Lots of places in the code were already using {0} to initialize stack char
arrays, but memset() was being used as well. This commit removes all
unnecessary memset() calls against char arrays that are already initialized
via {0} (which sets all members to zero for such arrays).
Make sure both functions works the same way and refer to the same
encryption mode string.
Updated the fwknop usage message to display the encryption mode.
This commit fixes a couple of overflow conditions for Rijndael and HMAC keys
that are larger than anticipated maximums. In the case of Rijndael, PKCS#5 1.5
is supported up to key sizes of 32 bytes or smaller (and maintains compatibility
with OpenSSL, and future versions will support PKCS#5 2.0 (PBKDF2) while allowing
for larger key sizes. HMAC keys may be up to 128 bytes even for digest
algorithms such as SHA256 that have block sizes that are smaller than this.
Significant merge from Franck Joncourt to add the ability to save command line
args to ~/.fwknoprc stanzas. This merge is in support of #4.
Conflicts:
lib/fko_util.c
lib/fko_util.h
This is a fairly significant commit that lays the groundwork for getting
selectable HMAC modes working for both the client and server. One libfko API
change was required so that the hmac_type is passed into fko_new_with_data().
This allows the server to set the hmac_type via access.conf stanzas. The
effort in this commit will be extended to allow HMAC MD5, SHA1, and SHA512
also function properly.
This commit fixes a byte order warning for both sha1.c and md5.c like so:
sha1.c:127:6: warning: #warning Undetermined or unsupported Byte Order... We will try LITTLE_ENDIAN [-Wcpp]
Also removed a couple of header includes that appear not be needed.
This commit completes the conversion to the strtol() wrapper function in order
to remove all atoi() calls. In addition, variable max values are enforced
using more broadly defined RCHK_* values.
Bug fix for the following error caught by the test suite (in the [Rijndael SPA]
[client+server] random SPA port (tcp/22 ssh) test):
==24257== 17 bytes in 1 blocks are definitely lost in loss record 1 of 1
==24257== at 0x4C2B3F8: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24257== by 0x4E38B9B: fko_set_rand_value (fko_rand_value.c:114)
==24257== by 0x4E37FE0: fko_new (fko_funcs.c:75)
==24257== by 0x10AE52: main (fwknop.c:113)
This commit replaces most atoi() calls (which don't report errors) with a strtol()
wrapper function for stronger string -> integer conversion validation.
