aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon
diff options
context:
space:
mode:
Diffstat (limited to 'src/libcharon')
-rw-r--r--src/libcharon/encoding/message.c2
-rw-r--r--src/libcharon/network/receiver.c2
-rw-r--r--src/libcharon/plugins/eap_aka/eap_aka_server.c5
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c3
-rw-r--r--src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c3
-rw-r--r--src/libcharon/plugins/eap_md5/eap_md5.c3
-rw-r--r--src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c7
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_peer.c3
-rw-r--r--src/libcharon/plugins/eap_sim/eap_sim_server.c3
-rw-r--r--src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c3
-rw-r--r--src/libcharon/plugins/xauth_generic/xauth_generic.c2
-rw-r--r--src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/eap_authenticator.c2
-rw-r--r--src/libcharon/sa/ikev2/authenticators/psk_authenticator.c2
-rw-r--r--src/libcharon/sa/ikev2/tasks/ike_mobike.c2
15 files changed, 18 insertions, 26 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 0a596ffb0..e51c94691 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -2625,7 +2625,7 @@ METHOD(message_t, parse_body, status_t,
other_hash = hash_payload->get_hash(hash_payload);
DBG3(DBG_ENC, "HASH received %B\nHASH expected %B",
&other_hash, &hash);
- if (!chunk_equals(hash, other_hash))
+ if (!chunk_equals_const(hash, other_hash))
{
DBG1(DBG_ENC, "received HASH payload does not match");
chunk_free(&hash);
diff --git a/src/libcharon/network/receiver.c b/src/libcharon/network/receiver.c
index 5ce9471bd..6902c4847 100644
--- a/src/libcharon/network/receiver.c
+++ b/src/libcharon/network/receiver.c
@@ -247,7 +247,7 @@ static bool cookie_verify(private_receiver_t *this, message_t *message,
{
return FALSE;
}
- if (chunk_equals(reference, cookie))
+ if (chunk_equals_const(reference, cookie))
{
chunk_free(&reference);
return TRUE;
diff --git a/src/libcharon/plugins/eap_aka/eap_aka_server.c b/src/libcharon/plugins/eap_aka/eap_aka_server.c
index eba7af874..04bfc170b 100644
--- a/src/libcharon/plugins/eap_aka/eap_aka_server.c
+++ b/src/libcharon/plugins/eap_aka/eap_aka_server.c
@@ -425,7 +425,7 @@ static status_t process_challenge(private_eap_aka_server_t *this,
enumerator->destroy(enumerator);
/* compare received RES against stored XRES */
- if (!chunk_equals(res, this->xres))
+ if (!chunk_equals_const(res, this->xres))
{
DBG1(DBG_IKE, "received RES does not match XRES");
return FAILED;
@@ -486,7 +486,7 @@ static status_t process_reauthentication(private_eap_aka_server_t *this,
this->crypto->clear_keys(this->crypto);
return challenge(this, out);
}
- if (!chunk_equals(counter, this->counter))
+ if (!chunk_equals_const(counter, this->counter))
{
DBG1(DBG_IKE, "received counter does not match");
return FAILED;
@@ -730,4 +730,3 @@ eap_aka_server_t *eap_aka_server_create(identification_t *server,
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
index a71dae78a..e38ee5b70 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_card.c
@@ -87,7 +87,7 @@ METHOD(simaka_card_t, get_quintuplet, status_t,
{
return FAILED;
}
- if (!memeq(mac, xmac, AKA_MAC_LEN))
+ if (!memeq_const(mac, xmac, AKA_MAC_LEN))
{
DBG1(DBG_IKE, "received MAC does not match XMAC");
DBG3(DBG_IKE, "MAC %b\nXMAC %b", mac, AKA_MAC_LEN, xmac, AKA_MAC_LEN);
@@ -184,4 +184,3 @@ eap_aka_3gpp2_card_t *eap_aka_3gpp2_card_create(eap_aka_3gpp2_functions_t *f)
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
index 0be122158..f272e1ec8 100644
--- a/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
+++ b/src/libcharon/plugins/eap_aka_3gpp2/eap_aka_3gpp2_provider.c
@@ -158,7 +158,7 @@ METHOD(simaka_provider_t, resync, bool,
{
return FALSE;
}
- if (!memeq(macs, xmacs, AKA_MAC_LEN))
+ if (!memeq_const(macs, xmacs, AKA_MAC_LEN))
{
DBG1(DBG_IKE, "received MACS does not match XMACS");
DBG3(DBG_IKE, "MACS %b XMACS %b",
@@ -205,4 +205,3 @@ eap_aka_3gpp2_provider_t *eap_aka_3gpp2_provider_create(
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_md5/eap_md5.c b/src/libcharon/plugins/eap_md5/eap_md5.c
index b2640d104..d314e7a9e 100644
--- a/src/libcharon/plugins/eap_md5/eap_md5.c
+++ b/src/libcharon/plugins/eap_md5/eap_md5.c
@@ -193,7 +193,7 @@ METHOD(eap_method_t, process_server, status_t,
}
response = chunk_create(data.ptr + 6, data.ptr[5]);
if (response.len < expected.len ||
- !memeq(response.ptr, expected.ptr, expected.len))
+ !memeq_const(response.ptr, expected.ptr, expected.len))
{
chunk_free(&expected);
DBG1(DBG_IKE, "EAP-MD5 verification failed");
@@ -299,4 +299,3 @@ eap_md5_t *eap_md5_create_peer(identification_t *server, identification_t *peer)
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
index 511506869..f7f39f984 100644
--- a/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
+++ b/src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c
@@ -812,7 +812,7 @@ static status_t process_peer_success(private_eap_mschapv2_t *this,
goto error;
}
- if (!chunk_equals(this->auth_response, auth_string))
+ if (!chunk_equals_const(this->auth_response, auth_string))
{
DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed");
goto error;
@@ -1087,8 +1087,8 @@ static status_t process_server_response(private_eap_mschapv2_t *this,
userid->destroy(userid);
chunk_clear(&nt_hash);
- if (memeq(res->response.nt_response, this->nt_response.ptr,
- this->nt_response.len))
+ if (memeq_const(res->response.nt_response, this->nt_response.ptr,
+ this->nt_response.len))
{
chunk_t hex;
char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)];
@@ -1267,4 +1267,3 @@ eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identificatio
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_peer.c b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
index ff96e9279..2637b4314 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_peer.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_peer.c
@@ -310,7 +310,7 @@ static status_t process_challenge(private_eap_sim_peer_t *this,
/* excepting two or three RAND, each 16 bytes. We require two valid
* and different RANDs */
if ((rands.len != 2 * SIM_RAND_LEN && rands.len != 3 * SIM_RAND_LEN) ||
- memeq(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN))
+ memeq_const(rands.ptr, rands.ptr + SIM_RAND_LEN, SIM_RAND_LEN))
{
DBG1(DBG_IKE, "no valid AT_RAND received");
if (!create_client_error(this, SIM_INSUFFICIENT_CHALLENGES, out))
@@ -734,4 +734,3 @@ eap_sim_peer_t *eap_sim_peer_create(identification_t *server,
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_sim/eap_sim_server.c b/src/libcharon/plugins/eap_sim/eap_sim_server.c
index f22266bda..5aa54db3e 100644
--- a/src/libcharon/plugins/eap_sim/eap_sim_server.c
+++ b/src/libcharon/plugins/eap_sim/eap_sim_server.c
@@ -262,7 +262,7 @@ static status_t process_reauthentication(private_eap_sim_server_t *this,
this->crypto->clear_keys(this->crypto);
return initiate(this, out);
}
- if (!chunk_equals(counter, this->counter))
+ if (!chunk_equals_const(counter, this->counter))
{
DBG1(DBG_IKE, "received counter does not match");
return FAILED;
@@ -644,4 +644,3 @@ eap_sim_server_t *eap_sim_server_create(identification_t *server,
return &this->public;
}
-
diff --git a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
index bd47e5085..0a6aec083 100644
--- a/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
+++ b/src/libcharon/plugins/eap_sim_file/eap_sim_file_card.c
@@ -52,7 +52,7 @@ METHOD(simaka_card_t, get_triplet, bool,
c_rand, SIM_RAND_LEN, c_sres, SIM_SRES_LEN, c_kc, SIM_KC_LEN);
if (id->matches(id, cand))
{
- if (memeq(c_rand, rand, SIM_RAND_LEN))
+ if (memeq_const(c_rand, rand, SIM_RAND_LEN))
{
DBG2(DBG_CFG, " => triplet matches");
memcpy(sres, c_sres, SIM_SRES_LEN);
@@ -105,4 +105,3 @@ eap_sim_file_card_t *eap_sim_file_card_create(eap_sim_file_triplets_t *triplets)
return &this->public;
}
-
diff --git a/src/libcharon/plugins/xauth_generic/xauth_generic.c b/src/libcharon/plugins/xauth_generic/xauth_generic.c
index c37da0cb0..e65d1a1fe 100644
--- a/src/libcharon/plugins/xauth_generic/xauth_generic.c
+++ b/src/libcharon/plugins/xauth_generic/xauth_generic.c
@@ -180,7 +180,7 @@ METHOD(xauth_method_t, process_server, status_t,
SHARED_EAP, this->server, this->peer);
while (enumerator->enumerate(enumerator, &shared, NULL, NULL))
{
- if (chunk_equals(shared->get_key(shared), pass))
+ if (chunk_equals_const(shared->get_key(shared), pass))
{
status = SUCCESS;
break;
diff --git a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
index bb187f07c..5debeeb37 100644
--- a/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
+++ b/src/libcharon/sa/ikev1/authenticators/psk_v1_authenticator.c
@@ -124,7 +124,7 @@ METHOD(authenticator_t, process, status_t,
return FAILED;
}
free(dh.ptr);
- if (chunk_equals(hash, hash_payload->get_hash(hash_payload)))
+ if (chunk_equals_const(hash, hash_payload->get_hash(hash_payload)))
{
free(hash.ptr);
if (!this->hybrid)
diff --git a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
index ebef31930..f1442096c 100644
--- a/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/eap_authenticator.c
@@ -464,7 +464,7 @@ static bool verify_auth(private_eap_authenticator_t *this, message_t *message,
return FALSE;
}
recv_auth_data = auth_payload->get_data(auth_payload);
- if (!auth_data.len || !chunk_equals(auth_data, recv_auth_data))
+ if (!auth_data.len || !chunk_equals_const(auth_data, recv_auth_data))
{
DBG1(DBG_IKE, "verification of AUTH payload with%s EAP MSK failed",
this->msk.ptr ? "" : "out");
diff --git a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
index c6a4b6ba4..535581068 100644
--- a/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
+++ b/src/libcharon/sa/ikev2/authenticators/psk_authenticator.c
@@ -123,7 +123,7 @@ METHOD(authenticator_t, process, status_t,
{
continue;
}
- if (auth_data.len && chunk_equals(auth_data, recv_auth_data))
+ if (auth_data.len && chunk_equals_const(auth_data, recv_auth_data))
{
DBG1(DBG_IKE, "authentication of '%Y' with %N successful",
other_id, auth_method_names, AUTH_PSK);
diff --git a/src/libcharon/sa/ikev2/tasks/ike_mobike.c b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
index 6295d7960..11b0bb281 100644
--- a/src/libcharon/sa/ikev2/tasks/ike_mobike.c
+++ b/src/libcharon/sa/ikev2/tasks/ike_mobike.c
@@ -537,7 +537,7 @@ METHOD(task_t, process_i, status_t,
cookie2 = this->cookie2;
this->cookie2 = chunk_empty;
process_payloads(this, message);
- if (!chunk_equals(cookie2, this->cookie2))
+ if (!chunk_equals_const(cookie2, this->cookie2))
{
chunk_free(&cookie2);
DBG1(DBG_IKE, "COOKIE2 mismatch, closing IKE_SA");
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-14 14:17:33 +0000