stf_status tpm_call_it(Tcl_Obj **objv, int objc) { int ret; const char *res; passert(objc>=4); DBG(DBG_CONTROLMORE, DBG_log("TPM call %s %s %s %s %s" , Tcl_GetString(objv[0]) , Tcl_GetString(objv[1]) , Tcl_GetString(objv[2]) , Tcl_GetString(objv[3]) , objc>4 ? Tcl_GetString(objv[4]) : "")); ret = Tcl_EvalObjv(PlutoInterp, objc, objv, TCL_EVAL_GLOBAL); res = Tcl_GetStringResult(PlutoInterp); DBG(DBG_CONTROL, DBG_log("TPM %s(%s,%s,%s,%s) => %s" , Tcl_GetString(objv[0]) , Tcl_GetString(objv[1]) , Tcl_GetString(objv[2]) , Tcl_GetString(objv[3]) , objc>4 ? Tcl_GetString(objv[4]) : "" , res)); if(strcmp(res, "ignore")==0 || strcmp(res, "nothing")==0 || res[0]=='\0') { /* just quietly return */ return STF_OK; } libreswan_log("TPM result: %s",res); if(ret != TCL_OK) { libreswan_log("TPM result failed"); } if(strcmp(res, "stf_stolen")==0) { return STF_STOLEN; } if(strcmp(res, "stf_ignore")==0) { return STF_IGNORE; } return STF_OK; }
void* masterconn_create_detached_packet(masterconn *eptr,uint32_t type,uint32_t size) { out_packetstruct *outpacket; uint8_t *ptr; uint32_t psize; psize = size+8; outpacket=malloc(offsetof(out_packetstruct,data)+psize); passert(outpacket); outpacket->bytesleft = psize; ptr = outpacket->data; put32bit(&ptr,type); put32bit(&ptr,size); outpacket->startptr = outpacket->data; outpacket->next = NULL; outpacket->conncnt = eptr->conncnt; return outpacket; }
void Purify_SetMemoryFlags (MemHash * mem, int offset, int size, int flag) { char * ptr; #if 0 printf ("SetMemoryFlags (hash=%p, offset=%d, size=%d, flag=%d)\n", mem, offset, size, flag ); #endif passert (offset+size <= mem->size); ptr = mem->flags + offset; while (size--) *ptr ++ = flag; }
/** * DPD Timeout Function * * This function is called when a timeout DPD_EVENT occurs. We set clear/trap * both the SA and the eroutes, depending on what the connection definition * tells us (either 'hold' or 'clear') * * @param st A state structure that is fully negotiated * @return void */ void dpd_timeout(struct state *st) { int action; struct connection *c = st->st_connection; action = st->st_connection->dpd_action; /* probably wrong thing to assert here */ passert(action == DPD_ACTION_HOLD || action == DPD_ACTION_CLEAR || action == DPD_ACTION_RESTART); /** delete the state, which is probably in phase 2 */ set_cur_connection(c); log("DPD: No response from peer - declaring peer dead"); switch(action) { case DPD_ACTION_HOLD: /** dpdaction=hold - Wipe the SA's but %trap the eroute so we don't leak traffic. Also, being in %trap means new packets will force an initiation of the conn again. */ log("DPD: Putting connection into %%trap"); delete_states_by_connection(c); break; case DPD_ACTION_CLEAR: /** dpdaction=clear - Wipe the SA & eroute - everything */ log("DPD: Clearing Connection"); delete_states_by_connection(c); DBG(DBG_DPD, DBG_log("unrouting connection")); unroute_connection(c); /* --unroute */ break; case DPD_ACTION_RESTART: /** dpdaction=restart - immediate renegotiate the connection. */ log("DPD: Restarting Connection"); /* we replace the SA so that we do it in a rational place */ delete_event(st); event_schedule(EVENT_SA_REPLACE, 0, st); break; } reset_cur_connection(); }
void* queue_new(uint32_t size) { queue *q; q = (queue*)malloc(sizeof(queue)); passert(q); q->head = NULL; q->tail = &(q->head); q->elements = 0; q->size = 0; q->maxsize = size; q->freewaiting = 0; q->fullwaiting = 0; if (size) { eassert(pthread_cond_init(&(q->waitfull),NULL)==0); } eassert(pthread_cond_init(&(q->waitfree),NULL)==0); eassert(pthread_mutex_init(&(q->lock),NULL)==0); return q; }
/* ipcmp compares the two ip_address values a and b. * It returns -1, 0, or +1 if a is, respectively, * less than, equal to, or greater than b. */ static int ipcmp(ip_address *a, ip_address *b) { if (addrtypeof(a) != addrtypeof(b)) { return addrtypeof(a) < addrtypeof(b) ? -1 : 1; } else if (sameaddr(a, b)) { return 0; } else { const struct sockaddr *sa = sockaddrof(a), *sb = sockaddrof(b); passert(addrtypeof(a) == AF_INET); /* not yet implemented IPv6 version :-( */ return (ntohl(((const struct sockaddr_in *)sa)->sin_addr.s_addr) < ntohl(((const struct sockaddr_in *)sb)->sin_addr.s_addr)) ? -1 : 1; } }
void Purify_ModifyMemoryFlags (MemHash * mem, int offset, int size, int flag, int mask) { char * ptr; passert (offset+size <= mem->size); ptr = mem->flags + offset; flag &= mask; mask = ~mask; while (size--) { *ptr = (*ptr & mask) | flag; ptr ++; } }
/* find the value for a name in an enum_names table. If not found, returns -1 * * ??? the table contains unsigned long values BUT the function returns an * int so there is some potential for overflow. */ int enum_search(enum_names *ed, const char *str) { enum_names *p; for (p = ed; p != NULL; p = p->en_next_range) { unsigned long en; for (en = p->en_first; en <= p->en_last; en++) { const char *ptr = p->en_names[en - p->en_first]; if (ptr != NULL && streq(ptr, str)) { passert(en <= INT_MAX); return en; } } } return -1; }
/* this is replicated in the unit test cases since the patching up of the crypto values is case specific */ void recv_pcap_packet(u_char *user , const struct pcap_pkthdr *h , const u_char *bytes) { struct state *st; struct pcr_kenonce *kn = &crypto_req->pcr_d.kn; recv_pcap_packet_gen(user, h, bytes); /* find st involved */ st = state_with_serialno(1); if(st != NULL) { passert(st != NULL); st->st_connection->extra_debugging = DBG_EMITTING|DBG_CONTROL|DBG_CONTROLMORE|DBG_CRYPT|DBG_PRIVATE; } run_continuation(crypto_req); }
/* accept_ke * * Check and accept DH public value (Gi or Gr) from peer's message. * According to RFC2409 "The Internet key exchange (IKE)" 5: * The Diffie-Hellman public value passed in a KE payload, in either * a phase 1 or phase 2 exchange, MUST be the length of the negotiated * Diffie-Hellman group enforced, if necessary, by pre-pending the * value with zeros. */ notification_t accept_KE(chunk_t *dest, const char *val_name, const struct oakley_group_desc *gr, pb_stream *pbs) { /* To figure out which function calls us without a pbs */ passert(pbs != NULL); if (pbs_left(pbs) != gr->bytes) { loglog(RC_LOG_SERIOUS, "KE has %u byte DH public value; %u required", (unsigned) pbs_left(pbs), (unsigned) gr->bytes); /* XXX Could send notification back */ return INVALID_KEY_INFORMATION; } clonereplacechunk(*dest, pbs->cur, pbs_left(pbs), val_name); DBG_cond_dump_chunk(DBG_CRYPT, "DH public value received:\n", *dest); return NOTHING_WRONG; }
uint32_t job_replicate_raid(void (*callback)(uint8_t status,void *extra),void *extra,uint64_t chunkid,uint32_t version,uint8_t srccnt,const uint32_t xormasks[4],const uint8_t *srcs) { jobpool* jp = globalpool; chunk_rp_args *args; uint8_t *ptr; ptr = malloc(sizeof(chunk_rp_args)+srccnt*18); passert(ptr); args = (chunk_rp_args*)ptr; ptr += sizeof(chunk_rp_args); args->chunkid = chunkid; args->version = version; args->srccnt = srccnt; args->xormasks[0] = xormasks[0]; args->xormasks[1] = xormasks[1]; args->xormasks[2] = xormasks[2]; args->xormasks[3] = xormasks[3]; memcpy(ptr,srcs,srccnt*18); return job_new(jp,OP_REPLICATE,args,callback,extra); }
uint8_t* masterconn_createpacket(masterconn *eptr,uint32_t type,uint32_t size) { out_packetstruct *outpacket; uint8_t *ptr; uint32_t psize; psize = size+8; outpacket=malloc(offsetof(out_packetstruct,data)+psize); passert(outpacket); outpacket->bytesleft = psize; ptr = outpacket->data; put32bit(&ptr,type); put32bit(&ptr,size); outpacket->startptr = outpacket->data; outpacket->next = NULL; *(eptr->outputtail) = outpacket; eptr->outputtail = &(outpacket->next); return ptr; }
int masterconn_init(void) { uint32_t ReconnectionDelay; masterconn *eptr; ReconnectionDelay = cfg_getuint32("MASTER_RECONNECTION_DELAY",5); MasterHost = cfg_getstr("MASTER_HOST","mfsmaster"); MasterPort = cfg_getstr("MASTER_PORT","9419"); BindHost = cfg_getstr("BIND_HOST","*"); Timeout = cfg_getuint32("MASTER_TIMEOUT",10); BackLogsNumber = cfg_getuint32("BACK_LOGS",50); BackMetaCopies = cfg_getuint32("BACK_META_KEEP_PREVIOUS",3); if (Timeout>65536) { Timeout=65535; } if (Timeout<10) { Timeout=10; } if (BackLogsNumber<5) { BackLogsNumber=5; } if (BackLogsNumber>10000) { BackLogsNumber=10000; } eptr = masterconnsingleton = malloc(sizeof(masterconn)); passert(eptr); eptr->masteraddrvalid = 0; eptr->mode = FREE; eptr->pdescpos = -1; eptr->metafd = -1; eptr->oldmode = 0; currentlogversion = fs_getversion(); if (!fs_ismastermode() && masterconn_initconnect(eptr)<0) { return -1; } reconnect_hook = main_timeregister(TIMEMODE_RUN_LATE,ReconnectionDelay,0,masterconn_reconnect); main_destructregister(masterconn_term); main_pollregister(masterconn_desc,masterconn_serve); main_reloadregister(masterconn_reload); main_timeregister(TIMEMODE_RUN_LATE,60,0,masterconn_sessionsdownloadinit); return 0; }
static inline void itree_add(itnode **p,uint32_t f,uint32_t t,uint32_t id) { itnode *n = *p; if (n) { if (t<n->from) { itree_add(&(n->left),f,t,id); } else if (f>n->to) { itree_add(&(n->right),f,t,id); } else if (f<=n->from && t>=n->to) { if (f<n->from) { itree_delete(&(n->left),f,n->from-1); } if (t>n->to) { itree_delete(&(n->right),n->to+1,t); } n->from = f; n->to = t; n->id = id; } else if (f>=n->from && t<=n->to) { if (f>n->from) { itree_add(&(n->left),n->from,f-1,n->id); } if (t<n->to) { itree_add(&(n->right),t+1,n->to,n->id); } n->from = f; n->to = t; n->id = id; } else if (f<n->from) { n->from = t+1; itree_add(&(n->left),f,t,id); } else if (t>n->to) { n->to = f-1; itree_add(&(n->right),f,t,id); } } else { *p = n = malloc(sizeof(itnode)); passert(n); n->from = f; n->to = t; n->id = id; n->left = NULL; n->right = NULL; } }
bool ikev2_calculate_rsa_sha1(struct state *st , enum phase1_role role , unsigned char *idhash , pb_stream *a_pbs) { unsigned char signed_octets[SHA1_DIGEST_SIZE+16]; size_t signed_len; const struct connection *c = st->st_connection; const struct RSA_private_key *k = get_RSA_private_key(c); unsigned int sz; if (k == NULL) return 0; /* failure: no key to use */ sz = k->pub.k; /* * this is the prefix of the ASN/DER goop that lives inside RSA-SHA1 * signatures. If the signing hash changes, this needs to change * too, but this function is specific to RSA-SHA1. */ memcpy(signed_octets, der_digestinfo, der_digestinfo_len); ikev2_calculate_sighash(st, role, idhash , st->st_firstpacket_me , signed_octets+der_digestinfo_len); signed_len = der_digestinfo_len + SHA1_DIGEST_SIZE; passert(RSA_MIN_OCTETS <= sz && 4 + signed_len < sz && sz <= RSA_MAX_OCTETS); DBG(DBG_CRYPT , DBG_dump("v2rsa octets", signed_octets, signed_len)); { u_char sig_val[RSA_MAX_OCTETS]; /* now generate signature blob */ sign_hash(k, signed_octets, signed_len , sig_val, sz); out_raw(sig_val, sz, a_pbs, "rsa signature"); } return TRUE; }
int is_sp30() { int rc = 0; int r; char model [16]; FILE* file = fopen("/model_name", "r"); if (file < 0) { psyslog("file /model_name missing is it an SP miner at all??"); passert(0); } else{ r = fscanf (file, "%s",model); if (r > 0){ rc = (strcmp("SP30",model) == 0); } } fclose (file); return rc; }
/* send the request, make sure it all goes down. */ static bool crypto_write_request(struct pluto_crypto_worker *w, const struct pluto_crypto_req *r) { const unsigned char *wdat = (unsigned char *)r; size_t wlen = r->pcr_len; passert(wlen == sizeof(*r)); DBG(DBG_CONTROL, DBG_log("asking crypto helper %d to do %s; request ID %u (len=%zu, pcw_work=%d)", w->pcw_helpernum, enum_show(&pluto_cryptoop_names, r->pcr_type), r->pcr_id, r->pcr_len, w->pcw_work)); while (wlen > 0) { ssize_t cnt = write(w->pcw_master_fd, wdat, wlen); if (cnt < 0) { libreswan_log( "write to crypto helper %d failed: cnt=%d err=%s", w->pcw_helpernum, (int)cnt, strerror(errno)); return FALSE; } if (cnt == 0) { /* Not clear why this would happen. Socket full? */ libreswan_log( "write to crypto helper %d failed to write any bytes", w->pcw_helpernum); return FALSE; } if ((size_t)cnt != wlen) { libreswan_log("short write to crypto helper %d (%zu of %zu bytes); will continue", w->pcw_helpernum, (size_t)cnt, wlen); } wlen -= cnt; wdat += cnt; } return TRUE; }
void* main_timeregister (int mode,uint32_t seconds,uint32_t offset,void (*fun)(void)) { timeentry *aux; if (seconds==0 || offset>=seconds) { return NULL; } aux = (timeentry*)malloc(sizeof(timeentry)); passert(aux); aux->nextevent = ((now / seconds) * seconds) + offset; while (aux->nextevent<now) { aux->nextevent+=seconds; } aux->seconds = seconds; aux->offset = offset; aux->mode = mode; aux->fun = fun; aux->next = timehead; timehead = aux; return aux; }
/* Get a state object. * Caller must schedule an event for this object so that it doesn't leak. * Caller must insert_state(). */ struct state * new_state(void) { static const struct state blank_state; /* initialized all to zero & NULL */ static so_serial_t next_so = SOS_FIRST; struct state *st; st = clone_thing(blank_state, "struct state in new_state()"); st->st_serialno = next_so++; passert(next_so > SOS_FIRST); /* overflow can't happen! */ st->st_whack_sock = NULL_FD; anyaddr(AF_INET, &st->hidden_variables.st_nat_oa); anyaddr(AF_INET, &st->hidden_variables.st_natd); DBG(DBG_CONTROL, DBG_log("creating state object #%lu at %p" , st->st_serialno, (void *) st)); return st; }
/** Read a subnet (IPv4/IPv6) * read %v4:x.x.x.x/y or %v6:xxxxxxxxx/yy * or %v4:!x.x.x.x/y if dstko not NULL * * @param src String in format (see above) * @param len Length of src string * @param dst IP Subnet Destination * @param dstko IP Subnet * @param isok Boolean * @return bool If the format string is valid. */ static bool _read_subnet(const char *src, size_t len, ip_subnet *dst, ip_subnet *dstko, bool *isok) { bool ok; int af; /* workaround for typo "%4:" instead of "%v4:" introduced in old libreswan release*/ int offset = 0; if ((len > 4) && (strncmp(src, "%v4:", 4) == 0)) { af = AF_INET; } else if ((len > 4) && (strncmp(src, "%v6:", 4) == 0)) { af = AF_INET6; } else if ((len > 4) && (strncmp(src, "%4:", 3) == 0)) { af = AF_INET; offset = -1; loglog(RC_LOG_SERIOUS, "fixup for bad virtual_private entry '%s', please fix your virtual_private line!", src); } else { return FALSE; } ok = (src[4 + offset] == '!') ? FALSE : TRUE; src += ok ? (4 + offset) : (5 + offset); len -= ok ? (4 + offset) : (5 + offset); if (!len) return FALSE; if ((!ok) && (!dstko)) return FALSE; passert( ((ok) ? (dst) : (dstko)) != NULL ); if (ttosubnet(src, len, af, ((ok) ? (dst) : (dstko)))) { loglog(RC_LOG_SERIOUS, "fail in ttosubnet ?"); return FALSE; } if (isok) *isok = ok; return TRUE; }
/* * Process KE values. */ void unpack_KE_from_helper( struct state *st, const struct pluto_crypto_req *r, chunk_t *g) { const struct pcr_kenonce *kn = &r->pcr_d.kn; /* ??? if st->st_sec_in_use how could we do our job? */ passert(!st->st_sec_in_use); st->st_sec_in_use = TRUE; freeanychunk(*g); /* happens in odd error cases */ clonetochunk(*g, WIRE_CHUNK_PTR(*kn, gi), kn->gi.len, "saved gi value"); DBG(DBG_CRYPT, DBG_log("saving DH priv (local secret) and pub key into state struct")); st->st_sec_nss = kn->secret; st->st_pubk_nss = kn->pubk; }
void alg_info_delref(struct alg_info **alg_info_p) { struct alg_info *alg_info=*alg_info_p; if (alg_info != NULL) { DBG(DBG_CONTROL, DBG_log("alg_info_delref(%p) " "alg_info->ref_cnt=%d" , alg_info, alg_info->ref_cnt)); passert(alg_info->ref_cnt != 0); alg_info->ref_cnt--; if (alg_info->ref_cnt==0) { DBG(DBG_CONTROL, DBG_log("alg_info_delref(%p) " "freeing alg_info", alg_info)); alg_info_free(alg_info); } *alg_info_p=NULL; } }
static acl_node* posix_acl_create(uint32_t inode,uint8_t acltype) { uint32_t h; acl_node *acn; h = HASHFN(inode,acltype); acn = malloc(sizeof(acl_node)); passert(acn); acn->inode = inode; acn->acltype = acltype; acn->userperm = 0; acn->groupperm = 0; acn->otherperm = 0; acn->mask = 0; acn->namedusers = 0; acn->namedgroups = 0; acn->acltab = NULL; acn->next = hashtab[h]; hashtab[h] = acn; return acn; }
PColor PWidget::backgroundColorDelegated() const { if (color().isValid()) return color(); //delegate up to screen PWidget * wid = parent(); while(wid) { if (wid->color().isValid()) { return wid->color(); } wid = wid->parent(); } //no widget has valid font so take font from screen passert(parentScreen(),"screen is null"); return parentScreen()->color(); }
/** * @brief PWidget::fontDelegated * @return return delegated font up to screen */ PFont * PWidget::fontDelegated() const { if (p.font) return p.font; //delegate up to screen PWidget * wid = parent(); while(wid) { if (wid->font()) { return wid->font(); } wid = wid->parent(); } //no widget has valid font so take font from screen passert(parentScreen(),"screen is null"); return parentScreen()->font(); }
static void nss_ecp_calc_secret(const struct dh_desc *group, SECKEYPrivateKey **privk, SECKEYPublicKey **pubk, uint8_t *ke, size_t sizeof_ke) { passert(sizeof_ke == group->bytes); /* * Get the PK11 formatted EC parameters (stored in static * data) from NSS. */ DBG(DBG_CRYPT, DBG_log("oid %d %x", group->nss_oid, group->nss_oid)); SECOidData *pk11_data = SECOID_FindOIDByTag(group->nss_oid); if (pk11_data == NULL) { PASSERT_FAIL("Lookup of OID %d for EC group %s parameters failed", group->nss_oid, group->common.name); } LSWDBGP(DBG_CRYPT, buf) { lswlogs(buf, "pk11_data->oid: "); lswlog_nss_secitem(buf, &pk11_data->oid); }
static void startupSecondaryProcessors(char *prog) { SysStatus rc; VPNum n, vp; n = DREFGOBJ(TheProcessRef)->ppCount(); if ( n <= 1) { err_printf("%s - number of processors %ld\n", prog, n); return ; } err_printf("%s - starting %ld secondary processors\n", prog, n-1); for (vp = 1; vp < n; vp++) { rc = ProgExec::CreateVP(vp); passert(_SUCCESS(rc), err_printf("ProgExec::CreateVP failed (0x%lx)\n", rc)); err_printf("%s - vp %ld created\n", prog, vp); } }
/* construct a string to name the bits on in a set * Result of bitnamesof may be in STATIC buffer -- NOT RE-ENTRANT! * Note: prettypolicy depends on internal details of bitnamesofb. * binamesofb is re-entrant since the caller provides the buffer. */ const char *bitnamesofb(const char *const table[], lset_t val, char *b, size_t blen) { char *const roof = b + blen; char *p = b; lset_t bit; const char *const *tp; passert(blen != 0); /* need room for NUL */ /* if nothing gets filled in, default to "none" rather than "" */ (void) jam_str(p, (size_t)(roof - p), "none"); for (tp = table, bit = 01; val != 0; bit <<= 1) { if (val & bit) { const char *n = *tp; if (p != b) p = jam_str(p, (size_t)(roof - p), "+"); if (n == NULL || *n == '\0') { /* No name for this bit, so use hex. * if snprintf returns a different value from strlen, trunation happened */ (void)snprintf(p, (size_t)(roof - p), "0x%" PRIxLSET, bit); p += strlen(p); } else { p = jam_str(p, (size_t)(roof - p), n); } val -= bit; } /* Move on in the table, but not past end. * This is a bit of a trick: while we are at stuck the end, * the loop will print out the remaining bits in hex. */ if (*tp != NULL) tp++; } return b; }
void crypto_cbc_encrypt(const struct encrypt_desc *e, bool enc, u_int8_t *buf, size_t size, struct state *st) { passert(st->st_new_iv_len >= e->enc_blocksize); st->st_new_iv_len = e->enc_blocksize; /* truncate */ #if 0 DBG(DBG_CRYPT, DBG_log("encrypting buf=%p size=%d keyptr: %p keysize: %d, iv: %p enc: %d", buf, size, st->st_enc_key.ptr, st->st_enc_key.len, st->st_new_iv, enc)); #endif e->do_crypt(buf, size, st->st_enc_key.ptr, st->st_enc_key.len, st->st_new_iv, enc); /* e->set_key(&ctx, st->st_enc_key.ptr, st->st_enc_key.len); e->cbc_crypt(&ctx, buf, size, st->st_new_iv, enc); */ }
uint32_t job_replicate_simple(void (*callback)(uint8_t status,void *extra),void *extra,uint64_t chunkid,uint32_t version,uint32_t ip,uint16_t port) { jobpool* jp = globalpool; chunk_rp_args *args; uint8_t *ptr; ptr = malloc(sizeof(chunk_rp_args)+18); passert(ptr); args = (chunk_rp_args*)ptr; ptr += sizeof(chunk_rp_args); args->chunkid = chunkid; args->version = version; args->srccnt = 1; args->xormasks[0] = UINT32_C(0x88888888); args->xormasks[1] = UINT32_C(0x44444444); args->xormasks[2] = UINT32_C(0x22222222); args->xormasks[3] = UINT32_C(0x11111111); put64bit(&ptr,chunkid); put32bit(&ptr,version); put32bit(&ptr,ip); put16bit(&ptr,port); return job_new(jp,OP_REPLICATE,args,callback,extra); }