diff options
Diffstat (limited to 'src/libstrongswan')
123 files changed, 4233 insertions, 0 deletions
diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 6a29d8eea..894d3ae65 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -30,7 +30,12 @@ credentials/keys/private_key.c credentials/keys/private_key.h \ credentials/keys/public_key.c credentials/keys/public_key.h \ credentials/keys/shared_key.c credentials/keys/shared_key.h \ credentials/certificates/certificate.c credentials/certificates/certificate.h \ +<<<<<<< HEAD +credentials/certificates/x509.h credentials/certificates/x509.c \ +credentials/certificates/ac.h \ +======= credentials/certificates/x509.h credentials/certificates/ac.h \ +>>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -135,6 +140,8 @@ else SUBDIRS = . endif +<<<<<<< HEAD +======= if USE_AF_ALG SUBDIRS += plugins/af_alg if MONOLITHIC @@ -142,6 +149,7 @@ if MONOLITHIC endif endif +>>>>>>> upstream/4.5.1 if USE_AES SUBDIRS += plugins/aes if MONOLITHIC @@ -233,6 +241,8 @@ if MONOLITHIC endif endif +<<<<<<< HEAD +======= if USE_CONSTRAINTS SUBDIRS += plugins/constraints if MONOLITHIC @@ -240,6 +250,7 @@ if MONOLITHIC endif endif +>>>>>>> upstream/4.5.1 if USE_PUBKEY SUBDIRS += plugins/pubkey if MONOLITHIC @@ -282,6 +293,8 @@ if MONOLITHIC endif endif +<<<<<<< HEAD +======= if USE_SOUP SUBDIRS += plugins/soup if MONOLITHIC @@ -289,6 +302,7 @@ if MONOLITHIC endif endif +>>>>>>> upstream/4.5.1 if USE_LDAP SUBDIRS += plugins/ldap if MONOLITHIC diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index 76b4f70c6..af1e5bf3d 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -44,6 +44,72 @@ host_triplet = @host@ @USE_INTEGRITY_TEST_TRUE@ integrity_checker.c integrity_checker.h @USE_VSTR_TRUE@am__append_6 = -lvstr +<<<<<<< HEAD +@USE_AES_TRUE@am__append_7 = plugins/aes +@MONOLITHIC_TRUE@@USE_AES_TRUE@am__append_8 = plugins/aes/libstrongswan-aes.la +@USE_DES_TRUE@am__append_9 = plugins/des +@MONOLITHIC_TRUE@@USE_DES_TRUE@am__append_10 = plugins/des/libstrongswan-des.la +@USE_BLOWFISH_TRUE@am__append_11 = plugins/blowfish +@MONOLITHIC_TRUE@@USE_BLOWFISH_TRUE@am__append_12 = plugins/blowfish/libstrongswan-blowfish.la +@USE_MD4_TRUE@am__append_13 = plugins/md4 +@MONOLITHIC_TRUE@@USE_MD4_TRUE@am__append_14 = plugins/md4/libstrongswan-md4.la +@USE_MD5_TRUE@am__append_15 = plugins/md5 +@MONOLITHIC_TRUE@@USE_MD5_TRUE@am__append_16 = plugins/md5/libstrongswan-md5.la +@USE_SHA1_TRUE@am__append_17 = plugins/sha1 +@MONOLITHIC_TRUE@@USE_SHA1_TRUE@am__append_18 = plugins/sha1/libstrongswan-sha1.la +@USE_SHA2_TRUE@am__append_19 = plugins/sha2 +@MONOLITHIC_TRUE@@USE_SHA2_TRUE@am__append_20 = plugins/sha2/libstrongswan-sha2.la +@USE_GMP_TRUE@am__append_21 = plugins/gmp +@MONOLITHIC_TRUE@@USE_GMP_TRUE@am__append_22 = plugins/gmp/libstrongswan-gmp.la +@USE_RANDOM_TRUE@am__append_23 = plugins/random +@MONOLITHIC_TRUE@@USE_RANDOM_TRUE@am__append_24 = plugins/random/libstrongswan-random.la +@USE_HMAC_TRUE@am__append_25 = plugins/hmac +@MONOLITHIC_TRUE@@USE_HMAC_TRUE@am__append_26 = plugins/hmac/libstrongswan-hmac.la +@USE_XCBC_TRUE@am__append_27 = plugins/xcbc +@MONOLITHIC_TRUE@@USE_XCBC_TRUE@am__append_28 = plugins/xcbc/libstrongswan-xcbc.la +@USE_X509_TRUE@am__append_29 = plugins/x509 +@MONOLITHIC_TRUE@@USE_X509_TRUE@am__append_30 = plugins/x509/libstrongswan-x509.la +@USE_REVOCATION_TRUE@am__append_31 = plugins/revocation +@MONOLITHIC_TRUE@@USE_REVOCATION_TRUE@am__append_32 = plugins/revocation/libstrongswan-revocation.la +@USE_PUBKEY_TRUE@am__append_33 = plugins/pubkey +@MONOLITHIC_TRUE@@USE_PUBKEY_TRUE@am__append_34 = plugins/pubkey/libstrongswan-pubkey.la +@USE_PKCS1_TRUE@am__append_35 = plugins/pkcs1 +@MONOLITHIC_TRUE@@USE_PKCS1_TRUE@am__append_36 = plugins/pkcs1/libstrongswan-pkcs1.la +@USE_PGP_TRUE@am__append_37 = plugins/pgp +@MONOLITHIC_TRUE@@USE_PGP_TRUE@am__append_38 = plugins/pgp/libstrongswan-pgp.la +@USE_DNSKEY_TRUE@am__append_39 = plugins/dnskey +@MONOLITHIC_TRUE@@USE_DNSKEY_TRUE@am__append_40 = plugins/dnskey/libstrongswan-dnskey.la +@USE_PEM_TRUE@am__append_41 = plugins/pem +@MONOLITHIC_TRUE@@USE_PEM_TRUE@am__append_42 = plugins/pem/libstrongswan-pem.la +@USE_CURL_TRUE@am__append_43 = plugins/curl +@MONOLITHIC_TRUE@@USE_CURL_TRUE@am__append_44 = plugins/curl/libstrongswan-curl.la +@USE_LDAP_TRUE@am__append_45 = plugins/ldap +@MONOLITHIC_TRUE@@USE_LDAP_TRUE@am__append_46 = plugins/ldap/libstrongswan-ldap.la +@USE_MYSQL_TRUE@am__append_47 = plugins/mysql +@MONOLITHIC_TRUE@@USE_MYSQL_TRUE@am__append_48 = plugins/mysql/libstrongswan-mysql.la +@USE_SQLITE_TRUE@am__append_49 = plugins/sqlite +@MONOLITHIC_TRUE@@USE_SQLITE_TRUE@am__append_50 = plugins/sqlite/libstrongswan-sqlite.la +@USE_PADLOCK_TRUE@am__append_51 = plugins/padlock +@MONOLITHIC_TRUE@@USE_PADLOCK_TRUE@am__append_52 = plugins/padlock/libstrongswan-padlock.la +@USE_OPENSSL_TRUE@am__append_53 = plugins/openssl +@MONOLITHIC_TRUE@@USE_OPENSSL_TRUE@am__append_54 = plugins/openssl/libstrongswan-openssl.la +@USE_GCRYPT_TRUE@am__append_55 = plugins/gcrypt +@MONOLITHIC_TRUE@@USE_GCRYPT_TRUE@am__append_56 = plugins/gcrypt/libstrongswan-gcrypt.la +@USE_FIPS_PRF_TRUE@am__append_57 = plugins/fips_prf +@MONOLITHIC_TRUE@@USE_FIPS_PRF_TRUE@am__append_58 = plugins/fips_prf/libstrongswan-fips-prf.la +@USE_AGENT_TRUE@am__append_59 = plugins/agent +@MONOLITHIC_TRUE@@USE_AGENT_TRUE@am__append_60 = plugins/agent/libstrongswan-agent.la +@USE_PKCS11_TRUE@am__append_61 = plugins/pkcs11 +@MONOLITHIC_TRUE@@USE_PKCS11_TRUE@am__append_62 = plugins/pkcs11/libstrongswan-pkcs11.la +@USE_CTR_TRUE@am__append_63 = plugins/ctr +@MONOLITHIC_TRUE@@USE_CTR_TRUE@am__append_64 = plugins/ctr/libstrongswan-ctr.la +@USE_CCM_TRUE@am__append_65 = plugins/ccm +@MONOLITHIC_TRUE@@USE_CCM_TRUE@am__append_66 = plugins/ccm/libstrongswan-ccm.la +@USE_GCM_TRUE@am__append_67 = plugins/gcm +@MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_68 = plugins/gcm/libstrongswan-gcm.la +@USE_TEST_VECTORS_TRUE@am__append_69 = plugins/test_vectors +@MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_70 = plugins/test_vectors/libstrongswan-test-vectors.la +======= @USE_AF_ALG_TRUE@am__append_7 = plugins/af_alg @MONOLITHIC_TRUE@@USE_AF_ALG_TRUE@am__append_8 = plugins/af_alg/libstrongswan-af-alg.la @USE_AES_TRUE@am__append_9 = plugins/aes @@ -114,6 +180,7 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_GCM_TRUE@am__append_74 = plugins/gcm/libstrongswan-gcm.la @USE_TEST_VECTORS_TRUE@am__append_75 = plugins/test_vectors @MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_76 = plugins/test_vectors/libstrongswan-test-vectors.la +>>>>>>> upstream/4.5.1 subdir = src/libstrongswan DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 @@ -168,8 +235,12 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ +<<<<<<< HEAD + $(am__append_66) $(am__append_68) $(am__append_70) +======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) +>>>>>>> upstream/4.5.1 am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ chunk.h debug.c debug.h enum.c enum.h settings.h settings.c \ printf_hook.c printf_hook.h asn1/asn1.c asn1/asn1.h \ @@ -194,7 +265,12 @@ am__libstrongswan_la_SOURCES_DIST = library.c library.h chunk.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ +<<<<<<< HEAD + credentials/certificates/x509.h \ + credentials/certificates/x509.c credentials/certificates/ac.h \ +======= credentials/certificates/x509.h credentials/certificates/ac.h \ +>>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -244,7 +320,11 @@ am_libstrongswan_la_OBJECTS = library.lo chunk.lo debug.lo enum.lo \ crypto_tester.lo diffie_hellman.lo aead.lo transform.lo \ credential_factory.lo builder.lo cred_encoding.lo \ private_key.lo public_key.lo shared_key.lo certificate.lo \ +<<<<<<< HEAD + x509.lo crl.lo ocsp_response.lo ietf_attributes.lo \ +======= crl.lo ocsp_response.lo ietf_attributes.lo \ +>>>>>>> upstream/4.5.1 credential_manager.lo auth_cfg_wrapper.lo \ ocsp_response_wrapper.lo cert_cache.lo mem_cred.lo \ callback_cred.lo auth_cfg.lo database_factory.lo \ @@ -284,6 +364,16 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ distdir ETAGS = etags CTAGS = ctags +<<<<<<< HEAD +DIST_SUBDIRS = . plugins/aes plugins/des plugins/blowfish plugins/md4 \ + plugins/md5 plugins/sha1 plugins/sha2 plugins/gmp \ + plugins/random plugins/hmac plugins/xcbc plugins/x509 \ + plugins/revocation plugins/pubkey plugins/pkcs1 plugins/pgp \ + plugins/dnskey plugins/pem plugins/curl plugins/ldap \ + plugins/mysql plugins/sqlite plugins/padlock plugins/openssl \ + plugins/gcrypt plugins/fips_prf plugins/agent plugins/pkcs11 \ + plugins/ctr plugins/ccm plugins/gcm plugins/test_vectors +======= DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/blowfish plugins/md4 plugins/md5 plugins/sha1 \ plugins/sha2 plugins/gmp plugins/random plugins/hmac \ @@ -294,6 +384,7 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/openssl plugins/gcrypt plugins/fips_prf plugins/agent \ plugins/pkcs11 plugins/ctr plugins/ccm plugins/gcm \ plugins/test_vectors +>>>>>>> upstream/4.5.1 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -439,7 +530,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -478,8 +575,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -515,7 +615,12 @@ libstrongswan_la_SOURCES = library.c library.h chunk.c chunk.h debug.c \ credentials/keys/shared_key.h \ credentials/certificates/certificate.c \ credentials/certificates/certificate.h \ +<<<<<<< HEAD + credentials/certificates/x509.h \ + credentials/certificates/x509.c credentials/certificates/ac.h \ +======= credentials/certificates/x509.h credentials/certificates/ac.h \ +>>>>>>> upstream/4.5.1 credentials/certificates/crl.h credentials/certificates/crl.c \ credentials/certificates/pkcs10.h \ credentials/certificates/ocsp_request.h \ @@ -566,8 +671,12 @@ libstrongswan_la_LIBADD = $(PTHREADLIB) $(DLLIB) $(BTLIB) $(SOCKLIB) \ $(am__append_48) $(am__append_50) $(am__append_52) \ $(am__append_54) $(am__append_56) $(am__append_58) \ $(am__append_60) $(am__append_62) $(am__append_64) \ +<<<<<<< HEAD + $(am__append_66) $(am__append_68) $(am__append_70) +======= $(am__append_66) $(am__append_68) $(am__append_70) \ $(am__append_72) $(am__append_74) $(am__append_76) +>>>>>>> upstream/4.5.1 INCLUDES = -I$(top_srcdir)/src/libstrongswan AM_CFLAGS = -DIPSEC_DIR=\"${ipsecdir}\" -DPLUGINDIR=\"${plugindir}\" \ -DSTRONGSWAN_CONF=\"${strongswan_conf}\" $(am__append_1) \ @@ -600,9 +709,13 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_FALSE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_FALSE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_FALSE@ $(am__append_63) $(am__append_65) \ +<<<<<<< HEAD +@MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) +======= @MONOLITHIC_FALSE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_FALSE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_FALSE@ $(am__append_75) +>>>>>>> upstream/4.5.1 # build plugins with their own Makefile ####################################### @@ -621,9 +734,13 @@ $(srcdir)/crypto/proposal/proposal_keywords.c @MONOLITHIC_TRUE@ $(am__append_55) $(am__append_57) \ @MONOLITHIC_TRUE@ $(am__append_59) $(am__append_61) \ @MONOLITHIC_TRUE@ $(am__append_63) $(am__append_65) \ +<<<<<<< HEAD +@MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) +======= @MONOLITHIC_TRUE@ $(am__append_67) $(am__append_69) \ @MONOLITHIC_TRUE@ $(am__append_71) $(am__append_73) \ @MONOLITHIC_TRUE@ $(am__append_75) +>>>>>>> upstream/4.5.1 all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -761,6 +878,10 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/traffic_selector.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/transform.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Plo@am__quote@ +<<<<<<< HEAD +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/x509.Plo@am__quote@ +======= +>>>>>>> upstream/4.5.1 .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< @@ -944,6 +1065,16 @@ certificate.lo: credentials/certificates/certificate.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o certificate.lo `test -f 'credentials/certificates/certificate.c' || echo '$(srcdir)/'`credentials/certificates/certificate.c +<<<<<<< HEAD +x509.lo: credentials/certificates/x509.c +@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT x509.lo -MD -MP -MF $(DEPDIR)/x509.Tpo -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/x509.Tpo $(DEPDIR)/x509.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='credentials/certificates/x509.c' object='x509.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o x509.lo `test -f 'credentials/certificates/x509.c' || echo '$(srcdir)/'`credentials/certificates/x509.c + +======= +>>>>>>> upstream/4.5.1 crl.lo: credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT crl.lo -MD -MP -MF $(DEPDIR)/crl.Tpo -c -o crl.lo `test -f 'credentials/certificates/crl.c' || echo '$(srcdir)/'`credentials/certificates/crl.c @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/crl.Tpo $(DEPDIR)/crl.Plo diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index f80c2b93b..7f198f9aa 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -126,6 +126,8 @@ chunk_t asn1_build_known_oid(int n) /* * Defined in header. */ +<<<<<<< HEAD +======= chunk_t asn1_oid_from_string(char *str) { enumerator_t *enumerator; @@ -220,6 +222,7 @@ char *asn1_oid_to_string(chunk_t oid) /* * Defined in header. */ +>>>>>>> upstream/4.5.1 size_t asn1_length(chunk_t *blob) { u_char n; diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 05a060827..70411c999 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -115,6 +115,8 @@ int asn1_known_oid(chunk_t object); chunk_t asn1_build_known_oid(int n); /** +<<<<<<< HEAD +======= * Convert human readable OID to ASN.1 DER encoding, without OID header. * * @param str OID string (e.g. 1.2.345.67.8) @@ -131,6 +133,7 @@ chunk_t asn1_oid_from_string(char *str); char* asn1_oid_to_string(chunk_t oid); /** +>>>>>>> upstream/4.5.1 * Returns the length of an ASN.1 object * The blob pointer is advanced past the tag length fields * diff --git a/src/libstrongswan/asn1/asn1_parser.c b/src/libstrongswan/asn1/asn1_parser.c index 2a7a38a52..fe02690d9 100644 --- a/src/libstrongswan/asn1/asn1_parser.c +++ b/src/libstrongswan/asn1/asn1_parser.c @@ -78,8 +78,15 @@ struct private_asn1_parser_t { chunk_t blobs[ASN1_MAX_LEVEL + 2]; }; +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.iterate + */ +static bool iterate(private_asn1_parser_t *this, int *objectID, chunk_t *object) +======= METHOD(asn1_parser_t, iterate, bool, private_asn1_parser_t *this, int *objectID, chunk_t *object) +>>>>>>> upstream/4.5.1 { chunk_t *blob, *blob1; u_char *start_ptr; @@ -232,33 +239,68 @@ end: return this->success; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.get_level + */ +static u_int get_level(private_asn1_parser_t *this) +======= METHOD(asn1_parser_t, get_level, u_int, private_asn1_parser_t *this) +>>>>>>> upstream/4.5.1 { return this->level0 + this->objects[this->line].level; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.set_top_level + */ +static void set_top_level(private_asn1_parser_t *this, u_int level0) +======= METHOD(asn1_parser_t, set_top_level, void, private_asn1_parser_t *this, u_int level0) +>>>>>>> upstream/4.5.1 { this->level0 = level0; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.set_flags + */ +static void set_flags(private_asn1_parser_t *this, bool implicit, bool private) +======= METHOD(asn1_parser_t, set_flags, void, private_asn1_parser_t *this, bool implicit, bool private) +>>>>>>> upstream/4.5.1 { this->implicit = implicit; this->private = private; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.success + */ +static bool success(private_asn1_parser_t *this) +======= METHOD(asn1_parser_t, success, bool, private_asn1_parser_t *this) +>>>>>>> upstream/4.5.1 { return this->success; } +<<<<<<< HEAD +/** + * Implementation of asn1_parser_t.destroy + */ +static void destroy(private_asn1_parser_t *this) +======= METHOD(asn1_parser_t, destroy, void, private_asn1_parser_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -268,6 +310,22 @@ METHOD(asn1_parser_t, destroy, void, */ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) { +<<<<<<< HEAD + private_asn1_parser_t *this = malloc_thing(private_asn1_parser_t); + + memset(this, '\0', sizeof(private_asn1_parser_t)); + this->objects = objects; + this->blobs[0] = blob; + this->line = -1; + this->success = TRUE; + + this->public.iterate = (bool (*)(asn1_parser_t*, int*, chunk_t*))iterate; + this->public.get_level = (u_int (*)(asn1_parser_t*))get_level; + this->public.set_top_level = (void (*)(asn1_parser_t*, u_int))set_top_level; + this->public.set_flags = (void (*)(asn1_parser_t*, bool, bool))set_flags; + this->public.success = (bool (*)(asn1_parser_t*))success; + this->public.destroy = (void (*)(asn1_parser_t*))destroy; +======= private_asn1_parser_t *this; INIT(this, @@ -284,6 +342,7 @@ asn1_parser_t* asn1_parser_create(asn1Object_t const *objects, chunk_t blob) .line = -1, .success = TRUE, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index 57a00a39e..b823d6189 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -10,6 +10,364 @@ #include "oid.h" const oid_t oid_names[] = { +<<<<<<< HEAD + {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ + { 0x82, 0, 1, 1, "" }, /* 1 */ + { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ + { 0x01, 0, 1, 3, "Deutsche Telekom AG" }, /* 3 */ + { 0x0A, 0, 1, 4, "" }, /* 4 */ + { 0x07, 0, 1, 5, "" }, /* 5 */ + { 0x14, 0, 0, 6, "ND" }, /* 6 */ + {0x09, 18, 1, 0, "data" }, /* 7 */ + { 0x92, 0, 1, 1, "" }, /* 8 */ + { 0x26, 0, 1, 2, "" }, /* 9 */ + { 0x89, 0, 1, 3, "" }, /* 10 */ + { 0x93, 0, 1, 4, "" }, /* 11 */ + { 0xF2, 0, 1, 5, "" }, /* 12 */ + { 0x2C, 0, 1, 6, "" }, /* 13 */ + { 0x64, 0, 1, 7, "pilot" }, /* 14 */ + { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ + { 0x01, 17, 0, 9, "UID" }, /* 16 */ + { 0x19, 0, 0, 9, "DC" }, /* 17 */ + {0x55, 64, 1, 0, "X.500" }, /* 18 */ + { 0x04, 36, 1, 1, "X.509" }, /* 19 */ + { 0x03, 21, 0, 2, "CN" }, /* 20 */ + { 0x04, 22, 0, 2, "S" }, /* 21 */ + { 0x05, 23, 0, 2, "SN" }, /* 22 */ + { 0x06, 24, 0, 2, "C" }, /* 23 */ + { 0x07, 25, 0, 2, "L" }, /* 24 */ + { 0x08, 26, 0, 2, "ST" }, /* 25 */ + { 0x0A, 27, 0, 2, "O" }, /* 26 */ + { 0x0B, 28, 0, 2, "OU" }, /* 27 */ + { 0x0C, 29, 0, 2, "T" }, /* 28 */ + { 0x0D, 30, 0, 2, "D" }, /* 29 */ + { 0x24, 31, 0, 2, "userCertificate" }, /* 30 */ + { 0x29, 32, 0, 2, "N" }, /* 31 */ + { 0x2A, 33, 0, 2, "G" }, /* 32 */ + { 0x2B, 34, 0, 2, "I" }, /* 33 */ + { 0x2D, 35, 0, 2, "ID" }, /* 34 */ + { 0x48, 0, 0, 2, "role" }, /* 35 */ + { 0x1D, 0, 1, 1, "id-ce" }, /* 36 */ + { 0x09, 38, 0, 2, "subjectDirectoryAttrs" }, /* 37 */ + { 0x0E, 39, 0, 2, "subjectKeyIdentifier" }, /* 38 */ + { 0x0F, 40, 0, 2, "keyUsage" }, /* 39 */ + { 0x10, 41, 0, 2, "privateKeyUsagePeriod" }, /* 40 */ + { 0x11, 42, 0, 2, "subjectAltName" }, /* 41 */ + { 0x12, 43, 0, 2, "issuerAltName" }, /* 42 */ + { 0x13, 44, 0, 2, "basicConstraints" }, /* 43 */ + { 0x14, 45, 0, 2, "crlNumber" }, /* 44 */ + { 0x15, 46, 0, 2, "reasonCode" }, /* 45 */ + { 0x17, 47, 0, 2, "holdInstructionCode" }, /* 46 */ + { 0x18, 48, 0, 2, "invalidityDate" }, /* 47 */ + { 0x1B, 49, 0, 2, "deltaCrlIndicator" }, /* 48 */ + { 0x1C, 50, 0, 2, "issuingDistributionPoint" }, /* 49 */ + { 0x1D, 51, 0, 2, "certificateIssuer" }, /* 50 */ + { 0x1E, 52, 0, 2, "nameConstraints" }, /* 51 */ + { 0x1F, 53, 0, 2, "crlDistributionPoints" }, /* 52 */ + { 0x20, 55, 1, 2, "certificatePolicies" }, /* 53 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 54 */ + { 0x21, 56, 0, 2, "policyMappings" }, /* 55 */ + { 0x23, 57, 0, 2, "authorityKeyIdentifier" }, /* 56 */ + { 0x24, 58, 0, 2, "policyConstraints" }, /* 57 */ + { 0x25, 60, 1, 2, "extendedKeyUsage" }, /* 58 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 59 */ + { 0x2E, 61, 0, 2, "freshestCRL" }, /* 60 */ + { 0x36, 62, 0, 2, "inhibitAnyPolicy" }, /* 61 */ + { 0x37, 63, 0, 2, "targetInformation" }, /* 62 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 63 */ + {0x2A, 161, 1, 0, "" }, /* 64 */ + { 0x83, 77, 1, 1, "" }, /* 65 */ + { 0x08, 0, 1, 2, "jp" }, /* 66 */ + { 0x8C, 0, 1, 3, "" }, /* 67 */ + { 0x9A, 0, 1, 4, "" }, /* 68 */ + { 0x4B, 0, 1, 5, "" }, /* 69 */ + { 0x3D, 0, 1, 6, "" }, /* 70 */ + { 0x01, 0, 1, 7, "security" }, /* 71 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 72 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 73 */ + { 0x02, 75, 0, 10, "camellia128-cbc" }, /* 74 */ + { 0x03, 76, 0, 10, "camellia192-cbc" }, /* 75 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 76 */ + { 0x86, 0, 1, 1, "" }, /* 77 */ + { 0x48, 0, 1, 2, "us" }, /* 78 */ + { 0x86, 120, 1, 3, "" }, /* 79 */ + { 0xF6, 85, 1, 4, "" }, /* 80 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 81 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 82 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 83 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 84 */ + { 0xF7, 0, 1, 4, "" }, /* 85 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 86 */ + { 0x01, 115, 1, 6, "PKCS" }, /* 87 */ + { 0x01, 97, 1, 7, "PKCS-1" }, /* 88 */ + { 0x01, 90, 0, 8, "rsaEncryption" }, /* 89 */ + { 0x02, 91, 0, 8, "md2WithRSAEncryption" }, /* 90 */ + { 0x04, 92, 0, 8, "md5WithRSAEncryption" }, /* 91 */ + { 0x05, 93, 0, 8, "sha-1WithRSAEncryption" }, /* 92 */ + { 0x0B, 94, 0, 8, "sha256WithRSAEncryption" }, /* 93 */ + { 0x0C, 95, 0, 8, "sha384WithRSAEncryption" }, /* 94 */ + { 0x0D, 96, 0, 8, "sha512WithRSAEncryption" }, /* 95 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 96 */ + { 0x07, 104, 1, 7, "PKCS-7" }, /* 97 */ + { 0x01, 99, 0, 8, "data" }, /* 98 */ + { 0x02, 100, 0, 8, "signedData" }, /* 99 */ + { 0x03, 101, 0, 8, "envelopedData" }, /* 100 */ + { 0x04, 102, 0, 8, "signedAndEnvelopedData" }, /* 101 */ + { 0x05, 103, 0, 8, "digestedData" }, /* 102 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 103 */ + { 0x09, 0, 1, 7, "PKCS-9" }, /* 104 */ + { 0x01, 106, 0, 8, "E" }, /* 105 */ + { 0x02, 107, 0, 8, "unstructuredName" }, /* 106 */ + { 0x03, 108, 0, 8, "contentType" }, /* 107 */ + { 0x04, 109, 0, 8, "messageDigest" }, /* 108 */ + { 0x05, 110, 0, 8, "signingTime" }, /* 109 */ + { 0x06, 111, 0, 8, "counterSignature" }, /* 110 */ + { 0x07, 112, 0, 8, "challengePassword" }, /* 111 */ + { 0x08, 113, 0, 8, "unstructuredAddress" }, /* 112 */ + { 0x0E, 114, 0, 8, "extensionRequest" }, /* 113 */ + { 0x0F, 0, 0, 8, "S/MIME Capabilities" }, /* 114 */ + { 0x02, 118, 1, 6, "digestAlgorithm" }, /* 115 */ + { 0x02, 117, 0, 7, "md2" }, /* 116 */ + { 0x05, 0, 0, 7, "md5" }, /* 117 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 118 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 119 */ + { 0xCE, 0, 1, 3, "" }, /* 120 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 121 */ + { 0x02, 124, 1, 5, "id-publicKeyType" }, /* 122 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 123 */ + { 0x03, 154, 1, 5, "ellipticCurve" }, /* 124 */ + { 0x00, 146, 1, 6, "c-TwoCurve" }, /* 125 */ + { 0x01, 127, 0, 7, "c2pnb163v1" }, /* 126 */ + { 0x02, 128, 0, 7, "c2pnb163v2" }, /* 127 */ + { 0x03, 129, 0, 7, "c2pnb163v3" }, /* 128 */ + { 0x04, 130, 0, 7, "c2pnb176w1" }, /* 129 */ + { 0x05, 131, 0, 7, "c2tnb191v1" }, /* 130 */ + { 0x06, 132, 0, 7, "c2tnb191v2" }, /* 131 */ + { 0x07, 133, 0, 7, "c2tnb191v3" }, /* 132 */ + { 0x08, 134, 0, 7, "c2onb191v4" }, /* 133 */ + { 0x09, 135, 0, 7, "c2onb191v5" }, /* 134 */ + { 0x0A, 136, 0, 7, "c2pnb208w1" }, /* 135 */ + { 0x0B, 137, 0, 7, "c2tnb239v1" }, /* 136 */ + { 0x0C, 138, 0, 7, "c2tnb239v2" }, /* 137 */ + { 0x0D, 139, 0, 7, "c2tnb239v3" }, /* 138 */ + { 0x0E, 140, 0, 7, "c2onb239v4" }, /* 139 */ + { 0x0F, 141, 0, 7, "c2onb239v5" }, /* 140 */ + { 0x10, 142, 0, 7, "c2pnb272w1" }, /* 141 */ + { 0x11, 143, 0, 7, "c2pnb304w1" }, /* 142 */ + { 0x12, 144, 0, 7, "c2tnb359v1" }, /* 143 */ + { 0x13, 145, 0, 7, "c2pnb368w1" }, /* 144 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 145 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 146 */ + { 0x01, 148, 0, 7, "prime192v1" }, /* 147 */ + { 0x02, 149, 0, 7, "prime192v2" }, /* 148 */ + { 0x03, 150, 0, 7, "prime192v3" }, /* 149 */ + { 0x04, 151, 0, 7, "prime239v1" }, /* 150 */ + { 0x05, 152, 0, 7, "prime239v2" }, /* 151 */ + { 0x06, 153, 0, 7, "prime239v3" }, /* 152 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 153 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 154 */ + { 0x01, 156, 0, 6, "ecdsa-with-SHA1" }, /* 155 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 156 */ + { 0x01, 158, 0, 7, "ecdsa-with-SHA224" }, /* 157 */ + { 0x02, 159, 0, 7, "ecdsa-with-SHA256" }, /* 158 */ + { 0x03, 160, 0, 7, "ecdsa-with-SHA384" }, /* 159 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 160 */ + {0x2B, 309, 1, 0, "" }, /* 161 */ + { 0x06, 223, 1, 1, "dod" }, /* 162 */ + { 0x01, 0, 1, 2, "internet" }, /* 163 */ + { 0x04, 183, 1, 3, "private" }, /* 164 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 165 */ + { 0x82, 176, 1, 5, "" }, /* 166 */ + { 0x37, 0, 1, 6, "Microsoft" }, /* 167 */ + { 0x0A, 172, 1, 7, "" }, /* 168 */ + { 0x03, 0, 1, 8, "" }, /* 169 */ + { 0x03, 171, 0, 9, "msSGC" }, /* 170 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 171 */ + { 0x14, 0, 1, 7, "msEnrollmentInfrastructure"}, /* 172 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension"}, /* 173 */ + { 0x02, 175, 0, 9, "msSmartcardLogon" }, /* 174 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 175 */ + { 0x89, 0, 1, 5, "" }, /* 176 */ + { 0x31, 0, 1, 6, "" }, /* 177 */ + { 0x01, 0, 1, 7, "" }, /* 178 */ + { 0x01, 0, 1, 8, "" }, /* 179 */ + { 0x02, 0, 1, 9, "" }, /* 180 */ + { 0x02, 182, 0, 10, "" }, /* 181 */ + { 0x4B, 0, 0, 10, "TCGID" }, /* 182 */ + { 0x05, 0, 1, 3, "security" }, /* 183 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 184 */ + { 0x07, 0, 1, 5, "id-pkix" }, /* 185 */ + { 0x01, 190, 1, 6, "id-pe" }, /* 186 */ + { 0x01, 188, 0, 7, "authorityInfoAccess" }, /* 187 */ + { 0x03, 189, 0, 7, "qcStatements" }, /* 188 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 189 */ + { 0x02, 193, 1, 6, "id-qt" }, /* 190 */ + { 0x01, 192, 0, 7, "cps" }, /* 191 */ + { 0x02, 0, 0, 7, "unotice" }, /* 192 */ + { 0x03, 203, 1, 6, "id-kp" }, /* 193 */ + { 0x01, 195, 0, 7, "serverAuth" }, /* 194 */ + { 0x02, 196, 0, 7, "clientAuth" }, /* 195 */ + { 0x03, 197, 0, 7, "codeSigning" }, /* 196 */ + { 0x04, 198, 0, 7, "emailProtection" }, /* 197 */ + { 0x05, 199, 0, 7, "ipsecEndSystem" }, /* 198 */ + { 0x06, 200, 0, 7, "ipsecTunnel" }, /* 199 */ + { 0x07, 201, 0, 7, "ipsecUser" }, /* 200 */ + { 0x08, 202, 0, 7, "timeStamping" }, /* 201 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 202 */ + { 0x08, 205, 1, 6, "id-otherNames" }, /* 203 */ + { 0x05, 0, 0, 7, "xmppAddr" }, /* 204 */ + { 0x0A, 210, 1, 6, "id-aca" }, /* 205 */ + { 0x01, 207, 0, 7, "authenticationInfo" }, /* 206 */ + { 0x02, 208, 0, 7, "accessIdentity" }, /* 207 */ + { 0x03, 209, 0, 7, "chargingIdentity" }, /* 208 */ + { 0x04, 0, 0, 7, "group" }, /* 209 */ + { 0x0B, 211, 0, 6, "subjectInfoAccess" }, /* 210 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 211 */ + { 0x01, 220, 1, 7, "ocsp" }, /* 212 */ + { 0x01, 214, 0, 8, "basic" }, /* 213 */ + { 0x02, 215, 0, 8, "nonce" }, /* 214 */ + { 0x03, 216, 0, 8, "crl" }, /* 215 */ + { 0x04, 217, 0, 8, "response" }, /* 216 */ + { 0x05, 218, 0, 8, "noCheck" }, /* 217 */ + { 0x06, 219, 0, 8, "archiveCutoff" }, /* 218 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 219 */ + { 0x02, 221, 0, 7, "caIssuers" }, /* 220 */ + { 0x03, 222, 0, 7, "timeStamping" }, /* 221 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 222 */ + { 0x0E, 229, 1, 1, "oiw" }, /* 223 */ + { 0x03, 0, 1, 2, "secsig" }, /* 224 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 225 */ + { 0x07, 227, 0, 4, "des-cbc" }, /* 226 */ + { 0x1A, 228, 0, 4, "sha-1" }, /* 227 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 228 */ + { 0x24, 275, 1, 1, "TeleTrusT" }, /* 229 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 230 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 231 */ + { 0x01, 236, 1, 4, "rsaSignature" }, /* 232 */ + { 0x02, 234, 0, 5, "rsaSigWithripemd160" }, /* 233 */ + { 0x03, 235, 0, 5, "rsaSigWithripemd128" }, /* 234 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 235 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 236 */ + { 0x01, 238, 0, 5, "ecSignWithsha1" }, /* 237 */ + { 0x02, 239, 0, 5, "ecSignWithripemd160" }, /* 238 */ + { 0x03, 240, 0, 5, "ecSignWithmd2" }, /* 239 */ + { 0x04, 241, 0, 5, "ecSignWithmd5" }, /* 240 */ + { 0x05, 258, 1, 5, "ttt-ecg" }, /* 241 */ + { 0x01, 246, 1, 6, "fieldType" }, /* 242 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 243 */ + { 0x01, 0, 1, 8, "basisType" }, /* 244 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 245 */ + { 0x02, 248, 1, 6, "keyType" }, /* 246 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 247 */ + { 0x03, 249, 0, 6, "curve" }, /* 248 */ + { 0x04, 256, 1, 6, "signatures" }, /* 249 */ + { 0x01, 251, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 250 */ + { 0x02, 252, 0, 7, "ecgdsa-with-SHA1" }, /* 251 */ + { 0x03, 253, 0, 7, "ecgdsa-with-SHA224" }, /* 252 */ + { 0x04, 254, 0, 7, "ecgdsa-with-SHA256" }, /* 253 */ + { 0x05, 255, 0, 7, "ecgdsa-with-SHA384" }, /* 254 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 255 */ + { 0x05, 0, 1, 6, "module" }, /* 256 */ + { 0x01, 0, 0, 7, "1" }, /* 257 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 258 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 259 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 260 */ + { 0x01, 262, 0, 8, "brainpoolP160r1" }, /* 261 */ + { 0x02, 263, 0, 8, "brainpoolP160t1" }, /* 262 */ + { 0x03, 264, 0, 8, "brainpoolP192r1" }, /* 263 */ + { 0x04, 265, 0, 8, "brainpoolP192t1" }, /* 264 */ + { 0x05, 266, 0, 8, "brainpoolP224r1" }, /* 265 */ + { 0x06, 267, 0, 8, "brainpoolP224t1" }, /* 266 */ + { 0x07, 268, 0, 8, "brainpoolP256r1" }, /* 267 */ + { 0x08, 269, 0, 8, "brainpoolP256t1" }, /* 268 */ + { 0x09, 270, 0, 8, "brainpoolP320r1" }, /* 269 */ + { 0x0A, 271, 0, 8, "brainpoolP320t1" }, /* 270 */ + { 0x0B, 272, 0, 8, "brainpoolP384r1" }, /* 271 */ + { 0x0C, 273, 0, 8, "brainpoolP384t1" }, /* 272 */ + { 0x0D, 274, 0, 8, "brainpoolP512r1" }, /* 273 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 274 */ + { 0x81, 0, 1, 1, "" }, /* 275 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 276 */ + { 0x00, 0, 1, 3, "curve" }, /* 277 */ + { 0x01, 279, 0, 4, "sect163k1" }, /* 278 */ + { 0x02, 280, 0, 4, "sect163r1" }, /* 279 */ + { 0x03, 281, 0, 4, "sect239k1" }, /* 280 */ + { 0x04, 282, 0, 4, "sect113r1" }, /* 281 */ + { 0x05, 283, 0, 4, "sect113r2" }, /* 282 */ + { 0x06, 284, 0, 4, "secp112r1" }, /* 283 */ + { 0x07, 285, 0, 4, "secp112r2" }, /* 284 */ + { 0x08, 286, 0, 4, "secp160r1" }, /* 285 */ + { 0x09, 287, 0, 4, "secp160k1" }, /* 286 */ + { 0x0A, 288, 0, 4, "secp256k1" }, /* 287 */ + { 0x0F, 289, 0, 4, "sect163r2" }, /* 288 */ + { 0x10, 290, 0, 4, "sect283k1" }, /* 289 */ + { 0x11, 291, 0, 4, "sect283r1" }, /* 290 */ + { 0x16, 292, 0, 4, "sect131r1" }, /* 291 */ + { 0x17, 293, 0, 4, "sect131r2" }, /* 292 */ + { 0x18, 294, 0, 4, "sect193r1" }, /* 293 */ + { 0x19, 295, 0, 4, "sect193r2" }, /* 294 */ + { 0x1A, 296, 0, 4, "sect233k1" }, /* 295 */ + { 0x1B, 297, 0, 4, "sect233r1" }, /* 296 */ + { 0x1C, 298, 0, 4, "secp128r1" }, /* 297 */ + { 0x1D, 299, 0, 4, "secp128r2" }, /* 298 */ + { 0x1E, 300, 0, 4, "secp160r2" }, /* 299 */ + { 0x1F, 301, 0, 4, "secp192k1" }, /* 300 */ + { 0x20, 302, 0, 4, "secp224k1" }, /* 301 */ + { 0x21, 303, 0, 4, "secp224r1" }, /* 302 */ + { 0x22, 304, 0, 4, "secp384r1" }, /* 303 */ + { 0x23, 305, 0, 4, "secp521r1" }, /* 304 */ + { 0x24, 306, 0, 4, "sect409k1" }, /* 305 */ + { 0x25, 307, 0, 4, "sect409r1" }, /* 306 */ + { 0x26, 308, 0, 4, "sect571k1" }, /* 307 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 308 */ + {0x60, 0, 1, 0, "" }, /* 309 */ + { 0x86, 0, 1, 1, "" }, /* 310 */ + { 0x48, 0, 1, 2, "" }, /* 311 */ + { 0x01, 0, 1, 3, "organization" }, /* 312 */ + { 0x65, 331, 1, 4, "gov" }, /* 313 */ + { 0x03, 0, 1, 5, "csor" }, /* 314 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 315 */ + { 0x01, 326, 1, 7, "aes" }, /* 316 */ + { 0x02, 318, 0, 8, "id-aes128-CBC" }, /* 317 */ + { 0x06, 319, 0, 8, "id-aes128-GCM" }, /* 318 */ + { 0x07, 320, 0, 8, "id-aes128-CCM" }, /* 319 */ + { 0x16, 321, 0, 8, "id-aes192-CBC" }, /* 320 */ + { 0x1A, 322, 0, 8, "id-aes192-GCM" }, /* 321 */ + { 0x1B, 323, 0, 8, "id-aes192-CCM" }, /* 322 */ + { 0x2A, 324, 0, 8, "id-aes256-CBC" }, /* 323 */ + { 0x2E, 325, 0, 8, "id-aes256-GCM" }, /* 324 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 325 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 326 */ + { 0x01, 328, 0, 8, "id-SHA-256" }, /* 327 */ + { 0x02, 329, 0, 8, "id-SHA-384" }, /* 328 */ + { 0x03, 330, 0, 8, "id-SHA-512" }, /* 329 */ + { 0x04, 0, 0, 8, "id-SHA-224" }, /* 330 */ + { 0x86, 0, 1, 4, "" }, /* 331 */ + { 0xf8, 0, 1, 5, "" }, /* 332 */ + { 0x42, 345, 1, 6, "netscape" }, /* 333 */ + { 0x01, 340, 1, 7, "" }, /* 334 */ + { 0x01, 336, 0, 8, "nsCertType" }, /* 335 */ + { 0x03, 337, 0, 8, "nsRevocationUrl" }, /* 336 */ + { 0x04, 338, 0, 8, "nsCaRevocationUrl" }, /* 337 */ + { 0x08, 339, 0, 8, "nsCaPolicyUrl" }, /* 338 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 339 */ + { 0x03, 343, 1, 7, "directory" }, /* 340 */ + { 0x01, 0, 1, 8, "" }, /* 341 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 342 */ + { 0x04, 0, 1, 7, "policy" }, /* 343 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 344 */ + { 0x45, 0, 1, 6, "verisign" }, /* 345 */ + { 0x01, 0, 1, 7, "pki" }, /* 346 */ + { 0x09, 0, 1, 8, "attributes" }, /* 347 */ + { 0x02, 349, 0, 9, "messageType" }, /* 348 */ + { 0x03, 350, 0, 9, "pkiStatus" }, /* 349 */ + { 0x04, 351, 0, 9, "failInfo" }, /* 350 */ + { 0x05, 352, 0, 9, "senderNonce" }, /* 351 */ + { 0x06, 353, 0, 9, "recipientNonce" }, /* 352 */ + { 0x07, 354, 0, 9, "transID" }, /* 353 */ + { 0x08, 355, 0, 9, "extensionReq" }, /* 354 */ + { 0x08, 0, 0, 9, "extensionReq" } /* 355 */ +======= {0x02, 7, 1, 0, "ITU-T Administration" }, /* 0 */ { 0x82, 0, 1, 1, "" }, /* 1 */ { 0x06, 0, 1, 2, "Germany ITU-T member" }, /* 2 */ @@ -369,4 +727,5 @@ const oid_t oid_names[] = { { 0x07, 357, 0, 9, "transID" }, /* 356 */ { 0x08, 358, 0, 9, "extensionReq" }, /* 357 */ { 0x08, 0, 0, 9, "extensionReq" } /* 358 */ +>>>>>>> upstream/4.5.1 }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index b6ee9a10d..e9de81ccf 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -49,11 +49,16 @@ extern const oid_t oid_names[]; #define OID_DELTA_CRL_INDICATOR 48 #define OID_NAME_CONSTRAINTS 51 #define OID_CRL_DISTRIBUTION_POINTS 52 +<<<<<<< HEAD +#define OID_ANY_POLICY 54 +#define OID_AUTHORITY_KEY_ID 56 +======= #define OID_CERTIFICATE_POLICIES 53 #define OID_ANY_POLICY 54 #define OID_POLICY_MAPPINGS 55 #define OID_AUTHORITY_KEY_ID 56 #define OID_POLICY_CONSTRAINTS 57 +>>>>>>> upstream/4.5.1 #define OID_EXTENDED_KEY_USAGE 58 #define OID_FRESHEST_CRL 60 #define OID_INHIBIT_ANY_POLICY 61 @@ -120,6 +125,95 @@ extern const oid_t oid_names[]; #define OID_ECDSA_WITH_SHA384 159 #define OID_ECDSA_WITH_SHA512 160 #define OID_USER_PRINCIPAL_NAME 175 +<<<<<<< HEAD +#define OID_TCGID 182 +#define OID_AUTHORITY_INFO_ACCESS 187 +#define OID_IP_ADDR_BLOCKS 189 +#define OID_SERVER_AUTH 194 +#define OID_CLIENT_AUTH 195 +#define OID_OCSP_SIGNING 202 +#define OID_XMPP_ADDR 204 +#define OID_AUTHENTICATION_INFO 206 +#define OID_ACCESS_IDENTITY 207 +#define OID_CHARGING_IDENTITY 208 +#define OID_GROUP 209 +#define OID_OCSP 212 +#define OID_BASIC 213 +#define OID_NONCE 214 +#define OID_CRL 215 +#define OID_RESPONSE 216 +#define OID_NO_CHECK 217 +#define OID_ARCHIVE_CUTOFF 218 +#define OID_SERVICE_LOCATOR 219 +#define OID_CA_ISSUERS 220 +#define OID_DES_CBC 226 +#define OID_SHA1 227 +#define OID_SHA1_WITH_RSA_OIW 228 +#define OID_ECGDSA_PUBKEY 247 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 250 +#define OID_ECGDSA_SIG_WITH_SHA1 251 +#define OID_ECGDSA_SIG_WITH_SHA224 252 +#define OID_ECGDSA_SIG_WITH_SHA256 253 +#define OID_ECGDSA_SIG_WITH_SHA384 254 +#define OID_ECGDSA_SIG_WITH_SHA512 255 +#define OID_SECT163K1 278 +#define OID_SECT163R1 279 +#define OID_SECT239K1 280 +#define OID_SECT113R1 281 +#define OID_SECT113R2 282 +#define OID_SECT112R1 283 +#define OID_SECT112R2 284 +#define OID_SECT160R1 285 +#define OID_SECT160K1 286 +#define OID_SECT256K1 287 +#define OID_SECT163R2 288 +#define OID_SECT283K1 289 +#define OID_SECT283R1 290 +#define OID_SECT131R1 291 +#define OID_SECT131R2 292 +#define OID_SECT193R1 293 +#define OID_SECT193R2 294 +#define OID_SECT233K1 295 +#define OID_SECT233R1 296 +#define OID_SECT128R1 297 +#define OID_SECT128R2 298 +#define OID_SECT160R2 299 +#define OID_SECT192K1 300 +#define OID_SECT224K1 301 +#define OID_SECT224R1 302 +#define OID_SECT384R1 303 +#define OID_SECT521R1 304 +#define OID_SECT409K1 305 +#define OID_SECT409R1 306 +#define OID_SECT571K1 307 +#define OID_SECT571R1 308 +#define OID_AES128_CBC 317 +#define OID_AES128_GCM 318 +#define OID_AES128_CCM 319 +#define OID_AES192_CBC 320 +#define OID_AES192_GCM 321 +#define OID_AES192_CCM 322 +#define OID_AES256_CBC 323 +#define OID_AES256_GCM 324 +#define OID_AES256_CCM 325 +#define OID_SHA256 327 +#define OID_SHA384 328 +#define OID_SHA512 329 +#define OID_SHA224 330 +#define OID_NS_REVOCATION_URL 336 +#define OID_NS_CA_REVOCATION_URL 337 +#define OID_NS_CA_POLICY_URL 338 +#define OID_NS_COMMENT 339 +#define OID_EMPLOYEE_NUMBER 342 +#define OID_PKI_MESSAGE_TYPE 348 +#define OID_PKI_STATUS 349 +#define OID_PKI_FAIL_INFO 350 +#define OID_PKI_SENDER_NONCE 351 +#define OID_PKI_RECIPIENT_NONCE 352 +#define OID_PKI_TRANS_ID 353 + +#define OID_MAX 356 +======= #define OID_STRONGSWAN 178 #define OID_TCGID 185 #define OID_AUTHORITY_INFO_ACCESS 190 @@ -210,5 +304,6 @@ extern const oid_t oid_names[]; #define OID_PKI_TRANS_ID 356 #define OID_MAX 359 +>>>>>>> upstream/4.5.1 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index e2931c7dd..bf37dd624 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -51,11 +51,19 @@ 0x1D "certificateIssuer" 0x1E "nameConstraints" OID_NAME_CONSTRAINTS 0x1F "crlDistributionPoints" OID_CRL_DISTRIBUTION_POINTS +<<<<<<< HEAD + 0x20 "certificatePolicies" + 0x00 "anyPolicy" OID_ANY_POLICY + 0x21 "policyMappings" + 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID + 0x24 "policyConstraints" +======= 0x20 "certificatePolicies" OID_CERTIFICATE_POLICIES 0x00 "anyPolicy" OID_ANY_POLICY 0x21 "policyMappings" OID_POLICY_MAPPINGS 0x23 "authorityKeyIdentifier" OID_AUTHORITY_KEY_ID 0x24 "policyConstraints" OID_POLICY_CONSTRAINTS +>>>>>>> upstream/4.5.1 0x25 "extendedKeyUsage" OID_EXTENDED_KEY_USAGE 0x00 "anyExtendedKeyUsage" 0x2E "freshestCRL" OID_FRESHEST_CRL @@ -124,7 +132,11 @@ 0x01 "id-ecPublicKey" OID_EC_PUBLICKEY 0x03 "ellipticCurve" 0x00 "c-TwoCurve" +<<<<<<< HEAD + 0x01 "c2pnb163v1" OID_C2PNB163V1 +======= 0x01 "c2pnb163v1" OID_C2PNB163V1 +>>>>>>> upstream/4.5.1 0x02 "c2pnb163v2" OID_C2PNB163V2 0x03 "c2pnb163v3" OID_C2PNB163V3 0x04 "c2pnb176w1" OID_C2PNB176W1 @@ -174,16 +186,23 @@ 0x02 "msCertificateTypeExtension" 0x02 "msSmartcardLogon" 0x03 "msUPN" OID_USER_PRINCIPAL_NAME +<<<<<<< HEAD +======= 0xA0 "" 0x2A "ITA" 0x01 "strongSwan" OID_STRONGSWAN +>>>>>>> upstream/4.5.1 0x89 "" 0x31 "" 0x01 "" 0x01 "" 0x02 "" 0x02 "" +<<<<<<< HEAD + 0x4B "TCGID" OID_TCGID +======= 0x4B "TCGID" OID_TCGID +>>>>>>> upstream/4.5.1 0x05 "security" 0x05 "mechanisms" 0x07 "id-pkix" @@ -192,8 +211,13 @@ 0x03 "qcStatements" 0x07 "ipAddrBlocks" OID_IP_ADDR_BLOCKS 0x02 "id-qt" +<<<<<<< HEAD + 0x01 "cps" + 0x02 "unotice" +======= 0x01 "cps" OID_POLICY_QUALIFIER_CPS 0x02 "unotice" OID_POLICY_QUALIFIER_UNOTICE +>>>>>>> upstream/4.5.1 0x03 "id-kp" 0x01 "serverAuth" OID_SERVER_AUTH 0x02 "clientAuth" OID_CLIENT_AUTH diff --git a/src/libstrongswan/credentials/auth_cfg.c b/src/libstrongswan/credentials/auth_cfg.c index 23a3f62d9..9c7df81a6 100644 --- a/src/libstrongswan/credentials/auth_cfg.c +++ b/src/libstrongswan/credentials/auth_cfg.c @@ -131,13 +131,19 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; cert->destroy(cert); break; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -149,8 +155,11 @@ static void destroy_entry_value(entry_t *entry) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 break; } } @@ -176,8 +185,11 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 /* integer type */ enumerator->current->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -188,12 +200,18 @@ static void replace(auth_cfg_t *this, entry_enumerator_t *enumerator, case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* pointer type */ enumerator->current->value = va_arg(args, void*); break; @@ -245,8 +263,11 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_EAP_TYPE: return (void*)EAP_NAK; case AUTH_RULE_EAP_VENDOR: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 return (void*)0; case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: @@ -258,12 +279,18 @@ static void* get(private_auth_cfg_t *this, auth_rule_t type) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 default: return NULL; } @@ -286,8 +313,11 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 /* integer type */ entry->value = (void*)(uintptr_t)va_arg(args, u_int); break; @@ -298,12 +328,18 @@ static void add(private_auth_cfg_t *this, auth_rule_t type, ...) case AUTH_RULE_CA_CERT: case AUTH_RULE_IM_CERT: case AUTH_RULE_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* pointer type */ entry->value = va_arg(args, void*); break; @@ -374,6 +410,40 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: { +<<<<<<< HEAD + cert_validation_t validated, required; + + required = (uintptr_t)value; + validated = (uintptr_t)get(this, t1); + switch (required) + { + case VALIDATION_FAILED: + /* no constraint */ + break; + case VALIDATION_SKIPPED: + if (validated == VALIDATION_SKIPPED) + { + break; + } + /* FALL */ + case VALIDATION_GOOD: + if (validated == VALIDATION_GOOD) + { + break; + } + /* FALL */ + default: + success = FALSE; + if (log_error) + { + DBG1(DBG_CFG, "constraint check failed: %N is %N, " + "but requires at least %N", auth_rule_names, + t1, cert_validation_names, validated, + cert_validation_names, required); + } + break; + } +======= uintptr_t validated; e2 = create_enumerator(this); @@ -413,6 +483,7 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } } e2->destroy(e2); +>>>>>>> upstream/4.5.1 break; } case AUTH_RULE_IDENTITY: @@ -496,6 +567,8 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, e2->destroy(e2); break; } +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: { @@ -561,11 +634,15 @@ static bool complies(private_auth_cfg_t *this, auth_cfg_t *constraints, } break; } +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 /* skip helpers */ continue; } @@ -612,7 +689,10 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)value; @@ -624,8 +704,11 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy case AUTH_RULE_AUTH_CLASS: case AUTH_RULE_EAP_TYPE: case AUTH_RULE_EAP_VENDOR: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 { add(this, type, (uintptr_t)value); break; @@ -640,7 +723,10 @@ static void merge(private_auth_cfg_t *this, private_auth_cfg_t *other, bool copy add(this, type, id->clone(id)); break; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -693,8 +779,11 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 { if (i1->value == i2->value) { @@ -708,7 +797,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *c1, *c2; @@ -739,7 +831,10 @@ static bool equals(private_auth_cfg_t *this, private_auth_cfg_t *other) } continue; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -822,13 +917,19 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_SUBJECT_CERT: case AUTH_HELPER_IM_CERT: case AUTH_HELPER_SUBJECT_CERT: +<<<<<<< HEAD +======= case AUTH_HELPER_REVOCATION_CERT: +>>>>>>> upstream/4.5.1 { certificate_t *cert = (certificate_t*)entry->value; clone->add(clone, entry->type, cert->get_ref(cert)); break; } +<<<<<<< HEAD +======= case AUTH_RULE_CERT_POLICY: +>>>>>>> upstream/4.5.1 case AUTH_HELPER_IM_HASH_URL: case AUTH_HELPER_SUBJECT_HASH_URL: { @@ -840,8 +941,11 @@ static auth_cfg_t* clone_(private_auth_cfg_t *this) case AUTH_RULE_EAP_VENDOR: case AUTH_RULE_CRL_VALIDATION: case AUTH_RULE_OCSP_VALIDATION: +<<<<<<< HEAD +======= case AUTH_RULE_RSA_STRENGTH: case AUTH_RULE_ECDSA_STRENGTH: +>>>>>>> upstream/4.5.1 clone->add(clone, entry->type, (uintptr_t)entry->value); break; } diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 489ce1134..659a7c9ef 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -90,12 +90,15 @@ enum auth_rule_t { * The group membership constraint is fulfilled if the subject is member of * one group defined in the constraints. */ AUTH_RULE_GROUP, +<<<<<<< HEAD +======= /** required RSA public key strength, u_int in bits */ AUTH_RULE_RSA_STRENGTH, /** required ECDSA public key strength, u_int in bits */ AUTH_RULE_ECDSA_STRENGTH, /** certificatePolicy constraint, numerical OID as char* */ AUTH_RULE_CERT_POLICY, +>>>>>>> upstream/4.5.1 /** intermediate certificate, certificate_t* */ AUTH_HELPER_IM_CERT, @@ -105,8 +108,11 @@ enum auth_rule_t { AUTH_HELPER_IM_HASH_URL, /** Hash and URL of a end-entity certificate, char* */ AUTH_HELPER_SUBJECT_HASH_URL, +<<<<<<< HEAD +======= /** revocation certificate (CRL, OCSP), certificate_t* */ AUTH_HELPER_REVOCATION_CERT, +>>>>>>> upstream/4.5.1 }; /** diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c index f9a277a2c..4d3a78eab 100644 --- a/src/libstrongswan/credentials/builder.c +++ b/src/libstrongswan/credentials/builder.c @@ -43,6 +43,10 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_CRL_DISTRIBUTION_POINTS", "BUILD_OCSP_ACCESS_LOCATIONS", "BUILD_PATHLEN", +<<<<<<< HEAD + "BUILD_X509_FLAG", + "BUILD_REVOKED_ENUMERATOR", +======= "BUILD_PERMITTED_NAME_CONSTRAINTS", "BUILD_EXCLUDED_NAME_CONSTRAINTS", "BUILD_CERTIFICATE_POLICIES", @@ -53,6 +57,7 @@ ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END, "BUILD_X509_FLAG", "BUILD_REVOKED_ENUMERATOR", "BUILD_BASE_CRL", +>>>>>>> upstream/4.5.1 "BUILD_CHALLENGE_PWD", "BUILD_PKCS11_MODULE", "BUILD_PKCS11_SLOT", diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h index 325b668cd..fc93a6007 100644 --- a/src/libstrongswan/credentials/builder.h +++ b/src/libstrongswan/credentials/builder.h @@ -87,12 +87,18 @@ enum builder_part_t { BUILD_CA_CERT, /** a certificate, certificate_t* */ BUILD_CERT, +<<<<<<< HEAD + /** CRL distribution point URIs, linked_list_t* containing char* */ +======= /** CRL distribution point URIs, x509_cdp_t* */ +>>>>>>> upstream/4.5.1 BUILD_CRL_DISTRIBUTION_POINTS, /** OCSP AuthorityInfoAccess locations, linked_list_t* containing char* */ BUILD_OCSP_ACCESS_LOCATIONS, /** certificate path length constraint */ BUILD_PATHLEN, +<<<<<<< HEAD +======= /** permitted X509 name constraints, linked_list_t* of identification_t* */ BUILD_PERMITTED_NAME_CONSTRAINTS, /** excluded X509 name constraints, linked_list_t* of identification_t* */ @@ -107,12 +113,16 @@ enum builder_part_t { BUILD_POLICY_INHIBIT_MAPPING, /** inhibitAnyPolicy constraint, int */ BUILD_POLICY_INHIBIT_ANY, +>>>>>>> upstream/4.5.1 /** enforce an additional X509 flag, x509_flag_t */ BUILD_X509_FLAG, /** enumerator_t over (chunk_t serial, time_t date, crl_reason_t reason) */ BUILD_REVOKED_ENUMERATOR, +<<<<<<< HEAD +======= /** Base CRL serial for a delta CRL, chunk_t, */ BUILD_BASE_CRL, +>>>>>>> upstream/4.5.1 /** PKCS#10 challenge password */ BUILD_CHALLENGE_PWD, /** friendly name of a PKCS#11 module, null terminated char* */ diff --git a/src/libstrongswan/credentials/cert_validator.h b/src/libstrongswan/credentials/cert_validator.h index 733d9d612..f329281d3 100644 --- a/src/libstrongswan/credentials/cert_validator.h +++ b/src/libstrongswan/credentials/cert_validator.h @@ -40,6 +40,14 @@ struct cert_validator_t { * @param subject subject certificate to check * @param issuer issuer of subject * @param online wheter to do online revocation checking +<<<<<<< HEAD + * @param pathlen the current length of the path up to the root CA + * @param auth container for resulting authentication info + */ + bool (*validate)(cert_validator_t *this, certificate_t *subject, + certificate_t *issuer, bool online, int pathlen, + auth_cfg_t *auth); +======= * @param pathlen the current length of the path bottom-up * @param anchor is issuer trusted root anchor * @param auth container for resulting authentication info @@ -47,6 +55,7 @@ struct cert_validator_t { bool (*validate)(cert_validator_t *this, certificate_t *subject, certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth); +>>>>>>> upstream/4.5.1 }; #endif /** CERT_VALIDATOR_H_ @}*/ diff --git a/src/libstrongswan/credentials/certificates/crl.h b/src/libstrongswan/credentials/certificates/crl.h index 2f3497474..11ad7f2f3 100644 --- a/src/libstrongswan/credentials/certificates/crl.h +++ b/src/libstrongswan/credentials/certificates/crl.h @@ -72,6 +72,8 @@ struct crl_t { chunk_t (*get_authKeyIdentifier)(crl_t *this); /** +<<<<<<< HEAD +======= * Is this CRL a delta CRL? * * @param base_crl gets to baseCrlNumber, if this is a delta CRL @@ -87,6 +89,7 @@ struct crl_t { enumerator_t* (*create_delta_crl_uri_enumerator)(crl_t *this); /** +>>>>>>> upstream/4.5.1 * Create an enumerator over all revoked certificates. * * The enumerator takes 3 pointer arguments: diff --git a/src/libstrongswan/credentials/certificates/x509.c b/src/libstrongswan/credentials/certificates/x509.c new file mode 100644 index 000000000..66dc192c1 --- /dev/null +++ b/src/libstrongswan/credentials/certificates/x509.c @@ -0,0 +1,28 @@ +/* + * Copyright (C) 2008 Martin Willi + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "x509.h" + +ENUM(x509_flag_names, X509_NONE, X509_IP_ADDR_BLOCKS, + "X509_NONE", + "X509_CA", + "X509_AA", + "X509_OCSP_SIGNER", + "X509_SERVER_AUTH", + "X509_CLIENT_AUTH", + "X509_SELF_SIGNED", + "X509_IP_ADDR_BLOCKS", +); + diff --git a/src/libstrongswan/credentials/certificates/x509.h b/src/libstrongswan/credentials/certificates/x509.h index fec02dbad..3ab26c8c5 100644 --- a/src/libstrongswan/credentials/certificates/x509.h +++ b/src/libstrongswan/credentials/certificates/x509.h @@ -24,6 +24,12 @@ #include <utils/enumerator.h> #include <credentials/certificates/certificate.h> +<<<<<<< HEAD +#define X509_NO_PATH_LEN_CONSTRAINT -1 + +typedef struct x509_t x509_t; +typedef enum x509_flag_t x509_flag_t; +======= /* constraints are currently restricted to the range 0..127 */ #define X509_NO_CONSTRAINT 255 @@ -33,6 +39,7 @@ typedef struct x509_policy_mapping_t x509_policy_mapping_t; typedef struct x509_cdp_t x509_cdp_t; typedef enum x509_flag_t x509_flag_t; typedef enum x509_constraint_t x509_constraint_t; +>>>>>>> upstream/4.5.1 /** * X.509 certificate flags. @@ -54,6 +61,14 @@ enum x509_flag_t { X509_SELF_SIGNED = (1<<5), /** cert has an ipAddrBlocks extension */ X509_IP_ADDR_BLOCKS = (1<<6), +<<<<<<< HEAD +}; + +/** + * enum names for x509 flags + */ +extern enum_name_t *x509_flag_names; +======= /** cert has CRL sign key usage */ X509_CRL_SIGN = (1<<7), }; @@ -103,6 +118,7 @@ struct x509_cdp_t { /** CRL issuer */ identification_t *issuer; }; +>>>>>>> upstream/4.5.1 /** * X.509 certificate interface. @@ -146,12 +162,20 @@ struct x509_t { chunk_t (*get_authKeyIdentifier)(x509_t *this); /** +<<<<<<< HEAD + * Get an optional path length constraint. + * + * @return pathLenConstraint, -1 if no constraint exists + */ + int (*get_pathLenConstraint)(x509_t *this); +======= * Get a numerical X.509 constraint. * * @param type type of constraint to get * @return constraint, X509_NO_CONSTRAINT if none found */ u_int (*get_constraint)(x509_t *this, x509_constraint_t type); +>>>>>>> upstream/4.5.1 /** * Create an enumerator over all subjectAltNames. @@ -161,9 +185,15 @@ struct x509_t { enumerator_t* (*create_subjectAltName_enumerator)(x509_t *this); /** +<<<<<<< HEAD + * Create an enumerator over all CRL URIs. + * + * @return enumerator over URIs as char* +======= * Create an enumerator over all CRL URIs and CRL Issuers. * * @return enumerator over x509_cdp_t +>>>>>>> upstream/4.5.1 */ enumerator_t* (*create_crl_uri_enumerator)(x509_t *this); @@ -180,6 +210,8 @@ struct x509_t { * @return enumerator over ipAddrBlocks as traffic_selector_t* */ enumerator_t* (*create_ipAddrBlock_enumerator)(x509_t *this); +<<<<<<< HEAD +======= /** * Create an enumerator over name constraints. @@ -204,6 +236,7 @@ struct x509_t { enumerator_t* (*create_policy_mapping_enumerator)(x509_t *this); +>>>>>>> upstream/4.5.1 }; #endif /** X509_H_ @}*/ diff --git a/src/libstrongswan/credentials/credential_manager.c b/src/libstrongswan/credentials/credential_manager.c index 27b97eab3..3e54368ff 100644 --- a/src/libstrongswan/credentials/credential_manager.c +++ b/src/libstrongswan/credentials/credential_manager.c @@ -452,8 +452,13 @@ static void cache_queue(private_credential_manager_t *this) * check a certificate for its lifetime */ static bool check_certificate(private_credential_manager_t *this, +<<<<<<< HEAD + certificate_t *subject, certificate_t *issuer, + bool online, int pathlen, auth_cfg_t *auth) +======= certificate_t *subject, certificate_t *issuer, bool online, int pathlen, bool trusted, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { time_t not_before, not_after; cert_validator_t *validator; @@ -471,12 +476,36 @@ static bool check_certificate(private_credential_manager_t *this, ¬_before, FALSE, ¬_after, FALSE); return FALSE; } +<<<<<<< HEAD + if (issuer->get_type(issuer) == CERT_X509 && + subject->get_type(subject) == CERT_X509) + { + int pathlen_constraint; + x509_t *x509; + + /* check path length constraint */ + x509 = (x509_t*)issuer; + pathlen_constraint = x509->get_pathLenConstraint(x509); + if (pathlen_constraint != X509_NO_PATH_LEN_CONSTRAINT && + pathlen > pathlen_constraint) + { + DBG1(DBG_CFG, "path length of %d violates constraint of %d", + pathlen, pathlen_constraint); + return FALSE; + } + } +======= +>>>>>>> upstream/4.5.1 enumerator = this->validators->create_enumerator(this->validators); while (enumerator->enumerate(enumerator, &validator)) { if (!validator->validate(validator, subject, issuer, +<<<<<<< HEAD + online, pathlen, auth)) +======= online, pathlen, trusted, auth)) +>>>>>>> upstream/4.5.1 { enumerator->destroy(enumerator); return FALSE; @@ -534,6 +563,8 @@ static certificate_t *get_issuer_cert(private_credential_manager_t *this, } /** +<<<<<<< HEAD +======= * Get the strength of certificate, add it to auth */ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) @@ -565,6 +596,7 @@ static void get_key_strength(certificate_t *cert, auth_cfg_t *auth) } /** +>>>>>>> upstream/4.5.1 * try to verify the trust chain of subject, return TRUE if trusted */ static bool verify_trust_chain(private_credential_manager_t *this, @@ -576,9 +608,13 @@ static bool verify_trust_chain(private_credential_manager_t *this, int pathlen; auth = auth_cfg_create(); +<<<<<<< HEAD + current = subject->get_ref(subject); +======= get_key_strength(subject, auth); current = subject->get_ref(subject); auth->add(auth, AUTH_RULE_SUBJECT_CERT, current->get_ref(current)); +>>>>>>> upstream/4.5.1 for (pathlen = 0; pathlen <= MAX_TRUST_PATH_LEN; pathlen++) { @@ -623,17 +659,25 @@ static bool verify_trust_chain(private_credential_manager_t *this, break; } } +<<<<<<< HEAD + if (!check_certificate(this, current, issuer, online, pathlen, + current == subject ? auth : NULL)) +======= if (!check_certificate(this, current, issuer, online, pathlen, trusted, auth)) +>>>>>>> upstream/4.5.1 { trusted = FALSE; issuer->destroy(issuer); break; } +<<<<<<< HEAD +======= if (issuer) { get_key_strength(issuer, auth); } +>>>>>>> upstream/4.5.1 current->destroy(current); current = issuer; if (trusted) @@ -657,6 +701,8 @@ static bool verify_trust_chain(private_credential_manager_t *this, } /** +<<<<<<< HEAD +======= * List find match function for certificates */ static bool cert_equals(certificate_t *a, certificate_t *b) @@ -665,6 +711,7 @@ static bool cert_equals(certificate_t *a, certificate_t *b) } /** +>>>>>>> upstream/4.5.1 * enumerator for trusted certificates */ typedef struct { @@ -684,8 +731,11 @@ typedef struct { certificate_t *pretrusted; /** currently enumerating auth config */ auth_cfg_t *auth; +<<<<<<< HEAD +======= /** list of failed candidates */ linked_list_t *failed; +>>>>>>> upstream/4.5.1 } trusted_enumerator_t; METHOD(enumerator_t, trusted_enumerate, bool, @@ -713,6 +763,13 @@ METHOD(enumerator_t, trusted_enumerate, bool, verify_trust_chain(this->this, this->pretrusted, this->auth, TRUE, this->online)) { +<<<<<<< HEAD + this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, + this->pretrusted->get_ref(this->pretrusted)); + DBG1(DBG_CFG, " using trusted certificate \"%Y\"", + this->pretrusted->get_subject(this->pretrusted)); + *cert = this->pretrusted; +======= DBG1(DBG_CFG, " using trusted certificate \"%Y\"", this->pretrusted->get_subject(this->pretrusted)); *cert = this->pretrusted; @@ -721,6 +778,7 @@ METHOD(enumerator_t, trusted_enumerate, bool, this->auth->add(this->auth, AUTH_RULE_SUBJECT_CERT, this->pretrusted->get_ref(this->pretrusted)); } +>>>>>>> upstream/4.5.1 if (auth) { *auth = this->auth; @@ -738,12 +796,15 @@ METHOD(enumerator_t, trusted_enumerate, bool, continue; } +<<<<<<< HEAD +======= if (this->failed->find_first(this->failed, (void*)cert_equals, NULL, current) == SUCCESS) { /* check each candidate only once */ continue; } +>>>>>>> upstream/4.5.1 DBG1(DBG_CFG, " using certificate \"%Y\"", current->get_subject(current)); if (verify_trust_chain(this->this, current, this->auth, FALSE, @@ -756,7 +817,10 @@ METHOD(enumerator_t, trusted_enumerate, bool, } return TRUE; } +<<<<<<< HEAD +======= this->failed->insert_last(this->failed, current->get_ref(current)); +>>>>>>> upstream/4.5.1 } return FALSE; } @@ -767,7 +831,10 @@ METHOD(enumerator_t, trusted_destroy, void, DESTROY_IF(this->pretrusted); DESTROY_IF(this->auth); DESTROY_IF(this->candidates); +<<<<<<< HEAD +======= this->failed->destroy_offset(this->failed, offsetof(certificate_t, destroy)); +>>>>>>> upstream/4.5.1 free(this); } @@ -786,7 +853,10 @@ METHOD(credential_manager_t, create_trusted_enumerator, enumerator_t*, .type = type, .id = id, .online = online, +<<<<<<< HEAD +======= .failed = linked_list_create(), +>>>>>>> upstream/4.5.1 ); return &enumerator->public; } diff --git a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c index 225fabe31..046ccfd12 100644 --- a/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c +++ b/src/libstrongswan/credentials/sets/auth_cfg_wrapper.c @@ -132,8 +132,12 @@ static bool enumerate(wrapper_enumerator_t *this, certificate_t **cert) } } else if (rule != AUTH_HELPER_SUBJECT_CERT && +<<<<<<< HEAD + rule != AUTH_HELPER_IM_CERT) +======= rule != AUTH_HELPER_IM_CERT && rule != AUTH_HELPER_REVOCATION_CERT) +>>>>>>> upstream/4.5.1 { /* handle only HELPER certificates */ continue; } diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index e023e8443..5a2385b72 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -1,6 +1,9 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperwsil +>>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -56,11 +59,14 @@ struct private_mem_cred_t { * List of shared keys, as shared_entry_t */ linked_list_t *shared; +<<<<<<< HEAD +======= /** * List of CDPs, as cdp_t */ linked_list_t *cdps; +>>>>>>> upstream/4.5.1 }; /** @@ -151,6 +157,23 @@ static bool certificate_equals(certificate_t *item, certificate_t *cert) return item->equals(item, cert); } +<<<<<<< HEAD +METHOD(mem_cred_t, add_cert, void, + private_mem_cred_t *this, bool trusted, certificate_t *cert) +{ + this->lock->write_lock(this->lock); + if (this->untrusted->find_last(this->untrusted, + (linked_list_match_t)certificate_equals, NULL, cert) != SUCCESS) + { + if (trusted) + { + this->trusted->insert_last(this->trusted, cert->get_ref(cert)); + } + this->untrusted->insert_last(this->untrusted, cert->get_ref(cert)); + } + cert->destroy(cert); + this->lock->unlock(this->lock); +======= /** * Add a certificate the the cache. Returns a reference to "cert" or a * previously cached certificate that equals "cert". @@ -249,6 +272,7 @@ METHOD(mem_cred_t, add_crl, bool, } this->lock->unlock(this->lock); return new; +>>>>>>> upstream/4.5.1 } /** @@ -308,7 +332,11 @@ METHOD(mem_cred_t, add_key, void, private_mem_cred_t *this, private_key_t *key) { this->lock->write_lock(this->lock); +<<<<<<< HEAD + this->keys->insert_last(this->keys, key); +======= this->keys->insert_first(this->keys, key); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -432,6 +460,20 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*, (void*)shared_filter, data, (void*)shared_data_destroy); } +<<<<<<< HEAD +METHOD(mem_cred_t, add_shared, void, + private_mem_cred_t *this, shared_key_t *shared, ...) +{ + shared_entry_t *entry; + identification_t *id; + va_list args; + + INIT(entry, + .shared = shared, + .owners = linked_list_create(), + ); + +======= METHOD(mem_cred_t, add_shared_list, void, private_mem_cred_t *this, shared_key_t *shared, linked_list_t* owners) { @@ -454,18 +496,27 @@ METHOD(mem_cred_t, add_shared, void, linked_list_t *owners = linked_list_create(); va_list args; +>>>>>>> upstream/4.5.1 va_start(args, shared); do { id = va_arg(args, identification_t*); if (id) { +<<<<<<< HEAD + entry->owners->insert_last(entry->owners, id); +======= owners->insert_first(owners, id); +>>>>>>> upstream/4.5.1 } } while (id); va_end(args); +<<<<<<< HEAD + this->lock->write_lock(this->lock); + this->shared->insert_last(this->shared, entry); +======= add_shared_list(this, shared, owners); } @@ -563,6 +614,7 @@ METHOD(mem_cred_t, clear_secrets, void, this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); this->keys = linked_list_create(); this->shared = linked_list_create(); +>>>>>>> upstream/4.5.1 this->lock->unlock(this->lock); } @@ -574,6 +626,15 @@ METHOD(mem_cred_t, clear_, void, offsetof(certificate_t, destroy)); this->untrusted->destroy_offset(this->untrusted, offsetof(certificate_t, destroy)); +<<<<<<< HEAD + this->keys->destroy_offset(this->keys, offsetof(private_key_t, destroy)); + this->shared->destroy_function(this->shared, (void*)shared_entry_destroy); + this->trusted = linked_list_create(); + this->untrusted = linked_list_create(); + this->keys = linked_list_create(); + this->shared = linked_list_create(); + this->lock->unlock(this->lock); +======= this->cdps->destroy_function(this->cdps, (void*)cdp_destroy); this->trusted = linked_list_create(); this->untrusted = linked_list_create(); @@ -581,6 +642,7 @@ METHOD(mem_cred_t, clear_, void, this->lock->unlock(this->lock); clear_secrets(this); +>>>>>>> upstream/4.5.1 } METHOD(mem_cred_t, destroy, void, @@ -591,7 +653,10 @@ METHOD(mem_cred_t, destroy, void, this->untrusted->destroy(this->untrusted); this->keys->destroy(this->keys); this->shared->destroy(this->shared); +<<<<<<< HEAD +======= this->cdps->destroy(this->cdps); +>>>>>>> upstream/4.5.1 this->lock->destroy(this->lock); free(this); } @@ -609,6 +674,15 @@ mem_cred_t *mem_cred_create() .create_shared_enumerator = _create_shared_enumerator, .create_private_enumerator = _create_private_enumerator, .create_cert_enumerator = _create_cert_enumerator, +<<<<<<< HEAD + .create_cdp_enumerator = (void*)return_null, + .cache_cert = (void*)nop, + }, + .add_cert = _add_cert, + .add_key = _add_key, + .add_shared = _add_shared, + .clear = _clear_, +======= .create_cdp_enumerator = _create_cdp_enumerator, .cache_cert = (void*)nop, }, @@ -621,13 +695,17 @@ mem_cred_t *mem_cred_create() .add_cdp = _add_cdp, .clear = _clear_, .clear_secrets = _clear_secrets, +>>>>>>> upstream/4.5.1 .destroy = _destroy, }, .trusted = linked_list_create(), .untrusted = linked_list_create(), .keys = linked_list_create(), .shared = linked_list_create(), +<<<<<<< HEAD +======= .cdps = linked_list_create(), +>>>>>>> upstream/4.5.1 .lock = rwlock_create(RWLOCK_TYPE_DEFAULT), ); diff --git a/src/libstrongswan/credentials/sets/mem_cred.h b/src/libstrongswan/credentials/sets/mem_cred.h index eb46b065b..274e07566 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.h +++ b/src/libstrongswan/credentials/sets/mem_cred.h @@ -1,6 +1,9 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner * Hochschule fuer Technik Rapperswil +>>>>>>> upstream/4.5.1 * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -26,8 +29,11 @@ typedef struct mem_cred_t mem_cred_t; #include <credentials/credential_set.h> +<<<<<<< HEAD +======= #include <credentials/certificates/crl.h> #include <utils/linked_list.h> +>>>>>>> upstream/4.5.1 /** * Generic in-memory credential set. @@ -48,6 +54,8 @@ struct mem_cred_t { void (*add_cert)(mem_cred_t *this, bool trusted, certificate_t *cert); /** +<<<<<<< HEAD +======= * Add a certificate to the credential set, returning a reference to it or * to a cached duplicate. * @@ -68,6 +76,7 @@ struct mem_cred_t { bool (*add_crl)(mem_cred_t *this, crl_t *crl); /** +>>>>>>> upstream/4.5.1 * Add a private key to the credential set. * * @param key key, reference gets owned by set @@ -78,11 +87,17 @@ struct mem_cred_t { * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set +<<<<<<< HEAD + * @param ... NULL terminated list of owners identification_t* +======= * @param ... NULL terminated list of owners (identification_t*) +>>>>>>> upstream/4.5.1 */ void (*add_shared)(mem_cred_t *this, shared_key_t *shared, ...); /** +<<<<<<< HEAD +======= * Add a shared key to the credential set. * * @param shared shared key to add, gets owned by set @@ -101,17 +116,21 @@ struct mem_cred_t { identification_t *id, char *uri); /** +>>>>>>> upstream/4.5.1 * Clear all credentials from the credential set. */ void (*clear)(mem_cred_t *this); /** +<<<<<<< HEAD +======= * Clear the secrets (private and shared keys, not the certificates) from * the credential set. */ void (*clear_secrets)(mem_cred_t *this); /** +>>>>>>> upstream/4.5.1 * Destroy a mem_cred_t. */ void (*destroy)(mem_cred_t *this); diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index 2d13896d6..96b4630f7 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -20,6 +20,15 @@ #include <utils/linked_list.h> #include <crypto/crypto_tester.h> +<<<<<<< HEAD +typedef struct entry_t entry_t; +struct entry_t { + /* algorithm */ + u_int algo; + /* benchmarked speed */ + u_int speed; + /* constructor */ +======= const char *default_plugin_name = "default"; typedef struct entry_t entry_t; @@ -43,6 +52,7 @@ struct entry_t { /** * constructor */ +>>>>>>> upstream/4.5.1 union { crypter_constructor_t create_crypter; aead_constructor_t create_aead; @@ -144,8 +154,12 @@ METHOD(crypto_factory_t, create_crypter, crypter_t*, { if (this->test_on_create && !this->tester->test_crypter(this->tester, algo, key_size, +<<<<<<< HEAD + entry->create_crypter, NULL)) +======= entry->create_crypter, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -177,8 +191,12 @@ METHOD(crypto_factory_t, create_aead, aead_t*, { if (this->test_on_create && !this->tester->test_aead(this->tester, algo, key_size, +<<<<<<< HEAD + entry->create_aead, NULL)) +======= entry->create_aead, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -209,8 +227,12 @@ METHOD(crypto_factory_t, create_signer, signer_t*, { if (this->test_on_create && !this->tester->test_signer(this->tester, algo, +<<<<<<< HEAD + entry->create_signer, NULL)) +======= entry->create_signer, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -242,8 +264,12 @@ METHOD(crypto_factory_t, create_hasher, hasher_t*, { if (this->test_on_create && algo != HASH_PREFERRED && !this->tester->test_hasher(this->tester, algo, +<<<<<<< HEAD + entry->create_hasher, NULL)) +======= entry->create_hasher, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -274,8 +300,12 @@ METHOD(crypto_factory_t, create_prf, prf_t*, { if (this->test_on_create && !this->tester->test_prf(this->tester, algo, +<<<<<<< HEAD + entry->create_prf, NULL)) +======= entry->create_prf, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -307,8 +337,12 @@ METHOD(crypto_factory_t, create_rng, rng_t*, { if (this->test_on_create && !this->tester->test_rng(this->tester, quality, +<<<<<<< HEAD + entry->create_rng, NULL)) +======= entry->create_rng, NULL, default_plugin_name)) +>>>>>>> upstream/4.5.1 { continue; } @@ -372,8 +406,12 @@ METHOD(crypto_factory_t, create_dh, diffie_hellman_t*, * Insert an algorithm entry to a list */ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, +<<<<<<< HEAD + int algo, u_int speed, void *create) +======= int algo, const char *plugin_name, u_int speed, void *create) +>>>>>>> upstream/4.5.1 { entry_t *entry, *current; linked_list_t *tmp; @@ -381,7 +419,10 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, INIT(entry, .algo = algo, +<<<<<<< HEAD +======= .plugin_name = plugin_name, +>>>>>>> upstream/4.5.1 .speed = speed, ); entry->create = create; @@ -415,16 +456,27 @@ static void add_entry(private_crypto_factory_t *this, linked_list_t *list, } METHOD(crypto_factory_t, add_crypter, void, +<<<<<<< HEAD + private_crypto_factory_t *this, encryption_algorithm_t algo, + crypter_constructor_t create) +======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, crypter_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_crypter(this->tester, algo, 0, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->crypters, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->crypters, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -449,16 +501,27 @@ METHOD(crypto_factory_t, remove_crypter, void, } METHOD(crypto_factory_t, add_aead, void, +<<<<<<< HEAD + private_crypto_factory_t *this, encryption_algorithm_t algo, + aead_constructor_t create) +======= private_crypto_factory_t *this, encryption_algorithm_t algo, const char *plugin_name, aead_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_aead(this->tester, algo, 0, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->aeads, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->aeads, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -483,16 +546,27 @@ METHOD(crypto_factory_t, remove_aead, void, } METHOD(crypto_factory_t, add_signer, void, +<<<<<<< HEAD + private_crypto_factory_t *this, integrity_algorithm_t algo, + signer_constructor_t create) +======= private_crypto_factory_t *this, integrity_algorithm_t algo, const char *plugin_name, signer_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_signer(this->tester, algo, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->signers, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->signers, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -517,16 +591,27 @@ METHOD(crypto_factory_t, remove_signer, void, } METHOD(crypto_factory_t, add_hasher, void, +<<<<<<< HEAD + private_crypto_factory_t *this, hash_algorithm_t algo, + hasher_constructor_t create) +======= private_crypto_factory_t *this, hash_algorithm_t algo, const char *plugin_name, hasher_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_hasher(this->tester, algo, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->hashers, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->hashers, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -551,16 +636,27 @@ METHOD(crypto_factory_t, remove_hasher, void, } METHOD(crypto_factory_t, add_prf, void, +<<<<<<< HEAD + private_crypto_factory_t *this, pseudo_random_function_t algo, + prf_constructor_t create) +======= private_crypto_factory_t *this, pseudo_random_function_t algo, const char *plugin_name, prf_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_prf(this->tester, algo, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->prfs, algo, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->prfs, algo, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -586,15 +682,25 @@ METHOD(crypto_factory_t, remove_prf, void, METHOD(crypto_factory_t, add_rng, void, private_crypto_factory_t *this, rng_quality_t quality, +<<<<<<< HEAD + rng_constructor_t create) +======= const char *plugin_name, rng_constructor_t create) +>>>>>>> upstream/4.5.1 { u_int speed = 0; if (!this->test_on_add || this->tester->test_rng(this->tester, quality, create, +<<<<<<< HEAD + this->bench ? &speed : NULL)) + { + add_entry(this, this->rngs, quality, speed, create); +======= this->bench ? &speed : NULL, plugin_name)) { add_entry(this, this->rngs, quality, plugin_name, speed, create); +>>>>>>> upstream/4.5.1 } } @@ -619,10 +725,17 @@ METHOD(crypto_factory_t, remove_rng, void, } METHOD(crypto_factory_t, add_dh, void, +<<<<<<< HEAD + private_crypto_factory_t *this, diffie_hellman_group_t group, + dh_constructor_t create) +{ + add_entry(this, this->dhs, group, 0, create); +======= private_crypto_factory_t *this, diffie_hellman_group_t group, const char *plugin_name, dh_constructor_t create) { add_entry(this, this->dhs, group, plugin_name, 0, create); +>>>>>>> upstream/4.5.1 } METHOD(crypto_factory_t, remove_dh, void, @@ -684,11 +797,17 @@ static enumerator_t *create_enumerator(private_crypto_factory_t *this, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo) +{ + *algo = (*entry)->algo; +======= static bool crypter_filter(void *n, entry_t **entry, encryption_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -707,11 +826,17 @@ METHOD(crypto_factory_t, create_aead_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo) +{ + *algo = (*entry)->algo; +======= static bool signer_filter(void *n, entry_t **entry, integrity_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -724,11 +849,17 @@ METHOD(crypto_factory_t, create_signer_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo) +{ + *algo = (*entry)->algo; +======= static bool hasher_filter(void *n, entry_t **entry, hash_algorithm_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -741,11 +872,17 @@ METHOD(crypto_factory_t, create_hasher_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo) +{ + *algo = (*entry)->algo; +======= static bool prf_filter(void *n, entry_t **entry, pseudo_random_function_t *algo, void *i2, const char **plugin_name) { *algo = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -758,11 +895,17 @@ METHOD(crypto_factory_t, create_prf_enumerator, enumerator_t*, /** * Filter function to enumerate algorithm, not entry */ +<<<<<<< HEAD +static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group) +{ + *group = (*entry)->algo; +======= static bool dh_filter(void *n, entry_t **entry, diffie_hellman_group_t *group, void *i2, const char **plugin_name) { *group = (*entry)->algo; *plugin_name = (*entry)->plugin_name; +>>>>>>> upstream/4.5.1 return TRUE; } @@ -772,6 +915,8 @@ METHOD(crypto_factory_t, create_dh_enumerator, enumerator_t*, return create_enumerator(this, this->dhs, dh_filter); } +<<<<<<< HEAD +======= /** * Filter function to enumerate algorithm, not entry */ @@ -788,6 +933,7 @@ METHOD(crypto_factory_t, create_rng_enumerator, enumerator_t*, { return create_enumerator(this, this->rngs, rng_filter); } +>>>>>>> upstream/4.5.1 METHOD(crypto_factory_t, add_test_vector, void, private_crypto_factory_t *this, transform_type_t type, void *vector) { @@ -862,7 +1008,10 @@ crypto_factory_t *crypto_factory_create() .create_hasher_enumerator = _create_hasher_enumerator, .create_prf_enumerator = _create_prf_enumerator, .create_dh_enumerator = _create_dh_enumerator, +<<<<<<< HEAD +======= .create_rng_enumerator = _create_rng_enumerator, +>>>>>>> upstream/4.5.1 .add_test_vector = _add_test_vector, .destroy = _destroy, }, diff --git a/src/libstrongswan/crypto/crypto_factory.h b/src/libstrongswan/crypto/crypto_factory.h index 8e5db6355..61c46b59c 100644 --- a/src/libstrongswan/crypto/crypto_factory.h +++ b/src/libstrongswan/crypto/crypto_factory.h @@ -33,8 +33,11 @@ typedef struct crypto_factory_t crypto_factory_t; #include <crypto/diffie_hellman.h> #include <crypto/transform.h> +<<<<<<< HEAD +======= #define CRYPTO_MAX_ALG_LINE 120 /* characters */ +>>>>>>> upstream/4.5.1 /** * Constructor function for crypters */ @@ -146,12 +149,19 @@ struct crypto_factory_t { * Register a crypter constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_crypter)(crypto_factory_t *this, encryption_algorithm_t algo, +<<<<<<< HEAD + crypter_constructor_t create); +======= const char *plugin_name, crypter_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a crypter constructor. @@ -171,23 +181,37 @@ struct crypto_factory_t { * Register a aead constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_aead)(crypto_factory_t *this, encryption_algorithm_t algo, +<<<<<<< HEAD + aead_constructor_t create); +======= const char *plugin_name, aead_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Register a signer constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_signer)(crypto_factory_t *this, integrity_algorithm_t algo, +<<<<<<< HEAD + signer_constructor_t create); +======= const char *plugin_name, signer_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a signer constructor. @@ -203,12 +227,19 @@ struct crypto_factory_t { * create_hasher(HASH_PREFERRED). * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_hasher)(crypto_factory_t *this, hash_algorithm_t algo, +<<<<<<< HEAD + hasher_constructor_t create); +======= const char *plugin_name, hasher_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a hasher constructor. @@ -221,12 +252,19 @@ struct crypto_factory_t { * Register a prf constructor. * * @param algo algorithm to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_prf)(crypto_factory_t *this, pseudo_random_function_t algo, +<<<<<<< HEAD + prf_constructor_t create); +======= const char *plugin_name, prf_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a prf constructor. @@ -239,11 +277,17 @@ struct crypto_factory_t { * Register a source of randomness. * * @param quality quality of randomness this RNG serves +<<<<<<< HEAD + * @param create constructor function for such a quality + */ + void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, rng_constructor_t create); +======= * @param plugin_name plugin that registered this algorithm * @param create constructor function for such a quality */ void (*add_rng)(crypto_factory_t *this, rng_quality_t quality, const char *plugin_name, rng_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a source of randomness. @@ -256,12 +300,19 @@ struct crypto_factory_t { * Register a diffie hellman constructor. * * @param group dh group to constructor +<<<<<<< HEAD +======= * @param plugin_name plugin that registered this algorithm +>>>>>>> upstream/4.5.1 * @param create constructor function for that algorithm * @return */ void (*add_dh)(crypto_factory_t *this, diffie_hellman_group_t group, +<<<<<<< HEAD + dh_constructor_t create); +======= const char *plugin_name, dh_constructor_t create); +>>>>>>> upstream/4.5.1 /** * Unregister a diffie hellman constructor. @@ -313,6 +364,8 @@ struct crypto_factory_t { enumerator_t* (*create_dh_enumerator)(crypto_factory_t *this); /** +<<<<<<< HEAD +======= * Create an enumerator over all registered random generators. * * @return enumerator over rng_quality_t @@ -320,6 +373,7 @@ struct crypto_factory_t { enumerator_t* (*create_rng_enumerator)(crypto_factory_t *this); /** +>>>>>>> upstream/4.5.1 * Add a test vector to the crypto factory. * * @param type type of the test vector diff --git a/src/libstrongswan/crypto/crypto_tester.c b/src/libstrongswan/crypto/crypto_tester.c index 276f4329a..d4a8728e2 100644 --- a/src/libstrongswan/crypto/crypto_tester.c +++ b/src/libstrongswan/crypto/crypto_tester.c @@ -165,7 +165,11 @@ static u_int bench_crypter(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_crypter, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, +<<<<<<< HEAD + crypter_constructor_t create, u_int *speed) +======= crypter_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; crypter_test_vector_t *vector; @@ -188,11 +192,15 @@ METHOD(crypto_tester_t, test_crypter, bool, } crypter = create(alg, vector->key_size); if (!crypter) +<<<<<<< HEAD + { /* key size not supported... */ +======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; +>>>>>>> upstream/4.5.1 continue; } @@ -235,14 +243,25 @@ METHOD(crypto_tester_t, test_crypter, bool, crypter->destroy(crypter); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + encryption_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + encryption_algorithm_names, alg); + return !this->required; +======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", @@ -256,12 +275,22 @@ METHOD(crypto_tester_t, test_crypter, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } +>>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_crypter(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + encryption_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + encryption_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", encryption_algorithm_names, alg, tested, plugin_name, *speed); } @@ -269,6 +298,7 @@ METHOD(crypto_tester_t, test_crypter, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -324,7 +354,11 @@ static u_int bench_aead(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_aead, bool, private_crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, +<<<<<<< HEAD + aead_constructor_t create, u_int *speed) +======= aead_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; aead_test_vector_t *vector; @@ -348,11 +382,15 @@ METHOD(crypto_tester_t, test_aead, bool, } aead = create(alg, vector->key_size); if (!aead) +<<<<<<< HEAD + { /* key size not supported... */ +======= { DBG1(DBG_LIB, "%N[%s]: %u bit key size not supported", encryption_algorithm_names, alg, plugin_name, BITS_PER_BYTE * vector->key_size); failed = TRUE; +>>>>>>> upstream/4.5.1 continue; } @@ -405,14 +443,25 @@ METHOD(crypto_tester_t, test_aead, bool, aead->destroy(aead); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + encryption_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", encryption_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + encryption_algorithm_names, alg); + return !this->required; +======= if (failed) { DBG1(DBG_LIB,"disable %N[%s]: no key size supported", @@ -426,12 +475,22 @@ METHOD(crypto_tester_t, test_aead, bool, encryption_algorithm_names, alg, plugin_name); return !this->required; } +>>>>>>> upstream/4.5.1 } if (!failed) { if (speed) { *speed = bench_aead(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + encryption_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + encryption_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", encryption_algorithm_names, alg, plugin_name, tested, *speed); } @@ -439,6 +498,7 @@ METHOD(crypto_tester_t, test_aead, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", encryption_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -486,7 +546,11 @@ static u_int bench_signer(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_signer, bool, private_crypto_tester_t *this, integrity_algorithm_t alg, +<<<<<<< HEAD + signer_constructor_t create, u_int *speed) +======= signer_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; signer_test_vector_t *vector; @@ -508,8 +572,13 @@ METHOD(crypto_tester_t, test_signer, bool, signer = create(alg); if (!signer) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + integrity_algorithm_names, alg); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", integrity_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -564,17 +633,28 @@ METHOD(crypto_tester_t, test_signer, bool, signer->destroy(signer); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + integrity_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", integrity_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + integrity_algorithm_names, alg); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", integrity_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -582,6 +662,15 @@ METHOD(crypto_tester_t, test_signer, bool, if (speed) { *speed = bench_signer(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + integrity_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + integrity_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", integrity_algorithm_names, alg, plugin_name, tested, *speed); } @@ -589,6 +678,7 @@ METHOD(crypto_tester_t, test_signer, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", integrity_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -630,7 +720,11 @@ static u_int bench_hasher(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_hasher, bool, private_crypto_tester_t *this, hash_algorithm_t alg, +<<<<<<< HEAD + hasher_constructor_t create, u_int *speed) +======= hasher_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; hasher_test_vector_t *vector; @@ -652,8 +746,13 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher = create(alg); if (!hasher) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + hash_algorithm_names, alg); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", hash_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -695,17 +794,28 @@ METHOD(crypto_tester_t, test_hasher, bool, hasher->destroy(hasher); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + hash_algorithm_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", hash_algorithm_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + hash_algorithm_names, alg); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", hash_algorithm_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -713,6 +823,15 @@ METHOD(crypto_tester_t, test_hasher, bool, if (speed) { *speed = bench_hasher(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + hash_algorithm_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + hash_algorithm_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", hash_algorithm_names, alg, plugin_name, tested, *speed); } @@ -720,6 +839,7 @@ METHOD(crypto_tester_t, test_hasher, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", hash_algorithm_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -761,7 +881,11 @@ static u_int bench_prf(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_prf, bool, private_crypto_tester_t *this, pseudo_random_function_t alg, +<<<<<<< HEAD + prf_constructor_t create, u_int *speed) +======= prf_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; prf_test_vector_t *vector; @@ -783,8 +907,13 @@ METHOD(crypto_tester_t, test_prf, bool, prf = create(alg); if (!prf) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + pseudo_random_function_names, alg); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", pseudo_random_function_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -837,17 +966,28 @@ METHOD(crypto_tester_t, test_prf, bool, prf->destroy(prf); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + pseudo_random_function_names, alg, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", pseudo_random_function_names, alg, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? "disabled" : "enabled ", + pseudo_random_function_names, alg); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? "disabled" : "enabled ", pseudo_random_function_names, alg, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -855,6 +995,15 @@ METHOD(crypto_tester_t, test_prf, bool, if (speed) { *speed = bench_prf(this, alg, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + pseudo_random_function_names, alg, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + pseudo_random_function_names, alg, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", pseudo_random_function_names, alg, plugin_name, tested, *speed); } @@ -862,6 +1011,7 @@ METHOD(crypto_tester_t, test_prf, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", pseudo_random_function_names, alg, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; @@ -900,7 +1050,11 @@ static u_int bench_rng(private_crypto_tester_t *this, METHOD(crypto_tester_t, test_rng, bool, private_crypto_tester_t *this, rng_quality_t quality, +<<<<<<< HEAD + rng_constructor_t create, u_int *speed) +======= rng_constructor_t create, u_int *speed, const char *plugin_name) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; rng_test_vector_t *vector; @@ -909,8 +1063,13 @@ METHOD(crypto_tester_t, test_rng, bool, if (!this->rng_true && quality == RNG_TRUE) { +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: skipping test (disabled by config)", + rng_quality_names, quality); +======= DBG1(DBG_LIB, "enabled %N[%s]: skipping test (disabled by config)", rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 return TRUE; } @@ -929,8 +1088,13 @@ METHOD(crypto_tester_t, test_rng, bool, rng = create(quality); if (!rng) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: creating instance failed", + rng_quality_names, quality); +======= DBG1(DBG_LIB, "disabled %N[%s]: creating instance failed", rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 failed = TRUE; break; } @@ -959,17 +1123,28 @@ METHOD(crypto_tester_t, test_rng, bool, rng->destroy(rng); if (failed) { +<<<<<<< HEAD + DBG1(DBG_LIB, "disabled %N: %s test vector failed", + rng_quality_names, quality, get_name(vector)); +======= DBG1(DBG_LIB, "disabled %N[%s]: %s test vector failed", rng_quality_names, quality, plugin_name, get_name(vector)); +>>>>>>> upstream/4.5.1 break; } } enumerator->destroy(enumerator); if (!tested) { +<<<<<<< HEAD + DBG1(DBG_LIB, "%s %N: no test vectors found", + this->required ? ", disabled" : "enabled ", + rng_quality_names, quality); +======= DBG1(DBG_LIB, "%s %N[%s]: no test vectors found", this->required ? ", disabled" : "enabled ", rng_quality_names, quality, plugin_name); +>>>>>>> upstream/4.5.1 return !this->required; } if (!failed) @@ -977,6 +1152,15 @@ METHOD(crypto_tester_t, test_rng, bool, if (speed) { *speed = bench_rng(this, quality, create); +<<<<<<< HEAD + DBG1(DBG_LIB, "enabled %N: passed %u test vectors, %d points", + rng_quality_names, quality, tested, *speed); + } + else + { + DBG1(DBG_LIB, "enabled %N: passed %u test vectors", + rng_quality_names, quality, tested); +======= DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors, %d points", rng_quality_names, quality, plugin_name, tested, *speed); } @@ -984,6 +1168,7 @@ METHOD(crypto_tester_t, test_rng, bool, { DBG1(DBG_LIB, "enabled %N[%s]: passed %u test vectors", rng_quality_names, quality, plugin_name, tested); +>>>>>>> upstream/4.5.1 } } return !failed; diff --git a/src/libstrongswan/crypto/crypto_tester.h b/src/libstrongswan/crypto/crypto_tester.h index 019c87c39..1354bec52 100644 --- a/src/libstrongswan/crypto/crypto_tester.h +++ b/src/libstrongswan/crypto/crypto_tester.h @@ -143,7 +143,11 @@ struct crypto_tester_t { */ bool (*test_crypter)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, crypter_constructor_t create, +<<<<<<< HEAD + u_int *speed); +======= u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test an aead algorithm, optionally using a specified key size. @@ -156,7 +160,11 @@ struct crypto_tester_t { */ bool (*test_aead)(crypto_tester_t *this, encryption_algorithm_t alg, size_t key_size, aead_constructor_t create, +<<<<<<< HEAD + u_int *speed); +======= u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a signer algorithm. * @@ -166,8 +174,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_signer)(crypto_tester_t *this, integrity_algorithm_t alg, +<<<<<<< HEAD + signer_constructor_t create, u_int *speed); +======= signer_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a hasher algorithm. * @@ -177,8 +189,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_hasher)(crypto_tester_t *this, hash_algorithm_t alg, +<<<<<<< HEAD + hasher_constructor_t create, u_int *speed); +======= hasher_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a PRF algorithm. * @@ -188,8 +204,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_prf)(crypto_tester_t *this, pseudo_random_function_t alg, +<<<<<<< HEAD + prf_constructor_t create, u_int *speed); +======= prf_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Test a RNG implementation. * @@ -199,8 +219,12 @@ struct crypto_tester_t { * @return TRUE if test passed */ bool (*test_rng)(crypto_tester_t *this, rng_quality_t quality, +<<<<<<< HEAD + rng_constructor_t create, u_int *speed); +======= rng_constructor_t create, u_int *speed, const char *plugin_name); +>>>>>>> upstream/4.5.1 /** * Add a test vector to test a crypter. * diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index e98a3a211..cb28d4e2d 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -82,7 +82,11 @@ extern enum_name_t *eap_type_short_names; * Lookup the EAP method type from a string. * * @param name EAP method name (such as "md5", "aka") +<<<<<<< HEAD + * @return method type, 0 if unkown +======= * @return method type, 0 if unknown +>>>>>>> upstream/4.5.1 */ eap_type_t eap_type_from_string(char *name); diff --git a/src/libstrongswan/enum.c b/src/libstrongswan/enum.c index 5c811bd17..df6a73a81 100644 --- a/src/libstrongswan/enum.c +++ b/src/libstrongswan/enum.c @@ -43,7 +43,11 @@ int enum_from_name(enum_name_t *e, char *name) { do { +<<<<<<< HEAD + int i, count = e->last - e->first; +======= int i, count = e->last - e->first + 1; +>>>>>>> upstream/4.5.1 for (i = 0; i < count; i++) { diff --git a/src/libstrongswan/fetcher/fetcher_manager.c b/src/libstrongswan/fetcher/fetcher_manager.c index b007c8b08..2c5f5f688 100644 --- a/src/libstrongswan/fetcher/fetcher_manager.c +++ b/src/libstrongswan/fetcher/fetcher_manager.c @@ -92,7 +92,11 @@ static status_t fetch(private_fetcher_manager_t *this, va_start(args, response); while (good) { +<<<<<<< HEAD + opt = va_arg(args, fetcher_option_t); +======= opt = va_arg(args, int); +>>>>>>> upstream/4.5.1 switch (opt) { case FETCH_REQUEST_DATA: @@ -109,7 +113,11 @@ static status_t fetch(private_fetcher_manager_t *this, good = fetcher->set_option(fetcher, opt, va_arg(args, u_int)); continue; case FETCH_END: +<<<<<<< HEAD + break;; +======= break; +>>>>>>> upstream/4.5.1 } break; } diff --git a/src/libstrongswan/integrity_checker.c b/src/libstrongswan/integrity_checker.c index e962aba70..7060f9ea0 100644 --- a/src/libstrongswan/integrity_checker.c +++ b/src/libstrongswan/integrity_checker.c @@ -57,8 +57,16 @@ struct private_integrity_checker_t { int checksum_count; }; +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.build_file + */ +static u_int32_t build_file(private_integrity_checker_t *this, char *file, + size_t *len) +======= METHOD(integrity_checker_t, build_file, u_int32_t, private_integrity_checker_t *this, char *file, size_t *len) +>>>>>>> upstream/4.5.1 { u_int32_t checksum; chunk_t contents; @@ -133,8 +141,16 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli) return 0; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.build_segment + */ +static u_int32_t build_segment(private_integrity_checker_t *this, void *sym, + size_t *len) +======= METHOD(integrity_checker_t, build_segment, u_int32_t, private_integrity_checker_t *this, void *sym, size_t *len) +>>>>>>> upstream/4.5.1 { chunk_t segment; Dl_info dli; @@ -174,8 +190,16 @@ static integrity_checksum_t *find_checksum(private_integrity_checker_t *this, return NULL; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.check_file + */ +static bool check_file(private_integrity_checker_t *this, + char *name, char *file) +======= METHOD(integrity_checker_t, check_file, bool, private_integrity_checker_t *this, char *name, char *file) +>>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -208,8 +232,16 @@ METHOD(integrity_checker_t, check_file, bool, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.check_segment + */ +static bool check_segment(private_integrity_checker_t *this, + char *name, void *sym) +======= METHOD(integrity_checker_t, check_segment, bool, private_integrity_checker_t *this, char *name, void *sym) +>>>>>>> upstream/4.5.1 { integrity_checksum_t *cs; u_int32_t sum; @@ -242,8 +274,15 @@ METHOD(integrity_checker_t, check_segment, bool, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.check + */ +static bool check(private_integrity_checker_t *this, char *name, void *sym) +======= METHOD(integrity_checker_t, check, bool, private_integrity_checker_t *this, char *name, void *sym) +>>>>>>> upstream/4.5.1 { Dl_info dli; @@ -263,8 +302,15 @@ METHOD(integrity_checker_t, check, bool, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of integrity_checker_t.destroy. + */ +static void destroy(private_integrity_checker_t *this) +======= METHOD(integrity_checker_t, destroy, void, private_integrity_checker_t *this) +>>>>>>> upstream/4.5.1 { if (this->handle) { @@ -278,6 +324,19 @@ METHOD(integrity_checker_t, destroy, void, */ integrity_checker_t *integrity_checker_create(char *checksum_library) { +<<<<<<< HEAD + private_integrity_checker_t *this = malloc_thing(private_integrity_checker_t); + + this->public.check_file = (bool(*)(integrity_checker_t*, char *name, char *file))check_file; + this->public.build_file = (u_int32_t(*)(integrity_checker_t*, char *file, size_t *len))build_file; + this->public.check_segment = (bool(*)(integrity_checker_t*, char *name, void *sym))check_segment; + this->public.build_segment = (u_int32_t(*)(integrity_checker_t*, void *sym, size_t *len))build_segment; + this->public.check = (bool(*)(integrity_checker_t*, char *name, void *sym))check; + this->public.destroy = (void(*)(integrity_checker_t*))destroy; + + this->checksum_count = 0; + this->handle = NULL; +======= private_integrity_checker_t *this; INIT(this, @@ -291,6 +350,7 @@ integrity_checker_t *integrity_checker_create(char *checksum_library) }, ); +>>>>>>> upstream/4.5.1 if (checksum_library) { this->handle = dlopen(checksum_library, RTLD_LAZY); diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 9835cd5b9..6e4aeb9d6 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/aes/aes_plugin.c b/src/libstrongswan/plugins/aes/aes_plugin.c index 1c060b6c8..b859d3167 100644 --- a/src/libstrongswan/plugins/aes/aes_plugin.c +++ b/src/libstrongswan/plugins/aes/aes_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "aes_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "aes"; +>>>>>>> upstream/4.5.1 typedef struct private_aes_plugin_t private_aes_plugin_t; /** @@ -56,7 +59,11 @@ plugin_t *aes_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, +======= lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)aes_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index 1a3533f03..fa255ad23 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index 251722f60..14f25d015 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c index 5232eca28..03f46a63a 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_plugin.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_plugin.c @@ -19,8 +19,11 @@ #include <library.h> #include "blowfish_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "blowfish"; +>>>>>>> upstream/4.5.1 typedef struct private_blowfish_plugin_t private_blowfish_plugin_t; /** @@ -57,7 +60,11 @@ plugin_t *blowfish_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, +======= lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)blowfish_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 371e5b2f4..504d1938a 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/ccm/ccm_plugin.c b/src/libstrongswan/plugins/ccm/ccm_plugin.c index a4c89b548..15c548e64 100644 --- a/src/libstrongswan/plugins/ccm/ccm_plugin.c +++ b/src/libstrongswan/plugins/ccm/ccm_plugin.c @@ -19,8 +19,11 @@ #include "ccm_aead.h" +<<<<<<< HEAD +======= static const char *plugin_name = "ccm"; +>>>>>>> upstream/4.5.1 typedef struct private_ccm_plugin_t private_ccm_plugin_t; /** @@ -49,12 +52,29 @@ METHOD(plugin_t, destroy, void, plugin_t *ccm_plugin_create() { private_ccm_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public.plugin.destroy = _destroy, ); +<<<<<<< HEAD + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV8, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV12, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_CCM_ICV16, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV8, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV12, + (aead_constructor_t)ccm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, + (aead_constructor_t)ccm_aead_create); +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { @@ -77,6 +97,7 @@ plugin_t *ccm_plugin_create() lib->crypto->add_aead(lib->crypto, ENCR_CAMELLIA_CCM_ICV16, plugin_name, (aead_constructor_t)ccm_aead_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 2f6be07e2..ecee15d56 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/ctr/ctr_plugin.c b/src/libstrongswan/plugins/ctr/ctr_plugin.c index 9f1bf957f..dc6cba562 100644 --- a/src/libstrongswan/plugins/ctr/ctr_plugin.c +++ b/src/libstrongswan/plugins/ctr/ctr_plugin.c @@ -19,8 +19,11 @@ #include "ctr_ipsec_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "ctr"; +>>>>>>> upstream/4.5.1 typedef struct private_ctr_plugin_t private_ctr_plugin_t; /** @@ -49,7 +52,10 @@ METHOD(plugin_t, destroy, void, plugin_t *ctr_plugin_create() { private_ctr_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public = { @@ -59,6 +65,13 @@ plugin_t *ctr_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, + (crypter_constructor_t)ctr_ipsec_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, + (crypter_constructor_t)ctr_ipsec_crypter_create); + +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { @@ -73,5 +86,6 @@ plugin_t *ctr_plugin_create() lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, plugin_name, (crypter_constructor_t)ctr_ipsec_crypter_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index e61c73041..f2192399c 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/curl/curl_fetcher.c b/src/libstrongswan/plugins/curl/curl_fetcher.c index 82e24e810..e58188098 100644 --- a/src/libstrongswan/plugins/curl/curl_fetcher.c +++ b/src/libstrongswan/plugins/curl/curl_fetcher.c @@ -104,7 +104,10 @@ METHOD(fetcher_t, fetch, status_t, METHOD(fetcher_t, set_option, bool, private_curl_fetcher_t *this, fetcher_option_t option, ...) { +<<<<<<< HEAD +======= bool supported = TRUE; +>>>>>>> upstream/4.5.1 va_list args; va_start(args, option); @@ -116,7 +119,11 @@ METHOD(fetcher_t, set_option, bool, curl_easy_setopt(this->curl, CURLOPT_POSTFIELDS, (char*)data.ptr); curl_easy_setopt(this->curl, CURLOPT_POSTFIELDSIZE, data.len); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_REQUEST_TYPE: { @@ -125,25 +132,44 @@ METHOD(fetcher_t, set_option, bool, snprintf(header, BUF_LEN, "Content-Type: %s", request_type); this->headers = curl_slist_append(this->headers, header); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_REQUEST_HEADER: { char *header = va_arg(args, char*); this->headers = curl_slist_append(this->headers, header); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_HTTP_VERSION_1_0: { curl_easy_setopt(this->curl, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_0); +<<<<<<< HEAD + return TRUE; +======= break; +>>>>>>> upstream/4.5.1 } case FETCH_TIMEOUT: { curl_easy_setopt(this->curl, CURLOPT_CONNECTTIMEOUT, va_arg(args, u_int)); +<<<<<<< HEAD + return TRUE; + } + default: + return FALSE; + } +======= break; } default: @@ -152,6 +178,7 @@ METHOD(fetcher_t, set_option, bool, } va_end(args); return supported; +>>>>>>> upstream/4.5.1 } METHOD(fetcher_t, destroy, void, diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 387da03aa..41026f407 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -34,8 +34,15 @@ struct private_curl_plugin_t { curl_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of curl_plugin_t.curltroy + */ +static void destroy(private_curl_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_curl_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)curl_fetcher_create); @@ -49,6 +56,11 @@ METHOD(plugin_t, destroy, void, plugin_t *curl_plugin_create() { CURLcode res; +<<<<<<< HEAD + private_curl_plugin_t *this = malloc_thing(private_curl_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_curl_plugin_t *this; INIT(this, @@ -58,6 +70,7 @@ plugin_t *curl_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 res = curl_global_init(CURL_GLOBAL_NOTHING); if (res == CURLE_OK) diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index e45988ca9..9f49f45f4 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/des/des_plugin.c b/src/libstrongswan/plugins/des/des_plugin.c index d420d789e..14c5420ea 100644 --- a/src/libstrongswan/plugins/des/des_plugin.c +++ b/src/libstrongswan/plugins/des/des_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "des_crypter.h" +<<<<<<< HEAD +======= static const char *plugin_name = "des"; +>>>>>>> upstream/4.5.1 typedef struct private_des_plugin_t private_des_plugin_t; /** @@ -56,11 +59,19 @@ plugin_t *des_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, + (crypter_constructor_t)des_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES, + (crypter_constructor_t)des_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, +======= lib->crypto->add_crypter(lib->crypto, ENCR_3DES, plugin_name, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES, plugin_name, (crypter_constructor_t)des_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)des_crypter_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index d1dce4679..262d64565 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c index d11b149df..75743ae2e 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_plugin.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_plugin.c @@ -31,8 +31,15 @@ struct private_dnskey_plugin_t { dnskey_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of dnskey_plugin_t.dnskeytroy + */ +static void destroy(private_dnskey_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_dnskey_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)dnskey_public_key_load); @@ -44,6 +51,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *dnskey_plugin_create() { +<<<<<<< HEAD + private_dnskey_plugin_t *this = malloc_thing(private_dnskey_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_dnskey_plugin_t *this; INIT(this, @@ -53,6 +66,7 @@ plugin_t *dnskey_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)dnskey_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index ab1ed6d00..6bd31f0e1 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index ee71f6efd..27a3b9cc6 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -106,8 +106,12 @@ static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) * 0xcb, 0x0f, 0x6c, 0x55, 0xba, 0xbb, 0x13, 0x78, * 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 */ +<<<<<<< HEAD +static void get_bytes(private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) +======= METHOD(prf_t, get_bytes, void, private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) +>>>>>>> upstream/4.5.1 { int i; u_int8_t xval[this->b]; @@ -140,6 +144,19 @@ METHOD(prf_t, get_bytes, void, /* 3.3 done already, mod q not used */ } +<<<<<<< HEAD +/** + * Implementation of prf_t.get_block_size. + */ +static size_t get_block_size(private_fips_prf_t *this) +{ + return 2 * this->b; +} +/** + * Implementation of prf_t.allocate_bytes. + */ +static void allocate_bytes(private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) +======= METHOD(prf_t, get_block_size, size_t, private_fips_prf_t *this) { @@ -147,19 +164,34 @@ METHOD(prf_t, get_block_size, size_t, } METHOD(prf_t, allocate_bytes, void, private_fips_prf_t *this, chunk_t seed, chunk_t *chunk) +>>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(get_block_size(this)); get_bytes(this, seed, chunk->ptr); } +<<<<<<< HEAD +/** + * Implementation of prf_t.get_key_size. + */ +static size_t get_key_size(private_fips_prf_t *this) +======= METHOD(prf_t, get_key_size, size_t, private_fips_prf_t *this) +>>>>>>> upstream/4.5.1 { return this->b; } +<<<<<<< HEAD +/** + * Implementation of prf_t.set_key. + */ +static void set_key(private_fips_prf_t *this, chunk_t key) +======= METHOD(prf_t, set_key, void, private_fips_prf_t *this, chunk_t key) +>>>>>>> upstream/4.5.1 { /* save key as "key mod 2^b" */ chunk_mod(this->b, key, this->key); @@ -191,8 +223,15 @@ void g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) this->keyed_prf->get_bytes(this->keyed_prf, c, res); } +<<<<<<< HEAD +/** + * Implementation of prf_t.destroy. + */ +static void destroy(private_fips_prf_t *this) +======= METHOD(prf_t, destroy, void, private_fips_prf_t *this) +>>>>>>> upstream/4.5.1 { this->keyed_prf->destroy(this->keyed_prf); free(this->key); @@ -204,6 +243,16 @@ METHOD(prf_t, destroy, void, */ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) { +<<<<<<< HEAD + private_fips_prf_t *this = malloc_thing(private_fips_prf_t); + + this->public.prf_interface.get_bytes = (void (*) (prf_t *,chunk_t,u_int8_t*))get_bytes; + this->public.prf_interface.allocate_bytes = (void (*) (prf_t*,chunk_t,chunk_t*))allocate_bytes; + this->public.prf_interface.get_block_size = (size_t (*) (prf_t*))get_block_size; + this->public.prf_interface.get_key_size = (size_t (*) (prf_t*))get_key_size; + this->public.prf_interface.set_key = (void (*) (prf_t *,chunk_t))set_key; + this->public.prf_interface.destroy = (void (*) (prf_t *))destroy; +======= private_fips_prf_t *this; INIT(this, @@ -218,6 +267,7 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo) }, }, ); +>>>>>>> upstream/4.5.1 switch (algo) { diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c index 3cce6ad91..202d6653a 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "fips_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "fips-prf"; +>>>>>>> upstream/4.5.1 typedef struct private_fips_prf_plugin_t private_fips_prf_plugin_t; /** @@ -33,8 +36,15 @@ struct private_fips_prf_plugin_t { fips_prf_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of fips_prf_plugin_t.destroy + */ +static void destroy(private_fips_prf_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_fips_prf_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_prf(lib->crypto, (prf_constructor_t)fips_prf_create); @@ -46,6 +56,14 @@ METHOD(plugin_t, destroy, void, */ plugin_t *fips_prf_plugin_create() { +<<<<<<< HEAD + private_fips_prf_plugin_t *this = malloc_thing(private_fips_prf_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, + (prf_constructor_t)fips_prf_create); +======= private_fips_prf_plugin_t *this; prf_t *prf; @@ -64,6 +82,7 @@ plugin_t *fips_prf_plugin_create() lib->crypto->add_prf(lib->crypto, PRF_FIPS_SHA1_160, plugin_name, (prf_constructor_t)fips_prf_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index 9e0b49776..7f5a59abd 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/gcm/gcm_plugin.c b/src/libstrongswan/plugins/gcm/gcm_plugin.c index a438fb073..984026778 100644 --- a/src/libstrongswan/plugins/gcm/gcm_plugin.c +++ b/src/libstrongswan/plugins/gcm/gcm_plugin.c @@ -19,8 +19,11 @@ #include "gcm_aead.h" +<<<<<<< HEAD +======= static const char *plugin_name = "gcm"; +>>>>>>> upstream/4.5.1 typedef struct private_gcm_plugin_t private_gcm_plugin_t; /** @@ -49,12 +52,23 @@ METHOD(plugin_t, destroy, void, plugin_t *gcm_plugin_create() { private_gcm_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public.plugin.destroy = _destroy, ); +<<<<<<< HEAD + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV8, + (aead_constructor_t)gcm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV12, + (aead_constructor_t)gcm_aead_create); + lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, + (aead_constructor_t)gcm_aead_create); +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 0); if (crypter) { @@ -66,6 +80,7 @@ plugin_t *gcm_plugin_create() lib->crypto->add_aead(lib->crypto, ENCR_AES_GCM_ICV16, plugin_name, (aead_constructor_t)gcm_aead_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 1bcada7dc..bb4e29b3b 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c index a53fed448..c709d497f 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_plugin.c @@ -29,8 +29,11 @@ #include <errno.h> #include <gcrypt.h> +<<<<<<< HEAD +======= static const char *plugin_name = "gcrypt"; +>>>>>>> upstream/4.5.1 typedef struct private_gcrypt_plugin_t private_gcrypt_plugin_t; /** @@ -150,6 +153,81 @@ plugin_t *gcrypt_plugin_create() ); /* hashers */ +<<<<<<< HEAD + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD4, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD5, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)gcrypt_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, + (hasher_constructor_t)gcrypt_hasher_create); + + /* crypters */ + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CTR, + (crypter_constructor_t)gcrypt_crypter_create); +#ifdef HAVE_GCRY_CIPHER_CAMELLIA + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CTR, + (crypter_constructor_t)gcrypt_crypter_create); +#endif /* HAVE_GCRY_CIPHER_CAMELLIA */ + lib->crypto->add_crypter(lib->crypto, ENCR_SERPENT_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_TWOFISH_CBC, + (crypter_constructor_t)gcrypt_crypter_create); + + /* random numbers */ + lib->crypto->add_rng(lib->crypto, RNG_WEAK, + (rng_constructor_t)gcrypt_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_STRONG, + (rng_constructor_t)gcrypt_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_TRUE, + (rng_constructor_t)gcrypt_rng_create); + + /* diffie hellman groups, using modp */ + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + (dh_constructor_t)gcrypt_dh_create); + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, +======= lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, (hasher_constructor_t)gcrypt_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, @@ -223,6 +301,7 @@ plugin_t *gcrypt_plugin_create() lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, (dh_constructor_t)gcrypt_dh_create); lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)gcrypt_dh_create_custom); /* RSA */ diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index f73bfb406..dde840936 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/gmp/gmp_plugin.c b/src/libstrongswan/plugins/gmp/gmp_plugin.c index e9bfbcc28..798602e84 100644 --- a/src/libstrongswan/plugins/gmp/gmp_plugin.c +++ b/src/libstrongswan/plugins/gmp/gmp_plugin.c @@ -20,8 +20,11 @@ #include "gmp_rsa_private_key.h" #include "gmp_rsa_public_key.h" +<<<<<<< HEAD +======= static const char *plugin_name = "gmp"; +>>>>>>> upstream/4.5.1 typedef struct private_gmp_plugin_t private_gmp_plugin_t; /** @@ -66,6 +69,32 @@ plugin_t *gmp_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)gmp_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + (dh_constructor_t)gmp_diffie_hellman_create); + + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, +======= lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, plugin_name, (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_2048_224, plugin_name, @@ -90,6 +119,7 @@ plugin_t *gmp_plugin_create() (dh_constructor_t)gmp_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)gmp_diffie_hellman_create_custom); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 72cc23b72..e8355ab21 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/hmac/hmac_plugin.c b/src/libstrongswan/plugins/hmac/hmac_plugin.c index 76d6157ae..c15a29b1c 100644 --- a/src/libstrongswan/plugins/hmac/hmac_plugin.c +++ b/src/libstrongswan/plugins/hmac/hmac_plugin.c @@ -19,8 +19,11 @@ #include "hmac_signer.h" #include "hmac_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "hmac"; +>>>>>>> upstream/4.5.1 typedef struct private_hmac_plugin_t private_hmac_plugin_t; /** @@ -50,7 +53,10 @@ METHOD(plugin_t, destroy, void, plugin_t *hmac_plugin_create() { private_hmac_plugin_t *this; +<<<<<<< HEAD +======= hasher_t *hasher; +>>>>>>> upstream/4.5.1 INIT(this, .public = { @@ -60,6 +66,39 @@ plugin_t *hmac_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_256, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA1, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_MD5, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_384, + (prf_constructor_t)hmac_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_HMAC_SHA2_512, + (prf_constructor_t)hmac_prf_create); + + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_96, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_128, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA1_160, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_128, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_256_256, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_96, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_MD5_128, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_192, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_384_384, + (signer_constructor_t)hmac_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, + (signer_constructor_t)hmac_signer_create); +======= hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher) { @@ -116,6 +155,7 @@ plugin_t *hmac_plugin_create() lib->crypto->add_signer(lib->crypto, AUTH_HMAC_SHA2_512_256, plugin_name, (signer_constructor_t)hmac_signer_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 7235784e2..7dd7e92f0 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/ldap/ldap_fetcher.c b/src/libstrongswan/plugins/ldap/ldap_fetcher.c index e6c592217..57c367ca1 100644 --- a/src/libstrongswan/plugins/ldap/ldap_fetcher.c +++ b/src/libstrongswan/plugins/ldap/ldap_fetcher.c @@ -100,8 +100,13 @@ static bool parse(LDAP *ldap, LDAPMessage *result, chunk_t *response) } +<<<<<<< HEAD +static status_t fetch(private_ldap_fetcher_t *this, char *url, + chunk_t *result, va_list args) +======= METHOD(fetcher_t, fetch, status_t, private_ldap_fetcher_t *this, char *url, chunk_t *result) +>>>>>>> upstream/4.5.1 { LDAP *ldap; LDAPURLDesc *lurl; @@ -166,8 +171,15 @@ METHOD(fetcher_t, fetch, status_t, } +<<<<<<< HEAD +/** + * Implementation of fetcher_t.set_option. + */ +static bool set_option(private_ldap_fetcher_t *this, fetcher_option_t option, ...) +======= METHOD(fetcher_t, set_option, bool, private_ldap_fetcher_t *this, fetcher_option_t option, ...) +>>>>>>> upstream/4.5.1 { va_list args; @@ -184,8 +196,15 @@ METHOD(fetcher_t, set_option, bool, } } +<<<<<<< HEAD +/** + * Implements ldap_fetcher_t.destroy + */ +static void destroy(private_ldap_fetcher_t *this) +======= METHOD(fetcher_t, destroy, void, private_ldap_fetcher_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -195,6 +214,15 @@ METHOD(fetcher_t, destroy, void, */ ldap_fetcher_t *ldap_fetcher_create() { +<<<<<<< HEAD + private_ldap_fetcher_t *this = malloc_thing(private_ldap_fetcher_t); + + this->public.interface.fetch = (status_t(*)(fetcher_t*,char*,chunk_t*))fetch; + this->public.interface.set_option = (bool(*)(fetcher_t*, fetcher_option_t option, ...))set_option; + this->public.interface.destroy = (void (*)(fetcher_t*))destroy; + + this->timeout = DEFAULT_TIMEOUT; +======= private_ldap_fetcher_t *this; INIT(this, @@ -207,6 +235,7 @@ ldap_fetcher_t *ldap_fetcher_create() }, .timeout = DEFAULT_TIMEOUT, ); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/plugins/ldap/ldap_plugin.c b/src/libstrongswan/plugins/ldap/ldap_plugin.c index 3682ddd1f..434a023ce 100644 --- a/src/libstrongswan/plugins/ldap/ldap_plugin.c +++ b/src/libstrongswan/plugins/ldap/ldap_plugin.c @@ -31,8 +31,15 @@ struct private_ldap_plugin_t { ldap_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of ldap_plugin_t.destroy + */ +static void destroy(private_ldap_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_ldap_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->fetcher->remove_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create); @@ -44,6 +51,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *ldap_plugin_create() { +<<<<<<< HEAD + private_ldap_plugin_t *this = malloc_thing(private_ldap_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_ldap_plugin_t *this; INIT(this, @@ -53,6 +65,7 @@ plugin_t *ldap_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->fetcher->add_fetcher(lib->fetcher, (fetcher_constructor_t)ldap_fetcher_create, "ldap://"); diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index ea1a7a69a..4f69538a8 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/md4/md4_plugin.c b/src/libstrongswan/plugins/md4/md4_plugin.c index cea1a61f3..cdb0fe914 100644 --- a/src/libstrongswan/plugins/md4/md4_plugin.c +++ b/src/libstrongswan/plugins/md4/md4_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "md4_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "md4"; +>>>>>>> upstream/4.5.1 typedef struct private_md4_plugin_t private_md4_plugin_t; /** @@ -33,8 +36,15 @@ struct private_md4_plugin_t { md4_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of md4_plugin_t.destroy + */ +static void destroy(private_md4_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_md4_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md4_hasher_create); @@ -46,6 +56,13 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md4_plugin_create() { +<<<<<<< HEAD + private_md4_plugin_t *this = malloc_thing(private_md4_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_MD4, +======= private_md4_plugin_t *this; INIT(this, @@ -57,6 +74,7 @@ plugin_t *md4_plugin_create() ); lib->crypto->add_hasher(lib->crypto, HASH_MD4, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)md4_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 05f101564..c0ffec7ad 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/md5/md5_plugin.c b/src/libstrongswan/plugins/md5/md5_plugin.c index d11173817..015274ddf 100644 --- a/src/libstrongswan/plugins/md5/md5_plugin.c +++ b/src/libstrongswan/plugins/md5/md5_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "md5_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "md5"; +>>>>>>> upstream/4.5.1 typedef struct private_md5_plugin_t private_md5_plugin_t; /** @@ -33,8 +36,15 @@ struct private_md5_plugin_t { md5_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of md5_plugin_t.destroy + */ +static void destroy(private_md5_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_md5_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)md5_hasher_create); @@ -46,6 +56,13 @@ METHOD(plugin_t, destroy, void, */ plugin_t *md5_plugin_create() { +<<<<<<< HEAD + private_md5_plugin_t *this = malloc_thing(private_md5_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_MD5, +======= private_md5_plugin_t *this; INIT(this, @@ -57,6 +74,7 @@ plugin_t *md5_plugin_create() ); lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)md5_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 4880415b3..7a6c57dd1 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/mysql/mysql_database.c b/src/libstrongswan/plugins/mysql/mysql_database.c index 5fbfa0f28..0b9f8285d 100644 --- a/src/libstrongswan/plugins/mysql/mysql_database.c +++ b/src/libstrongswan/plugins/mysql/mysql_database.c @@ -474,8 +474,15 @@ static bool mysql_enumerator_enumerate(mysql_enumerator_t *this, ...) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of database_t.query. + */ +static enumerator_t* query(private_mysql_database_t *this, char *sql, ...) +======= METHOD(database_t, query, enumerator_t*, private_mysql_database_t *this, char *sql, ...) +>>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -561,8 +568,15 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } +<<<<<<< HEAD +/** + * Implementation of database_t.execute. + */ +static int execute(private_mysql_database_t *this, int *rowid, char *sql, ...) +======= METHOD(database_t, execute, int, private_mysql_database_t *this, int *rowid, char *sql, ...) +>>>>>>> upstream/4.5.1 { MYSQL_STMT *stmt; va_list args; @@ -590,14 +604,28 @@ METHOD(database_t, execute, int, return affected; } +<<<<<<< HEAD +/** + * Implementation of database_t.get_driver + */ +static db_driver_t get_driver(private_mysql_database_t *this) +======= METHOD(database_t, get_driver,db_driver_t, private_mysql_database_t *this) +>>>>>>> upstream/4.5.1 { return DB_MYSQL; } +<<<<<<< HEAD +/** + * Implementation of database_t.destroy + */ +static void destroy(private_mysql_database_t *this) +======= METHOD(database_t, destroy, void, private_mysql_database_t *this) +>>>>>>> upstream/4.5.1 { this->pool->destroy_function(this->pool, (void*)conn_destroy); this->mutex->destroy(this->mutex); @@ -669,6 +697,14 @@ mysql_database_t *mysql_database_create(char *uri) return NULL; } +<<<<<<< HEAD + this = malloc_thing(private_mysql_database_t); + + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; + this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; + this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; + this->public.db.destroy = (void(*)(database_t*))destroy; +======= INIT(this, .public = { .db = { @@ -679,6 +715,7 @@ mysql_database_t *mysql_database_create(char *uri) }, }, ); +>>>>>>> upstream/4.5.1 if (!parse_uri(this, uri)) { diff --git a/src/libstrongswan/plugins/mysql/mysql_plugin.c b/src/libstrongswan/plugins/mysql/mysql_plugin.c index 65d8681cb..738bbeddb 100644 --- a/src/libstrongswan/plugins/mysql/mysql_plugin.c +++ b/src/libstrongswan/plugins/mysql/mysql_plugin.c @@ -32,8 +32,15 @@ struct private_mysql_plugin_t { mysql_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_mysql_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_mysql_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)mysql_database_create); @@ -54,6 +61,10 @@ plugin_t *mysql_plugin_create() return NULL; } +<<<<<<< HEAD + this = malloc_thing(private_mysql_plugin_t); + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= INIT(this, .public = { .plugin = { @@ -61,6 +72,7 @@ plugin_t *mysql_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)mysql_database_create); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index b43be29f1..4048bbd02 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -226,7 +226,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -265,8 +271,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index 58401faa5..7708af958 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -382,8 +382,11 @@ static private_openssl_crl_t *create_empty() }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, +<<<<<<< HEAD +======= .is_delta_crl = (void*)return_false, .create_delta_crl_uri_enumerator = (void*)enumerator_create_empty, +>>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, @@ -460,6 +463,9 @@ static bool parse_extensions(private_openssl_crl_t *this) ok = parse_crlNumber_ext(this, ext); break; default: +<<<<<<< HEAD + ok = TRUE; +======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -468,6 +474,7 @@ static bool parse_extensions(private_openssl_crl_t *this) DBG1(DBG_LIB, "found unsupported critical X.509 " "CRL extension"); } +>>>>>>> upstream/4.5.1 break; } if (!ok) diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 0050572ee..cf48b4c15 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -41,8 +41,11 @@ #include "openssl_x509.h" #include "openssl_crl.h" +<<<<<<< HEAD +======= static const char *plugin_name = "openssl"; +>>>>>>> upstream/4.5.1 typedef struct private_openssl_plugin_t private_openssl_plugin_t; /** @@ -274,6 +277,87 @@ plugin_t *openssl_plugin_create() } /* crypter */ +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_3DES, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_RC5, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_IDEA, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_CAST, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_BLOWFISH, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_DES_ECB, + (crypter_constructor_t)openssl_crypter_create); + lib->crypto->add_crypter(lib->crypto, ENCR_NULL, + (crypter_constructor_t)openssl_crypter_create); + + /* hasher */ + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD2, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD4, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD5, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)openssl_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, + (hasher_constructor_t)openssl_hasher_create); + + /* prf */ + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, + (prf_constructor_t)openssl_sha1_prf_create); + + /* (ec) diffie hellman */ + lib->crypto->add_dh(lib->crypto, MODP_2048_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_224, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_2048_256, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1536_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); +#ifndef OPENSSL_NO_EC + lib->crypto->add_dh(lib->crypto, ECP_256_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_384_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_521_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_224_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, ECP_192_BIT, + (dh_constructor_t)openssl_ec_diffie_hellman_create); +#endif /* OPENSSL_NO_EC */ + lib->crypto->add_dh(lib->crypto, MODP_3072_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_4096_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_6144_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_8192_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_1024_160, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_768_BIT, + (dh_constructor_t)openssl_diffie_hellman_create); + lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, +======= lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, (crypter_constructor_t)openssl_crypter_create); lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC, plugin_name, @@ -353,6 +437,7 @@ plugin_t *openssl_plugin_create() lib->crypto->add_dh(lib->crypto, MODP_768_BIT, plugin_name, (dh_constructor_t)openssl_diffie_hellman_create); lib->crypto->add_dh(lib->crypto, MODP_CUSTOM, plugin_name, +>>>>>>> upstream/4.5.1 (dh_constructor_t)openssl_diffie_hellman_create); /* rsa */ diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index f7495b2ae..7c7f2aa06 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -84,7 +84,11 @@ struct private_openssl_x509_t { /** * Pathlen constraint */ +<<<<<<< HEAD + int pathlen; +======= u_char pathlen; +>>>>>>> upstream/4.5.1 /** * certificate subject @@ -137,7 +141,11 @@ struct private_openssl_x509_t { linked_list_t *issuerAltNames; /** +<<<<<<< HEAD + * List of CRL URIs +======= * List of CRL URIs, as x509_cdp_t +>>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -153,6 +161,8 @@ struct private_openssl_x509_t { }; /** +<<<<<<< HEAD +======= * Destroy a CRL URI struct */ static void crl_uri_destroy(x509_cdp_t *this) @@ -163,6 +173,7 @@ static void crl_uri_destroy(x509_cdp_t *this) } /** +>>>>>>> upstream/4.5.1 * Convert a GeneralName to an identification_t. */ static identification_t *general_name2id(GENERAL_NAME *name) @@ -250,6 +261,12 @@ METHOD(x509_t, get_authKeyIdentifier, chunk_t, return chunk_empty; } +<<<<<<< HEAD +METHOD(x509_t, get_pathLenConstraint, int, + private_openssl_x509_t *this) +{ + return this->pathlen; +======= METHOD(x509_t, get_constraint, u_int, private_openssl_x509_t *this, x509_constraint_t type) { @@ -260,6 +277,7 @@ METHOD(x509_t, get_constraint, u_int, default: return X509_NO_CONSTRAINT; } +>>>>>>> upstream/4.5.1 } METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, @@ -280,6 +298,16 @@ METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, return this->ocsp_uris->create_enumerator(this->ocsp_uris); } +<<<<<<< HEAD +METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, + private_openssl_x509_t *this) +{ + /* TODO */ + return enumerator_create_empty(); +} + +======= +>>>>>>> upstream/4.5.1 METHOD(certificate_t, get_type, certificate_type_t, private_openssl_x509_t *this) { @@ -492,7 +520,11 @@ METHOD(certificate_t, destroy, void, offsetof(identification_t, destroy)); this->issuerAltNames->destroy_offset(this->issuerAltNames, offsetof(identification_t, destroy)); +<<<<<<< HEAD + this->crl_uris->destroy_function(this->crl_uris, free); +======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); +>>>>>>> upstream/4.5.1 this->ocsp_uris->destroy_function(this->ocsp_uris, free); free(this); } @@ -526,6 +558,13 @@ static private_openssl_x509_t *create_empty() .get_serial = _get_serial, .get_subjectKeyIdentifier = _get_subjectKeyIdentifier, .get_authKeyIdentifier = _get_authKeyIdentifier, +<<<<<<< HEAD + .get_pathLenConstraint = _get_pathLenConstraint, + .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, + .create_crl_uri_enumerator = _create_crl_uri_enumerator, + .create_ocsp_uri_enumerator = _create_ocsp_uri_enumerator, + .create_ipAddrBlock_enumerator = _create_ipAddrBlock_enumerator, +======= .get_constraint = _get_constraint, .create_subjectAltName_enumerator = _create_subjectAltName_enumerator, .create_crl_uri_enumerator = _create_crl_uri_enumerator, @@ -534,13 +573,18 @@ static private_openssl_x509_t *create_empty() .create_name_constraint_enumerator = (void*)enumerator_create_empty, .create_cert_policy_enumerator = (void*)enumerator_create_empty, .create_policy_mapping_enumerator = (void*)enumerator_create_empty, +>>>>>>> upstream/4.5.1 }, }, .subjectAltNames = linked_list_create(), .issuerAltNames = linked_list_create(), .crl_uris = linked_list_create(), .ocsp_uris = linked_list_create(), +<<<<<<< HEAD + .pathlen = X509_NO_PATH_LEN_CONSTRAINT, +======= .pathlen = X509_NO_CONSTRAINT, +>>>>>>> upstream/4.5.1 .ref = 1, ); @@ -586,7 +630,10 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, X509_EXTENSION *ext) { BASIC_CONSTRAINTS *constraints; +<<<<<<< HEAD +======= long pathlen; +>>>>>>> upstream/4.5.1 constraints = (BASIC_CONSTRAINTS*)X509V3_EXT_d2i(ext); if (constraints) @@ -597,10 +644,14 @@ static bool parse_basicConstraints_ext(private_openssl_x509_t *this, } if (constraints->pathlen) { +<<<<<<< HEAD + this->pathlen = ASN1_INTEGER_get(constraints->pathlen); +======= pathlen = ASN1_INTEGER_get(constraints->pathlen); this->pathlen = (pathlen >= 0 && pathlen < 128) ? pathlen : X509_NO_CONSTRAINT; +>>>>>>> upstream/4.5.1 } BASIC_CONSTRAINTS_free(constraints); return TRUE; @@ -616,10 +667,16 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { CRL_DIST_POINTS *cdps; DIST_POINT *cdp; +<<<<<<< HEAD + identification_t *id; + char *uri; + int i, j, point_num, name_num; +======= identification_t *id, *issuer; x509_cdp_t *entry; char *uri; int i, j, k, point_num, name_num, issuer_num; +>>>>>>> upstream/4.5.1 cdps = X509V3_EXT_d2i(ext); if (!cdps) @@ -644,6 +701,9 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, { if (asprintf(&uri, "%Y", id) > 0) { +<<<<<<< HEAD + this->crl_uris->insert_first(this->crl_uris, uri); +======= if (cdp->CRLissuer) { issuer_num = sk_GENERAL_NAME_num(cdp->CRLissuer); @@ -670,12 +730,16 @@ static bool parse_crlDistributionPoints_ext(private_openssl_x509_t *this, ); this->crl_uris->insert_last(this->crl_uris, entry); } +>>>>>>> upstream/4.5.1 } id->destroy(id); } } } +<<<<<<< HEAD +======= +>>>>>>> upstream/4.5.1 DIST_POINT_free(cdp); } } @@ -808,6 +872,9 @@ static bool parse_extensions(private_openssl_x509_t *this) ok = parse_crlDistributionPoints_ext(this, ext); break; default: +<<<<<<< HEAD + ok = TRUE; +======= ok = X509_EXTENSION_get_critical(ext) == 0 || !lib->settings->get_bool(lib->settings, "libstrongswan.x509.enforce_critical", TRUE); @@ -815,6 +882,7 @@ static bool parse_extensions(private_openssl_x509_t *this) { DBG1(DBG_LIB, "found unsupported critical X.509 extension"); } +>>>>>>> upstream/4.5.1 break; } if (!ok) @@ -872,6 +940,8 @@ static bool parse_certificate(private_openssl_x509_t *this) { return FALSE; } +<<<<<<< HEAD +======= if (X509_get_version(this->x509) < 0 || X509_get_version(this->x509) > 2) { DBG1(DBG_LIB, "unsupported x509 version: %d", @@ -879,6 +949,7 @@ static bool parse_certificate(private_openssl_x509_t *this) return FALSE; } +>>>>>>> upstream/4.5.1 this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); @@ -922,7 +993,11 @@ static bool parse_certificate(private_openssl_x509_t *this) if (!parse_extensions(this)) { +<<<<<<< HEAD + return TRUE; +======= return FALSE; +>>>>>>> upstream/4.5.1 } parse_extKeyUsage(this); diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 7c89d0abd..24c7441d7 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/padlock/padlock_plugin.c b/src/libstrongswan/plugins/padlock/padlock_plugin.c index 695823acf..a78f2076b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_plugin.c +++ b/src/libstrongswan/plugins/padlock/padlock_plugin.c @@ -23,8 +23,11 @@ #include <library.h> #include <debug.h> +<<<<<<< HEAD +======= static const char *plugin_name = "padlock"; +>>>>>>> upstream/4.5.1 typedef struct private_padlock_plugin_t private_padlock_plugin_t; typedef enum padlock_feature_t padlock_feature_t; @@ -163,21 +166,37 @@ plugin_t *padlock_plugin_create() if (this->features & PADLOCK_RNG_ENABLED) { +<<<<<<< HEAD + lib->crypto->add_rng(lib->crypto, RNG_TRUE, + (rng_constructor_t)padlock_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_STRONG, + (rng_constructor_t)padlock_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_WEAK, +======= lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, (rng_constructor_t)padlock_rng_create); lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, (rng_constructor_t)padlock_rng_create); lib->crypto->add_rng(lib->crypto, RNG_WEAK, plugin_name, +>>>>>>> upstream/4.5.1 (rng_constructor_t)padlock_rng_create); } if (this->features & PADLOCK_ACE2_ENABLED) { +<<<<<<< HEAD + lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, +======= lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC, plugin_name, +>>>>>>> upstream/4.5.1 (crypter_constructor_t)padlock_aes_crypter_create); } if (this->features & PADLOCK_PHE_ENABLED) { +<<<<<<< HEAD + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, +======= lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)padlock_sha1_hasher_create); } return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 60740eb35..5a2469145 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pem/pem_encoder.c b/src/libstrongswan/plugins/pem/pem_encoder.c index 9c8237e4d..2a69e4ea6 100644 --- a/src/libstrongswan/plugins/pem/pem_encoder.c +++ b/src/libstrongswan/plugins/pem/pem_encoder.c @@ -111,7 +111,11 @@ bool pem_encoder_encode(cred_encoding_type_t type, chunk_t *encoding, } /* compute and allocate maximum size of PEM object */ +<<<<<<< HEAD + pem_chars = 4*(asn1.len + 2)/3; +======= pem_chars = 4 * ((asn1.len + 2) / 3); +>>>>>>> upstream/4.5.1 pem_lines = (asn1.len + BYTES_PER_LINE - 1) / BYTES_PER_LINE; *encoding = chunk_alloc(5 + 2*(6 + strlen(label) + 6) + 3 + pem_chars + pem_lines); pos = encoding->ptr; diff --git a/src/libstrongswan/plugins/pem/pem_plugin.c b/src/libstrongswan/plugins/pem/pem_plugin.c index f2415a318..0e6a4788c 100644 --- a/src/libstrongswan/plugins/pem/pem_plugin.c +++ b/src/libstrongswan/plugins/pem/pem_plugin.c @@ -33,8 +33,15 @@ struct private_pem_plugin_t { pem_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pem_plugin_t.pemtroy + */ +static void destroy(private_pem_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pem_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pem_private_key_load); @@ -50,6 +57,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pem_plugin_create() { +<<<<<<< HEAD + private_pem_plugin_t *this = malloc_thing(private_pem_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_pem_plugin_t *this; INIT(this, @@ -59,6 +71,7 @@ plugin_t *pem_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 /* register private key PEM decoding builders */ lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_ANY, FALSE, diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index ab14f8ced..336e293be 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pgp/pgp_plugin.c b/src/libstrongswan/plugins/pgp/pgp_plugin.c index eaf0a1088..762eb061f 100644 --- a/src/libstrongswan/plugins/pgp/pgp_plugin.c +++ b/src/libstrongswan/plugins/pgp/pgp_plugin.c @@ -33,8 +33,15 @@ struct private_pgp_plugin_t { pgp_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pgp_plugin_t.pgptroy + */ +static void destroy(private_pgp_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pgp_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pgp_public_key_load); @@ -54,6 +61,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pgp_plugin_create() { +<<<<<<< HEAD + private_pgp_plugin_t *this = malloc_thing(private_pgp_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + +======= private_pgp_plugin_t *this; INIT(this, @@ -63,6 +76,7 @@ plugin_t *pgp_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pgp_public_key_load); lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, FALSE, @@ -71,8 +85,15 @@ plugin_t *pgp_plugin_create() (builder_function_t)pgp_private_key_load); lib->creds->add_builder(lib->creds, CRED_PRIVATE_KEY, KEY_RSA, FALSE, (builder_function_t)pgp_private_key_load); +<<<<<<< HEAD + + lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, + (builder_function_t)pgp_cert_load); + +======= lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_GPG, FALSE, (builder_function_t)pgp_cert_load); +>>>>>>> upstream/4.5.1 lib->encoding->add_encoder(lib->encoding, pgp_encoder_encode); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index 8ed4a08e9..2169d022c 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c index 33732f8a4..d91de0e7f 100644 --- a/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c +++ b/src/libstrongswan/plugins/pkcs1/pkcs1_plugin.c @@ -32,8 +32,15 @@ struct private_pkcs1_plugin_t { pkcs1_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pkcs1_plugin_t.pkcs1troy + */ +static void destroy(private_pkcs1_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pkcs1_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pkcs1_public_key_load); @@ -50,6 +57,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pkcs1_plugin_create() { +<<<<<<< HEAD + private_pkcs1_plugin_t *this = malloc_thing(private_pkcs1_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_pkcs1_plugin_t *this; INIT(this, @@ -59,6 +71,7 @@ plugin_t *pkcs1_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_PUBLIC_KEY, KEY_ANY, FALSE, (builder_function_t)pkcs1_public_key_load); diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index 6c03b0497..8d6bad565 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c index a81ec1147..6783699e5 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_creds.c @@ -55,6 +55,16 @@ struct private_pkcs11_creds_t { * Find certificates, optionally trusted */ static void find_certificates(private_pkcs11_creds_t *this, +<<<<<<< HEAD + CK_SESSION_HANDLE session, CK_BBOOL trusted) +{ + CK_OBJECT_CLASS class = CKO_CERTIFICATE; + CK_CERTIFICATE_TYPE type = CKC_X_509; + CK_ATTRIBUTE tmpl[] = { + {CKA_CLASS, &class, sizeof(class)}, + {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, + {CKA_TRUSTED, &trusted, sizeof(trusted)}, +======= CK_SESSION_HANDLE session) { CK_OBJECT_CLASS class = CKO_CERTIFICATE; @@ -63,12 +73,16 @@ static void find_certificates(private_pkcs11_creds_t *this, CK_ATTRIBUTE tmpl[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_CERTIFICATE_TYPE, &type, sizeof(type)}, +>>>>>>> upstream/4.5.1 }; CK_OBJECT_HANDLE object; CK_ATTRIBUTE attr[] = { {CKA_VALUE, NULL, 0}, {CKA_LABEL, NULL, 0}, +<<<<<<< HEAD +======= {CKA_TRUSTED, &trusted, sizeof(trusted)} +>>>>>>> upstream/4.5.1 }; enumerator_t *enumerator; linked_list_t *raw; @@ -76,6 +90,13 @@ static void find_certificates(private_pkcs11_creds_t *this, struct { chunk_t value; chunk_t label; +<<<<<<< HEAD + } *entry; + + raw = linked_list_create(); + enumerator = this->lib->create_object_enumerator(this->lib, + session, tmpl, countof(tmpl), attr, countof(attr)); +======= bool trusted; } *entry; int count = countof(attr); @@ -89,6 +110,7 @@ static void find_certificates(private_pkcs11_creds_t *this, } enumerator = this->lib->create_object_enumerator(this->lib, session, tmpl, countof(tmpl), attr, count); +>>>>>>> upstream/4.5.1 while (enumerator->enumerate(enumerator, &object)) { entry = malloc(sizeof(*entry)); @@ -96,7 +118,10 @@ static void find_certificates(private_pkcs11_creds_t *this, chunk_create(attr[0].pValue, attr[0].ulValueLen)); entry->label = chunk_clone( chunk_create(attr[1].pValue, attr[1].ulValueLen)); +<<<<<<< HEAD +======= entry->trusted = trusted; +>>>>>>> upstream/4.5.1 raw->insert_last(raw, entry); } enumerator->destroy(enumerator); @@ -109,10 +134,17 @@ static void find_certificates(private_pkcs11_creds_t *this, if (cert) { DBG1(DBG_CFG, " loaded %strusted cert '%.*s'", +<<<<<<< HEAD + trusted ? "" : "un", entry->label.len, entry->label.ptr); + /* trusted certificates are also returned as untrusted */ + this->untrusted->insert_last(this->untrusted, cert); + if (trusted) +======= entry->trusted ? "" : "un", entry->label.len, entry->label.ptr); /* trusted certificates are also returned as untrusted */ this->untrusted->insert_last(this->untrusted, cert); if (entry->trusted) +>>>>>>> upstream/4.5.1 { this->trusted->insert_last(this->trusted, cert->get_ref(cert)); } @@ -145,7 +177,12 @@ static bool load_certificates(private_pkcs11_creds_t *this) return FALSE; } +<<<<<<< HEAD + find_certificates(this, session, CK_TRUE); + find_certificates(this, session, CK_FALSE); +======= find_certificates(this, session); +>>>>>>> upstream/4.5.1 this->lib->f->C_CloseSession(session); return TRUE; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c index 6f7926808..6d819da34 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.c @@ -466,11 +466,14 @@ struct private_pkcs11_library_t { * Name as passed to the constructor */ char *name; +<<<<<<< HEAD +======= /** * Supported feature set */ pkcs11_feature_t features; +>>>>>>> upstream/4.5.1 }; METHOD(pkcs11_library_t, get_name, char*, @@ -479,12 +482,15 @@ METHOD(pkcs11_library_t, get_name, char*, return this->name; } +<<<<<<< HEAD +======= METHOD(pkcs11_library_t, get_features, pkcs11_feature_t, private_pkcs11_library_t *this) { return this->features; } +>>>>>>> upstream/4.5.1 /** * Object enumerator */ @@ -777,6 +783,11 @@ static CK_RV UnlockMutex(CK_VOID_PTR data) } /** +<<<<<<< HEAD + * Initialize a PKCS#11 library + */ +static bool initialize(private_pkcs11_library_t *this, char *name, char *file) +======= * Check if the library has at least a given cryptoki version */ static bool has_version(CK_INFO *info, int major, int minor) @@ -803,19 +814,27 @@ static void check_features(private_pkcs11_library_t *this, CK_INFO *info) */ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, bool os_locking) +>>>>>>> upstream/4.5.1 { CK_C_GetFunctionList pC_GetFunctionList; CK_INFO info; CK_RV rv; +<<<<<<< HEAD + CK_C_INITIALIZE_ARGS args = { +======= static CK_C_INITIALIZE_ARGS args = { +>>>>>>> upstream/4.5.1 .CreateMutex = CreateMutex, .DestroyMutex = DestroyMutex, .LockMutex = LockMutex, .UnlockMutex = UnlockMutex, }; +<<<<<<< HEAD +======= static CK_C_INITIALIZE_ARGS args_os = { .flags = CKF_OS_LOCKING_OK, }; +>>>>>>> upstream/4.5.1 pC_GetFunctionList = dlsym(this->handle, "C_GetFunctionList"); if (!pC_GetFunctionList) @@ -830,6 +849,16 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, name, ck_rv_names, rv); return FALSE; } +<<<<<<< HEAD + + rv = this->public.f->C_Initialize(&args); + if (rv == CKR_CANT_LOCK) + { /* try OS locking */ + memset(&args, 0, sizeof(args)); + args.flags = CKF_OS_LOCKING_OK; + rv = this->public.f->C_Initialize(&args); + } +======= if (os_locking) { rv = CKR_CANT_LOCK; @@ -843,6 +872,7 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, os_locking = TRUE; rv = this->public.f->C_Initialize(&args_os); } +>>>>>>> upstream/4.5.1 if (rv != CKR_OK) { DBG1(DBG_CFG, "C_Initialize() error for '%s': %N", @@ -868,26 +898,40 @@ static bool initialize(private_pkcs11_library_t *this, char *name, char *file, DBG1(DBG_CFG, " %s: %s v%d.%d", info.manufacturerID, info.libraryDescription, info.libraryVersion.major, info.libraryVersion.minor); +<<<<<<< HEAD + if (args.flags & CKF_OS_LOCKING_OK) + { + DBG1(DBG_CFG, " uses OS locking functions"); + } +======= if (os_locking) { DBG1(DBG_CFG, " uses OS locking functions"); } check_features(this, &info); +>>>>>>> upstream/4.5.1 return TRUE; } /** * See header */ +<<<<<<< HEAD +pkcs11_library_t *pkcs11_library_create(char *name, char *file) +======= pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) +>>>>>>> upstream/4.5.1 { private_pkcs11_library_t *this; INIT(this, .public = { .get_name = _get_name, +<<<<<<< HEAD +======= .get_features = _get_features, +>>>>>>> upstream/4.5.1 .create_object_enumerator = _create_object_enumerator, .create_mechanism_enumerator = _create_mechanism_enumerator, .destroy = _destroy, @@ -903,7 +947,11 @@ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_locking) return NULL; } +<<<<<<< HEAD + if (!initialize(this, name, file)) +======= if (!initialize(this, name, file, os_locking)) +>>>>>>> upstream/4.5.1 { dlclose(this->handle); free(this); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h index abe023448..384258089 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_library.h +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_library.h @@ -21,7 +21,10 @@ #ifndef PKCS11_LIBRARY_H_ #define PKCS11_LIBRARY_H_ +<<<<<<< HEAD +======= typedef enum pkcs11_feature_t pkcs11_feature_t; +>>>>>>> upstream/4.5.1 typedef struct pkcs11_library_t pkcs11_library_t; #include "pkcs11.h" @@ -30,6 +33,8 @@ typedef struct pkcs11_library_t pkcs11_library_t; #include <utils/enumerator.h> /** +<<<<<<< HEAD +======= * Optional PKCS#11 features some libraries support, some not */ enum pkcs11_feature_t { @@ -40,6 +45,7 @@ enum pkcs11_feature_t { }; /** +>>>>>>> upstream/4.5.1 * A loaded and initialized PKCS#11 library. */ struct pkcs11_library_t { @@ -57,6 +63,8 @@ struct pkcs11_library_t { char* (*get_name)(pkcs11_library_t *this); /** +<<<<<<< HEAD +======= * Get the feature set supported by this library. * * @return ORed set of features supported @@ -64,6 +72,7 @@ struct pkcs11_library_t { pkcs11_feature_t (*get_features)(pkcs11_library_t *this); /** +>>>>>>> upstream/4.5.1 * Create an enumerator over CK_OBJECT_HANDLE using a search template. * * An optional attribute array is automatically filled in with the @@ -121,9 +130,15 @@ void pkcs11_library_trim(char *str, int len); * * @param name an arbitrary name, for debugging * @param file pkcs11 library file to dlopen() +<<<<<<< HEAD + * @return library abstraction + */ +pkcs11_library_t *pkcs11_library_create(char *name, char *file); +======= * @param os_lock enforce OS Locking for this library * @return library abstraction */ pkcs11_library_t *pkcs11_library_create(char *name, char *file, bool os_lock); +>>>>>>> upstream/4.5.1 #endif /** PKCS11_LIBRARY_H_ @}*/ diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c index 9308e9c25..b7ca3538c 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_manager.c @@ -373,10 +373,14 @@ pkcs11_manager_t *pkcs11_manager_create(pkcs11_manager_token_event_t cb, free(entry); continue; } +<<<<<<< HEAD + entry->lib = pkcs11_library_create(module, entry->path); +======= entry->lib = pkcs11_library_create(module, entry->path, lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.modules.%s.os_locking", FALSE, module)); +>>>>>>> upstream/4.5.1 if (!entry->lib) { free(entry); diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c index 071d2f782..b02873870 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_plugin.c @@ -26,8 +26,11 @@ #include "pkcs11_public_key.h" #include "pkcs11_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "pkcs11"; +>>>>>>> upstream/4.5.1 typedef struct private_pkcs11_plugin_t private_pkcs11_plugin_t; /** @@ -148,6 +151,19 @@ plugin_t *pkcs11_plugin_create() if (lib->settings->get_bool(lib->settings, "libstrongswan.plugins.pkcs11.use_hasher", FALSE)) { +<<<<<<< HEAD + lib->crypto->add_hasher(lib->crypto, HASH_MD2, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_MD5, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)pkcs11_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, +======= lib->crypto->add_hasher(lib->crypto, HASH_MD2, plugin_name, (hasher_constructor_t)pkcs11_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_MD5, plugin_name, @@ -159,6 +175,7 @@ plugin_t *pkcs11_plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, (hasher_constructor_t)pkcs11_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)pkcs11_hasher_create); } diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index b4cc7a805..6d2c93c98 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -401,6 +401,20 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) }; CK_OBJECT_HANDLE object; CK_KEY_TYPE type; +<<<<<<< HEAD + CK_BBOOL reauth; + CK_ATTRIBUTE attr[] = { + {CKA_KEY_TYPE, &type, sizeof(type)}, + {CKA_ALWAYS_AUTHENTICATE, &reauth, sizeof(reauth)}, + {CKA_MODULUS, NULL, 0}, + {CKA_PUBLIC_EXPONENT, NULL, 0}, + }; + enumerator_t *enumerator; + chunk_t modulus, pubexp; + + enumerator = this->lib->create_object_enumerator(this->lib, + this->session, tmpl, countof(tmpl), attr, countof(attr)); +======= CK_BBOOL reauth = FALSE; CK_ATTRIBUTE attr[] = { {CKA_KEY_TYPE, &type, sizeof(type)}, @@ -419,18 +433,28 @@ static bool find_key(private_pkcs11_private_key_t *this, chunk_t keyid) } enumerator = this->lib->create_object_enumerator(this->lib, this->session, tmpl, countof(tmpl), attr, count); +>>>>>>> upstream/4.5.1 if (enumerator->enumerate(enumerator, &object)) { switch (type) { case CKK_RSA: +<<<<<<< HEAD + if (attr[2].ulValueLen == -1 || attr[3].ulValueLen == -1) +======= if (attr[1].ulValueLen == -1 || attr[2].ulValueLen == -1) +>>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "reading modulus/exponent from PKCS#1 failed"); break; } +<<<<<<< HEAD + modulus = chunk_create(attr[2].pValue, attr[2].ulValueLen); + pubexp = chunk_create(attr[3].pValue, attr[3].ulValueLen); +======= modulus = chunk_create(attr[1].pValue, attr[1].ulValueLen); pubexp = chunk_create(attr[2].pValue, attr[2].ulValueLen); +>>>>>>> upstream/4.5.1 this->pubkey = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_RSA, BUILD_RSA_MODULUS, modulus, BUILD_RSA_PUB_EXP, pubexp, BUILD_END); diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 473db5ccf..4429d9436 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -50,6 +50,17 @@ struct private_plugin_loader_t { linked_list_t *names; }; +<<<<<<< HEAD +#ifdef MONOLITHIC +/** + * load a single plugin in monolithic mode + */ +static plugin_t* load_plugin(private_plugin_loader_t *this, + char *path, char *name) +{ + char create[128]; + plugin_t *plugin; +======= /** * create a plugin * returns: NOT_FOUND, if the constructor was not found @@ -59,11 +70,36 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, char *name, bool integrity, plugin_t **plugin) { char create[128]; +>>>>>>> upstream/4.5.1 plugin_constructor_t constructor; if (snprintf(create, sizeof(create), "%s_plugin_create", name) >= sizeof(create)) { +<<<<<<< HEAD + return NULL; + } + translate(create, "-", "_"); + constructor = dlsym(RTLD_DEFAULT, create); + if (constructor == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, + create); + return NULL; + } + plugin = constructor(); + if (plugin == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, + create); + return NULL; + } + DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); + + return plugin; +} +#else +======= return FAILED; } translate(create, "-", "_"); @@ -95,12 +131,29 @@ static status_t create_plugin(private_plugin_loader_t *this, void *handle, return SUCCESS; } +>>>>>>> upstream/4.5.1 /** * load a single plugin */ static plugin_t* load_plugin(private_plugin_loader_t *this, char *path, char *name) { +<<<<<<< HEAD + char create[128]; + char file[PATH_MAX]; + void *handle; + plugin_t *plugin; + plugin_constructor_t constructor; + + if (snprintf(file, sizeof(file), "%s/libstrongswan-%s.so", path, + name) >= sizeof(file) || + snprintf(create, sizeof(create), "%s_plugin_create", + name) >= sizeof(create)) + { + return NULL; + } + translate(create, "-", "_"); +======= char file[PATH_MAX]; void *handle; plugin_t *plugin; @@ -121,6 +174,7 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, { return NULL; } +>>>>>>> upstream/4.5.1 if (lib->integrity) { if (!lib->integrity->check_file(lib->integrity, name, file)) @@ -136,6 +190,42 @@ static plugin_t* load_plugin(private_plugin_loader_t *this, DBG1(DBG_LIB, "plugin '%s' failed to load: %s", name, dlerror()); return NULL; } +<<<<<<< HEAD + constructor = dlsym(handle, create); + if (constructor == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s not found", name, + create); + dlclose(handle); + return NULL; + } + if (lib->integrity) + { + if (!lib->integrity->check_segment(lib->integrity, name, constructor)) + { + DBG1(DBG_LIB, "plugin '%s': failed segment integrity test", name); + dlclose(handle); + return NULL; + } + DBG1(DBG_LIB, "plugin '%s': passed file and segment integrity tests", + name); + } + plugin = constructor(); + if (plugin == NULL) + { + DBG1(DBG_LIB, "plugin '%s': failed to load - %s returned NULL", name, + create); + dlclose(handle); + return NULL; + } + DBG2(DBG_LIB, "plugin '%s': loaded successfully", name); + + /* we do not store or free dlopen() handles, leak_detective requires + * the modules to keep loaded until leak report */ + return plugin; +} +#endif +======= if (create_plugin(this, handle, name, TRUE, &plugin) != SUCCESS) { dlclose(handle); @@ -167,6 +257,7 @@ static bool plugin_loaded(private_plugin_loader_t *this, char *name) enumerator->destroy(enumerator); return found; } +>>>>>>> upstream/4.5.1 /** * Implementation of plugin_loader_t.load_plugins. @@ -177,10 +268,18 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) char *token; bool critical_failed = FALSE; +<<<<<<< HEAD +#ifndef MONOLITHIC +======= +>>>>>>> upstream/4.5.1 if (path == NULL) { path = PLUGINDIR; } +<<<<<<< HEAD +#endif +======= +>>>>>>> upstream/4.5.1 enumerator = enumerator_create_token(list, " ", " "); while (!critical_failed && enumerator->enumerate(enumerator, &token)) @@ -196,11 +295,14 @@ static bool load(private_plugin_loader_t *this, char *path, char *list) critical = TRUE; token[len-1] = '\0'; } +<<<<<<< HEAD +======= if (plugin_loaded(this, token)) { free(token); continue; } +>>>>>>> upstream/4.5.1 plugin = load_plugin(this, path, token); if (plugin) { diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 46349f9ba..bb2564238 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c index cc12217a4..3546c9bf9 100644 --- a/src/libstrongswan/plugins/pubkey/pubkey_plugin.c +++ b/src/libstrongswan/plugins/pubkey/pubkey_plugin.c @@ -31,8 +31,15 @@ struct private_pubkey_plugin_t { pubkey_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of pubkey_plugin_t.pubkeytroy + */ +static void destroy(private_pubkey_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_pubkey_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)pubkey_cert_wrap); @@ -44,6 +51,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *pubkey_plugin_create() { +<<<<<<< HEAD + private_pubkey_plugin_t *this = malloc_thing(private_pubkey_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_pubkey_plugin_t *this; INIT(this, @@ -53,6 +65,7 @@ plugin_t *pubkey_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_TRUSTED_PUBKEY, FALSE, (builder_function_t)pubkey_cert_wrap); diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index 21f8aff11..fbdf35170 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/random/random_plugin.c b/src/libstrongswan/plugins/random/random_plugin.c index cc5cb0a3c..f70998334 100644 --- a/src/libstrongswan/plugins/random/random_plugin.c +++ b/src/libstrongswan/plugins/random/random_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "random_rng.h" +<<<<<<< HEAD +======= static const char *plugin_name = "random"; +>>>>>>> upstream/4.5.1 typedef struct private_random_plugin_t private_random_plugin_t; /** @@ -33,8 +36,15 @@ struct private_random_plugin_t { random_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of random_plugin_t.gmptroy + */ +static void destroy(private_random_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_random_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_rng(lib->crypto, (rng_constructor_t)random_rng_create); @@ -46,6 +56,15 @@ METHOD(plugin_t, destroy, void, */ plugin_t *random_plugin_create() { +<<<<<<< HEAD + private_random_plugin_t *this = malloc_thing(private_random_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_rng(lib->crypto, RNG_STRONG, + (rng_constructor_t)random_rng_create); + lib->crypto->add_rng(lib->crypto, RNG_TRUE, +======= private_random_plugin_t *this; INIT(this, @@ -59,6 +78,7 @@ plugin_t *random_plugin_create() lib->crypto->add_rng(lib->crypto, RNG_STRONG, plugin_name, (rng_constructor_t)random_rng_create); lib->crypto->add_rng(lib->crypto, RNG_TRUE, plugin_name, +>>>>>>> upstream/4.5.1 (rng_constructor_t)random_rng_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 1d99a63d5..e4247a3cc 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -55,8 +55,16 @@ struct private_random_rng_t { char *file; }; +<<<<<<< HEAD +/** + * Implementation of random_rng_t.get_bytes. + */ +static void get_bytes(private_random_rng_t *this, size_t bytes, + u_int8_t *buffer) +======= METHOD(rng_t, get_bytes, void, private_random_rng_t *this, size_t bytes, u_int8_t *buffer) +>>>>>>> upstream/4.5.1 { size_t done; ssize_t got; @@ -78,15 +86,30 @@ METHOD(rng_t, get_bytes, void, } } +<<<<<<< HEAD +/** + * Implementation of random_rng_t.allocate_bytes. + */ +static void allocate_bytes(private_random_rng_t *this, size_t bytes, + chunk_t *chunk) +======= METHOD(rng_t, allocate_bytes, void, private_random_rng_t *this, size_t bytes, chunk_t *chunk) +>>>>>>> upstream/4.5.1 { *chunk = chunk_alloc(bytes); get_bytes(this, chunk->len, chunk->ptr); } +<<<<<<< HEAD +/** + * Implementation of random_rng_t.destroy. + */ +static void destroy(private_random_rng_t *this) +======= METHOD(rng_t, destroy, void, private_random_rng_t *this) +>>>>>>> upstream/4.5.1 { close(this->dev); free(this); @@ -97,6 +120,14 @@ METHOD(rng_t, destroy, void, */ random_rng_t *random_rng_create(rng_quality_t quality) { +<<<<<<< HEAD + private_random_rng_t *this = malloc_thing(private_random_rng_t); + + /* public functions */ + this->public.rng.get_bytes = (void (*) (rng_t *, size_t, u_int8_t*)) get_bytes; + this->public.rng.allocate_bytes = (void (*) (rng_t *, size_t, chunk_t*)) allocate_bytes; + this->public.rng.destroy = (void (*) (rng_t *))destroy; +======= private_random_rng_t *this; INIT(this, @@ -108,6 +139,7 @@ random_rng_t *random_rng_create(rng_quality_t quality) }, }, ); +>>>>>>> upstream/4.5.1 if (quality == RNG_TRUE) { diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 4ed4b9694..19ec1e719 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -223,7 +223,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -262,8 +268,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/revocation/revocation_validator.c b/src/libstrongswan/plugins/revocation/revocation_validator.c index def169275..dc8b849c7 100644 --- a/src/libstrongswan/plugins/revocation/revocation_validator.c +++ b/src/libstrongswan/plugins/revocation/revocation_validator.c @@ -93,13 +93,20 @@ static certificate_t *fetch_ocsp(char *url, certificate_t *subject, /** * check the signature of an OCSP response */ +<<<<<<< HEAD +static bool verify_ocsp(ocsp_response_t *response) +======= static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { certificate_t *issuer, *subject; identification_t *responder; ocsp_response_wrapper_t *wrapper; enumerator_t *enumerator; +<<<<<<< HEAD +======= auth_cfg_t *current; +>>>>>>> upstream/4.5.1 bool verified = FALSE; wrapper = ocsp_response_wrapper_create((ocsp_response_t*)response); @@ -109,16 +116,23 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) responder = subject->get_issuer(subject); enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, responder, FALSE); +<<<<<<< HEAD + while (enumerator->enumerate(enumerator, &issuer, NULL)) +======= while (enumerator->enumerate(enumerator, &issuer, ¤t)) +>>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, subject, issuer)) { DBG1(DBG_CFG, " ocsp response correctly signed by \"%Y\"", issuer->get_subject(issuer)); +<<<<<<< HEAD +======= if (auth) { auth->merge(auth, current, FALSE); } +>>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -134,8 +148,12 @@ static bool verify_ocsp(ocsp_response_t *response, auth_cfg_t *auth) * Get the better of two OCSP responses, and check for usable OCSP info */ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, +<<<<<<< HEAD + x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) +======= x509_t *subject, x509_t *issuer, cert_validation_t *valid, auth_cfg_t *auth, bool cache) +>>>>>>> upstream/4.5.1 { ocsp_response_t *response; time_t revocation, this_update, next_update, valid_until; @@ -145,7 +163,11 @@ static certificate_t *get_better_ocsp(certificate_t *cand, certificate_t *best, response = (ocsp_response_t*)cand; /* check ocsp signature */ +<<<<<<< HEAD + if (!verify_ocsp(response)) +======= if (!verify_ocsp(response, auth)) +>>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "ocsp response verification failed"); cand->destroy(cand); @@ -226,8 +248,12 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, while (enumerator->enumerate(enumerator, ¤t)) { current->get_ref(current); +<<<<<<< HEAD + best = get_better_ocsp(current, best, subject, issuer, &valid, FALSE); +======= best = get_better_ocsp(current, best, subject, issuer, &valid, auth, FALSE); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { DBG1(DBG_CFG, " using cached ocsp response"); @@ -254,7 +280,11 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, +<<<<<<< HEAD + &valid, TRUE); +======= &valid, auth, TRUE); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -276,7 +306,11 @@ static cert_validation_t check_ocsp(x509_t *subject, x509_t *issuer, if (current) { best = get_better_ocsp(current, best, subject, issuer, +<<<<<<< HEAD + &valid, TRUE); +======= &valid, auth, TRUE); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -330,25 +364,39 @@ static certificate_t* fetch_crl(char *url) /** * check the signature of an CRL */ +<<<<<<< HEAD +static bool verify_crl(certificate_t *crl) +======= static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { certificate_t *issuer; enumerator_t *enumerator; bool verified = FALSE; +<<<<<<< HEAD + + enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, + KEY_ANY, crl->get_issuer(crl), FALSE); + while (enumerator->enumerate(enumerator, &issuer, NULL)) +======= auth_cfg_t *current; enumerator = lib->credmgr->create_trusted_enumerator(lib->credmgr, KEY_ANY, crl->get_issuer(crl), FALSE); while (enumerator->enumerate(enumerator, &issuer, ¤t)) +>>>>>>> upstream/4.5.1 { if (lib->credmgr->issued_by(lib->credmgr, crl, issuer)) { DBG1(DBG_CFG, " crl correctly signed by \"%Y\"", issuer->get_subject(issuer)); +<<<<<<< HEAD +======= if (auth) { auth->merge(auth, current, FALSE); } +>>>>>>> upstream/4.5.1 verified = TRUE; break; } @@ -362,13 +410,23 @@ static bool verify_crl(certificate_t *crl, auth_cfg_t *auth) * Get the better of two CRLs, and check for usable CRL info */ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, +<<<<<<< HEAD + x509_t *subject, x509_t *issuer, cert_validation_t *valid, bool cache) +======= x509_t *subject, cert_validation_t *valid, auth_cfg_t *auth, bool cache, crl_t *base) +>>>>>>> upstream/4.5.1 { enumerator_t *enumerator; time_t revocation, valid_until; crl_reason_t reason; chunk_t serial; +<<<<<<< HEAD + crl_t *crl; + + /* check CRL signature */ + if (!verify_crl(cand)) +======= crl_t *crl = (crl_t*)cand; if (base) @@ -391,12 +449,17 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, /* check CRL signature */ if (!verify_crl(cand, auth)) +>>>>>>> upstream/4.5.1 { DBG1(DBG_CFG, "crl response verification failed"); cand->destroy(cand); return best; } +<<<<<<< HEAD + crl = (crl_t*)cand; +======= +>>>>>>> upstream/4.5.1 enumerator = crl->create_enumerator(crl); while (enumerator->enumerate(enumerator, &serial, &revocation, &reason)) { @@ -441,6 +504,81 @@ static certificate_t *get_better_crl(certificate_t *cand, certificate_t *best, } /** +<<<<<<< HEAD + * validate a x509 certificate using CRL + */ +static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, + auth_cfg_t *auth) +{ + cert_validation_t valid = VALIDATION_SKIPPED; + identification_t *keyid = NULL; + certificate_t *best = NULL; + certificate_t *current; + public_key_t *public; + enumerator_t *enumerator; + chunk_t chunk; + char *uri = NULL; + + /* derive the authorityKeyIdentifier from the issuer's public key */ + current = &issuer->interface; + public = current->get_public_key(current); + if (public && public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &chunk)) + { + keyid = identification_create_from_encoding(ID_KEY_ID, chunk); + + /* find a cached crl by authorityKeyIdentifier */ + enumerator = lib->credmgr->create_cert_enumerator(lib->credmgr, + CERT_X509_CRL, KEY_ANY, keyid, FALSE); + while (enumerator->enumerate(enumerator, ¤t)) + { + current->get_ref(current); + best = get_better_crl(current, best, subject, issuer, + &valid, FALSE); + if (best && valid != VALIDATION_STALE) + { + DBG1(DBG_CFG, " using cached crl"); + break; + } + } + enumerator->destroy(enumerator); + + /* fallback to fetching crls from credential sets cdps */ + if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) + { + enumerator = lib->credmgr->create_cdp_enumerator(lib->credmgr, + CERT_X509_CRL, keyid); + while (enumerator->enumerate(enumerator, &uri)) + { + current = fetch_crl(uri); + if (current) + { + best = get_better_crl(current, best, subject, issuer, + &valid, TRUE); + if (best && valid != VALIDATION_STALE) + { + break; + } + } + } + enumerator->destroy(enumerator); + } + keyid->destroy(keyid); + } + DESTROY_IF(public); + + /* fallback to fetching crls from cdps from subject's certificate */ + if (valid != VALIDATION_GOOD && valid != VALIDATION_REVOKED) + { + enumerator = subject->create_crl_uri_enumerator(subject); + + while (enumerator->enumerate(enumerator, &uri)) + { + current = fetch_crl(uri); + if (current) + { + best = get_better_crl(current, best, subject, issuer, + &valid, TRUE); +======= * Find or fetch a certificate for a given crlIssuer */ static cert_validation_t find_crl(x509_t *subject, identification_t *issuer, @@ -626,6 +764,7 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, } best = get_better_crl(current, best, subject, &valid, auth, TRUE, NULL); +>>>>>>> upstream/4.5.1 if (best && valid != VALIDATION_STALE) { break; @@ -635,6 +774,10 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, enumerator->destroy(enumerator); } +<<<<<<< HEAD + /* an uri was found, but no result. switch validation state to failed */ + if (valid == VALIDATION_SKIPPED && uri) +======= /* look for delta CRLs */ if (best && (valid == VALIDATION_GOOD || valid == VALIDATION_STALE)) { @@ -643,6 +786,7 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, /* an uri was found, but no result. switch validation state to failed */ if (valid == VALIDATION_SKIPPED && uri_found) +>>>>>>> upstream/4.5.1 { valid = VALIDATION_FAILED; } @@ -665,8 +809,12 @@ static cert_validation_t check_crl(x509_t *subject, x509_t *issuer, METHOD(cert_validator_t, validate, bool, private_revocation_validator_t *this, certificate_t *subject, +<<<<<<< HEAD + certificate_t *issuer, bool online, int pathlen, auth_cfg_t *auth) +======= certificate_t *issuer, bool online, u_int pathlen, bool anchor, auth_cfg_t *auth) +>>>>>>> upstream/4.5.1 { if (subject->get_type(subject) == CERT_X509 && issuer->get_type(issuer) == CERT_X509 && @@ -674,8 +822,12 @@ METHOD(cert_validator_t, validate, bool, { DBG1(DBG_CFG, "checking certificate status of \"%Y\"", subject->get_subject(subject)); +<<<<<<< HEAD + switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, auth)) +======= switch (check_ocsp((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) +>>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); @@ -693,8 +845,12 @@ METHOD(cert_validator_t, validate, bool, DBG1(DBG_CFG, "ocsp check failed, fallback to crl"); break; } +<<<<<<< HEAD + switch (check_crl((x509_t*)subject, (x509_t*)issuer, auth)) +======= switch (check_crl((x509_t*)subject, (x509_t*)issuer, pathlen ? NULL : auth)) +>>>>>>> upstream/4.5.1 { case VALIDATION_GOOD: DBG1(DBG_CFG, "certificate status is good"); diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 3d96f4339..95e4e403d 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/sha1/sha1_plugin.c b/src/libstrongswan/plugins/sha1/sha1_plugin.c index dda2cbc1a..fcb75dfa2 100644 --- a/src/libstrongswan/plugins/sha1/sha1_plugin.c +++ b/src/libstrongswan/plugins/sha1/sha1_plugin.c @@ -19,8 +19,11 @@ #include "sha1_hasher.h" #include "sha1_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "sha1"; +>>>>>>> upstream/4.5.1 typedef struct private_sha1_plugin_t private_sha1_plugin_t; /** @@ -34,8 +37,15 @@ struct private_sha1_plugin_t { sha1_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of sha1_plugin_t.destroy + */ +static void destroy(private_sha1_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sha1_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha1_hasher_create); @@ -49,6 +59,15 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha1_plugin_create() { +<<<<<<< HEAD + private_sha1_plugin_t *this = malloc_thing(private_sha1_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_SHA1, + (hasher_constructor_t)sha1_hasher_create); + lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, +======= private_sha1_plugin_t *this; INIT(this, @@ -62,6 +81,7 @@ plugin_t *sha1_plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA1, plugin_name, (hasher_constructor_t)sha1_hasher_create); lib->crypto->add_prf(lib->crypto, PRF_KEYED_SHA1, plugin_name, +>>>>>>> upstream/4.5.1 (prf_constructor_t)sha1_prf_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index fcbfa0c44..0dc56ac37 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -219,7 +219,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -258,8 +264,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/sha2/sha2_plugin.c b/src/libstrongswan/plugins/sha2/sha2_plugin.c index a5937dbb2..b47f07b8d 100644 --- a/src/libstrongswan/plugins/sha2/sha2_plugin.c +++ b/src/libstrongswan/plugins/sha2/sha2_plugin.c @@ -18,8 +18,11 @@ #include <library.h> #include "sha2_hasher.h" +<<<<<<< HEAD +======= static const char *plugin_name = "sha2"; +>>>>>>> upstream/4.5.1 typedef struct private_sha2_plugin_t private_sha2_plugin_t; /** @@ -33,8 +36,15 @@ struct private_sha2_plugin_t { sha2_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of sha2_plugin_t.destroy + */ +static void destroy(private_sha2_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sha2_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->crypto->remove_hasher(lib->crypto, (hasher_constructor_t)sha2_hasher_create); @@ -46,6 +56,19 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sha2_plugin_create() { +<<<<<<< HEAD + private_sha2_plugin_t *this = malloc_thing(private_sha2_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; + + lib->crypto->add_hasher(lib->crypto, HASH_SHA224, + (hasher_constructor_t)sha2_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA256, + (hasher_constructor_t)sha2_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA384, + (hasher_constructor_t)sha2_hasher_create); + lib->crypto->add_hasher(lib->crypto, HASH_SHA512, +======= private_sha2_plugin_t *this; INIT(this, @@ -63,6 +86,7 @@ plugin_t *sha2_plugin_create() lib->crypto->add_hasher(lib->crypto, HASH_SHA384, plugin_name, (hasher_constructor_t)sha2_hasher_create); lib->crypto->add_hasher(lib->crypto, HASH_SHA512, plugin_name, +>>>>>>> upstream/4.5.1 (hasher_constructor_t)sha2_hasher_create); return &this->public.plugin; diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index ae015d1a8..bf952acc5 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -222,7 +222,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -261,8 +267,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/sqlite/sqlite_database.c b/src/libstrongswan/plugins/sqlite/sqlite_database.c index f9e06199e..e1c51f098 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_database.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_database.c @@ -213,8 +213,15 @@ static bool sqlite_enumerator_enumerate(sqlite_enumerator_t *this, ...) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of database_t.query. + */ +static enumerator_t* query(private_sqlite_database_t *this, char *sql, ...) +======= METHOD(database_t, query, enumerator_t*, private_sqlite_database_t *this, char *sql, ...) +>>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; va_list args; @@ -246,8 +253,15 @@ METHOD(database_t, query, enumerator_t*, return (enumerator_t*)enumerator; } +<<<<<<< HEAD +/** + * Implementation of database_t.execute. + */ +static int execute(private_sqlite_database_t *this, int *rowid, char *sql, ...) +======= METHOD(database_t, execute, int, private_sqlite_database_t *this, int *rowid, char *sql, ...) +>>>>>>> upstream/4.5.1 { sqlite3_stmt *stmt; int affected = -1; @@ -279,8 +293,15 @@ METHOD(database_t, execute, int, return affected; } +<<<<<<< HEAD +/** + * Implementation of database_t.get_driver + */ +static db_driver_t get_driver(private_sqlite_database_t *this) +======= METHOD(database_t, get_driver, db_driver_t, private_sqlite_database_t *this) +>>>>>>> upstream/4.5.1 { return DB_SQLITE; } @@ -296,8 +317,15 @@ static int busy_handler(private_sqlite_database_t *this, int count) return 1; } +<<<<<<< HEAD +/** + * Implementation of database_t.destroy + */ +static void destroy(private_sqlite_database_t *this) +======= METHOD(database_t, destroy, void, private_sqlite_database_t *this) +>>>>>>> upstream/4.5.1 { sqlite3_close(this->db); this->mutex->destroy(this->mutex); @@ -321,6 +349,16 @@ sqlite_database_t *sqlite_database_create(char *uri) } file = uri + 9; +<<<<<<< HEAD + this = malloc_thing(private_sqlite_database_t); + + this->public.db.query = (enumerator_t* (*)(database_t *this, char *sql, ...))query; + this->public.db.execute = (int (*)(database_t *this, int *rowid, char *sql, ...))execute; + this->public.db.get_driver = (db_driver_t(*)(database_t*))get_driver; + this->public.db.destroy = (void(*)(database_t*))destroy; + + this->mutex = mutex_create(MUTEX_TYPE_RECURSIVE); +======= INIT(this, .public = { .db = { @@ -332,12 +370,17 @@ sqlite_database_t *sqlite_database_create(char *uri) }, .mutex = mutex_create(MUTEX_TYPE_RECURSIVE), ); +>>>>>>> upstream/4.5.1 if (sqlite3_open(file, &this->db) != SQLITE_OK) { DBG1(DBG_LIB, "opening SQLite database '%s' failed: %s", file, sqlite3_errmsg(this->db)); +<<<<<<< HEAD + destroy(this); +======= _destroy(this); +>>>>>>> upstream/4.5.1 return NULL; } diff --git a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c index e0b8e6ce1..e0bdf0634 100644 --- a/src/libstrongswan/plugins/sqlite/sqlite_plugin.c +++ b/src/libstrongswan/plugins/sqlite/sqlite_plugin.c @@ -31,8 +31,15 @@ struct private_sqlite_plugin_t { sqlite_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of plugin_t.destroy + */ +static void destroy(private_sqlite_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_sqlite_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->db->remove_database(lib->db, (database_constructor_t)sqlite_database_create); @@ -44,6 +51,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *sqlite_plugin_create() { +<<<<<<< HEAD + private_sqlite_plugin_t *this = malloc_thing(private_sqlite_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_sqlite_plugin_t *this; INIT(this, @@ -53,6 +65,7 @@ plugin_t *sqlite_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->db->add_database(lib->db, (database_constructor_t)sqlite_database_create); diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 9dccb05e3..651fb8a9f 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -227,7 +227,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -266,8 +272,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c index 176bc438d..c021ef67b 100644 --- a/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c +++ b/src/libstrongswan/plugins/test_vectors/test_vectors_plugin.c @@ -104,8 +104,15 @@ struct private_test_vectors_plugin_t { test_vectors_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of test_vectors_plugin_t.test_vectorstroy + */ +static void destroy(private_test_vectors_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_test_vectors_plugin_t *this) +>>>>>>> upstream/4.5.1 { free(this); } @@ -115,6 +122,12 @@ METHOD(plugin_t, destroy, void, */ plugin_t *test_vectors_plugin_create() { +<<<<<<< HEAD + private_test_vectors_plugin_t *this = malloc_thing(private_test_vectors_plugin_t); + int i; + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_test_vectors_plugin_t *this; int i; @@ -125,6 +138,7 @@ plugin_t *test_vectors_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 for (i = 0; i < countof(crypter); i++) { diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index 57deab98e..785d6441c 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -221,7 +221,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -260,8 +266,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/x509/x509_cert.c b/src/libstrongswan/plugins/x509/x509_cert.c index 526dbe8c6..0eabc8010 100644 --- a/src/libstrongswan/plugins/x509/x509_cert.c +++ b/src/libstrongswan/plugins/x509/x509_cert.c @@ -117,7 +117,11 @@ struct private_x509_cert_t { linked_list_t *subjectAltNames; /** +<<<<<<< HEAD + * List of crlDistributionPoints as allocated char* +======= * List of crlDistributionPoints as x509_cdp_t* +>>>>>>> upstream/4.5.1 */ linked_list_t *crl_uris; @@ -132,6 +136,8 @@ struct private_x509_cert_t { linked_list_t *ipAddrBlocks; /** +<<<<<<< HEAD +======= * List of permitted name constraints */ linked_list_t *permitted_names; @@ -152,6 +158,7 @@ struct private_x509_cert_t { linked_list_t *policy_mappings; /** +>>>>>>> upstream/4.5.1 * certificate's embedded public key */ public_key_t *public_key; @@ -174,6 +181,9 @@ struct private_x509_cert_t { /** * Path Length Constraint */ +<<<<<<< HEAD + int pathLenConstraint; +======= u_char pathLenConstraint; /** @@ -190,6 +200,7 @@ struct private_x509_cert_t { * inhibitAnyPolicy Constraint */ u_char inhibit_any; +>>>>>>> upstream/4.5.1 /** * x509 constraints and other flags @@ -222,6 +233,8 @@ static const chunk_t ASN1_subjectAltName_oid = chunk_from_chars( ); /** +<<<<<<< HEAD +======= * Destroy a CertificateDistributionPoint */ static void crl_uri_destroy(x509_cdp_t *this) @@ -269,6 +282,7 @@ static u_int parse_constraint(chunk_t object) } /** +>>>>>>> upstream/4.5.1 * ASN.1 definition of a basicConstraints extension */ static const asn1Object_t basicConstraintsObjects[] = { @@ -310,7 +324,19 @@ static void parse_basicConstraints(chunk_t blob, int level0, case BASIC_CONSTRAINTS_PATH_LEN: if (isCA) { +<<<<<<< HEAD + if (object.len == 0) + { + this->pathLenConstraint = 0; + } + else if (object.len == 1) + { + this->pathLenConstraint = *object.ptr; + } + /* we ignore path length constraints > 127 */ +======= this->pathLenConstraint = parse_constraint(object); +>>>>>>> upstream/4.5.1 } break; default: @@ -648,7 +674,11 @@ static void parse_authorityInfoAccess(chunk_t blob, int level0, } break; default: +<<<<<<< HEAD + /* unkown accessMethod, ignoring */ +======= /* unknown accessMethod, ignoring */ +>>>>>>> upstream/4.5.1 break; } break; @@ -663,6 +693,8 @@ end: } /** +<<<<<<< HEAD +======= * Extract KeyUsage flags */ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) @@ -717,6 +749,7 @@ static void parse_keyUsage(chunk_t blob, private_x509_cert_t *this) } /** +>>>>>>> upstream/4.5.1 * ASN.1 definition of a extendedKeyUsage extension */ static const asn1Object_t extendedKeyUsageObjects[] = { @@ -728,7 +761,11 @@ static const asn1Object_t extendedKeyUsageObjects[] = { #define EXT_KEY_USAGE_PURPOSE_ID 1 /** +<<<<<<< HEAD + * Extracts extendedKeyUsage OIDs - currently only OCSP_SIGING is returned +======= * Extracts extendedKeyUsage OIDs +>>>>>>> upstream/4.5.1 */ static void parse_extendedKeyUsage(chunk_t blob, int level0, private_x509_cert_t *this) @@ -777,11 +814,18 @@ static const asn1Object_t crlDistributionPointsObjects[] = { { 2, "end opt", ASN1_EOC, ASN1_END }, /* 7 */ { 2, "reasons", ASN1_CONTEXT_C_1, ASN1_OPT|ASN1_BODY }, /* 8 */ { 2, "end opt", ASN1_EOC, ASN1_END }, /* 9 */ +<<<<<<< HEAD + { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_BODY }, /* 10 */ +======= { 2, "crlIssuer", ASN1_CONTEXT_C_2, ASN1_OPT|ASN1_OBJ }, /* 10 */ +>>>>>>> upstream/4.5.1 { 2, "end opt", ASN1_EOC, ASN1_END }, /* 11 */ { 0, "end loop", ASN1_EOC, ASN1_END }, /* 12 */ { 0, "exit", ASN1_EOC, ASN1_EXIT } }; +<<<<<<< HEAD +#define CRL_DIST_POINTS_FULLNAME 3 +======= #define CRL_DIST_POINTS 1 #define CRL_DIST_POINTS_FULLNAME 3 #define CRL_DIST_POINTS_ISSUER 10 @@ -830,10 +874,21 @@ static void add_cdps(linked_list_t *list, linked_list_t *uris, id->destroy(id); } } +>>>>>>> upstream/4.5.1 /** * Extracts one or several crlDistributionPoints into a list */ +<<<<<<< HEAD +static void parse_crlDistributionPoints(chunk_t blob, int level0, + private_x509_cert_t *this) +{ + asn1_parser_t *parser; + chunk_t object; + int objectID; + linked_list_t *list = linked_list_create(); + +======= void x509_parse_crlDistributionPoints(chunk_t blob, int level0, linked_list_t *list) { @@ -844,11 +899,36 @@ void x509_parse_crlDistributionPoints(chunk_t blob, int level0, uris = linked_list_create(); issuers = linked_list_create(); +>>>>>>> upstream/4.5.1 parser = asn1_parser_create(crlDistributionPointsObjects, blob); parser->set_top_level(parser, level0); while (parser->iterate(parser, &objectID, &object)) { +<<<<<<< HEAD + if (objectID == CRL_DIST_POINTS_FULLNAME) + { + identification_t *id; + + /* append extracted generalNames to existing chained list */ + x509_parse_generalNames(object, parser->get_level(parser)+1, + TRUE, list); + + while (list->remove_last(list, (void**)&id) == SUCCESS) + { + char *uri; + + if (asprintf(&uri, "%Y", id) > 0) + { + this->crl_uris->insert_last(this->crl_uris, uri); + } + id->destroy(id); + } + } + } + parser->destroy(parser); + list->destroy(list); +======= switch (objectID) { case CRL_DIST_POINTS: @@ -1099,6 +1179,7 @@ static void parse_policyConstraints(chunk_t blob, int level0, } } parser->destroy(parser); +>>>>>>> upstream/4.5.1 } /** @@ -1293,6 +1374,14 @@ static const asn1Object_t certObjects[] = { #define X509_OBJ_SIGNATURE 25 /** +<<<<<<< HEAD + * forward declaration + */ +static bool issued_by(private_x509_cert_t *this, certificate_t *issuer); + +/** +======= +>>>>>>> upstream/4.5.1 * Parses an X.509v3 certificate */ static bool parse_certificate(private_x509_cert_t *this) @@ -1392,8 +1481,12 @@ static bool parse_certificate(private_x509_cert_t *this) parse_basicConstraints(object, level, this); break; case OID_CRL_DISTRIBUTION_POINTS: +<<<<<<< HEAD + parse_crlDistributionPoints(object, level, this); +======= x509_parse_crlDistributionPoints(object, level, this->crl_uris); +>>>>>>> upstream/4.5.1 break; case OID_AUTHORITY_KEY_ID: this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, @@ -1403,7 +1496,11 @@ static bool parse_certificate(private_x509_cert_t *this) parse_authorityInfoAccess(object, level, this); break; case OID_KEY_USAGE: +<<<<<<< HEAD + /* TODO parse the flags */ +======= parse_keyUsage(object, this); +>>>>>>> upstream/4.5.1 break; case OID_EXTENDED_KEY_USAGE: parse_extendedKeyUsage(object, level, this); @@ -1411,6 +1508,8 @@ static bool parse_certificate(private_x509_cert_t *this) case OID_IP_ADDR_BLOCKS: parse_ipAddrBlocks(object, level, this); break; +<<<<<<< HEAD +======= case OID_NAME_CONSTRAINTS: parse_nameConstraints(object, level, this); break; @@ -1431,6 +1530,7 @@ static bool parse_certificate(private_x509_cert_t *this) } this->inhibit_any = parse_constraint(object); break; +>>>>>>> upstream/4.5.1 case OID_NS_REVOCATION_URL: case OID_NS_CA_REVOCATION_URL: case OID_NS_CA_POLICY_URL: @@ -1443,9 +1543,15 @@ static bool parse_certificate(private_x509_cert_t *this) break; default: if (critical && lib->settings->get_bool(lib->settings, +<<<<<<< HEAD + "libstrongswan.plugins.x509.enforce_critical", FALSE)) + { + DBG1(DBG_LIB, "critical %s extension not supported", +======= "libstrongswan.x509.enforce_critical", TRUE)) { DBG1(DBG_LIB, "critical '%s' extension not supported", +>>>>>>> upstream/4.5.1 (extn_oid == OID_UNKNOWN) ? "unknown" : (char*)oid_names[extn_oid].name); goto end; @@ -1478,9 +1584,13 @@ end: hasher_t *hasher; /* check if the certificate is self-signed */ +<<<<<<< HEAD + if (issued_by(this, &this->public.interface.interface)) +======= if (this->public.interface.interface.issued_by( &this->public.interface.interface, &this->public.interface.interface)) +>>>>>>> upstream/4.5.1 { this->flags |= X509_SELF_SIGNED; } @@ -1497,26 +1607,54 @@ end: return success; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_type + */ +static certificate_type_t get_type(private_x509_cert_t *this) +======= METHOD(certificate_t, get_type, certificate_type_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return CERT_X509; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_subject + */ +static identification_t* get_subject(private_x509_cert_t *this) +======= METHOD(certificate_t, get_subject, identification_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->subject; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_issuer + */ +static identification_t* get_issuer(private_x509_cert_t *this) +======= METHOD(certificate_t, get_issuer, identification_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->issuer; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.has_subject. + */ +static id_match_t has_subject(private_x509_cert_t *this, identification_t *subject) +======= METHOD(certificate_t, has_subject, id_match_t, private_x509_cert_t *this, identification_t *subject) +>>>>>>> upstream/4.5.1 { identification_t *current; enumerator_t *enumerator; @@ -1557,15 +1695,29 @@ METHOD(certificate_t, has_subject, id_match_t, return best; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.has_issuer. + */ +static id_match_t has_issuer(private_x509_cert_t *this, identification_t *issuer) +======= METHOD(certificate_t, has_issuer, id_match_t, private_x509_cert_t *this, identification_t *issuer) +>>>>>>> upstream/4.5.1 { /* issuerAltNames currently not supported */ return this->issuer->matches(this->issuer, issuer); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.issued_by. + */ +static bool issued_by(private_x509_cert_t *this, certificate_t *issuer) +======= METHOD(certificate_t, issued_by, bool, private_x509_cert_t *this, certificate_t *issuer) +>>>>>>> upstream/4.5.1 { public_key_t *key; signature_scheme_t scheme; @@ -1612,13 +1764,44 @@ METHOD(certificate_t, issued_by, bool, return valid; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_public_key + */ +static public_key_t* get_public_key(private_x509_cert_t *this) +======= METHOD(certificate_t, get_public_key, public_key_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { this->public_key->get_ref(this->public_key); return this->public_key; } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_ref + */ +static private_x509_cert_t* get_ref(private_x509_cert_t *this) +{ + ref_get(&this->ref); + return this; +} + +/** + * Implementation of x509_cert_t.get_flags. + */ +static x509_flag_t get_flags(private_x509_cert_t *this) +{ + return this->flags; +} + +/** + * Implementation of x509_cert_t.get_validity. + */ +static bool get_validity(private_x509_cert_t *this, time_t *when, + time_t *not_before, time_t *not_after) +======= METHOD(certificate_t, get_ref, certificate_t*, private_x509_cert_t *this) { @@ -1629,6 +1812,7 @@ METHOD(certificate_t, get_ref, certificate_t*, METHOD(certificate_t, get_validity, bool, private_x509_cert_t *this, time_t *when, time_t *not_before, time_t *not_after) +>>>>>>> upstream/4.5.1 { time_t t = when ? *when : time(NULL); @@ -1643,8 +1827,16 @@ METHOD(certificate_t, get_validity, bool, return (t >= this->notBefore && t <= this->notAfter); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.get_encoding. + */ +static bool get_encoding(private_x509_cert_t *this, cred_encoding_type_t type, + chunk_t *encoding) +======= METHOD(certificate_t, get_encoding, bool, private_x509_cert_t *this, cred_encoding_type_t type, chunk_t *encoding) +>>>>>>> upstream/4.5.1 { if (type == CERT_ASN1_DER) { @@ -1655,8 +1847,15 @@ METHOD(certificate_t, get_encoding, bool, CRED_PART_X509_ASN1_DER, this->encoding, CRED_PART_END); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.equals. + */ +static bool equals(private_x509_cert_t *this, certificate_t *other) +======= METHOD(certificate_t, equals, bool, private_x509_cert_t *this, certificate_t *other) +>>>>>>> upstream/4.5.1 { chunk_t encoding; bool equal; @@ -1682,6 +1881,12 @@ METHOD(certificate_t, equals, bool, return equal; } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_serial. + */ +static chunk_t get_serial(private_x509_cert_t *this) +======= METHOD(x509_t, get_flags, x509_flag_t, private_x509_cert_t *this) { @@ -1690,12 +1895,20 @@ METHOD(x509_t, get_flags, x509_flag_t, METHOD(x509_t, get_serial, chunk_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->serialNumber; } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_subjectKeyIdentifier. + */ +static chunk_t get_subjectKeyIdentifier(private_x509_cert_t *this) +======= METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { if (this->subjectKeyIdentifier.ptr) { @@ -1717,12 +1930,33 @@ METHOD(x509_t, get_subjectKeyIdentifier, chunk_t, } } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_authKeyIdentifier. + */ +static chunk_t get_authKeyIdentifier(private_x509_cert_t *this) +======= METHOD(x509_t, get_authKeyIdentifier, chunk_t, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->authKeyIdentifier; } +<<<<<<< HEAD +/** + * Implementation of x509_t.get_pathLenConstraint. + */ +static int get_pathLenConstraint(private_x509_cert_t *this) +{ + return this->pathLenConstraint; +} + +/** + * Implementation of x509_cert_t.create_subjectAltName_enumerator. + */ +static enumerator_t* create_subjectAltName_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, get_constraint, u_int, private_x509_cert_t *this, x509_constraint_t type) { @@ -1743,28 +1977,56 @@ METHOD(x509_t, get_constraint, u_int, METHOD(x509_t, create_subjectAltName_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->subjectAltNames->create_enumerator(this->subjectAltNames); } +<<<<<<< HEAD +/** + * Implementation of x509_cert_t.create_ocsp_uri_enumerator. + */ +static enumerator_t* create_ocsp_uri_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, create_ocsp_uri_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->ocsp_uris->create_enumerator(this->ocsp_uris); } +<<<<<<< HEAD +/** + * Implementation of x509_cert_t.create_crl_uri_enumerator. + */ +static enumerator_t* create_crl_uri_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, create_crl_uri_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->crl_uris->create_enumerator(this->crl_uris); } +<<<<<<< HEAD +/** + * Implementation of x509_cert_t.create_ipAddrBlock_enumerator. + */ +static enumerator_t* create_ipAddrBlock_enumerator(private_x509_cert_t *this) +======= METHOD(x509_t, create_ipAddrBlock_enumerator, enumerator_t*, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { return this->ipAddrBlocks->create_enumerator(this->ipAddrBlocks); } +<<<<<<< HEAD +/** + * Implementation of certificate_t.destroy. + */ +static void destroy(private_x509_cert_t *this) +======= METHOD(x509_t, create_name_constraint_enumerator, enumerator_t*, private_x509_cert_t *this, bool perm) { @@ -1789,11 +2051,17 @@ METHOD(x509_t, create_policy_mapping_enumerator, enumerator_t*, METHOD(certificate_t, destroy, void, private_x509_cert_t *this) +>>>>>>> upstream/4.5.1 { if (ref_put(&this->ref)) { this->subjectAltNames->destroy_offset(this->subjectAltNames, offsetof(identification_t, destroy)); +<<<<<<< HEAD + this->crl_uris->destroy_function(this->crl_uris, free); + this->ocsp_uris->destroy_function(this->ocsp_uris, free); + this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, offsetof(traffic_selector_t, destroy)); +======= this->crl_uris->destroy_function(this->crl_uris, (void*)crl_uri_destroy); this->ocsp_uris->destroy_function(this->ocsp_uris, free); this->ipAddrBlocks->destroy_offset(this->ipAddrBlocks, @@ -1806,6 +2074,7 @@ METHOD(certificate_t, destroy, void, (void*)cert_policy_destroy); this->policy_mappings->destroy_function(this->policy_mappings, (void*)policy_mapping_destroy); +>>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); DESTROY_IF(this->subject); DESTROY_IF(this->public_key); @@ -1827,6 +2096,56 @@ METHOD(certificate_t, destroy, void, */ static private_x509_cert_t* create_empty(void) { +<<<<<<< HEAD + private_x509_cert_t *this = malloc_thing(private_x509_cert_t); + + this->public.interface.interface.get_type = (certificate_type_t (*) (certificate_t*))get_type; + this->public.interface.interface.get_subject = (identification_t* (*) (certificate_t*))get_subject; + this->public.interface.interface.get_issuer = (identification_t* (*) (certificate_t*))get_issuer; + this->public.interface.interface.has_subject = (id_match_t (*) (certificate_t*, identification_t*))has_subject; + this->public.interface.interface.has_issuer = (id_match_t (*) (certificate_t*, identification_t*))has_issuer; + this->public.interface.interface.issued_by = (bool (*) (certificate_t*, certificate_t*))issued_by; + this->public.interface.interface.get_public_key = (public_key_t* (*) (certificate_t*))get_public_key; + this->public.interface.interface.get_validity = (bool (*) (certificate_t*, time_t*, time_t*, time_t*))get_validity; + this->public.interface.interface.get_encoding = (bool (*) (certificate_t*,cred_encoding_type_t,chunk_t*))get_encoding; + this->public.interface.interface.equals = (bool (*)(certificate_t*, certificate_t*))equals; + this->public.interface.interface.get_ref = (certificate_t* (*)(certificate_t*))get_ref; + this->public.interface.interface.destroy = (void (*)(certificate_t*))destroy; + this->public.interface.get_flags = (x509_flag_t (*)(x509_t*))get_flags; + this->public.interface.get_serial = (chunk_t (*)(x509_t*))get_serial; + this->public.interface.get_subjectKeyIdentifier = (chunk_t (*)(x509_t*))get_subjectKeyIdentifier; + this->public.interface.get_authKeyIdentifier = (chunk_t (*)(x509_t*))get_authKeyIdentifier; + this->public.interface.get_pathLenConstraint = (int (*)(x509_t*))get_pathLenConstraint; + this->public.interface.create_subjectAltName_enumerator = (enumerator_t* (*)(x509_t*))create_subjectAltName_enumerator; + this->public.interface.create_crl_uri_enumerator = (enumerator_t* (*)(x509_t*))create_crl_uri_enumerator; + this->public.interface.create_ocsp_uri_enumerator = (enumerator_t* (*)(x509_t*))create_ocsp_uri_enumerator; + this->public.interface.create_ipAddrBlock_enumerator = (enumerator_t* (*)(x509_t*))create_ipAddrBlock_enumerator; + + this->encoding = chunk_empty; + this->encoding_hash = chunk_empty; + this->tbsCertificate = chunk_empty; + this->version = 1; + this->serialNumber = chunk_empty; + this->notBefore = 0; + this->notAfter = 0; + this->public_key = NULL; + this->subject = NULL; + this->issuer = NULL; + this->subjectAltNames = linked_list_create(); + this->crl_uris = linked_list_create(); + this->ocsp_uris = linked_list_create(); + this->ipAddrBlocks = linked_list_create(); + this->subjectKeyIdentifier = chunk_empty; + this->authKeyIdentifier = chunk_empty; + this->authKeySerialNumber = chunk_empty; + this->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + this->algorithm = 0; + this->signature = chunk_empty; + this->flags = 0; + this->ref = 1; + this->parsed = FALSE; + +======= private_x509_cert_t *this; INIT(this, @@ -1875,10 +2194,13 @@ static private_x509_cert_t* create_empty(void) .inhibit_any = X509_NO_CONSTRAINT, .ref = 1, ); +>>>>>>> upstream/4.5.1 return this; } /** +<<<<<<< HEAD +======= * Build a generalName from an id */ chunk_t build_generalName(identification_t *id) @@ -1909,11 +2231,16 @@ chunk_t build_generalName(identification_t *id) } /** +>>>>>>> upstream/4.5.1 * Encode a linked list of subjectAltNames */ chunk_t x509_build_subjectAltNames(linked_list_t *list) { +<<<<<<< HEAD + chunk_t subjectAltNames = chunk_empty; +======= chunk_t subjectAltNames = chunk_empty, name; +>>>>>>> upstream/4.5.1 enumerator_t *enumerator; identification_t *id; @@ -1925,7 +2252,33 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) enumerator = list->create_enumerator(list); while (enumerator->enumerate(enumerator, &id)) { +<<<<<<< HEAD + int context; + chunk_t name; + + switch (id->get_type(id)) + { + case ID_RFC822_ADDR: + context = ASN1_CONTEXT_S_1; + break; + case ID_FQDN: + context = ASN1_CONTEXT_S_2; + break; + case ID_IPV4_ADDR: + case ID_IPV6_ADDR: + context = ASN1_CONTEXT_S_7; + break; + default: + DBG1(DBG_LIB, "encoding %N as subjectAltName not supported", + id_type_names, id->get_type(id)); + enumerator->destroy(enumerator); + free(subjectAltNames.ptr); + return chunk_empty; + } + name = asn1_wrap(context, "c", id->get_encoding(id)); +======= name = build_generalName(id); +>>>>>>> upstream/4.5.1 subjectAltNames = chunk_cat("mm", subjectAltNames, name); } enumerator->destroy(enumerator); @@ -1939,6 +2292,8 @@ chunk_t x509_build_subjectAltNames(linked_list_t *list) } /** +<<<<<<< HEAD +======= * Encode CRL distribution points extension from a x509_cdp_t list */ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) @@ -1980,6 +2335,7 @@ chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn) } /** +>>>>>>> upstream/4.5.1 * Generate and sign a new certificate */ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, @@ -1987,6 +2343,14 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t extensions = chunk_empty, extendedKeyUsage = chunk_empty; chunk_t serverAuth = chunk_empty, clientAuth = chunk_empty; +<<<<<<< HEAD + chunk_t ocspSigning = chunk_empty; + chunk_t basicConstraints = chunk_empty; + chunk_t keyUsage = chunk_empty; + chunk_t subjectAltNames = chunk_empty; + chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; + chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; +======= chunk_t ocspSigning = chunk_empty, certPolicies = chunk_empty; chunk_t basicConstraints = chunk_empty, nameConstraints = chunk_empty; chunk_t keyUsage = chunk_empty, keyUsageBits = chunk_empty; @@ -1994,6 +2358,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, chunk_t subjectKeyIdentifier = chunk_empty, authKeyIdentifier = chunk_empty; chunk_t crlDistributionPoints = chunk_empty, authorityInfoAccess = chunk_empty; chunk_t policyConstraints = chunk_empty, inhibitAnyPolicy = chunk_empty; +>>>>>>> upstream/4.5.1 identification_t *issuer, *subject; chunk_t key_info; signature_scheme_t scheme; @@ -2047,8 +2412,34 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, /* encode subjectAltNames */ subjectAltNames = x509_build_subjectAltNames(cert->subjectAltNames); +<<<<<<< HEAD + /* encode CRL distribution points extension */ + enumerator = cert->crl_uris->create_enumerator(cert->crl_uris); + while (enumerator->enumerate(enumerator, &uri)) + { + chunk_t distributionPoint; + + distributionPoint = asn1_wrap(ASN1_SEQUENCE, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_CONTEXT_S_6, "c", + chunk_create(uri, strlen(uri)))))); + + crlDistributionPoints = chunk_cat("mm", crlDistributionPoints, + distributionPoint); + } + enumerator->destroy(enumerator); + if (crlDistributionPoints.ptr) + { + crlDistributionPoints = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_CRL_DISTRIBUTION_POINTS), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_SEQUENCE, "m", crlDistributionPoints))); + } +======= crlDistributionPoints = x509_build_crlDistributionPoints(cert->crl_uris, OID_CRL_DISTRIBUTION_POINTS); +>>>>>>> upstream/4.5.1 /* encode OCSP URIs in authorityInfoAccess extension */ enumerator = cert->ocsp_uris->create_enumerator(cert->ocsp_uris); @@ -2077,10 +2468,18 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, { chunk_t pathLenConstraint = chunk_empty; +<<<<<<< HEAD + if (cert->pathLenConstraint != X509_NO_PATH_LEN_CONSTRAINT) + { + char pathlen = (char)cert->pathLenConstraint; + + pathLenConstraint = asn1_integer("c", chunk_from_thing(pathlen)); +======= if (cert->pathLenConstraint != X509_NO_CONSTRAINT) { pathLenConstraint = asn1_integer("c", chunk_from_thing(cert->pathLenConstraint)); +>>>>>>> upstream/4.5.1 } basicConstraints = asn1_wrap(ASN1_SEQUENCE, "mmm", asn1_build_known_oid(OID_BASIC_CONSTRAINTS), @@ -2091,6 +2490,15 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), pathLenConstraint))); +<<<<<<< HEAD + keyUsage = asn1_wrap(ASN1_SEQUENCE, "mmm", + asn1_build_known_oid(OID_KEY_USAGE), + asn1_wrap(ASN1_BOOLEAN, "c", + chunk_from_chars(0xFF)), + asn1_wrap(ASN1_OCTET_STRING, "m", + asn1_wrap(ASN1_BIT_STRING, "c", + chunk_from_chars(0x01, 0x06)))); +======= /* set CertificateSign and implicitly CRLsign */ keyUsageBits = chunk_from_chars(0x01, 0x06); } @@ -2105,6 +2513,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_BOOLEAN, "c", chunk_from_chars(0xFF)), asn1_wrap(ASN1_OCTET_STRING, "m", asn1_wrap(ASN1_BIT_STRING, "c", keyUsageBits))); +>>>>>>> upstream/4.5.1 } /* add serverAuth extendedKeyUsage flag */ @@ -2133,7 +2542,11 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, } /* add subjectKeyIdentifier to CA and OCSP signer certificates */ +<<<<<<< HEAD + if (cert->flags & (X509_CA | X509_OCSP_SIGNER)) +======= if (cert->flags & (X509_CA | X509_OCSP_SIGNER | X509_CRL_SIGN)) +>>>>>>> upstream/4.5.1 { chunk_t keyid; @@ -2161,6 +2574,17 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, asn1_wrap(ASN1_CONTEXT_S_0, "c", keyid)))); } } +<<<<<<< HEAD + if (basicConstraints.ptr || subjectAltNames.ptr || authKeyIdentifier.ptr || + crlDistributionPoints.ptr) + { + extensions = asn1_wrap(ASN1_CONTEXT_C_3, "m", + asn1_wrap(ASN1_SEQUENCE, "mmmmmmmm", + basicConstraints, keyUsage, subjectKeyIdentifier, + authKeyIdentifier, subjectAltNames, + extendedKeyUsage, crlDistributionPoints, + authorityInfoAccess)); +======= if (cert->permitted_names->get_count(cert->permitted_names) || cert->excluded_names->get_count(cert->excluded_names)) @@ -2308,6 +2732,7 @@ static bool generate(private_x509_cert_t *cert, certificate_t *sign_cert, extendedKeyUsage, crlDistributionPoints, authorityInfoAccess, nameConstraints, certPolicies, policyMappings, policyConstraints, inhibitAnyPolicy)); +>>>>>>> upstream/4.5.1 } cert->tbsCertificate = asn1_wrap(ASN1_SEQUENCE, "mmmcmcmm", @@ -2390,7 +2815,10 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) certificate_t *sign_cert = NULL; private_key_t *sign_key = NULL; hash_algorithm_t digest_alg = HASH_SHA1; +<<<<<<< HEAD +======= u_int constraint; +>>>>>>> upstream/4.5.1 cert = create_empty(); while (TRUE) @@ -2434,6 +2862,15 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) { enumerator_t *enumerator; linked_list_t *list; +<<<<<<< HEAD + char *uri; + + list = va_arg(args, linked_list_t*); + enumerator = list->create_enumerator(list); + while (enumerator->enumerate(enumerator, &uri)) + { + cert->crl_uris->insert_last(cert->crl_uris, strdup(uri)); +======= x509_cdp_t *in, *cdp; list = va_arg(args, linked_list_t*); @@ -2445,6 +2882,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) .issuer = in->issuer ? in->issuer->clone(in->issuer) : NULL, ); cert->crl_uris->insert_last(cert->crl_uris, cdp); +>>>>>>> upstream/4.5.1 } enumerator->destroy(enumerator); continue; @@ -2465,6 +2903,13 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) continue; } case BUILD_PATHLEN: +<<<<<<< HEAD + cert->pathLenConstraint = va_arg(args, int); + if (cert->pathLenConstraint < 0 || cert->pathLenConstraint > 127) + { + cert->pathLenConstraint = X509_NO_PATH_LEN_CONSTRAINT; + } +======= constraint = va_arg(args, u_int); cert->pathLenConstraint = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; @@ -2555,6 +3000,7 @@ x509_cert_t *x509_cert_gen(certificate_type_t type, va_list args) constraint = va_arg(args, u_int); cert->inhibit_any = (constraint < 128) ? constraint : X509_NO_CONSTRAINT; +>>>>>>> upstream/4.5.1 continue; case BUILD_NOT_BEFORE_TIME: cert->notBefore = va_arg(args, time_t); diff --git a/src/libstrongswan/plugins/x509/x509_crl.c b/src/libstrongswan/plugins/x509/x509_crl.c index 758505ab5..3e62681f5 100644 --- a/src/libstrongswan/plugins/x509/x509_crl.c +++ b/src/libstrongswan/plugins/x509/x509_crl.c @@ -100,11 +100,14 @@ struct private_x509_crl_t { linked_list_t *revoked; /** +<<<<<<< HEAD +======= * List of Freshest CRL distribution points */ linked_list_t *crl_uris; /** +>>>>>>> upstream/4.5.1 * Authority Key Identifier */ chunk_t authKeyIdentifier; @@ -115,11 +118,14 @@ struct private_x509_crl_t { chunk_t authKeySerialNumber; /** +<<<<<<< HEAD +======= * Number of BaseCRL, if a delta CRL */ chunk_t baseCrlNumber; /** +>>>>>>> upstream/4.5.1 * Signature algorithm */ int algorithm; @@ -143,6 +149,11 @@ struct private_x509_crl_t { /** * from x509_cert */ +<<<<<<< HEAD +extern chunk_t x509_parse_authorityKeyIdentifier( + chunk_t blob, int level0, + chunk_t *authKeySerialNumber); +======= extern chunk_t x509_parse_authorityKeyIdentifier(chunk_t blob, int level0, chunk_t *authKeySerialNumber); @@ -156,6 +167,7 @@ extern void x509_parse_crlDistributionPoints(chunk_t blob, int level0, * from x509_cert */ extern chunk_t x509_build_crlDistributionPoints(linked_list_t *list, int extn); +>>>>>>> upstream/4.5.1 /** * ASN.1 definition of an X.509 certificate revocation list @@ -226,7 +238,11 @@ static bool parse(private_x509_crl_t *this) int objectID; int sig_alg = OID_UNKNOWN; bool success = FALSE; +<<<<<<< HEAD + bool critical; +======= bool critical = FALSE; +>>>>>>> upstream/4.5.1 revoked_t *revoked = NULL; parser = asn1_parser_create(crlObjects, this->encoding); @@ -278,6 +294,28 @@ static bool parse(private_x509_crl_t *this) break; case CRL_OBJ_CRL_ENTRY_EXTN_VALUE: case CRL_OBJ_EXTN_VALUE: +<<<<<<< HEAD + { + int extn_oid = asn1_known_oid(extnID); + + if (revoked && extn_oid == OID_CRL_REASON_CODE) + { + if (*object.ptr == ASN1_ENUMERATED && + asn1_length(&object) == 1) + { + revoked->reason = *object.ptr; + } + DBG2(DBG_LIB, " '%N'", crl_reason_names, + revoked->reason); + } + else if (extn_oid == OID_AUTHORITY_KEY_ID) + { + this->authKeyIdentifier = x509_parse_authorityKeyIdentifier(object, + level, &this->authKeySerialNumber); + } + else if (extn_oid == OID_CRL_NUMBER) + { +======= { int extn_oid = asn1_known_oid(extnID); @@ -301,12 +339,18 @@ static bool parse(private_x509_crl_t *this) object, level, &this->authKeySerialNumber); break; case OID_CRL_NUMBER: +>>>>>>> upstream/4.5.1 if (!asn1_parse_simple_object(&object, ASN1_INTEGER, level, "crlNumber")) { goto end; } this->crlNumber = object; +<<<<<<< HEAD + } + } + break; +======= break; case OID_FRESHEST_CRL: x509_parse_crlDistributionPoints(object, level, @@ -333,6 +377,7 @@ static bool parse(private_x509_crl_t *this) } break; } +>>>>>>> upstream/4.5.1 case CRL_OBJ_ALGORITHM: { this->algorithm = asn1_parse_algorithmIdentifier(object, level, NULL); @@ -390,6 +435,8 @@ METHOD(crl_t, get_authKeyIdentifier, chunk_t, return this->authKeyIdentifier; } +<<<<<<< HEAD +======= METHOD(crl_t, is_delta_crl, bool, private_x509_crl_t *this, chunk_t *base_crl) { @@ -410,6 +457,7 @@ METHOD(crl_t, create_delta_crl_uri_enumerator, enumerator_t*, return this->crl_uris->create_enumerator(this->crl_uris); } +>>>>>>> upstream/4.5.1 METHOD(crl_t, create_enumerator, enumerator_t*, private_x509_crl_t *this) { @@ -454,7 +502,11 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } +<<<<<<< HEAD + if (!(x509->get_flags(x509) & X509_CA)) +======= if (!(x509->get_flags(x509) & (X509_CA | X509_CRL_SIGN))) +>>>>>>> upstream/4.5.1 { return FALSE; } @@ -567,6 +619,8 @@ static void revoked_destroy(revoked_t *revoked) free(revoked); } +<<<<<<< HEAD +======= /** * Destroy a CDP entry */ @@ -577,20 +631,27 @@ static void cdp_destroy(x509_cdp_t *this) free(this); } +>>>>>>> upstream/4.5.1 METHOD(certificate_t, destroy, void, private_x509_crl_t *this) { if (ref_put(&this->ref)) { this->revoked->destroy_function(this->revoked, (void*)revoked_destroy); +<<<<<<< HEAD +======= this->crl_uris->destroy_function(this->crl_uris, (void*)cdp_destroy); +>>>>>>> upstream/4.5.1 DESTROY_IF(this->issuer); free(this->authKeyIdentifier.ptr); free(this->encoding.ptr); if (this->generated) { free(this->crlNumber.ptr); +<<<<<<< HEAD +======= free(this->baseCrlNumber.ptr); +>>>>>>> upstream/4.5.1 free(this->signature.ptr); free(this->tbsCertList.ptr); } @@ -624,13 +685,19 @@ static private_x509_crl_t* create_empty(void) }, .get_serial = _get_serial, .get_authKeyIdentifier = _get_authKeyIdentifier, +<<<<<<< HEAD +======= .is_delta_crl = _is_delta_crl, .create_delta_crl_uri_enumerator = _create_delta_crl_uri_enumerator, +>>>>>>> upstream/4.5.1 .create_enumerator = _create_enumerator, }, }, .revoked = linked_list_create(), +<<<<<<< HEAD +======= .crl_uris = linked_list_create(), +>>>>>>> upstream/4.5.1 .ref = 1, ); return this; @@ -699,7 +766,10 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, private_key_t *key, hash_algorithm_t digest_alg) { chunk_t extensions = chunk_empty, certList = chunk_empty, serial; +<<<<<<< HEAD +======= chunk_t crlDistributionPoints = chunk_empty, baseCrlNumber = chunk_empty; +>>>>>>> upstream/4.5.1 enumerator_t *enumerator; crl_reason_t reason; time_t date; @@ -707,7 +777,11 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, x509 = (x509_t*)cert; +<<<<<<< HEAD + this->issuer = cert->get_issuer(cert); +======= this->issuer = cert->get_subject(cert); +>>>>>>> upstream/4.5.1 this->issuer = this->issuer->clone(this->issuer); this->authKeyIdentifier = chunk_clone(x509->get_subjectKeyIdentifier(x509)); @@ -742,6 +816,10 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, } enumerator->destroy(enumerator); +<<<<<<< HEAD + extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", + asn1_wrap(ASN1_SEQUENCE, "mm", +======= crlDistributionPoints = x509_build_crlDistributionPoints(this->crl_uris, OID_FRESHEST_CRL); @@ -757,6 +835,7 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, extensions = asn1_wrap(ASN1_CONTEXT_C_0, "m", asn1_wrap(ASN1_SEQUENCE, "mmmm", +>>>>>>> upstream/4.5.1 asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", @@ -766,8 +845,14 @@ static bool generate(private_x509_crl_t *this, certificate_t *cert, asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_CRL_NUMBER), asn1_wrap(ASN1_OCTET_STRING, "m", +<<<<<<< HEAD + asn1_integer("c", this->crlNumber)) + ) + )); +======= asn1_integer("c", this->crlNumber))), crlDistributionPoints, baseCrlNumber)); +>>>>>>> upstream/4.5.1 this->tbsCertList = asn1_wrap(ASN1_SEQUENCE, "cmcmmmm", ASN1_INTEGER_1, @@ -830,6 +915,8 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) case BUILD_REVOKED_ENUMERATOR: read_revoked(crl, va_arg(args, enumerator_t*)); continue; +<<<<<<< HEAD +======= case BUILD_BASE_CRL: crl->baseCrlNumber = va_arg(args, chunk_t); crl->baseCrlNumber = chunk_clone(crl->baseCrlNumber); @@ -853,6 +940,7 @@ x509_crl_t *x509_crl_gen(certificate_type_t type, va_list args) enumerator->destroy(enumerator); continue; } +>>>>>>> upstream/4.5.1 case BUILD_END: break; default: diff --git a/src/libstrongswan/plugins/x509/x509_plugin.c b/src/libstrongswan/plugins/x509/x509_plugin.c index d40cc3567..a3c071f12 100644 --- a/src/libstrongswan/plugins/x509/x509_plugin.c +++ b/src/libstrongswan/plugins/x509/x509_plugin.c @@ -36,8 +36,15 @@ struct private_x509_plugin_t { x509_plugin_t public; }; +<<<<<<< HEAD +/** + * Implementation of x509_plugin_t.x509troy + */ +static void destroy(private_x509_plugin_t *this) +======= METHOD(plugin_t, destroy, void, private_x509_plugin_t *this) +>>>>>>> upstream/4.5.1 { lib->creds->remove_builder(lib->creds, (builder_function_t)x509_cert_gen); @@ -67,6 +74,11 @@ METHOD(plugin_t, destroy, void, */ plugin_t *x509_plugin_create() { +<<<<<<< HEAD + private_x509_plugin_t *this = malloc_thing(private_x509_plugin_t); + + this->public.plugin.destroy = (void(*)(plugin_t*))destroy; +======= private_x509_plugin_t *this; INIT(this, @@ -76,6 +88,7 @@ plugin_t *x509_plugin_create() }, }, ); +>>>>>>> upstream/4.5.1 lib->creds->add_builder(lib->creds, CRED_CERTIFICATE, CERT_X509, FALSE, (builder_function_t)x509_cert_gen); diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 06d7a2121..22b3c9543 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -220,7 +220,13 @@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ ipsecdir = @ipsecdir@ +<<<<<<< HEAD +ipsecgid = @ipsecgid@ ipsecgroup = @ipsecgroup@ +ipsecuid = @ipsecuid@ +======= +ipsecgroup = @ipsecgroup@ +>>>>>>> upstream/4.5.1 ipsecuser = @ipsecuser@ libcharon_plugins = @libcharon_plugins@ libdir = @libdir@ @@ -259,8 +265,11 @@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ scripts_plugins = @scripts_plugins@ sharedstatedir = @sharedstatedir@ +<<<<<<< HEAD +======= soup_CFLAGS = @soup_CFLAGS@ soup_LIBS = @soup_LIBS@ +>>>>>>> upstream/4.5.1 srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ diff --git a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c index 65e88335c..19d5a03fe 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc_plugin.c +++ b/src/libstrongswan/plugins/xcbc/xcbc_plugin.c @@ -19,8 +19,11 @@ #include "xcbc_signer.h" #include "xcbc_prf.h" +<<<<<<< HEAD +======= static const char *plugin_name = "xcbc"; +>>>>>>> upstream/4.5.1 typedef struct private_xcbc_plugin_t private_xcbc_plugin_t; /** @@ -50,7 +53,10 @@ METHOD(plugin_t, destroy, void, plugin_t *xcbc_plugin_create() { private_xcbc_plugin_t *this; +<<<<<<< HEAD +======= crypter_t *crypter; +>>>>>>> upstream/4.5.1 INIT(this, .public = { @@ -60,6 +66,17 @@ plugin_t *xcbc_plugin_create() }, ); +<<<<<<< HEAD + lib->crypto->add_prf(lib->crypto, PRF_AES128_XCBC, + (prf_constructor_t)xcbc_prf_create); + lib->crypto->add_prf(lib->crypto, PRF_CAMELLIA128_XCBC, + (prf_constructor_t)xcbc_prf_create); + lib->crypto->add_signer(lib->crypto, AUTH_AES_XCBC_96, + (signer_constructor_t)xcbc_signer_create); + lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, + (signer_constructor_t)xcbc_signer_create); + +======= crypter = lib->crypto->create_crypter(lib->crypto, ENCR_AES_CBC, 16); if (crypter) { @@ -78,6 +95,7 @@ plugin_t *xcbc_plugin_create() lib->crypto->add_signer(lib->crypto, AUTH_CAMELLIA_XCBC_96, plugin_name, (signer_constructor_t)xcbc_signer_create); } +>>>>>>> upstream/4.5.1 return &this->public.plugin; } diff --git a/src/libstrongswan/printf_hook.c b/src/libstrongswan/printf_hook.c index 7e7045d69..1f57ffcce 100644 --- a/src/libstrongswan/printf_hook.c +++ b/src/libstrongswan/printf_hook.c @@ -377,8 +377,15 @@ int vstr_wrapper_vasprintf(char **str, const char *format, va_list args) } #endif +<<<<<<< HEAD +/** + * Implementation of printf_hook_t.add_handler. + */ +static void add_handler(private_printf_hook_t *this, char spec, +======= METHOD(printf_hook_t, add_handler, void, private_printf_hook_t *this, char spec, +>>>>>>> upstream/4.5.1 printf_hook_function_t hook, ...) { int i = -1; @@ -437,8 +444,15 @@ METHOD(printf_hook_t, add_handler, void, } } +<<<<<<< HEAD +/** + * Implementation of printf_hook_t.destroy + */ +static void destroy(private_printf_hook_t *this) +======= METHOD(printf_hook_t, destroy, void, private_printf_hook_t *this) +>>>>>>> upstream/4.5.1 { int i; #ifdef USE_VSTR @@ -473,6 +487,12 @@ METHOD(printf_hook_t, destroy, void, */ printf_hook_t *printf_hook_create() { +<<<<<<< HEAD + private_printf_hook_t *this = malloc_thing(private_printf_hook_t); + + this->public.add_handler = (void(*)(printf_hook_t*, char, printf_hook_function_t, ...))add_handler; + this->public.destroy = (void(*)(printf_hook_t*))destroy; +======= private_printf_hook_t *this; INIT(this, @@ -481,6 +501,7 @@ printf_hook_t *printf_hook_create() .destroy = _destroy, }, ); +>>>>>>> upstream/4.5.1 memset(printf_hooks, 0, sizeof(printf_hooks)); diff --git a/src/libstrongswan/processing/processor.c b/src/libstrongswan/processing/processor.c index 723aec908..6c0d9aa84 100644 --- a/src/libstrongswan/processing/processor.c +++ b/src/libstrongswan/processing/processor.c @@ -248,7 +248,11 @@ static void destroy(private_processor_t *this) /* * Described in header. */ +<<<<<<< HEAD +processor_t *processor_create(size_t pool_size) +======= processor_t *processor_create() +>>>>>>> upstream/4.5.1 { private_processor_t *this = malloc_thing(private_processor_t); diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index 32da194ef..f675f51f1 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -393,15 +393,23 @@ static bool equals(private_traffic_selector_t *this, private_traffic_selector_t switch (this->type) { case TS_IPV4_ADDR_RANGE: +<<<<<<< HEAD + if (memeq(this->from4, other->from4, sizeof(this->from4))) +======= if (memeq(this->from4, other->from4, sizeof(this->from4)) && memeq(this->to4, other->to4, sizeof(this->to4))) +>>>>>>> upstream/4.5.1 { return TRUE; } break; case TS_IPV6_ADDR_RANGE: +<<<<<<< HEAD + if (memeq(this->from6, other->from6, sizeof(this->from6))) +======= if (memeq(this->from6, other->from6, sizeof(this->from6)) && memeq(this->to6, other->to6, sizeof(this->to6))) +>>>>>>> upstream/4.5.1 { return TRUE; } diff --git a/src/libstrongswan/settings.c b/src/libstrongswan/settings.c index bd279f51d..c16c6a1f1 100644 --- a/src/libstrongswan/settings.c +++ b/src/libstrongswan/settings.c @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -19,17 +22,24 @@ #include <stdarg.h> #include <stdio.h> #include <errno.h> +<<<<<<< HEAD +======= #include <limits.h> #include <glob.h> #include <libgen.h> +>>>>>>> upstream/4.5.1 #include "settings.h" #include "debug.h" #include "utils/linked_list.h" +<<<<<<< HEAD + +======= #include "threading/rwlock.h" #define MAX_INCLUSION_LEVEL 10 +>>>>>>> upstream/4.5.1 typedef struct private_settings_t private_settings_t; typedef struct section_t section_t; @@ -51,6 +61,11 @@ struct private_settings_t { section_t *top; /** +<<<<<<< HEAD + * allocated file text + */ + char *text; +======= * contents of loaded files and in-memory settings (char*) */ linked_list_t *contents; @@ -59,6 +74,7 @@ struct private_settings_t { * lock to safely access the settings */ rwlock_t *lock; +>>>>>>> upstream/4.5.1 }; /** @@ -99,6 +115,8 @@ struct kv_t { }; /** +<<<<<<< HEAD +======= * create a key/value pair */ static kv_t *kv_create(char *key, char *value) @@ -162,6 +180,7 @@ static bool kv_find(kv_t *this, char *key) } /** +>>>>>>> upstream/4.5.1 * Print a format key, but consume already processed arguments */ static bool print_key(char *buf, int len, char *start, char *key, va_list args) @@ -210,6 +229,16 @@ static bool print_key(char *buf, int len, char *start, char *key, va_list args) } /** +<<<<<<< HEAD + * find a section by a given key, using buffered key, reusable buffer + */ +static section_t *find_section_buffered(section_t *section, + char *start, char *key, va_list args, char *buf, int len) +{ + char *pos; + enumerator_t *enumerator; + section_t *current, *found = NULL; +======= * Find a section by a given key, using buffered key, reusable buffer. * If "ensure" is TRUE, the sections are created if they don't exist. */ @@ -219,6 +248,7 @@ static section_t *find_section_buffered(section_t *section, { char *pos; section_t *found = NULL; +>>>>>>> upstream/4.5.1 if (section == NULL) { @@ -234,6 +264,21 @@ static section_t *find_section_buffered(section_t *section, { return NULL; } +<<<<<<< HEAD + enumerator = section->sections->create_enumerator(section->sections); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(current->name, buf)) + { + found = current; + break; + } + } + enumerator->destroy(enumerator); + if (found && pos) + { + return find_section_buffered(found, start, pos, args, buf, len); +======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -247,11 +292,19 @@ static section_t *find_section_buffered(section_t *section, if (found && pos) { return find_section_buffered(found, start, pos, args, buf, len, ensure); +>>>>>>> upstream/4.5.1 } return found; } /** +<<<<<<< HEAD + * find a section by a given key + */ +static section_t *find_section(section_t *section, char *key, va_list args) +{ + char buf[128], keybuf[512]; +======= * Find a section by a given key (thread-safe). */ static section_t *find_section(private_settings_t *this, section_t *section, @@ -259,11 +312,27 @@ static section_t *find_section(private_settings_t *this, section_t *section, { char buf[128], keybuf[512]; section_t *found; +>>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } +<<<<<<< HEAD + return find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); +} + +/** + * Find the string value for a key, using buffered key, reusable buffer + */ +static char *find_value_buffered(section_t *section, + char *start, char *key, va_list args, char *buf, int len) +{ + char *pos, *value = NULL; + enumerator_t *enumerator; + kv_t *kv; + section_t *current, *found = NULL; +======= this->lock->read_lock(this->lock); found = find_section_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -303,6 +372,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, char *pos; kv_t *kv = NULL; section_t *found = NULL; +>>>>>>> upstream/4.5.1 if (section == NULL) { @@ -319,6 +389,22 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } +<<<<<<< HEAD + enumerator = section->sections->create_enumerator(section->sections); + while (enumerator->enumerate(enumerator, ¤t)) + { + if (streq(current->name, buf)) + { + found = current; + break; + } + } + enumerator->destroy(enumerator); + if (found) + { + return find_value_buffered(found, start, pos, args, buf, len); + } +======= if (section->sections->find_first(section->sections, (linked_list_match_t)section_find, (void**)&found, buf) != SUCCESS) @@ -332,6 +418,7 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, } return find_value_buffered(found, start, pos, args, buf, len, ensure); +>>>>>>> upstream/4.5.1 } else { @@ -339,6 +426,28 @@ static kv_t *find_value_buffered(section_t *section, char *start, char *key, { return NULL; } +<<<<<<< HEAD + enumerator = section->kv->create_enumerator(section->kv); + while (enumerator->enumerate(enumerator, &kv)) + { + if (streq(kv->key, buf)) + { + value = kv->value; + break; + } + } + enumerator->destroy(enumerator); + } + return value; +} + +/** + * Find the string value for a key + */ +static char *find_value(section_t *section, char *key, va_list args) +{ + char buf[128], keybuf[512]; +======= if (section->kv->find_first(section->kv, (linked_list_match_t)kv_find, (void**)&kv, buf) != SUCCESS) { @@ -360,11 +469,21 @@ static char *find_value(private_settings_t *this, section_t *section, { char buf[128], keybuf[512], *value = NULL; kv_t *kv; +>>>>>>> upstream/4.5.1 if (snprintf(keybuf, sizeof(keybuf), "%s", key) >= sizeof(keybuf)) { return NULL; } +<<<<<<< HEAD + return find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf)); +} + +/** + * Implementation of settings_t.get. + */ +static char* get_str(private_settings_t *this, char *key, char *def, ...) +======= this->lock->read_lock(this->lock); kv = find_value_buffered(section, keybuf, keybuf, args, buf, sizeof(buf), FALSE); @@ -413,12 +532,17 @@ static void set_value(private_settings_t *this, section_t *section, METHOD(settings_t, get_str, char*, private_settings_t *this, char *key, char *def, ...) +>>>>>>> upstream/4.5.1 { char *value; va_list args; va_start(args, def); +<<<<<<< HEAD + value = find_value(this->top, key, args); +======= value = find_value(this, this->top, key, args); +>>>>>>> upstream/4.5.1 va_end(args); if (value) { @@ -428,6 +552,31 @@ METHOD(settings_t, get_str, char*, } /** +<<<<<<< HEAD + * Implementation of settings_t.get_bool. + */ +static bool get_bool(private_settings_t *this, char *key, bool def, ...) +{ + char *value; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); + if (value) + { + if (strcaseeq(value, "true") || + strcaseeq(value, "enabled") || + strcaseeq(value, "yes") || + strcaseeq(value, "1")) + { + return TRUE; + } + else if (strcaseeq(value, "false") || + strcaseeq(value, "disabled") || + strcaseeq(value, "no") || + strcaseeq(value, "0")) +======= * Described in header */ inline bool settings_value_as_bool(char *value, bool def) @@ -445,6 +594,7 @@ inline bool settings_value_as_bool(char *value, bool def) strcaseeq(value, "no") || strcaseeq(value, "false") || strcaseeq(value, "disabled")) +>>>>>>> upstream/4.5.1 { return FALSE; } @@ -452,6 +602,20 @@ inline bool settings_value_as_bool(char *value, bool def) return def; } +<<<<<<< HEAD +/** + * Implementation of settings_t.get_int. + */ +static int get_int(private_settings_t *this, char *key, int def, ...) +{ + char *value; + int intval; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); +======= METHOD(settings_t, get_bool, bool, private_settings_t *this, char *key, bool def, ...) { @@ -470,6 +634,7 @@ METHOD(settings_t, get_bool, bool, inline int settings_value_as_int(char *value, int def) { int intval; +>>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -482,6 +647,20 @@ inline int settings_value_as_int(char *value, int def) return def; } +<<<<<<< HEAD +/** + * Implementation of settings_t.get_double. + */ +static double get_double(private_settings_t *this, char *key, double def, ...) +{ + char *value; + double dval; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); +======= METHOD(settings_t, get_int, int, private_settings_t *this, char *key, int def, ...) { @@ -500,6 +679,7 @@ METHOD(settings_t, get_int, int, inline double settings_value_as_double(char *value, double def) { double dval; +>>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -512,6 +692,20 @@ inline double settings_value_as_double(char *value, double def) return def; } +<<<<<<< HEAD +/** + * Implementation of settings_t.get_time. + */ +static u_int32_t get_time(private_settings_t *this, char *key, u_int32_t def, ...) +{ + char *value, *endptr; + u_int32_t timeval; + va_list args; + + va_start(args, def); + value = find_value(this->top, key, args); + va_end(args); +======= METHOD(settings_t, get_double, double, private_settings_t *this, char *key, double def, ...) { @@ -531,6 +725,7 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) { char *endptr; u_int32_t timeval; +>>>>>>> upstream/4.5.1 if (value) { errno = 0; @@ -549,7 +744,11 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) timeval *= 60; break; case 's': /* time in seconds */ +<<<<<<< HEAD + default: +======= default: +>>>>>>> upstream/4.5.1 break; } return timeval; @@ -558,6 +757,8 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) return def; } +<<<<<<< HEAD +======= METHOD(settings_t, get_time, u_int32_t, private_settings_t *this, char *key, u_int32_t def, ...) { @@ -627,6 +828,7 @@ METHOD(settings_t, set_time, void, va_end(args); } +>>>>>>> upstream/4.5.1 /** * Enumerate section names, not sections */ @@ -636,24 +838,42 @@ static bool section_filter(void *null, section_t **in, char **out) return TRUE; } +<<<<<<< HEAD +/** + * Implementation of settings_t.create_section_enumerator + */ +static enumerator_t* create_section_enumerator(private_settings_t *this, + char *key, ...) +======= METHOD(settings_t, create_section_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) +>>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); +<<<<<<< HEAD + section = find_section(this->top, key, args); +======= section = find_section(this, this->top, key, args); +>>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } +<<<<<<< HEAD + return enumerator_create_filter( + section->sections->create_enumerator(section->sections), + (void*)section_filter, NULL, NULL); +======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->sections->create_enumerator(section->sections), (void*)section_filter, this->lock, (void*)this->lock->unlock); +>>>>>>> upstream/4.5.1 } /** @@ -667,24 +887,53 @@ static bool kv_filter(void *null, kv_t **in, char **key, return TRUE; } +<<<<<<< HEAD +/** + * Implementation of settings_t.create_key_value_enumerator + */ +static enumerator_t* create_key_value_enumerator(private_settings_t *this, + char *key, ...) +======= METHOD(settings_t, create_key_value_enumerator, enumerator_t*, private_settings_t *this, char *key, ...) +>>>>>>> upstream/4.5.1 { section_t *section; va_list args; va_start(args, key); +<<<<<<< HEAD + section = find_section(this->top, key, args); +======= section = find_section(this, this->top, key, args); +>>>>>>> upstream/4.5.1 va_end(args); if (!section) { return enumerator_create_empty(); } +<<<<<<< HEAD + return enumerator_create_filter( + section->kv->create_enumerator(section->kv), + (void*)kv_filter, NULL, NULL); +} + +/** + * destroy a section + */ +static void section_destroy(section_t *this) +{ + this->kv->destroy_function(this->kv, free); + this->sections->destroy_function(this->sections, (void*)section_destroy); + + free(this); +======= this->lock->read_lock(this->lock); return enumerator_create_filter( section->kv->create_enumerator(section->kv), (void*)kv_filter, this->lock, (void*)this->lock->unlock); +>>>>>>> upstream/4.5.1 } /** @@ -762,6 +1011,26 @@ static char parse(char **text, char *skip, char *term, char *br, char **token) } /** +<<<<<<< HEAD + * Parse a section + */ +static section_t* parse_section(char **text, char *name) +{ + section_t *sub, *section; + bool finished = FALSE; + char *key, *value, *inner; + + static int lev = 0; + lev++; + + section = malloc_thing(section_t); + section->name = name; + section->sections = linked_list_create(); + section->kv = linked_list_create(); + + while (!finished) + { +======= * Check if "text" starts with "pattern". * Characters in "skip" are skipped first. If found, TRUE is returned and "text" * is modified to point to the character right after "pattern". @@ -832,11 +1101,20 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } continue; } +>>>>>>> upstream/4.5.1 switch (parse(text, "\t\n ", "{=#", NULL, &key)) { case '{': if (parse(text, "\t ", "}", "{", &inner)) { +<<<<<<< HEAD + sub = parse_section(&inner, key); + if (sub) + { + section->sections->insert_last(section->sections, sub); + continue; + } +======= section_t *sub; if (!strlen(key)) { @@ -866,12 +1144,19 @@ static bool parse_section(linked_list_t *contents, char *file, int level, } DBG1(DBG_LIB, "parsing subsection '%s' failed", key); break; +>>>>>>> upstream/4.5.1 } DBG1(DBG_LIB, "matching '}' not found near %s", *text); break; case '=': if (parse(text, "\t ", "\n", NULL, &value)) { +<<<<<<< HEAD + kv_t *kv = malloc_thing(kv_t); + kv->key = key; + kv->value = value; + section->kv->insert_last(section->kv, kv); +======= kv_t *kv; if (!strlen(key)) { @@ -890,6 +1175,7 @@ static bool parse_section(linked_list_t *contents, char *file, int level, { /* replace with the most recently read value */ kv->value = value; } +>>>>>>> upstream/4.5.1 continue; } DBG1(DBG_LIB, "parsing value failed near %s", *text); @@ -901,6 +1187,80 @@ static bool parse_section(linked_list_t *contents, char *file, int level, finished = TRUE; continue; } +<<<<<<< HEAD + section_destroy(section); + return NULL; + } + return section; +} + +/** + * Implementation of settings_t.destroy + */ +static void destroy(private_settings_t *this) +{ + if (this->top) + { + section_destroy(this->top); + } + free(this->text); + free(this); +} + +/* + * see header file + */ +settings_t *settings_create(char *file) +{ + private_settings_t *this; + char *pos; + FILE *fd; + int len; + + this = malloc_thing(private_settings_t); + this->public.get_str = (char*(*)(settings_t*, char *key, char* def, ...))get_str; + this->public.get_int = (int(*)(settings_t*, char *key, int def, ...))get_int; + this->public.get_double = (double(*)(settings_t*, char *key, double def, ...))get_double; + this->public.get_time = (u_int32_t(*)(settings_t*, char *key, u_int32_t def, ...))get_time; + this->public.get_bool = (bool(*)(settings_t*, char *key, bool def, ...))get_bool; + this->public.create_section_enumerator = (enumerator_t*(*)(settings_t*,char *section, ...))create_section_enumerator; + this->public.create_key_value_enumerator = (enumerator_t*(*)(settings_t*, char *key, ...))create_key_value_enumerator; + this->public.destroy = (void(*)(settings_t*))destroy; + + this->top = NULL; + this->text = NULL; + + if (file == NULL) + { + file = STRONGSWAN_CONF; + } + fd = fopen(file, "r"); + if (fd == NULL) + { + DBG1(DBG_LIB, "'%s' does not exist or is not readable", file); + return &this->public; + } + fseek(fd, 0, SEEK_END); + len = ftell(fd); + rewind(fd); + this->text = malloc(len + 1); + this->text[len] = '\0'; + if (fread(this->text, 1, len, fd) != len) + { + free(this->text); + this->text = NULL; + return &this->public; + } + fclose(fd); + + pos = this->text; + this->top = parse_section(&pos, NULL); + if (this->top == NULL) + { + free(this->text); + this->text = NULL; + } +======= return FALSE; } return TRUE; @@ -1167,6 +1527,7 @@ settings_t *settings_create(char *file) load_files(this, file); +>>>>>>> upstream/4.5.1 return &this->public; } diff --git a/src/libstrongswan/settings.h b/src/libstrongswan/settings.h index bc3df3706..9da217630 100644 --- a/src/libstrongswan/settings.h +++ b/src/libstrongswan/settings.h @@ -1,5 +1,8 @@ /* +<<<<<<< HEAD +======= * Copyright (C) 2010 Tobias Brunner +>>>>>>> upstream/4.5.1 * Copyright (C) 2008 Martin Willi * Hochschule fuer Technik Rapperswil * @@ -28,6 +31,16 @@ typedef struct settings_t settings_t; #include "utils/enumerator.h" /** +<<<<<<< HEAD + * Generic configuration options read from a config file. + * + * The syntax is quite simple: + * + * settings := (section|keyvalue)* + * section := name { settings } + * keyvalue := key = value\n + * +======= * Convert a string value returned by a key/value enumerator to a boolean. * * @see settings_t.create_key_value_enumerator() @@ -76,6 +89,7 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * section := name { settings } * keyvalue := key = value\n * @endcode +>>>>>>> upstream/4.5.1 * E.g.: * @code a = b @@ -95,6 +109,8 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); * * Currently only a limited set of printf format specifiers are supported * (namely %s, %d and %N, see implementation for details). +<<<<<<< HEAD +======= * * \section includes Including other files * Other files can be included, using the include statement e.g. @@ -140,6 +156,7 @@ u_int32_t settings_value_as_time(char *value, u_int32_t def); section-two { } @endcode +>>>>>>> upstream/4.5.1 */ struct settings_t { @@ -194,6 +211,8 @@ struct settings_t { u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...); /** +<<<<<<< HEAD +======= * Set a string value. * * @param key key including sections, printf style format @@ -239,6 +258,7 @@ struct settings_t { void (*set_time)(settings_t *this, char *key, u_int32_t value, ...); /** +>>>>>>> upstream/4.5.1 * Create an enumerator over subsection names of a section. * * @param section section including parents, printf style format @@ -252,13 +272,19 @@ struct settings_t { * Create an enumerator over key/value pairs in a section. * * @param section section name to list key/value pairs of, printf style +<<<<<<< HEAD + * @param ... argmuent list for section +======= * @param ... argument list for section +>>>>>>> upstream/4.5.1 * @return enumerator over (char *key, char *value) */ enumerator_t* (*create_key_value_enumerator)(settings_t *this, char *section, ...); /** +<<<<<<< HEAD +======= * Load settings from the files matching the given pattern. * * Existing sections are extended, existing values replaced, by those found @@ -293,6 +319,7 @@ struct settings_t { char *section, ...); /** +>>>>>>> upstream/4.5.1 * Destroy a settings instance. */ void (*destroy)(settings_t *this); diff --git a/src/libstrongswan/utils.c b/src/libstrongswan/utils.c index 2ab061a74..357858c9e 100644 --- a/src/libstrongswan/utils.c +++ b/src/libstrongswan/utils.c @@ -247,6 +247,8 @@ bool return_false() } /** +<<<<<<< HEAD +======= * returns FAILED */ status_t return_failed() @@ -255,6 +257,7 @@ status_t return_failed() } /** +>>>>>>> upstream/4.5.1 * nop operation */ void nop() diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index ed61895ee..e07af53aa 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -57,7 +57,11 @@ #define streq(x,y) (strcmp(x, y) == 0) /** +<<<<<<< HEAD + * Macro compares two strings for equality +======= * Macro compares two strings for equality, length limited +>>>>>>> upstream/4.5.1 */ #define strneq(x,y,len) (strncmp(x, y, len) == 0) @@ -67,6 +71,8 @@ #define strcaseeq(x,y) (strcasecmp(x, y) == 0) /** +<<<<<<< HEAD +======= * Macro compares two strings for equality ignoring case, length limited */ #define strncaseeq(x,y,len) (strncasecmp(x, y, len) == 0) @@ -77,6 +83,7 @@ #define strdupnull(x) ({ char *_x = x; _x ? strdup(_x) : NULL; }) /** +>>>>>>> upstream/4.5.1 * Macro compares two binary blobs for equality */ #define memeq(x,y,len) (memcmp(x, y, len) == 0) @@ -392,11 +399,14 @@ bool return_true(); bool return_false(); /** +<<<<<<< HEAD +======= * returns FAILED */ status_t return_failed(); /** +>>>>>>> upstream/4.5.1 * Write a 16-bit host order value in network order to an unaligned address. * * @param host host order 16-bit value diff --git a/src/libstrongswan/utils/backtrace.c b/src/libstrongswan/utils/backtrace.c index 41224e8c2..5f1318b9a 100644 --- a/src/libstrongswan/utils/backtrace.c +++ b/src/libstrongswan/utils/backtrace.c @@ -132,11 +132,18 @@ static void log_(private_backtrace_t *this, FILE *file, bool detailed) /** * Implementation of backtrace_t.contains_function */ +<<<<<<< HEAD +static bool contains_function(private_backtrace_t *this, char *function) +{ +#ifdef HAVE_DLADDR + int i; +======= static bool contains_function(private_backtrace_t *this, char *function[], int count) { #ifdef HAVE_DLADDR int i, j; +>>>>>>> upstream/4.5.1 for (i = 0; i< this->frame_count; i++) { @@ -144,12 +151,18 @@ static bool contains_function(private_backtrace_t *this, if (dladdr(this->frames[i], &info) && info.dli_sname) { +<<<<<<< HEAD + if (streq(info.dli_sname, function)) + { + return TRUE; +======= for (j = 0; j < count; j++) { if (streq(info.dli_sname, function[j])) { return TRUE; } +>>>>>>> upstream/4.5.1 } } } @@ -183,7 +196,11 @@ backtrace_t *backtrace_create(int skip) this->frame_count = frame_count; this->public.log = (void(*)(backtrace_t*,FILE*,bool))log_; +<<<<<<< HEAD + this->public.contains_function = (bool(*)(backtrace_t*, char *function))contains_function; +======= this->public.contains_function = (bool(*)(backtrace_t*, char *function[], int count))contains_function; +>>>>>>> upstream/4.5.1 this->public.destroy = (void(*)(backtrace_t*))destroy; return &this->public; diff --git a/src/libstrongswan/utils/backtrace.h b/src/libstrongswan/utils/backtrace.h index e8ccfc1bd..712122afb 100644 --- a/src/libstrongswan/utils/backtrace.h +++ b/src/libstrongswan/utils/backtrace.h @@ -41,6 +41,14 @@ struct backtrace_t { void (*log)(backtrace_t *this, FILE *file, bool detailed); /** +<<<<<<< HEAD + * Check if the backtrace contains a frame in a specific function. + * + * @param function name + * @return TRUE if function is in the stack + */ + bool (*contains_function)(backtrace_t *this, char *function); +======= * Check if the backtrace contains a frame having a function in a list. * * @param function name array @@ -48,6 +56,7 @@ struct backtrace_t { * @return TRUE if one of the functions is in the stack */ bool (*contains_function)(backtrace_t *this, char *function[], int count); +>>>>>>> upstream/4.5.1 /** * Destroy a backtrace instance. diff --git a/src/libstrongswan/utils/hashtable.c b/src/libstrongswan/utils/hashtable.c index 49b0bb68c..9a0f92b3c 100644 --- a/src/libstrongswan/utils/hashtable.c +++ b/src/libstrongswan/utils/hashtable.c @@ -186,7 +186,11 @@ static void rehash(private_hashtable_t *this) linked_list_t **old_table; u_int row, old_capacity; +<<<<<<< HEAD + if (this->capacity < MAX_CAPACITY) +======= if (this->capacity >= MAX_CAPACITY) +>>>>>>> upstream/4.5.1 { return; } @@ -249,7 +253,10 @@ METHOD(hashtable_t, put, void*, { old_value = pair->value; pair->value = value; +<<<<<<< HEAD +======= pair->key = key; +>>>>>>> upstream/4.5.1 break; } } diff --git a/src/libstrongswan/utils/host.c b/src/libstrongswan/utils/host.c index ffeebd05c..1fba6a587 100644 --- a/src/libstrongswan/utils/host.c +++ b/src/libstrongswan/utils/host.c @@ -476,10 +476,13 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) { return host_create_any_port(af ? af : AF_INET6, port); } +<<<<<<< HEAD +======= if (af == AF_INET && strchr(string, ':')) { /* do not try to convert v6 addresses for v4 family */ return NULL; } +>>>>>>> upstream/4.5.1 memset(&hints, 0, sizeof(hints)); hints.ai_family = af; @@ -568,6 +571,8 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) /* * Described in header. */ +<<<<<<< HEAD +======= host_t *host_create_from_subnet(char *string, int *bits) { char *pos, buf[64]; @@ -603,6 +608,7 @@ host_t *host_create_from_subnet(char *string, int *bits) /* * Described in header. */ +>>>>>>> upstream/4.5.1 host_t *host_create_any(int family) { private_host_t *this = host_create_empty(); diff --git a/src/libstrongswan/utils/host.h b/src/libstrongswan/utils/host.h index 0a1be6e47..b9cd81148 100644 --- a/src/libstrongswan/utils/host.h +++ b/src/libstrongswan/utils/host.h @@ -190,6 +190,8 @@ host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port); host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); /** +<<<<<<< HEAD +======= * Create a host from a CIDR subnet definition (1.2.3.0/24), return bits. * * @param string string to parse @@ -199,6 +201,7 @@ host_t *host_create_from_sockaddr(sockaddr_t *sockaddr); host_t *host_create_from_subnet(char *string, int *bits); /** +>>>>>>> upstream/4.5.1 * Create a host without an address, a "any" host. * * @param family family of the any host diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index fd2716deb..facf9f6de 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -281,13 +281,20 @@ static void dntoa(chunk_t dn, char *buf, size_t len) chunk_t oid_data, data, printable; u_char type; int oid, written; +<<<<<<< HEAD + bool finished = FALSE; +======= bool finished = FALSE, empty = TRUE; +>>>>>>> upstream/4.5.1 e = create_rdn_enumerator(dn); while (e->enumerate(e, &oid_data, &type, &data)) { +<<<<<<< HEAD +======= empty = FALSE; +>>>>>>> upstream/4.5.1 oid = asn1_known_oid(oid_data); if (oid == OID_UNKNOWN) @@ -331,11 +338,15 @@ static void dntoa(chunk_t dn, char *buf, size_t len) break; } } +<<<<<<< HEAD + if (!finished) +======= if (empty) { snprintf(buf, len, ""); } else if (!finished) +>>>>>>> upstream/4.5.1 { snprintf(buf, len, "(invalid ID_DER_ASN1_DN)"); } diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 52e92951b..ef2ea8e14 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -218,6 +218,27 @@ char *whitelist[] = { "gcry_create_nonce", /* NSPR */ "PR_CallOnce", +<<<<<<< HEAD +}; + +/** + * check if a stack frame contains functions listed above + */ +static bool is_whitelisted(backtrace_t *backtrace) +{ + int i; + for (i = 0; i < sizeof(whitelist)/sizeof(char*); i++) + { + if (backtrace->contains_function(backtrace, whitelist[i])) + { + return TRUE; + } + } + return FALSE; +} + +/** +======= /* libapr */ "apr_pool_create_ex", /* glib */ @@ -235,6 +256,7 @@ char *whitelist[] = { }; /** +>>>>>>> upstream/4.5.1 * Report leaks at library destruction */ static void report(private_leak_detective_t *this, bool detailed) @@ -246,8 +268,12 @@ static void report(private_leak_detective_t *this, bool detailed) for (hdr = first_header.next; hdr != NULL; hdr = hdr->next) { +<<<<<<< HEAD + if (is_whitelisted(hdr->backtrace)) +======= if (hdr->backtrace->contains_function(hdr->backtrace, whitelist, countof(whitelist))) +>>>>>>> upstream/4.5.1 { whitelisted++; } diff --git a/src/libstrongswan/utils/optionsfrom.c b/src/libstrongswan/utils/optionsfrom.c index e51780290..fe3d37966 100644 --- a/src/libstrongswan/utils/optionsfrom.c +++ b/src/libstrongswan/utils/optionsfrom.c @@ -61,8 +61,16 @@ struct private_options_t { char *buffers[MAX_USES]; }; +<<<<<<< HEAD +/** + * Defined in header + */ +bool from(private_options_t *this, char *filename, int *argcp, char **argvp[], + int optind) +======= METHOD(options_t, from, bool, private_options_t *this, char *filename, int *argcp, char **argvp[], int optind) +>>>>>>> upstream/4.5.1 { int newargc; int next; /* place for next argument */ @@ -179,8 +187,15 @@ METHOD(options_t, from, bool, return good; } +<<<<<<< HEAD +/** + * Defined in header + */ +void destroy(private_options_t *this) +======= METHOD(options_t, destroy, void, private_options_t *this) +>>>>>>> upstream/4.5.1 { while (this->nuses >= 0) { @@ -195,6 +210,19 @@ METHOD(options_t, destroy, void, */ options_t *options_create(void) { +<<<<<<< HEAD + private_options_t *this = malloc_thing(private_options_t); + + /* initialize */ + this->newargv = NULL; + this->room = 0; + this->nuses = -1; + memset(this->buffers, '\0', MAX_USES); + + /* public functions */ + this->public.from = (bool (*) (options_t*,char*,int*,char***,int))from; + this->public.destroy = (void (*) (options_t*))destroy; +======= private_options_t *this; INIT(this, @@ -205,6 +233,7 @@ options_t *options_create(void) }, .nuses = -1, ); +>>>>>>> upstream/4.5.1 return &this->public; } |