}
/*
- * compare two X.509 attribute certificates by comparing their signatures
- */
-static bool
-same_x509acert(x509acert_t *a, x509acert_t *b)
-{
- return a->signature.len == b->signature.len &&
- memcmp(a->signature.ptr, b->signature.ptr, b->signature.len) == 0;
-}
-
-/*
* release an ietfAttribute, free it if count reaches zero
*/
static void
* DNS query (if any). It also selects the kind of the next step.
* The second chunk initiates the next DNS query (if any).
*/
- enum find_oppo_step next_step;
+ enum find_oppo_step next_step = fos_myid_ip_txt;
err_t ugh = ac_ugh;
char mycredentialstr[BUF_LEN];
char cib[CONN_INST_BUF];
struct connection *d;
struct connection *best_found = NULL;
u_int16_t auth = st->st_oakley.auth;
- lset_t auth_policy;
+ lset_t auth_policy = POLICY_PSK;
const chunk_t *psk = NULL;
bool wcpip; /* wildcard Peer IP? */
int best_prio = PRIO_NO_MATCH_FOUND;
asn1_ctx_t ctx;
bool critical;
chunk_t extnID;
- chunk_t userCertificate;
+ chunk_t userCertificate = empty_chunk;
chunk_t object;
u_int level;
int objectID = 0;
/* Schedule for whatever timeout is specified */
{
- time_t delay;
+ time_t delay = UNDEFINED_TIME;
enum event_type kind = smc->timeout_event;
bool agreed_time = FALSE;
struct connection *c = st->st_connection;
void
init_fetch(void)
{
+#if defined(LIBCURL) || defined (THREADS)
int status;
+#endif
#ifdef LIBCURL
/* init curl */
for (a = ike_alg_base[IKE_ALG_ENCRYPT]; a != NULL; a = a->algo_next)
{
-
- struct encrypt_desc *desc = (struct encrypt_desc*)a;
-
plog(" %s self-test not available", enum_name(&oakley_enc_names, a->algo_id));
}
/* SA out */
{
u_char *sa_start = rbody.cur;
- lset_t auth_policy = policy & POLICY_ID_AUTH_MASK;
if (!out_sa(&rbody, &oakley_sadb, st, TRUE
, vids_to_send-- ? ISAKMP_NEXT_VID : ISAKMP_NEXT_NONE))
, u_int8_t protoid
, struct ipsec_proto_info *pi)
{
- size_t needed_len; /* bytes of keying material needed */
+ size_t needed_len = 0; /* bytes of keying material needed */
/* Add up the requirements for keying material
* (It probably doesn't matter if we produce too much!)
struct key_continuation *nkc
= alloc_thing(struct key_continuation, "key continuation");
enum key_oppo_step step_done = kc == NULL? kos_null : kc->step;
- err_t ugh;
+ err_t ugh = NULL;
/* Record that state is used by a suspended md */
passert(st->st_suspended_md == NULL);
char fgwb[ADDRTOT_BUF]
, cb[ADDRTOT_BUF];
ip_address client;
- err_t which;
+ err_t which = NULL;
switch (b->step)
{
, *our_id /* needed for myid playing */
, our_id_space; /* ephemeral: no need for unshare_id_content */
ip_address client;
- err_t ugh;
+ err_t ugh = NULL;
/* Record that state is used by a suspended md */
b->step = next_step; /* not just vc->b.step */
, struct state *p1st)
{
struct connection *c = p1st->st_connection;
- enum verify_oppo_step next_step;
+ enum verify_oppo_step next_step = vos_our_client;
err_t ugh = NULL;
DBG(DBG_CONTROL,
allocate_RSA_public_key(const cert_t cert)
{
pubkey_t *pk = alloc_thing(pubkey_t, "pubkey");
- chunk_t e, n;
+ chunk_t e = empty_chunk, n = empty_chunk;
switch (cert.type)
{
{
secret_t *s;
const RSA_private_key_t *pri = NULL;
- const cert_t c = {CERT_X509_SIGNATURE, {cert}};
+ const cert_t c = {CERT_X509_SIGNATURE, {(x509cert_t*)cert}};
pubkey_t *pubkey = allocate_RSA_public_key(c);
void
remove_x509_public_key(const x509cert_t *cert)
{
- const cert_t c = {CERT_X509_SIGNATURE, {cert}};
+ const cert_t c = {CERT_X509_SIGNATURE, {(x509cert_t*)cert}};
pubkey_list_t *p, **pp;
pubkey_t *revoked_pk;
scx_init(const char* module, const char *init_args)
{
#ifdef SMARTCARD
- CK_C_INITIALIZE_ARGS args = { .pReserved = init_args, };
+ CK_C_INITIALIZE_ARGS args = { .pReserved = (char *)init_args, };
CK_RV rv;
if (scx_initialized)
if (rv == CKR_FUNCTION_NOT_SUPPORTED)
{
RSA_public_key_t rsa;
- chunk_t plain_text = {in, inlen};
+ chunk_t plain_text = {(u_char*)in, inlen};
chunk_t cipher_text;
DBG(DBG_CONTROL,
DBG(DBG_CONTROL,
DBG_log("doing RSA encryption on smartcard")
)
- rv = pkcs11_functions->C_Encrypt(sc->session, in, inlen
+ rv = pkcs11_functions->C_Encrypt(sc->session, (u_char*)in, inlen
, out, &len);
if (rv != CKR_OK)
{
return FALSE;
}
- rv = pkcs11_functions->C_Decrypt(sc->session, in, inlen
+ rv = pkcs11_functions->C_Decrypt(sc->session, (u_char*)in, inlen
, out, &len);
if (rv != CKR_OK)
{
struct db_prop *p = &pc->props[pn];
pb_stream proposal_pbs;
struct isakmp_proposal proposal;
- struct_desc *trans_desc;
- struct_desc *attr_desc;
- enum_names **attr_val_descs;
+ struct_desc *trans_desc = NULL;
+ struct_desc *attr_desc = NULL;
+ enum_names **attr_val_descs = NULL;
int tn;
bool tunnel_mode;
case OAKLEY_GROUP_ORDER | ISAKMP_ATTR_AF_TLV:
#endif
default:
+ /* fix compiler warning */
+ memset(&ta, 0, sizeof(ta));
ugh = "unsupported OAKLEY attribute";
break;
}
{
int propno = next_proposal.isap_proposal;
pb_stream ah_prop_pbs, esp_prop_pbs, ipcomp_prop_pbs;
- struct isakmp_proposal ah_proposal, esp_proposal, ipcomp_proposal;
+ struct isakmp_proposal ah_proposal = {0, 0, 0, 0, 0, 0, 0};
+ struct isakmp_proposal esp_proposal = {0, 0, 0, 0, 0, 0, 0};
+ struct isakmp_proposal ipcomp_proposal = {0, 0, 0, 0, 0, 0, 0};
ipsec_spi_t ah_spi = 0;
ipsec_spi_t esp_spi = 0;
ipsec_spi_t ipcomp_cpi = 0;
projects / strongswan.git / commitdiff