other_hash = hash_payload->get_hash(hash_payload);
DBG3(DBG_ENC, "HASH received %B\nHASH expected %B",
&other_hash, &hash);
- if (!chunk_equals(hash, other_hash))
+ if (!chunk_equals_const(hash, other_hash))
{
DBG1(DBG_ENC, "received HASH payload does not match");
chunk_free(&hash);
{
return FALSE;
}
- if (chunk_equals(reference, cookie))
+ if (chunk_equals_const(reference, cookie))
{
chunk_free(&reference);
return TRUE;
enumerator->destroy(enumerator);
/* compare received RES against stored XRES */
- if (!chunk_equals(res, this->xres))
+ if (!chunk_equals_const(res, this->xres))
{
DBG1(DBG_IKE, "received RES does not match XRES");
return FAILED;
this->crypto->clear_keys(this->crypto);
return challenge(this, out);
}
- if (!chunk_equals(counter, this->counter))
+ if (!chunk_equals_const(counter, this->counter))
{
DBG1(DBG_IKE, "received counter does not match");
return FAILED;
return &this->public;
}
-
goto error;
}
- if (!chunk_equals(this->auth_response, auth_string))
+ if (!chunk_equals_const(this->auth_response, auth_string))
{
DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed");
goto error;
this->crypto->clear_keys(this->crypto);
return initiate(this, out);
}
- if (!chunk_equals(counter, this->counter))
+ if (!chunk_equals_const(counter, this->counter))
{
DBG1(DBG_IKE, "received counter does not match");
return FAILED;
return &this->public;
}
-
SHARED_EAP, this->server, this->peer);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
- if (chunk_equals(shared->get_key(shared), pass))
+ if (chunk_equals_const(shared->get_key(shared), pass))
{
status = SUCCESS;
break;
return FAILED;
}
free(dh.ptr);
- if (chunk_equals(hash, hash_payload->get_hash(hash_payload)))
+ if (chunk_equals_const(hash, hash_payload->get_hash(hash_payload)))
{
free(hash.ptr);
if (!this->hybrid)
return FALSE;
}
recv_auth_data = auth_payload->get_data(auth_payload);
- if (!auth_data.len || !chunk_equals(auth_data, recv_auth_data))
+ if (!auth_data.len || !chunk_equals_const(auth_data, recv_auth_data))
{
DBG1(DBG_IKE, "verification of AUTH payload with%s EAP MSK failed",
this->msk.ptr ? "" : "out");
{
continue;
}
- if (auth_data.len && chunk_equals(auth_data, recv_auth_data))
+ if (auth_data.len && chunk_equals_const(auth_data, recv_auth_data))
{
DBG1(DBG_IKE, "authentication of '%Y' with %N successful",
other_id, auth_method_names, AUTH_PSK);
cookie2 = this->cookie2;
this->cookie2 = chunk_empty;
process_payloads(this, message);
- if (!chunk_equals(cookie2, this->cookie2))
+ if (!chunk_equals_const(cookie2, this->cookie2))
{
chunk_free(&cookie2);
DBG1(DBG_IKE, "COOKIE2 mismatch, closing IKE_SA");
DBG1(DBG_IMV, "verifying AIK with keyid %#B", &keyid);
keyid_hex = chunk_to_hex(keyid, NULL, FALSE);
if (session->get_device_id(session, &device_id) &&
- chunk_equals(keyid_hex, device_id))
+ chunk_equals_const(keyid_hex, device_id))
{
trusted = session->get_device_trust(session);
}
/* check hashes from database against measurements */
e = pts_db->create_file_hash_enumerator(pts_db,
- pts->get_platform_id(pts),
+ pts->get_platform_id(pts),
algo, is_dir, arg_int);
if (!e)
{
return FALSE;
}
- if (!chunk_equals(pcr_comp, pcr_composite))
+ if (!chunk_equals_const(pcr_comp, pcr_composite))
{
DBG1(DBG_IMV, "received PCR Composite does not match "
"constructed one");
}
return TRUE;
}
-
}
if (pcr_ok)
{
- success = chunk_equals(boot_aggregate, measurement);
+ success = chunk_equals_const(boot_aggregate, measurement);
DBG1(DBG_PTS, "boot aggregate value is %scorrect",
success ? "":"in");
return success;
status = FAILED;
break;
}
- if (chunk_equals(measurement, hash))
+ if (chunk_equals_const(measurement, hash))
{
status = SUCCESS;
break;
has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
if (has_pcr_info)
{
- if (!chunk_equals(pcr_before, pcrs->get(pcrs, pcr)))
+ if (!chunk_equals_const(pcr_before, pcrs->get(pcrs, pcr)))
{
DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to register value",
pcr);
DESTROY_IF(this->bios_list);
DESTROY_IF(this->ima_list);
this->name->destroy(this->name);
-
+
free(this);
}
}
return &this->public;
}
-
has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
if (has_pcr_info)
{
- if (!chunk_equals(pcr_before, pcrs->get(pcrs, extended_pcr)))
+ if (!chunk_equals_const(pcr_before, pcrs->get(pcrs, extended_pcr)))
{
DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to register value",
extended_pcr);
return &this->public;
}
-
has_pcr_info = evidence->get_pcr_info(evidence, &pcr_before, &pcr_after);
if (has_pcr_info)
{
- if (!chunk_equals(pcr_before, pcrs->get(pcrs, extended_pcr)))
+ if (!chunk_equals_const(pcr_before, pcrs->get(pcrs, extended_pcr)))
{
DBG1(DBG_PTS, "PCR %2u: pcr_before is not equal to pcr value");
}
}
if (e->enumerate(e, &hash_id, &hash_value))
{
- if (!chunk_equals(measurement, hash_value))
+ if (!chunk_equals_const(measurement, hash_value))
{
/* update hash measurement value */
if (this->db->execute(this->db, &hash_id,
while (e->enumerate(e, &hash))
{
- if (chunk_equals(hash, measurement))
+ if (chunk_equals_const(hash, measurement))
{
status = SUCCESS;
break;
{
while (e->enumerate(e, &hash))
{
- if (chunk_equals(entry->measurement, hash))
+ if (chunk_equals_const(entry->measurement, hash))
{
status = SUCCESS;
break;
}
}
- /* no PTS measurement returned for this filename */
+ /* no PTS measurement returned for this filename */
if (!found)
{
success = FALSE;
if (found && !match)
{
- if (chunk_equals(measurement, entry->measurement))
+ if (chunk_equals_const(measurement, entry->measurement))
{
match = TRUE;
DBG2(DBG_PTS, " %#B for '%s' is ok",
&entry->measurement, entry->filename);
enumerator->destroy(enumerator);
}
-
+
return success;
}
DBG1(DBG_CFG, "no shared secret found for '%Y'", this->client);
return FAILED;
}
- if (!chunk_equals(shared->get_key(shared), password))
+ if (!chunk_equals_const(shared->get_key(shared), password))
{
DBG1(DBG_CFG, "shared secret for '%Y' does not match", this->client);
shared->destroy(shared);
}
hasher->destroy(hasher);
- if (!chunk_equals(digest, hash))
+ if (!chunk_equals_const(digest, hash))
{
free(hash.ptr);
DBG1(DBG_LIB, "invalid messageDigest");
RSA_PKCS1_PADDING);
if (len != -1)
{
- valid = chunk_equals(data, chunk_create(buf, len));
+ valid = chunk_equals_const(data, chunk_create(buf, len));
}
free(buf);
}
{
break;
}
- if (chunk_equals(mac, calculated))
+ if (chunk_equals_const(mac, calculated))
{
success = TRUE;
break;
hasher->destroy(hasher);
DBG3(DBG_LIB, "hash: %B", &hash);
- valid = chunk_equals(chunk, hash);
+ valid = chunk_equals_const(chunk, hash);
free(hash.ptr);
if (!valid)
{
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
- if (!chunk_equals(received, chunk_from_thing(buf)))
+ if (!chunk_equals_const(received, chunk_from_thing(buf)))
{
DBG1(DBG_TLS, "received server finished invalid");
this->alert->add(this->alert, TLS_FATAL, TLS_DECRYPT_ERROR);
this->alert->add(this->alert, TLS_FATAL, TLS_INTERNAL_ERROR);
return NEED_MORE;
}
- if (!chunk_equals(received, chunk_from_thing(buf)))
+ if (!chunk_equals_const(received, chunk_from_thing(buf)))
{
DBG1(DBG_TLS, "received client finished invalid");
this->alert->add(this->alert, TLS_FATAL, TLS_DECRYPT_ERROR);
projects / strongswan.git / commitdiff