diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 13:57:57 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2017-05-26 14:24:13 +0200 |
| commit | b668bf3f9ec1e6e44cb31c727ac928105e383b32 (patch) | |
| tree | db62e4fcd1a955b5179c6f172a9403500bb24e50 /src/libcharon/plugins/stroke/stroke_ca.c | |
| parent | 0da10b73addd8c181bed0772c7eac32d28d8af77 (diff) | |
| parent | 2e4d110d1e94a3be9da06894832492ff469eec37 (diff) | |
| download | strongswan-b668bf3f9ec1.tar.bz2 strongswan-b668bf3f9ec1.tar.xz | |
Merge branch 'variadic-enumerators'
This adds several changes to enumerator_t and linked_list_t to improve
portability. In particular to Apple's ARM64 iOS platform, whose calling
convention for variadic and regular functions are different. This means
that assigning a non-variadic function to a variadic function pointer,
as we did with our enumerator_t::enumerate() implementations and several
callbacks, will result in crashes as the called function will access the
arguments differently than the caller provided them.
To avoid this issue the enumerator_t interface is now fully variadic.
A new mandatory method is added, venumerate(), that takes a va_list with
the arguments provided while enumerating. enumerate() is replaced with
a generic implementation that prepares a va_list and calls the
enumerator's venumerate() implementation. As this allows passing the
arguments of one enumerator to another it avoids the five pointer hack
used by enumerator_create_nested() and enumerator_create_cleaner().
To simplify the implementation of venumerate() a helper macro is provided
that assigns values from a given va_list to local variables.
The signature of the callback passed to enumerator_create_filter() has
also changed significantly. It's now required to enumerate over the
original enumerator in the callback as this avoids the previous in/out
pointer hack. The arguments to the outer enumerator are provided in a
va_list.
Similar changes to avoid such five pointer hacks affect the signatures
of the callbacks for linked_list_t's invoke_function() and find_first()
methods. For the latter the return type also changed from status_t to
bool, which is important as SUCCESS is defined as 0, so checks for ==
SUCCESS will now fail.
Diffstat (limited to 'src/libcharon/plugins/stroke/stroke_ca.c')
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_ca.c | 49 |
1 files changed, 26 insertions, 23 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_ca.c b/src/libcharon/plugins/stroke/stroke_ca.c index 13ed41e0e..4593e9bdc 100644 --- a/src/libcharon/plugins/stroke/stroke_ca.c +++ b/src/libcharon/plugins/stroke/stroke_ca.c @@ -171,26 +171,30 @@ typedef struct { identification_t *id; } cert_data_t; -/** - * destroy cert_data - */ -static void cert_data_destroy(cert_data_t *data) +CALLBACK(cert_data_destroy, void, + cert_data_t *data) { data->this->lock->unlock(data->this->lock); free(data); } -/** - * filter function for certs enumerator - */ -static bool certs_filter(cert_data_t *data, ca_cert_t **in, - certificate_t **out) +CALLBACK(certs_filter, bool, + cert_data_t *data, enumerator_t *orig, va_list args) { + ca_cert_t *cacert; public_key_t *public; - certificate_t *cert = (*in)->cert; + certificate_t **out; + + VA_ARGS_VGET(args, out); - if (data->cert == CERT_ANY || data->cert == cert->get_type(cert)) + while (orig->enumerate(orig, &cacert)) { + certificate_t *cert = cacert->cert; + + if (data->cert != CERT_ANY && data->cert != cert->get_type(cert)) + { + continue; + } public = cert->get_public_key(cert); if (public) { @@ -208,9 +212,9 @@ static bool certs_filter(cert_data_t *data, ca_cert_t **in, } else if (data->key != KEY_ANY) { - return FALSE; + continue; } - if (data->id == NULL || cert->has_subject(cert, data->id)) + if (!data->id || cert->has_subject(cert, data->id)) { *out = cert; return TRUE; @@ -235,8 +239,8 @@ METHOD(credential_set_t, create_cert_enumerator, enumerator_t*, this->lock->read_lock(this->lock); enumerator = this->certs->create_enumerator(this->certs); - return enumerator_create_filter(enumerator, (void*)certs_filter, data, - (void*)cert_data_destroy); + return enumerator_create_filter(enumerator, certs_filter, data, + cert_data_destroy); } /** @@ -354,11 +358,12 @@ METHOD(credential_set_t, create_cdp_enumerator, enumerator_t*, data, (void*)cdp_data_destroy); } -/** - * Compare the given certificate to the ca_cert_t items in the list - */ -static bool match_cert(ca_cert_t *item, certificate_t *cert) +CALLBACK(match_cert, bool, + ca_cert_t *item, va_list args) { + certificate_t *cert; + + VA_ARGS_VGET(args, cert); return cert->equals(cert, item->cert); } @@ -405,8 +410,7 @@ static certificate_t *add_cert_internal(private_stroke_ca_t *this, { ca_cert_t *found; - if (this->certs->find_first(this->certs, (linked_list_match_t)match_cert, - (void**)&found, cert) == SUCCESS) + if (this->certs->find_first(this->certs, match_cert, (void**)&found, cert)) { cert->destroy(cert); cert = found->cert->get_ref(found->cert); @@ -511,8 +515,7 @@ METHOD(stroke_ca_t, get_cert_ref, certificate_t*, ca_cert_t *found; this->lock->read_lock(this->lock); - if (this->certs->find_first(this->certs, (linked_list_match_t)match_cert, - (void**)&found, cert) == SUCCESS) + if (this->certs->find_first(this->certs, match_cert, (void**)&found, cert)) { cert->destroy(cert); cert = found->cert->get_ref(found->cert); |