summaryrefslogtreecommitdiff
path: root/src/libstrongswan
diff options
context:
space:
mode:
Diffstat (limited to 'src/libstrongswan')
-rw-r--r--src/libstrongswan/Makefile.in1
-rw-r--r--src/libstrongswan/asn1/oid.c265
-rw-r--r--src/libstrongswan/asn1/oid.h102
-rw-r--r--src/libstrongswan/asn1/oid.txt5
-rwxr-xr-xsrc/libstrongswan/asn1/pem.c2
-rw-r--r--src/libstrongswan/crypto/ca.c12
-rw-r--r--src/libstrongswan/crypto/crypters/des_crypter.c5
-rw-r--r--src/libstrongswan/utils/identification.c28
-rw-r--r--src/libstrongswan/utils/iterator.h42
-rw-r--r--src/libstrongswan/utils/leak_detective.c17
-rw-r--r--src/libstrongswan/utils/linked_list.c59
11 files changed, 313 insertions, 225 deletions
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 015308449..f1144144e 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -144,6 +144,7 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PKG_CONFIG = @PKG_CONFIG@
RANLIB = @RANLIB@
+SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
STRIP = @STRIP@
diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c
index 48df1b7c4..6b16d5a64 100644
--- a/src/libstrongswan/asn1/oid.c
+++ b/src/libstrongswan/asn1/oid.c
@@ -62,137 +62,142 @@ const oid_t oid_names[] = {
{ 0x25, 50, 0, "extendedKeyUsage" }, /* 49 */
{ 0x37, 51, 0, "targetInformation" }, /* 50 */
{ 0x38, 0, 0, "noRevAvail" }, /* 51 */
- {0x2A, 89, 1, "" }, /* 52 */
+ {0x2A, 94, 1, "" }, /* 52 */
{ 0x86, 0, 1, "" }, /* 53 */
{ 0x48, 0, 1, "" }, /* 54 */
{ 0x86, 0, 1, "" }, /* 55 */
- { 0xF7, 0, 1, "" }, /* 56 */
- { 0x0D, 0, 1, "RSADSI" }, /* 57 */
- { 0x01, 84, 1, "PKCS" }, /* 58 */
- { 0x01, 67, 1, "PKCS-1" }, /* 59 */
- { 0x01, 61, 0, "rsaEncryption" }, /* 60 */
- { 0x02, 62, 0, "md2WithRSAEncryption" }, /* 61 */
- { 0x04, 63, 0, "md5WithRSAEncryption" }, /* 62 */
- { 0x05, 64, 0, "sha-1WithRSAEncryption" }, /* 63 */
- { 0x0B, 65, 0, "sha256WithRSAEncryption"}, /* 64 */
- { 0x0C, 66, 0, "sha384WithRSAEncryption"}, /* 65 */
- { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 66 */
- { 0x07, 74, 1, "PKCS-7" }, /* 67 */
- { 0x01, 69, 0, "data" }, /* 68 */
- { 0x02, 70, 0, "signedData" }, /* 69 */
- { 0x03, 71, 0, "envelopedData" }, /* 70 */
- { 0x04, 72, 0, "signedAndEnvelopedData" }, /* 71 */
- { 0x05, 73, 0, "digestedData" }, /* 72 */
- { 0x06, 0, 0, "encryptedData" }, /* 73 */
- { 0x09, 0, 1, "PKCS-9" }, /* 74 */
- { 0x01, 76, 0, "E" }, /* 75 */
- { 0x02, 77, 0, "unstructuredName" }, /* 76 */
- { 0x03, 78, 0, "contentType" }, /* 77 */
- { 0x04, 79, 0, "messageDigest" }, /* 78 */
- { 0x05, 80, 0, "signingTime" }, /* 79 */
- { 0x06, 81, 0, "counterSignature" }, /* 80 */
- { 0x07, 82, 0, "challengePassword" }, /* 81 */
- { 0x08, 83, 0, "unstructuredAddress" }, /* 82 */
- { 0x0E, 0, 0, "extensionRequest" }, /* 83 */
- { 0x02, 87, 1, "digestAlgorithm" }, /* 84 */
- { 0x02, 86, 0, "md2" }, /* 85 */
- { 0x05, 0, 0, "md5" }, /* 86 */
- { 0x03, 0, 1, "encryptionAlgorithm" }, /* 87 */
- { 0x07, 0, 0, "3des-ede-cbc" }, /* 88 */
- {0x2B, 150, 1, "" }, /* 89 */
- { 0x06, 137, 1, "dod" }, /* 90 */
- { 0x01, 0, 1, "internet" }, /* 91 */
- { 0x04, 106, 1, "private" }, /* 92 */
- { 0x01, 0, 1, "enterprise" }, /* 93 */
- { 0x82, 99, 1, "" }, /* 94 */
- { 0x37, 0, 1, "Microsoft" }, /* 95 */
- { 0x0A, 0, 1, "" }, /* 96 */
- { 0x03, 0, 1, "" }, /* 97 */
- { 0x03, 0, 0, "msSGC" }, /* 98 */
- { 0x89, 0, 1, "" }, /* 99 */
- { 0x31, 0, 1, "" }, /* 100 */
- { 0x01, 0, 1, "" }, /* 101 */
- { 0x01, 0, 1, "" }, /* 102 */
- { 0x02, 0, 1, "" }, /* 103 */
- { 0x02, 105, 0, "" }, /* 104 */
- { 0x4B, 0, 0, "TCGID" }, /* 105 */
- { 0x05, 0, 1, "security" }, /* 106 */
- { 0x05, 0, 1, "mechanisms" }, /* 107 */
- { 0x07, 0, 1, "id-pkix" }, /* 108 */
- { 0x01, 111, 1, "id-pe" }, /* 109 */
- { 0x01, 0, 0, "authorityInfoAccess" }, /* 110 */
- { 0x03, 121, 1, "id-kp" }, /* 111 */
- { 0x01, 113, 0, "serverAuth" }, /* 112 */
- { 0x02, 114, 0, "clientAuth" }, /* 113 */
- { 0x03, 115, 0, "codeSigning" }, /* 114 */
- { 0x04, 116, 0, "emailProtection" }, /* 115 */
- { 0x05, 117, 0, "ipsecEndSystem" }, /* 116 */
- { 0x06, 118, 0, "ipsecTunnel" }, /* 117 */
- { 0x07, 119, 0, "ipsecUser" }, /* 118 */
- { 0x08, 120, 0, "timeStamping" }, /* 119 */
- { 0x09, 0, 0, "ocspSigning" }, /* 120 */
- { 0x08, 123, 1, "id-otherNames" }, /* 121 */
- { 0x05, 0, 0, "xmppAddr" }, /* 122 */
- { 0x0A, 128, 1, "id-aca" }, /* 123 */
- { 0x01, 125, 0, "authenticationInfo" }, /* 124 */
- { 0x02, 126, 0, "accessIdentity" }, /* 125 */
- { 0x03, 127, 0, "chargingIdentity" }, /* 126 */
- { 0x04, 0, 0, "group" }, /* 127 */
- { 0x30, 0, 1, "id-ad" }, /* 128 */
- { 0x01, 0, 1, "ocsp" }, /* 129 */
- { 0x01, 131, 0, "basic" }, /* 130 */
- { 0x02, 132, 0, "nonce" }, /* 131 */
- { 0x03, 133, 0, "crl" }, /* 132 */
- { 0x04, 134, 0, "response" }, /* 133 */
- { 0x05, 135, 0, "noCheck" }, /* 134 */
- { 0x06, 136, 0, "archiveCutoff" }, /* 135 */
- { 0x07, 0, 0, "serviceLocator" }, /* 136 */
- { 0x0E, 143, 1, "oiw" }, /* 137 */
- { 0x03, 0, 1, "secsig" }, /* 138 */
- { 0x02, 0, 1, "algorithms" }, /* 139 */
- { 0x07, 141, 0, "des-cbc" }, /* 140 */
- { 0x1A, 142, 0, "sha-1" }, /* 141 */
- { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 142 */
- { 0x24, 0, 1, "TeleTrusT" }, /* 143 */
- { 0x03, 0, 1, "algorithm" }, /* 144 */
- { 0x03, 0, 1, "signatureAlgorithm" }, /* 145 */
- { 0x01, 0, 1, "rsaSignature" }, /* 146 */
- { 0x02, 148, 0, "rsaSigWithripemd160" }, /* 147 */
- { 0x03, 149, 0, "rsaSigWithripemd128" }, /* 148 */
- { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 149 */
- {0x60, 0, 1, "" }, /* 150 */
- { 0x86, 0, 1, "" }, /* 151 */
- { 0x48, 0, 1, "" }, /* 152 */
- { 0x01, 0, 1, "organization" }, /* 153 */
- { 0x65, 161, 1, "gov" }, /* 154 */
- { 0x03, 0, 1, "csor" }, /* 155 */
- { 0x04, 0, 1, "nistalgorithm" }, /* 156 */
- { 0x02, 0, 1, "hashalgs" }, /* 157 */
- { 0x01, 159, 0, "id-SHA-256" }, /* 158 */
- { 0x02, 160, 0, "id-SHA-384" }, /* 159 */
- { 0x03, 0, 0, "id-SHA-512" }, /* 160 */
- { 0x86, 0, 1, "" }, /* 161 */
- { 0xf8, 0, 1, "" }, /* 162 */
- { 0x42, 175, 1, "netscape" }, /* 163 */
- { 0x01, 170, 1, "" }, /* 164 */
- { 0x01, 166, 0, "nsCertType" }, /* 165 */
- { 0x03, 167, 0, "nsRevocationUrl" }, /* 166 */
- { 0x04, 168, 0, "nsCaRevocationUrl" }, /* 167 */
- { 0x08, 169, 0, "nsCaPolicyUrl" }, /* 168 */
- { 0x0d, 0, 0, "nsComment" }, /* 169 */
- { 0x03, 173, 1, "directory" }, /* 170 */
- { 0x01, 0, 1, "" }, /* 171 */
- { 0x03, 0, 0, "employeeNumber" }, /* 172 */
- { 0x04, 0, 1, "policy" }, /* 173 */
- { 0x01, 0, 0, "nsSGC" }, /* 174 */
- { 0x45, 0, 1, "verisign" }, /* 175 */
- { 0x01, 0, 1, "pki" }, /* 176 */
- { 0x09, 0, 1, "attributes" }, /* 177 */
- { 0x02, 179, 0, "messageType" }, /* 178 */
- { 0x03, 180, 0, "pkiStatus" }, /* 179 */
- { 0x04, 181, 0, "failInfo" }, /* 180 */
- { 0x05, 182, 0, "senderNonce" }, /* 181 */
- { 0x06, 183, 0, "recipientNonce" }, /* 182 */
- { 0x07, 184, 0, "transID" }, /* 183 */
- { 0x08, 0, 0, "extensionReq" } /* 184 */
+ { 0xF6, 61, 1, "" }, /* 56 */
+ { 0x7D, 0, 1, "NortelNetworks" }, /* 57 */
+ { 0x07, 0, 1, "Entrust" }, /* 58 */
+ { 0x41, 0, 1, "nsn-ce" }, /* 59 */
+ { 0x00, 0, 0, "entrustVersInfo" }, /* 60 */
+ { 0xF7, 0, 1, "" }, /* 61 */
+ { 0x0D, 0, 1, "RSADSI" }, /* 62 */
+ { 0x01, 89, 1, "PKCS" }, /* 63 */
+ { 0x01, 72, 1, "PKCS-1" }, /* 64 */
+ { 0x01, 66, 0, "rsaEncryption" }, /* 65 */
+ { 0x02, 67, 0, "md2WithRSAEncryption" }, /* 66 */
+ { 0x04, 68, 0, "md5WithRSAEncryption" }, /* 67 */
+ { 0x05, 69, 0, "sha-1WithRSAEncryption" }, /* 68 */
+ { 0x0B, 70, 0, "sha256WithRSAEncryption"}, /* 69 */
+ { 0x0C, 71, 0, "sha384WithRSAEncryption"}, /* 70 */
+ { 0x0D, 0, 0, "sha512WithRSAEncryption"}, /* 71 */
+ { 0x07, 79, 1, "PKCS-7" }, /* 72 */
+ { 0x01, 74, 0, "data" }, /* 73 */
+ { 0x02, 75, 0, "signedData" }, /* 74 */
+ { 0x03, 76, 0, "envelopedData" }, /* 75 */
+ { 0x04, 77, 0, "signedAndEnvelopedData" }, /* 76 */
+ { 0x05, 78, 0, "digestedData" }, /* 77 */
+ { 0x06, 0, 0, "encryptedData" }, /* 78 */
+ { 0x09, 0, 1, "PKCS-9" }, /* 79 */
+ { 0x01, 81, 0, "E" }, /* 80 */
+ { 0x02, 82, 0, "unstructuredName" }, /* 81 */
+ { 0x03, 83, 0, "contentType" }, /* 82 */
+ { 0x04, 84, 0, "messageDigest" }, /* 83 */
+ { 0x05, 85, 0, "signingTime" }, /* 84 */
+ { 0x06, 86, 0, "counterSignature" }, /* 85 */
+ { 0x07, 87, 0, "challengePassword" }, /* 86 */
+ { 0x08, 88, 0, "unstructuredAddress" }, /* 87 */
+ { 0x0E, 0, 0, "extensionRequest" }, /* 88 */
+ { 0x02, 92, 1, "digestAlgorithm" }, /* 89 */
+ { 0x02, 91, 0, "md2" }, /* 90 */
+ { 0x05, 0, 0, "md5" }, /* 91 */
+ { 0x03, 0, 1, "encryptionAlgorithm" }, /* 92 */
+ { 0x07, 0, 0, "3des-ede-cbc" }, /* 93 */
+ {0x2B, 155, 1, "" }, /* 94 */
+ { 0x06, 142, 1, "dod" }, /* 95 */
+ { 0x01, 0, 1, "internet" }, /* 96 */
+ { 0x04, 111, 1, "private" }, /* 97 */
+ { 0x01, 0, 1, "enterprise" }, /* 98 */
+ { 0x82, 104, 1, "" }, /* 99 */
+ { 0x37, 0, 1, "Microsoft" }, /* 100 */
+ { 0x0A, 0, 1, "" }, /* 101 */
+ { 0x03, 0, 1, "" }, /* 102 */
+ { 0x03, 0, 0, "msSGC" }, /* 103 */
+ { 0x89, 0, 1, "" }, /* 104 */
+ { 0x31, 0, 1, "" }, /* 105 */
+ { 0x01, 0, 1, "" }, /* 106 */
+ { 0x01, 0, 1, "" }, /* 107 */
+ { 0x02, 0, 1, "" }, /* 108 */
+ { 0x02, 110, 0, "" }, /* 109 */
+ { 0x4B, 0, 0, "TCGID" }, /* 110 */
+ { 0x05, 0, 1, "security" }, /* 111 */
+ { 0x05, 0, 1, "mechanisms" }, /* 112 */
+ { 0x07, 0, 1, "id-pkix" }, /* 113 */
+ { 0x01, 116, 1, "id-pe" }, /* 114 */
+ { 0x01, 0, 0, "authorityInfoAccess" }, /* 115 */
+ { 0x03, 126, 1, "id-kp" }, /* 116 */
+ { 0x01, 118, 0, "serverAuth" }, /* 117 */
+ { 0x02, 119, 0, "clientAuth" }, /* 118 */
+ { 0x03, 120, 0, "codeSigning" }, /* 119 */
+ { 0x04, 121, 0, "emailProtection" }, /* 120 */
+ { 0x05, 122, 0, "ipsecEndSystem" }, /* 121 */
+ { 0x06, 123, 0, "ipsecTunnel" }, /* 122 */
+ { 0x07, 124, 0, "ipsecUser" }, /* 123 */
+ { 0x08, 125, 0, "timeStamping" }, /* 124 */
+ { 0x09, 0, 0, "ocspSigning" }, /* 125 */
+ { 0x08, 128, 1, "id-otherNames" }, /* 126 */
+ { 0x05, 0, 0, "xmppAddr" }, /* 127 */
+ { 0x0A, 133, 1, "id-aca" }, /* 128 */
+ { 0x01, 130, 0, "authenticationInfo" }, /* 129 */
+ { 0x02, 131, 0, "accessIdentity" }, /* 130 */
+ { 0x03, 132, 0, "chargingIdentity" }, /* 131 */
+ { 0x04, 0, 0, "group" }, /* 132 */
+ { 0x30, 0, 1, "id-ad" }, /* 133 */
+ { 0x01, 0, 1, "ocsp" }, /* 134 */
+ { 0x01, 136, 0, "basic" }, /* 135 */
+ { 0x02, 137, 0, "nonce" }, /* 136 */
+ { 0x03, 138, 0, "crl" }, /* 137 */
+ { 0x04, 139, 0, "response" }, /* 138 */
+ { 0x05, 140, 0, "noCheck" }, /* 139 */
+ { 0x06, 141, 0, "archiveCutoff" }, /* 140 */
+ { 0x07, 0, 0, "serviceLocator" }, /* 141 */
+ { 0x0E, 148, 1, "oiw" }, /* 142 */
+ { 0x03, 0, 1, "secsig" }, /* 143 */
+ { 0x02, 0, 1, "algorithms" }, /* 144 */
+ { 0x07, 146, 0, "des-cbc" }, /* 145 */
+ { 0x1A, 147, 0, "sha-1" }, /* 146 */
+ { 0x1D, 0, 0, "sha-1WithRSASignature" }, /* 147 */
+ { 0x24, 0, 1, "TeleTrusT" }, /* 148 */
+ { 0x03, 0, 1, "algorithm" }, /* 149 */
+ { 0x03, 0, 1, "signatureAlgorithm" }, /* 150 */
+ { 0x01, 0, 1, "rsaSignature" }, /* 151 */
+ { 0x02, 153, 0, "rsaSigWithripemd160" }, /* 152 */
+ { 0x03, 154, 0, "rsaSigWithripemd128" }, /* 153 */
+ { 0x04, 0, 0, "rsaSigWithripemd256" }, /* 154 */
+ {0x60, 0, 1, "" }, /* 155 */
+ { 0x86, 0, 1, "" }, /* 156 */
+ { 0x48, 0, 1, "" }, /* 157 */
+ { 0x01, 0, 1, "organization" }, /* 158 */
+ { 0x65, 166, 1, "gov" }, /* 159 */
+ { 0x03, 0, 1, "csor" }, /* 160 */
+ { 0x04, 0, 1, "nistalgorithm" }, /* 161 */
+ { 0x02, 0, 1, "hashalgs" }, /* 162 */
+ { 0x01, 164, 0, "id-SHA-256" }, /* 163 */
+ { 0x02, 165, 0, "id-SHA-384" }, /* 164 */
+ { 0x03, 0, 0, "id-SHA-512" }, /* 165 */
+ { 0x86, 0, 1, "" }, /* 166 */
+ { 0xf8, 0, 1, "" }, /* 167 */
+ { 0x42, 180, 1, "netscape" }, /* 168 */
+ { 0x01, 175, 1, "" }, /* 169 */
+ { 0x01, 171, 0, "nsCertType" }, /* 170 */
+ { 0x03, 172, 0, "nsRevocationUrl" }, /* 171 */
+ { 0x04, 173, 0, "nsCaRevocationUrl" }, /* 172 */
+ { 0x08, 174, 0, "nsCaPolicyUrl" }, /* 173 */
+ { 0x0d, 0, 0, "nsComment" }, /* 174 */
+ { 0x03, 178, 1, "directory" }, /* 175 */
+ { 0x01, 0, 1, "" }, /* 176 */
+ { 0x03, 0, 0, "employeeNumber" }, /* 177 */
+ { 0x04, 0, 1, "policy" }, /* 178 */
+ { 0x01, 0, 0, "nsSGC" }, /* 179 */
+ { 0x45, 0, 1, "verisign" }, /* 180 */
+ { 0x01, 0, 1, "pki" }, /* 181 */
+ { 0x09, 0, 1, "attributes" }, /* 182 */
+ { 0x02, 184, 0, "messageType" }, /* 183 */
+ { 0x03, 185, 0, "pkiStatus" }, /* 184 */
+ { 0x04, 186, 0, "failInfo" }, /* 185 */
+ { 0x05, 187, 0, "senderNonce" }, /* 186 */
+ { 0x06, 188, 0, "recipientNonce" }, /* 187 */
+ { 0x07, 189, 0, "transID" }, /* 188 */
+ { 0x08, 0, 0, "extensionReq" } /* 189 */
};
diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h
index 49260c9f4..a29b1f0a1 100644
--- a/src/libstrongswan/asn1/oid.h
+++ b/src/libstrongswan/asn1/oid.h
@@ -29,56 +29,56 @@ extern const oid_t oid_names[];
#define OID_EXTENDED_KEY_USAGE 49
#define OID_TARGET_INFORMATION 50
#define OID_NO_REV_AVAIL 51
-#define OID_RSA_ENCRYPTION 60
-#define OID_MD2_WITH_RSA 61
-#define OID_MD5_WITH_RSA 62
-#define OID_SHA1_WITH_RSA 63
-#define OID_SHA256_WITH_RSA 64
-#define OID_SHA384_WITH_RSA 65
-#define OID_SHA512_WITH_RSA 66
-#define OID_PKCS7_DATA 68
-#define OID_PKCS7_SIGNED_DATA 69
-#define OID_PKCS7_ENVELOPED_DATA 70
-#define OID_PKCS7_SIGNED_ENVELOPED_DATA 71
-#define OID_PKCS7_DIGESTED_DATA 72
-#define OID_PKCS7_ENCRYPTED_DATA 73
-#define OID_PKCS9_EMAIL 75
-#define OID_PKCS9_CONTENT_TYPE 77
-#define OID_PKCS9_MESSAGE_DIGEST 78
-#define OID_PKCS9_SIGNING_TIME 79
-#define OID_MD2 85
-#define OID_MD5 86
-#define OID_3DES_EDE_CBC 88
-#define OID_AUTHORITY_INFO_ACCESS 110
-#define OID_OCSP_SIGNING 120
-#define OID_XMPP_ADDR 122
-#define OID_AUTHENTICATION_INFO 124
-#define OID_ACCESS_IDENTITY 125
-#define OID_CHARGING_IDENTITY 126
-#define OID_GROUP 127
-#define OID_OCSP 129
-#define OID_BASIC 130
-#define OID_NONCE 131
-#define OID_CRL 132
-#define OID_RESPONSE 133
-#define OID_NO_CHECK 134
-#define OID_ARCHIVE_CUTOFF 135
-#define OID_SERVICE_LOCATOR 136
-#define OID_DES_CBC 140
-#define OID_SHA1 141
-#define OID_SHA1_WITH_RSA_OIW 142
-#define OID_SHA256 158
-#define OID_SHA384 159
-#define OID_SHA512 160
-#define OID_NS_REVOCATION_URL 166
-#define OID_NS_CA_REVOCATION_URL 167
-#define OID_NS_CA_POLICY_URL 168
-#define OID_NS_COMMENT 169
-#define OID_PKI_MESSAGE_TYPE 178
-#define OID_PKI_STATUS 179
-#define OID_PKI_FAIL_INFO 180
-#define OID_PKI_SENDER_NONCE 181
-#define OID_PKI_RECIPIENT_NONCE 182
-#define OID_PKI_TRANS_ID 183
+#define OID_RSA_ENCRYPTION 65
+#define OID_MD2_WITH_RSA 66
+#define OID_MD5_WITH_RSA 67
+#define OID_SHA1_WITH_RSA 68
+#define OID_SHA256_WITH_RSA 69
+#define OID_SHA384_WITH_RSA 70
+#define OID_SHA512_WITH_RSA 71
+#define OID_PKCS7_DATA 73
+#define OID_PKCS7_SIGNED_DATA 74
+#define OID_PKCS7_ENVELOPED_DATA 75
+#define OID_PKCS7_SIGNED_ENVELOPED_DATA 76
+#define OID_PKCS7_DIGESTED_DATA 77
+#define OID_PKCS7_ENCRYPTED_DATA 78
+#define OID_PKCS9_EMAIL 80
+#define OID_PKCS9_CONTENT_TYPE 82
+#define OID_PKCS9_MESSAGE_DIGEST 83
+#define OID_PKCS9_SIGNING_TIME 84
+#define OID_MD2 90
+#define OID_MD5 91
+#define OID_3DES_EDE_CBC 93
+#define OID_AUTHORITY_INFO_ACCESS 115
+#define OID_OCSP_SIGNING 125
+#define OID_XMPP_ADDR 127
+#define OID_AUTHENTICATION_INFO 129
+#define OID_ACCESS_IDENTITY 130
+#define OID_CHARGING_IDENTITY 131
+#define OID_GROUP 132
+#define OID_OCSP 134
+#define OID_BASIC 135
+#define OID_NONCE 136
+#define OID_CRL 137
+#define OID_RESPONSE 138
+#define OID_NO_CHECK 139
+#define OID_ARCHIVE_CUTOFF 140
+#define OID_SERVICE_LOCATOR 141
+#define OID_DES_CBC 145
+#define OID_SHA1 146
+#define OID_SHA1_WITH_RSA_OIW 147
+#define OID_SHA256 163
+#define OID_SHA384 164
+#define OID_SHA512 165
+#define OID_NS_REVOCATION_URL 171
+#define OID_NS_CA_REVOCATION_URL 172
+#define OID_NS_CA_POLICY_URL 173
+#define OID_NS_COMMENT 174
+#define OID_PKI_MESSAGE_TYPE 183
+#define OID_PKI_STATUS 184
+#define OID_PKI_FAIL_INFO 185
+#define OID_PKI_SENDER_NONCE 186
+#define OID_PKI_RECIPIENT_NONCE 187
+#define OID_PKI_TRANS_ID 188
#endif /* OID_H_ */
diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt
index 2b3c96ae3..bd5a26e43 100644
--- a/src/libstrongswan/asn1/oid.txt
+++ b/src/libstrongswan/asn1/oid.txt
@@ -54,6 +54,11 @@
0x86 ""
0x48 ""
0x86 ""
+ 0xF6 ""
+ 0x7D "NortelNetworks"
+ 0x07 "Entrust"
+ 0x41 "nsn-ce"
+ 0x00 "entrustVersInfo"
0xF7 ""
0x0D "RSADSI"
0x01 "PKCS"
diff --git a/src/libstrongswan/asn1/pem.c b/src/libstrongswan/asn1/pem.c
index e88db249d..641805869 100755
--- a/src/libstrongswan/asn1/pem.c
+++ b/src/libstrongswan/asn1/pem.c
@@ -117,8 +117,10 @@ static err_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, size_t key_s
crypter->set_key(crypter, key);
if (crypter->decrypt(crypter, *blob, *iv, &decrypted) != SUCCESS)
{
+ crypter->destroy(crypter);
return "data size is not multiple of block size";
}
+ crypter->destroy(crypter);
memcpy(blob->ptr, decrypted.ptr, blob->len);
chunk_free(&decrypted);
diff --git a/src/libstrongswan/crypto/ca.c b/src/libstrongswan/crypto/ca.c
index 07413e805..a78590954 100644
--- a/src/libstrongswan/crypto/ca.c
+++ b/src/libstrongswan/crypto/ca.c
@@ -345,7 +345,7 @@ static void add_crluri(private_ca_info_t *this, chunk_t uri)
strncasecmp(uri.ptr, "file", 4) != 0 &&
strncasecmp(uri.ptr, "ftp", 3) != 0))
{
- DBG1(" invalid crl uri '%#B'", uri);
+ DBG1(" invalid crl uri '%.*s'", uri.len, uri.ptr);
return;
}
else
@@ -399,7 +399,10 @@ void add_info (private_ca_info_t *this, const private_ca_info_t *that)
while (iterator->iterate(iterator, (void**)&uri))
{
- add_crluri(this, uri->get_encoding(uri));
+ if (uri->get_type(uri) == ID_DER_ASN1_GN_URI)
+ {
+ add_crluri(this, uri->get_encoding(uri));
+ }
}
iterator->destroy(iterator);
}
@@ -411,7 +414,10 @@ void add_info (private_ca_info_t *this, const private_ca_info_t *that)
while (iterator->iterate(iterator, (void**)&uri))
{
- add_ocspuri(this, uri->get_encoding(uri));
+ if (uri->get_type(uri) == ID_DER_ASN1_GN_URI)
+ {
+ add_ocspuri(this, uri->get_encoding(uri));
+ }
}
iterator->destroy(iterator);
}
diff --git a/src/libstrongswan/crypto/crypters/des_crypter.c b/src/libstrongswan/crypto/crypters/des_crypter.c
index dc5a8ff55..655cc03ce 100644
--- a/src/libstrongswan/crypto/crypters/des_crypter.c
+++ b/src/libstrongswan/crypto/crypters/des_crypter.c
@@ -871,14 +871,15 @@ static int des_set_key(des_cblock *key, des_key_schedule *schedule)
register unsigned char *in;
register DES_LONG *k;
register int i;
+ des_cblock odd;
for (i = 0; i < sizeof(des_cblock); i++)
{
- (*key)[i] = odd_parity[(*key)[i]];
+ odd[i] = odd_parity[(*key)[i]];
}
k=(DES_LONG *)schedule;
- in=(unsigned char *)key;
+ in=(unsigned char *)&odd;
c2l(in,c);
c2l(in,d);
diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c
index 673cbb828..ba0a76893 100644
--- a/src/libstrongswan/utils/identification.c
+++ b/src/libstrongswan/utils/identification.c
@@ -759,6 +759,24 @@ static bool equals_dn(private_identification_t *this,
}
/**
+ * Special implementation of identification_t.equals for RFC822 and FQDN.
+ */
+static bool equals_strcasecmp(private_identification_t *this,
+ private_identification_t *other)
+{
+ /* we do some extra sanity checks to check for invalid IDs with a
+ * terminating null in it. */
+ if (this->encoded.len == other->encoded.len &&
+ memchr(this->encoded.ptr, 0, this->encoded.len) == NULL &&
+ memchr(other->encoded.ptr, 0, other->encoded.len) == NULL &&
+ strncasecmp(this->encoded.ptr, other->encoded.ptr, this->encoded.len) == 0)
+ {
+ return TRUE;
+ }
+ return FALSE;
+}
+
+/**
* Default implementation of identification_t.matches.
*/
static bool matches_binary(private_identification_t *this,
@@ -1094,6 +1112,8 @@ identification_t *identification_create_from_string(char *string)
this->encoded.len = strlen(string + 1);
this->public.matches = (bool (*)
(identification_t*,identification_t*,int*))matches_string;
+ this->public.equals = (bool (*)
+ (identification_t*,identification_t*))equals_strcasecmp;
return &(this->public);
}
}
@@ -1104,6 +1124,8 @@ identification_t *identification_create_from_string(char *string)
this->encoded.len = strlen(string);
this->public.matches = (bool (*)
(identification_t*,identification_t*,int*))matches_string;
+ this->public.equals = (bool (*)
+ (identification_t*,identification_t*))equals_strcasecmp;
return &(this->public);
}
}
@@ -1123,12 +1145,11 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en
(identification_t*,identification_t*,int*))matches_any;
break;
case ID_FQDN:
- this->public.matches = (bool (*)
- (identification_t*,identification_t*,int*))matches_string;
- break;
case ID_RFC822_ADDR:
this->public.matches = (bool (*)
(identification_t*,identification_t*,int*))matches_string;
+ this->public.equals = (bool (*)
+ (identification_t*,identification_t*))equals_strcasecmp;
break;
case ID_DER_ASN1_DN:
this->public.equals = (bool (*)
@@ -1152,3 +1173,4 @@ identification_t *identification_create_from_encoding(id_type_t type, chunk_t en
}
return &(this->public);
}
+
diff --git a/src/libstrongswan/utils/iterator.h b/src/libstrongswan/utils/iterator.h
index 02a15c534..b4ff85bfb 100644
--- a/src/libstrongswan/utils/iterator.h
+++ b/src/libstrongswan/utils/iterator.h
@@ -26,15 +26,46 @@
#include <library.h>
+typedef enum hook_result_t hook_result_t;
+
+/**
+ * @brief Return value of an iterator hook.
+ *
+ * Returning HOOK_AGAIN is useful to "inject" additional elements in an
+ * iteration, HOOK_NEXT is the normal iterator behavior, and HOOK_SKIP may
+ * be used to filter elements out.
+ *
+ * @ingroup utils
+ */
+enum hook_result_t {
+
+ /**
+ * A value was placed in out, hook is called again with the same "in"
+ */
+ HOOK_AGAIN,
+
+ /**
+ * A value was placed in out, hook is called again with next "in" (if any)
+ */
+ HOOK_NEXT,
+
+ /**
+ * No value in out, call again with next "in" (if any)
+ */
+ HOOK_SKIP,
+};
+
/**
* @brief Iterator hook function prototype.
*
* @param param user supplied parameter
* @param in the value the hook receives from the iterator
* @param out the value supplied as a result to the iterator
- * @return TRUE to return "out", FALSE to skip this value
+ * @return a hook_result_t
+ *
+ * @ingroup utils
*/
-typedef bool (iterator_hook_t)(void *param, void *in, void **out);
+typedef hook_result_t (iterator_hook_t)(void *param, void *in, void **out);
typedef struct iterator_t iterator_t;
@@ -45,8 +76,6 @@ typedef struct iterator_t iterator_t;
* iterator_t defines an interface for iterating over collections.
* It allows searching, deleting, updating and inserting.
*
- * Thanks to JMP for iterator lessons :-)
- *
* @b Constructors:
* - via linked_list_t.create_iterator, or
* - any other class which supports the iterator_t interface
@@ -84,8 +113,11 @@ struct iterator_t {
* Sometimes it is useful to hook in an iterator. The hook function is
* called before any successful return of iterate(). It takes the
* iterator value, may manipulate it (or the references object), and returns
- * the value that the iterate() function returns.
+ * the value that the iterate() function returns. Depending on the hook
+ * return value, the hook is called again, called with next, or skipped.
* A value of NULL deactivates the iterator hook.
+ * If an iterator is hooked, only the iterate() method is valid,
+ * all other methods behave undefined.
*
* @param this calling object
* @param hook iterator hook which manipulates the iterated value
diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c
index b8a023270..a28ebba51 100644
--- a/src/libstrongswan/utils/leak_detective.c
+++ b/src/libstrongswan/utils/leak_detective.c
@@ -410,7 +410,10 @@ void *realloc_hook(void *old, size_t bytes, const void *caller)
*/
void __attribute__ ((constructor)) leak_detective_init()
{
- install_hooks();
+ if (getenv("LEAK_DETECTIVE_DISABLE") == NULL)
+ {
+ install_hooks();
+ }
}
/**
@@ -418,8 +421,11 @@ void __attribute__ ((constructor)) leak_detective_init()
*/
void __attribute__ ((destructor)) leak_detective_cleanup()
{
- uninstall_hooks();
- report_leaks();
+ if (getenv("LEAK_DETECTIVE_DISABLE") == NULL)
+ {
+ uninstall_hooks();
+ report_leaks();
+ }
}
/**
@@ -431,6 +437,11 @@ void leak_detective_status(FILE *stream)
size_t bytes = 0;
memory_header_t *hdr = &first_header;
+ if (getenv("LEAK_DETECTIVE_DISABLE"))
+ {
+ return;
+ }
+
pthread_mutex_lock(&mutex);
while ((hdr = hdr->next))
{
diff --git a/src/libstrongswan/utils/linked_list.c b/src/libstrongswan/utils/linked_list.c
index de043a02e..de52ea46a 100644
--- a/src/libstrongswan/utils/linked_list.c
+++ b/src/libstrongswan/utils/linked_list.c
@@ -151,10 +151,10 @@ static int get_list_count(private_iterator_t *this)
/**
* default iterator hook which does nothing
*/
-static bool iterator_hook(void *param, void *in, void **out)
+static hook_result_t iterator_hook(void *param, void *in, void **out)
{
*out = in;
- return TRUE;
+ return HOOK_NEXT;
}
/**
@@ -180,40 +180,43 @@ static void set_iterator_hook(private_iterator_t *this, iterator_hook_t *hook,
*/
static bool iterate(private_iterator_t *this, void** value)
{
- if (this->list->count == 0)
- {
- return FALSE;
- }
- if (this->current == NULL)
+ while (TRUE)
{
- this->current = (this->forward) ? this->list->first : this->list->last;
- if (!this->hook(this->hook_param, this->current->value, value))
+ if (this->forward)
{
- return iterate(this, value);
+ this->current = this->current ? this->current->next : this->list->first;
}
- return TRUE;
- }
- if (this->forward)
- {
- if (this->current->next == NULL)
+ else
+ {
+ this->current = this->current ? this->current->previous : this->list->last;
+ }
+
+ if (this->current == NULL)
{
return FALSE;
}
- this->current = this->current->next;
- if (!this->hook(this->hook_param, this->current->value, value))
+
+ switch (this->hook(this->hook_param, this->current->value, value))
{
- return iterate(this, value);
+ case HOOK_AGAIN:
+ /* rewind */
+ if (this->forward)
+ {
+ this->current = this->current->previous;
+ }
+ else
+ {
+ this->current = this->current->next;
+ }
+ break;
+ case HOOK_NEXT:
+ /* normal iteration */
+ break;
+ case HOOK_SKIP:
+ /* advance */
+ continue;
}
- return TRUE;
- }
- if (this->current->previous == NULL)
- {
- return FALSE;
- }
- this->current = this->current->previous;
- if (!this->hook(this->hook_param, this->current->value, value))
- {
- return iterate(this, value);
+ break;
}
return TRUE;
}