0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
+DH *tr_dh_new(void)
+{
+ return DH_new();
+}
+
DH *tr_create_dh_params(unsigned char *priv_key,
size_t keylen) {
}
}
-DH *tr_dup_dh_params(DH *dh) {
- if (dh!=NULL)
- return DHparams_dup(dh);
- return NULL;
+DH *tr_dh_dup(DH *in)
+{
+ DH *out=DH_new();
+
+ if (out==NULL)
+ return NULL;
+
+ if (in->g==NULL)
+ out->g=NULL;
+ else {
+ out->g=BN_dup(in->g);
+ if (out->g==NULL) {
+ DH_free(out);
+ return NULL;
+ }
+ }
+
+ if (in->p==NULL)
+ out->p=NULL;
+ else {
+ out->p=BN_dup(in->p);
+ if (out->p==NULL) {
+ DH_free(out);
+ return NULL;
+ }
+ }
+
+ if (in->q==NULL)
+ out->q=NULL;
+ else {
+ out->q=BN_dup(in->q);
+ if (out->q==NULL) {
+ DH_free(out);
+ return NULL;
+ }
+ }
+
+ if (in->priv_key==NULL)
+ out->priv_key=NULL;
+ else {
+ out->priv_key=BN_dup(in->priv_key);
+ if (out->priv_key==NULL) {
+ DH_free(out);
+ return NULL;
+ }
+ }
+
+ if (in->pub_key==NULL)
+ out->pub_key=NULL;
+ else {
+ out->pub_key=BN_dup(in->pub_key);
+ if (out->g==NULL) {
+ DH_free(out);
+ return NULL;
+ }
+ }
+
+ return out;
}
int tr_compute_dh_key(unsigned char **pbuf,
return 0;
}
-void tr_dh_free(unsigned char *dh_buf)
+void tr_dh_free(DH *dh)
{
- free(dh_buf);
+ DH_free(dh);
}
#include <arpa/inet.h>
#include <string.h>
#include <openssl/dh.h>
+#include <openssl/crypto.h>
#include <jansson.h>
#include <assert.h>
#include <talloc.h>
#include <trust_router/tr_name.h>
#include <trp_internal.h>
#include <trust_router/tr_constraint.h>
+#include <trust_router/tr_dh.h>
#include <tr_debug.h>
/* JSON helpers */
{
json_t *jdh = NULL;
json_t *jbn = NULL;
+ char *s=NULL;
if ((!dh) || (!dh->p) || (!dh->g) || (!dh->pub_key))
return NULL;
jdh = json_object();
- jbn = json_string(BN_bn2hex(dh->p));
+ jbn = json_string(s=BN_bn2hex(dh->p));
+ OPENSSL_free(s);
json_object_set_new(jdh, "dh_p", jbn);
- jbn = json_string(BN_bn2hex(dh->g));
+ jbn = json_string(s=BN_bn2hex(dh->g));
+ OPENSSL_free(s);
json_object_set_new(jdh, "dh_g", jbn);
- jbn = json_string(BN_bn2hex(dh->pub_key));
+ jbn = json_string(s=BN_bn2hex(dh->pub_key));
+ OPENSSL_free(s);
json_object_set_new(jdh, "dh_pub_key", jbn);
return jdh;
json_t *jg = NULL;
json_t *jpub_key = NULL;
- if (!(dh = malloc(sizeof(DH)))) {
+ if (!(dh=tr_dh_new())) {
tr_crit("tr_msg_decode_dh(): Error allocating DH structure.");
return NULL;
}
- memset(dh, 0, sizeof(DH));
-
/* store required fields from dh object */
if ((NULL == (jp = json_object_get(jdh, "dh_p"))) ||
(NULL == (jg = json_object_get(jdh, "dh_g"))) ||
(NULL == (jpub_key = json_object_get(jdh, "dh_pub_key")))) {
tr_debug("tr_msg_decode_dh(): Error parsing dh_info.");
- free(dh);
+ tr_dh_free(dh);
return NULL;
}
#include <trust_router/tr_versioning.h>
-void tr_bin_to_hex(const unsigned char * bin, size_t binlen,
- char * hex_out, size_t hex_len);
+TR_EXPORT void tr_bin_to_hex(const unsigned char * bin, size_t binlen,
+ char * hex_out, size_t hex_len);
TR_EXPORT int tr_cmp_timespec(struct timespec *ts1, struct timespec *ts2);
#endif /* TR_UTIL_H */
#include <trust_router/tr_versioning.h>
#include <trust_router/tid.h>
-
+TR_EXPORT DH *tr_dh_new(void);
+TR_EXPORT void tr_dh_free(DH *dh);
TR_EXPORT DH *tr_create_dh_params(unsigned char *key, size_t len);
TR_EXPORT DH *tr_create_matching_dh(unsigned char *key, size_t len, DH *in_dh);
TR_EXPORT void tr_destroy_dh_params(DH *dh);
-TR_EXPORT DH *tr_dup_dh_params(DH *dh);
+TR_EXPORT DH *tr_dh_dup(DH *in);
TR_EXPORT int tr_compute_dh_key(unsigned char **pbuf, BIGNUM *pub_key, DH *priv_dh);
-TR_EXPORT void tr_dh_free(unsigned char *dh_buf);
int TR_EXPORT tr_dh_pub_hash(TID_REQ *request,
unsigned char **out_digest,
size_t *out_llen);
printf("TIDC Client:\nServer = %s, rp_realm = %s, target_realm = %s, community = %s, port = %i\n", opts.server, opts.rp_realm, opts.target_realm, opts.community, opts.port);
/* Create a TID client instance & the client DH */
- tidc = tidc_create();
+ tidc = tidc_create(NULL);
if (NULL == (tidc->client_dh = tr_create_dh_params(NULL, 0))) {
printf("Error creating client DH params.\n");
return 1;
return 0;
}
-TID_SRVR_BLK *tid_srvr_blk_new(TALLOC_CTX *mem_ctx)
+TR_EXPORT TID_SRVR_BLK *tid_srvr_blk_new(TALLOC_CTX *mem_ctx)
{
TID_SRVR_BLK *srvr=talloc(mem_ctx, TID_SRVR_BLK);
return srvr;
}
-void tid_srvr_blk_free(TID_SRVR_BLK *srvr)
+TR_EXPORT void tid_srvr_blk_free(TID_SRVR_BLK *srvr)
{
talloc_free(srvr);
}
-TID_SRVR_BLK *tid_srvr_blk_dup(TALLOC_CTX *mem_ctx, TID_SRVR_BLK *srvr)
+TR_EXPORT TID_SRVR_BLK *tid_srvr_blk_dup(TALLOC_CTX *mem_ctx, TID_SRVR_BLK *srvr)
{
TID_SRVR_BLK *new=NULL;
if (srvr->aaa_server_addr!=NULL)
new->aaa_server_addr=talloc_strdup(new, srvr->aaa_server_addr);
new->key_name=tr_dup_name(srvr->key_name);
- new->aaa_server_dh=tr_dup_dh_params(srvr->aaa_server_dh);
+ new->aaa_server_dh=tr_dh_dup(srvr->aaa_server_dh);
new->key_expiration=srvr->key_expiration;
tid_srvr_blk_set_path(new, srvr->path);
}
/* use the macro */
-TID_SRVR_BLK *tid_srvr_blk_add_func(TID_SRVR_BLK *head, TID_SRVR_BLK *new)
+TR_EXPORT TID_SRVR_BLK *tid_srvr_blk_add_func(TID_SRVR_BLK *head, TID_SRVR_BLK *new)
{
TID_SRVR_BLK *this=head;
return head;
}
-void tid_srvr_blk_set_path(TID_SRVR_BLK *block, json_t *path)
+TR_EXPORT void tid_srvr_blk_set_path(TID_SRVR_BLK *block, json_t *path)
{
if (block->path!=NULL)
json_decref(block->path);
json_incref(block->path);
}
-const json_t *tid_srvr_get_path( const TID_SRVR_BLK *block)
+TR_EXPORT const json_t *tid_srvr_get_path( const TID_SRVR_BLK *block)
{
if (!block)
return NULL;
return block->path;
}
-void tid_resp_set_cons(TID_RESP *resp, TR_CONSTRAINT_SET *cons)
+TR_EXPORT void tid_resp_set_cons(TID_RESP *resp, TR_CONSTRAINT_SET *cons)
{
json_t *jc=(json_t *)cons;
json_incref(jc);
}
-void tid_resp_set_error_path(TID_RESP *resp, json_t *ep)
+TR_EXPORT void tid_resp_set_error_path(TID_RESP *resp, json_t *ep)
{
if (resp->error_path!=NULL)
json_decref(resp->error_path);
json_incref(resp->error_path);
}
-json_t *tid_resp_get_error_path(const TID_RESP *resp)
+TR_EXPORT json_t *tid_resp_get_error_path(const TID_RESP *resp)
{
if (!resp)
return NULL;
return resp->error_path;
}
-json_t *tid_resp_get_a_path(const TID_RESP *const_resp)
+TR_EXPORT json_t *tid_resp_get_a_path(const TID_RESP *const_resp)
{
size_t index;
TID_SRVR_BLK *server;
goto error;
}
- tid_req->tidc_dh = tidc->client_dh;
+ tid_req->tidc_dh = tr_dh_dup(tidc->client_dh);
rc = tidc_fwd_request(tidc, tid_req, resp_handler, cookie);
goto cleanup;
goto cleanup;
}
cookie->thread_id=args->thread_id;
- if (0 > (rc = tidc_fwd_request(tidc, args->fwd_req, &tr_tidc_resp_handler, (void *)cookie))) {
+ if (0 > (rc = tidc_fwd_request(tidc, args->fwd_req, tr_tidc_resp_handler, (void *)cookie))) {
tr_notice("Error from tidc_fwd_request, rc = %d.", rc);
success=0;
goto cleanup;
}
aaa_cookie[n_aaa]->mq=mq;
aaa_cookie[n_aaa]->aaa_hostname=tr_dup_name(this_aaa->hostname);
- aaa_cookie[n_aaa]->dh_params=tr_dup_dh_params(orig_req->tidc_dh);
+ aaa_cookie[n_aaa]->dh_params=tr_dh_dup(orig_req->tidc_dh);
aaa_cookie[n_aaa]->fwd_req=tid_dup_req(aaa_cookie, fwd_req);
/* Take the cookie out of tmp_ctx before starting thread. If thread starts, it becomes