diff options
Diffstat (limited to 'src')
902 files changed, 24024 insertions, 9225 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index a9df10cc6..938335e78 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -32,6 +32,10 @@ if USE_LIBPTTLS SUBDIRS += libpttls endif +if USE_LIBTPMTSS + SUBDIRS += libtpmtss +endif + if USE_IMCV SUBDIRS += libimcv endif @@ -131,3 +135,7 @@ endif if USE_AIKGEN SUBDIRS += aikgen endif + +if USE_AIKPUB2 + SUBDIRS += aikpub2 +endif diff --git a/src/Makefile.in b/src/Makefile.in index 1d012fb22..51317383f 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -85,33 +95,34 @@ host_triplet = @host@ @USE_LIBTNCIF_TRUE@am__append_6 = libtncif @USE_LIBTNCCS_TRUE@am__append_7 = libtnccs @USE_LIBPTTLS_TRUE@am__append_8 = libpttls -@USE_IMCV_TRUE@am__append_9 = libimcv -@USE_LIBCHARON_TRUE@am__append_10 = libcharon -@USE_FILE_CONFIG_TRUE@am__append_11 = starter -@USE_IPSEC_SCRIPT_TRUE@am__append_12 = ipsec _copyright -@USE_CHARON_TRUE@am__append_13 = charon -@USE_SYSTEMD_TRUE@am__append_14 = charon-systemd -@USE_NM_TRUE@am__append_15 = charon-nm -@USE_STROKE_TRUE@am__append_16 = stroke -@USE_UPDOWN_TRUE@am__append_17 = _updown -@USE_SCEPCLIENT_TRUE@am__append_18 = scepclient -@USE_PKI_TRUE@am__append_19 = pki -@USE_SWANCTL_TRUE@am__append_20 = swanctl -@USE_CONFTEST_TRUE@am__append_21 = conftest -@USE_DUMM_TRUE@am__append_22 = dumm -@USE_FAST_TRUE@am__append_23 = libfast -@USE_MANAGER_TRUE@am__append_24 = manager -@USE_MEDSRV_TRUE@am__append_25 = medsrv -@USE_ATTR_SQL_TRUE@am__append_26 = pool -@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_27 = pool -@USE_TKM_TRUE@am__append_28 = charon-tkm -@USE_CMD_TRUE@am__append_29 = charon-cmd -@USE_SVC_TRUE@am__append_30 = charon-svc -@USE_LIBPTTLS_TRUE@am__append_31 = pt-tls-client -@USE_INTEGRITY_TEST_TRUE@am__append_32 = checksum -@USE_AIKGEN_TRUE@am__append_33 = aikgen +@USE_LIBTPMTSS_TRUE@am__append_9 = libtpmtss +@USE_IMCV_TRUE@am__append_10 = libimcv +@USE_LIBCHARON_TRUE@am__append_11 = libcharon +@USE_FILE_CONFIG_TRUE@am__append_12 = starter +@USE_IPSEC_SCRIPT_TRUE@am__append_13 = ipsec _copyright +@USE_CHARON_TRUE@am__append_14 = charon +@USE_SYSTEMD_TRUE@am__append_15 = charon-systemd +@USE_NM_TRUE@am__append_16 = charon-nm +@USE_STROKE_TRUE@am__append_17 = stroke +@USE_UPDOWN_TRUE@am__append_18 = _updown +@USE_SCEPCLIENT_TRUE@am__append_19 = scepclient +@USE_PKI_TRUE@am__append_20 = pki +@USE_SWANCTL_TRUE@am__append_21 = swanctl +@USE_CONFTEST_TRUE@am__append_22 = conftest +@USE_DUMM_TRUE@am__append_23 = dumm +@USE_FAST_TRUE@am__append_24 = libfast +@USE_MANAGER_TRUE@am__append_25 = manager +@USE_MEDSRV_TRUE@am__append_26 = medsrv +@USE_ATTR_SQL_TRUE@am__append_27 = pool +@USE_ATTR_SQL_FALSE@@USE_SQL_TRUE@am__append_28 = pool +@USE_TKM_TRUE@am__append_29 = charon-tkm +@USE_CMD_TRUE@am__append_30 = charon-cmd +@USE_SVC_TRUE@am__append_31 = charon-svc +@USE_LIBPTTLS_TRUE@am__append_32 = pt-tls-client +@USE_INTEGRITY_TEST_TRUE@am__append_33 = checksum +@USE_AIKGEN_TRUE@am__append_34 = aikgen +@USE_AIKPUB2_TRUE@am__append_35 = aikpub2 subdir = src -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -125,6 +136,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -184,11 +196,12 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . include libstrongswan libipsec libsimaka libtls \ - libradius libtncif libtnccs libpttls libimcv libcharon starter \ - ipsec _copyright charon charon-systemd charon-nm stroke \ - _updown scepclient pki swanctl conftest dumm libfast manager \ - medsrv pool charon-tkm charon-cmd charon-svc pt-tls-client \ - checksum aikgen + libradius libtncif libtnccs libpttls libtpmtss libimcv \ + libcharon starter ipsec _copyright charon charon-systemd \ + charon-nm stroke _updown scepclient pki swanctl conftest dumm \ + libfast manager medsrv pool charon-tkm charon-cmd charon-svc \ + pt-tls-client checksum aikgen aikpub2 +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -220,6 +233,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -269,6 +283,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -303,6 +318,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -414,6 +430,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -452,7 +469,8 @@ SUBDIRS = . include $(am__append_1) $(am__append_2) $(am__append_3) \ $(am__append_22) $(am__append_23) $(am__append_24) \ $(am__append_25) $(am__append_26) $(am__append_27) \ $(am__append_28) $(am__append_29) $(am__append_30) \ - $(am__append_31) $(am__append_32) $(am__append_33) + $(am__append_31) $(am__append_32) $(am__append_33) \ + $(am__append_34) $(am__append_35) all: all-recursive .SUFFIXES: @@ -468,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -763,6 +780,8 @@ uninstall-am: mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ ps ps-am tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/_copyright/Makefile.in b/src/_copyright/Makefile.in index 432bde59b..5f7d50fd9 100644 --- a/src/_copyright/Makefile.in +++ b/src/_copyright/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = _copyright$(EXEEXT) subdir = src/_copyright -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -169,12 +178,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -224,6 +235,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -258,6 +270,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -369,6 +382,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -418,7 +432,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_copyright/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/_copyright/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -734,6 +747,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/_updown/Makefile.in b/src/_updown/Makefile.in index 08fce3e2c..1d15c0c93 100644 --- a/src/_updown/Makefile.in +++ b/src/_updown/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,7 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/_updown -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -93,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -146,12 +156,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -201,6 +213,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -235,6 +248,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -346,6 +360,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/_updown/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/_updown/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -607,6 +621,8 @@ uninstall-am: uninstall-ipsecSCRIPTS mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-ipsecSCRIPTS +.PRECIOUS: Makefile + _updown : _updown.in $(AM_V_GEN) \ diff --git a/src/aikgen/Makefile.am b/src/aikgen/Makefile.am index dc59d20cf..860a8f7a6 100644 --- a/src/aikgen/Makefile.am +++ b/src/aikgen/Makefile.am @@ -2,14 +2,13 @@ bin_PROGRAMS = aikgen aikgen_SOURCES = aikgen.c -aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -aikgen.o : $(top_builddir)/config.status +aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la -if USE_TROUSERS - aikgen_LDADD += -ltspi -endif +aikgen.o : $(top_builddir)/config.status AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${aikgen_plugins}\"" diff --git a/src/aikgen/Makefile.in b/src/aikgen/Makefile.in index 8fb9126e5..1e2b7dd8b 100644 --- a/src/aikgen/Makefile.in +++ b/src/aikgen/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,10 +89,7 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = aikgen$(EXEEXT) -@USE_TROUSERS_TRUE@am__append_1 = -ltspi subdir = src/aikgen -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -104,10 +112,9 @@ am__installdirs = "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) am_aikgen_OBJECTS = aikgen.$(OBJEXT) aikgen_OBJECTS = $(am_aikgen_OBJECTS) -am__DEPENDENCIES_1 = aikgen_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) + $(top_builddir)/src/libtpmtss/libtpmtss.la AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -172,12 +179,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -227,6 +236,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -261,6 +271,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -372,6 +383,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -402,9 +414,11 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ aikgen_SOURCES = aikgen.c aikgen_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__append_1) + $(top_builddir)/src/libtpmtss/libtpmtss.la + AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_CONFDIR=\"${sysconfdir}\" \ -DPLUGINS=\""${aikgen_plugins}\"" @@ -424,7 +438,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/aikgen/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/aikgen/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -739,6 +752,9 @@ uninstall-am: uninstall-binPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS +.PRECIOUS: Makefile + + aikgen.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/aikgen/aikgen.c b/src/aikgen/aikgen.c index 192636afc..3e2d44477 100644 --- a/src/aikgen/aikgen.c +++ b/src/aikgen/aikgen.c @@ -1,38 +1,25 @@ /* - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * - * Copyright (c) 2008 Hal Finney + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. * - * Permission is hereby granted, free of charge, to any person obtaining a copy - * of this software and associated documentation files (the "Software"), to deal - * in the Software without restriction, including without limitation the rights - * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell - * copies of the Software, and to permit persons to whom the Software is - * furnished to do so, subject to the following conditions: - * - * The above copyright notice and this permission notice shall be included in - * all copies or substantial portions of the Software. - * - * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR - * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, - * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE - * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER - * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, - * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN - * THE SOFTWARE. + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. */ +#include "tpm_tss.h" + #include <library.h> #include <utils/debug.h> #include <utils/optionsfrom.h> #include <credentials/certificates/x509.h> #include <credentials/keys/public_key.h> -#include <asn1/oid.h> -#include <asn1/asn1.h> - -#include <trousers/tss.h> -#include <trousers/trousers.h> #include <syslog.h> #include <getopt.h> @@ -44,12 +31,9 @@ /* default name of AIK private key blob */ #define DEFAULT_FILENAME_AIKBLOB AIK_DIR "aikBlob.bin" -/* default name of AIK private key blob */ +/* default name of AIK public key */ #define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der" -/* size in bytes of a TSS AIK public key blob */ -#define AIK_PUBKEY_BLOB_SIZE 284 - /* logging */ static bool log_to_stderr = TRUE; static bool log_to_syslog = TRUE; @@ -64,9 +48,7 @@ public_key_t *ca_pubkey; chunk_t ca_modulus; chunk_t aik_pubkey; chunk_t aik_keyid; - -/* TPM context */ -TSS_HCONTEXT hContext; +tpm_tss_t *tpm; /** * logging function for aikgen @@ -128,12 +110,13 @@ static void init_log(const char *program) /** * @brief exit aikgen * - * @param status 0 = OK, 1 = general discomfort + * @param status 0 = OK, -1 = general discomfort */ static void exit_aikgen(err_t message, ...) { int status = 0; + DESTROY_IF(tpm); DESTROY_IF(cacert); DESTROY_IF(ca_pubkey); free(ca_modulus.ptr); @@ -141,13 +124,6 @@ static void exit_aikgen(err_t message, ...) free(aik_keyid.ptr); options->destroy(options); - /* clean up TPM context */ - if (hContext) - { - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - } - /* print any error message to stderr */ if (message != NULL && *message != '\0') { @@ -158,7 +134,7 @@ static void exit_aikgen(err_t message, ...) vsnprintf(m, sizeof(m), message, args); va_end(args); - fprintf(stderr, "error: %s\n", m); + fprintf(stderr, "aikgen error: %s\n", m); status = -1; } library_deinit(); @@ -178,7 +154,7 @@ static void usage(const char *message) " [--aikblob <filename>] [--aikpubkey <filename>] \n" " [--idreq <filename>] [--force]" " [--quiet] [--debug <level>]\n" - " aikgen --help\n" + " aikgen --help\n" "\n" "Options:\n" " --cacert (-c) certificate of [privacy] CA\n" @@ -216,24 +192,7 @@ int main(int argc, char *argv[]) bool force = FALSE; chunk_t identity_req; chunk_t aik_blob; - chunk_t aik_pubkey_blob; - chunk_t aik_modulus; - chunk_t aik_exponent; - - /* TPM variables */ - TSS_RESULT result; - TSS_HTPM hTPM; - TSS_HKEY hSRK; - TSS_HKEY hPCAKey; - TSS_HPOLICY hSrkPolicy; - TSS_HPOLICY hTPMPolicy; - TSS_HKEY hIdentKey; - TSS_UUID SRK_UUID = TSS_UUID_SRK; - BYTE secret[] = TSS_WELL_KNOWN_SECRET; - BYTE *IdentityReq; - UINT32 IdentityReqLen; - BYTE *blob; - UINT32 blobLen; + hasher_t *hasher; atexit(library_deinit); if (!library_init(NULL, "aikgen")) @@ -370,105 +329,29 @@ int main(int argc, char *argv[]) if (ca_pubkey->get_type(ca_pubkey) != KEY_RSA || ca_pubkey->get_keysize(ca_pubkey) != 2048) { - exit_aikgen("ca public key must be RSA 2048 but is %N %d", + exit_aikgen("CA public key must be RSA 2048 but is %N %d", key_type_names, ca_pubkey->get_type(ca_pubkey), ca_pubkey->get_keysize(ca_pubkey)); } if (!ca_pubkey->get_encoding(ca_pubkey, PUBKEY_RSA_MODULUS, &ca_modulus)) { - exit_aikgen("could not extract RSA modulus from ca public key"); - } - - /* initialize TSS context and connect to it */ - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_Create", result); - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_Connect", result); - } - - /* get SRK plus SRK policy and set SRK secret */ - result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, - SRK_UUID, &hSRK); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_LoadKeyByUUID for SRK", result); - } - result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetPolicyObject for SRK", result); - } - result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, 20, secret); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Policy_SetSecret for SRK", result); - } - - /* get TPM plus TPM policy and set TPM secret */ - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_GetTpmObject", result); - } - result = Tspi_GetPolicyObject(hTPM, TSS_POLICY_USAGE, &hTPMPolicy); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetPolicyObject for TPM", result); - } - result = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1, 20, secret); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Policy_SetSecret for TPM", result); - } - - /* create context for a 2048 bit AIK */ - result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, - TSS_KEY_TYPE_IDENTITY | TSS_KEY_SIZE_2048 | - TSS_KEY_VOLATILE | TSS_KEY_NOT_MIGRATABLE, &hIdentKey); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Context_CreateObject for key", result); + exit_aikgen("could not extract RSA modulus from CA public key"); } - /* create context for the Privacy CA public key and assign modulus */ - result = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_RSAKEY, - TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, &hPCAKey); - if (result != TSS_SUCCESS) + /* try to find a TPM 1.2 */ + tpm = tpm_tss_probe(TPM_VERSION_1_2); + if (!tpm) { - exit_aikgen("tss 0x%x on Tspi_Context_CreateObject for PCA", result); - } - result = Tspi_SetAttribData (hPCAKey, TSS_TSPATTRIB_RSAKEY_INFO, - TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, ca_modulus.len, - ca_modulus.ptr); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_SetAttribData for PCA modulus", result); - } - result = Tspi_SetAttribUint32(hPCAKey, TSS_TSPATTRIB_KEY_INFO, - TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_SetAttribUint32 for PCA " - "encryption scheme", result); + exit_aikgen("no TPM 1.2 found"); } - /* generate AIK */ - DBG1(DBG_LIB, "Generating identity key..."); - result = Tspi_TPM_CollateIdentityRequest(hTPM, hSRK, hPCAKey, 0, NULL, - hIdentKey, TSS_ALG_AES, &IdentityReqLen, &IdentityReq); - if (result != TSS_SUCCESS) + if (!tpm->generate_aik(tpm, ca_modulus, &aik_blob, &aik_pubkey, + &identity_req)) { - exit_aikgen("tss 0x%x on Tspi_TPM_CollateIdentityRequest", result); + exit_aikgen("could not generate AIK"); } - identity_req = chunk_create(IdentityReq, IdentityReqLen); - DBG3(DBG_LIB, "Identity Request: %B", &identity_req); - /* optionally output identity request encrypted with ca public key */ + /* optionally output identity request encrypted with CA public key */ if (idreq_filename) { if (!chunk_write(identity_req, idreq_filename, 0022, force)) @@ -480,24 +363,7 @@ int main(int argc, char *argv[]) idreq_filename, identity_req.len); } - /* load identity key */ - result = Tspi_Key_LoadKey (hIdentKey, hSRK); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_Key_LoadKey for AIK\n", result); - } - - /* output AIK private key in TSS blob format */ - result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, - TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLen, &blob); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetAttribData for private key blob", - result); - } - aik_blob = chunk_create(blob, blobLen); - DBG3(DBG_LIB, "AIK private key blob: %B", &aik_blob); - + /* output AIK private key blob */ if (!chunk_write(aik_blob, aikblob_filename, 0022, force)) { exit_aikgen("could not write AIK blob file '%s': %s", @@ -506,32 +372,7 @@ int main(int argc, char *argv[]) DBG1(DBG_LIB, "AIK private key blob written to '%s' (%u bytes)", aikblob_filename, aik_blob.len); - /* output AIK Public Key in TSS blob format */ - result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, - TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobLen, &blob); - if (result != TSS_SUCCESS) - { - exit_aikgen("tss 0x%x on Tspi_GetAttribData for public key blob", - result); - } - aik_pubkey_blob = chunk_create(blob, blobLen); - DBG3(DBG_LIB, "AIK public key blob: %B", &aik_pubkey_blob); - - /* create a trusted AIK public key */ - if (aik_pubkey_blob.len != AIK_PUBKEY_BLOB_SIZE) - { - exit_aikgen("AIK public key is not in TSS blob format"); - } - aik_modulus = chunk_skip(aik_pubkey_blob, AIK_PUBKEY_BLOB_SIZE - 256); - aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); - - /* output subjectPublicKeyInfo encoding of AIK public key */ - if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL, - &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, - CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) - { - exit_aikgen("subjectPublicKeyInfo encoding of AIK key failed"); - } + /* output AIK public key */ if (!chunk_write(aik_pubkey, aikpubkey_filename, 0022, force)) { exit_aikgen("could not write AIK public key file '%s': %s", @@ -541,12 +382,14 @@ int main(int argc, char *argv[]) aikpubkey_filename, aik_pubkey.len); /* display AIK keyid derived from subjectPublicKeyInfo encoding */ - if (!lib->encoding->encode(lib->encoding, KEYID_PUBKEY_INFO_SHA1, NULL, - &aik_keyid, CRED_PART_RSA_MODULUS, aik_modulus, - CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher || !hasher->allocate_hash(hasher, aik_pubkey, &aik_keyid)) { - exit_aikgen("computation of AIK keyid failed"); + DESTROY_IF(hasher); + exit_aikgen("SHA1 hash algorithm not supported, computation of AIK " + "keyid failed"); } + hasher->destroy(hasher); DBG1(DBG_LIB, "AIK keyid: %#B", &aik_keyid); exit_aikgen(NULL); diff --git a/src/aikpub2/Makefile.am b/src/aikpub2/Makefile.am new file mode 100644 index 000000000..a9ab13870 --- /dev/null +++ b/src/aikpub2/Makefile.am @@ -0,0 +1,15 @@ +bin_PROGRAMS = aikpub2 + +aikpub2_SOURCES = aikpub2.c + +aikpub2_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la + +aikpub2.o : $(top_builddir)/config.status + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DPLUGINS=\""${aikgen_plugins}\"" diff --git a/src/aikpub2/Makefile.in b/src/aikpub2/Makefile.in new file mode 100644 index 000000000..adb40e415 --- /dev/null +++ b/src/aikpub2/Makefile.in @@ -0,0 +1,763 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +bin_PROGRAMS = aikpub2$(EXEEXT) +subdir = src/aikpub2 +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" +PROGRAMS = $(bin_PROGRAMS) +am_aikpub2_OBJECTS = aikpub2.$(OBJEXT) +aikpub2_OBJECTS = $(am_aikpub2_OBJECTS) +aikpub2_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(aikpub2_SOURCES) +DIST_SOURCES = $(aikpub2_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +aikpub2_SOURCES = aikpub2.c +aikpub2_LDADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la + +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libtpmtss \ + -DIPSEC_CONFDIR=\"${sysconfdir}\" \ + -DPLUGINS=\""${aikgen_plugins}\"" + +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/aikpub2/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/aikpub2/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +aikpub2$(EXEEXT): $(aikpub2_OBJECTS) $(aikpub2_DEPENDENCIES) $(EXTRA_aikpub2_DEPENDENCIES) + @rm -f aikpub2$(EXEEXT) + $(AM_V_CCLD)$(LINK) $(aikpub2_OBJECTS) $(aikpub2_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aikpub2.Po@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(PROGRAMS) +installdirs: + for dir in "$(DESTDIR)$(bindir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-binPROGRAMS clean-generic clean-libtool mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-binPROGRAMS + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean \ + clean-binPROGRAMS clean-generic clean-libtool cscopelist-am \ + ctags ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-binPROGRAMS \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + tags tags-am uninstall uninstall-am uninstall-binPROGRAMS + +.PRECIOUS: Makefile + + +aikpub2.o : $(top_builddir)/config.status + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/aikpub2/aikpub2.c b/src/aikpub2/aikpub2.c new file mode 100644 index 000000000..fea58ed27 --- /dev/null +++ b/src/aikpub2/aikpub2.c @@ -0,0 +1,305 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss.h" + +#include <library.h> +#include <utils/debug.h> +#include <utils/optionsfrom.h> + +#include <syslog.h> +#include <getopt.h> +#include <errno.h> + +/* default directory where AIK keys are stored */ +#define AIK_DIR IPSEC_CONFDIR "/pts/" + +/* default name of AIK public key blob */ +#define DEFAULT_FILENAME_AIKPUBKEY AIK_DIR "aikPub.der" + +/* logging */ +static bool log_to_stderr = TRUE; +static bool log_to_syslog = TRUE; +static level_t default_loglevel = 1; + +/* options read by optionsfrom */ +options_t *options; + +chunk_t aik_pubkey; +chunk_t aik_keyid; + +/** + * logging function for aikpub2 + */ +static void aikpub2_dbg(debug_t group, level_t level, char *fmt, ...) +{ + char buffer[8192]; + char *current = buffer, *next; + va_list args; + + if (level <= default_loglevel) + { + if (log_to_stderr) + { + va_start(args, fmt); + vfprintf(stderr, fmt, args); + va_end(args); + fprintf(stderr, "\n"); + } + if (log_to_syslog) + { + /* write in memory buffer first */ + va_start(args, fmt); + vsnprintf(buffer, sizeof(buffer), fmt, args); + va_end(args); + + /* do a syslog with every line */ + while (current) + { + next = strchr(current, '\n'); + if (next) + { + *(next++) = '\0'; + } + syslog(LOG_INFO, "%s\n", current); + current = next; + } + } + } +} + +/** + * Initialize logging to stderr/syslog + */ +static void init_log(const char *program) +{ + dbg = aikpub2_dbg; + + if (log_to_stderr) + { + setbuf(stderr, NULL); + } + if (log_to_syslog) + { + openlog(program, LOG_CONS | LOG_NDELAY | LOG_PID, LOG_AUTHPRIV); + } +} + +/** + * @brief exit aikgen + * + * @param status 0 = OK, -1 = general discomfort + */ +static void exit_aikpub2(err_t message, ...) +{ + int status = 0; + + free(aik_pubkey.ptr); + free(aik_keyid.ptr); + options->destroy(options); + + /* print any error message to stderr */ + if (message != NULL && *message != '\0') + { + va_list args; + char m[8192]; + + va_start(args, message); + vsnprintf(m, sizeof(m), message, args); + va_end(args); + + fprintf(stderr, "aikpub2 error: %s\n", m); + status = -1; + } + library_deinit(); + exit(status); +} + +/** + * @brief prints the usage of the program to the stderr output + * + * If message is set, program is exited with 1 (error) + * @param message message in case of an error + */ +static void usage(const char *message) +{ + fprintf(stderr, + "Usage: aikpub2 --handle <handle> --out <filename>\n" + " [--force] [--quiet] [--debug <level>]\n" + " aikpub2 --help\n" + "\n" + "Options:\n" + " --handle (-H) TSS 2.0 AIK object handle\n" + " --out (-o) AIK public key in PKCS #1 format\n" + " --force (-f) force to overwrite existing files\n" + " --help (-h) show usage and exit\n" + "\n" + "Debugging output:\n" + " --debug (-l) changes the log level (-1..4, default: 1)\n" + " --quiet (-q) do not write log output to stderr\n" + ); + exit_aikpub2(message); +} + + +/** + * @brief main of aikpub2 which extracts an Attestation Identity Key (AIK) + * + * @param argc number of arguments + * @param argv pointer to the argument values + */ +int main(int argc, char *argv[]) +{ + /* external values */ + extern char * optarg; + extern int optind; + + char *aik_out_filename = DEFAULT_FILENAME_AIKPUBKEY; + uint32_t aik_handle = 0; + bool force = FALSE; + hasher_t *hasher; + tpm_tss_t *tpm; + + atexit(library_deinit); + if (!library_init(NULL, "aikpub2")) + { + exit(SS_RC_LIBSTRONGSWAN_INTEGRITY); + } + if (lib->integrity && + !lib->integrity->check_file(lib->integrity, "aikpub2", argv[0])) + { + fprintf(stderr, "integrity check of aikpub2 failed\n"); + exit(SS_RC_DAEMON_INTEGRITY); + } + + /* initialize global variables */ + options = options_create(); + + for (;;) + { + static const struct option long_opts[] = { + /* name, has_arg, flag, val */ + { "help", no_argument, NULL, 'h' }, + { "optionsfrom", required_argument, NULL, '+' }, + { "handle", required_argument, NULL, 'H' }, + { "in", required_argument, NULL, 'i' }, + { "out", required_argument, NULL, 'o' }, + { "force", no_argument, NULL, 'f' }, + { "quiet", no_argument, NULL, 'q' }, + { "debug", required_argument, NULL, 'l' }, + { 0,0,0,0 } + }; + + /* parse next option */ + int c = getopt_long(argc, argv, "h+:H:i:o:fql:", long_opts, NULL); + + switch (c) + { + case EOF: /* end of flags */ + break; + + case 'h': /* --help */ + usage(NULL); + + case '+': /* --optionsfrom <filename> */ + if (!options->from(options, optarg, &argc, &argv, optind)) + { + exit_aikpub2("optionsfrom failed"); + } + continue; + + case 'H': /* --handle <handle> */ + aik_handle = strtoll(optarg, NULL, 16); + continue; + + case 'o': /* --out <filename> */ + aik_out_filename = optarg; + continue; + + case 'f': /* --force */ + force = TRUE; + continue; + + case 'q': /* --quiet */ + log_to_stderr = FALSE; + continue; + + case 'l': /* --debug <level> */ + default_loglevel = atoi(optarg); + continue; + + default: + usage("unknown option"); + } + /* break from loop */ + break; + } + + init_log("aikpub2"); + + if (!lib->plugins->load(lib->plugins, + lib->settings->get_str(lib->settings, "aikpub2.load", PLUGINS))) + { + exit_aikpub2("plugin loading failed"); + } + if (!aik_handle) + { + usage("--handle option is required"); + } + + /* try to find a TPM 2.0 */ + tpm = tpm_tss_probe(TPM_VERSION_2_0); + if (!tpm) + { + exit_aikpub2("no TPM 2.0 found"); + } + + /* get AIK public key from TPM */ + aik_pubkey = tpm->get_public(tpm, aik_handle); + tpm->destroy(tpm); + + /* exit if AIK public key retrieval failed */ + if (aik_pubkey.len == 0) + { + exit_aikpub2("retrieval of AIK public key failed"); + } + + /* store AIK subjectPublicKeyInfo to file */ + if (!chunk_write(aik_pubkey, aik_out_filename, 0022, force)) + { + exit_aikpub2("could not write AIK public key file '%s': %s", + aik_out_filename, strerror(errno)); + } + DBG1(DBG_LIB, "AIK public key written to '%s' (%u bytes)", + aik_out_filename, aik_pubkey.len); + + /* AIK keyid derived from subjectPublicKeyInfo encoding */ + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); + if (!hasher) + { + exit_aikpub2("SHA1 hash algorithm not supported"); + } + if (!hasher->allocate_hash(hasher, aik_pubkey, &aik_keyid)) + { + hasher->destroy(hasher); + exit_aikpub2("computing SHA1 fingerprint failed"); + } + hasher->destroy(hasher); + + DBG1(DBG_LIB, "AIK keyid: %#B", &aik_keyid); + + exit_aikpub2(NULL); + return -1; /* should never be reached */ +} diff --git a/src/charon-cmd/Makefile.am b/src/charon-cmd/Makefile.am index 1f4033aad..1d4bf70cc 100644 --- a/src/charon-cmd/Makefile.am +++ b/src/charon-cmd/Makefile.am @@ -20,4 +20,4 @@ AM_CPPFLAGS = \ charon_cmd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) diff --git a/src/charon-cmd/Makefile.in b/src/charon-cmd/Makefile.in index f48410270..098eb9474 100644 --- a/src/charon-cmd/Makefile.in +++ b/src/charon-cmd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = charon-cmd$(EXEEXT) subdir = src/charon-cmd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/charon-cmd.8.in $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = charon-cmd.8 @@ -110,7 +119,8 @@ am__DEPENDENCIES_1 = charon_cmd_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -205,12 +215,15 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/charon-cmd.8.in \ + $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +273,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +308,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +420,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -451,7 +467,7 @@ AM_CPPFLAGS = \ charon_cmd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) all: all-am @@ -469,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-cmd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-cmd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -850,6 +865,8 @@ uninstall-man: uninstall-man8 pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-man uninstall-man8 uninstall-sbinPROGRAMS +.PRECIOUS: Makefile + charon-cmd.o : $(top_builddir)/config.status diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c index 0c6a504e9..71df92f7e 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -142,10 +142,18 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) { ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; - u_int16_t local_port, remote_port = IKEV2_UDP_PORT; + uint16_t local_port, remote_port = IKEV2_UDP_PORT; ike_version_t version = IKE_ANY; - bool aggressive = FALSE; proposal_t *proposal; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + .dpd = 30, + }; switch (this->profile) { @@ -159,7 +167,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) case PROF_V1_XAUTH_AM: case PROF_V1_XAUTH_PSK_AM: case PROF_V1_HYBRID_AM: - aggressive = TRUE; + peer.aggressive = TRUE; /* FALL */ case PROF_V1_PUB: case PROF_V1_XAUTH: @@ -189,13 +197,7 @@ static peer_cfg_t* create_peer_cfg(private_cmd_connection_t *this) ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); } - peer_cfg = peer_cfg_create("cmd", ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, aggressive, TRUE, /* mobike, aggressive, pull */ - 30, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + peer_cfg = peer_cfg_create("cmd", ike_cfg, &peer); return peer_cfg; } @@ -335,18 +337,18 @@ static child_cfg_t* create_child_cfg(private_cmd_connection_t *this, traffic_selector_t *ts; proposal_t *proposal; bool has_v4 = FALSE, has_v6 = FALSE; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800 /* 3h */, - .rekey = 10200 /* 2h50min */, - .jitter = 300 /* 5min */ - } + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + } + }, + .mode = MODE_TUNNEL, }; - child_cfg = child_cfg_create("cmd", &lifetime, - NULL, FALSE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create("cmd", &child); if (this->child_proposals->get_count(this->child_proposals)) { while (this->child_proposals->remove_first(this->child_proposals, diff --git a/src/charon-nm/Makefile.am b/src/charon-nm/Makefile.am index b6f0c8b54..6ab7f27c5 100644 --- a/src/charon-nm/Makefile.am +++ b/src/charon-nm/Makefile.am @@ -21,4 +21,4 @@ AM_CFLAGS = \ charon_nm_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS} + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} diff --git a/src/charon-nm/Makefile.in b/src/charon-nm/Makefile.in index 490a08023..715412ad2 100644 --- a/src/charon-nm/Makefile.in +++ b/src/charon-nm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = charon-nm$(EXEEXT) subdir = src/charon-nm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -111,7 +120,7 @@ charon_nm_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -176,12 +185,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -231,6 +242,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -265,6 +277,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -376,6 +389,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -425,7 +439,7 @@ AM_CFLAGS = \ charon_nm_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) ${nm_LIBS} + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) ${nm_LIBS} all: all-am @@ -443,7 +457,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-nm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-nm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/charon-nm/nm/nm_service.c b/src/charon-nm/nm/nm_service.c index fc7e89958..5991c2465 100644 --- a/src/charon-nm/nm/nm_service.c +++ b/src/charon-nm/nm/nm_service.c @@ -68,7 +68,7 @@ static GValue* handler_to_val(nm_handler_t *handler, array = g_array_new (FALSE, TRUE, sizeof (guint32)); while (enumerator->enumerate(enumerator, &chunk)) { - g_array_append_val (array, *(u_int32_t*)chunk.ptr); + g_array_append_val (array, *(uint32_t*)chunk.ptr); } enumerator->destroy(enumerator); val = g_slice_new0 (GValue); @@ -113,7 +113,7 @@ static void signal_ipv4_config(NMVPNPlugin *plugin, enumerator->destroy(enumerator); val = g_slice_new0(GValue); g_value_init(val, G_TYPE_UINT); - g_value_set_uint(val, *(u_int32_t*)me->get_address(me).ptr); + g_value_set_uint(val, *(uint32_t*)me->get_address(me).ptr); g_hash_table_insert(config, NM_VPN_PLUGIN_IP4_CONFIG_ADDRESS, val); val = g_slice_new0(GValue); @@ -289,7 +289,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, NMSettingVPN *vpn; identification_t *user = NULL, *gateway = NULL; const char *address, *str; - bool virtual, encap, ipcomp; + bool virtual, encap; ike_cfg_t *ike_cfg; peer_cfg_t *peer_cfg; child_cfg_t *child_cfg; @@ -300,12 +300,23 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, certificate_t *cert = NULL; x509_t *x509; bool agent = FALSE, smartcard = FALSE, loose_gateway_id = FALSE; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800 /* 3h */, - .rekey = 10200 /* 2h50min */, - .jitter = 300 /* 5min */ - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800 /* 3h */, + .rekey = 10200 /* 2h50min */, + .jitter = 300 /* 5min */ + }, + }, + .mode = MODE_TUNNEL, }; /** @@ -339,32 +350,29 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, return FALSE; } str = nm_setting_vpn_get_data_item(vpn, "virtual"); - virtual = str && streq(str, "yes"); + virtual = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "encap"); - encap = str && streq(str, "yes"); + encap = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "ipcomp"); - ipcomp = str && streq(str, "yes"); + child.ipcomp = streq(str, "yes"); str = nm_setting_vpn_get_data_item(vpn, "method"); - if (str) + if (streq(str, "psk")) { - if (streq(str, "psk")) - { - auth_class = AUTH_CLASS_PSK; - } - else if (streq(str, "agent")) - { - auth_class = AUTH_CLASS_PUBKEY; - agent = TRUE; - } - else if (streq(str, "key")) - { - auth_class = AUTH_CLASS_PUBKEY; - } - else if (streq(str, "smartcard")) - { - auth_class = AUTH_CLASS_PUBKEY; - smartcard = TRUE; - } + auth_class = AUTH_CLASS_PSK; + } + else if (streq(str, "agent")) + { + auth_class = AUTH_CLASS_PUBKEY; + agent = TRUE; + } + else if (streq(str, "key")) + { + auth_class = AUTH_CLASS_PUBKEY; + } + else if (streq(str, "smartcard")) + { + auth_class = AUTH_CLASS_PUBKEY; + smartcard = TRUE; } /** @@ -533,13 +541,8 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create(priv->name, ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 0, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + + peer_cfg = peer_cfg_create(priv->name, ike_cfg, &peer); if (virtual) { peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); @@ -561,10 +564,7 @@ static gboolean connect_(NMVPNPlugin *plugin, NMConnection *connection, auth->add(auth, AUTH_RULE_IDENTITY_LOOSE, loose_gateway_id); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(priv->name, &lifetime, - NULL, TRUE, MODE_TUNNEL, /* updown, hostaccess */ - ACTION_NONE, ACTION_NONE, ACTION_NONE, ipcomp, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(priv->name, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/charon-svc/Makefile.in b/src/charon-svc/Makefile.in index 4f9143d9b..4afa62507 100644 --- a/src/charon-svc/Makefile.in +++ b/src/charon-svc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = charon-svc$(EXEEXT) subdir = src/charon-svc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -170,12 +179,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -225,6 +236,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -259,6 +271,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -370,6 +383,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -424,7 +438,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-svc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-svc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -739,6 +752,8 @@ uninstall-am: uninstall-binPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-binPROGRAMS +.PRECIOUS: Makefile + charon-svc.o : $(top_builddir)/config.status diff --git a/src/charon-systemd/Makefile.am b/src/charon-systemd/Makefile.am index 9942a3682..6dd7e2726 100644 --- a/src/charon-systemd/Makefile.am +++ b/src/charon-systemd/Makefile.am @@ -14,4 +14,5 @@ charon_systemd_CPPFLAGS = \ charon_systemd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) + $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) \ + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) diff --git a/src/charon-systemd/Makefile.in b/src/charon-systemd/Makefile.in index b4f624d45..3dcf3d75a 100644 --- a/src/charon-systemd/Makefile.in +++ b/src/charon-systemd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = charon-systemd$(EXEEXT) subdir = src/charon-systemd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -109,7 +118,7 @@ charon_systemd_DEPENDENCIES = \ $(top_builddir)/src/libcharon/libcharon.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -174,12 +183,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -229,6 +240,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -263,6 +275,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -374,6 +387,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -414,7 +428,8 @@ charon_systemd_CPPFLAGS = \ charon_systemd_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) -lm $(PTHREADLIB) $(DLLIB) + $(systemd_LIBS) $(systemd_daemon_LIBS) $(systemd_journal_LIBS) \ + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) all: all-am @@ -432,7 +447,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-systemd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-systemd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -762,6 +776,8 @@ uninstall-am: uninstall-sbinPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-sbinPROGRAMS +.PRECIOUS: Makefile + charon-systemd.o : $(top_builddir)/config.status diff --git a/src/charon-tkm/Makefile.in b/src/charon-tkm/Makefile.in index 81afd4de5..1eaf46a89 100644 --- a/src/charon-tkm/Makefile.in +++ b/src/charon-tkm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/charon-tkm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -391,7 +406,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon-tkm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon-tkm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -563,6 +577,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + all: build_charon diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c index c4953b6aa..5f2cbfe0c 100644 --- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c @@ -123,7 +123,7 @@ int register_dh_mapping() int count, i; char *iana_id_str, *tkm_id_str; diffie_hellman_group_t *iana_id; - u_int64_t *tkm_id; + uint64_t *tkm_id; hashtable_t *map; enumerator_t *enumerator; @@ -138,7 +138,7 @@ int register_dh_mapping() { iana_id = malloc_thing(diffie_hellman_group_t); *iana_id = settings_value_as_int(iana_id_str, 0); - tkm_id = malloc_thing(u_int64_t); + tkm_id = malloc_thing(uint64_t); *tkm_id = settings_value_as_int(tkm_id_str, 0); map->put(map, iana_id, tkm_id); @@ -227,7 +227,7 @@ tkm_diffie_hellman_t *tkm_diffie_hellman_create(diffie_hellman_group_t group) return NULL; } - u_int64_t *dha_id = group_map->get(group_map, &group); + uint64_t *dha_id = group_map->get(group_map, &group); if (!dha_id) { free(this); diff --git a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c index 2d22fbdc3..c9be8989a 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_ipsec.c @@ -54,7 +54,7 @@ struct private_tkm_kernel_ipsec_t { METHOD(kernel_ipsec_t, get_spi, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { bool result; @@ -68,26 +68,21 @@ METHOD(kernel_ipsec_t, get_spi, status_t, } } - result = this->rng->get_bytes(this->rng, sizeof(u_int32_t), - (u_int8_t *)spi); + result = this->rng->get_bytes(this->rng, sizeof(uint32_t), + (uint8_t *)spi); return result ? SUCCESS : FAILED; } METHOD(kernel_ipsec_t, get_cpi, status_t, private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t* src_ts, linked_list_t* dst_ts) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { esa_info_t esa; esp_spi_type spi_loc, spi_rem; @@ -97,43 +92,43 @@ METHOD(kernel_ipsec_t, add_sa, status_t, esa_id_type esa_id; nonce_type nc_rem; - if (enc_key.ptr == NULL) + if (data->enc_key.ptr == NULL) { DBG1(DBG_KNL, "Unable to get ESA information"); return FAILED; } - esa = *(esa_info_t *)(enc_key.ptr); + esa = *(esa_info_t *)(data->enc_key.ptr); /* only handle the case where we have both distinct ESP spi's available */ - if (esa.spi_r == spi) + if (esa.spi_r == id->spi) { chunk_free(&esa.nonce_i); chunk_free(&esa.nonce_r); return SUCCESS; } - if (initiator) + if (data->initiator) { - spi_loc = spi; + spi_loc = id->spi; spi_rem = esa.spi_r; - local = dst; - peer = src; + local = id->dst; + peer = id->src; nonce_loc = &esa.nonce_i; nonce_rem = &esa.nonce_r; } else { spi_loc = esa.spi_r; - spi_rem = spi; - local = src; - peer = dst; + spi_rem = id->spi; + local = id->src; + peer = id->dst; nonce_loc = &esa.nonce_r; nonce_rem = &esa.nonce_i; } esa_id = tkm->idmgr->acquire_id(tkm->idmgr, TKM_CTX_ESA); - if (!tkm->sad->insert(tkm->sad, esa_id, reqid, local, peer, spi_loc, spi_rem, - protocol)) + if (!tkm->sad->insert(tkm->sad, esa_id, data->reqid, local, peer, + spi_loc, spi_rem, id->proto)) { DBG1(DBG_KNL, "unable to add entry (%llu) to SAD", esa_id); goto sad_failure; @@ -146,8 +141,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, nonce_loc_id = tkm->chunk_map->get_id(tkm->chunk_map, nonce_loc); if (nonce_loc_id == 0 && esa.dh_id == 0) { - if (ike_esa_create_first(esa_id, esa.isa_id, reqid, 1, spi_loc, spi_rem) - != TKM_OK) + if (ike_esa_create_first(esa_id, esa.isa_id, data->reqid, 1, spi_loc, + spi_rem) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu, first) creation failed", esa_id); goto failure; @@ -157,9 +152,9 @@ METHOD(kernel_ipsec_t, add_sa, status_t, else if (nonce_loc_id != 0 && esa.dh_id == 0) { chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type)); - if (ike_esa_create_no_pfs(esa_id, esa.isa_id, reqid, 1, nonce_loc_id, - nc_rem, initiator, spi_loc, spi_rem) - != TKM_OK) + if (ike_esa_create_no_pfs(esa_id, esa.isa_id, data->reqid, 1, + nonce_loc_id, nc_rem, data->initiator, + spi_loc, spi_rem) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu, no PFS) creation failed", esa_id); goto failure; @@ -171,8 +166,9 @@ METHOD(kernel_ipsec_t, add_sa, status_t, else { chunk_to_sequence(nonce_rem, &nc_rem, sizeof(nonce_type)); - if (ike_esa_create(esa_id, esa.isa_id, reqid, 1, esa.dh_id, nonce_loc_id, - nc_rem, initiator, spi_loc, spi_rem) != TKM_OK) + if (ike_esa_create(esa_id, esa.isa_id, data->reqid, 1, esa.dh_id, + nonce_loc_id, nc_rem, data->initiator, spi_loc, + spi_rem) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu) creation failed", esa_id); goto failure; @@ -192,7 +188,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, DBG1(DBG_KNL, "added child SA (esa: %llu, isa: %llu, esp_spi_loc: %x, " "esp_spi_rem: %x, role: %s)", esa_id, esa.isa_id, ntohl(spi_loc), - ntohl(spi_rem), initiator ? "initiator" : "responder"); + ntohl(spi_rem), data->initiator ? "initiator" : "responder"); chunk_free(&esa.nonce_i); chunk_free(&esa.nonce_r); @@ -208,20 +204,21 @@ sad_failure: } METHOD(kernel_ipsec_t, query_sa, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes, - u_int64_t *packets, time_t *time) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_sa, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { esa_id_type esa_id, other_esa_id; - esa_id = tkm->sad->get_esa_id(tkm->sad, src, dst, spi, protocol); + esa_id = tkm->sad->get_esa_id(tkm->sad, id->src, id->dst, + id->spi, id->proto); if (esa_id) { other_esa_id = tkm->sad->get_other_esa_id(tkm->sad, esa_id); @@ -236,7 +233,7 @@ METHOD(kernel_ipsec_t, del_sa, status_t, } DBG1(DBG_KNL, "deleting child SA (esa: %llu, spi: %x)", esa_id, - ntohl(spi)); + ntohl(id->spi)); if (ike_esa_reset(esa_id) != TKM_OK) { DBG1(DBG_KNL, "child SA (%llu) deletion failed", esa_id); @@ -249,9 +246,8 @@ METHOD(kernel_ipsec_t, del_sa, status_t, } METHOD(kernel_ipsec_t, update_sa, status_t, - private_tkm_kernel_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool old_encap, bool new_encap, mark_t mark) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { return NOT_SUPPORTED; } @@ -264,27 +260,22 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, } METHOD(kernel_ipsec_t, add_policy, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_tkm_kernel_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_tkm_kernel_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_tkm_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } @@ -338,7 +329,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_tkm_kernel_ipsec_t *this, int fd, int family, u_int16_t port) + private_tkm_kernel_ipsec_t *this, int fd, int family, uint16_t port) { int type = UDP_ENCAP_ESPINUDP; diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.c b/src/charon-tkm/src/tkm/tkm_kernel_sad.c index 2556f6b8b..22d2aac13 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.c +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.c @@ -59,7 +59,7 @@ struct sad_entry_t { /** * Reqid. */ - u_int32_t reqid; + uint32_t reqid; /** * Source address of CHILD SA. @@ -74,17 +74,17 @@ struct sad_entry_t { /** * Local SPI of CHILD SA. */ - u_int32_t spi_loc; + uint32_t spi_loc; /** * Remote SPI of CHILD SA. */ - u_int32_t spi_rem; + uint32_t spi_rem; /** * Protocol of CHILD SA (ESP/AH). */ - u_int8_t proto; + uint8_t proto; }; @@ -105,8 +105,8 @@ static void sad_entry_destroy(sad_entry_t *entry) * Find a list entry with given src, dst, (remote) spi and proto values. */ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, - const host_t * const dst, const u_int32_t * const spi, - const u_int8_t * const proto) + const host_t * const dst, const uint32_t * const spi, + const uint8_t * const proto) { if (entry->src == NULL || entry->dst == NULL) { @@ -122,9 +122,9 @@ static bool sad_entry_match(sad_entry_t * const entry, const host_t * const src, * Find a list entry with given reqid, spi and proto values. */ static bool sad_entry_match_dst(sad_entry_t * const entry, - const u_int32_t * const reqid, - const u_int32_t * const spi, - const u_int8_t * const proto) + const uint32_t * const reqid, + const uint32_t * const spi, + const uint8_t * const proto) { return entry->reqid == *reqid && entry->spi_rem == *spi && @@ -145,7 +145,7 @@ static bool sad_entry_match_esa_id(sad_entry_t * const entry, */ static bool sad_entry_match_other_esa(sad_entry_t * const entry, const esa_id_type * const esa_id, - const u_int32_t * const reqid) + const uint32_t * const reqid) { return entry->reqid == *reqid && entry->esa_id != *esa_id; @@ -172,8 +172,8 @@ static bool sad_entry_equal(sad_entry_t * const left, sad_entry_t * const right) METHOD(tkm_kernel_sad_t, insert, bool, private_tkm_kernel_sad_t * const this, const esa_id_type esa_id, - const u_int32_t reqid, const host_t * const src, const host_t * const dst, - const u_int32_t spi_loc, const u_int32_t spi_rem, const u_int8_t proto) + const uint32_t reqid, const host_t * const src, const host_t * const dst, + const uint32_t spi_loc, const uint32_t spi_rem, const uint8_t proto) { status_t result; sad_entry_t *new_entry; @@ -212,7 +212,7 @@ METHOD(tkm_kernel_sad_t, insert, bool, METHOD(tkm_kernel_sad_t, get_esa_id, esa_id_type, private_tkm_kernel_sad_t * const this, const host_t * const src, - const host_t * const dst, const u_int32_t spi, const u_int8_t proto) + const host_t * const dst, const uint32_t spi, const uint8_t proto) { esa_id_type id = 0; sad_entry_t *entry = NULL; @@ -242,7 +242,7 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, { esa_id_type id = 0; sad_entry_t *entry = NULL; - u_int32_t reqid; + uint32_t reqid; status_t res; this->mutex->lock(this->mutex); @@ -274,8 +274,8 @@ METHOD(tkm_kernel_sad_t, get_other_esa_id, esa_id_type, } METHOD(tkm_kernel_sad_t, get_dst_host, host_t *, - private_tkm_kernel_sad_t * const this, const u_int32_t reqid, - const u_int32_t spi, const u_int8_t proto) + private_tkm_kernel_sad_t * const this, const uint32_t reqid, + const uint32_t spi, const uint8_t proto) { host_t *dst = NULL; sad_entry_t *entry = NULL; diff --git a/src/charon-tkm/src/tkm/tkm_kernel_sad.h b/src/charon-tkm/src/tkm/tkm_kernel_sad.h index 3a84deffc..ba6462192 100644 --- a/src/charon-tkm/src/tkm/tkm_kernel_sad.h +++ b/src/charon-tkm/src/tkm/tkm_kernel_sad.h @@ -46,9 +46,9 @@ struct tkm_kernel_sad_t { * @return TRUE if entry was inserted, FALSE otherwise */ bool (*insert)(tkm_kernel_sad_t * const this, const esa_id_type esa_id, - const u_int32_t reqid, const host_t * const src, - const host_t * const dst, const u_int32_t spi_loc, - const u_int32_t spi_rem, const u_int8_t proto); + const uint32_t reqid, const host_t * const src, + const host_t * const dst, const uint32_t spi_loc, + const uint32_t spi_rem, const uint8_t proto); /** * Get ESA id for entry with given parameters. @@ -61,7 +61,7 @@ struct tkm_kernel_sad_t { */ esa_id_type (*get_esa_id)(tkm_kernel_sad_t * const this, const host_t * const src, const host_t * const dst, - const u_int32_t spi, const u_int8_t proto); + const uint32_t spi, const uint8_t proto); /** * Get ESA id for entry associated with same security policy as the @@ -82,7 +82,7 @@ struct tkm_kernel_sad_t { * @return destination host of entry if found, NULL otherwise */ host_t * (*get_dst_host)(tkm_kernel_sad_t * const this, - const u_int32_t reqid, const u_int32_t spi, const u_int8_t proto); + const uint32_t reqid, const uint32_t spi, const uint8_t proto); /** * Remove entry with given ESA id from SAD. diff --git a/src/charon-tkm/src/tkm/tkm_keymat.c b/src/charon-tkm/src/tkm/tkm_keymat.c index 1e1fa4f30..a7cce0f62 100644 --- a/src/charon-tkm/src/tkm/tkm_keymat.c +++ b/src/charon-tkm/src/tkm/tkm_keymat.c @@ -96,8 +96,8 @@ struct private_tkm_keymat_t { static void aead_create_from_keys(aead_t **in, aead_t **out, const chunk_t * const sk_ai, const chunk_t * const sk_ar, const chunk_t * const sk_ei, const chunk_t * const sk_er, - const u_int16_t enc_alg, const u_int16_t int_alg, - const u_int16_t key_size, bool initiator) + const uint16_t enc_alg, const uint16_t int_alg, + const uint16_t key_size, bool initiator) { *in = *out = NULL; signer_t *signer_i, *signer_r; @@ -187,8 +187,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t nonce_i, chunk_t nonce_r, ike_sa_id_t *id, pseudo_random_function_t rekey_function, chunk_t rekey_skd) { - u_int16_t enc_alg, int_alg, key_size; - u_int64_t nc_id, spi_loc, spi_rem; + uint16_t enc_alg, int_alg, key_size; + uint64_t nc_id, spi_loc, spi_rem; chunk_t *nonce, c_ai, c_ar, c_ei, c_er; tkm_diffie_hellman_t *tkm_dh; dh_id_type dh_id; diff --git a/src/charon-tkm/src/tkm/tkm_nonceg.c b/src/charon-tkm/src/tkm/tkm_nonceg.c index 336f16ecd..493ea2922 100644 --- a/src/charon-tkm/src/tkm/tkm_nonceg.c +++ b/src/charon-tkm/src/tkm/tkm_nonceg.c @@ -39,7 +39,7 @@ struct private_tkm_nonceg_t { }; METHOD(nonce_gen_t, get_nonce, bool, - private_tkm_nonceg_t *this, size_t size, u_int8_t *buffer) + private_tkm_nonceg_t *this, size_t size, uint8_t *buffer) { nonce_type nonce; uint64_t nc_id; diff --git a/src/charon-tkm/src/tkm/tkm_spi_generator.c b/src/charon-tkm/src/tkm/tkm_spi_generator.c index eff0ca91e..b9ce83727 100644 --- a/src/charon-tkm/src/tkm/tkm_spi_generator.c +++ b/src/charon-tkm/src/tkm/tkm_spi_generator.c @@ -25,8 +25,8 @@ */ typedef struct { rng_t *rng; - u_int64_t spi_mask; - u_int64_t spi_label; + uint64_t spi_mask; + uint64_t spi_label; } get_spi_args_t; static get_spi_args_t *spi_args; @@ -37,12 +37,12 @@ static get_spi_args_t *spi_args; * @param this Callback args containing rng_t and spi mask & label * @return labeled SPI */ -CALLBACK(tkm_get_spi, u_int64_t, +CALLBACK(tkm_get_spi, uint64_t, const get_spi_args_t const *this) { - u_int64_t spi; + uint64_t spi; - if (!this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi)) + if (!this->rng->get_bytes(this->rng, sizeof(spi), (uint8_t*)&spi)) { return 0; } @@ -54,7 +54,7 @@ bool tkm_spi_generator_register(plugin_t *plugin, plugin_feature_t *feature, bool reg, void *cb_data) { - u_int64_t spi_mask, spi_label; + uint64_t spi_mask, spi_label; char *spi_val; rng_t *rng; diff --git a/src/charon-tkm/tests/nonceg_tests.c b/src/charon-tkm/tests/nonceg_tests.c index d150891eb..67c1635ef 100644 --- a/src/charon-tkm/tests/nonceg_tests.c +++ b/src/charon-tkm/tests/nonceg_tests.c @@ -37,7 +37,7 @@ START_TEST(test_nonceg_allocate_nonce) tkm_nonceg_t *ng = tkm_nonceg_create(); const size_t length = 256; - u_int8_t zero[length]; + uint8_t zero[length]; memset(zero, 0, length); chunk_t nonce; @@ -61,10 +61,10 @@ START_TEST(test_nonceg_get_nonce) tkm_nonceg_t *ng = tkm_nonceg_create(); const size_t length = 128; - u_int8_t zero[length]; + uint8_t zero[length]; memset(zero, 0, length); - u_int8_t *buf = malloc(length + 1); + uint8_t *buf = malloc(length + 1); memset(buf, 0, length); /* set end marker */ buf[length] = 255; diff --git a/src/charon/Makefile.am b/src/charon/Makefile.am index c6a6f40f9..b78bbd757 100644 --- a/src/charon/Makefile.am +++ b/src/charon/Makefile.am @@ -15,6 +15,6 @@ AM_CPPFLAGS = \ charon_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = Android.mk diff --git a/src/charon/Makefile.in b/src/charon/Makefile.in index b4abeff25..51f62fc37 100644 --- a/src/charon/Makefile.in +++ b/src/charon/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = charon$(EXEEXT) subdir = src/charon -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -107,7 +116,8 @@ am__DEPENDENCIES_1 = charon_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -172,12 +182,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -227,6 +239,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -261,6 +274,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -372,6 +386,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -413,7 +428,7 @@ AM_CPPFLAGS = \ charon_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = Android.mk all: all-am @@ -432,7 +447,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/charon/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -748,6 +762,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + charon.o : $(top_builddir)/config.status diff --git a/src/checksum/Makefile.am b/src/checksum/Makefile.am index 9cc5fb6b2..87bbf9f28 100644 --- a/src/checksum/Makefile.am +++ b/src/checksum/Makefile.am @@ -53,6 +53,11 @@ if USE_LIBPTTLS libs += $(DESTDIR)$(ipseclibdir)/libpttls.so endif +if USE_LIBTPMTSS + deps += $(top_builddir)/src/libtpmtss/libtpmtss.la + libs += $(DESTDIR)$(ipseclibdir)/libtpmtss.so +endif + if USE_LIBTNCCS deps += $(top_builddir)/src/libtnccs/libtnccs.la libs += $(DESTDIR)$(ipseclibdir)/libtnccs.so diff --git a/src/checksum/Makefile.in b/src/checksum/Makefile.in index 2584beb76..ef14d1236 100644 --- a/src/checksum/Makefile.in +++ b/src/checksum/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -88,26 +98,26 @@ EXTRA_PROGRAMS = checksum_builder$(EXEEXT) @USE_RADIUS_TRUE@am__append_7 = $(DESTDIR)$(ipseclibdir)/libradius.so @USE_LIBPTTLS_TRUE@am__append_8 = $(top_builddir)/src/libpttls/libpttls.la @USE_LIBPTTLS_TRUE@am__append_9 = $(DESTDIR)$(ipseclibdir)/libpttls.so -@USE_LIBTNCCS_TRUE@am__append_10 = $(top_builddir)/src/libtnccs/libtnccs.la -@USE_LIBTNCCS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtnccs.so -@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_12 = -DT_PLUGINS=\""${t_plugins}\"" -@USE_SIMAKA_TRUE@am__append_13 = $(top_builddir)/src/libsimaka/libsimaka.la -@USE_SIMAKA_TRUE@am__append_14 = $(DESTDIR)$(ipseclibdir)/libsimaka.so -@USE_IMCV_TRUE@am__append_15 = $(top_builddir)/src/libimcv/libimcv.la -@USE_IMCV_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libimcv.so -@USE_CHARON_TRUE@am__append_17 = $(top_builddir)/src/libcharon/libcharon.la -@USE_CHARON_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libcharon.so -@USE_CHARON_TRUE@am__append_19 = $(DESTDIR)$(ipsecdir)/charon -@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_20 = -DC_PLUGINS=\""${c_plugins}\"" -@USE_CMD_TRUE@am__append_21 = $(DESTDIR)$(sbindir)/charon-cmd -@USE_SCEPCLIENT_TRUE@am__append_22 = $(DESTDIR)$(ipsecdir)/scepclient -@USE_PKI_TRUE@am__append_23 = $(DESTDIR)$(bindir)/pki -@USE_SWANCTL_TRUE@am__append_24 = $(DESTDIR)$(sbindir)/swanctl -@USE_ATTR_SQL_TRUE@am__append_25 = $(DESTDIR)$(ipsecdir)/pool -@USE_IMV_ATTESTATION_TRUE@am__append_26 = $(DESTDIR)$(ipsecdir)/attest +@USE_LIBTPMTSS_TRUE@am__append_10 = $(top_builddir)/src/libtpmtss/libtpmtss.la +@USE_LIBTPMTSS_TRUE@am__append_11 = $(DESTDIR)$(ipseclibdir)/libtpmtss.so +@USE_LIBTNCCS_TRUE@am__append_12 = $(top_builddir)/src/libtnccs/libtnccs.la +@USE_LIBTNCCS_TRUE@am__append_13 = $(DESTDIR)$(ipseclibdir)/libtnccs.so +@MONOLITHIC_FALSE@@USE_LIBTNCCS_TRUE@am__append_14 = -DT_PLUGINS=\""${t_plugins}\"" +@USE_SIMAKA_TRUE@am__append_15 = $(top_builddir)/src/libsimaka/libsimaka.la +@USE_SIMAKA_TRUE@am__append_16 = $(DESTDIR)$(ipseclibdir)/libsimaka.so +@USE_IMCV_TRUE@am__append_17 = $(top_builddir)/src/libimcv/libimcv.la +@USE_IMCV_TRUE@am__append_18 = $(DESTDIR)$(ipseclibdir)/libimcv.so +@USE_CHARON_TRUE@am__append_19 = $(top_builddir)/src/libcharon/libcharon.la +@USE_CHARON_TRUE@am__append_20 = $(DESTDIR)$(ipseclibdir)/libcharon.so +@USE_CHARON_TRUE@am__append_21 = $(DESTDIR)$(ipsecdir)/charon +@MONOLITHIC_FALSE@@USE_CHARON_TRUE@am__append_22 = -DC_PLUGINS=\""${c_plugins}\"" +@USE_CMD_TRUE@am__append_23 = $(DESTDIR)$(sbindir)/charon-cmd +@USE_SCEPCLIENT_TRUE@am__append_24 = $(DESTDIR)$(ipsecdir)/scepclient +@USE_PKI_TRUE@am__append_25 = $(DESTDIR)$(bindir)/pki +@USE_SWANCTL_TRUE@am__append_26 = $(DESTDIR)$(sbindir)/swanctl +@USE_ATTR_SQL_TRUE@am__append_27 = $(DESTDIR)$(ipsecdir)/pool +@USE_IMV_ATTESTATION_TRUE@am__append_28 = $(DESTDIR)$(ipsecdir)/attest subdir = src/checksum -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -121,6 +131,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -236,12 +247,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -291,6 +304,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -325,6 +339,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -436,6 +451,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -481,7 +497,7 @@ CLEANFILES = checksum.c $(EXTRA_PROGRAMS) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libcharon \ -DPLUGINDIR=\"${DESTDIR}${plugindir}\" $(am__append_1) \ - $(am__append_12) $(am__append_20) + $(am__append_14) $(am__append_22) AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -491,15 +507,15 @@ AM_CFLAGS = \ # as these are not relinked during installation. deps = $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__append_2) $(am__append_4) $(am__append_6) \ - $(am__append_8) $(am__append_10) $(am__append_13) \ - $(am__append_15) $(am__append_17) + $(am__append_8) $(am__append_10) $(am__append_12) \ + $(am__append_15) $(am__append_17) $(am__append_19) libs = $(DESTDIR)$(ipseclibdir)/libstrongswan.so $(am__append_3) \ $(am__append_5) $(am__append_7) $(am__append_9) \ - $(am__append_11) $(am__append_14) $(am__append_16) \ - $(am__append_18) -exes = $(am__append_19) $(am__append_21) $(am__append_22) \ - $(am__append_23) $(am__append_24) $(am__append_25) \ - $(am__append_26) + $(am__append_11) $(am__append_13) $(am__append_16) \ + $(am__append_18) $(am__append_20) +exes = $(am__append_21) $(am__append_23) $(am__append_24) \ + $(am__append_25) $(am__append_26) $(am__append_27) \ + $(am__append_28) all: all-am .SUFFIXES: @@ -516,7 +532,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/checksum/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/checksum/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -827,6 +842,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES tags tags-am uninstall uninstall-am uninstall-hook \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + checksum.c : checksum_builder $(deps) $(exes) ./checksum_builder $(libs) $(exes) > checksum.c diff --git a/src/checksum/checksum_builder.c b/src/checksum/checksum_builder.c index 65399f5bc..e8998d5a7 100644 --- a/src/checksum/checksum_builder.c +++ b/src/checksum/checksum_builder.c @@ -33,7 +33,7 @@ integrity_checker_t *integrity; static void build_checksum(char *path, char *name, char *sname) { void *handle, *symbol; - u_int32_t fsum, ssum; + uint32_t fsum, ssum; size_t fsize = 0; size_t ssize = 0; diff --git a/src/conftest/Makefile.am b/src/conftest/Makefile.am index 2d4e439da..4e4e0beff 100644 --- a/src/conftest/Makefile.am +++ b/src/conftest/Makefile.am @@ -20,6 +20,6 @@ conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ conftest_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = README diff --git a/src/conftest/Makefile.in b/src/conftest/Makefile.in index f5647f9d9..7b499897c 100644 --- a/src/conftest/Makefile.in +++ b/src/conftest/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = conftest$(EXEEXT) subdir = src/conftest -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -121,7 +130,8 @@ am__DEPENDENCIES_1 = conftest_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -186,12 +196,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -241,6 +253,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -275,6 +288,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -386,6 +400,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -433,7 +448,7 @@ conftest_SOURCES = conftest.c conftest.h config.c config.h actions.c actions.h \ conftest_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ - -lm $(PTHREADLIB) $(DLLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) EXTRA_DIST = README all: all-am @@ -452,7 +467,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/conftest/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/conftest/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -848,6 +862,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/conftest/actions.c b/src/conftest/actions.c index 256b63d1b..36c3c8e74 100644 --- a/src/conftest/actions.c +++ b/src/conftest/actions.c @@ -117,7 +117,7 @@ static job_requeue_t rekey_child(char *config) enumerator_t *enumerator, *children; ike_sa_t *ike_sa; child_sa_t *child_sa; - u_int32_t spi, proto; + uint32_t spi, proto; host_t *dst = NULL; enumerator = charon->controller->create_ike_sa_enumerator( diff --git a/src/conftest/config.c b/src/conftest/config.c index c83db7ecd..06a685047 100644 --- a/src/conftest/config.c +++ b/src/conftest/config.c @@ -139,25 +139,23 @@ static ike_cfg_t *load_ike_config(private_config_t *this, static child_cfg_t *load_child_config(private_config_t *this, settings_t *settings, char *config, char *child) { + child_cfg_create_t data = { + .mode = MODE_TUNNEL, + }; child_cfg_t *child_cfg; - lifetime_cfg_t lifetime = {}; enumerator_t *enumerator; proposal_t *proposal; traffic_selector_t *ts; - ipsec_mode_t mode = MODE_TUNNEL; char *token; - u_int32_t tfc; if (settings->get_bool(settings, "configs.%s.%s.transport", FALSE, config, child)) { - mode = MODE_TRANSPORT; + data.mode = MODE_TRANSPORT; } - tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding", - 0, config, child); - child_cfg = child_cfg_create(child, &lifetime, NULL, FALSE, mode, - ACTION_NONE, ACTION_NONE, ACTION_NONE, - FALSE, 0, 0, NULL, NULL, tfc); + data.tfc = settings->get_int(settings, "configs.%s.%s.tfc_padding", + 0, config, child); + child_cfg = child_cfg_create(child, &data); token = settings->get_str(settings, "configs.%s.%s.proposal", NULL, config, child); @@ -249,11 +247,15 @@ static peer_cfg_t *load_peer_config(private_config_t *this, identification_t *lid, *rid; char *child, *policy, *pool; uintptr_t strength; + peer_cfg_create_t peer = { + .cert_policy = CERT_ALWAYS_SEND, + .unique = UNIQUE_NO, + .keyingtries = 1, + .no_mobike = TRUE, + }; ike_cfg = load_ike_config(this, settings, config); - peer_cfg = peer_cfg_create(config, ike_cfg, CERT_ALWAYS_SEND, - UNIQUE_NO, 1, 0, 0, 0, 0, FALSE, FALSE, TRUE, - 0, 0, FALSE, NULL, NULL); + peer_cfg = peer_cfg_create(config, ike_cfg, &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); diff --git a/src/conftest/hooks/custom_proposal.c b/src/conftest/hooks/custom_proposal.c index ee4404575..c4f8385c0 100644 --- a/src/conftest/hooks/custom_proposal.c +++ b/src/conftest/hooks/custom_proposal.c @@ -52,7 +52,7 @@ struct private_custom_proposal_t { * Load custom proposal configuration to proposal list */ static linked_list_t* load_proposals(private_custom_proposal_t *this, - protocol_id_t proto, u_int64_t spi) + protocol_id_t proto, uint64_t spi) { enumerator_t *props, *algs; char *number, *key, *value; @@ -65,7 +65,7 @@ static linked_list_t* load_proposals(private_custom_proposal_t *this, { const proposal_token_t *token = NULL; proposal_t *proposal; - u_int16_t type, alg, keysize = 0; + uint16_t type, alg, keysize = 0; char *end; proposal = proposal_create(proto, atoi(number)); diff --git a/src/conftest/hooks/log_proposals.c b/src/conftest/hooks/log_proposals.c index c0d458eae..40629014b 100644 --- a/src/conftest/hooks/log_proposals.c +++ b/src/conftest/hooks/log_proposals.c @@ -54,7 +54,7 @@ METHOD(listener_t, message, bool, proposals = list->create_enumerator(list); while (proposals->enumerate(proposals, &proposal)) { - u_int64_t spi = proposal->get_spi(proposal); + uint64_t spi = proposal->get_spi(proposal); if (proposal->get_protocol(proposal) != PROTO_IKE) { diff --git a/src/conftest/hooks/rebuild_auth.c b/src/conftest/hooks/rebuild_auth.c index bc2f00071..42a9cb4e1 100644 --- a/src/conftest/hooks/rebuild_auth.c +++ b/src/conftest/hooks/rebuild_auth.c @@ -67,7 +67,7 @@ static bool rebuild_auth(private_rebuild_auth_t *this, ike_sa_t *ike_sa, char reserved[3]; generator_t *generator; chunk_t data; - u_int32_t *lenpos; + uint32_t *lenpos; payload = message->get_payload(message, message->get_request(message) ? PLV2_ID_INITIATOR : PLV2_ID_RESPONDER); diff --git a/src/conftest/hooks/reset_seq.c b/src/conftest/hooks/reset_seq.c index 717bcdbb9..93c61438e 100644 --- a/src/conftest/hooks/reset_seq.c +++ b/src/conftest/hooks/reset_seq.c @@ -154,7 +154,7 @@ static job_requeue_t reset_cb(struct reset_cb_data_t *data) * Schedule sequence number reset job */ static void schedule_reset_job(private_reset_seq_t *this, host_t *dst, - u_int32_t spi) + uint32_t spi) { struct reset_cb_data_t *data; chunk_t chunk; diff --git a/src/conftest/hooks/set_ike_spi.c b/src/conftest/hooks/set_ike_spi.c index bda02580d..cc4d5afe4 100644 --- a/src/conftest/hooks/set_ike_spi.c +++ b/src/conftest/hooks/set_ike_spi.c @@ -42,12 +42,12 @@ struct private_set_ike_spi_t { /** * Initiator SPI */ - u_int64_t spii; + uint64_t spii; /** * Responder SPI */ - u_int64_t spir; + uint64_t spir; }; METHOD(listener_t, message, bool, diff --git a/src/conftest/hooks/set_length.c b/src/conftest/hooks/set_length.c index b1a1a4723..7f6415841 100644 --- a/src/conftest/hooks/set_length.c +++ b/src/conftest/hooks/set_length.c @@ -75,7 +75,7 @@ METHOD(listener_t, message, bool, if (type == payload->get_type(payload)) { encoding_rule_t *rules; - u_int16_t *len; + uint16_t *len; int i, count; count = payload->get_encoding_rules(payload, &rules); @@ -83,7 +83,7 @@ METHOD(listener_t, message, bool, { if (rules[i].type == PAYLOAD_LENGTH) { - len = (u_int16_t*)(((void*)payload) + rules[i].offset); + len = (uint16_t*)(((void*)payload) + rules[i].offset); DBG1(DBG_CFG, "adjusting length of %N payload " "from %d to %d", payload_type_short_names, type, *len, *len + this->diff); diff --git a/src/conftest/hooks/set_proposal_number.c b/src/conftest/hooks/set_proposal_number.c index 4e572d608..dd814ad15 100644 --- a/src/conftest/hooks/set_proposal_number.c +++ b/src/conftest/hooks/set_proposal_number.c @@ -57,7 +57,7 @@ static void copy_proposal_algs(proposal_t *from, proposal_t *to, transform_type_t type) { enumerator_t *enumerator; - u_int16_t alg, key_size; + uint16_t alg, key_size; enumerator = from->create_enumerator(from, type); while (enumerator->enumerate(enumerator, &alg, &key_size)) diff --git a/src/conftest/hooks/set_reserved.c b/src/conftest/hooks/set_reserved.c index 488e8df1c..7ce6f1b88 100644 --- a/src/conftest/hooks/set_reserved.c +++ b/src/conftest/hooks/set_reserved.c @@ -85,11 +85,11 @@ static void set_bit(private_set_reserved_t *this, message_t *message, * Set reserved byte of a payload */ static void set_byte(private_set_reserved_t *this, message_t *message, - payload_type_t type, u_int nr, u_int8_t byteval) + payload_type_t type, u_int nr, uint8_t byteval) { enumerator_t *payloads; payload_t *payload; - u_int8_t *byte; + uint8_t *byte; if (type == PLV2_TRANSFORM_SUBSTRUCTURE || type == PLV2_PROPOSAL_SUBSTRUCTURE) { @@ -172,7 +172,7 @@ METHOD(listener_t, message, bool, enumerator_t *bits, *bytes, *types; payload_type_t type; char *nr, *name; - u_int8_t byteval; + uint8_t byteval; types = conftest->test->create_section_enumerator(conftest->test, "hooks.%s", this->name); diff --git a/src/dumm/Makefile.in b/src/dumm/Makefile.in index 6525fbcb4..d3bb11f61 100644 --- a/src/dumm/Makefile.in +++ b/src/dumm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = dumm$(EXEEXT) irdumm$(EXEEXT) subdir = src/dumm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -208,12 +217,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -263,6 +274,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -297,6 +309,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -408,6 +421,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -472,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/dumm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/dumm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -841,6 +854,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-ipseclibLTLIBRARIES tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + all-local: ext diff --git a/src/dumm/mconsole.c b/src/dumm/mconsole.c index 54c4fe395..4563d6f9e 100644 --- a/src/dumm/mconsole.c +++ b/src/dumm/mconsole.c @@ -54,9 +54,9 @@ struct private_mconsole_t { typedef struct mconsole_request mconsole_request; /** mconsole request message */ struct mconsole_request { - u_int32_t magic; - u_int32_t version; - u_int32_t len; + uint32_t magic; + uint32_t version; + uint32_t len; char data[MCONSOLE_MAX_DATA]; }; @@ -64,24 +64,24 @@ struct mconsole_request { typedef struct mconsole_reply mconsole_reply; /** mconsole reply message */ struct mconsole_reply { - u_int32_t err; - u_int32_t more; - u_int32_t len; + uint32_t err; + uint32_t more; + uint32_t len; char data[MCONSOLE_MAX_DATA]; }; typedef struct mconsole_notify mconsole_notify; /** mconsole notify message */ struct mconsole_notify { - u_int32_t magic; - u_int32_t version; + uint32_t magic; + uint32_t version; enum { MCONSOLE_SOCKET, MCONSOLE_PANIC, MCONSOLE_HANG, MCONSOLE_USER_NOTIFY, } type; - u_int32_t len; + uint32_t len; char data[MCONSOLE_MAX_DATA]; }; diff --git a/src/include/Makefile.in b/src/include/Makefile.in index 9f4becb40..c909af9a1 100644 --- a/src/include/Makefile.in +++ b/src/include/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/include -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -362,7 +377,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/include/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/include/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -537,6 +551,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/include/linux/pfkeyv2.h b/src/include/linux/pfkeyv2.h index 7379d1a94..7a1e995a3 100644 --- a/src/include/linux/pfkeyv2.h +++ b/src/include/linux/pfkeyv2.h @@ -159,7 +159,7 @@ struct sadb_spirange { struct sadb_x_kmprivate { uint16_t sadb_x_kmprivate_len; uint16_t sadb_x_kmprivate_exttype; - u_int32_t sadb_x_kmprivate_reserved; + uint32_t sadb_x_kmprivate_reserved; } __attribute__((packed)); /* sizeof(struct sadb_x_kmprivate) == 8 */ diff --git a/src/ipsec/Makefile.in b/src/ipsec/Makefile.in index 72022ed56..c4cb5af4c 100644 --- a/src/ipsec/Makefile.in +++ b/src/ipsec/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/ipsec -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(dist_man8_MANS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -150,12 +159,14 @@ man8dir = $(mandir)/man8 NROFF = nroff MANS = $(dist_man8_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(dist_man8_MANS) $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -205,6 +216,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -239,6 +251,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -350,6 +363,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -397,7 +411,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/ipsec/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/ipsec/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -660,6 +673,8 @@ uninstall-man: uninstall-man8 ps ps-am tags-am uninstall uninstall-am uninstall-hook \ uninstall-man uninstall-man8 uninstall-sbinSCRIPTS +.PRECIOUS: Makefile + _ipsec.8 : _ipsec.8.in $(AM_V_GEN) \ diff --git a/src/ipsec/_ipsec.8 b/src/ipsec/_ipsec.8 index 686c1ce80..b0acc6c0c 100644 --- a/src/ipsec/_ipsec.8 +++ b/src/ipsec/_ipsec.8 @@ -1,4 +1,4 @@ -.TH IPSEC 8 "2013-10-29" "5.4.0rc1" "strongSwan" +.TH IPSEC 8 "2013-10-29" "5.5.0rc1" "strongSwan" . .SH NAME . diff --git a/src/libcharon/Android.mk b/src/libcharon/Android.mk index 55e6bc58b..4f3d78c6d 100644 --- a/src/libcharon/Android.mk +++ b/src/libcharon/Android.mk @@ -10,6 +10,7 @@ attributes/mem_pool.c attributes/mem_pool.h \ bus/bus.c bus/bus.h \ bus/listeners/listener.h \ bus/listeners/logger.h \ +bus/listeners/custom_logger.h \ bus/listeners/file_logger.c bus/listeners/file_logger.h \ config/backend_manager.c config/backend_manager.h config/backend.h \ config/child_cfg.c config/child_cfg.h \ diff --git a/src/libcharon/Makefile.am b/src/libcharon/Makefile.am index 9f0707813..550f6eb9c 100644 --- a/src/libcharon/Makefile.am +++ b/src/libcharon/Makefile.am @@ -154,12 +154,15 @@ AM_CPPFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_LDFLAGS = \ -no-undefined libcharon_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lm $(PTHREADLIB) $(DLLIB) $(SOCKLIB) + -lm $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) $(SOCKLIB) if USE_WINDOWS libcharon_la_LIBADD += -lws2_32 diff --git a/src/libcharon/Makefile.in b/src/libcharon/Makefile.in index 2ccae216e..3ea9b8089 100644 --- a/src/libcharon/Makefile.in +++ b/src/libcharon/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -284,8 +294,6 @@ host_triplet = @host@ @USE_ATTR_SQL_TRUE@am__append_146 = plugins/attr_sql @MONOLITHIC_TRUE@@USE_ATTR_SQL_TRUE@am__append_147 = plugins/attr_sql/libstrongswan-attr-sql.la subdir = src/libcharon -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -299,6 +307,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -336,31 +345,32 @@ am__DEPENDENCIES_1 = libcharon_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_7) \ - $(am__append_9) $(am__append_11) $(am__append_13) \ - $(am__append_15) $(am__append_17) $(am__append_19) \ - $(am__append_21) $(am__append_23) $(am__append_25) \ - $(am__append_27) $(am__append_29) $(am__append_31) \ - $(am__append_33) $(am__append_35) $(am__append_37) \ - $(am__append_39) $(am__append_41) $(am__append_43) \ - $(am__append_45) $(am__append_47) $(am__append_49) \ - $(am__append_51) $(am__append_53) $(am__append_54) \ - $(am__append_56) $(am__append_58) $(am__append_60) \ - $(am__append_62) $(am__append_64) $(am__append_66) \ - $(am__append_68) $(am__append_70) $(am__append_72) \ - $(am__append_73) $(am__append_74) $(am__append_76) \ - $(am__append_78) $(am__append_79) $(am__append_81) \ - $(am__append_83) $(am__append_85) $(am__append_87) \ - $(am__append_89) $(am__append_91) $(am__append_93) \ - $(am__append_95) $(am__append_97) $(am__append_99) \ - $(am__append_101) $(am__append_103) $(am__append_105) \ - $(am__append_107) $(am__append_109) $(am__append_111) \ - $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) $(am__append_123) \ - $(am__append_125) $(am__append_127) $(am__append_129) \ - $(am__append_131) $(am__append_133) $(am__append_135) \ - $(am__append_137) $(am__append_139) $(am__append_141) \ - $(am__append_143) $(am__append_145) $(am__append_147) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__append_7) $(am__append_9) \ + $(am__append_11) $(am__append_13) $(am__append_15) \ + $(am__append_17) $(am__append_19) $(am__append_21) \ + $(am__append_23) $(am__append_25) $(am__append_27) \ + $(am__append_29) $(am__append_31) $(am__append_33) \ + $(am__append_35) $(am__append_37) $(am__append_39) \ + $(am__append_41) $(am__append_43) $(am__append_45) \ + $(am__append_47) $(am__append_49) $(am__append_51) \ + $(am__append_53) $(am__append_54) $(am__append_56) \ + $(am__append_58) $(am__append_60) $(am__append_62) \ + $(am__append_64) $(am__append_66) $(am__append_68) \ + $(am__append_70) $(am__append_72) $(am__append_73) \ + $(am__append_74) $(am__append_76) $(am__append_78) \ + $(am__append_79) $(am__append_81) $(am__append_83) \ + $(am__append_85) $(am__append_87) $(am__append_89) \ + $(am__append_91) $(am__append_93) $(am__append_95) \ + $(am__append_97) $(am__append_99) $(am__append_101) \ + $(am__append_103) $(am__append_105) $(am__append_107) \ + $(am__append_109) $(am__append_111) $(am__append_113) \ + $(am__append_115) $(am__append_117) $(am__append_119) \ + $(am__append_121) $(am__append_123) $(am__append_125) \ + $(am__append_127) $(am__append_129) $(am__append_131) \ + $(am__append_133) $(am__append_135) $(am__append_137) \ + $(am__append_139) $(am__append_141) $(am__append_143) \ + $(am__append_145) $(am__append_147) am__libcharon_la_SOURCES_DIST = attributes/attributes.c \ attributes/attributes.h attributes/attribute_provider.h \ attributes/attribute_handler.h attributes/attribute_manager.c \ @@ -747,6 +757,7 @@ DIST_SUBDIRS = . plugins/load_tester plugins/socket_default \ plugins/xauth_generic plugins/xauth_eap plugins/xauth_pam \ plugins/xauth_noauth plugins/resolve plugins/attr \ plugins/attr_sql tests +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -778,6 +789,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -827,6 +839,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -861,6 +874,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -972,6 +986,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -1112,12 +1127,15 @@ AM_CPPFLAGS = \ -DIPSEC_DIR=\"${ipsecdir}\" \ -DIPSEC_PIDDIR=\"${piddir}\" +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_LDFLAGS = \ -no-undefined libcharon_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la -lm \ - $(PTHREADLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) \ + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) $(SOCKLIB) $(am__append_4) \ $(am__append_7) $(am__append_9) $(am__append_11) \ $(am__append_13) $(am__append_15) $(am__append_17) \ $(am__append_19) $(am__append_21) $(am__append_23) \ @@ -1233,7 +1251,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -2231,6 +2248,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + daemon.lo : $(top_builddir)/config.status diff --git a/src/libcharon/attributes/mem_pool.c b/src/libcharon/attributes/mem_pool.c index 833c3e950..a2b7c2803 100644 --- a/src/libcharon/attributes/mem_pool.c +++ b/src/libcharon/attributes/mem_pool.c @@ -142,7 +142,7 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset) { chunk_t addr; host_t *host; - u_int32_t *pos; + uint32_t *pos; offset--; if (offset > pool->size) @@ -153,11 +153,11 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset) addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { - pos = (u_int32_t*)(addr.ptr + 12); + pos = (uint32_t*)(addr.ptr + 12); } else { - pos = (u_int32_t*)addr.ptr; + pos = (uint32_t*)addr.ptr; } *pos = htonl(offset + ntohl(*pos)); host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0); @@ -171,7 +171,7 @@ static host_t* offset2host(private_mem_pool_t *pool, int offset) static int host2offset(private_mem_pool_t *pool, host_t *addr) { chunk_t host, base; - u_int32_t hosti, basei; + uint32_t hosti, basei; if (addr->get_family(addr) != pool->base->get_family(pool->base)) { @@ -189,8 +189,8 @@ static int host2offset(private_mem_pool_t *pool, host_t *addr) host = chunk_skip(host, 12); base = chunk_skip(base, 12); } - hosti = ntohl(*(u_int32_t*)(host.ptr)); - basei = ntohl(*(u_int32_t*)(base.ptr)); + hosti = ntohl(*(uint32_t*)(host.ptr)); + basei = ntohl(*(uint32_t*)(base.ptr)); if (hosti > basei + pool->size) { return -1; @@ -634,7 +634,7 @@ static private_mem_pool_t *create_generic(char *name) */ static u_int network_id_diff(host_t *host, int hostbits) { - u_int32_t last; + uint32_t last; chunk_t addr; if (!hostbits) @@ -705,7 +705,7 @@ mem_pool_t *mem_pool_create_range(char *name, host_t *from, host_t *to) { private_mem_pool_t *this; chunk_t fromaddr, toaddr; - u_int32_t diff; + uint32_t diff; fromaddr = from->get_address(from); toaddr = to->get_address(to); diff --git a/src/libcharon/bus/bus.c b/src/libcharon/bus/bus.c index 53ded6be7..e17d629d2 100644 --- a/src/libcharon/bus/bus.c +++ b/src/libcharon/bus/bus.c @@ -688,7 +688,7 @@ METHOD(bus_t, child_rekey, void, } METHOD(bus_t, children_migrate, void, - private_bus_t *this, ike_sa_id_t *new, u_int32_t unique) + private_bus_t *this, ike_sa_id_t *new, uint32_t unique) { enumerator_t *enumerator; ike_sa_t *ike_sa; diff --git a/src/libcharon/bus/bus.h b/src/libcharon/bus/bus.h index b6757b140..305cbe4ae 100644 --- a/src/libcharon/bus/bus.h +++ b/src/libcharon/bus/bus.h @@ -101,9 +101,13 @@ enum alert_t { /** received IKE message with invalid body, argument is message_t*, * followed by a status_t result returned by message_t.parse_body(). */ ALERT_PARSE_ERROR_BODY, - /** sending a retransmit for a message, argument is packet_t, if the message - * got fragmented only the first fragment is passed */ + /** sending a retransmit for a message, arguments are packet_t and number + * of the retransmit, if the message got fragmented only the first fragment + * is passed */ ALERT_RETRANSMIT_SEND, + /** received response for retransmitted request, argument is packet_t, if + * the message got fragmented only the first fragment is passed */ + ALERT_RETRANSMIT_SEND_CLEARED, /** sending retransmits timed out, argument is packet_t, if available and if * the message got fragmented only the first fragment is passed */ ALERT_RETRANSMIT_SEND_TIMEOUT, @@ -432,7 +436,7 @@ struct bus_t { * @param new ID of new SA when called for the old, NULL otherwise * @param uniue unique ID of new SA when called for the old, 0 otherwise */ - void (*children_migrate)(bus_t *this, ike_sa_id_t *new, u_int32_t unique); + void (*children_migrate)(bus_t *this, ike_sa_id_t *new, uint32_t unique); /** * Virtual IP assignment hook. diff --git a/src/libcharon/bus/listeners/listener.h b/src/libcharon/bus/listeners/listener.h index c7a8d8d1e..be2726ede 100644 --- a/src/libcharon/bus/listeners/listener.h +++ b/src/libcharon/bus/listeners/listener.h @@ -200,7 +200,7 @@ struct listener_t { * @return TRUE to stay registered, FALSE to unregister */ bool (*children_migrate)(listener_t *this, ike_sa_t *ike_sa, - ike_sa_id_t *new, u_int32_t unique); + ike_sa_id_t *new, uint32_t unique); /** * Hook called to invoke additional authorization rules. diff --git a/src/libcharon/config/child_cfg.c b/src/libcharon/config/child_cfg.c index 3d3c7419b..76d7f2c58 100644 --- a/src/libcharon/config/child_cfg.c +++ b/src/libcharon/config/child_cfg.c @@ -1,8 +1,9 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -110,12 +111,12 @@ struct private_child_cfg_t { /** * Inactivity timeout */ - u_int32_t inactivity; + uint32_t inactivity; /** * Reqid to install CHILD_SA with */ - u_int32_t reqid; + uint32_t reqid; /** * Optional mark to install inbound CHILD_SA with @@ -130,7 +131,17 @@ struct private_child_cfg_t { /** * Traffic Flow Confidentiality padding, if enabled */ - u_int32_t tfc; + uint32_t tfc; + + /** + * Optional manually-set IPsec policy priorities + */ + uint32_t manual_prio; + + /** + * Optional restriction of IPsec policy to a given network interface + */ + char *interface; /** * set up IPsec transport SA in MIPv6 proxy mode @@ -145,7 +156,7 @@ struct private_child_cfg_t { /** * anti-replay window size */ - u_int32_t replay_window; + uint32_t replay_window; }; METHOD(child_cfg_t, get_name, char*, @@ -200,25 +211,40 @@ METHOD(child_cfg_t, get_proposals, linked_list_t*, METHOD(child_cfg_t, select_proposal, proposal_t*, private_child_cfg_t*this, linked_list_t *proposals, bool strip_dh, - bool private) + bool private, bool prefer_self) { - enumerator_t *stored_enum, *supplied_enum; - proposal_t *stored, *supplied, *selected = NULL; + enumerator_t *prefer_enum, *match_enum; + proposal_t *proposal, *match, *selected = NULL; - stored_enum = this->proposals->create_enumerator(this->proposals); - supplied_enum = proposals->create_enumerator(proposals); + if (prefer_self) + { + prefer_enum = this->proposals->create_enumerator(this->proposals); + match_enum = proposals->create_enumerator(proposals); + } + else + { + prefer_enum = proposals->create_enumerator(proposals); + match_enum = this->proposals->create_enumerator(this->proposals); + } - /* compare all stored proposals with all supplied. Stored ones are preferred. */ - while (stored_enum->enumerate(stored_enum, &stored)) + while (prefer_enum->enumerate(prefer_enum, &proposal)) { - stored = stored->clone(stored); - while (supplied_enum->enumerate(supplied_enum, &supplied)) + proposal = proposal->clone(proposal); + if (prefer_self) + { + proposals->reset_enumerator(proposals, match_enum); + } + else + { + this->proposals->reset_enumerator(this->proposals, match_enum); + } + while (match_enum->enumerate(match_enum, &match)) { if (strip_dh) { - stored->strip_dh(stored, MODP_NONE); + proposal->strip_dh(proposal, MODP_NONE); } - selected = stored->select(stored, supplied, private); + selected = proposal->select(proposal, match, private); if (selected) { DBG2(DBG_CFG, "received proposals: %#P", proposals); @@ -227,17 +253,15 @@ METHOD(child_cfg_t, select_proposal, proposal_t*, break; } } - stored->destroy(stored); + proposal->destroy(proposal); if (selected) { break; } - supplied_enum->destroy(supplied_enum); - supplied_enum = proposals->create_enumerator(proposals); } - stored_enum->destroy(stored_enum); - supplied_enum->destroy(supplied_enum); - if (selected == NULL) + prefer_enum->destroy(prefer_enum); + match_enum->destroy(match_enum); + if (!selected) { DBG1(DBG_CFG, "received proposals: %#P", proposals); DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); @@ -405,7 +429,7 @@ METHOD(child_cfg_t, get_hostaccess, bool, * Note: The distribution of random values is not perfect, but it * should get the job done. */ -static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) +static uint64_t apply_jitter(uint64_t rekey, uint64_t jitter) { if (jitter == 0) { @@ -417,10 +441,14 @@ static u_int64_t apply_jitter(u_int64_t rekey, u_int64_t jitter) #define APPLY_JITTER(l) l.rekey = apply_jitter(l.rekey, l.jitter) METHOD(child_cfg_t, get_lifetime, lifetime_cfg_t*, - private_child_cfg_t *this) + private_child_cfg_t *this, bool jitter) { lifetime_cfg_t *lft = malloc_thing(lifetime_cfg_t); memcpy(lft, &this->lifetime, sizeof(lifetime_cfg_t)); + if (!jitter) + { + lft->time.jitter = lft->bytes.jitter = lft->packets.jitter = 0; + } APPLY_JITTER(lft->time); APPLY_JITTER(lft->bytes); APPLY_JITTER(lft->packets); @@ -456,7 +484,7 @@ METHOD(child_cfg_t, get_dh_group, diffie_hellman_group_t, { enumerator_t *enumerator; proposal_t *proposal; - u_int16_t dh_group = MODP_NONE; + uint16_t dh_group = MODP_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) @@ -476,13 +504,13 @@ METHOD(child_cfg_t, use_ipcomp, bool, return this->use_ipcomp; } -METHOD(child_cfg_t, get_inactivity, u_int32_t, +METHOD(child_cfg_t, get_inactivity, uint32_t, private_child_cfg_t *this) { return this->inactivity; } -METHOD(child_cfg_t, get_reqid, u_int32_t, +METHOD(child_cfg_t, get_reqid, uint32_t, private_child_cfg_t *this) { return this->reqid; @@ -494,29 +522,34 @@ METHOD(child_cfg_t, get_mark, mark_t, return inbound ? this->mark_in : this->mark_out; } -METHOD(child_cfg_t, get_tfc, u_int32_t, +METHOD(child_cfg_t, get_tfc, uint32_t, private_child_cfg_t *this) { return this->tfc; } -METHOD(child_cfg_t, get_replay_window, u_int32_t, +METHOD(child_cfg_t, get_manual_prio, uint32_t, private_child_cfg_t *this) { - return this->replay_window; + return this->manual_prio; } -METHOD(child_cfg_t, set_replay_window, void, - private_child_cfg_t *this, u_int32_t replay_window) +METHOD(child_cfg_t, get_interface, char*, + private_child_cfg_t *this) { - this->replay_window = replay_window; + return this->interface; +} + +METHOD(child_cfg_t, get_replay_window, uint32_t, + private_child_cfg_t *this) +{ + return this->replay_window; } -METHOD(child_cfg_t, set_mipv6_options, void, - private_child_cfg_t *this, bool proxy_mode, bool install_policy) +METHOD(child_cfg_t, set_replay_window, void, + private_child_cfg_t *this, uint32_t replay_window) { - this->proxy_mode = proxy_mode; - this->install_policy = install_policy; + this->replay_window = replay_window; } METHOD(child_cfg_t, use_proxy_mode, bool, @@ -532,7 +565,7 @@ METHOD(child_cfg_t, install_policy, bool, } #define LT_PART_EQUALS(a, b) ({ a.life == b.life && a.rekey == b.rekey && a.jitter == b.jitter; }) -#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) +#define LIFETIME_EQUALS(a, b) ({ LT_PART_EQUALS(a.time, b.time) && LT_PART_EQUALS(a.bytes, b.bytes) && LT_PART_EQUALS(a.packets, b.packets); }) METHOD(child_cfg_t, equals, bool, private_child_cfg_t *this, child_cfg_t *other_pub) @@ -576,10 +609,12 @@ METHOD(child_cfg_t, equals, bool, this->mark_out.value == other->mark_out.value && this->mark_out.mask == other->mark_out.mask && this->tfc == other->tfc && + this->manual_prio == other->manual_prio && this->replay_window == other->replay_window && this->proxy_mode == other->proxy_mode && this->install_policy == other->install_policy && - streq(this->updown, other->updown); + streq(this->updown, other->updown) && + streq(this->interface, other->interface); } METHOD(child_cfg_t, get_ref, child_cfg_t*, @@ -597,10 +632,8 @@ METHOD(child_cfg_t, destroy, void, this->proposals->destroy_offset(this->proposals, offsetof(proposal_t, destroy)); this->my_ts->destroy_offset(this->my_ts, offsetof(traffic_selector_t, destroy)); this->other_ts->destroy_offset(this->other_ts, offsetof(traffic_selector_t, destroy)); - if (this->updown) - { - free(this->updown); - } + free(this->updown); + free(this->interface); free(this->name); free(this); } @@ -609,12 +642,7 @@ METHOD(child_cfg_t, destroy, void, /* * Described in header-file */ -child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, - char *updown, bool hostaccess, - ipsec_mode_t mode, action_t start_action, - action_t dpd_action, action_t close_action, - bool ipcomp, u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out, u_int32_t tfc) +child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data) { private_child_cfg_t *this; @@ -634,12 +662,13 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .get_close_action = _get_close_action, .get_lifetime = _get_lifetime, .get_dh_group = _get_dh_group, - .set_mipv6_options = _set_mipv6_options, .use_ipcomp = _use_ipcomp, .get_inactivity = _get_inactivity, .get_reqid = _get_reqid, .get_mark = _get_mark, .get_tfc = _get_tfc, + .get_manual_prio = _get_manual_prio, + .get_interface = _get_interface, .get_replay_window = _get_replay_window, .set_replay_window = _set_replay_window, .use_proxy_mode = _use_proxy_mode, @@ -649,35 +678,30 @@ child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, .destroy = _destroy, }, .name = strdup(name), - .updown = strdupnull(updown), - .hostaccess = hostaccess, - .mode = mode, - .start_action = start_action, - .dpd_action = dpd_action, - .close_action = close_action, - .use_ipcomp = ipcomp, - .inactivity = inactivity, - .reqid = reqid, - .proxy_mode = FALSE, - .install_policy = TRUE, + .updown = strdupnull(data->updown), + .hostaccess = data->hostaccess, + .reqid = data->reqid, + .mode = data->mode, + .proxy_mode = data->proxy_mode, + .start_action = data->start_action, + .dpd_action = data->dpd_action, + .close_action = data->close_action, + .mark_in = data->mark_in, + .mark_out = data->mark_out, + .lifetime = data->lifetime, + .inactivity = data->inactivity, + .use_ipcomp = data->ipcomp, + .tfc = data->tfc, + .manual_prio = data->priority, + .interface = strdupnull(data->interface), + .install_policy = !data->suppress_policies, .refcount = 1, .proposals = linked_list_create(), .my_ts = linked_list_create(), .other_ts = linked_list_create(), - .tfc = tfc, .replay_window = lib->settings->get_int(lib->settings, - "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), + "%s.replay_window", DEFAULT_REPLAY_WINDOW, lib->ns), ); - if (mark_in) - { - this->mark_in = *mark_in; - } - if (mark_out) - { - this->mark_out = *mark_out; - } - memcpy(&this->lifetime, lifetime, sizeof(lifetime_cfg_t)); - return &this->public; } diff --git a/src/libcharon/config/child_cfg.h b/src/libcharon/config/child_cfg.h index 22641f77e..e736b2737 100644 --- a/src/libcharon/config/child_cfg.h +++ b/src/libcharon/config/child_cfg.h @@ -1,8 +1,9 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,6 +26,7 @@ typedef enum action_t action_t; typedef struct child_cfg_t child_cfg_t; +typedef struct child_cfg_create_t child_cfg_create_t; #include <library.h> #include <selectors/traffic_selector.h> @@ -98,10 +100,12 @@ struct child_cfg_t { * @param proposals list from which proposals are selected * @param strip_dh TRUE strip out diffie hellman groups * @param private accept algorithms from a private range + * @param prefer_self whether to prefer configured or supplied proposals * @return selected proposal, or NULL if nothing matches */ proposal_t* (*select_proposal)(child_cfg_t*this, linked_list_t *proposals, - bool strip_dh, bool private); + bool strip_dh, bool private, + bool prefer_self); /** * Add a traffic selector to the config. @@ -155,9 +159,10 @@ struct child_cfg_t { * The rekey limits automatically contain a jitter to avoid simultaneous * rekeying. These values will change with each call to this function. * + * @param jitter subtract jitter value to randomize lifetimes * @return lifetime_cfg_t (has to be freed) */ - lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this); + lifetime_cfg_t* (*get_lifetime) (child_cfg_t *this, bool jitter); /** * Get the mode to use for the CHILD_SA. @@ -210,14 +215,14 @@ struct child_cfg_t { * * @return inactivity timeout in s */ - u_int32_t (*get_inactivity)(child_cfg_t *this); + uint32_t (*get_inactivity)(child_cfg_t *this); /** * Specific reqid to use for CHILD_SA. * * @return reqid */ - u_int32_t (*get_reqid)(child_cfg_t *this); + uint32_t (*get_reqid)(child_cfg_t *this); /** * Optional mark for CHILD_SA. @@ -232,30 +237,35 @@ struct child_cfg_t { * * @return TFC padding, 0 to disable, -1 for MTU */ - u_int32_t (*get_tfc)(child_cfg_t *this); + uint32_t (*get_tfc)(child_cfg_t *this); /** - * Get anti-replay window size + * Get optional manually-set IPsec policy priority * - * @return anti-replay window size + * @return manually-set IPsec policy priority (automatic if 0) */ - u_int32_t (*get_replay_window)(child_cfg_t *this); + uint32_t (*get_manual_prio)(child_cfg_t *this); /** - * Set anti-replay window size + * Get optional network interface restricting IPsec policy * - * @param window anti-replay window size + * @return network interface) */ - void (*set_replay_window)(child_cfg_t *this, u_int32_t window); + char* (*get_interface)(child_cfg_t *this); /** - * Sets two options needed for Mobile IPv6 interoperability. + * Get anti-replay window size * - * @param proxy_mode use IPsec transport proxy mode (default FALSE) - * @param install_policy install IPsec kernel policies (default TRUE) + * @return anti-replay window size */ - void (*set_mipv6_options)(child_cfg_t *this, bool proxy_mode, - bool install_policy); + uint32_t (*get_replay_window)(child_cfg_t *this); + + /** + * Set anti-replay window size + * + * @param window anti-replay window size + */ + void (*set_replay_window)(child_cfg_t *this, uint32_t window); /** * Check whether IPsec transport SA should be set up in proxy mode. @@ -297,38 +307,56 @@ struct child_cfg_t { void (*destroy) (child_cfg_t *this); }; + +/** + * Data passed to the constructor of a child_cfg_t object. + */ +struct child_cfg_create_t { + /** Specific reqid to use for CHILD_SA, 0 for auto assignment */ + uint32_t reqid; + /** Optional inbound mark */ + mark_t mark_in; + /** Optional outbound mark */ + mark_t mark_out; + /** Mode to propose for CHILD_SA */ + ipsec_mode_t mode; + /** Use IPsec transport proxy mode */ + bool proxy_mode; + /** Use IPComp, if peer supports it */ + bool ipcomp; + /** TFC padding size, 0 to disable, -1 to pad to PMTU */ + uint32_t tfc; + /** Optional manually-set IPsec policy priority */ + uint32_t priority; + /** Optional network interface restricting IPsec policy (cloned) */ + char *interface; + /** lifetime_cfg_t for this child_cfg */ + lifetime_cfg_t lifetime; + /** Inactivity timeout in s before closing a CHILD_SA */ + uint32_t inactivity; + /** Start action */ + action_t start_action; + /** DPD action */ + action_t dpd_action; + /** Close action */ + action_t close_action; + /** updown script to execute on up/down event (cloned) */ + char *updown; + /** TRUE to allow access to the local host */ + bool hostaccess; + /** Don't install IPsec policies */ + bool suppress_policies; +}; + /** * Create a configuration template for CHILD_SA setup. * - * The "name" string gets cloned. - * - * The lifetime_cfg_t object gets cloned. - * To prevent two peers to start rekeying at the same time, a jitter may be - * specified. Rekeying of an SA starts at (x.rekey - random(0, x.jitter)). - * * After a call to create, a reference is obtained (refcount = 1). * - * @param name name of the child_cfg - * @param lifetime lifetime_cfg_t for this child_cfg - * @param updown updown script to execute on up/down event - * @param hostaccess TRUE to allow access to the local host - * @param mode mode to propose for CHILD_SA, transport, tunnel or BEET - * @param start_action start action - * @param dpd_action DPD action - * @param close_action close action - * @param ipcomp use IPComp, if peer supports it - * @param inactivity inactivity timeout in s before closing a CHILD_SA - * @param reqid specific reqid to use for CHILD_SA, 0 for auto assign - * @param mark_in optional inbound mark (can be NULL) - * @param mark_out optional outbound mark (can be NULL) - * @param tfc TFC padding size, 0 to disable, -1 to pad to PMTU + * @param name name of the child_cfg (cloned) + * @param data data for this child_cfg * @return child_cfg_t object */ -child_cfg_t *child_cfg_create(char *name, lifetime_cfg_t *lifetime, - char *updown, bool hostaccess, - ipsec_mode_t mode, action_t start_action, - action_t dpd_action, action_t close_action, - bool ipcomp, u_int32_t inactivity, u_int32_t reqid, - mark_t *mark_in, mark_t *mark_out, u_int32_t tfc); +child_cfg_t *child_cfg_create(char *name, child_cfg_create_t *data); #endif /** CHILD_CFG_H_ @}*/ diff --git a/src/libcharon/config/ike_cfg.c b/src/libcharon/config/ike_cfg.c index a720e1493..7d52ac88f 100644 --- a/src/libcharon/config/ike_cfg.c +++ b/src/libcharon/config/ike_cfg.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -83,12 +83,12 @@ struct private_ike_cfg_t { /** * our source port */ - u_int16_t my_port; + uint16_t my_port; /** * destination port */ - u_int16_t other_port; + uint16_t other_port; /** * should we send a certificate request? @@ -108,7 +108,7 @@ struct private_ike_cfg_t { /** * DSCP value to use on sent IKE packets */ - u_int8_t dscp; + uint8_t dscp; /** * List of proposals to use @@ -143,7 +143,7 @@ METHOD(ike_cfg_t, fragmentation, fragmentation_t, /** * Common function for resolve_me/other */ -static host_t* resolve(linked_list_t *hosts, int family, u_int16_t port) +static host_t* resolve(linked_list_t *hosts, int family, uint16_t port) { enumerator_t *enumerator; host_t *host = NULL; @@ -192,7 +192,7 @@ static u_int match(linked_list_t *hosts, linked_list_t *ranges, host_t *cand) traffic_selector_t *ts; char *str; host_t *host; - u_int8_t mask; + uint8_t mask; u_int quality = 0; /* try single hosts first */ @@ -261,19 +261,19 @@ METHOD(ike_cfg_t, get_other_addr, char*, return this->other; } -METHOD(ike_cfg_t, get_my_port, u_int16_t, +METHOD(ike_cfg_t, get_my_port, uint16_t, private_ike_cfg_t *this) { return this->my_port; } -METHOD(ike_cfg_t, get_other_port, u_int16_t, +METHOD(ike_cfg_t, get_other_port, uint16_t, private_ike_cfg_t *this) { return this->other_port; } -METHOD(ike_cfg_t, get_dscp, u_int8_t, +METHOD(ike_cfg_t, get_dscp, uint8_t, private_ike_cfg_t *this) { return this->dscp; @@ -310,42 +310,57 @@ METHOD(ike_cfg_t, get_proposals, linked_list_t*, } METHOD(ike_cfg_t, select_proposal, proposal_t*, - private_ike_cfg_t *this, linked_list_t *proposals, bool private) + private_ike_cfg_t *this, linked_list_t *proposals, bool private, + bool prefer_self) { - enumerator_t *stored_enum, *supplied_enum; - proposal_t *stored, *supplied, *selected; + enumerator_t *prefer_enum, *match_enum; + proposal_t *proposal, *match, *selected = NULL; - stored_enum = this->proposals->create_enumerator(this->proposals); - supplied_enum = proposals->create_enumerator(proposals); - - - /* compare all stored proposals with all supplied. Stored ones are preferred.*/ - while (stored_enum->enumerate(stored_enum, (void**)&stored)) + if (prefer_self) + { + prefer_enum = this->proposals->create_enumerator(this->proposals); + match_enum = proposals->create_enumerator(proposals); + } + else { - proposals->reset_enumerator(proposals, supplied_enum); + prefer_enum = proposals->create_enumerator(proposals); + match_enum = this->proposals->create_enumerator(this->proposals); + } - while (supplied_enum->enumerate(supplied_enum, (void**)&supplied)) + while (prefer_enum->enumerate(prefer_enum, (void**)&proposal)) + { + if (prefer_self) + { + proposals->reset_enumerator(proposals, match_enum); + } + else { - selected = stored->select(stored, supplied, private); + this->proposals->reset_enumerator(this->proposals, match_enum); + } + while (match_enum->enumerate(match_enum, (void**)&match)) + { + selected = proposal->select(proposal, match, private); if (selected) { - /* they match, return */ - stored_enum->destroy(stored_enum); - supplied_enum->destroy(supplied_enum); DBG2(DBG_CFG, "received proposals: %#P", proposals); DBG2(DBG_CFG, "configured proposals: %#P", this->proposals); DBG2(DBG_CFG, "selected proposal: %P", selected); - return selected; + break; } } + if (selected) + { + break; + } } - /* no proposal match :-(, will result in a NO_PROPOSAL_CHOSEN... */ - stored_enum->destroy(stored_enum); - supplied_enum->destroy(supplied_enum); - DBG1(DBG_CFG, "received proposals: %#P", proposals); - DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); - - return NULL; + prefer_enum->destroy(prefer_enum); + match_enum->destroy(match_enum); + if (!selected) + { + DBG1(DBG_CFG, "received proposals: %#P", proposals); + DBG1(DBG_CFG, "configured proposals: %#P", this->proposals); + } + return selected; } METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t, @@ -353,7 +368,7 @@ METHOD(ike_cfg_t, get_dh_group, diffie_hellman_group_t, { enumerator_t *enumerator; proposal_t *proposal; - u_int16_t dh_group = MODP_NONE; + uint16_t dh_group = MODP_NONE; enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &proposal)) @@ -545,9 +560,9 @@ int ike_cfg_get_family(ike_cfg_t *cfg, bool local) * Described in header. */ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, - char *me, u_int16_t my_port, - char *other, u_int16_t other_port, - fragmentation_t fragmentation, u_int8_t dscp) + char *me, uint16_t my_port, + char *other, uint16_t other_port, + fragmentation_t fragmentation, uint8_t dscp) { private_ike_cfg_t *this; diff --git a/src/libcharon/config/ike_cfg.h b/src/libcharon/config/ike_cfg.h index a72960f4f..5655a3497 100644 --- a/src/libcharon/config/ike_cfg.h +++ b/src/libcharon/config/ike_cfg.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012-2015 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter * Hochschule fuer Technik Rapperswil @@ -128,21 +128,21 @@ struct ike_cfg_t { * * @return source address port, host order */ - u_int16_t (*get_my_port)(ike_cfg_t *this); + uint16_t (*get_my_port)(ike_cfg_t *this); /** * Get the port to use as destination port. * * @return destination address, host order */ - u_int16_t (*get_other_port)(ike_cfg_t *this); + uint16_t (*get_other_port)(ike_cfg_t *this); /** * Get the DSCP value to use for IKE packets send from connections. * * @return DSCP value */ - u_int8_t (*get_dscp)(ike_cfg_t *this); + uint8_t (*get_dscp)(ike_cfg_t *this); /** * Adds a proposal to the list. @@ -165,16 +165,17 @@ struct ike_cfg_t { linked_list_t* (*get_proposals) (ike_cfg_t *this); /** - * Select a proposed from suggested proposals. + * Select a proposal from a list of supplied proposals. * * Returned proposal must be destroyed after use. * * @param proposals list of proposals to select from * @param private accept algorithms from a private range + * @param prefer_self whether to prefer configured or supplied proposals * @return selected proposal, or NULL if none matches. */ proposal_t *(*select_proposal) (ike_cfg_t *this, linked_list_t *proposals, - bool private); + bool private, bool prefer_self); /** * Should we send a certificate request in IKE_SA_INIT? @@ -250,9 +251,9 @@ struct ike_cfg_t { * @return ike_cfg_t object. */ ike_cfg_t *ike_cfg_create(ike_version_t version, bool certreq, bool force_encap, - char *me, u_int16_t my_port, - char *other, u_int16_t other_port, - fragmentation_t fragmentation, u_int8_t dscp); + char *me, uint16_t my_port, + char *other, uint16_t other_port, + fragmentation_t fragmentation, uint8_t dscp); /** * Determine the address family of the local or remtoe address(es). If multiple diff --git a/src/libcharon/config/peer_cfg.c b/src/libcharon/config/peer_cfg.c index d28a79507..6463c7a36 100644 --- a/src/libcharon/config/peer_cfg.c +++ b/src/libcharon/config/peer_cfg.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -88,7 +88,7 @@ struct private_peer_cfg_t { /** * number of tries after giving up if peer does not respond */ - u_int32_t keyingtries; + uint32_t keyingtries; /** * enable support for MOBIKE @@ -108,32 +108,32 @@ struct private_peer_cfg_t { /** * Time before starting rekeying */ - u_int32_t rekey_time; + uint32_t rekey_time; /** * Time before starting reauthentication */ - u_int32_t reauth_time; + uint32_t reauth_time; /** * Time, which specifies the range of a random value subtracted from above. */ - u_int32_t jitter_time; + uint32_t jitter_time; /** * Delay before deleting a rekeying/reauthenticating SA */ - u_int32_t over_time; + uint32_t over_time; /** * DPD check intervall */ - u_int32_t dpd; + uint32_t dpd; /** * DPD timeout intervall (used for IKEv1 only) */ - u_int32_t dpd_timeout; + uint32_t dpd_timeout; /** * List of virtual IPs (host_t*) to request @@ -455,13 +455,13 @@ METHOD(peer_cfg_t, get_unique_policy, unique_policy_t, return this->unique; } -METHOD(peer_cfg_t, get_keyingtries, u_int32_t, +METHOD(peer_cfg_t, get_keyingtries, uint32_t, private_peer_cfg_t *this) { return this->keyingtries; } -METHOD(peer_cfg_t, get_rekey_time, u_int32_t, +METHOD(peer_cfg_t, get_rekey_time, uint32_t, private_peer_cfg_t *this, bool jitter) { if (this->rekey_time == 0) @@ -475,7 +475,7 @@ METHOD(peer_cfg_t, get_rekey_time, u_int32_t, return this->rekey_time - (random() % this->jitter_time); } -METHOD(peer_cfg_t, get_reauth_time, u_int32_t, +METHOD(peer_cfg_t, get_reauth_time, uint32_t, private_peer_cfg_t *this, bool jitter) { if (this->reauth_time == 0) @@ -489,7 +489,7 @@ METHOD(peer_cfg_t, get_reauth_time, u_int32_t, return this->reauth_time - (random() % this->jitter_time); } -METHOD(peer_cfg_t, get_over_time, u_int32_t, +METHOD(peer_cfg_t, get_over_time, uint32_t, private_peer_cfg_t *this) { return this->over_time; @@ -513,13 +513,13 @@ METHOD(peer_cfg_t, use_pull_mode, bool, return this->pull_mode; } -METHOD(peer_cfg_t, get_dpd, u_int32_t, +METHOD(peer_cfg_t, get_dpd, uint32_t, private_peer_cfg_t *this) { return this->dpd; } -METHOD(peer_cfg_t, get_dpd_timeout, u_int32_t, +METHOD(peer_cfg_t, get_dpd_timeout, uint32_t, private_peer_cfg_t *this) { return this->dpd_timeout; @@ -724,29 +724,22 @@ METHOD(peer_cfg_t, destroy, void, /* * Described in header-file */ -peer_cfg_t *peer_cfg_create(char *name, - ike_cfg_t *ike_cfg, cert_policy_t cert_policy, - unique_policy_t unique, u_int32_t keyingtries, - u_int32_t rekey_time, u_int32_t reauth_time, - u_int32_t jitter_time, u_int32_t over_time, - bool mobike, bool aggressive, bool pull_mode, - u_int32_t dpd, u_int32_t dpd_timeout, - bool mediation, peer_cfg_t *mediated_by, - identification_t *peer_id) +peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, + peer_cfg_create_t *data) { private_peer_cfg_t *this; - if (rekey_time && jitter_time > rekey_time) + if (data->rekey_time && data->jitter_time > data->rekey_time) { - jitter_time = rekey_time; + data->jitter_time = data->rekey_time; } - if (reauth_time && jitter_time > reauth_time) + if (data->reauth_time && data->jitter_time > data->reauth_time) { - jitter_time = reauth_time; + data->jitter_time = data->reauth_time; } - if (dpd && dpd_timeout && dpd > dpd_timeout) + if (data->dpd && data->dpd_timeout && data->dpd > data->dpd_timeout) { - dpd_timeout = dpd; + data->dpd_timeout = data->dpd; } INIT(this, @@ -789,33 +782,29 @@ peer_cfg_t *peer_cfg_create(char *name, .ike_cfg = ike_cfg, .child_cfgs = linked_list_create(), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), - .cert_policy = cert_policy, - .unique = unique, - .keyingtries = keyingtries, - .rekey_time = rekey_time, - .reauth_time = reauth_time, - .jitter_time = jitter_time, - .over_time = over_time, - .use_mobike = mobike, - .aggressive = aggressive, - .pull_mode = pull_mode, - .dpd = dpd, - .dpd_timeout = dpd_timeout, + .cert_policy = data->cert_policy, + .unique = data->unique, + .keyingtries = data->keyingtries, + .rekey_time = data->rekey_time, + .reauth_time = data->reauth_time, + .jitter_time = data->jitter_time, + .over_time = data->over_time, + .use_mobike = !data->no_mobike, + .aggressive = data->aggressive, + .pull_mode = !data->push_mode, + .dpd = data->dpd, + .dpd_timeout = data->dpd_timeout, .vips = linked_list_create(), .pools = linked_list_create(), .local_auth = linked_list_create(), .remote_auth = linked_list_create(), .refcount = 1, - ); - #ifdef ME - this->mediation = mediation; - this->mediated_by = mediated_by; - this->peer_id = peer_id; -#else /* ME */ - DESTROY_IF(mediated_by); - DESTROY_IF(peer_id); + .mediation = data->mediation, + .mediated_by = data->mediated_by, + .peer_id = data->peer_id, #endif /* ME */ + ); return &this->public; } diff --git a/src/libcharon/config/peer_cfg.h b/src/libcharon/config/peer_cfg.h index b612a2ef1..8e4d5331c 100644 --- a/src/libcharon/config/peer_cfg.h +++ b/src/libcharon/config/peer_cfg.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -26,6 +26,7 @@ typedef enum cert_policy_t cert_policy_t; typedef enum unique_policy_t unique_policy_t; typedef struct peer_cfg_t peer_cfg_t; +typedef struct peer_cfg_create_t peer_cfg_create_t; #include <library.h> #include <utils/identification.h> @@ -222,30 +223,30 @@ struct peer_cfg_t { * * @return max number retries */ - u_int32_t (*get_keyingtries) (peer_cfg_t *this); + uint32_t (*get_keyingtries) (peer_cfg_t *this); /** * Get a time to start rekeying. * - * @param jitter remove a jitter value to randomize time + * @param jitter subtract a jitter value to randomize time * @return time in s when to start rekeying, 0 disables rekeying */ - u_int32_t (*get_rekey_time)(peer_cfg_t *this, bool jitter); + uint32_t (*get_rekey_time)(peer_cfg_t *this, bool jitter); /** * Get a time to start reauthentication. * - * @param jitter remove a jitter value to randomize time + * @param jitter subtract a jitter value to randomize time * @return time in s when to start reauthentication, 0 disables it */ - u_int32_t (*get_reauth_time)(peer_cfg_t *this, bool jitter); + uint32_t (*get_reauth_time)(peer_cfg_t *this, bool jitter); /** * Get the timeout of a rekeying/reauthenticating SA. * * @return timeout in s */ - u_int32_t (*get_over_time)(peer_cfg_t *this); + uint32_t (*get_over_time)(peer_cfg_t *this); /** * Use MOBIKE (RFC4555) if peer supports it? @@ -273,14 +274,14 @@ struct peer_cfg_t { * * @return dpd_delay in seconds */ - u_int32_t (*get_dpd) (peer_cfg_t *this); + uint32_t (*get_dpd) (peer_cfg_t *this); /** * Get the DPD timeout interval (IKEv1 only) * * @return dpd_timeout in seconds */ - u_int32_t (*get_dpd_timeout) (peer_cfg_t *this); + uint32_t (*get_dpd_timeout) (peer_cfg_t *this); /** * Add a virtual IP to request as initiator. @@ -367,42 +368,52 @@ struct peer_cfg_t { }; /** + * Data passed to the constructor of a peer_cfg_t object. + */ +struct peer_cfg_create_t { + /** Whether to send a certificate payload */ + cert_policy_t cert_policy; + /** Uniqueness of an IKE_SA */ + unique_policy_t unique; + /** How many keying tries should be done before giving up */ + uint32_t keyingtries; + /** Timeout in seconds before starting rekeying */ + uint32_t rekey_time; + /** Timeout in seconds before starting reauthentication */ + uint32_t reauth_time; + /** Time range in seconds to randomly subtract from rekey/reauth time */ + uint32_t jitter_time; + /** Maximum overtime in seconds before closing a rekeying/reauth SA */ + uint32_t over_time; + /** Disable MOBIKE (RFC4555) */ + bool no_mobike; + /** Use/accept aggressive mode with IKEv1 */ + bool aggressive; + /** TRUE to use modeconfig push, FALSE for pull */ + bool push_mode; + /** DPD check interval, 0 to disable */ + uint32_t dpd; + /** DPD timeout interval (IKEv1 only), if 0 default applies */ + uint32_t dpd_timeout; +#ifdef ME + /** TRUE if this is a mediation connection */ + bool mediation; + /** peer_cfg_t of the mediation connection to mediate through (adopted) */ + peer_cfg_t *mediated_by; + /** ID that identifies our peer at the mediation server (adopted) */ + identification_t *peer_id; +#endif /* ME */ +}; + +/** * Create a configuration object for IKE_AUTH and later. * - * name-string gets cloned, ID's not. - * Virtual IPs are used if they are != NULL. A %any host means the virtual - * IP should be obtained from the other peer. - * Lifetimes are in seconds. To prevent to peers to start rekeying at the - * same time, a jitter may be specified. Rekeying of an SA starts at - * (rekeylifetime - random(0, jitter)). - * - * @param name name of the peer_cfg - * @param ike_cfg IKE config to use when acting as initiator - * @param cert_policy should we send a certificate payload? - * @param unique uniqueness of an IKE_SA - * @param keyingtries how many keying tries should be done before giving up - * @param rekey_time timeout before starting rekeying - * @param reauth_time timeout before starting reauthentication - * @param jitter_time timerange to randomly subtract from rekey/reauth time - * @param over_time maximum overtime before closing a rekeying/reauth SA - * @param mobike use MOBIKE (RFC4555) if peer supports it - * @param aggressive use/accept aggressive mode with IKEv1 - * @param pull_mode TRUE to use modeconfig pull, FALSE for push - * @param dpd DPD check interval, 0 to disable - * @param dpd_timeout DPD timeout interval (IKEv1 only), if 0 default applies - * @param mediation TRUE if this is a mediation connection - * @param mediated_by peer_cfg_t of the mediation connection to mediate through - * @param peer_id ID that identifies our peer at the mediation server + * @param name name of the peer_cfg (cloned) + * @param ike_cfg IKE config to use when acting as initiator (adopted) + * @param data data for this peer_cfg * @return peer_cfg_t object */ -peer_cfg_t *peer_cfg_create(char *name, - ike_cfg_t *ike_cfg, cert_policy_t cert_policy, - unique_policy_t unique, u_int32_t keyingtries, - u_int32_t rekey_time, u_int32_t reauth_time, - u_int32_t jitter_time, u_int32_t over_time, - bool mobike, bool aggressive, bool pull_mode, - u_int32_t dpd, u_int32_t dpd_timeout, - bool mediation, peer_cfg_t *mediated_by, - identification_t *peer_id); +peer_cfg_t *peer_cfg_create(char *name, ike_cfg_t *ike_cfg, + peer_cfg_create_t *data); #endif /** PEER_CFG_H_ @}*/ diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c index 95b6a00ea..a83acec23 100644 --- a/src/libcharon/config/proposal.c +++ b/src/libcharon/config/proposal.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2008-2014 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2006-2010 Martin Willi * Copyright (C) 2013-2015 Andreas Steffen * Hochschule fuer Technik Rapperswil @@ -61,7 +61,7 @@ struct private_proposal_t { /** * senders SPI */ - u_int64_t spi; + uint64_t spi; /** * Proposal number @@ -76,14 +76,14 @@ typedef struct { /** Type of the transform */ transform_type_t type; /** algorithm identifier */ - u_int16_t alg; + uint16_t alg; /** key size in bits, or zero if not needed */ - u_int16_t key_size; + uint16_t key_size; } entry_t; METHOD(proposal_t, add_algorithm, void, private_proposal_t *this, transform_type_t type, - u_int16_t alg, u_int16_t key_size) + uint16_t alg, uint16_t key_size) { entry_t entry = { .type = type, @@ -97,8 +97,8 @@ METHOD(proposal_t, add_algorithm, void, /** * filter function for peer configs */ -static bool alg_filter(uintptr_t type, entry_t **in, u_int16_t *alg, - void **unused, u_int16_t *key_size) +static bool alg_filter(uintptr_t type, entry_t **in, uint16_t *alg, + void **unused, uint16_t *key_size) { entry_t *entry = *in; @@ -127,7 +127,7 @@ METHOD(proposal_t, create_enumerator, enumerator_t*, METHOD(proposal_t, get_algorithm, bool, private_proposal_t *this, transform_type_t type, - u_int16_t *alg, u_int16_t *key_size) + uint16_t *alg, uint16_t *key_size) { enumerator_t *enumerator; bool found = FALSE; @@ -147,7 +147,7 @@ METHOD(proposal_t, has_dh_group, bool, { bool found = FALSE, any = FALSE; enumerator_t *enumerator; - u_int16_t current; + uint16_t current; enumerator = create_enumerator(this, DIFFIE_HELLMAN_GROUP); while (enumerator->enumerate(enumerator, ¤t, NULL)) @@ -193,7 +193,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, proposal_t *selected, transform_type_t type, bool priv) { enumerator_t *e1, *e2; - u_int16_t alg1, alg2, ks1, ks2; + uint16_t alg1, alg2, ks1, ks2; bool found = FALSE, optional = FALSE; if (type == INTEGRITY_ALGORITHM && @@ -210,7 +210,7 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, e1 = create_enumerator(this, type); e2 = other->create_enumerator(other, type); - if (!e1->enumerate(e1, NULL, NULL)) + if (!e1->enumerate(e1, &alg1, NULL)) { if (!e2->enumerate(e2, &alg2, NULL)) { @@ -219,12 +219,23 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, else if (optional) { do - { /* if the other peer proposes NONE, we accept the proposal */ + { /* if NONE is proposed, we accept the proposal */ found = !alg2; } while (!found && e2->enumerate(e2, &alg2, NULL)); } } + else if (!e2->enumerate(e2, NULL, NULL)) + { + if (optional) + { + do + { /* if NONE is proposed, we accept the proposal */ + found = !alg1; + } + while (!found && e1->enumerate(e1, &alg1, NULL)); + } + } e1->destroy(e1); e1 = create_enumerator(this, type); @@ -244,7 +255,6 @@ static bool select_algo(private_proposal_t *this, proposal_t *other, "but peer implementation is unknown, skipped"); continue; } - /* ok, we have an algorithm */ selected->add_algorithm(selected, type, alg1, ks1); found = TRUE; break; @@ -288,9 +298,7 @@ METHOD(proposal_t, select_proposal, proposal_t*, } DBG2(DBG_CFG, " proposal matches"); - selected->set_spi(selected, other->get_spi(other)); - return selected; } @@ -301,12 +309,12 @@ METHOD(proposal_t, get_protocol, protocol_id_t, } METHOD(proposal_t, set_spi, void, - private_proposal_t *this, u_int64_t spi) + private_proposal_t *this, uint64_t spi) { this->spi = spi; } -METHOD(proposal_t, get_spi, u_int64_t, +METHOD(proposal_t, get_spi, uint64_t, private_proposal_t *this) { return this->spi; @@ -319,7 +327,7 @@ static bool algo_list_equals(private_proposal_t *this, proposal_t *other, transform_type_t type) { enumerator_t *e1, *e2; - u_int16_t alg1, alg2, ks1, ks2; + uint16_t alg1, alg2, ks1, ks2; bool equals = TRUE; e1 = create_enumerator(this, type); @@ -418,7 +426,7 @@ static void check_proposal(private_proposal_t *this) { enumerator_t *e; entry_t *entry; - u_int16_t alg, ks; + uint16_t alg, ks; bool all_aead = TRUE; int i; @@ -445,6 +453,16 @@ static void check_proposal(private_proposal_t *this) } } e->destroy(e); + /* remove MODP_NONE from IKE proposal */ + e = array_create_enumerator(this->transforms); + while (e->enumerate(e, &entry)) + { + if (entry->type == DIFFIE_HELLMAN_GROUP && !entry->alg) + { + array_remove_at(this->transforms, e); + } + } + e->destroy(e); } if (this->protocol == PROTO_ESP) @@ -516,7 +534,7 @@ static int print_alg(private_proposal_t *this, printf_hook_data_t *data, { enumerator_t *enumerator; size_t written = 0; - u_int16_t alg, size; + uint16_t alg, size; enumerator = create_enumerator(this, kind); while (enumerator->enumerate(enumerator, &alg, &size)) @@ -861,16 +879,18 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead) case MODP_768_BIT: /* weak */ break; - case MODP_2048_BIT: - case MODP_2048_256: case MODP_2048_224: case MODP_1536_BIT: - case MODP_1024_BIT: case MODP_1024_160: case ECP_224_BIT: case ECP_224_BP: case ECP_192_BIT: case NTRU_112_BIT: + /* rarely used */ + break; + case MODP_2048_BIT: + case MODP_2048_256: + case MODP_1024_BIT: add_algorithm(this, DIFFIE_HELLMAN_GROUP, group, 0); break; default: diff --git a/src/libcharon/config/proposal.h b/src/libcharon/config/proposal.h index 78b868868..f9f277820 100644 --- a/src/libcharon/config/proposal.h +++ b/src/libcharon/config/proposal.h @@ -78,13 +78,13 @@ struct proposal_t { * @param key_size key size to use */ void (*add_algorithm) (proposal_t *this, transform_type_t type, - u_int16_t alg, u_int16_t key_size); + uint16_t alg, uint16_t key_size); /** * Get an enumerator over algorithms for a specifc algo type. * * @param type kind of algorithm - * @return enumerator over u_int16_t alg, u_int16_t key_size + * @return enumerator over uint16_t alg, uint16_t key_size */ enumerator_t *(*create_enumerator) (proposal_t *this, transform_type_t type); @@ -99,7 +99,7 @@ struct proposal_t { * @return TRUE if algorithm of this kind available */ bool (*get_algorithm) (proposal_t *this, transform_type_t type, - u_int16_t *alg, u_int16_t *key_size); + uint16_t *alg, uint16_t *key_size); /** * Check if the proposal has a specific DH group. @@ -141,14 +141,14 @@ struct proposal_t { * * @return spi for proto */ - u_int64_t (*get_spi) (proposal_t *this); + uint64_t (*get_spi) (proposal_t *this); /** * Set the SPI of the proposal. * * @param spi spi to set for proto */ - void (*set_spi) (proposal_t *this, u_int64_t spi); + void (*set_spi) (proposal_t *this, uint64_t spi); /** * Get the proposal number, as encoded in SA payload diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c index 6dd54b473..93ff70bf3 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -105,7 +105,7 @@ struct interface_listener_t { /** * unique ID, used for various methods */ - u_int32_t id; + uint32_t id; /** * semaphore to implement wait_for_listener() @@ -272,6 +272,28 @@ METHOD(listener_t, ike_state_change, bool, } #endif /* ME */ case IKE_DESTROYING: + return listener_done(this); + default: + break; + } + } + return TRUE; +} + +METHOD(listener_t, ike_state_change_terminate, bool, + interface_listener_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) +{ + ike_sa_t *target; + + this->lock->lock(this->lock); + target = this->ike_sa; + this->lock->unlock(this->lock); + + if (target == ike_sa) + { + switch (state) + { + case IKE_DESTROYING: if (ike_sa->get_state(ike_sa) == IKE_DELETING) { /* proper termination */ this->status = SUCCESS; @@ -304,10 +326,6 @@ METHOD(listener_t, child_state_change, bool, case CHILD_DESTROYING: switch (child_sa->get_state(child_sa)) { - case CHILD_DELETING: - /* proper delete */ - this->status = SUCCESS; - break; case CHILD_RETRYING: /* retrying with a different DH group; survive another * initiation round */ @@ -331,6 +349,38 @@ METHOD(listener_t, child_state_change, bool, return TRUE; } +METHOD(listener_t, child_state_change_terminate, bool, + interface_listener_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, + child_sa_state_t state) +{ + ike_sa_t *target; + + this->lock->lock(this->lock); + target = this->ike_sa; + this->lock->unlock(this->lock); + + if (target == ike_sa) + { + switch (state) + { + case CHILD_DESTROYING: + switch (child_sa->get_state(child_sa)) + { + case CHILD_DELETING: + /* proper delete */ + this->status = SUCCESS; + break; + default: + break; + } + return listener_done(this); + default: + break; + } + } + return TRUE; +} + METHOD(job_t, destroy_job, void, interface_job_t *this) { @@ -493,7 +543,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t, interface_job_t *job) { interface_listener_t *listener = &job->listener; - u_int32_t unique_id = listener->id; + uint32_t unique_id = listener->id; ike_sa_t *ike_sa; ike_sa = charon->ike_sa_manager->checkout_by_id(charon->ike_sa_manager, @@ -528,7 +578,7 @@ METHOD(job_t, terminate_ike_execute, job_requeue_t, } METHOD(controller_t, terminate_ike, status_t, - controller_t *this, u_int32_t unique_id, + controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout) { interface_job_t *job; @@ -537,8 +587,8 @@ METHOD(controller_t, terminate_ike, status_t, INIT(job, .listener = { .public = { - .ike_state_change = _ike_state_change, - .child_state_change = _child_state_change, + .ike_state_change = _ike_state_change_terminate, + .child_state_change = _child_state_change_terminate, }, .logger = { .public = { @@ -582,7 +632,7 @@ METHOD(job_t, terminate_child_execute, job_requeue_t, interface_job_t *job) { interface_listener_t *listener = &job->listener; - u_int32_t id = listener->id; + uint32_t id = listener->id; child_sa_t *child_sa; ike_sa_t *ike_sa; @@ -630,7 +680,7 @@ METHOD(job_t, terminate_child_execute, job_requeue_t, } METHOD(controller_t, terminate_child, status_t, - controller_t *this, u_int32_t unique_id, + controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout) { interface_job_t *job; @@ -639,8 +689,8 @@ METHOD(controller_t, terminate_child, status_t, INIT(job, .listener = { .public = { - .ike_state_change = _ike_state_change, - .child_state_change = _child_state_change, + .ike_state_change = _ike_state_change_terminate, + .child_state_change = _child_state_change_terminate, }, .logger = { .public = { diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h index 5ffeac522..9524f53b9 100644 --- a/src/libcharon/control/controller.h +++ b/src/libcharon/control/controller.h @@ -111,7 +111,7 @@ struct controller_t { * - NEED_MORE, if callback returned FALSE * - OUT_OF_RES if timed out */ - status_t (*terminate_ike)(controller_t *this, u_int32_t unique_id, + status_t (*terminate_ike)(controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout); @@ -131,7 +131,7 @@ struct controller_t { * - NEED_MORE, if callback returned FALSE * - OUT_OF_RES if timed out */ - status_t (*terminate_child)(controller_t *this, u_int32_t unique_id, + status_t (*terminate_child)(controller_t *this, uint32_t unique_id, controller_cb_t callback, void *param, u_int timeout); diff --git a/src/libcharon/daemon.c b/src/libcharon/daemon.c index cef8b8992..532d0812e 100644 --- a/src/libcharon/daemon.c +++ b/src/libcharon/daemon.c @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -54,6 +54,7 @@ #include <library.h> #include <bus/listeners/sys_logger.h> #include <bus/listeners/file_logger.h> +#include <collections/array.h> #include <config/proposal.h> #include <plugins/plugin_feature.h> #include <kernel/kernel_handler.h> @@ -701,46 +702,68 @@ static void destroy(private_daemon_t *this) */ static void run_scripts(private_daemon_t *this, char *verb) { + struct { + char *name; + char *path; + } *script; + array_t *scripts = NULL; enumerator_t *enumerator; char *key, *value, *pos, buf[1024]; FILE *cmd; + /* copy the scripts so we don't hold any locks while executing them */ enumerator = lib->settings->create_key_value_enumerator(lib->settings, "%s.%s-scripts", lib->ns, verb); while (enumerator->enumerate(enumerator, &key, &value)) { - DBG1(DBG_DMN, "executing %s script '%s' (%s):", verb, key, value); - cmd = popen(value, "r"); + INIT(script, + .name = key, + .path = value, + ); + array_insert_create(&scripts, ARRAY_TAIL, script); + } + enumerator->destroy(enumerator); + + enumerator = array_create_enumerator(scripts); + while (enumerator->enumerate(enumerator, &script)) + { + DBG1(DBG_DMN, "executing %s script '%s' (%s)", verb, script->name, + script->path); + cmd = popen(script->path, "r"); if (!cmd) { DBG1(DBG_DMN, "executing %s script '%s' (%s) failed: %s", - verb, key, value, strerror(errno)); - continue; + verb, script->name, script->path, strerror(errno)); } - while (TRUE) + else { - if (!fgets(buf, sizeof(buf), cmd)) + while (TRUE) { - if (ferror(cmd)) + if (!fgets(buf, sizeof(buf), cmd)) { - DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed", - verb, key, value); + if (ferror(cmd)) + { + DBG1(DBG_DMN, "reading from %s script '%s' (%s) failed", + verb, script->name, script->path); + } + break; } - break; - } - else - { - pos = buf + strlen(buf); - if (pos > buf && pos[-1] == '\n') + else { - pos[-1] = '\0'; + pos = buf + strlen(buf); + if (pos > buf && pos[-1] == '\n') + { + pos[-1] = '\0'; + } + DBG1(DBG_DMN, "%s: %s", script->name, buf); } - DBG1(DBG_DMN, "%s: %s", key, buf); } + pclose(cmd); } - pclose(cmd); + free(script); } enumerator->destroy(enumerator); + array_destroy(scripts); } METHOD(daemon_t, start, void, diff --git a/src/libcharon/encoding/generator.c b/src/libcharon/encoding/generator.c index a0a508f53..41aacd4ed 100644 --- a/src/libcharon/encoding/generator.c +++ b/src/libcharon/encoding/generator.c @@ -68,22 +68,22 @@ struct private_generator_t { /** * Buffer used to generate the data into. */ - u_int8_t *buffer; + uint8_t *buffer; /** * Current write position in buffer (one byte aligned). */ - u_int8_t *out_position; + uint8_t *out_position; /** * Position of last byte in buffer. */ - u_int8_t *roof_position; + uint8_t *roof_position; /** * Current bit writing to in current byte (between 0 and 7). */ - u_int8_t current_bit; + uint8_t current_bit; /** * Associated data struct to read informations from. @@ -93,7 +93,7 @@ struct private_generator_t { /** * Offset of the header length field in the buffer. */ - u_int32_t header_length_offset; + uint32_t header_length_offset; /** * Attribute format of the last generated transform attribute. @@ -107,7 +107,7 @@ struct private_generator_t { * Depending on the value of attribute_format this field is used * to hold the length of the transform attribute in bytes. */ - u_int16_t attribute_length; + uint16_t attribute_length; /** * TRUE, if debug messages should be logged during generation. @@ -142,7 +142,7 @@ static int get_length(private_generator_t *this) /** * Get current offset in buffer (in bytes). */ -static u_int32_t get_offset(private_generator_t *this) +static uint32_t get_offset(private_generator_t *this) { return this->out_position - this->buffer; } @@ -179,7 +179,7 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, int number_of_bytes) { int i; - u_int8_t *read_position = (u_int8_t *)bytes; + uint8_t *read_position = (uint8_t *)bytes; make_space_available(this, number_of_bytes * 8); @@ -195,7 +195,7 @@ static void write_bytes_to_buffer(private_generator_t *this, void *bytes, * Generates a U_INT-Field type and writes it to buffer. */ static void generate_u_int_type(private_generator_t *this, - encoding_type_t int_type,u_int32_t offset) + encoding_type_t int_type,uint32_t offset) { int number_of_bits = 0; @@ -242,12 +242,12 @@ static void generate_u_int_type(private_generator_t *this, { case U_INT_4: { - u_int8_t high, low; + uint8_t high, low; if (this->current_bit == 0) { /* high of current byte in buffer has to be set to the new value*/ - high = *((u_int8_t *)(this->data_struct + offset)) << 4; + high = *((uint8_t *)(this->data_struct + offset)) << 4; /* low in buffer is not changed */ low = *(this->out_position) & 0x0F; /* high is set, low_val is not changed */ @@ -264,7 +264,7 @@ static void generate_u_int_type(private_generator_t *this, /* high in buffer is not changed */ high = *(this->out_position) & 0xF0; /* low of current byte in buffer has to be set to the new value*/ - low = *((u_int8_t *)(this->data_struct + offset)) & 0x0F; + low = *((uint8_t *)(this->data_struct + offset)) & 0x0F; *(this->out_position) = high | low; if (this->debug) { @@ -287,7 +287,7 @@ static void generate_u_int_type(private_generator_t *this, case U_INT_8: { /* 8 bit values are written as they are */ - *this->out_position = *((u_int8_t *)(this->data_struct + offset)); + *this->out_position = *((uint8_t *)(this->data_struct + offset)); if (this->debug) { DBG3(DBG_ENC, " => %d", *(this->out_position)); @@ -297,8 +297,8 @@ static void generate_u_int_type(private_generator_t *this, } case ATTRIBUTE_TYPE: { - u_int8_t attribute_format_flag; - u_int16_t val; + uint8_t attribute_format_flag; + uint16_t val; /* attribute type must not change first bit of current byte */ if (this->current_bit != 1) @@ -308,7 +308,7 @@ static void generate_u_int_type(private_generator_t *this, } attribute_format_flag = *(this->out_position) & 0x80; /* get attribute type value as 16 bit integer*/ - val = *((u_int16_t*)(this->data_struct + offset)); + val = *((uint16_t*)(this->data_struct + offset)); /* unset most significant bit */ val &= 0x7FFF; if (attribute_format_flag) @@ -321,7 +321,7 @@ static void generate_u_int_type(private_generator_t *this, DBG3(DBG_ENC, " => %d", val); } /* write bytes to buffer (set bit is overwritten) */ - write_bytes_to_buffer(this, &val, sizeof(u_int16_t)); + write_bytes_to_buffer(this, &val, sizeof(uint16_t)); this->current_bit = 0; break; @@ -330,33 +330,33 @@ static void generate_u_int_type(private_generator_t *this, case PAYLOAD_LENGTH: case ATTRIBUTE_LENGTH: { - u_int16_t val = htons(*((u_int16_t*)(this->data_struct + offset))); + uint16_t val = htons(*((uint16_t*)(this->data_struct + offset))); if (this->debug) { - DBG3(DBG_ENC, " %b", &val, sizeof(u_int16_t)); + DBG3(DBG_ENC, " %b", &val, sizeof(uint16_t)); } - write_bytes_to_buffer(this, &val, sizeof(u_int16_t)); + write_bytes_to_buffer(this, &val, sizeof(uint16_t)); break; } case U_INT_32: { - u_int32_t val = htonl(*((u_int32_t*)(this->data_struct + offset))); + uint32_t val = htonl(*((uint32_t*)(this->data_struct + offset))); if (this->debug) { - DBG3(DBG_ENC, " %b", &val, sizeof(u_int32_t)); + DBG3(DBG_ENC, " %b", &val, sizeof(uint32_t)); } - write_bytes_to_buffer(this, &val, sizeof(u_int32_t)); + write_bytes_to_buffer(this, &val, sizeof(uint32_t)); break; } case IKE_SPI: { /* 64 bit are written as-is, no host order conversion */ write_bytes_to_buffer(this, this->data_struct + offset, - sizeof(u_int64_t)); + sizeof(uint64_t)); if (this->debug) { DBG3(DBG_ENC, " %b", this->data_struct + offset, - sizeof(u_int64_t)); + sizeof(uint64_t)); } break; } @@ -372,10 +372,10 @@ static void generate_u_int_type(private_generator_t *this, /** * Generate a FLAG filed */ -static void generate_flag(private_generator_t *this, u_int32_t offset) +static void generate_flag(private_generator_t *this, uint32_t offset) { - u_int8_t flag_value; - u_int8_t flag; + uint8_t flag_value; + uint8_t flag; flag_value = (*((bool *) (this->data_struct + offset))) ? 1 : 0; /* get flag position */ @@ -406,7 +406,7 @@ static void generate_flag(private_generator_t *this, u_int32_t offset) /** * Generates a bytestream from a chunk_t. */ -static void generate_from_chunk(private_generator_t *this, u_int32_t offset) +static void generate_from_chunk(private_generator_t *this, uint32_t offset) { chunk_t *value; @@ -427,11 +427,11 @@ static void generate_from_chunk(private_generator_t *this, u_int32_t offset) } METHOD(generator_t, get_chunk, chunk_t, - private_generator_t *this, u_int32_t **lenpos) + private_generator_t *this, uint32_t **lenpos) { chunk_t data; - *lenpos = (u_int32_t*)(this->buffer + this->header_length_offset); + *lenpos = (uint32_t*)(this->buffer + this->header_length_offset); data = chunk_create(this->buffer, get_length(this)); if (this->debug) { @@ -537,7 +537,7 @@ METHOD(generator_t, generate_payload, void, generate_u_int_type(this, U_INT_16, rules[i].offset); /* this field hold the length of the attribute */ this->attribute_length = - *((u_int16_t *)(this->data_struct + rules[i].offset)); + *((uint16_t *)(this->data_struct + rules[i].offset)); } break; case ATTRIBUTE_VALUE: diff --git a/src/libcharon/encoding/generator.h b/src/libcharon/encoding/generator.h index c2c0aad2a..375530776 100644 --- a/src/libcharon/encoding/generator.h +++ b/src/libcharon/encoding/generator.h @@ -57,7 +57,7 @@ struct generator_t { * @param lenpos receives a pointer to fill in length value * @param return chunk to internal buffer. */ - chunk_t (*get_chunk) (generator_t *this, u_int32_t **lenpos); + chunk_t (*get_chunk) (generator_t *this, uint32_t **lenpos); /** * Destroys a generator_t object. diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c index bbdc4629d..1fd644203 100644 --- a/src/libcharon/encoding/message.c +++ b/src/libcharon/encoding/message.c @@ -829,7 +829,7 @@ typedef struct { * fragments we expect. * For IKEv2 we store the total number of fragment we received last. */ - u_int16_t last; + uint16_t last; /** * Length of all currently received fragments. @@ -858,12 +858,12 @@ struct private_message_t { /** * Minor version of message. */ - u_int8_t major_version; + uint8_t major_version; /** * Major version of message. */ - u_int8_t minor_version; + uint8_t minor_version; /** * First Payload in message. @@ -903,7 +903,7 @@ struct private_message_t { /** * Message ID of this message. */ - u_int32_t message_id; + uint32_t message_id; /** * ID of assigned IKE_SA. @@ -953,7 +953,7 @@ struct private_message_t { typedef struct { /** fragment number */ - u_int8_t num; + uint8_t num; /** fragment data */ chunk_t data; @@ -1024,48 +1024,48 @@ METHOD(message_t, get_ike_sa_id, ike_sa_id_t*, } METHOD(message_t, set_message_id, void, - private_message_t *this,u_int32_t message_id) + private_message_t *this,uint32_t message_id) { this->message_id = message_id; } -METHOD(message_t, get_message_id, u_int32_t, +METHOD(message_t, get_message_id, uint32_t, private_message_t *this) { return this->message_id; } -METHOD(message_t, get_initiator_spi, u_int64_t, +METHOD(message_t, get_initiator_spi, uint64_t, private_message_t *this) { return (this->ike_sa_id->get_initiator_spi(this->ike_sa_id)); } -METHOD(message_t, get_responder_spi, u_int64_t, +METHOD(message_t, get_responder_spi, uint64_t, private_message_t *this) { return (this->ike_sa_id->get_responder_spi(this->ike_sa_id)); } METHOD(message_t, set_major_version, void, - private_message_t *this, u_int8_t major_version) + private_message_t *this, uint8_t major_version) { this->major_version = major_version; } -METHOD(message_t, get_major_version, u_int8_t, +METHOD(message_t, get_major_version, uint8_t, private_message_t *this) { return this->major_version; } METHOD(message_t, set_minor_version, void, - private_message_t *this,u_int8_t minor_version) + private_message_t *this,uint8_t minor_version) { this->minor_version = minor_version; } -METHOD(message_t, get_minor_version, u_int8_t, +METHOD(message_t, get_minor_version, uint8_t, private_message_t *this) { return this->minor_version; @@ -1331,7 +1331,7 @@ static char* get_string(private_message_t *this, char *buf, int len) if (payload->get_type(payload) == PLV2_EAP) { eap_payload_t *eap = (eap_payload_t*)payload; - u_int32_t vendor; + uint32_t vendor; eap_type_t type; char method[64] = ""; @@ -1790,7 +1790,7 @@ static status_t finalize_message(private_message_t *this, keymat_t *keymat, { keymat_v1_t *keymat_v1 = (keymat_v1_t*)keymat; chunk_t chunk; - u_int32_t *lenpos; + uint32_t *lenpos; if (encrypted) { @@ -1893,7 +1893,7 @@ static message_t *clone_message(private_message_t *this) * Create a single fragment with the given data */ static message_t *create_fragment(private_message_t *this, payload_type_t next, - u_int16_t num, u_int16_t count, chunk_t data) + uint16_t num, uint16_t count, chunk_t data) { enumerator_t *enumerator; payload_t *fragment, *payload; @@ -1972,11 +1972,11 @@ METHOD(message_t, fragment, status_t, message_t *fragment; packet_t *packet; payload_type_t next = PL_NONE; - u_int16_t num, count; + uint16_t num, count; host_t *src, *dst; chunk_t data; status_t status; - u_int32_t *lenpos; + uint32_t *lenpos; size_t len; src = this->packet->get_source(this->packet); @@ -2703,7 +2703,7 @@ METHOD(message_t, parse_body, status_t, /** * Store the fragment data for the fragment with the given fragment number. */ -static status_t add_fragment(private_message_t *this, u_int16_t num, +static status_t add_fragment(private_message_t *this, uint16_t num, chunk_t data) { fragment_t *fragment; @@ -2777,7 +2777,7 @@ METHOD(message_t, add_fragment_v1, status_t, { fragment_payload_t *payload; chunk_t data; - u_int8_t num; + uint8_t num; status_t status; if (!this->frag) @@ -2840,7 +2840,7 @@ METHOD(message_t, add_fragment_v2, status_t, payload_t *payload; enumerator_t *enumerator; chunk_t data; - u_int16_t total, num; + uint16_t total, num; status_t status; if (!this->frag) diff --git a/src/libcharon/encoding/message.h b/src/libcharon/encoding/message.h index a03aa8e96..8c4372974 100644 --- a/src/libcharon/encoding/message.h +++ b/src/libcharon/encoding/message.h @@ -49,56 +49,56 @@ struct message_t { * * @param major_version major version to set */ - void (*set_major_version) (message_t *this, u_int8_t major_version); + void (*set_major_version) (message_t *this, uint8_t major_version); /** * Gets the IKE major version of the message. * * @return major version of the message */ - u_int8_t (*get_major_version) (message_t *this); + uint8_t (*get_major_version) (message_t *this); /** * Sets the IKE minor version of the message. * * @param minor_version minor version to set */ - void (*set_minor_version) (message_t *this, u_int8_t minor_version); + void (*set_minor_version) (message_t *this, uint8_t minor_version); /** * Gets the IKE minor version of the message. * * @return minor version of the message */ - u_int8_t (*get_minor_version) (message_t *this); + uint8_t (*get_minor_version) (message_t *this); /** * Sets the Message ID of the message. * * @param message_id message_id to set */ - void (*set_message_id) (message_t *this, u_int32_t message_id); + void (*set_message_id) (message_t *this, uint32_t message_id); /** * Gets the Message ID of the message. * * @return message_id type of the message */ - u_int32_t (*get_message_id) (message_t *this); + uint32_t (*get_message_id) (message_t *this); /** * Gets the initiator SPI of the message. * * @return initiator spi of the message */ - u_int64_t (*get_initiator_spi) (message_t *this); + uint64_t (*get_initiator_spi) (message_t *this); /** * Gets the responder SPI of the message. * * @return responder spi of the message */ - u_int64_t (*get_responder_spi) (message_t *this); + uint64_t (*get_responder_spi) (message_t *this); /** * Sets the IKE_SA ID of the message. diff --git a/src/libcharon/encoding/parser.c b/src/libcharon/encoding/parser.c index f8340367e..c9d6b0d8f 100644 --- a/src/libcharon/encoding/parser.c +++ b/src/libcharon/encoding/parser.c @@ -61,27 +61,27 @@ struct private_parser_t { /** * major IKE version */ - u_int8_t major_version; + uint8_t major_version; /** * Current bit for reading in input data. */ - u_int8_t bit_pos; + uint8_t bit_pos; /** * Current byte for reading in input data. */ - u_int8_t *byte_pos; + uint8_t *byte_pos; /** * Input data to parse. */ - u_int8_t *input; + uint8_t *input; /** * Roof of input, used for length-checking. */ - u_int8_t *input_roof; + uint8_t *input_roof; /** * Set of encoding rules for this parsing session. @@ -113,9 +113,9 @@ static bool bad_bitpos(private_parser_t *this, int number) * Parse a 4-Bit unsigned integer from the current parsing position. */ static bool parse_uint4(private_parser_t *this, int rule_number, - u_int8_t *output_pos) + uint8_t *output_pos) { - if (this->byte_pos + sizeof(u_int8_t) > this->input_roof) + if (this->byte_pos + sizeof(uint8_t) > this->input_roof) { return short_input(this, rule_number); } @@ -150,9 +150,9 @@ static bool parse_uint4(private_parser_t *this, int rule_number, * Parse a 8-Bit unsigned integer from the current parsing position. */ static bool parse_uint8(private_parser_t *this, int rule_number, - u_int8_t *output_pos) + uint8_t *output_pos) { - if (this->byte_pos + sizeof(u_int8_t) > this->input_roof) + if (this->byte_pos + sizeof(uint8_t) > this->input_roof) { return short_input(this, rule_number); } @@ -173,9 +173,9 @@ static bool parse_uint8(private_parser_t *this, int rule_number, * Parse a 15-Bit unsigned integer from the current parsing position. */ static bool parse_uint15(private_parser_t *this, int rule_number, - u_int16_t *output_pos) + uint16_t *output_pos) { - if (this->byte_pos + sizeof(u_int16_t) > this->input_roof) + if (this->byte_pos + sizeof(uint16_t) > this->input_roof) { return short_input(this, rule_number); } @@ -185,11 +185,11 @@ static bool parse_uint15(private_parser_t *this, int rule_number, } if (output_pos) { - memcpy(output_pos, this->byte_pos, sizeof(u_int16_t)); + memcpy(output_pos, this->byte_pos, sizeof(uint16_t)); *output_pos = ntohs(*output_pos) & ~0x8000; DBG3(DBG_ENC, " => %hu", *output_pos); } - this->byte_pos += sizeof(u_int16_t); + this->byte_pos += sizeof(uint16_t); this->bit_pos = 0; return TRUE; } @@ -198,9 +198,9 @@ static bool parse_uint15(private_parser_t *this, int rule_number, * Parse a 16-Bit unsigned integer from the current parsing position. */ static bool parse_uint16(private_parser_t *this, int rule_number, - u_int16_t *output_pos) + uint16_t *output_pos) { - if (this->byte_pos + sizeof(u_int16_t) > this->input_roof) + if (this->byte_pos + sizeof(uint16_t) > this->input_roof) { return short_input(this, rule_number); } @@ -210,20 +210,20 @@ static bool parse_uint16(private_parser_t *this, int rule_number, } if (output_pos) { - memcpy(output_pos, this->byte_pos, sizeof(u_int16_t)); + memcpy(output_pos, this->byte_pos, sizeof(uint16_t)); *output_pos = ntohs(*output_pos); DBG3(DBG_ENC, " => %hu", *output_pos); } - this->byte_pos += sizeof(u_int16_t); + this->byte_pos += sizeof(uint16_t); return TRUE; } /** * Parse a 32-Bit unsigned integer from the current parsing position. */ static bool parse_uint32(private_parser_t *this, int rule_number, - u_int32_t *output_pos) + uint32_t *output_pos) { - if (this->byte_pos + sizeof(u_int32_t) > this->input_roof) + if (this->byte_pos + sizeof(uint32_t) > this->input_roof) { return short_input(this, rule_number); } @@ -233,11 +233,11 @@ static bool parse_uint32(private_parser_t *this, int rule_number, } if (output_pos) { - memcpy(output_pos, this->byte_pos, sizeof(u_int32_t)); + memcpy(output_pos, this->byte_pos, sizeof(uint32_t)); *output_pos = ntohl(*output_pos); DBG3(DBG_ENC, " => %u", *output_pos); } - this->byte_pos += sizeof(u_int32_t); + this->byte_pos += sizeof(uint32_t); return TRUE; } @@ -245,7 +245,7 @@ static bool parse_uint32(private_parser_t *this, int rule_number, * Parse a given amount of bytes and writes them to a specific location */ static bool parse_bytes(private_parser_t *this, int rule_number, - u_int8_t *output_pos, int bytes) + uint8_t *output_pos, int bytes) { if (this->byte_pos + bytes > this->input_roof) { @@ -270,13 +270,13 @@ static bool parse_bytes(private_parser_t *this, int rule_number, static bool parse_bit(private_parser_t *this, int rule_number, bool *output_pos) { - if (this->byte_pos + sizeof(u_int8_t) > this->input_roof) + if (this->byte_pos + sizeof(uint8_t) > this->input_roof) { return short_input(this, rule_number); } if (output_pos) { - u_int8_t mask; + uint8_t mask; mask = 0x01 << (7 - this->bit_pos); *output_pos = *this->byte_pos & mask; @@ -312,7 +312,7 @@ static bool parse_list(private_parser_t *this, int rule_number, } while (length > 0) { - u_int8_t *pos_before = this->byte_pos; + uint8_t *pos_before = this->byte_pos; payload_t *payload; DBG2(DBG_ENC, " %d bytes left, parsing recursively %N", @@ -368,7 +368,7 @@ METHOD(parser_t, parse_payload, status_t, payload_t *pld; void *output; int payload_length = 0, spi_size = 0, attribute_length = 0, header_length; - u_int16_t ts_type = 0; + uint16_t ts_type = 0; bool attribute_format = FALSE; int rule_number, rule_count; encoding_rule_t *rule; @@ -468,7 +468,7 @@ METHOD(parser_t, parse_payload, status_t, return PARSE_ERROR; } /* parsed u_int16 should be aligned */ - payload_length = *(u_int16_t*)(output + rule->offset); + payload_length = *(uint16_t*)(output + rule->offset); /* all payloads must have at least 4 bytes header */ if (payload_length < 4) { @@ -484,7 +484,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - spi_size = *(u_int8_t*)(output + rule->offset); + spi_size = *(uint8_t*)(output + rule->offset); break; } case SPI: @@ -564,7 +564,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - attribute_length = *(u_int16_t*)(output + rule->offset); + attribute_length = *(uint16_t*)(output + rule->offset); break; } case ATTRIBUTE_LENGTH_OR_VALUE: @@ -574,7 +574,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - attribute_length = *(u_int16_t*)(output + rule->offset); + attribute_length = *(uint16_t*)(output + rule->offset); break; } case ATTRIBUTE_VALUE: @@ -595,7 +595,7 @@ METHOD(parser_t, parse_payload, status_t, pld->destroy(pld); return PARSE_ERROR; } - ts_type = *(u_int8_t*)(output + rule->offset); + ts_type = *(uint8_t*)(output + rule->offset); break; } case ADDRESS: @@ -642,7 +642,7 @@ METHOD(parser_t, reset_context, void, } METHOD(parser_t, set_major_version, void, - private_parser_t *this, u_int8_t major_version) + private_parser_t *this, uint8_t major_version) { this->major_version = major_version; } diff --git a/src/libcharon/encoding/parser.h b/src/libcharon/encoding/parser.h index 5fd3e86ee..8f073556e 100644 --- a/src/libcharon/encoding/parser.h +++ b/src/libcharon/encoding/parser.h @@ -68,7 +68,7 @@ struct parser_t { * * @param major_version the major IKE version */ - void (*set_major_version) (parser_t *this, u_int8_t major_version); + void (*set_major_version) (parser_t *this, uint8_t major_version); /** * Destroys a parser_t object. diff --git a/src/libcharon/encoding/payloads/auth_payload.c b/src/libcharon/encoding/payloads/auth_payload.c index ee3ed54fd..9d03bb694 100644 --- a/src/libcharon/encoding/payloads/auth_payload.c +++ b/src/libcharon/encoding/payloads/auth_payload.c @@ -35,7 +35,7 @@ struct private_auth_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -50,17 +50,17 @@ struct private_auth_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[3]; + uint8_t reserved_byte[3]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Method of the AUTH Data. */ - u_int8_t auth_method; + uint8_t auth_method; /** * The contained auth data value. diff --git a/src/libcharon/encoding/payloads/cert_payload.c b/src/libcharon/encoding/payloads/cert_payload.c index 43993ae48..ea25ca73c 100644 --- a/src/libcharon/encoding/payloads/cert_payload.c +++ b/src/libcharon/encoding/payloads/cert_payload.c @@ -55,7 +55,7 @@ struct private_cert_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -70,12 +70,12 @@ struct private_cert_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Encoding of the CERT Data. */ - u_int8_t encoding; + uint8_t encoding; /** * The contained cert data value. diff --git a/src/libcharon/encoding/payloads/certreq_payload.c b/src/libcharon/encoding/payloads/certreq_payload.c index 6ac90a2a0..09bfa2458 100644 --- a/src/libcharon/encoding/payloads/certreq_payload.c +++ b/src/libcharon/encoding/payloads/certreq_payload.c @@ -38,7 +38,7 @@ struct private_certreq_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -53,12 +53,12 @@ struct private_certreq_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Encoding of the CERT Data. */ - u_int8_t encoding; + uint8_t encoding; /** * The contained certreq data value. diff --git a/src/libcharon/encoding/payloads/configuration_attribute.c b/src/libcharon/encoding/payloads/configuration_attribute.c index 4ecdf569d..32e4828ba 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.c +++ b/src/libcharon/encoding/payloads/configuration_attribute.c @@ -48,12 +48,12 @@ struct private_configuration_attribute_t { /** * Type of the attribute. */ - u_int16_t attr_type; + uint16_t attr_type; /** * Length of the attribute, value if af_flag set. */ - u_int16_t length_or_value; + uint16_t length_or_value; /** * Attribute value as chunk. @@ -272,7 +272,7 @@ METHOD(configuration_attribute_t, get_chunk, chunk_t, return this->value; } -METHOD(configuration_attribute_t, get_value, u_int16_t, +METHOD(configuration_attribute_t, get_value, uint16_t, private_configuration_attribute_t *this) { if (this->af_flag) @@ -328,7 +328,7 @@ configuration_attribute_t *configuration_attribute_create_chunk( this = (private_configuration_attribute_t*) configuration_attribute_create(type); - this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; + this->attr_type = ((uint16_t)attr_type) & 0x7FFF; this->value = chunk_clone(chunk); this->length_or_value = chunk.len; @@ -339,13 +339,13 @@ configuration_attribute_t *configuration_attribute_create_chunk( * Described in header. */ configuration_attribute_t *configuration_attribute_create_value( - configuration_attribute_type_t attr_type, u_int16_t value) + configuration_attribute_type_t attr_type, uint16_t value) { private_configuration_attribute_t *this; this = (private_configuration_attribute_t*) configuration_attribute_create(PLV1_CONFIGURATION_ATTRIBUTE); - this->attr_type = ((u_int16_t)attr_type) & 0x7FFF; + this->attr_type = ((uint16_t)attr_type) & 0x7FFF; this->length_or_value = value; this->af_flag = TRUE; diff --git a/src/libcharon/encoding/payloads/configuration_attribute.h b/src/libcharon/encoding/payloads/configuration_attribute.h index 946c1b500..417ba731b 100644 --- a/src/libcharon/encoding/payloads/configuration_attribute.h +++ b/src/libcharon/encoding/payloads/configuration_attribute.h @@ -57,7 +57,7 @@ struct configuration_attribute_t { * * @return attribute value */ - u_int16_t (*get_value) (configuration_attribute_t *this); + uint16_t (*get_value) (configuration_attribute_t *this); /** * Destroys an configuration_attribute_t object. @@ -92,6 +92,6 @@ configuration_attribute_t *configuration_attribute_create_chunk( * @return created PLV1_CONFIGURATION_ATTRIBUTE configuration attribute */ configuration_attribute_t *configuration_attribute_create_value( - configuration_attribute_type_t attr_type, u_int16_t value); + configuration_attribute_type_t attr_type, uint16_t value); #endif /** CONFIGURATION_ATTRIBUTE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/cp_payload.c b/src/libcharon/encoding/payloads/cp_payload.c index ef9df84f7..d86693ee2 100644 --- a/src/libcharon/encoding/payloads/cp_payload.c +++ b/src/libcharon/encoding/payloads/cp_payload.c @@ -44,7 +44,7 @@ struct private_cp_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -59,17 +59,17 @@ struct private_cp_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[3]; + uint8_t reserved_byte[3]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Identifier field, IKEv1 only */ - u_int16_t identifier; + uint16_t identifier; /** * List of attributes, as configuration_attribute_t @@ -79,7 +79,7 @@ struct private_cp_payload_t { /** * Config Type. */ - u_int8_t cfg_type; + uint8_t cfg_type; /** * PLV2_CONFIGURATION or PLV1_CONFIGURATION @@ -269,13 +269,13 @@ METHOD(cp_payload_t, get_config_type, config_type_t, return this->cfg_type; } -METHOD(cp_payload_t, get_identifier, u_int16_t, +METHOD(cp_payload_t, get_identifier, uint16_t, private_cp_payload_t *this) { return this->identifier; } METHOD(cp_payload_t, set_identifier, void, - private_cp_payload_t *this, u_int16_t identifier) + private_cp_payload_t *this, uint16_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/encoding/payloads/cp_payload.h b/src/libcharon/encoding/payloads/cp_payload.h index d466989d6..3e4763fb6 100644 --- a/src/libcharon/encoding/payloads/cp_payload.h +++ b/src/libcharon/encoding/payloads/cp_payload.h @@ -82,14 +82,14 @@ struct cp_payload_t { * @param identifier identifier to set */ - void (*set_identifier) (cp_payload_t *this, u_int16_t identifier); + void (*set_identifier) (cp_payload_t *this, uint16_t identifier); /** * Get the configuration payload identifier (IKEv1 only). * * @return identifier */ - u_int16_t (*get_identifier) (cp_payload_t *this); + uint16_t (*get_identifier) (cp_payload_t *this); /** * Destroys an cp_payload_t object. diff --git a/src/libcharon/encoding/payloads/delete_payload.c b/src/libcharon/encoding/payloads/delete_payload.c index f11ea485c..584e6f22b 100644 --- a/src/libcharon/encoding/payloads/delete_payload.c +++ b/src/libcharon/encoding/payloads/delete_payload.c @@ -36,7 +36,7 @@ struct private_delete_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -51,27 +51,27 @@ struct private_delete_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * IKEv1 Domain of Interpretation */ - u_int32_t doi; + uint32_t doi; /** * Protocol ID. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * SPI Size. */ - u_int8_t spi_size; + uint8_t spi_size; /** * Number of SPI's. */ - u_int16_t spi_count; + uint16_t spi_count; /** * The contained SPI's. @@ -257,7 +257,7 @@ METHOD(delete_payload_t, get_protocol_id, protocol_id_t, } METHOD(delete_payload_t, add_spi, void, - private_delete_payload_t *this, u_int32_t spi) + private_delete_payload_t *this, uint32_t spi) { switch (this->protocol_id) { @@ -273,7 +273,7 @@ METHOD(delete_payload_t, add_spi, void, } METHOD(delete_payload_t, set_ike_spi, void, - private_delete_payload_t *this, u_int64_t spi_i, u_int64_t spi_r) + private_delete_payload_t *this, uint64_t spi_i, uint64_t spi_r) { free(this->spis.ptr); this->spis = chunk_cat("cc", chunk_from_thing(spi_i), @@ -283,15 +283,15 @@ METHOD(delete_payload_t, set_ike_spi, void, } METHOD(delete_payload_t, get_ike_spi, bool, - private_delete_payload_t *this, u_int64_t *spi_i, u_int64_t *spi_r) + private_delete_payload_t *this, uint64_t *spi_i, uint64_t *spi_r) { if (this->protocol_id != PROTO_IKE || - this->spis.len < 2 * sizeof(u_int64_t)) + this->spis.len < 2 * sizeof(uint64_t)) { return FALSE; } - memcpy(spi_i, this->spis.ptr, sizeof(u_int64_t)); - memcpy(spi_r, this->spis.ptr + sizeof(u_int64_t), sizeof(u_int64_t)); + memcpy(spi_i, this->spis.ptr, sizeof(uint64_t)); + memcpy(spi_r, this->spis.ptr + sizeof(uint64_t), sizeof(uint64_t)); return TRUE; } @@ -306,7 +306,7 @@ typedef struct { } spi_enumerator_t; METHOD(enumerator_t, spis_enumerate, bool, - spi_enumerator_t *this, u_int32_t *spi) + spi_enumerator_t *this, uint32_t *spi) { if (this->spis.len >= sizeof(*spi)) { @@ -322,7 +322,7 @@ METHOD(delete_payload_t, create_spi_enumerator, enumerator_t*, { spi_enumerator_t *e; - if (this->spi_size != sizeof(u_int32_t)) + if (this->spi_size != sizeof(uint32_t)) { return enumerator_create_empty(); } diff --git a/src/libcharon/encoding/payloads/delete_payload.h b/src/libcharon/encoding/payloads/delete_payload.h index 6728718cd..06ed76c2e 100644 --- a/src/libcharon/encoding/payloads/delete_payload.h +++ b/src/libcharon/encoding/payloads/delete_payload.h @@ -51,7 +51,7 @@ struct delete_payload_t { * * @param spi spi to add */ - void (*add_spi) (delete_payload_t *this, u_int32_t spi); + void (*add_spi) (delete_payload_t *this, uint32_t spi); /** * Set the IKE SPIs for an IKEv1 delete. @@ -59,7 +59,7 @@ struct delete_payload_t { * @param spi_i initiator SPI * @param spi_r responder SPI */ - void (*set_ike_spi)(delete_payload_t *this, u_int64_t spi_i, u_int64_t spi_r); + void (*set_ike_spi)(delete_payload_t *this, uint64_t spi_i, uint64_t spi_r); /** * Get the IKE SPIs from an IKEv1 delete. @@ -68,12 +68,12 @@ struct delete_payload_t { * @param spi_r responder SPI * @return TRUE if SPIs extracted successfully */ - bool (*get_ike_spi)(delete_payload_t *this, u_int64_t *spi_i, u_int64_t *spi_r); + bool (*get_ike_spi)(delete_payload_t *this, uint64_t *spi_i, uint64_t *spi_r); /** * Get an enumerator over the SPIs in network order. * - * @return enumerator over SPIs, u_int32_t + * @return enumerator over SPIs, uint32_t */ enumerator_t *(*create_spi_enumerator) (delete_payload_t *this); diff --git a/src/libcharon/encoding/payloads/eap_payload.c b/src/libcharon/encoding/payloads/eap_payload.c index ebdf8a3fe..8c3fc5933 100644 --- a/src/libcharon/encoding/payloads/eap_payload.c +++ b/src/libcharon/encoding/payloads/eap_payload.c @@ -38,7 +38,7 @@ struct private_eap_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -53,7 +53,7 @@ struct private_eap_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * EAP message data, if available @@ -102,8 +102,8 @@ static encoding_rule_t encodings[] = { METHOD(payload_t, verify, status_t, private_eap_payload_t *this) { - u_int16_t length; - u_int8_t code; + uint16_t length; + uint8_t code; if (this->data.len < 4) { @@ -208,7 +208,7 @@ METHOD(eap_payload_t, get_code, eap_code_t, return 0; } -METHOD(eap_payload_t, get_identifier, u_int8_t, +METHOD(eap_payload_t, get_identifier, uint8_t, private_eap_payload_t *this) { if (this->data.len > 1) @@ -224,7 +224,7 @@ METHOD(eap_payload_t, get_identifier, u_int8_t, * @return the new offset or 0 if failed */ static size_t extract_type(private_eap_payload_t *this, size_t offset, - eap_type_t *type, u_int32_t *vendor) + eap_type_t *type, uint32_t *vendor) { if (this->data.len > offset) { @@ -245,7 +245,7 @@ static size_t extract_type(private_eap_payload_t *this, size_t offset, } METHOD(eap_payload_t, get_type, eap_type_t, - private_eap_payload_t *this, u_int32_t *vendor) + private_eap_payload_t *this, uint32_t *vendor) { eap_type_t type; @@ -270,7 +270,7 @@ typedef struct { } type_enumerator_t; METHOD(enumerator_t, enumerate_types, bool, - type_enumerator_t *this, eap_type_t *type, u_int32_t *vendor) + type_enumerator_t *this, eap_type_t *type, uint32_t *vendor) { this->offset = extract_type(this->payload, this->offset, type, vendor); return this->offset; @@ -281,7 +281,7 @@ METHOD(eap_payload_t, get_types, enumerator_t*, { type_enumerator_t *enumerator; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; size_t offset; offset = extract_type(this, 4, &type, &vendor); @@ -373,7 +373,7 @@ eap_payload_t *eap_payload_create_data_own(chunk_t data) /* * Described in header */ -eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) +eap_payload_t *eap_payload_create_code(eap_code_t code, uint8_t identifier) { chunk_t data; @@ -385,7 +385,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier) /** * Write the given type either expanded or not */ -static void write_type(bio_writer_t *writer, eap_type_t type, u_int32_t vendor, +static void write_type(bio_writer_t *writer, eap_type_t type, uint32_t vendor, bool expanded) { if (expanded) @@ -403,12 +403,12 @@ static void write_type(bio_writer_t *writer, eap_type_t type, u_int32_t vendor, /* * Described in header */ -eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type, - u_int32_t vendor, bool expanded) +eap_payload_t *eap_payload_create_nak(uint8_t identifier, eap_type_t type, + uint32_t vendor, bool expanded) { enumerator_t *enumerator; eap_type_t reg_type; - u_int32_t reg_vendor; + uint32_t reg_vendor; bio_writer_t *writer; chunk_t data; bool added_any = FALSE, found_vendor = FALSE; diff --git a/src/libcharon/encoding/payloads/eap_payload.h b/src/libcharon/encoding/payloads/eap_payload.h index e8ed1c5e7..abaefde28 100644 --- a/src/libcharon/encoding/payloads/eap_payload.h +++ b/src/libcharon/encoding/payloads/eap_payload.h @@ -72,7 +72,7 @@ struct eap_payload_t { * * @return unique identifier */ - u_int8_t (*get_identifier) (eap_payload_t *this); + uint8_t (*get_identifier) (eap_payload_t *this); /** * Get the EAP method type. @@ -80,13 +80,13 @@ struct eap_payload_t { * @param vendor pointer receiving vendor identifier * @return EAP method type, vendor specific if vendor != 0 */ - eap_type_t (*get_type) (eap_payload_t *this, u_int32_t *vendor); + eap_type_t (*get_type) (eap_payload_t *this, uint32_t *vendor); /** * Enumerate the EAP method types contained in an EAP-Nak (i.e. get_type() * returns EAP_NAK). * - * @return enumerator over (eap_type_t type, u_int32_t vendor) + * @return enumerator over (eap_type_t type, uint32_t vendor) */ enumerator_t* (*get_types) (eap_payload_t *this); @@ -136,7 +136,7 @@ eap_payload_t *eap_payload_create_data_own(chunk_t data); * @param identifier EAP identifier to use in payload * @return eap_payload_t object */ -eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier); +eap_payload_t *eap_payload_create_code(eap_code_t code, uint8_t identifier); /** * Creates an eap_payload_t EAP_RESPONSE containing an EAP_NAK. @@ -147,7 +147,7 @@ eap_payload_t *eap_payload_create_code(eap_code_t code, u_int8_t identifier); * @param expanded TRUE to send an expanded Nak * @return eap_payload_t object */ -eap_payload_t *eap_payload_create_nak(u_int8_t identifier, eap_type_t type, - u_int32_t vendor, bool expanded); +eap_payload_t *eap_payload_create_nak(uint8_t identifier, eap_type_t type, + uint32_t vendor, bool expanded); #endif /** EAP_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encodings.h b/src/libcharon/encoding/payloads/encodings.h index 54830bc8c..442bf7489 100644 --- a/src/libcharon/encoding/payloads/encodings.h +++ b/src/libcharon/encoding/payloads/encodings.h @@ -289,10 +289,10 @@ enum encoding_type_t { /** * Representating an IKE_SPI field in an IKEv2 Header. * - * When generating the value of the u_int64_t pointing to + * When generating the value of the uint64_t pointing to * is written (host and networ order is not changed). * - * When parsing 8 bytes are read and written into the u_int64_t pointing to. + * When parsing 8 bytes are read and written into the uint64_t pointing to. */ IKE_SPI, @@ -342,7 +342,7 @@ struct encoding_rule_t { * When generating, data are read from this offset in the * data struct. */ - u_int32_t offset; + uint32_t offset; }; #endif /** ENCODINGS_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h index 1c2cc379f..6ff61dd65 100644 --- a/src/libcharon/encoding/payloads/encrypted_fragment_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_fragment_payload.h @@ -42,14 +42,14 @@ struct encrypted_fragment_payload_t { * * @return fragment number */ - u_int16_t (*get_fragment_number)(encrypted_fragment_payload_t *this); + uint16_t (*get_fragment_number)(encrypted_fragment_payload_t *this); /** * Get the total number of fragments. * * @return total number of fragments */ - u_int16_t (*get_total_fragments)(encrypted_fragment_payload_t *this); + uint16_t (*get_total_fragments)(encrypted_fragment_payload_t *this); /** * Get the (decrypted) content of this payload. @@ -80,6 +80,6 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create(); * @return encrypted_fragment_payload_t object */ encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data( - u_int16_t num, u_int16_t total, chunk_t data); + uint16_t num, uint16_t total, chunk_t data); #endif /** ENCRYPTED_FRAGMENT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/encrypted_payload.c b/src/libcharon/encoding/payloads/encrypted_payload.c index d1a267836..a033f6081 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.c +++ b/src/libcharon/encoding/payloads/encrypted_payload.c @@ -43,17 +43,17 @@ struct private_encrypted_payload_t { * next_payload means here the first payload of the * contained, encrypted payload. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Flags, including reserved bits */ - u_int8_t flags; + uint8_t flags; /** * Length of this payload */ - u_int16_t payload_length; + uint16_t payload_length; /** * Chunk containing the IV, plain, padding and ICV. @@ -88,17 +88,17 @@ struct private_encrypted_fragment_payload_t { * the original encrypted payload, for all other fragments it MUST be set * to zero. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Flags, including reserved bits */ - u_int8_t flags; + uint8_t flags; /** * Length of this payload */ - u_int16_t payload_length; + uint16_t payload_length; /** * Chunk containing the IV, plain, padding and ICV. @@ -108,12 +108,12 @@ struct private_encrypted_fragment_payload_t { /** * Fragment number */ - u_int16_t fragment_number; + uint16_t fragment_number; /** * Total fragments */ - u_int16_t total_fragments; + uint16_t total_fragments; /** * AEAD transform to use @@ -366,7 +366,7 @@ static chunk_t generate(private_encrypted_payload_t *this, { payload_t *current, *next; enumerator_t *enumerator; - u_int32_t *lenpos; + uint32_t *lenpos; chunk_t chunk = chunk_empty; enumerator = this->payloads->create_enumerator(this->payloads); @@ -402,9 +402,9 @@ METHOD(encrypted_payload_t, generate_payloads, void, static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc) { struct { - u_int8_t next_payload; - u_int8_t flags; - u_int16_t length; + uint8_t next_payload; + uint8_t flags; + uint16_t length; } __attribute__((packed)) header = { .next_payload = this->next_payload, .flags = this->flags, @@ -416,7 +416,7 @@ static chunk_t append_header(private_encrypted_payload_t *this, chunk_t assoc) /** * Encrypts the data in plain and returns it in an allocated chunk. */ -static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid, +static status_t encrypt_content(char *label, aead_t *aead, uint64_t mid, chunk_t plain, chunk_t assoc, chunk_t *encrypted) { chunk_t iv, padding, icv, crypt; @@ -486,7 +486,7 @@ static status_t encrypt_content(char *label, aead_t *aead, u_int64_t mid, } METHOD(encrypted_payload_t, encrypt, status_t, - private_encrypted_payload_t *this, u_int64_t mid, chunk_t assoc) + private_encrypted_payload_t *this, uint64_t mid, chunk_t assoc) { generator_t *generator; chunk_t plain; @@ -512,7 +512,7 @@ METHOD(encrypted_payload_t, encrypt, status_t, } METHOD(encrypted_payload_t, encrypt_v1, status_t, - private_encrypted_payload_t *this, u_int64_t mid, chunk_t iv) + private_encrypted_payload_t *this, uint64_t mid, chunk_t iv) { generator_t *generator; chunk_t plain, padding; @@ -869,13 +869,13 @@ METHOD2(payload_t, encrypted_payload_t, frag_get_length, size_t, return this->payload_length; } -METHOD(encrypted_fragment_payload_t, get_fragment_number, u_int16_t, +METHOD(encrypted_fragment_payload_t, get_fragment_number, uint16_t, private_encrypted_fragment_payload_t *this) { return this->fragment_number; } -METHOD(encrypted_fragment_payload_t, get_total_fragments, u_int16_t, +METHOD(encrypted_fragment_payload_t, get_total_fragments, uint16_t, private_encrypted_fragment_payload_t *this) { return this->total_fragments; @@ -906,11 +906,11 @@ static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this, chunk_t assoc) { struct { - u_int8_t next_payload; - u_int8_t flags; - u_int16_t length; - u_int16_t fragment_number; - u_int16_t total_fragments; + uint8_t next_payload; + uint8_t flags; + uint16_t length; + uint16_t fragment_number; + uint16_t total_fragments; } __attribute__((packed)) header = { .next_payload = this->next_payload, .flags = this->flags, @@ -922,7 +922,7 @@ static chunk_t append_header_frag(private_encrypted_fragment_payload_t *this, } METHOD(encrypted_payload_t, frag_encrypt, status_t, - private_encrypted_fragment_payload_t *this, u_int64_t mid, chunk_t assoc) + private_encrypted_fragment_payload_t *this, uint64_t mid, chunk_t assoc) { status_t status; @@ -1015,7 +1015,7 @@ encrypted_fragment_payload_t *encrypted_fragment_payload_create() * Described in header */ encrypted_fragment_payload_t *encrypted_fragment_payload_create_from_data( - u_int16_t num, u_int16_t total, chunk_t plain) + uint16_t num, uint16_t total, chunk_t plain) { private_encrypted_fragment_payload_t *this; diff --git a/src/libcharon/encoding/payloads/encrypted_payload.h b/src/libcharon/encoding/payloads/encrypted_payload.h index be59e3c2d..19c60c5be 100644 --- a/src/libcharon/encoding/payloads/encrypted_payload.h +++ b/src/libcharon/encoding/payloads/encrypted_payload.h @@ -88,7 +88,7 @@ struct encrypted_payload_t { * - FAILED if encryption failed * - INVALID_STATE if aead not supplied, but needed */ - status_t (*encrypt) (encrypted_payload_t *this, u_int64_t mid, + status_t (*encrypt) (encrypted_payload_t *this, uint64_t mid, chunk_t assoc); /** diff --git a/src/libcharon/encoding/payloads/endpoint_notify.c b/src/libcharon/encoding/payloads/endpoint_notify.c index ebe5f32f7..afeee72e4 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.c +++ b/src/libcharon/encoding/payloads/endpoint_notify.c @@ -33,7 +33,7 @@ struct private_endpoint_notify_t { /** * Priority */ - u_int32_t priority; + uint32_t priority; /** * Family @@ -83,36 +83,36 @@ static private_endpoint_notify_t *endpoint_notify_create(); /** * Helper functions to parse integer values */ -static status_t parse_uint8(u_int8_t **cur, u_int8_t *top, u_int8_t *val) +static status_t parse_uint8(uint8_t **cur, uint8_t *top, uint8_t *val) { - if (*cur + sizeof(u_int8_t) > top) + if (*cur + sizeof(uint8_t) > top) { return FAILED; } - *val = *(u_int8_t*)*cur; - *cur += sizeof(u_int8_t); + *val = *(uint8_t*)*cur; + *cur += sizeof(uint8_t); return SUCCESS; } -static status_t parse_uint16(u_int8_t **cur, u_int8_t *top, u_int16_t *val) +static status_t parse_uint16(uint8_t **cur, uint8_t *top, uint16_t *val) { - if (*cur + sizeof(u_int16_t) > top) + if (*cur + sizeof(uint16_t) > top) { return FAILED; } - *val = ntohs(*(u_int16_t*)*cur); - *cur += sizeof(u_int16_t); + *val = ntohs(*(uint16_t*)*cur); + *cur += sizeof(uint16_t); return SUCCESS; } -static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val) +static status_t parse_uint32(uint8_t **cur, uint8_t *top, uint32_t *val) { - if (*cur + sizeof(u_int32_t) > top) + if (*cur + sizeof(uint32_t) > top) { return FAILED; } - *val = ntohl(*(u_int32_t*)*cur); - *cur += sizeof(u_int32_t); + *val = ntohl(*(uint32_t*)*cur); + *cur += sizeof(uint32_t); return SUCCESS; } @@ -121,11 +121,11 @@ static status_t parse_uint32(u_int8_t **cur, u_int8_t *top, u_int32_t *val) */ static status_t parse_notification_data(private_endpoint_notify_t *this, chunk_t data) { - u_int8_t family, type, addr_family; - u_int16_t port; + uint8_t family, type, addr_family; + uint16_t port; chunk_t addr; - u_int8_t *cur = data.ptr; - u_int8_t *top = data.ptr + data.len; + uint8_t *cur = data.ptr; + uint8_t *top = data.ptr + data.len; DBG3(DBG_IKE, "me_endpoint_data %B", &data); @@ -191,9 +191,9 @@ static chunk_t build_notification_data(private_endpoint_notify_t *this) { chunk_t prio_chunk, family_chunk, type_chunk, port_chunk, addr_chunk; chunk_t data; - u_int32_t prio; - u_int16_t port; - u_int8_t family, type; + uint32_t prio; + uint16_t port; + uint8_t family, type; prio = htonl(this->priority); prio_chunk = chunk_from_thing(prio); @@ -237,14 +237,14 @@ METHOD(endpoint_notify_t, build_notify, notify_payload_t*, } -METHOD(endpoint_notify_t, get_priority, u_int32_t, +METHOD(endpoint_notify_t, get_priority, uint32_t, private_endpoint_notify_t *this) { return this->priority; } METHOD(endpoint_notify_t, set_priority, void, - private_endpoint_notify_t *this, u_int32_t priority) + private_endpoint_notify_t *this, uint32_t priority) { this->priority = priority; } diff --git a/src/libcharon/encoding/payloads/endpoint_notify.h b/src/libcharon/encoding/payloads/endpoint_notify.h index 853aadf3d..f4cf89fd7 100644 --- a/src/libcharon/encoding/payloads/endpoint_notify.h +++ b/src/libcharon/encoding/payloads/endpoint_notify.h @@ -82,14 +82,14 @@ struct endpoint_notify_t { * * @return priority */ - u_int32_t (*get_priority) (endpoint_notify_t *this); + uint32_t (*get_priority) (endpoint_notify_t *this); /** * Sets the priority of this endpoint. * * @param priority priority */ - void (*set_priority) (endpoint_notify_t *this, u_int32_t priority); + void (*set_priority) (endpoint_notify_t *this, uint32_t priority); /** * Returns the endpoint type of this endpoint. diff --git a/src/libcharon/encoding/payloads/fragment_payload.c b/src/libcharon/encoding/payloads/fragment_payload.c index 7f158f548..fecd05f05 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.c +++ b/src/libcharon/encoding/payloads/fragment_payload.c @@ -35,32 +35,32 @@ struct private_fragment_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Reserved byte */ - u_int8_t reserved; + uint8_t reserved; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Fragment ID. */ - u_int16_t fragment_id; + uint16_t fragment_id; /** * Fragment number. */ - u_int8_t fragment_number; + uint8_t fragment_number; /** * Flags */ - u_int8_t flags; + uint8_t flags; /** * The contained fragment data. @@ -145,13 +145,13 @@ METHOD(payload_t, get_length, size_t, return this->payload_length; } -METHOD(fragment_payload_t, get_id, u_int16_t, +METHOD(fragment_payload_t, get_id, uint16_t, private_fragment_payload_t *this) { return this->fragment_id; } -METHOD(fragment_payload_t, get_number, u_int8_t, +METHOD(fragment_payload_t, get_number, uint8_t, private_fragment_payload_t *this) { return this->fragment_number; @@ -210,7 +210,7 @@ fragment_payload_t *fragment_payload_create() /* * Described in header */ -fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last, +fragment_payload_t *fragment_payload_create_from_data(uint8_t num, bool last, chunk_t data) { private_fragment_payload_t *this; diff --git a/src/libcharon/encoding/payloads/fragment_payload.h b/src/libcharon/encoding/payloads/fragment_payload.h index a49cf32dd..a756601a0 100644 --- a/src/libcharon/encoding/payloads/fragment_payload.h +++ b/src/libcharon/encoding/payloads/fragment_payload.h @@ -42,14 +42,14 @@ struct fragment_payload_t { * * @return fragment ID */ - u_int16_t (*get_id)(fragment_payload_t *this); + uint16_t (*get_id)(fragment_payload_t *this); /** * Get the fragment number. Defines the order of the fragments. * * @return fragment number */ - u_int8_t (*get_number)(fragment_payload_t *this); + uint8_t (*get_number)(fragment_payload_t *this); /** * Check if this is the last fragment. @@ -88,7 +88,7 @@ fragment_payload_t *fragment_payload_create(); * @param data fragment data (gets cloned) * @return fragment_payload_t object */ -fragment_payload_t *fragment_payload_create_from_data(u_int8_t num, bool last, +fragment_payload_t *fragment_payload_create_from_data(uint8_t num, bool last, chunk_t data); #endif /** FRAGMENT_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/hash_payload.c b/src/libcharon/encoding/payloads/hash_payload.c index a12b018e5..eac820742 100644 --- a/src/libcharon/encoding/payloads/hash_payload.c +++ b/src/libcharon/encoding/payloads/hash_payload.c @@ -34,17 +34,17 @@ struct private_hash_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Reserved byte */ - u_int8_t reserved; + uint8_t reserved; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained hash value. diff --git a/src/libcharon/encoding/payloads/id_payload.c b/src/libcharon/encoding/payloads/id_payload.c index bb8aab748..ae0b19a9d 100644 --- a/src/libcharon/encoding/payloads/id_payload.c +++ b/src/libcharon/encoding/payloads/id_payload.c @@ -38,7 +38,7 @@ struct private_id_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -53,17 +53,17 @@ struct private_id_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[3]; + uint8_t reserved_byte[3]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Type of the ID Data. */ - u_int8_t id_type; + uint8_t id_type; /** * The contained id data value. @@ -73,12 +73,12 @@ struct private_id_payload_t { /** * Tunneled protocol ID for IKEv1 quick modes. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * Tunneled port for IKEv1 quick modes. */ - u_int16_t port; + uint16_t port; /** * one of PLV2_ID_INITIATOR, PLV2_ID_RESPONDER, IDv1 and PLV1_NAT_OA @@ -334,7 +334,7 @@ METHOD(id_payload_t, get_ts, traffic_selector_t*, METHOD(id_payload_t, get_encoded, chunk_t, private_id_payload_t *this) { - u_int16_t port = htons(this->port); + uint16_t port = htons(this->port); return chunk_cat("cccc", chunk_from_thing(this->id_type), chunk_from_thing(this->protocol_id), chunk_from_thing(port), this->id_data); @@ -400,7 +400,7 @@ id_payload_t *id_payload_create_from_identification(payload_type_t type, id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts) { private_id_payload_t *this; - u_int8_t mask; + uint8_t mask; host_t *net; this = (private_id_payload_t*)id_payload_create(PLV1_ID); @@ -419,7 +419,7 @@ id_payload_t *id_payload_create_from_ts(traffic_selector_t *ts) } else if (ts->to_subnet(ts, &net, &mask)) { - u_int8_t netmask[16], len, byte; + uint8_t netmask[16], len, byte; if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE) { diff --git a/src/libcharon/encoding/payloads/ike_header.c b/src/libcharon/encoding/payloads/ike_header.c index c96738a34..61a0424e3 100644 --- a/src/libcharon/encoding/payloads/ike_header.c +++ b/src/libcharon/encoding/payloads/ike_header.c @@ -37,31 +37,31 @@ struct private_ike_header_t { /** * SPI of the initiator. */ - u_int64_t initiator_spi; + uint64_t initiator_spi; /** * SPI of the responder. */ - u_int64_t responder_spi; + uint64_t responder_spi; /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * IKE major version. */ - u_int8_t maj_version; + uint8_t maj_version; /** * IKE minor version. */ - u_int8_t min_version; + uint8_t min_version; /** * Exchange type . */ - u_int8_t exchange_type; + uint8_t exchange_type; /** * Flags of the Message. @@ -106,12 +106,12 @@ struct private_ike_header_t { /** * Associated Message-ID. */ - u_int32_t message_id; + uint32_t message_id; /** * Length of the whole IKEv2-Message (header and all payloads). */ - u_int32_t length; + uint32_t length; }; ENUM_BEGIN(exchange_type_names, ID_PROT, TRANSACTION, @@ -290,50 +290,50 @@ METHOD(payload_t, get_length, size_t, return this->length; } -METHOD(ike_header_t, get_initiator_spi, u_int64_t, +METHOD(ike_header_t, get_initiator_spi, uint64_t, private_ike_header_t *this) { return this->initiator_spi; } METHOD(ike_header_t, set_initiator_spi, void, - private_ike_header_t *this, u_int64_t initiator_spi) + private_ike_header_t *this, uint64_t initiator_spi) { this->initiator_spi = initiator_spi; } -METHOD(ike_header_t, get_responder_spi, u_int64_t, +METHOD(ike_header_t, get_responder_spi, uint64_t, private_ike_header_t *this) { return this->responder_spi; } METHOD(ike_header_t, set_responder_spi, void, - private_ike_header_t *this, u_int64_t responder_spi) + private_ike_header_t *this, uint64_t responder_spi) { this->responder_spi = responder_spi; } -METHOD(ike_header_t, get_maj_version, u_int8_t, +METHOD(ike_header_t, get_maj_version, uint8_t, private_ike_header_t *this) { return this->maj_version; } METHOD(ike_header_t, set_maj_version, void, - private_ike_header_t *this, u_int8_t major) + private_ike_header_t *this, uint8_t major) { this->maj_version = major; } -METHOD(ike_header_t, get_min_version, u_int8_t, +METHOD(ike_header_t, get_min_version, uint8_t, private_ike_header_t *this) { return this->min_version; } METHOD(ike_header_t, set_min_version, void, - private_ike_header_t *this, u_int8_t minor) + private_ike_header_t *this, uint8_t minor) { this->min_version = minor; } @@ -411,26 +411,26 @@ METHOD(ike_header_t, set_authonly_flag, void, this->flags.authonly = authonly; } -METHOD(ike_header_t, get_exchange_type, u_int8_t, +METHOD(ike_header_t, get_exchange_type, uint8_t, private_ike_header_t *this) { return this->exchange_type; } METHOD(ike_header_t, set_exchange_type, void, - private_ike_header_t *this, u_int8_t exchange_type) + private_ike_header_t *this, uint8_t exchange_type) { this->exchange_type = exchange_type; } -METHOD(ike_header_t, get_message_id, u_int32_t, +METHOD(ike_header_t, get_message_id, uint32_t, private_ike_header_t *this) { return this->message_id; } METHOD(ike_header_t, set_message_id, void, - private_ike_header_t *this, u_int32_t message_id) + private_ike_header_t *this, uint32_t message_id) { this->message_id = message_id; } diff --git a/src/libcharon/encoding/payloads/ike_header.h b/src/libcharon/encoding/payloads/ike_header.h index d9a44dd0c..fa89c3939 100644 --- a/src/libcharon/encoding/payloads/ike_header.h +++ b/src/libcharon/encoding/payloads/ike_header.h @@ -153,56 +153,56 @@ struct ike_header_t { * * @return initiator_spi */ - u_int64_t (*get_initiator_spi) (ike_header_t *this); + uint64_t (*get_initiator_spi) (ike_header_t *this); /** * Set the initiator spi. * * @param initiator_spi initiator_spi */ - void (*set_initiator_spi) (ike_header_t *this, u_int64_t initiator_spi); + void (*set_initiator_spi) (ike_header_t *this, uint64_t initiator_spi); /** * Get the responder spi. * * @return responder_spi */ - u_int64_t (*get_responder_spi) (ike_header_t *this); + uint64_t (*get_responder_spi) (ike_header_t *this); /** * Set the responder spi. * * @param responder_spi responder_spi */ - void (*set_responder_spi) (ike_header_t *this, u_int64_t responder_spi); + void (*set_responder_spi) (ike_header_t *this, uint64_t responder_spi); /** * Get the major version. * * @return major version */ - u_int8_t (*get_maj_version) (ike_header_t *this); + uint8_t (*get_maj_version) (ike_header_t *this); /** * Set the major version. * * @param major major version */ - void (*set_maj_version) (ike_header_t *this, u_int8_t major); + void (*set_maj_version) (ike_header_t *this, uint8_t major); /** * Get the minor version. * * @return minor version */ - u_int8_t (*get_min_version) (ike_header_t *this); + uint8_t (*get_min_version) (ike_header_t *this); /** * Set the minor version. * * @param minor minor version */ - void (*set_min_version) (ike_header_t *this, u_int8_t minor); + void (*set_min_version) (ike_header_t *this, uint8_t minor); /** * Get the response flag. @@ -293,28 +293,28 @@ struct ike_header_t { * * @return exchange type */ - u_int8_t (*get_exchange_type) (ike_header_t *this); + uint8_t (*get_exchange_type) (ike_header_t *this); /** * Set the exchange type. * * @param exchange_type exchange type */ - void (*set_exchange_type) (ike_header_t *this, u_int8_t exchange_type); + void (*set_exchange_type) (ike_header_t *this, uint8_t exchange_type); /** * Get the message id. * * @return message id */ - u_int32_t (*get_message_id) (ike_header_t *this); + uint32_t (*get_message_id) (ike_header_t *this); /** * Set the message id. * * @param initiator_spi message id */ - void (*set_message_id) (ike_header_t *this, u_int32_t message_id); + void (*set_message_id) (ike_header_t *this, uint32_t message_id); /** * Destroys a ike_header_t object. diff --git a/src/libcharon/encoding/payloads/ke_payload.c b/src/libcharon/encoding/payloads/ke_payload.c index 50fd73f90..37f3adf88 100644 --- a/src/libcharon/encoding/payloads/ke_payload.c +++ b/src/libcharon/encoding/payloads/ke_payload.c @@ -36,7 +36,7 @@ struct private_ke_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -51,17 +51,17 @@ struct private_ke_payload_t { /** * Reserved bytes */ - u_int8_t reserved_byte[2]; + uint8_t reserved_byte[2]; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * DH Group Number. */ - u_int16_t dh_group_number; + uint16_t dh_group_number; /** * Key Exchange Data of this KE payload. diff --git a/src/libcharon/encoding/payloads/nonce_payload.c b/src/libcharon/encoding/payloads/nonce_payload.c index b0d1c601a..17a0417dc 100644 --- a/src/libcharon/encoding/payloads/nonce_payload.c +++ b/src/libcharon/encoding/payloads/nonce_payload.c @@ -37,7 +37,7 @@ struct private_nonce_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -52,7 +52,7 @@ struct private_nonce_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained nonce value. diff --git a/src/libcharon/encoding/payloads/notify_payload.c b/src/libcharon/encoding/payloads/notify_payload.c index f32a1273f..ca7ef3a45 100644 --- a/src/libcharon/encoding/payloads/notify_payload.c +++ b/src/libcharon/encoding/payloads/notify_payload.c @@ -260,7 +260,7 @@ struct private_notify_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -275,27 +275,27 @@ struct private_notify_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Domain of interpretation, IKEv1 only. */ - u_int32_t doi; + uint32_t doi; /** * Protocol id. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * Spi size. */ - u_int8_t spi_size; + uint8_t spi_size; /** * Notify message type. */ - u_int16_t notify_type; + uint16_t notify_type; /** * Security parameter index (spi). @@ -596,14 +596,14 @@ METHOD(payload_t, get_length, size_t, return this->payload_length; } -METHOD(notify_payload_t, get_protocol_id, u_int8_t, +METHOD(notify_payload_t, get_protocol_id, uint8_t, private_notify_payload_t *this) { return this->protocol_id; } METHOD(notify_payload_t, set_protocol_id, void, - private_notify_payload_t *this, u_int8_t protocol_id) + private_notify_payload_t *this, uint8_t protocol_id) { this->protocol_id = protocol_id; } @@ -620,7 +620,7 @@ METHOD(notify_payload_t, set_notify_type, void, this->notify_type = notify_type; } -METHOD(notify_payload_t, get_spi, u_int32_t, +METHOD(notify_payload_t, get_spi, uint32_t, private_notify_payload_t *this) { switch (this->protocol_id) @@ -629,7 +629,7 @@ METHOD(notify_payload_t, get_spi, u_int32_t, case PROTO_ESP: if (this->spi.len == 4) { - return *((u_int32_t*)this->spi.ptr); + return *((uint32_t*)this->spi.ptr); } default: break; @@ -638,7 +638,7 @@ METHOD(notify_payload_t, get_spi, u_int32_t, } METHOD(notify_payload_t, set_spi, void, - private_notify_payload_t *this, u_int32_t spi) + private_notify_payload_t *this, uint32_t spi) { chunk_free(&this->spi); switch (this->protocol_id) @@ -646,7 +646,7 @@ METHOD(notify_payload_t, set_spi, void, case PROTO_AH: case PROTO_ESP: this->spi = chunk_alloc(4); - *((u_int32_t*)this->spi.ptr) = spi; + *((uint32_t*)this->spi.ptr) = spi; break; default: break; diff --git a/src/libcharon/encoding/payloads/notify_payload.h b/src/libcharon/encoding/payloads/notify_payload.h index 690757383..04160bbfc 100644 --- a/src/libcharon/encoding/payloads/notify_payload.h +++ b/src/libcharon/encoding/payloads/notify_payload.h @@ -200,14 +200,14 @@ struct notify_payload_t { * * @return protocol id of this payload */ - u_int8_t (*get_protocol_id) (notify_payload_t *this); + uint8_t (*get_protocol_id) (notify_payload_t *this); /** * Sets the protocol id of this payload. * * @param protocol_id protocol id to set */ - void (*set_protocol_id) (notify_payload_t *this, u_int8_t protocol_id); + void (*set_protocol_id) (notify_payload_t *this, uint8_t protocol_id); /** * Gets the notify message type of this payload. @@ -230,7 +230,7 @@ struct notify_payload_t { * * @return SPI value */ - u_int32_t (*get_spi) (notify_payload_t *this); + uint32_t (*get_spi) (notify_payload_t *this); /** * Sets the spi of this payload. @@ -239,7 +239,7 @@ struct notify_payload_t { * * @param spi SPI value */ - void (*set_spi) (notify_payload_t *this, u_int32_t spi); + void (*set_spi) (notify_payload_t *this, uint32_t spi); /** * Returns the currently set spi of this payload. diff --git a/src/libcharon/encoding/payloads/payload.c b/src/libcharon/encoding/payloads/payload.c index f7c2754e0..6d1894edb 100644 --- a/src/libcharon/encoding/payloads/payload.c +++ b/src/libcharon/encoding/payloads/payload.c @@ -268,7 +268,7 @@ payload_t *payload_create(payload_type_t type) /** * See header. */ -bool payload_is_known(payload_type_t type, u_int8_t maj_ver) +bool payload_is_known(payload_type_t type, uint8_t maj_ver) { if (type >= PL_HEADER) { diff --git a/src/libcharon/encoding/payloads/payload.h b/src/libcharon/encoding/payloads/payload.h index 72003894f..8ba1ef9f5 100644 --- a/src/libcharon/encoding/payloads/payload.h +++ b/src/libcharon/encoding/payloads/payload.h @@ -413,7 +413,7 @@ payload_t *payload_create(payload_type_t type); * @param maj_ver major IKE version (use 0 to skip version check) * @return FALSE if payload type handled as unknown payload */ -bool payload_is_known(payload_type_t type, u_int8_t maj_ver); +bool payload_is_known(payload_type_t type, uint8_t maj_ver); /** * Get the value field in a payload using encoding rules. diff --git a/src/libcharon/encoding/payloads/proposal_substructure.c b/src/libcharon/encoding/payloads/proposal_substructure.c index 65ce667c7..1a435a823 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.c +++ b/src/libcharon/encoding/payloads/proposal_substructure.c @@ -45,37 +45,37 @@ struct private_proposal_substructure_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * reserved byte */ - u_int8_t reserved; + uint8_t reserved; /** * Length of this payload. */ - u_int16_t proposal_length; + uint16_t proposal_length; /** * Proposal number. */ - u_int8_t proposal_number; + uint8_t proposal_number; /** * Protocol ID. */ - u_int8_t protocol_id; + uint8_t protocol_id; /** * SPI size of the following SPI. */ - u_int8_t spi_size; + uint8_t spi_size; /** * Number of transforms. */ - u_int8_t transforms_count; + uint8_t transforms_count; /** * SPI is stored as chunk. @@ -479,24 +479,24 @@ METHOD(proposal_substructure_t, set_is_last_proposal, void, } METHOD(proposal_substructure_t, set_proposal_number, void, - private_proposal_substructure_t *this,u_int8_t proposal_number) + private_proposal_substructure_t *this,uint8_t proposal_number) { this->proposal_number = proposal_number; } -METHOD(proposal_substructure_t, get_proposal_number, u_int8_t, +METHOD(proposal_substructure_t, get_proposal_number, uint8_t, private_proposal_substructure_t *this) { return this->proposal_number; } METHOD(proposal_substructure_t, set_protocol_id, void, - private_proposal_substructure_t *this,u_int8_t protocol_id) + private_proposal_substructure_t *this,uint8_t protocol_id) { this->protocol_id = protocol_id; } -METHOD(proposal_substructure_t, get_protocol_id, u_int8_t, +METHOD(proposal_substructure_t, get_protocol_id, uint8_t, private_proposal_substructure_t *this) { return this->protocol_id; @@ -518,7 +518,7 @@ METHOD(proposal_substructure_t, get_spi, chunk_t, } METHOD(proposal_substructure_t, get_cpi, bool, - private_proposal_substructure_t *this, u_int16_t *cpi) + private_proposal_substructure_t *this, uint16_t *cpi) { transform_substructure_t *transform; @@ -554,7 +554,7 @@ static void add_to_proposal_v2(proposal_t *proposal, { transform_attribute_t *tattr; enumerator_t *enumerator; - u_int16_t key_length = 0; + uint16_t key_length = 0; enumerator = transform->create_attribute_enumerator(transform); while (enumerator->enumerate(enumerator, &tattr)) @@ -576,8 +576,8 @@ static void add_to_proposal_v2(proposal_t *proposal, * Map IKEv1 to IKEv2 algorithms */ typedef struct { - u_int16_t ikev1; - u_int16_t ikev2; + uint16_t ikev1; + uint16_t ikev2; } algo_map_t; /** @@ -681,8 +681,8 @@ static algo_map_t map_auth[] = { /** * Map an IKEv1 to an IKEv2 identifier */ -static u_int16_t ikev2_from_ikev1(algo_map_t *map, int count, u_int16_t def, - u_int16_t value) +static uint16_t ikev2_from_ikev1(algo_map_t *map, int count, uint16_t def, + uint16_t value) { int i; @@ -699,7 +699,7 @@ static u_int16_t ikev2_from_ikev1(algo_map_t *map, int count, u_int16_t def, /** * Map an IKEv2 to an IKEv1 identifier */ -static u_int16_t ikev1_from_ikev2(algo_map_t *map, int count, u_int16_t value) +static uint16_t ikev1_from_ikev2(algo_map_t *map, int count, uint16_t value) { int i; @@ -716,7 +716,7 @@ static u_int16_t ikev1_from_ikev2(algo_map_t *map, int count, u_int16_t value) /** * Get IKEv2 algorithm from IKEv1 identifier */ -static u_int16_t get_alg_from_ikev1(transform_type_t type, u_int16_t value) +static uint16_t get_alg_from_ikev1(transform_type_t type, uint16_t value) { switch (type) { @@ -737,7 +737,7 @@ static u_int16_t get_alg_from_ikev1(transform_type_t type, u_int16_t value) /** * Get IKEv1 algorithm from IKEv2 identifier */ -static u_int16_t get_ikev1_from_alg(transform_type_t type, u_int16_t value) +static uint16_t get_ikev1_from_alg(transform_type_t type, uint16_t value) { switch (type) { @@ -755,8 +755,8 @@ static u_int16_t get_ikev1_from_alg(transform_type_t type, u_int16_t value) /** * Get IKEv2 algorithm from IKEv1 ESP/AH transform ID */ -static u_int16_t get_alg_from_ikev1_transid(transform_type_t type, - u_int16_t value) +static uint16_t get_alg_from_ikev1_transid(transform_type_t type, + uint16_t value) { switch (type) { @@ -774,8 +774,8 @@ static u_int16_t get_alg_from_ikev1_transid(transform_type_t type, /** * Get IKEv1 ESP/AH transform ID from IKEv2 identifier */ -static u_int16_t get_ikev1_transid_from_alg(transform_type_t type, - u_int16_t value) +static uint16_t get_ikev1_transid_from_alg(transform_type_t type, + uint16_t value) { switch (type) { @@ -791,7 +791,7 @@ static u_int16_t get_ikev1_transid_from_alg(transform_type_t type, /** * Get IKEv1 authentication algorithm from IKEv2 identifier */ -static u_int16_t get_alg_from_ikev1_auth(u_int16_t value) +static uint16_t get_alg_from_ikev1_auth(uint16_t value) { return ikev2_from_ikev1(map_auth, countof(map_auth), AUTH_UNDEFINED, value); } @@ -799,7 +799,7 @@ static u_int16_t get_alg_from_ikev1_auth(u_int16_t value) /** * Get IKEv1 authentication algorithm from IKEv2 identifier */ -static u_int16_t get_ikev1_auth_from_alg(u_int16_t value) +static uint16_t get_ikev1_auth_from_alg(uint16_t value) { return ikev1_from_ikev2(map_auth, countof(map_auth), value); } @@ -807,7 +807,7 @@ static u_int16_t get_ikev1_auth_from_alg(u_int16_t value) /** * Get IKEv1 authentication attribute from auth_method_t */ -static u_int16_t get_ikev1_auth(auth_method_t method) +static uint16_t get_ikev1_auth(auth_method_t method) { switch (method) { @@ -842,7 +842,7 @@ static u_int16_t get_ikev1_auth(auth_method_t method) /** * Get IKEv1 encapsulation mode */ -static u_int16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp) +static uint16_t get_ikev1_mode(ipsec_mode_t mode, encap_t udp) { switch (mode) { @@ -880,8 +880,8 @@ static void add_to_proposal_v1_ike(proposal_t *proposal, transform_attribute_type_t type; transform_attribute_t *tattr; enumerator_t *enumerator; - u_int16_t value, key_length = 0; - u_int16_t encr = ENCR_UNDEFINED; + uint16_t value, key_length = 0; + uint16_t encr = ENCR_UNDEFINED; enumerator = transform->create_attribute_enumerator(transform); while (enumerator->enumerate(enumerator, &tattr)) @@ -932,7 +932,8 @@ static void add_to_proposal_v1(proposal_t *proposal, transform_attribute_type_t type; transform_attribute_t *tattr; enumerator_t *enumerator; - u_int16_t encr, value, key_length = 0; + uint16_t encr, value, key_length = 0; + extended_sequence_numbers_t esn = NO_EXT_SEQ_NUMBERS; enumerator = transform->create_attribute_enumerator(transform); while (enumerator->enumerate(enumerator, &tattr)) @@ -952,15 +953,16 @@ static void add_to_proposal_v1(proposal_t *proposal, proposal->add_algorithm(proposal, DIFFIE_HELLMAN_GROUP, value, 0); break; + case TATTR_PH2_EXT_SEQ_NUMBER: + esn = EXT_SEQ_NUMBERS; + break; default: break; } } enumerator->destroy(enumerator); - /* TODO-IKEv1: handle ESN attribute */ - proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, - NO_EXT_SEQ_NUMBERS, 0); + proposal->add_algorithm(proposal, EXTENDED_SEQUENCE_NUMBERS, esn, 0); if (proto == PROTO_ESP) { encr = get_alg_from_ikev1_transid(ENCRYPTION_ALGORITHM, @@ -985,15 +987,15 @@ METHOD(proposal_substructure_t, get_proposals, void, transform_substructure_t *transform; enumerator_t *enumerator; proposal_t *proposal = NULL; - u_int64_t spi = 0; + uint64_t spi = 0; switch (this->spi.len) { case 4: - spi = *((u_int32_t*)this->spi.ptr); + spi = *((uint32_t*)this->spi.ptr); break; case 8: - spi = *((u_int64_t*)this->spi.ptr); + spi = *((uint64_t*)this->spi.ptr); break; default: break; @@ -1042,7 +1044,7 @@ METHOD(proposal_substructure_t, create_substructure_enumerator, enumerator_t*, /** * Get an attribute from any transform, 0 if not found */ -static u_int64_t get_attr(private_proposal_substructure_t *this, +static uint64_t get_attr(private_proposal_substructure_t *this, transform_attribute_type_t type) { enumerator_t *transforms, *attributes; @@ -1071,7 +1073,7 @@ static u_int64_t get_attr(private_proposal_substructure_t *this, /** * Look up a lifetime duration of a given kind in all transforms */ -static u_int64_t get_life_duration(private_proposal_substructure_t *this, +static uint64_t get_life_duration(private_proposal_substructure_t *this, transform_attribute_type_t type_attr, ikev1_life_type_t type, transform_attribute_type_t dur_attr) { @@ -1105,10 +1107,10 @@ static u_int64_t get_life_duration(private_proposal_substructure_t *this, return 0; } -METHOD(proposal_substructure_t, get_lifetime, u_int32_t, +METHOD(proposal_substructure_t, get_lifetime, uint32_t, private_proposal_substructure_t *this) { - u_int32_t duration; + uint32_t duration; switch (this->protocol_id) { @@ -1129,7 +1131,7 @@ METHOD(proposal_substructure_t, get_lifetime, u_int32_t, } } -METHOD(proposal_substructure_t, get_lifebytes, u_int64_t, +METHOD(proposal_substructure_t, get_lifebytes, uint64_t, private_proposal_substructure_t *this) { switch (this->protocol_id) @@ -1259,11 +1261,11 @@ proposal_substructure_t *proposal_substructure_create(payload_type_t type) * Add an IKEv1 IKE proposal to the substructure */ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, - proposal_t *proposal, u_int32_t lifetime, + proposal_t *proposal, uint32_t lifetime, auth_method_t method, int number) { transform_substructure_t *transform; - u_int16_t alg, key_size; + uint16_t alg, key_size; enumerator_t *enumerator; transform = transform_substructure_create_type(PLV1_TRANSFORM_SUBSTRUCTURE, @@ -1330,11 +1332,11 @@ static void set_from_proposal_v1_ike(private_proposal_substructure_t *this, * Add an IKEv1 ESP/AH proposal to the substructure */ static void set_from_proposal_v1(private_proposal_substructure_t *this, - proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, + proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes, ipsec_mode_t mode, encap_t udp, int number) { transform_substructure_t *transform = NULL; - u_int16_t alg, transid, key_size; + uint16_t alg, transid, key_size; enumerator_t *enumerator; enumerator = proposal->create_enumerator(proposal, ENCRYPTION_ALGORITHM); @@ -1410,6 +1412,18 @@ static void set_from_proposal_v1(private_proposal_substructure_t *this, TATTR_PH2_SA_LIFE_DURATION, lifebytes / 1000)); } + enumerator = proposal->create_enumerator(proposal, + EXTENDED_SEQUENCE_NUMBERS); + while (enumerator->enumerate(enumerator, &alg, NULL)) + { + if (alg == EXT_SEQ_NUMBERS) + { + transform->add_transform_attribute(transform, + transform_attribute_create_value(PLV1_TRANSFORM_ATTRIBUTE, + TATTR_PH2_EXT_SEQ_NUMBER, alg)); + } + } + enumerator->destroy(enumerator); add_transform_substructure(this, transform); } @@ -1420,7 +1434,7 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, proposal_t *proposal) { transform_substructure_t *transform; - u_int16_t alg, key_size; + uint16_t alg, key_size; enumerator_t *enumerator; /* encryption algorithm is only available in ESP */ @@ -1485,8 +1499,8 @@ static void set_from_proposal_v2(private_proposal_substructure_t *this, */ static void set_data(private_proposal_substructure_t *this, proposal_t *proposal) { - u_int64_t spi64; - u_int32_t spi32; + uint64_t spi64; + uint32_t spi32; /* add SPI, if necessary */ switch (proposal->get_protocol(proposal)) @@ -1533,7 +1547,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( * See header. */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( - proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, + proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp) { private_proposal_substructure_t *this; @@ -1562,7 +1576,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( * See header. */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( - linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, + linked_list_t *proposals, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp) { private_proposal_substructure_t *this = NULL; @@ -1607,8 +1621,8 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( * See header. */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( - u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, - ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number) + uint32_t lifetime, uint64_t lifebytes, uint16_t cpi, + ipsec_mode_t mode, encap_t udp, uint8_t proposal_number) { private_proposal_substructure_t *this; transform_substructure_t *transform; diff --git a/src/libcharon/encoding/payloads/proposal_substructure.h b/src/libcharon/encoding/payloads/proposal_substructure.h index c4614b88f..796c10890 100644 --- a/src/libcharon/encoding/payloads/proposal_substructure.h +++ b/src/libcharon/encoding/payloads/proposal_substructure.h @@ -59,13 +59,13 @@ struct proposal_substructure_t { * @param id proposal number to set */ void (*set_proposal_number) (proposal_substructure_t *this, - u_int8_t proposal_number); + uint8_t proposal_number); /** * get proposal number of current proposal. * * @return proposal number of current proposal substructure. */ - u_int8_t (*get_proposal_number) (proposal_substructure_t *this); + uint8_t (*get_proposal_number) (proposal_substructure_t *this); /** * Sets the protocol id of current proposal. @@ -73,14 +73,14 @@ struct proposal_substructure_t { * @param id protocol id to set */ void (*set_protocol_id) (proposal_substructure_t *this, - u_int8_t protocol_id); + uint8_t protocol_id); /** * get protocol id of current proposal. * * @return protocol id of current proposal substructure. */ - u_int8_t (*get_protocol_id) (proposal_substructure_t *this); + uint8_t (*get_protocol_id) (proposal_substructure_t *this); /** * Sets the next_payload field of this substructure @@ -114,7 +114,7 @@ struct proposal_substructure_t { * @param cpi the CPI if a supported algorithm is proposed * @return TRUE if a supported algorithm is proposed */ - bool (*get_cpi) (proposal_substructure_t *this, u_int16_t *cpi); + bool (*get_cpi) (proposal_substructure_t *this, uint16_t *cpi); /** * Get proposals contained in a propsal_substructure_t. @@ -135,14 +135,14 @@ struct proposal_substructure_t { * * @return lifetime, in seconds */ - u_int32_t (*get_lifetime)(proposal_substructure_t *this); + uint32_t (*get_lifetime)(proposal_substructure_t *this); /** * Get the (shortest) life duration of a proposal (IKEv1 only). * * @return life duration, in bytes */ - u_int64_t (*get_lifebytes)(proposal_substructure_t *this); + uint64_t (*get_lifebytes)(proposal_substructure_t *this); /** * Get the first authentication method from the proposal (IKEv1 only). @@ -193,7 +193,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v2( * @return proposal_substructure_t object PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( - proposal_t *proposal, u_int32_t lifetime, u_int64_t lifebytes, + proposal_t *proposal, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp); /** @@ -208,7 +208,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposal_v1( * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( - linked_list_t *proposals, u_int32_t lifetime, u_int64_t lifebytes, + linked_list_t *proposals, uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp); /** @@ -224,7 +224,7 @@ proposal_substructure_t *proposal_substructure_create_from_proposals_v1( * @return IKEv1 proposal_substructure_t PLV1_PROPOSAL_SUBSTRUCTURE */ proposal_substructure_t *proposal_substructure_create_for_ipcomp_v1( - u_int32_t lifetime, u_int64_t lifebytes, u_int16_t cpi, - ipsec_mode_t mode, encap_t udp, u_int8_t proposal_number); + uint32_t lifetime, uint64_t lifebytes, uint16_t cpi, + ipsec_mode_t mode, encap_t udp, uint8_t proposal_number); #endif /** PROPOSAL_SUBSTRUCTURE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/sa_payload.c b/src/libcharon/encoding/payloads/sa_payload.c index 407038a2d..9c0b071da 100644 --- a/src/libcharon/encoding/payloads/sa_payload.c +++ b/src/libcharon/encoding/payloads/sa_payload.c @@ -41,7 +41,7 @@ struct private_sa_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -56,7 +56,7 @@ struct private_sa_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Proposals in this payload are stored in a linked_list_t. @@ -71,12 +71,12 @@ struct private_sa_payload_t { /** * IKEv1 DOI */ - u_int32_t doi; + uint32_t doi; /** * IKEv1 situation */ - u_int32_t situation; + uint32_t situation; }; /** @@ -342,7 +342,7 @@ METHOD(sa_payload_t, get_proposals, linked_list_t*, } METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, - private_sa_payload_t *this, u_int16_t *cpi) + private_sa_payload_t *this, uint16_t *cpi) { int current_proposal = -1, unsupported_proposal = -1; enumerator_t *enumerator; @@ -353,8 +353,8 @@ METHOD(sa_payload_t, get_ipcomp_proposals, linked_list_t*, enumerator = this->proposals->create_enumerator(this->proposals); while (enumerator->enumerate(enumerator, &substruct)) { - u_int8_t proposal_number = substruct->get_proposal_number(substruct); - u_int8_t protocol_id = substruct->get_protocol_id(substruct); + uint8_t proposal_number = substruct->get_proposal_number(substruct); + uint8_t protocol_id = substruct->get_protocol_id(substruct); if (proposal_number == unsupported_proposal) { @@ -403,12 +403,12 @@ METHOD(sa_payload_t, create_substructure_enumerator, enumerator_t*, return this->proposals->create_enumerator(this->proposals); } -METHOD(sa_payload_t, get_lifetime, u_int32_t, +METHOD(sa_payload_t, get_lifetime, uint32_t, private_sa_payload_t *this) { proposal_substructure_t *substruct; enumerator_t *enumerator; - u_int32_t lifetime = 0; + uint32_t lifetime = 0; enumerator = this->proposals->create_enumerator(this->proposals); if (enumerator->enumerate(enumerator, &substruct)) @@ -420,12 +420,12 @@ METHOD(sa_payload_t, get_lifetime, u_int32_t, return lifetime; } -METHOD(sa_payload_t, get_lifebytes, u_int64_t, +METHOD(sa_payload_t, get_lifebytes, uint64_t, private_sa_payload_t *this) { proposal_substructure_t *substruct; enumerator_t *enumerator; - u_int64_t lifebytes = 0; + uint64_t lifebytes = 0; enumerator = this->proposals->create_enumerator(this->proposals); if (enumerator->enumerate(enumerator, &substruct)) @@ -558,9 +558,9 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal) * Described in header. */ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, - encap_t udp, u_int16_t cpi) + encap_t udp, uint16_t cpi) { proposal_substructure_t *substruct; private_sa_payload_t *this; @@ -580,7 +580,7 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, substruct->set_is_last_proposal(substruct, FALSE); if (cpi) { - u_int8_t proposal_number = substruct->get_proposal_number(substruct); + uint8_t proposal_number = substruct->get_proposal_number(substruct); substruct = proposal_substructure_create_for_ipcomp_v1(lifetime, lifebytes, cpi, mode, udp, proposal_number); @@ -602,9 +602,9 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, * Described in header. */ sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, - encap_t udp, u_int16_t cpi) + encap_t udp, uint16_t cpi) { private_sa_payload_t *this; linked_list_t *proposals; diff --git a/src/libcharon/encoding/payloads/sa_payload.h b/src/libcharon/encoding/payloads/sa_payload.h index 0ddf3619c..f01c45130 100644 --- a/src/libcharon/encoding/payloads/sa_payload.h +++ b/src/libcharon/encoding/payloads/sa_payload.h @@ -57,21 +57,21 @@ struct sa_payload_t { * @param cpi the CPI of the first IPComp (sub)proposal * @return a list containing proposal_ts */ - linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, u_int16_t *cpi); + linked_list_t *(*get_ipcomp_proposals) (sa_payload_t *this, uint16_t *cpi); /** * Get the (shortest) lifetime of a proposal (IKEv1 only). * * @return lifetime, in seconds */ - u_int32_t (*get_lifetime)(sa_payload_t *this); + uint32_t (*get_lifetime)(sa_payload_t *this); /** * Get the (shortest) life duration of a proposal (IKEv1 only). * * @return life duration, in bytes */ - u_int64_t (*get_lifebytes)(sa_payload_t *this); + uint64_t (*get_lifebytes)(sa_payload_t *this); /** * Get the first authentication method from the proposal (IKEv1 only). @@ -138,9 +138,9 @@ sa_payload_t *sa_payload_create_from_proposal_v2(proposal_t *proposal); * @return sa_payload_t object */ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp, - u_int16_t cpi); + uint16_t cpi); /** * Creates an IKEv1 sa_payload_t object from a single proposal. @@ -155,8 +155,8 @@ sa_payload_t *sa_payload_create_from_proposals_v1(linked_list_t *proposals, * @return sa_payload_t object */ sa_payload_t *sa_payload_create_from_proposal_v1(proposal_t *proposal, - u_int32_t lifetime, u_int64_t lifebytes, + uint32_t lifetime, uint64_t lifebytes, auth_method_t auth, ipsec_mode_t mode, encap_t udp, - u_int16_t cpi); + uint16_t cpi); #endif /** SA_PAYLOAD_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.c b/src/libcharon/encoding/payloads/traffic_selector_substructure.c index 83618ff5d..f69fee3ae 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.c +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.c @@ -35,27 +35,27 @@ struct private_traffic_selector_substructure_t { /** * Type of traffic selector. */ - u_int8_t ts_type; + uint8_t ts_type; /** * IP Protocol ID. */ - u_int8_t ip_protocol_id; + uint8_t ip_protocol_id; /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Start port number. */ - u_int16_t start_port; + uint16_t start_port; /** * End port number. */ - u_int16_t end_port; + uint16_t end_port; /** * Starting address. diff --git a/src/libcharon/encoding/payloads/traffic_selector_substructure.h b/src/libcharon/encoding/payloads/traffic_selector_substructure.h index d3fbe8476..c7a54435b 100644 --- a/src/libcharon/encoding/payloads/traffic_selector_substructure.h +++ b/src/libcharon/encoding/payloads/traffic_selector_substructure.h @@ -62,7 +62,7 @@ struct traffic_selector_substructure_t { * @return type of traffic selector * */ - u_int8_t (*get_protocol_id) (traffic_selector_substructure_t *this); + uint8_t (*get_protocol_id) (traffic_selector_substructure_t *this); /** * Set the IP protocol ID of Traffic selector @@ -70,7 +70,7 @@ struct traffic_selector_substructure_t { * @param protocol_id protocol ID of traffic selector */ void (*set_protocol_id) (traffic_selector_substructure_t *this, - u_int8_t protocol_id); + uint8_t protocol_id); /** * Get the start port and address as host_t object. diff --git a/src/libcharon/encoding/payloads/transform_attribute.c b/src/libcharon/encoding/payloads/transform_attribute.c index 4a5b52dcf..860607faf 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.c +++ b/src/libcharon/encoding/payloads/transform_attribute.c @@ -85,12 +85,12 @@ struct private_transform_attribute_t { /** * Type of the attribute. */ - u_int16_t attribute_type; + uint16_t attribute_type; /** * Attribute Length if attribute_format is 0, attribute Value otherwise. */ - u_int16_t attribute_length_or_value; + uint16_t attribute_length_or_value; /** * Attribute value as chunk if attribute_format is 0 (FALSE). @@ -185,10 +185,10 @@ METHOD(transform_attribute_t, get_value_chunk, chunk_t, return this->attribute_value; } -METHOD(transform_attribute_t, get_value, u_int64_t, +METHOD(transform_attribute_t, get_value, uint64_t, private_transform_attribute_t *this) { - u_int64_t value = 0; + uint64_t value = 0; if (this->attribute_format) { @@ -203,7 +203,7 @@ METHOD(transform_attribute_t, get_value, u_int64_t, return untoh64((char*)&value); } -METHOD(transform_attribute_t, get_attribute_type, u_int16_t, +METHOD(transform_attribute_t, get_attribute_type, uint16_t, private_transform_attribute_t *this) { return this->attribute_type; @@ -250,7 +250,7 @@ transform_attribute_t *transform_attribute_create(payload_type_t type) * Described in header. */ transform_attribute_t *transform_attribute_create_value(payload_type_t type, - transform_attribute_type_t kind, u_int64_t value) + transform_attribute_type_t kind, uint64_t value) { private_transform_attribute_t *this; @@ -265,7 +265,7 @@ transform_attribute_t *transform_attribute_create_value(payload_type_t type, } else if (value <= UINT32_MAX) { - u_int32_t val32; + uint32_t val32; val32 = htonl(value); this->attribute_value = chunk_clone(chunk_from_thing(val32)); diff --git a/src/libcharon/encoding/payloads/transform_attribute.h b/src/libcharon/encoding/payloads/transform_attribute.h index 87e283b18..2e86a409c 100644 --- a/src/libcharon/encoding/payloads/transform_attribute.h +++ b/src/libcharon/encoding/payloads/transform_attribute.h @@ -109,14 +109,14 @@ struct transform_attribute_t { * * @return value */ - u_int64_t (*get_value) (transform_attribute_t *this); + uint64_t (*get_value) (transform_attribute_t *this); /** * get the type of the attribute. * * @return type of the value */ - u_int16_t (*get_attribute_type) (transform_attribute_t *this); + uint16_t (*get_attribute_type) (transform_attribute_t *this); /** * Destroys an transform_attribute_t object. @@ -141,6 +141,6 @@ transform_attribute_t *transform_attribute_create(payload_type_t type); * @return transform_attribute_t object */ transform_attribute_t *transform_attribute_create_value(payload_type_t type, - transform_attribute_type_t kind, u_int64_t value); + transform_attribute_type_t kind, uint64_t value); #endif /** TRANSFORM_ATTRIBUTE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/transform_substructure.c b/src/libcharon/encoding/payloads/transform_substructure.c index 6885d6181..11e4b462d 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.c +++ b/src/libcharon/encoding/payloads/transform_substructure.c @@ -40,32 +40,32 @@ struct private_transform_substructure_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Reserved byte */ - u_int8_t reserved[3]; + uint8_t reserved[3]; /** * Length of this payload. */ - u_int16_t transform_length; + uint16_t transform_length; /** * Type or number, Type of the transform in IKEv2, number in IKEv2. */ - u_int8_t transform_ton; + uint8_t transform_ton; /** * Transform ID, as encoded in IKEv1. */ - u_int8_t transform_id_v1; + uint8_t transform_id_v1; /** * Transform ID, as encoded in IKEv2. */ - u_int16_t transform_id_v2; + uint16_t transform_id_v2; /** * Transforms Attributes are stored in a linked_list_t. @@ -235,13 +235,13 @@ METHOD(payload_t, set_next_type, void, { } -METHOD(transform_substructure_t, get_transform_type_or_number, u_int8_t, +METHOD(transform_substructure_t, get_transform_type_or_number, uint8_t, private_transform_substructure_t *this) { return this->transform_ton; } -METHOD(transform_substructure_t, get_transform_id, u_int16_t, +METHOD(transform_substructure_t, get_transform_id, uint16_t, private_transform_substructure_t *this) { if (this->type == PLV2_TRANSFORM_SUBSTRUCTURE) @@ -303,7 +303,7 @@ transform_substructure_t *transform_substructure_create(payload_type_t type) * Described in header */ transform_substructure_t *transform_substructure_create_type(payload_type_t type, - u_int8_t type_or_number, u_int16_t id) + uint8_t type_or_number, uint16_t id) { private_transform_substructure_t *this; diff --git a/src/libcharon/encoding/payloads/transform_substructure.h b/src/libcharon/encoding/payloads/transform_substructure.h index ba821d3bd..e75dc27bb 100644 --- a/src/libcharon/encoding/payloads/transform_substructure.h +++ b/src/libcharon/encoding/payloads/transform_substructure.h @@ -72,14 +72,14 @@ struct transform_substructure_t { * * @return Transform type of current transform substructure. */ - u_int8_t (*get_transform_type_or_number) (transform_substructure_t *this); + uint8_t (*get_transform_type_or_number) (transform_substructure_t *this); /** * Get transform id of the current transform. * * @return Transform id of current transform substructure. */ - u_int16_t (*get_transform_id) (transform_substructure_t *this); + uint16_t (*get_transform_id) (transform_substructure_t *this); /** * Create an enumerator over transform attributes. @@ -111,6 +111,6 @@ transform_substructure_t *transform_substructure_create(payload_type_t type); * @return transform_substructure_t object */ transform_substructure_t *transform_substructure_create_type(payload_type_t type, - u_int8_t type_or_number, u_int16_t id); + uint8_t type_or_number, uint16_t id); #endif /** TRANSFORM_SUBSTRUCTURE_H_ @}*/ diff --git a/src/libcharon/encoding/payloads/ts_payload.c b/src/libcharon/encoding/payloads/ts_payload.c index e74b9ae1b..0b2d4de57 100644 --- a/src/libcharon/encoding/payloads/ts_payload.c +++ b/src/libcharon/encoding/payloads/ts_payload.c @@ -42,7 +42,7 @@ struct private_ts_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -62,12 +62,12 @@ struct private_ts_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * Number of traffic selectors */ - u_int8_t ts_num; + uint8_t ts_num; /** * Contains the traffic selectors of type traffic_selector_substructure_t. diff --git a/src/libcharon/encoding/payloads/unknown_payload.c b/src/libcharon/encoding/payloads/unknown_payload.c index c69254fc0..adbf2c8f2 100644 --- a/src/libcharon/encoding/payloads/unknown_payload.c +++ b/src/libcharon/encoding/payloads/unknown_payload.c @@ -39,7 +39,7 @@ struct private_unknown_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -54,7 +54,7 @@ struct private_unknown_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained data. diff --git a/src/libcharon/encoding/payloads/vendor_id_payload.c b/src/libcharon/encoding/payloads/vendor_id_payload.c index 400e0640d..7db9a69d3 100644 --- a/src/libcharon/encoding/payloads/vendor_id_payload.c +++ b/src/libcharon/encoding/payloads/vendor_id_payload.c @@ -34,7 +34,7 @@ struct private_vendor_id_payload_t { /** * Next payload type. */ - u_int8_t next_payload; + uint8_t next_payload; /** * Critical flag. @@ -49,7 +49,7 @@ struct private_vendor_id_payload_t { /** * Length of this payload. */ - u_int16_t payload_length; + uint16_t payload_length; /** * The contained data. diff --git a/src/libcharon/kernel/kernel_handler.c b/src/libcharon/kernel/kernel_handler.c index be37d30e5..71121908b 100644 --- a/src/libcharon/kernel/kernel_handler.c +++ b/src/libcharon/kernel/kernel_handler.c @@ -39,7 +39,7 @@ struct private_kernel_handler_t { /** * convert an IP protocol identifier to the IKEv2 specific protocol identifier. */ -static inline protocol_id_t proto_ip2ike(u_int8_t protocol) +static inline protocol_id_t proto_ip2ike(uint8_t protocol) { switch (protocol) { @@ -53,7 +53,7 @@ static inline protocol_id_t proto_ip2ike(u_int8_t protocol) } METHOD(kernel_listener_t, acquire, bool, - private_kernel_handler_t *this, u_int32_t reqid, + private_kernel_handler_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { if (src_ts && dst_ts) @@ -71,7 +71,7 @@ METHOD(kernel_listener_t, acquire, bool, } METHOD(kernel_listener_t, expire, bool, - private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_handler_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { protocol_id_t proto = proto_ip2ike(protocol); @@ -93,7 +93,7 @@ METHOD(kernel_listener_t, expire, bool, } METHOD(kernel_listener_t, mapping, bool, - private_kernel_handler_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_handler_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote) { protocol_id_t proto = proto_ip2ike(protocol); @@ -108,7 +108,7 @@ METHOD(kernel_listener_t, mapping, bool, } METHOD(kernel_listener_t, migrate, bool, - private_kernel_handler_t *this, u_int32_t reqid, + private_kernel_handler_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote) { diff --git a/src/libcharon/kernel/kernel_interface.c b/src/libcharon/kernel/kernel_interface.c index 40c4ee589..7b39a020c 100644 --- a/src/libcharon/kernel/kernel_interface.c +++ b/src/libcharon/kernel/kernel_interface.c @@ -1,6 +1,7 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2010 Martin Willi * Copyright (C) 2010 revosec AG * @@ -62,12 +63,12 @@ struct kernel_algorithm_t { /** * Identifier specified in IKE */ - u_int16_t ike; + uint16_t ike; /** * Identifier as defined in pfkeyv2.h */ - u_int16_t kernel; + uint16_t kernel; /** * Name of the algorithm in linux crypto API @@ -166,7 +167,7 @@ METHOD(kernel_interface_t, get_features, kernel_feature_t, METHOD(kernel_interface_t, get_spi, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { if (!this->ipsec) { @@ -177,7 +178,7 @@ METHOD(kernel_interface_t, get_spi, status_t, METHOD(kernel_interface_t, get_cpi, status_t, private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { if (!this->ipsec) { @@ -191,7 +192,7 @@ METHOD(kernel_interface_t, get_cpi, status_t, */ typedef struct { /** allocated reqid */ - u_int32_t reqid; + uint32_t reqid; /** references to this entry */ u_int refs; /** inbound mark used for SA */ @@ -327,9 +328,9 @@ static array_t *array_from_ts_list(linked_list_t *list) METHOD(kernel_interface_t, alloc_reqid, status_t, private_kernel_interface_t *this, linked_list_t *local_ts, linked_list_t *remote_ts, - mark_t mark_in, mark_t mark_out, u_int32_t *reqid) + mark_t mark_in, mark_t mark_out, uint32_t *reqid) { - static u_int32_t counter = 0; + static uint32_t counter = 0; reqid_entry_t *entry = NULL, *tmpl; status_t status = SUCCESS; @@ -379,7 +380,7 @@ METHOD(kernel_interface_t, alloc_reqid, status_t, } METHOD(kernel_interface_t, release_reqid, status_t, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, mark_t mark_in, mark_t mark_out) { reqid_entry_t *entry, tmpl = { @@ -415,59 +416,48 @@ METHOD(kernel_interface_t, release_reqid, status_t, } METHOD(kernel_interface_t, add_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->add_sa(this->ipsec, src, dst, spi, protocol, reqid, - mark, tfc, lifetime, enc_alg, enc_key, int_alg, int_key, mode, - ipcomp, cpi, replay_window, initiator, encap, esn, inbound, - update, src_ts, dst_ts); + return this->ipsec->add_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, update_sa, status_t, - private_kernel_interface_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->update_sa(this->ipsec, spi, protocol, cpi, src, dst, - new_src, new_dst, encap, new_encap, mark); + return this->ipsec->update_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, query_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_sa(this->ipsec, src, dst, spi, protocol, mark, - bytes, packets, time); + return this->ipsec->query_sa(this->ipsec, id, data, bytes, packets, time); } METHOD(kernel_interface_t, del_sa, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_sa(this->ipsec, src, dst, spi, protocol, cpi, mark); + return this->ipsec->del_sa(this->ipsec, id, data); } METHOD(kernel_interface_t, flush_sas, status_t, @@ -481,44 +471,36 @@ METHOD(kernel_interface_t, flush_sas, status_t, } METHOD(kernel_interface_t, add_policy, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->add_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, type, sa, mark, priority); + return this->ipsec->add_policy(this->ipsec, id, data); } METHOD(kernel_interface_t, query_policy, status_t, - private_kernel_interface_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->query_policy(this->ipsec, src_ts, dst_ts, - direction, mark, use_time); + return this->ipsec->query_policy(this->ipsec, id, data, use_time); } METHOD(kernel_interface_t, del_policy, status_t, - private_kernel_interface_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_interface_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { if (!this->ipsec) { return NOT_SUPPORTED; } - return this->ipsec->del_policy(this->ipsec, src, dst, src_ts, dst_ts, - direction, type, sa, mark, priority); + return this->ipsec->del_policy(this->ipsec, id, data); } METHOD(kernel_interface_t, flush_policies, status_t, @@ -542,13 +524,14 @@ METHOD(kernel_interface_t, get_source_addr, host_t*, } METHOD(kernel_interface_t, get_nexthop, host_t*, - private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_interface_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { if (!this->net) { return NULL; } - return this->net->get_nexthop(this->net, dest, prefix, src); + return this->net->get_nexthop(this->net, dest, prefix, src, iface); } METHOD(kernel_interface_t, get_interface, bool, @@ -594,7 +577,7 @@ METHOD(kernel_interface_t, del_ip, status_t, METHOD(kernel_interface_t, add_route, status_t, private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { if (!this->net) { @@ -606,7 +589,7 @@ METHOD(kernel_interface_t, add_route, status_t, METHOD(kernel_interface_t, del_route, status_t, private_kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { if (!this->net) { @@ -627,7 +610,7 @@ METHOD(kernel_interface_t, bypass_socket, bool, } METHOD(kernel_interface_t, enable_udp_decap, bool, - private_kernel_interface_t *this, int fd, int family, u_int16_t port) + private_kernel_interface_t *this, int fd, int family, uint16_t port) { if (!this->ipsec) { @@ -683,6 +666,10 @@ METHOD(kernel_interface_t, get_address_by_ts, status_t, if (ts->includes(ts, host)) { *ip = host_create_any(family); + if (vip) + { + *vip = FALSE; + } host->destroy(host); DBG2(DBG_KNL, "using host %H", *ip); return SUCCESS; @@ -803,7 +790,7 @@ METHOD(kernel_interface_t, remove_listener, void, } METHOD(kernel_interface_t, acquire, void, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { kernel_listener_t *listener; @@ -823,7 +810,7 @@ METHOD(kernel_interface_t, acquire, void, } METHOD(kernel_interface_t, expire, void, - private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { kernel_listener_t *listener; @@ -844,7 +831,7 @@ METHOD(kernel_interface_t, expire, void, } METHOD(kernel_interface_t, mapping, void, - private_kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + private_kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote) { kernel_listener_t *listener; @@ -865,7 +852,7 @@ METHOD(kernel_interface_t, mapping, void, } METHOD(kernel_interface_t, migrate, void, - private_kernel_interface_t *this, u_int32_t reqid, + private_kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote) { @@ -919,8 +906,8 @@ METHOD(kernel_interface_t, tun, void, } METHOD(kernel_interface_t, register_algorithm, void, - private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type, - u_int16_t kernel_id, char *kernel_name) + private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type, + uint16_t kernel_id, char *kernel_name) { kernel_algorithm_t *algorithm; @@ -937,8 +924,8 @@ METHOD(kernel_interface_t, register_algorithm, void, } METHOD(kernel_interface_t, lookup_algorithm, bool, - private_kernel_interface_t *this, u_int16_t alg_id, transform_type_t type, - u_int16_t *kernel_id, char **kernel_name) + private_kernel_interface_t *this, uint16_t alg_id, transform_type_t type, + uint16_t *kernel_id, char **kernel_name) { kernel_algorithm_t *algorithm; enumerator_t *enumerator; diff --git a/src/libcharon/kernel/kernel_interface.h b/src/libcharon/kernel/kernel_interface.h index 6793c6cc6..225b40932 100644 --- a/src/libcharon/kernel/kernel_interface.h +++ b/src/libcharon/kernel/kernel_interface.h @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -108,7 +108,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*get_spi)(kernel_interface_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi); + uint8_t protocol, uint32_t *spi); /** * Get a Compression Parameter Index (CPI) from the kernel. @@ -119,7 +119,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*get_cpi)(kernel_interface_t *this, host_t *src, host_t *dst, - u_int16_t *cpi); + uint16_t *cpi); /** * Allocate or confirm a reqid to use for a given SA pair. @@ -141,7 +141,7 @@ struct kernel_interface_t { status_t (*alloc_reqid)(kernel_interface_t *this, linked_list_t *local_ts, linked_list_t *remote_ts, mark_t mark_in, mark_t mark_out, - u_int32_t *reqid); + uint32_t *reqid); /** * Release a previously allocated reqid. @@ -151,7 +151,7 @@ struct kernel_interface_t { * @param mark_out outbound mark on SA * @return SUCCESS if reqid released */ - status_t (*release_reqid)(kernel_interface_t *this, u_int32_t reqid, + status_t (*release_reqid)(kernel_interface_t *this, uint32_t reqid, mark_t mark_in, mark_t mark_out); /** @@ -160,41 +160,12 @@ struct kernel_interface_t { * This function does install a single SA for a single protocol in one * direction. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param reqid reqid for this SA - * @param mark optional mark for this SA - * @param tfc Traffic Flow Confidentiality padding for this SA - * @param lifetime lifetime_cfg_t for this SA - * @param enc_alg Algorithm to use for encryption (ESP only) - * @param enc_key key to use for encryption - * @param int_alg Algorithm to use for integrity protection - * @param int_key key to use for integrity protection - * @param mode mode of the SA (tunnel, transport) - * @param ipcomp IPComp transform to use - * @param cpi CPI for IPComp - * @param replay_window anti-replay window size - * @param initiator TRUE if initiator of the exchange creating this SA - * @param encap enable UDP encapsulation for NAT traversal - * @param esn TRUE to use Extended Sequence Numbers - * @param inbound TRUE if this is an inbound SA - * @param update TRUE if an SPI has already been allocated for SA - * @param src_ts list of source traffic selectors - * @param dst_ts list of destination traffic selectors + * @param id data identifying this SA + * @param data data for this SA * @return SUCCESS if operation completed */ - status_t (*add_sa) (kernel_interface_t *this, - host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - u_int32_t replay_window, bool initiator, bool encap, - bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts); + status_t (*add_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data); /** * Update the hosts on an installed SA. @@ -204,85 +175,55 @@ struct kernel_interface_t { * to identify SAs. Therefore if the destination address changed we * create a new SA and delete the old one. * - * @param spi SPI of the SA - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp, 0 if no IPComp is used - * @param src current source address - * @param dst current destination address - * @param new_src new source address - * @param new_dst new destination address - * @param encap current use of UDP encapsulation - * @param new_encap new use of UDP encapsulation - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data updated data for this SA * @return SUCCESS if operation completed, NOT_SUPPORTED if - * the kernel interface can't update the SA + * the kernel interface can't update the SA */ - status_t (*update_sa)(kernel_interface_t *this, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark); + status_t (*update_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data); /** * Query the number of bytes processed by an SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to query the SA * @param[out] bytes the number of bytes processed by SA * @param[out] packets number of packets processed by SA * @param[out] time last (monotonic) time of SA use * @return SUCCESS if operation completed */ - status_t (*query_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time); + status_t (*query_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, + uint64_t *packets, time_t *time); /** * Delete a previously installed SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp or 0 - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to delete the SA * @return SUCCESS if operation completed */ - status_t (*del_sa) (kernel_interface_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - mark_t mark); + status_t (*del_sa)(kernel_interface_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data); /** * Flush all SAs from the SAD. * * @return SUCCESS if operation completed */ - status_t (*flush_sas) (kernel_interface_t *this); + status_t (*flush_sas)(kernel_interface_t *this); /** * Add a policy to the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of this policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*add_policy) (kernel_interface_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*add_policy)(kernel_interface_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Query the use time of a policy. @@ -290,47 +231,33 @@ struct kernel_interface_t { * The use time of a policy is the time the policy was used * for the last time. * - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param mark optional mark - * @param[out] use_time the (monotonic) time of this SA's last use + * @param id data identifying this policy + * @param data data to query the policy + * @param[out] use_time the monotonic timestamp of this SA's last use * @return SUCCESS if operation completed */ - status_t (*query_policy) (kernel_interface_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, mark_t mark, - time_t *use_time); + status_t (*query_policy)(kernel_interface_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, + time_t *use_time); /** * Remove a policy from the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of the policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*del_policy) (kernel_interface_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*del_policy)(kernel_interface_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Flush all policies from the SPD. * * @return SUCCESS if operation completed */ - status_t (*flush_policies) (kernel_interface_t *this); + status_t (*flush_policies)(kernel_interface_t *this); /** * Get our outgoing source address for a destination. @@ -358,10 +285,12 @@ struct kernel_interface_t { * @param dest target destination address * @param prefix prefix length if dest is a subnet, -1 for auto * @param src source address to check, or NULL + * @param[out] iface allocated name of the interface to reach dest, if + * available (optional) * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_interface_t *this, host_t *dest, - int prefix, host_t *src); + int prefix, host_t *src, char **iface); /** * Get the interface name of a local address. Interfaces that are down or @@ -426,7 +355,7 @@ struct kernel_interface_t { * ALREADY_DONE if the route already exists */ status_t (*add_route) (kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -440,7 +369,7 @@ struct kernel_interface_t { * @return SUCCESS if operation completed */ status_t (*del_route) (kernel_interface_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -461,7 +390,7 @@ struct kernel_interface_t { * @return TRUE if UDP decapsulation was enabled successfully */ bool (*enable_udp_decap)(kernel_interface_t *this, int fd, int family, - u_int16_t port); + uint16_t port); /** @@ -561,7 +490,7 @@ struct kernel_interface_t { * @param src_ts source traffic selector * @param dst_ts destination traffic selector */ - void (*acquire)(kernel_interface_t *this, u_int32_t reqid, + void (*acquire)(kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); /** @@ -572,7 +501,7 @@ struct kernel_interface_t { * @param dst destination address of expired SA * @param hard TRUE if it is a hard expire, FALSE otherwise */ - void (*expire)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + void (*expire)(kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard); /** @@ -583,7 +512,7 @@ struct kernel_interface_t { * @param dst original destination address of SA * @param remote new remote host */ - void (*mapping)(kernel_interface_t *this, u_int8_t protocol, u_int32_t spi, + void (*mapping)(kernel_interface_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote); /** @@ -596,7 +525,7 @@ struct kernel_interface_t { * @param local local host address to be used in the IKE_SA * @param remote remote host address to be used in the IKE_SA */ - void (*migrate)(kernel_interface_t *this, u_int32_t reqid, + void (*migrate)(kernel_interface_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote); @@ -623,8 +552,8 @@ struct kernel_interface_t { * @param kernel_id the kernel id of the algorithm * @param kernel_name the kernel name of the algorithm */ - void (*register_algorithm)(kernel_interface_t *this, u_int16_t alg_id, - transform_type_t type, u_int16_t kernel_id, + void (*register_algorithm)(kernel_interface_t *this, uint16_t alg_id, + transform_type_t type, uint16_t kernel_id, char *kernel_name); /** @@ -637,8 +566,8 @@ struct kernel_interface_t { * @param kernel_name the kernel name of the algorithm (optional) * @return TRUE if algorithm was found */ - bool (*lookup_algorithm)(kernel_interface_t *this, u_int16_t alg_id, - transform_type_t type, u_int16_t *kernel_id, + bool (*lookup_algorithm)(kernel_interface_t *this, uint16_t alg_id, + transform_type_t type, uint16_t *kernel_id, char **kernel_name); /** diff --git a/src/libcharon/kernel/kernel_ipsec.h b/src/libcharon/kernel/kernel_ipsec.h index 31e06308e..0ad566068 100644 --- a/src/libcharon/kernel/kernel_ipsec.h +++ b/src/libcharon/kernel/kernel_ipsec.h @@ -1,9 +1,10 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2016 Andreas Steffen + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2006 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -25,6 +26,14 @@ #define KERNEL_IPSEC_H_ typedef struct kernel_ipsec_t kernel_ipsec_t; +typedef struct kernel_ipsec_sa_id_t kernel_ipsec_sa_id_t; +typedef struct kernel_ipsec_add_sa_t kernel_ipsec_add_sa_t; +typedef struct kernel_ipsec_update_sa_t kernel_ipsec_update_sa_t; +typedef struct kernel_ipsec_query_sa_t kernel_ipsec_query_sa_t; +typedef struct kernel_ipsec_del_sa_t kernel_ipsec_del_sa_t; +typedef struct kernel_ipsec_policy_id_t kernel_ipsec_policy_id_t; +typedef struct kernel_ipsec_manage_policy_t kernel_ipsec_manage_policy_t; +typedef struct kernel_ipsec_query_policy_t kernel_ipsec_query_policy_t; #include <networking/host.h> #include <ipsec/ipsec_types.h> @@ -33,6 +42,137 @@ typedef struct kernel_ipsec_t kernel_ipsec_t; #include <kernel/kernel_interface.h> /** + * Data required to identify an SA in the kernel + */ +struct kernel_ipsec_sa_id_t { + /** Source address */ + host_t *src; + /** Destination address */ + host_t *dst; + /** SPI */ + uint32_t spi; + /** Protocol (ESP/AH) */ + uint8_t proto; + /** Optional mark */ + mark_t mark; +}; + +/** + * Data required to add an SA to the kernel + */ +struct kernel_ipsec_add_sa_t { + /** Reqid */ + uint32_t reqid; + /** Mode (tunnel, transport...) */ + ipsec_mode_t mode; + /** List of source traffic selectors */ + linked_list_t *src_ts; + /** List of destination traffic selectors */ + linked_list_t *dst_ts; + /** Network interface restricting policy */ + char *interface; + /** Lifetime configuration */ + lifetime_cfg_t *lifetime; + /** Encryption algorithm */ + uint16_t enc_alg; + /** Encryption key */ + chunk_t enc_key; + /** Integrity protection algorithm */ + uint16_t int_alg; + /** Integrity protection key */ + chunk_t int_key; + /** Anti-replay window size */ + uint32_t replay_window; + /** Traffic Flow Confidentiality padding */ + uint32_t tfc; + /** IPComp transform */ + uint16_t ipcomp; + /** CPI for IPComp */ + uint16_t cpi; + /** TRUE to enable UDP encapsulation for NAT traversal */ + bool encap; + /** TRUE to use Extended Sequence Numbers */ + bool esn; + /** TRUE if initiator of the exchange creating the SA */ + bool initiator; + /** TRUE if this is an inbound SA */ + bool inbound; + /** TRUE if an SPI has already been allocated for this SA */ + bool update; +}; + +/** + * Data required to update the hosts of an SA in the kernel + */ +struct kernel_ipsec_update_sa_t { + /** CPI in case IPComp is used */ + uint16_t cpi; + /** New source address */ + host_t *new_src; + /** New destination address */ + host_t *new_dst; + /** TRUE if UDP encapsulation is currently enabled */ + bool encap; + /** TRUE to enable UDP encapsulation */ + bool new_encap; +}; + +/** + * Data required to query an SA in the kernel + */ +struct kernel_ipsec_query_sa_t { + uint16_t cpi; +}; + +/** + * Data required to delete an SA in the kernel + */ +struct kernel_ipsec_del_sa_t { + /** CPI in case IPComp is used */ + uint16_t cpi; +}; + +/** + * Data identifying a policy in the kernel + */ +struct kernel_ipsec_policy_id_t { + /** Direction of traffic */ + policy_dir_t dir; + /** Source traffic selector */ + traffic_selector_t *src_ts; + /** Destination traffic selector */ + traffic_selector_t *dst_ts; + /** Optional mark */ + mark_t mark; + /** Network interface restricting policy */ + char *interface; +}; + +/** + * Data required to add/delete a policy to/from the kernel + */ +struct kernel_ipsec_manage_policy_t { + /** Type of policy */ + policy_type_t type; + /** Priority class */ + policy_priority_t prio; + /** Manually-set priority (automatic if set to 0) */ + uint32_t manual_prio; + /** Source address of the SA(s) tied to this policy */ + host_t *src; + /** Destination address of the SA(s) tied to this policy */ + host_t *dst; + /** Details about the SA(s) tied to this policy */ + ipsec_sa_cfg_t *sa; +}; + +/** + * Data required to query a policy in the kernel + */ +struct kernel_ipsec_query_policy_t { +}; + +/** * Interface to the ipsec subsystem of the kernel. * * The kernel ipsec interface handles the communication with the kernel @@ -62,7 +202,7 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*get_spi)(kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi); + uint8_t protocol, uint32_t *spi); /** * Get a Compression Parameter Index (CPI) from the kernel. @@ -73,7 +213,7 @@ struct kernel_ipsec_t { * @return SUCCESS if operation completed */ status_t (*get_cpi)(kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi); + uint16_t *cpi); /** * Add an SA to the SAD. @@ -81,41 +221,12 @@ struct kernel_ipsec_t { * This function does install a single SA for a single protocol in one * direction. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param reqid unique ID for this SA - * @param mark mark for this SA - * @param tfc Traffic Flow Confidentiality padding for this SA - * @param lifetime lifetime_cfg_t for this SA - * @param enc_alg Algorithm to use for encryption (ESP only) - * @param enc_key key to use for encryption - * @param int_alg Algorithm to use for integrity protection - * @param int_key key to use for integrity protection - * @param mode mode of the SA (tunnel, transport) - * @param ipcomp IPComp transform to use - * @param cpi CPI for IPComp - * @param replay_window anti-replay window size - * @param initiator TRUE if initiator of the exchange creating this SA - * @param encap enable UDP encapsulation for NAT traversal - * @param esn TRUE to use Extended Sequence Numbers - * @param inbound TRUE if this is an inbound SA - * @param update TRUE if an SPI has already been allocated for SA - * @param src_ts list of source traffic selectors - * @param dst_ts list of destination traffic selectors + * @param id data identifying this SA + * @param data data for this SA * @return SUCCESS if operation completed */ - status_t (*add_sa) (kernel_ipsec_t *this, - host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, - mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, - u_int32_t replay_window, bool initiator, bool encap, - bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts); + status_t (*add_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data); /** * Update the hosts on an installed SA. @@ -125,85 +236,55 @@ struct kernel_ipsec_t { * to identify SAs. Therefore if the destination address changed we * create a new SA and delete the old one. * - * @param spi SPI of the SA - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp, 0 if no IPComp is used - * @param src current source address - * @param dst current destination address - * @param new_src new source address - * @param new_dst new destination address - * @param encap current use of UDP encapsulation - * @param new_encap new use of UDP encapsulation - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data updated data for this SA * @return SUCCESS if operation completed, NOT_SUPPORTED if - * the kernel interface can't update the SA + * the kernel interface can't update the SA */ - status_t (*update_sa)(kernel_ipsec_t *this, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - host_t *src, host_t *dst, - host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark); + status_t (*update_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data); /** * Query the number of bytes processed by an SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to query the SA * @param[out] bytes the number of bytes processed by SA * @param[out] packets number of packets processed by SA * @param[out] time last (monotonic) time of SA use * @return SUCCESS if operation completed */ - status_t (*query_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time); + status_t (*query_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, + uint64_t *packets, time_t *time); /** - * Delete a previusly installed SA from the SAD. + * Delete a previously installed SA from the SAD. * - * @param src source address for this SA - * @param dst destination address for this SA - * @param spi SPI allocated by us or remote peer - * @param protocol protocol for this SA (ESP/AH) - * @param cpi CPI for IPComp or 0 - * @param mark optional mark for this SA + * @param id data identifying this SA + * @param data data to delete the SA * @return SUCCESS if operation completed */ - status_t (*del_sa) (kernel_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, - mark_t mark); + status_t (*del_sa)(kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data); /** * Flush all SAs from the SAD. * * @return SUCCESS if operation completed */ - status_t (*flush_sas) (kernel_ipsec_t *this); + status_t (*flush_sas)(kernel_ipsec_t *this); /** * Add a policy to the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of this policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*add_policy) (kernel_ipsec_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*add_policy)(kernel_ipsec_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Query the use time of a policy. @@ -212,47 +293,33 @@ struct kernel_ipsec_t { * time. It is not the system time, but a monotonic timestamp as returned * by time_monotonic. * - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param mark optional mark + * @param id data identifying this policy + * @param data data to query the policy * @param[out] use_time the monotonic timestamp of this SA's last use * @return SUCCESS if operation completed */ - status_t (*query_policy) (kernel_ipsec_t *this, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, mark_t mark, - time_t *use_time); + status_t (*query_policy)(kernel_ipsec_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, + time_t *use_time); /** * Remove a policy from the SPD. * - * @param src source address of SA - * @param dst dest address of SA - * @param src_ts traffic selector to match traffic source - * @param dst_ts traffic selector to match traffic dest - * @param direction direction of traffic, POLICY_(IN|OUT|FWD) - * @param type type of policy, POLICY_(IPSEC|PASS|DROP) - * @param sa details about the SA(s) tied to this policy - * @param mark mark for this policy - * @param priority priority of the policy + * @param id data identifying this policy + * @param data data for this policy * @return SUCCESS if operation completed */ - status_t (*del_policy) (kernel_ipsec_t *this, - host_t *src, host_t *dst, - traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, - ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority); + status_t (*del_policy)(kernel_ipsec_t *this, + kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); /** * Flush all policies from the SPD. * * @return SUCCESS if operation completed */ - status_t (*flush_policies) (kernel_ipsec_t *this); + status_t (*flush_policies)(kernel_ipsec_t *this); /** * Install a bypass policy for the given socket. @@ -272,12 +339,12 @@ struct kernel_ipsec_t { * @return TRUE if UDP decapsulation was enabled successfully */ bool (*enable_udp_decap)(kernel_ipsec_t *this, int fd, int family, - u_int16_t port); + uint16_t port); /** * Destroy the implementation. */ - void (*destroy) (kernel_ipsec_t *this); + void (*destroy)(kernel_ipsec_t *this); }; /** diff --git a/src/libcharon/kernel/kernel_listener.h b/src/libcharon/kernel/kernel_listener.h index 6426fae2a..aaeb4f5b7 100644 --- a/src/libcharon/kernel/kernel_listener.h +++ b/src/libcharon/kernel/kernel_listener.h @@ -43,7 +43,7 @@ struct kernel_listener_t { * @param dst_ts destination traffic selector * @return TRUE to remain registered, FALSE to unregister */ - bool (*acquire)(kernel_listener_t *this, u_int32_t reqid, + bool (*acquire)(kernel_listener_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); /** @@ -55,7 +55,7 @@ struct kernel_listener_t { * @param hard TRUE if it is a hard expire, FALSE otherwise * @return TRUE to remain registered, FALSE to unregister */ - bool (*expire)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi, + bool (*expire)(kernel_listener_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard); /** @@ -67,7 +67,7 @@ struct kernel_listener_t { * @param remote new remote host * @return TRUE to remain registered, FALSE to unregister */ - bool (*mapping)(kernel_listener_t *this, u_int8_t protocol, u_int32_t spi, + bool (*mapping)(kernel_listener_t *this, uint8_t protocol, uint32_t spi, host_t *dst, host_t *remote); /** @@ -81,7 +81,7 @@ struct kernel_listener_t { * @param remote remote host address to be used in the IKE_SA * @return TRUE to remain registered, FALSE to unregister */ - bool (*migrate)(kernel_listener_t *this, u_int32_t reqid, + bool (*migrate)(kernel_listener_t *this, uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, host_t *local, host_t *remote); diff --git a/src/libcharon/kernel/kernel_net.h b/src/libcharon/kernel/kernel_net.h index 7fc644a7e..1d78d6edd 100644 --- a/src/libcharon/kernel/kernel_net.h +++ b/src/libcharon/kernel/kernel_net.h @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -88,10 +88,12 @@ struct kernel_net_t { * @param dest target destination address * @param prefix prefix length if dest is a subnet, -1 for auto * @param src source address to check, or NULL + * @param[out] iface allocated name of the interface to reach dest, if + * available (optional) * @return next hop address, NULL if unreachable */ host_t* (*get_nexthop)(kernel_net_t *this, host_t *dest, int prefix, - host_t *src); + host_t *src, char **iface); /** * Get the interface name of a local address. Interfaces that are down or @@ -156,7 +158,7 @@ struct kernel_net_t { * ALREADY_DONE if the route already exists */ status_t (*add_route) (kernel_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -170,7 +172,7 @@ struct kernel_net_t { * @return SUCCESS if operation completed */ status_t (*del_route) (kernel_net_t *this, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, host_t *src_ip, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c index ee357ca4d..1bf93ad40 100644 --- a/src/libcharon/network/receiver.c +++ b/src/libcharon/network/receiver.c @@ -81,17 +81,17 @@ struct private_receiver_t { /** * how many times we have used "secret" so far */ - u_int32_t secret_used; + uint32_t secret_used; /** * time we did the cookie switch */ - u_int32_t secret_switch; + uint32_t secret_switch; /** * time offset to use, hides our system time */ - u_int32_t secret_offset; + uint32_t secret_offset; /** * the RNG to use for secret generation @@ -106,7 +106,7 @@ struct private_receiver_t { /** * require cookies after this many half open IKE_SAs */ - u_int32_t cookie_threshold; + uint32_t cookie_threshold; /** * timestamp of last cookie requested @@ -116,7 +116,7 @@ struct private_receiver_t { /** * how many half open IKE_SAs per peer before blocking */ - u_int32_t block_threshold; + uint32_t block_threshold; /** * Drop IKE_SA_INIT requests if processor job load exceeds this limit @@ -192,9 +192,9 @@ static void send_notify(message_t *request, int major, exchange_type_t exchange, * build a cookie */ static bool cookie_build(private_receiver_t *this, message_t *message, - u_int32_t t, chunk_t secret, chunk_t *cookie) + uint32_t t, chunk_t secret, chunk_t *cookie) { - u_int64_t spi = message->get_initiator_spi(message); + uint64_t spi = message->get_initiator_spi(message); host_t *ip = message->get_source(message); chunk_t input, hash; @@ -216,14 +216,14 @@ static bool cookie_build(private_receiver_t *this, message_t *message, static bool cookie_verify(private_receiver_t *this, message_t *message, chunk_t cookie) { - u_int32_t t, now; + uint32_t t, now; chunk_t reference; chunk_t secret; now = time_monotonic(NULL); - t = *(u_int32_t*)cookie.ptr; + t = *(uint32_t*)cookie.ptr; - if (cookie.len != sizeof(u_int32_t) + + if (cookie.len != sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher) || t < now - this->secret_offset - COOKIE_LIFETIME) { @@ -269,15 +269,15 @@ static bool check_cookie(private_receiver_t *this, message_t *message) data = message->get_packet_data(message); if (data.len < IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH + - sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher) || + sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher) || *(data.ptr + 16) != PLV2_NOTIFY || - *(u_int16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) + *(uint16_t*)(data.ptr + IKE_HEADER_LENGTH + 6) != htons(COOKIE)) { /* no cookie found */ return FALSE; } data.ptr += IKE_HEADER_LENGTH + NOTIFY_PAYLOAD_HEADER_LENGTH; - data.len = sizeof(u_int32_t) + this->hasher->get_hash_size(this->hasher); + data.len = sizeof(uint32_t) + this->hasher->get_hash_size(this->hasher); if (!cookie_verify(this, message, data)) { DBG2(DBG_NET, "found cookie, but content invalid"); @@ -290,7 +290,7 @@ static bool check_cookie(private_receiver_t *this, message_t *message) * Check if we currently require cookies */ static bool cookie_required(private_receiver_t *this, - u_int half_open, u_int32_t now) + u_int half_open, uint32_t now) { if (this->cookie_threshold && half_open >= this->cookie_threshold) { @@ -322,7 +322,7 @@ static bool cookie_required(private_receiver_t *this, static bool drop_ike_sa_init(private_receiver_t *this, message_t *message) { u_int half_open, half_open_r; - u_int32_t now; + uint32_t now; now = time_monotonic(NULL); half_open = charon->ike_sa_manager->get_half_open_count( @@ -620,7 +620,7 @@ METHOD(receiver_t, destroy, void, receiver_t *receiver_create() { private_receiver_t *this; - u_int32_t now = time_monotonic(NULL); + uint32_t now = time_monotonic(NULL); INIT(this, .public = { diff --git a/src/libcharon/network/socket.h b/src/libcharon/network/socket.h index e3cda3bea..b084d96a2 100644 --- a/src/libcharon/network/socket.h +++ b/src/libcharon/network/socket.h @@ -99,7 +99,7 @@ struct socket_t { * @param nat_t TRUE to get the port used to float in case of NAT-T * @return the port */ - u_int16_t (*get_port)(socket_t *this, bool nat_t); + uint16_t (*get_port)(socket_t *this, bool nat_t); /** * Get the address families this socket is listening on. diff --git a/src/libcharon/network/socket_manager.c b/src/libcharon/network/socket_manager.c index 2a07e503c..564608d77 100644 --- a/src/libcharon/network/socket_manager.c +++ b/src/libcharon/network/socket_manager.c @@ -89,10 +89,10 @@ METHOD(socket_manager_t, sender, status_t, return status; } -METHOD(socket_manager_t, get_port, u_int16_t, +METHOD(socket_manager_t, get_port, uint16_t, private_socket_manager_t *this, bool nat_t) { - u_int16_t port = 0; + uint16_t port = 0; this->lock->read_lock(this->lock); if (this->socket) { diff --git a/src/libcharon/network/socket_manager.h b/src/libcharon/network/socket_manager.h index a07d0804c..cde7859c2 100644 --- a/src/libcharon/network/socket_manager.h +++ b/src/libcharon/network/socket_manager.h @@ -58,7 +58,7 @@ struct socket_manager_t { * @param nat_t TRUE to get the port used to float in case of NAT-T * @return the port, or 0, if no socket is registered */ - u_int16_t (*get_port)(socket_manager_t *this, bool nat_t); + uint16_t (*get_port)(socket_manager_t *this, bool nat_t); /** * Get the address families the registered socket is listening on. diff --git a/src/libcharon/plugins/addrblock/Makefile.in b/src/libcharon/plugins/addrblock/Makefile.in index b4ae6fa3e..3b49a8582 100644 --- a/src/libcharon/plugins/addrblock/Makefile.in +++ b/src/libcharon/plugins/addrblock/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/addrblock -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/addrblock/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/addrblock/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/android_dns/Makefile.in b/src/libcharon/plugins/android_dns/Makefile.in index d90149827..5f6ecbf14 100644 --- a/src/libcharon/plugins/android_dns/Makefile.in +++ b/src/libcharon/plugins/android_dns/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/android_dns -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/android_dns/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/android_log/Makefile.in b/src/libcharon/plugins/android_log/Makefile.in index 64fecd9e3..bee30d9a9 100644 --- a/src/libcharon/plugins/android_log/Makefile.in +++ b/src/libcharon/plugins/android_log/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/android_log -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/android_log/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/android_log/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/attr/Makefile.in b/src/libcharon/plugins/attr/Makefile.in index acb7d07c0..607fe3f87 100644 --- a/src/libcharon/plugins/attr/Makefile.in +++ b/src/libcharon/plugins/attr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/attr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/attr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/attr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/attr/attr_provider.c b/src/libcharon/plugins/attr/attr_provider.c index 1de571c3f..f4c143641 100644 --- a/src/libcharon/plugins/attr/attr_provider.c +++ b/src/libcharon/plugins/attr/attr_provider.c @@ -272,10 +272,10 @@ static void load_entries(private_attr_provider_t *this) { if (family == AF_INET) { /* IPv4 attributes contain a subnet mask */ - u_int32_t netmask = 0; + uint32_t netmask = 0; if (mask) - { /* shifting u_int32_t by 32 or more is undefined */ + { /* shifting uint32_t by 32 or more is undefined */ mask = 32 - mask; netmask = htonl((0xFFFFFFFF >> mask) << mask); } diff --git a/src/libcharon/plugins/attr_sql/Makefile.in b/src/libcharon/plugins/attr_sql/Makefile.in index 8ee9f3f92..d533a56b5 100644 --- a/src/libcharon/plugins/attr_sql/Makefile.in +++ b/src/libcharon/plugins/attr_sql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/attr_sql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/attr_sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/attr_sql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/certexpire/Makefile.in b/src/libcharon/plugins/certexpire/Makefile.in index be19d615e..31e786158 100644 --- a/src/libcharon/plugins/certexpire/Makefile.in +++ b/src/libcharon/plugins/certexpire/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/certexpire -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/certexpire/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/certexpire/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/connmark/Makefile.in b/src/libcharon/plugins/connmark/Makefile.in index eaf4f1ec9..c312821aa 100644 --- a/src/libcharon/plugins/connmark/Makefile.in +++ b/src/libcharon/plugins/connmark/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/connmark -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/connmark/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/connmark/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/connmark/connmark_listener.c b/src/libcharon/plugins/connmark/connmark_listener.c index 607316f7b..29f7cac42 100644 --- a/src/libcharon/plugins/connmark/connmark_listener.c +++ b/src/libcharon/plugins/connmark/connmark_listener.c @@ -24,6 +24,7 @@ #include <libiptc/libiptc.h> #include <linux/netfilter/xt_esp.h> #include <linux/netfilter/xt_tcpudp.h> +#include <linux/netfilter/xt_mark.h> #include <linux/netfilter/xt_MARK.h> #include <linux/netfilter/xt_policy.h> #include <linux/netfilter/xt_CONNMARK.h> @@ -56,7 +57,7 @@ struct private_connmark_listener_t { static bool ts2in(traffic_selector_t *ts, struct in_addr *addr, struct in_addr *mask) { - u_int8_t bits; + uint8_t bits; host_t *net; if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE && @@ -119,15 +120,15 @@ static bool manage_rule(struct iptc_handle *ipth, const char *chain, */ static bool manage_pre_esp_in_udp(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, + u_int mark, uint32_t spi, host_t *dst, host_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_udp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -177,15 +178,15 @@ static bool manage_pre_esp_in_udp(private_connmark_listener_t *this, */ static bool manage_pre_esp(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, + u_int mark, uint32_t spi, host_t *dst, host_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_esp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -234,7 +235,7 @@ static bool manage_pre_esp(private_connmark_listener_t *this, */ static bool manage_pre(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, bool encap, + u_int mark, uint32_t spi, bool encap, host_t *dst, host_t *src) { if (encap) @@ -249,15 +250,15 @@ static bool manage_pre(private_connmark_listener_t *this, */ static bool manage_in(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, - u_int mark, u_int32_t spi, + u_int mark, uint32_t spi, traffic_selector_t *dst, traffic_selector_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_policy_info)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_connmark_tginfo1)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -315,12 +316,12 @@ static bool manage_out(private_connmark_listener_t *this, struct iptc_handle *ipth, bool add, traffic_selector_t *dst, traffic_selector_t *src) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_mark_mtinfo1)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_connmark_tginfo1)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -401,7 +402,7 @@ static bool manage_policies(private_connmark_listener_t *this, { traffic_selector_t *local, *remote; enumerator_t *enumerator; - u_int32_t spi; + uint32_t spi; u_int mark; bool done = TRUE; diff --git a/src/libcharon/plugins/coupling/Makefile.in b/src/libcharon/plugins/coupling/Makefile.in index 44598c3ea..a71d75518 100644 --- a/src/libcharon/plugins/coupling/Makefile.in +++ b/src/libcharon/plugins/coupling/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/coupling -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/coupling/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/dhcp/Makefile.in b/src/libcharon/plugins/dhcp/Makefile.in index 3d39fda29..843d05eae 100644 --- a/src/libcharon/plugins/dhcp/Makefile.in +++ b/src/libcharon/plugins/dhcp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/dhcp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/dhcp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/dhcp/dhcp_socket.c b/src/libcharon/plugins/dhcp/dhcp_socket.c index 0fd1d33fd..807c68274 100644 --- a/src/libcharon/plugins/dhcp/dhcp_socket.c +++ b/src/libcharon/plugins/dhcp/dhcp_socket.c @@ -151,8 +151,8 @@ typedef enum { * DHCP option encoding, a TLV */ typedef struct __attribute__((packed)) { - u_int8_t type; - u_int8_t len; + uint8_t type; + uint8_t len; char data[]; } dhcp_option_t; @@ -160,22 +160,22 @@ typedef struct __attribute__((packed)) { * DHCP message format, with a maximum size options buffer */ typedef struct __attribute__((packed)) { - u_int8_t opcode; - u_int8_t hw_type; - u_int8_t hw_addr_len; - u_int8_t hop_count; - u_int32_t transaction_id; - u_int16_t number_of_seconds; - u_int16_t flags; - u_int32_t client_address; - u_int32_t your_address; - u_int32_t server_address; - u_int32_t gateway_address; + uint8_t opcode; + uint8_t hw_type; + uint8_t hw_addr_len; + uint8_t hop_count; + uint32_t transaction_id; + uint16_t number_of_seconds; + uint16_t flags; + uint32_t client_address; + uint32_t your_address; + uint32_t server_address; + uint32_t gateway_address; char client_hw_addr[6]; char client_hw_padding[10]; char server_hostname[64]; char boot_filename[128]; - u_int32_t magic_cookie; + uint32_t magic_cookie; char options[252]; } dhcp_t; @@ -191,7 +191,7 @@ static int prepare_dhcp(private_dhcp_socket_t *this, dhcp_option_t *option; int optlen = 0; host_t *src; - u_int32_t id; + uint32_t id; memset(dhcp, 0, sizeof(*dhcp)); dhcp->opcode = BOOTREQUEST; @@ -366,10 +366,10 @@ METHOD(dhcp_socket_t, enroll, dhcp_transaction_t*, private_dhcp_socket_t *this, identification_t *identity) { dhcp_transaction_t *transaction; - u_int32_t id; + uint32_t id; int try; - if (!this->rng->get_bytes(this->rng, sizeof(id), (u_int8_t*)&id)) + if (!this->rng->get_bytes(this->rng, sizeof(id), (uint8_t*)&id)) { DBG1(DBG_CFG, "DHCP DISCOVER failed, no transaction ID"); return NULL; diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.c b/src/libcharon/plugins/dhcp/dhcp_transaction.c index 22d3f3fdf..3ee88a698 100644 --- a/src/libcharon/plugins/dhcp/dhcp_transaction.c +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.c @@ -32,7 +32,7 @@ struct private_dhcp_transaction_t { /** * DHCP transaction ID */ - u_int32_t id; + uint32_t id; /** * Peer identity @@ -63,7 +63,7 @@ typedef struct { chunk_t data; } attribute_entry_t; -METHOD(dhcp_transaction_t, get_id, u_int32_t, +METHOD(dhcp_transaction_t, get_id, uint32_t, private_dhcp_transaction_t *this) { return this->id; @@ -157,7 +157,7 @@ METHOD(dhcp_transaction_t, destroy, void, /** * See header */ -dhcp_transaction_t *dhcp_transaction_create(u_int32_t id, +dhcp_transaction_t *dhcp_transaction_create(uint32_t id, identification_t *identity) { private_dhcp_transaction_t *this; diff --git a/src/libcharon/plugins/dhcp/dhcp_transaction.h b/src/libcharon/plugins/dhcp/dhcp_transaction.h index 35f08e836..0c614f7b1 100644 --- a/src/libcharon/plugins/dhcp/dhcp_transaction.h +++ b/src/libcharon/plugins/dhcp/dhcp_transaction.h @@ -37,7 +37,7 @@ struct dhcp_transaction_t { * * @return DHCP transaction identifier */ - u_int32_t (*get_id)(dhcp_transaction_t *this); + uint32_t (*get_id)(dhcp_transaction_t *this); /** * Get the peer identity this transaction is used for. @@ -103,7 +103,7 @@ struct dhcp_transaction_t { * @param identity peer identity this transaction is used for * @return transaction instance */ -dhcp_transaction_t *dhcp_transaction_create(u_int32_t id, +dhcp_transaction_t *dhcp_transaction_create(uint32_t id, identification_t *identity); #endif /** DHCP_TRANSACTION_H_ @}*/ diff --git a/src/libcharon/plugins/dnscert/Makefile.in b/src/libcharon/plugins/dnscert/Makefile.in index 04fc31a3a..5f035ba35 100644 --- a/src/libcharon/plugins/dnscert/Makefile.in +++ b/src/libcharon/plugins/dnscert/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/dnscert -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/dnscert/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/dnscert/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/dnscert/dnscert.c b/src/libcharon/plugins/dnscert/dnscert.c index 882ad9f0c..b360eac34 100644 --- a/src/libcharon/plugins/dnscert/dnscert.c +++ b/src/libcharon/plugins/dnscert/dnscert.c @@ -41,17 +41,17 @@ struct private_dnscert_t { /** * Certificate type */ - u_int16_t cert_type; + uint16_t cert_type; /** * Key tag */ - u_int16_t key_tag; + uint16_t key_tag; /** * Algorithm */ - u_int8_t algorithm; + uint8_t algorithm; /** * Certificate @@ -65,7 +65,7 @@ METHOD(dnscert_t, get_cert_type, dnscert_type_t, return this->cert_type; } -METHOD(dnscert_t, get_key_tag, u_int16_t, +METHOD(dnscert_t, get_key_tag, uint16_t, private_dnscert_t *this) { return this->key_tag; diff --git a/src/libcharon/plugins/dnscert/dnscert.h b/src/libcharon/plugins/dnscert/dnscert.h index 567a9dfac..31a26ff76 100644 --- a/src/libcharon/plugins/dnscert/dnscert.h +++ b/src/libcharon/plugins/dnscert/dnscert.h @@ -119,7 +119,7 @@ struct dnscert_t { * * @return keytag */ - u_int16_t (*get_key_tag)(dnscert_t *this); + uint16_t (*get_key_tag)(dnscert_t *this); /** * Get the algorithm. diff --git a/src/libcharon/plugins/duplicheck/Makefile.in b/src/libcharon/plugins/duplicheck/Makefile.in index da4534c21..9e3133b1d 100644 --- a/src/libcharon/plugins/duplicheck/Makefile.in +++ b/src/libcharon/plugins/duplicheck/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = duplicheck$(EXEEXT) subdir = src/libcharon/plugins/duplicheck -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +423,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/duplicheck/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -841,6 +854,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/duplicheck/duplicheck.c b/src/libcharon/plugins/duplicheck/duplicheck.c index 7c4cd5ce1..442fa4a99 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck.c +++ b/src/libcharon/plugins/duplicheck/duplicheck.c @@ -71,7 +71,7 @@ int main(int argc, char *argv[]) { char buf[128]; int fd, len; - u_int16_t msglen; + uint16_t msglen; fd = make_connection(); if (fd < 0) diff --git a/src/libcharon/plugins/duplicheck/duplicheck_msg.h b/src/libcharon/plugins/duplicheck/duplicheck_msg.h index 99e297104..0f405746e 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_msg.h +++ b/src/libcharon/plugins/duplicheck/duplicheck_msg.h @@ -35,7 +35,7 @@ typedef struct duplicheck_msg_t duplicheck_msg_t; */ struct duplicheck_msg_t { /** length of the identity following, in network order (excluding len). */ - u_int16_t len; + uint16_t len; /** identity string, not null terminated */ char identity[]; } __attribute__((__packed__)); diff --git a/src/libcharon/plugins/duplicheck/duplicheck_notify.c b/src/libcharon/plugins/duplicheck/duplicheck_notify.c index f77b48b09..501d1229f 100644 --- a/src/libcharon/plugins/duplicheck/duplicheck_notify.c +++ b/src/libcharon/plugins/duplicheck/duplicheck_notify.c @@ -75,7 +75,7 @@ METHOD(duplicheck_notify_t, send_, void, { enumerator_t *enumerator; stream_t *stream; - u_int16_t nlen; + uint16_t nlen; char buf[512]; int len; diff --git a/src/libcharon/plugins/eap_aka/Makefile.in b/src/libcharon/plugins/eap_aka/Makefile.in index b5ffd8c24..8ac12c1f2 100644 --- a/src/libcharon/plugins/eap_aka/Makefile.in +++ b/src/libcharon/plugins/eap_aka/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_aka -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_aka/eap_aka_peer.c b/src/libcharon/plugins/eap_aka/eap_aka_peer.c index 810a19c55..3ab053ba6 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_peer.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_peer.c @@ -62,7 +62,7 @@ struct private_eap_aka_peer_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * MSK @@ -77,7 +77,7 @@ struct private_eap_aka_peer_t { /** * Counter value if reauthentication is used */ - u_int16_t counter; + uint16_t counter; }; /** @@ -105,7 +105,7 @@ static bool create_client_error(private_eap_aka_peer_t *this, eap_payload_t **out) { simaka_message_t *message; - u_int16_t encoded; + uint16_t encoded; DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, AKA_UNABLE_TO_PROCESS); @@ -347,7 +347,7 @@ static status_t process_challenge(private_eap_aka_peer_t *this, */ static bool counter_too_small(private_eap_aka_peer_t *this, chunk_t chunk) { - u_int16_t counter; + uint16_t counter; memcpy(&counter, chunk.ptr, sizeof(counter)); counter = htons(counter); @@ -483,7 +483,7 @@ static status_t process_notification(private_eap_aka_peer_t *this, { if (type == AT_NOTIFICATION) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); code = ntohs(code); @@ -594,7 +594,7 @@ METHOD(eap_method_t, initiate, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_aka_peer_t *this, u_int32_t *vendor) + private_eap_aka_peer_t *this, uint32_t *vendor) { *vendor = 0; return EAP_AKA; @@ -611,14 +611,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_aka_peer_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_aka_peer_t *this, u_int8_t identifier) + private_eap_aka_peer_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c index 04bfc170b..1ede56757 100644 --- a/src/libcharon/plugins/eap_aka/eap_aka_server.c +++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c @@ -65,7 +65,7 @@ struct private_eap_aka_server_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * Expected Result XRES @@ -238,7 +238,7 @@ static status_t challenge(private_eap_aka_server_t *this, eap_payload_t **out) * Initiate EAP-AKA/Request/Re-authentication message */ static status_t reauthenticate(private_eap_aka_server_t *this, - char mk[HASH_SIZE_SHA1], u_int16_t counter, + char mk[HASH_SIZE_SHA1], uint16_t counter, eap_payload_t **out) { simaka_message_t *message; @@ -341,7 +341,7 @@ static status_t process_identity(private_eap_aka_server_t *this, if (this->use_reauth) { char mk[HASH_SIZE_SHA1]; - u_int16_t counter; + uint16_t counter; permanent = this->mgr->provider_is_reauth(this->mgr, id, mk, &counter); if (permanent) @@ -564,7 +564,7 @@ static status_t process_client_error(private_eap_aka_server_t *this, { if (type == AT_CLIENT_ERROR_CODE) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); DBG1(DBG_IKE, "received EAP-AKA client error '%N'", @@ -637,7 +637,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_aka_server_t *this, u_int32_t *vendor) + private_eap_aka_server_t *this, uint32_t *vendor) { *vendor = 0; return EAP_AKA; @@ -654,14 +654,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_aka_server_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_aka_server_t *this, u_int8_t identifier) + private_eap_aka_server_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in index e0ad6fe2e..7dc9003c9 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in +++ b/src/libcharon/plugins/eap_aka_3gpp2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libsimaka/libsimaka.la subdir = src/libcharon/plugins/eap_aka_3gpp2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_aka_3gpp2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c index 93ea8d08c..cfe6407b0 100644 --- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c +++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_functions.c @@ -54,7 +54,7 @@ static chunk_t fmk = chunk_from_chars(0x41, 0x48, 0x41, 0x47); /** * Binary represnation of the polynom T^160 + T^5 + T^3 + T^2 + 1 */ -static u_int8_t g[] = { +static uint8_t g[] = { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2d @@ -63,7 +63,7 @@ static u_int8_t g[] = { /** * Predefined random bits from the RAND Corporation book */ -static u_int8_t a[] = { +static uint8_t a[] = { 0x9d, 0xe9, 0xc9, 0xc8, 0xef, 0xd5, 0x78, 0x11, 0x48, 0x23, 0x14, 0x01, 0x90, 0x1f, 0x2d, 0x49, 0x3f, 0x4c, 0x63, 0x65 @@ -72,7 +72,7 @@ static u_int8_t a[] = { /** * Predefined random bits from the RAND Corporation book */ -static u_int8_t b[] = { +static uint8_t b[] = { 0x75, 0xef, 0xd1, 0x5c, 0x4b, 0x8f, 0x8f, 0x51, 0x4e, 0xf3, 0xbc, 0xc3, 0x79, 0x4a, 0x76, 0x5e, 0x7e, 0xec, 0x45, 0xe0 @@ -171,7 +171,7 @@ static void mpz_mod_poly(mpz_t r, mpz_t a, mpz_t b) * XOR the key into the SHA1 IV */ static bool step3(prf_t *prf, u_char k[AKA_K_LEN], - u_char payload[AKA_PAYLOAD_LEN], u_int8_t h[HASH_SIZE_SHA1]) + u_char payload[AKA_PAYLOAD_LEN], uint8_t h[HASH_SIZE_SHA1]) { /* use the keyed hasher to build the hash */ return prf->set_key(prf, chunk_create(k, AKA_K_LEN)) && @@ -243,7 +243,7 @@ static bool fx(prf_t *prf, u_char f, u_char k[AKA_K_LEN], /** * Calculation function of f1() and f1star() */ -static bool f1x(prf_t *prf, u_int8_t f, u_char k[AKA_K_LEN], +static bool f1x(prf_t *prf, uint8_t f, u_char k[AKA_K_LEN], u_char rand[AKA_RAND_LEN], u_char sqn[AKA_SQN_LEN], u_char amf[AKA_AMF_LEN], u_char mac[AKA_MAC_LEN]) { diff --git a/src/libcharon/plugins/eap_dynamic/Makefile.in b/src/libcharon/plugins/eap_dynamic/Makefile.in index 821f6de6c..f81d54fc2 100644 --- a/src/libcharon/plugins/eap_dynamic/Makefile.in +++ b/src/libcharon/plugins/eap_dynamic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_dynamic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_dynamic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_dynamic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c index 3216446af..d0f0595de 100644 --- a/src/libcharon/plugins/eap_dynamic/eap_dynamic.c +++ b/src/libcharon/plugins/eap_dynamic/eap_dynamic.c @@ -73,7 +73,7 @@ static bool entry_matches(eap_vendor_type_t *item, eap_vendor_type_t *other) * Load the given EAP method */ static eap_method_t *load_method(private_eap_dynamic_t *this, - eap_type_t type, u_int32_t vendor) + eap_type_t type, uint32_t vendor) { eap_method_t *method; @@ -171,7 +171,7 @@ METHOD(eap_method_t, process, status_t, private_eap_dynamic_t *this, eap_payload_t *in, eap_payload_t **out) { eap_type_t received_type, type; - u_int32_t received_vendor, vendor; + uint32_t received_vendor, vendor; received_type = in->get_type(in, &received_vendor); if (received_vendor == 0 && received_type == EAP_NAK) @@ -225,7 +225,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_dynamic_t *this, u_int32_t *vendor) + private_eap_dynamic_t *this, uint32_t *vendor) { if (this->method) { @@ -245,7 +245,7 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_dynamic_t *this) { if (this->method) @@ -256,7 +256,7 @@ METHOD(eap_method_t, get_identifier, u_int8_t, } METHOD(eap_method_t, set_identifier, void, - private_eap_dynamic_t *this, u_int8_t identifier) + private_eap_dynamic_t *this, uint8_t identifier) { if (this->method) { @@ -335,7 +335,7 @@ static void get_supported_eap_types(private_eap_dynamic_t *this) { enumerator_t *enumerator; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; enumerator = charon->eap->create_enumerator(charon->eap, EAP_SERVER); while (enumerator->enumerate(enumerator, &type, &vendor)) diff --git a/src/libcharon/plugins/eap_gtc/Makefile.in b/src/libcharon/plugins/eap_gtc/Makefile.in index cfd7c4e24..f11d86051 100644 --- a/src/libcharon/plugins/eap_gtc/Makefile.in +++ b/src/libcharon/plugins/eap_gtc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_gtc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_gtc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_gtc/eap_gtc.c b/src/libcharon/plugins/eap_gtc/eap_gtc.c index 5fcd9ebc9..6f5c38edd 100644 --- a/src/libcharon/plugins/eap_gtc/eap_gtc.c +++ b/src/libcharon/plugins/eap_gtc/eap_gtc.c @@ -46,7 +46,7 @@ struct private_eap_gtc_t { /** * EAP message identififier */ - u_int8_t identifier; + uint8_t identifier; }; typedef struct eap_gtc_header_t eap_gtc_header_t; @@ -56,15 +56,15 @@ typedef struct eap_gtc_header_t eap_gtc_header_t; */ struct eap_gtc_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** type data */ - u_int8_t data[]; + uint8_t data[]; } __attribute__((__packed__)); METHOD(eap_method_t, initiate_peer, status_t, @@ -186,7 +186,7 @@ METHOD(eap_method_t, process_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_gtc_t *this, u_int32_t *vendor) + private_eap_gtc_t *this, uint32_t *vendor) { *vendor = 0; return EAP_GTC; @@ -198,14 +198,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_gtc_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_gtc_t *this, u_int8_t identifier) + private_eap_gtc_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_identity/Makefile.in b/src/libcharon/plugins/eap_identity/Makefile.in index 1c544f360..e9755aa71 100644 --- a/src/libcharon/plugins/eap_identity/Makefile.in +++ b/src/libcharon/plugins/eap_identity/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_identity -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_identity/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_identity/eap_identity.c b/src/libcharon/plugins/eap_identity/eap_identity.c index 6ecde065c..7d6dc4add 100644 --- a/src/libcharon/plugins/eap_identity/eap_identity.c +++ b/src/libcharon/plugins/eap_identity/eap_identity.c @@ -43,7 +43,7 @@ struct private_eap_identity_t { /** * EAP identifier */ - u_int8_t identifier; + uint8_t identifier; }; typedef struct eap_identity_header_t eap_identity_header_t; @@ -53,15 +53,15 @@ typedef struct eap_identity_header_t eap_identity_header_t; */ struct eap_identity_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** identity data */ - u_int8_t data[]; + uint8_t data[]; } __attribute__((__packed__)); METHOD(eap_method_t, process_peer, status_t, @@ -124,7 +124,7 @@ METHOD(eap_method_t, initiate_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_identity_t *this, u_int32_t *vendor) + private_eap_identity_t *this, uint32_t *vendor) { *vendor = 0; return EAP_IDENTITY; @@ -141,14 +141,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_identity_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_identity_t *this, u_int8_t identifier) + private_eap_identity_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_md5/Makefile.in b/src/libcharon/plugins/eap_md5/Makefile.in index e967262b6..82ba96d26 100644 --- a/src/libcharon/plugins/eap_md5/Makefile.in +++ b/src/libcharon/plugins/eap_md5/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_md5 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_md5/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c index d314e7a9e..2cb0db466 100644 --- a/src/libcharon/plugins/eap_md5/eap_md5.c +++ b/src/libcharon/plugins/eap_md5/eap_md5.c @@ -49,7 +49,7 @@ struct private_eap_md5_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; }; typedef struct eap_md5_header_t eap_md5_header_t; @@ -59,17 +59,17 @@ typedef struct eap_md5_header_t eap_md5_header_t; */ struct eap_md5_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** length of value (challenge) */ - u_int8_t value_size; + uint8_t value_size; /** actual value */ - u_int8_t value[]; + uint8_t value[]; } __attribute__((__packed__)); #define CHALLENGE_LEN 16 @@ -204,7 +204,7 @@ METHOD(eap_method_t, process_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_md5_t *this, u_int32_t *vendor) + private_eap_md5_t *this, uint32_t *vendor) { *vendor = 0; return EAP_MD5; @@ -222,14 +222,14 @@ METHOD(eap_method_t, is_mutual, bool, return FALSE; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_md5_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_md5_t *this, u_int8_t identifier) + private_eap_md5_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_mschapv2/Makefile.in b/src/libcharon/plugins/eap_mschapv2/Makefile.in index d96343a5c..c3b31cd9a 100644 --- a/src/libcharon/plugins/eap_mschapv2/Makefile.in +++ b/src/libcharon/plugins/eap_mschapv2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_mschapv2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_mschapv2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c index 16978f486..12f61f7f8 100644 --- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c @@ -70,12 +70,12 @@ struct private_eap_mschapv2_t /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * MS-CHAPv2-ID (session ID, increases with each retry) */ - u_int8_t mschapv2id; + uint8_t mschapv2id; /** * Number of retries @@ -179,21 +179,21 @@ typedef struct eap_mschapv2_response_t eap_mschapv2_response_t; struct eap_mschapv2_header_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** MS-CHAPv2 OpCode */ - u_int8_t opcode; + uint8_t opcode; /** MS-CHAPv2-ID (equals identifier) */ - u_int8_t ms_chapv2_id; + uint8_t ms_chapv2_id; /** MS-Length (defined as length - 5) */ - u_int16_t ms_length; + uint16_t ms_length; /** packet data (determined by OpCode) */ - u_int8_t data[]; + uint8_t data[]; }__attribute__((__packed__)); /** @@ -202,11 +202,11 @@ struct eap_mschapv2_header_t struct eap_mschapv2_challenge_t { /** Value-Size */ - u_int8_t value_size; + uint8_t value_size; /** Challenge */ - u_int8_t challenge[CHALLENGE_LEN]; + uint8_t challenge[CHALLENGE_LEN]; /** Name */ - u_int8_t name[]; + uint8_t name[]; }__attribute__((__packed__)); /** @@ -215,21 +215,21 @@ struct eap_mschapv2_challenge_t struct eap_mschapv2_response_t { /** Value-Size */ - u_int8_t value_size; + uint8_t value_size; /** Response */ struct { /* Peer-Challenge*/ - u_int8_t peer_challenge[CHALLENGE_LEN]; + uint8_t peer_challenge[CHALLENGE_LEN]; /* Reserved (=zero) */ - u_int8_t peer_reserved[8]; + uint8_t peer_reserved[8]; /* NT-Response */ - u_int8_t nt_response[24]; + uint8_t nt_response[24]; /* Flags (=zero) */ - u_int8_t flags; + uint8_t flags; } response; /** Name */ - u_int8_t name[]; + uint8_t name[]; }__attribute__((__packed__)); /** @@ -597,10 +597,10 @@ static chunk_t extract_username(chunk_t id) /** * Set the ms_length field using aligned write */ -static void set_ms_length(eap_mschapv2_header_t *eap, u_int16_t len) +static void set_ms_length(eap_mschapv2_header_t *eap, uint16_t len) { len = htons(len - 5); - memcpy(&eap->ms_length, &len, sizeof(u_int16_t)); + memcpy(&eap->ms_length, &len, sizeof(uint16_t)); } METHOD(eap_method_t, initiate_peer, status_t, @@ -617,7 +617,7 @@ METHOD(eap_method_t, initiate_server, status_t, eap_mschapv2_header_t *eap; eap_mschapv2_challenge_t *cha; const char *name = MSCHAPV2_HOST_NAME; - u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; + uint16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng || !rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge)) @@ -690,7 +690,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, eap_mschapv2_challenge_t *cha; eap_mschapv2_response_t *res; chunk_t data, peer_challenge, userid, username, nt_hash; - u_int16_t len = RESPONSE_PAYLOAD_LEN; + uint16_t len = RESPONSE_PAYLOAD_LEN; data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; @@ -779,7 +779,7 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, chunk_t data, auth_string = chunk_empty; char *message, *token, *msg = NULL; int message_len; - u_int16_t len = SHORT_HEADER_LEN; + uint16_t len = SHORT_HEADER_LEN; data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; @@ -1011,7 +1011,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, rng_t *rng; chunk_t hex; char msg[FAILURE_MESSAGE_LEN]; - u_int16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ + uint16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ if (++this->retries > MAX_RETRIES) { @@ -1127,7 +1127,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this, { chunk_t hex; char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)]; - u_int16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); + uint16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); eap = alloca(len); eap->code = EAP_REQUEST; @@ -1213,7 +1213,7 @@ METHOD(eap_method_t, process_server, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_mschapv2_t *this, u_int32_t *vendor) + private_eap_mschapv2_t *this, uint32_t *vendor) { *vendor = 0; return EAP_MSCHAPV2; @@ -1230,14 +1230,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_mschapv2_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_mschapv2_t *this, u_int8_t identifier) + private_eap_mschapv2_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_peap/Makefile.in b/src/libcharon/plugins/eap_peap/Makefile.in index 0f920fef8..2a01a369f 100644 --- a/src/libcharon/plugins/eap_peap/Makefile.in +++ b/src/libcharon/plugins/eap_peap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_peap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_peap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_peap/eap_peap.c b/src/libcharon/plugins/eap_peap/eap_peap.c index c24dd578c..4778a0977 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap.c +++ b/src/libcharon/plugins/eap_peap/eap_peap.c @@ -76,7 +76,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_peap_t *this, u_int32_t *vendor) + private_eap_peap_t *this, uint32_t *vendor) { *vendor = 0; return EAP_PEAP; @@ -93,14 +93,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_peap_t *this) { return this->tls_eap->get_identifier(this->tls_eap); } METHOD(eap_method_t, set_identifier, void, - private_eap_peap_t *this, u_int8_t identifier) + private_eap_peap_t *this, uint8_t identifier) { this->tls_eap->set_identifier(this->tls_eap, identifier); } diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.c b/src/libcharon/plugins/eap_peap/eap_peap_avp.c index 3f541ba23..d5ce5fbc1 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_avp.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.c @@ -47,7 +47,7 @@ struct private_eap_peap_avp_t { METHOD(eap_peap_avp_t, build, void, private_eap_peap_avp_t *this, bio_writer_t *writer, chunk_t data) { - u_int8_t code; + uint8_t code; eap_packet_t *pkt; chunk_t avp_data; @@ -71,10 +71,10 @@ METHOD(eap_peap_avp_t, build, void, METHOD(eap_peap_avp_t, process, status_t, private_eap_peap_avp_t* this, bio_reader_t *reader, chunk_t *data, - u_int8_t identifier) + uint8_t identifier) { - u_int8_t code; - u_int16_t len; + uint8_t code; + uint16_t len; eap_packet_t *pkt; chunk_t avp_data; diff --git a/src/libcharon/plugins/eap_peap/eap_peap_avp.h b/src/libcharon/plugins/eap_peap/eap_peap_avp.h index 98c5f1912..cc5930b62 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_avp.h +++ b/src/libcharon/plugins/eap_peap/eap_peap_avp.h @@ -45,7 +45,7 @@ struct eap_peap_avp_t { * - NEED_MORE if another invocation of process/build needed */ status_t (*process)(eap_peap_avp_t *this, bio_reader_t *reader, - chunk_t *data, u_int8_t identifier); + chunk_t *data, uint8_t identifier); /** * Build EAP-PEAP Message AVP to send out. diff --git a/src/libcharon/plugins/eap_peap/eap_peap_peer.c b/src/libcharon/plugins/eap_peap/eap_peap_peer.c index f482c5b54..2668ac432 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_peer.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_peer.c @@ -71,7 +71,7 @@ METHOD(tls_application_t, process, status_t, eap_payload_t *in; eap_code_t code; eap_type_t type, received_type; - u_int32_t vendor, received_vendor; + uint32_t vendor, received_vendor; status = this->avp->process(this->avp, reader, &data, this->ph1_method->get_identifier(this->ph1_method)); @@ -191,7 +191,7 @@ METHOD(tls_application_t, build, status_t, chunk_t data; eap_code_t code; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; if (this->out) { diff --git a/src/libcharon/plugins/eap_peap/eap_peap_server.c b/src/libcharon/plugins/eap_peap/eap_peap_server.c index 33b01e95e..7f8348e06 100644 --- a/src/libcharon/plugins/eap_peap/eap_peap_server.c +++ b/src/libcharon/plugins/eap_peap/eap_peap_server.c @@ -167,7 +167,7 @@ METHOD(tls_application_t, process, status_t, eap_payload_t *in; eap_code_t code; eap_type_t type = EAP_NAK, received_type; - u_int32_t vendor, received_vendor; + uint32_t vendor, received_vendor; status = this->avp->process(this->avp, reader, &data, this->ph1_method->get_identifier(this->ph1_method)); @@ -336,7 +336,7 @@ METHOD(tls_application_t, build, status_t, chunk_t data; eap_code_t code; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; if (this->ph2_method == NULL && this->start_phase2 && this->start_phase2_id) { diff --git a/src/libcharon/plugins/eap_radius/Makefile.in b/src/libcharon/plugins/eap_radius/Makefile.in index 881a5b7e3..cdba38cde 100644 --- a/src/libcharon/plugins/eap_radius/Makefile.in +++ b/src/libcharon/plugins/eap_radius/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_radius -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -470,7 +484,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_radius/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -789,6 +802,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_radius/eap_radius.c b/src/libcharon/plugins/eap_radius/eap_radius.c index 237f065fa..a2530e653 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius.c +++ b/src/libcharon/plugins/eap_radius/eap_radius.c @@ -55,12 +55,12 @@ struct private_eap_radius_t { /** * EAP vendor, if any */ - u_int32_t vendor; + uint32_t vendor; /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * RADIUS client instance @@ -86,15 +86,15 @@ static void add_eap_identity(private_eap_radius_t *this, { struct { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type */ - u_int8_t type; + uint8_t type; /** identity data */ - u_int8_t data[]; + uint8_t data[]; } __attribute__((__packed__)) *hdr; chunk_t id, prefix; size_t len; @@ -156,7 +156,7 @@ void eap_radius_build_attributes(radius_message_t *request) ike_sa_t *ike_sa; host_t *host; char buf[40], *station_id_fmt;; - u_int32_t value; + uint32_t value; chunk_t chunk; /* virtual NAS-Port-Type */ @@ -314,8 +314,8 @@ static void process_filter_id(radius_message_t *msg) { enumerator_t *enumerator; int type; - u_int8_t tunnel_tag; - u_int32_t tunnel_type; + uint8_t tunnel_tag; + uint32_t tunnel_type; chunk_t filter_id = chunk_empty, data; bool is_esp_tunnel = FALSE; @@ -395,7 +395,7 @@ static void process_timeout(radius_message_t *msg) /** * Add a Cisco Unity configuration attribute */ -static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id, +static void add_unity_attribute(eap_radius_provider_t *provider, uint32_t id, int type, chunk_t data) { switch (type) @@ -417,7 +417,7 @@ static void add_unity_attribute(eap_radius_provider_t *provider, u_int32_t id, * Add a DNS/NBNS configuration attribute */ static void add_nameserver_attribute(eap_radius_provider_t *provider, - u_int32_t id, int type, chunk_t data) + uint32_t id, int type, chunk_t data) { /* these are from different vendors, but there is currently no conflict */ switch (type) @@ -444,7 +444,7 @@ static void add_nameserver_attribute(eap_radius_provider_t *provider, * Add a UNITY_LOCAL_LAN or UNITY_SPLIT_INCLUDE attribute */ static void add_unity_split_attribute(eap_radius_provider_t *provider, - u_int32_t id, configuration_attribute_type_t type, + uint32_t id, configuration_attribute_type_t type, chunk_t data) { enumerator_t *enumerator; @@ -701,7 +701,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_radius_t *this, u_int32_t *vendor) + private_eap_radius_t *this, uint32_t *vendor) { *vendor = this->vendor; return this->type; @@ -721,14 +721,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_radius_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_radius_t *this, u_int8_t identifier) + private_eap_radius_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c index 4b7260349..0c302af51 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.c @@ -54,7 +54,7 @@ struct private_eap_radius_accounting_t { /** * Session ID prefix */ - u_int32_t prefix; + uint32_t prefix; /** * Format string we use for Called/Calling-Station-Id for a host @@ -101,8 +101,8 @@ typedef enum { */ typedef struct { struct { - u_int64_t sent; - u_int64_t received; + uint64_t sent; + uint64_t received; } bytes, packets; } usage_t; @@ -133,7 +133,7 @@ static inline void sub_usage(usage_t *a, usage_t b) */ typedef struct { /** unique CHILD_SA identifier */ - u_int32_t id; + uint32_t id; /** usage stats for this SA */ usage_t usage; } sa_entry_t; @@ -172,7 +172,7 @@ typedef struct { radius_acct_terminate_cause_t cause; /* interim interval and timestamp of last update */ struct { - u_int32_t interval; + uint32_t interval; time_t last; } interim; /** did we send Accounting-Start */ @@ -237,7 +237,7 @@ static int sa_find(const void *a, const void *b) /** * Update or create usage counters of a cached SA */ -static void update_sa(entry_t *entry, u_int32_t id, usage_t usage) +static void update_sa(entry_t *entry, uint32_t id, usage_t usage) { sa_entry_t *sa, lookup; @@ -402,7 +402,7 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this, host_t *vip, *host; char buf[MAX_RADIUS_ATTRIBUTE_SIZE + 1]; chunk_t data; - u_int32_t value; + uint32_t value; /* virtual NAS-Port-Type */ value = htonl(5); @@ -461,7 +461,7 @@ static void add_ike_sa_parameters(private_eap_radius_accounting_t *this, * Get an existing or create a new entry from the locked session table */ static entry_t* get_or_create_entry(private_eap_radius_accounting_t *this, - ike_sa_id_t *id, u_int32_t unique) + ike_sa_id_t *id, uint32_t unique) { entry_t *entry; time_t now; @@ -520,7 +520,7 @@ static job_requeue_t send_interim(interim_data_t *data) enumerator_t *enumerator; ike_sa_t *ike_sa; entry_t *entry; - u_int32_t value; + uint32_t value; array_t *stats; sa_entry_t *sa, *found; @@ -681,7 +681,7 @@ static void send_start(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa) { radius_message_t *message; entry_t *entry; - u_int32_t value; + uint32_t value; if (this->acct_req_vip && !has_vip(ike_sa)) { @@ -735,7 +735,7 @@ static void send_stop(private_eap_radius_accounting_t *this, ike_sa_t *ike_sa) enumerator_t *enumerator; entry_t *entry; sa_entry_t *sa; - u_int32_t value; + uint32_t value; this->mutex->lock(this->mutex); entry = this->sessions->remove(this->sessions, ike_sa->get_id(ike_sa)); @@ -931,7 +931,7 @@ METHOD(listener_t, child_rekey, bool, METHOD(listener_t, children_migrate, bool, private_eap_radius_accounting_t *this, ike_sa_t *ike_sa, ike_sa_id_t *new, - u_int32_t unique) + uint32_t unique) { enumerator_t *enumerator; sa_entry_t *sa, *sa_new, *cached; @@ -1020,7 +1020,7 @@ eap_radius_accounting_t *eap_radius_accounting_create() .destroy = _destroy, }, /* use system time as Session ID prefix */ - .prefix = (u_int32_t)time(NULL), + .prefix = (uint32_t)time(NULL), .sessions = hashtable_create((hashtable_hash_t)hash, (hashtable_equals_t)equals, 32), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), @@ -1050,7 +1050,7 @@ eap_radius_accounting_t *eap_radius_accounting_create() /** * See header */ -void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval) +void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval) { if (singleton) { diff --git a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h index 8d4f9a0e1..f7a19c9b5 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_accounting.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_accounting.h @@ -52,6 +52,6 @@ eap_radius_accounting_t *eap_radius_accounting_create(); * @param ike_sa IKE_SA to send updates for * @param interval interval for interim updates */ -void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, u_int32_t interval); +void eap_radius_accounting_start_interim(ike_sa_t *ike_sa, uint32_t interval); #endif /** EAP_RADIUS_ACCOUNTING_H_ @}*/ diff --git a/src/libcharon/plugins/eap_radius/eap_radius_dae.c b/src/libcharon/plugins/eap_radius/eap_radius_dae.c index a0bf99efd..fc9b39c3e 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_dae.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_dae.c @@ -293,7 +293,7 @@ static void process_disconnect(private_eap_radius_dae_t *this, * Apply a new lifetime to an IKE_SA */ static void apply_lifetime(private_eap_radius_dae_t *this, ike_sa_id_t *id, - u_int32_t lifetime) + uint32_t lifetime) { ike_sa_t *ike_sa; @@ -323,7 +323,7 @@ static void process_coa(private_eap_radius_dae_t *this, ike_sa_id_t *id; chunk_t data; int type; - u_int32_t lifetime = 0; + uint32_t lifetime = 0; bool lifetime_seen = FALSE; ids = get_matching_ike_sas(this, request, client); diff --git a/src/libcharon/plugins/eap_radius/eap_radius_forward.c b/src/libcharon/plugins/eap_radius/eap_radius_forward.c index 52ea84070..919e861be 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_forward.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_forward.c @@ -63,9 +63,9 @@ struct private_eap_radius_forward_t { */ typedef struct { /** vendor ID, 0 for standard attributes */ - u_int32_t vendor; + uint32_t vendor; /** attribute type */ - u_int8_t type; + uint8_t type; } attr_t; /** @@ -132,7 +132,7 @@ static bool is_attribute_selected(linked_list_t *selector, radius_attribute_type_t type, chunk_t data) { enumerator_t *enumerator; - u_int32_t vendor = 0; + uint32_t vendor = 0; attr_t *sel; bool found = FALSE; diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.c b/src/libcharon/plugins/eap_radius/eap_radius_provider.c index 0f207fbe6..9a87ad38d 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.c +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.c @@ -469,7 +469,7 @@ METHOD(attribute_provider_t, create_attribute_enumerator, enumerator_t*, } METHOD(eap_radius_provider_t, add_framed_ip, void, - private_eap_radius_provider_t *this, u_int32_t id, host_t *ip) + private_eap_radius_provider_t *this, uint32_t id, host_t *ip) { this->listener.mutex->lock(this->listener.mutex); add_addr(this, this->listener.unclaimed, id, ip); @@ -477,7 +477,7 @@ METHOD(eap_radius_provider_t, add_framed_ip, void, } METHOD(eap_radius_provider_t, add_attribute, void, - private_eap_radius_provider_t *this, u_int32_t id, + private_eap_radius_provider_t *this, uint32_t id, configuration_attribute_type_t type, chunk_t data) { attr_t *attr; diff --git a/src/libcharon/plugins/eap_radius/eap_radius_provider.h b/src/libcharon/plugins/eap_radius/eap_radius_provider.h index 5a62f4a38..80971bddb 100644 --- a/src/libcharon/plugins/eap_radius/eap_radius_provider.h +++ b/src/libcharon/plugins/eap_radius/eap_radius_provider.h @@ -42,7 +42,7 @@ struct eap_radius_provider_t { * @param id IKE_SA unique identifier * @param ip IP address received from RADIUS server, gets owned */ - void (*add_framed_ip)(eap_radius_provider_t *this, u_int32_t id, + void (*add_framed_ip)(eap_radius_provider_t *this, uint32_t id, host_t *ip); /** @@ -52,7 +52,7 @@ struct eap_radius_provider_t { * @param type attribute type * @param data attribute data */ - void (*add_attribute)(eap_radius_provider_t *this, u_int32_t id, + void (*add_attribute)(eap_radius_provider_t *this, uint32_t id, configuration_attribute_type_t type, chunk_t data); /** diff --git a/src/libcharon/plugins/eap_sim/Makefile.in b/src/libcharon/plugins/eap_sim/Makefile.in index aaa24bb17..f1b8adb71 100644 --- a/src/libcharon/plugins/eap_sim/Makefile.in +++ b/src/libcharon/plugins/eap_sim/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_sim -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c index 2637b4314..37f8a879e 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c @@ -64,7 +64,7 @@ struct private_eap_sim_peer_t { /** * EAP message identifier */ - u_int8_t identifier; + uint8_t identifier; /** * EAP-SIM crypto helper @@ -99,7 +99,7 @@ struct private_eap_sim_peer_t { /** * Counter value if reauthentication is used */ - u_int16_t counter; + uint16_t counter; }; /* version of SIM protocol we speak */ @@ -130,7 +130,7 @@ static bool create_client_error(private_eap_sim_peer_t *this, simaka_client_error_t code, eap_payload_t **out) { simaka_message_t *message; - u_int16_t encoded; + uint16_t encoded; DBG1(DBG_IKE, "sending client error '%N'", simaka_client_error_names, code); @@ -404,7 +404,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this, */ static bool counter_too_small(private_eap_sim_peer_t *this, chunk_t chunk) { - u_int16_t counter; + uint16_t counter; memcpy(&counter, chunk.ptr, sizeof(counter)); counter = htons(counter); @@ -540,7 +540,7 @@ static status_t process_notification(private_eap_sim_peer_t *this, { if (type == AT_NOTIFICATION) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); code = ntohs(code); @@ -650,7 +650,7 @@ METHOD(eap_method_t, initiate, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_sim_peer_t *this, u_int32_t *vendor) + private_eap_sim_peer_t *this, uint32_t *vendor) { *vendor = 0; return EAP_SIM; @@ -667,14 +667,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_sim_peer_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_sim_peer_t *this, u_int8_t identifier) + private_eap_sim_peer_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c index 5aa54db3e..3b413cfc6 100644 --- a/src/libcharon/plugins/eap_sim/eap_sim_server.c +++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c @@ -67,7 +67,7 @@ struct private_eap_sim_server_t { /** * unique EAP identifier */ - u_int8_t identifier; + uint8_t identifier; /** * concatenated SRES values @@ -163,7 +163,7 @@ METHOD(eap_method_t, initiate, status_t, * Initiate EAP-SIM/Request/Re-authentication message */ static status_t reauthenticate(private_eap_sim_server_t *this, - char mk[HASH_SIZE_SHA1], u_int16_t counter, + char mk[HASH_SIZE_SHA1], uint16_t counter, eap_payload_t **out) { simaka_message_t *message; @@ -328,7 +328,7 @@ static status_t process_start(private_eap_sim_server_t *this, if (this->use_reauth && !nonce.len) { char mk[HASH_SIZE_SHA1]; - u_int16_t counter; + uint16_t counter; permanent = this->mgr->provider_is_reauth(this->mgr, id, mk, &counter); @@ -495,7 +495,7 @@ static status_t process_client_error(private_eap_sim_server_t *this, { if (type == AT_CLIENT_ERROR_CODE) { - u_int16_t code; + uint16_t code; memcpy(&code, data.ptr, sizeof(code)); DBG1(DBG_IKE, "received EAP-SIM client error '%N'", @@ -551,7 +551,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_sim_server_t *this, u_int32_t *vendor) + private_eap_sim_server_t *this, uint32_t *vendor) { *vendor = 0; return EAP_SIM; @@ -568,14 +568,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_sim_server_t *this) { return this->identifier; } METHOD(eap_method_t, set_identifier, void, - private_eap_sim_server_t *this, u_int8_t identifier) + private_eap_sim_server_t *this, uint8_t identifier) { this->identifier = identifier; } diff --git a/src/libcharon/plugins/eap_sim_file/Makefile.in b/src/libcharon/plugins/eap_sim_file/Makefile.in index 6e61f99de..40ff9f245 100644 --- a/src/libcharon/plugins/eap_sim_file/Makefile.in +++ b/src/libcharon/plugins/eap_sim_file/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_sim_file -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_file/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in index e821e3ee2..354c7a12d 100644 --- a/src/libcharon/plugins/eap_sim_pcsc/Makefile.in +++ b/src/libcharon/plugins/eap_sim_pcsc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @MONOLITHIC_FALSE@am__append_1 = $(top_builddir)/src/libsimaka/libsimaka.la subdir = src/libcharon/plugins/eap_sim_pcsc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_sim_pcsc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in index b883f0abd..4e3105ffd 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_pseudonym/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_simaka_pseudonym -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_pseudonym/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c index b5bbdd60f..758bce4d9 100644 --- a/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c +++ b/src/libcharon/plugins/eap_simaka_pseudonym/eap_simaka_pseudonym_card.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -31,17 +32,32 @@ struct private_eap_simaka_pseudonym_card_t { eap_simaka_pseudonym_card_t public; /** - * Permanent -> pseudonym mappings + * Permanent -> pseudonym mappings (entry_t*) */ hashtable_t *pseudonym; - - /** - * Reverse pseudonym -> permanent mappings - */ - hashtable_t *permanent; }; /** + * Mapping between real and pseudonym identity + */ +typedef struct { + + /** Real identity */ + identification_t *id; + + /** Pseudonym */ + identification_t *pseudonym; + +} entry_t; + +static void destroy_entry(entry_t *this) +{ + this->id->destroy(this->id); + this->pseudonym->destroy(this->pseudonym); + free(this); +} + +/** * hashtable hash function */ static u_int hash(identification_t *key) @@ -60,12 +76,12 @@ static bool equals(identification_t *key1, identification_t *key2) METHOD(simaka_card_t, get_pseudonym, identification_t*, private_eap_simaka_pseudonym_card_t *this, identification_t *id) { - identification_t *pseudonym; + entry_t *entry; - pseudonym = this->pseudonym->get(this->pseudonym, id); - if (pseudonym) + entry = this->pseudonym->get(this->pseudonym, id); + if (entry) { - return pseudonym->clone(pseudonym); + return entry->pseudonym->clone(entry->pseudonym); } return NULL; } @@ -74,17 +90,17 @@ METHOD(simaka_card_t, set_pseudonym, void, private_eap_simaka_pseudonym_card_t *this, identification_t *id, identification_t *pseudonym) { - identification_t *permanent; - - /* create new entries */ - id = id->clone(id); - pseudonym = pseudonym->clone(pseudonym); - permanent = this->permanent->put(this->permanent, pseudonym, id); - pseudonym = this->pseudonym->put(this->pseudonym, id, pseudonym); + entry_t *entry; - /* delete old entries */ - DESTROY_IF(permanent); - DESTROY_IF(pseudonym); + INIT(entry, + .id = id->clone(id), + .pseudonym = pseudonym->clone(pseudonym), + ); + entry = this->pseudonym->put(this->pseudonym, entry->id, entry); + if (entry) + { + destroy_entry(entry); + } } METHOD(simaka_card_t, get_quintuplet, status_t, @@ -98,26 +114,7 @@ METHOD(simaka_card_t, get_quintuplet, status_t, METHOD(eap_simaka_pseudonym_card_t, destroy, void, private_eap_simaka_pseudonym_card_t *this) { - enumerator_t *enumerator; - identification_t *id; - void *key; - - enumerator = this->pseudonym->create_enumerator(this->pseudonym); - while (enumerator->enumerate(enumerator, &key, &id)) - { - id->destroy(id); - } - enumerator->destroy(enumerator); - - enumerator = this->permanent->create_enumerator(this->permanent); - while (enumerator->enumerate(enumerator, &key, &id)) - { - id->destroy(id); - } - enumerator->destroy(enumerator); - - this->pseudonym->destroy(this->pseudonym); - this->permanent->destroy(this->permanent); + this->pseudonym->destroy_function(this->pseudonym, (void*)destroy_entry); free(this); } @@ -142,9 +139,6 @@ eap_simaka_pseudonym_card_t *eap_simaka_pseudonym_card_create() .destroy = _destroy, }, .pseudonym = hashtable_create((void*)hash, (void*)equals, 0), - .permanent = hashtable_create((void*)hash, (void*)equals, 0), ); - return &this->public; } - diff --git a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in index 5417f9639..2d5747e01 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_reauth/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_simaka_reauth -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_reauth/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c index 5bc5fd382..153ec0f0d 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_card.c @@ -45,7 +45,7 @@ typedef struct { /** associated permanent identity */ identification_t *permanent; /** counter value */ - u_int16_t counter; + uint16_t counter; /** master key */ char mk[HASH_SIZE_SHA1]; } reauth_data_t; @@ -68,7 +68,7 @@ static bool equals(identification_t *key1, identification_t *key2) METHOD(simaka_card_t, get_reauth, identification_t*, private_eap_simaka_reauth_card_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter) + char mk[HASH_SIZE_SHA1], uint16_t *counter) { reauth_data_t *data; identification_t *reauth; @@ -89,7 +89,7 @@ METHOD(simaka_card_t, get_reauth, identification_t*, METHOD(simaka_card_t, set_reauth, void, private_eap_simaka_reauth_card_t *this, identification_t *id, - identification_t* next, char mk[HASH_SIZE_SHA1], u_int16_t counter) + identification_t* next, char mk[HASH_SIZE_SHA1], uint16_t counter) { reauth_data_t *data; diff --git a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c index 937095ec1..543b5579b 100644 --- a/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c +++ b/src/libcharon/plugins/eap_simaka_reauth/eap_simaka_reauth_provider.c @@ -53,7 +53,7 @@ typedef struct { /** currently used reauthentication identity */ identification_t *id; /** counter value */ - u_int16_t counter; + uint16_t counter; /** master key */ char mk[HASH_SIZE_SHA1]; } reauth_data_t; @@ -92,7 +92,7 @@ static identification_t *gen_identity(private_eap_simaka_reauth_provider_t *this METHOD(simaka_provider_t, is_reauth, identification_t*, private_eap_simaka_reauth_provider_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter) + char mk[HASH_SIZE_SHA1], uint16_t *counter) { identification_t *permanent; reauth_data_t *data; diff --git a/src/libcharon/plugins/eap_simaka_sql/Makefile.in b/src/libcharon/plugins/eap_simaka_sql/Makefile.in index c858e467c..a491899ac 100644 --- a/src/libcharon/plugins/eap_simaka_sql/Makefile.in +++ b/src/libcharon/plugins/eap_simaka_sql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_simaka_sql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_simaka_sql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_tls/Makefile.in b/src/libcharon/plugins/eap_tls/Makefile.in index c953d0e9c..c912f9ff4 100644 --- a/src/libcharon/plugins/eap_tls/Makefile.in +++ b/src/libcharon/plugins/eap_tls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_tls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_tls/eap_tls.c b/src/libcharon/plugins/eap_tls/eap_tls.c index bc01ba5df..79e87dc89 100644 --- a/src/libcharon/plugins/eap_tls/eap_tls.c +++ b/src/libcharon/plugins/eap_tls/eap_tls.c @@ -74,7 +74,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_tls_t *this, u_int32_t *vendor) + private_eap_tls_t *this, uint32_t *vendor) { *vendor = 0; return EAP_TLS; @@ -91,14 +91,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_tls_t *this) { return this->tls_eap->get_identifier(this->tls_eap); } METHOD(eap_method_t, set_identifier, void, - private_eap_tls_t *this, u_int8_t identifier) + private_eap_tls_t *this, uint8_t identifier) { this->tls_eap->set_identifier(this->tls_eap, identifier); } diff --git a/src/libcharon/plugins/eap_tnc/Makefile.in b/src/libcharon/plugins/eap_tnc/Makefile.in index 2f197ed33..efef3af20 100644 --- a/src/libcharon/plugins/eap_tnc/Makefile.in +++ b/src/libcharon/plugins/eap_tnc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_tnc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tnc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_tnc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index b563acdda..6f39b8455 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/eap_ttls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/eap_ttls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/eap_ttls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -786,6 +799,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index c99d47f8d..9987c43d4 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -76,7 +76,7 @@ METHOD(eap_method_t, process, status_t, } METHOD(eap_method_t, get_type, eap_type_t, - private_eap_ttls_t *this, u_int32_t *vendor) + private_eap_ttls_t *this, uint32_t *vendor) { *vendor = 0; return EAP_TTLS; @@ -93,14 +93,14 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } -METHOD(eap_method_t, get_identifier, u_int8_t, +METHOD(eap_method_t, get_identifier, uint8_t, private_eap_ttls_t *this) { return this->tls_eap->get_identifier(this->tls_eap); } METHOD(eap_method_t, set_identifier, void, - private_eap_ttls_t *this, u_int8_t identifier) + private_eap_ttls_t *this, uint8_t identifier) { this->tls_eap->set_identifier(this->tls_eap, identifier); } diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c index 47e0f8afb..f75e3e0a6 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c @@ -58,8 +58,8 @@ METHOD(eap_ttls_avp_t, build, void, { char zero_padding[] = { 0x00, 0x00, 0x00 }; chunk_t avp_padding; - u_int8_t avp_flags; - u_int32_t avp_len; + uint8_t avp_flags; + uint32_t avp_len; avp_flags = 0x40; avp_len = 8 + data.len; @@ -81,9 +81,9 @@ METHOD(eap_ttls_avp_t, process, status_t, if (this->process_header) { bio_reader_t *header; - u_int32_t avp_code; - u_int8_t avp_flags; - u_int32_t avp_len; + uint32_t avp_code; + uint8_t avp_flags; + uint32_t avp_len; bool success; len = min(reader->remaining(reader), AVP_HEADER_LEN - this->inpos); diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index e0b59a681..be6a0812e 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -75,8 +75,8 @@ METHOD(tls_application_t, process, status_t, eap_packet_t *pkt; eap_code_t code; eap_type_t type, received_type; - u_int32_t vendor, received_vendor; - u_int16_t eap_len; + uint32_t vendor, received_vendor; + uint16_t eap_len; size_t eap_pos = 0; bool concatenated = FALSE; @@ -240,7 +240,7 @@ METHOD(tls_application_t, build, status_t, chunk_t data; eap_code_t code; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; if (this->method == NULL && this->start_phase2) { diff --git a/src/libcharon/plugins/error_notify/Makefile.in b/src/libcharon/plugins/error_notify/Makefile.in index 03dfe3d60..d3fd2a198 100644 --- a/src/libcharon/plugins/error_notify/Makefile.in +++ b/src/libcharon/plugins/error_notify/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = error-notify$(EXEEXT) subdir = src/libcharon/plugins/error_notify -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -211,12 +220,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -266,6 +277,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -300,6 +312,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -411,6 +424,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -473,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/error_notify/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/error_notify/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -843,6 +856,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/error_notify/error_notify_listener.c b/src/libcharon/plugins/error_notify/error_notify_listener.c index ce577c62c..be84ec05b 100644 --- a/src/libcharon/plugins/error_notify/error_notify_listener.c +++ b/src/libcharon/plugins/error_notify/error_notify_listener.c @@ -83,6 +83,11 @@ METHOD(listener_t, alert, bool, snprintf(msg.str, sizeof(msg.str), "parsing IKE message from " "%#H failed", message->get_source(message)); break; + case ALERT_RETRANSMIT_SEND: + msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND); + snprintf(msg.str, sizeof(msg.str), "IKE message retransmission " + "number %u", va_arg(args, u_int)); + break; case ALERT_RETRANSMIT_SEND_TIMEOUT: msg.type = htonl(ERROR_NOTIFY_RETRANSMIT_SEND_TIMEOUT); snprintf(msg.str, sizeof(msg.str), diff --git a/src/libcharon/plugins/error_notify/error_notify_msg.h b/src/libcharon/plugins/error_notify/error_notify_msg.h index c66080276..74b590800 100644 --- a/src/libcharon/plugins/error_notify/error_notify_msg.h +++ b/src/libcharon/plugins/error_notify/error_notify_msg.h @@ -48,6 +48,7 @@ enum { ERROR_NOTIFY_CERT_EXPIRED = 17, ERROR_NOTIFY_CERT_REVOKED = 18, ERROR_NOTIFY_NO_ISSUER_CERT = 19, + ERROR_NOTIFY_RETRANSMIT_SEND = 20, }; /** diff --git a/src/libcharon/plugins/ext_auth/Makefile.in b/src/libcharon/plugins/ext_auth/Makefile.in index fce2e8e63..c49c55fdb 100644 --- a/src/libcharon/plugins/ext_auth/Makefile.in +++ b/src/libcharon/plugins/ext_auth/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/ext_auth -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/ext_auth/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/farp/Makefile.in b/src/libcharon/plugins/farp/Makefile.in index 2afc5ad76..4674a78b4 100644 --- a/src/libcharon/plugins/farp/Makefile.in +++ b/src/libcharon/plugins/farp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/farp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/farp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/farp/farp_listener.c b/src/libcharon/plugins/farp/farp_listener.c index 87c84359c..e19fc5972 100644 --- a/src/libcharon/plugins/farp/farp_listener.c +++ b/src/libcharon/plugins/farp/farp_listener.c @@ -50,7 +50,7 @@ typedef struct { /** list of remote selectors */ linked_list_t *remote; /** reqid of CHILD_SA */ - u_int32_t reqid; + uint32_t reqid; } entry_t; METHOD(listener_t, child_updown, bool, diff --git a/src/libcharon/plugins/farp/farp_spoofer.c b/src/libcharon/plugins/farp/farp_spoofer.c index 9f66d7407..c2715bd5a 100644 --- a/src/libcharon/plugins/farp/farp_spoofer.c +++ b/src/libcharon/plugins/farp/farp_spoofer.c @@ -54,15 +54,15 @@ struct private_farp_spoofer_t { * IP over Ethernet ARP message */ typedef struct __attribute__((packed)) { - u_int16_t hardware_type; - u_int16_t protocol_type; - u_int8_t hardware_size; - u_int8_t protocol_size; - u_int16_t opcode; - u_int8_t sender_mac[6]; - u_int8_t sender_ip[4]; - u_int8_t target_mac[6]; - u_int8_t target_ip[4]; + uint16_t hardware_type; + uint16_t protocol_type; + uint8_t hardware_size; + uint8_t protocol_size; + uint16_t opcode; + uint8_t sender_mac[6]; + uint8_t sender_ip[4]; + uint8_t target_mac[6]; + uint8_t target_ip[4]; } arp_t; /** diff --git a/src/libcharon/plugins/forecast/Makefile.in b/src/libcharon/plugins/forecast/Makefile.in index 4f2a407b4..d29134f33 100644 --- a/src/libcharon/plugins/forecast/Makefile.in +++ b/src/libcharon/plugins/forecast/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/forecast -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/forecast/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/forecast/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/forecast/forecast_forwarder.c b/src/libcharon/plugins/forecast/forecast_forwarder.c index 40aaa7f25..ce3909737 100644 --- a/src/libcharon/plugins/forecast/forecast_forwarder.c +++ b/src/libcharon/plugins/forecast/forecast_forwarder.c @@ -55,7 +55,7 @@ struct private_kernel_listener_t { /** * current broadcast address of internal network */ - u_int32_t broadcast; + uint32_t broadcast; /** * LAN interface index @@ -105,7 +105,7 @@ static void send_net(private_forecast_forwarder_t *this, /** * Send a broadcast/multicast packet to a peer */ -static void send_peer(private_forecast_forwarder_t *this, u_int32_t dst, +static void send_peer(private_forecast_forwarder_t *this, uint32_t dst, void *buf, size_t len, int mark) { struct sockaddr_in addr = { @@ -317,7 +317,7 @@ static void join_groups(private_kernel_listener_t *this, struct sockaddr *addr) /** * Attach the socket filter to the socket */ -static bool attach_filter(int fd, u_int32_t broadcast) +static bool attach_filter(int fd, uint32_t broadcast) { struct sock_filter filter_code[] = { /* destination address: is ... */ diff --git a/src/libcharon/plugins/forecast/forecast_listener.c b/src/libcharon/plugins/forecast/forecast_listener.c index 8f7f2600c..3f252db2d 100644 --- a/src/libcharon/plugins/forecast/forecast_listener.c +++ b/src/libcharon/plugins/forecast/forecast_listener.c @@ -67,7 +67,7 @@ struct private_forecast_listener_t { /** * Broadcast address on LAN interface, network order */ - u_int32_t broadcast; + uint32_t broadcast; }; /** @@ -85,13 +85,13 @@ typedef struct { /** remote IKE_SA endpoint */ host_t *rhost; /** inbound SPI */ - u_int32_t spi; + uint32_t spi; /** use UDP encapsulation */ bool encap; /** whether we should allow reencapsulation of IPsec received forecasts */ bool reinject; /** broadcast address used for that entry */ - u_int32_t broadcast; + uint32_t broadcast; } entry_t; /** @@ -115,7 +115,7 @@ static void entry_destroy(entry_t *entry) static bool ts2in(traffic_selector_t *ts, struct in_addr *addr, struct in_addr *mask) { - u_int8_t bits; + uint8_t bits; host_t *net; if (ts->get_type(ts) == TS_IPV4_ADDR_RANGE && @@ -179,12 +179,12 @@ static bool manage_rule(struct iptc_handle *ipth, const char *chain, static bool manage_pre_esp_in_udp(struct iptc_handle *ipth, entry_t *entry, bool add) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_udp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -240,12 +240,12 @@ static bool manage_pre_esp_in_udp(struct iptc_handle *ipth, */ static bool manage_pre_esp(struct iptc_handle *ipth, entry_t *entry, bool add) { - u_int16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + + uint16_t match_size = XT_ALIGN(sizeof(struct ipt_entry_match)) + XT_ALIGN(sizeof(struct xt_esp)); - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)) + match_size; + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -306,10 +306,10 @@ static bool manage_pre(struct iptc_handle *ipth, entry_t *entry, bool add) */ static bool manage_out(struct iptc_handle *ipth, entry_t *entry, bool add) { - u_int16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)); - u_int16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + + uint16_t target_offset = XT_ALIGN(sizeof(struct ipt_entry)); + uint16_t target_size = XT_ALIGN(sizeof(struct ipt_entry_target)) + XT_ALIGN(sizeof(struct xt_mark_tginfo2)); - u_int16_t entry_size = target_offset + target_size; + uint16_t entry_size = target_offset + target_size; u_char ipt[entry_size], *pos = ipt; struct ipt_entry *e; @@ -617,7 +617,7 @@ METHOD(listener_t, ike_update, bool, * Filter to map entries to ts/mark */ static bool ts_filter(entry_t *entry, traffic_selector_t **ts, - traffic_selector_t **out, void *dummy, u_int32_t *mark, + traffic_selector_t **out, void *dummy, uint32_t *mark, void *dummy2, bool *reinject) { *out = *ts; diff --git a/src/libcharon/plugins/ha/Makefile.in b/src/libcharon/plugins/ha/Makefile.in index 677c36afe..420b8bdb7 100644 --- a/src/libcharon/plugins/ha/Makefile.in +++ b/src/libcharon/plugins/ha/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/ha -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -472,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/ha/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -796,6 +809,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/ha/ha_attribute.c b/src/libcharon/plugins/ha/ha_attribute.c index 2b271a8e7..b20ef876a 100644 --- a/src/libcharon/plugins/ha/ha_attribute.c +++ b/src/libcharon/plugins/ha/ha_attribute.c @@ -83,7 +83,7 @@ static host_t* offset2host(pool_t *pool, int offset) { chunk_t addr; host_t *host; - u_int32_t *pos; + uint32_t *pos; if (offset > pool->size) { @@ -93,11 +93,11 @@ static host_t* offset2host(pool_t *pool, int offset) addr = chunk_clone(pool->base->get_address(pool->base)); if (pool->base->get_family(pool->base) == AF_INET6) { - pos = (u_int32_t*)(addr.ptr + 12); + pos = (uint32_t*)(addr.ptr + 12); } else { - pos = (u_int32_t*)addr.ptr; + pos = (uint32_t*)addr.ptr; } *pos = htonl(offset + ntohl(*pos)); host = host_create_from_chunk(pool->base->get_family(pool->base), addr, 0); @@ -111,7 +111,7 @@ static host_t* offset2host(pool_t *pool, int offset) static int host2offset(pool_t *pool, host_t *addr) { chunk_t host, base; - u_int32_t hosti, basei; + uint32_t hosti, basei; if (addr->get_family(addr) != pool->base->get_family(pool->base)) { @@ -129,8 +129,8 @@ static int host2offset(pool_t *pool, host_t *addr) host = chunk_skip(host, 12); base = chunk_skip(base, 12); } - hosti = ntohl(*(u_int32_t*)(host.ptr)); - basei = ntohl(*(u_int32_t*)(base.ptr)); + hosti = ntohl(*(uint32_t*)(host.ptr)); + basei = ntohl(*(uint32_t*)(base.ptr)); if (hosti > basei + pool->size) { return -1; diff --git a/src/libcharon/plugins/ha/ha_cache.c b/src/libcharon/plugins/ha/ha_cache.c index 0650f7fd9..8394eb722 100644 --- a/src/libcharon/plugins/ha/ha_cache.c +++ b/src/libcharon/plugins/ha/ha_cache.c @@ -186,11 +186,13 @@ METHOD(ha_cache_t, delete_, void, { entry_t *entry; + this->mutex->lock(this->mutex); entry = this->cache->remove(this->cache, ike_sa); if (entry) { entry_destroy(entry); } + this->mutex->unlock(this->mutex); } /** @@ -204,7 +206,7 @@ static status_t rekey_children(ike_sa_t *ike_sa) linked_list_t *children; struct { protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; } *info; children = linked_list_create(); diff --git a/src/libcharon/plugins/ha/ha_child.c b/src/libcharon/plugins/ha/ha_child.c index 7dafb1693..8c9f66aa7 100644 --- a/src/libcharon/plugins/ha/ha_child.c +++ b/src/libcharon/plugins/ha/ha_child.c @@ -55,7 +55,7 @@ METHOD(listener_t, child_keys, bool, ha_message_t *m; chunk_t secret; proposal_t *proposal; - u_int16_t alg, len; + uint16_t alg, len; linked_list_t *local_ts, *remote_ts; enumerator_t *enumerator; traffic_selector_t *ts; @@ -69,7 +69,7 @@ METHOD(listener_t, child_keys, bool, m = ha_message_create(HA_CHILD_ADD); m->add_attribute(m, HA_IKE_ID, ike_sa->get_id(ike_sa)); - m->add_attribute(m, HA_INITIATOR, (u_int8_t)initiator); + m->add_attribute(m, HA_INITIATOR, (uint8_t)initiator); m->add_attribute(m, HA_INBOUND_SPI, child_sa->get_spi(child_sa, TRUE)); m->add_attribute(m, HA_OUTBOUND_SPI, child_sa->get_spi(child_sa, FALSE)); m->add_attribute(m, HA_INBOUND_CPI, child_sa->get_cpi(child_sa, TRUE)); diff --git a/src/libcharon/plugins/ha/ha_dispatcher.c b/src/libcharon/plugins/ha/ha_dispatcher.c index ce90f5bfe..ee66b8442 100644 --- a/src/libcharon/plugins/ha/ha_dispatcher.c +++ b/src/libcharon/plugins/ha/ha_dispatcher.c @@ -131,8 +131,8 @@ static void process_ike_add(private_ha_dispatcher_t *this, ha_message_t *message enumerator_t *enumerator; ike_sa_t *ike_sa = NULL, *old_sa = NULL; ike_version_t version = IKEV2; - u_int16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED; - u_int16_t dh_grp = 0; + uint16_t encr = 0, len = 0, integ = 0, prf = 0, old_prf = PRF_UNDEFINED; + uint16_t dh_grp = 0; chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty; chunk_t secret = chunk_empty, old_skd = chunk_empty; chunk_t dh_local = chunk_empty, dh_remote = chunk_empty, psk = chunk_empty; @@ -486,7 +486,7 @@ static void process_ike_mid(private_ha_dispatcher_t *this, ha_message_value_t value; enumerator_t *enumerator; ike_sa_t *ike_sa = NULL; - u_int32_t mid = 0; + uint32_t mid = 0; enumerator = message->create_attribute_enumerator(message); while (enumerator->enumerate(enumerator, &attribute, &value)) @@ -652,11 +652,11 @@ static void process_child_add(private_ha_dispatcher_t *this, child_sa_t *child_sa; proposal_t *proposal; bool initiator = FALSE, failed = FALSE, ok = FALSE; - u_int32_t inbound_spi = 0, outbound_spi = 0; - u_int16_t inbound_cpi = 0, outbound_cpi = 0; - u_int8_t mode = MODE_TUNNEL, ipcomp = 0; - u_int16_t encr = 0, integ = 0, len = 0, dh_grp = 0; - u_int16_t esn = NO_EXT_SEQ_NUMBERS; + uint32_t inbound_spi = 0, outbound_spi = 0; + uint16_t inbound_cpi = 0, outbound_cpi = 0; + uint8_t mode = MODE_TUNNEL, ipcomp = 0; + uint16_t encr = 0, integ = 0, len = 0, dh_grp = 0; + uint16_t esn = NO_EXT_SEQ_NUMBERS; u_int seg_i, seg_o; chunk_t nonce_i = chunk_empty, nonce_r = chunk_empty, secret = chunk_empty; chunk_t encr_i, integ_i, encr_r, integ_r; @@ -777,7 +777,7 @@ static void process_child_add(private_ha_dispatcher_t *this, if (ike_sa->get_version(ike_sa) == IKEV1) { keymat_v1_t *keymat_v1 = (keymat_v1_t*)ike_sa->get_keymat(ike_sa); - u_int32_t spi_i, spi_r; + uint32_t spi_i, spi_r; spi_i = initiator ? inbound_spi : outbound_spi; spi_r = initiator ? outbound_spi : inbound_spi; @@ -889,7 +889,7 @@ static void process_child_delete(private_ha_dispatcher_t *this, enumerator_t *enumerator; ike_sa_t *ike_sa = NULL; child_sa_t *child_sa; - u_int32_t spi = 0; + uint32_t spi = 0; enumerator = message->create_attribute_enumerator(message); while (enumerator->enumerate(enumerator, &attribute, &value)) diff --git a/src/libcharon/plugins/ha/ha_ike.c b/src/libcharon/plugins/ha/ha_ike.c index 3ffcaee6b..992ccb06c 100644 --- a/src/libcharon/plugins/ha/ha_ike.c +++ b/src/libcharon/plugins/ha/ha_ike.c @@ -78,7 +78,7 @@ METHOD(listener_t, ike_keys, bool, ha_message_t *m; chunk_t secret; proposal_t *proposal; - u_int16_t alg, len; + uint16_t alg, len; if (this->tunnel && this->tunnel->is_sa(this->tunnel, ike_sa)) { /* do not sync SA between nodes */ @@ -168,7 +168,7 @@ METHOD(listener_t, ike_updown, bool, { enumerator_t *enumerator; peer_cfg_t *peer_cfg; - u_int32_t extension, condition; + uint32_t extension, condition; host_t *addr; ike_sa_id_t *id; identification_t *eap_id; @@ -349,7 +349,7 @@ METHOD(listener_t, message_hook, bool, ha_message_t *m; notify_payload_t *notify; chunk_t data; - u_int32_t seq; + uint32_t seq; notify = message->get_notify(message, DPD_R_U_THERE); if (notify) diff --git a/src/libcharon/plugins/ha/ha_kernel.c b/src/libcharon/plugins/ha/ha_kernel.c index bd43dc351..061741eb7 100644 --- a/src/libcharon/plugins/ha/ha_kernel.c +++ b/src/libcharon/plugins/ha/ha_kernel.c @@ -15,8 +15,8 @@ #include "ha_kernel.h" -typedef u_int32_t u32; -typedef u_int8_t u8; +typedef uint32_t u32; +typedef uint8_t u8; #include <sys/utsname.h> #include <string.h> @@ -115,9 +115,9 @@ static jhash_version_t get_jhash_version() /** * jhash algorithm of two words, as used in kernel (using 0 as initval) */ -static u_int32_t jhash(jhash_version_t version, u_int32_t a, u_int32_t b) +static uint32_t jhash(jhash_version_t version, uint32_t a, uint32_t b) { - u_int32_t c = 0; + uint32_t c = 0; switch (version) { @@ -162,7 +162,7 @@ static u_int32_t jhash(jhash_version_t version, u_int32_t a, u_int32_t b) /** * Segmentate a calculated hash */ -static u_int hash2segment(private_ha_kernel_t *this, u_int64_t hash) +static u_int hash2segment(private_ha_kernel_t *this, uint64_t hash) { return ((hash * this->count) >> 32) + 1; } @@ -170,11 +170,11 @@ static u_int hash2segment(private_ha_kernel_t *this, u_int64_t hash) /** * Get a host as an integer for hashing */ -static u_int32_t host2int(host_t *host) +static uint32_t host2int(host_t *host) { if (host->get_family(host) == AF_INET) { - return *(u_int32_t*)host->get_address(host).ptr; + return *(uint32_t*)host->get_address(host).ptr; } return 0; } @@ -183,7 +183,7 @@ METHOD(ha_kernel_t, get_segment, u_int, private_ha_kernel_t *this, host_t *host) { unsigned long hash; - u_int32_t addr; + uint32_t addr; addr = host2int(host); hash = jhash(this->version, ntohl(addr), 0); @@ -192,10 +192,10 @@ METHOD(ha_kernel_t, get_segment, u_int, } METHOD(ha_kernel_t, get_segment_spi, u_int, - private_ha_kernel_t *this, host_t *host, u_int32_t spi) + private_ha_kernel_t *this, host_t *host, uint32_t spi) { unsigned long hash; - u_int32_t addr; + uint32_t addr; addr = host2int(host); hash = jhash(this->version, ntohl(addr), ntohl(spi)); diff --git a/src/libcharon/plugins/ha/ha_kernel.h b/src/libcharon/plugins/ha/ha_kernel.h index 7b56f1e3a..bd0a3825b 100644 --- a/src/libcharon/plugins/ha/ha_kernel.h +++ b/src/libcharon/plugins/ha/ha_kernel.h @@ -45,7 +45,7 @@ struct ha_kernel_t { * @param spi SPI to include in hash * @return segment number */ - u_int (*get_segment_spi)(ha_kernel_t *this, host_t *host, u_int32_t spi); + u_int (*get_segment_spi)(ha_kernel_t *this, host_t *host, uint32_t spi); /** * Get the segment an arbitrary integer is in. diff --git a/src/libcharon/plugins/ha/ha_message.c b/src/libcharon/plugins/ha/ha_message.c index b40219ce1..42dfaf0e2 100644 --- a/src/libcharon/plugins/ha/ha_message.c +++ b/src/libcharon/plugins/ha/ha_message.c @@ -67,10 +67,10 @@ typedef struct ike_sa_id_encoding_t ike_sa_id_encoding_t; * Encoding if an ike_sa_id_t */ struct ike_sa_id_encoding_t { - u_int8_t ike_version; - u_int64_t initiator_spi; - u_int64_t responder_spi; - u_int8_t initiator; + uint8_t ike_version; + uint64_t initiator_spi; + uint64_t responder_spi; + uint8_t initiator; } __attribute__((packed)); typedef struct identification_encoding_t identification_encoding_t; @@ -79,8 +79,8 @@ typedef struct identification_encoding_t identification_encoding_t; * Encoding of a identification_t */ struct identification_encoding_t { - u_int8_t type; - u_int8_t len; + uint8_t type; + uint8_t len; char encoding[]; } __attribute__((packed)); @@ -90,8 +90,8 @@ typedef struct host_encoding_t host_encoding_t; * encoding of a host_t */ struct host_encoding_t { - u_int16_t port; - u_int8_t family; + uint16_t port; + uint8_t family; char encoding[]; } __attribute__((packed)); @@ -101,11 +101,11 @@ typedef struct ts_encoding_t ts_encoding_t; * encoding of a traffic_selector_t */ struct ts_encoding_t { - u_int8_t type; - u_int8_t protocol; - u_int16_t from_port; - u_int16_t to_port; - u_int8_t dynamic; + uint8_t type; + uint8_t protocol; + uint16_t from_port; + uint16_t to_port; + uint8_t dynamic; char encoding[]; } __attribute__((packed)); @@ -139,9 +139,9 @@ METHOD(ha_message_t, add_attribute, void, size_t len; va_list args; - check_buf(this, sizeof(u_int8_t)); + check_buf(this, sizeof(uint8_t)); this->buf.ptr[this->buf.len] = attribute; - this->buf.len += sizeof(u_int8_t); + this->buf.len += sizeof(uint8_t); va_start(args, attribute); switch (attribute) @@ -215,13 +215,13 @@ METHOD(ha_message_t, add_attribute, void, this->buf.len += len; break; } - /* u_int8_t */ + /* uint8_t */ case HA_IKE_VERSION: case HA_INITIATOR: case HA_IPSEC_MODE: case HA_IPCOMP: { - u_int8_t val; + uint8_t val; val = va_arg(args, u_int); check_buf(this, sizeof(val)); @@ -229,7 +229,7 @@ METHOD(ha_message_t, add_attribute, void, this->buf.len += sizeof(val); break; } - /* u_int16_t */ + /* uint16_t */ case HA_ALG_DH: case HA_ALG_PRF: case HA_ALG_OLD_PRF: @@ -241,26 +241,26 @@ METHOD(ha_message_t, add_attribute, void, case HA_SEGMENT: case HA_ESN: { - u_int16_t val; + uint16_t val; val = va_arg(args, u_int); check_buf(this, sizeof(val)); - *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(val); + *(uint16_t*)(this->buf.ptr + this->buf.len) = htons(val); this->buf.len += sizeof(val); break; } - /** u_int32_t */ + /** uint32_t */ case HA_CONDITIONS: case HA_EXTENSIONS: case HA_INBOUND_SPI: case HA_OUTBOUND_SPI: case HA_MID: { - u_int32_t val; + uint32_t val; val = va_arg(args, u_int); check_buf(this, sizeof(val)); - *(u_int32_t*)(this->buf.ptr + this->buf.len) = htonl(val); + *(uint32_t*)(this->buf.ptr + this->buf.len) = htonl(val); this->buf.len += sizeof(val); break; } @@ -277,11 +277,11 @@ METHOD(ha_message_t, add_attribute, void, chunk_t chunk; chunk = va_arg(args, chunk_t); - check_buf(this, chunk.len + sizeof(u_int16_t)); - *(u_int16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len); - memcpy(this->buf.ptr + this->buf.len + sizeof(u_int16_t), + check_buf(this, chunk.len + sizeof(uint16_t)); + *(uint16_t*)(this->buf.ptr + this->buf.len) = htons(chunk.len); + memcpy(this->buf.ptr + this->buf.len + sizeof(uint16_t), chunk.ptr, chunk.len); - this->buf.len += chunk.len + sizeof(u_int16_t);; + this->buf.len += chunk.len + sizeof(uint16_t);; break; } /** traffic_selector_t */ @@ -309,7 +309,7 @@ METHOD(ha_message_t, add_attribute, void, default: { DBG1(DBG_CFG, "unable to encode, attribute %d unknown", attribute); - this->buf.len -= sizeof(u_int8_t); + this->buf.len -= sizeof(uint8_t); break; } } @@ -435,22 +435,22 @@ METHOD(enumerator_t, attribute_enumerate, bool, this->buf = chunk_skip(this->buf, len + 1); return TRUE; } - /* u_int8_t */ + /* uint8_t */ case HA_IKE_VERSION: case HA_INITIATOR: case HA_IPSEC_MODE: case HA_IPCOMP: { - if (this->buf.len < sizeof(u_int8_t)) + if (this->buf.len < sizeof(uint8_t)) { return FALSE; } - value->u8 = *(u_int8_t*)this->buf.ptr; + value->u8 = *(uint8_t*)this->buf.ptr; *attr_out = attr; - this->buf = chunk_skip(this->buf, sizeof(u_int8_t)); + this->buf = chunk_skip(this->buf, sizeof(uint8_t)); return TRUE; } - /** u_int16_t */ + /** uint16_t */ case HA_ALG_DH: case HA_ALG_PRF: case HA_ALG_OLD_PRF: @@ -462,29 +462,29 @@ METHOD(enumerator_t, attribute_enumerate, bool, case HA_SEGMENT: case HA_ESN: { - if (this->buf.len < sizeof(u_int16_t)) + if (this->buf.len < sizeof(uint16_t)) { return FALSE; } - value->u16 = ntohs(*(u_int16_t*)this->buf.ptr); + value->u16 = ntohs(*(uint16_t*)this->buf.ptr); *attr_out = attr; - this->buf = chunk_skip(this->buf, sizeof(u_int16_t)); + this->buf = chunk_skip(this->buf, sizeof(uint16_t)); return TRUE; } - /** u_int32_t */ + /** uint32_t */ case HA_CONDITIONS: case HA_EXTENSIONS: case HA_INBOUND_SPI: case HA_OUTBOUND_SPI: case HA_MID: { - if (this->buf.len < sizeof(u_int32_t)) + if (this->buf.len < sizeof(uint32_t)) { return FALSE; } - value->u32 = ntohl(*(u_int32_t*)this->buf.ptr); + value->u32 = ntohl(*(uint32_t*)this->buf.ptr); *attr_out = attr; - this->buf = chunk_skip(this->buf, sizeof(u_int32_t)); + this->buf = chunk_skip(this->buf, sizeof(uint32_t)); return TRUE; } /** chunk_t */ @@ -499,12 +499,12 @@ METHOD(enumerator_t, attribute_enumerate, bool, { size_t len; - if (this->buf.len < sizeof(u_int16_t)) + if (this->buf.len < sizeof(uint16_t)) { return FALSE; } - len = ntohs(*(u_int16_t*)this->buf.ptr); - this->buf = chunk_skip(this->buf, sizeof(u_int16_t)); + len = ntohs(*(uint16_t*)this->buf.ptr); + this->buf = chunk_skip(this->buf, sizeof(uint16_t)); if (this->buf.len < len) { return FALSE; diff --git a/src/libcharon/plugins/ha/ha_message.h b/src/libcharon/plugins/ha/ha_message.h index fe1786edf..630c8af8f 100644 --- a/src/libcharon/plugins/ha/ha_message.h +++ b/src/libcharon/plugins/ha/ha_message.h @@ -92,9 +92,9 @@ enum ha_message_attribute_t { HA_REMOTE_ADDR, /** char*, name of configuration */ HA_CONFIG_NAME, - /** u_int32_t, bitset of ike_condition_t */ + /** uint32_t, bitset of ike_condition_t */ HA_CONDITIONS, - /** u_int32_t, bitset of ike_extension_t */ + /** uint32_t, bitset of ike_extension_t */ HA_EXTENSIONS, /** host_t*, local virtual IP */ HA_LOCAL_VIP, @@ -102,7 +102,7 @@ enum ha_message_attribute_t { HA_REMOTE_VIP, /** host_t*, known peer addresses (used for MOBIKE) */ HA_PEER_ADDR, - /** u_int8_t, initiator of an exchange, TRUE for local */ + /** uint8_t, initiator of an exchange, TRUE for local */ HA_INITIATOR, /** chunk_t, initiators nonce */ HA_NONCE_I, @@ -112,41 +112,41 @@ enum ha_message_attribute_t { HA_SECRET, /** chunk_t, SKd of old SA if rekeying */ HA_OLD_SKD, - /** u_int16_t, pseudo random function */ + /** uint16_t, pseudo random function */ HA_ALG_PRF, - /** u_int16_t, old pseudo random function if rekeying */ + /** uint16_t, old pseudo random function if rekeying */ HA_ALG_OLD_PRF, - /** u_int16_t, encryption algorithm */ + /** uint16_t, encryption algorithm */ HA_ALG_ENCR, - /** u_int16_t, encryption key size in bytes */ + /** uint16_t, encryption key size in bytes */ HA_ALG_ENCR_LEN, - /** u_int16_t, integrity protection algorithm */ + /** uint16_t, integrity protection algorithm */ HA_ALG_INTEG, - /** u_int16_t, DH group */ + /** uint16_t, DH group */ HA_ALG_DH, - /** u_int8_t, IPsec mode, TUNNEL|TRANSPORT|... */ + /** uint8_t, IPsec mode, TUNNEL|TRANSPORT|... */ HA_IPSEC_MODE, - /** u_int8_t, IPComp protocol */ + /** uint8_t, IPComp protocol */ HA_IPCOMP, - /** u_int32_t, inbound security parameter index */ + /** uint32_t, inbound security parameter index */ HA_INBOUND_SPI, - /** u_int32_t, outbound security parameter index */ + /** uint32_t, outbound security parameter index */ HA_OUTBOUND_SPI, - /** u_int16_t, inbound security parameter index */ + /** uint16_t, inbound security parameter index */ HA_INBOUND_CPI, - /** u_int16_t, outbound security parameter index */ + /** uint16_t, outbound security parameter index */ HA_OUTBOUND_CPI, /** traffic_selector_t*, local traffic selector */ HA_LOCAL_TS, /** traffic_selector_t*, remote traffic selector */ HA_REMOTE_TS, - /** u_int32_t, message ID */ + /** uint32_t, message ID */ HA_MID, - /** u_int16_t, HA segment */ + /** uint16_t, HA segment */ HA_SEGMENT, - /** u_int16_t, Extended Sequence numbers */ + /** uint16_t, Extended Sequence numbers */ HA_ESN, - /** u_int8_t, IKE version */ + /** uint8_t, IKE version */ HA_IKE_VERSION, /** chunk_t, own DH public value */ HA_LOCAL_DH, @@ -162,9 +162,9 @@ enum ha_message_attribute_t { * Union to enumerate typed attributes in a message */ union ha_message_value_t { - u_int8_t u8; - u_int16_t u16; - u_int32_t u32; + uint8_t u8; + uint16_t u16; + uint32_t u32; char *str; chunk_t chunk; ike_sa_id_t *ike_sa_id; diff --git a/src/libcharon/plugins/ha/ha_segments.h b/src/libcharon/plugins/ha/ha_segments.h index 76da38082..31d47e371 100644 --- a/src/libcharon/plugins/ha/ha_segments.h +++ b/src/libcharon/plugins/ha/ha_segments.h @@ -25,7 +25,7 @@ typedef struct ha_segments_t ha_segments_t; -typedef u_int16_t segment_mask_t; +typedef uint16_t segment_mask_t; /** * maximum number of segments diff --git a/src/libcharon/plugins/ha/ha_tunnel.c b/src/libcharon/plugins/ha/ha_tunnel.c index dd2399366..a0e514614 100644 --- a/src/libcharon/plugins/ha/ha_tunnel.c +++ b/src/libcharon/plugins/ha/ha_tunnel.c @@ -79,7 +79,7 @@ struct private_ha_tunnel_t { /** * Reqid of installed trap */ - u_int32_t trap; + uint32_t trap; /** * backend for HA SA @@ -183,10 +183,22 @@ static void setup_tunnel(private_ha_tunnel_t *this, auth_cfg_t *auth_cfg; child_cfg_t *child_cfg; traffic_selector_t *ts; - lifetime_cfg_t lifetime = { - .time = { - .life = 21600, .rekey = 20400, .jitter = 400, + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_KEEP, + .rekey_time = 86400, /* 24h */ + .jitter_time = 7200, /* 2h */ + .over_time = 3600, /* 1h */ + .no_mobike = TRUE, + .dpd = 30, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 21600, .rekey = 20400, .jitter = 400, + }, }, + .mode = MODE_TRANSPORT, }; /* setup credentials */ @@ -208,9 +220,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, remote, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create("ha", ike_cfg, CERT_NEVER_SEND, - UNIQUE_KEEP, 0, 86400, 0, 7200, 3600, FALSE, FALSE, - TRUE, 30, 0, FALSE, NULL, NULL); + peer_cfg = peer_cfg_create("ha", ike_cfg, &peer); auth_cfg = auth_cfg_create(); auth_cfg->add(auth_cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); @@ -224,9 +234,7 @@ static void setup_tunnel(private_ha_tunnel_t *this, identification_create_from_string(remote)); peer_cfg->add_auth_cfg(peer_cfg, auth_cfg, FALSE); - child_cfg = child_cfg_create("ha", &lifetime, NULL, TRUE, MODE_TRANSPORT, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create("ha", &child); ts = traffic_selector_create_dynamic(IPPROTO_UDP, HA_PORT, HA_PORT); child_cfg->add_traffic_selector(child_cfg, TRUE, ts); ts = traffic_selector_create_dynamic(IPPROTO_ICMP, 0, 65535); diff --git a/src/libcharon/plugins/ipseckey/Makefile.in b/src/libcharon/plugins/ipseckey/Makefile.in index 0b7a29194..38a63ea02 100644 --- a/src/libcharon/plugins/ipseckey/Makefile.in +++ b/src/libcharon/plugins/ipseckey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/ipseckey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/ipseckey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/ipseckey/ipseckey.c b/src/libcharon/plugins/ipseckey/ipseckey.c index ca126d772..5ca1e27bc 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey.c +++ b/src/libcharon/plugins/ipseckey/ipseckey.c @@ -34,17 +34,17 @@ struct private_ipseckey_t { /** * Precedence */ - u_int8_t precedence; + uint8_t precedence; /** * Gateway type */ - u_int8_t gateway_type; + uint8_t gateway_type; /** * Algorithm */ - u_int8_t algorithm; + uint8_t algorithm; /** * Gateway @@ -57,7 +57,7 @@ struct private_ipseckey_t { chunk_t public_key; }; -METHOD(ipseckey_t, get_precedence, u_int8_t, +METHOD(ipseckey_t, get_precedence, uint8_t, private_ipseckey_t *this) { return this->precedence; @@ -102,7 +102,7 @@ ipseckey_t *ipseckey_create_frm_rr(rr_t *rr) { private_ipseckey_t *this; bio_reader_t *reader = NULL; - u_int8_t label; + uint8_t label; chunk_t tmp; INIT(this, diff --git a/src/libcharon/plugins/ipseckey/ipseckey.h b/src/libcharon/plugins/ipseckey/ipseckey.h index 5885daeee..b19ec8920 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey.h +++ b/src/libcharon/plugins/ipseckey/ipseckey.h @@ -85,7 +85,7 @@ struct ipseckey_t { * * @return precedence */ - u_int8_t (*get_precedence)(ipseckey_t *this); + uint8_t (*get_precedence)(ipseckey_t *this); /** * Get the type of the gateway. diff --git a/src/libcharon/plugins/ipseckey/ipseckey_cred.c b/src/libcharon/plugins/ipseckey/ipseckey_cred.c index 3ff6dd87d..6c041ce26 100644 --- a/src/libcharon/plugins/ipseckey/ipseckey_cred.c +++ b/src/libcharon/plugins/ipseckey/ipseckey_cred.c @@ -136,7 +136,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, rr_set_t *rrset; rr_t *rrsig; bio_reader_t *reader; - u_int32_t nBefore, nAfter; + uint32_t nBefore, nAfter; chunk_t ignore; char *fqdn; diff --git a/src/libcharon/plugins/kernel_iph/Makefile.in b/src/libcharon/plugins/kernel_iph/Makefile.in index de5bfd517..19e7701c6 100644 --- a/src/libcharon/plugins/kernel_iph/Makefile.in +++ b/src/libcharon/plugins/kernel_iph/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_iph -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_iph/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_iph/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c index 6a8a96821..efeb98045 100644 --- a/src/libcharon/plugins/kernel_iph/kernel_iph_net.c +++ b/src/libcharon/plugins/kernel_iph/kernel_iph_net.c @@ -562,7 +562,8 @@ METHOD(kernel_net_t, get_source_addr, host_t*, } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_iph_net_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_iph_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { MIB_IPFORWARD_ROW2 route; SOCKADDR_INET best, *sai_dst, *sai_src = NULL; @@ -592,6 +593,10 @@ METHOD(kernel_net_t, get_nexthop, host_t*, { if (!nexthop->is_anyaddr(nexthop)) { + if (iface) + { + *iface = NULL; + } return nexthop; } nexthop->destroy(nexthop); @@ -617,7 +622,7 @@ METHOD(kernel_net_t, del_ip, status_t, * Add or remove a route */ static status_t manage_route(private_kernel_iph_net_t *this, bool add, - chunk_t dst, u_int8_t prefixlen, host_t *gtw, char *name) + chunk_t dst, uint8_t prefixlen, host_t *gtw, char *name) { MIB_IPFORWARD_ROW2 row = { .DestinationPrefix = { @@ -705,14 +710,14 @@ static status_t manage_route(private_kernel_iph_net_t *this, bool add, } METHOD(kernel_net_t, add_route, status_t, - private_kernel_iph_net_t *this, chunk_t dst, u_int8_t prefixlen, + private_kernel_iph_net_t *this, chunk_t dst, uint8_t prefixlen, host_t *gateway, host_t *src, char *name) { return manage_route(this, TRUE, dst, prefixlen, gateway, name); } METHOD(kernel_net_t, del_route, status_t, - private_kernel_iph_net_t *this, chunk_t dst, u_int8_t prefixlen, + private_kernel_iph_net_t *this, chunk_t dst, uint8_t prefixlen, host_t *gateway, host_t *src, char *name) { return manage_route(this, FALSE, dst, prefixlen, gateway, name); diff --git a/src/libcharon/plugins/kernel_libipsec/Makefile.in b/src/libcharon/plugins/kernel_libipsec/Makefile.in index 018a25a62..9bfdb950f 100644 --- a/src/libcharon/plugins/kernel_libipsec/Makefile.in +++ b/src/libcharon/plugins/kernel_libipsec/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_libipsec -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_libipsec/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_libipsec/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -781,6 +794,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c index 4c8771e96..77e37e249 100644 --- a/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c +++ b/src/libcharon/plugins/kernel_libipsec/kernel_libipsec_ipsec.c @@ -108,7 +108,7 @@ struct route_entry_t { /** Destination net */ chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; /** Reference to exclude route, if any */ exclude_route_t *exclude; }; @@ -151,15 +151,15 @@ typedef struct policy_entry_t policy_entry_t; */ struct policy_entry_t { /** Direction of this policy: in, out, forward */ - u_int8_t direction; + uint8_t direction; /** Parameters of installed policy */ struct { /** Subnet and port */ host_t *net; /** Subnet mask */ - u_int8_t mask; + uint8_t mask; /** Protocol */ - u_int8_t proto; + uint8_t proto; } src, dst; /** Associated route installed for this policy */ route_entry_t *route; @@ -222,7 +222,7 @@ static inline bool policy_entry_equals(policy_entry_t *a, /** * Expiration callback */ -static void expire(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard) +static void expire(uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { charon->kernel->expire(charon->kernel, protocol, spi, dst, hard); } @@ -235,55 +235,51 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t, METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { return ipsec->sas->get_spi(ipsec->sas, src, dst, protocol, spi); } METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { - return ipsec->sas->add_sa(ipsec->sas, src, dst, spi, protocol, reqid, mark, - tfc, lifetime, enc_alg, enc_key, int_alg, int_key, - mode, ipcomp, cpi, initiator, encap, esn, - inbound, update); + return ipsec->sas->add_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto, + data->reqid, id->mark, data->tfc, data->lifetime, + data->enc_alg, data->enc_key, data->int_alg, data->int_key, + data->mode, data->ipcomp, data->cpi, data->initiator, + data->encap, data->esn, data->inbound, data->update); } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_libipsec_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes, - u_int64_t *packets, time_t *time) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { - return ipsec->sas->query_sa(ipsec->sas, src, dst, spi, protocol, mark, - bytes, packets, time); + return ipsec->sas->query_sa(ipsec->sas, id->src, id->dst, id->spi, + id->proto, id->mark, bytes, packets, time); } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { - return ipsec->sas->del_sa(ipsec->sas, src, dst, spi, protocol, cpi, mark); + return ipsec->sas->del_sa(ipsec->sas, id->src, id->dst, id->spi, id->proto, + data->cpi, id->mark); } METHOD(kernel_ipsec_t, flush_sas, status_t, @@ -312,7 +308,7 @@ static void add_exclude_route(private_kernel_libipsec_ipsec_t *this, if (!route->exclude) { DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src); - gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL); + gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL, NULL); if (gtw) { char *if_name = NULL; @@ -438,7 +434,8 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this, ); #ifndef __linux__ /* on Linux we cant't install a gateway */ - route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src); + route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, src, + NULL); #endif if (policy->route) @@ -509,22 +506,22 @@ static bool install_route(private_kernel_libipsec_ipsec_t *this, } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *found = NULL; status_t status; - status = ipsec->policies->add_policy(ipsec->policies, src, dst, src_ts, - dst_ts, direction, type, sa, mark, priority); + status = ipsec->policies->add_policy(ipsec->policies, data->src, data->dst, + id->src_ts, id->dst_ts, id->dir, + data->type, data->sa, id->mark, + data->prio); if (status != SUCCESS) { return status; } /* we track policies in order to install routes */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -540,7 +537,8 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } policy->refs++; - if (!install_route(this, src, dst, src_ts, dst_ts, policy)) + if (!install_route(this, data->src, data->dst, id->src_ts, id->dst_ts, + policy)) { return FAILED; } @@ -548,26 +546,25 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_libipsec_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_libipsec_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_libipsec_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *found = NULL; status_t status; - status = ipsec->policies->del_policy(ipsec->policies, src, dst, src_ts, - dst_ts, direction, type, sa, mark, priority); + status = ipsec->policies->del_policy(ipsec->policies, data->src, data->dst, + id->src_ts, id->dst_ts, id->dir, + data->type, data->sa, id->mark, + data->prio); - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); this->mutex->lock(this->mutex); if (this->policies->find_first(this->policies, @@ -596,8 +593,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, route->src_ip, route->if_name) != SUCCESS) { DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + "policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); } remove_exclude_route(this, route); } @@ -641,7 +638,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_libipsec_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_libipsec_ipsec_t *this, int fd, int family, uint16_t port) { return NOT_SUPPORTED; } diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.am b/src/libcharon/plugins/kernel_netlink/Makefile.am index 973e2c2f4..41c7304c6 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.am +++ b/src/libcharon/plugins/kernel_netlink/Makefile.am @@ -20,6 +20,8 @@ libstrongswan_kernel_netlink_la_SOURCES = \ kernel_netlink_net.h kernel_netlink_net.c \ kernel_netlink_shared.h kernel_netlink_shared.c +libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB) + libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version diff --git a/src/libcharon/plugins/kernel_netlink/Makefile.in b/src/libcharon/plugins/kernel_netlink/Makefile.in index 55dcabf6f..2435dea92 100644 --- a/src/libcharon/plugins/kernel_netlink/Makefile.in +++ b/src/libcharon/plugins/kernel_netlink/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ host_triplet = @host@ TESTS = tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libcharon/plugins/kernel_netlink -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -129,7 +138,8 @@ am__uninstall_files_from_dir = { \ } am__installdirs = "$(DESTDIR)$(plugindir)" LTLIBRARIES = $(noinst_LTLIBRARIES) $(plugin_LTLIBRARIES) -libstrongswan_kernel_netlink_la_LIBADD = +am__DEPENDENCIES_1 = +libstrongswan_kernel_netlink_la_DEPENDENCIES = $(am__DEPENDENCIES_1) am_libstrongswan_kernel_netlink_la_OBJECTS = kernel_netlink_plugin.lo \ kernel_netlink_ipsec.lo kernel_netlink_net.lo \ kernel_netlink_shared.lo @@ -241,12 +251,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -296,6 +308,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -330,6 +343,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -441,6 +455,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -487,6 +502,7 @@ libstrongswan_kernel_netlink_la_SOURCES = \ kernel_netlink_net.h kernel_netlink_net.c \ kernel_netlink_shared.h kernel_netlink_shared.c +libstrongswan_kernel_netlink_la_LIBADD = $(DLLIB) libstrongswan_kernel_netlink_la_LDFLAGS = -module -avoid-version tests_SOURCES = \ tests.h tests.c \ @@ -520,7 +536,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_netlink/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1001,6 +1016,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c index 6d9d63a98..9c2a7c315 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c @@ -1,11 +1,11 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2008-2016 Andreas Steffen * Copyright (C) 2006-2007 Fabian Hartmann, Noah Heusser * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -18,6 +18,7 @@ * for more details. */ +#define _GNU_SOURCE #include <sys/types.h> #include <sys/socket.h> #include <stdint.h> @@ -26,11 +27,13 @@ #include <linux/rtnetlink.h> #include <linux/xfrm.h> #include <linux/udp.h> +#include <net/if.h> #include <unistd.h> #include <time.h> #include <errno.h> #include <string.h> #include <fcntl.h> +#include <dlfcn.h> #include "kernel_netlink_ipsec.h" #include "kernel_netlink_shared.h" @@ -38,6 +41,7 @@ #include <daemon.h> #include <utils/debug.h> #include <threading/mutex.h> +#include <threading/condvar.h> #include <collections/array.h> #include <collections/hashtable.h> #include <collections/linked_list.h> @@ -72,7 +76,7 @@ #endif /** Base priority for installed policies */ -#define PRIO_BASE 384 +#define PRIO_BASE 100000 /** Default lifetime of an acquire XFRM state (in seconds) */ #define DEFAULT_ACQUIRE_LIFETIME 165 @@ -287,6 +291,11 @@ struct private_kernel_netlink_ipsec_t { mutex_t *mutex; /** + * Condvar to synchronize access to individual policies + */ + condvar_t *condvar; + + /** * Hash table of installed policies (policy_entry_t) */ hashtable_t *policies; @@ -326,6 +335,12 @@ struct private_kernel_netlink_ipsec_t { * Installed port based IKE bypass policies, as bypass_t */ array_t *bypass; + + /** + * Custom priority calculation function + */ + uint32_t (*get_priority)(kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data); }; typedef struct route_entry_t route_entry_t; @@ -347,7 +362,7 @@ struct route_entry_t { chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; }; /** @@ -413,8 +428,9 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa) { return sa->src->ip_equals(sa->src, other_sa->src) && sa->dst->ip_equals(sa->dst, other_sa->dst) && - memeq(&sa->mark, &other_sa->mark, sizeof(mark_t)) && - memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t)); + sa->mark.value == other_sa->mark.value && + sa->mark.mask == other_sa->mark.mask && + ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg); } /** @@ -463,14 +479,17 @@ static void ipsec_sa_destroy(private_kernel_netlink_ipsec_t *this, } typedef struct policy_sa_t policy_sa_t; -typedef struct policy_sa_fwd_t policy_sa_fwd_t; +typedef struct policy_sa_out_t policy_sa_out_t; /** * Mapping between a policy and an IPsec SA. */ struct policy_sa_t { /** Priority assigned to the policy when installed with this SA */ - u_int32_t priority; + uint32_t priority; + + /** Automatic priority assigned to the policy when installed with this SA */ + uint32_t auto_priority; /** Type of the policy */ policy_type_t type; @@ -480,10 +499,10 @@ struct policy_sa_t { }; /** - * For forward policies we also cache the traffic selectors in order to install + * For outbound policies we also cache the traffic selectors in order to install * the route. */ -struct policy_sa_fwd_t { +struct policy_sa_out_t { /** Generic interface */ policy_sa_t generic; @@ -495,7 +514,7 @@ struct policy_sa_fwd_t { }; /** - * Create a policy_sa(_fwd)_t object + * Create a policy_sa(_in)_t object */ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this, policy_dir_t dir, policy_type_t type, host_t *src, host_t *dst, @@ -504,14 +523,14 @@ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this, { policy_sa_t *policy; - if (dir == POLICY_FWD) + if (dir == POLICY_OUT) { - policy_sa_fwd_t *fwd; - INIT(fwd, + policy_sa_out_t *out; + INIT(out, .src_ts = src_ts->clone(src_ts), .dst_ts = dst_ts->clone(dst_ts), ); - policy = &fwd->generic; + policy = &out->generic; } else { @@ -523,16 +542,16 @@ static policy_sa_t *policy_sa_create(private_kernel_netlink_ipsec_t *this, } /** - * Destroy a policy_sa(_fwd)_t object + * Destroy a policy_sa(_in)_t object */ static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, private_kernel_netlink_ipsec_t *this) { - if (*dir == POLICY_FWD) + if (*dir == POLICY_OUT) { - policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)policy; - fwd->src_ts->destroy(fwd->src_ts); - fwd->dst_ts->destroy(fwd->dst_ts); + policy_sa_out_t *out = (policy_sa_out_t*)policy; + out->src_ts->destroy(out->src_ts); + out->dst_ts->destroy(out->dst_ts); } ipsec_sa_destroy(this, policy->sa); free(policy); @@ -546,13 +565,13 @@ typedef struct policy_entry_t policy_entry_t; struct policy_entry_t { /** Direction of this policy: in, out, forward */ - u_int8_t direction; + uint8_t direction; /** Parameters of installed policy */ struct xfrm_selector sel; /** Optional mark */ - u_int32_t mark; + uint32_t mark; /** Associated route installed for this policy */ route_entry_t *route; @@ -561,7 +580,13 @@ struct policy_entry_t { linked_list_t *used_by; /** reqid for this policy */ - u_int32_t reqid; + uint32_t reqid; + + /** Number of threads waiting to work on this policy */ + int waiting; + + /** TRUE if a thread is working on this policy */ + bool working; }; /** @@ -604,39 +629,73 @@ static bool policy_equals(policy_entry_t *key, policy_entry_t *other_key) } /** + * Determine number of set bits in 16 bit port mask + */ +static inline uint32_t port_mask_bits(uint16_t port_mask) +{ + uint32_t bits; + uint16_t bit_mask = 0x8000; + + port_mask = ntohs(port_mask); + + for (bits = 0; bits < 16; bits++) + { + if (!(port_mask & bit_mask)) + { + break; + } + bit_mask >>= 1; + } + return bits; +} + +/** * Calculate the priority of a policy + * + * bits 0-0: restriction to network interface (0..1) 1 bit + * bits 1-6: src + dst port mask bits (2 * 0..16) 6 bits + * bits 7-7: restriction to protocol (0..1) 1 bit + * bits 8-16: src + dst network mask bits (2 * 0..128) 9 bits + * 17 bits + * + * smallest value: 000000000 0 000000 0: 0, lowest priority = 100'000 + * largest value : 100000000 1 100000 1: 65'729, highst priority = 34'271 */ -static inline u_int32_t get_priority(policy_entry_t *policy, - policy_priority_t prio) +static uint32_t get_priority(policy_entry_t *policy, policy_priority_t prio, + char *interface) { - u_int32_t priority = PRIO_BASE; + uint32_t priority = PRIO_BASE, sport_mask_bits, dport_mask_bits; + switch (prio) { case POLICY_PRIORITY_FALLBACK: - priority <<= 1; - /* fall-through */ + priority += PRIO_BASE; + /* fall-through to next case */ case POLICY_PRIORITY_ROUTED: - priority <<= 1; - /* fall-through */ + priority += PRIO_BASE; + /* fall-through to next case */ case POLICY_PRIORITY_DEFAULT: - priority <<= 1; - /* fall-through */ + priority += PRIO_BASE; + /* fall-through to next case */ case POLICY_PRIORITY_PASS: break; } - /* calculate priority based on selector size, small size = high prio */ - priority -= policy->sel.prefixlen_s; - priority -= policy->sel.prefixlen_d; - priority <<= 2; /* make some room for the two flags */ - priority += policy->sel.sport_mask || policy->sel.dport_mask ? 0 : 2; - priority += policy->sel.proto ? 0 : 1; + sport_mask_bits = port_mask_bits(policy->sel.sport_mask); + dport_mask_bits = port_mask_bits(policy->sel.dport_mask); + + /* calculate priority */ + priority -= (policy->sel.prefixlen_s + policy->sel.prefixlen_d) * 256; + priority -= policy->sel.proto ? 128 : 0; + priority -= (sport_mask_bits + dport_mask_bits) * 2; + priority -= (interface != NULL); + return priority; } /** * Convert the general ipsec mode to the one defined in xfrm.h */ -static u_int8_t mode2kernel(ipsec_mode_t mode) +static uint8_t mode2kernel(ipsec_mode_t mode) { switch (mode) { @@ -663,7 +722,7 @@ static void host2xfrm(host_t *host, xfrm_address_t *xfrm) /** * Convert a struct xfrm_address to a host_t */ -static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) +static host_t* xfrm2host(int family, xfrm_address_t *xfrm, uint16_t port) { chunk_t chunk; @@ -685,7 +744,7 @@ static host_t* xfrm2host(int family, xfrm_address_t *xfrm, u_int16_t port) * Convert a traffic selector address range to subnet and its mask. */ static void ts2subnet(traffic_selector_t* ts, - xfrm_address_t *net, u_int8_t *mask) + xfrm_address_t *net, uint8_t *mask) { host_t *net_host; chunk_t net_chunk; @@ -700,7 +759,7 @@ static void ts2subnet(traffic_selector_t* ts, * Convert a traffic selector port range to port/portmask */ static void ts2ports(traffic_selector_t* ts, - u_int16_t *port, u_int16_t *mask) + uint16_t *port, uint16_t *mask) { uint16_t from, to, bitmask; int bit; @@ -739,10 +798,11 @@ static void ts2ports(traffic_selector_t* ts, * Convert a pair of traffic_selectors to an xfrm_selector */ static struct xfrm_selector ts2selector(traffic_selector_t *src, - traffic_selector_t *dst) + traffic_selector_t *dst, + char *interface) { struct xfrm_selector sel; - u_int16_t port; + uint16_t port; memset(&sel, 0, sizeof(sel)); sel.family = (src->get_type(src) == TS_IPV4_ADDR_RANGE) ? AF_INET : AF_INET6; @@ -763,7 +823,7 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, sel.dport = htons(traffic_selector_icmp_code(port)); sel.dport_mask = sel.dport ? ~0 : 0; } - sel.ifindex = 0; + sel.ifindex = interface ? if_nametoindex(interface) : 0; sel.user = 0; return sel; @@ -775,8 +835,8 @@ static struct xfrm_selector ts2selector(traffic_selector_t *src, static traffic_selector_t* selector2ts(struct xfrm_selector *sel, bool src) { u_char *addr; - u_int8_t prefixlen; - u_int16_t port = 0; + uint8_t prefixlen; + uint16_t port = 0; host_t *host = NULL; if (src) @@ -833,7 +893,7 @@ static void process_acquire(private_kernel_netlink_ipsec_t *this, struct rtattr *rta; size_t rtasize; traffic_selector_t *src_ts, *dst_ts; - u_int32_t reqid = 0; + uint32_t reqid = 0; int proto = 0; acquire = NLMSG_DATA(hdr); @@ -878,8 +938,8 @@ static void process_expire(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr) { struct xfrm_user_expire *expire; - u_int32_t spi; - u_int8_t protocol; + uint32_t spi; + uint8_t protocol; host_t *dst; expire = NLMSG_DATA(hdr); @@ -913,7 +973,7 @@ static void process_migrate(private_kernel_netlink_ipsec_t *this, host_t *local = NULL, *remote = NULL; host_t *old_src = NULL, *old_dst = NULL; host_t *new_src = NULL, *new_dst = NULL; - u_int32_t reqid = 0; + uint32_t reqid = 0; policy_dir_t dir; policy_id = NLMSG_DATA(hdr); @@ -981,7 +1041,7 @@ static void process_mapping(private_kernel_netlink_ipsec_t *this, struct nlmsghdr *hdr) { struct xfrm_user_mapping *mapping; - u_int32_t spi; + uint32_t spi; mapping = NLMSG_DATA(hdr); spi = mapping->id.spi; @@ -1033,7 +1093,8 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd, /* no data ready, select again */ return TRUE; default: - DBG1(DBG_KNL, "unable to receive from xfrm event socket"); + DBG1(DBG_KNL, "unable to receive from XFRM event socket: %s " + "(%d)", strerror(errno), errno); sleep(1); return TRUE; } @@ -1061,8 +1122,8 @@ static bool receive_events(private_kernel_netlink_ipsec_t *this, int fd, process_mapping(this, hdr); break; default: - DBG1(DBG_KNL, "received unknown event from xfrm event " - "socket: %d", hdr->nlmsg_type); + DBG1(DBG_KNL, "received unknown event from XFRM event " + "socket: %d", hdr->nlmsg_type); break; } hdr = NLMSG_NEXT(hdr, len); @@ -1080,13 +1141,13 @@ METHOD(kernel_ipsec_t, get_features, kernel_feature_t, * Get an SPI for a specific protocol from the kernel. */ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, - host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max, - u_int32_t *spi) + host_t *src, host_t *dst, uint8_t proto, uint32_t min, uint32_t max, + uint32_t *spi) { netlink_buf_t request; struct nlmsghdr *hdr, *out; struct xfrm_userspi_info *userspi; - u_int32_t received_spi = 0; + uint32_t received_spi = 0; size_t len; memset(&request, 0, sizeof(request)); @@ -1147,7 +1208,7 @@ static status_t get_spi_internal(private_kernel_netlink_ipsec_t *this, METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { if (get_spi_internal(this, src, dst, protocol, 0xc0000000, 0xcFFFFFFF, spi) != SUCCESS) @@ -1162,9 +1223,9 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { - u_int32_t received_spi = 0; + uint32_t received_spi = 0; if (get_spi_internal(this, src, dst, IPPROTO_COMP, 0x100, 0xEFFF, &received_spi) != SUCCESS) @@ -1173,13 +1234,24 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, return FAILED; } - *cpi = htons((u_int16_t)ntohl(received_spi)); + *cpi = htons((uint16_t)ntohl(received_spi)); DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi)); return SUCCESS; } /** + * Format the mark for debug messages + */ +static void format_mark(char *buf, int buflen, mark_t mark) +{ + if (mark.value) + { + snprintf(buf, buflen, " (mark %u/0x%08x)", mark.value, mark.mask); + } +} + +/** * Add a XFRM mark to message if required */ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark) @@ -1200,53 +1272,67 @@ static bool add_mark(struct nlmsghdr *hdr, int buflen, mark_t mark) } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t* src_ts, linked_list_t* dst_ts) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { netlink_buf_t request; - char *alg_name; + char *alg_name, markstr[32] = ""; struct nlmsghdr *hdr; struct xfrm_usersa_info *sa; - u_int16_t icv_size = 64; - ipsec_mode_t original_mode = mode; + uint16_t icv_size = 64, ipcomp = data->ipcomp; + ipsec_mode_t mode = data->mode, original_mode = data->mode; traffic_selector_t *first_src_ts, *first_dst_ts; status_t status = FAILED; /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ - if (ipcomp != IPCOMP_NONE && cpi != 0) + if (ipcomp != IPCOMP_NONE && data->cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; - add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, - tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, - chunk_empty, mode, ipcomp, 0, 0, initiator, FALSE, FALSE, - inbound, update, src_ts, dst_ts); + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_add_sa_t ipcomp_sa = { + .reqid = data->reqid, + .mode = data->mode, + .src_ts = data->src_ts, + .dst_ts = data->dst_ts, + .lifetime = &lft, + .enc_alg = ENCR_UNDEFINED, + .int_alg = AUTH_UNDEFINED, + .tfc = data->tfc, + .ipcomp = data->ipcomp, + .initiator = data->initiator, + .inbound = data->inbound, + .update = data->update, + }; + add_sa(this, &ipcomp_id, &ipcomp_sa); ipcomp = IPCOMP_NONE; /* use transport mode ESP SA, IPComp uses tunnel mode */ mode = MODE_TRANSPORT; } memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u} (mark " - "%u/0x%08x)", ntohl(spi), reqid, mark.value, mark.mask); + DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}%s", + ntohl(id->spi), data->reqid, markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; - hdr->nlmsg_type = update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; + hdr->nlmsg_type = data->update ? XFRM_MSG_UPDSA : XFRM_MSG_NEWSA; hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); - host2xfrm(src, &sa->saddr); - host2xfrm(dst, &sa->id.daddr); - sa->id.spi = spi; - sa->id.proto = protocol; - sa->family = src->get_family(src); + host2xfrm(id->src, &sa->saddr); + host2xfrm(id->dst, &sa->id.daddr); + sa->id.spi = id->spi; + sa->id.proto = id->proto; + sa->family = id->src->get_family(id->src); sa->mode = mode2kernel(mode); switch (mode) { @@ -1260,10 +1346,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * selector can be installed other traffic would get dropped */ break; } - if (src_ts->get_first(src_ts, (void**)&first_src_ts) == SUCCESS && - dst_ts->get_first(dst_ts, (void**)&first_dst_ts) == SUCCESS) + if (data->src_ts->get_first(data->src_ts, + (void**)&first_src_ts) == SUCCESS && + data->dst_ts->get_first(data->dst_ts, + (void**)&first_dst_ts) == SUCCESS) { - sa->sel = ts2selector(first_src_ts, first_dst_ts); + sa->sel = ts2selector(first_src_ts, first_dst_ts, + data->interface); if (!this->proto_port_transport) { /* don't install proto/port on SA. This would break @@ -1279,18 +1368,18 @@ METHOD(kernel_ipsec_t, add_sa, status_t, break; } - sa->reqid = reqid; - sa->lft.soft_byte_limit = XFRM_LIMIT(lifetime->bytes.rekey); - sa->lft.hard_byte_limit = XFRM_LIMIT(lifetime->bytes.life); - sa->lft.soft_packet_limit = XFRM_LIMIT(lifetime->packets.rekey); - sa->lft.hard_packet_limit = XFRM_LIMIT(lifetime->packets.life); + sa->reqid = data->reqid; + sa->lft.soft_byte_limit = XFRM_LIMIT(data->lifetime->bytes.rekey); + sa->lft.hard_byte_limit = XFRM_LIMIT(data->lifetime->bytes.life); + sa->lft.soft_packet_limit = XFRM_LIMIT(data->lifetime->packets.rekey); + sa->lft.hard_packet_limit = XFRM_LIMIT(data->lifetime->packets.life); /* we use lifetimes since added, not since used */ - sa->lft.soft_add_expires_seconds = lifetime->time.rekey; - sa->lft.hard_add_expires_seconds = lifetime->time.life; + sa->lft.soft_add_expires_seconds = data->lifetime->time.rekey; + sa->lft.hard_add_expires_seconds = data->lifetime->time.life; sa->lft.soft_use_expires_seconds = 0; sa->lft.hard_use_expires_seconds = 0; - switch (enc_alg) + switch (data->enc_alg) { case ENCR_UNDEFINED: /* no encryption */ @@ -1313,71 +1402,73 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { struct xfrm_algo_aead *algo; - alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg); + alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, data->enc_alg); if (alg_name == NULL) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - encryption_algorithm_names, enc_alg); + encryption_algorithm_names, data->enc_alg); goto failed; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", - encryption_algorithm_names, enc_alg, enc_key.len * 8); + encryption_algorithm_names, data->enc_alg, + data->enc_key.len * 8); algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AEAD, - sizeof(*algo) + enc_key.len); + sizeof(*algo) + data->enc_key.len); if (!algo) { goto failed; } - algo->alg_key_len = enc_key.len * 8; + algo->alg_key_len = data->enc_key.len * 8; algo->alg_icv_len = icv_size; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, enc_key.ptr, enc_key.len); + memcpy(algo->alg_key, data->enc_key.ptr, data->enc_key.len); break; } default: { struct xfrm_algo *algo; - alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg); + alg_name = lookup_algorithm(ENCRYPTION_ALGORITHM, data->enc_alg); if (alg_name == NULL) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - encryption_algorithm_names, enc_alg); + encryption_algorithm_names, data->enc_alg); goto failed; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", - encryption_algorithm_names, enc_alg, enc_key.len * 8); + encryption_algorithm_names, data->enc_alg, + data->enc_key.len * 8); algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_CRYPT, - sizeof(*algo) + enc_key.len); + sizeof(*algo) + data->enc_key.len); if (!algo) { goto failed; } - algo->alg_key_len = enc_key.len * 8; + algo->alg_key_len = data->enc_key.len * 8; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, enc_key.ptr, enc_key.len); + memcpy(algo->alg_key, data->enc_key.ptr, data->enc_key.len); } } - if (int_alg != AUTH_UNDEFINED) + if (data->int_alg != AUTH_UNDEFINED) { u_int trunc_len = 0; - alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg); + alg_name = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg); if (alg_name == NULL) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - integrity_algorithm_names, int_alg); + integrity_algorithm_names, data->int_alg); goto failed; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", - integrity_algorithm_names, int_alg, int_key.len * 8); + integrity_algorithm_names, data->int_alg, data->int_key.len * 8); - switch (int_alg) + switch (data->int_alg) { case AUTH_HMAC_MD5_128: case AUTH_HMAC_SHA2_256_128: @@ -1398,31 +1489,31 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * use specified truncation size supported by newer kernels. * also use this for untruncated MD5 and SHA1. */ algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AUTH_TRUNC, - sizeof(*algo) + int_key.len); + sizeof(*algo) + data->int_key.len); if (!algo) { goto failed; } - algo->alg_key_len = int_key.len * 8; + algo->alg_key_len = data->int_key.len * 8; algo->alg_trunc_len = trunc_len; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, int_key.ptr, int_key.len); + memcpy(algo->alg_key, data->int_key.ptr, data->int_key.len); } else { struct xfrm_algo* algo; algo = netlink_reserve(hdr, sizeof(request), XFRMA_ALG_AUTH, - sizeof(*algo) + int_key.len); + sizeof(*algo) + data->int_key.len); if (!algo) { goto failed; } - algo->alg_key_len = int_key.len * 8; + algo->alg_key_len = data->int_key.len * 8; strncpy(algo->alg_name, alg_name, sizeof(algo->alg_name)); algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; - memcpy(algo->alg_key, int_key.ptr, int_key.len); + memcpy(algo->alg_key, data->int_key.ptr, data->int_key.len); } } @@ -1451,7 +1542,7 @@ METHOD(kernel_ipsec_t, add_sa, status_t, algo->alg_name[sizeof(algo->alg_name) - 1] = '\0'; } - if (encap) + if (data->encap) { struct xfrm_encap_tmpl *tmpl; @@ -1461,8 +1552,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, goto failed; } tmpl->encap_type = UDP_ENCAP_ESPINUDP; - tmpl->encap_sport = htons(src->get_port(src)); - tmpl->encap_dport = htons(dst->get_port(dst)); + tmpl->encap_sport = htons(id->src->get_port(id->src)); + tmpl->encap_dport = htons(id->dst->get_port(id->dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); /* encap_oa could probably be derived from the * traffic selectors [rfc4306, p39]. In the netlink kernel @@ -1476,14 +1567,14 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * checks it marks them "checksum ok" so OA isn't needed. */ } - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { goto failed; } - if (tfc && protocol == IPPROTO_ESP && mode == MODE_TUNNEL) + if (data->tfc && id->proto == IPPROTO_ESP && mode == MODE_TUNNEL) { /* the kernel supports TFC padding only for tunnel mode ESP SAs */ - u_int32_t *tfcpad; + uint32_t *tfcpad; tfcpad = netlink_reserve(hdr, sizeof(request), XFRMA_TFCPAD, sizeof(*tfcpad)); @@ -1491,19 +1582,25 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { goto failed; } - *tfcpad = tfc; + *tfcpad = data->tfc; } - if (protocol != IPPROTO_COMP) + if (id->proto != IPPROTO_COMP) { - if (replay_window != 0 && (esn || replay_window > 32)) + /* generally, we don't need a replay window for outbound SAs, however, + * when using ESN the kernel rejects the attribute if it is 0 */ + if (!data->inbound && data->replay_window) + { + data->replay_window = data->esn ? 1 : 0; + } + if (data->replay_window != 0 && (data->esn || data->replay_window > 32)) { /* for ESN or larger replay windows we need the new * XFRMA_REPLAY_ESN_VAL attribute to configure a bitmap */ struct xfrm_replay_state_esn *replay; - u_int32_t bmp_size; + uint32_t bmp_size; - bmp_size = round_up(replay_window, sizeof(u_int32_t) * 8) / 8; + bmp_size = round_up(data->replay_window, sizeof(uint32_t) * 8) / 8; replay = netlink_reserve(hdr, sizeof(request), XFRMA_REPLAY_ESN_VAL, sizeof(*replay) + bmp_size); if (!replay) @@ -1511,11 +1608,12 @@ METHOD(kernel_ipsec_t, add_sa, status_t, goto failed; } /* bmp_len contains number uf __u32's */ - replay->bmp_len = bmp_size / sizeof(u_int32_t); - replay->replay_window = replay_window; - DBG2(DBG_KNL, " using replay window of %u packets", replay_window); + replay->bmp_len = bmp_size / sizeof(uint32_t); + replay->replay_window = data->replay_window; + DBG2(DBG_KNL, " using replay window of %u packets", + data->replay_window); - if (esn) + if (data->esn) { DBG2(DBG_KNL, " using extended sequence numbers (ESN)"); sa->flags |= XFRM_STATE_ESN; @@ -1523,22 +1621,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } else { - DBG2(DBG_KNL, " using replay window of %u packets", replay_window); - sa->replay_window = replay_window; + DBG2(DBG_KNL, " using replay window of %u packets", + data->replay_window); + sa->replay_window = data->replay_window; } } if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { - if (mark.value) - { - DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x " - "(mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); - } + DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x%s", ntohl(id->spi), + markstr); goto failed; } @@ -1555,10 +1647,9 @@ failed: * Allocates into one the replay state structure we get from the kernel. */ static void get_replay_state(private_kernel_netlink_ipsec_t *this, - u_int32_t spi, u_int8_t protocol, - host_t *dst, mark_t mark, + kernel_ipsec_sa_id_t *sa, struct xfrm_replay_state_esn **replay_esn, - u_int32_t *replay_esn_len, + uint32_t *replay_esn_len, struct xfrm_replay_state **replay, struct xfrm_lifetime_cur **lifetime) { @@ -1572,7 +1663,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "querying replay state from SAD entry with SPI %.8x", - ntohl(spi)); + ntohl(sa->spi)); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; @@ -1582,12 +1673,12 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, aevent_id = NLMSG_DATA(hdr); aevent_id->flags = XFRM_AE_RVAL; - host2xfrm(dst, &aevent_id->sa_id.daddr); - aevent_id->sa_id.spi = spi; - aevent_id->sa_id.proto = protocol; - aevent_id->sa_id.family = dst->get_family(dst); + host2xfrm(sa->dst, &aevent_id->sa_id.daddr); + aevent_id->sa_id.spi = sa->spi; + aevent_id->sa_id.proto = sa->proto; + aevent_id->sa_id.family = sa->dst->get_family(sa->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), sa->mark)) { return; } @@ -1608,8 +1699,7 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, { struct nlmsgerr *err = NLMSG_DATA(hdr); DBG1(DBG_KNL, "querying replay state from SAD entry " - "failed: %s (%d)", strerror(-err->error), - -err->error); + "failed: %s (%d)", strerror(-err->error), -err->error); break; } default: @@ -1657,9 +1747,9 @@ static void get_replay_state(private_kernel_netlink_ipsec_t *this, } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { netlink_buf_t request; struct nlmsghdr *out = NULL, *hdr; @@ -1667,11 +1757,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t, struct xfrm_usersa_info *sa = NULL; status_t status = FAILED; size_t len; + char markstr[32] = ""; memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x (mark %u/0x%08x)", - ntohl(spi), mark.value, mark.mask); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x%s", ntohl(id->spi), + markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; @@ -1679,12 +1771,12 @@ METHOD(kernel_ipsec_t, query_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); sa_id = NLMSG_DATA(hdr); - host2xfrm(dst, &sa_id->daddr); - sa_id->spi = spi; - sa_id->proto = protocol; - sa_id->family = dst->get_family(dst); + host2xfrm(id->dst, &sa_id->daddr); + sa_id->spi = id->spi; + sa_id->proto = id->proto; + sa_id->family = id->dst->get_family(id->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -1705,19 +1797,9 @@ METHOD(kernel_ipsec_t, query_sa, status_t, { struct nlmsgerr *err = NLMSG_DATA(hdr); - if (mark.value) - { - DBG1(DBG_KNL, "querying SAD entry with SPI %.8x " - "(mark %u/0x%08x) failed: %s (%d)", - ntohl(spi), mark.value, mark.mask, - strerror(-err->error), -err->error); - } - else - { - DBG1(DBG_KNL, "querying SAD entry with SPI %.8x " - "failed: %s (%d)", ntohl(spi), - strerror(-err->error), -err->error); - } + DBG1(DBG_KNL, "querying SAD entry with SPI %.8x%s failed: " + "%s (%d)", ntohl(id->spi), markstr, + strerror(-err->error), -err->error); break; } default: @@ -1732,7 +1814,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t, if (sa == NULL) { - DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "unable to query SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); } else { @@ -1758,23 +1841,33 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { netlink_buf_t request; struct nlmsghdr *hdr; struct xfrm_usersa_id *sa_id; + char markstr[32] = ""; /* if IPComp was used, we first delete the additional IPComp SA */ - if (cpi) - { - del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0, mark); + if (data->cpi) + { + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_del_sa_t ipcomp = {}; + del_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x (mark %u/0x%08x)", - ntohl(spi), mark.value, mark.mask); + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x%s", ntohl(id->spi), + markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -1782,12 +1875,12 @@ METHOD(kernel_ipsec_t, del_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); sa_id = NLMSG_DATA(hdr); - host2xfrm(dst, &sa_id->daddr); - sa_id->spi = spi; - sa_id->proto = protocol; - sa_id->family = dst->get_family(dst); + host2xfrm(id->dst, &sa_id->daddr); + sa_id->spi = id->spi; + sa_id->proto = id->proto; + sa_id->family = id->dst->get_family(id->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -1795,30 +1888,21 @@ METHOD(kernel_ipsec_t, del_sa, status_t, switch (this->socket_xfrm->send_ack(this->socket_xfrm, hdr)) { case SUCCESS: - DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x (mark %u/0x%08x)", - ntohl(spi), mark.value, mark.mask); + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); return SUCCESS; case NOT_FOUND: return NOT_FOUND; default: - if (mark.value) - { - DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x " - "(mark %u/0x%08x)", ntohl(spi), mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", - ntohl(spi)); - } + DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); return FAILED; } } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_netlink_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool old_encap, bool new_encap, mark_t mark) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { netlink_buf_t request; struct nlmsghdr *hdr, *out = NULL; @@ -1831,19 +1915,33 @@ METHOD(kernel_ipsec_t, update_sa, status_t, struct xfrm_replay_state *replay = NULL; struct xfrm_replay_state_esn *replay_esn = NULL; struct xfrm_lifetime_cur *lifetime = NULL; - u_int32_t replay_esn_len = 0; + uint32_t replay_esn_len = 0; + kernel_ipsec_del_sa_t del = { 0 }; status_t status = FAILED; + char markstr[32] = ""; /* if IPComp is used, we first update the IPComp SA */ - if (cpi) - { - update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, - src, dst, new_src, new_dst, FALSE, FALSE, mark); + if (data->cpi) + { + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_update_sa_t ipcomp = { + .new_src = data->new_src, + .new_dst = data->new_dst, + }; + update_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", ntohl(spi)); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x%s for update", + ntohl(id->spi), markstr); /* query the existing SA first */ hdr = &request.hdr; @@ -1852,12 +1950,12 @@ METHOD(kernel_ipsec_t, update_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_id)); sa_id = NLMSG_DATA(hdr); - host2xfrm(dst, &sa_id->daddr); - sa_id->spi = spi; - sa_id->proto = protocol; - sa_id->family = dst->get_family(dst); + host2xfrm(id->dst, &sa_id->daddr); + sa_id->spi = id->spi; + sa_id->proto = id->proto; + sa_id->family = id->dst->get_family(id->dst); - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -1892,23 +1990,25 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } if (out_sa == NULL) { - DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); goto failed; } - get_replay_state(this, spi, protocol, dst, mark, &replay_esn, - &replay_esn_len, &replay, &lifetime); + get_replay_state(this, id, &replay_esn, &replay_esn_len, &replay, + &lifetime); /* delete the old SA (without affecting the IPComp SA) */ - if (del_sa(this, src, dst, spi, protocol, 0, mark) != SUCCESS) + if (del_sa(this, id, &del) != SUCCESS) { - DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x", - ntohl(spi)); + DBG1(DBG_KNL, "unable to delete old SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); goto failed; } - DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", - ntohl(spi), src, dst, new_src, new_dst); + DBG2(DBG_KNL, "updating SAD entry with SPI %.8x%s from %#H..%#H to " + "%#H..%#H", ntohl(id->spi), markstr, id->src, id->dst, data->new_src, + data->new_dst); /* copy over the SA from out to request */ hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK; @@ -1916,15 +2016,15 @@ METHOD(kernel_ipsec_t, update_sa, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_usersa_info)); sa = NLMSG_DATA(hdr); memcpy(sa, NLMSG_DATA(out), sizeof(struct xfrm_usersa_info)); - sa->family = new_dst->get_family(new_dst); + sa->family = data->new_dst->get_family(data->new_dst); - if (!src->ip_equals(src, new_src)) + if (!id->src->ip_equals(id->src, data->new_src)) { - host2xfrm(new_src, &sa->saddr); + host2xfrm(data->new_src, &sa->saddr); } - if (!dst->ip_equals(dst, new_dst)) + if (!id->dst->ip_equals(id->dst, data->new_dst)) { - host2xfrm(new_dst, &sa->id.daddr); + host2xfrm(data->new_dst, &sa->id.daddr); } rta = XFRM_RTA(out, struct xfrm_usersa_info); @@ -1932,13 +2032,13 @@ METHOD(kernel_ipsec_t, update_sa, status_t, while (RTA_OK(rta, rtasize)) { /* copy all attributes, but not XFRMA_ENCAP if we are disabling it */ - if (rta->rta_type != XFRMA_ENCAP || new_encap) + if (rta->rta_type != XFRMA_ENCAP || data->new_encap) { if (rta->rta_type == XFRMA_ENCAP) { /* update encap tmpl */ tmpl = RTA_DATA(rta); - tmpl->encap_sport = ntohs(new_src->get_port(new_src)); - tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); + tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src)); + tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); } netlink_add_attribute(hdr, rta->rta_type, chunk_create(RTA_DATA(rta), RTA_PAYLOAD(rta)), @@ -1947,7 +2047,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, rta = RTA_NEXT(rta, rtasize); } - if (tmpl == NULL && new_encap) + if (tmpl == NULL && data->new_encap) { /* add tmpl if we are enabling it */ tmpl = netlink_reserve(hdr, sizeof(request), XFRMA_ENCAP, sizeof(*tmpl)); if (!tmpl) @@ -1955,8 +2055,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, goto failed; } tmpl->encap_type = UDP_ENCAP_ESPINUDP; - tmpl->encap_sport = ntohs(new_src->get_port(new_src)); - tmpl->encap_dport = ntohs(new_dst->get_port(new_dst)); + tmpl->encap_sport = ntohs(data->new_src->get_port(data->new_src)); + tmpl->encap_dport = ntohs(data->new_dst->get_port(data->new_dst)); memset(&tmpl->encap_oa, 0, sizeof (xfrm_address_t)); } @@ -1987,7 +2087,7 @@ METHOD(kernel_ipsec_t, update_sa, status_t, else { DBG1(DBG_KNL, "unable to copy replay state from old SAD entry with " - "SPI %.8x", ntohl(spi)); + "SPI %.8x%s", ntohl(id->spi), markstr); } if (lifetime) { @@ -2004,12 +2104,13 @@ METHOD(kernel_ipsec_t, update_sa, status_t, else { DBG1(DBG_KNL, "unable to copy usage stats from old SAD entry with " - "SPI %.8x", ntohl(spi)); + "SPI %.8x%s", ntohl(id->spi), markstr); } if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { - DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x%s", + ntohl(id->spi), markstr); goto failed; } @@ -2032,7 +2133,7 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, struct nlmsghdr *hdr; struct xfrm_usersa_flush *flush; struct { - u_int8_t proto; + uint8_t proto; char *name; } protos[] = { { IPPROTO_AH, "AH" }, @@ -2066,6 +2167,118 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, } /** + * Unlock the mutex and signal waiting threads + */ +static void policy_change_done(private_kernel_netlink_ipsec_t *this, + policy_entry_t *policy) +{ + policy->working = FALSE; + if (policy->waiting) + { /* don't need to wake threads waiting for other policies */ + this->condvar->broadcast(this->condvar); + } + this->mutex->unlock(this->mutex); +} + +/** + * Install a route for the given policy if enabled and required + */ +static void install_route(private_kernel_netlink_ipsec_t *this, + policy_entry_t *policy, policy_sa_t *mapping, ipsec_sa_t *ipsec) +{ + policy_sa_out_t *out = (policy_sa_out_t*)mapping; + route_entry_t *route; + host_t *iface; + + INIT(route, + .prefixlen = policy->sel.prefixlen_d, + ); + + if (charon->kernel->get_address_by_ts(charon->kernel, out->src_ts, + &route->src_ip, NULL) == SUCCESS) + { + if (!ipsec->dst->is_anyaddr(ipsec->dst)) + { + route->gateway = charon->kernel->get_nexthop(charon->kernel, + ipsec->dst, -1, ipsec->src, + &route->if_name); + } + else + { /* for shunt policies */ + iface = xfrm2host(policy->sel.family, &policy->sel.daddr, 0); + route->gateway = charon->kernel->get_nexthop(charon->kernel, + iface, policy->sel.prefixlen_d, + route->src_ip, &route->if_name); + iface->destroy(iface); + } + route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); + memcpy(route->dst_net.ptr, &policy->sel.daddr, route->dst_net.len); + + /* get the interface to install the route for, if we haven't one yet. + * If we have a local address, use it. Otherwise (for shunt policies) + * use the route's source address. */ + if (!route->if_name) + { + iface = ipsec->src; + if (iface->is_anyaddr(iface)) + { + iface = route->src_ip; + } + if (!charon->kernel->get_interface(charon->kernel, iface, + &route->if_name)) + { + route_entry_destroy(route); + return; + } + } + if (policy->route) + { + route_entry_t *old = policy->route; + if (route_entry_equals(old, route)) + { + route_entry_destroy(route); + return; + } + /* uninstall previously installed route */ + if (charon->kernel->del_route(charon->kernel, old->dst_net, + old->prefixlen, old->gateway, + old->src_ip, old->if_name) != SUCCESS) + { + DBG1(DBG_KNL, "error uninstalling route installed with policy " + "%R === %R %N", out->src_ts, out->dst_ts, policy_dir_names, + policy->direction); + } + route_entry_destroy(old); + policy->route = NULL; + } + + DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", out->dst_ts, + route->gateway, route->src_ip, route->if_name); + switch (charon->kernel->add_route(charon->kernel, route->dst_net, + route->prefixlen, route->gateway, + route->src_ip, route->if_name)) + { + default: + DBG1(DBG_KNL, "unable to install source route for %H", + route->src_ip); + /* FALL */ + case ALREADY_DONE: + /* route exists, do not uninstall */ + route_entry_destroy(route); + break; + case SUCCESS: + /* cache the installed route */ + policy->route = route; + break; + } + } + else + { + free(route); + } +} + +/** * Add or update a policy in the kernel. * * Note: The mutex has to be locked when entering this function @@ -2111,11 +2324,11 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, policy_info->lft.soft_use_expires_seconds = 0; policy_info->lft.hard_use_expires_seconds = 0; - if (mapping->type == POLICY_IPSEC) + if (mapping->type == POLICY_IPSEC && ipsec->cfg.reqid) { struct xfrm_user_tmpl *tmpl; struct { - u_int8_t proto; + uint8_t proto; bool use; } protos[] = { { IPPROTO_COMP, ipsec->cfg.ipcomp.transform != IPCOMP_NONE }, @@ -2136,7 +2349,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, count * sizeof(*tmpl)); if (!tmpl) { - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); return FAILED; } @@ -2169,7 +2382,7 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, if (!add_mark(hdr, sizeof(request), ipsec->mark)) { - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); return FAILED; } this->mutex->unlock(this->mutex); @@ -2181,169 +2394,84 @@ static status_t add_policy_internal(private_kernel_netlink_ipsec_t *this, hdr->nlmsg_type = XFRM_MSG_UPDPOLICY; status = this->socket_xfrm->send_ack(this->socket_xfrm, hdr); } + + this->mutex->lock(this->mutex); if (status != SUCCESS) { + policy_change_done(this, policy); return FAILED; } - - /* find the policy again */ - this->mutex->lock(this->mutex); - policy = this->policies->get(this->policies, &clone); - if (!policy || - policy->used_by->find_first(policy->used_by, - NULL, (void**)&mapping) != SUCCESS) - { /* policy or mapping is already gone, ignore */ - this->mutex->unlock(this->mutex); - return SUCCESS; - } - /* install a route, if: - * - this is a forward policy (to just get one for each child) - * - we are in tunnel/BEET mode or install a bypass policy + * - this is an outbound policy (to just get one for each child) * - routing is not disabled via strongswan.conf + * - the selector is not for a specific protocol/port + * - we are in tunnel/BEET mode or install a bypass policy */ - if (policy->direction == POLICY_FWD && this->install_routes && - (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT)) + if (policy->direction == POLICY_OUT && this->install_routes && + !policy->sel.proto && !policy->sel.dport && !policy->sel.sport) { - policy_sa_fwd_t *fwd = (policy_sa_fwd_t*)mapping; - route_entry_t *route; - host_t *iface; - - INIT(route, - .prefixlen = policy->sel.prefixlen_s, - ); - - if (charon->kernel->get_address_by_ts(charon->kernel, fwd->dst_ts, - &route->src_ip, NULL) == SUCCESS) - { - /* get the nexthop to src (src as we are in POLICY_FWD) */ - if (!ipsec->src->is_anyaddr(ipsec->src)) - { - route->gateway = charon->kernel->get_nexthop(charon->kernel, - ipsec->src, -1, ipsec->dst); - } - else - { /* for shunt policies */ - iface = xfrm2host(policy->sel.family, &policy->sel.saddr, 0); - route->gateway = charon->kernel->get_nexthop(charon->kernel, - iface, policy->sel.prefixlen_s, - route->src_ip); - iface->destroy(iface); - } - route->dst_net = chunk_alloc(policy->sel.family == AF_INET ? 4 : 16); - memcpy(route->dst_net.ptr, &policy->sel.saddr, route->dst_net.len); - - /* get the interface to install the route for. If we have a local - * address, use it. Otherwise (for shunt policies) use the - * routes source address. */ - iface = ipsec->dst; - if (iface->is_anyaddr(iface)) - { - iface = route->src_ip; - } - /* install route via outgoing interface */ - if (!charon->kernel->get_interface(charon->kernel, iface, - &route->if_name)) - { - this->mutex->unlock(this->mutex); - route_entry_destroy(route); - return SUCCESS; - } - - if (policy->route) - { - route_entry_t *old = policy->route; - if (route_entry_equals(old, route)) - { - this->mutex->unlock(this->mutex); - route_entry_destroy(route); - return SUCCESS; - } - /* uninstall previously installed route */ - if (charon->kernel->del_route(charon->kernel, old->dst_net, - old->prefixlen, old->gateway, - old->src_ip, old->if_name) != SUCCESS) - { - DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", fwd->src_ts, - fwd->dst_ts, policy_dir_names, - policy->direction); - } - route_entry_destroy(old); - policy->route = NULL; - } - - DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", - fwd->src_ts, route->gateway, route->src_ip, route->if_name); - switch (charon->kernel->add_route(charon->kernel, route->dst_net, - route->prefixlen, route->gateway, - route->src_ip, route->if_name)) - { - default: - DBG1(DBG_KNL, "unable to install source route for %H", - route->src_ip); - /* FALL */ - case ALREADY_DONE: - /* route exists, do not uninstall */ - route_entry_destroy(route); - break; - case SUCCESS: - /* cache the installed route */ - policy->route = route; - break; - } - } - else + if (mapping->type == POLICY_PASS || + (mapping->type == POLICY_IPSEC && ipsec->cfg.mode != MODE_TRANSPORT)) { - free(route); + install_route(this, policy, mapping, ipsec); } } - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); return SUCCESS; } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *current; policy_sa_t *assigned_sa, *current_sa; enumerator_t *enumerator; bool found = FALSE, update = TRUE; + char markstr[32] = ""; + uint32_t cur_priority = 0; + int use_count; /* create a policy */ INIT(policy, - .sel = ts2selector(src_ts, dst_ts), - .mark = mark.value & mark.mask, - .direction = direction, - .reqid = sa->reqid, + .sel = ts2selector(id->src_ts, id->dst_ts, id->interface), + .mark = id->mark.value & id->mark.mask, + .direction = id->dir, + .reqid = data->sa->reqid, ); + format_mark(markstr, sizeof(markstr), id->mark); /* find the policy, which matches EXACTLY */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, policy); if (current) { - if (current->reqid && sa->reqid && current->reqid != sa->reqid) + if (current->reqid && data->sa->reqid && + current->reqid != data->sa->reqid) { - DBG1(DBG_CFG, "unable to install policy %R === %R %N (mark " - "%u/0x%08x) for reqid %u, the same policy for reqid %u exists", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask, sa->reqid, current->reqid); + DBG1(DBG_CFG, "unable to install policy %R === %R %N%s for reqid " + "%u, the same policy for reqid %u exists", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr, + data->sa->reqid, current->reqid); policy_entry_destroy(this, policy); this->mutex->unlock(this->mutex); return INVALID_STATE; } /* use existing policy */ - DBG2(DBG_KNL, "policy %R === %R %N (mark %u/0x%08x) " - "already exists, increasing refcount", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + DBG2(DBG_KNL, "policy %R === %R %N%s already exists, increasing " + "refcount", id->src_ts, id->dst_ts, policy_dir_names, id->dir, + markstr); policy_entry_destroy(this, policy); policy = current; found = TRUE; + + policy->waiting++; + while (policy->working) + { + this->condvar->wait(this->condvar, this->mutex); + } + policy->waiting--; + policy->working = TRUE; } else { /* use the new one, if we have no such policy */ @@ -2352,28 +2480,52 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } /* cache the assigned IPsec SA */ - assigned_sa = policy_sa_create(this, direction, type, src, dst, src_ts, - dst_ts, mark, sa); - assigned_sa->priority = get_priority(policy, priority); + assigned_sa = policy_sa_create(this, id->dir, data->type, data->src, + data->dst, id->src_ts, id->dst_ts, id->mark, data->sa); + assigned_sa->auto_priority = get_priority(policy, data->prio, id->interface); + assigned_sa->priority = this->get_priority ? this->get_priority(id, data) + : data->manual_prio; + assigned_sa->priority = assigned_sa->priority ?: assigned_sa->auto_priority; /* insert the SA according to its priority */ enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)¤t_sa)) { - if (current_sa->priority >= assigned_sa->priority) + if (current_sa->priority > assigned_sa->priority) { break; } - update = FALSE; + if (current_sa->priority == assigned_sa->priority) + { + /* in case of equal manual prios order SAs by automatic priority */ + if (current_sa->auto_priority > assigned_sa->auto_priority) + { + break; + } + /* prefer SAs with a reqid over those without */ + if (current_sa->auto_priority == assigned_sa->auto_priority && + (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid)) + { + break; + } + } + if (update) + { + cur_priority = current_sa->priority; + update = FALSE; + } } - policy->used_by->insert_before(policy->used_by, enumerator, - assigned_sa); + policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa); enumerator->destroy(enumerator); + use_count = policy->used_by->get_count(policy->used_by); if (!update) { /* we don't update the policy if the priority is lower than that of * the currently installed one */ - this->mutex->unlock(this->mutex); + policy_change_done(this, policy); + DBG2(DBG_KNL, "not updating policy %R === %R %N%s [priority %u," + "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, + id->dir, markstr, cur_priority, use_count); return SUCCESS; } @@ -2382,36 +2534,36 @@ METHOD(kernel_ipsec_t, add_policy, status_t, found = TRUE; } - DBG2(DBG_KNL, "%s policy %R === %R %N (mark %u/0x%08x)", - found ? "updating" : "adding", src_ts, dst_ts, - policy_dir_names, direction, mark.value, mark.mask); + DBG2(DBG_KNL, "%s policy %R === %R %N%s [priority %u, refcount %d]", + found ? "updating" : "adding", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr, assigned_sa->priority, use_count); if (add_policy_internal(this, policy, assigned_sa, found) != SUCCESS) { - DBG1(DBG_KNL, "unable to %s policy %R === %R %N", - found ? "update" : "add", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "unable to %s policy %R === %R %N%s", + found ? "update" : "add", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr); return FAILED; } return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_netlink_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { netlink_buf_t request; struct nlmsghdr *out = NULL, *hdr; struct xfrm_userpolicy_id *policy_id; struct xfrm_userpolicy_info *policy = NULL; size_t len; + char markstr[32] = ""; memset(&request, 0, sizeof(request)); + format_mark(markstr, sizeof(markstr), id->mark); - DBG2(DBG_KNL, "querying policy %R === %R %N (mark %u/0x%08x)", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + DBG2(DBG_KNL, "querying policy %R === %R %N%s", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr); hdr = &request.hdr; hdr->nlmsg_flags = NLM_F_REQUEST; @@ -2419,10 +2571,10 @@ METHOD(kernel_ipsec_t, query_policy, status_t, hdr->nlmsg_len = NLMSG_LENGTH(sizeof(struct xfrm_userpolicy_id)); policy_id = NLMSG_DATA(hdr); - policy_id->sel = ts2selector(src_ts, dst_ts); - policy_id->dir = direction; + policy_id->sel = ts2selector(id->src_ts, id->dst_ts, id->interface); + policy_id->dir = id->dir; - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { return FAILED; } @@ -2443,7 +2595,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t, { struct nlmsgerr *err = NLMSG_DATA(hdr); DBG1(DBG_KNL, "querying policy failed: %s (%d)", - strerror(-err->error), -err->error); + strerror(-err->error), -err->error); break; } default: @@ -2458,8 +2610,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, if (policy == NULL) { - DBG2(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "unable to query policy %R === %R %N%s", id->src_ts, + id->dst_ts, policy_dir_names, id->dir, markstr); free(out); return FAILED; } @@ -2479,10 +2631,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_netlink_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t prio) + private_kernel_netlink_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *current, policy; enumerator_t *enumerator; @@ -2491,78 +2641,94 @@ METHOD(kernel_ipsec_t, del_policy, status_t, struct nlmsghdr *hdr; struct xfrm_userpolicy_id *policy_id; bool is_installed = TRUE; - u_int32_t priority; + uint32_t priority, auto_priority, cur_priority; ipsec_sa_t assigned_sa = { - .src = src, - .dst = dst, - .mark = mark, - .cfg = *sa, + .src = data->src, + .dst = data->dst, + .mark = id->mark, + .cfg = *data->sa, }; + char markstr[32] = ""; + int use_count; + status_t status = SUCCESS; - DBG2(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x)", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + format_mark(markstr, sizeof(markstr), id->mark); + + DBG2(DBG_KNL, "deleting policy %R === %R %N%s", id->src_ts, id->dst_ts, + policy_dir_names, id->dir, markstr); /* create a policy */ memset(&policy, 0, sizeof(policy_entry_t)); - policy.sel = ts2selector(src_ts, dst_ts); - policy.mark = mark.value & mark.mask; - policy.direction = direction; + policy.sel = ts2selector(id->src_ts, id->dst_ts, id->interface); + policy.mark = id->mark.value & id->mark.mask; + policy.direction = id->dir; /* find the policy */ this->mutex->lock(this->mutex); current = this->policies->get(this->policies, &policy); if (!current) { - if (mark.value) - { - DBG1(DBG_KNL, "deleting policy %R === %R %N (mark %u/0x%08x) " - "failed, not found", src_ts, dst_ts, policy_dir_names, - direction, mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", - src_ts, dst_ts, policy_dir_names, direction); - } + DBG1(DBG_KNL, "deleting policy %R === %R %N%s failed, not found", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr); this->mutex->unlock(this->mutex); return NOT_FOUND; } + current->waiting++; + while (current->working) + { + this->condvar->wait(this->condvar, this->mutex); + } + current->working = TRUE; + current->waiting--; /* remove mapping to SA by reqid and priority */ - priority = get_priority(current, prio); + auto_priority = get_priority(current, data->prio,id->interface); + priority = this->get_priority ? this->get_priority(id, data) + : data->manual_prio; + priority = priority ?: auto_priority; + enumerator = current->used_by->create_enumerator(current->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { - if (priority == mapping->priority && type == mapping->type && + if (priority == mapping->priority && + auto_priority == mapping->auto_priority && + data->type == mapping->type && ipsec_sa_equals(mapping->sa, &assigned_sa)) { current->used_by->remove_at(current->used_by, enumerator); - policy_sa_destroy(mapping, &direction, this); + policy_sa_destroy(mapping, &id->dir, this); break; } - is_installed = FALSE; + if (is_installed) + { + cur_priority = mapping->priority; + is_installed = FALSE; + } } enumerator->destroy(enumerator); - if (current->used_by->get_count(current->used_by) > 0) + use_count = current->used_by->get_count(current->used_by); + if (use_count > 0) { /* policy is used by more SAs, keep in kernel */ DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed"); if (!is_installed) { /* no need to update as the policy was not installed for this SA */ - this->mutex->unlock(this->mutex); + policy_change_done(this, current); + DBG2(DBG_KNL, "not updating policy %R === %R %N%s [priority %u, " + "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, + id->dir, markstr, cur_priority, use_count); return SUCCESS; } + current->used_by->get_first(current->used_by, (void**)&mapping); - DBG2(DBG_KNL, "updating policy %R === %R %N (mark %u/0x%08x)", - src_ts, dst_ts, policy_dir_names, direction, - mark.value, mark.mask); + DBG2(DBG_KNL, "updating policy %R === %R %N%s [priority %u, " + "refcount %d]", id->src_ts, id->dst_ts, policy_dir_names, id->dir, + markstr, mapping->priority, use_count); - current->used_by->get_first(current->used_by, (void**)&mapping); if (add_policy_internal(this, current, mapping, TRUE) != SUCCESS) { - DBG1(DBG_KNL, "unable to update policy %R === %R %N", - src_ts, dst_ts, policy_dir_names, direction); + DBG1(DBG_KNL, "unable to update policy %R === %R %N%s", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, markstr); return FAILED; } return SUCCESS; @@ -2577,11 +2743,11 @@ METHOD(kernel_ipsec_t, del_policy, status_t, policy_id = NLMSG_DATA(hdr); policy_id->sel = current->sel; - policy_id->dir = direction; + policy_id->dir = id->dir; - if (!add_mark(hdr, sizeof(request), mark)) + if (!add_mark(hdr, sizeof(request), id->mark)) { - this->mutex->unlock(this->mutex); + policy_change_done(this, current); return FAILED; } @@ -2592,32 +2758,32 @@ METHOD(kernel_ipsec_t, del_policy, status_t, route->prefixlen, route->gateway, route->src_ip, route->if_name) != SUCCESS) { - DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "error uninstalling route installed with policy " + "%R === %R %N%s", id->src_ts, id->dst_ts, policy_dir_names, + id->dir, markstr); } } - - this->policies->remove(this->policies, current); - policy_entry_destroy(this, current); this->mutex->unlock(this->mutex); if (this->socket_xfrm->send_ack(this->socket_xfrm, hdr) != SUCCESS) { - if (mark.value) - { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N " - "(mark %u/0x%08x)", src_ts, dst_ts, policy_dir_names, - direction, mark.value, mark.mask); - } - else - { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N", - src_ts, dst_ts, policy_dir_names, direction); - } - return FAILED; + DBG1(DBG_KNL, "unable to delete policy %R === %R %N%s", id->src_ts, + id->dst_ts, policy_dir_names, id->dir, markstr); + status = FAILED; } - return SUCCESS; + + this->mutex->lock(this->mutex); + if (!current->waiting) + { /* only if no other thread still needs the policy */ + this->policies->remove(this->policies, current); + policy_entry_destroy(this, current); + this->mutex->unlock(this->mutex); + } + else + { + policy_change_done(this, current); + } + return status; } METHOD(kernel_ipsec_t, flush_policies, status_t, @@ -2676,15 +2842,15 @@ static bool add_socket_bypass(private_kernel_netlink_ipsec_t *this, policy.dir = XFRM_POLICY_OUT; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s (%d)", + strerror(errno), errno); return FALSE; } policy.dir = XFRM_POLICY_IN; if (setsockopt(fd, sol, ipsec_policy, &policy, sizeof(policy)) < 0) { - DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s", - strerror(errno)); + DBG1(DBG_KNL, "unable to set IPSEC_POLICY on socket: %s (%d)", + strerror(errno), errno); return FALSE; } return TRUE; @@ -2699,7 +2865,7 @@ typedef struct { /** layer 4 protocol */ int proto; /** port number, network order */ - u_int16_t port; + uint16_t port; } bypass_t; /** @@ -2839,7 +3005,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_netlink_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_netlink_ipsec_t *this, int fd, int family, uint16_t port) { int type = UDP_ENCAP_ESPINUDP; @@ -2873,6 +3039,7 @@ METHOD(kernel_ipsec_t, destroy, void, enumerator->destroy(enumerator); this->policies->destroy(this->policies); this->sas->destroy(this->sas); + this->condvar->destroy(this->condvar); this->mutex->destroy(this->mutex); free(this); } @@ -2912,6 +3079,9 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() (hashtable_equals_t)ipsec_sa_equals, 32), .bypass = array_create(sizeof(bypass_t), 0), .mutex = mutex_create(MUTEX_TYPE_DEFAULT), + .condvar = condvar_create(CONDVAR_TYPE_DEFAULT), + .get_priority = dlsym(RTLD_DEFAULT, + "kernel_netlink_get_priority_custom"), .policy_update = lib->settings->get_bool(lib->settings, "%s.plugins.kernel-netlink.policy_update", FALSE, lib->ns), .install_routes = lib->settings->get_bool(lib->settings, @@ -2955,7 +3125,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() this->socket_xfrm_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_XFRM); if (this->socket_xfrm_events <= 0) { - DBG1(DBG_KNL, "unable to create XFRM event socket"); + DBG1(DBG_KNL, "unable to create XFRM event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } @@ -2963,7 +3134,8 @@ kernel_netlink_ipsec_t *kernel_netlink_ipsec_create() XFRMNLGRP(MIGRATE) | XFRMNLGRP(MAPPING); if (bind(this->socket_xfrm_events, (struct sockaddr*)&addr, sizeof(addr))) { - DBG1(DBG_KNL, "unable to bind XFRM event socket"); + DBG1(DBG_KNL, "unable to bind XFRM event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c index f4394a14f..93c2ccccb 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_net.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2014 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -278,7 +278,7 @@ struct route_entry_t { chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; }; /** @@ -513,12 +513,12 @@ struct private_kernel_netlink_net_t { /** * MTU to set on installed routes */ - u_int32_t mtu; + uint32_t mtu; /** * MSS to set on installed routes */ - u_int32_t mss; + uint32_t mss; }; /** @@ -526,7 +526,7 @@ struct private_kernel_netlink_net_t { */ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_type, int flags, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name); /** @@ -1217,7 +1217,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h struct rtmsg* msg = NLMSG_DATA(hdr); struct rtattr *rta = RTM_RTA(msg); size_t rtasize = RTM_PAYLOAD(hdr); - u_int32_t rta_oif = 0; + uint32_t rta_oif = 0; host_t *host = NULL; /* ignore routes added by us or in the local routing table (local addrs) */ @@ -1243,7 +1243,7 @@ static void process_route(private_kernel_netlink_net_t *this, struct nlmsghdr *h case RTA_OIF: if (RTA_PAYLOAD(rta) == sizeof(rta_oif)) { - rta_oif = *(u_int32_t*)RTA_DATA(rta); + rta_oif = *(uint32_t*)RTA_DATA(rta); } break; } @@ -1297,7 +1297,8 @@ static bool receive_events(private_kernel_netlink_net_t *this, int fd, /* no data ready, select again */ return TRUE; default: - DBG1(DBG_KNL, "unable to receive from rt event socket"); + DBG1(DBG_KNL, "unable to receive from RT event socket %s (%d)", + strerror(errno), errno); sleep(1); return TRUE; } @@ -1501,6 +1502,32 @@ static int get_interface_index(private_kernel_netlink_net_t *this, char* name) } /** + * get the name of an interface by index (allocated) + */ +static char *get_interface_name_by_index(private_kernel_netlink_net_t *this, + int index) +{ + iface_entry_t *iface; + char *name = NULL; + + DBG2(DBG_KNL, "getting iface name for index %d", index); + + this->lock->read_lock(this->lock); + if (this->ifaces->find_first(this->ifaces, (void*)iface_entry_by_index, + (void**)&iface, &index) == SUCCESS) + { + name = strdup(iface->ifname); + } + this->lock->unlock(this->lock); + + if (!name) + { + DBG1(DBG_KNL, "unable to get interface name for %d", index); + } + return name; +} + +/** * check if an address or net (addr with prefix net bits) is in * subnet (net with net_len net bits) */ @@ -1545,10 +1572,10 @@ typedef struct { chunk_t src; chunk_t dst; host_t *src_host; - u_int8_t dst_len; - u_int32_t table; - u_int32_t oif; - u_int32_t priority; + uint8_t dst_len; + uint32_t table; + uint32_t oif; + uint32_t priority; } rt_entry_t; /** @@ -1630,20 +1657,20 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) case RTA_OIF: if (RTA_PAYLOAD(rta) == sizeof(route->oif)) { - route->oif = *(u_int32_t*)RTA_DATA(rta); + route->oif = *(uint32_t*)RTA_DATA(rta); } break; case RTA_PRIORITY: if (RTA_PAYLOAD(rta) == sizeof(route->priority)) { - route->priority = *(u_int32_t*)RTA_DATA(rta); + route->priority = *(uint32_t*)RTA_DATA(rta); } break; #ifdef HAVE_RTA_TABLE case RTA_TABLE: if (RTA_PAYLOAD(rta) == sizeof(route->table)) { - route->table = *(u_int32_t*)RTA_DATA(rta); + route->table = *(uint32_t*)RTA_DATA(rta); } break; #endif /* HAVE_RTA_TABLE*/ @@ -1658,7 +1685,7 @@ static rt_entry_t *parse_route(struct nlmsghdr *hdr, rt_entry_t *route) */ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, int prefix, bool nexthop, host_t *candidate, - u_int recursion) + char **iface, u_int recursion) { netlink_buf_t request; struct nlmsghdr *hdr, *out, *current; @@ -1774,16 +1801,16 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, } route->src_host = src; } - /* insert route, sorted by priority and network prefix */ + /* insert route, sorted by network prefix and priority */ enumerator = routes->create_enumerator(routes); while (enumerator->enumerate(enumerator, &other)) { - if (route->priority < other->priority) + if (route->dst_len > other->dst_len) { break; } - if (route->priority == other->priority && - route->dst_len > other->dst_len) + if (route->dst_len == other->dst_len && + route->priority < other->priority) { break; } @@ -1860,7 +1887,7 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, if (gtw && !gtw->ip_equals(gtw, dest)) { route->src_host = get_route(this, gtw, -1, FALSE, candidate, - recursion + 1); + iface, recursion + 1); } DESTROY_IF(gtw); if (route->src_host) @@ -1878,10 +1905,18 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, enumerator->destroy(enumerator); if (nexthop) - { /* nexthop lookup, return gateway if any */ + { /* nexthop lookup, return gateway and oif if any */ + if (iface) + { + *iface = NULL; + } if (best || routes->get_first(routes, (void**)&best) == SUCCESS) { addr = host_create_from_chunk(msg->rtm_family, best->gtw, 0); + if (iface && route->oif) + { + *iface = get_interface_name_by_index(this, route->oif); + } } if (!addr && !match_net) { /* fallback to destination address */ @@ -1901,8 +1936,16 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, if (addr) { - DBG2(DBG_KNL, "using %H as %s to reach %H/%d", addr, - nexthop ? "nexthop" : "address", dest, prefix); + if (nexthop && iface && *iface) + { + DBG2(DBG_KNL, "using %H as nexthop and %s as dev to reach %H/%d", + addr, *iface, dest, prefix); + } + else + { + DBG2(DBG_KNL, "using %H as %s to reach %H/%d", addr, + nexthop ? "nexthop" : "address", dest, prefix); + } } else if (!recursion) { @@ -1915,13 +1958,14 @@ static host_t *get_route(private_kernel_netlink_net_t *this, host_t *dest, METHOD(kernel_net_t, get_source_addr, host_t*, private_kernel_netlink_net_t *this, host_t *dest, host_t *src) { - return get_route(this, dest, -1, FALSE, src, 0); + return get_route(this, dest, -1, FALSE, src, NULL, 0); } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_netlink_net_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_netlink_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { - return get_route(this, dest, prefix, TRUE, src, 0); + return get_route(this, dest, prefix, TRUE, src, iface, 0); } /** @@ -2144,7 +2188,7 @@ METHOD(kernel_net_t, del_ip, status_t, */ static status_t manage_srcroute(private_kernel_netlink_net_t *this, int nlmsg_type, int flags, chunk_t dst_net, - u_int8_t prefixlen, host_t *gateway, + uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { netlink_buf_t request; @@ -2160,7 +2204,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, if (this->routing_table == 0 && prefixlen == 0) { chunk_t half_net; - u_int8_t half_prefixlen; + uint8_t half_prefixlen; status_t status; half_net = chunk_alloca(dst_net.len); @@ -2206,22 +2250,22 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, if (this->mtu || this->mss) { chunk = chunk_alloca(RTA_LENGTH((sizeof(struct rtattr) + - sizeof(u_int32_t)) * 2)); + sizeof(uint32_t)) * 2)); chunk.len = 0; rta = (struct rtattr*)chunk.ptr; if (this->mtu) { rta->rta_type = RTAX_MTU; - rta->rta_len = RTA_LENGTH(sizeof(u_int32_t)); - memcpy(RTA_DATA(rta), &this->mtu, sizeof(u_int32_t)); + rta->rta_len = RTA_LENGTH(sizeof(uint32_t)); + memcpy(RTA_DATA(rta), &this->mtu, sizeof(uint32_t)); chunk.len = rta->rta_len; } if (this->mss) { rta = (struct rtattr*)(chunk.ptr + RTA_ALIGN(chunk.len)); rta->rta_type = RTAX_ADVMSS; - rta->rta_len = RTA_LENGTH(sizeof(u_int32_t)); - memcpy(RTA_DATA(rta), &this->mss, sizeof(u_int32_t)); + rta->rta_len = RTA_LENGTH(sizeof(uint32_t)); + memcpy(RTA_DATA(rta), &this->mss, sizeof(uint32_t)); chunk.len = RTA_ALIGN(chunk.len) + rta->rta_len; } netlink_add_attribute(hdr, RTA_METRICS, chunk, sizeof(request)); @@ -2231,7 +2275,7 @@ static status_t manage_srcroute(private_kernel_netlink_net_t *this, } METHOD(kernel_net_t, add_route, status_t, - private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -2262,7 +2306,7 @@ METHOD(kernel_net_t, add_route, status_t, } METHOD(kernel_net_t, del_route, status_t, - private_kernel_netlink_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_netlink_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -2384,7 +2428,7 @@ static status_t init_address_list(private_kernel_netlink_net_t *this) * create or delete a rule to use our routing table */ static status_t manage_rule(private_kernel_netlink_net_t *this, int nlmsg_type, - int family, u_int32_t table, u_int32_t prio) + int family, uint32_t table, uint32_t prio) { netlink_buf_t request; struct nlmsghdr *hdr; @@ -2644,7 +2688,8 @@ kernel_netlink_net_t *kernel_netlink_net_create() this->socket_events = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); if (this->socket_events < 0) { - DBG1(DBG_KNL, "unable to create RT event socket"); + DBG1(DBG_KNL, "unable to create RT event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } @@ -2652,7 +2697,8 @@ kernel_netlink_net_t *kernel_netlink_net_create() RTMGRP_IPV4_ROUTE | RTMGRP_IPV6_ROUTE | RTMGRP_LINK; if (bind(this->socket_events, (struct sockaddr*)&addr, sizeof(addr))) { - DBG1(DBG_KNL, "unable to bind RT event socket"); + DBG1(DBG_KNL, "unable to bind RT event socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c index f7ce992a3..7165b655b 100644 --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c @@ -309,7 +309,7 @@ static status_t send_once(private_netlink_socket_t *this, struct nlmsghdr *in, while (!entry->complete) { if (this->parallel && - lib->watcher->get_state(lib->watcher) == WATCHER_RUNNING) + lib->watcher->get_state(lib->watcher) != WATCHER_STOPPED) { if (this->timeout) { @@ -594,13 +594,15 @@ netlink_socket_t *netlink_socket_create(int protocol, enum_name_t *names, } if (this->socket == -1) { - DBG1(DBG_KNL, "unable to create netlink socket"); + DBG1(DBG_KNL, "unable to create netlink socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } if (bind(this->socket, (struct sockaddr*)&addr, sizeof(addr))) { - DBG1(DBG_KNL, "unable to bind netlink socket"); + DBG1(DBG_KNL, "unable to bind netlink socket: %s (%d)", + strerror(errno), errno); destroy(this); return NULL; } diff --git a/src/libcharon/plugins/kernel_pfkey/Makefile.in b/src/libcharon/plugins/kernel_pfkey/Makefile.in index f2876a272..8866f13d4 100644 --- a/src/libcharon/plugins/kernel_pfkey/Makefile.in +++ b/src/libcharon/plugins/kernel_pfkey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_pfkey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfkey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c index d505f1c33..1b22ea549 100644 --- a/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c +++ b/src/libcharon/plugins/kernel_pfkey/kernel_pfkey_ipsec.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2015 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008 Andreas Steffen - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -141,17 +141,17 @@ #define SOL_UDP IPPROTO_UDP #endif -/** base priority for installed policies */ -#define PRIO_BASE 384 +/** Base priority for installed policies */ +#define PRIO_BASE 100000 #ifdef __APPLE__ /** from xnu/bsd/net/pfkeyv2.h */ #define SADB_X_EXT_NATT 0x002 struct sadb_sa_2 { struct sadb_sa sa; - u_int16_t sadb_sa_natt_port; - u_int16_t sadb_reserved0; - u_int32_t sadb_reserved1; + uint16_t sadb_sa_natt_port; + uint16_t sadb_reserved0; + uint32_t sadb_reserved1; }; #endif @@ -286,7 +286,7 @@ struct route_entry_t { chunk_t dst_net; /** destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; /** reference to exclude route, if any */ exclude_route_t *exclude; @@ -352,7 +352,7 @@ static bool ipsec_sa_equals(ipsec_sa_t *sa, ipsec_sa_t *other_sa) { return sa->src->ip_equals(sa->src, other_sa->src) && sa->dst->ip_equals(sa->dst, other_sa->dst) && - memeq(&sa->cfg, &other_sa->cfg, sizeof(ipsec_sa_cfg_t)); + ipsec_sa_cfg_equals(&sa->cfg, &other_sa->cfg); } /** @@ -400,14 +400,17 @@ static void ipsec_sa_destroy(private_kernel_pfkey_ipsec_t *this, } typedef struct policy_sa_t policy_sa_t; -typedef struct policy_sa_in_t policy_sa_in_t; +typedef struct policy_sa_out_t policy_sa_out_t; /** * Mapping between a policy and an IPsec SA. */ struct policy_sa_t { /** Priority assigned to the policy when installed with this SA */ - u_int32_t priority; + uint32_t priority; + + /** Base priority assigned to the policy when installed with this SA */ + uint32_t auto_priority; /** Type of the policy */ policy_type_t type; @@ -417,10 +420,10 @@ struct policy_sa_t { }; /** - * For input policies we also cache the traffic selectors in order to install + * For outbound policies we also cache the traffic selectors in order to install * the route. */ -struct policy_sa_in_t { +struct policy_sa_out_t { /** Generic interface */ policy_sa_t generic; @@ -440,14 +443,14 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this, { policy_sa_t *policy; - if (dir == POLICY_IN) + if (dir == POLICY_OUT) { - policy_sa_in_t *in; - INIT(in, + policy_sa_out_t *out; + INIT(out, .src_ts = src_ts->clone(src_ts), .dst_ts = dst_ts->clone(dst_ts), ); - policy = &in->generic; + policy = &out->generic; } else { @@ -464,11 +467,11 @@ static policy_sa_t *policy_sa_create(private_kernel_pfkey_ipsec_t *this, static void policy_sa_destroy(policy_sa_t *policy, policy_dir_t *dir, private_kernel_pfkey_ipsec_t *this) { - if (*dir == POLICY_IN) + if (*dir == POLICY_OUT) { - policy_sa_in_t *in = (policy_sa_in_t*)policy; - in->src_ts->destroy(in->src_ts); - in->dst_ts->destroy(in->dst_ts); + policy_sa_out_t *out = (policy_sa_out_t*)policy; + out->src_ts->destroy(out->src_ts); + out->dst_ts->destroy(out->dst_ts); } ipsec_sa_destroy(this, policy->sa); free(policy); @@ -481,19 +484,19 @@ typedef struct policy_entry_t policy_entry_t; */ struct policy_entry_t { /** Index assigned by the kernel */ - u_int32_t index; + uint32_t index; /** Direction of this policy: in, out, forward */ - u_int8_t direction; + uint8_t direction; /** Parameters of installed policy */ struct { /** Subnet and port */ host_t *net; /** Subnet mask */ - u_int8_t mask; + uint8_t mask; /** Protocol */ - u_int8_t proto; + uint8_t proto; } src, dst; /** Associated route installed for this policy */ @@ -514,8 +517,8 @@ static policy_entry_t *create_policy_entry(traffic_selector_t *src_ts, INIT(policy, .direction = dir, ); - u_int16_t port; - u_int8_t proto; + uint16_t port; + uint8_t proto; src_ts->to_subnet(src_ts, &policy->src.net, &policy->src.mask); dst_ts->to_subnet(dst_ts, &policy->dst.net, &policy->dst.mask); @@ -583,40 +586,51 @@ static inline bool policy_entry_equals(policy_entry_t *current, * compare the given kernel index with that of a policy */ static inline bool policy_entry_match_byindex(policy_entry_t *current, - u_int32_t *index) + uint32_t *index) { return current->index == *index; } /** * Calculate the priority of a policy + * + * This is the same formula we use in the kernel-netlink interface, but some + * features are currently not or only partially supported by PF_KEY. + * + * bits 0-0: reserved for interface restriction (0..1) 1 bit + * bits 1-6: src + dst port mask bits (2 * 0..16) 6 bits + * bits 7-7: restriction to protocol (0..1) 1 bit + * bits 8-16: src + dst network mask bits (2 * 0..128) 9 bits + * 17 bits + * + * smallest value: 000000000 0 000000 0: 0, lowest priority = 100'000 + * largest value : 100000000 1 100000 0: 65'728, highst priority = 34'272 */ -static inline u_int32_t get_priority(policy_entry_t *policy, +static inline uint32_t get_priority(policy_entry_t *policy, policy_priority_t prio) { - u_int32_t priority = PRIO_BASE; + uint32_t priority = PRIO_BASE; + switch (prio) { case POLICY_PRIORITY_FALLBACK: - priority <<= 1; + priority += PRIO_BASE; /* fall-through */ case POLICY_PRIORITY_ROUTED: - priority <<= 1; + priority += PRIO_BASE; /* fall-through */ case POLICY_PRIORITY_DEFAULT: - priority <<= 1; - /* fall-trough */ + priority += PRIO_BASE; + /* fall-through */ case POLICY_PRIORITY_PASS: break; } - /* calculate priority based on selector size, small size = high prio */ - priority -= policy->src.mask; - priority -= policy->dst.mask; - priority <<= 2; /* make some room for the two flags */ - priority += policy->src.net->get_port(policy->src.net) || - policy->dst.net->get_port(policy->dst.net) ? - 0 : 2; - priority += policy->src.proto != IPSEC_PROTO_ANY ? 0 : 1; + + /* calculate priority */ + priority -= (policy->src.mask + policy->dst.mask) * 256; + priority -= policy->src.proto != IPSEC_PROTO_ANY ? 128 : 0; + priority -= policy->src.net->get_port(policy->src.net) ? 32 : 0; + priority -= policy->dst.net->get_port(policy->dst.net) ? 32 : 0; return priority; } @@ -697,7 +711,7 @@ ENUM(sadb_ext_type_names, SADB_EXT_RESERVED, SADB_EXT_MAX, /** * convert a protocol identifier to the PF_KEY sa type */ -static u_int8_t proto2satype(u_int8_t proto) +static uint8_t proto2satype(uint8_t proto) { switch (proto) { @@ -715,7 +729,7 @@ static u_int8_t proto2satype(u_int8_t proto) /** * convert a PF_KEY sa type to a protocol identifier */ -static u_int8_t satype2proto(u_int8_t satype) +static uint8_t satype2proto(uint8_t satype) { switch (satype) { @@ -733,7 +747,7 @@ static u_int8_t satype2proto(u_int8_t satype) /** * convert the general ipsec mode to the one defined in ipsec.h */ -static u_int8_t mode2kernel(ipsec_mode_t mode) +static uint8_t mode2kernel(ipsec_mode_t mode) { switch (mode) { @@ -753,7 +767,7 @@ static u_int8_t mode2kernel(ipsec_mode_t mode) /** * convert the general policy direction to the one defined in ipsec.h */ -static u_int8_t dir2kernel(policy_dir_t dir) +static uint8_t dir2kernel(policy_dir_t dir) { switch (dir) { @@ -773,7 +787,7 @@ static u_int8_t dir2kernel(policy_dir_t dir) /** * convert the policy type to the one defined in ipsec.h */ -static inline u_int16_t type2kernel(policy_type_t type) +static inline uint16_t type2kernel(policy_type_t type) { switch (type) { @@ -791,7 +805,7 @@ static inline u_int16_t type2kernel(policy_type_t type) /** * convert the policy direction in ipsec.h to the general one. */ -static policy_dir_t kernel2dir(u_int8_t dir) +static policy_dir_t kernel2dir(uint8_t dir) { switch (dir) { @@ -898,7 +912,7 @@ static kernel_algorithm_t compression_algs[] = { static int lookup_algorithm(transform_type_t type, int ikev2) { kernel_algorithm_t *list; - u_int16_t alg = 0; + uint16_t alg = 0; switch (type) { @@ -929,7 +943,7 @@ static int lookup_algorithm(transform_type_t type, int ikev2) /** * Helper to set a port in a sockaddr_t, the port has to be in host order */ -static void set_port(sockaddr_t *addr, u_int16_t port) +static void set_port(sockaddr_t *addr, uint16_t port) { switch (addr->sa_family) { @@ -971,8 +985,8 @@ static size_t hostcpy(void *dest, host_t *host, bool include_port) /** * add a host to the given sadb_msg */ -static void add_addr_ext(struct sadb_msg *msg, host_t *host, u_int16_t type, - u_int8_t proto, u_int8_t prefixlen, bool include_port) +static void add_addr_ext(struct sadb_msg *msg, host_t *host, uint16_t type, + uint8_t proto, uint8_t prefixlen, bool include_port) { struct sadb_address *addr = (struct sadb_address*)PFKEY_EXT_ADD_NEXT(msg); size_t len; @@ -988,7 +1002,7 @@ static void add_addr_ext(struct sadb_msg *msg, host_t *host, u_int16_t type, /** * adds an empty address extension to the given sadb_msg */ -static void add_anyaddr_ext(struct sadb_msg *msg, int family, u_int8_t type) +static void add_anyaddr_ext(struct sadb_msg *msg, int family, uint8_t type) { socklen_t len = (family == AF_INET) ? sizeof(struct sockaddr_in) : sizeof(struct sockaddr_in6); @@ -1039,7 +1053,7 @@ static traffic_selector_t* sadb_address2ts(struct sadb_address *address) { traffic_selector_t *ts; host_t *host; - u_int8_t proto; + uint8_t proto; proto = address->sadb_address_proto; proto = proto == IPSEC_PROTO_ANY ? 0 : proto; @@ -1240,7 +1254,7 @@ static void process_acquire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* msg) { pfkey_msg_t response; - u_int32_t index, reqid = 0; + uint32_t index, reqid = 0; traffic_selector_t *src_ts, *dst_ts; policy_entry_t *policy; policy_sa_t *sa; @@ -1292,8 +1306,8 @@ static void process_expire(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* msg) { pfkey_msg_t response; - u_int8_t protocol; - u_int32_t spi; + uint8_t protocol; + uint32_t spi; host_t *dst; bool hard; @@ -1330,7 +1344,7 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, pfkey_msg_t response; traffic_selector_t *src_ts, *dst_ts; policy_dir_t dir; - u_int32_t reqid = 0; + uint32_t reqid = 0; host_t *local = NULL, *remote = NULL; DBG2(DBG_KNL, "received an SADB_X_MIGRATE"); @@ -1350,13 +1364,13 @@ static void process_migrate(private_kernel_pfkey_ipsec_t *this, if (response.x_kmaddress) { sockaddr_t *local_addr, *remote_addr; - u_int32_t local_len; + uint32_t local_len; local_addr = (sockaddr_t*)&response.x_kmaddress[1]; local = host_create_from_sockaddr(local_addr); local_len = (local_addr->sa_family == AF_INET6)? sizeof(struct sockaddr_in6) : sizeof(struct sockaddr_in); - remote_addr = (sockaddr_t*)((u_int8_t*)local_addr + local_len); + remote_addr = (sockaddr_t*)((uint8_t*)local_addr + local_len); remote = host_create_from_sockaddr(remote_addr); DBG2(DBG_KNL, " kmaddress: %H...%H", local, remote); } @@ -1384,7 +1398,7 @@ static void process_mapping(private_kernel_pfkey_ipsec_t *this, struct sadb_msg* msg) { pfkey_msg_t response; - u_int32_t spi; + uint32_t spi; sockaddr_t *sa; host_t *dst, *new; @@ -1517,14 +1531,14 @@ static bool receive_events(private_kernel_pfkey_ipsec_t *this, int fd, */ static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this, - host_t *src, host_t *dst, u_int8_t proto, u_int32_t min, u_int32_t max, - u_int32_t *spi) + host_t *src, host_t *dst, uint8_t proto, uint32_t min, uint32_t max, + uint32_t *spi) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct sadb_spirange *range; pfkey_msg_t response; - u_int32_t received_spi = 0; + uint32_t received_spi = 0; size_t len; memset(&request, 0, sizeof(request)); @@ -1570,7 +1584,7 @@ static status_t get_spi_internal(private_kernel_pfkey_ipsec_t *this, METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { if (get_spi_internal(this, src, dst, protocol, 0xc0000000, 0xcFFFFFFF, spi) != SUCCESS) @@ -1585,9 +1599,9 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { - u_int32_t received_spi = 0; + uint32_t received_spi = 0; DBG2(DBG_KNL, "getting CPI"); @@ -1598,20 +1612,15 @@ METHOD(kernel_ipsec_t, get_cpi, status_t, return FAILED; } - *cpi = htons((u_int16_t)ntohl(received_spi)); + *cpi = htons((uint16_t)ntohl(received_spi)); DBG2(DBG_KNL, "got CPI %.4x", ntohs(*cpi)); return SUCCESS; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1620,22 +1629,42 @@ METHOD(kernel_ipsec_t, add_sa, status_t, struct sadb_lifetime *lft; struct sadb_key *key; size_t len; + uint16_t ipcomp = data->ipcomp; + ipsec_mode_t mode = data->mode; /* if IPComp is used, we install an additional IPComp SA. if the cpi is 0 * we are in the recursive call below */ - if (ipcomp != IPCOMP_NONE && cpi != 0) + if (ipcomp != IPCOMP_NONE && data->cpi != 0) { lifetime_cfg_t lft = {{0,0,0},{0,0,0},{0,0,0}}; - add_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, reqid, mark, - tfc, &lft, ENCR_UNDEFINED, chunk_empty, AUTH_UNDEFINED, - chunk_empty, mode, ipcomp, 0, 0, FALSE, FALSE, FALSE, inbound, - update, NULL, NULL); + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_add_sa_t ipcomp_sa = { + .reqid = data->reqid, + .mode = data->mode, + .src_ts = data->src_ts, + .dst_ts = data->dst_ts, + .lifetime = &lft, + .enc_alg = ENCR_UNDEFINED, + .int_alg = AUTH_UNDEFINED, + .tfc = data->tfc, + .ipcomp = data->ipcomp, + .initiator = data->initiator, + .inbound = data->inbound, + .update = data->update, + }; + add_sa(this, &ipcomp_id, &ipcomp_sa); ipcomp = IPCOMP_NONE; /* use transport mode ESP SA, IPComp uses tunnel mode */ mode = MODE_TRANSPORT; } - if (update) + if (data->update) { /* As we didn't know the reqid during SPI allocation, we used reqid * zero. Unfortunately we can't SADB_UPDATE to the new reqid, hence we @@ -1643,10 +1672,16 @@ METHOD(kernel_ipsec_t, add_sa, status_t, * selector does not count for that, therefore we have to delete * that state before installing the new SA to avoid deleting the * the new state after installing it. */ - mark_t zeromark = {0, 0}; - - if (this->public.interface.del_sa(&this->public.interface, - src, dst, spi, protocol, 0, zeromark) != SUCCESS) + kernel_ipsec_sa_id_t del_id = { + .src = id->src, + .dst = id->dst, + .spi = id->spi, + .proto = id->proto, + }; + kernel_ipsec_del_sa_t del = { 0 }; + + if (this->public.interface.del_sa(&this->public.interface, &del_id, + &del) != SUCCESS) { DBG1(DBG_KNL, "deleting SPI allocation SA failed"); } @@ -1655,20 +1690,20 @@ METHOD(kernel_ipsec_t, add_sa, status_t, memset(&request, 0, sizeof(request)); DBG2(DBG_KNL, "adding SAD entry with SPI %.8x and reqid {%u}", - ntohl(spi), reqid); + ntohl(id->spi), data->reqid); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_ADD; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); #ifdef __APPLE__ - if (encap) + if (data->encap) { struct sadb_sa_2 *sa_2; sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg); - sa_2->sadb_sa_natt_port = dst->get_port(dst); + sa_2->sadb_sa_natt_port = id->dst->get_port(id->dst); sa = &sa_2->sa; sa->sadb_sa_flags |= SADB_X_EXT_NATT; len = sizeof(struct sadb_sa_2); @@ -1681,22 +1716,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(len); - sa->sadb_sa_spi = spi; - if (protocol == IPPROTO_COMP) + sa->sadb_sa_spi = id->spi; + if (id->proto == IPPROTO_COMP) { - sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM, ipcomp); + sa->sadb_sa_encrypt = lookup_algorithm(COMPRESSION_ALGORITHM, + ipcomp); } else { /* Linux interprets sadb_sa_replay as number of packets/bits in the - * replay window, whereas on BSD it's the size of the window in bytes */ + * replay window, whereas on BSD it's the size of the window in bytes. + * Only set for the inbound SA as it's not relevant for the outbound + * SA and might waste memory with large windows. */ + if (data->inbound) + { #ifdef __linux__ - sa->sadb_sa_replay = min(replay_window, 32); + sa->sadb_sa_replay = min(data->replay_window, 32); #else - sa->sadb_sa_replay = (replay_window + 7) / 8; + sa->sadb_sa_replay = (data->replay_window + 7) / 8; #endif - sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, int_alg); - sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, enc_alg); + } + sa->sadb_sa_auth = lookup_algorithm(INTEGRITY_ALGORITHM, data->int_alg); + sa->sadb_sa_encrypt = lookup_algorithm(ENCRYPTION_ALGORITHM, + data->enc_alg); } PFKEY_EXT_ADD(msg, sa); @@ -1704,86 +1746,88 @@ METHOD(kernel_ipsec_t, add_sa, status_t, sa2->sadb_x_sa2_exttype = SADB_X_EXT_SA2; sa2->sadb_x_sa2_len = PFKEY_LEN(sizeof(struct sadb_spirange)); sa2->sadb_x_sa2_mode = mode2kernel(mode); - sa2->sadb_x_sa2_reqid = reqid; + sa2->sadb_x_sa2_reqid = data->reqid; PFKEY_EXT_ADD(msg, sa2); - add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_SOFT; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_allocations = lifetime->packets.rekey; - lft->sadb_lifetime_bytes = lifetime->bytes.rekey; - lft->sadb_lifetime_addtime = lifetime->time.rekey; + lft->sadb_lifetime_allocations = data->lifetime->packets.rekey; + lft->sadb_lifetime_bytes = data->lifetime->bytes.rekey; + lft->sadb_lifetime_addtime = data->lifetime->time.rekey; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); lft = (struct sadb_lifetime*)PFKEY_EXT_ADD_NEXT(msg); lft->sadb_lifetime_exttype = SADB_EXT_LIFETIME_HARD; lft->sadb_lifetime_len = PFKEY_LEN(sizeof(struct sadb_lifetime)); - lft->sadb_lifetime_allocations = lifetime->packets.life; - lft->sadb_lifetime_bytes = lifetime->bytes.life; - lft->sadb_lifetime_addtime = lifetime->time.life; + lft->sadb_lifetime_allocations = data->lifetime->packets.life; + lft->sadb_lifetime_bytes = data->lifetime->bytes.life; + lft->sadb_lifetime_addtime = data->lifetime->time.life; lft->sadb_lifetime_usetime = 0; /* we only use addtime */ PFKEY_EXT_ADD(msg, lft); - if (enc_alg != ENCR_UNDEFINED) + if (data->enc_alg != ENCR_UNDEFINED) { if (!sa->sadb_sa_encrypt) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - encryption_algorithm_names, enc_alg); + encryption_algorithm_names, data->enc_alg); return FAILED; } DBG2(DBG_KNL, " using encryption algorithm %N with key size %d", - encryption_algorithm_names, enc_alg, enc_key.len * 8); + encryption_algorithm_names, data->enc_alg, data->enc_key.len * 8); key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_ENCRYPT; - key->sadb_key_bits = enc_key.len * 8; - key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + enc_key.len); - memcpy(key + 1, enc_key.ptr, enc_key.len); + key->sadb_key_bits = data->enc_key.len * 8; + key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + data->enc_key.len); + memcpy(key + 1, data->enc_key.ptr, data->enc_key.len); PFKEY_EXT_ADD(msg, key); } - if (int_alg != AUTH_UNDEFINED) + if (data->int_alg != AUTH_UNDEFINED) { if (!sa->sadb_sa_auth) { DBG1(DBG_KNL, "algorithm %N not supported by kernel!", - integrity_algorithm_names, int_alg); + integrity_algorithm_names, data->int_alg); return FAILED; } DBG2(DBG_KNL, " using integrity algorithm %N with key size %d", - integrity_algorithm_names, int_alg, int_key.len * 8); + integrity_algorithm_names, data->int_alg, data->int_key.len * 8); key = (struct sadb_key*)PFKEY_EXT_ADD_NEXT(msg); key->sadb_key_exttype = SADB_EXT_KEY_AUTH; - key->sadb_key_bits = int_key.len * 8; - key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + int_key.len); - memcpy(key + 1, int_key.ptr, int_key.len); + key->sadb_key_bits = data->int_key.len * 8; + key->sadb_key_len = PFKEY_LEN(sizeof(struct sadb_key) + data->int_key.len); + memcpy(key + 1, data->int_key.ptr, data->int_key.len); PFKEY_EXT_ADD(msg, key); } #ifdef HAVE_NATT - if (encap) + if (data->encap) { - add_encap_ext(msg, src, dst); + add_encap_ext(msg, id->src, id->dst); } #endif /*HAVE_NATT*/ if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to add SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } @@ -1793,9 +1837,8 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_pfkey_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1806,72 +1849,84 @@ METHOD(kernel_ipsec_t, update_sa, status_t, /* we can't update the SA if any of the ip addresses have changed. * that's because we can't use SADB_UPDATE and by deleting and readding the * SA the sequence numbers would get lost */ - if (!src->ip_equals(src, new_src) || - !dst->ip_equals(dst, new_dst)) + if (!id->src->ip_equals(id->src, data->new_src) || + !id->dst->ip_equals(id->dst, data->new_dst)) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x: address " - "changes are not supported", ntohl(spi)); + "changes are not supported", ntohl(id->spi)); return NOT_SUPPORTED; } /* if IPComp is used, we first update the IPComp SA */ - if (cpi) - { - update_sa(this, htonl(ntohs(cpi)), IPPROTO_COMP, 0, - src, dst, new_src, new_dst, FALSE, FALSE, mark); + if (data->cpi) + { + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_update_sa_t ipcomp = { + .new_src = data->new_src, + .new_dst = data->new_dst, + }; + update_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x for update", + ntohl(id->spi)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); - sa->sadb_sa_spi = spi; + sa->sadb_sa_spi = id->spi; PFKEY_EXT_ADD(msg, sa); /* the kernel wants a SADB_EXT_ADDRESS_SRC to be present even though * it is not used for anything. */ - add_anyaddr_ext(msg, dst->get_family(dst), SADB_EXT_ADDRESS_SRC); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_anyaddr_ext(msg, id->dst->get_family(id->dst), SADB_EXT_ADDRESS_SRC); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } else if (parse_pfkey_message(out, &response) != SUCCESS) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: parsing " - "response from kernel failed", ntohl(spi)); + "response from kernel failed", ntohl(id->spi)); free(out); return FAILED; } DBG2(DBG_KNL, "updating SAD entry with SPI %.8x from %#H..%#H to %#H..%#H", - ntohl(spi), src, dst, new_src, new_dst); + ntohl(id->spi), id->src, id->dst, data->new_src, data->new_dst); memset(&request, 0, sizeof(request)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_UPDATE; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); #ifdef __APPLE__ @@ -1880,9 +1935,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, sa_2 = (struct sadb_sa_2*)PFKEY_EXT_ADD_NEXT(msg); sa_2->sa.sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa_2)); memcpy(&sa_2->sa, response.sa, sizeof(struct sadb_sa)); - if (encap) + if (data->encap) { - sa_2->sadb_sa_natt_port = new_dst->get_port(new_dst); + sa_2->sadb_sa_natt_port = data->new_dst->get_port(data->new_dst); sa_2->sa.sadb_sa_flags |= SADB_X_EXT_NATT; } } @@ -1908,9 +1963,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } #ifdef HAVE_NATT - if (new_encap) + if (data->new_encap) { - add_encap_ext(msg, new_src, new_dst); + add_encap_ext(msg, data->new_src, data->new_dst); } #endif /*HAVE_NATT*/ @@ -1918,14 +1973,14 @@ METHOD(kernel_ipsec_t, update_sa, status_t, if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to update SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), out->sadb_msg_errno); free(out); return FAILED; } @@ -1935,9 +1990,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -1947,42 +2002,44 @@ METHOD(kernel_ipsec_t, query_sa, status_t, memset(&request, 0, sizeof(request)); - DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "querying SAD entry with SPI %.8x", ntohl(id->spi)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_GET; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); - sa->sadb_sa_spi = spi; + sa->sadb_sa_spi = id->spi; PFKEY_EXT_ADD(msg, sa); /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ - add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } else if (parse_pfkey_message(out, &response) != SUCCESS) { - DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to query SAD entry with SPI %.8x", + ntohl(id->spi)); free(out); return FAILED; } @@ -2013,8 +2070,8 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2022,48 +2079,57 @@ METHOD(kernel_ipsec_t, del_sa, status_t, size_t len; /* if IPComp was used, we first delete the additional IPComp SA */ - if (cpi) + if (data->cpi) { - del_sa(this, src, dst, htonl(ntohs(cpi)), IPPROTO_COMP, 0, mark); + kernel_ipsec_sa_id_t ipcomp_id = { + .src = id->src, + .dst = id->dst, + .spi = htonl(ntohs(data->cpi)), + .proto = IPPROTO_COMP, + .mark = id->mark, + }; + kernel_ipsec_del_sa_t ipcomp = { 0 }; + del_sa(this, &ipcomp_id, &ipcomp); } memset(&request, 0, sizeof(request)); - DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "deleting SAD entry with SPI %.8x", ntohl(id->spi)); msg = (struct sadb_msg*)request; msg->sadb_msg_version = PF_KEY_V2; msg->sadb_msg_type = SADB_DELETE; - msg->sadb_msg_satype = proto2satype(protocol); + msg->sadb_msg_satype = proto2satype(id->proto); msg->sadb_msg_len = PFKEY_LEN(sizeof(struct sadb_msg)); sa = (struct sadb_sa*)PFKEY_EXT_ADD_NEXT(msg); sa->sadb_sa_exttype = SADB_EXT_SA; sa->sadb_sa_len = PFKEY_LEN(sizeof(struct sadb_sa)); - sa->sadb_sa_spi = spi; + sa->sadb_sa_spi = id->spi; PFKEY_EXT_ADD(msg, sa); /* the Linux Kernel doesn't care for the src address, but other systems do * (e.g. FreeBSD) */ - add_addr_ext(msg, src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); - add_addr_ext(msg, dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); + add_addr_ext(msg, id->src, SADB_EXT_ADDRESS_SRC, 0, 0, FALSE); + add_addr_ext(msg, id->dst, SADB_EXT_ADDRESS_DST, 0, 0, FALSE); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", ntohl(spi)); + DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x", + ntohl(id->spi)); return FAILED; } else if (out->sadb_msg_errno) { DBG1(DBG_KNL, "unable to delete SAD entry with SPI %.8x: %s (%d)", - ntohl(spi), strerror(out->sadb_msg_errno), - out->sadb_msg_errno); + ntohl(id->spi), strerror(out->sadb_msg_errno), + out->sadb_msg_errno); free(out); return FAILED; } - DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(spi)); + DBG2(DBG_KNL, "deleted SAD entry with SPI %.8x", ntohl(id->spi)); free(out); return SUCCESS; } @@ -2074,7 +2140,7 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; struct { - u_int8_t proto; + uint8_t proto; char *name; } protos[] = { { SADB_SATYPE_AH, "AH" }, @@ -2138,7 +2204,7 @@ static void add_exclude_route(private_kernel_pfkey_ipsec_t *this, if (!route->exclude) { DBG2(DBG_KNL, "installing new exclude route for %H src %H", dst, src); - gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL); + gtw = charon->kernel->get_nexthop(charon->kernel, dst, -1, NULL, NULL); if (gtw) { char *if_name = NULL; @@ -2226,56 +2292,58 @@ static void remove_exclude_route(private_kernel_pfkey_ipsec_t *this, } /** - * Try to install a route to the given inbound policy + * Try to install a route to the given outbound policy */ static bool install_route(private_kernel_pfkey_ipsec_t *this, - policy_entry_t *policy, policy_sa_in_t *in) + policy_entry_t *policy, policy_sa_out_t *out) { route_entry_t *route, *old; host_t *host, *src, *dst; bool is_virtual; - if (charon->kernel->get_address_by_ts(charon->kernel, in->dst_ts, &host, + if (charon->kernel->get_address_by_ts(charon->kernel, out->src_ts, &host, &is_virtual) != SUCCESS) { return FALSE; } - /* switch src/dst, as we handle an IN policy */ - src = in->generic.sa->dst; - dst = in->generic.sa->src; - INIT(route, - .prefixlen = policy->src.mask, + .prefixlen = policy->dst.mask, .src_ip = host, - .dst_net = chunk_clone(policy->src.net->get_address(policy->src.net)), + .dst_net = chunk_clone(policy->dst.net->get_address(policy->dst.net)), ); + src = out->generic.sa->src; + dst = out->generic.sa->dst; + if (!dst->is_anyaddr(dst)) { route->gateway = charon->kernel->get_nexthop(charon->kernel, dst, -1, - src); + src, &route->if_name); /* if the IP is virtual, we install the route over the interface it has * been installed on. Otherwise we use the interface we use for IKE, as * this is required for example on Linux. */ if (is_virtual) { + free(route->if_name); + route->if_name = NULL; src = route->src_ip; } } else { /* for shunt policies */ route->gateway = charon->kernel->get_nexthop(charon->kernel, - policy->src.net, policy->src.mask, - route->src_ip); + policy->dst.net, policy->dst.mask, + route->src_ip, &route->if_name); /* we don't have a source address, use the address we found */ src = route->src_ip; } /* get interface for route, using source address */ - if (!charon->kernel->get_interface(charon->kernel, src, &route->if_name)) + if (!route->if_name && + !charon->kernel->get_interface(charon->kernel, src, &route->if_name)) { route_entry_destroy(route); return FALSE; @@ -2296,7 +2364,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, old->src_ip, old->if_name) != SUCCESS) { DBG1(DBG_KNL, "error uninstalling route installed with policy " - "%R === %R %N", in->src_ts, in->dst_ts, + "%R === %R %N", out->src_ts, out->dst_ts, policy_dir_names, policy->direction); } route_entry_destroy(old); @@ -2306,22 +2374,22 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, /* if remote traffic selector covers the IKE peer, add an exclude route */ if (charon->kernel->get_features(charon->kernel) & KERNEL_REQUIRE_EXCLUDE_ROUTE) { - if (in->src_ts->is_host(in->src_ts, dst)) + if (out->dst_ts->is_host(out->dst_ts, dst)) { DBG1(DBG_KNL, "can't install route for %R === %R %N, conflicts " - "with IKE traffic", in->src_ts, in->dst_ts, policy_dir_names, + "with IKE traffic", out->src_ts, out->dst_ts, policy_dir_names, policy->direction); route_entry_destroy(route); return FALSE; } - if (in->src_ts->includes(in->src_ts, dst)) + if (out->dst_ts->includes(out->dst_ts, dst)) { - add_exclude_route(this, route, in->generic.sa->dst, dst); + add_exclude_route(this, route, out->generic.sa->src, dst); } } DBG2(DBG_KNL, "installing route: %R via %H src %H dev %s", - in->src_ts, route->gateway, route->src_ip, route->if_name); + out->dst_ts, route->gateway, route->src_ip, route->if_name); switch (charon->kernel->add_route(charon->kernel, route->dst_net, route->prefixlen, route->gateway, @@ -2338,7 +2406,7 @@ static bool install_route(private_kernel_pfkey_ipsec_t *this, return TRUE; default: DBG1(DBG_KNL, "installing route failed: %R via %H src %H dev %s", - in->src_ts, route->gateway, route->src_ip, route->if_name); + out->dst_ts, route->gateway, route->src_ip, route->if_name); remove_exclude_route(this, route); route_entry_destroy(route); return FALSE; @@ -2381,53 +2449,56 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, pol->sadb_x_policy_priority = mapping->priority; #endif - /* one or more sadb_x_ipsecrequest extensions are added to the - * sadb_x_policy extension */ - proto_mode = ipsec->cfg.mode; + if (mapping->type == POLICY_IPSEC && ipsec->cfg.reqid) + { + /* one or more sadb_x_ipsecrequest extensions are added to the + * sadb_x_policy extension */ + proto_mode = ipsec->cfg.mode; + + req = (struct sadb_x_ipsecrequest*)(pol + 1); - req = (struct sadb_x_ipsecrequest*)(pol + 1); + if (ipsec->cfg.ipcomp.transform != IPCOMP_NONE) + { + req->sadb_x_ipsecrequest_proto = IPPROTO_COMP; + + /* !!! the length here MUST be in octets instead of 64 bit words */ + req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest); + req->sadb_x_ipsecrequest_mode = mode2kernel(ipsec->cfg.mode); + req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid; + req->sadb_x_ipsecrequest_level = (policy->direction == POLICY_OUT) ? + IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_USE; + if (ipsec->cfg.mode == MODE_TUNNEL) + { + len = hostcpy(req + 1, ipsec->src, FALSE); + req->sadb_x_ipsecrequest_len += len; + len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE); + req->sadb_x_ipsecrequest_len += len; + /* use transport mode for other SAs */ + proto_mode = MODE_TRANSPORT; + } - if (ipsec->cfg.ipcomp.transform != IPCOMP_NONE) - { - req->sadb_x_ipsecrequest_proto = IPPROTO_COMP; + pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); + req = (struct sadb_x_ipsecrequest*)((char*)(req) + + req->sadb_x_ipsecrequest_len); + } + req->sadb_x_ipsecrequest_proto = ipsec->cfg.esp.use ? IPPROTO_ESP + : IPPROTO_AH; /* !!! the length here MUST be in octets instead of 64 bit words */ req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest); - req->sadb_x_ipsecrequest_mode = mode2kernel(ipsec->cfg.mode); + req->sadb_x_ipsecrequest_mode = mode2kernel(proto_mode); req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid; - req->sadb_x_ipsecrequest_level = (policy->direction == POLICY_OUT) ? - IPSEC_LEVEL_UNIQUE : IPSEC_LEVEL_USE; - if (ipsec->cfg.mode == MODE_TUNNEL) + req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; + if (proto_mode == MODE_TUNNEL) { len = hostcpy(req + 1, ipsec->src, FALSE); req->sadb_x_ipsecrequest_len += len; len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE); req->sadb_x_ipsecrequest_len += len; - /* use transport mode for other SAs */ - proto_mode = MODE_TRANSPORT; } pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); - req = (struct sadb_x_ipsecrequest*)((char*)(req) + - req->sadb_x_ipsecrequest_len); - } - - req->sadb_x_ipsecrequest_proto = ipsec->cfg.esp.use ? IPPROTO_ESP - : IPPROTO_AH; - /* !!! the length here MUST be in octets instead of 64 bit words */ - req->sadb_x_ipsecrequest_len = sizeof(struct sadb_x_ipsecrequest); - req->sadb_x_ipsecrequest_mode = mode2kernel(proto_mode); - req->sadb_x_ipsecrequest_reqid = ipsec->cfg.reqid; - req->sadb_x_ipsecrequest_level = IPSEC_LEVEL_UNIQUE; - if (proto_mode == MODE_TUNNEL) - { - len = hostcpy(req + 1, ipsec->src, FALSE); - req->sadb_x_ipsecrequest_len += len; - len = hostcpy((char*)(req + 1) + len, ipsec->dst, FALSE); - req->sadb_x_ipsecrequest_len += len; } - - pol->sadb_x_policy_len += PFKEY_LEN(req->sadb_x_ipsecrequest_len); PFKEY_EXT_ADD(msg, pol); add_addr_ext(msg, policy->src.net, SADB_EXT_ADDRESS_SRC, policy->src.proto, @@ -2492,37 +2563,42 @@ static status_t add_policy_internal(private_kernel_pfkey_ipsec_t *this, free(out); /* install a route, if: - * - this is an inbound policy (to just get one for each child) - * - we are in tunnel mode or install a bypass policy + * - this is an outbound policy (to just get one for each child) * - routing is not disabled via strongswan.conf + * - the selector is not for a specific protocol/port + * - we are in tunnel mode or install a bypass policy */ - if (policy->direction == POLICY_IN && this->install_routes && - (mapping->type != POLICY_IPSEC || ipsec->cfg.mode != MODE_TRANSPORT)) + if (policy->direction == POLICY_OUT && this->install_routes && + policy->src.proto == IPSEC_PROTO_ANY && + !policy->src.net->get_port(policy->src.net) && + !policy->dst.net->get_port(policy->dst.net)) { - install_route(this, policy, (policy_sa_in_t*)mapping); + if (mapping->type == POLICY_PASS || + (mapping->type == POLICY_IPSEC && ipsec->cfg.mode != MODE_TRANSPORT)) + { + install_route(this, policy, (policy_sa_out_t*)mapping); + } } this->mutex->unlock(this->mutex); return SUCCESS; } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { policy_entry_t *policy, *found = NULL; policy_sa_t *assigned_sa, *current_sa; enumerator_t *enumerator; bool update = TRUE; - if (dir2kernel(direction) == IPSEC_DIR_INVALID) + if (dir2kernel(id->dir) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } /* create a policy */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); /* find a matching policy */ this->mutex->lock(this->mutex); @@ -2531,7 +2607,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, (void**)&found, policy) == SUCCESS) { /* use existing policy */ DBG2(DBG_KNL, "policy %R === %R %N already exists, increasing " - "refcount", src_ts, dst_ts, policy_dir_names, direction); + "refcount", id->src_ts, id->dst_ts, policy_dir_names, id->dir); policy_entry_destroy(policy, this); policy = found; } @@ -2542,18 +2618,35 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } /* cache the assigned IPsec SA */ - assigned_sa = policy_sa_create(this, direction, type, src, dst, src_ts, - dst_ts, sa); - assigned_sa->priority = get_priority(policy, priority); + assigned_sa = policy_sa_create(this, id->dir, data->type, data->src, + data->dst, id->src_ts, id->dst_ts, data->sa); + assigned_sa->auto_priority = get_priority(policy, data->prio); + assigned_sa->priority = data->manual_prio ? data->manual_prio : + assigned_sa->auto_priority; + /* insert the SA according to its priority */ enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)¤t_sa)) { - if (current_sa->priority >= assigned_sa->priority) + if (current_sa->priority > assigned_sa->priority) { break; } + if (current_sa->priority == assigned_sa->priority) + { + /* in case of equal manual prios order SAs by automatic priority */ + if (current_sa->auto_priority > assigned_sa->auto_priority) + { + break; + } + /* prefer SAs with a reqid over those without */ + if (current_sa->auto_priority == assigned_sa->auto_priority && + (!current_sa->sa->cfg.reqid || assigned_sa->sa->cfg.reqid)) + { + break; + } + } update = FALSE; } policy->used_by->insert_before(policy->used_by, enumerator, assigned_sa); @@ -2567,23 +2660,22 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } DBG2(DBG_KNL, "%s policy %R === %R %N", - found ? "updating" : "adding", src_ts, dst_ts, - policy_dir_names, direction); + found ? "updating" : "adding", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); if (add_policy_internal(this, policy, assigned_sa, found) != SUCCESS) { DBG1(DBG_KNL, "unable to %s policy %R === %R %N", - found ? "update" : "add", src_ts, dst_ts, - policy_dir_names, direction); + found ? "update" : "add", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); return FAILED; } return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_pfkey_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2592,16 +2684,16 @@ METHOD(kernel_ipsec_t, query_policy, status_t, pfkey_msg_t response; size_t len; - if (dir2kernel(direction) == IPSEC_DIR_INVALID) + if (dir2kernel(id->dir) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return NOT_FOUND; } - DBG2(DBG_KNL, "querying policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "querying policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); /* create a policy */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); /* find a matching policy */ this->mutex->lock(this->mutex); @@ -2609,8 +2701,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, (linked_list_match_t)policy_entry_equals, (void**)&found, policy) != SUCCESS) { - DBG1(DBG_KNL, "querying policy %R === %R %N failed, not found", src_ts, - dst_ts, policy_dir_names, direction); + DBG1(DBG_KNL, "querying policy %R === %R %N failed, not found", + id->src_ts, id->dst_ts, policy_dir_names, id->dir); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); return NOT_FOUND; @@ -2630,7 +2722,7 @@ METHOD(kernel_ipsec_t, query_policy, status_t, pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_id = policy->index; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); - pol->sadb_x_policy_dir = dir2kernel(direction); + pol->sadb_x_policy_dir = dir2kernel(id->dir); pol->sadb_x_policy_type = IPSEC_POLICY_IPSEC; PFKEY_EXT_ADD(msg, pol); @@ -2643,30 +2735,31 @@ METHOD(kernel_ipsec_t, query_policy, status_t, if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to query policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "unable to query policy %R === %R %N", id->src_ts, + id->dst_ts, policy_dir_names, id->dir); return FAILED; } else if (out->sadb_msg_errno) { - DBG1(DBG_KNL, "unable to query policy %R === %R %N: %s (%d)", src_ts, - dst_ts, policy_dir_names, direction, - strerror(out->sadb_msg_errno), out->sadb_msg_errno); + DBG1(DBG_KNL, "unable to query policy %R === %R %N: %s (%d)", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, + strerror(out->sadb_msg_errno), out->sadb_msg_errno); free(out); return FAILED; } else if (parse_pfkey_message(out, &response) != SUCCESS) { DBG1(DBG_KNL, "unable to query policy %R === %R %N: parsing response " - "from kernel failed", src_ts, dst_ts, policy_dir_names, - direction); + "from kernel failed", id->src_ts, id->dst_ts, policy_dir_names, + id->dir); free(out); return FAILED; } else if (response.lft_current == NULL) { DBG2(DBG_KNL, "unable to query policy %R === %R %N: kernel reports no " - "use time", src_ts, dst_ts, policy_dir_names, direction); + "use time", id->src_ts, id->dst_ts, policy_dir_names, + id->dir); free(out); return FAILED; } @@ -2686,10 +2779,8 @@ METHOD(kernel_ipsec_t, query_policy, status_t, } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_pfkey_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t prio) + private_kernel_pfkey_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2698,24 +2789,24 @@ METHOD(kernel_ipsec_t, del_policy, status_t, policy_sa_t *mapping, *to_remove = NULL; enumerator_t *enumerator; bool first = TRUE, is_installed = TRUE; - u_int32_t priority; + uint32_t priority, auto_priority; size_t len; ipsec_sa_t assigned_sa = { - .src = src, - .dst = dst, - .cfg = *sa, + .src = data->src, + .dst = data->dst, + .cfg = *data->sa, }; - if (dir2kernel(direction) == IPSEC_DIR_INVALID) + if (dir2kernel(id->dir) == IPSEC_DIR_INVALID) { /* FWD policies are not supported on all platforms */ return SUCCESS; } - DBG2(DBG_KNL, "deleting policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "deleting policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); /* create a policy */ - policy = create_policy_entry(src_ts, dst_ts, direction); + policy = create_policy_entry(id->src_ts, id->dst_ts, id->dir); /* find a matching policy */ this->mutex->lock(this->mutex); @@ -2723,8 +2814,8 @@ METHOD(kernel_ipsec_t, del_policy, status_t, (linked_list_match_t)policy_entry_equals, (void**)&found, policy) != SUCCESS) { - DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", src_ts, - dst_ts, policy_dir_names, direction); + DBG1(DBG_KNL, "deleting policy %R === %R %N failed, not found", + id->src_ts, id->dst_ts, policy_dir_names, id->dir); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); return NOT_FOUND; @@ -2734,11 +2825,14 @@ METHOD(kernel_ipsec_t, del_policy, status_t, /* remove mapping to SA by reqid and priority, if multiple match, which * could happen when rekeying due to an address change, remove the oldest */ - priority = get_priority(policy, prio); + auto_priority = get_priority(policy, data->prio); + priority = data->manual_prio ? data->manual_prio : auto_priority; enumerator = policy->used_by->create_enumerator(policy->used_by); while (enumerator->enumerate(enumerator, (void**)&mapping)) { if (priority == mapping->priority && + auto_priority == mapping->auto_priority && + data->type == mapping->type && ipsec_sa_equals(mapping->sa, &assigned_sa)) { to_remove = mapping; @@ -2762,7 +2856,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, if (policy->used_by->get_count(policy->used_by) > 0) { /* policy is used by more SAs, keep in kernel */ DBG2(DBG_KNL, "policy still used by another CHILD_SA, not removed"); - policy_sa_destroy(mapping, &direction, this); + policy_sa_destroy(mapping, &id->dir, this); if (!is_installed) { /* no need to update as the policy was not installed for this SA */ @@ -2770,13 +2864,13 @@ METHOD(kernel_ipsec_t, del_policy, status_t, return SUCCESS; } - DBG2(DBG_KNL, "updating policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG2(DBG_KNL, "updating policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); policy->used_by->get_first(policy->used_by, (void**)&mapping); if (add_policy_internal(this, policy, mapping, TRUE) != SUCCESS) { DBG1(DBG_KNL, "unable to update policy %R === %R %N", - src_ts, dst_ts, policy_dir_names, direction); + id->src_ts, id->dst_ts, policy_dir_names, id->dir); return FAILED; } return SUCCESS; @@ -2793,7 +2887,7 @@ METHOD(kernel_ipsec_t, del_policy, status_t, pol = (struct sadb_x_policy*)PFKEY_EXT_ADD_NEXT(msg); pol->sadb_x_policy_exttype = SADB_X_EXT_POLICY; pol->sadb_x_policy_len = PFKEY_LEN(sizeof(struct sadb_x_policy)); - pol->sadb_x_policy_dir = dir2kernel(direction); + pol->sadb_x_policy_dir = dir2kernel(id->dir); pol->sadb_x_policy_type = type2kernel(mapping->type); PFKEY_EXT_ADD(msg, pol); @@ -2810,28 +2904,28 @@ METHOD(kernel_ipsec_t, del_policy, status_t, route->src_ip, route->if_name) != SUCCESS) { DBG1(DBG_KNL, "error uninstalling route installed with " - "policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + "policy %R === %R %N", id->src_ts, id->dst_ts, + policy_dir_names, id->dir); } remove_exclude_route(this, route); } this->policies->remove(this->policies, found, NULL); - policy_sa_destroy(mapping, &direction, this); + policy_sa_destroy(mapping, &id->dir, this); policy_entry_destroy(policy, this); this->mutex->unlock(this->mutex); if (pfkey_send(this, msg, &out, &len) != SUCCESS) { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N", src_ts, dst_ts, - policy_dir_names, direction); + DBG1(DBG_KNL, "unable to delete policy %R === %R %N", id->src_ts, + id->dst_ts, policy_dir_names, id->dir); return FAILED; } else if (out->sadb_msg_errno) { - DBG1(DBG_KNL, "unable to delete policy %R === %R %N: %s (%d)", src_ts, - dst_ts, policy_dir_names, direction, - strerror(out->sadb_msg_errno), out->sadb_msg_errno); + DBG1(DBG_KNL, "unable to delete policy %R === %R %N: %s (%d)", + id->src_ts, id->dst_ts, policy_dir_names, id->dir, + strerror(out->sadb_msg_errno), out->sadb_msg_errno); free(out); return FAILED; } @@ -2876,7 +2970,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t, * Register a socket for ACQUIRE/EXPIRE messages */ static status_t register_pfkey_socket(private_kernel_pfkey_ipsec_t *this, - u_int8_t satype) + uint8_t satype) { unsigned char request[PFKEY_BUFFER_SIZE]; struct sadb_msg *msg, *out; @@ -2931,7 +3025,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } memset(&policy, 0, sizeof(policy)); - policy.sadb_x_policy_len = sizeof(policy) / sizeof(u_int64_t); + policy.sadb_x_policy_len = sizeof(policy) / sizeof(uint64_t); policy.sadb_x_policy_exttype = SADB_X_EXT_POLICY; policy.sadb_x_policy_type = IPSEC_POLICY_BYPASS; @@ -2953,7 +3047,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_pfkey_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_pfkey_ipsec_t *this, int fd, int family, uint16_t port) { #ifndef __APPLE__ int type = UDP_ENCAP_ESPINUDP; diff --git a/src/libcharon/plugins/kernel_pfroute/Makefile.in b/src/libcharon/plugins/kernel_pfroute/Makefile.in index 77d83cbca..1c3f49120 100644 --- a/src/libcharon/plugins/kernel_pfroute/Makefile.in +++ b/src/libcharon/plugins/kernel_pfroute/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/kernel_pfroute -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_pfroute/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c index 4eebdfdad..236e3417f 100644 --- a/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c +++ b/src/libcharon/plugins/kernel_pfroute/kernel_pfroute_net.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2009-2013 Tobias Brunner + * Copyright (C) 2009-2016 Tobias Brunner * Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -209,7 +209,7 @@ struct route_entry_t { chunk_t dst_net; /** Destination net prefixlen */ - u_int8_t prefixlen; + uint8_t prefixlen; }; /** @@ -420,7 +420,7 @@ struct private_kernel_pfroute_net_t * Forward declaration */ static status_t manage_route(private_kernel_pfroute_net_t *this, int op, - chunk_t dst_net, u_int8_t prefixlen, + chunk_t dst_net, uint8_t prefixlen, host_t *gateway, char *if_name); /** @@ -1381,7 +1381,7 @@ static void add_rt_ifname(struct rt_msghdr *hdr, int type, char *name) * Add or remove a route */ static status_t manage_route(private_kernel_pfroute_net_t *this, int op, - chunk_t dst_net, u_int8_t prefixlen, + chunk_t dst_net, uint8_t prefixlen, host_t *gateway, char *if_name) { struct { @@ -1473,7 +1473,7 @@ static status_t manage_route(private_kernel_pfroute_net_t *this, int op, } METHOD(kernel_net_t, add_route, status_t, - private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_pfroute_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -1502,7 +1502,7 @@ METHOD(kernel_net_t, add_route, status_t, } METHOD(kernel_net_t, del_route, status_t, - private_kernel_pfroute_net_t *this, chunk_t dst_net, u_int8_t prefixlen, + private_kernel_pfroute_net_t *this, chunk_t dst_net, uint8_t prefixlen, host_t *gateway, host_t *src_ip, char *if_name) { status_t status; @@ -1533,7 +1533,7 @@ METHOD(kernel_net_t, del_route, status_t, * address. */ static host_t *get_route(private_kernel_pfroute_net_t *this, bool nexthop, - host_t *dest, host_t *src) + host_t *dest, host_t *src, char **iface) { struct { struct rt_msghdr hdr; @@ -1612,6 +1612,15 @@ retry: host = gtw; } } + if (type == RTAX_IFP && addr->sa_family == AF_LINK) + { + struct sockaddr_dl *sdl = (struct sockaddr_dl*)addr; + if (iface) + { + free(*iface); + *iface = strndup(sdl->sdl_data, sdl->sdl_nlen); + } + } } else { @@ -1680,13 +1689,18 @@ retry: METHOD(kernel_net_t, get_source_addr, host_t*, private_kernel_pfroute_net_t *this, host_t *dest, host_t *src) { - return get_route(this, FALSE, dest, src); + return get_route(this, FALSE, dest, src, NULL); } METHOD(kernel_net_t, get_nexthop, host_t*, - private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src) + private_kernel_pfroute_net_t *this, host_t *dest, int prefix, host_t *src, + char **iface) { - return get_route(this, TRUE, dest, src); + if (iface) + { + *iface = NULL; + } + return get_route(this, TRUE, dest, src, iface); } /** diff --git a/src/libcharon/plugins/kernel_wfp/Makefile.in b/src/libcharon/plugins/kernel_wfp/Makefile.in index cfe643f26..e002b4f0d 100644 --- a/src/libcharon/plugins/kernel_wfp/Makefile.in +++ b/src/libcharon/plugins/kernel_wfp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ noinst_PROGRAMS = ipsecdump$(EXEEXT) subdir = src/libcharon/plugins/kernel_wfp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -211,12 +220,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -266,6 +277,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -300,6 +312,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -411,6 +424,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -479,7 +493,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_wfp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/kernel_wfp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -809,6 +822,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES tags tags-am uninstall uninstall-am \ uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c index e1c429885..6ad26b72f 100644 --- a/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c +++ b/src/libcharon/plugins/kernel_wfp/kernel_wfp_ipsec.c @@ -45,7 +45,7 @@ struct private_kernel_wfp_ipsec_t { /** * Mix value to distribute SPI allocation randomly */ - u_int32_t mixspi; + uint32_t mixspi; /** * IKE bypass filters, as UINT64 filter LUID @@ -103,16 +103,16 @@ struct private_kernel_wfp_ipsec_t { */ typedef struct { /** SPI for this SA */ - u_int32_t spi; + uint32_t spi; /** protocol, IPPROTO_ESP/IPPROTO_AH */ - u_int8_t protocol; + uint8_t protocol; /** hard lifetime of SA */ - u_int32_t lifetime; + uint32_t lifetime; /** destination host address for this SPI */ host_t *dst; struct { /** algorithm */ - u_int16_t alg; + uint16_t alg; /** key */ chunk_t key; } integ, encr; @@ -144,13 +144,13 @@ typedef struct { /** policy destinaiton addresses */ traffic_selector_t *dst; /** WFP allocated LUID for inbound filter ID */ - u_int64_t policy_in; + uint64_t policy_in; /** WFP allocated LUID for outbound filter ID */ - u_int64_t policy_out; + uint64_t policy_out; /** WFP allocated LUID for forward inbound filter ID, tunnel mode only */ - u_int64_t policy_fwd_in; + uint64_t policy_fwd_in; /** WFP allocated LUID for forward outbound filter ID, tunnel mode only */ - u_int64_t policy_fwd_out; + uint64_t policy_fwd_out; /** have installed a route for it? */ bool route; } sp_entry_t; @@ -170,7 +170,7 @@ static void sp_entry_destroy(sp_entry_t *sp) */ typedef struct { /** reqid of entry */ - u_int32_t reqid; + uint32_t reqid; /** outer address on local host */ host_t *local; /** outer address on remote host */ @@ -186,17 +186,17 @@ typedef struct { /** UDP encapsulation */ bool encap; /** provider context, for tunnel mode only */ - u_int64_t provider; + uint64_t provider; /** WFP allocated LUID for SA context */ - u_int64_t sa_id; + uint64_t sa_id; /** WFP allocated LUID for tunnel mode IP-IPv4 inbound filter */ - u_int64_t ip_ipv4_in; + uint64_t ip_ipv4_in; /** WFP allocated LUID for tunnel mode IP-IPv4 outbound filter */ - u_int64_t ip_ipv4_out; + uint64_t ip_ipv4_out; /** WFP allocated LUID for tunnel mode IP-IPv6 inbound filter */ - u_int64_t ip_ipv6_in; + uint64_t ip_ipv6_in; /** WFP allocated LUID for tunnel mode IP-IPv6 outbound filter */ - u_int64_t ip_ipv6_out; + uint64_t ip_ipv6_out; } entry_t; /** @@ -206,7 +206,7 @@ typedef struct { /** destination net of route */ host_t *dst; /** prefix length of dst */ - u_int8_t mask; + uint8_t mask; /** source address for route */ host_t *src; /** gateway of route, NULL if directly attached */ @@ -348,9 +348,9 @@ static FWPM_FILTER_CONDITION0 *append_condition(FWPM_FILTER_CONDITION0 *conds[], /** * Convert an IPv4 prefix to a host order subnet mask */ -static u_int32_t prefix2mask(u_int8_t prefix) +static uint32_t prefix2mask(uint8_t prefix) { - u_int8_t netmask[4] = {}; + uint8_t netmask[4] = {}; int i; for (i = 0; i < sizeof(netmask); i++) @@ -370,7 +370,7 @@ static u_int32_t prefix2mask(u_int8_t prefix) * Convert a 16-bit range to a WFP condition */ static void range2cond(FWPM_FILTER_CONDITION0 *cond, - u_int16_t from, u_int16_t to) + uint16_t from, uint16_t to) { if (from == to) { @@ -399,11 +399,11 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target, FWPM_FILTER_CONDITION0 *cond; FWP_BYTE_ARRAY16 *addr; FWP_RANGE0 *range; - u_int16_t from_port, to_port; + uint16_t from_port, to_port; void *from, *to; - u_int8_t proto; + uint8_t proto; host_t *net; - u_int8_t prefix; + uint8_t prefix; from = ts->get_from_address(ts).ptr; to = ts->get_to_address(ts).ptr; @@ -496,7 +496,7 @@ static bool ts2condition(traffic_selector_t *ts, const GUID *target, { if (target == &FWPM_CONDITION_IP_LOCAL_ADDRESS) { - u_int8_t from_type, to_type, from_code, to_code; + uint8_t from_type, to_type, from_code, to_code; from_type = traffic_selector_icmp_type(from_port); to_type = traffic_selector_icmp_type(to_port); @@ -736,7 +736,7 @@ static bool install_sp(private_kernel_wfp_ipsec_t *this, sp_entry_t *sp, */ static bool install_ipip_ale(private_kernel_wfp_ipsec_t *this, host_t *local, host_t *remote, GUID *context, - bool inbound, int proto, u_int64_t *filter_id) + bool inbound, int proto, uint64_t *filter_id) { traffic_selector_t *lts, *rts; FWPM_FILTER_CONDITION0 *conds = NULL; @@ -1013,7 +1013,7 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry, .ipVersion = version, }; struct { - u_int16_t alg; + uint16_t alg; chunk_t key; } integ = {}, encr = {}; DWORD res; @@ -1099,9 +1099,9 @@ static bool install_sa(private_kernel_wfp_ipsec_t *this, entry_t *entry, */ static void host2address6(host_t *host, void *out) { - u_int32_t *src, *dst = out; + uint32_t *src, *dst = out; - src = (u_int32_t*)host->get_address(host).ptr; + src = (uint32_t*)host->get_address(host).ptr; dst[0] = untoh32(&src[3]); dst[1] = untoh32(&src[2]); @@ -1273,7 +1273,7 @@ static bool generate_guid(private_kernel_wfp_ipsec_t *this, GUID *guid) { return FALSE; } - ok = rng->get_bytes(rng, sizeof(GUID), (u_int8_t*)guid); + ok = rng->get_bytes(rng, sizeof(GUID), (uint8_t*)guid); rng->destroy(rng); return ok; } @@ -1379,7 +1379,7 @@ static bool install_tunnel_sps(private_kernel_wfp_ipsec_t *this, entry_t *entry) * Reduce refcount, or uninstall a route if all refs gone */ static bool uninstall_route(private_kernel_wfp_ipsec_t *this, - host_t *dst, u_int8_t mask, host_t *src, host_t *gtw) + host_t *dst, uint8_t mask, host_t *src, host_t *gtw) { route_t *route, key = { .dst = dst, @@ -1421,7 +1421,7 @@ static bool uninstall_route(private_kernel_wfp_ipsec_t *this, * Install a single route, or refcount if exists */ static bool install_route(private_kernel_wfp_ipsec_t *this, - host_t *dst, u_int8_t mask, host_t *src, host_t *gtw) + host_t *dst, uint8_t mask, host_t *src, host_t *gtw) { route_t *route, key = { .dst = dst, @@ -1476,7 +1476,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this, bool add) { host_t *src, *dst, *gtw; - u_int8_t mask; + uint8_t mask; bool done; if (!dst_ts->to_subnet(dst_ts, &dst, &mask)) @@ -1489,7 +1489,7 @@ static bool manage_route(private_kernel_wfp_ipsec_t *this, dst->destroy(dst); return FALSE; } - gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local); + gtw = charon->kernel->get_nexthop(charon->kernel, remote, -1, local, NULL); if (add) { done = install_route(this, dst, mask, src, gtw); @@ -1578,7 +1578,7 @@ static bool install(private_kernel_wfp_ipsec_t *this, entry_t *entry) */ typedef struct { /** reqid this trap is installed for */ - u_int32_t reqid; + uint32_t reqid; /** is this a forward policy trap for tunnel mode? */ bool fwd; /** do we have installed a route for this trap policy? */ @@ -1629,7 +1629,7 @@ static u_int hash_trap(trap_t *trap) static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id, traffic_selector_t *src, traffic_selector_t *dst) { - u_int32_t reqid = 0; + uint32_t reqid = 0; trap_t *trap, key = { .filter_id = filter_id, }; @@ -1654,7 +1654,7 @@ static void acquire(private_kernel_wfp_ipsec_t *this, UINT64 filter_id, * Create a single host traffic selector from an FWP address definition */ static traffic_selector_t *addr2ts(FWP_IP_VERSION version, void *data, - u_int8_t protocol, u_int16_t from_port, u_int16_t to_port) + uint8_t protocol, uint16_t from_port, uint16_t to_port) { ts_type_t type; UINT32 ints[4]; @@ -1689,9 +1689,9 @@ static void WINAPI event_callback(void *user, const FWPM_NET_EVENT1 *event) { private_kernel_wfp_ipsec_t *this = user; traffic_selector_t *local = NULL, *remote = NULL; - u_int8_t protocol = 0; - u_int16_t from_local = 0, to_local = 65535; - u_int16_t from_remote = 0, to_remote = 65535; + uint8_t protocol = 0; + uint16_t from_local = 0, to_local = 65535; + uint16_t from_remote = 0, to_remote = 65535; if ((event->header.flags & FWPM_NET_EVENT_FLAG_LOCAL_ADDR_SET) && (event->header.flags & FWPM_NET_EVENT_FLAG_REMOTE_ADDR_SET)) @@ -1861,7 +1861,7 @@ static bool uninstall_trap(private_kernel_wfp_ipsec_t *this, trap_t *trap) * Create and install a new trap entry */ static bool add_trap(private_kernel_wfp_ipsec_t *this, - u_int32_t reqid, bool fwd, host_t *local, host_t *remote, + uint32_t reqid, bool fwd, host_t *local, host_t *remote, traffic_selector_t *src, traffic_selector_t *dst) { trap_t *trap; @@ -1893,7 +1893,7 @@ static bool add_trap(private_kernel_wfp_ipsec_t *this, * Uninstall and remove a new trap entry */ static bool remove_trap(private_kernel_wfp_ipsec_t *this, - u_int32_t reqid, bool fwd, + uint32_t reqid, bool fwd, traffic_selector_t *src, traffic_selector_t *dst) { enumerator_t *enumerator; @@ -1949,10 +1949,10 @@ static bool init_spi(private_kernel_wfp_ipsec_t *this) { return FALSE; } - ok = rng->get_bytes(rng, sizeof(this->nextspi), (u_int8_t*)&this->nextspi); + ok = rng->get_bytes(rng, sizeof(this->nextspi), (uint8_t*)&this->nextspi); if (ok) { - ok = rng->get_bytes(rng, sizeof(this->mixspi), (u_int8_t*)&this->mixspi); + ok = rng->get_bytes(rng, sizeof(this->mixspi), (uint8_t*)&this->mixspi); } rng->destroy(rng); return ok; @@ -1966,7 +1966,7 @@ static u_int permute(u_int x, u_int p) u_int qr; x = x % p; - qr = ((u_int64_t)x * x) % p; + qr = ((uint64_t)x * x) % p; if (x <= p / 2) { return qr; @@ -1976,7 +1976,7 @@ static u_int permute(u_int x, u_int p) METHOD(kernel_ipsec_t, get_spi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { /* To avoid sequencial SPIs, we use a one-to-one permuation function on * an incrementing counter, that is a full period PRNG for the range we @@ -1993,7 +1993,7 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return NOT_SUPPORTED; } @@ -2005,7 +2005,7 @@ typedef struct { /* backref to kernel backend */ private_kernel_wfp_ipsec_t *this; /* SPI of expiring SA */ - u_int32_t spi; + uint32_t spi; /* destination address of expiring SA */ host_t *dst; /* is this a hard expire, or a rekey request? */ @@ -2027,7 +2027,7 @@ static void expire_data_destroy(expire_data_t *data) static job_requeue_t expire_job(expire_data_t *data) { private_kernel_wfp_ipsec_t *this = data->this; - u_int8_t protocol; + uint8_t protocol; entry_t *entry = NULL; sa_entry_t key = { .spi = data->spi, @@ -2074,8 +2074,8 @@ static job_requeue_t expire_job(expire_data_t *data) /** * Schedule an expire event for an SA */ -static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi, - host_t *dst, u_int32_t lifetime, bool hard) +static void schedule_expire(private_kernel_wfp_ipsec_t *this, uint32_t spi, + host_t *dst, uint32_t lifetime, bool hard) { expire_data_t *data; @@ -2093,57 +2093,55 @@ static void schedule_expire(private_kernel_wfp_ipsec_t *this, u_int32_t spi, } METHOD(kernel_ipsec_t, add_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { host_t *local, *remote; entry_t *entry; - if (inbound) + if (data->inbound) { /* comes first, create new entry */ - local = dst->clone(dst); - remote = src->clone(src); + local = id->dst->clone(id->dst); + remote = id->src->clone(id->src); INIT(entry, - .reqid = reqid, + .reqid = data->reqid, .isa = { - .spi = spi, + .spi = id->spi, .dst = local, - .protocol = protocol, - .lifetime = lifetime->time.life, + .protocol = id->proto, + .lifetime = data->lifetime->time.life, .encr = { - .alg = enc_alg, - .key = chunk_clone(enc_key), + .alg = data->enc_alg, + .key = chunk_clone(data->enc_key), }, .integ = { - .alg = int_alg, - .key = chunk_clone(int_key), + .alg = data->int_alg, + .key = chunk_clone(data->int_key), }, }, .sps = array_create(0, 0), .local = local, .remote = remote, - .mode = mode, - .encap = encap, + .mode = data->mode, + .encap = data->encap, ); - if (lifetime->time.life) + if (data->lifetime->time.life) { - schedule_expire(this, spi, local, lifetime->time.life, TRUE); + schedule_expire(this, id->spi, local, + data->lifetime->time.life, TRUE); } - if (lifetime->time.rekey && lifetime->time.rekey != lifetime->time.life) + if (data->lifetime->time.rekey && + data->lifetime->time.rekey != data->lifetime->time.life) { - schedule_expire(this, spi, local, lifetime->time.rekey, FALSE); + schedule_expire(this, id->spi, local, + data->lifetime->time.rekey, FALSE); } this->mutex->lock(this->mutex); - this->tsas->put(this->tsas, (void*)(uintptr_t)reqid, entry); + this->tsas->put(this->tsas, (void*)(uintptr_t)data->reqid, entry); this->isas->put(this->isas, &entry->isa, entry); this->mutex->unlock(this->mutex); } @@ -2151,29 +2149,29 @@ METHOD(kernel_ipsec_t, add_sa, status_t, { /* comes after inbound, update entry */ this->mutex->lock(this->mutex); - entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)reqid); + entry = this->tsas->remove(this->tsas, (void*)(uintptr_t)data->reqid); this->mutex->unlock(this->mutex); if (!entry) { DBG1(DBG_KNL, "adding outbound SA failed, no inbound SA found " - "for reqid %u ", reqid); + "for reqid %u ", data->reqid); return NOT_FOUND; } /* TODO: should we check for local/remote, mode etc.? */ entry->osa = (sa_entry_t){ - .spi = spi, + .spi = id->spi, .dst = entry->remote, - .protocol = protocol, - .lifetime = lifetime->time.life, + .protocol = id->proto, + .lifetime = data->lifetime->time.life, .encr = { - .alg = enc_alg, - .key = chunk_clone(enc_key), + .alg = data->enc_alg, + .key = chunk_clone(data->enc_key), }, .integ = { - .alg = int_alg, - .key = chunk_clone(int_key), + .alg = data->int_alg, + .key = chunk_clone(data->int_key), }, }; @@ -2186,14 +2184,13 @@ METHOD(kernel_ipsec_t, add_sa, status_t, } METHOD(kernel_ipsec_t, update_sa, status_t, - private_kernel_wfp_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, - bool encap, bool new_encap, mark_t mark) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { entry_t *entry; sa_entry_t key = { - .dst = dst, - .spi = spi, + .dst = id->dst, + .spi = id->spi, }; UINT64 sa_id = 0; IPSEC_SA_CONTEXT1 *ctx; @@ -2233,16 +2230,16 @@ METHOD(kernel_ipsec_t, update_sa, status_t, DBG1(DBG_KNL, "getting WFP SA context for updated failed: 0x%08x", res); return FAILED; } - if (!hosts2traffic(this, new_dst, new_src, &ctx->inboundSa->traffic) || - !hosts2traffic(this, new_dst, new_src, &ctx->outboundSa->traffic)) + if (!hosts2traffic(this, data->new_dst, data->new_src, &ctx->inboundSa->traffic) || + !hosts2traffic(this, data->new_dst, data->new_src, &ctx->outboundSa->traffic)) { FwpmFreeMemory0((void**)&ctx); return FAILED; } - if (new_encap != encap) + if (data->new_encap != data->encap) { - if (new_encap) + if (data->new_encap) { ctx->inboundSa->udpEncapsulation = &ports; ctx->outboundSa->udpEncapsulation = &ports; @@ -2273,8 +2270,8 @@ METHOD(kernel_ipsec_t, update_sa, status_t, entry->local->destroy(entry->local); entry->remote->destroy(entry->remote); - entry->local = new_dst->clone(new_dst); - entry->remote = new_src->clone(new_src); + entry->local = data->new_dst->clone(data->new_dst); + entry->remote = data->new_src->clone(data->new_src); entry->isa.dst = entry->local; entry->osa.dst = entry->remote; @@ -2290,9 +2287,9 @@ METHOD(kernel_ipsec_t, update_sa, status_t, } METHOD(kernel_ipsec_t, query_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, u_int64_t *bytes, - u_int64_t *packets, time_t *time) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { /* It does not seem that WFP provides any means of getting per-SA traffic * statistics. IPsecGetStatistics0/1() provides global stats, and @@ -2302,13 +2299,13 @@ METHOD(kernel_ipsec_t, query_sa, status_t, } METHOD(kernel_ipsec_t, del_sa, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { entry_t *entry; sa_entry_t key = { - .dst = dst, - .spi = spi, + .dst = id->dst, + .spi = id->spi, }; this->mutex->lock(this->mutex); @@ -2341,25 +2338,23 @@ METHOD(kernel_ipsec_t, flush_sas, status_t, } METHOD(kernel_ipsec_t, add_policy, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, mark_t mark, - policy_priority_t priority) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { status_t status = SUCCESS; entry_t *entry; sp_entry_t *sp; sa_entry_t key = { - .spi = sa->esp.use ? sa->esp.spi : sa->ah.spi, - .dst = dst, + .spi = data->sa->esp.use ? data->sa->esp.spi : data->sa->ah.spi, + .dst = data->dst, }; - if (sa->esp.use && sa->ah.use) + if (data->sa->esp.use && data->sa->ah.use) { return NOT_SUPPORTED; } - switch (type) + switch (data->type) { case POLICY_IPSEC: break; @@ -2368,7 +2363,7 @@ METHOD(kernel_ipsec_t, add_policy, status_t, return NOT_SUPPORTED; } - switch (direction) + switch (id->dir) { case POLICY_OUT: break; @@ -2380,18 +2375,20 @@ METHOD(kernel_ipsec_t, add_policy, status_t, return NOT_SUPPORTED; } - switch (priority) + switch (data->prio) { case POLICY_PRIORITY_DEFAULT: break; case POLICY_PRIORITY_ROUTED: - if (!add_trap(this, sa->reqid, FALSE, src, dst, src_ts, dst_ts)) + if (!add_trap(this, data->sa->reqid, FALSE, data->src, data->dst, + id->src_ts, id->dst_ts)) { return FAILED; } - if (sa->mode == MODE_TUNNEL) + if (data->sa->mode == MODE_TUNNEL) { - if (!add_trap(this, sa->reqid, TRUE, src, dst, src_ts, dst_ts)) + if (!add_trap(this, data->sa->reqid, TRUE, data->src, data->dst, + id->src_ts, id->dst_ts)) { return FAILED; } @@ -2406,14 +2403,14 @@ METHOD(kernel_ipsec_t, add_policy, status_t, entry = this->osas->get(this->osas, &key); if (entry) { - if (sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0) + if (data->sa->mode == MODE_TUNNEL || array_count(entry->sps) == 0) { INIT(sp, - .src = src_ts->clone(src_ts), - .dst = dst_ts->clone(dst_ts), + .src = id->src_ts->clone(id->src_ts), + .dst = id->dst_ts->clone(id->dst_ts), ); array_insert(entry->sps, -1, sp); - if (array_count(entry->sps) == sa->policy_count) + if (array_count(entry->sps) == data->sa->policy_count) { if (!install(this, entry)) { @@ -2442,25 +2439,24 @@ METHOD(kernel_ipsec_t, add_policy, status_t, } METHOD(kernel_ipsec_t, query_policy, status_t, - private_kernel_wfp_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { /* see query_sa() for some notes */ return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_kernel_wfp_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_kernel_wfp_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { - if (direction == POLICY_OUT && priority == POLICY_PRIORITY_ROUTED) + if (id->dir == POLICY_OUT && data->prio == POLICY_PRIORITY_ROUTED) { - if (remove_trap(this, sa->reqid, FALSE, src_ts, dst_ts)) + if (remove_trap(this, data->sa->reqid, FALSE, id->src_ts, + id->dst_ts)) { - remove_trap(this, sa->reqid, TRUE, src_ts, dst_ts); + remove_trap(this, data->sa->reqid, TRUE, id->src_ts, + id->dst_ts); return SUCCESS; } return NOT_FOUND; @@ -2479,7 +2475,7 @@ METHOD(kernel_ipsec_t, flush_policies, status_t, * Add a bypass policy for a specific UDP port */ static bool add_bypass(private_kernel_wfp_ipsec_t *this, - int family, u_int16_t port, bool inbound, UINT64 *luid) + int family, uint16_t port, bool inbound, UINT64 *luid) { FWPM_FILTER_CONDITION0 *cond, *conds = NULL; int count = 0; @@ -2547,7 +2543,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } saddr; int addrlen = sizeof(saddr); UINT64 filter_out, filter_in = 0; - u_int16_t port; + uint16_t port; if (getsockname(fd, &saddr.sa, &addrlen) == SOCKET_ERROR) { @@ -2584,7 +2580,7 @@ METHOD(kernel_ipsec_t, bypass_socket, bool, } METHOD(kernel_ipsec_t, enable_udp_decap, bool, - private_kernel_wfp_ipsec_t *this, int fd, int family, u_int16_t port) + private_kernel_wfp_ipsec_t *this, int fd, int family, uint16_t port) { return FALSE; } diff --git a/src/libcharon/plugins/led/Makefile.in b/src/libcharon/plugins/led/Makefile.in index 63bbf1975..e0c2cba50 100644 --- a/src/libcharon/plugins/led/Makefile.in +++ b/src/libcharon/plugins/led/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/led -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/led/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/led/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/load_tester/Makefile.in b/src/libcharon/plugins/load_tester/Makefile.in index 14fcd6f4c..856bdd8aa 100644 --- a/src/libcharon/plugins/load_tester/Makefile.in +++ b/src/libcharon/plugins/load_tester/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = load-tester$(EXEEXT) subdir = src/libcharon/plugins/load_tester -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -213,12 +222,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -268,6 +279,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -302,6 +314,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -413,6 +426,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -478,7 +492,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/load_tester/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -852,6 +865,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/load_tester/load_tester.c b/src/libcharon/plugins/load_tester/load_tester.c index f5a998ecc..94b934d09 100644 --- a/src/libcharon/plugins/load_tester/load_tester.c +++ b/src/libcharon/plugins/load_tester/load_tester.c @@ -65,7 +65,7 @@ static FILE* make_connection() static int initiate(unsigned int count, unsigned int delay) { FILE *stream; - char c; + int c; stream = make_connection(); if (!stream) diff --git a/src/libcharon/plugins/load_tester/load_tester_config.c b/src/libcharon/plugins/load_tester/load_tester_config.c index 8f6abde0c..28421c212 100644 --- a/src/libcharon/plugins/load_tester/load_tester_config.c +++ b/src/libcharon/plugins/load_tester/load_tester_config.c @@ -124,7 +124,7 @@ struct private_load_tester_config_t { /** * Current port for unique initiator ports */ - u_int16_t unique_port; + uint16_t unique_port; /** * IKE_SA rekeying delay @@ -154,7 +154,7 @@ struct private_load_tester_config_t { /** * Dynamic source port, if used */ - u_int16_t port; + uint16_t port; /** * IKE version to use for load testing @@ -454,8 +454,8 @@ static void generate_auth_cfg(private_load_tester_config_t *this, char *str, /** * Parse a protoport specifier */ -static bool parse_protoport(char *token, u_int16_t *from_port, - u_int16_t *to_port, u_int8_t *protocol) +static bool parse_protoport(char *token, uint16_t *from_port, + uint16_t *to_port, uint8_t *protocol) { char *sep, *port = "", *endptr; struct protoent *proto; @@ -494,7 +494,7 @@ static bool parse_protoport(char *token, u_int16_t *from_port, { return FALSE; } - *protocol = (u_int8_t)p; + *protocol = (uint8_t)p; } } if (streq(port, "%any")) @@ -557,8 +557,8 @@ static void add_ts(private_load_tester_config_t *this, { enumerator_t *enumerator; char *subnet, *pos; - u_int16_t from_port, to_port; - u_int8_t proto; + uint16_t from_port, to_port; + uint8_t proto; enumerator = enumerator_create_token(string, ",", " "); while (enumerator->enumerate(enumerator, &subnet)) @@ -688,13 +688,25 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) peer_cfg_t *peer_cfg; char local[32], *remote; host_t *addr; - ipsec_mode_t mode = MODE_TUNNEL; - lifetime_cfg_t lifetime = { - .time = { - .life = this->child_rekey * 2, - .rekey = this->child_rekey, - .jitter = 0 - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_NO, + .keyingtries = 1, + .rekey_time = this->ike_rekey, + .over_time = this->ike_rekey, + .no_mobike = TRUE, + .dpd = this->dpd_delay, + .dpd_timeout = this->dpd_timeout, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = this->child_rekey * 2, + .rekey = this->child_rekey, + .jitter = 0 + }, + }, + .mode = MODE_TUNNEL, }; if (num) @@ -737,14 +749,8 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) FRAGMENTATION_NO, 0); } ike_cfg->add_proposal(ike_cfg, this->proposal->clone(this->proposal)); - peer_cfg = peer_cfg_create("load-test", ike_cfg, - CERT_SEND_IF_ASKED, UNIQUE_NO, 1, /* keytries */ - this->ike_rekey, 0, /* rekey, reauth */ - 0, this->ike_rekey, /* jitter, overtime */ - FALSE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd_delay, /* dpd_delay */ - this->dpd_timeout, /* dpd_timeout */ - FALSE, NULL, NULL); + peer_cfg = peer_cfg_create("load-test", ike_cfg, &peer); + if (this->vip) { peer_cfg->add_virtual_ip(peer_cfg, this->vip->clone(this->vip)); @@ -768,17 +774,15 @@ static peer_cfg_t* generate_config(private_load_tester_config_t *this, uint num) { if (streq(this->mode, "transport")) { - mode = MODE_TRANSPORT; + child.mode = MODE_TRANSPORT; } else if (streq(this->mode, "beet")) { - mode = MODE_BEET; + child.mode = MODE_BEET; } } - child_cfg = child_cfg_create("load-test", &lifetime, NULL, TRUE, mode, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create("load-test", &child); child_cfg->add_proposal(child_cfg, this->esp->clone(this->esp)); if (num) diff --git a/src/libcharon/plugins/load_tester/load_tester_creds.c b/src/libcharon/plugins/load_tester/load_tester_creds.c index d62c7295d..2f482962a 100644 --- a/src/libcharon/plugins/load_tester/load_tester_creds.c +++ b/src/libcharon/plugins/load_tester/load_tester_creds.c @@ -57,7 +57,7 @@ struct private_load_tester_creds_t { /** * serial number to issue certificates */ - u_int32_t serial; + uint32_t serial; /** * Preshared key for IKE @@ -307,7 +307,7 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, identification_t *dn = NULL; linked_list_t *sans; char buf[128]; - u_int32_t serial; + uint32_t serial; time_t now; if (this->ca == NULL) diff --git a/src/libcharon/plugins/load_tester/load_tester_ipsec.c b/src/libcharon/plugins/load_tester/load_tester_ipsec.c index 6a86bb899..4e20c8f3a 100644 --- a/src/libcharon/plugins/load_tester/load_tester_ipsec.c +++ b/src/libcharon/plugins/load_tester/load_tester_ipsec.c @@ -36,7 +36,7 @@ struct private_load_tester_ipsec_t { METHOD(kernel_ipsec_t, get_spi, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi) + uint8_t protocol, uint32_t *spi) { *spi = (uint32_t)ref_get(&this->spi); return SUCCESS; @@ -44,69 +44,58 @@ METHOD(kernel_ipsec_t, get_spi, status_t, METHOD(kernel_ipsec_t, get_cpi, status_t, private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int16_t *cpi) + uint16_t *cpi) { return FAILED; } METHOD(kernel_ipsec_t, add_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, u_int32_t replay_window, - bool initiator, bool encap, bool esn, bool inbound, bool update, - linked_list_t *src_ts, linked_list_t *dst_ts) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, update_sa, status_t, - private_load_tester_ipsec_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, - host_t *new_dst, bool encap, bool new_encap, mark_t mark) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, query_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) { return NOT_SUPPORTED; } METHOD(kernel_ipsec_t, del_sa, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_load_tester_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, add_policy, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } METHOD(kernel_ipsec_t, query_policy, status_t, - private_load_tester_ipsec_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, mark_t mark, - time_t *use_time) + private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) { *use_time = 1; return SUCCESS; } METHOD(kernel_ipsec_t, del_policy, status_t, - private_load_tester_ipsec_t *this, host_t *src, host_t *dst, - traffic_selector_t *src_ts, traffic_selector_t *dst_ts, - policy_dir_t direction, policy_type_t type, ipsec_sa_cfg_t *sa, - mark_t mark, policy_priority_t priority) + private_load_tester_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) { return SUCCESS; } diff --git a/src/libcharon/plugins/lookip/Makefile.in b/src/libcharon/plugins/lookip/Makefile.in index 9b56d94fe..69aa3792c 100644 --- a/src/libcharon/plugins/lookip/Makefile.in +++ b/src/libcharon/plugins/lookip/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = lookip$(EXEEXT) subdir = src/libcharon/plugins/lookip -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -209,12 +218,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -264,6 +275,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -298,6 +310,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -409,6 +422,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/lookip/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/lookip/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -839,6 +852,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/maemo/Makefile.in b/src/libcharon/plugins/maemo/Makefile.in index 5cc654967..78525bf6c 100644 --- a/src/libcharon/plugins/maemo/Makefile.in +++ b/src/libcharon/plugins/maemo/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/maemo -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/maemo/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -805,6 +818,8 @@ uninstall-am: uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-dbusserviceDATA uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + org.strongswan.charon.service: $(srcdir)/org.strongswan.charon.service.in $(AM_V_GEN) \ diff --git a/src/libcharon/plugins/maemo/maemo_service.c b/src/libcharon/plugins/maemo/maemo_service.c index 2e96f8fb4..3e5861b87 100644 --- a/src/libcharon/plugins/maemo/maemo_service.c +++ b/src/libcharon/plugins/maemo/maemo_service.c @@ -236,12 +236,23 @@ static gboolean initiate_connection(private_maemo_service_t *this, traffic_selector_t *ts; auth_cfg_t *auth; certificate_t *cert; - lifetime_cfg_t lifetime = { - .time = { - .life = 10800, /* 3h */ - .rekey = 10200, /* 2h50min */ - .jitter = 300 /* 5min */ - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = 36000, /* 10h */ + .jitter_time = 600, /* 10min */ + .over_time = 600, /* 10min */ + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = 10800, /* 3h */ + .rekey = 10200, /* 2h50min */ + .jitter = 300 /* 5min */ + }, + }, + .mode = MODE_TUNNEL, }; if (this->status == VPN_STATUS_CONNECTED || @@ -329,14 +340,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - peer_cfg = peer_cfg_create(this->current, ike_cfg, - CERT_SEND_IF_ASKED, - UNIQUE_REPLACE, 1, /* keyingtries */ - 36000, 0, /* rekey 10h, reauth none */ - 600, 600, /* jitter, over 10min */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 0, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation */ + peer_cfg = peer_cfg_create(this->current, ike_cfg, &peer); peer_cfg->add_virtual_ip(peer_cfg, host_create_from_string("0.0.0.0", 0)); auth = auth_cfg_create(); @@ -348,9 +352,7 @@ static gboolean initiate_connection(private_maemo_service_t *this, auth->add(auth, AUTH_RULE_IDENTITY, gateway); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(this->current, &lifetime, NULL /* updown */, - TRUE, MODE_TUNNEL, ACTION_NONE, ACTION_NONE, - ACTION_NONE, FALSE, 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(this->current, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); ts = traffic_selector_create_dynamic(0, 0, 65535); diff --git a/src/libcharon/plugins/medcli/Makefile.in b/src/libcharon/plugins/medcli/Makefile.in index 32c428487..fe301a7d9 100644 --- a/src/libcharon/plugins/medcli/Makefile.in +++ b/src/libcharon/plugins/medcli/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/medcli -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/medcli/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -779,6 +792,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/medcli/medcli_config.c b/src/libcharon/plugins/medcli/medcli_config.c index 25b138387..4452739c1 100644 --- a/src/libcharon/plugins/medcli/medcli_config.c +++ b/src/libcharon/plugins/medcli/medcli_config.c @@ -82,12 +82,25 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, child_cfg_t *child_cfg; chunk_t me, other; char *address, *local_net, *remote_net; - lifetime_cfg_t lifetime = { - .time = { - .life = this->rekey * 60 + this->rekey, - .rekey = this->rekey, - .jitter = this->rekey - } + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + .mediation = TRUE, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey, + .jitter = this->rekey + }, + }, + .mode = MODE_TUNNEL, }; /* query mediation server config: @@ -107,14 +120,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, address, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); ike_cfg->add_proposal(ike_cfg, proposal_create_default_aead(PROTO_IKE)); - med_cfg = peer_cfg_create( - "mediation", ike_cfg, - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - TRUE, NULL, NULL); /* mediation, med by, peer id */ + med_cfg = peer_cfg_create("mediation", ike_cfg, &peer); e->destroy(e); auth = auth_cfg_create(); @@ -144,15 +150,10 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, DESTROY_IF(e); return NULL; } - peer_cfg = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - FALSE, med_cfg, /* mediation, med by */ - identification_create_from_encoding(ID_KEY_ID, other)); + peer.mediation = FALSE; + peer.mediated_by = med_cfg; + peer.peer_id = identification_create_from_encoding(ID_KEY_ID, other); + peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); @@ -165,9 +166,7 @@ METHOD(backend_t, get_peer_cfg_by_name, peer_cfg_t*, identification_create_from_encoding(ID_KEY_ID, other)); peer_cfg->add_auth_cfg(peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); @@ -205,12 +204,24 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, chunk_t me, other; child_cfg_t *child_cfg; auth_cfg_t *auth; - lifetime_cfg_t lifetime = { - .time = { - .life = this->rekey * 60 + this->rekey, - .rekey = this->rekey, - .jitter = this->rekey - } + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = this->rekey * 60 + this->rekey, + .rekey = this->rekey, + .jitter = this->rekey + }, + }, + .mode = MODE_TUNNEL, }; DESTROY_IF(this->current); @@ -220,14 +231,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, this->current = NULL; return FALSE; } - this->current = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation, med by, peer id */ + this->current = peer_cfg_create(name, this->ike->get_ref(this->ike), &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PUBKEY); @@ -240,9 +244,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, identification_create_from_encoding(ID_KEY_ID, other)); this->current->add_auth_cfg(this->current, auth, FALSE); - child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, FALSE, - 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); child_cfg->add_proposal(child_cfg, proposal_create_default_aead(PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, ts_from_string(local_net)); diff --git a/src/libcharon/plugins/medsrv/Makefile.in b/src/libcharon/plugins/medsrv/Makefile.in index de0217a80..d4154fea4 100644 --- a/src/libcharon/plugins/medsrv/Makefile.in +++ b/src/libcharon/plugins/medsrv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/medsrv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/medsrv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/medsrv/medsrv_config.c b/src/libcharon/plugins/medsrv/medsrv_config.c index 02d805e06..be7f481b6 100644 --- a/src/libcharon/plugins/medsrv/medsrv_config.c +++ b/src/libcharon/plugins/medsrv/medsrv_config.c @@ -87,14 +87,18 @@ METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, if (e->enumerate(e, &name)) { - peer_cfg = peer_cfg_create( - name, this->ike->get_ref(this->ike), - CERT_NEVER_SEND, UNIQUE_REPLACE, - 1, this->rekey*60, 0, /* keytries, rekey, reauth */ - this->rekey*5, this->rekey*3, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - this->dpd, 0, /* DPD delay, timeout */ - TRUE, NULL, NULL); /* mediation, med by, peer id */ + peer_cfg_create_t peer = { + .cert_policy = CERT_NEVER_SEND, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + .rekey_time = this->rekey * 60, + .jitter_time = this->rekey * 5, + .over_time = this->rekey * 3, + .dpd = this->dpd, + .mediation = TRUE, + }; + peer_cfg = peer_cfg_create(name, this->ike->get_ref(this->ike), + &peer); e->destroy(e); auth = auth_cfg_create(); diff --git a/src/libcharon/plugins/osx_attr/Makefile.in b/src/libcharon/plugins/osx_attr/Makefile.in index 6a1a81f08..ec488defe 100644 --- a/src/libcharon/plugins/osx_attr/Makefile.in +++ b/src/libcharon/plugins/osx_attr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/osx_attr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/osx_attr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/osx_attr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/p_cscf/Makefile.am b/src/libcharon/plugins/p_cscf/Makefile.am index 1e00a56a8..f37f3f514 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.am +++ b/src/libcharon/plugins/p_cscf/Makefile.am @@ -1,6 +1,5 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ diff --git a/src/libcharon/plugins/p_cscf/Makefile.in b/src/libcharon/plugins/p_cscf/Makefile.in index 7f78db85a..67ab4bfe3 100644 --- a/src/libcharon/plugins/p_cscf/Makefile.in +++ b/src/libcharon/plugins/p_cscf/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/p_cscf -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -433,7 +447,6 @@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ - -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon AM_CFLAGS = \ @@ -462,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/p_cscf/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/p_cscf/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/radattr/Makefile.in b/src/libcharon/plugins/radattr/Makefile.in index 3f39ba237..9b7ab4c53 100644 --- a/src/libcharon/plugins/radattr/Makefile.in +++ b/src/libcharon/plugins/radattr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/radattr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/radattr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/radattr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 70d97cc32..38b709ef0 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/resolve -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c index ec3decc4d..9077b51d4 100644 --- a/src/libcharon/plugins/resolve/resolve_handler.c +++ b/src/libcharon/plugins/resolve/resolve_handler.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +21,8 @@ #include <unistd.h> #include <utils/debug.h> +#include <utils/process.h> +#include <collections/array.h> #include <threading/mutex.h> /* path to resolvconf executable */ @@ -47,12 +49,12 @@ struct private_resolve_handler_t { char *file; /** - * use resolvconf instead of writing directly to resolv.conf + * Use resolvconf instead of writing directly to resolv.conf */ bool use_resolvconf; /** - * prefix to be used for interface names sent to resolvconf + * Prefix to be used for interface names sent to resolvconf */ char *iface_prefix; @@ -60,13 +62,55 @@ struct private_resolve_handler_t { * Mutex to access file exclusively */ mutex_t *mutex; + + /** + * Reference counting for DNS servers dns_server_t + */ + array_t *servers; }; /** + * Reference counting for DNS servers + */ +typedef struct { + + /** + * DNS server address + */ + host_t *server; + + /** + * Reference count + */ + u_int refcount; + +} dns_server_t; + +/** + * Compare a server and a stored reference + */ +static int dns_server_find(const void *a, const void *b) +{ + host_t *server = (host_t*)a; + dns_server_t *item = (dns_server_t*)b; + return chunk_compare(server->get_address(server), + item->server->get_address(item->server)); +} + +/** + * Sort references by DNS server + */ +static int dns_server_sort(const void *a, const void *b, void *user) +{ + const dns_server_t *da = a, *db = b; + return chunk_compare(da->server->get_address(da->server), + db->server->get_address(db->server)); +} + +/** * Writes the given nameserver to resolv.conf */ -static bool write_nameserver(private_resolve_handler_t *this, - identification_t *server, host_t *addr) +static bool write_nameserver(private_resolve_handler_t *this, host_t *addr) { FILE *in, *out; char buf[1024]; @@ -79,8 +123,7 @@ static bool write_nameserver(private_resolve_handler_t *this, out = fopen(this->file, "w"); if (out) { - fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, - server); + fprintf(out, "nameserver %H # by strongSwan\n", addr); DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); handled = TRUE; @@ -104,8 +147,7 @@ static bool write_nameserver(private_resolve_handler_t *this, /** * Removes the given nameserver from resolv.conf */ -static void remove_nameserver(private_resolve_handler_t *this, - identification_t *server, host_t *addr) +static void remove_nameserver(private_resolve_handler_t *this, host_t *addr) { FILE *in, *out; char line[1024], matcher[512]; @@ -119,8 +161,7 @@ static void remove_nameserver(private_resolve_handler_t *this, if (out) { snprintf(matcher, sizeof(matcher), - "nameserver %H # by strongSwan, from %Y\n", - addr, server); + "nameserver %H # by strongSwan\n", addr); /* copy all, but matching line */ while (fgets(line, sizeof(line), in)) @@ -144,50 +185,91 @@ static void remove_nameserver(private_resolve_handler_t *this, /** * Add or remove the given nameserver by invoking resolvconf. */ -static bool invoke_resolvconf(private_resolve_handler_t *this, - identification_t *server, host_t *addr, +static bool invoke_resolvconf(private_resolve_handler_t *this, host_t *addr, bool install) { - char cmd[128]; - bool success = TRUE; + process_t *process; + FILE *shell; + int in, out, retval; /* we use the nameserver's IP address as part of the interface name to * make them unique */ - if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC, - install ? "-a" : "-d", this->iface_prefix, addr) >= sizeof(cmd)) + process = process_start_shell(NULL, install ? &in : NULL, &out, NULL, + "2>&1 %s %s %s%H", RESOLVCONF_EXEC, + install ? "-a" : "-d", this->iface_prefix, addr); + + if (!process) { return FALSE; } - if (install) { - FILE *out; - - out = popen(cmd, "w"); - if (!out) + shell = fdopen(in, "w"); + if (shell) { - return FALSE; + DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); + fprintf(shell, "nameserver %H\n", addr); + fclose(shell); } - DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); - fprintf(out, "nameserver %H\n", addr); - success = !ferror(out); - if (pclose(out)) + else { + close(in); + close(out); + process->wait(process, NULL); return FALSE; } } else { - ignore_result(system(cmd)); + DBG1(DBG_IKE, "removing DNS server %H via resolvconf", addr); + } + shell = fdopen(out, "r"); + if (shell) + { + while (TRUE) + { + char resp[128], *e; + + if (fgets(resp, sizeof(resp), shell) == NULL) + { + if (ferror(shell)) + { + DBG1(DBG_IKE, "error reading from resolvconf"); + } + break; + } + else + { + e = resp + strlen(resp); + if (e > resp && e[-1] == '\n') + { + e[-1] = '\0'; + } + DBG1(DBG_IKE, "resolvconf: %s", resp); + } + } + fclose(shell); + } + else + { + close(out); + } + if (!process->wait(process, &retval) || retval != EXIT_SUCCESS) + { + if (install) + { /* revert changes when installing fails */ + invoke_resolvconf(this, addr, FALSE); + return FALSE; + } } - return success; + return TRUE; } METHOD(attribute_handler_t, handle, bool, private_resolve_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { - identification_t *server; + dns_server_t *found = NULL; host_t *addr; bool handled; @@ -208,16 +290,34 @@ METHOD(attribute_handler_t, handle, bool, DESTROY_IF(addr); return FALSE; } - server = ike_sa->get_other_id(ike_sa); this->mutex->lock(this->mutex); - if (this->use_resolvconf) + if (array_bsearch(this->servers, addr, dns_server_find, &found) == -1) { - handled = invoke_resolvconf(this, server, addr, TRUE); + if (this->use_resolvconf) + { + handled = invoke_resolvconf(this, addr, TRUE); + } + else + { + handled = write_nameserver(this, addr); + } + if (handled) + { + INIT(found, + .server = addr->clone(addr), + .refcount = 1, + ); + array_insert_create(&this->servers, ARRAY_TAIL, found); + array_sort(this->servers, dns_server_sort, NULL); + } } else { - handled = write_nameserver(this, server, addr); + DBG1(DBG_IKE, "DNS server %H already installed, increasing refcount", + addr); + found->refcount++; + handled = TRUE; } this->mutex->unlock(this->mutex); addr->destroy(addr); @@ -233,9 +333,9 @@ METHOD(attribute_handler_t, release, void, private_resolve_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { - identification_t *server; + dns_server_t *found = NULL; host_t *addr; - int family; + int family, idx; switch (type) { @@ -249,16 +349,30 @@ METHOD(attribute_handler_t, release, void, return; } addr = host_create_from_chunk(family, data, 0); - server = ike_sa->get_other_id(ike_sa); this->mutex->lock(this->mutex); - if (this->use_resolvconf) - { - invoke_resolvconf(this, server, addr, FALSE); - } - else + idx = array_bsearch(this->servers, addr, dns_server_find, &found); + if (idx != -1) { - remove_nameserver(this, server, addr); + if (--found->refcount > 0) + { + DBG1(DBG_IKE, "DNS server %H still used, decreasing refcount", + addr); + } + else + { + if (this->use_resolvconf) + { + invoke_resolvconf(this, addr, FALSE); + } + else + { + remove_nameserver(this, addr); + } + array_remove(this->servers, idx, NULL); + found->server->destroy(found->server); + free(found); + } } this->mutex->unlock(this->mutex); @@ -341,6 +455,7 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, METHOD(resolve_handler_t, destroy, void, private_resolve_handler_t *this) { + array_destroy(this->servers); this->mutex->destroy(this->mutex); free(this); } diff --git a/src/libcharon/plugins/smp/Makefile.in b/src/libcharon/plugins/smp/Makefile.in index 221cda71a..72a168cb5 100644 --- a/src/libcharon/plugins/smp/Makefile.in +++ b/src/libcharon/plugins/smp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/smp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/smp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/smp/smp.c b/src/libcharon/plugins/smp/smp.c index 56b19c792..56891b263 100644 --- a/src/libcharon/plugins/smp/smp.c +++ b/src/libcharon/plugins/smp/smp.c @@ -374,7 +374,7 @@ static void request_control_terminate(xmlTextReaderPtr reader, xmlTextReaderNodeType(reader) == XML_READER_TYPE_TEXT) { const char *str; - u_int32_t id; + uint32_t id; status_t status; str = xmlTextReaderConstValue(reader); diff --git a/src/libcharon/plugins/socket_default/Makefile.in b/src/libcharon/plugins/socket_default/Makefile.in index 3dcfaf4a6..112d8d218 100644 --- a/src/libcharon/plugins/socket_default/Makefile.in +++ b/src/libcharon/plugins/socket_default/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/socket_default -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_default/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/socket_default/socket_default_socket.c b/src/libcharon/plugins/socket_default/socket_default_socket.c index 6e432d9cf..ba22b0c2b 100644 --- a/src/libcharon/plugins/socket_default/socket_default_socket.c +++ b/src/libcharon/plugins/socket_default/socket_default_socket.c @@ -84,12 +84,12 @@ struct private_socket_default_socket_t { /** * Configured port (or random, if initially 0) */ - u_int16_t port; + uint16_t port; /** * Configured port for NAT-T (or random, if initially 0) */ - u_int16_t natt; + uint16_t natt; /** * IPv4 socket (500 or port) @@ -114,22 +114,22 @@ struct private_socket_default_socket_t { /** * DSCP value set on IPv4 socket */ - u_int8_t dscp4; + uint8_t dscp4; /** * DSCP value set on IPv4 socket for NAT-T (4500 or natt) */ - u_int8_t dscp4_natt; + uint8_t dscp4_natt; /** * DSCP value set on IPv6 socket (500 or port) */ - u_int8_t dscp6; + uint8_t dscp6; /** * DSCP value set on IPv6 socket for NAT-T (4500 or natt) */ - u_int8_t dscp6_natt; + uint8_t dscp6_natt; /** * Maximum packet size to receive @@ -153,7 +153,7 @@ struct private_socket_default_socket_t { */ #ifdef IP_PKTINFO -static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port) { struct sockaddr_in dst = { .sin_family = AF_INET, @@ -174,7 +174,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) #elif defined(IP_RECVDSTADDR) -static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port) { struct sockaddr_in dst = { .sin_family = AF_INET, @@ -193,7 +193,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) #else /* IP_PKTINFO || IP_RECVDSTADDR */ -static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v4(struct cmsghdr *cmsgptr, uint16_t port) { return NULL; } @@ -206,7 +206,7 @@ static host_t *get_dst_v4(struct cmsghdr *cmsgptr, u_int16_t port) */ #ifdef HAVE_IN6_PKTINFO -static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port) { struct in6_pktinfo *pktinfo; struct sockaddr_in6 dst = { @@ -225,7 +225,7 @@ static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) #else /* HAVE_IN6_PKTINFO */ -static host_t *get_dst_v6(struct cmsghdr *cmsgptr, u_int16_t port) +static host_t *get_dst_v6(struct cmsghdr *cmsgptr, uint16_t port) { return NULL; } @@ -241,7 +241,7 @@ METHOD(socket_t, receiver, status_t, host_t *source = NULL, *dest = NULL; int i, rr, index, bytes_read = 0, selected = -1; bool oldstate; - u_int16_t port = 0; + uint16_t port = 0; struct pollfd pfd[] = { { .fd = this->ipv4, .events = POLLIN }, { .fd = this->ipv4_natt, .events = POLLIN }, @@ -464,7 +464,7 @@ METHOD(socket_t, sender, status_t, host_t *src, *dst; struct msghdr msg; struct iovec iov; - u_int8_t *dscp; + uint8_t *dscp; src = packet->get_source(packet); dst = packet->get_destination(packet); @@ -521,7 +521,7 @@ METHOD(socket_t, sender, status_t, { if (family == AF_INET) { - u_int8_t ds4; + uint8_t ds4; ds4 = packet->get_dscp(packet) << 2; if (setsockopt(skt, SOL_IP, IP_TOS, &ds4, sizeof(ds4)) == 0) @@ -584,7 +584,7 @@ METHOD(socket_t, sender, status_t, return SUCCESS; } -METHOD(socket_t, get_port, u_int16_t, +METHOD(socket_t, get_port, uint16_t, private_socket_default_socket_t *this, bool nat_t) { return nat_t ? this->natt : this->port; @@ -610,7 +610,7 @@ METHOD(socket_t, supported_families, socket_family_t, * open a socket to send and receive packets */ static int open_socket(private_socket_default_socket_t *this, - int family, u_int16_t *port) + int family, uint16_t *port) { int on = TRUE; union { diff --git a/src/libcharon/plugins/socket_dynamic/Makefile.in b/src/libcharon/plugins/socket_dynamic/Makefile.in index 88bc22f5e..9f5f4a2e9 100644 --- a/src/libcharon/plugins/socket_dynamic/Makefile.in +++ b/src/libcharon/plugins/socket_dynamic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/socket_dynamic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_dynamic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c index b89cae47b..ba92e10f2 100644 --- a/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c +++ b/src/libcharon/plugins/socket_dynamic/socket_dynamic_socket.c @@ -107,7 +107,7 @@ struct dynsock_t { /** * Bound source port */ - u_int16_t port; + uint16_t port; }; /** @@ -324,7 +324,7 @@ METHOD(socket_t, receiver, status_t, /** * Get the port allocated dynamically using bind() */ -static bool get_dynamic_port(int fd, int family, u_int16_t *port) +static bool get_dynamic_port(int fd, int family, uint16_t *port) { union { struct sockaddr_storage ss; @@ -367,7 +367,7 @@ static bool get_dynamic_port(int fd, int family, u_int16_t *port) * open a socket to send and receive packets */ static int open_socket(private_socket_dynamic_socket_t *this, - int family, u_int16_t *port) + int family, uint16_t *port) { union { struct sockaddr_storage ss; @@ -481,7 +481,7 @@ static dynsock_t *get_any_socket(private_socket_dynamic_socket_t *this, * Find/Create a socket to send from host */ static dynsock_t *find_socket(private_socket_dynamic_socket_t *this, - int family, u_int16_t port) + int family, uint16_t port) { dynsock_t *skt, lookup = { .family = family, @@ -636,7 +636,7 @@ METHOD(socket_t, sender, status_t, return SUCCESS; } -METHOD(socket_t, get_port, u_int16_t, +METHOD(socket_t, get_port, uint16_t, private_socket_dynamic_socket_t *this, bool nat_t) { /* we return 0 here for users that have no explicit port configured, the diff --git a/src/libcharon/plugins/socket_win/Makefile.in b/src/libcharon/plugins/socket_win/Makefile.in index 683011062..1b6b9f64a 100644 --- a/src/libcharon/plugins/socket_win/Makefile.in +++ b/src/libcharon/plugins/socket_win/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/socket_win -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -463,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/socket_win/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/socket_win/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/socket_win/socket_win_socket.c b/src/libcharon/plugins/socket_win/socket_win_socket.c index 94af08e80..c42783c77 100644 --- a/src/libcharon/plugins/socket_win/socket_win_socket.c +++ b/src/libcharon/plugins/socket_win/socket_win_socket.c @@ -51,7 +51,7 @@ struct private_socket_win_socket_t { /** * Port for each socket */ - u_int16_t ports[SOCKET_COUNT]; + uint16_t ports[SOCKET_COUNT]; /** * IPv4/IPv6 dual-use sockets @@ -205,7 +205,7 @@ METHOD(socket_t, receiver, status_t, METHOD(socket_t, sender, status_t, private_socket_win_socket_t *this, packet_t *packet) { - u_int16_t port; + uint16_t port; int i = -1, j; host_t *src, *dst; WSAMSG msg; @@ -316,7 +316,7 @@ METHOD(socket_t, sender, status_t, return SUCCESS; } -METHOD(socket_t, get_port, u_int16_t, +METHOD(socket_t, get_port, uint16_t, private_socket_win_socket_t *this, bool nat) { return this->ports[nat != 0]; diff --git a/src/libcharon/plugins/sql/Makefile.in b/src/libcharon/plugins/sql/Makefile.in index b09379b02..b9cae90ec 100644 --- a/src/libcharon/plugins/sql/Makefile.in +++ b/src/libcharon/plugins/sql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/sql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/sql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/sql/sql_config.c b/src/libcharon/plugins/sql/sql_config.c index ce24d180a..bbc20dca7 100644 --- a/src/libcharon/plugins/sql/sql_config.c +++ b/src/libcharon/plugins/sql/sql_config.c @@ -170,12 +170,22 @@ static child_cfg_t *build_child_cfg(private_sql_config_t *this, enumerator_t *e) if (e->enumerate(e, &id, &name, &lifetime, &rekeytime, &jitter, &updown, &hostaccess, &mode, &start, &dpd, &close, &ipcomp, &reqid)) { - lifetime_cfg_t lft = { - .time = { .life = lifetime, .rekey = rekeytime, .jitter = jitter } + child_cfg_create_t child = { + .mode = mode, + .reqid = reqid, + .ipcomp = ipcomp, + .lifetime = { + .time = { + .life = lifetime, .rekey = rekeytime, .jitter = jitter + }, + }, + .start_action = start, + .dpd_action = dpd, + .close_action = close, + .updown = updown, + .hostaccess = hostaccess, }; - child_cfg = child_cfg_create(name, &lft, updown, hostaccess, mode, - start, dpd, close, ipcomp, 0, reqid, - NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); add_esp_proposals(this, child_cfg, id); add_traffic_selectors(this, child_cfg, id); return child_cfg; @@ -290,6 +300,7 @@ static ike_cfg_t* get_ike_cfg_by_id(private_sql_config_t *this, int id) return ike_cfg; } +#ifdef ME /** * Query a peer config by its id */ @@ -322,6 +333,7 @@ static peer_cfg_t *get_peer_cfg_by_id(private_sql_config_t *this, int id) } return peer_cfg; } +#endif /* ME */ /** * Check if the two IDs match (the first one is optional) @@ -353,7 +365,7 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, &mediation, &mediated_by, &p_type, &p_data)) { identification_t *local_id, *remote_id, *peer_id = NULL; - peer_cfg_t *peer_cfg, *mediated_cfg; + peer_cfg_t *peer_cfg, *mediated_cfg = NULL; ike_cfg_t *ike; host_t *vip = NULL; auth_cfg_t *auth; @@ -367,22 +379,38 @@ static peer_cfg_t *build_peer_cfg(private_sql_config_t *this, enumerator_t *e, continue; } ike = get_ike_cfg_by_id(this, ike_cfg); + +#ifdef ME mediated_cfg = mediated_by ? get_peer_cfg_by_id(this, mediated_by) : NULL; if (p_type) { peer_id = identification_create_from_encoding(p_type, p_data); } +#endif if (virtual) { vip = host_create_from_string(virtual, 0); } if (ike) { - peer_cfg = peer_cfg_create( - name, ike, cert_policy, uniqueid, - keyingtries, rekeytime, reauthtime, jitter, overtime, - mobike, FALSE, TRUE, dpd_delay, 0, - mediation, mediated_cfg, peer_id); + peer_cfg_create_t peer = { + .cert_policy = cert_policy, + .unique = uniqueid, + .keyingtries = keyingtries, + .rekey_time = rekeytime, + .reauth_time = reauthtime, + .jitter_time = jitter, + .over_time = overtime, + .no_mobike = !mobike, + .dpd = dpd_delay, +#ifdef ME + .mediation = mediation, + .mediated_by = mediated_cfg, + .peer_id = peer_id, +#endif /* ME */ + }; + + peer_cfg = peer_cfg_create(name, ike, &peer); if (vip) { peer_cfg->add_virtual_ip(peer_cfg, vip); diff --git a/src/libcharon/plugins/sql/sql_logger.c b/src/libcharon/plugins/sql/sql_logger.c index 0fa06eac5..46a894028 100644 --- a/src/libcharon/plugins/sql/sql_logger.c +++ b/src/libcharon/plugins/sql/sql_logger.c @@ -63,7 +63,7 @@ METHOD(logger_t, log_, void, chunk_t local_spi, remote_spi; host_t *local_host, *remote_host; identification_t *local_id, *remote_id; - u_int64_t ispi, rspi; + uint64_t ispi, rspi; ike_sa_id_t *id; id = ike_sa->get_id(ike_sa); diff --git a/src/libcharon/plugins/stroke/Makefile.in b/src/libcharon/plugins/stroke/Makefile.in index 2b22b333a..9f63cb0b5 100644 --- a/src/libcharon/plugins/stroke/Makefile.in +++ b/src/libcharon/plugins/stroke/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/stroke -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -474,7 +488,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/stroke/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -796,6 +809,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/stroke/stroke_config.c b/src/libcharon/plugins/stroke/stroke_config.c index d0eb2aac3..f2d110434 100644 --- a/src/libcharon/plugins/stroke/stroke_config.c +++ b/src/libcharon/plugins/stroke/stroke_config.c @@ -252,7 +252,7 @@ static void swap_ends(stroke_msg_t *msg) static ike_cfg_t *build_ike_cfg(private_stroke_config_t *this, stroke_msg_t *msg) { ike_cfg_t *ike_cfg; - u_int16_t ikeport; + uint16_t ikeport; char me[256], other[256]; swap_ends(msg); @@ -616,12 +616,17 @@ static mem_pool_t *create_pool_range(char *str) static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, stroke_msg_t *msg, ike_cfg_t *ike_cfg) { - identification_t *peer_id = NULL; - peer_cfg_t *mediated_by = NULL; - unique_policy_t unique; - u_int32_t rekey = 0, reauth = 0, over, jitter; peer_cfg_t *peer_cfg; auth_cfg_t *auth_cfg; + peer_cfg_create_t peer = { + .cert_policy = msg->add_conn.me.sendcert, + .keyingtries = msg->add_conn.rekey.tries, + .no_mobike = !msg->add_conn.mobike, + .aggressive = msg->add_conn.aggressive, + .push_mode = msg->add_conn.pushmode, + .dpd = msg->add_conn.dpd.delay, + .dpd_timeout = msg->add_conn.dpd.timeout, + }; #ifdef ME if (msg->add_conn.ikeme.mediation && msg->add_conn.ikeme.mediated_by) @@ -633,14 +638,17 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, if (msg->add_conn.ikeme.mediation) { + peer.mediation = TRUE; /* force unique connections for mediation connections */ msg->add_conn.unique = 1; } if (msg->add_conn.ikeme.mediated_by) { - mediated_by = charon->backends->get_peer_cfg_by_name(charon->backends, - msg->add_conn.ikeme.mediated_by); + peer_cfg_t *mediated_by; + + mediated_by = charon->backends->get_peer_cfg_by_name( + charon->backends, msg->add_conn.ikeme.mediated_by); if (!mediated_by) { DBG1(DBG_CFG, "mediation connection '%s' not found, aborting", @@ -655,58 +663,55 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, mediated_by->destroy(mediated_by); return NULL; } + peer.mediated_by = mediated_by; if (msg->add_conn.ikeme.peerid) { - peer_id = identification_create_from_string(msg->add_conn.ikeme.peerid); + peer.peer_id = identification_create_from_string( + msg->add_conn.ikeme.peerid); } else if (msg->add_conn.other.id) { - peer_id = identification_create_from_string(msg->add_conn.other.id); + peer.peer_id = identification_create_from_string( + msg->add_conn.other.id); } } #endif /* ME */ - jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; - over = msg->add_conn.rekey.margin; + peer.jitter_time = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100; + peer.over_time = msg->add_conn.rekey.margin; if (msg->add_conn.rekey.reauth) { - reauth = msg->add_conn.rekey.ike_lifetime - over; + peer.reauth_time = msg->add_conn.rekey.ike_lifetime - peer.over_time; } else { - rekey = msg->add_conn.rekey.ike_lifetime - over; + peer.rekey_time = msg->add_conn.rekey.ike_lifetime - peer.over_time; } switch (msg->add_conn.unique) { case 1: /* yes */ case 2: /* replace */ - unique = UNIQUE_REPLACE; + peer.unique = UNIQUE_REPLACE; break; case 3: /* keep */ - unique = UNIQUE_KEEP; + peer.unique = UNIQUE_KEEP; break; case 4: /* never */ - unique = UNIQUE_NEVER; + peer.unique = UNIQUE_NEVER; break; default: /* no */ - unique = UNIQUE_NO; + peer.unique = UNIQUE_NO; break; } if (msg->add_conn.dpd.action == 0) { /* dpdaction=none disables DPD */ - msg->add_conn.dpd.delay = 0; + peer.dpd = 0; } /* other.sourceip is managed in stroke_attributes. If it is set, we define * the pool name as the connection name, which the attribute provider * uses to serve pool addresses. */ - peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg, - msg->add_conn.me.sendcert, unique, - msg->add_conn.rekey.tries, rekey, reauth, jitter, over, - msg->add_conn.mobike, msg->add_conn.aggressive, - msg->add_conn.pushmode == 0, - msg->add_conn.dpd.delay, msg->add_conn.dpd.timeout, - msg->add_conn.ikeme.mediation, mediated_by, peer_id); + peer_cfg = peer_cfg_create(msg->add_conn.name, ike_cfg, &peer); if (msg->add_conn.other.sourceip) { @@ -883,8 +888,8 @@ static peer_cfg_t *build_peer_cfg(private_stroke_config_t *this, /** * Parse a protoport specifier */ -static bool parse_protoport(char *token, u_int16_t *from_port, - u_int16_t *to_port, u_int8_t *protocol) +static bool parse_protoport(char *token, uint16_t *from_port, + uint16_t *to_port, uint8_t *protocol) { char *sep, *port = "", *endptr; struct protoent *proto; @@ -923,7 +928,7 @@ static bool parse_protoport(char *token, u_int16_t *from_port, { return FALSE; } - *protocol = (u_int8_t)p; + *protocol = (uint8_t)p; } } if (streq(port, "%any")) @@ -1002,8 +1007,8 @@ static void add_ts(private_stroke_config_t *this, { enumerator_t *enumerator; char *subnet, *pos; - u_int16_t from_port, to_port; - u_int8_t proto; + uint16_t from_port, to_port; + uint8_t proto; enumerator = enumerator_create_token(end->subnets, ",", " "); while (enumerator->enumerate(enumerator, &subnet)) @@ -1070,45 +1075,50 @@ static child_cfg_t *build_child_cfg(private_stroke_config_t *this, stroke_msg_t *msg) { child_cfg_t *child_cfg; - lifetime_cfg_t lifetime = { - .time = { - .life = msg->add_conn.rekey.ipsec_lifetime, - .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, - .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100 + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = msg->add_conn.rekey.ipsec_lifetime, + .rekey = msg->add_conn.rekey.ipsec_lifetime - msg->add_conn.rekey.margin, + .jitter = msg->add_conn.rekey.margin * msg->add_conn.rekey.fuzz / 100 + }, + .bytes = { + .life = msg->add_conn.rekey.life_bytes, + .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes, + .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100 + }, + .packets = { + .life = msg->add_conn.rekey.life_packets, + .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets, + .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 + }, }, - .bytes = { - .life = msg->add_conn.rekey.life_bytes, - .rekey = msg->add_conn.rekey.life_bytes - msg->add_conn.rekey.margin_bytes, - .jitter = msg->add_conn.rekey.margin_bytes * msg->add_conn.rekey.fuzz / 100 + .mark_in = { + .value = msg->add_conn.mark_in.value, + .mask = msg->add_conn.mark_in.mask }, - .packets = { - .life = msg->add_conn.rekey.life_packets, - .rekey = msg->add_conn.rekey.life_packets - msg->add_conn.rekey.margin_packets, - .jitter = msg->add_conn.rekey.margin_packets * msg->add_conn.rekey.fuzz / 100 - } - }; - mark_t mark_in = { - .value = msg->add_conn.mark_in.value, - .mask = msg->add_conn.mark_in.mask - }; - mark_t mark_out = { - .value = msg->add_conn.mark_out.value, - .mask = msg->add_conn.mark_out.mask + .mark_out = { + .value = msg->add_conn.mark_out.value, + .mask = msg->add_conn.mark_out.mask + }, + .reqid = msg->add_conn.reqid, + .mode = msg->add_conn.mode, + .proxy_mode = msg->add_conn.proxy_mode, + .ipcomp = msg->add_conn.ipcomp, + .tfc = msg->add_conn.tfc, + .inactivity = msg->add_conn.inactivity, + .dpd_action = map_action(msg->add_conn.dpd.action), + .close_action = map_action(msg->add_conn.close_action), + .updown = msg->add_conn.me.updown, + .hostaccess = msg->add_conn.me.hostaccess, + .suppress_policies = !msg->add_conn.install_policy, }; - child_cfg = child_cfg_create( - msg->add_conn.name, &lifetime, msg->add_conn.me.updown, - msg->add_conn.me.hostaccess, msg->add_conn.mode, ACTION_NONE, - map_action(msg->add_conn.dpd.action), - map_action(msg->add_conn.close_action), msg->add_conn.ipcomp, - msg->add_conn.inactivity, msg->add_conn.reqid, - &mark_in, &mark_out, msg->add_conn.tfc); + child_cfg = child_cfg_create(msg->add_conn.name, &child); if (msg->add_conn.replay_window != -1) { child_cfg->set_replay_window(child_cfg, msg->add_conn.replay_window); } - child_cfg->set_mipv6_options(child_cfg, msg->add_conn.proxy_mode, - msg->add_conn.install_policy); add_ts(this, &msg->add_conn.me, child_cfg, TRUE); add_ts(this, &msg->add_conn.other, child_cfg, FALSE); diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c index 36da5ff21..fb60d3973 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -198,7 +198,7 @@ METHOD(stroke_control_t, initiate, void, /** * Parse a terminate/rekey specifier */ -static bool parse_specifier(char *string, u_int32_t *id, +static bool parse_specifier(char *string, uint32_t *id, char **name, bool *child, bool *all) { int len; @@ -266,7 +266,7 @@ static bool parse_specifier(char *string, u_int32_t *id, * Report the result of a terminate() call to console */ static void report_terminate_status(private_stroke_control_t *this, - status_t status, FILE *out, u_int32_t id, bool child) + status_t status, FILE *out, uint32_t id, bool child) { char *prefix, *postfix; @@ -300,7 +300,7 @@ static void report_terminate_status(private_stroke_control_t *this, /** * Call the charon controller to terminate a CHILD_SA */ -static void charon_terminate(private_stroke_control_t *this, u_int32_t id, +static void charon_terminate(private_stroke_control_t *this, uint32_t id, stroke_msg_t *msg, FILE *out, bool child) { if (msg->output_verbosity >= 0) @@ -336,7 +336,7 @@ METHOD(stroke_control_t, terminate, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { char *name; - u_int32_t id; + uint32_t id; bool child, all; ike_sa_t *ike_sa; enumerator_t *enumerator; @@ -424,7 +424,7 @@ METHOD(stroke_control_t, rekey, void, private_stroke_control_t *this, stroke_msg_t *msg, FILE *out) { char *name; - u_int32_t id; + uint32_t id; bool child, all, finished = FALSE; ike_sa_t *ike_sa; enumerator_t *enumerator; @@ -591,13 +591,13 @@ METHOD(stroke_control_t, purge_ike, void, /** * Find an existing CHILD_SA/reqid */ -static u_int32_t find_reqid(child_cfg_t *child_cfg) +static uint32_t find_reqid(child_cfg_t *child_cfg) { enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; char *name; - u_int32_t reqid; + uint32_t reqid; reqid = charon->traps->find_reqid(charon->traps, child_cfg); if (reqid) @@ -636,7 +636,7 @@ static void charon_route(peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, char *name, FILE *out) { ipsec_mode_t mode; - u_int32_t reqid; + uint32_t reqid; mode = child_cfg->get_mode(child_cfg); if (mode == MODE_PASS || mode == MODE_DROP) @@ -731,7 +731,7 @@ METHOD(stroke_control_t, unroute, void, { child_sa_t *child_sa; enumerator_t *enumerator; - u_int32_t id = 0; + uint32_t id = 0; if (charon->shunts->uninstall(charon->shunts, msg->unroute.name)) { diff --git a/src/libcharon/plugins/stroke/stroke_counter.c b/src/libcharon/plugins/stroke/stroke_counter.c index 5fa1fb165..e93fd4ef2 100644 --- a/src/libcharon/plugins/stroke/stroke_counter.c +++ b/src/libcharon/plugins/stroke/stroke_counter.c @@ -58,7 +58,7 @@ struct private_stroke_counter_t { /** * Global counter values */ - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; /** * Counters for specific connection names, char* => entry_t @@ -78,7 +78,7 @@ typedef struct { /** connection name */ char *name; /** counter values for connection */ - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; } entry_t; /** @@ -290,7 +290,7 @@ METHOD(listener_t, message_hook, bool, * Print a single counter value to out */ static void print_counter(FILE *out, stroke_counter_type_t type, - u_int64_t counter) + uint64_t counter) { fprintf(out, "%-18N %12llu\n", stroke_counter_type_names, type, counter); } @@ -300,7 +300,7 @@ static void print_counter(FILE *out, stroke_counter_type_t type, */ static void print_one(private_stroke_counter_t *this, FILE *out, char *name) { - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; entry_t *entry; int i; @@ -365,7 +365,7 @@ static void print_all(private_stroke_counter_t *this, FILE *out) */ static void print_global(private_stroke_counter_t *this, FILE *out) { - u_int64_t counter[COUNTER_MAX]; + uint64_t counter[COUNTER_MAX]; int i; this->lock->lock(this->lock); diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 42928882a..929e6fc84 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -754,6 +754,8 @@ typedef struct { chunk_t keyid; /** number of tries */ int try; + /** provided PIN */ + shared_key_t *shared; } pin_cb_data_t; /** @@ -798,7 +800,9 @@ static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type, { *match_other = ID_MATCH_NONE; } - return shared_key_create(SHARED_PIN, chunk_clone(secret)); + DESTROY_IF(data->shared); + data->shared = shared_key_create(SHARED_PIN, chunk_clone(secret)); + return data->shared->get_ref(data->shared); } } return NULL; @@ -815,7 +819,7 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, private_key_t *key = NULL; u_int slot; chunk_t chunk; - shared_key_t *shared; + shared_key_t *shared = NULL; identification_t *id; mem_cred_t *mem = NULL; callback_cred_t *cb = NULL; @@ -867,10 +871,11 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, return TRUE; } /* use callback credential set to prompt for the pin */ - pin_data.prompt = prompt; - pin_data.card = smartcard; - pin_data.keyid = chunk; - pin_data.try = 0; + pin_data = (pin_cb_data_t){ + .prompt = prompt, + .card = smartcard, + .keyid = chunk, + }; cb = callback_cred_create_shared((void*)pin_cb, &pin_data); lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE); } @@ -880,30 +885,48 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, shared = shared_key_create(SHARED_PIN, secret); id = identification_create_from_encoding(ID_KEY_ID, chunk); mem = mem_cred_create(); - mem->add_shared(mem, shared, id, NULL); + mem->add_shared(mem, shared->get_ref(shared), id, NULL); lib->credmgr->add_local_set(lib->credmgr, &mem->set, FALSE); } /* unlock: smartcard needs the pin and potentially calls public set */ key = (private_key_t*)load_from_smartcard(format, slot, module, keyid, CRED_PRIVATE_KEY, KEY_ANY); + + if (key) + { + DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr); + secrets->add_key(secrets, key); + } if (mem) { + if (!key) + { + shared->destroy(shared); + shared = NULL; + } lib->credmgr->remove_local_set(lib->credmgr, &mem->set); mem->destroy(mem); } if (cb) { + if (key) + { + shared = pin_data.shared; + } + else + { + DESTROY_IF(pin_data.shared); + } lib->credmgr->remove_local_set(lib->credmgr, &cb->set); cb->destroy(cb); } - chunk_clear(&chunk); - - if (key) + if (shared) { - DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr); - secrets->add_key(secrets, key); + id = identification_create_from_encoding(ID_KEY_ID, chunk); + secrets->add_shared(secrets, shared, id, NULL); } + chunk_clear(&chunk); return TRUE; } diff --git a/src/libcharon/plugins/stroke/stroke_list.c b/src/libcharon/plugins/stroke/stroke_list.c index 0371c7032..6c5703a16 100644 --- a/src/libcharon/plugins/stroke/stroke_list.c +++ b/src/libcharon/plugins/stroke/stroke_list.c @@ -206,7 +206,7 @@ static void log_ike_sa(FILE *out, ike_sa_t *ike_sa, bool all) static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { time_t use_in, use_out, rekey, now; - u_int64_t bytes_in, bytes_out, packets_in, packets_out; + uint64_t bytes_in, bytes_out, packets_in, packets_out; proposal_t *proposal; linked_list_t *my_ts, *other_ts; child_cfg_t *config; @@ -244,7 +244,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) proposal = child_sa->get_proposal(child_sa); if (proposal) { - u_int16_t alg, ks; + uint16_t alg, ks; bool first = TRUE; if (proposal->get_algorithm(proposal, ENCRYPTION_ALGORITHM, @@ -286,7 +286,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)", packets_in, (packets_in == 1) ? "": "s", - (u_int64_t)(now - use_in)); + (uint64_t)(now - use_in)); } child_sa->get_usestats(child_sa, FALSE, @@ -296,7 +296,7 @@ static void log_child_sa(FILE *out, child_sa_t *child_sa, bool all) { fprintf(out, " (%" PRIu64 " pkt%s, %" PRIu64 "s ago)", packets_out, (packets_out == 1) ? "": "s", - (u_int64_t)(now - use_out)); + (uint64_t)(now - use_out)); } fprintf(out, ", rekeying "); @@ -474,7 +474,7 @@ METHOD(stroke_list_t, status, void, ike_version_t ike_version; char *pool; host_t *host; - u_int32_t dpd; + uint32_t dpd; time_t since, now; u_int size, online, offline, i; struct utsname utsname; diff --git a/src/libcharon/plugins/stroke/stroke_socket.c b/src/libcharon/plugins/stroke/stroke_socket.c index ee32dbca2..4f7483666 100644 --- a/src/libcharon/plugins/stroke/stroke_socket.c +++ b/src/libcharon/plugins/stroke/stroke_socket.c @@ -613,7 +613,7 @@ static void stroke_config(private_stroke_socket_t *this, static bool on_accept(private_stroke_socket_t *this, stream_t *stream) { stroke_msg_t *msg; - u_int16_t len; + uint16_t len; FILE *out; /* read length */ diff --git a/src/libcharon/plugins/systime_fix/Makefile.in b/src/libcharon/plugins/systime_fix/Makefile.in index 0daff4434..125e3c176 100644 --- a/src/libcharon/plugins/systime_fix/Makefile.in +++ b/src/libcharon/plugins/systime_fix/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/systime_fix -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/systime_fix/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/tnc_ifmap/Makefile.in b/src/libcharon/plugins/tnc_ifmap/Makefile.in index f124a1b38..0ea265e10 100644 --- a/src/libcharon/plugins/tnc_ifmap/Makefile.in +++ b/src/libcharon/plugins/tnc_ifmap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/tnc_ifmap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -473,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_ifmap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_ifmap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -791,6 +804,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c index 2bad4fab0..ad4f2f8c2 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_listener.c @@ -145,7 +145,7 @@ tnc_ifmap_listener_t *tnc_ifmap_listener_create(bool reload) { private_tnc_ifmap_listener_t *this; job_t *job; - u_int32_t reschedule; + uint32_t reschedule; INIT(this, .public = { diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c index f2c00a528..ea48338cd 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.c @@ -40,7 +40,7 @@ struct private_tnc_ifmap_renew_session_job_t { /** * Reschedule time interval in seconds */ - u_int32_t reschedule; + uint32_t reschedule; }; METHOD(job_t, destroy, void, @@ -83,7 +83,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create( - tnc_ifmap_soap_t *ifmap, u_int32_t reschedule) + tnc_ifmap_soap_t *ifmap, uint32_t reschedule) { private_tnc_ifmap_renew_session_job_t *this; diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h index f1587a1f6..18a3d5734 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_renew_session_job.h @@ -46,6 +46,6 @@ struct tnc_ifmap_renew_session_job_t { * @param reschedule reschedule time in seconds */ tnc_ifmap_renew_session_job_t *tnc_ifmap_renew_session_job_create( - tnc_ifmap_soap_t *ifmap, u_int32_t reschedule); + tnc_ifmap_soap_t *ifmap, uint32_t reschedule); #endif /** TNC_IFMAP_RENEW_SESSION_JOB_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c index a652e7067..8e69de095 100644 --- a/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c +++ b/src/libcharon/plugins/tnc_ifmap/tnc_ifmap_soap.c @@ -186,7 +186,7 @@ METHOD(tnc_ifmap_soap_t, purgePublisher, bool, * Create an access-request based on device_name and ike_sa_id */ static xmlNodePtr create_access_request(private_tnc_ifmap_soap_t *this, - u_int32_t id) + uint32_t id) { xmlNodePtr node; char buf[BUF_LEN]; @@ -415,7 +415,7 @@ METHOD(tnc_ifmap_soap_t, publish_ike_sa, bool, identification_t *id, *eap_id, *group; host_t *host; auth_cfg_t *auth; - u_int32_t ike_sa_id; + uint32_t ike_sa_id; bool is_user = FALSE, first = TRUE, success; /* extract relevant data from IKE_SA*/ @@ -584,7 +584,7 @@ METHOD(tnc_ifmap_soap_t, publish_virtual_ips, bool, { tnc_ifmap_soap_msg_t *soap_msg; xmlNodePtr request, node; - u_int32_t ike_sa_id; + uint32_t ike_sa_id; enumerator_t *enumerator; host_t *vip; bool success; diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.in b/src/libcharon/plugins/tnc_pdp/Makefile.in index bfd8cf820..f2398c3f4 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.in +++ b/src/libcharon/plugins/tnc_pdp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/tnc_pdp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -207,12 +216,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -262,6 +273,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -296,6 +308,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -407,6 +420,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -476,7 +490,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_pdp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/tnc_pdp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -791,6 +804,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index 91456f8da..17f0cd464 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -74,7 +74,7 @@ struct private_tnc_pdp_t { /** * PT-TLS port of the server */ - u_int16_t pt_tls_port; + uint16_t pt_tls_port; /** * PT-TLS IPv4 socket @@ -158,7 +158,7 @@ static void free_client_entry(client_entry_t *this) /** * Open IPv4 or IPv6 UDP socket */ -static int open_udp_socket(int family, u_int16_t port) +static int open_udp_socket(int family, uint16_t port) { int on = TRUE; struct sockaddr_storage addr; @@ -233,7 +233,7 @@ static int open_udp_socket(int family, u_int16_t port) /** * Open IPv4 or IPv6 TCP socket */ -static int open_tcp_socket(int family, u_int16_t port) +static int open_tcp_socket(int family, uint16_t port) { int on = TRUE; struct sockaddr_storage addr; @@ -339,8 +339,8 @@ static void send_message(private_tnc_pdp_t *this, radius_message_t *message, /** * Encrypt a MS-MPPE-Send/Recv-Key */ -static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, u_int8_t type, - chunk_t key, u_int16_t *salt, +static chunk_t encrypt_mppe_key(private_tnc_pdp_t *this, uint8_t type, + chunk_t key, uint16_t *salt, radius_message_t *request) { chunk_t a, r, seed, data; @@ -420,8 +420,8 @@ static void send_response(private_tnc_pdp_t *this, radius_message_t *request, { radius_message_t *response; chunk_t data, recv, send; - u_int32_t tunnel_type; - u_int16_t salt = 0; + uint32_t tunnel_type; + uint16_t salt = 0; response = radius_message_create(code); data = eap->get_data(eap); @@ -477,7 +477,7 @@ static void process_eap(private_tnc_pdp_t *this, radius_message_t *request, eap_payload_t *in, *out = NULL; eap_method_t *method; eap_type_t eap_type; - u_int32_t eap_vendor; + uint32_t eap_vendor; chunk_t data, message = chunk_empty, msk = chunk_empty; chunk_t user_name = chunk_empty, nas_id = chunk_empty; identification_t *group = NULL; diff --git a/src/libcharon/plugins/uci/Makefile.in b/src/libcharon/plugins/uci/Makefile.in index a1c64ca1b..84eed9a45 100644 --- a/src/libcharon/plugins/uci/Makefile.in +++ b/src/libcharon/plugins/uci/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/uci -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/uci/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/uci/uci_config.c b/src/libcharon/plugins/uci/uci_config.c index 2a8e40380..e0578fe9b 100644 --- a/src/libcharon/plugins/uci/uci_config.c +++ b/src/libcharon/plugins/uci/uci_config.c @@ -126,12 +126,23 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, child_cfg_t *child_cfg; ike_cfg_t *ike_cfg; auth_cfg_t *auth; - lifetime_cfg_t lifetime = { - .time = { - .life = create_rekey(esp_rekey) + 300, - .rekey = create_rekey(esp_rekey), - .jitter = 300 - } + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_NO, + .keyingtries = 1, + .jitter_time = 1800, + .over_time = 900, + .dpd = 60, + }; + child_cfg_create_t child = { + .lifetime = { + .time = { + .life = create_rekey(esp_rekey) + 300, + .rekey = create_rekey(esp_rekey), + .jitter = 300 + }, + }, + .mode = MODE_TUNNEL, }; /* defaults */ @@ -157,13 +168,8 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, remote_addr, IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); ike_cfg->add_proposal(ike_cfg, create_proposal(ike_proposal, PROTO_IKE)); - this->peer_cfg = peer_cfg_create( - name, ike_cfg, CERT_SEND_IF_ASKED, UNIQUE_NO, - 1, create_rekey(ike_rekey), 0, /* keytries, rekey, reauth */ - 1800, 900, /* jitter, overtime */ - TRUE, FALSE, TRUE, /* mobike, aggressive, pull */ - 60, 0, /* DPD delay, timeout */ - FALSE, NULL, NULL); /* mediation, med by, peer id */ + peer.rekey_time = create_rekey(ike_rekey); + this->peer_cfg = peer_cfg_create(name, ike_cfg, &peer); auth = auth_cfg_create(); auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); auth->add(auth, AUTH_RULE_IDENTITY, @@ -179,9 +185,7 @@ METHOD(enumerator_t, peer_enumerator_enumerate, bool, } this->peer_cfg->add_auth_cfg(this->peer_cfg, auth, FALSE); - child_cfg = child_cfg_create(name, &lifetime, NULL, TRUE, MODE_TUNNEL, - ACTION_NONE, ACTION_NONE, ACTION_NONE, - FALSE, 0, 0, NULL, NULL, 0); + child_cfg = child_cfg_create(name, &child); child_cfg->add_proposal(child_cfg, create_proposal(esp_proposal, PROTO_ESP)); child_cfg->add_traffic_selector(child_cfg, TRUE, create_ts(local_net)); child_cfg->add_traffic_selector(child_cfg, FALSE, create_ts(remote_net)); diff --git a/src/libcharon/plugins/unity/Makefile.in b/src/libcharon/plugins/unity/Makefile.in index 00bb1498c..cfc1c5f4c 100644 --- a/src/libcharon/plugins/unity/Makefile.in +++ b/src/libcharon/plugins/unity/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/unity -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/unity/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/unity/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/unity/unity_handler.c b/src/libcharon/plugins/unity/unity_handler.c index 9fc9be61a..570727823 100644 --- a/src/libcharon/plugins/unity/unity_handler.c +++ b/src/libcharon/plugins/unity/unity_handler.c @@ -206,7 +206,9 @@ static job_requeue_t add_exclude_async(entry_t *entry) { enumerator_t *enumerator; child_cfg_t *child_cfg; - lifetime_cfg_t lft = { .time = { .life = 0 } }; + child_cfg_create_t child = { + .mode = MODE_PASS, + }; ike_sa_t *ike_sa; char name[128]; host_t *host; @@ -216,9 +218,7 @@ static job_requeue_t add_exclude_async(entry_t *entry) { create_shunt_name(ike_sa, entry->ts, name, sizeof(name)); - child_cfg = child_cfg_create(name, &lft, NULL, TRUE, MODE_PASS, - ACTION_NONE, ACTION_NONE, ACTION_NONE, - FALSE, 0, 0, NULL, NULL, FALSE); + child_cfg = child_cfg_create(name, &child); child_cfg->add_traffic_selector(child_cfg, FALSE, entry->ts->clone(entry->ts)); host = ike_sa->get_my_host(ike_sa); diff --git a/src/libcharon/plugins/unity/unity_provider.c b/src/libcharon/plugins/unity/unity_provider.c index 1e297a39e..07f5f9b61 100644 --- a/src/libcharon/plugins/unity/unity_provider.c +++ b/src/libcharon/plugins/unity/unity_provider.c @@ -53,7 +53,7 @@ static void append_ts(bio_writer_t *writer, traffic_selector_t *ts) { host_t *net, *mask; chunk_t padding; - u_int8_t bits; + uint8_t bits; if (!ts->to_subnet(ts, &net, &bits)) { @@ -115,7 +115,7 @@ METHOD(enumerator_t, attribute_destroy, void, */ static bool use_ts(traffic_selector_t *ts) { - u_int8_t mask; + uint8_t mask; host_t *net; if (ts->get_type(ts) != TS_IPV4_ADDR_RANGE) diff --git a/src/libcharon/plugins/updown/Makefile.in b/src/libcharon/plugins/updown/Makefile.in index 863e14430..612535d85 100644 --- a/src/libcharon/plugins/updown/Makefile.in +++ b/src/libcharon/plugins/updown/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/updown -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/updown/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/updown/updown_listener.c b/src/libcharon/plugins/updown/updown_listener.c index e51caab10..6a1581c85 100644 --- a/src/libcharon/plugins/updown/updown_listener.c +++ b/src/libcharon/plugins/updown/updown_listener.c @@ -55,7 +55,7 @@ typedef struct cache_entry_t cache_entry_t; */ struct cache_entry_t { /** requid of the CHILD_SA */ - u_int32_t reqid; + uint32_t reqid; /** cached interface name */ char *iface; }; @@ -63,7 +63,7 @@ struct cache_entry_t { /** * Insert an interface name to the cache */ -static void cache_iface(private_updown_listener_t *this, u_int32_t reqid, +static void cache_iface(private_updown_listener_t *this, uint32_t reqid, char *iface) { cache_entry_t *entry = malloc_thing(cache_entry_t); @@ -77,7 +77,7 @@ static void cache_iface(private_updown_listener_t *this, u_int32_t reqid, /** * Remove a cached interface name and return it. */ -static char* uncache_iface(private_updown_listener_t *this, u_int32_t reqid) +static char* uncache_iface(private_updown_listener_t *this, uint32_t reqid) { enumerator_t *enumerator; cache_entry_t *entry; @@ -257,7 +257,7 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, { host_t *me, *other, *host; char *iface; - u_int8_t mask; + uint8_t mask; mark_t mark; bool is_host, is_ipv6; int out; @@ -344,13 +344,13 @@ static void invoke_once(private_updown_listener_t *this, ike_sa_t *ike_sa, } push_vip_env(this, ike_sa, envp, countof(envp), TRUE); push_vip_env(this, ike_sa, envp, countof(envp), FALSE); - mark = config->get_mark(config, TRUE); + mark = child_sa->get_mark(child_sa, TRUE); if (mark.value) { push_env(envp, countof(envp), "PLUTO_MARK_IN=%u/0x%08x", mark.value, mark.mask); } - mark = config->get_mark(config, FALSE); + mark = child_sa->get_mark(child_sa, FALSE); if (mark.value) { push_env(envp, countof(envp), "PLUTO_MARK_OUT=%u/0x%08x", diff --git a/src/libcharon/plugins/vici/Makefile.in b/src/libcharon/plugins/vici/Makefile.in index 86ed00792..b943c09ce 100644 --- a/src/libcharon/plugins/vici/Makefile.in +++ b/src/libcharon/plugins/vici/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -84,8 +94,6 @@ check_PROGRAMS = $(am__EXEEXT_1) @USE_PYTHON_EGGS_TRUE@am__append_2 = python @USE_PERL_CPAN_TRUE@am__append_3 = perl subdir = src/libcharon/plugins/vici -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,6 +107,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -274,6 +283,7 @@ am__tty_colors = { \ fi; \ } DIST_SUBDIRS = ruby python perl +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -305,6 +315,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -354,6 +365,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -388,6 +400,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -499,6 +512,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -602,7 +616,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1319,6 +1332,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/vici/README.md b/src/libcharon/plugins/vici/README.md index 52929bd74..cf5a85a8d 100644 --- a/src/libcharon/plugins/vici/README.md +++ b/src/libcharon/plugins/vici/README.md @@ -277,8 +277,8 @@ Terminates an SA while streaming _control-log_ events. { child = <terminate a CHILD_SA by configuration name> ike = <terminate an IKE_SA by configuration name> - child_id = <terminate a CHILD_SA by its reqid> - ike_id = <terminate an IKE_SA by its unique id> + child-id = <terminate a CHILD_SA by its reqid> + ike-id = <terminate an IKE_SA by its unique id> timeout = <timeout in ms before returning> loglevel = <loglevel to issue "control-log" events for> } => { @@ -337,7 +337,7 @@ events. { noblock = <use non-blocking mode if key is set> ike = <filter listed IKE_SAs by its name> - ike_id = <filter listed IKE_SA by its unique id> + ike-id = <filter listed IKE_SA by its unique id> } => { # completes after streaming list-sa events } @@ -734,6 +734,8 @@ _list-conns_ command. <list of valid remote IKE endpoint addresses> ] version = <IKE version as string, IKEv1|IKEv2 or 0 for any> + reauth_time = <IKE_SA reauthentication interval in seconds> + rekey_time = <IKE_SA rekeying interval in seconds> local*, remote* = { # multiple local and remote auth sections class = <authentication type> @@ -758,6 +760,9 @@ _list-conns_ command. children = { <CHILD_SA config name>* = { mode = <IPsec mode> + rekey_time = <CHILD_SA rekeying interval in seconds> + rekey_bytes = <CHILD_SA rekeying interval in bytes> + rekey_packets = <CHILD_SA rekeying interval in packets> local-ts = [ <list of local traffic selectors> ] diff --git a/src/libcharon/plugins/vici/libvici.c b/src/libcharon/plugins/vici/libvici.c index 7c98c8b69..0b549a511 100644 --- a/src/libcharon/plugins/vici/libvici.c +++ b/src/libcharon/plugins/vici/libvici.c @@ -123,7 +123,7 @@ static bool read_error(vici_conn_t *conn, int err) /** * Handle a command response message */ -static bool handle_response(vici_conn_t *conn, u_int32_t len) +static bool handle_response(vici_conn_t *conn, uint32_t len) { chunk_t buf; @@ -140,11 +140,11 @@ static bool handle_response(vici_conn_t *conn, u_int32_t len) /** * Dispatch received event message */ -static bool handle_event(vici_conn_t *conn, u_int32_t len) +static bool handle_event(vici_conn_t *conn, uint32_t len) { vici_message_t *message; event_t *event; - u_int8_t namelen; + uint8_t namelen; char name[257], *buf; if (len < sizeof(namelen)) @@ -198,8 +198,8 @@ static bool handle_event(vici_conn_t *conn, u_int32_t len) CALLBACK(on_read, bool, vici_conn_t *conn, stream_t *stream) { - u_int32_t len; - u_int8_t op; + uint32_t len; + uint8_t op; ssize_t hlen; hlen = stream->read(stream, &len, sizeof(len), FALSE); @@ -358,8 +358,8 @@ vici_res_t* vici_submit(vici_req_t *req, vici_conn_t *conn) vici_message_t *message; vici_res_t *res; chunk_t data; - u_int32_t len; - u_int8_t namelen, op; + uint32_t len; + uint8_t namelen, op; message = req->b->finalize(req->b); if (!message) @@ -678,8 +678,8 @@ void vici_free_res(vici_res_t *res) int vici_register(vici_conn_t *conn, char *name, vici_event_cb_t cb, void *user) { event_t *event; - u_int32_t len; - u_int8_t namelen, op; + uint32_t len; + uint8_t namelen, op; int ret = 1; op = cb ? VICI_EVENT_REGISTER : VICI_EVENT_UNREGISTER; diff --git a/src/libcharon/plugins/vici/perl/Makefile.in b/src/libcharon/plugins/vici/perl/Makefile.in index 550d3e980..e32e9668c 100644 --- a/src/libcharon/plugins/vici/perl/Makefile.in +++ b/src/libcharon/plugins/vici/perl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/vici/perl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -370,7 +385,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/perl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -547,6 +561,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + all-local: Vici-Session/pm_to_blib diff --git a/src/libcharon/plugins/vici/python/MANIFEST.in b/src/libcharon/plugins/vici/python/MANIFEST.in index 1aba38f67..9d5d250d0 100644 --- a/src/libcharon/plugins/vici/python/MANIFEST.in +++ b/src/libcharon/plugins/vici/python/MANIFEST.in @@ -1 +1,2 @@ include LICENSE +include README.rst diff --git a/src/libcharon/plugins/vici/python/Makefile.am b/src/libcharon/plugins/vici/python/Makefile.am index 5936f2a5e..20a6f436d 100644 --- a/src/libcharon/plugins/vici/python/Makefile.am +++ b/src/libcharon/plugins/vici/python/Makefile.am @@ -1,4 +1,4 @@ -EXTRA_DIST = LICENSE MANIFEST.in \ +EXTRA_DIST = LICENSE README.rst MANIFEST.in \ setup.py.in \ vici/test/__init__.py \ vici/test/test_protocol.py \ @@ -10,26 +10,34 @@ EXTRA_DIST = LICENSE MANIFEST.in \ $(srcdir)/setup.py: $(srcdir)/setup.py.in $(AM_V_GEN) sed \ - -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \ + -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \ $(srcdir)/setup.py.in > $@ -all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg -dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py +dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py (cd $(srcdir); $(PYTHON) setup.py bdist_egg \ -b $(shell readlink -f $(builddir))/build \ -d $(shell readlink -f $(builddir))/dist) +package: $(EXTRA_DIST) $(srcdir)/setup.py + (cd $(srcdir); $(PYTHON) setup.py sdist \ + -d $(shell readlink -f $(builddir))/dist \ + bdist_wheel --universal \ + -d $(shell readlink -f $(builddir))/dist) + clean-local: (cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a) rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist if PYTHON_EGGS_INSTALL -install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg $(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \ - dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg + dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg endif if USE_PY_TEST TESTS = $(PY_TEST) endif + +.PHONY: package diff --git a/src/libcharon/plugins/vici/python/Makefile.in b/src/libcharon/plugins/vici/python/Makefile.in index 894a7e275..7d1c64267 100644 --- a/src/libcharon/plugins/vici/python/Makefile.in +++ b/src/libcharon/plugins/vici/python/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/vici/python -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -138,12 +148,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -193,6 +205,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -227,6 +240,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -338,6 +352,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -366,7 +381,7 @@ top_srcdir = @top_srcdir@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ -EXTRA_DIST = LICENSE MANIFEST.in \ +EXTRA_DIST = LICENSE README.rst MANIFEST.in \ setup.py.in \ vici/test/__init__.py \ vici/test/test_protocol.py \ @@ -392,7 +407,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/python/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -663,26 +677,36 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am +.PRECIOUS: Makefile + $(srcdir)/setup.py: $(srcdir)/setup.py.in $(AM_V_GEN) sed \ - -e "s:@EGG_VERSION@:$(PACKAGE_VERSION):" \ + -e "s:@EGG_VERSION@:$(PYTHON_PACKAGE_VERSION):" \ $(srcdir)/setup.py.in > $@ -all-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +all-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg -dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py +dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg: $(EXTRA_DIST) $(srcdir)/setup.py (cd $(srcdir); $(PYTHON) setup.py bdist_egg \ -b $(shell readlink -f $(builddir))/build \ -d $(shell readlink -f $(builddir))/dist) +package: $(EXTRA_DIST) $(srcdir)/setup.py + (cd $(srcdir); $(PYTHON) setup.py sdist \ + -d $(shell readlink -f $(builddir))/dist \ + bdist_wheel --universal \ + -d $(shell readlink -f $(builddir))/dist) + clean-local: (cd $(srcdir); [ ! -f setup.py ] || $(PYTHON) setup.py clean -a) rm -rf $(srcdir)/setup.py $(srcdir)/vici.egg-info $(builddir)/dist -@PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +@PYTHON_EGGS_INSTALL_TRUE@install-exec-local: dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg @PYTHON_EGGS_INSTALL_TRUE@ $(EASY_INSTALL) $(PYTHONEGGINSTALLDIR) \ -@PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PACKAGE_VERSION)-py$(PYTHON_VERSION).egg +@PYTHON_EGGS_INSTALL_TRUE@ dist/vici-$(PYTHON_PACKAGE_VERSION)-py$(PYTHON_VERSION).egg + +.PHONY: package # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/vici/python/README.rst b/src/libcharon/plugins/vici/python/README.rst new file mode 100644 index 000000000..3990f6300 --- /dev/null +++ b/src/libcharon/plugins/vici/python/README.rst @@ -0,0 +1,24 @@ +About +----- + +The strongSwan VICI protocol allows external applications to monitor, configure +and control the IKE daemon charon. This Python package provides a native client +side implementation of the VICI protocol, well suited to script automated tasks +in a reliable way. + + +Example Usage +------------- + +.. code-block:: python + + >>> import vici + >>> s = vici.Session() + >>> s.version() + OrderedDict([('daemon', b'charon'), ('version', b'5.4.0'), + ('sysname', b'Linux'), ('release', b'3.13.0-27-generic'), ('machine', b'x86_64')]) + >>> s.load_pool({"p1": {"addrs": "10.0.0.0/24"}}) + OrderedDict([('success', b'yes')]) + >>> s.get_pools() + OrderedDict([('p1', OrderedDict([('base', b'10.0.0.0'), ('size', b'254'), + ('online', b'0'), ('offline', b'0')]))]) diff --git a/src/libcharon/plugins/vici/python/setup.py.in b/src/libcharon/plugins/vici/python/setup.py.in index 0e4ad8236..62b0c5899 100644 --- a/src/libcharon/plugins/vici/python/setup.py.in +++ b/src/libcharon/plugins/vici/python/setup.py.in @@ -1,25 +1,21 @@ from setuptools import setup - -long_description = ( - "The strongSwan VICI protocol allows external application to monitor, " - "configure and control the IKE daemon charon. This python package provides " - "a native client side implementation of the VICI protocol, well suited to " - "script automated tasks in a reliable way." -) +with open('README.rst') as file: + long_description = file.read() setup( name="vici", version="@EGG_VERSION@", - description="Native python interface for strongSwan VICI", - author="Bjorn Schuberg", + description="Native Python interface for strongSwan's VICI protocol", + long_description=long_description, + author="strongSwan Project", + author_email="info@strongswan.org", url="https://wiki.strongswan.org/projects/strongswan/wiki/Vici", license="MIT", packages=["vici"], - long_description=long_description, include_package_data=True, classifiers=( - "Development Status :: 3 - Alpha", + "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "Intended Audience :: System Administrators", "License :: OSI Approved :: MIT License", diff --git a/src/libcharon/plugins/vici/python/vici/protocol.py b/src/libcharon/plugins/vici/python/vici/protocol.py index 855a7b2e2..4951817eb 100644 --- a/src/libcharon/plugins/vici/python/vici/protocol.py +++ b/src/libcharon/plugins/vici/python/vici/protocol.py @@ -20,15 +20,22 @@ class Transport(object): self.socket.sendall(struct.pack("!I", len(packet)) + packet) def receive(self): - raw_length = self.socket.recv(self.HEADER_LENGTH) + raw_length = self._recvall(self.HEADER_LENGTH) length, = struct.unpack("!I", raw_length) - payload = self.socket.recv(length) + payload = self._recvall(length) return payload def close(self): self.socket.shutdown(socket.SHUT_RDWR) self.socket.close() + def _recvall(self, count): + """Ensure to read count bytes from the socket""" + data = b"" + while len(data) < count: + data += self.socket.recv(count - len(data)) + return data + class Packet(object): CMD_REQUEST = 0 # Named request message diff --git a/src/libcharon/plugins/vici/ruby/Makefile.in b/src/libcharon/plugins/vici/ruby/Makefile.in index b87d83de4..aceb28adc 100644 --- a/src/libcharon/plugins/vici/ruby/Makefile.in +++ b/src/libcharon/plugins/vici/ruby/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,7 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/vici/ruby -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -92,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -116,12 +126,14 @@ am__can_run_installinfo = \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -171,6 +183,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -205,6 +218,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -316,6 +330,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -360,7 +375,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/vici/ruby/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -455,8 +469,8 @@ distclean-generic: maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@RUBY_GEMS_INSTALL_FALSE@uninstall-local: @RUBY_GEMS_INSTALL_FALSE@install-data-local: +@RUBY_GEMS_INSTALL_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am @@ -538,6 +552,8 @@ uninstall-am: uninstall-local mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-local +.PRECIOUS: Makefile + vici.gemspec: $(srcdir)/vici.gemspec.in $(AM_V_GEN) sed \ diff --git a/src/libcharon/plugins/vici/suites/test_socket.c b/src/libcharon/plugins/vici/suites/test_socket.c index 8d545c6c1..d0c0fa76f 100644 --- a/src/libcharon/plugins/vici/suites/test_socket.c +++ b/src/libcharon/plugins/vici/suites/test_socket.c @@ -32,7 +32,7 @@ static void echo_inbound(void *user, u_int id, chunk_t buf) ck_assert_int_eq(data->id, id); /* count number of bytes, including the header */ - data->bytes += buf.len + sizeof(u_int32_t); + data->bytes += buf.len + sizeof(uint32_t); /* echo back data chunk */ data->s->send(data->s, id, chunk_clone(buf)); } @@ -81,7 +81,7 @@ START_TEST(test_echo) 0x00,0x00,0x00,0x0A, 0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x02A, ); char buf[m.len]; - u_int32_t len; + uint32_t len; lib->processor->set_threads(lib->processor, 4); diff --git a/src/libcharon/plugins/vici/vici_attribute.c b/src/libcharon/plugins/vici/vici_attribute.c index 9064d3d8c..e0d9b4ae8 100644 --- a/src/libcharon/plugins/vici/vici_attribute.c +++ b/src/libcharon/plugins/vici/vici_attribute.c @@ -233,7 +233,7 @@ static bool have_vips_from_pool(mem_pool_t *pool, linked_list_t *vips) enumerator_t *enumerator; host_t *host; chunk_t start, end, current; - u_int32_t size; + uint32_t size; bool found = FALSE; host = pool->get_base(pool); @@ -477,10 +477,10 @@ CALLBACK(pool_li, bool, { if (host->get_family(host) == AF_INET) { /* IPv4 attributes contain a subnet mask */ - u_int32_t netmask = 0; + uint32_t netmask = 0; if (mask) - { /* shifting u_int32_t by 32 or more is undefined */ + { /* shifting uint32_t by 32 or more is undefined */ mask = 32 - mask; netmask = htonl((0xFFFFFFFF >> mask) << mask); } diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c index 6ebbedc47..d919e1d94 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c @@ -57,22 +57,32 @@ /** * Magic value for an undefined lifetime */ -#define LFT_UNDEFINED (~(u_int64_t)0) +#define LFT_UNDEFINED (~(uint64_t)0) /** * Default IKE rekey time */ -#define LFT_DEFAULT_IKE_REKEY (4 * 60 * 60) +#define LFT_DEFAULT_IKE_REKEY_TIME (4 * 60 * 60) /** * Default CHILD rekey time */ -#define LFT_DEFAULT_CHILD_REKEY (1 * 60 * 60) +#define LFT_DEFAULT_CHILD_REKEY_TIME (1 * 60 * 60) + +/** + * Default CHILD rekey bytes + */ +#define LFT_DEFAULT_CHILD_REKEY_BYTES 0 + +/** + * Default CHILD rekey packets + */ +#define LFT_DEFAULT_CHILD_REKEY_PACKETS 0 /** * Undefined replay window */ -#define REPLAY_UNDEFINED (~(u_int32_t)0) +#define REPLAY_UNDEFINED (~(uint32_t)0) typedef struct private_vici_config_t private_vici_config_t; @@ -242,7 +252,7 @@ typedef struct { typedef struct { request_data_t *request; auth_cfg_t *cfg; - u_int32_t round; + uint32_t round; } auth_data_t; /** @@ -259,20 +269,20 @@ static void free_auth_data(auth_data_t *data) */ typedef struct { request_data_t *request; - u_int32_t version; + uint32_t version; bool aggressive; bool encap; bool mobike; bool send_certreq; bool pull; cert_policy_t send_cert; - u_int64_t dpd_delay; - u_int64_t dpd_timeout; + uint64_t dpd_delay; + uint64_t dpd_timeout; fragmentation_t fragmentation; unique_policy_t unique; - u_int32_t keyingtries; - u_int32_t local_port; - u_int32_t remote_port; + uint32_t keyingtries; + uint32_t local_port; + uint32_t remote_port; char *local_addrs; char *remote_addrs; linked_list_t *local; @@ -281,10 +291,10 @@ typedef struct { linked_list_t *children; linked_list_t *vips; char *pools; - u_int64_t reauth_time; - u_int64_t rekey_time; - u_int64_t over_time; - u_int64_t rand_time; + uint64_t reauth_time; + uint64_t rekey_time; + uint64_t over_time; + uint64_t rand_time; } peer_data_t; /** @@ -422,24 +432,12 @@ static void free_peer_data(peer_data_t *data) */ typedef struct { request_data_t *request; - lifetime_cfg_t lft; - char* updown; - bool hostaccess; - bool ipcomp; - bool policies; - ipsec_mode_t mode; - u_int32_t replay_window; - action_t dpd_action; - action_t start_action; - action_t close_action; - u_int32_t reqid; - u_int32_t tfc; - mark_t mark_in; - mark_t mark_out; - u_int64_t inactivity; linked_list_t *proposals; linked_list_t *local_ts; linked_list_t *remote_ts; + uint32_t replay_window; + bool policies; + child_cfg_create_t cfg; } child_data_t; /** @@ -447,35 +445,39 @@ typedef struct { */ static void log_child_data(child_data_t *data, char *name) { + child_cfg_create_t *cfg = &data->cfg; + DBG2(DBG_CFG, " child %s:", name); - DBG2(DBG_CFG, " rekey_time = %llu", data->lft.time.rekey); - DBG2(DBG_CFG, " life_time = %llu", data->lft.time.life); - DBG2(DBG_CFG, " rand_time = %llu", data->lft.time.jitter); - DBG2(DBG_CFG, " rekey_bytes = %llu", data->lft.bytes.rekey); - DBG2(DBG_CFG, " life_bytes = %llu", data->lft.bytes.life); - DBG2(DBG_CFG, " rand_bytes = %llu", data->lft.bytes.jitter); - DBG2(DBG_CFG, " rekey_packets = %llu", data->lft.packets.rekey); - DBG2(DBG_CFG, " life_packets = %llu", data->lft.packets.life); - DBG2(DBG_CFG, " rand_packets = %llu", data->lft.packets.jitter); - DBG2(DBG_CFG, " updown = %s", data->updown); - DBG2(DBG_CFG, " hostaccess = %u", data->hostaccess); - DBG2(DBG_CFG, " ipcomp = %u", data->ipcomp); - DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, data->mode); + DBG2(DBG_CFG, " rekey_time = %llu", cfg->lifetime.time.rekey); + DBG2(DBG_CFG, " life_time = %llu", cfg->lifetime.time.life); + DBG2(DBG_CFG, " rand_time = %llu", cfg->lifetime.time.jitter); + DBG2(DBG_CFG, " rekey_bytes = %llu", cfg->lifetime.bytes.rekey); + DBG2(DBG_CFG, " life_bytes = %llu", cfg->lifetime.bytes.life); + DBG2(DBG_CFG, " rand_bytes = %llu", cfg->lifetime.bytes.jitter); + DBG2(DBG_CFG, " rekey_packets = %llu", cfg->lifetime.packets.rekey); + DBG2(DBG_CFG, " life_packets = %llu", cfg->lifetime.packets.life); + DBG2(DBG_CFG, " rand_packets = %llu", cfg->lifetime.packets.jitter); + DBG2(DBG_CFG, " updown = %s", cfg->updown); + DBG2(DBG_CFG, " hostaccess = %u", cfg->hostaccess); + DBG2(DBG_CFG, " ipcomp = %u", cfg->ipcomp); + DBG2(DBG_CFG, " mode = %N", ipsec_mode_names, cfg->mode); DBG2(DBG_CFG, " policies = %u", data->policies); if (data->replay_window != REPLAY_UNDEFINED) { DBG2(DBG_CFG, " replay_window = %u", data->replay_window); } - DBG2(DBG_CFG, " dpd_action = %N", action_names, data->dpd_action); - DBG2(DBG_CFG, " start_action = %N", action_names, data->start_action); - DBG2(DBG_CFG, " close_action = %N", action_names, data->close_action); - DBG2(DBG_CFG, " reqid = %u", data->reqid); - DBG2(DBG_CFG, " tfc = %d", data->tfc); + DBG2(DBG_CFG, " dpd_action = %N", action_names, cfg->dpd_action); + DBG2(DBG_CFG, " start_action = %N", action_names, cfg->start_action); + DBG2(DBG_CFG, " close_action = %N", action_names, cfg->close_action); + DBG2(DBG_CFG, " reqid = %u", cfg->reqid); + DBG2(DBG_CFG, " tfc = %d", cfg->tfc); + DBG2(DBG_CFG, " priority = %d", cfg->priority); + DBG2(DBG_CFG, " interface = %s", cfg->interface); DBG2(DBG_CFG, " mark_in = %u/%u", - data->mark_in.value, data->mark_in.mask); + cfg->mark_in.value, cfg->mark_in.mask); DBG2(DBG_CFG, " mark_out = %u/%u", - data->mark_out.value, data->mark_out.mask); - DBG2(DBG_CFG, " inactivity = %llu", data->inactivity); + cfg->mark_out.value, cfg->mark_out.mask); + DBG2(DBG_CFG, " inactivity = %llu", cfg->inactivity); DBG2(DBG_CFG, " proposals = %#P", data->proposals); DBG2(DBG_CFG, " local_ts = %#R", data->local_ts); DBG2(DBG_CFG, " remote_ts = %#R", data->remote_ts); @@ -492,7 +494,8 @@ static void free_child_data(child_data_t *data) offsetof(traffic_selector_t, destroy)); data->remote_ts->destroy_offset(data->remote_ts, offsetof(traffic_selector_t, destroy)); - free(data->updown); + free(data->cfg.updown); + free(data->cfg.interface); } /** @@ -568,8 +571,8 @@ CALLBACK(parse_ts, bool, struct protoent *protoent; struct servent *svc; long int p; - u_int16_t from = 0, to = 0xffff; - u_int8_t proto = 0; + uint16_t from = 0, to = 0xffff; + uint8_t proto = 0; if (!vici_stringify(v, buf, sizeof(buf))) { @@ -613,7 +616,7 @@ CALLBACK(parse_ts, bool, { return FALSE; } - proto = (u_int8_t)p; + proto = (uint8_t)p; } } if (streq(port, "opaque")) @@ -809,10 +812,10 @@ CALLBACK(parse_action, bool, } /** - * Parse a u_int32_t + * Parse a uint32_t */ CALLBACK(parse_uint32, bool, - u_int32_t *out, chunk_t v) + uint32_t *out, chunk_t v) { char buf[16], *end; u_long l; @@ -831,10 +834,10 @@ CALLBACK(parse_uint32, bool, } /** - * Parse a u_int64_t + * Parse a uint64_t */ CALLBACK(parse_uint64, bool, - u_int64_t *out, chunk_t v) + uint64_t *out, chunk_t v) { char buf[16], *end; unsigned long long l; @@ -856,7 +859,7 @@ CALLBACK(parse_uint64, bool, * Parse a relative time */ CALLBACK(parse_time, bool, - u_int64_t *out, chunk_t v) + uint64_t *out, chunk_t v) { char buf[16], *end; u_long l; @@ -906,7 +909,7 @@ CALLBACK(parse_time, bool, * Parse byte volume */ CALLBACK(parse_bytes, bool, - u_int64_t *out, chunk_t v) + uint64_t *out, chunk_t v) { char buf[16], *end; unsigned long long l; @@ -968,7 +971,7 @@ CALLBACK(parse_mark, bool, * Parse TFC padding option */ CALLBACK(parse_tfc, bool, - u_int32_t *out, chunk_t v) + uint32_t *out, chunk_t v) { if (chunk_equals(v, chunk_from_str("mtu"))) { @@ -1327,29 +1330,31 @@ CALLBACK(child_kv, bool, child_data_t *child, vici_message_t *message, char *name, chunk_t value) { parse_rule_t rules[] = { - { "updown", parse_string, &child->updown }, - { "hostaccess", parse_bool, &child->hostaccess }, - { "mode", parse_mode, &child->mode }, - { "policies", parse_bool, &child->policies }, - { "replay_window", parse_uint32, &child->replay_window }, - { "rekey_time", parse_time, &child->lft.time.rekey }, - { "life_time", parse_time, &child->lft.time.life }, - { "rand_time", parse_time, &child->lft.time.jitter }, - { "rekey_bytes", parse_bytes, &child->lft.bytes.rekey }, - { "life_bytes", parse_bytes, &child->lft.bytes.life }, - { "rand_bytes", parse_bytes, &child->lft.bytes.jitter }, - { "rekey_packets", parse_uint64, &child->lft.packets.rekey }, - { "life_packets", parse_uint64, &child->lft.packets.life }, - { "rand_packets", parse_uint64, &child->lft.packets.jitter }, - { "dpd_action", parse_action, &child->dpd_action }, - { "start_action", parse_action, &child->start_action }, - { "close_action", parse_action, &child->close_action }, - { "ipcomp", parse_bool, &child->ipcomp }, - { "inactivity", parse_time, &child->inactivity }, - { "reqid", parse_uint32, &child->reqid }, - { "mark_in", parse_mark, &child->mark_in }, - { "mark_out", parse_mark, &child->mark_out }, - { "tfc_padding", parse_tfc, &child->tfc }, + { "updown", parse_string, &child->cfg.updown }, + { "hostaccess", parse_bool, &child->cfg.hostaccess }, + { "mode", parse_mode, &child->cfg.mode }, + { "policies", parse_bool, &child->policies }, + { "replay_window", parse_uint32, &child->replay_window }, + { "rekey_time", parse_time, &child->cfg.lifetime.time.rekey }, + { "life_time", parse_time, &child->cfg.lifetime.time.life }, + { "rand_time", parse_time, &child->cfg.lifetime.time.jitter }, + { "rekey_bytes", parse_bytes, &child->cfg.lifetime.bytes.rekey }, + { "life_bytes", parse_bytes, &child->cfg.lifetime.bytes.life }, + { "rand_bytes", parse_bytes, &child->cfg.lifetime.bytes.jitter }, + { "rekey_packets", parse_uint64, &child->cfg.lifetime.packets.rekey }, + { "life_packets", parse_uint64, &child->cfg.lifetime.packets.life }, + { "rand_packets", parse_uint64, &child->cfg.lifetime.packets.jitter }, + { "dpd_action", parse_action, &child->cfg.dpd_action }, + { "start_action", parse_action, &child->cfg.start_action }, + { "close_action", parse_action, &child->cfg.close_action }, + { "ipcomp", parse_bool, &child->cfg.ipcomp }, + { "inactivity", parse_time, &child->cfg.inactivity }, + { "reqid", parse_uint32, &child->cfg.reqid }, + { "mark_in", parse_mark, &child->cfg.mark_in }, + { "mark_out", parse_mark, &child->cfg.mark_out }, + { "tfc_padding", parse_tfc, &child->cfg.tfc }, + { "priority", parse_uint32, &child->cfg.priority }, + { "interface", parse_string, &child->cfg.interface }, }; return parse_rules(rules, countof(rules), name, value, @@ -1430,6 +1435,42 @@ CALLBACK(peer_kv, bool, &peer->request->reply); } +/** + * Check and update lifetimes + */ +static void check_lifetimes(lifetime_cfg_t *lft) +{ + /* if no hard lifetime specified, add one at soft lifetime + 10% */ + if (lft->time.life == LFT_UNDEFINED) + { + lft->time.life = lft->time.rekey * 110 / 100; + } + if (lft->bytes.life == LFT_UNDEFINED) + { + lft->bytes.life = lft->bytes.rekey * 110 / 100; + } + if (lft->packets.life == LFT_UNDEFINED) + { + lft->packets.life = lft->packets.rekey * 110 / 100; + } + /* if no rand time defined, use difference of hard and soft */ + if (lft->time.jitter == LFT_UNDEFINED) + { + lft->time.jitter = lft->time.life - + min(lft->time.life, lft->time.rekey); + } + if (lft->bytes.jitter == LFT_UNDEFINED) + { + lft->bytes.jitter = lft->bytes.life - + min(lft->bytes.life, lft->bytes.rekey); + } + if (lft->packets.jitter == LFT_UNDEFINED) + { + lft->packets.jitter = lft->packets.life - + min(lft->packets.life, lft->packets.rekey); + } +} + CALLBACK(children_sn, bool, peer_data_t *peer, vici_message_t *message, vici_parse_context_t *ctx, char *name) @@ -1439,29 +1480,28 @@ CALLBACK(children_sn, bool, .proposals = linked_list_create(), .local_ts = linked_list_create(), .remote_ts = linked_list_create(), - .mode = MODE_TUNNEL, .policies = TRUE, .replay_window = REPLAY_UNDEFINED, - .dpd_action = ACTION_NONE, - .start_action = ACTION_NONE, - .close_action = ACTION_NONE, - .lft = { - .time = { - .rekey = LFT_DEFAULT_CHILD_REKEY, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, - }, - .bytes = { - .rekey = LFT_UNDEFINED, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, + .cfg = { + .mode = MODE_TUNNEL, + .lifetime = { + .time = { + .rekey = LFT_DEFAULT_CHILD_REKEY_TIME, + .life = LFT_UNDEFINED, + .jitter = LFT_UNDEFINED, + }, + .bytes = { + .rekey = LFT_DEFAULT_CHILD_REKEY_BYTES, + .life = LFT_UNDEFINED, + .jitter = LFT_UNDEFINED, + }, + .packets = { + .rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS, + .life = LFT_UNDEFINED, + .jitter = LFT_UNDEFINED, + }, }, - .packets = { - .rekey = LFT_UNDEFINED, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, - }, - } + }, }; child_cfg_t *cfg; proposal_t *proposal; @@ -1496,55 +1536,13 @@ CALLBACK(children_sn, bool, child.proposals->insert_last(child.proposals, proposal); } } + child.cfg.suppress_policies = !child.policies; - /* if no hard lifetime specified, add one at soft lifetime + 10% */ - if (child.lft.time.life == LFT_UNDEFINED) - { - child.lft.time.life = child.lft.time.rekey * 110 / 100; - } - if (child.lft.bytes.life == LFT_UNDEFINED) - { - child.lft.bytes.life = child.lft.bytes.rekey * 110 / 100; - } - if (child.lft.packets.life == LFT_UNDEFINED) - { - child.lft.packets.life = child.lft.packets.rekey * 110 / 100; - } - /* if no soft lifetime specified, add one at hard lifetime - 10% */ - if (child.lft.bytes.rekey == LFT_UNDEFINED) - { - child.lft.bytes.rekey = child.lft.bytes.life * 90 / 100; - } - if (child.lft.packets.rekey == LFT_UNDEFINED) - { - child.lft.packets.rekey = child.lft.packets.life * 90 / 100; - } - /* if no rand time defined, use difference of hard and soft */ - if (child.lft.time.jitter == LFT_UNDEFINED) - { - child.lft.time.jitter = child.lft.time.life - - min(child.lft.time.life, child.lft.time.rekey); - } - if (child.lft.bytes.jitter == LFT_UNDEFINED) - { - child.lft.bytes.jitter = child.lft.bytes.life - - min(child.lft.bytes.life, child.lft.bytes.rekey); - } - if (child.lft.packets.jitter == LFT_UNDEFINED) - { - child.lft.packets.jitter = child.lft.packets.life - - min(child.lft.packets.life, child.lft.packets.rekey); - } + check_lifetimes(&child.cfg.lifetime); log_child_data(&child, name); - cfg = child_cfg_create(name, &child.lft, child.updown, - child.hostaccess, child.mode, child.start_action, - child.dpd_action, child.close_action, child.ipcomp, - child.inactivity, child.reqid, &child.mark_in, - &child.mark_out, child.tfc); - - cfg->set_mipv6_options(cfg, FALSE, child.policies); + cfg = child_cfg_create(name, &child.cfg); if (child.replay_window != REPLAY_UNDEFINED) { @@ -1649,12 +1647,12 @@ CALLBACK(peer_sn, bool, /** * Find reqid of an existing CHILD_SA */ -static u_int32_t find_reqid(child_cfg_t *cfg) +static uint32_t find_reqid(child_cfg_t *cfg) { enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; - u_int32_t reqid; + uint32_t reqid; reqid = charon->traps->find_reqid(charon->traps, cfg); if (reqid) @@ -1723,7 +1721,7 @@ static void clear_start_action(private_vici_config_t *this, char *peer_name, enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; - u_int32_t id = 0, others; + uint32_t id = 0, others; array_t *ids = NULL, *ikeids = NULL; char *name; @@ -1987,6 +1985,7 @@ CALLBACK(config_sn, bool, .rand_time = LFT_UNDEFINED, }; enumerator_t *enumerator; + peer_cfg_create_t cfg; peer_cfg_t *peer_cfg; ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; @@ -2046,7 +2045,7 @@ CALLBACK(config_sn, bool, if (peer.rekey_time == LFT_UNDEFINED && peer.reauth_time == LFT_UNDEFINED) { /* apply a default rekey time if no rekey/reauth time set */ - peer.rekey_time = LFT_DEFAULT_IKE_REKEY; + peer.rekey_time = LFT_DEFAULT_IKE_REKEY_TIME; peer.reauth_time = 0; } if (peer.rekey_time == LFT_UNDEFINED) @@ -2083,12 +2082,22 @@ CALLBACK(config_sn, bool, peer.local_addrs, peer.local_port, peer.remote_addrs, peer.remote_port, peer.fragmentation, 0); - peer_cfg = peer_cfg_create(name, ike_cfg, peer.send_cert, peer.unique, - peer.keyingtries, peer.rekey_time, peer.reauth_time, - peer.rand_time, peer.over_time, peer.mobike, - peer.aggressive, peer.pull, - peer.dpd_delay, peer.dpd_timeout, - FALSE, NULL, NULL); + + cfg = (peer_cfg_create_t){ + .cert_policy = peer.send_cert, + .unique = peer.unique, + .keyingtries = peer.keyingtries, + .rekey_time = peer.rekey_time, + .reauth_time = peer.reauth_time, + .jitter_time = peer.rand_time, + .over_time = peer.over_time, + .no_mobike = !peer.mobike, + .aggressive = peer.aggressive, + .push_mode = !peer.pull, + .dpd = peer.dpd_delay, + .dpd_timeout = peer.dpd_timeout, + }; + peer_cfg = peer_cfg_create(name, ike_cfg, &cfg); while (peer.local->remove_first(peer.local, (void**)&auth) == SUCCESS) diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c index c526d2fda..44003819a 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -507,12 +507,12 @@ CALLBACK(redirect, vici_message_t*, /** * Find reqid of an existing CHILD_SA */ -static u_int32_t find_reqid(child_cfg_t *cfg) +static uint32_t find_reqid(child_cfg_t *cfg) { enumerator_t *enumerator, *children; child_sa_t *child_sa; ike_sa_t *ike_sa; - u_int32_t reqid; + uint32_t reqid; reqid = charon->traps->find_reqid(charon->traps, cfg); if (reqid) @@ -583,7 +583,7 @@ CALLBACK(uninstall, vici_message_t*, { child_sa_t *child_sa; enumerator_t *enumerator; - u_int32_t reqid = 0; + uint32_t reqid = 0; char *child; child = request->get_str(request, NULL, "child"); diff --git a/src/libcharon/plugins/vici/vici_dispatcher.c b/src/libcharon/plugins/vici/vici_dispatcher.c index 31292d6b3..ffe0d61e5 100644 --- a/src/libcharon/plugins/vici/vici_dispatcher.c +++ b/src/libcharon/plugins/vici/vici_dispatcher.c @@ -119,10 +119,10 @@ static void send_op(private_vici_dispatcher_t *this, u_int id, bio_writer_t *writer; u_int len; - len = sizeof(u_int8_t); + len = sizeof(uint8_t); if (name) { - len += sizeof(u_int8_t) + strlen(name); + len += sizeof(uint8_t) + strlen(name); } if (message) { @@ -308,7 +308,7 @@ CALLBACK(inbound, void, { bio_reader_t *reader; chunk_t chunk; - u_int8_t type; + uint8_t type; char name[257]; reader = bio_reader_create(data); diff --git a/src/libcharon/plugins/vici/vici_message.c b/src/libcharon/plugins/vici/vici_message.c index fb6e8a1ab..58b896773 100644 --- a/src/libcharon/plugins/vici/vici_message.c +++ b/src/libcharon/plugins/vici/vici_message.c @@ -137,7 +137,7 @@ typedef struct { METHOD(enumerator_t, parse_enumerate, bool, parse_enumerator_t *this, vici_type_t *out, char **name, chunk_t *value) { - u_int8_t type; + uint8_t type; chunk_t data; if (!this->reader->remaining(this->reader) || diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c index 284c23ee0..04cea004e 100644 --- a/src/libcharon/plugins/vici/vici_query.c +++ b/src/libcharon/plugins/vici/vici_query.c @@ -86,8 +86,8 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, child_sa_t *child, time_t now) { time_t t; - u_int64_t bytes, packets; - u_int16_t alg, ks; + uint64_t bytes, packets; + uint16_t alg, ks; proposal_t *proposal; enumerator_t *enumerator; traffic_selector_t *ts; @@ -152,7 +152,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "packets-in", "%" PRIu64, packets); if (t) { - b->add_kv(b, "use-in", "%"PRIu64, (u_int64_t)(now - t)); + b->add_kv(b, "use-in", "%"PRIu64, (uint64_t)(now - t)); } child->get_usestats(child, FALSE, &t, &bytes, &packets); @@ -160,7 +160,7 @@ static void list_child(private_vici_query_t *this, vici_builder_t *b, b->add_kv(b, "packets-out", "%"PRIu64, packets); if (t) { - b->add_kv(b, "use-out", "%"PRIu64, (u_int64_t)(now - t)); + b->add_kv(b, "use-out", "%"PRIu64, (uint64_t)(now - t)); } t = child->get_lifetime(child, FALSE); @@ -272,7 +272,7 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, ike_sa_id_t *id; identification_t *eap; proposal_t *proposal; - u_int16_t alg, ks; + uint16_t alg, ks; host_t *host; b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa)); @@ -682,9 +682,11 @@ CALLBACK(list_conns, vici_message_t*, peer_cfg_t *peer_cfg; ike_cfg_t *ike_cfg; child_cfg_t *child_cfg; - char *ike, *str; + char *ike, *str, *interface; + uint32_t manual_prio; linked_list_t *list; traffic_selector_t *ts; + lifetime_cfg_t *lft; vici_builder_t *b; ike = request->get_str(request, NULL, "ike"); @@ -725,6 +727,10 @@ CALLBACK(list_conns, vici_message_t*, b->add_kv(b, "version", "%N", ike_version_names, peer_cfg->get_ike_version(peer_cfg)); + b->add_kv(b, "reauth_time", "%u", + peer_cfg->get_reauth_time(peer_cfg, FALSE)); + b->add_kv(b, "rekey_time", "%u", + peer_cfg->get_rekey_time(peer_cfg, FALSE)); build_auth_cfgs(peer_cfg, TRUE, b); build_auth_cfgs(peer_cfg, FALSE, b); @@ -739,6 +745,12 @@ CALLBACK(list_conns, vici_message_t*, b->add_kv(b, "mode", "%N", ipsec_mode_names, child_cfg->get_mode(child_cfg)); + lft = child_cfg->get_lifetime(child_cfg, FALSE); + b->add_kv(b, "rekey_time", "%"PRIu64, lft->time.rekey); + b->add_kv(b, "rekey_bytes", "%"PRIu64, lft->bytes.rekey); + b->add_kv(b, "rekey_packets", "%"PRIu64, lft->packets.rekey); + free(lft); + b->begin_list(b, "local-ts"); list = child_cfg->get_traffic_selectors(child_cfg, TRUE, NULL, NULL); selectors = list->create_enumerator(list); @@ -761,6 +773,18 @@ CALLBACK(list_conns, vici_message_t*, list->destroy_offset(list, offsetof(traffic_selector_t, destroy)); b->end_list(b /* remote-ts */); + interface = child_cfg->get_interface(child_cfg); + if (interface) + { + b->add_kv(b, "interface", "%s", interface); + } + + manual_prio = child_cfg->get_manual_prio(child_cfg); + if (manual_prio) + { + b->add_kv(b, "priority", "%u", manual_prio); + } + b->end_section(b); } children->destroy(children); diff --git a/src/libcharon/plugins/vici/vici_socket.c b/src/libcharon/plugins/vici/vici_socket.c index 67fd7e8e3..2a55fd061 100644 --- a/src/libcharon/plugins/vici/vici_socket.c +++ b/src/libcharon/plugins/vici/vici_socket.c @@ -95,11 +95,11 @@ typedef struct { /** bytes of length header sent/received */ u_char hdrlen; /** bytes of length header */ - char hdr[sizeof(u_int32_t)]; + char hdr[sizeof(uint32_t)]; /** send/receive buffer on heap */ chunk_t buf; /** bytes sent/received in buffer */ - u_int32_t done; + uint32_t done; } msg_buf_t; /** @@ -411,7 +411,7 @@ CALLBACK(on_write, bool, static bool do_read(private_vici_socket_t *this, entry_t *entry, stream_t *stream, char *errmsg, size_t errlen) { - u_int32_t msglen; + uint32_t msglen; ssize_t len; /* assemble the length header first */ diff --git a/src/libcharon/plugins/whitelist/Makefile.in b/src/libcharon/plugins/whitelist/Makefile.in index 549ef6bce..47fcf91cd 100644 --- a/src/libcharon/plugins/whitelist/Makefile.in +++ b/src/libcharon/plugins/whitelist/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = whitelist$(EXEEXT) subdir = src/libcharon/plugins/whitelist -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +423,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -470,7 +484,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/whitelist/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -840,6 +853,8 @@ uninstall-am: uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_eap/Makefile.in b/src/libcharon/plugins/xauth_eap/Makefile.in index 6992df820..0e88f8e32 100644 --- a/src/libcharon/plugins/xauth_eap/Makefile.in +++ b/src/libcharon/plugins/xauth_eap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_eap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_eap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_eap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_eap/xauth_eap.c b/src/libcharon/plugins/xauth_eap/xauth_eap.c index f21d02697..9e103be1c 100644 --- a/src/libcharon/plugins/xauth_eap/xauth_eap.c +++ b/src/libcharon/plugins/xauth_eap/xauth_eap.c @@ -113,7 +113,7 @@ static bool verify_eap(private_xauth_eap_t *this, eap_method_t *backend) eap_payload_t *request, *response; eap_method_t *frontend; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; status_t status; if (backend->initiate(backend, &request) != NEED_MORE) diff --git a/src/libcharon/plugins/xauth_generic/Makefile.in b/src/libcharon/plugins/xauth_generic/Makefile.in index 057a734a3..e20b46f57 100644 --- a/src/libcharon/plugins/xauth_generic/Makefile.in +++ b/src/libcharon/plugins/xauth_generic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_generic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_generic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_generic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_noauth/Makefile.in b/src/libcharon/plugins/xauth_noauth/Makefile.in index 6b0104e30..b8adbbf43 100644 --- a/src/libcharon/plugins/xauth_noauth/Makefile.in +++ b/src/libcharon/plugins/xauth_noauth/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_noauth -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_noauth/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/xauth_pam/Makefile.in b/src/libcharon/plugins/xauth_pam/Makefile.in index ae6a4d070..79c466689 100644 --- a/src/libcharon/plugins/xauth_pam/Makefile.in +++ b/src/libcharon/plugins/xauth_pam/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/xauth_pam -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_pam/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/xauth_pam/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/processing/jobs/acquire_job.c b/src/libcharon/processing/jobs/acquire_job.c index 207f534ba..cd4a4ca89 100644 --- a/src/libcharon/processing/jobs/acquire_job.c +++ b/src/libcharon/processing/jobs/acquire_job.c @@ -32,7 +32,7 @@ struct private_acquire_job_t { /** * reqid of the child to rekey */ - u_int32_t reqid; + uint32_t reqid; /** * acquired source traffic selector @@ -70,7 +70,7 @@ METHOD(job_t, get_priority, job_priority_t, /* * Described in header */ -acquire_job_t *acquire_job_create(u_int32_t reqid, +acquire_job_t *acquire_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts) { diff --git a/src/libcharon/processing/jobs/acquire_job.h b/src/libcharon/processing/jobs/acquire_job.h index 2b5bf4805..4d31f0569 100644 --- a/src/libcharon/processing/jobs/acquire_job.h +++ b/src/libcharon/processing/jobs/acquire_job.h @@ -47,7 +47,7 @@ struct acquire_job_t { * @param dst_ts destination traffic selector * @return acquire_job_t object */ -acquire_job_t *acquire_job_create(u_int32_t reqid, +acquire_job_t *acquire_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts); diff --git a/src/libcharon/processing/jobs/adopt_children_job.c b/src/libcharon/processing/jobs/adopt_children_job.c index c39689012..ff8e78b6b 100644 --- a/src/libcharon/processing/jobs/adopt_children_job.c +++ b/src/libcharon/processing/jobs/adopt_children_job.c @@ -64,7 +64,7 @@ METHOD(job_t, execute, job_requeue_t, ike_sa_id_t *id; ike_sa_t *ike_sa; child_sa_t *child_sa; - u_int32_t unique; + uint32_t unique; ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->id); if (ike_sa) diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.c b/src/libcharon/processing/jobs/delete_child_sa_job.c index 0d85883be..70dbc1b4a 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.c +++ b/src/libcharon/processing/jobs/delete_child_sa_job.c @@ -38,7 +38,7 @@ struct private_delete_child_sa_job_t { /** * inbound SPI of the CHILD_SA */ - u_int32_t spi; + uint32_t spi; /** * SA destination address @@ -89,7 +89,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, bool expired) + uint32_t spi, host_t *dst, bool expired) { private_delete_child_sa_job_t *this; diff --git a/src/libcharon/processing/jobs/delete_child_sa_job.h b/src/libcharon/processing/jobs/delete_child_sa_job.h index 6fa53644c..349f5debb 100644 --- a/src/libcharon/processing/jobs/delete_child_sa_job.h +++ b/src/libcharon/processing/jobs/delete_child_sa_job.h @@ -51,6 +51,6 @@ struct delete_child_sa_job_t { * @return delete_child_sa_job_t object */ delete_child_sa_job_t *delete_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, bool expired); + uint32_t spi, host_t *dst, bool expired); #endif /** DELETE_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/inactivity_job.c b/src/libcharon/processing/jobs/inactivity_job.c index f0f90eedf..bf16e51b5 100644 --- a/src/libcharon/processing/jobs/inactivity_job.c +++ b/src/libcharon/processing/jobs/inactivity_job.c @@ -32,12 +32,12 @@ struct private_inactivity_job_t { /** * Unique CHILD_SA identifier to check */ - u_int32_t id; + uint32_t id; /** * Inactivity timeout */ - u_int32_t timeout; + uint32_t timeout; /** * Close IKE_SA if last remaining CHILD inactive? @@ -55,7 +55,7 @@ METHOD(job_t, execute, job_requeue_t, private_inactivity_job_t *this) { ike_sa_t *ike_sa; - u_int32_t reschedule = 0; + uint32_t reschedule = 0; ike_sa = charon->child_sa_manager->checkout_by_id(charon->child_sa_manager, this->id, NULL); @@ -63,7 +63,7 @@ METHOD(job_t, execute, job_requeue_t, { enumerator_t *enumerator; child_sa_t *child_sa; - u_int32_t delete = 0; + uint32_t delete = 0; protocol_id_t proto = 0; int children = 0; status_t status = SUCCESS; @@ -136,7 +136,7 @@ METHOD(job_t, get_priority, job_priority_t, /** * See header */ -inactivity_job_t *inactivity_job_create(u_int32_t unique_id, u_int32_t timeout, +inactivity_job_t *inactivity_job_create(uint32_t unique_id, uint32_t timeout, bool close_ike) { private_inactivity_job_t *this; diff --git a/src/libcharon/processing/jobs/inactivity_job.h b/src/libcharon/processing/jobs/inactivity_job.h index ff19fe560..240782fa8 100644 --- a/src/libcharon/processing/jobs/inactivity_job.h +++ b/src/libcharon/processing/jobs/inactivity_job.h @@ -47,7 +47,7 @@ struct inactivity_job_t { * @param close_ike close IKE_SA if the last remaining CHILD_SA is inactive? * @return inactivity checking job */ -inactivity_job_t *inactivity_job_create(u_int32_t unique_id, u_int32_t timeout, +inactivity_job_t *inactivity_job_create(uint32_t unique_id, uint32_t timeout, bool close_ike); #endif /** INACTIVITY_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/migrate_job.c b/src/libcharon/processing/jobs/migrate_job.c index 097dbdffd..461ba11d1 100644 --- a/src/libcharon/processing/jobs/migrate_job.c +++ b/src/libcharon/processing/jobs/migrate_job.c @@ -34,7 +34,7 @@ struct private_migrate_job_t { /** * reqid of the CHILD_SA if it already exists */ - u_int32_t reqid; + uint32_t reqid; /** * source traffic selector @@ -144,7 +144,7 @@ METHOD(job_t, get_priority, job_priority_t, /* * Described in header */ -migrate_job_t *migrate_job_create(u_int32_t reqid, +migrate_job_t *migrate_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t dir, diff --git a/src/libcharon/processing/jobs/migrate_job.h b/src/libcharon/processing/jobs/migrate_job.h index 0f2b9aaad..140635bed 100644 --- a/src/libcharon/processing/jobs/migrate_job.h +++ b/src/libcharon/processing/jobs/migrate_job.h @@ -54,7 +54,7 @@ struct migrate_job_t { * @param remote remote host address to be used in the IKE_SA * @return migrate_job_t object */ -migrate_job_t *migrate_job_create(u_int32_t reqid, +migrate_job_t *migrate_job_create(uint32_t reqid, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t dir, host_t *local, host_t *remote); diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.c b/src/libcharon/processing/jobs/rekey_child_sa_job.c index 057876b33..d76f4f65b 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.c @@ -38,7 +38,7 @@ struct private_rekey_child_sa_job_t { /** * inbound SPI of the CHILD_SA */ - u_int32_t spi; + uint32_t spi; /** * SA destination address @@ -86,7 +86,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst) + uint32_t spi, host_t *dst) { private_rekey_child_sa_job_t *this; diff --git a/src/libcharon/processing/jobs/rekey_child_sa_job.h b/src/libcharon/processing/jobs/rekey_child_sa_job.h index 364bb5ae7..1de06fd07 100644 --- a/src/libcharon/processing/jobs/rekey_child_sa_job.h +++ b/src/libcharon/processing/jobs/rekey_child_sa_job.h @@ -49,5 +49,5 @@ struct rekey_child_sa_job_t { * @return rekey_child_sa_job_t object */ rekey_child_sa_job_t *rekey_child_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst); + uint32_t spi, host_t *dst); #endif /** REKEY_CHILD_SA_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/rekey_ike_sa_job.c b/src/libcharon/processing/jobs/rekey_ike_sa_job.c index 403d826a3..148db2f92 100644 --- a/src/libcharon/processing/jobs/rekey_ike_sa_job.c +++ b/src/libcharon/processing/jobs/rekey_ike_sa_job.c @@ -49,11 +49,11 @@ METHOD(job_t, destroy, void, /** * Check if we should delay a reauth, and by how many seconds */ -static u_int32_t get_retry_delay(ike_sa_t *ike_sa) +static uint32_t get_retry_delay(ike_sa_t *ike_sa) { enumerator_t *enumerator; child_sa_t *child_sa; - u_int32_t retry = 0; + uint32_t retry = 0; /* avoid reauth collisions for certain IKE_SA/CHILD_SA states */ if (ike_sa->get_state(ike_sa) != IKE_ESTABLISHED) @@ -87,7 +87,7 @@ METHOD(job_t, execute, job_requeue_t, { ike_sa_t *ike_sa; status_t status = SUCCESS; - u_int32_t retry = 0; + uint32_t retry = 0; ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, this->ike_sa_id); diff --git a/src/libcharon/processing/jobs/retransmit_job.c b/src/libcharon/processing/jobs/retransmit_job.c index 48c326804..4daa41868 100644 --- a/src/libcharon/processing/jobs/retransmit_job.c +++ b/src/libcharon/processing/jobs/retransmit_job.c @@ -32,7 +32,7 @@ struct private_retransmit_job_t { /** * Message ID of the request to resend. */ - u_int32_t message_id; + uint32_t message_id; /** * ID of the IKE_SA which the message belongs to. @@ -79,7 +79,7 @@ METHOD(job_t, get_priority, job_priority_t, /* * Described in header. */ -retransmit_job_t *retransmit_job_create(u_int32_t message_id,ike_sa_id_t *ike_sa_id) +retransmit_job_t *retransmit_job_create(uint32_t message_id,ike_sa_id_t *ike_sa_id) { private_retransmit_job_t *this; diff --git a/src/libcharon/processing/jobs/retransmit_job.h b/src/libcharon/processing/jobs/retransmit_job.h index c4545534b..595513cef 100644 --- a/src/libcharon/processing/jobs/retransmit_job.h +++ b/src/libcharon/processing/jobs/retransmit_job.h @@ -49,7 +49,7 @@ struct retransmit_job_t { * @param ike_sa_id identification of the ike_sa as ike_sa_id_t * @return retransmit_job_t object */ -retransmit_job_t *retransmit_job_create(u_int32_t message_id, +retransmit_job_t *retransmit_job_create(uint32_t message_id, ike_sa_id_t *ike_sa_id); #endif /** RETRANSMIT_JOB_H_ @}*/ diff --git a/src/libcharon/processing/jobs/update_sa_job.c b/src/libcharon/processing/jobs/update_sa_job.c index 862506d90..3360b7dc5 100644 --- a/src/libcharon/processing/jobs/update_sa_job.c +++ b/src/libcharon/processing/jobs/update_sa_job.c @@ -41,7 +41,7 @@ struct private_update_sa_job_t { /** * SPI of the CHILD_SA */ - u_int32_t spi; + uint32_t spi; /** * Old SA destination address @@ -92,7 +92,7 @@ METHOD(job_t, get_priority, job_priority_t, * Described in header */ update_sa_job_t *update_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, host_t *new) + uint32_t spi, host_t *dst, host_t *new) { private_update_sa_job_t *this; diff --git a/src/libcharon/processing/jobs/update_sa_job.h b/src/libcharon/processing/jobs/update_sa_job.h index 9c19f5b6e..ed978dc8b 100644 --- a/src/libcharon/processing/jobs/update_sa_job.h +++ b/src/libcharon/processing/jobs/update_sa_job.h @@ -49,6 +49,6 @@ struct update_sa_job_t { * @return update_sa_job_t object */ update_sa_job_t *update_sa_job_create(protocol_id_t protocol, - u_int32_t spi, host_t *dst, host_t *new); + uint32_t spi, host_t *dst, host_t *new); #endif /** UPDATE_SA_JOB_H_ @}*/ diff --git a/src/libcharon/sa/child_sa.c b/src/libcharon/sa/child_sa.c index 56b7cb5a4..8a405d93c 100644 --- a/src/libcharon/sa/child_sa.c +++ b/src/libcharon/sa/child_sa.c @@ -1,9 +1,10 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Coypright (C) 2016 Andreas Steffen + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -63,22 +64,22 @@ struct private_child_sa_t { /** * our actually used SPI, 0 if unused */ - u_int32_t my_spi; + uint32_t my_spi; /** * others used SPI, 0 if unused */ - u_int32_t other_spi; + uint32_t other_spi; /** * our Compression Parameter Index (CPI) used, 0 if unused */ - u_int16_t my_cpi; + uint16_t my_cpi; /** * others Compression Parameter Index (CPI) used, 0 if unused */ - u_int16_t other_cpi; + uint16_t other_cpi; /** * Array for local traffic selectors @@ -98,7 +99,7 @@ struct private_child_sa_t { /** * reqid used for this child_sa */ - u_int32_t reqid; + uint32_t reqid; /** * Did we allocate/confirm and must release the reqid? @@ -113,7 +114,7 @@ struct private_child_sa_t { /* * Unique CHILD_SA identifier */ - u_int32_t unique_id; + uint32_t unique_id; /** * inbound mark used for this child_sa @@ -198,28 +199,28 @@ struct private_child_sa_t { /** * last number of inbound bytes */ - u_int64_t my_usebytes; + uint64_t my_usebytes; /** * last number of outbound bytes */ - u_int64_t other_usebytes; + uint64_t other_usebytes; /** * last number of inbound packets */ - u_int64_t my_usepackets; + uint64_t my_usepackets; /** * last number of outbound bytes */ - u_int64_t other_usepackets; + uint64_t other_usepackets; }; /** * convert an IKEv2 specific protocol identifier to the IP protocol identifier. */ -static inline u_int8_t proto_ike2ip(protocol_id_t protocol) +static inline uint8_t proto_ike2ip(protocol_id_t protocol) { switch (protocol) { @@ -238,13 +239,13 @@ METHOD(child_sa_t, get_name, char*, return this->config->get_name(this->config); } -METHOD(child_sa_t, get_reqid, u_int32_t, +METHOD(child_sa_t, get_reqid, uint32_t, private_child_sa_t *this) { return this->reqid; } -METHOD(child_sa_t, get_unique_id, u_int32_t, +METHOD(child_sa_t, get_unique_id, uint32_t, private_child_sa_t *this) { return this->unique_id; @@ -269,13 +270,13 @@ METHOD(child_sa_t, get_state, child_sa_state_t, return this->state; } -METHOD(child_sa_t, get_spi, u_int32_t, +METHOD(child_sa_t, get_spi, uint32_t, private_child_sa_t *this, bool inbound) { return inbound ? this->my_spi : this->other_spi; } -METHOD(child_sa_t, get_cpi, u_int16_t, +METHOD(child_sa_t, get_cpi, uint16_t, private_child_sa_t *this, bool inbound) { return inbound ? this->my_cpi : this->other_cpi; @@ -461,17 +462,24 @@ METHOD(child_sa_t, create_policy_enumerator, enumerator_t*, static status_t update_usebytes(private_child_sa_t *this, bool inbound) { status_t status = FAILED; - u_int64_t bytes, packets; + uint64_t bytes, packets; time_t time; if (inbound) { if (this->my_spi) { - status = charon->kernel->query_sa(charon->kernel, this->other_addr, - this->my_addr, this->my_spi, - proto_ike2ip(this->protocol), this->mark_in, - &bytes, &packets, &time); + kernel_ipsec_sa_id_t id = { + .src = this->other_addr, + .dst = this->my_addr, + .spi = this->my_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_in, + }; + kernel_ipsec_query_sa_t query = {}; + + status = charon->kernel->query_sa(charon->kernel, &id, &query, + &bytes, &packets, &time); if (status == SUCCESS) { if (bytes > this->my_usebytes) @@ -492,10 +500,17 @@ static status_t update_usebytes(private_child_sa_t *this, bool inbound) { if (this->other_spi) { - status = charon->kernel->query_sa(charon->kernel, this->my_addr, - this->other_addr, this->other_spi, - proto_ike2ip(this->protocol), this->mark_out, - &bytes, &packets, &time); + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_query_sa_t query = {}; + + status = charon->kernel->query_sa(charon->kernel, &id, &query, + &bytes, &packets, &time); if (status == SUCCESS) { if (bytes > this->other_usebytes) @@ -531,15 +546,24 @@ static bool update_usetime(private_child_sa_t *this, bool inbound) if (inbound) { - if (charon->kernel->query_policy(charon->kernel, other_ts, - my_ts, POLICY_IN, this->mark_in, &in) == SUCCESS) + kernel_ipsec_policy_id_t id = { + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = this->mark_in, + }; + kernel_ipsec_query_policy_t query = {}; + + if (charon->kernel->query_policy(charon->kernel, &id, &query, + &in) == SUCCESS) { last_use = max(last_use, in); } if (this->mode != MODE_TRANSPORT) { - if (charon->kernel->query_policy(charon->kernel, other_ts, - my_ts, POLICY_FWD, this->mark_in, &fwd) == SUCCESS) + id.dir = POLICY_FWD; + if (charon->kernel->query_policy(charon->kernel, &id, &query, + &fwd) == SUCCESS) { last_use = max(last_use, fwd); } @@ -547,8 +571,17 @@ static bool update_usetime(private_child_sa_t *this, bool inbound) } else { - if (charon->kernel->query_policy(charon->kernel, my_ts, - other_ts, POLICY_OUT, this->mark_out, &out) == SUCCESS) + kernel_ipsec_policy_id_t id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }; + kernel_ipsec_query_policy_t query = {}; + + if (charon->kernel->query_policy(charon->kernel, &id, &query, + &out) == SUCCESS) { last_use = max(last_use, out); } @@ -573,7 +606,7 @@ static bool update_usetime(private_child_sa_t *this, bool inbound) METHOD(child_sa_t, get_usestats, void, private_child_sa_t *this, bool inbound, - time_t *time, u_int64_t *bytes, u_int64_t *packets) + time_t *time, uint64_t *bytes, uint64_t *packets) { if ((!bytes && !packets) || update_usebytes(this, inbound) != FAILED) { @@ -625,7 +658,7 @@ METHOD(child_sa_t, get_installtime, time_t, return this->install_time; } -METHOD(child_sa_t, alloc_spi, u_int32_t, +METHOD(child_sa_t, alloc_spi, uint32_t, private_child_sa_t *this, protocol_id_t protocol) { if (charon->kernel->get_spi(charon->kernel, this->other_addr, this->my_addr, @@ -639,7 +672,7 @@ METHOD(child_sa_t, alloc_spi, u_int32_t, return 0; } -METHOD(child_sa_t, alloc_cpi, u_int16_t, +METHOD(child_sa_t, alloc_cpi, uint16_t, private_child_sa_t *this) { if (charon->kernel->get_cpi(charon->kernel, this->other_addr, this->my_addr, @@ -651,16 +684,18 @@ METHOD(child_sa_t, alloc_cpi, u_int16_t, } METHOD(child_sa_t, install, status_t, - private_child_sa_t *this, chunk_t encr, chunk_t integ, u_int32_t spi, - u_int16_t cpi, bool initiator, bool inbound, bool tfcv3, + private_child_sa_t *this, chunk_t encr, chunk_t integ, uint32_t spi, + uint16_t cpi, bool initiator, bool inbound, bool tfcv3, linked_list_t *my_ts, linked_list_t *other_ts) { - u_int16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; - u_int16_t esn = NO_EXT_SEQ_NUMBERS; + uint16_t enc_alg = ENCR_UNDEFINED, int_alg = AUTH_UNDEFINED, size; + uint16_t esn = NO_EXT_SEQ_NUMBERS; linked_list_t *src_ts = NULL, *dst_ts = NULL; time_t now; + kernel_ipsec_sa_id_t id; + kernel_ipsec_add_sa_t sa; lifetime_cfg_t *lifetime; - u_int32_t tfc = 0; + uint32_t tfc = 0; host_t *src, *dst; status_t status; bool update = FALSE; @@ -716,7 +751,7 @@ METHOD(child_sa_t, install, status_t, this->reqid_allocated = TRUE; } - lifetime = this->config->get_lifetime(this->config); + lifetime = this->config->get_lifetime(this->config, TRUE); now = time_monotonic(NULL); if (lifetime->time.rekey) @@ -752,12 +787,36 @@ METHOD(child_sa_t, install, status_t, dst_ts = other_ts; } - status = charon->kernel->add_sa(charon->kernel, - src, dst, spi, proto_ike2ip(this->protocol), this->reqid, - inbound ? this->mark_in : this->mark_out, tfc, - lifetime, enc_alg, encr, int_alg, integ, this->mode, - this->ipcomp, cpi, this->config->get_replay_window(this->config), - initiator, this->encap, esn, inbound, update, src_ts, dst_ts); + id = (kernel_ipsec_sa_id_t){ + .src = src, + .dst = dst, + .spi = spi, + .proto = proto_ike2ip(this->protocol), + .mark = inbound ? this->mark_in : this->mark_out, + }; + sa = (kernel_ipsec_add_sa_t){ + .reqid = this->reqid, + .mode = this->mode, + .src_ts = src_ts, + .dst_ts = dst_ts, + .interface = inbound ? NULL : this->config->get_interface(this->config), + .lifetime = lifetime, + .enc_alg = enc_alg, + .enc_key = encr, + .int_alg = int_alg, + .int_key = integ, + .replay_window = this->config->get_replay_window(this->config), + .tfc = tfc, + .ipcomp = this->ipcomp, + .cpi = cpi, + .encap = this->encap, + .esn = esn, + .initiator = initiator, + .inbound = inbound, + .update = update, + }; + + status = charon->kernel->add_sa(charon->kernel, &id, &sa); free(lifetime); @@ -825,24 +884,62 @@ static void prepare_sa_cfg(private_child_sa_t *this, ipsec_sa_cfg_t *my_sa, static status_t install_policies_internal(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, - ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority) + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) { + kernel_ipsec_policy_id_t out_id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }, in_id = { + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = this->mark_in, + }; + kernel_ipsec_manage_policy_t out_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = my_addr, + .dst = other_addr, + .sa = other_sa, + }, in_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = other_addr, + .dst = my_addr, + .sa = my_sa, + }; status_t status = SUCCESS; - status |= charon->kernel->add_policy(charon->kernel, - my_addr, other_addr, my_ts, other_ts, - POLICY_OUT, type, other_sa, - this->mark_out, priority); - - status |= charon->kernel->add_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, - POLICY_IN, type, my_sa, - this->mark_in, priority); + + status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); + status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy); if (this->mode != MODE_TRANSPORT) { - status |= charon->kernel->add_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, - POLICY_FWD, type, my_sa, - this->mark_in, priority); + in_id.dir = POLICY_FWD; + status |= charon->kernel->add_policy(charon->kernel, &in_id, &in_policy); + + /* install an "outbound" FWD policy in case there is a drop policy + * matching outbound forwarded traffic, to allow another tunnel to use + * the reversed subnets and do the same we don't set a reqid (this also + * allows the kernel backend to distinguish between the two types of + * FWD policies). To avoid problems with symmetrically overlapping + * policies of two SAs we install them with reduced priority. As they + * basically act as bypass policies for drop policies we use a higher + * priority than is used for them. */ + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + status |= charon->kernel->add_policy(charon->kernel, &out_id, &out_policy); + /* reset the reqid for any other further policies */ + other_sa->reqid = this->reqid; } return status; } @@ -853,20 +950,52 @@ static status_t install_policies_internal(private_child_sa_t *this, static void del_policies_internal(private_child_sa_t *this, host_t *my_addr, host_t *other_addr, traffic_selector_t *my_ts, traffic_selector_t *other_ts, ipsec_sa_cfg_t *my_sa, - ipsec_sa_cfg_t *other_sa, policy_type_t type, policy_priority_t priority) + ipsec_sa_cfg_t *other_sa, policy_type_t type, + policy_priority_t priority, uint32_t manual_prio) { + kernel_ipsec_policy_id_t out_id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = this->mark_out, + .interface = this->config->get_interface(this->config), + }, in_id = { + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = this->mark_in, + }; + kernel_ipsec_manage_policy_t out_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = my_addr, + .dst = other_addr, + .sa = other_sa, + }, in_policy = { + .type = type, + .prio = priority, + .manual_prio = manual_prio, + .src = other_addr, + .dst = my_addr, + .sa = my_sa, + }; - charon->kernel->del_policy(charon->kernel, - my_addr, other_addr, my_ts, other_ts, POLICY_OUT, type, - other_sa, this->mark_out, priority); - charon->kernel->del_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, POLICY_IN, - type, my_sa, this->mark_in, priority); + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); if (this->mode != MODE_TRANSPORT) { - charon->kernel->del_policy(charon->kernel, - other_addr, my_addr, other_ts, my_ts, POLICY_FWD, - type, my_sa, this->mark_in, priority); + in_id.dir = POLICY_FWD; + charon->kernel->del_policy(charon->kernel, &in_id, &in_policy); + + out_id.dir = POLICY_FWD; + other_sa->reqid = 0; + if (priority == POLICY_PRIORITY_DEFAULT) + { + out_policy.prio = POLICY_PRIORITY_ROUTED; + } + charon->kernel->del_policy(charon->kernel, &out_id, &out_policy); + other_sa->reqid = this->reqid; } } @@ -912,8 +1041,10 @@ METHOD(child_sa_t, add_policies, status_t, { policy_priority_t priority; ipsec_sa_cfg_t my_sa, other_sa; + uint32_t manual_prio; prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); /* if we're not in state CHILD_INSTALLING (i.e. if there is no SAD * entry) we install a trap policy */ @@ -927,18 +1058,20 @@ METHOD(child_sa_t, add_policies, status_t, { /* install outbound drop policy to avoid packets leaving unencrypted * when updating policies */ - if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update()) + if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 && + require_policy_update()) { status |= install_policies_internal(this, this->my_addr, this->other_addr, my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); + POLICY_PRIORITY_FALLBACK, 0); } /* install policies */ status |= install_policies_internal(this, this->my_addr, this->other_addr, my_ts, other_ts, - &my_sa, &other_sa, POLICY_IPSEC, priority); + &my_sa, &other_sa, POLICY_IPSEC, + priority, manual_prio); if (status != SUCCESS) { @@ -994,11 +1127,22 @@ METHOD(child_sa_t, update, status_t, /* update our (initiator) SA */ if (this->my_spi) { - if (charon->kernel->update_sa(charon->kernel, - this->my_spi, proto_ike2ip(this->protocol), - this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0, - this->other_addr, this->my_addr, other, me, - this->encap, encap, this->mark_in) == NOT_SUPPORTED) + kernel_ipsec_sa_id_t id = { + .src = this->other_addr, + .dst = this->my_addr, + .spi = this->my_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_in, + }; + kernel_ipsec_update_sa_t sa = { + .cpi = this->ipcomp != IPCOMP_NONE ? this->my_cpi : 0, + .new_src = other, + .new_dst = me, + .encap = this->encap, + .new_encap = encap, + }; + if (charon->kernel->update_sa(charon->kernel, &id, + &sa) == NOT_SUPPORTED) { set_state(this, old); return NOT_SUPPORTED; @@ -1008,11 +1152,22 @@ METHOD(child_sa_t, update, status_t, /* update his (responder) SA */ if (this->other_spi) { - if (charon->kernel->update_sa(charon->kernel, - this->other_spi, proto_ike2ip(this->protocol), - this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, - this->my_addr, this->other_addr, me, other, - this->encap, encap, this->mark_out) == NOT_SUPPORTED) + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_update_sa_t sa = { + .cpi = this->ipcomp != IPCOMP_NONE ? this->other_cpi : 0, + .new_src = me, + .new_dst = other, + .encap = this->encap, + .new_encap = encap, + }; + if (charon->kernel->update_sa(charon->kernel, &id, + &sa) == NOT_SUPPORTED) { set_state(this, old); return NOT_SUPPORTED; @@ -1028,18 +1183,21 @@ METHOD(child_sa_t, update, status_t, ipsec_sa_cfg_t my_sa, other_sa; enumerator_t *enumerator; traffic_selector_t *my_ts, *other_ts; + uint32_t manual_prio; prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); /* always use high priorities, as hosts getting updated are INSTALLED */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { traffic_selector_t *old_my_ts = NULL, *old_other_ts = NULL; + /* remove old policies first */ del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, - POLICY_IPSEC, POLICY_PRIORITY_DEFAULT); + my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, + POLICY_PRIORITY_DEFAULT, manual_prio); /* check if we have to update a "dynamic" traffic selector */ if (!me->ip_equals(me, this->my_addr) && @@ -1062,17 +1220,20 @@ METHOD(child_sa_t, update, status_t, /* reinstall updated policies */ install_policies_internal(this, me, other, my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, - POLICY_PRIORITY_DEFAULT); + POLICY_PRIORITY_DEFAULT, manual_prio); /* update fallback policies after the new policy is in place */ - del_policies_internal(this, this->my_addr, this->other_addr, - old_my_ts ?: my_ts, - old_other_ts ?: other_ts, - &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); - install_policies_internal(this, me, other, my_ts, other_ts, + if (manual_prio == 0) + { + del_policies_internal(this, this->my_addr, this->other_addr, + old_my_ts ?: my_ts, + old_other_ts ?: other_ts, + &my_sa, &other_sa, POLICY_DROP, + POLICY_PRIORITY_FALLBACK, 0); + install_policies_internal(this, me, other, my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); + POLICY_PRIORITY_FALLBACK, 0); + } DESTROY_IF(old_my_ts); DESTROY_IF(old_other_ts); } @@ -1115,20 +1276,24 @@ METHOD(child_sa_t, destroy, void, if (this->config->install_policy(this->config)) { ipsec_sa_cfg_t my_sa, other_sa; + uint32_t manual_prio; prepare_sa_cfg(this, &my_sa, &other_sa); + manual_prio = this->config->get_manual_prio(this->config); /* delete all policies in the kernel */ enumerator = create_policy_enumerator(this); while (enumerator->enumerate(enumerator, &my_ts, &other_ts)) { del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, POLICY_IPSEC, priority); - if (priority == POLICY_PRIORITY_DEFAULT && require_policy_update()) + my_ts, other_ts, &my_sa, &other_sa, + POLICY_IPSEC, priority, manual_prio); + if (priority == POLICY_PRIORITY_DEFAULT && manual_prio == 0 && + require_policy_update()) { del_policies_internal(this, this->my_addr, this->other_addr, - my_ts, other_ts, &my_sa, &other_sa, POLICY_DROP, - POLICY_PRIORITY_FALLBACK); + my_ts, other_ts, &my_sa, &other_sa, + POLICY_DROP, POLICY_PRIORITY_FALLBACK, 0); } } enumerator->destroy(enumerator); @@ -1137,17 +1302,31 @@ METHOD(child_sa_t, destroy, void, /* delete SAs in the kernel, if they are set up */ if (this->my_spi) { - charon->kernel->del_sa(charon->kernel, - this->other_addr, this->my_addr, this->my_spi, - proto_ike2ip(this->protocol), this->my_cpi, - this->mark_in); + kernel_ipsec_sa_id_t id = { + .src = this->other_addr, + .dst = this->my_addr, + .spi = this->my_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_in, + }; + kernel_ipsec_del_sa_t sa = { + .cpi = this->my_cpi, + }; + charon->kernel->del_sa(charon->kernel, &id, &sa); } if (this->other_spi) { - charon->kernel->del_sa(charon->kernel, - this->my_addr, this->other_addr, this->other_spi, - proto_ike2ip(this->protocol), this->other_cpi, - this->mark_out); + kernel_ipsec_sa_id_t id = { + .src = this->my_addr, + .dst = this->other_addr, + .spi = this->other_spi, + .proto = proto_ike2ip(this->protocol), + .mark = this->mark_out, + }; + kernel_ipsec_del_sa_t sa = { + .cpi = this->other_cpi, + }; + charon->kernel->del_sa(charon->kernel, &id, &sa); } if (this->reqid_allocated) @@ -1174,7 +1353,7 @@ METHOD(child_sa_t, destroy, void, static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local) { host_t *host = NULL; - u_int8_t mask; + uint8_t mask; enumerator_t *enumerator; linked_list_t *ts_list, *list; traffic_selector_t *ts; @@ -1207,11 +1386,12 @@ static host_t* get_proxy_addr(child_cfg_t *config, host_t *ike, bool local) * Described in header. */ child_sa_t * child_sa_create(host_t *me, host_t* other, - child_cfg_t *config, u_int32_t rekey, bool encap, + child_cfg_t *config, uint32_t rekey, bool encap, u_int mark_in, u_int mark_out) { private_child_sa_t *this; - static refcount_t unique_id = 0, unique_mark = 0, mark; + static refcount_t unique_id = 0, unique_mark = 0; + refcount_t mark; INIT(this, .public = { diff --git a/src/libcharon/sa/child_sa.h b/src/libcharon/sa/child_sa.h index debe8eb2c..bc7df996a 100644 --- a/src/libcharon/sa/child_sa.h +++ b/src/libcharon/sa/child_sa.h @@ -128,7 +128,7 @@ struct child_sa_t { * * @return reqid of the CHILD SA */ - u_int32_t (*get_reqid)(child_sa_t *this); + uint32_t (*get_reqid)(child_sa_t *this); /** * Get the unique numerical identifier for this CHILD_SA. @@ -138,7 +138,7 @@ struct child_sa_t { * * @return unique CHILD_SA identifier */ - u_int32_t (*get_unique_id)(child_sa_t *this); + uint32_t (*get_unique_id)(child_sa_t *this); /** * Get the config used to set up this child sa. @@ -171,7 +171,7 @@ struct child_sa_t { * @param inbound TRUE to get inbound SPI, FALSE for outbound. * @return SPI of the CHILD SA */ - u_int32_t (*get_spi) (child_sa_t *this, bool inbound); + uint32_t (*get_spi) (child_sa_t *this, bool inbound); /** * Get the CPI of this CHILD_SA. @@ -183,7 +183,7 @@ struct child_sa_t { * @param inbound TRUE to get inbound CPI, FALSE for outbound. * @return CPI of the CHILD SA */ - u_int16_t (*get_cpi) (child_sa_t *this, bool inbound); + uint16_t (*get_cpi) (child_sa_t *this, bool inbound); /** * Get the protocol which this CHILD_SA uses to protect traffic. @@ -300,7 +300,7 @@ struct child_sa_t { * @param[out] packets number of processed packets (NULL to ignore) */ void (*get_usestats)(child_sa_t *this, bool inbound, time_t *time, - u_int64_t *bytes, u_int64_t *packets); + uint64_t *bytes, uint64_t *packets); /** * Get the mark used with this CHILD_SA. @@ -335,14 +335,14 @@ struct child_sa_t { * @param spi SPI output pointer * @return SPI, 0 on failure */ - u_int32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); + uint32_t (*alloc_spi)(child_sa_t *this, protocol_id_t protocol); /** * Allocate a CPI to use for IPComp. * * @return CPI, 0 on failure */ - u_int16_t (*alloc_cpi)(child_sa_t *this); + uint16_t (*alloc_cpi)(child_sa_t *this); /** * Install an IPsec SA for one direction. @@ -359,7 +359,7 @@ struct child_sa_t { * @return SUCCESS or FAILED */ status_t (*install)(child_sa_t *this, chunk_t encr, chunk_t integ, - u_int32_t spi, u_int16_t cpi, + uint32_t spi, uint16_t cpi, bool initiator, bool inbound, bool tfcv3, linked_list_t *my_ts, linked_list_t *other_ts); /** @@ -404,7 +404,7 @@ struct child_sa_t { * @return child_sa_t object */ child_sa_t * child_sa_create(host_t *me, host_t *other, child_cfg_t *config, - u_int32_t reqid, bool encap, + uint32_t reqid, bool encap, u_int mark_in, u_int mark_out); #endif /** CHILD_SA_H_ @}*/ diff --git a/src/libcharon/sa/child_sa_manager.c b/src/libcharon/sa/child_sa_manager.c index 071a119da..13f22cf5f 100644 --- a/src/libcharon/sa/child_sa_manager.c +++ b/src/libcharon/sa/child_sa_manager.c @@ -59,11 +59,11 @@ typedef struct { /** the associated IKE_SA */ ike_sa_id_t *ike_id; /** unique CHILD_SA identifier */ - u_int32_t unique_id; + uint32_t unique_id; /** inbound SPI */ - u_int32_t spi_in; + uint32_t spi_in; /** outbound SPI */ - u_int32_t spi_out; + uint32_t spi_out; /** inbound host address */ host_t *host_in; /** outbound host address and port */ @@ -202,7 +202,7 @@ METHOD(child_sa_manager_t, remove_, void, * Check out an IKE_SA for a given CHILD_SA */ static ike_sa_t *checkout_ikesa(private_child_sa_manager_t *this, - ike_sa_id_t *id, u_int32_t unique_id, child_sa_t **child_sa) + ike_sa_id_t *id, uint32_t unique_id, child_sa_t **child_sa) { enumerator_t *enumerator; child_sa_t *current; @@ -238,7 +238,7 @@ static ike_sa_t *checkout_ikesa(private_child_sa_manager_t *this, } METHOD(child_sa_manager_t, checkout_by_id, ike_sa_t*, - private_child_sa_manager_t *this, u_int32_t unique_id, + private_child_sa_manager_t *this, uint32_t unique_id, child_sa_t **child_sa) { ike_sa_id_t *id; @@ -262,11 +262,11 @@ METHOD(child_sa_manager_t, checkout_by_id, ike_sa_t*, } METHOD(child_sa_manager_t, checkout, ike_sa_t*, - private_child_sa_manager_t *this, protocol_id_t protocol, u_int32_t spi, + private_child_sa_manager_t *this, protocol_id_t protocol, uint32_t spi, host_t *dst, child_sa_t **child_sa) { ike_sa_id_t *id; - u_int32_t unique_id; + uint32_t unique_id; child_entry_t *entry, key = { .spi_in = spi, .spi_out = spi, diff --git a/src/libcharon/sa/child_sa_manager.h b/src/libcharon/sa/child_sa_manager.h index 4d57528e8..f1d6ad9e0 100644 --- a/src/libcharon/sa/child_sa_manager.h +++ b/src/libcharon/sa/child_sa_manager.h @@ -59,7 +59,7 @@ struct child_sa_manager_t { * @return IKE_SA, NULL if not found */ ike_sa_t *(*checkout)(child_sa_manager_t *this, - protocol_id_t protocol, u_int32_t spi, host_t *dst, + protocol_id_t protocol, uint32_t spi, host_t *dst, child_sa_t **child_sa); /** @@ -72,7 +72,7 @@ struct child_sa_manager_t { * @param child_sa returns CHILD_SA managed by IKE_SA * @return IKE_SA, NULL if not found */ - ike_sa_t *(*checkout_by_id)(child_sa_manager_t *this, u_int32_t unique_id, + ike_sa_t *(*checkout_by_id)(child_sa_manager_t *this, uint32_t unique_id, child_sa_t **child_sa); /** diff --git a/src/libcharon/sa/eap/eap_manager.c b/src/libcharon/sa/eap/eap_manager.c index 1886307e9..e4fcbc8f0 100644 --- a/src/libcharon/sa/eap/eap_manager.c +++ b/src/libcharon/sa/eap/eap_manager.c @@ -35,7 +35,7 @@ struct eap_entry_t { /** * vendor ID, 0 for default EAP methods */ - u_int32_t vendor; + uint32_t vendor; /** * Role of the method returned by the constructor, EAP_SERVER or EAP_PEER @@ -70,7 +70,7 @@ struct private_eap_manager_t { }; METHOD(eap_manager_t, add_method, void, - private_eap_manager_t *this, eap_type_t type, u_int32_t vendor, + private_eap_manager_t *this, eap_type_t type, uint32_t vendor, eap_role_t role, eap_constructor_t constructor) { eap_entry_t *entry = malloc_thing(eap_entry_t); @@ -109,7 +109,7 @@ METHOD(eap_manager_t, remove_method, void, * filter the registered methods */ static bool filter_methods(uintptr_t role, eap_entry_t **entry, - eap_type_t *type, void *in, u_int32_t *vendor) + eap_type_t *type, void *in, uint32_t *vendor) { if ((*entry)->role != (eap_role_t)role) { @@ -144,7 +144,7 @@ METHOD(eap_manager_t, create_enumerator, enumerator_t*, } METHOD(eap_manager_t, create_instance, eap_method_t*, - private_eap_manager_t *this, eap_type_t type, u_int32_t vendor, + private_eap_manager_t *this, eap_type_t type, uint32_t vendor, eap_role_t role, identification_t *server, identification_t *peer) { enumerator_t *enumerator; diff --git a/src/libcharon/sa/eap/eap_manager.h b/src/libcharon/sa/eap/eap_manager.h index e318ef57a..4ed1cae20 100644 --- a/src/libcharon/sa/eap/eap_manager.h +++ b/src/libcharon/sa/eap/eap_manager.h @@ -44,7 +44,7 @@ struct eap_manager_t { * @param role EAP role of the registered method * @param constructor constructor function, returns an eap_method_t */ - void (*add_method)(eap_manager_t *this, eap_type_t type, u_int32_t vendor, + void (*add_method)(eap_manager_t *this, eap_type_t type, uint32_t vendor, eap_role_t role, eap_constructor_t constructor); /** @@ -61,7 +61,7 @@ struct eap_manager_t { * even though it is registered as method with this manager). * * @param role EAP role of methods to enumerate - * @return enumerator over (eap_type_t type, u_int32_t vendor) + * @return enumerator over (eap_type_t type, uint32_t vendor) */ enumerator_t* (*create_enumerator)(eap_manager_t *this, eap_role_t role); @@ -76,7 +76,7 @@ struct eap_manager_t { * @return EAP method instance, NULL if no constructor found */ eap_method_t* (*create_instance)(eap_manager_t *this, eap_type_t type, - u_int32_t vendor, eap_role_t role, + uint32_t vendor, eap_role_t role, identification_t *server, identification_t *peer); diff --git a/src/libcharon/sa/eap/eap_method.h b/src/libcharon/sa/eap/eap_method.h index 689c0f990..8e25f7df8 100644 --- a/src/libcharon/sa/eap/eap_method.h +++ b/src/libcharon/sa/eap/eap_method.h @@ -96,7 +96,7 @@ struct eap_method_t { * @param vendor pointer receiving vendor identifier for type, 0 for none * @return type of the EAP method */ - eap_type_t (*get_type) (eap_method_t *this, u_int32_t *vendor); + eap_type_t (*get_type) (eap_method_t *this, uint32_t *vendor); /** * Check if this EAP method authenticates the server. @@ -126,7 +126,7 @@ struct eap_method_t { * * @return current EAP identifier */ - u_int8_t (*get_identifier) (eap_method_t *this); + uint8_t (*get_identifier) (eap_method_t *this); /** * Set the EAP identifier to a deterministic value, overwriting @@ -134,7 +134,7 @@ struct eap_method_t { * * @param identifier current EAP identifier */ - void (*set_identifier) (eap_method_t *this, u_int8_t identifier); + void (*set_identifier) (eap_method_t *this, uint8_t identifier); /** * Get authentication details performed by this EAP method. diff --git a/src/libcharon/sa/ike_sa.c b/src/libcharon/sa/ike_sa.c index bcbff3211..009277ddd 100644 --- a/src/libcharon/sa/ike_sa.c +++ b/src/libcharon/sa/ike_sa.c @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -71,6 +71,7 @@ ENUM(ike_sa_state_names, IKE_CREATED, IKE_DESTROYING, "ESTABLISHED", "PASSIVE", "REKEYING", + "REKEYED", "DELETING", "DESTROYING", ); @@ -101,7 +102,7 @@ struct private_ike_sa_t { /** * unique numerical ID for this IKE_SA. */ - u_int32_t unique_id; + uint32_t unique_id; /** * Current state of the IKE_SA @@ -233,12 +234,12 @@ struct private_ike_sa_t { /** * number pending UPDATE_SA_ADDRESS (MOBIKE) */ - u_int32_t pending_updates; + uint32_t pending_updates; /** * NAT keep alive interval */ - u_int32_t keepalive_interval; + uint32_t keepalive_interval; /** * The schedueld keep alive job, if any @@ -249,7 +250,7 @@ struct private_ike_sa_t { * interval for retries during initiation (e.g. if DNS resolution failed), * 0 to disable (default) */ - u_int32_t retry_initiate_interval; + uint32_t retry_initiate_interval; /** * TRUE if a retry_initiate_job has been queued @@ -259,12 +260,12 @@ struct private_ike_sa_t { /** * Timestamps for this IKE_SA */ - u_int32_t stats[STAT_MAX]; + uint32_t stats[STAT_MAX]; /** * how many times we have retried so far (keyingtries) */ - u_int32_t keyingtry; + uint32_t keyingtry; /** * local host address to be used for IKE, set via MIGRATE kernel message @@ -343,7 +344,7 @@ static time_t get_use_time(private_ike_sa_t* this, bool inbound) return use_time; } -METHOD(ike_sa_t, get_unique_id, u_int32_t, +METHOD(ike_sa_t, get_unique_id, uint32_t, private_ike_sa_t *this) { return this->unique_id; @@ -359,7 +360,7 @@ METHOD(ike_sa_t, get_name, char*, return "(unnamed)"; } -METHOD(ike_sa_t, get_statistic, u_int32_t, +METHOD(ike_sa_t, get_statistic, uint32_t, private_ike_sa_t *this, statistic_t kind) { if (kind < STAT_MAX) @@ -370,7 +371,7 @@ METHOD(ike_sa_t, get_statistic, u_int32_t, } METHOD(ike_sa_t, set_statistic, void, - private_ike_sa_t *this, statistic_t kind, u_int32_t value) + private_ike_sa_t *this, statistic_t kind, uint32_t value) { if (kind < STAT_MAX) { @@ -604,7 +605,7 @@ METHOD(ike_sa_t, set_proposal, void, } METHOD(ike_sa_t, set_message_id, void, - private_ike_sa_t *this, bool initiate, u_int32_t mid) + private_ike_sa_t *this, bool initiate, uint32_t mid) { if (initiate) { @@ -814,7 +815,7 @@ METHOD(ike_sa_t, set_state, void, this->state == IKE_PASSIVE) { job_t *job; - u_int32_t t; + uint32_t t; /* calculate rekey, reauth and lifetime */ this->stats[STAT_ESTABLISHED] = time_monotonic(NULL); @@ -1035,12 +1036,12 @@ METHOD(ike_sa_t, has_mapping_changed, bool, } METHOD(ike_sa_t, set_pending_updates, void, - private_ike_sa_t *this, u_int32_t updates) + private_ike_sa_t *this, uint32_t updates) { this->pending_updates = updates; } -METHOD(ike_sa_t, get_pending_updates, u_int32_t, +METHOD(ike_sa_t, get_pending_updates, uint32_t, private_ike_sa_t *this) { return this->pending_updates; @@ -1203,6 +1204,7 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t, packet_t *packet; status_t status; bool use_frags = FALSE; + bool pre_generated = FALSE; if (this->ike_cfg) { @@ -1237,14 +1239,21 @@ METHOD(ike_sa_t, generate_message_fragmented, status_t, return SUCCESS; } + pre_generated = message->is_encoded(message); this->stats[STAT_OUTBOUND] = time_monotonic(NULL); message->set_ike_sa_id(message, this->ike_sa_id); - charon->bus->message(charon->bus, message, FALSE, TRUE); + if (!pre_generated) + { + charon->bus->message(charon->bus, message, FALSE, TRUE); + } status = message->fragment(message, this->keymat, this->fragment_size, &fragments); if (status == SUCCESS) { - charon->bus->message(charon->bus, message, FALSE, FALSE); + if (!pre_generated) + { + charon->bus->message(charon->bus, message, FALSE, FALSE); + } *packets = enumerator_create_filter(fragments, (void*)filter_fragments, this, NULL); } @@ -1432,7 +1441,7 @@ static void resolve_hosts(private_ike_sa_t *this) } METHOD(ike_sa_t, initiate, status_t, - private_ike_sa_t *this, child_cfg_t *child_cfg, u_int32_t reqid, + private_ike_sa_t *this, child_cfg_t *child_cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { bool defer_initiate = FALSE; @@ -1642,7 +1651,7 @@ METHOD(ike_sa_t, add_child_sa, void, } METHOD(ike_sa_t, get_child_sa, child_sa_t*, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool inbound) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi, bool inbound) { enumerator_t *enumerator; child_sa_t *current, *found = NULL; @@ -1721,7 +1730,7 @@ METHOD(ike_sa_t, remove_child_sa, void, } METHOD(ike_sa_t, rekey_child_sa, status_t, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi) { if (this->state == IKE_PASSIVE) { @@ -1732,7 +1741,7 @@ METHOD(ike_sa_t, rekey_child_sa, status_t, } METHOD(ike_sa_t, delete_child_sa, status_t, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi, bool expired) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi, bool expired) { if (this->state == IKE_PASSIVE) { @@ -1744,7 +1753,7 @@ METHOD(ike_sa_t, delete_child_sa, status_t, } METHOD(ike_sa_t, destroy_child_sa, status_t, - private_ike_sa_t *this, protocol_id_t protocol, u_int32_t spi) + private_ike_sa_t *this, protocol_id_t protocol, uint32_t spi) { enumerator_t *enumerator; child_sa_t *child_sa; @@ -2301,7 +2310,7 @@ METHOD(ike_sa_t, redirect, status_t, } METHOD(ike_sa_t, retransmit, status_t, - private_ike_sa_t *this, u_int32_t message_id) + private_ike_sa_t *this, uint32_t message_id) { if (this->state == IKE_PASSIVE) { @@ -2316,7 +2325,7 @@ METHOD(ike_sa_t, retransmit, status_t, case IKE_CONNECTING: { /* retry IKE_SA_INIT/Main Mode if we have multiple keyingtries */ - u_int32_t tries = this->peer_cfg->get_keyingtries(this->peer_cfg); + uint32_t tries = this->peer_cfg->get_keyingtries(this->peer_cfg); charon->bus->alert(charon->bus, ALERT_PEER_INIT_UNREACHABLE, this->keyingtry); this->keyingtry++; @@ -2348,7 +2357,8 @@ METHOD(ike_sa_t, retransmit, status_t, reestablish(this); break; } - if (this->state != IKE_CONNECTING) + if (this->state != IKE_CONNECTING && + this->state != IKE_REKEYED) { charon->bus->ike_updown(charon->bus, &this->public, FALSE); } @@ -2358,9 +2368,9 @@ METHOD(ike_sa_t, retransmit, status_t, } METHOD(ike_sa_t, set_auth_lifetime, status_t, - private_ike_sa_t *this, u_int32_t lifetime) + private_ike_sa_t *this, uint32_t lifetime) { - u_int32_t diff, hard, soft, now; + uint32_t diff, hard, soft, now; bool send_update; diff = this->peer_cfg->get_over_time(this->peer_cfg); @@ -2500,6 +2510,7 @@ METHOD(ike_sa_t, roam, status_t, case IKE_DELETING: case IKE_DESTROYING: case IKE_PASSIVE: + case IKE_REKEYED: return SUCCESS; default: break; @@ -2609,6 +2620,12 @@ METHOD(ike_sa_t, queue_task, void, this->task_manager->queue_task(this->task_manager, task); } +METHOD(ike_sa_t, queue_task_delayed, void, + private_ike_sa_t *this, task_t *task, uint32_t delay) +{ + this->task_manager->queue_task_delayed(this->task_manager, task, delay); +} + METHOD(ike_sa_t, inherit_pre, void, private_ike_sa_t *this, ike_sa_t *other_public) { @@ -2927,6 +2944,7 @@ ike_sa_t * ike_sa_create(ike_sa_id_t *ike_sa_id, bool initiator, .create_task_enumerator = _create_task_enumerator, .flush_queue = _flush_queue, .queue_task = _queue_task, + .queue_task_delayed = _queue_task_delayed, #ifdef ME .act_as_mediation_server = _act_as_mediation_server, .get_server_reflexive_host = _get_server_reflexive_host, diff --git a/src/libcharon/sa/ike_sa.h b/src/libcharon/sa/ike_sa.h index 836360e3c..6f5040d7c 100644 --- a/src/libcharon/sa/ike_sa.h +++ b/src/libcharon/sa/ike_sa.h @@ -1,9 +1,9 @@ /* - * Copyright (C) 2006-2015 Tobias Brunner + * Copyright (C) 2006-2016 Tobias Brunner * Copyright (C) 2006 Daniel Roethlisberger * Copyright (C) 2005-2009 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -58,12 +58,12 @@ typedef struct ike_sa_t ike_sa_t; /** * After which time rekeying should be retried if it failed, in seconds. */ -#define RETRY_INTERVAL 30 +#define RETRY_INTERVAL 15 /** * Jitter to subtract from RETRY_INTERVAL to randomize rekey retry. */ -#define RETRY_JITTER 20 +#define RETRY_JITTER 10 /** * Number of redirects allowed within REDIRECT_LOOP_DETECT_PERIOD. @@ -309,6 +309,11 @@ enum ike_sa_state_t { IKE_REKEYING, /** + * IKE_SA has been rekeyed (or is redundant) + */ + IKE_REKEYED, + + /** * IKE_SA is in progress of deletion */ IKE_DELETING, @@ -353,7 +358,7 @@ struct ike_sa_t { * * @return unique ID */ - u_int32_t (*get_unique_id) (ike_sa_t *this); + uint32_t (*get_unique_id) (ike_sa_t *this); /** * Get the state of the IKE_SA. @@ -382,7 +387,7 @@ struct ike_sa_t { * @param kind kind of requested value * @return value as integer */ - u_int32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); + uint32_t (*get_statistic)(ike_sa_t *this, statistic_t kind); /** * Set statistic value of the IKE_SA. @@ -390,7 +395,7 @@ struct ike_sa_t { * @param kind kind of value to update * @param value value as integer */ - void (*set_statistic)(ike_sa_t *this, statistic_t kind, u_int32_t value); + void (*set_statistic)(ike_sa_t *this, statistic_t kind, uint32_t value); /** * Get the own host address. @@ -557,7 +562,7 @@ struct ike_sa_t { * @param initiate TRUE to set message ID for initiating * @param mid message id to set */ - void (*set_message_id)(ike_sa_t *this, bool initiate, u_int32_t mid); + void (*set_message_id)(ike_sa_t *this, bool initiate, uint32_t mid); /** * Add an additional address for the peer. @@ -630,14 +635,14 @@ struct ike_sa_t { * * @return number of pending updates */ - u_int32_t (*get_pending_updates)(ike_sa_t *this); + uint32_t (*get_pending_updates)(ike_sa_t *this); /** * Set the number of queued MOBIKE address updates. * * @param updates number of pending updates */ - void (*set_pending_updates)(ike_sa_t *this, u_int32_t updates); + void (*set_pending_updates)(ike_sa_t *this, uint32_t updates); #ifdef ME /** @@ -752,7 +757,7 @@ struct ike_sa_t { * - DESTROY_ME if initialization failed */ status_t (*initiate) (ike_sa_t *this, child_cfg_t *child_cfg, - u_int32_t reqid, traffic_selector_t *tsi, + uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr); /** @@ -850,7 +855,7 @@ struct ike_sa_t { * - SUCCESS * - NOT_FOUND if request doesn't have to be retransmited */ - status_t (*retransmit) (ike_sa_t *this, u_int32_t message_id); + status_t (*retransmit) (ike_sa_t *this, uint32_t message_id); /** * Sends a DPD request to the peer. @@ -924,7 +929,7 @@ struct ike_sa_t { * @return child_sa, or NULL if none found */ child_sa_t* (*get_child_sa) (ike_sa_t *this, protocol_id_t protocol, - u_int32_t spi, bool inbound); + uint32_t spi, bool inbound); /** * Get the number of CHILD_SAs. @@ -958,7 +963,7 @@ struct ike_sa_t { * - NOT_FOUND, if IKE_SA has no such CHILD_SA * - SUCCESS, if rekeying initiated */ - status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi); + status_t (*rekey_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi); /** * Close the CHILD SA with the specified protocol/SPI. @@ -975,7 +980,7 @@ struct ike_sa_t { * - SUCCESS, if delete message sent */ status_t (*delete_child_sa)(ike_sa_t *this, protocol_id_t protocol, - u_int32_t spi, bool expired); + uint32_t spi, bool expired); /** * Destroy a CHILD SA with the specified protocol/SPI. @@ -988,7 +993,7 @@ struct ike_sa_t { * - NOT_FOUND, if IKE_SA has no such CHILD_SA * - SUCCESS */ - status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, u_int32_t spi); + status_t (*destroy_child_sa) (ike_sa_t *this, protocol_id_t protocol, uint32_t spi); /** * Rekey the IKE_SA. @@ -1028,7 +1033,7 @@ struct ike_sa_t { * @param lifetime lifetime in seconds * @return DESTROY_ME to destroy the IKE_SA */ - status_t (*set_auth_lifetime)(ike_sa_t *this, u_int32_t lifetime); + status_t (*set_auth_lifetime)(ike_sa_t *this, uint32_t lifetime); /** * Add a virtual IP to use for this IKE_SA and its children. @@ -1119,6 +1124,15 @@ struct ike_sa_t { void (*queue_task)(ike_sa_t *this, task_t *task); /** + * Queue a task in the manager, but delay its initiation for at least the + * given number of seconds. + * + * @param task task to queue + * @param delay minimum delay in s before initiating the task + */ + void (*queue_task_delayed)(ike_sa_t *this, task_t *task, uint32_t delay); + + /** * Inherit required attributes to new SA before rekeying. * * Some properties of the SA must be applied before starting IKE_SA diff --git a/src/libcharon/sa/ike_sa_id.c b/src/libcharon/sa/ike_sa_id.c index e52086483..b4e66ed73 100644 --- a/src/libcharon/sa/ike_sa_id.c +++ b/src/libcharon/sa/ike_sa_id.c @@ -34,17 +34,17 @@ struct private_ike_sa_id_t { /** * Major IKE version of IKE_SA. */ - u_int8_t ike_version; + uint8_t ike_version; /** * SPI of initiator. */ - u_int64_t initiator_spi; + uint64_t initiator_spi; /** * SPI of responder. */ - u_int64_t responder_spi; + uint64_t responder_spi; /** * Role for specific IKE_SA. @@ -52,31 +52,31 @@ struct private_ike_sa_id_t { bool is_initiator_flag; }; -METHOD(ike_sa_id_t, get_ike_version, u_int8_t, +METHOD(ike_sa_id_t, get_ike_version, uint8_t, private_ike_sa_id_t *this) { return this->ike_version; } METHOD(ike_sa_id_t, set_responder_spi, void, - private_ike_sa_id_t *this, u_int64_t responder_spi) + private_ike_sa_id_t *this, uint64_t responder_spi) { this->responder_spi = responder_spi; } METHOD(ike_sa_id_t, set_initiator_spi, void, - private_ike_sa_id_t *this, u_int64_t initiator_spi) + private_ike_sa_id_t *this, uint64_t initiator_spi) { this->initiator_spi = initiator_spi; } -METHOD(ike_sa_id_t, get_initiator_spi, u_int64_t, +METHOD(ike_sa_id_t, get_initiator_spi, uint64_t, private_ike_sa_id_t *this) { return this->initiator_spi; } -METHOD(ike_sa_id_t, get_responder_spi, u_int64_t, +METHOD(ike_sa_id_t, get_responder_spi, uint64_t, private_ike_sa_id_t *this) { return this->responder_spi; @@ -134,8 +134,8 @@ METHOD(ike_sa_id_t, destroy, void, /* * Described in header. */ -ike_sa_id_t * ike_sa_id_create(u_int8_t ike_version, u_int64_t initiator_spi, - u_int64_t responder_spi, bool is_initiator_flag) +ike_sa_id_t * ike_sa_id_create(uint8_t ike_version, uint64_t initiator_spi, + uint64_t responder_spi, bool is_initiator_flag) { private_ike_sa_id_t *this; diff --git a/src/libcharon/sa/ike_sa_id.h b/src/libcharon/sa/ike_sa_id.h index 5eb754e95..b3a9ef61f 100644 --- a/src/libcharon/sa/ike_sa_id.h +++ b/src/libcharon/sa/ike_sa_id.h @@ -41,7 +41,7 @@ struct ike_sa_id_t { * * @return IKE version */ - u_int8_t (*get_ike_version) (ike_sa_id_t *this); + uint8_t (*get_ike_version) (ike_sa_id_t *this); /** * Set the SPI of the responder. @@ -50,28 +50,28 @@ struct ike_sa_id_t { * * @param responder_spi SPI of responder to set */ - void (*set_responder_spi) (ike_sa_id_t *this, u_int64_t responder_spi); + void (*set_responder_spi) (ike_sa_id_t *this, uint64_t responder_spi); /** * Set the SPI of the initiator. * * @param initiator_spi SPI to set */ - void (*set_initiator_spi) (ike_sa_id_t *this, u_int64_t initiator_spi); + void (*set_initiator_spi) (ike_sa_id_t *this, uint64_t initiator_spi); /** * Get the initiator SPI. * * @return SPI of the initiator */ - u_int64_t (*get_initiator_spi) (ike_sa_id_t *this); + uint64_t (*get_initiator_spi) (ike_sa_id_t *this); /** * Get the responder SPI. * * @return SPI of the responder */ - u_int64_t (*get_responder_spi) (ike_sa_id_t *this); + uint64_t (*get_responder_spi) (ike_sa_id_t *this); /** * Check if two ike_sa_id_t objects are equal. @@ -131,7 +131,7 @@ struct ike_sa_id_t { * @param is_initiaor TRUE if we are the original initiator * @return ike_sa_id_t object */ -ike_sa_id_t * ike_sa_id_create(u_int8_t ike_version, u_int64_t initiator_spi, - u_int64_t responder_spi, bool is_initiaor); +ike_sa_id_t * ike_sa_id_create(uint8_t ike_version, uint64_t initiator_spi, + uint64_t responder_spi, bool is_initiaor); #endif /** IKE_SA_ID_H_ @}*/ diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c index 307ea3b4a..ce44207c4 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -113,7 +113,7 @@ struct entry_t { /** * message ID or hash of currently processing message, -1 if none */ - u_int32_t processing; + uint32_t processing; }; /** @@ -265,7 +265,7 @@ struct init_hash_t { chunk_t hash; /** our SPI allocated for the IKE_SA based on this message */ - u_int64_t our_spi; + uint64_t our_spi; }; typedef struct segment_t segment_t; @@ -977,9 +977,9 @@ static void remove_connected_peers(private_ike_sa_manager_t *this, entry_t *entr /** * Get a random SPI for new IKE_SAs */ -static u_int64_t get_spi(private_ike_sa_manager_t *this) +static uint64_t get_spi(private_ike_sa_manager_t *this) { - u_int64_t spi; + uint64_t spi; this->spi_lock->read_lock(this->spi_lock); if (this->spi_cb.cb) @@ -987,7 +987,7 @@ static u_int64_t get_spi(private_ike_sa_manager_t *this) spi = this->spi_cb.cb(this->spi_cb.data); } else if (!this->rng || - !this->rng->get_bytes(this->rng, sizeof(spi), (u_int8_t*)&spi)) + !this->rng->get_bytes(this->rng, sizeof(spi), (uint8_t*)&spi)) { spi = 0; } @@ -1007,8 +1007,8 @@ static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash) if (message->get_first_payload_type(message) == PLV1_FRAGMENT) { /* only hash the source IP, port and SPI for fragmented init messages */ - u_int16_t port; - u_int64_t spi; + uint16_t port; + uint64_t spi; src = message->get_source(message); if (!hasher->allocate_hash(hasher, src->get_address(src), NULL)) @@ -1050,13 +1050,13 @@ static bool get_init_hash(hasher_t *hasher, message_t *message, chunk_t *hash) * FAILED if the SPI allocation failed */ static status_t check_and_put_init_hash(private_ike_sa_manager_t *this, - chunk_t init_hash, u_int64_t *our_spi) + chunk_t init_hash, uint64_t *our_spi) { table_item_t *item; u_int row, segment; mutex_t *mutex; init_hash_t *init; - u_int64_t spi; + uint64_t spi; row = chunk_hash(init_hash) & this->table_mask; segment = row & this->segment_mask; @@ -1174,8 +1174,8 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, { ike_sa_id_t *ike_sa_id; ike_sa_t *ike_sa; - u_int8_t ike_version; - u_int64_t spi; + uint8_t ike_version; + uint64_t spi; ike_version = version == IKEV1 ? IKEV1_MAJOR_VERSION : IKEV2_MAJOR_VERSION; @@ -1208,7 +1208,7 @@ METHOD(ike_sa_manager_t, checkout_new, ike_sa_t*, /** * Get the message ID or message hash to detect early retransmissions */ -static u_int32_t get_message_id_or_hash(message_t *message) +static uint32_t get_message_id_or_hash(message_t *message) { if (message->get_major_version(message) == IKEV1_MAJOR_VERSION) { @@ -1273,7 +1273,7 @@ METHOD(ike_sa_manager_t, checkout_by_message, ike_sa_t*, if (is_init) { hasher_t *hasher; - u_int64_t our_spi; + uint64_t our_spi; chunk_t hash; hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); @@ -1415,7 +1415,8 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, { continue; } - if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING) + if (entry->ike_sa->get_state(entry->ike_sa) == IKE_DELETING || + entry->ike_sa->get_state(entry->ike_sa) == IKE_REKEYED) { /* skip IKE_SAs which are not usable, wake other waiting threads */ entry->condvar->signal(entry->condvar); continue; @@ -1455,7 +1456,7 @@ out: } METHOD(ike_sa_manager_t, checkout_by_id, ike_sa_t*, - private_ike_sa_manager_t *this, u_int32_t id) + private_ike_sa_manager_t *this, uint32_t id) { enumerator_t *enumerator; entry_t *entry; @@ -2094,10 +2095,41 @@ METHOD(ike_sa_manager_t, set_spi_cb, void, this->spi_lock->unlock(this->spi_lock); } +/** + * Destroy all entries + */ +static void destroy_all_entries(private_ike_sa_manager_t *this) +{ + enumerator_t *enumerator; + entry_t *entry; + u_int segment; + + enumerator = create_table_enumerator(this); + while (enumerator->enumerate(enumerator, &entry, &segment)) + { + charon->bus->set_sa(charon->bus, entry->ike_sa); + if (entry->half_open) + { + remove_half_open(this, entry); + } + if (entry->my_id && entry->other_id) + { + remove_connected_peers(this, entry); + } + if (entry->init_hash.ptr) + { + remove_init_hash(this, entry->init_hash); + } + remove_entry_at((private_enumerator_t*)enumerator); + entry_destroy(entry); + } + enumerator->destroy(enumerator); + charon->bus->set_sa(charon->bus, NULL); +} + METHOD(ike_sa_manager_t, flush, void, private_ike_sa_manager_t *this) { - /* destroy all list entries */ enumerator_t *enumerator; entry_t *entry; u_int segment; @@ -2153,31 +2185,11 @@ METHOD(ike_sa_manager_t, flush, void, DBG2(DBG_MGR, "destroy all entries"); /* Step 4: destroy all entries */ - enumerator = create_table_enumerator(this); - while (enumerator->enumerate(enumerator, &entry, &segment)) - { - charon->bus->set_sa(charon->bus, entry->ike_sa); - if (entry->half_open) - { - remove_half_open(this, entry); - } - if (entry->my_id && entry->other_id) - { - remove_connected_peers(this, entry); - } - if (entry->init_hash.ptr) - { - remove_init_hash(this, entry->init_hash); - } - remove_entry_at((private_enumerator_t*)enumerator); - entry_destroy(entry); - } - enumerator->destroy(enumerator); - charon->bus->set_sa(charon->bus, NULL); + destroy_all_entries(this); unlock_all_segments(this); this->spi_lock->write_lock(this->spi_lock); - this->rng->destroy(this->rng); + DESTROY_IF(this->rng); this->rng = NULL; this->spi_cb.cb = NULL; this->spi_cb.data = NULL; @@ -2189,7 +2201,11 @@ METHOD(ike_sa_manager_t, destroy, void, { u_int i; - /* these are already cleared in flush() above */ + /* in case new SAs were checked in after flush() was called */ + lock_all_segments(this); + destroy_all_entries(this); + unlock_all_segments(this); + free(this->ike_sa_table); free(this->half_open_table); free(this->connected_peers_table); diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h index f1b7c2579..4298c54e2 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -38,7 +38,7 @@ typedef struct ike_sa_manager_t ike_sa_manager_t; * @param data data supplied during registration of the callback * @return allocated SPI, 0 on failure */ -typedef u_int64_t (*spi_cb_t)(void *data); +typedef uint64_t (*spi_cb_t)(void *data); /** * Manages and synchronizes access to all IKE_SAs. @@ -147,7 +147,7 @@ struct ike_sa_manager_t { * - checked out IKE_SA, if found * - NULL, if not found */ - ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, u_int32_t id); + ike_sa_t* (*checkout_by_id) (ike_sa_manager_t* this, uint32_t id); /** * Check out an IKE_SA by the policy/connection name. diff --git a/src/libcharon/sa/ikev1/keymat_v1.c b/src/libcharon/sa/ikev1/keymat_v1.c index e428966ad..be6b03bef 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.c +++ b/src/libcharon/sa/ikev1/keymat_v1.c @@ -32,7 +32,7 @@ typedef struct private_keymat_v1_t private_keymat_v1_t; */ typedef struct { /** message ID */ - u_int32_t mid; + uint32_t mid; /** current IV */ chunk_t iv; /** last block of encrypted message */ @@ -128,7 +128,7 @@ static void iv_data_destroy(iv_data_t *this) */ typedef struct { /** message ID */ - u_int32_t mid; + uint32_t mid; /** Ni_b (Nonce from first message) */ chunk_t n_i; /** Nr_b (Nonce from second message) */ @@ -272,7 +272,7 @@ static bool expand_skeyid_e(chunk_t skeyid_e, size_t key_size, prf_t *prf, static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) { private_aead_t *this; - u_int16_t alg, key_size; + uint16_t alg, key_size; crypter_t *crypter; chunk_t ka; @@ -324,7 +324,7 @@ static aead_t *create_aead(proposal_t *proposal, prf_t *prf, chunk_t skeyid_e) /** * Converts integrity algorithm to PRF algorithm */ -static u_int16_t auth_to_prf(u_int16_t alg) +static uint16_t auth_to_prf(uint16_t alg) { switch (alg) { @@ -348,7 +348,7 @@ static u_int16_t auth_to_prf(u_int16_t alg) /** * Converts integrity algorithm to hash algorithm */ -static u_int16_t auth_to_hash(u_int16_t alg) +static uint16_t auth_to_hash(uint16_t alg) { switch (alg) { @@ -370,7 +370,7 @@ static u_int16_t auth_to_hash(u_int16_t alg) /** * Adjust the key length for PRF algorithms that expect a fixed key length. */ -static void adjust_keylen(u_int16_t alg, chunk_t *key) +static void adjust_keylen(uint16_t alg, chunk_t *key) { switch (alg) { @@ -393,10 +393,10 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, { chunk_t g_xy, g_xi, g_xr, dh_me, spi_i, spi_r, nonces, data, skeyid_e; chunk_t skeyid; - u_int16_t alg; + uint16_t alg; - spi_i = chunk_alloca(sizeof(u_int64_t)); - spi_r = chunk_alloca(sizeof(u_int64_t)); + spi_i = chunk_alloca(sizeof(uint64_t)); + spi_r = chunk_alloca(sizeof(uint64_t)); if (!proposal->get_algorithm(proposal, PSEUDO_RANDOM_FUNCTION, &alg, NULL)) { /* no PRF negotiated, use HMAC version of integrity algorithm instead */ @@ -431,8 +431,8 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, } DBG4(DBG_IKE, "shared Diffie Hellman secret %B", &g_xy); - *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id); - *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id); + *((uint64_t*)spi_i.ptr) = id->get_initiator_spi(id); + *((uint64_t*)spi_r.ptr) = id->get_responder_spi(id); nonces = chunk_cata("cc", nonce_i, nonce_r); switch (auth) @@ -585,11 +585,11 @@ METHOD(keymat_v1_t, derive_ike_keys, bool, METHOD(keymat_v1_t, derive_child_keys, bool, private_keymat_v1_t *this, proposal_t *proposal, diffie_hellman_t *dh, - u_int32_t spi_i, u_int32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, + uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r) { - u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0; - u_int8_t protocol; + uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; + uint8_t protocol; prf_plus_t *prf_plus; chunk_t seed, secret = chunk_empty; bool success = FALSE; @@ -725,7 +725,7 @@ failure: METHOD(keymat_v1_t, create_hasher, bool, private_keymat_v1_t *this, proposal_t *proposal) { - u_int16_t alg; + uint16_t alg; if (!proposal->get_algorithm(proposal, INTEGRITY_ALGORITHM, &alg, NULL) || (alg = auth_to_hash(alg)) == HASH_UNKNOWN) { @@ -754,7 +754,7 @@ METHOD(keymat_v1_t, get_hash, bool, ike_sa_id_t *ike_sa_id, chunk_t sa_i, chunk_t id, chunk_t *hash) { chunk_t data; - u_int64_t spi, spi_other; + uint64_t spi, spi_other; /* HASH_I = prf(SKEYID, g^xi | g^xr | CKY-I | CKY-R | SAi_b | IDii_b ) * HASH_R = prf(SKEYID, g^xr | g^xi | CKY-R | CKY-I | SAi_b | IDir_b ) @@ -810,7 +810,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) { payload_t *payload, *next; enumerator_t *enumerator; - u_int32_t *lenpos; + uint32_t *lenpos; if (message->is_encoded(message)) { /* inbound, although the message is generated, we cannot access the @@ -850,7 +850,7 @@ static chunk_t get_message_data(message_t *message, generator_t *generator) * Try to find data about a Quick Mode with the given message ID, * if none is found, state is generated. */ -static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid) +static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, uint32_t mid) { enumerator_t *enumerator; qm_data_t *qm, *found = NULL; @@ -885,7 +885,7 @@ static qm_data_t *lookup_quick_mode(private_keymat_v1_t *this, u_int32_t mid) METHOD(keymat_v1_t, get_hash_phase2, bool, private_keymat_v1_t *this, message_t *message, chunk_t *hash) { - u_int32_t mid, mid_n; + uint32_t mid, mid_n; chunk_t data = chunk_empty; bool add_message = TRUE; char *name = "Hash"; @@ -993,7 +993,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv) else { /* initial phase 2 IV = hash(last_phase1_block | mid) */ - u_int32_t net;; + uint32_t net;; chunk_t data; net = htonl(iv->mid); @@ -1014,7 +1014,7 @@ static bool generate_iv(private_keymat_v1_t *this, iv_data_t *iv) /** * Try to find an IV for the given message ID, if not found, generate it. */ -static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid) +static iv_data_t *lookup_iv(private_keymat_v1_t *this, uint32_t mid) { enumerator_t *enumerator; iv_data_t *iv, *found = NULL; @@ -1057,7 +1057,7 @@ static iv_data_t *lookup_iv(private_keymat_v1_t *this, u_int32_t mid) } METHOD(keymat_v1_t, get_iv, bool, - private_keymat_v1_t *this, u_int32_t mid, chunk_t *out) + private_keymat_v1_t *this, uint32_t mid, chunk_t *out) { iv_data_t *iv; @@ -1071,7 +1071,7 @@ METHOD(keymat_v1_t, get_iv, bool, } METHOD(keymat_v1_t, update_iv, bool, - private_keymat_v1_t *this, u_int32_t mid, chunk_t last_block) + private_keymat_v1_t *this, uint32_t mid, chunk_t last_block) { iv_data_t *iv = lookup_iv(this, mid); if (iv) @@ -1084,7 +1084,7 @@ METHOD(keymat_v1_t, update_iv, bool, } METHOD(keymat_v1_t, confirm_iv, bool, - private_keymat_v1_t *this, u_int32_t mid) + private_keymat_v1_t *this, uint32_t mid) { iv_data_t *iv = lookup_iv(this, mid); if (iv) diff --git a/src/libcharon/sa/ikev1/keymat_v1.h b/src/libcharon/sa/ikev1/keymat_v1.h index cc9f3b339..46eeea8b6 100644 --- a/src/libcharon/sa/ikev1/keymat_v1.h +++ b/src/libcharon/sa/ikev1/keymat_v1.h @@ -72,7 +72,7 @@ struct keymat_v1_t { * @param integ_r allocated responders integrity key */ bool (*derive_child_keys)(keymat_v1_t *this, proposal_t *proposal, - diffie_hellman_t *dh, u_int32_t spi_i, u_int32_t spi_r, + diffie_hellman_t *dh, uint32_t spi_i, uint32_t spi_r, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r); @@ -127,7 +127,7 @@ struct keymat_v1_t { * @param iv chunk receiving IV, internal data * @return TRUE if IV allocated successfully */ - bool (*get_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t *iv); + bool (*get_iv)(keymat_v1_t *this, uint32_t mid, chunk_t *iv); /** * Updates the IV for the next message with the given message ID. @@ -141,7 +141,7 @@ struct keymat_v1_t { * @param last_block last block of encrypted message (gets cloned) * @return TRUE if IV updated successfully */ - bool (*update_iv)(keymat_v1_t *this, u_int32_t mid, chunk_t last_block); + bool (*update_iv)(keymat_v1_t *this, uint32_t mid, chunk_t last_block); /** * Confirms the updated IV for the given message ID. @@ -152,7 +152,7 @@ struct keymat_v1_t { * @param mid message ID * @return TRUE if IV confirmed successfully */ - bool (*confirm_iv)(keymat_v1_t *this, u_int32_t mid); + bool (*confirm_iv)(keymat_v1_t *this, uint32_t mid); }; /** diff --git a/src/libcharon/sa/ikev1/task_manager_v1.c b/src/libcharon/sa/ikev1/task_manager_v1.c index 3c601a4fa..b0c4f5f84 100644 --- a/src/libcharon/sa/ikev1/task_manager_v1.c +++ b/src/libcharon/sa/ikev1/task_manager_v1.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2007-2011 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -67,7 +67,7 @@ struct exchange_t { /** * Message ID used for this transaction */ - u_int32_t mid; + uint32_t mid; /** * generated packet for retransmission @@ -104,12 +104,12 @@ struct private_task_manager_t { /** * Message ID of the last response */ - u_int32_t mid; + uint32_t mid; /** * Hash of a previously received message */ - u_int32_t hash; + uint32_t hash; /** * packet(s) for retransmission @@ -119,7 +119,7 @@ struct private_task_manager_t { /** * Sequence number of the last sent message */ - u_int32_t seqnr; + uint32_t seqnr; /** * how many times we have retransmitted so far @@ -135,12 +135,12 @@ struct private_task_manager_t { /** * Message ID of the exchange */ - u_int32_t mid; + uint32_t mid; /** * Hashes of old responses we can ignore */ - u_int32_t old_hashes[MAX_OLD_HASHES]; + uint32_t old_hashes[MAX_OLD_HASHES]; /** * Position in old hash array @@ -150,7 +150,7 @@ struct private_task_manager_t { /** * Sequence number of the last sent message */ - u_int32_t seqnr; + uint32_t seqnr; /** * how many times we have retransmitted so far @@ -212,12 +212,12 @@ struct private_task_manager_t { /** * Sequence number for sending DPD requests */ - u_int32_t dpd_send; + uint32_t dpd_send; /** * Sequence number for received DPD requests */ - u_int32_t dpd_recv; + uint32_t dpd_recv; }; /** @@ -341,11 +341,11 @@ static bool generate_message(private_task_manager_t *this, message_t *message, /** * Retransmit a packet (or its fragments) */ -static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, +static status_t retransmit_packet(private_task_manager_t *this, uint32_t seqnr, u_int mid, u_int retransmitted, array_t *packets) { packet_t *packet; - u_int32_t t; + uint32_t t; array_get(packets, 0, &packet); if (retransmitted > this->retransmit_tries) @@ -354,14 +354,15 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_TIMEOUT, packet); return DESTROY_ME; } - t = (u_int32_t)(this->retransmit_timeout * 1000.0 * + t = (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, retransmitted)); if (retransmitted) { DBG1(DBG_IKE, "sending retransmit %u of %s message ID %u, seq %u", retransmitted, seqnr < RESPONDING_SEQ ? "request" : "response", mid, seqnr < RESPONDING_SEQ ? seqnr : seqnr - RESPONDING_SEQ); - charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet, + retransmitted); } send_packets(this, packets); lib->scheduler->schedule_job_ms(lib->scheduler, (job_t*) @@ -370,7 +371,7 @@ static status_t retransmit_packet(private_task_manager_t *this, u_int32_t seqnr, } METHOD(task_manager_t, retransmit, status_t, - private_task_manager_t *this, u_int32_t seqnr) + private_task_manager_t *this, uint32_t seqnr) { status_t status = SUCCESS; @@ -514,26 +515,26 @@ METHOD(task_manager_t, initiate, status_t, new_mid = TRUE; break; } - if (!mode_config_expected(this) && - activate_task(this, TASK_QUICK_MODE)) + if (activate_task(this, TASK_ISAKMP_DELETE)) { - exchange = QUICK_MODE; + exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_INFORMATIONAL)) + if (activate_task(this, TASK_QUICK_DELETE)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; break; } - if (activate_task(this, TASK_QUICK_DELETE)) + if (!mode_config_expected(this) && + activate_task(this, TASK_QUICK_MODE)) { - exchange = INFORMATIONAL_V1; + exchange = QUICK_MODE; new_mid = TRUE; break; } - if (activate_task(this, TASK_ISAKMP_DELETE)) + if (activate_task(this, TASK_INFORMATIONAL)) { exchange = INFORMATIONAL_V1; new_mid = TRUE; @@ -807,7 +808,7 @@ static void send_notify(private_task_manager_t *this, message_t *request, message_t *response; array_t *packets = NULL; host_t *me, *other; - u_int32_t mid; + uint32_t mid; if (request->get_exchange_type(request) == INFORMATIONAL_V1) { /* don't respond to INFORMATIONAL requests to avoid a notify war */ @@ -857,7 +858,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message) { notify_payload_t *notify; notify_type_t type; - u_int32_t seq; + uint32_t seq; chunk_t data; type = DPD_R_U_THERE; @@ -910,7 +911,7 @@ static bool process_dpd(private_task_manager_t *this, message_t *message) * Check if we already have a quick mode task queued for the exchange with the * given message ID */ -static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) +static bool have_quick_mode_task(private_task_manager_t *this, uint32_t mid) { enumerator_t *enumerator; quick_mode_t *qm; @@ -935,9 +936,9 @@ static bool have_quick_mode_task(private_task_manager_t *this, u_int32_t mid) } /** - * Check if we still have an aggressive mode task queued + * Check if we still have a specific task queued */ -static bool have_aggressive_mode_task(private_task_manager_t *this) +static bool have_task_queued(private_task_manager_t *this, task_type_t type) { enumerator_t *enumerator; task_t *task; @@ -946,7 +947,7 @@ static bool have_aggressive_mode_task(private_task_manager_t *this) enumerator = this->passive_tasks->create_enumerator(this->passive_tasks); while (enumerator->enumerate(enumerator, &task)) { - if (task->get_type(task) == TASK_AGGRESSIVE_MODE) + if (task->get_type(task) == type) { found = TRUE; break; @@ -1180,6 +1181,12 @@ static status_t process_response(private_task_manager_t *this, } enumerator->destroy(enumerator); + if (this->initiating.retransmitted) + { + packet_t *packet = NULL; + array_get(this->initiating.packets, 0, &packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet); + } this->initiating.type = EXCHANGE_TYPE_UNDEFINED; clear_packets(this->initiating.packets); @@ -1305,7 +1312,7 @@ static status_t queue_message(private_task_manager_t *this, message_t *msg) METHOD(task_manager_t, process_message, status_t, private_task_manager_t *this, message_t *msg) { - u_int32_t hash, mid, i; + uint32_t hash, mid, i; host_t *me, *other; status_t status; @@ -1405,7 +1412,7 @@ METHOD(task_manager_t, process_message, status_t, /* drop XAuth/Mode Config/Quick Mode messages until we received the last * Aggressive Mode message. since Informational messages are not * retransmitted we queue them. */ - if (have_aggressive_mode_task(this)) + if (have_task_queued(this, TASK_AGGRESSIVE_MODE)) { if (msg->get_exchange_type(msg) == INFORMATIONAL_V1) { @@ -1427,6 +1434,13 @@ METHOD(task_manager_t, process_message, status_t, return queue_message(this, msg); } + /* some peers send INITIAL_CONTACT notifies during XAuth, cache it */ + if (have_task_queued(this, TASK_XAUTH) && + msg->get_exchange_type(msg) == INFORMATIONAL_V1) + { + return queue_message(this, msg); + } + msg->set_request(msg, TRUE); charon->bus->message(charon->bus, msg, TRUE, FALSE); status = parse_message(this, msg); @@ -1499,8 +1513,8 @@ static bool has_queued(private_task_manager_t *this, task_type_t type) return found; } -METHOD(task_manager_t, queue_task, void, - private_task_manager_t *this, task_t *task) +METHOD(task_manager_t, queue_task_delayed, void, + private_task_manager_t *this, task_t *task, uint32_t delay) { task_type_t type = task->get_type(task); @@ -1521,6 +1535,12 @@ METHOD(task_manager_t, queue_task, void, this->queued_tasks->insert_last(this->queued_tasks, task); } +METHOD(task_manager_t, queue_task, void, + private_task_manager_t *this, task_t *task) +{ + queue_task_delayed(this, task, 0); +} + METHOD(task_manager_t, queue_ike, void, private_task_manager_t *this) { @@ -1660,7 +1680,7 @@ METHOD(task_manager_t, queue_mobike, void, } METHOD(task_manager_t, queue_child, void, - private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid, + private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { quick_mode_t *task; @@ -1739,7 +1759,7 @@ static traffic_selector_t* get_first_ts(child_sa_t *child_sa, bool local) } METHOD(task_manager_t, queue_child_rekey, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi) + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi) { child_sa_t *child_sa; child_cfg_t *cfg; @@ -1754,6 +1774,7 @@ METHOD(task_manager_t, queue_child_rekey, void, { if (is_redundant(this, child_sa)) { + child_sa->set_state(child_sa, CHILD_REKEYED); queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, spi, FALSE, FALSE)); } @@ -1774,7 +1795,7 @@ METHOD(task_manager_t, queue_child_rekey, void, } METHOD(task_manager_t, queue_child_delete, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi, + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi, bool expired) { queue_task(this, (task_t*)quick_delete_create(this->ike_sa, protocol, @@ -1785,7 +1806,7 @@ METHOD(task_manager_t, queue_dpd, void, private_task_manager_t *this) { peer_cfg_t *peer_cfg; - u_int32_t t, retransmit; + uint32_t t, retransmit; queue_task(this, (task_t*)isakmp_dpd_create(this->ike_sa, DPD_R_U_THERE, this->dpd_send++)); @@ -1798,7 +1819,7 @@ METHOD(task_manager_t, queue_dpd, void, /* use the same timeout as a retransmitting IKE message would have */ for (retransmit = 0; retransmit <= this->retransmit_tries; retransmit++) { - t += (u_int32_t)(this->retransmit_timeout * 1000.0 * + t += (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, retransmit)); } } @@ -1871,7 +1892,7 @@ METHOD(task_manager_t, incr_mid, void, } METHOD(task_manager_t, reset, void, - private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) + private_task_manager_t *this, uint32_t initiate, uint32_t respond) { enumerator_t *enumerator; task_t *task; @@ -1960,6 +1981,7 @@ task_manager_v1_t *task_manager_v1_create(ike_sa_t *ike_sa) .task_manager = { .process_message = _process_message, .queue_task = _queue_task, + .queue_task_delayed = _queue_task_delayed, .queue_ike = _queue_ike, .queue_ike_rekey = _queue_ike_rekey, .queue_ike_reauth = _queue_ike_reauth, diff --git a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c index 710bf1cd2..9b5f676a3 100644 --- a/src/libcharon/sa/ikev1/tasks/aggressive_mode.c +++ b/src/libcharon/sa/ikev1/tasks/aggressive_mode.c @@ -77,7 +77,7 @@ struct private_aggressive_mode_t { /** * Negotiated SA lifetime */ - u_int32_t lifetime; + uint32_t lifetime; /** * Negotiated authentication method @@ -164,7 +164,7 @@ static status_t send_notify(private_aggressive_mode_t *this, notify_type_t type) { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -219,7 +219,7 @@ METHOD(task_t, build_i, status_t, linked_list_t *proposals; identification_t *id; packet_t *packet; - u_int16_t group; + uint16_t group; DBG0(DBG_IKE, "initiating Aggressive Mode IKE_SA %s[%d] to %H", this->ike_sa->get_name(this->ike_sa), @@ -377,7 +377,8 @@ METHOD(task_t, process_r, status_t, id_payload_t *id_payload; identification_t *id; linked_list_t *list; - u_int16_t group; + uint16_t group; + bool prefer_configured; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Aggressive Mode IKE_SA", @@ -401,8 +402,10 @@ METHOD(task_t, process_r, status_t, } list = sa_payload->get_proposals(sa_payload); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE); + list, FALSE, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -629,7 +632,7 @@ METHOD(task_t, process_i, status_t, id_payload_t *id_payload; identification_t *id, *cid; linked_list_t *list; - u_int32_t lifetime; + uint32_t lifetime; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -640,7 +643,7 @@ METHOD(task_t, process_i, status_t, } list = sa_payload->get_proposals(sa_payload); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, FALSE); + list, FALSE, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c index a56805afb..df0293d4f 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_delete.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_delete.c @@ -81,7 +81,7 @@ METHOD(task_t, process_r, status_t, payload_t *payload; delete_payload_t *delete_payload; ike_sa_id_t *id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; bool found = FALSE; /* some peers send DELETE payloads for other IKE_SAs, e.g. those for expired diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c index 5522e9221..840d352b1 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.c @@ -33,7 +33,7 @@ struct private_isakmp_dpd_t { /** * Sequence number. */ - u_int32_t seqnr; + uint32_t seqnr; /** * DPD notify type @@ -51,8 +51,8 @@ METHOD(task_t, build, status_t, { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; - u_int32_t seqnr; + uint64_t spi_i, spi_r; + uint32_t seqnr; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -100,7 +100,7 @@ METHOD(task_t, destroy, void, * Described in header. */ isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type, - u_int32_t seqnr) + uint32_t seqnr) { private_isakmp_dpd_t *this; diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h index 06a0175eb..9a69b423c 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h +++ b/src/libcharon/sa/ikev1/tasks/isakmp_dpd.h @@ -47,6 +47,6 @@ struct isakmp_dpd_t { * @return ISAKMP_DPD task to handle by the task_manager */ isakmp_dpd_t *isakmp_dpd_create(ike_sa_t *ike_sa, notify_type_t type, - u_int32_t seqnr); + uint32_t seqnr); #endif /** ISAKMP_DPD_H_ @}*/ diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c index cb1a31371..d17948cd0 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_natd.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_natd.c @@ -129,8 +129,8 @@ static chunk_t generate_natd_hash(private_isakmp_natd_t *this, { hasher_t *hasher; chunk_t natd_chunk, natd_hash; - u_int64_t spi_i, spi_r; - u_int16_t port; + uint64_t spi_i, spi_r; + uint16_t port; hasher = this->keymat->get_hasher(this->keymat); if (!hasher) diff --git a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c index 0162fd84e..f28b83e8a 100644 --- a/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c +++ b/src/libcharon/sa/ikev1/tasks/isakmp_vendor.c @@ -170,7 +170,7 @@ static struct { * for fragmentation of base ISAKMP messages (Cisco adds that and thus sends * 0xc0000000) */ -static const u_int32_t fragmentation_ike = 0x80000000; +static const uint32_t fragmentation_ike = 0x80000000; static bool is_known_vid(chunk_t data, int i) { diff --git a/src/libcharon/sa/ikev1/tasks/main_mode.c b/src/libcharon/sa/ikev1/tasks/main_mode.c index 3ea4a2a85..628ea0de8 100644 --- a/src/libcharon/sa/ikev1/tasks/main_mode.c +++ b/src/libcharon/sa/ikev1/tasks/main_mode.c @@ -77,7 +77,7 @@ struct private_main_mode_t { /** * Negotiated SA lifetime */ - u_int32_t lifetime; + uint32_t lifetime; /** * Negotiated authentication method @@ -173,7 +173,7 @@ static status_t send_notify(private_main_mode_t *this, notify_type_t type) { notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; notify = notify_payload_create_from_protocol_and_type(PLV1_NOTIFY, @@ -215,7 +215,7 @@ static void add_initial_contact(private_main_mode_t *this, message_t *message, host_t *host; notify_payload_t *notify; ike_sa_id_t *ike_sa_id; - u_int64_t spi_i, spi_r; + uint64_t spi_i, spi_r; chunk_t spi; idr = this->ph1->get_id(this->ph1, this->peer_cfg, FALSE); @@ -303,7 +303,7 @@ METHOD(task_t, build_i, status_t, } case MM_SA: { - u_int16_t group; + uint16_t group; if (!this->ph1->create_hasher(this->ph1)) { @@ -367,7 +367,7 @@ METHOD(task_t, process_r, status_t, { linked_list_t *list; sa_payload_t *sa_payload; - bool private; + bool private, prefer_configured; this->ike_cfg = this->ike_sa->get_ike_cfg(this->ike_sa); DBG0(DBG_IKE, "%H is initiating a Main Mode IKE_SA", @@ -392,9 +392,11 @@ METHOD(task_t, process_r, status_t, list = sa_payload->get_proposals(sa_payload); private = this->ike_sa->supports_extension(this->ike_sa, - EXT_STRONGSWAN); + EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private); + list, private, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -411,7 +413,7 @@ METHOD(task_t, process_r, status_t, } case MM_SA: { - u_int16_t group; + uint16_t group; if (!this->ph1->create_hasher(this->ph1)) { @@ -627,7 +629,7 @@ METHOD(task_t, process_i, status_t, linked_list_t *list; sa_payload_t *sa_payload; auth_method_t method; - u_int32_t lifetime; + uint32_t lifetime; bool private; sa_payload = (sa_payload_t*)message->get_payload(message, @@ -641,7 +643,7 @@ METHOD(task_t, process_i, status_t, private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); this->proposal = this->ike_cfg->select_proposal(this->ike_cfg, - list, private); + list, private, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { diff --git a/src/libcharon/sa/ikev1/tasks/mode_config.c b/src/libcharon/sa/ikev1/tasks/mode_config.c index b9f924009..7098d24a2 100644 --- a/src/libcharon/sa/ikev1/tasks/mode_config.c +++ b/src/libcharon/sa/ikev1/tasks/mode_config.c @@ -58,7 +58,7 @@ struct private_mode_config_t { /** * Identifier to include in response */ - u_int16_t identifier; + uint16_t identifier; }; /** diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.c b/src/libcharon/sa/ikev1/tasks/quick_delete.c index ade59a2dd..66ef50811 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.c +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.c @@ -69,7 +69,7 @@ struct private_quick_delete_t { /** * Inbound SPI of CHILD_SA to delete */ - u_int32_t spi; + uint32_t spi; /** * Send delete even if SA does not exist @@ -86,9 +86,9 @@ struct private_quick_delete_t { * Delete the specified CHILD_SA, if found */ static bool delete_child(private_quick_delete_t *this, protocol_id_t protocol, - u_int32_t spi, bool remote_close) + uint32_t spi, bool remote_close) { - u_int64_t bytes_in, bytes_out; + uint64_t bytes_in, bytes_out; child_sa_t *child_sa; linked_list_t *my_ts, *other_ts; child_cfg_t *child_cfg; @@ -200,7 +200,7 @@ METHOD(task_t, process_r, status_t, payload_t *payload; delete_payload_t *delete_payload; protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; payloads = message->create_payload_enumerator(message); while (payloads->enumerate(payloads, &payload)) @@ -260,7 +260,7 @@ METHOD(task_t, destroy, void, * Described in header. */ quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool force, bool expired) + uint32_t spi, bool force, bool expired) { private_quick_delete_t *this; diff --git a/src/libcharon/sa/ikev1/tasks/quick_delete.h b/src/libcharon/sa/ikev1/tasks/quick_delete.h index 4df30c8fe..6227b364b 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_delete.h +++ b/src/libcharon/sa/ikev1/tasks/quick_delete.h @@ -50,6 +50,6 @@ struct quick_delete_t { * @return quick_delete task to handle by the task_manager */ quick_delete_t *quick_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool force, bool expired); + uint32_t spi, bool force, bool expired); #endif /** QUICK_DELETE_H_ @}*/ diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.c b/src/libcharon/sa/ikev1/tasks/quick_mode.c index b4fe04663..bbd1cb09f 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.c +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.c @@ -98,22 +98,22 @@ struct private_quick_mode_t { /** * Initiators ESP SPI */ - u_int32_t spi_i; + uint32_t spi_i; /** * Responder ESP SPI */ - u_int32_t spi_r; + uint32_t spi_r; /** * Initiators IPComp CPI */ - u_int16_t cpi_i; + uint16_t cpi_i; /** * Responders IPComp CPI */ - u_int16_t cpi_r; + uint16_t cpi_r; /** * selected CHILD_SA proposal @@ -143,17 +143,17 @@ struct private_quick_mode_t { /** * Negotiated lifetime of new SA */ - u_int32_t lifetime; + uint32_t lifetime; /** - * Negotaited lifebytes of new SA + * Negotiated lifebytes of new SA */ - u_int64_t lifebytes; + uint64_t lifebytes; /** * Reqid to use, 0 for auto-allocate */ - u_int32_t reqid; + uint32_t reqid; /** * Explicit inbound mark value to use, if any @@ -168,7 +168,7 @@ struct private_quick_mode_t { /** * SPI of SA we rekey */ - u_int32_t rekey; + uint32_t rekey; /** * Delete old child after successful rekey @@ -193,7 +193,7 @@ struct private_quick_mode_t { /** * Message ID of handled quick mode exchange */ - u_int32_t mid; + uint32_t mid; /** states of quick mode */ enum { @@ -207,7 +207,7 @@ struct private_quick_mode_t { */ static void schedule_inactivity_timeout(private_quick_mode_t *this) { - u_int32_t timeout; + uint32_t timeout; bool close_ike; timeout = this->config->get_inactivity(this->config); @@ -722,12 +722,12 @@ static void get_lifetimes(private_quick_mode_t *this) { lifetime_cfg_t *lft; - lft = this->config->get_lifetime(this->config); + lft = this->config->get_lifetime(this->config, TRUE); if (lft->time.life) { this->lifetime = lft->time.life; } - else if (lft->bytes.life) + if (lft->bytes.life) { this->lifebytes = lft->bytes.life; } @@ -739,8 +739,8 @@ static void get_lifetimes(private_quick_mode_t *this) */ static void apply_lifetimes(private_quick_mode_t *this, sa_payload_t *sa_payload) { - u_int32_t lifetime; - u_int64_t lifebytes; + uint32_t lifetime; + uint64_t lifebytes; lifetime = sa_payload->get_lifetime(sa_payload); lifebytes = sa_payload->get_lifebytes(sa_payload); @@ -863,7 +863,7 @@ METHOD(task_t, build_i, status_t, if (group != MODP_NONE) { proposal_t *proposal; - u_int16_t preferred_group; + uint16_t preferred_group; proposal = this->ike_sa->get_proposal(this->ike_sa); proposal->get_algorithm(proposal, DIFFIE_HELLMAN_GROUP, @@ -1007,7 +1007,6 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) { case CHILD_INSTALLED: case CHILD_REKEYING: - case CHILD_REKEYED: policies = child_sa->create_policy_enumerator(child_sa); if (policies->enumerate(policies, &local, &remote) && local->equals(local, this->tsr) && @@ -1026,9 +1025,10 @@ static void check_for_rekeyed_child(private_quick_mode_t *this) child_sa->get_unique_id(child_sa)); } policies->destroy(policies); - break; - default: - break; + break; + case CHILD_REKEYED: + default: + break; } } } @@ -1050,8 +1050,8 @@ METHOD(task_t, process_r, status_t, sa_payload_t *sa_payload; linked_list_t *tsi, *tsr, *hostsi, *hostsr, *list = NULL; peer_cfg_t *peer_cfg; - u_int16_t group; - bool private; + uint16_t group; + bool private, prefer_configured; sa_payload = (sa_payload_t*)message->get_payload(message, PLV1_SECURITY_ASSOCIATION); @@ -1109,8 +1109,10 @@ METHOD(task_t, process_r, status_t, } private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - this->proposal = this->config->select_proposal(this->config, - list, FALSE, private); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); + this->proposal = this->config->select_proposal(this->config, list, + FALSE, private, prefer_configured); list->destroy_offset(list, offsetof(proposal_t, destroy)); get_lifetimes(this); @@ -1323,8 +1325,8 @@ METHOD(task_t, process_i, status_t, } private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); - this->proposal = this->config->select_proposal(this->config, - list, FALSE, private); + this->proposal = this->config->select_proposal(this->config, list, + FALSE, private, TRUE); list->destroy_offset(list, offsetof(proposal_t, destroy)); if (!this->proposal) { @@ -1365,14 +1367,14 @@ METHOD(task_t, get_type, task_type_t, return TASK_QUICK_MODE; } -METHOD(quick_mode_t, get_mid, u_int32_t, +METHOD(quick_mode_t, get_mid, uint32_t, private_quick_mode_t *this) { return this->mid; } METHOD(quick_mode_t, use_reqid, void, - private_quick_mode_t *this, u_int32_t reqid) + private_quick_mode_t *this, uint32_t reqid) { this->reqid = reqid; } @@ -1385,7 +1387,7 @@ METHOD(quick_mode_t, use_marks, void, } METHOD(quick_mode_t, rekey, void, - private_quick_mode_t *this, u_int32_t spi) + private_quick_mode_t *this, uint32_t spi) { this->rekey = spi; } diff --git a/src/libcharon/sa/ikev1/tasks/quick_mode.h b/src/libcharon/sa/ikev1/tasks/quick_mode.h index 062d63465..fe684568a 100644 --- a/src/libcharon/sa/ikev1/tasks/quick_mode.h +++ b/src/libcharon/sa/ikev1/tasks/quick_mode.h @@ -46,14 +46,14 @@ struct quick_mode_t { * * @return message ID, or 0 (not defined yet or as initiator) */ - u_int32_t (*get_mid)(quick_mode_t *this); + uint32_t (*get_mid)(quick_mode_t *this); /** * Use a specific reqid to install this CHILD_SA. * * @param reqid reqid to use */ - void (*use_reqid)(quick_mode_t *this, u_int32_t reqid); + void (*use_reqid)(quick_mode_t *this, uint32_t reqid); /** * Use specific mark values, overriding configuration. @@ -68,7 +68,7 @@ struct quick_mode_t { * * @param spi spi of SA to rekey */ - void (*rekey)(quick_mode_t *this, u_int32_t spi); + void (*rekey)(quick_mode_t *this, uint32_t spi); }; /** diff --git a/src/libcharon/sa/ikev1/tasks/xauth.c b/src/libcharon/sa/ikev1/tasks/xauth.c index ecdfc780d..968b4386c 100644 --- a/src/libcharon/sa/ikev1/tasks/xauth.c +++ b/src/libcharon/sa/ikev1/tasks/xauth.c @@ -68,7 +68,7 @@ struct private_xauth_t { /** * received identifier */ - u_int16_t identifier; + uint16_t identifier; /** * status of Xauth exchange diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c index 91f6187f9..3ab59fada 100644 --- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c @@ -104,7 +104,7 @@ struct private_eap_authenticator_t { * load an EAP method */ static eap_method_t *load_method(private_eap_authenticator_t *this, - eap_type_t type, u_int32_t vendor, eap_role_t role) + eap_type_t type, uint32_t vendor, eap_role_t role) { identification_t *server, *peer, *aaa; auth_cfg_t *auth; @@ -143,7 +143,7 @@ static eap_payload_t* server_initiate_eap(private_eap_authenticator_t *this, auth_cfg_t *auth; eap_type_t type; identification_t *id; - u_int32_t vendor; + uint32_t vendor; eap_payload_t *out; char *action; @@ -237,7 +237,7 @@ static eap_payload_t* server_process_eap(private_eap_authenticator_t *this, eap_payload_t *in) { eap_type_t type, received_type, conf_type; - u_int32_t vendor, received_vendor, conf_vendor; + uint32_t vendor, received_vendor, conf_vendor; eap_payload_t *out; auth_cfg_t *auth; @@ -341,7 +341,7 @@ static eap_payload_t* client_process_eap(private_eap_authenticator_t *this, eap_payload_t *in) { eap_type_t type, conf_type; - u_int32_t vendor, conf_vendor; + uint32_t vendor, conf_vendor; auth_cfg_t *auth; eap_payload_t *out; identification_t *id; @@ -449,7 +449,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message, auth_cfg_t *auth; keymat_v2_t *keymat; eap_type_t type; - u_int32_t vendor; + uint32_t vendor; auth_payload = (auth_payload_t*)message->get_payload(message, PLV2_AUTH); @@ -595,7 +595,7 @@ METHOD(authenticator_t, process_client, status_t, } if (this->require_mutual && !this->method->is_mutual(this->method)) { /* we require mutual authentication due to EAP-only */ - u_int32_t vendor; + uint32_t vendor; DBG1(DBG_IKE, "EAP-only authentication requires a mutual and " "MSK deriving EAP method, but %N is not", @@ -623,7 +623,7 @@ METHOD(authenticator_t, process_client, status_t, case EAP_SUCCESS: { eap_type_t type; - u_int32_t vendor; + uint32_t vendor; auth_cfg_t *cfg; if (this->method->get_msk(this->method, &this->msk) == SUCCESS) @@ -685,7 +685,7 @@ METHOD(authenticator_t, is_mutual, bool, { if (this->method) { - u_int32_t vendor; + uint32_t vendor; if (this->method->get_type(this->method, &vendor) != EAP_IDENTITY || vendor != 0) diff --git a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c index 04ccd4f4f..6fd34e0a6 100644 --- a/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c +++ b/src/libcharon/sa/ikev2/authenticators/pubkey_authenticator.c @@ -63,7 +63,7 @@ struct private_pubkey_authenticator_t { static bool parse_signature_auth_data(chunk_t *auth_data, key_type_t *key_type, signature_scheme_t *scheme) { - u_int8_t len; + uint8_t len; int oid; if (!auth_data->len) @@ -91,7 +91,7 @@ static bool build_signature_auth_data(chunk_t *auth_data, signature_scheme_t scheme) { chunk_t data; - u_int8_t len; + uint8_t len; int oid; oid = signature_scheme_to_oid(scheme); diff --git a/src/libcharon/sa/ikev2/connect_manager.c b/src/libcharon/sa/ikev2/connect_manager.c index 161c4fdaf..280796d8c 100644 --- a/src/libcharon/sa/ikev2/connect_manager.c +++ b/src/libcharon/sa/ikev2/connect_manager.c @@ -92,10 +92,10 @@ typedef struct endpoint_pair_t endpoint_pair_t; */ struct endpoint_pair_t { /** pair id */ - u_int32_t id; + uint32_t id; /** priority */ - u_int64_t priority; + uint64_t priority; /** local endpoint */ host_t *local; @@ -107,7 +107,7 @@ struct endpoint_pair_t { check_state_t state; /** number of retransmissions */ - u_int32_t retransmitted; + uint32_t retransmitted; /** the generated packet */ packet_t *packet; @@ -132,8 +132,8 @@ static endpoint_pair_t *endpoint_pair_create(endpoint_notify_t *initiator, { endpoint_pair_t *this; - u_int32_t pi = initiator->get_priority(initiator); - u_int32_t pr = responder->get_priority(responder); + uint32_t pi = initiator->get_priority(initiator); + uint32_t pr = responder->get_priority(responder); INIT(this, .priority = pow(2, 32) * min(pi, pr) + 2 * max(pi, pr) @@ -313,7 +313,7 @@ typedef struct check_t check_t; */ struct check_t { /** message id */ - u_int32_t mid; + uint32_t mid; /** source of the connectivity check */ host_t *src; @@ -375,7 +375,7 @@ struct callback_data_t { chunk_t connect_id; /** message (pair) id */ - u_int32_t mid; + uint32_t mid; }; /** @@ -406,7 +406,7 @@ static callback_data_t *callback_data_create(private_connect_manager_t *connect_ * Creates a new retransmission data object */ static callback_data_t *retransmit_data_create(private_connect_manager_t *connect_manager, - chunk_t connect_id, u_int32_t mid) + chunk_t connect_id, uint32_t mid) { callback_data_t *this = callback_data_create(connect_manager, connect_id); this->mid = mid; @@ -576,7 +576,7 @@ static status_t get_pair_by_hosts(linked_list_t *pairs, host_t *local, (void**)pair, local, remote); } -static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) +static bool match_pair_by_id(endpoint_pair_t *current, uint32_t *id) { return current->id == *id; } @@ -584,7 +584,7 @@ static bool match_pair_by_id(endpoint_pair_t *current, u_int32_t *id) /** * Searches for a pair with a specific id */ -static status_t get_pair_by_id(check_list_t *checklist, u_int32_t id, +static status_t get_pair_by_id(check_list_t *checklist, uint32_t id, endpoint_pair_t **pair) { return checklist->pairs->find_first(checklist->pairs, @@ -669,7 +669,7 @@ static void prune_pairs(linked_list_t *pairs) { enumerator_t *enumerator, *search; endpoint_pair_t *current, *other; - u_int32_t id = 0; + uint32_t id = 0; enumerator = pairs->create_enumerator(pairs); search = pairs->create_enumerator(pairs); @@ -826,7 +826,7 @@ static status_t process_payloads(message_t *message, check_t *check) static chunk_t build_signature(private_connect_manager_t *this, check_list_t *checklist, check_t *check, bool outbound) { - u_int32_t mid; + uint32_t mid; chunk_t mid_chunk, key_chunk, sig_chunk; chunk_t sig_hash; @@ -851,7 +851,7 @@ static chunk_t build_signature(private_connect_manager_t *this, } static void queue_retransmission(private_connect_manager_t *this, check_list_t *checklist, endpoint_pair_t *pair); -static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, u_int32_t time); +static void schedule_checks(private_connect_manager_t *this, check_list_t *checklist, uint32_t time); static void finish_checks(private_connect_manager_t *this, check_list_t *checklist); /** @@ -1019,11 +1019,11 @@ static void queue_retransmission(private_connect_manager_t *this, check_list_t * job = (job_t*)callback_job_create((callback_job_cb_t)retransmit, data, (callback_job_cleanup_t)callback_data_destroy, NULL); - u_int32_t retransmission = pair->retransmitted + 1; - u_int32_t rto = ME_INTERVAL; + uint32_t retransmission = pair->retransmitted + 1; + uint32_t rto = ME_INTERVAL; if (retransmission > ME_BOOST) { - rto = (u_int32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST)); + rto = (uint32_t)(ME_INTERVAL * pow(ME_RETRANS_BASE, retransmission - ME_BOOST)); } DBG2(DBG_IKE, "scheduling retransmission %d of pair '%d' in %dms", retransmission, pair->id, rto); @@ -1165,7 +1165,7 @@ static job_requeue_t sender(callback_data_t *data) * Schedules checks for a checklist (time in ms) */ static void schedule_checks(private_connect_manager_t *this, - check_list_t *checklist, u_int32_t time) + check_list_t *checklist, uint32_t time) { callback_data_t *data = callback_data_create(this, checklist->connect_id); checklist->sender = (job_t*)callback_job_create((callback_job_cb_t)sender, diff --git a/src/libcharon/sa/ikev2/keymat_v2.c b/src/libcharon/sa/ikev2/keymat_v2.c index 55cb5dd9c..e37399841 100644 --- a/src/libcharon/sa/ikev2/keymat_v2.c +++ b/src/libcharon/sa/ikev2/keymat_v2.c @@ -99,8 +99,8 @@ METHOD(keymat_t, create_nonce_gen, nonce_gen_t*, /** * Derive IKE keys for a combined AEAD algorithm */ -static bool derive_ike_aead(private_keymat_v2_t *this, u_int16_t alg, - u_int16_t key_size, prf_plus_t *prf_plus) +static bool derive_ike_aead(private_keymat_v2_t *this, uint16_t alg, + uint16_t key_size, prf_plus_t *prf_plus) { aead_t *aead_i, *aead_r; chunk_t key = chunk_empty; @@ -189,8 +189,8 @@ failure: /** * Derive IKE keys for traditional encryption and MAC algorithms */ -static bool derive_ike_traditional(private_keymat_v2_t *this, u_int16_t enc_alg, - u_int16_t enc_size, u_int16_t int_alg, prf_plus_t *prf_plus) +static bool derive_ike_traditional(private_keymat_v2_t *this, uint16_t enc_alg, + uint16_t enc_size, uint16_t int_alg, prf_plus_t *prf_plus) { crypter_t *crypter_i = NULL, *crypter_r = NULL; signer_t *signer_i, *signer_r; @@ -302,11 +302,11 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, chunk_t skeyseed, key, secret, full_nonce, fixed_nonce, prf_plus_seed; chunk_t spi_i, spi_r; prf_plus_t *prf_plus = NULL; - u_int16_t alg, key_size, int_alg; + uint16_t alg, key_size, int_alg; prf_t *rekey_prf = NULL; - spi_i = chunk_alloca(sizeof(u_int64_t)); - spi_r = chunk_alloca(sizeof(u_int64_t)); + spi_i = chunk_alloca(sizeof(uint64_t)); + spi_r = chunk_alloca(sizeof(uint64_t)); if (!dh->get_shared_secret(dh, &secret)) { @@ -354,8 +354,8 @@ METHOD(keymat_v2_t, derive_ike_keys, bool, break; } fixed_nonce = chunk_cat("cc", nonce_i, nonce_r); - *((u_int64_t*)spi_i.ptr) = id->get_initiator_spi(id); - *((u_int64_t*)spi_r.ptr) = id->get_responder_spi(id); + *((uint64_t*)spi_i.ptr) = id->get_initiator_spi(id); + *((uint64_t*)spi_r.ptr) = id->get_responder_spi(id); prf_plus_seed = chunk_cat("ccc", full_nonce, spi_i, spi_r); /* KEYMAT = prf+ (SKEYSEED, Ni | Nr | SPIi | SPIr) @@ -489,7 +489,7 @@ METHOD(keymat_v2_t, derive_child_keys, bool, chunk_t nonce_i, chunk_t nonce_r, chunk_t *encr_i, chunk_t *integ_i, chunk_t *encr_r, chunk_t *integ_r) { - u_int16_t enc_alg, int_alg, enc_size = 0, int_size = 0; + uint16_t enc_alg, int_alg, enc_size = 0, int_size = 0; chunk_t seed, secret = chunk_empty; prf_plus_t *prf_plus; diff --git a/src/libcharon/sa/ikev2/task_manager_v2.c b/src/libcharon/sa/ikev2/task_manager_v2.c index c2f972ab1..41a4e1b75 100644 --- a/src/libcharon/sa/ikev2/task_manager_v2.c +++ b/src/libcharon/sa/ikev2/task_manager_v2.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2007-2015 Tobias Brunner + * Copyright (C) 2007-2016 Tobias Brunner * Copyright (C) 2007-2010 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -43,30 +43,14 @@ #include <encoding/payloads/unknown_payload.h> #include <processing/jobs/retransmit_job.h> #include <processing/jobs/delete_ike_sa_job.h> +#include <processing/jobs/initiate_tasks_job.h> #ifdef ME #include <sa/ikev2/tasks/ike_me.h> #endif -typedef struct exchange_t exchange_t; - -/** - * An exchange in the air, used do detect and handle retransmission - */ -struct exchange_t { - - /** - * Message ID used for this transaction - */ - u_int32_t mid; - - /** - * generated packet for retransmission - */ - packet_t *packet; -}; - typedef struct private_task_manager_t private_task_manager_t; +typedef struct queued_task_t queued_task_t; /** * private data of the task manager @@ -90,7 +74,7 @@ struct private_task_manager_t { /** * Message ID of the exchange */ - u_int32_t mid; + uint32_t mid; /** * packet(s) for retransmission @@ -111,7 +95,7 @@ struct private_task_manager_t { /** * Message ID of the exchange */ - u_int32_t mid; + uint32_t mid; /** * how many times we have retransmitted so far @@ -182,6 +166,22 @@ struct private_task_manager_t { }; /** + * Queued tasks + */ +struct queued_task_t { + + /** + * Queued task + */ + task_t *task; + + /** + * Time before which the task is not to be initiated + */ + timeval_t time; +}; + +/** * Reset retransmission packet list */ static void clear_packets(array_t *array) @@ -216,6 +216,12 @@ METHOD(task_manager_t, flush_queue, void, } while (array_remove(array, ARRAY_TAIL, &task)) { + if (queue == TASK_QUEUE_QUEUED) + { + queued_task_t *queued = (queued_task_t*)task; + task = queued->task; + free(queued); + } task->destroy(task); } } @@ -229,22 +235,28 @@ METHOD(task_manager_t, flush, void, } /** - * move a task of a specific type from the queue to the active list + * Move a task of a specific type from the queue to the active list, if it is + * not delayed. */ static bool activate_task(private_task_manager_t *this, task_type_t type) { enumerator_t *enumerator; - task_t *task; + queued_task_t *queued; + timeval_t now; bool found = FALSE; + time_monotonic(&now); + enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, (void**)&task)) + while (enumerator->enumerate(enumerator, (void**)&queued)) { - if (task->get_type(task) == type) + if (queued->task->get_type(queued->task) == type && + !timercmp(&now, &queued->time, <)) { DBG2(DBG_IKE, " activating %N task", task_type_names, type); array_remove_at(this->queued_tasks, enumerator); - array_insert(this->active_tasks, ARRAY_TAIL, task); + array_insert(this->active_tasks, ARRAY_TAIL, queued->task); + free(queued); found = TRUE; break; } @@ -303,12 +315,12 @@ static bool generate_message(private_task_manager_t *this, message_t *message, } METHOD(task_manager_t, retransmit, status_t, - private_task_manager_t *this, u_int32_t message_id) + private_task_manager_t *this, uint32_t message_id) { if (message_id == this->initiating.mid && array_count(this->initiating.packets)) { - u_int32_t timeout; + uint32_t timeout; job_t *job; enumerator_t *enumerator; packet_t *packet; @@ -336,7 +348,7 @@ METHOD(task_manager_t, retransmit, status_t, { if (this->initiating.retransmitted <= this->retransmit_tries) { - timeout = (u_int32_t)(this->retransmit_timeout * 1000.0 * + timeout = (uint32_t)(this->retransmit_timeout * 1000.0 * pow(this->retransmit_base, this->initiating.retransmitted)); } else @@ -352,7 +364,8 @@ METHOD(task_manager_t, retransmit, status_t, { DBG1(DBG_IKE, "retransmit %d of request with message ID %d", this->initiating.retransmitted, message_id); - charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND, packet, + this->initiating.retransmitted); } if (!mobike) { @@ -534,6 +547,7 @@ METHOD(task_manager_t, initiate, status_t, break; } case IKE_REKEYING: + case IKE_REKEYED: if (activate_task(this, TASK_IKE_DELETE)) { exchange = INFORMATIONAL; @@ -610,7 +624,8 @@ METHOD(task_manager_t, initiate, status_t, case FAILED: default: this->initiating.type = EXCHANGE_TYPE_UNDEFINED; - if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING) + if (this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING && + this->ike_sa->get_state(this->ike_sa) != IKE_REKEYED) { charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); } @@ -694,6 +709,13 @@ static status_t process_response(private_task_manager_t *this, } enumerator->destroy(enumerator); + if (this->initiating.retransmitted) + { + packet_t *packet = NULL; + array_get(this->initiating.packets, 0, &packet); + charon->bus->alert(charon->bus, ALERT_RETRANSMIT_SEND_CLEARED, packet); + } + /* catch if we get resetted while processing */ this->reset = FALSE; enumerator = array_create_enumerator(this->active_tasks); @@ -751,8 +773,7 @@ static bool handle_collisions(private_task_manager_t *this, task_t *task) /* do we have to check */ if (type == TASK_IKE_REKEY || type == TASK_CHILD_REKEY || - type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE || - type == TASK_IKE_REAUTH) + type == TASK_CHILD_DELETE || type == TASK_IKE_DELETE) { /* find an exchange collision, and notify these tasks */ enumerator = array_create_enumerator(this->active_tasks); @@ -761,8 +782,7 @@ static bool handle_collisions(private_task_manager_t *this, task_t *task) switch (active->get_type(active)) { case TASK_IKE_REKEY: - if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE || - type == TASK_IKE_REAUTH) + if (type == TASK_IKE_REKEY || type == TASK_IKE_DELETE) { ike_rekey_t *rekey = (ike_rekey_t*)active; rekey->collide(rekey, task); @@ -799,7 +819,7 @@ static status_t build_response(private_task_manager_t *this, message_t *request) host_t *me, *other; bool delete = FALSE, hook = FALSE; ike_sa_id_t *id = NULL; - u_int64_t responder_spi = 0; + uint64_t responder_spi = 0; bool result; me = request->get_destination(request); @@ -839,6 +859,10 @@ static status_t build_response(private_task_manager_t *this, message_t *request) /* FALL */ case DESTROY_ME: /* destroy IKE_SA, but SEND response first */ + if (handle_collisions(this, task)) + { + array_remove_at(this->passive_tasks, enumerator); + } delete = TRUE; break; } @@ -901,9 +925,11 @@ static status_t process_request(private_task_manager_t *this, payload_t *payload; notify_payload_t *notify; delete_payload_t *delete; + ike_sa_state_t state; if (array_count(this->passive_tasks) == 0) { /* create tasks depending on request type, if not already some queued */ + state = this->ike_sa->get_state(this->ike_sa); switch (message->get_exchange_type(message)) { case IKE_SA_INIT: @@ -939,8 +965,8 @@ static status_t process_request(private_task_manager_t *this, { /* FIXME: we should prevent this on mediation connections */ bool notify_found = FALSE, ts_found = FALSE; - if (this->ike_sa->get_state(this->ike_sa) == IKE_CREATED || - this->ike_sa->get_state(this->ike_sa) == IKE_CONNECTING) + if (state == IKE_CREATED || + state == IKE_CONNECTING) { DBG1(DBG_IKE, "received CREATE_CHILD_SA request for " "unestablished IKE_SA, rejected"); @@ -1005,6 +1031,14 @@ static status_t process_request(private_task_manager_t *this, case PLV2_NOTIFY: { notify = (notify_payload_t*)payload; + if (state == IKE_REKEYED) + { + DBG1(DBG_IKE, "received unexpected notify %N " + "for rekeyed IKE_SA, ignored", + notify_type_names, + notify->get_notify_type(notify)); + break; + } switch (notify->get_notify_type(notify)) { case ADDITIONAL_IP4_ADDRESS: @@ -1252,7 +1286,7 @@ static void send_notify_response(private_task_manager_t *this, static status_t parse_message(private_task_manager_t *this, message_t *msg) { status_t status; - u_int8_t type = 0; + uint8_t type = 0; status = msg->parse_body(msg, this->ike_sa->get_keymat(this->ike_sa)); @@ -1345,8 +1379,10 @@ METHOD(task_manager_t, process_message, status_t, { host_t *me, *other; status_t status; - u_int32_t mid; + uint32_t mid; bool schedule_delete_job = FALSE; + ike_sa_state_t state; + exchange_type_t type; charon->bus->message(charon->bus, msg, TRUE, FALSE); status = parse_message(this, msg); @@ -1387,15 +1423,16 @@ METHOD(task_manager_t, process_message, status_t, { if (mid == this->responding.mid) { - /* reject initial messages if not received in specific states */ - if ((msg->get_exchange_type(msg) == IKE_SA_INIT && - this->ike_sa->get_state(this->ike_sa) != IKE_CREATED) || - (msg->get_exchange_type(msg) == IKE_AUTH && - this->ike_sa->get_state(this->ike_sa) != IKE_CONNECTING)) + /* reject initial messages if not received in specific states, + * after rekeying we only expect a DELETE in an INFORMATIONAL */ + type = msg->get_exchange_type(msg); + state = this->ike_sa->get_state(this->ike_sa); + if ((type == IKE_SA_INIT && state != IKE_CREATED) || + (type == IKE_AUTH && state != IKE_CONNECTING) || + (state == IKE_REKEYED && type != INFORMATIONAL)) { DBG1(DBG_IKE, "ignoring %N in IKE_SA state %N", - exchange_type_names, msg->get_exchange_type(msg), - ike_sa_state_names, this->ike_sa->get_state(this->ike_sa)); + exchange_type_names, type, ike_sa_state_names, state); return FAILED; } if (!this->ike_sa->supports_extension(this->ike_sa, EXT_MOBIKE)) @@ -1499,18 +1536,19 @@ METHOD(task_manager_t, process_message, status_t, return SUCCESS; } -METHOD(task_manager_t, queue_task, void, - private_task_manager_t *this, task_t *task) +METHOD(task_manager_t, queue_task_delayed, void, + private_task_manager_t *this, task_t *task, uint32_t delay) { + enumerator_t *enumerator; + queued_task_t *queued; + timeval_t time; + if (task->get_type(task) == TASK_IKE_MOBIKE) { /* there is no need to queue more than one mobike task */ - enumerator_t *enumerator; - task_t *current; - enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, ¤t)) + while (enumerator->enumerate(enumerator, &queued)) { - if (current->get_type(current) == TASK_IKE_MOBIKE) + if (queued->task->get_type(queued->task) == TASK_IKE_MOBIKE) { enumerator->destroy(enumerator); task->destroy(task); @@ -1519,8 +1557,35 @@ METHOD(task_manager_t, queue_task, void, } enumerator->destroy(enumerator); } - DBG2(DBG_IKE, "queueing %N task", task_type_names, task->get_type(task)); - array_insert(this->queued_tasks, ARRAY_TAIL, task); + time_monotonic(&time); + if (delay) + { + job_t *job; + + DBG2(DBG_IKE, "queueing %N task (delayed by %us)", task_type_names, + task->get_type(task), delay); + time.tv_sec += delay; + + job = (job_t*)initiate_tasks_job_create( + this->ike_sa->get_id(this->ike_sa)); + lib->scheduler->schedule_job_tv(lib->scheduler, job, time); + } + else + { + DBG2(DBG_IKE, "queueing %N task", task_type_names, + task->get_type(task)); + } + INIT(queued, + .task = task, + .time = time, + ); + array_insert(this->queued_tasks, ARRAY_TAIL, queued); +} + +METHOD(task_manager_t, queue_task, void, + private_task_manager_t *this, task_t *task) +{ + queue_task_delayed(this, task, 0); } /** @@ -1530,12 +1595,12 @@ static bool has_queued(private_task_manager_t *this, task_type_t type) { enumerator_t *enumerator; bool found = FALSE; - task_t *task; + queued_task_t *queued; enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, &task)) + while (enumerator->enumerate(enumerator, &queued)) { - if (task->get_type(task) == type) + if (queued->task->get_type(queued->task) == type) { found = TRUE; break; @@ -1614,7 +1679,7 @@ static void trigger_mbb_reauth(private_task_manager_t *this) child_cfg_t *cfg; ike_sa_t *new; host_t *host; - task_t *task; + queued_task_t *queued; new = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, this->ike_sa->get_version(this->ike_sa), TRUE); @@ -1645,13 +1710,14 @@ static void trigger_mbb_reauth(private_task_manager_t *this) enumerator->destroy(enumerator); enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, &task)) + while (enumerator->enumerate(enumerator, &queued)) { - if (task->get_type(task) == TASK_CHILD_CREATE) + if (queued->task->get_type(queued->task) == TASK_CHILD_CREATE) { - task->migrate(task, new); - new->queue_task(new, task); + queued->task->migrate(queued->task, new); + new->queue_task(new, queued->task); array_remove_at(this->queued_tasks, enumerator); + free(queued); } } enumerator->destroy(enumerator); @@ -1726,7 +1792,7 @@ METHOD(task_manager_t, queue_mobike, void, } METHOD(task_manager_t, queue_child, void, - private_task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid, + private_task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr) { child_create_t *task; @@ -1740,13 +1806,13 @@ METHOD(task_manager_t, queue_child, void, } METHOD(task_manager_t, queue_child_rekey, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi) + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi) { queue_task(this, (task_t*)child_rekey_create(this->ike_sa, protocol, spi)); } METHOD(task_manager_t, queue_child_delete, void, - private_task_manager_t *this, protocol_id_t protocol, u_int32_t spi, + private_task_manager_t *this, protocol_id_t protocol, uint32_t spi, bool expired) { queue_task(this, (task_t*)child_delete_create(this->ike_sa, @@ -1776,34 +1842,62 @@ METHOD(task_manager_t, adopt_tasks, void, private_task_manager_t *this, task_manager_t *other_public) { private_task_manager_t *other = (private_task_manager_t*)other_public; - task_t *task; + queued_task_t *queued; + timeval_t now; + + time_monotonic(&now); /* move queued tasks from other to this */ - while (array_remove(other->queued_tasks, ARRAY_TAIL, &task)) + while (array_remove(other->queued_tasks, ARRAY_TAIL, &queued)) { - DBG2(DBG_IKE, "migrating %N task", task_type_names, task->get_type(task)); - task->migrate(task, this->ike_sa); - array_insert(this->queued_tasks, ARRAY_HEAD, task); + DBG2(DBG_IKE, "migrating %N task", task_type_names, + queued->task->get_type(queued->task)); + queued->task->migrate(queued->task, this->ike_sa); + /* don't delay tasks on the new IKE_SA */ + queued->time = now; + array_insert(this->queued_tasks, ARRAY_HEAD, queued); } } /** - * Migrates child-creating tasks from src to dst + * Migrates child-creating tasks from other to this */ static void migrate_child_tasks(private_task_manager_t *this, - array_t *src, array_t *dst) + private_task_manager_t *other, + task_queue_t queue) { enumerator_t *enumerator; + array_t *array; task_t *task; - enumerator = array_create_enumerator(src); + switch (queue) + { + case TASK_QUEUE_ACTIVE: + array = other->active_tasks; + break; + case TASK_QUEUE_QUEUED: + array = other->queued_tasks; + break; + default: + return; + } + + enumerator = array_create_enumerator(array); while (enumerator->enumerate(enumerator, &task)) { + queued_task_t *queued = NULL; + + if (queue == TASK_QUEUE_QUEUED) + { + queued = (queued_task_t*)task; + task = queued->task; + } if (task->get_type(task) == TASK_CHILD_CREATE) { - array_remove_at(src, enumerator); + array_remove_at(array, enumerator); task->migrate(task, this->ike_sa); - array_insert(dst, ARRAY_TAIL, task); + queue_task(this, task); + free(queued); } } enumerator->destroy(enumerator); @@ -1815,9 +1909,9 @@ METHOD(task_manager_t, adopt_child_tasks, void, private_task_manager_t *other = (private_task_manager_t*)other_public; /* move active child tasks from other to this */ - migrate_child_tasks(this, other->active_tasks, this->queued_tasks); + migrate_child_tasks(this, other, TASK_QUEUE_ACTIVE); /* do the same for queued tasks */ - migrate_child_tasks(this, other->queued_tasks, this->queued_tasks); + migrate_child_tasks(this, other, TASK_QUEUE_QUEUED); } METHOD(task_manager_t, busy, bool, @@ -1827,10 +1921,12 @@ METHOD(task_manager_t, busy, bool, } METHOD(task_manager_t, reset, void, - private_task_manager_t *this, u_int32_t initiate, u_int32_t respond) + private_task_manager_t *this, uint32_t initiate, uint32_t respond) { enumerator_t *enumerator; + queued_task_t *queued; task_t *task; + timeval_t now; /* reset message counters and retransmit packets */ clear_packets(this->responding.packets); @@ -1849,11 +1945,13 @@ METHOD(task_manager_t, reset, void, } this->initiating.type = EXCHANGE_TYPE_UNDEFINED; + time_monotonic(&now); /* reset queued tasks */ enumerator = array_create_enumerator(this->queued_tasks); - while (enumerator->enumerate(enumerator, &task)) + while (enumerator->enumerate(enumerator, &queued)) { - task->migrate(task, this->ike_sa); + queued->time = now; + queued->task->migrate(queued->task, this->ike_sa); } enumerator->destroy(enumerator); @@ -1861,12 +1959,25 @@ METHOD(task_manager_t, reset, void, while (array_remove(this->active_tasks, ARRAY_TAIL, &task)) { task->migrate(task, this->ike_sa); - array_insert(this->queued_tasks, ARRAY_HEAD, task); + INIT(queued, + .task = task, + .time = now, + ); + array_insert(this->queued_tasks, ARRAY_HEAD, queued); } this->reset = TRUE; } +/** + * Filter queued tasks + */ +static bool filter_queued(void *unused, queued_task_t **queued, task_t **task) +{ + *task = (*queued)->task; + return TRUE; +} + METHOD(task_manager_t, create_task_enumerator, enumerator_t*, private_task_manager_t *this, task_queue_t queue) { @@ -1877,7 +1988,9 @@ METHOD(task_manager_t, create_task_enumerator, enumerator_t*, case TASK_QUEUE_PASSIVE: return array_create_enumerator(this->passive_tasks); case TASK_QUEUE_QUEUED: - return array_create_enumerator(this->queued_tasks); + return enumerator_create_filter( + array_create_enumerator(this->queued_tasks), + (void*)filter_queued, NULL, NULL); default: return enumerator_create_empty(); } @@ -1913,6 +2026,7 @@ task_manager_v2_t *task_manager_v2_create(ike_sa_t *ike_sa) .task_manager = { .process_message = _process_message, .queue_task = _queue_task, + .queue_task_delayed = _queue_task_delayed, .queue_ike = _queue_ike, .queue_ike_rekey = _queue_ike_rekey, .queue_ike_reauth = _queue_ike_reauth, diff --git a/src/libcharon/sa/ikev2/tasks/child_create.c b/src/libcharon/sa/ikev2/tasks/child_create.c index 3d4ded944..64a82850b 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.c +++ b/src/libcharon/sa/ikev2/tasks/child_create.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2008 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -29,7 +29,7 @@ #include <encoding/payloads/delete_payload.h> #include <processing/jobs/delete_ike_sa_job.h> #include <processing/jobs/inactivity_job.h> - +#include <processing/jobs/initiate_tasks_job.h> typedef struct private_child_create_t private_child_create_t; @@ -151,27 +151,27 @@ struct private_child_create_t { /** * Own allocated SPI */ - u_int32_t my_spi; + uint32_t my_spi; /** * SPI received in proposal */ - u_int32_t other_spi; + uint32_t other_spi; /** * Own allocated Compression Parameter Index (CPI) */ - u_int16_t my_cpi; + uint16_t my_cpi; /** * Other Compression Parameter Index (CPI), received via IPCOMP_SUPPORTED */ - u_int16_t other_cpi; + uint16_t other_cpi; /** * reqid to use if we are rekeying */ - u_int32_t reqid; + uint32_t reqid; /** * Explicit inbound mark value @@ -205,6 +205,25 @@ struct private_child_create_t { }; /** + * Schedule a retry if creating the CHILD_SA temporary failed + */ +static void schedule_delayed_retry(private_child_create_t *this) +{ + child_create_t *task; + uint32_t retry; + + retry = RETRY_INTERVAL - (random() % RETRY_JITTER); + + task = child_create_create(this->ike_sa, + this->config->get_ref(this->config), FALSE, + this->packet_tsi, this->packet_tsr); + task->use_reqid(task, this->reqid); + DBG1(DBG_IKE, "creating CHILD_SA failed, trying again in %d seconds", + retry); + this->ike_sa->queue_task_delayed(this->ike_sa, (task_t*)task, retry); +} + +/** * get the nonce from a message */ static status_t get_nonce(message_t *message, chunk_t *nonce) @@ -306,7 +325,7 @@ static bool allocate_spi(private_child_create_t *this) */ static void schedule_inactivity_timeout(private_child_create_t *this) { - u_int32_t timeout, id; + uint32_t timeout, id; bool close_ike; timeout = this->config->get_inactivity(this->config); @@ -386,7 +405,7 @@ static linked_list_t* get_transport_nat_ts(private_child_create_t *this, linked_list_t *out; traffic_selector_t *ts; host_t *ike, *first = NULL; - u_int8_t mask; + uint8_t mask; if (local) { @@ -464,7 +483,7 @@ static status_t select_and_install(private_child_create_t *this, chunk_t integ_i = chunk_empty, integ_r = chunk_empty; linked_list_t *my_ts, *other_ts; host_t *me, *other; - bool private; + bool private, prefer_configured; if (this->proposals == NULL) { @@ -481,8 +500,10 @@ static status_t select_and_install(private_child_create_t *this, other = this->ike_sa->get_other_host(this->ike_sa); private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->config->select_proposal(this->config, - this->proposals, no_dh, private); + this->proposals, no_dh, private, prefer_configured); if (this->proposal == NULL) { DBG1(DBG_IKE, "no acceptable proposal found"); @@ -501,7 +522,7 @@ static status_t select_and_install(private_child_create_t *this, if (!this->proposal->has_dh_group(this->proposal, this->dh_group)) { - u_int16_t group; + uint16_t group; if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) @@ -798,7 +819,7 @@ static bool build_payloads(private_child_create_t *this, message_t *message) * Adds an IPCOMP_SUPPORTED notify to the message, allocating a CPI */ static void add_ipcomp_notify(private_child_create_t *this, - message_t *message, u_int8_t ipcomp) + message_t *message, uint8_t ipcomp) { this->my_cpi = this->child_sa->alloc_cpi(this->child_sa); if (this->my_cpi) @@ -838,11 +859,11 @@ static void handle_notify(private_child_create_t *this, notify_payload_t *notify case IPCOMP_SUPPORTED: { ipcomp_transform_t ipcomp; - u_int16_t cpi; + uint16_t cpi; chunk_t data; data = notify->get_notification_data(notify); - cpi = *(u_int16_t*)data.ptr; + cpi = *(uint16_t*)data.ptr; ipcomp = (ipcomp_transform_t)(*(data.ptr + 2)); switch (ipcomp) { @@ -1232,13 +1253,13 @@ METHOD(task_t, build_r, status_t, if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) { DBG1(DBG_IKE, "unable to create CHILD_SA while rekeying IKE_SA"); - message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty); + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); return SUCCESS; } if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) { DBG1(DBG_IKE, "unable to create CHILD_SA while deleting IKE_SA"); - message->add_notify(message, TRUE, NO_ADDITIONAL_SAS, chunk_empty); + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); return SUCCESS; } @@ -1310,7 +1331,7 @@ METHOD(task_t, build_r, status_t, return SUCCESS; case INVALID_ARG: { - u_int16_t group = htons(this->dh_group); + uint16_t group = htons(this->dh_group); message->add_notify(message, FALSE, INVALID_KE_PAYLOAD, chunk_from_thing(group)); handle_child_sa_failure(this, message); @@ -1441,10 +1462,21 @@ METHOD(task_t, process_i, status_t, /* an error in CHILD_SA creation is not critical */ return SUCCESS; } + case TEMPORARY_FAILURE: + { + DBG1(DBG_IKE, "received %N notify, will retry later", + notify_type_names, type); + enumerator->destroy(enumerator); + if (!this->rekey) + { /* the rekey task will retry itself if necessary */ + schedule_delayed_retry(this); + } + return SUCCESS; + } case INVALID_KE_PAYLOAD: { chunk_t data; - u_int16_t group = MODP_NONE; + uint16_t group = MODP_NONE; data = notify->get_notification_data(notify); if (data.len == sizeof(group)) @@ -1529,7 +1561,7 @@ METHOD(task_t, process_i, status_t, } METHOD(child_create_t, use_reqid, void, - private_child_create_t *this, u_int32_t reqid) + private_child_create_t *this, uint32_t reqid) { this->reqid = reqid; } diff --git a/src/libcharon/sa/ikev2/tasks/child_create.h b/src/libcharon/sa/ikev2/tasks/child_create.h index 46d9403ee..f48d7b0a9 100644 --- a/src/libcharon/sa/ikev2/tasks/child_create.h +++ b/src/libcharon/sa/ikev2/tasks/child_create.h @@ -49,7 +49,7 @@ struct child_create_t { * * @param reqid reqid to use */ - void (*use_reqid) (child_create_t *this, u_int32_t reqid); + void (*use_reqid) (child_create_t *this, uint32_t reqid); /** * Use specific mark values to override configuration. diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.c b/src/libcharon/sa/ikev2/tasks/child_delete.c index 877ae0531..6fa8836ac 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.c +++ b/src/libcharon/sa/ikev2/tasks/child_delete.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2009-2016 Tobias Brunner * Copyright (C) 2006-2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -18,7 +19,7 @@ #include <daemon.h> #include <encoding/payloads/delete_payload.h> #include <sa/ikev2/tasks/child_create.h> - +#include <sa/ikev2/tasks/child_rekey.h> typedef struct private_child_delete_t private_child_delete_t; @@ -50,7 +51,7 @@ struct private_child_delete_t { /** * Inbound SPI of CHILD_SA to delete */ - u_int32_t spi; + uint32_t spi; /** * whether to enforce delete action policy @@ -86,7 +87,7 @@ static void build_payloads(private_child_delete_t *this, message_t *message) while (enumerator->enumerate(enumerator, (void**)&child_sa)) { protocol_id_t protocol = child_sa->get_protocol(child_sa); - u_int32_t spi = child_sa->get_spi(child_sa, TRUE); + uint32_t spi = child_sa->get_spi(child_sa, TRUE); switch (protocol) { @@ -119,6 +120,33 @@ static void build_payloads(private_child_delete_t *this, message_t *message) } /** + * Check if the given CHILD_SA is the redundant SA created in a rekey collision. + */ +static bool is_redundant(private_child_delete_t *this, child_sa_t *child) +{ + enumerator_t *tasks; + task_t *task; + + tasks = this->ike_sa->create_task_enumerator(this->ike_sa, + TASK_QUEUE_ACTIVE); + while (tasks->enumerate(tasks, &task)) + { + if (task->get_type(task) == TASK_CHILD_REKEY) + { + child_rekey_t *rekey = (child_rekey_t*)task; + + if (rekey->is_redundant(rekey, child)) + { + tasks->destroy(tasks); + return TRUE; + } + } + } + tasks->destroy(tasks); + return FALSE; +} + +/** * read in payloads and find the children to delete */ static void process_payloads(private_child_delete_t *this, message_t *message) @@ -126,7 +154,7 @@ static void process_payloads(private_child_delete_t *this, message_t *message) enumerator_t *payloads, *spis; payload_t *payload; delete_payload_t *delete_payload; - u_int32_t spi; + uint32_t spi; protocol_id_t protocol; child_sa_t *child_sa; @@ -157,24 +185,31 @@ static void process_payloads(private_child_delete_t *this, message_t *message) switch (child_sa->get_state(child_sa)) { - case CHILD_REKEYING: + case CHILD_REKEYED: this->rekeyed = TRUE; - /* we reply as usual, rekeying will fail */ break; case CHILD_DELETING: /* we don't send back a delete if we initiated ourself */ if (!this->initiator) { - this->ike_sa->destroy_child_sa(this->ike_sa, - protocol, spi); continue; } /* fall through */ + case CHILD_REKEYING: + /* we reply as usual, rekeying will fail */ case CHILD_INSTALLED: if (!this->initiator) - { /* reestablish installed children if required */ - this->check_delete_action = TRUE; + { + if (is_redundant(this, child_sa)) + { + this->rekeyed = TRUE; + } + else + { + this->check_delete_action = TRUE; + } } + break; default: break; } @@ -199,14 +234,14 @@ static status_t destroy_and_reestablish(private_child_delete_t *this) child_sa_t *child_sa; child_cfg_t *child_cfg; protocol_id_t protocol; - u_int32_t spi, reqid; + uint32_t spi, reqid; action_t action; status_t status = SUCCESS; enumerator = this->child_sas->create_enumerator(this->child_sas); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { - /* signal child down event if we are not rekeying */ + /* signal child down event if we weren't rekeying */ if (!this->rekeyed) { charon->bus->child_updown(charon->bus, child_sa, FALSE); @@ -254,7 +289,7 @@ static void log_children(private_child_delete_t *this) linked_list_t *my_ts, *other_ts; enumerator_t *enumerator; child_sa_t *child_sa; - u_int64_t bytes_in, bytes_out; + uint64_t bytes_in, bytes_out; enumerator = this->child_sas->create_enumerator(this->child_sas); while (enumerator->enumerate(enumerator, (void**)&child_sa)) @@ -308,7 +343,7 @@ METHOD(task_t, build_i, status_t, this->spi = child_sa->get_spi(child_sa, TRUE); } this->child_sas->insert_last(this->child_sas, child_sa); - if (child_sa->get_state(child_sa) == CHILD_REKEYING) + if (child_sa->get_state(child_sa) == CHILD_REKEYED) { this->rekeyed = TRUE; } @@ -347,11 +382,7 @@ METHOD(task_t, process_r, status_t, METHOD(task_t, build_r, status_t, private_child_delete_t *this, message_t *message) { - /* if we are rekeying, we send an empty informational */ - if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) - { - build_payloads(this, message); - } + build_payloads(this, message); DBG1(DBG_IKE, "CHILD_SA closed"); return destroy_and_reestablish(this); } @@ -391,7 +422,7 @@ METHOD(task_t, destroy, void, * Described in header. */ child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool expired) + uint32_t spi, bool expired) { private_child_delete_t *this; diff --git a/src/libcharon/sa/ikev2/tasks/child_delete.h b/src/libcharon/sa/ikev2/tasks/child_delete.h index 1ada0699e..1e9b2d2f7 100644 --- a/src/libcharon/sa/ikev2/tasks/child_delete.h +++ b/src/libcharon/sa/ikev2/tasks/child_delete.h @@ -56,6 +56,6 @@ struct child_delete_t { * @return child_delete task to handle by the task_manager */ child_delete_t *child_delete_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi, bool expired); + uint32_t spi, bool expired); #endif /** CHILD_DELETE_H_ @}*/ diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.c b/src/libcharon/sa/ikev2/tasks/child_rekey.c index 6f0c2b2c7..c04ec141f 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2009-2016 Tobias Brunner * Copyright (C) 2005-2007 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -54,7 +55,7 @@ struct private_child_rekey_t { /** * Inbound SPI of CHILD_SA to rekey */ - u_int32_t spi; + uint32_t spi; /** * the CHILD_CREATE task which is reused to simplify rekeying @@ -91,7 +92,7 @@ struct private_child_rekey_t { */ static void schedule_delayed_rekey(private_child_rekey_t *this) { - u_int32_t retry; + uint32_t retry; job_t *job; retry = RETRY_INTERVAL - (random() % RETRY_JITTER); @@ -130,7 +131,7 @@ static void find_child(private_child_rekey_t *this, message_t *message) { notify_payload_t *notify; protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; notify = message->get_notify(message, REKEY_SA); if (notify) @@ -150,7 +151,7 @@ METHOD(task_t, build_i, status_t, private_child_rekey_t *this, message_t *message) { notify_payload_t *notify; - u_int32_t reqid; + uint32_t reqid; child_cfg_t *config; this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, @@ -159,14 +160,21 @@ METHOD(task_t, build_i, status_t, { /* check if it is an outbound CHILD_SA */ this->child_sa = this->ike_sa->get_child_sa(this->ike_sa, this->protocol, this->spi, FALSE); - if (!this->child_sa) - { /* CHILD_SA is gone, unable to rekey. As an empty CREATE_CHILD_SA - * exchange is invalid, we fall back to an INFORMATIONAL exchange.*/ - message->set_exchange_type(message, INFORMATIONAL); - return SUCCESS; + if (this->child_sa) + { + /* we work only with the inbound SPI */ + this->spi = this->child_sa->get_spi(this->child_sa, TRUE); } - /* we work only with the inbound SPI */ - this->spi = this->child_sa->get_spi(this->child_sa, TRUE); + } + if (!this->child_sa || + (!this->child_create && + this->child_sa->get_state(this->child_sa) != CHILD_INSTALLED) || + (this->child_create && + this->child_sa->get_state(this->child_sa) != CHILD_REKEYING)) + { + /* CHILD_SA is gone or in the wrong state, unable to rekey */ + message->set_exchange_type(message, EXCHANGE_TYPE_UNDEFINED); + return SUCCESS; } config = this->child_sa->get_config(this->child_sa); @@ -217,13 +225,19 @@ METHOD(task_t, build_r, status_t, private_child_rekey_t *this, message_t *message) { child_cfg_t *config; - u_int32_t reqid; + uint32_t reqid; + child_sa_state_t state; - if (this->child_sa == NULL || - this->child_sa->get_state(this->child_sa) == CHILD_DELETING) + if (!this->child_sa) { DBG1(DBG_IKE, "unable to rekey, CHILD_SA not found"); - message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); + message->add_notify(message, TRUE, CHILD_SA_NOT_FOUND, chunk_empty); + return SUCCESS; + } + if (this->child_sa->get_state(this->child_sa) == CHILD_DELETING) + { + DBG1(DBG_IKE, "unable to rekey, we are deleting the CHILD_SA"); + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); return SUCCESS; } @@ -237,14 +251,16 @@ METHOD(task_t, build_r, status_t, this->child_create->set_config(this->child_create, config->get_ref(config)); this->child_create->task.build(&this->child_create->task, message); + state = this->child_sa->get_state(this->child_sa); + this->child_sa->set_state(this->child_sa, CHILD_REKEYING); + if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) - { - /* rekeying failed, reuse old child */ - this->child_sa->set_state(this->child_sa, CHILD_INSTALLED); + { /* rekeying failed, reuse old child */ + this->child_sa->set_state(this->child_sa, state); return SUCCESS; } - this->child_sa->set_state(this->child_sa, CHILD_REKEYING); + this->child_sa->set_state(this->child_sa, CHILD_REKEYED); /* invoke rekey hook */ charon->bus->child_rekey(charon->bus, this->child_sa, @@ -284,9 +300,9 @@ static child_sa_t *handle_collision(private_child_rekey_t *this) if (child_sa) { child_sa->set_close_action(child_sa, ACTION_NONE); - if (child_sa->get_state(child_sa) != CHILD_REKEYING) + if (child_sa->get_state(child_sa) != CHILD_REKEYED) { - child_sa->set_state(child_sa, CHILD_REKEYING); + child_sa->set_state(child_sa, CHILD_REKEYED); } } } @@ -324,7 +340,7 @@ METHOD(task_t, process_i, status_t, private_child_rekey_t *this, message_t *message) { protocol_id_t protocol; - u_int32_t spi; + uint32_t spi; child_sa_t *to_delete; if (message->get_notify(message, NO_ADDITIONAL_SAS)) @@ -337,6 +353,34 @@ METHOD(task_t, process_i, status_t, this->ike_sa->get_id(this->ike_sa), TRUE)); return SUCCESS; } + if (message->get_notify(message, CHILD_SA_NOT_FOUND)) + { + child_cfg_t *child_cfg; + uint32_t reqid; + + if (this->collision && + this->collision->get_type(this->collision) == TASK_CHILD_DELETE) + { /* ignore this error if we already deleted the CHILD_SA on the + * peer's behalf (could happen if the other peer does not detect + * the collision and did not respond with TEMPORARY_FAILURE) */ + return SUCCESS; + } + DBG1(DBG_IKE, "peer didn't find the CHILD_SA we tried to rekey"); + /* FIXME: according to RFC 7296 we should only create a new CHILD_SA if + * it does not exist yet, we currently have no good way of checking for + * that (we could go by name, but that might be tricky e.g. due to + * narrowing) */ + spi = this->child_sa->get_spi(this->child_sa, TRUE); + reqid = this->child_sa->get_reqid(this->child_sa); + protocol = this->child_sa->get_protocol(this->child_sa); + child_cfg = this->child_sa->get_config(this->child_sa); + child_cfg->get_ref(child_cfg); + charon->bus->child_updown(charon->bus, this->child_sa, FALSE); + this->ike_sa->destroy_child_sa(this->ike_sa, protocol, spi); + return this->ike_sa->initiate(this->ike_sa, + child_cfg->get_ref(child_cfg), reqid, + NULL, NULL); + } if (this->child_create->task.process(&this->child_create->task, message) == NEED_MORE) @@ -346,10 +390,10 @@ METHOD(task_t, process_i, status_t, } if (message->get_payload(message, PLV2_SECURITY_ASSOCIATION) == NULL) { - /* establishing new child failed, reuse old. but not when we - * received a delete in the meantime */ - if (!(this->collision && - this->collision->get_type(this->collision) == TASK_CHILD_DELETE)) + /* establishing new child failed, reuse old and try again. but not when + * we received a delete in the meantime */ + if (!this->collision || + this->collision->get_type(this->collision) != TASK_CHILD_DELETE) { schedule_delayed_rekey(this); } @@ -377,9 +421,9 @@ METHOD(task_t, process_i, status_t, return SUCCESS; } /* disable updown event for redundant CHILD_SA */ - if (to_delete->get_state(to_delete) != CHILD_REKEYING) + if (to_delete->get_state(to_delete) != CHILD_REKEYED) { - to_delete->set_state(to_delete, CHILD_REKEYING); + to_delete->set_state(to_delete, CHILD_REKEYED); } spi = to_delete->get_spi(to_delete, TRUE); protocol = to_delete->get_protocol(to_delete); @@ -398,6 +442,18 @@ METHOD(task_t, get_type, task_type_t, return TASK_CHILD_REKEY; } +METHOD(child_rekey_t, is_redundant, bool, + private_child_rekey_t *this, child_sa_t *child) +{ + if (this->collision && + this->collision->get_type(this->collision) == TASK_CHILD_REKEY) + { + private_child_rekey_t *rekey = (private_child_rekey_t*)this->collision; + return child == rekey->child_create->get_child(rekey->child_create); + } + return FALSE; +} + METHOD(child_rekey_t, collide, void, private_child_rekey_t *this, task_t *other) { @@ -406,9 +462,18 @@ METHOD(child_rekey_t, collide, void, if (other->get_type(other) == TASK_CHILD_REKEY) { private_child_rekey_t *rekey = (private_child_rekey_t*)other; + child_sa_t *other_child; + if (rekey->child_sa != this->child_sa) + { /* not the same child => no collision */ + other->destroy(other); + return; + } + /* ignore passive tasks that did not successfully create a CHILD_SA */ + other_child = rekey->child_create->get_child(rekey->child_create); + if (!other_child || + other_child->get_state(other_child) != CHILD_INSTALLED) { - /* not the same child => no collision */ other->destroy(other); return; } @@ -416,19 +481,11 @@ METHOD(child_rekey_t, collide, void, else if (other->get_type(other) == TASK_CHILD_DELETE) { child_delete_t *del = (child_delete_t*)other; - if (this->collision && - this->collision->get_type(this->collision) == TASK_CHILD_REKEY) + if (is_redundant(this, del->get_child(del))) { - private_child_rekey_t *rekey; - - rekey = (private_child_rekey_t*)this->collision; - if (del->get_child(del) == rekey->child_create->get_child(rekey->child_create)) - { - /* peer deletes redundant child created in collision */ - this->other_child_destroyed = TRUE; - other->destroy(other); - return; - } + this->other_child_destroyed = TRUE; + other->destroy(other); + return; } if (del->get_child(del) != this->child_sa) { @@ -439,7 +496,7 @@ METHOD(child_rekey_t, collide, void, } else { - /* any other task is not critical for collisisions, ignore */ + /* any other task is not critical for collisions, ignore */ other->destroy(other); return; } @@ -485,7 +542,7 @@ METHOD(task_t, destroy, void, * Described in header. */ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi) + uint32_t spi) { private_child_rekey_t *this; @@ -496,6 +553,7 @@ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, .migrate = _migrate, .destroy = _destroy, }, + .is_redundant = _is_redundant, .collide = _collide, }, .ike_sa = ike_sa, diff --git a/src/libcharon/sa/ikev2/tasks/child_rekey.h b/src/libcharon/sa/ikev2/tasks/child_rekey.h index 23384653d..0ad1a062d 100644 --- a/src/libcharon/sa/ikev2/tasks/child_rekey.h +++ b/src/libcharon/sa/ikev2/tasks/child_rekey.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -39,13 +40,25 @@ struct child_rekey_t { task_t task; /** - * Register a rekeying task which collides with this one + * Check if the given SA is the redundant CHILD_SA created during a rekey + * collision. + * + * This is called if the other peer deletes the redundant SA before we were + * able to handle the CREATE_CHILD_SA response. + * + * @param child CHILD_SA to check + * @return TRUE if the SA is the redundant CHILD_SA + */ + bool (*is_redundant)(child_rekey_t *this, child_sa_t *child); + + /** + * Register a rekeying/delete task which collides with this one * * If two peers initiate rekeying at the same time, the collision must * be handled gracefully. The task manager is aware of what exchanges - * are going on and notifies the outgoing task by passing the incoming. + * are going on and notifies the active task by passing the passive. * - * @param other incoming task + * @param other passive task (adopted) */ void (*collide)(child_rekey_t* this, task_t *other); }; @@ -59,6 +72,6 @@ struct child_rekey_t { * @return child_rekey task to handle by the task_manager */ child_rekey_t *child_rekey_create(ike_sa_t *ike_sa, protocol_id_t protocol, - u_int32_t spi); + uint32_t spi); #endif /** CHILD_REKEY_H_ @}*/ diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth.c b/src/libcharon/sa/ikev2/tasks/ike_auth.c index 79a436fbf..036910d0e 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth.c @@ -186,7 +186,7 @@ static status_t collect_other_init_data(private_ike_auth_t *this, */ static void get_reserved_id_bytes(private_ike_auth_t *this, id_payload_t *id) { - u_int8_t *byte; + uint8_t *byte; int i; for (i = 0; i < countof(this->reserved); i++) @@ -564,6 +564,10 @@ METHOD(task_t, process_r, status_t, this->ike_sa->enable_extension(this->ike_sa, EXT_EAP_ONLY_AUTHENTICATION); } + if (message->get_notify(message, INITIAL_CONTACT)) + { + this->initial_contact = TRUE; + } } if (this->other_auth == NULL) @@ -652,14 +656,6 @@ METHOD(task_t, process_r, status_t, return NEED_MORE; } - /* If authenticated (with non-EAP) and received INITIAL_CONTACT, - * delete any existing IKE_SAs with that peer. */ - if (message->get_message_id(message) == 1 && - message->get_notify(message, INITIAL_CONTACT)) - { - this->initial_contact = TRUE; - } - /* another auth round done, invoke authorize hook */ if (!charon->bus->authorize(charon->bus, FALSE)) { @@ -749,13 +745,6 @@ METHOD(task_t, build_r, status_t, get_reserved_id_bytes(this, id_payload); message->add_payload(message, (payload_t*)id_payload); - if (this->initial_contact) - { - charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, TRUE); - this->initial_contact = FALSE; - } - if ((uintptr_t)cfg->get(cfg, AUTH_RULE_AUTH_CLASS) == AUTH_CLASS_EAP) { /* EAP-only authentication */ if (!this->ike_sa->supports_extension(this->ike_sa, @@ -830,7 +819,7 @@ METHOD(task_t, build_r, status_t, } if (charon->ike_sa_manager->check_uniqueness(charon->ike_sa_manager, - this->ike_sa, FALSE)) + this->ike_sa, this->initial_contact)) { DBG1(DBG_IKE, "cancelling IKE_SA setup due to uniqueness policy"); charon->bus->alert(charon->bus, ALERT_UNIQUE_KEEP); diff --git a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c index a7d162e68..47b0a3ed1 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c +++ b/src/libcharon/sa/ikev2/tasks/ike_auth_lifetime.c @@ -45,14 +45,14 @@ struct private_ike_auth_lifetime_t { static void add_auth_lifetime(private_ike_auth_lifetime_t *this, message_t *message) { chunk_t chunk; - u_int32_t lifetime; + uint32_t lifetime; lifetime = this->ike_sa->get_statistic(this->ike_sa, STAT_REAUTH); if (lifetime) { lifetime -= time_monotonic(NULL); chunk = chunk_from_thing(lifetime); - *(u_int32_t*)chunk.ptr = htonl(lifetime); + *(uint32_t*)chunk.ptr = htonl(lifetime); message->add_notify(message, FALSE, AUTH_LIFETIME, chunk); } } @@ -64,13 +64,13 @@ static void process_payloads(private_ike_auth_lifetime_t *this, message_t *messa { notify_payload_t *notify; chunk_t data; - u_int32_t lifetime; + uint32_t lifetime; notify = message->get_notify(message, AUTH_LIFETIME); if (notify) { data = notify->get_notification_data(notify); - lifetime = ntohl(*(u_int32_t*)data.ptr); + lifetime = ntohl(*(uint32_t*)data.ptr); this->ike_sa->set_auth_lifetime(this->ike_sa, lifetime); } } diff --git a/src/libcharon/sa/ikev2/tasks/ike_delete.c b/src/libcharon/sa/ikev2/tasks/ike_delete.c index e972dba07..fd36b144a 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_delete.c +++ b/src/libcharon/sa/ikev2/tasks/ike_delete.c @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2006-2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -17,7 +18,7 @@ #include <daemon.h> #include <encoding/payloads/delete_payload.h> - +#include <sa/ikev2/tasks/ike_rekey.h> typedef struct private_ike_delete_t private_ike_delete_t; @@ -45,11 +46,6 @@ struct private_ike_delete_t { * are we deleting a rekeyed SA? */ bool rekeyed; - - /** - * are we responding to a delete, but have initated our own? - */ - bool simultaneous; }; METHOD(task_t, build_i, status_t, @@ -68,7 +64,8 @@ METHOD(task_t, build_i, status_t, delete_payload = delete_payload_create(PLV2_DELETE, PROTO_IKE); message->add_payload(message, (payload_t*)delete_payload); - if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING) + if (this->ike_sa->get_state(this->ike_sa) == IKE_REKEYING || + this->ike_sa->get_state(this->ike_sa) == IKE_REKEYED) { this->rekeyed = TRUE; } @@ -93,6 +90,33 @@ METHOD(task_t, process_i, status_t, return DESTROY_ME; } +/** + * Check if this delete happened after a rekey collsion + */ +static bool after_rekey_collision(private_ike_delete_t *this) +{ + enumerator_t *tasks; + task_t *task; + + tasks = this->ike_sa->create_task_enumerator(this->ike_sa, + TASK_QUEUE_ACTIVE); + while (tasks->enumerate(tasks, &task)) + { + if (task->get_type(task) == TASK_IKE_REKEY) + { + ike_rekey_t *rekey = (ike_rekey_t*)task; + + if (rekey->did_collide(rekey)) + { + tasks->destroy(tasks); + return TRUE; + } + } + } + tasks->destroy(tasks); + return FALSE; +} + METHOD(task_t, process_r, status_t, private_ike_delete_t *this, message_t *message) { @@ -119,16 +143,24 @@ METHOD(task_t, process_r, status_t, switch (this->ike_sa->get_state(this->ike_sa)) { + case IKE_REKEYING: + /* if the peer concurrently deleted the IKE_SA we treat this as + * regular delete. however, in case the peer did not detect a rekey + * collision it will delete the replaced IKE_SA if we are still in + * state IKE_REKEYING */ + if (after_rekey_collision(this)) + { + this->rekeyed = TRUE; + break; + } + /* fall-through */ case IKE_ESTABLISHED: this->ike_sa->set_state(this->ike_sa, IKE_DELETING); this->ike_sa->reestablish(this->ike_sa); return NEED_MORE; - case IKE_REKEYING: + case IKE_REKEYED: this->rekeyed = TRUE; break; - case IKE_DELETING: - this->simultaneous = TRUE; - break; default: break; } @@ -141,11 +173,6 @@ METHOD(task_t, build_r, status_t, { DBG0(DBG_IKE, "IKE_SA deleted"); - if (this->simultaneous) - { - /* wait for peer's response for our delete request */ - return SUCCESS; - } if (!this->rekeyed) { /* invoke ike_down() hook if SA has not been rekeyed */ charon->bus->ike_updown(charon->bus, this->ike_sa, FALSE); @@ -164,7 +191,6 @@ METHOD(task_t, migrate, void, private_ike_delete_t *this, ike_sa_t *ike_sa) { this->ike_sa = ike_sa; - this->simultaneous = FALSE; } METHOD(task_t, destroy, void, diff --git a/src/libcharon/sa/ikev2/tasks/ike_init.c b/src/libcharon/sa/ikev2/tasks/ike_init.c index 78579be95..801b6d8f3 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_init.c +++ b/src/libcharon/sa/ikev2/tasks/ike_init.c @@ -221,7 +221,7 @@ static void handle_supported_hash_algorithms(private_ike_init_t *this, notify_payload_t *notify) { bio_reader_t *reader; - u_int16_t algo; + uint16_t algo; bool added = FALSE; reader = bio_reader_create(notify->get_notification_data(notify)); @@ -373,13 +373,15 @@ static void process_payloads(private_ike_init_t *this, message_t *message) { sa_payload_t *sa_payload = (sa_payload_t*)payload; linked_list_t *proposal_list; - bool private; + bool private, prefer_configured; proposal_list = sa_payload->get_proposals(sa_payload); private = this->ike_sa->supports_extension(this->ike_sa, EXT_STRONGSWAN); + prefer_configured = lib->settings->get_bool(lib->settings, + "%s.prefer_configured_proposals", TRUE, lib->ns); this->proposal = this->config->select_proposal(this->config, - proposal_list, private); + proposal_list, private, prefer_configured); if (!this->proposal) { charon->bus->alert(charon->bus, ALERT_PROPOSAL_MISMATCH_IKE, @@ -633,7 +635,7 @@ METHOD(task_t, build_r, status_t, if (this->dh == NULL || !this->proposal->has_dh_group(this->proposal, this->dh_group)) { - u_int16_t group; + uint16_t group; if (this->proposal->get_algorithm(this->proposal, DIFFIE_HELLMAN_GROUP, &group, NULL)) @@ -765,7 +767,7 @@ METHOD(task_t, process_i, status_t, bad_group = this->dh_group; data = notify->get_notification_data(notify); - this->dh_group = ntohs(*((u_int16_t*)data.ptr)); + this->dh_group = ntohs(*((uint16_t*)data.ptr)); DBG1(DBG_IKE, "peer didn't accept DH group %N, " "it requested %N", diffie_hellman_group_names, bad_group, diffie_hellman_group_names, this->dh_group); diff --git a/src/libcharon/sa/ikev2/tasks/ike_me.c b/src/libcharon/sa/ikev2/tasks/ike_me.c index 10d412ffd..f077ccfb5 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_me.c +++ b/src/libcharon/sa/ikev2/tasks/ike_me.c @@ -128,7 +128,7 @@ static void gather_and_add_endpoints(private_ike_me_t *this, message_t *message) { enumerator_t *enumerator; host_t *addr, *host; - u_int16_t port; + uint16_t port; /* get the port that is used to communicate with the ms */ host = this->ike_sa->get_my_host(this->ike_sa); diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c index 3f7bb175f..dc0f24fb8 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c +++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c @@ -299,7 +299,7 @@ static void update_children(private_ike_mobike_t *this) /** * Apply the port of the old host, if its ip equals the new, use port otherwise. */ -static void apply_port(host_t *host, host_t *old, u_int16_t port, bool local) +static void apply_port(host_t *host, host_t *old, uint16_t port, bool local) { if (host->ip_equals(host, old)) { diff --git a/src/libcharon/sa/ikev2/tasks/ike_natd.c b/src/libcharon/sa/ikev2/tasks/ike_natd.c index 4bf5264dd..f3f32d7af 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_natd.c +++ b/src/libcharon/sa/ikev2/tasks/ike_natd.c @@ -99,8 +99,8 @@ static chunk_t generate_natd_hash(private_ike_natd_t *this, { chunk_t natd_chunk, spi_i_chunk, spi_r_chunk, addr_chunk, port_chunk; chunk_t natd_hash; - u_int64_t spi_i, spi_r; - u_int16_t port; + uint64_t spi_i, spi_r; + uint16_t port; /* prepare all required chunks */ spi_i = ike_sa_id->get_initiator_spi(ike_sa_id); @@ -142,7 +142,7 @@ static notify_payload_t *build_natd_payload(private_ike_natd_t *this, config = this->ike_sa->get_ike_cfg(this->ike_sa); if (force_encap(config) && type == NAT_DETECTION_SOURCE_IP) { - u_int32_t addr; + uint32_t addr; /* chunk_hash() is randomly keyed so this produces a random IPv4 address * that changes with every restart but otherwise stays the same */ diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.c b/src/libcharon/sa/ikev2/tasks/ike_rekey.c index eaba04e3a..2f0552a33 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.c +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.c @@ -1,7 +1,8 @@ /* + * Copyright (C) 2015-2016 Tobias Brunner * Copyright (C) 2005-2008 Martin Willi * Copyright (C) 2005 Jan Hutter - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -66,9 +67,30 @@ struct private_ike_rekey_t { * colliding task detected by the task manager */ task_t *collision; + + /** + * TRUE if rekeying can't be handled temporarily + */ + bool failed_temporarily; }; /** + * Schedule a retry if rekeying temporary failed + */ +static void schedule_delayed_rekey(private_ike_rekey_t *this) +{ + uint32_t retry; + job_t *job; + + retry = RETRY_INTERVAL - (random() % RETRY_JITTER); + job = (job_t*)rekey_ike_sa_job_create( + this->ike_sa->get_id(this->ike_sa), FALSE); + DBG1(DBG_IKE, "IKE_SA rekeying failed, trying again in %d seconds", retry); + this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); + lib->scheduler->schedule_job(lib->scheduler, job, retry); +} + +/** * Check if an IKE_SA has any queued tasks, return initiation job */ static job_t* check_queued_tasks(ike_sa_t *ike_sa) @@ -83,7 +105,6 @@ static job_t* check_queued_tasks(ike_sa_t *ike_sa) job = (job_t*)initiate_tasks_job_create(ike_sa->get_id(ike_sa)); } enumerator->destroy(enumerator); - return job; } @@ -117,20 +138,9 @@ static void establish_new(private_ike_rekey_t *this) } this->new_sa = NULL; charon->bus->set_sa(charon->bus, this->ike_sa); - } -} -METHOD(task_t, process_r_delete, status_t, - private_ike_rekey_t *this, message_t *message) -{ - establish_new(this); - return this->ike_delete->task.process(&this->ike_delete->task, message); -} - -METHOD(task_t, build_r_delete, status_t, - private_ike_rekey_t *this, message_t *message) -{ - return this->ike_delete->task.build(&this->ike_delete->task, message); + this->ike_sa->set_state(this->ike_sa, IKE_REKEYED); + } } METHOD(task_t, build_i_delete, status_t, @@ -172,36 +182,59 @@ METHOD(task_t, build_i, status_t, return NEED_MORE; } -METHOD(task_t, process_r, status_t, - private_ike_rekey_t *this, message_t *message) +/** + * Check if there are any half-open children + */ +static bool have_half_open_children(private_ike_rekey_t *this) { enumerator_t *enumerator; child_sa_t *child_sa; - - if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) - { - DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting"); - return NEED_MORE; - } + task_t *task; enumerator = this->ike_sa->create_child_sa_enumerator(this->ike_sa); while (enumerator->enumerate(enumerator, (void**)&child_sa)) { switch (child_sa->get_state(child_sa)) { - case CHILD_CREATED: case CHILD_REKEYING: case CHILD_RETRYING: case CHILD_DELETING: - /* we do not allow rekeying while we have children in-progress */ - DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open"); enumerator->destroy(enumerator); - return NEED_MORE; + return TRUE; default: break; } } enumerator->destroy(enumerator); + enumerator = this->ike_sa->create_task_enumerator(this->ike_sa, + TASK_QUEUE_ACTIVE); + while (enumerator->enumerate(enumerator, (void**)&task)) + { + if (task->get_type(task) == TASK_CHILD_CREATE) + { + enumerator->destroy(enumerator); + return TRUE; + } + } + enumerator->destroy(enumerator); + return FALSE; +} + +METHOD(task_t, process_r, status_t, + private_ike_rekey_t *this, message_t *message) +{ + if (this->ike_sa->get_state(this->ike_sa) == IKE_DELETING) + { + DBG1(DBG_IKE, "peer initiated rekeying, but we are deleting"); + this->failed_temporarily = TRUE; + return NEED_MORE; + } + if (have_half_open_children(this)) + { + DBG1(DBG_IKE, "peer initiated rekeying, but a child is half-open"); + this->failed_temporarily = TRUE; + return NEED_MORE; + } this->new_sa = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, this->ike_sa->get_version(this->ike_sa), FALSE); @@ -219,33 +252,57 @@ METHOD(task_t, process_r, status_t, METHOD(task_t, build_r, status_t, private_ike_rekey_t *this, message_t *message) { + if (this->failed_temporarily) + { + message->add_notify(message, TRUE, TEMPORARY_FAILURE, chunk_empty); + return SUCCESS; + } if (this->new_sa == NULL) { /* IKE_SA/a CHILD_SA is in an inacceptable state, deny rekeying */ message->add_notify(message, TRUE, NO_PROPOSAL_CHOSEN, chunk_empty); return SUCCESS; } - if (this->ike_init->task.build(&this->ike_init->task, message) == FAILED) { + this->ike_init->task.destroy(&this->ike_init->task); + this->ike_init = NULL; charon->bus->set_sa(charon->bus, this->ike_sa); return SUCCESS; } charon->bus->set_sa(charon->bus, this->ike_sa); - this->ike_sa->set_state(this->ike_sa, IKE_REKEYING); - /* rekeying successful, delete the IKE_SA using a subtask */ - this->ike_delete = ike_delete_create(this->ike_sa, FALSE); - this->public.task.build = _build_r_delete; - this->public.task.process = _process_r_delete; - - /* the peer does have to delete the IKE_SA. If it does not, we get a - * unusable IKE_SA in REKEYING state without a replacement. We consider - * this a timeout condition by the peer, and trigger a delete actively. */ - lib->scheduler->schedule_job(lib->scheduler, (job_t*) - delete_ike_sa_job_create(this->ike_sa->get_id(this->ike_sa), TRUE), 90); + if (this->ike_sa->get_state(this->ike_sa) != IKE_REKEYING) + { /* in case of a collision we let the initiating task handle this */ + establish_new(this); + /* make sure the IKE_SA is gone in case the peer fails to delete it */ + lib->scheduler->schedule_job(lib->scheduler, (job_t*) + delete_ike_sa_job_create(this->ike_sa->get_id(this->ike_sa), TRUE), + 90); + } + return SUCCESS; +} - return NEED_MORE; +/** + * Conclude any undetected rekey collision. + * + * If the peer does not detect the collision it will delete this IKE_SA. + * Depending on when our request reaches the peer and we receive the delete + * this may get called at different times. + * + * Returns TRUE if there was a collision, FALSE otherwise. + */ +static bool conclude_undetected_collision(private_ike_rekey_t *this) +{ + if (this->collision && + this->collision->get_type(this->collision) == TASK_IKE_REKEY) + { + DBG1(DBG_IKE, "peer did not notice IKE_SA rekey collision, abort " + "active rekeying"); + establish_new((private_ike_rekey_t*)this->collision); + return TRUE; + } + return FALSE; } METHOD(task_t, process_i, status_t, @@ -266,18 +323,9 @@ METHOD(task_t, process_i, status_t, { case FAILED: /* rekeying failed, fallback to old SA */ - if (!(this->collision && ( - this->collision->get_type(this->collision) == TASK_IKE_DELETE || - this->collision->get_type(this->collision) == TASK_IKE_REAUTH))) + if (!conclude_undetected_collision(this)) { - job_t *job; - u_int32_t retry = RETRY_INTERVAL - (random() % RETRY_JITTER); - job = (job_t*)rekey_ike_sa_job_create( - this->ike_sa->get_id(this->ike_sa), FALSE); - DBG1(DBG_IKE, "IKE_SA rekeying failed, " - "trying again in %d seconds", retry); - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - lib->scheduler->schedule_job(lib->scheduler, job, retry); + schedule_delayed_rekey(this); } return SUCCESS; case NEED_MORE: @@ -293,55 +341,53 @@ METHOD(task_t, process_i, status_t, this->collision->get_type(this->collision) == TASK_IKE_REKEY) { private_ike_rekey_t *other = (private_ike_rekey_t*)this->collision; + host_t *host; + chunk_t this_nonce, other_nonce; - /* ike_init can be NULL, if child_sa is half-open */ - if (other->ike_init) - { - host_t *host; - chunk_t this_nonce, other_nonce; - - this_nonce = this->ike_init->get_lower_nonce(this->ike_init); - other_nonce = other->ike_init->get_lower_nonce(other->ike_init); + this_nonce = this->ike_init->get_lower_nonce(this->ike_init); + other_nonce = other->ike_init->get_lower_nonce(other->ike_init); - /* if we have the lower nonce, delete rekeyed SA. If not, delete - * the redundant. */ - if (memcmp(this_nonce.ptr, other_nonce.ptr, - min(this_nonce.len, other_nonce.len)) > 0) + /* if we have the lower nonce, delete rekeyed SA. If not, delete + * the redundant. */ + if (memcmp(this_nonce.ptr, other_nonce.ptr, + min(this_nonce.len, other_nonce.len)) < 0) + { + DBG1(DBG_IKE, "IKE_SA rekey collision lost, deleting redundant " + "IKE_SA %s[%d]", this->new_sa->get_name(this->new_sa), + this->new_sa->get_unique_id(this->new_sa)); + /* apply host for a proper delete */ + host = this->ike_sa->get_my_host(this->ike_sa); + this->new_sa->set_my_host(this->new_sa, host->clone(host)); + host = this->ike_sa->get_other_host(this->ike_sa); + this->new_sa->set_other_host(this->new_sa, host->clone(host)); + /* IKE_SAs in state IKE_REKEYED are silently deleted, so we use + * IKE_REKEYING */ + this->new_sa->set_state(this->new_sa, IKE_REKEYING); + if (this->new_sa->delete(this->new_sa) == DESTROY_ME) { - /* peer should delete this SA. Add a timeout just in case. */ - job_t *job = (job_t*)delete_ike_sa_job_create( - other->new_sa->get_id(other->new_sa), TRUE); - lib->scheduler->schedule_job(lib->scheduler, job, 10); - DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete"); - charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa); - other->new_sa = NULL; + this->new_sa->destroy(this->new_sa); } else { - DBG1(DBG_IKE, "IKE_SA rekey collision lost, " - "deleting redundant IKE_SA"); - /* apply host for a proper delete */ - host = this->ike_sa->get_my_host(this->ike_sa); - this->new_sa->set_my_host(this->new_sa, host->clone(host)); - host = this->ike_sa->get_other_host(this->ike_sa); - this->new_sa->set_other_host(this->new_sa, host->clone(host)); - this->ike_sa->set_state(this->ike_sa, IKE_ESTABLISHED); - this->new_sa->set_state(this->new_sa, IKE_REKEYING); - if (this->new_sa->delete(this->new_sa) == DESTROY_ME) - { - this->new_sa->destroy(this->new_sa); - } - else - { - charon->ike_sa_manager->checkin( - charon->ike_sa_manager, this->new_sa); - } - charon->bus->set_sa(charon->bus, this->ike_sa); - this->new_sa = NULL; - establish_new(other); - return SUCCESS; + charon->ike_sa_manager->checkin(charon->ike_sa_manager, + this->new_sa); } + charon->bus->set_sa(charon->bus, this->ike_sa); + this->new_sa = NULL; + establish_new(other); + return SUCCESS; } + /* peer should delete this SA. Add a timeout just in case. */ + job_t *job = (job_t*)delete_ike_sa_job_create( + other->new_sa->get_id(other->new_sa), TRUE); + lib->scheduler->schedule_job(lib->scheduler, job, + HALF_OPEN_IKE_SA_TIMEOUT); + DBG1(DBG_IKE, "IKE_SA rekey collision won, waiting for delete for " + "redundant IKE_SA %s[%d]", other->new_sa->get_name(other->new_sa), + other->new_sa->get_unique_id(other->new_sa)); + other->new_sa->set_state(other->new_sa, IKE_REKEYED); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, other->new_sa); + other->new_sa = NULL; charon->bus->set_sa(charon->bus, this->ike_sa); } @@ -361,11 +407,41 @@ METHOD(task_t, get_type, task_type_t, return TASK_IKE_REKEY; } +METHOD(ike_rekey_t, did_collide, bool, + private_ike_rekey_t *this) +{ + return this->collision && + this->collision->get_type(this->collision) == TASK_IKE_REKEY; +} + METHOD(ike_rekey_t, collide, void, private_ike_rekey_t* this, task_t *other) { DBG1(DBG_IKE, "detected %N collision with %N", task_type_names, TASK_IKE_REKEY, task_type_names, other->get_type(other)); + + switch (other->get_type(other)) + { + case TASK_IKE_DELETE: + conclude_undetected_collision(this); + other->destroy(other); + return; + case TASK_IKE_REKEY: + { + private_ike_rekey_t *rekey = (private_ike_rekey_t*)other; + + if (!rekey->ike_init) + { + DBG1(DBG_IKE, "colliding exchange did not result in an IKE_SA, " + "ignore"); + other->destroy(other); + return; + } + break; + } + default: + break; + } DESTROY_IF(this->collision); this->collision = other; } @@ -425,6 +501,7 @@ ike_rekey_t *ike_rekey_create(ike_sa_t *ike_sa, bool initiator) .migrate = _migrate, .destroy = _destroy, }, + .did_collide = _did_collide, .collide = _collide, }, .ike_sa = ike_sa, diff --git a/src/libcharon/sa/ikev2/tasks/ike_rekey.h b/src/libcharon/sa/ikev2/tasks/ike_rekey.h index 6a12e9034..86b512c92 100644 --- a/src/libcharon/sa/ikev2/tasks/ike_rekey.h +++ b/src/libcharon/sa/ikev2/tasks/ike_rekey.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2016 Tobias Brunner * Copyright (C) 2007 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -38,6 +39,13 @@ struct ike_rekey_t { task_t task; /** + * Check if there was a rekey collision. + * + * @return TRUE if there was a rekey collision before + */ + bool (*did_collide)(ike_rekey_t *this); + + /** * Register a rekeying task which collides with this one. * * If two peers initiate rekeying at the same time, the collision must diff --git a/src/libcharon/sa/redirect_manager.c b/src/libcharon/sa/redirect_manager.c index ff92ac29f..45b7e79df 100644 --- a/src/libcharon/sa/redirect_manager.c +++ b/src/libcharon/sa/redirect_manager.c @@ -248,7 +248,7 @@ identification_t *redirect_data_parse(chunk_t data, chunk_t *nonce) bio_reader_t *reader; id_type_t id_type; chunk_t gateway; - u_int8_t type; + uint8_t type; reader = bio_reader_create(data); if (!reader->read_uint8(reader, &type) || diff --git a/src/libcharon/sa/shunt_manager.c b/src/libcharon/sa/shunt_manager.c index 0e9cf6e1f..40e291be5 100644 --- a/src/libcharon/sa/shunt_manager.c +++ b/src/libcharon/sa/shunt_manager.c @@ -1,6 +1,6 @@ /* - * Copyright (C) 2015 Tobias Brunner - * Copyright (C) 2011 Andreas Steffen + * Copyright (C) 2015-2016 Tobias Brunner + * Copyright (C) 2011-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -68,6 +68,8 @@ static bool install_shunt_policy(child_cfg_t *child) policy_type_t policy_type; policy_priority_t policy_prio; status_t status = SUCCESS; + uint32_t manual_prio; + char *interface; ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT }; switch (child->get_mode(child)) @@ -92,6 +94,9 @@ static bool install_shunt_policy(child_cfg_t *child) other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); hosts->destroy(hosts); + manual_prio = child->get_manual_prio(child); + interface = child->get_interface(child); + /* enumerate pairs of traffic selectors */ e_my_ts = my_ts_list->create_enumerator(my_ts_list); while (e_my_ts->enumerate(e_my_ts, &my_ts)) @@ -110,25 +115,37 @@ static bool install_shunt_policy(child_cfg_t *child) continue; } /* install out policy */ - status |= charon->kernel->add_policy(charon->kernel, - host_any, host_any, - my_ts, other_ts, POLICY_OUT, policy_type, - &sa, child->get_mark(child, FALSE), - policy_prio); - + kernel_ipsec_policy_id_t id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = child->get_mark(child, FALSE), + .interface = interface, + }; + kernel_ipsec_manage_policy_t policy = { + .type = policy_type, + .prio = policy_prio, + .manual_prio = manual_prio, + .src = host_any, + .dst = host_any, + .sa = &sa, + }; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); + /* install "outbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); /* install in policy */ - status |= charon->kernel->add_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_IN, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); - - /* install forward policy */ - status |= charon->kernel->add_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_FWD, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); + id = (kernel_ipsec_policy_id_t){ + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = child->get_mark(child, TRUE), + .interface = interface, + }; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); + /* install "inbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->add_policy(charon->kernel, &id, &policy); } e_other_ts->destroy(e_other_ts); } @@ -205,6 +222,8 @@ static void uninstall_shunt_policy(child_cfg_t *child) policy_type_t policy_type; policy_priority_t policy_prio; status_t status = SUCCESS; + uint32_t manual_prio; + char *interface; ipsec_sa_cfg_t sa = { .mode = MODE_TRANSPORT }; switch (child->get_mode(child)) @@ -229,6 +248,9 @@ static void uninstall_shunt_policy(child_cfg_t *child) other_ts_list = child->get_traffic_selectors(child, FALSE, NULL, hosts); hosts->destroy(hosts); + manual_prio = child->get_manual_prio(child); + interface = child->get_interface(child); + /* enumerate pairs of traffic selectors */ e_my_ts = my_ts_list->create_enumerator(my_ts_list); while (e_my_ts->enumerate(e_my_ts, &my_ts)) @@ -247,25 +269,37 @@ static void uninstall_shunt_policy(child_cfg_t *child) continue; } /* uninstall out policy */ - status |= charon->kernel->del_policy(charon->kernel, - host_any, host_any, - my_ts, other_ts, POLICY_OUT, policy_type, - &sa, child->get_mark(child, FALSE), - policy_prio); - + kernel_ipsec_policy_id_t id = { + .dir = POLICY_OUT, + .src_ts = my_ts, + .dst_ts = other_ts, + .mark = child->get_mark(child, FALSE), + .interface = interface, + }; + kernel_ipsec_manage_policy_t policy = { + .type = policy_type, + .prio = policy_prio, + .manual_prio = manual_prio, + .src = host_any, + .dst = host_any, + .sa = &sa, + }; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); + /* uninstall "outbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); /* uninstall in policy */ - status |= charon->kernel->del_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_IN, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); - - /* uninstall forward policy */ - status |= charon->kernel->del_policy(charon->kernel, - host_any, host_any, - other_ts, my_ts, POLICY_FWD, policy_type, - &sa, child->get_mark(child, TRUE), - policy_prio); + id = (kernel_ipsec_policy_id_t){ + .dir = POLICY_IN, + .src_ts = other_ts, + .dst_ts = my_ts, + .mark = child->get_mark(child, TRUE), + .interface = interface, + }; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); + /* uninstall "inbound" forward policy */ + id.dir = POLICY_FWD; + status |= charon->kernel->del_policy(charon->kernel, &id, &policy); } e_other_ts->destroy(e_other_ts); } diff --git a/src/libcharon/sa/task_manager.h b/src/libcharon/sa/task_manager.h index e7a6bf463..86077d373 100644 --- a/src/libcharon/sa/task_manager.h +++ b/src/libcharon/sa/task_manager.h @@ -1,6 +1,7 @@ /* + * Copyright (C) 2013-2016 Tobias Brunner * Copyright (C) 2006 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -122,7 +123,17 @@ struct task_manager_t { * * @param task task to queue */ - void (*queue_task) (task_manager_t *this, task_t *task); + void (*queue_task)(task_manager_t *this, task_t *task); + + /** + * Queue a task in the manager, but delay its initiation for at least the + * given number of seconds. + * + * @param task task to queue + * @param delay minimum delay in s before initiating the task + */ + void (*queue_task_delayed)(task_manager_t *this, task_t *task, + uint32_t delay); /** * Queue IKE_SA establishing tasks. @@ -160,7 +171,7 @@ struct task_manager_t { * @param tsi initiator traffic selector, if packet-triggered * @param tsr responder traffic selector, if packet-triggered */ - void (*queue_child)(task_manager_t *this, child_cfg_t *cfg, u_int32_t reqid, + void (*queue_child)(task_manager_t *this, child_cfg_t *cfg, uint32_t reqid, traffic_selector_t *tsi, traffic_selector_t *tsr); /** @@ -170,7 +181,7 @@ struct task_manager_t { * @param spi CHILD_SA SPI to rekey */ void (*queue_child_rekey)(task_manager_t *this, protocol_id_t protocol, - u_int32_t spi); + uint32_t spi); /** * Queue CHILD_SA delete tasks. @@ -180,7 +191,7 @@ struct task_manager_t { * @param expired TRUE if SA already expired */ void (*queue_child_delete)(task_manager_t *this, protocol_id_t protocol, - u_int32_t spi, bool expired); + uint32_t spi, bool expired); /** * Queue liveness checking tasks. @@ -199,7 +210,7 @@ struct task_manager_t { * - INVALID_STATE if retransmission not required * - SUCCESS if retransmission sent */ - status_t (*retransmit) (task_manager_t *this, u_int32_t message_id); + status_t (*retransmit) (task_manager_t *this, uint32_t message_id); /** * Migrate all queued tasks from other to this. @@ -242,7 +253,7 @@ struct task_manager_t { * @param initiate message ID / DPD seq to initiate exchanges (send) * @param respond message ID / DPD seq to respond to exchanges (expect) */ - void (*reset) (task_manager_t *this, u_int32_t initiate, u_int32_t respond); + void (*reset) (task_manager_t *this, uint32_t initiate, uint32_t respond); /** * Check if we are currently waiting for a reply. diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c index 85e220775..40a0682f2 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -115,7 +115,7 @@ typedef struct { /** pending IKE_SA connecting upon acquire */ ike_sa_t *ike_sa; /** reqid of pending trap policy */ - u_int32_t reqid; + uint32_t reqid; /** destination address (wildcard case) */ host_t *dst; } acquire_t; @@ -143,7 +143,7 @@ static void destroy_acquire(acquire_t *this) /** * match an acquire entry by reqid */ -static bool acquire_by_reqid(acquire_t *this, u_int32_t *reqid) +static bool acquire_by_reqid(acquire_t *this, uint32_t *reqid) { return this->reqid == *reqid; } @@ -156,9 +156,9 @@ static bool acquire_by_dst(acquire_t *this, host_t *dst) return this->dst && this->dst->ip_equals(this->dst, dst); } -METHOD(trap_manager_t, install, u_int32_t, +METHOD(trap_manager_t, install, uint32_t, private_trap_manager_t *this, peer_cfg_t *peer, child_cfg_t *child, - u_int32_t reqid) + uint32_t reqid) { entry_t *entry, *found = NULL; ike_cfg_t *ike_cfg; @@ -197,9 +197,7 @@ METHOD(trap_manager_t, install, u_int32_t, me = charon->kernel->get_source_addr(charon->kernel, other, NULL); if (!me) { - DBG1(DBG_CFG, "installing trap failed, local address unknown"); - other->destroy(other); - return 0; + me = host_create_any(other->get_family(other)); } me->set_port(me, ike_cfg->get_my_port(ike_cfg)); } @@ -307,7 +305,7 @@ METHOD(trap_manager_t, install, u_int32_t, } METHOD(trap_manager_t, uninstall, bool, - private_trap_manager_t *this, u_int32_t reqid) + private_trap_manager_t *this, uint32_t reqid) { enumerator_t *enumerator; entry_t *entry, *found = NULL; @@ -366,12 +364,12 @@ METHOD(trap_manager_t, create_enumerator, enumerator_t*, (void*)this->lock->unlock); } -METHOD(trap_manager_t, find_reqid, u_int32_t, +METHOD(trap_manager_t, find_reqid, uint32_t, private_trap_manager_t *this, child_cfg_t *child) { enumerator_t *enumerator; entry_t *entry; - u_int32_t reqid = 0; + uint32_t reqid = 0; this->lock->read_lock(this->lock); enumerator = this->traps->create_enumerator(this->traps); @@ -392,7 +390,7 @@ METHOD(trap_manager_t, find_reqid, u_int32_t, } METHOD(trap_manager_t, acquire, void, - private_trap_manager_t *this, u_int32_t reqid, + private_trap_manager_t *this, uint32_t reqid, traffic_selector_t *src, traffic_selector_t *dst) { enumerator_t *enumerator; @@ -430,7 +428,7 @@ METHOD(trap_manager_t, acquire, void, if (wildcard) { /* for wildcard acquires we check that we don't have a pending acquire * with the same peer */ - u_int8_t mask; + uint8_t mask; dst->to_subnet(dst, &host, &mask); if (this->acquires->find_first(this->acquires, (void*)acquire_by_dst, @@ -483,8 +481,8 @@ METHOD(trap_manager_t, acquire, void, if (ike_sa) { ike_cfg_t *ike_cfg; - u_int16_t port; - u_int8_t mask; + uint16_t port; + uint8_t mask; ike_sa->set_peer_cfg(ike_sa, peer); ike_cfg = ike_sa->get_ike_cfg(ike_sa); diff --git a/src/libcharon/sa/trap_manager.h b/src/libcharon/sa/trap_manager.h index 0491107fd..083ea3dbf 100644 --- a/src/libcharon/sa/trap_manager.h +++ b/src/libcharon/sa/trap_manager.h @@ -40,8 +40,8 @@ struct trap_manager_t { * @param reqid optional reqid to use * @return reqid of installed CHILD_SA, 0 if failed */ - u_int32_t (*install)(trap_manager_t *this, peer_cfg_t *peer, - child_cfg_t *child, u_int32_t reqid); + uint32_t (*install)(trap_manager_t *this, peer_cfg_t *peer, + child_cfg_t *child, uint32_t reqid); /** * Uninstall a trap policy. @@ -49,7 +49,7 @@ struct trap_manager_t { * @param id reqid of CHILD_SA to uninstall, returned by install() * @return TRUE if uninstalled successfully */ - bool (*uninstall)(trap_manager_t *this, u_int32_t reqid); + bool (*uninstall)(trap_manager_t *this, uint32_t reqid); /** * Create an enumerator over all installed traps. @@ -64,7 +64,7 @@ struct trap_manager_t { * @param child CHILD_SA config to get the reqid for * @return reqid of trap, 0 if not found */ - u_int32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child); + uint32_t (*find_reqid)(trap_manager_t *this, child_cfg_t *child); /** * Acquire an SA triggered by an installed trap. @@ -73,7 +73,7 @@ struct trap_manager_t { * @param src source of the triggering packet * @param dst destination of the triggering packet */ - void (*acquire)(trap_manager_t *this, u_int32_t reqid, + void (*acquire)(trap_manager_t *this, uint32_t reqid, traffic_selector_t *src, traffic_selector_t *dst); /** diff --git a/src/libcharon/tests/Makefile.am b/src/libcharon/tests/Makefile.am index 0589269aa..b8670246b 100644 --- a/src/libcharon/tests/Makefile.am +++ b/src/libcharon/tests/Makefile.am @@ -1,8 +1,9 @@ -TESTS = libcharon_tests +TESTS = libcharon_tests exchange_tests check_PROGRAMS = $(TESTS) libcharon_tests_SOURCES = \ + suites/test_proposal.c \ suites/test_ike_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ @@ -21,3 +22,34 @@ libcharon_tests_LDADD = \ $(top_builddir)/src/libcharon/libcharon.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la + + +exchange_tests_SOURCES = \ + suites/test_child_create.c \ + suites/test_child_delete.c \ + suites/test_child_rekey.c \ + suites/test_ike_delete.c \ + suites/test_ike_rekey.c \ + utils/exchange_test_asserts.h utils/exchange_test_asserts.c \ + utils/exchange_test_helper.h utils/exchange_test_helper.c \ + utils/job_asserts.h \ + utils/mock_dh.h utils/mock_dh.c \ + utils/mock_ipsec.h utils/mock_ipsec.c \ + utils/mock_nonce_gen.h utils/mock_nonce_gen.c \ + utils/mock_sender.h utils/mock_sender.c \ + utils/sa_asserts.h \ + exchange_tests.h exchange_tests.c + +exchange_tests_CFLAGS = \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +exchange_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +exchange_tests_LDADD = \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la diff --git a/src/libcharon/tests/Makefile.in b/src/libcharon/tests/Makefile.in index 87dea161a..7a0d34292 100644 --- a/src/libcharon/tests/Makefile.in +++ b/src/libcharon/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -77,11 +87,9 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -TESTS = libcharon_tests$(EXEEXT) +TESTS = libcharon_tests$(EXEEXT) exchange_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libcharon/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,13 +103,41 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = -am__EXEEXT_1 = libcharon_tests$(EXEEXT) +am__EXEEXT_1 = libcharon_tests$(EXEEXT) exchange_tests$(EXEEXT) am__dirstamp = $(am__leading_dot)dirstamp +am_exchange_tests_OBJECTS = \ + suites/exchange_tests-test_child_create.$(OBJEXT) \ + suites/exchange_tests-test_child_delete.$(OBJEXT) \ + suites/exchange_tests-test_child_rekey.$(OBJEXT) \ + suites/exchange_tests-test_ike_delete.$(OBJEXT) \ + suites/exchange_tests-test_ike_rekey.$(OBJEXT) \ + utils/exchange_tests-exchange_test_asserts.$(OBJEXT) \ + utils/exchange_tests-exchange_test_helper.$(OBJEXT) \ + utils/exchange_tests-mock_dh.$(OBJEXT) \ + utils/exchange_tests-mock_ipsec.$(OBJEXT) \ + utils/exchange_tests-mock_nonce_gen.$(OBJEXT) \ + utils/exchange_tests-mock_sender.$(OBJEXT) \ + exchange_tests-exchange_tests.$(OBJEXT) +exchange_tests_OBJECTS = $(am_exchange_tests_OBJECTS) +exchange_tests_DEPENDENCIES = \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +exchange_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ + $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ + $(exchange_tests_CFLAGS) $(CFLAGS) $(exchange_tests_LDFLAGS) \ + $(LDFLAGS) -o $@ am_libcharon_tests_OBJECTS = \ + suites/libcharon_tests-test_proposal.$(OBJEXT) \ suites/libcharon_tests-test_ike_cfg.$(OBJEXT) \ suites/libcharon_tests-test_mem_pool.$(OBJEXT) \ suites/libcharon_tests-test_message_chapoly.$(OBJEXT) \ @@ -111,10 +147,6 @@ libcharon_tests_DEPENDENCIES = \ $(top_builddir)/src/libcharon/libcharon.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la -AM_V_lt = $(am__v_lt_@AM_V@) -am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) -am__v_lt_0 = --silent -am__v_lt_1 = libcharon_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(libcharon_tests_CFLAGS) $(CFLAGS) $(libcharon_tests_LDFLAGS) \ @@ -153,8 +185,8 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@) am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) am__v_CCLD_0 = @echo " CCLD " $@; am__v_CCLD_1 = -SOURCES = $(libcharon_tests_SOURCES) -DIST_SOURCES = $(libcharon_tests_SOURCES) +SOURCES = $(exchange_tests_SOURCES) $(libcharon_tests_SOURCES) +DIST_SOURCES = $(exchange_tests_SOURCES) $(libcharon_tests_SOURCES) am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ @@ -201,12 +233,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +290,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +325,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +437,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -430,6 +467,7 @@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ libcharon_tests_SOURCES = \ + suites/test_proposal.c \ suites/test_ike_cfg.c \ suites/test_mem_pool.c \ suites/test_message_chapoly.c \ @@ -449,6 +487,36 @@ libcharon_tests_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la +exchange_tests_SOURCES = \ + suites/test_child_create.c \ + suites/test_child_delete.c \ + suites/test_child_rekey.c \ + suites/test_ike_delete.c \ + suites/test_ike_rekey.c \ + utils/exchange_test_asserts.h utils/exchange_test_asserts.c \ + utils/exchange_test_helper.h utils/exchange_test_helper.c \ + utils/job_asserts.h \ + utils/mock_dh.h utils/mock_dh.c \ + utils/mock_ipsec.h utils/mock_ipsec.c \ + utils/mock_nonce_gen.h utils/mock_nonce_gen.c \ + utils/mock_sender.h utils/mock_sender.c \ + utils/sa_asserts.h \ + exchange_tests.h exchange_tests.c + +exchange_tests_CFLAGS = \ + -I$(top_srcdir)/src/libcharon \ + -I$(top_srcdir)/src/libstrongswan \ + -I$(top_srcdir)/src/libstrongswan/tests \ + -DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \ + -DPLUGINS=\""${s_plugins}\"" \ + @COVERAGE_CFLAGS@ + +exchange_tests_LDFLAGS = @COVERAGE_LDFLAGS@ +exchange_tests_LDADD = \ + $(top_builddir)/src/libcharon/libcharon.la \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(top_builddir)/src/libstrongswan/tests/libtest.la + all: all-am .SUFFIXES: @@ -465,7 +533,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -498,6 +565,40 @@ suites/$(am__dirstamp): suites/$(DEPDIR)/$(am__dirstamp): @$(MKDIR_P) suites/$(DEPDIR) @: > suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_child_create.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_child_delete.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_child_rekey.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_ike_delete.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +suites/exchange_tests-test_ike_rekey.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) +utils/$(am__dirstamp): + @$(MKDIR_P) utils + @: > utils/$(am__dirstamp) +utils/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) utils/$(DEPDIR) + @: > utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-exchange_test_asserts.$(OBJEXT): \ + utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-exchange_test_helper.$(OBJEXT): \ + utils/$(am__dirstamp) utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_dh.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_ipsec.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_nonce_gen.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) +utils/exchange_tests-mock_sender.$(OBJEXT): utils/$(am__dirstamp) \ + utils/$(DEPDIR)/$(am__dirstamp) + +exchange_tests$(EXEEXT): $(exchange_tests_OBJECTS) $(exchange_tests_DEPENDENCIES) $(EXTRA_exchange_tests_DEPENDENCIES) + @rm -f exchange_tests$(EXEEXT) + $(AM_V_CCLD)$(exchange_tests_LINK) $(exchange_tests_OBJECTS) $(exchange_tests_LDADD) $(LIBS) +suites/libcharon_tests-test_proposal.$(OBJEXT): \ + suites/$(am__dirstamp) suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_ike_cfg.$(OBJEXT): suites/$(am__dirstamp) \ suites/$(DEPDIR)/$(am__dirstamp) suites/libcharon_tests-test_mem_pool.$(OBJEXT): \ @@ -512,14 +613,28 @@ libcharon_tests$(EXEEXT): $(libcharon_tests_OBJECTS) $(libcharon_tests_DEPENDENC mostlyclean-compile: -rm -f *.$(OBJEXT) -rm -f suites/*.$(OBJEXT) + -rm -f utils/*.$(OBJEXT) distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/exchange_tests-exchange_tests.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libcharon_tests-libcharon_tests.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_child_create.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_child_delete.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_mem_pool.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_message_chapoly.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@suites/$(DEPDIR)/libcharon_tests-test_proposal.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_dh.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@utils/$(DEPDIR)/exchange_tests-mock_sender.Po@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ @@ -545,6 +660,188 @@ distclean-compile: @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< +suites/exchange_tests-test_child_create.o: suites/test_child_create.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_create.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo -c -o suites/exchange_tests-test_child_create.o `test -f 'suites/test_child_create.c' || echo '$(srcdir)/'`suites/test_child_create.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo suites/$(DEPDIR)/exchange_tests-test_child_create.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_create.c' object='suites/exchange_tests-test_child_create.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_create.o `test -f 'suites/test_child_create.c' || echo '$(srcdir)/'`suites/test_child_create.c + +suites/exchange_tests-test_child_create.obj: suites/test_child_create.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_create.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo -c -o suites/exchange_tests-test_child_create.obj `if test -f 'suites/test_child_create.c'; then $(CYGPATH_W) 'suites/test_child_create.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_create.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_create.Tpo suites/$(DEPDIR)/exchange_tests-test_child_create.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_create.c' object='suites/exchange_tests-test_child_create.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_create.obj `if test -f 'suites/test_child_create.c'; then $(CYGPATH_W) 'suites/test_child_create.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_create.c'; fi` + +suites/exchange_tests-test_child_delete.o: suites/test_child_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_delete.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo -c -o suites/exchange_tests-test_child_delete.o `test -f 'suites/test_child_delete.c' || echo '$(srcdir)/'`suites/test_child_delete.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_child_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_delete.c' object='suites/exchange_tests-test_child_delete.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_delete.o `test -f 'suites/test_child_delete.c' || echo '$(srcdir)/'`suites/test_child_delete.c + +suites/exchange_tests-test_child_delete.obj: suites/test_child_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_delete.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo -c -o suites/exchange_tests-test_child_delete.obj `if test -f 'suites/test_child_delete.c'; then $(CYGPATH_W) 'suites/test_child_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_delete.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_child_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_delete.c' object='suites/exchange_tests-test_child_delete.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_delete.obj `if test -f 'suites/test_child_delete.c'; then $(CYGPATH_W) 'suites/test_child_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_delete.c'; fi` + +suites/exchange_tests-test_child_rekey.o: suites/test_child_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_rekey.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo -c -o suites/exchange_tests-test_child_rekey.o `test -f 'suites/test_child_rekey.c' || echo '$(srcdir)/'`suites/test_child_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_rekey.c' object='suites/exchange_tests-test_child_rekey.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_rekey.o `test -f 'suites/test_child_rekey.c' || echo '$(srcdir)/'`suites/test_child_rekey.c + +suites/exchange_tests-test_child_rekey.obj: suites/test_child_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_child_rekey.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo -c -o suites/exchange_tests-test_child_rekey.obj `if test -f 'suites/test_child_rekey.c'; then $(CYGPATH_W) 'suites/test_child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_rekey.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_child_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_child_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_child_rekey.c' object='suites/exchange_tests-test_child_rekey.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_child_rekey.obj `if test -f 'suites/test_child_rekey.c'; then $(CYGPATH_W) 'suites/test_child_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_child_rekey.c'; fi` + +suites/exchange_tests-test_ike_delete.o: suites/test_ike_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_delete.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo -c -o suites/exchange_tests-test_ike_delete.o `test -f 'suites/test_ike_delete.c' || echo '$(srcdir)/'`suites/test_ike_delete.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_delete.c' object='suites/exchange_tests-test_ike_delete.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_delete.o `test -f 'suites/test_ike_delete.c' || echo '$(srcdir)/'`suites/test_ike_delete.c + +suites/exchange_tests-test_ike_delete.obj: suites/test_ike_delete.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_delete.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo -c -o suites/exchange_tests-test_ike_delete.obj `if test -f 'suites/test_ike_delete.c'; then $(CYGPATH_W) 'suites/test_ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_delete.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_delete.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_delete.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_delete.c' object='suites/exchange_tests-test_ike_delete.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_delete.obj `if test -f 'suites/test_ike_delete.c'; then $(CYGPATH_W) 'suites/test_ike_delete.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_delete.c'; fi` + +suites/exchange_tests-test_ike_rekey.o: suites/test_ike_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_rekey.o -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo -c -o suites/exchange_tests-test_ike_rekey.o `test -f 'suites/test_ike_rekey.c' || echo '$(srcdir)/'`suites/test_ike_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_rekey.c' object='suites/exchange_tests-test_ike_rekey.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_rekey.o `test -f 'suites/test_ike_rekey.c' || echo '$(srcdir)/'`suites/test_ike_rekey.c + +suites/exchange_tests-test_ike_rekey.obj: suites/test_ike_rekey.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT suites/exchange_tests-test_ike_rekey.obj -MD -MP -MF suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo -c -o suites/exchange_tests-test_ike_rekey.obj `if test -f 'suites/test_ike_rekey.c'; then $(CYGPATH_W) 'suites/test_ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_rekey.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Tpo suites/$(DEPDIR)/exchange_tests-test_ike_rekey.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_ike_rekey.c' object='suites/exchange_tests-test_ike_rekey.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o suites/exchange_tests-test_ike_rekey.obj `if test -f 'suites/test_ike_rekey.c'; then $(CYGPATH_W) 'suites/test_ike_rekey.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_ike_rekey.c'; fi` + +utils/exchange_tests-exchange_test_asserts.o: utils/exchange_test_asserts.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_asserts.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo -c -o utils/exchange_tests-exchange_test_asserts.o `test -f 'utils/exchange_test_asserts.c' || echo '$(srcdir)/'`utils/exchange_test_asserts.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_asserts.c' object='utils/exchange_tests-exchange_test_asserts.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_asserts.o `test -f 'utils/exchange_test_asserts.c' || echo '$(srcdir)/'`utils/exchange_test_asserts.c + +utils/exchange_tests-exchange_test_asserts.obj: utils/exchange_test_asserts.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_asserts.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo -c -o utils/exchange_tests-exchange_test_asserts.obj `if test -f 'utils/exchange_test_asserts.c'; then $(CYGPATH_W) 'utils/exchange_test_asserts.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_asserts.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_asserts.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_asserts.c' object='utils/exchange_tests-exchange_test_asserts.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_asserts.obj `if test -f 'utils/exchange_test_asserts.c'; then $(CYGPATH_W) 'utils/exchange_test_asserts.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_asserts.c'; fi` + +utils/exchange_tests-exchange_test_helper.o: utils/exchange_test_helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_helper.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo -c -o utils/exchange_tests-exchange_test_helper.o `test -f 'utils/exchange_test_helper.c' || echo '$(srcdir)/'`utils/exchange_test_helper.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_helper.c' object='utils/exchange_tests-exchange_test_helper.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_helper.o `test -f 'utils/exchange_test_helper.c' || echo '$(srcdir)/'`utils/exchange_test_helper.c + +utils/exchange_tests-exchange_test_helper.obj: utils/exchange_test_helper.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-exchange_test_helper.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo -c -o utils/exchange_tests-exchange_test_helper.obj `if test -f 'utils/exchange_test_helper.c'; then $(CYGPATH_W) 'utils/exchange_test_helper.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_helper.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Tpo utils/$(DEPDIR)/exchange_tests-exchange_test_helper.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/exchange_test_helper.c' object='utils/exchange_tests-exchange_test_helper.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-exchange_test_helper.obj `if test -f 'utils/exchange_test_helper.c'; then $(CYGPATH_W) 'utils/exchange_test_helper.c'; else $(CYGPATH_W) '$(srcdir)/utils/exchange_test_helper.c'; fi` + +utils/exchange_tests-mock_dh.o: utils/mock_dh.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_dh.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo -c -o utils/exchange_tests-mock_dh.o `test -f 'utils/mock_dh.c' || echo '$(srcdir)/'`utils/mock_dh.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo utils/$(DEPDIR)/exchange_tests-mock_dh.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_dh.c' object='utils/exchange_tests-mock_dh.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_dh.o `test -f 'utils/mock_dh.c' || echo '$(srcdir)/'`utils/mock_dh.c + +utils/exchange_tests-mock_dh.obj: utils/mock_dh.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_dh.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo -c -o utils/exchange_tests-mock_dh.obj `if test -f 'utils/mock_dh.c'; then $(CYGPATH_W) 'utils/mock_dh.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_dh.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_dh.Tpo utils/$(DEPDIR)/exchange_tests-mock_dh.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_dh.c' object='utils/exchange_tests-mock_dh.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_dh.obj `if test -f 'utils/mock_dh.c'; then $(CYGPATH_W) 'utils/mock_dh.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_dh.c'; fi` + +utils/exchange_tests-mock_ipsec.o: utils/mock_ipsec.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_ipsec.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo -c -o utils/exchange_tests-mock_ipsec.o `test -f 'utils/mock_ipsec.c' || echo '$(srcdir)/'`utils/mock_ipsec.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_ipsec.c' object='utils/exchange_tests-mock_ipsec.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.o `test -f 'utils/mock_ipsec.c' || echo '$(srcdir)/'`utils/mock_ipsec.c + +utils/exchange_tests-mock_ipsec.obj: utils/mock_ipsec.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_ipsec.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_ipsec.Tpo utils/$(DEPDIR)/exchange_tests-mock_ipsec.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_ipsec.c' object='utils/exchange_tests-mock_ipsec.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_ipsec.obj `if test -f 'utils/mock_ipsec.c'; then $(CYGPATH_W) 'utils/mock_ipsec.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_ipsec.c'; fi` + +utils/exchange_tests-mock_nonce_gen.o: utils/mock_nonce_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_nonce_gen.c' object='utils/exchange_tests-mock_nonce_gen.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_nonce_gen.o `test -f 'utils/mock_nonce_gen.c' || echo '$(srcdir)/'`utils/mock_nonce_gen.c + +utils/exchange_tests-mock_nonce_gen.obj: utils/mock_nonce_gen.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_nonce_gen.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo -c -o utils/exchange_tests-mock_nonce_gen.obj `if test -f 'utils/mock_nonce_gen.c'; then $(CYGPATH_W) 'utils/mock_nonce_gen.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_nonce_gen.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Tpo utils/$(DEPDIR)/exchange_tests-mock_nonce_gen.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_nonce_gen.c' object='utils/exchange_tests-mock_nonce_gen.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_nonce_gen.obj `if test -f 'utils/mock_nonce_gen.c'; then $(CYGPATH_W) 'utils/mock_nonce_gen.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_nonce_gen.c'; fi` + +utils/exchange_tests-mock_sender.o: utils/mock_sender.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_sender.o -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo -c -o utils/exchange_tests-mock_sender.o `test -f 'utils/mock_sender.c' || echo '$(srcdir)/'`utils/mock_sender.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo utils/$(DEPDIR)/exchange_tests-mock_sender.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_sender.c' object='utils/exchange_tests-mock_sender.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_sender.o `test -f 'utils/mock_sender.c' || echo '$(srcdir)/'`utils/mock_sender.c + +utils/exchange_tests-mock_sender.obj: utils/mock_sender.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT utils/exchange_tests-mock_sender.obj -MD -MP -MF utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo -c -o utils/exchange_tests-mock_sender.obj `if test -f 'utils/mock_sender.c'; then $(CYGPATH_W) 'utils/mock_sender.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_sender.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) utils/$(DEPDIR)/exchange_tests-mock_sender.Tpo utils/$(DEPDIR)/exchange_tests-mock_sender.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='utils/mock_sender.c' object='utils/exchange_tests-mock_sender.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o utils/exchange_tests-mock_sender.obj `if test -f 'utils/mock_sender.c'; then $(CYGPATH_W) 'utils/mock_sender.c'; else $(CYGPATH_W) '$(srcdir)/utils/mock_sender.c'; fi` + +exchange_tests-exchange_tests.o: exchange_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT exchange_tests-exchange_tests.o -MD -MP -MF $(DEPDIR)/exchange_tests-exchange_tests.Tpo -c -o exchange_tests-exchange_tests.o `test -f 'exchange_tests.c' || echo '$(srcdir)/'`exchange_tests.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/exchange_tests-exchange_tests.Tpo $(DEPDIR)/exchange_tests-exchange_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='exchange_tests.c' object='exchange_tests-exchange_tests.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o exchange_tests-exchange_tests.o `test -f 'exchange_tests.c' || echo '$(srcdir)/'`exchange_tests.c + +exchange_tests-exchange_tests.obj: exchange_tests.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -MT exchange_tests-exchange_tests.obj -MD -MP -MF $(DEPDIR)/exchange_tests-exchange_tests.Tpo -c -o exchange_tests-exchange_tests.obj `if test -f 'exchange_tests.c'; then $(CYGPATH_W) 'exchange_tests.c'; else $(CYGPATH_W) '$(srcdir)/exchange_tests.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/exchange_tests-exchange_tests.Tpo $(DEPDIR)/exchange_tests-exchange_tests.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='exchange_tests.c' object='exchange_tests-exchange_tests.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(exchange_tests_CFLAGS) $(CFLAGS) -c -o exchange_tests-exchange_tests.obj `if test -f 'exchange_tests.c'; then $(CYGPATH_W) 'exchange_tests.c'; else $(CYGPATH_W) '$(srcdir)/exchange_tests.c'; fi` + +suites/libcharon_tests-test_proposal.o: suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.o `test -f 'suites/test_proposal.c' || echo '$(srcdir)/'`suites/test_proposal.c + +suites/libcharon_tests-test_proposal.obj: suites/test_proposal.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_proposal.obj -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_proposal.Tpo suites/$(DEPDIR)/libcharon_tests-test_proposal.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='suites/test_proposal.c' object='suites/libcharon_tests-test_proposal.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -c -o suites/libcharon_tests-test_proposal.obj `if test -f 'suites/test_proposal.c'; then $(CYGPATH_W) 'suites/test_proposal.c'; else $(CYGPATH_W) '$(srcdir)/suites/test_proposal.c'; fi` + suites/libcharon_tests-test_ike_cfg.o: suites/test_ike_cfg.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(libcharon_tests_CFLAGS) $(CFLAGS) -MT suites/libcharon_tests-test_ike_cfg.o -MD -MP -MF suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo -c -o suites/libcharon_tests-test_ike_cfg.o `test -f 'suites/test_ike_cfg.c' || echo '$(srcdir)/'`suites/test_ike_cfg.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Tpo suites/$(DEPDIR)/libcharon_tests-test_ike_cfg.Po @@ -816,6 +1113,8 @@ distclean-generic: -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -rm -f suites/$(DEPDIR)/$(am__dirstamp) -rm -f suites/$(am__dirstamp) + -rm -f utils/$(DEPDIR)/$(am__dirstamp) + -rm -f utils/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -826,7 +1125,7 @@ clean-am: clean-checkPROGRAMS clean-generic clean-libtool \ mostlyclean-am distclean: distclean-am - -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR) -rm -f Makefile distclean-am: clean-am distclean-compile distclean-generic \ distclean-tags @@ -872,7 +1171,7 @@ install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am - -rm -rf ./$(DEPDIR) suites/$(DEPDIR) + -rm -rf ./$(DEPDIR) suites/$(DEPDIR) utils/$(DEPDIR) -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic @@ -907,6 +1206,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/tests/exchange_tests.c b/src/libcharon/tests/exchange_tests.c new file mode 100644 index 000000000..eab50a875 --- /dev/null +++ b/src/libcharon/tests/exchange_tests.c @@ -0,0 +1,64 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <test_runner.h> +#include <daemon.h> + +#include "utils/exchange_test_helper.h" + +/* declare test suite constructors */ +#define TEST_SUITE(x) test_suite_t* x(); +#define TEST_SUITE_DEPEND(x, ...) TEST_SUITE(x) +#include "exchange_tests.h" +#undef TEST_SUITE +#undef TEST_SUITE_DEPEND + +static test_configuration_t tests[] = { +#define TEST_SUITE(x) \ + { .suite = x, }, +#define TEST_SUITE_DEPEND(x, type, ...) \ + { .suite = x, .feature = PLUGIN_DEPENDS(type, __VA_ARGS__) }, +#include "exchange_tests.h" + { .suite = NULL, } +}; + +static bool test_runner_init(bool init) +{ + if (init) + { + char *plugins, *plugindir; + + libcharon_init(); + + plugins = getenv("TESTS_PLUGINS") ?: + lib->settings->get_str(lib->settings, + "tests.load", PLUGINS); + plugindir = lib->settings->get_str(lib->settings, + "tests.plugindir", PLUGINDIR); + plugin_loader_add_plugindirs(plugindir, plugins); + exchange_test_helper_init(plugins); + } + else + { + exchange_test_helper_deinit(); + libcharon_deinit(); + } + return TRUE; +} + +int main(int argc, char *argv[]) +{ + return test_runner_run("exchanges", tests, test_runner_init); +} diff --git a/src/libcharon/tests/exchange_tests.h b/src/libcharon/tests/exchange_tests.h new file mode 100644 index 000000000..30086721f --- /dev/null +++ b/src/libcharon/tests/exchange_tests.h @@ -0,0 +1,20 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +TEST_SUITE(ike_delete_suite_create) +TEST_SUITE(ike_rekey_suite_create) +TEST_SUITE(child_create_suite_create) +TEST_SUITE(child_delete_suite_create) +TEST_SUITE(child_rekey_suite_create) diff --git a/src/libcharon/tests/libcharon_tests.c b/src/libcharon/tests/libcharon_tests.c index 4692c3094..e25e5434f 100644 --- a/src/libcharon/tests/libcharon_tests.c +++ b/src/libcharon/tests/libcharon_tests.c @@ -53,9 +53,6 @@ static bool test_runner_init(bool init) } else { - lib->processor->set_threads(lib->processor, 0); - lib->processor->cancel(lib->processor); - lib->plugins->unload(lib->plugins); libcharon_deinit(); } return TRUE; diff --git a/src/libcharon/tests/libcharon_tests.h b/src/libcharon/tests/libcharon_tests.h index fb82baccb..f770f464d 100644 --- a/src/libcharon/tests/libcharon_tests.h +++ b/src/libcharon/tests/libcharon_tests.h @@ -1,4 +1,7 @@ /* + * Copyright (C) 2014-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * @@ -13,6 +16,15 @@ * for more details. */ +/** + * @defgroup libcharon-tests tests + * @ingroup libcharon + * + * @defgroup test_utils_c test_utils + * @ingroup libcharon-tests + */ + +TEST_SUITE(proposal_suite_create) TEST_SUITE(ike_cfg_suite_create) TEST_SUITE(mem_pool_suite_create) TEST_SUITE_DEPEND(message_chapoly_suite_create, AEAD, ENCR_CHACHA20_POLY1305, 32) diff --git a/src/libcharon/tests/suites/test_child_create.c b/src/libcharon/tests/suites/test_child_create.c new file mode 100644 index 000000000..20a47f6bf --- /dev/null +++ b/src/libcharon/tests/suites/test_child_create.c @@ -0,0 +1,106 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <daemon.h> +#include <tests/utils/exchange_test_helper.h> +#include <tests/utils/exchange_test_asserts.h> +#include <tests/utils/job_asserts.h> +#include <tests/utils/sa_asserts.h> + +/** + * One of the peers tries to create a new CHILD_SA while the other concurrently + * started to rekey the IKE_SA. TEMPORARY_FAILURE should be returned on both + * sides and the peers should prepare to retry. + */ +START_TEST(test_collision_ike_rekey) +{ + child_cfg_t *child_cfg; + child_cfg_create_t child = { + .mode = MODE_TUNNEL, + }; + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + assert_hook_not_called(child_updown); + child_cfg = child_cfg_create("child", &child); + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + child_cfg->add_traffic_selector(child_cfg, TRUE, + traffic_selector_create_dynamic(0, 0, 65535)); + child_cfg->add_traffic_selector(child_cfg, FALSE, + traffic_selector_create_dynamic(0, 0, 65535)); + call_ikesa(a, initiate, child_cfg, 0, NULL, NULL); + assert_child_sa_count(a, 1); + assert_hook(); + + call_ikesa(b, rekey); + + /* CREATE_CHILD_SA { SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_updown); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(child_updown); + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 1); + assert_scheduler(); + assert_hook(); + + /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_scheduler(); + + /* make sure no message was sent after handling the TEMPORARY_FAILURE and + * that the task to retry creating the CHILD_SA is queued and not active + * and it can't be initiated immediately */ + ck_assert(!exchange_test_helper->sender->dequeue(exchange_test_helper->sender)); + assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE); + assert_num_tasks(a, 1, TASK_QUEUE_QUEUED); + call_ikesa(a, initiate, NULL, 0, NULL, NULL); + assert_num_tasks(a, 0, TASK_QUEUE_ACTIVE); + + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +Suite *child_create_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("child create"); + + tc = tcase_create("collisions ike rekey"); + tcase_add_test(tc, test_collision_ike_rekey); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_child_delete.c b/src/libcharon/tests/suites/test_child_delete.c new file mode 100644 index 000000000..437e919c7 --- /dev/null +++ b/src/libcharon/tests/suites/test_child_delete.c @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <daemon.h> +#include <tests/utils/exchange_test_helper.h> +#include <tests/utils/exchange_test_asserts.h> +#include <tests/utils/job_asserts.h> +#include <tests/utils/sa_asserts.h> + +/** + * Regular CHILD_SA deletion either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b; + + if (_i) + { /* responder deletes the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator deletes the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + assert_hook_not_called(child_updown); + call_ikesa(a, delete_child_sa, PROTO_ESP, _i+1, FALSE); + assert_child_sa_state(a, _i+1, CHILD_DELETING); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Both peers initiate the CHILD_SA deletion concurrently and should handle + * the collision properly. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + /* both peers delete the CHILD_SA concurrently */ + assert_hook_not_called(child_updown); + call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE); + assert_child_sa_state(a, 1, CHILD_DELETING); + call_ikesa(b, delete_child_sa, PROTO_ESP, 2, FALSE); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_hook(); + + /* RFC 7296 says: + * + * Normally, the response in the INFORMATIONAL exchange will contain + * Delete payloads for the paired SAs going in the other direction. + * There is one exception. If, by chance, both ends of a set of SAs + * independently decide to close them, each may send a Delete payload + * and the two requests may cross in the network. If a node receives a + * delete request for SAs for which it has already issued a delete + * request, it MUST delete the outgoing SAs while processing the request + * and the incoming SAs while processing the response. In that case, + * the responses MUST NOT include Delete payloads for the deleted SAs, + * since that would result in duplicate deletion and could in theory + * delete the wrong SA. + * + * We don't handle SAs separately so we expect both are still installed, + * but the INFORMATIONAL response should not contain a DELETE payload. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_updown); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_DELETING); + assert_hook(); + + /* <-- INFORMATIONAL { } */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + /* INFORMATIONAL { } --> */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * This is like the collision above but one of the DELETEs is dropped or delayed + * so the other peer is not aware that there is a collision. + */ +START_TEST(test_collision_drop) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + /* both peers delete the CHILD_SA concurrently */ + assert_hook_not_called(child_updown); + call_ikesa(a, delete_child_sa, PROTO_ESP, 1, FALSE); + assert_child_sa_state(a, 1, CHILD_DELETING); + call_ikesa(b, delete_child_sa, PROTO_ESP, 2, FALSE); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_updown); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_hook(); + + /* drop/delay the responder's message */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- INFORMATIONAL { } */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed/retransmitted) */ + assert_hook_not_called(child_updown); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to delete. + * + * delete ----\ /---- rekey IKE + * \-----/----> detect collision + * detect collision <---------/ /---- delete + * TEMP_FAIL ----\ / + * \----/-----> + * <--------/ + */ +START_TEST(test_collision_ike_rekey) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + + if (_i) + { /* responder deletes the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator deletes the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + call_ikesa(b, rekey); + assert_ike_sa_state(b, IKE_REKEYING); + + /* this should never get called as there is no successful rekeying */ + assert_hook_not_called(ike_rekey); + + /* RFC 7296, 2.25.2: If a peer receives a request to delete a Child SA when + * it is currently rekeying the IKE SA, it SHOULD reply as usual, with a + * Delete payload. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 0); + assert_hook(); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and + * it is currently, rekeying, or closing a Child SA of that IKE SA, it + * SHOULD reply with TEMPORARY_FAILURE. + */ + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */ + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_scheduler(); + + /* ike_rekey */ + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to delete. + * + * delete ----\ /---- delete IKE + * \-----/----> detect collision + * <---------/ /---- delete + * delete ----\ / + * \----/-----> + * sa already gone <--------/ + */ +START_TEST(test_collision_ike_delete) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + call_ikesa(a, delete_child_sa, PROTO_ESP, spi_a, FALSE); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to delete a CHILD_SA when it is currently + * closing the IKE SA. We expect a regular response. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + assert_hook(); + + /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to close the IKE SA if it is currently deleting + * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the + * delete. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_not_called(child_updown); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); +} +END_TEST + +Suite *child_delete_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("child delete"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions"); + tcase_add_test(tc, test_collision); + tcase_add_test(tc, test_collision_drop); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike rekey"); + tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike delete"); + tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_child_rekey.c b/src/libcharon/tests/suites/test_child_rekey.c new file mode 100644 index 000000000..fcac49388 --- /dev/null +++ b/src/libcharon/tests/suites/test_child_rekey.c @@ -0,0 +1,1569 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <daemon.h> +#include <tests/utils/exchange_test_helper.h> +#include <tests/utils/exchange_test_asserts.h> +#include <tests/utils/job_asserts.h> +#include <tests/utils/sa_asserts.h> + +/** + * Initiate rekeying the CHILD_SA with the given SPI on the given IKE_SA. + */ +#define initiate_rekey(sa, spi) ({ \ + assert_hook_not_called(child_updown); \ + assert_hook_not_called(child_rekey); \ + call_ikesa(sa, rekey_child_sa, PROTO_ESP, spi); \ + assert_child_sa_state(sa, spi, CHILD_REKEYING); \ + assert_hook(); \ + assert_hook(); \ +}) + +/** + * Regular CHILD_SA rekey either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_REKEYED); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- INFORMATIONAL { D } */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_hook(); + + /* child_updown */ + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * CHILD_SA rekey where the responder does not agree with the DH group selected + * by the initiator, either initiated by the original initiator or responder of + * the IKE_SA. + */ +START_TEST(test_regular_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .esp = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .esp = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, &conf); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + } + initiate_rekey(a, spi_a); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_REKEYED); + assert_child_sa_state(b, 6, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_DELETING); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 6, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- INFORMATIONAL { D } */ + assert_hook_not_called(child_rekey); + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_hook(); + + /* child_updown */ + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Check that the responder ignores soft expires while waiting for the delete + * after a rekeying. + */ +START_TEST(test_regular_responder_ignore_soft_expire) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + initiate_rekey(a, 1); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_DELETING); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this to get called anymore */ + assert_hook_not_called(child_rekey); + /* this should not produce a message, if it does there won't be a delete + * payload below */ + call_ikesa(b, rekey_child_sa, PROTO_ESP, 2); + assert_child_sa_state(b, 2, CHILD_REKEYED); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Check that the responder handles hard expires properly while waiting for the + * delete after a rekeying (e.g. if the initiator of the rekeying fails to + * delete the CHILD_SA for some reason). + */ +START_TEST(test_regular_responder_handle_hard_expire) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + initiate_rekey(a, 1); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_called(child_rekey); + assert_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + assert_hook_called(child_rekey); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_DELETING); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this to get called anymore */ + assert_hook_not_called(child_rekey); + /* this is similar to a regular delete collision */ + assert_single_payload(OUT, PLV2_DELETE); + call_ikesa(b, delete_child_sa, PROTO_ESP, 2, TRUE); + assert_child_sa_state(b, 2, CHILD_DELETING); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_state(a, 2, CHILD_DELETING); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_state(a, 1, CHILD_DELETING); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 3, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Both peers initiate the CHILD_SA reekying concurrently and should handle + * the collision properly depending on the nonces. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* When rekeyings collide we get two CHILD_SAs with a total of four nonces. + * The CHILD_SA with the lowest nonce SHOULD be deleted by the peer that + * created that CHILD_SA. The replaced CHILD_SA is deleted by the peer that + * initiated the surviving SA. + * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted CHILD_SA (either redundant or replaced) */ + uint32_t spi_del_a, spi_del_b; + /* SPIs of the kept CHILD_SA */ + uint32_t spi_a, spi_b; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 2, 5); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 5, CHILD_INSTALLED); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_rekey(child_rekey, 1, 6); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 6, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + if (data[_i].spi_del_a == 1) + { /* currently we call this again if we keep our own replacement as we + * already called it above */ + assert_hook_rekey(child_rekey, 1, data[_i].spi_a); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_hook(); + } + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + if (data[_i].spi_del_b == 2) + { + assert_hook_rekey(child_rekey, 2, data[_i].spi_b); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * This is like the rekey collision above, but one peer deletes the + * redundant/old SA before the other peer receives the CREATE_CHILD_SA + * response: + * + * rekey ----\ /---- rekey + * \-----/----> detect collision + * detect collision <---------/ /---- + * ----\ / + * \----/-----> + * handle delete <--------/------- delete SA + * --------/-------> + * handle rekey <------/ + * delete SA ----------------> + * <---------------- + */ +START_TEST(test_collision_delayed_response) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted CHILD_SA (either redundant or replaced) */ + uint32_t spi_del_a, spi_del_b; + /* SPIs of the kept CHILD_SA */ + uint32_t spi_a, spi_b; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 4, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 2, 6, 4 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 4, 3, 5 }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 2, 5); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 5, CHILD_INSTALLED); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_rekey(child_rekey, 1, 6); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 6, CHILD_INSTALLED); + assert_hook(); + + /* delay the CREATE_CHILD_SA response from b to a */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + if (data[_i].spi_del_b == 2) + { + assert_hook_rekey(child_rekey, 2, data[_i].spi_b); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + + /* <-- INFORMATIONAL { D } */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + if (data[_i].spi_del_b == 2) + { + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + } + else + { + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_count(a, 1); + } + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 2); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } (delayed) */ + if (data[_i].spi_del_a == 1) + { + assert_hook_rekey(child_rekey, 1, data[_i].spi_a); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_hook(); + } + else + { + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_hook(); + } + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a + * rekey collision: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * \ /---- delete old SA + * \-/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete -----------/----> + * aborts rekeying <---------/ + */ +START_TEST(test_collision_delayed_request) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 1, 5); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_hook(); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + assert_hook_rekey(child_rekey, 2, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_scheduler(); + + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Similar to above one peer fails to notice the collision but the + * CREATE_CHILD_SA request is even more delayed: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * detect collision <-------\-------- delete old SA + * delete ---------\------> + * \-----> + * /---- CHILD_SA_NOT_FOUND + * aborts rekeying <----------/ + */ +START_TEST(test_collision_delayed_request_more) +{ + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b, 2); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 1, 5); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_hook(); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + assert_hook_rekey(child_rekey, 2, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_single_notify(OUT, CHILD_SA_NOT_FOUND); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_child_sa_state(b, 4, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 5, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_scheduler(); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * Both peers initiate the CHILD_SA reekying concurrently but the proposed DH + * groups are not the same after handling the INVALID_KE_PAYLOAD they should + * still handle the collision properly depending on the nonces. + */ +START_TEST(test_collision_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .esp = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .esp = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + /* Eight nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N5/7 -----\ \-------> + * \ /---- N6/8 + * \--/----> N7/9 + * N8/10 <--------/ /---- ... + * ... ------\ + * + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted CHILD_SA (either redundant or replaced) */ + uint32_t spi_del_a, spi_del_b; + /* SPIs of the kept CHILD_SA */ + uint32_t spi_a, spi_b; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 7, 2,10, 8 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 8, 7, 9 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 7, 2,10, 8 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 8, 7, 9 }, + }; + + /* make sure the nonces of the first try don't affect the retries */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 2, 9); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYED); + assert_child_sa_state(b, 9, CHILD_INSTALLED); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_rekey(child_rekey, 1, 10); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a,10, CHILD_INSTALLED); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } */ + if (data[_i].spi_del_a == 1) + { /* currently we call this again if we keep our own replacement as we + * already called it above */ + assert_hook_rekey(child_rekey, 1, data[_i].spi_a); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_hook(); + } + else + { + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + } + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_del_b, CHILD_REKEYED); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + if (data[_i].spi_del_b == 2) + { + assert_hook_rekey(child_rekey, 2, data[_i].spi_b); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_hook(); + } + else + { + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + } + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_del_a, CHILD_REKEYED); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_del_b, CHILD_DELETING); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_del_a, CHILD_DELETING); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 2); + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, data[_i].spi_a, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, data[_i].spi_b, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * This is a variation of the above but with the retry by one peer delayed so + * that to the other peer it looks like there is no collision. + */ +START_TEST(test_collision_ke_invalid_delayed_retry) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .esp = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .esp = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b; + message_t *msg; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + /* Seven nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N5/7 -----\ \-------> + * <-----\--------- N6/8 + * N7/9 -------\-------> + * <-------\------- DELETE + * ... ------\ \-----> + * /---- TEMP_FAIL + * + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + + /* make sure the nonces of the first try don't affect the retries */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(a, 1); + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(b, 2); + + /* this should never get called as this results in a successful rekeying */ + assert_hook_not_called(child_updown); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + assert_hook_not_called(child_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYING); + assert_child_sa_count(a, 1); + assert_hook(); + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_REKEYING); + assert_child_sa_count(b, 1); + assert_hook(); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_rekey(child_rekey, 1, 9); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 1, CHILD_REKEYED); + assert_child_sa_state(a, 9, CHILD_INSTALLED); + assert_hook(); + /* CREATE_CHILD_SA { SA, Nr, [KEr,] TSi, TSr } --> */ + assert_hook_rekey(child_rekey, 2, 8); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 8, CHILD_INSTALLED); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(child_rekey); + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_child_sa_state(b, 2, CHILD_DELETING); + assert_child_sa_state(b, 8, CHILD_INSTALLED); + + /* <-- INFORMATIONAL { D } */ + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 9, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, 9, CHILD_INSTALLED); + assert_child_sa_count(a, 1); + assert_scheduler(); + + /* INFORMATIONAL { D } --> */ + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, 8, CHILD_INSTALLED); + assert_child_sa_count(b, 1); + + /* child_rekey/child_updown */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the CHILD_SA the other peer is + * concurrently trying to rekey. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete ----\ / + * \----/-----> + * aborts rekeying <--------/ + */ +START_TEST(test_collision_delete) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_updown); + assert_notify(IN, REKEY_SA); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_hook(); + + /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that + * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE + * payload. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(child_updown); + /* we don't expect a job to retry the rekeying */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_scheduler(); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* child_rekey */ + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the CHILD_SA the other peer is + * concurrently trying to rekey. However, the delete request is delayed or + * dropped, so the peer doing the rekeying is unaware of the collision. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * reschedule <---------/------ TEMP_FAIL + * <--------/ + * delete ----------------> + * + * The job will not find the SA to retry rekeying. + */ +START_TEST(test_collision_delete_drop_delete) +{ + ike_sa_t *a, *b; + message_t *msg; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey a CHILD_SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_hook_not_called(child_updown); + assert_notify(IN, REKEY_SA); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + assert_hook(); + + /* delay the DELETE request */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(child_updown); + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_INSTALLED); + assert_scheduler(); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed) */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + assert_child_sa_count(a, 0); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* child_rekey */ + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the CHILD_SA the other peer is + * concurrently trying to rekey. However, the rekey request is delayed or + * dropped, so the peer doing the deleting is unaware of the collision. + * + * rekey ----\ /---- delete + * detect collision <----\-----/ + * delete ------\---------> + * \--------> + * /---- CHILD_SA_NOT_FOUND + * aborts rekeying <----------/ + */ + START_TEST(test_collision_delete_drop_rekey) +{ + ike_sa_t *a, *b; + message_t *msg; + uint32_t spi_a = _i+1, spi_b = 2-_i; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete_child_sa, PROTO_ESP, spi_b, FALSE); + assert_child_sa_state(b, spi_b, CHILD_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* delay the CREATE_CHILD_SA request */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* RFC 7296, 2.25.1: If a peer receives a request to delete a CHILD_SA that + * it is currently trying to rekey, it SHOULD reply as usual, with a DELETE + * payload. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_single_payload(OUT, PLV2_DELETE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_count(a, 0); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(child_updown, FALSE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_child_sa_count(b, 0); + assert_hook(); + + /* RFC 7296, 2.25.1: If a peer receives a to rekey a Child SA that does not + * exist, it SHOULD reply with CHILD_SA_NOT_FOUND. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> (delayed) */ + assert_hook_not_called(child_updown); + assert_notify(IN, REKEY_SA); + assert_single_notify(OUT, CHILD_SA_NOT_FOUND); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(NO_CHILD_SA) } */ + assert_hook_not_called(child_updown); + /* no jobs or tasks should get scheduled/queued */ + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_scheduler(); + assert_hook(); + + /* child_rekey */ + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * FIXME: Not sure what we can do about the following: + * + * One of the hosts initiates a rekeying of a CHILD_SA and after responding to + * it the other peer deletes the new SA. However, the rekey response is + * delayed or dropped, so the peer doing the rekeying receives a delete for an + * unknown CHILD_SA and then has a rekeyed CHILD_SA that should not exist. + * + * rekey ----------------> + * /---- rekey + * unknown SA <----------/----- delete new SA + * ----------/-----> + * <--------/ + * + * The peers' states are now out of sync. + * + * Perhaps the rekey initiator could keep track of deletes for non-existing SAs + * while rekeying and then check against the SPIs when handling the + * CREATE_CHILD_SA response. + */ + + +/** + * One of the hosts initiates a rekey of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to rekey. + * + * rekey ----\ /---- rekey IKE + * \-----/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * TEMP_FAIL ----\ / + * \----/-----> + * <--------/ + */ +START_TEST(test_collision_ike_rekey) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, rekey); + assert_ike_sa_state(b, IKE_REKEYING); + + /* these should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(ike_rekey); + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.2: If a peer receives a request to rekey a CHILD_SA when + * it is currently rekeying the IKE SA, it SHOULD reply with + * TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + + /* RFC 7296, 2.25.1: If a peer receives a request to rekey the IKE SA, and + * it is currently, rekeying, or closing a Child SA of that IKE SA, it + * SHOULD reply with TEMPORARY_FAILURE. + */ + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_REKEYING); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_child_sa_state(a, spi_a, CHILD_INSTALLED); + assert_scheduler(); + + /* CREATE_CHILD_SA { N(TEMP_FAIL) } --> */ + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_scheduler(); + + /* ike_rekey/child_rekey */ + assert_hook(); + assert_hook(); + + assert_sa_idle(a); + assert_sa_idle(b); + + call_ikesa(a, destroy); + call_ikesa(b, destroy); +} +END_TEST + +/** + * One of the hosts initiates a delete of the IKE_SA of the CHILD_SA the other + * peer is concurrently trying to rekey. + * + * rekey ----\ /---- delete IKE + * \-----/----> detect collision + * <---------/ /---- TEMP_FAIL + * delete ----\ / + * \----/-----> + * sa already gone <--------/ + */ +START_TEST(test_collision_ike_delete) +{ + ike_sa_t *a, *b; + uint32_t spi_a = _i+1; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the CHILD_SA (SPI 2) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the CHILD_SA (SPI 1) */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + initiate_rekey(a, spi_a); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* this should never get called as there is no successful rekeying on + * either side */ + assert_hook_not_called(child_rekey); + + /* RFC 7296, 2.25.2 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to rekey a CHILD_SA when it is currently + * closing the IKE SA. We expect a TEMPORARY_FAILURE notify. + */ + + /* CREATE_CHILD_SA { N(REKEY_SA), SA, Ni, [KEi,] TSi, TSr } --> */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.1 does not explicitly state what the behavior SHOULD be if + * a peer receives a request to close the IKE SA if it is currently rekeying + * a Child SA of that IKE SA. Let's just close the IKE_SA and forget the + * rekeying. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* child_rekey */ + assert_hook(); +} +END_TEST + +Suite *child_rekey_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("child rekey"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2); + tcase_add_test(tc, test_regular_responder_ignore_soft_expire); + tcase_add_test(tc, test_regular_responder_handle_hard_expire); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions rekey"); + tcase_add_loop_test(tc, test_collision, 0, 4); + tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4); + tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_request_more, 0, 3); + tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4); + tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions delete"); + tcase_add_loop_test(tc, test_collision_delete, 0, 2); + tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2); + tcase_add_loop_test(tc, test_collision_delete_drop_rekey, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike rekey"); + tcase_add_loop_test(tc, test_collision_ike_rekey, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions ike delete"); + tcase_add_loop_test(tc, test_collision_ike_delete, 0, 2); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_ike_delete.c b/src/libcharon/tests/suites/test_ike_delete.c new file mode 100644 index 000000000..d79f9bc50 --- /dev/null +++ b/src/libcharon/tests/suites/test_ike_delete.c @@ -0,0 +1,137 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <tests/utils/exchange_test_helper.h> +#include <tests/utils/exchange_test_asserts.h> +#include <tests/utils/sa_asserts.h> + +/** + * Regular IKE_SA delete either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b; + status_t s; + + if (_i) + { /* responder deletes the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator deletes the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + call_ikesa(a, delete); + assert_ike_sa_state(a, IKE_DELETING); + assert_hook(); + assert_hook(); + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); +} +END_TEST + +/** + * Both peers initiate the IKE_SA deletion concurrently and should handle the + * collision properly. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + call_ikesa(a, delete); + assert_ike_sa_state(a, IKE_DELETING); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + assert_hook(); + assert_hook(); + + /* RFC 7296 says: If a peer receives a request to close an IKE SA that it + * is currently trying to close, it SHOULD reply as usual, and forget about + * its own close request. + * So we expect the SA to just get closed with an empty response still sent. + */ + + /* INFORMATIONAL { D } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); +} +END_TEST + +Suite *ike_delete_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("ike delete"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions"); + tcase_add_test(tc, test_collision); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_ike_rekey.c b/src/libcharon/tests/suites/test_ike_rekey.c new file mode 100644 index 000000000..ba39657a4 --- /dev/null +++ b/src/libcharon/tests/suites/test_ike_rekey.c @@ -0,0 +1,1480 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <tests/utils/exchange_test_helper.h> +#include <tests/utils/exchange_test_asserts.h> +#include <tests/utils/job_asserts.h> +#include <tests/utils/sa_asserts.h> + +/** + * Initiate rekeying the given IKE_SA. + */ +#define initiate_rekey(sa) ({ \ + assert_hook_not_called(ike_rekey); \ + call_ikesa(sa, rekey); \ + assert_ike_sa_state(a, IKE_REKEYING); \ + assert_hook(); \ +}) + +/** + * Regular IKE_SA rekeying either initiated by the original initiator or + * responder of the IKE_SA. + */ +START_TEST(test_regular) +{ + ike_sa_t *a, *b, *new_sa; + status_t s; + + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + initiate_rekey(a); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 3); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYED); + assert_child_sa_count(b, 0); + new_sa = assert_ike_sa_checkout(3, 4, FALSE); + assert_ike_sa_state(new_sa, IKE_ESTABLISHED); + assert_child_sa_count(new_sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, 3); + assert_no_notify(IN, REKEY_SA); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_DELETING); + assert_child_sa_count(a, 0); + new_sa = assert_ike_sa_checkout(3, 4, TRUE); + assert_ike_sa_state(new_sa, IKE_ESTABLISHED); + assert_child_sa_count(new_sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * IKE_SA rekeying where the responder does not agree with the DH group selected + * by the initiator, either initiated by the original initiator or responder of + * the IKE_SA. + */ +START_TEST(test_regular_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .ike = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .ike = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b, *sa; + status_t s; + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + FALSE, lib->ns); + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, &conf); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + } + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns); + + initiate_rekey(a); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_ESTABLISHED); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 3); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYED); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(3, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, 3); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_DELETING); + assert_child_sa_count(a, 0); + sa = assert_ike_sa_checkout(3, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * Both peers initiate the IKE_SA rekeying concurrently and should handle the + * collision properly depending on the nonces. + */ +START_TEST(test_collision) +{ + ike_sa_t *a, *b, *sa; + status_t status; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* When rekeyings collide we get two IKE_SAs with a total of four nonces. + * The IKE_SA with the lowest nonce SHOULD be deleted by the peer that + * created that IKE_SA. The replaced IKE_SA is deleted by the peer that + * initiated the surviving SA. + * Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* simplify next steps by checking in original IKE_SAs */ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); + assert_ike_sa_count(2); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + /* as original initiator a is initiator of both SAs it could delete */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* if b won it will delete the original SA a initiated */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_a_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + /* if b wins it deletes the SA originally initiated by a */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* a only deletes SAs for which b is responder */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(6); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(5); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(4); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(3); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(2); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * Both peers initiate the IKE_SA rekeying concurrently but the proposed DH + * gropus are not the same. After handling the INVALID_KE_PAYLOAD they should + * still handle the collision properly depending on the nonces. + */ +START_TEST(test_collision_ke_invalid) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .ike = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .ike = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b, *sa; + status_t status; + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + FALSE, lib->ns); + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns); + + /* Six nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N1/3 -----\ \-------> + * \ /---- N2/4 + * \--/----> N5/7 + * N6/8 <--------/ /---- ... + * ... ------\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 7, 1, 2, 4, 8 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 8, 3, 7 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 7, 1, 2, 4, 8 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 8, 3, 7 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(ike_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* simplify next steps by checking in original IKE_SAs */ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); + assert_ike_sa_count(2); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + /* as original initiator a is initiator of both SAs it could delete */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* if b won it will delete the original SA a initiated */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_a_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + /* if b wins it deletes the SA originally initiated by a */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* a only deletes SAs for which b is responder */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(6); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(5); + /* <-- INFORMATIONAL { D } */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i == 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(4); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(3); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + status = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, status); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(2); + + /* ike_rekey/ike_updown/child_updown */ + assert_hook(); + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * This is like the collision above but one of the retries is delayed. + */ +START_TEST(test_collision_ke_invalid_delayed_retry) +{ + exchange_test_sa_conf_t conf = { + .initiator = { + .ike = "aes128-sha256-modp2048-modp3072", + }, + .responder = { + .ike = "aes128-sha256-modp3072-modp2048", + }, + }; + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + FALSE, lib->ns); + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, &conf); + + lib->settings->set_bool(lib->settings, "%s.prefer_configured_proposals", + TRUE, lib->ns); + + /* Five nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /---- INVAL_KE + * INVAL_KE -----\ / + * <-----\--/ + * N1/3 -----\ \-------> + * <-----\--------- N2/4 + * N5/7 -------\-------> + * <-------\------- DELETE + * ... ------\ \-----> + * /---- TEMP_FAIL + * + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + } data[] = { + { { 0x00, 0xFF, 0xFF } }, + { { 0xFF, 0x00, 0xFF } }, + { { 0xFF, 0xFF, 0x00 } }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(INVAL_KE) } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + assert_hook_not_called(ike_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { N(INVAL_KE) } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + assert_hook_not_called(child_rekey); + assert_single_notify(IN, INVALID_KE_PAYLOAD); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 7, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_ike_sa_state(b, IKE_DELETING); + + /* <-- INFORMATIONAL { D } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + sa = assert_ike_sa_checkout(4, 7, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * This is like the rekey collision above, but one peer deletes the + * redundant/old SA before the other peer receives the CREATE_CHILD_SA + * response: + * Peer A Peer B + * rekey ----\ /---- rekey + * \-----/----> detect collision + * detect collision <---------/ /---- + * -----------/----> + * handle delete <---------/------ delete redundant/old SA + * ---------/------> + * handle rekey <-------/ + * delete SA ----------------> + * <---------------- + * + * If peer B won the collision it deletes the old IKE_SA, in which case + * this situation is handled as if peer B was not aware of the collision (see + * below). That is, peer A finalizes the rekeying initiated by the peer and + * deletes the IKE_SA (it has no way of knowing whether the peer was aware of + * the collision or not). Peer B will expect the redundant IKE_SA to get + * deleted, but that will never happen if the response arrives after the SA is + * already gone. So a job should be queued that deletes it after a while. + * + * If peer B lost it will switch to the new IKE_SA and delete the redundant + * IKE_SA and expect a delete for the old IKE_SA. In this case peer A will + * simply retransmit until it receives a response to the rekey request, all the + * while ignoring the delete requests for the unknown IKE_SA. Afterwards, + * everything works as in a regular collision (however, until peer A receives + * the response it will not be able to receive any messages on the new IKE_SA). + */ +START_TEST(test_collision_delayed_response) +{ + ike_sa_t *a, *b, *sa; + message_t *msg, *d; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Four nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * IKE_SA): + * N1/3 -----\ /----- N2/4 + * \--/-----> N3/5 + * N4/6 <-------/ /----- ... + * ... -----\ + * We test this four times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[4]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF, 0x00 }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_REKEYING); + assert_child_sa_count(b, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[3]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* delay the CREATE_CHILD_SA response from b to a */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* simplify next steps by checking in original IKE_SAs */ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, a); + charon->ike_sa_manager->checkin(charon->ike_sa_manager, b); + assert_ike_sa_count(2); + + /* CREATE_CHILD_SA { SA, Nr, KEr } --> */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + /* besides the job that retransmits the delete, we expect a job that + * deletes the redundant IKE_SA if we expect the other to delete it */ + assert_jobs_scheduled(data[_i].del_b_i == 1 ? 2 : 1); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + /* if b wins it deletes the SA originally initiated by a */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, + data[_i].del_b_i != 1); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* a only deletes SAs for which b is responder */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_b_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_scheduler(); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + if (data[_i].del_b_i == 1) + { /* b won, it deletes the replaced IKE_SA */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, a); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(4); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, b); + assert_ike_sa_count(3); + assert_hook(); + /* the job will later remove this redundant IKE_SA on b */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_sa_idle(sa); + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */ + /* the IKE_SA (a) does not exist anymore */ + msg->destroy(msg); + } + else + { /* b lost, the delete is for the non-existing redundant IKE_SA */ + d = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Nr, KEr } (delayed) */ + assert_hook_rekey(ike_rekey, 1, data[_i].spi_i); + exchange_test_helper->process_message(exchange_test_helper, a, msg); + /* as original initiator a is initiator of both SAs it could delete */ + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + assert_ike_sa_state(sa, IKE_DELETING); + assert_child_sa_count(sa, 0); + /* this is the redundant SA b is trying to delete */ + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE); + assert_ike_sa_state(sa, IKE_REKEYED); + assert_child_sa_count(sa, 0); + sa = assert_ike_sa_checkout(data[_i].spi_i, data[_i].spi_r, + data[_i].del_a_i == 1); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(6); + assert_hook(); + + /* we don't expect this hook to get called anymore */ + assert_hook_not_called(ike_rekey); + + /* INFORMATIONAL { D } --> */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(5); + /* <-- INFORMATIONAL { } */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_a_i, data[_i].del_a_r, TRUE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(4); + + /* <-- INFORMATIONAL { D } (retransmit/delayed) */ + assert_single_payload(IN, PLV2_DELETE); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, d); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(3); + /* INFORMATIONAL { } --> */ + assert_message_empty(IN); + sa = assert_ike_sa_checkout(data[_i].del_b_i, data[_i].del_b_r, TRUE); + s = exchange_test_helper->process_message(exchange_test_helper, sa, + NULL); + ck_assert_int_eq(DESTROY_ME, s); + charon->ike_sa_manager->checkin_and_destroy(charon->ike_sa_manager, sa); + assert_ike_sa_count(2); + /* ike_rekey */ + assert_hook(); + } + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a rekey + * collision because the other request is dropped: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * detect collision <-------\-------- delete old SA + * delete ---------\------> + * rekey done \-----> SA not found (or it never arrives) + */ +START_TEST(test_collision_dropped_request) +{ + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + /* drop the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* <-- INFORMATIONAL { D } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + sa = assert_ike_sa_checkout(4, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a rekey + * collision because the other request is delayed: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * \ /---- delete old SA + * \-/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete -----------/----> + * rekey done / + * sa already gone <--------/ + */ +START_TEST(test_collision_delayed_request) +{ + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_ike_sa_state(b, IKE_DELETING); + + /* <-- INFORMATIONAL { D } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + sa = assert_ike_sa_checkout(4, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * In this scenario one of the peers does not notice that there is a rekey + * collision and the delete arrives after the TEMPORARY_FAILURE notify: + * + * rekey ----\ /---- rekey + * \ / + * detect collision <-----\---/ + * -------\--------> + * \ /---- delete old SA + * \-/----> detect collision + * no reschedule <---------/------ TEMP_FAIL + * detect collision <--------/ + * delete ----------------> + * rekey done + */ +START_TEST(test_collision_delayed_request_and_delete) +{ + ike_sa_t *a, *b, *sa; + message_t *msg; + status_t s; + + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + + /* Three nonces and SPIs are needed (SPI 1 and 2 are used for the initial + * CHILD_SA): + * N1/3 -----\ /----- N2/4 + * N3/5 <-----\--/ + * ... -----\ \-------> ... + * We test this three times, each time a different nonce is the lowest. + */ + struct { + /* Nonces used at each point */ + u_char nonces[3]; + /* SPIs of the deleted IKE_SAs (either redundant or replaced) */ + uint32_t del_a_i, del_a_r; + uint32_t del_b_i, del_b_r; + /* SPIs of the kept IKE_SA */ + uint32_t spi_i, spi_r; + } data[] = { + { { 0x00, 0xFF, 0xFF }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0x00, 0xFF }, 1, 2, 4, 6, 3, 5 }, + { { 0xFF, 0xFF, 0x00 }, 3, 5, 1, 2, 4, 6 }, + { { 0xFF, 0xFF, 0xFF }, 1, 2, 4, 6, 3, 5 }, + }; + /* these should never get called as this results in a successful rekeying */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + + exchange_test_helper->nonce_first_byte = data[_i].nonces[0]; + initiate_rekey(a); + exchange_test_helper->nonce_first_byte = data[_i].nonces[1]; + initiate_rekey(b); + + /* delay the CREATE_CHILD_SA request from a to b */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { SA, Ni, KEi } */ + exchange_test_helper->nonce_first_byte = data[_i].nonces[2]; + assert_hook_not_called(ike_rekey); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYING); + assert_child_sa_count(a, 1); + assert_ike_sa_count(0); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_rekey(ike_rekey, 1, 4); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_child_sa_count(b, 0); + sa = assert_ike_sa_checkout(4, 5, TRUE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(1); + assert_hook(); + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> (delayed) */ + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, msg); + assert_ike_sa_state(b, IKE_DELETING); + + /* delay the INFORMATIONAL request from b to a */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_rekey(ike_rekey, 1, 4); + assert_no_jobs_scheduled(); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_REKEYED); + assert_child_sa_count(a, 0); + sa = assert_ike_sa_checkout(4, 5, FALSE); + assert_ike_sa_state(sa, IKE_ESTABLISHED); + assert_child_sa_count(sa, 1); + assert_ike_sa_count(2); + assert_scheduler(); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed) */ + assert_single_payload(IN, PLV2_DELETE); + s = exchange_test_helper->process_message(exchange_test_helper, a, msg); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + + /* INFORMATIONAL { } --> */ + assert_hook_not_called(ike_rekey); + assert_message_empty(IN); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + + /* ike_updown/child_updown */ + assert_hook(); + assert_hook(); + + charon->ike_sa_manager->flush(charon->ike_sa_manager); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the IKE_SA the other peer is + * concurrently trying to rekey. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * detect collision <---------/ /---- TEMP_FAIL + * delete ----\ / + * \----/-----> + * sa already gone <--------/ + */ +START_TEST(test_collision_delete) +{ + ike_sa_t *a, *b; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + /* this should never get called as this does not result in a successful + * rekeying on either side */ + assert_hook_not_called(ike_rekey); + + initiate_rekey(a); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_not_called(ike_updown); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_ike_sa_count(0); + assert_hook(); + + /* RFC 7296, 2.25.2: If a peer receives a request to close an IKE SA that + * it is currently rekeying, it SHOULD reply as usual, and forget its own + * rekeying request. + */ + + /* <-- INFORMATIONAL { D } */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + /* the SA is already gone */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + msg->destroy(msg); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* ike_rekey */ + assert_hook(); +} +END_TEST + +/** + * One of the hosts initiates a DELETE of the IKE_SA the other peer is + * concurrently trying to rekey. However, the delete request is delayed or + * dropped, so the peer doing the rekeying is unaware of the collision. + * + * rekey ----\ /---- delete + * \-----/----> detect collision + * reschedule <---------/------ TEMP_FAIL + * <--------/ + * delete ----------------> + */ +START_TEST(test_collision_delete_drop_delete) +{ + ike_sa_t *a, *b; + message_t *msg; + status_t s; + + if (_i) + { /* responder rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &b, &a, NULL); + } + else + { /* initiator rekeys the IKE_SA */ + exchange_test_helper->establish_sa(exchange_test_helper, + &a, &b, NULL); + } + /* this should never get called as this does not result in a successful + * rekeying on either side */ + assert_hook_not_called(ike_rekey); + + initiate_rekey(a); + call_ikesa(b, delete); + assert_ike_sa_state(b, IKE_DELETING); + + /* RFC 7296, 2.25.2: If a peer receives a request to rekey an IKE SA that + * it is currently trying to close, it SHOULD reply with TEMPORARY_FAILURE. + */ + + /* CREATE_CHILD_SA { SA, Ni, KEi } --> */ + assert_hook_not_called(ike_updown); + assert_single_notify(OUT, TEMPORARY_FAILURE); + exchange_test_helper->process_message(exchange_test_helper, b, NULL); + assert_ike_sa_state(b, IKE_DELETING); + assert_ike_sa_count(0); + assert_hook(); + + /* delay the DELETE request */ + msg = exchange_test_helper->sender->dequeue(exchange_test_helper->sender); + + /* <-- CREATE_CHILD_SA { N(TEMP_FAIL) } */ + assert_hook_not_called(ike_updown); + assert_hook_not_called(child_updown); + /* we expect a job to retry the rekeying is scheduled */ + assert_jobs_scheduled(1); + exchange_test_helper->process_message(exchange_test_helper, a, NULL); + assert_ike_sa_state(a, IKE_ESTABLISHED); + assert_scheduler(); + assert_hook(); + assert_hook(); + + /* <-- INFORMATIONAL { D } (delayed) */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + assert_single_payload(IN, PLV2_DELETE); + assert_message_empty(OUT); + s = exchange_test_helper->process_message(exchange_test_helper, a, msg); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(a, destroy); + assert_hook(); + assert_hook(); + + /* INFORMATIONAL { } --> */ + assert_hook_updown(ike_updown, FALSE); + assert_hook_updown(child_updown, FALSE); + s = exchange_test_helper->process_message(exchange_test_helper, b, NULL); + ck_assert_int_eq(DESTROY_ME, s); + call_ikesa(b, destroy); + assert_hook(); + assert_hook(); + + /* ike_rekey */ + assert_hook(); +} +END_TEST + +Suite *ike_rekey_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("ike rekey"); + + tc = tcase_create("regular"); + tcase_add_loop_test(tc, test_regular, 0, 2); + tcase_add_loop_test(tc, test_regular_ke_invalid, 0, 2); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions rekey"); + tcase_add_loop_test(tc, test_collision, 0, 4); + tcase_add_loop_test(tc, test_collision_ke_invalid, 0, 4); + tcase_add_loop_test(tc, test_collision_ke_invalid_delayed_retry, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_response, 0, 4); + tcase_add_loop_test(tc, test_collision_dropped_request, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_request, 0, 3); + tcase_add_loop_test(tc, test_collision_delayed_request_and_delete, 0, 3); + suite_add_tcase(s, tc); + + tc = tcase_create("collisions delete"); + tcase_add_loop_test(tc, test_collision_delete, 0, 2); + tcase_add_loop_test(tc, test_collision_delete_drop_delete, 0, 2); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/suites/test_message_chapoly.c b/src/libcharon/tests/suites/test_message_chapoly.c index e871cf6c2..f4a74abb4 100644 --- a/src/libcharon/tests/suites/test_message_chapoly.c +++ b/src/libcharon/tests/suites/test_message_chapoly.c @@ -40,7 +40,7 @@ METHOD(aead_t, get_iv_gen, iv_gen_t*, } METHOD(iv_gen_t, get_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { if (size != 8) { @@ -51,7 +51,7 @@ METHOD(iv_gen_t, get_iv, bool, } METHOD(iv_gen_t, allocate_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { if (size != 8) { @@ -66,10 +66,10 @@ METHOD(iv_gen_t, allocate_iv, bool, */ START_TEST(test_chacha20poly1305) { - u_int64_t spii, spir; + uint64_t spii, spir; ike_sa_id_t *id; message_t *m; - u_int32_t window = htonl(10); + uint32_t window = htonl(10); chunk_t chunk, exp; keymat_t keymat = { .get_version = _get_version, diff --git a/src/libcharon/tests/suites/test_proposal.c b/src/libcharon/tests/suites/test_proposal.c new file mode 100644 index 000000000..a6226f68f --- /dev/null +++ b/src/libcharon/tests/suites/test_proposal.c @@ -0,0 +1,81 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "test_suite.h" + +#include <config/proposal.h> + +static struct { + char *self; + char *other; + char *expected; +} select_data[] = { + { "aes128", "aes128", "aes128" }, + { "aes128", "aes256", NULL }, + { "aes128-aes256", "aes256-aes128", "aes128" }, + { "aes256-aes128", "aes128-aes256", "aes256" }, + { "aes128-aes256-sha1-sha256", "aes256-aes128-sha256-sha1", "aes128-sha1" }, + { "aes256-aes128-sha256-sha1", "aes128-aes256-sha1-sha256", "aes256-sha256" }, + { "aes128-sha256-modp3072", "aes128-sha256", NULL }, + { "aes128-sha256", "aes128-sha256-modp3072", NULL }, + { "aes128-sha256-modp3072", "aes128-sha256-modpnone", NULL }, + { "aes128-sha256-modpnone", "aes128-sha256-modp3072", NULL }, + { "aes128-sha256-modp3072-modpnone", "aes128-sha256", "aes128-sha256" }, + { "aes128-sha256", "aes128-sha256-modp3072-modpnone", "aes128-sha256" }, + { "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072" }, + { "aes128-sha256-modpnone-modp3072", "aes128-sha256-modp3072-modpnone", "aes128-sha256-modpnone" }, +}; + +START_TEST(test_select) +{ + proposal_t *self, *other, *selected, *expected; + + self = proposal_create_from_string(PROTO_ESP, + select_data[_i].self); + other = proposal_create_from_string(PROTO_ESP, + select_data[_i].other); + selected = self->select(self, other, FALSE); + if (select_data[_i].expected) + { + expected = proposal_create_from_string(PROTO_ESP, + select_data[_i].expected); + ck_assert(selected); + ck_assert_msg(expected->equals(expected, selected), "proposal %P does " + "not match expected %P", selected, expected); + expected->destroy(expected); + } + else + { + ck_assert(!selected); + } + DESTROY_IF(selected); + other->destroy(other); + self->destroy(self); +} +END_TEST + +Suite *proposal_suite_create() +{ + Suite *s; + TCase *tc; + + s = suite_create("proposal"); + + tc = tcase_create("select"); + tcase_add_loop_test(tc, test_select, 0, countof(select_data)); + suite_add_tcase(s, tc); + + return s; +} diff --git a/src/libcharon/tests/utils/exchange_test_asserts.c b/src/libcharon/tests/utils/exchange_test_asserts.c new file mode 100644 index 000000000..2602b97b7 --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_asserts.c @@ -0,0 +1,182 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <inttypes.h> + +#include <test_suite.h> + +#include "exchange_test_asserts.h" + +/* + * Described in header + */ +bool exchange_test_asserts_hook(listener_t *listener) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + + this->count++; + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_ike_updown(listener_t *listener, ike_sa_t *ike_sa, + bool up) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + + this->count++; + assert_listener_msg(this->up == up, this, "IKE_SA not '%s'", + this->up ? "up" : "down"); + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_child_updown(listener_t *listener, ike_sa_t *ike_sa, + child_sa_t *child_sa, bool up) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + + this->count++; + assert_listener_msg(this->up == up, this, "CHILD_SA not '%s'", + this->up ? "up" : "down"); + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_ike_rekey(listener_t *listener, ike_sa_t *old, + ike_sa_t *new) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + ike_sa_id_t *id; + uint64_t spi; + + this->count++; + id = old->get_id(old); + spi = id->get_initiator_spi(id); + assert_listener_msg(this->spi_old == spi, this, "unexpected old IKE_SA " + "%.16"PRIx64"_i instead of %.16"PRIx64"_i", + be64toh(spi), be64toh(this->spi_old)); + id = new->get_id(new); + spi = id->get_initiator_spi(id); + assert_listener_msg(this->spi_new == spi, this, "unexpected new IKE_SA " + "%.16"PRIx64"_i instead of %.16"PRIx64"_i", + be64toh(spi), be64toh(this->spi_new)); + return TRUE; +} + +/* + * Described in header + */ +bool exchange_test_asserts_child_rekey(listener_t *listener, ike_sa_t *ike_sa, + child_sa_t *old, child_sa_t *new) +{ + listener_hook_assert_t *this = (listener_hook_assert_t*)listener; + uint32_t spi, expected; + + this->count++; + spi = old->get_spi(old, TRUE); + expected = this->spi_old; + assert_listener_msg(expected == spi, this, "unexpected old CHILD_SA %.8x " + "instead of %.8x", spi, expected); + spi = new->get_spi(new, TRUE); + expected = this->spi_new; + assert_listener_msg(expected == spi, this, "unexpected new CHILD_SA %.8x " + "instead of %.8x", spi, expected); + return TRUE; +} + +/** + * Assert a given message rule + */ +static void assert_message_rule(listener_message_assert_t *this, message_t *msg, + listener_message_rule_t *rule) +{ + if (rule->expected) + { + if (rule->payload) + { + assert_listener_msg(msg->get_payload(msg, rule->payload), + this, "expected payload (%N) not found", + payload_type_names, rule->payload); + + } + if (rule->notify) + { + assert_listener_msg(msg->get_notify(msg, rule->notify), + this, "expected notify payload (%N) not found", + notify_type_names, rule->notify); + } + } + else + { + if (rule->payload) + { + assert_listener_msg(!msg->get_payload(msg, rule->payload), + this, "unexpected payload (%N) found", + payload_type_names, rule->payload); + + } + if (rule->notify) + { + assert_listener_msg(!msg->get_notify(msg, rule->notify), + this, "unexpected notify payload (%N) found", + notify_type_names, rule->notify); + } + } +} + +/* + * Described in header + */ +bool exchange_test_asserts_message(listener_t *listener, ike_sa_t *ike_sa, + message_t *message, bool incoming, bool plain) +{ + listener_message_assert_t *this = (listener_message_assert_t*)listener; + + if (plain && this->incoming == incoming) + { + if (this->count >= 0) + { + enumerator_t *enumerator; + int count = 0; + enumerator = message->create_payload_enumerator(message); + while (enumerator->enumerate(enumerator, NULL)) + { + count++; + } + enumerator->destroy(enumerator); + assert_listener_msg(this->count == count, this, "unexpected payload " + "count in message (%d != %d)", this->count, + count); + } + if (this->num_rules) + { + int i; + + for (i = 0; i < this->num_rules; i++) + { + assert_message_rule(this, message, &this->rules[i]); + } + } + return FALSE; + } + return TRUE; +} diff --git a/src/libcharon/tests/utils/exchange_test_asserts.h b/src/libcharon/tests/utils/exchange_test_asserts.h new file mode 100644 index 000000000..32afcc2e4 --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_asserts.h @@ -0,0 +1,343 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special assertions using listener_t. + * + * @defgroup exchange_test_asserts exchange_test_asserts + * @{ @ingroup test_utils_c + */ + +#ifndef EXCHANGE_TEST_ASSERTS_H_ +#define EXCHANGE_TEST_ASSERTS_H_ + +#include <bus/listeners/listener.h> + +typedef struct listener_hook_assert_t listener_hook_assert_t; +typedef struct listener_message_assert_t listener_message_assert_t; +typedef struct listener_message_rule_t listener_message_rule_t; + +struct listener_hook_assert_t { + + /** + * Implemented interface + */ + listener_t listener; + + /** + * Original source file + */ + const char *file; + + /** + * Source line + */ + int line; + + /** + * Name of the hook + */ + const char *name; + + /** + * Expected number of calls (-1 to ignore) + */ + int expected; + + /** + * Number of times the hook was called + */ + int count; + + /** + * Expected updown result + */ + bool up; + + /** + * Initiator/Inbound SPIs to expect in rekey event + */ + uint64_t spi_old, spi_new; +}; + +/** + * Basic callback for methods on listener_t, counting the number of calls. + */ +bool exchange_test_asserts_hook(listener_t *this); + +/** + * Implementation of listener_t::ike_updown. + */ +bool exchange_test_asserts_ike_updown(listener_t *this, ike_sa_t *ike_sa, + bool up); + +/** + * Implementation of listener_t::child_updown. + */ +bool exchange_test_asserts_child_updown(listener_t *this, ike_sa_t *ike_sa, + child_sa_t *child_sa, bool up); + +/** + * Implementation of listener_t::ike_rekey. + */ +bool exchange_test_asserts_ike_rekey(listener_t *this, ike_sa_t *old, + ike_sa_t *new); + +/** + * Implementation of listener_t::child_rekey. + */ +bool exchange_test_asserts_child_rekey(listener_t *this, ike_sa_t *ike_sa, + child_sa_t *old, child_sa_t *new); + +/** + * Check if a statement evaluates to TRUE, use original source file and line + * in the error message if not. + * + * @param x statement to evaluate + * @param l listener providing original source file and line + * @param fmt printf format string + * @param ... arguments for fmt + */ +#define assert_listener_msg(x, l, fmt, ...) ({ \ + test_fail_if_worker_failed(); \ + if (!(x)) \ + { \ + test_fail_msg((l)->file, (l)->line, "%s: " fmt, #x, ##__VA_ARGS__); \ + } \ +}) + +/** + * Initialize an assertion that enforces that the given hook was called. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + */ +#define assert_hook_called(name) \ + _assert_hook_init(name, exchange_test_asserts_hook, .expected = 1) + +/** + * Initialize an assertion that enforces that the given hook was not called. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + */ +#define assert_hook_not_called(name) \ + _assert_hook_init(name, exchange_test_asserts_hook, .expected = 0) + +/** + * Initialize an assertion that enforces that the given updown hook was called + * with the expected result. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + * @param e whether to expect up in the hook to be TRUE or not + */ +#define assert_hook_updown(name, e) \ + _assert_hook_init(name, \ + streq(#name, "ike_updown") ? (void*)exchange_test_asserts_ike_updown \ + : (void*)exchange_test_asserts_child_updown, \ + .expected = 1, \ + .up = e, \ + ) + +/** + * Initialize an assertion that enforces that the given rekey hook was called + * with the SAs with the matching initiator/inbound SPIs. + * Must be matched by a call to assert_hook(). + * + * @param name name of the hook + * @param old SPI of the old SA + * @param new SPI of the new SA + */ +#define assert_hook_rekey(name, old, new) \ + _assert_hook_init(name, \ + streq(#name, "ike_rekey") ? (void*)exchange_test_asserts_ike_rekey \ + : (void*)exchange_test_asserts_child_rekey, \ + .expected = 1, \ + .spi_old = old, \ + .spi_new = new, \ + ) + +/** + * Initialize assertions against invocations of listener_t hooks. Each call + * must be matched by a call to assert_hook(). + */ +#define _assert_hook_init(n, callback, ...) \ +do { \ + listener_hook_assert_t _hook_listener = { \ + .listener = { .n = (void*)callback, }, \ + .file = __FILE__, \ + .line = __LINE__, \ + .name = #n, \ + ##__VA_ARGS__ \ + }; \ + exchange_test_helper->add_listener(exchange_test_helper, &_hook_listener.listener) + +/** + * Enforce the most recently initialized hook assertion. + */ +#define assert_hook() \ + charon->bus->remove_listener(charon->bus, &_hook_listener.listener); \ + if (_hook_listener.expected > 0) { \ + if (_hook_listener.count > 0) { \ + assert_listener_msg(_hook_listener.expected == _hook_listener.count, \ + &_hook_listener, "hook '%s' was called %d times " \ + "instead of %d", _hook_listener.name, \ + _hook_listener.count, _hook_listener.expected); \ + } else { \ + assert_listener_msg(_hook_listener.count, &_hook_listener, \ + "hook '%s' was not called (expected %d)", _hook_listener.name, \ + _hook_listener.expected); \ + } \ + } else if (_hook_listener.expected == 0) { \ + assert_listener_msg(_hook_listener.count == 0, &_hook_listener, \ + "hook '%s' was called unexpectedly", _hook_listener.name); \ + } \ +} while(FALSE) + +/** + * Rules regarding payloads/notifies to expect/not expect in a message + */ +struct listener_message_rule_t { + + /** + * Whether the payload/notify is expected in the message, FALSE to fail if + * it is found + */ + bool expected; + + /** + * Payload type to expect/not expect + */ + payload_type_t payload; + + /** + * Notify type to expect/not expect (paylod type does not have to be + * specified) + */ + notify_type_t notify; +}; + +/** + * Data used to check plaintext messages via listener_t + */ +struct listener_message_assert_t { + + /** + * Implemented interface + */ + listener_t listener; + + /** + * Original source file + */ + const char *file; + + /** + * Source line + */ + int line; + + /** + * Whether to check the next inbound or outbound message + */ + bool incoming; + + /** + * Payload count to expect (-1 to ignore the count) + */ + int count; + + /** + * Payloads to expect or not expect in a message + */ + listener_message_rule_t *rules; + + /** + * Number of rules + */ + int num_rules; +}; + +/** + * Implementation of listener_t::message collecting data and asserting + * certain things. + */ +bool exchange_test_asserts_message(listener_t *this, ike_sa_t *ike_sa, + message_t *message, bool incoming, bool plain); + +/** + * Assert that the next in- or outbound plaintext message is empty. + * + * @param dir IN or OUT to check the next in- or outbound message + */ +#define assert_message_empty(dir) \ + _assert_payload(dir, 0) + +/** + * Assert that the next in- or outbound plaintext message contains exactly + * one payload of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param expected expected payload type + */ +#define assert_single_payload(dir, expected) \ + _assert_payload(dir, 1, { TRUE, expected, 0 }) + +/** + * Assert that the next in- or outbound plaintext message contains exactly + * one notify of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param expected expected notify type + */ +#define assert_single_notify(dir, expected) \ + _assert_payload(dir, 1, { TRUE, 0, expected }) + +/** + * Assert that the next in- or outbound plaintext message contains a notify + * of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param expected expected notify type + */ +#define assert_notify(dir, expected) \ + _assert_payload(dir, -1, { TRUE, 0, expected }) + +/** + * Assert that the next in- or outbound plaintext message does not contain a + * notify of the given type. + * + * @param dir IN or OUT to check the next in- or outbound message + * @param unexpected not expected notify type + */ +#define assert_no_notify(dir, unexpected) \ + _assert_payload(dir, -1, { FALSE, 0, unexpected }) + +#define _assert_payload(dir, c, ...) ({ \ + listener_message_rule_t _rules[] = { __VA_ARGS__ }; \ + listener_message_assert_t _listener = { \ + .listener = { .message = exchange_test_asserts_message, }, \ + .file = __FILE__, \ + .line = __LINE__, \ + .incoming = streq(#dir, "IN") ? TRUE : FALSE, \ + .count = c, \ + .rules = _rules, \ + .num_rules = countof(_rules), \ + }; \ + exchange_test_helper->add_listener(exchange_test_helper, &_listener.listener); \ +}) + +#endif /** EXCHANGE_TEST_ASSERTS_H_ @}*/ diff --git a/src/libcharon/tests/utils/exchange_test_helper.c b/src/libcharon/tests/utils/exchange_test_helper.c new file mode 100644 index 000000000..f32906d5d --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_helper.c @@ -0,0 +1,372 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "exchange_test_helper.h" +#include "mock_dh.h" +#include "mock_ipsec.h" +#include "mock_nonce_gen.h" + +#include <collections/array.h> +#include <credentials/sets/mem_cred.h> + +typedef struct private_exchange_test_helper_t private_exchange_test_helper_t; +typedef struct private_backend_t private_backend_t; + +/** + * Private data + */ +struct private_exchange_test_helper_t { + + /** + * Public interface + */ + exchange_test_helper_t public; + + /** + * Credentials + */ + mem_cred_t *creds; + + /** + * IKE_SA SPI counter + */ + refcount_t ike_spi; + + /** + * List of registered listeners + */ + array_t *listeners; +}; + +/** + * Custom backend_t implementation + */ +struct private_backend_t { + + /** + * Public interface + */ + backend_t public; + + /** + * Responder ike_cfg + */ + ike_cfg_t *ike_cfg; + + /** + * Responder peer_cfg/child_cfg + */ + peer_cfg_t *peer_cfg; +}; + +CALLBACK(get_ike_spi, uint64_t, + private_exchange_test_helper_t *this) +{ + return (uint64_t)ref_get(&this->ike_spi); +} + +/* + * Described in header + */ +exchange_test_helper_t *exchange_test_helper; + +static ike_cfg_t *create_ike_cfg(bool initiator, exchange_test_sa_conf_t *conf) +{ + ike_cfg_t *ike_cfg; + char *proposal = NULL; + + ike_cfg = ike_cfg_create(IKEV2, TRUE, FALSE, "127.0.0.1", IKEV2_UDP_PORT, + "127.0.0.1", IKEV2_UDP_PORT, FRAGMENTATION_NO, 0); + if (conf) + { + proposal = initiator ? conf->initiator.ike : conf->responder.ike; + } + if (proposal) + { + ike_cfg->add_proposal(ike_cfg, + proposal_create_from_string(PROTO_IKE, proposal)); + } + else + { + ike_cfg->add_proposal(ike_cfg, proposal_create_default(PROTO_IKE)); + } + return ike_cfg; +} + +static child_cfg_t *create_child_cfg(bool initiator, + exchange_test_sa_conf_t *conf) +{ + child_cfg_t *child_cfg; + child_cfg_create_t child = { + .mode = MODE_TUNNEL, + }; + char *proposal = NULL; + + child_cfg = child_cfg_create(initiator ? "init" : "resp", &child); + if (conf) + { + proposal = initiator ? conf->initiator.esp : conf->responder.esp; + } + if (proposal) + { + child_cfg->add_proposal(child_cfg, + proposal_create_from_string(PROTO_ESP, proposal)); + } + else + { + child_cfg->add_proposal(child_cfg, proposal_create_default(PROTO_ESP)); + } + child_cfg->add_traffic_selector(child_cfg, TRUE, + traffic_selector_create_dynamic(0, 0, 65535)); + child_cfg->add_traffic_selector(child_cfg, FALSE, + traffic_selector_create_dynamic(0, 0, 65535)); + return child_cfg; +} + +static void add_auth_cfg(peer_cfg_t *peer_cfg, bool initiator, bool local) +{ + auth_cfg_t *auth; + char *id = "init"; + + auth = auth_cfg_create(); + auth->add(auth, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_PSK); + if (initiator ^ local) + { + id = "resp"; + } + auth->add(auth, AUTH_RULE_IDENTITY, identification_create_from_string(id)); + peer_cfg->add_auth_cfg(peer_cfg, auth, local); +} + +static peer_cfg_t *create_peer_cfg(bool initiator, + exchange_test_sa_conf_t *conf) +{ + peer_cfg_t *peer_cfg; + peer_cfg_create_t peer = { + .cert_policy = CERT_SEND_IF_ASKED, + .unique = UNIQUE_REPLACE, + .keyingtries = 1, + }; + + peer_cfg = peer_cfg_create(initiator ? "init" : "resp", + create_ike_cfg(initiator, conf), &peer); + add_auth_cfg(peer_cfg, initiator, TRUE); + add_auth_cfg(peer_cfg, initiator, FALSE); + return peer_cfg; +} + +METHOD(backend_t, create_ike_cfg_enumerator, enumerator_t*, + private_backend_t *this, host_t *me, host_t *other) +{ + return enumerator_create_single(this->ike_cfg, NULL); +} + +METHOD(backend_t, create_peer_cfg_enumerator, enumerator_t*, + private_backend_t *this, identification_t *me, identification_t *other) +{ + return enumerator_create_single(this->peer_cfg, NULL); +} + +METHOD(exchange_test_helper_t, process_message, status_t, + private_exchange_test_helper_t *this, ike_sa_t *ike_sa, message_t *message) +{ + status_t status = FAILED; + ike_sa_id_t *id; + + if (!message) + { + message = this->public.sender->dequeue(this->public.sender); + } + id = message->get_ike_sa_id(message); + id = id->clone(id); + id->switch_initiator(id); + if (!id->get_responder_spi(id) || id->equals(id, ike_sa->get_id(ike_sa))) + { + charon->bus->set_sa(charon->bus, ike_sa); + status = ike_sa->process_message(ike_sa, message); + charon->bus->set_sa(charon->bus, NULL); + } + message->destroy(message); + id->destroy(id); + return status; +} + +METHOD(exchange_test_helper_t, establish_sa, void, + private_exchange_test_helper_t *this, ike_sa_t **init, ike_sa_t **resp, + exchange_test_sa_conf_t *conf) +{ + private_backend_t backend = { + .public = { + .create_ike_cfg_enumerator = _create_ike_cfg_enumerator, + .create_peer_cfg_enumerator = _create_peer_cfg_enumerator, + .get_peer_cfg_by_name = (void*)return_null, + }, + }; + ike_sa_id_t *id_i, *id_r; + ike_sa_t *sa_i, *sa_r; + peer_cfg_t *peer_cfg; + child_cfg_t *child_cfg; + + sa_i = *init = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, + IKEV2, TRUE); + id_i = sa_i->get_id(sa_i); + + sa_r = *resp = charon->ike_sa_manager->checkout_new(charon->ike_sa_manager, + IKEV2, FALSE); + id_r = sa_r->get_id(sa_r); + + peer_cfg = create_peer_cfg(TRUE, conf); + child_cfg = create_child_cfg(TRUE, conf); + peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); + sa_i->set_peer_cfg(sa_i, peer_cfg); + peer_cfg->destroy(peer_cfg); + call_ikesa(sa_i, initiate, child_cfg, 0, NULL, NULL); + + backend.ike_cfg = create_ike_cfg(FALSE, conf); + peer_cfg = backend.peer_cfg = create_peer_cfg(FALSE, conf); + child_cfg = create_child_cfg(FALSE, conf); + peer_cfg->add_child_cfg(peer_cfg, child_cfg->get_ref(child_cfg)); + child_cfg->destroy(child_cfg); + charon->backends->add_backend(charon->backends, &backend.public); + + /* IKE_SA_INIT --> */ + id_r->set_initiator_spi(id_r, id_i->get_initiator_spi(id_i)); + process_message(this, sa_r, NULL); + /* <-- IKE_SA_INIT */ + id_i->set_responder_spi(id_i, id_r->get_responder_spi(id_r)); + process_message(this, sa_i, NULL); + /* IKE_AUTH --> */ + process_message(this, sa_r, NULL); + /* <-- IKE_AUTH */ + process_message(this, sa_i, NULL); + + charon->backends->remove_backend(charon->backends, &backend.public); + DESTROY_IF(backend.peer_cfg); + DESTROY_IF(backend.ike_cfg); +} + +METHOD(exchange_test_helper_t, add_listener, void, + private_exchange_test_helper_t *this, listener_t *listener) +{ + array_insert_create(&this->listeners, ARRAY_TAIL, listener); + charon->bus->add_listener(charon->bus, listener); +} + +/** + * Enable logging in charon as requested + */ +static void initialize_logging() +{ + int level = LEVEL_SILENT; + char *verbosity; + + verbosity = getenv("TESTS_VERBOSITY"); + if (verbosity) + { + level = atoi(verbosity); + } + lib->settings->set_int(lib->settings, "%s.filelog.stderr.default", + lib->settings->get_int(lib->settings, "%s.filelog.stderr.default", + level, lib->ns), lib->ns); + lib->settings->set_bool(lib->settings, "%s.filelog.stderr.ike_name", TRUE, + lib->ns); + charon->load_loggers(charon, NULL, TRUE); +} + +/** + * Create a nonce generator with the first byte + */ +static nonce_gen_t *create_nonce_gen() +{ + return mock_nonce_gen_create(exchange_test_helper->nonce_first_byte); +} + +/* + * Described in header + */ +void exchange_test_helper_init(char *plugins) +{ + private_exchange_test_helper_t *this; + plugin_feature_t features[] = { + PLUGIN_REGISTER(DH, mock_dh_create), + /* we only need to support a limited number of DH groups */ + PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(DH, ECP_256_BIT), + PLUGIN_REGISTER(NONCE_GEN, create_nonce_gen), + PLUGIN_PROVIDE(NONCE_GEN), + PLUGIN_DEPENDS(RNG, RNG_WEAK), + }; + + INIT(this, + .public = { + .sender = mock_sender_create(), + .establish_sa = _establish_sa, + .process_message = _process_message, + .add_listener = _add_listener, + }, + .creds = mem_cred_create(), + ); + + initialize_logging(); + lib->plugins->add_static_features(lib->plugins, "exchange-test-helper", + features, countof(features), TRUE, NULL, NULL); + /* the libcharon unit tests only load the libstrongswan plugins, unless + * TESTS_PLUGINS is defined */ + charon->initialize(charon, plugins); + lib->plugins->status(lib->plugins, LEVEL_CTRL); + + /* the original sender is not initialized because there is no socket */ + charon->sender = (sender_t*)this->public.sender; + /* and there is no kernel plugin loaded + * TODO: we'd have more control if we'd implement kernel_interface_t */ + charon->kernel->add_ipsec_interface(charon->kernel, mock_ipsec_create); + /* like SPIs for IPsec SAs, make IKE SPIs predictable */ + charon->ike_sa_manager->set_spi_cb(charon->ike_sa_manager, get_ike_spi, + this); + + lib->credmgr->add_set(lib->credmgr, &this->creds->set); + + this->creds->add_shared(this->creds, + shared_key_create(SHARED_IKE, chunk_clone(chunk_from_str("test"))), + identification_create_from_string("%any"), NULL); + + exchange_test_helper = &this->public; +} + +/* + * Described in header + */ +void exchange_test_helper_deinit() +{ + private_exchange_test_helper_t *this; + listener_t *listener; + + this = (private_exchange_test_helper_t*)exchange_test_helper; + + while (array_remove(this->listeners, ARRAY_HEAD, &listener)) + { + charon->bus->remove_listener(charon->bus, listener); + } + lib->credmgr->remove_set(lib->credmgr, &this->creds->set); + this->creds->destroy(this->creds); + /* flush SAs before destroying the sender (in case of test failures) */ + charon->ike_sa_manager->flush(charon->ike_sa_manager); + /* charon won't destroy this as it didn't initialize the original sender */ + charon->sender->destroy(charon->sender); + charon->sender = NULL; + array_destroy(this->listeners); + free(this); +} diff --git a/src/libcharon/tests/utils/exchange_test_helper.h b/src/libcharon/tests/utils/exchange_test_helper.h new file mode 100644 index 000000000..e1fdb012a --- /dev/null +++ b/src/libcharon/tests/utils/exchange_test_helper.h @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * This class and singleton object initializes charon and provides helper + * methods to create unit tests for IKEv2 exchanges. + * + * It also registers special implementations for the kernel_ipsec_t interface, + * the sender and provides dummy configs and credentials. + * + * @defgroup exchange_test_helper exchange_test_helper + * @{ @ingroup test_utils_c + */ + +#ifndef EXCHANGE_TEST_HELPER_H_ +#define EXCHANGE_TEST_HELPER_H_ + +#include <daemon.h> + +#include "mock_sender.h" + +typedef struct exchange_test_helper_t exchange_test_helper_t; +typedef struct exchange_test_sa_conf_t exchange_test_sa_conf_t; + +struct exchange_test_helper_t { + + /** + * Sender instance used during tests + */ + mock_sender_t *sender; + + /** + * Set the initial byte of all nonces generated by future nonce + * generators (already instatiated nonce generators are not affected). + */ + u_char nonce_first_byte; + + /** + * Creates an established IKE_SA/CHILD_SA + * + * @param[out] init IKE_SA of the initiator + * @param[out] resp IKE_SA of the responder + * @param conf configuration for SAs + */ + void (*establish_sa)(exchange_test_helper_t *this, ike_sa_t **init, + ike_sa_t **resp, exchange_test_sa_conf_t *conf); + + /** + * Pass a message to the given IKE_SA for processing, setting the IKE_SA on + * the bus while processing the message. + * + * @param ike_sa the IKE_SA receiving the message + * @param message the message, or NULL to pass the next message in the + * send queue (adopted) + * @return return value from ike_sa_t::process_message() + */ + status_t (*process_message)(exchange_test_helper_t *this, ike_sa_t *sa, + message_t *message); + + /** + * Register a listener with the bus. + * + * Don't use bus_t::add_listener() directly for listeners on the stack + * as that could lead to invalid listeners registered when hooks are + * triggered during cleanup if a test case fails. All of the listeners + * added this way are unregistered with the bus before cleaning up. + * + * @param listener listener to add to the bus + */ + void (*add_listener)(exchange_test_helper_t *this, listener_t *listener); +}; + +struct exchange_test_sa_conf_t { + + /** + * Configuration for initiator and responder + */ + struct { + /** IKE proposal */ + char *ike; + /** ESP proposal */ + char *esp; + } initiator, responder; +}; + +/** + * Since we don't use the IKE_SA manager to checkout SAs use this to call a + * method on the given IKE_SA in its context. + */ +#define call_ikesa(sa, method, ...) ({ \ + charon->bus->set_sa(charon->bus, sa); \ + sa->method(sa, ##__VA_ARGS__); \ + charon->bus->set_sa(charon->bus, NULL); \ +}) + +/** + * The one and only instance of the helper object. + * + * Set between exchange_test_helper_setup() and exchange_test_helper_teardown() + * calls. + */ +extern exchange_test_helper_t *exchange_test_helper; + +/** + * Initialize charon and the helper object. + * + * @param plugins plugins to load + */ +void exchange_test_helper_init(char *plugins); + +/** + * Deinitialize the helper object. + */ +void exchange_test_helper_deinit(); + +#endif /** EXCHANGE_TEST_HELPER_H_ @} */ diff --git a/src/libcharon/tests/utils/job_asserts.h b/src/libcharon/tests/utils/job_asserts.h new file mode 100644 index 000000000..3491f08c3 --- /dev/null +++ b/src/libcharon/tests/utils/job_asserts.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special assertions against job handling. + * + * @defgroup job_asserts job_asserts + * @{ @ingroup test_utils_c + */ + +#ifndef JOB_ASSERTS_H_ +#define JOB_ASSERTS_H_ + +/** + * Initialize an assertion that enforces that no jobs were scheduled. + * Must be matched by a call to assert_scheduler(). + */ +#define assert_no_jobs_scheduled() _assert_jobs_scheduled(0) + +/** + * Initialize an assertion that enforces that a specific number of jobs was + * scheduled. + * Must be matched by a call to assert_scheduler(). + * + * @param count expected number of jobs getting scheduled + */ +#define assert_jobs_scheduled(count) _assert_jobs_scheduled(count) + +/** + * Initialize assertions against job scheduling. + * Must be matched by a call to assert_scheduler(). + */ +#define _assert_jobs_scheduled(count) \ +do { \ + u_int _initial = lib->scheduler->get_job_load(lib->scheduler); \ + u_int _expected = count + +/** + * Enforce scheduler asserts. + */ +#define assert_scheduler() \ + u_int _actual = lib->scheduler->get_job_load(lib->scheduler) - _initial; \ + test_assert_msg(_expected == _actual, "unexpected number of jobs " \ + "scheduled (%u != %u)", _expected, _actual); \ +} while(FALSE) + +#endif /** JOB_ASSERTS_H_ @}*/ diff --git a/src/libcharon/tests/utils/mock_dh.c b/src/libcharon/tests/utils/mock_dh.c new file mode 100644 index 000000000..153bf1166 --- /dev/null +++ b/src/libcharon/tests/utils/mock_dh.c @@ -0,0 +1,87 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_dh.h" + +typedef struct private_diffie_hellman_t private_diffie_hellman_t; + +/** + * Private data + */ +struct private_diffie_hellman_t { + + /** + * Public interface + */ + diffie_hellman_t public; + + /** + * Instantiated DH group + */ + diffie_hellman_group_t group; +}; + +METHOD(diffie_hellman_t, get_my_public_value, bool, + private_diffie_hellman_t *this, chunk_t *value) +{ + *value = chunk_empty; + return TRUE; +} + +METHOD(diffie_hellman_t, set_other_public_value, bool, + private_diffie_hellman_t *this, chunk_t value) +{ + return TRUE; +} + +METHOD(diffie_hellman_t, get_shared_secret, bool, + private_diffie_hellman_t *this, chunk_t *secret) +{ + *secret = chunk_empty; + return TRUE; +} + +METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, + private_diffie_hellman_t *this) +{ + return this->group; +} + +METHOD(diffie_hellman_t, destroy, void, + private_diffie_hellman_t *this) +{ + free(this); +} + +/** + * See header + */ +diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group) +{ + private_diffie_hellman_t *this; + + INIT(this, + .public = { + .get_shared_secret = _get_shared_secret, + .set_other_public_value = _set_other_public_value, + .get_my_public_value = _get_my_public_value, + .get_dh_group = _get_dh_group, + .destroy = _destroy, + }, + .group = group, + ); + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_dh.h b/src/libcharon/tests/utils/mock_dh.h new file mode 100644 index 000000000..332c65537 --- /dev/null +++ b/src/libcharon/tests/utils/mock_dh.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Provides a DH implementation that does no real work to make the tests run + * faster. + * + * @defgroup mock_dh mock_dh + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_DH_H_ +#define MOCK_DH_H_ + +#include <crypto/diffie_hellman.h> + +/** + * Creates a diffie_hellman_t object. + * + * @param group Diffie Hellman group, supports MODP_NULL only + * @return created object + */ +diffie_hellman_t *mock_dh_create(diffie_hellman_group_t group); + +#endif /** MOCK_DH_H_ @}*/ diff --git a/src/libcharon/tests/utils/mock_ipsec.c b/src/libcharon/tests/utils/mock_ipsec.c new file mode 100644 index 000000000..d57a26a87 --- /dev/null +++ b/src/libcharon/tests/utils/mock_ipsec.c @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * Copyright (C) 2008 Martin Willi + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_ipsec.h" + +typedef struct private_kernel_ipsec_t private_kernel_ipsec_t; + +/** + * Private data + */ +struct private_kernel_ipsec_t { + + /** + * Public interface + */ + kernel_ipsec_t public; + + /** + * Allocated SPI + */ + refcount_t spi; +}; + +METHOD(kernel_ipsec_t, get_spi, status_t, + private_kernel_ipsec_t *this, host_t *src, host_t *dst, uint8_t protocol, + uint32_t *spi) +{ + *spi = (uint32_t)ref_get(&this->spi); + return SUCCESS; +} + +METHOD(kernel_ipsec_t, get_cpi, status_t, + private_kernel_ipsec_t *this, host_t *src, host_t *dst, uint16_t *cpi) +{ + return FAILED; +} + +METHOD(kernel_ipsec_t, add_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_add_sa_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, update_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_update_sa_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, query_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_query_sa_t *data, uint64_t *bytes, uint64_t *packets, + time_t *time) +{ + return NOT_SUPPORTED; +} + +METHOD(kernel_ipsec_t, del_sa, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_sa_id_t *id, + kernel_ipsec_del_sa_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, add_policy, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) +{ + return SUCCESS; +} + +METHOD(kernel_ipsec_t, query_policy, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_query_policy_t *data, time_t *use_time) +{ + *use_time = 1; + return SUCCESS; +} + +METHOD(kernel_ipsec_t, del_policy, status_t, + private_kernel_ipsec_t *this, kernel_ipsec_policy_id_t *id, + kernel_ipsec_manage_policy_t *data) +{ + return SUCCESS; +} + +/* + * Described in header + */ +kernel_ipsec_t *mock_ipsec_create() +{ + private_kernel_ipsec_t *this; + + INIT(this, + .public = { + .get_spi = _get_spi, + .get_cpi = _get_cpi, + .add_sa = _add_sa, + .update_sa = _update_sa, + .query_sa = _query_sa, + .del_sa = _del_sa, + .flush_sas = (void*)return_failed, + .add_policy = _add_policy, + .query_policy = _query_policy, + .del_policy = _del_policy, + .flush_policies = (void*)return_failed, + .bypass_socket = (void*)return_true, + .enable_udp_decap = (void*)return_true, + .destroy = (void*)free, + }, + ); + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_ipsec.h b/src/libcharon/tests/utils/mock_ipsec.h new file mode 100644 index 000000000..cbf21524a --- /dev/null +++ b/src/libcharon/tests/utils/mock_ipsec.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * kernel_ipsec_t implementation used for exchange unit tests. Currently + * returns sequential SPIs, all other methods are noops. + * + * @defgroup mock_ipsec mock_ipsec + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_IPSEC_H_ +#define MOCK_IPSEC_H_ + +#include <kernel/kernel_ipsec.h> + +/** + * Create an instance of kernel_ipsec_t + * + * @return created object + */ +kernel_ipsec_t *mock_ipsec_create(); + +#endif /** MOCK_IPSEC_H_ @}*/ diff --git a/src/libcharon/tests/utils/mock_nonce_gen.c b/src/libcharon/tests/utils/mock_nonce_gen.c new file mode 100644 index 000000000..30910f991 --- /dev/null +++ b/src/libcharon/tests/utils/mock_nonce_gen.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_nonce_gen.h" + +typedef struct private_nonce_gen_t private_nonce_gen_t; + +struct private_nonce_gen_t { + + /** + * Public interface + */ + nonce_gen_t public; + + /** + * Random number generator + */ + rng_t* rng; + + /** + * First byte to set to the nonces + */ + u_char first; +}; + +METHOD(nonce_gen_t, get_nonce, bool, + private_nonce_gen_t *this, size_t size, uint8_t *buffer) +{ + if (size > 0) + { + buffer[0] = this->first; + buffer++; + size--; + } + return this->rng->get_bytes(this->rng, size, buffer); +} + +METHOD(nonce_gen_t, allocate_nonce, bool, + private_nonce_gen_t *this, size_t size, chunk_t *chunk) +{ + *chunk = chunk_alloc(size); + if (!get_nonce(this, chunk->len, chunk->ptr)) + { + chunk_free(chunk); + return FALSE; + } + return TRUE; +} + +METHOD(nonce_gen_t, destroy, void, + private_nonce_gen_t *this) +{ + DESTROY_IF(this->rng); + free(this); +} + +/* + * Described in header + */ +nonce_gen_t *mock_nonce_gen_create(u_char first) +{ + private_nonce_gen_t *this; + + INIT(this, + .public = { + .get_nonce = _get_nonce, + .allocate_nonce = _allocate_nonce, + .destroy = _destroy, + }, + .rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK), + .first = first, + ); + if (!this->rng) + { + destroy(this); + return NULL; + } + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_nonce_gen.h b/src/libcharon/tests/utils/mock_nonce_gen.h new file mode 100644 index 000000000..feeab8bc0 --- /dev/null +++ b/src/libcharon/tests/utils/mock_nonce_gen.h @@ -0,0 +1,37 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special nonce generator that sets the first byte of the generated nonces to + * a fixed specified value. + * + * @defgroup mock_nonce_gen mock_nonce_gen + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_NONCE_GEN_H_ +#define MOCK_NONCE_GEN_H_ + +#include <crypto/nonce_gen.h> + +/** + * Creates a nonce_gen_t instance. + * + * @param first first byte to set in generated nonces + * @return created object + */ +nonce_gen_t *mock_nonce_gen_create(u_char first); + +#endif /** MOCK_NONCE_GEN_H_ @} */ diff --git a/src/libcharon/tests/utils/mock_sender.c b/src/libcharon/tests/utils/mock_sender.c new file mode 100644 index 000000000..c090ff439 --- /dev/null +++ b/src/libcharon/tests/utils/mock_sender.c @@ -0,0 +1,85 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "mock_sender.h" + +#include <collections/linked_list.h> + +typedef struct private_mock_sender_t private_mock_sender_t; + +/** + * Private data + */ +struct private_mock_sender_t { + + /** + * Public interface + */ + mock_sender_t public; + + /** + * Packet queue, as message_t* + */ + linked_list_t *queue; +}; + + +METHOD(sender_t, send_, void, + private_mock_sender_t *this, packet_t *packet) +{ + message_t *message; + + message = message_create_from_packet(packet); + message->parse_header(message); + this->queue->insert_last(this->queue, message); +} + +METHOD(mock_sender_t, dequeue, message_t*, + private_mock_sender_t *this) +{ + message_t *message = NULL; + + this->queue->remove_first(this->queue, (void**)&message); + return message; +} + +METHOD(sender_t, destroy, void, + private_mock_sender_t *this) +{ + this->queue->destroy_offset(this->queue, offsetof(message_t, destroy)); + free(this); +} + +/* + * Described in header + */ +mock_sender_t *mock_sender_create() +{ + private_mock_sender_t *this; + + INIT(this, + .public = { + .interface = { + .send = _send_, + .send_no_marker = (void*)nop, + .flush = (void*)nop, + .destroy = _destroy, + }, + .dequeue = _dequeue, + }, + .queue = linked_list_create(), + ); + return &this->public; +} diff --git a/src/libcharon/tests/utils/mock_sender.h b/src/libcharon/tests/utils/mock_sender.h new file mode 100644 index 000000000..5eabddadc --- /dev/null +++ b/src/libcharon/tests/utils/mock_sender.h @@ -0,0 +1,56 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * sender_t implementation that does not pass the sent packet to a socket but + * instead provides it for immediate delivery to an ike_sa_t object. + * + * @defgroup mock_sender mock_sender + * @{ @ingroup test_utils_c + */ + +#ifndef MOCK_SENDER_H_ +#define MOCK_SENDER_H_ + +#include <encoding/message.h> +#include <network/sender.h> + +typedef struct mock_sender_t mock_sender_t; + +struct mock_sender_t { + + /** + * Implemented interface + */ + sender_t interface; + + /** + * Remove the next packet in the send queue as message_t object. The IKE + * header is already parsed (which is assumed does not fail) so it can + * directly be passed to ike_sa_t::process_message(). + * + * @return message or NULL if none is queued + */ + message_t *(*dequeue)(mock_sender_t *this); +}; + +/** + * Creates a mock_sender_t instance. + * + * @return created object + */ +mock_sender_t *mock_sender_create(); + +#endif /** MOCK_SENDER_H_ @} */ diff --git a/src/libcharon/tests/utils/sa_asserts.h b/src/libcharon/tests/utils/sa_asserts.h new file mode 100644 index 000000000..7afa3b55b --- /dev/null +++ b/src/libcharon/tests/utils/sa_asserts.h @@ -0,0 +1,145 @@ +/* + * Copyright (C) 2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * Special assertions against IKE_SAs and CHILD_SAs (e.g. regarding their + * state). + * + * @defgroup sa_asserts sa_asserts + * @{ @ingroup test_utils_c + */ + +#ifndef SA_ASSERTS_H_ +#define SA_ASSERTS_H_ + +#include <inttypes.h> + +/** + * Check that there exists a specific number of IKE_SAs in the manager. + */ +#define assert_ike_sa_count(count) \ +({ \ + typeof(count) _count = count; \ + u_int _actual = charon->ike_sa_manager->get_count(charon->ike_sa_manager); \ + test_assert_msg(_count == _actual, "unexpected number of IKE_SAs in " \ + "manager (%d != %d)", _count, _actual); \ +}) + +/** + * Check that the IKE_SA with the given SPIs and initiator flag is in the + * manager and return it. Does not actually keep the SA checked out as + * that would block cleaning up if asserts against it fail (since we control + * access to SAs it's also not really necessary). + */ +#define assert_ike_sa_checkout(spi_i, spi_r, initiator) \ +({ \ + typeof(spi_i) _spi_i = spi_i; \ + typeof(spi_r) _spi_r = spi_r; \ + typeof(initiator) _init = initiator; \ + ike_sa_id_t *_id = ike_sa_id_create(IKEV2, _spi_i, _spi_r, _init); \ + ike_sa_t *_ike_sa = charon->ike_sa_manager->checkout(charon->ike_sa_manager, _id); \ + test_assert_msg(_ike_sa, "IKE_SA with SPIs %.16"PRIx64"_i %.16"PRIx64"_r " \ + "(%d) does not exist", be64toh(_spi_i), be64toh(_spi_r), _init); \ + _id->destroy(_id); \ + charon->ike_sa_manager->checkin(charon->ike_sa_manager, _ike_sa); \ + _ike_sa; \ +}) + +/** + * Check if the given IKE_SA is in the expected state. + */ +#define assert_ike_sa_state(ike_sa, state) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(state) _state = state; \ + test_assert_msg(_state == _sa->get_state(_sa), "%N != %N", \ + ike_sa_state_names, _state, \ + ike_sa_state_names, _sa->get_state(_sa)); \ +}) + +/** + * Check that there exists a specific number of CHILD_SAs. + */ +#define assert_child_sa_count(ike_sa, count) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(count) _count = count; \ + test_assert_msg(_count == _sa->get_child_count(_sa), "unexpected number " \ + "of CHILD_SAs in IKE_SA %s (%d != %d)", #ike_sa, _count, \ + _sa->get_child_count(_sa)); \ +}) + +/** + * Check if the CHILD_SA with the given SPI is in the expected state. + */ +#define assert_child_sa_state(ike_sa, spi, state) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(spi) _spi = spi; \ + typeof(state) _state = state; \ + child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \ + _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \ + test_assert_msg(_child, "CHILD_SA with SPI %.8x does not exist", \ + ntohl(_spi)); \ + test_assert_msg(_state == _child->get_state(_child), "%N != %N", \ + child_sa_state_names, _state, \ + child_sa_state_names, _child->get_state(_child)); \ +}) + +/** + * Assert that the CHILD_SA with the given inbound SPI does not exist. + */ +#define assert_child_sa_not_exists(ike_sa, spi) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(spi) _spi = spi; \ + child_sa_t *_child = _sa->get_child_sa(_sa, PROTO_ESP, _spi, TRUE) ?: \ + _sa->get_child_sa(_sa, PROTO_ESP, _spi, FALSE); \ + test_assert_msg(!_child, "CHILD_SA with SPI %.8x exists", ntohl(_spi)); \ +}) + +/** + * Assert that there is a specific number of tasks in a given queue + * + * @param ike_sa IKE_SA to check + * @param count number of expected tasks + * @param queue queue to check (task_queue_t) + */ +#define assert_num_tasks(ike_sa, count, queue) \ +({ \ + typeof(ike_sa) _sa = ike_sa; \ + typeof(count) _count = count; \ + int _c = 0; task_t *_task; \ + enumerator_t *_enumerator = _sa->create_task_enumerator(_sa, queue); \ + while (_enumerator->enumerate(_enumerator, &_task)) { _c++; } \ + _enumerator->destroy(_enumerator); \ + test_assert_msg(_count == _c, "unexpected number of tasks in " #queue " " \ + "of IKE_SA %s (%d != %d)", #ike_sa, _count, _c); \ +}) + +/** + * Assert that all task queues of the given IKE_SA are empty + * + * @param ike_sa IKE_SA to check + */ +#define assert_sa_idle(ike_sa) \ +({ \ + typeof(ike_sa) _ike_sa = ike_sa; \ + assert_num_tasks(_ike_sa, 0, TASK_QUEUE_QUEUED); \ + assert_num_tasks(_ike_sa, 0, TASK_QUEUE_ACTIVE); \ + assert_num_tasks(_ike_sa, 0, TASK_QUEUE_PASSIVE); \ +}) + +#endif /** SA_ASSERTS_H_ @}*/ diff --git a/src/libfast/Makefile.am b/src/libfast/Makefile.am index 48079c66a..1a2da9791 100644 --- a/src/libfast/Makefile.am +++ b/src/libfast/Makefile.am @@ -22,4 +22,4 @@ endif libfast_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) + -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) $(ATOMICLIB) diff --git a/src/libfast/Makefile.in b/src/libfast/Makefile.in index 0c692542d..4c489db65 100644 --- a/src/libfast/Makefile.in +++ b/src/libfast/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libfast -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(am__nobase_fast_include_HEADERS_DIST) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am \ + $(am__nobase_fast_include_HEADERS_DIST) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -132,7 +142,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES) am__DEPENDENCIES_1 = libfast_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) am_libfast_la_OBJECTS = fast_dispatcher.lo fast_request.lo \ fast_session.lo fast_smtp.lo libfast_la_OBJECTS = $(am_libfast_la_OBJECTS) @@ -204,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -453,7 +469,7 @@ libfast_la_SOURCES = \ libfast_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) + -lfcgi $(clearsilver_LIBS) $(PTHREADLIB) $(ATOMICLIB) all: all-am @@ -471,7 +487,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libfast/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libfast/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -804,6 +819,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ uninstall-ipseclibLTLIBRARIES \ uninstall-nobase_fast_includeHEADERS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/Android.mk b/src/libimcv/Android.mk index 80e2aaadb..89ce5801a 100644 --- a/src/libimcv/Android.mk +++ b/src/libimcv/Android.mk @@ -48,7 +48,6 @@ libimcv_la_SOURCES := \ pts/pts_pcr.h pts/pts_pcr.c \ pts/pts_proto_caps.h \ pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ pts/pts_creds.h pts/pts_creds.c \ pts/pts_database.h pts/pts_database.c \ pts/pts_dh_group.h pts/pts_dh_group.c \ @@ -107,6 +106,7 @@ LOCAL_SRC_FILES := $(filter %.c,$(libimcv_la_SOURCES)) LOCAL_C_INCLUDES += \ $(strongswan_PATH)/src/libtncif \ + $(strongswan_PATH)/src/libtpmtss \ $(strongswan_PATH)/src/libstrongswan LOCAL_CFLAGS := $(strongswan_CFLAGS) @@ -119,6 +119,6 @@ LOCAL_ARM_MODE := arm LOCAL_PRELINK_MODULE := false -LOCAL_SHARED_LIBRARIES += libstrongswan libtncif +LOCAL_SHARED_LIBRARIES += libstrongswan libtncif libtpmtss include $(BUILD_SHARED_LIBRARY) diff --git a/src/libimcv/Makefile.am b/src/libimcv/Makefile.am index 7683da3af..8cde4b7fc 100644 --- a/src/libimcv/Makefile.am +++ b/src/libimcv/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_SCRIPT=\"${ipsec_script}\" ipseclib_LTLIBRARIES = libimcv.la @@ -10,11 +11,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la - -if USE_TROUSERS - libimcv_la_LIBADD += -ltspi -endif + $(top_builddir)/src/libtncif/libtncif.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la if USE_WINDOWS libimcv_la_LIBADD += -lws2_32 @@ -66,7 +64,6 @@ libimcv_la_SOURCES = \ pts/pts_pcr.h pts/pts_pcr.c \ pts/pts_proto_caps.h \ pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ pts/pts_creds.h pts/pts_creds.c \ pts/pts_database.h pts/pts_database.c \ pts/pts_dh_group.h pts/pts_dh_group.c \ @@ -207,5 +204,6 @@ imcv_tests_CFLAGS = \ imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@ imcv_tests_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la diff --git a/src/libimcv/Makefile.in b/src/libimcv/Makefile.in index 200f9590e..7983b7758 100644 --- a/src/libimcv/Makefile.in +++ b/src/libimcv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -18,7 +18,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,26 +91,23 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@USE_TROUSERS_TRUE@am__append_1 = -ltspi -@USE_WINDOWS_TRUE@am__append_2 = -lws2_32 +@USE_WINDOWS_TRUE@am__append_1 = -lws2_32 ipsec_PROGRAMS = imv_policy_manager$(EXEEXT) -@USE_IMC_TEST_TRUE@am__append_3 = plugins/imc_test -@USE_IMV_TEST_TRUE@am__append_4 = plugins/imv_test -@USE_IMC_SCANNER_TRUE@am__append_5 = plugins/imc_scanner -@USE_IMV_SCANNER_TRUE@am__append_6 = plugins/imv_scanner -@USE_IMC_OS_TRUE@am__append_7 = plugins/imc_os -@USE_IMV_OS_TRUE@am__append_8 = plugins/imv_os -@USE_IMC_ATTESTATION_TRUE@am__append_9 = plugins/imc_attestation -@USE_IMV_ATTESTATION_TRUE@am__append_10 = plugins/imv_attestation -@USE_IMC_SWID_TRUE@am__append_11 = plugins/imc_swid -@USE_IMV_SWID_TRUE@am__append_12 = plugins/imv_swid -@USE_IMC_HCD_TRUE@am__append_13 = plugins/imc_hcd -@USE_IMV_HCD_TRUE@am__append_14 = plugins/imv_hcd +@USE_IMC_TEST_TRUE@am__append_2 = plugins/imc_test +@USE_IMV_TEST_TRUE@am__append_3 = plugins/imv_test +@USE_IMC_SCANNER_TRUE@am__append_4 = plugins/imc_scanner +@USE_IMV_SCANNER_TRUE@am__append_5 = plugins/imv_scanner +@USE_IMC_OS_TRUE@am__append_6 = plugins/imc_os +@USE_IMV_OS_TRUE@am__append_7 = plugins/imv_os +@USE_IMC_ATTESTATION_TRUE@am__append_8 = plugins/imc_attestation +@USE_IMV_ATTESTATION_TRUE@am__append_9 = plugins/imv_attestation +@USE_IMC_SWID_TRUE@am__append_10 = plugins/imc_swid +@USE_IMV_SWID_TRUE@am__append_11 = plugins/imv_swid +@USE_IMC_HCD_TRUE@am__append_12 = plugins/imc_hcd +@USE_IMV_HCD_TRUE@am__append_13 = plugins/imv_hcd TESTS = imcv_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libimcv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(dist_templates_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -114,6 +121,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -151,7 +160,8 @@ LTLIBRARIES = $(ipseclib_LTLIBRARIES) am__DEPENDENCIES_1 = libimcv_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la $(am__DEPENDENCIES_1) \ + $(top_builddir)/src/libtncif/libtncif.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am_libimcv_la_OBJECTS = imcv.lo imc/imc_agent.lo imc/imc_msg.lo \ @@ -230,6 +240,7 @@ am_imcv_tests_OBJECTS = ita/imcv_tests-ita_attr_command.$(OBJEXT) \ imcv_tests-imcv.$(OBJEXT) imcv_tests-imcv_tests.$(OBJEXT) imcv_tests_OBJECTS = $(am_imcv_tests_OBJECTS) imcv_tests_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la imcv_tests_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ @@ -348,6 +359,7 @@ DIST_SUBDIRS = . plugins/imc_test plugins/imv_test plugins/imc_scanner \ plugins/imc_attestation plugins/imv_attestation \ plugins/imc_swid plugins/imv_swid plugins/imc_hcd \ plugins/imv_hcd +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -379,6 +391,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -428,6 +441,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -462,6 +476,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -573,6 +588,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -604,6 +620,7 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -DIPSEC_SCRIPT=\"${ipsec_script}\" ipseclib_LTLIBRARIES = libimcv.la @@ -612,8 +629,8 @@ libimcv_la_LDFLAGS = \ libimcv_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(top_builddir)/src/libtncif/libtncif.la $(am__append_1) \ - $(am__append_2) + $(top_builddir)/src/libtncif/libtncif.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la $(am__append_1) libimcv_la_SOURCES = \ imcv.h imcv.c \ imc/imc_agent.h imc/imc_agent.c imc/imc_state.h \ @@ -660,7 +677,6 @@ libimcv_la_SOURCES = \ pts/pts_pcr.h pts/pts_pcr.c \ pts/pts_proto_caps.h \ pts/pts_req_func_comp_evid.h \ - pts/pts_simple_evid_final.h \ pts/pts_creds.h pts/pts_creds.c \ pts/pts_database.h pts/pts_database.c \ pts/pts_dh_group.h pts/pts_dh_group.c \ @@ -726,10 +742,10 @@ imv_policy_manager_LDADD = \ $(top_builddir)/src/libtncif/libtncif.la #imv/imv_policy_manager.o : $(top_builddir)/config.status -SUBDIRS = . $(am__append_3) $(am__append_4) $(am__append_5) \ - $(am__append_6) $(am__append_7) $(am__append_8) \ - $(am__append_9) $(am__append_10) $(am__append_11) \ - $(am__append_12) $(am__append_13) $(am__append_14) +SUBDIRS = . $(am__append_2) $(am__append_3) $(am__append_4) \ + $(am__append_5) $(am__append_6) $(am__append_7) \ + $(am__append_8) $(am__append_9) $(am__append_10) \ + $(am__append_11) $(am__append_12) $(am__append_13) imcv_tests_SOURCES = \ ita/ita_attr_command.c \ pa_tnc/pa_tnc_attr_manager.c \ @@ -749,6 +765,7 @@ imcv_tests_CFLAGS = \ imcv_tests_LDFLAGS = @COVERAGE_LDFLAGS@ imcv_tests_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libstrongswan/tests/libtest.la @@ -768,7 +785,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1999,6 +2015,8 @@ uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS \ uninstall-ipsecSCRIPTS uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/generic/generic_attr_bool.c b/src/libimcv/generic/generic_attr_bool.c index 3f570d9f8..5668b94fd 100644 --- a/src/libimcv/generic/generic_attr_bool.c +++ b/src/libimcv/generic/generic_attr_bool.c @@ -118,11 +118,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_generic_attr_bool_t *this, u_int32_t *offset) + private_generic_attr_bool_t *this, uint32_t *offset) { enum_name_t *pa_attr_names; bio_reader_t *reader; - u_int32_t status; + uint32_t status; *offset = 0; diff --git a/src/libimcv/generic/generic_attr_chunk.c b/src/libimcv/generic/generic_attr_chunk.c index 98a539987..2227e2041 100644 --- a/src/libimcv/generic/generic_attr_chunk.c +++ b/src/libimcv/generic/generic_attr_chunk.c @@ -93,7 +93,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_generic_attr_chunk_t *this, u_int32_t *offset) + private_generic_attr_chunk_t *this, uint32_t *offset) { enum_name_t *pa_attr_names; *offset = 0; diff --git a/src/libimcv/generic/generic_attr_string.c b/src/libimcv/generic/generic_attr_string.c index e63c0126a..4983ef91f 100644 --- a/src/libimcv/generic/generic_attr_string.c +++ b/src/libimcv/generic/generic_attr_string.c @@ -88,7 +88,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_generic_attr_string_t *this, u_int32_t *offset) + private_generic_attr_string_t *this, uint32_t *offset) { enum_name_t *pa_attr_names; u_char *pos; diff --git a/src/libimcv/ietf/ietf_attr.c b/src/libimcv/ietf/ietf_attr.c index 38b777fce..cfac6ed17 100644 --- a/src/libimcv/ietf/ietf_attr.c +++ b/src/libimcv/ietf/ietf_attr.c @@ -47,7 +47,7 @@ ENUM(ietf_attr_names, IETF_ATTR_TESTING, IETF_ATTR_FACTORY_DEFAULT_PWD_ENABLED, /** * See header */ -pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) diff --git a/src/libimcv/ietf/ietf_attr.h b/src/libimcv/ietf/ietf_attr.h index 169ed78e8..7154674af 100644 --- a/src/libimcv/ietf/ietf_attr.h +++ b/src/libimcv/ietf/ietf_attr.h @@ -59,7 +59,7 @@ extern enum_name_t *ietf_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* ietf_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ietf_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** IETF_ATTR_H_ @}*/ diff --git a/src/libimcv/ietf/ietf_attr_assess_result.c b/src/libimcv/ietf/ietf_attr_assess_result.c index 1cffdcaae..894212508 100644 --- a/src/libimcv/ietf/ietf_attr_assess_result.c +++ b/src/libimcv/ietf/ietf_attr_assess_result.c @@ -67,7 +67,7 @@ struct private_ietf_attr_assess_result_t { /** * Assessment Result */ - u_int32_t result; + uint32_t result; /** * Reference count @@ -117,7 +117,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_assess_result_t *this, u_int32_t *offset) + private_ietf_attr_assess_result_t *this, uint32_t *offset) { bio_reader_t *reader; @@ -162,7 +162,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(ietf_attr_assess_result_t, get_result, u_int32_t, +METHOD(ietf_attr_assess_result_t, get_result, uint32_t, private_ietf_attr_assess_result_t *this) { return this->result; @@ -171,7 +171,7 @@ METHOD(ietf_attr_assess_result_t, get_result, u_int32_t, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_assess_result_create(u_int32_t result) +pa_tnc_attr_t *ietf_attr_assess_result_create(uint32_t result) { private_ietf_attr_assess_result_t *this; diff --git a/src/libimcv/ietf/ietf_attr_assess_result.h b/src/libimcv/ietf/ietf_attr_assess_result.h index b1a5166dc..fe7c1aaf3 100644 --- a/src/libimcv/ietf/ietf_attr_assess_result.h +++ b/src/libimcv/ietf/ietf_attr_assess_result.h @@ -43,7 +43,7 @@ struct ietf_attr_assess_result_t { * * @return Assessment Result */ - u_int32_t (*get_result)(ietf_attr_assess_result_t *this); + uint32_t (*get_result)(ietf_attr_assess_result_t *this); }; @@ -51,7 +51,7 @@ struct ietf_attr_assess_result_t { * Creates an ietf_attr_assess_result_t object * */ -pa_tnc_attr_t* ietf_attr_assess_result_create(u_int32_t result); +pa_tnc_attr_t* ietf_attr_assess_result_create(uint32_t result); /** * Creates an ietf_attr_assess_result_t object from received data diff --git a/src/libimcv/ietf/ietf_attr_attr_request.c b/src/libimcv/ietf/ietf_attr_attr_request.c index 08658e2f7..2a0b7f062 100644 --- a/src/libimcv/ietf/ietf_attr_attr_request.c +++ b/src/libimcv/ietf/ietf_attr_attr_request.c @@ -136,7 +136,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(ietf_attr_attr_request_t, add, void, - private_ietf_attr_attr_request_t *this, pen_t vendor_id, u_int32_t type) + private_ietf_attr_attr_request_t *this, pen_t vendor_id, uint32_t type) { enum_name_t *pa_attr_names; pen_type_t *entry; @@ -160,12 +160,12 @@ METHOD(ietf_attr_attr_request_t, add, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_attr_request_t *this, u_int32_t *offset) + private_ietf_attr_attr_request_t *this, uint32_t *offset) { bio_reader_t *reader; pen_t vendor_id; - u_int32_t type; - u_int8_t reserved; + uint32_t type; + uint8_t reserved; int count; *offset = 0; @@ -228,7 +228,7 @@ METHOD(ietf_attr_attr_request_t, create_enumerator, enumerator_t*, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type) +pa_tnc_attr_t *ietf_attr_attr_request_create(pen_t vendor_id, uint32_t type) { private_ietf_attr_attr_request_t *this; diff --git a/src/libimcv/ietf/ietf_attr_attr_request.h b/src/libimcv/ietf/ietf_attr_attr_request.h index 47b038605..4c4ede04a 100644 --- a/src/libimcv/ietf/ietf_attr_attr_request.h +++ b/src/libimcv/ietf/ietf_attr_attr_request.h @@ -44,7 +44,7 @@ struct ietf_attr_attr_request_t { * @param vendor_id Attribute Vendor ID * @param type Attribute Type */ - void (*add)(ietf_attr_attr_request_t *this, pen_t vendor_id, u_int32_t type); + void (*add)(ietf_attr_attr_request_t *this, pen_t vendor_id, uint32_t type); /** * Creates an enumerator over all attribute types contained @@ -59,7 +59,7 @@ struct ietf_attr_attr_request_t { * Creates an ietf_attr_attr_request_t object * */ -pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, u_int32_t type); +pa_tnc_attr_t* ietf_attr_attr_request_create(pen_t vendor_id, uint32_t type); /** * @param length Total length of attribute value diff --git a/src/libimcv/ietf/ietf_attr_fwd_enabled.c b/src/libimcv/ietf/ietf_attr_fwd_enabled.c index 876a740c0..93eca3b3c 100644 --- a/src/libimcv/ietf/ietf_attr_fwd_enabled.c +++ b/src/libimcv/ietf/ietf_attr_fwd_enabled.c @@ -117,10 +117,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_fwd_enabled_t *this, u_int32_t *offset) + private_ietf_attr_fwd_enabled_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t fwd_status; + uint32_t fwd_status; *offset = 0; diff --git a/src/libimcv/ietf/ietf_attr_installed_packages.c b/src/libimcv/ietf/ietf_attr_installed_packages.c index 39eea555a..7a870ac40 100644 --- a/src/libimcv/ietf/ietf_attr_installed_packages.c +++ b/src/libimcv/ietf/ietf_attr_installed_packages.c @@ -169,13 +169,13 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_installed_packages_t *this, u_int32_t *offset) + private_ietf_attr_installed_packages_t *this, uint32_t *offset) { bio_reader_t *reader; package_entry_t *entry; status_t status = NEED_MORE; chunk_t name, version; - u_int16_t reserved; + uint16_t reserved; u_char *pos; if (this->offset == 0) diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.c b/src/libimcv/ietf/ietf_attr_numeric_version.c index c8fd6c1ca..7a3e78fd0 100644 --- a/src/libimcv/ietf/ietf_attr_numeric_version.c +++ b/src/libimcv/ietf/ietf_attr_numeric_version.c @@ -73,27 +73,27 @@ struct private_ietf_attr_numeric_version_t { /** * Major Version Number */ - u_int32_t major_version; + uint32_t major_version; /** * Minor Version Number */ - u_int32_t minor_version; + uint32_t minor_version; /** * IBuild Number */ - u_int32_t build; + uint32_t build; /** * Service Pack Major Number */ - u_int16_t service_pack_major; + uint16_t service_pack_major; /** * Service Pack Minor Number */ - u_int16_t service_pack_minor; + uint16_t service_pack_minor; /** * Reference count @@ -148,7 +148,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_numeric_version_t *this, u_int32_t *offset) + private_ietf_attr_numeric_version_t *this, uint32_t *offset) { bio_reader_t *reader; @@ -198,7 +198,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(ietf_attr_numeric_version_t, get_version, void, - private_ietf_attr_numeric_version_t *this, u_int32_t *major, u_int32_t *minor) + private_ietf_attr_numeric_version_t *this, uint32_t *major, uint32_t *minor) { if (major) { @@ -210,14 +210,14 @@ METHOD(ietf_attr_numeric_version_t, get_version, void, } } -METHOD(ietf_attr_numeric_version_t, get_build, u_int32_t, +METHOD(ietf_attr_numeric_version_t, get_build, uint32_t, private_ietf_attr_numeric_version_t *this) { return this->build; } METHOD(ietf_attr_numeric_version_t, get_service_pack, void, - private_ietf_attr_numeric_version_t *this, u_int16_t *major, u_int16_t *minor) + private_ietf_attr_numeric_version_t *this, uint16_t *major, uint16_t *minor) { if (major) { @@ -232,10 +232,10 @@ METHOD(ietf_attr_numeric_version_t, get_service_pack, void, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor, - u_int32_t build, - u_int16_t service_pack_major, - u_int16_t service_pack_minor) +pa_tnc_attr_t *ietf_attr_numeric_version_create(uint32_t major, uint32_t minor, + uint32_t build, + uint16_t service_pack_major, + uint16_t service_pack_minor) { private_ietf_attr_numeric_version_t *this; diff --git a/src/libimcv/ietf/ietf_attr_numeric_version.h b/src/libimcv/ietf/ietf_attr_numeric_version.h index 8808d48ed..afb3823e4 100644 --- a/src/libimcv/ietf/ietf_attr_numeric_version.h +++ b/src/libimcv/ietf/ietf_attr_numeric_version.h @@ -45,7 +45,7 @@ struct ietf_attr_numeric_version_t { * @param minor Minor Version Number */ void (*get_version)(ietf_attr_numeric_version_t *this, - u_int32_t *major, u_int32_t *minor); + uint32_t *major, uint32_t *minor); /** * Gets the Build Number @@ -53,7 +53,7 @@ struct ietf_attr_numeric_version_t { * @param major Major Version Number * @param minor Minor Version Number */ - u_int32_t (*get_build)(ietf_attr_numeric_version_t *this); + uint32_t (*get_build)(ietf_attr_numeric_version_t *this); /** * Gets the Major and Minor Numbers of the Service Pack @@ -62,17 +62,17 @@ struct ietf_attr_numeric_version_t { * @param minor Servcie Pack Minor Number */ void (*get_service_pack)(ietf_attr_numeric_version_t *this, - u_int16_t *major, u_int16_t *minor); + uint16_t *major, uint16_t *minor); }; /** * Creates an ietf_attr_numeric_version_t object * */ -pa_tnc_attr_t* ietf_attr_numeric_version_create(u_int32_t major, u_int32_t minor, - u_int32_t build, - u_int16_t service_pack_major, - u_int16_t service_pack_minor); +pa_tnc_attr_t* ietf_attr_numeric_version_create(uint32_t major, uint32_t minor, + uint32_t build, + uint16_t service_pack_major, + uint16_t service_pack_minor); /** * Creates an ietf_attr_numeric_version_t object from received data diff --git a/src/libimcv/ietf/ietf_attr_op_status.c b/src/libimcv/ietf/ietf_attr_op_status.c index d061a52f9..f04c89b96 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.c +++ b/src/libimcv/ietf/ietf_attr_op_status.c @@ -93,12 +93,12 @@ struct private_ietf_attr_op_status_t { /** * Status */ - u_int8_t status; + uint8_t status; /** * Result */ - u_int8_t result; + uint8_t result; /** * Last Use @@ -164,11 +164,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_op_status_t *this, u_int32_t *offset) + private_ietf_attr_op_status_t *this, uint32_t *offset) { bio_reader_t *reader; chunk_t last_use; - u_int16_t reserved; + uint16_t reserved; struct tm t; *offset = 0; @@ -245,13 +245,13 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(ietf_attr_op_status_t, get_status, u_int8_t, +METHOD(ietf_attr_op_status_t, get_status, uint8_t, private_ietf_attr_op_status_t *this) { return this->status; } -METHOD(ietf_attr_op_status_t, get_result, u_int8_t, +METHOD(ietf_attr_op_status_t, get_result, uint8_t, private_ietf_attr_op_status_t *this) { return this->result; @@ -266,7 +266,7 @@ METHOD(ietf_attr_op_status_t, get_last_use, time_t, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_op_status_create(u_int8_t status, u_int8_t result, +pa_tnc_attr_t *ietf_attr_op_status_create(uint8_t status, uint8_t result, time_t last_use) { private_ietf_attr_op_status_t *this; diff --git a/src/libimcv/ietf/ietf_attr_op_status.h b/src/libimcv/ietf/ietf_attr_op_status.h index ceb13fe75..c91735a55 100644 --- a/src/libimcv/ietf/ietf_attr_op_status.h +++ b/src/libimcv/ietf/ietf_attr_op_status.h @@ -70,14 +70,14 @@ struct ietf_attr_op_status_t { * * @return Operational Status */ - u_int8_t (*get_status)(ietf_attr_op_status_t *this); + uint8_t (*get_status)(ietf_attr_op_status_t *this); /** * Gets the Operational Result * * @return Operational Result */ - u_int8_t (*get_result)(ietf_attr_op_status_t *this); + uint8_t (*get_result)(ietf_attr_op_status_t *this); /** * Gets the time of last use @@ -94,7 +94,7 @@ struct ietf_attr_op_status_t { * @param result Operational Result * @param last_use Time of last use */ -pa_tnc_attr_t* ietf_attr_op_status_create(u_int8_t status, u_int8_t result, +pa_tnc_attr_t* ietf_attr_op_status_create(uint8_t status, uint8_t result, time_t last_use); /** diff --git a/src/libimcv/ietf/ietf_attr_port_filter.c b/src/libimcv/ietf/ietf_attr_port_filter.c index 6f7ff54cc..05920fdd8 100644 --- a/src/libimcv/ietf/ietf_attr_port_filter.c +++ b/src/libimcv/ietf/ietf_attr_port_filter.c @@ -30,8 +30,8 @@ typedef struct port_entry_t port_entry_t; */ struct port_entry_t { bool blocked; - u_int8_t protocol; - u_int16_t port; + uint8_t protocol; + uint16_t port; }; /** @@ -142,11 +142,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_port_filter_t *this, u_int32_t *offset) + private_ietf_attr_port_filter_t *this, uint32_t *offset) { bio_reader_t *reader; port_entry_t *entry; - u_int8_t blocked; + uint8_t blocked; *offset = 0; @@ -201,8 +201,8 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(ietf_attr_port_filter_t, add_port, void, - private_ietf_attr_port_filter_t *this, bool blocked, u_int8_t protocol, - u_int16_t port) + private_ietf_attr_port_filter_t *this, bool blocked, uint8_t protocol, + uint16_t port) { port_entry_t *entry; @@ -217,8 +217,8 @@ METHOD(ietf_attr_port_filter_t, add_port, void, * Enumerate port filter entries */ static bool port_filter(void *null, port_entry_t **entry, - bool *blocked, void *i2, u_int8_t *protocol, void *i3, - u_int16_t *port) + bool *blocked, void *i2, uint8_t *protocol, void *i3, + uint16_t *port) { *blocked = (*entry)->blocked; *protocol = (*entry)->protocol; diff --git a/src/libimcv/ietf/ietf_attr_port_filter.h b/src/libimcv/ietf/ietf_attr_port_filter.h index e6c5a3f61..db35453c4 100644 --- a/src/libimcv/ietf/ietf_attr_port_filter.h +++ b/src/libimcv/ietf/ietf_attr_port_filter.h @@ -46,11 +46,11 @@ struct ietf_attr_port_filter_t { * @param port TCP/UDP port number */ void (*add_port)(ietf_attr_port_filter_t *this, bool blocked, - u_int8_t protocol, u_int16_t port); + uint8_t protocol, uint16_t port); /** * Enumerates over all ports - * Format: bool *blocked, u_int8_t *protocol, u_int16_t *port + * Format: bool *blocked, uint8_t *protocol, uint16_t *port * * @return enumerator */ diff --git a/src/libimcv/ietf/ietf_attr_product_info.c b/src/libimcv/ietf/ietf_attr_product_info.c index 37c89e9e5..ed1a74b43 100644 --- a/src/libimcv/ietf/ietf_attr_product_info.c +++ b/src/libimcv/ietf/ietf_attr_product_info.c @@ -74,7 +74,7 @@ struct private_ietf_attr_product_info_t { /** * Product ID */ - u_int16_t product_id; + uint16_t product_id; /** * Product Name @@ -131,7 +131,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_product_info_t *this, u_int32_t *offset) + private_ietf_attr_product_info_t *this, uint32_t *offset) { bio_reader_t *reader; chunk_t product_name; @@ -190,7 +190,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(ietf_attr_product_info_t, get_info, chunk_t, - private_ietf_attr_product_info_t *this, pen_t *vendor_id, u_int16_t *id) + private_ietf_attr_product_info_t *this, pen_t *vendor_id, uint16_t *id) { if (vendor_id) { @@ -206,7 +206,7 @@ METHOD(ietf_attr_product_info_t, get_info, chunk_t, /** * Described in header. */ -pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id, +pa_tnc_attr_t *ietf_attr_product_info_create(pen_t vendor_id, uint16_t id, chunk_t name) { private_ietf_attr_product_info_t *this; diff --git a/src/libimcv/ietf/ietf_attr_product_info.h b/src/libimcv/ietf/ietf_attr_product_info.h index 5151b5808..53e240955 100644 --- a/src/libimcv/ietf/ietf_attr_product_info.h +++ b/src/libimcv/ietf/ietf_attr_product_info.h @@ -46,7 +46,7 @@ struct ietf_attr_product_info_t { * @return Product Name */ chunk_t (*get_info)(ietf_attr_product_info_t *this, - pen_t *vendor_id, u_int16_t *id); + pen_t *vendor_id, uint16_t *id); }; @@ -54,7 +54,7 @@ struct ietf_attr_product_info_t { * Creates an ietf_attr_product_info_t object * */ -pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, u_int16_t id, +pa_tnc_attr_t* ietf_attr_product_info_create(pen_t vendor_id, uint16_t id, chunk_t name); /** diff --git a/src/libimcv/ietf/ietf_attr_remediation_instr.c b/src/libimcv/ietf/ietf_attr_remediation_instr.c index 64070374e..c834b23fd 100644 --- a/src/libimcv/ietf/ietf_attr_remediation_instr.c +++ b/src/libimcv/ietf/ietf_attr_remediation_instr.c @@ -165,10 +165,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_remediation_instr_t *this, u_int32_t *offset) + private_ietf_attr_remediation_instr_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; + uint8_t reserved; status_t status = SUCCESS; u_char *pos; diff --git a/src/libimcv/ietf/ietf_attr_string_version.c b/src/libimcv/ietf/ietf_attr_string_version.c index c46200b8f..f78138747 100644 --- a/src/libimcv/ietf/ietf_attr_string_version.c +++ b/src/libimcv/ietf/ietf_attr_string_version.c @@ -134,7 +134,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ietf_attr_string_version_t *this, u_int32_t *offset) + private_ietf_attr_string_version_t *this, uint32_t *offset) { bio_reader_t *reader; status_t status = FAILED; diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index 0d622f1b8..3a7a16bc2 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -46,7 +46,7 @@ struct private_imc_agent_t { /** * number of message types registered by IMC */ - u_int32_t type_count; + uint32_t type_count; /** * ID of IMC as assigned by TNCC @@ -320,7 +320,7 @@ static char* get_str_attribute(private_imc_agent_t *this, TNC_ConnectionID id, /** * Read an UInt32 attribute */ -static u_int32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id, +static uint32_t get_uint_attribute(private_imc_agent_t *this, TNC_ConnectionID id, TNC_AttributeID attribute_id) { TNC_UInt32 len; @@ -341,7 +341,7 @@ METHOD(imc_agent_t, create_state, TNC_Result, TNC_ConnectionID conn_id; char *tnccs_p = NULL, *tnccs_v = NULL, *t_p = NULL, *t_v = NULL; bool has_long = FALSE, has_excl = FALSE, has_soh = FALSE; - u_int32_t max_msg_len; + uint32_t max_msg_len; conn_id = state->get_connection_id(state); if (find_connection(this, conn_id)) @@ -550,7 +550,7 @@ METHOD(imc_agent_t, destroy, void, * Described in header. */ imc_agent_t *imc_agent_create(const char *name, - pen_type_t *supported_types, u_int32_t type_count, + pen_type_t *supported_types, uint32_t type_count, TNC_IMCID id, TNC_Version *actual_version) { private_imc_agent_t *this; diff --git a/src/libimcv/imc/imc_agent.h b/src/libimcv/imc/imc_agent.h index 8bdfb6c32..bac1b4832 100644 --- a/src/libimcv/imc/imc_agent.h +++ b/src/libimcv/imc/imc_agent.h @@ -198,7 +198,7 @@ struct imc_agent_t { * */ imc_agent_t *imc_agent_create(const char *name, - pen_type_t *supported_types, u_int32_t type_count, + pen_type_t *supported_types, uint32_t type_count, TNC_IMCID id, TNC_Version *actual_version); #endif /** IMC_AGENT_H_ @}*/ diff --git a/src/libimcv/imc/imc_os_info.c b/src/libimcv/imc/imc_os_info.c index 55e152af5..3315c209f 100644 --- a/src/libimcv/imc/imc_os_info.c +++ b/src/libimcv/imc/imc_os_info.c @@ -69,7 +69,7 @@ METHOD(imc_os_info_t, get_name, chunk_t, } METHOD(imc_os_info_t, get_numeric_version, void, - private_imc_os_info_t *this, u_int32_t *major, u_int32_t *minor) + private_imc_os_info_t *this, uint32_t *major, uint32_t *minor) { u_char *pos; diff --git a/src/libimcv/imc/imc_os_info.h b/src/libimcv/imc/imc_os_info.h index ef7fb6d43..680e2b7a3 100644 --- a/src/libimcv/imc/imc_os_info.h +++ b/src/libimcv/imc/imc_os_info.h @@ -54,8 +54,8 @@ struct imc_os_info_t { * @param major OS major version number * @param minor OS minor version number */ - void (*get_numeric_version)(imc_os_info_t *this, u_int32_t *major, - u_int32_t *minor); + void (*get_numeric_version)(imc_os_info_t *this, uint32_t *major, + uint32_t *minor); /** * Get the OS version or release diff --git a/src/libimcv/imc/imc_state.h b/src/libimcv/imc/imc_state.h index efcf567f0..d8aeab996 100644 --- a/src/libimcv/imc/imc_state.h +++ b/src/libimcv/imc/imc_state.h @@ -72,14 +72,14 @@ struct imc_state_t { * * @param max_msg_len maximum size of a PA-TNC message */ - void (*set_max_msg_len)(imc_state_t *this, u_int32_t max_msg_len); + void (*set_max_msg_len)(imc_state_t *this, uint32_t max_msg_len); /** * Get the maximum size of a PA-TNC message for this TNCCS connection * * @return maximum size of a PA-TNC message */ - u_int32_t (*get_max_msg_len)(imc_state_t *this); + uint32_t (*get_max_msg_len)(imc_state_t *this); /** * Get attribute segmentation contracts associated with TNCCS Connection diff --git a/src/libimcv/imv/data.sql b/src/libimcv/imv/data.sql index 9162e3f87..6f88e173a 100644 --- a/src/libimcv/imv/data.sql +++ b/src/libimcv/imv/data.sql @@ -412,6 +412,90 @@ INSERT INTO products ( /* 69 */ 'Debian 7.9 armv7l' ); +INSERT INTO products ( /* 70 */ + name +) VALUES ( + 'Ubuntu 15.04 i686' +); + +INSERT INTO products ( /* 71 */ + name +) VALUES ( + 'Ubuntu 15.04 x86_64' +); + +INSERT INTO products ( /* 72 */ + name +) VALUES ( + 'Ubuntu 15.10 i686' +); + +INSERT INTO products ( /* 73 */ + name +) VALUES ( + 'Ubuntu 15.10 x86_64' +); + +INSERT INTO products ( /* 74 */ + name +) VALUES ( + 'Ubuntu 16.04 i686' +); + +INSERT INTO products ( /* 75 */ + name +) VALUES ( + 'Ubuntu 16.04 x86_64' +); + +INSERT INTO products ( /* 76 */ + name +) VALUES ( + 'Debian 7.10 i686' +); + +INSERT INTO products ( /* 77 */ + name +) VALUES ( + 'Debian 7.10 x86_64' +); + +INSERT INTO products ( /* 78 */ + name +) VALUES ( + 'Debian 7.10 armv6l' +); + +INSERT INTO products ( /* 79 */ + name +) VALUES ( + 'Debian 7.10 armv7l' +); + +INSERT INTO products ( /* 80 */ + name +) VALUES ( + 'Android 6.0' +); + +INSERT INTO products ( /* 81 */ + name +) VALUES ( + 'Android 6.0.1' +); + +INSERT INTO products ( /* 82 */ + name +) VALUES ( + 'Debian 8.5 i686' +); + +INSERT INTO products ( /* 83 */ + name +) VALUES ( + 'Debian 8.5 x86_64' +); + /* Directories */ INSERT INTO directories ( /* 1 */ @@ -541,19 +625,19 @@ INSERT INTO files ( /* 6 */ INSERT INTO algorithms ( id, name ) VALUES ( - 32768, 'SHA1' + 32768, 'SHA1' ); INSERT INTO algorithms ( id, name ) VALUES ( - 16384, 'SHA256' + 16384, 'SHA256' ); INSERT INTO algorithms ( id, name ) VALUES ( - 8192, 'SHA384' + 8192, 'SHA384' ); /* File Hashes */ @@ -919,6 +1003,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 4, 76 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 5, 2 ); @@ -991,6 +1081,18 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 5, 77 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 5, 83 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 6, 9 ); @@ -1045,6 +1147,24 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 6, 70 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 6, 72 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 6, 74 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 7, 8 ); @@ -1105,6 +1225,24 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 7, 71 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 7, 73 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 7, 75 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 3, 21 ); @@ -1165,6 +1303,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 3, 51 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 3, 63 ); @@ -1177,7 +1321,13 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( - 3, 51 + 3, 80 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 3, 81 ); INSERT INTO groups_product_defaults ( @@ -1243,6 +1393,12 @@ INSERT INTO groups_product_defaults ( INSERT INTO groups_product_defaults ( group_id, product_id ) VALUES ( + 14, 78 +); + +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( 15, 65 ); @@ -1252,6 +1408,12 @@ INSERT INTO groups_product_defaults ( 15, 69 ); +INSERT INTO groups_product_defaults ( + group_id, product_id +) VALUES ( + 15, 79 +); + /* Policies */ INSERT INTO policies ( /* 1 */ diff --git a/src/libimcv/imv/imv_database.h b/src/libimcv/imv/imv_database.h index 79551cc79..d0b2db2b4 100644 --- a/src/libimcv/imv/imv_database.h +++ b/src/libimcv/imv/imv_database.h @@ -46,7 +46,7 @@ struct imv_database_t { */ imv_session_t* (*add_session)(imv_database_t *this, TNC_ConnectionID conn_id, - u_int32_t ar_id_type, chunk_t ar_id_value); + uint32_t ar_id_type, chunk_t ar_id_value); /** * Remove and delete a session diff --git a/src/libimcv/ita/ita_attr.c b/src/libimcv/ita/ita_attr.c index 35c882c37..1d8db71cb 100644 --- a/src/libimcv/ita/ita_attr.c +++ b/src/libimcv/ita/ita_attr.c @@ -35,7 +35,7 @@ ENUM(ita_attr_names, ITA_ATTR_COMMAND, ITA_ATTR_DEVICE_ID, /** * See header */ -pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ita_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) diff --git a/src/libimcv/ita/ita_attr.h b/src/libimcv/ita/ita_attr.h index 7378a1cbe..726537420 100644 --- a/src/libimcv/ita/ita_attr.h +++ b/src/libimcv/ita/ita_attr.h @@ -53,7 +53,7 @@ extern enum_name_t *ita_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* ita_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* ita_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** ITA_ATTR_H_ @}*/ diff --git a/src/libimcv/ita/ita_attr_angel.c b/src/libimcv/ita/ita_attr_angel.c index 110863608..133089759 100644 --- a/src/libimcv/ita/ita_attr_angel.c +++ b/src/libimcv/ita/ita_attr_angel.c @@ -81,7 +81,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_angel_t *this, u_int32_t *offset) + private_ita_attr_angel_t *this, uint32_t *offset) { return SUCCESS; } diff --git a/src/libimcv/ita/ita_attr_command.c b/src/libimcv/ita/ita_attr_command.c index a6b187f13..03a534125 100644 --- a/src/libimcv/ita/ita_attr_command.c +++ b/src/libimcv/ita/ita_attr_command.c @@ -101,7 +101,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_command_t *this, u_int32_t *offset) + private_ita_attr_command_t *this, uint32_t *offset) { *offset = 0; diff --git a/src/libimcv/ita/ita_attr_dummy.c b/src/libimcv/ita/ita_attr_dummy.c index 0d21ac6ea..8fa23cf99 100644 --- a/src/libimcv/ita/ita_attr_dummy.c +++ b/src/libimcv/ita/ita_attr_dummy.c @@ -99,7 +99,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_dummy_t *this, u_int32_t *offset) + private_ita_attr_dummy_t *this, uint32_t *offset) { *offset = 0; diff --git a/src/libimcv/ita/ita_attr_get_settings.c b/src/libimcv/ita/ita_attr_get_settings.c index 3c047fb82..4c50cffd9 100644 --- a/src/libimcv/ita/ita_attr_get_settings.c +++ b/src/libimcv/ita/ita_attr_get_settings.c @@ -140,10 +140,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_get_settings_t *this, u_int32_t *offset) + private_ita_attr_get_settings_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t count; + uint32_t count; chunk_t name; status_t status = FAILED; diff --git a/src/libimcv/ita/ita_attr_settings.c b/src/libimcv/ita/ita_attr_settings.c index ced347705..c7c968a26 100644 --- a/src/libimcv/ita/ita_attr_settings.c +++ b/src/libimcv/ita/ita_attr_settings.c @@ -169,10 +169,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_ita_attr_settings_t *this, u_int32_t *offset) + private_ita_attr_settings_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t count; + uint32_t count; chunk_t name, value; entry_t *entry; status_t status = FAILED; diff --git a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h index 8607feede..1fec8e3f9 100644 --- a/src/libimcv/pa_tnc/pa_tnc_attr_manager.h +++ b/src/libimcv/pa_tnc/pa_tnc_attr_manager.h @@ -28,7 +28,7 @@ typedef struct pa_tnc_attr_manager_t pa_tnc_attr_manager_t; #include <library.h> #include <bio/bio_reader.h> -typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(u_int32_t type, size_t length, +typedef pa_tnc_attr_t* (*pa_tnc_attr_create_t)(uint32_t type, size_t length, chunk_t value); /** diff --git a/src/libimcv/plugins/imc_attestation/Makefile.am b/src/libimcv/plugins/imc_attestation/Makefile.am index e7b1f1ce1..14b1646e5 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.am +++ b/src/libimcv/plugins/imc_attestation/Makefile.am @@ -1,7 +1,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) diff --git a/src/libimcv/plugins/imc_attestation/Makefile.in b/src/libimcv/plugins/imc_attestation/Makefile.in index 6d9533d21..d2b8168b9 100644 --- a/src/libimcv/plugins/imc_attestation/Makefile.in +++ b/src/libimcv/plugins/imc_attestation/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_attestation -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -432,7 +446,8 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -462,7 +477,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_attestation/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -766,6 +780,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c index f24aec881..56713bb04 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_process.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_process.c @@ -1,5 +1,6 @@ /* - * Copyright (C) 2011-2012 Sansar Choinyambuu, Andreas Steffen + * Copyright (C) 2011-2012 Sansar Choinyambuu + * Copyright (C) 2011-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -225,9 +226,9 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, { tcg_pts_attr_req_file_meas_t *attr_cast; char *pathname; - u_int16_t request_id; + uint16_t request_id; bool is_directory; - u_int32_t delimiter; + uint32_t delimiter; pts_file_meas_t *measurements; pen_type_t error_code; @@ -282,7 +283,7 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, tcg_pts_attr_req_file_meta_t *attr_cast; char *pathname; bool is_directory; - u_int8_t delimiter; + uint8_t delimiter; pts_file_meta_t *metadata; pen_type_t error_code; @@ -336,8 +337,8 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, pts_comp_evidence_t *evid; pts_component_t *comp; pen_type_t error_code; - u_int32_t depth; - u_int8_t flags; + uint32_t depth; + uint8_t flags; status_t status; enumerator_t *e; @@ -420,11 +421,11 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, } case TCG_PTS_GEN_ATTEST_EVID: { - pts_simple_evid_final_flag_t flags; - pts_meas_algorithms_t comp_hash_algorithm; pts_comp_evidence_t *evid; - chunk_t pcr_composite, quote_sig; - bool use_quote2; + tpm_quote_mode_t quote_mode; + tpm_tss_quote_info_t *quote_info; + chunk_t quote_sig; + bool use_quote2, use_version_info; /* Send cached Component Evidence entries */ while (attestation_state->next_evidence(attestation_state, &evid)) @@ -434,21 +435,23 @@ bool imc_attestation_process(pa_tnc_attr_t *attr, imc_msg_t *msg, } use_quote2 = lib->settings->get_bool(lib->settings, - "%s.plugins.imc-attestation.use_quote2", TRUE, - lib->ns); - if (!pts->quote_tpm(pts, use_quote2, &pcr_composite, "e_sig)) + "%s.plugins.imc-attestation.use_quote2", + TRUE, lib->ns); + use_version_info = lib->settings->get_bool(lib->settings, + "%s.plugins.imc-attestation.use_version_info", + FALSE, lib->ns); + quote_mode = use_quote2 ? (use_version_info ? + TPM_QUOTE2_VERSION_INFO : + TPM_QUOTE2) : + TPM_QUOTE; + + if (!pts->quote(pts, "e_mode, "e_info, "e_sig)) { DBG1(DBG_IMC, "error occurred during TPM quote operation"); return FALSE; } - /* Send Simple Evidence Final attribute */ - flags = use_quote2 ? PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 : - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO; - comp_hash_algorithm = PTS_MEAS_ALGO_SHA1; - - attr = tcg_pts_attr_simple_evid_final_create(flags, - comp_hash_algorithm, pcr_composite, quote_sig); + attr = tcg_pts_attr_simple_evid_final_create(quote_info, quote_sig); msg->add_attribute(msg, attr); break; } diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c index 0b594cb10..b789a2104 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.c +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.c @@ -64,7 +64,7 @@ struct private_imc_attestation_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -114,12 +114,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_attestation_state_t *this, u_int32_t max_msg_len) + private_imc_attestation_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_attestation_state_t *this) { return this->max_msg_len; @@ -175,7 +175,7 @@ METHOD(imc_attestation_state_t, get_pts, pts_t*, METHOD(imc_attestation_state_t, create_component, pts_component_t*, private_imc_attestation_state_t *this, pts_comp_func_name_t *name, - u_int32_t depth) + uint32_t depth) { enumerator_t *enumerator; pts_component_t *component; diff --git a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h index 854c8825b..aaf27547c 100644 --- a/src/libimcv/plugins/imc_attestation/imc_attestation_state.h +++ b/src/libimcv/plugins/imc_attestation/imc_attestation_state.h @@ -57,7 +57,7 @@ struct imc_attestation_state_t { * @return created functional component instance or NULL */ pts_component_t* (*create_component)(imc_attestation_state_t *this, - pts_comp_func_name_t *name, u_int32_t depth); + pts_comp_func_name_t *name, uint32_t depth); /** * Add an entry to the Component Evidence cache list diff --git a/src/libimcv/plugins/imc_hcd/Makefile.in b/src/libimcv/plugins/imc_hcd/Makefile.in index 0d603c9e7..44aaf878b 100644 --- a/src/libimcv/plugins/imc_hcd/Makefile.in +++ b/src/libimcv/plugins/imc_hcd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_hcd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_hcd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_hcd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c index ce93d7ef7..60ccdce81 100644 --- a/src/libimcv/plugins/imc_hcd/imc_hcd_state.c +++ b/src/libimcv/plugins/imc_hcd/imc_hcd_state.c @@ -59,7 +59,7 @@ struct private_imc_hcd_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_hcd_state_t *this, u_int32_t max_msg_len) + private_imc_hcd_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_hcd_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imc_os/Makefile.in b/src/libimcv/plugins/imc_os/Makefile.in index d1787da3c..93d532db2 100644 --- a/src/libimcv/plugins/imc_os/Makefile.in +++ b/src/libimcv/plugins/imc_os/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_os -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_os/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_os/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_os/imc_os.c b/src/libimcv/plugins/imc_os/imc_os.c index af1862ad3..cabcd0a9e 100644 --- a/src/libimcv/plugins/imc_os/imc_os.c +++ b/src/libimcv/plugins/imc_os/imc_os.c @@ -162,7 +162,7 @@ static void add_product_info(imc_msg_t *msg) static void add_numeric_version(imc_msg_t *msg) { pa_tnc_attr_t *attr; - u_int32_t major, minor; + uint32_t major, minor; os->get_numeric_version(os, &major, &minor); DBG1(DBG_IMC, "operating system numeric version is %d.%d", diff --git a/src/libimcv/plugins/imc_os/imc_os_state.c b/src/libimcv/plugins/imc_os/imc_os_state.c index 139ab0597..a38696a81 100644 --- a/src/libimcv/plugins/imc_os/imc_os_state.c +++ b/src/libimcv/plugins/imc_os/imc_os_state.c @@ -59,7 +59,7 @@ struct private_imc_os_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_os_state_t *this, u_int32_t max_msg_len) + private_imc_os_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_os_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imc_scanner/Makefile.in b/src/libimcv/plugins/imc_scanner/Makefile.in index 2f03a7c70..44d827945 100644 --- a/src/libimcv/plugins/imc_scanner/Makefile.in +++ b/src/libimcv/plugins/imc_scanner/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_scanner -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +412,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_scanner/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_scanner/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -760,6 +773,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner.c b/src/libimcv/plugins/imc_scanner/imc_scanner.c index c67636f8f..bf2479cf5 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner.c @@ -128,8 +128,8 @@ static bool do_netstat(ietf_attr_port_filter_t *attr) while (fgets(buf, sizeof(buf), file)) { u_char *pos; - u_int8_t new_protocol, protocol; - u_int16_t new_port, port; + uint8_t new_protocol, protocol; + uint16_t new_port, port; int i; enumerator_t *enumerator; bool allowed, found = FALSE; diff --git a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c index d357859fa..c1b7a50e4 100644 --- a/src/libimcv/plugins/imc_scanner/imc_scanner_state.c +++ b/src/libimcv/plugins/imc_scanner/imc_scanner_state.c @@ -59,7 +59,7 @@ struct private_imc_scanner_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -93,12 +93,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_scanner_state_t *this, u_int32_t max_msg_len) + private_imc_scanner_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_scanner_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imc_swid/Makefile.in b/src/libimcv/plugins/imc_swid/Makefile.in index 981f86401..5eec53129 100644 --- a/src/libimcv/plugins/imc_swid/Makefile.in +++ b/src/libimcv/plugins/imc_swid/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_swid -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_swid/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -818,6 +831,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecDATA \ tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ uninstall-ipsecDATA uninstall-swidDATA +.PRECIOUS: Makefile + $(swid_tag) : regid.2004-03.org.strongswan_strongSwan.swidtag.in $(AM_V_GEN) \ diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.c b/src/libimcv/plugins/imc_swid/imc_swid_state.c index 65c279b3f..8d5e8e089 100644 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.c +++ b/src/libimcv/plugins/imc_swid/imc_swid_state.c @@ -59,7 +59,7 @@ struct private_imc_swid_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -69,7 +69,7 @@ struct private_imc_swid_state_t { /** * Event ID Epoch */ - u_int32_t eid_epoch; + uint32_t eid_epoch; }; METHOD(imc_state_t, get_connection_id, TNC_ConnectionID, @@ -98,12 +98,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_swid_state_t *this, u_int32_t max_msg_len) + private_imc_swid_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_swid_state_t *this) { return this->max_msg_len; @@ -146,7 +146,7 @@ METHOD(imc_state_t, destroy, void, free(this); } -METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t, +METHOD(imc_swid_state_t, get_eid_epoch, uint32_t, private_imc_swid_state_t *this) { return this->eid_epoch; @@ -158,11 +158,11 @@ METHOD(imc_swid_state_t, get_eid_epoch, u_int32_t, imc_state_t *imc_swid_state_create(TNC_ConnectionID connection_id) { private_imc_swid_state_t *this; - u_int32_t eid_epoch; + uint32_t eid_epoch; nonce_gen_t *ng; ng = lib->crypto->create_nonce_gen(lib->crypto); - if (!ng || !ng->get_nonce(ng, 4, (u_int8_t*)&eid_epoch)) + if (!ng || !ng->get_nonce(ng, 4, (uint8_t*)&eid_epoch)) { DBG1(DBG_TNC, "failed to generate random EID epoch value"); DESTROY_IF(ng); diff --git a/src/libimcv/plugins/imc_swid/imc_swid_state.h b/src/libimcv/plugins/imc_swid/imc_swid_state.h index cb3ac4589..c2719d21b 100644 --- a/src/libimcv/plugins/imc_swid/imc_swid_state.h +++ b/src/libimcv/plugins/imc_swid/imc_swid_state.h @@ -43,7 +43,7 @@ struct imc_swid_state_t { * * @return Event ID Epoch */ - u_int32_t (*get_eid_epoch)(imc_swid_state_t *this); + uint32_t (*get_eid_epoch)(imc_swid_state_t *this); }; diff --git a/src/libimcv/plugins/imc_test/Makefile.in b/src/libimcv/plugins/imc_test/Makefile.in index 7bf459044..508f7fe4b 100644 --- a/src/libimcv/plugins/imc_test/Makefile.in +++ b/src/libimcv/plugins/imc_test/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imc_test -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imc_test/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imc_test/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -759,6 +772,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imc_test/imc_test_state.c b/src/libimcv/plugins/imc_test/imc_test_state.c index d3f6805ad..047c82502 100644 --- a/src/libimcv/plugins/imc_test/imc_test_state.c +++ b/src/libimcv/plugins/imc_test/imc_test_state.c @@ -61,7 +61,7 @@ struct private_imc_test_state_t { /** * Maximum PA-TNC message size for this TNCCS connection */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * PA-TNC attribute segmentation contracts associated with TNCCS connection @@ -124,12 +124,12 @@ METHOD(imc_state_t, set_flags, void, } METHOD(imc_state_t, set_max_msg_len, void, - private_imc_test_state_t *this, u_int32_t max_msg_len) + private_imc_test_state_t *this, uint32_t max_msg_len) { this->max_msg_len = max_msg_len; } -METHOD(imc_state_t, get_max_msg_len, u_int32_t, +METHOD(imc_state_t, get_max_msg_len, uint32_t, private_imc_test_state_t *this) { return this->max_msg_len; diff --git a/src/libimcv/plugins/imv_attestation/Makefile.am b/src/libimcv/plugins/imv_attestation/Makefile.am index 6c5bf8913..f353d30fc 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.am +++ b/src/libimcv/plugins/imv_attestation/Makefile.am @@ -2,6 +2,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ @@ -11,6 +12,7 @@ imcv_LTLIBRARIES = imv-attestation.la imv_attestation_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la imv_attestation_la_SOURCES = imv_attestation.c \ @@ -27,6 +29,7 @@ attest_SOURCES = attest.c \ attest_db.h attest_db.c attest_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la attest.o : $(top_builddir)/config.status diff --git a/src/libimcv/plugins/imv_attestation/Makefile.in b/src/libimcv/plugins/imv_attestation/Makefile.in index d3f790091..61b92e0e4 100644 --- a/src/libimcv/plugins/imv_attestation/Makefile.in +++ b/src/libimcv/plugins/imv_attestation/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = attest$(EXEEXT) subdir = src/libimcv/plugins/imv_attestation -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -131,6 +140,7 @@ am__installdirs = "$(DESTDIR)$(imcvdir)" "$(DESTDIR)$(ipsecdir)" LTLIBRARIES = $(imcv_LTLIBRARIES) imv_attestation_la_DEPENDENCIES = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la am_imv_attestation_la_OBJECTS = imv_attestation.lo \ imv_attestation_state.lo imv_attestation_agent.lo \ @@ -149,6 +159,7 @@ am_attest_OBJECTS = attest.$(OBJEXT) attest_usage.$(OBJEXT) \ attest_db.$(OBJEXT) attest_OBJECTS = $(am_attest_OBJECTS) attest_DEPENDENCIES = $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -210,12 +221,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +278,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +313,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +425,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -442,6 +458,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss \ -DPLUGINS=\""${attest_plugins}\"" AM_CFLAGS = \ @@ -450,6 +467,7 @@ AM_CFLAGS = \ imcv_LTLIBRARIES = imv-attestation.la imv_attestation_la_LIBADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la imv_attestation_la_SOURCES = imv_attestation.c \ @@ -465,6 +483,7 @@ attest_SOURCES = attest.c \ attest_LDADD = \ $(top_builddir)/src/libimcv/libimcv.la \ + $(top_builddir)/src/libtpmtss/libtpmtss.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la EXTRA_DIST = build-database.sh @@ -484,7 +503,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_attestation/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -847,6 +865,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + attest.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libimcv/plugins/imv_attestation/attest_db.c b/src/libimcv/plugins/imv_attestation/attest_db.c index f1a1f923e..034418428 100644 --- a/src/libimcv/plugins/imv_attestation/attest_db.c +++ b/src/libimcv/plugins/imv_attestation/attest_db.c @@ -853,7 +853,7 @@ METHOD(attest_db_t, list_devices, void, time_t timestamp; int id, last_id = 0, ar_id = 0, last_ar_id = 0, device_count = 0, trusted; int session_id, rec; - u_int32_t ar_id_type; + uint32_t ar_id_type; u_int tstamp; e = this->db->query(this->db, diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c index 91c12f33b..89ba86930 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_agent.c @@ -217,7 +217,12 @@ static TNC_Result receive_msg(private_imv_attestation_agent_t *this, DBG1(DBG_IMV, "received TCG-PTS error '%N'", pts_error_code_names, error_code.type); DBG1(DBG_IMV, "error information: %B", &msg_info); - fatal_error = TRUE; + + /* TPM 2.0 doesn't return TPM Version Information */ + if (error_code.type != TCG_PTS_TPM_VERS_NOT_SUPPORTED) + { + fatal_error = TRUE; + } } break; } diff --git a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c index c3e053d9b..b1ee16bf8 100644 --- a/src/libimcv/plugins/imv_attestation/imv_attestation_process.c +++ b/src/libimcv/plugins/imv_attestation/imv_attestation_process.c @@ -418,45 +418,31 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, case TCG_PTS_SIMPLE_EVID_FINAL: { tcg_pts_attr_simple_evid_final_t *attr_cast; - uint8_t flags; - pts_meas_algorithms_t comp_hash_algorithm; - chunk_t pcr_comp, tpm_quote_sig, evid_sig; - chunk_t pcr_composite, quote_info, result_buf; + tpm_tss_quote_info_t *quote_info; + chunk_t quoted = chunk_empty, quote_sig, evid_sig, result_buf; imv_workitem_t *workitem; imv_reason_string_t *reason_string; + hash_algorithm_t digest_alg; enumerator_t *enumerator; - bool use_quote2, use_ver_info; bio_writer_t *result; attr_cast = (tcg_pts_attr_simple_evid_final_t*)attr; - flags = attr_cast->get_quote_info(attr_cast, &comp_hash_algorithm, - &pcr_comp, &tpm_quote_sig); + attr_cast->get_quote_info(attr_cast, "e_info, "e_sig); - if (flags != PTS_SIMPLE_EVID_FINAL_NO) + if (quote_info->get_quote_mode(quote_info) != TPM_QUOTE_NONE) { - use_quote2 = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 || - flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); - use_ver_info = (flags == PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER); - /* Construct PCR Composite and TPM Quote Info structures */ - if (!pts->get_quote_info(pts, use_quote2, use_ver_info, - comp_hash_algorithm, &pcr_composite, "e_info)) - { - DBG1(DBG_IMV, "unable to construct TPM Quote Info"); - return FALSE; - } - - if (!chunk_equals_const(pcr_comp, pcr_composite)) + if (!pts->get_quote(pts, quote_info, "ed)) { - DBG1(DBG_IMV, "received PCR Composite does not match " - "constructed one"); + DBG1(DBG_IMV, "unable to construct TPM Quote Info digest"); attestation_state->set_measurement_error(attestation_state, IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL); goto quote_error; } - DBG2(DBG_IMV, "received PCR Composite matches constructed one"); + digest_alg = quote_info->get_pcr_digest_alg(quote_info); - if (!pts->verify_quote_signature(pts, quote_info, tpm_quote_sig)) + if (!pts->verify_quote_signature(pts, digest_alg, quoted, + quote_sig)) { attestation_state->set_measurement_error(attestation_state, IMV_ATTESTATION_ERROR_TPM_QUOTE_FAIL); @@ -465,8 +451,7 @@ bool imv_attestation_process(pa_tnc_attr_t *attr, imv_msg_t *out_msg, DBG2(DBG_IMV, "TPM Quote Info signature verification successful"); quote_error: - free(pcr_composite.ptr); - free(quote_info.ptr); + chunk_free("ed); /** * Finalize any pending measurement registrations and check diff --git a/src/libimcv/plugins/imv_hcd/Makefile.am b/src/libimcv/plugins/imv_hcd/Makefile.am index 28926d45e..0dce300ef 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.am +++ b/src/libimcv/plugins/imv_hcd/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ diff --git a/src/libimcv/plugins/imv_hcd/Makefile.in b/src/libimcv/plugins/imv_hcd/Makefile.in index c179a94e4..4fdbbf49c 100644 --- a/src/libimcv/plugins/imv_hcd/Makefile.in +++ b/src/libimcv/plugins/imv_hcd/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_hcd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -198,12 +207,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -253,6 +264,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -287,6 +299,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -398,6 +411,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -429,6 +443,7 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ @@ -459,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_hcd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_hcd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -763,6 +777,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imv_os/Makefile.am b/src/libimcv/plugins/imv_os/Makefile.am index 3b3f793f1..f5bc9010c 100644 --- a/src/libimcv/plugins/imv_os/Makefile.am +++ b/src/libimcv/plugins/imv_os/Makefile.am @@ -1,7 +1,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) diff --git a/src/libimcv/plugins/imv_os/Makefile.in b/src/libimcv/plugins/imv_os/Makefile.in index c6f925aa0..d2997a940 100644 --- a/src/libimcv/plugins/imv_os/Makefile.in +++ b/src/libimcv/plugins/imv_os/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_FALSE@ipsec_PROGRAMS = pacman$(EXEEXT) subdir = src/libimcv/plugins/imv_os -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -437,7 +451,8 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -471,7 +486,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_os/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_os/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -831,6 +845,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES uninstall-ipsecPROGRAMS tags tags-am uninstall uninstall-am uninstall-imcvLTLIBRARIES \ uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + @USE_WINDOWS_FALSE@pacman.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/libimcv/plugins/imv_scanner/Makefile.am b/src/libimcv/plugins/imv_scanner/Makefile.am index 98814437e..3b3ee818f 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.am +++ b/src/libimcv/plugins/imv_scanner/Makefile.am @@ -1,7 +1,8 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) diff --git a/src/libimcv/plugins/imv_scanner/Makefile.in b/src/libimcv/plugins/imv_scanner/Makefile.in index 0eee4d1e0..ffca30cd9 100644 --- a/src/libimcv/plugins/imv_scanner/Makefile.in +++ b/src/libimcv/plugins/imv_scanner/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_scanner -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -431,7 +445,8 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ - -I$(top_srcdir)/src/libimcv + -I$(top_srcdir)/src/libimcv \ + -I$(top_srcdir)/src/libtpmtss AM_CFLAGS = \ $(PLUGIN_CFLAGS) @@ -461,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_scanner/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_scanner/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -765,6 +779,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c index acef11cad..8dce4986f 100644 --- a/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c +++ b/src/libimcv/plugins/imv_scanner/imv_scanner_agent.c @@ -185,13 +185,13 @@ METHOD(imv_agent_if_t, receive_message_long, TNC_Result, typedef struct port_range_t port_range_t; struct port_range_t { - u_int16_t start, stop; + uint16_t start, stop; }; /** * Parse a TCP or UDP port list from an argument string */ -static linked_list_t* get_port_list(u_int8_t protocol_family, +static linked_list_t* get_port_list(uint8_t protocol_family, bool closed_port_policy, char *arg_str) { chunk_t port_list, port_item, port_start; @@ -336,8 +336,8 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result, { TNC_IMV_Evaluation_Result eval; TNC_IMV_Action_Recommendation rec; - u_int8_t protocol_family, protocol; - u_int16_t port; + uint8_t protocol_family, protocol; + uint16_t port; bool closed_port_policy, blocked, first; char result_str[BUF_LEN], *pos, *protocol_str; size_t len; diff --git a/src/libimcv/plugins/imv_swid/Makefile.am b/src/libimcv/plugins/imv_swid/Makefile.am index 3a63b67d2..73da84b55 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.am +++ b/src/libimcv/plugins/imv_swid/Makefile.am @@ -1,6 +1,7 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ diff --git a/src/libimcv/plugins/imv_swid/Makefile.in b/src/libimcv/plugins/imv_swid/Makefile.in index ce246da57..aea48e7af 100644 --- a/src/libimcv/plugins/imv_swid/Makefile.in +++ b/src/libimcv/plugins/imv_swid/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_swid -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -432,6 +446,7 @@ xml_LIBS = @xml_LIBS@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtpmtss \ -I$(top_srcdir)/src/libimcv AM_CFLAGS = \ @@ -465,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_swid/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +784,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/plugins/imv_test/Makefile.in b/src/libimcv/plugins/imv_test/Makefile.in index 19cef2073..30fa3c7a9 100644 --- a/src/libimcv/plugins/imv_test/Makefile.in +++ b/src/libimcv/plugins/imv_test/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libimcv/plugins/imv_test -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +412,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libimcv/plugins/imv_test/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libimcv/plugins/imv_test/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -764,6 +777,8 @@ uninstall-am: uninstall-imcvLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-imcvLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libimcv/pts/components/ita/ita_comp_ima.h b/src/libimcv/pts/components/ita/ita_comp_ima.h index 546d0a4b2..0577eccd9 100644 --- a/src/libimcv/pts/components/ita/ita_comp_ima.h +++ b/src/libimcv/pts/components/ita/ita_comp_ima.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_ima_create(u_int32_t depth, +pts_component_t* pts_ita_comp_ima_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_IMA_H_ @}*/ diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.c b/src/libimcv/pts/components/ita/ita_comp_tboot.c index 3d990f6f2..324c41f12 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tboot.c +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.c @@ -43,7 +43,7 @@ struct pts_ita_comp_tboot_t { /** * Sub-component depth */ - u_int32_t depth; + uint32_t depth; /** * PTS measurement database @@ -93,20 +93,20 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_component_t, get_evidence_flags, u_int8_t, +METHOD(pts_component_t, get_evidence_flags, uint8_t, pts_ita_comp_tboot_t *this) { return PTS_REQ_FUNC_COMP_EVID_PCR; } -METHOD(pts_component_t, get_depth, u_int32_t, +METHOD(pts_component_t, get_depth, uint32_t, pts_ita_comp_tboot_t *this) { return this->depth; } METHOD(pts_component_t, measure, status_t, - pts_ita_comp_tboot_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tboot_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t **evidence) { @@ -117,7 +117,7 @@ METHOD(pts_component_t, measure, status_t, pts_comp_evidence_t *evid; char *meas_hex, *pcr_before_hex, *pcr_after_hex; chunk_t measurement, pcr_before, pcr_after; - u_int32_t extended_pcr; + uint32_t extended_pcr; switch (this->seq_no++) { @@ -183,11 +183,11 @@ METHOD(pts_component_t, measure, status_t, } METHOD(pts_component_t, verify, status_t, - pts_ita_comp_tboot_t *this, u_int8_t qualifier,pts_t *pts, + pts_ita_comp_tboot_t *this, uint8_t qualifier,pts_t *pts, pts_comp_evidence_t *evidence) { bool has_pcr_info; - u_int32_t extended_pcr, vid, name; + uint32_t extended_pcr, vid, name; enum_name_t *names; pts_meas_algorithms_t algo; pts_pcr_transform_t transform; @@ -264,7 +264,7 @@ METHOD(pts_component_t, verify, status_t, } METHOD(pts_component_t, finalize, bool, - pts_ita_comp_tboot_t *this, u_int8_t qualifier, bio_writer_t *result) + pts_ita_comp_tboot_t *this, uint8_t qualifier, bio_writer_t *result) { char result_buf[BUF_LEN]; @@ -304,7 +304,7 @@ METHOD(pts_component_t, destroy, void, pts_ita_comp_tboot_t *this) { int count; - u_int32_t vid, name; + uint32_t vid, name; enum_name_t *names; if (ref_put(&this->ref)) @@ -328,7 +328,7 @@ METHOD(pts_component_t, destroy, void, /** * See header */ -pts_component_t *pts_ita_comp_tboot_create(u_int32_t depth, +pts_component_t *pts_ita_comp_tboot_create(uint32_t depth, pts_database_t *pts_db) { pts_ita_comp_tboot_t *this; diff --git a/src/libimcv/pts/components/ita/ita_comp_tboot.h b/src/libimcv/pts/components/ita/ita_comp_tboot.h index 1e1a14831..0459500cc 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tboot.h +++ b/src/libimcv/pts/components/ita/ita_comp_tboot.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_tboot_create(u_int32_t depth, +pts_component_t* pts_ita_comp_tboot_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_TBOOT_H_ @}*/ diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.c b/src/libimcv/pts/components/ita/ita_comp_tgrub.c index e9555726a..a5a1a9b96 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tgrub.c +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.c @@ -42,7 +42,7 @@ struct pts_ita_comp_tgrub_t { /** * Sub-component depth */ - u_int32_t depth; + uint32_t depth; /** * PTS measurement database @@ -62,27 +62,27 @@ METHOD(pts_component_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_component_t, get_evidence_flags, u_int8_t, +METHOD(pts_component_t, get_evidence_flags, uint8_t, pts_ita_comp_tgrub_t *this) { return PTS_REQ_FUNC_COMP_EVID_PCR; } -METHOD(pts_component_t, get_depth, u_int32_t, +METHOD(pts_component_t, get_depth, uint32_t, pts_ita_comp_tgrub_t *this) { return this->depth; } METHOD(pts_component_t, measure, status_t, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t **evidence) { size_t pcr_len; pts_pcr_transform_t pcr_transform; pts_meas_algorithms_t hash_algo; pts_comp_evidence_t *evid; - u_int32_t extended_pcr; + uint32_t extended_pcr; time_t measurement_time; chunk_t measurement, pcr_before, pcr_after; @@ -90,7 +90,7 @@ METHOD(pts_component_t, measure, status_t, extended_pcr = PCR_DEBUG; time(&measurement_time); - if (!pts->read_pcr(pts, extended_pcr, &pcr_after)) + if (!pts->read_pcr(pts, extended_pcr, &pcr_after, HASH_SHA1)) { DBG1(DBG_PTS, "error occurred while reading PCR: %d", extended_pcr); return FAILED; @@ -116,11 +116,11 @@ METHOD(pts_component_t, measure, status_t, } METHOD(pts_component_t, verify, status_t, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, pts_t *pts, + pts_ita_comp_tgrub_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t *evidence) { bool has_pcr_info; - u_int32_t extended_pcr; + uint32_t extended_pcr; pts_meas_algorithms_t algo; pts_pcr_transform_t transform; pts_pcr_t *pcrs; @@ -155,7 +155,7 @@ METHOD(pts_component_t, verify, status_t, } METHOD(pts_component_t, finalize, bool, - pts_ita_comp_tgrub_t *this, u_int8_t qualifier, bio_writer_t *result) + pts_ita_comp_tgrub_t *this, uint8_t qualifier, bio_writer_t *result) { return FALSE; } @@ -180,7 +180,7 @@ METHOD(pts_component_t, destroy, void, /** * See header */ -pts_component_t *pts_ita_comp_tgrub_create(u_int32_t depth, +pts_component_t *pts_ita_comp_tgrub_create(uint32_t depth, pts_database_t *pts_db) { pts_ita_comp_tgrub_t *this; diff --git a/src/libimcv/pts/components/ita/ita_comp_tgrub.h b/src/libimcv/pts/components/ita/ita_comp_tgrub.h index 59913c82d..7c856ebb9 100644 --- a/src/libimcv/pts/components/ita/ita_comp_tgrub.h +++ b/src/libimcv/pts/components/ita/ita_comp_tgrub.h @@ -29,7 +29,7 @@ * @param depth Sub-component depth * @param pts_db PTS measurement database */ -pts_component_t* pts_ita_comp_tgrub_create(u_int32_t depth, +pts_component_t* pts_ita_comp_tgrub_create(uint32_t depth, pts_database_t *pts_db); #endif /** PTS_ITA_COMP_TGRUB_H_ @}*/ diff --git a/src/libimcv/pts/components/pts_comp_evidence.c b/src/libimcv/pts/components/pts_comp_evidence.c index 08c3d5e9a..f039deb7a 100644 --- a/src/libimcv/pts/components/pts_comp_evidence.c +++ b/src/libimcv/pts/components/pts_comp_evidence.c @@ -37,7 +37,7 @@ struct private_pts_comp_evidence_t { /** * Sub-Component Depth */ - u_int32_t depth; + uint32_t depth; /** * Measurement Time @@ -62,7 +62,7 @@ struct private_pts_comp_evidence_t { /** * PCR the measurement was extended into */ - u_int32_t extended_pcr; + uint32_t extended_pcr; /** * PCR value before extension @@ -92,7 +92,7 @@ struct private_pts_comp_evidence_t { }; METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*, - private_pts_comp_evidence_t *this, u_int32_t *depth) + private_pts_comp_evidence_t *this, uint32_t *depth) { if (depth) { @@ -101,14 +101,14 @@ METHOD(pts_comp_evidence_t, get_comp_func_name, pts_comp_func_name_t*, return this->name; } -METHOD(pts_comp_evidence_t, get_extended_pcr, u_int32_t, +METHOD(pts_comp_evidence_t, get_extended_pcr, uint32_t, private_pts_comp_evidence_t *this) { return this->extended_pcr; } METHOD(pts_comp_evidence_t, get_measurement, chunk_t, - private_pts_comp_evidence_t *this, u_int32_t *extended_pcr, + private_pts_comp_evidence_t *this, uint32_t *extended_pcr, pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform, time_t *measurement_time) { @@ -193,8 +193,8 @@ METHOD(pts_comp_evidence_t, destroy, void, * See header */ pts_comp_evidence_t *pts_comp_evidence_create(pts_comp_func_name_t *name, - u_int32_t depth, - u_int32_t extended_pcr, + uint32_t depth, + uint32_t extended_pcr, pts_meas_algorithms_t algo, pts_pcr_transform_t transform, time_t measurement_time, diff --git a/src/libimcv/pts/components/pts_comp_evidence.h b/src/libimcv/pts/components/pts_comp_evidence.h index 55776ce8b..6178c2abd 100644 --- a/src/libimcv/pts/components/pts_comp_evidence.h +++ b/src/libimcv/pts/components/pts_comp_evidence.h @@ -70,14 +70,14 @@ struct pts_comp_evidence_t { * @result Component Functional Name */ pts_comp_func_name_t* (*get_comp_func_name)(pts_comp_evidence_t *this, - u_int32_t *depth); + uint32_t *depth); /** * Gets the PCR the measurement was extended into * * @result PCR the measurement was extended into */ - u_int32_t (*get_extended_pcr)(pts_comp_evidence_t *this); + uint32_t (*get_extended_pcr)(pts_comp_evidence_t *this); /** * Gets the measurement and the algorithms used @@ -89,7 +89,7 @@ struct pts_comp_evidence_t { * @result Measurement hash value */ chunk_t (*get_measurement)(pts_comp_evidence_t *this, - u_int32_t *extended_pcr, + uint32_t *extended_pcr, pts_meas_algorithms_t *algo, pts_pcr_transform_t *transform, time_t *measurement_time); @@ -150,8 +150,8 @@ struct pts_comp_evidence_t { * @param measurement Measurement hash value */ pts_comp_evidence_t* pts_comp_evidence_create(pts_comp_func_name_t *name, - u_int32_t depth, - u_int32_t extended_pcr, + uint32_t depth, + uint32_t extended_pcr, pts_meas_algorithms_t algo, pts_pcr_transform_t transform, time_t measurement_time, diff --git a/src/libimcv/pts/components/pts_comp_func_name.c b/src/libimcv/pts/components/pts_comp_func_name.c index e12522ed1..00494e1ad 100644 --- a/src/libimcv/pts/components/pts_comp_func_name.c +++ b/src/libimcv/pts/components/pts_comp_func_name.c @@ -35,40 +35,40 @@ struct private_pts_comp_func_name_t { /** * PTS Component Functional Name Vendor ID */ - u_int32_t vid; + uint32_t vid; /** * PTS Component Functional Name */ - u_int32_t name; + uint32_t name; /** * PTS Component Functional Name Qualifier */ - u_int8_t qualifier; + uint8_t qualifier; }; -METHOD(pts_comp_func_name_t, get_vendor_id, u_int32_t, +METHOD(pts_comp_func_name_t, get_vendor_id, uint32_t, private_pts_comp_func_name_t *this) { return this->vid; } -METHOD(pts_comp_func_name_t, get_name, u_int32_t, +METHOD(pts_comp_func_name_t, get_name, uint32_t, private_pts_comp_func_name_t *this) { return this->name; } -METHOD(pts_comp_func_name_t, get_qualifier, u_int8_t, +METHOD(pts_comp_func_name_t, get_qualifier, uint8_t, private_pts_comp_func_name_t *this) { return this->qualifier; } METHOD(pts_comp_func_name_t, set_qualifier, void, - private_pts_comp_func_name_t *this, u_int8_t qualifier) + private_pts_comp_func_name_t *this, uint8_t qualifier) { this->qualifier = qualifier; } @@ -117,12 +117,12 @@ METHOD(pts_comp_func_name_t, log_, void, if (names && types) { - DBG2(DBG_PTS, "%s%N functional component '%N' [%s] '%N'", + DBG3(DBG_PTS, "%s%N functional component '%N' [%s] '%N'", label, pen_names, this->vid, names, this->name, flags, types, type); } else { - DBG2(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x", + DBG3(DBG_PTS, "%s0x%06x functional component 0x%08x 0x%02x", label, this->vid, this->name, this->qualifier); } } @@ -136,8 +136,8 @@ METHOD(pts_comp_func_name_t, destroy, void, /** * See header */ -pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name, - u_int8_t qualifier) +pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name, + uint8_t qualifier) { private_pts_comp_func_name_t *this; diff --git a/src/libimcv/pts/components/pts_comp_func_name.h b/src/libimcv/pts/components/pts_comp_func_name.h index 90ad7083f..cb069c404 100644 --- a/src/libimcv/pts/components/pts_comp_func_name.h +++ b/src/libimcv/pts/components/pts_comp_func_name.h @@ -38,28 +38,28 @@ struct pts_comp_func_name_t { * * @return PTS Component Functional Name Vendor ID */ - u_int32_t (*get_vendor_id)(pts_comp_func_name_t *this); + uint32_t (*get_vendor_id)(pts_comp_func_name_t *this); /** * Get the PTS Component Functional Name * * @return PTS Component Functional Name */ - u_int32_t (*get_name)(pts_comp_func_name_t *this); + uint32_t (*get_name)(pts_comp_func_name_t *this); /** * Get the PTS Component Functional Name Qualifier * * @return PTS Component Functional Name Qualifier */ - u_int8_t (*get_qualifier)(pts_comp_func_name_t *this); + uint8_t (*get_qualifier)(pts_comp_func_name_t *this); /** * Set the PTS Component Functional Name Qualifier * * @param qualifier PTS Component Functional Name Qualifier to be set */ - void (*set_qualifier)(pts_comp_func_name_t *this, u_int8_t qualifier); + void (*set_qualifier)(pts_comp_func_name_t *this, uint8_t qualifier); /** * Check to PTS Component Functional Names for equality @@ -97,7 +97,7 @@ struct pts_comp_func_name_t { * @param name PTS Component Functional Name * @param qualifier PTS Component Functional Name Qualifier */ -pts_comp_func_name_t* pts_comp_func_name_create(u_int32_t vid, u_int32_t name, - u_int8_t qualifier); +pts_comp_func_name_t* pts_comp_func_name_create(uint32_t vid, uint32_t name, + uint8_t qualifier); #endif /** PTS_FUNC_COMP_NAME_H_ @}*/ diff --git a/src/libimcv/pts/components/pts_component.h b/src/libimcv/pts/components/pts_component.h index 71b1ad59c..1ca4458bf 100644 --- a/src/libimcv/pts/components/pts_component.h +++ b/src/libimcv/pts/components/pts_component.h @@ -49,14 +49,14 @@ struct pts_component_t { * * @return PTS Component Functional Name */ - u_int8_t (*get_evidence_flags)(pts_component_t *this); + uint8_t (*get_evidence_flags)(pts_component_t *this); /** * Get the PTS Sub-component Depth * * @return PTS Sub-component Depth */ - u_int32_t (*get_depth)(pts_component_t *this); + uint32_t (*get_depth)(pts_component_t *this); /** * Do evidence measurements on the PTS Functional Component @@ -67,7 +67,7 @@ struct pts_component_t { * @param measurements additional file measurements (NULL if not present) * @return status return code */ - status_t (*measure)(pts_component_t *this, u_int8_t qualifier, pts_t *pts, + status_t (*measure)(pts_component_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t** evidence); /** @@ -78,7 +78,7 @@ struct pts_component_t { * @param evidence component evidence measurement to be verified * @return status return code */ - status_t (*verify)(pts_component_t *this, u_int8_t qualifier, pts_t *pts, + status_t (*verify)(pts_component_t *this, uint8_t qualifier, pts_t *pts, pts_comp_evidence_t *evidence); /** @@ -89,7 +89,7 @@ struct pts_component_t { * @param result writer appending concise measurement result * @return TRUE if finalization successful */ - bool (*finalize)(pts_component_t *this, u_int8_t qualifier, + bool (*finalize)(pts_component_t *this, uint8_t qualifier, bio_writer_t *result); /** diff --git a/src/libimcv/pts/components/pts_component_manager.c b/src/libimcv/pts/components/pts_component_manager.c index 9c1375b79..4f0004fe8 100644 --- a/src/libimcv/pts/components/pts_component_manager.c +++ b/src/libimcv/pts/components/pts_component_manager.c @@ -77,7 +77,7 @@ struct component_entry_t { /** * Vendor-Specific Component Functional Name */ - u_int32_t name; + uint32_t name; /** * Functional Component creation method @@ -165,7 +165,7 @@ METHOD(pts_component_manager_t, get_qualifier_type_names, enum_name_t*, } METHOD(pts_component_manager_t, add_component, void, - private_pts_component_manager_t *this, pen_t vendor_id, u_int32_t name, + private_pts_component_manager_t *this, pen_t vendor_id, uint32_t name, pts_component_create_t create) { enumerator_t *enumerator; @@ -210,13 +210,13 @@ METHOD(pts_component_manager_t, remove_vendor, void, enumerator->destroy(enumerator); } -METHOD(pts_component_manager_t, get_qualifier, u_int8_t, +METHOD(pts_component_manager_t, get_qualifier, uint8_t, private_pts_component_manager_t *this, pts_comp_func_name_t *name, char *flags) { enumerator_t *enumerator; vendor_entry_t *entry; - u_int8_t qualifier, size, flag, type = 0; + uint8_t qualifier, size, flag, type = 0; int i; enumerator = this->list->create_enumerator(this->list); @@ -252,7 +252,7 @@ METHOD(pts_component_manager_t, get_qualifier, u_int8_t, METHOD(pts_component_manager_t, create, pts_component_t*, private_pts_component_manager_t *this, - pts_comp_func_name_t *name, u_int32_t depth, pts_database_t *pts_db) + pts_comp_func_name_t *name, uint32_t depth, pts_database_t *pts_db) { enumerator_t *enumerator, *e2; vendor_entry_t *entry; diff --git a/src/libimcv/pts/components/pts_component_manager.h b/src/libimcv/pts/components/pts_component_manager.h index 00f8765ca..bd1974b92 100644 --- a/src/libimcv/pts/components/pts_component_manager.h +++ b/src/libimcv/pts/components/pts_component_manager.h @@ -30,7 +30,7 @@ typedef struct pts_component_manager_t pts_component_manager_t; #include <library.h> #include <pen/pen.h> -typedef pts_component_t* (*pts_component_create_t)(u_int32_t depth, +typedef pts_component_t* (*pts_component_create_t)(uint32_t depth, pts_database_t *pts_db); /** @@ -61,7 +61,7 @@ struct pts_component_manager_t { * @param create Functional Component creation method */ void (*add_component)(pts_component_manager_t *this, pen_t vendor_id, - u_int32_t name, pts_component_create_t create); + uint32_t name, pts_component_create_t create); /** * Remove vendor-specific components and associated namespace @@ -95,7 +95,7 @@ struct pts_component_manager_t { * @param flags Qualifier Flags as a string in a char buffer * @return Qualifier Type */ - u_int8_t (*get_qualifier)(pts_component_manager_t *this, + uint8_t (*get_qualifier)(pts_component_manager_t *this, pts_comp_func_name_t *name, char *flags); /** @@ -107,7 +107,7 @@ struct pts_component_manager_t { * @return Component object if supported, NULL else */ pts_component_t* (*create)(pts_component_manager_t *this, - pts_comp_func_name_t *name, u_int32_t depth, + pts_comp_func_name_t *name, uint32_t depth, pts_database_t *pts_db); /** diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c index 1ca72098e..2ba949e40 100644 --- a/src/libimcv/pts/pts.c +++ b/src/libimcv/pts/pts.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -21,21 +21,8 @@ #include <bio/bio_writer.h> #include <bio/bio_reader.h> -#ifdef TSS_TROUSERS -#ifdef _BASETSD_H_ -/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */ -# define _BASETSD_H -#endif -#include <trousers/tss.h> -#include <trousers/trousers.h> -#else -#ifndef TPM_TAG_QUOTE_INFO2 -#define TPM_TAG_QUOTE_INFO2 0x0036 -#endif -#ifndef TPM_LOC_ZERO -#define TPM_LOC_ZERO 0x01 -#endif -#endif +#include <tpm_tss.h> +#include <tpm_tss_trousers.h> #include <sys/types.h> #include <sys/stat.h> @@ -43,6 +30,13 @@ #include <unistd.h> #include <errno.h> +#ifndef TPM_TAG_QUOTE_INFO2 +#define TPM_TAG_QUOTE_INFO2 0x0036 +#endif +#ifndef TPM_LOC_ZERO +#define TPM_LOC_ZERO 0x01 +#endif + typedef struct private_pts_t private_pts_t; /** @@ -102,9 +96,9 @@ struct private_pts_t { bool is_imc; /** - * Do we have an activated TPM + * Active TPM */ - bool has_tpm; + tpm_tss_t *tpm; /** * Contains a TPM_CAP_VERSION_INFO struct @@ -112,14 +106,14 @@ struct private_pts_t { chunk_t tpm_version_info; /** - * Contains TSS Blob structure for AIK + * AIK object handle */ - chunk_t aik_blob; + uint32_t aik_handle; /** - * Contains a Attestation Identity Key or Certificate + * Contains an Attestation Identity Key Certificate */ - certificate_t *aik; + certificate_t *aik_cert; /** * Primary key referening AIK in database @@ -191,7 +185,6 @@ METHOD(pts_t, set_dh_hash_algorithm, void, } } - METHOD(pts_t, create_dh_nonce, bool, private_pts_t *this, pts_dh_group_t group, int nonce_len) { @@ -306,41 +299,6 @@ METHOD(pts_t, calculate_secret, bool, return TRUE; } -#ifdef TSS_TROUSERS - -/** - * Print TPM 1.2 Version Info - */ -static void print_tpm_version_info(private_pts_t *this) -{ - TPM_CAP_VERSION_INFO *info; - - info = (TPM_CAP_VERSION_INFO*)this->tpm_version_info.ptr; - - if (this->tpm_version_info.len >= - sizeof(*info) - sizeof(info->vendorSpecific)) - { - DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, " - "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s", - info->version.major, info->version.minor, - info->version.revMajor, info->version.revMinor, - untoh16(&info->specLevel), info->errataRev, info->tpmVendorID); - } - else - { - DBG1(DBG_PTS, "could not parse tpm version info"); - } -} - -#else - -static void print_tpm_version_info(private_pts_t *this) -{ - DBG1(DBG_PTS, "unknown TPM version: no TSS implementation available"); -} - -#endif /* TSS_TROUSERS */ - METHOD(pts_t, get_platform_id, int, private_pts_t *this) { @@ -356,104 +314,135 @@ METHOD(pts_t, set_platform_id, void, METHOD(pts_t, get_tpm_version_info, bool, private_pts_t *this, chunk_t *info) { - if (!this->has_tpm) - { - return FALSE; - } - *info = this->tpm_version_info; - print_tpm_version_info(this); - return TRUE; + *info = this->tpm ? this->tpm->get_version_info(this->tpm) : + this->tpm_version_info; + return info->len > 0; } METHOD(pts_t, set_tpm_version_info, void, private_pts_t *this, chunk_t info) { this->tpm_version_info = chunk_clone(info); - print_tpm_version_info(this); -} - -/** - * Load an AIK Blob (TSS_TSPATTRIB_KEYBLOB_BLOB attribute) - */ -static void load_aik_blob(private_pts_t *this) -{ - char *path; - chunk_t *map; - - path = lib->settings->get_str(lib->settings, - "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); - if (path) - { - map = chunk_map(path, FALSE); - if (map) - { - DBG2(DBG_PTS, "loaded AIK Blob from '%s'", path); - DBG3(DBG_PTS, "AIK Blob: %B", map); - this->aik_blob = chunk_clone(*map); - chunk_unmap(map); - } - else - { - DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", - path, strerror(errno)); - } - } - else - { - DBG1(DBG_PTS, "AIK Blob is not available"); - } + /* print_tpm_version_info(this); */ } /** - * Load an AIK certificate or public key + * Load an AIK handle and an optional AIK certificate and + * in the case of a TPM 1.2 an AIK private key blob plus matching public key, * the certificate having precedence over the public key if both are present */ static void load_aik(private_pts_t *this) { - char *cert_path, *key_path; + char *handle_str, *cert_path, *key_path, *blob_path; + chunk_t aik_pubkey = chunk_empty; + handle_str = lib->settings->get_str(lib->settings, + "%s.plugins.imc-attestation.aik_handle", NULL, lib->ns); cert_path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_cert", NULL, lib->ns); key_path = lib->settings->get_str(lib->settings, "%s.plugins.imc-attestation.aik_pubkey", NULL, lib->ns); + blob_path = lib->settings->get_str(lib->settings, + "%s.plugins.imc-attestation.aik_blob", NULL, lib->ns); + if (handle_str) + { + this->aik_handle = strtoll(handle_str, NULL, 16); + } if (cert_path) { - this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, + this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509, BUILD_FROM_FILE, cert_path, BUILD_END); - if (this->aik) + if (this->aik_cert) { DBG2(DBG_PTS, "loaded AIK certificate from '%s'", cert_path); - return; } } - if (key_path) + + if (this->tpm->get_version(this->tpm) == TPM_VERSION_1_2) { - this->aik = lib->creds->create(lib->creds, CRED_CERTIFICATE, - CERT_TRUSTED_PUBKEY, BUILD_FROM_FILE, - key_path, BUILD_END); - if (this->aik) + tpm_tss_trousers_t *tpm_12; + chunk_t aik_blob = chunk_empty; + chunk_t *map; + + /* get AIK private key blob */ + if (blob_path) { - DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); - return; + map = chunk_map(blob_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path); + DBG3(DBG_PTS, "AIK Blob: %B", map); + aik_blob = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK Blob file '%s': %s", + blob_path, strerror(errno)); + } } + else + { + DBG1(DBG_PTS, "AIK Blob is not available"); + } + + /* get AIK public key */ + if (key_path) + { + map = chunk_map(key_path, FALSE); + if (map) + { + DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path); + aik_pubkey = chunk_clone(*map); + chunk_unmap(map); + } + else + { + DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s", + key_path, strerror(errno)); + } + } + else + { + DBG1(DBG_PTS, "AIK public key is not available"); + } + + /* Load AIK item into TPM 1.2 object */ + tpm_12 = (tpm_tss_trousers_t *)this->tpm; + tpm_12->load_aik(tpm_12, aik_blob, aik_pubkey, this->aik_handle); } - DBG1(DBG_PTS, "neither AIK certificate nor public key is available"); + /* if no signed X.509 AIK certificate is available use public key instead */ + if (!this->aik_cert) + { + aik_pubkey = this->tpm->get_public(this->tpm, this->aik_handle); + if (aik_pubkey.len > 0) + { + this->aik_cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, + CERT_TRUSTED_PUBKEY, BUILD_BLOB, + aik_pubkey, BUILD_END); + chunk_free(&aik_pubkey); + } + else + { + DBG1(DBG_PTS, "neither AIK certificate nor public key is available"); + } + } } METHOD(pts_t, get_aik, certificate_t*, private_pts_t *this) { - return this->aik; + return this->aik_cert; } METHOD(pts_t, set_aik, void, private_pts_t *this, certificate_t *aik, int aik_id) { - DESTROY_IF(this->aik); - this->aik = aik->get_ref(aik); + DESTROY_IF(this->aik_cert); + this->aik_cert = aik->get_ref(aik); this->aik_id = aik_id; } @@ -611,312 +600,64 @@ METHOD(pts_t, get_metadata, pts_file_meta_t*, return metadata; } - -#ifdef TSS_TROUSERS - METHOD(pts_t, read_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value) + private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - BYTE *buf; - UINT32 len; - - bool success = FALSE; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", result); - return FALSE; - } - - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_TPM_PcrRead(hTPM, pcr_num, &len, &buf); - if (result != TSS_SUCCESS) - { - goto err; - } - *pcr_value = chunk_clone(chunk_create(buf, len)); - DBG3(DBG_PTS, "PCR %d value:%B", pcr_num, pcr_value); - success = TRUE; - -err: - if (!success) - { - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - } - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - - return success; + return this->tpm ? this->tpm->read_pcr(this->tpm, pcr_num, pcr_value, alg) + : FALSE; } METHOD(pts_t, extend_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output) + private_pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, chunk_t data, + hash_algorithm_t alg) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - u_int32_t pcr_length; - chunk_t pcr_value = chunk_empty; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) + if (!this->tpm->extend_pcr(this->tpm, pcr_num, pcr_value, data, alg)) { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); return FALSE; } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - - pcr_value = chunk_alloc(PTS_PCR_LEN); - result = Tspi_TPM_PcrExtend(hTPM, pcr_num, PTS_PCR_LEN, input.ptr, - NULL, &pcr_length, &pcr_value.ptr); - if (result != TSS_SUCCESS) - { - goto err; - } - - *output = pcr_value; - *output = chunk_clone(*output); - - DBG3(DBG_PTS, "PCR %d extended with: %B", pcr_num, &input); - DBG3(DBG_PTS, "PCR %d value after extend: %B", pcr_num, output); - - chunk_clear(&pcr_value); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); + DBG3(DBG_PTS, "PCR %d extended with: %#B", pcr_num, &data); + DBG3(DBG_PTS, "PCR %d after extension: %#B", pcr_num, pcr_value); return TRUE; - -err: - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - - chunk_clear(&pcr_value); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - - return FALSE; } -METHOD(pts_t, quote_tpm, bool, - private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig) +METHOD(pts_t, quote, bool, + private_pts_t *this, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) { - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_HKEY hAIK; - TSS_HKEY hSRK; - TSS_HPOLICY srkUsagePolicy; - TSS_UUID SRK_UUID = TSS_UUID_SRK; - BYTE secret[] = TSS_WELL_KNOWN_SECRET; - TSS_HPCRS hPcrComposite; - TSS_VALIDATION valData; - TSS_RESULT result; - chunk_t quote_info; - BYTE* versionInfo; - u_int32_t versionInfoSize, pcr; + chunk_t pcr_value, pcr_computed; + uint32_t pcr, pcr_sel = 0; enumerator_t *enumerator; - bool success = FALSE; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); - return FALSE; - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err1; - } - - /* Retrieve SRK from TPM and set the authentication to well known secret*/ - result = Tspi_Context_LoadKeyByUUID(hContext, TSS_PS_TYPE_SYSTEM, - SRK_UUID, &hSRK); - if (result != TSS_SUCCESS) - { - goto err1; - } - - result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, - 20, secret); - if (result != TSS_SUCCESS) - { - goto err1; - } - result = Tspi_Context_LoadKeyByBlob (hContext, hSRK, this->aik_blob.len, - this->aik_blob.ptr, &hAIK); - if (result != TSS_SUCCESS) - { - goto err1; - } - - /* Create PCR composite object */ - result = use_quote2 ? - Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, - TSS_PCRS_STRUCT_INFO_SHORT, &hPcrComposite) : - Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, - TSS_PCRS_STRUCT_DEFAULT, &hPcrComposite); - if (result != TSS_SUCCESS) - { - goto err2; - } - - /* Select PCRs */ + /* select PCRs */ + DBG2(DBG_PTS, "PCR values hashed into PCR Composite:"); enumerator = this->pcrs->create_enumerator(this->pcrs); while (enumerator->enumerate(enumerator, &pcr)) { - result = use_quote2 ? - Tspi_PcrComposite_SelectPcrIndexEx(hPcrComposite, pcr, - TSS_PCRS_DIRECTION_RELEASE) : - Tspi_PcrComposite_SelectPcrIndex(hPcrComposite, pcr); - if (result != TSS_SUCCESS) + if (this->tpm->read_pcr(this->tpm, pcr, &pcr_value, HASH_SHA1)) { - break; - } - } - enumerator->destroy(enumerator); + pcr_computed = this->pcrs->get(this->pcrs, pcr); + DBG2(DBG_PTS, "PCR %2d %#B %s", pcr, &pcr_value, + chunk_equals(pcr_value, pcr_computed) ? "ok" : "differs"); + chunk_free(&pcr_value); + }; - if (result != TSS_SUCCESS) - { - goto err3; + /* add PCR to selection list */ + pcr_sel |= (1 << pcr); } - - /* Set the Validation Data */ - valData.ulExternalDataLength = this->secret.len; - valData.rgbExternalData = (BYTE *)this->secret.ptr; - + enumerator->destroy(enumerator); /* TPM Quote */ - result = use_quote2 ? - Tspi_TPM_Quote2(hTPM, hAIK, FALSE, hPcrComposite, &valData, - &versionInfoSize, &versionInfo): - Tspi_TPM_Quote(hTPM, hAIK, hPcrComposite, &valData); - if (result != TSS_SUCCESS) - { - goto err4; - } - - /* Set output chunks */ - *pcr_comp = chunk_alloc(HASH_SIZE_SHA1); - - if (use_quote2) - { - /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */ - memcpy(pcr_comp->ptr, valData.rgbData + valData.ulDataLength - HASH_SIZE_SHA1, - HASH_SIZE_SHA1); - } - else - { - /* TPM_Composite_Hash is 8-28th bytes of TPM_Quote_Info structure */ - memcpy(pcr_comp->ptr, valData.rgbData + 8, HASH_SIZE_SHA1); - } - DBG3(DBG_PTS, "Hash of PCR Composite: %#B", pcr_comp); - - quote_info = chunk_create(valData.rgbData, valData.ulDataLength); - DBG3(DBG_PTS, "TPM Quote Info: %B","e_info); - - *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData, - valData.ulValidationDataLength)); - DBG3(DBG_PTS, "TPM Quote Signature: %B",quote_sig); - - success = TRUE; - - /* Cleanup */ -err4: - Tspi_Context_FreeMemory(hContext, NULL); - -err3: - Tspi_Context_CloseObject(hContext, hPcrComposite); - -err2: - Tspi_Context_CloseObject(hContext, hAIK); - -err1: - Tspi_Context_Close(hContext); - if (!success) - { - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - } - return success; -} - -#else /* TSS_TROUSERS */ - -METHOD(pts_t, read_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value) -{ - return FALSE; -} - -METHOD(pts_t, extend_pcr, bool, - private_pts_t *this, u_int32_t pcr_num, chunk_t input, chunk_t *output) -{ - return FALSE; -} - -METHOD(pts_t, quote_tpm, bool, - private_pts_t *this, bool use_quote2, chunk_t *pcr_comp, chunk_t *quote_sig) -{ - return FALSE; + return this->tpm->quote(this->tpm, this->aik_handle, pcr_sel, HASH_SHA1, + this->secret, quote_mode, quote_info, quote_sig); } -#endif /* TSS_TROUSERS */ - -/** - * TPM_QUOTE_INFO structure: - * 4 bytes of version - * 4 bytes 'Q' 'U' 'O' 'T' - * 20 byte SHA1 of TCPA_PCR_COMPOSITE - * 20 byte nonce - * - * TPM_QUOTE_INFO2 structure: - * 2 bytes Tag 0x0036 TPM_Tag_Quote_info2 - * 4 bytes 'Q' 'U' 'T' '2' - * 20 bytes nonce - * 26 bytes PCR_INFO_SHORT - */ - -METHOD(pts_t, get_quote_info, bool, - private_pts_t *this, bool use_quote2, bool use_ver_info, - pts_meas_algorithms_t comp_hash_algo, - chunk_t *out_pcr_comp, chunk_t *out_quote_info) +METHOD(pts_t, get_quote, bool, + private_pts_t *this, tpm_tss_quote_info_t *quote_info, chunk_t *quoted) { - chunk_t selection, pcr_comp, hash_pcr_comp; - bio_writer_t *writer; - hasher_t *hasher; + tpm_tss_pcr_composite_t *pcr_composite; + bool success; if (!this->pcrs->get_count(this->pcrs)) { @@ -930,128 +671,93 @@ METHOD(pts_t, get_quote_info, bool, "unable to construct TPM Quote Info"); return FALSE; } - if (use_quote2 && use_ver_info && !this->tpm_version_info.ptr) - { - DBG1(DBG_PTS, "TPM Version Information unavailable, ", - "unable to construct TPM Quote Info2"); - return FALSE; - } - - pcr_comp = this->pcrs->get_composite(this->pcrs); - - - /* Output the TPM_PCR_COMPOSITE expected from IMC */ - if (comp_hash_algo) + if (quote_info->get_quote_mode(quote_info) == TPM_QUOTE2_VERSION_INFO) { - hash_algorithm_t algo; - - algo = pts_meas_algo_to_hash(comp_hash_algo); - hasher = lib->crypto->create_hasher(lib->crypto, algo); - - /* Hash the PCR Composite Structure */ - if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, out_pcr_comp)) + if (!this->tpm_version_info.ptr) { - DESTROY_IF(hasher); - free(pcr_comp.ptr); + DBG1(DBG_PTS, "TPM Version Information unavailable, ", + "unable to construct TPM Quote Info2"); return FALSE; } - DBG3(DBG_PTS, "constructed PCR Composite hash: %#B", out_pcr_comp); - hasher->destroy(hasher); + quote_info->set_version_info(quote_info, this->tpm_version_info); } - else - { - *out_pcr_comp = chunk_clone(pcr_comp); - } - - /* SHA1 hash of PCR Composite to construct TPM_QUOTE_INFO */ - hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); - if (!hasher || !hasher->allocate_hash(hasher, pcr_comp, &hash_pcr_comp)) - { - DESTROY_IF(hasher); - chunk_free(out_pcr_comp); - free(pcr_comp.ptr); - return FALSE; - } - hasher->destroy(hasher); - - /* Construct TPM_QUOTE_INFO/TPM_QUOTE_INFO2 structure */ - writer = bio_writer_create(TPM_QUOTE_INFO_LEN); - - if (use_quote2) - { - /* TPM Structure Tag */ - writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2); - - /* Magic QUT2 value */ - writer->write_data(writer, chunk_create("QUT2", 4)); - - /* Secret assessment value 20 bytes (nonce) */ - writer->write_data(writer, this->secret); - - /* PCR selection */ - selection.ptr = pcr_comp.ptr; - selection.len = 2 + this->pcrs->get_selection_size(this->pcrs); - writer->write_data(writer, selection); - - /* TPM Locality Selection */ - writer->write_uint8(writer, TPM_LOC_ZERO); - - /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_comp); - - if (use_ver_info) - { - /* TPM version Info */ - writer->write_data(writer, this->tpm_version_info); - } - } - else - { - /* Version number */ - writer->write_data(writer, chunk_from_chars(1, 1, 0, 0)); - - /* Magic QUOT value */ - writer->write_data(writer, chunk_create("QUOT", 4)); - - /* PCR Composite Hash */ - writer->write_data(writer, hash_pcr_comp); - - /* Secret assessment value 20 bytes (nonce) */ - writer->write_data(writer, this->secret); - } - - /* TPM Quote Info */ - *out_quote_info = writer->extract_buf(writer); - DBG3(DBG_PTS, "constructed TPM Quote Info: %B", out_quote_info); + pcr_composite = this->pcrs->get_composite(this->pcrs); - writer->destroy(writer); - free(pcr_comp.ptr); - free(hash_pcr_comp.ptr); + success = quote_info->get_quote(quote_info, this->secret, + pcr_composite, quoted); + chunk_free(&pcr_composite->pcr_select); + chunk_free(&pcr_composite->pcr_composite); + free(pcr_composite); - return TRUE; + return success; } METHOD(pts_t, verify_quote_signature, bool, - private_pts_t *this, chunk_t data, chunk_t signature) + private_pts_t *this, hash_algorithm_t digest_alg, chunk_t digest, + chunk_t signature) { - public_key_t *aik_pub_key; + public_key_t *aik_pubkey; + signature_scheme_t scheme; - aik_pub_key = this->aik->get_public_key(this->aik); - if (!aik_pub_key) + aik_pubkey = this->aik_cert->get_public_key(this->aik_cert); + if (!aik_pubkey) { DBG1(DBG_PTS, "failed to get public key from AIK certificate"); return FALSE; } - if (!aik_pub_key->verify(aik_pub_key, SIGN_RSA_EMSA_PKCS1_SHA1, - data, signature)) + /* Determine signing scheme */ + switch (aik_pubkey->get_type(aik_pubkey)) + { + case KEY_RSA: + switch (digest_alg) + { + case HASH_SHA1: + scheme = SIGN_RSA_EMSA_PKCS1_SHA1; + break; + case HASH_SHA256: + scheme = SIGN_RSA_EMSA_PKCS1_SHA256; + break; + case HASH_SHA384: + scheme = SIGN_RSA_EMSA_PKCS1_SHA384; + break; + case HASH_SHA512: + scheme = SIGN_RSA_EMSA_PKCS1_SHA512; + break; + default: + scheme = SIGN_UNKNOWN; + } + break; + case KEY_ECDSA: + switch (digest_alg) + { + case HASH_SHA256: + scheme = SIGN_ECDSA_256; + break; + case HASH_SHA384: + scheme = SIGN_ECDSA_384; + break; + case HASH_SHA512: + scheme = SIGN_ECDSA_521; + break; + default: + scheme = SIGN_UNKNOWN; + } + break; + default: + DBG1(DBG_PTS, "%N AIK key type not supported", key_type_names, + aik_pubkey->get_type(aik_pubkey)); + return FALSE; + } + + if (!aik_pubkey->verify(aik_pubkey, scheme, digest, signature)) { DBG1(DBG_PTS, "signature verification failed for TPM Quote Info"); - DESTROY_IF(aik_pub_key); + DESTROY_IF(aik_pubkey); return FALSE; } - aik_pub_key->destroy(aik_pub_key); + aik_pubkey->destroy(aik_pubkey); return TRUE; } @@ -1064,78 +770,17 @@ METHOD(pts_t, get_pcrs, pts_pcr_t*, METHOD(pts_t, destroy, void, private_pts_t *this) { + DESTROY_IF(this->tpm); DESTROY_IF(this->pcrs); - DESTROY_IF(this->aik); + DESTROY_IF(this->aik_cert); DESTROY_IF(this->dh); free(this->initiator_nonce.ptr); free(this->responder_nonce.ptr); free(this->secret.ptr); - free(this->aik_blob.ptr); free(this->tpm_version_info.ptr); free(this); } - -#ifdef TSS_TROUSERS - -/** - * Check for a TPM by querying for TPM Version Info - */ -static bool has_tpm(private_pts_t *this) -{ - TSS_HCONTEXT hContext; - TSS_HTPM hTPM; - TSS_RESULT result; - u_int32_t version_info_len; - - result = Tspi_Context_Create(&hContext); - if (result != TSS_SUCCESS) - { - DBG1(DBG_PTS, "TPM context could not be created: tss error 0x%x", - result); - return FALSE; - } - result = Tspi_Context_Connect(hContext, NULL); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_Context_GetTpmObject (hContext, &hTPM); - if (result != TSS_SUCCESS) - { - goto err; - } - result = Tspi_TPM_GetCapability(hTPM, TSS_TPMCAP_VERSION_VAL, 0, NULL, - &version_info_len, - &this->tpm_version_info.ptr); - this->tpm_version_info.len = version_info_len; - if (result != TSS_SUCCESS) - { - goto err; - } - this->tpm_version_info = chunk_clone(this->tpm_version_info); - - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - return TRUE; - - err: - DBG1(DBG_PTS, "TPM not available: tss error 0x%x", result); - Tspi_Context_FreeMemory(hContext, NULL); - Tspi_Context_Close(hContext); - return FALSE; -} - -#else /* TSS_TROUSERS */ - -static bool has_tpm(private_pts_t *this) -{ - return FALSE; -} - -#endif /* TSS_TROUSERS */ - - /** * See header */ @@ -1174,9 +819,9 @@ pts_t *pts_create(bool is_imc) .get_metadata = _get_metadata, .read_pcr = _read_pcr, .extend_pcr = _extend_pcr, - .quote_tpm = _quote_tpm, + .quote = _quote, .get_pcrs = _get_pcrs, - .get_quote_info = _get_quote_info, + .get_quote = _get_quote, .verify_quote_signature = _verify_quote_signature, .destroy = _destroy, }, @@ -1189,12 +834,11 @@ pts_t *pts_create(bool is_imc) if (is_imc) { - if (has_tpm(this)) + this->tpm = tpm_tss_probe(TPM_VERSION_ANY); + if (this->tpm) { - this->has_tpm = TRUE; this->proto_caps |= PTS_PROTO_CAPS_T | PTS_PROTO_CAPS_D; load_aik(this); - load_aik_blob(this); } } else diff --git a/src/libimcv/pts/pts.h b/src/libimcv/pts/pts.h index d525306dd..f3da659dc 100644 --- a/src/libimcv/pts/pts.h +++ b/src/libimcv/pts/pts.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu - * Copyright (C) 2012-2014 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -32,9 +32,10 @@ typedef struct pts_t pts_t; #include "pts_dh_group.h" #include "pts_pcr.h" #include "pts_req_func_comp_evid.h" -#include "pts_simple_evid_final.h" #include "components/pts_comp_func_name.h" +#include <tpm_tss_quote_info.h> + #include <library.h> #include <collections/linked_list.h> @@ -71,11 +72,6 @@ typedef struct pts_t pts_t; #define ASSESSMENT_SECRET_LEN 20 /** - * Length of the TPM_QUOTE_INFO structure, TPM Spec 1.2 - */ -#define TPM_QUOTE_INFO_LEN 48 - -/** * Hashing algorithm used by tboot and trustedGRUB */ #define TRUSTED_HASH_ALGO PTS_MEAS_ALGO_SHA1 @@ -236,39 +232,39 @@ struct pts_t { pts_file_meta_t* (*get_metadata)(pts_t *this, char *pathname, bool is_dir); /** - * Reads given PCR value and returns it - * Expects owner secret to be WELL_KNOWN_SECRET + * Retrieve the current value of a PCR register in a given PCR bank * - * @param pcr_num Number of PCR to read - * @param pcr_value Chunk to save pcr read output - * @return NULL in case of TSS error, PCR value otherwise + * @param pcr_num PCR number + * @param pcr_value PCR value returned + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR value retrieval succeeded */ - bool (*read_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t *pcr_value); + bool (*read_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg); /** - * Extends given PCR with given value - * Expects owner secret to be WELL_KNOWN_SECRET + * Extend a PCR register in a given PCR bank with a hash value * - * @param pcr_num Number of PCR to extend - * @param input Value to extend - * @param output Chunk to save PCR value after extension - * @return FALSE in case of TSS error, TRUE otherwise + * @param pcr_num PCR number + * @param pcr_value extended PCR value returned + * @param hash data to be extended into the PCR + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR extension succeeded */ - bool (*extend_pcr)(pts_t *this, u_int32_t pcr_num, chunk_t input, - chunk_t *output); + bool (*extend_pcr)(pts_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg); /** * Quote over PCR's * Expects owner and SRK secret to be WELL_KNOWN_SECRET and no password set for AIK * - * @param use_quote2 Version of the Quote function to be used - * @param pcr_comp Chunk to save PCR composite structure - * @param quote_sig Chunk to save quote operation output - * without external data (anti-replay protection) - * @return FALSE in case of TSS error, TRUE otherwise + * @param quote_mode type of Quote signature + * @param quote_info returns various info covered by Quote signature + * @param quote_sig returns Quote signature + * @return FALSE in case of Quote error, TRUE otherwise */ - bool (*quote_tpm)(pts_t *this, bool use_quote2, chunk_t *pcr_comp, - chunk_t *quote_sig); + bool (*quote)(pts_t *this, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig); /** * Get the shadow PCR set @@ -277,28 +273,26 @@ struct pts_t { */ pts_pcr_t* (*get_pcrs)(pts_t *this); - /** - * Constructs and returns TPM Quote Info structure expected from IMC + /** + * Computes digest of the constructed TPM Quote Info structure * - * @param use_quote2 Version of the TPM_QUOTE_INFO to be constructed - * @param use_ver_info Version info is concatenated to TPM_QUOTE_INFO2 - * @param comp_hash_algo Composite Hash Algorithm - * @param pcr_comp Output variable to store PCR Composite - * @param quote_info Output variable to store TPM Quote Info + * @param quote_info TPM Quote Info as received from IMC + * @param quoted Encoding of TPM Quote Info * @return FALSE in case of any error, TRUE otherwise */ - bool (*get_quote_info)(pts_t *this, bool use_quote2, bool ver_info_included, - pts_meas_algorithms_t comp_hash_algo, - chunk_t *pcr_comp, chunk_t *quote_info); + bool (*get_quote)(pts_t *this, tpm_tss_quote_info_t *quote_info, + chunk_t *quoted); /** * Constructs and returns PCR Quote Digest structure expected from IMC * - * @param data Calculated TPM Quote Digest + * @param digest_alg Hash algorithm used for TPM Quote Digest + * @param digest Calculated TPM Quote Digest * @param signature TPM Quote Signature received from IMC * @return FALSE if signature is not verified */ - bool (*verify_quote_signature)(pts_t *this, chunk_t data, chunk_t signature); + bool (*verify_quote_signature)(pts_t *this, hash_algorithm_t digest_alg, + chunk_t digest, chunk_t signature); /** * Destroys a pts_t object. diff --git a/src/libimcv/pts/pts_file_meas.c b/src/libimcv/pts/pts_file_meas.c index 966d54ba2..6cfb86cb3 100644 --- a/src/libimcv/pts/pts_file_meas.c +++ b/src/libimcv/pts/pts_file_meas.c @@ -39,7 +39,7 @@ struct private_pts_file_meas_t { /** * ID of PTS File Measurement Request */ - u_int16_t request_id; + uint16_t request_id; /** * List of File Measurements @@ -70,7 +70,7 @@ static void free_entry(entry_t *entry) } } -METHOD(pts_file_meas_t, get_request_id, u_int16_t, +METHOD(pts_file_meas_t, get_request_id, uint16_t, private_pts_file_meas_t *this) { return this->request_id; @@ -266,7 +266,7 @@ METHOD(pts_file_meas_t, destroy, void, /** * See header */ -pts_file_meas_t *pts_file_meas_create(u_int16_t request_id) +pts_file_meas_t *pts_file_meas_create(uint16_t request_id) { private_pts_file_meas_t *this; @@ -334,7 +334,7 @@ static bool hash_file(hasher_t *hasher, char *pathname, u_char *hash) /** * See header */ -pts_file_meas_t *pts_file_meas_create_from_path(u_int16_t request_id, +pts_file_meas_t *pts_file_meas_create_from_path(uint16_t request_id, char *pathname, bool is_dir, bool use_rel_name, pts_meas_algorithms_t alg) { diff --git a/src/libimcv/pts/pts_file_meas.h b/src/libimcv/pts/pts_file_meas.h index 4bf28e280..514006925 100644 --- a/src/libimcv/pts/pts_file_meas.h +++ b/src/libimcv/pts/pts_file_meas.h @@ -38,7 +38,7 @@ struct pts_file_meas_t { * * @return ID of PTS File Measurement Request */ - u_int16_t (*get_request_id)(pts_file_meas_t *this); + uint16_t (*get_request_id)(pts_file_meas_t *this); /** * Get the number of measured files @@ -94,7 +94,7 @@ struct pts_file_meas_t { * * @param request_id ID of PTS File Measurement Request */ -pts_file_meas_t* pts_file_meas_create(u_int16_t request_id); +pts_file_meas_t* pts_file_meas_create(uint16_t request_id); /** * Creates a pts_file_meas_t object measuring a file/directory @@ -105,7 +105,7 @@ pts_file_meas_t* pts_file_meas_create(u_int16_t request_id); * @param use_rel_name TRUE if relative filenames are to be used * @param alg PTS hash measurement algorithm to be used */ -pts_file_meas_t* pts_file_meas_create_from_path(u_int16_t request_id, +pts_file_meas_t* pts_file_meas_create_from_path(uint16_t request_id, char* pathname, bool is_dir, bool use_rel_name, pts_meas_algorithms_t alg); diff --git a/src/libimcv/pts/pts_file_meta.h b/src/libimcv/pts/pts_file_meta.h index 3f1813306..b02b142db 100644 --- a/src/libimcv/pts/pts_file_meta.h +++ b/src/libimcv/pts/pts_file_meta.h @@ -34,12 +34,12 @@ typedef struct pts_file_metadata_t pts_file_metadata_t; */ struct pts_file_metadata_t { pts_file_type_t type; - u_int64_t filesize; - u_int64_t created; - u_int64_t modified; - u_int64_t accessed; - u_int64_t owner; - u_int64_t group; + uint64_t filesize; + uint64_t created; + uint64_t modified; + uint64_t accessed; + uint64_t owner; + uint64_t group; char *filename; }; diff --git a/src/libimcv/pts/pts_ima_bios_list.c b/src/libimcv/pts/pts_ima_bios_list.c index 5051b6c2d..7caa514a5 100644 --- a/src/libimcv/pts/pts_ima_bios_list.c +++ b/src/libimcv/pts/pts_ima_bios_list.c @@ -61,6 +61,8 @@ enum event_type_t { EV_EFI_PLATFORM_FIRMWARE_BLOB = 0x80000008, EV_EFI_HANDOFF_TABLES = 0x80000009, + EV_EFI_HCRTM_EVENT = 0x80000010, + EV_EFI_VARIABLE_AUTHORITY = 0x800000E0 }; @@ -85,7 +87,6 @@ ENUM_BEGIN(event_type_names, EV_PREBOOT_CERT, EV_OMIT_BOOT_DEVICE_EVENTS, "Nonhost Info", "Omit Boot Device Events" ); - ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES, EV_OMIT_BOOT_DEVICE_EVENTS, "EFI Event Base", @@ -99,8 +100,12 @@ ENUM_NEXT(event_type_names, EV_EFI_EVENT_BASE, EV_EFI_HANDOFF_TABLES, "EFI Platform Firmware Blob", "EFI Handoff Tables" ); -ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY, +ENUM_NEXT(event_type_names, EV_EFI_HCRTM_EVENT, EV_EFI_HCRTM_EVENT, EV_EFI_HANDOFF_TABLES, + "EFI HCRTM Event" +); +ENUM_NEXT(event_type_names, EV_EFI_VARIABLE_AUTHORITY, EV_EFI_VARIABLE_AUTHORITY, + EV_EFI_HCRTM_EVENT, "EFI Variable Authority" ); ENUM_END(event_type_names, EV_EFI_VARIABLE_AUTHORITY); diff --git a/src/libimcv/pts/pts_meas_algo.c b/src/libimcv/pts/pts_meas_algo.c index c06371123..246c37714 100644 --- a/src/libimcv/pts/pts_meas_algo.c +++ b/src/libimcv/pts/pts_meas_algo.c @@ -158,6 +158,24 @@ hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm) /** * Described in header. */ +pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm) +{ + switch (algorithm) + { + case HASH_SHA1: + return PTS_MEAS_ALGO_SHA1; + case HASH_SHA256: + return PTS_MEAS_ALGO_SHA256; + case HASH_SHA384: + return PTS_MEAS_ALGO_SHA384; + default: + return PTS_MEAS_ALGO_NONE; + } +} + +/** + * Described in header. + */ size_t pts_meas_algo_hash_size(pts_meas_algorithms_t algorithm) { switch (algorithm) diff --git a/src/libimcv/pts/pts_meas_algo.h b/src/libimcv/pts/pts_meas_algo.h index eec7e7981..d70310679 100644 --- a/src/libimcv/pts/pts_meas_algo.h +++ b/src/libimcv/pts/pts_meas_algo.h @@ -96,6 +96,14 @@ pts_meas_algorithms_t pts_meas_algo_select(pts_meas_algorithms_t supported_algos hash_algorithm_t pts_meas_algo_to_hash(pts_meas_algorithms_t algorithm); /** + * Convert hash_algorithm_t to pts_meas_algorithms_t + * + * @param algorithm PTS measurement algorithm type + * @return libstrongswan hash algorithm type + */ +pts_meas_algorithms_t pts_meas_algo_from_hash(hash_algorithm_t algorithm); + +/** * Return the hash size of a pts_meas_algorithm * * @param algorithm PTS measurement algorithm type diff --git a/src/libimcv/pts/pts_pcr.c b/src/libimcv/pts/pts_pcr.c index 0af93b608..d514532c5 100644 --- a/src/libimcv/pts/pts_pcr.c +++ b/src/libimcv/pts/pts_pcr.c @@ -40,17 +40,17 @@ struct private_pts_pcr_t { /** * Number of extended PCR registers */ - u_int32_t pcr_count; + uint32_t pcr_count; /** * Highest extended PCR register */ - u_int32_t pcr_max; + uint32_t pcr_max; /** * Bitmap of extended PCR registers */ - u_int8_t pcr_select[PTS_PCR_MAX_NUM / 8]; + uint8_t pcr_select[PTS_PCR_MAX_NUM / 8]; /** * Hasher used to extend shadow PCRs @@ -59,16 +59,16 @@ struct private_pts_pcr_t { }; -METHOD(pts_pcr_t, get_count, u_int32_t, +METHOD(pts_pcr_t, get_count, uint32_t, private_pts_pcr_t *this) { return this->pcr_count; } METHOD(pts_pcr_t, select_pcr, bool, - private_pts_pcr_t *this, u_int32_t pcr) + private_pts_pcr_t *this, uint32_t pcr) { - u_int32_t i, f; + uint32_t i, f; if (pcr >= PTS_PCR_MAX_NUM) { @@ -106,7 +106,7 @@ typedef struct { /** implements enumerator_t */ enumerator_t public; /** current PCR */ - u_int32_t pcr; + uint32_t pcr; /** back reference to parent */ private_pts_pcr_t *pcrs; } pcr_enumerator_t; @@ -116,11 +116,11 @@ typedef struct { */ static bool pcr_enumerator_enumerate(pcr_enumerator_t *this, ...) { - u_int32_t *pcr, i, f; + uint32_t *pcr, i, f; va_list args; va_start(args, this); - pcr = va_arg(args, u_int32_t*); + pcr = va_arg(args, uint32_t*); va_end(args); while (this->pcr <= this->pcrs->pcr_max) @@ -158,13 +158,13 @@ METHOD(pts_pcr_t, create_enumerator, enumerator_t*, } METHOD(pts_pcr_t, get, chunk_t, - private_pts_pcr_t *this, u_int32_t pcr) + private_pts_pcr_t *this, uint32_t pcr) { return (pcr < PTS_PCR_MAX_NUM) ? this->pcrs[pcr] : chunk_empty; } METHOD(pts_pcr_t, set, bool, - private_pts_pcr_t *this, u_int32_t pcr, chunk_t value) + private_pts_pcr_t *this, uint32_t pcr, chunk_t value) { if (value.len != PTS_PCR_LEN) { @@ -180,7 +180,7 @@ METHOD(pts_pcr_t, set, bool, } METHOD(pts_pcr_t, extend, chunk_t, - private_pts_pcr_t *this, u_int32_t pcr, chunk_t measurement) + private_pts_pcr_t *this, uint32_t pcr, chunk_t measurement) { if (measurement.len != PTS_PCR_LEN) { @@ -200,26 +200,25 @@ METHOD(pts_pcr_t, extend, chunk_t, return this->pcrs[pcr]; } -METHOD(pts_pcr_t, get_composite, chunk_t, +METHOD(pts_pcr_t, get_composite, tpm_tss_pcr_composite_t*, private_pts_pcr_t *this) { - chunk_t composite; + tpm_tss_pcr_composite_t *pcr_composite; enumerator_t *enumerator; - u_int16_t selection_size; - u_int32_t pcr_field_size, pcr; + uint16_t selection_size; + uint32_t pcr_field_size, pcr; u_char *pos; selection_size = get_selection_size(this); pcr_field_size = this->pcr_count * PTS_PCR_LEN; - composite = chunk_alloc(2 + selection_size + 4 + pcr_field_size); - pos = composite.ptr; - htoun16(pos, selection_size); - pos += 2; - memcpy(pos, this->pcr_select, selection_size); - pos += selection_size; - htoun32(pos, pcr_field_size); - pos += 4; + INIT(pcr_composite, + .pcr_select = chunk_alloc(selection_size), + .pcr_composite = chunk_alloc(pcr_field_size), + ); + + memcpy(pcr_composite->pcr_select.ptr, this->pcr_select, selection_size); + pos = pcr_composite->pcr_composite.ptr; enumerator = create_enumerator(this); while (enumerator->enumerate(enumerator, &pcr)) @@ -229,14 +228,13 @@ METHOD(pts_pcr_t, get_composite, chunk_t, } enumerator->destroy(enumerator); - DBG3(DBG_PTS, "constructed PCR Composite: %B", &composite); - return composite; + return pcr_composite; } METHOD(pts_pcr_t, destroy, void, private_pts_pcr_t *this) { - u_int32_t i; + uint32_t i; for (i = 0; i < PTS_PCR_MAX_NUM; i++) { @@ -253,7 +251,7 @@ pts_pcr_t *pts_pcr_create(void) { private_pts_pcr_t *this; hasher_t *hasher; - u_int32_t i; + uint32_t i; hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (!hasher) diff --git a/src/libimcv/pts/pts_pcr.h b/src/libimcv/pts/pts_pcr.h index f638b5ee4..df84c679f 100644 --- a/src/libimcv/pts/pts_pcr.h +++ b/src/libimcv/pts/pts_pcr.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2012 Andreas Steffen + * Copyright (C) 2012-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -25,6 +25,8 @@ typedef struct pts_pcr_t pts_pcr_t; #include <library.h> +#include <tpm_tss_quote_info.h> + /** * Maximum number of PCR's of TPM, TPM Spec 1.2 */ @@ -45,7 +47,7 @@ struct pts_pcr_t { * * @return number of selected PCRs */ - u_int32_t (*get_count)(pts_pcr_t *this); + uint32_t (*get_count)(pts_pcr_t *this); /** * Mark a PCR as selected @@ -53,7 +55,7 @@ struct pts_pcr_t { * @param pcr index of PCR * @return TRUE if PCR index exists */ - bool (*select_pcr)(pts_pcr_t *this, u_int32_t pcr); + bool (*select_pcr)(pts_pcr_t *this, uint32_t pcr); /** * Get the size of the selection field in bytes @@ -75,7 +77,7 @@ struct pts_pcr_t { * @param pcr index of PCR * @return content of PCR */ - chunk_t (*get)(pts_pcr_t *this, u_int32_t pcr); + chunk_t (*get)(pts_pcr_t *this, uint32_t pcr); /** * Set the content of a PCR @@ -84,7 +86,7 @@ struct pts_pcr_t { * @param value new value of PCR * @return TRUE if value could be set */ - bool (*set)(pts_pcr_t *this, u_int32_t pcr, chunk_t value); + bool (*set)(pts_pcr_t *this, uint32_t pcr, chunk_t value); /** * Extend the content of a PCR @@ -93,14 +95,14 @@ struct pts_pcr_t { * @param measurement measurment value to be extended into PCR * @return new content of PCR */ - chunk_t (*extend)(pts_pcr_t *this, u_int32_t pcr, chunk_t measurement); + chunk_t (*extend)(pts_pcr_t *this, uint32_t pcr, chunk_t measurement); /** * Create a PCR Composite object over all selected PCRs * * @return PCR Composite object (must be freed) */ - chunk_t (*get_composite)(pts_pcr_t *this); + tpm_tss_pcr_composite_t* (*get_composite)(pts_pcr_t *this); /** diff --git a/src/libimcv/pts/pts_simple_evid_final.h b/src/libimcv/pts/pts_simple_evid_final.h deleted file mode 100644 index 0c8dea0cc..000000000 --- a/src/libimcv/pts/pts_simple_evid_final.h +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2011 Sansar Choinyambuu - * HSR Hochschule fuer Technik Rapperswil - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. - * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License - * for more details. - */ - -/** - * @defgroup pts_simple_evid_final pts_rsimple_evid_final - * @{ @ingroup pts - */ - -#ifndef PTS_SIMPLE_EVID_FINAL_H_ -#define PTS_SIMPLE_EVID_FINAL_H_ - -typedef enum pts_simple_evid_final_flag_t pts_simple_evid_final_flag_t; - -#include <library.h> - -/** - * PTS Simple Evidence Final Flags - */ -enum pts_simple_evid_final_flag_t { - /** TPM PCR Composite and TPM Quote Signature not included */ - PTS_SIMPLE_EVID_FINAL_NO = 0x00, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80, - /** TPM PCR Composite and TPM Quote Signature included - * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */ - PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0, - /** Evidence Signature included */ - PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, -}; - -#endif /** PTS_SIMPLE_EVID_FINAL_H_ @}*/ diff --git a/src/libimcv/pwg/pwg_attr.c b/src/libimcv/pwg/pwg_attr.c index 8a2eb2828..123df05d6 100644 --- a/src/libimcv/pwg/pwg_attr.c +++ b/src/libimcv/pwg/pwg_attr.c @@ -75,7 +75,7 @@ ENUM_END(pwg_attr_names, PWG_HCD_CONFIGURATION_STATE); /** * See header */ -pa_tnc_attr_t* pwg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value) +pa_tnc_attr_t* pwg_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) { diff --git a/src/libimcv/pwg/pwg_attr.h b/src/libimcv/pwg/pwg_attr.h index 01db42cd2..2782075b2 100644 --- a/src/libimcv/pwg/pwg_attr.h +++ b/src/libimcv/pwg/pwg_attr.h @@ -69,7 +69,7 @@ extern enum_name_t *pwg_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* pwg_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* pwg_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** PWG_ATTR_H_ @}*/ diff --git a/src/libimcv/pwg/pwg_attr_vendor_smi_code.c b/src/libimcv/pwg/pwg_attr_vendor_smi_code.c index 7931259aa..0b03f12ec 100644 --- a/src/libimcv/pwg/pwg_attr_vendor_smi_code.c +++ b/src/libimcv/pwg/pwg_attr_vendor_smi_code.c @@ -117,7 +117,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_pwg_attr_vendor_smi_code_t *this, u_int32_t *offset) + private_pwg_attr_vendor_smi_code_t *this, uint32_t *offset) { bio_reader_t *reader; uint32_t vendor_smi_code; diff --git a/src/libimcv/swid/swid_error.c b/src/libimcv/swid/swid_error.c index 7f3c34476..7c7427fb1 100644 --- a/src/libimcv/swid/swid_error.c +++ b/src/libimcv/swid/swid_error.c @@ -27,8 +27,8 @@ ENUM(swid_error_code_names, TCG_SWID_ERROR, TCG_SWID_RESPONSE_TOO_LARGE, /** * Described in header. */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request_id, - u_int32_t max_attr_size, char *description) +pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request_id, + uint32_t max_attr_size, char *description) { bio_writer_t *writer; chunk_t msg_info; diff --git a/src/libimcv/swid/swid_error.h b/src/libimcv/swid/swid_error.h index b459ba686..2ed099186 100644 --- a/src/libimcv/swid/swid_error.h +++ b/src/libimcv/swid/swid_error.h @@ -52,7 +52,7 @@ extern enum_name_t *swid_error_code_names; * @param max_attr_size Maximum IF-M attribute size (if applicable) * @param description Optional description string or NULL */ -pa_tnc_attr_t* swid_error_create(swid_error_code_t code, u_int32_t request, - u_int32_t max_attr_size, char *description); +pa_tnc_attr_t* swid_error_create(swid_error_code_t code, uint32_t request, + uint32_t max_attr_size, char *description); #endif /** SWID_ERROR_H_ @}*/ diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c index 194cf1b68..3ca24faec 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_aik.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_aik.c @@ -108,7 +108,7 @@ METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_aik_t *this) { bio_writer_t *writer; - u_int8_t flags = PTS_AIK_FLAGS_NONE; + uint8_t flags = PTS_AIK_FLAGS_NONE; cred_encoding_type_t encoding_type = CERT_ASN1_DER; chunk_t aik_blob; @@ -136,10 +136,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_aik_t *this, u_int32_t *offset) + private_tcg_pts_attr_aik_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t flags; + uint8_t flags; certificate_type_t type; chunk_t aik_blob; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c index 2a1506898..5cb81c122 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.c @@ -140,11 +140,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_dh_nonce_finish_t *this, u_int32_t *offset) + private_tcg_pts_attr_dh_nonce_finish_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved, nonce_len; - u_int16_t hash_algo; + uint8_t reserved, nonce_len; + uint16_t hash_algo; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h index 78b5025bc..cbc9847fa 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_finish.h @@ -43,7 +43,7 @@ struct tcg_pts_attr_dh_nonce_finish_t { * * @return Length of nonce */ - u_int8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this); + uint8_t (*get_nonce_len)(tcg_pts_attr_dh_nonce_finish_t *this); /** * Get selected hash algorithm diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c index 0349ce53e..9c24759ea 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.c @@ -72,7 +72,7 @@ struct private_tcg_pts_attr_dh_nonce_params_req_t { /** * Minimum acceptable length of nonce */ - u_int8_t min_nonce_len; + uint8_t min_nonce_len; /** * Diffie Hellman group set @@ -129,11 +129,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_dh_nonce_params_req_t *this, u_int32_t *offset) + private_tcg_pts_attr_dh_nonce_params_req_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; - u_int16_t dh_groups; + uint8_t reserved; + uint16_t dh_groups; *offset = 0; @@ -179,7 +179,7 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, u_int8_t, +METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_min_nonce_len, uint8_t, private_tcg_pts_attr_dh_nonce_params_req_t *this) { return this->min_nonce_len; @@ -194,7 +194,7 @@ METHOD(tcg_pts_attr_dh_nonce_params_req_t, get_dh_groups, pts_dh_group_t, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len, +pa_tnc_attr_t *tcg_pts_attr_dh_nonce_params_req_create(uint8_t min_nonce_len, pts_dh_group_t dh_groups) { private_tcg_pts_attr_dh_nonce_params_req_t *this; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h index 4396bf687..3d83b6d86 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_req.h @@ -44,7 +44,7 @@ struct tcg_pts_attr_dh_nonce_params_req_t { * * @return Minimum acceptable length of nonce */ - u_int8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this); + uint8_t (*get_min_nonce_len)(tcg_pts_attr_dh_nonce_params_req_t *this); /** * Get supported Diffie Hellman Groups @@ -60,7 +60,7 @@ struct tcg_pts_attr_dh_nonce_params_req_t { * @param min_nonce_len Minimum acceptable length of nonce * @param dh_groups Initiator's supported DH groups */ -pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(u_int8_t min_nonce_len, +pa_tnc_attr_t* tcg_pts_attr_dh_nonce_params_req_create(uint8_t min_nonce_len, pts_dh_group_t dh_groups); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c index fa1dbdd3a..a4e66a670 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_dh_nonce_params_resp.c @@ -148,12 +148,12 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_dh_nonce_params_resp_t *this, u_int32_t *offset) + private_tcg_pts_attr_dh_nonce_params_resp_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; - u_int8_t nonce_len; - u_int16_t dh_group, hash_algo_set; + uint32_t reserved; + uint8_t nonce_len; + uint16_t dh_group, hash_algo_set; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c index 397882926..aba34a817 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_file_meas.c @@ -149,8 +149,8 @@ METHOD(pa_tnc_attr_t, build, void, { bio_writer_t *writer; enumerator_t *enumerator; - u_int64_t count; - u_int16_t request_id; + uint64_t count; + uint16_t request_id; char *filename; chunk_t measurement; bool first = TRUE; @@ -192,7 +192,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_file_meas_t *this, u_int32_t *offset) + private_tcg_pts_attr_file_meas_t *this, uint32_t *offset) { bio_reader_t *reader; chunk_t measurement, filename; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c index b7b4d7e3f..e203f71c5 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_gen_attest_evid.c @@ -118,10 +118,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_gen_attest_evid_t *this, u_int32_t *offset) + private_tcg_pts_attr_gen_attest_evid_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; + uint32_t reserved; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c index 8fda2b1f5..e2da704dc 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_aik.c @@ -121,10 +121,10 @@ METHOD(pa_tnc_attr_t, add_segment, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_get_aik_t *this, u_int32_t *offset) + private_tcg_pts_attr_get_aik_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; + uint32_t reserved; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c index a4c9dba87..e98d7b40e 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_get_tpm_version_info.c @@ -118,10 +118,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_get_tpm_version_info_t *this, u_int32_t *offset) + private_tcg_pts_attr_get_tpm_version_info_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t reserved; + uint32_t reserved; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c index 8b0502a91..ce38b626a 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_meas_algo.c @@ -121,10 +121,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_meas_algo_t *this, u_int32_t *offset) + private_tcg_pts_attr_meas_algo_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int16_t reserved, algorithms; + uint16_t reserved, algorithms; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c index 0a562c0bc..ba017438c 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_proto_caps.c @@ -123,10 +123,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_proto_caps_t *this, u_int32_t *offset) + private_tcg_pts_attr_proto_caps_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int16_t reserved, flags; + uint16_t reserved, flags; *offset = 0; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c index a3c3ce56e..b4f336713 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.c @@ -85,12 +85,12 @@ struct private_tcg_pts_attr_req_file_meas_t { /** * Request ID */ - u_int16_t request_id; + uint16_t request_id; /** * UTF8 Encoding of Delimiter Character */ - u_int32_t delimiter; + uint32_t delimiter; /** * Fully Qualified File Pathname @@ -130,7 +130,7 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_req_file_meas_t *this) { - u_int8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS; + uint8_t flags = PTS_REQ_FILE_MEAS_NO_FLAGS; chunk_t pathname; bio_writer_t *writer; @@ -156,11 +156,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_req_file_meas_t *this, u_int32_t *offset) + private_tcg_pts_attr_req_file_meas_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t flags; - u_int8_t reserved; + uint8_t flags; + uint8_t reserved; chunk_t pathname; *offset = 0; @@ -220,13 +220,13 @@ METHOD(tcg_pts_attr_req_file_meas_t, get_directory_flag, bool, return this->directory_flag; } -METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, u_int16_t, +METHOD(tcg_pts_attr_req_file_meas_t, get_request_id, uint16_t, private_tcg_pts_attr_req_file_meas_t *this) { return this->request_id; } -METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, u_int32_t, +METHOD(tcg_pts_attr_req_file_meas_t, get_delimiter, uint32_t, private_tcg_pts_attr_req_file_meas_t *this) { return this->delimiter; @@ -242,8 +242,8 @@ METHOD(tcg_pts_attr_req_file_meas_t, get_pathname, char*, * Described in header. */ pa_tnc_attr_t *tcg_pts_attr_req_file_meas_create(bool directory_flag, - u_int16_t request_id, - u_int32_t delimiter, + uint16_t request_id, + uint32_t delimiter, char *pathname) { private_tcg_pts_attr_req_file_meas_t *this; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h index 20a54dfaf..cbf429dab 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meas.h @@ -50,14 +50,14 @@ struct tcg_pts_attr_req_file_meas_t { * * @return Request ID */ - u_int16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this); + uint16_t (*get_request_id)(tcg_pts_attr_req_file_meas_t *this); /** * Get Delimiter * * @return UTF-8 encoding of a Delimiter Character */ - u_int32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this); + uint32_t (*get_delimiter)(tcg_pts_attr_req_file_meas_t *this); /** * Get Fully Qualified File Pathname @@ -77,8 +77,8 @@ struct tcg_pts_attr_req_file_meas_t { * @param pathname File Pathname */ pa_tnc_attr_t* tcg_pts_attr_req_file_meas_create(bool directory_flag, - u_int16_t request_id, - u_int32_t delimiter, + uint16_t request_id, + uint32_t delimiter, char *pathname); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c index f6befa8b9..d8acf0625 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.c @@ -83,7 +83,7 @@ struct private_tcg_pts_attr_req_file_meta_t { /** * UTF8 Encoding of Delimiter Character */ - u_int8_t delimiter; + uint8_t delimiter; /** * Fully Qualified File Pathname @@ -123,7 +123,7 @@ METHOD(pa_tnc_attr_t, set_noskip_flag,void, METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_req_file_meta_t *this) { - u_int8_t flags = PTS_REQ_FILE_META_NO_FLAGS; + uint8_t flags = PTS_REQ_FILE_META_NO_FLAGS; chunk_t pathname; bio_writer_t *writer; @@ -149,11 +149,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_req_file_meta_t *this, u_int32_t *offset) + private_tcg_pts_attr_req_file_meta_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t flags; - u_int16_t reserved; + uint8_t flags; + uint16_t reserved; chunk_t pathname; *offset = 0; @@ -212,7 +212,7 @@ METHOD(tcg_pts_attr_req_file_meta_t, get_directory_flag, bool, return this->directory_flag; } -METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, u_int8_t, +METHOD(tcg_pts_attr_req_file_meta_t, get_delimiter, uint8_t, private_tcg_pts_attr_req_file_meta_t *this) { return this->delimiter; @@ -228,7 +228,7 @@ METHOD(tcg_pts_attr_req_file_meta_t, get_pathname, char*, * Described in header. */ pa_tnc_attr_t *tcg_pts_attr_req_file_meta_create(bool directory_flag, - u_int8_t delimiter, + uint8_t delimiter, char *pathname) { private_tcg_pts_attr_req_file_meta_t *this; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h index c2f1cca74..91ab5c678 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_file_meta.h @@ -50,7 +50,7 @@ struct tcg_pts_attr_req_file_meta_t { * * @return UTF-8 encoding of a Delimiter Character */ - u_int8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this); + uint8_t (*get_delimiter)(tcg_pts_attr_req_file_meta_t *this); /** * Get Fully Qualified File Pathname @@ -69,7 +69,7 @@ struct tcg_pts_attr_req_file_meta_t { * @param pathname File Pathname */ pa_tnc_attr_t* tcg_pts_attr_req_file_meta_create(bool directory_flag, - u_int8_t delimiter, + uint8_t delimiter, char *pathname); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c index 03891104c..da21003e3 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.c @@ -110,16 +110,16 @@ typedef struct entry_t entry_t; * Functional component entry */ struct entry_t { - u_int8_t flags; - u_int32_t depth; + uint8_t flags; + uint32_t depth; pts_comp_func_name_t *name; }; /** * Enumerate functional component entries */ -static bool entry_filter(void *null, entry_t **entry, u_int8_t *flags, - void *i2, u_int32_t *depth, void *i3, +static bool entry_filter(void *null, entry_t **entry, uint8_t *flags, + void *i2, uint32_t *depth, void *i3, pts_comp_func_name_t **name) { *flags = (*entry)->flags; @@ -195,11 +195,11 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_req_func_comp_evid_t *this, u_int32_t *offset) + private_tcg_pts_attr_req_func_comp_evid_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t depth, vendor_id, name; - u_int8_t flags, fam_and_qualifier, qualifier; + uint32_t depth, vendor_id, name; + uint8_t flags, fam_and_qualifier, qualifier; status_t status = FAILED; entry_t *entry = NULL; @@ -296,8 +296,8 @@ METHOD(pa_tnc_attr_t, destroy, void, } METHOD(tcg_pts_attr_req_func_comp_evid_t, add_component, void, - private_tcg_pts_attr_req_func_comp_evid_t *this, u_int8_t flags, - u_int32_t depth, pts_comp_func_name_t *name) + private_tcg_pts_attr_req_func_comp_evid_t *this, uint8_t flags, + uint32_t depth, pts_comp_func_name_t *name) { entry_t *entry; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h index 2f8657ed2..43abcbb4d 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_req_func_comp_evid.h @@ -47,7 +47,7 @@ struct tcg_pts_attr_req_func_comp_evid_t { * @param name Functional Component Name */ void (*add_component)(tcg_pts_attr_req_func_comp_evid_t *this, - u_int8_t flags, u_int32_t depth, + uint8_t flags, uint32_t depth, pts_comp_func_name_t *name); /** diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c index d94ee89a5..c249ca151 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_comp_evid.c @@ -181,9 +181,9 @@ METHOD(pa_tnc_attr_t, build, void, bio_writer_t *writer; bool has_pcr_info; char utc_time_buf[25], *policy_uri; - u_int8_t flags; - u_int16_t len; - u_int32_t depth, extended_pcr; + uint8_t flags; + uint16_t len; + uint32_t depth, extended_pcr; pts_comp_func_name_t *name; pts_meas_algorithms_t hash_algorithm; pts_pcr_transform_t transform; @@ -301,14 +301,14 @@ bool measurement_time_from_utc(time_t *measurement_time, chunk_t utc_time) } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_simple_comp_evid_t *this, u_int32_t *offset) + private_tcg_pts_attr_simple_comp_evid_t *this, uint32_t *offset) { bio_reader_t *reader; pts_comp_func_name_t *name; - u_int8_t flags, fam_and_qualifier, qualifier, reserved; - u_int8_t measurement_type, transform, validation; - u_int16_t hash_algorithm, len; - u_int32_t depth, vendor_id, comp_name, extended_pcr; + uint8_t flags, fam_and_qualifier, qualifier, reserved; + uint8_t measurement_type, transform, validation; + uint16_t hash_algorithm, len; + uint32_t depth, vendor_id, comp_name, extended_pcr; chunk_t measurement, utc_time, policy_uri, pcr_before, pcr_after; time_t measurement_time; bool has_pcr_info = FALSE, has_validation = FALSE; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c index cfeaec6e9..267c85776 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.c @@ -1,6 +1,6 @@ /* * Copyright (C) 2011-2012 Sansar Choinyambuu - * Copyright (C) 2011-2014 Andreas Steffen + * Copyright (C) 2011-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -15,7 +15,6 @@ */ #include "tcg_pts_attr_simple_evid_final.h" -#include "pts/pts_simple_evid_final.h" #include <pa_tnc/pa_tnc_msg.h> #include <bio/bio_writer.h> @@ -27,6 +26,7 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim /** * Simple Evidence Final * see section 3.15.2 of PTS Protocol: Binding to TNC IF-M Specification + * plus non-standard extensions to cover the TPM 2.0 Quote Info format * * 1 2 3 * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 @@ -37,17 +37,57 @@ typedef struct private_tcg_pts_attr_simple_evid_final_t private_tcg_pts_attr_sim * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * ~ Optional TPM PCR Composite (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM Qual. Signer Length | Optional TPM Qualified Signer ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM Qualified Signer (Variable Length) ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM Clock Info Length | Optional TPM Clock Info ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM Clock Info (Variable Length) ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM Version Info Length | Optional TPM Version Info ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM Version Info (Variable Length) | + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * | Opt. TPM PCR Selection Length | Opt. TPM PCR Selection ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + * ~ Optional TPM PCR Selection (Variable Length) ~ + * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * | Optional TPM Quote Signature Length | * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * ~ Optional TPM Quote Signature (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ * ~ Optional Evidence Signature (Variable Length) ~ * +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - */ +*/ #define PTS_SIMPLE_EVID_FINAL_SIZE 2 #define PTS_SIMPLE_EVID_FINAL_RESERVED 0x00 -#define PTS_SIMPLE_EVID_FINAL_FLAG_MASK 0xC0 + +/** + * PTS Simple Evidence Final Flags + */ +enum pts_simple_evid_final_flag_t { + /** TPM PCR Composite and TPM Quote Signature not included */ + PTS_SIMPLE_EVID_FINAL_NO = 0x00, + /** TPM Quote Info and TPM Quite Signature included + * using TPM 2.0 Quote Info format */ + PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2 = 0x10, + /** Evidence Signature included */ + PTS_SIMPLE_EVID_FINAL_EVID_SIG = 0x20, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO = 0x40, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO not appended */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2 = 0x80, + /** TPM PCR Composite and TPM Quote Signature included + * using TPM_QUOTE_INFO2, TPM_CAP_VERSION_INFO appended */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER = 0xC0, + /** Mask for the TPM Quote Info flags */ + PTS_SIMPLE_EVID_FINAL_QUOTE_INFO_MASK = 0xD0 +}; + /** * Private data of an tcg_pts_attr_simple_evid_final_t object. */ @@ -79,24 +119,14 @@ struct private_tcg_pts_attr_simple_evid_final_t { bool noskip_flag; /** - * Set of flags for Simple Evidence Final - */ - u_int8_t flags; - - /** - * Optional Composite Hash Algorithm - */ - pts_meas_algorithms_t comp_hash_algorithm; - - /** - * Optional TPM PCR Composite + * Optional TPM Quote Info */ - chunk_t pcr_comp; + tpm_tss_quote_info_t *quote_info; /** * Optional TPM Quote Signature */ - chunk_t tpm_quote_sig; + chunk_t quote_sig; /** * Is Evidence Signature included? @@ -156,9 +186,9 @@ METHOD(pa_tnc_attr_t, destroy, void, { if (ref_put(&this->ref)) { + DESTROY_IF(this->quote_info); free(this->value.ptr); - free(this->pcr_comp.ptr); - free(this->tpm_quote_sig.ptr); + free(this->quote_sig.ptr); free(this->evid_sig.ptr); free(this); } @@ -167,14 +197,36 @@ METHOD(pa_tnc_attr_t, destroy, void, METHOD(pa_tnc_attr_t, build, void, private_tcg_pts_attr_simple_evid_final_t *this) { + chunk_t pcr_digest, pcr_select, qualified_signer, clock_info, version_info; + hash_algorithm_t pcr_digest_alg; + tpm_quote_mode_t quote_mode; bio_writer_t *writer; - u_int8_t flags; + uint8_t flags; if (this->value.ptr) { return; } - flags = this->flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK; + + quote_mode = this->quote_info->get_quote_mode(this->quote_info); + switch (quote_mode) + { + case TPM_QUOTE: + flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO; + break; + case TPM_QUOTE2: + flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2; + break; + case TPM_QUOTE2_VERSION_INFO: + flags = PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER; + break; + case TPM_QUOTE_TPM2: + flags = PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2; + break; + case TPM_QUOTE_NONE: + default: + flags = PTS_SIMPLE_EVID_FINAL_NO; + } if (this->has_evid_sig) { @@ -185,25 +237,35 @@ METHOD(pa_tnc_attr_t, build, void, writer->write_uint8 (writer, flags); writer->write_uint8 (writer, PTS_SIMPLE_EVID_FINAL_RESERVED); - /** Optional Composite Hash Algorithm field is always present - * Field has value of all zeroes if not used. - * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 - */ - writer->write_uint16(writer, this->comp_hash_algorithm); + pcr_digest_alg = this->quote_info->get_pcr_digest_alg(this->quote_info); + pcr_digest = this->quote_info->get_pcr_digest(this->quote_info); + + writer->write_uint16(writer, pts_meas_algo_from_hash(pcr_digest_alg)); /* Optional fields */ - if (this->flags != PTS_SIMPLE_EVID_FINAL_NO) + if (quote_mode != TPM_QUOTE_NONE) { - writer->write_uint32 (writer, this->pcr_comp.len); - writer->write_data (writer, this->pcr_comp); - - writer->write_uint32 (writer, this->tpm_quote_sig.len); - writer->write_data (writer, this->tpm_quote_sig); + writer->write_data32(writer, pcr_digest); } - if (this->has_evid_sig) + if (quote_mode == TPM_QUOTE_TPM2) { - writer->write_data (writer, this->evid_sig); + version_info = this->quote_info->get_version_info(this->quote_info); + this->quote_info->get_tpm2_info(this->quote_info, &qualified_signer, + &clock_info, &pcr_select); + writer->write_data16(writer, qualified_signer); + writer->write_data16(writer, clock_info); + writer->write_data16(writer, version_info); + writer->write_data16(writer, pcr_select); + } + + if (quote_mode != TPM_QUOTE_NONE) + { + writer->write_data32(writer, this->quote_sig); + if (this->has_evid_sig) + { + writer->write_data(writer, this->evid_sig); + } } this->value = writer->extract_buf(writer); @@ -212,12 +274,16 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_simple_evid_final_t *this, u_int32_t *offset) + private_tcg_pts_attr_simple_evid_final_t *this, uint32_t *offset) { + hash_algorithm_t pcr_digest_alg; + tpm_quote_mode_t quote_mode; bio_reader_t *reader; - u_int8_t flags, reserved; - u_int16_t algorithm; - u_int32_t pcr_comp_len, tpm_quote_sig_len, evid_sig_len; + uint8_t flags, reserved; + uint16_t algorithm; + uint32_t evid_sig_len; + chunk_t pcr_digest = chunk_empty, quote_sig, evid_sig; + chunk_t qualified_signer, clock_info, version_info, pcr_select; status_t status = FAILED; *offset = 0; @@ -236,56 +302,99 @@ METHOD(pa_tnc_attr_t, process, status_t, reader->read_uint8(reader, &flags); reader->read_uint8(reader, &reserved); - this->flags = flags & PTS_SIMPLE_EVID_FINAL_FLAG_MASK; - this->has_evid_sig = (flags & PTS_SIMPLE_EVID_FINAL_EVID_SIG) != 0; + flags &= PTS_SIMPLE_EVID_FINAL_QUOTE_INFO_MASK; + + switch (flags) + { + case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO: + quote_mode = TPM_QUOTE; + break; + case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2: + quote_mode = TPM_QUOTE2; + break; + case PTS_SIMPLE_EVID_FINAL_QUOTE_INFO2_CAP_VER: + quote_mode = TPM_QUOTE2_VERSION_INFO; + break; + case PTS_SIMPLE_EVID_FINAL_EVID_QUOTE_INFO_TPM2: + quote_mode = TPM_QUOTE_TPM2; + break; + case PTS_SIMPLE_EVID_FINAL_NO: + default: + quote_mode = TPM_QUOTE_NONE; + break; + } + /** Optional Composite Hash Algorithm field is always present * Field has value of all zeroes if not used. * Implemented adhering the suggestion of Paul Sangster 28.Oct.2011 */ - reader->read_uint16(reader, &algorithm); - this->comp_hash_algorithm = algorithm; + pcr_digest_alg = pts_meas_algo_to_hash(algorithm); - /* Optional Composite Hash Algorithm and TPM PCR Composite fields */ - if (this->flags != PTS_SIMPLE_EVID_FINAL_NO) + /* Optional fields */ + if (quote_mode != TPM_QUOTE_NONE) { - if (!reader->read_uint32(reader, &pcr_comp_len)) + if (!reader->read_data32(reader, &pcr_digest)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " - "PCR Composite Length"); + "PCR Composite"); goto end; } - if (!reader->read_data(reader, pcr_comp_len, &this->pcr_comp)) + } + this->quote_info = tpm_tss_quote_info_create(quote_mode, pcr_digest_alg, + pcr_digest); + + if (quote_mode == TPM_QUOTE_TPM2) + { + if (!reader->read_data16(reader, &qualified_signer)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " - "PCR Composite"); + "Qualified Signer"); goto end; } - this->pcr_comp = chunk_clone(this->pcr_comp); - - if (!reader->read_uint32(reader, &tpm_quote_sig_len)) + if (!reader->read_data16(reader, &clock_info)) + { + DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " + "Clock Info"); + goto end; + } + if (!reader->read_data16(reader, &version_info)) + { + DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " + "Version Info"); + goto end; + } + if (!reader->read_data16(reader, &pcr_select)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " - "TPM Quote Singature Length"); + "PCR select"); goto end; } - if (!reader->read_data(reader, tpm_quote_sig_len, &this->tpm_quote_sig)) + this->quote_info->set_tpm2_info(this->quote_info, qualified_signer, + clock_info, pcr_select); + this->quote_info->set_version_info(this->quote_info, version_info); + } + + + if (quote_mode != TPM_QUOTE_NONE) + { + if (!reader->read_data32(reader, "e_sig)) { DBG1(DBG_TNC, "insufficient data for PTS Simple Evidence Final " "TPM Quote Singature"); goto end; } - this->tpm_quote_sig = chunk_clone(this->tpm_quote_sig); + this->quote_sig = chunk_clone(quote_sig); } /* Optional Evidence Signature field */ if (this->has_evid_sig) { evid_sig_len = reader->remaining(reader); - reader->read_data(reader, evid_sig_len, &this->evid_sig); - this->evid_sig = chunk_clone(this->evid_sig); + reader->read_data(reader, evid_sig_len, &evid_sig); + this->evid_sig = chunk_clone(evid_sig); } reader->destroy(reader); @@ -296,23 +405,18 @@ end: return status; } -METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, u_int8_t, +METHOD(tcg_pts_attr_simple_evid_final_t, get_quote_info, void, private_tcg_pts_attr_simple_evid_final_t *this, - pts_meas_algorithms_t *comp_hash_algo, chunk_t *pcr_comp, chunk_t *tpm_quote_sig) + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) { - if (comp_hash_algo) - { - *comp_hash_algo = this->comp_hash_algorithm; - } - if (pcr_comp) + if (quote_info) { - *pcr_comp = this->pcr_comp; + *quote_info = this->quote_info; } - if (tpm_quote_sig) + if (quote_sig) { - *tpm_quote_sig = this->tpm_quote_sig; + *quote_sig = this->quote_sig; } - return this->flags; } METHOD(tcg_pts_attr_simple_evid_final_t, get_evid_sig, bool, @@ -335,9 +439,8 @@ METHOD(tcg_pts_attr_simple_evid_final_t, set_evid_sig, void, /** * Described in header. */ -pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, - pts_meas_algorithms_t comp_hash_algorithm, - chunk_t pcr_comp, chunk_t tpm_quote_sig) +pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create( + tpm_tss_quote_info_t *quote_info, chunk_t quote_sig) { private_tcg_pts_attr_simple_evid_final_t *this; @@ -359,10 +462,8 @@ pa_tnc_attr_t *tcg_pts_attr_simple_evid_final_create(u_int8_t flags, .set_evid_sig = _set_evid_sig, }, .type = { PEN_TCG, TCG_PTS_SIMPLE_EVID_FINAL }, - .flags = flags, - .comp_hash_algorithm = comp_hash_algorithm, - .pcr_comp = pcr_comp, - .tpm_quote_sig = tpm_quote_sig, + .quote_info = quote_info, + .quote_sig = quote_sig, .ref = 1, ); diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h index 8343b5b30..849174a8f 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h +++ b/src/libimcv/tcg/pts/tcg_pts_attr_simple_evid_final.h @@ -1,6 +1,6 @@ /* * Copyright (C) 2011 Sansar Choinyambuu - * Copyright (C) 2014 Andreas Steffen + * Copyright (C) 2014-2016 Andreas Steffen * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it @@ -28,6 +28,8 @@ typedef struct tcg_pts_attr_simple_evid_final_t tcg_pts_attr_simple_evid_final_t #include "tcg_pts_attr_meas_algo.h" #include "pa_tnc/pa_tnc_attr.h" +#include <tpm_tss_quote_info.h> + /** * Class implementing the TCG PTS Simple Evidence Final attribute * @@ -40,16 +42,14 @@ struct tcg_pts_attr_simple_evid_final_t { pa_tnc_attr_t pa_tnc_attribute; /** - * Get Optional PCR Composite and TPM Quote Signature + * Get Optional TPM Quote Info and TPM Quote Signature * - * @param comp_hash_algo Optional Composite Hash Algorithm - * @param pcr_comp Optional PCR Composite - * @param tpm_quote sig Optional TPM Quote Signature - * @return PTS_SIMPLE_EVID_FINAL flags + * @param quote_info Optional TPM Quote Info + * @param quote sig Optional TPM Quote Signature */ - u_int8_t (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this, - pts_meas_algorithms_t *comp_hash_algo, - chunk_t *pcr_comp, chunk_t *tpm_quote_sig); + void (*get_quote_info)(tcg_pts_attr_simple_evid_final_t *this, + tpm_tss_quote_info_t **quote_info, + chunk_t *quote_sig); /** * Get Optional Evidence Signature @@ -73,16 +73,11 @@ struct tcg_pts_attr_simple_evid_final_t { /** * Creates an tcg_pts_attr_simple_evid_final_t object * - * @param flags Set of flags - * @param comp_hash_algorithm Composite Hash Algorithm - * @param pcr_comp Optional TPM PCR Composite - * @param tpm_quote_sign Optional TPM Quote Signature + * @param quote_info Optional TPM Quote Info + * @param quote_sig Optional TPM Quote Signature */ pa_tnc_attr_t* tcg_pts_attr_simple_evid_final_create( - u_int8_t flags, - pts_meas_algorithms_t comp_hash_algorithm, - chunk_t pcr_comp, - chunk_t tpm_quote_sign); + tpm_tss_quote_info_t *quote_info, chunk_t quote_sig); /** * Creates an tcg_pts_attr_simple_evid_final_t object from received data diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c index db877e9c5..fca1932a9 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_tpm_version_info.c @@ -122,7 +122,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_tpm_version_info_t *this, u_int32_t *offset) + private_tcg_pts_attr_tpm_version_info_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c index 7c176fdf6..df5898c3e 100644 --- a/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c +++ b/src/libimcv/tcg/pts/tcg_pts_attr_unix_file_meta.c @@ -144,7 +144,7 @@ METHOD(pa_tnc_attr_t, build, void, bio_writer_t *writer; enumerator_t *enumerator; pts_file_metadata_t *entry; - u_int64_t number_of_files; + uint64_t number_of_files; if (this->value.ptr) { @@ -179,14 +179,14 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_pts_attr_file_meta_t *this, u_int32_t *offset) + private_tcg_pts_attr_file_meta_t *this, uint32_t *offset) { bio_reader_t *reader; pts_file_metadata_t *entry; - u_int8_t type, reserved; - u_int16_t len; - u_int64_t number_of_files, filesize, created, modified, accessed; - u_int64_t owner, group; + uint8_t type, reserved; + uint16_t len; + uint64_t number_of_files, filesize, created, modified, accessed; + uint64_t owner, group; chunk_t filename; status_t status = FAILED; diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c index 010eaf83d..e56a96f94 100644 --- a/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c +++ b/src/libimcv/tcg/seg/tcg_seg_attr_max_size.c @@ -124,7 +124,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_seg_attr_max_size_t *this, u_int32_t *offset) + private_tcg_seg_attr_max_size_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c index 995f64cad..985e57be8 100644 --- a/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c +++ b/src/libimcv/tcg/seg/tcg_seg_attr_next_seg.c @@ -128,7 +128,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_seg_attr_next_seg_t *this, u_int32_t *offset) + private_tcg_seg_attr_next_seg_t *this, uint32_t *offset) { bio_reader_t *reader; uint8_t flags; diff --git a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c index 4f767539c..7cd585a04 100644 --- a/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c +++ b/src/libimcv/tcg/seg/tcg_seg_attr_seg_env.c @@ -119,7 +119,7 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_seg_attr_seg_env_t *this, u_int32_t *offset) + private_tcg_seg_attr_seg_env_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.c b/src/libimcv/tcg/swid/tcg_swid_attr_req.c index 561242758..f02bbcb85 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.c +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.c @@ -80,17 +80,17 @@ struct private_tcg_swid_attr_req_t { /** * SWID request flags */ - u_int8_t flags; + uint8_t flags; /** * Request ID */ - u_int32_t request_id; + uint32_t request_id; /** * Earliest EID */ - u_int32_t earliest_eid; + uint32_t earliest_eid; /** * List of Target Tag Identifiers @@ -162,10 +162,10 @@ METHOD(pa_tnc_attr_t, build, void, } METHOD(pa_tnc_attr_t, process, status_t, - private_tcg_swid_attr_req_t *this, u_int32_t *offset) + private_tcg_swid_attr_req_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int32_t tag_id_count; + uint32_t tag_id_count; chunk_t tag_creator, unique_sw_id; swid_tag_id_t *tag_id; @@ -244,19 +244,19 @@ METHOD(pa_tnc_attr_t, destroy, void, } } -METHOD(tcg_swid_attr_req_t, get_flags, u_int8_t, +METHOD(tcg_swid_attr_req_t, get_flags, uint8_t, private_tcg_swid_attr_req_t *this) { return this->flags; } -METHOD(tcg_swid_attr_req_t, get_request_id, u_int32_t, +METHOD(tcg_swid_attr_req_t, get_request_id, uint32_t, private_tcg_swid_attr_req_t *this) { return this->request_id; } -METHOD(tcg_swid_attr_req_t, get_earliest_eid, u_int32_t, +METHOD(tcg_swid_attr_req_t, get_earliest_eid, uint32_t, private_tcg_swid_attr_req_t *this) { return this->earliest_eid; @@ -277,8 +277,8 @@ METHOD(tcg_swid_attr_req_t, get_targets, swid_inventory_t*, /** * Described in header. */ -pa_tnc_attr_t *tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id, - u_int32_t eid) +pa_tnc_attr_t *tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, + uint32_t eid) { private_tcg_swid_attr_req_t *this; diff --git a/src/libimcv/tcg/swid/tcg_swid_attr_req.h b/src/libimcv/tcg/swid/tcg_swid_attr_req.h index fd2ccdc4f..b28c33a8b 100644 --- a/src/libimcv/tcg/swid/tcg_swid_attr_req.h +++ b/src/libimcv/tcg/swid/tcg_swid_attr_req.h @@ -53,21 +53,21 @@ struct tcg_swid_attr_req_t { * * @return Flags */ - u_int8_t (*get_flags)(tcg_swid_attr_req_t *this); + uint8_t (*get_flags)(tcg_swid_attr_req_t *this); /** * Get Request ID * * @return Request ID */ - u_int32_t (*get_request_id)(tcg_swid_attr_req_t *this); + uint32_t (*get_request_id)(tcg_swid_attr_req_t *this); /** * Get Earliest EID * * @return Event ID */ - u_int32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this); + uint32_t (*get_earliest_eid)(tcg_swid_attr_req_t *this); /** * Add Tag ID @@ -92,8 +92,8 @@ struct tcg_swid_attr_req_t { * @param request_id Request ID * @param eid Earliest Event ID */ -pa_tnc_attr_t* tcg_swid_attr_req_create(u_int8_t flags, u_int32_t request_id, - u_int32_t eid); +pa_tnc_attr_t* tcg_swid_attr_req_create(uint8_t flags, uint32_t request_id, + uint32_t eid); /** * Creates an tcg_swid_attr_req_t object from received data diff --git a/src/libimcv/tcg/tcg_attr.c b/src/libimcv/tcg/tcg_attr.c index 3ed6e8699..ab1fa43a5 100644 --- a/src/libimcv/tcg/tcg_attr.c +++ b/src/libimcv/tcg/tcg_attr.c @@ -185,7 +185,7 @@ ENUM_END(tcg_attr_names, TCG_PTS_AIK); /** * See header */ -pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, chunk_t value) +pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t value) { switch (type) { diff --git a/src/libimcv/tcg/tcg_attr.h b/src/libimcv/tcg/tcg_attr.h index 3a9a7b2e7..d915c785c 100644 --- a/src/libimcv/tcg/tcg_attr.h +++ b/src/libimcv/tcg/tcg_attr.h @@ -101,7 +101,7 @@ extern enum_name_t *tcg_attr_names; * @param length attribute length * @param value attribute value or segment */ -pa_tnc_attr_t* tcg_attr_create_from_data(u_int32_t type, size_t length, +pa_tnc_attr_t* tcg_attr_create_from_data(uint32_t type, size_t length, chunk_t value); #endif /** TCG_ATTR_H_ @}*/ diff --git a/src/libipsec/Makefile.in b/src/libipsec/Makefile.in index a08d8c51f..19a2577b7 100644 --- a/src/libipsec/Makefile.in +++ b/src/libipsec/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libipsec -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -215,6 +224,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -246,6 +256,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -295,6 +306,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -329,6 +341,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -440,6 +453,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -509,7 +523,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libipsec/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libipsec/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -894,6 +907,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libipsec/esp_context.c b/src/libipsec/esp_context.c index 2b003e390..6c7e9a1c9 100644 --- a/src/libipsec/esp_context.c +++ b/src/libipsec/esp_context.c @@ -49,7 +49,7 @@ struct private_esp_context_t { * The highest sequence number that was successfully verified * and authenticated, or assigned in an outbound context */ - u_int32_t last_seqno; + uint32_t last_seqno; /** * The bit in the window of the highest authenticated sequence number @@ -103,7 +103,7 @@ static inline bool get_window_bit(private_esp_context_t *this, u_int index) /** * Returns TRUE if the supplied seqno is not already marked in the window */ -static bool check_window(private_esp_context_t *this, u_int32_t seqno) +static bool check_window(private_esp_context_t *this, uint32_t seqno) { u_int offset; @@ -113,7 +113,7 @@ static bool check_window(private_esp_context_t *this, u_int32_t seqno) } METHOD(esp_context_t, verify_seqno, bool, - private_esp_context_t *this, u_int32_t seqno) + private_esp_context_t *this, uint32_t seqno) { if (!this->inbound) { @@ -145,7 +145,7 @@ METHOD(esp_context_t, verify_seqno, bool, } METHOD(esp_context_t, set_authenticated_seqno, void, - private_esp_context_t *this, u_int32_t seqno) + private_esp_context_t *this, uint32_t seqno) { u_int i, shift; @@ -173,14 +173,14 @@ METHOD(esp_context_t, set_authenticated_seqno, void, } } -METHOD(esp_context_t, get_seqno, u_int32_t, +METHOD(esp_context_t, get_seqno, uint32_t, private_esp_context_t *this) { return this->last_seqno; } METHOD(esp_context_t, next_seqno, bool, - private_esp_context_t *this, u_int32_t *seqno) + private_esp_context_t *this, uint32_t *seqno) { if (this->inbound || this->last_seqno == UINT32_MAX) { /* inbound or segno would cycle */ diff --git a/src/libipsec/esp_context.h b/src/libipsec/esp_context.h index b33daf589..322dab97f 100644 --- a/src/libipsec/esp_context.h +++ b/src/libipsec/esp_context.h @@ -46,7 +46,7 @@ struct esp_context_t { * * @return current sequence number, in host byte order */ - u_int32_t (*get_seqno)(esp_context_t *this); + uint32_t (*get_seqno)(esp_context_t *this); /** * Allocate the next outbound ESP sequence number. @@ -54,7 +54,7 @@ struct esp_context_t { * @param seqno the sequence number, in host byte order * @return FALSE if the sequence number cycled or inbound context */ - bool (*next_seqno)(esp_context_t *this, u_int32_t *seqno); + bool (*next_seqno)(esp_context_t *this, uint32_t *seqno); /** * Verify an ESP sequence number. Checks whether a packet with this @@ -66,7 +66,7 @@ struct esp_context_t { * @param seqno the sequence number to verify, in host byte order * @return TRUE when sequence number is valid */ - bool (*verify_seqno)(esp_context_t *this, u_int32_t seqno); + bool (*verify_seqno)(esp_context_t *this, uint32_t seqno); /** * Adds a sequence number that was successfully verified and @@ -76,7 +76,7 @@ struct esp_context_t { * @param seqno verified and authenticated seq number in host byte order */ void (*set_authenticated_seqno)(esp_context_t *this, - u_int32_t seqno); + uint32_t seqno); /** * Destroy an esp_context_t diff --git a/src/libipsec/esp_packet.c b/src/libipsec/esp_packet.c index 822302280..50bc8b4f7 100644 --- a/src/libipsec/esp_packet.c +++ b/src/libipsec/esp_packet.c @@ -52,7 +52,7 @@ struct private_esp_packet_t { /** * Next Header info (e.g. IPPROTO_IPIP) */ - u_int8_t next_header; + uint8_t next_header; }; @@ -97,14 +97,14 @@ METHOD(packet_t, set_data, void, return this->packet->set_data(this->packet, data); } -METHOD(packet_t, get_dscp, u_int8_t, +METHOD(packet_t, get_dscp, uint8_t, private_esp_packet_t *this) { return this->packet->get_dscp(this->packet); } METHOD(packet_t, set_dscp, void, - private_esp_packet_t *this, u_int8_t value) + private_esp_packet_t *this, uint8_t value) { this->packet->set_dscp(this->packet, value); } @@ -127,10 +127,10 @@ METHOD(packet_t, clone_, packet_t*, } METHOD(esp_packet_t, parse_header, bool, - private_esp_packet_t *this, u_int32_t *spi) + private_esp_packet_t *this, uint32_t *spi) { bio_reader_t *reader; - u_int32_t seq; + uint32_t seq; reader = bio_reader_create(this->packet->get_data(this->packet)); if (!reader->read_uint32(reader, spi) || @@ -156,7 +156,7 @@ static bool check_padding(chunk_t padding) for (i = 0; i < padding.len; ++i) { - if (padding.ptr[i] != (u_int8_t)(i + 1)) + if (padding.ptr[i] != (uint8_t)(i + 1)) { return FALSE; } @@ -169,7 +169,7 @@ static bool check_padding(chunk_t padding) */ static bool remove_padding(private_esp_packet_t *this, chunk_t plaintext) { - u_int8_t next_header, pad_length; + uint8_t next_header, pad_length; chunk_t padding, payload; bio_reader_t *reader; @@ -211,7 +211,7 @@ METHOD(esp_packet_t, decrypt, status_t, private_esp_packet_t *this, esp_context_t *esp_context) { bio_reader_t *reader; - u_int32_t spi, seq; + uint32_t spi, seq; chunk_t data, iv, icv, aad, ciphertext, plaintext; aead_t *aead; @@ -272,16 +272,16 @@ static void generate_padding(chunk_t padding) for (i = 0; i < padding.len; ++i) { - padding.ptr[i] = (u_int8_t)(i + 1); + padding.ptr[i] = (uint8_t)(i + 1); } } METHOD(esp_packet_t, encrypt, status_t, - private_esp_packet_t *this, esp_context_t *esp_context, u_int32_t spi) + private_esp_packet_t *this, esp_context_t *esp_context, uint32_t spi) { chunk_t iv, icv, aad, padding, payload, ciphertext; bio_writer_t *writer; - u_int32_t next_seqno; + uint32_t next_seqno; size_t blocksize, plainlen; aead_t *aead; iv_gen_t *iv_gen; @@ -316,7 +316,7 @@ METHOD(esp_packet_t, encrypt, status_t, plainlen += padding.len; /* len = spi, seq, IV, plaintext, ICV */ - writer = bio_writer_create(2 * sizeof(u_int32_t) + iv.len + plainlen + + writer = bio_writer_create(2 * sizeof(uint32_t) + iv.len + plainlen + icv.len); writer->write_uint32(writer, ntohl(spi)); writer->write_uint32(writer, next_seqno); @@ -349,7 +349,7 @@ METHOD(esp_packet_t, encrypt, status_t, DBG3(DBG_ESP, "ESP before encryption:\n payload = %B\n padding = %B\n " "padding length = %hhu, next header = %hhu", &payload, &padding, - (u_int8_t)padding.len, this->next_header); + (uint8_t)padding.len, this->next_header); /* encrypt/authenticate the content inline */ if (!aead->encrypt(aead, ciphertext, aad, iv, NULL)) @@ -368,7 +368,7 @@ METHOD(esp_packet_t, encrypt, status_t, return SUCCESS; } -METHOD(esp_packet_t, get_next_header, u_int8_t, +METHOD(esp_packet_t, get_next_header, uint8_t, private_esp_packet_t *this) { return this->next_header; diff --git a/src/libipsec/esp_packet.h b/src/libipsec/esp_packet.h index f1941a3ba..c42acba43 100644 --- a/src/libipsec/esp_packet.h +++ b/src/libipsec/esp_packet.h @@ -64,7 +64,7 @@ struct esp_packet_t { * @return TRUE when successful, FALSE otherwise (e.g. when the * length of the packet is invalid) */ - bool (*parse_header)(esp_packet_t *this, u_int32_t *spi); + bool (*parse_header)(esp_packet_t *this, uint32_t *spi); /** * Authenticate and decrypt the packet. Also verifies the sequence number @@ -94,7 +94,7 @@ struct esp_packet_t { * - NOT_FOUND if no suitable IV generator provided */ status_t (*encrypt)(esp_packet_t *this, esp_context_t *esp_context, - u_int32_t spi); + uint32_t spi); /** * Get the next header field of a packet. @@ -103,7 +103,7 @@ struct esp_packet_t { * * @return next header field */ - u_int8_t (*get_next_header)(esp_packet_t *this); + uint8_t (*get_next_header)(esp_packet_t *this); /** * Get the plaintext payload of this packet. diff --git a/src/libipsec/ip_packet.c b/src/libipsec/ip_packet.c index 21dbd5e89..0fdd5d340 100644 --- a/src/libipsec/ip_packet.c +++ b/src/libipsec/ip_packet.c @@ -31,14 +31,14 @@ * and unfortunately Android does not define a variant with BSD names. */ struct tcphdr { - u_int16_t source; - u_int16_t dest; - u_int32_t seq; - u_int32_t ack_seq; - u_int16_t flags; - u_int16_t window; - u_int16_t check; - u_int16_t urg_ptr; + uint16_t source; + uint16_t dest; + uint32_t seq; + uint32_t ack_seq; + uint16_t flags; + uint16_t window; + uint16_t check; + uint16_t urg_ptr; } __attribute__((packed)); /** @@ -47,10 +47,10 @@ struct tcphdr { * the BSD member names, but this is simpler and more consistent with the above. */ struct udphdr { - u_int16_t source; - u_int16_t dest; - u_int16_t len; - u_int16_t check; + uint16_t source; + uint16_t dest; + uint16_t len; + uint16_t check; } __attribute__((packed)); typedef struct private_ip_packet_t private_ip_packet_t; @@ -88,16 +88,16 @@ struct private_ip_packet_t { /** * IP version */ - u_int8_t version; + uint8_t version; /** * Protocol|Next Header field */ - u_int8_t next_header; + uint8_t next_header; }; -METHOD(ip_packet_t, get_version, u_int8_t, +METHOD(ip_packet_t, get_version, uint8_t, private_ip_packet_t *this) { return this->version; @@ -127,7 +127,7 @@ METHOD(ip_packet_t, get_payload, chunk_t, return this->payload; } -METHOD(ip_packet_t, get_next_header, u_int8_t, +METHOD(ip_packet_t, get_next_header, uint8_t, private_ip_packet_t *this) { return this->next_header; @@ -151,8 +151,8 @@ METHOD(ip_packet_t, destroy, void, /** * Parse transport protocol header */ -static bool parse_transport_header(chunk_t packet, u_int8_t proto, - u_int16_t *sport, u_int16_t *dport) +static bool parse_transport_header(chunk_t packet, uint8_t proto, + uint16_t *sport, uint16_t *dport) { switch (proto) { @@ -196,8 +196,8 @@ static bool parse_transport_header(chunk_t packet, u_int8_t proto, ip_packet_t *ip_packet_create(chunk_t packet) { private_ip_packet_t *this; - u_int8_t version, next_header; - u_int16_t sport = 0, dport = 0; + uint8_t version, next_header; + uint16_t sport = 0, dport = 0; host_t *src, *dst; chunk_t payload; @@ -296,19 +296,19 @@ failed: /** * Calculate the checksum for the pseudo IP header */ -static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst, - u_int8_t proto, chunk_t payload) +static uint16_t pseudo_header_checksum(host_t *src, host_t *dst, + uint8_t proto, chunk_t payload) { switch (src->get_family(src)) { case AF_INET: { struct __attribute__((packed)) { - u_int32_t src; - u_int32_t dst; + uint32_t src; + uint32_t dst; u_char zero; u_char proto; - u_int16_t len; + uint16_t len; } pseudo = { .proto = proto, .len = htons(payload.len), @@ -324,7 +324,7 @@ static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst, struct __attribute__((packed)) { u_char src[16]; u_char dst[16]; - u_int32_t len; + uint32_t len; u_char zero[3]; u_char next_header; } pseudo = { @@ -344,10 +344,10 @@ static u_int16_t pseudo_header_checksum(host_t *src, host_t *dst, /** * Apply transport ports and calculate header checksums */ -static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto, +static void fix_transport_header(host_t *src, host_t *dst, uint8_t proto, chunk_t payload) { - u_int16_t sum = 0, sport, dport; + uint16_t sum = 0, sport, dport; sport = src->get_port(src); dport = dst->get_port(dst); @@ -407,7 +407,7 @@ static void fix_transport_header(host_t *src, host_t *dst, u_int8_t proto, * Described in header. */ ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst, - u_int8_t next_header, chunk_t data) + uint8_t next_header, chunk_t data) { chunk_t packet; int family; diff --git a/src/libipsec/ip_packet.h b/src/libipsec/ip_packet.h index fa38eac2c..1e1d619a2 100644 --- a/src/libipsec/ip_packet.h +++ b/src/libipsec/ip_packet.h @@ -37,7 +37,7 @@ struct ip_packet_t { * * @return ip version */ - u_int8_t (*get_version)(ip_packet_t *this); + uint8_t (*get_version)(ip_packet_t *this); /** * Get the source address of this packet @@ -58,7 +58,7 @@ struct ip_packet_t { * * @return protocol|next header field */ - u_int8_t (*get_next_header)(ip_packet_t *this); + uint8_t (*get_next_header)(ip_packet_t *this); /** * Get the complete IP packet (including the header) @@ -113,7 +113,7 @@ ip_packet_t *ip_packet_create(chunk_t packet); * @return ip_packet_t instance, or NULL if invalid */ ip_packet_t *ip_packet_create_from_data(host_t *src, host_t *dst, - u_int8_t next_header, chunk_t data); + uint8_t next_header, chunk_t data); /** * Encode a UDP packet from the given data. diff --git a/src/libipsec/ipsec_event_listener.h b/src/libipsec/ipsec_event_listener.h index f15f6fe52..e784cedb3 100644 --- a/src/libipsec/ipsec_event_listener.h +++ b/src/libipsec/ipsec_event_listener.h @@ -40,7 +40,7 @@ struct ipsec_event_listener_t { * @param dst destination address of expired SA * @param hard TRUE if this is a hard expire, FALSE otherwise */ - void (*expire)(u_int8_t protocol, u_int32_t spi, host_t *dst, bool hard); + void (*expire)(uint8_t protocol, uint32_t spi, host_t *dst, bool hard); }; #endif /** IPSEC_EVENT_LISTENER_H_ @}*/ diff --git a/src/libipsec/ipsec_event_relay.c b/src/libipsec/ipsec_event_relay.c index 048063053..94cc6527f 100644 --- a/src/libipsec/ipsec_event_relay.c +++ b/src/libipsec/ipsec_event_relay.c @@ -67,12 +67,12 @@ typedef struct { /** * Protocol of the SA */ - u_int8_t protocol; + uint8_t protocol; /** * SPI of the SA, if any */ - u_int32_t spi; + uint32_t spi; /** * SA destination address @@ -135,7 +135,7 @@ static job_requeue_t handle_events(private_ipsec_event_relay_t *this) } METHOD(ipsec_event_relay_t, expire, void, - private_ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi, + private_ipsec_event_relay_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard) { ipsec_event_t *event; diff --git a/src/libipsec/ipsec_event_relay.h b/src/libipsec/ipsec_event_relay.h index 1dddf121b..056352e84 100644 --- a/src/libipsec/ipsec_event_relay.h +++ b/src/libipsec/ipsec_event_relay.h @@ -43,7 +43,7 @@ struct ipsec_event_relay_t { * @param dst destination address of expired SA * @param hard TRUE for a hard expire, FALSE otherwise */ - void (*expire)(ipsec_event_relay_t *this, u_int8_t protocol, u_int32_t spi, + void (*expire)(ipsec_event_relay_t *this, uint8_t protocol, uint32_t spi, host_t *dst, bool hard); /** diff --git a/src/libipsec/ipsec_policy.c b/src/libipsec/ipsec_policy.c index 8407921ac..8077d3c8d 100644 --- a/src/libipsec/ipsec_policy.c +++ b/src/libipsec/ipsec_policy.c @@ -54,7 +54,7 @@ struct private_ipsec_policy_t { /** * If any of the two TS has a protocol selector we cache it here */ - u_int8_t protocol; + uint8_t protocol; /** * Traffic direction @@ -90,7 +90,7 @@ struct private_ipsec_policy_t { METHOD(ipsec_policy_t, match, bool, private_ipsec_policy_t *this, traffic_selector_t *src_ts, - traffic_selector_t *dst_ts, policy_dir_t direction, u_int32_t reqid, + traffic_selector_t *dst_ts, policy_dir_t direction, uint32_t reqid, mark_t mark, policy_priority_t priority) { return (this->direction == direction && @@ -104,7 +104,7 @@ METHOD(ipsec_policy_t, match, bool, METHOD(ipsec_policy_t, match_packet, bool, private_ipsec_policy_t *this, ip_packet_t *packet) { - u_int8_t proto = packet->get_next_header(packet); + uint8_t proto = packet->get_next_header(packet); host_t *src = packet->get_source(packet), *dst = packet->get_destination(packet); @@ -125,7 +125,7 @@ METHOD(ipsec_policy_t, get_destination_ts, traffic_selector_t*, return this->dst_ts; } -METHOD(ipsec_policy_t, get_reqid, u_int32_t, +METHOD(ipsec_policy_t, get_reqid, uint32_t, private_ipsec_policy_t *this) { return this->sa.reqid; diff --git a/src/libipsec/ipsec_policy.h b/src/libipsec/ipsec_policy.h index 23a9ea99d..6d67a602e 100644 --- a/src/libipsec/ipsec_policy.h +++ b/src/libipsec/ipsec_policy.h @@ -77,7 +77,7 @@ struct ipsec_policy_t { * * @return the reqid */ - u_int32_t (*get_reqid)(ipsec_policy_t *this); + uint32_t (*get_reqid)(ipsec_policy_t *this); /** * Get another reference to this policy @@ -99,7 +99,7 @@ struct ipsec_policy_t { */ bool (*match)(ipsec_policy_t *this, traffic_selector_t *src_ts, traffic_selector_t *dst_ts, policy_dir_t direction, - u_int32_t reqid, mark_t mark, policy_priority_t priority); + uint32_t reqid, mark_t mark, policy_priority_t priority); /** * Check if this policy matches the given IP packet diff --git a/src/libipsec/ipsec_policy_mgr.c b/src/libipsec/ipsec_policy_mgr.c index 3f312ffd2..8570e07a8 100644 --- a/src/libipsec/ipsec_policy_mgr.c +++ b/src/libipsec/ipsec_policy_mgr.c @@ -57,7 +57,7 @@ typedef struct { /** * Priority used to sort policies */ - u_int32_t priority; + uint32_t priority; /** * The policy @@ -70,13 +70,13 @@ typedef struct { * Calculate the pseudo-priority to sort policies. This is the same algorithm * used by the NETLINK kernel interface (i.e. high priority -> low value). */ -static u_int32_t calculate_priority(policy_priority_t policy_priority, +static uint32_t calculate_priority(policy_priority_t policy_priority, traffic_selector_t *src, traffic_selector_t *dst) { - u_int32_t priority = PRIO_BASE; - u_int16_t port; - u_int8_t mask, proto; + uint32_t priority = PRIO_BASE; + uint16_t port; + uint8_t mask, proto; host_t *net; switch (policy_priority) @@ -182,7 +182,7 @@ METHOD(ipsec_policy_mgr_t, del_policy, status_t, { enumerator_t *enumerator; ipsec_policy_entry_t *current, *found = NULL; - u_int32_t priority; + uint32_t priority; if (type != POLICY_IPSEC || direction == POLICY_FWD) { /* we ignore these policies as we currently have no use for them */ @@ -235,7 +235,7 @@ METHOD(ipsec_policy_mgr_t, flush_policies, status_t, METHOD(ipsec_policy_mgr_t, find_by_packet, ipsec_policy_t*, private_ipsec_policy_mgr_t *this, ip_packet_t *packet, bool inbound, - u_int32_t reqid) + uint32_t reqid) { enumerator_t *enumerator; ipsec_policy_entry_t *current; diff --git a/src/libipsec/ipsec_policy_mgr.h b/src/libipsec/ipsec_policy_mgr.h index 0ea797e7a..97e147e40 100644 --- a/src/libipsec/ipsec_policy_mgr.h +++ b/src/libipsec/ipsec_policy_mgr.h @@ -105,7 +105,7 @@ struct ipsec_policy_mgr_t { */ ipsec_policy_t *(*find_by_packet)(ipsec_policy_mgr_t *this, ip_packet_t *packet, bool inbound, - u_int32_t reqid); + uint32_t reqid); /** * Destroy an ipsec_policy_mgr_t diff --git a/src/libipsec/ipsec_processor.c b/src/libipsec/ipsec_processor.c index ee297a34b..af79707d1 100644 --- a/src/libipsec/ipsec_processor.c +++ b/src/libipsec/ipsec_processor.c @@ -93,8 +93,8 @@ static job_requeue_t process_inbound(private_ipsec_processor_t *this) esp_packet_t *packet; ip_packet_t *ip_packet; ipsec_sa_t *sa; - u_int8_t next_header; - u_int32_t spi, reqid; + uint8_t next_header; + uint32_t spi, reqid; packet = (esp_packet_t*)this->inbound_queue->dequeue(this->inbound_queue); diff --git a/src/libipsec/ipsec_sa.c b/src/libipsec/ipsec_sa.c index ccbbb1b3c..ba020658b 100644 --- a/src/libipsec/ipsec_sa.c +++ b/src/libipsec/ipsec_sa.c @@ -36,7 +36,7 @@ struct private_ipsec_sa_t { /** * SPI of this SA */ - u_int32_t spi; + uint32_t spi; /** * Source address @@ -51,12 +51,12 @@ struct private_ipsec_sa_t { /** * Protocol */ - u_int8_t protocol; + uint8_t protocol; /** * Reqid of this SA */ - u_int32_t reqid; + uint32_t reqid; /** * Lifetime configuration @@ -90,9 +90,9 @@ struct private_ipsec_sa_t { /** last time of use */ time_t time; /** number of packets processed */ - u_int64_t packets; + uint64_t packets; /** number of bytes processed */ - u_int64_t bytes; + uint64_t bytes; } use; /** @@ -132,19 +132,19 @@ METHOD(ipsec_sa_t, set_destination, void, this->dst = addr->clone(addr); } -METHOD(ipsec_sa_t, get_spi, u_int32_t, +METHOD(ipsec_sa_t, get_spi, uint32_t, private_ipsec_sa_t *this) { return this->spi; } -METHOD(ipsec_sa_t, get_reqid, u_int32_t, +METHOD(ipsec_sa_t, get_reqid, uint32_t, private_ipsec_sa_t *this) { return this->reqid; } -METHOD(ipsec_sa_t, get_protocol, u_int8_t, +METHOD(ipsec_sa_t, get_protocol, uint8_t, private_ipsec_sa_t *this) { return this->protocol; @@ -169,7 +169,7 @@ METHOD(ipsec_sa_t, get_esp_context, esp_context_t*, } METHOD(ipsec_sa_t, get_usestats, void, - private_ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets, + private_ipsec_sa_t *this, uint64_t *bytes, uint64_t *packets, time_t *time) { if (bytes) @@ -210,7 +210,7 @@ METHOD(ipsec_sa_t, expire, void, } METHOD(ipsec_sa_t, update_usestats, void, - private_ipsec_sa_t *this, u_int32_t bytes) + private_ipsec_sa_t *this, uint32_t bytes) { this->use.time = time_monotonic(NULL); this->use.packets++; @@ -239,21 +239,21 @@ METHOD(ipsec_sa_t, update_usestats, void, } METHOD(ipsec_sa_t, match_by_spi_dst, bool, - private_ipsec_sa_t *this, u_int32_t spi, host_t *dst) + private_ipsec_sa_t *this, uint32_t spi, host_t *dst) { return this->spi == spi && this->dst->ip_equals(this->dst, dst) && !this->hard_expired; } METHOD(ipsec_sa_t, match_by_spi_src_dst, bool, - private_ipsec_sa_t *this, u_int32_t spi, host_t *src, host_t *dst) + private_ipsec_sa_t *this, uint32_t spi, host_t *src, host_t *dst) { return this->spi == spi && this->src->ip_equals(this->src, src) && this->dst->ip_equals(this->dst, dst); } METHOD(ipsec_sa_t, match_by_reqid, bool, - private_ipsec_sa_t *this, u_int32_t reqid, bool inbound) + private_ipsec_sa_t *this, uint32_t reqid, bool inbound) { return this->reqid == reqid && this->inbound == inbound && !this->hard_expired; @@ -271,11 +271,11 @@ METHOD(ipsec_sa_t, destroy, void, /** * Described in header. */ -ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, - u_int16_t ipcomp, u_int16_t cpi, bool encap, bool esn, bool inbound) +ipsec_sa_t *ipsec_sa_create(uint32_t spi, host_t *src, host_t *dst, + uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc, + lifetime_cfg_t *lifetime, uint16_t enc_alg, chunk_t enc_key, + uint16_t int_alg, chunk_t int_key, ipsec_mode_t mode, + uint16_t ipcomp, uint16_t cpi, bool encap, bool esn, bool inbound) { private_ipsec_sa_t *this; diff --git a/src/libipsec/ipsec_sa.h b/src/libipsec/ipsec_sa.h index 8dad29ac5..36fe48379 100644 --- a/src/libipsec/ipsec_sa.h +++ b/src/libipsec/ipsec_sa.h @@ -70,21 +70,21 @@ struct ipsec_sa_t { * * @return SPI of this SA */ - u_int32_t (*get_spi)(ipsec_sa_t *this); + uint32_t (*get_spi)(ipsec_sa_t *this); /** * Get the reqid of this SA * * @return reqid of this SA */ - u_int32_t (*get_reqid)(ipsec_sa_t *this); + uint32_t (*get_reqid)(ipsec_sa_t *this); /** * Get the protocol (e.g. IPPROTO_ESP) of this SA * * @return protocol of this SA */ - u_int8_t (*get_protocol)(ipsec_sa_t *this); + uint8_t (*get_protocol)(ipsec_sa_t *this); /** * Returns whether this SA is inbound or outbound @@ -116,7 +116,7 @@ struct ipsec_sa_t { * @param packets receives number of processed packets, or NULL * @param time receives last use time of this SA, or NULL */ - void (*get_usestats)(ipsec_sa_t *this, u_int64_t *bytes, u_int64_t *packets, + void (*get_usestats)(ipsec_sa_t *this, uint64_t *bytes, uint64_t *packets, time_t *time); /** @@ -124,7 +124,7 @@ struct ipsec_sa_t { * * @param bytes length of packet processed */ - void (*update_usestats)(ipsec_sa_t *this, u_int32_t bytes); + void (*update_usestats)(ipsec_sa_t *this, uint32_t bytes); /** * Expire this SA, soft or hard. @@ -145,7 +145,7 @@ struct ipsec_sa_t { * @param dst destination address * @return TRUE if this SA matches all parameters, FALSE otherwise */ - bool (*match_by_spi_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *dst); + bool (*match_by_spi_dst)(ipsec_sa_t *this, uint32_t spi, host_t *dst); /** * Check if this SA matches all given parameters @@ -155,7 +155,7 @@ struct ipsec_sa_t { * @param dst destination address * @return TRUE if this SA matches all parameters, FALSE otherwise */ - bool (*match_by_spi_src_dst)(ipsec_sa_t *this, u_int32_t spi, host_t *src, + bool (*match_by_spi_src_dst)(ipsec_sa_t *this, uint32_t spi, host_t *src, host_t *dst); /** @@ -167,7 +167,7 @@ struct ipsec_sa_t { * @param inbound TRUE for inbound SA, FALSE for outbound * @return TRUE if this SA matches all parameters, FALSE otherwise */ - bool (*match_by_reqid)(ipsec_sa_t *this, u_int32_t reqid, bool inbound); + bool (*match_by_reqid)(ipsec_sa_t *this, uint32_t reqid, bool inbound); /** * Destroy an ipsec_sa_t @@ -199,12 +199,12 @@ struct ipsec_sa_t { * @param inbound TRUE if this is an inbound SA, FALSE otherwise * @return the IPsec SA, or NULL if the creation failed */ -ipsec_sa_t *ipsec_sa_create(u_int32_t spi, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t reqid, mark_t mark, - u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, - ipsec_mode_t mode, u_int16_t ipcomp, u_int16_t cpi, +ipsec_sa_t *ipsec_sa_create(uint32_t spi, host_t *src, host_t *dst, + uint8_t protocol, uint32_t reqid, mark_t mark, + uint32_t tfc, lifetime_cfg_t *lifetime, + uint16_t enc_alg, chunk_t enc_key, + uint16_t int_alg, chunk_t int_key, + ipsec_mode_t mode, uint16_t ipcomp, uint16_t cpi, bool encap, bool esn, bool inbound); #endif /** IPSEC_SA_H_ @}*/ diff --git a/src/libipsec/ipsec_sa_mgr.c b/src/libipsec/ipsec_sa_mgr.c index 9d461f2c1..ec35c6ea3 100644 --- a/src/libipsec/ipsec_sa_mgr.c +++ b/src/libipsec/ipsec_sa_mgr.c @@ -109,19 +109,19 @@ typedef struct { /** * 0 if this is a hard expire, otherwise the offset in s (soft->hard) */ - u_int32_t hard_offset; + uint32_t hard_offset; } ipsec_sa_expired_t; /* * Used for the hash table of allocated SPIs */ -static bool spi_equals(u_int32_t *spi, u_int32_t *other_spi) +static bool spi_equals(uint32_t *spi, uint32_t *other_spi) { return *spi == *other_spi; } -static u_int spi_hash(u_int32_t *spi) +static u_int spi_hash(uint32_t *spi) { return chunk_hash(chunk_from_thing(*spi)); } @@ -237,26 +237,26 @@ static bool match_entry_by_sa_ptr(ipsec_sa_entry_t *item, ipsec_sa_t *sa) return item->sa == sa; } -static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, u_int32_t *spi, +static bool match_entry_by_spi_inbound(ipsec_sa_entry_t *item, uint32_t *spi, bool *inbound) { return item->sa->get_spi(item->sa) == *spi && item->sa->is_inbound(item->sa) == *inbound; } -static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, u_int32_t *spi, +static bool match_entry_by_spi_src_dst(ipsec_sa_entry_t *item, uint32_t *spi, host_t *src, host_t *dst) { return item->sa->match_by_spi_src_dst(item->sa, *spi, src, dst); } static bool match_entry_by_reqid_inbound(ipsec_sa_entry_t *item, - u_int32_t *reqid, bool *inbound) + uint32_t *reqid, bool *inbound) { return item->sa->match_by_reqid(item->sa, *reqid, *inbound); } -static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, u_int32_t *spi, +static bool match_entry_by_spi_dst(ipsec_sa_entry_t *item, uint32_t *spi, host_t *dst) { return item->sa->match_by_spi_dst(item->sa, *spi, dst); @@ -299,7 +299,7 @@ static job_requeue_t sa_expired(ipsec_sa_expired_t *expired) if (this->sas->find_first(this->sas, (void*)match_entry_by_ptr, NULL, expired->entry) == SUCCESS) { - u_int32_t hard_offset; + uint32_t hard_offset; hard_offset = expired->hard_offset; expired->entry->sa->expire(expired->entry->sa, hard_offset == 0); @@ -328,7 +328,7 @@ static void schedule_expiration(private_ipsec_sa_mgr_t *this, lifetime_cfg_t *lifetime = entry->sa->get_lifetime(entry->sa); ipsec_sa_expired_t *expired; callback_job_t *job; - u_int32_t timeout; + uint32_t timeout; if (!lifetime->time.life) { /* no expiration at all */ @@ -362,7 +362,7 @@ static void schedule_expiration(private_ipsec_sa_mgr_t *this, static void flush_allocated_spis(private_ipsec_sa_mgr_t *this) { enumerator_t *enumerator; - u_int32_t *current; + uint32_t *current; DBG2(DBG_ESP, "flushing allocated SPIs"); enumerator = this->allocated_spis->create_enumerator(this->allocated_spis); @@ -378,9 +378,9 @@ static void flush_allocated_spis(private_ipsec_sa_mgr_t *this) /** * Pre-allocate an SPI for an inbound SA */ -static bool allocate_spi(private_ipsec_sa_mgr_t *this, u_int32_t spi) +static bool allocate_spi(private_ipsec_sa_mgr_t *this, uint32_t spi) { - u_int32_t *spi_alloc; + uint32_t *spi_alloc; if (this->allocated_spis->get(this->allocated_spis, &spi) || this->sas->find_first(this->sas, (void*)match_entry_by_spi_inbound, @@ -388,17 +388,17 @@ static bool allocate_spi(private_ipsec_sa_mgr_t *this, u_int32_t spi) { return FALSE; } - spi_alloc = malloc_thing(u_int32_t); + spi_alloc = malloc_thing(uint32_t); *spi_alloc = spi; this->allocated_spis->put(this->allocated_spis, spi_alloc, spi_alloc); return TRUE; } METHOD(ipsec_sa_mgr_t, get_spi, status_t, - private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int8_t protocol, - u_int32_t *spi) + private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint8_t protocol, + uint32_t *spi) { - u_int32_t spi_new; + uint32_t spi_new; this->mutex->lock(this->mutex); if (!this->rng) @@ -415,7 +415,7 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t, do { if (!this->rng->get_bytes(this->rng, sizeof(spi_new), - (u_int8_t*)&spi_new)) + (uint8_t*)&spi_new)) { this->mutex->unlock(this->mutex); DBG1(DBG_ESP, "failed to allocate SPI"); @@ -435,11 +435,11 @@ METHOD(ipsec_sa_mgr_t, get_spi, status_t, } METHOD(ipsec_sa_mgr_t, add_sa, status_t, - private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int32_t reqid, mark_t mark, u_int32_t tfc, - lifetime_cfg_t *lifetime, u_int16_t enc_alg, chunk_t enc_key, - u_int16_t int_alg, chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool initiator, bool encap, bool esn, bool inbound, + private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint32_t spi, + uint8_t protocol, uint32_t reqid, mark_t mark, uint32_t tfc, + lifetime_cfg_t *lifetime, uint16_t enc_alg, chunk_t enc_key, + uint16_t int_alg, chunk_t int_key, ipsec_mode_t mode, uint16_t ipcomp, + uint16_t cpi, bool initiator, bool encap, bool esn, bool inbound, bool update) { ipsec_sa_entry_t *entry; @@ -465,7 +465,7 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t, if (update) { /* remove any pre-allocated SPIs */ - u_int32_t *spi_alloc; + uint32_t *spi_alloc; spi_alloc = this->allocated_spis->remove(this->allocated_spis, &spi); free(spi_alloc); @@ -489,8 +489,8 @@ METHOD(ipsec_sa_mgr_t, add_sa, status_t, } METHOD(ipsec_sa_mgr_t, update_sa, status_t, - private_ipsec_sa_mgr_t *this, u_int32_t spi, u_int8_t protocol, - u_int16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, + private_ipsec_sa_mgr_t *this, uint32_t spi, uint8_t protocol, + uint16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap, mark_t mark) { ipsec_sa_entry_t *entry = NULL; @@ -528,8 +528,8 @@ METHOD(ipsec_sa_mgr_t, update_sa, status_t, METHOD(ipsec_sa_mgr_t, query_sa, status_t, private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time) + uint32_t spi, uint8_t protocol, mark_t mark, + uint64_t *bytes, uint64_t *packets, time_t *time) { ipsec_sa_entry_t *entry = NULL; @@ -549,8 +549,8 @@ METHOD(ipsec_sa_mgr_t, query_sa, status_t, } METHOD(ipsec_sa_mgr_t, del_sa, status_t, - private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, u_int32_t spi, - u_int8_t protocol, u_int16_t cpi, mark_t mark) + private_ipsec_sa_mgr_t *this, host_t *src, host_t *dst, uint32_t spi, + uint8_t protocol, uint16_t cpi, mark_t mark) { ipsec_sa_entry_t *current, *found = NULL; enumerator_t *enumerator; @@ -583,7 +583,7 @@ METHOD(ipsec_sa_mgr_t, del_sa, status_t, } METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*, - private_ipsec_sa_mgr_t *this, u_int32_t reqid, bool inbound) + private_ipsec_sa_mgr_t *this, uint32_t reqid, bool inbound) { ipsec_sa_entry_t *entry; ipsec_sa_t *sa = NULL; @@ -600,7 +600,7 @@ METHOD(ipsec_sa_mgr_t, checkout_by_reqid, ipsec_sa_t*, } METHOD(ipsec_sa_mgr_t, checkout_by_spi, ipsec_sa_t*, - private_ipsec_sa_mgr_t *this, u_int32_t spi, host_t *dst) + private_ipsec_sa_mgr_t *this, uint32_t spi, host_t *dst) { ipsec_sa_entry_t *entry; ipsec_sa_t *sa = NULL; diff --git a/src/libipsec/ipsec_sa_mgr.h b/src/libipsec/ipsec_sa_mgr.h index a57eab4e7..708af1fda 100644 --- a/src/libipsec/ipsec_sa_mgr.h +++ b/src/libipsec/ipsec_sa_mgr.h @@ -49,7 +49,7 @@ struct ipsec_sa_mgr_t { * @return SUCCESS of operation successful */ status_t (*get_spi)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int8_t protocol, u_int32_t *spi); + uint8_t protocol, uint32_t *spi); /** * Add a new SA @@ -77,11 +77,11 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*add_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int32_t reqid, - mark_t mark, u_int32_t tfc, lifetime_cfg_t *lifetime, - u_int16_t enc_alg, chunk_t enc_key, u_int16_t int_alg, - chunk_t int_key, ipsec_mode_t mode, u_int16_t ipcomp, - u_int16_t cpi, bool initiator, bool encap, bool esn, + uint32_t spi, uint8_t protocol, uint32_t reqid, + mark_t mark, uint32_t tfc, lifetime_cfg_t *lifetime, + uint16_t enc_alg, chunk_t enc_key, uint16_t int_alg, + chunk_t int_key, ipsec_mode_t mode, uint16_t ipcomp, + uint16_t cpi, bool initiator, bool encap, bool esn, bool inbound, bool update); /** @@ -100,7 +100,7 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*update_sa)(ipsec_sa_mgr_t *this, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, + uint32_t spi, uint8_t protocol, uint16_t cpi, host_t *src, host_t *dst, host_t *new_src, host_t *new_dst, bool encap, bool new_encap, mark_t mark); @@ -119,8 +119,8 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*query_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, mark_t mark, - u_int64_t *bytes, u_int64_t *packets, time_t *time); + uint32_t spi, uint8_t protocol, mark_t mark, + uint64_t *bytes, uint64_t *packets, time_t *time); /** * Delete a previously added SA @@ -134,7 +134,7 @@ struct ipsec_sa_mgr_t { * @return SUCCESS if operation completed */ status_t (*del_sa)(ipsec_sa_mgr_t *this, host_t *src, host_t *dst, - u_int32_t spi, u_int8_t protocol, u_int16_t cpi, + uint32_t spi, uint8_t protocol, uint16_t cpi, mark_t mark); /** @@ -159,7 +159,7 @@ struct ipsec_sa_mgr_t { * @param dst destination address (e.g. of an inbound packet) * @return the matching IPsec SA, or NULL if none is found */ - ipsec_sa_t *(*checkout_by_spi)(ipsec_sa_mgr_t *this, u_int32_t spi, + ipsec_sa_t *(*checkout_by_spi)(ipsec_sa_mgr_t *this, uint32_t spi, host_t *dst); /** @@ -177,7 +177,7 @@ struct ipsec_sa_mgr_t { * @param inbound TRUE for an inbound SA, FALSE for an outbound SA * @return the matching IPsec SA, or NULL if none is found */ - ipsec_sa_t *(*checkout_by_reqid)(ipsec_sa_mgr_t *this, u_int32_t reqid, + ipsec_sa_t *(*checkout_by_reqid)(ipsec_sa_mgr_t *this, uint32_t reqid, bool inbound); /** diff --git a/src/libipsec/tests/Makefile.in b/src/libipsec/tests/Makefile.in index ebf6e7e93..db73e1fe0 100644 --- a/src/libipsec/tests/Makefile.in +++ b/src/libipsec/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = ipsec_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libipsec/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -196,12 +205,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -251,6 +262,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -285,6 +297,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -396,6 +409,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libipsec/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libipsec/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -866,6 +879,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libipsec/tests/suites/test_chapoly.c b/src/libipsec/tests/suites/test_chapoly.c index 31dc2ac7b..67099deb2 100644 --- a/src/libipsec/tests/suites/test_chapoly.c +++ b/src/libipsec/tests/suites/test_chapoly.c @@ -27,7 +27,7 @@ METHOD(aead_t, get_iv_gen, iv_gen_t*, } METHOD(iv_gen_t, get_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { if (size != 8) { @@ -38,7 +38,7 @@ METHOD(iv_gen_t, get_iv, bool, } METHOD(iv_gen_t, allocate_iv, bool, - iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { if (size != 8) { @@ -58,7 +58,7 @@ START_TEST(test_chapoly) esp_packet_t *esp; esp_context_t *ctx; chunk_t data, exp; - u_int32_t seq = 0; + uint32_t seq = 0; icmp = ip_packet_create(chunk_clone(chunk_from_chars( 0x45,0x00,0x00,0x54,0xa6,0xf2,0x00,0x00, diff --git a/src/libpttls/Makefile.in b/src/libpttls/Makefile.in index c4eb8b4a9..a4d4b332b 100644 --- a/src/libpttls/Makefile.in +++ b/src/libpttls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_TRUE@am__append_1 = -lws2_32 subdir = src/libpttls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -465,7 +479,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libpttls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libpttls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -798,6 +811,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libpttls/pt_tls.c b/src/libpttls/pt_tls.c index 3c1f874d7..01493f45c 100644 --- a/src/libpttls/pt_tls.c +++ b/src/libpttls/pt_tls.c @@ -17,6 +17,7 @@ #include <utils/debug.h> #include <pen/pen.h> + /** * Described in header. */ @@ -87,12 +88,12 @@ static bio_reader_t* read_tls(tls_socket_t *tls, size_t len) /** * Read a PT-TLS message, return header data */ -bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, - u_int32_t *type, u_int32_t *identifier) +bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor, + uint32_t *type, uint32_t *identifier) { bio_reader_t *reader; - u_int32_t len; - u_int8_t reserved; + uint32_t len; + uint8_t reserved; reader = read_tls(tls, PT_TLS_HEADER_LEN); if (!reader) @@ -135,7 +136,7 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, * Prepend a PT-TLS header to a writer, send data, destroy writer */ bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type, - u_int32_t identifier, chunk_t data) + uint32_t identifier, chunk_t data) { bio_writer_t *writer; chunk_t out; diff --git a/src/libpttls/pt_tls.h b/src/libpttls/pt_tls.h index b2f3198a4..2cee8e10f 100644 --- a/src/libpttls/pt_tls.h +++ b/src/libpttls/pt_tls.h @@ -105,8 +105,8 @@ enum pt_tls_auth_t { * @param identifier receives Message Identifer * @return reader over message value, NULL on error */ -bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, - u_int32_t *type, u_int32_t *identifier); +bio_reader_t* pt_tls_read(tls_socket_t *tls, uint32_t *vendor, + uint32_t *type, uint32_t *identifier); /** * Prepend a PT-TLS header to a writer, send data, destroy writer. @@ -118,7 +118,7 @@ bio_reader_t* pt_tls_read(tls_socket_t *tls, u_int32_t *vendor, * @return TRUE if data written successfully */ bool pt_tls_write(tls_socket_t *tls, pt_tls_message_type_t type, - u_int32_t identifier, chunk_t data); + uint32_t identifier, chunk_t data); /** * Dummy libpttls initialization function needed for integrity test diff --git a/src/libpttls/pt_tls_client.c b/src/libpttls/pt_tls_client.c index bd5b96f70..167918811 100644 --- a/src/libpttls/pt_tls_client.c +++ b/src/libpttls/pt_tls_client.c @@ -60,7 +60,7 @@ struct private_pt_tls_client_t { /** * Current PT-TLS message identifier */ - u_int32_t identifier; + uint32_t identifier; }; /** @@ -101,8 +101,8 @@ static bool negotiate_version(private_pt_tls_client_t *this) { bio_writer_t *writer; bio_reader_t *reader; - u_int32_t type, vendor, identifier, reserved; - u_int8_t version; + uint32_t type, vendor, identifier, reserved; + uint8_t version; bool res; DBG1(DBG_TNC, "sending offer for PT-TLS version %d", PT_TLS_VERSION); @@ -143,8 +143,8 @@ static bool negotiate_version(private_pt_tls_client_t *this) */ static status_t do_sasl(private_pt_tls_client_t *this, sasl_mechanism_t *sasl) { - u_int32_t type, vendor, identifier; - u_int8_t result; + uint32_t type, vendor, identifier; + uint8_t result; bio_reader_t *reader; bio_writer_t *writer; chunk_t data; @@ -277,8 +277,8 @@ static status_t select_and_do_sasl(private_pt_tls_client_t *this) { bio_reader_t *reader; sasl_mechanism_t *sasl = NULL; - u_int32_t type, vendor, identifier; - u_int8_t len; + uint32_t type, vendor, identifier; + uint8_t len; chunk_t chunk; char buf[21]; status_t status = NEED_MORE; @@ -364,7 +364,7 @@ static bool assess(private_pt_tls_client_t *this, tls_t *tnccs) size_t buflen = PT_TLS_MAX_MESSAGE_LEN; char buf[buflen]; bio_reader_t *reader; - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; chunk_t data; switch (tnccs->build(tnccs, buf, &buflen, &msglen)) diff --git a/src/libpttls/pt_tls_server.c b/src/libpttls/pt_tls_server.c index cedc2632c..a1c645319 100644 --- a/src/libpttls/pt_tls_server.c +++ b/src/libpttls/pt_tls_server.c @@ -55,7 +55,7 @@ struct private_pt_tls_server_t { /** * Message Identifier */ - u_int32_t identifier; + uint32_t identifier; /** * TNCCS protocol handler, implemented as tls_t @@ -71,8 +71,8 @@ static bool negotiate_version(private_pt_tls_server_t *this) { bio_reader_t *reader; bio_writer_t *writer; - u_int32_t vendor, type, identifier; - u_int8_t reserved, vmin, vmax, vpref; + uint32_t vendor, type, identifier; + uint8_t reserved, vmin, vmax, vpref; bool res; reader = pt_tls_read(this->tls, &vendor, &type, &identifier); @@ -161,7 +161,7 @@ static status_t process_sasl(private_pt_tls_server_t *this, static status_t read_sasl(private_pt_tls_server_t *this, sasl_mechanism_t *sasl) { - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; bio_reader_t *reader; status_t status; chunk_t data; @@ -260,11 +260,11 @@ static bool send_sasl_mechs(private_pt_tls_server_t *this) static status_t read_sasl_mech_selection(private_pt_tls_server_t *this, sasl_mechanism_t **out) { - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; sasl_mechanism_t *sasl; bio_reader_t *reader; chunk_t chunk; - u_int8_t len; + uint8_t len; char buf[21]; reader = pt_tls_read(this->tls, &vendor, &type, &identifier); @@ -406,7 +406,7 @@ static status_t assess(private_pt_tls_server_t *this, tls_t *tnccs) size_t buflen = PT_TLS_MAX_MESSAGE_LEN; char buf[buflen]; bio_reader_t *reader; - u_int32_t vendor, type, identifier; + uint32_t vendor, type, identifier; chunk_t data; status_t status; diff --git a/src/libradius/Makefile.in b/src/libradius/Makefile.in index 9b03099da..f5a5d1231 100644 --- a/src/libradius/Makefile.in +++ b/src/libradius/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libradius -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -196,12 +205,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -251,6 +262,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -285,6 +297,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -396,6 +409,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libradius/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libradius/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -762,6 +775,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libradius/radius_config.c b/src/libradius/radius_config.c index 663173411..521cd1dec 100644 --- a/src/libradius/radius_config.c +++ b/src/libradius/radius_config.c @@ -200,7 +200,7 @@ METHOD(radius_config_t, destroy, void, * See header */ radius_config_t *radius_config_create(char *name, char *address, - u_int16_t auth_port, u_int16_t acct_port, + uint16_t auth_port, uint16_t acct_port, char *nas_identifier, char *secret, int sockets, int preference, u_int tries, double timeout, double base) diff --git a/src/libradius/radius_config.h b/src/libradius/radius_config.h index c0ff057c8..c9a2f63bd 100644 --- a/src/libradius/radius_config.h +++ b/src/libradius/radius_config.h @@ -118,7 +118,7 @@ struct radius_config_t { * @param base base to calculate retransmission timeout */ radius_config_t *radius_config_create(char *name, char *address, - u_int16_t auth_port, u_int16_t acct_port, + uint16_t auth_port, uint16_t acct_port, char *nas_identifier, char *secret, int sockets, int preference, u_int tries, double timeout, double base); diff --git a/src/libradius/radius_message.c b/src/libradius/radius_message.c index 01c829841..9705d3b53 100644 --- a/src/libradius/radius_message.c +++ b/src/libradius/radius_message.c @@ -28,15 +28,15 @@ typedef struct rattr_t rattr_t; */ struct rmsg_t { /** message code, radius_message_code_t */ - u_int8_t code; + uint8_t code; /** message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of Code, Identifier, Length, Authenticator and Attributes */ - u_int16_t length; + uint16_t length; /** message authenticator, MD5 hash */ - u_int8_t authenticator[HASH_SIZE_MD5]; + uint8_t authenticator[HASH_SIZE_MD5]; /** variable list of packed attributes */ - u_int8_t attributes[]; + uint8_t attributes[]; } __attribute__((packed)); /** @@ -44,11 +44,11 @@ struct rmsg_t { */ struct rattr_t { /** attribute type, radius_attribute_type_t */ - u_int8_t type; + uint8_t type; /** length of the attriubte, including the Type, Length and Value fields */ - u_int8_t length; + uint8_t length; /** variable length attribute value */ - u_int8_t value[]; + uint8_t value[]; } __attribute__((packed)); /** @@ -293,7 +293,7 @@ typedef struct { /** inner attribute enumerator */ enumerator_t *inner; /** current vendor ID */ - u_int32_t vendor; + uint32_t vendor; /** reader for current vendor ID */ bio_reader_t *reader; } vendor_enumerator_t; @@ -303,7 +303,7 @@ METHOD(enumerator_t, vendor_enumerate, bool, { chunk_t inner_data; int inner_type; - u_int8_t type8, len; + uint8_t type8, len; while (TRUE) { @@ -449,7 +449,7 @@ METHOD(radius_message_t, crypt, bool, } METHOD(radius_message_t, sign, bool, - private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + private_radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth) { if (rng) @@ -516,7 +516,7 @@ METHOD(radius_message_t, sign, bool, } METHOD(radius_message_t, verify, bool, - private_radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + private_radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer) { char buf[HASH_SIZE_MD5], res_auth[HASH_SIZE_MD5]; @@ -606,19 +606,19 @@ METHOD(radius_message_t, get_code, radius_message_code_t, return this->msg->code; } -METHOD(radius_message_t, get_identifier, u_int8_t, +METHOD(radius_message_t, get_identifier, uint8_t, private_radius_message_t *this) { return this->msg->identifier; } METHOD(radius_message_t, set_identifier, void, - private_radius_message_t *this, u_int8_t identifier) + private_radius_message_t *this, uint8_t identifier) { this->msg->identifier = identifier; } -METHOD(radius_message_t, get_authenticator, u_int8_t*, +METHOD(radius_message_t, get_authenticator, uint8_t*, private_radius_message_t *this) { return this->msg->authenticator; diff --git a/src/libradius/radius_message.h b/src/libradius/radius_message.h index e6cb40b18..c72773312 100644 --- a/src/libradius/radius_message.h +++ b/src/libradius/radius_message.h @@ -241,21 +241,21 @@ struct radius_message_t { * * @return message identifier */ - u_int8_t (*get_identifier)(radius_message_t *this); + uint8_t (*get_identifier)(radius_message_t *this); /** * Set the message identifier. * * @param identifier message identifier */ - void (*set_identifier)(radius_message_t *this, u_int8_t identifier); + void (*set_identifier)(radius_message_t *this, uint8_t identifier); /** * Get the 16 byte authenticator. * * @return pointer to the Authenticator field */ - u_int8_t* (*get_authenticator)(radius_message_t *this); + uint8_t* (*get_authenticator)(radius_message_t *this); /** * Get the RADIUS message in its encoded form. @@ -275,7 +275,7 @@ struct radius_message_t { * @param msg_auth calculate and add Message-Authenticator * @return TRUE if signed successfully */ - bool (*sign)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + bool (*sign)(radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer, rng_t *rng, bool msg_auth); /** @@ -286,7 +286,7 @@ struct radius_message_t { * @param signer HMAC-MD5 signer with secret set * @param hasher MD5 hasher */ - bool (*verify)(radius_message_t *this, u_int8_t *req_auth, chunk_t secret, + bool (*verify)(radius_message_t *this, uint8_t *req_auth, chunk_t secret, hasher_t *hasher, signer_t *signer); /** diff --git a/src/libradius/radius_mppe.h b/src/libradius/radius_mppe.h index 1b7a732ec..5006ca9d0 100644 --- a/src/libradius/radius_mppe.h +++ b/src/libradius/radius_mppe.h @@ -30,11 +30,11 @@ typedef struct mppe_key_t mppe_key_t; struct mppe_key_t { - u_int32_t id; - u_int8_t type; - u_int8_t length; - u_int16_t salt; - u_int8_t key[]; + uint32_t id; + uint8_t type; + uint8_t length; + uint16_t salt; + uint8_t key[]; } __attribute__((packed)); #endif /** RADIUS_MPPE_H_ @}*/ diff --git a/src/libradius/radius_socket.c b/src/libradius/radius_socket.c index 065f2644e..115be79fb 100644 --- a/src/libradius/radius_socket.c +++ b/src/libradius/radius_socket.c @@ -60,7 +60,7 @@ struct private_radius_socket_t { /** * Server port for authentication */ - u_int16_t auth_port; + uint16_t auth_port; /** * socket file descriptor for authentication @@ -70,7 +70,7 @@ struct private_radius_socket_t { /** * Server port for accounting */ - u_int16_t acct_port; + uint16_t acct_port; /** * socket file descriptor for accounting @@ -85,7 +85,7 @@ struct private_radius_socket_t { /** * current RADIUS identifier */ - u_int8_t identifier; + uint8_t identifier; /** * hasher to use for response verification @@ -127,7 +127,7 @@ struct private_radius_socket_t { * Check or establish RADIUS connection */ static bool check_connection(private_radius_socket_t *this, - int *fd, u_int16_t port) + int *fd, uint16_t port) { if (*fd == -1) { @@ -166,7 +166,7 @@ static bool check_connection(private_radius_socket_t *this, /** * Receive the response to the message with the given ID */ -static status_t receive_response(int fd, int timeout, u_int8_t id, +static status_t receive_response(int fd, int timeout, uint8_t id, radius_message_t **response) { radius_message_t *msg; @@ -224,7 +224,7 @@ METHOD(radius_socket_t, request, radius_message_t*, radius_message_t *response; chunk_t data; int *fd, retransmit = 0, timeout; - u_int16_t port; + uint16_t port; rng_t *rng = NULL; if (request->get_code(request) == RMC_ACCOUNTING_REQUEST) @@ -299,7 +299,7 @@ METHOD(radius_socket_t, request, radius_message_t*, /** * Decrypt a MS-MPPE-Send/Recv-Key */ -static chunk_t decrypt_mppe_key(private_radius_socket_t *this, u_int16_t salt, +static chunk_t decrypt_mppe_key(private_radius_socket_t *this, uint16_t salt, chunk_t C, radius_message_t *request) { chunk_t decrypted; @@ -375,8 +375,8 @@ METHOD(radius_socket_t, destroy, void, /** * See header */ -radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port, - u_int16_t acct_port, chunk_t secret, +radius_socket_t *radius_socket_create(char *address, uint16_t auth_port, + uint16_t acct_port, chunk_t secret, u_int tries, double timeout, double base) { private_radius_socket_t *this; diff --git a/src/libradius/radius_socket.h b/src/libradius/radius_socket.h index 84b146a7d..acc6c368f 100644 --- a/src/libradius/radius_socket.h +++ b/src/libradius/radius_socket.h @@ -96,8 +96,8 @@ struct radius_socket_t { * @param timeout retransmission timeout * @param base base to calculate retransmission timeout */ -radius_socket_t *radius_socket_create(char *address, u_int16_t auth_port, - u_int16_t acct_port, chunk_t secret, +radius_socket_t *radius_socket_create(char *address, uint16_t auth_port, + uint16_t acct_port, chunk_t secret, u_int tries, double timeout, double base); #endif /** RADIUS_SOCKET_H_ @}*/ diff --git a/src/libsimaka/Makefile.in b/src/libsimaka/Makefile.in index e813eb085..a7bc8e321 100644 --- a/src/libsimaka/Makefile.in +++ b/src/libsimaka/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_TRUE@am__append_1 = -lws2_32 subdir = src/libsimaka -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +265,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +300,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +412,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libsimaka/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libsimaka/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -762,6 +775,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libsimaka/simaka_card.h b/src/libsimaka/simaka_card.h index 52cb32514..b705923f6 100644 --- a/src/libsimaka/simaka_card.h +++ b/src/libsimaka/simaka_card.h @@ -66,7 +66,7 @@ struct simaka_card_t { * @param ck buffer receiving encryption key ck * @param ik buffer receiving integrity key ik * @param res buffer receiving authentication result res - * @param res_len nubmer of bytes written to res buffer + * @param res_len number of bytes written to res buffer * @return SUCCESS, FAILED, or INVALID_STATE if out of sync */ status_t (*get_quintuplet)(simaka_card_t *this, identification_t *id, @@ -112,7 +112,7 @@ struct simaka_card_t { */ void (*set_reauth)(simaka_card_t *this, identification_t *id, identification_t *next, char mk[HASH_SIZE_SHA1], - u_int16_t counter); + uint16_t counter); /** * Retrieve parameters for fast reauthentication stored via set_reauth(). @@ -123,7 +123,7 @@ struct simaka_card_t { * @return fast reauthentication identity, NULL if not found */ identification_t* (*get_reauth)(simaka_card_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter); + char mk[HASH_SIZE_SHA1], uint16_t *counter); }; #endif /** SIMAKA_CARD_H_ @}*/ diff --git a/src/libsimaka/simaka_manager.c b/src/libsimaka/simaka_manager.c index e85dd660b..47f1f6f8a 100644 --- a/src/libsimaka/simaka_manager.c +++ b/src/libsimaka/simaka_manager.c @@ -207,7 +207,7 @@ METHOD(simaka_manager_t, card_get_pseudonym, identification_t*, METHOD(simaka_manager_t, card_set_reauth, void, private_simaka_manager_t *this, identification_t *id, identification_t *next, - char mk[HASH_SIZE_SHA1], u_int16_t counter) + char mk[HASH_SIZE_SHA1], uint16_t counter) { enumerator_t *enumerator; simaka_card_t *card; @@ -227,7 +227,7 @@ METHOD(simaka_manager_t, card_set_reauth, void, METHOD(simaka_manager_t, card_get_reauth, identification_t*, private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter) + uint16_t *counter) { enumerator_t *enumerator; simaka_card_t *card; @@ -393,7 +393,7 @@ METHOD(simaka_manager_t, provider_gen_pseudonym, identification_t*, METHOD(simaka_manager_t, provider_is_reauth, identification_t*, private_simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter) + uint16_t *counter) { enumerator_t *enumerator; simaka_provider_t *provider; diff --git a/src/libsimaka/simaka_manager.h b/src/libsimaka/simaka_manager.h index bdd50296e..b10d1659b 100644 --- a/src/libsimaka/simaka_manager.h +++ b/src/libsimaka/simaka_manager.h @@ -84,7 +84,7 @@ struct simaka_manager_t { * @param ck buffer receiving encryption key ck * @param ik buffer receiving integrity key ik * @param res buffer receiving authentication result res - * @param res_len nubmer of bytes written to res buffer + * @param res_len number of bytes written to res buffer * @return SUCCESS, FAILED, or INVALID_STATE if out of sync */ status_t (*card_get_quintuplet)(simaka_manager_t *this, identification_t *id, @@ -131,7 +131,7 @@ struct simaka_manager_t { */ void (*card_set_reauth)(simaka_manager_t *this, identification_t *id, identification_t *next, char mk[HASH_SIZE_SHA1], - u_int16_t counter); + uint16_t counter); /** * Retrieve fast reauthentication parameters from one of the registered cards. @@ -143,7 +143,7 @@ struct simaka_manager_t { */ identification_t* (*card_get_reauth)(simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter); + uint16_t *counter); /** * Register a triplet provider (server) at the manager. @@ -228,7 +228,7 @@ struct simaka_manager_t { */ identification_t* (*provider_is_reauth)(simaka_manager_t *this, identification_t *id, char mk[HASH_SIZE_SHA1], - u_int16_t *counter); + uint16_t *counter); /** * Generate a fast reauth id using one of the registered providers. diff --git a/src/libsimaka/simaka_message.c b/src/libsimaka/simaka_message.c index 7dd15480b..234d7ef2a 100644 --- a/src/libsimaka/simaka_message.c +++ b/src/libsimaka/simaka_message.c @@ -30,17 +30,17 @@ typedef struct attr_t attr_t; */ struct hdr_t { /** EAP code (REQUEST/RESPONSE) */ - u_int8_t code; + uint8_t code; /** unique message identifier */ - u_int8_t identifier; + uint8_t identifier; /** length of whole message */ - u_int16_t length; + uint16_t length; /** EAP type => EAP_SIM/EAP_AKA */ - u_int8_t type; + uint8_t type; /** SIM subtype */ - u_int8_t subtype; + uint8_t subtype; /** reserved bytes */ - u_int16_t reserved; + uint16_t reserved; } __attribute__((__packed__)); /** @@ -48,9 +48,9 @@ struct hdr_t { */ struct attr_hdr_t { /** attribute type */ - u_int8_t type; + uint8_t type; /** attibute length */ - u_int8_t length; + uint8_t length; } __attribute__((__packed__)); /** @@ -204,7 +204,7 @@ METHOD(simaka_message_t, is_request, bool, return this->hdr->code == EAP_REQUEST; } -METHOD(simaka_message_t, get_identifier, u_int8_t, +METHOD(simaka_message_t, get_identifier, uint8_t, private_simaka_message_t *this) { return this->hdr->identifier; @@ -366,7 +366,7 @@ static bool parse_attributes(private_simaka_message_t *this, chunk_t in) case AT_IDENTITY: case AT_VERSION_LIST: { - u_int16_t len; + uint16_t len; if (hdr->length < 1 || in.len < 4) { @@ -610,7 +610,7 @@ METHOD(simaka_message_t, generate, bool, chunk_t out, encr, data, *target, mac = chunk_empty; simaka_attribute_t type; attr_hdr_t *hdr; - u_int16_t len; + uint16_t len; signer_t *signer; call_hook(this, FALSE, TRUE); @@ -684,7 +684,7 @@ METHOD(simaka_message_t, generate, bool, case AT_VERSION_LIST: case AT_RES: { - u_int16_t len, padding; + uint16_t len, padding; len = htons(data.len); if (type == AT_RES) @@ -912,7 +912,7 @@ simaka_message_t *simaka_message_create_from_payload(chunk_t data, /** * See header. */ -simaka_message_t *simaka_message_create(bool request, u_int8_t identifier, +simaka_message_t *simaka_message_create(bool request, uint8_t identifier, eap_type_t type, simaka_subtype_t subtype, simaka_crypto_t *crypto) { diff --git a/src/libsimaka/simaka_message.h b/src/libsimaka/simaka_message.h index 9e2c7dea9..2393d3450 100644 --- a/src/libsimaka/simaka_message.h +++ b/src/libsimaka/simaka_message.h @@ -176,7 +176,7 @@ struct simaka_message_t { * * @return EAP message identifier */ - u_int8_t (*get_identifier)(simaka_message_t *this); + uint8_t (*get_identifier)(simaka_message_t *this); /** * Get the EAP type of the message. @@ -257,7 +257,7 @@ struct simaka_message_t { * @param crypto EAP-SIM/AKA crypto helper * @return empty message of requested kind, NULL on error */ -simaka_message_t *simaka_message_create(bool request, u_int8_t identifier, +simaka_message_t *simaka_message_create(bool request, uint8_t identifier, eap_type_t type, simaka_subtype_t subtype, simaka_crypto_t *crypto); diff --git a/src/libsimaka/simaka_provider.h b/src/libsimaka/simaka_provider.h index f1bf80049..ef1c73908 100644 --- a/src/libsimaka/simaka_provider.h +++ b/src/libsimaka/simaka_provider.h @@ -62,7 +62,7 @@ struct simaka_provider_t { * @param id permanent identity of peer to create challenge for * @param rand buffer receiving random value rand * @param xres buffer receiving expected authentication result xres - * @param xres_len nubmer of bytes written to xres buffer + * @param xres_len number of bytes written to xres buffer * @param ck buffer receiving encryption key ck * @param ik buffer receiving integrity key ik * @param autn authentication token autn @@ -112,7 +112,7 @@ struct simaka_provider_t { * @return permanent identity, NULL if id not a reauth identity */ identification_t* (*is_reauth)(simaka_provider_t *this, identification_t *id, - char mk[HASH_SIZE_SHA1], u_int16_t *counter); + char mk[HASH_SIZE_SHA1], uint16_t *counter); /** * Generate a fast reauthentication identity, associated to a master key. diff --git a/src/libstrongswan/Makefile.am b/src/libstrongswan/Makefile.am index 0bac61b44..9be93f1f8 100644 --- a/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am @@ -120,7 +120,9 @@ endif library.lo : $(top_builddir)/config.status -libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) $(BFDLIB) $(UNWINDLIB) +libstrongswan_la_LIBADD = \ + $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ + $(RTLIB) $(BFDLIB) $(UNWINDLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in index d88c96f03..d1b65bdb2 100644 --- a/src/libstrongswan/Makefile.in +++ b/src/libstrongswan/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -221,12 +231,6 @@ host_triplet = @host@ @MONOLITHIC_TRUE@@USE_TEST_VECTORS_TRUE@am__append_123 = plugins/test_vectors/libstrongswan-test-vectors.la @USE_BLISS_TRUE@am__append_124 = plugins/bliss/tests subdir = src/libstrongswan -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - settings/settings_parser.h settings/settings_parser.c \ - settings/settings_lexer.c $(top_srcdir)/depcomp \ - $(top_srcdir)/ylwrap \ - $(am__nobase_strongswan_include_HEADERS_DIST) \ - $(noinst_HEADERS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -240,6 +244,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am \ + $(am__nobase_strongswan_include_HEADERS_DIST) \ + $(noinst_HEADERS) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -280,26 +287,27 @@ libstrongswan_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_2) \ $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ - $(am__DEPENDENCIES_1) $(am__append_19) $(am__append_21) \ - $(am__append_23) $(am__append_25) $(am__append_27) \ - $(am__append_29) $(am__append_31) $(am__append_33) \ - $(am__append_35) $(am__append_37) $(am__append_39) \ - $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_47) $(am__append_49) $(am__append_51) \ - $(am__append_53) $(am__append_55) $(am__append_57) \ - $(am__append_59) $(am__append_61) $(am__append_63) \ - $(am__append_65) $(am__append_67) $(am__append_69) \ - $(am__append_71) $(am__append_73) $(am__append_75) \ - $(am__append_77) $(am__append_79) $(am__append_81) \ - $(am__append_83) $(am__append_85) $(am__append_87) \ - $(am__append_89) $(am__append_91) $(am__append_93) \ - $(am__append_95) $(am__append_97) $(am__append_99) \ - $(am__append_101) $(am__append_103) $(am__append_105) \ - $(am__append_107) $(am__append_109) $(am__append_111) \ - $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) $(am__append_123) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) $(am__append_19) \ + $(am__append_21) $(am__append_23) $(am__append_25) \ + $(am__append_27) $(am__append_29) $(am__append_31) \ + $(am__append_33) $(am__append_35) $(am__append_37) \ + $(am__append_39) $(am__append_41) $(am__append_43) \ + $(am__append_45) $(am__append_47) $(am__append_49) \ + $(am__append_51) $(am__append_53) $(am__append_55) \ + $(am__append_57) $(am__append_59) $(am__append_61) \ + $(am__append_63) $(am__append_65) $(am__append_67) \ + $(am__append_69) $(am__append_71) $(am__append_73) \ + $(am__append_75) $(am__append_77) $(am__append_79) \ + $(am__append_81) $(am__append_83) $(am__append_85) \ + $(am__append_87) $(am__append_89) $(am__append_91) \ + $(am__append_93) $(am__append_95) $(am__append_97) \ + $(am__append_99) $(am__append_101) $(am__append_103) \ + $(am__append_105) $(am__append_107) $(am__append_109) \ + $(am__append_111) $(am__append_113) $(am__append_115) \ + $(am__append_117) $(am__append_119) $(am__append_121) \ + $(am__append_123) am__libstrongswan_la_SOURCES_DIST = library.c asn1/asn1.c \ asn1/asn1_parser.c asn1/oid.c bio/bio_reader.c \ bio/bio_writer.c collections/blocking_queue.c \ @@ -632,6 +640,9 @@ DIST_SUBDIRS = . plugins/af_alg plugins/aes plugins/des \ plugins/chapoly plugins/ctr plugins/ccm plugins/gcm \ plugins/ntru plugins/bliss plugins/test_vectors tests \ plugins/bliss/tests +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ + $(top_srcdir)/ylwrap settings/settings_lexer.c \ + settings/settings_parser.c settings/settings_parser.h DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -663,6 +674,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -712,6 +724,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -746,6 +759,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -857,6 +871,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -1003,27 +1018,28 @@ settings/settings_types.h @USE_DEV_HEADERS_TRUE@utils/utils/string.h utils/utils/memory.h utils/utils/tty.h utils/utils/path.h \ @USE_DEV_HEADERS_TRUE@utils/utils/status.h utils/utils/object.h utils/utils/time.h utils/utils/align.h -libstrongswan_la_LIBADD = $(DLLIB) $(BTLIB) $(SOCKLIB) $(RTLIB) \ - $(BFDLIB) $(UNWINDLIB) $(am__append_2) $(am__append_4) \ - $(am__append_5) $(am__append_13) $(am__append_15) \ - $(am__append_17) $(am__append_19) $(am__append_21) \ - $(am__append_23) $(am__append_25) $(am__append_27) \ - $(am__append_29) $(am__append_31) $(am__append_33) \ - $(am__append_35) $(am__append_37) $(am__append_39) \ - $(am__append_41) $(am__append_43) $(am__append_45) \ - $(am__append_47) $(am__append_49) $(am__append_51) \ - $(am__append_53) $(am__append_55) $(am__append_57) \ - $(am__append_59) $(am__append_61) $(am__append_63) \ - $(am__append_65) $(am__append_67) $(am__append_69) \ - $(am__append_71) $(am__append_73) $(am__append_75) \ - $(am__append_77) $(am__append_79) $(am__append_81) \ - $(am__append_83) $(am__append_85) $(am__append_87) \ - $(am__append_89) $(am__append_91) $(am__append_93) \ - $(am__append_95) $(am__append_97) $(am__append_99) \ - $(am__append_101) $(am__append_103) $(am__append_105) \ - $(am__append_107) $(am__append_109) $(am__append_111) \ - $(am__append_113) $(am__append_115) $(am__append_117) \ - $(am__append_119) $(am__append_121) $(am__append_123) +libstrongswan_la_LIBADD = $(DLLIB) $(ATOMICLIB) $(BTLIB) $(SOCKLIB) \ + $(RTLIB) $(BFDLIB) $(UNWINDLIB) $(am__append_2) \ + $(am__append_4) $(am__append_5) $(am__append_13) \ + $(am__append_15) $(am__append_17) $(am__append_19) \ + $(am__append_21) $(am__append_23) $(am__append_25) \ + $(am__append_27) $(am__append_29) $(am__append_31) \ + $(am__append_33) $(am__append_35) $(am__append_37) \ + $(am__append_39) $(am__append_41) $(am__append_43) \ + $(am__append_45) $(am__append_47) $(am__append_49) \ + $(am__append_51) $(am__append_53) $(am__append_55) \ + $(am__append_57) $(am__append_59) $(am__append_61) \ + $(am__append_63) $(am__append_65) $(am__append_67) \ + $(am__append_69) $(am__append_71) $(am__append_73) \ + $(am__append_75) $(am__append_77) $(am__append_79) \ + $(am__append_81) $(am__append_83) $(am__append_85) \ + $(am__append_87) $(am__append_89) $(am__append_91) \ + $(am__append_93) $(am__append_95) $(am__append_97) \ + $(am__append_99) $(am__append_101) $(am__append_103) \ + $(am__append_105) $(am__append_107) $(am__append_109) \ + $(am__append_111) $(am__append_113) $(am__append_115) \ + $(am__append_117) $(am__append_119) $(am__append_121) \ + $(am__append_123) AM_CPPFLAGS = -I$(top_srcdir)/src/libstrongswan \ -DIPSEC_DIR=\"${ipsecdir}\" -DIPSEC_LIB_DIR=\"${ipseclibdir}\" \ -DPLUGINDIR=\"${plugindir}\" \ @@ -1124,7 +1140,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -2322,6 +2337,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ uninstall-ipseclibLTLIBRARIES \ uninstall-nobase_strongswan_includeHEADERS +.PRECIOUS: Makefile + library.lo : $(top_builddir)/config.status diff --git a/src/libstrongswan/asn1/asn1.c b/src/libstrongswan/asn1/asn1.c index 628bb99e6..2ee414abf 100644 --- a/src/libstrongswan/asn1/asn1.c +++ b/src/libstrongswan/asn1/asn1.c @@ -592,15 +592,15 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level, const c /* * Described in header */ -u_int64_t asn1_parse_integer_uint64(chunk_t blob) +uint64_t asn1_parse_integer_uint64(chunk_t blob) { - u_int64_t val = 0; + uint64_t val = 0; int i; for (i = 0; i < blob.len; i++) { /* if it is longer than 8 bytes, we just use the 8 LSBs */ val <<= 8; - val |= (u_int64_t)blob.ptr[i]; + val |= (uint64_t)blob.ptr[i]; } return val; } diff --git a/src/libstrongswan/asn1/asn1.h b/src/libstrongswan/asn1/asn1.h index 8ac005610..f0b3e17e8 100644 --- a/src/libstrongswan/asn1/asn1.h +++ b/src/libstrongswan/asn1/asn1.h @@ -172,13 +172,13 @@ bool asn1_parse_simple_object(chunk_t *object, asn1_t type, u_int level0, const char* name); /** - * Converts an ASN.1 INTEGER object to an u_int64_t. If the INTEGER is longer + * Converts an ASN.1 INTEGER object to an uint64_t. If the INTEGER is longer * than 8 bytes only the 8 LSBs are returned. * * @param blob body of an ASN.1 coded integer object * @return converted integer */ -u_int64_t asn1_parse_integer_uint64(chunk_t blob); +uint64_t asn1_parse_integer_uint64(chunk_t blob); /** * Print the value of an ASN.1 simple object diff --git a/src/libstrongswan/asn1/oid.c b/src/libstrongswan/asn1/oid.c index ed953d482..c23746e57 100644 --- a/src/libstrongswan/asn1/oid.c +++ b/src/libstrongswan/asn1/oid.c @@ -28,8 +28,8 @@ const oid_t oid_names[] = { { 0x01, 0, 1, 8, "pilotAttributeType" }, /* 15 */ { 0x01, 17, 0, 9, "UID" }, /* 16 */ { 0x19, 0, 0, 9, "DC" }, /* 17 */ - {0x55, 66, 1, 0, "X.500" }, /* 18 */ - { 0x04, 38, 1, 1, "X.509" }, /* 19 */ + {0x55, 67, 1, 0, "X.500" }, /* 18 */ + { 0x04, 39, 1, 1, "X.509" }, /* 19 */ { 0x03, 21, 0, 2, "CN" }, /* 20 */ { 0x04, 22, 0, 2, "S" }, /* 21 */ { 0x05, 23, 0, 2, "SN" }, /* 22 */ @@ -46,447 +46,448 @@ const oid_t oid_names[] = { { 0x2B, 34, 0, 2, "I" }, /* 33 */ { 0x2D, 35, 0, 2, "ID" }, /* 34 */ { 0x2E, 36, 0, 2, "dnQualifier" }, /* 35 */ - { 0x41, 37, 0, 2, "pseudonym" }, /* 36 */ - { 0x48, 0, 0, 2, "role" }, /* 37 */ - { 0x1D, 0, 1, 1, "id-ce" }, /* 38 */ - { 0x09, 40, 0, 2, "subjectDirectoryAttrs" }, /* 39 */ - { 0x0E, 41, 0, 2, "subjectKeyIdentifier" }, /* 40 */ - { 0x0F, 42, 0, 2, "keyUsage" }, /* 41 */ - { 0x10, 43, 0, 2, "privateKeyUsagePeriod" }, /* 42 */ - { 0x11, 44, 0, 2, "subjectAltName" }, /* 43 */ - { 0x12, 45, 0, 2, "issuerAltName" }, /* 44 */ - { 0x13, 46, 0, 2, "basicConstraints" }, /* 45 */ - { 0x14, 47, 0, 2, "crlNumber" }, /* 46 */ - { 0x15, 48, 0, 2, "reasonCode" }, /* 47 */ - { 0x17, 49, 0, 2, "holdInstructionCode" }, /* 48 */ - { 0x18, 50, 0, 2, "invalidityDate" }, /* 49 */ - { 0x1B, 51, 0, 2, "deltaCrlIndicator" }, /* 50 */ - { 0x1C, 52, 0, 2, "issuingDistributionPoint" }, /* 51 */ - { 0x1D, 53, 0, 2, "certificateIssuer" }, /* 52 */ - { 0x1E, 54, 0, 2, "nameConstraints" }, /* 53 */ - { 0x1F, 55, 0, 2, "crlDistributionPoints" }, /* 54 */ - { 0x20, 57, 1, 2, "certificatePolicies" }, /* 55 */ - { 0x00, 0, 0, 3, "anyPolicy" }, /* 56 */ - { 0x21, 58, 0, 2, "policyMappings" }, /* 57 */ - { 0x23, 59, 0, 2, "authorityKeyIdentifier" }, /* 58 */ - { 0x24, 60, 0, 2, "policyConstraints" }, /* 59 */ - { 0x25, 62, 1, 2, "extendedKeyUsage" }, /* 60 */ - { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 61 */ - { 0x2E, 63, 0, 2, "freshestCRL" }, /* 62 */ - { 0x36, 64, 0, 2, "inhibitAnyPolicy" }, /* 63 */ - { 0x37, 65, 0, 2, "targetInformation" }, /* 64 */ - { 0x38, 0, 0, 2, "noRevAvail" }, /* 65 */ - {0x2A, 190, 1, 0, "" }, /* 66 */ - { 0x83, 79, 1, 1, "" }, /* 67 */ - { 0x08, 0, 1, 2, "jp" }, /* 68 */ - { 0x8C, 0, 1, 3, "" }, /* 69 */ - { 0x9A, 0, 1, 4, "" }, /* 70 */ - { 0x4B, 0, 1, 5, "" }, /* 71 */ - { 0x3D, 0, 1, 6, "" }, /* 72 */ - { 0x01, 0, 1, 7, "security" }, /* 73 */ - { 0x01, 0, 1, 8, "algorithm" }, /* 74 */ - { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 75 */ - { 0x02, 77, 0, 10, "camellia128-cbc" }, /* 76 */ - { 0x03, 78, 0, 10, "camellia192-cbc" }, /* 77 */ - { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 78 */ - { 0x86, 0, 1, 1, "" }, /* 79 */ - { 0x48, 0, 1, 2, "us" }, /* 80 */ - { 0x86, 149, 1, 3, "" }, /* 81 */ - { 0xF6, 87, 1, 4, "" }, /* 82 */ - { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 83 */ - { 0x07, 0, 1, 6, "Entrust" }, /* 84 */ - { 0x41, 0, 1, 7, "nsn-ce" }, /* 85 */ - { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 86 */ - { 0xF7, 0, 1, 4, "" }, /* 87 */ - { 0x0D, 0, 1, 5, "RSADSI" }, /* 88 */ - { 0x01, 144, 1, 6, "PKCS" }, /* 89 */ - { 0x01, 102, 1, 7, "PKCS-1" }, /* 90 */ - { 0x01, 92, 0, 8, "rsaEncryption" }, /* 91 */ - { 0x02, 93, 0, 8, "md2WithRSAEncryption" }, /* 92 */ - { 0x04, 94, 0, 8, "md5WithRSAEncryption" }, /* 93 */ - { 0x05, 95, 0, 8, "sha-1WithRSAEncryption" }, /* 94 */ - { 0x07, 96, 0, 8, "id-RSAES-OAEP" }, /* 95 */ - { 0x08, 97, 0, 8, "id-mgf1" }, /* 96 */ - { 0x09, 98, 0, 8, "id-pSpecified" }, /* 97 */ - { 0x0B, 99, 0, 8, "sha256WithRSAEncryption" }, /* 98 */ - { 0x0C, 100, 0, 8, "sha384WithRSAEncryption" }, /* 99 */ - { 0x0D, 101, 0, 8, "sha512WithRSAEncryption" }, /* 100 */ - { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 101 */ - { 0x05, 107, 1, 7, "PKCS-5" }, /* 102 */ - { 0x03, 104, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 103 */ - { 0x0A, 105, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 104 */ - { 0x0C, 106, 0, 8, "id-PBKDF2" }, /* 105 */ - { 0x0D, 0, 0, 8, "id-PBES2" }, /* 106 */ - { 0x07, 114, 1, 7, "PKCS-7" }, /* 107 */ - { 0x01, 109, 0, 8, "data" }, /* 108 */ - { 0x02, 110, 0, 8, "signedData" }, /* 109 */ - { 0x03, 111, 0, 8, "envelopedData" }, /* 110 */ - { 0x04, 112, 0, 8, "signedAndEnvelopedData" }, /* 111 */ - { 0x05, 113, 0, 8, "digestedData" }, /* 112 */ - { 0x06, 0, 0, 8, "encryptedData" }, /* 113 */ - { 0x09, 128, 1, 7, "PKCS-9" }, /* 114 */ - { 0x01, 116, 0, 8, "E" }, /* 115 */ - { 0x02, 117, 0, 8, "unstructuredName" }, /* 116 */ - { 0x03, 118, 0, 8, "contentType" }, /* 117 */ - { 0x04, 119, 0, 8, "messageDigest" }, /* 118 */ - { 0x05, 120, 0, 8, "signingTime" }, /* 119 */ - { 0x06, 121, 0, 8, "counterSignature" }, /* 120 */ - { 0x07, 122, 0, 8, "challengePassword" }, /* 121 */ - { 0x08, 123, 0, 8, "unstructuredAddress" }, /* 122 */ - { 0x0E, 124, 0, 8, "extensionRequest" }, /* 123 */ - { 0x0F, 125, 0, 8, "S/MIME Capabilities" }, /* 124 */ - { 0x16, 0, 1, 8, "certTypes" }, /* 125 */ - { 0x01, 127, 0, 9, "X.509" }, /* 126 */ - { 0x02, 0, 0, 9, "SDSI" }, /* 127 */ - { 0x0c, 0, 1, 7, "PKCS-12" }, /* 128 */ - { 0x01, 136, 1, 8, "pbeIds" }, /* 129 */ - { 0x01, 131, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 130 */ - { 0x02, 132, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 131 */ - { 0x03, 133, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 132 */ - { 0x04, 134, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 133 */ - { 0x05, 135, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 134 */ - { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 135 */ - { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 136 */ - { 0x01, 0, 1, 9, "bagIds" }, /* 137 */ - { 0x01, 139, 0, 10, "keyBag" }, /* 138 */ - { 0x02, 140, 0, 10, "pkcs8ShroudedKeyBag" }, /* 139 */ - { 0x03, 141, 0, 10, "certBag" }, /* 140 */ - { 0x04, 142, 0, 10, "crlBag" }, /* 141 */ - { 0x05, 143, 0, 10, "secretBag" }, /* 142 */ - { 0x06, 0, 0, 10, "safeContentsBag" }, /* 143 */ - { 0x02, 147, 1, 6, "digestAlgorithm" }, /* 144 */ - { 0x02, 146, 0, 7, "md2" }, /* 145 */ - { 0x05, 0, 0, 7, "md5" }, /* 146 */ - { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 147 */ - { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 148 */ - { 0xCE, 0, 1, 3, "" }, /* 149 */ - { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 150 */ - { 0x02, 153, 1, 5, "id-publicKeyType" }, /* 151 */ - { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 152 */ - { 0x03, 183, 1, 5, "ellipticCurve" }, /* 153 */ - { 0x00, 175, 1, 6, "c-TwoCurve" }, /* 154 */ - { 0x01, 156, 0, 7, "c2pnb163v1" }, /* 155 */ - { 0x02, 157, 0, 7, "c2pnb163v2" }, /* 156 */ - { 0x03, 158, 0, 7, "c2pnb163v3" }, /* 157 */ - { 0x04, 159, 0, 7, "c2pnb176w1" }, /* 158 */ - { 0x05, 160, 0, 7, "c2tnb191v1" }, /* 159 */ - { 0x06, 161, 0, 7, "c2tnb191v2" }, /* 160 */ - { 0x07, 162, 0, 7, "c2tnb191v3" }, /* 161 */ - { 0x08, 163, 0, 7, "c2onb191v4" }, /* 162 */ - { 0x09, 164, 0, 7, "c2onb191v5" }, /* 163 */ - { 0x0A, 165, 0, 7, "c2pnb208w1" }, /* 164 */ - { 0x0B, 166, 0, 7, "c2tnb239v1" }, /* 165 */ - { 0x0C, 167, 0, 7, "c2tnb239v2" }, /* 166 */ - { 0x0D, 168, 0, 7, "c2tnb239v3" }, /* 167 */ - { 0x0E, 169, 0, 7, "c2onb239v4" }, /* 168 */ - { 0x0F, 170, 0, 7, "c2onb239v5" }, /* 169 */ - { 0x10, 171, 0, 7, "c2pnb272w1" }, /* 170 */ - { 0x11, 172, 0, 7, "c2pnb304w1" }, /* 171 */ - { 0x12, 173, 0, 7, "c2tnb359v1" }, /* 172 */ - { 0x13, 174, 0, 7, "c2pnb368w1" }, /* 173 */ - { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 174 */ - { 0x01, 0, 1, 6, "primeCurve" }, /* 175 */ - { 0x01, 177, 0, 7, "prime192v1" }, /* 176 */ - { 0x02, 178, 0, 7, "prime192v2" }, /* 177 */ - { 0x03, 179, 0, 7, "prime192v3" }, /* 178 */ - { 0x04, 180, 0, 7, "prime239v1" }, /* 179 */ - { 0x05, 181, 0, 7, "prime239v2" }, /* 180 */ - { 0x06, 182, 0, 7, "prime239v3" }, /* 181 */ - { 0x07, 0, 0, 7, "prime256v1" }, /* 182 */ - { 0x04, 0, 1, 5, "id-ecSigType" }, /* 183 */ - { 0x01, 185, 0, 6, "ecdsa-with-SHA1" }, /* 184 */ - { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 185 */ - { 0x01, 187, 0, 7, "ecdsa-with-SHA224" }, /* 186 */ - { 0x02, 188, 0, 7, "ecdsa-with-SHA256" }, /* 187 */ - { 0x03, 189, 0, 7, "ecdsa-with-SHA384" }, /* 188 */ - { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 189 */ - {0x2B, 417, 1, 0, "" }, /* 190 */ - { 0x06, 331, 1, 1, "dod" }, /* 191 */ - { 0x01, 0, 1, 2, "internet" }, /* 192 */ - { 0x04, 282, 1, 3, "private" }, /* 193 */ - { 0x01, 0, 1, 4, "enterprise" }, /* 194 */ - { 0x82, 232, 1, 5, "" }, /* 195 */ - { 0x37, 208, 1, 6, "Microsoft" }, /* 196 */ - { 0x0A, 201, 1, 7, "" }, /* 197 */ - { 0x03, 0, 1, 8, "" }, /* 198 */ - { 0x03, 200, 0, 9, "msSGC" }, /* 199 */ - { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 200 */ - { 0x14, 205, 1, 7, "msEnrollmentInfrastructure" }, /* 201 */ - { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 202 */ - { 0x02, 204, 0, 9, "msSmartcardLogon" }, /* 203 */ - { 0x03, 0, 0, 9, "msUPN" }, /* 204 */ - { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 205 */ - { 0x07, 207, 0, 8, "msCertTemplate" }, /* 206 */ - { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 207 */ - { 0xA0, 0, 1, 6, "" }, /* 208 */ - { 0x2A, 0, 1, 7, "ITA" }, /* 209 */ - { 0x01, 211, 0, 8, "strongSwan" }, /* 210 */ - { 0x02, 212, 0, 8, "cps" }, /* 211 */ - { 0x03, 213, 0, 8, "e-voting" }, /* 212 */ - { 0x05, 0, 1, 8, "BLISS" }, /* 213 */ - { 0x01, 216, 1, 9, "keyType" }, /* 214 */ - { 0x01, 0, 0, 10, "blissPublicKey" }, /* 215 */ - { 0x02, 225, 1, 9, "parameters" }, /* 216 */ - { 0x01, 218, 0, 10, "BLISS-I" }, /* 217 */ - { 0x02, 219, 0, 10, "BLISS-II" }, /* 218 */ - { 0x03, 220, 0, 10, "BLISS-III" }, /* 219 */ - { 0x04, 221, 0, 10, "BLISS-IV" }, /* 220 */ - { 0x05, 222, 0, 10, "BLISS-B-I" }, /* 221 */ - { 0x06, 223, 0, 10, "BLISS-B-II" }, /* 222 */ - { 0x07, 224, 0, 10, "BLISS-B-III" }, /* 223 */ - { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 224 */ - { 0x03, 0, 1, 9, "blissSigType" }, /* 225 */ - { 0x01, 227, 0, 10, "BLISS-with-SHA2-512" }, /* 226 */ - { 0x02, 228, 0, 10, "BLISS-with-SHA2-384" }, /* 227 */ - { 0x03, 229, 0, 10, "BLISS-with-SHA2-256" }, /* 228 */ - { 0x04, 230, 0, 10, "BLISS-with-SHA3-512" }, /* 229 */ - { 0x05, 231, 0, 10, "BLISS-with-SHA3-384" }, /* 230 */ - { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 231 */ - { 0x89, 239, 1, 5, "" }, /* 232 */ - { 0x31, 0, 1, 6, "" }, /* 233 */ - { 0x01, 0, 1, 7, "" }, /* 234 */ - { 0x01, 0, 1, 8, "" }, /* 235 */ - { 0x02, 0, 1, 9, "" }, /* 236 */ - { 0x02, 0, 1, 10, "" }, /* 237 */ - { 0x4B, 0, 0, 11, "TCGID" }, /* 238 */ - { 0x97, 243, 1, 5, "" }, /* 239 */ - { 0x55, 0, 1, 6, "" }, /* 240 */ - { 0x01, 0, 1, 7, "" }, /* 241 */ - { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 242 */ - { 0xC1, 0, 1, 5, "" }, /* 243 */ - { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 244 */ - { 0x01, 0, 1, 7, "eess" }, /* 245 */ - { 0x01, 0, 1, 8, "eess1" }, /* 246 */ - { 0x01, 251, 1, 9, "eess1-algs" }, /* 247 */ - { 0x01, 249, 0, 10, "ntru-EESS1v1-SVES" }, /* 248 */ - { 0x02, 250, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 249 */ - { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 250 */ - { 0x02, 281, 1, 9, "eess1-params" }, /* 251 */ - { 0x01, 253, 0, 10, "ees251ep1" }, /* 252 */ - { 0x02, 254, 0, 10, "ees347ep1" }, /* 253 */ - { 0x03, 255, 0, 10, "ees503ep1" }, /* 254 */ - { 0x07, 256, 0, 10, "ees251sp2" }, /* 255 */ - { 0x0C, 257, 0, 10, "ees251ep4" }, /* 256 */ - { 0x0D, 258, 0, 10, "ees251ep5" }, /* 257 */ - { 0x0E, 259, 0, 10, "ees251sp3" }, /* 258 */ - { 0x0F, 260, 0, 10, "ees251sp4" }, /* 259 */ - { 0x10, 261, 0, 10, "ees251sp5" }, /* 260 */ - { 0x11, 262, 0, 10, "ees251sp6" }, /* 261 */ - { 0x12, 263, 0, 10, "ees251sp7" }, /* 262 */ - { 0x13, 264, 0, 10, "ees251sp8" }, /* 263 */ - { 0x14, 265, 0, 10, "ees251sp9" }, /* 264 */ - { 0x22, 266, 0, 10, "ees401ep1" }, /* 265 */ - { 0x23, 267, 0, 10, "ees449ep1" }, /* 266 */ - { 0x24, 268, 0, 10, "ees677ep1" }, /* 267 */ - { 0x25, 269, 0, 10, "ees1087ep2" }, /* 268 */ - { 0x26, 270, 0, 10, "ees541ep1" }, /* 269 */ - { 0x27, 271, 0, 10, "ees613ep1" }, /* 270 */ - { 0x28, 272, 0, 10, "ees887ep1" }, /* 271 */ - { 0x29, 273, 0, 10, "ees1171ep1" }, /* 272 */ - { 0x2A, 274, 0, 10, "ees659ep1" }, /* 273 */ - { 0x2B, 275, 0, 10, "ees761ep1" }, /* 274 */ - { 0x2C, 276, 0, 10, "ees1087ep1" }, /* 275 */ - { 0x2D, 277, 0, 10, "ees1499ep1" }, /* 276 */ - { 0x2E, 278, 0, 10, "ees401ep2" }, /* 277 */ - { 0x2F, 279, 0, 10, "ees439ep1" }, /* 278 */ - { 0x30, 280, 0, 10, "ees593ep1" }, /* 279 */ - { 0x31, 0, 0, 10, "ees743ep1" }, /* 280 */ - { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 281 */ - { 0x05, 0, 1, 3, "security" }, /* 282 */ - { 0x05, 0, 1, 4, "mechanisms" }, /* 283 */ - { 0x07, 328, 1, 5, "id-pkix" }, /* 284 */ - { 0x01, 289, 1, 6, "id-pe" }, /* 285 */ - { 0x01, 287, 0, 7, "authorityInfoAccess" }, /* 286 */ - { 0x03, 288, 0, 7, "qcStatements" }, /* 287 */ - { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 288 */ - { 0x02, 292, 1, 6, "id-qt" }, /* 289 */ - { 0x01, 291, 0, 7, "cps" }, /* 290 */ - { 0x02, 0, 0, 7, "unotice" }, /* 291 */ - { 0x03, 302, 1, 6, "id-kp" }, /* 292 */ - { 0x01, 294, 0, 7, "serverAuth" }, /* 293 */ - { 0x02, 295, 0, 7, "clientAuth" }, /* 294 */ - { 0x03, 296, 0, 7, "codeSigning" }, /* 295 */ - { 0x04, 297, 0, 7, "emailProtection" }, /* 296 */ - { 0x05, 298, 0, 7, "ipsecEndSystem" }, /* 297 */ - { 0x06, 299, 0, 7, "ipsecTunnel" }, /* 298 */ - { 0x07, 300, 0, 7, "ipsecUser" }, /* 299 */ - { 0x08, 301, 0, 7, "timeStamping" }, /* 300 */ - { 0x09, 0, 0, 7, "ocspSigning" }, /* 301 */ - { 0x08, 310, 1, 6, "id-otherNames" }, /* 302 */ - { 0x01, 304, 0, 7, "personalData" }, /* 303 */ - { 0x02, 305, 0, 7, "userGroup" }, /* 304 */ - { 0x03, 306, 0, 7, "id-on-permanentIdentifier" }, /* 305 */ - { 0x04, 307, 0, 7, "id-on-hardwareModuleName" }, /* 306 */ - { 0x05, 308, 0, 7, "xmppAddr" }, /* 307 */ - { 0x06, 309, 0, 7, "id-on-SIM" }, /* 308 */ - { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 309 */ - { 0x0A, 315, 1, 6, "id-aca" }, /* 310 */ - { 0x01, 312, 0, 7, "authenticationInfo" }, /* 311 */ - { 0x02, 313, 0, 7, "accessIdentity" }, /* 312 */ - { 0x03, 314, 0, 7, "chargingIdentity" }, /* 313 */ - { 0x04, 0, 0, 7, "group" }, /* 314 */ - { 0x0B, 316, 0, 6, "subjectInfoAccess" }, /* 315 */ - { 0x30, 0, 1, 6, "id-ad" }, /* 316 */ - { 0x01, 325, 1, 7, "ocsp" }, /* 317 */ - { 0x01, 319, 0, 8, "basic" }, /* 318 */ - { 0x02, 320, 0, 8, "nonce" }, /* 319 */ - { 0x03, 321, 0, 8, "crl" }, /* 320 */ - { 0x04, 322, 0, 8, "response" }, /* 321 */ - { 0x05, 323, 0, 8, "noCheck" }, /* 322 */ - { 0x06, 324, 0, 8, "archiveCutoff" }, /* 323 */ - { 0x07, 0, 0, 8, "serviceLocator" }, /* 324 */ - { 0x02, 326, 0, 7, "caIssuers" }, /* 325 */ - { 0x03, 327, 0, 7, "timeStamping" }, /* 326 */ - { 0x05, 0, 0, 7, "caRepository" }, /* 327 */ - { 0x08, 0, 1, 5, "ipsec" }, /* 328 */ - { 0x02, 0, 1, 6, "certificate" }, /* 329 */ - { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 330 */ - { 0x0E, 337, 1, 1, "oiw" }, /* 331 */ - { 0x03, 0, 1, 2, "secsig" }, /* 332 */ - { 0x02, 0, 1, 3, "algorithms" }, /* 333 */ - { 0x07, 335, 0, 4, "des-cbc" }, /* 334 */ - { 0x1A, 336, 0, 4, "sha-1" }, /* 335 */ - { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 336 */ - { 0x24, 383, 1, 1, "TeleTrusT" }, /* 337 */ - { 0x03, 0, 1, 2, "algorithm" }, /* 338 */ - { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 339 */ - { 0x01, 344, 1, 4, "rsaSignature" }, /* 340 */ - { 0x02, 342, 0, 5, "rsaSigWithripemd160" }, /* 341 */ - { 0x03, 343, 0, 5, "rsaSigWithripemd128" }, /* 342 */ - { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 343 */ - { 0x02, 0, 1, 4, "ecSign" }, /* 344 */ - { 0x01, 346, 0, 5, "ecSignWithsha1" }, /* 345 */ - { 0x02, 347, 0, 5, "ecSignWithripemd160" }, /* 346 */ - { 0x03, 348, 0, 5, "ecSignWithmd2" }, /* 347 */ - { 0x04, 349, 0, 5, "ecSignWithmd5" }, /* 348 */ - { 0x05, 366, 1, 5, "ttt-ecg" }, /* 349 */ - { 0x01, 354, 1, 6, "fieldType" }, /* 350 */ - { 0x01, 0, 1, 7, "characteristictwoField" }, /* 351 */ - { 0x01, 0, 1, 8, "basisType" }, /* 352 */ - { 0x01, 0, 0, 9, "ipBasis" }, /* 353 */ - { 0x02, 356, 1, 6, "keyType" }, /* 354 */ - { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 355 */ - { 0x03, 357, 0, 6, "curve" }, /* 356 */ - { 0x04, 364, 1, 6, "signatures" }, /* 357 */ - { 0x01, 359, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 358 */ - { 0x02, 360, 0, 7, "ecgdsa-with-SHA1" }, /* 359 */ - { 0x03, 361, 0, 7, "ecgdsa-with-SHA224" }, /* 360 */ - { 0x04, 362, 0, 7, "ecgdsa-with-SHA256" }, /* 361 */ - { 0x05, 363, 0, 7, "ecgdsa-with-SHA384" }, /* 362 */ - { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 363 */ - { 0x05, 0, 1, 6, "module" }, /* 364 */ - { 0x01, 0, 0, 7, "1" }, /* 365 */ - { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 366 */ - { 0x01, 0, 1, 6, "ellipticCurve" }, /* 367 */ - { 0x01, 0, 1, 7, "versionOne" }, /* 368 */ - { 0x01, 370, 0, 8, "brainpoolP160r1" }, /* 369 */ - { 0x02, 371, 0, 8, "brainpoolP160t1" }, /* 370 */ - { 0x03, 372, 0, 8, "brainpoolP192r1" }, /* 371 */ - { 0x04, 373, 0, 8, "brainpoolP192t1" }, /* 372 */ - { 0x05, 374, 0, 8, "brainpoolP224r1" }, /* 373 */ - { 0x06, 375, 0, 8, "brainpoolP224t1" }, /* 374 */ - { 0x07, 376, 0, 8, "brainpoolP256r1" }, /* 375 */ - { 0x08, 377, 0, 8, "brainpoolP256t1" }, /* 376 */ - { 0x09, 378, 0, 8, "brainpoolP320r1" }, /* 377 */ - { 0x0A, 379, 0, 8, "brainpoolP320t1" }, /* 378 */ - { 0x0B, 380, 0, 8, "brainpoolP384r1" }, /* 379 */ - { 0x0C, 381, 0, 8, "brainpoolP384t1" }, /* 380 */ - { 0x0D, 382, 0, 8, "brainpoolP512r1" }, /* 381 */ - { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 382 */ - { 0x81, 0, 1, 1, "" }, /* 383 */ - { 0x04, 0, 1, 2, "Certicom" }, /* 384 */ - { 0x00, 0, 1, 3, "curve" }, /* 385 */ - { 0x01, 387, 0, 4, "sect163k1" }, /* 386 */ - { 0x02, 388, 0, 4, "sect163r1" }, /* 387 */ - { 0x03, 389, 0, 4, "sect239k1" }, /* 388 */ - { 0x04, 390, 0, 4, "sect113r1" }, /* 389 */ - { 0x05, 391, 0, 4, "sect113r2" }, /* 390 */ - { 0x06, 392, 0, 4, "secp112r1" }, /* 391 */ - { 0x07, 393, 0, 4, "secp112r2" }, /* 392 */ - { 0x08, 394, 0, 4, "secp160r1" }, /* 393 */ - { 0x09, 395, 0, 4, "secp160k1" }, /* 394 */ - { 0x0A, 396, 0, 4, "secp256k1" }, /* 395 */ - { 0x0F, 397, 0, 4, "sect163r2" }, /* 396 */ - { 0x10, 398, 0, 4, "sect283k1" }, /* 397 */ - { 0x11, 399, 0, 4, "sect283r1" }, /* 398 */ - { 0x16, 400, 0, 4, "sect131r1" }, /* 399 */ - { 0x17, 401, 0, 4, "sect131r2" }, /* 400 */ - { 0x18, 402, 0, 4, "sect193r1" }, /* 401 */ - { 0x19, 403, 0, 4, "sect193r2" }, /* 402 */ - { 0x1A, 404, 0, 4, "sect233k1" }, /* 403 */ - { 0x1B, 405, 0, 4, "sect233r1" }, /* 404 */ - { 0x1C, 406, 0, 4, "secp128r1" }, /* 405 */ - { 0x1D, 407, 0, 4, "secp128r2" }, /* 406 */ - { 0x1E, 408, 0, 4, "secp160r2" }, /* 407 */ - { 0x1F, 409, 0, 4, "secp192k1" }, /* 408 */ - { 0x20, 410, 0, 4, "secp224k1" }, /* 409 */ - { 0x21, 411, 0, 4, "secp224r1" }, /* 410 */ - { 0x22, 412, 0, 4, "secp384r1" }, /* 411 */ - { 0x23, 413, 0, 4, "secp521r1" }, /* 412 */ - { 0x24, 414, 0, 4, "sect409k1" }, /* 413 */ - { 0x25, 415, 0, 4, "sect409r1" }, /* 414 */ - { 0x26, 416, 0, 4, "sect571k1" }, /* 415 */ - { 0x27, 0, 0, 4, "sect571r1" }, /* 416 */ - {0x60, 471, 1, 0, "" }, /* 417 */ - { 0x86, 0, 1, 1, "" }, /* 418 */ - { 0x48, 0, 1, 2, "" }, /* 419 */ - { 0x01, 0, 1, 3, "organization" }, /* 420 */ - { 0x65, 447, 1, 4, "gov" }, /* 421 */ - { 0x03, 0, 1, 5, "csor" }, /* 422 */ - { 0x04, 0, 1, 6, "nistalgorithm" }, /* 423 */ - { 0x01, 434, 1, 7, "aes" }, /* 424 */ - { 0x02, 426, 0, 8, "id-aes128-CBC" }, /* 425 */ - { 0x06, 427, 0, 8, "id-aes128-GCM" }, /* 426 */ - { 0x07, 428, 0, 8, "id-aes128-CCM" }, /* 427 */ - { 0x16, 429, 0, 8, "id-aes192-CBC" }, /* 428 */ - { 0x1A, 430, 0, 8, "id-aes192-GCM" }, /* 429 */ - { 0x1B, 431, 0, 8, "id-aes192-CCM" }, /* 430 */ - { 0x2A, 432, 0, 8, "id-aes256-CBC" }, /* 431 */ - { 0x2E, 433, 0, 8, "id-aes256-GCM" }, /* 432 */ - { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 433 */ - { 0x02, 0, 1, 7, "hashalgs" }, /* 434 */ - { 0x01, 436, 0, 8, "id-sha256" }, /* 435 */ - { 0x02, 437, 0, 8, "id-sha384" }, /* 436 */ - { 0x03, 438, 0, 8, "id-sha512" }, /* 437 */ - { 0x04, 439, 0, 8, "id-sha224" }, /* 438 */ - { 0x05, 440, 0, 8, "id-sha512-224" }, /* 439 */ - { 0x06, 441, 0, 8, "id-sha512-256" }, /* 440 */ - { 0x07, 442, 0, 8, "id-sha3-224" }, /* 441 */ - { 0x08, 443, 0, 8, "id-sha3-256" }, /* 442 */ - { 0x09, 444, 0, 8, "id-sha3-384" }, /* 443 */ - { 0x0A, 445, 0, 8, "id-sha3-512" }, /* 444 */ - { 0x0B, 446, 0, 8, "id-shake128" }, /* 445 */ - { 0x0C, 0, 0, 8, "id-shake256" }, /* 446 */ - { 0x86, 0, 1, 4, "" }, /* 447 */ - { 0xf8, 0, 1, 5, "" }, /* 448 */ - { 0x42, 461, 1, 6, "netscape" }, /* 449 */ - { 0x01, 456, 1, 7, "" }, /* 450 */ - { 0x01, 452, 0, 8, "nsCertType" }, /* 451 */ - { 0x03, 453, 0, 8, "nsRevocationUrl" }, /* 452 */ - { 0x04, 454, 0, 8, "nsCaRevocationUrl" }, /* 453 */ - { 0x08, 455, 0, 8, "nsCaPolicyUrl" }, /* 454 */ - { 0x0d, 0, 0, 8, "nsComment" }, /* 455 */ - { 0x03, 459, 1, 7, "directory" }, /* 456 */ - { 0x01, 0, 1, 8, "" }, /* 457 */ - { 0x03, 0, 0, 9, "employeeNumber" }, /* 458 */ - { 0x04, 0, 1, 7, "policy" }, /* 459 */ - { 0x01, 0, 0, 8, "nsSGC" }, /* 460 */ - { 0x45, 0, 1, 6, "verisign" }, /* 461 */ - { 0x01, 0, 1, 7, "pki" }, /* 462 */ - { 0x09, 0, 1, 8, "attributes" }, /* 463 */ - { 0x02, 465, 0, 9, "messageType" }, /* 464 */ - { 0x03, 466, 0, 9, "pkiStatus" }, /* 465 */ - { 0x04, 467, 0, 9, "failInfo" }, /* 466 */ - { 0x05, 468, 0, 9, "senderNonce" }, /* 467 */ - { 0x06, 469, 0, 9, "recipientNonce" }, /* 468 */ - { 0x07, 470, 0, 9, "transID" }, /* 469 */ - { 0x08, 0, 0, 9, "extensionReq" }, /* 470 */ - {0x67, 0, 1, 0, "" }, /* 471 */ - { 0x81, 0, 1, 1, "" }, /* 472 */ - { 0x05, 0, 1, 2, "" }, /* 473 */ - { 0x02, 0, 1, 3, "tcg-attribute" }, /* 474 */ - { 0x01, 476, 0, 4, "tcg-at-tpmManufacturer" }, /* 475 */ - { 0x02, 477, 0, 4, "tcg-at-tpmModel" }, /* 476 */ - { 0x03, 478, 0, 4, "tcg-at-tpmVersion" }, /* 477 */ - { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 478 */ + { 0x36, 37, 0, 2, "dmdName" }, /* 36 */ + { 0x41, 38, 0, 2, "pseudonym" }, /* 37 */ + { 0x48, 0, 0, 2, "role" }, /* 38 */ + { 0x1D, 0, 1, 1, "id-ce" }, /* 39 */ + { 0x09, 41, 0, 2, "subjectDirectoryAttrs" }, /* 40 */ + { 0x0E, 42, 0, 2, "subjectKeyIdentifier" }, /* 41 */ + { 0x0F, 43, 0, 2, "keyUsage" }, /* 42 */ + { 0x10, 44, 0, 2, "privateKeyUsagePeriod" }, /* 43 */ + { 0x11, 45, 0, 2, "subjectAltName" }, /* 44 */ + { 0x12, 46, 0, 2, "issuerAltName" }, /* 45 */ + { 0x13, 47, 0, 2, "basicConstraints" }, /* 46 */ + { 0x14, 48, 0, 2, "crlNumber" }, /* 47 */ + { 0x15, 49, 0, 2, "reasonCode" }, /* 48 */ + { 0x17, 50, 0, 2, "holdInstructionCode" }, /* 49 */ + { 0x18, 51, 0, 2, "invalidityDate" }, /* 50 */ + { 0x1B, 52, 0, 2, "deltaCrlIndicator" }, /* 51 */ + { 0x1C, 53, 0, 2, "issuingDistributionPoint" }, /* 52 */ + { 0x1D, 54, 0, 2, "certificateIssuer" }, /* 53 */ + { 0x1E, 55, 0, 2, "nameConstraints" }, /* 54 */ + { 0x1F, 56, 0, 2, "crlDistributionPoints" }, /* 55 */ + { 0x20, 58, 1, 2, "certificatePolicies" }, /* 56 */ + { 0x00, 0, 0, 3, "anyPolicy" }, /* 57 */ + { 0x21, 59, 0, 2, "policyMappings" }, /* 58 */ + { 0x23, 60, 0, 2, "authorityKeyIdentifier" }, /* 59 */ + { 0x24, 61, 0, 2, "policyConstraints" }, /* 60 */ + { 0x25, 63, 1, 2, "extendedKeyUsage" }, /* 61 */ + { 0x00, 0, 0, 3, "anyExtendedKeyUsage" }, /* 62 */ + { 0x2E, 64, 0, 2, "freshestCRL" }, /* 63 */ + { 0x36, 65, 0, 2, "inhibitAnyPolicy" }, /* 64 */ + { 0x37, 66, 0, 2, "targetInformation" }, /* 65 */ + { 0x38, 0, 0, 2, "noRevAvail" }, /* 66 */ + {0x2A, 191, 1, 0, "" }, /* 67 */ + { 0x83, 80, 1, 1, "" }, /* 68 */ + { 0x08, 0, 1, 2, "jp" }, /* 69 */ + { 0x8C, 0, 1, 3, "" }, /* 70 */ + { 0x9A, 0, 1, 4, "" }, /* 71 */ + { 0x4B, 0, 1, 5, "" }, /* 72 */ + { 0x3D, 0, 1, 6, "" }, /* 73 */ + { 0x01, 0, 1, 7, "security" }, /* 74 */ + { 0x01, 0, 1, 8, "algorithm" }, /* 75 */ + { 0x01, 0, 1, 9, "symm-encryption-alg" }, /* 76 */ + { 0x02, 78, 0, 10, "camellia128-cbc" }, /* 77 */ + { 0x03, 79, 0, 10, "camellia192-cbc" }, /* 78 */ + { 0x04, 0, 0, 10, "camellia256-cbc" }, /* 79 */ + { 0x86, 0, 1, 1, "" }, /* 80 */ + { 0x48, 0, 1, 2, "us" }, /* 81 */ + { 0x86, 150, 1, 3, "" }, /* 82 */ + { 0xF6, 88, 1, 4, "" }, /* 83 */ + { 0x7D, 0, 1, 5, "NortelNetworks" }, /* 84 */ + { 0x07, 0, 1, 6, "Entrust" }, /* 85 */ + { 0x41, 0, 1, 7, "nsn-ce" }, /* 86 */ + { 0x00, 0, 0, 8, "entrustVersInfo" }, /* 87 */ + { 0xF7, 0, 1, 4, "" }, /* 88 */ + { 0x0D, 0, 1, 5, "RSADSI" }, /* 89 */ + { 0x01, 145, 1, 6, "PKCS" }, /* 90 */ + { 0x01, 103, 1, 7, "PKCS-1" }, /* 91 */ + { 0x01, 93, 0, 8, "rsaEncryption" }, /* 92 */ + { 0x02, 94, 0, 8, "md2WithRSAEncryption" }, /* 93 */ + { 0x04, 95, 0, 8, "md5WithRSAEncryption" }, /* 94 */ + { 0x05, 96, 0, 8, "sha-1WithRSAEncryption" }, /* 95 */ + { 0x07, 97, 0, 8, "id-RSAES-OAEP" }, /* 96 */ + { 0x08, 98, 0, 8, "id-mgf1" }, /* 97 */ + { 0x09, 99, 0, 8, "id-pSpecified" }, /* 98 */ + { 0x0B, 100, 0, 8, "sha256WithRSAEncryption" }, /* 99 */ + { 0x0C, 101, 0, 8, "sha384WithRSAEncryption" }, /* 100 */ + { 0x0D, 102, 0, 8, "sha512WithRSAEncryption" }, /* 101 */ + { 0x0E, 0, 0, 8, "sha224WithRSAEncryption" }, /* 102 */ + { 0x05, 108, 1, 7, "PKCS-5" }, /* 103 */ + { 0x03, 105, 0, 8, "pbeWithMD5AndDES-CBC" }, /* 104 */ + { 0x0A, 106, 0, 8, "pbeWithSHA1AndDES-CBC" }, /* 105 */ + { 0x0C, 107, 0, 8, "id-PBKDF2" }, /* 106 */ + { 0x0D, 0, 0, 8, "id-PBES2" }, /* 107 */ + { 0x07, 115, 1, 7, "PKCS-7" }, /* 108 */ + { 0x01, 110, 0, 8, "data" }, /* 109 */ + { 0x02, 111, 0, 8, "signedData" }, /* 110 */ + { 0x03, 112, 0, 8, "envelopedData" }, /* 111 */ + { 0x04, 113, 0, 8, "signedAndEnvelopedData" }, /* 112 */ + { 0x05, 114, 0, 8, "digestedData" }, /* 113 */ + { 0x06, 0, 0, 8, "encryptedData" }, /* 114 */ + { 0x09, 129, 1, 7, "PKCS-9" }, /* 115 */ + { 0x01, 117, 0, 8, "E" }, /* 116 */ + { 0x02, 118, 0, 8, "unstructuredName" }, /* 117 */ + { 0x03, 119, 0, 8, "contentType" }, /* 118 */ + { 0x04, 120, 0, 8, "messageDigest" }, /* 119 */ + { 0x05, 121, 0, 8, "signingTime" }, /* 120 */ + { 0x06, 122, 0, 8, "counterSignature" }, /* 121 */ + { 0x07, 123, 0, 8, "challengePassword" }, /* 122 */ + { 0x08, 124, 0, 8, "unstructuredAddress" }, /* 123 */ + { 0x0E, 125, 0, 8, "extensionRequest" }, /* 124 */ + { 0x0F, 126, 0, 8, "S/MIME Capabilities" }, /* 125 */ + { 0x16, 0, 1, 8, "certTypes" }, /* 126 */ + { 0x01, 128, 0, 9, "X.509" }, /* 127 */ + { 0x02, 0, 0, 9, "SDSI" }, /* 128 */ + { 0x0c, 0, 1, 7, "PKCS-12" }, /* 129 */ + { 0x01, 137, 1, 8, "pbeIds" }, /* 130 */ + { 0x01, 132, 0, 9, "pbeWithSHAAnd128BitRC4" }, /* 131 */ + { 0x02, 133, 0, 9, "pbeWithSHAAnd40BitRC4" }, /* 132 */ + { 0x03, 134, 0, 9, "pbeWithSHAAnd3-KeyTripleDES-CBC"}, /* 133 */ + { 0x04, 135, 0, 9, "pbeWithSHAAnd2-KeyTripleDES-CBC"}, /* 134 */ + { 0x05, 136, 0, 9, "pbeWithSHAAnd128BitRC2-CBC" }, /* 135 */ + { 0x06, 0, 0, 9, "pbeWithSHAAnd40BitRC2-CBC" }, /* 136 */ + { 0x0a, 0, 1, 8, "PKCS-12v1" }, /* 137 */ + { 0x01, 0, 1, 9, "bagIds" }, /* 138 */ + { 0x01, 140, 0, 10, "keyBag" }, /* 139 */ + { 0x02, 141, 0, 10, "pkcs8ShroudedKeyBag" }, /* 140 */ + { 0x03, 142, 0, 10, "certBag" }, /* 141 */ + { 0x04, 143, 0, 10, "crlBag" }, /* 142 */ + { 0x05, 144, 0, 10, "secretBag" }, /* 143 */ + { 0x06, 0, 0, 10, "safeContentsBag" }, /* 144 */ + { 0x02, 148, 1, 6, "digestAlgorithm" }, /* 145 */ + { 0x02, 147, 0, 7, "md2" }, /* 146 */ + { 0x05, 0, 0, 7, "md5" }, /* 147 */ + { 0x03, 0, 1, 6, "encryptionAlgorithm" }, /* 148 */ + { 0x07, 0, 0, 7, "3des-ede-cbc" }, /* 149 */ + { 0xCE, 0, 1, 3, "" }, /* 150 */ + { 0x3D, 0, 1, 4, "ansi-X9-62" }, /* 151 */ + { 0x02, 154, 1, 5, "id-publicKeyType" }, /* 152 */ + { 0x01, 0, 0, 6, "id-ecPublicKey" }, /* 153 */ + { 0x03, 184, 1, 5, "ellipticCurve" }, /* 154 */ + { 0x00, 176, 1, 6, "c-TwoCurve" }, /* 155 */ + { 0x01, 157, 0, 7, "c2pnb163v1" }, /* 156 */ + { 0x02, 158, 0, 7, "c2pnb163v2" }, /* 157 */ + { 0x03, 159, 0, 7, "c2pnb163v3" }, /* 158 */ + { 0x04, 160, 0, 7, "c2pnb176w1" }, /* 159 */ + { 0x05, 161, 0, 7, "c2tnb191v1" }, /* 160 */ + { 0x06, 162, 0, 7, "c2tnb191v2" }, /* 161 */ + { 0x07, 163, 0, 7, "c2tnb191v3" }, /* 162 */ + { 0x08, 164, 0, 7, "c2onb191v4" }, /* 163 */ + { 0x09, 165, 0, 7, "c2onb191v5" }, /* 164 */ + { 0x0A, 166, 0, 7, "c2pnb208w1" }, /* 165 */ + { 0x0B, 167, 0, 7, "c2tnb239v1" }, /* 166 */ + { 0x0C, 168, 0, 7, "c2tnb239v2" }, /* 167 */ + { 0x0D, 169, 0, 7, "c2tnb239v3" }, /* 168 */ + { 0x0E, 170, 0, 7, "c2onb239v4" }, /* 169 */ + { 0x0F, 171, 0, 7, "c2onb239v5" }, /* 170 */ + { 0x10, 172, 0, 7, "c2pnb272w1" }, /* 171 */ + { 0x11, 173, 0, 7, "c2pnb304w1" }, /* 172 */ + { 0x12, 174, 0, 7, "c2tnb359v1" }, /* 173 */ + { 0x13, 175, 0, 7, "c2pnb368w1" }, /* 174 */ + { 0x14, 0, 0, 7, "c2tnb431r1" }, /* 175 */ + { 0x01, 0, 1, 6, "primeCurve" }, /* 176 */ + { 0x01, 178, 0, 7, "prime192v1" }, /* 177 */ + { 0x02, 179, 0, 7, "prime192v2" }, /* 178 */ + { 0x03, 180, 0, 7, "prime192v3" }, /* 179 */ + { 0x04, 181, 0, 7, "prime239v1" }, /* 180 */ + { 0x05, 182, 0, 7, "prime239v2" }, /* 181 */ + { 0x06, 183, 0, 7, "prime239v3" }, /* 182 */ + { 0x07, 0, 0, 7, "prime256v1" }, /* 183 */ + { 0x04, 0, 1, 5, "id-ecSigType" }, /* 184 */ + { 0x01, 186, 0, 6, "ecdsa-with-SHA1" }, /* 185 */ + { 0x03, 0, 1, 6, "ecdsa-with-Specified" }, /* 186 */ + { 0x01, 188, 0, 7, "ecdsa-with-SHA224" }, /* 187 */ + { 0x02, 189, 0, 7, "ecdsa-with-SHA256" }, /* 188 */ + { 0x03, 190, 0, 7, "ecdsa-with-SHA384" }, /* 189 */ + { 0x04, 0, 0, 7, "ecdsa-with-SHA512" }, /* 190 */ + {0x2B, 418, 1, 0, "" }, /* 191 */ + { 0x06, 332, 1, 1, "dod" }, /* 192 */ + { 0x01, 0, 1, 2, "internet" }, /* 193 */ + { 0x04, 283, 1, 3, "private" }, /* 194 */ + { 0x01, 0, 1, 4, "enterprise" }, /* 195 */ + { 0x82, 233, 1, 5, "" }, /* 196 */ + { 0x37, 209, 1, 6, "Microsoft" }, /* 197 */ + { 0x0A, 202, 1, 7, "" }, /* 198 */ + { 0x03, 0, 1, 8, "" }, /* 199 */ + { 0x03, 201, 0, 9, "msSGC" }, /* 200 */ + { 0x04, 0, 0, 9, "msEncryptingFileSystem" }, /* 201 */ + { 0x14, 206, 1, 7, "msEnrollmentInfrastructure" }, /* 202 */ + { 0x02, 0, 1, 8, "msCertificateTypeExtension" }, /* 203 */ + { 0x02, 205, 0, 9, "msSmartcardLogon" }, /* 204 */ + { 0x03, 0, 0, 9, "msUPN" }, /* 205 */ + { 0x15, 0, 1, 7, "msCertSrvInfrastructure" }, /* 206 */ + { 0x07, 208, 0, 8, "msCertTemplate" }, /* 207 */ + { 0x0A, 0, 0, 8, "msApplicationCertPolicies" }, /* 208 */ + { 0xA0, 0, 1, 6, "" }, /* 209 */ + { 0x2A, 0, 1, 7, "ITA" }, /* 210 */ + { 0x01, 212, 0, 8, "strongSwan" }, /* 211 */ + { 0x02, 213, 0, 8, "cps" }, /* 212 */ + { 0x03, 214, 0, 8, "e-voting" }, /* 213 */ + { 0x05, 0, 1, 8, "BLISS" }, /* 214 */ + { 0x01, 217, 1, 9, "keyType" }, /* 215 */ + { 0x01, 0, 0, 10, "blissPublicKey" }, /* 216 */ + { 0x02, 226, 1, 9, "parameters" }, /* 217 */ + { 0x01, 219, 0, 10, "BLISS-I" }, /* 218 */ + { 0x02, 220, 0, 10, "BLISS-II" }, /* 219 */ + { 0x03, 221, 0, 10, "BLISS-III" }, /* 220 */ + { 0x04, 222, 0, 10, "BLISS-IV" }, /* 221 */ + { 0x05, 223, 0, 10, "BLISS-B-I" }, /* 222 */ + { 0x06, 224, 0, 10, "BLISS-B-II" }, /* 223 */ + { 0x07, 225, 0, 10, "BLISS-B-III" }, /* 224 */ + { 0x08, 0, 0, 10, "BLISS-B-IV" }, /* 225 */ + { 0x03, 0, 1, 9, "blissSigType" }, /* 226 */ + { 0x01, 228, 0, 10, "BLISS-with-SHA2-512" }, /* 227 */ + { 0x02, 229, 0, 10, "BLISS-with-SHA2-384" }, /* 228 */ + { 0x03, 230, 0, 10, "BLISS-with-SHA2-256" }, /* 229 */ + { 0x04, 231, 0, 10, "BLISS-with-SHA3-512" }, /* 230 */ + { 0x05, 232, 0, 10, "BLISS-with-SHA3-384" }, /* 231 */ + { 0x06, 0, 0, 10, "BLISS-with-SHA3-256" }, /* 232 */ + { 0x89, 240, 1, 5, "" }, /* 233 */ + { 0x31, 0, 1, 6, "" }, /* 234 */ + { 0x01, 0, 1, 7, "" }, /* 235 */ + { 0x01, 0, 1, 8, "" }, /* 236 */ + { 0x02, 0, 1, 9, "" }, /* 237 */ + { 0x02, 0, 1, 10, "" }, /* 238 */ + { 0x4B, 0, 0, 11, "TCGID" }, /* 239 */ + { 0x97, 244, 1, 5, "" }, /* 240 */ + { 0x55, 0, 1, 6, "" }, /* 241 */ + { 0x01, 0, 1, 7, "" }, /* 242 */ + { 0x02, 0, 0, 8, "blowfish-cbc" }, /* 243 */ + { 0xC1, 0, 1, 5, "" }, /* 244 */ + { 0x16, 0, 1, 6, "ntruCryptosystems" }, /* 245 */ + { 0x01, 0, 1, 7, "eess" }, /* 246 */ + { 0x01, 0, 1, 8, "eess1" }, /* 247 */ + { 0x01, 252, 1, 9, "eess1-algs" }, /* 248 */ + { 0x01, 250, 0, 10, "ntru-EESS1v1-SVES" }, /* 249 */ + { 0x02, 251, 0, 10, "ntru-EESS1v1-SVSSA" }, /* 250 */ + { 0x03, 0, 0, 10, "ntru-EESS1v1-NTRUSign" }, /* 251 */ + { 0x02, 282, 1, 9, "eess1-params" }, /* 252 */ + { 0x01, 254, 0, 10, "ees251ep1" }, /* 253 */ + { 0x02, 255, 0, 10, "ees347ep1" }, /* 254 */ + { 0x03, 256, 0, 10, "ees503ep1" }, /* 255 */ + { 0x07, 257, 0, 10, "ees251sp2" }, /* 256 */ + { 0x0C, 258, 0, 10, "ees251ep4" }, /* 257 */ + { 0x0D, 259, 0, 10, "ees251ep5" }, /* 258 */ + { 0x0E, 260, 0, 10, "ees251sp3" }, /* 259 */ + { 0x0F, 261, 0, 10, "ees251sp4" }, /* 260 */ + { 0x10, 262, 0, 10, "ees251sp5" }, /* 261 */ + { 0x11, 263, 0, 10, "ees251sp6" }, /* 262 */ + { 0x12, 264, 0, 10, "ees251sp7" }, /* 263 */ + { 0x13, 265, 0, 10, "ees251sp8" }, /* 264 */ + { 0x14, 266, 0, 10, "ees251sp9" }, /* 265 */ + { 0x22, 267, 0, 10, "ees401ep1" }, /* 266 */ + { 0x23, 268, 0, 10, "ees449ep1" }, /* 267 */ + { 0x24, 269, 0, 10, "ees677ep1" }, /* 268 */ + { 0x25, 270, 0, 10, "ees1087ep2" }, /* 269 */ + { 0x26, 271, 0, 10, "ees541ep1" }, /* 270 */ + { 0x27, 272, 0, 10, "ees613ep1" }, /* 271 */ + { 0x28, 273, 0, 10, "ees887ep1" }, /* 272 */ + { 0x29, 274, 0, 10, "ees1171ep1" }, /* 273 */ + { 0x2A, 275, 0, 10, "ees659ep1" }, /* 274 */ + { 0x2B, 276, 0, 10, "ees761ep1" }, /* 275 */ + { 0x2C, 277, 0, 10, "ees1087ep1" }, /* 276 */ + { 0x2D, 278, 0, 10, "ees1499ep1" }, /* 277 */ + { 0x2E, 279, 0, 10, "ees401ep2" }, /* 278 */ + { 0x2F, 280, 0, 10, "ees439ep1" }, /* 279 */ + { 0x30, 281, 0, 10, "ees593ep1" }, /* 280 */ + { 0x31, 0, 0, 10, "ees743ep1" }, /* 281 */ + { 0x03, 0, 0, 9, "eess1-encodingMethods" }, /* 282 */ + { 0x05, 0, 1, 3, "security" }, /* 283 */ + { 0x05, 0, 1, 4, "mechanisms" }, /* 284 */ + { 0x07, 329, 1, 5, "id-pkix" }, /* 285 */ + { 0x01, 290, 1, 6, "id-pe" }, /* 286 */ + { 0x01, 288, 0, 7, "authorityInfoAccess" }, /* 287 */ + { 0x03, 289, 0, 7, "qcStatements" }, /* 288 */ + { 0x07, 0, 0, 7, "ipAddrBlocks" }, /* 289 */ + { 0x02, 293, 1, 6, "id-qt" }, /* 290 */ + { 0x01, 292, 0, 7, "cps" }, /* 291 */ + { 0x02, 0, 0, 7, "unotice" }, /* 292 */ + { 0x03, 303, 1, 6, "id-kp" }, /* 293 */ + { 0x01, 295, 0, 7, "serverAuth" }, /* 294 */ + { 0x02, 296, 0, 7, "clientAuth" }, /* 295 */ + { 0x03, 297, 0, 7, "codeSigning" }, /* 296 */ + { 0x04, 298, 0, 7, "emailProtection" }, /* 297 */ + { 0x05, 299, 0, 7, "ipsecEndSystem" }, /* 298 */ + { 0x06, 300, 0, 7, "ipsecTunnel" }, /* 299 */ + { 0x07, 301, 0, 7, "ipsecUser" }, /* 300 */ + { 0x08, 302, 0, 7, "timeStamping" }, /* 301 */ + { 0x09, 0, 0, 7, "ocspSigning" }, /* 302 */ + { 0x08, 311, 1, 6, "id-otherNames" }, /* 303 */ + { 0x01, 305, 0, 7, "personalData" }, /* 304 */ + { 0x02, 306, 0, 7, "userGroup" }, /* 305 */ + { 0x03, 307, 0, 7, "id-on-permanentIdentifier" }, /* 306 */ + { 0x04, 308, 0, 7, "id-on-hardwareModuleName" }, /* 307 */ + { 0x05, 309, 0, 7, "xmppAddr" }, /* 308 */ + { 0x06, 310, 0, 7, "id-on-SIM" }, /* 309 */ + { 0x07, 0, 0, 7, "id-on-dnsSRV" }, /* 310 */ + { 0x0A, 316, 1, 6, "id-aca" }, /* 311 */ + { 0x01, 313, 0, 7, "authenticationInfo" }, /* 312 */ + { 0x02, 314, 0, 7, "accessIdentity" }, /* 313 */ + { 0x03, 315, 0, 7, "chargingIdentity" }, /* 314 */ + { 0x04, 0, 0, 7, "group" }, /* 315 */ + { 0x0B, 317, 0, 6, "subjectInfoAccess" }, /* 316 */ + { 0x30, 0, 1, 6, "id-ad" }, /* 317 */ + { 0x01, 326, 1, 7, "ocsp" }, /* 318 */ + { 0x01, 320, 0, 8, "basic" }, /* 319 */ + { 0x02, 321, 0, 8, "nonce" }, /* 320 */ + { 0x03, 322, 0, 8, "crl" }, /* 321 */ + { 0x04, 323, 0, 8, "response" }, /* 322 */ + { 0x05, 324, 0, 8, "noCheck" }, /* 323 */ + { 0x06, 325, 0, 8, "archiveCutoff" }, /* 324 */ + { 0x07, 0, 0, 8, "serviceLocator" }, /* 325 */ + { 0x02, 327, 0, 7, "caIssuers" }, /* 326 */ + { 0x03, 328, 0, 7, "timeStamping" }, /* 327 */ + { 0x05, 0, 0, 7, "caRepository" }, /* 328 */ + { 0x08, 0, 1, 5, "ipsec" }, /* 329 */ + { 0x02, 0, 1, 6, "certificate" }, /* 330 */ + { 0x02, 0, 0, 7, "iKEIntermediate" }, /* 331 */ + { 0x0E, 338, 1, 1, "oiw" }, /* 332 */ + { 0x03, 0, 1, 2, "secsig" }, /* 333 */ + { 0x02, 0, 1, 3, "algorithms" }, /* 334 */ + { 0x07, 336, 0, 4, "des-cbc" }, /* 335 */ + { 0x1A, 337, 0, 4, "sha-1" }, /* 336 */ + { 0x1D, 0, 0, 4, "sha-1WithRSASignature" }, /* 337 */ + { 0x24, 384, 1, 1, "TeleTrusT" }, /* 338 */ + { 0x03, 0, 1, 2, "algorithm" }, /* 339 */ + { 0x03, 0, 1, 3, "signatureAlgorithm" }, /* 340 */ + { 0x01, 345, 1, 4, "rsaSignature" }, /* 341 */ + { 0x02, 343, 0, 5, "rsaSigWithripemd160" }, /* 342 */ + { 0x03, 344, 0, 5, "rsaSigWithripemd128" }, /* 343 */ + { 0x04, 0, 0, 5, "rsaSigWithripemd256" }, /* 344 */ + { 0x02, 0, 1, 4, "ecSign" }, /* 345 */ + { 0x01, 347, 0, 5, "ecSignWithsha1" }, /* 346 */ + { 0x02, 348, 0, 5, "ecSignWithripemd160" }, /* 347 */ + { 0x03, 349, 0, 5, "ecSignWithmd2" }, /* 348 */ + { 0x04, 350, 0, 5, "ecSignWithmd5" }, /* 349 */ + { 0x05, 367, 1, 5, "ttt-ecg" }, /* 350 */ + { 0x01, 355, 1, 6, "fieldType" }, /* 351 */ + { 0x01, 0, 1, 7, "characteristictwoField" }, /* 352 */ + { 0x01, 0, 1, 8, "basisType" }, /* 353 */ + { 0x01, 0, 0, 9, "ipBasis" }, /* 354 */ + { 0x02, 357, 1, 6, "keyType" }, /* 355 */ + { 0x01, 0, 0, 7, "ecgPublicKey" }, /* 356 */ + { 0x03, 358, 0, 6, "curve" }, /* 357 */ + { 0x04, 365, 1, 6, "signatures" }, /* 358 */ + { 0x01, 360, 0, 7, "ecgdsa-with-RIPEMD160" }, /* 359 */ + { 0x02, 361, 0, 7, "ecgdsa-with-SHA1" }, /* 360 */ + { 0x03, 362, 0, 7, "ecgdsa-with-SHA224" }, /* 361 */ + { 0x04, 363, 0, 7, "ecgdsa-with-SHA256" }, /* 362 */ + { 0x05, 364, 0, 7, "ecgdsa-with-SHA384" }, /* 363 */ + { 0x06, 0, 0, 7, "ecgdsa-with-SHA512" }, /* 364 */ + { 0x05, 0, 1, 6, "module" }, /* 365 */ + { 0x01, 0, 0, 7, "1" }, /* 366 */ + { 0x08, 0, 1, 5, "ecStdCurvesAndGeneration" }, /* 367 */ + { 0x01, 0, 1, 6, "ellipticCurve" }, /* 368 */ + { 0x01, 0, 1, 7, "versionOne" }, /* 369 */ + { 0x01, 371, 0, 8, "brainpoolP160r1" }, /* 370 */ + { 0x02, 372, 0, 8, "brainpoolP160t1" }, /* 371 */ + { 0x03, 373, 0, 8, "brainpoolP192r1" }, /* 372 */ + { 0x04, 374, 0, 8, "brainpoolP192t1" }, /* 373 */ + { 0x05, 375, 0, 8, "brainpoolP224r1" }, /* 374 */ + { 0x06, 376, 0, 8, "brainpoolP224t1" }, /* 375 */ + { 0x07, 377, 0, 8, "brainpoolP256r1" }, /* 376 */ + { 0x08, 378, 0, 8, "brainpoolP256t1" }, /* 377 */ + { 0x09, 379, 0, 8, "brainpoolP320r1" }, /* 378 */ + { 0x0A, 380, 0, 8, "brainpoolP320t1" }, /* 379 */ + { 0x0B, 381, 0, 8, "brainpoolP384r1" }, /* 380 */ + { 0x0C, 382, 0, 8, "brainpoolP384t1" }, /* 381 */ + { 0x0D, 383, 0, 8, "brainpoolP512r1" }, /* 382 */ + { 0x0E, 0, 0, 8, "brainpoolP512t1" }, /* 383 */ + { 0x81, 0, 1, 1, "" }, /* 384 */ + { 0x04, 0, 1, 2, "Certicom" }, /* 385 */ + { 0x00, 0, 1, 3, "curve" }, /* 386 */ + { 0x01, 388, 0, 4, "sect163k1" }, /* 387 */ + { 0x02, 389, 0, 4, "sect163r1" }, /* 388 */ + { 0x03, 390, 0, 4, "sect239k1" }, /* 389 */ + { 0x04, 391, 0, 4, "sect113r1" }, /* 390 */ + { 0x05, 392, 0, 4, "sect113r2" }, /* 391 */ + { 0x06, 393, 0, 4, "secp112r1" }, /* 392 */ + { 0x07, 394, 0, 4, "secp112r2" }, /* 393 */ + { 0x08, 395, 0, 4, "secp160r1" }, /* 394 */ + { 0x09, 396, 0, 4, "secp160k1" }, /* 395 */ + { 0x0A, 397, 0, 4, "secp256k1" }, /* 396 */ + { 0x0F, 398, 0, 4, "sect163r2" }, /* 397 */ + { 0x10, 399, 0, 4, "sect283k1" }, /* 398 */ + { 0x11, 400, 0, 4, "sect283r1" }, /* 399 */ + { 0x16, 401, 0, 4, "sect131r1" }, /* 400 */ + { 0x17, 402, 0, 4, "sect131r2" }, /* 401 */ + { 0x18, 403, 0, 4, "sect193r1" }, /* 402 */ + { 0x19, 404, 0, 4, "sect193r2" }, /* 403 */ + { 0x1A, 405, 0, 4, "sect233k1" }, /* 404 */ + { 0x1B, 406, 0, 4, "sect233r1" }, /* 405 */ + { 0x1C, 407, 0, 4, "secp128r1" }, /* 406 */ + { 0x1D, 408, 0, 4, "secp128r2" }, /* 407 */ + { 0x1E, 409, 0, 4, "secp160r2" }, /* 408 */ + { 0x1F, 410, 0, 4, "secp192k1" }, /* 409 */ + { 0x20, 411, 0, 4, "secp224k1" }, /* 410 */ + { 0x21, 412, 0, 4, "secp224r1" }, /* 411 */ + { 0x22, 413, 0, 4, "secp384r1" }, /* 412 */ + { 0x23, 414, 0, 4, "secp521r1" }, /* 413 */ + { 0x24, 415, 0, 4, "sect409k1" }, /* 414 */ + { 0x25, 416, 0, 4, "sect409r1" }, /* 415 */ + { 0x26, 417, 0, 4, "sect571k1" }, /* 416 */ + { 0x27, 0, 0, 4, "sect571r1" }, /* 417 */ + {0x60, 472, 1, 0, "" }, /* 418 */ + { 0x86, 0, 1, 1, "" }, /* 419 */ + { 0x48, 0, 1, 2, "" }, /* 420 */ + { 0x01, 0, 1, 3, "organization" }, /* 421 */ + { 0x65, 448, 1, 4, "gov" }, /* 422 */ + { 0x03, 0, 1, 5, "csor" }, /* 423 */ + { 0x04, 0, 1, 6, "nistalgorithm" }, /* 424 */ + { 0x01, 435, 1, 7, "aes" }, /* 425 */ + { 0x02, 427, 0, 8, "id-aes128-CBC" }, /* 426 */ + { 0x06, 428, 0, 8, "id-aes128-GCM" }, /* 427 */ + { 0x07, 429, 0, 8, "id-aes128-CCM" }, /* 428 */ + { 0x16, 430, 0, 8, "id-aes192-CBC" }, /* 429 */ + { 0x1A, 431, 0, 8, "id-aes192-GCM" }, /* 430 */ + { 0x1B, 432, 0, 8, "id-aes192-CCM" }, /* 431 */ + { 0x2A, 433, 0, 8, "id-aes256-CBC" }, /* 432 */ + { 0x2E, 434, 0, 8, "id-aes256-GCM" }, /* 433 */ + { 0x2F, 0, 0, 8, "id-aes256-CCM" }, /* 434 */ + { 0x02, 0, 1, 7, "hashalgs" }, /* 435 */ + { 0x01, 437, 0, 8, "id-sha256" }, /* 436 */ + { 0x02, 438, 0, 8, "id-sha384" }, /* 437 */ + { 0x03, 439, 0, 8, "id-sha512" }, /* 438 */ + { 0x04, 440, 0, 8, "id-sha224" }, /* 439 */ + { 0x05, 441, 0, 8, "id-sha512-224" }, /* 440 */ + { 0x06, 442, 0, 8, "id-sha512-256" }, /* 441 */ + { 0x07, 443, 0, 8, "id-sha3-224" }, /* 442 */ + { 0x08, 444, 0, 8, "id-sha3-256" }, /* 443 */ + { 0x09, 445, 0, 8, "id-sha3-384" }, /* 444 */ + { 0x0A, 446, 0, 8, "id-sha3-512" }, /* 445 */ + { 0x0B, 447, 0, 8, "id-shake128" }, /* 446 */ + { 0x0C, 0, 0, 8, "id-shake256" }, /* 447 */ + { 0x86, 0, 1, 4, "" }, /* 448 */ + { 0xf8, 0, 1, 5, "" }, /* 449 */ + { 0x42, 462, 1, 6, "netscape" }, /* 450 */ + { 0x01, 457, 1, 7, "" }, /* 451 */ + { 0x01, 453, 0, 8, "nsCertType" }, /* 452 */ + { 0x03, 454, 0, 8, "nsRevocationUrl" }, /* 453 */ + { 0x04, 455, 0, 8, "nsCaRevocationUrl" }, /* 454 */ + { 0x08, 456, 0, 8, "nsCaPolicyUrl" }, /* 455 */ + { 0x0d, 0, 0, 8, "nsComment" }, /* 456 */ + { 0x03, 460, 1, 7, "directory" }, /* 457 */ + { 0x01, 0, 1, 8, "" }, /* 458 */ + { 0x03, 0, 0, 9, "employeeNumber" }, /* 459 */ + { 0x04, 0, 1, 7, "policy" }, /* 460 */ + { 0x01, 0, 0, 8, "nsSGC" }, /* 461 */ + { 0x45, 0, 1, 6, "verisign" }, /* 462 */ + { 0x01, 0, 1, 7, "pki" }, /* 463 */ + { 0x09, 0, 1, 8, "attributes" }, /* 464 */ + { 0x02, 466, 0, 9, "messageType" }, /* 465 */ + { 0x03, 467, 0, 9, "pkiStatus" }, /* 466 */ + { 0x04, 468, 0, 9, "failInfo" }, /* 467 */ + { 0x05, 469, 0, 9, "senderNonce" }, /* 468 */ + { 0x06, 470, 0, 9, "recipientNonce" }, /* 469 */ + { 0x07, 471, 0, 9, "transID" }, /* 470 */ + { 0x08, 0, 0, 9, "extensionReq" }, /* 471 */ + {0x67, 0, 1, 0, "" }, /* 472 */ + { 0x81, 0, 1, 1, "" }, /* 473 */ + { 0x05, 0, 1, 2, "" }, /* 474 */ + { 0x02, 0, 1, 3, "tcg-attribute" }, /* 475 */ + { 0x01, 477, 0, 4, "tcg-at-tpmManufacturer" }, /* 476 */ + { 0x02, 478, 0, 4, "tcg-at-tpmModel" }, /* 477 */ + { 0x03, 479, 0, 4, "tcg-at-tpmVersion" }, /* 478 */ + { 0x0F, 0, 0, 4, "tcg-at-tpmIdLabel" } /* 479 */ }; diff --git a/src/libstrongswan/asn1/oid.h b/src/libstrongswan/asn1/oid.h index 1120156e5..042f108dd 100644 --- a/src/libstrongswan/asn1/oid.h +++ b/src/libstrongswan/asn1/oid.h @@ -40,221 +40,222 @@ extern const oid_t oid_names[]; #define OID_INITIALS 33 #define OID_UNIQUE_IDENTIFIER 34 #define OID_DN_QUALIFIER 35 -#define OID_PSEUDONYM 36 -#define OID_ROLE 37 -#define OID_SUBJECT_KEY_ID 40 -#define OID_KEY_USAGE 41 -#define OID_SUBJECT_ALT_NAME 43 -#define OID_BASIC_CONSTRAINTS 45 -#define OID_CRL_NUMBER 46 -#define OID_CRL_REASON_CODE 47 -#define OID_DELTA_CRL_INDICATOR 50 -#define OID_ISSUING_DIST_POINT 51 -#define OID_NAME_CONSTRAINTS 53 -#define OID_CRL_DISTRIBUTION_POINTS 54 -#define OID_CERTIFICATE_POLICIES 55 -#define OID_ANY_POLICY 56 -#define OID_POLICY_MAPPINGS 57 -#define OID_AUTHORITY_KEY_ID 58 -#define OID_POLICY_CONSTRAINTS 59 -#define OID_EXTENDED_KEY_USAGE 60 -#define OID_FRESHEST_CRL 62 -#define OID_INHIBIT_ANY_POLICY 63 -#define OID_TARGET_INFORMATION 64 -#define OID_NO_REV_AVAIL 65 -#define OID_CAMELLIA128_CBC 76 -#define OID_CAMELLIA192_CBC 77 -#define OID_CAMELLIA256_CBC 78 -#define OID_RSA_ENCRYPTION 91 -#define OID_MD2_WITH_RSA 92 -#define OID_MD5_WITH_RSA 93 -#define OID_SHA1_WITH_RSA 94 -#define OID_RSAES_OAEP 95 -#define OID_SHA256_WITH_RSA 98 -#define OID_SHA384_WITH_RSA 99 -#define OID_SHA512_WITH_RSA 100 -#define OID_SHA224_WITH_RSA 101 -#define OID_PBE_MD5_DES_CBC 103 -#define OID_PBE_SHA1_DES_CBC 104 -#define OID_PBKDF2 105 -#define OID_PBES2 106 -#define OID_PKCS7_DATA 108 -#define OID_PKCS7_SIGNED_DATA 109 -#define OID_PKCS7_ENVELOPED_DATA 110 -#define OID_PKCS7_SIGNED_ENVELOPED_DATA 111 -#define OID_PKCS7_DIGESTED_DATA 112 -#define OID_PKCS7_ENCRYPTED_DATA 113 -#define OID_EMAIL_ADDRESS 115 -#define OID_UNSTRUCTURED_NAME 116 -#define OID_PKCS9_CONTENT_TYPE 117 -#define OID_PKCS9_MESSAGE_DIGEST 118 -#define OID_PKCS9_SIGNING_TIME 119 -#define OID_CHALLENGE_PASSWORD 121 -#define OID_UNSTRUCTURED_ADDRESS 122 -#define OID_EXTENSION_REQUEST 123 -#define OID_X509_CERTIFICATE 126 -#define OID_PBE_SHA1_RC4_128 130 -#define OID_PBE_SHA1_RC4_40 131 -#define OID_PBE_SHA1_3DES_CBC 132 -#define OID_PBE_SHA1_3DES_2KEY_CBC 133 -#define OID_PBE_SHA1_RC2_CBC_128 134 -#define OID_PBE_SHA1_RC2_CBC_40 135 -#define OID_P12_KEY_BAG 138 -#define OID_P12_PKCS8_KEY_BAG 139 -#define OID_P12_CERT_BAG 140 -#define OID_P12_CRL_BAG 141 -#define OID_MD2 145 -#define OID_MD5 146 -#define OID_3DES_EDE_CBC 148 -#define OID_EC_PUBLICKEY 152 -#define OID_C2PNB163V1 155 -#define OID_C2PNB163V2 156 -#define OID_C2PNB163V3 157 -#define OID_C2PNB176W1 158 -#define OID_C2PNB191V1 159 -#define OID_C2PNB191V2 160 -#define OID_C2PNB191V3 161 -#define OID_C2PNB191V4 162 -#define OID_C2PNB191V5 163 -#define OID_C2PNB208W1 164 -#define OID_C2PNB239V1 165 -#define OID_C2PNB239V2 166 -#define OID_C2PNB239V3 167 -#define OID_C2PNB239V4 168 -#define OID_C2PNB239V5 169 -#define OID_C2PNB272W1 170 -#define OID_C2PNB304W1 171 -#define OID_C2PNB359V1 172 -#define OID_C2PNB368W1 173 -#define OID_C2PNB431R1 174 -#define OID_PRIME192V1 176 -#define OID_PRIME192V2 177 -#define OID_PRIME192V3 178 -#define OID_PRIME239V1 179 -#define OID_PRIME239V2 180 -#define OID_PRIME239V3 181 -#define OID_PRIME256V1 182 -#define OID_ECDSA_WITH_SHA1 184 -#define OID_ECDSA_WITH_SHA224 186 -#define OID_ECDSA_WITH_SHA256 187 -#define OID_ECDSA_WITH_SHA384 188 -#define OID_ECDSA_WITH_SHA512 189 -#define OID_MS_SMARTCARD_LOGON 203 -#define OID_USER_PRINCIPAL_NAME 204 -#define OID_STRONGSWAN 210 -#define OID_BLISS_PUBLICKEY 215 -#define OID_BLISS_I 217 -#define OID_BLISS_II 218 -#define OID_BLISS_III 219 -#define OID_BLISS_IV 220 -#define OID_BLISS_B_I 221 -#define OID_BLISS_B_II 222 -#define OID_BLISS_B_III 223 -#define OID_BLISS_B_IV 224 -#define OID_BLISS_WITH_SHA2_512 226 -#define OID_BLISS_WITH_SHA2_384 227 -#define OID_BLISS_WITH_SHA2_256 228 -#define OID_BLISS_WITH_SHA3_512 229 -#define OID_BLISS_WITH_SHA3_384 230 -#define OID_BLISS_WITH_SHA3_256 231 -#define OID_TCGID 238 -#define OID_BLOWFISH_CBC 242 -#define OID_AUTHORITY_INFO_ACCESS 286 -#define OID_IP_ADDR_BLOCKS 288 -#define OID_POLICY_QUALIFIER_CPS 290 -#define OID_POLICY_QUALIFIER_UNOTICE 291 -#define OID_SERVER_AUTH 293 -#define OID_CLIENT_AUTH 294 -#define OID_OCSP_SIGNING 301 -#define OID_XMPP_ADDR 307 -#define OID_AUTHENTICATION_INFO 311 -#define OID_ACCESS_IDENTITY 312 -#define OID_CHARGING_IDENTITY 313 -#define OID_GROUP 314 -#define OID_OCSP 317 -#define OID_BASIC 318 -#define OID_NONCE 319 -#define OID_CRL 320 -#define OID_RESPONSE 321 -#define OID_NO_CHECK 322 -#define OID_ARCHIVE_CUTOFF 323 -#define OID_SERVICE_LOCATOR 324 -#define OID_CA_ISSUERS 325 -#define OID_IKE_INTERMEDIATE 330 -#define OID_DES_CBC 334 -#define OID_SHA1 335 -#define OID_SHA1_WITH_RSA_OIW 336 -#define OID_ECGDSA_PUBKEY 355 -#define OID_ECGDSA_SIG_WITH_RIPEMD160 358 -#define OID_ECGDSA_SIG_WITH_SHA1 359 -#define OID_ECGDSA_SIG_WITH_SHA224 360 -#define OID_ECGDSA_SIG_WITH_SHA256 361 -#define OID_ECGDSA_SIG_WITH_SHA384 362 -#define OID_ECGDSA_SIG_WITH_SHA512 363 -#define OID_SECT163K1 386 -#define OID_SECT163R1 387 -#define OID_SECT239K1 388 -#define OID_SECT113R1 389 -#define OID_SECT113R2 390 -#define OID_SECT112R1 391 -#define OID_SECT112R2 392 -#define OID_SECT160R1 393 -#define OID_SECT160K1 394 -#define OID_SECT256K1 395 -#define OID_SECT163R2 396 -#define OID_SECT283K1 397 -#define OID_SECT283R1 398 -#define OID_SECT131R1 399 -#define OID_SECT131R2 400 -#define OID_SECT193R1 401 -#define OID_SECT193R2 402 -#define OID_SECT233K1 403 -#define OID_SECT233R1 404 -#define OID_SECT128R1 405 -#define OID_SECT128R2 406 -#define OID_SECT160R2 407 -#define OID_SECT192K1 408 -#define OID_SECT224K1 409 -#define OID_SECT224R1 410 -#define OID_SECT384R1 411 -#define OID_SECT521R1 412 -#define OID_SECT409K1 413 -#define OID_SECT409R1 414 -#define OID_SECT571K1 415 -#define OID_SECT571R1 416 -#define OID_AES128_CBC 425 -#define OID_AES128_GCM 426 -#define OID_AES128_CCM 427 -#define OID_AES192_CBC 428 -#define OID_AES192_GCM 429 -#define OID_AES192_CCM 430 -#define OID_AES256_CBC 431 -#define OID_AES256_GCM 432 -#define OID_AES256_CCM 433 -#define OID_SHA256 435 -#define OID_SHA384 436 -#define OID_SHA512 437 -#define OID_SHA224 438 -#define OID_SHA3_224 441 -#define OID_SHA3_256 442 -#define OID_SHA3_384 443 -#define OID_SHA3_512 444 -#define OID_NS_REVOCATION_URL 452 -#define OID_NS_CA_REVOCATION_URL 453 -#define OID_NS_CA_POLICY_URL 454 -#define OID_NS_COMMENT 455 -#define OID_EMPLOYEE_NUMBER 458 -#define OID_PKI_MESSAGE_TYPE 464 -#define OID_PKI_STATUS 465 -#define OID_PKI_FAIL_INFO 466 -#define OID_PKI_SENDER_NONCE 467 -#define OID_PKI_RECIPIENT_NONCE 468 -#define OID_PKI_TRANS_ID 469 -#define OID_TPM_MANUFACTURER 475 -#define OID_TPM_MODEL 476 -#define OID_TPM_VERSION 477 -#define OID_TPM_ID_LABEL 478 +#define OID_DMD_NAME 36 +#define OID_PSEUDONYM 37 +#define OID_ROLE 38 +#define OID_SUBJECT_KEY_ID 41 +#define OID_KEY_USAGE 42 +#define OID_SUBJECT_ALT_NAME 44 +#define OID_BASIC_CONSTRAINTS 46 +#define OID_CRL_NUMBER 47 +#define OID_CRL_REASON_CODE 48 +#define OID_DELTA_CRL_INDICATOR 51 +#define OID_ISSUING_DIST_POINT 52 +#define OID_NAME_CONSTRAINTS 54 +#define OID_CRL_DISTRIBUTION_POINTS 55 +#define OID_CERTIFICATE_POLICIES 56 +#define OID_ANY_POLICY 57 +#define OID_POLICY_MAPPINGS 58 +#define OID_AUTHORITY_KEY_ID 59 +#define OID_POLICY_CONSTRAINTS 60 +#define OID_EXTENDED_KEY_USAGE 61 +#define OID_FRESHEST_CRL 63 +#define OID_INHIBIT_ANY_POLICY 64 +#define OID_TARGET_INFORMATION 65 +#define OID_NO_REV_AVAIL 66 +#define OID_CAMELLIA128_CBC 77 +#define OID_CAMELLIA192_CBC 78 +#define OID_CAMELLIA256_CBC 79 +#define OID_RSA_ENCRYPTION 92 +#define OID_MD2_WITH_RSA 93 +#define OID_MD5_WITH_RSA 94 +#define OID_SHA1_WITH_RSA 95 +#define OID_RSAES_OAEP 96 +#define OID_SHA256_WITH_RSA 99 +#define OID_SHA384_WITH_RSA 100 +#define OID_SHA512_WITH_RSA 101 +#define OID_SHA224_WITH_RSA 102 +#define OID_PBE_MD5_DES_CBC 104 +#define OID_PBE_SHA1_DES_CBC 105 +#define OID_PBKDF2 106 +#define OID_PBES2 107 +#define OID_PKCS7_DATA 109 +#define OID_PKCS7_SIGNED_DATA 110 +#define OID_PKCS7_ENVELOPED_DATA 111 +#define OID_PKCS7_SIGNED_ENVELOPED_DATA 112 +#define OID_PKCS7_DIGESTED_DATA 113 +#define OID_PKCS7_ENCRYPTED_DATA 114 +#define OID_EMAIL_ADDRESS 116 +#define OID_UNSTRUCTURED_NAME 117 +#define OID_PKCS9_CONTENT_TYPE 118 +#define OID_PKCS9_MESSAGE_DIGEST 119 +#define OID_PKCS9_SIGNING_TIME 120 +#define OID_CHALLENGE_PASSWORD 122 +#define OID_UNSTRUCTURED_ADDRESS 123 +#define OID_EXTENSION_REQUEST 124 +#define OID_X509_CERTIFICATE 127 +#define OID_PBE_SHA1_RC4_128 131 +#define OID_PBE_SHA1_RC4_40 132 +#define OID_PBE_SHA1_3DES_CBC 133 +#define OID_PBE_SHA1_3DES_2KEY_CBC 134 +#define OID_PBE_SHA1_RC2_CBC_128 135 +#define OID_PBE_SHA1_RC2_CBC_40 136 +#define OID_P12_KEY_BAG 139 +#define OID_P12_PKCS8_KEY_BAG 140 +#define OID_P12_CERT_BAG 141 +#define OID_P12_CRL_BAG 142 +#define OID_MD2 146 +#define OID_MD5 147 +#define OID_3DES_EDE_CBC 149 +#define OID_EC_PUBLICKEY 153 +#define OID_C2PNB163V1 156 +#define OID_C2PNB163V2 157 +#define OID_C2PNB163V3 158 +#define OID_C2PNB176W1 159 +#define OID_C2PNB191V1 160 +#define OID_C2PNB191V2 161 +#define OID_C2PNB191V3 162 +#define OID_C2PNB191V4 163 +#define OID_C2PNB191V5 164 +#define OID_C2PNB208W1 165 +#define OID_C2PNB239V1 166 +#define OID_C2PNB239V2 167 +#define OID_C2PNB239V3 168 +#define OID_C2PNB239V4 169 +#define OID_C2PNB239V5 170 +#define OID_C2PNB272W1 171 +#define OID_C2PNB304W1 172 +#define OID_C2PNB359V1 173 +#define OID_C2PNB368W1 174 +#define OID_C2PNB431R1 175 +#define OID_PRIME192V1 177 +#define OID_PRIME192V2 178 +#define OID_PRIME192V3 179 +#define OID_PRIME239V1 180 +#define OID_PRIME239V2 181 +#define OID_PRIME239V3 182 +#define OID_PRIME256V1 183 +#define OID_ECDSA_WITH_SHA1 185 +#define OID_ECDSA_WITH_SHA224 187 +#define OID_ECDSA_WITH_SHA256 188 +#define OID_ECDSA_WITH_SHA384 189 +#define OID_ECDSA_WITH_SHA512 190 +#define OID_MS_SMARTCARD_LOGON 204 +#define OID_USER_PRINCIPAL_NAME 205 +#define OID_STRONGSWAN 211 +#define OID_BLISS_PUBLICKEY 216 +#define OID_BLISS_I 218 +#define OID_BLISS_II 219 +#define OID_BLISS_III 220 +#define OID_BLISS_IV 221 +#define OID_BLISS_B_I 222 +#define OID_BLISS_B_II 223 +#define OID_BLISS_B_III 224 +#define OID_BLISS_B_IV 225 +#define OID_BLISS_WITH_SHA2_512 227 +#define OID_BLISS_WITH_SHA2_384 228 +#define OID_BLISS_WITH_SHA2_256 229 +#define OID_BLISS_WITH_SHA3_512 230 +#define OID_BLISS_WITH_SHA3_384 231 +#define OID_BLISS_WITH_SHA3_256 232 +#define OID_TCGID 239 +#define OID_BLOWFISH_CBC 243 +#define OID_AUTHORITY_INFO_ACCESS 287 +#define OID_IP_ADDR_BLOCKS 289 +#define OID_POLICY_QUALIFIER_CPS 291 +#define OID_POLICY_QUALIFIER_UNOTICE 292 +#define OID_SERVER_AUTH 294 +#define OID_CLIENT_AUTH 295 +#define OID_OCSP_SIGNING 302 +#define OID_XMPP_ADDR 308 +#define OID_AUTHENTICATION_INFO 312 +#define OID_ACCESS_IDENTITY 313 +#define OID_CHARGING_IDENTITY 314 +#define OID_GROUP 315 +#define OID_OCSP 318 +#define OID_BASIC 319 +#define OID_NONCE 320 +#define OID_CRL 321 +#define OID_RESPONSE 322 +#define OID_NO_CHECK 323 +#define OID_ARCHIVE_CUTOFF 324 +#define OID_SERVICE_LOCATOR 325 +#define OID_CA_ISSUERS 326 +#define OID_IKE_INTERMEDIATE 331 +#define OID_DES_CBC 335 +#define OID_SHA1 336 +#define OID_SHA1_WITH_RSA_OIW 337 +#define OID_ECGDSA_PUBKEY 356 +#define OID_ECGDSA_SIG_WITH_RIPEMD160 359 +#define OID_ECGDSA_SIG_WITH_SHA1 360 +#define OID_ECGDSA_SIG_WITH_SHA224 361 +#define OID_ECGDSA_SIG_WITH_SHA256 362 +#define OID_ECGDSA_SIG_WITH_SHA384 363 +#define OID_ECGDSA_SIG_WITH_SHA512 364 +#define OID_SECT163K1 387 +#define OID_SECT163R1 388 +#define OID_SECT239K1 389 +#define OID_SECT113R1 390 +#define OID_SECT113R2 391 +#define OID_SECT112R1 392 +#define OID_SECT112R2 393 +#define OID_SECT160R1 394 +#define OID_SECT160K1 395 +#define OID_SECT256K1 396 +#define OID_SECT163R2 397 +#define OID_SECT283K1 398 +#define OID_SECT283R1 399 +#define OID_SECT131R1 400 +#define OID_SECT131R2 401 +#define OID_SECT193R1 402 +#define OID_SECT193R2 403 +#define OID_SECT233K1 404 +#define OID_SECT233R1 405 +#define OID_SECT128R1 406 +#define OID_SECT128R2 407 +#define OID_SECT160R2 408 +#define OID_SECT192K1 409 +#define OID_SECT224K1 410 +#define OID_SECT224R1 411 +#define OID_SECT384R1 412 +#define OID_SECT521R1 413 +#define OID_SECT409K1 414 +#define OID_SECT409R1 415 +#define OID_SECT571K1 416 +#define OID_SECT571R1 417 +#define OID_AES128_CBC 426 +#define OID_AES128_GCM 427 +#define OID_AES128_CCM 428 +#define OID_AES192_CBC 429 +#define OID_AES192_GCM 430 +#define OID_AES192_CCM 431 +#define OID_AES256_CBC 432 +#define OID_AES256_GCM 433 +#define OID_AES256_CCM 434 +#define OID_SHA256 436 +#define OID_SHA384 437 +#define OID_SHA512 438 +#define OID_SHA224 439 +#define OID_SHA3_224 442 +#define OID_SHA3_256 443 +#define OID_SHA3_384 444 +#define OID_SHA3_512 445 +#define OID_NS_REVOCATION_URL 453 +#define OID_NS_CA_REVOCATION_URL 454 +#define OID_NS_CA_POLICY_URL 455 +#define OID_NS_COMMENT 456 +#define OID_EMPLOYEE_NUMBER 459 +#define OID_PKI_MESSAGE_TYPE 465 +#define OID_PKI_STATUS 466 +#define OID_PKI_FAIL_INFO 467 +#define OID_PKI_SENDER_NONCE 468 +#define OID_PKI_RECIPIENT_NONCE 469 +#define OID_PKI_TRANS_ID 470 +#define OID_TPM_MANUFACTURER 476 +#define OID_TPM_MODEL 477 +#define OID_TPM_VERSION 478 +#define OID_TPM_ID_LABEL 479 -#define OID_MAX 479 +#define OID_MAX 480 #endif /* OID_H_ */ diff --git a/src/libstrongswan/asn1/oid.txt b/src/libstrongswan/asn1/oid.txt index b5ec15f3c..eeeb234c7 100644 --- a/src/libstrongswan/asn1/oid.txt +++ b/src/libstrongswan/asn1/oid.txt @@ -34,6 +34,7 @@ 0x2B "I" OID_INITIALS 0x2D "ID" OID_UNIQUE_IDENTIFIER 0x2E "dnQualifier" OID_DN_QUALIFIER + 0x36 "dmdName" OID_DMD_NAME 0x41 "pseudonym" OID_PSEUDONYM 0x48 "role" OID_ROLE 0x1D "id-ce" diff --git a/src/libstrongswan/bio/bio_reader.c b/src/libstrongswan/bio/bio_reader.c index 29b9e7279..6e35999ce 100644 --- a/src/libstrongswan/bio/bio_reader.c +++ b/src/libstrongswan/bio/bio_reader.c @@ -43,7 +43,7 @@ struct private_bio_reader_t { chunk_t cleanup; }; -METHOD(bio_reader_t, remaining, u_int32_t, +METHOD(bio_reader_t, remaining, uint32_t, private_bio_reader_t *this) { return this->buf.len; @@ -76,16 +76,16 @@ static inline chunk_t chunk_skip_end(chunk_t chunk, size_t bytes, bool from_end) /** * Returns a pointer to the data to read, optionally from the end */ -static inline u_char *get_ptr_end(private_bio_reader_t *this, u_int32_t len, +static inline u_char *get_ptr_end(private_bio_reader_t *this, uint32_t len, bool from_end) { return from_end ? this->buf.ptr + (this->buf.len - len) : this->buf.ptr; } /** - * Read an u_int8_t from the buffer, optionally from the end of the buffer + * Read an uint8_t from the buffer, optionally from the end of the buffer */ -static bool read_uint8_internal(private_bio_reader_t *this, u_int8_t *res, +static bool read_uint8_internal(private_bio_reader_t *this, uint8_t *res, bool from_end) { if (this->buf.len < 1) @@ -100,9 +100,9 @@ static bool read_uint8_internal(private_bio_reader_t *this, u_int8_t *res, } /** - * Read an u_int16_t from the buffer, optionally from the end + * Read an uint16_t from the buffer, optionally from the end */ -static bool read_uint16_internal(private_bio_reader_t *this, u_int16_t *res, +static bool read_uint16_internal(private_bio_reader_t *this, uint16_t *res, bool from_end) { if (this->buf.len < 2) @@ -117,9 +117,9 @@ static bool read_uint16_internal(private_bio_reader_t *this, u_int16_t *res, } /** - * Read an u_int32_t (only 24-bit) from the buffer, optionally from the end + * Read an uint32_t (only 24-bit) from the buffer, optionally from the end */ -static bool read_uint24_internal(private_bio_reader_t *this, u_int32_t *res, +static bool read_uint24_internal(private_bio_reader_t *this, uint32_t *res, bool from_end) { if (this->buf.len < 3) @@ -134,9 +134,9 @@ static bool read_uint24_internal(private_bio_reader_t *this, u_int32_t *res, } /** - * Read an u_int32_t from the buffer, optionally from the end + * Read an uint32_t from the buffer, optionally from the end */ -static bool read_uint32_internal(private_bio_reader_t *this, u_int32_t *res, +static bool read_uint32_internal(private_bio_reader_t *this, uint32_t *res, bool from_end) { if (this->buf.len < 4) @@ -151,9 +151,9 @@ static bool read_uint32_internal(private_bio_reader_t *this, u_int32_t *res, } /** - * Read an u_int64_t from the buffer, optionally from the end + * Read an uint64_t from the buffer, optionally from the end */ -static bool read_uint64_internal(private_bio_reader_t *this, u_int64_t *res, +static bool read_uint64_internal(private_bio_reader_t *this, uint64_t *res, bool from_end) { if (this->buf.len < 8) @@ -170,7 +170,7 @@ static bool read_uint64_internal(private_bio_reader_t *this, u_int64_t *res, /** * Read a chunk of data from the buffer, optionally from the end */ -static bool read_data_internal(private_bio_reader_t *this, u_int32_t len, +static bool read_data_internal(private_bio_reader_t *this, uint32_t len, chunk_t *res, bool from_end) { if (this->buf.len < len) @@ -185,73 +185,73 @@ static bool read_data_internal(private_bio_reader_t *this, u_int32_t len, } METHOD(bio_reader_t, read_uint8, bool, - private_bio_reader_t *this, u_int8_t *res) + private_bio_reader_t *this, uint8_t *res) { return read_uint8_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint16, bool, - private_bio_reader_t *this, u_int16_t *res) + private_bio_reader_t *this, uint16_t *res) { return read_uint16_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint24, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint24_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint32, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint32_internal(this, res, FALSE); } METHOD(bio_reader_t, read_uint64, bool, - private_bio_reader_t *this, u_int64_t *res) + private_bio_reader_t *this, uint64_t *res) { return read_uint64_internal(this, res, FALSE); } METHOD(bio_reader_t, read_data, bool, - private_bio_reader_t *this, u_int32_t len, chunk_t *res) + private_bio_reader_t *this, uint32_t len, chunk_t *res) { return read_data_internal(this, len, res, FALSE); } METHOD(bio_reader_t, read_uint8_end, bool, - private_bio_reader_t *this, u_int8_t *res) + private_bio_reader_t *this, uint8_t *res) { return read_uint8_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint16_end, bool, - private_bio_reader_t *this, u_int16_t *res) + private_bio_reader_t *this, uint16_t *res) { return read_uint16_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint24_end, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint24_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint32_end, bool, - private_bio_reader_t *this, u_int32_t *res) + private_bio_reader_t *this, uint32_t *res) { return read_uint32_internal(this, res, TRUE); } METHOD(bio_reader_t, read_uint64_end, bool, - private_bio_reader_t *this, u_int64_t *res) + private_bio_reader_t *this, uint64_t *res) { return read_uint64_internal(this, res, TRUE); } METHOD(bio_reader_t, read_data_end, bool, - private_bio_reader_t *this, u_int32_t len, chunk_t *res) + private_bio_reader_t *this, uint32_t len, chunk_t *res) { return read_data_internal(this, len, res, TRUE); } @@ -259,7 +259,7 @@ METHOD(bio_reader_t, read_data_end, bool, METHOD(bio_reader_t, read_data8, bool, private_bio_reader_t *this, chunk_t *res) { - u_int8_t len; + uint8_t len; if (!read_uint8(this, &len)) { @@ -271,7 +271,7 @@ METHOD(bio_reader_t, read_data8, bool, METHOD(bio_reader_t, read_data16, bool, private_bio_reader_t *this, chunk_t *res) { - u_int16_t len; + uint16_t len; if (!read_uint16(this, &len)) { @@ -283,7 +283,7 @@ METHOD(bio_reader_t, read_data16, bool, METHOD(bio_reader_t, read_data24, bool, private_bio_reader_t *this, chunk_t *res) { - u_int32_t len; + uint32_t len; if (!read_uint24(this, &len)) { @@ -295,7 +295,7 @@ METHOD(bio_reader_t, read_data24, bool, METHOD(bio_reader_t, read_data32, bool, private_bio_reader_t *this, chunk_t *res) { - u_int32_t len; + uint32_t len; if (!read_uint32(this, &len)) { diff --git a/src/libstrongswan/bio/bio_reader.h b/src/libstrongswan/bio/bio_reader.h index 475422428..358993c4f 100644 --- a/src/libstrongswan/bio/bio_reader.h +++ b/src/libstrongswan/bio/bio_reader.h @@ -40,7 +40,7 @@ struct bio_reader_t { * * @return number of remaining bytes in buffer */ - u_int32_t (*remaining)(bio_reader_t *this); + uint32_t (*remaining)(bio_reader_t *this); /** * Peek the remaining data, not consuming any bytes. @@ -55,7 +55,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint8)(bio_reader_t *this, u_int8_t *res); + bool (*read_uint8)(bio_reader_t *this, uint8_t *res); /** * Read a 16-bit integer from the buffer, advance. @@ -63,7 +63,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint16)(bio_reader_t *this, u_int16_t *res); + bool (*read_uint16)(bio_reader_t *this, uint16_t *res); /** * Read a 24-bit integer from the buffer, advance. @@ -71,7 +71,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint24)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint24)(bio_reader_t *this, uint32_t *res); /** * Read a 32-bit integer from the buffer, advance. @@ -79,7 +79,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint32)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint32)(bio_reader_t *this, uint32_t *res); /** * Read a 64-bit integer from the buffer, advance. @@ -87,7 +87,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint64)(bio_reader_t *this, u_int64_t *res); + bool (*read_uint64)(bio_reader_t *this, uint64_t *res); /** * Read a chunk of len bytes, advance. @@ -96,7 +96,7 @@ struct bio_reader_t { * @param res pointer to result, not cloned * @return TRUE if data read successfully */ - bool (*read_data)(bio_reader_t *this, u_int32_t len, chunk_t *res); + bool (*read_data)(bio_reader_t *this, uint32_t len, chunk_t *res); /** * Read a 8-bit integer from the end of the buffer, reduce remaining. @@ -104,7 +104,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint8_end)(bio_reader_t *this, u_int8_t *res); + bool (*read_uint8_end)(bio_reader_t *this, uint8_t *res); /** * Read a 16-bit integer from the end of the buffer, reduce remaining. @@ -112,7 +112,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint16_end)(bio_reader_t *this, u_int16_t *res); + bool (*read_uint16_end)(bio_reader_t *this, uint16_t *res); /** * Read a 24-bit integer from the end of the buffer, reduce remaining. @@ -120,7 +120,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint24_end)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint24_end)(bio_reader_t *this, uint32_t *res); /** * Read a 32-bit integer from the end of the buffer, reduce remaining. @@ -128,7 +128,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint32_end)(bio_reader_t *this, u_int32_t *res); + bool (*read_uint32_end)(bio_reader_t *this, uint32_t *res); /** * Read a 64-bit integer from the end of the buffer, reduce remaining. @@ -136,7 +136,7 @@ struct bio_reader_t { * @param res pointer to result * @return TRUE if integer read successfully */ - bool (*read_uint64_end)(bio_reader_t *this, u_int64_t *res); + bool (*read_uint64_end)(bio_reader_t *this, uint64_t *res); /** * Read a chunk of len bytes from the end of the buffer, reduce remaining. @@ -145,7 +145,7 @@ struct bio_reader_t { * @param res ponter to result, not cloned * @return TRUE if data read successfully */ - bool (*read_data_end)(bio_reader_t *this, u_int32_t len, chunk_t *res); + bool (*read_data_end)(bio_reader_t *this, uint32_t len, chunk_t *res); /** * Read a chunk of bytes with a 8-bit length header, advance. diff --git a/src/libstrongswan/bio/bio_writer.c b/src/libstrongswan/bio/bio_writer.c index 152d9ce22..a21b376cf 100644 --- a/src/libstrongswan/bio/bio_writer.c +++ b/src/libstrongswan/bio/bio_writer.c @@ -65,7 +65,7 @@ static inline void increase(private_bio_writer_t *this, size_t required) } METHOD(bio_writer_t, write_uint8, void, - private_bio_writer_t *this, u_int8_t value) + private_bio_writer_t *this, uint8_t value) { increase(this, 1); this->buf.ptr[this->used] = value; @@ -73,7 +73,7 @@ METHOD(bio_writer_t, write_uint8, void, } METHOD(bio_writer_t, write_uint16, void, - private_bio_writer_t *this, u_int16_t value) + private_bio_writer_t *this, uint16_t value) { increase(this, 2); htoun16(this->buf.ptr + this->used, value); @@ -81,7 +81,7 @@ METHOD(bio_writer_t, write_uint16, void, } METHOD(bio_writer_t, write_uint24, void, - private_bio_writer_t *this, u_int32_t value) + private_bio_writer_t *this, uint32_t value) { increase(this, 3); value = htonl(value); @@ -90,7 +90,7 @@ METHOD(bio_writer_t, write_uint24, void, } METHOD(bio_writer_t, write_uint32, void, - private_bio_writer_t *this, u_int32_t value) + private_bio_writer_t *this, uint32_t value) { increase(this, 4); htoun32(this->buf.ptr + this->used, value); @@ -98,7 +98,7 @@ METHOD(bio_writer_t, write_uint32, void, } METHOD(bio_writer_t, write_uint64, void, - private_bio_writer_t *this, u_int64_t value) + private_bio_writer_t *this, uint64_t value) { increase(this, 8); htoun64(this->buf.ptr + this->used, value); @@ -166,7 +166,7 @@ METHOD(bio_writer_t, wrap16, void, METHOD(bio_writer_t, wrap24, void, private_bio_writer_t *this) { - u_int32_t len; + uint32_t len; increase(this, 3); memmove(this->buf.ptr + 3, this->buf.ptr, this->used); @@ -221,7 +221,7 @@ METHOD(bio_writer_t, destroy, void, /** * See header */ -bio_writer_t *bio_writer_create(u_int32_t bufsize) +bio_writer_t *bio_writer_create(uint32_t bufsize) { private_bio_writer_t *this; diff --git a/src/libstrongswan/bio/bio_writer.h b/src/libstrongswan/bio/bio_writer.h index 2ac4f3556..b6e3db730 100644 --- a/src/libstrongswan/bio/bio_writer.h +++ b/src/libstrongswan/bio/bio_writer.h @@ -40,35 +40,35 @@ struct bio_writer_t { * * @param value value to append */ - void (*write_uint8)(bio_writer_t *this, u_int8_t value); + void (*write_uint8)(bio_writer_t *this, uint8_t value); /** * Append a 16-bit integer to the buffer. * * @param value value to append */ - void (*write_uint16)(bio_writer_t *this, u_int16_t value); + void (*write_uint16)(bio_writer_t *this, uint16_t value); /** * Append a 24-bit integer to the buffer. * * @param value value to append */ - void (*write_uint24)(bio_writer_t *this, u_int32_t value); + void (*write_uint24)(bio_writer_t *this, uint32_t value); /** * Append a 32-bit integer to the buffer. * * @param value value to append */ - void (*write_uint32)(bio_writer_t *this, u_int32_t value); + void (*write_uint32)(bio_writer_t *this, uint32_t value); /** * Append a 64-bit integer to the buffer. * * @param value value to append */ - void (*write_uint64)(bio_writer_t *this, u_int64_t value); + void (*write_uint64)(bio_writer_t *this, uint64_t value); /** * Append a chunk of data without a length header. @@ -166,6 +166,6 @@ struct bio_writer_t { * * @param bufsize initially allocated buffer size */ -bio_writer_t *bio_writer_create(u_int32_t bufsize); +bio_writer_t *bio_writer_create(uint32_t bufsize); #endif /** BIO_WRITER_H_ @}*/ diff --git a/src/libstrongswan/collections/array.c b/src/libstrongswan/collections/array.c index a45a68aaf..69e7df99e 100644 --- a/src/libstrongswan/collections/array.c +++ b/src/libstrongswan/collections/array.c @@ -42,13 +42,13 @@ */ struct array_t { /** number of elements currently in array (not counting head/tail) */ - u_int32_t count; + uint32_t count; /** size of each element, 0 for a pointer based array */ - u_int16_t esize; + uint16_t esize; /** allocated but unused elements at array front */ - u_int8_t head; + uint8_t head; /** allocated but unused elements at array end */ - u_int8_t tail; + uint8_t tail; /** array elements */ void *data; }; @@ -64,7 +64,7 @@ struct array_t { /** * Get the actual size of a number of elements */ -static size_t get_size(array_t *array, u_int32_t num) +static size_t get_size(array_t *array, uint32_t num) { if (array->esize) { @@ -76,7 +76,7 @@ static size_t get_size(array_t *array, u_int32_t num) /** * Increase allocated but unused tail room to at least "room" */ -static void make_tail_room(array_t *array, u_int8_t room) +static void make_tail_room(array_t *array, uint8_t room) { if (array->tail < room) { @@ -89,11 +89,11 @@ static void make_tail_room(array_t *array, u_int8_t room) /** * Increase allocated but unused head room to at least "room" */ -static void make_head_room(array_t *array, u_int8_t room) +static void make_head_room(array_t *array, uint8_t room) { if (array->head < room) { - u_int8_t increase = room - array->head; + uint8_t increase = room - array->head; array->data = realloc(array->data, get_size(array, array->count + array->tail + room)); @@ -158,7 +158,7 @@ static void remove_head(array_t *array, int idx) array->head++; } -array_t *array_create(u_int esize, u_int8_t reserve) +array_t *array_create(u_int esize, uint8_t reserve) { array_t *array; @@ -186,7 +186,7 @@ void array_compress(array_t *array) { if (array) { - u_int32_t tail; + uint32_t tail; tail = array->tail; if (array->head) diff --git a/src/libstrongswan/collections/array.h b/src/libstrongswan/collections/array.h index c3be1a15d..d8a16b5df 100644 --- a/src/libstrongswan/collections/array.h +++ b/src/libstrongswan/collections/array.h @@ -68,7 +68,7 @@ typedef void (*array_callback_t)(void *data, int idx, void *user); * @param reserve number of items to allocate space for * @return array instance */ -array_t *array_create(u_int esize, u_int8_t reserve); +array_t *array_create(u_int esize, uint8_t reserve); /** * Get the number of elements currently in the array. diff --git a/src/libstrongswan/credentials/auth_cfg.h b/src/libstrongswan/credentials/auth_cfg.h index 6940069de..7191dc1bc 100644 --- a/src/libstrongswan/credentials/auth_cfg.h +++ b/src/libstrongswan/credentials/auth_cfg.h @@ -78,7 +78,7 @@ enum auth_rule_t { AUTH_RULE_EAP_IDENTITY, /** EAP type to propose for peer authentication, eap_type_t */ AUTH_RULE_EAP_TYPE, - /** EAP vendor for vendor specific type, u_int32_t */ + /** EAP vendor for vendor specific type, uint32_t */ AUTH_RULE_EAP_VENDOR, /** XAUTH backend name to use, char* */ AUTH_RULE_XAUTH_BACKEND, diff --git a/src/libstrongswan/credentials/containers/pkcs12.c b/src/libstrongswan/credentials/containers/pkcs12.c index 7b812d27d..9e7815d04 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.c +++ b/src/libstrongswan/credentials/containers/pkcs12.c @@ -42,8 +42,8 @@ static inline void copy_chunk(chunk_t dst, chunk_t src) */ static void add_chunks(chunk_t a, chunk_t b) { - u_int16_t sum; - u_int8_t rem = 0; + uint16_t sum; + uint8_t rem = 0; ssize_t i, j; for (i = a.len - 1, j = b.len -1; i >= 0 && j >= 0; i--, j--) @@ -64,12 +64,12 @@ static void add_chunks(chunk_t a, chunk_t b) * Do the actual key derivation with the given hasher, password and id. */ static bool derive_key(hash_algorithm_t hash, chunk_t unicode, chunk_t salt, - u_int64_t iterations, char id, chunk_t result) + uint64_t iterations, char id, chunk_t result) { chunk_t out = result, D, S, P = chunk_empty, I, Ai, B, Ij; hasher_t *hasher; size_t Slen, v, u; - u_int64_t i; + uint64_t i; bool success = FALSE; hasher = lib->crypto->create_hasher(lib->crypto, hash); @@ -149,7 +149,7 @@ end: * Described in header */ bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt, - u_int64_t iterations, pkcs12_key_type_t type, chunk_t key) + uint64_t iterations, pkcs12_key_type_t type, chunk_t key) { chunk_t unicode = chunk_empty; bool success; diff --git a/src/libstrongswan/credentials/containers/pkcs12.h b/src/libstrongswan/credentials/containers/pkcs12.h index f22ef045a..fc4fb39ce 100644 --- a/src/libstrongswan/credentials/containers/pkcs12.h +++ b/src/libstrongswan/credentials/containers/pkcs12.h @@ -73,6 +73,6 @@ struct pkcs12_t { * @return TRUE on success */ bool pkcs12_derive_key(hash_algorithm_t hash, chunk_t password, chunk_t salt, - u_int64_t iterations, pkcs12_key_type_t type, chunk_t key); + uint64_t iterations, pkcs12_key_type_t type, chunk_t key); #endif /** PKCS12_H_ @}*/ diff --git a/src/libstrongswan/credentials/sets/mem_cred.c b/src/libstrongswan/credentials/sets/mem_cred.c index 4884c4bfa..988e709ad 100644 --- a/src/libstrongswan/credentials/sets/mem_cred.c +++ b/src/libstrongswan/credentials/sets/mem_cred.c @@ -250,6 +250,7 @@ METHOD(mem_cred_t, add_crl, bool, if (new) { this->untrusted->remove_at(this->untrusted, enumerator); + current->destroy(current); } else { diff --git a/src/libstrongswan/crypto/crypto_factory.c b/src/libstrongswan/crypto/crypto_factory.c index b0b86372c..35dcf25ac 100644 --- a/src/libstrongswan/crypto/crypto_factory.c +++ b/src/libstrongswan/crypto/crypto_factory.c @@ -347,6 +347,10 @@ METHOD(crypto_factory_t, create_nonce_gen, nonce_gen_t*, while (enumerator->enumerate(enumerator, &entry)) { nonce_gen = entry->create_nonce_gen(); + if (nonce_gen) + { + break; + } } enumerator->destroy(enumerator); this->lock->unlock(this->lock); diff --git a/src/libstrongswan/crypto/hashers/hasher.h b/src/libstrongswan/crypto/hashers/hasher.h index 272502cf0..2d28b207d 100644 --- a/src/libstrongswan/crypto/hashers/hasher.h +++ b/src/libstrongswan/crypto/hashers/hasher.h @@ -90,7 +90,7 @@ struct hasher_t { * @return TRUE if hash created successfully */ bool (*get_hash)(hasher_t *this, chunk_t data, - u_int8_t *hash) __attribute__((warn_unused_result)); + uint8_t *hash) __attribute__((warn_unused_result)); /** * Hash data and allocate space for the hash. diff --git a/src/libstrongswan/crypto/iv/iv_gen.h b/src/libstrongswan/crypto/iv/iv_gen.h index 81b0701ce..292fc329f 100644 --- a/src/libstrongswan/crypto/iv/iv_gen.h +++ b/src/libstrongswan/crypto/iv/iv_gen.h @@ -38,8 +38,8 @@ struct iv_gen_t { * @param buffer pointer where the generated IV will be written * @return TRUE if IV allocation was successful, FALSE otherwise */ - bool (*get_iv)(iv_gen_t *this, u_int64_t seq, size_t size, - u_int8_t *buffer) __attribute__((warn_unused_result)); + bool (*get_iv)(iv_gen_t *this, uint64_t seq, size_t size, + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates an IV and allocates space for it. @@ -49,7 +49,7 @@ struct iv_gen_t { * @param chunk chunk which will hold the generated IV * @return TRUE if IV allocation was successful, FALSE otherwise */ - bool (*allocate_iv)(iv_gen_t *this, u_int64_t seq, size_t size, + bool (*allocate_iv)(iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) __attribute__((warn_unused_result)); /** diff --git a/src/libstrongswan/crypto/iv/iv_gen_null.c b/src/libstrongswan/crypto/iv/iv_gen_null.c index b13de0674..3b8f93986 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_null.c +++ b/src/libstrongswan/crypto/iv/iv_gen_null.c @@ -29,13 +29,13 @@ struct private_iv_gen_t { }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { return size == 0; } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { *chunk = chunk_empty; return size == 0; diff --git a/src/libstrongswan/crypto/iv/iv_gen_rand.c b/src/libstrongswan/crypto/iv/iv_gen_rand.c index 2bed63fcc..1474b3a12 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_rand.c +++ b/src/libstrongswan/crypto/iv/iv_gen_rand.c @@ -36,7 +36,7 @@ struct private_iv_gen_t { }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { if (!this->rng) { @@ -46,7 +46,7 @@ METHOD(iv_gen_t, get_iv, bool, } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { if (!this->rng) { diff --git a/src/libstrongswan/crypto/iv/iv_gen_seq.c b/src/libstrongswan/crypto/iv/iv_gen_seq.c index 9f99c5192..56620291c 100644 --- a/src/libstrongswan/crypto/iv/iv_gen_seq.c +++ b/src/libstrongswan/crypto/iv/iv_gen_seq.c @@ -18,7 +18,7 @@ /** * Magic value for the initial IV state */ -#define SEQ_IV_INIT_STATE (~(u_int64_t)0) +#define SEQ_IV_INIT_STATE (~(uint64_t)0) #define SEQ_IV_HIGH_MASK (1ULL << 63) typedef struct private_iv_gen_t private_iv_gen_t; @@ -36,30 +36,30 @@ struct private_iv_gen_t { /** * Previously passed sequence number in lower space to enforce uniqueness */ - u_int64_t prevl; + uint64_t prevl; /** * Previously passed sequence number in upper space to enforce uniqueness */ - u_int64_t prevh; + uint64_t prevh; /** * Salt to mask counter */ - u_int8_t *salt; + uint8_t *salt; }; METHOD(iv_gen_t, get_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, u_int8_t *buffer) + private_iv_gen_t *this, uint64_t seq, size_t size, uint8_t *buffer) { - u_int8_t iv[sizeof(u_int64_t)]; + uint8_t iv[sizeof(uint64_t)]; size_t len = size; if (!this->salt) { return FALSE; } - if (size < sizeof(u_int64_t)) + if (size < sizeof(uint64_t)) { return FALSE; } @@ -83,19 +83,19 @@ METHOD(iv_gen_t, get_iv, bool, { this->prevl = seq; } - if (len > sizeof(u_int64_t)) + if (len > sizeof(uint64_t)) { - len = sizeof(u_int64_t); + len = sizeof(uint64_t); memset(buffer, 0, size - len); } htoun64(iv, seq); - memxor(iv, this->salt, sizeof(u_int64_t)); - memcpy(buffer + size - len, iv + sizeof(u_int64_t) - len, len); + memxor(iv, this->salt, sizeof(uint64_t)); + memcpy(buffer + size - len, iv + sizeof(uint64_t) - len, len); return TRUE; } METHOD(iv_gen_t, allocate_iv, bool, - private_iv_gen_t *this, u_int64_t seq, size_t size, chunk_t *chunk) + private_iv_gen_t *this, uint64_t seq, size_t size, chunk_t *chunk) { *chunk = chunk_alloc(size); if (!get_iv(this, seq, chunk->len, chunk->ptr)) @@ -131,8 +131,8 @@ iv_gen_t *iv_gen_seq_create() rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); if (rng) { - this->salt = malloc(sizeof(u_int64_t)); - if (!rng->get_bytes(rng, sizeof(u_int64_t), this->salt)) + this->salt = malloc(sizeof(uint64_t)); + if (!rng->get_bytes(rng, sizeof(uint64_t), this->salt)) { free(this->salt); this->salt = NULL; diff --git a/src/libstrongswan/crypto/mac.h b/src/libstrongswan/crypto/mac.h index f7b43ba39..f23c6750f 100644 --- a/src/libstrongswan/crypto/mac.h +++ b/src/libstrongswan/crypto/mac.h @@ -47,7 +47,7 @@ struct mac_t { * @return TRUE if mac generated successfully */ bool (*get_mac)(mac_t *this, chunk_t data, - u_int8_t *out) __attribute__((warn_unused_result)); + uint8_t *out) __attribute__((warn_unused_result)); /** * Get the size of the resulting MAC. diff --git a/src/libstrongswan/crypto/mgf1/mgf1.c b/src/libstrongswan/crypto/mgf1/mgf1.c index 4bbcd6e99..5116dfefa 100644 --- a/src/libstrongswan/crypto/mgf1/mgf1.c +++ b/src/libstrongswan/crypto/mgf1/mgf1.c @@ -39,7 +39,7 @@ struct private_mgf1_t { /** * Counter */ - u_int32_t counter; + uint32_t counter; /** * Set if counter has reached 2^32 diff --git a/src/libstrongswan/crypto/nonce_gen.h b/src/libstrongswan/crypto/nonce_gen.h index 7dae4f776..98d159e12 100644 --- a/src/libstrongswan/crypto/nonce_gen.h +++ b/src/libstrongswan/crypto/nonce_gen.h @@ -38,7 +38,7 @@ struct nonce_gen_t { * @return TRUE if nonce allocation was successful, FALSE otherwise */ bool (*get_nonce)(nonce_gen_t *this, size_t size, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates a nonce and allocates space for it. diff --git a/src/libstrongswan/crypto/pkcs5.c b/src/libstrongswan/crypto/pkcs5.c index 478926f2f..8a1452425 100644 --- a/src/libstrongswan/crypto/pkcs5.c +++ b/src/libstrongswan/crypto/pkcs5.c @@ -41,7 +41,7 @@ struct private_pkcs5_t { /** * Iterations for key derivation */ - u_int64_t iterations; + uint64_t iterations; /** * Encryption algorithm @@ -110,7 +110,7 @@ struct private_pkcs5_t { */ static bool verify_padding(crypter_t *crypter, chunk_t *blob) { - u_int8_t padding, count; + uint8_t padding, count; padding = count = blob->ptr[blob->len - 1]; @@ -181,10 +181,10 @@ static bool pkcs12_kdf(private_pkcs5_t *this, chunk_t password, chunk_t keymat) * Function F of PBKDF2 */ static bool pbkdf2_f(chunk_t block, prf_t *prf, chunk_t seed, - u_int64_t iterations) + uint64_t iterations) { chunk_t u; - u_int64_t i; + uint64_t i; u = chunk_alloca(prf->get_block_size(prf)); if (!prf->get_bytes(prf, seed, u.ptr)) @@ -212,7 +212,7 @@ static bool pbkdf2(private_pkcs5_t *this, chunk_t password, chunk_t key) prf_t *prf; chunk_t keymat, block, seed; size_t blocks; - u_int32_t i = 0; + uint32_t i = 0; prf = this->data.pbes2.prf; @@ -247,7 +247,7 @@ static bool pbkdf1(private_pkcs5_t *this, chunk_t password, chunk_t key) { hasher_t *hasher; chunk_t hash; - u_int64_t i; + uint64_t i; hasher = this->data.pbes1.hasher; diff --git a/src/libstrongswan/crypto/prf_plus.c b/src/libstrongswan/crypto/prf_plus.c index 94be1d5bf..6b7f8f851 100644 --- a/src/libstrongswan/crypto/prf_plus.c +++ b/src/libstrongswan/crypto/prf_plus.c @@ -44,7 +44,7 @@ struct private_prf_plus_t { /** * Octet which will be appended to the seed, 0 if not used */ - u_int8_t counter; + uint8_t counter; /** * Already given out bytes in current buffer. @@ -58,7 +58,7 @@ struct private_prf_plus_t { }; METHOD(prf_plus_t, get_bytes, bool, - private_prf_plus_t *this, size_t length, u_int8_t *buffer) + private_prf_plus_t *this, size_t length, uint8_t *buffer) { size_t round, written = 0; diff --git a/src/libstrongswan/crypto/prf_plus.h b/src/libstrongswan/crypto/prf_plus.h index f994dce16..2c4b8852d 100644 --- a/src/libstrongswan/crypto/prf_plus.h +++ b/src/libstrongswan/crypto/prf_plus.h @@ -39,7 +39,7 @@ struct prf_plus_t { * @return TRUE if bytes generated successfully */ bool (*get_bytes)(prf_plus_t *this, size_t length, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Allocate pseudo random bytes. diff --git a/src/libstrongswan/crypto/prfs/mac_prf.c b/src/libstrongswan/crypto/prfs/mac_prf.c index b5f6be982..3f8eb7e5c 100644 --- a/src/libstrongswan/crypto/prfs/mac_prf.c +++ b/src/libstrongswan/crypto/prfs/mac_prf.c @@ -36,7 +36,7 @@ struct private_prf_t { }; METHOD(prf_t, get_bytes, bool, - private_prf_t *this, chunk_t seed, u_int8_t *buffer) + private_prf_t *this, chunk_t seed, uint8_t *buffer) { return this->mac->get_mac(this->mac, seed, buffer); } diff --git a/src/libstrongswan/crypto/prfs/prf.h b/src/libstrongswan/crypto/prfs/prf.h index 46e23b244..bf443e5f4 100644 --- a/src/libstrongswan/crypto/prfs/prf.h +++ b/src/libstrongswan/crypto/prfs/prf.h @@ -80,7 +80,7 @@ struct prf_t { * @return TRUE if bytes generated successfully */ bool (*get_bytes)(prf_t *this, chunk_t seed, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates pseudo random bytes and allocate space for them. diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.c b/src/libstrongswan/crypto/proposal/proposal_keywords.c index bbb97d088..282d40e7b 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.c @@ -134,7 +134,7 @@ METHOD(proposal_keywords_t, get_token, const proposal_token_t*, METHOD(proposal_keywords_t, register_token, void, private_proposal_keywords_t *this, const char *name, transform_type_t type, - u_int16_t algorithm, u_int16_t keysize) + uint16_t algorithm, uint16_t keysize) { proposal_token_t *token; diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords.h b/src/libstrongswan/crypto/proposal/proposal_keywords.h index 5cdbafc51..856abdce6 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords.h +++ b/src/libstrongswan/crypto/proposal/proposal_keywords.h @@ -69,12 +69,12 @@ struct proposal_token_t { /** * The IKE id of the algorithm. */ - u_int16_t algorithm; + uint16_t algorithm; /** * The key size associated with the specific algorithm. */ - u_int16_t keysize; + uint16_t keysize; }; /** @@ -100,8 +100,8 @@ struct proposal_keywords_t { * @param keysize the key size associated with the specific algorithm */ void (*register_token)(proposal_keywords_t *this, const char *name, - transform_type_t type, u_int16_t algorithm, - u_int16_t keysize); + transform_type_t type, uint16_t algorithm, + uint16_t keysize); /** * Register an algorithm name parser. diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c index 51b9d782d..ba4c895d7 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.c +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.c @@ -55,16 +55,16 @@ error "gperf generated tables don't work with this execution character set. Plea struct proposal_token { char *name; transform_type_t type; - u_int16_t algorithm; - u_int16_t keysize; + uint16_t algorithm; + uint16_t keysize; }; -#define TOTAL_KEYWORDS 139 +#define TOTAL_KEYWORDS 140 #define MIN_WORD_LENGTH 3 #define MAX_WORD_LENGTH 17 -#define MIN_HASH_VALUE 18 -#define MAX_HASH_VALUE 276 -/* maximum key range = 259, duplicates = 0 */ +#define MIN_HASH_VALUE 11 +#define MAX_HASH_VALUE 266 +/* maximum key range = 256, duplicates = 0 */ #ifdef __GNUC__ __inline @@ -80,32 +80,32 @@ hash (str, len) { static const unsigned short asso_values[] = { - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 66, 6, - 18, 39, 81, 30, 9, 27, 3, 0, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 105, 277, 33, 0, 6, - 57, 60, 15, 96, 3, 0, 277, 277, 0, 0, - 0, 18, 126, 30, 111, 24, 36, 159, 277, 277, - 9, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277, 277, 277, 277, - 277, 277, 277, 277, 277, 277, 277 + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 71, 4, + 20, 6, 48, 32, 10, 30, 5, 3, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 97, 267, 4, 8, 18, + 56, 107, 107, 78, 10, 4, 267, 267, 3, 5, + 7, 4, 30, 92, 104, 3, 32, 145, 267, 267, + 3, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267, 267, 267, 267, + 267, 267, 267, 267, 267, 267, 267 }; register int hval = len; @@ -144,177 +144,177 @@ hash (str, len) static const struct proposal_token wordlist[] = { - {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, {"null", ENCRYPTION_ALGORITHM, ENCR_NULL, 0}, - {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, - {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, {"aes", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, - {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"noesn", EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0}, + {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, + {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, {"md5", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0}, + {"aes128", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128}, + {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, {"modp8192", DIFFIE_HELLMAN_GROUP, MODP_8192_BIT, 0}, {"md5_128", INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_128, 0}, - {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, + {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, {"aes192", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192}, - {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, - {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, + {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, + {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, + {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, + {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, + {"aes192ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"aes192ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, - {"sha1", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, + {"aes128ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"aes128ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"modp768", DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0}, + {"aes192ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, {"aes192ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 192}, - {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, - {"aescmac", INTEGRITY_ALGORITHM, AUTH_AES_CMAC_96, 0}, + {"aes128ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, {"aes128ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 128}, - {"aes256", ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256}, - {"ntru128", DIFFIE_HELLMAN_GROUP, NTRU_128_BIT, 0}, - {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, - {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aesxcbc", INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0}, + {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, + {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, {"aes192ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 192}, - {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes128ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 128}, - {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, + {"aes256ccm8", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, {"aes256ccm128", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"ntru192", DIFFIE_HELLMAN_GROUP, NTRU_192_BIT, 0}, - {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, + {"aes256ccm96", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"aes256ccm16", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV16, 256}, - {"sha", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0}, - {"ntru112", DIFFIE_HELLMAN_GROUP, NTRU_112_BIT, 0}, - {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, - {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"camellia192ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, - {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, - {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia192ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, - {"sha512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, - {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, - {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, - {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, + {"camellia192ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, {"camellia192ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 192}, + {"camellia192", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 192}, {"camellia128", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"sha256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"ntru256", DIFFIE_HELLMAN_GROUP, NTRU_256_BIT, 0}, - {"modp1536", DIFFIE_HELLMAN_GROUP, MODP_1536_BIT, 0}, - {"cast128", ENCRYPTION_ALGORITHM, ENCR_CAST, 128}, - {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, - {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, + {"aes256ccm12", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV12, 256}, {"camellia192ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 192}, - {"camellia", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 128}, - {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, + {"camellia128ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, {"camellia128ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, - {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, + {"des", ENCRYPTION_ALGORITHM, ENCR_DES, 0}, + {"camelliaxcbc", INTEGRITY_ALGORITHM, AUTH_CAMELLIA_XCBC_96, 0}, + {"camellia128ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, {"camellia128ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 128}, + {"esn", EXTENDED_SEQUENCE_NUMBERS, EXT_SEQ_NUMBERS, 0}, + {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, {"camellia256", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CBC, 256}, + {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, + {"prfsha1", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA1, 0}, {"camellia256ccm8", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, - {"3des", ENCRYPTION_ALGORITHM, ENCR_3DES, 0}, - {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm128",ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, + {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, {"camellia128ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 128}, + {"camellia256ccm96", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, {"camellia256ccm16", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV16, 256}, - {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, - {"aes192ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 192}, - {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, - {"aes128ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 128}, {"aes192gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, {"aes192gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, - {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, - {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, + {"aes128gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, {"aes128gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, + {"aes192gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, {"aes192gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 192}, - {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0}, + {"aes128gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, {"aes128gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 128}, - {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, - {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, {"aes256ccm64", ENCRYPTION_ALGORITHM, ENCR_AES_CCM_ICV8, 256}, - {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, - {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"camellia256ccm12", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV12, 256}, + {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"modpnone", DIFFIE_HELLMAN_GROUP, MODP_NONE, 0}, + {"ecp521", DIFFIE_HELLMAN_GROUP, ECP_521_BIT, 0}, + {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, + {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, {"aes192gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 192}, - {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, - {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"prfsha256", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_256, 0}, {"aes128gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 128}, - {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, - {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, + {"aes256gcm8", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, {"aes256gcm128", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, - {"modp3072", DIFFIE_HELLMAN_GROUP, MODP_3072_BIT, 0}, - {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"blowfish", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, + {"aes256gcm96", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, {"aes256gcm16", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV16, 256}, - {"camellia192ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 192}, - {"modp4096", DIFFIE_HELLMAN_GROUP, MODP_4096_BIT, 0}, - {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, - {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, - {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, - {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, - {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, - {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, - {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, - {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"aes192gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 192}, + {"ecp192", DIFFIE_HELLMAN_GROUP, ECP_192_BIT, 0}, + {"aes128gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 128}, {"modp1024", DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0}, + {"modp2048", DIFFIE_HELLMAN_GROUP, MODP_2048_BIT, 0}, {"camellia128ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 128}, - {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, - {"modp6144", DIFFIE_HELLMAN_GROUP, MODP_6144_BIT, 0}, - {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, - {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, - {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"aes192ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 192}, + {"aes256gcm12", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV12, 256}, + {"aes128ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 128}, + {"ecp256", DIFFIE_HELLMAN_GROUP, ECP_256_BIT, 0}, + {"blowfish192", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 192}, + {"prfsha512", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_512, 0}, + {"blowfish128", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 128}, {"prfsha384", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_SHA2_384, 0}, + {"camellia256ccm64", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CCM_ICV8, 256}, + {"modpnull", DIFFIE_HELLMAN_GROUP, MODP_NULL, 0}, + {"aes256gmac", ENCRYPTION_ALGORITHM, ENCR_NULL_AUTH_AES_GMAC, 256}, + {"ecp512bp", DIFFIE_HELLMAN_GROUP, ECP_512_BP, 0}, + {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, {"twofish", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, - {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, + {"aes256ctr", ENCRYPTION_ALGORITHM, ENCR_AES_CTR, 256}, {"twofish128", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 128}, - {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"blowfish256", ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256}, + {"camellia192ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 192}, {"modp2048s256", DIFFIE_HELLMAN_GROUP, MODP_2048_256, 0}, + {"modp1024s160", DIFFIE_HELLMAN_GROUP, MODP_1024_160, 0}, + {"sha256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, + {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, + {"sha2_512", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0}, + {"ecp256bp", DIFFIE_HELLMAN_GROUP, ECP_256_BP, 0}, + {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"serpent128", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, {"sha2_256", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0}, - {"sha384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, + {"camellia128ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 128}, {"sha2_256_96", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_96, 0}, - {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, - {"twofish256", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 256}, - {"aes192gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 192}, - {"aes128gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 128}, - {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, - {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"ecp384bp", DIFFIE_HELLMAN_GROUP, ECP_384_BP, 0}, - {"aes256gcm64", ENCRYPTION_ALGORITHM, ENCR_AES_GCM_ICV8, 256}, + {"serpent256", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 256}, + {"twofish192", ENCRYPTION_ALGORITHM, ENCR_TWOFISH_CBC, 192}, {"chacha20poly1305", ENCRYPTION_ALGORITHM, ENCR_CHACHA20_POLY1305, 256}, + {"ecp384", DIFFIE_HELLMAN_GROUP, ECP_384_BIT, 0}, + {"camellia256ctr", ENCRYPTION_ALGORITHM, ENCR_CAMELLIA_CTR, 256}, + {"serpent", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 128}, + {"prfmd5", PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0}, {"ecp224bp", DIFFIE_HELLMAN_GROUP, ECP_224_BP, 0}, - {"sha2_384", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0}, - {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0} + {"sha1_160", INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_160, 0}, + {"modp2048s224", DIFFIE_HELLMAN_GROUP, MODP_2048_224, 0}, + {"serpent192", ENCRYPTION_ALGORITHM, ENCR_SERPENT_CBC, 192}, + {"ecp224", DIFFIE_HELLMAN_GROUP, ECP_224_BIT, 0}, + {"prfaesxcbc", PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0}, + {"prfcamelliaxcbc", PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0}, + {"prfaescmac", PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0} }; static const short lookup[] = { -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, -1, -1, -1, -1, -1, -1, 0, -1, - -1, -1, 1, 2, -1, 3, -1, 4, -1, -1, - 5, -1, -1, 6, -1, 7, -1, 8, -1, -1, - 9, -1, 10, 11, 12, 13, 14, 15, 16, 17, - 18, 19, 20, 21, 22, 23, 24, 25, -1, 26, - -1, 27, 28, -1, -1, 29, 30, 31, -1, 32, - -1, 33, 34, 35, 36, -1, -1, 37, 38, -1, - 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, - 49, 50, 51, -1, 52, 53, 54, 55, 56, -1, - 57, 58, 59, -1, -1, -1, 60, 61, 62, 63, - -1, -1, 64, 65, -1, 66, -1, -1, 67, -1, - -1, -1, -1, 68, -1, 69, -1, 70, 71, -1, - 72, -1, -1, 73, 74, 75, 76, 77, 78, 79, - 80, -1, 81, 82, 83, 84, 85, 86, 87, 88, - 89, 90, 91, 92, -1, 93, 94, 95, 96, -1, - 97, 98, -1, 99, 100, 101, -1, 102, -1, -1, - 103, -1, -1, 104, 105, 106, 107, -1, 108, 109, - -1, 110, 111, -1, -1, 112, 113, -1, 114, -1, - -1, -1, -1, 115, -1, 116, 117, -1, 118, -1, - 119, 120, 121, 122, 123, -1, 124, 125, -1, 126, - -1, -1, 127, -1, 128, 129, -1, -1, 130, -1, - -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - 131, -1, 132, 133, -1, -1, 134, -1, -1, -1, - -1, 135, -1, -1, -1, -1, -1, -1, 136, -1, + -1, 0, -1, -1, 1, -1, -1, -1, -1, -1, + -1, -1, -1, 2, -1, -1, -1, -1, -1, -1, + -1, -1, -1, -1, -1, -1, -1, -1, -1, 3, + 4, -1, 5, -1, 6, 7, -1, 8, 9, -1, + -1, -1, -1, -1, -1, 10, -1, 11, 12, 13, + 14, -1, -1, -1, 15, -1, 16, 17, -1, 18, + 19, 20, 21, 22, 23, 24, 25, 26, 27, -1, + -1, -1, 28, 29, 30, -1, 31, -1, 32, 33, + 34, -1, 35, 36, 37, 38, -1, 39, 40, 41, + 42, -1, 43, 44, -1, -1, -1, -1, -1, 45, + -1, 46, 47, 48, 49, 50, 51, 52, 53, 54, + 55, 56, -1, 57, 58, 59, 60, 61, 62, 63, + 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, + 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, + 84, -1, 85, 86, -1, 87, 88, 89, 90, 91, + 92, -1, 93, 94, 95, 96, 97, 98, 99, 100, + -1, -1, 101, 102, 103, -1, -1, 104, 105, 106, + 107, 108, 109, -1, -1, 110, -1, 111, 112, 113, + 114, -1, 115, 116, -1, 117, 118, 119, 120, 121, + -1, -1, -1, -1, 122, 123, 124, -1, 125, -1, + -1, -1, 126, 127, 128, -1, 129, 130, 131, -1, + -1, 132, 133, -1, -1, -1, 134, -1, 135, 136, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1, - -1, -1, 137, -1, -1, -1, 138 + -1, 137, -1, -1, -1, -1, -1, -1, -1, -1, + -1, -1, -1, 138, -1, -1, 139 }; #ifdef __GNUC__ diff --git a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt index da92409ca..87602430d 100644 --- a/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt +++ b/src/libstrongswan/crypto/proposal/proposal_keywords_static.txt @@ -25,8 +25,8 @@ struct proposal_token { char *name; transform_type_t type; - u_int16_t algorithm; - u_int16_t keysize; + uint16_t algorithm; + uint16_t keysize; }; %% null, ENCRYPTION_ALGORITHM, ENCR_NULL, 0 @@ -141,6 +141,7 @@ prfmd5, PSEUDO_RANDOM_FUNCTION, PRF_HMAC_MD5, 0 prfaesxcbc, PSEUDO_RANDOM_FUNCTION, PRF_AES128_XCBC, 0 prfcamelliaxcbc, PSEUDO_RANDOM_FUNCTION, PRF_CAMELLIA128_XCBC, 0 prfaescmac, PSEUDO_RANDOM_FUNCTION, PRF_AES128_CMAC, 0 +modpnone, DIFFIE_HELLMAN_GROUP, MODP_NONE, 0 modpnull, DIFFIE_HELLMAN_GROUP, MODP_NULL, 0 modp768, DIFFIE_HELLMAN_GROUP, MODP_768_BIT, 0 modp1024, DIFFIE_HELLMAN_GROUP, MODP_1024_BIT, 0 diff --git a/src/libstrongswan/crypto/rngs/rng.c b/src/libstrongswan/crypto/rngs/rng.c index f8fd50d3f..1f39dedb8 100644 --- a/src/libstrongswan/crypto/rngs/rng.c +++ b/src/libstrongswan/crypto/rngs/rng.c @@ -25,9 +25,9 @@ ENUM(rng_quality_names, RNG_WEAK, RNG_TRUE, /* * Described in header. */ -bool rng_get_bytes_not_zero(rng_t *rng, size_t len, u_int8_t *buffer, bool all) +bool rng_get_bytes_not_zero(rng_t *rng, size_t len, uint8_t *buffer, bool all) { - u_int8_t *pos = buffer, *check = buffer + (all ? len : min(1, len)); + uint8_t *pos = buffer, *check = buffer + (all ? len : min(1, len)); if (!rng->get_bytes(rng, len, pos)) { diff --git a/src/libstrongswan/crypto/rngs/rng.h b/src/libstrongswan/crypto/rngs/rng.h index aee829d71..0ca2cb114 100644 --- a/src/libstrongswan/crypto/rngs/rng.h +++ b/src/libstrongswan/crypto/rngs/rng.h @@ -57,7 +57,7 @@ struct rng_t { * @return TRUE if bytes successfully written */ bool (*get_bytes)(rng_t *this, size_t len, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generates random bytes and allocate space for them. @@ -85,7 +85,7 @@ struct rng_t { * @param all TRUE if all bytes have to be non-zero, FALSE for first * @return TRUE if bytes successfully written */ -bool rng_get_bytes_not_zero(rng_t *rng, size_t len, u_int8_t *buffer, +bool rng_get_bytes_not_zero(rng_t *rng, size_t len, uint8_t *buffer, bool all) __attribute__((warn_unused_result)); /** diff --git a/src/libstrongswan/crypto/signers/mac_signer.c b/src/libstrongswan/crypto/signers/mac_signer.c index 1094c4473..4426782b4 100644 --- a/src/libstrongswan/crypto/signers/mac_signer.c +++ b/src/libstrongswan/crypto/signers/mac_signer.c @@ -41,11 +41,11 @@ struct private_signer_t { }; METHOD(signer_t, get_signature, bool, - private_signer_t *this, chunk_t data, u_int8_t *buffer) + private_signer_t *this, chunk_t data, uint8_t *buffer) { if (buffer) { - u_int8_t mac[this->mac->get_mac_size(this->mac)]; + uint8_t mac[this->mac->get_mac_size(this->mac)]; if (!this->mac->get_mac(this->mac, data, mac)) { @@ -62,7 +62,7 @@ METHOD(signer_t, allocate_signature, bool, { if (chunk) { - u_int8_t mac[this->mac->get_mac_size(this->mac)]; + uint8_t mac[this->mac->get_mac_size(this->mac)]; if (!this->mac->get_mac(this->mac, data, mac)) { @@ -78,7 +78,7 @@ METHOD(signer_t, allocate_signature, bool, METHOD(signer_t, verify_signature, bool, private_signer_t *this, chunk_t data, chunk_t signature) { - u_int8_t mac[this->mac->get_mac_size(this->mac)]; + uint8_t mac[this->mac->get_mac_size(this->mac)]; if (signature.len != this->truncation) { diff --git a/src/libstrongswan/crypto/signers/signer.h b/src/libstrongswan/crypto/signers/signer.h index e0cf7eb5a..01b702da1 100644 --- a/src/libstrongswan/crypto/signers/signer.h +++ b/src/libstrongswan/crypto/signers/signer.h @@ -96,7 +96,7 @@ struct signer_t { * @return TRUE if signature created successfully */ bool (*get_signature)(signer_t *this, chunk_t data, - u_int8_t *buffer) __attribute__((warn_unused_result)); + uint8_t *buffer) __attribute__((warn_unused_result)); /** * Generate a signature and allocate space for it. diff --git a/src/libstrongswan/eap/eap.h b/src/libstrongswan/eap/eap.h index 08d88ba88..2d4a238cd 100644 --- a/src/libstrongswan/eap/eap.h +++ b/src/libstrongswan/eap/eap.h @@ -99,18 +99,18 @@ struct eap_vendor_type_t { /** * Vendor Id */ - u_int32_t vendor; + uint32_t vendor; }; /** * EAP packet format */ typedef struct __attribute__((packed)) { - u_int8_t code; - u_int8_t identifier; - u_int16_t length; - u_int8_t type; - u_int8_t data; + uint8_t code; + uint8_t identifier; + uint16_t length; + uint8_t type; + uint8_t data; } eap_packet_t; /** diff --git a/src/libstrongswan/ipsec/ipsec_types.c b/src/libstrongswan/ipsec/ipsec_types.c index f2ee11ee8..a52a1eb51 100644 --- a/src/libstrongswan/ipsec/ipsec_types.c +++ b/src/libstrongswan/ipsec/ipsec_types.c @@ -40,6 +40,22 @@ ENUM(ipcomp_transform_names, IPCOMP_NONE, IPCOMP_LZJH, /* * See header */ +bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b) +{ + return a->mode == b->mode && + a->reqid == b->reqid && + a->policy_count == b->policy_count && + a->esp.use == b->esp.use && + a->esp.spi == b->esp.spi && + a->ah.use == b->ah.use && + a->ah.spi == b->ah.spi && + a->ipcomp.transform == b->ipcomp.transform && + a->ipcomp.cpi == b->ipcomp.cpi; +} + +/* + * See header + */ bool mark_from_string(const char *value, mark_t *mark) { char *endptr; diff --git a/src/libstrongswan/ipsec/ipsec_types.h b/src/libstrongswan/ipsec/ipsec_types.h index fa122af30..c93d95562 100644 --- a/src/libstrongswan/ipsec/ipsec_types.h +++ b/src/libstrongswan/ipsec/ipsec_types.h @@ -123,26 +123,35 @@ struct ipsec_sa_cfg_t { /** mode of SA (tunnel, transport) */ ipsec_mode_t mode; /** unique ID */ - u_int32_t reqid; + uint32_t reqid; /** number of policies of the same kind (in/out/fwd) attached to SA */ - u_int32_t policy_count; + uint32_t policy_count; /** details about ESP/AH */ struct { /** TRUE if this protocol is used */ bool use; /** SPI for ESP/AH */ - u_int32_t spi; + uint32_t spi; } esp, ah; /** details about IPComp */ struct { /** the IPComp transform used */ - u_int16_t transform; + uint16_t transform; /** CPI for IPComp */ - u_int16_t cpi; + uint16_t cpi; } ipcomp; }; /** + * Compare two ipsec_sa_cfg_t objects for equality. + * + * @param a first object + * @param b second object + * @return TRUE if both objects are equal + */ +bool ipsec_sa_cfg_equals(ipsec_sa_cfg_t *a, ipsec_sa_cfg_t *b); + +/** * A lifetime_cfg_t defines the lifetime limits of an SA. * * Set any of these values to 0 to ignore. @@ -150,11 +159,11 @@ struct ipsec_sa_cfg_t { struct lifetime_cfg_t { struct { /** Limit before the SA gets invalid. */ - u_int64_t life; + uint64_t life; /** Limit before the SA gets rekeyed. */ - u_int64_t rekey; + uint64_t rekey; /** The range of a random value subtracted from rekey. */ - u_int64_t jitter; + uint64_t jitter; } time, bytes, packets; }; @@ -163,9 +172,9 @@ struct lifetime_cfg_t { */ struct mark_t { /** Mark value */ - u_int32_t value; + uint32_t value; /** Mark mask */ - u_int32_t mask; + uint32_t mask; }; /** diff --git a/src/libstrongswan/networking/host.c b/src/libstrongswan/networking/host.c index 2e464b0ad..b71d2da16 100644 --- a/src/libstrongswan/networking/host.c +++ b/src/libstrongswan/networking/host.c @@ -79,7 +79,7 @@ METHOD(host_t, get_sockaddr_len, socklen_t*, METHOD(host_t, is_anyaddr, bool, private_host_t *this) { - static const u_int8_t zeroes[IPV6_LEN]; + static const uint8_t zeroes[IPV6_LEN]; switch (this->address.sa_family) { @@ -119,7 +119,7 @@ int host_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, else { void *address; - u_int16_t port; + uint16_t port; int len; address = &this->address6.sin6_addr; @@ -191,7 +191,7 @@ METHOD(host_t, get_family, int, return this->address.sa_family; } -METHOD(host_t, get_port, u_int16_t, +METHOD(host_t, get_port, uint16_t, private_host_t *this) { switch (this->address.sa_family) @@ -212,7 +212,7 @@ METHOD(host_t, get_port, u_int16_t, } METHOD(host_t, set_port, void, - private_host_t *this, u_int16_t port) + private_host_t *this, uint16_t port) { switch (this->address.sa_family) { @@ -334,7 +334,7 @@ static private_host_t *host_create_empty(void) /* * Create a %any host with port */ -static host_t *host_create_any_port(int family, u_int16_t port) +static host_t *host_create_any_port(int family, uint16_t port) { host_t *this; @@ -347,7 +347,7 @@ static host_t *host_create_any_port(int family, u_int16_t port) * Described in header. */ host_t *host_create_from_string_and_family(char *string, int family, - u_int16_t port) + uint16_t port) { union { struct sockaddr_in v4; @@ -415,7 +415,7 @@ host_t *host_create_from_string_and_family(char *string, int family, /* * Described in header. */ -host_t *host_create_from_string(char *string, u_int16_t port) +host_t *host_create_from_string(char *string, uint16_t port) { return host_create_from_string_and_family(string, AF_UNSPEC, port); } @@ -455,7 +455,7 @@ host_t *host_create_from_sockaddr(sockaddr_t *sockaddr) /* * Described in header. */ -host_t *host_create_from_dns(char *string, int af, u_int16_t port) +host_t *host_create_from_dns(char *string, int af, uint16_t port) { host_t *this; @@ -474,7 +474,7 @@ host_t *host_create_from_dns(char *string, int af, u_int16_t port) /* * Described in header. */ -host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port) +host_t *host_create_from_chunk(int family, chunk_t address, uint16_t port) { private_host_t *this; @@ -646,7 +646,7 @@ host_t *host_create_netmask(int family, int netbits) if (bytes < len) { memset(target + bytes, 0x00, len - bytes); - target[bytes] = (u_int8_t)(0xff << bits); + target[bytes] = (uint8_t)(0xff << bits); } return &this->public; } diff --git a/src/libstrongswan/networking/host.h b/src/libstrongswan/networking/host.h index db6f4dd49..a777f9f97 100644 --- a/src/libstrongswan/networking/host.h +++ b/src/libstrongswan/networking/host.h @@ -99,14 +99,14 @@ struct host_t { * * @return port number */ - u_int16_t (*get_port) (host_t *this); + uint16_t (*get_port) (host_t *this); /** * Set the port of this host * * @param port port number */ - void (*set_port) (host_t *this, u_int16_t port); + void (*set_port) (host_t *this, uint16_t port); /** * Compare the ips of two hosts hosts. @@ -137,7 +137,7 @@ struct host_t { * @param port port number * @return host_t, NULL if string not an address. */ -host_t *host_create_from_string(char *string, u_int16_t port); +host_t *host_create_from_string(char *string, uint16_t port); /** * Same as host_create_from_string(), but with the option to enforce a family. @@ -148,7 +148,7 @@ host_t *host_create_from_string(char *string, u_int16_t port); * @return host_t, NULL if string not an address. */ host_t *host_create_from_string_and_family(char *string, int family, - u_int16_t port); + uint16_t port); /** * Constructor to create a host_t from a DNS name. @@ -158,7 +158,7 @@ host_t *host_create_from_string_and_family(char *string, int family, * @param port port number * @return host_t, NULL lookup failed */ -host_t *host_create_from_dns(char *string, int family, u_int16_t port); +host_t *host_create_from_dns(char *string, int family, uint16_t port); /** * Constructor to create a host_t object from an address chunk. @@ -170,7 +170,7 @@ host_t *host_create_from_dns(char *string, int family, u_int16_t port); * @param port port number * @return host_t, NULL if family not supported/chunk invalid */ -host_t *host_create_from_chunk(int family, chunk_t address, u_int16_t port); +host_t *host_create_from_chunk(int family, chunk_t address, uint16_t port); /** * Constructor to create a host_t object from a sockaddr struct diff --git a/src/libstrongswan/networking/packet.c b/src/libstrongswan/networking/packet.c index 4ff7fc48b..f76a85a4b 100644 --- a/src/libstrongswan/networking/packet.c +++ b/src/libstrongswan/networking/packet.c @@ -42,7 +42,7 @@ struct private_packet_t { /** * DSCP value on packet */ - u_int8_t dscp; + uint8_t dscp; /** * message data @@ -94,13 +94,13 @@ METHOD(packet_t, set_data, void, this->adjusted_data = this->data = data; } -METHOD(packet_t, get_dscp, u_int8_t, +METHOD(packet_t, get_dscp, uint8_t, private_packet_t *this) { return this->dscp; } METHOD(packet_t, set_dscp, void, - private_packet_t *this, u_int8_t value) + private_packet_t *this, uint8_t value) { this->dscp = value; } diff --git a/src/libstrongswan/networking/packet.h b/src/libstrongswan/networking/packet.h index 1492dd0b9..8699d4abe 100644 --- a/src/libstrongswan/networking/packet.h +++ b/src/libstrongswan/networking/packet.h @@ -85,14 +85,14 @@ struct packet_t { * * @return DSCP value */ - u_int8_t (*get_dscp)(packet_t *this); + uint8_t (*get_dscp)(packet_t *this); /** * Set the DiffServ Code Point to use on this packet. * * @param value DSCP value */ - void (*set_dscp)(packet_t *this, u_int8_t value); + void (*set_dscp)(packet_t *this, uint8_t value); /** * Increase the offset where the actual packet data starts. diff --git a/src/libstrongswan/networking/tun_device.c b/src/libstrongswan/networking/tun_device.c index 81d215677..de925553f 100644 --- a/src/libstrongswan/networking/tun_device.c +++ b/src/libstrongswan/networking/tun_device.c @@ -96,7 +96,7 @@ struct private_tun_device_t { /** * Netmask for address */ - u_int8_t netmask; + uint8_t netmask; }; /** @@ -105,7 +105,7 @@ struct private_tun_device_t { #if __FreeBSD__ >= 10 static bool set_address_and_mask(struct in_aliasreq *ifra, host_t *addr, - u_int8_t netmask) + uint8_t netmask) { host_t *mask; @@ -132,7 +132,7 @@ static bool set_address_and_mask(struct in_aliasreq *ifra, host_t *addr, * on FreeBSD 10 an newer. */ static bool set_address_impl(private_tun_device_t *this, host_t *addr, - u_int8_t netmask) + uint8_t netmask) { struct in_aliasreq ifra; @@ -171,7 +171,7 @@ static bool set_address_impl(private_tun_device_t *this, host_t *addr, * Set the address using the classic SIOCSIFADDR etc. commands on other systems. */ static bool set_address_impl(private_tun_device_t *this, host_t *addr, - u_int8_t netmask) + uint8_t netmask) { struct ifreq ifr; host_t *mask; @@ -218,7 +218,7 @@ static bool set_address_impl(private_tun_device_t *this, host_t *addr, #endif /* __FreeBSD__ */ METHOD(tun_device_t, set_address, bool, - private_tun_device_t *this, host_t *addr, u_int8_t netmask) + private_tun_device_t *this, host_t *addr, uint8_t netmask) { if (!set_address_impl(this, addr, netmask)) { @@ -231,7 +231,7 @@ METHOD(tun_device_t, set_address, bool, } METHOD(tun_device_t, get_address, host_t*, - private_tun_device_t *this, u_int8_t *netmask) + private_tun_device_t *this, uint8_t *netmask) { if (netmask && this->address) { @@ -326,7 +326,7 @@ METHOD(tun_device_t, write_packet, bool, #ifdef __APPLE__ /* UTUN's expect the packets to be prepended by a 32-bit protocol number * instead of parsing the packet again, we assume IPv4 for now */ - u_int32_t proto = htonl(AF_INET); + uint32_t proto = htonl(AF_INET); packet = chunk_cata("cc", chunk_from_thing(proto), packet); #endif s = write(this->tunfd, packet.ptr, packet.len); @@ -364,7 +364,7 @@ METHOD(tun_device_t, read_packet, bool, data.len = len; #ifdef __APPLE__ /* UTUN's prepend packets with a 32-bit protocol number */ - data = chunk_skip(data, sizeof(u_int32_t)); + data = chunk_skip(data, sizeof(uint32_t)); #endif *packet = chunk_clone(data); return TRUE; diff --git a/src/libstrongswan/networking/tun_device.h b/src/libstrongswan/networking/tun_device.h index 880369ba7..4f9eacb07 100644 --- a/src/libstrongswan/networking/tun_device.h +++ b/src/libstrongswan/networking/tun_device.h @@ -60,7 +60,7 @@ struct tun_device_t { * @param netmask the netmask to use * @return TRUE if operation successful */ - bool (*set_address)(tun_device_t *this, host_t *addr, u_int8_t netmask); + bool (*set_address)(tun_device_t *this, host_t *addr, uint8_t netmask); /** * Get the IP address previously assigned to using set_address(). @@ -68,7 +68,7 @@ struct tun_device_t { * @param netmask pointer receiving the configured netmask, or NULL * @return address previously set, NULL if none */ - host_t* (*get_address)(tun_device_t *this, u_int8_t *netmask); + host_t* (*get_address)(tun_device_t *this, uint8_t *netmask); /** * Bring the TUN device up diff --git a/src/libstrongswan/pen/pen.h b/src/libstrongswan/pen/pen.h index 2c5592330..50e63f7be 100644 --- a/src/libstrongswan/pen/pen.h +++ b/src/libstrongswan/pen/pen.h @@ -59,7 +59,7 @@ enum pen_t { */ struct pen_type_t { pen_t vendor_id; - u_int32_t type; + uint32_t type; }; /** @@ -69,7 +69,7 @@ struct pen_type_t { * @param type type to create a pen_type_t * @return created pen_type_t */ -static inline pen_type_t pen_type_create(pen_t vendor_id, u_int32_t type) +static inline pen_type_t pen_type_create(pen_t vendor_id, uint32_t type) { pen_type_t pen_type = { vendor_id, type }; return pen_type; @@ -96,7 +96,7 @@ static inline bool pen_type_equals(pen_type_t a, pen_type_t b) * @return TRUE if vendor_id and type matches pen_type */ static inline bool pen_type_is(pen_type_t pen_type, - pen_t vendor_id, u_int32_t type) + pen_t vendor_id, uint32_t type) { return pen_type.vendor_id == vendor_id && pen_type.type == type; } diff --git a/src/libstrongswan/plugins/acert/Makefile.in b/src/libstrongswan/plugins/acert/Makefile.in index 034ab48e0..a1ee0f83e 100644 --- a/src/libstrongswan/plugins/acert/Makefile.in +++ b/src/libstrongswan/plugins/acert/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/acert -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/acert/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/acert/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in index 6ad68a55a..02cd0f832 100644 --- a/src/libstrongswan/plugins/aes/Makefile.in +++ b/src/libstrongswan/plugins/aes/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/aes -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/aes/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/aes/aes_crypter.c b/src/libstrongswan/plugins/aes/aes_crypter.c index f9775c8b8..8829ba162 100644 --- a/src/libstrongswan/plugins/aes/aes_crypter.c +++ b/src/libstrongswan/plugins/aes/aes_crypter.c @@ -49,27 +49,27 @@ struct private_aes_crypter_t { /** * Number of words in the key input block. */ - u_int32_t aes_Nkey; + uint32_t aes_Nkey; /** * The number of cipher rounds. */ - u_int32_t aes_Nrnd; + uint32_t aes_Nrnd; /** * The encryption key schedule. */ - u_int32_t aes_e_key[AES_KS_LENGTH]; + uint32_t aes_e_key[AES_KS_LENGTH]; /** * The decryption key schedule. */ - u_int32_t aes_d_key[AES_KS_LENGTH]; + uint32_t aes_d_key[AES_KS_LENGTH]; /** * Key size of this AES cypher object. */ - u_int32_t key_size; + uint32_t key_size; }; /** @@ -88,7 +88,7 @@ struct private_aes_crypter_t { */ #define bval(x,n) ((unsigned char)((x) >> 8 * (n))) #define bytes2word(b0, b1, b2, b3) \ - ((u_int32_t)(b3) << 24 | (u_int32_t)(b2) << 16 | (u_int32_t)(b1) << 8 | (b0)) + ((uint32_t)(b3) << 24 | (uint32_t)(b2) << 16 | (uint32_t)(b1) << 8 | (b0)) /* little endian processor without data alignment restrictions: AES_LE_OK */ @@ -105,15 +105,15 @@ struct private_aes_crypter_t { #ifdef AES_LE_OK /* little endian processor without data alignment restrictions */ -#define word_in(x) *(u_int32_t*)(x) -#define const_word_in(x) *(const u_int32_t*)(x) -#define word_out(x,v) *(u_int32_t*)(x) = (v) -#define const_word_out(x,v) *(const u_int32_t*)(x) = (v) +#define word_in(x) *(uint32_t*)(x) +#define const_word_in(x) *(const uint32_t*)(x) +#define word_out(x,v) *(uint32_t*)(x) = (v) +#define const_word_out(x,v) *(const uint32_t*)(x) = (v) #else /* slower but generic big endian or with data alignment restrictions */ /* some additional "const" touches to stop "gcc -Wcast-qual" complains --jjo */ -#define word_in(x) ((u_int32_t)(((unsigned char *)(x))[0])|((u_int32_t)(((unsigned char *)(x))[1])<<8)|((u_int32_t)(((unsigned char *)(x))[2])<<16)|((u_int32_t)(((unsigned char *)(x))[3])<<24)) -#define const_word_in(x) ((const u_int32_t)(((const unsigned char *)(x))[0])|((const u_int32_t)(((const unsigned char *)(x))[1])<<8)|((const u_int32_t)(((const unsigned char *)(x))[2])<<16)|((const u_int32_t)(((const unsigned char *)(x))[3])<<24)) +#define word_in(x) ((uint32_t)(((unsigned char *)(x))[0])|((uint32_t)(((unsigned char *)(x))[1])<<8)|((uint32_t)(((unsigned char *)(x))[2])<<16)|((uint32_t)(((unsigned char *)(x))[3])<<24)) +#define const_word_in(x) ((const uint32_t)(((const unsigned char *)(x))[0])|((const uint32_t)(((const unsigned char *)(x))[1])<<8)|((const uint32_t)(((const unsigned char *)(x))[2])<<16)|((const uint32_t)(((const unsigned char *)(x))[3])<<24)) #define word_out(x,v) ((unsigned char *)(x))[0]=(v),((unsigned char *)(x))[1]=((v)>>8),((unsigned char *)(x))[2]=((v)>>16),((unsigned char *)(x))[3]=((v)>>24) #define const_word_out(x,v) ((const unsigned char *)(x))[0]=(v),((const unsigned char *)(x))[1]=((v)>>8),((const unsigned char *)(x))[2]=((v)>>16),((const unsigned char *)(x))[3]=((v)>>24) #endif @@ -156,7 +156,7 @@ struct private_aes_crypter_t { // this table can be a table of bytes if the key schedule // code is adjusted accordingly -static const u_int32_t rcon_tab[29] = +static const uint32_t rcon_tab[29] = { w0(01), w0(02), w0(04), w0(08), w0(10), w0(20), w0(40), w0(80), @@ -320,7 +320,7 @@ static const u_int32_t rcon_tab[29] = #undef r #define r r0 -static const u_int32_t ft_tab[4][256] = +static const uint32_t ft_tab[4][256] = { { f_table }, #undef r #define r r1 @@ -335,7 +335,7 @@ static const u_int32_t ft_tab[4][256] = #undef r #define r r0 -static const u_int32_t it_tab[4][256] = +static const uint32_t it_tab[4][256] = { { i_table }, #undef r #define r r1 @@ -386,7 +386,7 @@ static const u_int32_t it_tab[4][256] = #undef r #define r(p,q,r,s) w0(q) -static const u_int32_t fl_tab[4][256] = +static const uint32_t fl_tab[4][256] = { { f_table }, #undef r #define r(p,q,r,s) w1(q) @@ -401,7 +401,7 @@ static const u_int32_t fl_tab[4][256] = #undef w #define w w0 -static const u_int32_t il_tab[4][256] = +static const uint32_t il_tab[4][256] = { { li_table }, #undef w #define w w1 @@ -483,7 +483,7 @@ static const u_int32_t il_tab[4][256] = #undef r #define r r0 -static const u_int32_t im_tab[4][256] = +static const uint32_t im_tab[4][256] = { { m_table }, #undef r #define r r1 @@ -717,8 +717,8 @@ static const u_int32_t im_tab[4][256] = static void encrypt_block(const private_aes_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]) { - u_int32_t locals(b0, b1); - const u_int32_t *kp = this->aes_e_key; + uint32_t locals(b0, b1); + const uint32_t *kp = this->aes_e_key; state_in(b0, in_blk, kp); kp += nc; @@ -754,8 +754,8 @@ static void encrypt_block(const private_aes_crypter_t *this, static void decrypt_block(const private_aes_crypter_t *this, const unsigned char in_blk[], unsigned char out_blk[]) { - u_int32_t locals(b0, b1); - const u_int32_t *kp = this->aes_d_key; + uint32_t locals(b0, b1); + const uint32_t *kp = this->aes_d_key; state_in(b0, in_blk, kp); kp += nc; @@ -789,8 +789,8 @@ METHOD(crypter_t, decrypt, bool, private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { int pos; - const u_int32_t *iv_i; - u_int8_t *in, *out; + const uint32_t *iv_i; + uint8_t *in, *out; if (decrypted) { @@ -811,16 +811,16 @@ METHOD(crypter_t, decrypt, bool, decrypt_block(this, in, out); if (pos==0) { - iv_i=(const u_int32_t*) (iv.ptr); + iv_i=(const uint32_t*) (iv.ptr); } else { - iv_i=(const u_int32_t*) (in-16); + iv_i=(const uint32_t*) (in-16); } - *((u_int32_t *)(&out[ 0])) ^= iv_i[0]; - *((u_int32_t *)(&out[ 4])) ^= iv_i[1]; - *((u_int32_t *)(&out[ 8])) ^= iv_i[2]; - *((u_int32_t *)(&out[12])) ^= iv_i[3]; + *((uint32_t *)(&out[ 0])) ^= iv_i[0]; + *((uint32_t *)(&out[ 4])) ^= iv_i[1]; + *((uint32_t *)(&out[ 8])) ^= iv_i[2]; + *((uint32_t *)(&out[12])) ^= iv_i[3]; in-=16; out-=16; pos-=16; @@ -832,8 +832,8 @@ METHOD(crypter_t, encrypt, bool, private_aes_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { int pos; - const u_int32_t *iv_i; - u_int8_t *in, *out; + const uint32_t *iv_i; + uint8_t *in, *out; in = data.ptr; out = data.ptr; @@ -848,16 +848,16 @@ METHOD(crypter_t, encrypt, bool, { if (pos==0) { - iv_i=(const u_int32_t*) iv.ptr; + iv_i=(const uint32_t*) iv.ptr; } else { - iv_i=(const u_int32_t*) (out-16); + iv_i=(const uint32_t*) (out-16); } - *((u_int32_t *)(&out[ 0])) = iv_i[0]^*((const u_int32_t *)(&in[ 0])); - *((u_int32_t *)(&out[ 4])) = iv_i[1]^*((const u_int32_t *)(&in[ 4])); - *((u_int32_t *)(&out[ 8])) = iv_i[2]^*((const u_int32_t *)(&in[ 8])); - *((u_int32_t *)(&out[12])) = iv_i[3]^*((const u_int32_t *)(&in[12])); + *((uint32_t *)(&out[ 0])) = iv_i[0]^*((const uint32_t *)(&in[ 0])); + *((uint32_t *)(&out[ 4])) = iv_i[1]^*((const uint32_t *)(&in[ 4])); + *((uint32_t *)(&out[ 8])) = iv_i[2]^*((const uint32_t *)(&in[ 8])); + *((uint32_t *)(&out[12])) = iv_i[3]^*((const uint32_t *)(&in[12])); encrypt_block(this, out, out); in+=16; out+=16; @@ -887,8 +887,8 @@ METHOD(crypter_t, get_key_size, size_t, METHOD(crypter_t, set_key, bool, private_aes_crypter_t *this, chunk_t key) { - u_int32_t *kf, *kt, rci, f = 0; - u_int8_t *in_key = key.ptr; + uint32_t *kf, *kt, rci, f = 0; + uint8_t *in_key = key.ptr; this->aes_Nrnd = (this->aes_Nkey > (nc) ? this->aes_Nkey : (nc)) + 6; @@ -948,7 +948,7 @@ METHOD(crypter_t, set_key, bool, if(!f) { - u_int32_t i; + uint32_t i; kt = this->aes_d_key + nc * this->aes_Nrnd; kf = this->aes_e_key; diff --git a/src/libstrongswan/plugins/aesni/Makefile.in b/src/libstrongswan/plugins/aesni/Makefile.in index 7f91e439c..576b6dafc 100644 --- a/src/libstrongswan/plugins/aesni/Makefile.in +++ b/src/libstrongswan/plugins/aesni/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/aesni -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/aesni/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/aesni/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -789,6 +802,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/aesni/aesni_ccm.c b/src/libstrongswan/plugins/aesni/aesni_ccm.c index d523bc17a..12074860e 100644 --- a/src/libstrongswan/plugins/aesni/aesni_ccm.c +++ b/src/libstrongswan/plugins/aesni/aesni_ccm.c @@ -83,7 +83,7 @@ struct private_aesni_ccm_t { * First block with control information */ typedef struct __attribute__((packed)) { - BITFIELD4(u_int8_t, + BITFIELD4(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, /* size of our ICV t, as (t-2)/2 */ @@ -105,7 +105,7 @@ typedef struct __attribute__((packed)) { * Counter block */ typedef struct __attribute__((packed)) { - BITFIELD3(u_int8_t, + BITFIELD3(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, zero: 3, @@ -140,7 +140,7 @@ static void build_b0(private_aesni_ccm_t *this, size_t len, size_t alen, /** * Build a counter block for counter i */ -static void build_ctr(private_aesni_ccm_t *this, u_int32_t i, u_char *iv, +static void build_ctr(private_aesni_ccm_t *this, uint32_t i, u_char *iv, void *out) { ctr_t *ctr = out; @@ -157,7 +157,7 @@ static void build_ctr(private_aesni_ccm_t *this, u_int32_t i, u_char *iv, * Calculate the ICV for the b0 and associated data */ static __m128i icv_header(private_aesni_ccm_t *this, size_t len, u_char *iv, - u_int16_t alen, u_char *assoc) + uint16_t alen, u_char *assoc) { __m128i *ks, b, t, c; u_int i, round, blocks, rem; diff --git a/src/libstrongswan/plugins/aesni/aesni_cmac.c b/src/libstrongswan/plugins/aesni/aesni_cmac.c index d6a87e6d7..07580c822 100644 --- a/src/libstrongswan/plugins/aesni/aesni_cmac.c +++ b/src/libstrongswan/plugins/aesni/aesni_cmac.c @@ -65,7 +65,7 @@ struct private_mac_t { }; METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { __m128i *ks, t, l, *bi; u_int blocks, rem, i; diff --git a/src/libstrongswan/plugins/aesni/aesni_ctr.c b/src/libstrongswan/plugins/aesni/aesni_ctr.c index 989813814..d9a555a85 100644 --- a/src/libstrongswan/plugins/aesni/aesni_ctr.c +++ b/src/libstrongswan/plugins/aesni/aesni_ctr.c @@ -61,7 +61,7 @@ struct private_aesni_ctr_t { struct { char nonce[4]; char iv[8]; - u_int32_t counter; + uint32_t counter; } __attribute__((packed, aligned(sizeof(__m128i)))) state; }; diff --git a/src/libstrongswan/plugins/aesni/aesni_gcm.c b/src/libstrongswan/plugins/aesni/aesni_gcm.c index 53c0b144e..330dc6cd3 100644 --- a/src/libstrongswan/plugins/aesni/aesni_gcm.c +++ b/src/libstrongswan/plugins/aesni/aesni_gcm.c @@ -316,7 +316,7 @@ static __m128i icv_tailer(private_aesni_gcm_t *this, __m128i y, __m128i b; htoun64(&b, alen * 8); - htoun64((u_char*)&b + sizeof(u_int64_t), dlen * 8); + htoun64((u_char*)&b + sizeof(uint64_t), dlen * 8); return ghash(this->h, y, b); } diff --git a/src/libstrongswan/plugins/aesni/aesni_xcbc.c b/src/libstrongswan/plugins/aesni/aesni_xcbc.c index 24a75cec0..974c5fedc 100644 --- a/src/libstrongswan/plugins/aesni/aesni_xcbc.c +++ b/src/libstrongswan/plugins/aesni/aesni_xcbc.c @@ -70,7 +70,7 @@ struct private_aesni_mac_t { }; METHOD(mac_t, get_mac, bool, - private_aesni_mac_t *this, chunk_t data, u_int8_t *out) + private_aesni_mac_t *this, chunk_t data, uint8_t *out) { __m128i *ks, e, *bi; u_int blocks, rem, i; diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in index 7aaea450c..1f092287b 100644 --- a/src/libstrongswan/plugins/af_alg/Makefile.in +++ b/src/libstrongswan/plugins/af_alg/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/af_alg -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/af_alg/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/af_alg/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -784,6 +797,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c index 611975533..62fea51cc 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_hasher.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_hasher.c @@ -107,7 +107,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_af_alg_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_af_alg_hasher_t *this, chunk_t chunk, uint8_t *hash) { return this->ops->hash(this->ops, chunk, hash, this->size); } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.c b/src/libstrongswan/plugins/af_alg/af_alg_ops.c index 331d1e801..7e129300f 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.c @@ -108,7 +108,7 @@ METHOD(af_alg_ops_t, hash, bool, } METHOD(af_alg_ops_t, crypt, bool, - private_af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data, + private_af_alg_ops_t *this, uint32_t type, chunk_t iv, chunk_t data, char *out) { struct msghdr msg = {}; diff --git a/src/libstrongswan/plugins/af_alg/af_alg_ops.h b/src/libstrongswan/plugins/af_alg/af_alg_ops.h index e34f22977..51342d71c 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_ops.h +++ b/src/libstrongswan/plugins/af_alg/af_alg_ops.h @@ -64,7 +64,7 @@ struct af_alg_ops_t { * @param out buffer write processed data to * @return TRUE if successful */ - bool (*crypt)(af_alg_ops_t *this, u_int32_t type, chunk_t iv, chunk_t data, + bool (*crypt)(af_alg_ops_t *this, uint32_t type, chunk_t iv, chunk_t data, char *out); /** diff --git a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c index 445667507..571882cec 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_plugin.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_plugin.c @@ -22,6 +22,8 @@ #include "af_alg_prf.h" #include "af_alg_crypter.h" +#include <unistd.h> + typedef struct private_af_alg_plugin_t private_af_alg_plugin_t; /** @@ -41,6 +43,19 @@ METHOD(plugin_t, get_name, char*, return "af-alg"; } +static bool af_alg_supported() +{ + int fd; + + fd = socket(AF_ALG, SOCK_SEQPACKET, 0); + if (fd != -1) + { + close(fd); + return true; + } + return false; +} + METHOD(plugin_t, get_features, int, private_af_alg_plugin_t *this, plugin_feature_t *features[]) { @@ -50,6 +65,10 @@ METHOD(plugin_t, get_features, int, if (!count) { /* initialize only once */ + if (!af_alg_supported()) + { + return 0; + } f[count++] = PLUGIN_REGISTER(HASHER, af_alg_hasher_create); af_alg_hasher_probe(f, &count); f[count++] = PLUGIN_REGISTER(SIGNER, af_alg_signer_create); diff --git a/src/libstrongswan/plugins/af_alg/af_alg_prf.c b/src/libstrongswan/plugins/af_alg/af_alg_prf.c index 2b7d51376..8c3627a22 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_prf.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_prf.c @@ -106,7 +106,7 @@ static size_t lookup_alg(pseudo_random_function_t algo, char **name, bool *xcbc) } METHOD(prf_t, get_bytes, bool, - private_af_alg_prf_t *this, chunk_t seed, u_int8_t *buffer) + private_af_alg_prf_t *this, chunk_t seed, uint8_t *buffer) { return this->ops->hash(this->ops, seed, buffer, this->block_size); } diff --git a/src/libstrongswan/plugins/af_alg/af_alg_signer.c b/src/libstrongswan/plugins/af_alg/af_alg_signer.c index 1403144ab..e54b457e7 100644 --- a/src/libstrongswan/plugins/af_alg/af_alg_signer.c +++ b/src/libstrongswan/plugins/af_alg/af_alg_signer.c @@ -109,7 +109,7 @@ static size_t lookup_alg(integrity_algorithm_t algo, char **name, } METHOD(signer_t, get_signature, bool, - private_af_alg_signer_t *this, chunk_t data, u_int8_t *buffer) + private_af_alg_signer_t *this, chunk_t data, uint8_t *buffer) { return this->ops->hash(this->ops, data, buffer, this->block_size); } diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in index cbdc8e84e..5e1b1f38a 100644 --- a/src/libstrongswan/plugins/agent/Makefile.in +++ b/src/libstrongswan/plugins/agent/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/agent -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/agent/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/agent/agent_private_key.c b/src/libstrongswan/plugins/agent/agent_private_key.c index c2e82a9f1..bb55c45c0 100644 --- a/src/libstrongswan/plugins/agent/agent_private_key.c +++ b/src/libstrongswan/plugins/agent/agent_private_key.c @@ -98,18 +98,18 @@ static u_char read_byte(chunk_t *blob) } /** - * read a u_int32_t from a blob + * read a uint32_t from a blob */ -static u_int32_t read_uint32(chunk_t *blob) +static uint32_t read_uint32(chunk_t *blob) { - u_int32_t val; + uint32_t val; - if (blob->len < sizeof(u_int32_t)) + if (blob->len < sizeof(uint32_t)) { return 0; } - val = ntohl(*(u_int32_t*)blob->ptr); - *blob = chunk_skip(*blob, sizeof(u_int32_t)); + val = ntohl(*(uint32_t*)blob->ptr); + *blob = chunk_skip(*blob, sizeof(uint32_t)); return val; } @@ -182,7 +182,7 @@ static bool read_key(private_agent_private_key_t *this, public_key_t *pubkey) blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); - if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || + if (blob.len < sizeof(uint32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_ID_RESPONSE) { @@ -236,7 +236,7 @@ METHOD(private_key_t, sign, bool, private_agent_private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature) { - u_int32_t len, flags; + uint32_t len, flags; char buf[2048]; chunk_t blob; @@ -247,7 +247,7 @@ METHOD(private_key_t, sign, bool, return FALSE; } - len = htonl(1 + sizeof(u_int32_t) * 3 + this->key.len + data.len); + len = htonl(1 + sizeof(uint32_t) * 3 + this->key.len + data.len); buf[0] = SSH_AGENT_SIGN_REQUEST; if (write(this->socket, &len, sizeof(len)) != sizeof(len) || write(this->socket, &buf, 1) != 1) @@ -281,7 +281,7 @@ METHOD(private_key_t, sign, bool, blob = chunk_create(buf, sizeof(buf)); blob.len = read(this->socket, blob.ptr, blob.len); - if (blob.len < sizeof(u_int32_t) + sizeof(u_char) || + if (blob.len < sizeof(uint32_t) + sizeof(u_char) || read_uint32(&blob) != blob.len || read_byte(&blob) != SSH_AGENT_SIGN_RESPONSE) { diff --git a/src/libstrongswan/plugins/bliss/Makefile.in b/src/libstrongswan/plugins/bliss/Makefile.in index 8f91cdcbe..389e20ed4 100644 --- a/src/libstrongswan/plugins/bliss/Makefile.in +++ b/src/libstrongswan/plugins/bliss/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -82,8 +92,6 @@ host_triplet = @host@ @MONOLITHIC_TRUE@am__append_1 = libstrongswan-bliss.la noinst_PROGRAMS = bliss_huffman$(EXEEXT) subdir = src/libstrongswan/plugins/bliss -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -97,6 +105,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -220,12 +229,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -275,6 +286,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -309,6 +321,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -420,6 +433,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -502,7 +516,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -850,6 +863,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES tags tags-am uninstall uninstall-am \ uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + recreate-bliss-huffman : bliss_huffman bliss_huffman_code.h $(AM_V_GEN) \ diff --git a/src/libstrongswan/plugins/bliss/tests/Makefile.in b/src/libstrongswan/plugins/bliss/tests/Makefile.in index 43e508ba0..85619c551 100644 --- a/src/libstrongswan/plugins/bliss/tests/Makefile.in +++ b/src/libstrongswan/plugins/bliss/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = bliss_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libstrongswan/plugins/bliss/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/bliss/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -981,6 +994,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in index a6c3287f4..d54331163 100644 --- a/src/libstrongswan/plugins/blowfish/Makefile.in +++ b/src/libstrongswan/plugins/blowfish/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/blowfish -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/blowfish/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c index 253f9b4a4..1708e078d 100644 --- a/src/libstrongswan/plugins/blowfish/blowfish_crypter.c +++ b/src/libstrongswan/plugins/blowfish/blowfish_crypter.c @@ -84,14 +84,14 @@ struct private_blowfish_crypter_t { /** * Key size of this Blowfish cipher object. */ - u_int32_t key_size; + uint32_t key_size; }; METHOD(crypter_t, decrypt, bool, private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { - u_int8_t *in, *out; + uint8_t *in, *out; if (decrypted) { @@ -116,7 +116,7 @@ METHOD(crypter_t, encrypt, bool, private_blowfish_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { - u_int8_t *in, *out; + uint8_t *in, *out; if (encrypted) { diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in index 3d56b9802..d93b0479c 100644 --- a/src/libstrongswan/plugins/ccm/Makefile.in +++ b/src/libstrongswan/plugins/ccm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ccm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ccm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ccm/ccm_aead.c b/src/libstrongswan/plugins/ccm/ccm_aead.c index 676d67681..9cf9bedf5 100644 --- a/src/libstrongswan/plugins/ccm/ccm_aead.c +++ b/src/libstrongswan/plugins/ccm/ccm_aead.c @@ -60,7 +60,7 @@ struct private_ccm_aead_t { * First block with control information */ typedef struct __attribute__((packed)) { - BITFIELD4(u_int8_t, + BITFIELD4(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, /* size of our ICV t, as (t-2)/2 */ @@ -82,7 +82,7 @@ typedef struct __attribute__((packed)) { * Counter block */ typedef struct __attribute__((packed)) { - BITFIELD3(u_int8_t, + BITFIELD3(uint8_t, /* size of p length field q, as q-1 */ q_len: 3, zero: 3, @@ -117,7 +117,7 @@ static void build_b0(private_ccm_aead_t *this, chunk_t plain, chunk_t assoc, /** * Build a counter block for counter i */ -static void build_ctr(private_ccm_aead_t *this, u_int32_t i, chunk_t iv, +static void build_ctr(private_ccm_aead_t *this, uint32_t i, chunk_t iv, char *out) { ctr_t *ctr = (ctr_t*)out; diff --git a/src/libstrongswan/plugins/chapoly/Makefile.in b/src/libstrongswan/plugins/chapoly/Makefile.in index b3506587d..d5b77a990 100644 --- a/src/libstrongswan/plugins/chapoly/Makefile.in +++ b/src/libstrongswan/plugins/chapoly/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ @MONOLITHIC_TRUE@am__append_1 = libstrongswan-chapoly.la subdir = src/libstrongswan/plugins/chapoly -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -215,12 +224,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -270,6 +281,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -304,6 +316,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -415,6 +428,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -479,7 +493,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/chapoly/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/chapoly/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -806,6 +819,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/chapoly/chapoly_aead.c b/src/libstrongswan/plugins/chapoly/chapoly_aead.c index 50ad84b21..39d51e9f8 100644 --- a/src/libstrongswan/plugins/chapoly/chapoly_aead.c +++ b/src/libstrongswan/plugins/chapoly/chapoly_aead.c @@ -84,8 +84,8 @@ static bool poly_head(private_chapoly_aead_t *this, u_char *assoc, size_t len) static bool poly_tail(private_chapoly_aead_t *this, size_t alen, size_t clen) { struct { - u_int64_t alen; - u_int64_t clen; + uint64_t alen; + uint64_t clen; } b; b.alen = htole64(alen); @@ -190,7 +190,7 @@ METHOD(aead_t, encrypt, bool, { u_char *out; - if (sizeof(plain.len) > sizeof(u_int32_t) && plain.len > P_MAX) + if (sizeof(plain.len) > sizeof(uint32_t) && plain.len > P_MAX) { return FALSE; } @@ -220,7 +220,7 @@ METHOD(aead_t, decrypt, bool, return FALSE; } encr.len -= POLY_ICV_SIZE; - if (sizeof(encr.len) > sizeof(u_int32_t) && encr.len > P_MAX) + if (sizeof(encr.len) > sizeof(uint32_t) && encr.len > P_MAX) { return FALSE; } diff --git a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c index dfed4d53d..59962b819 100644 --- a/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c +++ b/src/libstrongswan/plugins/chapoly/chapoly_drv_portable.c @@ -39,30 +39,30 @@ struct private_chapoly_drv_portable_t { /** * ChaCha20 state matrix */ - u_int32_t m[16]; + uint32_t m[16]; /** * Poly1305 update key */ - u_int32_t r[5]; + uint32_t r[5]; /** * Poly1305 state */ - u_int32_t h[5]; + uint32_t h[5]; /** * Poly1305 finalize key */ - u_int32_t s[4]; + uint32_t s[4]; }; /** * XOR a 32-bit integer into an unaligned destination */ -static inline void xor32u(void *p, u_int32_t x) +static inline void xor32u(void *p, uint32_t x) { - u_int32_t y; + uint32_t y; memcpy(&y, p, sizeof(y)); y ^= x; @@ -72,7 +72,7 @@ static inline void xor32u(void *p, u_int32_t x) /** * Multiply two 64-bit words */ -static inline u_int64_t mlt(u_int64_t a, u_int64_t b) +static inline uint64_t mlt(uint64_t a, uint64_t b) { return a * b; } @@ -80,7 +80,7 @@ static inline u_int64_t mlt(u_int64_t a, u_int64_t b) /** * Shift a 64-bit unsigned integer v right by n bits, clamp to 32 bit */ -static inline u_int32_t sr(u_int64_t v, u_char n) +static inline uint32_t sr(uint64_t v, u_char n) { return v >> n; } @@ -88,13 +88,13 @@ static inline u_int32_t sr(u_int64_t v, u_char n) /** * Circular left shift by n bits */ -static inline u_int32_t rotl32(u_int32_t v, u_char n) +static inline uint32_t rotl32(uint32_t v, u_char n) { return (v << n) | (v >> (sizeof(v) * 8 - n)); } /** - * AND two values, using a native integer size >= sizeof(u_int32_t) + * AND two values, using a native integer size >= sizeof(uint32_t) */ static inline u_long and(u_long v, u_long mask) { @@ -106,8 +106,8 @@ static inline u_long and(u_long v, u_long mask) */ static void chacha_block_xor(private_chapoly_drv_portable_t *this, void *data) { - u_int32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf; - u_int32_t *out = data; + uint32_t x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf; + uint32_t *out = data; u_int i; x0 = this->m[ 0]; @@ -246,10 +246,10 @@ METHOD(chapoly_drv_t, init, bool, METHOD(chapoly_drv_t, poly, bool, private_chapoly_drv_portable_t *this, u_char *data, u_int blocks) { - u_int32_t r0, r1, r2, r3, r4; - u_int32_t s1, s2, s3, s4; - u_int32_t h0, h1, h2, h3, h4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t r0, r1, r2, r3, r4; + uint32_t s1, s2, s3, s4; + uint32_t h0, h1, h2, h3, h4; + uint64_t d0, d1, d2, d3, d4; u_int i; r0 = this->r[0]; @@ -345,10 +345,10 @@ METHOD(chapoly_drv_t, decrypt, bool, METHOD(chapoly_drv_t, finish, bool, private_chapoly_drv_portable_t *this, u_char *mac) { - u_int32_t h0, h1, h2, h3, h4; - u_int32_t g0, g1, g2, g3, g4; - u_int32_t mask; - u_int64_t f = 0; + uint32_t h0, h1, h2, h3, h4; + uint32_t g0, g1, g2, g3, g4; + uint32_t mask; + uint64_t f = 0; /* fully carry h */ h0 = this->h[0]; @@ -371,7 +371,7 @@ METHOD(chapoly_drv_t, finish, bool, g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff; /* select h if h < p, or h + -p if h >= p */ - mask = (g4 >> ((sizeof(u_int32_t) * 8) - 1)) - 1; + mask = (g4 >> ((sizeof(uint32_t) * 8) - 1)) - 1; g0 &= mask; g1 &= mask; g2 &= mask; diff --git a/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c b/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c index df88e7d77..3981ed522 100644 --- a/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c +++ b/src/libstrongswan/plugins/chapoly/chapoly_drv_ssse3.c @@ -45,30 +45,30 @@ struct private_chapoly_drv_ssse3_t { /** * Poly1305 update key */ - u_int32_t r[5]; + uint32_t r[5]; /** * Poly1305 update key r^2 */ - u_int32_t u[5]; + uint32_t u[5]; /** * Poly1305 state */ - u_int32_t h[5]; + uint32_t h[5]; /** * Poly1305 finalize key */ - u_int32_t s[4]; + uint32_t s[4]; }; /** * Read a 32-bit integer from an unaligned address */ -static inline u_int32_t ru32(void *p) +static inline uint32_t ru32(void *p) { - u_int32_t ret; + uint32_t ret; memcpy(&ret, p, sizeof(ret)); return ret; @@ -77,7 +77,7 @@ static inline u_int32_t ru32(void *p) /** * Write a 32-bit word to an unaligned address */ -static inline void wu32(void *p, u_int32_t v) +static inline void wu32(void *p, uint32_t v) { memcpy(p, &v, sizeof(v)); } @@ -85,13 +85,13 @@ static inline void wu32(void *p, u_int32_t v) /** * Shift a 64-bit unsigned integer v right by n bits, clamp to 32 bit */ -static inline u_int32_t sr(u_int64_t v, u_char n) +static inline uint32_t sr(uint64_t v, u_char n) { return v >> n; } /** - * AND two values, using a native integer size >= sizeof(u_int32_t) + * AND two values, using a native integer size >= sizeof(uint32_t) */ static inline u_long and(u_long v, u_long mask) { @@ -189,7 +189,7 @@ static void chacha_4block_xor(private_chapoly_drv_ssse3_t *this, void *data) { __m128i x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, xa, xb, xc, xd, xe, xf; __m128i r8, r16, ctrinc, t, *out = data; - u_int32_t *m = (u_int32_t*)this->m; + uint32_t *m = (uint32_t*)this->m; u_int i; r8 = _mm_set_epi8(14, 13, 12, 15, 10, 9, 8, 11, 6, 5, 4, 7, 2, 1, 0, 3); @@ -364,7 +364,7 @@ METHOD(chapoly_drv_t, set_key, bool, /** * r[127:64] = h[95:64] * a, r[63:0] = h[31:0] * b */ -static inline __m128i mul2(__m128i h, u_int32_t a, u_int32_t b) +static inline __m128i mul2(__m128i h, uint32_t a, uint32_t b) { return _mm_mul_epu32(h, _mm_set_epi32(0, a, 0, b)); } @@ -374,7 +374,7 @@ static inline __m128i mul2(__m128i h, u_int32_t a, u_int32_t b) * z = x[127:64] + x[63:0] + y[127:64] + y[63:0] */ static inline void sum2(__m128i a, __m128i b, __m128i x, __m128i y, - u_int64_t *c, u_int64_t *z) + uint64_t *c, uint64_t *z) { __m128i r, s; @@ -392,10 +392,10 @@ static inline void sum2(__m128i a, __m128i b, __m128i x, __m128i y, * r = a[127:64] + b[127:64] + c[127:64] + d[127:64] + e[127:64] * + a[63:0] + b[63:0] + c[63:0] + d[63:0] + e[63:0] */ -static inline u_int64_t sum5(__m128i a, __m128i b, __m128i c, +static inline uint64_t sum5(__m128i a, __m128i b, __m128i c, __m128i d, __m128i e) { - u_int64_t r; + uint64_t r; a = _mm_add_epi64(a, b); c = _mm_add_epi64(c, d); @@ -414,10 +414,10 @@ static inline u_int64_t sum5(__m128i a, __m128i b, __m128i c, static void make_u(private_chapoly_drv_ssse3_t *this) { __m128i r01, r23, r44, x0, x1, y0, y1, z0; - u_int32_t r0, r1, r2, r3, r4; - u_int32_t u0, u1, u2, u3, u4; - u_int32_t s1, s2, s3, s4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t r0, r1, r2, r3, r4; + uint32_t u0, u1, u2, u3, u4; + uint32_t s1, s2, s3, s4; + uint64_t d0, d1, d2, d3, d4; r0 = this->r[0]; r1 = this->r[1]; @@ -513,12 +513,12 @@ METHOD(chapoly_drv_t, init, bool, */ static void poly2(private_chapoly_drv_ssse3_t *this, u_char *data, u_int dblks) { - u_int32_t r0, r1, r2, r3, r4, u0, u1, u2, u3, u4; - u_int32_t s1, s2, s3, s4, v1, v2, v3, v4; + uint32_t r0, r1, r2, r3, r4, u0, u1, u2, u3, u4; + uint32_t s1, s2, s3, s4, v1, v2, v3, v4; __m128i hc0, hc1, hc2, hc3, hc4; - u_int32_t h0, h1, h2, h3, h4; - u_int32_t c0, c1, c2, c3, c4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t h0, h1, h2, h3, h4; + uint32_t c0, c1, c2, c3, c4; + uint64_t d0, d1, d2, d3, d4; u_int i; r0 = this->r[0]; @@ -622,13 +622,13 @@ static void poly2(private_chapoly_drv_ssse3_t *this, u_char *data, u_int dblks) */ static void poly1(private_chapoly_drv_ssse3_t *this, u_char *data) { - u_int32_t r0, r1, r2, r3, r4; - u_int32_t s1, s2, s3, s4; - u_int32_t h0, h1, h2, h3, h4; - u_int64_t d0, d1, d2, d3, d4; + uint32_t r0, r1, r2, r3, r4; + uint32_t s1, s2, s3, s4; + uint32_t h0, h1, h2, h3, h4; + uint64_t d0, d1, d2, d3, d4; __m128i h01, h23, h44; __m128i x0, x1, y0, y1, z0; - u_int32_t t0, t1; + uint32_t t0, t1; r0 = this->r[0]; r1 = this->r[1]; @@ -764,10 +764,10 @@ METHOD(chapoly_drv_t, decrypt, bool, METHOD(chapoly_drv_t, finish, bool, private_chapoly_drv_ssse3_t *this, u_char *mac) { - u_int32_t h0, h1, h2, h3, h4; - u_int32_t g0, g1, g2, g3, g4; - u_int32_t mask; - u_int64_t f = 0; + uint32_t h0, h1, h2, h3, h4; + uint32_t g0, g1, g2, g3, g4; + uint32_t mask; + uint64_t f = 0; /* fully carry h */ h0 = this->h[0]; @@ -790,7 +790,7 @@ METHOD(chapoly_drv_t, finish, bool, g4 = h4 + (g3 >> 26) - (1 << 26); g3 &= 0x3ffffff; /* select h if h < p, or h + -p if h >= p */ - mask = (g4 >> ((sizeof(u_int32_t) * 8) - 1)) - 1; + mask = (g4 >> ((sizeof(uint32_t) * 8) - 1)) - 1; g0 &= mask; g1 &= mask; g2 &= mask; diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in index 2ffaa0662..2703dc4cc 100644 --- a/src/libstrongswan/plugins/cmac/Makefile.in +++ b/src/libstrongswan/plugins/cmac/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/cmac -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/cmac/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/cmac/cmac.c b/src/libstrongswan/plugins/cmac/cmac.c index 4f222ff4e..22f077f58 100644 --- a/src/libstrongswan/plugins/cmac/cmac.c +++ b/src/libstrongswan/plugins/cmac/cmac.c @@ -39,7 +39,7 @@ struct private_mac_t { /** * Block size, in bytes */ - u_int8_t b; + uint8_t b; /** * Crypter with key K @@ -49,22 +49,22 @@ struct private_mac_t { /** * K1 */ - u_int8_t *k1; + uint8_t *k1; /** * K2 */ - u_int8_t *k2; + uint8_t *k2; /** * T */ - u_int8_t *t; + uint8_t *t; /** * remaining, unprocessed bytes in append mode */ - u_int8_t *remaining; + uint8_t *remaining; /** * number of bytes in remaining @@ -127,7 +127,7 @@ static bool update(private_mac_t *this, chunk_t data) /** * process last block M_last */ -static bool final(private_mac_t *this, u_int8_t *out) +static bool final(private_mac_t *this, uint8_t *out) { chunk_t iv; @@ -179,7 +179,7 @@ static bool final(private_mac_t *this, u_int8_t *out) } METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { /* update T, do not process last block */ if (!update(this, data)) @@ -316,7 +316,7 @@ mac_t *cmac_create(encryption_algorithm_t algo, size_t key_size) { private_mac_t *this; crypter_t *crypter; - u_int8_t b; + uint8_t b; crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); if (!crypter) diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in index f263f7764..90fd6bd6b 100644 --- a/src/libstrongswan/plugins/constraints/Makefile.in +++ b/src/libstrongswan/plugins/constraints/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/constraints -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/constraints/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/constraints/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in index 9558f878e..94a7f112c 100644 --- a/src/libstrongswan/plugins/ctr/Makefile.in +++ b/src/libstrongswan/plugins/ctr/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ctr -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ctr/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c index 59d201a6f..854030b8c 100644 --- a/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c +++ b/src/libstrongswan/plugins/ctr/ctr_ipsec_crypter.c @@ -38,7 +38,7 @@ struct private_ctr_ipsec_crypter_t { struct { char nonce[4]; char iv[8]; - u_int32_t counter; + uint32_t counter; } __attribute__((packed)) state; }; diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in index 8fc366cca..5092c542c 100644 --- a/src/libstrongswan/plugins/curl/Makefile.in +++ b/src/libstrongswan/plugins/curl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/curl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/curl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/curl/curl_plugin.c b/src/libstrongswan/plugins/curl/curl_plugin.c index 89296677e..42ae9cdd2 100644 --- a/src/libstrongswan/plugins/curl/curl_plugin.c +++ b/src/libstrongswan/plugins/curl/curl_plugin.c @@ -60,7 +60,7 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl, char *proto, plugin_feature_t f) { /* http://curl.haxx.se/libcurl/c/libcurl-tutorial.html#Multi-threading */ - if (strpfx(ssl, "OpenSSL")) + if (strpfx(ssl, "OpenSSL") || strpfx(ssl, "LibreSSL")) { add_feature(this, f); add_feature(this, PLUGIN_DEPENDS(CUSTOM, "openssl-threading")); @@ -70,7 +70,8 @@ static void add_feature_with_ssl(private_curl_plugin_t *this, const char *ssl, add_feature(this, f); add_feature(this, PLUGIN_DEPENDS(CUSTOM, "gcrypt-threading")); } - else if (strpfx(ssl, "NSS")) + else if (strpfx(ssl, "NSS") || + strpfx(ssl, "BoringSSL")) { add_feature(this, f); } diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in index 6a09d63c9..c2e49b66f 100644 --- a/src/libstrongswan/plugins/des/Makefile.in +++ b/src/libstrongswan/plugins/des/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/des -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/des/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/des/des_crypter.c b/src/libstrongswan/plugins/des/des_crypter.c index 6010f9d8b..d236bd429 100644 --- a/src/libstrongswan/plugins/des/des_crypter.c +++ b/src/libstrongswan/plugins/des/des_crypter.c @@ -96,7 +96,7 @@ struct private_des_crypter_t { #define DES_ENCRYPT 1 #define DES_DECRYPT 0 -#define DES_LONG u_int32_t +#define DES_LONG uint32_t #if defined(WIN32) || defined(WIN16) #ifndef MSDOS @@ -1420,7 +1420,7 @@ METHOD(crypter_t, decrypt, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (decrypted) @@ -1439,7 +1439,7 @@ METHOD(crypter_t, encrypt, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (encrypted) @@ -1456,7 +1456,7 @@ METHOD(crypter_t, encrypt, bool, METHOD(crypter_t, decrypt_ecb, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { - u_int8_t *out; + uint8_t *out; out = data.ptr; if (decrypted) @@ -1472,7 +1472,7 @@ METHOD(crypter_t, decrypt_ecb, bool, METHOD(crypter_t, encrypt_ecb, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { - u_int8_t *out; + uint8_t *out; out = data.ptr; if (encrypted) @@ -1489,7 +1489,7 @@ METHOD(crypter_t, decrypt3, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (decrypted) @@ -1508,7 +1508,7 @@ METHOD(crypter_t, encrypt3, bool, private_des_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { des_cblock ivb; - u_int8_t *out; + uint8_t *out; out = data.ptr; if (encrypted) diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in index 55ebb3419..1481f8dd8 100644 --- a/src/libstrongswan/plugins/dnskey/Makefile.in +++ b/src/libstrongswan/plugins/dnskey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/dnskey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/dnskey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/dnskey/dnskey_builder.c b/src/libstrongswan/plugins/dnskey/dnskey_builder.c index 71040437d..fd2471a48 100644 --- a/src/libstrongswan/plugins/dnskey/dnskey_builder.c +++ b/src/libstrongswan/plugins/dnskey/dnskey_builder.c @@ -26,10 +26,10 @@ typedef enum dnskey_algorithm_t dnskey_algorithm_t; * Header of a DNSKEY resource record */ struct dnskey_rr_t { - u_int16_t flags; - u_int8_t protocol; - u_int8_t algorithm; - u_int8_t data[]; + uint16_t flags; + uint8_t protocol; + uint8_t algorithm; + uint8_t data[]; } __attribute__((__packed__)); /** diff --git a/src/libstrongswan/plugins/files/Makefile.in b/src/libstrongswan/plugins/files/Makefile.in index 6c2e792f5..7623a9507 100644 --- a/src/libstrongswan/plugins/files/Makefile.in +++ b/src/libstrongswan/plugins/files/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/files -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/files/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/files/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in index 252035ca8..7c2ae7ce5 100644 --- a/src/libstrongswan/plugins/fips_prf/Makefile.in +++ b/src/libstrongswan/plugins/fips_prf/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/fips_prf -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/fips_prf/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c index 92977909e..47676b32f 100644 --- a/src/libstrongswan/plugins/fips_prf/fips_prf.c +++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c @@ -31,7 +31,7 @@ struct private_fips_prf_t { /** * key of prf function, "b" long */ - u_int8_t *key; + uint8_t *key; /** * size of "b" in bytes @@ -46,19 +46,19 @@ struct private_fips_prf_t { /** * G function, either SHA1 or DES */ - bool (*g)(private_fips_prf_t *this, chunk_t c, u_int8_t res[]); + bool (*g)(private_fips_prf_t *this, chunk_t c, uint8_t res[]); }; /** * sum = (a + b) mod 2 ^ (length * 8) */ -static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[]) +static void add_mod(size_t length, uint8_t a[], uint8_t b[], uint8_t sum[]) { int i, c = 0; for(i = length - 1; i >= 0; i--) { - u_int32_t tmp; + uint32_t tmp; tmp = a[i] + b[i] + c; sum[i] = 0xff & tmp; @@ -69,7 +69,7 @@ static void add_mod(size_t length, u_int8_t a[], u_int8_t b[], u_int8_t sum[]) /** * calculate "chunk mod 2^(length*8)" and save it into buffer */ -static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) +static void chunk_mod(size_t length, chunk_t chunk, uint8_t buffer[]) { if (chunk.len < length) { @@ -105,14 +105,14 @@ static void chunk_mod(size_t length, chunk_t chunk, u_int8_t buffer[]) * 0x8e, 0x20, 0xd7, 0x37, 0xa3, 0x27, 0x51, 0x16 */ METHOD(prf_t, get_bytes, bool, - private_fips_prf_t *this, chunk_t seed, u_int8_t w[]) + private_fips_prf_t *this, chunk_t seed, uint8_t w[]) { int i; - u_int8_t xval[this->b]; - u_int8_t xseed[this->b]; - u_int8_t sum[this->b]; - u_int8_t *xkey = this->key; - u_int8_t one[this->b]; + uint8_t xval[this->b]; + uint8_t xseed[this->b]; + uint8_t sum[this->b]; + uint8_t *xkey = this->key; + uint8_t one[this->b]; if (!w) { @@ -175,9 +175,9 @@ METHOD(prf_t, set_key, bool, /** * Implementation of the G() function based on SHA1 */ -static bool g_sha1(private_fips_prf_t *this, chunk_t c, u_int8_t res[]) +static bool g_sha1(private_fips_prf_t *this, chunk_t c, uint8_t res[]) { - u_int8_t buf[64]; + uint8_t buf[64]; if (c.len < sizeof(buf)) { diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in index f9c4a6950..eb4a0aef0 100644 --- a/src/libstrongswan/plugins/gcm/Makefile.in +++ b/src/libstrongswan/plugins/gcm/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gcm -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcm/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/gcm/gcm_aead.c b/src/libstrongswan/plugins/gcm/gcm_aead.c index 6e1694a34..e9a072461 100644 --- a/src/libstrongswan/plugins/gcm/gcm_aead.c +++ b/src/libstrongswan/plugins/gcm/gcm_aead.c @@ -67,11 +67,11 @@ struct private_gcm_aead_t { #if ULONG_MAX == 18446744073709551615UL && defined(htobe64) # define htobeword htobe64 # define bewordtoh be64toh -# define SHIFT_WORD_TYPE u_int64_t +# define SHIFT_WORD_TYPE uint64_t #else # define htobeword htonl # define bewordtoh ntohl -# define SHIFT_WORD_TYPE u_int32_t +# define SHIFT_WORD_TYPE uint32_t #endif /** diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in index 774c447f6..727cc2497 100644 --- a/src/libstrongswan/plugins/gcrypt/Makefile.in +++ b/src/libstrongswan/plugins/gcrypt/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gcrypt -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gcrypt/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -786,6 +799,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c index a737cb13d..80a8dc90d 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_crypter.c @@ -52,7 +52,7 @@ struct private_gcrypt_crypter_t { struct { char nonce[4]; char iv[8]; - u_int32_t counter; + uint32_t counter; } __attribute__((packed)) ctr; }; diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c index af7993101..199c1d6c9 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_hasher.c @@ -51,7 +51,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_gcrypt_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_gcrypt_hasher_t *this, chunk_t chunk, uint8_t *hash) { gcry_md_write(this->hd, chunk.ptr, chunk.len); if (hash) diff --git a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c index dc34a8d66..bf11758b1 100644 --- a/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c +++ b/src/libstrongswan/plugins/gcrypt/gcrypt_rng.c @@ -36,7 +36,7 @@ struct private_gcrypt_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_gcrypt_rng_t *this, size_t bytes, u_int8_t *buffer) + private_gcrypt_rng_t *this, size_t bytes, uint8_t *buffer) { switch (this->quality) { diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in index 9a2d30192..32d5bebf0 100644 --- a/src/libstrongswan/plugins/gmp/Makefile.in +++ b/src/libstrongswan/plugins/gmp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/gmp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/gmp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -777,6 +790,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c index 052b10741..e5d418ea4 100644 --- a/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c +++ b/src/libstrongswan/plugins/gmp/gmp_rsa_private_key.c @@ -142,7 +142,7 @@ chunk_t gmp_mpz_to_chunk(const mpz_t value) static void mpz_clear_sensitive(mpz_t z) { size_t len = mpz_size(z) * GMP_LIMB_BITS / BITS_PER_BYTE; - u_int8_t *zeros = alloca(len); + uint8_t *zeros = alloca(len); memset(zeros, 0, len); /* overwrite mpz_t with zero bytes before clearing it */ diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in index 46fac4a8c..6d8a845c0 100644 --- a/src/libstrongswan/plugins/hmac/Makefile.in +++ b/src/libstrongswan/plugins/hmac/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/hmac -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/hmac/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/hmac/hmac.c b/src/libstrongswan/plugins/hmac/hmac.c index 96a14aed9..c777b47cd 100644 --- a/src/libstrongswan/plugins/hmac/hmac.c +++ b/src/libstrongswan/plugins/hmac/hmac.c @@ -38,7 +38,7 @@ struct private_mac_t { /** * Block size, as in RFC. */ - u_int8_t b; + uint8_t b; /** * Hash function. @@ -57,7 +57,7 @@ struct private_mac_t { }; METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { /* H(K XOR opad, H(K XOR ipad, text)) * @@ -66,7 +66,7 @@ METHOD(mac_t, get_mac, bool, * */ - u_int8_t buffer[this->h->get_hash_size(this->h)]; + uint8_t buffer[this->h->get_hash_size(this->h)]; chunk_t inner; if (out == NULL) @@ -96,7 +96,7 @@ METHOD(mac_t, set_key, bool, private_mac_t *this, chunk_t key) { int i; - u_int8_t buffer[this->b]; + uint8_t buffer[this->b]; memset(buffer, 0, this->b); diff --git a/src/libstrongswan/plugins/keychain/Makefile.in b/src/libstrongswan/plugins/keychain/Makefile.in index eb0bdf387..e290c807d 100644 --- a/src/libstrongswan/plugins/keychain/Makefile.in +++ b/src/libstrongswan/plugins/keychain/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/keychain -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/keychain/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/keychain/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in index 0a03fd819..429cd9e8e 100644 --- a/src/libstrongswan/plugins/ldap/Makefile.in +++ b/src/libstrongswan/plugins/ldap/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ldap -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ldap/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -771,6 +784,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in index 4dbdbe020..669856c59 100644 --- a/src/libstrongswan/plugins/md4/Makefile.in +++ b/src/libstrongswan/plugins/md4/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md4 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/md4/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/md4/md4_hasher.c b/src/libstrongswan/plugins/md4/md4_hasher.c index 06c9ec2f8..ada6c05da 100644 --- a/src/libstrongswan/plugins/md4/md4_hasher.c +++ b/src/libstrongswan/plugins/md4/md4_hasher.c @@ -39,7 +39,7 @@ #define S33 11 #define S34 15 -static u_int8_t PADDING[64] = { +static uint8_t PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -65,11 +65,11 @@ static u_int8_t PADDING[64] = { (a) = ROTATE_LEFT ((a), (s)); \ } #define GG(a, b, c, d, x, s) { \ - (a) += G ((b), (c), (d)) + (x) + (u_int32_t)0x5a827999; \ + (a) += G ((b), (c), (d)) + (x) + (uint32_t)0x5a827999; \ (a) = ROTATE_LEFT ((a), (s)); \ } #define HH(a, b, c, d, x, s) { \ - (a) += H ((b), (c), (d)) + (x) + (u_int32_t)0x6ed9eba1; \ + (a) += H ((b), (c), (d)) + (x) + (uint32_t)0x6ed9eba1; \ (a) = ROTATE_LEFT ((a), (s)); \ } @@ -87,40 +87,40 @@ struct private_md4_hasher_t { /* * State of the hasher. */ - u_int32_t state[4]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[4]; + uint32_t count[2]; + uint8_t buffer[64]; }; #if BYTE_ORDER != LITTLE_ENDIAN -/* Encodes input (u_int32_t) into output (u_int8_t). Assumes len is +/* Encodes input (uint32_t) into output (uint8_t). Assumes len is * a multiple of 4. */ -static void Encode (u_int8_t *output, u_int32_t *input, size_t len) +static void Encode (uint8_t *output, uint32_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (u_int8_t)(input[i] & 0xff); - output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); - output[j+2] = (u_int8_t)((input[i] >> 16) & 0xff); - output[j+3] = (u_int8_t)((input[i] >> 24) & 0xff); + output[j] = (uint8_t)(input[i] & 0xff); + output[j+1] = (uint8_t)((input[i] >> 8) & 0xff); + output[j+2] = (uint8_t)((input[i] >> 16) & 0xff); + output[j+3] = (uint8_t)((input[i] >> 24) & 0xff); } } -/* Decodes input (u_int8_t) into output (u_int32_t). Assumes len is +/* Decodes input (uint8_t) into output (uint32_t). Assumes len is * a multiple of 4. */ -static void Decode(u_int32_t *output, u_int8_t *input, size_t len) +static void Decode(uint32_t *output, uint8_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | - (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); + output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) | + (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24); } } @@ -132,9 +132,9 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) /* * MD4 basic transformation. Transforms state based on block. */ -static void MD4Transform(u_int32_t state[4], u_int8_t block[64]) +static void MD4Transform(uint32_t state[4], uint8_t block[64]) { - u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; Decode(x, block, 64); @@ -202,13 +202,13 @@ static void MD4Transform(u_int32_t state[4], u_int8_t block[64]) * operation, processing another message block, and updating the * context. */ -static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputLen) +static void MD4Update(private_md4_hasher_t *this, uint8_t *input, size_t inputLen) { - u_int32_t i; + uint32_t i; size_t index, partLen; /* Compute number of bytes mod 64 */ - index = (u_int8_t)((this->count[0] >> 3) & 0x3F); + index = (uint8_t)((this->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((this->count[0] += (inputLen << 3)) < (inputLen << 3)) @@ -243,9 +243,9 @@ static void MD4Update(private_md4_hasher_t *this, u_int8_t *input, size_t inputL /* MD4 finalization. Ends an MD4 message-digest operation, writing the * the message digest and zeroizing the context. */ -static void MD4Final (private_md4_hasher_t *this, u_int8_t digest[16]) +static void MD4Final (private_md4_hasher_t *this, uint8_t digest[16]) { - u_int8_t bits[8]; + uint8_t bits[8]; size_t index, padLen; /* Save number of bits */ @@ -280,7 +280,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_md4_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_md4_hasher_t *this, chunk_t chunk, uint8_t *buffer) { MD4Update(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in index 6fc25b023..d937ca348 100644 --- a/src/libstrongswan/plugins/md5/Makefile.in +++ b/src/libstrongswan/plugins/md5/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/md5 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/md5/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/md5/md5_hasher.c b/src/libstrongswan/plugins/md5/md5_hasher.c index 99b505e58..d14c10ae5 100644 --- a/src/libstrongswan/plugins/md5/md5_hasher.c +++ b/src/libstrongswan/plugins/md5/md5_hasher.c @@ -42,7 +42,7 @@ #define S43 15 #define S44 21 -static u_int8_t PADDING[64] = { +static uint8_t PADDING[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 @@ -66,22 +66,22 @@ static u_int8_t PADDING[64] = { Rotation is separate from addition to prevent recomputation. */ #define FF(a, b, c, d, x, s, ac) { \ - (a) += F ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define GG(a, b, c, d, x, s, ac) { \ - (a) += G ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define HH(a, b, c, d, x, s, ac) { \ - (a) += H ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } #define II(a, b, c, d, x, s, ac) { \ - (a) += I ((b), (c), (d)) + (x) + (u_int32_t)(ac); \ + (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \ (a) = ROTATE_LEFT ((a), (s)); \ (a) += (b); \ } @@ -102,41 +102,41 @@ struct private_md5_hasher_t { /* * State of the hasher. */ - u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[5]; + uint32_t count[2]; + uint8_t buffer[64]; }; #if BYTE_ORDER != LITTLE_ENDIAN -/* Encodes input (u_int32_t) into output (u_int8_t). Assumes len is +/* Encodes input (uint32_t) into output (uint8_t). Assumes len is * a multiple of 4. */ -static void Encode (u_int8_t *output, u_int32_t *input, size_t len) +static void Encode (uint8_t *output, uint32_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[j] = (u_int8_t)(input[i] & 0xff); - output[j+1] = (u_int8_t)((input[i] >> 8) & 0xff); - output[j+2] = (u_int8_t)((input[i] >> 16) & 0xff); - output[j+3] = (u_int8_t)((input[i] >> 24) & 0xff); + output[j] = (uint8_t)(input[i] & 0xff); + output[j+1] = (uint8_t)((input[i] >> 8) & 0xff); + output[j+2] = (uint8_t)((input[i] >> 16) & 0xff); + output[j+3] = (uint8_t)((input[i] >> 24) & 0xff); } } -/* Decodes input (u_int8_t) into output (u_int32_t). Assumes len is +/* Decodes input (uint8_t) into output (uint32_t). Assumes len is * a multiple of 4. */ -static void Decode(u_int32_t *output, u_int8_t *input, size_t len) +static void Decode(uint32_t *output, uint8_t *input, size_t len) { size_t i, j; for (i = 0, j = 0; j < len; i++, j += 4) { - output[i] = ((u_int32_t)input[j]) | (((u_int32_t)input[j+1]) << 8) | - (((u_int32_t)input[j+2]) << 16) | (((u_int32_t)input[j+3]) << 24); + output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) | + (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24); } } @@ -147,9 +147,9 @@ static void Decode(u_int32_t *output, u_int8_t *input, size_t len) /* MD5 basic transformation. Transforms state based on block. */ -static void MD5Transform(u_int32_t state[4], u_int8_t block[64]) +static void MD5Transform(uint32_t state[4], uint8_t block[64]) { - u_int32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; + uint32_t a = state[0], b = state[1], c = state[2], d = state[3], x[16]; Decode(x, block, 64); @@ -235,13 +235,13 @@ static void MD5Transform(u_int32_t state[4], u_int8_t block[64]) * operation, processing another message block, and updating the * context. */ -static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputLen) +static void MD5Update(private_md5_hasher_t *this, uint8_t *input, size_t inputLen) { - u_int32_t i; + uint32_t i; size_t index, partLen; /* Compute number of bytes mod 64 */ - index = (u_int8_t)((this->count[0] >> 3) & 0x3F); + index = (uint8_t)((this->count[0] >> 3) & 0x3F); /* Update number of bits */ if ((this->count[0] += (inputLen << 3)) < (inputLen << 3)) @@ -276,9 +276,9 @@ static void MD5Update(private_md5_hasher_t *this, u_int8_t *input, size_t inputL /* MD5 finalization. Ends an MD5 message-digest operation, writing the * the message digest and zeroizing the context. */ -static void MD5Final (private_md5_hasher_t *this, u_int8_t digest[16]) +static void MD5Final (private_md5_hasher_t *this, uint8_t digest[16]) { - u_int8_t bits[8]; + uint8_t bits[8]; size_t index, padLen; /* Save number of bits */ @@ -313,7 +313,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_md5_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_md5_hasher_t *this, chunk_t chunk, uint8_t *buffer) { MD5Update(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in index 17409dbc3..821dbc138 100644 --- a/src/libstrongswan/plugins/mysql/Makefile.in +++ b/src/libstrongswan/plugins/mysql/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/mysql -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/mysql/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in index 68be3f44a..58a27509b 100644 --- a/src/libstrongswan/plugins/nonce/Makefile.in +++ b/src/libstrongswan/plugins/nonce/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/nonce -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/nonce/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/nonce/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/nonce/nonce_nonceg.c b/src/libstrongswan/plugins/nonce/nonce_nonceg.c index 64ed2e08d..22c161df6 100644 --- a/src/libstrongswan/plugins/nonce/nonce_nonceg.c +++ b/src/libstrongswan/plugins/nonce/nonce_nonceg.c @@ -36,7 +36,7 @@ struct private_nonce_nonceg_t { }; METHOD(nonce_gen_t, get_nonce, bool, - private_nonce_nonceg_t *this, size_t size, u_int8_t *buffer) + private_nonce_nonceg_t *this, size_t size, uint8_t *buffer) { return this->rng->get_bytes(this->rng, size, buffer); } diff --git a/src/libstrongswan/plugins/ntru/Makefile.in b/src/libstrongswan/plugins/ntru/Makefile.in index 97a70679d..fd123a118 100644 --- a/src/libstrongswan/plugins/ntru/Makefile.in +++ b/src/libstrongswan/plugins/ntru/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/ntru -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -467,7 +481,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/ntru/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -788,6 +801,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.c b/src/libstrongswan/plugins/ntru/ntru_drbg.c index ef0d3d9c8..b7a951d00 100644 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.c +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.c @@ -35,17 +35,17 @@ struct private_ntru_drbg_t { /** * Security strength in bits of the DRBG */ - u_int32_t strength; + uint32_t strength; /** * Number of requests for pseudorandom bits */ - u_int32_t reseed_counter; + uint32_t reseed_counter; /** * Maximum number of requests for pseudorandom bits */ - u_int32_t max_requests; + uint32_t max_requests; /** * True entropy source @@ -111,7 +111,7 @@ static bool update(private_ntru_drbg_t *this, chunk_t data) return TRUE; } -METHOD(ntru_drbg_t, get_strength, u_int32_t, +METHOD(ntru_drbg_t, get_strength, uint32_t, private_ntru_drbg_t *this) { return this->strength; @@ -142,7 +142,7 @@ METHOD(ntru_drbg_t, reseed, bool, } METHOD(ntru_drbg_t, generate, bool, - private_ntru_drbg_t *this, u_int32_t strength, u_int32_t len, u_int8_t *out) + private_ntru_drbg_t *this, uint32_t strength, uint32_t len, uint8_t *out) { size_t delta; chunk_t output; @@ -206,14 +206,14 @@ METHOD(ntru_drbg_t, destroy, void, /* * Described in header. */ -ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str, +ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str, rng_t *entropy) { private_ntru_drbg_t *this; chunk_t seed; signer_t *hmac; size_t entropy_len; - u_int32_t max_requests; + uint32_t max_requests; if (strength > MAX_STRENGTH_BITS) { diff --git a/src/libstrongswan/plugins/ntru/ntru_drbg.h b/src/libstrongswan/plugins/ntru/ntru_drbg.h index 83cef11be..3fee1800b 100644 --- a/src/libstrongswan/plugins/ntru/ntru_drbg.h +++ b/src/libstrongswan/plugins/ntru/ntru_drbg.h @@ -36,7 +36,7 @@ struct ntru_drbg_t { * * @return configured security strength in bits */ - u_int32_t (*get_strength)(ntru_drbg_t *this); + uint32_t (*get_strength)(ntru_drbg_t *this); /** * Reseed the instantiated DRBG @@ -54,8 +54,8 @@ struct ntru_drbg_t { * @param out address of output buffer * @return TRUE if successful */ - bool (*generate)(ntru_drbg_t *this, u_int32_t strength, u_int32_t len, - u_int8_t *out); + bool (*generate)(ntru_drbg_t *this, uint32_t strength, uint32_t len, + uint8_t *out); /** * Get a reference on an ntru_drbg_t object increasing the count by one @@ -77,7 +77,7 @@ struct ntru_drbg_t { * @param pers_str personalization string * @param entropy entropy source to use */ -ntru_drbg_t *ntru_drbg_create(u_int32_t strength, chunk_t pers_str, +ntru_drbg_t *ntru_drbg_create(uint32_t strength, chunk_t pers_str, rng_t *entropy); #endif /** NTRU_DRBG_H_ @}*/ diff --git a/src/libstrongswan/plugins/ntru/ntru_ke.c b/src/libstrongswan/plugins/ntru/ntru_ke.c index 3b5df81d9..efc660bed 100644 --- a/src/libstrongswan/plugins/ntru/ntru_ke.c +++ b/src/libstrongswan/plugins/ntru/ntru_ke.c @@ -66,7 +66,7 @@ struct private_ntru_ke_t { /** * Cryptographical strength in bits of the NTRU Parameter Set */ - u_int32_t strength; + uint32_t strength; /** * NTRU Public Key @@ -247,7 +247,7 @@ ntru_ke_t *ntru_ke_create(diffie_hellman_group_t group, chunk_t g, chunk_t p) rng_t *entropy; ntru_drbg_t *drbg; char *parameter_set; - u_int32_t strength; + uint32_t strength; parameter_set = lib->settings->get_str(lib->settings, "%s.plugins.ntru.parameter_set", "optimum", lib->ns); diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index 302016937..f453f43b5 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/openssl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -210,12 +219,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -265,6 +276,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -299,6 +311,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -410,6 +423,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -485,7 +499,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/openssl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -815,6 +828,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/openssl/openssl_crl.c b/src/libstrongswan/plugins/openssl/openssl_crl.c index cb02c663c..20bac6be5 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crl.c +++ b/src/libstrongswan/plugins/openssl/openssl_crl.c @@ -46,6 +46,17 @@ #include <collections/enumerator.h> #include <credentials/certificates/x509.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static inline void X509_CRL_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509_CRL *crl) { + if (psig) { *psig = crl->signature; } + if (palg) { *palg = crl->sig_alg; } +} +#define X509_REVOKED_get0_serialNumber(r) ({ (r)->serialNumber; }) +#define X509_REVOKED_get0_revocationDate(r) ({ (r)->revocationDate; }) +#define X509_CRL_get0_extensions(c) ({ (c)->crl->extensions; }) +#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; }) +#endif + typedef struct private_openssl_crl_t private_openssl_crl_t; /** @@ -141,11 +152,13 @@ METHOD(enumerator_t, crl_enumerate, bool, revoked = sk_X509_REVOKED_value(this->stack, this->i); if (serial) { - *serial = openssl_asn1_str2chunk(revoked->serialNumber); + *serial = openssl_asn1_str2chunk( + X509_REVOKED_get0_serialNumber(revoked)); } if (date) { - *date = openssl_asn1_to_time(revoked->revocationDate); + *date = openssl_asn1_to_time( + X509_REVOKED_get0_revocationDate(revoked)); } if (reason) { @@ -231,6 +244,7 @@ METHOD(certificate_t, issued_by, bool, chunk_t fingerprint, tbs; public_key_t *key; x509_t *x509; + ASN1_BIT_STRING *sig; bool valid; if (issuer->get_type(issuer) != CERT_X509) @@ -266,9 +280,14 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } + /* i2d_re_X509_CRL_tbs() was added with 1.1.0 when X509_CRL became opaque */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + tbs = openssl_i2chunk(re_X509_CRL_tbs, this->crl); +#else tbs = openssl_i2chunk(X509_CRL_INFO, this->crl->crl); - valid = key->verify(key, this->scheme, tbs, - openssl_asn1_str2chunk(this->crl->signature)); +#endif + X509_CRL_get0_signature(&sig, NULL, this->crl); + valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); if (valid && scheme) @@ -448,7 +467,7 @@ static bool parse_extensions(private_openssl_crl_t *this) X509_EXTENSION *ext; STACK_OF(X509_EXTENSION) *extensions; - extensions = this->crl->crl->extensions; + extensions = X509_CRL_get0_extensions(this->crl); if (extensions) { num = sk_X509_EXTENSION_num(extensions); @@ -494,6 +513,8 @@ static bool parse_extensions(private_openssl_crl_t *this) static bool parse_crl(private_openssl_crl_t *this) { const unsigned char *ptr = this->encoding.ptr; + ASN1_OBJECT *oid; + X509_ALGOR *alg; this->crl = d2i_X509_CRL(NULL, &ptr, this->encoding.len); if (!this->crl) @@ -501,14 +522,28 @@ static bool parse_crl(private_openssl_crl_t *this) return FALSE; } + X509_CRL_get0_signature(NULL, &alg, this->crl); + X509_ALGOR_get0(&oid, NULL, NULL, alg); +#if OPENSSL_VERSION_NUMBER < 0x10100000L if (!chunk_equals( openssl_asn1_obj2chunk(this->crl->crl->sig_alg->algorithm), openssl_asn1_obj2chunk(this->crl->sig_alg->algorithm))) { return FALSE; } - this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid( - this->crl->sig_alg->algorithm)); +#elif 0 + /* FIXME: we currently can't do this if X509_CRL is opaque (>= 1.1.0) as + * X509_CRL_get0_tbs_sigalg() does not exist and there does not seem to be + * another easy way to get the algorithm from the tbsCertList of the CRL */ + alg = X509_CRL_get0_tbs_sigalg(this->crl); + X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg); + if (!chunk_equals(openssl_asn1_obj2chunk(oid), + openssl_asn1_obj2chunk(oid_tbs))) + { + return FALSE; + } +#endif + this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid)); this->issuer = openssl_x509_name2id(X509_CRL_get_issuer(this->crl)); if (!this->issuer) diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c index 26f4700b8..b9085f9aa 100644 --- a/src/libstrongswan/plugins/openssl/openssl_crypter.c +++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c @@ -43,7 +43,7 @@ struct private_openssl_crypter_t { /** * Look up an OpenSSL algorithm name and validate its key size */ -static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) +static char* lookup_algorithm(uint16_t ikev2_algo, size_t *key_size) { struct { /* identifier specified in IKEv2 */ @@ -57,12 +57,12 @@ static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) /* maximum key size */ size_t key_max; } mappings[] = { - {ENCR_DES, "des", 8, 8, 8}, - {ENCR_3DES, "des3", 24, 24, 24}, - {ENCR_RC5, "rc5", 16, 5, 255}, - {ENCR_IDEA, "idea", 16, 16, 16}, - {ENCR_CAST, "cast", 16, 5, 16}, - {ENCR_BLOWFISH, "blowfish", 16, 5, 56}, + {ENCR_DES, "des-cbc", 8, 8, 8}, + {ENCR_3DES, "des-ede3-cbc", 24, 24, 24}, + {ENCR_RC5, "rc5-cbc", 16, 5, 255}, + {ENCR_IDEA, "idea-cbc", 16, 16, 16}, + {ENCR_CAST, "cast5-cbc", 16, 5, 16}, + {ENCR_BLOWFISH, "bf-cbc", 16, 5, 56}, }; int i; @@ -93,8 +93,10 @@ static char* lookup_algorithm(u_int16_t ikev2_algo, size_t *key_size) static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *dst, int enc) { + EVP_CIPHER_CTX *ctx; int len; u_char *out; + bool success = FALSE; out = data.ptr; if (dst) @@ -102,16 +104,19 @@ static bool crypt(private_openssl_crypter_t *this, chunk_t data, chunk_t iv, *dst = chunk_alloc(data.len); out = dst->ptr; } - EVP_CIPHER_CTX ctx; - EVP_CIPHER_CTX_init(&ctx); - return EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) && - EVP_CIPHER_CTX_set_padding(&ctx, 0) /* disable padding */ && - EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len) && - EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) && - EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) && - /* since padding is disabled this does nothing */ - EVP_CipherFinal_ex(&ctx, out + len, &len) && - EVP_CIPHER_CTX_cleanup(&ctx); + ctx = EVP_CIPHER_CTX_new(); + if (EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) && + EVP_CIPHER_CTX_set_padding(ctx, 0) /* disable padding */ && + EVP_CIPHER_CTX_set_key_length(ctx, this->key.len) && + EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, iv.ptr, enc) && + EVP_CipherUpdate(ctx, out, &len, data.ptr, data.len) && + /* since padding is disabled this does nothing */ + EVP_CipherFinal_ex(ctx, out + len, &len)) + { + success = TRUE; + } + EVP_CIPHER_CTX_free(ctx); + return success; } METHOD(crypter_t, decrypt, bool, @@ -129,13 +134,13 @@ METHOD(crypter_t, encrypt, bool, METHOD(crypter_t, get_block_size, size_t, private_openssl_crypter_t *this) { - return this->cipher->block_size; + return EVP_CIPHER_block_size(this->cipher); } METHOD(crypter_t, get_iv_size, size_t, private_openssl_crypter_t *this) { - return this->cipher->iv_len; + return EVP_CIPHER_iv_length(this->cipher); } METHOD(crypter_t, get_key_size, size_t, @@ -193,13 +198,13 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, key_size = 16; /* FALL */ case 16: /* AES 128 */ - this->cipher = EVP_get_cipherbyname("aes128"); + this->cipher = EVP_get_cipherbyname("aes-128-cbc"); break; case 24: /* AES-192 */ - this->cipher = EVP_get_cipherbyname("aes192"); + this->cipher = EVP_get_cipherbyname("aes-192-cbc"); break; case 32: /* AES-256 */ - this->cipher = EVP_get_cipherbyname("aes256"); + this->cipher = EVP_get_cipherbyname("aes-256-cbc"); break; default: free(this); @@ -213,13 +218,13 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo, key_size = 16; /* FALL */ case 16: /* CAMELLIA 128 */ - this->cipher = EVP_get_cipherbyname("camellia128"); + this->cipher = EVP_get_cipherbyname("camellia-128-cbc"); break; case 24: /* CAMELLIA 192 */ - this->cipher = EVP_get_cipherbyname("camellia192"); + this->cipher = EVP_get_cipherbyname("camellia-192-cbc"); break; case 32: /* CAMELLIA 256 */ - this->cipher = EVP_get_cipherbyname("camellia256"); + this->cipher = EVP_get_cipherbyname("camellia-256-cbc"); break; default: free(this); diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c index 49ec48804..f08dfff7e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c +++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c @@ -22,9 +22,17 @@ #include <openssl/dh.h> #include "openssl_diffie_hellman.h" +#include "openssl_util.h" #include <utils/debug.h> +/* these were added with 1.1.0 when DH was made opaque */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(DH, key, pub_key, priv_key) +OPENSSL_KEY_FALLBACK(DH, pqg, p, q, g) +#define DH_set_length(dh, len) ({ (dh)->length = len; 1; }) +#endif + typedef struct private_openssl_diffie_hellman_t private_openssl_diffie_hellman_t; /** @@ -65,10 +73,12 @@ struct private_openssl_diffie_hellman_t { METHOD(diffie_hellman_t, get_my_public_value, bool, private_openssl_diffie_hellman_t *this, chunk_t *value) { + const BIGNUM *pubkey; + *value = chunk_alloc(DH_size(this->dh)); memset(value->ptr, 0, value->len); - BN_bn2bin(this->dh->pub_key, - value->ptr + value->len - BN_num_bytes(this->dh->pub_key)); + DH_get0_key(this->dh, &pubkey, NULL); + BN_bn2bin(pubkey, value->ptr + value->len - BN_num_bytes(pubkey)); return TRUE; } @@ -116,8 +126,15 @@ METHOD(diffie_hellman_t, set_other_public_value, bool, METHOD(diffie_hellman_t, set_private_value, bool, private_openssl_diffie_hellman_t *this, chunk_t value) { - if (BN_bin2bn(value.ptr, value.len, this->dh->priv_key)) + BIGNUM *privkey; + + privkey = BN_bin2bn(value.ptr, value.len, NULL); + if (privkey) { + if (!DH_set0_key(this->dh, NULL, privkey)) + { + return FALSE; + } chunk_clear(&this->shared_secret); this->computed = FALSE; return DH_generate_key(this->dh); @@ -136,16 +153,29 @@ METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t, */ static status_t set_modulus(private_openssl_diffie_hellman_t *this) { + BIGNUM *p, *g; + diffie_hellman_params_t *params = diffie_hellman_get_params(this->group); if (!params) { return NOT_FOUND; } - this->dh->p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL); - this->dh->g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL); + p = BN_bin2bn(params->prime.ptr, params->prime.len, NULL); + g = BN_bin2bn(params->generator.ptr, params->generator.len, NULL); + if (!DH_set0_pqg(this->dh, p, NULL, g)) + { + return FAILED; + } if (params->exp_len != params->prime.len) { - this->dh->length = params->exp_len * 8; +#ifdef OPENSSL_IS_BORINGSSL + this->dh->priv_length = params->exp_len * 8; +#else + if (!DH_set_length(this->dh, params->exp_len * 8)) + { + return FAILED; + } +#endif } return SUCCESS; } @@ -166,6 +196,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( diffie_hellman_group_t group, chunk_t g, chunk_t p) { private_openssl_diffie_hellman_t *this; + const BIGNUM *privkey; INIT(this, .public = { @@ -194,8 +225,12 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( if (group == MODP_CUSTOM) { - this->dh->p = BN_bin2bn(p.ptr, p.len, NULL); - this->dh->g = BN_bin2bn(g.ptr, g.len, NULL); + if (!DH_set0_pqg(this->dh, BN_bin2bn(p.ptr, p.len, NULL), NULL, + BN_bin2bn(g.ptr, g.len, NULL))) + { + destroy(this); + return NULL; + } } else { @@ -213,9 +248,8 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create( destroy(this); return NULL; } - DBG2(DBG_LIB, "size of DH secret exponent: %d bits", - BN_num_bits(this->dh->priv_key)); - + DH_get0_key(this->dh, NULL, &privkey); + DBG2(DBG_LIB, "size of DH secret exponent: %d bits", BN_num_bits(privkey)); return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index bc7884c99..24fe623eb 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -28,6 +28,10 @@ #include <openssl/ecdsa.h> #include <openssl/x509.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) +#endif + typedef struct private_openssl_ec_private_key_t private_openssl_ec_private_key_t; /** @@ -59,15 +63,17 @@ bool openssl_ec_fingerprint(EC_KEY *ec, cred_encoding_type_t type, chunk_t *fp); static bool build_signature(private_openssl_ec_private_key_t *this, chunk_t hash, chunk_t *signature) { - bool built = FALSE; + const BIGNUM *r, *s; ECDSA_SIG *sig; + bool built = FALSE; sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec); if (sig) { + ECDSA_SIG_get0(sig, &r, &s); /* concatenate BNs r/s to a signature chunk */ built = openssl_bn_cat(EC_FIELD_ELEMENT_LEN(EC_KEY_get0_group(this->ec)), - sig->r, sig->s, signature); + r, s, signature); ECDSA_SIG_free(sig); } return built; diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c index 21dcb0120..a1e56fc5e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c @@ -27,6 +27,10 @@ #include <openssl/ecdsa.h> #include <openssl/x509.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(ECDSA_SIG, r, s) +#endif + typedef struct private_openssl_ec_public_key_t private_openssl_ec_public_key_t; /** @@ -55,14 +59,23 @@ struct private_openssl_ec_public_key_t { static bool verify_signature(private_openssl_ec_public_key_t *this, chunk_t hash, chunk_t signature) { - bool valid = FALSE; + BIGNUM *r, *s; ECDSA_SIG *sig; + bool valid = FALSE; sig = ECDSA_SIG_new(); if (sig) { - /* split the signature chunk in r and s */ - if (openssl_bn_split(signature, sig->r, sig->s)) + r = BN_new(); + s = BN_new(); + if (!openssl_bn_split(signature, r, s)) + { + BN_free(r); + BN_free(s); + ECDSA_SIG_free(sig); + return FALSE; + } + if (ECDSA_SIG_set0(sig, r, s)) { valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1); } diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c index 147e4afb4..6bbe4af95 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c @@ -71,7 +71,7 @@ struct private_aead_t { static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, u_char *out, int enc) { - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; u_char nonce[NONCE_LEN]; bool success = FALSE; int len; @@ -79,29 +79,29 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, memcpy(nonce, this->salt, SALT_LEN); memcpy(nonce + SALT_LEN, iv.ptr, IV_LEN); - EVP_CIPHER_CTX_init(&ctx); - EVP_CIPHER_CTX_set_padding(&ctx, 0); - if (!EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc) || - !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_IVLEN, NONCE_LEN, NULL) || - !EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, nonce, enc)) + ctx = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_set_padding(ctx, 0); + if (!EVP_CipherInit_ex(ctx, this->cipher, NULL, NULL, NULL, enc) || + !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, NONCE_LEN, NULL) || + !EVP_CipherInit_ex(ctx, NULL, NULL, this->key.ptr, nonce, enc)) { goto done; } - if (!enc && !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_SET_TAG, this->icv_size, + if (!enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, this->icv_size, data.ptr + data.len)) { /* set ICV for verification on decryption */ goto done; } - if (assoc.len && !EVP_CipherUpdate(&ctx, NULL, &len, assoc.ptr, assoc.len)) + if (assoc.len && !EVP_CipherUpdate(ctx, NULL, &len, assoc.ptr, assoc.len)) { /* set AAD if specified */ goto done; } - if (!EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len) || - !EVP_CipherFinal_ex(&ctx, out + len, &len)) + if (!EVP_CipherUpdate(ctx, out, &len, data.ptr, data.len) || + !EVP_CipherFinal_ex(ctx, out + len, &len)) { /* EVP_CipherFinal_ex fails if ICV is incorrect on decryption */ goto done; } - if (enc && !EVP_CIPHER_CTX_ctrl(&ctx, EVP_CTRL_GCM_GET_TAG, this->icv_size, + if (enc && !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, this->icv_size, out + data.len)) { /* copy back the ICV when encrypting */ goto done; @@ -109,7 +109,7 @@ static bool crypt(private_aead_t *this, chunk_t data, chunk_t assoc, chunk_t iv, success = TRUE; done: - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); return success; } @@ -152,7 +152,7 @@ METHOD(aead_t, decrypt, bool, METHOD(aead_t, get_block_size, size_t, private_aead_t *this) { - return this->cipher->block_size; + return EVP_CIPHER_block_size(this->cipher); } METHOD(aead_t, get_icv_size, size_t, diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c index 50b14698b..96ee230c9 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hasher.c +++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c @@ -43,7 +43,7 @@ struct private_openssl_hasher_t { METHOD(hasher_t, get_hash_size, size_t, private_openssl_hasher_t *this) { - return this->hasher->md_size; + return EVP_MD_size(this->hasher); } METHOD(hasher_t, reset, bool, @@ -53,7 +53,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_openssl_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_openssl_hasher_t *this, chunk_t chunk, uint8_t *hash) { if (EVP_DigestUpdate(this->ctx, chunk.ptr, chunk.len) != 1) { diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c index 065187a8c..16e707116 100644 --- a/src/libstrongswan/plugins/openssl/openssl_hmac.c +++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c @@ -68,7 +68,14 @@ struct private_mac_t { /** * Current HMAC context */ - HMAC_CTX hmac; + HMAC_CTX *hmac; + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + /** + * Static context for OpenSSL < 1.1.0 + */ + HMAC_CTX hmac_ctx; +#endif /** * Key set on HMAC_CTX? @@ -80,28 +87,28 @@ METHOD(mac_t, set_key, bool, private_mac_t *this, chunk_t key) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L - if (HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL)) + if (HMAC_Init_ex(this->hmac, key.ptr, key.len, this->hasher, NULL)) { this->key_set = TRUE; return TRUE; } return FALSE; #else /* OPENSSL_VERSION_NUMBER < 1.0 */ - HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL); + HMAC_Init_ex(this->hmac, key.ptr, key.len, this->hasher, NULL); this->key_set = TRUE; return TRUE; #endif } METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { if (!this->key_set) { return FALSE; } #if OPENSSL_VERSION_NUMBER >= 0x10000000L - if (!HMAC_Update(&this->hmac, data.ptr, data.len)) + if (!HMAC_Update(this->hmac, data.ptr, data.len)) { return FALSE; } @@ -109,17 +116,17 @@ METHOD(mac_t, get_mac, bool, { return TRUE; } - if (!HMAC_Final(&this->hmac, out, NULL)) + if (!HMAC_Final(this->hmac, out, NULL)) { return FALSE; } #else /* OPENSSL_VERSION_NUMBER < 1.0 */ - HMAC_Update(&this->hmac, data.ptr, data.len); + HMAC_Update(this->hmac, data.ptr, data.len); if (out == NULL) { return TRUE; } - HMAC_Final(&this->hmac, out, NULL); + HMAC_Final(this->hmac, out, NULL); #endif return set_key(this, chunk_empty); } @@ -133,7 +140,11 @@ METHOD(mac_t, get_mac_size, size_t, METHOD(mac_t, destroy, void, private_mac_t *this) { - HMAC_CTX_cleanup(&this->hmac); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + HMAC_CTX_free(this->hmac); +#else + HMAC_CTX_cleanup(&this->hmac_ctx); +#endif free(this); } @@ -167,7 +178,12 @@ static mac_t *hmac_create(hash_algorithm_t algo) return NULL; } - HMAC_CTX_init(&this->hmac); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + this->hmac = HMAC_CTX_new(); +#else + HMAC_CTX_init(&this->hmac_ctx); + this->hmac = &this->hmac_ctx; +#endif return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c index d16b2cc05..705e96c69 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c @@ -23,6 +23,10 @@ #include <library.h> #include <credentials/sets/mem_cred.h> +#ifdef OPENSSL_IS_BORINGSSL +#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) +#endif + typedef struct private_pkcs12_t private_pkcs12_t; /** @@ -110,7 +114,7 @@ static bool add_key(private_pkcs12_t *this, EVP_PKEY *private) { /* no private key is ok */ return TRUE; } - switch (EVP_PKEY_type(private->type)) + switch (EVP_PKEY_base_id(private)) { case EVP_PKEY_RSA: type = KEY_RSA; diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c index 891e829ae..5752d96de 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c @@ -29,6 +29,10 @@ #include <openssl/cms.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define X509_ATTRIBUTE_get0_object(attr) ({ (attr)->object; }) +#endif + typedef struct private_openssl_pkcs7_t private_openssl_pkcs7_t; /** @@ -432,11 +436,11 @@ METHOD(pkcs7_t, get_attribute, bool, for (i = 0; i < CMS_signed_get_attr_count(si); i++) { attr = CMS_signed_get_attr(si, i); - if (!attr->single && sk_ASN1_TYPE_num(attr->value.set) == 1 && - openssl_asn1_known_oid(attr->object) == oid) + if (X509_ATTRIBUTE_count(attr) == 1 && + openssl_asn1_known_oid(X509_ATTRIBUTE_get0_object(attr)) == oid) { /* get first value in SET */ - type = sk_ASN1_TYPE_value(attr->value.set, 0); + type = X509_ATTRIBUTE_get0_type(attr, 0); chunk = wrapped = openssl_i2chunk(ASN1_TYPE, type); if (asn1_unwrap(&chunk, &chunk) != 0x100 /* ASN1_INVALID */) { @@ -503,7 +507,7 @@ static bool decrypt_symmetric(private_openssl_pkcs7_t *this, chunk_t key, chunk_t iv; size_t key_size; - /* read encryption algorithm from interal structures; TODO fixup */ + /* read encryption algorithm from internal structures; TODO fixup */ alg = this->cms->envelopedData->encryptedContentInfo-> contentEncryptionAlgorithm; encr = encryption_algorithm_from_oid(openssl_asn1_known_oid(alg->algorithm), diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index aeb9be409..3e3b986df 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -66,6 +66,11 @@ struct private_openssl_plugin_t { }; /** + * OpenSSL is thread-safe since 1.1.0 + */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +/** * Array of static mutexs, with CRYPTO_num_locks() mutex */ static mutex_t **mutex = NULL; @@ -227,6 +232,14 @@ static void threading_cleanup() cleanup->destroy(cleanup); } +#else /* OPENSSL_VERSION_NUMBER */ + +#define threading_init() + +#define threading_cleanup() + +#endif + /** * Seed the OpenSSL RNG, if required */ @@ -502,8 +515,14 @@ METHOD(plugin_t, get_features, int, METHOD(plugin_t, destroy, void, private_openssl_plugin_t *this) { +/* OpenSSL 1.1.0 cleans up itself at exit and while OPENSSL_cleanup() exists we + * can't call it as we couldn't re-initialize the library (as required by the + * unit tests and the Android app) */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#ifndef OPENSSL_IS_BORINGSSL CONF_modules_free(); OBJ_cleanup(); +#endif EVP_cleanup(); #ifndef OPENSSL_NO_ENGINE ENGINE_cleanup(); @@ -511,6 +530,7 @@ METHOD(plugin_t, destroy, void, CRYPTO_cleanup_all_ex_data(); threading_cleanup(); ERR_free_strings(); +#endif /* OPENSSL_VERSION_NUMBER */ free(this); } @@ -553,10 +573,23 @@ plugin_t *openssl_plugin_create() }, ); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + /* note that we can't call OPENSSL_cleanup() when the plugin is destroyed + * as we couldn't initialize the library again afterwards */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG | + OPENSSL_INIT_ENGINE_ALL_BUILTIN, NULL); +#else /* OPENSSL_VERSION_NUMBER */ threading_init(); - +#ifndef OPENSSL_IS_BORINGSSL OPENSSL_config(NULL); +#endif OpenSSL_add_all_algorithms(); +#ifndef OPENSSL_NO_ENGINE + /* activate support for hardware accelerators */ + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif /* OPENSSL_NO_ENGINE */ +#endif /* OPENSSL_VERSION_NUMBER */ #ifdef OPENSSL_FIPS /* we do this here as it may have been enabled via openssl.conf */ @@ -565,12 +598,6 @@ plugin_t *openssl_plugin_create() "openssl FIPS mode(%d) - %sabled ", fips_mode, fips_mode ? "en" : "dis"); #endif /* OPENSSL_FIPS */ -#ifndef OPENSSL_NO_ENGINE - /* activate support for hardware accelerators */ - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -#endif /* OPENSSL_NO_ENGINE */ - if (!seed_rng()) { DBG1(DBG_CFG, "no RNG found to seed OpenSSL"); diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c index c807bb607..a25b6b4b6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rng.c +++ b/src/libstrongswan/plugins/openssl/openssl_rng.c @@ -47,15 +47,8 @@ struct private_openssl_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_openssl_rng_t *this, size_t bytes, u_int8_t *buffer) + private_openssl_rng_t *this, size_t bytes, uint8_t *buffer) { - if (this->quality == RNG_WEAK) - { - /* RAND_pseudo_bytes() returns 1 if returned bytes are strong, - * 0 if of not. Both is acceptable for RNG_WEAK. */ - return RAND_pseudo_bytes((char*)buffer, bytes) != -1; - } - /* A 0 return value is a failure for RAND_bytes() */ return RAND_bytes((char*)buffer, bytes) == 1; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index de02f302d..485e0bbc7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -20,6 +20,7 @@ #include "openssl_rsa_private_key.h" #include "openssl_rsa_public_key.h" +#include "openssl_util.h" #include <utils/debug.h> @@ -35,6 +36,12 @@ */ #define PUBLIC_EXPONENT 0x10001 +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) +OPENSSL_KEY_FALLBACK(RSA, factors, p, q) +OPENSSL_KEY_FALLBACK(RSA, crt_params, dmp1, dmq1, iqmp) +#endif + typedef struct private_openssl_rsa_private_key_t private_openssl_rsa_private_key_t; /** @@ -436,22 +443,38 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, } else if (n.ptr && e.ptr && d.ptr && p.ptr && q.ptr && coeff.ptr) { + BIGNUM *bn_n, *bn_e, *bn_d, *bn_p, *bn_q; + BIGNUM *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL; + this->rsa = RSA_new(); - this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); - this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); - this->rsa->d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); - this->rsa->p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); - this->rsa->q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + + bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + bn_d = BN_bin2bn((const u_char*)d.ptr, d.len, NULL); + if (!RSA_set0_key(this->rsa, bn_n, bn_e, bn_d)) + { + destroy(this); + return NULL; + + } + bn_p = BN_bin2bn((const u_char*)p.ptr, p.len, NULL); + bn_q = BN_bin2bn((const u_char*)q.ptr, q.len, NULL); + if (!RSA_set0_factors(this->rsa, bn_p, bn_q)) + { + destroy(this); + return NULL; + } if (exp1.ptr) { - this->rsa->dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); + dmp1 = BN_bin2bn((const u_char*)exp1.ptr, exp1.len, NULL); } if (exp2.ptr) { - this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); + dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL); } - this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); - if (RSA_check_key(this->rsa) == 1) + iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL); + if (RSA_set0_crt_params(this->rsa, dmp1, dmq1, iqmp) && + RSA_check_key(this->rsa) == 1) { return &this->public; } diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index db928569f..d66d5016e 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -28,6 +28,10 @@ #include <openssl/rsa.h> #include <openssl/x509.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L +OPENSSL_KEY_FALLBACK(RSA, key, n, e, d) +#endif + typedef struct private_openssl_rsa_public_key_t private_openssl_rsa_public_key_t; /** @@ -224,11 +228,13 @@ bool openssl_rsa_fingerprint(RSA *rsa, cred_encoding_type_t type, chunk_t *fp) break; default: { + const BIGNUM *bn_n, *bn_e; chunk_t n = chunk_empty, e = chunk_empty; bool success = FALSE; - if (openssl_bn2chunk(rsa->n, &n) && - openssl_bn2chunk(rsa->e, &e)) + RSA_get0_key(rsa, &bn_n, &bn_e, NULL); + if (openssl_bn2chunk(bn_n, &n) && + openssl_bn2chunk(bn_e, &e)) { success = lib->encoding->encode(lib->encoding, type, rsa, fp, CRED_PART_RSA_MODULUS, n, @@ -297,10 +303,12 @@ METHOD(public_key_t, get_encoding, bool, } default: { + const BIGNUM *bn_n, *bn_e; chunk_t n = chunk_empty, e = chunk_empty; - if (openssl_bn2chunk(this->rsa->n, &n) && - openssl_bn2chunk(this->rsa->e, &e)) + RSA_get0_key(this->rsa, &bn_n, &bn_e, NULL); + if (openssl_bn2chunk(bn_n, &n) && + openssl_bn2chunk(bn_e, &e)) { success = lib->encoding->encode(lib->encoding, type, NULL, encoding, CRED_PART_RSA_MODULUS, n, @@ -416,10 +424,15 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_load(key_type_t type, } else if (n.ptr && e.ptr && type == KEY_RSA) { + BIGNUM *bn_n, *bn_e; + this->rsa = RSA_new(); - this->rsa->n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); - this->rsa->e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); - return &this->public; + bn_n = BN_bin2bn((const u_char*)n.ptr, n.len, NULL); + bn_e = BN_bin2bn((const u_char*)e.ptr, e.len, NULL); + if (RSA_set0_key(this->rsa, bn_n, bn_e, NULL)) + { + return &this->public; + } } destroy(this); return NULL; diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c index 446c93e2b..f6df03f12 100644 --- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c +++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c @@ -40,7 +40,7 @@ struct private_openssl_sha1_prf_t { }; METHOD(prf_t, get_bytes, bool, - private_openssl_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) + private_openssl_sha1_prf_t *this, chunk_t seed, uint8_t *bytes) { #if OPENSSL_VERSION_NUMBER >= 0x10000000L if (!SHA1_Update(&this->ctx, seed.ptr, seed.len)) @@ -53,7 +53,7 @@ METHOD(prf_t, get_bytes, bool, if (bytes) { - u_int32_t *hash = (u_int32_t*)bytes; + uint32_t *hash = (uint32_t*)bytes; hash[0] = htonl(this->ctx.h0); hash[1] = htonl(this->ctx.h1); diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c index 2f9813701..6580e1c7d 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.c +++ b/src/libstrongswan/plugins/openssl/openssl_util.c @@ -22,6 +22,12 @@ #include <openssl/evp.h> #include <openssl/x509.h> +/* these were added with 1.1.0 when ASN1_OBJECT was made opaque */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define OBJ_get0_data(o) ((o)->data) +#define OBJ_length(o) ((o)->length) +#endif + /** * Described in header. */ @@ -51,7 +57,7 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash) goto error; } - *hash = chunk_alloc(hasher->md_size); + *hash = chunk_alloc(EVP_MD_size(hasher)); if (!EVP_DigestFinal_ex(ctx, hash->ptr, NULL)) { chunk_free(hash); @@ -70,7 +76,8 @@ error: /** * Described in header. */ -bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk) +bool openssl_bn_cat(const int len, const BIGNUM *a, const BIGNUM *b, + chunk_t *chunk) { int offset; @@ -127,7 +134,7 @@ bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b) /** * Described in header. */ -bool openssl_bn2chunk(BIGNUM *bn, chunk_t *chunk) +bool openssl_bn2chunk(const BIGNUM *bn, chunk_t *chunk) { *chunk = chunk_alloc(BN_num_bytes(bn)); if (BN_bn2bin(bn, chunk->ptr) == chunk->len) @@ -149,7 +156,7 @@ chunk_t openssl_asn1_obj2chunk(ASN1_OBJECT *asn1) { if (asn1) { - return chunk_create((u_char*)asn1->data, asn1->length); + return chunk_create((u_char*)OBJ_get0_data(asn1), OBJ_length(asn1)); } return chunk_empty; } diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index 2db073139..f4186e8c4 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -60,7 +60,8 @@ bool openssl_hash_chunk(int hash_type, chunk_t data, chunk_t *hash); * @param chunk resulting chunk * @return TRUE on success, FALSE otherwise */ -bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk); +bool openssl_bn_cat(const int len, const BIGNUM *a, const BIGNUM *b, + chunk_t *chunk); /** * Splits a chunk into two bignums of equal binary length. @@ -80,7 +81,7 @@ bool openssl_bn_split(chunk_t chunk, BIGNUM *a, BIGNUM *b); * @param chunk the chunk (data gets allocated) * @return TRUE on success, FALSE otherwise */ -bool openssl_bn2chunk(BIGNUM *bn, chunk_t *chunk); +bool openssl_bn2chunk(const BIGNUM *bn, chunk_t *chunk); /** * Allocate a chunk using the i2d function of a given object @@ -134,4 +135,42 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj); */ time_t openssl_asn1_to_time(ASN1_TIME *time); +/** + * Macros to define fallback getters/setters to access keys (BIGNUM*) for types + * that were made opaque with OpenSSL 1.1.0. + */ +#define OPENSSL_KEY_FALLBACK(...) VA_ARGS_DISPATCH(OPENSSL_KEY_FALLBACK, __VA_ARGS__)(__VA_ARGS__) +#define OPENSSL_KEY_FALLBACK3(type, k1, k2) \ +__attribute__((unused)) \ +static inline void type##_get0(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \ + if (k1) *k1 = o->k1; \ + if (k2) *k2 = o->k2; } \ +__attribute__((unused)) \ +static inline int type##_set0(type *o, BIGNUM *k1, BIGNUM *k2) { \ + if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ + if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ + return 1; } +#define OPENSSL_KEY_FALLBACK4(type, name, k1, k2) \ +__attribute__((unused)) \ +static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2) { \ + if (k1) *k1 = o->k1; \ + if (k2) *k2 = o->k2; } \ +__attribute__((unused)) \ +static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2) { \ + if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ + if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ + return 1; } +#define OPENSSL_KEY_FALLBACK5(type, name, k1, k2, k3) \ +__attribute__((unused)) \ +static inline void type##_get0_##name(const type *o, const BIGNUM **k1, const BIGNUM **k2, const BIGNUM **k3) { \ + if (k1) *k1 = o->k1; \ + if (k2) *k2 = o->k2; \ + if (k3) *k3 = o->k3; } \ +__attribute__((unused)) \ +static inline int type##_set0_##name(type *o, BIGNUM *k1, BIGNUM *k2, BIGNUM *k3) { \ + if (k1) { BN_clear_free(o->k1); o->k1 = k1; } \ + if (k2) { BN_clear_free(o->k2); o->k2 = k2; } \ + if (k3) { BN_clear_free(o->k3); o->k3 = k3; } \ + return 1; } + #endif /** OPENSSL_UTIL_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_x509.c b/src/libstrongswan/plugins/openssl/openssl_x509.c index 7a5b206dd..e95eb729b 100644 --- a/src/libstrongswan/plugins/openssl/openssl_x509.c +++ b/src/libstrongswan/plugins/openssl/openssl_x509.c @@ -60,6 +60,25 @@ #define OPENSSL_NO_RFC3779 #endif +/* added with 1.0.2 */ +#if OPENSSL_VERSION_NUMBER < 0x10002000L +static inline void X509_get0_signature(ASN1_BIT_STRING **psig, X509_ALGOR **palg, const X509 *x) { + if (psig) { *psig = x->signature; } + if (palg) { *palg = x->sig_alg; } +} +#endif + +/* added with 1.1.0 when X509 etc. was made opaque */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define X509_get0_extensions(x509) ({ (x509)->cert_info->extensions; }) +#define X509_get0_tbs_sigalg(x509) ({ (x509)->cert_info->signature; }) +#define X509_ALGOR_get0(oid, ppt, ppv, alg) ({ *(oid) = (alg)->algorithm; }) +#define X509_PUBKEY_get0_param(oid, pk, len, pa, pub) X509_ALGOR_get0(oid, NULL, NULL, (pub)->algor) +#define X509v3_addr_get_afi v3_addr_get_afi +#define X509v3_addr_get_range v3_addr_get_range +#define X509v3_addr_is_canonical v3_addr_is_canonical +#endif + typedef struct private_openssl_x509_t private_openssl_x509_t; /** @@ -380,6 +399,7 @@ METHOD(certificate_t, issued_by, bool, public_key_t *key; bool valid; x509_t *x509 = (x509_t*)issuer; + ASN1_BIT_STRING *sig; chunk_t tbs; if (&this->public.x509.interface == issuer) @@ -413,9 +433,14 @@ METHOD(certificate_t, issued_by, bool, { return FALSE; } + /* i2d_re_X509_tbs() was added with 1.1.0 when X509 was made opaque */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + tbs = openssl_i2chunk(re_X509_tbs, this->x509); +#else tbs = openssl_i2chunk(X509_CINF, this->x509->cert_info); - valid = key->verify(key, this->scheme, tbs, - openssl_asn1_str2chunk(this->x509->signature)); +#endif + X509_get0_signature(&sig, NULL, this->x509); + valid = key->verify(key, this->scheme, tbs, openssl_asn1_str2chunk(sig)); free(tbs.ptr); key->destroy(key); if (valid && scheme) @@ -850,7 +875,7 @@ static void parse_ipAddrBlock_ext_fam(private_openssl_x509_t *this, return; } - afi = v3_addr_get_afi(fam); + afi = X509v3_addr_get_afi(fam); switch (afi) { case IANA_AFI_IPV4: @@ -871,7 +896,7 @@ static void parse_ipAddrBlock_ext_fam(private_openssl_x509_t *this, for (i = 0; i < sk_IPAddressOrRange_num(list); i++) { aor = sk_IPAddressOrRange_value(list, i); - if (v3_addr_get_range(aor, afi, from.ptr, to.ptr, from.len) > 0) + if (X509v3_addr_get_range(aor, afi, from.ptr, to.ptr, from.len) > 0) { ts = traffic_selector_create_from_bytes(0, type, from, 0, to, 65535); if (ts) @@ -897,7 +922,7 @@ static bool parse_ipAddrBlock_ext(private_openssl_x509_t *this, return FALSE; } - if (!v3_addr_is_canonical(blocks)) + if (!X509v3_addr_is_canonical(blocks)) { sk_IPAddressFamily_free(blocks); return FALSE; @@ -964,7 +989,7 @@ static bool parse_extensions(private_openssl_x509_t *this) STACK_OF(X509_EXTENSION) *extensions; int i, num; - extensions = this->x509->cert_info->extensions; + extensions = X509_get0_extensions(this->x509); if (extensions) { num = sk_X509_EXTENSION_num(extensions); @@ -1041,6 +1066,8 @@ static bool parse_certificate(private_openssl_x509_t *this) const unsigned char *ptr = this->encoding.ptr; hasher_t *hasher; chunk_t chunk; + ASN1_OBJECT *oid, *oid_tbs; + X509_ALGOR *alg; this->x509 = d2i_X509(NULL, &ptr, this->encoding.len); if (!this->x509) @@ -1057,7 +1084,12 @@ static bool parse_certificate(private_openssl_x509_t *this) this->subject = openssl_x509_name2id(X509_get_subject_name(this->x509)); this->issuer = openssl_x509_name2id(X509_get_issuer_name(this->x509)); - switch (openssl_asn1_known_oid(this->x509->cert_info->key->algor->algorithm)) + if (!X509_PUBKEY_get0_param(&oid, NULL, NULL, NULL, + X509_get_X509_PUBKEY(this->x509))) + { + return FALSE; + } + switch (openssl_asn1_known_oid(oid)) { case OID_RSA_ENCRYPTION: this->pubkey = lib->creds->create(lib->creds, @@ -1086,14 +1118,18 @@ static bool parse_certificate(private_openssl_x509_t *this) this->notBefore = openssl_asn1_to_time(X509_get_notBefore(this->x509)); this->notAfter = openssl_asn1_to_time(X509_get_notAfter(this->x509)); - if (!chunk_equals( - openssl_asn1_obj2chunk(this->x509->cert_info->signature->algorithm), - openssl_asn1_obj2chunk(this->x509->sig_alg->algorithm))) + /* while X509_ALGOR_cmp() is declared in the headers of older OpenSSL + * versions, at least on Ubuntu 14.04 it is not actually defined */ + X509_get0_signature(NULL, &alg, this->x509); + X509_ALGOR_get0(&oid, NULL, NULL, alg); + alg = X509_get0_tbs_sigalg(this->x509); + X509_ALGOR_get0(&oid_tbs, NULL, NULL, alg); + if (!chunk_equals(openssl_asn1_obj2chunk(oid), + openssl_asn1_obj2chunk(oid_tbs))) { return FALSE; } - this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid( - this->x509->sig_alg->algorithm)); + this->scheme = signature_scheme_from_oid(openssl_asn1_known_oid(oid)); if (!parse_extensions(this)) { diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in index 2d6006bca..e1cf497c8 100644 --- a/src/libstrongswan/plugins/padlock/Makefile.in +++ b/src/libstrongswan/plugins/padlock/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/padlock -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/padlock/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/padlock/padlock_rng.c b/src/libstrongswan/plugins/padlock/padlock_rng.c index 517914ab5..6b337d82c 100644 --- a/src/libstrongswan/plugins/padlock/padlock_rng.c +++ b/src/libstrongswan/plugins/padlock/padlock_rng.c @@ -81,7 +81,7 @@ METHOD(rng_t, allocate_bytes, bool, } METHOD(rng_t, get_bytes, bool, - private_padlock_rng_t *this, size_t bytes, u_int8_t *buffer) + private_padlock_rng_t *this, size_t bytes, uint8_t *buffer) { chunk_t chunk; diff --git a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c index 4489b902a..107ade09b 100644 --- a/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c +++ b/src/libstrongswan/plugins/padlock/padlock_sha1_hasher.c @@ -54,9 +54,9 @@ static void padlock_sha1(int len, u_char *in, u_char *out) /** * sha1() a buffer of data into digest */ -static void sha1(chunk_t data, u_int32_t *digest) +static void sha1(chunk_t data, uint32_t *digest) { - u_int32_t hash[128] PADLOCK_ALIGN; + uint32_t hash[128] PADLOCK_ALIGN; hash[0] = 0x67452301; hash[1] = 0xefcdab89; @@ -91,18 +91,18 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_padlock_sha1_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_padlock_sha1_hasher_t *this, chunk_t chunk, uint8_t *hash) { if (hash) { if (this->data.len) { append_data(this, chunk); - sha1(this->data, (u_int32_t*)hash); + sha1(this->data, (uint32_t*)hash); } else { /* hash directly if no previous data found */ - sha1(chunk, (u_int32_t*)hash); + sha1(chunk, (uint32_t*)hash); } reset(this); } diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in index 16dfbed3a..3e6b8d0bb 100644 --- a/src/libstrongswan/plugins/pem/Makefile.in +++ b/src/libstrongswan/plugins/pem/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pem -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pem/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c index f0e508abf..719a2a69e 100644 --- a/src/libstrongswan/plugins/pem/pem_builder.c +++ b/src/libstrongswan/plugins/pem/pem_builder.c @@ -93,7 +93,7 @@ static status_t pem_decrypt(chunk_t *blob, encryption_algorithm_t alg, chunk_t hash; chunk_t decrypted; chunk_t key = {alloca(key_size), key_size}; - u_int8_t padding, *last_padding_pos, *first_padding_pos; + uint8_t padding, *last_padding_pos, *first_padding_pos; /* build key from passphrase and IV */ hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5); diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in index a55877952..e9c85e57f 100644 --- a/src/libstrongswan/plugins/pgp/Makefile.in +++ b/src/libstrongswan/plugins/pgp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pgp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pgp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -778,6 +791,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pgp/pgp_builder.c b/src/libstrongswan/plugins/pgp/pgp_builder.c index 152e83aaa..fe0be45d9 100644 --- a/src/libstrongswan/plugins/pgp/pgp_builder.c +++ b/src/libstrongswan/plugins/pgp/pgp_builder.c @@ -26,7 +26,7 @@ */ static public_key_t *parse_public_key(chunk_t blob) { - u_int32_t alg; + uint32_t alg; public_key_t *key; if (!pgp_read_scalar(&blob, 1, &alg)) @@ -74,7 +74,7 @@ static public_key_t *parse_rsa_public_key(chunk_t blob) static private_key_t *parse_rsa_private_key(chunk_t blob) { chunk_t mpi[6]; - u_int32_t s2k; + uint32_t s2k; int i; for (i = 0; i < 2; i++) @@ -143,7 +143,7 @@ static private_key_t *parse_private_key(chunk_t blob) { chunk_t packet; pgp_packet_tag_t tag; - u_int32_t version, created, days, alg; + uint32_t version, created, days, alg; private_key_t *key; if (!pgp_read_packet(&blob, &packet, &tag)) diff --git a/src/libstrongswan/plugins/pgp/pgp_cert.c b/src/libstrongswan/plugins/pgp/pgp_cert.c index 89d7094ad..0ffce4cfc 100644 --- a/src/libstrongswan/plugins/pgp/pgp_cert.c +++ b/src/libstrongswan/plugins/pgp/pgp_cert.c @@ -40,17 +40,17 @@ struct private_pgp_cert_t { /** * version of the public key */ - u_int32_t version; + uint32_t version; /** * creation time */ - u_int32_t created; + uint32_t created; /** * days the certificate is valid */ - u_int32_t valid; + uint32_t valid; /** * userid of the certificate @@ -349,7 +349,7 @@ static bool parse_public_key(private_pgp_cert_t *this, chunk_t packet) */ static bool parse_signature(private_pgp_cert_t *this, chunk_t packet) { - u_int32_t version, len, type, created; + uint32_t version, len, type, created; if (!pgp_read_scalar(&packet, 1, &version)) { diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.c b/src/libstrongswan/plugins/pgp/pgp_utils.c index bb15627fd..283bf8c36 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.c +++ b/src/libstrongswan/plugins/pgp/pgp_utils.c @@ -73,9 +73,9 @@ ENUM_END(pgp_packet_tag_names, PGP_PKT_MOD_DETECT_CODE); /** * Read a PGP scalar of bytes length, advance blob */ -bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) +bool pgp_read_scalar(chunk_t *blob, size_t bytes, uint32_t *scalar) { - u_int32_t res = 0; + uint32_t res = 0; if (bytes > blob->len) { @@ -96,7 +96,7 @@ bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar) */ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) { - u_int32_t bits, bytes; + uint32_t bits, bytes; if (!pgp_read_scalar(blob, 2, &bits)) { @@ -117,7 +117,7 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi) /** * Read length of an PGP old packet length encoding */ -static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length) +static bool pgp_old_packet_length(chunk_t *blob, uint32_t *length) { /* bits 0 and 1 define the packet length type */ u_char type; @@ -141,7 +141,7 @@ static bool pgp_old_packet_length(chunk_t *blob, u_int32_t *length) */ bool pgp_read_packet(chunk_t *blob, chunk_t *data, pgp_packet_tag_t *tag) { - u_int32_t len; + uint32_t len; u_char t; if (!blob->len) diff --git a/src/libstrongswan/plugins/pgp/pgp_utils.h b/src/libstrongswan/plugins/pgp/pgp_utils.h index 203a0a85d..180292a7a 100644 --- a/src/libstrongswan/plugins/pgp/pgp_utils.h +++ b/src/libstrongswan/plugins/pgp/pgp_utils.h @@ -115,7 +115,7 @@ bool pgp_read_mpi(chunk_t *blob, chunk_t *mpi); * @param scalar resultin scalar * @return TRUE if scalar parsed successfully */ -bool pgp_read_scalar(chunk_t *blob, size_t bytes, u_int32_t *scalar); +bool pgp_read_scalar(chunk_t *blob, size_t bytes, uint32_t *scalar); /** * Parse a PGP packet. diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in index a265818b0..a61eb1ab2 100644 --- a/src/libstrongswan/plugins/pkcs1/Makefile.in +++ b/src/libstrongswan/plugins/pkcs1/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs1 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs1/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in index f4bded41a..61919e3dd 100644 --- a/src/libstrongswan/plugins/pkcs11/Makefile.in +++ b/src/libstrongswan/plugins/pkcs11/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs11 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs11/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -790,6 +803,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c index 80079b9a9..847f03115 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_hasher.c @@ -146,7 +146,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_pkcs11_hasher_t *this, chunk_t chunk, u_int8_t *hash) + private_pkcs11_hasher_t *this, chunk_t chunk, uint8_t *hash) { CK_RV rv; CK_ULONG len; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c index bfc545972..aec4550ce 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_private_key.c @@ -295,13 +295,19 @@ METHOD(private_key_t, sign, bool, case SIGN_ECDSA_WITH_SHA256_DER: case SIGN_ECDSA_WITH_SHA384_DER: case SIGN_ECDSA_WITH_SHA512_DER: - /* return an ASN.1 encoded sequence of integers r and s */ + { + chunk_t r, s; + + /* return an ASN.1 encoded sequence of integers r and s, removing + * any zero-padding */ len /= 2; + r = chunk_skip_zero(chunk_create(buf, len)); + s = chunk_skip_zero(chunk_create(buf+len, len)); *signature = asn1_wrap(ASN1_SEQUENCE, "mm", - asn1_integer("c", chunk_create(buf, len)), - asn1_integer("c", chunk_create(buf+len, len))); + asn1_integer("c", r), asn1_integer("c", s)); free(buf); break; + } default: *signature = chunk_create(buf, len); break; diff --git a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c index d18028b45..753835187 100644 --- a/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c +++ b/src/libstrongswan/plugins/pkcs11/pkcs11_rng.c @@ -44,7 +44,7 @@ struct private_pkcs11_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_pkcs11_rng_t *this, size_t bytes, u_int8_t *buffer) + private_pkcs11_rng_t *this, size_t bytes, uint8_t *buffer) { CK_RV rv; rv = this->lib->f->C_GenerateRandom(this->session, buffer, bytes); diff --git a/src/libstrongswan/plugins/pkcs12/Makefile.in b/src/libstrongswan/plugins/pkcs12/Makefile.in index 7fd31583b..02b7d2902 100644 --- a/src/libstrongswan/plugins/pkcs12/Makefile.in +++ b/src/libstrongswan/plugins/pkcs12/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs12 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs12/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs12/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c index 4441b278f..82fc0c0b9 100644 --- a/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c +++ b/src/libstrongswan/plugins/pkcs12/pkcs12_decode.c @@ -324,7 +324,7 @@ end: * Verify the given MAC with available passwords. */ static bool verify_mac(hash_algorithm_t hash, chunk_t salt, - u_int64_t iterations, chunk_t data, chunk_t mac) + uint64_t iterations, chunk_t data, chunk_t mac) { integrity_algorithm_t integ; enumerator_t *enumerator; @@ -450,7 +450,7 @@ static bool parse_PFX(private_pkcs12_t *this, chunk_t blob) data = chunk_empty; hash_algorithm_t hash = HASH_UNKNOWN; container_t *container = NULL; - u_int64_t iterations = 0; + uint64_t iterations = 0; bool success = FALSE; parser = asn1_parser_create(PFXObjects, blob); diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in index 5fc439b99..5a758aa14 100644 --- a/src/libstrongswan/plugins/pkcs7/Makefile.in +++ b/src/libstrongswan/plugins/pkcs7/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs7 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -204,12 +213,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -259,6 +270,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -293,6 +305,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -404,6 +417,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +480,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs7/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs7/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -785,6 +798,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in index 162868af5..92f751a61 100644 --- a/src/libstrongswan/plugins/pkcs8/Makefile.in +++ b/src/libstrongswan/plugins/pkcs8/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pkcs8 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pkcs8/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -772,6 +785,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/plugin_feature.c b/src/libstrongswan/plugins/plugin_feature.c index 0ea5eeaf8..4c92c412c 100644 --- a/src/libstrongswan/plugins/plugin_feature.c +++ b/src/libstrongswan/plugins/plugin_feature.c @@ -57,7 +57,7 @@ ENUM(plugin_feature_names, FEATURE_NONE, FEATURE_CUSTOM, /** * See header. */ -u_int32_t plugin_feature_hash(plugin_feature_t *feature) +uint32_t plugin_feature_hash(plugin_feature_t *feature) { chunk_t data = chunk_empty; diff --git a/src/libstrongswan/plugins/plugin_feature.h b/src/libstrongswan/plugins/plugin_feature.h index 03f1ba8cc..ee7808a94 100644 --- a/src/libstrongswan/plugins/plugin_feature.h +++ b/src/libstrongswan/plugins/plugin_feature.h @@ -362,7 +362,7 @@ static inline void plugin_features_add(plugin_feature_t *features, * @param feature feature to hash * @return hash value of the feature */ -u_int32_t plugin_feature_hash(plugin_feature_t *feature); +uint32_t plugin_feature_hash(plugin_feature_t *feature); /** * Check if feature a matches to feature b. diff --git a/src/libstrongswan/plugins/plugin_loader.c b/src/libstrongswan/plugins/plugin_loader.c index 01d0495be..5787eac00 100644 --- a/src/libstrongswan/plugins/plugin_loader.c +++ b/src/libstrongswan/plugins/plugin_loader.c @@ -1024,6 +1024,15 @@ static int plugin_priority_cmp(const plugin_priority_t *a, return diff; } +/** + * Convert enumerated plugin_priority_t to a plugin name + */ +static bool plugin_priority_filter(void *null, plugin_priority_t **prio, + char **name) +{ + *name = (*prio)->name; + return TRUE; +} /** * Determine the list of plugins to load via load option in each plugin's @@ -1036,12 +1045,7 @@ static char *modular_pluginlist(char *list) plugin_priority_t item, *current, found; char *plugin, *plugins = NULL; int i = 0, max_prio; - - if (!lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE, - lib->ns)) - { - return list; - } + bool load_def = FALSE; given = array_create(sizeof(plugin_priority_t), 0); final = array_create(sizeof(plugin_priority_t), 0); @@ -1058,16 +1062,26 @@ static char *modular_pluginlist(char *list) /* the maximum priority used for plugins not found in this list */ max_prio = i + 1; - enumerator = lib->settings->create_section_enumerator(lib->settings, + if (lib->settings->get_bool(lib->settings, "%s.load_modular", FALSE, + lib->ns)) + { + enumerator = lib->settings->create_section_enumerator(lib->settings, "%s.plugins", lib->ns); + } + else + { + enumerator = enumerator_create_filter(array_create_enumerator(given), + (void*)plugin_priority_filter, NULL, NULL); + load_def = TRUE; + } while (enumerator->enumerate(enumerator, &plugin)) { item.prio = lib->settings->get_int(lib->settings, - "%s.plugins.%s.load", 0, lib->ns, plugin); + "%s.plugins.%s.load", 0, lib->ns, plugin); if (!item.prio) { if (!lib->settings->get_bool(lib->settings, - "%s.plugins.%s.load", FALSE, lib->ns, plugin)) + "%s.plugins.%s.load", load_def, lib->ns, plugin)) { continue; } @@ -1083,7 +1097,6 @@ static char *modular_pluginlist(char *list) array_insert(final, ARRAY_TAIL, &item); } enumerator->destroy(enumerator); - array_destroy_function(given, (void*)plugin_priority_free, NULL); array_sort(final, (void*)plugin_priority_cmp, NULL); @@ -1100,6 +1113,7 @@ static char *modular_pluginlist(char *list) free(prev); } enumerator->destroy(enumerator); + array_destroy_function(given, (void*)plugin_priority_free, NULL); array_destroy(final); return plugins; } diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in index 007bdbd00..c5decc3a4 100644 --- a/src/libstrongswan/plugins/pubkey/Makefile.in +++ b/src/libstrongswan/plugins/pubkey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/pubkey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/pubkey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in index f6dc73e09..b78e62732 100644 --- a/src/libstrongswan/plugins/random/Makefile.in +++ b/src/libstrongswan/plugins/random/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/random -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/random/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/random/random_rng.c b/src/libstrongswan/plugins/random/random_rng.c index 177b3c2e5..3760630ab 100644 --- a/src/libstrongswan/plugins/random/random_rng.c +++ b/src/libstrongswan/plugins/random/random_rng.c @@ -41,7 +41,7 @@ struct private_random_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_random_rng_t *this, size_t bytes, u_int8_t *buffer) + private_random_rng_t *this, size_t bytes, uint8_t *buffer) { size_t done; ssize_t got; diff --git a/src/libstrongswan/plugins/rc2/Makefile.in b/src/libstrongswan/plugins/rc2/Makefile.in index b9fc8bdf6..51f6a17a7 100644 --- a/src/libstrongswan/plugins/rc2/Makefile.in +++ b/src/libstrongswan/plugins/rc2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/rc2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/rc2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/rc2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/rc2/rc2_crypter.c b/src/libstrongswan/plugins/rc2/rc2_crypter.c index 256acf817..d9681e834 100644 --- a/src/libstrongswan/plugins/rc2/rc2_crypter.c +++ b/src/libstrongswan/plugins/rc2/rc2_crypter.c @@ -19,11 +19,11 @@ typedef struct private_rc2_crypter_t private_rc2_crypter_t; #define RC2_BLOCK_SIZE 8 -#define ROL16(x, k) ({ u_int16_t _x = (x); (_x << (k)) | (_x >> (16 - (k))); }) -#define ROR16(x, k) ({ u_int16_t _x = (x); (_x >> (k)) | (_x << (16 - (k))); }) +#define ROL16(x, k) ({ uint16_t _x = (x); (_x << (k)) | (_x >> (16 - (k))); }) +#define ROR16(x, k) ({ uint16_t _x = (x); (_x >> (k)) | (_x << (16 - (k))); }) -#define GET16(x) ({ u_char *_x = (x); (u_int16_t)_x[0] | ((u_int16_t)_x[1] << 8); }) -#define PUT16(x, v) ({ u_char *_x = (x); u_int16_t _v = (v); _x[0] = _v, _x[1] = _v >> 8; }) +#define GET16(x) ({ u_char *_x = (x); (uint16_t)_x[0] | ((uint16_t)_x[1] << 8); }) +#define PUT16(x, v) ({ u_char *_x = (x); uint16_t _v = (v); _x[0] = _v, _x[1] = _v >> 8; }) /** * Private data of rc2_crypter_t @@ -38,7 +38,7 @@ struct private_rc2_crypter_t { /** * The expanded key in 16-bit words */ - u_int16_t K[64]; + uint16_t K[64]; /** * Key size in bytes @@ -95,7 +95,7 @@ static const u_char PITABLE[256] = */ static void encrypt_block(private_rc2_crypter_t *this, u_char R[]) { - register u_int16_t R0, R1, R2, R3, *Kj; + register uint16_t R0, R1, R2, R3, *Kj; int rounds = 3, mix = 5; R0 = GET16(R); @@ -139,7 +139,7 @@ static void encrypt_block(private_rc2_crypter_t *this, u_char R[]) */ static void decrypt_block(private_rc2_crypter_t *this, u_char R[]) { - register u_int16_t R0, R1, R2, R3, *Kj; + register uint16_t R0, R1, R2, R3, *Kj; int rounds = 3, mix = 5; R0 = GET16(R); @@ -185,7 +185,7 @@ static void decrypt_block(private_rc2_crypter_t *this, u_char R[]) METHOD(crypter_t, decrypt, bool, private_rc2_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *decrypted) { - u_int8_t *in, *out, *prev; + uint8_t *in, *out, *prev; if (data.len % RC2_BLOCK_SIZE || iv.len != RC2_BLOCK_SIZE) { @@ -222,7 +222,7 @@ METHOD(crypter_t, decrypt, bool, METHOD(crypter_t, encrypt, bool, private_rc2_crypter_t *this, chunk_t data, chunk_t iv, chunk_t *encrypted) { - u_int8_t *in, *out, *end, *prev; + uint8_t *in, *out, *end, *prev; if (data.len % RC2_BLOCK_SIZE || iv.len != RC2_BLOCK_SIZE) { @@ -273,7 +273,7 @@ METHOD(crypter_t, get_key_size, size_t, METHOD(crypter_t, set_key, bool, private_rc2_crypter_t *this, chunk_t key) { - u_int8_t L[128], T8, TM, idx; + uint8_t L[128], T8, TM, idx; int i; if (key.len != this->T) diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in index f6bdf9c59..ff853b691 100644 --- a/src/libstrongswan/plugins/rdrand/Makefile.in +++ b/src/libstrongswan/plugins/rdrand/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/rdrand -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/rdrand/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/rdrand/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/rdrand/rdrand_rng.c b/src/libstrongswan/plugins/rdrand/rdrand_rng.c index fa66f3ad7..b7225b6a2 100644 --- a/src/libstrongswan/plugins/rdrand/rdrand_rng.c +++ b/src/libstrongswan/plugins/rdrand/rdrand_rng.c @@ -54,7 +54,7 @@ struct private_rdrand_rng_t { /** * Get a two byte word using RDRAND */ -static bool rdrand16(u_int16_t *out) +static bool rdrand16(uint16_t *out) { u_char res; int i; @@ -76,7 +76,7 @@ static bool rdrand16(u_int16_t *out) /** * Get a four byte word using RDRAND */ -static bool rdrand32(u_int32_t *out) +static bool rdrand32(uint32_t *out) { u_char res; int i; @@ -99,7 +99,7 @@ static bool rdrand32(u_int32_t *out) /** * Get a eight byte word using RDRAND */ -static bool rdrand64(u_int64_t *out) +static bool rdrand64(uint64_t *out) { u_char res; int i; @@ -122,9 +122,9 @@ static bool rdrand64(u_int64_t *out) /** * Get a one byte word using RDRAND */ -static bool rdrand8(u_int8_t *out) +static bool rdrand8(uint8_t *out) { - u_int16_t u16; + uint16_t u16; if (!rdrand16(&u16)) { @@ -141,15 +141,15 @@ static bool rdrand128(void *out) { #ifdef __x86_64__ if (!rdrand64(out) || - !rdrand64(out + sizeof(u_int64_t))) + !rdrand64(out + sizeof(uint64_t))) { return FALSE; } #else /* __i386__ */ if (!rdrand32(out) || - !rdrand32(out + 1 * sizeof(u_int32_t)) || - !rdrand32(out + 2 * sizeof(u_int32_t)) || - !rdrand32(out + 3 * sizeof(u_int32_t))) + !rdrand32(out + 1 * sizeof(uint32_t)) || + !rdrand32(out + 2 * sizeof(uint32_t)) || + !rdrand32(out + 3 * sizeof(uint32_t))) { return FALSE; } @@ -165,9 +165,9 @@ static bool reseed() int i; #ifdef __x86_64__ - u_int64_t tmp; + uint64_t tmp; - for (i = 0; i < 511 * 16 / sizeof(u_int64_t); i++) + for (i = 0; i < 511 * 16 / sizeof(uint64_t); i++) { if (!rdrand64(&tmp)) { @@ -175,9 +175,9 @@ static bool reseed() } } #else /* __i386__ */ - u_int32_t tmp; + uint32_t tmp; - for (i = 0; i < 511 * 16 / sizeof(u_int32_t); i++) + for (i = 0; i < 511 * 16 / sizeof(uint32_t); i++) { if (!rdrand32(&tmp)) { @@ -202,48 +202,48 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) } /* align to 2 byte */ - if (chunk.len >= sizeof(u_int8_t)) + if (chunk.len >= sizeof(uint8_t)) { if ((uintptr_t)chunk.ptr % 2) { - if (!rdrand8((u_int8_t*)chunk.ptr)) + if (!rdrand8((uint8_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int8_t)); + chunk = chunk_skip(chunk, sizeof(uint8_t)); } } /* align to 4 byte */ - if (chunk.len >= sizeof(u_int16_t)) + if (chunk.len >= sizeof(uint16_t)) { if ((uintptr_t)chunk.ptr % 4) { - if (!rdrand16((u_int16_t*)chunk.ptr)) + if (!rdrand16((uint16_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int16_t)); + chunk = chunk_skip(chunk, sizeof(uint16_t)); } } #ifdef __x86_64__ /* align to 8 byte */ - if (chunk.len >= sizeof(u_int32_t)) + if (chunk.len >= sizeof(uint32_t)) { if ((uintptr_t)chunk.ptr % 8) { - if (!rdrand32((u_int32_t*)chunk.ptr)) + if (!rdrand32((uint32_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int32_t)); + chunk = chunk_skip(chunk, sizeof(uint32_t)); } } /* fill with 8 byte words */ - while (chunk.len >= sizeof(u_int64_t)) + while (chunk.len >= sizeof(uint64_t)) { if (this->quality == RNG_STRONG && chunk.len % FORCE_RESEED == 0) { @@ -252,27 +252,27 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) return FALSE; } } - if (!rdrand64((u_int64_t*)chunk.ptr)) + if (!rdrand64((uint64_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int64_t)); + chunk = chunk_skip(chunk, sizeof(uint64_t)); } /* append 4 byte word */ - if (chunk.len >= sizeof(u_int32_t)) + if (chunk.len >= sizeof(uint32_t)) { - if (!rdrand32((u_int32_t*)chunk.ptr)) + if (!rdrand32((uint32_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int32_t)); + chunk = chunk_skip(chunk, sizeof(uint32_t)); } #else /* __i386__ */ /* fill with 4 byte words */ - while (chunk.len >= sizeof(u_int32_t)) + while (chunk.len >= sizeof(uint32_t)) { if (this->quality == RNG_STRONG && chunk.len % FORCE_RESEED == 0) { @@ -281,11 +281,11 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) return FALSE; } } - if (!rdrand32((u_int32_t*)chunk.ptr)) + if (!rdrand32((uint32_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int32_t)); + chunk = chunk_skip(chunk, sizeof(uint32_t)); } #endif /* __x86_64__ / __i386__ */ @@ -299,23 +299,23 @@ static bool rdrand_chunk(private_rdrand_rng_t *this, chunk_t chunk) } /* append 2 byte word */ - if (chunk.len >= sizeof(u_int16_t)) + if (chunk.len >= sizeof(uint16_t)) { - if (!rdrand16((u_int16_t*)chunk.ptr)) + if (!rdrand16((uint16_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int16_t)); + chunk = chunk_skip(chunk, sizeof(uint16_t)); } /* append 1 byte word */ - if (chunk.len >= sizeof(u_int8_t)) + if (chunk.len >= sizeof(uint8_t)) { - if (!rdrand8((u_int8_t*)chunk.ptr)) + if (!rdrand8((uint8_t*)chunk.ptr)) { return FALSE; } - chunk = chunk_skip(chunk, sizeof(u_int8_t)); + chunk = chunk_skip(chunk, sizeof(uint8_t)); } return TRUE; @@ -378,7 +378,7 @@ static bool rdrand_mixed(private_rdrand_rng_t *this, chunk_t chunk) } METHOD(rng_t, get_bytes, bool, - private_rdrand_rng_t *this, size_t bytes, u_int8_t *buffer) + private_rdrand_rng_t *this, size_t bytes, uint8_t *buffer) { switch (this->quality) { diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in index 4c7f2723b..e6ce51936 100644 --- a/src/libstrongswan/plugins/revocation/Makefile.in +++ b/src/libstrongswan/plugins/revocation/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/revocation -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/revocation/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/revocation/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -774,6 +787,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in index 1de07d754..14d3430a6 100644 --- a/src/libstrongswan/plugins/sha1/Makefile.in +++ b/src/libstrongswan/plugins/sha1/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha1 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -458,7 +472,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha1/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sha1/sha1_hasher.c b/src/libstrongswan/plugins/sha1/sha1_hasher.c index b51a26152..fca65dfa2 100644 --- a/src/libstrongswan/plugins/sha1/sha1_hasher.c +++ b/src/libstrongswan/plugins/sha1/sha1_hasher.c @@ -59,20 +59,20 @@ struct private_sha1_hasher_t { /* * State of the hasher. Shared with sha1_prf.c, do not change it!!! */ - u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[5]; + uint32_t count[2]; + uint8_t buffer[64]; }; /* * Hash a single 512-bit block. This is the core of the algorithm. * */ -static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]) +static void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) { - u_int32_t a, b, c, d, e; + uint32_t a, b, c, d, e; typedef union { - u_int8_t c[64]; - u_int32_t l[16]; + uint8_t c[64]; + uint32_t l[16]; } CHAR64LONG16; CHAR64LONG16 block[1]; /* use array to appear as a pointer */ memcpy(block, buffer, 64); @@ -118,10 +118,10 @@ static void SHA1Transform(u_int32_t state[5], const unsigned char buffer[64]) /** * Run your data through this. Also used in sha1_prf. */ -void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len) +void SHA1Update(private_sha1_hasher_t* this, uint8_t *data, uint32_t len) { - u_int32_t i; - u_int32_t j; + uint32_t i; + uint32_t j; j = this->count[0]; if ((this->count[0] += len << 3) < j) @@ -151,15 +151,15 @@ void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len) /* * Add padding and return the message digest. */ -static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) +static void SHA1Final(private_sha1_hasher_t *this, uint8_t *digest) { - u_int32_t i; - u_int8_t finalcount[8]; - u_int8_t c; + uint32_t i; + uint8_t finalcount[8]; + uint8_t c; for (i = 0; i < 8; i++) { - finalcount[i] = (u_int8_t)((this->count[(i >= 4 ? 0 : 1)] + finalcount[i] = (uint8_t)((this->count[(i >= 4 ? 0 : 1)] >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ } c = 0200; @@ -172,7 +172,7 @@ static void SHA1Final(private_sha1_hasher_t *this, u_int8_t *digest) SHA1Update(this, finalcount, 8); /* Should cause a SHA1Transform() */ for (i = 0; i < 20; i++) { - digest[i] = (u_int8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + digest[i] = (uint8_t)((this->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); } } @@ -191,7 +191,7 @@ METHOD(hasher_t, reset, bool, } METHOD(hasher_t, get_hash, bool, - private_sha1_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha1_hasher_t *this, chunk_t chunk, uint8_t *buffer) { SHA1Update(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/sha1/sha1_prf.c b/src/libstrongswan/plugins/sha1/sha1_prf.c index cc4924a80..464f4c9ec 100644 --- a/src/libstrongswan/plugins/sha1/sha1_prf.c +++ b/src/libstrongswan/plugins/sha1/sha1_prf.c @@ -33,9 +33,9 @@ struct private_sha1_hasher_t { /* * State of the hasher. From sha1_hasher.c, do not change it! */ - u_int32_t state[5]; - u_int32_t count[2]; - u_int8_t buffer[64]; + uint32_t state[5]; + uint32_t count[2]; + uint8_t buffer[64]; }; /** @@ -57,12 +57,12 @@ struct private_sha1_prf_t { /** * From sha1_hasher.c */ -extern void SHA1Update(private_sha1_hasher_t* this, u_int8_t *data, u_int32_t len); +extern void SHA1Update(private_sha1_hasher_t* this, uint8_t *data, uint32_t len); METHOD(prf_t, get_bytes, bool, - private_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes) + private_sha1_prf_t *this, chunk_t seed, uint8_t *bytes) { - u_int32_t *hash = (u_int32_t*)bytes; + uint32_t *hash = (uint32_t*)bytes; SHA1Update(this->hasher, seed.ptr, seed.len); @@ -98,14 +98,14 @@ METHOD(prf_t, set_key, bool, private_sha1_prf_t *this, chunk_t key) { int i, rounds; - u_int32_t *iv = (u_int32_t*)key.ptr; + uint32_t *iv = (uint32_t*)key.ptr; if (!this->hasher->public.hasher_interface.reset( &this->hasher->public.hasher_interface)) { return FALSE; } - rounds = min(key.len/sizeof(u_int32_t), sizeof(this->hasher->state)); + rounds = min(key.len/sizeof(uint32_t), sizeof(this->hasher->state)); for (i = 0; i < rounds; i++) { this->hasher->state[i] ^= htonl(iv[i]); diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in index d4af8fbcf..de341503b 100644 --- a/src/libstrongswan/plugins/sha2/Makefile.in +++ b/src/libstrongswan/plugins/sha2/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha2 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha2/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sha2/sha2_hasher.c b/src/libstrongswan/plugins/sha2/sha2_hasher.c index 1c6dd2533..89e7675e3 100644 --- a/src/libstrongswan/plugins/sha2/sha2_hasher.c +++ b/src/libstrongswan/plugins/sha2/sha2_hasher.c @@ -33,9 +33,9 @@ struct private_sha512_hasher_t { sha2_hasher_t public; unsigned char sha_out[128]; /* results are here, bytes 0..47/0..63 */ - u_int64_t sha_H[8]; - u_int64_t sha_blocks; - u_int64_t sha_blocksMSB; + uint64_t sha_H[8]; + uint64_t sha_blocks; + uint64_t sha_blocksMSB; int sha_bufCnt; }; @@ -52,23 +52,23 @@ struct private_sha256_hasher_t { sha2_hasher_t public; unsigned char sha_out[64]; /* results are here, bytes 0...31 */ - u_int32_t sha_H[8]; - u_int64_t sha_blocks; + uint32_t sha_H[8]; + uint64_t sha_blocks; int sha_bufCnt; }; -static const u_int32_t sha224_hashInit[8] = { +static const uint32_t sha224_hashInit[8] = { 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4 }; -static const u_int32_t sha256_hashInit[8] = { +static const uint32_t sha256_hashInit[8] = { 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 }; -static const u_int32_t sha256_K[64] = { +static const uint32_t sha256_K[64] = { 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, 0xe49b69c1, 0xefbe4786, @@ -82,19 +82,19 @@ static const u_int32_t sha256_K[64] = { 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 }; -static const u_int64_t sha512_hashInit[8] = { +static const uint64_t sha512_hashInit[8] = { 0x6a09e667f3bcc908ULL, 0xbb67ae8584caa73bULL, 0x3c6ef372fe94f82bULL, 0xa54ff53a5f1d36f1ULL, 0x510e527fade682d1ULL, 0x9b05688c2b3e6c1fULL, 0x1f83d9abfb41bd6bULL, 0x5be0cd19137e2179ULL }; -static const u_int64_t sha384_hashInit[8] = { +static const uint64_t sha384_hashInit[8] = { 0xcbbb9d5dc1059ed8ULL, 0x629a292a367cd507ULL, 0x9159015a3070dd17ULL, 0x152fecd8f70e5939ULL, 0x67332667ffc00b31ULL, 0x8eb44a8768581511ULL, 0xdb0c2e0d64f98fa7ULL, 0x47b5481dbefa4fa4ULL }; -static const u_int64_t sha512_K[80] = { +static const uint64_t sha512_K[80] = { 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, 0xd807aa98a3030242ULL, @@ -143,14 +143,14 @@ static void sha256_transform(private_sha256_hasher_t *ctx, const unsigned char *datap) { register int j; - u_int32_t a, b, c, d, e, f, g, h; - u_int32_t T1, T2, W[64], Wm2, Wm15; + uint32_t a, b, c, d, e, f, g, h; + uint32_t T1, T2, W[64], Wm2, Wm15; /* read the data, big endian byte order */ j = 0; do { - W[j] = (((u_int32_t)(datap[0]))<<24) | (((u_int32_t)(datap[1]))<<16) | - (((u_int32_t)(datap[2]))<<8 ) | ((u_int32_t)(datap[3])); + W[j] = (((uint32_t)(datap[0]))<<24) | (((uint32_t)(datap[1]))<<16) | + (((uint32_t)(datap[2]))<<8 ) | ((uint32_t)(datap[3])); datap += 4; } while(++j < 16); @@ -229,8 +229,8 @@ static void sha256_write(private_sha256_hasher_t *ctx, static void sha256_final(private_sha256_hasher_t *ctx) { register int j; - u_int64_t bitLength; - u_int32_t i; + uint64_t bitLength; + uint32_t i; unsigned char padByte, *datap; bitLength = (ctx->sha_blocks << 9) | (ctx->sha_bufCnt << 3); @@ -287,16 +287,16 @@ static void sha512_transform(private_sha512_hasher_t *ctx, const unsigned char *datap) { register int j; - u_int64_t a, b, c, d, e, f, g, h; - u_int64_t T1, T2, W[80], Wm2, Wm15; + uint64_t a, b, c, d, e, f, g, h; + uint64_t T1, T2, W[80], Wm2, Wm15; /* read the data, big endian byte order */ j = 0; do { - W[j] = (((u_int64_t)(datap[0]))<<56) | (((u_int64_t)(datap[1]))<<48) | - (((u_int64_t)(datap[2]))<<40) | (((u_int64_t)(datap[3]))<<32) | - (((u_int64_t)(datap[4]))<<24) | (((u_int64_t)(datap[5]))<<16) | - (((u_int64_t)(datap[6]))<<8 ) | ((u_int64_t)(datap[7])); + W[j] = (((uint64_t)(datap[0]))<<56) | (((uint64_t)(datap[1]))<<48) | + (((uint64_t)(datap[2]))<<40) | (((uint64_t)(datap[3]))<<32) | + (((uint64_t)(datap[4]))<<24) | (((uint64_t)(datap[5]))<<16) | + (((uint64_t)(datap[6]))<<8 ) | ((uint64_t)(datap[7])); datap += 8; } while(++j < 16); @@ -374,8 +374,8 @@ static void sha512_write(private_sha512_hasher_t *ctx, static void sha512_final(private_sha512_hasher_t *ctx) { register int j; - u_int64_t bitLength, bitLengthMSB; - u_int64_t i; + uint64_t bitLength, bitLengthMSB; + uint64_t i; unsigned char padByte, *datap; bitLength = (ctx->sha_blocks << 10) | (ctx->sha_bufCnt << 3); @@ -469,7 +469,7 @@ METHOD(hasher_t, reset512, bool, } METHOD(hasher_t, get_hash224, bool, - private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha256_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -482,7 +482,7 @@ METHOD(hasher_t, get_hash224, bool, } METHOD(hasher_t, get_hash256, bool, - private_sha256_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha256_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha256_write(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -495,7 +495,7 @@ METHOD(hasher_t, get_hash256, bool, } METHOD(hasher_t, get_hash384, bool, - private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha512_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) @@ -508,7 +508,7 @@ METHOD(hasher_t, get_hash384, bool, } METHOD(hasher_t, get_hash512, bool, - private_sha512_hasher_t *this, chunk_t chunk, u_int8_t *buffer) + private_sha512_hasher_t *this, chunk_t chunk, uint8_t *buffer) { sha512_write(this, chunk.ptr, chunk.len); if (buffer != NULL) diff --git a/src/libstrongswan/plugins/sha3/Makefile.in b/src/libstrongswan/plugins/sha3/Makefile.in index 9aa58e236..0d29fcb4b 100644 --- a/src/libstrongswan/plugins/sha3/Makefile.in +++ b/src/libstrongswan/plugins/sha3/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sha3 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sha3/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in index acb05d570..6563f8335 100644 --- a/src/libstrongswan/plugins/soup/Makefile.in +++ b/src/libstrongswan/plugins/soup/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/soup -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -201,12 +210,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -256,6 +267,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -290,6 +302,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -401,6 +414,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -459,7 +473,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/soup/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/soup/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -773,6 +786,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in index ca59bb7df..268730e14 100644 --- a/src/libstrongswan/plugins/sqlite/Makefile.in +++ b/src/libstrongswan/plugins/sqlite/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sqlite -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sqlite/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/sshkey/Makefile.in b/src/libstrongswan/plugins/sshkey/Makefile.in index feb9313ff..d50b29565 100644 --- a/src/libstrongswan/plugins/sshkey/Makefile.in +++ b/src/libstrongswan/plugins/sshkey/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/sshkey -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/sshkey/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/sshkey/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in index 431b60724..6721909f0 100644 --- a/src/libstrongswan/plugins/test_vectors/Makefile.in +++ b/src/libstrongswan/plugins/test_vectors/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/test_vectors -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -219,12 +228,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -274,6 +285,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -308,6 +320,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -419,6 +432,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -510,7 +524,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/test_vectors/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -939,6 +952,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in index 59590d1a9..ea27fd384 100644 --- a/src/libstrongswan/plugins/unbound/Makefile.in +++ b/src/libstrongswan/plugins/unbound/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/unbound -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/unbound/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -780,6 +793,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/winhttp/Makefile.in b/src/libstrongswan/plugins/winhttp/Makefile.in index acfc57bb6..0bf311c38 100644 --- a/src/libstrongswan/plugins/winhttp/Makefile.in +++ b/src/libstrongswan/plugins/winhttp/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/winhttp -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +475,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/winhttp/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/winhttp/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -775,6 +788,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c b/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c index 5f0b58479..da56954ab 100644 --- a/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c +++ b/src/libstrongswan/plugins/winhttp/winhttp_fetcher.c @@ -120,7 +120,7 @@ static bool read_result(private_winhttp_fetcher_t *this, HINTERNET request, { DWORD received; char buf[1024]; - u_int32_t code; + uint32_t code; DWORD codelen = sizeof(code); if (!WinHttpReceiveResponse(request, NULL)) diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in index c58dfe210..6288e0f40 100644 --- a/src/libstrongswan/plugins/x509/Makefile.in +++ b/src/libstrongswan/plugins/x509/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/x509 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +211,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +268,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +303,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +415,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -464,7 +478,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/x509/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/x509/x509_ac.c b/src/libstrongswan/plugins/x509/x509_ac.c index bfc200421..aea8eb53d 100644 --- a/src/libstrongswan/plugins/x509/x509_ac.c +++ b/src/libstrongswan/plugins/x509/x509_ac.c @@ -706,6 +706,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this) if (public->get_fingerprint(public, KEYID_PUBKEY_SHA1, &keyIdentifier)) { this->authKeyIdentifier = chunk_clone(keyIdentifier); + keyIdentifier = asn1_simple_object(ASN1_CONTEXT_S_0, keyIdentifier); } public->destroy(public); } @@ -716,7 +717,7 @@ static chunk_t build_authorityKeyIdentifier(private_x509_ac_t *this) return asn1_wrap(ASN1_SEQUENCE, "mm", asn1_build_known_oid(OID_AUTHORITY_KEY_ID), asn1_wrap(ASN1_OCTET_STRING, "m", - asn1_wrap(ASN1_SEQUENCE, "cmm", + asn1_wrap(ASN1_SEQUENCE, "mmm", keyIdentifier, authorityCertIssuer, authorityCertSerialNumber diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in index 6f69fb100..98fad6f8f 100644 --- a/src/libstrongswan/plugins/xcbc/Makefile.in +++ b/src/libstrongswan/plugins/xcbc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libstrongswan/plugins/xcbc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -200,12 +209,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -255,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -289,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -400,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +470,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/plugins/xcbc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -770,6 +783,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/plugins/xcbc/xcbc.c b/src/libstrongswan/plugins/xcbc/xcbc.c index d852a2932..820298e27 100644 --- a/src/libstrongswan/plugins/xcbc/xcbc.c +++ b/src/libstrongswan/plugins/xcbc/xcbc.c @@ -40,7 +40,7 @@ struct private_mac_t { /** * Block size, in bytes */ - u_int8_t b; + uint8_t b; /** * crypter using k1 @@ -50,22 +50,22 @@ struct private_mac_t { /** * k2 */ - u_int8_t *k2; + uint8_t *k2; /** * k3 */ - u_int8_t *k3; + uint8_t *k3; /** * E */ - u_int8_t *e; + uint8_t *e; /** * remaining, unprocessed bytes in append mode */ - u_int8_t *remaining; + uint8_t *remaining; /** * number of bytes in remaining @@ -138,7 +138,7 @@ static bool update(private_mac_t *this, chunk_t data) /** * run last round, data is in this->e */ -static bool final(private_mac_t *this, u_int8_t *out) +static bool final(private_mac_t *this, uint8_t *out) { chunk_t iv; @@ -193,7 +193,7 @@ static bool final(private_mac_t *this, u_int8_t *out) } METHOD(mac_t, get_mac, bool, - private_mac_t *this, chunk_t data, u_int8_t *out) + private_mac_t *this, chunk_t data, uint8_t *out) { /* update E, do not process last block */ if (!update(this, data)) @@ -294,7 +294,7 @@ static mac_t *xcbc_create(encryption_algorithm_t algo, size_t key_size) { private_mac_t *this; crypter_t *crypter; - u_int8_t b; + uint8_t b; crypter = lib->crypto->create_crypter(lib->crypto, algo, key_size); if (!crypter) diff --git a/src/libstrongswan/processing/jobs/job.h b/src/libstrongswan/processing/jobs/job.h index 64454718a..5b3a8a30b 100644 --- a/src/libstrongswan/processing/jobs/job.h +++ b/src/libstrongswan/processing/jobs/job.h @@ -96,7 +96,7 @@ struct job_requeue_t { } schedule; /** Time to reschedule the job */ union { - u_int32_t rel; + uint32_t rel; timeval_t abs; } time; }; diff --git a/src/libstrongswan/processing/scheduler.c b/src/libstrongswan/processing/scheduler.c index d90852561..374742939 100644 --- a/src/libstrongswan/processing/scheduler.c +++ b/src/libstrongswan/processing/scheduler.c @@ -276,7 +276,7 @@ METHOD(scheduler_t, schedule_job_tv, void, } METHOD(scheduler_t, schedule_job, void, - private_scheduler_t *this, job_t *job, u_int32_t s) + private_scheduler_t *this, job_t *job, uint32_t s) { timeval_t tv; @@ -287,7 +287,7 @@ METHOD(scheduler_t, schedule_job, void, } METHOD(scheduler_t, schedule_job_ms, void, - private_scheduler_t *this, job_t *job, u_int32_t ms) + private_scheduler_t *this, job_t *job, uint32_t ms) { timeval_t tv, add; diff --git a/src/libstrongswan/processing/scheduler.h b/src/libstrongswan/processing/scheduler.h index 7f91fcc59..1cd96d976 100644 --- a/src/libstrongswan/processing/scheduler.h +++ b/src/libstrongswan/processing/scheduler.h @@ -86,7 +86,7 @@ struct scheduler_t { * @param job job to schedule * @param time relative time to schedule job, in s */ - void (*schedule_job) (scheduler_t *this, job_t *job, u_int32_t s); + void (*schedule_job) (scheduler_t *this, job_t *job, uint32_t s); /** * Adds a event to the queue, using a relative time offset in ms. @@ -94,7 +94,7 @@ struct scheduler_t { * @param job job to schedule * @param time relative time to schedule job, in ms */ - void (*schedule_job_ms) (scheduler_t *this, job_t *job, u_int32_t ms); + void (*schedule_job_ms) (scheduler_t *this, job_t *job, uint32_t ms); /** * Adds a event to the queue, using an absolut time. diff --git a/src/libstrongswan/selectors/traffic_selector.c b/src/libstrongswan/selectors/traffic_selector.c index a6298b394..da3ba97cf 100644 --- a/src/libstrongswan/selectors/traffic_selector.c +++ b/src/libstrongswan/selectors/traffic_selector.c @@ -52,7 +52,7 @@ struct private_traffic_selector_t { /** * IP protocol (UDP, TCP, ICMP, ...) */ - u_int8_t protocol; + uint8_t protocol; /** * narrow this traffic selector to hosts external ip @@ -63,7 +63,7 @@ struct private_traffic_selector_t { /** * subnet size in CIDR notation, 255 means a non-subnet address range */ - u_int8_t netbits; + uint8_t netbits; /** * begin of address range, network order @@ -72,9 +72,9 @@ struct private_traffic_selector_t { /** dummy char for common address manipulation */ char from[0]; /** IPv4 address */ - u_int32_t from4[1]; + uint32_t from4[1]; /** IPv6 address */ - u_int32_t from6[4]; + uint32_t from6[4]; }; /** @@ -84,30 +84,30 @@ struct private_traffic_selector_t { /** dummy char for common address manipulation */ char to[0]; /** IPv4 address */ - u_int32_t to4[1]; + uint32_t to4[1]; /** IPv6 address */ - u_int32_t to6[4]; + uint32_t to6[4]; }; /** * begin of port range */ - u_int16_t from_port; + uint16_t from_port; /** * end of port range */ - u_int16_t to_port; + uint16_t to_port; }; /** * calculate the "to"-address for the "from" address and a subnet size */ -static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) +static void calc_range(private_traffic_selector_t *this, uint8_t netbits) { size_t len; int bytes, bits; - u_int8_t mask; + uint8_t mask; this->netbits = netbits; @@ -126,10 +126,10 @@ static void calc_range(private_traffic_selector_t *this, u_int8_t netbits) /** * calculate the subnet size from the "to" and "from" addresses */ -static u_int8_t calc_netbits(private_traffic_selector_t *this) +static uint8_t calc_netbits(private_traffic_selector_t *this) { int byte, bit; - u_int8_t netbits; + uint8_t netbits; size_t size = (this->type == TS_IPV4_ADDR_RANGE) ? 4 : 16; bool prefix = TRUE; @@ -144,7 +144,7 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) { for (bit = 7; bit >= 0; bit--) { - u_int8_t bitmask = 1 << bit; + uint8_t bitmask = 1 << bit; if (prefix) { @@ -173,8 +173,8 @@ static u_int8_t calc_netbits(private_traffic_selector_t *this) /** * internal generic constructor */ -static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, - ts_type_t type, u_int16_t from_port, u_int16_t to_port); +static private_traffic_selector_t *traffic_selector_create(uint8_t protocol, + ts_type_t type, uint16_t from_port, uint16_t to_port); /** * Check if TS contains "opaque" ports @@ -195,9 +195,9 @@ static bool is_any(private_traffic_selector_t *this) /** * Print ICMP/ICMPv6 type and code */ -static int print_icmp(printf_hook_data_t *data, u_int16_t port) +static int print_icmp(printf_hook_data_t *data, uint16_t port) { - u_int8_t type, code; + uint8_t type, code; type = traffic_selector_icmp_type(port); code = traffic_selector_icmp_code(port); @@ -222,7 +222,7 @@ int traffic_selector_printf_hook(printf_hook_data_t *data, char *serv_proto = NULL, *sep = ""; bool has_proto, has_ports; size_t written = 0; - u_int32_t from[4], to[4]; + uint32_t from[4], to[4]; if (this == NULL) { @@ -361,9 +361,9 @@ METHOD(traffic_selector_t, get_subset, traffic_selector_t*, private_traffic_selector_t *this, traffic_selector_t *other_public) { private_traffic_selector_t *other, *subset; - u_int16_t from_port, to_port; + uint16_t from_port, to_port; u_char *from, *to; - u_int8_t protocol; + uint8_t protocol; size_t size; other = (private_traffic_selector_t*)other_public; @@ -481,13 +481,13 @@ METHOD(traffic_selector_t, get_to_address, chunk_t, } } -METHOD(traffic_selector_t, get_from_port, u_int16_t, +METHOD(traffic_selector_t, get_from_port, uint16_t, private_traffic_selector_t *this) { return this->from_port; } -METHOD(traffic_selector_t, get_to_port, u_int16_t, +METHOD(traffic_selector_t, get_to_port, uint16_t, private_traffic_selector_t *this) { return this->to_port; @@ -499,7 +499,7 @@ METHOD(traffic_selector_t, get_type, ts_type_t, return this->type; } -METHOD(traffic_selector_t, get_protocol, u_int8_t, +METHOD(traffic_selector_t, get_protocol, uint8_t, private_traffic_selector_t *this) { return this->protocol; @@ -610,14 +610,14 @@ METHOD(traffic_selector_t, includes, bool, } METHOD(traffic_selector_t, to_subnet, bool, - private_traffic_selector_t *this, host_t **net, u_int8_t *mask) + private_traffic_selector_t *this, host_t **net, uint8_t *mask) { /* there is no way to do this cleanly, as the address range may * be anything else but a subnet. We use from_addr as subnet * and try to calculate a usable subnet mask. */ int family, non_zero_bytes; - u_int16_t port = 0; + uint16_t port = 0; chunk_t net_chunk; *mask = (this->netbits == NON_SUBNET_ADDRESS_RANGE) ? calc_netbits(this) @@ -777,10 +777,10 @@ int traffic_selector_cmp(traffic_selector_t *a_pub, traffic_selector_t *b_pub, /* * see header */ -traffic_selector_t *traffic_selector_create_from_bytes(u_int8_t protocol, +traffic_selector_t *traffic_selector_create_from_bytes(uint8_t protocol, ts_type_t type, - chunk_t from, u_int16_t from_port, - chunk_t to, u_int16_t to_port) + chunk_t from, uint16_t from_port, + chunk_t to, uint16_t to_port) { private_traffic_selector_t *this = traffic_selector_create(protocol, type, from_port, to_port); @@ -843,7 +843,7 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, } if (to.len > 1) { - u_int8_t mask = to.ptr[0] ? (1 << to.ptr[0]) - 1 : 0; + uint8_t mask = to.ptr[0] ? (1 << to.ptr[0]) - 1 : 0; memcpy(this->to, to.ptr+1, to.len-1); this->to[to.len-2] |= mask; @@ -856,8 +856,8 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, * see header */ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, - u_int8_t netbits, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port) + uint8_t netbits, uint8_t protocol, + uint16_t from_port, uint16_t to_port) { private_traffic_selector_t *this; chunk_t from; @@ -890,9 +890,9 @@ traffic_selector_t *traffic_selector_create_from_subnet(host_t *net, * see header */ traffic_selector_t *traffic_selector_create_from_string( - u_int8_t protocol, ts_type_t type, - char *from_addr, u_int16_t from_port, - char *to_addr, u_int16_t to_port) + uint8_t protocol, ts_type_t type, + char *from_addr, uint16_t from_port, + char *to_addr, uint16_t to_port) { private_traffic_selector_t *this; int family; @@ -926,8 +926,8 @@ traffic_selector_t *traffic_selector_create_from_string( * see header */ traffic_selector_t *traffic_selector_create_from_cidr( - char *string, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port) + char *string, uint8_t protocol, + uint16_t from_port, uint16_t to_port) { host_t *net; int bits; @@ -944,8 +944,8 @@ traffic_selector_t *traffic_selector_create_from_cidr( /* * see header */ -traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port) +traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol, + uint16_t from_port, uint16_t to_port) { private_traffic_selector_t *this = traffic_selector_create( protocol, TS_IPV4_ADDR_RANGE, from_port, to_port); @@ -961,8 +961,8 @@ traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, /* * see declaration */ -static private_traffic_selector_t *traffic_selector_create(u_int8_t protocol, - ts_type_t type, u_int16_t from_port, u_int16_t to_port) +static private_traffic_selector_t *traffic_selector_create(uint8_t protocol, + ts_type_t type, uint16_t from_port, uint16_t to_port) { private_traffic_selector_t *this; diff --git a/src/libstrongswan/selectors/traffic_selector.h b/src/libstrongswan/selectors/traffic_selector.h index cf9a2861b..cc66c3453 100644 --- a/src/libstrongswan/selectors/traffic_selector.h +++ b/src/libstrongswan/selectors/traffic_selector.h @@ -122,7 +122,7 @@ struct traffic_selector_t { * * @return port */ - u_int16_t (*get_from_port) (traffic_selector_t *this); + uint16_t (*get_from_port) (traffic_selector_t *this); /** * Get ending port of this ts. @@ -136,7 +136,7 @@ struct traffic_selector_t { * * @return port */ - u_int16_t (*get_to_port) (traffic_selector_t *this); + uint16_t (*get_to_port) (traffic_selector_t *this); /** * Get the type of the traffic selector. @@ -150,7 +150,7 @@ struct traffic_selector_t { * * @return protocol id */ - u_int8_t (*get_protocol) (traffic_selector_t *this); + uint8_t (*get_protocol) (traffic_selector_t *this); /** * Check if the traffic selector is for a single host. @@ -218,7 +218,7 @@ struct traffic_selector_t { * @param mask converted net mask * @return TRUE if traffic selector matches exactly to the subnet */ - bool (*to_subnet) (traffic_selector_t *this, host_t **net, u_int8_t *mask); + bool (*to_subnet) (traffic_selector_t *this, host_t **net, uint8_t *mask); /** * Create a hash value for the traffic selector. @@ -240,7 +240,7 @@ struct traffic_selector_t { * @param port port number in host order * @return ICMP/ICMPv6 message type */ -static inline u_int8_t traffic_selector_icmp_type(u_int16_t port) +static inline uint8_t traffic_selector_icmp_type(uint16_t port) { return port >> 8; } @@ -251,7 +251,7 @@ static inline u_int8_t traffic_selector_icmp_type(u_int16_t port) * @param port port number in host order * @return ICMP/ICMPv6 message code */ -static inline u_int8_t traffic_selector_icmp_code(u_int16_t port) +static inline uint8_t traffic_selector_icmp_code(uint16_t port) { return port & 0xff; } @@ -286,9 +286,9 @@ int traffic_selector_cmp(traffic_selector_t *a, traffic_selector_t *b, * - NULL if invalid address strings/protocol */ traffic_selector_t *traffic_selector_create_from_string( - u_int8_t protocol, ts_type_t type, - char *from_addr, u_int16_t from_port, - char *to_addr, u_int16_t to_port); + uint8_t protocol, ts_type_t type, + char *from_addr, uint16_t from_port, + char *to_addr, uint16_t to_port); @@ -307,8 +307,8 @@ traffic_selector_t *traffic_selector_create_from_string( * @return traffic selector, NULL if string invalid */ traffic_selector_t *traffic_selector_create_from_cidr( - char *string, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port); + char *string, uint8_t protocol, + uint16_t from_port, uint16_t to_port); /** * Create a new traffic selector using data read from the net. @@ -331,9 +331,9 @@ traffic_selector_t *traffic_selector_create_from_cidr( * @return traffic_selector_t object */ traffic_selector_t *traffic_selector_create_from_bytes( - u_int8_t protocol, ts_type_t type, - chunk_t from_address, u_int16_t from_port, - chunk_t to_address, u_int16_t to_port); + uint8_t protocol, ts_type_t type, + chunk_t from_address, uint16_t from_port, + chunk_t to_address, uint16_t to_port); /** * Create a new traffic selector using the RFC 3779 ASN.1 min/max address format @@ -370,8 +370,8 @@ traffic_selector_t *traffic_selector_create_from_rfc3779_format(ts_type_t type, * - NULL if address family of net not supported */ traffic_selector_t *traffic_selector_create_from_subnet( - host_t *net, u_int8_t netbits, u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port); + host_t *net, uint8_t netbits, uint8_t protocol, + uint16_t from_port, uint16_t to_port); /** * Create a traffic selector for host-to-host cases. @@ -392,8 +392,8 @@ traffic_selector_t *traffic_selector_create_from_subnet( * - traffic_selector_t object * - NULL if type not supported */ -traffic_selector_t *traffic_selector_create_dynamic(u_int8_t protocol, - u_int16_t from_port, u_int16_t to_port); +traffic_selector_t *traffic_selector_create_dynamic(uint8_t protocol, + uint16_t from_port, uint16_t to_port); /** * printf hook function for traffic_selector_t. diff --git a/src/libstrongswan/settings/settings.c b/src/libstrongswan/settings/settings.c index 56cc2f19b..829e78482 100644 --- a/src/libstrongswan/settings/settings.c +++ b/src/libstrongswan/settings/settings.c @@ -540,9 +540,9 @@ METHOD(settings_t, get_int, int, /** * Described in header */ -inline u_int64_t settings_value_as_uint64(char *value, u_int64_t def) +inline uint64_t settings_value_as_uint64(char *value, uint64_t def) { - u_int64_t intval; + uint64_t intval; char *end; int base = 10; @@ -597,10 +597,10 @@ METHOD(settings_t, get_double, double, /** * Described in header */ -inline u_int32_t settings_value_as_time(char *value, u_int32_t def) +inline uint32_t settings_value_as_time(char *value, uint32_t def) { char *endptr; - u_int32_t timeval; + uint32_t timeval; if (value) { errno = 0; @@ -638,8 +638,8 @@ inline u_int32_t settings_value_as_time(char *value, u_int32_t def) return def; } -METHOD(settings_t, get_time, u_int32_t, - private_settings_t *this, char *key, u_int32_t def, ...) +METHOD(settings_t, get_time, uint32_t, + private_settings_t *this, char *key, uint32_t def, ...) { char *value; va_list args; @@ -695,7 +695,7 @@ METHOD(settings_t, set_double, void, } METHOD(settings_t, set_time, void, - private_settings_t *this, char *key, u_int32_t value, ...) + private_settings_t *this, char *key, uint32_t value, ...) { char val[16]; va_list args; diff --git a/src/libstrongswan/settings/settings.h b/src/libstrongswan/settings/settings.h index a133a3681..eec5ece6c 100644 --- a/src/libstrongswan/settings/settings.h +++ b/src/libstrongswan/settings/settings.h @@ -51,13 +51,13 @@ bool settings_value_as_bool(char *value, bool def); int settings_value_as_int(char *value, int def); /** - * Convert a string value returned by a key/value enumerator to an u_int64_t. + * Convert a string value returned by a key/value enumerator to an uint64_t. * * @see settings_t.create_key_value_enumerator() * @param value the string value * @param def the default value, if value is NULL or invalid */ -u_int64_t settings_value_as_uint64(char *value, u_int64_t def); +uint64_t settings_value_as_uint64(char *value, uint64_t def); /** * Convert a string value returned by a key/value enumerator to a double. @@ -77,7 +77,7 @@ double settings_value_as_double(char *value, double def); * @param value the string value * @param def the default value, if value is NULL or invalid */ -u_int32_t settings_value_as_time(char *value, u_int32_t def); +uint32_t settings_value_as_time(char *value, uint32_t def); /** * Generic configuration options read from a config file. @@ -203,7 +203,7 @@ struct settings_t { * @param ... argument list for key * @return value of the key (in seconds) */ - u_int32_t (*get_time)(settings_t *this, char *key, u_int32_t def, ...); + uint32_t (*get_time)(settings_t *this, char *key, uint32_t def, ...); /** * Set a string value. @@ -248,7 +248,7 @@ struct settings_t { * @param def value to set * @param ... argument list for key */ - void (*set_time)(settings_t *this, char *key, u_int32_t value, ...); + void (*set_time)(settings_t *this, char *key, uint32_t value, ...); /** * Set a default for string value. diff --git a/src/libstrongswan/settings/settings_lexer.c b/src/libstrongswan/settings/settings_lexer.c index 6e64e15a6..2151e930b 100644 --- a/src/libstrongswan/settings/settings_lexer.c +++ b/src/libstrongswan/settings/settings_lexer.c @@ -16,8 +16,8 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 35 +#define YY_FLEX_MINOR_VERSION 6 +#define YY_FLEX_SUBMINOR_VERSION 0 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -221,6 +221,11 @@ typedef void* yyscan_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + /* %if-not-reentrant */ /* %endif */ @@ -247,6 +252,13 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; if ( yytext[yyl] == '\n' )\ --yylineno;\ }while(0) + #define YY_LINENO_REWIND_TO(dst) \ + do {\ + const char *p;\ + for ( p = yy_cp-1; p >= (dst); --p)\ + if ( *p == '\n' )\ + --yylineno;\ + }while(0) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ @@ -264,11 +276,6 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -388,7 +395,7 @@ static void settings_parser__init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t YY_BUFFER_STATE settings_parser__scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner ); YY_BUFFER_STATE settings_parser__scan_string (yyconst char *yy_str ,yyscan_t yyscanner ); -YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner ); +YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char *bytes,yy_size_t len ,yyscan_t yyscanner ); /* %endif */ @@ -423,7 +430,7 @@ void settings_parser_free (void * ,yyscan_t yyscanner ); /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ /* Begin user sect3 */ -#define settings_parser_wrap(n) 1 +#define settings_parser_wrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG @@ -434,11 +441,16 @@ typedef int yy_state_type; #define yytext_ptr yytext_r +/* %% [1.5] DFA */ + /* %if-c-only Standard (non-C++) definition */ static yy_state_type yy_get_previous_state (yyscan_t yyscanner ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner); static int yy_get_next_buffer (yyscan_t yyscanner ); +#if defined(__GNUC__) && __GNUC__ >= 3 +__attribute__((__noreturn__)) +#endif static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); /* %endif */ @@ -474,7 +486,7 @@ static yyconst flex_int16_t yy_accept[49] = 9, 9, 9, 9, 0, 7, 7, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst YY_CHAR yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, @@ -506,13 +518,13 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[21] = +static yyconst YY_CHAR yy_meta[21] = { 0, 1, 2, 3, 1, 4, 5, 4, 6, 7, 1, 1, 1, 1, 1, 1, 1, 1, 1, 8, 9 } ; -static yyconst flex_int16_t yy_base[60] = +static yyconst flex_uint16_t yy_base[60] = { 0, 0, 0, 19, 38, 21, 23, 55, 0, 47, 161, 161, 50, 161, 37, 161, 161, 0, 161, 161, 0, @@ -532,7 +544,7 @@ static yyconst flex_int16_t yy_def[60] = 48, 48, 48, 48, 48, 48, 48, 48, 48 } ; -static yyconst flex_int16_t yy_nxt[182] = +static yyconst flex_uint16_t yy_nxt[182] = { 0, 8, 9, 10, 8, 9, 11, 12, 13, 8, 8, 8, 8, 14, 8, 8, 8, 8, 8, 15, 16, @@ -638,7 +650,7 @@ static void include_files(parser_helper_t *ctx); /* state used to scan quoted strings */ -#line 642 "settings/settings_lexer.c" +#line 654 "settings/settings_lexer.c" #define INITIAL 0 #define inc 1 @@ -675,7 +687,7 @@ struct yyguts_t YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */ char yy_hold_char; int yy_n_chars; - int yyleng_r; + yy_size_t yyleng_r; char *yy_c_buf_p; int yy_init; int yy_start; @@ -732,19 +744,23 @@ void settings_parser_set_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner ) FILE *settings_parser_get_in (yyscan_t yyscanner ); -void settings_parser_set_in (FILE * in_str ,yyscan_t yyscanner ); +void settings_parser_set_in (FILE * _in_str ,yyscan_t yyscanner ); FILE *settings_parser_get_out (yyscan_t yyscanner ); -void settings_parser_set_out (FILE * out_str ,yyscan_t yyscanner ); +void settings_parser_set_out (FILE * _out_str ,yyscan_t yyscanner ); -int settings_parser_get_leng (yyscan_t yyscanner ); +yy_size_t settings_parser_get_leng (yyscan_t yyscanner ); char *settings_parser_get_text (yyscan_t yyscanner ); int settings_parser_get_lineno (yyscan_t yyscanner ); -void settings_parser_set_lineno (int line_number ,yyscan_t yyscanner ); +void settings_parser_set_lineno (int _line_number ,yyscan_t yyscanner ); + +int settings_parser_get_column (yyscan_t yyscanner ); + +void settings_parser_set_column (int _column_no ,yyscan_t yyscanner ); /* %if-bison-bridge */ @@ -768,8 +784,11 @@ extern int settings_parser_wrap (yyscan_t yyscanner ); /* %not-for-header */ +#ifndef YY_NO_UNPUT + static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner); +#endif /* %ok-for-header */ /* %endif */ @@ -798,7 +817,7 @@ static int input (yyscan_t yyscanner ); /* %if-c-only */ - static void yy_push_state (int new_state ,yyscan_t yyscanner); + static void yy_push_state (int _new_state ,yyscan_t yyscanner); static void yy_pop_state (yyscan_t yyscanner ); @@ -928,7 +947,7 @@ extern int settings_parser_lex \ /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ @@ -941,17 +960,11 @@ extern int settings_parser_lex \ */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; -/* %% [7.0] user's declarations go here */ -#line 57 "settings/settings_lexer.l" - - -#line 954 "settings/settings_lexer.c" - yylval = yylval_param; if ( !yyg->yy_init ) @@ -988,7 +1001,14 @@ YY_DECL settings_parser__load_buffer_state(yyscanner ); } - while ( 1 ) /* loops until end-of-file is reached */ + { +/* %% [7.0] user's declarations go here */ +#line 57 "settings/settings_lexer.l" + + +#line 1010 "settings/settings_lexer.c" + + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; @@ -1006,7 +1026,7 @@ YY_DECL yy_match: do { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1039,7 +1059,7 @@ yy_find_action: if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] ) { - int yyl; + yy_size_t yyl; for ( yyl = 0; yyl < yyleng; ++yyl ) if ( yytext[yyl] == '\n' ) @@ -1106,6 +1126,7 @@ return yytext[0]; case 7: /* rule 7 can match eol */ *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ +YY_LINENO_REWIND_TO(yy_cp - 1); yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP @@ -1192,6 +1213,7 @@ YY_RULE_SETUP case 15: #line 121 "settings/settings_lexer.l" +YY_RULE_SETUP case YY_STATE_EOF(str): #line 121 "settings/settings_lexer.l" case 16: @@ -1267,7 +1289,7 @@ YY_RULE_SETUP #line 159 "settings/settings_lexer.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1271 "settings/settings_lexer.c" +#line 1293 "settings/settings_lexer.c" case YY_END_OF_BUFFER: { @@ -1290,7 +1312,11 @@ YY_FATAL_ERROR( "flex scanner jammed" ); * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; +/* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; +/* %endif */ +/* %if-c++-only */ +/* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } @@ -1397,6 +1423,7 @@ YY_FATAL_ERROR( "flex scanner jammed" ); "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ + } /* end of user's declarations */ } /* end of settings_parser_lex */ /* %ok-for-header */ @@ -1421,9 +1448,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = yyg->yytext_ptr; - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = yyg->yytext_ptr; + yy_size_t number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) @@ -1452,7 +1479,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; + number_to_move = (yy_size_t) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -1465,21 +1492,21 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { - int num_to_read = + yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -1510,7 +1537,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - yyg->yy_n_chars, (size_t) num_to_read ); + yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } @@ -1534,9 +1561,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else ret_val = EOB_ACT_CONTINUE_SCAN; - if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + if ((int) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); + int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) settings_parser_realloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); @@ -1561,8 +1588,8 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ @@ -1571,7 +1598,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp ) { /* %% [16.0] code to find the next state goes here */ - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1600,12 +1627,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register int yy_is_jam; + int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ - register char *yy_cp = yyg->yy_c_buf_p; + char *yy_cp = yyg->yy_c_buf_p; - register YY_CHAR yy_c = 1; + YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1620,17 +1647,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner) yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 48); + (void)yyg; return yy_is_jam ? 0 : yy_current_state; } +#ifndef YY_NO_UNPUT /* %if-c-only */ - static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner) + static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register char *yy_cp; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; @@ -1641,10 +1670,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yyg->yy_n_chars + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + yy_size_t number_to_move = yyg->yy_n_chars + 2; + char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = + char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -1674,6 +1703,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %endif */ +#endif /* %if-c-only */ #ifndef YY_NO_INPUT @@ -1704,7 +1734,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { /* need more input */ - int offset = yyg->yy_c_buf_p - yyg->yytext_ptr; + yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr; ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) @@ -1787,6 +1817,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) settings_parser__load_buffer_state(yyscanner ); } +/* %if-c++-only */ +/* %endif */ + /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. @@ -1836,7 +1869,11 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; +/* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } @@ -1858,7 +1895,7 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in settings_parser__create_buffer()" ); - b->yy_buf_size = size; + b->yy_buf_size = (yy_size_t)size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. @@ -1874,6 +1911,9 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) return b; } +/* %if-c++-only */ +/* %endif */ + /** Destroy the buffer. * @param b a buffer created with settings_parser__create_buffer() * @param yyscanner The scanner object. @@ -1898,17 +1938,6 @@ static void settings_parser__load_buffer_state (yyscan_t yyscanner) settings_parser_free((void *) b ,yyscanner ); } -/* %if-c-only */ - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* %endif */ - -/* %if-c++-only */ -/* %endif */ - /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a settings_parser_restart() or at EOF. @@ -1925,7 +1954,11 @@ extern int isatty (int ); settings_parser__flush_buffer(b ,yyscanner); +/* %if-c-only */ b->yy_input_file = file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ b->yy_fill_buffer = 1; /* If b is the current buffer, then settings_parser__init_buffer was _probably_ @@ -2055,7 +2088,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - int num_to_alloc; + yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { @@ -2064,7 +2097,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner) * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ yyg->yy_buffer_stack = (struct yy_buffer_state**)settings_parser_alloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); @@ -2081,7 +2114,7 @@ static void settings_parser_ensure_buffer_stack (yyscan_t yyscanner) if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; yyg->yy_buffer_stack = (struct yy_buffer_state**)settings_parser_realloc @@ -2159,12 +2192,12 @@ YY_BUFFER_STATE settings_parser__scan_string (yyconst char * yystr , yyscan_t yy * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner) +YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; yy_size_t n; - int i; + yy_size_t i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; @@ -2191,7 +2224,7 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby /* %endif */ /* %if-c-only */ - static void yy_push_state (int new_state , yyscan_t yyscanner) + static void yy_push_state (int _new_state , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2216,7 +2249,7 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby yyg->yy_start_stack[yyg->yy_start_stack_ptr++] = YY_START; - BEGIN(new_state); + BEGIN(_new_state); } /* %if-c-only */ @@ -2249,7 +2282,9 @@ YY_BUFFER_STATE settings_parser__scan_bytes (yyconst char * yybytes, int _yyby /* %if-c-only */ static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) { - (void) fprintf( stderr, "%s\n", msg ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ @@ -2336,7 +2371,7 @@ FILE *settings_parser_get_out (yyscan_t yyscanner) /** Get the length of the current token. * @param yyscanner The scanner object. */ -int settings_parser_get_leng (yyscan_t yyscanner) +yy_size_t settings_parser_get_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; @@ -2367,51 +2402,51 @@ void settings_parser_set_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner /* %endif */ /** Set the current line number. - * @param line_number + * @param _line_number line number * @param yyscanner The scanner object. */ -void settings_parser_set_lineno (int line_number , yyscan_t yyscanner) +void settings_parser_set_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "settings_parser_set_lineno called with no buffer" , yyscanner); + YY_FATAL_ERROR( "settings_parser_set_lineno called with no buffer" ); - yylineno = line_number; + yylineno = _line_number; } /** Set the current column. - * @param line_number + * @param _column_no column number * @param yyscanner The scanner object. */ -void settings_parser_set_column (int column_no , yyscan_t yyscanner) +void settings_parser_set_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "settings_parser_set_column called with no buffer" , yyscanner); + YY_FATAL_ERROR( "settings_parser_set_column called with no buffer" ); - yycolumn = column_no; + yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * @param yyscanner The scanner object. * @see settings_parser__switch_to_buffer */ -void settings_parser_set_in (FILE * in_str , yyscan_t yyscanner) +void settings_parser_set_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyin = in_str ; + yyin = _in_str ; } -void settings_parser_set_out (FILE * out_str , yyscan_t yyscanner) +void settings_parser_set_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyout = out_str ; + yyout = _out_str ; } int settings_parser_get_debug (yyscan_t yyscanner) @@ -2420,10 +2455,10 @@ int settings_parser_get_debug (yyscan_t yyscanner) return yy_flex_debug; } -void settings_parser_set_debug (int bdebug , yyscan_t yyscanner) +void settings_parser_set_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } /* %endif */ @@ -2589,7 +2624,10 @@ int settings_parser_lex_destroy (yyscan_t yyscanner) #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner) { - register int i; + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } @@ -2598,7 +2636,7 @@ static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yysca #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -2608,11 +2646,16 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) void *settings_parser_alloc (yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; return (void *) malloc( size ); } void *settings_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2625,6 +2668,8 @@ void *settings_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner void settings_parser_free (void * ptr , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; free( (char *) ptr ); /* see settings_parser_realloc() for (char *) cast */ } diff --git a/src/libstrongswan/settings/settings_parser.c b/src/libstrongswan/settings/settings_parser.c index 6cd3b177a..47cf8ebd4 100644 --- a/src/libstrongswan/settings/settings_parser.c +++ b/src/libstrongswan/settings/settings_parser.c @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -44,7 +44,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "3.0.2" +#define YYBISON_VERSION "3.0.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -180,7 +180,7 @@ extern int settings_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 77 "settings/settings_parser.y" /* yacc.c:355 */ @@ -191,6 +191,8 @@ union YYSTYPE #line 193 "settings/settings_parser.c" /* yacc.c:355 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif @@ -203,7 +205,7 @@ int settings_parser_parse (parser_helper_t *ctx); /* Copy the second part of user declarations. */ -#line 207 "settings/settings_parser.c" /* yacc.c:358 */ +#line 209 "settings/settings_parser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -1027,43 +1029,43 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c case 3: /* NAME */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1031 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1033 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 4: /* STRING */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1037 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1039 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 13: /* section */ #line 93 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1043 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1045 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 14: /* section_start */ #line 93 "settings/settings_parser.y" /* yacc.c:1257 */ { pop_section(ctx); settings_section_destroy(((*yyvaluep).sec), NULL); } -#line 1049 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1051 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 15: /* setting */ #line 94 "settings/settings_parser.y" /* yacc.c:1257 */ { settings_kv_destroy(((*yyvaluep).kv), NULL); } -#line 1055 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1057 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 16: /* value */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1061 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1063 "settings/settings_parser.c" /* yacc.c:1257 */ break; case 17: /* valuepart */ #line 91 "settings/settings_parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1067 "settings/settings_parser.c" /* yacc.c:1257 */ +#line 1069 "settings/settings_parser.c" /* yacc.c:1257 */ break; @@ -1333,7 +1335,7 @@ yyreduce: { add_section(ctx, (yyvsp[0].sec)); } -#line 1337 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1339 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 6: @@ -1341,7 +1343,7 @@ yyreduce: { add_setting(ctx, (yyvsp[0].kv)); } -#line 1345 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1347 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 7: @@ -1350,7 +1352,7 @@ yyreduce: pop_section(ctx); (yyval.sec) = (yyvsp[-2].sec); } -#line 1354 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1356 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 8: @@ -1358,7 +1360,7 @@ yyreduce: { (yyval.sec) = push_section(ctx, (yyvsp[-1].s)); } -#line 1362 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1364 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 9: @@ -1366,7 +1368,7 @@ yyreduce: { (yyval.sec) = push_section(ctx, (yyvsp[-2].s)); } -#line 1370 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1372 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 10: @@ -1374,7 +1376,7 @@ yyreduce: { (yyval.kv) = settings_kv_create((yyvsp[-2].s), (yyvsp[0].s)); } -#line 1378 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1380 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 11: @@ -1382,7 +1384,7 @@ yyreduce: { (yyval.kv) = settings_kv_create((yyvsp[-1].s), NULL); } -#line 1386 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1388 "settings/settings_parser.c" /* yacc.c:1646 */ break; case 13: @@ -1397,11 +1399,11 @@ yyreduce: free((yyvsp[-1].s)); free((yyvsp[0].s)); } -#line 1401 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1403 "settings/settings_parser.c" /* yacc.c:1646 */ break; -#line 1405 "settings/settings_parser.c" /* yacc.c:1646 */ +#line 1407 "settings/settings_parser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires diff --git a/src/libstrongswan/settings/settings_parser.h b/src/libstrongswan/settings/settings_parser.h index d887777a2..b41e0d56f 100644 --- a/src/libstrongswan/settings/settings_parser.h +++ b/src/libstrongswan/settings/settings_parser.h @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison interface for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -59,7 +59,7 @@ extern int settings_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 77 "settings/settings_parser.y" /* yacc.c:1909 */ @@ -70,6 +70,8 @@ union YYSTYPE #line 72 "settings/settings_parser.h" /* yacc.c:1909 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif diff --git a/src/libstrongswan/tests/Makefile.am b/src/libstrongswan/tests/Makefile.am index b2d456035..caa9d3a6a 100644 --- a/src/libstrongswan/tests/Makefile.am +++ b/src/libstrongswan/tests/Makefile.am @@ -12,7 +12,7 @@ libtest_la_CFLAGS = \ libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@ libtest_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) + $(PTHREADLIB) $(ATOMICLIB) TESTS = tests diff --git a/src/libstrongswan/tests/Makefile.in b/src/libstrongswan/tests/Makefile.in index 0a0f5893d..4e5321755 100644 --- a/src/libstrongswan/tests/Makefile.in +++ b/src/libstrongswan/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libstrongswan/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -102,7 +111,7 @@ CONFIG_CLEAN_VPATH_FILES = am__DEPENDENCIES_1 = libtest_la_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) am__dirstamp = $(am__leading_dot)dirstamp am_libtest_la_OBJECTS = libtest_la-test_suite.lo \ libtest_la-test_runner.lo utils/libtest_la-test_rng.lo @@ -240,12 +249,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -295,6 +306,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -329,6 +341,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -440,6 +453,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -481,7 +495,7 @@ libtest_la_CFLAGS = \ libtest_la_LDFLAGS = @COVERAGE_LDFLAGS@ libtest_la_LIBADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) + $(PTHREADLIB) $(ATOMICLIB) tests_SOURCES = tests.h tests.c \ suites/test_linked_list.c \ @@ -549,7 +563,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libstrongswan/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libstrongswan/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1603,6 +1616,8 @@ uninstall-am: mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libstrongswan/tests/suites/test_array.c b/src/libstrongswan/tests/suites/test_array.c index eda72e10a..eed8fba56 100644 --- a/src/libstrongswan/tests/suites/test_array.c +++ b/src/libstrongswan/tests/suites/test_array.c @@ -512,7 +512,7 @@ END_TEST START_TEST(test_insert_create_value) { array_t *array = NULL; - u_int16_t v; + uint16_t v; v = 1; array_insert_create_value(&array, sizeof(v), ARRAY_TAIL, &v); diff --git a/src/libstrongswan/tests/suites/test_asn1.c b/src/libstrongswan/tests/suites/test_asn1.c index ac7c5519e..fa02df9ca 100644 --- a/src/libstrongswan/tests/suites/test_asn1.c +++ b/src/libstrongswan/tests/suites/test_asn1.c @@ -462,7 +462,7 @@ START_TEST(test_asn1_to_time) { typedef struct { time_t time; - u_int8_t type; + uint8_t type; char *string; } testdata_t; @@ -525,7 +525,7 @@ START_TEST(test_asn1_from_time) { typedef struct { time_t time; - u_int8_t type; + uint8_t type; chunk_t chunk; } testdata_t; @@ -759,7 +759,7 @@ END_TEST START_TEST(test_asn1_parse_integer_uint64) { typedef struct { - u_int64_t n; + uint64_t n; chunk_t chunk; } testdata_t; diff --git a/src/libstrongswan/tests/suites/test_bio_reader.c b/src/libstrongswan/tests/suites/test_bio_reader.c index 6a9743d62..d3b4b4358 100644 --- a/src/libstrongswan/tests/suites/test_bio_reader.c +++ b/src/libstrongswan/tests/suites/test_bio_reader.c @@ -65,7 +65,7 @@ START_TEST(test_read_uint8) { chunk_t data = chunk_from_chars(0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07); - u_int8_t val; + uint8_t val; assert_integer_read(data, 8, val); assert_basic_read(8, val); @@ -76,7 +76,7 @@ END_TEST START_TEST(test_read_uint16) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x01, 0x00, 0x02, 0x00, 0x03); - u_int16_t val; + uint16_t val; assert_integer_read(data, 16, val); assert_basic_read(16, val); @@ -87,7 +87,7 @@ END_TEST START_TEST(test_read_uint24) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x03); - u_int32_t val; + uint32_t val; assert_integer_read(data, 24, val); assert_basic_read(24, val); @@ -99,7 +99,7 @@ START_TEST(test_read_uint32) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x03); - u_int32_t val; + uint32_t val; assert_integer_read(data, 32, val); assert_basic_read(32, val); @@ -113,7 +113,7 @@ START_TEST(test_read_uint64) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03); - u_int64_t val; + uint64_t val; assert_integer_read(data, 64, val); assert_basic_read(64, val); @@ -170,7 +170,7 @@ END_TEST START_TEST(test_read_uint8_end) { chunk_t data = chunk_from_chars(0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00); - u_int8_t val; + uint8_t val; assert_integer_read_end(data, 8, val); assert_basic_read_end(8, val); @@ -181,7 +181,7 @@ END_TEST START_TEST(test_read_uint16_end) { chunk_t data = chunk_from_chars(0x00, 0x03, 0x00, 0x02, 0x00, 0x01, 0x00, 0x00); - u_int16_t val; + uint16_t val; assert_integer_read_end(data, 16, val); assert_basic_read_end(16, val); @@ -192,7 +192,7 @@ END_TEST START_TEST(test_read_uint24_end) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x03, 0x00, 0x00, 0x02, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00); - u_int32_t val; + uint32_t val; assert_integer_read_end(data, 24, val); assert_basic_read_end(24, val); @@ -204,7 +204,7 @@ START_TEST(test_read_uint32_end) { chunk_t data = chunk_from_chars(0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00); - u_int32_t val; + uint32_t val; assert_integer_read_end(data, 32, val); assert_basic_read_end(32, val); @@ -218,7 +218,7 @@ START_TEST(test_read_uint64_end) 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); - u_int64_t val; + uint64_t val; assert_integer_read_end(data, 64, val); assert_basic_read_end(64, val); diff --git a/src/libstrongswan/tests/suites/test_chunk.c b/src/libstrongswan/tests/suites/test_chunk.c index 6272ca795..b82b1436f 100644 --- a/src/libstrongswan/tests/suites/test_chunk.c +++ b/src/libstrongswan/tests/suites/test_chunk.c @@ -316,11 +316,11 @@ START_TEST(test_chunk_skip) foobar = chunk_from_str("foobar"); a = foobar; a = chunk_skip(a, 0); - ck_assert(chunk_equals(a, foobar)); + ck_assert_chunk_eq(a, foobar); a = chunk_skip(a, 1); - ck_assert(chunk_equals(a, chunk_from_str("oobar"))); + ck_assert_chunk_eq(a, chunk_from_str("oobar")); a = chunk_skip(a, 2); - ck_assert(chunk_equals(a, chunk_from_str("bar"))); + ck_assert_chunk_eq(a, chunk_from_str("bar")); a = chunk_skip(a, 3); assert_chunk_empty(a); @@ -338,20 +338,24 @@ START_TEST(test_chunk_skip_zero) { chunk_t foobar, a; - a = chunk_empty; - a = chunk_skip_zero(a); + a = chunk_skip_zero(chunk_empty); assert_chunk_empty(a); foobar = chunk_from_str("foobar"); - a = foobar; - a = chunk_skip_zero(a); - ck_assert(chunk_equals(a, foobar)); + a = chunk_skip_zero(foobar); + ck_assert_chunk_eq(a, foobar); - a = chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc); - a = chunk_skip_zero(a); - ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc))); + foobar = chunk_from_chars(0x00); + a = chunk_skip_zero(foobar); + ck_assert_chunk_eq(a, foobar); + + a = chunk_skip_zero(chunk_from_chars(0x00, 0xaa, 0xbb, 0xcc)); + ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc)); a = chunk_skip_zero(a); - ck_assert(chunk_equals(a, chunk_from_chars(0xaa, 0xbb, 0xcc))); + ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc)); + + a = chunk_skip_zero(chunk_from_chars(0x00, 0x00, 0xaa, 0xbb, 0xcc)); + ck_assert_chunk_eq(a, chunk_from_chars(0xaa, 0xbb, 0xcc)); } END_TEST @@ -736,7 +740,7 @@ START_TEST(test_chunk_mac) { chunk_t in; u_char key[16]; - u_int64_t out; + uint64_t out; int i, count; count = countof(sip_vectors); @@ -765,7 +769,7 @@ END_TEST START_TEST(test_chunk_hash) { chunk_t chunk; - u_int32_t hash_a, hash_b, hash_c; + uint32_t hash_a, hash_b, hash_c; chunk = chunk_from_str("asdf"); @@ -787,7 +791,7 @@ END_TEST START_TEST(test_chunk_hash_static) { chunk_t in; - u_int32_t out, hash_a, hash_b, hash_inc = 0x7b891a95; + uint32_t out, hash_a, hash_b, hash_inc = 0x7b891a95; int i, count; count = countof(sip_vectors); @@ -813,7 +817,7 @@ END_TEST * test for chunk_internet_checksum[_inc]() */ -static inline u_int16_t compensate_alignment(u_int16_t val) +static inline uint16_t compensate_alignment(uint16_t val) { return ((val & 0xff) << 8) | (val >> 8); } @@ -821,7 +825,7 @@ static inline u_int16_t compensate_alignment(u_int16_t val) START_TEST(test_chunk_internet_checksum) { chunk_t chunk; - u_int16_t sum; + uint16_t sum; chunk = chunk_from_chars(0x45,0x00,0x00,0x30,0x44,0x22,0x40,0x00,0x80,0x06, 0x00,0x00,0x8c,0x7c,0x19,0xac,0xae,0x24,0x1e,0x2b); diff --git a/src/libstrongswan/tests/suites/test_host.c b/src/libstrongswan/tests/suites/test_host.c index 5cb8013ff..5d054577a 100644 --- a/src/libstrongswan/tests/suites/test_host.c +++ b/src/libstrongswan/tests/suites/test_host.c @@ -46,7 +46,7 @@ static void verify_netmask(chunk_t addr, int mask) * host_create_any */ -static void verify_any(host_t *host, int family, u_int16_t port) +static void verify_any(host_t *host, int family, uint16_t port) { verify_netmask(host->get_address(host), 0); ck_assert(host->is_anyaddr(host)); @@ -88,7 +88,7 @@ END_TEST * host_create_from_string */ -static void verify_address(host_t *host, chunk_t addr, int family, u_int16_t port) +static void verify_address(host_t *host, chunk_t addr, int family, uint16_t port) { ck_assert(chunk_equals(host->get_address(host), addr)); ck_assert(!host->is_anyaddr(host)); @@ -656,7 +656,7 @@ END_TEST static struct { char *addr; - u_int16_t port; + uint16_t port; /* results for %H, %+H, %#H (falls back to [0]) */ char *result[3]; } printf_data[] = { diff --git a/src/libstrongswan/tests/suites/test_iv_gen.c b/src/libstrongswan/tests/suites/test_iv_gen.c index 4e45c8538..8b0a14b79 100644 --- a/src/libstrongswan/tests/suites/test_iv_gen.c +++ b/src/libstrongswan/tests/suites/test_iv_gen.c @@ -21,17 +21,17 @@ START_TEST(test_iv_gen_seq) { iv_gen_t *iv_gen; - u_int64_t iv0, iv1_1, iv1_2; + uint64_t iv0, iv1_1, iv1_2; iv_gen = iv_gen_seq_create(); - ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv0)); - ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_1)); + ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (uint8_t*)&iv0)); + ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_1)); ck_assert(iv0 != iv1_1); /* every sequence number may be used twice, but results in a different IV */ - ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2)); + ck_assert(iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_2)); ck_assert(iv0 != iv1_2); ck_assert(iv1_1 != iv1_2); - ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (u_int8_t*)&iv1_2)); + ck_assert(!iv_gen->get_iv(iv_gen, 1, 8, (uint8_t*)&iv1_2)); iv_gen->destroy(iv_gen); } END_TEST @@ -39,19 +39,19 @@ END_TEST START_TEST(test_iv_gen_seq_len) { iv_gen_t *iv_gen; - u_int64_t iv; - u_int8_t buf[9]; + uint64_t iv; + uint8_t buf[9]; iv_gen = iv_gen_seq_create(); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (u_int8_t*)&iv)); - ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (u_int8_t*)&iv)); - ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (u_int8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 0, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 1, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 2, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 3, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 4, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 5, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 6, (uint8_t*)&iv)); + ck_assert(!iv_gen->get_iv(iv_gen, 0, 7, (uint8_t*)&iv)); + ck_assert(iv_gen->get_iv(iv_gen, 0, 8, (uint8_t*)&iv)); ck_assert(iv_gen->get_iv(iv_gen, 0, 9, buf)); iv_gen->destroy(iv_gen); } diff --git a/src/libstrongswan/tests/suites/test_ntru.c b/src/libstrongswan/tests/suites/test_ntru.c index d209fa2bc..0a6d24d04 100644 --- a/src/libstrongswan/tests/suites/test_ntru.c +++ b/src/libstrongswan/tests/suites/test_ntru.c @@ -25,7 +25,7 @@ #include <plugins/ntru/ntru_private_key.h> IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_drbg_create, ntru_drbg_t*, - u_int32_t strength, chunk_t pers_str, rng_t *entropy) + uint32_t strength, chunk_t pers_str, rng_t *entropy) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_trits_create, ntru_trits_t*, size_t len, hash_algorithm_t alg, chunk_t seed) @@ -36,7 +36,7 @@ IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_seed, ntru_poly_t*, uint32_t indices_len_m, bool is_product_form) IMPORT_FUNCTION_FOR_TESTS(ntru, ntru_poly_create_from_data, ntru_poly_t*, - u_int16_t *data, uint16_t N, uint16_t q, + uint16_t *data, uint16_t N, uint16_t q, uint32_t indices_len_p, uint32_t indices_len_m, bool is_product_form) @@ -73,8 +73,8 @@ char *parameter_sets[] = { }; typedef struct { - u_int32_t requested; - u_int32_t standard; + uint32_t requested; + uint32_t standard; }strength_t; strength_t strengths[] = { diff --git a/src/libstrongswan/tests/suites/test_printf.c b/src/libstrongswan/tests/suites/test_printf.c index 9e40d1fc0..377f2a767 100644 --- a/src/libstrongswan/tests/suites/test_printf.c +++ b/src/libstrongswan/tests/suites/test_printf.c @@ -75,7 +75,7 @@ END_TEST START_TEST(test_printf_unsigned) { - verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (u_int64_t)456); + verify("1 23 456", "%u %lu %llu", 1, (u_long)23, (uint64_t)456); verify("65535 255", "%hu %hhu", 0x1ffff, 0x1ff); verify("123456789", "%zu", (size_t)123456789); verify(" 12", "%5u", 12); @@ -99,7 +99,7 @@ END_TEST START_TEST(test_printf_hex) { - verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (u_int64_t)0x456); + verify("1 23 456", "%x %lx %llx", 1, (u_long)0x23, (uint64_t)0x456); verify("12abcdef 12ABCDEF", "%x %X", 0x12ABCDEF, 0x12ABCDEF); verify("ffff ff", "%hx %hhx", 0x1ffff, 0x1ff); verify("23456789", "%zx", (size_t)0x23456789); @@ -170,10 +170,10 @@ END_TEST START_TEST(test_printf_pri) { - verify("255", "%" PRIu8, (u_int8_t)0xFF); - verify("65535", "%" PRIu16, (u_int16_t)0xFFFF); - verify("4294967295", "%" PRIu32, (u_int32_t)0x1FFFFFFFFll); - verify("18446744073709551615", "%" PRIu64, (u_int64_t)0xFFFFFFFFFFFFFFFFll); + verify("255", "%" PRIu8, (uint8_t)0xFF); + verify("65535", "%" PRIu16, (uint16_t)0xFFFF); + verify("4294967295", "%" PRIu32, (uint32_t)0x1FFFFFFFFll); + verify("18446744073709551615", "%" PRIu64, (uint64_t)0xFFFFFFFFFFFFFFFFll); verify("-1", "%" PRId8, (int8_t)-1); verify("-1", "%" PRId16, (int16_t)-1); diff --git a/src/libstrongswan/tests/suites/test_traffic_selector.c b/src/libstrongswan/tests/suites/test_traffic_selector.c index 5c0fb754d..0d5d877ac 100644 --- a/src/libstrongswan/tests/suites/test_traffic_selector.c +++ b/src/libstrongswan/tests/suites/test_traffic_selector.c @@ -198,7 +198,7 @@ struct { char *from; char *to; char *net; - u_int8_t mask; + uint8_t mask; bool exact; } to_subnet_tests[] = { { TS_IPV4_ADDR_RANGE, "10.0.0.1", "10.0.0.1", "10.0.0.1", 32, TRUE }, @@ -218,7 +218,7 @@ START_TEST(test_to_subnet) { traffic_selector_t *ts; host_t *net, *exp_net; - u_int8_t mask; + uint8_t mask; ts = traffic_selector_create_from_string(0, to_subnet_tests[_i].type, to_subnet_tests[_i].from, 0, to_subnet_tests[_i].to, 0); @@ -234,9 +234,9 @@ END_TEST struct { char *cidr; - u_int16_t from_port; - u_int16_t to_port; - u_int16_t port; + uint16_t from_port; + uint16_t to_port; + uint16_t port; } to_subnet_port_tests[] = { { "10.0.0.0/8", 0, 0, 0 }, { "10.0.0.1/32", 80, 80, 80 }, @@ -252,7 +252,7 @@ START_TEST(test_to_subnet_port) { traffic_selector_t *ts; host_t *net, *exp_net; - u_int8_t mask; + uint8_t mask; int exp_mask; ts = traffic_selector_create_from_cidr(to_subnet_port_tests[_i].cidr, 0, @@ -431,9 +431,9 @@ struct { bool contained; struct { char *net; - u_int8_t proto; - u_int16_t from_port; - u_int16_t to_port; + uint8_t proto; + uint16_t from_port; + uint16_t to_port; } a, b; } is_contained_in_tests[] = { { TRUE, { "10.0.0.0/16", 0, 0, 65535 }, { "10.0.0.0/16", 0, 0, 65535 }, }, @@ -555,9 +555,9 @@ struct { int res; struct { char *net; - u_int8_t proto; - u_int16_t from_port; - u_int16_t to_port; + uint8_t proto; + uint16_t from_port; + uint16_t to_port; } a, b; } cmp_tests[] = { { 0, { "10.0.0.0/8", 0, 0, 65535 }, { "10.0.0.0/8", 0, 0, 65535 }, }, @@ -706,13 +706,13 @@ START_TEST(test_hash) END_TEST struct { - u_int8_t proto; - u_int16_t from_port; - u_int16_t to_port; - u_int8_t from_type; - u_int8_t from_code; - u_int8_t to_type; - u_int8_t to_code; + uint8_t proto; + uint16_t from_port; + uint16_t to_port; + uint8_t from_type; + uint8_t from_code; + uint8_t to_type; + uint8_t to_code; char *str; char *str_alt; } icmp_tests[] = { @@ -731,7 +731,7 @@ struct { START_TEST(test_icmp) { traffic_selector_t *ts; - u_int16_t from, to; + uint16_t from, to; ts = traffic_selector_create_dynamic(icmp_tests[_i].proto, icmp_tests[_i].from_port, icmp_tests[_i].to_port); diff --git a/src/libstrongswan/tests/suites/test_utils.c b/src/libstrongswan/tests/suites/test_utils.c index 104b0b2c0..1eb3c8bc3 100644 --- a/src/libstrongswan/tests/suites/test_utils.c +++ b/src/libstrongswan/tests/suites/test_utils.c @@ -121,9 +121,9 @@ END_TEST START_TEST(test_htoun) { chunk_t net64, expected; - u_int16_t host16 = 513; - u_int32_t net16 = 0, host32 = 67305985; - u_int64_t net32 = 0, host64 = 578437695752307201ULL; + uint16_t host16 = 513; + uint32_t net16 = 0, host32 = 67305985; + uint64_t net32 = 0, host64 = 578437695752307201ULL; net64 = chunk_alloca(16); memset(net64.ptr, 0, net64.len); @@ -133,14 +133,14 @@ START_TEST(test_htoun) ck_assert(chunk_equals(expected, chunk_from_thing(net16))); expected = chunk_from_chars(0x00, 0x00, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00); - htoun32((u_int16_t*)&net32 + 1, host32); + htoun32((uint16_t*)&net32 + 1, host32); ck_assert(chunk_equals(expected, chunk_from_thing(net32))); expected = chunk_from_chars(0x00, 0x00, 0x00, 0x00, 0x08, 0x07, 0x06, 0x05, 0x04, 0x03, 0x02, 0x01, 0x00, 0x00, 0x00, 0x00); - htoun64((u_int32_t*)net64.ptr + 1, host64); + htoun64((uint32_t*)net64.ptr + 1, host64); ck_assert(chunk_equals(expected, net64)); } END_TEST @@ -148,9 +148,9 @@ END_TEST START_TEST(test_untoh) { chunk_t net; - u_int16_t host16; - u_int32_t host32; - u_int64_t host64; + uint16_t host16; + uint32_t host32; + uint64_t host64; net = chunk_from_chars(0x00, 0x02, 0x01, 0x00); host16 = untoh16(net.ptr + 1); @@ -197,6 +197,82 @@ START_TEST(test_round) END_TEST /******************************************************************************* + * streq + */ + +static struct { + char *a; + char *b; + bool eq; + bool case_eq; +} streq_data[] = { + {NULL, NULL, TRUE, TRUE}, + {NULL, "", FALSE, FALSE}, + {"", NULL, FALSE, FALSE}, + {"abc", "", FALSE, FALSE}, + {"abc", "abc", TRUE, TRUE}, + {"abc", "ABC", FALSE, TRUE}, +}; + +START_TEST(test_streq) +{ + bool eq; + + ck_assert(streq(streq_data[_i].a, streq_data[_i].a)); + ck_assert(streq(streq_data[_i].b, streq_data[_i].b)); + eq = streq(streq_data[_i].a, streq_data[_i].b); + ck_assert(eq == streq_data[_i].eq); + + ck_assert(strcaseeq(streq_data[_i].a, streq_data[_i].a)); + ck_assert(strcaseeq(streq_data[_i].b, streq_data[_i].b)); + eq = strcaseeq(streq_data[_i].a, streq_data[_i].b); + ck_assert(eq == streq_data[_i].case_eq); +} +END_TEST + +/******************************************************************************* + * strneq + */ + +static struct { + char *a; + char *b; + size_t n; + bool eq; + bool case_eq; +} strneq_data[] = { + {NULL, NULL, 0, TRUE, TRUE}, + {NULL, NULL, 10, TRUE, TRUE}, + {NULL, "", 0, FALSE, FALSE}, + {"", NULL, 0, FALSE, FALSE}, + {"abc", "", 0, TRUE, TRUE}, + {"abc", "", 1, FALSE, FALSE}, + {"abc", "ab", 1, TRUE, TRUE}, + {"abc", "ab", 2, TRUE, TRUE}, + {"abc", "ab", 3, FALSE, FALSE}, + {"abc", "abc", 3, TRUE, TRUE}, + {"abc", "abc", 4, TRUE, TRUE}, + {"abc", "abC", 2, TRUE, TRUE}, + {"abc", "abC", 3, FALSE, TRUE}, +}; + +START_TEST(test_strneq) +{ + bool eq; + + ck_assert(strneq(strneq_data[_i].a, strneq_data[_i].a, strneq_data[_i].n)); + ck_assert(strneq(strneq_data[_i].b, strneq_data[_i].b, strneq_data[_i].n)); + eq = strneq(strneq_data[_i].a, strneq_data[_i].b, strneq_data[_i].n); + ck_assert(eq == strneq_data[_i].eq); + + ck_assert(strncaseeq(strneq_data[_i].a, strneq_data[_i].a, strneq_data[_i].n)); + ck_assert(strncaseeq(strneq_data[_i].b, strneq_data[_i].b, strneq_data[_i].n)); + eq = strncaseeq(strneq_data[_i].a, strneq_data[_i].b, strneq_data[_i].n); + ck_assert(eq == strneq_data[_i].case_eq); +} +END_TEST + +/******************************************************************************* * strpfx */ @@ -308,7 +384,7 @@ END_TEST START_TEST(test_memxor_aligned) { - u_int64_t a = 0, b = 0; + uint64_t a = 0, b = 0; chunk_t ca, cb; int i; @@ -848,6 +924,8 @@ Suite *utils_suite_create() suite_add_tcase(s, tc); tc = tcase_create("string helper"); + tcase_add_loop_test(tc, test_streq, 0, countof(streq_data)); + tcase_add_loop_test(tc, test_strneq, 0, countof(strneq_data)); tcase_add_loop_test(tc, test_strpfx, 0, countof(strpfx_data)); suite_add_tcase(s, tc); diff --git a/src/libstrongswan/tests/test_runner.c b/src/libstrongswan/tests/test_runner.c index 66d0e612d..ed77b3c86 100644 --- a/src/libstrongswan/tests/test_runner.c +++ b/src/libstrongswan/tests/test_runner.c @@ -90,6 +90,28 @@ static void apply_filter(array_t *loaded, char *filter, bool exclude) } /** + * Check if the given string is contained in the filter string. + */ +static bool is_in_filter(const char *find, char *filter) +{ + enumerator_t *names; + bool found = FALSE; + char *name; + + names = enumerator_create_token(filter, ",", " "); + while (names->enumerate(names, &name)) + { + if (streq(name, find)) + { + found = TRUE; + break; + } + } + names->destroy(names); + return found; +} + +/** * Removes and destroys test suites that are not selected or * explicitly excluded. */ @@ -524,11 +546,17 @@ int test_runner_run(const char *name, test_configuration_t configs[], enumerator_t *enumerator; int passed = 0, result; level_t level = LEVEL_SILENT; - char *cfg, *verbosity; + char *cfg, *runners, *verbosity; /* redirect all output to stderr (to redirect make's stdout to /dev/null) */ dup2(2, 1); + runners = getenv("TESTS_RUNNERS"); + if (runners && !is_in_filter(name, runners)) + { + return EXIT_SUCCESS; + } + cfg = getenv("TESTS_STRONGSWAN_CONF"); suites = load_suites(configs, init, cfg); diff --git a/src/libstrongswan/tests/test_runner.h b/src/libstrongswan/tests/test_runner.h index 5c3057096..e0fe767c5 100644 --- a/src/libstrongswan/tests/test_runner.h +++ b/src/libstrongswan/tests/test_runner.h @@ -70,6 +70,7 @@ struct test_configuration_t { * - TESTS_VERBOSITY: Numerical loglevel for debug log * - TESTS_STRONGSWAN_CONF: Specify a path to a custom strongswan.conf * - TESTS_PLUGINS: Specify an explicit list of plugins to load + * - TESTS_RUNNERS: Run specific test runners only * - TESTS_SUITES: Run specific test suites only * - TESTS_SUITES_EXCLUDE: Don't run specific test suites * - TESTS_REDUCED_KEYLENGTHS: Test minimal keylengths for public key tests only @@ -77,6 +78,9 @@ struct test_configuration_t { * Please note that TESTS_PLUGINS actually must be implemented by the init * callback function, as plugin loading is delegated. * + * EXIT_SUCCESS is returned right away if TESTS_RUNNERS is defined but the name + * passed to this function is not contained in it. + * * @param name name of test runner * @param config test suite constructors with dependencies * @param init_cb init/deinit callback diff --git a/src/libstrongswan/tests/utils/test_rng.c b/src/libstrongswan/tests/utils/test_rng.c index 01569509b..2985a56e3 100644 --- a/src/libstrongswan/tests/utils/test_rng.c +++ b/src/libstrongswan/tests/utils/test_rng.c @@ -34,7 +34,7 @@ struct private_rng_t { }; METHOD(rng_t, get_bytes, bool, - private_rng_t *this, size_t bytes, u_int8_t *buffer) + private_rng_t *this, size_t bytes, uint8_t *buffer) { if (bytes > this->entropy.len) { diff --git a/src/libstrongswan/threading/thread.c b/src/libstrongswan/threading/thread.c index 3d87e7fca..de5cbaa21 100644 --- a/src/libstrongswan/threading/thread.c +++ b/src/libstrongswan/threading/thread.c @@ -278,18 +278,27 @@ static private_thread_t *thread_create_internal() } /** - * Main cleanup function for threads. + * Remove and run all cleanup handlers in reverse order. */ -static void thread_cleanup(private_thread_t *this) +static void thread_cleanup_popall_internal(private_thread_t *this) { cleanup_handler_t *handler; - this->mutex->lock(this->mutex); + while (this->cleanup_handlers->remove_last(this->cleanup_handlers, - (void**)&handler) == SUCCESS) + (void**)&handler) == SUCCESS) { handler->cleanup(handler->arg); free(handler); } +} + +/** + * Main cleanup function for threads. + */ +static void thread_cleanup(private_thread_t *this) +{ + thread_cleanup_popall_internal(this); + this->mutex->lock(this->mutex); this->terminated = TRUE; thread_destroy(this); } @@ -417,15 +426,8 @@ void thread_cleanup_pop(bool execute) void thread_cleanup_popall() { private_thread_t *this = (private_thread_t*)thread_current(); - cleanup_handler_t *handler; - while (this->cleanup_handlers->get_count(this->cleanup_handlers)) - { - this->cleanup_handlers->remove_last(this->cleanup_handlers, - (void**)&handler); - handler->cleanup(handler->arg); - free(handler); - } + thread_cleanup_popall_internal(this); } /** diff --git a/src/libstrongswan/utils/chunk.c b/src/libstrongswan/utils/chunk.c index c4471be70..2f824a259 100644 --- a/src/libstrongswan/utils/chunk.c +++ b/src/libstrongswan/utils/chunk.c @@ -775,25 +775,25 @@ bool chunk_printable(chunk_t chunk, chunk_t *sane, char replace) /** * Helper functions for chunk_mac() */ -static inline u_int64_t sipget(u_char *in) +static inline uint64_t sipget(u_char *in) { - u_int64_t v = 0; + uint64_t v = 0; int i; for (i = 0; i < 64; i += 8, ++in) { - v |= ((u_int64_t)*in) << i; + v |= ((uint64_t)*in) << i; } return v; } -static inline u_int64_t siprotate(u_int64_t v, int shift) +static inline uint64_t siprotate(uint64_t v, int shift) { return (v << shift) | (v >> (64 - shift)); } -static inline void sipround(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, - u_int64_t *v3) +static inline void sipround(uint64_t *v0, uint64_t *v1, uint64_t *v2, + uint64_t *v3) { *v0 += *v1; *v1 = siprotate(*v1, 13); @@ -814,8 +814,8 @@ static inline void sipround(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, *v3 ^= *v0; } -static inline void sipcompress(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, - u_int64_t *v3, u_int64_t m) +static inline void sipcompress(uint64_t *v0, uint64_t *v1, uint64_t *v2, + uint64_t *v3, uint64_t m) { *v3 ^= m; sipround(v0, v1, v2, v3); @@ -823,28 +823,28 @@ static inline void sipcompress(u_int64_t *v0, u_int64_t *v1, u_int64_t *v2, *v0 ^= m; } -static inline u_int64_t siplast(size_t len, u_char *pos) +static inline uint64_t siplast(size_t len, u_char *pos) { - u_int64_t b; + uint64_t b; int rem = len & 7; - b = ((u_int64_t)len) << 56; + b = ((uint64_t)len) << 56; switch (rem) { case 7: - b |= ((u_int64_t)pos[6]) << 48; + b |= ((uint64_t)pos[6]) << 48; case 6: - b |= ((u_int64_t)pos[5]) << 40; + b |= ((uint64_t)pos[5]) << 40; case 5: - b |= ((u_int64_t)pos[4]) << 32; + b |= ((uint64_t)pos[4]) << 32; case 4: - b |= ((u_int64_t)pos[3]) << 24; + b |= ((uint64_t)pos[3]) << 24; case 3: - b |= ((u_int64_t)pos[2]) << 16; + b |= ((uint64_t)pos[2]) << 16; case 2: - b |= ((u_int64_t)pos[1]) << 8; + b |= ((uint64_t)pos[1]) << 8; case 1: - b |= ((u_int64_t)pos[0]); + b |= ((uint64_t)pos[0]); break; case 0: break; @@ -855,9 +855,9 @@ static inline u_int64_t siplast(size_t len, u_char *pos) /** * Caculate SipHash-2-4 with an optional first block given as argument. */ -static u_int64_t chunk_mac_inc(chunk_t chunk, u_char *key, u_int64_t m) +static uint64_t chunk_mac_inc(chunk_t chunk, u_char *key, uint64_t m) { - u_int64_t v0, v1, v2, v3, k0, k1; + uint64_t v0, v1, v2, v3, k0, k1; size_t len = chunk.len; u_char *pos = chunk.ptr, *end; @@ -896,7 +896,7 @@ static u_int64_t chunk_mac_inc(chunk_t chunk, u_char *key, u_int64_t m) /** * Described in header. */ -u_int64_t chunk_mac(chunk_t chunk, u_char *key) +uint64_t chunk_mac(chunk_t chunk, u_char *key) { return chunk_mac_inc(chunk, key, 0); } @@ -957,16 +957,16 @@ void chunk_hash_seed() /** * Described in header. */ -u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash) +uint32_t chunk_hash_inc(chunk_t chunk, uint32_t hash) { /* we could use a mac of the previous hash, but this is faster */ - return chunk_mac_inc(chunk, key, ((u_int64_t)hash) << 32 | hash); + return chunk_mac_inc(chunk, key, ((uint64_t)hash) << 32 | hash); } /** * Described in header. */ -u_int32_t chunk_hash(chunk_t chunk) +uint32_t chunk_hash(chunk_t chunk) { return chunk_mac(chunk, key); } @@ -974,15 +974,15 @@ u_int32_t chunk_hash(chunk_t chunk) /** * Described in header. */ -u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash) +uint32_t chunk_hash_static_inc(chunk_t chunk, uint32_t hash) { /* we could use a mac of the previous hash, but this is faster */ - return chunk_mac_inc(chunk, static_key, ((u_int64_t)hash) << 32 | hash); + return chunk_mac_inc(chunk, static_key, ((uint64_t)hash) << 32 | hash); } /** * Described in header. */ -u_int32_t chunk_hash_static(chunk_t chunk) +uint32_t chunk_hash_static(chunk_t chunk) { return chunk_mac(chunk, static_key); } @@ -990,9 +990,9 @@ u_int32_t chunk_hash_static(chunk_t chunk) /** * Described in header. */ -u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum) +uint16_t chunk_internet_checksum_inc(chunk_t data, uint16_t checksum) { - u_int32_t sum = ntohs((u_int16_t)~checksum); + uint32_t sum = ntohs((uint16_t)~checksum); while (data.len > 1) { @@ -1001,7 +1001,7 @@ u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum) } if (data.len) { - sum += (u_int16_t)*data.ptr << 8; + sum += (uint16_t)*data.ptr << 8; } while (sum >> 16) { @@ -1013,7 +1013,7 @@ u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum) /** * Described in header. */ -u_int16_t chunk_internet_checksum(chunk_t data) +uint16_t chunk_internet_checksum(chunk_t data) { return chunk_internet_checksum_inc(data, 0xffff); } diff --git a/src/libstrongswan/utils/chunk.h b/src/libstrongswan/utils/chunk.h index 2ec7f7543..160d09944 100644 --- a/src/libstrongswan/utils/chunk.h +++ b/src/libstrongswan/utils/chunk.h @@ -280,11 +280,11 @@ static inline chunk_t chunk_skip(chunk_t chunk, size_t bytes) } /** - * Skip a leading zero-valued byte + * Skip any leading zero-valued bytes */ static inline chunk_t chunk_skip_zero(chunk_t chunk) { - if (chunk.len > 1 && *chunk.ptr == 0x00) + while (chunk.len > 1 && *chunk.ptr == 0x00) { chunk.ptr++; chunk.len--; @@ -375,7 +375,7 @@ void chunk_hash_seed(); * @param chunk data to hash * @return hash value */ -u_int32_t chunk_hash(chunk_t chunk); +uint32_t chunk_hash(chunk_t chunk); /** * Incremental version of chunk_hash. Use this to hash two or more chunks. @@ -384,7 +384,7 @@ u_int32_t chunk_hash(chunk_t chunk); * @param hash previous hash value * @return hash value */ -u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash); +uint32_t chunk_hash_inc(chunk_t chunk, uint32_t hash); /** * Computes a 32 bit hash of the given chunk. @@ -398,7 +398,7 @@ u_int32_t chunk_hash_inc(chunk_t chunk, u_int32_t hash); * @param chunk data to hash * @return hash value */ -u_int32_t chunk_hash_static(chunk_t chunk); +uint32_t chunk_hash_static(chunk_t chunk); /** * Incremental version of chunk_hash_static(). Use this to hash two or more @@ -408,7 +408,7 @@ u_int32_t chunk_hash_static(chunk_t chunk); * @param hash previous hash value * @return hash value */ -u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash); +uint32_t chunk_hash_static_inc(chunk_t chunk, uint32_t hash); /** * Computes a quick MAC from the given chunk and key using SipHash. @@ -422,7 +422,7 @@ u_int32_t chunk_hash_static_inc(chunk_t chunk, u_int32_t hash); * @param key key to use * @return MAC for given input and key */ -u_int64_t chunk_mac(chunk_t chunk, u_char *key); +uint64_t chunk_mac(chunk_t chunk, u_char *key); /** * Calculate the Internet Checksum according to RFC 1071 for the given chunk. @@ -434,7 +434,7 @@ u_int64_t chunk_mac(chunk_t chunk, u_char *key); * @param data data to process * @return checksum (one's complement, network order) */ -u_int16_t chunk_internet_checksum(chunk_t data); +uint16_t chunk_internet_checksum(chunk_t data); /** * Extend the given Internet Checksum (one's complement, in network byte order) @@ -447,7 +447,7 @@ u_int16_t chunk_internet_checksum(chunk_t data); * @param checksum previous checksum (one's complement, network order) * @return checksum (one's complement, network order) */ -u_int16_t chunk_internet_checksum_inc(chunk_t data, u_int16_t checksum); +uint16_t chunk_internet_checksum_inc(chunk_t data, uint16_t checksum); /** * printf hook function for chunk_t. diff --git a/src/libstrongswan/utils/compat/android.h b/src/libstrongswan/utils/compat/android.h index b3ea9c475..6edd3effb 100644 --- a/src/libstrongswan/utils/compat/android.h +++ b/src/libstrongswan/utils/compat/android.h @@ -21,6 +21,8 @@ #ifndef ANDROID_H_ #define ANDROID_H_ +#include <android/api-level.h> + /* stuff defined in AndroidConfig.h, which is included using the -include * command-line option, thus cannot be undefined using -U CFLAGS options. * the reason we have to undefine these flags in the first place, is that @@ -28,4 +30,19 @@ * actually defined. */ #undef HAVE_BACKTRACE +/* API level 21 changed quite a few things, we define some stuff here and not + * via CFLAGS in Android.mk files as it is easier to compare versions */ +#if __ANDROID_API__ >= 21 + +#define HAVE_PTHREAD_CONDATTR_INIT 1 +#define HAVE_CONDATTR_CLOCK_MONOTONIC 1 + +#define HAVE_SYS_CAPABILITY_H 1 + +#else /* __ANDROID_API__ */ + +#define HAVE_PTHREAD_COND_TIMEDWAIT_MONOTONIC 1 + +#endif /* __ANDROID_API__ */ + #endif /** ANDROID_H_ @}*/ diff --git a/src/libstrongswan/utils/cpu_feature.c b/src/libstrongswan/utils/cpu_feature.c index d86ca6bd8..0529701ea 100644 --- a/src/libstrongswan/utils/cpu_feature.c +++ b/src/libstrongswan/utils/cpu_feature.c @@ -102,7 +102,7 @@ static cpu_feature_t get_via_features() */ cpu_feature_t cpu_feature_get_all() { - char vendor[3 * sizeof(u_int32_t) + 1]; + char vendor[3 * sizeof(uint32_t) + 1]; cpu_feature_t f = 0; u_int a, b, c, d; diff --git a/src/libstrongswan/utils/identification.c b/src/libstrongswan/utils/identification.c index 2b2e907f0..384bd6c92 100644 --- a/src/libstrongswan/utils/identification.c +++ b/src/libstrongswan/utils/identification.c @@ -80,6 +80,7 @@ static const x501rdn_t x501rdns[] = { {"G", OID_GIVEN_NAME, ASN1_PRINTABLESTRING}, {"I", OID_INITIALS, ASN1_PRINTABLESTRING}, {"dnQualifier", OID_DN_QUALIFIER, ASN1_PRINTABLESTRING}, + {"dmdName", OID_DMD_NAME, ASN1_PRINTABLESTRING}, {"pseudonym", OID_PSEUDONYM, ASN1_PRINTABLESTRING}, {"ID", OID_UNIQUE_IDENTIFIER, ASN1_PRINTABLESTRING}, {"EN", OID_EMPLOYEE_NUMBER, ASN1_PRINTABLESTRING}, @@ -220,6 +221,7 @@ METHOD(enumerator_t, rdn_part_enumerate, bool, {OID_GIVEN_NAME, ID_PART_RDN_G}, {OID_INITIALS, ID_PART_RDN_I}, {OID_DN_QUALIFIER, ID_PART_RDN_DNQ}, + {OID_DMD_NAME, ID_PART_RDN_DMDN}, {OID_PSEUDONYM, ID_PART_RDN_PN}, {OID_UNIQUE_IDENTIFIER, ID_PART_RDN_ID}, {OID_EMAIL_ADDRESS, ID_PART_RDN_E}, @@ -727,7 +729,8 @@ METHOD(identification_t, equals_strcasecmp, bool, /* we do some extra sanity checks to check for invalid IDs with a * terminating null in it. */ - if (this->encoded.len == encoded.len && + if (this->type == other->get_type(other) && + this->encoded.len == encoded.len && memchr(this->encoded.ptr, 0, this->encoded.len) == NULL && memchr(encoded.ptr, 0, encoded.len) == NULL && strncasecmp(this->encoded.ptr, encoded.ptr, this->encoded.len) == 0) @@ -1152,15 +1155,15 @@ static private_identification_t *identification_create(id_type_t type) { case ID_ANY: this->public.hash = _hash_binary; - this->public.matches = _matches_any; this->public.equals = _equals_binary; + this->public.matches = _matches_any; this->public.contains_wildcards = return_true; break; case ID_FQDN: case ID_RFC822_ADDR: this->public.hash = _hash_binary; - this->public.matches = _matches_string; this->public.equals = _equals_strcasecmp; + this->public.matches = _matches_string; this->public.contains_wildcards = _contains_wildcards_memchr; break; case ID_DER_ASN1_DN: diff --git a/src/libstrongswan/utils/identification.h b/src/libstrongswan/utils/identification.h index 51d132491..206f7c3e0 100644 --- a/src/libstrongswan/utils/identification.h +++ b/src/libstrongswan/utils/identification.h @@ -168,6 +168,8 @@ enum id_part_t { ID_PART_RDN_I, /** DN Qualifier RDN of a DN */ ID_PART_RDN_DNQ, + /** dmdName RDN of a DN */ + ID_PART_RDN_DMDN, /** Pseudonym RDN of a DN */ ID_PART_RDN_PN, /** UniqueIdentifier RDN of a DN */ diff --git a/src/libstrongswan/utils/integrity_checker.c b/src/libstrongswan/utils/integrity_checker.c index b66df02e7..6f9510b3e 100644 --- a/src/libstrongswan/utils/integrity_checker.c +++ b/src/libstrongswan/utils/integrity_checker.c @@ -56,10 +56,10 @@ struct private_integrity_checker_t { int checksum_count; }; -METHOD(integrity_checker_t, build_file, u_int32_t, +METHOD(integrity_checker_t, build_file, uint32_t, private_integrity_checker_t *this, char *file, size_t *len) { - u_int32_t checksum; + uint32_t checksum; chunk_t *contents; contents = chunk_map(file, FALSE); @@ -109,7 +109,7 @@ static int callback(struct dl_phdr_info *dlpi, size_t size, Dl_info *dli) return 0; } -METHOD(integrity_checker_t, build_segment, u_int32_t, +METHOD(integrity_checker_t, build_segment, uint32_t, private_integrity_checker_t *this, void *sym, size_t *len) { chunk_t segment; @@ -154,7 +154,7 @@ METHOD(integrity_checker_t, check_file, bool, private_integrity_checker_t *this, char *name, char *file) { integrity_checksum_t *cs; - u_int32_t sum; + uint32_t sum; size_t len = 0; cs = find_checksum(this, name); @@ -188,7 +188,7 @@ METHOD(integrity_checker_t, check_segment, bool, private_integrity_checker_t *this, char *name, void *sym) { integrity_checksum_t *cs; - u_int32_t sum; + uint32_t sum; size_t len = 0; cs = find_checksum(this, name); diff --git a/src/libstrongswan/utils/integrity_checker.h b/src/libstrongswan/utils/integrity_checker.h index afaa114b3..2ac21c608 100644 --- a/src/libstrongswan/utils/integrity_checker.h +++ b/src/libstrongswan/utils/integrity_checker.h @@ -35,11 +35,11 @@ struct integrity_checksum_t { /* size in bytes of the file on disk */ size_t file_len; /* checksum of the file on disk */ - u_int32_t file; + uint32_t file; /* size in bytes of executable segment in memory */ size_t segment_len; /* checksum of the executable segment in memory */ - u_int32_t segment; + uint32_t segment; }; /** @@ -66,7 +66,7 @@ struct integrity_checker_t { * @param len return length in bytes of file * @return checksum, 0 on error */ - u_int32_t (*build_file)(integrity_checker_t *this, char *file, size_t *len); + uint32_t (*build_file)(integrity_checker_t *this, char *file, size_t *len); /** * Check the integrity of the code segment in memory. @@ -83,7 +83,7 @@ struct integrity_checker_t { * @param len return length in bytes of code segment in memory * @return checksum, 0 on error */ - u_int32_t (*build_segment)(integrity_checker_t *this, void *sym, size_t *len); + uint32_t (*build_segment)(integrity_checker_t *this, void *sym, size_t *len); /** * Check both, on disk file integrity and loaded segment. diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 99f4843ad..d0f646c31 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -120,17 +120,17 @@ struct memory_header_t { /** * Padding to make sizeof(memory_header_t) == 32 */ - u_int32_t padding[sizeof(void*) == sizeof(u_int32_t) ? 3 : 0]; + uint32_t padding[sizeof(void*) == sizeof(uint32_t) ? 3 : 0]; /** * Number of bytes following after the header */ - u_int32_t bytes; + uint32_t bytes; /** * magic bytes to detect bad free or heap underflow, MEMORY_HEADER_MAGIC */ - u_int32_t magic; + uint32_t magic; }__attribute__((__packed__)); @@ -142,7 +142,7 @@ struct memory_tail_t { /** * Magic bytes to detect heap overflow, MEMORY_TAIL_MAGIC */ - u_int32_t magic; + uint32_t magic; }__attribute__((__packed__)); @@ -522,6 +522,7 @@ char *whitelist[] = { "vsyslog", "__syslog_chk", "__vsyslog_chk", + "__fprintf_chk", "getaddrinfo", "setlocale", "getpass", @@ -532,6 +533,7 @@ char *whitelist[] = { "getpwuid_r", "initgroups", "tzset", + "_IO_file_doallocate", /* ignore dlopen, as we do not dlclose to get proper leak reports */ "dlopen", "dlerror", @@ -562,6 +564,10 @@ char *whitelist[] = { "ECDSA_do_sign_ex", "ECDSA_verify", "RSA_new_method", + /* OpenSSL 1.1.0 does not cleanup anymore until the library is unloaded */ + "OPENSSL_init_crypto", + "CRYPTO_THREAD_lock_new", + "ERR_add_error_data", /* OpenSSL libssl */ "SSL_COMP_get_compression_methods", /* NSPR */ @@ -808,10 +814,11 @@ HOOK(void*, malloc, size_t bytes) HOOK(void*, calloc, size_t nmemb, size_t size) { void *ptr; + volatile size_t total; - size *= nmemb; - ptr = malloc(size); - memset(ptr, 0, size); + total = nmemb * size; + ptr = malloc(total); + memset(ptr, 0, total); return ptr; } @@ -837,6 +844,18 @@ HOOK(void, free, void *ptr) if (!enabled || thread_disabled->get(thread_disabled)) { + /* after deinitialization we might have to free stuff we allocated + * while we were enabled */ + if (!first_header.magic && ptr) + { + hdr = ptr - sizeof(memory_header_t); + tail = ptr + hdr->bytes; + if (hdr->magic == MEMORY_HEADER_MAGIC && + tail->magic == MEMORY_TAIL_MAGIC) + { + ptr = hdr; + } + } real_free(ptr); return; } @@ -953,6 +972,7 @@ METHOD(leak_detective_t, destroy, void, lock->destroy(lock); thread_disabled->destroy(thread_disabled); free(this); + first_header.magic = 0; first_header.next = NULL; } diff --git a/src/libstrongswan/utils/utils.c b/src/libstrongswan/utils/utils.c index 40cb43d90..4deba0fe7 100644 --- a/src/libstrongswan/utils/utils.c +++ b/src/libstrongswan/utils/utils.c @@ -33,7 +33,7 @@ /* This is from the kernel sources. We limit the length of directory names to * 256 as we only use it to enumerate FDs. */ struct linux_dirent64 { - u_int64_t d_ino; + uint64_t d_ino; int64_t d_off; unsigned short d_reclen; unsigned char d_type; diff --git a/src/libstrongswan/utils/utils/align.c b/src/libstrongswan/utils/utils/align.c index 29f110ff1..ffdb1b5ce 100644 --- a/src/libstrongswan/utils/utils/align.c +++ b/src/libstrongswan/utils/utils/align.c @@ -20,9 +20,9 @@ /** * Described in header. */ -void* malloc_align(size_t size, u_int8_t align) +void* malloc_align(size_t size, uint8_t align) { - u_int8_t pad; + uint8_t pad; void *ptr; if (align == 0) @@ -46,7 +46,7 @@ void* malloc_align(size_t size, u_int8_t align) */ void free_align(void *ptr) { - u_int8_t pad, *pos; + uint8_t pad, *pos; pos = ptr - 1; /* verify padding to check any corruption */ diff --git a/src/libstrongswan/utils/utils/align.h b/src/libstrongswan/utils/utils/align.h index 39cde10c8..a28dc3668 100644 --- a/src/libstrongswan/utils/utils/align.h +++ b/src/libstrongswan/utils/utils/align.h @@ -74,7 +74,7 @@ static inline size_t round_down(size_t size, size_t alignment) * @param align alignment, up to 255 bytes, usually a power of 2 * @return allocated hunk, aligned to align bytes */ -void* malloc_align(size_t size, u_int8_t align); +void* malloc_align(size_t size, uint8_t align); /** * Free a hunk allocated by malloc_align(). diff --git a/src/libstrongswan/utils/utils/byteorder.h b/src/libstrongswan/utils/utils/byteorder.h index 3ccbad5f1..7c7e53420 100644 --- a/src/libstrongswan/utils/utils/byteorder.h +++ b/src/libstrongswan/utils/utils/byteorder.h @@ -26,7 +26,7 @@ * Architecture independent bitfield definition helpers (at least with GCC). * * Defines a bitfield with a type t and a fixed size of bitfield members, e.g.: - * BITFIELD2(u_int8_t, + * BITFIELD2(uint8_t, * low: 4, * high: 4, * ) flags; @@ -47,9 +47,14 @@ #ifndef le32toh # if BYTE_ORDER == BIG_ENDIAN # define le32toh(x) __builtin_bswap32(x) -# define htole32(x) __builtin_bswap32(x) # else # define le32toh(x) (x) +# endif +#endif +#ifndef htole32 +# if BYTE_ORDER == BIG_ENDIAN +# define htole32(x) __builtin_bswap32(x) +# else # define htole32(x) (x) # endif #endif @@ -57,9 +62,14 @@ #ifndef le64toh # if BYTE_ORDER == BIG_ENDIAN # define le64toh(x) __builtin_bswap64(x) -# define htole64(x) __builtin_bswap64(x) # else # define le64toh(x) (x) +# endif +#endif +#ifndef htole64 +# if BYTE_ORDER == BIG_ENDIAN +# define htole64(x) __builtin_bswap64(x) +# else # define htole64(x) (x) # endif #endif @@ -67,9 +77,14 @@ #ifndef be64toh # if BYTE_ORDER == BIG_ENDIAN # define be64toh(x) (x) -# define htobe64(x) (x) # else # define be64toh(x) __builtin_bswap64(x) +# endif +#endif +#ifndef htobe64 +# if BYTE_ORDER == BIG_ENDIAN +# define htobe64(x) (x) +# else # define htobe64(x) __builtin_bswap64(x) # endif #endif @@ -80,7 +95,7 @@ * @param host host order 16-bit value * @param network unaligned address to write network order value to */ -static inline void htoun16(void *network, u_int16_t host) +static inline void htoun16(void *network, uint16_t host) { char *unaligned = (char*)network; @@ -94,7 +109,7 @@ static inline void htoun16(void *network, u_int16_t host) * @param host host order 32-bit value * @param network unaligned address to write network order value to */ -static inline void htoun32(void *network, u_int32_t host) +static inline void htoun32(void *network, uint32_t host) { char *unaligned = (char*)network; @@ -108,7 +123,7 @@ static inline void htoun32(void *network, u_int32_t host) * @param host host order 64-bit value * @param network unaligned address to write network order value to */ -static inline void htoun64(void *network, u_int64_t host) +static inline void htoun64(void *network, uint64_t host) { char *unaligned = (char*)network; @@ -122,10 +137,10 @@ static inline void htoun64(void *network, u_int64_t host) * @param network unaligned address to read network order value from * @return host order value */ -static inline u_int16_t untoh16(void *network) +static inline uint16_t untoh16(void *network) { char *unaligned = (char*)network; - u_int16_t tmp; + uint16_t tmp; memcpy(&tmp, unaligned, sizeof(tmp)); return ntohs(tmp); @@ -137,10 +152,10 @@ static inline u_int16_t untoh16(void *network) * @param network unaligned address to read network order value from * @return host order value */ -static inline u_int32_t untoh32(void *network) +static inline uint32_t untoh32(void *network) { char *unaligned = (char*)network; - u_int32_t tmp; + uint32_t tmp; memcpy(&tmp, unaligned, sizeof(tmp)); return ntohl(tmp); @@ -152,10 +167,10 @@ static inline u_int32_t untoh32(void *network) * @param network unaligned address to read network order value from * @return host order value */ -static inline u_int64_t untoh64(void *network) +static inline uint64_t untoh64(void *network) { char *unaligned = (char*)network; - u_int64_t tmp; + uint64_t tmp; memcpy(&tmp, unaligned, sizeof(tmp)); return be64toh(tmp); @@ -167,9 +182,9 @@ static inline u_int64_t untoh64(void *network) * @param p unaligned address to read little endian value from * @return host order value */ -static inline u_int32_t uletoh32(void *p) +static inline uint32_t uletoh32(void *p) { - u_int32_t ret; + uint32_t ret; memcpy(&ret, p, sizeof(ret)); ret = le32toh(ret); @@ -182,7 +197,7 @@ static inline u_int32_t uletoh32(void *p) * @param p host order 32-bit value * @param v unaligned address to write little endian value to */ -static inline void htoule32(void *p, u_int32_t v) +static inline void htoule32(void *p, uint32_t v) { v = htole32(v); memcpy(p, &v, sizeof(v)); diff --git a/src/libstrongswan/utils/utils/memory.c b/src/libstrongswan/utils/utils/memory.c index a15371518..30c6f546c 100644 --- a/src/libstrongswan/utils/utils/memory.c +++ b/src/libstrongswan/utils/utils/memory.c @@ -20,7 +20,7 @@ /** * Described in header. */ -void memxor(u_int8_t dst[], u_int8_t src[], size_t n) +void memxor(uint8_t dst[], uint8_t src[], size_t n) { int m, i; diff --git a/src/libstrongswan/utils/utils/memory.h b/src/libstrongswan/utils/utils/memory.h index aef318f6c..b978e7c48 100644 --- a/src/libstrongswan/utils/utils/memory.h +++ b/src/libstrongswan/utils/utils/memory.h @@ -80,7 +80,7 @@ static inline void *memset_noop(void *s, int c, size_t n) /** * Same as memcpy, but XORs src into dst instead of copy */ -void memxor(u_int8_t dest[], u_int8_t src[], size_t n); +void memxor(uint8_t dest[], uint8_t src[], size_t n); /** * Safely overwrite n bytes of memory at ptr with zero, non-inlining variant. diff --git a/src/libstrongswan/utils/utils/string.h b/src/libstrongswan/utils/utils/string.h index 60eaaae22..562516b91 100644 --- a/src/libstrongswan/utils/utils/string.h +++ b/src/libstrongswan/utils/utils/string.h @@ -27,7 +27,7 @@ */ static inline bool streq(const char *x, const char *y) { - return strcmp(x, y) == 0; + return (x == y) || (x && y && strcmp(x, y) == 0); } /** @@ -35,7 +35,7 @@ static inline bool streq(const char *x, const char *y) */ static inline bool strneq(const char *x, const char *y, size_t len) { - return strncmp(x, y, len) == 0; + return (x == y) || (x && y && strncmp(x, y, len) == 0); } /** @@ -51,7 +51,7 @@ static inline bool strpfx(const char *x, const char *prefix) */ static inline bool strcaseeq(const char *x, const char *y) { - return strcasecmp(x, y) == 0; + return (x == y) || (x && y && strcasecmp(x, y) == 0); } /** @@ -59,7 +59,7 @@ static inline bool strcaseeq(const char *x, const char *y) */ static inline bool strncaseeq(const char *x, const char *y, size_t len) { - return strncasecmp(x, y, len) == 0; + return (x == y) || (x && y && strncasecmp(x, y, len) == 0); } /** diff --git a/src/libstrongswan/utils/utils/time.c b/src/libstrongswan/utils/utils/time.c index c67ae93f2..48e5151c0 100644 --- a/src/libstrongswan/utils/utils/time.c +++ b/src/libstrongswan/utils/utils/time.c @@ -121,7 +121,7 @@ int time_delta_printf_hook(printf_hook_data_t *data, printf_hook_spec_t *spec, char* unit = "second"; time_t *arg1 = *((time_t**)(args[0])); time_t *arg2 = *((time_t**)(args[1])); - u_int64_t delta = llabs(*arg1 - *arg2); + uint64_t delta = llabs(*arg1 - *arg2); if (delta > 2 * 60 * 60 * 24) { diff --git a/src/libstrongswan/utils/utils/types.h b/src/libstrongswan/utils/utils/types.h index 056c2e0c2..45b5043bf 100644 --- a/src/libstrongswan/utils/utils/types.h +++ b/src/libstrongswan/utils/utils/types.h @@ -43,19 +43,6 @@ # define TRUE true #endif /* TRUE */ -/** - * define some missing fixed width int types on OpenSolaris. - * TODO: since the uintXX_t types are defined by the C99 standard we should - * probably use those anyway - */ -#if defined __sun || defined WIN32 -#include <stdint.h> -typedef uint8_t u_int8_t; -typedef uint16_t u_int16_t; -typedef uint32_t u_int32_t; -typedef uint64_t u_int64_t; -#endif - #ifdef HAVE_INT128 /** * 128 bit wide signed integer, if supported @@ -70,7 +57,7 @@ typedef unsigned __int128 u_int128_t; # define MAX_UINT_TYPE u_int128_t #else # define MAX_INT_TYPE int64_t -# define MAX_UINT_TYPE u_int64_t +# define MAX_UINT_TYPE uint64_t #endif /** diff --git a/src/libtls/Makefile.in b/src/libtls/Makefile.in index 8d16059f3..0bd5f741e 100644 --- a/src/libtls/Makefile.in +++ b/src/libtls/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_WINDOWS_TRUE@am__append_1 = -lws2_32 subdir = src/libtls -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(am__nobase_tls_include_HEADERS_DIST) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am \ + $(am__nobase_tls_include_HEADERS_DIST) $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -227,6 +237,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -258,6 +269,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -307,6 +319,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -341,6 +354,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -452,6 +466,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -518,7 +533,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtls/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtls/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -937,6 +951,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES \ uninstall-ipseclibLTLIBRARIES \ uninstall-nobase_tls_includeHEADERS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtls/tests/Makefile.in b/src/libtls/tests/Makefile.in index e57a95f4f..e00de3f47 100644 --- a/src/libtls/tests/Makefile.in +++ b/src/libtls/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = tls_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/libtls/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -197,12 +206,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -252,6 +263,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -286,6 +298,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -397,6 +410,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -460,7 +474,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtls/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtls/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -885,6 +898,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtls/tests/suites/test_socket.c b/src/libtls/tests/suites/test_socket.c index 42a4607b7..d105dd372 100644 --- a/src/libtls/tests/suites/test_socket.c +++ b/src/libtls/tests/suites/test_socket.c @@ -267,7 +267,7 @@ END_TEARDOWN */ typedef struct { tls_version_t version; - u_int16_t port; + uint16_t port; char *addr; chunk_t data; int fd; @@ -411,7 +411,7 @@ static void run_echo_client(echo_server_config_t *config) /** * Common test wrapper function for different test variants */ -static void test_tls(tls_version_t version, u_int16_t port, bool cauth, u_int i) +static void test_tls(tls_version_t version, uint16_t port, bool cauth, u_int i) { echo_server_config_t *config; tls_cipher_suite_t *suites; diff --git a/src/libtls/tls.c b/src/libtls/tls.c index 08a06f5ef..ea39f7fd1 100644 --- a/src/libtls/tls.c +++ b/src/libtls/tls.c @@ -83,9 +83,9 @@ ENUM_END(tls_extension_names, TLS_EXT_RENEGOTIATION_INFO); * TLS record */ typedef struct __attribute__((packed)) { - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint8_t type; + uint16_t version; + uint16_t length; char data[]; } tls_record_t; diff --git a/src/libtls/tls_aead.c b/src/libtls/tls_aead.c index 67cfd3a75..f1daa6f45 100644 --- a/src/libtls/tls_aead.c +++ b/src/libtls/tls_aead.c @@ -44,18 +44,18 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, encrypted, iv, plain; - u_int8_t icvlen; + uint8_t icvlen; sigheader_t hdr; iv_gen_t *gen; @@ -92,10 +92,10 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, iv; - u_int8_t icvlen; + uint8_t icvlen; sigheader_t hdr; iv.len = this->aead->get_iv_size(this->aead); diff --git a/src/libtls/tls_aead.h b/src/libtls/tls_aead.h index 1d5ba92b5..8b5cda5a7 100644 --- a/src/libtls/tls_aead.h +++ b/src/libtls/tls_aead.h @@ -50,7 +50,7 @@ struct tls_aead_t { * @return TRUE if successfully encrypted */ bool (*encrypt)(tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data); + tls_content_type_t type, uint64_t seq, chunk_t *data); /** * Decrypt and verify a TLS record. @@ -65,7 +65,7 @@ struct tls_aead_t { * @return TRUE if successfully decrypted */ bool (*decrypt)(tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data); + tls_content_type_t type, uint64_t seq, chunk_t *data); /** * Get the authentication key size. diff --git a/src/libtls/tls_aead_expl.c b/src/libtls/tls_aead_expl.c index 80b0db38c..201c9bcf8 100644 --- a/src/libtls/tls_aead_expl.c +++ b/src/libtls/tls_aead_expl.c @@ -49,18 +49,18 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, mac, padding, iv; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; hdr.type = type; @@ -100,10 +100,10 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, tls_content_type_t type, - u_int64_t seq, chunk_t *data) + uint64_t seq, chunk_t *data) { chunk_t assoc, mac, iv; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; size_t i; diff --git a/src/libtls/tls_aead_impl.c b/src/libtls/tls_aead_impl.c index d529ceba7..8f83cb456 100644 --- a/src/libtls/tls_aead_impl.c +++ b/src/libtls/tls_aead_impl.c @@ -47,18 +47,18 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac, padding; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; hdr.type = type; @@ -95,10 +95,10 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac, iv; - u_int8_t bs, padlen; + uint8_t bs, padlen; sigheader_t hdr; size_t i; diff --git a/src/libtls/tls_aead_null.c b/src/libtls/tls_aead_null.c index 595b64000..cb4c10633 100644 --- a/src/libtls/tls_aead_null.c +++ b/src/libtls/tls_aead_null.c @@ -37,15 +37,15 @@ struct private_tls_aead_t { * Associated header data to create signature over */ typedef struct __attribute__((__packed__)) { - u_int64_t seq; - u_int8_t type; - u_int16_t version; - u_int16_t length; + uint64_t seq; + uint8_t type; + uint16_t version; + uint16_t length; } sigheader_t; METHOD(tls_aead_t, encrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac; sigheader_t hdr; @@ -67,7 +67,7 @@ METHOD(tls_aead_t, encrypt, bool, METHOD(tls_aead_t, decrypt, bool, private_tls_aead_t *this, tls_version_t version, - tls_content_type_t type, u_int64_t seq, chunk_t *data) + tls_content_type_t type, uint64_t seq, chunk_t *data) { chunk_t assoc, mac; sigheader_t hdr; diff --git a/src/libtls/tls_crypto.c b/src/libtls/tls_crypto.c index 2cffeb820..6bbd95873 100644 --- a/src/libtls/tls_crypto.c +++ b/src/libtls/tls_crypto.c @@ -1340,7 +1340,7 @@ METHOD(tls_crypto_t, set_protection, void, METHOD(tls_crypto_t, append_handshake, void, private_tls_crypto_t *this, tls_handshake_type_t type, chunk_t data) { - u_int32_t header; + uint32_t header; /* reconstruct handshake header */ header = htonl(data.len | (type << 24)); @@ -1407,7 +1407,7 @@ METHOD(tls_crypto_t, sign, bool, { signature_scheme_t scheme; bio_reader_t *reader; - u_int8_t hash, alg; + uint8_t hash, alg; chunk_t sig; bool done = FALSE; @@ -1487,7 +1487,7 @@ METHOD(tls_crypto_t, verify, bool, if (this->tls->get_version(this->tls) >= TLS_1_2) { signature_scheme_t scheme = SIGN_UNKNOWN; - u_int8_t hash, alg; + uint8_t hash, alg; chunk_t sig; if (!reader->read_uint8(reader, &hash) || diff --git a/src/libtls/tls_fragmentation.c b/src/libtls/tls_fragmentation.c index a97ca1eaa..3607aa3cb 100644 --- a/src/libtls/tls_fragmentation.c +++ b/src/libtls/tls_fragmentation.c @@ -127,7 +127,7 @@ static bool send_close_notify(private_tls_fragmentation_t *this) static status_t process_alert(private_tls_fragmentation_t *this, bio_reader_t *reader) { - u_int8_t level, description; + uint8_t level, description; if (!reader->read_uint8(reader, &level) || !reader->read_uint8(reader, &description)) @@ -147,8 +147,8 @@ static status_t process_handshake(private_tls_fragmentation_t *this, while (reader->remaining(reader)) { bio_reader_t *msg; - u_int8_t type; - u_int32_t len; + uint8_t type; + uint32_t len; status_t status; chunk_t data; diff --git a/src/libtls/tls_peer.c b/src/libtls/tls_peer.c index 8087e2e2d..2ba6dd2a6 100644 --- a/src/libtls/tls_peer.c +++ b/src/libtls/tls_peer.c @@ -141,8 +141,8 @@ struct private_tls_peer_t { static status_t process_server_hello(private_tls_peer_t *this, bio_reader_t *reader) { - u_int8_t compression; - u_int16_t version, cipher; + uint8_t compression; + uint16_t version, cipher; chunk_t random, session, ext = chunk_empty; tls_cipher_suite_t suite = 0; @@ -434,8 +434,8 @@ static status_t process_ec_key_exchange(private_tls_peer_t *this, { diffie_hellman_group_t group; public_key_t *public; - u_int8_t type; - u_int16_t curve; + uint8_t type; + uint16_t curve; chunk_t pub, chunk; chunk = reader->peek(reader); @@ -833,7 +833,7 @@ static private_key_t *find_private_key(private_tls_peer_t *this) private_key_t *key = NULL; bio_reader_t *reader; key_type_t type; - u_int8_t cert; + uint8_t cert; if (!this->peer) { diff --git a/src/libtls/tls_protection.c b/src/libtls/tls_protection.c index e73fedc5d..cea3eca14 100644 --- a/src/libtls/tls_protection.c +++ b/src/libtls/tls_protection.c @@ -47,12 +47,12 @@ struct private_tls_protection_t { /** * Sequence number of incoming records */ - u_int64_t seq_in; + uint64_t seq_in; /** * Sequence number for outgoing records */ - u_int64_t seq_out; + uint64_t seq_out; /** * AEAD transform for inbound traffic diff --git a/src/libtls/tls_server.c b/src/libtls/tls_server.c index cfbe02037..422211afa 100644 --- a/src/libtls/tls_server.c +++ b/src/libtls/tls_server.c @@ -213,7 +213,7 @@ static bool select_suite_and_key(private_tls_server_t *this, static status_t process_client_hello(private_tls_server_t *this, bio_reader_t *reader) { - u_int16_t version, extension; + uint16_t version, extension; chunk_t random, session, ciphers, compression, ext = chunk_empty; bio_reader_t *extensions; tls_cipher_suite_t *suites; @@ -304,12 +304,12 @@ static status_t process_client_hello(private_tls_server_t *this, } else { - count = ciphers.len / sizeof(u_int16_t); + count = ciphers.len / sizeof(uint16_t); suites = alloca(count * sizeof(tls_cipher_suite_t)); DBG2(DBG_TLS, "received %d TLS cipher suites:", count); for (i = 0; i < count; i++) { - suites[i] = untoh16(&ciphers.ptr[i * sizeof(u_int16_t)]); + suites[i] = untoh16(&ciphers.ptr[i * sizeof(uint16_t)]); DBG2(DBG_TLS, " %N", tls_cipher_suite_names, suites[i]); } if (!select_suite_and_key(this, suites, count)) @@ -831,7 +831,7 @@ static tls_named_curve_t ec_group_to_curve(private_tls_server_t *this, bool peer_supports_curve(private_tls_server_t *this, tls_named_curve_t curve) { bio_reader_t *reader; - u_int16_t current; + uint16_t current; if (!this->curves_received) { /* none received, assume yes */ diff --git a/src/libtnccs/Makefile.in b/src/libtnccs/Makefile.in index 85d2581a2..af02b7549 100644 --- a/src/libtnccs/Makefile.in +++ b/src/libtnccs/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -92,8 +102,6 @@ host_triplet = @host@ @USE_TNCCS_DYNAMIC_TRUE@am__append_12 = plugins/tnccs_dynamic @MONOLITHIC_TRUE@@USE_TNCCS_DYNAMIC_TRUE@am__append_13 = plugins/tnccs_dynamic/libstrongswan-tnccs-dynamic.la subdir = src/libtnccs -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -107,6 +115,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -232,6 +241,7 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = . plugins/tnc_tnccs plugins/tnc_imc plugins/tnc_imv \ plugins/tnccs_11 plugins/tnccs_20 plugins/tnccs_dynamic +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -263,6 +273,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -312,6 +323,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -346,6 +358,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -457,6 +470,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -533,7 +547,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -952,6 +965,8 @@ uninstall-am: uninstall-ipseclibLTLIBRARIES pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipseclibLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_imc/Makefile.in b/src/libtnccs/plugins/tnc_imc/Makefile.in index 963e1f0eb..d93bded57 100644 --- a/src/libtnccs/plugins/tnc_imc/Makefile.in +++ b/src/libtnccs/plugins/tnc_imc/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnc_imc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -785,6 +798,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_imv/Makefile.in b/src/libtnccs/plugins/tnc_imv/Makefile.in index f77db91c4..3987e79cf 100644 --- a/src/libtnccs/plugins/tnc_imv/Makefile.in +++ b/src/libtnccs/plugins/tnc_imv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnc_imv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -206,12 +215,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -261,6 +272,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -295,6 +307,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -406,6 +419,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -471,7 +485,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_imv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -788,6 +801,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_tnccs/Makefile.in b/src/libtnccs/plugins/tnc_tnccs/Makefile.in index 577f53776..b4357b911 100644 --- a/src/libtnccs/plugins/tnc_tnccs/Makefile.in +++ b/src/libtnccs/plugins/tnc_tnccs/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnc_tnccs -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -469,7 +483,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_tnccs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnc_tnccs/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -783,6 +796,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c index 67c33ee63..5ac2c85a5 100644 --- a/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c +++ b/src/libtnccs/plugins/tnc_tnccs/tnc_tnccs_manager.c @@ -87,7 +87,7 @@ struct tnccs_connection_entry_t { /** * Maximum size of a PA-TNC message */ - u_int32_t max_msg_len; + uint32_t max_msg_len; /** * collection of IMV recommendations @@ -199,7 +199,7 @@ METHOD(tnccs_manager_t, create_instance, tnccs_t*, METHOD(tnccs_manager_t, create_connection, TNC_ConnectionID, private_tnc_tnccs_manager_t *this, tnccs_type_t type, tnccs_t *tnccs, tnccs_send_message_t send_message, bool* request_handshake_retry, - u_int32_t max_msg_len, recommendations_t **recs) + uint32_t max_msg_len, recommendations_t **recs) { tnccs_connection_entry_t *entry; @@ -414,14 +414,14 @@ static TNC_Result bool_attribute(TNC_UInt32 buffer_len, } /** - * Write the value of an u_int32_t attribute into the buffer + * Write the value of an uint32_t attribute into the buffer */ static TNC_Result uint_attribute(TNC_UInt32 buffer_len, TNC_BufferReference buffer, TNC_UInt32 *value_len, - u_int32_t value) + uint32_t value) { - *value_len = sizeof(u_int32_t); + *value_len = sizeof(uint32_t); if (buffer && buffer_len >= *value_len) { @@ -465,7 +465,7 @@ static TNC_Result identity_attribute(TNC_UInt32 buffer_len, { bio_writer_t *writer; enumerator_t *enumerator; - u_int32_t count; + uint32_t count; chunk_t value; tncif_identity_t *tnc_id; TNC_Result result = TNC_RESULT_INVALID_PARAMETER; @@ -721,7 +721,7 @@ METHOD(tnccs_manager_t, get_attribute, TNC_Result, host_t *peer_ip; tnccs_t *tnccs; tncif_identity_t *tnc_id; - u_int32_t id_type, subject_type; + uint32_t id_type, subject_type; chunk_t id_value; char *id_str; TNC_Result result; diff --git a/src/libtnccs/plugins/tnccs_11/Makefile.in b/src/libtnccs/plugins/tnccs_11/Makefile.in index ec5de0f11..653e1f4d4 100644 --- a/src/libtnccs/plugins/tnccs_11/Makefile.in +++ b/src/libtnccs/plugins/tnccs_11/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -83,8 +93,6 @@ host_triplet = @host@ @MONOLITHIC_FALSE@ $(top_builddir)/src/libtnccs/libtnccs.la subdir = src/libtnccs/plugins/tnccs_11 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -98,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -215,12 +224,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -270,6 +281,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -304,6 +316,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -415,6 +428,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -484,7 +498,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_11/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_11/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -844,6 +857,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnccs_11/tnccs_11.c b/src/libtnccs/plugins/tnccs_11/tnccs_11.c index 0918a2bad..5c34d5748 100644 --- a/src/libtnccs/plugins/tnccs_11/tnccs_11.c +++ b/src/libtnccs/plugins/tnccs_11/tnccs_11.c @@ -79,7 +79,7 @@ struct private_tnccs_11_t { /** * Type of TNC client authentication */ - u_int32_t auth_type; + uint32_t auth_type; /** * Connection ID assigned to this TNCCS connection @@ -205,7 +205,7 @@ static void handle_message(private_tnccs_11_t *this, tnccs_msg_t *msg) imc_imv_msg_t *imc_imv_msg; TNC_MessageType msg_type; chunk_t msg_body; - u_int32_t msg_vid, msg_subtype; + uint32_t msg_vid, msg_subtype; enum_name_t *pa_subtype_names; imc_imv_msg = (imc_imv_msg_t*)msg; @@ -622,20 +622,20 @@ METHOD(tnccs_t, set_transport, void, this->transport = transport; } -METHOD(tnccs_t, get_auth_type, u_int32_t, +METHOD(tnccs_t, get_auth_type, uint32_t, private_tnccs_11_t *this) { return this->auth_type; } METHOD(tnccs_t, set_auth_type, void, - private_tnccs_11_t *this, u_int32_t auth_type) + private_tnccs_11_t *this, uint32_t auth_type) { this->auth_type = auth_type; } METHOD(tnccs_t, get_pdp_server, chunk_t, - private_tnccs_11_t *this, u_int16_t *port) + private_tnccs_11_t *this, uint16_t *port) { *port = 0; diff --git a/src/libtnccs/plugins/tnccs_20/Makefile.in b/src/libtnccs/plugins/tnccs_20/Makefile.in index 5037a9517..1a50c7b23 100644 --- a/src/libtnccs/plugins/tnccs_20/Makefile.in +++ b/src/libtnccs/plugins/tnccs_20/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnccs_20 -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -218,12 +227,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -273,6 +284,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -307,6 +319,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -418,6 +431,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -497,7 +511,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_20/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_20/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -926,6 +939,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c index b239c20dc..2663e3985 100644 --- a/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c +++ b/src/libtnccs/plugins/tnccs_20/batch/pb_tnc_batch.c @@ -122,7 +122,7 @@ struct private_pb_tnc_batch_t { /** * Offset into encoding (used for error reporting) */ - u_int32_t offset; + uint32_t offset; }; METHOD(pb_tnc_batch_t, get_type, pb_tnc_batch_type_t, @@ -179,8 +179,8 @@ METHOD(pb_tnc_batch_t, add_msg, bool, METHOD(pb_tnc_batch_t, build, void, private_pb_tnc_batch_t *this) { - u_int8_t version; - u_int32_t msg_len; + uint8_t version; + uint32_t msg_len; chunk_t msg_value; enumerator_t *enumerator; pen_type_t msg_type; @@ -205,7 +205,7 @@ METHOD(pb_tnc_batch_t, build, void, enumerator = this->messages->create_enumerator(this->messages); while (enumerator->enumerate(enumerator, &msg)) { - u_int8_t flags = PB_TNC_FLAG_NONE; + uint8_t flags = PB_TNC_FLAG_NONE; /* build PB-TNC message */ msg_value = msg->get_encoding(msg); @@ -247,8 +247,8 @@ METHOD(pb_tnc_batch_t, process_header, status_t, bio_reader_t *reader; pb_tnc_msg_t *msg; pb_error_msg_t *err_msg; - u_int8_t version, flags, reserved, type; - u_int32_t batch_len; + uint8_t version, flags, reserved, type; + uint32_t batch_len; if (this->encoding.len < PB_TNC_BATCH_HEADER_SIZE) { @@ -324,8 +324,8 @@ static status_t process_tnc_msg(private_pb_tnc_batch_t *this) bio_reader_t *reader; pb_tnc_msg_t *pb_tnc_msg, *msg; pb_tnc_msg_info_t *msg_infos; - u_int8_t flags; - u_int32_t vendor_id, msg_type, msg_len, offset; + uint8_t flags; + uint32_t vendor_id, msg_type, msg_len, offset; chunk_t data, msg_value; bool noskip_flag; enum_name_t *msg_type_names; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c index 5c4b5ae00..f306540e3 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.c @@ -57,7 +57,7 @@ struct private_pb_access_recommendation_msg_t { /** * Access recommendation code */ - u_int16_t recommendation; + uint16_t recommendation; /** * Encoded message @@ -95,10 +95,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_access_recommendation_msg_t *this, u_int32_t *offset) + private_pb_access_recommendation_msg_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int16_t reserved; + uint16_t reserved; reader = bio_reader_create(this->encoding); reader->read_uint16(reader, &reserved); @@ -124,7 +124,7 @@ METHOD(pb_tnc_msg_t, destroy, void, free(this); } -METHOD(pb_access_recommendation_msg_t, get_access_recommendation, u_int16_t, +METHOD(pb_access_recommendation_msg_t, get_access_recommendation, uint16_t, private_pb_access_recommendation_msg_t *this) { return this->recommendation; @@ -158,7 +158,7 @@ pb_tnc_msg_t *pb_access_recommendation_msg_create_from_data(chunk_t data) /** * See header */ -pb_tnc_msg_t *pb_access_recommendation_msg_create(u_int16_t recommendation) +pb_tnc_msg_t *pb_access_recommendation_msg_create(uint16_t recommendation) { private_pb_access_recommendation_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h index d0dc6358b..84b8d1a94 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_access_recommendation_msg.h @@ -56,7 +56,7 @@ struct pb_access_recommendation_msg_t { * * @return PB Access Recommendation */ - u_int16_t (*get_access_recommendation)(pb_access_recommendation_msg_t *this); + uint16_t (*get_access_recommendation)(pb_access_recommendation_msg_t *this); }; /** @@ -64,7 +64,7 @@ struct pb_access_recommendation_msg_t { * * @param recommendation Access Recommendation code */ -pb_tnc_msg_t* pb_access_recommendation_msg_create(u_int16_t recommendation); +pb_tnc_msg_t* pb_access_recommendation_msg_create(uint16_t recommendation); /** * Create an unprocessed PB-Access-Recommendation message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c index e23493569..a4cdb7e6a 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.c @@ -53,7 +53,7 @@ struct private_pb_assessment_result_msg_t { /** * Assessment result code */ - u_int32_t assessment_result; + uint32_t assessment_result; /** * Encoded message @@ -90,7 +90,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_assessment_result_msg_t *this, u_int32_t *offset) + private_pb_assessment_result_msg_t *this, uint32_t *offset) { bio_reader_t *reader; @@ -117,7 +117,7 @@ METHOD(pb_tnc_msg_t, destroy, void, free(this); } -METHOD(pb_assessment_result_msg_t, get_assessment_result, u_int32_t, +METHOD(pb_assessment_result_msg_t, get_assessment_result, uint32_t, private_pb_assessment_result_msg_t *this) { return this->assessment_result; @@ -151,7 +151,7 @@ pb_tnc_msg_t *pb_assessment_result_msg_create_from_data(chunk_t data) /** * See header */ -pb_tnc_msg_t *pb_assessment_result_msg_create(u_int32_t assessment_result) +pb_tnc_msg_t *pb_assessment_result_msg_create(uint32_t assessment_result) { private_pb_assessment_result_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h index 11cfdbef2..25f9f9fab 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_assessment_result_msg.h @@ -40,7 +40,7 @@ struct pb_assessment_result_msg_t { * * @return PB Assessment result */ - u_int32_t (*get_assessment_result)(pb_assessment_result_msg_t *this); + uint32_t (*get_assessment_result)(pb_assessment_result_msg_t *this); }; /** @@ -48,7 +48,7 @@ struct pb_assessment_result_msg_t { * * @param assessment_result Assessment result code */ -pb_tnc_msg_t* pb_assessment_result_msg_create(u_int32_t assessment_result); +pb_tnc_msg_t* pb_assessment_result_msg_create(uint32_t assessment_result); /** * Create an unprocessed PB-Assessment-Result message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c index d9910f660..05621b7cb 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.c @@ -75,22 +75,22 @@ struct private_pb_error_msg_t { /** * PB Error Code Vendor ID */ - u_int32_t vendor_id; + uint32_t vendor_id; /** * PB Error Code */ - u_int16_t error_code; + uint16_t error_code; /** * PB Error Offset */ - u_int32_t error_offset; + uint32_t error_offset; /** * Bad PB-TNC version received */ - u_int8_t bad_version; + uint8_t bad_version; /** * Encoded message @@ -153,10 +153,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_error_msg_t *this, u_int32_t *offset) + private_pb_error_msg_t *this, uint32_t *offset) { - u_int8_t flags, max_version, min_version; - u_int16_t reserved; + uint8_t flags, max_version, min_version; + uint16_t reserved; bio_reader_t *reader; if (this->encoding.len < ERROR_HEADER_SIZE) @@ -216,32 +216,32 @@ METHOD(pb_error_msg_t, get_fatal_flag, bool, return this->fatal; } -METHOD(pb_error_msg_t, get_vendor_id, u_int32_t, +METHOD(pb_error_msg_t, get_vendor_id, uint32_t, private_pb_error_msg_t *this) { return this->vendor_id; } -METHOD(pb_error_msg_t, get_error_code, u_int16_t, +METHOD(pb_error_msg_t, get_error_code, uint16_t, private_pb_error_msg_t *this) { return this->error_code; } -METHOD(pb_error_msg_t, get_offset, u_int32_t, +METHOD(pb_error_msg_t, get_offset, uint32_t, private_pb_error_msg_t *this) { return this->error_offset; } -METHOD(pb_error_msg_t, get_bad_version, u_int8_t, +METHOD(pb_error_msg_t, get_bad_version, uint8_t, private_pb_error_msg_t *this) { return this->bad_version; } METHOD(pb_error_msg_t, set_bad_version, void, - private_pb_error_msg_t *this, u_int8_t version) + private_pb_error_msg_t *this, uint8_t version) { this->bad_version = version; } @@ -249,7 +249,7 @@ METHOD(pb_error_msg_t, set_bad_version, void, /** * See header */ -pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code) { private_pb_error_msg_t *this; @@ -284,9 +284,9 @@ pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, /** * See header */ -pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code, - u_int32_t error_offset) + uint32_t error_offset) { private_pb_error_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h index 9c0ad82a6..34fc20886 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_error_msg.h @@ -64,35 +64,35 @@ struct pb_error_msg_t { * * @return PB Error Code Vendor ID */ - u_int32_t (*get_vendor_id)(pb_error_msg_t *this); + uint32_t (*get_vendor_id)(pb_error_msg_t *this); /** * Get PB Error Code * * @return PB Error Code */ - u_int16_t (*get_error_code)(pb_error_msg_t *this); + uint16_t (*get_error_code)(pb_error_msg_t *this); /** * Get the PB Error Offset * * @return PB Error Offset */ - u_int32_t (*get_offset)(pb_error_msg_t *this); + uint32_t (*get_offset)(pb_error_msg_t *this); /** * Get the PB Bad Version * * @return PB Bad Version */ - u_int8_t (*get_bad_version)(pb_error_msg_t *this); + uint8_t (*get_bad_version)(pb_error_msg_t *this); /** * Set the PB Bad Version * * @param version PB Bad Version */ - void (*set_bad_version)(pb_error_msg_t *this, u_int8_t version); + void (*set_bad_version)(pb_error_msg_t *this, uint8_t version); }; /** @@ -102,7 +102,7 @@ struct pb_error_msg_t { * @param vendor_id Error Code Vendor ID * @param error_code Error Code */ -pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code); /** @@ -113,9 +113,9 @@ pb_tnc_msg_t* pb_error_msg_create(bool fatal, u_int32_t vendor_id, * @param error_code Error Code * @param error_offset Error Offset */ -pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, u_int32_t vendor_id, +pb_tnc_msg_t* pb_error_msg_create_with_offset(bool fatal, uint32_t vendor_id, pb_tnc_error_code_t error_code, - u_int32_t error_offset); + uint32_t error_offset); /** * Create an unprocessed PB-Error message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c index c6290887c..da834ab67 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_experimental_msg.c @@ -57,7 +57,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_experimental_msg_t *this, u_int32_t *offset) + private_pb_experimental_msg_t *this, uint32_t *offset) { return SUCCESS; } diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c index f14f28980..1a288abb5 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_language_preference_msg.c @@ -85,7 +85,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_language_preference_msg_t *this, u_int32_t *offset) + private_pb_language_preference_msg_t *this, uint32_t *offset) { chunk_t lang; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c index 263af3224..2c7aa8965 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.c @@ -75,12 +75,12 @@ struct private_pb_pa_msg_t { /** * Posture Validator Identifier */ - u_int16_t collector_id; + uint16_t collector_id; /** * Posture Validator Identifier */ - u_int16_t validator_id; + uint16_t validator_id; /** * PA Message Body @@ -131,9 +131,9 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_pa_msg_t *this, u_int32_t *offset) + private_pb_pa_msg_t *this, uint32_t *offset) { - u_int8_t flags; + uint8_t flags; size_t msg_body_len; bio_reader_t *reader; @@ -186,13 +186,13 @@ METHOD(pb_pa_msg_t, get_subtype, pen_type_t, return this->subtype; } -METHOD(pb_pa_msg_t, get_collector_id, u_int16_t, +METHOD(pb_pa_msg_t, get_collector_id, uint16_t, private_pb_pa_msg_t *this) { return this->collector_id; } -METHOD(pb_pa_msg_t, get_validator_id, u_int16_t, +METHOD(pb_pa_msg_t, get_validator_id, uint16_t, private_pb_pa_msg_t *this) { return this->validator_id; @@ -241,8 +241,8 @@ pb_tnc_msg_t *pb_pa_msg_create_from_data(chunk_t data) /** * See header */ -pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype, - u_int16_t collector_id, u_int16_t validator_id, +pb_tnc_msg_t *pb_pa_msg_create(uint32_t vendor_id, uint32_t subtype, + uint16_t collector_id, uint16_t validator_id, bool excl, chunk_t msg_body) { private_pb_pa_msg_t *this; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h index f3b6b1518..f73f11627 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_pa_msg.h @@ -51,14 +51,14 @@ struct pb_pa_msg_t { * * @return Posture Collector ID */ - u_int16_t (*get_collector_id)(pb_pa_msg_t *this); + uint16_t (*get_collector_id)(pb_pa_msg_t *this); /** * Get Posture Validator ID * * @return Posture Validator ID */ - u_int16_t (*get_validator_id)(pb_pa_msg_t *this); + uint16_t (*get_validator_id)(pb_pa_msg_t *this); /** * Get the PA Message Body @@ -86,8 +86,8 @@ struct pb_pa_msg_t { * @param excl Exclusive Flag * @param msg_body PA Message Body */ -pb_tnc_msg_t *pb_pa_msg_create(u_int32_t vendor_id, u_int32_t subtype, - u_int16_t collector_id, u_int16_t validator_id, +pb_tnc_msg_t *pb_pa_msg_create(uint32_t vendor_id, uint32_t subtype, + uint16_t collector_id, uint16_t validator_id, bool excl, chunk_t msg_body); /** diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c index cafc4ec54..25291d581 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_reason_string_msg.c @@ -97,7 +97,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_reason_string_msg_t *this, u_int32_t *offset) + private_pb_reason_string_msg_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c index 8dc590657..9eae707a5 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ietf/pb_remediation_parameters_msg.c @@ -123,10 +123,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_remediation_parameters_msg_t *this, u_int32_t *offset) + private_pb_remediation_parameters_msg_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; + uint8_t reserved; status_t status = SUCCESS; u_char *pos; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c index 1f35cae6b..c31752019 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_mutual_capability_msg.c @@ -95,7 +95,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_mutual_capability_msg_t *this, u_int32_t *offset) + private_pb_mutual_capability_msg_t *this, uint32_t *offset) { bio_reader_t *reader; diff --git a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c index c95222e3a..4e8be79f2 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/ita/pb_noskip_test_msg.c @@ -57,7 +57,7 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_noskip_test_msg_t *this, u_int32_t *offset) + private_pb_noskip_test_msg_t *this, uint32_t *offset) { return SUCCESS; } diff --git a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h index 395284366..cfa92aa74 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/pb_tnc_msg.h @@ -82,7 +82,7 @@ extern enum_name_t *pb_tnc_ita_msg_type_names; * Information entry describing a PB-TNC Message Type */ struct pb_tnc_msg_info_t { - u_int32_t min_size; + uint32_t min_size; bool exact_size; bool in_result_batch; signed char has_noskip_flag; @@ -138,7 +138,7 @@ struct pb_tnc_msg_t { * @param relative offset where an error occurred * @return return processing status */ - status_t (*process)(pb_tnc_msg_t *this, u_int32_t *offset); + status_t (*process)(pb_tnc_msg_t *this, uint32_t *offset); /** * Get a new reference to the message. diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c index 1c8538e6b..7c518e8d5 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c +++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.c @@ -117,12 +117,12 @@ struct private_pb_pdp_referral_msg_t { /** * PT protocol the PDP is using */ - u_int8_t protocol; + uint8_t protocol; /** * PT port the PDP is using */ - u_int16_t port; + uint16_t port; /** * Encoded message @@ -163,10 +163,10 @@ METHOD(pb_tnc_msg_t, build, void, } METHOD(pb_tnc_msg_t, process, status_t, - private_pb_pdp_referral_msg_t *this, u_int32_t *offset) + private_pb_pdp_referral_msg_t *this, uint32_t *offset) { bio_reader_t *reader; - u_int8_t reserved; + uint8_t reserved; *offset = 0; @@ -223,7 +223,7 @@ METHOD(pb_pdp_referral_msg_t, get_identifier, chunk_t, } METHOD(pb_pdp_referral_msg_t, get_fqdn, chunk_t, - private_pb_pdp_referral_msg_t *this, u_int8_t *protocol, u_int16_t *port) + private_pb_pdp_referral_msg_t *this, uint8_t *protocol, uint16_t *port) { if (protocol) { @@ -267,7 +267,7 @@ pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type, /** * See header */ -pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, u_int16_t port) +pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, uint16_t port) { pb_tnc_msg_t *msg; bio_writer_t *writer; diff --git a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h index b225f3381..0923c8ba4 100644 --- a/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h +++ b/src/libtnccs/plugins/tnccs_20/messages/tcg/pb_pdp_referral_msg.h @@ -74,8 +74,8 @@ struct pb_pdp_referral_msg_t { * @param port PT port the PDP is listening on * @return Fully Qualified Domain Name of PDP */ - chunk_t (*get_fqdn)(pb_pdp_referral_msg_t *this, u_int8_t *protocol, - u_int16_t *port); + chunk_t (*get_fqdn)(pb_pdp_referral_msg_t *this, uint8_t *protocol, + uint16_t *port); }; @@ -94,7 +94,7 @@ pb_tnc_msg_t* pb_pdp_referral_msg_create(pen_type_t identifier_type, * @param fqdn Fully Qualified Domain Name of PDP * @param port PT-TLS port the PDP is listening on */ -pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, u_int16_t port); +pb_tnc_msg_t* pb_pdp_referral_msg_create_from_fqdn(chunk_t fqdn, uint16_t port); /** * Create an unprocessed PB-PDP-Referral message from raw data diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20.c b/src/libtnccs/plugins/tnccs_20/tnccs_20.c index 35d297842..041faa389 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20.c @@ -77,7 +77,7 @@ struct private_tnccs_20_t { /** * Type of TNC client authentication */ - u_int32_t auth_type; + uint32_t auth_type; /** * Mutual PB-TNC protocol enabled @@ -423,20 +423,20 @@ METHOD(tnccs_t, set_transport, void, this->transport = transport; } -METHOD(tnccs_t, get_auth_type, u_int32_t, +METHOD(tnccs_t, get_auth_type, uint32_t, private_tnccs_20_t *this) { return this->auth_type; } METHOD(tnccs_t, set_auth_type, void, - private_tnccs_20_t *this, u_int32_t auth_type) + private_tnccs_20_t *this, uint32_t auth_type) { this->auth_type = auth_type; } METHOD(tnccs_t, get_pdp_server, chunk_t, - private_tnccs_20_t *this, u_int16_t *port) + private_tnccs_20_t *this, uint16_t *port) { if (this->tnc_client) { diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c index 4ba8221d0..04e404225 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.c @@ -104,7 +104,7 @@ struct private_tnccs_20_client_t { /** * PDP server port */ - u_int16_t pdp_port; + uint16_t pdp_port; /** * Mutual PB-TNC protocol enabled @@ -124,8 +124,8 @@ struct private_tnccs_20_client_t { void tnccs_20_handle_ietf_error_msg(pb_tnc_msg_t *msg, bool *fatal_error) { pb_error_msg_t *err_msg; - u_int32_t vendor_id; - u_int16_t error_code; + uint32_t vendor_id; + uint16_t error_code; bool fatal; err_msg = (pb_error_msg_t*)msg; @@ -238,7 +238,7 @@ static void handle_ietf_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *m { pb_pa_msg_t *pa_msg; pen_type_t msg_subtype; - u_int16_t imc_id, imv_id; + uint16_t imc_id, imv_id; chunk_t msg_body; bool excl; enum_name_t *pa_subtype_names; @@ -274,7 +274,7 @@ static void handle_ietf_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *m case PB_MSG_ASSESSMENT_RESULT: { pb_assessment_result_msg_t *assess_msg; - u_int32_t result; + uint32_t result; assess_msg = (pb_assessment_result_msg_t*)msg; result = assess_msg->get_assessment_result(assess_msg); @@ -375,7 +375,7 @@ static void handle_tcg_message(private_tnccs_20_client_t *this, pb_tnc_msg_t *ms { pb_pdp_referral_msg_t *pdp_msg; pen_type_t pdp_id_type; - u_int8_t pdp_protocol; + uint8_t pdp_protocol; pdp_msg = (pb_pdp_referral_msg_t*)msg; pdp_id_type = pdp_msg->get_identifier_type(pdp_msg); @@ -765,7 +765,7 @@ METHOD(tnccs_20_handler_t, destroy, void, } METHOD(tnccs_20_client_t, get_pdp_server, chunk_t, - private_tnccs_20_client_t *this, u_int16_t *port) + private_tnccs_20_client_t *this, uint16_t *port) { *port = this->pdp_port; diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h index 7a5f33ebc..3b34638a8 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_client.h @@ -45,7 +45,7 @@ struct tnccs_20_client_t { * @param port PT-TLS port of the PDP server * @return FQDN of PDP server */ - chunk_t (*get_pdp_server)(tnccs_20_client_t *this, u_int16_t *port); + chunk_t (*get_pdp_server)(tnccs_20_client_t *this, uint16_t *port); }; diff --git a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c index 038fc178b..86ae1c099 100644 --- a/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c +++ b/src/libtnccs/plugins/tnccs_20/tnccs_20_server.c @@ -166,7 +166,7 @@ static void handle_ietf_message(private_tnccs_20_server_t *this, pb_tnc_msg_t *m { pb_pa_msg_t *pa_msg; pen_type_t msg_subtype; - u_int16_t imc_id, imv_id; + uint16_t imc_id, imv_id; chunk_t msg_body; bool excl; enum_name_t *pa_subtype_names; @@ -531,14 +531,14 @@ METHOD(tnccs_20_handler_t, begin_handshake, void, { pb_tnc_msg_t *msg; identification_t *pdp_server; - u_int16_t *pdp_port; + uint16_t *pdp_port; tnc->imvs->notify_connection_change(tnc->imvs, this->connection_id, TNC_CONNECTION_STATE_HANDSHAKE); /* Send a PB-TNC TCG PDP Referral message if PDP is known */ pdp_server = (identification_t*)lib->get(lib, "pt-tls-server"); - pdp_port = (u_int16_t*)lib->get(lib, "pt-tls-port"); + pdp_port = (uint16_t*)lib->get(lib, "pt-tls-port"); if (this->eap_transport && pdp_server && pdp_port) { diff --git a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in index 949532a09..59efdbb9b 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/Makefile.in +++ b/src/libtnccs/plugins/tnccs_dynamic/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtnccs/plugins/tnccs_dynamic -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -205,12 +214,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -260,6 +271,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -294,6 +306,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -405,6 +418,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -468,7 +482,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_dynamic/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtnccs/plugins/tnccs_dynamic/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -782,6 +795,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c b/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c index 44b804fb2..c366e77ab 100644 --- a/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c +++ b/src/libtnccs/plugins/tnccs_dynamic/tnccs_dynamic.c @@ -64,7 +64,7 @@ struct private_tnccs_dynamic_t { /** * Type of TNC client authentication */ - u_int32_t auth_type; + uint32_t auth_type; /** * Callback function to communicate recommendation (TNC Server only) @@ -223,20 +223,20 @@ METHOD(tnccs_t, set_transport, void, this->transport = transport; } -METHOD(tnccs_t, get_auth_type, u_int32_t, +METHOD(tnccs_t, get_auth_type, uint32_t, private_tnccs_dynamic_t *this) { return this->auth_type; } METHOD(tnccs_t, set_auth_type, void, - private_tnccs_dynamic_t *this, u_int32_t auth_type) + private_tnccs_dynamic_t *this, uint32_t auth_type) { this->auth_type = auth_type; } METHOD(tnccs_t, get_pdp_server, chunk_t, - private_tnccs_dynamic_t *this, u_int16_t *port) + private_tnccs_dynamic_t *this, uint16_t *port) { tnccs_t *tnccs = (tnccs_t*)this->tls; diff --git a/src/libtnccs/tnc/tnccs/tnccs.h b/src/libtnccs/tnc/tnccs/tnccs.h index 8ff295bcc..d367a15a7 100644 --- a/src/libtnccs/tnc/tnccs/tnccs.h +++ b/src/libtnccs/tnc/tnccs/tnccs.h @@ -119,14 +119,14 @@ struct tnccs_t { * * @return TNC Client authentication type */ - u_int32_t (*get_auth_type)(tnccs_t *this); + uint32_t (*get_auth_type)(tnccs_t *this); /** * Set type of TNC Client authentication * * @param auth_type TNC Client authentication type */ - void (*set_auth_type)(tnccs_t *this, u_int32_t auth_type); + void (*set_auth_type)(tnccs_t *this, uint32_t auth_type); /** * Get PDP server name and port number @@ -134,7 +134,7 @@ struct tnccs_t { * @param port PDP port number * @return PDP server name */ - chunk_t (*get_pdp_server)(tnccs_t *this, u_int16_t *port); + chunk_t (*get_pdp_server)(tnccs_t *this, uint16_t *port); /** * Get a new reference to the TNCCS object. diff --git a/src/libtnccs/tnc/tnccs/tnccs_manager.h b/src/libtnccs/tnc/tnccs/tnccs_manager.h index b5c85f3c0..bd1573f7b 100644 --- a/src/libtnccs/tnc/tnccs/tnccs_manager.h +++ b/src/libtnccs/tnc/tnccs/tnccs_manager.h @@ -87,7 +87,7 @@ struct tnccs_manager_t { tnccs_type_t type, tnccs_t *tnccs, tnccs_send_message_t send_message, bool *request_handshake_retry, - u_int32_t max_msg_len, + uint32_t max_msg_len, recommendations_t **recs); /** diff --git a/src/libtncif/Makefile.in b/src/libtncif/Makefile.in index 4be7ae1a8..9d7ba9a1a 100644 --- a/src/libtncif/Makefile.in +++ b/src/libtncif/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libtncif -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -167,12 +176,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -222,6 +233,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -256,6 +268,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -367,6 +380,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -422,7 +436,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtncif/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libtncif/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -699,6 +712,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libtncif/tncif_identity.c b/src/libtncif/tncif_identity.c index 7ee215c77..5eecb9cca 100644 --- a/src/libtncif/tncif_identity.c +++ b/src/libtncif/tncif_identity.c @@ -121,8 +121,8 @@ METHOD(tncif_identity_t, build, void, METHOD(tncif_identity_t, process, bool, private_tncif_identity_t *this, bio_reader_t *reader) { - u_int8_t reserved; - u_int32_t vendor_id, type; + uint8_t reserved; + uint32_t vendor_id, type; chunk_t identity_value; if (reader->remaining(reader) < TNCIF_IDENTITY_MIN_SIZE) diff --git a/src/libtpmtss/Makefile.am b/src/libtpmtss/Makefile.am new file mode 100644 index 000000000..8fcb44f6a --- /dev/null +++ b/src/libtpmtss/Makefile.am @@ -0,0 +1,25 @@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_LDFLAGS = \ + -no-undefined + +ipseclib_LTLIBRARIES = libtpmtss.la +libtpmtss_la_SOURCES = \ + tpm_tss.h tpm_tss.c \ + tpm_tss_quote_info.h tpm_tss_quote_info.c \ + tpm_tss_trousers.h tpm_tss_trousers.c \ + tpm_tss_tss2.h tpm_tss_tss2.c \ + tpm_tss_tss2_names.h tpm_tss_tss2_names.c + +libtpmtss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la + +if USE_TSS2 +libtpmtss_la_LIBADD += -ltctisocket -ltss2 +endif + +if USE_TROUSERS +libtpmtss_la_LIBADD += -ltspi +endif + diff --git a/src/libtpmtss/Makefile.in b/src/libtpmtss/Makefile.in new file mode 100644 index 000000000..fcee04fc3 --- /dev/null +++ b/src/libtpmtss/Makefile.in @@ -0,0 +1,788 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@USE_TSS2_TRUE@am__append_1 = -ltctisocket -ltss2 +@USE_TROUSERS_TRUE@am__append_2 = -ltspi +subdir = src/libtpmtss +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/split-package-version.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/m4/macros/add-plugin.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(ipseclibdir)" +LTLIBRARIES = $(ipseclib_LTLIBRARIES) +am__DEPENDENCIES_1 = +libtpmtss_la_DEPENDENCIES = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) +am_libtpmtss_la_OBJECTS = tpm_tss.lo tpm_tss_quote_info.lo \ + tpm_tss_trousers.lo tpm_tss_tss2.lo tpm_tss_tss2_names.lo +libtpmtss_la_OBJECTS = $(am_libtpmtss_la_OBJECTS) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir) +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__depfiles_maybe = depfiles +am__mv = mv -f +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(libtpmtss_la_SOURCES) +DIST_SOURCES = $(libtpmtss_la_SOURCES) +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +ALLOCA = @ALLOCA@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +ATOMICLIB = @ATOMICLIB@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BFDLIB = @BFDLIB@ +BTLIB = @BTLIB@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +COVERAGE_CFLAGS = @COVERAGE_CFLAGS@ +COVERAGE_LDFLAGS = @COVERAGE_LDFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DLLIB = @DLLIB@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +EASY_INSTALL = @EASY_INSTALL@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +GEM = @GEM@ +GENHTML = @GENHTML@ +GPERF = @GPERF@ +GPRBUILD = @GPRBUILD@ +GREP = @GREP@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LCOV = @LCOV@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LEX = @LEX@ +LEXLIB = @LEXLIB@ +LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OPENSSL_LIB = @OPENSSL_LIB@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PACKAGE_VERSION_BUILD = @PACKAGE_VERSION_BUILD@ +PACKAGE_VERSION_MAJOR = @PACKAGE_VERSION_MAJOR@ +PACKAGE_VERSION_MINOR = @PACKAGE_VERSION_MINOR@ +PACKAGE_VERSION_REVIEW = @PACKAGE_VERSION_REVIEW@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PERL = @PERL@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PLUGIN_CFLAGS = @PLUGIN_CFLAGS@ +PTHREADLIB = @PTHREADLIB@ +PYTHON = @PYTHON@ +PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +PY_TEST = @PY_TEST@ +RANLIB = @RANLIB@ +RTLIB = @RTLIB@ +RUBY = @RUBY@ +RUBYGEMDIR = @RUBYGEMDIR@ +RUBYINCLUDE = @RUBYINCLUDE@ +RUBYLIB = @RUBYLIB@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +SOCKLIB = @SOCKLIB@ +STRIP = @STRIP@ +UNWINDLIB = @UNWINDLIB@ +VERSION = @VERSION@ +YACC = @YACC@ +YFLAGS = @YFLAGS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +aikgen_plugins = @aikgen_plugins@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +attest_plugins = @attest_plugins@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +c_plugins = @c_plugins@ +charon_natt_port = @charon_natt_port@ +charon_plugins = @charon_plugins@ +charon_udp_port = @charon_udp_port@ +clearsilver_LIBS = @clearsilver_LIBS@ +cmd_plugins = @cmd_plugins@ +datadir = @datadir@ +datarootdir = @datarootdir@ +dbusservicedir = @dbusservicedir@ +dev_headers = @dev_headers@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +fips_mode = @fips_mode@ +gtk_CFLAGS = @gtk_CFLAGS@ +gtk_LIBS = @gtk_LIBS@ +h_plugins = @h_plugins@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +imcvdir = @imcvdir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +ipsec_script = @ipsec_script@ +ipsec_script_upper = @ipsec_script_upper@ +ipsecdir = @ipsecdir@ +ipsecgroup = @ipsecgroup@ +ipseclibdir = @ipseclibdir@ +ipsecuser = @ipsecuser@ +json_CFLAGS = @json_CFLAGS@ +json_LIBS = @json_LIBS@ +libdir = @libdir@ +libexecdir = @libexecdir@ +libiptc_CFLAGS = @libiptc_CFLAGS@ +libiptc_LIBS = @libiptc_LIBS@ +linux_headers = @linux_headers@ +localedir = @localedir@ +localstatedir = @localstatedir@ +maemo_CFLAGS = @maemo_CFLAGS@ +maemo_LIBS = @maemo_LIBS@ +manager_plugins = @manager_plugins@ +mandir = @mandir@ +medsrv_plugins = @medsrv_plugins@ +mkdir_p = @mkdir_p@ +nm_CFLAGS = @nm_CFLAGS@ +nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ +nm_plugins = @nm_plugins@ +oldincludedir = @oldincludedir@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ +pdfdir = @pdfdir@ +piddir = @piddir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +pki_plugins = @pki_plugins@ +plugindir = @plugindir@ +pool_plugins = @pool_plugins@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +random_device = @random_device@ +resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ +s_plugins = @s_plugins@ +sbindir = @sbindir@ +scepclient_plugins = @scepclient_plugins@ +scripts_plugins = @scripts_plugins@ +sharedstatedir = @sharedstatedir@ +soup_CFLAGS = @soup_CFLAGS@ +soup_LIBS = @soup_LIBS@ +srcdir = @srcdir@ +starter_plugins = @starter_plugins@ +strongswan_conf = @strongswan_conf@ +strongswan_options = @strongswan_options@ +swanctldir = @swanctldir@ +sysconfdir = @sysconfdir@ +systemd_CFLAGS = @systemd_CFLAGS@ +systemd_LIBS = @systemd_LIBS@ +systemd_daemon_CFLAGS = @systemd_daemon_CFLAGS@ +systemd_daemon_LIBS = @systemd_daemon_LIBS@ +systemd_journal_CFLAGS = @systemd_journal_CFLAGS@ +systemd_journal_LIBS = @systemd_journal_LIBS@ +systemdsystemunitdir = @systemdsystemunitdir@ +t_plugins = @t_plugins@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ +xml_CFLAGS = @xml_CFLAGS@ +xml_LIBS = @xml_LIBS@ +AM_CPPFLAGS = \ + -I$(top_srcdir)/src/libstrongswan + +AM_LDFLAGS = \ + -no-undefined + +ipseclib_LTLIBRARIES = libtpmtss.la +libtpmtss_la_SOURCES = \ + tpm_tss.h tpm_tss.c \ + tpm_tss_quote_info.h tpm_tss_quote_info.c \ + tpm_tss_trousers.h tpm_tss_trousers.c \ + tpm_tss_tss2.h tpm_tss_tss2.c \ + tpm_tss_tss2_names.h tpm_tss_tss2_names.c + +libtpmtss_la_LIBADD = \ + $(top_builddir)/src/libstrongswan/libstrongswan.la \ + $(am__append_1) $(am__append_2) +all: all-am + +.SUFFIXES: +.SUFFIXES: .c .lo .o .obj +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libtpmtss/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/libtpmtss/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +install-ipseclibLTLIBRARIES: $(ipseclib_LTLIBRARIES) + @$(NORMAL_INSTALL) + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ + list2=; for p in $$list; do \ + if test -f $$p; then \ + list2="$$list2 $$p"; \ + else :; fi; \ + done; \ + test -z "$$list2" || { \ + echo " $(MKDIR_P) '$(DESTDIR)$(ipseclibdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(ipseclibdir)" || exit 1; \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(ipseclibdir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(ipseclibdir)"; \ + } + +uninstall-ipseclibLTLIBRARIES: + @$(NORMAL_UNINSTALL) + @list='$(ipseclib_LTLIBRARIES)'; test -n "$(ipseclibdir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(ipseclibdir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(ipseclibdir)/$$f"; \ + done + +clean-ipseclibLTLIBRARIES: + -test -z "$(ipseclib_LTLIBRARIES)" || rm -f $(ipseclib_LTLIBRARIES) + @list='$(ipseclib_LTLIBRARIES)'; \ + locs=`for p in $$list; do echo $$p; done | \ + sed 's|^[^/]*$$|.|; s|/[^/]*$$||; s|$$|/so_locations|' | \ + sort -u`; \ + test -z "$$locs" || { \ + echo rm -f $${locs}; \ + rm -f $${locs}; \ + } + +libtpmtss.la: $(libtpmtss_la_OBJECTS) $(libtpmtss_la_DEPENDENCIES) $(EXTRA_libtpmtss_la_DEPENDENCIES) + $(AM_V_CCLD)$(LINK) -rpath $(ipseclibdir) $(libtpmtss_la_OBJECTS) $(libtpmtss_la_LIBADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_quote_info.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_trousers.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tpm_tss_tss2_names.Plo@am__quote@ + +.c.o: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ $< + +.c.obj: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.c.lo: +@am__fastdepCC_TRUE@ $(AM_V_CC)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCC_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LTCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-am +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-am + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-am + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(LTLIBRARIES) +installdirs: + for dir in "$(DESTDIR)$(ipseclibdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic clean-ipseclibLTLIBRARIES clean-libtool \ + mostlyclean-am + +distclean: distclean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-tags + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-ipseclibLTLIBRARIES + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -rf ./$(DEPDIR) + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-ipseclibLTLIBRARIES + +.MAKE: install-am install-strip + +.PHONY: CTAGS GTAGS TAGS all all-am check check-am clean clean-generic \ + clean-ipseclibLTLIBRARIES clean-libtool cscopelist-am ctags \ + ctags-am distclean distclean-compile distclean-generic \ + distclean-libtool distclean-tags distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-ipseclibLTLIBRARIES install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-compile mostlyclean-generic mostlyclean-libtool \ + pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-ipseclibLTLIBRARIES + +.PRECIOUS: Makefile + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/src/libtpmtss/tpm_tss.c b/src/libtpmtss/tpm_tss.c new file mode 100644 index 000000000..b7b970c8d --- /dev/null +++ b/src/libtpmtss/tpm_tss.c @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss.h" +#include "tpm_tss_tss2.h" +#include "tpm_tss_trousers.h" + +/** + * Described in header. + */ +void libtpmtss_init(void) +{ + /* empty */ +} + +typedef tpm_tss_t*(*tpm_tss_create)(); + +/** + * See header. + */ +tpm_tss_t *tpm_tss_probe(tpm_version_t version) +{ + tpm_tss_create stacks[] = { + tpm_tss_tss2_create, + tpm_tss_trousers_create, + }; + tpm_tss_t *tpm; + int i; + + for (i = 0; i < countof(stacks); i++) + { + tpm = stacks[i](); + if (tpm) + { + if (version == TPM_VERSION_ANY || version == tpm->get_version(tpm)) + { + return tpm; + } + } + } + return NULL; +} diff --git a/src/libtpmtss/tpm_tss.h b/src/libtpmtss/tpm_tss.h new file mode 100644 index 000000000..4f4b9e2cf --- /dev/null +++ b/src/libtpmtss/tpm_tss.h @@ -0,0 +1,140 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup libtpmtss libtpmtss + * + * @addtogroup libtpmtss + * @{ + */ + +#ifndef TPM_TSS_H_ +#define TPM_TSS_H_ + +#include "tpm_tss_quote_info.h" + +#include <library.h> +#include <crypto/hashers/hasher.h> + +typedef enum tpm_version_t tpm_version_t; +typedef struct tpm_tss_t tpm_tss_t; + +/** + * TPM Versions + */ +enum tpm_version_t { + TPM_VERSION_ANY, + TPM_VERSION_1_2, + TPM_VERSION_2_0, +}; + +/** + * TPM access via TSS public interface + */ +struct tpm_tss_t { + + /** + * Get TPM version supported by TSS + * + * @return TPM version + */ + tpm_version_t (*get_version)(tpm_tss_t *this); + + /** + * Get TPM version info (TPM 1.2 only) + * + * @return TPM version info struct + */ + chunk_t (*get_version_info)(tpm_tss_t *this); + + /** + * Generate AIK key pair bound to TPM (TPM 1.2 only) + * + * @param ca_modulus RSA modulus of CA public key + * @param aik_blob AIK private key blob + * @param aik_pubkey AIK public key + * @return TRUE if AIK key generation succeeded + */ + bool (*generate_aik)(tpm_tss_t *this, chunk_t ca_modulus, + chunk_t *aik_blob, chunk_t *aik_pubkey, + chunk_t *identity_req); + + /** + * Get public key from TPM using its object handle (TPM 2.0 only) + * + * @param handle key object handle + * @return public key in PKCS#1 format + */ + chunk_t (*get_public)(tpm_tss_t *this, uint32_t handle); + + /** + * Retrieve the current value of a PCR register in a given PCR bank + * + * @param pcr_num PCR number + * @param pcr_value PCR value returned + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR value retrieval succeeded + */ + bool (*read_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg); + + /** + * Extend a PCR register in a given PCR bank with a hash value + * + * @param pcr_num PCR number + * @param pcr_value extended PCR value returned + * @param hash data to be extended into the PCR + * @param alg hash algorithm, selects PCR bank (TPM 2.0 only) + * @return TRUE if PCR extension succeeded + */ + bool (*extend_pcr)(tpm_tss_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg); + + /** + * Do a quote signature over a selection of PCR registers + * + * @param aik_handle object handle of AIK to be used for quote signature + * @param pcr_sel selection of PCR registers + * @param alg hash algorithm to be used for quote signature + * @param data additional data to be hashed into the quote + * @param quote_mode define current and legacy TPM quote modes + * @param quote_info returns various info covered by quote signature + * @param quote_sig returns quote signature + * @return TRUE if quote signature succeeded + */ + bool (*quote)(tpm_tss_t *this, uint32_t aik_handle, uint32_t pcr_sel, + hash_algorithm_t alg, chunk_t data, + tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig); + + /** + * Destroy a tpm_tss_t. + */ + void (*destroy)(tpm_tss_t *this); +}; + +/** + * Create a tpm_tss instance. + * + * @param version TPM version that must be supported by TSS + */ +tpm_tss_t *tpm_tss_probe(tpm_version_t version); + +/** + * Dummy libtpmtss initialization function needed for integrity test + */ +void libtpmtss_init(void); + +#endif /** TPM_TSS_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_quote_info.c b/src/libtpmtss/tpm_tss_quote_info.c new file mode 100644 index 000000000..0341738e0 --- /dev/null +++ b/src/libtpmtss/tpm_tss_quote_info.c @@ -0,0 +1,330 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <tpm_tss_quote_info.h> + +#include <bio/bio_writer.h> + +#ifndef TPM_TAG_QUOTE_INFO2 +#define TPM_TAG_QUOTE_INFO2 0x0036 +#endif +#ifndef TPM_LOC_ZERO +#define TPM_LOC_ZERO 0x01 +#endif + +typedef struct private_tpm_tss_quote_info_t private_tpm_tss_quote_info_t; + +/** + * Private data of an tpm_tss_quote_info_t object. + */ +struct private_tpm_tss_quote_info_t { + + /** + * Public tpm_tss_quote_info_t interface. + */ + tpm_tss_quote_info_t public; + + /** + * TPM Quote Mode + */ + tpm_quote_mode_t quote_mode; + + /** + * TPM Qualified Signer + */ + chunk_t qualified_signer; + + /** + * TPM Clock Info + */ + chunk_t clock_info; + + /** + * TPM Version Info + */ + chunk_t version_info; + + /** + * TPM PCR Selection + */ + chunk_t pcr_select; + + /** + * TPM PCR Composite Hash + */ + chunk_t pcr_digest; + + /** + * TPM PCR Composite Hash algorithm + */ + hash_algorithm_t pcr_digest_alg; + + /** + * Reference count + */ + refcount_t ref; + +}; + +METHOD(tpm_tss_quote_info_t, get_quote_mode, tpm_quote_mode_t, + private_tpm_tss_quote_info_t *this) +{ + return this->quote_mode; +} + +METHOD(tpm_tss_quote_info_t, get_pcr_digest_alg, hash_algorithm_t, + private_tpm_tss_quote_info_t *this) +{ + return this->pcr_digest_alg; +} + +METHOD(tpm_tss_quote_info_t, get_pcr_digest, chunk_t, + private_tpm_tss_quote_info_t *this) +{ + return this->pcr_digest; +} + +METHOD(tpm_tss_quote_info_t, get_quote, bool, + private_tpm_tss_quote_info_t *this, chunk_t nonce, + tpm_tss_pcr_composite_t *composite, chunk_t *quoted) +{ + chunk_t pcr_composite, pcr_digest; + bio_writer_t *writer; + hasher_t *hasher; + bool equal_digests; + + /* Construct PCR Composite */ + writer = bio_writer_create(32); + + switch (this->quote_mode) + { + case TPM_QUOTE: + case TPM_QUOTE2: + case TPM_QUOTE2_VERSION_INFO: + writer->write_data16(writer, composite->pcr_select); + writer->write_data32(writer, composite->pcr_composite); + + break; + case TPM_QUOTE_TPM2: + writer->write_data(writer, composite->pcr_composite); + break; + case TPM_QUOTE_NONE: + break; + } + + pcr_composite = writer->extract_buf(writer); + writer->destroy(writer); + + DBG2(DBG_PTS, "constructed PCR Composite: %B", &pcr_composite); + + /* Compute PCR Composite Hash */ + hasher = lib->crypto->create_hasher(lib->crypto, this->pcr_digest_alg); + if (!hasher || !hasher->allocate_hash(hasher, pcr_composite, &pcr_digest)) + { + DESTROY_IF(hasher); + chunk_free(&pcr_composite); + return FALSE; + } + hasher->destroy(hasher); + chunk_free(&pcr_composite); + + DBG2(DBG_PTS, "constructed PCR Composite digest: %B", &pcr_digest); + + equal_digests = chunk_equals(pcr_digest, this->pcr_digest); + + /* Construct Quote Info */ + writer = bio_writer_create(32); + + switch (this->quote_mode) + { + case TPM_QUOTE: + /* Version number */ + writer->write_data(writer, chunk_from_chars(1, 1, 0, 0)); + + /* Magic QUOT value */ + writer->write_data(writer, chunk_from_str("QUOT")); + + /* PCR Composite Hash */ + writer->write_data(writer, pcr_digest); + + /* Secret assessment value 20 bytes (nonce) */ + writer->write_data(writer, nonce); + break; + case TPM_QUOTE2: + case TPM_QUOTE2_VERSION_INFO: + /* TPM Structure Tag */ + writer->write_uint16(writer, TPM_TAG_QUOTE_INFO2); + + /* Magic QUT2 value */ + writer->write_data(writer, chunk_from_str("QUT2")); + + /* Secret assessment value 20 bytes (nonce) */ + writer->write_data(writer, nonce); + + /* PCR selection */ + writer->write_data16(writer, composite->pcr_select); + + /* TPM Locality Selection */ + writer->write_uint8(writer, TPM_LOC_ZERO); + + /* PCR Composite Hash */ + writer->write_data(writer, pcr_digest); + + if (this->quote_mode == TPM_QUOTE2_VERSION_INFO) + { + /* TPM version Info */ + writer->write_data(writer, this->version_info); + } + break; + case TPM_QUOTE_TPM2: + /* Magic */ + writer->write_data(writer, chunk_from_chars(0xff,0x54,0x43,0x47)); + + /* Type */ + writer->write_uint16(writer, 0x8018); + + /* Qualified Signer */ + writer->write_data16(writer, this->qualified_signer); + + /* Extra Data */ + writer->write_data16(writer, nonce); + + /* Clock Info */ + writer->write_data(writer, this->clock_info); + + /* Firmware Version */ + writer->write_data(writer, this->version_info); + + /* PCR Selection */ + writer->write_data(writer, this->pcr_select); + + /* PCR Composite Hash */ + writer->write_data16(writer, pcr_digest); + break; + case TPM_QUOTE_NONE: + break; + } + chunk_free(&pcr_digest); + *quoted = writer->extract_buf(writer); + writer->destroy(writer); + + DBG2(DBG_PTS, "constructed TPM Quote Info: %B", quoted); + + if (!equal_digests) + { + DBG1(DBG_IMV, "received PCR Composite digest does not match " + "constructed one"); + chunk_free(quoted); + } + return equal_digests; +} + +METHOD(tpm_tss_quote_info_t, set_version_info, void, + private_tpm_tss_quote_info_t *this, chunk_t version_info) +{ + chunk_free(&this->version_info); + this->version_info = chunk_clone(version_info); +} + +METHOD(tpm_tss_quote_info_t, get_version_info, chunk_t, + private_tpm_tss_quote_info_t *this) +{ + return this->version_info; +} + +METHOD(tpm_tss_quote_info_t, set_tpm2_info, void, + private_tpm_tss_quote_info_t *this, chunk_t qualified_signer, + chunk_t clock_info, chunk_t pcr_select) +{ + chunk_free(&this->qualified_signer); + this->qualified_signer = chunk_clone(qualified_signer); + + chunk_free(&this->clock_info); + this->clock_info = chunk_clone(clock_info); + + chunk_free(&this->pcr_select); + this->pcr_select = chunk_clone(pcr_select); +} + +METHOD(tpm_tss_quote_info_t, get_tpm2_info, void, + private_tpm_tss_quote_info_t *this, chunk_t *qualified_signer, + chunk_t *clock_info, chunk_t *pcr_select) +{ + if (qualified_signer) + { + *qualified_signer = this->qualified_signer; + } + if (clock_info) + { + *clock_info = this->clock_info; + } + if (pcr_select) + { + *pcr_select = this->pcr_select; + } +} + +METHOD(tpm_tss_quote_info_t, get_ref, tpm_tss_quote_info_t*, + private_tpm_tss_quote_info_t *this) +{ + ref_get(&this->ref); + + return &this->public; +} + +METHOD(tpm_tss_quote_info_t, destroy, void, + private_tpm_tss_quote_info_t *this) +{ + if (ref_put(&this->ref)) + { + chunk_free(&this->qualified_signer); + chunk_free(&this->clock_info); + chunk_free(&this->version_info); + chunk_free(&this->pcr_select); + chunk_free(&this->pcr_digest); + free(this); + } +} + +/** + * See header + */ +tpm_tss_quote_info_t *tpm_tss_quote_info_create(tpm_quote_mode_t quote_mode, + hash_algorithm_t pcr_digest_alg, chunk_t pcr_digest) + +{ + private_tpm_tss_quote_info_t *this; + + INIT(this, + .public = { + .get_quote_mode = _get_quote_mode, + .get_pcr_digest_alg = _get_pcr_digest_alg, + .get_pcr_digest = _get_pcr_digest, + .get_quote = _get_quote, + .set_version_info = _set_version_info, + .get_version_info = _get_version_info, + .set_tpm2_info = _set_tpm2_info, + .get_tpm2_info = _get_tpm2_info, + .get_ref = _get_ref, + .destroy = _destroy, + }, + .quote_mode = quote_mode, + .pcr_digest_alg = pcr_digest_alg, + .pcr_digest = chunk_clone(pcr_digest), + .ref = 1, + ); + + return &this->public; +} diff --git a/src/libtpmtss/tpm_tss_quote_info.h b/src/libtpmtss/tpm_tss_quote_info.h new file mode 100644 index 000000000..5b1c45794 --- /dev/null +++ b/src/libtpmtss/tpm_tss_quote_info.h @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_quote_info tpm_tss_quote_info + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_QUOTE_INFO_H_ +#define TPM_TSS_QUOTE_INFO_H_ + +#include <library.h> + +#include <crypto/hashers/hasher.h> + +typedef enum tpm_quote_mode_t tpm_quote_mode_t; +typedef struct tpm_tss_quote_info_t tpm_tss_quote_info_t; +typedef struct tpm_tss_pcr_composite_t tpm_tss_pcr_composite_t; + +/** + * TPM Quote Modes + */ +enum tpm_quote_mode_t { + TPM_QUOTE_NONE, + TPM_QUOTE, + TPM_QUOTE2, + TPM_QUOTE2_VERSION_INFO, + TPM_QUOTE_TPM2 +}; + +struct tpm_tss_pcr_composite_t { + + /** + * Bit map of selected PCRs + */ + chunk_t pcr_select; + + /** + * Array of selected PCRs + */ + chunk_t pcr_composite; + +}; + +/** + * TPM Quote Information needed to verify the Quote Signature + */ +struct tpm_tss_quote_info_t { + + /** + * Get TPM Quote Mode + * + * @return TPM Quote Mode + */ + tpm_quote_mode_t (*get_quote_mode)(tpm_tss_quote_info_t *this); + + /** + * Get PCR Composite digest algorithm + * + * @return PCR Composite digest algorithm + */ + hash_algorithm_t (*get_pcr_digest_alg)(tpm_tss_quote_info_t *this); + + /** + * Get PCR Composite digest + * + * @return PCR Composite digest + */ + chunk_t (*get_pcr_digest)(tpm_tss_quote_info_t *this); + + /** + * Get TPM Quote Info digest, the basis of the TPM Quote Singature + * + * @param nonce Derived from the Diffie-Hellman exchange + * @param composite PCR Composite as computed by IMV + * @param quoted Encoded TPM Quote + * @return TRUE if TPM Quote was successfully constructed + */ + bool (*get_quote)(tpm_tss_quote_info_t *this, chunk_t nonce, + tpm_tss_pcr_composite_t *composite, + chunk_t *quoted); + + /** + * Set TPM version info (needed for TPM 1.2) + * + * @param version_info TPM 1.2 version info + */ + void (*set_version_info)(tpm_tss_quote_info_t *this, chunk_t version_info); + + /** + * Get TPM 2.0 version info (needed for TPM 2.0) + * + * @return TPM 2.0 firmwareVersioin + */ + chunk_t (*get_version_info)(tpm_tss_quote_info_t *this); + + /** + * Set TPM 2.0 info parameters (needed for TPM 2.0) + * + * @param qualified_signer TPM 2.0 qualifiedSigner + * @param clock_info TPM 2.0 clockInfo + * @param pcr_select TPM 2.0 pcrSelect + */ + void (*set_tpm2_info)(tpm_tss_quote_info_t *this, chunk_t qualified_signer, + chunk_t clock_info, chunk_t pcr_select); + + + /** + * Get TPM 2.0 info parameters (needed for TPM 2.0) + * + * @param qualified_signer TPM 2.0 qualifiedSigner + * @param clock_info TPM 2.0 clockInfo + * @param pcr_select TPM 2.0 pcrSelect + */ + void (*get_tpm2_info)(tpm_tss_quote_info_t *this, chunk_t *qualified_signer, + chunk_t *clock_info, chunk_t *pcr_select); + + /** + * Get reference to Quote Info object. + */ + tpm_tss_quote_info_t* (*get_ref)(tpm_tss_quote_info_t *this); + + /** + * Destroy a tpm_tss_quote_info_t. + */ + void (*destroy)(tpm_tss_quote_info_t *this); +}; + +/** + * Create a tpm_tss_quote_info instance. + * + * @param quote_mode TPM Quote mode + * @param pcr_digest_alg PCR Composite digest algorithm + * @param pcr_digest PCR Composite digest + */ +tpm_tss_quote_info_t *tpm_tss_quote_info_create(tpm_quote_mode_t quote_mode, + hash_algorithm_t pcr_digest_alg, chunk_t pcr_digest); + +#endif /** TPM_TSS_QUOTE_INFO_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_trousers.c b/src/libtpmtss/tpm_tss_trousers.c new file mode 100644 index 000000000..8be3ad877 --- /dev/null +++ b/src/libtpmtss/tpm_tss_trousers.c @@ -0,0 +1,655 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * Copyright (c) 2008 Hal Finney + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +#include "tpm_tss_trousers.h" + +#ifdef TSS_TROUSERS + +#ifdef _BASETSD_H_ +/* MinGW defines _BASETSD_H_, but TSS checks for _BASETSD_H */ +# define _BASETSD_H +#endif + +#include <trousers/tss.h> +#include <trousers/trousers.h> + +#define LABEL "TPM 1.2 -" + +/* size in bytes of a TSS AIK public key blob */ +#define AIK_PUBKEY_BLOB_SIZE 284 + +/* maximum number of PCR registers */ +#define PCR_NUM_MAX 24 + +typedef struct private_tpm_tss_trousers_t private_tpm_tss_trousers_t; +typedef struct aik_t aik_t; + +/** + * Private data of an tpm_tss_trousers_t object. + */ +struct private_tpm_tss_trousers_t { + + /** + * Public tpm_tss_trousers_t interface. + */ + tpm_tss_trousers_t interface; + + /** + * TSS context + */ + TSS_HCONTEXT hContext; + + /** + * TPM handle + */ + TSS_HTPM hTPM; + + /** + * TPM version info + */ + chunk_t version_info; + + /** + * List of AIKs retrievable by an object handle + */ + linked_list_t *aik_list; + +}; + +struct aik_t { + /** AIK object handle */ + uint32_t handle; + + /** AIK private key blob */ + chunk_t blob; + + /** AIK public key */ + chunk_t pubkey; +}; + +static void free_aik(aik_t *this) +{ + free(this->blob.ptr); + free(this->pubkey.ptr); + free(this); +} + +/** + * Initialize TSS context + * + * TPM 1.2 Specification, Part 2 TPM Structures, 21.6 TPM_CAP_VERSION_INFO + * + * typedef struct tdTPM_VERSION { + * TPM_VERSION_BYTE major; + * TPM_VERSION_BYTE minor; + * BYTE revMajor; + * BYTE revMinor; + * } TPM_VERSION; + * + * typedef struct tdTPM_CAP_VERSION_INFO { + * TPM_STRUCTURE_TAG tag; + * TPM_VERSION version; + * UINT16 specLevel; + * BYTE errataRev; + * BYTE tpmVendorID[4]; + * UINT16 vendorSpecificSize; + * [size_is(vendorSpecificSize)] BYTE* vendorSpecific; + * } TPM_CAP_VERSION_INFO; + */ +static bool initialize_context(private_tpm_tss_trousers_t *this) +{ + uint8_t *version_ptr; + uint32_t version_len; + + TSS_RESULT result; + TPM_CAP_VERSION_INFO *info; + + result = Tspi_Context_Create(&this->hContext); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s could not created context: 0x%x", + LABEL, result); + return FALSE; + } + + result = Tspi_Context_Connect(this->hContext, NULL); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s could not connect with context: 0x%x", + LABEL, result); + return FALSE; + } + + result = Tspi_Context_GetTpmObject (this->hContext, &this->hTPM); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get TPM object: 0x%x", + LABEL, result); + return FALSE; + } + + result = Tspi_TPM_GetCapability(this->hTPM, TSS_TPMCAP_VERSION_VAL, 0, + NULL, &version_len, &version_ptr); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_GetCapability failed: 0x%x", + LABEL, result); + return FALSE; + } + + info = (TPM_CAP_VERSION_INFO *)version_ptr; + DBG2(DBG_PTS, "TPM Version Info: Chip Version: %u.%u.%u.%u, " + "Spec Level: %u, Errata Rev: %u, Vendor ID: %.4s", + info->version.major, info->version.minor, + info->version.revMajor, info->version.revMinor, + untoh16(&info->specLevel), info->errataRev, info->tpmVendorID); + + this->version_info = chunk_clone(chunk_create(version_ptr, version_len)); + + return TRUE; +} + +/** + * Finalize TSS context + */ +static void finalize_context(private_tpm_tss_trousers_t *this) +{ + if (this->hContext) + { + Tspi_Context_FreeMemory(this->hContext, NULL); + Tspi_Context_Close(this->hContext); + } +} + +METHOD(tpm_tss_t, get_version, tpm_version_t, + private_tpm_tss_trousers_t *this) +{ + return TPM_VERSION_1_2; +} + +METHOD(tpm_tss_t, get_version_info, chunk_t, + private_tpm_tss_trousers_t *this) +{ + return this->version_info; +} + +METHOD(tpm_tss_t, generate_aik, bool, + private_tpm_tss_trousers_t *this, chunk_t ca_modulus, chunk_t *aik_blob, + chunk_t *aik_pubkey, chunk_t *identity_req) +{ + chunk_t aik_pubkey_blob; + chunk_t aik_modulus; + chunk_t aik_exponent; + + TSS_RESULT result; + TSS_HKEY hSRK; + TSS_HKEY hPCAKey; + TSS_HPOLICY hSrkPolicy; + TSS_HPOLICY hTPMPolicy; + TSS_HKEY hIdentKey; + TSS_UUID SRK_UUID = TSS_UUID_SRK; + BYTE secret[] = TSS_WELL_KNOWN_SECRET; + BYTE *IdentityReq; + UINT32 IdentityReqLen; + BYTE *blob; + UINT32 blobLen; + + /* get SRK plus SRK policy and set SRK secret */ + result = Tspi_Context_LoadKeyByUUID(this->hContext, TSS_PS_TYPE_SYSTEM, + SRK_UUID, &hSRK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByUUID for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &hSrkPolicy); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetPolicyObject or SRK failed: 0x%x ", + LABEL, result); + return FALSE; + } + result = Tspi_Policy_SetSecret(hSrkPolicy, TSS_SECRET_MODE_SHA1, 20, secret); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Policy_SetSecret for SRK failed: 0x%x ", + LABEL, result); + return FALSE; + } + + /* get TPM plus TPM policy and set TPM secret */ + result = Tspi_Context_GetTpmObject (this->hContext, &this->hTPM); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_GetTpmObject failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_GetPolicyObject(this->hTPM, TSS_POLICY_USAGE, &hTPMPolicy); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetPolicyObject for TPM failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_Policy_SetSecret(hTPMPolicy, TSS_SECRET_MODE_SHA1, 20, secret); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS,"%s Tspi_Policy_SetSecret for TPM failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* create context for a 2048 bit AIK */ + result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_RSAKEY, + TSS_KEY_TYPE_IDENTITY | TSS_KEY_SIZE_2048 | + TSS_KEY_VOLATILE | TSS_KEY_NOT_MIGRATABLE, &hIdentKey); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for key failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* create context for the Privacy CA public key and assign modulus */ + result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_RSAKEY, + TSS_KEY_TYPE_LEGACY|TSS_KEY_SIZE_2048, &hPCAKey); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for PCA failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_SetAttribData (hPCAKey, TSS_TSPATTRIB_RSAKEY_INFO, + TSS_TSPATTRIB_KEYINFO_RSA_MODULUS, ca_modulus.len, + ca_modulus.ptr); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_SetAttribData for PCA modulus failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_SetAttribUint32(hPCAKey, TSS_TSPATTRIB_KEY_INFO, + TSS_TSPATTRIB_KEYINFO_ENCSCHEME, TSS_ES_RSAESPKCSV15); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS,"%s Tspi_SetAttribUint32 for PCA encryption scheme " + "failed: 0x%x", LABEL, result); + return FALSE; + } + + /* generate AIK */ + DBG1(DBG_LIB, "Generating identity key..."); + result = Tspi_TPM_CollateIdentityRequest(this->hTPM, hSRK, hPCAKey, 0, NULL, + hIdentKey, TSS_ALG_AES, &IdentityReqLen, &IdentityReq); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_CollateIdentityRequest failed: 0x%x", + LABEL, result); + return FALSE; + } + *identity_req = chunk_create(IdentityReq, IdentityReqLen); + DBG3(DBG_LIB, "%s Identity Request: %B", LABEL, identity_req); + + /* load identity key */ + result = Tspi_Key_LoadKey (hIdentKey, hSRK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Key_LoadKey for AIK failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* output AIK private key in TSS blob format */ + result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, + TSS_TSPATTRIB_KEYBLOB_BLOB, &blobLen, &blob); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetAttribData for private key blob failed: 0x%x", + LABEL, result); + return FALSE; + } + *aik_blob = chunk_create(blob, blobLen); + DBG3(DBG_LIB, "%s AIK private key blob: %B", LABEL, aik_blob); + + /* output AIK Public Key in TSS blob format */ + result = Tspi_GetAttribData (hIdentKey, TSS_TSPATTRIB_KEY_BLOB, + TSS_TSPATTRIB_KEYBLOB_PUBLIC_KEY, &blobLen, &blob); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetAttribData for public key blob failed: 0x%x", + LABEL, result); + return FALSE; + } + aik_pubkey_blob = chunk_create(blob, blobLen); + DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_pubkey_blob); + + /* create a trusted AIK public key */ + if (aik_pubkey_blob.len != AIK_PUBKEY_BLOB_SIZE) + { + DBG1(DBG_PTS, "%s AIK public key is not in TSS blob format", + LABEL); + return FALSE; + } + aik_modulus = chunk_skip(aik_pubkey_blob, AIK_PUBKEY_BLOB_SIZE - 256); + aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); + + /* output subjectPublicKeyInfo encoding of AIK public key */ + if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, NULL, + aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, + CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) + { + DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key failed", + LABEL); + return FALSE; + } + return TRUE; +} + +METHOD(tpm_tss_t, get_public, chunk_t, + private_tpm_tss_trousers_t *this, uint32_t handle) +{ + enumerator_t *enumerator; + chunk_t aik_pubkey = chunk_empty; + aik_t *aik; + + enumerator = this->aik_list->create_enumerator(this->aik_list); + while (enumerator->enumerate(enumerator, &aik)) + { + if (aik->handle == handle) + { + aik_pubkey = chunk_clone(aik->pubkey); + break; + } + } + enumerator->destroy(enumerator); + + return aik_pubkey; +} + +METHOD(tpm_tss_t, read_pcr, bool, + private_tpm_tss_trousers_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) +{ + TSS_RESULT result; + uint8_t *value; + uint32_t len; + + result = Tspi_TPM_PcrRead(this->hTPM, pcr_num, &len, &value); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_PcrRead failed: 0x%x", LABEL, result); + return FALSE; + } + *pcr_value = chunk_clone(chunk_create(value, len)); + + return TRUE; +} + +METHOD(tpm_tss_t, extend_pcr, bool, + private_tpm_tss_trousers_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg) +{ + TSS_RESULT result; + uint32_t pcr_len; + uint8_t *pcr_ptr; + + result = Tspi_TPM_PcrExtend(this->hTPM, pcr_num, data.len, data.ptr, + NULL, &pcr_len, &pcr_ptr); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_PcrExtend failed: 0x%x", LABEL, result); + return FALSE; + } + *pcr_value = chunk_clone(chunk_create(pcr_ptr, pcr_len)); + + return TRUE; +} + +METHOD(tpm_tss_t, quote, bool, + private_tpm_tss_trousers_t *this, uint32_t aik_handle, uint32_t pcr_sel, + hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) +{ + TSS_HKEY hAIK; + TSS_HKEY hSRK; + TSS_HPOLICY srkUsagePolicy; + TSS_UUID SRK_UUID = TSS_UUID_SRK; + TSS_HPCRS hPcrComposite; + TSS_VALIDATION valData; + TSS_RESULT result; + uint8_t secret[] = TSS_WELL_KNOWN_SECRET; + uint8_t *version_info, *comp_hash; + uint32_t version_info_size, pcr; + aik_t *aik; + chunk_t aik_blob = chunk_empty; + chunk_t quote_chunk, pcr_digest; + enumerator_t *enumerator; + bool success = FALSE; + + /* Retrieve SRK from TPM and set the authentication to well known secret*/ + result = Tspi_Context_LoadKeyByUUID(this->hContext, TSS_PS_TYPE_SYSTEM, + SRK_UUID, &hSRK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByUUID for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_GetPolicyObject(hSRK, TSS_POLICY_USAGE, &srkUsagePolicy); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_GetPolicyObject for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + result = Tspi_Policy_SetSecret(srkUsagePolicy, TSS_SECRET_MODE_SHA1, + 20, secret); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Policy_SetSecret for SRK failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* Retrieve AIK using its handle and load private key into TPM 1.2 */ + enumerator = this->aik_list->create_enumerator(this->aik_list); + while (enumerator->enumerate(enumerator, &aik)) + { + if (aik->handle == aik_handle) + { + aik_blob = aik->blob; + break; + } + } + enumerator->destroy(enumerator); + + if (aik_blob.len == 0) + { + DBG1(DBG_PTS, "%s AIK private key for handle 0x%80x not found", LABEL); + return FALSE; + } + result = Tspi_Context_LoadKeyByBlob(this->hContext, hSRK, aik_blob.len, + aik_blob.ptr, &hAIK); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_LoadKeyByBlob for AIK failed: 0x%x", + LABEL, result); + return FALSE; + } + + /* Create PCR composite object */ + result = Tspi_Context_CreateObject(this->hContext, TSS_OBJECT_TYPE_PCRS, + (*quote_mode == TPM_QUOTE) ? TSS_PCRS_STRUCT_INFO : + TSS_PCRS_STRUCT_INFO_SHORT, + &hPcrComposite); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_Context_CreateObject for pcrComposite failed: " + "0x%x", LABEL, result); + goto err1; + } + + /* Select PCRs */ + for (pcr = 0; pcr < PCR_NUM_MAX; pcr++) + { + if (pcr_sel & (1 << pcr)) + { + result = (*quote_mode == TPM_QUOTE) ? + Tspi_PcrComposite_SelectPcrIndex(hPcrComposite, pcr) : + Tspi_PcrComposite_SelectPcrIndexEx(hPcrComposite, pcr, + TSS_PCRS_DIRECTION_RELEASE); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_PcrComposite_SelectPcrIndex failed: " + "0x%x", LABEL, result); + goto err2; + } + } + } + + /* Set the Validation Data */ + valData.ulExternalDataLength = data.len; + valData.rgbExternalData = data.ptr; + + /* TPM Quote */ + result = (*quote_mode == TPM_QUOTE) ? + Tspi_TPM_Quote (this->hTPM, hAIK, hPcrComposite, &valData) : + Tspi_TPM_Quote2(this->hTPM, hAIK, + *quote_mode == TPM_QUOTE2_VERSION_INFO, + hPcrComposite, &valData, &version_info_size, + &version_info); + if (result != TSS_SUCCESS) + { + DBG1(DBG_PTS, "%s Tspi_TPM_Quote%s failed: 0x%x", LABEL, + (*quote_mode == TPM_QUOTE) ? "" : "2", result); + goto err2; + } + + if (*quote_mode == TPM_QUOTE) + { + /* TPM_Composite_Hash starts at byte 8 of TPM_Quote_Info structure */ + comp_hash = valData.rgbData + 8; + } + else + { + /* TPM_Composite_Hash is last 20 bytes of TPM_Quote_Info2 structure */ + comp_hash = valData.rgbData + valData.ulDataLength - version_info_size - + HASH_SIZE_SHA1; + } + pcr_digest = chunk_create(comp_hash, HASH_SIZE_SHA1); + DBG2(DBG_PTS, "PCR composite digest: %B", &pcr_digest); + + quote_chunk = chunk_create(valData.rgbData, valData.ulDataLength); + DBG2(DBG_PTS, "TPM Quote Info: %B", "e_chunk); + + *quote_info = tpm_tss_quote_info_create(*quote_mode, HASH_SHA1, pcr_digest); + + *quote_sig = chunk_clone(chunk_create(valData.rgbValidationData, + valData.ulValidationDataLength)); + DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig); + + success = TRUE; + +err2: + Tspi_Context_CloseObject(this->hContext, hPcrComposite); +err1: + Tspi_Context_CloseObject(this->hContext, hAIK); + + return success; +} + +METHOD(tpm_tss_t, destroy, void, + private_tpm_tss_trousers_t *this) +{ + finalize_context(this); + this->aik_list->destroy_function(this->aik_list, (void*)free_aik); + free(this->version_info.ptr); + free(this); +} + +METHOD(tpm_tss_trousers_t, load_aik, void, + private_tpm_tss_trousers_t *this, chunk_t blob, chunk_t pubkey, + uint32_t handle) +{ + aik_t *item; + + INIT(item, + .handle = handle, + .blob = blob, + .pubkey = pubkey, + ); + + this->aik_list->insert_last(this->aik_list, item); +} + +/** + * See header + */ +tpm_tss_t *tpm_tss_trousers_create() +{ + private_tpm_tss_trousers_t *this; + bool available; + + INIT(this, + .interface = { + .public = { + .get_version = _get_version, + .get_version_info = _get_version_info, + .generate_aik = _generate_aik, + .get_public = _get_public, + .read_pcr = _read_pcr, + .quote = _quote, + .extend_pcr = _extend_pcr, + .destroy = _destroy, + }, + .load_aik = _load_aik, + }, + .aik_list = linked_list_create(), + ); + + available = initialize_context(this); + DBG1(DBG_PTS, "TPM 1.2 via TrouSerS %savailable", available ? "" : "not "); + + if (!available) + { + destroy(this); + return NULL; + } + return &this->interface.public; +} + +#else /* TSS_TROUSERS */ + +tpm_tss_t *tpm_tss_trousers_create() +{ + return NULL; +} + +#endif /* TSS_TROUSERS */ + + + diff --git a/src/libtpmtss/tpm_tss_trousers.h b/src/libtpmtss/tpm_tss_trousers.h new file mode 100644 index 000000000..3afba0db2 --- /dev/null +++ b/src/libtpmtss/tpm_tss_trousers.h @@ -0,0 +1,52 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_trousers tpm_tss_trousers + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_TROUSERS_H_ +#define TPM_TSS_TROUSERS_H_ + +#include "tpm_tss.h" + +typedef struct tpm_tss_trousers_t tpm_tss_trousers_t; + +/** + * TPM 1.2 access via TrouSerS public interface + */ +struct tpm_tss_trousers_t { + + tpm_tss_t public; + + /** + * Load AIK public and private key pair and save it under an object handle + * + * @param blob encrypted AIK private key + * @param pubkey AIK public key + * @param handle object handle under which the AIK key is stored + */ + void (*load_aik)(tpm_tss_trousers_t *this, chunk_t blob, chunk_t pubkey, + uint32_t handle); + +}; + +/** + * Create a tpm_tss_trousers instance. + */ +tpm_tss_t *tpm_tss_trousers_create(); + +#endif /** TPM_TSS_TROUSERS_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_tss2.c b/src/libtpmtss/tpm_tss_tss2.c new file mode 100644 index 000000000..39d9f2e4d --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2.c @@ -0,0 +1,696 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss_tss2.h" +#include "tpm_tss_tss2_names.h" + +#ifdef TSS_TSS2 + +#include <asn1/asn1.h> +#include <asn1/oid.h> +#include <bio/bio_reader.h> + +#include <tss2/tpm20.h> +#include <tcti/tcti_socket.h> + +#define LABEL "TPM 2.0 -" + +typedef struct private_tpm_tss_tss2_t private_tpm_tss_tss2_t; + +/** + * Private data of an tpm_tss_tss2_t object. + */ +struct private_tpm_tss_tss2_t { + + /** + * Public tpm_tss_tss2_t interface. + */ + tpm_tss_t public; + + /** + * TCTI context + */ + TSS2_TCTI_CONTEXT *tcti_context; + + /** + * SYS context + */ + TSS2_SYS_CONTEXT *sys_context; + + /** + * Number of supported algorithms + */ + size_t supported_algs_count; + + /** + * List of supported algorithms + */ + TPM_ALG_ID supported_algs[TPM_PT_ALGORITHM_SET]; +}; + +/** + * Some symbols required by libtctisocket + */ +FILE *outFp; +uint8_t simulator = 1; + +int TpmClientPrintf (uint8_t type, const char *format, ...) +{ + return 0; +} + +/** + * Convert hash algorithm to TPM_ALG_ID + */ +static TPM_ALG_ID hash_alg_to_tpm_alg_id(hash_algorithm_t alg) +{ + switch (alg) + { + case HASH_SHA1: + return TPM_ALG_SHA1; + case HASH_SHA256: + return TPM_ALG_SHA256; + case HASH_SHA384: + return TPM_ALG_SHA384; + case HASH_SHA512: + return TPM_ALG_SHA512; + default: + return TPM_ALG_ERROR; + } +} + +/** + * Convert TPM_ALG_ID to hash algorithm + */ +static hash_algorithm_t hash_alg_from_tpm_alg_id(TPM_ALG_ID alg) +{ + switch (alg) + { + case TPM_ALG_SHA1: + return HASH_SHA1; + case TPM_ALG_SHA256: + return HASH_SHA256; + case TPM_ALG_SHA384: + return HASH_SHA384; + case TPM_ALG_SHA512: + return HASH_SHA512; + default: + return HASH_UNKNOWN; + } +} + +/** + * Check if an algorithm given by its TPM_ALG_ID is supported by the TPM + */ +static bool is_supported_alg(private_tpm_tss_tss2_t *this, TPM_ALG_ID alg_id) +{ + int i; + + if (alg_id == TPM_ALG_ERROR) + { + return FALSE; + } + + for (i = 0; i < this->supported_algs_count; i++) + { + if (this->supported_algs[i] == alg_id) + { + return TRUE; + } + } + + return FALSE; +} + +/** + * Get a list of supported algorithms + */ +static bool get_algs_capability(private_tpm_tss_tss2_t *this) +{ + TPMS_CAPABILITY_DATA cap_data; + TPMI_YES_NO more_data; + TPM_ALG_ID alg; + uint32_t rval, i; + size_t len = BUF_LEN; + char buf[BUF_LEN]; + char *pos = buf; + int written; + + /* get supported algorithms */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ALGS, + 0, TPM_PT_ALGORITHM_SET, &more_data, &cap_data, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM_CAP_ALGS: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* Number of supported algorithms */ + this->supported_algs_count = cap_data.data.algorithms.count; + + /* store and print supported algorithms */ + for (i = 0; i < this->supported_algs_count; i++) + { + alg = cap_data.data.algorithms.algProperties[i].alg; + this->supported_algs[i] = alg; + + written = snprintf(pos, len, " %N", tpm_alg_id_names, alg); + if (written < 0 || written >= len) + { + break; + } + pos += written; + len -= written; + } + DBG2(DBG_PTS, "%s algorithms:%s", LABEL, buf); + + /* get supported ECC curves */ + rval = Tss2_Sys_GetCapability(this->sys_context, 0, TPM_CAP_ECC_CURVES, + 0, TPM_PT_LOADED_CURVES, &more_data, &cap_data, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s GetCapability failed for TPM_ECC_CURVES: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* reset print buffer */ + pos = buf; + len = BUF_LEN; + + /* print supported ECC curves */ + for (i = 0; i < cap_data.data.eccCurves.count; i++) + { + written = snprintf(pos, len, " %N", tpm_ecc_curve_names, + cap_data.data.eccCurves.eccCurves[i]); + if (written < 0 || written >= len) + { + break; + } + pos += written; + len -= written; + } + DBG2(DBG_PTS, "%s ECC curves:%s", LABEL, buf); + + return TRUE; +} + +/** + * Initialize TSS context + */ +static bool initialize_context(private_tpm_tss_tss2_t *this) +{ + size_t tcti_context_size; + uint32_t sys_context_size; + uint32_t rval; + + TCTI_SOCKET_CONF rm_if_config = { DEFAULT_HOSTNAME, + DEFAULT_RESMGR_TPM_PORT + }; + + TSS2_ABI_VERSION abi_version = { TSSWG_INTEROP, + TSS_SAPI_FIRST_FAMILY, + TSS_SAPI_FIRST_LEVEL, + TSS_SAPI_FIRST_VERSION + }; + + /* determine size of tcti context */ + rval = InitSocketTcti(NULL, &tcti_context_size, &rm_if_config, 0); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context size: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* allocate memory for tcti context */ + this->tcti_context = (TSS2_TCTI_CONTEXT*)malloc(tcti_context_size); + + /* initialize tcti context */ + rval = InitSocketTcti(this->tcti_context, &tcti_context_size, + &rm_if_config, 0); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get tcti_context: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* determine size of sys context */ + sys_context_size = Tss2_Sys_GetContextSize(0); + + /* allocate memory for sys context */ + this->sys_context = malloc(sys_context_size); + + /* initialize sys context */ + rval = Tss2_Sys_Initialize(this->sys_context, sys_context_size, + this->tcti_context, &abi_version); + if (rval != TSS2_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not get sys_context: 0x%06x", + LABEL, rval); + return FALSE; + } + + /* get a list of supported algorithms and ECC curves */ + return get_algs_capability(this); +} + +/** + * Finalize TSS context + */ +static void finalize_context(private_tpm_tss_tss2_t *this) +{ + if (this->tcti_context) + { + TeardownSocketTcti(this->tcti_context); + } + if (this->sys_context) + { + Tss2_Sys_Finalize(this->sys_context); + free(this->sys_context); + } +} + +METHOD(tpm_tss_t, get_version, tpm_version_t, + private_tpm_tss_tss2_t *this) +{ + return TPM_VERSION_2_0; +} + +METHOD(tpm_tss_t, get_version_info, chunk_t, + private_tpm_tss_tss2_t *this) +{ + return chunk_empty; +} + +/** + * read the public key portion of a TSS 2.0 AIK key from NVRAM + */ +bool read_public(private_tpm_tss_tss2_t *this, TPMI_DH_OBJECT handle, + TPM2B_PUBLIC *public) +{ + uint32_t rval; + + TPM2B_NAME name = { { sizeof(TPM2B_NAME)-2, } }; + TPM2B_NAME qualified_name = { { sizeof(TPM2B_NAME)-2, } }; + + TPMS_AUTH_RESPONSE session_data; + TSS2_SYS_RSP_AUTHS sessions_data; + TPMS_AUTH_RESPONSE *session_data_array[1]; + + session_data_array[0] = &session_data; + sessions_data.rspAuths = &session_data_array[0]; + sessions_data.rspAuthsCount = 1; + + /* always send simulator platform command, ignored by true RM */ + PlatformCommand(this->tcti_context ,MS_SIM_POWER_ON ); + PlatformCommand(this->tcti_context, MS_SIM_NV_ON ); + + /* read public key for a given object handle from TPM 2.0 NVRAM */ + rval = Tss2_Sys_ReadPublic(this->sys_context, handle, 0, public, &name, + &qualified_name, &sessions_data); + + PlatformCommand(this->tcti_context, MS_SIM_POWER_OFF); + + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s could not read public key from handle 0x%08x: 0x%06x", + LABEL, handle, rval); + return FALSE; + } + return TRUE; +} + +METHOD(tpm_tss_t, generate_aik, bool, + private_tpm_tss_tss2_t *this, chunk_t ca_modulus, chunk_t *aik_blob, + chunk_t *aik_pubkey, chunk_t *identity_req) +{ + return FALSE; +} + +METHOD(tpm_tss_t, get_public, chunk_t, + private_tpm_tss_tss2_t *this, uint32_t handle) +{ + TPM2B_PUBLIC public = { { 0, } }; + TPM_ALG_ID sig_alg, digest_alg; + chunk_t aik_blob, aik_pubkey = chunk_empty; + + if (!read_public(this, handle, &public)) + { + return chunk_empty; + } + + aik_blob = chunk_create((u_char*)&public, sizeof(public)); + DBG3(DBG_LIB, "%s AIK public key blob: %B", LABEL, &aik_blob); + + /* convert TSS 2.0 AIK public key blot into PKCS#1 format */ + switch (public.t.publicArea.type) + { + case TPM_ALG_RSA: + { + TPM2B_PUBLIC_KEY_RSA *rsa; + TPMT_RSA_SCHEME *scheme; + chunk_t aik_exponent, aik_modulus; + + scheme = &public.t.publicArea.parameters.rsaDetail.scheme; + sig_alg = scheme->scheme; + digest_alg = scheme->details.anySig.hashAlg; + + rsa = &public.t.publicArea.unique.rsa; + aik_modulus = chunk_create(rsa->t.buffer, rsa->t.size); + aik_exponent = chunk_from_chars(0x01, 0x00, 0x01); + + /* subjectPublicKeyInfo encoding of AIK RSA key */ + if (!lib->encoding->encode(lib->encoding, PUBKEY_SPKI_ASN1_DER, + NULL, &aik_pubkey, CRED_PART_RSA_MODULUS, aik_modulus, + CRED_PART_RSA_PUB_EXP, aik_exponent, CRED_PART_END)) + { + DBG1(DBG_PTS, "%s subjectPublicKeyInfo encoding of AIK key " + "failed", LABEL); + } + break; + } + case TPM_ALG_ECC: + { + TPMS_ECC_POINT *ecc; + TPMT_ECC_SCHEME *scheme; + chunk_t ecc_point; + uint8_t *pos; + + scheme = &public.t.publicArea.parameters.eccDetail.scheme; + sig_alg = scheme->scheme; + digest_alg = scheme->details.anySig.hashAlg; + + ecc = &public.t.publicArea.unique.ecc; + + /* allocate space for bit string */ + pos = asn1_build_object(&ecc_point, ASN1_BIT_STRING, + 2 + ecc->x.t.size + ecc->y.t.size); + /* bit string length is a multiple of octets */ + *pos++ = 0x00; + /* uncompressed ECC point format */ + *pos++ = 0x04; + /* copy x coordinate of ECC point */ + memcpy(pos, ecc->x.t.buffer, ecc->x.t.size); + pos += ecc->x.t.size; + /* copy y coordinate of ECC point */ + memcpy(pos, ecc->y.t.buffer, ecc->y.t.size); + /* subjectPublicKeyInfo encoding of AIK ECC key */ + aik_pubkey = asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_wrap(ASN1_SEQUENCE, "mm", + asn1_build_known_oid(OID_EC_PUBLICKEY), + asn1_build_known_oid(ecc->x.t.size == 32 ? + OID_PRIME256V1 : OID_SECT384R1)), + ecc_point); + break; + } + default: + DBG1(DBG_PTS, "%s unsupported AIK key type", LABEL); + return chunk_empty; + } + DBG1(DBG_PTS, "AIK signature algorithm is %N with %N hash", + tpm_alg_id_names, sig_alg, tpm_alg_id_names, digest_alg); + return aik_pubkey; +} + +/** + * Configure a PCR Selection assuming a maximum of 24 registers + */ +static bool init_pcr_selection(private_tpm_tss_tss2_t *this, uint32_t pcrs, + hash_algorithm_t alg, TPML_PCR_SELECTION *pcr_sel) +{ + TPM_ALG_ID alg_id; + uint32_t pcr; + + /* check if hash algorithm is supported by TPM */ + alg_id = hash_alg_to_tpm_alg_id(alg); + if (!is_supported_alg(this, alg_id)) + { + DBG1(DBG_PTS, "%s %N hash algorithm not supported by TPM", + LABEL, hash_algorithm_short_names, alg); + return FALSE; + } + + /* initialize the PCR Selection structure,*/ + pcr_sel->count = 1; + pcr_sel->pcrSelections[0].hash = alg_id; + pcr_sel->pcrSelections[0].sizeofSelect = 3; + pcr_sel->pcrSelections[0].pcrSelect[0] = 0; + pcr_sel->pcrSelections[0].pcrSelect[1] = 0; + pcr_sel->pcrSelections[0].pcrSelect[2] = 0; + + /* set the selected PCRs */ + for (pcr = 0; pcr < PLATFORM_PCR; pcr++) + { + if (pcrs & (1 << pcr)) + { + pcr_sel->pcrSelections[0].pcrSelect[pcr / 8] |= ( 1 << (pcr % 8) ); + } + } + return TRUE; +} + +METHOD(tpm_tss_t, read_pcr, bool, + private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value, + hash_algorithm_t alg) +{ + TPML_PCR_SELECTION pcr_selection; + TPML_DIGEST pcr_values; + + uint32_t pcr_update_counter, rval; + uint8_t *pcr_value_ptr; + size_t pcr_value_len; + + if (pcr_num >= PLATFORM_PCR) + { + DBG1(DBG_PTS, "%s maximum number of supported PCR is %d", + LABEL, PLATFORM_PCR); + return FALSE; + } + + if (!init_pcr_selection(this, (1 << pcr_num), alg, &pcr_selection)) + { + return FALSE; + } + + /* initialize the PCR Digest structure */ + memset(&pcr_values, 0, sizeof(TPML_DIGEST)); + + /* read the PCR value */ + rval = Tss2_Sys_PCR_Read(this->sys_context, 0, &pcr_selection, + &pcr_update_counter, &pcr_selection, &pcr_values, 0); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS, "%s PCR bank could not be read: 0x%60x", + LABEL, rval); + return FALSE; + } + pcr_value_ptr = (uint8_t *)pcr_values.digests[0].t.buffer; + pcr_value_len = (size_t) pcr_values.digests[0].t.size; + + *pcr_value = chunk_clone(chunk_create(pcr_value_ptr, pcr_value_len)); + + return TRUE; +} + +METHOD(tpm_tss_t, extend_pcr, bool, + private_tpm_tss_tss2_t *this, uint32_t pcr_num, chunk_t *pcr_value, + chunk_t data, hash_algorithm_t alg) +{ + /* TODO */ + return FALSE; +} + +METHOD(tpm_tss_t, quote, bool, + private_tpm_tss_tss2_t *this, uint32_t aik_handle, uint32_t pcr_sel, + hash_algorithm_t alg, chunk_t data, tpm_quote_mode_t *quote_mode, + tpm_tss_quote_info_t **quote_info, chunk_t *quote_sig) +{ + chunk_t quoted_chunk, qualified_signer, extra_data, clock_info, + firmware_version, pcr_select, pcr_digest; + hash_algorithm_t pcr_digest_alg; + bio_reader_t *reader; + uint32_t rval; + + TPM2B_DATA qualifying_data; + TPML_PCR_SELECTION pcr_selection; + TPM2B_ATTEST quoted = { { sizeof(TPM2B_ATTEST)-2, } }; + TPMT_SIG_SCHEME scheme; + TPMT_SIGNATURE sig; + TPMI_ALG_HASH hash_alg; + TPMS_AUTH_COMMAND session_data_cmd; + TPMS_AUTH_RESPONSE session_data_rsp; + TSS2_SYS_CMD_AUTHS sessions_data_cmd; + TSS2_SYS_RSP_AUTHS sessions_data_rsp; + TPMS_AUTH_COMMAND *session_data_cmd_array[1]; + TPMS_AUTH_RESPONSE *session_data_rsp_array[1]; + + session_data_cmd_array[0] = &session_data_cmd; + session_data_rsp_array[0] = &session_data_rsp; + + sessions_data_cmd.cmdAuths = &session_data_cmd_array[0]; + sessions_data_rsp.rspAuths = &session_data_rsp_array[0]; + + sessions_data_cmd.cmdAuthsCount = 1; + sessions_data_rsp.rspAuthsCount = 1; + + session_data_cmd.sessionHandle = TPM_RS_PW; + session_data_cmd.hmac.t.size = 0; + session_data_cmd.nonce.t.size = 0; + + *( (uint8_t *)((void *)&session_data_cmd.sessionAttributes ) ) = 0; + + qualifying_data.t.size = data.len; + memcpy(qualifying_data.t.buffer, data.ptr, data.len); + + scheme.scheme = TPM_ALG_NULL; + memset(&sig, 0x00, sizeof(sig)); + + /* set Quote mode */ + *quote_mode = TPM_QUOTE_TPM2; + + if (!init_pcr_selection(this, pcr_sel, alg, &pcr_selection)) + { + return FALSE; + } + + rval = Tss2_Sys_Quote(this->sys_context, aik_handle, &sessions_data_cmd, + &qualifying_data, &scheme, &pcr_selection, "ed, + &sig, &sessions_data_rsp); + if (rval != TPM_RC_SUCCESS) + { + DBG1(DBG_PTS,"%s Tss2_Sys_Quote failed: 0x%06x", LABEL, rval); + return FALSE; + } + quoted_chunk = chunk_create(quoted.t.attestationData, quoted.t.size); + + reader = bio_reader_create(chunk_skip(quoted_chunk, 6)); + if (!reader->read_data16(reader, &qualified_signer) || + !reader->read_data16(reader, &extra_data) || + !reader->read_data (reader, 17, &clock_info) || + !reader->read_data (reader, 8, &firmware_version) || + !reader->read_data (reader, 10, &pcr_select) || + !reader->read_data16(reader, &pcr_digest)) + { + DBG1(DBG_PTS, "%s parsing of quoted struct failed", LABEL); + reader->destroy(reader); + return FALSE; + } + reader->destroy(reader); + + DBG2(DBG_PTS, "PCR Composite digest: %B", &pcr_digest); + DBG2(DBG_PTS, "TPM Quote Info: %B", "ed_chunk); + DBG2(DBG_PTS, "qualifiedSigner: %B", &qualified_signer); + DBG2(DBG_PTS, "extraData: %B", &extra_data); + DBG2(DBG_PTS, "clockInfo: %B", &clock_info); + DBG2(DBG_PTS, "firmwareVersion: %B", &firmware_version); + DBG2(DBG_PTS, "pcrSelect: %B", &pcr_select); + + /* extract signature */ + switch (sig.sigAlg) + { + case TPM_ALG_RSASSA: + case TPM_ALG_RSAPSS: + *quote_sig = chunk_clone( + chunk_create( + sig.signature.rsassa.sig.t.buffer, + sig.signature.rsassa.sig.t.size)); + hash_alg = sig.signature.rsassa.hash; + break; + case TPM_ALG_ECDSA: + case TPM_ALG_ECDAA: + case TPM_ALG_SM2: + case TPM_ALG_ECSCHNORR: + *quote_sig = chunk_cat("cc", + chunk_create( + sig.signature.ecdsa.signatureR.t.buffer, + sig.signature.ecdsa.signatureR.t.size), + chunk_create( + sig.signature.ecdsa.signatureS.t.buffer, + sig.signature.ecdsa.signatureS.t.size)); + hash_alg = sig.signature.ecdsa.hash; + break; + default: + DBG1(DBG_PTS, "%s unsupported %N signature algorithm", + LABEL, tpm_alg_id_names, sig.sigAlg); + return FALSE; + }; + + DBG2(DBG_PTS, "PCR digest algorithm is %N", tpm_alg_id_names, hash_alg); + pcr_digest_alg = hash_alg_from_tpm_alg_id(hash_alg); + + DBG2(DBG_PTS, "TPM Quote Signature: %B", quote_sig); + + /* Create and initialize Quote Info object */ + *quote_info = tpm_tss_quote_info_create(*quote_mode, pcr_digest_alg, + pcr_digest); + (*quote_info)->set_tpm2_info(*quote_info, qualified_signer, clock_info, + pcr_select); + (*quote_info)->set_version_info(*quote_info, firmware_version); + + return TRUE; +} + +METHOD(tpm_tss_t, destroy, void, + private_tpm_tss_tss2_t *this) +{ + finalize_context(this); + free(this); +} + +/** + * See header + */ +tpm_tss_t *tpm_tss_tss2_create() +{ + private_tpm_tss_tss2_t *this; + bool available; + + INIT(this, + .public = { + .get_version = _get_version, + .get_version_info = _get_version_info, + .generate_aik = _generate_aik, + .get_public = _get_public, + .read_pcr = _read_pcr, + .extend_pcr = _extend_pcr, + .quote = _quote, + .destroy = _destroy, + }, + ); + + available = initialize_context(this); + DBG1(DBG_PTS, "TPM 2.0 via TSS2 %savailable", available ? "" : "not "); + + if (!available) + { + destroy(this); + return NULL; + } + return &this->public; +} + +#else /* TSS_TSS2 */ + +tpm_tss_t *tpm_tss_tss2_create() +{ + return NULL; +} + +#endif /* TSS_TSS2 */ + + diff --git a/src/libtpmtss/tpm_tss_tss2.h b/src/libtpmtss/tpm_tss_tss2.h new file mode 100644 index 000000000..f3a11e5fd --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2.h @@ -0,0 +1,31 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_tss2 tpm_tss_tss2 + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_TSS2_H_ +#define TPM_TSS_TSS2_H_ + +#include "tpm_tss.h" + +/** + * Create a tpm_tss_tss2 instance. + */ +tpm_tss_t *tpm_tss_tss2_create(); + +#endif /** TPM_TSS_TSS2_H_ @}*/ diff --git a/src/libtpmtss/tpm_tss_tss2_names.c b/src/libtpmtss/tpm_tss_tss2_names.c new file mode 100644 index 000000000..9185aa374 --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2_names.c @@ -0,0 +1,123 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include "tpm_tss_tss2_names.h" + +#ifdef TSS_TSS2 + +#include <tss2/tpm20.h> + +#ifndef TPM_ALG_ECMQV +#define TPM_ALG_ECMQV (TPM_ALG_ID)0x001D +#endif + +#ifndef TPM_ALG_CAMELLIA +#define TPM_ALG_CAMELLIA (TPM_ALG_ID)0x0026 +#endif + +/** + * TPM 2.0 algorithm ID names + */ +ENUM_BEGIN(tpm_alg_id_names, TPM_ALG_ERROR, TPM_ALG_RSA, + "ERROR", + "RSA" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SHA1, TPM_ALG_KEYEDHASH, TPM_ALG_RSA, + "SHA1", + "HMAC", + "AES", + "MGF1", + "KEYEDHASH" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_XOR, TPM_ALG_SHA512, TPM_ALG_KEYEDHASH, + "XOR", + "SHA256", + "SHA384", + "SHA512" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_NULL, TPM_ALG_NULL, TPM_ALG_SHA512, + "NULL" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SM3_256, TPM_ALG_ECMQV, TPM_ALG_NULL, + "SM3_256", + "SM4", + "RSASSA", + "RSAES", + "RSAPSS", + "OAEP", + "ECDSA", + "ECDH", + "SM2", + "ECSCHNORR", + "ECMQV" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_KDF1_SP800_56A, TPM_ALG_ECC, TPM_ALG_ECMQV, + "KDF1_SP800_56A", + "KDF2", + "KDF1_SP800_108", + "ECC" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_SYMCIPHER, TPM_ALG_CAMELLIA, TPM_ALG_ECC, + "SYMCIPHER", + "CAMELLIA" +); +ENUM_NEXT(tpm_alg_id_names, TPM_ALG_CTR, TPM_ALG_ECB, TPM_ALG_CAMELLIA, + "CTR", + "OFB", + "CBC", + "CFB", + "ECB" +); +ENUM_END(tpm_alg_id_names, TPM_ALG_ECB); + +/** + * TPM 2.0 ECC curve names + */ +ENUM_BEGIN(tpm_ecc_curve_names, TPM_ECC_NONE, TPM_ECC_NIST_P521, + "NONE", + "NIST_P192", + "NIST_P224", + "NIST_P256", + "NIST_P384", + "NIST_P521" +); +ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_BN_P256, TPM_ECC_BN_P638, TPM_ECC_NIST_P521, + "BN_P256", + "BN_P638" +); +ENUM_NEXT(tpm_ecc_curve_names, TPM_ECC_SM2_P256, TPM_ECC_SM2_P256, TPM_ECC_BN_P638, + "SM2_P256" +); +ENUM_END(tpm_ecc_curve_names, TPM_ECC_SM2_P256); + +#else /* TSS_TSS2 */ + +/** + * TPM 2.0 algorithm ID names + */ +ENUM(tpm_alg_id_names, 0, 0, + "ERROR" +); + +/** + * TPM 2.0 ECC curve names + */ +ENUM(tpm_ecc_curve_names, 0, 0, + "NONE" +); + +#endif /* TSS_TSS2 */ + + diff --git a/src/libtpmtss/tpm_tss_tss2_names.h b/src/libtpmtss/tpm_tss_tss2_names.h new file mode 100644 index 000000000..c2a834493 --- /dev/null +++ b/src/libtpmtss/tpm_tss_tss2_names.h @@ -0,0 +1,30 @@ +/* + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +/** + * @defgroup tpm_tss_tss2_names tpm_tss_tss2_names + * @{ @ingroup libtpmtss + */ + +#ifndef TPM_TSS_TSS2_NAMES_H_ +#define TPM_TSS_TSS2_NAMES_H_ + +#include <library.h> + +extern enum_name_t *tpm_alg_id_names; + +extern enum_name_t *tpm_ecc_curve_names; + +#endif /** TPM_TSS_TSS2_NAMES_H_ @}*/ diff --git a/src/manager/Makefile.in b/src/manager/Makefile.in index 9beaab0a3..a1ad709f4 100644 --- a/src/manager/Makefile.in +++ b/src/manager/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ manager_PROGRAMS = manager.fcgi$(EXEEXT) subdir = src/manager -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -219,12 +228,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -274,6 +285,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -308,6 +320,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -419,6 +432,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -518,7 +532,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/manager/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/manager/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1036,6 +1049,8 @@ uninstall-am: uninstall-managerPROGRAMS \ uninstall-manager_templates_ikesaDATA \ uninstall-manager_templates_staticDATA +.PRECIOUS: Makefile + main.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/manager/controller/control_controller.c b/src/manager/controller/control_controller.c index f275986d2..a8db2f272 100644 --- a/src/manager/controller/control_controller.c +++ b/src/manager/controller/control_controller.c @@ -109,7 +109,7 @@ static void initiate(private_control_controller_t *this, fast_request_t *r, * terminate an IKE or CHILD SA */ static void terminate(private_control_controller_t *this, fast_request_t *r, - bool ike, u_int32_t id) + bool ike, uint32_t id) { gateway_t *gateway; enumerator_t *e; @@ -140,7 +140,7 @@ METHOD(fast_controller_t, handle, void, } if (action) { - u_int32_t id; + uint32_t id; if (streq(action, "terminateike")) { diff --git a/src/manager/gateway.c b/src/manager/gateway.c index 8a8fbe895..58ee6ab54 100644 --- a/src/manager/gateway.c +++ b/src/manager/gateway.c @@ -317,7 +317,7 @@ METHOD(gateway_t, initiate, enumerator_t*, } METHOD(gateway_t, terminate, enumerator_t*, - private_gateway_t *this, bool ike, u_int32_t id) + private_gateway_t *this, bool ike, uint32_t id) { char *str, *kind; diff --git a/src/manager/gateway.h b/src/manager/gateway.h index 5792ebf02..1f62d2365 100644 --- a/src/manager/gateway.h +++ b/src/manager/gateway.h @@ -61,7 +61,7 @@ struct gateway_t { * @param id ID of the SA to terminate * @return enumerator over control response XML children */ - enumerator_t* (*terminate)(gateway_t *this, bool ike, u_int32_t id); + enumerator_t* (*terminate)(gateway_t *this, bool ike, uint32_t id); /** * Initiate an IKE or a CHILD SA. diff --git a/src/medsrv/Makefile.in b/src/medsrv/Makefile.in index c367841df..44ed9f82f 100644 --- a/src/medsrv/Makefile.in +++ b/src/medsrv/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ medsrv_PROGRAMS = medsrv.fcgi$(EXEEXT) subdir = src/medsrv -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -208,12 +217,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -263,6 +274,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -297,6 +309,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -408,6 +421,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -493,7 +507,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/medsrv/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/medsrv/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -934,6 +947,8 @@ uninstall-am: uninstall-medsrvPROGRAMS uninstall-medsrv_templatesDATA \ uninstall-medsrv_templates_staticDATA \ uninstall-medsrv_templates_userDATA +.PRECIOUS: Makefile + main.o : $(top_builddir)/config.status # Tell versions [3.59,3.63) of GNU make to not export all variables. diff --git a/src/pki/Makefile.am b/src/pki/Makefile.am index 261e41c16..1153794cd 100644 --- a/src/pki/Makefile.am +++ b/src/pki/Makefile.am @@ -19,7 +19,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \ pki_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) pki.o : $(top_builddir)/config.status diff --git a/src/pki/Makefile.in b/src/pki/Makefile.in index 4b206c9c9..7b900f238 100644 --- a/src/pki/Makefile.in +++ b/src/pki/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ bin_PROGRAMS = pki$(EXEEXT) subdir = src/pki -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -113,7 +122,8 @@ am_pki_OBJECTS = pki.$(OBJEXT) command.$(OBJEXT) \ pki_OBJECTS = $(am_pki_OBJECTS) am__DEPENDENCIES_1 = pki_DEPENDENCIES = $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -195,6 +205,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -226,6 +237,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -275,6 +287,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -309,6 +322,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -420,6 +434,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -466,7 +481,7 @@ pki_SOURCES = pki.c pki.h command.c command.h \ pki_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -488,7 +503,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pki/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -926,6 +940,8 @@ uninstall-am: uninstall-binPROGRAMS mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-binPROGRAMS +.PRECIOUS: Makefile + pki.o : $(top_builddir)/config.status diff --git a/src/pki/man/Makefile.in b/src/pki/man/Makefile.in index e61230929..982a1175f 100644 --- a/src/pki/man/Makefile.in +++ b/src/pki/man/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,14 +88,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/pki/man -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/pki.1.in $(srcdir)/pki---acert.1.in \ - $(srcdir)/pki---dn.1.in $(srcdir)/pki---gen.1.in \ - $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \ - $(srcdir)/pki---pkcs12.1.in $(srcdir)/pki---pkcs7.1.in \ - $(srcdir)/pki---print.1.in $(srcdir)/pki---pub.1.in \ - $(srcdir)/pki---req.1.in $(srcdir)/pki---self.1.in \ - $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---verify.1.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,6 +101,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = pki.1 pki---acert.1 pki---dn.1 pki---gen.1 \ @@ -157,12 +160,21 @@ am__installdirs = "$(DESTDIR)$(man1dir)" NROFF = nroff MANS = $(man1_MANS) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/pki---acert.1.in \ + $(srcdir)/pki---dn.1.in $(srcdir)/pki---gen.1.in \ + $(srcdir)/pki---issue.1.in $(srcdir)/pki---keyid.1.in \ + $(srcdir)/pki---pkcs12.1.in $(srcdir)/pki---pkcs7.1.in \ + $(srcdir)/pki---print.1.in $(srcdir)/pki---pub.1.in \ + $(srcdir)/pki---req.1.in $(srcdir)/pki---self.1.in \ + $(srcdir)/pki---signcrl.1.in $(srcdir)/pki---verify.1.in \ + $(srcdir)/pki.1.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -212,6 +224,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -246,6 +259,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -357,6 +371,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -416,7 +431,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pki/man/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pki/man/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -667,6 +681,8 @@ uninstall-man: uninstall-man1 ps ps-am tags-am uninstall uninstall-am uninstall-man \ uninstall-man1 +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/pool/Makefile.in b/src/pool/Makefile.in index 3d9adb14d..8b73403e7 100644 --- a/src/pool/Makefile.in +++ b/src/pool/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -81,8 +91,6 @@ build_triplet = @build@ host_triplet = @host@ @USE_ATTR_SQL_TRUE@ipsec_PROGRAMS = pool$(EXEEXT) subdir = src/pool -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(dist_templates_DATA) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +104,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(dist_templates_DATA) \ + $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -202,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -257,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -291,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -402,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -461,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pool/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pool/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -802,6 +816,8 @@ uninstall-am: uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS tags tags-am uninstall uninstall-am \ uninstall-dist_templatesDATA uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + @USE_ATTR_SQL_TRUE@pool.o : $(top_builddir)/config.status diff --git a/src/pool/sqlite.sql b/src/pool/sqlite.sql index 78012630b..a35094073 100644 --- a/src/pool/sqlite.sql +++ b/src/pool/sqlite.sql @@ -37,7 +37,7 @@ CREATE TABLE child_config_traffic_selector ( traffic_selector INTEGER NOT NULL, kind INTEGER NOT NULL ); -DROP INDEX IF EXISTS child_config_traffic_selector; +DROP INDEX IF EXISTS child_config_traffic_selector_all; CREATE INDEX child_config_traffic_selector_all ON child_config_traffic_selector ( child_cfg, traffic_selector ); diff --git a/src/pt-tls-client/Makefile.in b/src/pt-tls-client/Makefile.in index 2ab3cbf3d..b2c9c9598 100644 --- a/src/pt-tls-client/Makefile.in +++ b/src/pt-tls-client/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = pt-tls-client$(EXEEXT) subdir = src/pt-tls-client -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -172,12 +181,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -227,6 +238,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -261,6 +273,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -372,6 +385,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -432,7 +446,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/pt-tls-client/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/pt-tls-client/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -748,6 +761,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + pt-tls-client.o : $(top_builddir)/config.status diff --git a/src/pt-tls-client/pt-tls-client.c b/src/pt-tls-client/pt-tls-client.c index 3a179af17..b91997ddd 100644 --- a/src/pt-tls-client/pt-tls-client.c +++ b/src/pt-tls-client/pt-tls-client.c @@ -50,7 +50,7 @@ static void usage(FILE *out) /** * Client routine */ -static int client(char *address, u_int16_t port, char *identity) +static int client(char *address, uint16_t port, char *identity) { pt_tls_client_t *assessment; tls_t *tnccs; diff --git a/src/scepclient/Makefile.in b/src/scepclient/Makefile.in index 141db6993..1fdea8a7b 100644 --- a/src/scepclient/Makefile.in +++ b/src/scepclient/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = scepclient$(EXEEXT) subdir = src/scepclient -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp $(dist_man_MANS) ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -199,12 +208,15 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ + $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -254,6 +266,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -288,6 +301,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -399,6 +413,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -456,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/scepclient/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/scepclient/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -819,6 +833,8 @@ uninstall-man: uninstall-man8 pdf pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-ipsecPROGRAMS uninstall-man uninstall-man8 +.PRECIOUS: Makefile + scepclient.o : $(top_builddir)/config.status diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am index 8341ca3ee..873c20ace 100644 --- a/src/starter/Makefile.am +++ b/src/starter/Makefile.am @@ -28,13 +28,16 @@ AM_CPPFLAGS = \ -DPLUGINS=\""${starter_plugins}\"" \ -DDEBUG +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_YFLAGS = -v -d starter_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ libstarter.la \ - $(SOCKLIB) $(PTHREADLIB) + $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB) EXTRA_DIST = keywords.txt ipsec.conf Android.mk MAINTAINERCLEANFILES = keywords.c diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in index 31e0e9d42..19753de4f 100644 --- a/src/starter/Makefile.in +++ b/src/starter/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -83,9 +93,6 @@ ipsec_PROGRAMS = starter$(EXEEXT) @USE_LOAD_WARNING_TRUE@am__append_1 = -DLOAD_WARNING @USE_SCEPCLIENT_TRUE@am__append_2 = -DGENERATE_SELFCERT subdir = src/starter -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - parser/parser.h parser/parser.c parser/lexer.c \ - $(top_srcdir)/depcomp $(top_srcdir)/ylwrap ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -99,6 +106,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -124,7 +132,8 @@ am__DEPENDENCIES_1 = starter_DEPENDENCIES = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la libstarter.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false @@ -219,6 +228,9 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp \ + $(top_srcdir)/ylwrap parser/lexer.c parser/parser.c \ + parser/parser.h DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -250,6 +262,7 @@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -299,6 +312,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -333,6 +347,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -444,6 +459,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -495,12 +511,15 @@ AM_CPPFLAGS = -I${linux_headers} -I$(top_srcdir)/src/libstrongswan \ -DDEV_URANDOM=\"${urandom_device}\" \ -DPLUGINS=\""${starter_plugins}\"" -DDEBUG $(am__append_1) \ $(am__append_2) +AM_CFLAGS = \ + @COVERAGE_CFLAGS@ + AM_YFLAGS = -v -d starter_LDADD = \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ $(top_builddir)/src/libcharon/libcharon.la \ libstarter.la \ - $(SOCKLIB) $(PTHREADLIB) + $(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB) EXTRA_DIST = keywords.txt ipsec.conf Android.mk MAINTAINERCLEANFILES = keywords.c @@ -522,7 +541,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/starter/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -971,6 +989,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + keywords.c: $(srcdir)/keywords.txt $(srcdir)/keywords.h $(AM_V_GEN) \ diff --git a/src/starter/confread.c b/src/starter/confread.c index 897aa423e..33924b065 100644 --- a/src/starter/confread.c +++ b/src/starter/confread.c @@ -331,7 +331,7 @@ static void kw_end(starter_conn_t *conn, starter_end_t *end, kw_token_t token, DBG1(DBG_APP, "# bad protocol: %s=%s", key, value); goto err; } - end->protocol = (u_int8_t)p; + end->protocol = (uint8_t)p; } } if (streq(port, "%any")) diff --git a/src/starter/confread.h b/src/starter/confread.h index 457327f18..45f34ce23 100644 --- a/src/starter/confread.h +++ b/src/starter/confread.h @@ -106,9 +106,9 @@ struct starter_end { bool hostaccess; bool allow_any; char *updown; - u_int16_t from_port; - u_int16_t to_port; - u_int8_t protocol; + uint16_t from_port; + uint16_t to_port; + uint8_t protocol; char *sourceip; char *dns; }; @@ -133,17 +133,17 @@ struct starter_conn { time_t sa_ike_life_seconds; time_t sa_ipsec_life_seconds; time_t sa_rekey_margin; - u_int64_t sa_ipsec_life_bytes; - u_int64_t sa_ipsec_margin_bytes; - u_int64_t sa_ipsec_life_packets; - u_int64_t sa_ipsec_margin_packets; + uint64_t sa_ipsec_life_bytes; + uint64_t sa_ipsec_margin_bytes; + uint64_t sa_ipsec_life_packets; + uint64_t sa_ipsec_margin_packets; unsigned long sa_keying_tries; unsigned long sa_rekey_fuzz; - u_int32_t reqid; + uint32_t reqid; mark_t mark_in; mark_t mark_out; - u_int32_t replay_window; - u_int32_t tfc; + uint32_t replay_window; + uint32_t tfc; bool install_policy; bool aggressive; starter_end_t left, right; diff --git a/src/starter/parser/lexer.c b/src/starter/parser/lexer.c index a0937710e..afca86341 100644 --- a/src/starter/parser/lexer.c +++ b/src/starter/parser/lexer.c @@ -16,8 +16,8 @@ #define FLEX_SCANNER #define YY_FLEX_MAJOR_VERSION 2 -#define YY_FLEX_MINOR_VERSION 5 -#define YY_FLEX_SUBMINOR_VERSION 35 +#define YY_FLEX_MINOR_VERSION 6 +#define YY_FLEX_SUBMINOR_VERSION 0 #if YY_FLEX_SUBMINOR_VERSION > 0 #define FLEX_BETA #endif @@ -221,6 +221,11 @@ typedef void* yyscan_t; typedef struct yy_buffer_state *YY_BUFFER_STATE; #endif +#ifndef YY_TYPEDEF_YY_SIZE_T +#define YY_TYPEDEF_YY_SIZE_T +typedef size_t yy_size_t; +#endif + /* %if-not-reentrant */ /* %endif */ @@ -247,6 +252,13 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; if ( yytext[yyl] == '\n' )\ --yylineno;\ }while(0) + #define YY_LINENO_REWIND_TO(dst) \ + do {\ + const char *p;\ + for ( p = yy_cp-1; p >= (dst); --p)\ + if ( *p == '\n' )\ + --yylineno;\ + }while(0) /* Return all but the first "n" matched characters back to the input stream. */ #define yyless(n) \ @@ -264,11 +276,6 @@ typedef struct yy_buffer_state *YY_BUFFER_STATE; #define unput(c) yyunput( c, yyg->yytext_ptr , yyscanner ) -#ifndef YY_TYPEDEF_YY_SIZE_T -#define YY_TYPEDEF_YY_SIZE_T -typedef size_t yy_size_t; -#endif - #ifndef YY_STRUCT_YY_BUFFER_STATE #define YY_STRUCT_YY_BUFFER_STATE struct yy_buffer_state @@ -388,7 +395,7 @@ static void conf_parser__init_buffer (YY_BUFFER_STATE b,FILE *file ,yyscan_t yys YY_BUFFER_STATE conf_parser__scan_buffer (char *base,yy_size_t size ,yyscan_t yyscanner ); YY_BUFFER_STATE conf_parser__scan_string (yyconst char *yy_str ,yyscan_t yyscanner ); -YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char *bytes,int len ,yyscan_t yyscanner ); +YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char *bytes,yy_size_t len ,yyscan_t yyscanner ); /* %endif */ @@ -423,7 +430,7 @@ void conf_parser_free (void * ,yyscan_t yyscanner ); /* %% [1.0] yytext/yyin/yyout/yy_state_type/yylineno etc. def's & init go here */ /* Begin user sect3 */ -#define conf_parser_wrap(n) 1 +#define conf_parser_wrap(yyscanner) (/*CONSTCOND*/1) #define YY_SKIP_YYWRAP #define FLEX_DEBUG @@ -434,11 +441,16 @@ typedef int yy_state_type; #define yytext_ptr yytext_r +/* %% [1.5] DFA */ + /* %if-c-only Standard (non-C++) definition */ static yy_state_type yy_get_previous_state (yyscan_t yyscanner ); static yy_state_type yy_try_NUL_trans (yy_state_type current_state ,yyscan_t yyscanner); static int yy_get_next_buffer (yyscan_t yyscanner ); +#if defined(__GNUC__) && __GNUC__ >= 3 +__attribute__((__noreturn__)) +#endif static void yy_fatal_error (yyconst char msg[] ,yyscan_t yyscanner ); /* %endif */ @@ -477,7 +489,7 @@ static yyconst flex_int16_t yy_accept[80] = 0, 1, 10, 10, 0, 0, 0, 7, 0 } ; -static yyconst flex_int32_t yy_ec[256] = +static yyconst YY_CHAR yy_ec[256] = { 0, 1, 1, 1, 1, 1, 1, 1, 1, 2, 3, 1, 1, 4, 1, 1, 1, 1, 1, 1, 1, @@ -509,14 +521,14 @@ static yyconst flex_int32_t yy_ec[256] = 1, 1, 1, 1, 1 } ; -static yyconst flex_int32_t yy_meta[28] = +static yyconst YY_CHAR yy_meta[28] = { 0, 1, 2, 3, 1, 2, 4, 2, 5, 1, 6, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 } ; -static yyconst flex_int16_t yy_base[91] = +static yyconst flex_uint16_t yy_base[91] = { 0, 0, 16, 41, 50, 4, 5, 101, 0, 24, 184, 184, 0, 184, 92, 79, 32, 16, 83, 0, 184, @@ -542,7 +554,7 @@ static yyconst flex_int16_t yy_def[91] = 79, 79, 79, 79, 79, 79, 79, 79, 79, 79 } ; -static yyconst flex_int16_t yy_nxt[212] = +static yyconst flex_uint16_t yy_nxt[212] = { 0, 79, 9, 10, 79, 9, 11, 12, 13, 14, 24, 24, 79, 79, 25, 25, 52, 15, 16, 10, 53, @@ -657,7 +669,7 @@ static void include_files(parser_helper_t *ctx); /* state used to scan quoted strings */ -#line 661 "parser/lexer.c" +#line 673 "parser/lexer.c" #define INITIAL 0 #define inc 1 @@ -694,7 +706,7 @@ struct yyguts_t YY_BUFFER_STATE * yy_buffer_stack; /**< Stack as an array. */ char yy_hold_char; int yy_n_chars; - int yyleng_r; + yy_size_t yyleng_r; char *yy_c_buf_p; int yy_init; int yy_start; @@ -751,19 +763,23 @@ void conf_parser_set_extra (YY_EXTRA_TYPE user_defined ,yyscan_t yyscanner ); FILE *conf_parser_get_in (yyscan_t yyscanner ); -void conf_parser_set_in (FILE * in_str ,yyscan_t yyscanner ); +void conf_parser_set_in (FILE * _in_str ,yyscan_t yyscanner ); FILE *conf_parser_get_out (yyscan_t yyscanner ); -void conf_parser_set_out (FILE * out_str ,yyscan_t yyscanner ); +void conf_parser_set_out (FILE * _out_str ,yyscan_t yyscanner ); -int conf_parser_get_leng (yyscan_t yyscanner ); +yy_size_t conf_parser_get_leng (yyscan_t yyscanner ); char *conf_parser_get_text (yyscan_t yyscanner ); int conf_parser_get_lineno (yyscan_t yyscanner ); -void conf_parser_set_lineno (int line_number ,yyscan_t yyscanner ); +void conf_parser_set_lineno (int _line_number ,yyscan_t yyscanner ); + +int conf_parser_get_column (yyscan_t yyscanner ); + +void conf_parser_set_column (int _column_no ,yyscan_t yyscanner ); /* %if-bison-bridge */ @@ -787,8 +803,11 @@ extern int conf_parser_wrap (yyscan_t yyscanner ); /* %not-for-header */ +#ifndef YY_NO_UNPUT + static void yyunput (int c,char *buf_ptr ,yyscan_t yyscanner); +#endif /* %ok-for-header */ /* %endif */ @@ -817,7 +836,7 @@ static int input (yyscan_t yyscanner ); /* %if-c-only */ - static void yy_push_state (int new_state ,yyscan_t yyscanner); + static void yy_push_state (int _new_state ,yyscan_t yyscanner); static void yy_pop_state (yyscan_t yyscanner ); @@ -947,7 +966,7 @@ extern int conf_parser_lex \ /* Code executed at the end of each rule. */ #ifndef YY_BREAK -#define YY_BREAK break; +#define YY_BREAK /*LINTED*/break; #endif /* %% [6.0] YY_RULE_SETUP definition goes here */ @@ -963,17 +982,11 @@ extern int conf_parser_lex \ */ YY_DECL { - register yy_state_type yy_current_state; - register char *yy_cp, *yy_bp; - register int yy_act; + yy_state_type yy_current_state; + char *yy_cp, *yy_bp; + int yy_act; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; -/* %% [7.0] user's declarations go here */ -#line 58 "parser/lexer.l" - - -#line 976 "parser/lexer.c" - yylval = yylval_param; if ( !yyg->yy_init ) @@ -1010,7 +1023,14 @@ YY_DECL conf_parser__load_buffer_state(yyscanner ); } - while ( 1 ) /* loops until end-of-file is reached */ + { +/* %% [7.0] user's declarations go here */ +#line 58 "parser/lexer.l" + + +#line 1032 "parser/lexer.c" + + while ( /*CONSTCOND*/1 ) /* loops until end-of-file is reached */ { /* %% [8.0] yymore()-related code goes here */ yy_cp = yyg->yy_c_buf_p; @@ -1029,7 +1049,7 @@ YY_DECL yy_match: do { - register YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)]; + YY_CHAR yy_c = yy_ec[YY_SC_TO_UI(*yy_cp)] ; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1062,7 +1082,7 @@ yy_find_action: if ( yy_act != YY_END_OF_BUFFER && yy_rule_can_match_eol[yy_act] ) { - int yyl; + yy_size_t yyl; for ( yyl = 0; yyl < yyleng; ++yyl ) if ( yytext[yyl] == '\n' ) @@ -1153,6 +1173,7 @@ return CA; case 10: /* rule 10 can match eol */ *yy_cp = yyg->yy_hold_char; /* undo effects of setting up yytext */ +YY_LINENO_REWIND_TO(yy_cp - 1); yyg->yy_c_buf_p = yy_cp -= 1; YY_DO_BEFORE_ACTION; /* set up yytext again */ YY_RULE_SETUP @@ -1238,6 +1259,7 @@ YY_RULE_SETUP case 18: #line 125 "parser/lexer.l" +YY_RULE_SETUP case YY_STATE_EOF(str): #line 125 "parser/lexer.l" case 19: @@ -1313,7 +1335,7 @@ YY_RULE_SETUP #line 163 "parser/lexer.l" YY_FATAL_ERROR( "flex scanner jammed" ); YY_BREAK -#line 1317 "parser/lexer.c" +#line 1339 "parser/lexer.c" case YY_END_OF_BUFFER: { @@ -1336,7 +1358,11 @@ YY_FATAL_ERROR( "flex scanner jammed" ); * back-up) that will match for the new input source. */ yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; +/* %if-c-only */ YY_CURRENT_BUFFER_LVALUE->yy_input_file = yyin; +/* %endif */ +/* %if-c++-only */ +/* %endif */ YY_CURRENT_BUFFER_LVALUE->yy_buffer_status = YY_BUFFER_NORMAL; } @@ -1443,6 +1469,7 @@ YY_FATAL_ERROR( "flex scanner jammed" ); "fatal flex scanner internal error--no action found" ); } /* end of action switch */ } /* end of scanning one token */ + } /* end of user's declarations */ } /* end of conf_parser_lex */ /* %ok-for-header */ @@ -1467,9 +1494,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %endif */ { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - register char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; - register char *source = yyg->yytext_ptr; - register int number_to_move, i; + char *dest = YY_CURRENT_BUFFER_LVALUE->yy_ch_buf; + char *source = yyg->yytext_ptr; + yy_size_t number_to_move, i; int ret_val; if ( yyg->yy_c_buf_p > &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[yyg->yy_n_chars + 1] ) @@ -1498,7 +1525,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Try to read more data. */ /* First move last chars to start of buffer. */ - number_to_move = (int) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; + number_to_move = (yy_size_t) (yyg->yy_c_buf_p - yyg->yytext_ptr) - 1; for ( i = 0; i < number_to_move; ++i ) *(dest++) = *(source++); @@ -1511,21 +1538,21 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { - int num_to_read = + yy_size_t num_to_read = YY_CURRENT_BUFFER_LVALUE->yy_buf_size - number_to_move - 1; while ( num_to_read <= 0 ) { /* Not enough room in the buffer - grow it. */ /* just a shorter name for the current buffer */ - YY_BUFFER_STATE b = YY_CURRENT_BUFFER; + YY_BUFFER_STATE b = YY_CURRENT_BUFFER_LVALUE; int yy_c_buf_p_offset = (int) (yyg->yy_c_buf_p - b->yy_ch_buf); if ( b->yy_is_our_buffer ) { - int new_size = b->yy_buf_size * 2; + yy_size_t new_size = b->yy_buf_size * 2; if ( new_size <= 0 ) b->yy_buf_size += b->yy_buf_size / 8; @@ -1556,7 +1583,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* Read in more data. */ YY_INPUT( (&YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]), - yyg->yy_n_chars, (size_t) num_to_read ); + yyg->yy_n_chars, num_to_read ); YY_CURRENT_BUFFER_LVALUE->yy_n_chars = yyg->yy_n_chars; } @@ -1580,9 +1607,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else ret_val = EOB_ACT_CONTINUE_SCAN; - if ((yy_size_t) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { + if ((int) (yyg->yy_n_chars + number_to_move) > YY_CURRENT_BUFFER_LVALUE->yy_buf_size) { /* Extend the array by 50%, plus the number we really need. */ - yy_size_t new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); + int new_size = yyg->yy_n_chars + number_to_move + (yyg->yy_n_chars >> 1); YY_CURRENT_BUFFER_LVALUE->yy_ch_buf = (char *) conf_parser_realloc((void *) YY_CURRENT_BUFFER_LVALUE->yy_ch_buf,new_size ,yyscanner ); if ( ! YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) YY_FATAL_ERROR( "out of dynamic memory in yy_get_next_buffer()" ); @@ -1607,8 +1634,8 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register yy_state_type yy_current_state; - register char *yy_cp; + yy_state_type yy_current_state; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* %% [15.0] code to get the start state into yy_current_state goes here */ @@ -1618,7 +1645,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) for ( yy_cp = yyg->yytext_ptr + YY_MORE_ADJ; yy_cp < yyg->yy_c_buf_p; ++yy_cp ) { /* %% [16.0] code to find the next state goes here */ - register YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); + YY_CHAR yy_c = (*yy_cp ? yy_ec[YY_SC_TO_UI(*yy_cp)] : 1); if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1647,12 +1674,12 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - register int yy_is_jam; + int yy_is_jam; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* This var may be unused depending upon options. */ /* %% [17.0] code to find the next state, and perhaps do backing up, goes here */ - register char *yy_cp = yyg->yy_c_buf_p; + char *yy_cp = yyg->yy_c_buf_p; - register YY_CHAR yy_c = 1; + YY_CHAR yy_c = 1; if ( yy_accept[yy_current_state] ) { yyg->yy_last_accepting_state = yy_current_state; @@ -1667,17 +1694,19 @@ static int yy_get_next_buffer (yyscan_t yyscanner) yy_current_state = yy_nxt[yy_base[yy_current_state] + (unsigned int) yy_c]; yy_is_jam = (yy_current_state == 79); + (void)yyg; return yy_is_jam ? 0 : yy_current_state; } +#ifndef YY_NO_UNPUT /* %if-c-only */ - static void yyunput (int c, register char * yy_bp , yyscan_t yyscanner) + static void yyunput (int c, char * yy_bp , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ { - register char *yy_cp; + char *yy_cp; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yy_cp = yyg->yy_c_buf_p; @@ -1688,10 +1717,10 @@ static int yy_get_next_buffer (yyscan_t yyscanner) if ( yy_cp < YY_CURRENT_BUFFER_LVALUE->yy_ch_buf + 2 ) { /* need to shift things up to make room */ /* +2 for EOB chars. */ - register int number_to_move = yyg->yy_n_chars + 2; - register char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ + yy_size_t number_to_move = yyg->yy_n_chars + 2; + char *dest = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[ YY_CURRENT_BUFFER_LVALUE->yy_buf_size + 2]; - register char *source = + char *source = &YY_CURRENT_BUFFER_LVALUE->yy_ch_buf[number_to_move]; while ( source > YY_CURRENT_BUFFER_LVALUE->yy_ch_buf ) @@ -1721,6 +1750,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) /* %if-c-only */ /* %endif */ +#endif /* %if-c-only */ #ifndef YY_NO_INPUT @@ -1751,7 +1781,7 @@ static int yy_get_next_buffer (yyscan_t yyscanner) else { /* need more input */ - int offset = yyg->yy_c_buf_p - yyg->yytext_ptr; + yy_size_t offset = yyg->yy_c_buf_p - yyg->yytext_ptr; ++yyg->yy_c_buf_p; switch ( yy_get_next_buffer( yyscanner ) ) @@ -1835,6 +1865,9 @@ static int yy_get_next_buffer (yyscan_t yyscanner) conf_parser__load_buffer_state(yyscanner ); } +/* %if-c++-only */ +/* %endif */ + /** Switch to a different input buffer. * @param new_buffer The new input buffer. * @param yyscanner The scanner object. @@ -1884,7 +1917,11 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; yyg->yy_n_chars = YY_CURRENT_BUFFER_LVALUE->yy_n_chars; yyg->yytext_ptr = yyg->yy_c_buf_p = YY_CURRENT_BUFFER_LVALUE->yy_buf_pos; +/* %if-c-only */ yyin = YY_CURRENT_BUFFER_LVALUE->yy_input_file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ yyg->yy_hold_char = *yyg->yy_c_buf_p; } @@ -1906,7 +1943,7 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) if ( ! b ) YY_FATAL_ERROR( "out of dynamic memory in conf_parser__create_buffer()" ); - b->yy_buf_size = size; + b->yy_buf_size = (yy_size_t)size; /* yy_ch_buf has to be 2 characters longer than the size given because * we need to put in 2 end-of-buffer characters. @@ -1922,6 +1959,9 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) return b; } +/* %if-c++-only */ +/* %endif */ + /** Destroy the buffer. * @param b a buffer created with conf_parser__create_buffer() * @param yyscanner The scanner object. @@ -1946,17 +1986,6 @@ static void conf_parser__load_buffer_state (yyscan_t yyscanner) conf_parser_free((void *) b ,yyscanner ); } -/* %if-c-only */ - -#ifndef __cplusplus -extern int isatty (int ); -#endif /* __cplusplus */ - -/* %endif */ - -/* %if-c++-only */ -/* %endif */ - /* Initializes or reinitializes a buffer. * This function is sometimes called more than once on the same buffer, * such as during a conf_parser_restart() or at EOF. @@ -1973,7 +2002,11 @@ extern int isatty (int ); conf_parser__flush_buffer(b ,yyscanner); +/* %if-c-only */ b->yy_input_file = file; +/* %endif */ +/* %if-c++-only */ +/* %endif */ b->yy_fill_buffer = 1; /* If b is the current buffer, then conf_parser__init_buffer was _probably_ @@ -2103,7 +2136,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner) /* %if-c++-only */ /* %endif */ { - int num_to_alloc; + yy_size_t num_to_alloc; struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; if (!yyg->yy_buffer_stack) { @@ -2112,7 +2145,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner) * scanner will even need a stack. We use 2 instead of 1 to avoid an * immediate realloc on the next call. */ - num_to_alloc = 1; + num_to_alloc = 1; /* After all that talk, this was set to 1 anyways... */ yyg->yy_buffer_stack = (struct yy_buffer_state**)conf_parser_alloc (num_to_alloc * sizeof(struct yy_buffer_state*) , yyscanner); @@ -2129,7 +2162,7 @@ static void conf_parser_ensure_buffer_stack (yyscan_t yyscanner) if (yyg->yy_buffer_stack_top >= (yyg->yy_buffer_stack_max) - 1){ /* Increase the buffer to prepare for a possible push. */ - int grow_size = 8 /* arbitrary grow size */; + yy_size_t grow_size = 8 /* arbitrary grow size */; num_to_alloc = yyg->yy_buffer_stack_max + grow_size; yyg->yy_buffer_stack = (struct yy_buffer_state**)conf_parser_realloc @@ -2207,12 +2240,12 @@ YY_BUFFER_STATE conf_parser__scan_string (yyconst char * yystr , yyscan_t yyscan * @param yyscanner The scanner object. * @return the newly allocated buffer state object. */ -YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_len , yyscan_t yyscanner) +YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, yy_size_t _yybytes_len , yyscan_t yyscanner) { YY_BUFFER_STATE b; char *buf; yy_size_t n; - int i; + yy_size_t i; /* Get memory for full buffer, including space for trailing EOB's. */ n = _yybytes_len + 2; @@ -2239,7 +2272,7 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_ /* %endif */ /* %if-c-only */ - static void yy_push_state (int new_state , yyscan_t yyscanner) + static void yy_push_state (int _new_state , yyscan_t yyscanner) /* %endif */ /* %if-c++-only */ /* %endif */ @@ -2264,7 +2297,7 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_ yyg->yy_start_stack[yyg->yy_start_stack_ptr++] = YY_START; - BEGIN(new_state); + BEGIN(_new_state); } /* %if-c-only */ @@ -2297,7 +2330,9 @@ YY_BUFFER_STATE conf_parser__scan_bytes (yyconst char * yybytes, int _yybytes_ /* %if-c-only */ static void yy_fatal_error (yyconst char* msg , yyscan_t yyscanner) { - (void) fprintf( stderr, "%s\n", msg ); + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + (void) fprintf( stderr, "%s\n", msg ); exit( YY_EXIT_FAILURE ); } /* %endif */ @@ -2384,7 +2419,7 @@ FILE *conf_parser_get_out (yyscan_t yyscanner) /** Get the length of the current token. * @param yyscanner The scanner object. */ -int conf_parser_get_leng (yyscan_t yyscanner) +yy_size_t conf_parser_get_leng (yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; return yyleng; @@ -2415,51 +2450,51 @@ void conf_parser_set_extra (YY_EXTRA_TYPE user_defined , yyscan_t yyscanner) /* %endif */ /** Set the current line number. - * @param line_number + * @param _line_number line number * @param yyscanner The scanner object. */ -void conf_parser_set_lineno (int line_number , yyscan_t yyscanner) +void conf_parser_set_lineno (int _line_number , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* lineno is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "conf_parser_set_lineno called with no buffer" , yyscanner); + YY_FATAL_ERROR( "conf_parser_set_lineno called with no buffer" ); - yylineno = line_number; + yylineno = _line_number; } /** Set the current column. - * @param line_number + * @param _column_no column number * @param yyscanner The scanner object. */ -void conf_parser_set_column (int column_no , yyscan_t yyscanner) +void conf_parser_set_column (int _column_no , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; /* column is only valid if an input buffer exists. */ if (! YY_CURRENT_BUFFER ) - yy_fatal_error( "conf_parser_set_column called with no buffer" , yyscanner); + YY_FATAL_ERROR( "conf_parser_set_column called with no buffer" ); - yycolumn = column_no; + yycolumn = _column_no; } /** Set the input stream. This does not discard the current * input buffer. - * @param in_str A readable stream. + * @param _in_str A readable stream. * @param yyscanner The scanner object. * @see conf_parser__switch_to_buffer */ -void conf_parser_set_in (FILE * in_str , yyscan_t yyscanner) +void conf_parser_set_in (FILE * _in_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyin = in_str ; + yyin = _in_str ; } -void conf_parser_set_out (FILE * out_str , yyscan_t yyscanner) +void conf_parser_set_out (FILE * _out_str , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yyout = out_str ; + yyout = _out_str ; } int conf_parser_get_debug (yyscan_t yyscanner) @@ -2468,10 +2503,10 @@ int conf_parser_get_debug (yyscan_t yyscanner) return yy_flex_debug; } -void conf_parser_set_debug (int bdebug , yyscan_t yyscanner) +void conf_parser_set_debug (int _bdebug , yyscan_t yyscanner) { struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; - yy_flex_debug = bdebug ; + yy_flex_debug = _bdebug ; } /* %endif */ @@ -2637,7 +2672,10 @@ int conf_parser_lex_destroy (yyscan_t yyscanner) #ifndef yytext_ptr static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yyscanner) { - register int i; + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + + int i; for ( i = 0; i < n; ++i ) s1[i] = s2[i]; } @@ -2646,7 +2684,7 @@ static void yy_flex_strncpy (char* s1, yyconst char * s2, int n , yyscan_t yysca #ifdef YY_NEED_STRLEN static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) { - register int n; + int n; for ( n = 0; s[n]; ++n ) ; @@ -2656,11 +2694,16 @@ static int yy_flex_strlen (yyconst char * s , yyscan_t yyscanner) void *conf_parser_alloc (yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; return (void *) malloc( size ); } void *conf_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; + /* The cast to (char *) in the following accommodates both * implementations that use char* generic pointers, and those * that use void* generic pointers. It works with the latter @@ -2673,6 +2716,8 @@ void *conf_parser_realloc (void * ptr, yy_size_t size , yyscan_t yyscanner) void conf_parser_free (void * ptr , yyscan_t yyscanner) { + struct yyguts_t * yyg = (struct yyguts_t*)yyscanner; + (void)yyg; free( (char *) ptr ); /* see conf_parser_realloc() for (char *) cast */ } diff --git a/src/starter/parser/parser.c b/src/starter/parser/parser.c index 41ab515cb..7204cc61d 100644 --- a/src/starter/parser/parser.c +++ b/src/starter/parser/parser.c @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison implementation for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -44,7 +44,7 @@ #define YYBISON 1 /* Bison version. */ -#define YYBISON_VERSION "3.0.2" +#define YYBISON_VERSION "3.0.4" /* Skeleton name. */ #define YYSKELETON_NAME "yacc.c" @@ -182,7 +182,7 @@ extern int conf_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 71 "parser/parser.y" /* yacc.c:355 */ @@ -192,6 +192,8 @@ union YYSTYPE #line 194 "parser/parser.c" /* yacc.c:355 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif @@ -204,7 +206,7 @@ int conf_parser_parse (parser_helper_t *ctx); /* Copy the second part of user declarations. */ -#line 208 "parser/parser.c" /* yacc.c:358 */ +#line 210 "parser/parser.c" /* yacc.c:358 */ #ifdef short # undef short @@ -1030,19 +1032,19 @@ yydestruct (const char *yymsg, int yytype, YYSTYPE *yyvaluep, parser_helper_t *c case 3: /* STRING */ #line 86 "parser/parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1034 "parser/parser.c" /* yacc.c:1257 */ +#line 1036 "parser/parser.c" /* yacc.c:1257 */ break; case 16: /* section_name */ #line 86 "parser/parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1040 "parser/parser.c" /* yacc.c:1257 */ +#line 1042 "parser/parser.c" /* yacc.c:1257 */ break; case 18: /* value */ #line 86 "parser/parser.y" /* yacc.c:1257 */ { free(((*yyvaluep).s)); } -#line 1046 "parser/parser.c" /* yacc.c:1257 */ +#line 1048 "parser/parser.c" /* yacc.c:1257 */ break; @@ -1319,7 +1321,7 @@ yyreduce: conf_parser_t *parser = (conf_parser_t*)ctx->context; parser->add_section(parser, (yyvsp[-1].t), (yyvsp[0].s)); } -#line 1323 "parser/parser.c" /* yacc.c:1646 */ +#line 1325 "parser/parser.c" /* yacc.c:1646 */ break; case 8: @@ -1327,7 +1329,7 @@ yyreduce: { (yyval.t) = CONF_PARSER_CONFIG_SETUP; } -#line 1331 "parser/parser.c" /* yacc.c:1646 */ +#line 1333 "parser/parser.c" /* yacc.c:1646 */ break; case 9: @@ -1335,7 +1337,7 @@ yyreduce: { (yyval.t) = CONF_PARSER_CONN; } -#line 1339 "parser/parser.c" /* yacc.c:1646 */ +#line 1341 "parser/parser.c" /* yacc.c:1646 */ break; case 10: @@ -1343,7 +1345,7 @@ yyreduce: { (yyval.t) = CONF_PARSER_CA; } -#line 1347 "parser/parser.c" /* yacc.c:1646 */ +#line 1349 "parser/parser.c" /* yacc.c:1646 */ break; case 11: @@ -1351,7 +1353,7 @@ yyreduce: { (yyval.s) = NULL; } -#line 1355 "parser/parser.c" /* yacc.c:1646 */ +#line 1357 "parser/parser.c" /* yacc.c:1646 */ break; case 12: @@ -1359,7 +1361,7 @@ yyreduce: { (yyval.s) = (yyvsp[0].s); } -#line 1363 "parser/parser.c" /* yacc.c:1646 */ +#line 1365 "parser/parser.c" /* yacc.c:1646 */ break; case 14: @@ -1375,7 +1377,7 @@ yyreduce: conf_parser_t *parser = (conf_parser_t*)ctx->context; parser->add_setting(parser, (yyvsp[-2].s), (yyvsp[0].s)); } -#line 1379 "parser/parser.c" /* yacc.c:1646 */ +#line 1381 "parser/parser.c" /* yacc.c:1646 */ break; case 15: @@ -1390,7 +1392,7 @@ yyreduce: conf_parser_t *parser = (conf_parser_t*)ctx->context; parser->add_setting(parser, (yyvsp[-1].s), NULL); } -#line 1394 "parser/parser.c" /* yacc.c:1646 */ +#line 1396 "parser/parser.c" /* yacc.c:1646 */ break; case 16: @@ -1400,7 +1402,7 @@ yyreduce: free((yyvsp[0].s)); YYERROR; } -#line 1404 "parser/parser.c" /* yacc.c:1646 */ +#line 1406 "parser/parser.c" /* yacc.c:1646 */ break; case 18: @@ -1415,11 +1417,11 @@ yyreduce: free((yyvsp[-1].s)); free((yyvsp[0].s)); } -#line 1419 "parser/parser.c" /* yacc.c:1646 */ +#line 1421 "parser/parser.c" /* yacc.c:1646 */ break; -#line 1423 "parser/parser.c" /* yacc.c:1646 */ +#line 1425 "parser/parser.c" /* yacc.c:1646 */ default: break; } /* User semantic actions sometimes alter yychar, and that requires diff --git a/src/starter/parser/parser.h b/src/starter/parser/parser.h index ed6ed2bf5..05c965daf 100644 --- a/src/starter/parser/parser.h +++ b/src/starter/parser/parser.h @@ -1,8 +1,8 @@ -/* A Bison parser, made by GNU Bison 3.0.2. */ +/* A Bison parser, made by GNU Bison 3.0.4. */ /* Bison interface for Yacc-like parsers in C - Copyright (C) 1984, 1989-1990, 2000-2013 Free Software Foundation, Inc. + Copyright (C) 1984, 1989-1990, 2000-2015 Free Software Foundation, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -67,7 +67,7 @@ extern int conf_parser_debug; /* Value type. */ #if ! defined YYSTYPE && ! defined YYSTYPE_IS_DECLARED -typedef union YYSTYPE YYSTYPE; + union YYSTYPE { #line 71 "parser/parser.y" /* yacc.c:1909 */ @@ -77,6 +77,8 @@ union YYSTYPE #line 79 "parser/parser.h" /* yacc.c:1909 */ }; + +typedef union YYSTYPE YYSTYPE; # define YYSTYPE_IS_TRIVIAL 1 # define YYSTYPE_IS_DECLARED 1 #endif diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in index 58daacfb3..25e3e7488 100644 --- a/src/starter/tests/Makefile.in +++ b/src/starter/tests/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ host_triplet = @host@ TESTS = starter_tests$(EXEEXT) check_PROGRAMS = $(am__EXEEXT_1) subdir = src/starter/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -197,12 +206,14 @@ am__tty_colors = { \ std='[m'; \ fi; \ } +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -252,6 +263,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -286,6 +298,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -397,6 +410,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -457,7 +471,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/starter/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/starter/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -865,6 +878,8 @@ uninstall-am: mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/stroke/Makefile.in b/src/stroke/Makefile.in index e7bfd9d57..4673f5961 100644 --- a/src/stroke/Makefile.in +++ b/src/stroke/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,8 +90,6 @@ build_triplet = @build@ host_triplet = @host@ ipsec_PROGRAMS = stroke$(EXEEXT) subdir = src/stroke -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -95,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -171,12 +180,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -226,6 +237,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -260,6 +272,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -371,6 +384,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -427,7 +441,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/stroke/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/stroke/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -748,6 +761,8 @@ uninstall-am: uninstall-ipsecPROGRAMS mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags tags-am uninstall uninstall-am uninstall-ipsecPROGRAMS +.PRECIOUS: Makefile + stroke_keywords.c: $(srcdir)/stroke_keywords.txt $(srcdir)/stroke_keywords.h $(AM_V_GEN) \ diff --git a/src/stroke/stroke_msg.h b/src/stroke/stroke_msg.h index 17f8a4326..a3b911d0f 100644 --- a/src/stroke/stroke_msg.h +++ b/src/stroke/stroke_msg.h @@ -157,7 +157,7 @@ struct stroke_end_t { char *cert_policy; char *updown; char *address; - u_int16_t ikeport; + uint16_t ikeport; char *sourceip; char *dns; char *subnets; @@ -165,9 +165,9 @@ struct stroke_end_t { int hostaccess; int tohost; int allow_any; - u_int8_t protocol; - u_int16_t from_port; - u_int16_t to_port; + uint8_t protocol; + uint16_t from_port; + uint16_t to_port; }; typedef struct stroke_msg_t stroke_msg_t; @@ -177,7 +177,7 @@ typedef struct stroke_msg_t stroke_msg_t; */ struct stroke_msg_t { /* length of this message with all strings */ - u_int16_t length; + uint16_t length; /* type of the message */ enum { @@ -263,9 +263,9 @@ struct stroke_msg_t { int proxy_mode; int install_policy; int close_action; - u_int32_t reqid; - u_int32_t tfc; - u_int8_t ikedscp; + uint32_t reqid; + uint32_t tfc; + uint8_t ikedscp; crl_policy_t crl_policy; int unique; @@ -279,10 +279,10 @@ struct stroke_msg_t { time_t ipsec_lifetime; time_t ike_lifetime; time_t margin; - u_int64_t life_bytes; - u_int64_t margin_bytes; - u_int64_t life_packets; - u_int64_t margin_packets; + uint64_t life_bytes; + uint64_t margin_bytes; + uint64_t life_packets; + uint64_t margin_packets; unsigned long tries; unsigned long fuzz; } rekey; @@ -297,11 +297,11 @@ struct stroke_msg_t { char *peerid; } ikeme; struct { - u_int32_t value; - u_int32_t mask; + uint32_t value; + uint32_t mask; } mark_in, mark_out; stroke_end_t me, other; - u_int32_t replay_window; + uint32_t replay_window; } add_conn; /* data for STR_ADD_CA */ @@ -369,7 +369,7 @@ struct stroke_msg_t { } counters; }; /* length of the string buffer */ - u_int16_t buflen; + uint16_t buflen; /* string buffer */ char buffer[]; }; diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am index fb027149a..37a0224c3 100644 --- a/src/swanctl/Makefile.am +++ b/src/swanctl/Makefile.am @@ -27,7 +27,7 @@ swanctl_SOURCES = \ swanctl_LDADD = \ $(top_builddir)/src/libcharon/plugins/vici/libvici.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) swanctl.o : $(top_builddir)/config.status diff --git a/src/swanctl/Makefile.in b/src/swanctl/Makefile.in index 94921af6d..ebe1aba0d 100644 --- a/src/swanctl/Makefile.in +++ b/src/swanctl/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -80,9 +90,6 @@ build_triplet = @build@ host_triplet = @host@ sbin_PROGRAMS = swanctl$(EXEEXT) subdir = src/swanctl -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/swanctl.8.in $(srcdir)/swanctl.conf.5.head.in \ - $(srcdir)/swanctl.conf.5.tail.in $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -96,6 +103,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = swanctl.8 swanctl.conf.5.head swanctl.conf.5.tail @@ -122,7 +130,8 @@ am__DEPENDENCIES_1 = swanctl_DEPENDENCIES = \ $(top_builddir)/src/libcharon/plugins/vici/libvici.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent @@ -218,12 +227,16 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/swanctl.8.in \ + $(srcdir)/swanctl.conf.5.head.in \ + $(srcdir)/swanctl.conf.5.tail.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -273,6 +286,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -307,6 +321,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -418,6 +433,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -473,7 +489,7 @@ swanctl_SOURCES = \ swanctl_LDADD = \ $(top_builddir)/src/libcharon/plugins/vici/libvici.la \ $(top_builddir)/src/libstrongswan/libstrongswan.la \ - $(PTHREADLIB) $(DLLIB) + $(PTHREADLIB) $(ATOMICLIB) $(DLLIB) AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ @@ -505,7 +521,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/swanctl/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/swanctl/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -993,6 +1008,8 @@ uninstall-man: uninstall-man5 uninstall-man8 uninstall-man uninstall-man5 uninstall-man8 \ uninstall-sbinPROGRAMS +.PRECIOUS: Makefile + swanctl.o : $(top_builddir)/config.status diff --git a/src/swanctl/commands/list_conns.c b/src/swanctl/commands/list_conns.c index 019c88888..19e7050da 100644 --- a/src/swanctl/commands/list_conns.c +++ b/src/swanctl/commands/list_conns.c @@ -2,6 +2,9 @@ * Copyright (C) 2014 Martin Willi * Copyright (C) 2014 revosec AG * + * Copyright (C) 2016 Andreas Steffen + * HSR Hochschule fuer Technik Rapperswil + * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2 of the License, or (at your @@ -80,15 +83,64 @@ CALLBACK(children_sn, int, hashtable_t *ike, vici_res_t *res, char *name) { hashtable_t *child; + char *mode, *interface, *priority; + char *rekey_time, *rekey_bytes, *rekey_packets; + bool no_time, no_bytes, no_packets, or = FALSE; int ret; child = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1); ret = vici_parse_cb(res, NULL, values, list, child); if (ret == 0) { - printf(" %s: %s\n", name, child->get(child, "mode")); + mode = child->get(child, "mode"); + printf(" %s: %s, ", name, mode); + + rekey_time = child->get(child, "rekey_time"); + rekey_bytes = child->get(child, "rekey_bytes"); + rekey_packets = child->get(child, "rekey_packets"); + no_time = streq(rekey_time, "0"); + no_bytes = streq(rekey_bytes, "0"); + no_packets = streq(rekey_packets, "0"); + + if (strcaseeq(mode, "PASS") || strcaseeq(mode, "DROP") || + (no_time && no_bytes && no_packets)) + { + printf("no rekeying\n"); + } + else + { + printf("rekeying every"); + if (!no_time) + { + printf(" %ss", rekey_time); + or = TRUE; + } + if (!no_bytes) + { + printf("%s %s bytes", or ? " or" : "", rekey_bytes); + or = TRUE; + } + if (!no_packets) + { + printf("%s %s packets", or ? " or" : "", rekey_packets); + } + printf("\n"); + } + printf(" local: %s\n", child->get(child, "local-ts")); printf(" remote: %s\n", child->get(child, "remote-ts")); + + interface = child->get(child, "interface"); + if (interface) + { + printf(" interface: %s\n", interface); + } + + priority = child->get(child, "priority"); + if (priority) + { + printf(" priority: %s\n", priority); + } } free_hashtable(child); return ret; @@ -106,18 +158,35 @@ CALLBACK(conn_sn, int, if (strpfx(name, "local") || strpfx(name, "remote")) { hashtable_t *auth; + char *class; auth = hashtable_create(hashtable_hash_str, hashtable_equals_str, 1); ret = vici_parse_cb(res, NULL, values, list, auth); if (ret == 0) { + class = auth->get(auth, "class") ?: "unspecified"; + if (strcaseeq(class, "EAP")) + { + class = auth->get(auth, "eap-type") ?: class; + } printf(" %s %s authentication:\n", - strpfx(name, "local") ? "local" : "remote", - auth->get(auth, "class") ?: "unspecified"); + strpfx(name, "local") ? "local" : "remote", class); if (auth->get(auth, "id")) { printf(" id: %s\n", auth->get(auth, "id")); } + if (auth->get(auth, "eap_id")) + { + printf(" eap_id: %s\n", auth->get(auth, "eap_id")); + } + if (auth->get(auth, "xauth_id")) + { + printf(" xauth_id: %s\n", auth->get(auth, "xauth_id")); + } + if (auth->get(auth, "aaa_id")) + { + printf(" aaa_id: %s\n", auth->get(auth, "aaa_id")); + } if (auth->get(auth, "groups")) { printf(" groups: %s\n", auth->get(auth, "groups")); @@ -156,8 +225,43 @@ CALLBACK(conn_list, int, CALLBACK(conns, int, void *null, vici_res_t *res, char *name) { - printf("%s: %s\n", name, vici_find_str(res, "", "%s.version", name)); + char *version, *reauth_time, *rekey_time; + + version = vici_find_str(res, "", "%s.version", name); + reauth_time = vici_find_str(res, "", "%s.reauth_time", name); + rekey_time = vici_find_str(res, "", "%s.rekey_time", name); + printf("%s: %s, ", name, version); + if (streq(version, "IKEv1")) + { + if (streq(reauth_time, "0")) + { + reauth_time = rekey_time; + } + } + if (streq(reauth_time, "0")) + { + printf("no reauthentication"); + } + else + { + printf("reauthentication every %ss", reauth_time); + } + if (streq(version, "IKEv1")) + { + printf("\n"); + } + else + { + if (streq(rekey_time, "0")) + { + printf(", no rekeying\n"); + } + else + { + printf(", rekeying every %ss\n", rekey_time); + } + } return vici_parse_cb(res, conn_sn, NULL, conn_list, NULL); } diff --git a/src/swanctl/commands/list_sas.c b/src/swanctl/commands/list_sas.c index fd080227d..e5f251d17 100644 --- a/src/swanctl/commands/list_sas.c +++ b/src/swanctl/commands/list_sas.c @@ -196,10 +196,13 @@ CALLBACK(ike_sa, int, { if (streq(name, "child-sas")) { - printf("%s: #%s, %s, IKEv%s, %s:%s\n", + bool is_initiator = streq(ike->get(ike, "initiator"), "yes"); + + printf("%s: #%s, %s, IKEv%s, %s_i%s %s_r%s\n", ike->get(ike, "name"), ike->get(ike, "uniqueid"), ike->get(ike, "state"), ike->get(ike, "version"), - ike->get(ike, "initiator-spi"), ike->get(ike, "responder-spi")); + ike->get(ike, "initiator-spi"), is_initiator ? "*" : "", + ike->get(ike, "responder-spi"), is_initiator ? "" : "*"); printf(" local '%s' @ %s[%s]", ike->get(ike, "local-id"), ike->get(ike, "local-host"), diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c index 88dde6aaf..352a185e8 100644 --- a/src/swanctl/commands/load_authorities.c +++ b/src/swanctl/commands/load_authorities.c @@ -292,7 +292,7 @@ int load_authorities_cfg(vici_conn_t *conn, command_format_options_t format, } if (found == 0) { - printf("no authorities found, %u unloaded\n", unloaded); + fprintf(stderr, "no authorities found, %u unloaded\n", unloaded); return 0; } if (loaded == found) diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c index bbc700d5c..87526bc79 100644 --- a/src/swanctl/commands/load_conns.c +++ b/src/swanctl/commands/load_conns.c @@ -396,7 +396,7 @@ int load_conns_cfg(vici_conn_t *conn, command_format_options_t format, } if (found == 0) { - printf("no connections found, %u unloaded\n", unloaded); + fprintf(stderr, "no connections found, %u unloaded\n", unloaded); return 0; } if (loaded == found) diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c index d7fbd1341..2b9fa2d42 100644 --- a/src/swanctl/commands/load_pools.c +++ b/src/swanctl/commands/load_pools.c @@ -235,7 +235,7 @@ int load_pools_cfg(vici_conn_t *conn, command_format_options_t format, } if (found == 0) { - printf("no pools found, %u unloaded\n", unloaded); + fprintf(stderr, "no pools found, %u unloaded\n", unloaded); return 0; } if (loaded == found) diff --git a/src/swanctl/swanctl.conf b/src/swanctl/swanctl.conf index 428be91e7..6bc81becf 100644 --- a/src/swanctl/swanctl.conf +++ b/src/swanctl/swanctl.conf @@ -213,6 +213,12 @@ # Fixed reqid to use for this CHILD_SA. # reqid = 0 + # Optional fixed priority for IPsec policies. + # priority = 0 + + # Optional interface name to restrict IPsec policies. + # interface = + # Netfilter mark and mask for input traffic. # mark_in = 0/0x00000000 diff --git a/src/swanctl/swanctl.conf.5.main b/src/swanctl/swanctl.conf.5.main index a5b2a731f..013e35fb7 100644 --- a/src/swanctl/swanctl.conf.5.main +++ b/src/swanctl/swanctl.conf.5.main @@ -519,7 +519,7 @@ an absolute path. Comma separated list of raw public keys to accept for authentication. The public keys may use a relative path from the .RB "" "swanctl" "" -.RI "" "x509" "" +.RI "" "pubkey" "" directory or an absolute path. @@ -856,6 +856,18 @@ once. The default of uses dynamic reqids, allocated incrementally. .TP +.BR connections.<conn>.children.<child>.priority " [0]" +Optional fixed priority for IPsec policies. This could be useful to install +high\-priority drop policies. The default of +.RI "" "0" "" +uses dynamically calculated +priorities based on the size of the traffic selectors. + +.TP +.BR connections.<conn>.children.<child>.interface " []" +Optional interface name to restrict IPsec policies. + +.TP .BR connections.<conn>.children.<child>.mark_in " [0/0x00000000]" Netfilter mark and mask for input traffic. On Linux Netfilter may require marks on each packet to match an SA having that option set. This allows Netfilter diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt index 145fab28d..fe5b293fb 100644 --- a/src/swanctl/swanctl.opt +++ b/src/swanctl/swanctl.opt @@ -416,7 +416,7 @@ connections.<conn>.remote<suffix>.pubkeys = Comma separated list of raw public keys to accept for authentication. Comma separated list of raw public keys to accept for authentication. - The public keys may use a relative path from the **swanctl** _x509_ + The public keys may use a relative path from the **swanctl** _pubkey_ directory or an absolute path. connections.<conn>.remote<suffix>.revocation = relaxed @@ -684,6 +684,16 @@ connections.<conn>.children.<child>.reqid = 0 not more than once. The default of _0_ uses dynamic reqids, allocated incrementally. +connections.<conn>.children.<child>.priority = 0 + Optional fixed priority for IPsec policies. + + Optional fixed priority for IPsec policies. This could be useful to install + high-priority drop policies. The default of _0_ uses dynamically calculated + priorities based on the size of the traffic selectors. + +connections.<conn>.children.<child>.interface = + Optional interface name to restrict IPsec policies. + connections.<conn>.children.<child>.mark_in = 0/0x00000000 Netfilter mark and mask for input traffic. |