int ecc_dp_set_by_oid(ltc_ecc_set_type *dp, unsigned long *oid, unsigned long oidsize) { int i; unsigned long len; for(i=0; ltc_ecc_sets[i].size != 0; i++) { if ((oidsize == ltc_ecc_sets[i].oid.OIDlen) && (XMEM_NEQ(oid, ltc_ecc_sets[i].oid.OID, sizeof(unsigned long) * ltc_ecc_sets[i].oid.OIDlen) == 0)) { break; } } if (ltc_ecc_sets[i].size == 0) return CRYPT_INVALID_ARG; /* not found */ /* a */ len = (unsigned long)strlen(ltc_ecc_sets[i].A); if ((dp->A = XMALLOC(1+len)) == NULL) goto cleanup1; strncpy(dp->A, ltc_ecc_sets[i].A, 1+len); /* b */ len = (unsigned long)strlen(ltc_ecc_sets[i].B); if ((dp->B = XMALLOC(1+len)) == NULL) goto cleanup2; strncpy(dp->B, ltc_ecc_sets[i].B, 1+len); /* order */ len = (unsigned long)strlen(ltc_ecc_sets[i].order); if ((dp->order = XMALLOC(1+len)) == NULL) goto cleanup3; strncpy(dp->order, ltc_ecc_sets[i].order, 1+len); /* prime */ len = (unsigned long)strlen(ltc_ecc_sets[i].prime); if ((dp->prime = XMALLOC(1+len)) == NULL) goto cleanup4; strncpy(dp->prime, ltc_ecc_sets[i].prime, 1+len); /* gx */ len = (unsigned long)strlen(ltc_ecc_sets[i].Gx); if ((dp->Gx = XMALLOC(1+len)) == NULL) goto cleanup5; strncpy(dp->Gx, ltc_ecc_sets[i].Gx, 1+len); /* gy */ len = (unsigned long)strlen(ltc_ecc_sets[i].Gy); if ((dp->Gy = XMALLOC(1+len)) == NULL) goto cleanup6; strncpy(dp->Gy, ltc_ecc_sets[i].Gy, 1+len); /* cofactor & size */ dp->cofactor = ltc_ecc_sets[i].cofactor; dp->size = ltc_ecc_sets[i].size; /* name */ len = (unsigned long)strlen(ltc_ecc_sets[i].name); if ((dp->name = XMALLOC(1+len)) == NULL) goto cleanup7; strncpy(dp->name, ltc_ecc_sets[i].name, 1+len); /* oid */ dp->oid.OIDlen = ltc_ecc_sets[i].oid.OIDlen; XMEMCPY(dp->oid.OID, ltc_ecc_sets[i].oid.OID, dp->oid.OIDlen * sizeof(dp->oid.OID[0])); /* done - success */ return CRYPT_OK; cleanup7: XFREE(dp->Gy); cleanup6: XFREE(dp->Gx); cleanup5: XFREE(dp->prime); cleanup4: XFREE(dp->order); cleanup3: XFREE(dp->B); cleanup2: XFREE(dp->A); cleanup1: return CRYPT_MEM; }
/** Import an RSAPublicKey or RSAPrivateKey [two-prime only, only support >= 1024-bit keys, defined in PKCS #1 v2.1] @param in The packet to import from @param inlen It's length (octets) @param key [out] Destination for newly imported key @return CRYPT_OK if successful, upon error allocated memory is freed */ int rsa_import(const unsigned char *in, unsigned long inlen, rsa_key *key) { int err; void *zero; unsigned char *tmpbuf; unsigned long t, x, y, z, tmpoid[16]; ltc_asn1_list ssl_pubkey_hashoid[2]; ltc_asn1_list ssl_pubkey[2]; LTC_ARGCHK(in != NULL); LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* init key */ if ((err = mp_init_multi(&key->e, &key->d, &key->N, &key->dQ, &key->dP, &key->qP, &key->p, &key->q, NULL)) != CRYPT_OK) { return err; } /* see if the OpenSSL DER format RSA public key will work */ tmpbuf = XCALLOC(1, MAX_RSA_SIZE*8); if (tmpbuf == NULL) { err = CRYPT_MEM; goto LBL_ERR; } /* this includes the internal hash ID and optional params (NULL in this case) */ LTC_SET_ASN1(ssl_pubkey_hashoid, 0, LTC_ASN1_OBJECT_IDENTIFIER, tmpoid, sizeof(tmpoid)/sizeof(tmpoid[0])); LTC_SET_ASN1(ssl_pubkey_hashoid, 1, LTC_ASN1_NULL, NULL, 0); /* the actual format of the SSL DER key is odd, it stores a RSAPublicKey in a **BIT** string ... so we have to extract it then proceed to convert bit to octet */ LTC_SET_ASN1(ssl_pubkey, 0, LTC_ASN1_SEQUENCE, &ssl_pubkey_hashoid, 2); LTC_SET_ASN1(ssl_pubkey, 1, LTC_ASN1_BIT_STRING, tmpbuf, MAX_RSA_SIZE*8); if (der_decode_sequence(in, inlen, ssl_pubkey, 2UL) == CRYPT_OK) { /* ok now we have to reassemble the BIT STRING to an OCTET STRING. Thanks OpenSSL... */ for (t = y = z = x = 0; x < ssl_pubkey[1].size; x++) { y = (y << 1) | tmpbuf[x]; if (++z == 8) { tmpbuf[t++] = (unsigned char)y; y = 0; z = 0; } } /* now it should be SEQUENCE { INTEGER, INTEGER } */ if ((err = der_decode_sequence_multi(tmpbuf, t, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { XFREE(tmpbuf); goto LBL_ERR; } XFREE(tmpbuf); key->type = PK_PUBLIC; return CRYPT_OK; } XFREE(tmpbuf); /* not SSL public key, try to match against PKCS #1 standards */ if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } if (mp_cmp_d(key->N, 0) == LTC_MP_EQ) { if ((err = mp_init(&zero)) != CRYPT_OK) { goto LBL_ERR; } /* it's a private key */ if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, zero, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_INTEGER, 1UL, key->d, LTC_ASN1_INTEGER, 1UL, key->p, LTC_ASN1_INTEGER, 1UL, key->q, LTC_ASN1_INTEGER, 1UL, key->dP, LTC_ASN1_INTEGER, 1UL, key->dQ, LTC_ASN1_INTEGER, 1UL, key->qP, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { mp_clear(zero); goto LBL_ERR; } mp_clear(zero); key->type = PK_PRIVATE; } else if (mp_cmp_d(key->N, 1) == LTC_MP_EQ) { /* we don't support multi-prime RSA */ err = CRYPT_PK_INVALID_TYPE; goto LBL_ERR; } else { /* it's a public key and we lack e */ if ((err = der_decode_sequence_multi(in, inlen, LTC_ASN1_INTEGER, 1UL, key->N, LTC_ASN1_INTEGER, 1UL, key->e, LTC_ASN1_EOL, 0UL, NULL)) != CRYPT_OK) { goto LBL_ERR; } key->type = PK_PUBLIC; } return CRYPT_OK; LBL_ERR: mp_clear_multi(key->d, key->e, key->N, key->dQ, key->dP, key->qP, key->p, key->q, NULL); return err; }
/* Free route map's compiled `set metric' value. */ static void route_set_metric_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
static int interface_list_ioctl (int af) { int ret; int sock; #define IFNUM_BASE 32 struct lifnum lifn; int ifnum; struct lifreq *lifreq; struct lifconf lifconf; struct interface *ifp; int n; int save_errno; size_t needed, lastneeded = 0; char *buf = NULL; if (zserv_privs.change(ZPRIVS_RAISE)) zlog (NULL, LOG_ERR, "Can't raise privileges"); sock = socket (af, SOCK_DGRAM, 0); if (sock < 0) { zlog_warn ("Can't make %s socket stream: %s", (af == AF_INET ? "AF_INET" : "AF_INET6"), safe_strerror (errno)); if (zserv_privs.change(ZPRIVS_LOWER)) zlog (NULL, LOG_ERR, "Can't lower privileges"); return -1; } calculate_lifc_len: /* must hold privileges to enter here */ lifn.lifn_family = af; lifn.lifn_flags = LIFC_NOXMIT; /* we want NOXMIT interfaces too */ ret = ioctl (sock, SIOCGLIFNUM, &lifn); save_errno = errno; if (zserv_privs.change(ZPRIVS_LOWER)) zlog (NULL, LOG_ERR, "Can't lower privileges"); if (ret < 0) { zlog_warn ("interface_list_ioctl: SIOCGLIFNUM failed %s", safe_strerror (save_errno)); close (sock); return -1; } ifnum = lifn.lifn_count; /* * When calculating the buffer size needed, add a small number * of interfaces to those we counted. We do this to capture * the interface status of potential interfaces which may have * been plumbed between the SIOCGLIFNUM and the SIOCGLIFCONF. */ needed = (ifnum + 4) * sizeof (struct lifreq); if (needed > lastneeded || needed < lastneeded / 2) { if (buf != NULL) XFREE (MTYPE_TMP, buf); if ((buf = XMALLOC (MTYPE_TMP, needed)) == NULL) { zlog_warn ("interface_list_ioctl: malloc failed"); close (sock); return -1; } } lastneeded = needed; lifconf.lifc_family = af; lifconf.lifc_flags = LIFC_NOXMIT; lifconf.lifc_len = needed; lifconf.lifc_buf = buf; if (zserv_privs.change(ZPRIVS_RAISE)) zlog (NULL, LOG_ERR, "Can't raise privileges"); ret = ioctl (sock, SIOCGLIFCONF, &lifconf); if (ret < 0) { if (errno == EINVAL) goto calculate_lifc_len; /* deliberately hold privileges */ zlog_warn ("SIOCGLIFCONF: %s", safe_strerror (errno)); if (zserv_privs.change(ZPRIVS_LOWER)) zlog (NULL, LOG_ERR, "Can't lower privileges"); goto end; } if (zserv_privs.change(ZPRIVS_LOWER)) zlog (NULL, LOG_ERR, "Can't lower privileges"); /* Allocate interface. */ lifreq = lifconf.lifc_req; for (n = 0; n < lifconf.lifc_len; n += sizeof (struct lifreq)) { /* we treat Solaris logical interfaces as addresses, because that is * how PF_ROUTE on Solaris treats them. Hence we can not directly use * the lifreq_name to get the ifp. We need to normalise the name * before attempting get. * * Solaris logical interface names are in the form of: * <interface name>:<logical interface id> */ unsigned int normallen = 0; uint64_t lifflags; /* We should exclude ~IFF_UP interfaces, as we'll find out about them * coming up later through RTM_NEWADDR message on the route socket. */ if (if_get_flags_direct (lifreq->lifr_name, &lifflags, lifreq->lifr_addr.ss_family) || !CHECK_FLAG (lifflags, IFF_UP)) { lifreq++; continue; } /* Find the normalised name */ while ( (normallen < sizeof(lifreq->lifr_name)) && ( *(lifreq->lifr_name + normallen) != '\0') && ( *(lifreq->lifr_name + normallen) != ':') ) normallen++; ifp = if_get_by_name_len(lifreq->lifr_name, normallen); if (lifreq->lifr_addr.ss_family == AF_INET) ifp->flags |= IFF_IPV4; if (lifreq->lifr_addr.ss_family == AF_INET6) { #ifdef HAVE_IPV6 ifp->flags |= IFF_IPV6; #else lifreq++; continue; #endif /* HAVE_IPV6 */ } if_add_update (ifp); interface_info_ioctl (ifp); /* If a logical interface pass the full name so it can be * as a label on the address */ if ( *(lifreq->lifr_name + normallen) != '\0') if_get_addr (ifp, (struct sockaddr *) &lifreq->lifr_addr, lifreq->lifr_name); else if_get_addr (ifp, (struct sockaddr *) &lifreq->lifr_addr, NULL); /* Poke the interface flags. Lets IFF_UP mangling kick in */ if_flags_update (ifp, ifp->flags); lifreq++; } end: close (sock); XFREE (MTYPE_TMP, lifconf.lifc_buf); return ret; }
static int mount_udf(char *mntdir, char *fs_name, char *opts, int on_autofs) { udf_args_t udf_args; mntent_t mnt; int flags; char *str; #if defined(HAVE_UDF_ARGS_T_NOBODY_UID) || defined(HAVE_UDF_ARGS_T_ANON_UID) uid_t uid_nobody; gid_t gid_nobody; #endif /* defined(HAVE_UDF_ARGS_T_NOBODY_UID) || defined(HAVE_UDF_ARGS_T_ANON_UID) */ /* * Figure out the name of the file system type. */ MTYPE_TYPE type = MOUNT_TYPE_UDF; #if defined(HAVE_UDF_ARGS_T_NOBODY_UID) || defined(HAVE_UDF_ARGS_T_ANON_UID) uid_nobody = a_uid("nobody", "user"); if (uid_nobody == 0) { plog(XLOG_ERROR, "mount_udf: invalid uid for nobody"); return EPERM; } #endif /* defined(HAVE_UDF_ARGS_T_NOBODY_UID) || defined(HAVE_UDF_ARGS_T_ANON_UID) */ #if defined(HAVE_UDF_ARGS_T_NOBODY_GID) || defined(HAVE_UDF_ARGS_T_ANON_GID) gid_nobody = a_gid("nobody", "group"); if (gid_nobody == 0) { plog(XLOG_ERROR, "mount_udf: invalid gid for nobody"); return EPERM; } #endif /* defined(HAVE_UDF_ARGS_T_NOBODY_GID) || defined(HAVE_UDF_ARGS_T_ANON_GID) */ str = NULL; memset((voidp) &udf_args, 0, sizeof(udf_args)); /* Paranoid */ /* * Fill in the mount structure */ memset((voidp)&mnt, 0, sizeof(mnt)); mnt.mnt_dir = mntdir; mnt.mnt_fsname = fs_name; mnt.mnt_type = MNTTAB_TYPE_UDF; mnt.mnt_opts = opts; flags = compute_mount_flags(&mnt); #ifdef HAVE_UDF_ARGS_T_UDFMFLAGS # if defined(MNT2_UDF_OPT_CLOSESESSION) && defined(MNTTAB_OPT_CLOSESESSION) if (amu_hasmntopt(&mnt, MNTTAB_OPT_CLOSESESSION)) udf_args.udfmflags |= MNT2_UDF_OPT_CLOSESESSION; # endif /* defined(MNT2_UDF_OPT_CLOSESESSION) && defined(MNTTAB_OPT_CLOSESESSION) */ #endif /* HAVE_UDF_ARGS_T_UDFMFLAGS */ #ifdef HAVE_UDF_ARGS_T_NOBODY_UID udf_args.nobody_uid = uid_nobody; #endif /* HAVE_UDF_ARGS_T_NOBODY_UID */ #ifdef HAVE_UDF_ARGS_T_NOBODY_GID udf_args.nobody_gid = gid_nobody; #endif /* HAVE_UDF_ARGS_T_NOBODY_GID */ #ifdef HAVE_UDF_ARGS_T_ANON_UID udf_args.anon_uid = uid_nobody; /* default to nobody */ if ((str = hasmntstr(&mnt, MNTTAB_OPT_USER)) != NULL) { udf_args.anon_uid = a_uid(str, MNTTAB_OPT_USER); XFREE(str); } #endif /* HAVE_UDF_ARGS_T_ANON_UID */ #ifdef HAVE_UDF_ARGS_T_ANON_GID udf_args.anon_gid = gid_nobody; /* default to nobody */ if ((str = hasmntstr(&mnt, MNTTAB_OPT_GROUP)) != NULL) { udf_args.anon_gid = a_gid(str, MNTTAB_OPT_GROUP); XFREE(str); } #endif /* HAVE_UDF_ARGS_T_ANON_GID */ #ifdef HAVE_UDF_ARGS_T_GMTOFF udf_args.gmtoff = 0; if ((str = hasmntstr(&mnt, MNTTAB_OPT_GMTOFF)) != NULL) { udf_args.gmtoff = a_num(str, MNTTAB_OPT_GMTOFF); XFREE(str); } #endif /* HAVE_UDF_ARGS_T_GMTOFF */ #ifdef HAVE_UDF_ARGS_T_SESSIONNR udf_args.sessionnr = 0; if ((str = hasmntstr(&mnt, MNTTAB_OPT_SESSIONNR)) != NULL) { udf_args.sessionnr = a_num(str, MNTTAB_OPT_SESSIONNR); XFREE(str); } #endif /* HAVE_UDF_ARGS_T_SESSIONNR */ #ifdef HAVE_UDF_ARGS_T_VERSION # ifdef UDFMNT_VERSION udf_args.version = UDFMNT_VERSION; # endif /* UDFMNT_VERSION */ #endif /* HAVE_UDF_ARGS_T_VERSION */ #ifdef HAVE_UFS_ARGS_T_FSPEC udf_args.fspec = fs_name; #endif /* HAVE_UFS_ARGS_T_FSPEC */ /* * Call generic mount routine */ return mount_fs(&mnt, flags, (caddr_t)&udf_args, 0, type, 0, NULL, mnttab_file_name, on_autofs); }
static void deinit(void *a) { LTC_ARGCHKVD(a != NULL); mpz_clear(a); XFREE(a); }
static void route_match_ip_address_prefix_list_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
/* Free route map's compiled `ip address' value. */ void route_match_ip_address_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
/* Free route map's compiled `ip nexthop' value. */ void route_set_ip_nexthop_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
/* Free route map's compiled `match interface' value. */ void route_match_interface_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
void route_match_ip_next_hop_prefix_list_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
/* Free route map's compiled `match metric' value. */ void route_match_metric_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
/** ASN.1 DER Flexi(ble) decoder will decode arbitrary DER packets and create a linked list of the decoded elements. @param in The input buffer @param inlen [in/out] The length of the input buffer and on output the amount of decoded data @param out [out] A pointer to the linked list @return CRYPT_OK on success. */ int der_decode_sequence_flexi(const unsigned char *in, unsigned long *inlen, ltc_asn1_list **out) { ltc_asn1_list *l; unsigned long err, type, len, totlen, data_offset; void *realloc_tmp; LTC_ARGCHK(in != NULL); LTC_ARGCHK(inlen != NULL); LTC_ARGCHK(out != NULL); l = NULL; totlen = 0; /* scan the input and and get lengths and what not */ while (*inlen) { /* read the type byte */ type = *in; /* fetch length */ len = fetch_length(in, *inlen, &data_offset); if (len > *inlen) { err = CRYPT_INVALID_PACKET; goto error; } /* alloc new link */ if (l == NULL) { l = XCALLOC(1, sizeof(*l)); if (l == NULL) { err = CRYPT_MEM; goto error; } } else { l->next = XCALLOC(1, sizeof(*l)); if (l->next == NULL) { err = CRYPT_MEM; goto error; } l->next->prev = l; l = l->next; } if ((type & 0x20) && (type != 0x30) && (type != 0x31)) { /* constructed, use the 'used' field to store the original identifier */ l->used = type; /* treat constructed elements like SETs */ type = 0x20; } else if ((type & 0xC0) == 0x80) { /* context-specific, use the 'used' field to store the original identifier */ l->used = type; /* context-specific elements are treated as opaque data */ type = 0x80; } /* now switch on type */ switch (type) { case 0x01: /* BOOLEAN */ l->type = LTC_ASN1_BOOLEAN; l->size = 1; l->data = XCALLOC(1, sizeof(int)); if ((err = der_decode_boolean(in, *inlen, l->data)) != CRYPT_OK) { goto error; } if ((err = der_length_boolean(&len)) != CRYPT_OK) { goto error; } break; case 0x02: /* INTEGER */ /* init field */ l->type = LTC_ASN1_INTEGER; l->size = 1; if ((err = mp_init(&l->data)) != CRYPT_OK) { goto error; } /* decode field */ if ((err = der_decode_integer(in, *inlen, l->data)) != CRYPT_OK) { goto error; } /* calc length of object */ if ((err = der_length_integer(l->data, &len)) != CRYPT_OK) { goto error; } break; case 0x03: /* BIT */ /* init field */ l->type = LTC_ASN1_BIT_STRING; l->size = len * 8; /* *8 because we store decoded bits one per char and they are encoded 8 per char. */ if ((l->data = XCALLOC(1, l->size)) == NULL) { err = CRYPT_MEM; goto error; } if ((err = der_decode_bit_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { goto error; } if ((err = der_length_bit_string(l->size, &len)) != CRYPT_OK) { goto error; } break; case 0x04: /* OCTET */ /* init field */ l->type = LTC_ASN1_OCTET_STRING; l->size = len; if ((l->data = XCALLOC(1, l->size)) == NULL) { err = CRYPT_MEM; goto error; } if ((err = der_decode_octet_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { goto error; } if ((err = der_length_octet_string(l->size, &len)) != CRYPT_OK) { goto error; } break; case 0x05: /* NULL */ /* valid NULL is 0x05 0x00 */ if (in[0] != 0x05 || in[1] != 0x00) { err = CRYPT_INVALID_PACKET; goto error; } /* simple to store ;-) */ l->type = LTC_ASN1_NULL; l->data = NULL; l->size = 0; len = 2; break; case 0x06: /* OID */ /* init field */ l->type = LTC_ASN1_OBJECT_IDENTIFIER; l->size = len; if ((l->data = XCALLOC(len, sizeof(unsigned long))) == NULL) { err = CRYPT_MEM; goto error; } if ((err = der_decode_object_identifier(in, *inlen, l->data, &l->size)) != CRYPT_OK) { goto error; } if ((err = der_length_object_identifier(l->data, l->size, &len)) != CRYPT_OK) { goto error; } /* resize it to save a bunch of mem */ if ((realloc_tmp = XREALLOC(l->data, l->size * sizeof(unsigned long))) == NULL) { /* out of heap but this is not an error */ break; } l->data = realloc_tmp; break; case 0x0C: /* UTF8 */ /* init field */ l->type = LTC_ASN1_UTF8_STRING; l->size = len; if ((l->data = XCALLOC(sizeof(wchar_t), l->size)) == NULL) { err = CRYPT_MEM; goto error; } if ((err = der_decode_utf8_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { goto error; } if ((err = der_length_utf8_string(l->data, l->size, &len)) != CRYPT_OK) { goto error; } break; case 0x13: /* PRINTABLE */ /* init field */ l->type = LTC_ASN1_PRINTABLE_STRING; l->size = len; if ((l->data = XCALLOC(1, l->size)) == NULL) { err = CRYPT_MEM; goto error; } if ((err = der_decode_printable_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { goto error; } if ((err = der_length_printable_string(l->data, l->size, &len)) != CRYPT_OK) { goto error; } break; case 0x14: /* TELETEXT */ /* init field */ l->type = LTC_ASN1_TELETEX_STRING; l->size = len; if ((l->data = XCALLOC(1, l->size)) == NULL) { err = CRYPT_MEM; goto error; } if ((err = der_decode_teletex_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { goto error; } if ((err = der_length_teletex_string(l->data, l->size, &len)) != CRYPT_OK) { goto error; } break; case 0x16: /* IA5 */ /* init field */ l->type = LTC_ASN1_IA5_STRING; l->size = len; if ((l->data = XCALLOC(1, l->size)) == NULL) { err = CRYPT_MEM; goto error; } if ((err = der_decode_ia5_string(in, *inlen, l->data, &l->size)) != CRYPT_OK) { goto error; } if ((err = der_length_ia5_string(l->data, l->size, &len)) != CRYPT_OK) { goto error; } break; case 0x17: /* UTC TIME */ /* init field */ l->type = LTC_ASN1_UTCTIME; l->size = 1; if ((l->data = XCALLOC(1, sizeof(ltc_utctime))) == NULL) { err = CRYPT_MEM; goto error; } len = *inlen; if ((err = der_decode_utctime(in, &len, l->data)) != CRYPT_OK) { goto error; } if ((err = der_length_utctime(l->data, &len)) != CRYPT_OK) { goto error; } break; case 0x20: /* Any CONSTRUCTED element that is neither SEQUENCE nor SET */ case 0x30: /* SEQUENCE */ case 0x31: /* SET */ /* init field */ if (type == 0x20) { l->type = LTC_ASN1_CONSTRUCTED; } else if (type == 0x30) { l->type = LTC_ASN1_SEQUENCE; } else { l->type = LTC_ASN1_SET; } /* jump to the start of the data */ in += data_offset; *inlen -= data_offset; len = len - data_offset; /* Sequence elements go as child */ if ((err = der_decode_sequence_flexi(in, &len, &(l->child))) != CRYPT_OK) { goto error; } /* len update */ totlen += data_offset; /* the flexi decoder can also do nothing, so make sure a child has been allocated */ if (l->child) { /* link them up y0 */ l->child->parent = l; } break; case 0x80: /* Context-specific */ l->type = LTC_ASN1_CONTEXT_SPECIFIC; if ((l->data = XCALLOC(1, len - data_offset)) == NULL) { err = CRYPT_MEM; goto error; } XMEMCPY(l->data, in + data_offset, len - data_offset); l->size = len - data_offset; break; default: /* invalid byte ... this is a soft error */ /* remove link */ if (l->prev) { l = l->prev; XFREE(l->next); l->next = NULL; } goto outside; } /* advance pointers */ totlen += len; in += len; *inlen -= len; } outside: /* in case we processed anything */ if (totlen) { /* rewind l please */ while (l->prev != NULL || l->parent != NULL) { if (l->parent != NULL) { l = l->parent; } else { l = l->prev; } } } /* return */ *out = l; *inlen = totlen; return CRYPT_OK; error: /* free list */ der_sequence_free(l); return err; }
int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, buffer* responseBuffer) { OcspEntry* entry = NULL; CertStatus* status = NULL; byte* request = NULL; int requestSz = 2048; byte* response = NULL; const char* url = NULL; int urlSz = 0; int ret = -1; #ifdef WOLFSSL_SMALL_STACK CertStatus* newStatus; OcspResponse* ocspResponse; #else CertStatus newStatus[1]; OcspResponse ocspResponse[1]; #endif WOLFSSL_ENTER("CheckOcspRequest"); if (responseBuffer) { responseBuffer->buffer = NULL; responseBuffer->length = 0; } ret = GetOcspEntry(ocsp, ocspRequest, &entry); if (ret != 0) return ret; ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer); if (ret != OCSP_INVALID_STATUS) return ret; if (ocsp->cm->ocspUseOverrideURL) { url = ocsp->cm->ocspOverrideURL; if (url != NULL && url[0] != '\0') urlSz = (int)XSTRLEN(url); else return OCSP_NEED_URL; } else if (ocspRequest->urlSz != 0 && ocspRequest->url != NULL) { url = (const char *)ocspRequest->url; urlSz = ocspRequest->urlSz; } else { /* cert doesn't have extAuthInfo, assuming CERT_GOOD */ return 0; } request = (byte*)XMALLOC(requestSz, NULL, DYNAMIC_TYPE_OCSP); if (request == NULL) { WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_ERROR; } #ifdef WOLFSSL_SMALL_STACK newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, DYNAMIC_TYPE_TMP_BUFFER); ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (newStatus == NULL || ocspResponse == NULL) { if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(request, NULL, DYNAMIC_TYPE_OCSP); WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_E; } #endif requestSz = EncodeOcspRequest(ocspRequest, request, requestSz); if (ocsp->cm->ocspIOCb) ret = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz, request, requestSz, &response); if (ret >= 0 && response) { XMEMSET(newStatus, 0, sizeof(CertStatus)); InitOcspResponse(ocspResponse, newStatus, response, ret); OcspResponseDecode(ocspResponse, ocsp->cm); if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) ret = OCSP_LOOKUP_FAIL; else { if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) { if (responseBuffer) { responseBuffer->buffer = (byte*)XMALLOC(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (responseBuffer->buffer) { responseBuffer->length = ret; XMEMCPY(responseBuffer->buffer, response, ret); } } ret = xstat2err(ocspResponse->status->status); if (LockMutex(&ocsp->ocspLock) != 0) ret = BAD_MUTEX_E; else { if (status != NULL) { if (status->rawOcspResponse) XFREE(status->rawOcspResponse, NULL, DYNAMIC_TYPE_OCSP_STATUS); /* Replace existing certificate entry with updated */ XMEMCPY(status, newStatus, sizeof(CertStatus)); } else { /* Save new certificate entry */ status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, DYNAMIC_TYPE_OCSP_STATUS); if (status != NULL) { XMEMCPY(status, newStatus, sizeof(CertStatus)); status->next = entry->status; entry->status = status; entry->totalStatus++; } } if (status && responseBuffer && responseBuffer->buffer) { status->rawOcspResponse = (byte*)XMALLOC( responseBuffer->length, NULL, DYNAMIC_TYPE_OCSP_STATUS); if (status->rawOcspResponse) { status->rawOcspResponseSz = responseBuffer->length; XMEMCPY(status->rawOcspResponse, responseBuffer->buffer, responseBuffer->length); } } UnLockMutex(&ocsp->ocspLock); } } else ret = OCSP_LOOKUP_FAIL; } } else ret = OCSP_LOOKUP_FAIL; #ifdef WOLFSSL_SMALL_STACK XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif if (response != NULL && ocsp->cm->ocspRespFreeCb) ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response); WOLFSSL_LEAVE("CheckOcspRequest", ret); return ret; }
static void bnc_free (struct bgp_nexthop_cache *bnc) { bnc_nexthop_free (bnc); XFREE (MTYPE_BGP_NEXTHOP_CACHE, bnc); }
/* Interface looking up using infamous SIOCGIFCONF. */ int interface_list_ioctl () { int ret; int sock; #define IFNUM_BASE 32 int ifnum; struct ifreq *ifreq; struct ifconf ifconf; struct interface_FOO *ifp; int n; int lastlen; /* Normally SIOCGIFCONF works with AF_INET socket. */ sock = socket (AF_INET, SOCK_DGRAM, 0); if (sock < 0) { zlog_warn ("Can't make AF_INET socket stream: %s", safe_strerror (errno)); return -1; } /* Set initial ifreq count. This will be double when SIOCGIFCONF fail. Solaris has SIOCGIFNUM. */ #ifdef SIOCGIFNUM ret = ioctl (sock, SIOCGIFNUM, &ifnum); if (ret < 0) ifnum = IFNUM_BASE; else ifnum++; #else ifnum = IFNUM_BASE; #endif /* SIOCGIFNUM */ ifconf.ifc_buf = NULL; lastlen = 0; /* Loop until SIOCGIFCONF success. */ for (;;) { ifconf.ifc_len = sizeof (struct ifreq) * ifnum; ifconf.ifc_buf = XREALLOC(MTYPE_TMP, ifconf.ifc_buf, ifconf.ifc_len); ret = ioctl(sock, SIOCGIFCONF, &ifconf); if (ret < 0) { zlog_warn ("SIOCGIFCONF: %s", safe_strerror(errno)); goto end; } /* Repeatedly get info til buffer fails to grow. */ if (ifconf.ifc_len > lastlen) { lastlen = ifconf.ifc_len; ifnum += 10; continue; } /* Success. */ break; } /* Allocate interface. */ ifreq = ifconf.ifc_req; #ifdef OPEN_BSD for (n = 0; n < ifconf.ifc_len; ) { int size; ifreq = (struct ifreq *)((caddr_t) ifconf.ifc_req + n); ifp = if_get_by_name (ifreq->ifr_name); if_add_update (ifp); size = ifreq->ifr_addr.sa_len; if (size < sizeof (ifreq->ifr_addr)) size = sizeof (ifreq->ifr_addr); size += sizeof (ifreq->ifr_name); n += size; } #else for (n = 0; n < ifconf.ifc_len; n += sizeof(struct ifreq)) { ifp = if_get_by_name (ifreq->ifr_name); if_add_update (ifp); ifreq++; } #endif /* OPEN_BSD */ end: close (sock); XFREE (MTYPE_TMP, ifconf.ifc_buf); return ret; }
void bgp_connected_delete (struct connected *ifc) { struct prefix p; struct prefix *addr; struct interface *ifp; struct bgp_node *rn; struct bgp_connected_ref *bc; ifp = ifc->ifp; if (if_is_loopback (ifp)) return; addr = ifc->address; if (addr->family == AF_INET) { PREFIX_COPY_IPV4(&p, CONNECTED_PREFIX(ifc)); apply_mask_ipv4 ((struct prefix_ipv4 *) &p); if (prefix_ipv4_any ((struct prefix_ipv4 *) &p)) return; rn = bgp_node_lookup (bgp_connected_table[AFI_IP], &p); if (! rn) return; bc = rn->info; bc->refcnt--; if (bc->refcnt == 0) { XFREE (MTYPE_BGP_CONN, bc); rn->info = NULL; } bgp_unlock_node (rn); bgp_unlock_node (rn); } #ifdef HAVE_IPV6 else if (addr->family == AF_INET6) { PREFIX_COPY_IPV6(&p, CONNECTED_PREFIX(ifc)); apply_mask_ipv6 ((struct prefix_ipv6 *) &p); if (IN6_IS_ADDR_UNSPECIFIED (&p.u.prefix6)) return; if (IN6_IS_ADDR_LINKLOCAL (&p.u.prefix6)) return; rn = bgp_node_lookup (bgp_connected_table[AFI_IP6], (struct prefix *) &p); if (! rn) return; bc = rn->info; bc->refcnt--; if (bc->refcnt == 0) { XFREE (MTYPE_BGP_CONN, bc); rn->info = NULL; } bgp_unlock_node (rn); bgp_unlock_node (rn); } #endif /* HAVE_IPV6 */ }
/** Create a DSA key @param prng An active PRNG state @param wprng The index of the PRNG desired @param group_size Size of the multiplicative group (octets) @param modulus_size Size of the modulus (octets) @param key [out] Where to store the created key @return CRYPT_OK if successful, upon error this function will free all allocated memory */ int dsa_make_key(prng_state *prng, int wprng, int group_size, int modulus_size, dsa_key *key) { void *tmp, *tmp2; int err, res; unsigned char *buf; LTC_ARGCHK(key != NULL); LTC_ARGCHK(ltc_mp.name != NULL); /* check prng */ if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } /* check size */ if (group_size >= LTC_MDSA_MAX_GROUP || group_size <= 15 || group_size >= modulus_size || (modulus_size - group_size) >= LTC_MDSA_DELTA) { return CRYPT_INVALID_ARG; } /* allocate ram */ buf = XMALLOC(LTC_MDSA_DELTA); if (buf == NULL) { return CRYPT_MEM; } /* init mp_ints */ if ((err = mp_init_multi(&tmp, &tmp2, &key->g, &key->q, &key->p, &key->x, &key->y, NULL)) != CRYPT_OK) { XFREE(buf); return err; } /* make our prime q */ if ((err = rand_prime(key->q, group_size, prng, wprng)) != CRYPT_OK) { goto error; } /* double q */ if ((err = mp_add(key->q, key->q, tmp)) != CRYPT_OK) { goto error; } /* now make a random string and multply it against q */ if (prng_descriptor[wprng]->read(buf+1, modulus_size - group_size, prng) != (unsigned long)(modulus_size - group_size)) { err = CRYPT_ERROR_READPRNG; goto error; } /* force magnitude */ buf[0] |= 0xC0; /* force even */ buf[modulus_size - group_size - 1] &= ~1; if ((err = mp_read_unsigned_bin(tmp2, buf, modulus_size - group_size)) != CRYPT_OK) { goto error; } if ((err = mp_mul(key->q, tmp2, key->p)) != CRYPT_OK) { goto error; } if ((err = mp_add_d(key->p, 1, key->p)) != CRYPT_OK) { goto error; } /* now loop until p is prime */ for (;;) { if ((err = mp_prime_is_prime(key->p, 8, &res)) != CRYPT_OK) { goto error; } if (res == LTC_MP_YES) break; /* add 2q to p and 2 to tmp2 */ if ((err = mp_add(tmp, key->p, key->p)) != CRYPT_OK) { goto error; } if ((err = mp_add_d(tmp2, 2, tmp2)) != CRYPT_OK) { goto error; } } /* now p = (q * tmp2) + 1 is prime, find a value g for which g^tmp2 != 1 */ mp_set(key->g, 1); do { if ((err = mp_add_d(key->g, 1, key->g)) != CRYPT_OK) { goto error; } if ((err = mp_exptmod(key->g, tmp2, key->p, tmp)) != CRYPT_OK) { goto error; } } while (mp_cmp_d(tmp, 1) == LTC_MP_EQ); /* at this point tmp generates a group of order q mod p */ mp_exch(tmp, key->g); /* so now we have our DH structure, generator g, order q, modulus p Now we need a random exponent [mod q] and it's power g^x mod p */ do { if (prng_descriptor[wprng]->read(buf, group_size, prng) != (unsigned long)group_size) { err = CRYPT_ERROR_READPRNG; goto error; } if ((err = mp_read_unsigned_bin(key->x, buf, group_size)) != CRYPT_OK) { goto error; } } while (mp_cmp_d(key->x, 1) != LTC_MP_GT); if ((err = mp_exptmod(key->g, key->x, key->p, key->y)) != CRYPT_OK) { goto error; } key->type = PK_PRIVATE; key->qord = group_size; #ifdef LTC_CLEAN_STACK zeromem(buf, LTC_MDSA_DELTA); #endif err = CRYPT_OK; goto done; error: mp_clear_multi(key->g, key->q, key->p, key->x, key->y, NULL); done: mp_clear_multi(tmp, tmp2, NULL); XFREE(buf); return err; }
static int amfs_program_exec(char *info) { char **xivec; int error; /* * Split copy of command info string */ info = strdup(info); if (info == 0) return ENOBUFS; xivec = strsplit(info, ' ', '\''); /* * Put stdout to stderr */ (void) fclose(stdout); if (!logfp) logfp = stderr; /* initialize before possible first use */ (void) dup(fileno(logfp)); if (fileno(logfp) != fileno(stderr)) { (void) fclose(stderr); (void) dup(fileno(logfp)); } /* * Try the exec */ if (amuDebug(D_FULL)) { char **cp = xivec; plog(XLOG_DEBUG, "executing (un)mount command..."); while (*cp) { plog(XLOG_DEBUG, "arg[%ld] = '%s'", (long) (cp - xivec), *cp); cp++; } } if (xivec[0] == 0 || xivec[1] == 0) { errno = EINVAL; plog(XLOG_USER, "1st/2nd args missing to (un)mount program"); } else { (void) execv(xivec[0], xivec + 1); } /* * Save error number */ error = errno; plog(XLOG_ERROR, "exec failed: %m"); /* * Free allocate memory */ XFREE(info); XFREE(xivec); /* * Return error */ return error; }
/** Terminate an HMAC session @param hmac The HMAC state @param out [out] The destination of the HMAC authentication tag @param outlen [in/out] The max size and resulting size of the HMAC authentication tag @return CRYPT_OK if successful */ int hmac_done(hmac_state *hmac, unsigned char *out, unsigned long *outlen) { unsigned char *buf, *isha; unsigned long hashsize, i; int hash, err; LTC_ARGCHK(hmac != NULL); LTC_ARGCHK(out != NULL); /* test hash */ hash = hmac->hash; if((err = hash_is_valid(hash)) != CRYPT_OK) { return err; } /* get the hash message digest size */ hashsize = hash_descriptor[hash].hashsize; /* allocate buffers */ buf = XMALLOC(HMAC_BLOCKSIZE); isha = XMALLOC(hashsize); if (buf == NULL || isha == NULL) { if (buf != NULL) { XFREE(buf); } if (isha != NULL) { XFREE(isha); } return CRYPT_MEM; } /* Get the hash of the first HMAC vector plus the data */ if ((err = hash_descriptor[hash].done(&hmac->md, isha)) != CRYPT_OK) { goto LBL_ERR; } /* Create the second HMAC vector vector for step (3) */ for(i=0; i < HMAC_BLOCKSIZE; i++) { buf[i] = hmac->key[i] ^ 0x5C; } /* Now calculate the "outer" hash for step (5), (6), and (7) */ if ((err = hash_descriptor[hash].init(&hmac->md)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash].process(&hmac->md, buf, HMAC_BLOCKSIZE)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash].process(&hmac->md, isha, hashsize)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash].done(&hmac->md, buf)) != CRYPT_OK) { goto LBL_ERR; } /* copy to output */ for (i = 0; i < hashsize && i < *outlen; i++) { out[i] = buf[i]; } *outlen = i; err = CRYPT_OK; LBL_ERR: XFREE(hmac->key); #ifdef LTC_CLEAN_STACK zeromem(isha, hashsize); zeromem(buf, hashsize); zeromem(hmac, sizeof(*hmac)); #endif XFREE(isha); XFREE(buf); return err; }
/* Status goes to Established. Send keepalive packet then make first update information. */ static int bgp_establish (struct peer *peer) { struct bgp_notify *notify; afi_t afi; safi_t safi; int nsf_af_count = 0; /* Reset capability open status flag. */ if (! CHECK_FLAG (peer->sflags, PEER_STATUS_CAPABILITY_OPEN)) SET_FLAG (peer->sflags, PEER_STATUS_CAPABILITY_OPEN); /* Clear last notification data. */ notify = &peer->notify; if (notify->data) XFREE (MTYPE_TMP, notify->data); memset (notify, 0, sizeof (struct bgp_notify)); /* Clear start timer value to default. */ peer->v_start = BGP_INIT_START_TIMER; /* Increment established count. */ peer->established++; bgp_fsm_change_status (peer, Established); /* bgp log-neighbor-changes of neighbor Up */ if (bgp_flag_check (peer->bgp, BGP_FLAG_LOG_NEIGHBOR_CHANGES)) zlog_info ("%%ADJCHANGE: neighbor %s Up", peer->host); /* graceful restart */ UNSET_FLAG (peer->sflags, PEER_STATUS_NSF_WAIT); for (afi = AFI_IP ; afi < AFI_MAX ; afi++) for (safi = SAFI_UNICAST ; safi < SAFI_RESERVED_3 ; safi++) { if (peer->afc_nego[afi][safi] && CHECK_FLAG (peer->cap, PEER_CAP_RESTART_ADV) && CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_RESTART_AF_RCV)) { if (peer->nsf[afi][safi] && ! CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_RESTART_AF_PRESERVE_RCV)) bgp_clear_stale_route (peer, afi, safi); peer->nsf[afi][safi] = 1; nsf_af_count++; } else { if (peer->nsf[afi][safi]) bgp_clear_stale_route (peer, afi, safi); peer->nsf[afi][safi] = 0; } } if (nsf_af_count) SET_FLAG (peer->sflags, PEER_STATUS_NSF_MODE); else { UNSET_FLAG (peer->sflags, PEER_STATUS_NSF_MODE); if (peer->t_gr_stale) { BGP_TIMER_OFF (peer->t_gr_stale); if (BGP_DEBUG (events, EVENTS)) zlog_debug ("%s graceful restart stalepath timer stopped", peer->host); } } if (peer->t_gr_restart) { BGP_TIMER_OFF (peer->t_gr_restart); if (BGP_DEBUG (events, EVENTS)) zlog_debug ("%s graceful restart timer stopped", peer->host); } #ifdef HAVE_SNMP bgpTrapEstablished (peer); #endif /* HAVE_SNMP */ /* Reset uptime, send keepalive, send current table. */ peer->uptime = bgp_clock (); /* Send route-refresh when ORF is enabled */ for (afi = AFI_IP ; afi < AFI_MAX ; afi++) for (safi = SAFI_UNICAST ; safi < SAFI_MAX ; safi++) if (CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_ADV)) { if (CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_RM_RCV)) bgp_route_refresh_send (peer, afi, safi, ORF_TYPE_PREFIX, REFRESH_IMMEDIATE, 0); else if (CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_RM_OLD_RCV)) bgp_route_refresh_send (peer, afi, safi, ORF_TYPE_PREFIX_OLD, REFRESH_IMMEDIATE, 0); } if (peer->v_keepalive) bgp_keepalive_send (peer); /* First update is deferred until ORF or ROUTE-REFRESH is received */ for (afi = AFI_IP ; afi < AFI_MAX ; afi++) for (safi = SAFI_UNICAST ; safi < SAFI_MAX ; safi++) if (CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_RM_ADV)) if (CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_RCV) || CHECK_FLAG (peer->af_cap[afi][safi], PEER_CAP_ORF_PREFIX_SM_OLD_RCV)) SET_FLAG (peer->af_sflags[afi][safi], PEER_STATUS_ORF_WAIT_REFRESH); bgp_announce_route_all (peer); BGP_TIMER_ON (peer->t_routeadv, bgp_routeadv_timer, 1); return 0; }
/** Perform PKCS #1 MGF1 (internal) @param hash_idx The index of the hash desired @param seed The seed for MGF1 @param seedlen The length of the seed @param mask [out] The destination @param masklen The length of the mask desired @return CRYPT_OK if successful */ int pkcs_1_mgf1(int hash_idx, const unsigned char *seed, unsigned long seedlen, unsigned char *mask, unsigned long masklen) { unsigned long hLen, x; ulong32 counter; int err; hash_state *md; unsigned char *buf; LTC_ARGCHK(seed != NULL); LTC_ARGCHK(mask != NULL); /* ensure valid hash */ if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) { return err; } /* get hash output size */ hLen = hash_descriptor[hash_idx].hashsize; /* allocate memory */ md = XMALLOC(sizeof(hash_state)); buf = XMALLOC(hLen); if (md == NULL || buf == NULL) { if (md != NULL) { XFREE(md); } if (buf != NULL) { XFREE(buf); } return CRYPT_MEM; } /* start counter */ counter = 0; while (masklen > 0) { /* handle counter */ STORE32H(counter, buf); ++counter; /* get hash of seed || counter */ if ((err = hash_descriptor[hash_idx].init(md)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash_idx].process(md, seed, seedlen)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash_idx].process(md, buf, 4)) != CRYPT_OK) { goto LBL_ERR; } if ((err = hash_descriptor[hash_idx].done(md, buf)) != CRYPT_OK) { goto LBL_ERR; } /* store it */ for (x = 0; x < hLen && masklen > 0; x++, masklen--) { *mask++ = buf[x]; } } err = CRYPT_OK; LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(buf, hLen); zeromem(md, sizeof(hash_state)); #endif XFREE(buf); XFREE(md); return err; }
int EmbedOcspLookup(void* ctx, const char* url, int urlSz, byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf) { SOCKET_T sfd = 0; word16 port; int ret = -1; #ifdef WOLFSSL_SMALL_STACK char* path; char* domainName; #else char path[80]; char domainName[80]; #endif #ifdef WOLFSSL_SMALL_STACK path = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (path == NULL) return -1; domainName = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (domainName == NULL) { XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER); return -1; } #endif (void)ctx; if (ocspReqBuf == NULL || ocspReqSz == 0) { WOLFSSL_MSG("OCSP request is required for lookup"); } else if (ocspRespBuf == NULL) { WOLFSSL_MSG("Cannot save OCSP response"); } else if (decode_url(url, urlSz, domainName, path, &port) < 0) { WOLFSSL_MSG("Unable to decode OCSP URL"); } else { /* Note, the library uses the EmbedOcspRespFree() callback to * free this buffer. */ int httpBufSz = SCRATCH_BUFFER_SIZE; byte* httpBuf = (byte*)XMALLOC(httpBufSz, NULL, DYNAMIC_TYPE_OCSP); if (httpBuf == NULL) { WOLFSSL_MSG("Unable to create OCSP response buffer"); } else { httpBufSz = build_http_request(domainName, path, ocspReqSz, httpBuf, httpBufSz); if ((tcp_connect(&sfd, domainName, port) != 0) || (sfd <= 0)) { WOLFSSL_MSG("OCSP Responder connection failed"); } else if ((int)send(sfd, (char*)httpBuf, httpBufSz, 0) != httpBufSz) { WOLFSSL_MSG("OCSP http request failed"); } else if ((int)send(sfd, (char*)ocspReqBuf, ocspReqSz, 0) != ocspReqSz) { WOLFSSL_MSG("OCSP ocsp request failed"); } else { ret = process_http_response(sfd, ocspRespBuf, httpBuf, SCRATCH_BUFFER_SIZE); } close(sfd); XFREE(httpBuf, NULL, DYNAMIC_TYPE_OCSP); } } #ifdef WOLFSSL_SMALL_STACK XFREE(path, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(domainName, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; }
void NativeFunction::prep(STATE, int arg_count, int *arg_types, int ret_type) { ffi_type **types; ffi_status status; ffi_type *rtype; int i; types = ALLOC_N(ffi_type*, arg_count); for(i = 0; i < arg_count; i++) { switch(arg_types[i]) { case RBX_FFI_TYPE_CHAR: types[i] = &ffi_type_schar; break; case RBX_FFI_TYPE_UCHAR: types[i] = &ffi_type_uchar; break; case RBX_FFI_TYPE_SHORT: types[i] = &ffi_type_sshort; break; case RBX_FFI_TYPE_USHORT: types[i] = &ffi_type_ushort; break; case RBX_FFI_TYPE_INT: types[i] = &ffi_type_sint; break; case RBX_FFI_TYPE_UINT: types[i] = &ffi_type_uint; break; case RBX_FFI_TYPE_LONG: types[i] = &ffi_type_slong; break; case RBX_FFI_TYPE_ULONG: types[i] = &ffi_type_ulong; break; case RBX_FFI_TYPE_FLOAT: types[i] = &ffi_type_float; break; case RBX_FFI_TYPE_DOUBLE: types[i] = &ffi_type_double; break; case RBX_FFI_TYPE_LONG_LONG: types[i] = &ffi_type_sint64; break; case RBX_FFI_TYPE_ULONG_LONG: types[i] = &ffi_type_uint64; break; case RBX_FFI_TYPE_OBJECT: case RBX_FFI_TYPE_PTR: case RBX_FFI_TYPE_CALLBACK: case RBX_FFI_TYPE_STRING: case RBX_FFI_TYPE_STATE: types[i] = &ffi_type_pointer; break; } } switch(ret_type) { case RBX_FFI_TYPE_CHAR: rtype = &ffi_type_schar; break; case RBX_FFI_TYPE_UCHAR: rtype = &ffi_type_uchar; break; case RBX_FFI_TYPE_SHORT: rtype = &ffi_type_sshort; break; case RBX_FFI_TYPE_USHORT: rtype = &ffi_type_ushort; break; case RBX_FFI_TYPE_INT: rtype = &ffi_type_sint; break; case RBX_FFI_TYPE_UINT: rtype = &ffi_type_uint; break; case RBX_FFI_TYPE_LONG: rtype = &ffi_type_slong; break; case RBX_FFI_TYPE_ULONG: rtype = &ffi_type_ulong; break; case RBX_FFI_TYPE_FLOAT: rtype = &ffi_type_float; break; case RBX_FFI_TYPE_DOUBLE: rtype = &ffi_type_double; break; case RBX_FFI_TYPE_LONG_LONG: rtype = &ffi_type_sint64; break; case RBX_FFI_TYPE_ULONG_LONG: rtype = &ffi_type_uint64; break; case RBX_FFI_TYPE_OBJECT: case RBX_FFI_TYPE_PTR: case RBX_FFI_TYPE_STRING: case RBX_FFI_TYPE_STATE: case RBX_FFI_TYPE_STRPTR: rtype = &ffi_type_pointer; break; default: case RBX_FFI_TYPE_VOID: rtype = &ffi_type_void; break; } int* out_arg_types = ALLOC_N(int, arg_count); memcpy(out_arg_types, arg_types, sizeof(int) * arg_count); FFIData* data = FFIData::create(this, arg_count, out_arg_types, ret_type); status = ffi_prep_cif(&data->cif, FFI_DEFAULT_ABI, arg_count, rtype, types); if(status != FFI_OK) { XFREE(out_arg_types); sassert(status == FFI_OK); } state->shared.om->add_code_resource(data); this->ffi_data = data; }
/** f9 a file @param cipher The index of the cipher desired @param key The secret key @param keylen The length of the secret key (octets) @param fname The name of the file you wish to f9 @param out [out] Where the authentication tag is to be stored @param outlen [in/out] The max size and resulting size of the authentication tag @return CRYPT_OK if successful, CRYPT_NOP if file support has been disabled */ int f9_file(int cipher, const unsigned char *key, unsigned long keylen, const char *fname, unsigned char *out, unsigned long *outlen) { #ifdef LTC_NO_FILE LTC_UNUSED_PARAM(cipher); LTC_UNUSED_PARAM(key); LTC_UNUSED_PARAM(keylen); LTC_UNUSED_PARAM(fname); LTC_UNUSED_PARAM(out); LTC_UNUSED_PARAM(outlen); return CRYPT_NOP; #else size_t x; int err; f9_state f9; FILE *in; unsigned char *buf; LTC_ARGCHK(key != NULL); LTC_ARGCHK(fname != NULL); LTC_ARGCHK(out != NULL); LTC_ARGCHK(outlen != NULL); if ((buf = XMALLOC(LTC_FILE_READ_BUFSIZE)) == NULL) { return CRYPT_MEM; } if ((err = f9_init(&f9, cipher, key, keylen)) != CRYPT_OK) { goto LBL_ERR; } in = fopen(fname, "rb"); if (in == NULL) { err = CRYPT_FILE_NOTFOUND; goto LBL_ERR; } do { x = fread(buf, 1, LTC_FILE_READ_BUFSIZE, in); if ((err = f9_process(&f9, buf, (unsigned long)x)) != CRYPT_OK) { fclose(in); goto LBL_CLEANBUF; } } while (x == LTC_FILE_READ_BUFSIZE); if (fclose(in) != 0) { err = CRYPT_ERROR; goto LBL_CLEANBUF; } err = f9_done(&f9, out, outlen); LBL_CLEANBUF: zeromem(buf, LTC_FILE_READ_BUFSIZE); LBL_ERR: #ifdef LTC_CLEAN_STACK zeromem(&f9, sizeof(f9_state)); #endif XFREE(buf); return err; #endif }
FFIData::~FFIData() { free(arg_types); XFREE(cif.arg_types); if(closure) ffi_closure_free(closure); }
/* Free route map's compiled `match tag' value. */ static void route_match_tag_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
/** Sign a hash with DSA @param in The hash to sign @param inlen The length of the hash to sign @param r The "r" integer of the signature (caller must initialize with mp_init() first) @param s The "s" integer of the signature (caller must initialize with mp_init() first) @param prng An active PRNG state @param wprng The index of the PRNG desired @param key A private DSA key @return CRYPT_OK if successful */ int dsa_sign_hash_raw(const unsigned char *in, unsigned long inlen, mp_int *r, mp_int *s, prng_state *prng, int wprng, dsa_key *key) { mp_int k, kinv, tmp; unsigned char *buf; int err; LTC_ARGCHK(in != NULL); LTC_ARGCHK(r != NULL); LTC_ARGCHK(s != NULL); LTC_ARGCHK(key != NULL); if ((err = prng_is_valid(wprng)) != CRYPT_OK) { return err; } if (key->type != PK_PRIVATE) { return CRYPT_PK_NOT_PRIVATE; } /* check group order size */ if (key->qord >= MDSA_MAX_GROUP) { return CRYPT_INVALID_ARG; } buf = XMALLOC(MDSA_MAX_GROUP); if (buf == NULL) { return CRYPT_MEM; } /* Init our temps */ if ((err = mp_init_multi(&k, &kinv, &tmp, NULL)) != MP_OKAY) { goto error; } retry: do { /* gen random k */ if (prng_descriptor[wprng].read(buf, key->qord, prng) != (unsigned long)key->qord) { err = CRYPT_ERROR_READPRNG; goto LBL_ERR; } /* read k */ if ((err = mp_read_unsigned_bin(&k, buf, key->qord)) != MP_OKAY) { goto error; } /* k > 1 ? */ if (mp_cmp_d(&k, 1) != MP_GT) { goto retry; } /* test gcd */ if ((err = mp_gcd(&k, &key->q, &tmp)) != MP_OKAY) { goto error; } } while (mp_cmp_d(&tmp, 1) != MP_EQ); /* now find 1/k mod q */ if ((err = mp_invmod(&k, &key->q, &kinv)) != MP_OKAY) { goto error; } /* now find r = g^k mod p mod q */ if ((err = mp_exptmod(&key->g, &k, &key->p, r)) != MP_OKAY) { goto error; } if ((err = mp_mod(r, &key->q, r)) != MP_OKAY) { goto error; } if (mp_iszero(r) == MP_YES) { goto retry; } /* now find s = (in + xr)/k mod q */ if ((err = mp_read_unsigned_bin(&tmp, (unsigned char *)in, inlen)) != MP_OKAY) { goto error; } if ((err = mp_mul(&key->x, r, s)) != MP_OKAY) { goto error; } if ((err = mp_add(s, &tmp, s)) != MP_OKAY) { goto error; } if ((err = mp_mulmod(s, &kinv, &key->q, s)) != MP_OKAY) { goto error; } if (mp_iszero(s) == MP_YES) { goto retry; } err = CRYPT_OK; goto LBL_ERR; error: err = mpi_to_ltc_error(err); LBL_ERR: mp_clear_multi(&k, &kinv, &tmp, NULL); #ifdef LTC_CLEAN_STACK zeromem(buf, MDSA_MAX_GROUP); #endif XFREE(buf); return err; }
/* Free route map's compiled `ipv6 nexthop local' value. */ static void route_set_ipv6_nexthop_local_free (void *rule) { XFREE (MTYPE_ROUTE_MAP_COMPILED, rule); }
void freeconf() { XFREE(conf.live_ftp); freecf(file); }