{
while (n--)
{
- chunk_t blob = empty_chunk;
+ chunk_t blob = chunk_empty;
bool pgp = FALSE;
if (load_coded_file(filelist[n]->d_name, NULL, "acert", &blob, &pgp))
case OID_SHA1:
return ASN1_sha1_id;
default:
- return empty_chunk;
+ return chunk_empty;
}
}
if (n < 0 || n >= OID_MAX)
{
- return empty_chunk;
+ return chunk_empty;
}
i = oid_names[n].level + 1;
chunk_t *blob1;
u_char *start_ptr;
- *object = empty_chunk;
+ *object = chunk_empty;
if (obj.flags & ASN1_END) /* end of loop or option found */
{
while ((*pathlen)++ < MAX_CA_PATH_LEN)
{
- x509cert_t *cacert = get_authcert(a, empty_chunk, empty_chunk, AUTH_CA);
+ x509cert_t *cacert = get_authcert(a, chunk_empty, chunk_empty, AUTH_CA);
/* cacert not found or self-signed root cacert-> exit */
if (cacert == NULL || same_dn(cacert->issuer, a))
case CERT_X509_SIGNATURE:
return cert.u.x509->certificate;
default:
- return empty_chunk;
+ return chunk_empty;
}
}
/* a conversion error has occured */
plog(" %s", ugh);
free(blob->ptr);
- *blob = empty_chunk;
+ *blob = chunk_empty;
}
else
{
{
err_t ugh = NULL;
bool pgp = FALSE;
- chunk_t blob = empty_chunk;
+ chunk_t blob = chunk_empty;
const char *path = concatenate_paths(PRIVATE_KEY_PATH, filename);
load_cert(const char *filename, const char *label, cert_t *cert)
{
bool pgp = FALSE;
- chunk_t blob = empty_chunk;
+ chunk_t blob = chunk_empty;
/* initialize cert struct */
cert->type = CERT_NONE;
}
}
- dst->ca = empty_chunk;
+ dst->ca = chunk_empty;
/* decode CA distinguished name, if any */
if (src->ca != NULL)
if (ugh != NULL)
{
plog("bad CA string '%s': %s (ignored)", src->ca, ugh);
- dst->ca = empty_chunk;
+ dst->ca = chunk_empty;
}
}
}
}
return p1st->st_peer_pubkey->issuer;
}
- return empty_chunk;
+ return chunk_empty;
}
struct connection *
while (n--)
{
bool pgp = FALSE;
- chunk_t blob = empty_chunk;
+ chunk_t blob = chunk_empty;
char *filename = filelist[n]->d_name;
if (load_coded_file(filename, NULL, "crl", &blob, &pgp))
asn1_ctx_t ctx;
bool critical;
chunk_t extnID;
- chunk_t userCertificate = empty_chunk;
+ chunk_t userCertificate = chunk_empty;
chunk_t object;
u_int level;
int objectID = 0;
#include "log.h"
#include "whack.h" /* for RC_LOG_SERIOUS */
-const chunk_t empty_chunk = { NULL, 0 };
+const chunk_t chunk_empty = { NULL, 0 };
bool
all_zero(const unsigned char *m, size_t len)
extern char* temporary_cyclic_buffer(void);
extern const char* concatenate_paths(const char *a, const char *b);
-extern const chunk_t empty_chunk;
+extern const chunk_t chunk_empty;
/* compare two chunks */
extern int cmp_chunk(chunk_t a, chunk_t b);
{
#ifdef LIBCURL
char errorbuffer[CURL_ERROR_SIZE] = "";
- chunk_t response = empty_chunk;
+ chunk_t response = chunk_empty;
CURLcode res;
/* get it with libcurl */
while (req != NULL)
{
bool valid_crl = FALSE;
- chunk_t blob = empty_chunk;
+ chunk_t blob = chunk_empty;
generalName_t *gn = req->distributionPoints;
const char *ldaphost;
ca_info_t *ca;
{
#ifdef LIBCURL
chunk_t request;
- chunk_t response = empty_chunk;
+ chunk_t response = chunk_empty;
CURL* curl;
CURLcode res;
struct connection *c = st->st_connection;
chunk_t peer_ca = (st->st_peer_pubkey != NULL)
- ? st->st_peer_pubkey->issuer : empty_chunk;
+ ? st->st_peer_pubkey->issuer : chunk_empty;
DBG(DBG_CONTROL,
char buf[BUF_LEN];
}
else
{
- if (!build_and_ship_CR(CERT_X509_SIGNATURE, empty_chunk
+ if (!build_and_ship_CR(CERT_X509_SIGNATURE, chunk_empty
, &md->rbody, np))
return STF_INTERNAL_ERROR;
}
allocate_RSA_public_key(const cert_t cert)
{
pubkey_t *pk = malloc_thing(pubkey_t);
- chunk_t e = empty_chunk, n = empty_chunk;
+ chunk_t e = chunk_empty, n = chunk_empty;
switch (cert.type)
{
pk->alg = PUBKEY_ALG_RSA;
pk->id = empty_id;
- pk->issuer = empty_chunk;
- pk->serial = empty_chunk;
+ pk->issuer = chunk_empty;
+ pk->serial = chunk_empty;
return pk;
}
{
/* roadwarrior: replace him with 0.0.0.0 */
rw_id.kind = c->spd.that.id.kind;
- rw_id.name = empty_chunk;
+ rw_id.name = chunk_empty;
happy(anyaddr(addrtypeof(&c->spd.that.host_addr), &rw_id.ip_addr));
his_id = &rw_id;
}
zero(p);
p->id = empty_id; /* don't know, doesn't matter */
- p->issuer = empty_chunk;
- p->serial = empty_chunk;
+ p->issuer = chunk_empty;
+ p->serial = chunk_empty;
p->alg = PUBKEY_ALG_RSA;
memcpy(p->u.rsa.keyid, k->keyid, sizeof(p->u.rsa.keyid));
pk->dns_auth_level = dns_auth_level;
pk->alg = alg;
pk->until_time = UNDEFINED_TIME;
- pk->issuer = empty_chunk;
- pk->serial = empty_chunk;
+ pk->issuer = chunk_empty;
+ pk->serial = chunk_empty;
install_public_key(pk, head);
return NULL;
pk->id.name.len = PGP_FINGERPRINT_SIZE;
pk->dns_auth_level = dns_auth_level;
pk->until_time = until;
- delete_public_keys(&pk->id, pk->alg, empty_chunk, empty_chunk);
+ delete_public_keys(&pk->id, pk->alg, chunk_empty, chunk_empty);
install_public_key(pk, &pubkeys);
}
ia->attr_set = LEMPTY;
ia->xauth_attr_set = LEMPTY;
- ia->xauth_secret.user_name = empty_chunk;
- ia->xauth_secret.user_password = empty_chunk;
+ ia->xauth_secret.user_name = chunk_empty;
+ ia->xauth_secret.user_password = chunk_empty;
ia->xauth_type = XAUTH_TYPE_GENERIC;
ia->xauth_status = XAUTH_STATUS_FAIL;
ia->unity_attr_set = LEMPTY;
}
}
- location->nonce = empty_chunk;
+ location->nonce = chunk_empty;
location->certinfo = NULL;
return TRUE;
if (!scx_establish_context(sc) || !scx_login(sc))
{
scx_release_context(sc);
- return empty_chunk;
+ return chunk_empty;
}
siglen = scx_get_keylength(sc);
{
plog("failed to get keylength from smartcard");
scx_release_context(sc);
- return empty_chunk;
+ return chunk_empty;
}
DBG(DBG_CONTROL | DBG_CRYPT,
chunk_t digest_raw = { digest_buf, MAX_DIGEST_LEN };
if (!compute_digest(tbsRequest, OID_SHA1, &digest_raw))
- return empty_chunk;
+ return chunk_empty;
/* according to PKCS#1 v2.1 digest must be packaged into
* an ASN.1 structure for encryption
/* has the RSA signature generation been successful? */
if (sigdata.ptr == NULL)
- return empty_chunk;
+ return chunk_empty;
/* include our certificate */
certs = asn1_wrap(ASN1_CONTEXT_C_0, "m"
return asn1_wrap(ASN1_SEQUENCE, "mmm"
, (has_requestor_cert)
? build_requestor_name()
- : empty_chunk
+ : chunk_empty
, build_request_list(location)
, build_request_ext(location));
}
/* sign tbsReuqest */
signature = (has_requestor_cert)? build_signature(tbsRequest)
- : empty_chunk;
+ : chunk_empty;
unlock_certs_and_keys("build_ocsp_request");
lock_authcert_list("valid_ocsp_response");
- authcert = get_authcert(res->responder_id_name, empty_chunk
+ authcert = get_authcert(res->responder_id_name, chunk_empty
, res->responder_id_key, AUTH_OCSP | AUTH_CA);
if (authcert == NULL)
if (loc->authKeyID.ptr == NULL)
{
- location->authKeyID = empty_chunk;
+ location->authKeyID = chunk_empty;
}
else
{
if (loc->authKeySerialNumber.ptr == NULL)
{
- location->authKeySerialNumber = empty_chunk;
+ location->authKeySerialNumber = chunk_empty;
}
else
{
static bool
find_boundary(const char* tag, chunk_t *line)
{
- chunk_t name = empty_chunk;
+ chunk_t name = chunk_empty;
if (!present("-----", line))
return FALSE;
u_char *eot = memchr(src->ptr, termination, src->len);
/* initialize empty token */
- *token = empty_chunk;
+ *token = chunk_empty;
if (eot == NULL) /* termination symbol not found */
return FALSE;
chunk_t src = *blob;
chunk_t dst = *blob;
- chunk_t line = empty_chunk;
- chunk_t iv = empty_chunk;
+ chunk_t line = chunk_empty;
+ chunk_t iv = chunk_empty;
u_char iv_buf[MAX_DIGEST_LEN];
}
if (state == PEM_HEADER)
{
- chunk_t name = empty_chunk;
- chunk_t value = empty_chunk;
+ chunk_t name = chunk_empty;
+ chunk_t value = chunk_empty;
/* an empty line separates HEADER and BODY */
if (line.len == 0)
while (blob.len > 0)
{
- chunk_t packet = empty_chunk;
+ chunk_t packet = chunk_empty;
u_char packet_tag = *blob.ptr;
DBG(DBG_PARSING,
int i;
if (padding < 8 || key->k > RSA_MAX_OCTETS)
- return empty_chunk;
+ return chunk_empty;
/* add padding according to PKCS#1 7.2.1 1.+2. */
*pos++ = 0x00;
alg_id = ASN1_sha1_id;
break;
default:
- return empty_chunk;
+ return chunk_empty;
}
compute_digest(tbs, hash_alg, &digest);
int objectID = 0;
contentInfo_t cInfo = empty_contentInfo;
- chunk_t encrypted_digest = empty_chunk;
+ chunk_t encrypted_digest = chunk_empty;
if (!pkcs7_parse_contentInfo(blob, 0, &cInfo))
return FALSE;
{
asn1_ctx_t ctx;
chunk_t object;
- chunk_t iv = empty_chunk;
- chunk_t symmetric_key = empty_chunk;
- chunk_t encrypted_content = empty_chunk;
+ chunk_t iv = chunk_empty;
+ chunk_t symmetric_key = chunk_empty;
+ chunk_t encrypted_content = chunk_empty;
u_char buf[BUF_LEN];
u_int level;
int objectID = 0;
contentInfo_t cInfo = empty_contentInfo;
- *data = empty_chunk;
+ *data = chunk_empty;
if (!pkcs7_parse_contentInfo(blob, 0, &cInfo))
goto failed;
case OID_UNKNOWN:
default:
fprintf(stderr, "invalid pkcs7 contentInfo type");
- return empty_chunk;
+ return chunk_empty;
}
return (cInfo->content.ptr == NULL)
}
else
{
- encryptedDigest = (data.ptr == NULL)? empty_chunk
+ encryptedDigest = (data.ptr == NULL)? chunk_empty
: pkcs1_build_signature(data, digest_alg, key, FALSE);
- authenticatedAttributes = empty_chunk;
+ authenticatedAttributes = chunk_empty;
}
signerInfo = asn1_wrap(ASN1_SEQUENCE, "cmcmcm"
, encryptedDigest);
pkcs7Data.type = OID_PKCS7_DATA;
- pkcs7Data.content = (data.ptr == NULL)? empty_chunk
+ pkcs7Data.content = (data.ptr == NULL)? chunk_empty
: asn1_simple_object(ASN1_OCTET_STRING, data);
signedData.type = OID_PKCS7_SIGNED_DATA;
{
if (!msg->whack_addkey)
delete_public_keys(&keyid, msg->pubkey_alg
- , empty_chunk, empty_chunk);
+ , chunk_empty, chunk_empty);
if (msg->keyval.len == 0)
{
}
/* wrong pin - we try another round */
- sc->pin = empty_chunk;
+ sc->pin = chunk_empty;
}
if (sc->valid)
/* clear pin field in memory */
memset(pin->ptr, '\0', pin->len);
free(pin->ptr);
- *pin = empty_chunk;
+ *pin = chunk_empty;
}
}
static err_t
init_rdn(chunk_t dn, chunk_t *rdn, chunk_t *attribute, bool *next)
{
- *rdn = empty_chunk;
- *attribute = empty_chunk;
+ *rdn = chunk_empty;
+ *attribute = chunk_empty;
/* a DN is a SEQUENCE OF RDNs */
chunk_t body;
/* initialize return values */
- *oid = empty_chunk;
- *value = empty_chunk;
+ *oid = chunk_empty;
+ *value = chunk_empty;
/* if all attributes have been parsed, get next rdn */
if (attribute->len <= 0)
chunk_t asn1_rdn_seq_len = { rdn_seq_len_buf, 0 };
chunk_t asn1_rdn_set_len = { rdn_set_len_buf, 0 };
chunk_t asn1_dn_seq_len = { dn_seq_len_buf, 0 };
- chunk_t oid = empty_chunk;
- chunk_t name = empty_chunk;
+ chunk_t oid = chunk_empty;
+ chunk_t name = chunk_empty;
int whitespace = 0;
int rdn_seq_len = 0;
code_asn1_length(x501rdns[pos].oid.len, &asn1_oid_len);
/* reset oid and change state */
- oid = empty_chunk;
+ oid = chunk_empty;
state = SEARCH_NAME;
}
break;
dn_seq_len += 1 + asn1_rdn_set_len.len + rdn_set_len;
/* reset name and change state */
- name = empty_chunk;
+ name = chunk_empty;
state = SEARCH_OID;
}
break;
/* version is always X.509v3 */
chunk_t version = asn1_simple_object(ASN1_CONTEXT_C_0, ASN1_INTEGER_2);
- chunk_t extensions = empty_chunk;
+ chunk_t extensions = chunk_empty;
if (cert->subjectAltName != NULL)
{
break;
default:
id->kind = ID_NONE;
- id->name = empty_chunk;
+ id->name = chunk_empty;
}
}
*/
chunk_t get_directoryName(chunk_t blob, int level, bool implicit)
{
- chunk_t name = empty_chunk;
+ chunk_t name = chunk_empty;
generalName_t * gn = parse_generalNames(blob, level, implicit);
if (gn != NULL && gn->kind == GN_DIRECTORY_NAME)
build_req_info_attributes(pkcs10_t* pkcs10)
{
- chunk_t subjectAltNames = empty_chunk;
- chunk_t challengePassword = empty_chunk;
+ chunk_t subjectAltNames = chunk_empty;
+ chunk_t challengePassword = chunk_empty;
if (pkcs10->subjectAltNames != NULL)
{
*
* @param[in] key rsakey of type #rsakey_t
* @param[in] subject DER-coded subject distinguished name
- * @param[in] challengePassword challenge password or empty_chunk
+ * @param[in] challengePassword challenge password or chunk_empty
* @param[in] subjectAltNames linked list of subjectAltNames or NULL
* @return pointer to a #pkcs10_t object
*/
CURLcode res;
/* initialize response */
- *response = empty_chunk;
+ *response = chunk_empty;
/* initialize curl context */
curl = curl_easy_init();
err_t ugh = NULL;
/* initialize global variables */
- pkcs1 = empty_chunk;
- pkcs7 = empty_chunk;
- serialNumber = empty_chunk;
- transID = empty_chunk;
- fingerprint = empty_chunk;
- issuerAndSubject = empty_chunk;
- challengePassword = empty_chunk;
- getCertInitial = empty_chunk;
- scep_response = empty_chunk;
+ pkcs1 = chunk_empty;
+ pkcs7 = chunk_empty;
+ serialNumber = chunk_empty;
+ transID = chunk_empty;
+ fingerprint = chunk_empty;
+ issuerAndSubject = chunk_empty;
+ challengePassword = chunk_empty;
+ getCertInitial = chunk_empty;
+ scep_response = chunk_empty;
log_to_stderr = TRUE;
for (;;)
else
{
char buf[IDTOA_BUF];
- chunk_t dn = empty_chunk;
+ chunk_t dn = chunk_empty;
dn.ptr = buf;
time_t poll_start;
x509cert_t *certs = NULL;
- chunk_t envelopedData = empty_chunk;
- chunk_t certData = empty_chunk;
+ chunk_t envelopedData = chunk_empty;
+ chunk_t certData = chunk_empty;
contentInfo_t data = empty_contentInfo;
scep_attributes_t attrs = empty_scep_attributes;