From: Kern Sibbald Date: Sat, 24 Jun 2006 11:51:28 +0000 (+0000) Subject: - Eliminate crypto type punning problems by eliminating void * and X-Git-Tag: Release-7.0.0~7940 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=26b4ab6e313da33e53698b67a7a362c4f2b753c9;p=bacula%2Fbacula - Eliminate crypto type punning problems by eliminating void * and using uint8_t * instead. Fix some authentication slips git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@3069 91ce42f0-d328-0410-95d8-f526ca767f89 --- diff --git a/bacula/kes-1.39 b/bacula/kes-1.39 index cdde06eaaf..7cf7ca131f 100644 --- a/bacula/kes-1.39 +++ b/bacula/kes-1.39 @@ -3,6 +3,8 @@ General: 24Jun06 +- Eliminate crypto type punning problems by eliminating void * and + using uint8_t * instead. - Harden authentication failure in FD by single threading errors and forcing a 6 second wait. - ========= Remove Accept Any Volume ========= directive. diff --git a/bacula/src/filed/authenticate.c b/bacula/src/filed/authenticate.c index ddd12b02d7..8cc9e65dd1 100644 --- a/bacula/src/filed/authenticate.c +++ b/bacula/src/filed/authenticate.c @@ -31,7 +31,7 @@ static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; /********************************************************************* * */ -static int authenticate(int rcode, BSOCK *bs, JCR* jcr) +static bool authenticate(int rcode, BSOCK *bs, JCR* jcr) { POOLMEM *dirname = get_pool_memory(PM_MESSAGE); DIRRES *director = NULL; @@ -151,12 +151,12 @@ auth_fatal: free_pool_memory(dirname); jcr->director = director; /* Single thread all failures to avoid DOS */ - if (auth_success) { + if (!auth_success) { P(mutex); bmicrosleep(6, 0); V(mutex); } - return (director != NULL); + return auth_success; } /* @@ -172,10 +172,6 @@ int authenticate_director(JCR *jcr) BSOCK *dir = jcr->dir_bsock; if (!authenticate(R_DIRECTOR, dir, jcr)) { - /* Single thread all failures to avoid DOS */ - P(mutex); - bmicrosleep(6, 0); - V(mutex); bnet_fsend(dir, "%s", Dir_sorry); Emsg0(M_FATAL, 0, _("Unable to authenticate Director\n")); return 0; diff --git a/bacula/src/filed/backup.c b/bacula/src/filed/backup.c index 86e86c3605..400244d077 100644 --- a/bacula/src/filed/backup.c +++ b/bacula/src/filed/backup.c @@ -115,7 +115,7 @@ bool blast_data_to_storage_daemon(JCR *jcr, char *addr) } /* Allocate buffer */ - jcr->pki_session_encoded = malloc(size); + jcr->pki_session_encoded = (uint8_t *)malloc(size); if (!jcr->pki_session_encoded) { return 0; } @@ -491,7 +491,7 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level) if (signing_digest) { SIGNATURE *sig; size_t size = 0; - void *buf; + uint8_t *buf; if ((sig = crypto_sign_new()) == NULL) { Jmsg(jcr, M_FATAL, 0, _("Failed to allocate memory for stream signature.\n")); @@ -510,7 +510,7 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level) } /* Allocate signature data buffer */ - buf = malloc(size); + buf = (uint8_t *)malloc(size); if (!buf) { crypto_sign_free(sig); return 0; @@ -544,12 +544,12 @@ static int save_file(FF_PKT *ff_pkt, void *vjcr, bool top_level) /* Terminate any digest and send it to Storage daemon and the Director */ if (digest) { - char md[CRYPTO_DIGEST_MAX_SIZE]; + uint8_t md[CRYPTO_DIGEST_MAX_SIZE]; size_t size; size = sizeof(md); - if (crypto_digest_finalize(digest, &md, &size)) { + if (crypto_digest_finalize(digest, md, &size)) { bnet_fsend(sd, "%ld %d 0", jcr->JobFiles, digest_stream); Dmsg1(300, "bfiled>stored:header %s\n", sd->msg); memcpy(sd->msg, md, size); @@ -714,12 +714,12 @@ int send_data(JCR *jcr, int stream, FF_PKT *ff_pkt, DIGEST *digest, DIGEST *sign /* Update checksum if requested */ if (digest) { - crypto_digest_update(digest, rbuf, sd->msglen); + crypto_digest_update(digest, (uint8_t *)rbuf, sd->msglen); } /* Update signing digest if requested */ if (signing_digest) { - crypto_digest_update(signing_digest, rbuf, sd->msglen); + crypto_digest_update(signing_digest, (uint8_t *)rbuf, sd->msglen); } #ifdef HAVE_LIBZ diff --git a/bacula/src/filed/restore.c b/bacula/src/filed/restore.c index 951da3dc9a..a44e758e40 100644 --- a/bacula/src/filed/restore.c +++ b/bacula/src/filed/restore.c @@ -342,7 +342,7 @@ void do_restore(JCR *jcr) Dmsg1(30, "Stream=Encrypted Session Data, size: %d\n", sd->msglen); /* Decode and save session keys. */ - cryptoerr = crypto_session_decode(sd->msg, (size_t) sd->msglen, jcr->pki_recipients, &cs); + cryptoerr = crypto_session_decode((uint8_t *)sd->msg, (size_t)sd->msglen, jcr->pki_recipients, &cs); switch(cryptoerr) { case CRYPTO_ERROR_NONE: /* Success */ @@ -491,7 +491,7 @@ void do_restore(JCR *jcr) case STREAM_SIGNED_DIGEST: /* Save signature. */ - if ((sig = crypto_sign_decode(sd->msg, (size_t) sd->msglen)) == NULL) { + if ((sig = crypto_sign_decode((uint8_t *)sd->msg, (size_t)sd->msglen)) == NULL) { Jmsg1(jcr, M_ERROR, 0, _("Failed to decode message signature for %s\n"), jcr->last_fname); } break; diff --git a/bacula/src/filed/verify.c b/bacula/src/filed/verify.c index f9f4b44644..c86da93e9f 100644 --- a/bacula/src/filed/verify.c +++ b/bacula/src/filed/verify.c @@ -241,14 +241,14 @@ static int verify_file(FF_PKT *ff_pkt, void *pkt, bool top_level) return 1; } - if (crypto_digest_finalize(digest, &md, &size)) { + if (crypto_digest_finalize(digest, (uint8_t *)md, &size)) { char *digest_buf; const char *digest_name; - digest_buf = (char *) malloc(BASE64_SIZE(size)); + digest_buf = (char *)malloc(BASE64_SIZE(size)); digest_name = crypto_digest_name(digest); - bin_to_base64(digest_buf, (char *) md, size); + bin_to_base64(digest_buf, md, size); Dmsg3(400, "send inx=%d %s=%s\n", jcr->JobFiles, digest_name, digest_buf); bnet_fsend(dir, "%d %d %s *%s-%d*", jcr->JobFiles, digest_stream, digest_buf, digest_name, jcr->JobFiles); @@ -324,8 +324,8 @@ int read_digest(BFILE *bfd, DIGEST *digest, JCR *jcr) char buf[DEFAULT_NETWORK_BUFFER_SIZE]; int64_t n; - while ((n=bread(bfd, &buf, sizeof(buf))) > 0) { - crypto_digest_update(digest, &buf, n); + while ((n=bread(bfd, buf, sizeof(buf))) > 0) { + crypto_digest_update(digest, (uint8_t *)buf, n); jcr->JobBytes += n; jcr->ReadBytes += n; } diff --git a/bacula/src/jcr.h b/bacula/src/jcr.h index f78d2f3cd5..97d3253d4c 100644 --- a/bacula/src/jcr.h +++ b/bacula/src/jcr.h @@ -263,7 +263,7 @@ public: alist *pki_signers; /* Trusted Signers */ alist *pki_recipients; /* Trusted Recipients */ CRYPTO_SESSION *pki_session; /* PKE Public Keys + Symmetric Session Keys */ - void *pki_session_encoded; /* Cached DER-encoded copy of pki_session */ + uint8_t *pki_session_encoded; /* Cached DER-encoded copy of pki_session */ size_t pki_session_encoded_size; /* Size of DER-encoded pki_session */ POOLMEM *crypto_buf; /* Encryption/Decryption buffer */ DIRRES* director; /* Director resource */ diff --git a/bacula/src/lib/crypto.c b/bacula/src/lib/crypto.c index 90ca053767..9a3815e71d 100644 --- a/bacula/src/lib/crypto.c +++ b/bacula/src/lib/crypto.c @@ -626,7 +626,7 @@ err: * Returns: true on success * false on failure */ -bool crypto_digest_update (DIGEST *digest, const void *data, size_t length) { +bool crypto_digest_update (DIGEST *digest, const uint8_t *data, uint32_t length) { if (EVP_DigestUpdate(&digest->ctx, data, length) == 0) { return true; } else { @@ -641,8 +641,8 @@ bool crypto_digest_update (DIGEST *digest, const void *data, size_t length) { * Returns: true on success * false on failure */ -bool crypto_digest_finalize (DIGEST *digest, void *dest, size_t *length) { - if (!EVP_DigestFinal(&digest->ctx, (unsigned char *) dest, (unsigned int *) length)) { +bool crypto_digest_finalize (DIGEST *digest, uint8_t *dest, uint32_t *length) { + if (!EVP_DigestFinal(&digest->ctx, dest, (unsigned int *)length)) { return false; } else { return true; @@ -874,14 +874,14 @@ err: * Returns: true on success, stores the encoded data in dest, and the size in length. * false on failure. */ -int crypto_sign_encode(SIGNATURE *sig, void *dest, size_t *length) +int crypto_sign_encode(SIGNATURE *sig, uint8_t *dest, size_t *length) { if (*length == 0) { *length = i2d_SignatureData(sig->sigData, NULL); return true; } - *length = i2d_SignatureData(sig->sigData, (unsigned char **) &dest); + *length = i2d_SignatureData(sig->sigData, (unsigned char **)&dest); return true; } @@ -894,16 +894,16 @@ int crypto_sign_encode(SIGNATURE *sig, void *dest, size_t *length) */ -SIGNATURE *crypto_sign_decode(const void *sigData, size_t length) +SIGNATURE *crypto_sign_decode(const uint8_t *sigData, size_t length) { SIGNATURE *sig; #if (OPENSSL_VERSION_NUMBER >= 0x0090800FL) const unsigned char *p = (const unsigned char *) sigData; #else - unsigned char *p = (unsigned char *) sigData; + unsigned char *p = (unsigned char *)sigData; #endif - sig = (SIGNATURE *) malloc(sizeof(SIGNATURE)); + sig = (SIGNATURE *)malloc(sizeof(SIGNATURE)); if (!sig) { return NULL; } @@ -1101,14 +1101,14 @@ CRYPTO_SESSION *crypto_session_new (crypto_cipher_t cipher, alist *pubkeys) * Returns: true on success, stores the encoded data in dest, and the size in length. * false on failure. */ -bool crypto_session_encode(CRYPTO_SESSION *cs, void *dest, size_t *length) +bool crypto_session_encode(CRYPTO_SESSION *cs, uint8_t *dest, size_t *length) { if (*length == 0) { *length = i2d_CryptoData(cs->cryptoData, NULL); return true; } - *length = i2d_CryptoData(cs->cryptoData, (unsigned char **) &dest); + *length = i2d_CryptoData(cs->cryptoData, &dest); return true; } @@ -1121,16 +1121,16 @@ bool crypto_session_encode(CRYPTO_SESSION *cs, void *dest, size_t *length) * Returns: CRYPTO_ERROR_NONE and a pointer to a newly allocated CRYPTO_SESSION structure in *session on success. * A crypto_error_t value on failure. */ -crypto_error_t crypto_session_decode(const void *data, size_t length, alist *keypairs, CRYPTO_SESSION **session) +crypto_error_t crypto_session_decode(const uint8_t *data, size_t length, alist *keypairs, CRYPTO_SESSION **session) { CRYPTO_SESSION *cs; X509_KEYPAIR *keypair; STACK_OF(RecipientInfo) *recipients; crypto_error_t retval = CRYPTO_ERROR_NONE; #if (OPENSSL_VERSION_NUMBER >= 0x0090800FL) - const unsigned char *p = (const unsigned char *) data; + const unsigned char *p = (const unsigned char *)data; #else - unsigned char *p = (unsigned char *) data; + unsigned char *p = (unsigned char *)data; #endif cs = (CRYPTO_SESSION *) malloc(sizeof(CRYPTO_SESSION)); diff --git a/bacula/src/lib/protos.h b/bacula/src/lib/protos.h index 6f6c1ed4cd..5d1adaa159 100644 --- a/bacula/src/lib/protos.h +++ b/bacula/src/lib/protos.h @@ -119,23 +119,23 @@ uint32_t bcrc32(uint8_t *buf, int len); int init_crypto (void); int cleanup_crypto (void); DIGEST * crypto_digest_new (crypto_digest_t type); -bool crypto_digest_update (DIGEST *digest, const void *data, size_t length); -bool crypto_digest_finalize (DIGEST *digest, void *dest, size_t *length); +bool crypto_digest_update (DIGEST *digest, const uint8_t *data, uint32_t length); +bool crypto_digest_finalize (DIGEST *digest, uint8_t *dest, uint32_t *length); void crypto_digest_free (DIGEST *digest); SIGNATURE * crypto_sign_new (void); crypto_error_t crypto_sign_get_digest (SIGNATURE *sig, X509_KEYPAIR *keypair, DIGEST **digest); crypto_error_t crypto_sign_verify (SIGNATURE *sig, X509_KEYPAIR *keypair, DIGEST *digest); int crypto_sign_add_signer (SIGNATURE *sig, DIGEST *digest, X509_KEYPAIR *keypair); -int crypto_sign_encode (SIGNATURE *sig, void *dest, size_t *length); -SIGNATURE * crypto_sign_decode (const void *sigData, size_t length); +int crypto_sign_encode (SIGNATURE *sig, uint8_t *dest, uint32_t *length); +SIGNATURE * crypto_sign_decode (const uint8_t *sigData, uint32_t length); void crypto_sign_free (SIGNATURE *sig); CRYPTO_SESSION * crypto_session_new (crypto_cipher_t cipher, alist *pubkeys); void crypto_session_free (CRYPTO_SESSION *cs); -bool crypto_session_encode (CRYPTO_SESSION *cs, void *dest, size_t *length); -crypto_error_t crypto_session_decode (const void *data, size_t length, alist *keypairs, CRYPTO_SESSION **session); -CRYPTO_SESSION * crypto_session_decode (const void *data, size_t length); -CIPHER_CONTEXT * crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, size_t *blocksize); -bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, size_t length, const void *dest, size_t *written); +bool crypto_session_encode (CRYPTO_SESSION *cs, uint8_t *dest, uint32_t *length); +crypto_error_t crypto_session_decode (const uint8_t *data, uint32_t length, alist *keypairs, CRYPTO_SESSION **session); +CRYPTO_SESSION * crypto_session_decode (const uint8_t *data, uint32_t length); +CIPHER_CONTEXT * crypto_cipher_new (CRYPTO_SESSION *cs, bool encrypt, uint32_t *blocksize); +bool crypto_cipher_update (CIPHER_CONTEXT *cipher_ctx, const void *data, uint32_t length, const void *dest, size_t *written); bool crypto_cipher_finalize (CIPHER_CONTEXT *cipher_ctx, void *dest, size_t *written); void crypto_cipher_free (CIPHER_CONTEXT *cipher_ctx); X509_KEYPAIR * crypto_keypair_new (void);