General:
24Jun06
+- Eliminate crypto type punning problems by eliminating void * and
+ using uint8_t * instead.
- Harden authentication failure in FD by single threading errors
and forcing a 6 second wait.
- ========= Remove Accept Any Volume ========= directive.
/*********************************************************************
*
*/
-static int authenticate(int rcode, BSOCK *bs, JCR* jcr)
+static bool authenticate(int rcode, BSOCK *bs, JCR* jcr)
{
POOLMEM *dirname = get_pool_memory(PM_MESSAGE);
DIRRES *director = NULL;
free_pool_memory(dirname);
jcr->director = director;
/* Single thread all failures to avoid DOS */
- if (auth_success) {
+ if (!auth_success) {
P(mutex);
bmicrosleep(6, 0);
V(mutex);
}
- return (director != NULL);
+ return auth_success;
}
/*
BSOCK *dir = jcr->dir_bsock;
if (!authenticate(R_DIRECTOR, dir, jcr)) {
- /* Single thread all failures to avoid DOS */
- P(mutex);
- bmicrosleep(6, 0);
- V(mutex);
bnet_fsend(dir, "%s", Dir_sorry);
Emsg0(M_FATAL, 0, _("Unable to authenticate Director\n"));
return 0;
}
/* Allocate buffer */
- jcr->pki_session_encoded = malloc(size);
+ jcr->pki_session_encoded = (uint8_t *)malloc(size);
if (!jcr->pki_session_encoded) {
return 0;
}
if (signing_digest) {
SIGNATURE *sig;
size_t size = 0;
- void *buf;
+ uint8_t *buf;
if ((sig = crypto_sign_new()) == NULL) {
Jmsg(jcr, M_FATAL, 0, _("Failed to allocate memory for stream signature.\n"));
}
/* Allocate signature data buffer */
- buf = malloc(size);
+ buf = (uint8_t *)malloc(size);
if (!buf) {
crypto_sign_free(sig);
return 0;
/* Terminate any digest and send it to Storage daemon and the Director */
if (digest) {
- char md[CRYPTO_DIGEST_MAX_SIZE];
+ uint8_t md[CRYPTO_DIGEST_MAX_SIZE];
size_t size;
size = sizeof(md);
- if (crypto_digest_finalize(digest, &md, &size)) {
+ if (crypto_digest_finalize(digest, md, &size)) {
bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, digest_stream);
Dmsg1(300, "bfiled>stored:header %s\n", sd->msg);
memcpy(sd->msg, md, size);
/* Update checksum if requested */
if (digest) {
- crypto_digest_update(digest, rbuf, sd->msglen);
+ crypto_digest_update(digest, (uint8_t *)rbuf, sd->msglen);
}
/* Update signing digest if requested */
if (signing_digest) {
- crypto_digest_update(signing_digest, rbuf, sd->msglen);
+ crypto_digest_update(signing_digest, (uint8_t *)rbuf, sd->msglen);
}
#ifdef HAVE_LIBZ
Dmsg1(30, "Stream=Encrypted Session Data, size: %d\n", sd->msglen);
/* Decode and save session keys. */
- cryptoerr = crypto_session_decode(sd->msg, (size_t) sd->msglen, jcr->pki_recipients, &cs);
+ cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (size_t)sd->msglen, jcr->pki_recipients, &cs);
switch(cryptoerr) {
case CRYPTO_ERROR_NONE:
/* Success */
case STREAM_SIGNED_DIGEST:
/* Save signature. */
- if ((sig = crypto_sign_decode(sd->msg, (size_t) sd->msglen)) == NULL) {
+ if ((sig = crypto_sign_decode((uint8_t *)sd->msg, (size_t)sd->msglen)) == NULL) {
Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname);
}
break;
return 1;
}
- if (crypto_digest_finalize(digest, &md, &size)) {
+ if (crypto_digest_finalize(digest, (uint8_t *)md, &size)) {
char *digest_buf;
const char *digest_name;
- digest_buf = (char *) malloc(BASE64_SIZE(size));
+ digest_buf = (char *)malloc(BASE64_SIZE(size));
digest_name = crypto_digest_name(digest);
- bin_to_base64(digest_buf, (char *) md, size);
+ bin_to_base64(digest_buf, md, size);
Dmsg3(400, "send inx=%d %s=%s\n", jcr->JobFiles, digest_name, digest_buf);
bnet_fsend(dir, "%d %d %s *%s-%d*", jcr->JobFiles, digest_stream, digest_buf,
digest_name, jcr->JobFiles);
char buf[DEFAULT_NETWORK_BUFFER_SIZE];
int64_t n;
- while ((n=bread(bfd, &buf, sizeof(buf))) > 0) {
- crypto_digest_update(digest, &buf, n);
+ while ((n=bread(bfd, buf, sizeof(buf))) > 0) {
+ crypto_digest_update(digest, (uint8_t *)buf, n);
jcr->JobBytes += n;
jcr->ReadBytes += n;
}
alist *pki_signers; /* Trusted Signers */
alist *pki_recipients; /* Trusted Recipients */
CRYPTO_SESSION *pki_session; /* PKE Public Keys + Symmetric Session Keys */
- void *pki_session_encoded; /* Cached DER-encoded copy of pki_session */
+ uint8_t *pki_session_encoded; /* Cached DER-encoded copy of pki_session */
size_t pki_session_encoded_size; /* Size of DER-encoded pki_session */
POOLMEM *crypto_buf; /* Encryption/Decryption buffer */
DIRRES* director; /* Director resource */
* Returns: true on success
* false on failure
*/
-bool crypto_digest_update (DIGEST *digest, const void *data, size_t length) {
+bool crypto_digest_update (DIGEST *digest, const uint8_t *data, uint32_t length) {
if (EVP_DigestUpdate(&digest->ctx, data, length) == 0) {
return true;
} else {
* Returns: true on success
* false on failure
*/
-bool crypto_digest_finalize (DIGEST *digest, void *dest, size_t *length) {
- if (!EVP_DigestFinal(&digest->ctx, (unsigned char *) dest, (unsigned int *) length)) {
+bool crypto_digest_finalize (DIGEST *digest, uint8_t *dest, uint32_t *length) {
+ if (!EVP_DigestFinal(&digest->ctx, dest, (unsigned int *)length)) {
return false;
} else {
return true;
* Returns: true on success, stores the encoded data in dest, and the size in length.
* false on failure.
*/
-int crypto_sign_encode(SIGNATURE *sig, void *dest, size_t *length)
+int crypto_sign_encode(SIGNATURE *sig, uint8_t *dest, size_t *length)
{
if (*length == 0) {
*length = i2d_SignatureData(sig->sigData, NULL);
return true;
}
- *length = i2d_SignatureData(sig->sigData, (unsigned char **) &dest);
+ *length = i2d_SignatureData(sig->sigData, (unsigned char **)&dest);
return true;
}
*/
-SIGNATURE *crypto_sign_decode(const void *sigData, size_t length)
+SIGNATURE *crypto_sign_decode(const uint8_t *sigData, size_t length)
{
SIGNATURE *sig;
#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
const unsigned char *p = (const unsigned char *) sigData;
#else
- unsigned char *p = (unsigned char *) sigData;
+ unsigned char *p = (unsigned char *)sigData;
#endif
- sig = (SIGNATURE *) malloc(sizeof(SIGNATURE));
+ sig = (SIGNATURE *)malloc(sizeof(SIGNATURE));
if (!sig) {
return NULL;
}
* Returns: true on success, stores the encoded data in dest, and the size in length.
* false on failure.
*/
-bool crypto_session_encode(CRYPTO_SESSION *cs, void *dest, size_t *length)
+bool crypto_session_encode(CRYPTO_SESSION *cs, uint8_t *dest, size_t *length)
{
if (*length == 0) {
*length = i2d_CryptoData(cs->cryptoData, NULL);
return true;
}
- *length = i2d_CryptoData(cs->cryptoData, (unsigned char **) &dest);
+ *length = i2d_CryptoData(cs->cryptoData, &dest);
return true;
}
* Returns: CRYPTO_ERROR_NONE and a pointer to a newly allocated CRYPTO_SESSION structure in *session on success.
* A crypto_error_t value on failure.
*/
-crypto_error_t crypto_session_decode(const void *data, size_t length, alist *keypairs, CRYPTO_SESSION **session)
+crypto_error_t crypto_session_decode(const uint8_t *data, size_t length, alist *keypairs, CRYPTO_SESSION **session)
{
CRYPTO_SESSION *cs;
X509_KEYPAIR *keypair;
STACK_OF(RecipientInfo) *recipients;
crypto_error_t retval = CRYPTO_ERROR_NONE;
#if (OPENSSL_VERSION_NUMBER >= 0x0090800FL)
- const unsigned char *p = (const unsigned char *) data;
+ const unsigned char *p = (const unsigned char *)data;
#else
- unsigned char *p = (unsigned char *) data;
+ unsigned char *p = (unsigned char *)data;
#endif
cs = (CRYPTO_SESSION *) malloc(sizeof(CRYPTO_SESSION));
int init_crypto (void);
int cleanup_crypto (void);
DIGEST * crypto_digest_new (crypto_digest_t type);
-bool crypto_digest_update (DIGEST *digest, const void *data, size_t length);
-bool crypto_digest_finalize (DIGEST *digest, void *dest, size_t *length);
+bool crypto_digest_update (DIGEST *digest, const uint8_t *data, uint32_t length);
+bool crypto_digest_finalize (DIGEST *digest, uint8_t *dest, uint32_t *length);
void crypto_digest_free (DIGEST *digest);
SIGNATURE * crypto_sign_new (void);
crypto_error_t crypto_sign_get_digest (SIGNATURE *sig, X509_KEYPAIR *keypair, DIGEST **digest);
crypto_error_t crypto_sign_verify (SIGNATURE *sig, X509_KEYPAIR *keypair, DIGEST *digest);
int crypto_sign_add_signer (SIGNATURE *sig, DIGEST *digest, X509_KEYPAIR *keypair);
-int crypto_sign_encode (SIGNATURE *sig, void *dest, size_t *length);
-SIGNATURE * crypto_sign_decode (const void *sigData, size_t length);
+int crypto_sign_encode (SIGNATURE *sig, uint8_t *dest, uint32_t *length);
+SIGNATURE * crypto_sign_decode (const uint8_t *sigData, uint32_t length);
void crypto_sign_free (SIGNATURE *sig);
CRYPTO_SESSION * crypto_session_new (crypto_cipher_t cipher, alist *pubkeys);
void crypto_session_free (CRYPTO_SESSION *cs);
-bool crypto_session_encode (CRYPTO_SESSION *cs, void *dest, size_t *length);
-crypto_error_t crypto_session_decode (const void *data, size_t length, alist *keypairs, CRYPTO_SESSION **session);
-CRYPTO_SESSION * crypto_session_decode (const void *data, size_t length);
-CIPHER_CONTEXT * crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, size_t *blocksize);
-bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, size_t length, const void *dest, size_t *written);
+bool crypto_session_encode (CRYPTO_SESSION *cs, uint8_t *dest, uint32_t *length);
+crypto_error_t crypto_session_decode (const uint8_t *data, uint32_t length, alist *keypairs, CRYPTO_SESSION **session);
+CRYPTO_SESSION * crypto_session_decode (const uint8_t *data, uint32_t length);
+CIPHER_CONTEXT * crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, uint32_t *blocksize);
+bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, uint32_t length, const void *dest, size_t *written);
bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, void *dest, size_t *written);
void crypto_cipher_free (CIPHER_CONTEXT *cipher_ctx);
X509_KEYPAIR * crypto_keypair_new (void);