ported most of the libstrongswan chunk_t macros to pluto
authorAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 17 Apr 2009 16:11:33 +0000 (16:11 -0000)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Fri, 17 Apr 2009 16:11:33 +0000 (16:11 -0000)
27 files changed:
src/libstrongswan/chunk.h
src/pluto/ac.c
src/pluto/asn1.c
src/pluto/ca.c
src/pluto/connections.c
src/pluto/defs.c
src/pluto/defs.h
src/pluto/demux.c
src/pluto/dnskey.c
src/pluto/fetch.c
src/pluto/id.c
src/pluto/ipsec_doi.c
src/pluto/kernel.c
src/pluto/keys.c
src/pluto/modecfg.c
src/pluto/nat_traversal.c
src/pluto/ocsp.c
src/pluto/pem.c
src/pluto/pkcs1.c
src/pluto/pkcs7.c
src/pluto/smartcard.c
src/pluto/state.c
src/pluto/x509.c
src/scepclient/pkcs10.c
src/scepclient/rsakey.c
src/scepclient/scep.c
src/scepclient/scepclient.c

index b405f58..0d1348c 100644 (file)
@@ -181,12 +181,12 @@ static inline void chunk_clear(chunk_t *chunk)
 /**
  * Clone a chunk on heap
  */
-#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc(chunk.len) : NULL, chunk)
+#define chunk_clone(chunk) chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk)
 
 /**
  * Clone a chunk on stack
  */
-#define chunk_clonea(chunk) chunk_create_clone(alloca(chunk.len), chunk)
+#define chunk_clonea(chunk) chunk_create_clone(alloca((chunk).len), chunk)
 
 /**
  * Concatenate chunks into a chunk on heap
index eb99fc7..fadfa9e 100644 (file)
@@ -258,7 +258,7 @@ add_ietfAttr(ietfAttr_t *attr)
        ietfAttrList_t *el = malloc_thing(ietfAttrList_t);
 
        /* new attribute, unshare value */
-       attr->value.ptr = clone_bytes(attr->value.ptr, attr->value.len);
+       attr->value = chunk_clone(attr->value);
        attr->count = 1;
        time(&attr->installed);
 
index bb4ca8b..d00a24d 100644 (file)
@@ -33,9 +33,9 @@ static u_char ASN1_INTEGER_0_str[] = { 0x02, 0x00 };
 static u_char ASN1_INTEGER_1_str[] = { 0x02, 0x01, 0x01 };
 static u_char ASN1_INTEGER_2_str[] = { 0x02, 0x01, 0x02 };
 
-const chunk_t ASN1_INTEGER_0 = strchunk(ASN1_INTEGER_0_str);
-const chunk_t ASN1_INTEGER_1 = strchunk(ASN1_INTEGER_1_str);
-const chunk_t ASN1_INTEGER_2 = strchunk(ASN1_INTEGER_2_str);
+const chunk_t ASN1_INTEGER_0 = chunk_from_buf(ASN1_INTEGER_0_str);
+const chunk_t ASN1_INTEGER_1 = chunk_from_buf(ASN1_INTEGER_1_str);
+const chunk_t ASN1_INTEGER_2 = chunk_from_buf(ASN1_INTEGER_2_str);
 
 /* some popular algorithmIdentifiers */
 
@@ -69,11 +69,11 @@ static u_char ASN1_rsaEncryption_id_str[] = {
          0x05, 0x00
 };
 
-const chunk_t ASN1_md5_id = strchunk(ASN1_md5_id_str);
-const chunk_t ASN1_sha1_id = strchunk(ASN1_sha1_id_str);
-const chunk_t ASN1_rsaEncryption_id = strchunk(ASN1_rsaEncryption_id_str);
-const chunk_t ASN1_md5WithRSA_id = strchunk(ASN1_md5WithRSA_id_str);
-const chunk_t ASN1_sha1WithRSA_id = strchunk(ASN1_sha1WithRSA_id_str);
+const chunk_t ASN1_md5_id = chunk_from_buf(ASN1_md5_id_str);
+const chunk_t ASN1_sha1_id = chunk_from_buf(ASN1_sha1_id_str);
+const chunk_t ASN1_rsaEncryption_id = chunk_from_buf(ASN1_rsaEncryption_id_str);
+const chunk_t ASN1_md5WithRSA_id = chunk_from_buf(ASN1_md5WithRSA_id_str);
+const chunk_t ASN1_sha1WithRSA_id = chunk_from_buf(ASN1_sha1WithRSA_id_str);
 
 /* ASN.1 definition of an algorithmIdentifier */
 
index 85f31c0..0c07082 100644 (file)
@@ -452,11 +452,9 @@ free_ca_info(ca_info_t* ca_info)
     free(ca_info->ldaphost);
     free(ca_info->ldapbase);
     free(ca_info->ocspuri);
-
-    freeanychunk(ca_info->authName);
-    freeanychunk(ca_info->authKeyID);
-    freeanychunk(ca_info->authKeySerialNumber);
-
+    free(ca_info->authName.ptr);
+    free(ca_info->authKeyID.ptr);
+    free(ca_info->authKeySerialNumber.ptr);
     free_generalNames(ca_info->crluri, TRUE);
     free(ca_info);
 }
@@ -564,21 +562,19 @@ add_ca_info(const whack_message_t *msg)
        ca->name = clone_str(msg->name);
            
        /* authName */
-       clonetochunk(ca->authName, cacert->subject.ptr, cacert->subject.len);
+       ca->authName = chunk_clone(cacert->subject);
        dntoa(buf, BUF_LEN, ca->authName);
        DBG(DBG_CONTROL,
            DBG_log("authname: '%s'", buf)
        )
 
        /* authSerialNumber */
-       clonetochunk(ca->authKeySerialNumber, cacert->serialNumber.ptr,
-               cacert->serialNumber.len);
+       ca->authKeySerialNumber = chunk_clone(cacert->serialNumber);
 
        /* authKeyID */
        if (cacert->subjectKeyID.ptr != NULL)
        {
-           clonetochunk(ca->authKeyID, cacert->subjectKeyID.ptr,
-               cacert->subjectKeyID.len);
+           ca->authKeyID = chunk_clone(cacert->subjectKeyID);
            datatot(cacert->subjectKeyID.ptr, cacert->subjectKeyID.len, ':'
                , buf, BUF_LEN);
            DBG(DBG_CONTROL | DBG_PARSING ,
index cac45d1..b51515d 100644 (file)
@@ -338,11 +338,11 @@ delete_connection(struct connection *c, bool relations)
     free(c->name);
     free_id_content(&c->spd.this.id);
     free(c->spd.this.updown);
-    freeanychunk(c->spd.this.ca);
+    free(c->spd.this.ca.ptr);
     free_ietfAttrList(c->spd.this.groups);
     free_id_content(&c->spd.that.id);
     free(c->spd.that.updown);
-    freeanychunk(c->spd.that.ca);
+    free(c->spd.that.ca.ptr);
     free_ietfAttrList(c->spd.that.groups);
     free_generalNames(c->requested_ca, TRUE);
     gw_delref(&c->gw_info);
@@ -688,17 +688,13 @@ unshare_connection_strings(struct connection *c)
     c->spd.this.updown = clone_str(c->spd.this.updown);
     scx_share(c->spd.this.sc);
     share_cert(c->spd.this.cert);
-    if (c->spd.this.ca.ptr != NULL)
-       clonetochunk(c->spd.this.ca, c->spd.this.ca.ptr, c->spd.this.ca.len);
+    c->spd.this.ca = chunk_clone(c->spd.this.ca);
 
     unshare_id_content(&c->spd.that.id);
     c->spd.that.updown = clone_str(c->spd.that.updown);
     scx_share(c->spd.that.sc);
     share_cert(c->spd.that.cert);
-    if (c->spd.that.ca.ptr != NULL)
-    {
-       clonetochunk(c->spd.that.ca, c->spd.that.ca.ptr, c->spd.that.ca.len);
-    }
+    c->spd.that.ca = chunk_clone(c->spd.that.ca);
 
     /* increment references to algo's */
     alg_info_addref((struct alg_info *)c->alg_info_esp);
index e2f65e8..c6dde5a 100644 (file)
 #include "log.h"
 #include "whack.h"     /* for RC_LOG_SERIOUS */
 
+/**
+ * Empty chunk.
+ */
 const chunk_t chunk_empty = { NULL, 0 };
 
+/**
+ * Create a clone of a chunk pointing to "ptr"
+ */
+chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk)
+{
+    chunk_t clone = chunk_empty;
+       
+    if (chunk.ptr && chunk.len > 0)
+    {
+       clone.ptr = ptr;
+       clone.len = chunk.len;
+       memcpy(clone.ptr, chunk.ptr, chunk.len);
+    }
+    return clone;
+}
+
 bool
 all_zero(const unsigned char *m, size_t len)
 {
@@ -86,17 +105,17 @@ concatenate_paths(const char *a, const char *b)
 /*  compare two chunks, returns zero if a equals b
  *  negative/positive if a is earlier/later in the alphabet than b
  */
-int
-cmp_chunk(chunk_t a, chunk_t b)
+int chunk_compare(chunk_t a, chunk_t b)
 {
-    int cmp_len, len, cmp_value;
-    
-    cmp_len = a.len - b.len;
-    len = (cmp_len < 0)? a.len : b.len;
-    cmp_value = memcmp(a.ptr, b.ptr, len);
+    int compare_len = a.len - b.len;
+    int len = (compare_len < 0)? a.len : b.len;
 
-    return (cmp_value == 0)? cmp_len : cmp_value;
-};
+    if (compare_len != 0 || len == 0)
+    {
+       return compare_len;
+    }
+    return memcmp(a.ptr, b.ptr, len);
+}
 
 /* moves a chunk to a memory position, chunk is freed afterwards
  * position pointer is advanced after the insertion point
@@ -107,7 +126,7 @@ mv_chunk(u_char **pos, chunk_t content)
     if (content.len > 0)
     {
        chunkcpy(*pos, content);
-       freeanychunk(content);
+       free(content.ptr);
     }
 }
 
index 4ce2bf7..145634e 100644 (file)
@@ -49,7 +49,8 @@ extern void *clone_bytes(const void *orig, size_t size);
 #define clone_str(str) \
     ((str) == NULL? NULL : strdup(str))
 
-#define replace(p, q) { free(p); (p) = (q); }
+#define replace(p, q) \
+    { free(p); (p) = (q); }
 
 
 /* chunk is a simple pointer-and-size abstraction */
@@ -60,32 +61,50 @@ struct chunk {
     };
 typedef struct chunk chunk_t;
 
-#define setchunk(ch, addr, size) { (ch).ptr = (addr); (ch).len = (size); }
+extern const chunk_t chunk_empty;
+
+static inline chunk_t chunk_create(u_char *ptr, size_t len)
+{
+    chunk_t chunk = {ptr, len};
+    return chunk;
+}
+
+static inline void chunk_free(chunk_t *chunk)
+{
+    free(chunk->ptr);
+    *chunk = chunk_empty;
+}
+
+static inline void chunk_clear(chunk_t *chunk)
+{
+    if (chunk->ptr)
+    {
+       memset(chunk->ptr, 0, chunk->len);
+       chunk_free(chunk);
+    }
+}
 
-#define strchunk(str) { str, sizeof(str) }
+static inline bool chunk_equals(chunk_t a, chunk_t b)
+{
+    return a.ptr != NULL  && b.ptr != NULL &&
+          a.len == b.len && memeq(a.ptr, b.ptr, a.len);
+}
 
-/* NOTE: freeanychunk NULLs .ptr */
-#define freeanychunk(ch) { free((ch).ptr); (ch).ptr = NULL; }
+extern chunk_t chunk_create_clone(u_char *ptr, chunk_t chunk);
 
-#define clonetochunk(ch, addr, size) \
-    { (ch).ptr = clone_bytes((addr), (ch).len = (size)); }
+#define chunk_clone(chunk) \
+    chunk_create_clone((chunk).len ? malloc((chunk).len) : NULL, chunk)
 
-#define clonereplacechunk(ch, addr, size) \
-    { free((ch).ptr); clonetochunk(ch, addr, size); }
+#define chunk_from_buf(str) { str, sizeof(str) }
 
 #define chunkcpy(dst, chunk) \
     { memcpy(dst, chunk.ptr, chunk.len); dst += chunk.len;}
 
-#define same_chunk(a, b) \
-    ( (a).len == (b).len && memcmp((a).ptr, (b).ptr, (b).len) == 0 )
-
 extern char* temporary_cyclic_buffer(void);
 extern const char* concatenate_paths(const char *a, const char *b);
 
-extern const chunk_t chunk_empty;
-
 /* compare two chunks */
-extern int cmp_chunk(chunk_t a, chunk_t b);
+extern int chunk_compare(chunk_t a, chunk_t b);
 
 /* move a chunk to a memory position and free it after insertion */
 extern void mv_chunk(u_char **pos, chunk_t content);
index 7e2afac..c943a11 100644 (file)
@@ -990,7 +990,7 @@ malloc_md(void)
 void
 release_md(struct msg_digest *md)
 {
-    freeanychunk(md->raw_packet);
+    chunk_free(&md->raw_packet);
     free(md->packet_pbs.start);
     md->packet_pbs.start = NULL;
     md->next = md_pool;
@@ -1793,7 +1793,8 @@ process_packet(struct msg_digest **mdp)
            /* XXX Detect weak keys */
 
            /* grab a copy of raw packet (for duplicate packet detection) */
-           clonetochunk(md->raw_packet, md->packet_pbs.start, pbs_room(&md->packet_pbs));
+           md->raw_packet = chunk_create(md->packet_pbs.start, pbs_room(&md->packet_pbs));
+           md->raw_packet = chunk_clone(md->raw_packet);
 
            /* Decrypt everything after header */
            if (!new_iv_set)
@@ -2137,20 +2138,21 @@ complete_state_transition(struct msg_digest **mdp, stf_status result)
            }
            else
            {
-               clonetochunk(st->st_rpacket
-                   , md->packet_pbs.start
-                   , pbs_room(&md->packet_pbs));
+               st->st_rpacket = chunk_create(md->packet_pbs.start,
+                                             pbs_room(&md->packet_pbs));
+               st->st_rpacket = chunk_clone(st->st_rpacket);
            }
 
            /* free previous transmit packet */
-           freeanychunk(st->st_tpacket);
+           chunk_free(&st->st_tpacket);
 
            /* if requested, send the new reply packet */
            if (smc->flags & SMF_REPLY)
            {
                close_output_pbs(&md->reply);   /* good form, but actually a no-op */
 
-               clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
+               st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
+               st->st_tpacket = chunk_clone(st->st_tpacket);
 
                if (nat_traversal_enabled)
                    nat_traversal_change_port_lookup(md, md->st);
index d263273..18e36ab 100644 (file)
@@ -927,9 +927,8 @@ process_key_rr(u_char *ptr, size_t len
 
        if (doit)
        {
-           chunk_t k;
+           chunk_t k = { pbs.cur, pbs_left(&pbs) };
 
-           setchunk(k, pbs.cur, pbs_left(&pbs));
            TRY(add_public_key(&cr->id, dns_auth_level, PUBKEY_ALG_RSA, &k
                , &cr->keys_from_dns));
        }
index c5aa9b4..64e67c0 100644 (file)
@@ -341,7 +341,6 @@ fetch_curl(char *url, chunk_t *blob)
            plog("fetching uri (%s) with libcurl failed: %s", url, errorbuffer);
        }
        curl_easy_cleanup(curl);
-       /* not using freeanychunk because of realloc (no leak detective) */
        curl_free(response.ptr);
     }
     return strlen(errorbuffer) > 0 ? "libcurl error" : NULL;
@@ -628,9 +627,8 @@ fetch_crls(bool cache_crls)
            }
            else
            {
-               chunk_t crl_uri;
+               chunk_t crl_uri = chunk_clone(gn->name);
 
-               clonetochunk(crl_uri, gn->name.ptr, gn->name.len);
                if (insert_crl(blob, crl_uri, cache_crls))
                {
                    DBG(DBG_CONTROL,
@@ -730,11 +728,10 @@ fetch_ocsp_status(ocsp_location_t* location)
        curl_slist_free_all(headers);
        curl_easy_cleanup(curl);
        free(uri);
-       /* not using freeanychunk because of realloc (no leak detective) */
        curl_free(response.ptr);
     }
-    freeanychunk(location->nonce);
-    freeanychunk(request);
+    free(request.ptr);
+    chunk_free(&location->nonce);
 
     /* increment the trial counter of the unresolved fetch requests */
     {
@@ -918,7 +915,7 @@ add_distribution_points(const generalName_t *newPoints ,generalName_t **distribu
            {
                /* clone additional distribution point */
                gn = clone_thing(*newPoints);
-               clonetochunk(gn->name, newPoints->name.ptr, newPoints->name.len);
+               gn->name = chunk_clone(newPoints->name);
 
                /* insert additional CRL distribution point */
                gn->next = *distributionPoints;
@@ -940,17 +937,10 @@ build_crl_fetch_request(chunk_t issuer, chunk_t authKeySerialNumber
     req->installed = time(NULL);
 
     /* clone fields */
-    clonetochunk(req->issuer, issuer.ptr, issuer.len);
-    if (authKeySerialNumber.ptr != NULL)
-    {
-       clonetochunk(req->authKeySerialNumber, authKeySerialNumber.ptr
-           , authKeySerialNumber.len);
-    }
-    if (authKeyID.ptr != NULL)
-    {
-       clonetochunk(req->authKeyID, authKeyID.ptr, authKeyID.len);
-    }
-
+    req->issuer = chunk_clone(issuer);
+    req->authKeySerialNumber =  chunk_clone(authKeySerialNumber);
+    req->authKeyID = chunk_clone(authKeyID);
     /* copy distribution points */
     add_distribution_points(gn, &req->distributionPoints);
 
index d299f37..dfffefc 100644 (file)
@@ -145,7 +145,9 @@ set_myFQDN(void)
 
        if (!strcaseeq(FQDN, "localhost.localdomain"))
        {
-           clonetochunk(myids[MYID_HOSTNAME].name, FQDN, strlen(FQDN));
+           chunk_t myid_name = { FQDN, strlen(FQDN) };
+
+           myids[MYID_HOSTNAME].name = chunk_clone(myid_name);
            myids[MYID_HOSTNAME].kind = ID_FQDN;
            calc_myid_str(MYID_HOSTNAME);
        }
@@ -365,7 +367,7 @@ unshare_id_content(struct id *id)
     case ID_USER_FQDN:
     case ID_DER_ASN1_DN:
     case ID_KEY_ID:
-       id->name.ptr = clone_bytes(id->name.ptr, id->name.len);
+       id->name = chunk_clone(id->name);
        break;
     case ID_MYID:
     case ID_NONE:
@@ -386,7 +388,7 @@ free_id_content(struct id *id)
     case ID_USER_FQDN:
     case ID_DER_ASN1_DN:
     case ID_KEY_ID:
-       freeanychunk(id->name);
+       free(id->name.ptr);
        break;
     case ID_MYID:
     case ID_NONE:
index f7ba9f2..c392f19 100644 (file)
@@ -136,7 +136,7 @@ compute_dh_shared(struct state *st, const chunk_t g
     mpz_init(&mp_shared);
     mpz_powm(&mp_shared, &mp_g, &st->st_sec, group->modulus);
     mpz_clear(&mp_g);
-    freeanychunk(st->st_shared);       /* happens in odd error cases */
+    free(st->st_shared.ptr);   /* happens in odd error cases */
     st->st_shared = mpz_to_n(&mp_shared, group->bytes);
     mpz_clear(&mp_shared);
     gettimeofday(&tv1, NULL);
@@ -175,7 +175,7 @@ build_and_ship_KE(struct state *st, chunk_t *g
 
        mpz_init(&mp_g);
        mpz_powm(&mp_g, &groupgenerator, &st->st_sec, group->modulus);
-       freeanychunk(*g);       /* happens in odd error cases */
+       free(g->ptr);   /* happens in odd error cases */
        *g = mpz_to_n(&mp_g, group->bytes);
        mpz_clear(&mp_g);
        DBG(DBG_CRYPT,
@@ -206,7 +206,9 @@ accept_KE(chunk_t *dest, const char *val_name
        /* XXX Could send notification back */
        return INVALID_KEY_INFORMATION;
     }
-    clonereplacechunk(*dest, pbs->cur, pbs_left(pbs));
+    free(dest->ptr);
+    *dest = chunk_create(pbs->cur, pbs_left(pbs));
+    *dest = chunk_clone(*dest);
     DBG_cond_dump_chunk(DBG_CRYPT, "DH public value received:\n", *dest);
     return NOTHING_WRONG;
 }
@@ -253,8 +255,8 @@ static bool
 build_and_ship_nonce(chunk_t *n, pb_stream *outs, u_int8_t np
 , const char *name)
 {
-    freeanychunk(*n);
-    setchunk(*n, malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE);
+    free(n->ptr);
+    *n = chunk_create(malloc(DEFAULT_NONCE_SIZE), DEFAULT_NONCE_SIZE);
     get_rnd_bytes(n->ptr, DEFAULT_NONCE_SIZE);
     return out_generic_chunk(np, &isakmp_nonce_desc, outs, *n, name);
 }
@@ -445,7 +447,7 @@ send_notification(struct state *sndst, u_int16_t type, struct state *encst,
     {
        chunk_t saved_tpacket = sndst->st_tpacket;
 
-       setchunk(sndst->st_tpacket, pbs.start, pbs_offset(&pbs));
+       sndst->st_tpacket = chunk_create(pbs.start, pbs_offset(&pbs));
        send_packet(sndst, "ISAKMP notify");
        sndst->st_tpacket = saved_tpacket;
     }
@@ -677,7 +679,7 @@ send_delete(struct state *st)
        if (!encrypt_message(&r_hdr_pbs, p1st))
            impossible();
 
-       setchunk(p1st->st_tpacket, reply_pbs.start, pbs_offset(&reply_pbs));
+       p1st->st_tpacket = chunk_create(reply_pbs.start, pbs_offset(&reply_pbs));
        send_packet(p1st, "delete notify");
        p1st->st_tpacket = saved_tpacket;
 
@@ -962,7 +964,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
 
        /* save initiator SA for later HASH */
        passert(st->st_p1isa.ptr == NULL);      /* no leak!  (MUST be first time) */
-       clonetochunk(st->st_p1isa, sa_start, rbody.cur - sa_start);
+       st->st_p1isa = chunk_create(sa_start, rbody.cur - sa_start);
+       st->st_p1isa = chunk_clone(st->st_p1isa);
     }
 
     /* if enabled send Pluto Vendor ID */
@@ -1033,7 +1036,8 @@ main_outI1(int whack_sock, struct connection *c, struct state *predecessor
 
     close_message(&rbody);
     close_output_pbs(&reply);
-    clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply));
+    st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
+    st->st_tpacket = chunk_clone(st->st_tpacket);
 
     /* Transmit */
 
@@ -1316,7 +1320,9 @@ generate_skeyids_iv(struct state *st)
            }
            k = keytemp;
        }
-       clonereplacechunk(st->st_enc_key, k, keysize);
+       free(st->st_enc_key.ptr);
+       st->st_enc_key = chunk_create(k, keysize);
+       st->st_enc_key = chunk_clone(st->st_enc_key);
     }
 
     DBG(DBG_CRYPT,
@@ -1846,7 +1852,9 @@ accept_nonce(struct msg_digest *md, chunk_t *dest, const char *name)
            , name , MINIMUM_NONCE_SIZE, MAXIMUM_NONCE_SIZE);
        return PAYLOAD_MALFORMED;       /* ??? */
     }
-    clonereplacechunk(*dest, nonce_pbs->cur, len);
+    free(dest->ptr);
+    *dest = chunk_create(nonce_pbs->cur, len);
+    *dest = chunk_clone(*dest);
     return NOTHING_WRONG;
 }
 
@@ -2203,7 +2211,8 @@ quick_outI1(int whack_sock
     }
 
     /* save packet, now that we know its size */
-    clonetochunk(st->st_tpacket, reply.start, pbs_offset(&reply));
+    st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
+    st->st_tpacket = chunk_clone(st->st_tpacket);
 
     /* send the packet */
 
@@ -2311,7 +2320,7 @@ decode_cr(struct msg_digest *md, struct connection *c)
                    continue;
 
                gn = malloc_thing(generalName_t);
-               clonetochunk(ca_name, ca_name.ptr,ca_name.len);
+               ca_name = chunk_clone(ca_name);
                gn->kind = GN_DIRECTORY_NAME;
                gn->name = ca_name;
                gn->next = c->requested_ca;
@@ -2409,17 +2418,17 @@ decode_peer_id(struct msg_digest *md, struct id *peer)
 
        /* ??? ought to do some more sanity check, but what? */
 
-       setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
+       peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
        break;
 
     case ID_KEY_ID:
-       setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
+       peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
        DBG(DBG_PARSING,
            DBG_dump_chunk("KEY ID:", peer->name));
        break;
 
     case ID_DER_ASN1_DN:
-       setchunk(peer->name, id_pbs->cur, pbs_left(id_pbs));
+       peer->name = chunk_create(id_pbs->cur, pbs_left(id_pbs));
        DBG(DBG_PARSING,
            DBG_dump_chunk("DER ASN1 DN:", peer->name));
        break;
@@ -3221,7 +3230,9 @@ main_inI1_outR1(struct msg_digest *md)
     close_message(&md->rbody);
 
     /* save initiator SA for HASH */
-    clonereplacechunk(st->st_p1isa, sa_pd->pbs.start, pbs_room(&sa_pd->pbs));
+    free(st->st_p1isa.ptr);
+    st->st_p1isa = chunk_create(sa_pd->pbs.start, pbs_room(&sa_pd->pbs));
+    st->st_p1isa = chunk_clone(st->st_p1isa);
 
     return STF_OK;
 }
@@ -5332,7 +5343,7 @@ send_isakmp_notification(struct state *st, u_int16_t type
     {
         chunk_t saved_tpacket = st->st_tpacket;
 
-        setchunk(st->st_tpacket, reply.start, pbs_offset(&reply));
+        st->st_tpacket = chunk_create(reply.start, pbs_offset(&reply));
         send_packet(st, "ISAKMP notify");
         st->st_tpacket = saved_tpacket;
     }
index c830485..4dcad1f 100644 (file)
@@ -1467,7 +1467,7 @@ scan_proc_shunts(void)
 
            cp += strspn(cp, sep);      /* find start of field */
            w = strcspn(cp, sep);       /* find width of field */
-           setchunk(field[fi], cp, w);
+           field[fi] = chunk_create(cp, w);
            cp += w;
            if (w == 0)
                break;
index a974697..2d51b52 100644 (file)
@@ -120,8 +120,8 @@ static void
 free_public_key(pubkey_t *pk)
 {
     free_id_content(&pk->id);
-    freeanychunk(pk->issuer);
-    freeanychunk(pk->serial);
+    free(pk->issuer.ptr);
+    free(pk->serial.ptr);
 
     /* algorithm-specific freeing */
     switch (pk->alg)
@@ -411,7 +411,9 @@ process_psk_secret(chunk_t *psk)
 
     if (*tok == '"' || *tok == '\'')
     {
-       clonetochunk(*psk, tok+1, flp->cur - tok  - 2);
+       chunk_t secret = { tok + 1, flp->cur - tok  -2 };
+
+       *psk = chunk_clone(secret);
        (void) shift();
     }
     else
@@ -428,7 +430,8 @@ process_psk_secret(chunk_t *psk)
        }
        else
        {
-           clonetochunk(*psk, buf, sz);
+           chunk_t secret = { buf, sz };
+           *psk = chunk_clone(secret);
            (void) shift();
        }
     }
@@ -488,7 +491,7 @@ process_rsa_secret(RSA_private_key_t *rsak)
                if (eb_next - ebytes + sz > sizeof(ebytes))
                    return "public key takes too many bytes";
 
-               setchunk(*pb_next, eb_next, sz);
+               *pb_next = chunk_create(eb_next, sz);
                memcpy(eb_next, buf, sz);
                eb_next += sz;
                pb_next++;
@@ -609,8 +612,7 @@ process_xauth(secret_t *s)
     plog("  loaded xauth credentials of user '%.*s'"
                , user_name.len
                , user_name.ptr);
-    clonetochunk(s->u.xauth_secret.user_name
-       , user_name.ptr, user_name.len);
+    s->u.xauth_secret.user_name = chunk_clone(user_name);
 
     if (!shift())
        return "missing xauth user password";
@@ -657,10 +659,10 @@ xauth_verify_secret(const xauth_peer_t *peer, const xauth_t *xauth_secret)
     {
        if (s->kind == PPK_XAUTH)
        {
-           if (!same_chunk(xauth_secret->user_name, s->u.xauth_secret.user_name))
+           if (!chunk_equals(xauth_secret->user_name, s->u.xauth_secret.user_name))
                continue;
            found = TRUE;
-           if (same_chunk(xauth_secret->user_password, s->u.xauth_secret.user_password))
+           if (chunk_equals(xauth_secret->user_password, s->u.xauth_secret.user_password))
                return TRUE;
        }
     }
@@ -736,14 +738,19 @@ process_pin(secret_t *s, int whackfd)
     }
     else if (tokeqword("%pinpad"))
     {
+       chunk_t empty_pin = { "", 0 };
+
        shift();
+
        /* pin will be entered via pin pad during verification */
-       clonetochunk(sc->pin, "", 0);
+       sc->pin = chunk_clone(empty_pin);
        sc->pinpad = TRUE;
        sc->valid = TRUE;
        pin_status = "pin entry via pad";
        if (pkcs11_keep_state)
+       {
            scx_verify_pin(sc);
+       }
     }
     else
     {  
@@ -937,7 +944,7 @@ process_secret_records(int whackfd)
            zero(s);
            s->ids = NULL;
            s->kind = PPK_PSK;  /* default */
-           setchunk(s->u.preshared_secret, NULL, 0);
+           s->u.preshared_secret = chunk_empty;
            s->next = NULL;
 
            for (;;)
@@ -1239,16 +1246,18 @@ unpack_RSA_public_key(RSA_public_key_t *rsa, const chunk_t *pubkey)
 
     if (pubkey->ptr[0] != 0x00)
     {
-       setchunk(exp, pubkey->ptr + 1, pubkey->ptr[0]);
+       exp = chunk_create(pubkey->ptr + 1, pubkey->ptr[0]);
     }
     else
     {
-       setchunk(exp, pubkey->ptr + 3
-           , (pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]);
+       exp = chunk_create(pubkey->ptr + 3,
+                         (pubkey->ptr[1] << BITS_PER_BYTE) + pubkey->ptr[2]);
     }
 
     if (pubkey->len - (exp.ptr - pubkey->ptr) < exp.len + RSA_MIN_OCTETS_RFC)
+    {
        return "RSA public key blob too short";
+    }
 
     mod.ptr = exp.ptr + exp.len;
     mod.len = &pubkey->ptr[pubkey->len] - mod.ptr;
@@ -1284,16 +1293,10 @@ install_public_key(pubkey_t *pk, pubkey_list_t **head)
     unshare_id_content(&pk->id);
 
     /* copy issuer dn */
-    if (pk->issuer.ptr != NULL)
-    {
-       pk->issuer.ptr = clone_bytes(pk->issuer.ptr, pk->issuer.len);
-    }
+    pk->issuer = chunk_clone(pk->issuer);
 
     /* copy serial number */
-    if (pk->serial.ptr != NULL)
-    {
-       pk->serial.ptr = clone_bytes(pk->serial.ptr, pk->serial.len);
-    }
+    pk->serial = chunk_clone(pk->serial);
 
     /* store the time the public key was installed */
     time(&pk->installed_time);
index eb94aa6..4707de3 100644 (file)
@@ -530,8 +530,9 @@ modecfg_send_msg(struct state *st, int isama_type, internal_addr_t *ia)
                        , 0 /* XXX isama_id */
                     );
 
-    freeanychunk(st->st_tpacket);
-    clonetochunk(st->st_tpacket, msg.start, pbs_offset(&msg));
+    free(st->st_tpacket.ptr);
+    st->st_tpacket = chunk_create(msg.start, pbs_offset(&msg));
+    st->st_tpacket = chunk_clone(st->st_tpacket);
 
     /* Transmit */
     send_packet(st, "ModeCfg msg");
@@ -675,11 +676,11 @@ modecfg_parse_attributes(pb_stream *attrs, internal_addr_t *ia)
            ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
            break;
        case XAUTH_USER_NAME:
-           setchunk(ia->xauth_secret.user_name, strattr.cur, attr_len);
+           ia->xauth_secret.user_name = chunk_create(strattr.cur, attr_len);
            ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
            break;
        case XAUTH_USER_PASSWORD:
-           setchunk(ia->xauth_secret.user_password, strattr.cur, attr_len);
+           ia->xauth_secret.user_password = chunk_create(strattr.cur, attr_len);
            ia->xauth_attr_set |= LELEM(attr_type - XAUTH_BASE);
            break;
        case XAUTH_STATUS:
@@ -1092,8 +1093,9 @@ xauth_inI0(struct msg_digest *md)
     else
     {
        /* send XAUTH reply msg and then delete ISAKMP SA */
-       freeanychunk(st->st_tpacket);
-       clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
+       free(st->st_tpacket.ptr);
+       st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
+       st->st_tpacket = chunk_clone(st->st_tpacket);
        send_packet(st, "XAUTH reply msg");
        delete_state(st);
        return STF_IGNORE;
@@ -1223,8 +1225,9 @@ xauth_inI1(struct msg_digest *md)
     else
     {
        /* send XAUTH ack msg and then delete ISAKMP SA */
-       freeanychunk(st->st_tpacket);
-       clonetochunk(st->st_tpacket, md->reply.start, pbs_offset(&md->reply));
+       free(st->st_tpacket.ptr);
+       st->st_tpacket = chunk_create(md->reply.start, pbs_offset(&md->reply));
+       st->st_tpacket = chunk_clone(st->st_tpacket);
        send_packet(st, "XAUTH ack msg");
        delete_state(st);
        return STF_IGNORE;
index 1a5085e..3317d30 100644 (file)
@@ -575,14 +575,14 @@ static void nat_traversal_send_ka (struct state *st)
     )
 
     /* save state chunk */
-    setchunk(sav, st->st_tpacket.ptr, st->st_tpacket.len);
+    sav = st->st_tpacket;
 
     /* send keep alive */
-    setchunk(st->st_tpacket, &ka_payload, 1);
+    st->st_tpacket = chunk_create(&ka_payload, 1);
     send_packet(st, "NAT-T Keep Alive");
 
     /* restore state chunk */
-    setchunk(st->st_tpacket, sav.ptr, sav.len);
+    st->st_tpacket = sav;
 }
 
 /**
index 41c0cbd..b706dc9 100644 (file)
@@ -131,13 +131,13 @@ static u_char ASN1_nonce_oid_str[] = {
     0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x02
 };
 
-static const chunk_t ASN1_nonce_oid = strchunk(ASN1_nonce_oid_str);
+static const chunk_t ASN1_nonce_oid = chunk_from_buf(ASN1_nonce_oid_str);
 
 static u_char ASN1_response_oid_str[] = {
     0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x04
 };
 
-static const chunk_t ASN1_response_oid = strchunk(ASN1_response_oid_str);
+static const chunk_t ASN1_response_oid = chunk_from_buf(ASN1_response_oid_str);
 
 static u_char ASN1_response_content_str[] = {
     0x04, 0x0D,
@@ -145,7 +145,7 @@ static u_char ASN1_response_content_str[] = {
                0x06, 0x09, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01
 };
 
-static const chunk_t ASN1_response_content = strchunk(ASN1_response_content_str);
+static const chunk_t ASN1_response_content = chunk_from_buf(ASN1_response_content_str);
 
 /* default OCSP uri */
 static chunk_t ocsp_default_uri;
@@ -295,13 +295,16 @@ build_ocsp_location(const x509cert_t *cert, ocsp_location_t *location)
        ca_info_t *ca = get_ca_info(cert->issuer, cert->authKeySerialNumber
                , cert->authKeyID);
        if (ca != NULL && ca->ocspuri != NULL)
-           setchunk(location->uri, ca->ocspuri, strlen(ca->ocspuri))
+       {
+           location->uri = chunk_create(ca->ocspuri, strlen(ca->ocspuri));
+       }
        else
-           /* abort if no ocsp location uri is defined */
+       {   /* abort if no ocsp location uri is defined */
            return FALSE;
+       }
     }
     
-    setchunk(location->authNameID, digest, SHA1_DIGEST_SIZE);
+    location->authNameID = chunk_create(digest, SHA1_DIGEST_SIZE);
     compute_digest(cert->issuer, OID_SHA1, &location->authNameID);
 
     location->next = NULL;
@@ -337,7 +340,7 @@ same_ocsp_location(const ocsp_location_t *a, const ocsp_location_t *b)
                ? same_keyid(a->authKeyID, b->authKeyID)
                : (same_dn(a->issuer, b->issuer)
                    && same_serial(a->authKeySerialNumber, b->authKeySerialNumber)))
-           && same_chunk(a->uri, b->uri);
+           && chunk_equals(a->uri, b->uri);
 }
 
 /*
@@ -378,7 +381,7 @@ get_ocsp_status(const ocsp_location_t *loc, chunk_t serialNumber
 
     while (certinfo != NULL)
     {
-       cmp = cmp_chunk(serialNumber, certinfo->serialNumber);
+       cmp = chunk_compare(serialNumber, certinfo->serialNumber);
        if (cmp <= 0)
            break;
        certinfop = &certinfo->next;
@@ -488,7 +491,7 @@ check_ocsp(void)
 static void
 free_certinfo(ocsp_certinfo_t *certinfo)
 {
-    freeanychunk(certinfo->serialNumber);
+    free(certinfo->serialNumber.ptr);
     free(certinfo);
 }
 
@@ -514,11 +517,11 @@ free_certinfos(ocsp_certinfo_t *chain)
 static void
 free_ocsp_location(ocsp_location_t* location)
 {
-    freeanychunk(location->issuer);
-    freeanychunk(location->authNameID);
-    freeanychunk(location->authKeyID);
-    freeanychunk(location->authKeySerialNumber);
-    freeanychunk(location->uri);
+    free(location->issuer.ptr);
+    free(location->authNameID.ptr);
+    free(location->authKeyID.ptr);
+    free(location->authKeySerialNumber.ptr);
+    free(location->uri.ptr);
     free_certinfos(location->certinfo);
     free(location);
 }
@@ -792,7 +795,7 @@ build_signature(chunk_t tbsRequest)
     sigdata = generate_signature(digest_info
        , ocsp_requestor_sc
        , ocsp_requestor_pri);
-    freeanychunk(digest_info);
+    free(digest_info.ptr);
 
     /* has the RSA signature generation been successful? */
     if (sigdata.ptr == NULL)
@@ -1154,10 +1157,9 @@ parse_basic_ocsp_response(chunk_t blob, int level0, response_t *res)
            break;
        case BASIC_RESPONSE_CERTIFICATE:
            {
-               chunk_t blob;
+               chunk_t blob = chunk_clone(object);
                x509cert_t *cert = malloc_thing(x509cert_t);
 
-               clonetochunk(blob, object.ptr, object.len);
                *cert = empty_x509cert;
 
                if (parse_x509cert(blob, level+1, cert)
@@ -1327,30 +1329,11 @@ add_ocsp_location(const ocsp_location_t *loc, ocsp_location_t **chain)
     ocsp_location_t *location = malloc_thing(ocsp_location_t);
 
     /* unshare location fields */
-    clonetochunk(location->issuer, loc->issuer.ptr, loc->issuer.len);
-
-    clonetochunk(location->authNameID, loc->authNameID.ptr, loc->authNameID.len);
-
-    if (loc->authKeyID.ptr == NULL)
-    {
-       location->authKeyID = chunk_empty;
-    }
-    else
-    {
-       clonetochunk(location->authKeyID, loc->authKeyID.ptr, loc->authKeyID.len);
-    }
-
-    if (loc->authKeySerialNumber.ptr == NULL)
-    {
-       location->authKeySerialNumber = chunk_empty;
-    }
-    else
-    {
-       clonetochunk(location->authKeySerialNumber
-               , loc->authKeySerialNumber.ptr, loc->authKeySerialNumber.len);
-    }
-
-    clonetochunk(location->uri, loc->uri.ptr, loc->uri.len);
+    location->issuer = chunk_clone(loc->issuer);
+    location->authNameID = chunk_clone(loc->authNameID);
+    location->authKeyID = chunk_clone(loc->authKeyID);
+    location->authKeySerialNumber = chunk_clone(loc->authKeySerialNumber);
+    location->uri = chunk_clone(loc->uri);
     location->certinfo = NULL;
 
     /* insert new ocsp location in front of chain */
@@ -1387,7 +1370,7 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai
 
     while (certinfo != NULL)
     {
-       cmp = cmp_chunk(info->serialNumber, certinfo->serialNumber);
+       cmp = chunk_compare(info->serialNumber, certinfo->serialNumber);
        if (cmp <= 0)
            break;
        certinfop = &certinfo->next;
@@ -1398,7 +1381,8 @@ add_certinfo(ocsp_location_t *loc, ocsp_certinfo_t *info, ocsp_location_t **chai
     {
        /* add a new certinfo entry */
        ocsp_certinfo_t *cnew = malloc_thing(ocsp_certinfo_t);
-       clonetochunk(cnew->serialNumber, info->serialNumber.ptr, info->serialNumber.len);
+
+       cnew->serialNumber = chunk_clone(info->serialNumber);
        cnew->next = certinfo;
        *certinfop = cnew;
        certinfo = cnew;
@@ -1454,8 +1438,8 @@ process_single_response(ocsp_location_t *location, single_response_t *sres)
        plog("only SHA-1 hash supported in OCSP single response");
        return;
     }
-    if (!(same_chunk(sres->issuer_name_hash, location->authNameID)
-    &&   same_chunk(sres->issuer_key_hash, location->authKeyID)))
+    if (!(chunk_equals(sres->issuer_name_hash, location->authNameID)
+    &&   chunk_equals(sres->issuer_key_hash, location->authKeyID)))
     {
        plog("ocsp single response has wrong issuer");
        return;
@@ -1467,7 +1451,7 @@ process_single_response(ocsp_location_t *location, single_response_t *sres)
 
     while (certinfo != NULL)
     {
-       cmp = cmp_chunk(sres->serialNumber, certinfo->serialNumber);
+       cmp = chunk_compare(sres->serialNumber, certinfo->serialNumber);
        if (cmp <= 0)
            break;
        certinfop = &certinfo->next;
@@ -1522,7 +1506,7 @@ parse_ocsp(ocsp_location_t *location, chunk_t blob)
        plog("ocsp response contains no nonce, replay attack possible");
     }
     /* check if the nonce is identical */
-    if (res.nonce.ptr != NULL && !same_chunk(res.nonce, location->nonce))
+    if (res.nonce.ptr != NULL && !chunk_equals(res.nonce, location->nonce))
     {
        plog("invalid nonce in ocsp response");
        return;
index e9edb91..8c607cf 100644 (file)
@@ -286,7 +286,7 @@ pem_decrypt(chunk_t *blob, chunk_t *iv, prompt_pass_t *pass, const char* label)
                return ugh;
            }
 
-           clonetochunk(blob_copy, blob->ptr, blob->len);
+           blob_copy = chunk_clone(*blob);
 
            if (pem_decrypt_3des(blob, iv, pass->secret))
            {
index 9516d12..842896b 100644 (file)
@@ -491,7 +491,7 @@ RSA_encrypt(const RSA_public_key_t *key, chunk_t in)
 bool
 RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
 {
-    chunk_t padded;
+    chunk_t padded, plaintext;
     u_char *pos;
     mpz_t t1, t2;
 
@@ -530,7 +530,7 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
     if ((*pos++ != 0x00) || (*(pos++) != 0x02))
     {
        plog("incorrect padding - probably wrong RSA key");
-       freeanychunk(padded);
+       chunk_clear(&padded);
        return FALSE;
     }
     padded.len -= 2;
@@ -541,12 +541,13 @@ RSA_decrypt(const RSA_private_key_t *key, chunk_t in, chunk_t *out)
     if (padded.len == 0)
     {
        plog("no plaintext data");
-       freeanychunk(padded);
+       free(padded.ptr);
        return FALSE;
     }
 
-    clonetochunk(*out, pos, padded.len);
-    freeanychunk(padded);
+    plaintext = chunk_create(pos, padded.len);
+    *out = chunk_clone(plaintext);
+    chunk_clear(&padded);
     return TRUE;
 }
 
index fae8ca8..fc87903 100644 (file)
@@ -155,17 +155,17 @@ static char ASN1_pkcs7_encrypted_data_oid_str[] = {
 };
 
 static const chunk_t ASN1_pkcs7_data_oid = 
-                       strchunk(ASN1_pkcs7_data_oid_str);
+                       chunk_from_buf(ASN1_pkcs7_data_oid_str);
 static const chunk_t ASN1_pkcs7_signed_data_oid =
-                       strchunk(ASN1_pkcs7_signed_data_oid_str);
+                       chunk_from_buf(ASN1_pkcs7_signed_data_oid_str);
 static const chunk_t ASN1_pkcs7_enveloped_data_oid =
-                       strchunk(ASN1_pkcs7_enveloped_data_oid_str);
+                       chunk_from_buf(ASN1_pkcs7_enveloped_data_oid_str);
 static const chunk_t ASN1_pkcs7_signed_enveloped_data_oid = 
-                       strchunk(ASN1_pkcs7_signed_enveloped_data_oid_str);
+                       chunk_from_buf(ASN1_pkcs7_signed_enveloped_data_oid_str);
 static const chunk_t ASN1_pkcs7_digested_data_oid =
-                       strchunk(ASN1_pkcs7_digested_data_oid_str);
+                       chunk_from_buf(ASN1_pkcs7_digested_data_oid_str);
 static const chunk_t ASN1_pkcs7_encrypted_data_oid =
-                       strchunk(ASN1_pkcs7_encrypted_data_oid_str);
+                       chunk_from_buf(ASN1_pkcs7_encrypted_data_oid_str);
 
 /* 3DES and DES encryption OIDs */
 
@@ -178,9 +178,9 @@ static u_char ASN1_des_cbc_oid_str[] = {
 };
 
 static const chunk_t ASN1_3des_ede_cbc_oid = 
-                       strchunk(ASN1_3des_ede_cbc_oid_str);
+                       chunk_from_buf(ASN1_3des_ede_cbc_oid_str);
 static const chunk_t ASN1_des_cbc_oid =
-                       strchunk(ASN1_des_cbc_oid_str);
+                       chunk_from_buf(ASN1_des_cbc_oid_str);
 
 /* PKCS#7 attribute type OIDs */
 
@@ -193,9 +193,9 @@ static u_char ASN1_messageDigest_oid_str[] = {
 };
 
 static const chunk_t ASN1_contentType_oid =
-                       strchunk(ASN1_contentType_oid_str);
+                       chunk_from_buf(ASN1_contentType_oid_str);
 static const chunk_t ASN1_messageDigest_oid =
-                       strchunk(ASN1_messageDigest_oid_str);
+                       chunk_from_buf(ASN1_messageDigest_oid_str);
 
 /*
  * Parse PKCS#7 ContentInfo object
@@ -283,11 +283,9 @@ pkcs7_parse_signedData(chunk_t blob, contentInfo_t *data, x509cert_t **cert
        case PKCS7_SIGNED_CERT:
            if (cert != NULL)
            {
-               chunk_t cert_blob;
-
+               chunk_t cert_blob = chunk_clone(object);
                x509cert_t *newcert = malloc_thing(x509cert_t);
 
-               clonetochunk(cert_blob, object.ptr, object.len);
                *newcert = empty_x509cert;
 
                DBG(DBG_CONTROL | DBG_PARSING,
@@ -431,7 +429,7 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
            )
            break;      
        case PKCS7_SERIAL_NUMBER:
-           if (!same_chunk(serialNumber, object))
+           if (!chunk_equals(serialNumber, object))
            {
                plog("serial numbers do not match");
                goto failed;
@@ -561,11 +559,11 @@ pkcs7_parse_envelopedData(chunk_t blob, chunk_t *data
            }
        }
     }
-    freeanychunk(symmetric_key);
+    chunk_clear(&symmetric_key);
     return TRUE;
 
 failed:
-    freeanychunk(symmetric_key);
+    chunk_clear(&symmetric_key);
     free(data->ptr);
     return FALSE;
 }
@@ -677,7 +675,7 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
     {
        encryptedDigest = pkcs1_build_signature(attributes, digest_alg
                                , key, FALSE);
-       clonetochunk(authenticatedAttributes, attributes.ptr, attributes.len);
+       authenticatedAttributes = chunk_clone(attributes);
        *authenticatedAttributes.ptr = ASN1_CONTEXT_C_0;
     }
     else
@@ -712,8 +710,8 @@ pkcs7_build_signedData(chunk_t data, chunk_t attributes, const x509cert_t *cert
        DBG_dump_chunk("signedData:\n", cInfo)
     )
 
-    freeanychunk(pkcs7Data.content);
-    freeanychunk(signedData.content);
+    free(pkcs7Data.content.ptr);
+    free(signedData.content.ptr);
     return cInfo;
 }
 
@@ -853,7 +851,7 @@ pkcs7_build_envelopedData(chunk_t data, const x509cert_t *cert, int cipher)
        )
 
        free_RSA_public_content(&public_key);
-       freeanychunk(envelopedData.content);
+       free(envelopedData.content.ptr);
        return cInfo;
     }
 }
index ee8312d..f2f2860 100644 (file)
@@ -1479,9 +1479,12 @@ scx_encrypt(smartcard_t *sc, const u_char *in, size_t inlen
 
            memcpy(out, cipher_text.ptr, cipher_text.len);
            *outlen = cipher_text.len;
-           freeanychunk(cipher_text);
+           free(cipher_text.ptr);
+
            if (!pkcs11_keep_state)
+           {
                scx_release_context(sc);
+           }
            return TRUE;
        }
        else
@@ -1759,7 +1762,8 @@ scx_get_pin(smartcard_t *sc, int whackfd)
        /* verify the pin */
        if (scx_verify_pin(sc))
        {
-           clonetochunk(sc->pin, pin, strlen(pin));
+           sc->pin = chunk_create(pin, strlen(pin));
+           sc->pin = chunk_clone(sc->pin);
            break;
        }
 
index c506ebc..56c6667 100644 (file)
@@ -537,16 +537,10 @@ duplicate_state(struct state *st)
     nst->st_clonedfrom = st->st_serialno;
     nst->st_oakley = st->st_oakley;
     nst->st_modecfg = st->st_modecfg;
-
-#   define clone_chunk(ch) \
-       clonetochunk(nst->ch, st->ch.ptr, st->ch.len)
-
-    clone_chunk(st_skeyid_d);
-    clone_chunk(st_skeyid_a);
-    clone_chunk(st_skeyid_e);
-    clone_chunk(st_enc_key);
-
-#   undef clone_chunk
+    nst->st_skeyid_d = chunk_clone(st->st_skeyid_d);
+    nst->st_skeyid_a = chunk_clone(st->st_skeyid_a);
+    nst->st_skeyid_e = chunk_clone(st->st_skeyid_e);
+    nst->st_enc_key = chunk_clone(st->st_enc_key);
 
     return nst;
 }
index 52ff9f0..f849be7 100644 (file)
@@ -394,7 +394,7 @@ static u_char ASN1_subjectAltName_oid_str[] = {
     0x06, 0x03, 0x55, 0x1D, 0x11
 };
 
-static const chunk_t ASN1_subjectAltName_oid = strchunk(ASN1_subjectAltName_oid_str);
+static const chunk_t ASN1_subjectAltName_oid = chunk_from_buf(ASN1_subjectAltName_oid_str);
 
 static void
 update_chunk(chunk_t *ch, int n)
@@ -987,7 +987,7 @@ match_dn(chunk_t a, chunk_t b, int *wildcards)
 bool
 same_x509cert(const x509cert_t *a, const x509cert_t *b)
 {
-    return same_chunk(a->signature, b->signature);
+    return chunk_equals(a->signature, b->signature);
 }
 
 /*  for each link pointing to the certificate
@@ -1083,7 +1083,7 @@ same_keyid(chunk_t a, chunk_t b)
     {
        return FALSE;
     }
-    return same_chunk(a, b);
+    return chunk_equals(a, b);
 }
 
 /*
@@ -1097,7 +1097,7 @@ same_serial(chunk_t a, chunk_t b)
     {
        return TRUE;
     }
-    return same_chunk(a, b);
+    return chunk_equals(a, b);
 }
 
 /*
index 4a56e70..f7c4cca 100644 (file)
@@ -43,13 +43,13 @@ static u_char ASN1_challengePassword_oid_str[] = {
     0x06,0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x07
 };
 
-static const chunk_t ASN1_challengePassword_oid = strchunk(ASN1_challengePassword_oid_str);
+static const chunk_t ASN1_challengePassword_oid = chunk_from_buf(ASN1_challengePassword_oid_str);
 
 static u_char ASN1_extensionRequest_oid_str[] = {
     0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x0E
 };
 
-static const chunk_t ASN1_extensionRequest_oid = strchunk(ASN1_extensionRequest_oid_str);
+static const chunk_t ASN1_extensionRequest_oid = chunk_from_buf(ASN1_extensionRequest_oid_str);
 
 /** 
  * @brief Adds a subjectAltName in DER-coded form to a linked list
@@ -214,7 +214,7 @@ pkcs10_free(pkcs10_t *pkcs10)
 {
     if (pkcs10 != NULL)
     {
-       freeanychunk(pkcs10->request);
+       free(pkcs10->request.ptr);
        free(pkcs10);
     }
 }
index a7c6321..dff405f 100644 (file)
@@ -321,10 +321,12 @@ generate_rsa_private_key(int nbits, RSA_private_key_t *key)
        size_t n_len = (mpz_sizeinbase(n,2)+BITS_PER_BYTE-1)/BITS_PER_BYTE;
        chunk_t e_ch = mpz_to_n(e, e_len);
        chunk_t n_ch = mpz_to_n(n, n_len);
+
        form_keyid(e_ch, n_ch, key->pub.keyid, &key->pub.k);
-       freeanychunk(e_ch);
-       freeanychunk(n_ch);
+       free(e_ch.ptr);
+       free(n_ch.ptr);
     }
+
     /* fill in the elements of the RSA private key */
     key->p = *p;
     key->q = *q;
index d9d8722..f603b5c 100644 (file)
@@ -53,11 +53,11 @@ static char ASN1_transId_oid_str[] = {
 };
 
 static const chunk_t ASN1_messageType_oid =
-                       strchunk(ASN1_messageType_oid_str);
+                       chunk_from_buf(ASN1_messageType_oid_str);
 static const chunk_t ASN1_senderNonce_oid =
-                       strchunk(ASN1_senderNonce_oid_str);
+                       chunk_from_buf(ASN1_senderNonce_oid_str);
 static const chunk_t ASN1_transId_oid =
-                       strchunk(ASN1_transId_oid_str);
+                       chunk_from_buf(ASN1_transId_oid_str);
 
 static const char *pkiStatus_values[] = { "0", "2", "3" };
 
@@ -395,8 +395,8 @@ scep_build_request(chunk_t data, chunk_t transID, scep_msg_t msg
 
     request = pkcs7_build_signedData(envelopedData, attributes
                    , signer_cert, digest_alg, private_key);
-    freeanychunk(envelopedData);
-    freeanychunk(attributes);
+    free(envelopedData.ptr);
+    free(attributes.ptr);
     return request;
 }
 
@@ -590,7 +590,7 @@ scep_parse_response(chunk_t response, chunk_t transID, contentInfo_t *data
     {
        return "error parsing the scep response attributes";
     }
-    if (!same_chunk(transID, attrs->transID))
+    if (!chunk_equals(transID, attrs->transID))
     {
        return "transaction ID of scep response does not match";
     }
index fe97923..7d1c2e5 100644 (file)
@@ -148,21 +148,21 @@ exit_scepclient(err_t message, ...)
        free_RSA_private_content(private_key);
        free(private_key);
     }
-    freeanychunk(pkcs1);
-    freeanychunk(pkcs7);
-    freeanychunk(subject);
-    freeanychunk(serialNumber);
-    freeanychunk(transID);
-    freeanychunk(fingerprint);
-    freeanychunk(issuerAndSubject);
-    freeanychunk(getCertInitial);
-    if (scep_response.ptr != NULL)
-       free(scep_response.ptr);
+    free(pkcs1.ptr);
+    free(pkcs7.ptr);
+    free(subject.ptr);
+    free(serialNumber.ptr);
+    free(transID.ptr);
+    free(fingerprint.ptr);
+    free(issuerAndSubject.ptr);
+    free(getCertInitial.ptr);
+    free(scep_response.ptr);
 
     free_generalNames(subjectAltNames, TRUE);
     if (x509_signer != NULL)
+    {
        x509_signer->subjectAltName = NULL;
-
+    }
     free_x509cert(x509_signer);
     free_x509cert(x509_ca_enc);
     free_x509cert(x509_ca_sig);
@@ -801,7 +801,7 @@ int main(int argc, char **argv)
            exit_scepclient(ugh);
        }
 
-       clonetochunk(subject, dn.ptr, dn.len);
+       subject = chunk_clone(dn);
 
        DBG(DBG_CONTROL,
            DBG_log("building pkcs10 object:")
@@ -1007,7 +1007,7 @@ int main(int argc, char **argv)
                DBG_log("transaction ID: %.*s", (int)transID.len, transID.ptr)
            )
 
-           freeanychunk(getCertInitial);
+           chunk_free(&getCertInitial);
            getCertInitial = scep_build_request(issuerAndSubject
                                , transID, SCEP_GetCertInitial_MSG
                                , x509_ca_enc, pkcs7_symmetric_cipher
@@ -1047,7 +1047,7 @@ int main(int argc, char **argv)
         {
            exit_scepclient("error parsing the scep response");
        }
-       freeanychunk(certData);
+       chunk_free(&certData);
 
        /* store the end entity certificate */
        path = concatenate_paths(HOST_CERT_PATH, file_out_cert);