Merge lp:~diego-biurrun/hipl/unused_code into lp:hipl

Proposed by Diego Biurrun on 2011-10-17
Status: Needs review
Proposed branch: lp:~diego-biurrun/hipl/unused_code
Merge into: lp:hipl
Diff against target: 1075 lines (+4/-826)
18 files modified
Makefile.am (+0/-1)
hipd/esp_prot_hipd_msg.c (+0/-81)
hipd/esp_prot_hipd_msg.h (+0/-2)
hipd/pkt_handling.c (+0/-20)
hipd/pkt_handling.h (+0/-6)
hipd/registration.c (+0/-33)
hipd/registration.h (+0/-1)
hipd/user_ipsec_hipd_msg.c (+0/-217)
hipd/user_ipsec_hipd_msg.h (+0/-17)
hipd/user_ipsec_sadb_api.c (+0/-133)
hipd/user_ipsec_sadb_api.h (+0/-55)
lib/core/builder.c (+0/-62)
lib/core/builder.h (+0/-3)
lib/core/certtools.c (+0/-133)
lib/core/certtools.h (+0/-5)
lib/core/modularization.c (+1/-2)
lib/tool/xfrmapi.c (+0/-2)
test/certteststub.c (+3/-53)
To merge this branch: bzr merge lp:~diego-biurrun/hipl/unused_code
Reviewer Review Type Date Requested Status
René Hummen Disapprove on 2011-10-25
Miika Komu 2011-10-17 Needs Information on 2011-10-18
Review via email: mp+79595@code.launchpad.net

Description of the change

This is a quick respin of an old branch I had lying around which eliminates some dead code. I would assume that further inspection could reveal even more dead code, but this branch drops 800 lines, which is a considerable amount already.

To post a comment you must log in.
Miika Komu (miika-iki) wrote :

You're killing userspace IPsec and certificate code?

review: Needs Information
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 18, 2011 at 08:44:25AM +0000, Miika Komu wrote:
> Review: Needs Information
>
> You're killing userspace IPsec and certificate code?

I kill unused code without second thoughts towards its (theoretical) use ;)

Diego

René Hummen (rene-hummen) wrote :

I don't have the time right now to check this merge proposal, but it proposes to remove some esp token and userspace ipsec code. So, I have to disapprove the proposal until I had a closer look at it.

review: Disapprove
Diego Biurrun (diego-biurrun) wrote :

On Tue, Oct 25, 2011 at 12:32:33PM +0000, René Hummen wrote:
> Review: Disapprove
>
> I don't have the time right now to check this merge proposal, but it
> proposes to remove some esp token and userspace ipsec code. So, I have
> to disapprove the proposal until I had a closer look at it.

Could you have another look and/or be more specific which code must
stay and which can go?

Diego

> You're killing userspace IPsec and certificate code?

Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.

I'd propose the following:
1) You prepare another merge-proposal without the certificate stuff.
2) I'll merge the PISA stuff (after it has been approved)
3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

Miika Komu (miika-iki) wrote :

I think the removal of userspace IPsec stuff should be separated as well.

Diego Biurrun (diego-biurrun) wrote :

On Wed, Dec 21, 2011 at 09:32:23AM +0000, Henrik Ziegeldorf wrote:
> > You're killing userspace IPsec and certificate code?
>
> Some of the certificate code (the X509 stuff) is used and significantly modified in my PISA branch.
> I don't use the SPKI stuff, though. However, I think there's more to remove there than proposed in this merge.
>
> I'd propose the following:
> 1) You prepare another merge-proposal without the certificate stuff.
> 2) I'll merge the PISA stuff (after it has been approved)
> 3) You do a second branch for removing unused certificate functionality (SPKI-related stuff), if nobody has compelling reasons to keep that stuff.

I will but it would be simpler if you guys could just approve or disapprove
certain parts directly. I have committed it in several small parts, just
go and look at the Launchpad web frontend for merge request handling.

Updated request coming up in a moment.

Diego

Unmerged revisions

5855. By Diego Biurrun on 2011-10-17

Merge current HEAD.

5854. By Diego Biurrun on 2011-10-17

Merge current HEAD.

5853. By Diego Biurrun on 2011-04-14

Merge current HEAD.

5852. By Diego Biurrun on 2011-04-14

Restore no longer unused modularization functions.

5851. By Diego Biurrun on 2011-04-14

Merge current HEAD.

5850. By Diego Biurrun on 2011-04-14

Merge current HEAD.

5849. By Diego Biurrun on 2011-04-05

Remove unused function hip_cert_spki_send_to_verification().

5848. By Diego Biurrun on 2011-04-05

Remove unused (outside of test programs) x509 code.

5847. By Diego Biurrun on 2011-04-05

Remove unused function esp_prot_sa_add().

5846. By Diego Biurrun on 2011-04-04

Remove unused function hip_del_pending_request().

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'Makefile.am'
2--- Makefile.am 2011-10-17 18:14:10 +0000
3+++ Makefile.am 2011-10-17 18:32:42 +0000
4@@ -121,7 +121,6 @@
5 hipd/registration.c \
6 hipd/user.c \
7 hipd/user_ipsec_hipd_msg.c \
8- hipd/user_ipsec_sadb_api.c \
9 modules/heartbeat/hipd/heartbeat.c \
10 modules/heartbeat_update/hipd/hb_update.c \
11 modules/midauth/lib/midauth_builder.c \
12
13=== modified file 'hipd/esp_prot_hipd_msg.c'
14--- hipd/esp_prot_hipd_msg.c 2011-10-17 15:22:35 +0000
15+++ hipd/esp_prot_hipd_msg.c 2011-10-17 18:32:42 +0000
16@@ -459,87 +459,6 @@
17 return err;
18 }
19
20-/** sets the ESP protection extension transform and anchor in user-messages
21- * sent to the firewall in order to add a new SA
22- *
23- * @param entry the host association entry for this connection
24- * @param msg the user-message sent by the firewall
25- * @param direction direction of the entry to be created
26- * @param update this was triggered by an update
27- * @return 0 if ok, != 0 else
28- */
29-int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
30- const int direction, const int update)
31-{
32- unsigned char (*hchain_anchors)[MAX_HASH_LENGTH] = NULL;
33- int hash_length = 0;
34- uint32_t hash_item_length = 0;
35- int err = 0, i;
36-
37- HIP_DEBUG("direction: %i\n", direction);
38-
39- // we always tell the negotiated transform to the firewall
40- HIP_DEBUG("esp protection transform is %u \n", entry->esp_prot_transform);
41- HIP_IFEL(hip_build_param_contents(msg, &entry->esp_prot_transform,
42- HIP_PARAM_ESP_PROT_TFM, sizeof(uint8_t)), -1,
43- "build param contents failed\n");
44-
45- // but we only transmit the anchor to the firewall, if the esp extension is used
46- if (entry->esp_prot_transform > ESP_PROT_TFM_UNUSED) {
47- hash_length = anchor_db_get_anchor_length(entry->esp_prot_transform);
48-
49- // choose the anchor depending on the direction and update or add
50- if (update) {
51- if (direction == HIP_SPI_DIRECTION_OUT) {
52- HIP_IFEL(!(hchain_anchors = entry->esp_local_update_anchors), -1,
53- "hchain anchor expected, but not present\n");
54-
55- hash_item_length = entry->esp_local_update_length;
56- } else {
57- HIP_IFEL(!(hchain_anchors = entry->esp_peer_update_anchors), -1,
58- "hchain anchor expected, but not present\n");
59-
60- hash_item_length = entry->esp_peer_update_length;
61- }
62- } else {
63- if (direction == HIP_SPI_DIRECTION_OUT) {
64- HIP_IFEL(!(hchain_anchors = entry->esp_local_anchors), -1,
65- "hchain anchor expected, but not present\n");
66-
67- hash_item_length = entry->esp_local_active_length;
68- } else {
69- HIP_IFEL(!(hchain_anchors = entry->esp_peer_anchors), -1,
70- "hchain anchor expected, but not present\n");
71-
72- hash_item_length = entry->esp_peer_active_length;
73- }
74- }
75-
76- // add parameters to hipfw message
77- HIP_IFEL(hip_build_param_contents(msg, &hash_item_length,
78- HIP_PARAM_ITEM_LENGTH, sizeof(uint32_t)), -1,
79- "build param contents failed\n");
80-
81- // add parameters to hipfw message
82- HIP_IFEL(hip_build_param_contents(msg, &esp_prot_num_parallel_hchains,
83- HIP_PARAM_UINT, sizeof(uint16_t)), -1,
84- "build param contents failed\n");
85-
86- for (i = 0; i < esp_prot_num_parallel_hchains; i++) {
87- HIP_HEXDUMP("esp protection anchor is ", &hchain_anchors[i][0], hash_length);
88-
89- HIP_IFEL(hip_build_param_contents(msg, &hchain_anchors[i][0],
90- HIP_PARAM_HCHAIN_ANCHOR, hash_length), -1,
91- "build param contents failed\n");
92- }
93- } else {
94- HIP_DEBUG("no anchor added, transform UNUSED\n");
95- }
96-
97-out_err:
98- return err;
99-}
100-
101 /********************* BEX parameters *********************/
102
103 /**
104
105=== modified file 'hipd/esp_prot_hipd_msg.h'
106--- hipd/esp_prot_hipd_msg.h 2011-10-17 15:22:35 +0000
107+++ hipd/esp_prot_hipd_msg.h 2011-10-17 18:32:42 +0000
108@@ -47,8 +47,6 @@
109 int esp_prot_set_preferred_transforms(const struct hip_common *msg);
110 int esp_prot_handle_trigger_update_msg(const struct hip_common *msg);
111 int esp_prot_handle_anchor_change_msg(const struct hip_common *msg);
112-int esp_prot_sa_add(struct hip_hadb_state *entry, struct hip_common *msg,
113- const int direction, const int update);
114 int esp_prot_r1_add_transforms(struct hip_common *msg);
115 int esp_prot_r1_handle_transforms(UNUSED const uint8_t packet_type,
116 UNUSED const enum hip_state ha_state,
117
118=== modified file 'hipd/pkt_handling.c'
119--- hipd/pkt_handling.c 2011-10-17 15:22:35 +0000
120+++ hipd/pkt_handling.c 2011-10-17 18:32:42 +0000
121@@ -101,26 +101,6 @@
122 }
123
124 /**
125- * Remove a handle function from the list.
126- *
127- * @param packet_type The packet type of the control message (RFC 5201, 5.3.)
128- * @param ha_state The host association state (RFC 5201, 4.4.1.)
129- * @param handle_function Pointer to the function which should be unregistered.
130- *
131- * @return Success = 0
132- * Error = -1
133- */
134-int hip_unregister_handle_function(const uint8_t packet_type,
135- const enum hip_state ha_state,
136- int (*handle_function)(const uint8_t packet_type,
137- const enum hip_state ha_state,
138- struct hip_packet_context *ctx))
139-{
140- return lmod_unregister_function(hip_handle_functions[packet_type][ha_state],
141- handle_function);
142-}
143-
144-/**
145 * Run all handle functions for specified combination from packet type and host
146 * association state.
147 *
148
149=== modified file 'hipd/pkt_handling.h'
150--- hipd/pkt_handling.h 2011-10-17 15:22:35 +0000
151+++ hipd/pkt_handling.h 2011-10-17 18:32:42 +0000
152@@ -38,12 +38,6 @@
153 struct hip_packet_context *ctx),
154 const uint16_t priority);
155
156-int hip_unregister_handle_function(const uint8_t packet_type,
157- const enum hip_state ha_state,
158- int (*handle_function)(const uint8_t packet_type,
159- const enum hip_state ha_state,
160- struct hip_packet_context *ctx));
161-
162 int hip_run_handle_functions(const uint8_t packet_type,
163 const enum hip_state ha_state,
164 struct hip_packet_context *ctx);
165
166=== modified file 'hipd/registration.c'
167--- hipd/registration.c 2011-08-15 14:11:56 +0000
168+++ hipd/registration.c 2011-10-17 18:32:42 +0000
169@@ -112,7 +112,6 @@
170 const struct hip_ll_node *iter = NULL;
171 struct hip_pending_request *request = NULL;
172
173- /* See hip_del_pending_request() for a comment. */
174 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
175 request = iter->ptr;
176 if (now - request->created > HIP_PENDING_REQUEST_LIFETIME) {
177@@ -233,37 +232,6 @@
178 }
179
180 /**
181- * Deletes a pending request. Deletes a pending request identified by the host
182- * association @c entry from the linked list @c pending_requests.
183- *
184- * @param entry a pointer to the host association to which the pending request
185- * to be deleted is bound.
186- * @return zero if the pending request was succesfully deleted, -1
187- * otherwise.
188- */
189-int hip_del_pending_request(struct hip_hadb_state *entry)
190-{
191- int idx = 0;
192- const struct hip_ll_node *iter = NULL;
193-
194- /* Iterate through the linked list. The iterator itself can't be used
195- * for deleting nodes from the list. Therefore, we just get the index of
196- * the element to be deleted using the iterator and then call
197- * hip_ll_del() to do the actual deletion. */
198- while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
199- if (((struct hip_pending_request *) (iter->ptr))->entry == entry) {
200- HIP_DEBUG("Deleting and freeing a pending request at " \
201- "index %u.\n", idx);
202- hip_ll_del(&pending_requests, idx, free);
203- return 0;
204- }
205- idx++;
206- }
207-
208- return -1;
209-}
210-
211-/**
212 * Deletes a pending request of given type. Deletes a pending request identified
213 * by the host association @c entry and matching the given type @c reg_type from
214 * the linked list @c pending_requests.
215@@ -281,7 +249,6 @@
216 const struct hip_ll_node *iter = NULL;
217 struct hip_pending_request *request = NULL;
218
219- /* See hip_del_pending_request() for a comment. */
220 while ((iter = hip_ll_iterate(&pending_requests, iter)) != NULL) {
221 request = iter->ptr;
222 if (request->entry == entry && request->reg_type == reg_type) {
223
224=== modified file 'hipd/registration.h'
225--- hipd/registration.h 2011-08-15 14:11:56 +0000
226+++ hipd/registration.h 2011-10-17 18:32:42 +0000
227@@ -64,7 +64,6 @@
228 int hip_get_active_services(struct hip_srv *active_services,
229 unsigned int *active_service_count);
230 int hip_add_pending_request(struct hip_pending_request *request);
231-int hip_del_pending_request(struct hip_hadb_state *entry);
232 int hip_replace_pending_requests(struct hip_hadb_state *entry_old,
233 struct hip_hadb_state *entry_new);
234 int hip_handle_param_reg_info(struct hip_hadb_state *entry,
235
236=== modified file 'hipd/user_ipsec_hipd_msg.c'
237--- hipd/user_ipsec_hipd_msg.c 2011-08-15 14:11:56 +0000
238+++ hipd/user_ipsec_hipd_msg.c 2011-10-17 18:32:42 +0000
239@@ -43,7 +43,6 @@
240 #include "esp_prot_hipd_msg.h"
241 #include "hipd.h"
242 #include "init.h"
243-#include "user_ipsec_sadb_api.h"
244 #include "user_ipsec_hipd_msg.h"
245
246
247@@ -81,219 +80,3 @@
248
249 return err;
250 }
251-
252-/** creates a user-message to add a SA to userspace IPsec
253- *
254- * @param saddr outer globally routable source ip address
255- * @param daddr outer globally routable destination ip address
256- * @param src_hit inner source address
257- * @param dst_hit inner destination address
258- * @param spi ipsec spi for demultiplexing
259- * @param ealg crypto transform to be used for the SA
260- * @param enckey raw encryption key
261- * @param authkey raw authentication key
262- * @param retransmission notification if this event is due to retransmission
263- * @param direction represents inbound or outbound direction
264- * @param update notification if this event derives from an update
265- * @param entry host association entry for this connection
266- * @return the msg, NULL if an error occurred
267- */
268-struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
269- const struct in6_addr *daddr,
270- const struct in6_addr *src_hit,
271- const struct in6_addr *dst_hit,
272- const uint32_t spi, const int ealg,
273- const struct hip_crypto_key *enckey,
274- const struct hip_crypto_key *authkey,
275- const int retransmission,
276- const int direction, const int update,
277- struct hip_hadb_state *entry)
278-{
279- struct hip_common *msg = NULL;
280- int err = 0;
281-
282- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
283- "alloc memory for adding sa entry\n");
284-
285- hip_msg_init(msg);
286-
287- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_ADD_SA, 0), -1,
288- "build hdr failed\n");
289-
290- HIP_DEBUG_IN6ADDR("Source IP address: ", saddr);
291- HIP_IFEL(hip_build_param_contents(msg, saddr,
292- HIP_PARAM_IPV6_ADDR,
293- sizeof(struct in6_addr)), -1,
294- "build param contents failed\n");
295-
296- HIP_DEBUG_IN6ADDR("Destination IP address : ", daddr);
297- HIP_IFEL(hip_build_param_contents(msg, daddr,
298- HIP_PARAM_IPV6_ADDR,
299- sizeof(struct in6_addr)), -1,
300- "build param contents failed\n");
301-
302- HIP_DEBUG_HIT("Source HIT: ", src_hit);
303- HIP_IFEL(hip_build_param_contents(msg, src_hit, HIP_PARAM_HIT,
304- sizeof(struct in6_addr)), -1,
305- "build param contents failed\n");
306-
307- HIP_DEBUG_HIT("Destination HIT: ", dst_hit);
308- HIP_IFEL(hip_build_param_contents(msg, dst_hit, HIP_PARAM_HIT,
309- sizeof(struct in6_addr)), -1,
310- "build param contents failed\n");
311-
312- HIP_DEBUG("the spi value is : %x \n", spi);
313- HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
314- sizeof(uint32_t)), -1,
315- "build param contents failed\n");
316-
317- HIP_DEBUG("the nat_mode value is %u \n", entry->nat_mode);
318- HIP_IFEL(hip_build_param_contents(msg, &entry->nat_mode, HIP_PARAM_UINT,
319- sizeof(uint8_t)), -1,
320- "build param contents failed\n");
321-
322- HIP_DEBUG("the local_port value is %u \n", entry->local_udp_port);
323- HIP_IFEL(hip_build_param_contents(msg, &entry->local_udp_port,
324- HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
325-
326- HIP_DEBUG("the peer_port value is %u \n", entry->peer_udp_port);
327- HIP_IFEL(hip_build_param_contents(msg, &entry->peer_udp_port,
328- HIP_PARAM_UINT, sizeof(uint16_t)), -1, "build param contents failed\n");
329-
330- // params needed by the esp protection extension
331- HIP_IFEL(esp_prot_sa_add(entry, msg, direction, update), -1,
332- "failed to add esp prot params\n");
333-
334- HIP_HEXDUMP("crypto key :", enckey, sizeof(struct hip_crypto_key));
335- HIP_IFEL(hip_build_param_contents(msg,
336- enckey,
337- HIP_PARAM_KEYS,
338- sizeof(struct hip_crypto_key)), -1,
339- "build param contents failed\n");
340-
341- HIP_HEXDUMP("authen key :", authkey, sizeof(struct hip_crypto_key));
342- HIP_IFEL(hip_build_param_contents(msg,
343- authkey,
344- HIP_PARAM_KEYS,
345- sizeof(struct hip_crypto_key)), -1,
346- "build param contents failed\n");
347-
348- HIP_DEBUG("ealg value is %d \n", ealg);
349- HIP_IFEL(hip_build_param_contents(msg, &ealg, HIP_PARAM_INT,
350- sizeof(int)), -1,
351- "build param contents failed\n");
352-
353- HIP_DEBUG("retransmission value is %d \n", retransmission);
354- HIP_IFEL(hip_build_param_contents(msg, &retransmission,
355- HIP_PARAM_INT, sizeof(int)), -1,
356- "build param contents failed\n");
357-
358- HIP_DEBUG("the direction value is %d \n", direction);
359- HIP_IFEL(hip_build_param_contents(msg, &direction,
360- HIP_PARAM_INT,
361- sizeof(int)), -1,
362- "build param contents failed\n");
363-
364- HIP_DEBUG("the update value is %d \n", update);
365- HIP_IFEL(hip_build_param_contents(msg, &update, HIP_PARAM_INT,
366- sizeof(int)), -1,
367- "build param contents failed\n");
368-
369-out_err:
370- if (err) {
371- free(msg);
372- msg = NULL;
373- }
374-
375- return msg;
376-}
377-
378-/** creates a user-message to delete a SA from userspace IPsec
379- *
380- * @param spi ipsec spi for demultiplexing
381- * @param peer_addr outer globally routable source ip address
382- * @param dst_addr outer globally routable destination ip address
383- * @param family protocol family of above addresses
384- * @param src_port local port for this host association
385- * @param dst_port peer port for this host association
386- * @return the msg, NULL if an error occured
387- */
388-struct hip_common *create_delete_sa_msg(const uint32_t spi,
389- const struct in6_addr *peer_addr,
390- const struct in6_addr *dst_addr,
391- const int family,
392- const int src_port,
393- const int dst_port)
394-{
395- struct hip_common *msg = NULL;
396- int err = 0;
397-
398- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
399- "alloc memory for adding sa entry\n");
400-
401- hip_msg_init(msg);
402-
403- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_DELETE_SA, 0), -1,
404- "build hdr failed\n");
405-
406- HIP_DEBUG("spi value: %u\n", spi);
407- HIP_IFEL(hip_build_param_contents(msg, &spi, HIP_PARAM_UINT,
408- sizeof(uint32_t)), -1, "build param contents failed\n");
409-
410- HIP_DEBUG_IN6ADDR("peer address: ", peer_addr);
411- HIP_IFEL(hip_build_param_contents(msg, peer_addr, HIP_PARAM_IPV6_ADDR,
412- sizeof(struct in6_addr)), -1, "build param contents failed\n");
413-
414- HIP_DEBUG_IN6ADDR("destination address: ", dst_addr);
415- HIP_IFEL(hip_build_param_contents(msg, dst_addr, HIP_PARAM_IPV6_ADDR,
416- sizeof(struct in6_addr)), -1, "build param contents failed\n");
417-
418- HIP_DEBUG("family: %i\n", family);
419- HIP_IFEL(hip_build_param_contents(msg, &family, HIP_PARAM_INT,
420- sizeof(int)), -1, "build param contents failed\n");
421-
422- HIP_DEBUG("src_port: %i\n", src_port);
423- HIP_IFEL(hip_build_param_contents(msg, &src_port, HIP_PARAM_INT,
424- sizeof(int)), -1, "build param contents failed\n");
425-
426- HIP_DEBUG("src_port: %i\n", dst_port);
427- HIP_IFEL(hip_build_param_contents(msg, &dst_port, HIP_PARAM_INT,
428- sizeof(int)), -1, "build param contents failed\n");
429-
430-out_err:
431- if (err) {
432- free(msg);
433- msg = NULL;
434- }
435-
436- return msg;
437-}
438-
439-/**
440- * create a user-message to flush all SAs from userspace IPsec
441- *
442- * @return the msg, NULL if an error occured
443- */
444-struct hip_common *create_flush_all_sa_msg(void)
445-{
446- struct hip_common *msg = NULL;
447- int err = 0;
448-
449- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
450- "alloc memory for adding sa entry\n");
451-
452- hip_msg_init(msg);
453-
454- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_IPSEC_FLUSH_ALL_SA, 0), -1,
455- "build hdr failed\n");
456-
457- // this triggers the flushing without specifying any parameters
458-
459-out_err:
460- if (err) {
461- free(msg);
462- msg = NULL;
463- }
464-
465- return msg;
466-}
467
468=== modified file 'hipd/user_ipsec_hipd_msg.h'
469--- hipd/user_ipsec_hipd_msg.h 2011-08-15 14:11:56 +0000
470+++ hipd/user_ipsec_hipd_msg.h 2011-10-17 18:32:42 +0000
471@@ -39,22 +39,5 @@
472 #include "lib/core/protodefs.h"
473
474 int hip_userspace_ipsec_activate(const struct hip_common *msg);
475-struct hip_common *create_add_sa_msg(const struct in6_addr *saddr,
476- const struct in6_addr *daddr,
477- const struct in6_addr *src_hit,
478- const struct in6_addr *dst_hit,
479- const uint32_t spi, const int ealg,
480- const struct hip_crypto_key *enckey,
481- const struct hip_crypto_key *authkey,
482- const int retransmission,
483- const int direction, const int update,
484- struct hip_hadb_state *entry);
485-struct hip_common *create_delete_sa_msg(const uint32_t spi,
486- const struct in6_addr *peer_addr,
487- const struct in6_addr *dst_addr,
488- const int family,
489- const int src_port,
490- const int dst_port);
491-struct hip_common *create_flush_all_sa_msg(void);
492
493 #endif /* HIP_HIPD_USER_IPSEC_HIPD_MSG_H */
494
495=== removed file 'hipd/user_ipsec_sadb_api.c'
496--- hipd/user_ipsec_sadb_api.c 2011-08-15 14:11:56 +0000
497+++ hipd/user_ipsec_sadb_api.c 1970-01-01 00:00:00 +0000
498@@ -1,133 +0,0 @@
499-/*
500- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
501- *
502- * Permission is hereby granted, free of charge, to any person
503- * obtaining a copy of this software and associated documentation
504- * files (the "Software"), to deal in the Software without
505- * restriction, including without limitation the rights to use,
506- * copy, modify, merge, publish, distribute, sublicense, and/or sell
507- * copies of the Software, and to permit persons to whom the
508- * Software is furnished to do so, subject to the following
509- * conditions:
510- *
511- * The above copyright notice and this permission notice shall be
512- * included in all copies or substantial portions of the Software.
513- *
514- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
515- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
516- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
517- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
518- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
519- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
520- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
521- * OTHER DEALINGS IN THE SOFTWARE.
522- */
523-
524-/**
525- * @file
526- * Provides the API used by the hipd to set up and maintain the
527- * userspace IPsec state in the hipfw.
528- *
529- * @brief API used by the hipd to set up and maintain userspace IPsec state
530- */
531-
532-#include <stdint.h>
533-#include <arpa/inet.h>
534-#include <netinet/in.h>
535-
536-#include "lib/core/debug.h"
537-#include "lib/core/icomm.h"
538-#include "lib/core/ife.h"
539-#include "lib/core/prefix.h"
540-#include "lib/core/protodefs.h"
541-#include "lib/core/state.h"
542-#include "user.h"
543-#include "user_ipsec_hipd_msg.h"
544-#include "user_ipsec_sadb_api.h"
545-
546-
547-/** generic send function used to send the below created messages
548- *
549- * @param msg the message to be sent
550- * @return 0, if correct, else != 0
551- */
552-static int hip_userspace_ipsec_send_to_fw(const struct hip_common *msg)
553-{
554- struct sockaddr_in6 hip_fw_addr;
555- struct in6_addr loopback = in6addr_loopback;
556- int err = 0;
557-
558- HIP_ASSERT(msg != NULL);
559-
560- // destination is firewall
561- hip_fw_addr.sin6_family = AF_INET6;
562- hip_fw_addr.sin6_port = htons(HIP_FIREWALL_PORT);
563- ipv6_addr_copy(&hip_fw_addr.sin6_addr, &loopback);
564-
565- err = hip_sendto_user(msg, (struct sockaddr *) &hip_fw_addr);
566- if (err < 0) {
567- HIP_ERROR("sending of message to firewall failed\n");
568-
569- err = -1;
570- goto out_err;
571- } else {
572- HIP_DEBUG("sending of message to firewall successful\n");
573-
574- // this is needed if we want to use HIP_IFEL
575- err = 0;
576- }
577-
578-out_err:
579- return err;
580-}
581-
582-/** adds a new SA entry for the specified direction to the sadb in userspace ipsec
583- * @note If you make changes to this function, please change also hip_add_sa()
584- *
585- * @param saddr outer globally routable source ip address
586- * @param daddr outer globally routable destination ip address
587- * @param src_hit inner source address
588- * @param dst_hit inner destination address
589- * @param spi ipsec spi for demultiplexing
590- * @param ealg crypto transform to be used for the SA
591- * @param enckey raw encryption key
592- * @param authkey raw authentication key
593- * @param retransmission notification if this event is due to retransmission
594- * @param direction represents inbound or outbound direction
595- * @param update notification if this event derives from an update
596- * @param entry host association entry for this connection
597- * @return 0, if correct, otherwise -1
598- */
599-uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
600- const struct in6_addr *daddr,
601- const struct in6_addr *src_hit,
602- const struct in6_addr *dst_hit,
603- const uint32_t spi, const int ealg,
604- const struct hip_crypto_key *enckey,
605- const struct hip_crypto_key *authkey,
606- const int retransmission,
607- const int direction, const int update,
608- struct hip_hadb_state *entry)
609-{
610- struct hip_common *msg = NULL;
611- int err = 0;
612-
613- HIP_ASSERT(spi != 0);
614-
615- HIP_IFEL(entry->disable_sas == 1, 0, "SA creation disabled\n");
616-
617- if (direction == HIP_SPI_DIRECTION_OUT) {
618- entry->outbound_sa_count++;
619- } else {
620- entry->inbound_sa_count++;
621- }
622-
623- HIP_IFEL(!(msg = create_add_sa_msg(saddr, daddr, src_hit, dst_hit, spi, ealg, enckey,
624- authkey, retransmission, direction, update, entry)), -1,
625- "failed to create add_sa message\n");
626-
627- HIP_IFEL(hip_userspace_ipsec_send_to_fw(msg), -1, "failed to send msg to fw\n");
628-
629-out_err:
630- return err;
631-}
632
633=== removed file 'hipd/user_ipsec_sadb_api.h'
634--- hipd/user_ipsec_sadb_api.h 2011-08-15 14:11:56 +0000
635+++ hipd/user_ipsec_sadb_api.h 1970-01-01 00:00:00 +0000
636@@ -1,55 +0,0 @@
637-/*
638- * Copyright (c) 2010 Aalto University and RWTH Aachen University.
639- *
640- * Permission is hereby granted, free of charge, to any person
641- * obtaining a copy of this software and associated documentation
642- * files (the "Software"), to deal in the Software without
643- * restriction, including without limitation the rights to use,
644- * copy, modify, merge, publish, distribute, sublicense, and/or sell
645- * copies of the Software, and to permit persons to whom the
646- * Software is furnished to do so, subject to the following
647- * conditions:
648- *
649- * The above copyright notice and this permission notice shall be
650- * included in all copies or substantial portions of the Software.
651- *
652- * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
653- * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
654- * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
655- * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
656- * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
657- * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
658- * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
659- * OTHER DEALINGS IN THE SOFTWARE.
660- */
661-
662-/**
663- * @file
664- * Provides the API used by the hipd to set up and maintain the
665- * userspace IPsec state in the hipfw.
666- *
667- * @brief API used by the hipd to set up and maintain userspace IPsec state
668- */
669-
670-#ifndef HIP_HIPD_USER_IPSEC_SADB_API_H
671-#define HIP_HIPD_USER_IPSEC_SADB_API_H
672-
673-#include <stdint.h>
674-#include <netinet/in.h>
675-
676-#include "lib/core/protodefs.h"
677-
678-uint32_t hip_userspace_ipsec_add_sa(const struct in6_addr *saddr,
679- const struct in6_addr *daddr,
680- const struct in6_addr *src_hit,
681- const struct in6_addr *dst_hit,
682- const uint32_t spi, const int ealg,
683- const struct hip_crypto_key *enckey,
684- const struct hip_crypto_key *authkey,
685- const int retransmission,
686- const int direction, const int update,
687- struct hip_hadb_state *entry);
688-
689-int hip_userspace_ipsec_setup_default_sp_prefix_pair(void);
690-
691-#endif /* HIP_HIPD_USER_IPSEC_SADB_API_H */
692
693=== modified file 'lib/core/builder.c'
694--- lib/core/builder.c 2011-08-15 14:11:56 +0000
695+++ lib/core/builder.c 2011-10-17 18:32:42 +0000
696@@ -918,18 +918,6 @@
697 * @return pointer to the contents of the tlv_common (just after the
698 * the type and length fields)
699 */
700-void *hip_get_param_contents_direct_readwrite(void *tlv_common)
701-{
702- return ((uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
703-}
704-
705-/**
706- * hip_get_param_contents_direct - get parameter contents direct from TLV
707- *
708- * @param tlv_common pointer to a parameter
709- * @return pointer to the contents of the tlv_common (just after the
710- * the type and length fields)
711- */
712 const void *hip_get_param_contents_direct(const void *tlv_common)
713 {
714 return ((const uint8_t *) tlv_common) + sizeof(struct hip_tlv_common);
715@@ -3373,56 +3361,6 @@
716 }
717
718 /**
719- * Build and append a X509 certiticate request parameter into a HIP control
720- * message (on-the-wire)
721- *
722- * @param msg a pointer to the message where the parameter will be
723- * appended
724- * @param addr the subject for the certificate
725- * @return zero on success, or negative on failure
726- * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
727- *
728- */
729-int hip_build_param_cert_x509_req(struct hip_common *msg, struct in6_addr *addr)
730-{
731- struct hip_cert_x509_req subj;
732-
733- hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
734- hip_calc_param_len((struct hip_tlv_common *) &subj,
735- sizeof(struct hip_cert_x509_req)
736- - sizeof(struct hip_tlv_common));
737- ipv6_addr_copy(&subj.addr, addr);
738-
739- return hip_build_param(msg, &subj);
740-}
741-
742-/**
743- * build and append a X509 certificate verification parameter into a
744- * HIP control message (on-the-wire)
745- *
746- * @param msg a pointer to the message where the parameter will be
747- * appended
748- * @param der der field
749- * @param len length of the der field in bytes
750- * @return zero on success, or negative on failure
751- * @see <a href="http://tools.ietf.org/html/draft-ietf-hip-cert">draft-ietf-hip-cert</a>
752- *
753- */
754-int hip_build_param_cert_x509_ver(struct hip_common *msg, char *der, int len)
755-{
756- struct hip_cert_x509_resp subj;
757-
758- hip_set_param_type((struct hip_tlv_common *) &subj, HIP_PARAM_CERT_X509_REQ);
759- hip_calc_param_len((struct hip_tlv_common *) &subj,
760- sizeof(struct hip_cert_x509_resp)
761- - sizeof(struct hip_tlv_common));
762- memcpy(&subj.der, der, len);
763- subj.der_len = len;
764-
765- return hip_build_param(msg, &subj);
766-}
767-
768-/**
769 * build and append a X509 certificate response into a HIP control message
770 * (on-the-wire)
771 *
772
773=== modified file 'lib/core/builder.h'
774--- lib/core/builder.h 2011-08-15 14:11:56 +0000
775+++ lib/core/builder.h 2011-10-17 18:32:42 +0000
776@@ -155,9 +155,7 @@
777 const struct in6_addr rvs_addresses[]);
778 int hip_build_param_cert_spki_info(struct hip_common *msg,
779 struct hip_cert_spki_info *cert_info);
780-int hip_build_param_cert_x509_req(struct hip_common *, struct in6_addr *);
781 int hip_build_param_cert_x509_resp(struct hip_common *, char *, int);
782-int hip_build_param_cert_x509_ver(struct hip_common *, char *, int);
783
784 int hip_build_param_hit_to_ip_set(struct hip_common *, const char *);
785 int hip_build_user_hdr(struct hip_common *, hip_hdr, hip_hdr_err);
786@@ -187,7 +185,6 @@
787 void *hip_get_param_readwrite(struct hip_common *, hip_tlv);
788 const void *hip_get_param_contents(const struct hip_common *, hip_tlv);
789 const void *hip_get_param_contents_direct(const void *);
790-void *hip_get_param_contents_direct_readwrite(void *);
791 hip_tlv_len hip_get_param_contents_len(const void *);
792 int hip_get_param_host_id_di_type_len(const struct hip_host_id *,
793 const char **, int *);
794
795=== modified file 'lib/core/certtools.c'
796--- lib/core/certtools.c 2011-08-15 14:11:56 +0000
797+++ lib/core/certtools.c 2011-10-17 18:32:42 +0000
798@@ -624,139 +624,6 @@
799 return err;
800 }
801
802-/**
803- * Function that sends the given hip_cert_spki_info to the daemon to
804- * verification
805- *
806- * @param to_verification is the cert to be verified
807- *
808- * @return 0 if ok and negative if error or unsuccesfull.
809- *
810- * @note use hip_cert_spki_char2certinfo to build the hip_cert_spki_info
811- */
812-int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *to_verification)
813-{
814- int err = 0;
815- struct hip_common *msg;
816- const struct hip_cert_spki_info *returned;
817-
818- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
819- "Malloc for msg failed\n");
820- hip_msg_init(msg);
821- /* build the msg to be sent to the daemon */
822- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_SPKI_VERIFY, 0), -1,
823- "Failed to build user header\n");
824- HIP_IFEL(hip_build_param_cert_spki_info(msg, to_verification), -1,
825- "Failed to build cert_info\n");
826-
827- /* send and wait */
828- HIP_DEBUG("Sending request to verify SPKI cert to "
829- "daemon and waiting for answer\n");
830- hip_send_recv_daemon_info(msg, 0, 0);
831-
832- HIP_IFEL(!(returned = hip_get_param(msg, HIP_PARAM_CERT_SPKI_INFO)),
833- -1, "No hip_cert_spki_info struct found from daemons msg\n");
834-
835- memcpy(to_verification, returned, sizeof(struct hip_cert_spki_info));
836-
837-out_err:
838- free(msg);
839- return err;
840-}
841-
842-/******************************************************************************
843- * FUNCTIONS FOR x509v3 *
844- ******************************************************************************/
845-
846-/**
847- * Function that requests for a certificate from daemon and gives it back.
848- *
849- * @param subject is the subjects HIT
850- *
851- * @param certificate is pointer to a buffer to which this function writes the completed cert
852- *
853- * @return positive on success negative otherwise
854- *
855- * @note The certificate is given in DER encoding
856- */
857-int hip_cert_x509v3_request_certificate(struct in6_addr *subject,
858- unsigned char *certificate)
859-{
860- int err = 0;
861- struct hip_common *msg;
862- const struct hip_cert_x509_resp *p;
863-
864- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
865- "Malloc for msg failed\n");
866- hip_msg_init(msg);
867- /* build the msg to be sent to the daemon */
868-
869- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
870- "Failed to build user header\n");
871- HIP_IFEL(hip_build_param_cert_x509_req(msg, subject), -1,
872- "Failed to build cert_info\n");
873- /* send and wait */
874- HIP_DEBUG("Sending request to sign x509 cert to "
875- "daemon and waiting for answer\n");
876- hip_send_recv_daemon_info(msg, 0, 0);
877- /* get the struct from the message sent back by the daemon */
878- HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
879- "No name x509 struct found\n");
880- memcpy(certificate, p->der, p->der_len);
881- err = p->der_len;
882-
883-out_err:
884- free(msg);
885- return err;
886-}
887-
888-/**
889- * Function that requests for a verification of a certificate from
890- * daemon and tells the result.
891- *
892- * @param certificate is pointer to a certificate to be verified
893- * @param len is the length of the cert in certificate parameter in bytes
894- *
895- * @return 0 on success negative otherwise
896- *
897- * @note give the certificate in PEM encoding
898- */
899-int hip_cert_x509v3_request_verification(unsigned char *certificate, int len)
900-{
901- int err = 0;
902- struct hip_common *msg;
903- const struct hip_cert_x509_resp *received;
904-
905- HIP_IFEL(!(msg = malloc(HIP_MAX_PACKET)), -1,
906- "Malloc for msg failed\n");
907- hip_msg_init(msg);
908-
909- /* build the msg to be sent to the daemon */
910- HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_VERIFY, 0), -1,
911- "Failed to build user header\n");
912- HIP_IFEL(hip_build_param_cert_x509_ver(msg, (char *) certificate, len), -1,
913- "Failed to build cert_info\n");
914-
915- /* send and wait */
916- HIP_DEBUG("Sending request to verify x509 cert to "
917- "daemon and waiting for answer\n");
918- hip_send_recv_daemon_info(msg, 0, 0);
919-
920- /* get the struct from the message sent back by the daemon */
921- HIP_IFEL(!(received = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
922- "No x509 struct found\n");
923- err = hip_get_msg_err(msg);
924- if (err == 0) {
925- HIP_DEBUG("Verified successfully\n");
926- } else {
927- HIP_DEBUG("Verification failed\n");
928- }
929-
930-out_err:
931- free(msg);
932- return err;
933-}
934-
935 /*******************************************************************************
936 * UTILITARY FUNCTIONS *
937 *******************************************************************************/
938
939=== modified file 'lib/core/certtools.h'
940--- lib/core/certtools.h 2011-08-15 14:11:56 +0000
941+++ lib/core/certtools.h 2011-10-17 18:32:42 +0000
942@@ -64,11 +64,6 @@
943 const char *, struct in6_addr *,
944 time_t *, time_t *);
945 int hip_cert_spki_char2certinfo(char *, struct hip_cert_spki_info *);
946-int hip_cert_spki_send_to_verification(struct hip_cert_spki_info *);
947-
948-/* x509v3 cert related functions */
949-int hip_cert_x509v3_request_certificate(struct in6_addr *, unsigned char *);
950-int hip_cert_x509v3_request_verification(unsigned char *, int);
951
952 /** Utilitary functions */
953 STACK_OF(CONF_VALUE) * hip_cert_read_conf_section(const char *, CONF *);
954
955=== modified file 'lib/core/modularization.c'
956--- lib/core/modularization.c 2011-10-12 09:20:36 +0000
957+++ lib/core/modularization.c 2011-10-17 18:32:42 +0000
958@@ -95,8 +95,7 @@
959 /**
960 * List of parameter types.
961 *
962- * Used to track all registered parameter types. Each module which defines a new
963- * parameter type must register it using lmod_register_parameter_type.
964+ * Used to track all registered parameter types.
965 */
966 static struct hip_ll parameter_types;
967
968
969=== modified file 'lib/tool/xfrmapi.c'
970--- lib/tool/xfrmapi.c 2011-08-15 14:11:56 +0000
971+++ lib/tool/xfrmapi.c 2011-10-17 18:32:42 +0000
972@@ -701,8 +701,6 @@
973 * @param entry corresponding host association
974 * @return zero on success and non-zero on error
975 * @note IPv4 addresses in IPv6 mapped format
976- * @note If you make changes to this function, please change also
977- * hipd/user_ipsec_sadb_api.c:hip_userspace_ipsec_add_sa().
978 */
979 uint32_t hip_add_sa(const struct in6_addr *saddr,
980 const struct in6_addr *daddr,
981
982=== modified file 'test/certteststub.c'
983--- test/certteststub.c 2011-08-15 14:11:56 +0000
984+++ test/certteststub.c 2011-10-17 18:32:42 +0000
985@@ -48,25 +48,18 @@
986 #include "lib/core/protodefs.h"
987
988
989-int main(int argc, char *argv[])
990+int main(void)
991 {
992- int err = 0, i = 0, len;
993+ int err = 0, i = 0;
994 struct hip_cert_spki_info *cert = NULL;
995 struct hip_cert_spki_info *to_verification = NULL;
996 time_t not_before = 0, not_after = 0;
997 struct hip_common *msg;
998 struct in6_addr *defhit;
999 char certificate[1024];
1000- unsigned char der_cert[1024];
1001 CONF *conf;
1002 CONF_VALUE *item;
1003- STACK_OF(CONF_VALUE) * sec = NULL;
1004- STACK_OF(CONF_VALUE) * sec_name = NULL;
1005-
1006- if (argc != 2) {
1007- printf("Usage: %s spki|x509\n", argv[0]);
1008- exit(EXIT_SUCCESS);
1009- }
1010+ STACK_OF(CONF_VALUE) * sec = NULL;
1011
1012 HIP_DEBUG("- This test tool has to be run as root otherwise this will fail!\n");
1013 HIP_DEBUG("- Hipd has to run otherwise this will hang!\n");
1014@@ -78,10 +71,6 @@
1015 goto out_err;
1016 }
1017
1018- if (strcmp(argv[1], "spki")) {
1019- goto skip_spki;
1020- }
1021-
1022 HIP_DEBUG("Starting to test SPKI certficate tools\n");
1023
1024 cert = malloc(sizeof(struct hip_cert_spki_info));
1025@@ -142,51 +131,12 @@
1026 HIP_IFEL(hip_cert_spki_char2certinfo(certificate, to_verification), -1,
1027 "Failed to construct the hip_cert_spki_info from certificate\n");
1028
1029- /*
1030- * below, commented out, is the daemons version of the verification
1031- * and below that is the lib version of the verification
1032- */
1033- /*
1034- * HIP_DEBUG("Sending the certificate to daemon for verification\n");
1035- *
1036- * HIP_IFEL(hip_cert_spki_send_to_verification(to_verification), -1,
1037- * "Failed in sending to verification\n");
1038- * HIP_IFEL(to_verification->success, -1,
1039- * "Verification was not successfull\n");
1040- * HIP_DEBUG("Verification was successfull (return value %d)\n",
1041- * to_verification->success);
1042- */
1043 /* Lets do the verification in library */
1044 HIP_IFEL(hip_cert_spki_lib_verify(to_verification), -1,
1045 "Verification was not succesfull\n");
1046 HIP_DEBUG("Verification was successfull (return value %d)\n",
1047 to_verification->success);
1048
1049- goto out_err;
1050-
1051-skip_spki:
1052- HIP_DEBUG("Starting to test x509v3 support\n");
1053-
1054- conf = hip_cert_open_conf();
1055- sec_name = hip_cert_read_conf_section("hip_x509v3_name", conf);
1056-
1057- for (i = 0; i < sk_CONF_VALUE_num(sec_name); i++) {
1058- item = sk_CONF_VALUE_value(sec_name, i);
1059- if (!strcmp(item->name, "issuerhit")) {
1060- err = inet_pton(AF_INET6, item->value, defhit);
1061- if (err < 1) {
1062- err = -1;
1063- goto out_err;
1064- }
1065- }
1066- }
1067- NCONF_free(conf);
1068- len = hip_cert_x509v3_request_certificate(defhit, der_cert);
1069-
1070- /** Now send it back for the verification */
1071- HIP_IFEL((err = hip_cert_x509v3_request_verification(der_cert, len) < 0),
1072- -1, "Failed to verify a certificate\n");
1073-
1074 out_err:
1075 HIP_DEBUG("If there was no errors above, \"everything\" is OK\n");
1076

Subscribers

People subscribed via source and target branches

to all changes: