aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet/ipsec
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2018-10-17 10:38:51 -0400
committerDamjan Marion <dmarion@me.com>2018-10-23 13:06:46 +0000
commitb7b929931a07fbb27b43d5cd105f366c3e29807e (patch)
tree438681c89738802dbb5d339715b96ea2c31bafb4 /src/vnet/ipsec
parentb9a4c445c1d4e9cdab476a8e1fb8a46ff0fc6080 (diff)
c11 safe string handling support
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r--src/vnet/ipsec/ah_decrypt.c6
-rw-r--r--src/vnet/ipsec/ah_encrypt.c6
-rw-r--r--src/vnet/ipsec/esp.h2
-rw-r--r--src/vnet/ipsec/esp_decrypt.c2
-rw-r--r--src/vnet/ipsec/ikev2.c12
-rw-r--r--src/vnet/ipsec/ikev2_crypto.c16
-rw-r--r--src/vnet/ipsec/ikev2_payload.c2
-rw-r--r--src/vnet/ipsec/ipsec.c4
-rw-r--r--src/vnet/ipsec/ipsec_api.c12
-rw-r--r--src/vnet/ipsec/ipsec_cli.c8
-rw-r--r--src/vnet/ipsec/ipsec_if.c8
11 files changed, 39 insertions, 39 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c
index 941368a9695..a69c7d24f47 100644
--- a/src/vnet/ipsec/ah_decrypt.c
+++ b/src/vnet/ipsec/ah_decrypt.c
@@ -179,11 +179,11 @@ ah_decrypt_inline (vlib_main_t * vm,
{
u8 sig[64];
u8 digest[64];
- memset (sig, 0, sizeof (sig));
- memset (digest, 0, sizeof (digest));
+ clib_memset (sig, 0, sizeof (sig));
+ clib_memset (digest, 0, sizeof (digest));
u8 *icv = ah0->auth_data;
memcpy (digest, icv, icv_size);
- memset (icv, 0, icv_size);
+ clib_memset (icv, 0, icv_size);
if (is_ip6)
{
diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c
index 856eab62c91..47f3b3884c0 100644
--- a/src/vnet/ipsec/ah_encrypt.c
+++ b/src/vnet/ipsec/ah_encrypt.c
@@ -212,7 +212,7 @@ ah_encrypt_inline (vlib_main_t * vm,
{
ip_hdr_size = sizeof (ip4_header_t);
oh0 = vlib_buffer_get_current (i_b0);
- memset (oh0, 0, sizeof (ip4_and_ah_header_t));
+ clib_memset (oh0, 0, sizeof (ip4_and_ah_header_t));
if (PREDICT_TRUE (sa0->is_tunnel))
{
@@ -265,11 +265,11 @@ ah_encrypt_inline (vlib_main_t * vm,
}
u8 sig[64];
- memset (sig, 0, sizeof (sig));
+ clib_memset (sig, 0, sizeof (sig));
u8 *digest =
vlib_buffer_get_current (i_b0) + ip_hdr_size +
sizeof (ah_header_t);
- memset (digest, 0, icv_size);
+ clib_memset (digest, 0, icv_size);
unsigned size = hmac_calc (sa0->integ_alg, sa0->integ_key,
sa0->integ_key_len,
diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h
index 73d43262e26..50c4d395ff9 100644
--- a/src/vnet/ipsec/esp.h
+++ b/src/vnet/ipsec/esp.h
@@ -259,7 +259,7 @@ ipsec_proto_init ()
ipsec_proto_main_t *em = &ipsec_proto_main;
vlib_thread_main_t *tm = vlib_get_thread_main ();
- memset (em, 0, sizeof (em[0]));
+ clib_memset (em, 0, sizeof (em[0]));
vec_validate (em->ipsec_proto_main_crypto_algs, IPSEC_CRYPTO_N_ALG - 1);
em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].type =
diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c
index bfddb9ece8d..fc45d7ee63d 100644
--- a/src/vnet/ipsec/esp_decrypt.c
+++ b/src/vnet/ipsec/esp_decrypt.c
@@ -213,7 +213,7 @@ esp_decrypt_inline (vlib_main_t * vm,
u8 sig[64];
int icv_size =
em->ipsec_proto_main_integ_algs[sa0->integ_alg].trunc_size;
- memset (sig, 0, sizeof (sig));
+ clib_memset (sig, 0, sizeof (sig));
u8 *icv =
vlib_buffer_get_current (i_b0) + i_b0->current_length -
icv_size;
diff --git a/src/vnet/ipsec/ikev2.c b/src/vnet/ipsec/ikev2.c
index bb6818e311c..ac20d4a9a10 100644
--- a/src/vnet/ipsec/ikev2.c
+++ b/src/vnet/ipsec/ikev2.c
@@ -1488,7 +1488,7 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa,
return 1;
}
- memset (&a, 0, sizeof (a));
+ clib_memset (&a, 0, sizeof (a));
a.is_add = 1;
if (sa->is_initiator)
{
@@ -1832,7 +1832,7 @@ ikev2_generate_message (ikev2_sa_t * sa, ike_header_t * ike, void *user)
ikev2_sa_proposal_t *proposals = (ikev2_sa_proposal_t *) user;
ikev2_notify_t notify;
u8 *data = vec_new (u8, 4);
- memset (&notify, 0, sizeof (notify));
+ clib_memset (&notify, 0, sizeof (notify));
notify.protocol_id = IKEV2_PROTOCOL_ESP;
notify.spi = sa->childs[0].i_proposals->spi;
*(u32 *) data = clib_host_to_net_u32 (notify.spi);
@@ -2116,7 +2116,7 @@ ikev2_node_fn (vlib_main_t * vm,
if (ike0->exchange == IKEV2_EXCHANGE_SA_INIT)
{
sa0 = &sa;
- memset (sa0, 0, sizeof (*sa0));
+ clib_memset (sa0, 0, sizeof (*sa0));
if (ike0->flags & IKEV2_HDR_FLAG_INITIATOR)
{
@@ -2691,7 +2691,7 @@ ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add)
return clib_error_return (0, "policy %v already exists", name);
pool_get (km->profiles, p);
- memset (p, 0, sizeof (*p));
+ clib_memset (p, 0, sizeof (*p));
p->name = vec_dup (name);
p->responder.sw_if_index = ~0;
uword index = p - km->profiles;
@@ -2956,7 +2956,7 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name)
/* Prepare the SA and the IKE payload */
ikev2_sa_t sa;
- memset (&sa, 0, sizeof (ikev2_sa_t));
+ clib_memset (&sa, 0, sizeof (ikev2_sa_t));
ikev2_payload_chain_t *chain = 0;
ikev2_payload_new_chain (chain);
@@ -3296,7 +3296,7 @@ ikev2_init (vlib_main_t * vm)
vlib_thread_main_t *tm = vlib_get_thread_main ();
int thread_id;
- memset (km, 0, sizeof (ikev2_main_t));
+ clib_memset (km, 0, sizeof (ikev2_main_t));
km->vnet_main = vnet_get_main ();
km->vlib_main = vm;
diff --git a/src/vnet/ipsec/ikev2_crypto.c b/src/vnet/ipsec/ikev2_crypto.c
index d595570de44..037a3f5777e 100644
--- a/src/vnet/ipsec/ikev2_crypto.c
+++ b/src/vnet/ipsec/ikev2_crypto.c
@@ -539,10 +539,10 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
{
sa->i_dh_data = vec_new (u8, t->key_len);
x_off = len - BN_num_bytes (x);
- memset (sa->i_dh_data, 0, x_off);
+ clib_memset (sa->i_dh_data, 0, x_off);
BN_bn2bin (x, sa->i_dh_data + x_off);
y_off = t->key_len - BN_num_bytes (y);
- memset (sa->i_dh_data + len, 0, y_off - len);
+ clib_memset (sa->i_dh_data + len, 0, y_off - len);
BN_bn2bin (y, sa->i_dh_data + y_off);
const BIGNUM *prv = EC_KEY_get0_private_key (ec);
@@ -554,10 +554,10 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
{
sa->r_dh_data = vec_new (u8, t->key_len);
x_off = len - BN_num_bytes (x);
- memset (sa->r_dh_data, 0, x_off);
+ clib_memset (sa->r_dh_data, 0, x_off);
BN_bn2bin (x, sa->r_dh_data + x_off);
y_off = t->key_len - BN_num_bytes (y);
- memset (sa->r_dh_data + len, 0, y_off - len);
+ clib_memset (sa->r_dh_data + len, 0, y_off - len);
BN_bn2bin (y, sa->r_dh_data + y_off);
x = BN_bin2bn (sa->i_dh_data, len, x);
@@ -569,10 +569,10 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y,
bn_ctx);
x_off = len - BN_num_bytes (x);
- memset (sa->dh_shared_key, 0, x_off);
+ clib_memset (sa->dh_shared_key, 0, x_off);
BN_bn2bin (x, sa->dh_shared_key + x_off);
y_off = t->key_len - BN_num_bytes (y);
- memset (sa->dh_shared_key + len, 0, y_off - len);
+ clib_memset (sa->dh_shared_key + len, 0, y_off - len);
BN_bn2bin (y, sa->dh_shared_key + y_off);
}
@@ -658,10 +658,10 @@ ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t)
EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx);
sa->dh_shared_key = vec_new (u8, t->key_len);
x_off = len - BN_num_bytes (x);
- memset (sa->dh_shared_key, 0, x_off);
+ clib_memset (sa->dh_shared_key, 0, x_off);
BN_bn2bin (x, sa->dh_shared_key + x_off);
y_off = t->key_len - BN_num_bytes (y);
- memset (sa->dh_shared_key + len, 0, y_off - len);
+ clib_memset (sa->dh_shared_key + len, 0, y_off - len);
BN_bn2bin (y, sa->dh_shared_key + y_off);
EC_KEY_free (ec);
diff --git a/src/vnet/ipsec/ikev2_payload.c b/src/vnet/ipsec/ikev2_payload.c
index 34595380ec1..e5fa0149feb 100644
--- a/src/vnet/ipsec/ikev2_payload.c
+++ b/src/vnet/ipsec/ikev2_payload.c
@@ -111,7 +111,7 @@ ikev2_payload_add_hdr (ikev2_payload_chain_t * c, u8 payload_type, int len)
c->last_hdr_off = vec_len (c->data);
vec_add2 (c->data, tmp, len);
hdr = (ike_payload_header_t *) tmp;
- memset (hdr, 0, len);
+ clib_memset (hdr, 0, len);
hdr->length = clib_host_to_net_u16 (len);
diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c
index d1b82b51326..6e4c7f1b687 100644
--- a/src/vnet/ipsec/ipsec.c
+++ b/src/vnet/ipsec/ipsec.c
@@ -126,7 +126,7 @@ ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add)
else /* create new SPD */
{
pool_get (im->spds, spd);
- memset (spd, 0, sizeof (*spd));
+ clib_memset (spd, 0, sizeof (*spd));
spd_index = spd - im->spds;
spd->id = spd_id;
hash_set (im->spd_index_by_spd_id, spd_id, spd_index);
@@ -546,7 +546,7 @@ ipsec_init (vlib_main_t * vm)
ipsec_rand_seed ();
- memset (im, 0, sizeof (im[0]));
+ clib_memset (im, 0, sizeof (im[0]));
im->vnet_main = vnet_get_main ();
im->vlib_main = vm;
diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c
index 37daee0b64f..f80c3400a6f 100644
--- a/src/vnet/ipsec/ipsec_api.c
+++ b/src/vnet/ipsec/ipsec_api.c
@@ -125,7 +125,7 @@ static void vl_api_ipsec_spd_add_del_entry_t_handler
#if WITH_LIBSSL > 0
ipsec_policy_t p;
- memset (&p, 0, sizeof (p));
+ clib_memset (&p, 0, sizeof (p));
p.id = ntohl (mp->spd_id);
p.priority = ntohl (mp->priority);
@@ -189,7 +189,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler
ipsec_main_t *im = &ipsec_main;
ipsec_sa_t sa;
- memset (&sa, 0, sizeof (sa));
+ clib_memset (&sa, 0, sizeof (sa));
sa.id = ntohl (mp->sad_id);
sa.spi = ntohl (mp->spi);
@@ -259,7 +259,7 @@ send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg,
vl_api_ipsec_spds_details_t *mp;
mp = vl_msg_api_alloc (sizeof (*mp));
- memset (mp, 0, sizeof (*mp));
+ clib_memset (mp, 0, sizeof (*mp));
mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS);
mp->context = context;
@@ -297,7 +297,7 @@ send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg,
vl_api_ipsec_spd_details_t *mp;
mp = vl_msg_api_alloc (sizeof (*mp));
- memset (mp, 0, sizeof (*mp));
+ clib_memset (mp, 0, sizeof (*mp));
mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS);
mp->context = context;
@@ -401,7 +401,7 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t *
#if WITH_LIBSSL > 0
ipsec_add_del_tunnel_args_t tun;
- memset (&tun, 0, sizeof (ipsec_add_del_tunnel_args_t));
+ clib_memset (&tun, 0, sizeof (ipsec_add_del_tunnel_args_t));
tun.is_add = mp->is_add;
tun.esn = mp->esn;
@@ -447,7 +447,7 @@ send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg,
vl_api_ipsec_sa_details_t *mp;
mp = vl_msg_api_alloc (sizeof (*mp));
- memset (mp, 0, sizeof (*mp));
+ clib_memset (mp, 0, sizeof (*mp));
mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS);
mp->context = context;
diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c
index 9cbd2493ed4..4e382bdeab5 100644
--- a/src/vnet/ipsec/ipsec_cli.c
+++ b/src/vnet/ipsec/ipsec_cli.c
@@ -79,7 +79,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm,
u8 *ck = 0, *ik = 0;
clib_error_t *error = NULL;
- memset (&sa, 0, sizeof (sa));
+ clib_memset (&sa, 0, sizeof (sa));
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -262,7 +262,7 @@ ipsec_policy_add_del_command_fn (vlib_main_t * vm,
u32 tmp, tmp2;
clib_error_t *error = NULL;
- memset (&p, 0, sizeof (p));
+ clib_memset (&p, 0, sizeof (p));
p.lport.stop = p.rport.stop = ~0;
p.laddr.stop.ip4.as_u32 = p.raddr.stop.ip4.as_u32 = (u32) ~ 0;
p.laddr.stop.ip6.as_u64[0] = p.laddr.stop.ip6.as_u64[1] = (u64) ~ 0;
@@ -394,7 +394,7 @@ set_ipsec_sa_key_command_fn (vlib_main_t * vm,
u8 *ck = 0, *ik = 0;
clib_error_t *error = NULL;
- memset (&sa, 0, sizeof (sa));
+ clib_memset (&sa, 0, sizeof (sa));
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -746,7 +746,7 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm,
u32 num_m_args = 0;
clib_error_t *error = NULL;
- memset (&a, 0, sizeof (a));
+ clib_memset (&a, 0, sizeof (a));
a.is_add = 1;
/* Get a line of input. */
diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c
index 2640f25c011..b8cba149584 100644
--- a/src/vnet/ipsec/ipsec_if.c
+++ b/src/vnet/ipsec/ipsec_if.c
@@ -291,7 +291,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
return VNET_API_ERROR_INVALID_VALUE;
pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES);
- memset (t, 0, sizeof (*t));
+ clib_memset (t, 0, sizeof (*t));
dev_instance = t - im->tunnel_interfaces;
if (args->renumber)
@@ -309,7 +309,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
dev_instance);
pool_get (im->sad, sa);
- memset (sa, 0, sizeof (*sa));
+ clib_memset (sa, 0, sizeof (*sa));
t->input_sa_index = sa - im->sad;
sa->spi = args->remote_spi;
sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32;
@@ -334,7 +334,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm,
}
pool_get (im->sad, sa);
- memset (sa, 0, sizeof (*sa));
+ clib_memset (sa, 0, sizeof (*sa));
t->output_sa_index = sa - im->sad;
sa->spi = args->local_spi;
sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32;
@@ -456,7 +456,7 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm,
return VNET_API_ERROR_INVALID_VALUE;
pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES);
- memset (t, 0, sizeof (*t));
+ clib_memset (t, 0, sizeof (*t));
t->input_sa_index = isa;
t->output_sa_index = osa;