diff options
author | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-05-19 13:41:58 +0200 |
---|---|---|
committer | René Mayrhofer <rene@mayrhofer.eu.org> | 2011-05-19 13:41:58 +0200 |
commit | b590992f735393c97489fce191e7810eaae4f6d7 (patch) | |
tree | 286595c4aa43dbf3d616d816e5fade6ac364771a /src/libstrongswan | |
parent | 2fce29055b7b5bc2860d503d1ae822931f80b7aa (diff) | |
parent | 0a9d51a49042a68daa15b0c74a2b7f152f52606b (diff) | |
download | vyos-strongswan-b590992f735393c97489fce191e7810eaae4f6d7.tar.gz vyos-strongswan-b590992f735393c97489fce191e7810eaae4f6d7.zip |
Merge upstream version 4.5.2
Diffstat (limited to 'src/libstrongswan')
172 files changed, 1795 insertions, 5249 deletions
diff --git a/src/libstrongswan/Android.mk b/src/libstrongswan/Android.mk index 431543151..259f0a375 100644 --- a/src/libstrongswan/Android.mk +++ b/src/libstrongswan/Android.mk @@ -32,8 +32,7 @@ credentials/keys/private_key.c credentials/keys/private_key.h \ credentials/keys/public_key.c credentials/keys/public_key.h \ credentials/keys/shared_key.c credentials/keys/shared_key.h \ credentials/certificates/certificate.c credentials/certificates/certificate.h \ -credentials/certificates/x509.h credentials/certificates/x509.c \ -credentials/certificates/ac.h \ +credentials/certificates/x509.h credentials/certificates/ac.h \ credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -49,7 +48,7 @@ credentials/sets/callback_cred.c credentials/sets/callback_cred.h \ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h \ database/database.h database/database_factory.h database/database_factory.c \ -fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ +fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \ processing/jobs/job.h \ diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 894d3ae65..b6c70daea 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -30,12 +30,7 @@ credentials/keys/private_key.c credentials/keys/private_key.h \ credentials/keys/public_key.c credentials/keys/public_key.h \ credentials/keys/shared_key.c credentials/keys/shared_key.h \ credentials/certificates/certificate.c credentials/certificates/certificate.h \ -<<<<<<< HEAD -credentials/certificates/x509.h credentials/certificates/x509.c \ -credentials/certificates/ac.h \ -======= credentials/certificates/x509.h credentials/certificates/ac.h \ ->>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -51,7 +46,7 @@ credentials/sets/callback_cred.c credentials/sets/callback_cred.h \ credentials/auth_cfg.c credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h \ database/database.h database/database_factory.h database/database_factory.c \ -fetcher/fetcher.h fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ +fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h fetcher/fetcher_manager.c \ eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h plugins/plugin.h \ processing/jobs/job.h \ @@ -140,8 +135,6 @@ else SUBDIRS = . endif -<<<<<<< HEAD -======= if USE_AF_ALG SUBDIRS += plugins/af_alg if MONOLITHIC @@ -149,7 +142,6 @@ if MONOLITHIC endif endif ->>>>>>> upstream/4.5.1 if USE_AES SUBDIRS += plugins/aes if MONOLITHIC @@ -241,8 +233,6 @@ if MONOLITHIC endif endif -<<<<<<< HEAD -======= if USE_CONSTRAINTS SUBDIRS += plugins/constraints if MONOLITHIC @@ -250,7 +240,6 @@ if MONOLITHIC endif endif ->>>>>>> upstream/4.5.1 if USE_PUBKEY SUBDIRS += plugins/pubkey if MONOLITHIC @@ -293,8 +282,6 @@ if MONOLITHIC endif endif -<<<<<<< HEAD -======= if USE_SOUP SUBDIRS += plugins/soup if MONOLITHIC @@ -302,7 +289,6 @@ if MONOLITHIC endif endif ->>>>>>> upstream/4.5.1 if USE_LDAP SUBDIRS += plugins/ldap if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index af1e5bf3d..c9ae8992e 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -44,72 +44,6 @@ host_triplet = @host@ @USE_INTEGRITY_TEST_TRUE@ integrity_checker.c integrity_checker.h @USE_VSTR_TRUE@am__append_6 = -lvstr -<<<<<<< HEAD -@USE_AES_TRUE@am__append_7 = plugins/aes -@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_8 = plugins/aes/libstrongswan-aes.la -@USE_DES_TRUE@am__append_9 = plugins/des -@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_10 = plugins/des/libstrongswan-des.la -@USE_BLOWFISH_TRUE@am__append_11 = plugins/blowfish -@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_12 = plugins/blowfish/libstrongswan-blowfish.la -@USE_MD4_TRUE@am__append_13 = plugins/md4 -@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_14 = plugins/md4/libstrongswan-md4.la -@USE_MD5_TRUE@am__append_15 = plugins/md5 -@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_16 = plugins/md5/libstrongswan-md5.la -@USE_SHA1_TRUE@am__append_17 = plugins/sha1 -@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_18 = plugins/sha1/libstrongswan-sha1.la -@USE_SHA2_TRUE@am__append_19 = plugins/sha2 -@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_20 = plugins/sha2/libstrongswan-sha2.la -@USE_GMP_TRUE@am__append_21 = plugins/gmp -@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_22 = plugins/gmp/libstrongswan-gmp.la -@USE_RANDOM_TRUE@am__append_23 = plugins/random -@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_24 = plugins/random/libstrongswan-random.la -@USE_HMAC_TRUE@am__append_25 = plugins/hmac -@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_26 = plugins/hmac/libstrongswan-hmac.la -@USE_XCBC_TRUE@am__append_27 = plugins/xcbc -@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_28 = plugins/xcbc/libstrongswan-xcbc.la -@USE_X509_TRUE@am__append_29 = plugins/x509 -@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_30 = plugins/x509/libstrongswan-x509.la -@USE_REVOCATION_TRUE@am__append_31 = plugins/revocation -@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_32 = plugins/revocation/libstrongswan-revocation.la -@USE_PUBKEY_TRUE@am__append_33 = plugins/pubkey -@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_34 = plugins/pubkey/libstrongswan-pubkey.la -@USE_PKCS1_TRUE@am__append_35 = plugins/pkcs1 -@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_36 = plugins/pkcs1/libstrongswan-pkcs1.la -@USE_PGP_TRUE@am__append_37 = plugins/pgp -@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_38 = plugins/pgp/libstrongswan-pgp.la -@USE_DNSKEY_TRUE@am__append_39 = plugins/dnskey -@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_40 = plugins/dnskey/libstrongswan-dnskey.la -@USE_PEM_TRUE@am__append_41 = plugins/pem -@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_42 = plugins/pem/libstrongswan-pem.la -@USE_CURL_TRUE@am__append_43 = plugins/curl -@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_44 = plugins/curl/libstrongswan-curl.la -@USE_LDAP_TRUE@am__append_45 = plugins/ldap -@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_46 = plugins/ldap/libstrongswan-ldap.la -@USE_MYSQL_TRUE@am__append_47 = plugins/mysql -@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_48 = plugins/mysql/libstrongswan-mysql.la -@USE_SQLITE_TRUE@am__append_49 = plugins/sqlite -@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_50 = plugins/sqlite/libstrongswan-sqlite.la -@USE_PADLOCK_TRUE@am__append_51 = plugins/padlock -@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_52 = plugins/padlock/libstrongswan-padlock.la -@USE_OPENSSL_TRUE@am__append_53 = plugins/openssl -@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_54 = plugins/openssl/libstrongswan-openssl.la -@USE_GCRYPT_TRUE@am__append_55 = plugins/gcrypt -@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_56 = plugins/gcrypt/libstrongswan-gcrypt.la -@USE_FIPS_PRF_TRUE@am__append_57 = plugins/fips_prf -@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_58 = plugins/fips_prf/libstrongswan-fips-prf.la -@USE_AGENT_TRUE@am__append_59 = plugins/agent -@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_60 = plugins/agent/libstrongswan-agent.la -@USE_PKCS11_TRUE@am__append_61 = plugins/pkcs11 -@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_62 = plugins/pkcs11/libstrongswan-pkcs11.la -@USE_CTR_TRUE@am__append_63 = plugins/ctr -@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_64 = plugins/ctr/libstrongswan-ctr.la -@USE_CCM_TRUE@am__append_65 = plugins/ccm -@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_66 = plugins/ccm/libstrongswan-ccm.la -@USE_GCM_TRUE@am__append_67 = plugins/gcm -@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_68 = plugins/gcm/libstrongswan-gcm.la -@USE_TEST_VECTORS_TRUE@am__append_69 = plugins/test_vectors -@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_70 = plugins/test_vectors/libstrongswan-test-vectors.la -======= @USE_AF_ALG_TRUE@am__append_7 = plugins/af_alg @MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_8 = plugins/af_alg/libstrongswan-af-alg.la @USE_AES_TRUE@am__append_9 = plugins/aes @@ -180,7 +114,6 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_74 = plugins/gcm/libstrongswan-gcm.la @USE_TEST_VECTORS_TRUE@am__append_75 = plugins/test_vectors @MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_76 = plugins/test_vectors/libstrongswan-test-vectors.la ->>>>>>> upstream/4.5.1 subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -235,12 +168,8 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ -<<<<<<< HEAD - $(am__append_66) $(am__append_68) $(am__append_70) -======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) ->>>>>>> upstream/4.5.1 am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \ @@ -265,12 +194,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ -<<<<<<< HEAD - credentials/certificates/x509.h \ - credentials/certificates/x509.c credentials/certificates/ac.h \ -======= credentials/certificates/x509.h credentials/certificates/ac.h \ ->>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -292,7 +216,7 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h database/database.h \ database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher_manager.h \ + fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h \ fetcher/fetcher_manager.c eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h \ plugins/plugin.h processing/jobs/job.h \ @@ -320,14 +244,10 @@ am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \ crypto_tester.lo diffie_hellman.lo aead.lo transform.lo \ credential_factory.lo builder.lo cred_encoding.lo \ private_key.lo public_key.lo shared_key.lo certificate.lo \ -<<<<<<< HEAD - x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \ -======= crl.lo ocsp_response.lo ietf_attributes.lo \ ->>>>>>> upstream/4.5.1 credential_manager.lo auth_cfg_wrapper.lo \ ocsp_response_wrapper.lo cert_cache.lo mem_cred.lo \ - callback_cred.lo auth_cfg.lo database_factory.lo \ + callback_cred.lo auth_cfg.lo database_factory.lo fetcher.lo \ fetcher_manager.lo eap.lo plugin_loader.lo callback_job.lo \ processor.lo scheduler.lo traffic_selector.lo thread.lo \ thread_value.lo mutex.lo rwlock.lo utils.lo host.lo \ @@ -364,16 +284,6 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir ETAGS = etags CTAGS = ctags -<<<<<<< HEAD -DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \ - plugins/md5 plugins/sha1 plugins/sha2 plugins/gmp \ - plugins/random plugins/hmac plugins/xcbc plugins/x509 \ - plugins/revocation plugins/pubkey plugins/pkcs1 plugins/pgp \ - plugins/dnskey plugins/pem plugins/curl plugins/ldap \ - plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \ - plugins/gcrypt plugins/fips_prf plugins/agent plugins/pkcs11 \ - plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors -======= DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/blowfish plugins/md4 plugins/md5 plugins/sha1 \ plugins/sha2 plugins/gmp plugins/random plugins/hmac \ @@ -384,7 +294,6 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/openssl plugins/gcrypt plugins/fips_prf plugins/agent \ plugins/pkcs11 plugins/ctr plugins/ccm plugins/gcm \ plugins/test_vectors ->>>>>>> upstream/4.5.1 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -530,13 +439,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -557,6 +460,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -575,14 +480,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ @@ -615,12 +518,7 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ -<<<<<<< HEAD - credentials/certificates/x509.h \ - credentials/certificates/x509.c credentials/certificates/ac.h \ -======= credentials/certificates/x509.h credentials/certificates/ac.h \ ->>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -642,7 +540,7 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/auth_cfg.h credentials/credential_set.h \ credentials/cert_validator.h database/database.h \ database/database_factory.h database/database_factory.c \ - fetcher/fetcher.h fetcher/fetcher_manager.h \ + fetcher/fetcher.h fetcher/fetcher.c fetcher/fetcher_manager.h \ fetcher/fetcher_manager.c eap/eap.h eap/eap.c \ plugins/plugin_loader.c plugins/plugin_loader.h \ plugins/plugin.h processing/jobs/job.h \ @@ -671,12 +569,8 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ -<<<<<<< HEAD - $(am__append_66) $(am__append_68) $(am__append_70) -======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) ->>>>>>> upstream/4.5.1 INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \ @@ -709,13 +603,9 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ -<<<<<<< HEAD -@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) -======= @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_FALSE@ $(am__append_75) ->>>>>>> upstream/4.5.1 # build plugins with their own Makefile ####################################### @@ -734,13 +624,9 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ -<<<<<<< HEAD -@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) -======= @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_TRUE@ $(am__append_75) ->>>>>>> upstream/4.5.1 all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -841,6 +727,7 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/eap.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enum.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enumerator.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetcher.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetcher_manager.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hasher.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hashtable.Plo@am__quote@ @@ -878,10 +765,6 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Plo@am__quote@ -<<<<<<< HEAD -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ -======= ->>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -1065,16 +948,6 @@ certificate.lo: credentials/certificates/certificate.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c -<<<<<<< HEAD -x509.lo: credentials/certificates/x509.c -@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF $(DEPDIR)/x509.Tpo -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c -@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/x509.Tpo $(DEPDIR)/x509.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/x509.c' object='x509.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c - -======= ->>>>>>> upstream/4.5.1 crl.lo: credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF $(DEPDIR)/crl.Tpo -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crl.Tpo $(DEPDIR)/crl.Plo @@ -1152,6 +1025,13 @@ database_factory.lo: database/database_factory.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o database_factory.lo `test -f 'database/database_factory.c' || echo '$(srcdir)/'`database/database_factory.c +fetcher.lo: fetcher/fetcher.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher.lo -MD -MP -MF $(DEPDIR)/fetcher.Tpo -c -o fetcher.lo `test -f 'fetcher/fetcher.c' || echo '$(srcdir)/'`fetcher/fetcher.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/fetcher.Tpo $(DEPDIR)/fetcher.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fetcher/fetcher.c' object='fetcher.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher.lo `test -f 'fetcher/fetcher.c' || echo '$(srcdir)/'`fetcher/fetcher.c + fetcher_manager.lo: fetcher/fetcher_manager.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher_manager.lo -MD -MP -MF $(DEPDIR)/fetcher_manager.Tpo -c -o fetcher_manager.lo `test -f 'fetcher/fetcher_manager.c' || echo '$(srcdir)/'`fetcher/fetcher_manager.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/fetcher_manager.Tpo $(DEPDIR)/fetcher_manager.Plo diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 7f198f9aa..4466b37a4 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -126,15 +126,13 @@ chunk_t asn1_build_known_oid(int n) /* * Defined in header. */ -<<<<<<< HEAD -======= chunk_t asn1_oid_from_string(char *str) { enumerator_t *enumerator; - u_char buf[32]; + u_char buf[64]; char *end; - int i = 0, pos = 0; - u_int val, first = 0; + int i = 0, pos = 0, shift; + u_int val, shifted_val, first = 0; enumerator = enumerator_create_token(str, ".", ""); while (enumerator->enumerate(enumerator, &str)) @@ -154,16 +152,17 @@ chunk_t asn1_oid_from_string(char *str) buf[pos++] = first * 40 + val; break; default: - if (val < 128) + shift = 28; /* sufficient to handle 32 bit node numbers */ + while (shift) { - buf[pos++] = val; + shifted_val = val >> shift; + shift -= 7; + if (shifted_val) /* do not encode leading zeroes */ + { + buf[pos++] = 0x80 | (shifted_val & 0x7F); + } } - else - { - buf[pos++] = 128 | (val >> 7); - buf[pos++] = (val % 256) & 0x7F; - } - break; + buf[pos++] = val & 0x7F; } } enumerator->destroy(enumerator); @@ -185,44 +184,37 @@ char *asn1_oid_to_string(chunk_t oid) return NULL; } val = oid.ptr[0] / 40; - len = snprintf(buf, sizeof(buf), "%d.%d", val, oid.ptr[0] - val * 40); + len = snprintf(buf, sizeof(buf), "%u.%u", val, oid.ptr[0] - val * 40); oid = chunk_skip(oid, 1); if (len < 0 || len >= sizeof(buf)) { return NULL; } pos += len; + val = 0; while (oid.len) { + val = (val << 7) + (u_int)(oid.ptr[0] & 0x7f); + if (oid.ptr[0] < 128) { - len = snprintf(pos, sizeof(buf) + buf - pos, ".%d", oid.ptr[0]); - oid = chunk_skip(oid, 1); - } - else - { - if (oid.len == 1) + len = snprintf(pos, sizeof(buf) + buf - pos, ".%u", val); + if (len < 0 || len >= sizeof(buf) + buf - pos) { return NULL; } - val = ((u_int)(oid.ptr[0] & 0x7F) << 7) + oid.ptr[1]; - len = snprintf(pos, sizeof(buf) + buf - pos, ".%d", val); - oid = chunk_skip(oid, 2); - } - if (len < 0 || len >= sizeof(buf) + buf - pos) - { - return NULL; + pos += len; + val = 0; } - pos += len; + oid = chunk_skip(oid, 1); } - return strdup(buf); + return (val == 0) ? strdup(buf) : NULL; } /* * Defined in header. */ ->>>>>>> upstream/4.5.1 size_t asn1_length(chunk_t *blob) { u_char n; @@ -471,12 +463,22 @@ void asn1_debug_simple_object(chunk_t object, asn1_t type, bool private) { case ASN1_OID: oid = asn1_known_oid(object); - if (oid != OID_UNKNOWN) + if (oid == OID_UNKNOWN) + { + char *oid_str = asn1_oid_to_string(object); + + if (!oid_str) + { + break; + } + DBG2(DBG_LIB, " %s", oid_str); + free(oid_str); + } + else { DBG2(DBG_LIB, " '%s'", oid_names[oid].name); - return; } - break; + return; case ASN1_UTF8STRING: case ASN1_IA5STRING: case ASN1_PRINTABLESTRING: diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 70411c999..05a060827 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -115,8 +115,6 @@ int asn1_known_oid(chunk_t object); chunk_t asn1_build_known_oid(int n); /** -<<<<<<< HEAD -======= * Convert human readable OID to ASN.1 DER encoding, without OID header. * * @param str OID string (e.g. 1.2.345.67.8) @@ -133,7 +131,6 @@ chunk_t asn1_oid_from_string(char *str); char* asn1_oid_to_string(chunk_t oid); /** ->>>>>>> upstream/4.5.1 * Returns the length of an ASN.1 object * The blob pointer is advanced past the tag length fields * diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index fe02690d9..2a7a38a52 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -78,15 +78,8 @@ struct private_asn1_parser_t { chunk_t blobs[ASN1_MAX_LEVEL + 2]; }; -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.iterate - */ -static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) -======= METHOD(asn1_parser_t, iterate, bool, private_asn1_parser_t *this, int *objectID, chunk_t *object) ->>>>>>> upstream/4.5.1 { chunk_t *blob, *blob1; u_char *start_ptr; @@ -239,68 +232,33 @@ end: return this->success; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.get_level - */ -static u_int get_level(private_asn1_parser_t *this) -======= METHOD(asn1_parser_t, get_level, u_int, private_asn1_parser_t *this) ->>>>>>> upstream/4.5.1 { return this->level0 + this->objects[this->line].level; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.set_top_level - */ -static void set_top_level(private_asn1_parser_t *this, u_int level0) -======= METHOD(asn1_parser_t, set_top_level, void, private_asn1_parser_t *this, u_int level0) ->>>>>>> upstream/4.5.1 { this->level0 = level0; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.set_flags - */ -static void set_flags(private_asn1_parser_t *this, bool implicit, bool private) -======= METHOD(asn1_parser_t, set_flags, void, private_asn1_parser_t *this, bool implicit, bool private) ->>>>>>> upstream/4.5.1 { this->implicit = implicit; this->private = private; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.success - */ -static bool success(private_asn1_parser_t *this) -======= METHOD(asn1_parser_t, success, bool, private_asn1_parser_t *this) ->>>>>>> upstream/4.5.1 { return this->success; } -<<<<<<< HEAD -/** - * Implementation of asn1_parser_t.destroy - */ -static void destroy(private_asn1_parser_t *this) -======= METHOD(asn1_parser_t, destroy, void, private_asn1_parser_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -310,22 +268,6 @@ METHOD(asn1_parser_t, destroy, void, */ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) { -<<<<<<< HEAD - private_asn1_parser_t *this = malloc_thing(private_asn1_parser_t); - - memset(this, '\0', sizeof(private_asn1_parser_t)); - this->objects = objects; - this->blobs[0] = blob; - this->line = -1; - this->success = TRUE; - - this->public.iterate = (bool (*)(asn1_parser_t*, int*, chunk_t*))iterate; - this->public.get_level = (u_int (*)(asn1_parser_t*))get_level; - this->public.set_top_level = (void (*)(asn1_parser_t*, u_int))set_top_level; - this->public.set_flags = (void (*)(asn1_parser_t*, bool, bool))set_flags; - this->public.success = (bool (*)(asn1_parser_t*))success; - this->public.destroy = (void (*)(asn1_parser_t*))destroy; -======= private_asn1_parser_t *this; INIT(this, @@ -342,7 +284,6 @@ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) .line = -1, .success = TRUE, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index b823d6189..6af088fd2 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -10,364 +10,6 @@ #include "oid.h" const oid_t oid_names[] = { -<<<<<<< HEAD - {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ - { 0x82, 0, 1, 1, "" }, /* 1 */ - { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ - { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */ - { 0x0A, 0, 1, 4, "" }, /* 4 */ - { 0x07, 0, 1, 5, "" }, /* 5 */ - { 0x14, 0, 0, 6, "ND" }, /* 6 */ - {0x09, 18, 1, 0, "data" }, /* 7 */ - { 0x92, 0, 1, 1, "" }, /* 8 */ - { 0x26, 0, 1, 2, "" }, /* 9 */ - { 0x89, 0, 1, 3, "" }, /* 10 */ - { 0x93, 0, 1, 4, "" }, /* 11 */ - { 0xF2, 0, 1, 5, "" }, /* 12 */ - { 0x2C, 0, 1, 6, "" }, /* 13 */ - { 0x64, 0, 1, 7, "pilot" }, /* 14 */ - { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ - { 0x01, 17, 0, 9, "UID" }, /* 16 */ - { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 64, 1, 0, "X.500" }, /* 18 */ - { 0x04, 36, 1, 1, "X.509" }, /* 19 */ - { 0x03, 21, 0, 2, "CN" }, /* 20 */ - { 0x04, 22, 0, 2, "S" }, /* 21 */ - { 0x05, 23, 0, 2, "SN" }, /* 22 */ - { 0x06, 24, 0, 2, "C" }, /* 23 */ - { 0x07, 25, 0, 2, "L" }, /* 24 */ - { 0x08, 26, 0, 2, "ST" }, /* 25 */ - { 0x0A, 27, 0, 2, "O" }, /* 26 */ - { 0x0B, 28, 0, 2, "OU" }, /* 27 */ - { 0x0C, 29, 0, 2, "T" }, /* 28 */ - { 0x0D, 30, 0, 2, "D" }, /* 29 */ - { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */ - { 0x29, 32, 0, 2, "N" }, /* 31 */ - { 0x2A, 33, 0, 2, "G" }, /* 32 */ - { 0x2B, 34, 0, 2, "I" }, /* 33 */ - { 0x2D, 35, 0, 2, "ID" }, /* 34 */ - { 0x48, 0, 0, 2, "role" }, /* 35 */ - { 0x1D, 0, 1, 1, "id-ce" }, /* 36 */ - { 0x09, 38, 0, 2, "subjectDirectoryAttrs" }, /* 37 */ - { 0x0E, 39, 0, 2, "subjectKeyIdentifier" }, /* 38 */ - { 0x0F, 40, 0, 2, "keyUsage" }, /* 39 */ - { 0x10, 41, 0, 2, "privateKeyUsagePeriod" }, /* 40 */ - { 0x11, 42, 0, 2, "subjectAltName" }, /* 41 */ - { 0x12, 43, 0, 2, "issuerAltName" }, /* 42 */ - { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */ - { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */ - { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */ - { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */ - { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */ - { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */ - { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */ - { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */ - { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */ - { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */ - { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */ - { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */ - { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */ - { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */ - { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */ - { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */ - { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */ - { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */ - { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ - { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ - {0x2A, 161, 1, 0, "" }, /* 64 */ - { 0x83, 77, 1, 1, "" }, /* 65 */ - { 0x08, 0, 1, 2, "jp" }, /* 66 */ - { 0x8C, 0, 1, 3, "" }, /* 67 */ - { 0x9A, 0, 1, 4, "" }, /* 68 */ - { 0x4B, 0, 1, 5, "" }, /* 69 */ - { 0x3D, 0, 1, 6, "" }, /* 70 */ - { 0x01, 0, 1, 7, "security" }, /* 71 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 72 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */ - { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */ - { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ - { 0x86, 0, 1, 1, "" }, /* 77 */ - { 0x48, 0, 1, 2, "us" }, /* 78 */ - { 0x86, 120, 1, 3, "" }, /* 79 */ - { 0xF6, 85, 1, 4, "" }, /* 80 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ - { 0xF7, 0, 1, 4, "" }, /* 85 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ - { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ - { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ - { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ - { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ - { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ - { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ - { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ - { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ - { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ - { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ - { 0x01, 99, 0, 8, "data" }, /* 98 */ - { 0x02, 100, 0, 8, "signedData" }, /* 99 */ - { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ - { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ - { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ - { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ - { 0x01, 106, 0, 8, "E" }, /* 105 */ - { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ - { 0x03, 108, 0, 8, "contentType" }, /* 107 */ - { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ - { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ - { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ - { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ - { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ - { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ - { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ - { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ - { 0x02, 117, 0, 7, "md2" }, /* 116 */ - { 0x05, 0, 0, 7, "md5" }, /* 117 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ - { 0xCE, 0, 1, 3, "" }, /* 120 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ - { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ - { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ - { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ - { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ - { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ - { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ - { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ - { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ - { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ - { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ - { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ - { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ - { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ - { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ - { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ - { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ - { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ - { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ - { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ - { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ - { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ - { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ - { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ - { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ - { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ - { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ - { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ - { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ - { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ - { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ - { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ - { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ - {0x2B, 309, 1, 0, "" }, /* 161 */ - { 0x06, 223, 1, 1, "dod" }, /* 162 */ - { 0x01, 0, 1, 2, "internet" }, /* 163 */ - { 0x04, 183, 1, 3, "private" }, /* 164 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ - { 0x82, 176, 1, 5, "" }, /* 166 */ - { 0x37, 0, 1, 6, "Microsoft" }, /* 167 */ - { 0x0A, 172, 1, 7, "" }, /* 168 */ - { 0x03, 0, 1, 8, "" }, /* 169 */ - { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ - { 0x02, 175, 0, 9, "msSmartcardLogon" }, /* 174 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 175 */ - { 0x89, 0, 1, 5, "" }, /* 176 */ - { 0x31, 0, 1, 6, "" }, /* 177 */ - { 0x01, 0, 1, 7, "" }, /* 178 */ - { 0x01, 0, 1, 8, "" }, /* 179 */ - { 0x02, 0, 1, 9, "" }, /* 180 */ - { 0x02, 182, 0, 10, "" }, /* 181 */ - { 0x4B, 0, 0, 10, "TCGID" }, /* 182 */ - { 0x05, 0, 1, 3, "security" }, /* 183 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 184 */ - { 0x07, 0, 1, 5, "id-pkix" }, /* 185 */ - { 0x01, 190, 1, 6, "id-pe" }, /* 186 */ - { 0x01, 188, 0, 7, "authorityInfoAccess" }, /* 187 */ - { 0x03, 189, 0, 7, "qcStatements" }, /* 188 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 189 */ - { 0x02, 193, 1, 6, "id-qt" }, /* 190 */ - { 0x01, 192, 0, 7, "cps" }, /* 191 */ - { 0x02, 0, 0, 7, "unotice" }, /* 192 */ - { 0x03, 203, 1, 6, "id-kp" }, /* 193 */ - { 0x01, 195, 0, 7, "serverAuth" }, /* 194 */ - { 0x02, 196, 0, 7, "clientAuth" }, /* 195 */ - { 0x03, 197, 0, 7, "codeSigning" }, /* 196 */ - { 0x04, 198, 0, 7, "emailProtection" }, /* 197 */ - { 0x05, 199, 0, 7, "ipsecEndSystem" }, /* 198 */ - { 0x06, 200, 0, 7, "ipsecTunnel" }, /* 199 */ - { 0x07, 201, 0, 7, "ipsecUser" }, /* 200 */ - { 0x08, 202, 0, 7, "timeStamping" }, /* 201 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 202 */ - { 0x08, 205, 1, 6, "id-otherNames" }, /* 203 */ - { 0x05, 0, 0, 7, "xmppAddr" }, /* 204 */ - { 0x0A, 210, 1, 6, "id-aca" }, /* 205 */ - { 0x01, 207, 0, 7, "authenticationInfo" }, /* 206 */ - { 0x02, 208, 0, 7, "accessIdentity" }, /* 207 */ - { 0x03, 209, 0, 7, "chargingIdentity" }, /* 208 */ - { 0x04, 0, 0, 7, "group" }, /* 209 */ - { 0x0B, 211, 0, 6, "subjectInfoAccess" }, /* 210 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 211 */ - { 0x01, 220, 1, 7, "ocsp" }, /* 212 */ - { 0x01, 214, 0, 8, "basic" }, /* 213 */ - { 0x02, 215, 0, 8, "nonce" }, /* 214 */ - { 0x03, 216, 0, 8, "crl" }, /* 215 */ - { 0x04, 217, 0, 8, "response" }, /* 216 */ - { 0x05, 218, 0, 8, "noCheck" }, /* 217 */ - { 0x06, 219, 0, 8, "archiveCutoff" }, /* 218 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 219 */ - { 0x02, 221, 0, 7, "caIssuers" }, /* 220 */ - { 0x03, 222, 0, 7, "timeStamping" }, /* 221 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 222 */ - { 0x0E, 229, 1, 1, "oiw" }, /* 223 */ - { 0x03, 0, 1, 2, "secsig" }, /* 224 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 225 */ - { 0x07, 227, 0, 4, "des-cbc" }, /* 226 */ - { 0x1A, 228, 0, 4, "sha-1" }, /* 227 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 228 */ - { 0x24, 275, 1, 1, "TeleTrusT" }, /* 229 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 230 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 231 */ - { 0x01, 236, 1, 4, "rsaSignature" }, /* 232 */ - { 0x02, 234, 0, 5, "rsaSigWithripemd160" }, /* 233 */ - { 0x03, 235, 0, 5, "rsaSigWithripemd128" }, /* 234 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 235 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 236 */ - { 0x01, 238, 0, 5, "ecSignWithsha1" }, /* 237 */ - { 0x02, 239, 0, 5, "ecSignWithripemd160" }, /* 238 */ - { 0x03, 240, 0, 5, "ecSignWithmd2" }, /* 239 */ - { 0x04, 241, 0, 5, "ecSignWithmd5" }, /* 240 */ - { 0x05, 258, 1, 5, "ttt-ecg" }, /* 241 */ - { 0x01, 246, 1, 6, "fieldType" }, /* 242 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 243 */ - { 0x01, 0, 1, 8, "basisType" }, /* 244 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 245 */ - { 0x02, 248, 1, 6, "keyType" }, /* 246 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 247 */ - { 0x03, 249, 0, 6, "curve" }, /* 248 */ - { 0x04, 256, 1, 6, "signatures" }, /* 249 */ - { 0x01, 251, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 250 */ - { 0x02, 252, 0, 7, "ecgdsa-with-SHA1" }, /* 251 */ - { 0x03, 253, 0, 7, "ecgdsa-with-SHA224" }, /* 252 */ - { 0x04, 254, 0, 7, "ecgdsa-with-SHA256" }, /* 253 */ - { 0x05, 255, 0, 7, "ecgdsa-with-SHA384" }, /* 254 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 255 */ - { 0x05, 0, 1, 6, "module" }, /* 256 */ - { 0x01, 0, 0, 7, "1" }, /* 257 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 258 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 259 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 260 */ - { 0x01, 262, 0, 8, "brainpoolP160r1" }, /* 261 */ - { 0x02, 263, 0, 8, "brainpoolP160t1" }, /* 262 */ - { 0x03, 264, 0, 8, "brainpoolP192r1" }, /* 263 */ - { 0x04, 265, 0, 8, "brainpoolP192t1" }, /* 264 */ - { 0x05, 266, 0, 8, "brainpoolP224r1" }, /* 265 */ - { 0x06, 267, 0, 8, "brainpoolP224t1" }, /* 266 */ - { 0x07, 268, 0, 8, "brainpoolP256r1" }, /* 267 */ - { 0x08, 269, 0, 8, "brainpoolP256t1" }, /* 268 */ - { 0x09, 270, 0, 8, "brainpoolP320r1" }, /* 269 */ - { 0x0A, 271, 0, 8, "brainpoolP320t1" }, /* 270 */ - { 0x0B, 272, 0, 8, "brainpoolP384r1" }, /* 271 */ - { 0x0C, 273, 0, 8, "brainpoolP384t1" }, /* 272 */ - { 0x0D, 274, 0, 8, "brainpoolP512r1" }, /* 273 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 274 */ - { 0x81, 0, 1, 1, "" }, /* 275 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 276 */ - { 0x00, 0, 1, 3, "curve" }, /* 277 */ - { 0x01, 279, 0, 4, "sect163k1" }, /* 278 */ - { 0x02, 280, 0, 4, "sect163r1" }, /* 279 */ - { 0x03, 281, 0, 4, "sect239k1" }, /* 280 */ - { 0x04, 282, 0, 4, "sect113r1" }, /* 281 */ - { 0x05, 283, 0, 4, "sect113r2" }, /* 282 */ - { 0x06, 284, 0, 4, "secp112r1" }, /* 283 */ - { 0x07, 285, 0, 4, "secp112r2" }, /* 284 */ - { 0x08, 286, 0, 4, "secp160r1" }, /* 285 */ - { 0x09, 287, 0, 4, "secp160k1" }, /* 286 */ - { 0x0A, 288, 0, 4, "secp256k1" }, /* 287 */ - { 0x0F, 289, 0, 4, "sect163r2" }, /* 288 */ - { 0x10, 290, 0, 4, "sect283k1" }, /* 289 */ - { 0x11, 291, 0, 4, "sect283r1" }, /* 290 */ - { 0x16, 292, 0, 4, "sect131r1" }, /* 291 */ - { 0x17, 293, 0, 4, "sect131r2" }, /* 292 */ - { 0x18, 294, 0, 4, "sect193r1" }, /* 293 */ - { 0x19, 295, 0, 4, "sect193r2" }, /* 294 */ - { 0x1A, 296, 0, 4, "sect233k1" }, /* 295 */ - { 0x1B, 297, 0, 4, "sect233r1" }, /* 296 */ - { 0x1C, 298, 0, 4, "secp128r1" }, /* 297 */ - { 0x1D, 299, 0, 4, "secp128r2" }, /* 298 */ - { 0x1E, 300, 0, 4, "secp160r2" }, /* 299 */ - { 0x1F, 301, 0, 4, "secp192k1" }, /* 300 */ - { 0x20, 302, 0, 4, "secp224k1" }, /* 301 */ - { 0x21, 303, 0, 4, "secp224r1" }, /* 302 */ - { 0x22, 304, 0, 4, "secp384r1" }, /* 303 */ - { 0x23, 305, 0, 4, "secp521r1" }, /* 304 */ - { 0x24, 306, 0, 4, "sect409k1" }, /* 305 */ - { 0x25, 307, 0, 4, "sect409r1" }, /* 306 */ - { 0x26, 308, 0, 4, "sect571k1" }, /* 307 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 308 */ - {0x60, 0, 1, 0, "" }, /* 309 */ - { 0x86, 0, 1, 1, "" }, /* 310 */ - { 0x48, 0, 1, 2, "" }, /* 311 */ - { 0x01, 0, 1, 3, "organization" }, /* 312 */ - { 0x65, 331, 1, 4, "gov" }, /* 313 */ - { 0x03, 0, 1, 5, "csor" }, /* 314 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 315 */ - { 0x01, 326, 1, 7, "aes" }, /* 316 */ - { 0x02, 318, 0, 8, "id-aes128-CBC" }, /* 317 */ - { 0x06, 319, 0, 8, "id-aes128-GCM" }, /* 318 */ - { 0x07, 320, 0, 8, "id-aes128-CCM" }, /* 319 */ - { 0x16, 321, 0, 8, "id-aes192-CBC" }, /* 320 */ - { 0x1A, 322, 0, 8, "id-aes192-GCM" }, /* 321 */ - { 0x1B, 323, 0, 8, "id-aes192-CCM" }, /* 322 */ - { 0x2A, 324, 0, 8, "id-aes256-CBC" }, /* 323 */ - { 0x2E, 325, 0, 8, "id-aes256-GCM" }, /* 324 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 325 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 326 */ - { 0x01, 328, 0, 8, "id-SHA-256" }, /* 327 */ - { 0x02, 329, 0, 8, "id-SHA-384" }, /* 328 */ - { 0x03, 330, 0, 8, "id-SHA-512" }, /* 329 */ - { 0x04, 0, 0, 8, "id-SHA-224" }, /* 330 */ - { 0x86, 0, 1, 4, "" }, /* 331 */ - { 0xf8, 0, 1, 5, "" }, /* 332 */ - { 0x42, 345, 1, 6, "netscape" }, /* 333 */ - { 0x01, 340, 1, 7, "" }, /* 334 */ - { 0x01, 336, 0, 8, "nsCertType" }, /* 335 */ - { 0x03, 337, 0, 8, "nsRevocationUrl" }, /* 336 */ - { 0x04, 338, 0, 8, "nsCaRevocationUrl" }, /* 337 */ - { 0x08, 339, 0, 8, "nsCaPolicyUrl" }, /* 338 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 339 */ - { 0x03, 343, 1, 7, "directory" }, /* 340 */ - { 0x01, 0, 1, 8, "" }, /* 341 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 342 */ - { 0x04, 0, 1, 7, "policy" }, /* 343 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 344 */ - { 0x45, 0, 1, 6, "verisign" }, /* 345 */ - { 0x01, 0, 1, 7, "pki" }, /* 346 */ - { 0x09, 0, 1, 8, "attributes" }, /* 347 */ - { 0x02, 349, 0, 9, "messageType" }, /* 348 */ - { 0x03, 350, 0, 9, "pkiStatus" }, /* 349 */ - { 0x04, 351, 0, 9, "failInfo" }, /* 350 */ - { 0x05, 352, 0, 9, "senderNonce" }, /* 351 */ - { 0x06, 353, 0, 9, "recipientNonce" }, /* 352 */ - { 0x07, 354, 0, 9, "transID" }, /* 353 */ - { 0x08, 355, 0, 9, "extensionReq" }, /* 354 */ - { 0x08, 0, 0, 9, "extensionReq" } /* 355 */ -======= {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ { 0x82, 0, 1, 1, "" }, /* 1 */ { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ @@ -432,7 +74,7 @@ const oid_t oid_names[] = { { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ - {0x2A, 161, 1, 0, "" }, /* 64 */ + {0x2A, 163, 1, 0, "" }, /* 64 */ { 0x83, 77, 1, 1, "" }, /* 65 */ { 0x08, 0, 1, 2, "jp" }, /* 66 */ { 0x8C, 0, 1, 3, "" }, /* 67 */ @@ -447,7 +89,7 @@ const oid_t oid_names[] = { { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ { 0x86, 0, 1, 1, "" }, /* 77 */ { 0x48, 0, 1, 2, "us" }, /* 78 */ - { 0x86, 120, 1, 3, "" }, /* 79 */ + { 0x86, 122, 1, 3, "" }, /* 79 */ { 0xF6, 85, 1, 4, "" }, /* 80 */ { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ @@ -455,277 +97,285 @@ const oid_t oid_names[] = { { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ { 0xF7, 0, 1, 4, "" }, /* 85 */ { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ - { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ - { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ + { 0x01, 117, 1, 6, "PKCS" }, /* 87 */ + { 0x01, 99, 1, 7, "PKCS-1" }, /* 88 */ { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ - { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ - { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ - { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ - { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ - { 0x01, 99, 0, 8, "data" }, /* 98 */ - { 0x02, 100, 0, 8, "signedData" }, /* 99 */ - { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ - { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ - { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ - { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ - { 0x01, 106, 0, 8, "E" }, /* 105 */ - { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ - { 0x03, 108, 0, 8, "contentType" }, /* 107 */ - { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ - { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ - { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ - { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ - { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ - { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ - { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ - { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ - { 0x02, 117, 0, 7, "md2" }, /* 116 */ - { 0x05, 0, 0, 7, "md5" }, /* 117 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ - { 0xCE, 0, 1, 3, "" }, /* 120 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ - { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ - { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ - { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ - { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ - { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ - { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ - { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ - { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ - { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ - { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ - { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ - { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ - { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ - { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ - { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ - { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ - { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ - { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ - { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ - { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ - { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ - { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ - { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ - { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ - { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ - { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ - { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ - { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ - { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ - { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ - { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ - { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ - {0x2B, 312, 1, 0, "" }, /* 161 */ - { 0x06, 226, 1, 1, "dod" }, /* 162 */ - { 0x01, 0, 1, 2, "internet" }, /* 163 */ - { 0x04, 186, 1, 3, "private" }, /* 164 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ - { 0x82, 179, 1, 5, "" }, /* 166 */ - { 0x37, 176, 1, 6, "Microsoft" }, /* 167 */ - { 0x0A, 172, 1, 7, "" }, /* 168 */ - { 0x03, 0, 1, 8, "" }, /* 169 */ - { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ - { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ - { 0x02, 175, 0, 9, "msSmartcardLogon" }, /* 174 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 175 */ - { 0xA0, 0, 1, 6, "" }, /* 176 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 177 */ - { 0x01, 0, 0, 8, "strongSwan" }, /* 178 */ - { 0x89, 0, 1, 5, "" }, /* 179 */ - { 0x31, 0, 1, 6, "" }, /* 180 */ - { 0x01, 0, 1, 7, "" }, /* 181 */ - { 0x01, 0, 1, 8, "" }, /* 182 */ - { 0x02, 0, 1, 9, "" }, /* 183 */ - { 0x02, 0, 1, 10, "" }, /* 184 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 185 */ - { 0x05, 0, 1, 3, "security" }, /* 186 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 187 */ - { 0x07, 0, 1, 5, "id-pkix" }, /* 188 */ - { 0x01, 193, 1, 6, "id-pe" }, /* 189 */ - { 0x01, 191, 0, 7, "authorityInfoAccess" }, /* 190 */ - { 0x03, 192, 0, 7, "qcStatements" }, /* 191 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 192 */ - { 0x02, 196, 1, 6, "id-qt" }, /* 193 */ - { 0x01, 195, 0, 7, "cps" }, /* 194 */ - { 0x02, 0, 0, 7, "unotice" }, /* 195 */ - { 0x03, 206, 1, 6, "id-kp" }, /* 196 */ - { 0x01, 198, 0, 7, "serverAuth" }, /* 197 */ - { 0x02, 199, 0, 7, "clientAuth" }, /* 198 */ - { 0x03, 200, 0, 7, "codeSigning" }, /* 199 */ - { 0x04, 201, 0, 7, "emailProtection" }, /* 200 */ - { 0x05, 202, 0, 7, "ipsecEndSystem" }, /* 201 */ - { 0x06, 203, 0, 7, "ipsecTunnel" }, /* 202 */ - { 0x07, 204, 0, 7, "ipsecUser" }, /* 203 */ - { 0x08, 205, 0, 7, "timeStamping" }, /* 204 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 205 */ - { 0x08, 208, 1, 6, "id-otherNames" }, /* 206 */ - { 0x05, 0, 0, 7, "xmppAddr" }, /* 207 */ - { 0x0A, 213, 1, 6, "id-aca" }, /* 208 */ - { 0x01, 210, 0, 7, "authenticationInfo" }, /* 209 */ - { 0x02, 211, 0, 7, "accessIdentity" }, /* 210 */ - { 0x03, 212, 0, 7, "chargingIdentity" }, /* 211 */ - { 0x04, 0, 0, 7, "group" }, /* 212 */ - { 0x0B, 214, 0, 6, "subjectInfoAccess" }, /* 213 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 214 */ - { 0x01, 223, 1, 7, "ocsp" }, /* 215 */ - { 0x01, 217, 0, 8, "basic" }, /* 216 */ - { 0x02, 218, 0, 8, "nonce" }, /* 217 */ - { 0x03, 219, 0, 8, "crl" }, /* 218 */ - { 0x04, 220, 0, 8, "response" }, /* 219 */ - { 0x05, 221, 0, 8, "noCheck" }, /* 220 */ - { 0x06, 222, 0, 8, "archiveCutoff" }, /* 221 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 222 */ - { 0x02, 224, 0, 7, "caIssuers" }, /* 223 */ - { 0x03, 225, 0, 7, "timeStamping" }, /* 224 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 225 */ - { 0x0E, 232, 1, 1, "oiw" }, /* 226 */ - { 0x03, 0, 1, 2, "secsig" }, /* 227 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 228 */ - { 0x07, 230, 0, 4, "des-cbc" }, /* 229 */ - { 0x1A, 231, 0, 4, "sha-1" }, /* 230 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 231 */ - { 0x24, 278, 1, 1, "TeleTrusT" }, /* 232 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 233 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 234 */ - { 0x01, 239, 1, 4, "rsaSignature" }, /* 235 */ - { 0x02, 237, 0, 5, "rsaSigWithripemd160" }, /* 236 */ - { 0x03, 238, 0, 5, "rsaSigWithripemd128" }, /* 237 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 238 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 239 */ - { 0x01, 241, 0, 5, "ecSignWithsha1" }, /* 240 */ - { 0x02, 242, 0, 5, "ecSignWithripemd160" }, /* 241 */ - { 0x03, 243, 0, 5, "ecSignWithmd2" }, /* 242 */ - { 0x04, 244, 0, 5, "ecSignWithmd5" }, /* 243 */ - { 0x05, 261, 1, 5, "ttt-ecg" }, /* 244 */ - { 0x01, 249, 1, 6, "fieldType" }, /* 245 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 246 */ - { 0x01, 0, 1, 8, "basisType" }, /* 247 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 248 */ - { 0x02, 251, 1, 6, "keyType" }, /* 249 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 250 */ - { 0x03, 252, 0, 6, "curve" }, /* 251 */ - { 0x04, 259, 1, 6, "signatures" }, /* 252 */ - { 0x01, 254, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 253 */ - { 0x02, 255, 0, 7, "ecgdsa-with-SHA1" }, /* 254 */ - { 0x03, 256, 0, 7, "ecgdsa-with-SHA224" }, /* 255 */ - { 0x04, 257, 0, 7, "ecgdsa-with-SHA256" }, /* 256 */ - { 0x05, 258, 0, 7, "ecgdsa-with-SHA384" }, /* 257 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 258 */ - { 0x05, 0, 1, 6, "module" }, /* 259 */ - { 0x01, 0, 0, 7, "1" }, /* 260 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 261 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 262 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 263 */ - { 0x01, 265, 0, 8, "brainpoolP160r1" }, /* 264 */ - { 0x02, 266, 0, 8, "brainpoolP160t1" }, /* 265 */ - { 0x03, 267, 0, 8, "brainpoolP192r1" }, /* 266 */ - { 0x04, 268, 0, 8, "brainpoolP192t1" }, /* 267 */ - { 0x05, 269, 0, 8, "brainpoolP224r1" }, /* 268 */ - { 0x06, 270, 0, 8, "brainpoolP224t1" }, /* 269 */ - { 0x07, 271, 0, 8, "brainpoolP256r1" }, /* 270 */ - { 0x08, 272, 0, 8, "brainpoolP256t1" }, /* 271 */ - { 0x09, 273, 0, 8, "brainpoolP320r1" }, /* 272 */ - { 0x0A, 274, 0, 8, "brainpoolP320t1" }, /* 273 */ - { 0x0B, 275, 0, 8, "brainpoolP384r1" }, /* 274 */ - { 0x0C, 276, 0, 8, "brainpoolP384t1" }, /* 275 */ - { 0x0D, 277, 0, 8, "brainpoolP512r1" }, /* 276 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 277 */ - { 0x81, 0, 1, 1, "" }, /* 278 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 279 */ - { 0x00, 0, 1, 3, "curve" }, /* 280 */ - { 0x01, 282, 0, 4, "sect163k1" }, /* 281 */ - { 0x02, 283, 0, 4, "sect163r1" }, /* 282 */ - { 0x03, 284, 0, 4, "sect239k1" }, /* 283 */ - { 0x04, 285, 0, 4, "sect113r1" }, /* 284 */ - { 0x05, 286, 0, 4, "sect113r2" }, /* 285 */ - { 0x06, 287, 0, 4, "secp112r1" }, /* 286 */ - { 0x07, 288, 0, 4, "secp112r2" }, /* 287 */ - { 0x08, 289, 0, 4, "secp160r1" }, /* 288 */ - { 0x09, 290, 0, 4, "secp160k1" }, /* 289 */ - { 0x0A, 291, 0, 4, "secp256k1" }, /* 290 */ - { 0x0F, 292, 0, 4, "sect163r2" }, /* 291 */ - { 0x10, 293, 0, 4, "sect283k1" }, /* 292 */ - { 0x11, 294, 0, 4, "sect283r1" }, /* 293 */ - { 0x16, 295, 0, 4, "sect131r1" }, /* 294 */ - { 0x17, 296, 0, 4, "sect131r2" }, /* 295 */ - { 0x18, 297, 0, 4, "sect193r1" }, /* 296 */ - { 0x19, 298, 0, 4, "sect193r2" }, /* 297 */ - { 0x1A, 299, 0, 4, "sect233k1" }, /* 298 */ - { 0x1B, 300, 0, 4, "sect233r1" }, /* 299 */ - { 0x1C, 301, 0, 4, "secp128r1" }, /* 300 */ - { 0x1D, 302, 0, 4, "secp128r2" }, /* 301 */ - { 0x1E, 303, 0, 4, "secp160r2" }, /* 302 */ - { 0x1F, 304, 0, 4, "secp192k1" }, /* 303 */ - { 0x20, 305, 0, 4, "secp224k1" }, /* 304 */ - { 0x21, 306, 0, 4, "secp224r1" }, /* 305 */ - { 0x22, 307, 0, 4, "secp384r1" }, /* 306 */ - { 0x23, 308, 0, 4, "secp521r1" }, /* 307 */ - { 0x24, 309, 0, 4, "sect409k1" }, /* 308 */ - { 0x25, 310, 0, 4, "sect409r1" }, /* 309 */ - { 0x26, 311, 0, 4, "sect571k1" }, /* 310 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 311 */ - {0x60, 0, 1, 0, "" }, /* 312 */ - { 0x86, 0, 1, 1, "" }, /* 313 */ - { 0x48, 0, 1, 2, "" }, /* 314 */ - { 0x01, 0, 1, 3, "organization" }, /* 315 */ - { 0x65, 334, 1, 4, "gov" }, /* 316 */ - { 0x03, 0, 1, 5, "csor" }, /* 317 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 318 */ - { 0x01, 329, 1, 7, "aes" }, /* 319 */ - { 0x02, 321, 0, 8, "id-aes128-CBC" }, /* 320 */ - { 0x06, 322, 0, 8, "id-aes128-GCM" }, /* 321 */ - { 0x07, 323, 0, 8, "id-aes128-CCM" }, /* 322 */ - { 0x16, 324, 0, 8, "id-aes192-CBC" }, /* 323 */ - { 0x1A, 325, 0, 8, "id-aes192-GCM" }, /* 324 */ - { 0x1B, 326, 0, 8, "id-aes192-CCM" }, /* 325 */ - { 0x2A, 327, 0, 8, "id-aes256-CBC" }, /* 326 */ - { 0x2E, 328, 0, 8, "id-aes256-GCM" }, /* 327 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 328 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 329 */ - { 0x01, 331, 0, 8, "id-SHA-256" }, /* 330 */ - { 0x02, 332, 0, 8, "id-SHA-384" }, /* 331 */ - { 0x03, 333, 0, 8, "id-SHA-512" }, /* 332 */ - { 0x04, 0, 0, 8, "id-SHA-224" }, /* 333 */ - { 0x86, 0, 1, 4, "" }, /* 334 */ - { 0xf8, 0, 1, 5, "" }, /* 335 */ - { 0x42, 348, 1, 6, "netscape" }, /* 336 */ - { 0x01, 343, 1, 7, "" }, /* 337 */ - { 0x01, 339, 0, 8, "nsCertType" }, /* 338 */ - { 0x03, 340, 0, 8, "nsRevocationUrl" }, /* 339 */ - { 0x04, 341, 0, 8, "nsCaRevocationUrl" }, /* 340 */ - { 0x08, 342, 0, 8, "nsCaPolicyUrl" }, /* 341 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 342 */ - { 0x03, 346, 1, 7, "directory" }, /* 343 */ - { 0x01, 0, 1, 8, "" }, /* 344 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 345 */ - { 0x04, 0, 1, 7, "policy" }, /* 346 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 347 */ - { 0x45, 0, 1, 6, "verisign" }, /* 348 */ - { 0x01, 0, 1, 7, "pki" }, /* 349 */ - { 0x09, 0, 1, 8, "attributes" }, /* 350 */ - { 0x02, 352, 0, 9, "messageType" }, /* 351 */ - { 0x03, 353, 0, 9, "pkiStatus" }, /* 352 */ - { 0x04, 354, 0, 9, "failInfo" }, /* 353 */ - { 0x05, 355, 0, 9, "senderNonce" }, /* 354 */ - { 0x06, 356, 0, 9, "recipientNonce" }, /* 355 */ - { 0x07, 357, 0, 9, "transID" }, /* 356 */ - { 0x08, 358, 0, 9, "extensionReq" }, /* 357 */ - { 0x08, 0, 0, 9, "extensionReq" } /* 358 */ ->>>>>>> upstream/4.5.1 + { 0x07, 94, 0, 8, "id-RSAES-OAEP" }, /* 93 */ + { 0x09, 95, 0, 8, "id-pSpecified" }, /* 94 */ + { 0x0B, 96, 0, 8, "sha256WithRSAEncryption" }, /* 95 */ + { 0x0C, 97, 0, 8, "sha384WithRSAEncryption" }, /* 96 */ + { 0x0D, 98, 0, 8, "sha512WithRSAEncryption" }, /* 97 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 98 */ + { 0x07, 106, 1, 7, "PKCS-7" }, /* 99 */ + { 0x01, 101, 0, 8, "data" }, /* 100 */ + { 0x02, 102, 0, 8, "signedData" }, /* 101 */ + { 0x03, 103, 0, 8, "envelopedData" }, /* 102 */ + { 0x04, 104, 0, 8, "signedAndEnvelopedData" }, /* 103 */ + { 0x05, 105, 0, 8, "digestedData" }, /* 104 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 105 */ + { 0x09, 0, 1, 7, "PKCS-9" }, /* 106 */ + { 0x01, 108, 0, 8, "E" }, /* 107 */ + { 0x02, 109, 0, 8, "unstructuredName" }, /* 108 */ + { 0x03, 110, 0, 8, "contentType" }, /* 109 */ + { 0x04, 111, 0, 8, "messageDigest" }, /* 110 */ + { 0x05, 112, 0, 8, "signingTime" }, /* 111 */ + { 0x06, 113, 0, 8, "counterSignature" }, /* 112 */ + { 0x07, 114, 0, 8, "challengePassword" }, /* 113 */ + { 0x08, 115, 0, 8, "unstructuredAddress" }, /* 114 */ + { 0x0E, 116, 0, 8, "extensionRequest" }, /* 115 */ + { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 116 */ + { 0x02, 120, 1, 6, "digestAlgorithm" }, /* 117 */ + { 0x02, 119, 0, 7, "md2" }, /* 118 */ + { 0x05, 0, 0, 7, "md5" }, /* 119 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 120 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 121 */ + { 0xCE, 0, 1, 3, "" }, /* 122 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 123 */ + { 0x02, 126, 1, 5, "id-publicKeyType" }, /* 124 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 125 */ + { 0x03, 156, 1, 5, "ellipticCurve" }, /* 126 */ + { 0x00, 148, 1, 6, "c-TwoCurve" }, /* 127 */ + { 0x01, 129, 0, 7, "c2pnb163v1" }, /* 128 */ + { 0x02, 130, 0, 7, "c2pnb163v2" }, /* 129 */ + { 0x03, 131, 0, 7, "c2pnb163v3" }, /* 130 */ + { 0x04, 132, 0, 7, "c2pnb176w1" }, /* 131 */ + { 0x05, 133, 0, 7, "c2tnb191v1" }, /* 132 */ + { 0x06, 134, 0, 7, "c2tnb191v2" }, /* 133 */ + { 0x07, 135, 0, 7, "c2tnb191v3" }, /* 134 */ + { 0x08, 136, 0, 7, "c2onb191v4" }, /* 135 */ + { 0x09, 137, 0, 7, "c2onb191v5" }, /* 136 */ + { 0x0A, 138, 0, 7, "c2pnb208w1" }, /* 137 */ + { 0x0B, 139, 0, 7, "c2tnb239v1" }, /* 138 */ + { 0x0C, 140, 0, 7, "c2tnb239v2" }, /* 139 */ + { 0x0D, 141, 0, 7, "c2tnb239v3" }, /* 140 */ + { 0x0E, 142, 0, 7, "c2onb239v4" }, /* 141 */ + { 0x0F, 143, 0, 7, "c2onb239v5" }, /* 142 */ + { 0x10, 144, 0, 7, "c2pnb272w1" }, /* 143 */ + { 0x11, 145, 0, 7, "c2pnb304w1" }, /* 144 */ + { 0x12, 146, 0, 7, "c2tnb359v1" }, /* 145 */ + { 0x13, 147, 0, 7, "c2pnb368w1" }, /* 146 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 147 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 148 */ + { 0x01, 150, 0, 7, "prime192v1" }, /* 149 */ + { 0x02, 151, 0, 7, "prime192v2" }, /* 150 */ + { 0x03, 152, 0, 7, "prime192v3" }, /* 151 */ + { 0x04, 153, 0, 7, "prime239v1" }, /* 152 */ + { 0x05, 154, 0, 7, "prime239v2" }, /* 153 */ + { 0x06, 155, 0, 7, "prime239v3" }, /* 154 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 155 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 156 */ + { 0x01, 158, 0, 6, "ecdsa-with-SHA1" }, /* 157 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 158 */ + { 0x01, 160, 0, 7, "ecdsa-with-SHA224" }, /* 159 */ + { 0x02, 161, 0, 7, "ecdsa-with-SHA256" }, /* 160 */ + { 0x03, 162, 0, 7, "ecdsa-with-SHA384" }, /* 161 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 162 */ + {0x2B, 314, 1, 0, "" }, /* 163 */ + { 0x06, 228, 1, 1, "dod" }, /* 164 */ + { 0x01, 0, 1, 2, "internet" }, /* 165 */ + { 0x04, 188, 1, 3, "private" }, /* 166 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 167 */ + { 0x82, 181, 1, 5, "" }, /* 168 */ + { 0x37, 178, 1, 6, "Microsoft" }, /* 169 */ + { 0x0A, 174, 1, 7, "" }, /* 170 */ + { 0x03, 0, 1, 8, "" }, /* 171 */ + { 0x03, 173, 0, 9, "msSGC" }, /* 172 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 173 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 174 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 175 */ + { 0x02, 177, 0, 9, "msSmartcardLogon" }, /* 176 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 177 */ + { 0xA0, 0, 1, 6, "" }, /* 178 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 179 */ + { 0x01, 0, 0, 8, "strongSwan" }, /* 180 */ + { 0x89, 0, 1, 5, "" }, /* 181 */ + { 0x31, 0, 1, 6, "" }, /* 182 */ + { 0x01, 0, 1, 7, "" }, /* 183 */ + { 0x01, 0, 1, 8, "" }, /* 184 */ + { 0x02, 0, 1, 9, "" }, /* 185 */ + { 0x02, 0, 1, 10, "" }, /* 186 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 187 */ + { 0x05, 0, 1, 3, "security" }, /* 188 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 189 */ + { 0x07, 0, 1, 5, "id-pkix" }, /* 190 */ + { 0x01, 195, 1, 6, "id-pe" }, /* 191 */ + { 0x01, 193, 0, 7, "authorityInfoAccess" }, /* 192 */ + { 0x03, 194, 0, 7, "qcStatements" }, /* 193 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 194 */ + { 0x02, 198, 1, 6, "id-qt" }, /* 195 */ + { 0x01, 197, 0, 7, "cps" }, /* 196 */ + { 0x02, 0, 0, 7, "unotice" }, /* 197 */ + { 0x03, 208, 1, 6, "id-kp" }, /* 198 */ + { 0x01, 200, 0, 7, "serverAuth" }, /* 199 */ + { 0x02, 201, 0, 7, "clientAuth" }, /* 200 */ + { 0x03, 202, 0, 7, "codeSigning" }, /* 201 */ + { 0x04, 203, 0, 7, "emailProtection" }, /* 202 */ + { 0x05, 204, 0, 7, "ipsecEndSystem" }, /* 203 */ + { 0x06, 205, 0, 7, "ipsecTunnel" }, /* 204 */ + { 0x07, 206, 0, 7, "ipsecUser" }, /* 205 */ + { 0x08, 207, 0, 7, "timeStamping" }, /* 206 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 207 */ + { 0x08, 210, 1, 6, "id-otherNames" }, /* 208 */ + { 0x05, 0, 0, 7, "xmppAddr" }, /* 209 */ + { 0x0A, 215, 1, 6, "id-aca" }, /* 210 */ + { 0x01, 212, 0, 7, "authenticationInfo" }, /* 211 */ + { 0x02, 213, 0, 7, "accessIdentity" }, /* 212 */ + { 0x03, 214, 0, 7, "chargingIdentity" }, /* 213 */ + { 0x04, 0, 0, 7, "group" }, /* 214 */ + { 0x0B, 216, 0, 6, "subjectInfoAccess" }, /* 215 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 216 */ + { 0x01, 225, 1, 7, "ocsp" }, /* 217 */ + { 0x01, 219, 0, 8, "basic" }, /* 218 */ + { 0x02, 220, 0, 8, "nonce" }, /* 219 */ + { 0x03, 221, 0, 8, "crl" }, /* 220 */ + { 0x04, 222, 0, 8, "response" }, /* 221 */ + { 0x05, 223, 0, 8, "noCheck" }, /* 222 */ + { 0x06, 224, 0, 8, "archiveCutoff" }, /* 223 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 224 */ + { 0x02, 226, 0, 7, "caIssuers" }, /* 225 */ + { 0x03, 227, 0, 7, "timeStamping" }, /* 226 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 227 */ + { 0x0E, 234, 1, 1, "oiw" }, /* 228 */ + { 0x03, 0, 1, 2, "secsig" }, /* 229 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 230 */ + { 0x07, 232, 0, 4, "des-cbc" }, /* 231 */ + { 0x1A, 233, 0, 4, "sha-1" }, /* 232 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 233 */ + { 0x24, 280, 1, 1, "TeleTrusT" }, /* 234 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 235 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 236 */ + { 0x01, 241, 1, 4, "rsaSignature" }, /* 237 */ + { 0x02, 239, 0, 5, "rsaSigWithripemd160" }, /* 238 */ + { 0x03, 240, 0, 5, "rsaSigWithripemd128" }, /* 239 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 240 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 241 */ + { 0x01, 243, 0, 5, "ecSignWithsha1" }, /* 242 */ + { 0x02, 244, 0, 5, "ecSignWithripemd160" }, /* 243 */ + { 0x03, 245, 0, 5, "ecSignWithmd2" }, /* 244 */ + { 0x04, 246, 0, 5, "ecSignWithmd5" }, /* 245 */ + { 0x05, 263, 1, 5, "ttt-ecg" }, /* 246 */ + { 0x01, 251, 1, 6, "fieldType" }, /* 247 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 248 */ + { 0x01, 0, 1, 8, "basisType" }, /* 249 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 250 */ + { 0x02, 253, 1, 6, "keyType" }, /* 251 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 252 */ + { 0x03, 254, 0, 6, "curve" }, /* 253 */ + { 0x04, 261, 1, 6, "signatures" }, /* 254 */ + { 0x01, 256, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 255 */ + { 0x02, 257, 0, 7, "ecgdsa-with-SHA1" }, /* 256 */ + { 0x03, 258, 0, 7, "ecgdsa-with-SHA224" }, /* 257 */ + { 0x04, 259, 0, 7, "ecgdsa-with-SHA256" }, /* 258 */ + { 0x05, 260, 0, 7, "ecgdsa-with-SHA384" }, /* 259 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 260 */ + { 0x05, 0, 1, 6, "module" }, /* 261 */ + { 0x01, 0, 0, 7, "1" }, /* 262 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 263 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 264 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 265 */ + { 0x01, 267, 0, 8, "brainpoolP160r1" }, /* 266 */ + { 0x02, 268, 0, 8, "brainpoolP160t1" }, /* 267 */ + { 0x03, 269, 0, 8, "brainpoolP192r1" }, /* 268 */ + { 0x04, 270, 0, 8, "brainpoolP192t1" }, /* 269 */ + { 0x05, 271, 0, 8, "brainpoolP224r1" }, /* 270 */ + { 0x06, 272, 0, 8, "brainpoolP224t1" }, /* 271 */ + { 0x07, 273, 0, 8, "brainpoolP256r1" }, /* 272 */ + { 0x08, 274, 0, 8, "brainpoolP256t1" }, /* 273 */ + { 0x09, 275, 0, 8, "brainpoolP320r1" }, /* 274 */ + { 0x0A, 276, 0, 8, "brainpoolP320t1" }, /* 275 */ + { 0x0B, 277, 0, 8, "brainpoolP384r1" }, /* 276 */ + { 0x0C, 278, 0, 8, "brainpoolP384t1" }, /* 277 */ + { 0x0D, 279, 0, 8, "brainpoolP512r1" }, /* 278 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 279 */ + { 0x81, 0, 1, 1, "" }, /* 280 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 281 */ + { 0x00, 0, 1, 3, "curve" }, /* 282 */ + { 0x01, 284, 0, 4, "sect163k1" }, /* 283 */ + { 0x02, 285, 0, 4, "sect163r1" }, /* 284 */ + { 0x03, 286, 0, 4, "sect239k1" }, /* 285 */ + { 0x04, 287, 0, 4, "sect113r1" }, /* 286 */ + { 0x05, 288, 0, 4, "sect113r2" }, /* 287 */ + { 0x06, 289, 0, 4, "secp112r1" }, /* 288 */ + { 0x07, 290, 0, 4, "secp112r2" }, /* 289 */ + { 0x08, 291, 0, 4, "secp160r1" }, /* 290 */ + { 0x09, 292, 0, 4, "secp160k1" }, /* 291 */ + { 0x0A, 293, 0, 4, "secp256k1" }, /* 292 */ + { 0x0F, 294, 0, 4, "sect163r2" }, /* 293 */ + { 0x10, 295, 0, 4, "sect283k1" }, /* 294 */ + { 0x11, 296, 0, 4, "sect283r1" }, /* 295 */ + { 0x16, 297, 0, 4, "sect131r1" }, /* 296 */ + { 0x17, 298, 0, 4, "sect131r2" }, /* 297 */ + { 0x18, 299, 0, 4, "sect193r1" }, /* 298 */ + { 0x19, 300, 0, 4, "sect193r2" }, /* 299 */ + { 0x1A, 301, 0, 4, "sect233k1" }, /* 300 */ + { 0x1B, 302, 0, 4, "sect233r1" }, /* 301 */ + { 0x1C, 303, 0, 4, "secp128r1" }, /* 302 */ + { 0x1D, 304, 0, 4, "secp128r2" }, /* 303 */ + { 0x1E, 305, 0, 4, "secp160r2" }, /* 304 */ + { 0x1F, 306, 0, 4, "secp192k1" }, /* 305 */ + { 0x20, 307, 0, 4, "secp224k1" }, /* 306 */ + { 0x21, 308, 0, 4, "secp224r1" }, /* 307 */ + { 0x22, 309, 0, 4, "secp384r1" }, /* 308 */ + { 0x23, 310, 0, 4, "secp521r1" }, /* 309 */ + { 0x24, 311, 0, 4, "sect409k1" }, /* 310 */ + { 0x25, 312, 0, 4, "sect409r1" }, /* 311 */ + { 0x26, 313, 0, 4, "sect571k1" }, /* 312 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 313 */ + {0x60, 360, 1, 0, "" }, /* 314 */ + { 0x86, 0, 1, 1, "" }, /* 315 */ + { 0x48, 0, 1, 2, "" }, /* 316 */ + { 0x01, 0, 1, 3, "organization" }, /* 317 */ + { 0x65, 336, 1, 4, "gov" }, /* 318 */ + { 0x03, 0, 1, 5, "csor" }, /* 319 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 320 */ + { 0x01, 331, 1, 7, "aes" }, /* 321 */ + { 0x02, 323, 0, 8, "id-aes128-CBC" }, /* 322 */ + { 0x06, 324, 0, 8, "id-aes128-GCM" }, /* 323 */ + { 0x07, 325, 0, 8, "id-aes128-CCM" }, /* 324 */ + { 0x16, 326, 0, 8, "id-aes192-CBC" }, /* 325 */ + { 0x1A, 327, 0, 8, "id-aes192-GCM" }, /* 326 */ + { 0x1B, 328, 0, 8, "id-aes192-CCM" }, /* 327 */ + { 0x2A, 329, 0, 8, "id-aes256-CBC" }, /* 328 */ + { 0x2E, 330, 0, 8, "id-aes256-GCM" }, /* 329 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 330 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 331 */ + { 0x01, 333, 0, 8, "id-SHA-256" }, /* 332 */ + { 0x02, 334, 0, 8, "id-SHA-384" }, /* 333 */ + { 0x03, 335, 0, 8, "id-SHA-512" }, /* 334 */ + { 0x04, 0, 0, 8, "id-SHA-224" }, /* 335 */ + { 0x86, 0, 1, 4, "" }, /* 336 */ + { 0xf8, 0, 1, 5, "" }, /* 337 */ + { 0x42, 350, 1, 6, "netscape" }, /* 338 */ + { 0x01, 345, 1, 7, "" }, /* 339 */ + { 0x01, 341, 0, 8, "nsCertType" }, /* 340 */ + { 0x03, 342, 0, 8, "nsRevocationUrl" }, /* 341 */ + { 0x04, 343, 0, 8, "nsCaRevocationUrl" }, /* 342 */ + { 0x08, 344, 0, 8, "nsCaPolicyUrl" }, /* 343 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 344 */ + { 0x03, 348, 1, 7, "directory" }, /* 345 */ + { 0x01, 0, 1, 8, "" }, /* 346 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 347 */ + { 0x04, 0, 1, 7, "policy" }, /* 348 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 349 */ + { 0x45, 0, 1, 6, "verisign" }, /* 350 */ + { 0x01, 0, 1, 7, "pki" }, /* 351 */ + { 0x09, 0, 1, 8, "attributes" }, /* 352 */ + { 0x02, 354, 0, 9, "messageType" }, /* 353 */ + { 0x03, 355, 0, 9, "pkiStatus" }, /* 354 */ + { 0x04, 356, 0, 9, "failInfo" }, /* 355 */ + { 0x05, 357, 0, 9, "senderNonce" }, /* 356 */ + { 0x06, 358, 0, 9, "recipientNonce" }, /* 357 */ + { 0x07, 359, 0, 9, "transID" }, /* 358 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 359 */ + {0x67, 0, 1, 0, "" }, /* 360 */ + { 0x81, 0, 1, 1, "" }, /* 361 */ + { 0x05, 0, 1, 2, "" }, /* 362 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 363 */ + { 0x01, 365, 0, 4, "tcg-at-tpmManufacturer" }, /* 364 */ + { 0x02, 366, 0, 4, "tcg-at-tpmModel" }, /* 365 */ + { 0x03, 367, 0, 4, "tcg-at-tpmVersion" }, /* 366 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 367 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index e9de81ccf..61db061f7 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -49,16 +49,11 @@ extern const oid_t oid_names[]; #define OID_DELTA_CRL_INDICATOR 48 #define OID_NAME_CONSTRAINTS 51 #define OID_CRL_DISTRIBUTION_POINTS 52 -<<<<<<< HEAD -#define OID_ANY_POLICY 54 -#define OID_AUTHORITY_KEY_ID 56 -======= #define OID_CERTIFICATE_POLICIES 53 #define OID_ANY_POLICY 54 #define OID_POLICY_MAPPINGS 55 #define OID_AUTHORITY_KEY_ID 56 #define OID_POLICY_CONSTRAINTS 57 ->>>>>>> upstream/4.5.1 #define OID_EXTENDED_KEY_USAGE 58 #define OID_FRESHEST_CRL 60 #define OID_INHIBIT_ANY_POLICY 61 @@ -71,239 +66,155 @@ extern const oid_t oid_names[]; #define OID_MD2_WITH_RSA 90 #define OID_MD5_WITH_RSA 91 #define OID_SHA1_WITH_RSA 92 -#define OID_SHA256_WITH_RSA 93 -#define OID_SHA384_WITH_RSA 94 -#define OID_SHA512_WITH_RSA 95 -#define OID_SHA224_WITH_RSA 96 -#define OID_PKCS7_DATA 98 -#define OID_PKCS7_SIGNED_DATA 99 -#define OID_PKCS7_ENVELOPED_DATA 100 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 101 -#define OID_PKCS7_DIGESTED_DATA 102 -#define OID_PKCS7_ENCRYPTED_DATA 103 -#define OID_EMAIL_ADDRESS 105 -#define OID_UNSTRUCTURED_NAME 106 -#define OID_PKCS9_CONTENT_TYPE 107 -#define OID_PKCS9_MESSAGE_DIGEST 108 -#define OID_PKCS9_SIGNING_TIME 109 -#define OID_CHALLENGE_PASSWORD 111 -#define OID_EXTENSION_REQUEST 113 -#define OID_MD2 116 -#define OID_MD5 117 -#define OID_3DES_EDE_CBC 119 -#define OID_EC_PUBLICKEY 123 -#define OID_C2PNB163V1 126 -#define OID_C2PNB163V2 127 -#define OID_C2PNB163V3 128 -#define OID_C2PNB176W1 129 -#define OID_C2PNB191V1 130 -#define OID_C2PNB191V2 131 -#define OID_C2PNB191V3 132 -#define OID_C2PNB191V4 133 -#define OID_C2PNB191V5 134 -#define OID_C2PNB208W1 135 -#define OID_C2PNB239V1 136 -#define OID_C2PNB239V2 137 -#define OID_C2PNB239V3 138 -#define OID_C2PNB239V4 139 -#define OID_C2PNB239V5 140 -#define OID_C2PNB272W1 141 -#define OID_C2PNB304W1 142 -#define OID_C2PNB359V1 143 -#define OID_C2PNB368W1 144 -#define OID_C2PNB431R1 145 -#define OID_PRIME192V1 147 -#define OID_PRIME192V2 148 -#define OID_PRIME192V3 149 -#define OID_PRIME239V1 150 -#define OID_PRIME239V2 151 -#define OID_PRIME239V3 152 -#define OID_PRIME256V1 153 -#define OID_ECDSA_WITH_SHA1 155 -#define OID_ECDSA_WITH_SHA224 157 -#define OID_ECDSA_WITH_SHA256 158 -#define OID_ECDSA_WITH_SHA384 159 -#define OID_ECDSA_WITH_SHA512 160 -#define OID_USER_PRINCIPAL_NAME 175 -<<<<<<< HEAD -#define OID_TCGID 182 -#define OID_AUTHORITY_INFO_ACCESS 187 -#define OID_IP_ADDR_BLOCKS 189 -#define OID_SERVER_AUTH 194 -#define OID_CLIENT_AUTH 195 -#define OID_OCSP_SIGNING 202 -#define OID_XMPP_ADDR 204 -#define OID_AUTHENTICATION_INFO 206 -#define OID_ACCESS_IDENTITY 207 -#define OID_CHARGING_IDENTITY 208 -#define OID_GROUP 209 -#define OID_OCSP 212 -#define OID_BASIC 213 -#define OID_NONCE 214 -#define OID_CRL 215 -#define OID_RESPONSE 216 -#define OID_NO_CHECK 217 -#define OID_ARCHIVE_CUTOFF 218 -#define OID_SERVICE_LOCATOR 219 -#define OID_CA_ISSUERS 220 -#define OID_DES_CBC 226 -#define OID_SHA1 227 -#define OID_SHA1_WITH_RSA_OIW 228 -#define OID_ECGDSA_PUBKEY 247 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 250 -#define OID_ECGDSA_SIG_WITH_SHA1 251 -#define OID_ECGDSA_SIG_WITH_SHA224 252 -#define OID_ECGDSA_SIG_WITH_SHA256 253 -#define OID_ECGDSA_SIG_WITH_SHA384 254 -#define OID_ECGDSA_SIG_WITH_SHA512 255 -#define OID_SECT163K1 278 -#define OID_SECT163R1 279 -#define OID_SECT239K1 280 -#define OID_SECT113R1 281 -#define OID_SECT113R2 282 -#define OID_SECT112R1 283 -#define OID_SECT112R2 284 -#define OID_SECT160R1 285 -#define OID_SECT160K1 286 -#define OID_SECT256K1 287 -#define OID_SECT163R2 288 -#define OID_SECT283K1 289 -#define OID_SECT283R1 290 -#define OID_SECT131R1 291 -#define OID_SECT131R2 292 -#define OID_SECT193R1 293 -#define OID_SECT193R2 294 -#define OID_SECT233K1 295 -#define OID_SECT233R1 296 -#define OID_SECT128R1 297 -#define OID_SECT128R2 298 -#define OID_SECT160R2 299 -#define OID_SECT192K1 300 -#define OID_SECT224K1 301 -#define OID_SECT224R1 302 -#define OID_SECT384R1 303 -#define OID_SECT521R1 304 -#define OID_SECT409K1 305 -#define OID_SECT409R1 306 -#define OID_SECT571K1 307 -#define OID_SECT571R1 308 -#define OID_AES128_CBC 317 -#define OID_AES128_GCM 318 -#define OID_AES128_CCM 319 -#define OID_AES192_CBC 320 -#define OID_AES192_GCM 321 -#define OID_AES192_CCM 322 -#define OID_AES256_CBC 323 -#define OID_AES256_GCM 324 -#define OID_AES256_CCM 325 -#define OID_SHA256 327 -#define OID_SHA384 328 -#define OID_SHA512 329 -#define OID_SHA224 330 -#define OID_NS_REVOCATION_URL 336 -#define OID_NS_CA_REVOCATION_URL 337 -#define OID_NS_CA_POLICY_URL 338 -#define OID_NS_COMMENT 339 -#define OID_EMPLOYEE_NUMBER 342 -#define OID_PKI_MESSAGE_TYPE 348 -#define OID_PKI_STATUS 349 -#define OID_PKI_FAIL_INFO 350 -#define OID_PKI_SENDER_NONCE 351 -#define OID_PKI_RECIPIENT_NONCE 352 -#define OID_PKI_TRANS_ID 353 - -#define OID_MAX 356 -======= -#define OID_STRONGSWAN 178 -#define OID_TCGID 185 -#define OID_AUTHORITY_INFO_ACCESS 190 -#define OID_IP_ADDR_BLOCKS 192 -#define OID_POLICY_QUALIFIER_CPS 194 -#define OID_POLICY_QUALIFIER_UNOTICE 195 -#define OID_SERVER_AUTH 197 -#define OID_CLIENT_AUTH 198 -#define OID_OCSP_SIGNING 205 -#define OID_XMPP_ADDR 207 -#define OID_AUTHENTICATION_INFO 209 -#define OID_ACCESS_IDENTITY 210 -#define OID_CHARGING_IDENTITY 211 -#define OID_GROUP 212 -#define OID_OCSP 215 -#define OID_BASIC 216 -#define OID_NONCE 217 -#define OID_CRL 218 -#define OID_RESPONSE 219 -#define OID_NO_CHECK 220 -#define OID_ARCHIVE_CUTOFF 221 -#define OID_SERVICE_LOCATOR 222 -#define OID_CA_ISSUERS 223 -#define OID_DES_CBC 229 -#define OID_SHA1 230 -#define OID_SHA1_WITH_RSA_OIW 231 -#define OID_ECGDSA_PUBKEY 250 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 253 -#define OID_ECGDSA_SIG_WITH_SHA1 254 -#define OID_ECGDSA_SIG_WITH_SHA224 255 -#define OID_ECGDSA_SIG_WITH_SHA256 256 -#define OID_ECGDSA_SIG_WITH_SHA384 257 -#define OID_ECGDSA_SIG_WITH_SHA512 258 -#define OID_SECT163K1 281 -#define OID_SECT163R1 282 -#define OID_SECT239K1 283 -#define OID_SECT113R1 284 -#define OID_SECT113R2 285 -#define OID_SECT112R1 286 -#define OID_SECT112R2 287 -#define OID_SECT160R1 288 -#define OID_SECT160K1 289 -#define OID_SECT256K1 290 -#define OID_SECT163R2 291 -#define OID_SECT283K1 292 -#define OID_SECT283R1 293 -#define OID_SECT131R1 294 -#define OID_SECT131R2 295 -#define OID_SECT193R1 296 -#define OID_SECT193R2 297 -#define OID_SECT233K1 298 -#define OID_SECT233R1 299 -#define OID_SECT128R1 300 -#define OID_SECT128R2 301 -#define OID_SECT160R2 302 -#define OID_SECT192K1 303 -#define OID_SECT224K1 304 -#define OID_SECT224R1 305 -#define OID_SECT384R1 306 -#define OID_SECT521R1 307 -#define OID_SECT409K1 308 -#define OID_SECT409R1 309 -#define OID_SECT571K1 310 -#define OID_SECT571R1 311 -#define OID_AES128_CBC 320 -#define OID_AES128_GCM 321 -#define OID_AES128_CCM 322 -#define OID_AES192_CBC 323 -#define OID_AES192_GCM 324 -#define OID_AES192_CCM 325 -#define OID_AES256_CBC 326 -#define OID_AES256_GCM 327 -#define OID_AES256_CCM 328 -#define OID_SHA256 330 -#define OID_SHA384 331 -#define OID_SHA512 332 -#define OID_SHA224 333 -#define OID_NS_REVOCATION_URL 339 -#define OID_NS_CA_REVOCATION_URL 340 -#define OID_NS_CA_POLICY_URL 341 -#define OID_NS_COMMENT 342 -#define OID_EMPLOYEE_NUMBER 345 -#define OID_PKI_MESSAGE_TYPE 351 -#define OID_PKI_STATUS 352 -#define OID_PKI_FAIL_INFO 353 -#define OID_PKI_SENDER_NONCE 354 -#define OID_PKI_RECIPIENT_NONCE 355 -#define OID_PKI_TRANS_ID 356 +#define OID_RSAES_OAEP 93 +#define OID_SHA256_WITH_RSA 95 +#define OID_SHA384_WITH_RSA 96 +#define OID_SHA512_WITH_RSA 97 +#define OID_SHA224_WITH_RSA 98 +#define OID_PKCS7_DATA 100 +#define OID_PKCS7_SIGNED_DATA 101 +#define OID_PKCS7_ENVELOPED_DATA 102 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 103 +#define OID_PKCS7_DIGESTED_DATA 104 +#define OID_PKCS7_ENCRYPTED_DATA 105 +#define OID_EMAIL_ADDRESS 107 +#define OID_UNSTRUCTURED_NAME 108 +#define OID_PKCS9_CONTENT_TYPE 109 +#define OID_PKCS9_MESSAGE_DIGEST 110 +#define OID_PKCS9_SIGNING_TIME 111 +#define OID_CHALLENGE_PASSWORD 113 +#define OID_UNSTRUCTURED_ADDRESS 114 +#define OID_EXTENSION_REQUEST 115 +#define OID_MD2 118 +#define OID_MD5 119 +#define OID_3DES_EDE_CBC 121 +#define OID_EC_PUBLICKEY 125 +#define OID_C2PNB163V1 128 +#define OID_C2PNB163V2 129 +#define OID_C2PNB163V3 130 +#define OID_C2PNB176W1 131 +#define OID_C2PNB191V1 132 +#define OID_C2PNB191V2 133 +#define OID_C2PNB191V3 134 +#define OID_C2PNB191V4 135 +#define OID_C2PNB191V5 136 +#define OID_C2PNB208W1 137 +#define OID_C2PNB239V1 138 +#define OID_C2PNB239V2 139 +#define OID_C2PNB239V3 140 +#define OID_C2PNB239V4 141 +#define OID_C2PNB239V5 142 +#define OID_C2PNB272W1 143 +#define OID_C2PNB304W1 144 +#define OID_C2PNB359V1 145 +#define OID_C2PNB368W1 146 +#define OID_C2PNB431R1 147 +#define OID_PRIME192V1 149 +#define OID_PRIME192V2 150 +#define OID_PRIME192V3 151 +#define OID_PRIME239V1 152 +#define OID_PRIME239V2 153 +#define OID_PRIME239V3 154 +#define OID_PRIME256V1 155 +#define OID_ECDSA_WITH_SHA1 157 +#define OID_ECDSA_WITH_SHA224 159 +#define OID_ECDSA_WITH_SHA256 160 +#define OID_ECDSA_WITH_SHA384 161 +#define OID_ECDSA_WITH_SHA512 162 +#define OID_USER_PRINCIPAL_NAME 177 +#define OID_STRONGSWAN 180 +#define OID_TCGID 187 +#define OID_AUTHORITY_INFO_ACCESS 192 +#define OID_IP_ADDR_BLOCKS 194 +#define OID_POLICY_QUALIFIER_CPS 196 +#define OID_POLICY_QUALIFIER_UNOTICE 197 +#define OID_SERVER_AUTH 199 +#define OID_CLIENT_AUTH 200 +#define OID_OCSP_SIGNING 207 +#define OID_XMPP_ADDR 209 +#define OID_AUTHENTICATION_INFO 211 +#define OID_ACCESS_IDENTITY 212 +#define OID_CHARGING_IDENTITY 213 +#define OID_GROUP 214 +#define OID_OCSP 217 +#define OID_BASIC 218 +#define OID_NONCE 219 +#define OID_CRL 220 +#define OID_RESPONSE 221 +#define OID_NO_CHECK 222 +#define OID_ARCHIVE_CUTOFF 223 +#define OID_SERVICE_LOCATOR 224 +#define OID_CA_ISSUERS 225 +#define OID_DES_CBC 231 +#define OID_SHA1 232 +#define OID_SHA1_WITH_RSA_OIW 233 +#define OID_ECGDSA_PUBKEY 252 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 255 +#define OID_ECGDSA_SIG_WITH_SHA1 256 +#define OID_ECGDSA_SIG_WITH_SHA224 257 +#define OID_ECGDSA_SIG_WITH_SHA256 258 +#define OID_ECGDSA_SIG_WITH_SHA384 259 +#define OID_ECGDSA_SIG_WITH_SHA512 260 +#define OID_SECT163K1 283 +#define OID_SECT163R1 284 +#define OID_SECT239K1 285 +#define OID_SECT113R1 286 +#define OID_SECT113R2 287 +#define OID_SECT112R1 288 +#define OID_SECT112R2 289 +#define OID_SECT160R1 290 +#define OID_SECT160K1 291 +#define OID_SECT256K1 292 +#define OID_SECT163R2 293 +#define OID_SECT283K1 294 +#define OID_SECT283R1 295 +#define OID_SECT131R1 296 +#define OID_SECT131R2 297 +#define OID_SECT193R1 298 +#define OID_SECT193R2 299 +#define OID_SECT233K1 300 +#define OID_SECT233R1 301 +#define OID_SECT128R1 302 +#define OID_SECT128R2 303 +#define OID_SECT160R2 304 +#define OID_SECT192K1 305 +#define OID_SECT224K1 306 +#define OID_SECT224R1 307 +#define OID_SECT384R1 308 +#define OID_SECT521R1 309 +#define OID_SECT409K1 310 +#define OID_SECT409R1 311 +#define OID_SECT571K1 312 +#define OID_SECT571R1 313 +#define OID_AES128_CBC 322 +#define OID_AES128_GCM 323 +#define OID_AES128_CCM 324 +#define OID_AES192_CBC 325 +#define OID_AES192_GCM 326 +#define OID_AES192_CCM 327 +#define OID_AES256_CBC 328 +#define OID_AES256_GCM 329 +#define OID_AES256_CCM 330 +#define OID_SHA256 332 +#define OID_SHA384 333 +#define OID_SHA512 334 +#define OID_SHA224 335 +#define OID_NS_REVOCATION_URL 341 +#define OID_NS_CA_REVOCATION_URL 342 +#define OID_NS_CA_POLICY_URL 343 +#define OID_NS_COMMENT 344 +#define OID_EMPLOYEE_NUMBER 347 +#define OID_PKI_MESSAGE_TYPE 353 +#define OID_PKI_STATUS 354 +#define OID_PKI_FAIL_INFO 355 +#define OID_PKI_SENDER_NONCE 356 +#define OID_PKI_RECIPIENT_NONCE 357 +#define OID_PKI_TRANS_ID 358 +#define OID_TPM_MANUFACTURER 364 +#define OID_TPM_MODEL 365 +#define OID_TPM_VERSION 366 +#define OID_TPM_ID_LABEL 367 -#define OID_MAX 359 ->>>>>>> upstream/4.5.1 +#define OID_MAX 368 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index bf37dd624..f16287cb2 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -51,19 +51,11 @@ 0x1D "certificateIssuer" 0x1E "nameConstraints" OID_NAME_CONSTRAINTS 0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS -<<<<<<< HEAD - 0x20 "certificatePolicies" - 0x00 "anyPolicy" OID_ANY_POLICY - 0x21 "policyMappings" - 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID - 0x24 "policyConstraints" -======= 0x20 "certificatePolicies" OID_CERTIFICATE_POLICIES 0x00 "anyPolicy" OID_ANY_POLICY 0x21 "policyMappings" OID_POLICY_MAPPINGS 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID 0x24 "policyConstraints" OID_POLICY_CONSTRAINTS ->>>>>>> upstream/4.5.1 0x25 "extendedKeyUsage" OID_EXTENDED_KEY_USAGE 0x00 "anyExtendedKeyUsage" 0x2E "freshestCRL" OID_FRESHEST_CRL @@ -99,6 +91,8 @@ 0x02 "md2WithRSAEncryption" OID_MD2_WITH_RSA 0x04 "md5WithRSAEncryption" OID_MD5_WITH_RSA 0x05 "sha-1WithRSAEncryption" OID_SHA1_WITH_RSA + 0x07 "id-RSAES-OAEP" OID_RSAES_OAEP + 0x09 "id-pSpecified" 0x0B "sha256WithRSAEncryption" OID_SHA256_WITH_RSA 0x0C "sha384WithRSAEncryption" OID_SHA384_WITH_RSA 0x0D "sha512WithRSAEncryption" OID_SHA512_WITH_RSA @@ -118,7 +112,7 @@ 0x05 "signingTime" OID_PKCS9_SIGNING_TIME 0x06 "counterSignature" 0x07 "challengePassword" OID_CHALLENGE_PASSWORD - 0x08 "unstructuredAddress" + 0x08 "unstructuredAddress" OID_UNSTRUCTURED_ADDRESS 0x0E "extensionRequest" OID_EXTENSION_REQUEST 0x0F "S/MIME Capabilities" 0x02 "digestAlgorithm" @@ -132,11 +126,7 @@ 0x01 "id-ecPublicKey" OID_EC_PUBLICKEY 0x03 "ellipticCurve" 0x00 "c-TwoCurve" -<<<<<<< HEAD - 0x01 "c2pnb163v1" OID_C2PNB163V1 -======= 0x01 "c2pnb163v1" OID_C2PNB163V1 ->>>>>>> upstream/4.5.1 0x02 "c2pnb163v2" OID_C2PNB163V2 0x03 "c2pnb163v3" OID_C2PNB163V3 0x04 "c2pnb176w1" OID_C2PNB176W1 @@ -186,23 +176,16 @@ 0x02 "msCertificateTypeExtension" 0x02 "msSmartcardLogon" 0x03 "msUPN" OID_USER_PRINCIPAL_NAME -<<<<<<< HEAD -======= 0xA0 "" 0x2A "ITA" 0x01 "strongSwan" OID_STRONGSWAN ->>>>>>> upstream/4.5.1 0x89 "" 0x31 "" 0x01 "" 0x01 "" 0x02 "" 0x02 "" -<<<<<<< HEAD - 0x4B "TCGID" OID_TCGID -======= 0x4B "TCGID" OID_TCGID ->>>>>>> upstream/4.5.1 0x05 "security" 0x05 "mechanisms" 0x07 "id-pkix" @@ -211,13 +194,8 @@ 0x03 "qcStatements" 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS 0x02 "id-qt" -<<<<<<< HEAD - 0x01 "cps" - 0x02 "unotice" -======= 0x01 "cps" OID_POLICY_QUALIFIER_CPS 0x02 "unotice" OID_POLICY_QUALIFIER_UNOTICE ->>>>>>> upstream/4.5.1 0x03 "id-kp" 0x01 "serverAuth" OID_SERVER_AUTH 0x02 "clientAuth" OID_CLIENT_AUTH @@ -380,4 +358,11 @@ 0x06 "recipientNonce" OID_PKI_RECIPIENT_NONCE 0x07 "transID" OID_PKI_TRANS_ID 0x08 "extensionReq" - +0x67 "" + 0x81 "" + 0x05 "" + 0x02 "tcg-attribute" + 0x01 "tcg-at-tpmManufacturer" OID_TPM_MANUFACTURER + 0x02 "tcg-at-tpmModel" OID_TPM_MODEL + 0x03 "tcg-at-tpmVersion" OID_TPM_VERSION + 0x0F "tcg-at-tpmIdLabel" OID_TPM_ID_LABEL diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h index f94bdfbf2..63644ac78 100644 --- a/src/libstrongswan/chunk.h +++ b/src/libstrongswan/chunk.h @@ -175,7 +175,7 @@ static inline void chunk_clear(chunk_t *chunk) { if (chunk->ptr) { - memset(chunk->ptr, 0, chunk->len); + memwipe(chunk->ptr, chunk->len); chunk_free(chunk); } } diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 9c7df81a6..23a3f62d9 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -131,19 +131,13 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; cert->destroy(cert); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -155,11 +149,8 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 break; } } @@ -185,11 +176,8 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 /* integer type */ enumerator->current->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -200,18 +188,12 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* pointer type */ enumerator->current->value = va_arg(args, void*); break; @@ -263,11 +245,8 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_EAP_TYPE: return (void*)EAP_NAK; case AUTH_RULE_EAP_VENDOR: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 return (void*)0; case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: @@ -279,18 +258,12 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 default: return NULL; } @@ -313,11 +286,8 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 /* integer type */ entry->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -328,18 +298,12 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* pointer type */ entry->value = va_arg(args, void*); break; @@ -410,40 +374,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: { -<<<<<<< HEAD - cert_validation_t validated, required; - - required = (uintptr_t)value; - validated = (uintptr_t)get(this, t1); - switch (required) - { - case VALIDATION_FAILED: - /* no constraint */ - break; - case VALIDATION_SKIPPED: - if (validated == VALIDATION_SKIPPED) - { - break; - } - /* FALL */ - case VALIDATION_GOOD: - if (validated == VALIDATION_GOOD) - { - break; - } - /* FALL */ - default: - success = FALSE; - if (log_error) - { - DBG1(DBG_CFG, "constraint check failed: %N is %N, " - "but requires at least %N", auth_rule_names, - t1, cert_validation_names, validated, - cert_validation_names, required); - } - break; - } -======= uintptr_t validated; e2 = create_enumerator(this); @@ -483,7 +413,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } } e2->destroy(e2); ->>>>>>> upstream/4.5.1 break; } case AUTH_RULE_IDENTITY: @@ -567,8 +496,6 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, e2->destroy(e2); break; } -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: { @@ -634,15 +561,11 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } break; } ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 /* skip helpers */ continue; } @@ -689,10 +612,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)value; @@ -704,11 +624,8 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: case AUTH_RULE_EAP_VENDOR: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 { add(this, type, (uintptr_t)value); break; @@ -723,10 +640,7 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, id->clone(id)); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -779,11 +693,8 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 { if (i1->value == i2->value) { @@ -797,10 +708,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *c1, *c2; @@ -831,10 +739,7 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) } continue; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -917,19 +822,13 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: -<<<<<<< HEAD -======= case AUTH_HELPER_REVOCATION_CERT: ->>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; clone->add(clone, entry->type, cert->get_ref(cert)); break; } -<<<<<<< HEAD -======= case AUTH_RULE_CERT_POLICY: ->>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -941,11 +840,8 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: -<<<<<<< HEAD -======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: ->>>>>>> upstream/4.5.1 clone->add(clone, entry->type, (uintptr_t)entry->value); break; } diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 659a7c9ef..489ce1134 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -90,15 +90,12 @@ enum auth_rule_t { * The group membership constraint is fulfilled if the subject is member of * one group defined in the constraints. */ AUTH_RULE_GROUP, -<<<<<<< HEAD -======= /** required RSA public key strength, u_int in bits */ AUTH_RULE_RSA_STRENGTH, /** required ECDSA public key strength, u_int in bits */ AUTH_RULE_ECDSA_STRENGTH, /** certificatePolicy constraint, numerical OID as char* */ AUTH_RULE_CERT_POLICY, ->>>>>>> upstream/4.5.1 /** intermediate certificate, certificate_t* */ AUTH_HELPER_IM_CERT, @@ -108,11 +105,8 @@ enum auth_rule_t { AUTH_HELPER_IM_HASH_URL, /** Hash and URL of a end-entity certificate, char* */ AUTH_HELPER_SUBJECT_HASH_URL, -<<<<<<< HEAD -======= /** revocation certificate (CRL, OCSP), certificate_t* */ AUTH_HELPER_REVOCATION_CERT, ->>>>>>> upstream/4.5.1 }; /** diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index 4d3a78eab..f9a277a2c 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -43,10 +43,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_CRL_DISTRIBUTION_POINTS", "BUILD_OCSP_ACCESS_LOCATIONS", "BUILD_PATHLEN", -<<<<<<< HEAD - "BUILD_X509_FLAG", - "BUILD_REVOKED_ENUMERATOR", -======= "BUILD_PERMITTED_NAME_CONSTRAINTS", "BUILD_EXCLUDED_NAME_CONSTRAINTS", "BUILD_CERTIFICATE_POLICIES", @@ -57,7 +53,6 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_X509_FLAG", "BUILD_REVOKED_ENUMERATOR", "BUILD_BASE_CRL", ->>>>>>> upstream/4.5.1 "BUILD_CHALLENGE_PWD", "BUILD_PKCS11_MODULE", "BUILD_PKCS11_SLOT", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index fc93a6007..325b668cd 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -87,18 +87,12 @@ enum builder_part_t { BUILD_CA_CERT, /** a certificate, certificate_t* */ BUILD_CERT, -<<<<<<< HEAD - /** CRL distribution point URIs, linked_list_t* containing char* */ -======= /** CRL distribution point URIs, x509_cdp_t* */ ->>>>>>> upstream/4.5.1 BUILD_CRL_DISTRIBUTION_POINTS, /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */ BUILD_OCSP_ACCESS_LOCATIONS, /** certificate path length constraint */ BUILD_PATHLEN, -<<<<<<< HEAD -======= /** permitted X509 name constraints, linked_list_t* of identification_t* */ BUILD_PERMITTED_NAME_CONSTRAINTS, /** excluded X509 name constraints, linked_list_t* of identification_t* */ @@ -113,16 +107,12 @@ enum builder_part_t { BUILD_POLICY_INHIBIT_MAPPING, /** inhibitAnyPolicy constraint, int */ BUILD_POLICY_INHIBIT_ANY, ->>>>>>> upstream/4.5.1 /** enforce an additional X509 flag, x509_flag_t */ BUILD_X509_FLAG, /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */ BUILD_REVOKED_ENUMERATOR, -<<<<<<< HEAD -======= /** Base CRL serial for a delta CRL, chunk_t, */ BUILD_BASE_CRL, ->>>>>>> upstream/4.5.1 /** PKCS#10 challenge password */ BUILD_CHALLENGE_PWD, /** friendly name of a PKCS#11 module, null terminated char* */ diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h index f329281d3..733d9d612 100644 --- a/src/libstrongswan/credentials/cert_validator.h +++ b/src/libstrongswan/credentials/cert_validator.h @@ -40,14 +40,6 @@ struct cert_validator_t { * @param subject subject certificate to check * @param issuer issuer of subject * @param online wheter to do online revocation checking -<<<<<<< HEAD - * @param pathlen the current length of the path up to the root CA - * @param auth container for resulting authentication info - */ - bool (*validate)(cert_validator_t *this, certificate_t *subject, - certificate_t *issuer, bool online, int pathlen, - auth_cfg_t *auth); -======= * @param pathlen the current length of the path bottom-up * @param anchor is issuer trusted root anchor * @param auth container for resulting authentication info @@ -55,7 +47,6 @@ struct cert_validator_t { bool (*validate)(cert_validator_t *this, certificate_t *subject, certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth); ->>>>>>> upstream/4.5.1 }; #endif /** CERT_VALIDATOR_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 11ad7f2f3..2f3497474 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -72,8 +72,6 @@ struct crl_t { chunk_t (*get_authKeyIdentifier)(crl_t *this); /** -<<<<<<< HEAD -======= * Is this CRL a delta CRL? * * @param base_crl gets to baseCrlNumber, if this is a delta CRL @@ -89,7 +87,6 @@ struct crl_t { enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over all revoked certificates. * * The enumerator takes 3 pointer arguments: diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index 3ab26c8c5..fec02dbad 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,12 +24,6 @@ #include <utils/enumerator.h> #include <credentials/certificates/certificate.h> -<<<<<<< HEAD -#define X509_NO_PATH_LEN_CONSTRAINT -1 - -typedef struct x509_t x509_t; -typedef enum x509_flag_t x509_flag_t; -======= /* constraints are currently restricted to the range 0..127 */ #define X509_NO_CONSTRAINT 255 @@ -39,7 +33,6 @@ typedef struct x509_policy_mapping_t x509_policy_mapping_t; typedef struct x509_cdp_t x509_cdp_t; typedef enum x509_flag_t x509_flag_t; typedef enum x509_constraint_t x509_constraint_t; ->>>>>>> upstream/4.5.1 /** * X.509 certificate flags. @@ -61,14 +54,6 @@ enum x509_flag_t { X509_SELF_SIGNED = (1<<5), /** cert has an ipAddrBlocks extension */ X509_IP_ADDR_BLOCKS = (1<<6), -<<<<<<< HEAD -}; - -/** - * enum names for x509 flags - */ -extern enum_name_t *x509_flag_names; -======= /** cert has CRL sign key usage */ X509_CRL_SIGN = (1<<7), }; @@ -118,7 +103,6 @@ struct x509_cdp_t { /** CRL issuer */ identification_t *issuer; }; ->>>>>>> upstream/4.5.1 /** * X.509 certificate interface. @@ -162,20 +146,12 @@ struct x509_t { chunk_t (*get_authKeyIdentifier)(x509_t *this); /** -<<<<<<< HEAD - * Get an optional path length constraint. - * - * @return pathLenConstraint, -1 if no constraint exists - */ - int (*get_pathLenConstraint)(x509_t *this); -======= * Get a numerical X.509 constraint. * * @param type type of constraint to get * @return constraint, X509_NO_CONSTRAINT if none found */ u_int (*get_constraint)(x509_t *this, x509_constraint_t type); ->>>>>>> upstream/4.5.1 /** * Create an enumerator over all subjectAltNames. @@ -185,15 +161,9 @@ struct x509_t { enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); /** -<<<<<<< HEAD - * Create an enumerator over all CRL URIs. - * - * @return enumerator over URIs as char* -======= * Create an enumerator over all CRL URIs and CRL Issuers. * * @return enumerator over x509_cdp_t ->>>>>>> upstream/4.5.1 */ enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); @@ -210,8 +180,6 @@ struct x509_t { * @return enumerator over ipAddrBlocks as traffic_selector_t* */ enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); -<<<<<<< HEAD -======= /** * Create an enumerator over name constraints. @@ -236,7 +204,6 @@ struct x509_t { enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this); ->>>>>>> upstream/4.5.1 }; #endif /** X509_H_ @}*/ diff --git a/src/libstrongswan/credentials/cred_encoding.c b/src/libstrongswan/credentials/cred_encoding.c index edd76205b..ac3266f4c 100644 --- a/src/libstrongswan/credentials/cred_encoding.c +++ b/src/libstrongswan/credentials/cred_encoding.c @@ -180,8 +180,13 @@ static bool encode(private_cred_encoding_t *this, cred_encoding_type_t type, chunk = malloc_thing(chunk_t); *chunk = *encoding; this->lock->write_lock(this->lock); - this->cache[type]->put(this->cache[type], cache, chunk); + chunk = this->cache[type]->put(this->cache[type], cache, chunk); this->lock->unlock(this->lock); + if (chunk) + { + free(chunk->ptr); + free(chunk); + } } return success; } diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 3e54368ff..27b97eab3 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -452,13 +452,8 @@ static void cache_queue(private_credential_manager_t *this) * check a certificate for its lifetime */ static bool check_certificate(private_credential_manager_t *this, -<<<<<<< HEAD - certificate_t *subject, certificate_t *issuer, - bool online, int pathlen, auth_cfg_t *auth) -======= certificate_t *subject, certificate_t *issuer, bool online, int pathlen, bool trusted, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { time_t not_before, not_after; cert_validator_t *validator; @@ -476,36 +471,12 @@ static bool check_certificate(private_credential_manager_t *this, ¬_before, FALSE, ¬_after, FALSE); return FALSE; } -<<<<<<< HEAD - if (issuer->get_type(issuer) == CERT_X509 && - subject->get_type(subject) == CERT_X509) - { - int pathlen_constraint; - x509_t *x509; - - /* check path length constraint */ - x509 = (x509_t*)issuer; - pathlen_constraint = x509->get_pathLenConstraint(x509); - if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && - pathlen > pathlen_constraint) - { - DBG1(DBG_CFG, "path length of %d violates constraint of %d", - pathlen, pathlen_constraint); - return FALSE; - } - } -======= ->>>>>>> upstream/4.5.1 enumerator = this->validators->create_enumerator(this->validators); while (enumerator->enumerate(enumerator, &validator)) { if (!validator->validate(validator, subject, issuer, -<<<<<<< HEAD - online, pathlen, auth)) -======= online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { enumerator->destroy(enumerator); return FALSE; @@ -563,8 +534,6 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * Get the strength of certificate, add it to auth */ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) @@ -596,7 +565,6 @@ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) } /** ->>>>>>> upstream/4.5.1 * try to verify the trust chain of subject, return TRUE if trusted */ static bool verify_trust_chain(private_credential_manager_t *this, @@ -608,13 +576,9 @@ static bool verify_trust_chain(private_credential_manager_t *this, int pathlen; auth = auth_cfg_create(); -<<<<<<< HEAD - current = subject->get_ref(subject); -======= get_key_strength(subject, auth); current = subject->get_ref(subject); auth->add(auth, AUTH_RULE_SUBJECT_CERT, current->get_ref(current)); ->>>>>>> upstream/4.5.1 for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++) { @@ -659,25 +623,17 @@ static bool verify_trust_chain(private_credential_manager_t *this, break; } } -<<<<<<< HEAD - if (!check_certificate(this, current, issuer, online, pathlen, - current == subject ? auth : NULL)) -======= if (!check_certificate(this, current, issuer, online, pathlen, trusted, auth)) ->>>>>>> upstream/4.5.1 { trusted = FALSE; issuer->destroy(issuer); break; } -<<<<<<< HEAD -======= if (issuer) { get_key_strength(issuer, auth); } ->>>>>>> upstream/4.5.1 current->destroy(current); current = issuer; if (trusted) @@ -701,8 +657,6 @@ static bool verify_trust_chain(private_credential_manager_t *this, } /** -<<<<<<< HEAD -======= * List find match function for certificates */ static bool cert_equals(certificate_t *a, certificate_t *b) @@ -711,7 +665,6 @@ static bool cert_equals(certificate_t *a, certificate_t *b) } /** ->>>>>>> upstream/4.5.1 * enumerator for trusted certificates */ typedef struct { @@ -731,11 +684,8 @@ typedef struct { certificate_t *pretrusted; /** currently enumerating auth config */ auth_cfg_t *auth; -<<<<<<< HEAD -======= /** list of failed candidates */ linked_list_t *failed; ->>>>>>> upstream/4.5.1 } trusted_enumerator_t; METHOD(enumerator_t, trusted_enumerate, bool, @@ -763,13 +713,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, verify_trust_chain(this->this, this->pretrusted, this->auth, TRUE, this->online)) { -<<<<<<< HEAD - this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, - this->pretrusted->get_ref(this->pretrusted)); - DBG1(DBG_CFG, " using trusted certificate \"%Y\"", - this->pretrusted->get_subject(this->pretrusted)); - *cert = this->pretrusted; -======= DBG1(DBG_CFG, " using trusted certificate \"%Y\"", this->pretrusted->get_subject(this->pretrusted)); *cert = this->pretrusted; @@ -778,7 +721,6 @@ METHOD(enumerator_t, trusted_enumerate, bool, this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, this->pretrusted->get_ref(this->pretrusted)); } ->>>>>>> upstream/4.5.1 if (auth) { *auth = this->auth; @@ -796,15 +738,12 @@ METHOD(enumerator_t, trusted_enumerate, bool, continue; } -<<<<<<< HEAD -======= if (this->failed->find_first(this->failed, (void*)cert_equals, NULL, current) == SUCCESS) { /* check each candidate only once */ continue; } ->>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -817,10 +756,7 @@ METHOD(enumerator_t, trusted_enumerate, bool, } return TRUE; } -<<<<<<< HEAD -======= this->failed->insert_last(this->failed, current->get_ref(current)); ->>>>>>> upstream/4.5.1 } return FALSE; } @@ -831,10 +767,7 @@ METHOD(enumerator_t, trusted_destroy, void, DESTROY_IF(this->pretrusted); DESTROY_IF(this->auth); DESTROY_IF(this->candidates); -<<<<<<< HEAD -======= this->failed->destroy_offset(this->failed, offsetof(certificate_t, destroy)); ->>>>>>> upstream/4.5.1 free(this); } @@ -853,10 +786,7 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*, .type = type, .id = id, .online = online, -<<<<<<< HEAD -======= .failed = linked_list_create(), ->>>>>>> upstream/4.5.1 ); return &enumerator->public; } diff --git a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c index de5b85bae..fecc9910e 100644 --- a/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c +++ b/src/libstrongswan/credentials/ietf_attributes/ietf_attributes.c @@ -189,11 +189,11 @@ static char* get_string(private_ietf_attributes_t *this) if (oid == OID_UNKNOWN) { - written = snprintf(pos, len, "0x#B", &attr->value); + written = snprintf(pos, len, "0x%#B", &attr->value); } else { - written = snprintf(pos, len, "%s", oid_names[oid]); + written = snprintf(pos, len, "%s", oid_names[oid].name); } break; } @@ -331,7 +331,7 @@ static bool matches(private_ietf_attributes_t *this, private_ietf_attributes_t * /* look for at least one common attribute */ while (TRUE) { - bool cmp = attr_a->compare(attr_a, attr_b); + int cmp = attr_a->compare(attr_a, attr_b); if (cmp == 0) { diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 046ccfd12..225fabe31 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -132,12 +132,8 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) } } else if (rule != AUTH_HELPER_SUBJECT_CERT && -<<<<<<< HEAD - rule != AUTH_HELPER_IM_CERT) -======= rule != AUTH_HELPER_IM_CERT && rule != AUTH_HELPER_REVOCATION_CERT) ->>>>>>> upstream/4.5.1 { /* handle only HELPER certificates */ continue; } diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 5a2385b72..e023e8443 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,9 +1,6 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperwsil ->>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -59,14 +56,11 @@ struct private_mem_cred_t { * List of shared keys, as shared_entry_t */ linked_list_t *shared; -<<<<<<< HEAD -======= /** * List of CDPs, as cdp_t */ linked_list_t *cdps; ->>>>>>> upstream/4.5.1 }; /** @@ -157,23 +151,6 @@ static bool certificate_equals(certificate_t *item, certificate_t *cert) return item->equals(item, cert); } -<<<<<<< HEAD -METHOD(mem_cred_t, add_cert, void, - private_mem_cred_t *this, bool trusted, certificate_t *cert) -{ - this->lock->write_lock(this->lock); - if (this->untrusted->find_last(this->untrusted, - (linked_list_match_t)certificate_equals, NULL, cert) != SUCCESS) - { - if (trusted) - { - this->trusted->insert_last(this->trusted, cert->get_ref(cert)); - } - this->untrusted->insert_last(this->untrusted, cert->get_ref(cert)); - } - cert->destroy(cert); - this->lock->unlock(this->lock); -======= /** * Add a certificate the the cache. Returns a reference to "cert" or a * previously cached certificate that equals "cert". @@ -272,7 +249,6 @@ METHOD(mem_cred_t, add_crl, bool, } this->lock->unlock(this->lock); return new; ->>>>>>> upstream/4.5.1 } /** @@ -332,11 +308,7 @@ METHOD(mem_cred_t, add_key, void, private_mem_cred_t *this, private_key_t *key) { this->lock->write_lock(this->lock); -<<<<<<< HEAD - this->keys->insert_last(this->keys, key); -======= this->keys->insert_first(this->keys, key); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -460,20 +432,6 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, (void*)shared_filter, data, (void*)shared_data_destroy); } -<<<<<<< HEAD -METHOD(mem_cred_t, add_shared, void, - private_mem_cred_t *this, shared_key_t *shared, ...) -{ - shared_entry_t *entry; - identification_t *id; - va_list args; - - INIT(entry, - .shared = shared, - .owners = linked_list_create(), - ); - -======= METHOD(mem_cred_t, add_shared_list, void, private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners) { @@ -496,27 +454,18 @@ METHOD(mem_cred_t, add_shared, void, linked_list_t *owners = linked_list_create(); va_list args; ->>>>>>> upstream/4.5.1 va_start(args, shared); do { id = va_arg(args, identification_t*); if (id) { -<<<<<<< HEAD - entry->owners->insert_last(entry->owners, id); -======= owners->insert_first(owners, id); ->>>>>>> upstream/4.5.1 } } while (id); va_end(args); -<<<<<<< HEAD - this->lock->write_lock(this->lock); - this->shared->insert_last(this->shared, entry); -======= add_shared_list(this, shared, owners); } @@ -614,7 +563,6 @@ METHOD(mem_cred_t, clear_secrets, void, this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); this->keys = linked_list_create(); this->shared = linked_list_create(); ->>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -626,15 +574,6 @@ METHOD(mem_cred_t, clear_, void, offsetof(certificate_t, destroy)); this->untrusted->destroy_offset(this->untrusted, offsetof(certificate_t, destroy)); -<<<<<<< HEAD - this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy)); - this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); - this->trusted = linked_list_create(); - this->untrusted = linked_list_create(); - this->keys = linked_list_create(); - this->shared = linked_list_create(); - this->lock->unlock(this->lock); -======= this->cdps->destroy_function(this->cdps, (void*)cdp_destroy); this->trusted = linked_list_create(); this->untrusted = linked_list_create(); @@ -642,7 +581,6 @@ METHOD(mem_cred_t, clear_, void, this->lock->unlock(this->lock); clear_secrets(this); ->>>>>>> upstream/4.5.1 } METHOD(mem_cred_t, destroy, void, @@ -653,10 +591,7 @@ METHOD(mem_cred_t, destroy, void, this->untrusted->destroy(this->untrusted); this->keys->destroy(this->keys); this->shared->destroy(this->shared); -<<<<<<< HEAD -======= this->cdps->destroy(this->cdps); ->>>>>>> upstream/4.5.1 this->lock->destroy(this->lock); free(this); } @@ -674,15 +609,6 @@ mem_cred_t *mem_cred_create() .create_shared_enumerator = _create_shared_enumerator, .create_private_enumerator = _create_private_enumerator, .create_cert_enumerator = _create_cert_enumerator, -<<<<<<< HEAD - .create_cdp_enumerator = (void*)return_null, - .cache_cert = (void*)nop, - }, - .add_cert = _add_cert, - .add_key = _add_key, - .add_shared = _add_shared, - .clear = _clear_, -======= .create_cdp_enumerator = _create_cdp_enumerator, .cache_cert = (void*)nop, }, @@ -695,17 +621,13 @@ mem_cred_t *mem_cred_create() .add_cdp = _add_cdp, .clear = _clear_, .clear_secrets = _clear_secrets, ->>>>>>> upstream/4.5.1 .destroy = _destroy, }, .trusted = linked_list_create(), .untrusted = linked_list_create(), .keys = linked_list_create(), .shared = linked_list_create(), -<<<<<<< HEAD -======= .cdps = linked_list_create(), ->>>>>>> upstream/4.5.1 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index 274e07566..eb46b065b 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -1,9 +1,6 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperswil ->>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -29,11 +26,8 @@ typedef struct mem_cred_t mem_cred_t; #include <credentials/credential_set.h> -<<<<<<< HEAD -======= #include <credentials/certificates/crl.h> #include <utils/linked_list.h> ->>>>>>> upstream/4.5.1 /** * Generic in-memory credential set. @@ -54,8 +48,6 @@ struct mem_cred_t { void (*add_cert)(mem_cred_t *this, bool trusted, certificate_t *cert); /** -<<<<<<< HEAD -======= * Add a certificate to the credential set, returning a reference to it or * to a cached duplicate. * @@ -76,7 +68,6 @@ struct mem_cred_t { bool (*add_crl)(mem_cred_t *this, crl_t *crl); /** ->>>>>>> upstream/4.5.1 * Add a private key to the credential set. * * @param key key, reference gets owned by set @@ -87,17 +78,11 @@ struct mem_cred_t { * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set -<<<<<<< HEAD - * @param ... NULL terminated list of owners identification_t* -======= * @param ... NULL terminated list of owners (identification_t*) ->>>>>>> upstream/4.5.1 */ void (*add_shared)(mem_cred_t *this, shared_key_t *shared, ...); /** -<<<<<<< HEAD -======= * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set @@ -116,21 +101,17 @@ struct mem_cred_t { identification_t *id, char *uri); /** ->>>>>>> upstream/4.5.1 * Clear all credentials from the credential set. */ void (*clear)(mem_cred_t *this); /** -<<<<<<< HEAD -======= * Clear the secrets (private and shared keys, not the certificates) from * the credential set. */ void (*clear_secrets)(mem_cred_t *this); /** ->>>>>>> upstream/4.5.1 * Destroy a mem_cred_t. */ void (*destroy)(mem_cred_t *this); diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 96b4630f7..2d13896d6 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -20,15 +20,6 @@ #include <utils/linked_list.h> #include <crypto/crypto_tester.h> -<<<<<<< HEAD -typedef struct entry_t entry_t; -struct entry_t { - /* algorithm */ - u_int algo; - /* benchmarked speed */ - u_int speed; - /* constructor */ -======= const char *default_plugin_name = "default"; typedef struct entry_t entry_t; @@ -52,7 +43,6 @@ struct entry_t { /** * constructor */ ->>>>>>> upstream/4.5.1 union { crypter_constructor_t create_crypter; aead_constructor_t create_aead; @@ -154,12 +144,8 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, { if (this->test_on_create && !this->tester->test_crypter(this->tester, algo, key_size, -<<<<<<< HEAD - entry->create_crypter, NULL)) -======= entry->create_crypter, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -191,12 +177,8 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, -<<<<<<< HEAD - entry->create_aead, NULL)) -======= entry->create_aead, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -227,12 +209,8 @@ METHOD(crypto_factory_t, create_signer, signer_t*, { if (this->test_on_create && !this->tester->test_signer(this->tester, algo, -<<<<<<< HEAD - entry->create_signer, NULL)) -======= entry->create_signer, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -264,12 +242,8 @@ METHOD(crypto_factory_t, create_hasher, hasher_t*, { if (this->test_on_create && algo != HASH_PREFERRED && !this->tester->test_hasher(this->tester, algo, -<<<<<<< HEAD - entry->create_hasher, NULL)) -======= entry->create_hasher, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -300,12 +274,8 @@ METHOD(crypto_factory_t, create_prf, prf_t*, { if (this->test_on_create && !this->tester->test_prf(this->tester, algo, -<<<<<<< HEAD - entry->create_prf, NULL)) -======= entry->create_prf, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -337,12 +307,8 @@ METHOD(crypto_factory_t, create_rng, rng_t*, { if (this->test_on_create && !this->tester->test_rng(this->tester, quality, -<<<<<<< HEAD - entry->create_rng, NULL)) -======= entry->create_rng, NULL, default_plugin_name)) ->>>>>>> upstream/4.5.1 { continue; } @@ -406,12 +372,8 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*, * Insert an algorithm entry to a list */ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, -<<<<<<< HEAD - int algo, u_int speed, void *create) -======= int algo, const char *plugin_name, u_int speed, void *create) ->>>>>>> upstream/4.5.1 { entry_t *entry, *current; linked_list_t *tmp; @@ -419,10 +381,7 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, INIT(entry, .algo = algo, -<<<<<<< HEAD -======= .plugin_name = plugin_name, ->>>>>>> upstream/4.5.1 .speed = speed, ); entry->create = create; @@ -456,27 +415,16 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, } METHOD(crypto_factory_t, add_crypter, void, -<<<<<<< HEAD - private_crypto_factory_t *this, encryption_algorithm_t algo, - crypter_constructor_t create) -======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, crypter_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_crypter(this->tester, algo, 0, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->crypters, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->crypters, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -501,27 +449,16 @@ METHOD(crypto_factory_t, remove_crypter, void, } METHOD(crypto_factory_t, add_aead, void, -<<<<<<< HEAD - private_crypto_factory_t *this, encryption_algorithm_t algo, - aead_constructor_t create) -======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, aead_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_aead(this->tester, algo, 0, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->aeads, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -546,27 +483,16 @@ METHOD(crypto_factory_t, remove_aead, void, } METHOD(crypto_factory_t, add_signer, void, -<<<<<<< HEAD - private_crypto_factory_t *this, integrity_algorithm_t algo, - signer_constructor_t create) -======= private_crypto_factory_t *this, integrity_algorithm_t algo, const char *plugin_name, signer_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_signer(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->signers, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->signers, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -591,27 +517,16 @@ METHOD(crypto_factory_t, remove_signer, void, } METHOD(crypto_factory_t, add_hasher, void, -<<<<<<< HEAD - private_crypto_factory_t *this, hash_algorithm_t algo, - hasher_constructor_t create) -======= private_crypto_factory_t *this, hash_algorithm_t algo, const char *plugin_name, hasher_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_hasher(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->hashers, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->hashers, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -636,27 +551,16 @@ METHOD(crypto_factory_t, remove_hasher, void, } METHOD(crypto_factory_t, add_prf, void, -<<<<<<< HEAD - private_crypto_factory_t *this, pseudo_random_function_t algo, - prf_constructor_t create) -======= private_crypto_factory_t *this, pseudo_random_function_t algo, const char *plugin_name, prf_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_prf(this->tester, algo, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->prfs, algo, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->prfs, algo, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -682,25 +586,15 @@ METHOD(crypto_factory_t, remove_prf, void, METHOD(crypto_factory_t, add_rng, void, private_crypto_factory_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create) -======= const char *plugin_name, rng_constructor_t create) ->>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_rng(this->tester, quality, create, -<<<<<<< HEAD - this->bench ? &speed : NULL)) - { - add_entry(this, this->rngs, quality, speed, create); -======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->rngs, quality, plugin_name, speed, create); ->>>>>>> upstream/4.5.1 } } @@ -725,17 +619,10 @@ METHOD(crypto_factory_t, remove_rng, void, } METHOD(crypto_factory_t, add_dh, void, -<<<<<<< HEAD - private_crypto_factory_t *this, diffie_hellman_group_t group, - dh_constructor_t create) -{ - add_entry(this, this->dhs, group, 0, create); -======= private_crypto_factory_t *this, diffie_hellman_group_t group, const char *plugin_name, dh_constructor_t create) { add_entry(this, this->dhs, group, plugin_name, 0, create); ->>>>>>> upstream/4.5.1 } METHOD(crypto_factory_t, remove_dh, void, @@ -797,17 +684,11 @@ static enumerator_t *create_enumerator(private_crypto_factory_t *this, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -826,17 +707,11 @@ METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -849,17 +724,11 @@ METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo) -{ - *algo = (*entry)->algo; -======= static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -872,17 +741,11 @@ METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo) -{ - *algo = (*entry)->algo; -======= static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -895,17 +758,11 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ -<<<<<<< HEAD -static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group) -{ - *group = (*entry)->algo; -======= static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group, void *i2, const char **plugin_name) { *group = (*entry)->algo; *plugin_name = (*entry)->plugin_name; ->>>>>>> upstream/4.5.1 return TRUE; } @@ -915,8 +772,6 @@ METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*, return create_enumerator(this, this->dhs, dh_filter); } -<<<<<<< HEAD -======= /** * Filter function to enumerate algorithm, not entry */ @@ -933,7 +788,6 @@ METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*, { return create_enumerator(this, this->rngs, rng_filter); } ->>>>>>> upstream/4.5.1 METHOD(crypto_factory_t, add_test_vector, void, private_crypto_factory_t *this, transform_type_t type, void *vector) { @@ -1008,10 +862,7 @@ crypto_factory_t *crypto_factory_create() .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, .create_dh_enumerator = _create_dh_enumerator, -<<<<<<< HEAD -======= .create_rng_enumerator = _create_rng_enumerator, ->>>>>>> upstream/4.5.1 .add_test_vector = _add_test_vector, .destroy = _destroy, }, diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 61c46b59c..8e5db6355 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -33,11 +33,8 @@ typedef struct crypto_factory_t crypto_factory_t; #include <crypto/diffie_hellman.h> #include <crypto/transform.h> -<<<<<<< HEAD -======= #define CRYPTO_MAX_ALG_LINE 120 /* characters */ ->>>>>>> upstream/4.5.1 /** * Constructor function for crypters */ @@ -149,19 +146,12 @@ struct crypto_factory_t { * Register a crypter constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo, -<<<<<<< HEAD - crypter_constructor_t create); -======= const char *plugin_name, crypter_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a crypter constructor. @@ -181,37 +171,23 @@ struct crypto_factory_t { * Register a aead constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo, -<<<<<<< HEAD - aead_constructor_t create); -======= const char *plugin_name, aead_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Register a signer constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo, -<<<<<<< HEAD - signer_constructor_t create); -======= const char *plugin_name, signer_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a signer constructor. @@ -227,19 +203,12 @@ struct crypto_factory_t { * create_hasher(HASH_PREFERRED). * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo, -<<<<<<< HEAD - hasher_constructor_t create); -======= const char *plugin_name, hasher_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a hasher constructor. @@ -252,19 +221,12 @@ struct crypto_factory_t { * Register a prf constructor. * * @param algo algorithm to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo, -<<<<<<< HEAD - prf_constructor_t create); -======= const char *plugin_name, prf_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a prf constructor. @@ -277,17 +239,11 @@ struct crypto_factory_t { * Register a source of randomness. * * @param quality quality of randomness this RNG serves -<<<<<<< HEAD - * @param create constructor function for such a quality - */ - void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, rng_constructor_t create); -======= * @param plugin_name plugin that registered this algorithm * @param create constructor function for such a quality */ void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a source of randomness. @@ -300,19 +256,12 @@ struct crypto_factory_t { * Register a diffie hellman constructor. * * @param group dh group to constructor -<<<<<<< HEAD -======= * @param plugin_name plugin that registered this algorithm ->>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group, -<<<<<<< HEAD - dh_constructor_t create); -======= const char *plugin_name, dh_constructor_t create); ->>>>>>> upstream/4.5.1 /** * Unregister a diffie hellman constructor. @@ -364,8 +313,6 @@ struct crypto_factory_t { enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this); /** -<<<<<<< HEAD -======= * Create an enumerator over all registered random generators. * * @return enumerator over rng_quality_t @@ -373,7 +320,6 @@ struct crypto_factory_t { enumerator_t* (*create_rng_enumerator)(crypto_factory_t *this); /** ->>>>>>> upstream/4.5.1 * Add a test vector to the crypto factory. * * @param type type of the test vector diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index d4a8728e2..4635dccea 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -165,11 +165,7 @@ static u_int bench_crypter(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_crypter, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, -<<<<<<< HEAD - crypter_constructor_t create, u_int *speed) -======= crypter_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; crypter_test_vector_t *vector; @@ -192,15 +188,11 @@ METHOD(crypto_tester_t, test_crypter, bool, } crypter = create(alg, vector->key_size); if (!crypter) -<<<<<<< HEAD - { /* key size not supported... */ -======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; ->>>>>>> upstream/4.5.1 continue; } @@ -243,30 +235,19 @@ METHOD(crypto_tester_t, test_crypter, bool, crypter->destroy(crypter); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - encryption_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - encryption_algorithm_names, alg); - return !this->required; -======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", encryption_algorithm_names, alg, plugin_name); - return FALSE; + return FALSE; } else { @@ -275,30 +256,19 @@ METHOD(crypto_tester_t, test_crypter, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } ->>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_crypter(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - encryption_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, plugin_name, *speed); + encryption_algorithm_names, alg, plugin_name, tested, *speed); } else { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -354,11 +324,7 @@ static u_int bench_aead(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_aead, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, -<<<<<<< HEAD - aead_constructor_t create, u_int *speed) -======= aead_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; aead_test_vector_t *vector; @@ -382,15 +348,11 @@ METHOD(crypto_tester_t, test_aead, bool, } aead = create(alg, vector->key_size); if (!aead) -<<<<<<< HEAD - { /* key size not supported... */ -======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; ->>>>>>> upstream/4.5.1 continue; } @@ -443,30 +405,19 @@ METHOD(crypto_tester_t, test_aead, bool, aead->destroy(aead); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - encryption_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - encryption_algorithm_names, alg); - return !this->required; -======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", encryption_algorithm_names, alg, plugin_name); - return FALSE; + return FALSE; } else { @@ -475,22 +426,12 @@ METHOD(crypto_tester_t, test_aead, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } ->>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_aead(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - encryption_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - encryption_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", encryption_algorithm_names, alg, plugin_name, tested, *speed); } @@ -498,7 +439,6 @@ METHOD(crypto_tester_t, test_aead, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -546,11 +486,7 @@ static u_int bench_signer(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_signer, bool, private_crypto_tester_t *this, integrity_algorithm_t alg, -<<<<<<< HEAD - signer_constructor_t create, u_int *speed) -======= signer_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; signer_test_vector_t *vector; @@ -572,13 +508,8 @@ METHOD(crypto_tester_t, test_signer, bool, signer = create(alg); if (!signer) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - integrity_algorithm_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", integrity_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -633,28 +564,17 @@ METHOD(crypto_tester_t, test_signer, bool, signer->destroy(signer); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - integrity_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", integrity_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - integrity_algorithm_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", integrity_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -662,15 +582,6 @@ METHOD(crypto_tester_t, test_signer, bool, if (speed) { *speed = bench_signer(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - integrity_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - integrity_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", integrity_algorithm_names, alg, plugin_name, tested, *speed); } @@ -678,7 +589,6 @@ METHOD(crypto_tester_t, test_signer, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", integrity_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -720,11 +630,7 @@ static u_int bench_hasher(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_hasher, bool, private_crypto_tester_t *this, hash_algorithm_t alg, -<<<<<<< HEAD - hasher_constructor_t create, u_int *speed) -======= hasher_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; hasher_test_vector_t *vector; @@ -746,13 +652,8 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher = create(alg); if (!hasher) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - hash_algorithm_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", hash_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -794,28 +695,17 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher->destroy(hasher); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - hash_algorithm_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", hash_algorithm_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - hash_algorithm_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", hash_algorithm_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -823,15 +713,6 @@ METHOD(crypto_tester_t, test_hasher, bool, if (speed) { *speed = bench_hasher(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - hash_algorithm_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - hash_algorithm_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", hash_algorithm_names, alg, plugin_name, tested, *speed); } @@ -839,7 +720,6 @@ METHOD(crypto_tester_t, test_hasher, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", hash_algorithm_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -881,11 +761,7 @@ static u_int bench_prf(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_prf, bool, private_crypto_tester_t *this, pseudo_random_function_t alg, -<<<<<<< HEAD - prf_constructor_t create, u_int *speed) -======= prf_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; prf_test_vector_t *vector; @@ -907,13 +783,8 @@ METHOD(crypto_tester_t, test_prf, bool, prf = create(alg); if (!prf) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - pseudo_random_function_names, alg); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", pseudo_random_function_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -966,28 +837,17 @@ METHOD(crypto_tester_t, test_prf, bool, prf->destroy(prf); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - pseudo_random_function_names, alg, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", pseudo_random_function_names, alg, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? "disabled" : "enabled ", - pseudo_random_function_names, alg); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", pseudo_random_function_names, alg, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -995,15 +855,6 @@ METHOD(crypto_tester_t, test_prf, bool, if (speed) { *speed = bench_prf(this, alg, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - pseudo_random_function_names, alg, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - pseudo_random_function_names, alg, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", pseudo_random_function_names, alg, plugin_name, tested, *speed); } @@ -1011,7 +862,6 @@ METHOD(crypto_tester_t, test_prf, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", pseudo_random_function_names, alg, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; @@ -1050,11 +900,7 @@ static u_int bench_rng(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_rng, bool, private_crypto_tester_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create, u_int *speed) -======= rng_constructor_t create, u_int *speed, const char *plugin_name) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; rng_test_vector_t *vector; @@ -1063,13 +909,8 @@ METHOD(crypto_tester_t, test_rng, bool, if (!this->rng_true && quality == RNG_TRUE) { -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: skipping test (disabled by config)", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "enabled %N[%s]: skipping test (disabled by config)", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 return TRUE; } @@ -1088,13 +929,8 @@ METHOD(crypto_tester_t, test_rng, bool, rng = create(quality); if (!rng) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: creating instance failed", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -1123,28 +959,17 @@ METHOD(crypto_tester_t, test_rng, bool, rng->destroy(rng); if (failed) { -<<<<<<< HEAD - DBG1(DBG_LIB, "disabled %N: %s test vector failed", - rng_quality_names, quality, get_name(vector)); -======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", rng_quality_names, quality, plugin_name, get_name(vector)); ->>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { -<<<<<<< HEAD - DBG1(DBG_LIB, "%s %N: no test vectors found", - this->required ? ", disabled" : "enabled ", - rng_quality_names, quality); -======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? ", disabled" : "enabled ", rng_quality_names, quality, plugin_name); ->>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -1152,15 +977,6 @@ METHOD(crypto_tester_t, test_rng, bool, if (speed) { *speed = bench_rng(this, quality, create); -<<<<<<< HEAD - DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", - rng_quality_names, quality, tested, *speed); - } - else - { - DBG1(DBG_LIB, "enabled %N: passed %u test vectors", - rng_quality_names, quality, tested); -======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", rng_quality_names, quality, plugin_name, tested, *speed); } @@ -1168,7 +984,6 @@ METHOD(crypto_tester_t, test_rng, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", rng_quality_names, quality, plugin_name, tested); ->>>>>>> upstream/4.5.1 } } return !failed; diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 1354bec52..9ac665929 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -72,7 +72,7 @@ struct aead_test_vector_t { struct signer_test_vector_t { /** signer algorithm this test vector tests */ - pseudo_random_function_t alg; + integrity_algorithm_t alg; /** key to use, with a length the algorithm expects */ u_char *key; /** size of the input data */ @@ -143,11 +143,7 @@ struct crypto_tester_t { */ bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create, -<<<<<<< HEAD - u_int *speed); -======= u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test an aead algorithm, optionally using a specified key size. @@ -160,11 +156,7 @@ struct crypto_tester_t { */ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, aead_constructor_t create, -<<<<<<< HEAD - u_int *speed); -======= u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a signer algorithm. * @@ -174,12 +166,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg, -<<<<<<< HEAD - signer_constructor_t create, u_int *speed); -======= signer_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a hasher algorithm. * @@ -189,12 +177,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg, -<<<<<<< HEAD - hasher_constructor_t create, u_int *speed); -======= hasher_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a PRF algorithm. * @@ -204,12 +188,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg, -<<<<<<< HEAD - prf_constructor_t create, u_int *speed); -======= prf_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Test a RNG implementation. * @@ -219,12 +199,8 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality, -<<<<<<< HEAD - rng_constructor_t create, u_int *speed); -======= rng_constructor_t create, u_int *speed, const char *plugin_name); ->>>>>>> upstream/4.5.1 /** * Add a test vector to test a crypter. * diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index 10ab9fc23..d65955a2e 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -59,12 +59,12 @@ struct proposal_token { u_int16_t keysize; }; -#define TOTAL_KEYWORDS 117 +#define TOTAL_KEYWORDS 119 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 #define MIN_HASH_VALUE 9 -#define MAX_HASH_VALUE 209 -/* maximum key range = 201, duplicates = 0 */ +#define MAX_HASH_VALUE 213 +/* maximum key range = 205, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned char asso_values[] = { - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 16, 9, - 4, 41, 66, 19, 8, 4, 5, 3, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 122, 210, 3, 22, 21, - 3, 111, 103, 48, 7, 4, 210, 210, 3, 210, - 57, 3, 210, 210, 78, 6, 3, 28, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210, 210, 210, 210, - 210, 210, 210, 210, 210, 210, 210 + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 14, 9, + 4, 34, 66, 19, 8, 4, 5, 3, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 131, 214, 3, 22, 21, + 3, 1, 101, 48, 3, 4, 214, 214, 3, 214, + 57, 4, 214, 214, 94, 6, 3, 32, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214, 214, 214, 214, + 214, 214, 214, 214, 214, 214, 214 }; register int hval = len; @@ -143,14 +143,19 @@ hash (str, len) static const struct proposal_token wordlist[] = { {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, @@ -209,81 +214,79 @@ static const struct proposal_token wordlist[] = {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, + {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0} + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0} }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, 0, - 1, -1, -1, -1, -1, -1, 2, -1, -1, -1, - -1, 3, 4, -1, -1, -1, -1, -1, 5, 6, - 7, 8, -1, -1, -1, 9, 10, 11, 12, 13, - 14, 15, 16, 17, 18, 19, 20, 21, 22, -1, - -1, -1, -1, 23, 24, 25, 26, 27, 28, 29, - 30, -1, 31, -1, 32, 33, 34, 35, 36, 37, - 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, - 48, -1, 49, -1, 50, -1, 51, -1, 52, -1, - 53, -1, 54, 55, 56, 57, 58, 59, 60, 61, - 62, 63, 64, 65, 66, 67, 68, 69, -1, 70, - -1, 71, -1, 72, 73, 74, 75, 76, -1, 77, - 78, 79, 80, 81, -1, 82, 83, 84, 85, -1, - -1, 86, 87, 88, 89, 90, 91, 92, -1, -1, - 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, - 103, 104, -1, -1, -1, -1, -1, -1, 105, 106, - 107, 108, -1, -1, -1, -1, 109, -1, 110, -1, - -1, -1, -1, -1, 111, -1, -1, -1, -1, 112, - 113, -1, -1, -1, -1, -1, -1, -1, -1, -1, + 1, 2, -1, -1, -1, -1, 3, 4, -1, -1, + -1, 5, 6, -1, -1, 7, -1, 8, 9, 10, + 11, 12, -1, 13, -1, 14, 15, 16, 17, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, + -1, -1, -1, -1, 29, 30, 31, 32, 33, 34, + 35, -1, 36, -1, 37, 38, 39, 40, 41, 42, + 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, + 53, -1, 54, -1, 55, -1, 56, -1, 57, -1, + 58, -1, 59, 60, 61, 62, 63, 64, 65, 66, + 67, 68, 69, 70, 71, 72, -1, 73, -1, 74, + -1, 75, -1, 76, 77, 78, 79, 80, -1, 81, + 82, 83, 84, 85, -1, 86, 87, -1, 88, -1, + -1, 89, 90, -1, 91, -1, -1, 92, -1, 93, + 94, 95, 96, -1, 97, -1, 98, 99, 100, 101, + 102, 103, -1, -1, -1, 104, -1, -1, 105, 106, + -1, 107, -1, -1, -1, 108, 109, -1, -1, 110, + 111, -1, -1, -1, 112, 113, -1, 114, 115, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, 114, 115, -1, -1, -1, 116 + -1, -1, -1, -1, -1, 116, -1, -1, -1, 117, + -1, -1, -1, 118 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.txt b/src/libstrongswan/crypto/proposal/proposal_keywords.txt index 208c6715b..4ef664d8f 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.txt @@ -146,3 +146,5 @@ ecp521, DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0 modp1024s160, DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0 modp2048s224, DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0 modp2048s256, DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0 +noesn, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0 +esn, EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0 diff --git a/src/libstrongswan/crypto/transform.c b/src/libstrongswan/crypto/transform.c index cec90a616..1e108f1de 100644 --- a/src/libstrongswan/crypto/transform.c +++ b/src/libstrongswan/crypto/transform.c @@ -28,3 +28,8 @@ ENUM_NEXT(transform_type_names, ENCRYPTION_ALGORITHM, EXTENDED_SEQUENCE_NUMBERS, "EXTENDED_SEQUENCE_NUMBERS"); ENUM_END(transform_type_names, EXTENDED_SEQUENCE_NUMBERS); + +ENUM(extended_sequence_numbers_names, NO_EXT_SEQ_NUMBERS, EXT_SEQ_NUMBERS, + "NO_EXT_SEQ", + "EXT_SEQ", +); diff --git a/src/libstrongswan/crypto/transform.h b/src/libstrongswan/crypto/transform.h index 1a2660199..1393c674c 100644 --- a/src/libstrongswan/crypto/transform.h +++ b/src/libstrongswan/crypto/transform.h @@ -45,4 +45,17 @@ enum transform_type_t { */ extern enum_name_t *transform_type_names; +/** + * Extended sequence numbers, as in IKEv2 RFC 3.3.2. + */ +enum extended_sequence_numbers_t { + NO_EXT_SEQ_NUMBERS = 0, + EXT_SEQ_NUMBERS = 1 +}; + +/** + * enum strings for extended_sequence_numbers_t. + */ +extern enum_name_t *extended_sequence_numbers_names; + #endif /** TRANSFORM_H_ @}*/ diff --git a/src/libstrongswan/eap/eap.c b/src/libstrongswan/eap/eap.c index 71734017a..11b475d8f 100644 --- a/src/libstrongswan/eap/eap.c +++ b/src/libstrongswan/eap/eap.c @@ -44,11 +44,15 @@ ENUM_NEXT(eap_type_names, EAP_TTLS, EAP_TTLS, EAP_SIM, "EAP_TTLS"); ENUM_NEXT(eap_type_names, EAP_AKA, EAP_AKA, EAP_TTLS, "EAP_AKA"); -ENUM_NEXT(eap_type_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, +ENUM_NEXT(eap_type_names, EAP_PEAP, EAP_MSCHAPV2, EAP_AKA, + "EAP_PEAP", "EAP_MSCHAPV2"); -ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2, +ENUM_NEXT(eap_type_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2, + "EAP_MSTLV"); +ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSTLV, "EAP_TNC"); -ENUM_NEXT(eap_type_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC, +ENUM_NEXT(eap_type_names, EAP_DYNAMIC, EAP_EXPERIMENTAL, EAP_TNC, + "EAP_DYNAMIC", "EAP_RADIUS", "EAP_EXPANDED", "EAP_EXPERIMENTAL"); @@ -69,11 +73,15 @@ ENUM_NEXT(eap_type_short_names, EAP_TTLS, EAP_TTLS, EAP_SIM, "TTLS"); ENUM_NEXT(eap_type_short_names, EAP_AKA, EAP_AKA, EAP_TTLS, "AKA"); -ENUM_NEXT(eap_type_short_names, EAP_MSCHAPV2, EAP_MSCHAPV2, EAP_AKA, +ENUM_NEXT(eap_type_short_names, EAP_PEAP, EAP_MSCHAPV2, EAP_AKA, + "PEAP", "MSCHAPV2"); -ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSCHAPV2, +ENUM_NEXT(eap_type_short_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2, + "MSTLV"); +ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSTLV, "TNC"); -ENUM_NEXT(eap_type_short_names, EAP_RADIUS, EAP_EXPERIMENTAL, EAP_TNC, +ENUM_NEXT(eap_type_short_names, EAP_DYNAMIC, EAP_EXPERIMENTAL, EAP_TNC, + "DYN", "RAD", "EXP", "XP"); @@ -115,6 +123,7 @@ eap_type_t eap_type_from_string(char *name) {"ttls", EAP_TTLS}, {"sim", EAP_SIM}, {"aka", EAP_AKA}, + {"peap", EAP_PEAP}, {"mschapv2", EAP_MSCHAPV2}, {"tnc", EAP_TNC}, {"radius", EAP_RADIUS}, diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index cb28d4e2d..945e4bc59 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -60,8 +60,12 @@ enum eap_type_t { EAP_SIM = 18, EAP_TTLS = 21, EAP_AKA = 23, + EAP_PEAP = 25, EAP_MSCHAPV2 = 26, + EAP_MSTLV = 33, EAP_TNC = 38, + /** select EAP method dynamically based on i.e. EAP-Identity */ + EAP_DYNAMIC = 252, /** not a method, but an implementation providing different methods */ EAP_RADIUS = 253, EAP_EXPANDED = 254, @@ -79,14 +83,21 @@ extern enum_name_t *eap_type_names; extern enum_name_t *eap_type_short_names; /** + * EAP packet format + */ +typedef struct __attribute__((packed)) { + u_int8_t code; + u_int8_t identifier; + u_int16_t length; + u_int8_t type; + u_int8_t data; +} eap_packet_t; + +/** * Lookup the EAP method type from a string. * * @param name EAP method name (such as "md5", "aka") -<<<<<<< HEAD - * @return method type, 0 if unkown -======= * @return method type, 0 if unknown ->>>>>>> upstream/4.5.1 */ eap_type_t eap_type_from_string(char *name); diff --git a/src/libstrongswan/enum.c b/src/libstrongswan/enum.c index df6a73a81..5c811bd17 100644 --- a/src/libstrongswan/enum.c +++ b/src/libstrongswan/enum.c @@ -43,11 +43,7 @@ int enum_from_name(enum_name_t *e, char *name) { do { -<<<<<<< HEAD - int i, count = e->last - e->first; -======= int i, count = e->last - e->first + 1; ->>>>>>> upstream/4.5.1 for (i = 0; i < count; i++) { diff --git a/src/libstrongswan/fetcher/fetcher.c b/src/libstrongswan/fetcher/fetcher.c new file mode 100644 index 000000000..ca5a72165 --- /dev/null +++ b/src/libstrongswan/fetcher/fetcher.c @@ -0,0 +1,33 @@ +/* + * Copyright (C) 2011 Martin Willi + * Copyright (C) 2011 revosec AG + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "fetcher.h" + +/** + * See header. + */ +bool fetcher_default_callback(void *userdata, chunk_t chunk) +{ + chunk_t *accu = userdata; + + accu->ptr = realloc(accu->ptr, accu->len + chunk.len); + if (accu->ptr) + { + memcpy(&accu->ptr[accu->len], chunk.ptr, chunk.len); + accu->len += chunk.len; + return TRUE; + } + return FALSE; +} diff --git a/src/libstrongswan/fetcher/fetcher.h b/src/libstrongswan/fetcher/fetcher.h index f312206bb..5b734da3d 100644 --- a/src/libstrongswan/fetcher/fetcher.h +++ b/src/libstrongswan/fetcher/fetcher.h @@ -1,6 +1,7 @@ /* - * Copyright (C) 2008 Martin Willi + * Copyright (C) 2008-2011 Martin Willi * Hochschule fuer Technik Rapperswil + * Copyright (C) 2011 revosec AG * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,6 +26,23 @@ typedef struct fetcher_t fetcher_t; typedef enum fetcher_option_t fetcher_option_t; #include <stdarg.h> +#include <chunk.h> + +/** + * Constructor function which creates fetcher instances. + * + * @return fetcher instance + */ +typedef fetcher_t* (*fetcher_constructor_t)(); + +/** + * Callback function used with FETCH_CALLBACK. + * + * @param userdata userdata passed to fetcher_t.fetch() + * @param chunk chunk with next chunk of data + * @return TRUE to continue with transfer, FALSE to abort + */ +typedef bool (*fetcher_callback_t)(void *userdata, chunk_t chunk); #include <library.h> @@ -64,19 +82,20 @@ enum fetcher_option_t { FETCH_TIMEOUT, /** + * Callback to invoke with each chunk of data. + * Additional argument fetch_callback_t. + * If this option is not given, the fetcher_default_callback is used, + * which accumulates the data into an allocated chunk. + */ + FETCH_CALLBACK, + + /** * end of fetching options */ FETCH_END, }; /** - * Constructor function which creates fetcher instances. - * - * @return fetcher instance - */ -typedef fetcher_t* (*fetcher_constructor_t)(); - -/** * Fetcher interface, an implementation fetches data from an URL. */ struct fetcher_t { @@ -87,15 +106,18 @@ struct fetcher_t { * The fetcher returns NOT_SUPPORTED to indicate that it is uncappable * to handle such URLs. Other return values indicate a failure, and * fetching of that URL gets cancelled. + * If no FETCH_CALLBACK function is set as option, userdata must be + * a chunk_t*. This chunk gets allocated, accumulated data using the + * fetcher_default_callback() function. * * @param uri URI to fetch from - * @param result chunk which receives allocated data + * @param userdata userdata to pass to callback function. * @return * - SUCCESS if fetch was successful * - NOT_SUPPORTED if fetcher does not support such URLs * - FAILED, NOT_FOUND, PARSE_ERROR on failure */ - status_t (*fetch)(fetcher_t *this, char *uri, chunk_t *result); + status_t (*fetch)(fetcher_t *this, char *uri, void *userdata); /** * Set a fetcher option, as defined in fetcher_option_t. @@ -114,4 +136,13 @@ struct fetcher_t { void (*destroy)(fetcher_t *this); }; +/** + * Default fetcher callback function, accumulates data to a chunk. + * + * @param userdata chunk for allocated data, empty on first invocation + * @param chunk current chunk of data + * @return FALSE if chunk too large to allocate + */ +bool fetcher_default_callback(void *userdata, chunk_t chunk); + #endif /** FETCHER_H_ @}*/ diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index 2c5f5f688..9b363c7eb 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -58,11 +58,8 @@ static void entry_destroy(entry_t *entry) free(entry); } -/** - * Implementation of fetcher_manager_t.fetch. - */ -static status_t fetch(private_fetcher_manager_t *this, - char *url, chunk_t *response, ...) +METHOD(fetcher_manager_t, fetch, status_t, + private_fetcher_manager_t *this, char *url, void *userdata, ...) { enumerator_t *enumerator; status_t status = NOT_SUPPORTED; @@ -89,35 +86,33 @@ static status_t fetch(private_fetcher_manager_t *this, { continue; } - va_start(args, response); + va_start(args, userdata); while (good) { -<<<<<<< HEAD - opt = va_arg(args, fetcher_option_t); -======= opt = va_arg(args, int); ->>>>>>> upstream/4.5.1 switch (opt) { case FETCH_REQUEST_DATA: - good = fetcher->set_option(fetcher, opt, va_arg(args, chunk_t)); + good = fetcher->set_option(fetcher, opt, + va_arg(args, chunk_t)); continue; case FETCH_REQUEST_TYPE: case FETCH_REQUEST_HEADER: - good = fetcher->set_option(fetcher, opt, va_arg(args, char*)); + good = fetcher->set_option(fetcher, opt, + va_arg(args, char*)); continue; case FETCH_HTTP_VERSION_1_0: good = fetcher->set_option(fetcher, opt); continue; case FETCH_TIMEOUT: - good = fetcher->set_option(fetcher, opt, va_arg(args, u_int)); + good = fetcher->set_option(fetcher, opt, + va_arg(args, u_int)); continue; + case FETCH_CALLBACK: + good = fetcher->set_option(fetcher, opt, + va_arg(args, fetcher_callback_t)); case FETCH_END: -<<<<<<< HEAD - break;; -======= break; ->>>>>>> upstream/4.5.1 } break; } @@ -128,7 +123,7 @@ static status_t fetch(private_fetcher_manager_t *this, continue; } - status = fetcher->fetch(fetcher, url, response); + status = fetcher->fetch(fetcher, url, userdata); fetcher->destroy(fetcher); /* try another fetcher only if this one does not support that URL */ if (status == NOT_SUPPORTED) @@ -147,27 +142,22 @@ static status_t fetch(private_fetcher_manager_t *this, return status; } -/** - * Implementation of fetcher_manager_t.add_fetcher. - */ -static void add_fetcher(private_fetcher_manager_t *this, - fetcher_constructor_t create, char *url) +METHOD(fetcher_manager_t, add_fetcher, void, + private_fetcher_manager_t *this, fetcher_constructor_t create, char *url) { - entry_t *entry = malloc_thing(entry_t); - - entry->url = strdup(url); - entry->create = create; + entry_t *entry; + INIT(entry, + .url = strdup(url), + .create = create, + ); this->lock->write_lock(this->lock); this->fetchers->insert_last(this->fetchers, entry); this->lock->unlock(this->lock); } -/** - * Implementation of fetcher_manager_t.remove_fetcher. - */ -static void remove_fetcher(private_fetcher_manager_t *this, - fetcher_constructor_t create) +METHOD(fetcher_manager_t, remove_fetcher, void, + private_fetcher_manager_t *this, fetcher_constructor_t create) { enumerator_t *enumerator; entry_t *entry; @@ -186,10 +176,8 @@ static void remove_fetcher(private_fetcher_manager_t *this, this->lock->unlock(this->lock); } -/** - * Implementation of fetcher_manager_t.destroy - */ -static void destroy(private_fetcher_manager_t *this) +METHOD(fetcher_manager_t, destroy, void, + private_fetcher_manager_t *this) { this->fetchers->destroy_function(this->fetchers, (void*)entry_destroy); this->lock->destroy(this->lock); @@ -201,15 +189,18 @@ static void destroy(private_fetcher_manager_t *this) */ fetcher_manager_t *fetcher_manager_create() { - private_fetcher_manager_t *this = malloc_thing(private_fetcher_manager_t); - - this->public.fetch = (status_t(*)(fetcher_manager_t*, char *url, chunk_t *response, ...))fetch; - this->public.add_fetcher = (void(*)(fetcher_manager_t*, fetcher_constructor_t,char*))add_fetcher; - this->public.remove_fetcher = (void(*)(fetcher_manager_t*, fetcher_constructor_t))remove_fetcher; - this->public.destroy = (void(*)(fetcher_manager_t*))destroy; - - this->fetchers = linked_list_create(); - this->lock = rwlock_create(RWLOCK_TYPE_DEFAULT); + private_fetcher_manager_t *this; + + INIT(this, + .public = { + .fetch = _fetch, + .add_fetcher = _add_fetcher, + .remove_fetcher = _remove_fetcher, + .destroy = _destroy, + }, + .fetchers = linked_list_create(), + .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), + ); return &this->public; } diff --git a/src/libstrongswan/fetcher/fetcher_manager.h b/src/libstrongswan/fetcher/fetcher_manager.h index a7ac6611e..15250d531 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.h +++ b/src/libstrongswan/fetcher/fetcher_manager.h @@ -31,17 +31,20 @@ typedef struct fetcher_manager_t fetcher_manager_t; struct fetcher_manager_t { /** - * Fetch data from URI into chunk. + * Fetch data from URI. * * The variable argument list contains fetcher_option_t's, followed * by a option specific data argument. + * If no FETCH_CALLBACK function is given as option, userdata must be + * a chunk_t*. This chunk gets allocated, accumulated data using the + * fetcher_default_callback() function. * * @param uri URI to fetch from - * @param result chunk which receives allocated data + * @param userdata userdata to pass to callback function. * @param options FETCH_END terminated fetcher_option_t arguments * @return status indicating result of fetch */ - status_t (*fetch)(fetcher_manager_t *this, char *url, chunk_t *response, ...); + status_t (*fetch)(fetcher_manager_t *this, char *url, void *userdata, ...); /** * Register a fetcher implementation. diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index 7060f9ea0..e962aba70 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -57,16 +57,8 @@ struct private_integrity_checker_t { int checksum_count; }; -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.build_file - */ -static u_int32_t build_file(private_integrity_checker_t *this, char *file, - size_t *len) -======= METHOD(integrity_checker_t, build_file, u_int32_t, private_integrity_checker_t *this, char *file, size_t *len) ->>>>>>> upstream/4.5.1 { u_int32_t checksum; chunk_t contents; @@ -141,16 +133,8 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli) return 0; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.build_segment - */ -static u_int32_t build_segment(private_integrity_checker_t *this, void *sym, - size_t *len) -======= METHOD(integrity_checker_t, build_segment, u_int32_t, private_integrity_checker_t *this, void *sym, size_t *len) ->>>>>>> upstream/4.5.1 { chunk_t segment; Dl_info dli; @@ -190,16 +174,8 @@ static integrity_checksum_t *find_checksum(private_integrity_checker_t *this, return NULL; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.check_file - */ -static bool check_file(private_integrity_checker_t *this, - char *name, char *file) -======= METHOD(integrity_checker_t, check_file, bool, private_integrity_checker_t *this, char *name, char *file) ->>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -232,16 +208,8 @@ METHOD(integrity_checker_t, check_file, bool, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.check_segment - */ -static bool check_segment(private_integrity_checker_t *this, - char *name, void *sym) -======= METHOD(integrity_checker_t, check_segment, bool, private_integrity_checker_t *this, char *name, void *sym) ->>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -274,15 +242,8 @@ METHOD(integrity_checker_t, check_segment, bool, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.check - */ -static bool check(private_integrity_checker_t *this, char *name, void *sym) -======= METHOD(integrity_checker_t, check, bool, private_integrity_checker_t *this, char *name, void *sym) ->>>>>>> upstream/4.5.1 { Dl_info dli; @@ -302,15 +263,8 @@ METHOD(integrity_checker_t, check, bool, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of integrity_checker_t.destroy. - */ -static void destroy(private_integrity_checker_t *this) -======= METHOD(integrity_checker_t, destroy, void, private_integrity_checker_t *this) ->>>>>>> upstream/4.5.1 { if (this->handle) { @@ -324,19 +278,6 @@ METHOD(integrity_checker_t, destroy, void, */ integrity_checker_t *integrity_checker_create(char *checksum_library) { -<<<<<<< HEAD - private_integrity_checker_t *this = malloc_thing(private_integrity_checker_t); - - this->public.check_file = (bool(*)(integrity_checker_t*, char *name, char *file))check_file; - this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file, size_t *len))build_file; - this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment; - this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym, size_t *len))build_segment; - this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check; - this->public.destroy = (void(*)(integrity_checker_t*))destroy; - - this->checksum_count = 0; - this->handle = NULL; -======= private_integrity_checker_t *this; INIT(this, @@ -350,7 +291,6 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) }, ); ->>>>>>> upstream/4.5.1 if (checksum_library) { this->handle = dlopen(checksum_library, RTLD_LAZY); diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 6e4aeb9d6..c93f84ca7 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index f13e33492..2a1fed944 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -1518,6 +1518,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_aes_crypter_t *this) { + memwipe(this, sizeof(*this)); free(this); } diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index b859d3167..d17355d1d 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "aes_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "aes"; - ->>>>>>> upstream/4.5.1 typedef struct private_aes_plugin_t private_aes_plugin_t; /** @@ -36,6 +31,12 @@ struct private_aes_plugin_t { aes_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_aes_plugin_t *this) +{ + return "aes"; +} + METHOD(plugin_t, destroy, void, private_aes_plugin_t *this) { @@ -54,16 +55,14 @@ plugin_t *aes_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)aes_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index aa8df979e..00b54b026 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -244,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,6 +269,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c index 3416ad8d2..7b3c062aa 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.c @@ -63,6 +63,7 @@ static struct { size_t iv_size; } algs[] = { {ENCR_DES, "cbc(des)", 8, 8, 8, 8, }, + {ENCR_DES_ECB, "ecb(des)", 8, 8, 8, 0, }, {ENCR_3DES, "cbc(des3_ede)", 8, 24, 24, 8, }, {ENCR_AES_CBC, "cbc(aes)", 16, 16, 16, 16, }, {ENCR_AES_CBC, "cbc(aes)", 16, 24, 24, 16, }, @@ -91,7 +92,7 @@ static struct { /** * See header. */ -void af_alg_crypter_probe() +void af_alg_crypter_probe(char *plugin) { encryption_algorithm_t prev = -1; af_alg_ops_t *ops; @@ -105,7 +106,7 @@ void af_alg_crypter_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_crypter(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_crypter(lib->crypto, algs[i].id, plugin, (crypter_constructor_t)af_alg_crypter_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h index 711d2fc35..ed7799cc8 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_crypter.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_crypter.h @@ -48,7 +48,9 @@ af_alg_crypter_t *af_alg_crypter_create(encryption_algorithm_t algo, /** * Probe algorithms and register af_alg_crypter_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_crypter_probe(); +void af_alg_crypter_probe(char *plugin); #endif /** AF_ALG_CRYPTER_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c index 7c6297d44..11074c4bd 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c @@ -59,7 +59,7 @@ static struct { /** * See header. */ -void af_alg_hasher_probe() +void af_alg_hasher_probe(char *plugin) { af_alg_ops_t *ops; int i; @@ -70,7 +70,7 @@ void af_alg_hasher_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_hasher(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_hasher(lib->crypto, algs[i].id, plugin, (hasher_constructor_t)af_alg_hasher_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h index e0833e23a..f44ba2938 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.h @@ -46,7 +46,9 @@ af_alg_hasher_t *af_alg_hasher_create(hash_algorithm_t algo); /** * Probe algorithms and register af_alg_hasher_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_hasher_probe(); +void af_alg_hasher_probe(char *plugin); #endif /** af_alg_HASHER_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c index 7bf1d90db..82a227d97 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c @@ -21,8 +21,6 @@ #include <debug.h> -const char *af_alg_plugin_name = "af-alg"; - typedef struct private_af_alg_ops_t private_af_alg_ops_t; /** diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.h b/src/libstrongswan/plugins/af_alg/af_alg_ops.h index b7d642c00..ad164029f 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.h @@ -33,8 +33,6 @@ #define SOL_ALG 279 #endif /* SOL_ALG */ -extern const char *af_alg_plugin_name; - typedef struct af_alg_ops_t af_alg_ops_t; /** diff --git a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c index 54e39f1a0..280ea4e98 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c @@ -35,6 +35,12 @@ struct private_af_alg_plugin_t { af_alg_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_af_alg_plugin_t *this) +{ + return "af-alg"; +} + METHOD(plugin_t, destroy, void, private_af_alg_plugin_t *this) { @@ -60,15 +66,17 @@ plugin_t *af_alg_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - af_alg_hasher_probe(); - af_alg_signer_probe(); - af_alg_prf_probe(); - af_alg_crypter_probe(); + af_alg_hasher_probe(get_name(this)); + af_alg_signer_probe(get_name(this)); + af_alg_prf_probe(get_name(this)); + af_alg_crypter_probe(get_name(this)); return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c index 575906bae..1c1174abb 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c @@ -70,7 +70,7 @@ static struct { /** * See header. */ -void af_alg_prf_probe() +void af_alg_prf_probe(char *plugin) { af_alg_ops_t *ops; int i; @@ -81,7 +81,7 @@ void af_alg_prf_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_prf(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_prf(lib->crypto, algs[i].id, plugin, (prf_constructor_t)af_alg_prf_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.h b/src/libstrongswan/plugins/af_alg/af_alg_prf.h index a3dea5649..d3275e7be 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.h @@ -46,7 +46,9 @@ af_alg_prf_t *af_alg_prf_create(pseudo_random_function_t algo); /** * Probe algorithms and register af_alg_prf_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_prf_probe(); +void af_alg_prf_probe(char *plugin); #endif /** AF_ALG_PRF_H_ @}*/ diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c index 3d6f907bf..34534a06b 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c @@ -71,7 +71,7 @@ static struct { /** * See header. */ -void af_alg_signer_probe() +void af_alg_signer_probe(char *plugin) { af_alg_ops_t *ops; int i; @@ -82,7 +82,7 @@ void af_alg_signer_probe() if (ops) { ops->destroy(ops); - lib->crypto->add_signer(lib->crypto, algs[i].id, af_alg_plugin_name, + lib->crypto->add_signer(lib->crypto, algs[i].id, plugin, (signer_constructor_t)af_alg_signer_create); } } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.h b/src/libstrongswan/plugins/af_alg/af_alg_signer.h index b1d90707f..21487a118 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.h @@ -46,7 +46,9 @@ af_alg_signer_t *af_alg_signer_create(integrity_algorithm_t algo); /** * Probe algorithms and register af_alg_signer_create(). + * + * @param plugin plugin name to register algorithms for */ -void af_alg_signer_probe(); +void af_alg_signer_probe(char *plugin); #endif /** AF_ALG_SIGNER_H_ @}*/ diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index fa255ad23..ce333660d 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/agent/agent_plugin.c b/src/libstrongswan/plugins/agent/agent_plugin.c index bd3c1ac75..79c13b7c1 100644 --- a/src/libstrongswan/plugins/agent/agent_plugin.c +++ b/src/libstrongswan/plugins/agent/agent_plugin.c @@ -31,6 +31,12 @@ struct private_agent_plugin_t { agent_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_agent_plugin_t *this) +{ + return "agent"; +} + METHOD(plugin_t, destroy, void, private_agent_plugin_t *this) { @@ -49,6 +55,8 @@ plugin_t *agent_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 14f25d015..be8ba72ee 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 784c07eaf..fc3649b36 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -160,6 +160,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_blowfish_crypter_t *this) { + memwipe(this, sizeof(*this)); free(this); } diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 03f46a63a..9dc8dfe7f 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -19,11 +19,6 @@ #include <library.h> #include "blowfish_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "blowfish"; - ->>>>>>> upstream/4.5.1 typedef struct private_blowfish_plugin_t private_blowfish_plugin_t; /** @@ -37,6 +32,12 @@ struct private_blowfish_plugin_t { blowfish_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_blowfish_plugin_t *this) +{ + return "blowfish"; +} + METHOD(plugin_t, destroy, void, private_blowfish_plugin_t *this) { @@ -55,16 +56,14 @@ plugin_t *blowfish_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), (crypter_constructor_t)blowfish_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 504d1938a..b2bc4a51f 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c index 15c548e64..2865c2ae4 100644 --- a/src/libstrongswan/plugins/ccm/ccm_plugin.c +++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c @@ -19,11 +19,6 @@ #include "ccm_aead.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "ccm"; - ->>>>>>> upstream/4.5.1 typedef struct private_ccm_plugin_t private_ccm_plugin_t; /** @@ -37,6 +32,12 @@ struct private_ccm_plugin_t { ccm_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_ccm_plugin_t *this) +{ + return "ccm"; +} + METHOD(plugin_t, destroy, void, private_ccm_plugin_t *this) { @@ -52,52 +53,40 @@ METHOD(plugin_t, destroy, void, plugin_t *ccm_plugin_create() { private_ccm_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, - .public.plugin.destroy = _destroy, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, ); -<<<<<<< HEAD - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, - (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, - (aead_constructor_t)ccm_aead_create); -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, get_name(this), (aead_constructor_t)ccm_aead_create); } crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 0); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, get_name(this), (aead_constructor_t)ccm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, get_name(this), (aead_constructor_t)ccm_aead_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index 382bfef98..8be502a9c 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -244,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,6 +269,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/constraints/constraints_plugin.c b/src/libstrongswan/plugins/constraints/constraints_plugin.c index 1c3f0c835..502c83559 100644 --- a/src/libstrongswan/plugins/constraints/constraints_plugin.c +++ b/src/libstrongswan/plugins/constraints/constraints_plugin.c @@ -36,6 +36,12 @@ struct private_constraints_plugin_t { constraints_validator_t *validator; }; +METHOD(plugin_t, get_name, char*, + private_constraints_plugin_t *this) +{ + return "constraints"; +} + METHOD(plugin_t, destroy, void, private_constraints_plugin_t *this) { @@ -54,6 +60,8 @@ plugin_t *constraints_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index ecee15d56..0db640829 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c index dc6cba562..6850cacf0 100644 --- a/src/libstrongswan/plugins/ctr/ctr_plugin.c +++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c @@ -19,11 +19,6 @@ #include "ctr_ipsec_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "ctr"; - ->>>>>>> upstream/4.5.1 typedef struct private_ctr_plugin_t private_ctr_plugin_t; /** @@ -37,6 +32,12 @@ struct private_ctr_plugin_t { ctr_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_ctr_plugin_t *this) +{ + return "ctr"; +} + METHOD(plugin_t, destroy, void, private_ctr_plugin_t *this) { @@ -52,40 +53,31 @@ METHOD(plugin_t, destroy, void, plugin_t *ctr_plugin_create() { private_ctr_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, - (crypter_constructor_t)ctr_ipsec_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, - (crypter_constructor_t)ctr_ipsec_crypter_create); - -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this), (crypter_constructor_t)ctr_ipsec_crypter_create); } crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this), (crypter_constructor_t)ctr_ipsec_crypter_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index f2192399c..cdfb2b801 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index e58188098..7f8c0aec2 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -43,31 +43,49 @@ struct private_curl_fetcher_t { * Optional HTTP headers */ struct curl_slist *headers; + + /** + * Callback function + */ + fetcher_callback_t cb; }; /** - * writes data into a dynamically resizeable chunk_t + * Data to pass to curl callback + */ +typedef struct { + fetcher_callback_t cb; + void *user; +} cb_data_t; + +/** + * Curl callback function, invokes fetcher_callback_t function */ -static size_t append(void *ptr, size_t size, size_t nmemb, chunk_t *data) +static size_t curl_cb(void *ptr, size_t size, size_t nmemb, cb_data_t *data) { size_t realsize = size * nmemb; - data->ptr = (u_char*)realloc(data->ptr, data->len + realsize); - if (data->ptr) + if (data->cb(data->user, chunk_create(ptr, realsize))) { - memcpy(&data->ptr[data->len], ptr, realsize); - data->len += realsize; + return realsize; } - return realsize; + return 0; } METHOD(fetcher_t, fetch, status_t, - private_curl_fetcher_t *this, char *uri, chunk_t *result) + private_curl_fetcher_t *this, char *uri, void *userdata) { char error[CURL_ERROR_SIZE]; status_t status; + cb_data_t data = { + .cb = this->cb, + .user = userdata, + }; - *result = chunk_empty; + if (this->cb == fetcher_default_callback) + { + *(chunk_t*)userdata = chunk_empty; + } if (curl_easy_setopt(this->curl, CURLOPT_URL, uri) != CURLE_OK) { /* URL type not supported by curl */ @@ -77,8 +95,8 @@ METHOD(fetcher_t, fetch, status_t, curl_easy_setopt(this->curl, CURLOPT_FAILONERROR, TRUE); curl_easy_setopt(this->curl, CURLOPT_NOSIGNAL, TRUE); curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, DEFAULT_TIMEOUT); - curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)append); - curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, (void*)result); + curl_easy_setopt(this->curl, CURLOPT_WRITEFUNCTION, (void*)curl_cb); + curl_easy_setopt(this->curl, CURLOPT_WRITEDATA, &data); if (this->headers) { curl_easy_setopt(this->curl, CURLOPT_HTTPHEADER, this->headers); @@ -104,10 +122,7 @@ METHOD(fetcher_t, fetch, status_t, METHOD(fetcher_t, set_option, bool, private_curl_fetcher_t *this, fetcher_option_t option, ...) { -<<<<<<< HEAD -======= bool supported = TRUE; ->>>>>>> upstream/4.5.1 va_list args; va_start(args, option); @@ -119,11 +134,7 @@ METHOD(fetcher_t, set_option, bool, curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, (char*)data.ptr); curl_easy_setopt(this->curl, CURLOPT_POSTFIELDSIZE, data.len); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_REQUEST_TYPE: { @@ -132,44 +143,30 @@ METHOD(fetcher_t, set_option, bool, snprintf(header, BUF_LEN, "Content-Type: %s", request_type); this->headers = curl_slist_append(this->headers, header); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_REQUEST_HEADER: { char *header = va_arg(args, char*); this->headers = curl_slist_append(this->headers, header); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_HTTP_VERSION_1_0: { curl_easy_setopt(this->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); -<<<<<<< HEAD - return TRUE; -======= break; ->>>>>>> upstream/4.5.1 } case FETCH_TIMEOUT: { curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, va_arg(args, u_int)); -<<<<<<< HEAD - return TRUE; + break; } - default: - return FALSE; - } -======= + case FETCH_CALLBACK: + { + this->cb = va_arg(args, fetcher_callback_t); break; } default: @@ -178,7 +175,6 @@ METHOD(fetcher_t, set_option, bool, } va_end(args); return supported; ->>>>>>> upstream/4.5.1 } METHOD(fetcher_t, destroy, void, @@ -205,6 +201,7 @@ curl_fetcher_t *curl_fetcher_create() }, }, .curl = curl_easy_init(), + .cb = fetcher_default_callback, ); if (!this->curl) diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 41026f407..d0e532055 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -34,15 +34,14 @@ struct private_curl_plugin_t { curl_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of curl_plugin_t.curltroy - */ -static void destroy(private_curl_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_curl_plugin_t *this) +{ + return "curl"; +} + METHOD(plugin_t, destroy, void, private_curl_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create); @@ -56,21 +55,17 @@ METHOD(plugin_t, destroy, void, plugin_t *curl_plugin_create() { CURLcode res; -<<<<<<< HEAD - private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_curl_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 res = curl_global_init(CURL_GLOBAL_NOTHING); if (res == CURLE_OK) diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 9f49f45f4..d24ac40f8 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 7d9fbe852..695e7e4c4 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -1552,6 +1552,7 @@ METHOD(crypter_t, set_key3, void, METHOD(crypter_t, destroy, void, private_des_crypter_t *this) { + memwipe(this, sizeof(*this)); free(this); } diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index 14c5420ea..78b73347d 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "des_crypter.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "des"; - ->>>>>>> upstream/4.5.1 typedef struct private_des_plugin_t private_des_plugin_t; /** @@ -36,6 +31,12 @@ struct private_des_plugin_t { des_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_des_plugin_t *this) +{ + return "des"; +} + METHOD(plugin_t, destroy, void, private_des_plugin_t *this) { @@ -54,24 +55,18 @@ plugin_t *des_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, - (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, - (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), (crypter_constructor_t)des_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), (crypter_constructor_t)des_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 262d64565..62c52498c 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index 75743ae2e..4e08746f8 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -31,15 +31,14 @@ struct private_dnskey_plugin_t { dnskey_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of dnskey_plugin_t.dnskeytroy - */ -static void destroy(private_dnskey_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_dnskey_plugin_t *this) +{ + return "dnskey"; +} + METHOD(plugin_t, destroy, void, private_dnskey_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)dnskey_public_key_load); @@ -51,22 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *dnskey_plugin_create() { -<<<<<<< HEAD - private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_dnskey_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)dnskey_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 6bd31f0e1..e88a102b8 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index 27a3b9cc6..ee71f6efd 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -106,12 +106,8 @@ static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) * 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, * 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 */ -<<<<<<< HEAD -static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) -======= METHOD(prf_t, get_bytes, void, private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) ->>>>>>> upstream/4.5.1 { int i; u_int8_t xval[this->b]; @@ -144,19 +140,6 @@ METHOD(prf_t, get_bytes, void, /* 3.3 done already, mod q not used */ } -<<<<<<< HEAD -/** - * Implementation of prf_t.get_block_size. - */ -static size_t get_block_size(private_fips_prf_t *this) -{ - return 2 * this->b; -} -/** - * Implementation of prf_t.allocate_bytes. - */ -static void allocate_bytes(private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) -======= METHOD(prf_t, get_block_size, size_t, private_fips_prf_t *this) { @@ -164,34 +147,19 @@ METHOD(prf_t, get_block_size, size_t, } METHOD(prf_t, allocate_bytes, void, private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) ->>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(get_block_size(this)); get_bytes(this, seed, chunk->ptr); } -<<<<<<< HEAD -/** - * Implementation of prf_t.get_key_size. - */ -static size_t get_key_size(private_fips_prf_t *this) -======= METHOD(prf_t, get_key_size, size_t, private_fips_prf_t *this) ->>>>>>> upstream/4.5.1 { return this->b; } -<<<<<<< HEAD -/** - * Implementation of prf_t.set_key. - */ -static void set_key(private_fips_prf_t *this, chunk_t key) -======= METHOD(prf_t, set_key, void, private_fips_prf_t *this, chunk_t key) ->>>>>>> upstream/4.5.1 { /* save key as "key mod 2^b" */ chunk_mod(this->b, key, this->key); @@ -223,15 +191,8 @@ void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) this->keyed_prf->get_bytes(this->keyed_prf, c, res); } -<<<<<<< HEAD -/** - * Implementation of prf_t.destroy. - */ -static void destroy(private_fips_prf_t *this) -======= METHOD(prf_t, destroy, void, private_fips_prf_t *this) ->>>>>>> upstream/4.5.1 { this->keyed_prf->destroy(this->keyed_prf); free(this->key); @@ -243,16 +204,6 @@ METHOD(prf_t, destroy, void, */ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) { -<<<<<<< HEAD - private_fips_prf_t *this = malloc_thing(private_fips_prf_t); - - this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; - this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; - this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; - this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; - this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; - this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; -======= private_fips_prf_t *this; INIT(this, @@ -267,7 +218,6 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) }, }, ); ->>>>>>> upstream/4.5.1 switch (algo) { diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 202d6653a..7038da146 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "fips_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "fips-prf"; - ->>>>>>> upstream/4.5.1 typedef struct private_fips_prf_plugin_t private_fips_prf_plugin_t; /** @@ -36,15 +31,14 @@ struct private_fips_prf_plugin_t { fips_prf_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of fips_prf_plugin_t.destroy - */ -static void destroy(private_fips_prf_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_fips_prf_plugin_t *this) +{ + return "fips-prf"; +} + METHOD(plugin_t, destroy, void, private_fips_prf_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_prf(lib->crypto, (prf_constructor_t)fips_prf_create); @@ -56,20 +50,14 @@ METHOD(plugin_t, destroy, void, */ plugin_t *fips_prf_plugin_create() { -<<<<<<< HEAD - private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, - (prf_constructor_t)fips_prf_create); -======= private_fips_prf_plugin_t *this; prf_t *prf; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -79,10 +67,9 @@ plugin_t *fips_prf_plugin_create() if (prf) { prf->destroy(prf); - lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, get_name(this), (prf_constructor_t)fips_prf_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 7f5a59abd..202849eb6 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c index 984026778..4b46f0ee4 100644 --- a/src/libstrongswan/plugins/gcm/gcm_plugin.c +++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c @@ -19,11 +19,6 @@ #include "gcm_aead.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "gcm"; - ->>>>>>> upstream/4.5.1 typedef struct private_gcm_plugin_t private_gcm_plugin_t; /** @@ -37,6 +32,12 @@ struct private_gcm_plugin_t { gcm_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_gcm_plugin_t *this) +{ + return "gcm"; +} + METHOD(plugin_t, destroy, void, private_gcm_plugin_t *this) { @@ -52,35 +53,29 @@ METHOD(plugin_t, destroy, void, plugin_t *gcm_plugin_create() { private_gcm_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, - .public.plugin.destroy = _destroy, + .public = { + .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, + .destroy = _destroy, + }, + }, ); -<<<<<<< HEAD - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, - (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, - (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, - (aead_constructor_t)gcm_aead_create); -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, get_name(this), (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, get_name(this), (aead_constructor_t)gcm_aead_create); - lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, plugin_name, + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, get_name(this), (aead_constructor_t)gcm_aead_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index bb4e29b3b..bedb918b9 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index c709d497f..e26277b0b 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -29,11 +29,6 @@ #include <errno.h> #include <gcrypt.h> -<<<<<<< HEAD -======= -static const char *plugin_name = "gcrypt"; - ->>>>>>> upstream/4.5.1 typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t; /** @@ -98,6 +93,12 @@ static struct gcry_thread_cbs thread_functions = { NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL }; +METHOD(plugin_t, get_name, char*, + private_gcrypt_plugin_t *this) +{ + return "gcrypt"; +} + METHOD(plugin_t, destroy, void, private_gcrypt_plugin_t *this) { @@ -147,161 +148,87 @@ plugin_t *gcrypt_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); /* hashers */ -<<<<<<< HEAD - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, - (hasher_constructor_t)gcrypt_hasher_create); - - /* crypters */ - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, - (crypter_constructor_t)gcrypt_crypter_create); -#ifdef HAVE_GCRY_CIPHER_CAMELLIA - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, - (crypter_constructor_t)gcrypt_crypter_create); -#endif /* HAVE_GCRY_CIPHER_CAMELLIA */ - lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, - (crypter_constructor_t)gcrypt_crypter_create); - - /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, - (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, - (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, - (rng_constructor_t)gcrypt_rng_create); - - /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, - (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, -======= - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)gcrypt_hasher_create); /* crypters */ - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); #ifdef HAVE_GCRY_CIPHER_CAMELLIA - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); #endif /* HAVE_GCRY_CIPHER_CAMELLIA */ - lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, get_name(this), (crypter_constructor_t)gcrypt_crypter_create); /* random numbers */ - lib->crypto->add_rng(lib->crypto, RNG_WEAK, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_WEAK, get_name(this), (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), (rng_constructor_t)gcrypt_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), (rng_constructor_t)gcrypt_rng_create); /* diffie hellman groups, using modp */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), (dh_constructor_t)gcrypt_dh_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), (dh_constructor_t)gcrypt_dh_create_custom); /* RSA */ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index dde840936..18592ab4a 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index 798602e84..55ccd4a4f 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -20,11 +20,6 @@ #include "gmp_rsa_private_key.h" #include "gmp_rsa_public_key.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "gmp"; - ->>>>>>> upstream/4.5.1 typedef struct private_gmp_plugin_t private_gmp_plugin_t; /** @@ -38,6 +33,12 @@ struct private_gmp_plugin_t { gmp_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_gmp_plugin_t *this) +{ + return "gmp"; +} + METHOD(plugin_t, destroy, void, private_gmp_plugin_t *this) { @@ -64,62 +65,37 @@ plugin_t *gmp_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, - (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, - (dh_constructor_t)gmp_diffie_hellman_create); - - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, -======= - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), (dh_constructor_t)gmp_diffie_hellman_create_custom); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index e8355ab21..b9e2cd817 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index c7b2739df..397a1ea11 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -147,8 +147,8 @@ METHOD(hmac_t, destroy, void, private_hmac_t *this) { this->h->destroy(this->h); - free(this->opaded_key.ptr); - free(this->ipaded_key.ptr); + chunk_clear(&this->opaded_key); + chunk_clear(&this->ipaded_key); free(this); } diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index c15a29b1c..47d6d3cde 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -19,11 +19,6 @@ #include "hmac_signer.h" #include "hmac_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "hmac"; - ->>>>>>> upstream/4.5.1 typedef struct private_hmac_plugin_t private_hmac_plugin_t; /** @@ -37,6 +32,12 @@ struct private_hmac_plugin_t { hmac_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_hmac_plugin_t *this) +{ + return "hmac"; +} + METHOD(plugin_t, destroy, void, private_hmac_plugin_t *this) { @@ -53,74 +54,40 @@ METHOD(plugin_t, destroy, void, plugin_t *hmac_plugin_create() { private_hmac_plugin_t *this; -<<<<<<< HEAD -======= hasher_t *hasher; ->>>>>>> upstream/4.5.1 INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, - (prf_constructor_t)hmac_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, - (prf_constructor_t)hmac_prf_create); - - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, - (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, - (signer_constructor_t)hmac_signer_create); -======= hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, get_name(this), (signer_constructor_t)hmac_signer_create); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA256); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, get_name(this), (signer_constructor_t)hmac_signer_create); } @@ -128,34 +95,33 @@ plugin_t *hmac_plugin_create() if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, get_name(this), (signer_constructor_t)hmac_signer_create); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA384); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, get_name(this), (signer_constructor_t)hmac_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, get_name(this), (signer_constructor_t)hmac_signer_create); } hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA512); if (hasher) { hasher->destroy(hasher); - lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, get_name(this), (prf_constructor_t)hmac_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, get_name(this), (signer_constructor_t)hmac_signer_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 7dd7e92f0..b496ace28 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index 57c367ca1..fc6114b0a 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -100,13 +100,8 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } -<<<<<<< HEAD -static status_t fetch(private_ldap_fetcher_t *this, char *url, - chunk_t *result, va_list args) -======= METHOD(fetcher_t, fetch, status_t, - private_ldap_fetcher_t *this, char *url, chunk_t *result) ->>>>>>> upstream/4.5.1 + private_ldap_fetcher_t *this, char *url, void *userdata) { LDAP *ldap; LDAPURLDesc *lurl; @@ -115,6 +110,7 @@ METHOD(fetcher_t, fetch, status_t, int ldap_version = LDAP_VERSION3; struct timeval timeout; status_t status = FAILED; + chunk_t *result = userdata; if (!strneq(url, "ldap", 4)) { @@ -171,15 +167,8 @@ METHOD(fetcher_t, fetch, status_t, } -<<<<<<< HEAD -/** - * Implementation of fetcher_t.set_option. - */ -static bool set_option(private_ldap_fetcher_t *this, fetcher_option_t option, ...) -======= METHOD(fetcher_t, set_option, bool, private_ldap_fetcher_t *this, fetcher_option_t option, ...) ->>>>>>> upstream/4.5.1 { va_list args; @@ -196,15 +185,8 @@ METHOD(fetcher_t, set_option, bool, } } -<<<<<<< HEAD -/** - * Implements ldap_fetcher_t.destroy - */ -static void destroy(private_ldap_fetcher_t *this) -======= METHOD(fetcher_t, destroy, void, private_ldap_fetcher_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -214,15 +196,6 @@ METHOD(fetcher_t, destroy, void, */ ldap_fetcher_t *ldap_fetcher_create() { -<<<<<<< HEAD - private_ldap_fetcher_t *this = malloc_thing(private_ldap_fetcher_t); - - this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; - this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; - this->public.interface.destroy = (void (*)(fetcher_t*))destroy; - - this->timeout = DEFAULT_TIMEOUT; -======= private_ldap_fetcher_t *this; INIT(this, @@ -235,7 +208,6 @@ ldap_fetcher_t *ldap_fetcher_create() }, .timeout = DEFAULT_TIMEOUT, ); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 434a023ce..08d9748ce 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -31,15 +31,14 @@ struct private_ldap_plugin_t { ldap_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of ldap_plugin_t.destroy - */ -static void destroy(private_ldap_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_ldap_plugin_t *this) +{ + return "ldap"; +} + METHOD(plugin_t, destroy, void, private_ldap_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create); @@ -51,21 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *ldap_plugin_create() { -<<<<<<< HEAD - private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_ldap_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldap://"); diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 4f69538a8..82781054b 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index cdb0fe914..371bba280 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "md4_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "md4"; - ->>>>>>> upstream/4.5.1 typedef struct private_md4_plugin_t private_md4_plugin_t; /** @@ -36,15 +31,14 @@ struct private_md4_plugin_t { md4_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of md4_plugin_t.destroy - */ -static void destroy(private_md4_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_md4_plugin_t *this) +{ + return "md4"; +} + METHOD(plugin_t, destroy, void, private_md4_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md4_hasher_create); @@ -56,25 +50,19 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md4_plugin_create() { -<<<<<<< HEAD - private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_MD4, -======= private_md4_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), (hasher_constructor_t)md4_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index c0ffec7ad..0e3c37e7e 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index 015274ddf..c72284193 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "md5_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "md5"; - ->>>>>>> upstream/4.5.1 typedef struct private_md5_plugin_t private_md5_plugin_t; /** @@ -36,15 +31,14 @@ struct private_md5_plugin_t { md5_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of md5_plugin_t.destroy - */ -static void destroy(private_md5_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_md5_plugin_t *this) +{ + return "md5"; +} + METHOD(plugin_t, destroy, void, private_md5_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md5_hasher_create); @@ -56,25 +50,19 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md5_plugin_create() { -<<<<<<< HEAD - private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_MD5, -======= private_md5_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)md5_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 7a6c57dd1..32067d5b4 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 0b9f8285d..5fbfa0f28 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -474,15 +474,8 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) return TRUE; } -<<<<<<< HEAD -/** - * Implementation of database_t.query. - */ -static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) -======= METHOD(database_t, query, enumerator_t*, private_mysql_database_t *this, char *sql, ...) ->>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -568,15 +561,8 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } -<<<<<<< HEAD -/** - * Implementation of database_t.execute. - */ -static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) -======= METHOD(database_t, execute, int, private_mysql_database_t *this, int *rowid, char *sql, ...) ->>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -604,28 +590,14 @@ METHOD(database_t, execute, int, return affected; } -<<<<<<< HEAD -/** - * Implementation of database_t.get_driver - */ -static db_driver_t get_driver(private_mysql_database_t *this) -======= METHOD(database_t, get_driver,db_driver_t, private_mysql_database_t *this) ->>>>>>> upstream/4.5.1 { return DB_MYSQL; } -<<<<<<< HEAD -/** - * Implementation of database_t.destroy - */ -static void destroy(private_mysql_database_t *this) -======= METHOD(database_t, destroy, void, private_mysql_database_t *this) ->>>>>>> upstream/4.5.1 { this->pool->destroy_function(this->pool, (void*)conn_destroy); this->mutex->destroy(this->mutex); @@ -697,14 +669,6 @@ mysql_database_t *mysql_database_create(char *uri) return NULL; } -<<<<<<< HEAD - this = malloc_thing(private_mysql_database_t); - - this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; - this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; - this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; - this->public.db.destroy = (void(*)(database_t*))destroy; -======= INIT(this, .public = { .db = { @@ -715,7 +679,6 @@ mysql_database_t *mysql_database_create(char *uri) }, }, ); ->>>>>>> upstream/4.5.1 if (!parse_uri(this, uri)) { diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 738bbeddb..579df4d50 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -32,15 +32,14 @@ struct private_mysql_plugin_t { mysql_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_mysql_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_mysql_plugin_t *this) +{ + return "mysql"; +} + METHOD(plugin_t, destroy, void, private_mysql_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)mysql_database_create); @@ -61,18 +60,15 @@ plugin_t *mysql_plugin_create() return NULL; } -<<<<<<< HEAD - this = malloc_thing(private_mysql_plugin_t); - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)mysql_database_create); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 4048bbd02..d1c8fce81 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -226,13 +226,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -253,6 +247,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -271,14 +267,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 7708af958..58401faa5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -382,11 +382,8 @@ static private_openssl_crl_t *create_empty() }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD -======= .is_delta_crl = (void*)return_false, .create_delta_crl_uri_enumerator = (void*)enumerator_create_empty, ->>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, @@ -463,9 +460,6 @@ static bool parse_extensions(private_openssl_crl_t *this) ok = parse_crlNumber_ext(this, ext); break; default: -<<<<<<< HEAD - ok = TRUE; -======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -474,7 +468,6 @@ static bool parse_extensions(private_openssl_crl_t *this) DBG1(DBG_LIB, "found unsupported critical X.509 " "CRL extension"); } ->>>>>>> upstream/4.5.1 break; } if (!ok) diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 2ed07ff0c..cd9a3bd4a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -152,7 +152,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_openssl_crypter_t *this) { - free(this->key.ptr); + chunk_clear(&this->key); free(this); } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c index 32fc2bccd..78ed2811a 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c @@ -257,7 +257,7 @@ METHOD(diffie_hellman_t, destroy, void, { EC_POINT_clear_free(this->pub_key); EC_KEY_free(this->key); - chunk_free(&this->shared_secret); + chunk_clear(&this->shared_secret); free(this); } diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index cf48b4c15..96aa38bb6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -41,11 +41,6 @@ #include "openssl_x509.h" #include "openssl_crl.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "openssl"; - ->>>>>>> upstream/4.5.1 typedef struct private_openssl_plugin_t private_openssl_plugin_t; /** @@ -198,6 +193,12 @@ static void threading_cleanup() mutex = NULL; } +METHOD(plugin_t, get_name, char*, + private_openssl_plugin_t *this) +{ + return "openssl"; +} + METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { @@ -253,6 +254,8 @@ plugin_t *openssl_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -277,167 +280,85 @@ plugin_t *openssl_plugin_create() } /* crypter */ -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_RC5, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, - (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_NULL, - (crypter_constructor_t)openssl_crypter_create); - - /* hasher */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD2, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, - (hasher_constructor_t)openssl_hasher_create); - - /* prf */ - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, - (prf_constructor_t)openssl_sha1_prf_create); - - /* (ec) diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); -#ifndef OPENSSL_NO_EC - lib->crypto->add_dh(lib->crypto, ECP_256_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_384_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_521_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, - (dh_constructor_t)openssl_ec_diffie_hellman_create); -#endif /* OPENSSL_NO_EC */ - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, - (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_RC5, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_RC5, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_CAST, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, get_name(this), (crypter_constructor_t)openssl_crypter_create); - lib->crypto->add_crypter(lib->crypto, ENCR_NULL, plugin_name, + lib->crypto->add_crypter(lib->crypto, ENCR_NULL, get_name(this), (crypter_constructor_t)openssl_crypter_create); /* hasher */ - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD4, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)openssl_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)openssl_hasher_create); /* prf */ - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this), (prf_constructor_t)openssl_sha1_prf_create); /* (ec) diffie hellman */ - lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_224, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_2048_256, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_2048_256, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); #ifndef OPENSSL_NO_EC - lib->crypto->add_dh(lib->crypto, ECP_256_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_256_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_384_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_384_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_521_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_521_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_224_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, ECP_192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, get_name(this), (dh_constructor_t)openssl_ec_diffie_hellman_create); #endif /* OPENSSL_NO_EC */ - lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_1024_160, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_1024_160, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); - lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, get_name(this), (dh_constructor_t)openssl_diffie_hellman_create); /* rsa */ diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 0b607c386..d1afd94cc 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -455,6 +455,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, return NULL; } +#ifndef OPENSSL_NO_ENGINE /** * Login to engine with a PIN specified for a keyid */ @@ -496,6 +497,7 @@ static bool login(ENGINE *engine, chunk_t keyid) } return success; } +#endif /* OPENSSL_NO_ENGINE */ /** * See header. diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 7c7f2aa06..f7495b2ae 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -84,11 +84,7 @@ struct private_openssl_x509_t { /** * Pathlen constraint */ -<<<<<<< HEAD - int pathlen; -======= u_char pathlen; ->>>>>>> upstream/4.5.1 /** * certificate subject @@ -141,11 +137,7 @@ struct private_openssl_x509_t { linked_list_t *issuerAltNames; /** -<<<<<<< HEAD - * List of CRL URIs -======= * List of CRL URIs, as x509_cdp_t ->>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -161,8 +153,6 @@ struct private_openssl_x509_t { }; /** -<<<<<<< HEAD -======= * Destroy a CRL URI struct */ static void crl_uri_destroy(x509_cdp_t *this) @@ -173,7 +163,6 @@ static void crl_uri_destroy(x509_cdp_t *this) } /** ->>>>>>> upstream/4.5.1 * Convert a GeneralName to an identification_t. */ static identification_t *general_name2id(GENERAL_NAME *name) @@ -261,12 +250,6 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t, return chunk_empty; } -<<<<<<< HEAD -METHOD(x509_t, get_pathLenConstraint, int, - private_openssl_x509_t *this) -{ - return this->pathlen; -======= METHOD(x509_t, get_constraint, u_int, private_openssl_x509_t *this, x509_constraint_t type) { @@ -277,7 +260,6 @@ METHOD(x509_t, get_constraint, u_int, default: return X509_NO_CONSTRAINT; } ->>>>>>> upstream/4.5.1 } METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, @@ -298,16 +280,6 @@ METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, return this->ocsp_uris->create_enumerator(this->ocsp_uris); } -<<<<<<< HEAD -METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, - private_openssl_x509_t *this) -{ - /* TODO */ - return enumerator_create_empty(); -} - -======= ->>>>>>> upstream/4.5.1 METHOD(certificate_t, get_type, certificate_type_t, private_openssl_x509_t *this) { @@ -520,11 +492,7 @@ METHOD(certificate_t, destroy, void, offsetof(identification_t, destroy)); this->issuerAltNames->destroy_offset(this->issuerAltNames, offsetof(identification_t, destroy)); -<<<<<<< HEAD - this->crl_uris->destroy_function(this->crl_uris, free); -======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); ->>>>>>> upstream/4.5.1 this->ocsp_uris->destroy_function(this->ocsp_uris, free); free(this); } @@ -558,13 +526,6 @@ static private_openssl_x509_t *create_empty() .get_serial = _get_serial, .get_subjectKeyIdentifier = _get_subjectKeyIdentifier, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD - .get_pathLenConstraint = _get_pathLenConstraint, - .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, - .create_crl_uri_enumerator = _create_crl_uri_enumerator, - .create_ocsp_uri_enumerator = _create_ocsp_uri_enumerator, - .create_ipAddrBlock_enumerator = _create_ipAddrBlock_enumerator, -======= .get_constraint = _get_constraint, .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, .create_crl_uri_enumerator = _create_crl_uri_enumerator, @@ -573,18 +534,13 @@ static private_openssl_x509_t *create_empty() .create_name_constraint_enumerator = (void*)enumerator_create_empty, .create_cert_policy_enumerator = (void*)enumerator_create_empty, .create_policy_mapping_enumerator = (void*)enumerator_create_empty, ->>>>>>> upstream/4.5.1 }, }, .subjectAltNames = linked_list_create(), .issuerAltNames = linked_list_create(), .crl_uris = linked_list_create(), .ocsp_uris = linked_list_create(), -<<<<<<< HEAD - .pathlen = X509_NO_PATH_LEN_CONSTRAINT, -======= .pathlen = X509_NO_CONSTRAINT, ->>>>>>> upstream/4.5.1 .ref = 1, ); @@ -630,10 +586,7 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, X509_EXTENSION *ext) { BASIC_CONSTRAINTS *constraints; -<<<<<<< HEAD -======= long pathlen; ->>>>>>> upstream/4.5.1 constraints = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(ext); if (constraints) @@ -644,14 +597,10 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } if (constraints->pathlen) { -<<<<<<< HEAD - this->pathlen = ASN1_INTEGER_get(constraints->pathlen); -======= pathlen = ASN1_INTEGER_get(constraints->pathlen); this->pathlen = (pathlen >= 0 && pathlen < 128) ? pathlen : X509_NO_CONSTRAINT; ->>>>>>> upstream/4.5.1 } BASIC_CONSTRAINTS_free(constraints); return TRUE; @@ -667,16 +616,10 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { CRL_DIST_POINTS *cdps; DIST_POINT *cdp; -<<<<<<< HEAD - identification_t *id; - char *uri; - int i, j, point_num, name_num; -======= identification_t *id, *issuer; x509_cdp_t *entry; char *uri; int i, j, k, point_num, name_num, issuer_num; ->>>>>>> upstream/4.5.1 cdps = X509V3_EXT_d2i(ext); if (!cdps) @@ -701,9 +644,6 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { -<<<<<<< HEAD - this->crl_uris->insert_first(this->crl_uris, uri); -======= if (cdp->CRLissuer) { issuer_num = sk_GENERAL_NAME_num(cdp->CRLissuer); @@ -730,16 +670,12 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, ); this->crl_uris->insert_last(this->crl_uris, entry); } ->>>>>>> upstream/4.5.1 } id->destroy(id); } } } -<<<<<<< HEAD -======= ->>>>>>> upstream/4.5.1 DIST_POINT_free(cdp); } } @@ -872,9 +808,6 @@ static bool parse_extensions(private_openssl_x509_t *this) ok = parse_crlDistributionPoints_ext(this, ext); break; default: -<<<<<<< HEAD - ok = TRUE; -======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -882,7 +815,6 @@ static bool parse_extensions(private_openssl_x509_t *this) { DBG1(DBG_LIB, "found unsupported critical X.509 extension"); } ->>>>>>> upstream/4.5.1 break; } if (!ok) @@ -940,8 +872,6 @@ static bool parse_certificate(private_openssl_x509_t *this) { return FALSE; } -<<<<<<< HEAD -======= if (X509_get_version(this->x509) < 0 || X509_get_version(this->x509) > 2) { DBG1(DBG_LIB, "unsupported x509 version: %d", @@ -949,7 +879,6 @@ static bool parse_certificate(private_openssl_x509_t *this) return FALSE; } ->>>>>>> upstream/4.5.1 this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); @@ -993,11 +922,7 @@ static bool parse_certificate(private_openssl_x509_t *this) if (!parse_extensions(this)) { -<<<<<<< HEAD - return TRUE; -======= return FALSE; ->>>>>>> upstream/4.5.1 } parse_extKeyUsage(this); diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 24c7441d7..7bc342995 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c index 06c20292f..119de86aa 100644 --- a/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c +++ b/src/libstrongswan/plugins/padlock/padlock_aes_crypter.c @@ -105,6 +105,8 @@ static void crypt(private_padlock_aes_crypter_t *this, char *iv, *dst = chunk_alloc(src.len); padlock_crypt(key_aligned, &cword, src.ptr, dst->ptr, src.len / AES_BLOCK_SIZE, iv_aligned); + + memwipe(key_aligned, sizeof(key_aligned)); } METHOD(crypter_t, decrypt, void, @@ -146,7 +148,7 @@ METHOD(crypter_t, set_key, void, METHOD(crypter_t, destroy, void, private_padlock_aes_crypter_t *this) { - free(this->key.ptr); + chunk_clear(&this->key); free(this); } diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index a78f2076b..9d4afd8e8 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -23,11 +23,6 @@ #include <library.h> #include <debug.h> -<<<<<<< HEAD -======= -static const char *plugin_name = "padlock"; - ->>>>>>> upstream/4.5.1 typedef struct private_padlock_plugin_t private_padlock_plugin_t; typedef enum padlock_feature_t padlock_feature_t; @@ -106,6 +101,12 @@ static padlock_feature_t get_padlock_features() return 0; } +METHOD(plugin_t, get_name, char*, + private_padlock_plugin_t *this) +{ + return "padlock"; +} + METHOD(plugin_t, destroy, void, private_padlock_plugin_t *this) { @@ -141,6 +142,8 @@ plugin_t *padlock_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -166,37 +169,21 @@ plugin_t *padlock_plugin_create() if (this->features & PADLOCK_RNG_ENABLED) { -<<<<<<< HEAD - lib->crypto->add_rng(lib->crypto, RNG_TRUE, - (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, - (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_WEAK, -======= - lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), (rng_constructor_t)padlock_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_WEAK, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_rng(lib->crypto, RNG_WEAK, get_name(this), (rng_constructor_t)padlock_rng_create); } if (this->features & PADLOCK_ACE2_ENABLED) { -<<<<<<< HEAD - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, -======= - lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, get_name(this), (crypter_constructor_t)padlock_aes_crypter_create); } if (this->features & PADLOCK_PHE_ENABLED) { -<<<<<<< HEAD - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, -======= - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)padlock_sha1_hasher_create); } return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 5a2469145..92c7fa2fe 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c index 2a69e4ea6..9c8237e4d 100644 --- a/src/libstrongswan/plugins/pem/pem_encoder.c +++ b/src/libstrongswan/plugins/pem/pem_encoder.c @@ -111,11 +111,7 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding, } /* compute and allocate maximum size of PEM object */ -<<<<<<< HEAD - pem_chars = 4*(asn1.len + 2)/3; -======= pem_chars = 4 * ((asn1.len + 2) / 3); ->>>>>>> upstream/4.5.1 pem_lines = (asn1.len + BYTES_PER_LINE - 1) / BYTES_PER_LINE; *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines); pos = encoding->ptr; diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index 0e6a4788c..c81605ae5 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -33,15 +33,14 @@ struct private_pem_plugin_t { pem_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pem_plugin_t.pemtroy - */ -static void destroy(private_pem_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pem_plugin_t *this) +{ + return "pem"; +} + METHOD(plugin_t, destroy, void, private_pem_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pem_private_key_load); @@ -57,21 +56,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pem_plugin_create() { -<<<<<<< HEAD - private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_pem_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 /* register private key PEM decoding builders */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index 336e293be..6be915f29 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index 762eb061f..52e9d96b1 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -33,15 +33,14 @@ struct private_pgp_plugin_t { pgp_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pgp_plugin_t.pgptroy - */ -static void destroy(private_pgp_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pgp_plugin_t *this) +{ + return "pgp"; +} + METHOD(plugin_t, destroy, void, private_pgp_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pgp_public_key_load); @@ -61,22 +60,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pgp_plugin_create() { -<<<<<<< HEAD - private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - -======= private_pgp_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pgp_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, @@ -85,15 +79,8 @@ plugin_t *pgp_plugin_create() (builder_function_t)pgp_private_key_load); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)pgp_private_key_load); -<<<<<<< HEAD - - lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, - (builder_function_t)pgp_cert_load); - -======= lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, (builder_function_t)pgp_cert_load); ->>>>>>> upstream/4.5.1 lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 2169d022c..1ae880c3b 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c index 88c848899..a605fabc7 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_builder.c @@ -57,7 +57,7 @@ static public_key_t *parse_public_key(chunk_t blob) int oid = asn1_parse_algorithmIdentifier(object, parser->get_level(parser)+1, NULL); - if (oid == OID_RSA_ENCRYPTION) + if (oid == OID_RSA_ENCRYPTION || oid == OID_RSAES_OAEP) { type = KEY_RSA; } diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index d91de0e7f..e0e24cab2 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -32,15 +32,14 @@ struct private_pkcs1_plugin_t { pkcs1_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pkcs1_plugin_t.pkcs1troy - */ -static void destroy(private_pkcs1_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pkcs1_plugin_t *this) +{ + return "pkcs1"; +} + METHOD(plugin_t, destroy, void, private_pkcs1_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pkcs1_public_key_load); @@ -57,21 +56,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pkcs1_plugin_create() { -<<<<<<< HEAD - private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_pkcs1_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pkcs1_public_key_load); diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 8d6bad565..1a67f88cc 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c index 6783699e5..a81ec1147 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -55,16 +55,6 @@ struct private_pkcs11_creds_t { * Find certificates, optionally trusted */ static void find_certificates(private_pkcs11_creds_t *this, -<<<<<<< HEAD - CK_SESSION_HANDLE session, CK_BBOOL trusted) -{ - CK_OBJECT_CLASS class = CKO_CERTIFICATE; - CK_CERTIFICATE_TYPE type = CKC_X_509; - CK_ATTRIBUTE tmpl[] = { - {CKA_CLASS, &class, sizeof(class)}, - {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, - {CKA_TRUSTED, &trusted, sizeof(trusted)}, -======= CK_SESSION_HANDLE session) { CK_OBJECT_CLASS class = CKO_CERTIFICATE; @@ -73,16 +63,12 @@ static void find_certificates(private_pkcs11_creds_t *this, CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, ->>>>>>> upstream/4.5.1 }; CK_OBJECT_HANDLE object; CK_ATTRIBUTE attr[] = { {CKA_VALUE, NULL, 0}, {CKA_LABEL, NULL, 0}, -<<<<<<< HEAD -======= {CKA_TRUSTED, &trusted, sizeof(trusted)} ->>>>>>> upstream/4.5.1 }; enumerator_t *enumerator; linked_list_t *raw; @@ -90,13 +76,6 @@ static void find_certificates(private_pkcs11_creds_t *this, struct { chunk_t value; chunk_t label; -<<<<<<< HEAD - } *entry; - - raw = linked_list_create(); - enumerator = this->lib->create_object_enumerator(this->lib, - session, tmpl, countof(tmpl), attr, countof(attr)); -======= bool trusted; } *entry; int count = countof(attr); @@ -110,7 +89,6 @@ static void find_certificates(private_pkcs11_creds_t *this, } enumerator = this->lib->create_object_enumerator(this->lib, session, tmpl, countof(tmpl), attr, count); ->>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, &object)) { entry = malloc(sizeof(*entry)); @@ -118,10 +96,7 @@ static void find_certificates(private_pkcs11_creds_t *this, chunk_create(attr[0].pValue, attr[0].ulValueLen)); entry->label = chunk_clone( chunk_create(attr[1].pValue, attr[1].ulValueLen)); -<<<<<<< HEAD -======= entry->trusted = trusted; ->>>>>>> upstream/4.5.1 raw->insert_last(raw, entry); } enumerator->destroy(enumerator); @@ -134,17 +109,10 @@ static void find_certificates(private_pkcs11_creds_t *this, if (cert) { DBG1(DBG_CFG, " loaded %strusted cert '%.*s'", -<<<<<<< HEAD - trusted ? "" : "un", entry->label.len, entry->label.ptr); - /* trusted certificates are also returned as untrusted */ - this->untrusted->insert_last(this->untrusted, cert); - if (trusted) -======= entry->trusted ? "" : "un", entry->label.len, entry->label.ptr); /* trusted certificates are also returned as untrusted */ this->untrusted->insert_last(this->untrusted, cert); if (entry->trusted) ->>>>>>> upstream/4.5.1 { this->trusted->insert_last(this->trusted, cert->get_ref(cert)); } @@ -177,12 +145,7 @@ static bool load_certificates(private_pkcs11_creds_t *this) return FALSE; } -<<<<<<< HEAD - find_certificates(this, session, CK_TRUE); - find_certificates(this, session, CK_FALSE); -======= find_certificates(this, session); ->>>>>>> upstream/4.5.1 this->lib->f->C_CloseSession(session); return TRUE; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index 6d819da34..6f7926808 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -466,14 +466,11 @@ struct private_pkcs11_library_t { * Name as passed to the constructor */ char *name; -<<<<<<< HEAD -======= /** * Supported feature set */ pkcs11_feature_t features; ->>>>>>> upstream/4.5.1 }; METHOD(pkcs11_library_t, get_name, char*, @@ -482,15 +479,12 @@ METHOD(pkcs11_library_t, get_name, char*, return this->name; } -<<<<<<< HEAD -======= METHOD(pkcs11_library_t, get_features, pkcs11_feature_t, private_pkcs11_library_t *this) { return this->features; } ->>>>>>> upstream/4.5.1 /** * Object enumerator */ @@ -783,11 +777,6 @@ static CK_RV UnlockMutex(CK_VOID_PTR data) } /** -<<<<<<< HEAD - * Initialize a PKCS#11 library - */ -static bool initialize(private_pkcs11_library_t *this, char *name, char *file) -======= * Check if the library has at least a given cryptoki version */ static bool has_version(CK_INFO *info, int major, int minor) @@ -814,27 +803,19 @@ static void check_features(private_pkcs11_library_t *this, CK_INFO *info) */ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, bool os_locking) ->>>>>>> upstream/4.5.1 { CK_C_GetFunctionList pC_GetFunctionList; CK_INFO info; CK_RV rv; -<<<<<<< HEAD - CK_C_INITIALIZE_ARGS args = { -======= static CK_C_INITIALIZE_ARGS args = { ->>>>>>> upstream/4.5.1 .CreateMutex = CreateMutex, .DestroyMutex = DestroyMutex, .LockMutex = LockMutex, .UnlockMutex = UnlockMutex, }; -<<<<<<< HEAD -======= static CK_C_INITIALIZE_ARGS args_os = { .flags = CKF_OS_LOCKING_OK, }; ->>>>>>> upstream/4.5.1 pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList"); if (!pC_GetFunctionList) @@ -849,16 +830,6 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, name, ck_rv_names, rv); return FALSE; } -<<<<<<< HEAD - - rv = this->public.f->C_Initialize(&args); - if (rv == CKR_CANT_LOCK) - { /* try OS locking */ - memset(&args, 0, sizeof(args)); - args.flags = CKF_OS_LOCKING_OK; - rv = this->public.f->C_Initialize(&args); - } -======= if (os_locking) { rv = CKR_CANT_LOCK; @@ -872,7 +843,6 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, os_locking = TRUE; rv = this->public.f->C_Initialize(&args_os); } ->>>>>>> upstream/4.5.1 if (rv != CKR_OK) { DBG1(DBG_CFG, "C_Initialize() error for '%s': %N", @@ -898,40 +868,26 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, DBG1(DBG_CFG, " %s: %s v%d.%d", info.manufacturerID, info.libraryDescription, info.libraryVersion.major, info.libraryVersion.minor); -<<<<<<< HEAD - if (args.flags & CKF_OS_LOCKING_OK) - { - DBG1(DBG_CFG, " uses OS locking functions"); - } -======= if (os_locking) { DBG1(DBG_CFG, " uses OS locking functions"); } check_features(this, &info); ->>>>>>> upstream/4.5.1 return TRUE; } /** * See header */ -<<<<<<< HEAD -pkcs11_library_t *pkcs11_library_create(char *name, char *file) -======= pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) ->>>>>>> upstream/4.5.1 { private_pkcs11_library_t *this; INIT(this, .public = { .get_name = _get_name, -<<<<<<< HEAD -======= .get_features = _get_features, ->>>>>>> upstream/4.5.1 .create_object_enumerator = _create_object_enumerator, .create_mechanism_enumerator = _create_mechanism_enumerator, .destroy = _destroy, @@ -947,11 +903,7 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) return NULL; } -<<<<<<< HEAD - if (!initialize(this, name, file)) -======= if (!initialize(this, name, file, os_locking)) ->>>>>>> upstream/4.5.1 { dlclose(this->handle); free(this); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index 384258089..abe023448 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -21,10 +21,7 @@ #ifndef PKCS11_LIBRARY_H_ #define PKCS11_LIBRARY_H_ -<<<<<<< HEAD -======= typedef enum pkcs11_feature_t pkcs11_feature_t; ->>>>>>> upstream/4.5.1 typedef struct pkcs11_library_t pkcs11_library_t; #include "pkcs11.h" @@ -33,8 +30,6 @@ typedef struct pkcs11_library_t pkcs11_library_t; #include <utils/enumerator.h> /** -<<<<<<< HEAD -======= * Optional PKCS#11 features some libraries support, some not */ enum pkcs11_feature_t { @@ -45,7 +40,6 @@ enum pkcs11_feature_t { }; /** ->>>>>>> upstream/4.5.1 * A loaded and initialized PKCS#11 library. */ struct pkcs11_library_t { @@ -63,8 +57,6 @@ struct pkcs11_library_t { char* (*get_name)(pkcs11_library_t *this); /** -<<<<<<< HEAD -======= * Get the feature set supported by this library. * * @return ORed set of features supported @@ -72,7 +64,6 @@ struct pkcs11_library_t { pkcs11_feature_t (*get_features)(pkcs11_library_t *this); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over CK_OBJECT_HANDLE using a search template. * * An optional attribute array is automatically filled in with the @@ -130,15 +121,9 @@ void pkcs11_library_trim(char *str, int len); * * @param name an arbitrary name, for debugging * @param file pkcs11 library file to dlopen() -<<<<<<< HEAD - * @return library abstraction - */ -pkcs11_library_t *pkcs11_library_create(char *name, char *file); -======= * @param os_lock enforce OS Locking for this library * @return library abstraction */ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_lock); ->>>>>>> upstream/4.5.1 #endif /** PKCS11_LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index b7ca3538c..431cd6a2c 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -369,18 +369,14 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, "libstrongswan.plugins.pkcs11.modules.%s.path", NULL, module); if (!entry->path) { - DBG1(DBG_CFG, "PKCS11 module '%s' misses library path", module); + DBG1(DBG_CFG, "PKCS11 module '%s' lacks library path", module); free(entry); continue; } -<<<<<<< HEAD - entry->lib = pkcs11_library_create(module, entry->path); -======= entry->lib = pkcs11_library_create(module, entry->path, lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.modules.%s.os_locking", FALSE, module)); ->>>>>>> upstream/4.5.1 if (!entry->lib) { free(entry); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index b02873870..7b537cfa7 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -26,11 +26,6 @@ #include "pkcs11_public_key.h" #include "pkcs11_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "pkcs11"; - ->>>>>>> upstream/4.5.1 typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t; /** @@ -106,6 +101,12 @@ static void token_event_cb(private_pkcs11_plugin_t *this, pkcs11_library_t *p11, } } +METHOD(plugin_t, get_name, char*, + private_pkcs11_plugin_t *this) +{ + return "pkcs11"; +} + METHOD(plugin_t, destroy, void, private_pkcs11_plugin_t *this) { @@ -139,6 +140,8 @@ plugin_t *pkcs11_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, @@ -151,31 +154,17 @@ plugin_t *pkcs11_plugin_create() if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) { -<<<<<<< HEAD - lib->crypto->add_hasher(lib->crypto, HASH_MD2, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, -======= - lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD2, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_MD5, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)pkcs11_hasher_create); } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index 6d2c93c98..b4cc7a805 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -401,20 +401,6 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) }; CK_OBJECT_HANDLE object; CK_KEY_TYPE type; -<<<<<<< HEAD - CK_BBOOL reauth; - CK_ATTRIBUTE attr[] = { - {CKA_KEY_TYPE, &type, sizeof(type)}, - {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)}, - {CKA_MODULUS, NULL, 0}, - {CKA_PUBLIC_EXPONENT, NULL, 0}, - }; - enumerator_t *enumerator; - chunk_t modulus, pubexp; - - enumerator = this->lib->create_object_enumerator(this->lib, - this->session, tmpl, countof(tmpl), attr, countof(attr)); -======= CK_BBOOL reauth = FALSE; CK_ATTRIBUTE attr[] = { {CKA_KEY_TYPE, &type, sizeof(type)}, @@ -433,28 +419,18 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) } enumerator = this->lib->create_object_enumerator(this->lib, this->session, tmpl, countof(tmpl), attr, count); ->>>>>>> upstream/4.5.1 if (enumerator->enumerate(enumerator, &object)) { switch (type) { case CKK_RSA: -<<<<<<< HEAD - if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1) -======= if (attr[1].ulValueLen == -1 || attr[2].ulValueLen == -1) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed"); break; } -<<<<<<< HEAD - modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen); - pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen); -======= modulus = chunk_create(attr[1].pValue, attr[1].ulValueLen); pubexp = chunk_create(attr[2].pValue, attr[2].ulValueLen); ->>>>>>> upstream/4.5.1 this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_RSA_MODULUS, modulus, BUILD_RSA_PUB_EXP, pubexp, BUILD_END); diff --git a/src/libstrongswan/plugins/plugin.h b/src/libstrongswan/plugins/plugin.h index 6d8a370fb..5c92fd1d8 100644 --- a/src/libstrongswan/plugins/plugin.h +++ b/src/libstrongswan/plugins/plugin.h @@ -21,6 +21,8 @@ #ifndef PLUGIN_H_ #define PLUGIN_H_ +#include <utils.h> + typedef struct plugin_t plugin_t; /** @@ -29,6 +31,20 @@ typedef struct plugin_t plugin_t; struct plugin_t { /** + * Get the name of the plugin. + * + * @return plugin name + */ + char* (*get_name)(plugin_t *this); + + /** + * Try to reload plugin configuration. + * + * @return TRUE if reloaded, FALSE if reloading not supporty by plugin + */ + bool (*reload)(plugin_t *this); + + /** * Destroy a plugin instance. */ void (*destroy)(plugin_t *this); diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 4429d9436..b4d7bf7c7 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -43,24 +43,8 @@ struct private_plugin_loader_t { * list of loaded plugins */ linked_list_t *plugins; - - /** - * names of loaded plugins - */ - linked_list_t *names; }; -<<<<<<< HEAD -#ifdef MONOLITHIC -/** - * load a single plugin in monolithic mode - */ -static plugin_t* load_plugin(private_plugin_loader_t *this, - char *path, char *name) -{ - char create[128]; - plugin_t *plugin; -======= /** * create a plugin * returns: NOT_FOUND, if the constructor was not found @@ -70,44 +54,17 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, char *name, bool integrity, plugin_t **plugin) { char create[128]; ->>>>>>> upstream/4.5.1 plugin_constructor_t constructor; if (snprintf(create, sizeof(create), "%s_plugin_create", name) >= sizeof(create)) { -<<<<<<< HEAD - return NULL; - } - translate(create, "-", "_"); - constructor = dlsym(RTLD_DEFAULT, create); - if (constructor == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, - create); - return NULL; - } - plugin = constructor(); - if (plugin == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, - create); - return NULL; - } - DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); - - return plugin; -} -#else -======= return FAILED; } translate(create, "-", "_"); constructor = dlsym(handle, create); if (constructor == NULL) { - DBG2(DBG_LIB, "plugin '%s': failed to load - %s not found", name, - create); return NOT_FOUND; } if (integrity && lib->integrity) @@ -131,29 +88,12 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, return SUCCESS; } ->>>>>>> upstream/4.5.1 /** * load a single plugin */ static plugin_t* load_plugin(private_plugin_loader_t *this, char *path, char *name) { -<<<<<<< HEAD - char create[128]; - char file[PATH_MAX]; - void *handle; - plugin_t *plugin; - plugin_constructor_t constructor; - - if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, - name) >= sizeof(file) || - snprintf(create, sizeof(create), "%s_plugin_create", - name) >= sizeof(create)) - { - return NULL; - } - translate(create, "-", "_"); -======= char file[PATH_MAX]; void *handle; plugin_t *plugin; @@ -174,7 +114,6 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, { return NULL; } ->>>>>>> upstream/4.5.1 if (lib->integrity) { if (!lib->integrity->check_file(lib->integrity, name, file)) @@ -190,42 +129,6 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror()); return NULL; } -<<<<<<< HEAD - constructor = dlsym(handle, create); - if (constructor == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, - create); - dlclose(handle); - return NULL; - } - if (lib->integrity) - { - if (!lib->integrity->check_segment(lib->integrity, name, constructor)) - { - DBG1(DBG_LIB, "plugin '%s': failed segment integrity test", name); - dlclose(handle); - return NULL; - } - DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests", - name); - } - plugin = constructor(); - if (plugin == NULL) - { - DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, - create); - dlclose(handle); - return NULL; - } - DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); - - /* we do not store or free dlopen() handles, leak_detective requires - * the modules to keep loaded until leak report */ - return plugin; -} -#endif -======= if (create_plugin(this, handle, name, TRUE, &plugin) != SUCCESS) { dlclose(handle); @@ -243,12 +146,12 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) { enumerator_t *enumerator; bool found = FALSE; - char *current; + plugin_t *plugin; - enumerator = this->names->create_enumerator(this->names); - while (enumerator->enumerate(enumerator, ¤t)) + enumerator = this->plugins->create_enumerator(this->plugins); + while (enumerator->enumerate(enumerator, &plugin)) { - if (streq(name, current)) + if (streq(plugin->get_name(plugin), name)) { found = TRUE; break; @@ -257,29 +160,18 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) enumerator->destroy(enumerator); return found; } ->>>>>>> upstream/4.5.1 -/** - * Implementation of plugin_loader_t.load_plugins. - */ -static bool load(private_plugin_loader_t *this, char *path, char *list) +METHOD(plugin_loader_t, load_plugins, bool, + private_plugin_loader_t *this, char *path, char *list) { enumerator_t *enumerator; char *token; bool critical_failed = FALSE; -<<<<<<< HEAD -#ifndef MONOLITHIC -======= ->>>>>>> upstream/4.5.1 if (path == NULL) { path = PLUGINDIR; } -<<<<<<< HEAD -#endif -======= ->>>>>>> upstream/4.5.1 enumerator = enumerator_create_token(list, " ", " "); while (!critical_failed && enumerator->enumerate(enumerator, &token)) @@ -295,19 +187,15 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) critical = TRUE; token[len-1] = '\0'; } -<<<<<<< HEAD -======= if (plugin_loaded(this, token)) { free(token); continue; } ->>>>>>> upstream/4.5.1 plugin = load_plugin(this, path, token); if (plugin) { this->plugins->insert_last(this->plugins, plugin); - this->names->insert_last(this->names, token); } else { @@ -316,20 +204,17 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) critical_failed = TRUE; DBG1(DBG_LIB, "loading critical plugin '%s' failed", token); } - free(token); } + free(token); } enumerator->destroy(enumerator); return !critical_failed; } -/** - * Implementation of plugin_loader_t.unload - */ -static void unload(private_plugin_loader_t *this) +METHOD(plugin_loader_t, unload, void, + private_plugin_loader_t *this) { plugin_t *plugin; - char *name; /* unload plugins in reverse order */ while (this->plugins->remove_last(this->plugins, @@ -337,27 +222,64 @@ static void unload(private_plugin_loader_t *this) { plugin->destroy(plugin); } - while (this->names->remove_last(this->names, (void**)&name) == SUCCESS) - { - free(name); - } } -/** - * Implementation of plugin_loader_t.create_plugin_enumerator - */ -static enumerator_t* create_plugin_enumerator(private_plugin_loader_t *this) +METHOD(plugin_loader_t, create_plugin_enumerator, enumerator_t*, + private_plugin_loader_t *this) { - return this->names->create_enumerator(this->names); + return this->plugins->create_enumerator(this->plugins); } /** - * Implementation of plugin_loader_t.destroy + * Reload a plugin by name, NULL for all */ -static void destroy(private_plugin_loader_t *this) +static u_int reload_by_name(private_plugin_loader_t *this, char *name) +{ + u_int reloaded = 0; + enumerator_t *enumerator; + plugin_t *plugin; + + enumerator = create_plugin_enumerator(this); + while (enumerator->enumerate(enumerator, &plugin)) + { + if (name == NULL || streq(name, plugin->get_name(plugin))) + { + if (plugin->reload(plugin)) + { + DBG2(DBG_LIB, "reloaded configuration of '%s' plugin", + plugin->get_name(plugin)); + reloaded++; + } + } + } + enumerator->destroy(enumerator); + return reloaded; +} + +METHOD(plugin_loader_t, reload, u_int, + private_plugin_loader_t *this, char *list) +{ + u_int reloaded = 0; + enumerator_t *enumerator; + char *name; + + if (list == NULL) + { + return reload_by_name(this, NULL); + } + enumerator = enumerator_create_token(list, " ", ""); + while (enumerator->enumerate(enumerator, &name)) + { + reloaded += reload_by_name(this, name); + } + enumerator->destroy(enumerator); + return reloaded; +} + +METHOD(plugin_loader_t, destroy, void, + private_plugin_loader_t *this) { this->plugins->destroy_offset(this->plugins, offsetof(plugin_t, destroy)); - this->names->destroy_function(this->names, free); free(this); } @@ -366,15 +288,18 @@ static void destroy(private_plugin_loader_t *this) */ plugin_loader_t *plugin_loader_create() { - private_plugin_loader_t *this = malloc_thing(private_plugin_loader_t); - - this->public.load = (bool(*)(plugin_loader_t*, char *path, char *prefix))load; - this->public.unload = (void(*)(plugin_loader_t*))unload; - this->public.create_plugin_enumerator = (enumerator_t*(*)(plugin_loader_t*))create_plugin_enumerator; - this->public.destroy = (void(*)(plugin_loader_t*))destroy; + private_plugin_loader_t *this; - this->plugins = linked_list_create(); - this->names = linked_list_create(); + INIT(this, + .public = { + .load = _load_plugins, + .reload = _reload, + .unload = _unload, + .create_plugin_enumerator = _create_plugin_enumerator, + .destroy = _destroy, + }, + .plugins = linked_list_create(), + ); return &this->public; } diff --git a/src/libstrongswan/plugins/plugin_loader.h b/src/libstrongswan/plugins/plugin_loader.h index f72c91c60..e03da4543 100644 --- a/src/libstrongswan/plugins/plugin_loader.h +++ b/src/libstrongswan/plugins/plugin_loader.h @@ -44,14 +44,22 @@ struct plugin_loader_t { bool (*load)(plugin_loader_t *this, char *path, char *list); /** + * Reload the configuration of one or multiple plugins. + * + * @param space separated plugin names to reload, NULL for all + * @return number of plugins that did support reloading + */ + u_int (*reload)(plugin_loader_t *this, char *list); + + /** * Unload all loaded plugins. */ void (*unload)(plugin_loader_t *this); /** - * Create an enumerator over all loaded plugin names. + * Create an enumerator over all loaded plugins. * - * @return enumerator over char* + * @return enumerator over plugin_t* */ enumerator_t* (*create_plugin_enumerator)(plugin_loader_t *this); diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index bb2564238..97fba22fc 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index 3546c9bf9..ae6607e5a 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -31,15 +31,14 @@ struct private_pubkey_plugin_t { pubkey_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of pubkey_plugin_t.pubkeytroy - */ -static void destroy(private_pubkey_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_pubkey_plugin_t *this) +{ + return "pubkey"; +} + METHOD(plugin_t, destroy, void, private_pubkey_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pubkey_cert_wrap); @@ -51,21 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pubkey_plugin_create() { -<<<<<<< HEAD - private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_pubkey_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, (builder_function_t)pubkey_cert_wrap); diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index fbdf35170..761d2c96e 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index f70998334..00202a5a6 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "random_rng.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "random"; - ->>>>>>> upstream/4.5.1 typedef struct private_random_plugin_t private_random_plugin_t; /** @@ -36,15 +31,14 @@ struct private_random_plugin_t { random_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of random_plugin_t.gmptroy - */ -static void destroy(private_random_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_random_plugin_t *this) +{ + return "random"; +} + METHOD(plugin_t, destroy, void, private_random_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_rng(lib->crypto, (rng_constructor_t)random_rng_create); @@ -56,29 +50,21 @@ METHOD(plugin_t, destroy, void, */ plugin_t *random_plugin_create() { -<<<<<<< HEAD - private_random_plugin_t *this = malloc_thing(private_random_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_rng(lib->crypto, RNG_STRONG, - (rng_constructor_t)random_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, -======= private_random_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, + lib->crypto->add_rng(lib->crypto, RNG_STRONG, get_name(this), (rng_constructor_t)random_rng_create); - lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_rng(lib->crypto, RNG_TRUE, get_name(this), (rng_constructor_t)random_rng_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index e4247a3cc..1d99a63d5 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -55,16 +55,8 @@ struct private_random_rng_t { char *file; }; -<<<<<<< HEAD -/** - * Implementation of random_rng_t.get_bytes. - */ -static void get_bytes(private_random_rng_t *this, size_t bytes, - u_int8_t *buffer) -======= METHOD(rng_t, get_bytes, void, private_random_rng_t *this, size_t bytes, u_int8_t *buffer) ->>>>>>> upstream/4.5.1 { size_t done; ssize_t got; @@ -86,30 +78,15 @@ METHOD(rng_t, get_bytes, void, } } -<<<<<<< HEAD -/** - * Implementation of random_rng_t.allocate_bytes. - */ -static void allocate_bytes(private_random_rng_t *this, size_t bytes, - chunk_t *chunk) -======= METHOD(rng_t, allocate_bytes, void, private_random_rng_t *this, size_t bytes, chunk_t *chunk) ->>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(bytes); get_bytes(this, chunk->len, chunk->ptr); } -<<<<<<< HEAD -/** - * Implementation of random_rng_t.destroy. - */ -static void destroy(private_random_rng_t *this) -======= METHOD(rng_t, destroy, void, private_random_rng_t *this) ->>>>>>> upstream/4.5.1 { close(this->dev); free(this); @@ -120,14 +97,6 @@ METHOD(rng_t, destroy, void, */ random_rng_t *random_rng_create(rng_quality_t quality) { -<<<<<<< HEAD - private_random_rng_t *this = malloc_thing(private_random_rng_t); - - /* public functions */ - this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; - this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; - this->public.rng.destroy = (void (*) (rng_t *))destroy; -======= private_random_rng_t *this; INIT(this, @@ -139,7 +108,6 @@ random_rng_t *random_rng_create(rng_quality_t quality) }, }, ); ->>>>>>> upstream/4.5.1 if (quality == RNG_TRUE) { diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 19ec1e719..e8856b7d7 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -223,13 +223,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -250,6 +244,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -268,14 +264,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/revocation/revocation_plugin.c b/src/libstrongswan/plugins/revocation/revocation_plugin.c index 02393b907..fa04fb2a2 100644 --- a/src/libstrongswan/plugins/revocation/revocation_plugin.c +++ b/src/libstrongswan/plugins/revocation/revocation_plugin.c @@ -36,6 +36,12 @@ struct private_revocation_plugin_t { revocation_validator_t *validator; }; +METHOD(plugin_t, get_name, char*, + private_revocation_plugin_t *this) +{ + return "revocation"; +} + METHOD(plugin_t, destroy, void, private_revocation_plugin_t *this) { @@ -54,6 +60,8 @@ plugin_t *revocation_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index dc8b849c7..def169275 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -93,20 +93,13 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject, /** * check the signature of an OCSP response */ -<<<<<<< HEAD -static bool verify_ocsp(ocsp_response_t *response) -======= static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { certificate_t *issuer, *subject; identification_t *responder; ocsp_response_wrapper_t *wrapper; enumerator_t *enumerator; -<<<<<<< HEAD -======= auth_cfg_t *current; ->>>>>>> upstream/4.5.1 bool verified = FALSE; wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); @@ -116,23 +109,16 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) responder = subject->get_issuer(subject); enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, responder, FALSE); -<<<<<<< HEAD - while (enumerator->enumerate(enumerator, &issuer, NULL)) -======= while (enumerator->enumerate(enumerator, &issuer, ¤t)) ->>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, subject, issuer)) { DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"", issuer->get_subject(issuer)); -<<<<<<< HEAD -======= if (auth) { auth->merge(auth, current, FALSE); } ->>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -148,12 +134,8 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) * Get the better of two OCSP responses, and check for usable OCSP info */ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, -<<<<<<< HEAD - x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) -======= x509_t *subject, x509_t *issuer, cert_validation_t *valid, auth_cfg_t *auth, bool cache) ->>>>>>> upstream/4.5.1 { ocsp_response_t *response; time_t revocation, this_update, next_update, valid_until; @@ -163,11 +145,7 @@ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, response = (ocsp_response_t*)cand; /* check ocsp signature */ -<<<<<<< HEAD - if (!verify_ocsp(response)) -======= if (!verify_ocsp(response, auth)) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "ocsp response verification failed"); cand->destroy(cand); @@ -248,12 +226,8 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, while (enumerator->enumerate(enumerator, ¤t)) { current->get_ref(current); -<<<<<<< HEAD - best = get_better_ocsp(current, best, subject, issuer, &valid, FALSE); -======= best = get_better_ocsp(current, best, subject, issuer, &valid, auth, FALSE); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { DBG1(DBG_CFG, " using cached ocsp response"); @@ -280,11 +254,7 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, -<<<<<<< HEAD - &valid, TRUE); -======= &valid, auth, TRUE); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -306,11 +276,7 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, -<<<<<<< HEAD - &valid, TRUE); -======= &valid, auth, TRUE); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -364,39 +330,25 @@ static certificate_t* fetch_crl(char *url) /** * check the signature of an CRL */ -<<<<<<< HEAD -static bool verify_crl(certificate_t *crl) -======= static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { certificate_t *issuer; enumerator_t *enumerator; bool verified = FALSE; -<<<<<<< HEAD - - enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, - KEY_ANY, crl->get_issuer(crl), FALSE); - while (enumerator->enumerate(enumerator, &issuer, NULL)) -======= auth_cfg_t *current; enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, crl->get_issuer(crl), FALSE); while (enumerator->enumerate(enumerator, &issuer, ¤t)) ->>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, crl, issuer)) { DBG1(DBG_CFG, " crl correctly signed by \"%Y\"", issuer->get_subject(issuer)); -<<<<<<< HEAD -======= if (auth) { auth->merge(auth, current, FALSE); } ->>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -410,23 +362,13 @@ static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) * Get the better of two CRLs, and check for usable CRL info */ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, -<<<<<<< HEAD - x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) -======= x509_t *subject, cert_validation_t *valid, auth_cfg_t *auth, bool cache, crl_t *base) ->>>>>>> upstream/4.5.1 { enumerator_t *enumerator; time_t revocation, valid_until; crl_reason_t reason; chunk_t serial; -<<<<<<< HEAD - crl_t *crl; - - /* check CRL signature */ - if (!verify_crl(cand)) -======= crl_t *crl = (crl_t*)cand; if (base) @@ -449,17 +391,12 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, /* check CRL signature */ if (!verify_crl(cand, auth)) ->>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "crl response verification failed"); cand->destroy(cand); return best; } -<<<<<<< HEAD - crl = (crl_t*)cand; -======= ->>>>>>> upstream/4.5.1 enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) { @@ -504,81 +441,6 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, } /** -<<<<<<< HEAD - * validate a x509 certificate using CRL - */ -static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, - auth_cfg_t *auth) -{ - cert_validation_t valid = VALIDATION_SKIPPED; - identification_t *keyid = NULL; - certificate_t *best = NULL; - certificate_t *current; - public_key_t *public; - enumerator_t *enumerator; - chunk_t chunk; - char *uri = NULL; - - /* derive the authorityKeyIdentifier from the issuer's public key */ - current = &issuer->interface; - public = current->get_public_key(current); - if (public && public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk)) - { - keyid = identification_create_from_encoding(ID_KEY_ID, chunk); - - /* find a cached crl by authorityKeyIdentifier */ - enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, - CERT_X509_CRL, KEY_ANY, keyid, FALSE); - while (enumerator->enumerate(enumerator, ¤t)) - { - current->get_ref(current); - best = get_better_crl(current, best, subject, issuer, - &valid, FALSE); - if (best && valid != VALIDATION_STALE) - { - DBG1(DBG_CFG, " using cached crl"); - break; - } - } - enumerator->destroy(enumerator); - - /* fallback to fetching crls from credential sets cdps */ - if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) - { - enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, - CERT_X509_CRL, keyid); - while (enumerator->enumerate(enumerator, &uri)) - { - current = fetch_crl(uri); - if (current) - { - best = get_better_crl(current, best, subject, issuer, - &valid, TRUE); - if (best && valid != VALIDATION_STALE) - { - break; - } - } - } - enumerator->destroy(enumerator); - } - keyid->destroy(keyid); - } - DESTROY_IF(public); - - /* fallback to fetching crls from cdps from subject's certificate */ - if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) - { - enumerator = subject->create_crl_uri_enumerator(subject); - - while (enumerator->enumerate(enumerator, &uri)) - { - current = fetch_crl(uri); - if (current) - { - best = get_better_crl(current, best, subject, issuer, - &valid, TRUE); -======= * Find or fetch a certificate for a given crlIssuer */ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer, @@ -764,7 +626,6 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, } best = get_better_crl(current, best, subject, &valid, auth, TRUE, NULL); ->>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -774,10 +635,6 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, enumerator->destroy(enumerator); } -<<<<<<< HEAD - /* an uri was found, but no result. switch validation state to failed */ - if (valid == VALIDATION_SKIPPED && uri) -======= /* look for delta CRLs */ if (best && (valid == VALIDATION_GOOD || valid == VALIDATION_STALE)) { @@ -786,7 +643,6 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, /* an uri was found, but no result. switch validation state to failed */ if (valid == VALIDATION_SKIPPED && uri_found) ->>>>>>> upstream/4.5.1 { valid = VALIDATION_FAILED; } @@ -809,12 +665,8 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, METHOD(cert_validator_t, validate, bool, private_revocation_validator_t *this, certificate_t *subject, -<<<<<<< HEAD - certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth) -======= certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) ->>>>>>> upstream/4.5.1 { if (subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509 && @@ -822,12 +674,8 @@ METHOD(cert_validator_t, validate, bool, { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", subject->get_subject(subject)); -<<<<<<< HEAD - switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) -======= switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) ->>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); @@ -845,12 +693,8 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "ocsp check failed, fallback to crl"); break; } -<<<<<<< HEAD - switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) -======= switch (check_crl((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) ->>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 95e4e403d..b4b275648 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index fcb75dfa2..a9b84e790 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -19,11 +19,6 @@ #include "sha1_hasher.h" #include "sha1_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "sha1"; - ->>>>>>> upstream/4.5.1 typedef struct private_sha1_plugin_t private_sha1_plugin_t; /** @@ -37,15 +32,14 @@ struct private_sha1_plugin_t { sha1_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of sha1_plugin_t.destroy - */ -static void destroy(private_sha1_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_sha1_plugin_t *this) +{ + return "sha1"; +} + METHOD(plugin_t, destroy, void, private_sha1_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha1_hasher_create); @@ -59,29 +53,21 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha1_plugin_create() { -<<<<<<< HEAD - private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, - (hasher_constructor_t)sha1_hasher_create); - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, -======= private_sha1_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, get_name(this), (hasher_constructor_t)sha1_hasher_create); - lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, get_name(this), (prf_constructor_t)sha1_prf_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index 0dc56ac37..bdc235555 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -219,13 +219,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -246,6 +240,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,14 +260,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index b47f07b8d..4ec03a268 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -18,11 +18,6 @@ #include <library.h> #include "sha2_hasher.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "sha2"; - ->>>>>>> upstream/4.5.1 typedef struct private_sha2_plugin_t private_sha2_plugin_t; /** @@ -36,15 +31,14 @@ struct private_sha2_plugin_t { sha2_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of sha2_plugin_t.destroy - */ -static void destroy(private_sha2_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_sha2_plugin_t *this) +{ + return "sha2"; +} + METHOD(plugin_t, destroy, void, private_sha2_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha2_hasher_create); @@ -56,37 +50,25 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha2_plugin_create() { -<<<<<<< HEAD - private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; - - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, - (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, -======= private_sha2_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); - lib->crypto->add_hasher(lib->crypto, HASH_SHA224, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, get_name(this), (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA256, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, get_name(this), (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, get_name(this), (hasher_constructor_t)sha2_hasher_create); - lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, ->>>>>>> upstream/4.5.1 + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, get_name(this), (hasher_constructor_t)sha2_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index 35d175f95..ec370d38c 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -241,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -264,6 +266,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/soup/soup_fetcher.c b/src/libstrongswan/plugins/soup/soup_fetcher.c index fd97631bd..3e5786b12 100644 --- a/src/libstrongswan/plugins/soup/soup_fetcher.c +++ b/src/libstrongswan/plugins/soup/soup_fetcher.c @@ -58,44 +58,77 @@ struct private_soup_fetcher_t { * HTTP request version */ SoupHTTPVersion version; + + /** + * Fetcher callback function + */ + fetcher_callback_t cb; }; +/** + * Data to pass to soup callback + */ +typedef struct { + fetcher_callback_t cb; + void *user; + SoupSession *session; +} cb_data_t; + +/** + * Soup callback invoking our callback + */ +static void soup_cb(SoupMessage *message, SoupBuffer *chunk, cb_data_t *data) +{ + if (!data->cb(data->user, chunk_create((u_char*)chunk->data, chunk->length))) + { + soup_session_cancel_message(data->session, message, + SOUP_STATUS_CANCELLED); + } +} + METHOD(fetcher_t, fetch, status_t, - private_soup_fetcher_t *this, char *uri, chunk_t *result) + private_soup_fetcher_t *this, char *uri, void *userdata) { - SoupSession *session; SoupMessage *message; status_t status = FAILED; + cb_data_t data = { + .cb = this->cb, + .user = userdata, + }; message = soup_message_new(this->method, uri); if (!message) { return NOT_SUPPORTED; } + if (this->cb == fetcher_default_callback) + { + *(chunk_t*)userdata = chunk_empty; + } if (this->type) { soup_message_set_request(message, this->type, SOUP_MEMORY_STATIC, this->data.ptr, this->data.len); } soup_message_set_http_version(message, this->version); - session = soup_session_sync_new(); - g_object_set(G_OBJECT(session), + soup_message_body_set_accumulate(message->response_body, FALSE); + g_signal_connect(message, "got-chunk", G_CALLBACK(soup_cb), &data); + data.session = soup_session_sync_new(); + g_object_set(G_OBJECT(data.session), SOUP_SESSION_TIMEOUT, (guint)this->timeout, NULL); DBG2(DBG_LIB, "sending http request to '%s'...", uri); - soup_session_send_message(session, message); + soup_session_send_message(data.session, message); if (SOUP_STATUS_IS_SUCCESSFUL(message->status_code)) { - *result = chunk_clone(chunk_create((u_char*)message->response_body->data, - message->response_body->length)); status = SUCCESS; } else { - DBG1(DBG_LIB, "HTTP request failed, code %d", message->status_code); + DBG1(DBG_LIB, "HTTP request failed: %s", message->reason_phrase); } g_object_unref(G_OBJECT(message)); - g_object_unref(G_OBJECT(session)); + g_object_unref(G_OBJECT(data.session)); return status; } @@ -121,6 +154,9 @@ METHOD(fetcher_t, set_option, bool, case FETCH_TIMEOUT: this->timeout = va_arg(args, u_int); break; + case FETCH_CALLBACK: + this->cb = va_arg(args, fetcher_callback_t); + break; default: supported = FALSE; break; @@ -153,6 +189,7 @@ soup_fetcher_t *soup_fetcher_create() .method = SOUP_METHOD_GET, .version = SOUP_HTTP_1_1, .timeout = DEFAULT_TIMEOUT, + .cb = fetcher_default_callback, ); return &this->public; diff --git a/src/libstrongswan/plugins/soup/soup_plugin.c b/src/libstrongswan/plugins/soup/soup_plugin.c index 970e32472..22c8762e0 100644 --- a/src/libstrongswan/plugins/soup/soup_plugin.c +++ b/src/libstrongswan/plugins/soup/soup_plugin.c @@ -34,6 +34,12 @@ struct private_soup_plugin_t { soup_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_soup_plugin_t *this) +{ + return "soup"; +} + METHOD(plugin_t, destroy, void, private_soup_plugin_t *this) { @@ -58,6 +64,8 @@ plugin_t *soup_plugin_create() INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index bf952acc5..e2ec799a9 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -222,13 +222,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -249,6 +243,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -267,14 +263,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index e1c51f098..f9e06199e 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -213,15 +213,8 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) return TRUE; } -<<<<<<< HEAD -/** - * Implementation of database_t.query. - */ -static enumerator_t* query(private_sqlite_database_t *this, char *sql, ...) -======= METHOD(database_t, query, enumerator_t*, private_sqlite_database_t *this, char *sql, ...) ->>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; va_list args; @@ -253,15 +246,8 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } -<<<<<<< HEAD -/** - * Implementation of database_t.execute. - */ -static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...) -======= METHOD(database_t, execute, int, private_sqlite_database_t *this, int *rowid, char *sql, ...) ->>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; int affected = -1; @@ -293,15 +279,8 @@ METHOD(database_t, execute, int, return affected; } -<<<<<<< HEAD -/** - * Implementation of database_t.get_driver - */ -static db_driver_t get_driver(private_sqlite_database_t *this) -======= METHOD(database_t, get_driver, db_driver_t, private_sqlite_database_t *this) ->>>>>>> upstream/4.5.1 { return DB_SQLITE; } @@ -317,15 +296,8 @@ static int busy_handler(private_sqlite_database_t *this, int count) return 1; } -<<<<<<< HEAD -/** - * Implementation of database_t.destroy - */ -static void destroy(private_sqlite_database_t *this) -======= METHOD(database_t, destroy, void, private_sqlite_database_t *this) ->>>>>>> upstream/4.5.1 { sqlite3_close(this->db); this->mutex->destroy(this->mutex); @@ -349,16 +321,6 @@ sqlite_database_t *sqlite_database_create(char *uri) } file = uri + 9; -<<<<<<< HEAD - this = malloc_thing(private_sqlite_database_t); - - this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; - this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; - this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; - this->public.db.destroy = (void(*)(database_t*))destroy; - - this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); -======= INIT(this, .public = { .db = { @@ -370,17 +332,12 @@ sqlite_database_t *sqlite_database_create(char *uri) }, .mutex = mutex_create(MUTEX_TYPE_RECURSIVE), ); ->>>>>>> upstream/4.5.1 if (sqlite3_open(file, &this->db) != SQLITE_OK) { DBG1(DBG_LIB, "opening SQLite database '%s' failed: %s", file, sqlite3_errmsg(this->db)); -<<<<<<< HEAD - destroy(this); -======= _destroy(this); ->>>>>>> upstream/4.5.1 return NULL; } diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index e0bdf0634..d8c6a560c 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -31,15 +31,14 @@ struct private_sqlite_plugin_t { sqlite_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of plugin_t.destroy - */ -static void destroy(private_sqlite_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_sqlite_plugin_t *this) +{ + return "sqlite"; +} + METHOD(plugin_t, destroy, void, private_sqlite_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)sqlite_database_create); @@ -51,21 +50,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sqlite_plugin_create() { -<<<<<<< HEAD - private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_sqlite_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)sqlite_database_create); diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 651fb8a9f..70cdfd600 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -227,13 +227,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -254,6 +248,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -272,14 +268,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c index 80b5f1010..b4bf1fe6a 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors/des.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors/des.c @@ -25,7 +25,6 @@ crypter_test_vector_t des_ecb1 = { .alg = ENCR_DES_ECB, .key_size = 8, .len = 8, .key = "\x00\x01\x02\x03\x04\x05\x06\x07", - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", .plain = "\x41\xAD\x06\x85\x48\x80\x9D\x02", .cipher = "\x00\x11\x22\x33\x44\x55\x66\x77" }; @@ -36,7 +35,6 @@ crypter_test_vector_t des_ecb1 = { crypter_test_vector_t des_ecb2 = { .alg = ENCR_DES_ECB, .key_size = 8, .len = 8, .key = "\x2B\xD6\x45\x9F\x82\xC5\xB3\x00", - .iv = "\x00\x00\x00\x00\x00\x00\x00\x00", .plain = "\xB1\x0F\x84\x30\x97\xA0\xF9\x32", .cipher = "\xEA\x02\x47\x14\xAD\x5C\x4D\x84" }; diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index c021ef67b..4a8743289 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -104,15 +104,14 @@ struct private_test_vectors_plugin_t { test_vectors_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of test_vectors_plugin_t.test_vectorstroy - */ -static void destroy(private_test_vectors_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_test_vectors_plugin_t *this) +{ + return "test-vectors"; +} + METHOD(plugin_t, destroy, void, private_test_vectors_plugin_t *this) ->>>>>>> upstream/4.5.1 { free(this); } @@ -122,23 +121,18 @@ METHOD(plugin_t, destroy, void, */ plugin_t *test_vectors_plugin_create() { -<<<<<<< HEAD - private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t); - int i; - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_test_vectors_plugin_t *this; int i; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 for (i = 0; i < countof(crypter); i++) { diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 785d6441c..58cdf2c7c 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -221,13 +221,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -248,6 +242,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -266,14 +262,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 0eabc8010..8b228a2b6 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -117,11 +117,7 @@ struct private_x509_cert_t { linked_list_t *subjectAltNames; /** -<<<<<<< HEAD - * List of crlDistributionPoints as allocated char* -======= * List of crlDistributionPoints as x509_cdp_t* ->>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -136,8 +132,6 @@ struct private_x509_cert_t { linked_list_t *ipAddrBlocks; /** -<<<<<<< HEAD -======= * List of permitted name constraints */ linked_list_t *permitted_names; @@ -158,7 +152,6 @@ struct private_x509_cert_t { linked_list_t *policy_mappings; /** ->>>>>>> upstream/4.5.1 * certificate's embedded public key */ public_key_t *public_key; @@ -181,9 +174,6 @@ struct private_x509_cert_t { /** * Path Length Constraint */ -<<<<<<< HEAD - int pathLenConstraint; -======= u_char pathLenConstraint; /** @@ -200,7 +190,6 @@ struct private_x509_cert_t { * inhibitAnyPolicy Constraint */ u_char inhibit_any; ->>>>>>> upstream/4.5.1 /** * x509 constraints and other flags @@ -233,8 +222,6 @@ static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars( ); /** -<<<<<<< HEAD -======= * Destroy a CertificateDistributionPoint */ static void crl_uri_destroy(x509_cdp_t *this) @@ -282,7 +269,6 @@ static u_int parse_constraint(chunk_t object) } /** ->>>>>>> upstream/4.5.1 * ASN.1 definition of a basicConstraints extension */ static const asn1Object_t basicConstraintsObjects[] = { @@ -324,19 +310,7 @@ static void parse_basicConstraints(chunk_t blob, int level0, case BASIC_CONSTRAINTS_PATH_LEN: if (isCA) { -<<<<<<< HEAD - if (object.len == 0) - { - this->pathLenConstraint = 0; - } - else if (object.len == 1) - { - this->pathLenConstraint = *object.ptr; - } - /* we ignore path length constraints > 127 */ -======= this->pathLenConstraint = parse_constraint(object); ->>>>>>> upstream/4.5.1 } break; default: @@ -674,11 +648,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, } break; default: -<<<<<<< HEAD - /* unkown accessMethod, ignoring */ -======= /* unknown accessMethod, ignoring */ ->>>>>>> upstream/4.5.1 break; } break; @@ -693,8 +663,6 @@ end: } /** -<<<<<<< HEAD -======= * Extract KeyUsage flags */ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) @@ -749,7 +717,6 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) } /** ->>>>>>> upstream/4.5.1 * ASN.1 definition of a extendedKeyUsage extension */ static const asn1Object_t extendedKeyUsageObjects[] = { @@ -761,11 +728,7 @@ static const asn1Object_t extendedKeyUsageObjects[] = { #define EXT_KEY_USAGE_PURPOSE_ID 1 /** -<<<<<<< HEAD - * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned -======= * Extracts extendedKeyUsage OIDs ->>>>>>> upstream/4.5.1 */ static void parse_extendedKeyUsage(chunk_t blob, int level0, private_x509_cert_t *this) @@ -814,18 +777,11 @@ static const asn1Object_t crlDistributionPointsObjects[] = { { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ -<<<<<<< HEAD - { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */ -======= { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ ->>>>>>> upstream/4.5.1 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; -<<<<<<< HEAD -#define CRL_DIST_POINTS_FULLNAME 3 -======= #define CRL_DIST_POINTS 1 #define CRL_DIST_POINTS_FULLNAME 3 #define CRL_DIST_POINTS_ISSUER 10 @@ -874,21 +830,10 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, id->destroy(id); } } ->>>>>>> upstream/4.5.1 /** * Extracts one or several crlDistributionPoints into a list */ -<<<<<<< HEAD -static void parse_crlDistributionPoints(chunk_t blob, int level0, - private_x509_cert_t *this) -{ - asn1_parser_t *parser; - chunk_t object; - int objectID; - linked_list_t *list = linked_list_create(); - -======= void x509_parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list) { @@ -899,36 +844,11 @@ void x509_parse_crlDistributionPoints(chunk_t blob, int level0, uris = linked_list_create(); issuers = linked_list_create(); ->>>>>>> upstream/4.5.1 parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) { -<<<<<<< HEAD - if (objectID == CRL_DIST_POINTS_FULLNAME) - { - identification_t *id; - - /* append extracted generalNames to existing chained list */ - x509_parse_generalNames(object, parser->get_level(parser)+1, - TRUE, list); - - while (list->remove_last(list, (void**)&id) == SUCCESS) - { - char *uri; - - if (asprintf(&uri, "%Y", id) > 0) - { - this->crl_uris->insert_last(this->crl_uris, uri); - } - id->destroy(id); - } - } - } - parser->destroy(parser); - list->destroy(list); -======= switch (objectID) { case CRL_DIST_POINTS: @@ -1017,15 +937,15 @@ static const asn1Object_t certificatePoliciesObject[] = { { 0, "certificatePolicies", ASN1_SEQUENCE, ASN1_LOOP }, /* 0 */ { 1, "policyInformation", ASN1_SEQUENCE, ASN1_NONE }, /* 1 */ { 2, "policyId", ASN1_OID, ASN1_BODY }, /* 2 */ - { 2, "qualifier", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 3 */ + { 2, "qualifiers", ASN1_SEQUENCE, ASN1_OPT|ASN1_LOOP }, /* 3 */ { 3, "qualifierInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 4 */ { 4, "qualifierId", ASN1_OID, ASN1_BODY }, /* 5 */ { 4, "cPSuri", ASN1_IA5STRING, ASN1_OPT|ASN1_BODY }, /* 6 */ { 4, "end choice", ASN1_EOC, ASN1_END }, /* 7 */ - { 4, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_NONE }, /* 8 */ + { 4, "userNotice", ASN1_SEQUENCE, ASN1_OPT|ASN1_BODY }, /* 8 */ { 5, "explicitText", ASN1_EOC, ASN1_RAW }, /* 9 */ { 4, "end choice", ASN1_EOC, ASN1_END }, /* 10 */ - { 2, "end opt", ASN1_EOC, ASN1_END }, /* 12 */ + { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; @@ -1179,7 +1099,6 @@ static void parse_policyConstraints(chunk_t blob, int level0, } } parser->destroy(parser); ->>>>>>> upstream/4.5.1 } /** @@ -1198,7 +1117,7 @@ static const asn1Object_t ipAddrBlocksObjects[] = { { 4, "min", ASN1_BIT_STRING, ASN1_BODY }, /* 9 */ { 4, "max", ASN1_BIT_STRING, ASN1_BODY }, /* 10 */ { 3, "end choice", ASN1_EOC, ASN1_END }, /* 11 */ - { 2, "end choice/loop", ASN1_EOC, ASN1_END }, /* 12 */ + { 2, "end opt/loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 13 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; @@ -1374,14 +1293,6 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_SIGNATURE 25 /** -<<<<<<< HEAD - * forward declaration - */ -static bool issued_by(private_x509_cert_t *this, certificate_t *issuer); - -/** -======= ->>>>>>> upstream/4.5.1 * Parses an X.509v3 certificate */ static bool parse_certificate(private_x509_cert_t *this) @@ -1481,12 +1392,8 @@ static bool parse_certificate(private_x509_cert_t *this) parse_basicConstraints(object, level, this); break; case OID_CRL_DISTRIBUTION_POINTS: -<<<<<<< HEAD - parse_crlDistributionPoints(object, level, this); -======= x509_parse_crlDistributionPoints(object, level, this->crl_uris); ->>>>>>> upstream/4.5.1 break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, @@ -1496,11 +1403,7 @@ static bool parse_certificate(private_x509_cert_t *this) parse_authorityInfoAccess(object, level, this); break; case OID_KEY_USAGE: -<<<<<<< HEAD - /* TODO parse the flags */ -======= parse_keyUsage(object, this); ->>>>>>> upstream/4.5.1 break; case OID_EXTENDED_KEY_USAGE: parse_extendedKeyUsage(object, level, this); @@ -1508,8 +1411,6 @@ static bool parse_certificate(private_x509_cert_t *this) case OID_IP_ADDR_BLOCKS: parse_ipAddrBlocks(object, level, this); break; -<<<<<<< HEAD -======= case OID_NAME_CONSTRAINTS: parse_nameConstraints(object, level, this); break; @@ -1530,7 +1431,6 @@ static bool parse_certificate(private_x509_cert_t *this) } this->inhibit_any = parse_constraint(object); break; ->>>>>>> upstream/4.5.1 case OID_NS_REVOCATION_URL: case OID_NS_CA_REVOCATION_URL: case OID_NS_CA_POLICY_URL: @@ -1543,15 +1443,9 @@ static bool parse_certificate(private_x509_cert_t *this) break; default: if (critical && lib->settings->get_bool(lib->settings, -<<<<<<< HEAD - "libstrongswan.plugins.x509.enforce_critical", FALSE)) - { - DBG1(DBG_LIB, "critical %s extension not supported", -======= "libstrongswan.x509.enforce_critical", TRUE)) { DBG1(DBG_LIB, "critical '%s' extension not supported", ->>>>>>> upstream/4.5.1 (extn_oid == OID_UNKNOWN) ? "unknown" : (char*)oid_names[extn_oid].name); goto end; @@ -1584,13 +1478,9 @@ end: hasher_t *hasher; /* check if the certificate is self-signed */ -<<<<<<< HEAD - if (issued_by(this, &this->public.interface.interface)) -======= if (this->public.interface.interface.issued_by( &this->public.interface.interface, &this->public.interface.interface)) ->>>>>>> upstream/4.5.1 { this->flags |= X509_SELF_SIGNED; } @@ -1607,54 +1497,26 @@ end: return success; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_type - */ -static certificate_type_t get_type(private_x509_cert_t *this) -======= METHOD(certificate_t, get_type, certificate_type_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return CERT_X509; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_subject - */ -static identification_t* get_subject(private_x509_cert_t *this) -======= METHOD(certificate_t, get_subject, identification_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->subject; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_issuer - */ -static identification_t* get_issuer(private_x509_cert_t *this) -======= METHOD(certificate_t, get_issuer, identification_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->issuer; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.has_subject. - */ -static id_match_t has_subject(private_x509_cert_t *this, identification_t *subject) -======= METHOD(certificate_t, has_subject, id_match_t, private_x509_cert_t *this, identification_t *subject) ->>>>>>> upstream/4.5.1 { identification_t *current; enumerator_t *enumerator; @@ -1695,29 +1557,15 @@ METHOD(certificate_t, has_subject, id_match_t, return best; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.has_issuer. - */ -static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer) -======= METHOD(certificate_t, has_issuer, id_match_t, private_x509_cert_t *this, identification_t *issuer) ->>>>>>> upstream/4.5.1 { /* issuerAltNames currently not supported */ return this->issuer->matches(this->issuer, issuer); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.issued_by. - */ -static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) -======= METHOD(certificate_t, issued_by, bool, private_x509_cert_t *this, certificate_t *issuer) ->>>>>>> upstream/4.5.1 { public_key_t *key; signature_scheme_t scheme; @@ -1764,44 +1612,13 @@ METHOD(certificate_t, issued_by, bool, return valid; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_public_key - */ -static public_key_t* get_public_key(private_x509_cert_t *this) -======= METHOD(certificate_t, get_public_key, public_key_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { this->public_key->get_ref(this->public_key); return this->public_key; } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_ref - */ -static private_x509_cert_t* get_ref(private_x509_cert_t *this) -{ - ref_get(&this->ref); - return this; -} - -/** - * Implementation of x509_cert_t.get_flags. - */ -static x509_flag_t get_flags(private_x509_cert_t *this) -{ - return this->flags; -} - -/** - * Implementation of x509_cert_t.get_validity. - */ -static bool get_validity(private_x509_cert_t *this, time_t *when, - time_t *not_before, time_t *not_after) -======= METHOD(certificate_t, get_ref, certificate_t*, private_x509_cert_t *this) { @@ -1812,7 +1629,6 @@ METHOD(certificate_t, get_ref, certificate_t*, METHOD(certificate_t, get_validity, bool, private_x509_cert_t *this, time_t *when, time_t *not_before, time_t *not_after) ->>>>>>> upstream/4.5.1 { time_t t = when ? *when : time(NULL); @@ -1827,16 +1643,8 @@ METHOD(certificate_t, get_validity, bool, return (t >= this->notBefore && t <= this->notAfter); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.get_encoding. - */ -static bool get_encoding(private_x509_cert_t *this, cred_encoding_type_t type, - chunk_t *encoding) -======= METHOD(certificate_t, get_encoding, bool, private_x509_cert_t *this, cred_encoding_type_t type, chunk_t *encoding) ->>>>>>> upstream/4.5.1 { if (type == CERT_ASN1_DER) { @@ -1847,15 +1655,8 @@ METHOD(certificate_t, get_encoding, bool, CRED_PART_X509_ASN1_DER, this->encoding, CRED_PART_END); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.equals. - */ -static bool equals(private_x509_cert_t *this, certificate_t *other) -======= METHOD(certificate_t, equals, bool, private_x509_cert_t *this, certificate_t *other) ->>>>>>> upstream/4.5.1 { chunk_t encoding; bool equal; @@ -1881,12 +1682,6 @@ METHOD(certificate_t, equals, bool, return equal; } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_serial. - */ -static chunk_t get_serial(private_x509_cert_t *this) -======= METHOD(x509_t, get_flags, x509_flag_t, private_x509_cert_t *this) { @@ -1895,20 +1690,12 @@ METHOD(x509_t, get_flags, x509_flag_t, METHOD(x509_t, get_serial, chunk_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->serialNumber; } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_subjectKeyIdentifier. - */ -static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this) -======= METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { if (this->subjectKeyIdentifier.ptr) { @@ -1930,33 +1717,12 @@ METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, } } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_authKeyIdentifier. - */ -static chunk_t get_authKeyIdentifier(private_x509_cert_t *this) -======= METHOD(x509_t, get_authKeyIdentifier, chunk_t, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->authKeyIdentifier; } -<<<<<<< HEAD -/** - * Implementation of x509_t.get_pathLenConstraint. - */ -static int get_pathLenConstraint(private_x509_cert_t *this) -{ - return this->pathLenConstraint; -} - -/** - * Implementation of x509_cert_t.create_subjectAltName_enumerator. - */ -static enumerator_t* create_subjectAltName_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, get_constraint, u_int, private_x509_cert_t *this, x509_constraint_t type) { @@ -1977,56 +1743,28 @@ METHOD(x509_t, get_constraint, u_int, METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->subjectAltNames->create_enumerator(this->subjectAltNames); } -<<<<<<< HEAD -/** - * Implementation of x509_cert_t.create_ocsp_uri_enumerator. - */ -static enumerator_t* create_ocsp_uri_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->ocsp_uris->create_enumerator(this->ocsp_uris); } -<<<<<<< HEAD -/** - * Implementation of x509_cert_t.create_crl_uri_enumerator. - */ -static enumerator_t* create_crl_uri_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, create_crl_uri_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->crl_uris->create_enumerator(this->crl_uris); } -<<<<<<< HEAD -/** - * Implementation of x509_cert_t.create_ipAddrBlock_enumerator. - */ -static enumerator_t* create_ipAddrBlock_enumerator(private_x509_cert_t *this) -======= METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { return this->ipAddrBlocks->create_enumerator(this->ipAddrBlocks); } -<<<<<<< HEAD -/** - * Implementation of certificate_t.destroy. - */ -static void destroy(private_x509_cert_t *this) -======= METHOD(x509_t, create_name_constraint_enumerator, enumerator_t*, private_x509_cert_t *this, bool perm) { @@ -2051,17 +1789,11 @@ METHOD(x509_t, create_policy_mapping_enumerator, enumerator_t*, METHOD(certificate_t, destroy, void, private_x509_cert_t *this) ->>>>>>> upstream/4.5.1 { if (ref_put(&this->ref)) { this->subjectAltNames->destroy_offset(this->subjectAltNames, offsetof(identification_t, destroy)); -<<<<<<< HEAD - this->crl_uris->destroy_function(this->crl_uris, free); - this->ocsp_uris->destroy_function(this->ocsp_uris, free); - this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, offsetof(traffic_selector_t, destroy)); -======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); this->ocsp_uris->destroy_function(this->ocsp_uris, free); this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, @@ -2074,7 +1806,6 @@ METHOD(certificate_t, destroy, void, (void*)cert_policy_destroy); this->policy_mappings->destroy_function(this->policy_mappings, (void*)policy_mapping_destroy); ->>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); @@ -2096,56 +1827,6 @@ METHOD(certificate_t, destroy, void, */ static private_x509_cert_t* create_empty(void) { -<<<<<<< HEAD - private_x509_cert_t *this = malloc_thing(private_x509_cert_t); - - this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; - this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; - this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; - this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; - this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; - this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; - this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; - this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; - this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; - this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; - this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; - this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; - this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; - this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; - this->public.interface.get_subjectKeyIdentifier = (chunk_t (*)(x509_t*))get_subjectKeyIdentifier; - this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier; - this->public.interface.get_pathLenConstraint = (int (*)(x509_t*))get_pathLenConstraint; - this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator; - this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator; - this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; - this->public.interface.create_ipAddrBlock_enumerator = (enumerator_t* (*)(x509_t*))create_ipAddrBlock_enumerator; - - this->encoding = chunk_empty; - this->encoding_hash = chunk_empty; - this->tbsCertificate = chunk_empty; - this->version = 1; - this->serialNumber = chunk_empty; - this->notBefore = 0; - this->notAfter = 0; - this->public_key = NULL; - this->subject = NULL; - this->issuer = NULL; - this->subjectAltNames = linked_list_create(); - this->crl_uris = linked_list_create(); - this->ocsp_uris = linked_list_create(); - this->ipAddrBlocks = linked_list_create(); - this->subjectKeyIdentifier = chunk_empty; - this->authKeyIdentifier = chunk_empty; - this->authKeySerialNumber = chunk_empty; - this->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; - this->algorithm = 0; - this->signature = chunk_empty; - this->flags = 0; - this->ref = 1; - this->parsed = FALSE; - -======= private_x509_cert_t *this; INIT(this, @@ -2194,13 +1875,10 @@ static private_x509_cert_t* create_empty(void) .inhibit_any = X509_NO_CONSTRAINT, .ref = 1, ); ->>>>>>> upstream/4.5.1 return this; } /** -<<<<<<< HEAD -======= * Build a generalName from an id */ chunk_t build_generalName(identification_t *id) @@ -2231,16 +1909,11 @@ chunk_t build_generalName(identification_t *id) } /** ->>>>>>> upstream/4.5.1 * Encode a linked list of subjectAltNames */ chunk_t x509_build_subjectAltNames(linked_list_t *list) { -<<<<<<< HEAD - chunk_t subjectAltNames = chunk_empty; -======= chunk_t subjectAltNames = chunk_empty, name; ->>>>>>> upstream/4.5.1 enumerator_t *enumerator; identification_t *id; @@ -2252,33 +1925,7 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &id)) { -<<<<<<< HEAD - int context; - chunk_t name; - - switch (id->get_type(id)) - { - case ID_RFC822_ADDR: - context = ASN1_CONTEXT_S_1; - break; - case ID_FQDN: - context = ASN1_CONTEXT_S_2; - break; - case ID_IPV4_ADDR: - case ID_IPV6_ADDR: - context = ASN1_CONTEXT_S_7; - break; - default: - DBG1(DBG_LIB, "encoding %N as subjectAltName not supported", - id_type_names, id->get_type(id)); - enumerator->destroy(enumerator); - free(subjectAltNames.ptr); - return chunk_empty; - } - name = asn1_wrap(context, "c", id->get_encoding(id)); -======= name = build_generalName(id); ->>>>>>> upstream/4.5.1 subjectAltNames = chunk_cat("mm", subjectAltNames, name); } enumerator->destroy(enumerator); @@ -2292,8 +1939,6 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) } /** -<<<<<<< HEAD -======= * Encode CRL distribution points extension from a x509_cdp_t list */ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) @@ -2335,7 +1980,6 @@ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) } /** ->>>>>>> upstream/4.5.1 * Generate and sign a new certificate */ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, @@ -2343,14 +1987,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty; chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty; -<<<<<<< HEAD - chunk_t ocspSigning = chunk_empty; - chunk_t basicConstraints = chunk_empty; - chunk_t keyUsage = chunk_empty; - chunk_t subjectAltNames = chunk_empty; - chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; - chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; -======= chunk_t ocspSigning = chunk_empty, certPolicies = chunk_empty; chunk_t basicConstraints = chunk_empty, nameConstraints = chunk_empty; chunk_t keyUsage = chunk_empty, keyUsageBits = chunk_empty; @@ -2358,7 +1994,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; chunk_t policyConstraints = chunk_empty, inhibitAnyPolicy = chunk_empty; ->>>>>>> upstream/4.5.1 identification_t *issuer, *subject; chunk_t key_info; signature_scheme_t scheme; @@ -2412,34 +2047,8 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, /* encode subjectAltNames */ subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); -<<<<<<< HEAD - /* encode CRL distribution points extension */ - enumerator = cert->crl_uris->create_enumerator(cert->crl_uris); - while (enumerator->enumerate(enumerator, &uri)) - { - chunk_t distributionPoint; - - distributionPoint = asn1_wrap(ASN1_SEQUENCE, "m", - asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_CONTEXT_S_6, "c", - chunk_create(uri, strlen(uri)))))); - - crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, - distributionPoint); - } - enumerator->destroy(enumerator); - if (crlDistributionPoints.ptr) - { - crlDistributionPoints = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_build_known_oid(OID_CRL_DISTRIBUTION_POINTS), - asn1_wrap(ASN1_OCTET_STRING, "m", - asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); - } -======= crlDistributionPoints = x509_build_crlDistributionPoints(cert->crl_uris, OID_CRL_DISTRIBUTION_POINTS); ->>>>>>> upstream/4.5.1 /* encode OCSP URIs in authorityInfoAccess extension */ enumerator = cert->ocsp_uris->create_enumerator(cert->ocsp_uris); @@ -2468,18 +2077,10 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t pathLenConstraint = chunk_empty; -<<<<<<< HEAD - if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) - { - char pathlen = (char)cert->pathLenConstraint; - - pathLenConstraint = asn1_integer("c", chunk_from_thing(pathlen)); -======= if (cert->pathLenConstraint != X509_NO_CONSTRAINT) { pathLenConstraint = asn1_integer("c", chunk_from_thing(cert->pathLenConstraint)); ->>>>>>> upstream/4.5.1 } basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm", asn1_build_known_oid(OID_BASIC_CONSTRAINTS), @@ -2490,15 +2091,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), pathLenConstraint))); -<<<<<<< HEAD - keyUsage = asn1_wrap(ASN1_SEQUENCE, "mmm", - asn1_build_known_oid(OID_KEY_USAGE), - asn1_wrap(ASN1_BOOLEAN, "c", - chunk_from_chars(0xFF)), - asn1_wrap(ASN1_OCTET_STRING, "m", - asn1_wrap(ASN1_BIT_STRING, "c", - chunk_from_chars(0x01, 0x06)))); -======= /* set CertificateSign and implicitly CRLsign */ keyUsageBits = chunk_from_chars(0x01, 0x06); } @@ -2513,7 +2105,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), asn1_wrap(ASN1_OCTET_STRING, "m", asn1_wrap(ASN1_BIT_STRING, "c", keyUsageBits))); ->>>>>>> upstream/4.5.1 } /* add serverAuth extendedKeyUsage flag */ @@ -2542,11 +2133,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, } /* add subjectKeyIdentifier to CA and OCSP signer certificates */ -<<<<<<< HEAD - if (cert->flags & (X509_CA | X509_OCSP_SIGNER)) -======= if (cert->flags & (X509_CA | X509_OCSP_SIGNER | X509_CRL_SIGN)) ->>>>>>> upstream/4.5.1 { chunk_t keyid; @@ -2574,17 +2161,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_CONTEXT_S_0, "c", keyid)))); } } -<<<<<<< HEAD - if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr || - crlDistributionPoints.ptr) - { - extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m", - asn1_wrap(ASN1_SEQUENCE, "mmmmmmmm", - basicConstraints, keyUsage, subjectKeyIdentifier, - authKeyIdentifier, subjectAltNames, - extendedKeyUsage, crlDistributionPoints, - authorityInfoAccess)); -======= if (cert->permitted_names->get_count(cert->permitted_names) || cert->excluded_names->get_count(cert->excluded_names)) @@ -2732,7 +2308,6 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, extendedKeyUsage, crlDistributionPoints, authorityInfoAccess, nameConstraints, certPolicies, policyMappings, policyConstraints, inhibitAnyPolicy)); ->>>>>>> upstream/4.5.1 } cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", @@ -2815,10 +2390,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) certificate_t *sign_cert = NULL; private_key_t *sign_key = NULL; hash_algorithm_t digest_alg = HASH_SHA1; -<<<<<<< HEAD -======= u_int constraint; ->>>>>>> upstream/4.5.1 cert = create_empty(); while (TRUE) @@ -2862,15 +2434,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) { enumerator_t *enumerator; linked_list_t *list; -<<<<<<< HEAD - char *uri; - - list = va_arg(args, linked_list_t*); - enumerator = list->create_enumerator(list); - while (enumerator->enumerate(enumerator, &uri)) - { - cert->crl_uris->insert_last(cert->crl_uris, strdup(uri)); -======= x509_cdp_t *in, *cdp; list = va_arg(args, linked_list_t*); @@ -2882,7 +2445,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) .issuer = in->issuer ? in->issuer->clone(in->issuer) : NULL, ); cert->crl_uris->insert_last(cert->crl_uris, cdp); ->>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); continue; @@ -2903,13 +2465,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) continue; } case BUILD_PATHLEN: -<<<<<<< HEAD - cert->pathLenConstraint = va_arg(args, int); - if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) - { - cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; - } -======= constraint = va_arg(args, u_int); cert->pathLenConstraint = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; @@ -3000,7 +2555,6 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) constraint = va_arg(args, u_int); cert->inhibit_any = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; ->>>>>>> upstream/4.5.1 continue; case BUILD_NOT_BEFORE_TIME: cert->notBefore = va_arg(args, time_t); diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 3e62681f5..758505ab5 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -100,14 +100,11 @@ struct private_x509_crl_t { linked_list_t *revoked; /** -<<<<<<< HEAD -======= * List of Freshest CRL distribution points */ linked_list_t *crl_uris; /** ->>>>>>> upstream/4.5.1 * Authority Key Identifier */ chunk_t authKeyIdentifier; @@ -118,14 +115,11 @@ struct private_x509_crl_t { chunk_t authKeySerialNumber; /** -<<<<<<< HEAD -======= * Number of BaseCRL, if a delta CRL */ chunk_t baseCrlNumber; /** ->>>>>>> upstream/4.5.1 * Signature algorithm */ int algorithm; @@ -149,11 +143,6 @@ struct private_x509_crl_t { /** * from x509_cert */ -<<<<<<< HEAD -extern chunk_t x509_parse_authorityKeyIdentifier( - chunk_t blob, int level0, - chunk_t *authKeySerialNumber); -======= extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber); @@ -167,7 +156,6 @@ extern void x509_parse_crlDistributionPoints(chunk_t blob, int level0, * from x509_cert */ extern chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn); ->>>>>>> upstream/4.5.1 /** * ASN.1 definition of an X.509 certificate revocation list @@ -238,11 +226,7 @@ static bool parse(private_x509_crl_t *this) int objectID; int sig_alg = OID_UNKNOWN; bool success = FALSE; -<<<<<<< HEAD - bool critical; -======= bool critical = FALSE; ->>>>>>> upstream/4.5.1 revoked_t *revoked = NULL; parser = asn1_parser_create(crlObjects, this->encoding); @@ -294,28 +278,6 @@ static bool parse(private_x509_crl_t *this) break; case CRL_OBJ_CRL_ENTRY_EXTN_VALUE: case CRL_OBJ_EXTN_VALUE: -<<<<<<< HEAD - { - int extn_oid = asn1_known_oid(extnID); - - if (revoked && extn_oid == OID_CRL_REASON_CODE) - { - if (*object.ptr == ASN1_ENUMERATED && - asn1_length(&object) == 1) - { - revoked->reason = *object.ptr; - } - DBG2(DBG_LIB, " '%N'", crl_reason_names, - revoked->reason); - } - else if (extn_oid == OID_AUTHORITY_KEY_ID) - { - this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, - level, &this->authKeySerialNumber); - } - else if (extn_oid == OID_CRL_NUMBER) - { -======= { int extn_oid = asn1_known_oid(extnID); @@ -339,18 +301,12 @@ static bool parse(private_x509_crl_t *this) object, level, &this->authKeySerialNumber); break; case OID_CRL_NUMBER: ->>>>>>> upstream/4.5.1 if (!asn1_parse_simple_object(&object, ASN1_INTEGER, level, "crlNumber")) { goto end; } this->crlNumber = object; -<<<<<<< HEAD - } - } - break; -======= break; case OID_FRESHEST_CRL: x509_parse_crlDistributionPoints(object, level, @@ -377,7 +333,6 @@ static bool parse(private_x509_crl_t *this) } break; } ->>>>>>> upstream/4.5.1 case CRL_OBJ_ALGORITHM: { this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); @@ -435,8 +390,6 @@ METHOD(crl_t, get_authKeyIdentifier, chunk_t, return this->authKeyIdentifier; } -<<<<<<< HEAD -======= METHOD(crl_t, is_delta_crl, bool, private_x509_crl_t *this, chunk_t *base_crl) { @@ -457,7 +410,6 @@ METHOD(crl_t, create_delta_crl_uri_enumerator, enumerator_t*, return this->crl_uris->create_enumerator(this->crl_uris); } ->>>>>>> upstream/4.5.1 METHOD(crl_t, create_enumerator, enumerator_t*, private_x509_crl_t *this) { @@ -502,11 +454,7 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } -<<<<<<< HEAD - if (!(x509->get_flags(x509) & X509_CA)) -======= if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN))) ->>>>>>> upstream/4.5.1 { return FALSE; } @@ -619,8 +567,6 @@ static void revoked_destroy(revoked_t *revoked) free(revoked); } -<<<<<<< HEAD -======= /** * Destroy a CDP entry */ @@ -631,27 +577,20 @@ static void cdp_destroy(x509_cdp_t *this) free(this); } ->>>>>>> upstream/4.5.1 METHOD(certificate_t, destroy, void, private_x509_crl_t *this) { if (ref_put(&this->ref)) { this->revoked->destroy_function(this->revoked, (void*)revoked_destroy); -<<<<<<< HEAD -======= this->crl_uris->destroy_function(this->crl_uris, (void*)cdp_destroy); ->>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); if (this->generated) { free(this->crlNumber.ptr); -<<<<<<< HEAD -======= free(this->baseCrlNumber.ptr); ->>>>>>> upstream/4.5.1 free(this->signature.ptr); free(this->tbsCertList.ptr); } @@ -685,19 +624,13 @@ static private_x509_crl_t* create_empty(void) }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, -<<<<<<< HEAD -======= .is_delta_crl = _is_delta_crl, .create_delta_crl_uri_enumerator = _create_delta_crl_uri_enumerator, ->>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, .revoked = linked_list_create(), -<<<<<<< HEAD -======= .crl_uris = linked_list_create(), ->>>>>>> upstream/4.5.1 .ref = 1, ); return this; @@ -766,10 +699,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, private_key_t *key, hash_algorithm_t digest_alg) { chunk_t extensions = chunk_empty, certList = chunk_empty, serial; -<<<<<<< HEAD -======= chunk_t crlDistributionPoints = chunk_empty, baseCrlNumber = chunk_empty; ->>>>>>> upstream/4.5.1 enumerator_t *enumerator; crl_reason_t reason; time_t date; @@ -777,11 +707,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, x509 = (x509_t*)cert; -<<<<<<< HEAD - this->issuer = cert->get_issuer(cert); -======= this->issuer = cert->get_subject(cert); ->>>>>>> upstream/4.5.1 this->issuer = this->issuer->clone(this->issuer); this->authKeyIdentifier = chunk_clone(x509->get_subjectKeyIdentifier(x509)); @@ -816,10 +742,6 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, } enumerator->destroy(enumerator); -<<<<<<< HEAD - extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", - asn1_wrap(ASN1_SEQUENCE, "mm", -======= crlDistributionPoints = x509_build_crlDistributionPoints(this->crl_uris, OID_FRESHEST_CRL); @@ -835,7 +757,6 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", asn1_wrap(ASN1_SEQUENCE, "mmmm", ->>>>>>> upstream/4.5.1 asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", @@ -845,14 +766,8 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_CRL_NUMBER), asn1_wrap(ASN1_OCTET_STRING, "m", -<<<<<<< HEAD - asn1_integer("c", this->crlNumber)) - ) - )); -======= asn1_integer("c", this->crlNumber))), crlDistributionPoints, baseCrlNumber)); ->>>>>>> upstream/4.5.1 this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cmcmmmm", ASN1_INTEGER_1, @@ -915,8 +830,6 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) case BUILD_REVOKED_ENUMERATOR: read_revoked(crl, va_arg(args, enumerator_t*)); continue; -<<<<<<< HEAD -======= case BUILD_BASE_CRL: crl->baseCrlNumber = va_arg(args, chunk_t); crl->baseCrlNumber = chunk_clone(crl->baseCrlNumber); @@ -940,7 +853,6 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) enumerator->destroy(enumerator); continue; } ->>>>>>> upstream/4.5.1 case BUILD_END: break; default: diff --git a/src/libstrongswan/plugins/x509/x509_ocsp_response.c b/src/libstrongswan/plugins/x509/x509_ocsp_response.c index 829f47f81..4cbe3f718 100644 --- a/src/libstrongswan/plugins/x509/x509_ocsp_response.c +++ b/src/libstrongswan/plugins/x509/x509_ocsp_response.c @@ -453,7 +453,7 @@ static const asn1Object_t basicResponseObjects[] = { { 5, "critical", ASN1_BOOLEAN, ASN1_BODY | ASN1_DEF }, /* 16 */ { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 17 */ - { 4, "end loop", ASN1_EOC, ASN1_END }, /* 18 */ + { 3, "end loop", ASN1_EOC, ASN1_END }, /* 18 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 19 */ { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 20 */ { 1, "signature", ASN1_BIT_STRING, ASN1_BODY }, /* 21 */ diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index a3c071f12..bfeb74b0e 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -36,15 +36,14 @@ struct private_x509_plugin_t { x509_plugin_t public; }; -<<<<<<< HEAD -/** - * Implementation of x509_plugin_t.x509troy - */ -static void destroy(private_x509_plugin_t *this) -======= +METHOD(plugin_t, get_name, char*, + private_x509_plugin_t *this) +{ + return "x509"; +} + METHOD(plugin_t, destroy, void, private_x509_plugin_t *this) ->>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)x509_cert_gen); @@ -74,21 +73,17 @@ METHOD(plugin_t, destroy, void, */ plugin_t *x509_plugin_create() { -<<<<<<< HEAD - private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t); - - this->public.plugin.destroy = (void(*)(plugin_t*))destroy; -======= private_x509_plugin_t *this; INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); ->>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, (builder_function_t)x509_cert_gen); diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 22b3c9543..35f868de4 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -220,13 +220,7 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ -<<<<<<< HEAD -ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ -ipsecuid = @ipsecuid@ -======= -ipsecgroup = @ipsecgroup@ ->>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -247,6 +241,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -265,14 +261,12 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ -<<<<<<< HEAD -======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ ->>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index be18d92b8..8ddde962c 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -236,13 +236,17 @@ METHOD(xcbc_t, set_key, void, memset(k1.ptr, 0x01, this->b); this->k1->encrypt(this->k1, k1, iv, NULL); this->k1->set_key(this->k1, k1); + + memwipe(k1.ptr, k1.len); } METHOD(xcbc_t, destroy, void, private_xcbc_t *this) { this->k1->destroy(this->k1); + memwipe(this->k2, this->b); free(this->k2); + memwipe(this->k3, this->b); free(this->k3); free(this->e); free(this->remaining); diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 19d5a03fe..0fcb093c8 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -19,11 +19,6 @@ #include "xcbc_signer.h" #include "xcbc_prf.h" -<<<<<<< HEAD -======= -static const char *plugin_name = "xcbc"; - ->>>>>>> upstream/4.5.1 typedef struct private_xcbc_plugin_t private_xcbc_plugin_t; /** @@ -37,6 +32,12 @@ struct private_xcbc_plugin_t { xcbc_plugin_t public; }; +METHOD(plugin_t, get_name, char*, + private_xcbc_plugin_t *this) +{ + return "xcbc"; +} + METHOD(plugin_t, destroy, void, private_xcbc_plugin_t *this) { @@ -53,49 +54,36 @@ METHOD(plugin_t, destroy, void, plugin_t *xcbc_plugin_create() { private_xcbc_plugin_t *this; -<<<<<<< HEAD -======= crypter_t *crypter; ->>>>>>> upstream/4.5.1 INIT(this, .public = { .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, }, ); -<<<<<<< HEAD - lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, - (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, - (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, - (signer_constructor_t)xcbc_signer_create); - lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, - (signer_constructor_t)xcbc_signer_create); - -======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, get_name(this), (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, get_name(this), (signer_constructor_t)xcbc_signer_create); } crypter = lib->crypto->create_crypter(lib->crypto, ENCR_CAMELLIA_CBC, 16); if (crypter) { crypter->destroy(crypter); - lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, plugin_name, + lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, get_name(this), (prf_constructor_t)xcbc_prf_create); - lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, plugin_name, + lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, get_name(this), (signer_constructor_t)xcbc_signer_create); } ->>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c index 1f57ffcce..7e7045d69 100644 --- a/src/libstrongswan/printf_hook.c +++ b/src/libstrongswan/printf_hook.c @@ -377,15 +377,8 @@ int vstr_wrapper_vasprintf(char **str, const char *format, va_list args) } #endif -<<<<<<< HEAD -/** - * Implementation of printf_hook_t.add_handler. - */ -static void add_handler(private_printf_hook_t *this, char spec, -======= METHOD(printf_hook_t, add_handler, void, private_printf_hook_t *this, char spec, ->>>>>>> upstream/4.5.1 printf_hook_function_t hook, ...) { int i = -1; @@ -444,15 +437,8 @@ METHOD(printf_hook_t, add_handler, void, } } -<<<<<<< HEAD -/** - * Implementation of printf_hook_t.destroy - */ -static void destroy(private_printf_hook_t *this) -======= METHOD(printf_hook_t, destroy, void, private_printf_hook_t *this) ->>>>>>> upstream/4.5.1 { int i; #ifdef USE_VSTR @@ -487,12 +473,6 @@ METHOD(printf_hook_t, destroy, void, */ printf_hook_t *printf_hook_create() { -<<<<<<< HEAD - private_printf_hook_t *this = malloc_thing(private_printf_hook_t); - - this->public.add_handler = (void(*)(printf_hook_t*, char, printf_hook_function_t, ...))add_handler; - this->public.destroy = (void(*)(printf_hook_t*))destroy; -======= private_printf_hook_t *this; INIT(this, @@ -501,7 +481,6 @@ printf_hook_t *printf_hook_create() .destroy = _destroy, }, ); ->>>>>>> upstream/4.5.1 memset(printf_hooks, 0, sizeof(printf_hooks)); diff --git a/src/libstrongswan/processing/jobs/callback_job.c b/src/libstrongswan/processing/jobs/callback_job.c index 556cbd907..0043a9cdb 100644 --- a/src/libstrongswan/processing/jobs/callback_job.c +++ b/src/libstrongswan/processing/jobs/callback_job.c @@ -1,6 +1,7 @@ /* * Copyright (C) 2009 Tobias Brunner - * Copyright (C) 2007 Martin Willi + * Copyright (C) 2007-2011 Martin Willi + * Copyright (C) 2011 revosec AG * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -29,6 +30,7 @@ typedef struct private_callback_job_t private_callback_job_t; * Private data of an callback_job_t Object. */ struct private_callback_job_t { + /** * Public callback_job_t interface. */ @@ -111,10 +113,8 @@ static void unregister(private_callback_job_t *this) } } -/** - * Implements job_t.destroy. - */ -static void destroy(private_callback_job_t *this) +METHOD(job_t, destroy, void, + private_callback_job_t *this) { this->mutex->lock(this->mutex); unregister(this); @@ -133,10 +133,8 @@ static void destroy(private_callback_job_t *this) free(this); } -/** - * Implementation of callback_job_t.cancel. - */ -static void cancel(private_callback_job_t *this) +METHOD(callback_job_t, cancel, void, + private_callback_job_t *this) { callback_job_t *child; sem_t *terminated = NULL; @@ -177,10 +175,8 @@ static void cancel(private_callback_job_t *this) } } -/** - * Implementation of job_t.execute. - */ -static void execute(private_callback_job_t *this) +METHOD(job_t, execute, void, + private_callback_job_t *this) { bool cleanup = FALSE, requeue = FALSE; @@ -226,8 +222,7 @@ static void execute(private_callback_job_t *this) thread_cancellation_point(); if (requeue) { - lib->processor->queue_job(lib->processor, - &this->public.job_interface); + lib->processor->queue_job(lib->processor, &this->public.job); } thread_cleanup_pop(cleanup); } @@ -239,24 +234,24 @@ callback_job_t *callback_job_create(callback_job_cb_t cb, void *data, callback_job_cleanup_t cleanup, callback_job_t *parent) { - private_callback_job_t *this = malloc_thing(private_callback_job_t); - - /* interface functions */ - this->public.job_interface.execute = (void (*) (job_t *)) execute; - this->public.job_interface.destroy = (void (*) (job_t *)) destroy; - this->public.cancel = (void(*)(callback_job_t*))cancel; + private_callback_job_t *this; - /* private variables */ - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->callback = cb; - this->data = data; - this->cleanup = cleanup; - this->thread = 0; - this->children = linked_list_create(); - this->parent = (private_callback_job_t*)parent; - this->cancelled = FALSE; - this->destroyable = condvar_create(CONDVAR_TYPE_DEFAULT); - this->terminated = NULL; + INIT(this, + .public = { + .job = { + .execute = _execute, + .destroy = _destroy, + }, + .cancel = _cancel, + }, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .callback = cb, + .data = data, + .cleanup = cleanup, + .children = linked_list_create(), + .parent = (private_callback_job_t*)parent, + .destroyable = condvar_create(CONDVAR_TYPE_DEFAULT), + ); /* register us at parent */ if (parent) diff --git a/src/libstrongswan/processing/jobs/callback_job.h b/src/libstrongswan/processing/jobs/callback_job.h index 62da1edd1..1eb5664d3 100644 --- a/src/libstrongswan/processing/jobs/callback_job.h +++ b/src/libstrongswan/processing/jobs/callback_job.h @@ -1,5 +1,6 @@ /* - * Copyright (C) 2007 Martin Willi + * Copyright (C) 2007-2011 Martin Willi + * Copyright (C) 2011 revosec AG * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -30,7 +31,7 @@ typedef struct callback_job_t callback_job_t; typedef enum job_requeue_t job_requeue_t; /** - * Job requeueing policy + * Job requeueing policy. * * The job requeueing policy defines how a job is handled when the callback * function returns. @@ -84,15 +85,19 @@ typedef void (*callback_job_cleanup_t)(void *data); * of asynchronous methods, without to manage threads. */ struct callback_job_t { + /** * The job_t interface. */ - job_t job_interface; + job_t job; /** - * Cancel the job's thread and wait for its termination. This only works - * reliably for jobs that always use JOB_REQUEUE_FAIR or JOB_REQUEUE_DIRECT, - * otherwise the job may already be destroyed when cancel is called. */ + * Cancel the job's thread and wait for its termination. + * + * This only works reliably for jobs that always use JOB_REQUEUE_FAIR or + * JOB_REQUEUE_DIRECT, otherwise the job may already be destroyed when + * cancel is called. + */ void (*cancel)(callback_job_t *this); }; diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index 6c0d9aa84..de556f86b 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2005-2007 Martin Willi + * Copyright (C) 2005-2011 Martin Willi + * Copyright (C) 2011 revosec AG * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil * @@ -136,50 +137,46 @@ static void process_jobs(private_processor_t *this) thread_cleanup_pop(FALSE); this->mutex->lock(this->mutex); } + this->total_threads--; + this->thread_terminated->signal(this->thread_terminated); this->mutex->unlock(this->mutex); - restart(this); } -/** - * Implementation of processor_t.get_total_threads. - */ -static u_int get_total_threads(private_processor_t *this) +METHOD(processor_t, get_total_threads, u_int, + private_processor_t *this) { u_int count; + this->mutex->lock(this->mutex); count = this->total_threads; this->mutex->unlock(this->mutex); return count; } -/** - * Implementation of processor_t.get_idle_threads. - */ -static u_int get_idle_threads(private_processor_t *this) +METHOD(processor_t, get_idle_threads, u_int, + private_processor_t *this) { u_int count; + this->mutex->lock(this->mutex); count = this->idle_threads; this->mutex->unlock(this->mutex); return count; } -/** - * implements processor_t.get_job_load - */ -static u_int get_job_load(private_processor_t *this) +METHOD(processor_t, get_job_load, u_int, + private_processor_t *this) { u_int load; + this->mutex->lock(this->mutex); load = this->list->get_count(this->list); this->mutex->unlock(this->mutex); return load; } -/** - * implements function processor_t.queue_job - */ -static void queue_job(private_processor_t *this, job_t *job) +METHOD(processor_t, queue_job, void, + private_processor_t *this, job_t *job) { this->mutex->lock(this->mutex); this->list->insert_last(this->list, job); @@ -187,10 +184,8 @@ static void queue_job(private_processor_t *this, job_t *job) this->mutex->unlock(this->mutex); } -/** - * Implementation of processor_t.set_threads. - */ -static void set_threads(private_processor_t *this, u_int count) +METHOD(processor_t, set_threads, void, + private_processor_t *this, u_int count) { this->mutex->lock(this->mutex); if (count > this->total_threads) @@ -218,12 +213,11 @@ static void set_threads(private_processor_t *this, u_int count) this->mutex->unlock(this->mutex); } -/** - * Implementation of processor_t.destroy. - */ -static void destroy(private_processor_t *this) +METHOD(processor_t, destroy, void, + private_processor_t *this) { thread_t *current; + set_threads(this, 0); this->mutex->lock(this->mutex); while (this->total_threads > 0) @@ -248,29 +242,25 @@ static void destroy(private_processor_t *this) /* * Described in header. */ -<<<<<<< HEAD -processor_t *processor_create(size_t pool_size) -======= processor_t *processor_create() ->>>>>>> upstream/4.5.1 { - private_processor_t *this = malloc_thing(private_processor_t); - - this->public.get_total_threads = (u_int(*)(processor_t*))get_total_threads; - this->public.get_idle_threads = (u_int(*)(processor_t*))get_idle_threads; - this->public.get_job_load = (u_int(*)(processor_t*))get_job_load; - this->public.queue_job = (void(*)(processor_t*, job_t*))queue_job; - this->public.set_threads = (void(*)(processor_t*, u_int))set_threads; - this->public.destroy = (void(*)(processor_t*))destroy; - - this->list = linked_list_create(); - this->threads = linked_list_create(); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->job_added = condvar_create(CONDVAR_TYPE_DEFAULT); - this->thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT); - this->total_threads = 0; - this->desired_threads = 0; - this->idle_threads = 0; + private_processor_t *this; + + INIT(this, + .public = { + .get_total_threads = _get_total_threads, + .get_idle_threads = _get_idle_threads, + .get_job_load = _get_job_load, + .queue_job = _queue_job, + .set_threads = _set_threads, + .destroy = _destroy, + }, + .list = linked_list_create(), + .threads = linked_list_create(), + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .job_added = condvar_create(CONDVAR_TYPE_DEFAULT), + .thread_terminated = condvar_create(CONDVAR_TYPE_DEFAULT), + ); return &this->public; } diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c index e23f04598..7d9bcd70f 100644 --- a/src/libstrongswan/processing/scheduler.c +++ b/src/libstrongswan/processing/scheduler.c @@ -232,10 +232,8 @@ static job_requeue_t schedule(private_scheduler_t * this) return JOB_REQUEUE_DIRECT; } -/** - * Implements scheduler_t.get_job_load - */ -static u_int get_job_load(private_scheduler_t *this) +METHOD(scheduler_t, get_job_load, u_int, + private_scheduler_t *this) { int count; this->mutex->lock(this->mutex); @@ -244,10 +242,8 @@ static u_int get_job_load(private_scheduler_t *this) return count; } -/** - * Implements scheduler_t.schedule_job_tv. - */ -static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) +METHOD(scheduler_t, schedule_job_tv, void, + private_scheduler_t *this, job_t *job, timeval_t tv) { event_t *event; u_int position; @@ -283,10 +279,8 @@ static void schedule_job_tv(private_scheduler_t *this, job_t *job, timeval_t tv) this->mutex->unlock(this->mutex); } -/** - * Implements scheduler_t.schedule_job. - */ -static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) +METHOD(scheduler_t, schedule_job, void, + private_scheduler_t *this, job_t *job, u_int32_t s) { timeval_t tv; @@ -296,10 +290,8 @@ static void schedule_job(private_scheduler_t *this, job_t *job, u_int32_t s) schedule_job_tv(this, job, tv); } -/** - * Implements scheduler_t.schedule_job_ms. - */ -static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms) +METHOD(scheduler_t, schedule_job_ms, void, + private_scheduler_t *this, job_t *job, u_int32_t ms) { timeval_t tv, add; @@ -312,10 +304,8 @@ static void schedule_job_ms(private_scheduler_t *this, job_t *job, u_int32_t ms) schedule_job_tv(this, job, tv); } -/** - * Implementation of scheduler_t.destroy. - */ -static void destroy(private_scheduler_t *this) +METHOD(scheduler_t, destroy, void, + private_scheduler_t *this) { event_t *event; this->job->cancel(this->job); @@ -334,22 +324,23 @@ static void destroy(private_scheduler_t *this) */ scheduler_t * scheduler_create() { - private_scheduler_t *this = malloc_thing(private_scheduler_t); - - this->public.get_job_load = (u_int (*) (scheduler_t *this)) get_job_load; - this->public.schedule_job = (void (*) (scheduler_t *this, job_t *job, u_int32_t s)) schedule_job; - this->public.schedule_job_ms = (void (*) (scheduler_t *this, job_t *job, u_int32_t ms)) schedule_job_ms; - this->public.schedule_job_tv = (void (*) (scheduler_t *this, job_t *job, timeval_t tv)) schedule_job_tv; - this->public.destroy = (void(*)(scheduler_t*)) destroy; + private_scheduler_t *this; + + INIT(this, + .public = { + .get_job_load = _get_job_load, + .schedule_job = _schedule_job, + .schedule_job_ms = _schedule_job_ms, + .schedule_job_tv = _schedule_job_tv, + .destroy = _destroy, + }, + .heap_size = HEAP_SIZE_DEFAULT, + .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + ); - /* Note: the root of the heap is at index 1 */ - this->event_count = 0; - this->heap_size = HEAP_SIZE_DEFAULT; this->heap = (event_t**)calloc(this->heap_size + 1, sizeof(event_t*)); - this->mutex = mutex_create(MUTEX_TYPE_DEFAULT); - this->condvar = condvar_create(CONDVAR_TYPE_DEFAULT); - this->job = callback_job_create((callback_job_cb_t)schedule, this, NULL, NULL); lib->processor->queue_job(lib->processor, (job_t*)this->job); diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index f675f51f1..32da194ef 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -393,23 +393,15 @@ static bool equals(private_traffic_selector_t *this, private_traffic_selector_t switch (this->type) { case TS_IPV4_ADDR_RANGE: -<<<<<<< HEAD - if (memeq(this->from4, other->from4, sizeof(this->from4))) -======= if (memeq(this->from4, other->from4, sizeof(this->from4)) && memeq(this->to4, other->to4, sizeof(this->to4))) ->>>>>>> upstream/4.5.1 { return TRUE; } break; case TS_IPV6_ADDR_RANGE: -<<<<<<< HEAD - if (memeq(this->from6, other->from6, sizeof(this->from6))) -======= if (memeq(this->from6, other->from6, sizeof(this->from6)) && memeq(this->to6, other->to6, sizeof(this->to6))) ->>>>>>> upstream/4.5.1 { return TRUE; } diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c index c16c6a1f1..8a2248b46 100644 --- a/src/libstrongswan/settings.c +++ b/src/libstrongswan/settings.c @@ -1,8 +1,5 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -22,24 +19,23 @@ #include <stdarg.h> #include <stdio.h> #include <errno.h> -<<<<<<< HEAD -======= #include <limits.h> -#include <glob.h> #include <libgen.h> ->>>>>>> upstream/4.5.1 +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> + +#ifdef HAVE_GLOB_H +#include <glob.h> +#endif /* HAVE_GLOB_H */ #include "settings.h" #include "debug.h" #include "utils/linked_list.h" -<<<<<<< HEAD - -======= #include "threading/rwlock.h" #define MAX_INCLUSION_LEVEL 10 ->>>>>>> upstream/4.5.1 typedef struct private_settings_t private_settings_t; typedef struct section_t section_t; @@ -61,11 +57,6 @@ struct private_settings_t { section_t *top; /** -<<<<<<< HEAD - * allocated file text - */ - char *text; -======= * contents of loaded files and in-memory settings (char*) */ linked_list_t *contents; @@ -74,7 +65,6 @@ struct private_settings_t { * lock to safely access the settings */ rwlock_t *lock; ->>>>>>> upstream/4.5.1 }; /** @@ -115,8 +105,6 @@ struct kv_t { }; /** -<<<<<<< HEAD -======= * create a key/value pair */ static kv_t *kv_create(char *key, char *value) @@ -164,6 +152,17 @@ static void section_destroy(section_t *this) } /** + * Purge contents of a section + */ +static void section_purge(section_t *this) +{ + this->kv->destroy_function(this->kv, (void*)kv_destroy); + this->kv = linked_list_create(); + this->sections->destroy_function(this->sections, (void*)section_destroy); + this->sections = linked_list_create(); +} + +/** * callback to find a section by name */ static bool section_find(section_t *this, char *name) @@ -180,7 +179,6 @@ static bool kv_find(kv_t *this, char *key) } /** ->>>>>>> upstream/4.5.1 * Print a format key, but consume already processed arguments */ static bool print_key(char *buf, int len, char *start, char *key, va_list args) @@ -229,16 +227,6 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args) } /** -<<<<<<< HEAD - * find a section by a given key, using buffered key, reusable buffer - */ -static section_t *find_section_buffered(section_t *section, - char *start, char *key, va_list args, char *buf, int len) -{ - char *pos; - enumerator_t *enumerator; - section_t *current, *found = NULL; -======= * Find a section by a given key, using buffered key, reusable buffer. * If "ensure" is TRUE, the sections are created if they don't exist. */ @@ -248,7 +236,6 @@ static section_t *find_section_buffered(section_t *section, { char *pos; section_t *found = NULL; ->>>>>>> upstream/4.5.1 if (section == NULL) { @@ -264,21 +251,6 @@ static section_t *find_section_buffered(section_t *section, { return NULL; } -<<<<<<< HEAD - enumerator = section->sections->create_enumerator(section->sections); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (streq(current->name, buf)) - { - found = current; - break; - } - } - enumerator->destroy(enumerator); - if (found && pos) - { - return find_section_buffered(found, start, pos, args, buf, len); -======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -292,19 +264,11 @@ static section_t *find_section_buffered(section_t *section, if (found && pos) { return find_section_buffered(found, start, pos, args, buf, len, ensure); ->>>>>>> upstream/4.5.1 } return found; } /** -<<<<<<< HEAD - * find a section by a given key - */ -static section_t *find_section(section_t *section, char *key, va_list args) -{ - char buf[128], keybuf[512]; -======= * Find a section by a given key (thread-safe). */ static section_t *find_section(private_settings_t *this, section_t *section, @@ -312,27 +276,11 @@ static section_t *find_section(private_settings_t *this, section_t *section, { char buf[128], keybuf[512]; section_t *found; ->>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } -<<<<<<< HEAD - return find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); -} - -/** - * Find the string value for a key, using buffered key, reusable buffer - */ -static char *find_value_buffered(section_t *section, - char *start, char *key, va_list args, char *buf, int len) -{ - char *pos, *value = NULL; - enumerator_t *enumerator; - kv_t *kv; - section_t *current, *found = NULL; -======= this->lock->read_lock(this->lock); found = find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -372,7 +320,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, char *pos; kv_t *kv = NULL; section_t *found = NULL; ->>>>>>> upstream/4.5.1 if (section == NULL) { @@ -389,22 +336,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } -<<<<<<< HEAD - enumerator = section->sections->create_enumerator(section->sections); - while (enumerator->enumerate(enumerator, ¤t)) - { - if (streq(current->name, buf)) - { - found = current; - break; - } - } - enumerator->destroy(enumerator); - if (found) - { - return find_value_buffered(found, start, pos, args, buf, len); - } -======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -418,7 +349,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, } return find_value_buffered(found, start, pos, args, buf, len, ensure); ->>>>>>> upstream/4.5.1 } else { @@ -426,28 +356,6 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } -<<<<<<< HEAD - enumerator = section->kv->create_enumerator(section->kv); - while (enumerator->enumerate(enumerator, &kv)) - { - if (streq(kv->key, buf)) - { - value = kv->value; - break; - } - } - enumerator->destroy(enumerator); - } - return value; -} - -/** - * Find the string value for a key - */ -static char *find_value(section_t *section, char *key, va_list args) -{ - char buf[128], keybuf[512]; -======= if (section->kv->find_first(section->kv, (linked_list_match_t)kv_find, (void**)&kv, buf) != SUCCESS) { @@ -469,21 +377,11 @@ static char *find_value(private_settings_t *this, section_t *section, { char buf[128], keybuf[512], *value = NULL; kv_t *kv; ->>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } -<<<<<<< HEAD - return find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); -} - -/** - * Implementation of settings_t.get. - */ -static char* get_str(private_settings_t *this, char *key, char *def, ...) -======= this->lock->read_lock(this->lock); kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -532,17 +430,12 @@ static void set_value(private_settings_t *this, section_t *section, METHOD(settings_t, get_str, char*, private_settings_t *this, char *key, char *def, ...) ->>>>>>> upstream/4.5.1 { char *value; va_list args; va_start(args, def); -<<<<<<< HEAD - value = find_value(this->top, key, args); -======= value = find_value(this, this->top, key, args); ->>>>>>> upstream/4.5.1 va_end(args); if (value) { @@ -552,31 +445,6 @@ METHOD(settings_t, get_str, char*, } /** -<<<<<<< HEAD - * Implementation of settings_t.get_bool. - */ -static bool get_bool(private_settings_t *this, char *key, bool def, ...) -{ - char *value; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); - if (value) - { - if (strcaseeq(value, "true") || - strcaseeq(value, "enabled") || - strcaseeq(value, "yes") || - strcaseeq(value, "1")) - { - return TRUE; - } - else if (strcaseeq(value, "false") || - strcaseeq(value, "disabled") || - strcaseeq(value, "no") || - strcaseeq(value, "0")) -======= * Described in header */ inline bool settings_value_as_bool(char *value, bool def) @@ -594,7 +462,6 @@ inline bool settings_value_as_bool(char *value, bool def) strcaseeq(value, "no") || strcaseeq(value, "false") || strcaseeq(value, "disabled")) ->>>>>>> upstream/4.5.1 { return FALSE; } @@ -602,20 +469,6 @@ inline bool settings_value_as_bool(char *value, bool def) return def; } -<<<<<<< HEAD -/** - * Implementation of settings_t.get_int. - */ -static int get_int(private_settings_t *this, char *key, int def, ...) -{ - char *value; - int intval; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); -======= METHOD(settings_t, get_bool, bool, private_settings_t *this, char *key, bool def, ...) { @@ -634,7 +487,6 @@ METHOD(settings_t, get_bool, bool, inline int settings_value_as_int(char *value, int def) { int intval; ->>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -647,20 +499,6 @@ inline int settings_value_as_int(char *value, int def) return def; } -<<<<<<< HEAD -/** - * Implementation of settings_t.get_double. - */ -static double get_double(private_settings_t *this, char *key, double def, ...) -{ - char *value; - double dval; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); -======= METHOD(settings_t, get_int, int, private_settings_t *this, char *key, int def, ...) { @@ -679,7 +517,6 @@ METHOD(settings_t, get_int, int, inline double settings_value_as_double(char *value, double def) { double dval; ->>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -692,20 +529,6 @@ inline double settings_value_as_double(char *value, double def) return def; } -<<<<<<< HEAD -/** - * Implementation of settings_t.get_time. - */ -static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, ...) -{ - char *value, *endptr; - u_int32_t timeval; - va_list args; - - va_start(args, def); - value = find_value(this->top, key, args); - va_end(args); -======= METHOD(settings_t, get_double, double, private_settings_t *this, char *key, double def, ...) { @@ -725,7 +548,6 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) { char *endptr; u_int32_t timeval; ->>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -744,11 +566,7 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) timeval *= 60; break; case 's': /* time in seconds */ -<<<<<<< HEAD - default: -======= default: ->>>>>>> upstream/4.5.1 break; } return timeval; @@ -757,8 +575,6 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) return def; } -<<<<<<< HEAD -======= METHOD(settings_t, get_time, u_int32_t, private_settings_t *this, char *key, u_int32_t def, ...) { @@ -828,7 +644,6 @@ METHOD(settings_t, set_time, void, va_end(args); } ->>>>>>> upstream/4.5.1 /** * Enumerate section names, not sections */ @@ -838,42 +653,24 @@ static bool section_filter(void *null, section_t **in, char **out) return TRUE; } -<<<<<<< HEAD -/** - * Implementation of settings_t.create_section_enumerator - */ -static enumerator_t* create_section_enumerator(private_settings_t *this, - char *key, ...) -======= METHOD(settings_t, create_section_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) ->>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); -<<<<<<< HEAD - section = find_section(this->top, key, args); -======= section = find_section(this, this->top, key, args); ->>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } -<<<<<<< HEAD - return enumerator_create_filter( - section->sections->create_enumerator(section->sections), - (void*)section_filter, NULL, NULL); -======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->sections->create_enumerator(section->sections), (void*)section_filter, this->lock, (void*)this->lock->unlock); ->>>>>>> upstream/4.5.1 } /** @@ -887,53 +684,24 @@ static bool kv_filter(void *null, kv_t **in, char **key, return TRUE; } -<<<<<<< HEAD -/** - * Implementation of settings_t.create_key_value_enumerator - */ -static enumerator_t* create_key_value_enumerator(private_settings_t *this, - char *key, ...) -======= METHOD(settings_t, create_key_value_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) ->>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); -<<<<<<< HEAD - section = find_section(this->top, key, args); -======= section = find_section(this, this->top, key, args); ->>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } -<<<<<<< HEAD - return enumerator_create_filter( - section->kv->create_enumerator(section->kv), - (void*)kv_filter, NULL, NULL); -} - -/** - * destroy a section - */ -static void section_destroy(section_t *this) -{ - this->kv->destroy_function(this->kv, free); - this->sections->destroy_function(this->sections, (void*)section_destroy); - - free(this); -======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->kv->create_enumerator(section->kv), (void*)kv_filter, this->lock, (void*)this->lock->unlock); ->>>>>>> upstream/4.5.1 } /** @@ -1011,26 +779,6 @@ static char parse(char **text, char *skip, char *term, char *br, char **token) } /** -<<<<<<< HEAD - * Parse a section - */ -static section_t* parse_section(char **text, char *name) -{ - section_t *sub, *section; - bool finished = FALSE; - char *key, *value, *inner; - - static int lev = 0; - lev++; - - section = malloc_thing(section_t); - section->name = name; - section->sections = linked_list_create(); - section->kv = linked_list_create(); - - while (!finished) - { -======= * Check if "text" starts with "pattern". * Characters in "skip" are skipped first. If found, TRUE is returned and "text" * is modified to point to the character right after "pattern". @@ -1101,20 +849,11 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } continue; } ->>>>>>> upstream/4.5.1 switch (parse(text, "\t\n ", "{=#", NULL, &key)) { case '{': if (parse(text, "\t ", "}", "{", &inner)) { -<<<<<<< HEAD - sub = parse_section(&inner, key); - if (sub) - { - section->sections->insert_last(section->sections, sub); - continue; - } -======= section_t *sub; if (!strlen(key)) { @@ -1144,19 +883,12 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } DBG1(DBG_LIB, "parsing subsection '%s' failed", key); break; ->>>>>>> upstream/4.5.1 } DBG1(DBG_LIB, "matching '}' not found near %s", *text); break; case '=': if (parse(text, "\t ", "\n", NULL, &value)) { -<<<<<<< HEAD - kv_t *kv = malloc_thing(kv_t); - kv->key = key; - kv->value = value; - section->kv->insert_last(section->kv, kv); -======= kv_t *kv; if (!strlen(key)) { @@ -1175,7 +907,6 @@ static bool parse_section(linked_list_t *contents, char *file, int level, { /* replace with the most recently read value */ kv->value = value; } ->>>>>>> upstream/4.5.1 continue; } DBG1(DBG_LIB, "parsing value failed near %s", *text); @@ -1187,80 +918,6 @@ static bool parse_section(linked_list_t *contents, char *file, int level, finished = TRUE; continue; } -<<<<<<< HEAD - section_destroy(section); - return NULL; - } - return section; -} - -/** - * Implementation of settings_t.destroy - */ -static void destroy(private_settings_t *this) -{ - if (this->top) - { - section_destroy(this->top); - } - free(this->text); - free(this); -} - -/* - * see header file - */ -settings_t *settings_create(char *file) -{ - private_settings_t *this; - char *pos; - FILE *fd; - int len; - - this = malloc_thing(private_settings_t); - this->public.get_str = (char*(*)(settings_t*, char *key, char* def, ...))get_str; - this->public.get_int = (int(*)(settings_t*, char *key, int def, ...))get_int; - this->public.get_double = (double(*)(settings_t*, char *key, double def, ...))get_double; - this->public.get_time = (u_int32_t(*)(settings_t*, char *key, u_int32_t def, ...))get_time; - this->public.get_bool = (bool(*)(settings_t*, char *key, bool def, ...))get_bool; - this->public.create_section_enumerator = (enumerator_t*(*)(settings_t*,char *section, ...))create_section_enumerator; - this->public.create_key_value_enumerator = (enumerator_t*(*)(settings_t*, char *key, ...))create_key_value_enumerator; - this->public.destroy = (void(*)(settings_t*))destroy; - - this->top = NULL; - this->text = NULL; - - if (file == NULL) - { - file = STRONGSWAN_CONF; - } - fd = fopen(file, "r"); - if (fd == NULL) - { - DBG1(DBG_LIB, "'%s' does not exist or is not readable", file); - return &this->public; - } - fseek(fd, 0, SEEK_END); - len = ftell(fd); - rewind(fd); - this->text = malloc(len + 1); - this->text[len] = '\0'; - if (fread(this->text, 1, len, fd) != len) - { - free(this->text); - this->text = NULL; - return &this->public; - } - fclose(fd); - - pos = this->text; - this->top = parse_section(&pos, NULL); - if (this->top == NULL) - { - free(this->text); - this->text = NULL; - } -======= return FALSE; } return TRUE; @@ -1274,14 +931,30 @@ static bool parse_file(linked_list_t *contents, char *file, int level, { bool success; char *text, *pos; + struct stat st; FILE *fd; int len; DBG2(DBG_LIB, "loading config file '%s'", file); + if (stat(file, &st) == -1) + { + if (errno == ENOENT) + { + DBG2(DBG_LIB, "'%s' does not exist, ignored", file); + return TRUE; + } + DBG1(DBG_LIB, "failed to stat '%s': %s", file, strerror(errno)); + return FALSE; + } + else if (!S_ISREG(st.st_mode)) + { + DBG1(DBG_LIB, "'%s' is not a regular file", file); + return FALSE; + } fd = fopen(file, "r"); if (fd == NULL) { - DBG1(DBG_LIB, "'%s' does not exist or is not readable", file); + DBG1(DBG_LIB, "'%s' is not readable", file); return FALSE; } fseek(fd, 0, SEEK_END); @@ -1310,16 +983,15 @@ static bool parse_file(linked_list_t *contents, char *file, int level, } /** - * Load the files matching "pattern", which is resolved with glob(3). + * Load the files matching "pattern", which is resolved with glob(3), if + * available. * If the pattern is relative, the directory of "file" is used as base. */ static bool parse_files(linked_list_t *contents, char *file, int level, char *pattern, section_t *section) { bool success = TRUE; - int status; - glob_t buf; - char **expanded, pat[PATH_MAX]; + char pat[PATH_MAX]; if (level > MAX_INCLUSION_LEVEL) { @@ -1354,28 +1026,39 @@ static bool parse_files(linked_list_t *contents, char *file, int level, } free(dir); } - status = glob(pat, GLOB_ERR, NULL, &buf); - if (status == GLOB_NOMATCH) - { - DBG2(DBG_LIB, "no files found matching '%s', ignored", pat); - } - else if (status != 0) - { - DBG1(DBG_LIB, "expanding file pattern '%s' failed", pat); - success = FALSE; - } - else +#ifdef HAVE_GLOB_H { - for (expanded = buf.gl_pathv; *expanded != NULL; expanded++) + int status; + glob_t buf; + + status = glob(pat, GLOB_ERR, NULL, &buf); + if (status == GLOB_NOMATCH) + { + DBG2(DBG_LIB, "no files found matching '%s', ignored", pat); + } + else if (status != 0) + { + DBG1(DBG_LIB, "expanding file pattern '%s' failed", pat); + success = FALSE; + } + else { - success &= parse_file(contents, *expanded, level + 1, section); - if (!success) + char **expanded; + for (expanded = buf.gl_pathv; *expanded != NULL; expanded++) { - break; + success &= parse_file(contents, *expanded, level + 1, section); + if (!success) + { + break; + } } } + globfree(&buf); } - globfree(&buf); +#else /* HAVE_GLOB_H */ + /* if glob(3) is not available, try to load pattern directly */ + success = parse_file(contents, pat, level + 1, section); +#endif /* HAVE_GLOB_H */ return success; } @@ -1430,12 +1113,17 @@ static void section_extend(section_t *base, section_t *extension) * All files (even included ones) have to be loaded successfully. */ static bool load_files_internal(private_settings_t *this, section_t *parent, - char *pattern) + char *pattern, bool merge) { char *text; linked_list_t *contents = linked_list_create(); section_t *section = section_create(NULL); + if (pattern == NULL) + { + pattern = STRONGSWAN_CONF; + } + if (!parse_files(contents, NULL, 0, pattern, section)) { contents->destroy_function(contents, (void*)free); @@ -1444,6 +1132,10 @@ static bool load_files_internal(private_settings_t *this, section_t *parent, } this->lock->write_lock(this->lock); + if (!merge) + { + section_purge(parent); + } /* extend parent section */ section_extend(parent, section); /* move contents of loaded files to main store */ @@ -1459,13 +1151,13 @@ static bool load_files_internal(private_settings_t *this, section_t *parent, } METHOD(settings_t, load_files, bool, - private_settings_t *this, char *pattern) + private_settings_t *this, char *pattern, bool merge) { - return load_files_internal(this, this->top, pattern); + return load_files_internal(this, this->top, pattern, merge); } METHOD(settings_t, load_files_section, bool, - private_settings_t *this, char *pattern, char *key, ...) + private_settings_t *this, char *pattern, bool merge, char *key, ...) { section_t *section; va_list args; @@ -1478,7 +1170,7 @@ METHOD(settings_t, load_files_section, bool, { return FALSE; } - return load_files_internal(this, section, pattern); + return load_files_internal(this, section, pattern, merge); } METHOD(settings_t, destroy, void, @@ -1520,14 +1212,8 @@ settings_t *settings_create(char *file) .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); - if (file == NULL) - { - file = STRONGSWAN_CONF; - } - - load_files(this, file); + load_files(this, file, FALSE); ->>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index 9da217630..9ccd02327 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -1,8 +1,5 @@ /* -<<<<<<< HEAD -======= * Copyright (C) 2010 Tobias Brunner ->>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -31,16 +28,6 @@ typedef struct settings_t settings_t; #include "utils/enumerator.h" /** -<<<<<<< HEAD - * Generic configuration options read from a config file. - * - * The syntax is quite simple: - * - * settings := (section|keyvalue)* - * section := name { settings } - * keyvalue := key = value\n - * -======= * Convert a string value returned by a key/value enumerator to a boolean. * * @see settings_t.create_key_value_enumerator() @@ -89,7 +76,6 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * section := name { settings } * keyvalue := key = value\n * @endcode ->>>>>>> upstream/4.5.1 * E.g.: * @code a = b @@ -109,8 +95,6 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * * Currently only a limited set of printf format specifiers are supported * (namely %s, %d and %N, see implementation for details). -<<<<<<< HEAD -======= * * \section includes Including other files * Other files can be included, using the include statement e.g. @@ -156,7 +140,6 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); section-two { } @endcode ->>>>>>> upstream/4.5.1 */ struct settings_t { @@ -211,8 +194,6 @@ struct settings_t { u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...); /** -<<<<<<< HEAD -======= * Set a string value. * * @param key key including sections, printf style format @@ -258,7 +239,6 @@ struct settings_t { void (*set_time)(settings_t *this, char *key, u_int32_t value, ...); /** ->>>>>>> upstream/4.5.1 * Create an enumerator over subsection names of a section. * * @param section section including parents, printf style format @@ -272,37 +252,34 @@ struct settings_t { * Create an enumerator over key/value pairs in a section. * * @param section section name to list key/value pairs of, printf style -<<<<<<< HEAD - * @param ... argmuent list for section -======= * @param ... argument list for section ->>>>>>> upstream/4.5.1 * @return enumerator over (char *key, char *value) */ enumerator_t* (*create_key_value_enumerator)(settings_t *this, char *section, ...); /** -<<<<<<< HEAD -======= * Load settings from the files matching the given pattern. * - * Existing sections are extended, existing values replaced, by those found - * in the loaded files. + * If merge is TRUE, existing sections are extended, existing values + * replaced, by those found in the loaded files. If it is FALSE, existing + * sections are purged before reading the new config. * * @note If any of the files matching the pattern fails to load, no settings * are added at all. So, it's all or nothing. * * @param pattern file pattern + * @param merge TRUE to merge config with existing values * @return TRUE, if settings were loaded successfully */ - bool (*load_files)(settings_t *this, char *pattern); + bool (*load_files)(settings_t *this, char *pattern, bool merge); /** * Load settings from the files matching the given pattern. * - * Existing sections are extended, existing values replaced, by those found - * in the loaded files. + * If merge is TRUE, existing sections are extended, existing values + * replaced, by those found in the loaded files. If it is FALSE, existing + * sections are purged before reading the new config. * * All settings are loaded relative to the given section. The section is * created, if it does not yet exist. @@ -311,15 +288,15 @@ struct settings_t { * are added at all. So, it's all or nothing. * * @param pattern file pattern + * @param merge TRUE to merge config with existing values * @param section section name of parent section, printf style * @param ... argument list for section * @return TRUE, if settings were loaded successfully */ - bool (*load_files_section)(settings_t *this, char *pattern, + bool (*load_files_section)(settings_t *this, char *pattern, bool merge, char *section, ...); /** ->>>>>>> upstream/4.5.1 * Destroy a settings instance. */ void (*destroy)(settings_t *this); diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index 3751bb749..fcc0019d8 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -205,6 +205,7 @@ static void *join(private_thread_t *this) { pthread_t thread_id; void *val; + this->mutex->lock(this->mutex); if (pthread_equal(this->thread_id, pthread_self())) { @@ -231,6 +232,7 @@ static void *join(private_thread_t *this) this->mutex->unlock(this->mutex); } pthread_join(thread_id, &val); + return val; } @@ -240,6 +242,7 @@ static void *join(private_thread_t *this) static private_thread_t *thread_create_internal() { private_thread_t *this = malloc_thing(private_thread_t); + this->public.cancel = (void(*)(thread_t*))cancel; this->public.kill = (void(*)(thread_t*,int))_kill; this->public.detach = (void(*)(thread_t*))detach; @@ -281,11 +284,13 @@ static void thread_cleanup(private_thread_t *this) static void *thread_main(private_thread_t *this) { void *res; + sem_wait(&this->created); current_thread->set(current_thread, this); pthread_cleanup_push((thread_cleanup_t)thread_cleanup, this); res = this->main(this->arg); pthread_cleanup_pop(TRUE); + return res; } @@ -295,6 +300,7 @@ static void *thread_main(private_thread_t *this) thread_t *thread_create(thread_main_t main, void *arg) { private_thread_t *this = thread_create_internal(); + this->main = main; this->arg = arg; if (pthread_create(&this->thread_id, NULL, (void*)thread_main, this) != 0) @@ -308,6 +314,7 @@ thread_t *thread_create(thread_main_t main, void *arg) this->id = next_id++; id_mutex->unlock(id_mutex); sem_post(&this->created); + return &this->public; } @@ -325,7 +332,8 @@ thread_t *thread_current() u_int thread_current_id() { private_thread_t *this = (private_thread_t*)thread_current(); - return this->id; + + return this ? this->id : 0; } /** @@ -335,6 +343,7 @@ void thread_cleanup_push(thread_cleanup_t cleanup, void *arg) { private_thread_t *this = (private_thread_t*)thread_current(); cleanup_handler_t *handler; + this->mutex->lock(this->mutex); handler = malloc_thing(cleanup_handler_t); handler->cleanup = cleanup; @@ -350,6 +359,7 @@ void thread_cleanup_pop(bool execute) { private_thread_t *this = (private_thread_t*)thread_current(); cleanup_handler_t *handler; + this->mutex->lock(this->mutex); if (this->cleanup_handlers->remove_last(this->cleanup_handlers, (void**)&handler) != SUCCESS) @@ -374,14 +384,18 @@ bool thread_cancelability(bool enable) { #ifdef HAVE_PTHREAD_CANCEL int old; + pthread_setcancelstate(enable ? PTHREAD_CANCEL_ENABLE : PTHREAD_CANCEL_DISABLE, &old); + return old == PTHREAD_CANCEL_ENABLE; #else sigset_t new, old; + sigemptyset(&new); sigaddset(&new, SIG_CANCEL); pthread_sigmask(enable ? SIG_UNBLOCK : SIG_BLOCK, &new, &old); + return sigismember(&old, SIG_CANCEL) == 0; #endif /* HAVE_PTHREAD_CANCEL */ } @@ -392,6 +406,7 @@ bool thread_cancelability(bool enable) void thread_cancellation_point() { bool old = thread_cancelability(TRUE); + #ifdef HAVE_PTHREAD_CANCEL pthread_testcancel(); #endif /* HAVE_PTHREAD_CANCEL */ @@ -412,6 +427,7 @@ void thread_exit(void *val) void threads_init() { private_thread_t *main_thread = thread_create_internal(); + main_thread->id = 0; main_thread->thread_id = pthread_self(); current_thread = thread_value_create(NULL); @@ -434,6 +450,7 @@ void threads_init() void threads_deinit() { private_thread_t *main_thread = (private_thread_t*)thread_current(); + main_thread->mutex->lock(main_thread->mutex); thread_destroy(main_thread); current_thread->destroy(current_thread); diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index 357858c9e..6ffb62aaf 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -102,6 +102,14 @@ void memxor(u_int8_t dst[], u_int8_t src[], size_t n) /** * Described in header. */ +void memwipe_noinline(void *ptr, size_t n) +{ + memwipe_inline(ptr, n); +} + +/** + * Described in header. + */ void *memstr(const void *haystack, const char *needle, size_t n) { unsigned const char *pos = haystack; @@ -247,8 +255,6 @@ bool return_false() } /** -<<<<<<< HEAD -======= * returns FAILED */ status_t return_failed() @@ -257,7 +263,6 @@ status_t return_failed() } /** ->>>>>>> upstream/4.5.1 * nop operation */ void nop() @@ -290,7 +295,7 @@ bool ref_put(refcount_t *ref) bool more_refs; pthread_mutex_lock(&ref_mutex); - more_refs = --(*ref); + more_refs = --(*ref) > 0; pthread_mutex_unlock(&ref_mutex); return !more_refs; } diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index e07af53aa..a334954ae 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -57,11 +57,7 @@ #define streq(x,y) (strcmp(x, y) == 0) /** -<<<<<<< HEAD - * Macro compares two strings for equality -======= * Macro compares two strings for equality, length limited ->>>>>>> upstream/4.5.1 */ #define strneq(x,y,len) (strncmp(x, y, len) == 0) @@ -71,8 +67,6 @@ #define strcaseeq(x,y) (strcasecmp(x, y) == 0) /** -<<<<<<< HEAD -======= * Macro compares two strings for equality ignoring case, length limited */ #define strncaseeq(x,y,len) (strncasecmp(x, y, len) == 0) @@ -83,7 +77,6 @@ #define strdupnull(x) ({ char *_x = x; _x ? strdup(_x) : NULL; }) /** ->>>>>>> upstream/4.5.1 * Macro compares two binary blobs for equality */ #define memeq(x,y,len) (memcmp(x, y, len) == 0) @@ -344,6 +337,51 @@ void *clalloc(void *pointer, size_t size); void memxor(u_int8_t dest[], u_int8_t src[], size_t n); /** + * Safely overwrite n bytes of memory at ptr with zero, non-inlining variant. + */ +void memwipe_noinline(void *ptr, size_t n); + +/** + * Safely overwrite n bytes of memory at ptr with zero, inlining variant. + */ +static inline void memwipe_inline(void *ptr, size_t n) +{ + volatile char *c = (volatile char*)ptr; + int m, i; + + /* byte wise until long aligned */ + for (i = 0; (uintptr_t)&c % sizeof(long) && i < n; i++) + { + c[i] = 0; + } + /* word wize */ + for (m = n - sizeof(long); i <= m; i += sizeof(long)) + { + *(volatile long*)&c[i] = 0; + } + /* byte wise of the rest */ + for (; i < n; i++) + { + c[i] = 0; + } +} + +/** + * Safely overwrite n bytes of memory at ptr with zero, auto-inlining variant. + */ +static inline void memwipe(void *ptr, size_t n) +{ + if (__builtin_constant_p(n)) + { + memwipe_inline(ptr, n); + } + else + { + memwipe_noinline(ptr, n); + } +} + +/** * A variant of strstr with the characteristics of memchr, where haystack is not * a null-terminated string but simply a memory area of length n. */ @@ -399,14 +437,11 @@ bool return_true(); bool return_false(); /** -<<<<<<< HEAD -======= * returns FAILED */ status_t return_failed(); /** ->>>>>>> upstream/4.5.1 * Write a 16-bit host order value in network order to an unaligned address. * * @param host host order 16-bit value diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 5f1318b9a..5744439f8 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -80,7 +80,7 @@ static void log_(private_backtrace_t *this, FILE *file, bool detailed) } if (info.dli_sname) { - fprintf(file, " \e[33m%s\e[0m @ %p (\e[31m%s\e[0m+0x%x) [%p]\n", + fprintf(file, " \e[33m%s\e[0m @ %p (\e[31m%s\e[0m+0x%tx) [%p]\n", info.dli_fname, info.dli_fbase, info.dli_sname, this->frames[i] - info.dli_saddr, this->frames[i]); } @@ -132,18 +132,11 @@ static void log_(private_backtrace_t *this, FILE *file, bool detailed) /** * Implementation of backtrace_t.contains_function */ -<<<<<<< HEAD -static bool contains_function(private_backtrace_t *this, char *function) -{ -#ifdef HAVE_DLADDR - int i; -======= static bool contains_function(private_backtrace_t *this, char *function[], int count) { #ifdef HAVE_DLADDR int i, j; ->>>>>>> upstream/4.5.1 for (i = 0; i< this->frame_count; i++) { @@ -151,18 +144,12 @@ static bool contains_function(private_backtrace_t *this, if (dladdr(this->frames[i], &info) && info.dli_sname) { -<<<<<<< HEAD - if (streq(info.dli_sname, function)) - { - return TRUE; -======= for (j = 0; j < count; j++) { if (streq(info.dli_sname, function[j])) { return TRUE; } ->>>>>>> upstream/4.5.1 } } } @@ -196,11 +183,7 @@ backtrace_t *backtrace_create(int skip) this->frame_count = frame_count; this->public.log = (void(*)(backtrace_t*,FILE*,bool))log_; -<<<<<<< HEAD - this->public.contains_function = (bool(*)(backtrace_t*, char *function))contains_function; -======= this->public.contains_function = (bool(*)(backtrace_t*, char *function[], int count))contains_function; ->>>>>>> upstream/4.5.1 this->public.destroy = (void(*)(backtrace_t*))destroy; return &this->public; diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index 712122afb..e8ccfc1bd 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -41,14 +41,6 @@ struct backtrace_t { void (*log)(backtrace_t *this, FILE *file, bool detailed); /** -<<<<<<< HEAD - * Check if the backtrace contains a frame in a specific function. - * - * @param function name - * @return TRUE if function is in the stack - */ - bool (*contains_function)(backtrace_t *this, char *function); -======= * Check if the backtrace contains a frame having a function in a list. * * @param function name array @@ -56,7 +48,6 @@ struct backtrace_t { * @return TRUE if one of the functions is in the stack */ bool (*contains_function)(backtrace_t *this, char *function[], int count); ->>>>>>> upstream/4.5.1 /** * Destroy a backtrace instance. diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c index 9a0f92b3c..49b0bb68c 100644 --- a/src/libstrongswan/utils/hashtable.c +++ b/src/libstrongswan/utils/hashtable.c @@ -186,11 +186,7 @@ static void rehash(private_hashtable_t *this) linked_list_t **old_table; u_int row, old_capacity; -<<<<<<< HEAD - if (this->capacity < MAX_CAPACITY) -======= if (this->capacity >= MAX_CAPACITY) ->>>>>>> upstream/4.5.1 { return; } @@ -253,10 +249,7 @@ METHOD(hashtable_t, put, void*, { old_value = pair->value; pair->value = value; -<<<<<<< HEAD -======= pair->key = key; ->>>>>>> upstream/4.5.1 break; } } diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index 1fba6a587..615d85c95 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -476,13 +476,10 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) { return host_create_any_port(af ? af : AF_INET6, port); } -<<<<<<< HEAD -======= if (af == AF_INET && strchr(string, ':')) { /* do not try to convert v6 addresses for v4 family */ return NULL; } ->>>>>>> upstream/4.5.1 memset(&hints, 0, sizeof(hints)); hints.ai_family = af; @@ -571,8 +568,6 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) /* * Described in header. */ -<<<<<<< HEAD -======= host_t *host_create_from_subnet(char *string, int *bits) { char *pos, buf[64]; @@ -608,7 +603,6 @@ host_t *host_create_from_subnet(char *string, int *bits) /* * Described in header. */ ->>>>>>> upstream/4.5.1 host_t *host_create_any(int family) { private_host_t *this = host_create_empty(); @@ -631,5 +625,6 @@ host_t *host_create_any(int family) default: break; } + free(this); return NULL; } diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h index b9cd81148..0a1be6e47 100644 --- a/src/libstrongswan/utils/host.h +++ b/src/libstrongswan/utils/host.h @@ -190,8 +190,6 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port); host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); /** -<<<<<<< HEAD -======= * Create a host from a CIDR subnet definition (1.2.3.0/24), return bits. * * @param string string to parse @@ -201,7 +199,6 @@ host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); host_t *host_create_from_subnet(char *string, int *bits); /** ->>>>>>> upstream/4.5.1 * Create a host without an address, a "any" host. * * @param family family of the any host diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index facf9f6de..252cfa28e 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -64,32 +64,34 @@ typedef struct { } x501rdn_t; static const x501rdn_t x501rdns[] = { - {"ND", OID_NAME_DISTINGUISHER, ASN1_PRINTABLESTRING}, - {"UID", OID_PILOT_USERID, ASN1_PRINTABLESTRING}, - {"DC", OID_PILOT_DOMAIN_COMPONENT, ASN1_PRINTABLESTRING}, - {"CN", OID_COMMON_NAME, ASN1_PRINTABLESTRING}, - {"S", OID_SURNAME, ASN1_PRINTABLESTRING}, - {"SN", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, - {"serialNumber", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, - {"C", OID_COUNTRY, ASN1_PRINTABLESTRING}, - {"L", OID_LOCALITY, ASN1_PRINTABLESTRING}, - {"ST", OID_STATE_OR_PROVINCE, ASN1_PRINTABLESTRING}, - {"O", OID_ORGANIZATION, ASN1_PRINTABLESTRING}, - {"OU", OID_ORGANIZATION_UNIT, ASN1_PRINTABLESTRING}, - {"T", OID_TITLE, ASN1_PRINTABLESTRING}, - {"D", OID_DESCRIPTION, ASN1_PRINTABLESTRING}, - {"N", OID_NAME, ASN1_PRINTABLESTRING}, - {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, - {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, - {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, - {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, - {"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, - {"E", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, - {"Email", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, - {"emailAddress", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, - {"UN", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, - {"unstructuredName",OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, - {"TCGID", OID_TCGID, ASN1_PRINTABLESTRING} + {"ND", OID_NAME_DISTINGUISHER, ASN1_PRINTABLESTRING}, + {"UID", OID_PILOT_USERID, ASN1_PRINTABLESTRING}, + {"DC", OID_PILOT_DOMAIN_COMPONENT, ASN1_PRINTABLESTRING}, + {"CN", OID_COMMON_NAME, ASN1_PRINTABLESTRING}, + {"S", OID_SURNAME, ASN1_PRINTABLESTRING}, + {"SN", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, + {"serialNumber", OID_SERIAL_NUMBER, ASN1_PRINTABLESTRING}, + {"C", OID_COUNTRY, ASN1_PRINTABLESTRING}, + {"L", OID_LOCALITY, ASN1_PRINTABLESTRING}, + {"ST", OID_STATE_OR_PROVINCE, ASN1_PRINTABLESTRING}, + {"O", OID_ORGANIZATION, ASN1_PRINTABLESTRING}, + {"OU", OID_ORGANIZATION_UNIT, ASN1_PRINTABLESTRING}, + {"T", OID_TITLE, ASN1_PRINTABLESTRING}, + {"D", OID_DESCRIPTION, ASN1_PRINTABLESTRING}, + {"N", OID_NAME, ASN1_PRINTABLESTRING}, + {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, + {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, + {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, + {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, + {"employeeNumber", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, + {"E", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"Email", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"emailAddress", OID_EMAIL_ADDRESS, ASN1_IA5STRING}, + {"UN", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, + {"unstructuredName", OID_UNSTRUCTURED_NAME, ASN1_IA5STRING}, + {"UA", OID_UNSTRUCTURED_ADDRESS, ASN1_PRINTABLESTRING}, + {"unstructuredAddress", OID_UNSTRUCTURED_ADDRESS, ASN1_PRINTABLESTRING}, + {"TCGID", OID_TCGID, ASN1_PRINTABLESTRING} }; /** @@ -281,20 +283,13 @@ static void dntoa(chunk_t dn, char *buf, size_t len) chunk_t oid_data, data, printable; u_char type; int oid, written; -<<<<<<< HEAD - bool finished = FALSE; -======= bool finished = FALSE, empty = TRUE; ->>>>>>> upstream/4.5.1 e = create_rdn_enumerator(dn); while (e->enumerate(e, &oid_data, &type, &data)) { -<<<<<<< HEAD -======= empty = FALSE; ->>>>>>> upstream/4.5.1 oid = asn1_known_oid(oid_data); if (oid == OID_UNKNOWN) @@ -338,15 +333,11 @@ static void dntoa(chunk_t dn, char *buf, size_t len) break; } } -<<<<<<< HEAD - if (!finished) -======= if (empty) { snprintf(buf, len, ""); } else if (!finished) ->>>>>>> upstream/4.5.1 { snprintf(buf, len, "(invalid ID_DER_ASN1_DN)"); } diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index ef2ea8e14..39505d3f3 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -165,6 +165,7 @@ char *whitelist[] = { "__gmtime_r", "localtime_r", "tzset", + "time_printf_hook", "inet_ntoa", "strerror", "getprotobyname", @@ -190,6 +191,7 @@ char *whitelist[] = { "dlopen", "dlerror", "dlclose", + "dlsym", /* mysql functions */ "mysql_init_character_set", "init_client_errs", @@ -218,27 +220,6 @@ char *whitelist[] = { "gcry_create_nonce", /* NSPR */ "PR_CallOnce", -<<<<<<< HEAD -}; - -/** - * check if a stack frame contains functions listed above - */ -static bool is_whitelisted(backtrace_t *backtrace) -{ - int i; - for (i = 0; i < sizeof(whitelist)/sizeof(char*); i++) - { - if (backtrace->contains_function(backtrace, whitelist[i])) - { - return TRUE; - } - } - return FALSE; -} - -/** -======= /* libapr */ "apr_pool_create_ex", /* glib */ @@ -256,7 +237,6 @@ static bool is_whitelisted(backtrace_t *backtrace) }; /** ->>>>>>> upstream/4.5.1 * Report leaks at library destruction */ static void report(private_leak_detective_t *this, bool detailed) @@ -268,12 +248,8 @@ static void report(private_leak_detective_t *this, bool detailed) for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) { -<<<<<<< HEAD - if (is_whitelisted(hdr->backtrace)) -======= if (hdr->backtrace->contains_function(hdr->backtrace, whitelist, countof(whitelist))) ->>>>>>> upstream/4.5.1 { whitelisted++; } diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c index 4aa8ea6ca..9b37359dc 100644 --- a/src/libstrongswan/utils/linked_list.c +++ b/src/libstrongswan/utils/linked_list.c @@ -289,6 +289,7 @@ static void insert_before(private_iterator_t * iterator, void *item) if (iterator->current == NULL) { iterator->list->public.insert_first(&(iterator->list->public), item); + return; } element_t *element = element_create(item); diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index fe3d37966..e51780290 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -61,16 +61,8 @@ struct private_options_t { char *buffers[MAX_USES]; }; -<<<<<<< HEAD -/** - * Defined in header - */ -bool from(private_options_t *this, char *filename, int *argcp, char **argvp[], - int optind) -======= METHOD(options_t, from, bool, private_options_t *this, char *filename, int *argcp, char **argvp[], int optind) ->>>>>>> upstream/4.5.1 { int newargc; int next; /* place for next argument */ @@ -187,15 +179,8 @@ METHOD(options_t, from, bool, return good; } -<<<<<<< HEAD -/** - * Defined in header - */ -void destroy(private_options_t *this) -======= METHOD(options_t, destroy, void, private_options_t *this) ->>>>>>> upstream/4.5.1 { while (this->nuses >= 0) { @@ -210,19 +195,6 @@ METHOD(options_t, destroy, void, */ options_t *options_create(void) { -<<<<<<< HEAD - private_options_t *this = malloc_thing(private_options_t); - - /* initialize */ - this->newargv = NULL; - this->room = 0; - this->nuses = -1; - memset(this->buffers, '\0', MAX_USES); - - /* public functions */ - this->public.from = (bool (*) (options_t*,char*,int*,char***,int))from; - this->public.destroy = (void (*) (options_t*))destroy; -======= private_options_t *this; INIT(this, @@ -233,7 +205,6 @@ options_t *options_create(void) }, .nuses = -1, ); ->>>>>>> upstream/4.5.1 return &this->public; } |