diff options
author | Dave Barach <dave@barachs.net> | 2018-10-17 10:38:51 -0400 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-10-23 13:06:46 +0000 |
commit | b7b929931a07fbb27b43d5cd105f366c3e29807e (patch) | |
tree | 438681c89738802dbb5d339715b96ea2c31bafb4 /src/vnet/ipsec | |
parent | b9a4c445c1d4e9cdab476a8e1fb8a46ff0fc6080 (diff) |
c11 safe string handling support
Change-Id: Ied34720ca5a6e6e717eea4e86003e854031b6eab
Signed-off-by: Dave Barach <dave@barachs.net>
Diffstat (limited to 'src/vnet/ipsec')
-rw-r--r-- | src/vnet/ipsec/ah_decrypt.c | 6 | ||||
-rw-r--r-- | src/vnet/ipsec/ah_encrypt.c | 6 | ||||
-rw-r--r-- | src/vnet/ipsec/esp.h | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/esp_decrypt.c | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/ikev2.c | 12 | ||||
-rw-r--r-- | src/vnet/ipsec/ikev2_crypto.c | 16 | ||||
-rw-r--r-- | src/vnet/ipsec/ikev2_payload.c | 2 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec.c | 4 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_api.c | 12 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_cli.c | 8 | ||||
-rw-r--r-- | src/vnet/ipsec/ipsec_if.c | 8 |
11 files changed, 39 insertions, 39 deletions
diff --git a/src/vnet/ipsec/ah_decrypt.c b/src/vnet/ipsec/ah_decrypt.c index 941368a9695..a69c7d24f47 100644 --- a/src/vnet/ipsec/ah_decrypt.c +++ b/src/vnet/ipsec/ah_decrypt.c @@ -179,11 +179,11 @@ ah_decrypt_inline (vlib_main_t * vm, { u8 sig[64]; u8 digest[64]; - memset (sig, 0, sizeof (sig)); - memset (digest, 0, sizeof (digest)); + clib_memset (sig, 0, sizeof (sig)); + clib_memset (digest, 0, sizeof (digest)); u8 *icv = ah0->auth_data; memcpy (digest, icv, icv_size); - memset (icv, 0, icv_size); + clib_memset (icv, 0, icv_size); if (is_ip6) { diff --git a/src/vnet/ipsec/ah_encrypt.c b/src/vnet/ipsec/ah_encrypt.c index 856eab62c91..47f3b3884c0 100644 --- a/src/vnet/ipsec/ah_encrypt.c +++ b/src/vnet/ipsec/ah_encrypt.c @@ -212,7 +212,7 @@ ah_encrypt_inline (vlib_main_t * vm, { ip_hdr_size = sizeof (ip4_header_t); oh0 = vlib_buffer_get_current (i_b0); - memset (oh0, 0, sizeof (ip4_and_ah_header_t)); + clib_memset (oh0, 0, sizeof (ip4_and_ah_header_t)); if (PREDICT_TRUE (sa0->is_tunnel)) { @@ -265,11 +265,11 @@ ah_encrypt_inline (vlib_main_t * vm, } u8 sig[64]; - memset (sig, 0, sizeof (sig)); + clib_memset (sig, 0, sizeof (sig)); u8 *digest = vlib_buffer_get_current (i_b0) + ip_hdr_size + sizeof (ah_header_t); - memset (digest, 0, icv_size); + clib_memset (digest, 0, icv_size); unsigned size = hmac_calc (sa0->integ_alg, sa0->integ_key, sa0->integ_key_len, diff --git a/src/vnet/ipsec/esp.h b/src/vnet/ipsec/esp.h index 73d43262e26..50c4d395ff9 100644 --- a/src/vnet/ipsec/esp.h +++ b/src/vnet/ipsec/esp.h @@ -259,7 +259,7 @@ ipsec_proto_init () ipsec_proto_main_t *em = &ipsec_proto_main; vlib_thread_main_t *tm = vlib_get_thread_main (); - memset (em, 0, sizeof (em[0])); + clib_memset (em, 0, sizeof (em[0])); vec_validate (em->ipsec_proto_main_crypto_algs, IPSEC_CRYPTO_N_ALG - 1); em->ipsec_proto_main_crypto_algs[IPSEC_CRYPTO_ALG_AES_CBC_128].type = diff --git a/src/vnet/ipsec/esp_decrypt.c b/src/vnet/ipsec/esp_decrypt.c index bfddb9ece8d..fc45d7ee63d 100644 --- a/src/vnet/ipsec/esp_decrypt.c +++ b/src/vnet/ipsec/esp_decrypt.c @@ -213,7 +213,7 @@ esp_decrypt_inline (vlib_main_t * vm, u8 sig[64]; int icv_size = em->ipsec_proto_main_integ_algs[sa0->integ_alg].trunc_size; - memset (sig, 0, sizeof (sig)); + clib_memset (sig, 0, sizeof (sig)); u8 *icv = vlib_buffer_get_current (i_b0) + i_b0->current_length - icv_size; diff --git a/src/vnet/ipsec/ikev2.c b/src/vnet/ipsec/ikev2.c index bb6818e311c..ac20d4a9a10 100644 --- a/src/vnet/ipsec/ikev2.c +++ b/src/vnet/ipsec/ikev2.c @@ -1488,7 +1488,7 @@ ikev2_create_tunnel_interface (vnet_main_t * vnm, ikev2_sa_t * sa, return 1; } - memset (&a, 0, sizeof (a)); + clib_memset (&a, 0, sizeof (a)); a.is_add = 1; if (sa->is_initiator) { @@ -1832,7 +1832,7 @@ ikev2_generate_message (ikev2_sa_t * sa, ike_header_t * ike, void *user) ikev2_sa_proposal_t *proposals = (ikev2_sa_proposal_t *) user; ikev2_notify_t notify; u8 *data = vec_new (u8, 4); - memset (¬ify, 0, sizeof (notify)); + clib_memset (¬ify, 0, sizeof (notify)); notify.protocol_id = IKEV2_PROTOCOL_ESP; notify.spi = sa->childs[0].i_proposals->spi; *(u32 *) data = clib_host_to_net_u32 (notify.spi); @@ -2116,7 +2116,7 @@ ikev2_node_fn (vlib_main_t * vm, if (ike0->exchange == IKEV2_EXCHANGE_SA_INIT) { sa0 = &sa; - memset (sa0, 0, sizeof (*sa0)); + clib_memset (sa0, 0, sizeof (*sa0)); if (ike0->flags & IKEV2_HDR_FLAG_INITIATOR) { @@ -2691,7 +2691,7 @@ ikev2_add_del_profile (vlib_main_t * vm, u8 * name, int is_add) return clib_error_return (0, "policy %v already exists", name); pool_get (km->profiles, p); - memset (p, 0, sizeof (*p)); + clib_memset (p, 0, sizeof (*p)); p->name = vec_dup (name); p->responder.sw_if_index = ~0; uword index = p - km->profiles; @@ -2956,7 +2956,7 @@ ikev2_initiate_sa_init (vlib_main_t * vm, u8 * name) /* Prepare the SA and the IKE payload */ ikev2_sa_t sa; - memset (&sa, 0, sizeof (ikev2_sa_t)); + clib_memset (&sa, 0, sizeof (ikev2_sa_t)); ikev2_payload_chain_t *chain = 0; ikev2_payload_new_chain (chain); @@ -3296,7 +3296,7 @@ ikev2_init (vlib_main_t * vm) vlib_thread_main_t *tm = vlib_get_thread_main (); int thread_id; - memset (km, 0, sizeof (ikev2_main_t)); + clib_memset (km, 0, sizeof (ikev2_main_t)); km->vnet_main = vnet_get_main (); km->vlib_main = vm; diff --git a/src/vnet/ipsec/ikev2_crypto.c b/src/vnet/ipsec/ikev2_crypto.c index d595570de44..037a3f5777e 100644 --- a/src/vnet/ipsec/ikev2_crypto.c +++ b/src/vnet/ipsec/ikev2_crypto.c @@ -539,10 +539,10 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) { sa->i_dh_data = vec_new (u8, t->key_len); x_off = len - BN_num_bytes (x); - memset (sa->i_dh_data, 0, x_off); + clib_memset (sa->i_dh_data, 0, x_off); BN_bn2bin (x, sa->i_dh_data + x_off); y_off = t->key_len - BN_num_bytes (y); - memset (sa->i_dh_data + len, 0, y_off - len); + clib_memset (sa->i_dh_data + len, 0, y_off - len); BN_bn2bin (y, sa->i_dh_data + y_off); const BIGNUM *prv = EC_KEY_get0_private_key (ec); @@ -554,10 +554,10 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) { sa->r_dh_data = vec_new (u8, t->key_len); x_off = len - BN_num_bytes (x); - memset (sa->r_dh_data, 0, x_off); + clib_memset (sa->r_dh_data, 0, x_off); BN_bn2bin (x, sa->r_dh_data + x_off); y_off = t->key_len - BN_num_bytes (y); - memset (sa->r_dh_data + len, 0, y_off - len); + clib_memset (sa->r_dh_data + len, 0, y_off - len); BN_bn2bin (y, sa->r_dh_data + y_off); x = BN_bin2bn (sa->i_dh_data, len, x); @@ -569,10 +569,10 @@ ikev2_generate_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx); x_off = len - BN_num_bytes (x); - memset (sa->dh_shared_key, 0, x_off); + clib_memset (sa->dh_shared_key, 0, x_off); BN_bn2bin (x, sa->dh_shared_key + x_off); y_off = t->key_len - BN_num_bytes (y); - memset (sa->dh_shared_key + len, 0, y_off - len); + clib_memset (sa->dh_shared_key + len, 0, y_off - len); BN_bn2bin (y, sa->dh_shared_key + y_off); } @@ -658,10 +658,10 @@ ikev2_complete_dh (ikev2_sa_t * sa, ikev2_sa_transform_t * t) EC_POINT_get_affine_coordinates_GFp (group, shared_point, x, y, bn_ctx); sa->dh_shared_key = vec_new (u8, t->key_len); x_off = len - BN_num_bytes (x); - memset (sa->dh_shared_key, 0, x_off); + clib_memset (sa->dh_shared_key, 0, x_off); BN_bn2bin (x, sa->dh_shared_key + x_off); y_off = t->key_len - BN_num_bytes (y); - memset (sa->dh_shared_key + len, 0, y_off - len); + clib_memset (sa->dh_shared_key + len, 0, y_off - len); BN_bn2bin (y, sa->dh_shared_key + y_off); EC_KEY_free (ec); diff --git a/src/vnet/ipsec/ikev2_payload.c b/src/vnet/ipsec/ikev2_payload.c index 34595380ec1..e5fa0149feb 100644 --- a/src/vnet/ipsec/ikev2_payload.c +++ b/src/vnet/ipsec/ikev2_payload.c @@ -111,7 +111,7 @@ ikev2_payload_add_hdr (ikev2_payload_chain_t * c, u8 payload_type, int len) c->last_hdr_off = vec_len (c->data); vec_add2 (c->data, tmp, len); hdr = (ike_payload_header_t *) tmp; - memset (hdr, 0, len); + clib_memset (hdr, 0, len); hdr->length = clib_host_to_net_u16 (len); diff --git a/src/vnet/ipsec/ipsec.c b/src/vnet/ipsec/ipsec.c index d1b82b51326..6e4c7f1b687 100644 --- a/src/vnet/ipsec/ipsec.c +++ b/src/vnet/ipsec/ipsec.c @@ -126,7 +126,7 @@ ipsec_add_del_spd (vlib_main_t * vm, u32 spd_id, int is_add) else /* create new SPD */ { pool_get (im->spds, spd); - memset (spd, 0, sizeof (*spd)); + clib_memset (spd, 0, sizeof (*spd)); spd_index = spd - im->spds; spd->id = spd_id; hash_set (im->spd_index_by_spd_id, spd_id, spd_index); @@ -546,7 +546,7 @@ ipsec_init (vlib_main_t * vm) ipsec_rand_seed (); - memset (im, 0, sizeof (im[0])); + clib_memset (im, 0, sizeof (im[0])); im->vnet_main = vnet_get_main (); im->vlib_main = vm; diff --git a/src/vnet/ipsec/ipsec_api.c b/src/vnet/ipsec/ipsec_api.c index 37daee0b64f..f80c3400a6f 100644 --- a/src/vnet/ipsec/ipsec_api.c +++ b/src/vnet/ipsec/ipsec_api.c @@ -125,7 +125,7 @@ static void vl_api_ipsec_spd_add_del_entry_t_handler #if WITH_LIBSSL > 0 ipsec_policy_t p; - memset (&p, 0, sizeof (p)); + clib_memset (&p, 0, sizeof (p)); p.id = ntohl (mp->spd_id); p.priority = ntohl (mp->priority); @@ -189,7 +189,7 @@ static void vl_api_ipsec_sad_add_del_entry_t_handler ipsec_main_t *im = &ipsec_main; ipsec_sa_t sa; - memset (&sa, 0, sizeof (sa)); + clib_memset (&sa, 0, sizeof (sa)); sa.id = ntohl (mp->sad_id); sa.spi = ntohl (mp->spi); @@ -259,7 +259,7 @@ send_ipsec_spds_details (ipsec_spd_t * spd, vl_api_registration_t * reg, vl_api_ipsec_spds_details_t *mp; mp = vl_msg_api_alloc (sizeof (*mp)); - memset (mp, 0, sizeof (*mp)); + clib_memset (mp, 0, sizeof (*mp)); mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPDS_DETAILS); mp->context = context; @@ -297,7 +297,7 @@ send_ipsec_spd_details (ipsec_policy_t * p, vl_api_registration_t * reg, vl_api_ipsec_spd_details_t *mp; mp = vl_msg_api_alloc (sizeof (*mp)); - memset (mp, 0, sizeof (*mp)); + clib_memset (mp, 0, sizeof (*mp)); mp->_vl_msg_id = ntohs (VL_API_IPSEC_SPD_DETAILS); mp->context = context; @@ -401,7 +401,7 @@ vl_api_ipsec_tunnel_if_add_del_t_handler (vl_api_ipsec_tunnel_if_add_del_t * #if WITH_LIBSSL > 0 ipsec_add_del_tunnel_args_t tun; - memset (&tun, 0, sizeof (ipsec_add_del_tunnel_args_t)); + clib_memset (&tun, 0, sizeof (ipsec_add_del_tunnel_args_t)); tun.is_add = mp->is_add; tun.esn = mp->esn; @@ -447,7 +447,7 @@ send_ipsec_sa_details (ipsec_sa_t * sa, vl_api_registration_t * reg, vl_api_ipsec_sa_details_t *mp; mp = vl_msg_api_alloc (sizeof (*mp)); - memset (mp, 0, sizeof (*mp)); + clib_memset (mp, 0, sizeof (*mp)); mp->_vl_msg_id = ntohs (VL_API_IPSEC_SA_DETAILS); mp->context = context; diff --git a/src/vnet/ipsec/ipsec_cli.c b/src/vnet/ipsec/ipsec_cli.c index 9cbd2493ed4..4e382bdeab5 100644 --- a/src/vnet/ipsec/ipsec_cli.c +++ b/src/vnet/ipsec/ipsec_cli.c @@ -79,7 +79,7 @@ ipsec_sa_add_del_command_fn (vlib_main_t * vm, u8 *ck = 0, *ik = 0; clib_error_t *error = NULL; - memset (&sa, 0, sizeof (sa)); + clib_memset (&sa, 0, sizeof (sa)); if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -262,7 +262,7 @@ ipsec_policy_add_del_command_fn (vlib_main_t * vm, u32 tmp, tmp2; clib_error_t *error = NULL; - memset (&p, 0, sizeof (p)); + clib_memset (&p, 0, sizeof (p)); p.lport.stop = p.rport.stop = ~0; p.laddr.stop.ip4.as_u32 = p.raddr.stop.ip4.as_u32 = (u32) ~ 0; p.laddr.stop.ip6.as_u64[0] = p.laddr.stop.ip6.as_u64[1] = (u64) ~ 0; @@ -394,7 +394,7 @@ set_ipsec_sa_key_command_fn (vlib_main_t * vm, u8 *ck = 0, *ik = 0; clib_error_t *error = NULL; - memset (&sa, 0, sizeof (sa)); + clib_memset (&sa, 0, sizeof (sa)); if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -746,7 +746,7 @@ create_ipsec_tunnel_command_fn (vlib_main_t * vm, u32 num_m_args = 0; clib_error_t *error = NULL; - memset (&a, 0, sizeof (a)); + clib_memset (&a, 0, sizeof (a)); a.is_add = 1; /* Get a line of input. */ diff --git a/src/vnet/ipsec/ipsec_if.c b/src/vnet/ipsec/ipsec_if.c index 2640f25c011..b8cba149584 100644 --- a/src/vnet/ipsec/ipsec_if.c +++ b/src/vnet/ipsec/ipsec_if.c @@ -291,7 +291,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, return VNET_API_ERROR_INVALID_VALUE; pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES); - memset (t, 0, sizeof (*t)); + clib_memset (t, 0, sizeof (*t)); dev_instance = t - im->tunnel_interfaces; if (args->renumber) @@ -309,7 +309,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, dev_instance); pool_get (im->sad, sa); - memset (sa, 0, sizeof (*sa)); + clib_memset (sa, 0, sizeof (*sa)); t->input_sa_index = sa - im->sad; sa->spi = args->remote_spi; sa->tunnel_src_addr.ip4.as_u32 = args->remote_ip.as_u32; @@ -334,7 +334,7 @@ ipsec_add_del_tunnel_if_internal (vnet_main_t * vnm, } pool_get (im->sad, sa); - memset (sa, 0, sizeof (*sa)); + clib_memset (sa, 0, sizeof (*sa)); t->output_sa_index = sa - im->sad; sa->spi = args->local_spi; sa->tunnel_src_addr.ip4.as_u32 = args->local_ip.as_u32; @@ -456,7 +456,7 @@ ipsec_add_del_ipsec_gre_tunnel (vnet_main_t * vnm, return VNET_API_ERROR_INVALID_VALUE; pool_get_aligned (im->tunnel_interfaces, t, CLIB_CACHE_LINE_BYTES); - memset (t, 0, sizeof (*t)); + clib_memset (t, 0, sizeof (*t)); t->input_sa_index = isa; t->output_sa_index = osa; |