, /* 120 */ - { 0x08, 123, 1, "id-otherNames" }, /* 121 */ - { 0x05, 0, 0, "xmppAddr" }, /* 122 */ - { 0x0A, 128, 1, "id-aca" }, /* 123 */ - { 0x01, 125, 0, "authenticationInfo" }, /* 124 */ - { 0x02, 126, 0, "accessIdentity" }, /* 125 */ - { 0x03, 127, 0, "chargingIdentity" }, /* 126 */ - { 0x04, 0, 0, "group" }, /* 127 */ - { 0x30, 0, 1, "id-ad" }, /* 128 */ - { 0x01, 0, 1, "ocsp" }, /* 129 */ - { 0x01, 131, 0, "basic" }, /* 130 */ - { 0x02, 132, 0, "nonce" }, /* 131 */ - { 0x03, 133, 0, "crl" }, /* 132 */ - { 0x04, 134, 0, "response" }, /* 133 */ - { 0x05, 135, 0, "noCheck" }, /* 134 */ - { 0x06, 136, 0, "archiveCutoff" }, /* 135 */ - { 0x07, 0, 0, "serviceLocator" }, /* 136 */ - { 0x0E, 143, 1, "oiw" }, /* 137 */ - { 0x03, 0, 1, "secsig" }, /* 138 */ - { 0x02, 0, 1, "algorithms" }, /* 139 */ - { 0x07, 141, 0, "des-cbc" }, /* 140 */ - { 0x1A, 142, 0, "sha-1" }, /* 141 */ - { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 142 */ - { 0x24, 0, 1, "TeleTrusT" }, /* 143 */ - { 0x03, 0, 1, "algorithm" }, /* 144 */ - { 0x03, 0, 1, "signatureAlgorithm" }, /* 145 */ - { 0x01, 0, 1, "rsaSignature" }, /* 146 */ - { 0x02, 148, 0, "rsaSigWithripemd160" }, /* 147 */ - { 0x03, 149, 0, "rsaSigWithripemd128" }, /* 148 */ - { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 149 */ - {0x60, 0, 1, "" }, /* 150 */ - { 0x86, 0, 1, "" }, /* 151 */ - { 0x48, 0, 1, "" }, /* 152 */ - { 0x01, 0, 1, "organization" }, /* 153 */ - { 0x65, 161, 1, "gov" }, /* 154 */ - { 0x03, 0, 1, "csor" }, /* 155 */ - { 0x04, 0, 1, "nistalgorithm" }, /* 156 */ - { 0x02, 0, 1, "hashalgs" }, /* 157 */ - { 0x01, 159, 0, "id-SHA-256" }, /* 158 */ - { 0x02, 160, 0, "id-SHA-384" }, /* 159 */ - { 0x03, 0, 0, "id-SHA-512" }, /* 160 */ - { 0x86, 0, 1, "" }, /* 161 */ - { 0xf8, 0, 1, "" }, /* 162 */ - { 0x42, 175, 1, "netscape" }, /* 163 */ - { 0x01, 170, 1, "" }, /* 164 */ - { 0x01, 166, 0, "nsCertType" }, /* 165 */ - { 0x03, 167, 0, "nsRevocationUrl" }, /* 166 */ - { 0x04, 168, 0, "nsCaRevocationUrl" }, /* 167 */ - { 0x08, 169, 0, "nsCaPolicyUrl" }, /* 168 */ - { 0x0d, 0, 0, "nsComment" }, /* 169 */ - { 0x03, 173, 1, "directory" }, /* 170 */ - { 0x01, 0, 1, "" }, /* 171 */ - { 0x03, 0, 0, "employeeNumber" }, /* 172 */ - { 0x04, 0, 1, "policy" }, /* 173 */ - { 0x01, 0, 0, "nsSGC" }, /* 174 */ - { 0x45, 0, 1, "verisign" }, /* 175 */ - { 0x01, 0, 1, "pki" }, /* 176 */ - { 0x09, 0, 1, "attributes" }, /* 177 */ - { 0x02, 179, 0, "messageType" }, /* 178 */ - { 0x03, 180, 0, "pkiStatus" }, /* 179 */ - { 0x04, 181, 0, "failInfo" }, /* 180 */ - { 0x05, 182, 0, "senderNonce" }, /* 181 */ - { 0x06, 183, 0, "recipientNonce" }, /* 182 */ - { 0x07, 184, 0, "transID" }, /* 183 */ - { 0x08, 0, 0, "extensionReq" } /* 184 */ + { 0xF6, 61, 1, "" }, /* 56 */ + { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */ + { 0x07, 0, 1, "Entrust" }, /* 58 */ + { 0x41, 0, 1, "nsn-ce" }, /* 59 */ + { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */ + { 0xF7, 0, 1, "" }, /* 61 */ + { 0x0D, 0, 1, "RSADSI" }, /* 62 */ + { 0x01, 89, 1, "PKCS" }, /* 63 */ + { 0x01, 72, 1, "PKCS-1" }, /* 64 */ + { 0x01, 66, 0, "rsaEncryption" }, /* 65 */ + { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */ + { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */ + { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */ + { 0x0B, 70, 0, "sha256WithRSAEncryption"}, /* 69 */ + { 0x0C, 71, 0, "sha384WithRSAEncryption"}, /* 70 */ + { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 71 */ + { 0x07, 79, 1, "PKCS-7" }, /* 72 */ + { 0x01, 74, 0, "data" }, /* 73 */ + { 0x02, 75, 0, "signedData" }, /* 74 */ + { 0x03, 76, 0, "envelopedData" }, /* 75 */ + { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */ + { 0x05, 78, 0, "digestedData" }, /* 77 */ + { 0x06, 0, 0, "encryptedData" }, /* 78 */ + { 0x09, 0, 1, "PKCS-9" }, /* 79 */ + { 0x01, 81, 0, "E" }, /* 80 */ + { 0x02, 82, 0, "unstructuredName" }, /* 81 */ + { 0x03, 83, 0, "contentType" }, /* 82 */ + { 0x04, 84, 0, "messageDigest" }, /* 83 */ + { 0x05, 85, 0, "signingTime" }, /* 84 */ + { 0x06, 86, 0, "counterSignature" }, /* 85 */ + { 0x07, 87, 0, "challengePassword" }, /* 86 */ + { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */ + { 0x0E, 0, 0, "extensionRequest" }, /* 88 */ + { 0x02, 92, 1, "digestAlgorithm" }, /* 89 */ + { 0x02, 91, 0, "md2" }, /* 90 */ + { 0x05, 0, 0, "md5" }, /* 91 */ + { 0x03, 0, 1, "encryptionAlgorithm" }, /* 92 */ + { 0x07, 0, 0, "3des-ede-cbc" }, /* 93 */ + {0x2B, 155, 1, "" }, /* 94 */ + { 0x06, 142, 1, "dod" }, /* 95 */ + { 0x01, 0, 1, "internet" }, /* 96 */ + { 0x04, 111, 1, "private" }, /* 97 */ + { 0x01, 0, 1, "enterprise" }, /* 98 */ + { 0x82, 104, 1, "" }, /* 99 */ + { 0x37, 0, 1, "Microsoft" }, /* 100 */ + { 0x0A, 0, 1, "" }, /* 101 */ + { 0x03, 0, 1, "" }, /* 102 */ + { 0x03, 0, 0, "msSGC" }, /* 103 */ + { 0x89, 0, 1, "" }, /* 104 */ + { 0x31, 0, 1, "" }, /* 105 */ + { 0x01, 0, 1, "" }, /* 106 */ + { 0x01, 0, 1, "" }, /* 107 */ + { 0x02, 0, 1, "" }, /* 108 */ + { 0x02, 110, 0, "" }, /* 109 */ + { 0x4B, 0, 0, "TCGID" }, /* 110 */ + { 0x05, 0, 1, "security" }, /* 111 */ + { 0x05, 0, 1, "mechanisms" }, /* 112 */ + { 0x07, 0, 1, "id-pkix" }, /* 113 */ + { 0x01, 116, 1, "id-pe" }, /* 114 */ + { 0x01, 0, 0, "authorityInfoAccess" }, /* 115 */ + { 0x03, 126, 1, "id-kp" }, /* 116 */ + { 0x01, 118, 0, "serverAuth" }, /* 117 */ + { 0x02, 119, 0, "clientAuth" }, /* 118 */ + { 0x03, 120, 0, "codeSigning" }, /* 119 */ + { 0x04, 121, 0, "emailProtection" }, /* 120 */ + { 0x05, 122, 0, "ipsecEndSystem" }, /* 121 */ + { 0x06, 123, 0, "ipsecTunnel" }, /* 122 */ + { 0x07, 124, 0, "ipsecUser" }, /* 123 */ + { 0x08, 125, 0, "timeStamping" }, /* 124 */ + { 0x09, 0, 0, "ocspSigning" }, /* 125 */ + { 0x08, 128, 1, "id-otherNames" }, /* 126 */ + { 0x05, 0, 0, "xmppAddr" }, /* 127 */ + { 0x0A, 133, 1, "id-aca" }, /* 128 */ + { 0x01, 130, 0, "authenticationInfo" }, /* 129 */ + { 0x02, 131, 0, "accessIdentity" }, /* 130 */ + { 0x03, 132, 0, "chargingIdentity" }, /* 131 */ + { 0x04, 0, 0, "group" }, /* 132 */ + { 0x30, 0, 1, "id-ad" }, /* 133 */ + { 0x01, 0, 1, "ocsp" }, /* 134 */ + { 0x01, 136, 0, "basic" }, /* 135 */ + { 0x02, 137, 0, "nonce" }, /* 136 */ + { 0x03, 138, 0, "crl" }, /* 137 */ + { 0x04, 139, 0, "response" }, /* 138 */ + { 0x05, 140, 0, "noCheck" }, /* 139 */ + { 0x06, 141, 0, "archiveCutoff" }, /* 140 */ + { 0x07, 0, 0, "serviceLocator" }, /* 141 */ + { 0x0E, 148, 1, "oiw" }, /* 142 */ + { 0x03, 0, 1, "secsig" }, /* 143 */ + { 0x02, 0, 1, "algorithms" }, /* 144 */ + { 0x07, 146, 0, "des-cbc" }, /* 145 */ + { 0x1A, 147, 0, "sha-1" }, /* 146 */ + { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 147 */ + { 0x24, 0, 1, "TeleTrusT" }, /* 148 */ + { 0x03, 0, 1, "algorithm" }, /* 149 */ + { 0x03, 0, 1, "signatureAlgorithm" }, /* 150 */ + { 0x01, 0, 1, "rsaSignature" }, /* 151 */ + { 0x02, 153, 0, "rsaSigWithripemd160" }, /* 152 */ + { 0x03, 154, 0, "rsaSigWithripemd128" }, /* 153 */ + { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 154 */ + {0x60, 0, 1, "" }, /* 155 */ + { 0x86, 0, 1, "" }, /* 156 */ + { 0x48, 0, 1, "" }, /* 157 */ + { 0x01, 0, 1, "organization" }, /* 158 */ + { 0x65, 166, 1, "gov" }, /* 159 */ + { 0x03, 0, 1, "csor" }, /* 160 */ + { 0x04, 0, 1, "nistalgorithm" }, /* 161 */ + { 0x02, 0, 1, "hashalgs" }, /* 162 */ + { 0x01, 164, 0, "id-SHA-256" }, /* 163 */ + { 0x02, 165, 0, "id-SHA-384" }, /* 164 */ + { 0x03, 0, 0, "id-SHA-512" }, /* 165 */ + { 0x86, 0, 1, "" }, /* 166 */ + { 0xf8, 0, 1, "" }, /* 167 */ + { 0x42, 180, 1, "netscape" }, /* 168 */ + { 0x01, 175, 1, "" }, /* 169 */ + { 0x01, 171, 0, "nsCertType" }, /* 170 */ + { 0x03, 172, 0, "nsRevocationUrl" }, /* 171 */ + { 0x04, 173, 0, "nsCaRevocationUrl" }, /* 172 */ + { 0x08, 174, 0, "nsCaPolicyUrl" }, /* 173 */ + { 0x0d, 0, 0, "nsComment" }, /* 174 */ + { 0x03, 178, 1, "directory" }, /* 175 */ + { 0x01, 0, 1, "" }, /* 176 */ + { 0x03, 0, 0, "employeeNumber" }, /* 177 */ + { 0x04, 0, 1, "policy" }, /* 178 */ + { 0x01, 0, 0, "nsSGC" }, /* 179 */ + { 0x45, 0, 1, "verisign" }, /* 180 */ + { 0x01, 0, 1, "pki" }, /* 181 */ + { 0x09, 0, 1, "attributes" }, /* 182 */ + { 0x02, 184, 0, "messageType" }, /* 183 */ + { 0x03, 185, 0, "pkiStatus" }, /* 184 */ + { 0x04, 186, 0, "failInfo" }, /* 185 */ + { 0x05, 187, 0, "senderNonce" }, /* 186 */ + { 0x06, 188, 0, "recipientNonce" }, /* 187 */ + { 0x07, 189, 0, "transID" }, /* 188 */ + { 0x08, 0, 0, "extensionReq" } /* 189 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 49260c9f4..a29b1f0a1 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -29,56 +29,56 @@ extern const oid_t oid_names[]; #define OID_EXTENDED_KEY_USAGE 49 #define OID_TARGET_INFORMATION 50 #define OID_NO_REV_AVAIL 51 -#define OID_RSA_ENCRYPTION 60 -#define OID_MD2_WITH_RSA 61 -#define OID_MD5_WITH_RSA 62 -#define OID_SHA1_WITH_RSA 63 -#define OID_SHA256_WITH_RSA 64 -#define OID_SHA384_WITH_RSA 65 -#define OID_SHA512_WITH_RSA 66 -#define OID_PKCS7_DATA 68 -#define OID_PKCS7_SIGNED_DATA 69 -#define OID_PKCS7_ENVELOPED_DATA 70 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 71 -#define OID_PKCS7_DIGESTED_DATA 72 -#define OID_PKCS7_ENCRYPTED_DATA 73 -#define OID_PKCS9_EMAIL 75 -#define OID_PKCS9_CONTENT_TYPE 77 -#define OID_PKCS9_MESSAGE_DIGEST 78 -#define OID_PKCS9_SIGNING_TIME 79 -#define OID_MD2 85 -#define OID_MD5 86 -#define OID_3DES_EDE_CBC 88 -#define OID_AUTHORITY_INFO_ACCESS 110 -#define OID_OCSP_SIGNING 120 -#define OID_XMPP_ADDR 122 -#define OID_AUTHENTICATION_INFO 124 -#define OID_ACCESS_IDENTITY 125 -#define OID_CHARGING_IDENTITY 126 -#define OID_GROUP 127 -#define OID_OCSP 129 -#define OID_BASIC 130 -#define OID_NONCE 131 -#define OID_CRL 132 -#define OID_RESPONSE 133 -#define OID_NO_CHECK 134 -#define OID_ARCHIVE_CUTOFF 135 -#define OID_SERVICE_LOCATOR 136 -#define OID_DES_CBC 140 -#define OID_SHA1 141 -#define OID_SHA1_WITH_RSA_OIW 142 -#define OID_SHA256 158 -#define OID_SHA384 159 -#define OID_SHA512 160 -#define OID_NS_REVOCATION_URL 166 -#define OID_NS_CA_REVOCATION_URL 167 -#define OID_NS_CA_POLICY_URL 168 -#define OID_NS_COMMENT 169 -#define OID_PKI_MESSAGE_TYPE 178 -#define OID_PKI_STATUS 179 -#define OID_PKI_FAIL_INFO 180 -#define OID_PKI_SENDER_NONCE 181 -#define OID_PKI_RECIPIENT_NONCE 182 -#define OID_PKI_TRANS_ID 183 +#define OID_RSA_ENCRYPTION 65 +#define OID_MD2_WITH_RSA 66 +#define OID_MD5_WITH_RSA 67 +#define OID_SHA1_WITH_RSA 68 +#define OID_SHA256_WITH_RSA 69 +#define OID_SHA384_WITH_RSA 70 +#define OID_SHA512_WITH_RSA 71 +#define OID_PKCS7_DATA 73 +#define OID_PKCS7_SIGNED_DATA 74 +#define OID_PKCS7_ENVELOPED_DATA 75 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 76 +#define OID_PKCS7_DIGESTED_DATA 77 +#define OID_PKCS7_ENCRYPTED_DATA 78 +#define OID_PKCS9_EMAIL 80 +#define OID_PKCS9_CONTENT_TYPE 82 +#define OID_PKCS9_MESSAGE_DIGEST 83 +#define OID_PKCS9_SIGNING_TIME 84 +#define OID_MD2 90 +#define OID_MD5 91 +#define OID_3DES_EDE_CBC 93 +#define OID_AUTHORITY_INFO_ACCESS 115 +#define OID_OCSP_SIGNING 125 +#define OID_XMPP_ADDR 127 +#define OID_AUTHENTICATION_INFO 129 +#define OID_ACCESS_IDENTITY 130 +#define OID_CHARGING_IDENTITY 131 +#define OID_GROUP 132 +#define OID_OCSP 134 +#define OID_BASIC 135 +#define OID_NONCE 136 +#define OID_CRL 137 +#define OID_RESPONSE 138 +#define OID_NO_CHECK 139 +#define OID_ARCHIVE_CUTOFF 140 +#define OID_SERVICE_LOCATOR 141 +#define OID_DES_CBC 145 +#define OID_SHA1 146 +#define OID_SHA1_WITH_RSA_OIW 147 +#define OID_SHA256 163 +#define OID_SHA384 164 +#define OID_SHA512 165 +#define OID_NS_REVOCATION_URL 171 +#define OID_NS_CA_REVOCATION_URL 172 +#define OID_NS_CA_POLICY_URL 173 +#define OID_NS_COMMENT 174 +#define OID_PKI_MESSAGE_TYPE 183 +#define OID_PKI_STATUS 184 +#define OID_PKI_FAIL_INFO 185 +#define OID_PKI_SENDER_NONCE 186 +#define OID_PKI_RECIPIENT_NONCE 187 +#define OID_PKI_TRANS_ID 188 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index 2b3c96ae3..bd5a26e43 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -54,6 +54,11 @@ 0x86 "" 0x48 "" 0x86 "" + 0xF6 "" + 0x7D "NortelNetworks" + 0x07 "Entrust" + 0x41 "nsn-ce" + 0x00 "entrustVersInfo" 0xF7 "" 0x0D "RSADSI" 0x01 "PKCS" diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c index e88db249d..641805869 100755 --- a/src/libstrongswan/asn1/pem.c +++ b/src/libstrongswan/asn1/pem.c @@ -117,8 +117,10 @@ static err_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_s crypter->set_key(crypter, key); if (crypter->decrypt(crypter, *blob, *iv, &decrypted) != SUCCESS) { + crypter->destroy(crypter); return "data size is not multiple of block size"; } + crypter->destroy(crypter); memcpy(blob->ptr, decrypted.ptr, blob->len); chunk_free(&decrypted); diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c index 07413e805..a78590954 100644 --- a/src/libstrongswan/crypto/ca.c +++ b/src/libstrongswan/crypto/ca.c @@ -345,7 +345,7 @@ static void add_crluri(private_ca_info_t *this, chunk_t uri) strncasecmp(uri.ptr, "file", 4) != 0 && strncasecmp(uri.ptr, "ftp", 3) != 0)) { - DBG1(" invalid crl uri '%#B'", uri); + DBG1(" invalid crl uri '%.*s'", uri.len, uri.ptr); return; } else @@ -399,7 +399,10 @@ void add_info (private_ca_info_t *this, const private_ca_info_t *that) while (iterator->iterate(iterator, (void**)&uri)) { - add_crluri(this, uri->get_encoding(uri)); + if (uri->get_type(uri) == ID_DER_ASN1_GN_URI) + { + add_crluri(this, uri->get_encoding(uri)); + } } iterator->destroy(iterator); } @@ -411,7 +414,10 @@ void add_info (private_ca_info_t *this, const private_ca_info_t *that) while (iterator->iterate(iterator, (void**)&uri)) { - add_ocspuri(this, uri->get_encoding(uri)); + if (uri->get_type(uri) == ID_DER_ASN1_GN_URI) + { + add_ocspuri(this, uri->get_encoding(uri)); + } } iterator->destroy(iterator); } diff --git a/src/libstrongswan/crypto/crypters/des_crypter.c b/src/libstrongswan/crypto/crypters/des_crypter.c index dc5a8ff55..655cc03ce 100644 --- a/src/libstrongswan/crypto/crypters/des_crypter.c +++ b/src/libstrongswan/crypto/crypters/des_crypter.c @@ -871,14 +871,15 @@ static int des_set_key(des_cblock *key, des_key_schedule *schedule) register unsigned char *in; register DES_LONG *k; register int i; + des_cblock odd; for (i = 0; i < sizeof(des_cblock); i++) { - (*key)[i] = odd_parity[(*key)[i]]; + odd[i] = odd_parity[(*key)[i]]; } k=(DES_LONG *)schedule; - in=(unsigned char *)key; + in=(unsigned char *)&odd; c2l(in,c); c2l(in,d); diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 673cbb828..ba0a76893 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -759,6 +759,24 @@ static bool equals_dn(private_identification_t *this, } /** + * Special implementation of identification_t.equals for RFC822 and FQDN. + */ +static bool equals_strcasecmp(private_identification_t *this, + private_identification_t *other) +{ + /* we do some extra sanity checks to check for invalid IDs with a + * terminating null in it. */ + if (this->encoded.len == other->encoded.len && + memchr(this->encoded.ptr, 0, this->encoded.len) == NULL && + memchr(other->encoded.ptr, 0, other->encoded.len) == NULL && + strncasecmp(this->encoded.ptr, other->encoded.ptr, this->encoded.len) == 0) + { + return TRUE; + } + return FALSE; +} + +/** * Default implementation of identification_t.matches. */ static bool matches_binary(private_identification_t *this, @@ -1094,6 +1112,8 @@ identification_t *identification_create_from_string(char *string) this->encoded.len = strlen(string + 1); this->public.matches = (bool (*) (identification_t*,identification_t*,int*))matches_string; + this->public.equals = (bool (*) + (identification_t*,identification_t*))equals_strcasecmp; return &(this->public); } } @@ -1104,6 +1124,8 @@ identification_t *identification_create_from_string(char *string) this->encoded.len = strlen(string); this->public.matches = (bool (*) (identification_t*,identification_t*,int*))matches_string; + this->public.equals = (bool (*) + (identification_t*,identification_t*))equals_strcasecmp; return &(this->public); } } @@ -1123,12 +1145,11 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en (identification_t*,identification_t*,int*))matches_any; break; case ID_FQDN: - this->public.matches = (bool (*) - (identification_t*,identification_t*,int*))matches_string; - break; case ID_RFC822_ADDR: this->public.matches = (bool (*) (identification_t*,identification_t*,int*))matches_string; + this->public.equals = (bool (*) + (identification_t*,identification_t*))equals_strcasecmp; break; case ID_DER_ASN1_DN: this->public.equals = (bool (*) @@ -1152,3 +1173,4 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en } return &(this->public); } + diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h index 02a15c534..b4ff85bfb 100644 --- a/src/libstrongswan/utils/iterator.h +++ b/src/libstrongswan/utils/iterator.h @@ -26,15 +26,46 @@ #include <library.h> +typedef enum hook_result_t hook_result_t; + +/** + * @brief Return value of an iterator hook. + * + * Returning HOOK_AGAIN is useful to "inject" additional elements in an + * iteration, HOOK_NEXT is the normal iterator behavior, and HOOK_SKIP may + * be used to filter elements out. + * + * @ingroup utils + */ +enum hook_result_t { + + /** + * A value was placed in out, hook is called again with the same "in" + */ + HOOK_AGAIN, + + /** + * A value was placed in out, hook is called again with next "in" (if any) + */ + HOOK_NEXT, + + /** + * No value in out, call again with next "in" (if any) + */ + HOOK_SKIP, +}; + /** * @brief Iterator hook function prototype. * * @param param user supplied parameter * @param in the value the hook receives from the iterator * @param out the value supplied as a result to the iterator - * @return TRUE to return "out", FALSE to skip this value + * @return a hook_result_t + * + * @ingroup utils */ -typedef bool (iterator_hook_t)(void *param, void *in, void **out); +typedef hook_result_t (iterator_hook_t)(void *param, void *in, void **out); typedef struct iterator_t iterator_t; @@ -45,8 +76,6 @@ typedef struct iterator_t iterator_t; * iterator_t defines an interface for iterating over collections. * It allows searching, deleting, updating and inserting. * - * Thanks to JMP for iterator lessons :-) - * * @b Constructors: * - via linked_list_t.create_iterator, or * - any other class which supports the iterator_t interface @@ -84,8 +113,11 @@ struct iterator_t { * Sometimes it is useful to hook in an iterator. The hook function is * called before any successful return of iterate(). It takes the * iterator value, may manipulate it (or the references object), and returns - * the value that the iterate() function returns. + * the value that the iterate() function returns. Depending on the hook + * return value, the hook is called again, called with next, or skipped. * A value of NULL deactivates the iterator hook. + * If an iterator is hooked, only the iterate() method is valid, + * all other methods behave undefined. * * @param this calling object * @param hook iterator hook which manipulates the iterated value diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index b8a023270..a28ebba51 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -410,7 +410,10 @@ void *realloc_hook(void *old, size_t bytes, const void *caller) */ void __attribute__ ((constructor)) leak_detective_init() { - install_hooks(); + if (getenv("LEAK_DETECTIVE_DISABLE") == NULL) + { + install_hooks(); + } } /** @@ -418,8 +421,11 @@ void __attribute__ ((constructor)) leak_detective_init() */ void __attribute__ ((destructor)) leak_detective_cleanup() { - uninstall_hooks(); - report_leaks(); + if (getenv("LEAK_DETECTIVE_DISABLE") == NULL) + { + uninstall_hooks(); + report_leaks(); + } } /** @@ -431,6 +437,11 @@ void leak_detective_status(FILE *stream) size_t bytes = 0; memory_header_t *hdr = &first_header; + if (getenv("LEAK_DETECTIVE_DISABLE")) + { + return; + } + pthread_mutex_lock(&mutex); while ((hdr = hdr->next)) { diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c index de043a02e..de52ea46a 100644 --- a/src/libstrongswan/utils/linked_list.c +++ b/src/libstrongswan/utils/linked_list.c @@ -151,10 +151,10 @@ static int get_list_count(private_iterator_t *this) /** * default iterator hook which does nothing */ -static bool iterator_hook(void *param, void *in, void **out) +static hook_result_t iterator_hook(void *param, void *in, void **out) { *out = in; - return TRUE; + return HOOK_NEXT; } /** @@ -180,40 +180,43 @@ static void set_iterator_hook(private_iterator_t *this, iterator_hook_t *hook, */ static bool iterate(private_iterator_t *this, void** value) { - if (this->list->count == 0) - { - return FALSE; - } - if (this->current == NULL) + while (TRUE) { - this->current = (this->forward) ? this->list->first : this->list->last; - if (!this->hook(this->hook_param, this->current->value, value)) + if (this->forward) { - return iterate(this, value); + this->current = this->current ? this->current->next : this->list->first; } - return TRUE; - } - if (this->forward) - { - if (this->current->next == NULL) + else + { + this->current = this->current ? this->current->previous : this->list->last; + } + + if (this->current == NULL) { return FALSE; } - this->current = this->current->next; - if (!this->hook(this->hook_param, this->current->value, value)) + + switch (this->hook(this->hook_param, this->current->value, value)) { - return iterate(this, value); + case HOOK_AGAIN: + /* rewind */ + if (this->forward) + { + this->current = this->current->previous; + } + else + { + this->current = this->current->next; + } + break; + case HOOK_NEXT: + /* normal iteration */ + break; + case HOOK_SKIP: + /* advance */ + continue; } - return TRUE; - } - if (this->current->previous == NULL) - { - return FALSE; - } - this->current = this->current->previous; - if (!this->hook(this->hook_param, this->current->value, value)) - { - return iterate(this, value); + break; } return TRUE; } |