summaryrefslogtreecommitdiff
path: root/src/libstrongswan
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan')
-rw-r--r--src/libstrongswan/Makefile.am44
-rw-r--r--src/libstrongswan/Makefile.in703
-rw-r--r--src/libstrongswan/asn1/asn1.c102
-rw-r--r--src/libstrongswan/asn1/asn1.h14
-rw-r--r--src/libstrongswan/asn1/oid.c385
-rw-r--r--src/libstrongswan/asn1/oid.h63
-rw-r--r--src/libstrongswan/asn1/oid.txt5
-rwxr-xr-xsrc/libstrongswan/asn1/pem.c4
-rw-r--r--src/libstrongswan/asn1/ttodata.c185
-rw-r--r--src/libstrongswan/chunk.c57
-rw-r--r--src/libstrongswan/chunk.h10
-rwxr-xr-xsrc/libstrongswan/credential_store.h43
-rw-r--r--src/libstrongswan/crypto/ac.c239
-rw-r--r--src/libstrongswan/crypto/ac.h37
-rwxr-xr-xsrc/libstrongswan/crypto/crl.c19
-rwxr-xr-xsrc/libstrongswan/crypto/crl.h2
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.c293
-rw-r--r--src/libstrongswan/crypto/diffie_hellman.h69
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.c79
-rw-r--r--src/libstrongswan/crypto/hashers/hasher.h44
-rw-r--r--src/libstrongswan/crypto/hmac.h2
-rw-r--r--src/libstrongswan/crypto/ietf_attr_list.c405
-rw-r--r--src/libstrongswan/crypto/ietf_attr_list.h89
-rw-r--r--src/libstrongswan/crypto/ocsp.c16
-rw-r--r--src/libstrongswan/crypto/pkcs7.c710
-rw-r--r--src/libstrongswan/crypto/pkcs7.h132
-rw-r--r--src/libstrongswan/crypto/rsa/rsa_private_key.c307
-rw-r--r--src/libstrongswan/crypto/rsa/rsa_private_key.h67
-rw-r--r--src/libstrongswan/crypto/rsa/rsa_public_key.c326
-rw-r--r--src/libstrongswan/crypto/rsa/rsa_public_key.h43
-rw-r--r--src/libstrongswan/crypto/signers/hmac_signer.c45
-rw-r--r--src/libstrongswan/crypto/signers/signer.h6
-rwxr-xr-xsrc/libstrongswan/crypto/x509.c225
-rwxr-xr-xsrc/libstrongswan/crypto/x509.h76
-rw-r--r--src/libstrongswan/debug.c4
-rw-r--r--src/libstrongswan/debug.h3
-rw-r--r--src/libstrongswan/fips/fips.c103
-rw-r--r--src/libstrongswan/fips/fips.h47
-rw-r--r--src/libstrongswan/fips/fips_canister_end.c173
-rw-r--r--src/libstrongswan/fips/fips_canister_start.c174
-rw-r--r--src/libstrongswan/fips/fips_signer.c63
-rw-r--r--src/libstrongswan/library.h34
-rw-r--r--src/libstrongswan/utils/enumerator.c44
-rw-r--r--src/libstrongswan/utils/enumerator.h57
-rw-r--r--src/libstrongswan/utils/identification.c49
-rw-r--r--src/libstrongswan/utils/leak_detective.c3
-rw-r--r--src/libstrongswan/utils/linked_list.c108
-rw-r--r--src/libstrongswan/utils/linked_list.h46
-rw-r--r--src/libstrongswan/utils/optionsfrom.c148
-rw-r--r--src/libstrongswan/utils/optionsfrom.h37
50 files changed, 4491 insertions, 1448 deletions
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am
index 292abc0a4..e8859ad4c 100644
--- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am
@@ -1,6 +1,14 @@
lib_LTLIBRARIES = libstrongswan.la
-libstrongswan_la_SOURCES = \
+if USE_INTEGRITY_TEST
+ libstrongswan_la_SOURCES = \
+ fips/fips_canister_start.c \
+ fips/fips.c fips/fips.h
+else
+ libstrongswan_la_SOURCES =
+endif
+
+libstrongswan_la_SOURCES += \
credential_store.h \
library.c library.h \
chunk.c chunk.h \
@@ -16,15 +24,17 @@ crypto/ca.c crypto/ca.h \
crypto/certinfo.c crypto/certinfo.h \
crypto/crl.c crypto/crl.h \
crypto/crypters/crypter.c crypto/crypters/crypter.h \
-crypto/crypters/aes_cbc_crypter.c crypto/crypters/aes_cbc_crypter.h\
-crypto/crypters/des_crypter.c crypto/crypters/des_crypter.h\
+crypto/crypters/aes_cbc_crypter.c crypto/crypters/aes_cbc_crypter.h \
+crypto/crypters/des_crypter.c crypto/crypters/des_crypter.h \
crypto/diffie_hellman.c crypto/diffie_hellman.h \
crypto/hashers/hasher.h crypto/hashers/hasher.c \
crypto/hashers/sha1_hasher.c crypto/hashers/sha1_hasher.h \
crypto/hashers/sha2_hasher.c crypto/hashers/sha2_hasher.h \
crypto/hashers/md5_hasher.c crypto/hashers/md5_hasher.h \
crypto/hmac.c crypto/hmac.h \
+crypto/ietf_attr_list.c crypto/ietf_attr_list.h \
crypto/ocsp.c crypto/ocsp.h \
+crypto/pkcs7.c crypto/pkcs7.h \
crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
crypto/prfs/prf.c crypto/prfs/prf.h \
@@ -41,14 +51,18 @@ utils/iterator.h \
utils/leak_detective.c utils/leak_detective.h \
utils/lexparser.c utils/lexparser.h \
utils/linked_list.c utils/linked_list.h \
+utils/enumerator.c utils/enumerator.h \
+utils/optionsfrom.c utils/optionsfrom.h \
utils/randomizer.c utils/randomizer.h
+if USE_INTEGRITY_TEST
+ libstrongswan_la_SOURCES += \
+ fips/fips_canister_end.c
+endif
+
libstrongswan_la_LIBADD = -lgmp -lpthread
INCLUDES = -I$(top_srcdir)/src/libstrongswan
-EXTRA_DIST = asn1/oid.txt asn1/oid.pl
-BUILT_SOURCES = asn1/oid.c asn1/oid.h
-MAINTAINERCLEANFILES = asn1/oid.c asn1/oid.h
if USE_LEAK_DETECTIVE
libstrongswan_la_LIBADD += -ldl
@@ -63,8 +77,26 @@ if USE_LIBLDAP
libstrongswan_la_LIBADD += -lldap -llber
endif
+EXTRA_DIST = asn1/oid.txt asn1/oid.pl
+BUILT_SOURCES = asn1/oid.c asn1/oid.h
+MAINTAINERCLEANFILES = asn1/oid.c asn1/oid.h
+
asn1/oid.c : asn1/oid.txt asn1/oid.pl
cd asn1 && $(PERL) oid.pl
asn1/oid.h : asn1/oid.txt asn1/oid.pl
cd asn1 && $(PERL) oid.pl
+
+if USE_INTEGRITY_TEST
+# build fips_signer which in turn builds fips_signature.h
+#########################################################
+noinst_PROGRAMS = fips_signer
+fips_signer_SOURCES = fips/fips_signer.c
+fips_signer_LDADD = libstrongswan.la
+
+BUILT_SOURCES += fips_signature.h
+CLEANFILES = fips_signature.h fips_signer
+
+fips_signature.h : fips_signer
+ ./fips_signer
+endif
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index f1144144e..75d3dddd4 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -1,8 +1,8 @@
-# Makefile.in generated by automake 1.9.6 from Makefile.am.
+# Makefile.in generated by automake 1.10 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
-# 2003, 2004, 2005 Free Software Foundation, Inc.
+# 2003, 2004, 2005, 2006 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
@@ -14,15 +14,12 @@
@SET_MAKE@
-srcdir = @srcdir@
-top_srcdir = @top_srcdir@
+
VPATH = @srcdir@
pkgdatadir = $(datadir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
-top_builddir = ../..
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
-INSTALL = @INSTALL@
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
@@ -39,6 +36,8 @@ host_triplet = @host@
@USE_LEAK_DETECTIVE_TRUE@am__append_1 = -ldl
@USE_LIBCURL_TRUE@am__append_2 = -lcurl
@USE_LIBLDAP_TRUE@am__append_3 = -lldap -llber
+@USE_INTEGRITY_TEST_TRUE@noinst_PROGRAMS = fips_signer$(EXEEXT)
+@USE_INTEGRITY_TEST_TRUE@am__append_4 = fips_signature.h
subdir = src/libstrongswan
DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
@@ -59,43 +58,106 @@ LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
-am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \
- printf_hook.lo asn1.lo oid.lo pem.lo ttodata.lo ac.lo ca.lo \
- certinfo.lo crl.lo crypter.lo aes_cbc_crypter.lo \
- des_crypter.lo diffie_hellman.lo hasher.lo sha1_hasher.lo \
- sha2_hasher.lo md5_hasher.lo hmac.lo ocsp.lo fips_prf.lo \
- hmac_prf.lo prf.lo prf_plus.lo rsa_private_key.lo \
- rsa_public_key.lo hmac_signer.lo signer.lo x509.lo fetcher.lo \
- host.lo identification.lo leak_detective.lo lexparser.lo \
- linked_list.lo randomizer.lo
+am__libstrongswan_la_SOURCES_DIST = credential_store.h library.c \
+ library.h chunk.c chunk.h debug.c debug.h enum.c enum.h \
+ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h asn1/oid.c \
+ asn1/oid.h asn1/pem.c asn1/pem.h asn1/ttodata.c asn1/ttodata.h \
+ crypto/ac.c crypto/ac.h crypto/ca.c crypto/ca.h \
+ crypto/certinfo.c crypto/certinfo.h crypto/crl.c crypto/crl.h \
+ crypto/crypters/crypter.c crypto/crypters/crypter.h \
+ crypto/crypters/aes_cbc_crypter.c \
+ crypto/crypters/aes_cbc_crypter.h \
+ crypto/crypters/des_crypter.c crypto/crypters/des_crypter.h \
+ crypto/diffie_hellman.c crypto/diffie_hellman.h \
+ crypto/hashers/hasher.h crypto/hashers/hasher.c \
+ crypto/hashers/sha1_hasher.c crypto/hashers/sha1_hasher.h \
+ crypto/hashers/sha2_hasher.c crypto/hashers/sha2_hasher.h \
+ crypto/hashers/md5_hasher.c crypto/hashers/md5_hasher.h \
+ crypto/hmac.c crypto/hmac.h crypto/ietf_attr_list.c \
+ crypto/ietf_attr_list.h crypto/ocsp.c crypto/ocsp.h \
+ crypto/pkcs7.c crypto/pkcs7.h crypto/prfs/fips_prf.c \
+ crypto/prfs/fips_prf.h crypto/prfs/hmac_prf.c \
+ crypto/prfs/hmac_prf.h crypto/prfs/prf.c crypto/prfs/prf.h \
+ crypto/prf_plus.h crypto/prf_plus.c \
+ crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
+ crypto/rsa/rsa_public_key.h crypto/rsa/rsa_public_key.c \
+ crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
+ crypto/signers/signer.c crypto/signers/signer.h crypto/x509.c \
+ crypto/x509.h utils/fetcher.c utils/fetcher.h utils/host.c \
+ utils/host.h utils/identification.c utils/identification.h \
+ utils/iterator.h utils/leak_detective.c utils/leak_detective.h \
+ utils/lexparser.c utils/lexparser.h utils/linked_list.c \
+ utils/linked_list.h utils/enumerator.c utils/enumerator.h \
+ utils/optionsfrom.c utils/optionsfrom.h utils/randomizer.c \
+ utils/randomizer.h fips/fips_canister_start.c fips/fips.c \
+ fips/fips.h fips/fips_canister_end.c
+@USE_INTEGRITY_TEST_FALSE@am_libstrongswan_la_OBJECTS = library.lo \
+@USE_INTEGRITY_TEST_FALSE@ chunk.lo debug.lo enum.lo \
+@USE_INTEGRITY_TEST_FALSE@ printf_hook.lo asn1.lo oid.lo pem.lo \
+@USE_INTEGRITY_TEST_FALSE@ ttodata.lo ac.lo ca.lo certinfo.lo \
+@USE_INTEGRITY_TEST_FALSE@ crl.lo crypter.lo aes_cbc_crypter.lo \
+@USE_INTEGRITY_TEST_FALSE@ des_crypter.lo diffie_hellman.lo \
+@USE_INTEGRITY_TEST_FALSE@ hasher.lo sha1_hasher.lo \
+@USE_INTEGRITY_TEST_FALSE@ sha2_hasher.lo md5_hasher.lo hmac.lo \
+@USE_INTEGRITY_TEST_FALSE@ ietf_attr_list.lo ocsp.lo pkcs7.lo \
+@USE_INTEGRITY_TEST_FALSE@ fips_prf.lo hmac_prf.lo prf.lo \
+@USE_INTEGRITY_TEST_FALSE@ prf_plus.lo rsa_private_key.lo \
+@USE_INTEGRITY_TEST_FALSE@ rsa_public_key.lo hmac_signer.lo \
+@USE_INTEGRITY_TEST_FALSE@ signer.lo x509.lo fetcher.lo host.lo \
+@USE_INTEGRITY_TEST_FALSE@ identification.lo leak_detective.lo \
+@USE_INTEGRITY_TEST_FALSE@ lexparser.lo linked_list.lo \
+@USE_INTEGRITY_TEST_FALSE@ enumerator.lo optionsfrom.lo \
+@USE_INTEGRITY_TEST_FALSE@ randomizer.lo
+@USE_INTEGRITY_TEST_TRUE@am_libstrongswan_la_OBJECTS = \
+@USE_INTEGRITY_TEST_TRUE@ fips_canister_start.lo fips.lo \
+@USE_INTEGRITY_TEST_TRUE@ library.lo chunk.lo debug.lo enum.lo \
+@USE_INTEGRITY_TEST_TRUE@ printf_hook.lo asn1.lo oid.lo pem.lo \
+@USE_INTEGRITY_TEST_TRUE@ ttodata.lo ac.lo ca.lo certinfo.lo \
+@USE_INTEGRITY_TEST_TRUE@ crl.lo crypter.lo aes_cbc_crypter.lo \
+@USE_INTEGRITY_TEST_TRUE@ des_crypter.lo diffie_hellman.lo \
+@USE_INTEGRITY_TEST_TRUE@ hasher.lo sha1_hasher.lo \
+@USE_INTEGRITY_TEST_TRUE@ sha2_hasher.lo md5_hasher.lo hmac.lo \
+@USE_INTEGRITY_TEST_TRUE@ ietf_attr_list.lo ocsp.lo pkcs7.lo \
+@USE_INTEGRITY_TEST_TRUE@ fips_prf.lo hmac_prf.lo prf.lo \
+@USE_INTEGRITY_TEST_TRUE@ prf_plus.lo rsa_private_key.lo \
+@USE_INTEGRITY_TEST_TRUE@ rsa_public_key.lo hmac_signer.lo \
+@USE_INTEGRITY_TEST_TRUE@ signer.lo x509.lo fetcher.lo host.lo \
+@USE_INTEGRITY_TEST_TRUE@ identification.lo leak_detective.lo \
+@USE_INTEGRITY_TEST_TRUE@ lexparser.lo linked_list.lo \
+@USE_INTEGRITY_TEST_TRUE@ enumerator.lo optionsfrom.lo \
+@USE_INTEGRITY_TEST_TRUE@ randomizer.lo fips_canister_end.lo
libstrongswan_la_OBJECTS = $(am_libstrongswan_la_OBJECTS)
-DEFAULT_INCLUDES = -I. -I$(srcdir)
+PROGRAMS = $(noinst_PROGRAMS)
+am__fips_signer_SOURCES_DIST = fips/fips_signer.c
+@USE_INTEGRITY_TEST_TRUE@am_fips_signer_OBJECTS = \
+@USE_INTEGRITY_TEST_TRUE@ fips_signer.$(OBJEXT)
+fips_signer_OBJECTS = $(am_fips_signer_OBJECTS)
+@USE_INTEGRITY_TEST_TRUE@fips_signer_DEPENDENCIES = libstrongswan.la
+DEFAULT_INCLUDES = -I.@am__isrc@
depcomp = $(SHELL) $(top_srcdir)/depcomp
am__depfiles_maybe = depfiles
COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
-LTCOMPILE = $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) \
- $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \
- $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+ $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
CCLD = $(CC)
-LINK = $(LIBTOOL) --tag=CC --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
- $(AM_LDFLAGS) $(LDFLAGS) -o $@
-SOURCES = $(libstrongswan_la_SOURCES)
-DIST_SOURCES = $(libstrongswan_la_SOURCES)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+ $(LDFLAGS) -o $@
+SOURCES = $(libstrongswan_la_SOURCES) $(fips_signer_SOURCES)
+DIST_SOURCES = $(am__libstrongswan_la_SOURCES_DIST) \
+ $(am__fips_signer_SOURCES_DIST)
ETAGS = etags
CTAGS = ctags
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
-AMDEP_FALSE = @AMDEP_FALSE@
-AMDEP_TRUE = @AMDEP_TRUE@
AMTAR = @AMTAR@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
-BUILD_EAP_SIM_FALSE = @BUILD_EAP_SIM_FALSE@
-BUILD_EAP_SIM_TRUE = @BUILD_EAP_SIM_TRUE@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
@@ -118,10 +180,13 @@ F77 = @F77@
FFLAGS = @FFLAGS@
GPERF = @GPERF@
GREP = @GREP@
+INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@
+IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@
LDFLAGS = @LDFLAGS@
LEX = @LEX@
LEXLIB = @LEXLIB@
@@ -133,6 +198,7 @@ LINUX_HEADERS = @LINUX_HEADERS@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
OBJEXT = @OBJEXT@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
@@ -148,34 +214,16 @@ SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
-USE_CISCO_QUIRKS_FALSE = @USE_CISCO_QUIRKS_FALSE@
-USE_CISCO_QUIRKS_TRUE = @USE_CISCO_QUIRKS_TRUE@
-USE_LEAK_DETECTIVE_FALSE = @USE_LEAK_DETECTIVE_FALSE@
-USE_LEAK_DETECTIVE_TRUE = @USE_LEAK_DETECTIVE_TRUE@
-USE_LIBCURL_FALSE = @USE_LIBCURL_FALSE@
-USE_LIBCURL_TRUE = @USE_LIBCURL_TRUE@
-USE_LIBDBUS_FALSE = @USE_LIBDBUS_FALSE@
-USE_LIBDBUS_TRUE = @USE_LIBDBUS_TRUE@
-USE_LIBLDAP_FALSE = @USE_LIBLDAP_FALSE@
-USE_LIBLDAP_TRUE = @USE_LIBLDAP_TRUE@
-USE_LIBXML_FALSE = @USE_LIBXML_FALSE@
-USE_LIBXML_TRUE = @USE_LIBXML_TRUE@
-USE_NAT_TRANSPORT_FALSE = @USE_NAT_TRANSPORT_FALSE@
-USE_NAT_TRANSPORT_TRUE = @USE_NAT_TRANSPORT_TRUE@
-USE_SMARTCARD_FALSE = @USE_SMARTCARD_FALSE@
-USE_SMARTCARD_TRUE = @USE_SMARTCARD_TRUE@
-USE_VENDORID_FALSE = @USE_VENDORID_FALSE@
-USE_VENDORID_TRUE = @USE_VENDORID_TRUE@
VERSION = @VERSION@
YACC = @YACC@
YFLAGS = @YFLAGS@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
ac_ct_CC = @ac_ct_CC@
ac_ct_CXX = @ac_ct_CXX@
ac_ct_F77 = @ac_ct_F77@
-am__fastdepCC_FALSE = @am__fastdepCC_FALSE@
-am__fastdepCC_TRUE = @am__fastdepCC_TRUE@
-am__fastdepCXX_FALSE = @am__fastdepCXX_FALSE@
-am__fastdepCXX_TRUE = @am__fastdepCXX_TRUE@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
@@ -188,6 +236,7 @@ build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
+builddir = @builddir@
confdir = @confdir@
datadir = @datadir@
datarootdir = @datarootdir@
@@ -225,61 +274,149 @@ program_transform_name = @program_transform_name@
psdir = @psdir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
xml_CFLAGS = @xml_CFLAGS@
xml_LIBS = @xml_LIBS@
lib_LTLIBRARIES = libstrongswan.la
-libstrongswan_la_SOURCES = \
-credential_store.h \
-library.c library.h \
-chunk.c chunk.h \
-debug.c debug.h \
-enum.c enum.h \
-printf_hook.c printf_hook.h \
-asn1/asn1.c asn1/asn1.h \
-asn1/oid.c asn1/oid.h \
-asn1/pem.c asn1/pem.h \
-asn1/ttodata.c asn1/ttodata.h \
-crypto/ac.c crypto/ac.h \
-crypto/ca.c crypto/ca.h \
-crypto/certinfo.c crypto/certinfo.h \
-crypto/crl.c crypto/crl.h \
-crypto/crypters/crypter.c crypto/crypters/crypter.h \
-crypto/crypters/aes_cbc_crypter.c crypto/crypters/aes_cbc_crypter.h\
-crypto/crypters/des_crypter.c crypto/crypters/des_crypter.h\
-crypto/diffie_hellman.c crypto/diffie_hellman.h \
-crypto/hashers/hasher.h crypto/hashers/hasher.c \
-crypto/hashers/sha1_hasher.c crypto/hashers/sha1_hasher.h \
-crypto/hashers/sha2_hasher.c crypto/hashers/sha2_hasher.h \
-crypto/hashers/md5_hasher.c crypto/hashers/md5_hasher.h \
-crypto/hmac.c crypto/hmac.h \
-crypto/ocsp.c crypto/ocsp.h \
-crypto/prfs/fips_prf.c crypto/prfs/fips_prf.h \
-crypto/prfs/hmac_prf.c crypto/prfs/hmac_prf.h \
-crypto/prfs/prf.c crypto/prfs/prf.h \
-crypto/prf_plus.h crypto/prf_plus.c \
-crypto/rsa/rsa_private_key.c crypto/rsa/rsa_private_key.h \
-crypto/rsa/rsa_public_key.h crypto/rsa/rsa_public_key.c \
-crypto/signers/hmac_signer.c crypto/signers/hmac_signer.h \
-crypto/signers/signer.c crypto/signers/signer.h \
-crypto/x509.c crypto/x509.h \
-utils/fetcher.c utils/fetcher.h \
-utils/host.c utils/host.h \
-utils/identification.c utils/identification.h \
-utils/iterator.h \
-utils/leak_detective.c utils/leak_detective.h \
-utils/lexparser.c utils/lexparser.h \
-utils/linked_list.c utils/linked_list.h \
-utils/randomizer.c utils/randomizer.h
-
+@USE_INTEGRITY_TEST_FALSE@libstrongswan_la_SOURCES = \
+@USE_INTEGRITY_TEST_FALSE@ credential_store.h library.c \
+@USE_INTEGRITY_TEST_FALSE@ library.h chunk.c chunk.h debug.c \
+@USE_INTEGRITY_TEST_FALSE@ debug.h enum.c enum.h printf_hook.c \
+@USE_INTEGRITY_TEST_FALSE@ printf_hook.h asn1/asn1.c \
+@USE_INTEGRITY_TEST_FALSE@ asn1/asn1.h asn1/oid.c asn1/oid.h \
+@USE_INTEGRITY_TEST_FALSE@ asn1/pem.c asn1/pem.h asn1/ttodata.c \
+@USE_INTEGRITY_TEST_FALSE@ asn1/ttodata.h crypto/ac.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/ac.h crypto/ca.c crypto/ca.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/certinfo.c crypto/certinfo.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crl.c crypto/crl.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypters/crypter.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypters/crypter.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypters/aes_cbc_crypter.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypters/aes_cbc_crypter.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypters/des_crypter.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/crypters/des_crypter.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/diffie_hellman.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/diffie_hellman.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/hasher.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/hasher.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/sha1_hasher.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/sha1_hasher.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/sha2_hasher.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/sha2_hasher.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/md5_hasher.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hashers/md5_hasher.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/hmac.c crypto/hmac.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/ietf_attr_list.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/ietf_attr_list.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/ocsp.c crypto/ocsp.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/pkcs7.c crypto/pkcs7.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/prfs/fips_prf.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/prfs/fips_prf.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/prfs/hmac_prf.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/prfs/hmac_prf.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/prfs/prf.c crypto/prfs/prf.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/prf_plus.h crypto/prf_plus.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/rsa/rsa_private_key.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/rsa/rsa_private_key.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/rsa/rsa_public_key.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/rsa/rsa_public_key.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/signers/hmac_signer.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/signers/hmac_signer.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/signers/signer.c \
+@USE_INTEGRITY_TEST_FALSE@ crypto/signers/signer.h \
+@USE_INTEGRITY_TEST_FALSE@ crypto/x509.c crypto/x509.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/fetcher.c utils/fetcher.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/host.c utils/host.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/identification.c \
+@USE_INTEGRITY_TEST_FALSE@ utils/identification.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/iterator.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/leak_detective.c \
+@USE_INTEGRITY_TEST_FALSE@ utils/leak_detective.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/lexparser.c utils/lexparser.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/linked_list.c \
+@USE_INTEGRITY_TEST_FALSE@ utils/linked_list.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/enumerator.c \
+@USE_INTEGRITY_TEST_FALSE@ utils/enumerator.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/optionsfrom.c \
+@USE_INTEGRITY_TEST_FALSE@ utils/optionsfrom.h \
+@USE_INTEGRITY_TEST_FALSE@ utils/randomizer.c \
+@USE_INTEGRITY_TEST_FALSE@ utils/randomizer.h
+@USE_INTEGRITY_TEST_TRUE@libstrongswan_la_SOURCES = \
+@USE_INTEGRITY_TEST_TRUE@ fips/fips_canister_start.c \
+@USE_INTEGRITY_TEST_TRUE@ fips/fips.c fips/fips.h \
+@USE_INTEGRITY_TEST_TRUE@ credential_store.h library.c \
+@USE_INTEGRITY_TEST_TRUE@ library.h chunk.c chunk.h debug.c \
+@USE_INTEGRITY_TEST_TRUE@ debug.h enum.c enum.h printf_hook.c \
+@USE_INTEGRITY_TEST_TRUE@ printf_hook.h asn1/asn1.c asn1/asn1.h \
+@USE_INTEGRITY_TEST_TRUE@ asn1/oid.c asn1/oid.h asn1/pem.c \
+@USE_INTEGRITY_TEST_TRUE@ asn1/pem.h asn1/ttodata.c \
+@USE_INTEGRITY_TEST_TRUE@ asn1/ttodata.h crypto/ac.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/ac.h crypto/ca.c crypto/ca.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/certinfo.c crypto/certinfo.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crl.c crypto/crl.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypters/crypter.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypters/crypter.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypters/aes_cbc_crypter.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypters/aes_cbc_crypter.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypters/des_crypter.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/crypters/des_crypter.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/diffie_hellman.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/diffie_hellman.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/hasher.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/hasher.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/sha1_hasher.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/sha1_hasher.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/sha2_hasher.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/sha2_hasher.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/md5_hasher.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hashers/md5_hasher.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/hmac.c crypto/hmac.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/ietf_attr_list.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/ietf_attr_list.h crypto/ocsp.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/ocsp.h crypto/pkcs7.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/pkcs7.h crypto/prfs/fips_prf.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/prfs/fips_prf.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/prfs/hmac_prf.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/prfs/hmac_prf.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/prfs/prf.c crypto/prfs/prf.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/prf_plus.h crypto/prf_plus.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/rsa/rsa_private_key.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/rsa/rsa_private_key.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/rsa/rsa_public_key.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/rsa/rsa_public_key.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/signers/hmac_signer.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/signers/hmac_signer.h \
+@USE_INTEGRITY_TEST_TRUE@ crypto/signers/signer.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/signers/signer.h crypto/x509.c \
+@USE_INTEGRITY_TEST_TRUE@ crypto/x509.h utils/fetcher.c \
+@USE_INTEGRITY_TEST_TRUE@ utils/fetcher.h utils/host.c \
+@USE_INTEGRITY_TEST_TRUE@ utils/host.h utils/identification.c \
+@USE_INTEGRITY_TEST_TRUE@ utils/identification.h \
+@USE_INTEGRITY_TEST_TRUE@ utils/iterator.h \
+@USE_INTEGRITY_TEST_TRUE@ utils/leak_detective.c \
+@USE_INTEGRITY_TEST_TRUE@ utils/leak_detective.h \
+@USE_INTEGRITY_TEST_TRUE@ utils/lexparser.c utils/lexparser.h \
+@USE_INTEGRITY_TEST_TRUE@ utils/linked_list.c \
+@USE_INTEGRITY_TEST_TRUE@ utils/linked_list.h \
+@USE_INTEGRITY_TEST_TRUE@ utils/enumerator.c utils/enumerator.h \
+@USE_INTEGRITY_TEST_TRUE@ utils/optionsfrom.c \
+@USE_INTEGRITY_TEST_TRUE@ utils/optionsfrom.h \
+@USE_INTEGRITY_TEST_TRUE@ utils/randomizer.c utils/randomizer.h \
+@USE_INTEGRITY_TEST_TRUE@ fips/fips_canister_end.c
libstrongswan_la_LIBADD = -lgmp -lpthread $(am__append_1) \
$(am__append_2) $(am__append_3)
INCLUDES = -I$(top_srcdir)/src/libstrongswan
+@USE_LEAK_DETECTIVE_TRUE@AM_CFLAGS = -DLEAK_DETECTIVE
EXTRA_DIST = asn1/oid.txt asn1/oid.pl
-BUILT_SOURCES = asn1/oid.c asn1/oid.h
+BUILT_SOURCES = asn1/oid.c asn1/oid.h $(am__append_4)
MAINTAINERCLEANFILES = asn1/oid.c asn1/oid.h
-@USE_LEAK_DETECTIVE_TRUE@AM_CFLAGS = -DLEAK_DETECTIVE
+@USE_INTEGRITY_TEST_TRUE@fips_signer_SOURCES = fips/fips_signer.c
+@USE_INTEGRITY_TEST_TRUE@fips_signer_LDADD = libstrongswan.la
+@USE_INTEGRITY_TEST_TRUE@CLEANFILES = fips_signature.h fips_signer
all: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) all-am
@@ -316,7 +453,7 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
install-libLTLIBRARIES: $(lib_LTLIBRARIES)
@$(NORMAL_INSTALL)
- test -z "$(libdir)" || $(mkdir_p) "$(DESTDIR)$(libdir)"
+ test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
if test -f $$p; then \
f=$(am__strip_dir) \
@@ -327,7 +464,7 @@ install-libLTLIBRARIES: $(lib_LTLIBRARIES)
uninstall-libLTLIBRARIES:
@$(NORMAL_UNINSTALL)
- @set -x; list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+ @list='$(lib_LTLIBRARIES)'; for p in $$list; do \
p=$(am__strip_dir) \
echo " $(LIBTOOL) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$p'"; \
$(LIBTOOL) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$p"; \
@@ -342,7 +479,17 @@ clean-libLTLIBRARIES:
rm -f "$${dir}/so_locations"; \
done
libstrongswan.la: $(libstrongswan_la_OBJECTS) $(libstrongswan_la_DEPENDENCIES)
- $(LINK) -rpath $(libdir) $(libstrongswan_la_LDFLAGS) $(libstrongswan_la_OBJECTS) $(libstrongswan_la_LIBADD) $(LIBS)
+ $(LINK) -rpath $(libdir) $(libstrongswan_la_OBJECTS) $(libstrongswan_la_LIBADD) $(LIBS)
+
+clean-noinstPROGRAMS:
+ @list='$(noinst_PROGRAMS)'; for p in $$list; do \
+ f=`echo $$p|sed 's/$(EXEEXT)$$//'`; \
+ echo " rm -f $$p $$f"; \
+ rm -f $$p $$f ; \
+ done
+fips_signer$(EXEEXT): $(fips_signer_OBJECTS) $(fips_signer_DEPENDENCIES)
+ @rm -f fips_signer$(EXEEXT)
+ $(LINK) $(fips_signer_OBJECTS) $(fips_signer_LDADD) $(LIBS)
mostlyclean-compile:
-rm -f *.$(OBJEXT)
@@ -362,14 +509,20 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/des_crypter.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/diffie_hellman.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enum.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/enumerator.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fetcher.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_canister_end.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_canister_start.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_prf.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fips_signer.Po@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hasher.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_prf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/hmac_signer.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/host.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/identification.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ietf_attr_list.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/leak_detective.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lexparser.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/library.Plo@am__quote@
@@ -377,7 +530,9 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/md5_hasher.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ocsp.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/oid.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/optionsfrom.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pem.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pkcs7.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/prf_plus.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/printf_hook.Plo@am__quote@
@@ -391,263 +546,326 @@ distclean-compile:
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@
.c.o:
-@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c $<
.c.obj:
-@am__fastdepCC_TRUE@ if $(COMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ `$(CYGPATH_W) '$<'`; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Po"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'`
.c.lo:
-@am__fastdepCC_TRUE@ if $(LTCOMPILE) -MT $@ -MD -MP -MF "$(DEPDIR)/$*.Tpo" -c -o $@ $<; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/$*.Tpo" "$(DEPDIR)/$*.Plo"; else rm -f "$(DEPDIR)/$*.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $<
asn1.lo: asn1/asn1.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1.lo -MD -MP -MF "$(DEPDIR)/asn1.Tpo" -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/asn1.Tpo" "$(DEPDIR)/asn1.Plo"; else rm -f "$(DEPDIR)/asn1.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT asn1.lo -MD -MP -MF $(DEPDIR)/asn1.Tpo -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/asn1.Tpo $(DEPDIR)/asn1.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/asn1.c' object='asn1.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o asn1.lo `test -f 'asn1/asn1.c' || echo '$(srcdir)/'`asn1/asn1.c
oid.lo: asn1/oid.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT oid.lo -MD -MP -MF "$(DEPDIR)/oid.Tpo" -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/oid.Tpo" "$(DEPDIR)/oid.Plo"; else rm -f "$(DEPDIR)/oid.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT oid.lo -MD -MP -MF $(DEPDIR)/oid.Tpo -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/oid.Tpo $(DEPDIR)/oid.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/oid.c' object='oid.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o oid.lo `test -f 'asn1/oid.c' || echo '$(srcdir)/'`asn1/oid.c
pem.lo: asn1/pem.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pem.lo -MD -MP -MF "$(DEPDIR)/pem.Tpo" -c -o pem.lo `test -f 'asn1/pem.c' || echo '$(srcdir)/'`asn1/pem.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/pem.Tpo" "$(DEPDIR)/pem.Plo"; else rm -f "$(DEPDIR)/pem.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pem.lo -MD -MP -MF $(DEPDIR)/pem.Tpo -c -o pem.lo `test -f 'asn1/pem.c' || echo '$(srcdir)/'`asn1/pem.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pem.Tpo $(DEPDIR)/pem.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/pem.c' object='pem.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pem.lo `test -f 'asn1/pem.c' || echo '$(srcdir)/'`asn1/pem.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pem.lo `test -f 'asn1/pem.c' || echo '$(srcdir)/'`asn1/pem.c
ttodata.lo: asn1/ttodata.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ttodata.lo -MD -MP -MF "$(DEPDIR)/ttodata.Tpo" -c -o ttodata.lo `test -f 'asn1/ttodata.c' || echo '$(srcdir)/'`asn1/ttodata.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ttodata.Tpo" "$(DEPDIR)/ttodata.Plo"; else rm -f "$(DEPDIR)/ttodata.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ttodata.lo -MD -MP -MF $(DEPDIR)/ttodata.Tpo -c -o ttodata.lo `test -f 'asn1/ttodata.c' || echo '$(srcdir)/'`asn1/ttodata.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ttodata.Tpo $(DEPDIR)/ttodata.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asn1/ttodata.c' object='ttodata.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ttodata.lo `test -f 'asn1/ttodata.c' || echo '$(srcdir)/'`asn1/ttodata.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ttodata.lo `test -f 'asn1/ttodata.c' || echo '$(srcdir)/'`asn1/ttodata.c
ac.lo: crypto/ac.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ac.lo -MD -MP -MF "$(DEPDIR)/ac.Tpo" -c -o ac.lo `test -f 'crypto/ac.c' || echo '$(srcdir)/'`crypto/ac.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ac.Tpo" "$(DEPDIR)/ac.Plo"; else rm -f "$(DEPDIR)/ac.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ac.lo -MD -MP -MF $(DEPDIR)/ac.Tpo -c -o ac.lo `test -f 'crypto/ac.c' || echo '$(srcdir)/'`crypto/ac.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ac.Tpo $(DEPDIR)/ac.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/ac.c' object='ac.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ac.lo `test -f 'crypto/ac.c' || echo '$(srcdir)/'`crypto/ac.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ac.lo `test -f 'crypto/ac.c' || echo '$(srcdir)/'`crypto/ac.c
ca.lo: crypto/ca.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ca.lo -MD -MP -MF "$(DEPDIR)/ca.Tpo" -c -o ca.lo `test -f 'crypto/ca.c' || echo '$(srcdir)/'`crypto/ca.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ca.Tpo" "$(DEPDIR)/ca.Plo"; else rm -f "$(DEPDIR)/ca.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ca.lo -MD -MP -MF $(DEPDIR)/ca.Tpo -c -o ca.lo `test -f 'crypto/ca.c' || echo '$(srcdir)/'`crypto/ca.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ca.Tpo $(DEPDIR)/ca.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/ca.c' object='ca.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ca.lo `test -f 'crypto/ca.c' || echo '$(srcdir)/'`crypto/ca.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ca.lo `test -f 'crypto/ca.c' || echo '$(srcdir)/'`crypto/ca.c
certinfo.lo: crypto/certinfo.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certinfo.lo -MD -MP -MF "$(DEPDIR)/certinfo.Tpo" -c -o certinfo.lo `test -f 'crypto/certinfo.c' || echo '$(srcdir)/'`crypto/certinfo.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/certinfo.Tpo" "$(DEPDIR)/certinfo.Plo"; else rm -f "$(DEPDIR)/certinfo.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT certinfo.lo -MD -MP -MF $(DEPDIR)/certinfo.Tpo -c -o certinfo.lo `test -f 'crypto/certinfo.c' || echo '$(srcdir)/'`crypto/certinfo.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/certinfo.Tpo $(DEPDIR)/certinfo.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/certinfo.c' object='certinfo.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certinfo.lo `test -f 'crypto/certinfo.c' || echo '$(srcdir)/'`crypto/certinfo.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certinfo.lo `test -f 'crypto/certinfo.c' || echo '$(srcdir)/'`crypto/certinfo.c
crl.lo: crypto/crl.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF "$(DEPDIR)/crl.Tpo" -c -o crl.lo `test -f 'crypto/crl.c' || echo '$(srcdir)/'`crypto/crl.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/crl.Tpo" "$(DEPDIR)/crl.Plo"; else rm -f "$(DEPDIR)/crl.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF $(DEPDIR)/crl.Tpo -c -o crl.lo `test -f 'crypto/crl.c' || echo '$(srcdir)/'`crypto/crl.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crl.Tpo $(DEPDIR)/crl.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crl.c' object='crl.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crl.lo `test -f 'crypto/crl.c' || echo '$(srcdir)/'`crypto/crl.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crl.lo `test -f 'crypto/crl.c' || echo '$(srcdir)/'`crypto/crl.c
crypter.lo: crypto/crypters/crypter.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF "$(DEPDIR)/crypter.Tpo" -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/crypter.Tpo" "$(DEPDIR)/crypter.Plo"; else rm -f "$(DEPDIR)/crypter.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crypter.lo -MD -MP -MF $(DEPDIR)/crypter.Tpo -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/crypter.Tpo $(DEPDIR)/crypter.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypters/crypter.c' object='crypter.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o crypter.lo `test -f 'crypto/crypters/crypter.c' || echo '$(srcdir)/'`crypto/crypters/crypter.c
aes_cbc_crypter.lo: crypto/crypters/aes_cbc_crypter.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cbc_crypter.lo -MD -MP -MF "$(DEPDIR)/aes_cbc_crypter.Tpo" -c -o aes_cbc_crypter.lo `test -f 'crypto/crypters/aes_cbc_crypter.c' || echo '$(srcdir)/'`crypto/crypters/aes_cbc_crypter.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/aes_cbc_crypter.Tpo" "$(DEPDIR)/aes_cbc_crypter.Plo"; else rm -f "$(DEPDIR)/aes_cbc_crypter.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT aes_cbc_crypter.lo -MD -MP -MF $(DEPDIR)/aes_cbc_crypter.Tpo -c -o aes_cbc_crypter.lo `test -f 'crypto/crypters/aes_cbc_crypter.c' || echo '$(srcdir)/'`crypto/crypters/aes_cbc_crypter.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/aes_cbc_crypter.Tpo $(DEPDIR)/aes_cbc_crypter.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypters/aes_cbc_crypter.c' object='aes_cbc_crypter.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc_crypter.lo `test -f 'crypto/crypters/aes_cbc_crypter.c' || echo '$(srcdir)/'`crypto/crypters/aes_cbc_crypter.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o aes_cbc_crypter.lo `test -f 'crypto/crypters/aes_cbc_crypter.c' || echo '$(srcdir)/'`crypto/crypters/aes_cbc_crypter.c
des_crypter.lo: crypto/crypters/des_crypter.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des_crypter.lo -MD -MP -MF "$(DEPDIR)/des_crypter.Tpo" -c -o des_crypter.lo `test -f 'crypto/crypters/des_crypter.c' || echo '$(srcdir)/'`crypto/crypters/des_crypter.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/des_crypter.Tpo" "$(DEPDIR)/des_crypter.Plo"; else rm -f "$(DEPDIR)/des_crypter.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT des_crypter.lo -MD -MP -MF $(DEPDIR)/des_crypter.Tpo -c -o des_crypter.lo `test -f 'crypto/crypters/des_crypter.c' || echo '$(srcdir)/'`crypto/crypters/des_crypter.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/des_crypter.Tpo $(DEPDIR)/des_crypter.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/crypters/des_crypter.c' object='des_crypter.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des_crypter.lo `test -f 'crypto/crypters/des_crypter.c' || echo '$(srcdir)/'`crypto/crypters/des_crypter.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o des_crypter.lo `test -f 'crypto/crypters/des_crypter.c' || echo '$(srcdir)/'`crypto/crypters/des_crypter.c
diffie_hellman.lo: crypto/diffie_hellman.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT diffie_hellman.lo -MD -MP -MF "$(DEPDIR)/diffie_hellman.Tpo" -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/diffie_hellman.Tpo" "$(DEPDIR)/diffie_hellman.Plo"; else rm -f "$(DEPDIR)/diffie_hellman.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT diffie_hellman.lo -MD -MP -MF $(DEPDIR)/diffie_hellman.Tpo -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/diffie_hellman.Tpo $(DEPDIR)/diffie_hellman.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/diffie_hellman.c' object='diffie_hellman.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o diffie_hellman.lo `test -f 'crypto/diffie_hellman.c' || echo '$(srcdir)/'`crypto/diffie_hellman.c
hasher.lo: crypto/hashers/hasher.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hasher.lo -MD -MP -MF "$(DEPDIR)/hasher.Tpo" -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/hasher.Tpo" "$(DEPDIR)/hasher.Plo"; else rm -f "$(DEPDIR)/hasher.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hasher.lo -MD -MP -MF $(DEPDIR)/hasher.Tpo -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/hasher.Tpo $(DEPDIR)/hasher.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/hashers/hasher.c' object='hasher.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hasher.lo `test -f 'crypto/hashers/hasher.c' || echo '$(srcdir)/'`crypto/hashers/hasher.c
sha1_hasher.lo: crypto/hashers/sha1_hasher.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1_hasher.lo -MD -MP -MF "$(DEPDIR)/sha1_hasher.Tpo" -c -o sha1_hasher.lo `test -f 'crypto/hashers/sha1_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha1_hasher.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sha1_hasher.Tpo" "$(DEPDIR)/sha1_hasher.Plo"; else rm -f "$(DEPDIR)/sha1_hasher.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha1_hasher.lo -MD -MP -MF $(DEPDIR)/sha1_hasher.Tpo -c -o sha1_hasher.lo `test -f 'crypto/hashers/sha1_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha1_hasher.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha1_hasher.Tpo $(DEPDIR)/sha1_hasher.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/hashers/sha1_hasher.c' object='sha1_hasher.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1_hasher.lo `test -f 'crypto/hashers/sha1_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha1_hasher.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha1_hasher.lo `test -f 'crypto/hashers/sha1_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha1_hasher.c
sha2_hasher.lo: crypto/hashers/sha2_hasher.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2_hasher.lo -MD -MP -MF "$(DEPDIR)/sha2_hasher.Tpo" -c -o sha2_hasher.lo `test -f 'crypto/hashers/sha2_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha2_hasher.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/sha2_hasher.Tpo" "$(DEPDIR)/sha2_hasher.Plo"; else rm -f "$(DEPDIR)/sha2_hasher.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT sha2_hasher.lo -MD -MP -MF $(DEPDIR)/sha2_hasher.Tpo -c -o sha2_hasher.lo `test -f 'crypto/hashers/sha2_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha2_hasher.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/sha2_hasher.Tpo $(DEPDIR)/sha2_hasher.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/hashers/sha2_hasher.c' object='sha2_hasher.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2_hasher.lo `test -f 'crypto/hashers/sha2_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha2_hasher.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o sha2_hasher.lo `test -f 'crypto/hashers/sha2_hasher.c' || echo '$(srcdir)/'`crypto/hashers/sha2_hasher.c
md5_hasher.lo: crypto/hashers/md5_hasher.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5_hasher.lo -MD -MP -MF "$(DEPDIR)/md5_hasher.Tpo" -c -o md5_hasher.lo `test -f 'crypto/hashers/md5_hasher.c' || echo '$(srcdir)/'`crypto/hashers/md5_hasher.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/md5_hasher.Tpo" "$(DEPDIR)/md5_hasher.Plo"; else rm -f "$(DEPDIR)/md5_hasher.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT md5_hasher.lo -MD -MP -MF $(DEPDIR)/md5_hasher.Tpo -c -o md5_hasher.lo `test -f 'crypto/hashers/md5_hasher.c' || echo '$(srcdir)/'`crypto/hashers/md5_hasher.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/md5_hasher.Tpo $(DEPDIR)/md5_hasher.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/hashers/md5_hasher.c' object='md5_hasher.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5_hasher.lo `test -f 'crypto/hashers/md5_hasher.c' || echo '$(srcdir)/'`crypto/hashers/md5_hasher.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o md5_hasher.lo `test -f 'crypto/hashers/md5_hasher.c' || echo '$(srcdir)/'`crypto/hashers/md5_hasher.c
hmac.lo: crypto/hmac.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hmac.lo -MD -MP -MF "$(DEPDIR)/hmac.Tpo" -c -o hmac.lo `test -f 'crypto/hmac.c' || echo '$(srcdir)/'`crypto/hmac.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/hmac.Tpo" "$(DEPDIR)/hmac.Plo"; else rm -f "$(DEPDIR)/hmac.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hmac.lo -MD -MP -MF $(DEPDIR)/hmac.Tpo -c -o hmac.lo `test -f 'crypto/hmac.c' || echo '$(srcdir)/'`crypto/hmac.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/hmac.Tpo $(DEPDIR)/hmac.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/hmac.c' object='hmac.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hmac.lo `test -f 'crypto/hmac.c' || echo '$(srcdir)/'`crypto/hmac.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hmac.lo `test -f 'crypto/hmac.c' || echo '$(srcdir)/'`crypto/hmac.c
+
+ietf_attr_list.lo: crypto/ietf_attr_list.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ietf_attr_list.lo -MD -MP -MF $(DEPDIR)/ietf_attr_list.Tpo -c -o ietf_attr_list.lo `test -f 'crypto/ietf_attr_list.c' || echo '$(srcdir)/'`crypto/ietf_attr_list.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ietf_attr_list.Tpo $(DEPDIR)/ietf_attr_list.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/ietf_attr_list.c' object='ietf_attr_list.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ietf_attr_list.lo `test -f 'crypto/ietf_attr_list.c' || echo '$(srcdir)/'`crypto/ietf_attr_list.c
ocsp.lo: crypto/ocsp.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp.lo -MD -MP -MF "$(DEPDIR)/ocsp.Tpo" -c -o ocsp.lo `test -f 'crypto/ocsp.c' || echo '$(srcdir)/'`crypto/ocsp.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/ocsp.Tpo" "$(DEPDIR)/ocsp.Plo"; else rm -f "$(DEPDIR)/ocsp.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT ocsp.lo -MD -MP -MF $(DEPDIR)/ocsp.Tpo -c -o ocsp.lo `test -f 'crypto/ocsp.c' || echo '$(srcdir)/'`crypto/ocsp.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/ocsp.Tpo $(DEPDIR)/ocsp.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/ocsp.c' object='ocsp.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp.lo `test -f 'crypto/ocsp.c' || echo '$(srcdir)/'`crypto/ocsp.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o ocsp.lo `test -f 'crypto/ocsp.c' || echo '$(srcdir)/'`crypto/ocsp.c
+
+pkcs7.lo: crypto/pkcs7.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT pkcs7.lo -MD -MP -MF $(DEPDIR)/pkcs7.Tpo -c -o pkcs7.lo `test -f 'crypto/pkcs7.c' || echo '$(srcdir)/'`crypto/pkcs7.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/pkcs7.Tpo $(DEPDIR)/pkcs7.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/pkcs7.c' object='pkcs7.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o pkcs7.lo `test -f 'crypto/pkcs7.c' || echo '$(srcdir)/'`crypto/pkcs7.c
fips_prf.lo: crypto/prfs/fips_prf.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_prf.lo -MD -MP -MF "$(DEPDIR)/fips_prf.Tpo" -c -o fips_prf.lo `test -f 'crypto/prfs/fips_prf.c' || echo '$(srcdir)/'`crypto/prfs/fips_prf.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/fips_prf.Tpo" "$(DEPDIR)/fips_prf.Plo"; else rm -f "$(DEPDIR)/fips_prf.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_prf.lo -MD -MP -MF $(DEPDIR)/fips_prf.Tpo -c -o fips_prf.lo `test -f 'crypto/prfs/fips_prf.c' || echo '$(srcdir)/'`crypto/prfs/fips_prf.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_prf.Tpo $(DEPDIR)/fips_prf.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/prfs/fips_prf.c' object='fips_prf.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_prf.lo `test -f 'crypto/prfs/fips_prf.c' || echo '$(srcdir)/'`crypto/prfs/fips_prf.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_prf.lo `test -f 'crypto/prfs/fips_prf.c' || echo '$(srcdir)/'`crypto/prfs/fips_prf.c
hmac_prf.lo: crypto/prfs/hmac_prf.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hmac_prf.lo -MD -MP -MF "$(DEPDIR)/hmac_prf.Tpo" -c -o hmac_prf.lo `test -f 'crypto/prfs/hmac_prf.c' || echo '$(srcdir)/'`crypto/prfs/hmac_prf.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/hmac_prf.Tpo" "$(DEPDIR)/hmac_prf.Plo"; else rm -f "$(DEPDIR)/hmac_prf.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hmac_prf.lo -MD -MP -MF $(DEPDIR)/hmac_prf.Tpo -c -o hmac_prf.lo `test -f 'crypto/prfs/hmac_prf.c' || echo '$(srcdir)/'`crypto/prfs/hmac_prf.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/hmac_prf.Tpo $(DEPDIR)/hmac_prf.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/prfs/hmac_prf.c' object='hmac_prf.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hmac_prf.lo `test -f 'crypto/prfs/hmac_prf.c' || echo '$(srcdir)/'`crypto/prfs/hmac_prf.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hmac_prf.lo `test -f 'crypto/prfs/hmac_prf.c' || echo '$(srcdir)/'`crypto/prfs/hmac_prf.c
prf.lo: crypto/prfs/prf.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf.lo -MD -MP -MF "$(DEPDIR)/prf.Tpo" -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/prf.Tpo" "$(DEPDIR)/prf.Plo"; else rm -f "$(DEPDIR)/prf.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf.lo -MD -MP -MF $(DEPDIR)/prf.Tpo -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/prf.Tpo $(DEPDIR)/prf.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/prfs/prf.c' object='prf.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf.lo `test -f 'crypto/prfs/prf.c' || echo '$(srcdir)/'`crypto/prfs/prf.c
prf_plus.lo: crypto/prf_plus.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf_plus.lo -MD -MP -MF "$(DEPDIR)/prf_plus.Tpo" -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/prf_plus.Tpo" "$(DEPDIR)/prf_plus.Plo"; else rm -f "$(DEPDIR)/prf_plus.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT prf_plus.lo -MD -MP -MF $(DEPDIR)/prf_plus.Tpo -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/prf_plus.Tpo $(DEPDIR)/prf_plus.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/prf_plus.c' object='prf_plus.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o prf_plus.lo `test -f 'crypto/prf_plus.c' || echo '$(srcdir)/'`crypto/prf_plus.c
rsa_private_key.lo: crypto/rsa/rsa_private_key.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_private_key.lo -MD -MP -MF "$(DEPDIR)/rsa_private_key.Tpo" -c -o rsa_private_key.lo `test -f 'crypto/rsa/rsa_private_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_private_key.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rsa_private_key.Tpo" "$(DEPDIR)/rsa_private_key.Plo"; else rm -f "$(DEPDIR)/rsa_private_key.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_private_key.lo -MD -MP -MF $(DEPDIR)/rsa_private_key.Tpo -c -o rsa_private_key.lo `test -f 'crypto/rsa/rsa_private_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_private_key.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rsa_private_key.Tpo $(DEPDIR)/rsa_private_key.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/rsa/rsa_private_key.c' object='rsa_private_key.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_private_key.lo `test -f 'crypto/rsa/rsa_private_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_private_key.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_private_key.lo `test -f 'crypto/rsa/rsa_private_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_private_key.c
rsa_public_key.lo: crypto/rsa/rsa_public_key.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_public_key.lo -MD -MP -MF "$(DEPDIR)/rsa_public_key.Tpo" -c -o rsa_public_key.lo `test -f 'crypto/rsa/rsa_public_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_public_key.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/rsa_public_key.Tpo" "$(DEPDIR)/rsa_public_key.Plo"; else rm -f "$(DEPDIR)/rsa_public_key.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rsa_public_key.lo -MD -MP -MF $(DEPDIR)/rsa_public_key.Tpo -c -o rsa_public_key.lo `test -f 'crypto/rsa/rsa_public_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_public_key.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/rsa_public_key.Tpo $(DEPDIR)/rsa_public_key.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/rsa/rsa_public_key.c' object='rsa_public_key.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_public_key.lo `test -f 'crypto/rsa/rsa_public_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_public_key.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rsa_public_key.lo `test -f 'crypto/rsa/rsa_public_key.c' || echo '$(srcdir)/'`crypto/rsa/rsa_public_key.c
hmac_signer.lo: crypto/signers/hmac_signer.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hmac_signer.lo -MD -MP -MF "$(DEPDIR)/hmac_signer.Tpo" -c -o hmac_signer.lo `test -f 'crypto/signers/hmac_signer.c' || echo '$(srcdir)/'`crypto/signers/hmac_signer.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/hmac_signer.Tpo" "$(DEPDIR)/hmac_signer.Plo"; else rm -f "$(DEPDIR)/hmac_signer.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT hmac_signer.lo -MD -MP -MF $(DEPDIR)/hmac_signer.Tpo -c -o hmac_signer.lo `test -f 'crypto/signers/hmac_signer.c' || echo '$(srcdir)/'`crypto/signers/hmac_signer.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/hmac_signer.Tpo $(DEPDIR)/hmac_signer.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/signers/hmac_signer.c' object='hmac_signer.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hmac_signer.lo `test -f 'crypto/signers/hmac_signer.c' || echo '$(srcdir)/'`crypto/signers/hmac_signer.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o hmac_signer.lo `test -f 'crypto/signers/hmac_signer.c' || echo '$(srcdir)/'`crypto/signers/hmac_signer.c
signer.lo: crypto/signers/signer.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signer.lo -MD -MP -MF "$(DEPDIR)/signer.Tpo" -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/signer.Tpo" "$(DEPDIR)/signer.Plo"; else rm -f "$(DEPDIR)/signer.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT signer.lo -MD -MP -MF $(DEPDIR)/signer.Tpo -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/signer.Tpo $(DEPDIR)/signer.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/signers/signer.c' object='signer.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o signer.lo `test -f 'crypto/signers/signer.c' || echo '$(srcdir)/'`crypto/signers/signer.c
x509.lo: crypto/x509.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF "$(DEPDIR)/x509.Tpo" -c -o x509.lo `test -f 'crypto/x509.c' || echo '$(srcdir)/'`crypto/x509.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/x509.Tpo" "$(DEPDIR)/x509.Plo"; else rm -f "$(DEPDIR)/x509.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF $(DEPDIR)/x509.Tpo -c -o x509.lo `test -f 'crypto/x509.c' || echo '$(srcdir)/'`crypto/x509.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/x509.Tpo $(DEPDIR)/x509.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='crypto/x509.c' object='x509.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'crypto/x509.c' || echo '$(srcdir)/'`crypto/x509.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'crypto/x509.c' || echo '$(srcdir)/'`crypto/x509.c
fetcher.lo: utils/fetcher.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher.lo -MD -MP -MF "$(DEPDIR)/fetcher.Tpo" -c -o fetcher.lo `test -f 'utils/fetcher.c' || echo '$(srcdir)/'`utils/fetcher.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/fetcher.Tpo" "$(DEPDIR)/fetcher.Plo"; else rm -f "$(DEPDIR)/fetcher.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fetcher.lo -MD -MP -MF $(DEPDIR)/fetcher.Tpo -c -o fetcher.lo `test -f 'utils/fetcher.c' || echo '$(srcdir)/'`utils/fetcher.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fetcher.Tpo $(DEPDIR)/fetcher.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/fetcher.c' object='fetcher.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher.lo `test -f 'utils/fetcher.c' || echo '$(srcdir)/'`utils/fetcher.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fetcher.lo `test -f 'utils/fetcher.c' || echo '$(srcdir)/'`utils/fetcher.c
host.lo: utils/host.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT host.lo -MD -MP -MF "$(DEPDIR)/host.Tpo" -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/host.Tpo" "$(DEPDIR)/host.Plo"; else rm -f "$(DEPDIR)/host.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT host.lo -MD -MP -MF $(DEPDIR)/host.Tpo -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/host.Tpo $(DEPDIR)/host.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/host.c' object='host.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o host.lo `test -f 'utils/host.c' || echo '$(srcdir)/'`utils/host.c
identification.lo: utils/identification.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT identification.lo -MD -MP -MF "$(DEPDIR)/identification.Tpo" -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/identification.Tpo" "$(DEPDIR)/identification.Plo"; else rm -f "$(DEPDIR)/identification.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT identification.lo -MD -MP -MF $(DEPDIR)/identification.Tpo -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/identification.Tpo $(DEPDIR)/identification.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/identification.c' object='identification.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o identification.lo `test -f 'utils/identification.c' || echo '$(srcdir)/'`utils/identification.c
leak_detective.lo: utils/leak_detective.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT leak_detective.lo -MD -MP -MF "$(DEPDIR)/leak_detective.Tpo" -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/leak_detective.Tpo" "$(DEPDIR)/leak_detective.Plo"; else rm -f "$(DEPDIR)/leak_detective.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT leak_detective.lo -MD -MP -MF $(DEPDIR)/leak_detective.Tpo -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/leak_detective.Tpo $(DEPDIR)/leak_detective.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/leak_detective.c' object='leak_detective.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o leak_detective.lo `test -f 'utils/leak_detective.c' || echo '$(srcdir)/'`utils/leak_detective.c
lexparser.lo: utils/lexparser.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lexparser.lo -MD -MP -MF "$(DEPDIR)/lexparser.Tpo" -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/lexparser.Tpo" "$(DEPDIR)/lexparser.Plo"; else rm -f "$(DEPDIR)/lexparser.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT lexparser.lo -MD -MP -MF $(DEPDIR)/lexparser.Tpo -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/lexparser.Tpo $(DEPDIR)/lexparser.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/lexparser.c' object='lexparser.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o lexparser.lo `test -f 'utils/lexparser.c' || echo '$(srcdir)/'`utils/lexparser.c
linked_list.lo: utils/linked_list.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT linked_list.lo -MD -MP -MF "$(DEPDIR)/linked_list.Tpo" -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/linked_list.Tpo" "$(DEPDIR)/linked_list.Plo"; else rm -f "$(DEPDIR)/linked_list.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT linked_list.lo -MD -MP -MF $(DEPDIR)/linked_list.Tpo -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/linked_list.Tpo $(DEPDIR)/linked_list.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/linked_list.c' object='linked_list.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o linked_list.lo `test -f 'utils/linked_list.c' || echo '$(srcdir)/'`utils/linked_list.c
+
+enumerator.lo: utils/enumerator.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT enumerator.lo -MD -MP -MF $(DEPDIR)/enumerator.Tpo -c -o enumerator.lo `test -f 'utils/enumerator.c' || echo '$(srcdir)/'`utils/enumerator.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/enumerator.Tpo $(DEPDIR)/enumerator.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/enumerator.c' object='enumerator.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o enumerator.lo `test -f 'utils/enumerator.c' || echo '$(srcdir)/'`utils/enumerator.c
+
+optionsfrom.lo: utils/optionsfrom.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT optionsfrom.lo -MD -MP -MF $(DEPDIR)/optionsfrom.Tpo -c -o optionsfrom.lo `test -f 'utils/optionsfrom.c' || echo '$(srcdir)/'`utils/optionsfrom.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/optionsfrom.Tpo $(DEPDIR)/optionsfrom.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/optionsfrom.c' object='optionsfrom.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o optionsfrom.lo `test -f 'utils/optionsfrom.c' || echo '$(srcdir)/'`utils/optionsfrom.c
randomizer.lo: utils/randomizer.c
-@am__fastdepCC_TRUE@ if $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT randomizer.lo -MD -MP -MF "$(DEPDIR)/randomizer.Tpo" -c -o randomizer.lo `test -f 'utils/randomizer.c' || echo '$(srcdir)/'`utils/randomizer.c; \
-@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/randomizer.Tpo" "$(DEPDIR)/randomizer.Plo"; else rm -f "$(DEPDIR)/randomizer.Tpo"; exit 1; fi
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT randomizer.lo -MD -MP -MF $(DEPDIR)/randomizer.Tpo -c -o randomizer.lo `test -f 'utils/randomizer.c' || echo '$(srcdir)/'`utils/randomizer.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/randomizer.Tpo $(DEPDIR)/randomizer.Plo
@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='utils/randomizer.c' object='randomizer.lo' libtool=yes @AMDEPBACKSLASH@
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o randomizer.lo `test -f 'utils/randomizer.c' || echo '$(srcdir)/'`utils/randomizer.c
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o randomizer.lo `test -f 'utils/randomizer.c' || echo '$(srcdir)/'`utils/randomizer.c
+
+fips_canister_start.lo: fips/fips_canister_start.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_canister_start.lo -MD -MP -MF $(DEPDIR)/fips_canister_start.Tpo -c -o fips_canister_start.lo `test -f 'fips/fips_canister_start.c' || echo '$(srcdir)/'`fips/fips_canister_start.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_canister_start.Tpo $(DEPDIR)/fips_canister_start.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fips/fips_canister_start.c' object='fips_canister_start.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_canister_start.lo `test -f 'fips/fips_canister_start.c' || echo '$(srcdir)/'`fips/fips_canister_start.c
+
+fips.lo: fips/fips.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips.lo -MD -MP -MF $(DEPDIR)/fips.Tpo -c -o fips.lo `test -f 'fips/fips.c' || echo '$(srcdir)/'`fips/fips.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips.Tpo $(DEPDIR)/fips.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fips/fips.c' object='fips.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips.lo `test -f 'fips/fips.c' || echo '$(srcdir)/'`fips/fips.c
+
+fips_canister_end.lo: fips/fips_canister_end.c
+@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_canister_end.lo -MD -MP -MF $(DEPDIR)/fips_canister_end.Tpo -c -o fips_canister_end.lo `test -f 'fips/fips_canister_end.c' || echo '$(srcdir)/'`fips/fips_canister_end.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_canister_end.Tpo $(DEPDIR)/fips_canister_end.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fips/fips_canister_end.c' object='fips_canister_end.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_canister_end.lo `test -f 'fips/fips_canister_end.c' || echo '$(srcdir)/'`fips/fips_canister_end.c
+
+fips_signer.o: fips/fips_signer.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_signer.o -MD -MP -MF $(DEPDIR)/fips_signer.Tpo -c -o fips_signer.o `test -f 'fips/fips_signer.c' || echo '$(srcdir)/'`fips/fips_signer.c
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_signer.Tpo $(DEPDIR)/fips_signer.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fips/fips_signer.c' object='fips_signer.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_signer.o `test -f 'fips/fips_signer.c' || echo '$(srcdir)/'`fips/fips_signer.c
+
+fips_signer.obj: fips/fips_signer.c
+@am__fastdepCC_TRUE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT fips_signer.obj -MD -MP -MF $(DEPDIR)/fips_signer.Tpo -c -o fips_signer.obj `if test -f 'fips/fips_signer.c'; then $(CYGPATH_W) 'fips/fips_signer.c'; else $(CYGPATH_W) '$(srcdir)/fips/fips_signer.c'; fi`
+@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/fips_signer.Tpo $(DEPDIR)/fips_signer.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='fips/fips_signer.c' object='fips_signer.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@ $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o fips_signer.obj `if test -f 'fips/fips_signer.c'; then $(CYGPATH_W) 'fips/fips_signer.c'; else $(CYGPATH_W) '$(srcdir)/fips/fips_signer.c'; fi`
mostlyclean-libtool:
-rm -f *.lo
@@ -655,10 +873,6 @@ mostlyclean-libtool:
clean-libtool:
-rm -rf .libs _libs
-distclean-libtool:
- -rm -f libtool
-uninstall-info-am:
-
ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
unique=`for i in $$list; do \
@@ -708,23 +922,21 @@ distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
- $(mkdir_p) $(distdir)/asn1
- @srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; \
- topsrcdirstrip=`echo "$(top_srcdir)" | sed 's|.|.|g'`; \
- list='$(DISTFILES)'; for file in $$list; do \
- case $$file in \
- $(srcdir)/*) file=`echo "$$file" | sed "s|^$$srcdirstrip/||"`;; \
- $(top_srcdir)/*) file=`echo "$$file" | sed "s|^$$topsrcdirstrip/|$(top_builddir)/|"`;; \
- esac; \
+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+ list='$(DISTFILES)'; \
+ dist_files=`for file in $$list; do echo $$file; done | \
+ sed -e "s|^$$srcdirstrip/||;t" \
+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+ case $$dist_files in \
+ */*) $(MKDIR_P) `echo "$$dist_files" | \
+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+ sort -u` ;; \
+ esac; \
+ for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
- dir=`echo "$$file" | sed -e 's,/[^/]*$$,,'`; \
- if test "$$dir" != "$$file" && test "$$dir" != "."; then \
- dir="/$$dir"; \
- $(mkdir_p) "$(distdir)$$dir"; \
- else \
- dir=''; \
- fi; \
if test -d $$d/$$file; then \
+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \
fi; \
@@ -738,10 +950,10 @@ distdir: $(DISTFILES)
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
-all-am: Makefile $(LTLIBRARIES)
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS)
installdirs:
for dir in "$(DESTDIR)$(libdir)"; do \
- test -z "$$dir" || $(mkdir_p) "$$dir"; \
+ test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) install-am
@@ -761,6 +973,7 @@ install-strip:
mostlyclean-generic:
clean-generic:
+ -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES)
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
@@ -773,13 +986,13 @@ maintainer-clean-generic:
clean: clean-am
clean-am: clean-generic clean-libLTLIBRARIES clean-libtool \
- mostlyclean-am
+ clean-noinstPROGRAMS mostlyclean-am
distclean: distclean-am
-rm -rf ./$(DEPDIR)
-rm -f Makefile
distclean-am: clean-am distclean-compile distclean-generic \
- distclean-libtool distclean-tags
+ distclean-tags
dvi: dvi-am
@@ -793,12 +1006,20 @@ info-am:
install-data-am:
+install-dvi: install-dvi-am
+
install-exec-am: install-libLTLIBRARIES
+install-html: install-html-am
+
install-info: install-info-am
install-man:
+install-pdf: install-pdf-am
+
+install-ps: install-ps-am
+
installcheck-am:
maintainer-clean: maintainer-clean-am
@@ -819,20 +1040,23 @@ ps: ps-am
ps-am:
-uninstall-am: uninstall-info-am uninstall-libLTLIBRARIES
+uninstall-am: uninstall-libLTLIBRARIES
+
+.MAKE: install-am install-strip
.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
- clean-libLTLIBRARIES clean-libtool ctags distclean \
- distclean-compile distclean-generic distclean-libtool \
- distclean-tags distdir dvi dvi-am html html-am info info-am \
- install install-am install-data install-data-am install-exec \
- install-exec-am install-info install-info-am \
- install-libLTLIBRARIES install-man install-strip installcheck \
- installcheck-am installdirs maintainer-clean \
+ clean-libLTLIBRARIES clean-libtool clean-noinstPROGRAMS ctags \
+ distclean distclean-compile distclean-generic \
+ distclean-libtool distclean-tags distdir dvi dvi-am html \
+ html-am info info-am install install-am install-data \
+ install-data-am install-dvi install-dvi-am install-exec \
+ install-exec-am install-html install-html-am install-info \
+ install-info-am install-libLTLIBRARIES install-man install-pdf \
+ install-pdf-am install-ps install-ps-am install-strip \
+ installcheck installcheck-am installdirs maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-compile \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
- tags uninstall uninstall-am uninstall-info-am \
- uninstall-libLTLIBRARIES
+ tags uninstall uninstall-am uninstall-libLTLIBRARIES
asn1/oid.c : asn1/oid.txt asn1/oid.pl
@@ -840,6 +1064,9 @@ asn1/oid.c : asn1/oid.txt asn1/oid.pl
asn1/oid.h : asn1/oid.txt asn1/oid.pl
cd asn1 && $(PERL) oid.pl
+
+@USE_INTEGRITY_TEST_TRUE@fips_signature.h : fips_signer
+@USE_INTEGRITY_TEST_TRUE@ ./fips_signer
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c
index 2a0aa4ff6..3191c89bd 100644
--- a/src/libstrongswan/asn1/asn1.c
+++ b/src/libstrongswan/asn1/asn1.c
@@ -11,6 +11,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: asn1.c 3299 2007-10-12 19:29:00Z andreas $
*/
#include <stdio.h>
@@ -33,6 +35,13 @@ const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
/* some popular algorithmIdentifiers */
+static u_char ASN1_md2_id_str[] = {
+ 0x30, 0x0c,
+ 0x06, 0x08,
+ 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x02,
+ 0x05,0x00,
+};
+
static u_char ASN1_md5_id_str[] = {
0x30, 0x0C,
0x06, 0x08,
@@ -47,6 +56,27 @@ static u_char ASN1_sha1_id_str[] = {
0x05, 0x00
};
+static u_char ASN1_sha256_id_str[] = {
+ 0x30, 0x0d,
+ 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01,
+ 0x05, 0x00
+};
+
+static u_char ASN1_sha384_id_str[] = {
+ 0x30, 0x0d,
+ 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02,
+ 0x05, 0x00
+};
+
+static u_char ASN1_sha512_id_str[] = {
+ 0x30, 0x0d,
+ 0x06, 0x09,
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03,
+ 0x05,0x00
+};
+
static u_char ASN1_md5WithRSA_id_str[] = {
0x30, 0x0D,
0x06, 0x09,
@@ -68,8 +98,12 @@ static u_char ASN1_rsaEncryption_id_str[] = {
0x05, 0x00
};
-const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
-const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
+const chunk_t ASN1_md2_id = chunk_from_buf(ASN1_md2_id_str);
+const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
+const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
+const chunk_t ASN1_sha256_id = chunk_from_buf(ASN1_sha256_id_str);
+const chunk_t ASN1_sha384_id = chunk_from_buf(ASN1_sha384_id_str);
+const chunk_t ASN1_sha512_id = chunk_from_buf(ASN1_sha512_id_str);
const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
@@ -279,6 +313,35 @@ time_t asn1totime(const chunk_t *utctime, asn1_t type)
}
/**
+ * Convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format
+ */
+chunk_t timetoasn1(const time_t *time, asn1_t type)
+{
+ int offset;
+ const char *format;
+ char buf[BUF_LEN];
+ chunk_t formatted_time;
+ struct tm *t = gmtime(time);
+
+ if (type == ASN1_GENERALIZEDTIME)
+ {
+ format = "%04d%02d%02d%02d%02d%02dZ";
+ offset = 1900;
+ }
+ else /* ASN1_UTCTIME */
+ {
+ format = "%02d%02d%02d%02d%02d%02dZ";
+ offset = (t->tm_year < 100)? 0 : -100;
+ }
+ snprintf(buf, BUF_LEN, format, t->tm_year + offset,
+ t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
+ formatted_time.ptr = buf;
+ formatted_time.len = strlen(buf);
+ return asn1_simple_object(type, formatted_time);
+}
+
+
+/**
* Initializes the internal context of the ASN.1 parser
*/
void asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0,
@@ -396,7 +459,7 @@ bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *objec
if (blob->len < 2)
{
- DBG2("L%d - %s: ASN.1 object smaller than 2 octets",
+ DBG1("L%d - %s: ASN.1 object smaller than 2 octets",
*level, obj.name);
return FALSE;
}
@@ -405,7 +468,7 @@ bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *objec
if (blob1->len == ASN1_INVALID_LENGTH || blob->len < blob1->len)
{
- DBG2("L%d - %s: length of ASN.1 object invalid or too large",
+ DBG1("L%d - %s: length of ASN.1 object invalid or too large",
*level, obj.name);
return FALSE;
}
@@ -698,38 +761,11 @@ chunk_t asn1_integer_from_mpz(const mpz_t value)
{
size_t bits = mpz_sizeinbase(value, 2); /* size in bits */
chunk_t n;
+
n.len = 1 + bits / 8; /* size in bytes */
n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, value);
-
- return asn1_wrap(ASN1_INTEGER, "m", n);
-}
-/**
- * convert a date into ASN.1 UTCTIME or GENERALIZEDTIME format
- */
-chunk_t timetoasn1(const time_t *time, asn1_t type)
-{
- int offset;
- const char *format;
- char buf[32];
- chunk_t formatted_time;
- struct tm *t = gmtime(time);
-
- if (type == ASN1_GENERALIZEDTIME)
- {
- format = "%04d%02d%02d%02d%02d%02dZ";
- offset = 1900;
- }
- else /* ASN1_UTCTIME */
- {
- format = "%02d%02d%02d%02d%02d%02dZ";
- offset = (t->tm_year < 100)? 0 : -100;
- }
- snprintf(buf, sizeof(buf), format, t->tm_year + offset,
- t->tm_mon + 1, t->tm_mday, t->tm_hour, t->tm_min, t->tm_sec);
- formatted_time.ptr = buf;
- formatted_time.len = strlen(buf);
- return asn1_simple_object(type, formatted_time);
+ return asn1_wrap(ASN1_INTEGER, "m", n);
}
/**
diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h
index 365ccb438..18742d18d 100644
--- a/src/libstrongswan/asn1/asn1.h
+++ b/src/libstrongswan/asn1/asn1.h
@@ -11,6 +11,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: asn1.h 3299 2007-10-12 19:29:00Z andreas $
*/
#ifndef _ASN1_H
@@ -23,7 +25,11 @@
#include <asn1/oid.h>
-/* Defines some primitive ASN1 types */
+/**
+ * @brief Definition of some primitive ASN1 types
+ *
+ * @ingroup asn1
+ */
typedef enum {
ASN1_EOC = 0x00,
ASN1_BOOLEAN = 0x01,
@@ -109,8 +115,13 @@ extern const chunk_t ASN1_INTEGER_1;
extern const chunk_t ASN1_INTEGER_2;
/* some popular algorithmIdentifiers */
+extern const chunk_t ASN1_md2_id;
extern const chunk_t ASN1_md5_id;
extern const chunk_t ASN1_sha1_id;
+extern const chunk_t ASN1_sha256_id;
+extern const chunk_t ASN1_sha384_id;
+extern const chunk_t ASN1_sha512_id;
+
extern const chunk_t ASN1_rsaEncryption_id;
extern const chunk_t ASN1_md5WithRSA_id;
extern const chunk_t ASN1_sha1WithRSA_id;
@@ -120,6 +131,7 @@ extern int known_oid(chunk_t object);
extern u_int asn1_length(chunk_t *blob);
extern bool is_printablestring(chunk_t str);
extern time_t asn1totime(const chunk_t *utctime, asn1_t type);
+extern chunk_t timetoasn1(const time_t *time, asn1_t type);
extern void asn1_init(asn1_ctx_t *ctx, chunk_t blob, u_int level0, bool implicit, bool private);
extern bool extract_object(asn1Object_t const *objects, u_int *objectID, chunk_t *object, u_int *level, asn1_ctx_t *ctx);
extern bool parse_asn1_simple_object(chunk_t *object, asn1_t type, u_int level, const char* name);
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index 6b16d5a64..28a915433 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -10,194 +10,199 @@
#include "oid.h"
const oid_t oid_names[] = {
- {0x02, 7, 1, "ITU-T Administration" }, /* 0 */
- { 0x82, 0, 1, "" }, /* 1 */
- { 0x06, 0, 1, "Germany ITU-T member" }, /* 2 */
- { 0x01, 0, 1, "Deutsche Telekom AG" }, /* 3 */
- { 0x0A, 0, 1, "" }, /* 4 */
- { 0x07, 0, 1, "" }, /* 5 */
- { 0x14, 0, 0, "ND" }, /* 6 */
- {0x09, 18, 1, "data" }, /* 7 */
- { 0x92, 0, 1, "" }, /* 8 */
- { 0x26, 0, 1, "" }, /* 9 */
- { 0x89, 0, 1, "" }, /* 10 */
- { 0x93, 0, 1, "" }, /* 11 */
- { 0xF2, 0, 1, "" }, /* 12 */
- { 0x2C, 0, 1, "" }, /* 13 */
- { 0x64, 0, 1, "pilot" }, /* 14 */
- { 0x01, 0, 1, "pilotAttributeType" }, /* 15 */
- { 0x01, 17, 0, "UID" }, /* 16 */
- { 0x19, 0, 0, "DC" }, /* 17 */
- {0x55, 52, 1, "X.500" }, /* 18 */
- { 0x04, 36, 1, "X.509" }, /* 19 */
- { 0x03, 21, 0, "CN" }, /* 20 */
- { 0x04, 22, 0, "S" }, /* 21 */
- { 0x05, 23, 0, "SN" }, /* 22 */
- { 0x06, 24, 0, "C" }, /* 23 */
- { 0x07, 25, 0, "L" }, /* 24 */
- { 0x08, 26, 0, "ST" }, /* 25 */
- { 0x0A, 27, 0, "O" }, /* 26 */
- { 0x0B, 28, 0, "OU" }, /* 27 */
- { 0x0C, 29, 0, "T" }, /* 28 */
- { 0x0D, 30, 0, "D" }, /* 29 */
- { 0x24, 31, 0, "userCertificate" }, /* 30 */
- { 0x29, 32, 0, "N" }, /* 31 */
- { 0x2A, 33, 0, "G" }, /* 32 */
- { 0x2B, 34, 0, "I" }, /* 33 */
- { 0x2D, 35, 0, "ID" }, /* 34 */
- { 0x48, 0, 0, "role" }, /* 35 */
- { 0x1D, 0, 1, "id-ce" }, /* 36 */
- { 0x09, 38, 0, "subjectDirectoryAttrs" }, /* 37 */
- { 0x0E, 39, 0, "subjectKeyIdentifier" }, /* 38 */
- { 0x0F, 40, 0, "keyUsage" }, /* 39 */
- { 0x10, 41, 0, "privateKeyUsagePeriod" }, /* 40 */
- { 0x11, 42, 0, "subjectAltName" }, /* 41 */
- { 0x12, 43, 0, "issuerAltName" }, /* 42 */
- { 0x13, 44, 0, "basicConstraints" }, /* 43 */
- { 0x14, 45, 0, "crlNumber" }, /* 44 */
- { 0x15, 46, 0, "reasonCode" }, /* 45 */
- { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */
- { 0x20, 48, 0, "certificatePolicies" }, /* 47 */
- { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */
- { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */
- { 0x37, 51, 0, "targetInformation" }, /* 50 */
- { 0x38, 0, 0, "noRevAvail" }, /* 51 */
- {0x2A, 94, 1, "" }, /* 52 */
- { 0x86, 0, 1, "" }, /* 53 */
- { 0x48, 0, 1, "" }, /* 54 */
- { 0x86, 0, 1, "" }, /* 55 */
- { 0xF6, 61, 1, "" }, /* 56 */
- { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */
- { 0x07, 0, 1, "Entrust" }, /* 58 */
- { 0x41, 0, 1, "nsn-ce" }, /* 59 */
- { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */
- { 0xF7, 0, 1, "" }, /* 61 */
- { 0x0D, 0, 1, "RSADSI" }, /* 62 */
- { 0x01, 89, 1, "PKCS" }, /* 63 */
- { 0x01, 72, 1, "PKCS-1" }, /* 64 */
- { 0x01, 66, 0, "rsaEncryption" }, /* 65 */
- { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */
- { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */
- { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */
- { 0x0B, 70, 0, "sha256WithRSAEncryption"}, /* 69 */
- { 0x0C, 71, 0, "sha384WithRSAEncryption"}, /* 70 */
- { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 71 */
- { 0x07, 79, 1, "PKCS-7" }, /* 72 */
- { 0x01, 74, 0, "data" }, /* 73 */
- { 0x02, 75, 0, "signedData" }, /* 74 */
- { 0x03, 76, 0, "envelopedData" }, /* 75 */
- { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */
- { 0x05, 78, 0, "digestedData" }, /* 77 */
- { 0x06, 0, 0, "encryptedData" }, /* 78 */
- { 0x09, 0, 1, "PKCS-9" }, /* 79 */
- { 0x01, 81, 0, "E" }, /* 80 */
- { 0x02, 82, 0, "unstructuredName" }, /* 81 */
- { 0x03, 83, 0, "contentType" }, /* 82 */
- { 0x04, 84, 0, "messageDigest" }, /* 83 */
- { 0x05, 85, 0, "signingTime" }, /* 84 */
- { 0x06, 86, 0, "counterSignature" }, /* 85 */
- { 0x07, 87, 0, "challengePassword" }, /* 86 */
- { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */
- { 0x0E, 0, 0, "extensionRequest" }, /* 88 */
- { 0x02, 92, 1, "digestAlgorithm" }, /* 89 */
- { 0x02, 91, 0, "md2" }, /* 90 */
- { 0x05, 0, 0, "md5" }, /* 91 */
- { 0x03, 0, 1, "encryptionAlgorithm" }, /* 92 */
- { 0x07, 0, 0, "3des-ede-cbc" }, /* 93 */
- {0x2B, 155, 1, "" }, /* 94 */
- { 0x06, 142, 1, "dod" }, /* 95 */
- { 0x01, 0, 1, "internet" }, /* 96 */
- { 0x04, 111, 1, "private" }, /* 97 */
- { 0x01, 0, 1, "enterprise" }, /* 98 */
- { 0x82, 104, 1, "" }, /* 99 */
- { 0x37, 0, 1, "Microsoft" }, /* 100 */
- { 0x0A, 0, 1, "" }, /* 101 */
- { 0x03, 0, 1, "" }, /* 102 */
- { 0x03, 0, 0, "msSGC" }, /* 103 */
- { 0x89, 0, 1, "" }, /* 104 */
- { 0x31, 0, 1, "" }, /* 105 */
- { 0x01, 0, 1, "" }, /* 106 */
- { 0x01, 0, 1, "" }, /* 107 */
- { 0x02, 0, 1, "" }, /* 108 */
- { 0x02, 110, 0, "" }, /* 109 */
- { 0x4B, 0, 0, "TCGID" }, /* 110 */
- { 0x05, 0, 1, "security" }, /* 111 */
- { 0x05, 0, 1, "mechanisms" }, /* 112 */
- { 0x07, 0, 1, "id-pkix" }, /* 113 */
- { 0x01, 116, 1, "id-pe" }, /* 114 */
- { 0x01, 0, 0, "authorityInfoAccess" }, /* 115 */
- { 0x03, 126, 1, "id-kp" }, /* 116 */
- { 0x01, 118, 0, "serverAuth" }, /* 117 */
- { 0x02, 119, 0, "clientAuth" }, /* 118 */
- { 0x03, 120, 0, "codeSigning" }, /* 119 */
- { 0x04, 121, 0, "emailProtection" }, /* 120 */
- { 0x05, 122, 0, "ipsecEndSystem" }, /* 121 */
- { 0x06, 123, 0, "ipsecTunnel" }, /* 122 */
- { 0x07, 124, 0, "ipsecUser" }, /* 123 */
- { 0x08, 125, 0, "timeStamping" }, /* 124 */
- { 0x09, 0, 0, "ocspSigning" }, /* 125 */
- { 0x08, 128, 1, "id-otherNames" }, /* 126 */
- { 0x05, 0, 0, "xmppAddr" }, /* 127 */
- { 0x0A, 133, 1, "id-aca" }, /* 128 */
- { 0x01, 130, 0, "authenticationInfo" }, /* 129 */
- { 0x02, 131, 0, "accessIdentity" }, /* 130 */
- { 0x03, 132, 0, "chargingIdentity" }, /* 131 */
- { 0x04, 0, 0, "group" }, /* 132 */
- { 0x30, 0, 1, "id-ad" }, /* 133 */
- { 0x01, 0, 1, "ocsp" }, /* 134 */
- { 0x01, 136, 0, "basic" }, /* 135 */
- { 0x02, 137, 0, "nonce" }, /* 136 */
- { 0x03, 138, 0, "crl" }, /* 137 */
- { 0x04, 139, 0, "response" }, /* 138 */
- { 0x05, 140, 0, "noCheck" }, /* 139 */
- { 0x06, 141, 0, "archiveCutoff" }, /* 140 */
- { 0x07, 0, 0, "serviceLocator" }, /* 141 */
- { 0x0E, 148, 1, "oiw" }, /* 142 */
- { 0x03, 0, 1, "secsig" }, /* 143 */
- { 0x02, 0, 1, "algorithms" }, /* 144 */
- { 0x07, 146, 0, "des-cbc" }, /* 145 */
- { 0x1A, 147, 0, "sha-1" }, /* 146 */
- { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 147 */
- { 0x24, 0, 1, "TeleTrusT" }, /* 148 */
- { 0x03, 0, 1, "algorithm" }, /* 149 */
- { 0x03, 0, 1, "signatureAlgorithm" }, /* 150 */
- { 0x01, 0, 1, "rsaSignature" }, /* 151 */
- { 0x02, 153, 0, "rsaSigWithripemd160" }, /* 152 */
- { 0x03, 154, 0, "rsaSigWithripemd128" }, /* 153 */
- { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 154 */
- {0x60, 0, 1, "" }, /* 155 */
- { 0x86, 0, 1, "" }, /* 156 */
- { 0x48, 0, 1, "" }, /* 157 */
- { 0x01, 0, 1, "organization" }, /* 158 */
- { 0x65, 166, 1, "gov" }, /* 159 */
- { 0x03, 0, 1, "csor" }, /* 160 */
- { 0x04, 0, 1, "nistalgorithm" }, /* 161 */
- { 0x02, 0, 1, "hashalgs" }, /* 162 */
- { 0x01, 164, 0, "id-SHA-256" }, /* 163 */
- { 0x02, 165, 0, "id-SHA-384" }, /* 164 */
- { 0x03, 0, 0, "id-SHA-512" }, /* 165 */
- { 0x86, 0, 1, "" }, /* 166 */
- { 0xf8, 0, 1, "" }, /* 167 */
- { 0x42, 180, 1, "netscape" }, /* 168 */
- { 0x01, 175, 1, "" }, /* 169 */
- { 0x01, 171, 0, "nsCertType" }, /* 170 */
- { 0x03, 172, 0, "nsRevocationUrl" }, /* 171 */
- { 0x04, 173, 0, "nsCaRevocationUrl" }, /* 172 */
- { 0x08, 174, 0, "nsCaPolicyUrl" }, /* 173 */
- { 0x0d, 0, 0, "nsComment" }, /* 174 */
- { 0x03, 178, 1, "directory" }, /* 175 */
- { 0x01, 0, 1, "" }, /* 176 */
- { 0x03, 0, 0, "employeeNumber" }, /* 177 */
- { 0x04, 0, 1, "policy" }, /* 178 */
- { 0x01, 0, 0, "nsSGC" }, /* 179 */
- { 0x45, 0, 1, "verisign" }, /* 180 */
- { 0x01, 0, 1, "pki" }, /* 181 */
- { 0x09, 0, 1, "attributes" }, /* 182 */
- { 0x02, 184, 0, "messageType" }, /* 183 */
- { 0x03, 185, 0, "pkiStatus" }, /* 184 */
- { 0x04, 186, 0, "failInfo" }, /* 185 */
- { 0x05, 187, 0, "senderNonce" }, /* 186 */
- { 0x06, 188, 0, "recipientNonce" }, /* 187 */
- { 0x07, 189, 0, "transID" }, /* 188 */
- { 0x08, 0, 0, "extensionReq" } /* 189 */
+ {0x02, 7, 1, "ITU-T Administration" }, /* 0 */
+ { 0x82, 0, 1, "" }, /* 1 */
+ { 0x06, 0, 1, "Germany ITU-T member" }, /* 2 */
+ { 0x01, 0, 1, "Deutsche Telekom AG" }, /* 3 */
+ { 0x0A, 0, 1, "" }, /* 4 */
+ { 0x07, 0, 1, "" }, /* 5 */
+ { 0x14, 0, 0, "ND" }, /* 6 */
+ {0x09, 18, 1, "data" }, /* 7 */
+ { 0x92, 0, 1, "" }, /* 8 */
+ { 0x26, 0, 1, "" }, /* 9 */
+ { 0x89, 0, 1, "" }, /* 10 */
+ { 0x93, 0, 1, "" }, /* 11 */
+ { 0xF2, 0, 1, "" }, /* 12 */
+ { 0x2C, 0, 1, "" }, /* 13 */
+ { 0x64, 0, 1, "pilot" }, /* 14 */
+ { 0x01, 0, 1, "pilotAttributeType" }, /* 15 */
+ { 0x01, 17, 0, "UID" }, /* 16 */
+ { 0x19, 0, 0, "DC" }, /* 17 */
+ {0x55, 52, 1, "X.500" }, /* 18 */
+ { 0x04, 36, 1, "X.509" }, /* 19 */
+ { 0x03, 21, 0, "CN" }, /* 20 */
+ { 0x04, 22, 0, "S" }, /* 21 */
+ { 0x05, 23, 0, "SN" }, /* 22 */
+ { 0x06, 24, 0, "C" }, /* 23 */
+ { 0x07, 25, 0, "L" }, /* 24 */
+ { 0x08, 26, 0, "ST" }, /* 25 */
+ { 0x0A, 27, 0, "O" }, /* 26 */
+ { 0x0B, 28, 0, "OU" }, /* 27 */
+ { 0x0C, 29, 0, "T" }, /* 28 */
+ { 0x0D, 30, 0, "D" }, /* 29 */
+ { 0x24, 31, 0, "userCertificate" }, /* 30 */
+ { 0x29, 32, 0, "N" }, /* 31 */
+ { 0x2A, 33, 0, "G" }, /* 32 */
+ { 0x2B, 34, 0, "I" }, /* 33 */
+ { 0x2D, 35, 0, "ID" }, /* 34 */
+ { 0x48, 0, 0, "role" }, /* 35 */
+ { 0x1D, 0, 1, "id-ce" }, /* 36 */
+ { 0x09, 38, 0, "subjectDirectoryAttrs" }, /* 37 */
+ { 0x0E, 39, 0, "subjectKeyIdentifier" }, /* 38 */
+ { 0x0F, 40, 0, "keyUsage" }, /* 39 */
+ { 0x10, 41, 0, "privateKeyUsagePeriod" }, /* 40 */
+ { 0x11, 42, 0, "subjectAltName" }, /* 41 */
+ { 0x12, 43, 0, "issuerAltName" }, /* 42 */
+ { 0x13, 44, 0, "basicConstraints" }, /* 43 */
+ { 0x14, 45, 0, "crlNumber" }, /* 44 */
+ { 0x15, 46, 0, "reasonCode" }, /* 45 */
+ { 0x1F, 47, 0, "crlDistributionPoints" }, /* 46 */
+ { 0x20, 48, 0, "certificatePolicies" }, /* 47 */
+ { 0x23, 49, 0, "authorityKeyIdentifier" }, /* 48 */
+ { 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */
+ { 0x37, 51, 0, "targetInformation" }, /* 50 */
+ { 0x38, 0, 0, "noRevAvail" }, /* 51 */
+ {0x2A, 94, 1, "" }, /* 52 */
+ { 0x86, 0, 1, "" }, /* 53 */
+ { 0x48, 0, 1, "" }, /* 54 */
+ { 0x86, 0, 1, "" }, /* 55 */
+ { 0xF6, 61, 1, "" }, /* 56 */
+ { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */
+ { 0x07, 0, 1, "Entrust" }, /* 58 */
+ { 0x41, 0, 1, "nsn-ce" }, /* 59 */
+ { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */
+ { 0xF7, 0, 1, "" }, /* 61 */
+ { 0x0D, 0, 1, "RSADSI" }, /* 62 */
+ { 0x01, 89, 1, "PKCS" }, /* 63 */
+ { 0x01, 72, 1, "PKCS-1" }, /* 64 */
+ { 0x01, 66, 0, "rsaEncryption" }, /* 65 */
+ { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */
+ { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */
+ { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */
+ { 0x0B, 70, 0, "sha256WithRSAEncryption" }, /* 69 */
+ { 0x0C, 71, 0, "sha384WithRSAEncryption" }, /* 70 */
+ { 0x0D, 0, 0, "sha512WithRSAEncryption" }, /* 71 */
+ { 0x07, 79, 1, "PKCS-7" }, /* 72 */
+ { 0x01, 74, 0, "data" }, /* 73 */
+ { 0x02, 75, 0, "signedData" }, /* 74 */
+ { 0x03, 76, 0, "envelopedData" }, /* 75 */
+ { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */
+ { 0x05, 78, 0, "digestedData" }, /* 77 */
+ { 0x06, 0, 0, "encryptedData" }, /* 78 */
+ { 0x09, 0, 1, "PKCS-9" }, /* 79 */
+ { 0x01, 81, 0, "E" }, /* 80 */
+ { 0x02, 82, 0, "unstructuredName" }, /* 81 */
+ { 0x03, 83, 0, "contentType" }, /* 82 */
+ { 0x04, 84, 0, "messageDigest" }, /* 83 */
+ { 0x05, 85, 0, "signingTime" }, /* 84 */
+ { 0x06, 86, 0, "counterSignature" }, /* 85 */
+ { 0x07, 87, 0, "challengePassword" }, /* 86 */
+ { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */
+ { 0x0E, 0, 0, "extensionRequest" }, /* 88 */
+ { 0x02, 92, 1, "digestAlgorithm" }, /* 89 */
+ { 0x02, 91, 0, "md2" }, /* 90 */
+ { 0x05, 0, 0, "md5" }, /* 91 */
+ { 0x03, 0, 1, "encryptionAlgorithm" }, /* 92 */
+ { 0x07, 0, 0, "3des-ede-cbc" }, /* 93 */
+ {0x2B, 160, 1, "" }, /* 94 */
+ { 0x06, 147, 1, "dod" }, /* 95 */
+ { 0x01, 0, 1, "internet" }, /* 96 */
+ { 0x04, 115, 1, "private" }, /* 97 */
+ { 0x01, 0, 1, "enterprise" }, /* 98 */
+ { 0x82, 108, 1, "" }, /* 99 */
+ { 0x37, 0, 1, "Microsoft" }, /* 100 */
+ { 0x0A, 105, 1, "" }, /* 101 */
+ { 0x03, 0, 1, "" }, /* 102 */
+ { 0x03, 104, 0, "msSGC" }, /* 103 */
+ { 0x04, 0, 0, "msEncryptingFileSystem" }, /* 104 */
+ { 0x14, 0, 1, "msEnrollmentInfrastructure"}, /* 105 */
+ { 0x02, 0, 1, "msCertificateTypeExtension"}, /* 106 */
+ { 0x02, 0, 0, "msSmartcardLogon" }, /* 107 */
+ { 0x89, 0, 1, "" }, /* 108 */
+ { 0x31, 0, 1, "" }, /* 109 */
+ { 0x01, 0, 1, "" }, /* 110 */
+ { 0x01, 0, 1, "" }, /* 111 */
+ { 0x02, 0, 1, "" }, /* 112 */
+ { 0x02, 114, 0, "" }, /* 113 */
+ { 0x4B, 0, 0, "TCGID" }, /* 114 */
+ { 0x05, 0, 1, "security" }, /* 115 */
+ { 0x05, 0, 1, "mechanisms" }, /* 116 */
+ { 0x07, 0, 1, "id-pkix" }, /* 117 */
+ { 0x01, 120, 1, "id-pe" }, /* 118 */
+ { 0x01, 0, 0, "authorityInfoAccess" }, /* 119 */
+ { 0x03, 130, 1, "id-kp" }, /* 120 */
+ { 0x01, 122, 0, "serverAuth" }, /* 121 */
+ { 0x02, 123, 0, "clientAuth" }, /* 122 */
+ { 0x03, 124, 0, "codeSigning" }, /* 123 */
+ { 0x04, 125, 0, "emailProtection" }, /* 124 */
+ { 0x05, 126, 0, "ipsecEndSystem" }, /* 125 */
+ { 0x06, 127, 0, "ipsecTunnel" }, /* 126 */
+ { 0x07, 128, 0, "ipsecUser" }, /* 127 */
+ { 0x08, 129, 0, "timeStamping" }, /* 128 */
+ { 0x09, 0, 0, "ocspSigning" }, /* 129 */
+ { 0x08, 132, 1, "id-otherNames" }, /* 130 */
+ { 0x05, 0, 0, "xmppAddr" }, /* 131 */
+ { 0x0A, 137, 1, "id-aca" }, /* 132 */
+ { 0x01, 134, 0, "authenticationInfo" }, /* 133 */
+ { 0x02, 135, 0, "accessIdentity" }, /* 134 */
+ { 0x03, 136, 0, "chargingIdentity" }, /* 135 */
+ { 0x04, 0, 0, "group" }, /* 136 */
+ { 0x30, 0, 1, "id-ad" }, /* 137 */
+ { 0x01, 146, 1, "ocsp" }, /* 138 */
+ { 0x01, 140, 0, "basic" }, /* 139 */
+ { 0x02, 141, 0, "nonce" }, /* 140 */
+ { 0x03, 142, 0, "crl" }, /* 141 */
+ { 0x04, 143, 0, "response" }, /* 142 */
+ { 0x05, 144, 0, "noCheck" }, /* 143 */
+ { 0x06, 145, 0, "archiveCutoff" }, /* 144 */
+ { 0x07, 0, 0, "serviceLocator" }, /* 145 */
+ { 0x02, 0, 0, "caIssuers" }, /* 146 */
+ { 0x0E, 153, 1, "oiw" }, /* 147 */
+ { 0x03, 0, 1, "secsig" }, /* 148 */
+ { 0x02, 0, 1, "algorithms" }, /* 149 */
+ { 0x07, 151, 0, "des-cbc" }, /* 150 */
+ { 0x1A, 152, 0, "sha-1" }, /* 151 */
+ { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 152 */
+ { 0x24, 0, 1, "TeleTrusT" }, /* 153 */
+ { 0x03, 0, 1, "algorithm" }, /* 154 */
+ { 0x03, 0, 1, "signatureAlgorithm" }, /* 155 */
+ { 0x01, 0, 1, "rsaSignature" }, /* 156 */
+ { 0x02, 158, 0, "rsaSigWithripemd160" }, /* 157 */
+ { 0x03, 159, 0, "rsaSigWithripemd128" }, /* 158 */
+ { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 159 */
+ {0x60, 0, 1, "" }, /* 160 */
+ { 0x86, 0, 1, "" }, /* 161 */
+ { 0x48, 0, 1, "" }, /* 162 */
+ { 0x01, 0, 1, "organization" }, /* 163 */
+ { 0x65, 171, 1, "gov" }, /* 164 */
+ { 0x03, 0, 1, "csor" }, /* 165 */
+ { 0x04, 0, 1, "nistalgorithm" }, /* 166 */
+ { 0x02, 0, 1, "hashalgs" }, /* 167 */
+ { 0x01, 169, 0, "id-SHA-256" }, /* 168 */
+ { 0x02, 170, 0, "id-SHA-384" }, /* 169 */
+ { 0x03, 0, 0, "id-SHA-512" }, /* 170 */
+ { 0x86, 0, 1, "" }, /* 171 */
+ { 0xf8, 0, 1, "" }, /* 172 */
+ { 0x42, 185, 1, "netscape" }, /* 173 */
+ { 0x01, 180, 1, "" }, /* 174 */
+ { 0x01, 176, 0, "nsCertType" }, /* 175 */
+ { 0x03, 177, 0, "nsRevocationUrl" }, /* 176 */
+ { 0x04, 178, 0, "nsCaRevocationUrl" }, /* 177 */
+ { 0x08, 179, 0, "nsCaPolicyUrl" }, /* 178 */
+ { 0x0d, 0, 0, "nsComment" }, /* 179 */
+ { 0x03, 183, 1, "directory" }, /* 180 */
+ { 0x01, 0, 1, "" }, /* 181 */
+ { 0x03, 0, 0, "employeeNumber" }, /* 182 */
+ { 0x04, 0, 1, "policy" }, /* 183 */
+ { 0x01, 0, 0, "nsSGC" }, /* 184 */
+ { 0x45, 0, 1, "verisign" }, /* 185 */
+ { 0x01, 0, 1, "pki" }, /* 186 */
+ { 0x09, 0, 1, "attributes" }, /* 187 */
+ { 0x02, 189, 0, "messageType" }, /* 188 */
+ { 0x03, 190, 0, "pkiStatus" }, /* 189 */
+ { 0x04, 191, 0, "failInfo" }, /* 190 */
+ { 0x05, 192, 0, "senderNonce" }, /* 191 */
+ { 0x06, 193, 0, "recipientNonce" }, /* 192 */
+ { 0x07, 194, 0, "transID" }, /* 193 */
+ { 0x08, 0, 0, "extensionReq" } /* 194 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index a29b1f0a1..5814a3ba0 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -49,36 +49,37 @@ extern const oid_t oid_names[];
#define OID_MD2 90
#define OID_MD5 91
#define OID_3DES_EDE_CBC 93
-#define OID_AUTHORITY_INFO_ACCESS 115
-#define OID_OCSP_SIGNING 125
-#define OID_XMPP_ADDR 127
-#define OID_AUTHENTICATION_INFO 129
-#define OID_ACCESS_IDENTITY 130
-#define OID_CHARGING_IDENTITY 131
-#define OID_GROUP 132
-#define OID_OCSP 134
-#define OID_BASIC 135
-#define OID_NONCE 136
-#define OID_CRL 137
-#define OID_RESPONSE 138
-#define OID_NO_CHECK 139
-#define OID_ARCHIVE_CUTOFF 140
-#define OID_SERVICE_LOCATOR 141
-#define OID_DES_CBC 145
-#define OID_SHA1 146
-#define OID_SHA1_WITH_RSA_OIW 147
-#define OID_SHA256 163
-#define OID_SHA384 164
-#define OID_SHA512 165
-#define OID_NS_REVOCATION_URL 171
-#define OID_NS_CA_REVOCATION_URL 172
-#define OID_NS_CA_POLICY_URL 173
-#define OID_NS_COMMENT 174
-#define OID_PKI_MESSAGE_TYPE 183
-#define OID_PKI_STATUS 184
-#define OID_PKI_FAIL_INFO 185
-#define OID_PKI_SENDER_NONCE 186
-#define OID_PKI_RECIPIENT_NONCE 187
-#define OID_PKI_TRANS_ID 188
+#define OID_AUTHORITY_INFO_ACCESS 119
+#define OID_OCSP_SIGNING 129
+#define OID_XMPP_ADDR 131
+#define OID_AUTHENTICATION_INFO 133
+#define OID_ACCESS_IDENTITY 134
+#define OID_CHARGING_IDENTITY 135
+#define OID_GROUP 136
+#define OID_OCSP 138
+#define OID_BASIC 139
+#define OID_NONCE 140
+#define OID_CRL 141
+#define OID_RESPONSE 142
+#define OID_NO_CHECK 143
+#define OID_ARCHIVE_CUTOFF 144
+#define OID_SERVICE_LOCATOR 145
+#define OID_CA_ISSUERS 146
+#define OID_DES_CBC 150
+#define OID_SHA1 151
+#define OID_SHA1_WITH_RSA_OIW 152
+#define OID_SHA256 168
+#define OID_SHA384 169
+#define OID_SHA512 170
+#define OID_NS_REVOCATION_URL 176
+#define OID_NS_CA_REVOCATION_URL 177
+#define OID_NS_CA_POLICY_URL 178
+#define OID_NS_COMMENT 179
+#define OID_PKI_MESSAGE_TYPE 188
+#define OID_PKI_STATUS 189
+#define OID_PKI_FAIL_INFO 190
+#define OID_PKI_SENDER_NONCE 191
+#define OID_PKI_RECIPIENT_NONCE 192
+#define OID_PKI_TRANS_ID 193
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index bd5a26e43..6ae2dc29a 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -102,6 +102,10 @@
0x0A ""
0x03 ""
0x03 "msSGC"
+ 0x04 "msEncryptingFileSystem"
+ 0x14 "msEnrollmentInfrastructure"
+ 0x02 "msCertificateTypeExtension"
+ 0x02 "msSmartcardLogon"
0x89 ""
0x31 ""
0x01 ""
@@ -140,6 +144,7 @@
0x05 "noCheck" OID_NO_CHECK
0x06 "archiveCutoff" OID_ARCHIVE_CUTOFF
0x07 "serviceLocator" OID_SERVICE_LOCATOR
+ 0x02 "caIssuers" OID_CA_ISSUERS
0x0E "oiw"
0x03 "secsig"
0x02 "algorithms"
diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c
index 641805869..b752a97ab 100755
--- a/src/libstrongswan/asn1/pem.c
+++ b/src/libstrongswan/asn1/pem.c
@@ -10,6 +10,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: pem.c 3256 2007-10-07 13:42:43Z andreas $
*/
#include <stdio.h>
@@ -40,7 +42,7 @@ static bool present(const char* pattern, chunk_t* ch)
{
u_int pattern_len = strlen(pattern);
- if (ch->len >= pattern_len && strncmp(ch->ptr, pattern, pattern_len) == 0)
+ if (ch->len >= pattern_len && strneq(ch->ptr, pattern, pattern_len))
{
ch->ptr += pattern_len;
ch->len -= pattern_len;
diff --git a/src/libstrongswan/asn1/ttodata.c b/src/libstrongswan/asn1/ttodata.c
index 8114b12c5..125313c2a 100644
--- a/src/libstrongswan/asn1/ttodata.c
+++ b/src/libstrongswan/asn1/ttodata.c
@@ -62,98 +62,123 @@ const char *ttodatav(const char *src, size_t srclen, int base, char *dst, size_t
int skipSpace = 0;
if (srclen == 0)
+ {
srclen = strlen(src);
+ }
if (dstlen == 0)
+ {
dst = buf; /* point it somewhere valid */
+ }
stop = dst + dstlen;
- if (base == 0) {
+ if (base == 0)
+ {
if (srclen < 2)
+ {
return "input too short to be valid";
+ }
if (*src++ != '0')
+ {
return "input does not begin with format prefix";
- switch (*src++) {
- case 'x':
- case 'X':
- base = 16;
+ }
+ switch (*src++)
+ {
+ case 'x':
+ case 'X':
+ base = 16;
+ break;
+ case 's':
+ case 'S':
+ base = 64;
+ break;
+ case 't':
+ case 'T':
+ base = 256;
+ break;
+ default:
+ return "unknown format prefix";
+ }
+ srclen -= 2;
+ }
+ switch (base)
+ {
+ case 16:
+ decode = unhex;
+ underscoreok = 1;
+ ingroup = 2;
break;
- case 's':
- case 'S':
- base = 64;
+ case 64:
+ decode = unb64;
+ underscoreok = 0;
+ ingroup = 4;
+ if(flags & TTODATAV_IGNORESPACE)
+ {
+ skipSpace = 1;
+ }
break;
- case 't':
- case 'T':
- base = 256;
+ case 256:
+ decode = untext;
+ ingroup = 1;
+ underscoreok = 0;
break;
default:
- return "unknown format prefix";
- }
- srclen -= 2;
- }
- switch (base) {
- case 16:
- decode = unhex;
- underscoreok = 1;
- ingroup = 2;
- break;
- case 64:
- decode = unb64;
- underscoreok = 0;
- ingroup = 4;
- if(flags & TTODATAV_IGNORESPACE) {
- skipSpace = 1;
- }
- break;
-
- case 256:
- decode = untext;
- ingroup = 1;
- underscoreok = 0;
- break;
- default:
- return "unknown base";
+ return "unknown base";
}
/* proceed */
ndone = 0;
- while (srclen > 0) {
+ while (srclen > 0)
+ {
char stage[4]; /* staging area for group */
size_t sl = 0;
/* Grab ingroup characters into stage,
* squeezing out blanks if we are supposed to ignore them.
*/
- for (sl = 0; sl < ingroup; src++, srclen--) {
+ for (sl = 0; sl < ingroup; src++, srclen--)
+ {
if (srclen == 0)
+ {
return "input ends in mid-byte, perhaps truncated";
+ }
else if (!(skipSpace && (*src == ' ' || *src == '\t')))
+ {
stage[sl++] = *src;
+ }
}
nbytes = (*decode)(stage, buf, sizeof(buf));
- switch (nbytes) {
- case BADCH0:
- case BADCH1:
- case BADCH2:
- case BADCH3:
- return badch(stage, nbytes, errp, errlen);
- case SHORT:
- return "internal buffer too short (\"can't happen\")";
- case BADPAD:
- return "bad (non-zero) padding at end of base64 input";
+ switch (nbytes)
+ {
+ case BADCH0:
+ case BADCH1:
+ case BADCH2:
+ case BADCH3:
+ return badch(stage, nbytes, errp, errlen);
+ case SHORT:
+ return "internal buffer too short (\"can't happen\")";
+ case BADPAD:
+ return "bad (non-zero) padding at end of base64 input";
}
if (nbytes <= 0)
+ {
return "unknown internal error";
- for (i = 0; i < nbytes; i++) {
+ }
+ for (i = 0; i < nbytes; i++)
+ {
if (dst < stop)
+ {
*dst++ = buf[i];
+ }
ndone++;
}
- while (srclen >= 1 && skipSpace && (*src == ' ' || *src == '\t')){
+ while (srclen >= 1 && skipSpace && (*src == ' ' || *src == '\t'))
+ {
src++;
srclen--;
}
- if (underscoreok && srclen > 1 && *src == '_') {
+ if (underscoreok && srclen > 1 && (*src == '_' || *src == ':'))
+ {
/* srclen > 1 means not last character */
src++;
srclen--;
@@ -161,9 +186,13 @@ const char *ttodatav(const char *src, size_t srclen, int base, char *dst, size_t
}
if (ndone == 0)
+ {
return "no data bytes specified by input";
+ }
if (lenp != NULL)
+ {
*lenp = ndone;
+ }
return NULL;
}
@@ -201,9 +230,7 @@ size_t atodata(const char *src, size_t srclen, char *dst, size_t dstlen)
const char *err;
err = ttodata(src, srclen, 0, dst, dstlen, &len);
- if (err != NULL)
- return 0;
- return len;
+ return (err)? 0:len;
}
/**
@@ -231,21 +258,31 @@ static int unhex(const char *src, char *dst, size_t dstlen)
static char hex[] = "0123456789abcdef";
if (dstlen < 1)
+ {
return SHORT;
-
+ }
+
p = strchr(hex, *src);
if (p == NULL)
+ {
p = strchr(hex, tolower(*src));
+ }
if (p == NULL)
+ {
return BADCH0;
+ }
byte = (p - hex) << 4;
src++;
p = strchr(hex, *src);
if (p == NULL)
+ {
p = strchr(hex, tolower(*src));
+ }
if (p == NULL)
+ {
return BADCH1;
+ }
byte |= (p - hex);
*dst = byte;
@@ -272,16 +309,20 @@ static int unb64(const char *src, char *dst, size_t dstlen)
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
if (dstlen < 3)
+ {
return SHORT;
-
+ }
p = strchr(base64, *src++);
if (p == NULL)
+ {
return BADCH0;
+ }
byte1 = (p - base64) << 2; /* first six bits */
p = strchr(base64, *src++);
- if (p == NULL) {
+ if (p == NULL)
+ {
return BADCH1;
}
@@ -290,10 +331,14 @@ static int unb64(const char *src, char *dst, size_t dstlen)
byte1 = (byte2 & 0xf) << 4;
p = strchr(base64, *src++);
- if (p == NULL) {
- if (*(src-1) == '=' && *src == '=') {
+ if (p == NULL)
+ {
+ if (*(src-1) == '=' && *src == '=')
+ {
if (byte1 != 0) /* bad padding */
+ {
return BADPAD;
+ }
return 1;
}
return BADCH2;
@@ -304,10 +349,14 @@ static int unb64(const char *src, char *dst, size_t dstlen)
byte1 = (byte2 & 0x3) << 6;
p = strchr(base64, *src++);
- if (p == NULL) {
- if (*(src-1) == '=') {
+ if (p == NULL)
+ {
+ if (*(src-1) == '=')
+ {
if (byte1 != 0) /* bad padding */
+ {
return BADPAD;
+ }
return 2;
}
return BADCH3;
@@ -329,8 +378,9 @@ static int unb64(const char *src, char *dst, size_t dstlen)
static int untext(const char *src, char *dst, size_t dstlen)
{
if (dstlen < 1)
+ {
return SHORT;
-
+ }
*dst = *src;
return 1;
}
@@ -359,13 +409,18 @@ static const char *badch(const char *src, int errcode, char *errp, size_t errlen
char ch;
if (errp == NULL || errlen < REQD)
+ {
return "unknown character in input";
+ }
strcpy(errp, pre);
ch = *(src + BADOFF(errcode));
- if (isprint(ch)) {
+ if (isprint(ch))
+ {
buf[0] = ch;
buf[1] = '\0';
- } else {
+ }
+ else
+ {
buf[0] = '\\';
buf[1] = ((ch & 0700) >> 6) + '0';
buf[2] = ((ch & 0070) >> 3) + '0';
diff --git a/src/libstrongswan/chunk.c b/src/libstrongswan/chunk.c
index d70e1723f..0d7841641 100644
--- a/src/libstrongswan/chunk.c
+++ b/src/libstrongswan/chunk.c
@@ -28,6 +28,7 @@
#include <debug.h>
#include <printf_hook.h>
+#include <utils/randomizer.h>
/**
* Empty chunk.
@@ -247,6 +248,35 @@ bool chunk_write(chunk_t chunk, const char *path, const char *label, mode_t mask
}
}
+/** hex conversion digits */
+static char hexdig_upper[] = "0123456789ABCDEF";
+static char hexdig_lower[] = "0123456789abcdef";
+
+/**
+ * Described in header.
+ */
+char *chunk_to_hex(chunk_t chunk, bool uppercase)
+{
+ int i;
+ char *str;
+ char *hexdig = hexdig_lower;
+
+ if (uppercase)
+ {
+ hexdig = hexdig_upper;
+ }
+
+ str = malloc(chunk.len * 2 + 1);
+ str[chunk.len * 2] = '\0';
+
+ for (i = 0; i < chunk.len; i ++)
+ {
+ str[i*2] = hexdig[(chunk.ptr[i] >> 4) & 0xF];
+ str[i*2+1] = hexdig[(chunk.ptr[i] ) & 0xF];
+ }
+ return str;
+}
+
/**
* Described in header.
*/
@@ -260,6 +290,27 @@ void chunk_free(chunk_t *chunk)
/**
* Described in header.
*/
+void chunk_free_randomized(chunk_t *chunk)
+{
+ if (chunk->ptr)
+ {
+ if (chunk->len > 0)
+ {
+ randomizer_t *randomizer = randomizer_create();
+
+ randomizer->get_pseudo_random_bytes(randomizer,
+ chunk->len, chunk->ptr);
+ randomizer->destroy(randomizer);
+ };
+ free(chunk->ptr);
+ chunk->ptr = NULL;
+ }
+ chunk->len = 0;
+}
+
+/**
+ * Described in header.
+ */
chunk_t chunk_skip(chunk_t chunk, size_t bytes)
{
if (chunk.len > bytes)
@@ -332,10 +383,8 @@ static int print_bytes(FILE *stream, const struct printf_info *info,
while (bytes_pos < bytes_roof)
{
- static char hexdig[] = "0123456789ABCDEF";
-
- *buffer_pos++ = hexdig[(*bytes_pos >> 4) & 0xF];
- *buffer_pos++ = hexdig[ *bytes_pos & 0xF];
+ *buffer_pos++ = hexdig_upper[(*bytes_pos >> 4) & 0xF];
+ *buffer_pos++ = hexdig_upper[ *bytes_pos & 0xF];
ascii_buffer[i++] =
(*bytes_pos > 31 && *bytes_pos < 127) ? *bytes_pos : '.';
diff --git a/src/libstrongswan/chunk.h b/src/libstrongswan/chunk.h
index a13ccfc22..9c0aabba1 100644
--- a/src/libstrongswan/chunk.h
+++ b/src/libstrongswan/chunk.h
@@ -84,11 +84,21 @@ void chunk_split(chunk_t chunk, const char *mode, ...);
bool chunk_write(chunk_t chunk, const char *path, const char *label, mode_t mask, bool force);
/**
+ * convert a chunk to an allocated hex string
+ */
+char *chunk_to_hex(chunk_t chunk, bool uppercase);
+
+/**
* Free contents of a chunk
*/
void chunk_free(chunk_t *chunk);
/**
+ * Overwrite the contents of a chunk with pseudo-random bytes and free them
+ */
+void chunk_free_randomized(chunk_t *chunk);
+
+/**
* Initialize a chunk to point to buffer inspectable by sizeof()
*/
#define chunk_from_buf(str) { str, sizeof(str) }
diff --git a/src/libstrongswan/credential_store.h b/src/libstrongswan/credential_store.h
index dcbe43f52..62b6ad2d5 100755
--- a/src/libstrongswan/credential_store.h
+++ b/src/libstrongswan/credential_store.h
@@ -88,17 +88,6 @@ struct credential_store_t {
rsa_public_key_t* (*get_rsa_public_key) (credential_store_t *this, identification_t *id);
/**
- * @brief Returns the RSA private key belonging to an RSA public key
- *
- * The returned rsa_private_key_t must be destroyed by the caller after usage.
- *
- * @param this calling object
- * @param pubkey public key
- * @return private key, or NULL if not found
- */
- rsa_private_key_t* (*get_rsa_private_key) (credential_store_t *this, rsa_public_key_t *pubkey);
-
- /**
* @brief Is there a matching RSA private key belonging to an RSA public key?
*
* @param this calling object
@@ -145,6 +134,20 @@ struct credential_store_t {
ca_info_t* (*get_issuer) (credential_store_t *this, x509_t* cert);
/**
+ * @brief RSA private key belonging to an RSA public key
+ *
+ *
+ * @param this calling object
+ * @param pubkey public key used to find the matching private key
+ * @param hash_algorithm hash algorithm to be used for signature
+ * @param data data block to be signed
+ * @param signature signature to be returned
+ * @return status of the signature process - SUCCESS if successful
+ */
+ status_t (*rsa_signature) (credential_store_t *this, rsa_public_key_t *pubkey, hash_algorithm_t hash_algorithm,
+ chunk_t data, chunk_t *signature);
+
+ /**
* @brief Verify an RSA signature given the ID of the signer
*
* @param this calling object
@@ -154,7 +157,8 @@ struct credential_store_t {
* @param issuer_p issuer of the signer's certificate (if not self-signed).
* @return status of the verification - SUCCESS if successful
*/
- status_t (*verify_signature) (credential_store_t *this, chunk_t hash, chunk_t sig, identification_t *id, ca_info_t **issuer_p);
+ status_t (*verify_signature) (credential_store_t *this, chunk_t hash, chunk_t sig, identification_t *id,
+ ca_info_t **issuer_p);
/**
* @brief Verify an X.509 certificate up to trust anchor without any status checks
@@ -240,6 +244,14 @@ struct credential_store_t {
iterator_t* (*create_cainfo_iterator) (credential_store_t *this);
/**
+ * @brief Create an iterator over all attribute certificates.
+ *
+ * @param this calling object
+ * @return iterator
+ */
+ iterator_t* (*create_acert_iterator) (credential_store_t *this);
+
+ /**
* @brief Loads ca certificates from a default directory.
*
* Certificates in both DER and PEM format are accepted
@@ -288,12 +300,13 @@ struct credential_store_t {
/**
* @brief Loads secrets in ipsec.secrets
*
- * Currently, all RSA private key files must be in unencrypted form
- * either in DER or PEM format.
+ * RSA private key files can be either in DER or PEM format
+ * Optional encryption with a passphrase supported
*
* @param this calling object
+ * @param reload are the secrets to be reloaded
*/
- void (*load_secrets) (credential_store_t *this);
+ void (*load_secrets) (credential_store_t *this, bool reload);
/**
* @brief Destroys a credential_store_t object.
diff --git a/src/libstrongswan/crypto/ac.c b/src/libstrongswan/crypto/ac.c
index 47605e9e1..1367494f8 100644
--- a/src/libstrongswan/crypto/ac.c
+++ b/src/libstrongswan/crypto/ac.c
@@ -19,17 +19,28 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: ac.c 3300 2007-10-12 21:53:18Z andreas $
*/
+#include <string.h>
+#include <stdio.h>
+
#include <library.h>
#include <debug.h>
#include <asn1/asn1.h>
+#include <asn1/pem.h>
+#include <crypto/x509.h>
+#include <crypto/ietf_attr_list.h>
#include <utils/identification.h>
#include <utils/linked_list.h>
+#include <utils/lexparser.h>
#include "ac.h"
+#define ACERT_WARNING_INTERVAL 1 /* day */
+
typedef struct private_x509ac_t private_x509ac_t;
/**
@@ -138,92 +149,6 @@ struct private_x509ac_t {
};
/**
- * definition of ietfAttribute kinds
- */
-typedef enum {
- IETF_ATTRIBUTE_OCTETS = 0,
- IETF_ATTRIBUTE_OID = 1,
- IETF_ATTRIBUTE_STRING = 2
-} ietfAttribute_t;
-
-/**
- * access structure for an ietfAttribute
- */
-typedef struct ietfAttr_t ietfAttr_t;
-
-struct ietfAttr_t {
- /**
- * IETF attribute kind
- */
- ietfAttribute_t kind;
-
- /**
- * IETF attribute valuse
- */
- chunk_t value;
-
- /**
- * Destroys the ietfAttr_t object.
- *
- * @param this ietfAttr_t to destroy
- */
- void (*destroy) (ietfAttr_t *this);
-};
-
-/**
- * Destroys an ietfAttr_t object
- */
-static void ietfAttr_destroy(ietfAttr_t *this)
-{
- free(this->value.ptr);
- free(this);
-}
-
-/**
- * Creates an ietfAttr_t object.
- */
-ietfAttr_t *ietfAttr_create(ietfAttribute_t kind, chunk_t value)
-{
- ietfAttr_t *this = malloc_thing(ietfAttr_t);
-
- /* initialize */
- this->kind = kind;
- this->value = chunk_clone(value);
-
- /* function */
- this->destroy = ietfAttr_destroy;
-
- return this;
-}
-
-/**
- * ASN.1 definition of ietfAttrSyntax
- */
-static const asn1Object_t ietfAttrSyntaxObjects[] =
-{
- { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT |
- ASN1_BODY }, /* 1 */
- { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
- { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */
- { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT |
- ASN1_BODY }, /* 4 */
- { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
- { 2, "oid", ASN1_OID, ASN1_OPT |
- ASN1_BODY }, /* 6 */
- { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
- { 2, "string", ASN1_UTF8STRING, ASN1_OPT |
- ASN1_BODY }, /* 8 */
- { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
- { 1, "end loop", ASN1_EOC, ASN1_END } /* 10 */
-};
-
-#define IETF_ATTR_OCTETS 4
-#define IETF_ATTR_OID 6
-#define IETF_ATTR_STRING 8
-#define IETF_ATTR_ROOF 11
-
-/**
* ASN.1 definition of roleSyntax
*/
static const asn1Object_t roleSyntaxObjects[] =
@@ -357,6 +282,23 @@ static err_t is_valid(const private_x509ac_t *this, time_t *until)
}
/**
+ * Implements x509ac_t.is_newer
+ */
+static bool is_newer(const private_x509ac_t *this, const private_x509ac_t *other)
+{
+ return this->notBefore > other->notBefore;
+}
+
+/**
+ * Implements x509ac_t.equals_holder.
+ */
+static bool equals_holder(const private_x509ac_t *this, const private_x509ac_t *other)
+{
+ return this->holderIssuer->equals(this->holderIssuer, other->holderIssuer)
+ && chunk_equals(this->holderSerial, other->holderSerial);
+}
+
+/**
* parses a directoryName
*/
static bool parse_directoryName(chunk_t blob, int level, bool implicit, identification_t **name)
@@ -364,7 +306,7 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
bool has_directoryName;
linked_list_t *list = linked_list_create();
- parse_generalNames(blob, level, implicit, list);
+ x509_parse_generalNames(blob, level, implicit, list);
has_directoryName = list->get_count(list) > 0;
if (has_directoryName)
@@ -398,43 +340,6 @@ static bool parse_directoryName(chunk_t blob, int level, bool implicit, identifi
}
/**
- * parses ietfAttrSyntax
- */
-static void parse_ietfAttrSyntax(chunk_t blob, int level0, linked_list_t *list)
-{
- asn1_ctx_t ctx;
- chunk_t object;
- u_int level;
- int objectID = 0;
-
- asn1_init(&ctx, blob, level0, FALSE, FALSE);
-
- while (objectID < IETF_ATTR_ROOF)
- {
- if (!extract_object(ietfAttrSyntaxObjects, &objectID, &object, &level, &ctx))
- {
- return;
- }
-
- switch (objectID)
- {
- case IETF_ATTR_OCTETS:
- case IETF_ATTR_OID:
- case IETF_ATTR_STRING:
- {
- ietfAttribute_t kind = (objectID - IETF_ATTR_OCTETS) / 2;
- ietfAttr_t *attr = ietfAttr_create(kind, object);
- list->insert_last(list, (void *)attr);
- }
- break;
- default:
- break;
- }
- objectID++;
- }
-}
-
-/**
* parses roleSyntax
*/
static void parse_roleSyntax(chunk_t blob, int level0)
@@ -470,9 +375,9 @@ static bool parse_certificate(chunk_t blob, private_x509ac_t *this)
bool critical;
chunk_t object;
u_int level;
- u_int type = OID_UNKNOWN;
- u_int extn_oid = OID_UNKNOWN;
int objectID = 0;
+ int type = OID_UNKNOWN;
+ int extn_oid = OID_UNKNOWN;
asn1_init(&ctx, blob, 0, FALSE, FALSE);
while (objectID < AC_OBJ_ROOF)
@@ -549,10 +454,10 @@ static bool parse_certificate(chunk_t blob, private_x509ac_t *this)
DBG2(" need to parse accessIdentity");
break;
case OID_CHARGING_IDENTITY:
- parse_ietfAttrSyntax(object, level, this->charging);
+ ietfAttr_list_create_from_chunk(object, this->charging, level);
break;
case OID_GROUP:
- parse_ietfAttrSyntax(object, level, this->groups);
+ ietfAttr_list_create_from_chunk(object, this->groups, level);
break;
case OID_ROLE:
parse_roleSyntax(object, level);
@@ -577,7 +482,7 @@ static bool parse_certificate(chunk_t blob, private_x509ac_t *this)
DBG2(" need to parse crlDistributionPoints");
break;
case OID_AUTHORITY_KEY_ID:
- parse_authorityKeyIdentifier(object, level,
+ x509_parse_authorityKeyIdentifier(object, level,
&this->authKeyID, &this->authKeySerialNumber);
break;
case OID_TARGET_INFORMATION:
@@ -603,7 +508,72 @@ static bool parse_certificate(chunk_t blob, private_x509ac_t *this)
objectID++;
}
this->installed = time(NULL);
- return FALSE;
+ return TRUE;
+}
+
+/**
+ * Implementation of x509ac_t.list.
+ */
+static void list(const private_x509ac_t *this, FILE *out, bool utc)
+{
+ time_t now = time(NULL);
+
+ fprintf(out, "%#T\n", &this->installed, utc);
+
+ if (this->entityName)
+ {
+ fprintf(out, " holder: '%D'\n", this->entityName);
+ }
+ if (this->holderIssuer)
+ {
+ fprintf(out, " hissuer: '%D'\n", this->holderIssuer);
+ }
+ if (this->holderSerial.ptr)
+ {
+ fprintf(out, " hserial: %#B\n", &this->holderSerial);
+ }
+
+ /* list all group attributes on a single line */
+ fprintf(out, " groups: ");
+ ietfAttr_list_list(this->groups, out);
+ fprintf(out, "\n");
+
+ fprintf(out, " issuer: '%D'\n", this->issuerName);
+ fprintf(out, " serial: %#B\n", &this->serialNumber);
+
+ fprintf(out, " validity: not before %#T, ", &this->notBefore, utc);
+ if (now < this->notBefore)
+ {
+ fprintf(out, "not valid yet (valid in %V)\n", &now, &this->notBefore);
+ }
+ else
+ {
+ fprintf(out, "ok\n");
+ }
+
+ fprintf(out, " not after %#T, ", &this->notAfter, utc);
+ if (now > this->notAfter)
+ {
+ fprintf(out, "expired (%V ago)\n", &now, &this->notAfter);
+ }
+ else
+ {
+ fprintf(out, "ok");
+ if (now > this->notAfter - ACERT_WARNING_INTERVAL * 60 * 60 * 24)
+ {
+ fprintf(out, " (expires in %V)", &now, &this->notAfter);
+ }
+ fprintf(out, " \n");
+ }
+
+ if (this->authKeyID.ptr)
+ {
+ fprintf(out, " authkey: %#B\n", &this->authKeyID);
+ }
+ if (this->authKeySerialNumber.ptr)
+ {
+ fprintf(out, " aserial: %#B\n", &this->authKeySerialNumber);
+ }
}
/**
@@ -614,10 +584,8 @@ static void destroy(private_x509ac_t *this)
DESTROY_IF(this->holderIssuer);
DESTROY_IF(this->entityName);
DESTROY_IF(this->issuerName);
- this->charging->destroy_offset(this->charging,
- offsetof(ietfAttr_t, destroy));
- this->groups->destroy_offset(this->groups,
- offsetof(ietfAttr_t, destroy));
+ ietfAttr_list_destroy(this->charging);
+ ietfAttr_list_destroy(this->groups);
free(this->certificate.ptr);
free(this);
}
@@ -638,6 +606,9 @@ x509ac_t *x509ac_create_from_chunk(chunk_t chunk)
/* public functions */
this->public.is_valid = (err_t (*) (const x509ac_t*,time_t*))is_valid;
+ this->public.is_newer = (bool (*) (const x509ac_t*,const x509ac_t*))is_newer;
+ this->public.equals_holder = (bool (*) (const x509ac_t*,const x509ac_t*))equals_holder;
+ this->public.list = (void (*) (const x509ac_t*,FILE*,bool))list;
this->public.destroy = (void (*) (x509ac_t*))destroy;
if (!parse_certificate(chunk, this))
diff --git a/src/libstrongswan/crypto/ac.h b/src/libstrongswan/crypto/ac.h
index b7fd26c94..8a4ccbd4c 100644
--- a/src/libstrongswan/crypto/ac.h
+++ b/src/libstrongswan/crypto/ac.h
@@ -21,11 +21,15 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: ac.h 3300 2007-10-12 21:53:18Z andreas $
*/
#ifndef AC_H_
#define AC_H_
+#include <library.h>
+
typedef struct x509ac_t x509ac_t;
/**
@@ -48,6 +52,32 @@ struct x509ac_t {
*/
err_t (*is_valid) (const x509ac_t *this, time_t *until);
+ /** @brief Checks if this attr cert is newer than the other attr cert
+ *
+ * @param this calling object
+ * @param other other attr cert object
+ * @return TRUE if this was issued more recently than other
+ */
+ bool (*is_newer) (const x509ac_t *this, const x509ac_t *other);
+
+ /**
+ * @brief Checks if two attribute certificates belong to the same holder
+ *
+ * @param this calling attribute certificate
+ * @param that other attribute certificate
+ * @return TRUE if same holder
+ */
+ bool (*equals_holder) (const x509ac_t *this, const x509ac_t *other);
+
+ /**
+ * @brief Log the attribute certificate info to out.
+ *
+ * @param this calling object
+ * @param out stream to write to
+ * @param utc TRUE for UTC times, FALSE for local time
+ */
+ void (*list)(const x509ac_t *this, FILE *out, bool utc);
+
/**
* @brief Destroys the attribute certificate.
*
@@ -68,14 +98,13 @@ x509ac_t *x509ac_create_from_chunk(chunk_t chunk);
/**
* @brief Read a x509 attribute certificate from a DER encoded file.
- *
+ *
* @param filename file containing DER encoded data
- * @return created x509ac_t certificate, or NULL if invalid.
- *
+ * @return created x509ac_t certificate, or NULL if invalid.
+ *
* @ingroup crypto
*/
x509ac_t *x509ac_create_from_file(const char *filename);
-
#endif /* AC_H_ */
diff --git a/src/libstrongswan/crypto/crl.c b/src/libstrongswan/crypto/crl.c
index b4ae37b2e..d52078ea9 100755
--- a/src/libstrongswan/crypto/crl.c
+++ b/src/libstrongswan/crypto/crl.c
@@ -18,6 +18,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: crl.c 3300 2007-10-12 21:53:18Z andreas $
*/
#include <sys/stat.h>
@@ -290,7 +292,8 @@ bool parse_x509crl(chunk_t blob, u_int level0, private_crl_t *crl)
}
else if (extn_oid == OID_AUTHORITY_KEY_ID)
{
- parse_authorityKeyIdentifier(object, level, &crl->authKeyID, &crl->authKeySerialNumber);
+ x509_parse_authorityKeyIdentifier(object, level,
+ &crl->authKeyID, &crl->authKeySerialNumber);
}
else if (extn_oid == OID_CRL_NUMBER)
{
@@ -304,6 +307,11 @@ bool parse_x509crl(chunk_t blob, u_int level0, private_crl_t *crl)
break;
case CRL_OBJ_ALGORITHM:
crl->algorithm = parse_algorithmIdentifier(object, level, NULL);
+ if (crl->algorithm != crl->sigAlg)
+ {
+ DBG1(" signature algorithms do not agree");
+ return FALSE;
+ }
break;
case CRL_OBJ_SIGNATURE:
crl->signature = object;
@@ -374,7 +382,14 @@ static bool is_newer(const private_crl_t *this, const private_crl_t *other)
*/
static bool verify(const private_crl_t *this, const rsa_public_key_t *signer)
{
- return signer->verify_emsa_pkcs1_signature(signer, this->tbsCertList, this->signature) == SUCCESS;
+ hash_algorithm_t algorithm = hasher_algorithm_from_oid(this->algorithm);
+
+ if (algorithm == HASH_UNKNOWN)
+ {
+ DBG1(" unknown signature algorithm");
+ return FALSE;
+ }
+ return signer->verify_emsa_pkcs1_signature(signer, algorithm, this->tbsCertList, this->signature) == SUCCESS;
}
/**
diff --git a/src/libstrongswan/crypto/crl.h b/src/libstrongswan/crypto/crl.h
index a367c3aff..bcf031dd4 100755
--- a/src/libstrongswan/crypto/crl.h
+++ b/src/libstrongswan/crypto/crl.h
@@ -18,6 +18,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: crl.h 3300 2007-10-12 21:53:18Z andreas $
*/
#ifndef CRL_H_
diff --git a/src/libstrongswan/crypto/diffie_hellman.c b/src/libstrongswan/crypto/diffie_hellman.c
index e4062066c..605892e87 100644
--- a/src/libstrongswan/crypto/diffie_hellman.c
+++ b/src/libstrongswan/crypto/diffie_hellman.c
@@ -8,7 +8,7 @@
/*
* Copyright (C) 1998-2002 D. Hugh Redelmeier.
* Copyright (C) 1999, 2000, 2001 Henry Spencer.
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -24,11 +24,11 @@
*/
#include <gmp.h>
-#include <stdio.h>
#include "diffie_hellman.h"
#include <utils/randomizer.h>
+#include <debug.h>
ENUM_BEGIN(diffie_hellman_group_names, MODP_NONE, MODP_1024_BIT,
"MODP_NONE",
@@ -302,12 +302,12 @@ static u_int8_t group18_modulus[] = {
0x60,0xC9,0x80,0xDD,0x98,0xED,0xD3,0xDF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
};
-typedef struct modulus_info_entry_t modulus_info_entry_t;
+typedef struct modulus_entry_t modulus_entry_t;
/**
* Entry of the modulus list.
*/
-struct modulus_info_entry_t {
+struct modulus_entry_t {
/**
* Group number as it is defined in file transform_substructure.h.
*/
@@ -321,7 +321,7 @@ struct modulus_info_entry_t {
/*
* Length of modulus in bytes.
*/
- size_t modulus_length;
+ size_t modulus_len;
/*
* Generator value.
@@ -329,19 +329,18 @@ struct modulus_info_entry_t {
u_int16_t generator;
};
-
/**
* All supported modulus values.
*/
-static modulus_info_entry_t modulus_info_entries[] = {
- {MODP_768_BIT,group1_modulus,sizeof(group1_modulus),2},
- {MODP_1024_BIT,group2_modulus,sizeof(group2_modulus),2},
- {MODP_1536_BIT,group5_modulus,sizeof(group5_modulus),2},
- {MODP_2048_BIT,group14_modulus,sizeof(group14_modulus),2},
- {MODP_3072_BIT,group15_modulus,sizeof(group15_modulus),2},
- {MODP_4096_BIT,group16_modulus,sizeof(group16_modulus),2},
- {MODP_6144_BIT,group17_modulus,sizeof(group17_modulus),2},
- {MODP_8192_BIT,group18_modulus,sizeof(group18_modulus),2},
+static modulus_entry_t modulus_entries[] = {
+ {MODP_768_BIT, group1_modulus, sizeof(group1_modulus), 2},
+ {MODP_1024_BIT, group2_modulus, sizeof(group2_modulus), 2},
+ {MODP_1536_BIT, group5_modulus, sizeof(group5_modulus), 2},
+ {MODP_2048_BIT, group14_modulus, sizeof(group14_modulus), 2},
+ {MODP_3072_BIT, group15_modulus, sizeof(group15_modulus), 2},
+ {MODP_4096_BIT, group16_modulus, sizeof(group16_modulus), 2},
+ {MODP_6144_BIT, group17_modulus, sizeof(group17_modulus), 2},
+ {MODP_8192_BIT, group18_modulus, sizeof(group18_modulus), 2},
};
typedef struct private_diffie_hellman_t private_diffie_hellman_t;
@@ -359,170 +358,133 @@ struct private_diffie_hellman_t {
/**
* Diffie Hellman group number.
*/
- u_int16_t dh_group_number;
-
- /**
- * Modulus.
- */
- mpz_t modulus;
-
- /**
- * Modulus length.
- */
- size_t modulus_length;
+ u_int16_t group;
/*
* Generator value.
*/
- u_int16_t generator;
+ mpz_t g;
/**
- * My private value .
+ * My private value.
*/
- mpz_t my_private_value;
+ mpz_t xa;
/**
* My public value.
*/
- mpz_t my_public_value;
+ mpz_t ya;
/**
* Other public value.
*/
- mpz_t other_public_value;
+ mpz_t yb;
/**
* Shared secret.
*/
- mpz_t shared_secret;
+ mpz_t zz;
/**
- * True if shared secret is computed and stored in my_public_value.
- */
- bool shared_secret_is_computed;
-
- /**
- * Sets the modulus for a specific diffie hellman group.
- *
- * @param this calling object
- * @return
- * SUCCESS if modulus could be found
- * NOT_FOUND if modulus not supported
+ * Modulus.
*/
- status_t (*set_modulus) (private_diffie_hellman_t *this);
+ mpz_t p;
/**
- * Makes sure my public value is computed.
- *
- * @param this calling object
+ * Modulus length.
*/
- void (*compute_public_value) (private_diffie_hellman_t *this);
+ size_t p_len;
/**
- * Computes shared secret (other public value must be available).
- *
- * @param this calling object
+ * True if shared secret is computed and stored in my_public_value.
*/
- void (*compute_shared_secret) (private_diffie_hellman_t *this);
+ bool computed;
};
/**
- * Implementation of private_diffie_hellman_t.set_modulus.
+ * Implementation of diffie_hellman_t.set_other_public_value.
*/
-static status_t set_modulus(private_diffie_hellman_t *this)
+static void set_other_public_value(private_diffie_hellman_t *this, chunk_t value)
{
- int i;
- status_t status = NOT_FOUND;
+ mpz_t p_min_1;
+
+ mpz_init(p_min_1);
+ mpz_sub_ui(p_min_1, this->p, 1);
+
+ mpz_import(this->yb, value.len, 1, 1, 1, 0, value.ptr);
- for (i = 0; i < (sizeof(modulus_info_entries) / sizeof(modulus_info_entry_t)); i++)
+ /* check public value:
+ * 1. 0 or 1 is invalid as 0^a = 0 and 1^a = 1
+ * 2. a public value larger or equal the modulus is invalid */
+ if (mpz_cmp_ui(this->yb, 1) > 0 ||
+ mpz_cmp(this->yb, p_min_1) < 0)
{
- if (modulus_info_entries[i].group == this->dh_group_number)
+#ifdef EXTENDED_DH_TEST
+ /* 3. test if y ^ q mod p = 1, where q = (p - 1)/2. */
+ mpz_t q, one;
+
+ mpz_init(q);
+ mpz_init(one);
+ mpz_fdiv_q_2exp(q, p_min_1, 1);
+ mpz_powm(one, this->yb, q, this->p);
+ mpz_clear(q);
+ if (mpz_cmp_ui(one, 1) == 0)
{
- chunk_t modulus_chunk;
- modulus_chunk.ptr = modulus_info_entries[i].modulus;
- modulus_chunk.len = modulus_info_entries[i].modulus_length;
- mpz_import(this->modulus, modulus_chunk.len, 1, 1, 1, 0, modulus_chunk.ptr);
- this->modulus_length = modulus_chunk.len;
- this->generator = modulus_info_entries[i].generator;
- status = SUCCESS;
- break;
+ mpz_powm(this->zz, this->yb, this->xa, this->p);
+ this->computed = TRUE;
+ }
+ else
+ {
+ DBG1("public DH value verification failed: y ^ q mod p != 1");
}
+ mpz_clear(one);
+#else
+ mpz_powm(this->zz, this->yb, this->xa, this->p);
+ this->computed = TRUE;
+#endif
}
- return status;
-}
-
-/**
- * Implementation of diffie_hellman_t.set_other_public_value.
- */
-static void set_other_public_value(private_diffie_hellman_t *this,chunk_t public_value)
-{
- mpz_import(this->other_public_value, public_value.len, 1, 1, 1, 0, public_value.ptr);
- this->compute_shared_secret(this);
+ else
+ {
+ DBG1("public DH value verification failed: y < 2 || y > p - 1 ");
+ }
+ mpz_clear(p_min_1);
}
/**
* Implementation of diffie_hellman_t.get_other_public_value.
*/
-static status_t get_other_public_value(private_diffie_hellman_t *this,chunk_t *public_value)
+static status_t get_other_public_value(private_diffie_hellman_t *this,
+ chunk_t *value)
{
- if (!this->shared_secret_is_computed)
+ if (!this->computed)
{
return FAILED;
}
- public_value->len = this->modulus_length;
- public_value->ptr = mpz_export(NULL, NULL, 1, public_value->len, 1, 0, this->other_public_value);
+ value->len = this->p_len;
+ value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->yb);
return SUCCESS;
}
/**
- * Implementation of private_diffie_hellman_t.compute_shared_secret.
- */
-static void compute_shared_secret (private_diffie_hellman_t *this)
-{
- /* initialize my public value */
- mpz_init(this->shared_secret);
- /* calculate my public value */
- mpz_powm(this->shared_secret,this->other_public_value,this->my_private_value,this->modulus);
-
- this->shared_secret_is_computed = TRUE;
-}
-
-/**
- * Implementation of private_diffie_hellman_t.compute_public_value.
- */
-static void compute_public_value (private_diffie_hellman_t *this)
-{
- mpz_t generator;
- /* initialize generator and set it*/
- mpz_init_set_ui (generator,this->generator);
- /* initialize my public value */
- mpz_init(this->my_public_value);
- /* calculate my public value */
- mpz_powm(this->my_public_value,generator,this->my_private_value,this->modulus);
- /* generator not used anymore */
- mpz_clear(generator);
-}
-
-/**
* Implementation of diffie_hellman_t.get_my_public_value.
*/
-static void get_my_public_value(private_diffie_hellman_t *this,chunk_t *public_value)
+static void get_my_public_value(private_diffie_hellman_t *this,chunk_t *value)
{
- public_value->len = this->modulus_length;
- public_value->ptr = mpz_export(NULL, NULL, 1, public_value->len, 1, 0, this->my_public_value);
+ value->len = this->p_len;
+ value->ptr = mpz_export(NULL, NULL, 1, value->len, 1, 0, this->ya);
}
/**
* Implementation of diffie_hellman_t.get_shared_secret.
*/
-static status_t get_shared_secret(private_diffie_hellman_t *this,chunk_t *secret)
+static status_t get_shared_secret(private_diffie_hellman_t *this, chunk_t *secret)
{
- if (!this->shared_secret_is_computed)
+ if (!this->computed)
{
return FAILED;
}
- secret->len = this->modulus_length;
- secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->shared_secret);
+ secret->len = this->p_len;
+ secret->ptr = mpz_export(NULL, NULL, 1, secret->len, 1, 0, this->zz);
return SUCCESS;
}
@@ -531,35 +493,57 @@ static status_t get_shared_secret(private_diffie_hellman_t *this,chunk_t *secret
*/
static diffie_hellman_group_t get_dh_group(private_diffie_hellman_t *this)
{
- return this->dh_group_number;
+ return this->group;
}
/**
- * Implementation of diffie_hellman_t.destroy.
+ * Lookup the modulus in modulo table
*/
-static void destroy(private_diffie_hellman_t *this)
+static status_t set_modulus(private_diffie_hellman_t *this)
{
- mpz_clear(this->modulus);
- mpz_clear(this->my_private_value);
- mpz_clear(this->my_public_value);
- mpz_clear(this->other_public_value);
-
- if (this->shared_secret_is_computed)
+ int i;
+ status_t status = NOT_FOUND;
+
+ for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
{
- /* other public value gets initialized together with shared secret */
- mpz_clear(this->shared_secret);
+ if (modulus_entries[i].group == this->group)
+ {
+ chunk_t chunk;
+ chunk.ptr = modulus_entries[i].modulus;
+ chunk.len = modulus_entries[i].modulus_len;
+ mpz_import(this->p, chunk.len, 1, 1, 1, 0, chunk.ptr);
+ this->p_len = chunk.len;
+ mpz_set_ui(this->g, modulus_entries[i].generator);
+ status = SUCCESS;
+ break;
+ }
}
+ return status;
+}
+
+/**
+ * Implementation of diffie_hellman_t.destroy.
+ */
+static void destroy(private_diffie_hellman_t *this)
+{
+ mpz_clear(this->p);
+ mpz_clear(this->xa);
+ mpz_clear(this->ya);
+ mpz_clear(this->yb);
+ mpz_clear(this->zz);
+ mpz_clear(this->g);
free(this);
}
/*
* Described in header.
*/
-diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number)
+diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t group)
{
private_diffie_hellman_t *this = malloc_thing(private_diffie_hellman_t);
randomizer_t *randomizer;
- chunk_t random_bytes;
+ chunk_t random;
+ status_t status;
/* public functions */
this->public.get_shared_secret = (status_t (*)(diffie_hellman_t *, chunk_t *)) get_shared_secret;
@@ -569,44 +553,37 @@ diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number)
this->public.get_dh_group = (diffie_hellman_group_t (*)(diffie_hellman_t *)) get_dh_group;
this->public.destroy = (void (*)(diffie_hellman_t *)) destroy;
- /* private functions */
- this->set_modulus = set_modulus;
- this->compute_public_value = compute_public_value;
- this->compute_shared_secret = compute_shared_secret;
-
/* private variables */
- this->dh_group_number = dh_group_number;
- mpz_init(this->modulus);
- mpz_init(this->other_public_value);
- mpz_init(this->my_private_value);
+ this->group = group;
+ mpz_init(this->p);
+ mpz_init(this->yb);
+ mpz_init(this->ya);
+ mpz_init(this->xa);
+ mpz_init(this->zz);
+ mpz_init(this->g);
+
+ this->computed = FALSE;
- /* set this->modulus */
- if (this->set_modulus(this) != SUCCESS)
+ /* find a modulus according to group */
+ if (set_modulus(this) != SUCCESS)
{
- free(this);
+ destroy(this);
return NULL;
}
randomizer = randomizer_create();
- if (randomizer == NULL)
- {
- free(this);
- return NULL;
- }
- if (randomizer->allocate_pseudo_random_bytes(randomizer, this->modulus_length, &random_bytes) != SUCCESS)
+ status = randomizer->allocate_pseudo_random_bytes(
+ randomizer, this->p_len, &random);
+ randomizer->destroy(randomizer);
+ if (status != SUCCESS)
{
- randomizer->destroy(randomizer);
- free(this);
+ destroy(this);
return NULL;
}
+ mpz_import(this->xa, random.len, 1, 1, 1, 0, random.ptr);
+ chunk_free(&random);
- mpz_import(this->my_private_value, random_bytes.len, 1, 1, 1, 0, random_bytes.ptr);
- chunk_free(&random_bytes);
+ mpz_powm(this->ya, this->g, this->xa, this->p);
- randomizer->destroy(randomizer);
-
- this->compute_public_value(this);
-
- this->shared_secret_is_computed = FALSE;
-
- return &(this->public);
+ return &this->public;
}
+
diff --git a/src/libstrongswan/crypto/diffie_hellman.h b/src/libstrongswan/crypto/diffie_hellman.h
index 29a2ab45b..8cd06d60e 100644
--- a/src/libstrongswan/crypto/diffie_hellman.h
+++ b/src/libstrongswan/crypto/diffie_hellman.h
@@ -6,7 +6,7 @@
*/
/*
- * Copyright (C) 2005-2006 Martin Willi
+ * Copyright (C) 2005-2007 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
*
@@ -36,7 +36,7 @@ typedef struct diffie_hellman_t diffie_hellman_t;
*
* See IKEv2 RFC 3.3.2 and RFC 3526.
*
- * @ingroup transforms
+ * @ingroup crypto
*/
enum diffie_hellman_group_t {
MODP_NONE = 0,
@@ -56,76 +56,74 @@ enum diffie_hellman_group_t {
extern enum_name_t *diffie_hellman_group_names;
/**
- * @brief Implementation of the widely used Diffie-Hellman algorithm.
+ * @brief Implementation of the Diffie-Hellman algorithm, as in RFC2631.
*
* @b Constructors:
* - diffie_hellman_create()
*
- * @ingroup transforms
+ * @ingroup crypto
*/
struct diffie_hellman_t {
/**
* @brief Returns the shared secret of this diffie hellman exchange.
*
- * @warning Space for returned secret is allocated and must be
+ * Space for returned secret is allocated and must be
* freed by the caller.
*
- * @param this calling diffie_hellman_t object
- * @param[out] secret shared secret will be written into this chunk
+ * @param this calling object
+ * @param secret shared secret will be written into this chunk
* @return
- * - SUCCESS
- * - FAILED if not both DH values are set
+ * - SUCCESS
+ * - FAILED if not both DH values are set
*/
status_t (*get_shared_secret) (diffie_hellman_t *this, chunk_t *secret);
/**
* @brief Sets the public value of partner.
*
- * chunk gets cloned and can be destroyed afterwards.
+ * Chunk gets cloned and can be destroyed afterwards.
*
- * @param this calling diffie_hellman_t object
- * @param public_value public value of partner
+ * @param this calling object
+ * @param value public value of partner
*/
- void (*set_other_public_value) (diffie_hellman_t *this, chunk_t public_value);
+ void (*set_other_public_value) (diffie_hellman_t *this, chunk_t value);
/**
* @brief Gets the public value of partner.
*
- * @warning Space for returned chunk is allocated and must be
- * freed by the caller.
+ * Space for returned chunk is allocated and must be freed by the caller.
*
- * @param this calling diffie_hellman_t object
- * @param[out] public_value public value of partner is stored at this location
+ * @param this calling object
+ * @param value public value of partner is stored at this location
* @return
- * - SUCCESS
- * - FAILED if other public value not set
+ * - SUCCESS
+ * - FAILED if other public value not set
*/
- status_t (*get_other_public_value) (diffie_hellman_t *this, chunk_t *public_value);
+ status_t (*get_other_public_value) (diffie_hellman_t *this, chunk_t *value);
/**
- * @brief Gets the public value of caller
+ * @brief Gets the own public value to transmit.
*
- * @warning Space for returned chunk is allocated and must be
- * freed by the caller.
+ * Space for returned chunk is allocated and must be freed by the caller.
*
- * @param this calling diffie_hellman_t object
- * @param[out] public_value public value of caller is stored at this location
+ * @param this calling object
+ * @param value public value of caller is stored at this location
*/
- void (*get_my_public_value) (diffie_hellman_t *this, chunk_t *public_value);
+ void (*get_my_public_value) (diffie_hellman_t *this, chunk_t *value);
/**
* @brief Get the DH group used.
*
- * @param this calling diffie_hellman_t object
- * @return DH group set in construction
+ * @param this calling object
+ * @return DH group set in construction
*/
diffie_hellman_group_t (*get_dh_group) (diffie_hellman_t *this);
/**
* @brief Destroys an diffie_hellman_t object.
*
- * @param this diffie_hellman_t object to destroy
+ * @param this diffie_hellman_t object to destroy
*/
void (*destroy) (diffie_hellman_t *this);
};
@@ -133,15 +131,14 @@ struct diffie_hellman_t {
/**
* @brief Creates a new diffie_hellman_t object.
*
- * The first diffie hellman public value gets automatically created.
- *
- * @param dh_group_number Diffie Hellman group number to use
+ * @param group Diffie Hellman group number to use
* @return
- * - diffie_hellman_t object
- * - NULL if dh group not supported
+ * - diffie_hellman_t object
+ * - NULL if dh group not supported
*
- * @ingroup transforms
+ * @ingroup crypto
*/
-diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t dh_group_number);
+diffie_hellman_t *diffie_hellman_create(diffie_hellman_group_t group);
#endif /*DIFFIE_HELLMAN_H_*/
+
diff --git a/src/libstrongswan/crypto/hashers/hasher.c b/src/libstrongswan/crypto/hashers/hasher.c
index 7fa6346d6..14bfb022f 100644
--- a/src/libstrongswan/crypto/hashers/hasher.c
+++ b/src/libstrongswan/crypto/hashers/hasher.c
@@ -19,17 +19,21 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: hasher.c 3304 2007-10-12 23:18:42Z andreas $
*/
#include "hasher.h"
+#include <asn1/oid.h>
#include <crypto/hashers/sha1_hasher.h>
#include <crypto/hashers/sha2_hasher.h>
#include <crypto/hashers/md5_hasher.h>
-ENUM(hash_algorithm_names, HASH_MD2, HASH_SHA512,
+ENUM(hash_algorithm_names, HASH_UNKNOWN, HASH_SHA512,
+ "HASH_UNKNOWN",
"HASH_MD2",
"HASH_MD5",
"HASH_SHA1",
@@ -63,3 +67,76 @@ hasher_t *hasher_create(hash_algorithm_t hash_algorithm)
return NULL;
}
}
+
+/*
+ * Described in header.
+ */
+hash_algorithm_t hasher_algorithm_from_oid(int oid)
+{
+ hash_algorithm_t algorithm;
+
+ switch (oid)
+ {
+ case OID_MD2:
+ case OID_MD2_WITH_RSA:
+ algorithm = HASH_MD2;
+ break;
+ case OID_MD5:
+ case OID_MD5_WITH_RSA:
+ algorithm = HASH_MD5;
+ break;
+ case OID_SHA1:
+ case OID_SHA1_WITH_RSA:
+ algorithm = HASH_SHA1;
+ break;
+ case OID_SHA256:
+ case OID_SHA256_WITH_RSA:
+ algorithm = HASH_SHA256;
+ break;
+ case OID_SHA384:
+ case OID_SHA384_WITH_RSA:
+ algorithm = HASH_SHA384;
+ break;
+ case OID_SHA512:
+ case OID_SHA512_WITH_RSA:
+ algorithm = HASH_SHA512;
+ break;
+ default:
+ algorithm = HASH_UNKNOWN;
+ }
+ return algorithm;
+}
+
+/*
+ * Described in header.
+ */
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg)
+{
+ int oid;
+
+ switch (alg)
+ {
+ case HASH_MD2:
+ oid = OID_MD2_WITH_RSA;
+ break;
+ case HASH_MD5:
+ oid = OID_MD5_WITH_RSA;
+ break;
+ case HASH_SHA1:
+ oid = OID_SHA1_WITH_RSA;
+ break;
+ case HASH_SHA256:
+ oid = OID_SHA256_WITH_RSA;
+ break;
+ case HASH_SHA384:
+ oid = OID_SHA384_WITH_RSA;
+ break;
+ case HASH_SHA512:
+ oid = OID_SHA512_WITH_RSA;
+ break;
+ default:
+ oid = OID_UNKNOWN;
+ }
+ return oid;
+}
+
diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h
index 6c17f892d..48b904576 100644
--- a/src/libstrongswan/crypto/hashers/hasher.h
+++ b/src/libstrongswan/crypto/hashers/hasher.h
@@ -19,6 +19,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: hasher.h 3307 2007-10-17 02:56:24Z andreas $
*/
#ifndef HASHER_H_
@@ -42,17 +44,18 @@ typedef struct hasher_t hasher_t;
* @ingroup hashers
*/
enum hash_algorithm_t {
- HASH_MD2 = 0,
+ HASH_UNKNOWN = 0,
+ HASH_MD2 = 1,
/** Implemented in class md5_hasher_t */
- HASH_MD5 = 1,
+ HASH_MD5 = 2,
/** Implemented in class sha1_hasher_t */
- HASH_SHA1 = 2,
+ HASH_SHA1 = 3,
/** Implemented in class sha2_hasher_t */
- HASH_SHA256 = 3,
+ HASH_SHA256 = 4,
/** Implemented in class sha2_hasher_t */
- HASH_SHA384 = 4,
+ HASH_SHA384 = 5,
/** Implemented in class sha2_hasher_t */
- HASH_SHA512 = 5,
+ HASH_SHA512 = 6,
};
#define HASH_SIZE_MD2 16
@@ -68,7 +71,6 @@ enum hash_algorithm_t {
*/
extern enum_name_t *hash_algorithm_names;
-
/**
* @brief Generic interface for all hash functions.
*
@@ -82,7 +84,7 @@ struct hasher_t {
* @brief Hash data and write it in the buffer.
*
* If the parameter hash is NULL, no result is written back
- * an more data can be appended to already hashed data.
+ * and more data can be appended to already hashed data.
* If not, the result is written back and the hasher is reset.
*
* The hash output parameter must hold at least
@@ -98,7 +100,7 @@ struct hasher_t {
* @brief Hash data and allocate space for the hash.
*
* If the parameter hash is NULL, no result is written back
- * an more data can be appended to already hashed data.
+ * and more data can be appended to already hashed data.
* If not, the result is written back and the hasher is reset.
*
* @param this calling object
@@ -156,4 +158,28 @@ struct hasher_t {
*/
hasher_t *hasher_create(hash_algorithm_t hash_algorithm);
+/**
+ * @brief Conversion of ASN.1 OID to hash algorithm.
+ *
+ * @param oid ASN.1 OID
+ * @return
+ * - hash algorithm
+ * - HASH_UNKNOWN if OID unsuported
+ *
+ * @ingroup hashers
+ */
+hash_algorithm_t hasher_algorithm_from_oid(int oid);
+
+/**
+ * @brief Conversion of hash signature algorithm ASN.1 OID.
+ *
+ * @param alg hash algorithm
+ * @return
+ * - ASN.1 OID if known hash algorithm
+ * - OID_UNKNOW
+ *
+ * @ingroup hashers
+ */
+int hasher_signature_algorithm_to_oid(hash_algorithm_t alg);
+
#endif /* HASHER_H_ */
diff --git a/src/libstrongswan/crypto/hmac.h b/src/libstrongswan/crypto/hmac.h
index d320bc5aa..06b75aaf9 100644
--- a/src/libstrongswan/crypto/hmac.h
+++ b/src/libstrongswan/crypto/hmac.h
@@ -42,7 +42,7 @@ typedef struct hmac_t hmac_t;
* @b Constructors:
* - hmac_create()
*
- * @ingroup transforms
+ * @ingroup crypto
*/
struct hmac_t {
/**
diff --git a/src/libstrongswan/crypto/ietf_attr_list.c b/src/libstrongswan/crypto/ietf_attr_list.c
new file mode 100644
index 000000000..1ecadf679
--- /dev/null
+++ b/src/libstrongswan/crypto/ietf_attr_list.c
@@ -0,0 +1,405 @@
+/**
+ * @file ietf_attr.c
+ *
+ * @brief Implementation of ietfAttr_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen, Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <string.h>
+#include <stdio.h>
+
+#include <debug.h>
+#include <asn1/asn1.h>
+#include <utils/lexparser.h>
+
+#include "ietf_attr_list.h"
+
+/**
+ * Private definition of ietfAttribute kinds
+ */
+typedef enum {
+ IETF_ATTRIBUTE_OCTETS = 0,
+ IETF_ATTRIBUTE_OID = 1,
+ IETF_ATTRIBUTE_STRING = 2
+} ietfAttribute_t;
+
+typedef struct ietfAttr_t ietfAttr_t;
+
+/**
+ * Private definition of an ietfAttribute
+ */
+struct ietfAttr_t {
+ /**
+ * IETF attribute kind
+ */
+ ietfAttribute_t kind;
+
+ /**
+ * IETF attribute valuse
+ */
+ chunk_t value;
+
+ /**
+ * Compares two ietfAttributes
+ *
+ * return -1 if this is earlier in the alphabet than other
+ * return 0 if this equals other
+ * return +1 if this is later in the alphabet than other
+ *
+ * @param this calling object
+ * @param other other object
+ */
+ int (*compare) (const ietfAttr_t *this ,const ietfAttr_t *other);
+
+ /**
+ * Destroys the ietfAttr_t object.
+ *
+ * @param this ietfAttr_t to destroy
+ */
+ void (*destroy) (ietfAttr_t *this);
+};
+
+/**
+ * Implements ietfAttr_t.compare.
+ */
+static int ietfAttr_compare(const ietfAttr_t *this ,const ietfAttr_t *other)
+{
+ int cmp_len, len, cmp_value;
+
+ /* OID attributes are appended after STRING and OCTETS attributes */
+ if (this->kind != IETF_ATTRIBUTE_OID && other->kind == IETF_ATTRIBUTE_OID)
+ {
+ return -1;
+ }
+ if (this->kind == IETF_ATTRIBUTE_OID && other->kind != IETF_ATTRIBUTE_OID)
+ {
+ return 1;
+ }
+
+ cmp_len = this->value.len - other->value.len;
+ len = (cmp_len < 0)? this->value.len : other->value.len;
+ cmp_value = memcmp(this->value.ptr, other->value.ptr, len);
+
+ return (cmp_value == 0)? cmp_len : cmp_value;
+}
+
+/**
+ * Implements ietfAttr_t.destroy.
+ */
+static void ietfAttr_destroy(ietfAttr_t *this)
+{
+ free(this->value.ptr);
+ free(this);
+}
+
+/**
+ * Creates an ietfAttr_t object.
+ */
+static ietfAttr_t *ietfAttr_create(ietfAttribute_t kind, chunk_t value)
+{
+ ietfAttr_t *this = malloc_thing(ietfAttr_t);
+
+ /* initialize */
+ this->kind = kind;
+ this->value = chunk_clone(value);
+
+ /* function */
+ this->compare = ietfAttr_compare;
+ this->destroy = ietfAttr_destroy;
+
+ return this;
+}
+
+/**
+ * Adds an ietfAttr_t object to a sorted linked list
+ */
+static void ietfAttr_add(linked_list_t *list, ietfAttr_t *attr)
+{
+ iterator_t *iterator = list->create_iterator(list, TRUE);
+ ietfAttr_t *current_attr;
+ bool found = FALSE;
+
+ while (iterator->iterate(iterator, (void **)&current_attr))
+ {
+ int cmp = attr->compare(attr, current_attr);
+
+ if (cmp > 0)
+ {
+ continue;
+ }
+ if (cmp == 0)
+ {
+ attr->destroy(attr);
+ }
+ else
+ {
+ iterator->insert_before(iterator, attr);
+ }
+ found = TRUE;
+ break;
+ }
+ iterator->destroy(iterator);
+ if (!found)
+ {
+ list->insert_last(list, attr);
+ }
+}
+
+/*
+ * Described in header.
+ */
+bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b)
+{
+ bool result = TRUE;
+
+ /* lists must have the same number of attributes */
+ if (list_a->get_count(list_a) != list_b->get_count(list_b))
+ {
+ return FALSE;
+ }
+ /* empty lists - no attributes */
+ if (list_a->get_count(list_a) == 0)
+ {
+ return TRUE;
+ }
+
+ /* compare two alphabetically-sorted lists */
+ {
+ iterator_t *iterator_a = list_a->create_iterator(list_a, TRUE);
+ iterator_t *iterator_b = list_b->create_iterator(list_b, TRUE);
+ ietfAttr_t *attr_a, *attr_b;
+
+ while (iterator_a->iterate(iterator_a, (void **)&attr_a) &&
+ iterator_b->iterate(iterator_b, (void **)&attr_b))
+ {
+ if (attr_a->compare(attr_a, attr_b) != 0)
+ {
+ /* we have a mismatch */
+ result = FALSE;
+ break;
+ }
+ }
+ iterator_a->destroy(iterator_a);
+ iterator_b->destroy(iterator_b);
+ }
+ return result;
+}
+
+/*
+ * Described in header.
+ */
+void ietfAttr_list_list(linked_list_t *list, FILE *out)
+{
+ iterator_t *iterator = list->create_iterator(list, TRUE);
+ ietfAttr_t *attr;
+ bool first = TRUE;
+
+ while (iterator->iterate(iterator, (void **)&attr))
+ {
+ if (first)
+ {
+ first = FALSE;
+ }
+ else
+ {
+ fprintf(out, ", ");
+ }
+
+ switch (attr->kind)
+ {
+ case IETF_ATTRIBUTE_OCTETS:
+ case IETF_ATTRIBUTE_STRING:
+ fprintf(out, "%.*s", (int)attr->value.len, attr->value.ptr);
+ break;
+ case IETF_ATTRIBUTE_OID:
+ {
+ int oid = known_oid(attr->value);
+
+ if (oid == OID_UNKNOWN)
+ {
+ fprintf(out, "0x#B", &attr->value);
+ }
+ else
+ {
+ fprintf(out, "%s", oid_names[oid]);
+ }
+ }
+ break;
+ default:
+ break;
+ }
+ }
+ iterator->destroy(iterator);
+}
+
+/*
+ * Described in header.
+ */
+void ietfAttr_list_create_from_string(char *msg, linked_list_t *list)
+{
+ chunk_t line = { msg, strlen(msg) };
+
+ while (eat_whitespace(&line))
+ {
+ chunk_t group;
+
+ /* extract the next comma-separated group attribute */
+ if (!extract_token(&group, ',', &line))
+ {
+ group = line;
+ line.len = 0;
+ }
+
+ /* remove any trailing spaces */
+ while (group.len > 0 && *(group.ptr + group.len - 1) == ' ')
+ {
+ group.len--;
+ }
+
+ /* add the group attribute to the list */
+ if (group.len > 0)
+ {
+ ietfAttr_t *attr = ietfAttr_create(IETF_ATTRIBUTE_STRING, group);
+
+ ietfAttr_add(list, attr);
+ }
+ }
+}
+
+/**
+ * ASN.1 definition of ietfAttrSyntax
+ */
+static const asn1Object_t ietfAttrSyntaxObjects[] =
+{
+ { 0, "ietfAttrSyntax", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "policyAuthority", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_BODY }, /* 1 */
+ { 1, "end opt", ASN1_EOC, ASN1_END }, /* 2 */
+ { 1, "values", ASN1_SEQUENCE, ASN1_LOOP }, /* 3 */
+ { 2, "octets", ASN1_OCTET_STRING, ASN1_OPT |
+ ASN1_BODY }, /* 4 */
+ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 5 */
+ { 2, "oid", ASN1_OID, ASN1_OPT |
+ ASN1_BODY }, /* 6 */
+ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 7 */
+ { 2, "string", ASN1_UTF8STRING, ASN1_OPT |
+ ASN1_BODY }, /* 8 */
+ { 2, "end choice", ASN1_EOC, ASN1_END }, /* 9 */
+ { 1, "end loop", ASN1_EOC, ASN1_END } /* 10 */
+};
+
+#define IETF_ATTR_OCTETS 4
+#define IETF_ATTR_OID 6
+#define IETF_ATTR_STRING 8
+#define IETF_ATTR_ROOF 11
+
+/*
+ * Described in header.
+ */
+void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ asn1_init(&ctx, chunk, level0, FALSE, FALSE);
+
+ while (objectID < IETF_ATTR_ROOF)
+ {
+ if (!extract_object(ietfAttrSyntaxObjects, &objectID, &object, &level, &ctx))
+ {
+ return;
+ }
+
+ switch (objectID)
+ {
+ case IETF_ATTR_OCTETS:
+ case IETF_ATTR_OID:
+ case IETF_ATTR_STRING:
+ {
+ ietfAttribute_t kind = (objectID - IETF_ATTR_OCTETS) / 2;
+ ietfAttr_t *attr = ietfAttr_create(kind, object);
+ ietfAttr_add(list, attr);
+ }
+ break;
+ default:
+ break;
+ }
+ objectID++;
+ }
+}
+
+/*
+ * Described in header.
+ */
+chunk_t ietfAttr_list_encode(linked_list_t *list)
+{
+ chunk_t ietfAttributes;
+ size_t size = 0;
+ u_char *pos;
+ iterator_t *iterator = list->create_iterator(list, TRUE);
+ ietfAttr_t *attr;
+
+ /* precalculate the total size of all values */
+ while (iterator->iterate(iterator, (void **)&attr))
+ {
+ size_t len = attr->value.len;
+
+ size += 1 + (len > 0) + (len >= 128) + (len >= 256) + (len >= 65536) + len;
+ }
+ iterator->destroy(iterator);
+
+ pos = build_asn1_object(&ietfAttributes, ASN1_SEQUENCE, size);
+
+ iterator = list->create_iterator(list, TRUE);
+ while (iterator->iterate(iterator, (void **)&attr))
+ {
+ chunk_t ietfAttribute;
+ asn1_t type = ASN1_NULL;
+
+ switch (attr->kind)
+ {
+ case IETF_ATTRIBUTE_OCTETS:
+ type = ASN1_OCTET_STRING;
+ break;
+ case IETF_ATTRIBUTE_STRING:
+ type = ASN1_UTF8STRING;
+ break;
+ case IETF_ATTRIBUTE_OID:
+ type = ASN1_OID;
+ break;
+ }
+ ietfAttribute = asn1_simple_object(type, attr->value);
+
+ /* copy ietfAttribute into ietfAttributes chunk */
+ memcpy(pos, ietfAttribute.ptr, ietfAttribute.len);
+ pos += ietfAttribute.len;
+ free(ietfAttribute.ptr);
+ }
+ iterator->destroy(iterator);
+
+ return asn1_wrap(ASN1_SEQUENCE, "m", ietfAttributes);
+}
+
+/*
+ * Described in header.
+ */
+void ietfAttr_list_destroy(linked_list_t *list)
+{
+ list->destroy_offset(list, offsetof(ietfAttr_t, destroy));
+}
diff --git a/src/libstrongswan/crypto/ietf_attr_list.h b/src/libstrongswan/crypto/ietf_attr_list.h
new file mode 100644
index 000000000..75407bbf6
--- /dev/null
+++ b/src/libstrongswan/crypto/ietf_attr_list.h
@@ -0,0 +1,89 @@
+/**
+ * @file ietf_attr_list.h
+ *
+ * @brief Handling of ietfAttr_t linked lists
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Andreas Steffen
+ *
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef IETF_ATTR_LIST_H_
+#define IETF_ATTR_LIST_H_
+
+#include <library.h>
+#include <utils/linked_list.h>
+
+
+/**
+ * @brief Compare two linked lists of ietfAttr_t objects for equality
+ *
+ * @param list_a first alphabetically-sorted list
+ * @param list_b second alphabetically-sorted list
+ * @return TRUE if equal
+ *
+ * @ingroup crypto
+ */
+bool ietfAttr_list_equals(linked_list_t *list_a, linked_list_t *list_b);
+
+/**
+ * @brief Lists a linked list of ietfAttr_t objects
+ *
+ * @param list alphabetically-sorted linked list of attributes
+ @param out output file
+ *
+ * @ingroup crypto
+ */
+void ietfAttr_list_list(linked_list_t *list, FILE *out);
+
+/**
+ * @brief Create a linked list of ietfAttr_t objects from a string
+ *
+ * @param msg string with comma-separated group names
+ * @param list alphabetically-sorted linked list of attributes
+ *
+ * @ingroup crypto
+ */
+void ietfAttr_list_create_from_string(char *msg, linked_list_t *list);
+
+/**
+ * @brief Create a linked list of ietfAttr_t objects from an ASN.1-coded chunk
+ *
+ * @param chunk chunk containing ASN.1-coded attributes
+ * @param list alphabetically-sorted linked list of attributes
+ * @param level0 parsing level
+ */
+void ietfAttr_list_create_from_chunk(chunk_t chunk, linked_list_t *list, int level0);
+
+/**
+ * @brief Encode a linked list of ietfAttr_t objects into an ASN.1-coded chunk
+ *
+ * @param list alphabetically-sorted linked list of attributes
+ * @return chunk containing ASN.1-coded attributes
+ */
+chunk_t ietfAttr_list_encode(linked_list_t *list);
+
+/**
+ * @brief Destroys a linked list of ietfAttr_t objects
+ *
+ * @param list list to be destroyed
+ *
+ * @ingroup crypto
+ */
+void ietfAttr_list_destroy(linked_list_t *list);
+
+#endif /* IETF_ATTR_LIST_H_ */
+
diff --git a/src/libstrongswan/crypto/ocsp.c b/src/libstrongswan/crypto/ocsp.c
index 0d8093e4a..e4d907188 100644
--- a/src/libstrongswan/crypto/ocsp.c
+++ b/src/libstrongswan/crypto/ocsp.c
@@ -466,11 +466,11 @@ static chunk_t ocsp_build_request(private_ocsp_t *this)
static bool ocsp_parse_basic_response(chunk_t blob, int level0, response_t *res)
{
u_int level, version;
- u_int extn_oid = OID_UNKNOWN;
asn1_ctx_t ctx;
bool critical;
chunk_t object;
int objectID = 0;
+ int extn_oid = OID_UNKNOWN;
asn1_init(&ctx, blob, level0, FALSE, FALSE);
@@ -546,9 +546,8 @@ static response_status ocsp_parse_response(response_t *res)
chunk_t object;
u_int level;
int objectID = 0;
-
+ int ocspResponseType = OID_UNKNOWN;
response_status rStatus = STATUS_INTERNALERROR;
- u_int ocspResponseType = OID_UNKNOWN;
asn1_init(&ctx, res->chunk, 0, FALSE, FALSE);
@@ -615,6 +614,13 @@ static bool ocsp_valid_response(response_t *res, x509_t *ocsp_cert)
rsa_public_key_t *public_key;
time_t until = UNDEFINED_TIME;
err_t ugh;
+ hash_algorithm_t algorithm = hasher_algorithm_from_oid(res->algorithm);
+
+ if (algorithm == HASH_UNKNOWN)
+ {
+ DBG1("unknown signature algorithm");
+ return FALSE;
+ }
DBG2("verifying ocsp response signature:");
DBG2("signer: '%D'", ocsp_cert->get_subject(ocsp_cert));
@@ -627,8 +633,8 @@ static bool ocsp_valid_response(response_t *res, x509_t *ocsp_cert)
return FALSE;
}
public_key = ocsp_cert->get_public_key(ocsp_cert);
-
- return public_key->verify_emsa_pkcs1_signature(public_key, res->tbs, res->signature) == SUCCESS;
+
+ return public_key->verify_emsa_pkcs1_signature(public_key, algorithm, res->tbs, res->signature) == SUCCESS;
}
/**
diff --git a/src/libstrongswan/crypto/pkcs7.c b/src/libstrongswan/crypto/pkcs7.c
new file mode 100644
index 000000000..70510471a
--- /dev/null
+++ b/src/libstrongswan/crypto/pkcs7.c
@@ -0,0 +1,710 @@
+/**
+ * @file pkcs7.c
+ *
+ * @brief Implementation of pkcs7_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Copyright (C) 2002-2005 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: pkcs7.c 3302 2007-10-12 21:57:20Z andreas $
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include <library.h>
+#include "debug.h"
+
+#include <asn1/asn1.h>
+#include <asn1/oid.h>
+#include <crypto/x509.h>
+#include <crypto/hashers/hasher.h>
+#include <crypto/crypters/crypter.h>
+#include <utils/linked_list.h>
+
+#include "pkcs7.h"
+
+typedef struct private_pkcs7_t private_pkcs7_t;
+
+/**
+ * Private data of a pkcs7_t object.
+ */
+struct private_pkcs7_t {
+ /**
+ * Public interface for this certificate.
+ */
+ pkcs7_t public;
+
+ /**
+ * contentInfo type
+ */
+ int type;
+
+ /**
+ * ASN.1 encoded content
+ */
+ chunk_t content;
+
+ /**
+ * Has the content already been parsed?
+ */
+ bool parsed;
+
+ /**
+ * ASN.1 parsing start level
+ */
+ u_int level;
+
+ /**
+ * retrieved data
+ */
+ chunk_t data;
+
+ /**
+ * ASN.1 encoded attributes
+ */
+ chunk_t attributes;
+
+ /**
+ * Linked list of X.509 certificates
+ */
+ linked_list_t *certs;
+};
+
+/**
+ * ASN.1 definition of the PKCS#7 ContentInfo type
+ */
+static const asn1Object_t contentInfoObjects[] = {
+ { 0, "contentInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "contentType", ASN1_OID, ASN1_BODY }, /* 1 */
+ { 1, "content", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_BODY }, /* 2 */
+ { 1, "end opt", ASN1_EOC, ASN1_END } /* 3 */
+};
+
+#define PKCS7_INFO_TYPE 1
+#define PKCS7_INFO_CONTENT 2
+#define PKCS7_INFO_ROOF 4
+
+/**
+ * ASN.1 definition of the PKCS#7 signedData type
+ */
+static const asn1Object_t signedDataObjects[] = {
+ { 0, "signedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "digestAlgorithms", ASN1_SET, ASN1_LOOP }, /* 2 */
+ { 2, "algorithm", ASN1_EOC, ASN1_RAW }, /* 3 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 4 */
+ { 1, "contentInfo", ASN1_EOC, ASN1_RAW }, /* 5 */
+ { 1, "certificates", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_LOOP }, /* 6 */
+ { 2, "certificate", ASN1_SEQUENCE, ASN1_OBJ }, /* 7 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 8 */
+ { 1, "crls", ASN1_CONTEXT_C_1, ASN1_OPT |
+ ASN1_LOOP }, /* 9 */
+ { 2, "crl", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END }, /* 11 */
+ { 1, "signerInfos", ASN1_SET, ASN1_LOOP }, /* 12 */
+ { 2, "signerInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 13 */
+ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 14 */
+ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 15 */
+ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 16 */
+ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 17 */
+ { 3, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 18 */
+ { 3, "authenticatedAttributes", ASN1_CONTEXT_C_0, ASN1_OPT |
+ ASN1_OBJ }, /* 19 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 20 */
+ { 3, "digestEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 21 */
+ { 3, "encryptedDigest", ASN1_OCTET_STRING, ASN1_BODY }, /* 22 */
+ { 3, "unauthenticatedAttributes", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 23 */
+ { 3, "end opt", ASN1_EOC, ASN1_END }, /* 24 */
+ { 1, "end loop", ASN1_EOC, ASN1_END } /* 25 */
+};
+
+#define PKCS7_DIGEST_ALG 3
+#define PKCS7_SIGNED_CONTENT_INFO 5
+#define PKCS7_SIGNED_CERT 7
+#define PKCS7_SIGNER_INFO 13
+#define PKCS7_SIGNED_ISSUER 16
+#define PKCS7_SIGNED_SERIAL_NUMBER 17
+#define PKCS7_DIGEST_ALGORITHM 18
+#define PKCS7_AUTH_ATTRIBUTES 19
+#define PKCS7_DIGEST_ENC_ALGORITHM 21
+#define PKCS7_ENCRYPTED_DIGEST 22
+#define PKCS7_SIGNED_ROOF 26
+
+/**
+ * ASN.1 definition of the PKCS#7 envelopedData type
+ */
+static const asn1Object_t envelopedDataObjects[] = {
+ { 0, "envelopedData", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "recipientInfos", ASN1_SET, ASN1_LOOP }, /* 2 */
+ { 2, "recipientInfo", ASN1_SEQUENCE, ASN1_BODY }, /* 3 */
+ { 3, "version", ASN1_INTEGER, ASN1_BODY }, /* 4 */
+ { 3, "issuerAndSerialNumber", ASN1_SEQUENCE, ASN1_BODY }, /* 5 */
+ { 4, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
+ { 4, "serial", ASN1_INTEGER, ASN1_BODY }, /* 7 */
+ { 3, "encryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 8 */
+ { 3, "encryptedKey", ASN1_OCTET_STRING, ASN1_BODY }, /* 9 */
+ { 1, "end loop", ASN1_EOC, ASN1_END }, /* 10 */
+ { 1, "encryptedContentInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 11 */
+ { 2, "contentType", ASN1_OID, ASN1_BODY }, /* 12 */
+ { 2, "contentEncryptionAlgorithm", ASN1_EOC, ASN1_RAW }, /* 13 */
+ { 2, "encryptedContent", ASN1_CONTEXT_S_0, ASN1_BODY } /* 14 */
+};
+
+#define PKCS7_ENVELOPED_VERSION 1
+#define PKCS7_RECIPIENT_INFO_VERSION 4
+#define PKCS7_ISSUER 6
+#define PKCS7_SERIAL_NUMBER 7
+#define PKCS7_ENCRYPTION_ALG 8
+#define PKCS7_ENCRYPTED_KEY 9
+#define PKCS7_CONTENT_TYPE 12
+#define PKCS7_CONTENT_ENC_ALGORITHM 13
+#define PKCS7_ENCRYPTED_CONTENT 14
+#define PKCS7_ENVELOPED_ROOF 15
+
+/**
+ * PKCS7 contentInfo OIDs
+ */
+static u_char ASN1_pkcs7_data_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01
+};
+
+static u_char ASN1_pkcs7_signed_data_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02
+};
+
+static u_char ASN1_pkcs7_enveloped_data_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03
+};
+
+static u_char ASN1_pkcs7_signed_enveloped_data_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x04
+};
+
+static u_char ASN1_pkcs7_digested_data_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x05
+};
+
+static char ASN1_pkcs7_encrypted_data_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06
+};
+
+static const chunk_t ASN1_pkcs7_data_oid =
+ chunk_from_buf(ASN1_pkcs7_data_oid_str);
+static const chunk_t ASN1_pkcs7_signed_data_oid =
+ chunk_from_buf(ASN1_pkcs7_signed_data_oid_str);
+static const chunk_t ASN1_pkcs7_enveloped_data_oid =
+ chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str);
+static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid =
+ chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str);
+static const chunk_t ASN1_pkcs7_digested_data_oid =
+ chunk_from_buf(ASN1_pkcs7_digested_data_oid_str);
+static const chunk_t ASN1_pkcs7_encrypted_data_oid =
+ chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
+
+/**
+ * 3DES and DES encryption OIDs
+ */
+static u_char ASN1_3des_ede_cbc_oid_str[] = {
+ 0x06, 0x08,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07
+};
+
+static u_char ASN1_des_cbc_oid_str[] = {
+ 0x06, 0x05,
+ 0x2B, 0x0E, 0x03, 0x02, 0x07
+};
+
+static const chunk_t ASN1_3des_ede_cbc_oid =
+ chunk_from_buf(ASN1_3des_ede_cbc_oid_str);
+static const chunk_t ASN1_des_cbc_oid =
+ chunk_from_buf(ASN1_des_cbc_oid_str);
+
+/**
+ * PKCS#7 attribute type OIDs
+ */
+static u_char ASN1_contentType_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x03
+};
+
+static u_char ASN1_messageDigest_oid_str[] = {
+ 0x06, 0x09,
+ 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x04
+};
+
+static const chunk_t ASN1_contentType_oid =
+ chunk_from_buf(ASN1_contentType_oid_str);
+static const chunk_t ASN1_messageDigest_oid =
+ chunk_from_buf(ASN1_messageDigest_oid_str);
+
+/**
+ * Implements pkcs7_t.is_signedData.
+ */
+static bool is_data(private_pkcs7_t *this)
+{
+ return this->type == OID_PKCS7_DATA;
+}
+
+/**
+ * Implements pkcs7_t.is_signedData.
+ */
+static bool is_signedData(private_pkcs7_t *this)
+{
+ return this->type == OID_PKCS7_SIGNED_DATA;
+}
+
+/**
+ * Implements pkcs7_t.is_signedData.
+ */
+static bool is_envelopedData(private_pkcs7_t *this)
+{
+ return this->type == OID_PKCS7_ENVELOPED_DATA;
+}
+
+/**
+ * Check whether to abort the requested parsing
+ */
+static bool abort_parsing(private_pkcs7_t *this, int type)
+{
+ if (this->type != type)
+ {
+ DBG1("pkcs7 content to be parsed is not of type '%s'",
+ oid_names[type]);
+ return TRUE;
+ }
+ if (this->parsed)
+ {
+ DBG1("pkcs7 content has already been parsed");
+ return TRUE;
+ }
+ this->parsed = TRUE;
+ return FALSE;
+}
+
+/**
+ * Implements pkcs7_t.parse_data.
+ */
+static bool parse_data(private_pkcs7_t *this)
+{
+ chunk_t data = this->content;
+
+ if (abort_parsing(this, OID_PKCS7_DATA))
+ {
+ return FALSE;
+ }
+ if (parse_asn1_simple_object(&data, ASN1_OCTET_STRING, this->level, "data"))
+ {
+ this->data = chunk_clone(data);
+ return TRUE;
+ }
+ else
+ {
+ return FALSE;
+ }
+}
+
+/**
+ * Parse PKCS#7 signedData content
+ */
+static bool parse_signedData(private_pkcs7_t *this, x509_t *cacert)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ int digest_alg = OID_UNKNOWN;
+ int enc_alg = OID_UNKNOWN;
+ int signerInfos = 0;
+
+ chunk_t encrypted_digest = chunk_empty;
+
+ if (abort_parsing(this, OID_PKCS7_SIGNED_DATA))
+ {
+ return FALSE;
+ }
+
+ asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
+
+ while (objectID < PKCS7_SIGNED_ROOF)
+ {
+ if (!extract_object(signedDataObjects, &objectID, &object, &level, &ctx))
+ {
+ return FALSE;
+ }
+
+ switch (objectID)
+ {
+ case PKCS7_DIGEST_ALG:
+ digest_alg = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case PKCS7_SIGNED_CONTENT_INFO:
+ this->data = chunk_clone(object);
+ break;
+ case PKCS7_SIGNED_CERT:
+ {
+ x509_t *cert = x509_create_from_chunk(object, level+1);
+
+ if (cert)
+ {
+ this->certs->insert_last(this->certs, (void*)cert);
+ }
+ }
+ break;
+ case PKCS7_SIGNER_INFO:
+ signerInfos++;
+ DBG2(" signer #%d", signerInfos);
+ break;
+ case PKCS7_SIGNED_ISSUER:
+ {
+ identification_t *issuer;
+
+ issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
+ DBG2(" '%D'", issuer);
+ issuer->destroy(issuer);
+ }
+ break;
+ case PKCS7_AUTH_ATTRIBUTES:
+ this->attributes = object;
+ *this->attributes.ptr = ASN1_SET;
+ break;
+ case PKCS7_DIGEST_ALGORITHM:
+ digest_alg = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case PKCS7_DIGEST_ENC_ALGORITHM:
+ enc_alg = parse_algorithmIdentifier(object, level, NULL);
+ break;
+ case PKCS7_ENCRYPTED_DIGEST:
+ encrypted_digest = object;
+ }
+ objectID++;
+ }
+
+ /* check the signature only if a cacert is available */
+ if (cacert != NULL)
+ {
+ rsa_public_key_t *signer = cacert->get_public_key(cacert);
+ hash_algorithm_t algorithm = hasher_algorithm_from_oid(digest_alg);
+
+ if (signerInfos == 0)
+ {
+ DBG1("no signerInfo object found");
+ return FALSE;
+ }
+ else if (signerInfos > 1)
+ {
+ DBG1("more than one signerInfo object found");
+ return FALSE;
+ }
+ if (this->attributes.ptr == NULL)
+ {
+ DBG1("no authenticatedAttributes object found");
+ return FALSE;
+ }
+ if (enc_alg != OID_RSA_ENCRYPTION)
+ {
+ DBG1("only RSA digest encryption supported");
+ return FALSE;
+ }
+ if (signer->verify_emsa_pkcs1_signature(signer, algorithm,
+ this->attributes, encrypted_digest) != SUCCESS)
+ {
+ DBG1("invalid digest signature");
+ return FALSE;
+ }
+ else
+ {
+ DBG2("digest signature is valid");
+ }
+ }
+ return TRUE;
+}
+
+/**
+ * Parse PKCS#7 envelopedData content
+ */
+static bool parse_envelopedData(private_pkcs7_t *this, chunk_t serialNumber,
+ rsa_private_key_t *key)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ chunk_t iv = chunk_empty;
+ chunk_t symmetric_key = chunk_empty;
+ chunk_t encrypted_content = chunk_empty;
+
+ crypter_t *crypter = NULL;
+
+ if (abort_parsing(this, OID_PKCS7_ENVELOPED_DATA))
+ {
+ return FALSE;
+ }
+
+ asn1_init(&ctx, this->content, this->level, FALSE, FALSE);
+
+ while (objectID < PKCS7_ENVELOPED_ROOF)
+ {
+ if (!extract_object(envelopedDataObjects, &objectID, &object, &level, &ctx))
+ {
+ goto failed;
+ }
+
+ switch (objectID)
+ {
+ case PKCS7_ENVELOPED_VERSION:
+ if (*object.ptr != 0)
+ {
+ DBG1("envelopedData version is not 0");
+ goto failed;
+ }
+ break;
+ case PKCS7_RECIPIENT_INFO_VERSION:
+ if (*object.ptr != 0)
+ {
+ DBG1("recipient info version is not 0");
+ goto failed;
+ }
+ break;
+ case PKCS7_ISSUER:
+ {
+ identification_t *issuer;
+
+ issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
+ DBG2(" '%D'", issuer);
+ issuer->destroy(issuer);
+ }
+ break;
+ case PKCS7_SERIAL_NUMBER:
+ if (!chunk_equals(serialNumber, object))
+ {
+ DBG1("serial numbers do not match");
+ goto failed;
+ }
+ break;
+ case PKCS7_ENCRYPTION_ALG:
+ {
+ int alg = parse_algorithmIdentifier(object, level, NULL);
+
+ if (alg != OID_RSA_ENCRYPTION)
+ {
+ DBG1("only rsa encryption supported");
+ goto failed;
+ }
+ }
+ break;
+ case PKCS7_ENCRYPTED_KEY:
+ if (key->pkcs1_decrypt(key, object, &symmetric_key) != SUCCESS)
+ {
+ DBG1("symmetric key could not be decrypted with rsa");
+ goto failed;
+ }
+ DBG4("symmetric key : %B", &symmetric_key);
+ break;
+ case PKCS7_CONTENT_TYPE:
+ if (known_oid(object) != OID_PKCS7_DATA)
+ {
+ DBG1("encrypted content not of type pkcs7 data");
+ goto failed;
+ }
+ break;
+ case PKCS7_CONTENT_ENC_ALGORITHM:
+ {
+ int alg = parse_algorithmIdentifier(object, level, &iv);
+
+ switch (alg)
+ {
+ case OID_DES_CBC:
+ crypter = crypter_create(ENCR_DES, 0);
+ break;
+ case OID_3DES_EDE_CBC:
+ crypter = crypter_create(ENCR_3DES, 0);
+ break;
+ default:
+ DBG1("Only DES and 3DES supported for symmetric encryption");
+ goto failed;
+ }
+ if (symmetric_key.len != crypter->get_key_size(crypter))
+ {
+ DBG1("symmetric key has wrong length");
+ goto failed;
+ }
+ if (!parse_asn1_simple_object(&iv, ASN1_OCTET_STRING, level+1, "IV"))
+ {
+ DBG1("IV could not be parsed");
+ goto failed;
+ }
+ if (iv.len != crypter->get_block_size(crypter))
+ {
+ DBG1("IV has wrong length");
+ goto failed;
+ }
+ }
+ break;
+ case PKCS7_ENCRYPTED_CONTENT:
+ encrypted_content = object;
+ break;
+ }
+ objectID++;
+ }
+
+ /* decrypt the content */
+ crypter->decrypt(crypter, encrypted_content, iv, &this->data);
+ DBG4("decrypted content with padding: %B", &this->data);
+
+ /* remove the padding */
+ {
+ u_char *pos = this->data.ptr + this->data.len - 1;
+ u_char pattern = *pos;
+ size_t padding = pattern;
+
+ if (padding > this->data.len)
+ {
+ DBG1("padding greater than data length");
+ goto failed;
+ }
+ this->data.len -= padding;
+
+ while (padding-- > 0)
+ {
+ if (*pos-- != pattern)
+ {
+ DBG1("wrong padding pattern");
+ goto failed;
+ }
+ }
+ }
+ crypter->destroy(crypter);
+ free(symmetric_key.ptr);
+ return TRUE;
+
+failed:
+ DESTROY_IF(crypter);
+ free(symmetric_key.ptr);
+ chunk_free(&this->data);
+ return FALSE;
+}
+
+/**
+ * Implements pkcs7_t.get_data
+ */
+static chunk_t get_data(private_pkcs7_t *this)
+{
+ return this->data;
+}
+
+/**
+ * Implements pkcs_t.create_crluri_iterator
+ */
+static iterator_t *create_certificate_iterator(const private_pkcs7_t *this)
+{
+ return this->certs->create_iterator(this->certs, TRUE);
+}
+
+/**
+ * Implements pkcs7_t.destroy
+ */
+static void destroy(private_pkcs7_t *this)
+{
+ this->certs->destroy_offset(this->certs, offsetof(x509_t, destroy));
+ free(this->data.ptr);
+ free(this);
+}
+
+/**
+ * Parse PKCS#7 contentInfo object
+ */
+static bool parse_contentInfo(chunk_t blob, u_int level0, private_pkcs7_t *cInfo)
+{
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+
+ asn1_init(&ctx, blob, level0, FALSE, FALSE);
+
+ while (objectID < PKCS7_INFO_ROOF)
+ {
+ if (!extract_object(contentInfoObjects, &objectID, &object, &level, &ctx))
+ {
+ return FALSE;
+ }
+
+ if (objectID == PKCS7_INFO_TYPE)
+ {
+ cInfo->type = known_oid(object);
+ if (cInfo->type < OID_PKCS7_DATA
+ || cInfo->type > OID_PKCS7_ENCRYPTED_DATA)
+ {
+ DBG1("unknown pkcs7 content type");
+ return FALSE;
+ }
+ }
+ else if (objectID == PKCS7_INFO_CONTENT)
+ {
+ cInfo->content = object;
+ }
+ objectID++;
+ }
+ return TRUE;
+}
+
+/*
+ * Described in header.
+ */
+pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level)
+{
+ private_pkcs7_t *this = malloc_thing(private_pkcs7_t);
+
+ /* initialize */
+ this->type = OID_UNKNOWN;
+ this->content = chunk_empty;
+ this->parsed = FALSE;
+ this->level = level + 2;
+ this->data = chunk_empty;
+ this->attributes = chunk_empty;
+ this->certs = linked_list_create();
+
+ /*public functions */
+ this->public.is_data = (bool (*) (pkcs7_t*))is_data;
+ this->public.is_signedData = (bool (*) (pkcs7_t*))is_signedData;
+ this->public.is_envelopedData = (bool (*) (pkcs7_t*))is_envelopedData;
+ this->public.parse_data = (bool (*) (pkcs7_t*))parse_data;
+ this->public.parse_signedData = (bool (*) (pkcs7_t*,x509_t*))parse_signedData;
+ this->public.parse_envelopedData = (bool (*) (pkcs7_t*,chunk_t,rsa_private_key_t*))parse_envelopedData;
+ this->public.get_data = (chunk_t (*) (pkcs7_t*))get_data;
+ this->public.create_certificate_iterator = (iterator_t* (*) (pkcs7_t*))create_certificate_iterator;
+ this->public.destroy = (void (*) (pkcs7_t*))destroy;
+
+ if (!parse_contentInfo(chunk, level, this))
+ {
+ destroy(this);
+ return NULL;
+ }
+ return &this->public;
+}
diff --git a/src/libstrongswan/crypto/pkcs7.h b/src/libstrongswan/crypto/pkcs7.h
new file mode 100644
index 000000000..c8434225a
--- /dev/null
+++ b/src/libstrongswan/crypto/pkcs7.h
@@ -0,0 +1,132 @@
+/**
+ * @file pkcs7.h
+ *
+ * @brief Interface of pkcs7_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2005 Jan Hutter, Martin Willi
+ * Copyright (C) 2002-2007 Andreas Steffen
+ *
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ *
+ * RCSID $Id: pkcs7.h 3302 2007-10-12 21:57:20Z andreas $
+ */
+
+#ifndef _PKCS7_H
+#define _PKCS7_H
+
+typedef struct pkcs7_t pkcs7_t;
+
+#include <library.h>
+#include <crypto/x509.h>
+#include <crypto/rsa/rsa_private_key.h>
+#include <utils/iterator.h>
+
+/**
+ * @brief PKCS#7 contentInfo object.
+ *
+ * @b Constructors:
+ * -pkcs7_create_from_chunk()
+ *
+ * @ingroup crypto
+ */
+struct pkcs7_t {
+ /**
+ * @brief Check if the PKCS#7 contentType is data
+ *
+ * @param this calling object
+ * @return TRUE if the contentType is data
+ */
+ bool (*is_data) (pkcs7_t *this);
+
+ /**
+ * @brief Check if the PKCS#7 contentType is signedData
+ *
+ * @param this calling object
+ * @return TRUE if the contentType is signedData
+ */
+ bool (*is_signedData) (pkcs7_t *this);
+
+ /**
+ * @brief Check if the PKCS#7 contentType is envelopedData
+ *
+ * @param this calling object
+ * @return TRUE if the contentType is envelopedData
+ */
+ bool (*is_envelopedData) (pkcs7_t *this);
+
+ /**
+ * @brief Parse a PKCS#7 data content.
+ *
+ * @param this calling object
+ * @return TRUE if parsing was successful
+ */
+ bool (*parse_data) (pkcs7_t *this);
+
+ /**
+ * @brief Parse a PKCS#7 signedData content.
+ *
+ * @param this calling object
+ * @param cacert cacert used to verify the signature
+ * @return TRUE if parsing was successful
+ */
+ bool (*parse_signedData) (pkcs7_t *this, x509_t *cacert);
+
+ /**
+ * @brief Parse a PKCS#7 envelopedData content.
+ *
+ * @param this calling object
+ * @param serialNumber serialNumber of the request
+ * @param key RSA private key used to decrypt the symmetric key
+ * @return TRUE if parsing was successful
+ */
+ bool (*parse_envelopedData) (pkcs7_t *this, chunk_t serialNumber, rsa_private_key_t *key);
+
+ /**
+ * @brief Returns the parsed data object
+ *
+ * @param this calling object
+ * @return chunk containing the data object
+ */
+ chunk_t (*get_data) (pkcs7_t *this);
+
+ /**
+ * @brief Create an iterator for the certificates.
+ *
+ * @param this calling object
+ * @return iterator for the certificates
+ */
+ iterator_t *(*create_certificate_iterator) (pkcs7_t *this);
+
+ /**
+ * @brief Destroys the contentInfo object.
+ *
+ * @param this PKCS#7 contentInfo object to destroy
+ */
+ void (*destroy) (pkcs7_t *this);
+};
+
+/**
+ * @brief Read a PKCS#7 contentInfo object from a DER encoded chunk.
+ *
+ * @param chunk chunk containing DER encoded data
+ * @param level ASN.1 parsing start level
+ * @return created pkcs7_contentInfo object, or NULL if invalid.
+ *
+ * @ingroup crypto
+ */
+pkcs7_t *pkcs7_create_from_chunk(chunk_t chunk, u_int level);
+
+#endif /* _PKCS7_H */
diff --git a/src/libstrongswan/crypto/rsa/rsa_private_key.c b/src/libstrongswan/crypto/rsa/rsa_private_key.c
index 5b1647965..ec2f2fc74 100644
--- a/src/libstrongswan/crypto/rsa/rsa_private_key.c
+++ b/src/libstrongswan/crypto/rsa/rsa_private_key.c
@@ -19,6 +19,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: rsa_private_key.c 3306 2007-10-17 02:55:53Z andreas $
*/
#include <gmp.h>
@@ -29,33 +31,21 @@
#include "rsa_public_key.h"
#include "rsa_private_key.h"
+#include <debug.h>
#include <asn1/asn1.h>
#include <asn1/pem.h>
#include <utils/randomizer.h>
/**
- * OIDs for hash algorithms are defined in rsa_public_key.c.
- */
-extern u_int8_t md2_oid[18];
-extern u_int8_t md5_oid[18];
-extern u_int8_t sha1_oid[15];
-extern u_int8_t sha256_oid[19];
-extern u_int8_t sha384_oid[19];
-extern u_int8_t sha512_oid[19];
-
-
-/**
* defined in rsa_public_key.c
*/
extern chunk_t rsa_public_key_info_to_asn1(const mpz_t n, const mpz_t e);
-
/**
* Public exponent to use for key generation.
*/
#define PUBLIC_EXPONENT 0x10001
-
typedef struct private_rsa_private_key_t private_rsa_private_key_t;
/**
@@ -153,23 +143,23 @@ struct private_rsa_private_key_t {
/* ASN.1 definition of a PKCS#1 RSA private key */
static const asn1Object_t privkey_objects[] = {
- { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
- { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
- { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
- { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
- { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
- { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
- { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
- { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
- { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
- { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
- { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
- ASN1_LOOP }, /* 10 */
- { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
- { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
- { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
- { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
- { 1, "end opt or loop", ASN1_EOC, ASN1_END } /* 15 */
+ { 0, "RSAPrivateKey", ASN1_SEQUENCE, ASN1_NONE }, /* 0 */
+ { 1, "version", ASN1_INTEGER, ASN1_BODY }, /* 1 */
+ { 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 2 */
+ { 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 3 */
+ { 1, "privateExponent", ASN1_INTEGER, ASN1_BODY }, /* 4 */
+ { 1, "prime1", ASN1_INTEGER, ASN1_BODY }, /* 5 */
+ { 1, "prime2", ASN1_INTEGER, ASN1_BODY }, /* 6 */
+ { 1, "exponent1", ASN1_INTEGER, ASN1_BODY }, /* 7 */
+ { 1, "exponent2", ASN1_INTEGER, ASN1_BODY }, /* 8 */
+ { 1, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 9 */
+ { 1, "otherPrimeInfos", ASN1_SEQUENCE, ASN1_OPT |
+ ASN1_LOOP }, /* 10 */
+ { 2, "otherPrimeInfo", ASN1_SEQUENCE, ASN1_NONE }, /* 11 */
+ { 3, "prime", ASN1_INTEGER, ASN1_BODY }, /* 12 */
+ { 3, "exponent", ASN1_INTEGER, ASN1_BODY }, /* 13 */
+ { 3, "coefficient", ASN1_INTEGER, ASN1_BODY }, /* 14 */
+ { 1, "end opt or loop", ASN1_EOC, ASN1_END } /* 15 */
};
#define PRIV_KEY_VERSION 1
@@ -186,6 +176,26 @@ static const asn1Object_t privkey_objects[] = {
static private_rsa_private_key_t *rsa_private_key_create_empty(void);
/**
+ * Auxiliary function overwriting private key material with
+ * pseudo-random bytes before releasing it
+ */
+static void mpz_clear_randomized(mpz_t z)
+{
+ size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE;
+ u_int8_t *random_bytes = alloca(len);
+
+ randomizer_t *randomizer = randomizer_create();
+
+ randomizer->get_pseudo_random_bytes(randomizer, len, random_bytes);
+
+ /* overwrite mpz_t with pseudo-random bytes before clearing it */
+ mpz_import(z, len, 1, 1, 1, 0, random_bytes);
+ mpz_clear(z);
+
+ randomizer->destroy(randomizer);
+}
+
+/**
* Implementation of private_rsa_private_key_t.compute_prime.
*/
static status_t compute_prime(private_rsa_private_key_t *this, size_t prime_size, mpz_t *prime)
@@ -216,7 +226,8 @@ static status_t compute_prime(private_rsa_private_key_t *this, size_t prime_size
/* get next prime */
mpz_nextprime (*prime, *prime);
- free(random_bytes.ptr);
+ /* free the random_bytes after overwriting them with a pseudo-random sequence */
+ chunk_free_randomized(&random_bytes);
}
/* check if it isnt too large */
while (((mpz_sizeinbase(*prime, 2) + 7) / 8) > prime_size);
@@ -251,59 +262,96 @@ static chunk_t rsadp(private_rsa_private_key_t *this, chunk_t data)
decrypted.len = this->k;
decrypted.ptr = mpz_export(NULL, NULL, 1, decrypted.len, 1, 0, t1);
- mpz_clear(t1);
- mpz_clear(t2);
+ mpz_clear_randomized(t1);
+ mpz_clear_randomized(t2);
return decrypted;
}
/**
- * Implementation of rsa_private_key.build_emsa_signature.
+ * Implementation of rsa_private_key_t.eme_pkcs1_decrypt.
*/
-static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature)
+static status_t pkcs1_decrypt(private_rsa_private_key_t *this,
+ chunk_t in, chunk_t *out)
+{
+ status_t status = FAILED;
+ chunk_t em, em_ori;
+
+ /* decrypt the input data */
+ em = em_ori = this->rsadp(this, in);
+
+ /* PKCS#1 v1.5 EME encryption formatting
+ * EM = 00 || 02 || PS || 00 || M
+ * PS = pseudo-random nonzero octets
+ */
+
+ /* check for magic bytes */
+ if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x02)
+ {
+ DBG1("incorrect padding - probably wrong RSA key");
+ goto end;
+ }
+ em.ptr += 2;
+ em.len -= 2;
+
+ /* the plaintext data starts after first 0x00 byte */
+ while (em.len-- > 0 && *em.ptr++ != 0x00);
+
+ if (em.len == 0)
+ {
+ DBG1("no plaintext data found");
+ goto end;
+ }
+
+ *out = chunk_clone(em);
+ status = SUCCESS;
+
+end:
+ free(em_ori.ptr);
+ return status;
+}
+
+/**
+ * Implementation of rsa_private_key_t.build_emsa_pkcs1_signature.
+ */
+static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this,
+ hash_algorithm_t hash_algorithm,
+ chunk_t data, chunk_t *signature)
{
hasher_t *hasher;
- chunk_t hash;
- chunk_t em;
- chunk_t oid;
+ chunk_t em, digestInfo, hash_id, hash;
/* get oid string prepended to hash */
switch (hash_algorithm)
{
case HASH_MD2:
{
- oid.ptr = md2_oid;
- oid.len = sizeof(md2_oid);
+ hash_id =ASN1_md2_id;
break;
}
case HASH_MD5:
{
- oid.ptr = md5_oid;
- oid.len = sizeof(md5_oid);
+ hash_id = ASN1_md5_id;
break;
}
case HASH_SHA1:
{
- oid.ptr = sha1_oid;
- oid.len = sizeof(sha1_oid);
+ hash_id = ASN1_sha1_id;
break;
}
case HASH_SHA256:
{
- oid.ptr = sha256_oid;
- oid.len = sizeof(sha256_oid);
+ hash_id = ASN1_sha256_id;
break;
}
case HASH_SHA384:
{
- oid.ptr = sha384_oid;
- oid.len = sizeof(sha384_oid);
+ hash_id = ASN1_sha384_id;
break;
}
case HASH_SHA512:
{
- oid.ptr = sha512_oid;
- oid.len = sizeof(sha512_oid);
+ hash_id = ASN1_sha512_id;
break;
}
default:
@@ -323,10 +371,17 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash
hasher->allocate_hash(hasher, data, &hash);
hasher->destroy(hasher);
+ /* build DER-encoded digestInfo */
+ digestInfo = asn1_wrap(ASN1_SEQUENCE, "cm",
+ hash_id,
+ asn1_simple_object(ASN1_OCTET_STRING, hash)
+ );
+ chunk_free(&hash);
+
/* build chunk to rsa-decrypt:
* EM = 0x00 || 0x01 || PS || 0x00 || T.
* PS = 0xFF padding, with length to fill em
- * T = oid || hash
+ * T = encoded_hash
*/
em.len = this->k;
em.ptr = malloc(em.len);
@@ -336,78 +391,44 @@ static status_t build_emsa_pkcs1_signature(private_rsa_private_key_t *this, hash
/* set magic bytes */
*(em.ptr) = 0x00;
*(em.ptr+1) = 0x01;
- *(em.ptr + em.len - hash.len - oid.len - 1) = 0x00;
- /* set hash */
- memcpy(em.ptr + em.len - hash.len, hash.ptr, hash.len);
- /* set oid */
- memcpy(em.ptr + em.len - hash.len - oid.len, oid.ptr, oid.len);
-
+ *(em.ptr + em.len - digestInfo.len - 1) = 0x00;
+ /* set DER-encoded hash */
+ memcpy(em.ptr + em.len - digestInfo.len, digestInfo.ptr, digestInfo.len);
+
/* build signature */
*signature = this->rsasp1(this, em);
- free(hash.ptr);
+ free(digestInfo.ptr);
free(em.ptr);
return SUCCESS;
}
/**
- * Implementation of rsa_private_key.get_key.
+ * Implementation of rsa_private_key_t.pkcs1_write.
*/
-static status_t get_key(private_rsa_private_key_t *this, chunk_t *key)
-{
- chunk_t n, e, p, q, d, exp1, exp2, coeff;
-
- n.len = this->k;
- n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
- e.len = this->k;
- e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
- p.len = this->k;
- p.ptr = mpz_export(NULL, NULL, 1, p.len, 1, 0, this->p);
- q.len = this->k;
- q.ptr = mpz_export(NULL, NULL, 1, q.len, 1, 0, this->q);
- d.len = this->k;
- d.ptr = mpz_export(NULL, NULL, 1, d.len, 1, 0, this->d);
- exp1.len = this->k;
- exp1.ptr = mpz_export(NULL, NULL, 1, exp1.len, 1, 0, this->exp1);
- exp2.len = this->k;
- exp2.ptr = mpz_export(NULL, NULL, 1, exp2.len, 1, 0, this->exp2);
- coeff.len = this->k;
- coeff.ptr = mpz_export(NULL, NULL, 1, coeff.len, 1, 0, this->coeff);
-
- key->len = this->k * 8;
- key->ptr = malloc(key->len);
- memcpy(key->ptr + this->k * 0, n.ptr , n.len);
- memcpy(key->ptr + this->k * 1, e.ptr, e.len);
- memcpy(key->ptr + this->k * 2, p.ptr, p.len);
- memcpy(key->ptr + this->k * 3, q.ptr, q.len);
- memcpy(key->ptr + this->k * 4, d.ptr, d.len);
- memcpy(key->ptr + this->k * 5, exp1.ptr, exp1.len);
- memcpy(key->ptr + this->k * 6, exp2.ptr, exp2.len);
- memcpy(key->ptr + this->k * 7, coeff.ptr, coeff.len);
-
- free(n.ptr);
- free(e.ptr);
- free(p.ptr);
- free(q.ptr);
- free(d.ptr);
- free(exp1.ptr);
- free(exp2.ptr);
- free(coeff.ptr);
-
- return SUCCESS;
-}
-
-/**
- * Implementation of rsa_private_key.save_key.
- */
-static status_t save_key(private_rsa_private_key_t *this, char *file)
+static bool pkcs1_write(private_rsa_private_key_t *this, const char *filename, bool force)
{
- return NOT_SUPPORTED;
+ bool status;
+
+ chunk_t pkcs1 = asn1_wrap(ASN1_SEQUENCE, "cmmmmmmmm",
+ ASN1_INTEGER_0,
+ asn1_integer_from_mpz(this->n),
+ asn1_integer_from_mpz(this->e),
+ asn1_integer_from_mpz(this->d),
+ asn1_integer_from_mpz(this->p),
+ asn1_integer_from_mpz(this->q),
+ asn1_integer_from_mpz(this->exp1),
+ asn1_integer_from_mpz(this->exp2),
+ asn1_integer_from_mpz(this->coeff));
+
+ status = chunk_write(pkcs1, filename, "pkcs1", 0066, force);
+ chunk_free_randomized(&pkcs1);
+ return status;
}
/**
- * Implementation of rsa_private_key.get_public_key.
+ * Implementation of rsa_private_key_t.get_public_key.
*/
rsa_public_key_t *get_public_key(private_rsa_private_key_t *this)
{
@@ -510,47 +531,26 @@ static status_t check(private_rsa_private_key_t *this)
status = FAILED;
}
- mpz_clear(t);
- mpz_clear(u);
- mpz_clear(q1);
+ mpz_clear_randomized(t);
+ mpz_clear_randomized(u);
+ mpz_clear_randomized(q1);
return status;
}
/**
- * Implementation of rsa_private_key.clone.
- */
-static rsa_private_key_t* _clone(private_rsa_private_key_t *this)
-{
- private_rsa_private_key_t *clone = rsa_private_key_create_empty();
-
- mpz_init_set(clone->n, this->n);
- mpz_init_set(clone->e, this->e);
- mpz_init_set(clone->p, this->p);
- mpz_init_set(clone->q, this->q);
- mpz_init_set(clone->d, this->d);
- mpz_init_set(clone->exp1, this->exp1);
- mpz_init_set(clone->exp2, this->exp2);
- mpz_init_set(clone->coeff, this->coeff);
- clone->keyid = chunk_clone(this->keyid);
- clone->k = this->k;
-
- return &clone->public;
-}
-
-/**
* Implementation of rsa_private_key.destroy.
*/
static void destroy(private_rsa_private_key_t *this)
{
- mpz_clear(this->n);
- mpz_clear(this->e);
- mpz_clear(this->p);
- mpz_clear(this->q);
- mpz_clear(this->d);
- mpz_clear(this->exp1);
- mpz_clear(this->exp2);
- mpz_clear(this->coeff);
- free(this->keyid.ptr);
+ mpz_clear_randomized(this->n);
+ mpz_clear_randomized(this->e);
+ mpz_clear_randomized(this->p);
+ mpz_clear_randomized(this->q);
+ mpz_clear_randomized(this->d);
+ mpz_clear_randomized(this->exp1);
+ mpz_clear_randomized(this->exp2);
+ mpz_clear_randomized(this->coeff);
+ chunk_free_randomized(&this->keyid);
free(this);
}
@@ -562,12 +562,11 @@ static private_rsa_private_key_t *rsa_private_key_create_empty(void)
private_rsa_private_key_t *this = malloc_thing(private_rsa_private_key_t);
/* public functions */
+ this->public.pkcs1_decrypt = (status_t (*) (rsa_private_key_t*,chunk_t,chunk_t*))pkcs1_decrypt;
this->public.build_emsa_pkcs1_signature = (status_t (*) (rsa_private_key_t*,hash_algorithm_t,chunk_t,chunk_t*))build_emsa_pkcs1_signature;
- this->public.get_key = (status_t (*) (rsa_private_key_t*,chunk_t*))get_key;
- this->public.save_key = (status_t (*) (rsa_private_key_t*,char*))save_key;
- this->public.get_public_key = (rsa_public_key_t *(*) (rsa_private_key_t*))get_public_key;
+ this->public.pkcs1_write = (bool (*) (rsa_private_key_t*,const char*,bool))pkcs1_write;
+ this->public.get_public_key = (rsa_public_key_t* (*) (rsa_private_key_t*))get_public_key;
this->public.belongs_to = (bool (*) (rsa_private_key_t*,rsa_public_key_t*))belongs_to;
- this->public.clone = (rsa_private_key_t*(*)(rsa_private_key_t*))_clone;
this->public.destroy = (void (*) (rsa_private_key_t*))destroy;
/* private functions */
@@ -575,6 +574,8 @@ static private_rsa_private_key_t *rsa_private_key_create_empty(void)
this->rsasp1 = rsadp; /* same algorithm */
this->compute_prime = compute_prime;
+ this->keyid = chunk_empty;
+
return this;
}
@@ -613,9 +614,7 @@ rsa_private_key_t *rsa_private_key_create(size_t key_size)
/* Swapping Primes so p is larger then q */
if (mpz_cmp(p, q) < 0)
{
- mpz_set(t, p);
- mpz_set(p, q);
- mpz_set(q, t);
+ mpz_swap(p, q);
}
mpz_mul(n, p, q); /* n = p*q */
@@ -645,9 +644,9 @@ rsa_private_key_t *rsa_private_key_create(size_t key_size)
mpz_add(coeff, coeff, p);
}
- mpz_clear(q1);
- mpz_clear(m);
- mpz_clear(t);
+ mpz_clear_randomized(q1);
+ mpz_clear_randomized(m);
+ mpz_clear_randomized(t);
/* apply values */
*(this->p) = *p;
@@ -733,7 +732,7 @@ rsa_private_key_t *rsa_private_key_create_from_chunk(chunk_t blob)
objectID++;
}
- this->k = (mpz_sizeinbase(this->n, 2) + 7) / 8;
+ this->k = (mpz_sizeinbase(this->n, 2) + 7) / BITS_PER_BYTE;
/* form the keyid as a SHA-1 hash of a publicKeyInfo object */
{
@@ -769,6 +768,6 @@ rsa_private_key_t *rsa_private_key_create_from_file(char *filename, chunk_t *pas
return NULL;
key = rsa_private_key_create_from_chunk(chunk);
- free(chunk.ptr);
+ chunk_free_randomized(&chunk);
return key;
}
diff --git a/src/libstrongswan/crypto/rsa/rsa_private_key.h b/src/libstrongswan/crypto/rsa/rsa_private_key.h
index 9ec07704e..e5cf49810 100644
--- a/src/libstrongswan/crypto/rsa/rsa_private_key.h
+++ b/src/libstrongswan/crypto/rsa/rsa_private_key.h
@@ -19,6 +19,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: rsa_private_key.h 3296 2007-10-12 15:23:29Z andreas $
*/
#ifndef RSA_PRIVATE_KEY_H_
@@ -42,13 +44,24 @@ typedef struct rsa_private_key_t rsa_private_key_t;
*
* @see rsa_public_key_t
*
- * @todo Implement get_key(), save_key(), get_public_key()
- *
* @ingroup rsa
*/
struct rsa_private_key_t {
/**
+ * @brief Decrypt a data block based on EME-PKCS1 encoding.
+ *
+ *
+ * @param this calling object
+ * @param data encrypted input data
+ * @param out decrypted output data
+ * @return
+ * - SUCCESS
+ * - FAILED if padding is not correct
+ */
+ status_t (*pkcs1_decrypt) (rsa_private_key_t *this, chunk_t in, chunk_t *out);
+
+ /**
* @brief Build a signature over a chunk using EMSA-PKCS1 encoding.
*
* This signature creates a hash using the specified hash algorithm, concatenates
@@ -67,45 +80,17 @@ struct rsa_private_key_t {
status_t (*build_emsa_pkcs1_signature) (rsa_private_key_t *this, hash_algorithm_t hash_algorithm, chunk_t data, chunk_t *signature);
/**
- * @brief Gets the key.
- *
- * UNIMPLEMENTED!
- *
+ * @brief Writes an RSA private key to a file in PKCS#1 format.
+ *
* @param this calling object
- * @param key key (in a propriarity format)
- * @return
- * - SUCCESS
- * - INVALID_STATE, if key not set
+ * @param filename file to which the key should be written.
+ * @param force if TRUE overwrite existing file
+ * @return TRUE if successful - FALSE otherwise
*/
- status_t (*get_key) (rsa_private_key_t *this, chunk_t *key);
+ bool (*pkcs1_write) (rsa_private_key_t *this, const char *filename, bool force);
/**
- * @brief Saves a key to a file.
- *
- * Not implemented!
- *
- * @param this calling object
- * @param file file to which the key should be written.
- * @return NOT_SUPPORTED
- */
- status_t (*save_key) (rsa_private_key_t *this, char *file);
-
- /**
- * @brief Generate a new key.
- *
- * Generates a new private_key with specified key size
- *
- * @param this calling object
- * @param key_size size of the key in bits
- * @return
- * - SUCCESS
- * - INVALID_ARG if key_size invalid
- */
- status_t (*generate_key) (rsa_private_key_t *this, size_t key_size);
-
- /**
- * @brief Create a rsa_public_key_t with the public
- * parts of the key.
+ * @brief Create a rsa_public_key_t with the public part of the key.
*
* @param this calling object
* @return public_key
@@ -125,14 +110,6 @@ struct rsa_private_key_t {
bool (*belongs_to) (rsa_private_key_t *this, rsa_public_key_t *public);
/**
- * @brief Clone the private key.
- *
- * @param this private key to clone
- * @return clone of this
- */
- rsa_private_key_t *(*clone) (rsa_private_key_t *this);
-
- /**
* @brief Destroys the private key.
*
* @param this private key to destroy
diff --git a/src/libstrongswan/crypto/rsa/rsa_public_key.c b/src/libstrongswan/crypto/rsa/rsa_public_key.c
index 38899670f..6f2158d2b 100644
--- a/src/libstrongswan/crypto/rsa/rsa_public_key.c
+++ b/src/libstrongswan/crypto/rsa/rsa_public_key.c
@@ -19,6 +19,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: rsa_public_key.c 3303 2007-10-12 22:49:39Z andreas $
*/
#include <gmp.h>
@@ -29,74 +31,13 @@
#include "rsa_public_key.h"
+#include <debug.h>
#include <crypto/hashers/hasher.h>
#include <asn1/asn1.h>
#include <asn1/pem.h>
-/*
- * For simplicity, we use these predefined values for hash algorithm OIDs
- * These also contain the length of the appended hash
- * These values are also used in rsa_private_key.c.
- */
-
-const u_int8_t md2_oid[] = {
- 0x30,0x20,
- 0x30,0x0c,
- 0x06,0x08,
- 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x02,
- 0x05,0x00,
- 0x04,0x10
-};
-
-const u_int8_t md5_oid[] = {
- 0x30,0x20,
- 0x30,0x0c,
- 0x06,0x08,
- 0x2a,0x86,0x48,0x86,0xf7,0x0d,0x02,0x05,
- 0x05,0x00,
- 0x04,0x10
-};
-
-const u_int8_t sha1_oid[] = {
- 0x30,0x21,
- 0x30,0x09,
- 0x06,0x05,
- 0x2b,0x0e,0x03,0x02,0x1a,
- 0x05,0x00,
- 0x04,0x14
-};
-
-const u_int8_t sha256_oid[] = {
- 0x30,0x31,
- 0x30,0x0d,
- 0x06,0x09,
- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x01,
- 0x05,0x00,
- 0x04,0x20
-};
-
-const u_int8_t sha384_oid[] = {
- 0x30,0x41,
- 0x30,0x0d,
- 0x06,0x09,
- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x02,
- 0x05,0x00,
- 0x04,0x30
-};
-
-const u_int8_t sha512_oid[] = {
- 0x30,0x51,
- 0x30,0x0d,
- 0x06,0x09,
- 0x60,0x86,0x48,0x01,0x65,0x03,0x04,0x02,0x03,
- 0x05,0x00,
- 0x04,0x40
-};
-
-#define LARGEST_HASH_OID_SIZE sizeof(sha512_oid)
-
-/* ASN.1 definition public key */
-static const asn1Object_t pubkey_objects[] = {
+/* ASN.1 definition of RSApublicKey */
+static const asn1Object_t pubkeyObjects[] = {
{ 0, "RSAPublicKey", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
{ 1, "modulus", ASN1_INTEGER, ASN1_BODY }, /* 1 */
{ 1, "publicExponent", ASN1_INTEGER, ASN1_BODY }, /* 2 */
@@ -107,6 +48,18 @@ static const asn1Object_t pubkey_objects[] = {
#define PUB_KEY_EXPONENT 2
#define PUB_KEY_ROOF 3
+/* ASN.1 definition of digestInfo */
+static const asn1Object_t digestInfoObjects[] = {
+ { 0, "digestInfo", ASN1_SEQUENCE, ASN1_OBJ }, /* 0 */
+ { 1, "digestAlgorithm", ASN1_EOC, ASN1_RAW }, /* 1 */
+ { 1, "digest", ASN1_OCTET_STRING, ASN1_BODY }, /* 2 */
+};
+
+#define DIGEST_INFO 0
+#define DIGEST_INFO_ALGORITHM 1
+#define DIGEST_INFO_DIGEST 2
+#define DIGEST_INFO_ROOF 3
+
typedef struct private_rsa_public_key_t private_rsa_public_key_t;
/**
@@ -186,12 +139,11 @@ static chunk_t rsaep(const private_rsa_public_key_t *this, chunk_t data)
/**
* Implementation of rsa_public_key.verify_emsa_pkcs1_signature.
*/
-static status_t verify_emsa_pkcs1_signature(const private_rsa_public_key_t *this, chunk_t data, chunk_t signature)
+static status_t verify_emsa_pkcs1_signature(const private_rsa_public_key_t *this,
+ hash_algorithm_t algorithm,
+ chunk_t data, chunk_t signature)
{
- hasher_t *hasher = NULL;
- chunk_t hash;
- chunk_t em;
- u_int8_t *pos;
+ chunk_t em_ori, em;
status_t res = FAILED;
/* remove any preceding 0-bytes from signature */
@@ -207,7 +159,7 @@ static status_t verify_emsa_pkcs1_signature(const private_rsa_public_key_t *this
}
/* unpack signature */
- em = this->rsavp1(this, signature);
+ em_ori = em = this->rsavp1(this, signature);
/* result should look like this:
* EM = 0x00 || 0x01 || PS || 0x00 || T.
@@ -216,141 +168,160 @@ static status_t verify_emsa_pkcs1_signature(const private_rsa_public_key_t *this
*/
/* check magic bytes */
- if ((*(em.ptr) != 0x00) || (*(em.ptr+1) != 0x01))
+ if (*(em.ptr) != 0x00 || *(em.ptr+1) != 0x01)
{
+ DBG2("incorrect padding - probably wrong RSA key");
goto end;
}
+ em.ptr += 2;
+ em.len -= 2;
/* find magic 0x00 */
- pos = em.ptr + 2;
- while (pos <= em.ptr + em.len)
+ while (em.len > 0)
{
- if (*pos == 0x00)
+ if (*em.ptr == 0x00)
{
/* found magic byte, stop */
- pos++;
+ em.ptr++;
+ em.len--;
break;
}
- else if (*pos != 0xFF)
+ else if (*em.ptr != 0xFF)
{
/* bad padding, decryption failed ?!*/
goto end;
}
- pos++;
+ em.ptr++;
+ em.len--;
}
- if (pos + LARGEST_HASH_OID_SIZE > em.ptr + em.len)
- {
- /* not enought room for oid compare */
- goto end;
- }
-
- if (memeq(md2_oid, pos, sizeof(md2_oid)))
- {
- hasher = hasher_create(HASH_MD2);
- pos += sizeof(md2_oid);
- }
- else if (memeq(md5_oid, pos, sizeof(md5_oid)))
+ if (em.len == 0)
{
- hasher = hasher_create(HASH_MD5);
- pos += sizeof(md5_oid);
- }
- else if (memeq(sha1_oid, pos, sizeof(sha1_oid)))
- {
- hasher = hasher_create(HASH_SHA1);
- pos += sizeof(sha1_oid);
- }
- else if (memeq(sha256_oid, pos, sizeof(sha256_oid)))
- {
- hasher = hasher_create(HASH_SHA256);
- pos += sizeof(sha256_oid);
- }
- else if (memeq(sha384_oid, pos, sizeof(sha384_oid)))
- {
- hasher = hasher_create(HASH_SHA384);
- pos += sizeof(sha384_oid);
- }
- else if (memeq(sha512_oid, pos, sizeof(sha512_oid)))
- {
- hasher = hasher_create(HASH_SHA512);
- pos += sizeof(sha512_oid);
- }
-
- if (hasher == NULL)
- {
- /* unsupported hash algorithm */
- res = NOT_SUPPORTED;;
+ /* no digestInfo found */
goto end;
}
-
- if (pos + hasher->get_hash_size(hasher) != em.ptr + em.len)
+
+ /* parse ASN.1-based digestInfo */
{
- /* bad length */
- hasher->destroy(hasher);
- goto end;
+ asn1_ctx_t ctx;
+ chunk_t object;
+ u_int level;
+ int objectID = 0;
+ hash_algorithm_t hash_algorithm = HASH_UNKNOWN;
+
+ asn1_init(&ctx, em, 0, FALSE, FALSE);
+
+ while (objectID < DIGEST_INFO_ROOF)
+ {
+ if (!extract_object(digestInfoObjects, &objectID, &object, &level, &ctx))
+ {
+ goto end;
+ }
+ switch (objectID)
+ {
+ case DIGEST_INFO:
+ if (em.len > object.len)
+ {
+ DBG1("digestInfo field in signature is followed by %u surplus bytes",
+ em.len - object.len);
+ goto end;
+ }
+ break;
+ case DIGEST_INFO_ALGORITHM:
+ {
+ int hash_oid = parse_algorithmIdentifier(object, level+1, NULL);
+
+ hash_algorithm = hasher_algorithm_from_oid(hash_oid);
+ if (hash_algorithm == HASH_UNKNOWN
+ || (algorithm != HASH_UNKNOWN && hash_algorithm != algorithm))
+ {
+ DBG1("wrong hash algorithm used in signature");
+ goto end;
+ }
+ }
+ break;
+ case DIGEST_INFO_DIGEST:
+ {
+ chunk_t hash;
+ hasher_t *hasher = hasher_create(hash_algorithm);
+
+ if (object.len != hasher->get_hash_size(hasher))
+ {
+ DBG1("hash size in signature is %u bytes instead of %u bytes",
+ object.len, hasher->get_hash_size(hasher));
+ hasher->destroy(hasher);
+ goto end;
+ }
+
+ /* build our own hash */
+ hasher->allocate_hash(hasher, data, &hash);
+ hasher->destroy(hasher);
+
+ /* compare the hashes */
+ res = memeq(object.ptr, hash.ptr, hash.len) ? SUCCESS : FAILED;
+ free(hash.ptr);
+ }
+ break;
+ default:
+ break;
+ }
+ objectID++;
+ }
}
-
- /* build our own hash */
- hasher->allocate_hash(hasher, data, &hash);
- hasher->destroy(hasher);
-
- /* compare the hashes */
- res = memeq(hash.ptr, pos, hash.len) ? SUCCESS : FAILED;
- free(hash.ptr);
end:
- free(em.ptr);
+ free(em_ori.ptr);
return res;
}
-
+
+
/**
- * Implementation of rsa_public_key.get_key.
+ * Implementation of rsa_public_key_t.get_modulus.
*/
-static status_t get_key(const private_rsa_public_key_t *this, chunk_t *key)
-{
- chunk_t n, e;
-
- n.len = this->k;
- n.ptr = mpz_export(NULL, NULL, 1, n.len, 1, 0, this->n);
- e.len = this->k;
- e.ptr = mpz_export(NULL, NULL, 1, e.len, 1, 0, this->e);
-
- key->len = this->k * 2;
- key->ptr = malloc(key->len);
- memcpy(key->ptr, n.ptr, n.len);
- memcpy(key->ptr + n.len, e.ptr, e.len);
- free(n.ptr);
- free(e.ptr);
-
- return SUCCESS;
+static mpz_t *get_modulus(const private_rsa_public_key_t *this)
+{
+ return (mpz_t*)&this->n;
}
/**
- * Implementation of rsa_public_key.save_key.
+ * Implementation of rsa_public_key_t.get_keysize.
*/
-static status_t save_key(const private_rsa_public_key_t *this, char *file)
+static size_t get_keysize(const private_rsa_public_key_t *this)
{
- return NOT_SUPPORTED;
+ return this->k;
}
/**
- * Implementation of rsa_public_key.get_modulus.
+ * Build a DER-encoded publicKeyInfo object from an RSA public key.
+ * Also used in rsa_private_key.c.
*/
-static mpz_t *get_modulus(const private_rsa_public_key_t *this)
+chunk_t rsa_public_key_info_to_asn1(const mpz_t n, const mpz_t e)
{
- return (mpz_t*)&this->n;
+ chunk_t rawKey = asn1_wrap(ASN1_SEQUENCE, "mm",
+ asn1_integer_from_mpz(n),
+ asn1_integer_from_mpz(e));
+ chunk_t publicKey;
+
+ u_char *pos = build_asn1_object(&publicKey, ASN1_BIT_STRING, 1 + rawKey.len);
+
+ *pos++ = 0x00;
+ memcpy(pos, rawKey.ptr, rawKey.len);
+ free(rawKey.ptr);
+
+ return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_rsaEncryption_id,
+ publicKey);
}
/**
- * Implementation of rsa_public_key.get_keysize.
+ * Implementation of rsa_public_key_t.get_publicKeyInfo.
*/
-static size_t get_keysize(const private_rsa_public_key_t *this)
+static chunk_t get_publicKeyInfo(const private_rsa_public_key_t *this)
{
- return this->k;
+ return rsa_public_key_info_to_asn1(this->n, this->e);
}
/**
- * Implementation of rsa_public_key.get_keyid.
+ * Implementation of rsa_public_key_t.get_keyid.
*/
static chunk_t get_keyid(const private_rsa_public_key_t *this)
{
@@ -358,7 +329,7 @@ static chunk_t get_keyid(const private_rsa_public_key_t *this)
}
/**
- * Implementation of rsa_public_key.clone.
+ * Implementation of rsa_public_key_t.clone.
*/
static rsa_public_key_t* _clone(const private_rsa_public_key_t *this)
{
@@ -373,7 +344,7 @@ static rsa_public_key_t* _clone(const private_rsa_public_key_t *this)
}
/**
- * Implementation of rsa_public_key.destroy.
+ * Implementation of rsa_public_key_t.destroy.
*/
static void destroy(private_rsa_public_key_t *this)
{
@@ -391,11 +362,10 @@ private_rsa_public_key_t *rsa_public_key_create_empty(void)
private_rsa_public_key_t *this = malloc_thing(private_rsa_public_key_t);
/* public functions */
- this->public.verify_emsa_pkcs1_signature = (status_t (*) (const rsa_public_key_t*,chunk_t,chunk_t))verify_emsa_pkcs1_signature;
- this->public.get_key = (status_t (*) (const rsa_public_key_t*,chunk_t*))get_key;
- this->public.save_key = (status_t (*) (const rsa_public_key_t*,char*))save_key;
+ this->public.verify_emsa_pkcs1_signature = (status_t (*) (const rsa_public_key_t*,hash_algorithm_t,chunk_t,chunk_t))verify_emsa_pkcs1_signature;
this->public.get_modulus = (mpz_t *(*) (const rsa_public_key_t*))get_modulus;
this->public.get_keysize = (size_t (*) (const rsa_public_key_t*))get_keysize;
+ this->public.get_publicKeyInfo = (chunk_t (*) (const rsa_public_key_t*))get_publicKeyInfo;
this->public.get_keyid = (chunk_t (*) (const rsa_public_key_t*))get_keyid;
this->public.clone = (rsa_public_key_t* (*) (const rsa_public_key_t*))_clone;
this->public.destroy = (void (*) (rsa_public_key_t*))destroy;
@@ -407,27 +377,6 @@ private_rsa_public_key_t *rsa_public_key_create_empty(void)
return this;
}
-/**
- * Build a DER-encoded publicKeyInfo object from an RSA public key.
- * Also used in rsa_private_key.c.
- */
-chunk_t rsa_public_key_info_to_asn1(const mpz_t n, const mpz_t e)
-{
- chunk_t rawKey = asn1_wrap(ASN1_SEQUENCE, "mm",
- asn1_integer_from_mpz(n),
- asn1_integer_from_mpz(e));
- chunk_t publicKey;
-
- u_char *pos = build_asn1_object(&publicKey, ASN1_BIT_STRING, 1 + rawKey.len);
-
- *pos++ = 0x00;
- memcpy(pos, rawKey.ptr, rawKey.len);
- free(rawKey.ptr);
-
- return asn1_wrap(ASN1_SEQUENCE, "cm", ASN1_rsaEncryption_id,
- publicKey);
-}
-
/*
* See header
*/
@@ -447,7 +396,7 @@ rsa_public_key_t *rsa_public_key_create_from_chunk(chunk_t blob)
while (objectID < PUB_KEY_ROOF)
{
- if (!extract_object(pubkey_objects, &objectID, &object, &level, &ctx))
+ if (!extract_object(pubkeyObjects, &objectID, &object, &level, &ctx))
{
destroy(this);
return FALSE;
@@ -489,8 +438,9 @@ rsa_public_key_t *rsa_public_key_create_from_file(char *filename)
rsa_public_key_t *pubkey = NULL;
if (!pem_asn1_load_file(filename, NULL, "public key", &chunk, &pgp))
+ {
return NULL;
-
+ }
pubkey = rsa_public_key_create_from_chunk(chunk);
free(chunk.ptr);
return pubkey;
diff --git a/src/libstrongswan/crypto/rsa/rsa_public_key.h b/src/libstrongswan/crypto/rsa/rsa_public_key.h
index 1ee54dcc3..0a40c2204 100644
--- a/src/libstrongswan/crypto/rsa/rsa_public_key.h
+++ b/src/libstrongswan/crypto/rsa/rsa_public_key.h
@@ -19,6 +19,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: rsa_public_key.h 3303 2007-10-12 22:49:39Z andreas $
*/
#ifndef RSA_PUBLIC_KEY_H_
@@ -29,6 +31,7 @@ typedef struct rsa_public_key_t rsa_public_key_t;
#include <gmp.h>
#include <library.h>
+#include <crypto/hashers/hasher.h>
/**
* @brief RSA public key with associated functions.
@@ -58,6 +61,7 @@ struct rsa_public_key_t {
*
* @param this rsa_public_key to use
* @param data data to sign
+ # @param algorithm hash algorithm the signature is based on
* @param signature signature to verify
* @return
* - SUCCESS, if signature ok
@@ -66,34 +70,9 @@ struct rsa_public_key_t {
* - INVALID_ARG, if signature is not a signature
* - FAILED if signature invalid or unable to verify
*/
- status_t (*verify_emsa_pkcs1_signature) (const rsa_public_key_t *this, chunk_t data, chunk_t signature);
-
- /**
- * @brief Gets the key.
- *
- * Currently uses a proprietary format which is only inteded
- * for testing. This should be replaced with a proper
- * ASN1 encoded key format, when charon gets the ASN1
- * capabilities.
- *
- * @param this calling object
- * @param key key (in a propriarity format)
- * @return
- * - SUCCESS
- * - INVALID_STATE, if key not set
- */
- status_t (*get_key) (const rsa_public_key_t *this, chunk_t *key);
-
- /**
- * @brief Saves a key to a file.
- *
- * Not implemented!
- *
- * @param this calling object
- * @param file file to which the key should be written.
- * @return NOT_SUPPORTED
- */
- status_t (*save_key) (const rsa_public_key_t *this, char *file);
+ status_t (*verify_emsa_pkcs1_signature) (const rsa_public_key_t *this,
+ hash_algorithm_t algorithm,
+ chunk_t data, chunk_t signature);
/**
* @brief Get the modulus of the key.
@@ -112,6 +91,14 @@ struct rsa_public_key_t {
size_t (*get_keysize) (const rsa_public_key_t *this);
/**
+ * @brief Get the DER encoded publicKeyInfo object.
+ *
+ * @param this calling object
+ * @return DER encoded publicKeyInfo object
+ */
+ chunk_t (*get_publicKeyInfo) (const rsa_public_key_t *this);
+
+ /**
* @brief Get the keyid formed as the SHA-1 hash of a publicKeyInfo object.
*
* @param this calling object
diff --git a/src/libstrongswan/crypto/signers/hmac_signer.c b/src/libstrongswan/crypto/signers/hmac_signer.c
index 76e1ce50e..ad5b882a6 100644
--- a/src/libstrongswan/crypto/signers/hmac_signer.c
+++ b/src/libstrongswan/crypto/signers/hmac_signer.c
@@ -52,14 +52,19 @@ struct private_hmac_signer_t {
/**
* Implementation of signer_t.get_signature.
*/
-static void get_signature (private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
+static void get_signature(private_hmac_signer_t *this, chunk_t data, u_int8_t *buffer)
{
- u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
-
- this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
-
- /* copy MAC depending on truncation */
- memcpy(buffer, full_mac, this->block_size);
+ if (buffer == NULL)
+ { /* append mode */
+ this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
+ }
+ else
+ {
+ u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
+
+ this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
+ memcpy(buffer, full_mac, this->block_size);
+ }
}
/**
@@ -67,18 +72,24 @@ static void get_signature (private_hmac_signer_t *this, chunk_t data, u_int8_t *
*/
static void allocate_signature (private_hmac_signer_t *this, chunk_t data, chunk_t *chunk)
{
- chunk_t signature;
- u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
-
- this->hmac_prf->get_bytes(this->hmac_prf,data,full_mac);
+ if (chunk == NULL)
+ { /* append mode */
+ this->hmac_prf->get_bytes(this->hmac_prf, data, NULL);
+ }
+ else
+ {
+ chunk_t signature;
+ u_int8_t full_mac[this->hmac_prf->get_block_size(this->hmac_prf)];
+
+ this->hmac_prf->get_bytes(this->hmac_prf, data, full_mac);
- signature.ptr = malloc(this->block_size);
- signature.len = this->block_size;
-
- /* copy signature */
- memcpy(signature.ptr, full_mac, this->block_size);
+ signature.ptr = malloc(this->block_size);
+ signature.len = this->block_size;
+
+ memcpy(signature.ptr, full_mac, this->block_size);
- *chunk = signature;
+ *chunk = signature;
+ }
}
/**
diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h
index 0f3709712..4218e4146 100644
--- a/src/libstrongswan/crypto/signers/signer.h
+++ b/src/libstrongswan/crypto/signers/signer.h
@@ -74,6 +74,9 @@ extern enum_name_t *integrity_algorithm_names;
struct signer_t {
/**
* @brief Generate a signature.
+ *
+ * If buffer is NULL, data is processed and prepended to a next call until
+ * buffer is a valid pointer.
*
* @param this calling object
* @param data a chunk containing the data to sign
@@ -83,6 +86,9 @@ struct signer_t {
/**
* @brief Generate a signature and allocate space for it.
+ *
+ * If chunk is NULL, data is processed and prepended to a next call until
+ * chunk is a valid chunk pointer.
*
* @param this calling object
* @param data a chunk containing the data to sign
diff --git a/src/libstrongswan/crypto/x509.c b/src/libstrongswan/crypto/x509.c
index 5bf3f26d7..d9093fc62 100755
--- a/src/libstrongswan/crypto/x509.c
+++ b/src/libstrongswan/crypto/x509.c
@@ -23,6 +23,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: x509.c 3301 2007-10-12 21:56:30Z andreas $
*/
#include <gmp.h>
@@ -114,7 +116,7 @@ struct private_x509_t {
/**
* Signature algorithm
*/
- int sigAlg;
+ int signatureAlgorithm;
/**
* ID representing the certificate issuer
@@ -197,11 +199,6 @@ struct private_x509_t {
bool isOcspSigner;
/**
- * Signature algorithm (must be identical to sigAlg)
- */
- int algorithm;
-
- /**
* Signature
*/
chunk_t signature;
@@ -445,16 +442,15 @@ static bool parse_basicConstraints(chunk_t blob, int level0)
return isCA;
}
-/*
+/**
* extracts an otherName
*/
-static bool
-parse_otherName(chunk_t blob, int level0)
+static bool parse_otherName(chunk_t blob, int level0)
{
asn1_ctx_t ctx;
chunk_t object;
- int objectID = 0;
u_int level;
+ int objectID = 0;
int oid = OID_UNKNOWN;
asn1_init(&ctx, blob, level0, FALSE, FALSE);
@@ -484,7 +480,7 @@ parse_otherName(chunk_t blob, int level0)
return TRUE;
}
-/*
+/**
* extracts a generalName
*/
static identification_t *parse_generalName(chunk_t blob, int level0)
@@ -544,10 +540,10 @@ static identification_t *parse_generalName(chunk_t blob, int level0)
}
-/**
- * extracts one or several GNs and puts them into a chained list
+/*
+ * Defined in header.
*/
-void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
+void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list)
{
asn1_ctx_t ctx;
chunk_t object;
@@ -589,10 +585,10 @@ static chunk_t parse_keyIdentifier(chunk_t blob, int level0, bool implicit)
return object;
}
-/**
- * extracts an authoritykeyIdentifier
+/*
+ * Defined in header.
*/
-void parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID, chunk_t *authKeySerialNumber)
+void x509_parse_authorityKeyIdentifier(chunk_t blob, int level0 , chunk_t *authKeyID, chunk_t *authKeySerialNumber)
{
asn1_ctx_t ctx;
chunk_t object;
@@ -639,8 +635,7 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, linked_list_t *l
chunk_t object;
u_int level;
int objectID = 0;
-
- u_int accessMethod = OID_UNKNOWN;
+ int accessMethod = OID_UNKNOWN;
asn1_init(&ctx, blob, level0, FALSE, FALSE);
while (objectID < AUTH_INFO_ACCESS_ROOF)
@@ -659,15 +654,26 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, linked_list_t *l
switch (accessMethod)
{
case OID_OCSP:
- if (*object.ptr == ASN1_CONTEXT_S_6)
+ case OID_CA_ISSUERS:
{
identification_t *accessLocation;
- if (asn1_length(&object) == ASN1_INVALID_LENGTH)
+ accessLocation = parse_generalName(object, level+1);
+ if (accessLocation == NULL)
+ {
+ /* parsing went wrong - abort */
return;
- DBG2(" '%.*s'",(int)object.len, object.ptr);
- accessLocation = identification_create_from_encoding(ID_DER_ASN1_GN_URI, object);
- list->insert_last(list, (void *)accessLocation);
+ }
+ DBG2(" '%D'", accessLocation);
+ if (accessMethod == OID_OCSP)
+ {
+ list->insert_last(list, (void *)accessLocation);
+ }
+ else
+ {
+ /* caIsssuer accessLocation is not used yet */
+ accessLocation->destroy(accessLocation);
+ }
}
break;
default:
@@ -731,7 +737,7 @@ static void parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t
if (objectID == CRL_DIST_POINTS_FULLNAME)
{
/* append extracted generalNames to existing chained list */
- parse_generalNames(object, level+1, TRUE, list);
+ x509_parse_generalNames(object, level+1, TRUE, list);
}
objectID++;
@@ -748,8 +754,8 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
bool critical;
chunk_t object;
u_int level;
- u_int extn_oid = OID_UNKNOWN;
int objectID = 0;
+ int extn_oid = OID_UNKNOWN;
asn1_init(&ctx, blob, level0, FALSE, FALSE);
while (objectID < X509_OBJ_ROOF)
@@ -778,7 +784,7 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
this->serialNumber = object;
break;
case X509_OBJ_SIG_ALG:
- this->sigAlg = parse_algorithmIdentifier(object, level, NULL);
+ this->signatureAlgorithm = parse_algorithmIdentifier(object, level, NULL);
break;
case X509_OBJ_ISSUER:
this->issuer = identification_create_from_encoding(ID_DER_ASN1_DN, object);
@@ -797,7 +803,7 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
case X509_OBJ_SUBJECT_PUBLIC_KEY_ALGORITHM:
if (parse_algorithmIdentifier(object, level, NULL) != OID_RSA_ENCRYPTION)
{
- DBG2(" unsupported public key algorithm");
+ DBG1(" unsupported public key algorithm");
return FALSE;
}
break;
@@ -809,7 +815,7 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
}
else
{
- DBG2(" invalid RSA public key format");
+ DBG1(" invalid RSA public key format");
return FALSE;
}
break;
@@ -831,7 +837,7 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
this->subjectKeyID = chunk_clone(parse_keyIdentifier(object, level, FALSE));
break;
case OID_SUBJECT_ALT_NAME:
- parse_generalNames(object, level, FALSE, this->subjectAltNames);
+ x509_parse_generalNames(object, level, FALSE, this->subjectAltNames);
break;
case OID_BASIC_CONSTRAINTS:
this->isCA = parse_basicConstraints(object, level);
@@ -840,7 +846,8 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
parse_crlDistributionPoints(object, level, this->crlDistributionPoints);
break;
case OID_AUTHORITY_KEY_ID:
- parse_authorityKeyIdentifier(object, level , &this->authKeyID, &this->authKeySerialNumber);
+ x509_parse_authorityKeyIdentifier(object, level,
+ &this->authKeyID, &this->authKeySerialNumber);
break;
case OID_AUTHORITY_INFO_ACCESS:
parse_authorityInfoAccess(object, level, this->ocspAccessLocations);
@@ -861,7 +868,15 @@ static bool parse_certificate(chunk_t blob, u_int level0, private_x509_t *this)
break;
}
case X509_OBJ_ALGORITHM:
- this->algorithm = parse_algorithmIdentifier(object, level, NULL);
+ {
+ int alg = parse_algorithmIdentifier(object, level, NULL);
+
+ if (alg != this->signatureAlgorithm)
+ {
+ DBG1(" signature algorithms do not agree");
+ return FALSE;
+ }
+ }
break;
case X509_OBJ_SIGNATURE:
this->signature = object;
@@ -1119,7 +1134,14 @@ static iterator_t *create_ocspuri_iterator(const private_x509_t *this)
*/
static bool verify(const private_x509_t *this, const rsa_public_key_t *signer)
{
- return signer->verify_emsa_pkcs1_signature(signer, this->tbsCertificate, this->signature) == SUCCESS;
+ hash_algorithm_t algorithm = hasher_algorithm_from_oid(this->signatureAlgorithm);
+
+ if (algorithm == HASH_UNKNOWN)
+ {
+ DBG1(" unknown signature algorithm");
+ return FALSE;
+ }
+ return signer->verify_emsa_pkcs1_signature(signer, algorithm, this->tbsCertificate, this->signature) == SUCCESS;
}
/**
@@ -1221,6 +1243,101 @@ static void list(private_x509_t *this, FILE *out, bool utc)
}
}
+/*
+ * Defined in header.
+ */
+chunk_t x509_build_generalNames(linked_list_t *list)
+{
+ linked_list_t *generalNames = linked_list_create();
+ iterator_t *iterator = list->create_iterator(list, TRUE);
+ identification_t *name;
+ size_t len = 0;
+
+ while (iterator->iterate(iterator, (void**)&name))
+ {
+ asn1_t asn1_type = ASN1_EOC;
+ chunk_t *generalName = malloc_thing(chunk_t);
+
+ switch (name->get_type(name))
+ {
+ case ID_RFC822_ADDR:
+ asn1_type = ASN1_CONTEXT_S_1;
+ break;
+ case ID_FQDN:
+ asn1_type = ASN1_CONTEXT_S_2;
+ break;
+ case ID_DER_ASN1_DN:
+ asn1_type = ASN1_CONTEXT_C_4;
+ break;
+ case ID_DER_ASN1_GN_URI:
+ asn1_type = ASN1_CONTEXT_S_6;
+ break;
+ case ID_IPV4_ADDR:
+ asn1_type = ASN1_CONTEXT_S_7;
+ break;
+ default:
+ continue;
+ }
+
+ *generalName = asn1_simple_object(asn1_type, name->get_encoding(name));
+ len += generalName->len;
+ generalNames->insert_last(generalNames, generalName);
+ }
+ iterator->destroy(iterator);
+
+ if (len > 0)
+ {
+ iterator_t *iterator = generalNames->create_iterator(generalNames, TRUE);
+ chunk_t names, *generalName;
+ u_char *pos = build_asn1_object(&names, ASN1_SEQUENCE, len);
+
+ while (iterator->iterate(iterator, (void**)&generalName))
+ {
+ memcpy(pos, generalName->ptr, generalName->len);
+ pos += generalName->len;
+ free(generalName->ptr);
+ free(generalName);
+ }
+ iterator->destroy(iterator);
+ generalNames->destroy(generalNames);
+
+ return asn1_wrap(ASN1_OCTET_STRING, "m", names);
+ }
+ else
+ {
+ return chunk_empty;
+ }
+}
+
+/*
+ * Defined in header.
+ */
+chunk_t x509_build_subjectAltNames(linked_list_t *list)
+{
+ chunk_t generalNames = x509_build_generalNames(list);
+
+ if (generalNames.len)
+ {
+ return asn1_wrap(ASN1_SEQUENCE, "cm",
+ ASN1_subjectAltName_oid,
+ asn1_wrap(ASN1_OCTET_STRING, "m", generalNames)
+ );
+ }
+ else
+ {
+ return chunk_empty;
+ }
+}
+
+/**
+ * Implementation of x509_t.build_encoding.
+ */
+static void build_encoding(private_x509_t *this, hash_algorithm_t alg,
+ rsa_private_key_t *private_key)
+{
+
+}
+
/**
* Implements x509_t.destroy
*/
@@ -1240,10 +1357,10 @@ static void destroy(private_x509_t *this)
free(this);
}
-/*
- * Described in header.
+/**
+ * Internal generic constructor
*/
-x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
+static private_x509_t *x509_create_empty(void)
{
private_x509_t *this = malloc_thing(private_x509_t);
@@ -1290,9 +1407,34 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
this->public.create_crluri_iterator = (iterator_t* (*) (const x509_t*))create_crluri_iterator;
this->public.create_ocspuri_iterator = (iterator_t* (*) (const x509_t*))create_ocspuri_iterator;
this->public.verify = (bool (*) (const x509_t*,const rsa_public_key_t*))verify;
- this->public.list = (void(*)(x509_t*, FILE *out, bool utc))list;
+ this->public.list = (void (*) (x509_t*, FILE *out, bool utc))list;
+ this->public.build_encoding = (void (*) (x509_t*,hash_algorithm_t,rsa_private_key_t*))build_encoding;
this->public.destroy = (void (*) (x509_t*))destroy;
+ return this;
+}
+
+/*
+ * Described in header.
+ */
+x509_t *x509_create_(chunk_t serialNumber, identification_t *issuer, identification_t *subject)
+{
+ private_x509_t *this = x509_create_empty();
+
+ this->serialNumber = serialNumber;
+ this->issuer = issuer->clone(issuer);
+ this->subject = subject->clone(subject);
+
+ return &this->public;
+}
+
+/*
+ * Described in header.
+ */
+x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
+{
+ private_x509_t *this = x509_create_empty();
+
if (!parse_certificate(chunk, level, this))
{
destroy(this);
@@ -1314,8 +1456,15 @@ x509_t *x509_create_from_chunk(chunk_t chunk, u_int level)
this->isSelfSigned = FALSE;
if (this->subject->equals(this->subject, this->issuer))
{
+ hash_algorithm_t algorithm = hasher_algorithm_from_oid(this->signatureAlgorithm);
+
+ if (algorithm == HASH_UNKNOWN)
+ {
+ destroy(this);
+ return NULL;
+ }
this->isSelfSigned = this->public_key->verify_emsa_pkcs1_signature(this->public_key,
- this->tbsCertificate, this->signature) == SUCCESS;
+ algorithm, this->tbsCertificate, this->signature) == SUCCESS;
}
if (this->isSelfSigned)
{
diff --git a/src/libstrongswan/crypto/x509.h b/src/libstrongswan/crypto/x509.h
index c6fe148d4..1ab267dac 100755
--- a/src/libstrongswan/crypto/x509.h
+++ b/src/libstrongswan/crypto/x509.h
@@ -23,6 +23,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: x509.h 3301 2007-10-12 21:56:30Z andreas $
*/
#ifndef X509_H_
@@ -31,7 +33,8 @@
typedef struct x509_t x509_t;
#include <library.h>
-#include <crypto/rsa/rsa_public_key.h>
+#include <crypto/rsa/rsa_private_key.h>
+#include <crypto/hashers/hasher.h>
#include <crypto/certinfo.h>
#include <crypto/ca.h>
#include <utils/identification.h>
@@ -49,6 +52,7 @@ typedef struct x509_t x509_t;
* @brief X.509 certificate.
*
* @b Constructors:
+ * - x509_create()
* - x509_create_from_chunk()
* - x509_create_from_file()
*
@@ -288,9 +292,26 @@ struct x509_t {
* @param out stream to write to
* @param utc TRUE for UTC times, FALSE for local time
*/
- void (*list)(x509_t *this, FILE *out, bool utc);
+ void (*list) (x509_t *this, FILE *out, bool utc);
/**
+ * @brief Adds a list of subjectAltNames
+ *
+ * @param this calling object
+ * @param subjectAltNames list of subjectAltNames to be added
+ */
+ void (*add_subjectAltNames) (x509_t *this, linked_list_t *subjectAltNames);
+
+ /**
+ * @brief Builds a DER-encoded signed X.509 certificate
+ *
+ * @param this calling object
+ * @param alg hash algorithm used to compute the certificate digest
+ * @param private_key RSA private key used to sign the certificate digest
+ */
+ void (*build_encoding) (x509_t *this, hash_algorithm_t alg, rsa_private_key_t *private_key);
+
+ /**
* @brief Destroys the certificate.
*
* @param this certificate to destroy
@@ -299,17 +320,34 @@ struct x509_t {
};
/**
- * @brief Read a x509 certificate from a DER encoded blob.
- *
+ * @brief Create a X.509 certificate from its components
+ *
+ * @param serialNumber chunk containing the serialNumber
+ * @param issuer issuer distinguished name
+ * @param notBefore start date of validity
+ * @param notAfter end date of validity
+ * @param subject subject distinguished name
+ *
+ * @return created x509_t certificate, or NULL if invalid.
+ *
+ * @ingroup crypto
+ */
+x509_t *x509_create(chunk_t serialNumber, identification_t *issuer,
+ time_t notBefore, time_t notAfter,
+ identification_t *subject);
+
+/**
+ * @brief Read a X.509 certificate from a DER encoded blob.
+ *
* @param chunk chunk containing DER encoded data
- * @return created x509_t certificate, or NULL if invlid.
+ * @return created x509_t certificate, or NULL if invalid.
*
* @ingroup crypto
*/
x509_t *x509_create_from_chunk(chunk_t chunk, u_int level);
/**
- * @brief Read a x509 certificate from a DER encoded file.
+ * @brief Read a X.509 certificate from a DER encoded file.
*
* @param filename file containing DER encoded data
* @param label label describing kind of certificate
@@ -329,7 +367,7 @@ x509_t *x509_create_from_file(const char *filename, const char *label);
*
* @ingroup crypto
*/
-void parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeyID, chunk_t *authKeySerialNumber);
+void x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeyID, chunk_t *authKeySerialNumber);
/**
* @brief Parses DER encoded generalNames
@@ -337,10 +375,30 @@ void parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeyID,
* @param blob blob containing DER encoded data
* @param level0 indicates the current parsing level
* @param implicit implicit coding is used
- * @param list linked list of decoded generalNames
+ * @param list list of decoded generalNames
+ *
+ * @ingroup crypto
+ */
+void x509_parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list);
+
+/**
+ * @brief Builds a DER encoded list of generalNames
+ *
+ * @param list list of generalNames to be encoded
+ * @return DER encoded list of generalNames
+ *
+ * @ingroup crypto
+ */
+chunk_t x509_build_generalNames(linked_list_t *list);
+
+/**
+ * @brief Builds a DER encoded list of subjectAltNames
+ *
+ * @param list list of subjectAltNames to be encoded
+ * @return DER encoded list of subjectAltNames
*
* @ingroup crypto
*/
-void parse_generalNames(chunk_t blob, int level0, bool implicit, linked_list_t *list);
+chunk_t x509_build_subjectAltNames(linked_list_t *list);
#endif /* X509_H_ */
diff --git a/src/libstrongswan/debug.c b/src/libstrongswan/debug.c
index 996cae502..a71e978b8 100644
--- a/src/libstrongswan/debug.c
+++ b/src/libstrongswan/debug.c
@@ -28,7 +28,7 @@
/**
* default dbg function which printf all to stderr
*/
-static void dbg_stderr(int level, char *fmt, ...)
+void dbg_default(int level, char *fmt, ...)
{
va_list args;
@@ -38,4 +38,4 @@ static void dbg_stderr(int level, char *fmt, ...)
va_end(args);
}
-void (*dbg) (int level, char *fmt, ...) = dbg_stderr;
+void (*dbg) (int level, char *fmt, ...) = dbg_default;
diff --git a/src/libstrongswan/debug.h b/src/libstrongswan/debug.h
index c424a1c11..71f2c7dfd 100644
--- a/src/libstrongswan/debug.h
+++ b/src/libstrongswan/debug.h
@@ -57,4 +57,7 @@
/** dbg function hook, uses stderr logger by default */
extern void (*dbg) (int level, char *fmt, ...);
+/** default logging function, prints to stderr */
+void dbg_default(int level, char *fmt, ...);
+
#endif /* DEBUG_H_ */
diff --git a/src/libstrongswan/fips/fips.c b/src/libstrongswan/fips/fips.c
new file mode 100644
index 000000000..aba292d81
--- /dev/null
+++ b/src/libstrongswan/fips/fips.c
@@ -0,0 +1,103 @@
+/**
+ * @file fips.c
+ *
+ * @brief Implementation of the libstrongswan integrity test.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Bruno Krieg, Daniel Wydler
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+
+#include <debug.h>
+#include <crypto/signers/hmac_signer.h>
+#include "fips.h"
+
+extern const u_char FIPS_rodata_start[];
+extern const u_char FIPS_rodata_end[];
+extern const void *FIPS_text_start();
+extern const void *FIPS_text_end();
+
+/**
+ * Described in header
+ */
+bool fips_compute_hmac_signature(const char *key, char *signature)
+{
+ u_char *text_start = (u_char *)FIPS_text_start();
+ u_char *text_end = (u_char *)FIPS_text_end();
+ size_t text_len, rodata_len;
+ signer_t *signer;
+
+ if (text_start > text_end)
+ {
+ DBG1(" TEXT start (%p) > TEXT end (%p",
+ text_start, text_end);
+ return FALSE;
+ }
+ text_len = text_end - text_start;
+ DBG1(" TEXT: %p + %6d = %p",
+ text_start, (int)text_len, text_end);
+
+ if (FIPS_rodata_start > FIPS_rodata_end)
+ {
+ DBG1(" RODATA start (%p) > RODATA end (%p",
+ FIPS_rodata_start, FIPS_rodata_end);
+ return FALSE;
+ }
+ rodata_len = FIPS_rodata_end - FIPS_rodata_start;
+ DBG1(" RODATA: %p + %6d = %p",
+ FIPS_rodata_start, (int)rodata_len, FIPS_rodata_end);
+
+ signer = (signer_t *)hmac_signer_create(HASH_SHA1, HASH_SIZE_SHA1);
+ if (signer == NULL)
+ {
+ DBG1(" SHA-1 HMAC signer could not be created");
+ return FALSE;
+ }
+ else
+ {
+ chunk_t hmac_key = { key, strlen(key) };
+ chunk_t text_chunk = { text_start, text_len };
+ chunk_t rodata_chunk = { (u_char *)FIPS_rodata_start, rodata_len };
+ chunk_t signature_chunk = chunk_empty;
+
+ signer->set_key(signer, hmac_key);
+ signer->allocate_signature(signer, text_chunk, NULL);
+ signer->allocate_signature(signer, rodata_chunk, &signature_chunk);
+ signer->destroy(signer);
+
+ sprintf(signature, "%#B", &signature_chunk);
+ DBG1(" SHA-1 HMAC key: %s", key);
+ DBG1(" SHA-1 HMAC sig: %s", signature);
+ free(signature_chunk.ptr);
+ return TRUE;
+ }
+}
+
+/**
+ * Described in header
+ */
+bool fips_verify_hmac_signature(const char *key,
+ const char *signature)
+{
+ char current_signature[BUF_LEN];
+
+ if (!fips_compute_hmac_signature(key, current_signature))
+ {
+ return FALSE;
+ }
+ return streq(signature, current_signature);
+}
diff --git a/src/libstrongswan/fips/fips.h b/src/libstrongswan/fips/fips.h
new file mode 100644
index 000000000..decf73bfd
--- /dev/null
+++ b/src/libstrongswan/fips/fips.h
@@ -0,0 +1,47 @@
+/**
+ * @file fips.h
+ *
+ * @brief Interface of the libstrongswan integrity test
+ *
+ * @ingroup fips
+ */
+
+/*
+ * Copyright (C) 2007 Bruno Krieg, Daniel Wydler
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef FIPS_H_
+#define FIPS_H_
+
+#include <library.h>
+
+/**
+ * @brief compute HMAC signature over RODATA and TEXT sections of libstrongswan
+ *
+ * @param key key used for HMAC signature in ASCII string format
+ * @param signature HMAC signature in HEX string format
+ * @return TRUE if HMAC signature computation was successful
+ */
+bool fips_compute_hmac_signature(const char *key, char *signature);
+
+/**
+ * @brief verify HMAC signature over RODATA and TEXT sections of libstrongswan
+ *
+ * @param key key used for HMAC signature in ASCII string format
+ * @param signature signature value from fips_signature.h in HEX string format
+ * @return TRUE if signatures agree
+ */
+bool fips_verify_hmac_signature(const char *key, const char *signature);
+
+#endif /*FIPS_H_*/
diff --git a/src/libstrongswan/fips/fips_canister_end.c b/src/libstrongswan/fips/fips_canister_end.c
new file mode 100644
index 000000000..46d41a664
--- /dev/null
+++ b/src/libstrongswan/fips/fips_canister_end.c
@@ -0,0 +1,173 @@
+/**
+ * @file fips_canister_end.c
+ *
+ * @brief Marks the end of TEXT and RODATA.
+ *
+ */
+
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#if defined(__DECC)
+# include <c_asm.h>
+# pragma __nostandard
+#endif
+
+#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
+ (defined(__sgi) && (defined(__mips) || defined(mips))) || \
+ (defined(__osf__) && defined(__alpha)) || \
+ (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
+ (defined(__i386) || defined(__i386__)) || \
+ (defined(__x86_64) || defined(__x86_64__)) || \
+ (defined(vax) || defined(__vax__))
+# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+# endif
+#endif
+
+#define FIPS_ref_point FIPS_text_end
+/* Some compilers put string literals into a separate segment. As we
+ * are mostly interested to hash AES tables in .rodata, we declare
+ * reference points accordingly. In case you wonder, the values are
+ * big-endian encoded variable names, just to prevent these arrays
+ * from being merged by linker. */
+const unsigned int FIPS_rodata_end[]=
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
+
+
+/*
+ * I declare reference function as static in order to avoid certain
+ * pitfalls in -dynamic linker behaviour...
+ */
+static void *instruction_pointer(void)
+{
+ void *ret = NULL;
+
+/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
+ * that they are designed to work under any OS running on particular
+ * CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
+ * this function. */
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ INSTRUCTION_POINTER_IMPLEMENTED(ret);
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__alpha) || defined(__alpha__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "br %0,1f\n1:" : "=r"(ret) );
+# elif defined(__i386) || defined(__i386__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "call 1f\n1: popl %0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# elif defined(__ia64) || defined(__ia64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "mov %0=ip" : "=r"(ret) );
+# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "blr %%r0,%0\n\tnop" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
+# elif defined(__mips) || defined(__mips__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "move %1,$31\n\t" /* save ra */
+ "bal .+8; nop\n\t"
+ "move %0,$31\n\t"
+ "move $31,%1" /* restore ra */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__ppc__) || defined(__powerpc) || defined(__powerpc__) || \
+ defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
+ defined(__PPC64__) || defined(__powerpc64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mfspr %1,8\n\t" /* save lr */
+ "bl .+4\n\t"
+ "mfspr %0,8\n\t" /* mflr ret */
+ "mtspr 8,%1" /* restore lr */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mov %%o7,%1\n\t"
+ "call .+8; nop\n\t"
+ "mov %%o7,%0\n\t"
+ "mov %1,%%o7"
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__x86_64) || defined(__x86_64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "leaq 0(%%rip),%0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# endif
+#elif defined(__DECC) && defined(__alpha)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ ret = (void *)(size_t)asm("br %v0,1f\n1:");
+#elif defined(_MSC_VER) && defined(_M_IX86)
+# undef INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ _asm {
+ call self
+ self: pop eax
+ mov scratch,eax
+ }
+ ret = (void *)((size_t)scratch&~3UL);
+#endif
+ return ret;
+}
+
+/*
+ * This function returns pointer to an instruction in the vicinity of
+ * its entry point, but not outside this object module. This guarantees
+ * that sequestered code is covered...
+ */
+void *FIPS_ref_point()
+{
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ return instruction_pointer();
+/* Below we essentially cover vendor compilers which do not support
+ * inline assembler... */
+#elif defined(_AIX)
+ struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_HPUX_SOURCE)
+# if defined(__hppa) || defined(__hppa__)
+ struct { void *i[4]; } *p = (void *)FIPS_ref_point;
+
+ if (sizeof(p) == 8) /* 64-bit */
+ return p->i[2];
+ else if ((size_t)p & 2)
+ { p = (void *)((size_t)p&~3UL);
+ return p->i[0];
+ }
+ else
+ return (void *)p;
+# elif defined(__ia64) || defined(__ia64__)
+ struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+# endif
+#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
+ /* applies to both alpha and ia64 */
+ struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+#elif defined(__VOS__)
+ /* applies to both pa-risc and ia32 */
+ struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_WIN32)
+# if defined(_WIN64) && defined(_M_IA64)
+ struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
+ return p->ip;
+# else
+ return (void *)FIPS_ref_point;
+# endif
+/*
+ * In case you wonder why there is no #ifdef __linux. All Linux targets
+ * are GCC-based and therefore are covered by instruction_pointer above
+ * [well, some are covered by by the one below]...
+ */
+#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+ return (void *)instruction_pointer;
+#else
+ return NULL;
+#endif
+}
diff --git a/src/libstrongswan/fips/fips_canister_start.c b/src/libstrongswan/fips/fips_canister_start.c
new file mode 100644
index 000000000..eaf2571f8
--- /dev/null
+++ b/src/libstrongswan/fips/fips_canister_start.c
@@ -0,0 +1,174 @@
+/**
+ * @file fips_canister_start.c
+ *
+ * @brief Marks the start of TEXT and RODATA.
+ *
+ */
+
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#if defined(__DECC)
+# include <c_asm.h>
+# pragma __nostandard
+#endif
+
+#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
+ (defined(__sgi) && (defined(__mips) || defined(mips))) || \
+ (defined(__osf__) && defined(__alpha)) || \
+ (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
+ (defined(__i386) || defined(__i386__)) || \
+ (defined(__x86_64) || defined(__x86_64__)) || \
+ (defined(vax) || defined(__vax__))
+# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+# endif
+#endif
+
+
+#define FIPS_ref_point FIPS_text_start
+/* Some compilers put string literals into a separate segment. As we
+ * are mostly interested to hash AES tables in .rodata, we declare
+ * reference points accordingly. In case you wonder, the values are
+ * big-endian encoded variable names, just to prevent these arrays
+ * from being merged by linker. */
+const unsigned int FIPS_rodata_start[]=
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
+
+
+/*
+ * I declare reference function as static in order to avoid certain
+ * pitfalls in -dynamic linker behaviour...
+ */
+static void *instruction_pointer(void)
+{
+ void *ret = NULL;
+
+/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
+ * that they are designed to work under any OS running on particular
+ * CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
+ * this function. */
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ INSTRUCTION_POINTER_IMPLEMENTED(ret);
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__alpha) || defined(__alpha__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "br %0,1f\n1:" : "=r"(ret) );
+# elif defined(__i386) || defined(__i386__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "call 1f\n1: popl %0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# elif defined(__ia64) || defined(__ia64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "mov %0=ip" : "=r"(ret) );
+# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "blr %%r0,%0\n\tnop" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
+# elif defined(__mips) || defined(__mips__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "move %1,$31\n\t" /* save ra */
+ "bal .+8; nop\n\t"
+ "move %0,$31\n\t"
+ "move $31,%1" /* restore ra */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__ppc__) || defined(__powerpc) || defined(__powerpc__) || \
+ defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
+ defined(__PPC64__) || defined(__powerpc64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mfspr %1,8\n\t" /* save lr */
+ "bl .+4\n\t"
+ "mfspr %0,8\n\t" /* mflr ret */
+ "mtspr 8,%1" /* restore lr */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mov %%o7,%1\n\t"
+ "call .+8; nop\n\t"
+ "mov %%o7,%0\n\t"
+ "mov %1,%%o7"
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__x86_64) || defined(__x86_64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "leaq 0(%%rip),%0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# endif
+#elif defined(__DECC) && defined(__alpha)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ ret = (void *)(size_t)asm("br %v0,1f\n1:");
+#elif defined(_MSC_VER) && defined(_M_IX86)
+# undef INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ _asm {
+ call self
+ self: pop eax
+ mov scratch,eax
+ }
+ ret = (void *)((size_t)scratch&~3UL);
+#endif
+ return ret;
+}
+
+/*
+ * This function returns pointer to an instruction in the vicinity of
+ * its entry point, but not outside this object module. This guarantees
+ * that sequestered code is covered...
+ */
+void *FIPS_ref_point()
+{
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ return instruction_pointer();
+/* Below we essentially cover vendor compilers which do not support
+ * inline assembler... */
+#elif defined(_AIX)
+ struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_HPUX_SOURCE)
+# if defined(__hppa) || defined(__hppa__)
+ struct { void *i[4]; } *p = (void *)FIPS_ref_point;
+
+ if (sizeof(p) == 8) /* 64-bit */
+ return p->i[2];
+ else if ((size_t)p & 2)
+ { p = (void *)((size_t)p&~3UL);
+ return p->i[0];
+ }
+ else
+ return (void *)p;
+# elif defined(__ia64) || defined(__ia64__)
+ struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+# endif
+#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
+ /* applies to both alpha and ia64 */
+ struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+#elif defined(__VOS__)
+ /* applies to both pa-risc and ia32 */
+ struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_WIN32)
+# if defined(_WIN64) && defined(_M_IA64)
+ struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
+ return p->ip;
+# else
+ return (void *)FIPS_ref_point;
+# endif
+/*
+ * In case you wonder why there is no #ifdef __linux. All Linux targets
+ * are GCC-based and therefore are covered by instruction_pointer above
+ * [well, some are covered by by the one below]...
+ */
+#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+ return (void *)instruction_pointer;
+#else
+ return NULL;
+#endif
+}
diff --git a/src/libstrongswan/fips/fips_signer.c b/src/libstrongswan/fips/fips_signer.c
new file mode 100644
index 000000000..7fb61d5b7
--- /dev/null
+++ b/src/libstrongswan/fips/fips_signer.c
@@ -0,0 +1,63 @@
+/**
+ * @file fips_signer.c
+ *
+ * @brief Computes a HMAC signature and stores it in fips_signature.h.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Bruno Krieg, Daniel Wydler
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include <stdio.h>
+
+#include <crypto/hashers/hasher.h>
+#include "fips.h"
+
+int main(int argc, char* argv[])
+{
+ FILE *f;
+ char *hmac_key = "strongSwan Version " VERSION;
+ char hmac_signature[BUF_LEN];
+
+ if (!fips_compute_hmac_signature(hmac_key, hmac_signature))
+ {
+ exit(1);
+ }
+
+ /**
+ * write computed HMAC signature to fips_signature.h
+ */
+ f = fopen("fips_signature.h", "wt");
+
+ if (f == NULL)
+ {
+ exit(1);
+ }
+ fprintf(f, "/* SHA-1 HMAC signature computed over TEXT and RODATA of libstrongswan\n");
+ fprintf(f, " *\n");
+ fprintf(f, " * This file has been automatically generated by fips_signer\n");
+ fprintf(f, " * Do not edit manually!\n");
+ fprintf(f, " */\n");
+ fprintf(f, "\n");
+ fprintf(f, "#ifndef FIPS_SIGNATURE_H_\n");
+ fprintf(f, "#define FIPS_SIGNATURE_H_\n");
+ fprintf(f, "\n");
+ fprintf(f, "const char *hmac_key = \"%s\";\n", hmac_key);
+ fprintf(f, "const char *hmac_signature = \"%s\";\n", hmac_signature);
+ fprintf(f, "\n");
+ fprintf(f, "#endif /* FIPS_SIGNATURE_H_ */\n");
+ fclose(f);
+ exit(0);
+}
diff --git a/src/libstrongswan/library.h b/src/libstrongswan/library.h
index 67a05f118..51b72bfce 100644
--- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h
@@ -18,6 +18,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: library.h 3255 2007-10-07 13:35:42Z andreas $
*/
#ifndef LIBRARY_H_
@@ -26,13 +28,14 @@
/**
* @defgroup libstrongswan libstrongswan
*
- * libstrongswan: library with various crypto related things.
+ * libstrongswan: library with various cryptographic, X.509 trust chain and
+ * identity management functions.
*/
/**
* @defgroup asn1 asn1
*
- * ASN1 definitions, parser and generator functions.
+ * ASN.1 definitions, parser and generator functions.
*
* @ingroup libstrongswan
*/
@@ -40,7 +43,7 @@
/**
* @defgroup crypto crypto
*
- * Crypto algorithms of different kind.
+ * Various cryptographic algorithms.
*
* @ingroup libstrongswan
*/
@@ -89,6 +92,14 @@
*/
/**
+ * @defgroup fips fips
+ *
+ * Code integrity check of libstrongswan
+ *
+ * @ingroup libstrongswan
+ */
+
+/**
* @defgroup utils utils
*
* Generic helper classes.
@@ -120,6 +131,11 @@
#define streq(x,y) (strcmp(x, y) == 0)
/**
+ * Macro compares two strings for equality
+ */
+#define strneq(x,y,len) (strncmp(x, y, len) == 0)
+
+/**
* Macro compares two binary blobs for equality
*/
#define memeq(x,y,len) (memcmp(x, y, len) == 0)
@@ -135,11 +151,21 @@
#define min(x,y) ((x) < (y) ? (x):(y))
/**
- * Call destructor of a object if object != NULL
+ * Call destructor of an object, if object != NULL
*/
#define DESTROY_IF(obj) if (obj) obj->destroy(obj)
/**
+ * Call offset destructor of an object, if object != NULL
+ */
+#define DESTROY_OFFSET_IF(obj, offset) if (obj) obj->destroy_offset(obj, offset);
+
+/**
+ * Call function destructor of an object, if object != NULL
+ */
+#define DESTROY_FUNCTION_IF(obj, fn) if (obj) obj->destroy_function(obj, fn);
+
+/**
* Debug macro to follow control flow
*/
#define POS printf("%s, line %d\n", __FILE__, __LINE__)
diff --git a/src/libstrongswan/utils/enumerator.c b/src/libstrongswan/utils/enumerator.c
new file mode 100644
index 000000000..842a2e997
--- /dev/null
+++ b/src/libstrongswan/utils/enumerator.c
@@ -0,0 +1,44 @@
+/**
+ * @file enumerator.c
+ *
+ * @brief Implementation of enumerator_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#include "enumerator.h"
+
+
+/**
+ * Implementation of enumerator_create_empty().enumerate
+ */
+static bool enumerate_empty(enumerator_t *enumerator, ...)
+{
+ return FALSE;
+}
+
+/**
+ * See header
+ */
+enumerator_t* enumerator_create_empty()
+{
+ enumerator_t *this = malloc_thing(enumerator_t);
+ this->enumerate = enumerate_empty;
+ this->destroy = (void*)free;
+ return this;
+}
+
diff --git a/src/libstrongswan/utils/enumerator.h b/src/libstrongswan/utils/enumerator.h
new file mode 100644
index 000000000..df1d78206
--- /dev/null
+++ b/src/libstrongswan/utils/enumerator.h
@@ -0,0 +1,57 @@
+/**
+ * @file enumerator.h
+ *
+ * @brief Interface of enumerator_t.
+ *
+ */
+
+/*
+ * Copyright (C) 2007 Martin Willi
+ * Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef ENUMERATOR_H_
+#define ENUMERATOR_H_
+
+#include <library.h>
+
+typedef struct enumerator_t enumerator_t;
+
+/**
+ * @brief Enumerate is simpler, but more flexible than iterator.
+ */
+struct enumerator_t {
+
+ /**
+ * @brief Enumerate collection.
+ *
+ * The enumerate function takes a variable argument list containing
+ * pointers where the enumerated values get written.
+ *
+ * @param ... variable list of enumerated items, implementation dependant
+ * @return TRUE if pointers returned
+ */
+ bool (*enumerate)(enumerator_t *this, ...);
+
+ /**
+ * @brief Destroy a enumerator instance.
+ */
+ void (*destroy)(enumerator_t *this);
+};
+
+/**
+ * @brief Create an enumerator which enumerates over nothing
+ */
+enumerator_t* enumerator_create_empty();
+
+#endif /* ENUMERATOR_H_ */
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index ba0a76893..18f6d6824 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -19,6 +19,8 @@
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
+ *
+ * RCSID $Id: identification.c 3256 2007-10-07 13:42:43Z andreas $
*/
#define _GNU_SOURCE
@@ -199,19 +201,6 @@ static void update_chunk(chunk_t *ch, int n)
}
/**
- * Prints a binary string in hexadecimal form
- */
-void hex_str(chunk_t bin, chunk_t *str)
-{
- u_int i;
- update_chunk(str, snprintf(str->ptr,str->len,"0x"));
- for (i = 0; i < bin.len; i++)
- {
- update_chunk(str, snprintf(str->ptr,str->len,"%02X",*bin.ptr++));
- }
-}
-
-/**
* Remove any malicious characters from a chunk. We are very restrictive, but
* whe use these strings only to present it to the user.
*/
@@ -402,9 +391,9 @@ static status_t dntoa(chunk_t dn, chunk_t *str)
/* print OID */
oid_code = known_oid(oid);
- if (oid_code == OID_UNKNOWN)
- { /* OID not found in list */
- hex_str(oid, str);
+ if (oid_code == OID_UNKNOWN)
+ {
+ update_chunk(str, snprintf(str->ptr,str->len,"0x#B", &oid));
}
else
{
@@ -467,12 +456,16 @@ static bool same_dn(chunk_t a, chunk_t b)
|| (type_a == ASN1_IA5STRING && known_oid(oid_a) == OID_PKCS9_EMAIL)))
{
if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
+ {
return FALSE;
+ }
}
else
{
- if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
- return FALSE;
+ if (!strneq(value_a.ptr, value_b.ptr, value_b.len))
+ {
+ return FALSE;
+ }
}
}
/* both DNs must have same number of RDNs */
@@ -540,12 +533,16 @@ bool match_dn(chunk_t a, chunk_t b, int *wildcards)
|| (type_a == ASN1_IA5STRING && known_oid(oid_a) == OID_PKCS9_EMAIL)))
{
if (strncasecmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
+ {
return FALSE;
+ }
}
else
{
- if (strncmp(value_a.ptr, value_b.ptr, value_b.len) != 0)
+ if (!strneq(value_a.ptr, value_b.ptr, value_b.len))
+ {
return FALSE;
+ }
}
}
/* both DNs must have same number of RDNs */
@@ -931,7 +928,7 @@ static int print(FILE *stream, const struct printf_info *info,
case ID_FQDN:
{
proper = sanitize_chunk(this->encoded);
- written = fprintf(stream, "@%.*s", proper.len, proper.ptr);
+ written = fprintf(stream, "%.*s", proper.len, proper.ptr);
chunk_free(&proper);
return written;
}
@@ -1071,8 +1068,15 @@ identification_t *identification_create_from_string(char *string)
if (inet_pton(AF_INET, string, &address) <= 0)
{
- free(this);
- return NULL;
+ /* not IPv4, mostly FQDN */
+ this->type = ID_FQDN;
+ this->encoded.ptr = strdup(string);
+ this->encoded.len = strlen(string);
+ this->public.matches = (bool (*)
+ (identification_t*,identification_t*,int*))matches_string;
+ this->public.equals = (bool (*)
+ (identification_t*,identification_t*))equals_strcasecmp;
+ return &(this->public);
}
this->encoded = chunk_clone(chunk);
this->type = ID_IPV4_ADDR;
@@ -1137,6 +1141,7 @@ identification_t *identification_create_from_string(char *string)
identification_t *identification_create_from_encoding(id_type_t type, chunk_t encoded)
{
private_identification_t *this = identification_create();
+
this->type = type;
switch (type)
{
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index a28ebba51..dab18fd5c 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -190,7 +190,8 @@ whitelist_t whitelist[] = {
{getprotobynumber, 291},
{getservbyport, 311},
{register_printf_function, 159},
- {syslog, 45},
+ {syslog, 44},
+ {vsyslog, 41},
{dlopen, 109},
# ifdef LIBCURL
/* from /usr/lib/libcurl.so.3 */
diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c
index de52ea46a..5cd8ffd7a 100644
--- a/src/libstrongswan/utils/linked_list.c
+++ b/src/libstrongswan/utils/linked_list.c
@@ -6,6 +6,7 @@
*/
/*
+ * Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -140,6 +141,52 @@ struct private_iterator_t {
void *hook_param;
};
+typedef struct private_enumerator_t private_enumerator_t;
+
+/**
+ * linked lists enumerator implementation
+ */
+struct private_enumerator_t {
+
+ /**
+ * implements enumerator interface
+ */
+ enumerator_t enumerator;
+
+ /**
+ * next item to enumerate
+ */
+ element_t *next;
+};
+
+/**
+ * Implementation of private_enumerator_t.enumerator.enumerate.
+ */
+static bool enumerate(private_enumerator_t *this, void **item)
+{
+ if (this->next == NULL)
+ {
+ return FALSE;
+ }
+ *item = this->next->value;
+ this->next = this->next->next;
+ return TRUE;
+}
+
+/**
+ * Implementation of linked_list_t.create_enumerator.
+ */
+static enumerator_t* create_enumerator(private_linked_list_t *this)
+{
+ private_enumerator_t *enumerator = malloc_thing(private_enumerator_t);
+
+ enumerator->enumerator.enumerate = (void*)enumerate;
+ enumerator->enumerator.destroy = (void*)free;
+ enumerator->next = this->first;
+
+ return &enumerator->enumerator;
+}
+
/**
* Implementation of iterator_t.get_count.
*/
@@ -630,9 +677,9 @@ static status_t get_last(private_linked_list_t *this, void **item)
}
/**
- * Implementation of linked_list_t.invoke.
+ * Implementation of linked_list_t.invoke_offset.
*/
-static void invoke(private_linked_list_t *this, size_t offset)
+static void invoke_offset(private_linked_list_t *this, size_t offset)
{
element_t *current = this->first;
@@ -645,13 +692,62 @@ static void invoke(private_linked_list_t *this, size_t offset)
}
/**
+ * Implementation of linked_list_t.invoke_function.
+ */
+static void invoke_function(private_linked_list_t *this, void(*fn)(void*))
+{
+ element_t *current = this->first;
+
+ while (current)
+ {
+ fn(current->value);
+ current = current->next;
+ }
+}
+
+/**
+ * Implementation of linked_list_t.clone_offset
+ */
+static linked_list_t *clone_offset(private_linked_list_t *this, size_t offset)
+{
+ linked_list_t *clone = linked_list_create();
+ element_t *current = this->first;
+
+ while (current)
+ {
+ void* (**method)(void*) = current->value + offset;
+ clone->insert_last(clone, (*method)(current->value));
+ current = current->next;
+ }
+
+ return clone;
+}
+
+/**
+ * Implementation of linked_list_t.clone_function
+ */
+static linked_list_t *clone_function(private_linked_list_t *this, void* (*fn)(void*))
+{
+ linked_list_t *clone = linked_list_create();
+ element_t *current = this->first;
+
+ while (current)
+ {
+ clone->insert_last(clone, fn(current->value));
+ current = current->next;
+ }
+
+ return clone;
+}
+
+/**
* Implementation of linked_list_t.destroy.
*/
static void destroy(private_linked_list_t *this)
{
void *value;
/* Remove all list items before destroying list */
- while (this->public.remove_first(&(this->public), &value) == SUCCESS)
+ while (remove_first(this, &value) == SUCCESS)
{
/* values are not destroyed so memory leaks are possible
* if list is not empty when deleting */
@@ -744,6 +840,7 @@ linked_list_t *linked_list_create()
this->public.get_count = (int (*) (linked_list_t *)) get_count;
this->public.create_iterator = (iterator_t * (*) (linked_list_t *,bool))create_iterator;
this->public.create_iterator_locked = (iterator_t * (*) (linked_list_t *,pthread_mutex_t*))create_iterator_locked;
+ this->public.create_enumerator = (enumerator_t*(*)(linked_list_t*))create_enumerator;
this->public.get_first = (status_t (*) (linked_list_t *, void **item))get_first;
this->public.get_last = (status_t (*) (linked_list_t *, void **item))get_last;
this->public.insert_first = (void (*) (linked_list_t *, void *item))insert_first;
@@ -753,7 +850,10 @@ linked_list_t *linked_list_create()
this->public.insert_at_position = (status_t (*) (linked_list_t *,size_t, void *))insert_at_position;
this->public.remove_at_position = (status_t (*) (linked_list_t *,size_t, void **))remove_at_position;
this->public.get_at_position = (status_t (*) (linked_list_t *,size_t, void **))get_at_position;
- this->public.invoke = (void (*)(linked_list_t*,size_t))invoke;
+ this->public.invoke_offset = (void (*)(linked_list_t*,size_t))invoke_offset;
+ this->public.invoke_function = (void (*)(linked_list_t*,void(*)(void*)))invoke_function;
+ this->public.clone_offset = (linked_list_t * (*)(linked_list_t*,size_t))clone_offset;
+ this->public.clone_function = (linked_list_t * (*)(linked_list_t*,void*(*)(void*)))clone_function;
this->public.destroy = (void (*) (linked_list_t *))destroy;
this->public.destroy_offset = (void (*) (linked_list_t *,size_t))destroy_offset;
this->public.destroy_function = (void (*)(linked_list_t*,void(*)(void*)))destroy_function;
diff --git a/src/libstrongswan/utils/linked_list.h b/src/libstrongswan/utils/linked_list.h
index 58bcbbdaa..ebe5c187c 100644
--- a/src/libstrongswan/utils/linked_list.h
+++ b/src/libstrongswan/utils/linked_list.h
@@ -6,6 +6,7 @@
*/
/*
+ * Copyright (C) 2007 Tobias Brunner
* Copyright (C) 2005-2006 Martin Willi
* Copyright (C) 2005 Jan Hutter
* Hochschule fuer Technik Rapperswil
@@ -30,6 +31,7 @@ typedef struct linked_list_t linked_list_t;
#include <library.h>
#include <utils/iterator.h>
+#include <utils/enumerator.h>
/**
* @brief Class implementing a double linked list.
@@ -55,6 +57,9 @@ struct linked_list_t {
* @brief Creates a iterator for the given list.
*
* @warning Created iterator_t object has to get destroyed by the caller.
+ *
+ * @deprecated Iterator is obsolete and will disappear, it is too
+ * complicated to implement. Use enumerator instead.
*
* @param this calling object
* @param forward iterator direction (TRUE: front to end)
@@ -74,7 +79,18 @@ struct linked_list_t {
*/
iterator_t *(*create_iterator_locked) (linked_list_t *this,
pthread_mutex_t *mutex);
-
+
+ /**
+ * @brief Create an enumerator over the list.
+ *
+ * The enumerator is a "lightweight" iterator. It only has two methods
+ * and should therefore be much easier to implement.
+ *
+ * @param this calling object
+ * @return enumerator over list items
+ */
+ enumerator_t* (*create_enumerator)(linked_list_t *this);
+
/**
* @brief Inserts a new item at the beginning of the list.
*
@@ -183,7 +199,33 @@ struct linked_list_t {
* @param this calling object
* @param offset offset of the method to invoke on objects
*/
- void (*invoke) (linked_list_t *this, size_t offset);
+ void (*invoke_offset) (linked_list_t *this, size_t offset);
+
+ /**
+ * @brief Invoke a function on all of the contained objects.
+ *
+ * @param this calling object
+ * @param offset offset of the method to invoke on objects
+ */
+ void (*invoke_function) (linked_list_t *this, void (*)(void*));
+
+ /**
+ * @brief Clones a list and its objects using the objects' clone method.
+ *
+ * @param this calling object
+ * @param offset offset ot the objects clone function
+ * @return cloned list
+ */
+ linked_list_t *(*clone_offset) (linked_list_t *this, size_t offset);
+
+ /**
+ * @brief Clones a list and its objects using a given function.
+ *
+ * @param this calling object
+ * @param function function that clones an object
+ * @return cloned list
+ */
+ linked_list_t *(*clone_function) (linked_list_t *this, void*(*)(void*));
/**
* @brief Destroys a linked_list object.
diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c
new file mode 100644
index 000000000..ffa571b05
--- /dev/null
+++ b/src/libstrongswan/utils/optionsfrom.c
@@ -0,0 +1,148 @@
+/**
+ * @file optionsfrom.c
+ *
+ * @brief read command line options from a file
+ *
+ */
+
+/*
+ * Copyright (C) 1998, 1999 Henry Spencer.
+ *
+ * This library is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Library General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/lgpl.txt>.
+ *
+ * This library is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
+ * License for more details.
+ *
+ */
+
+#include <stdio.h>
+#include <errno.h>
+
+#include <library.h>
+#include <debug.h>
+#include <utils/lexparser.h>
+
+#include "optionsfrom.h"
+
+#define MAX_USES 20 /* loop-detection limit */
+#define SOME_ARGS 10 /* first guess at how many arguments we'll need */
+
+/*
+ * Defined in header.
+ */
+bool optionsfrom(const char *filename, int *argcp, char **argvp[], int optind)
+{
+ static int nuses = 0;
+ char **newargv;
+ int newargc;
+ int next; /* place for next argument */
+ int room; /* how many more new arguments we can hold */
+ size_t bytes;
+ chunk_t chunk, src, line, token;
+ bool good = TRUE;
+ int linepos = 0;
+ FILE *fd;
+
+ /* avoid endless loops with recursive --optionsfrom arguments */
+ nuses++;
+ if (nuses >= MAX_USES)
+ {
+ DBG1("optionsfrom called %d times - looping?", (*argvp)[0], nuses);
+ return FALSE;
+ }
+
+ fd = fopen(filename, "r");
+ if (fd == NULL)
+ {
+ DBG1("optionsfrom: unable to open file '%s': %s",
+ filename, strerror(errno));
+ return FALSE;
+ }
+
+ /* determine the file size */
+ fseek(fd, 0, SEEK_END);
+ chunk.len = ftell(fd);
+ rewind(fd);
+
+ /* allocate one byte more just in case of a missing final newline */
+ chunk.ptr = malloc(chunk.len + 1);
+
+ /* read the whole file into a chunk */
+ bytes = fread(chunk.ptr, 1, chunk.len, fd);
+ fclose(fd);
+
+ newargc = *argcp + SOME_ARGS;
+ newargv = malloc((newargc + 1) * sizeof(char *));
+ memcpy(newargv, *argvp, optind * sizeof(char *));
+ room = SOME_ARGS;
+ next = optind;
+ newargv[next] = NULL;
+
+ /* we keep the chunk pointer so that we can still free it */
+ src = chunk;
+
+ while (fetchline(&src, &line) && good)
+ {
+ linepos++;
+ while (eat_whitespace(&line))
+ {
+ if (*line.ptr == '"'|| *line.ptr == '\'')
+ {
+ char delimiter = *line.ptr;
+
+ line.ptr++;
+ line.len--;
+ if (!extract_token(&token, delimiter, &line))
+ {
+ DBG1("optionsfrom: missing terminator at %s:%d",
+ filename, linepos);
+ good = FALSE;
+ break;
+ }
+ }
+ else
+ {
+ if (!extract_token(&token, ' ', &line))
+ {
+ /* last token in a line */
+ token = line;
+ line.len = 0;
+ }
+ }
+
+ /* do we have to allocate more memory for additional arguments? */
+ if (room == 0)
+ {
+ newargc += SOME_ARGS;
+ newargv = realloc(newargv, (newargc+1) * sizeof(char *));
+ room = SOME_ARGS;
+ }
+
+ /* terminate the token by replacing the delimiter with a null character */
+ *(token.ptr + token.len) = '\0';
+
+ /* assign the token to the next argument */
+ newargv[next] = token.ptr;
+ next++;
+ room--;
+ }
+ }
+
+ if (!good) /* error of some kind */
+ {
+ free(chunk.ptr);
+ free(newargv);
+ return FALSE;
+ }
+
+ memcpy(newargv + next, *argvp + optind, (*argcp + 1 - optind) * sizeof(char *));
+ *argcp += next - optind;
+ *argvp = newargv;
+ return TRUE;
+}
+
diff --git a/src/libstrongswan/utils/optionsfrom.h b/src/libstrongswan/utils/optionsfrom.h
new file mode 100644
index 000000000..d6b9efde5
--- /dev/null
+++ b/src/libstrongswan/utils/optionsfrom.h
@@ -0,0 +1,37 @@
+/**
+ * @file optionsfrom.h
+ *
+ * @brief Read command line options from a file
+ *
+ */
+
+/*
+ * Copyright (C) 1998, 1999 Henry Spencer.
+ * Copyright (C) 2007 Andreas Steffen, Hochschule fuer Technik Rapperswil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef OPTIONSFROM_H_
+#define OPTIONSFROM_H_
+
+/**
+ * @brief Pick up more options from a file, in the middle of an option scan
+ *
+ * @param filename file containing the options
+ * @param argcp pointer to argc
+ * @param argvp pointer to argv[]
+ * @param optind current optind, number of next argument
+ * @return TRUE if optionsfrom parsing successful
+ */
+bool optionsfrom(const char *filename, int *argcp, char **argvp[], int optind);
+
+#endif /*OPTIONSFROM_H_*/