HIPL

Merge lp:~diego-biurrun/hipl/unused_code into lp:hipl

  1. unused_code
  2. Merge into trunk
Proposed by Diego Biurrun
Status: Needs review
Proposed branch: lp:~diego-biurrun/hipl/unused_code
Merge into: lp:hipl
Diff against target: 1075 lines (+4/-826)
18 files modified
Makefile.am (+0/-1)
hipd/esp_prot_hipd_msg.c (+0/-81)
hipd/esp_prot_hipd_msg.h (+0/-2)
hipd/pkt_handling.c (+0/-20)
hipd/pkt_handling.h (+0/-6)
hipd/registration.c (+0/-33)
hipd/registration.h (+0/-1)
hipd/user_ipsec_hipd_msg.c (+0/-217)
hipd/user_ipsec_hipd_msg.h (+0/-17)
hipd/user_ipsec_sadb_api.c (+0/-133)
hipd/user_ipsec_sadb_api.h (+0/-55)
lib/core/builder.c (+0/-62)
lib/core/builder.h (+0/-3)
lib/core/certtools.c (+0/-133)
lib/core/certtools.h (+0/-5)
lib/core/modularization.c (+1/-2)
lib/tool/xfrmapi.c (+0/-2)
test/certteststub.c (+3/-53)
To merge this branch: bzr merge lp:~diego-biurrun/hipl/unused_code
Reviewer Review Type Date Requested Status
René Hummen Disapprove
Miika Komu Needs Information
Review via email: mp+79595@code.launchpad.net

Description of the change

This is a quick respin of an old branch I had lying around which eliminates some dead code. I would assume that further inspection could reveal even more dead code, but this branch drops 800 lines, which is a considerable amount already.

To post a comment you must log in.
Revision history for this message
Miika Komu (miika-iki) wrote :

You're killing userspace IPsec and certificate code?

review: Needs Information
Reply
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 18, 2011 at 08:44:25AM +0000, Miika Komu wrote:
> Review: Needs Information
>
> You're killing userspace IPsec and certificate code?

I kill unused code without second thoughts towards its (theoretical) use ;)

Diego

Reply
Revision history for this message
René Hummen (rene-hummen) wrote :

I don't have the time right now to check this merge proposal, but it proposes to remove some esp token and userspace ipsec code. So, I have to disapprove the proposal until I had a closer look at it.

review: Disapprove
Reply
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 25, 2011 at 12:32:33PM +0000, René Hummen wrote:
> Review: Disapprove
>
> I don't have the time right now to check this merge proposal, but it
> proposes to remove some esp token and userspace ipsec code. So, I have
> to disapprove the proposal until I had a closer look at it.

Could you have another look and/or be more specific which code must
stay and which can go?

Diego

Reply
Revision history for this message
Henrik Ziegeldorf (henrik-ziegeldorf) wrote :

> You're killing userspace IPsec and certificate code?

Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.

I'd propose the following:
1) You prepare another merge-proposal without the certificate stuff.
2) I'll merge the PISA stuff (after it has been approved)
3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

Reply
Revision history for this message
Miika Komu (miika-iki) wrote :

I think the removal of userspace IPsec stuff should be separated as well.

Reply
Revision history for this message
Diego Biurrun (diego-biurrun) wrote :

On Wed, Dec 21, 2011 at 09:32:23AM +0000, Henrik Ziegeldorf wrote:
> > You're killing userspace IPsec and certificate code?
>
> Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
> I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
>
> I'd propose the following:
> 1) You prepare another merge-proposal without the certificate stuff.
> 2) I'll merge the PISA stuff (after it has been approved)
> 3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

I will but it would be simpler if you guys could just approve or disapprove
certain parts directly. I have committed it in several small parts, just
go and look at the Launchpad web frontend for merge request handling.

Updated request coming up in a moment.

Diego

Reply

Unmerged revisions

5855. By Diego Biurrun

Merge current HEAD.

5854. By Diego Biurrun

Merge current HEAD.

5853. By Diego Biurrun

Merge current HEAD.

5852. By Diego Biurrun

Restore no longer unused modularization functions.

5851. By Diego Biurrun

Merge current HEAD.

5850. By Diego Biurrun

Merge current HEAD.

5849. By Diego Biurrun

Remove unused function hip_cert_spki_send_to_verification().

5848. By Diego Biurrun

Remove unused (outside of test programs) x509 code.

5847. By Diego Biurrun

Remove unused function esp_prot_sa_add().

5846. By Diego Biurrun

Remove unused function hip_del_pending_request().

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Makefile.am'
2--- Makefile.am 2011-10-17 18:14:10 +0000
3+++ Makefile.am 2011-10-17 18:32:42 +0000
4@@ -121,7 +121,6 @@
5 hipd/registration.c \
6 hipd/user.c \
7 hipd/user_ipsec_hipd_msg.c \
8- hipd/user_ipsec_sadb_api.c \
9 modules/heartbeat/hipd/heartbeat.c \
10 modules/heartbeat_update/hipd/hb_update.c \
11 modules/midauth/lib/midauth_builder.c \
12
13=== modified file 'hipd/esp_prot_hipd_msg.c'
14--- hipd/esp_prot_hipd_msg.c 2011-10-17 15:22:35 +0000
15+++ hipd/esp_prot_hipd_msg.c 2011-10-17 18:32:42 +0000
16@@ -459,87 +459,6 @@
17 return err;
18 }
19
20-/** sets the ESP protection extension transform and anchor in user-messages
21- * sent to the firewall in order to add a new SA
22- *
23- * @param entry the host association entry for this connection
24- * @param msg the user-message sent by the firewall
25- * @param direction direction of the entry to be created
26- * @param update this was triggered by an update
27- * @return 0 if ok, != 0 else
28- */
29-int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
30- const int direction, const int update)
31-{
32- unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL;
33- int hash_length = 0;
34- uint32_t hash_item_length = 0;
35- int err = 0, i;
36-
37- HIP_DEBUG("direction: %i\n", direction);
38-
39- // we always tell the negotiated transform to the firewall
40- HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform);
41- HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
42- HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1,
43- "build param contents failed\n");
44-
45- // but we only transmit the anchor to the firewall, if the esp extension is used
46- if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
47- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
48-
49- // choose the anchor depending on the direction and update or add
50- if (update) {
51- if (direction == HIP_SPI_DIRECTION_OUT) {
52- HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1,
53- "hchain anchor expected, but not present\n");
54-
55- hash_item_length = entry->esp_local_update_length;
56- } else {
57- HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1,
58- "hchain anchor expected, but not present\n");
59-
60- hash_item_length = entry->esp_peer_update_length;
61- }
62- } else {
63- if (direction == HIP_SPI_DIRECTION_OUT) {
64- HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1,
65- "hchain anchor expected, but not present\n");
66-
67- hash_item_length = entry->esp_local_active_length;
68- } else {
69- HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1,
70- "hchain anchor expected, but not present\n");
71-
72- hash_item_length = entry->esp_peer_active_length;
73- }
74- }
75-
76- // add parameters to hipfw message
77- HIP_IFEL(hip_build_param_contents(msg, &hash_item_length,
78- HIP_PARAM_ITEM_LENGTH, sizeof(uint32_t)), -1,
79- "build param contents failed\n");
80-
81- // add parameters to hipfw message
82- HIP_IFEL(hip_build_param_contents(msg, &esp_prot_num_parallel_hchains,
83- HIP_PARAM_UINT, sizeof(uint16_t)), -1,
84- "build param contents failed\n");
85-
86- for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
87- HIP_HEXDUMP("esp protection anchor is ", &hchain_anchors[i][0], hash_length);
88-
89- HIP_IFEL(hip_build_param_contents(msg, &hchain_anchors[i][0],
90- HIP_PARAM_HCHAIN_ANCHOR, hash_length), -1,
91- "build param contents failed\n");
92- }
93- } else {
94- HIP_DEBUG("no anchor added, transform UNUSED\n");
95- }
96-
97-out_err:
98- return err;
99-}
100-
101 /********************* BEX parameters *********************/
102
103 /**
104
105=== modified file 'hipd/esp_prot_hipd_msg.h'
106--- hipd/esp_prot_hipd_msg.h 2011-10-17 15:22:35 +0000
107+++ hipd/esp_prot_hipd_msg.h 2011-10-17 18:32:42 +0000
108@@ -47,8 +47,6 @@
109 int esp_prot_set_preferred_transforms(const struct hip_common *msg);
110 int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);
111 int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);
112-int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
113- const int direction, const int update);
114 int esp_prot_r1_add_transforms(struct hip_common *msg);
115 int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,
116 UNUSED const enum hip_state ha_state,
117
118=== modified file 'hipd/pkt_handling.c'
119--- hipd/pkt_handling.c 2011-10-17 15:22:35 +0000
120+++ hipd/pkt_handling.c 2011-10-17 18:32:42 +0000
121@@ -101,26 +101,6 @@
122 }
123
124 /**
125- * Remove a handle function from the list.
126- *
127- * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
128- * @param ha_state The host association state (RFC 5201, 4.4.1.)
129- * @param handle_function Pointer to the function which should be unregistered.
130- *
131- * @return Success = 0
132- * Error = -1
133- */
134-int hip_unregister_handle_function(const uint8_t packet_type,
135- const enum hip_state ha_state,
136- int (*handle_function)(const uint8_t packet_type,
137- const enum hip_state ha_state,
138- struct hip_packet_context *ctx))
139-{
140- return lmod_unregister_function(hip_handle_functions[packet_type][ha_state],
141- handle_function);
142-}
143-
144-/**
145 * Run all handle functions for specified combination from packet type and host
146 * association state.
147 *
148
149=== modified file 'hipd/pkt_handling.h'
150--- hipd/pkt_handling.h 2011-10-17 15:22:35 +0000
151+++ hipd/pkt_handling.h 2011-10-17 18:32:42 +0000
152@@ -38,12 +38,6 @@
153 struct hip_packet_context *ctx),
154 const uint16_t priority);
155
156-int hip_unregister_handle_function(const uint8_t packet_type,
157- const enum hip_state ha_state,
158- int (*handle_function)(const uint8_t packet_type,
159- const enum hip_state ha_state,
160- struct hip_packet_context *ctx));
161-
162 int hip_run_handle_functions(const uint8_t packet_type,
163 const enum hip_state ha_state,
164 struct hip_packet_context *ctx);
165
166=== modified file 'hipd/registration.c'
167--- hipd/registration.c 2011-08-15 14:11:56 +0000
168+++ hipd/registration.c 2011-10-17 18:32:42 +0000
169@@ -112,7 +112,6 @@
170 const struct hip_ll_node *iter = NULL;
171 struct hip_pending_request *request = NULL;
172
173- /* See hip_del_pending_request() for a comment. */
174 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
175 request = iter->ptr;
176 if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) {
177@@ -233,37 +232,6 @@
178 }
179
180 /**
181- * Deletes a pending request. Deletes a pending request identified by the host
182- * association @c entry from the linked list @c pending_requests.
183- *
184- * @param entry a pointer to the host association to which the pending request
185- * to be deleted is bound.
186- * @return zero if the pending request was succesfully deleted, -1
187- * otherwise.
188- */
189-int hip_del_pending_request(struct hip_hadb_state *entry)
190-{
191- int idx = 0;
192- const struct hip_ll_node *iter = NULL;
193-
194- /* Iterate through the linked list. The iterator itself can't be used
195- * for deleting nodes from the list. Therefore, we just get the index of
196- * the element to be deleted using the iterator and then call
197- * hip_ll_del() to do the actual deletion. */
198- while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
199- if (((struct hip_pending_request *) (iter->ptr))->entry == entry) {
200- HIP_DEBUG("Deleting and freeing a pending request at " \
201- "index %u.\n", idx);
202- hip_ll_del(&pending_requests, idx, free);
203- return 0;
204- }
205- idx++;
206- }
207-
208- return -1;
209-}
210-
211-/**
212 * Deletes a pending request of given type. Deletes a pending request identified
213 * by the host association @c entry and matching the given type @c reg_type from
214 * the linked list @c pending_requests.
215@@ -281,7 +249,6 @@
216 const struct hip_ll_node *iter = NULL;
217 struct hip_pending_request *request = NULL;
218
219- /* See hip_del_pending_request() for a comment. */
220 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
221 request = iter->ptr;
222 if (request->entry == entry && request->reg_type == reg_type) {
223
224=== modified file 'hipd/registration.h'
225--- hipd/registration.h 2011-08-15 14:11:56 +0000
226+++ hipd/registration.h 2011-10-17 18:32:42 +0000
227@@ -64,7 +64,6 @@
228 int hip_get_active_services(struct hip_srv *active_services,
229 unsigned int *active_service_count);
230 int hip_add_pending_request(struct hip_pending_request *request);
231-int hip_del_pending_request(struct hip_hadb_state *entry);
232 int hip_replace_pending_requests(struct hip_hadb_state *entry_old,
233 struct hip_hadb_state *entry_new);
234 int hip_handle_param_reg_info(struct hip_hadb_state *entry,
235
236=== modified file 'hipd/user_ipsec_hipd_msg.c'
237--- hipd/user_ipsec_hipd_msg.c 2011-08-15 14:11:56 +0000
238+++ hipd/user_ipsec_hipd_msg.c 2011-10-17 18:32:42 +0000
239@@ -43,7 +43,6 @@
240 #include "esp_prot_hipd_msg.h"
241 #include "hipd.h"
242 #include "init.h"
243-#include "user_ipsec_sadb_api.h"
244 #include "user_ipsec_hipd_msg.h"
245
246
247@@ -81,219 +80,3 @@
248
249 return err;
250 }
251-
252-/** creates a user-message to add a SA to userspace IPsec
253- *
254- * @param saddr outer globally routable source ip address
255- * @param daddr outer globally routable destination ip address
256- * @param src_hit inner source address
257- * @param dst_hit inner destination address
258- * @param spi ipsec spi for demultiplexing
259- * @param ealg crypto transform to be used for the SA
260- * @param enckey raw encryption key
261- * @param authkey raw authentication key
262- * @param retransmission notification if this event is due to retransmission
263- * @param direction represents inbound or outbound direction
264- * @param update notification if this event derives from an update
265- * @param entry host association entry for this connection
266- * @return the msg, NULL if an error occurred
267- */
268-struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
269- const struct in6_addr *daddr,
270- const struct in6_addr *src_hit,
271- const struct in6_addr *dst_hit,
272- const uint32_t spi, const int ealg,
273- const struct hip_crypto_key *enckey,
274- const struct hip_crypto_key *authkey,
275- const int retransmission,
276- const int direction, const int update,
277- struct hip_hadb_state *entry)
278-{
279- struct hip_common *msg = NULL;
280- int err = 0;
281-
282- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
283- "alloc memory for adding sa entry\n");
284-
285- hip_msg_init(msg);
286-
287- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_ADD_SA, 0), -1,
288- "build hdr failed\n");
289-
290- HIP_DEBUG_IN6ADDR("Source IP address: ", saddr);
291- HIP_IFEL(hip_build_param_contents(msg, saddr,
292- HIP_PARAM_IPV6_ADDR,
293- sizeof(struct in6_addr)), -1,
294- "build param contents failed\n");
295-
296- HIP_DEBUG_IN6ADDR("Destination IP address : ", daddr);
297- HIP_IFEL(hip_build_param_contents(msg, daddr,
298- HIP_PARAM_IPV6_ADDR,
299- sizeof(struct in6_addr)), -1,
300- "build param contents failed\n");
301-
302- HIP_DEBUG_HIT("Source HIT: ", src_hit);
303- HIP_IFEL(hip_build_param_contents(msg, src_hit, HIP_PARAM_HIT,
304- sizeof(struct in6_addr)), -1,
305- "build param contents failed\n");
306-
307- HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
308- HIP_IFEL(hip_build_param_contents(msg, dst_hit, HIP_PARAM_HIT,
309- sizeof(struct in6_addr)), -1,
310- "build param contents failed\n");
311-
312- HIP_DEBUG("the spi value is : %x \n", spi);
313- HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
314- sizeof(uint32_t)), -1,
315- "build param contents failed\n");
316-
317- HIP_DEBUG("the nat_mode value is %u \n", entry->nat_mode);
318- HIP_IFEL(hip_build_param_contents(msg, &entry->nat_mode, HIP_PARAM_UINT,
319- sizeof(uint8_t)), -1,
320- "build param contents failed\n");
321-
322- HIP_DEBUG("the local_port value is %u \n", entry->local_udp_port);
323- HIP_IFEL(hip_build_param_contents(msg, &entry->local_udp_port,
324- HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
325-
326- HIP_DEBUG("the peer_port value is %u \n", entry->peer_udp_port);
327- HIP_IFEL(hip_build_param_contents(msg, &entry->peer_udp_port,
328- HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
329-
330- // params needed by the esp protection extension
331- HIP_IFEL(esp_prot_sa_add(entry, msg, direction, update), -1,
332- "failed to add esp prot params\n");
333-
334- HIP_HEXDUMP("crypto key :", enckey, sizeof(struct hip_crypto_key));
335- HIP_IFEL(hip_build_param_contents(msg,
336- enckey,
337- HIP_PARAM_KEYS,
338- sizeof(struct hip_crypto_key)), -1,
339- "build param contents failed\n");
340-
341- HIP_HEXDUMP("authen key :", authkey, sizeof(struct hip_crypto_key));
342- HIP_IFEL(hip_build_param_contents(msg,
343- authkey,
344- HIP_PARAM_KEYS,
345- sizeof(struct hip_crypto_key)), -1,
346- "build param contents failed\n");
347-
348- HIP_DEBUG("ealg value is %d \n", ealg);
349- HIP_IFEL(hip_build_param_contents(msg, &ealg, HIP_PARAM_INT,
350- sizeof(int)), -1,
351- "build param contents failed\n");
352-
353- HIP_DEBUG("retransmission value is %d \n", retransmission);
354- HIP_IFEL(hip_build_param_contents(msg, &retransmission,
355- HIP_PARAM_INT, sizeof(int)), -1,
356- "build param contents failed\n");
357-
358- HIP_DEBUG("the direction value is %d \n", direction);
359- HIP_IFEL(hip_build_param_contents(msg, &direction,
360- HIP_PARAM_INT,
361- sizeof(int)), -1,
362- "build param contents failed\n");
363-
364- HIP_DEBUG("the update value is %d \n", update);
365- HIP_IFEL(hip_build_param_contents(msg, &update, HIP_PARAM_INT,
366- sizeof(int)), -1,
367- "build param contents failed\n");
368-
369-out_err:
370- if (err) {
371- free(msg);
372- msg = NULL;
373- }
374-
375- return msg;
376-}
377-
378-/** creates a user-message to delete a SA from userspace IPsec
379- *
380- * @param spi ipsec spi for demultiplexing
381- * @param peer_addr outer globally routable source ip address
382- * @param dst_addr outer globally routable destination ip address
383- * @param family protocol family of above addresses
384- * @param src_port local port for this host association
385- * @param dst_port peer port for this host association
386- * @return the msg, NULL if an error occured
387- */
388-struct hip_common *create_delete_sa_msg(const uint32_t spi,
389- const struct in6_addr *peer_addr,
390- const struct in6_addr *dst_addr,
391- const int family,
392- const int src_port,
393- const int dst_port)
394-{
395- struct hip_common *msg = NULL;
396- int err = 0;
397-
398- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
399- "alloc memory for adding sa entry\n");
400-
401- hip_msg_init(msg);
402-
403- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_DELETE_SA, 0), -1,
404- "build hdr failed\n");
405-
406- HIP_DEBUG("spi value: %u\n", spi);
407- HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
408- sizeof(uint32_t)), -1, "build param contents failed\n");
409-
410- HIP_DEBUG_IN6ADDR("peer address: ", peer_addr);
411- HIP_IFEL(hip_build_param_contents(msg, peer_addr, HIP_PARAM_IPV6_ADDR,
412- sizeof(struct in6_addr)), -1, "build param contents failed\n");
413-
414- HIP_DEBUG_IN6ADDR("destination address: ", dst_addr);
415- HIP_IFEL(hip_build_param_contents(msg, dst_addr, HIP_PARAM_IPV6_ADDR,
416- sizeof(struct in6_addr)), -1, "build param contents failed\n");
417-
418- HIP_DEBUG("family: %i\n", family);
419- HIP_IFEL(hip_build_param_contents(msg, &family, HIP_PARAM_INT,
420- sizeof(int)), -1, "build param contents failed\n");
421-
422- HIP_DEBUG("src_port: %i\n", src_port);
423- HIP_IFEL(hip_build_param_contents(msg, &src_port, HIP_PARAM_INT,
424- sizeof(int)), -1, "build param contents failed\n");
425-
426- HIP_DEBUG("src_port: %i\n", dst_port);
427- HIP_IFEL(hip_build_param_contents(msg, &dst_port, HIP_PARAM_INT,
428- sizeof(int)), -1, "build param contents failed\n");
429-
430-out_err:
431- if (err) {
432- free(msg);
433- msg = NULL;
434- }
435-
436- return msg;
437-}
438-
439-/**
440- * create a user-message to flush all SAs from userspace IPsec
441- *
442- * @return the msg, NULL if an error occured
443- */
444-struct hip_common *create_flush_all_sa_msg(void)
445-{
446- struct hip_common *msg = NULL;
447- int err = 0;
448-
449- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
450- "alloc memory for adding sa entry\n");
451-
452- hip_msg_init(msg);
453-
454- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_FLUSH_ALL_SA, 0), -1,
455- "build hdr failed\n");
456-
457- // this triggers the flushing without specifying any parameters
458-
459-out_err:
460- if (err) {
461- free(msg);
462- msg = NULL;
463- }
464-
465- return msg;
466-}
467
468=== modified file 'hipd/user_ipsec_hipd_msg.h'
469--- hipd/user_ipsec_hipd_msg.h 2011-08-15 14:11:56 +0000
470+++ hipd/user_ipsec_hipd_msg.h 2011-10-17 18:32:42 +0000
471@@ -39,22 +39,5 @@
472 #include "lib/core/protodefs.h"
473
474 int hip_userspace_ipsec_activate(const struct hip_common *msg);
475-struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
476- const struct in6_addr *daddr,
477- const struct in6_addr *src_hit,
478- const struct in6_addr *dst_hit,
479- const uint32_t spi, const int ealg,
480- const struct hip_crypto_key *enckey,
481- const struct hip_crypto_key *authkey,
482- const int retransmission,
483- const int direction, const int update,
484- struct hip_hadb_state *entry);
485-struct hip_common *create_delete_sa_msg(const uint32_t spi,
486- const struct in6_addr *peer_addr,
487- const struct in6_addr *dst_addr,
488- const int family,
489- const int src_port,
490- const int dst_port);
491-struct hip_common *create_flush_all_sa_msg(void);
492
493 #endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */
494
495=== removed file 'hipd/user_ipsec_sadb_api.c'
496--- hipd/user_ipsec_sadb_api.c 2011-08-15 14:11:56 +0000
497+++ hipd/user_ipsec_sadb_api.c 1970-01-01 00:00:00 +0000
498@@ -1,133 +0,0 @@
499-/*
500- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
501- *
502- * Permission is hereby granted, free of charge, to any person
503- * obtaining a copy of this software and associated documentation
504- * files (the "Software"), to deal in the Software without
505- * restriction, including without limitation the rights to use,
506- * copy, modify, merge, publish, distribute, sublicense, and/or sell
507- * copies of the Software, and to permit persons to whom the
508- * Software is furnished to do so, subject to the following
509- * conditions:
510- *
511- * The above copyright notice and this permission notice shall be
512- * included in all copies or substantial portions of the Software.
513- *
514- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
515- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
516- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
517- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
518- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
519- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
520- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
521- * OTHER DEALINGS IN THE SOFTWARE.
522- */
523-
524-/**
525- * @file
526- * Provides the API used by the hipd to set up and maintain the
527- * userspace IPsec state in the hipfw.
528- *
529- * @brief API used by the hipd to set up and maintain userspace IPsec state
530- */
531-
532-#include <stdint.h>
533-#include <arpa/inet.h>
534-#include <netinet/in.h>
535-
536-#include "lib/core/debug.h"
537-#include "lib/core/icomm.h"
538-#include "lib/core/ife.h"
539-#include "lib/core/prefix.h"
540-#include "lib/core/protodefs.h"
541-#include "lib/core/state.h"
542-#include "user.h"
543-#include "user_ipsec_hipd_msg.h"
544-#include "user_ipsec_sadb_api.h"
545-
546-
547-/** generic send function used to send the below created messages
548- *
549- * @param msg the message to be sent
550- * @return 0, if correct, else != 0
551- */
552-static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg)
553-{
554- struct sockaddr_in6 hip_fw_addr;
555- struct in6_addr loopback = in6addr_loopback;
556- int err = 0;
557-
558- HIP_ASSERT(msg != NULL);
559-
560- // destination is firewall
561- hip_fw_addr.sin6_family = AF_INET6;
562- hip_fw_addr.sin6_port = htons(HIP_FIREWALL_PORT);
563- ipv6_addr_copy(&hip_fw_addr.sin6_addr, &loopback);
564-
565- err = hip_sendto_user(msg, (struct sockaddr *) &hip_fw_addr);
566- if (err < 0) {
567- HIP_ERROR("sending of message to firewall failed\n");
568-
569- err = -1;
570- goto out_err;
571- } else {
572- HIP_DEBUG("sending of message to firewall successful\n");
573-
574- // this is needed if we want to use HIP_IFEL
575- err = 0;
576- }
577-
578-out_err:
579- return err;
580-}
581-
582-/** adds a new SA entry for the specified direction to the sadb in userspace ipsec
583- * @note If you make changes to this function, please change also hip_add_sa()
584- *
585- * @param saddr outer globally routable source ip address
586- * @param daddr outer globally routable destination ip address
587- * @param src_hit inner source address
588- * @param dst_hit inner destination address
589- * @param spi ipsec spi for demultiplexing
590- * @param ealg crypto transform to be used for the SA
591- * @param enckey raw encryption key
592- * @param authkey raw authentication key
593- * @param retransmission notification if this event is due to retransmission
594- * @param direction represents inbound or outbound direction
595- * @param update notification if this event derives from an update
596- * @param entry host association entry for this connection
597- * @return 0, if correct, otherwise -1
598- */
599-uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
600- const struct in6_addr *daddr,
601- const struct in6_addr *src_hit,
602- const struct in6_addr *dst_hit,
603- const uint32_t spi, const int ealg,
604- const struct hip_crypto_key *enckey,
605- const struct hip_crypto_key *authkey,
606- const int retransmission,
607- const int direction, const int update,
608- struct hip_hadb_state *entry)
609-{
610- struct hip_common *msg = NULL;
611- int err = 0;
612-
613- HIP_ASSERT(spi != 0);
614-
615- HIP_IFEL(entry->disable_sas == 1, 0, "SA creation disabled\n");
616-
617- if (direction == HIP_SPI_DIRECTION_OUT) {
618- entry->outbound_sa_count++;
619- } else {
620- entry->inbound_sa_count++;
621- }
622-
623- HIP_IFEL(!(msg = create_add_sa_msg(saddr, daddr, src_hit, dst_hit, spi, ealg, enckey,
624- authkey, retransmission, direction, update, entry)), -1,
625- "failed to create add_sa message\n");
626-
627- HIP_IFEL(hip_userspace_ipsec_send_to_fw(msg), -1, "failed to send msg to fw\n");
628-
629-out_err:
630- return err;
631-}
632
633=== removed file 'hipd/user_ipsec_sadb_api.h'
634--- hipd/user_ipsec_sadb_api.h 2011-08-15 14:11:56 +0000
635+++ hipd/user_ipsec_sadb_api.h 1970-01-01 00:00:00 +0000
636@@ -1,55 +0,0 @@
637-/*
638- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
639- *
640- * Permission is hereby granted, free of charge, to any person
641- * obtaining a copy of this software and associated documentation
642- * files (the "Software"), to deal in the Software without
643- * restriction, including without limitation the rights to use,
644- * copy, modify, merge, publish, distribute, sublicense, and/or sell
645- * copies of the Software, and to permit persons to whom the
646- * Software is furnished to do so, subject to the following
647- * conditions:
648- *
649- * The above copyright notice and this permission notice shall be
650- * included in all copies or substantial portions of the Software.
651- *
652- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
653- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
654- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
655- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
656- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
657- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
658- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
659- * OTHER DEALINGS IN THE SOFTWARE.
660- */
661-
662-/**
663- * @file
664- * Provides the API used by the hipd to set up and maintain the
665- * userspace IPsec state in the hipfw.
666- *
667- * @brief API used by the hipd to set up and maintain userspace IPsec state
668- */
669-
670-#ifndef HIP_HIPD_USER_IPSEC_SADB_API_H
671-#define HIP_HIPD_USER_IPSEC_SADB_API_H
672-
673-#include <stdint.h>
674-#include <netinet/in.h>
675-
676-#include "lib/core/protodefs.h"
677-
678-uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
679- const struct in6_addr *daddr,
680- const struct in6_addr *src_hit,
681- const struct in6_addr *dst_hit,
682- const uint32_t spi, const int ealg,
683- const struct hip_crypto_key *enckey,
684- const struct hip_crypto_key *authkey,
685- const int retransmission,
686- const int direction, const int update,
687- struct hip_hadb_state *entry);
688-
689-int hip_userspace_ipsec_setup_default_sp_prefix_pair(void);
690-
691-#endif /* HIP_HIPD_USER_IPSEC_SADB_API_H */
692
693=== modified file 'lib/core/builder.c'
694--- lib/core/builder.c 2011-08-15 14:11:56 +0000
695+++ lib/core/builder.c 2011-10-17 18:32:42 +0000
696@@ -918,18 +918,6 @@
697 * @return pointer to the contents of the tlv_common (just after the
698 * the type and length fields)
699 */
700-void *hip_get_param_contents_direct_readwrite(void *tlv_common)
701-{
702- return ((uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
703-}
704-
705-/**
706- * hip_get_param_contents_direct - get parameter contents direct from TLV
707- *
708- * @param tlv_common pointer to a parameter
709- * @return pointer to the contents of the tlv_common (just after the
710- * the type and length fields)
711- */
712 const void *hip_get_param_contents_direct(const void *tlv_common)
713 {
714 return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
715@@ -3373,56 +3361,6 @@
716 }
717
718 /**
719- * Build and append a X509 certiticate request parameter into a HIP control
720- * message (on-the-wire)
721- *
722- * @param msg a pointer to the message where the parameter will be
723- * appended
724- * @param addr the subject for the certificate
725- * @return zero on success, or negative on failure
726- * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
727- *
728- */
729-int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr *addr)
730-{
731- struct hip_cert_x509_req subj;
732-
733- hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
734- hip_calc_param_len((struct hip_tlv_common *) &subj,
735- sizeof(struct hip_cert_x509_req)
736- - sizeof(struct hip_tlv_common));
737- ipv6_addr_copy(&subj.addr, addr);
738-
739- return hip_build_param(msg, &subj);
740-}
741-
742-/**
743- * build and append a X509 certificate verification parameter into a
744- * HIP control message (on-the-wire)
745- *
746- * @param msg a pointer to the message where the parameter will be
747- * appended
748- * @param der der field
749- * @param len length of the der field in bytes
750- * @return zero on success, or negative on failure
751- * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
752- *
753- */
754-int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len)
755-{
756- struct hip_cert_x509_resp subj;
757-
758- hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
759- hip_calc_param_len((struct hip_tlv_common *) &subj,
760- sizeof(struct hip_cert_x509_resp)
761- - sizeof(struct hip_tlv_common));
762- memcpy(&subj.der, der, len);
763- subj.der_len = len;
764-
765- return hip_build_param(msg, &subj);
766-}
767-
768-/**
769 * build and append a X509 certificate response into a HIP control message
770 * (on-the-wire)
771 *
772
773=== modified file 'lib/core/builder.h'
774--- lib/core/builder.h 2011-08-15 14:11:56 +0000
775+++ lib/core/builder.h 2011-10-17 18:32:42 +0000
776@@ -155,9 +155,7 @@
777 const struct in6_addr rvs_addresses[]);
778 int hip_build_param_cert_spki_info(struct hip_common *msg,
779 struct hip_cert_spki_info *cert_info);
780-int hip_build_param_cert_x509_req(struct hip_common *, struct in6_addr *);
781 int hip_build_param_cert_x509_resp(struct hip_common *, char *, int);
782-int hip_build_param_cert_x509_ver(struct hip_common *, char *, int);
783
784 int hip_build_param_hit_to_ip_set(struct hip_common *, const char *);
785 int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err);
786@@ -187,7 +185,6 @@
787 void *hip_get_param_readwrite(struct hip_common *, hip_tlv);
788 const void *hip_get_param_contents(const struct hip_common *, hip_tlv);
789 const void *hip_get_param_contents_direct(const void *);
790-void *hip_get_param_contents_direct_readwrite(void *);
791 hip_tlv_len hip_get_param_contents_len(const void *);
792 int hip_get_param_host_id_di_type_len(const struct hip_host_id *,
793 const char **, int *);
794
795=== modified file 'lib/core/certtools.c'
796--- lib/core/certtools.c 2011-08-15 14:11:56 +0000
797+++ lib/core/certtools.c 2011-10-17 18:32:42 +0000
798@@ -624,139 +624,6 @@
799 return err;
800 }
801
802-/**
803- * Function that sends the given hip_cert_spki_info to the daemon to
804- * verification
805- *
806- * @param to_verification is the cert to be verified
807- *
808- * @return 0 if ok and negative if error or unsuccesfull.
809- *
810- * @note use hip_cert_spki_char2certinfo to build the hip_cert_spki_info
811- */
812-int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *to_verification)
813-{
814- int err = 0;
815- struct hip_common *msg;
816- const struct hip_cert_spki_info *returned;
817-
818- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
819- "Malloc for msg failed\n");
820- hip_msg_init(msg);
821- /* build the msg to be sent to the daemon */
822- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_SPKI_VERIFY, 0), -1,
823- "Failed to build user header\n");
824- HIP_IFEL(hip_build_param_cert_spki_info(msg, to_verification), -1,
825- "Failed to build cert_info\n");
826-
827- /* send and wait */
828- HIP_DEBUG("Sending request to verify SPKI cert to "
829- "daemon and waiting for answer\n");
830- hip_send_recv_daemon_info(msg, 0, 0);
831-
832- HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)),
833- -1, "No hip_cert_spki_info struct found from daemons msg\n");
834-
835- memcpy(to_verification, returned, sizeof(struct hip_cert_spki_info));
836-
837-out_err:
838- free(msg);
839- return err;
840-}
841-
842-/******************************************************************************
843- * FUNCTIONS FOR x509v3 *
844- ******************************************************************************/
845-
846-/**
847- * Function that requests for a certificate from daemon and gives it back.
848- *
849- * @param subject is the subjects HIT
850- *
851- * @param certificate is pointer to a buffer to which this function writes the completed cert
852- *
853- * @return positive on success negative otherwise
854- *
855- * @note The certificate is given in DER encoding
856- */
857-int hip_cert_x509v3_request_certificate(struct in6_addr *subject,
858- unsigned char *certificate)
859-{
860- int err = 0;
861- struct hip_common *msg;
862- const struct hip_cert_x509_resp *p;
863-
864- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
865- "Malloc for msg failed\n");
866- hip_msg_init(msg);
867- /* build the msg to be sent to the daemon */
868-
869- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
870- "Failed to build user header\n");
871- HIP_IFEL(hip_build_param_cert_x509_req(msg, subject), -1,
872- "Failed to build cert_info\n");
873- /* send and wait */
874- HIP_DEBUG("Sending request to sign x509 cert to "
875- "daemon and waiting for answer\n");
876- hip_send_recv_daemon_info(msg, 0, 0);
877- /* get the struct from the message sent back by the daemon */
878- HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
879- "No name x509 struct found\n");
880- memcpy(certificate, p->der, p->der_len);
881- err = p->der_len;
882-
883-out_err:
884- free(msg);
885- return err;
886-}
887-
888-/**
889- * Function that requests for a verification of a certificate from
890- * daemon and tells the result.
891- *
892- * @param certificate is pointer to a certificate to be verified
893- * @param len is the length of the cert in certificate parameter in bytes
894- *
895- * @return 0 on success negative otherwise
896- *
897- * @note give the certificate in PEM encoding
898- */
899-int hip_cert_x509v3_request_verification(unsigned char *certificate, int len)
900-{
901- int err = 0;
902- struct hip_common *msg;
903- const struct hip_cert_x509_resp *received;
904-
905- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
906- "Malloc for msg failed\n");
907- hip_msg_init(msg);
908-
909- /* build the msg to be sent to the daemon */
910- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_VERIFY, 0), -1,
911- "Failed to build user header\n");
912- HIP_IFEL(hip_build_param_cert_x509_ver(msg, (char *) certificate, len), -1,
913- "Failed to build cert_info\n");
914-
915- /* send and wait */
916- HIP_DEBUG("Sending request to verify x509 cert to "
917- "daemon and waiting for answer\n");
918- hip_send_recv_daemon_info(msg, 0, 0);
919-
920- /* get the struct from the message sent back by the daemon */
921- HIP_IFEL(!(received = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
922- "No x509 struct found\n");
923- err = hip_get_msg_err(msg);
924- if (err == 0) {
925- HIP_DEBUG("Verified successfully\n");
926- } else {
927- HIP_DEBUG("Verification failed\n");
928- }
929-
930-out_err:
931- free(msg);
932- return err;
933-}
934-
935 /*******************************************************************************
936 * UTILITARY FUNCTIONS *
937 *******************************************************************************/
938
939=== modified file 'lib/core/certtools.h'
940--- lib/core/certtools.h 2011-08-15 14:11:56 +0000
941+++ lib/core/certtools.h 2011-10-17 18:32:42 +0000
942@@ -64,11 +64,6 @@
943 const char *, struct in6_addr *,
944 time_t *, time_t *);
945 int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *);
946-int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *);
947-
948-/* x509v3 cert related functions */
949-int hip_cert_x509v3_request_certificate(struct in6_addr *, unsigned char *);
950-int hip_cert_x509v3_request_verification(unsigned char *, int);
951
952 /** Utilitary functions */
953 STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *);
954
955=== modified file 'lib/core/modularization.c'
956--- lib/core/modularization.c 2011-10-12 09:20:36 +0000
957+++ lib/core/modularization.c 2011-10-17 18:32:42 +0000
958@@ -95,8 +95,7 @@
959 /**
960 * List of parameter types.
961 *
962- * Used to track all registered parameter types. Each module which defines a new
963- * parameter type must register it using lmod_register_parameter_type.
964+ * Used to track all registered parameter types.
965 */
966 static struct hip_ll parameter_types;
967
968
969=== modified file 'lib/tool/xfrmapi.c'
970--- lib/tool/xfrmapi.c 2011-08-15 14:11:56 +0000
971+++ lib/tool/xfrmapi.c 2011-10-17 18:32:42 +0000
972@@ -701,8 +701,6 @@
973 * @param entry corresponding host association
974 * @return zero on success and non-zero on error
975 * @note IPv4 addresses in IPv6 mapped format
976- * @note If you make changes to this function, please change also
977- * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa().
978 */
979 uint32_t hip_add_sa(const struct in6_addr *saddr,
980 const struct in6_addr *daddr,
981
982=== modified file 'test/certteststub.c'
983--- test/certteststub.c 2011-08-15 14:11:56 +0000
984+++ test/certteststub.c 2011-10-17 18:32:42 +0000
985@@ -48,25 +48,18 @@
986 #include "lib/core/protodefs.h"
987
988
989-int main(int argc, char *argv[])
990+int main(void)
991 {
992- int err = 0, i = 0, len;
993+ int err = 0, i = 0;
994 struct hip_cert_spki_info *cert = NULL;
995 struct hip_cert_spki_info *to_verification = NULL;
996 time_t not_before = 0, not_after = 0;
997 struct hip_common *msg;
998 struct in6_addr *defhit;
999 char certificate[1024];
1000- unsigned char der_cert[1024];
1001 CONF *conf;
1002 CONF_VALUE *item;
1003- STACK_OF(CONF_VALUE) * sec = NULL;
1004- STACK_OF(CONF_VALUE) * sec_name = NULL;
1005-
1006- if (argc != 2) {
1007- printf("Usage: %s spki|x509\n", argv[0]);
1008- exit(EXIT_SUCCESS);
1009- }
1010+ STACK_OF(CONF_VALUE) * sec = NULL;
1011
1012 HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n");
1013 HIP_DEBUG("- Hipd has to run otherwise this will hang!\n");
1014@@ -78,10 +71,6 @@
1015 goto out_err;
1016 }
1017
1018- if (strcmp(argv[1], "spki")) {
1019- goto skip_spki;
1020- }
1021-
1022 HIP_DEBUG("Starting to test SPKI certficate tools\n");
1023
1024 cert = malloc(sizeof(struct hip_cert_spki_info));
1025@@ -142,51 +131,12 @@
1026 HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1,
1027 "Failed to construct the hip_cert_spki_info from certificate\n");
1028
1029- /*
1030- * below, commented out, is the daemons version of the verification
1031- * and below that is the lib version of the verification
1032- */
1033- /*
1034- * HIP_DEBUG("Sending the certificate to daemon for verification\n");
1035- *
1036- * HIP_IFEL(hip_cert_spki_send_to_verification(to_verification), -1,
1037- * "Failed in sending to verification\n");
1038- * HIP_IFEL(to_verification->success, -1,
1039- * "Verification was not successfull\n");
1040- * HIP_DEBUG("Verification was successfull (return value %d)\n",
1041- * to_verification->success);
1042- */
1043 /* Lets do the verification in library */
1044 HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1,
1045 "Verification was not succesfull\n");
1046 HIP_DEBUG("Verification was successfull (return value %d)\n",
1047 to_verification->success);
1048
1049- goto out_err;
1050-
1051-skip_spki:
1052- HIP_DEBUG("Starting to test x509v3 support\n");
1053-
1054- conf = hip_cert_open_conf();
1055- sec_name = hip_cert_read_conf_section("hip_x509v3_name", conf);
1056-
1057- for (i = 0; i < sk_CONF_VALUE_num(sec_name); i++) {
1058- item = sk_CONF_VALUE_value(sec_name, i);
1059- if (!strcmp(item->name, "issuerhit")) {
1060- err = inet_pton(AF_INET6, item->value, defhit);
1061- if (err < 1) {
1062- err = -1;
1063- goto out_err;
1064- }
1065- }
1066- }
1067- NCONF_free(conf);
1068- len = hip_cert_x509v3_request_certificate(defhit, der_cert);
1069-
1070- /** Now send it back for the verification */
1071- HIP_IFEL((err = hip_cert_x509v3_request_verification(der_cert, len) < 0),
1072- -1, "Failed to verify a certificate\n");
1073-
1074 out_err:
1075 HIP_DEBUG("If there was no errors above, \"everything\" is OK\n");
1076

Subscribers

People subscribed via source and target branches

to all changes: