Use ibuf_data() instead of direct access to ibuf->buf.
In some cases use ibuf_add_buf().
--
:wq Claudio
Index: crypto.c
===================================================================
RCS file: /cvs/src/sbin/iked/crypto.c,v
retrieving revision 1.44
diff -u -p -r1.44 crypto.c
--- crypto.c 6 Jun 2023 13:27:49 -0000 1.44
+++ crypto.c 27 Jul 2023 13:28:59 -0000
@@ -327,7 +327,7 @@ hash_free(struct iked_hash *hash)
void
hash_init(struct iked_hash *hash)
{
- HMAC_Init_ex(hash->hash_ctx, hash->hash_key->buf,
+ HMAC_Init_ex(hash->hash_ctx, ibuf_data(hash->hash_key),
ibuf_length(hash->hash_key), hash->hash_priv, NULL);
}
@@ -572,7 +572,7 @@ cipher_init(struct iked_cipher *encr, in
encr->encr_saltlength), encr->encr_saltlength);
if (nonce == NULL)
return (-1);
- if (ibuf_add(nonce, ibuf_data(encr->encr_iv) ,
ibuf_size(encr->encr_iv)) != 0)
+ if (ibuf_add_buf(nonce, encr->encr_iv) != 0)
goto done;
if (EVP_CipherInit_ex(encr->encr_ctx, NULL, NULL,
ibuf_data(encr->encr_key), ibuf_data(nonce), enc) != 1)
Index: dh.c
===================================================================
RCS file: /cvs/src/sbin/iked/dh.c,v
retrieving revision 1.32
diff -u -p -r1.32 dh.c
--- dh.c 3 Dec 2022 22:34:35 -0000 1.32
+++ dh.c 27 Jul 2023 08:27:36 -0000
@@ -401,7 +401,7 @@ dh_create_exchange(struct dh_group *grou
if (buf == NULL)
return -1;
*bufp = buf;
- return (group->exchange(group, buf->buf));
+ return (group->exchange(group, ibuf_data(buf)));
}
int
@@ -419,7 +419,7 @@ dh_create_shared(struct dh_group *group,
if (buf == NULL)
return -1;
*secretp = buf;
- return (group->shared(group, buf->buf, exchange->buf));
+ return (group->shared(group, ibuf_data(buf), ibuf_data(exchange)));
}
int
@@ -801,7 +801,7 @@ kemsx_create_exchange2(struct dh_group *
buf = ibuf_new(NULL, need);
if (buf == NULL)
return -1;
- cp = buf->buf;
+ cp = ibuf_data(buf);
memcpy(cp, kemsx->public,
crypto_kem_sntrup761_PUBLICKEYBYTES);
cp += crypto_kem_sntrup761_PUBLICKEYBYTES;
@@ -819,8 +819,8 @@ kemsx_create_exchange2(struct dh_group *
buf = ibuf_new(NULL, need);
if (buf == NULL)
return -1;
- cp = buf->buf;
- pk = iexchange->buf;
+ cp = ibuf_data(buf);
+ pk = ibuf_data(iexchange);
crypto_kem_sntrup761_enc(cp, kemsx->kemkey, pk);
cp += crypto_kem_sntrup761_CIPHERTEXTBYTES;
}
@@ -850,7 +850,7 @@ kemsx_create_shared2(struct dh_group *gr
return (-1);
have = ibuf_size(exchange);
- cp = exchange->buf;
+ cp = ibuf_data(exchange);
if (kemsx->initiator) {
/* input */
need = crypto_kem_sntrup761_CIPHERTEXTBYTES +
@@ -878,7 +878,7 @@ kemsx_create_shared2(struct dh_group *gr
EVP_DigestInit_ex(ctx, EVP_sha512(), NULL) != 1 ||
EVP_DigestUpdate(ctx, kemsx->kemkey, sizeof(kemsx->kemkey)) != 1 ||
EVP_DigestUpdate(ctx, shared, sizeof(shared)) != 1 ||
- EVP_DigestFinal_ex(ctx, buf->buf, &len) != 1) {
+ EVP_DigestFinal_ex(ctx, ibuf_data(buf), &len) != 1) {
EVP_MD_CTX_free(ctx);
ibuf_free(buf);
return (-1);
Index: ikev2.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2.c,v
retrieving revision 1.374
diff -u -p -r1.374 ikev2.c
--- ikev2.c 18 Jul 2023 15:07:41 -0000 1.374
+++ ikev2.c 27 Jul 2023 13:28:15 -0000
@@ -5738,14 +5738,14 @@ ikev2_sa_keys(struct iked *env, struct i
log_debug("%s: DHSECRET with %zu bytes", SPI_SA(sa, __func__),
ibuf_length(dhsecret));
- print_hex(dhsecret->buf, 0, ibuf_length(dhsecret));
+ print_hex(ibuf_data(dhsecret), 0, ibuf_length(dhsecret));
if (!key) {
/*
* Set PRF key to generate SKEYSEED = prf(Ni | Nr, g^ir)
*/
- if ((ninr = ibuf_new(sa->sa_inonce->buf, ilen)) == NULL ||
- ibuf_add(ninr, sa->sa_rnonce->buf, rlen) != 0) {
+ if ((ninr = ibuf_new(ibuf_data(sa->sa_inonce), ilen)) == NULL ||
+ ibuf_add(ninr, ibuf_data(sa->sa_rnonce), rlen) != 0) {
log_info("%s: failed to get nonce key buffer",
SPI_SA(sa, __func__));
goto done;
@@ -5755,15 +5755,15 @@ ikev2_sa_keys(struct iked *env, struct i
/*
* Set PRF key to generate SKEYSEED = prf(key, g^ir | Ni | Nr)
*/
- if (ibuf_add(dhsecret, sa->sa_inonce->buf, ilen) != 0 ||
- ibuf_add(dhsecret, sa->sa_rnonce->buf, rlen) != 0) {
+ if (ibuf_add(dhsecret, ibuf_data(sa->sa_inonce), ilen) != 0 ||
+ ibuf_add(dhsecret, ibuf_data(sa->sa_rnonce), rlen) != 0) {
log_info("%s: failed to get nonce key buffer",
SPI_SA(sa, __func__));
goto done;
}
}
- if ((hash_setkey(prf, key->buf, ibuf_length(key))) == NULL) {
+ if ((hash_setkey(prf, ibuf_data(key), ibuf_length(key))) == NULL) {
log_info("%s: failed to set prf key", SPI_SA(sa, __func__));
goto done;
}
@@ -5776,11 +5776,11 @@ ikev2_sa_keys(struct iked *env, struct i
tmplen = 0;
hash_init(prf);
- hash_update(prf, dhsecret->buf, ibuf_length(dhsecret));
- hash_final(prf, skeyseed->buf, &tmplen);
+ hash_update(prf, ibuf_data(dhsecret), ibuf_length(dhsecret));
+ hash_final(prf, ibuf_data(skeyseed), &tmplen);
log_debug("%s: SKEYSEED with %zu bytes", __func__, tmplen);
- print_hex(skeyseed->buf, 0, tmplen);
+ print_hex(ibuf_data(skeyseed), 0, tmplen);
if (ibuf_setsize(skeyseed, tmplen) == -1) {
log_info("%s: failed to set keymaterial length",
@@ -5800,8 +5800,8 @@ ikev2_sa_keys(struct iked *env, struct i
ispi = htobe64(sa->sa_hdr.sh_ispi);
rspi = htobe64(sa->sa_hdr.sh_rspi);
- if ((s = ibuf_new(sa->sa_inonce->buf, ilen)) == NULL ||
- ibuf_add(s, sa->sa_rnonce->buf, rlen) != 0 ||
+ if ((s = ibuf_new(ibuf_data(sa->sa_inonce), ilen)) == NULL ||
+ ibuf_add(s, ibuf_data(sa->sa_rnonce), rlen) != 0 ||
ibuf_add(s, &ispi, sizeof(ispi)) != 0 ||
ibuf_add(s, &rspi, sizeof(rspi)) != 0) {
log_info("%s: failed to set S buffer",
@@ -5810,7 +5810,7 @@ ikev2_sa_keys(struct iked *env, struct i
}
log_debug("%s: S with %zu bytes", SPI_SA(sa, __func__), ibuf_length(s));
- print_hex(s->buf, 0, ibuf_length(s));
+ print_hex(ibuf_data(s), 0, ibuf_length(s));
/*
* Get the size of the key material we need and the number
@@ -5850,29 +5850,31 @@ ikev2_sa_keys(struct iked *env, struct i
log_debug("%s: SK_d with %zu bytes", __func__,
ibuf_length(sa->sa_key_d));
- print_hex(sa->sa_key_d->buf, 0, ibuf_length(sa->sa_key_d));
+ print_hex(ibuf_data(sa->sa_key_d), 0, ibuf_length(sa->sa_key_d));
if (!isaead) {
log_debug("%s: SK_ai with %zu bytes", __func__,
ibuf_length(sa->sa_key_iauth));
- print_hex(sa->sa_key_iauth->buf, 0,
+ print_hex(ibuf_data(sa->sa_key_iauth), 0,
ibuf_length(sa->sa_key_iauth));
log_debug("%s: SK_ar with %zu bytes", __func__,
ibuf_length(sa->sa_key_rauth));
- print_hex(sa->sa_key_rauth->buf, 0,
+ print_hex(ibuf_data(sa->sa_key_rauth), 0,
ibuf_length(sa->sa_key_rauth));
}
log_debug("%s: SK_ei with %zu bytes", __func__,
ibuf_length(sa->sa_key_iencr));
- print_hex(sa->sa_key_iencr->buf, 0, ibuf_length(sa->sa_key_iencr));
+ print_hex(ibuf_data(sa->sa_key_iencr), 0,
+ ibuf_length(sa->sa_key_iencr));
log_debug("%s: SK_er with %zu bytes", __func__,
ibuf_length(sa->sa_key_rencr));
- print_hex(sa->sa_key_rencr->buf, 0, ibuf_length(sa->sa_key_rencr));
+ print_hex(ibuf_data(sa->sa_key_rencr), 0,
+ ibuf_length(sa->sa_key_rencr));
log_debug("%s: SK_pi with %zu bytes", __func__,
ibuf_length(sa->sa_key_iprf));
- print_hex(sa->sa_key_iprf->buf, 0, ibuf_length(sa->sa_key_iprf));
+ print_hex(ibuf_data(sa->sa_key_iprf), 0, ibuf_length(sa->sa_key_iprf));
log_debug("%s: SK_pr with %zu bytes", __func__,
ibuf_length(sa->sa_key_rprf));
- print_hex(sa->sa_key_rprf->buf, 0, ibuf_length(sa->sa_key_rprf));
+ print_hex(ibuf_data(sa->sa_key_rprf), 0, ibuf_length(sa->sa_key_rprf));
ret = 0;
@@ -5930,33 +5932,33 @@ ikev2_prfplus(struct iked_hash *prf, str
for (i = 0; i < rlen; i++) {
if (t1 != NULL) {
- t2 = ibuf_new(t1->buf, ibuf_length(t1));
+ t2 = ibuf_new(ibuf_data(t1), ibuf_length(t1));
ibuf_free(t1);
} else
t2 = ibuf_new(NULL, 0);
t1 = ibuf_new(NULL, hash_keylength(prf));
- ibuf_add(t2, seed->buf, ibuf_length(seed));
+ ibuf_add_buf(t2, seed);
pad = i + 1;
ibuf_add(t2, &pad, 1);
hash_init(prf);
- hash_update(prf, t2->buf, ibuf_length(t2));
- hash_final(prf, t1->buf, &hashlen);
+ hash_update(prf, ibuf_data(t2), ibuf_length(t2));
+ hash_final(prf, ibuf_data(t1), &hashlen);
if (hashlen != hash_length(prf))
fatalx("ikev2_prfplus: hash length mismatch");
ibuf_free(t2);
- ibuf_add(t, t1->buf, ibuf_length(t1));
+ ibuf_add_buf(t, t1);
log_debug("%s: T%d with %zu bytes", __func__,
pad, ibuf_length(t1));
- print_hex(t1->buf, 0, ibuf_length(t1));
+ print_hex(ibuf_data(t1), 0, ibuf_length(t1));
}
log_debug("%s: Tn with %zu bytes", __func__, ibuf_length(t));
- print_hex(t->buf, 0, ibuf_length(t));
+ print_hex(ibuf_data(t), 0, ibuf_length(t));
ibuf_free(t1);
Index: ikev2_msg.c
===================================================================
RCS file: /cvs/src/sbin/iked/ikev2_msg.c,v
retrieving revision 1.97
diff -u -p -r1.97 ikev2_msg.c
--- ikev2_msg.c 18 Jul 2023 15:07:41 -0000 1.97
+++ ikev2_msg.c 27 Jul 2023 08:27:36 -0000
@@ -448,7 +448,7 @@ ikev2_msg_encrypt(struct iked *env, stru
log_debug("%s: padded length %zu", __func__, ibuf_size(src));
print_hex(ibuf_data(src), 0, ibuf_size(src));
- cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr));
+ cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_length(encr));
cipher_setiv(sa->sa_encr, NULL, 0); /* XXX ivlen */
if (cipher_init_encrypt(sa->sa_encr) == -1) {
log_info("%s: error initiating cipher.", __func__);
@@ -619,22 +619,23 @@ ikev2_msg_decrypt(struct iked *env, stru
if ((tmp = ibuf_new(NULL, hash_keylength(sa->sa_integr))) ==
NULL)
goto done;
- hash_setkey(sa->sa_integr, integr->buf, ibuf_length(integr));
+ hash_setkey(sa->sa_integr, ibuf_data(integr),
+ ibuf_length(integr));
hash_init(sa->sa_integr);
hash_update(sa->sa_integr, ibuf_data(msg),
ibuf_size(msg) - integrlen);
- hash_final(sa->sa_integr, tmp->buf, &tmplen);
+ hash_final(sa->sa_integr, ibuf_data(tmp), &tmplen);
integrdata = ibuf_seek(src, integroff, integrlen);
if (integrdata == NULL)
goto done;
- if (memcmp(tmp->buf, integrdata, integrlen) != 0) {
+ if (memcmp(ibuf_data(tmp), integrdata, integrlen) != 0) {
log_debug("%s: integrity check failed", __func__);
goto done;
}
log_debug("%s: integrity check succeeded", __func__);
- print_hex(tmp->buf, 0, tmplen);
+ print_hex(ibuf_data(tmp), 0, tmplen);
ibuf_free(tmp);
tmp = NULL;
@@ -648,7 +649,7 @@ ikev2_msg_decrypt(struct iked *env, stru
goto done;
}
- cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr));
+ cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_length(encr));
cipher_setiv(sa->sa_encr, ibuf_seek(src, ivoff, ivlen), ivlen);
if (cipher_init_decrypt(sa->sa_encr) == -1) {
log_info("%s: error initiating cipher.", __func__);
