Amebis/GEANTLink
1
1
Fork 0
Code Issues 3 Pull Requests Actions Packages Projects Releases 50 Wiki Activity

ID 3. C style pointer casting from security audit fixed

Browse Source
This commit is contained in:
Simon Rozman
2016-10-03 11:40:30 +02:00
parent 28408fcea7
commit 559ffc5ead
20 changed files with 178 additions and 178 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/EAPBase/include/EAP.h
View File

@@ -772,7 +772,7 @@ inline void operator<<(_Inout_ eap::cursor_out &cursor, _In_ const unsigned int
{
eap::cursor_out::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int);
assert(ptr_end <= cursor.ptr_end);
*(unsigned int*)cursor.ptr = val;
*reinterpret_cast<unsigned int*>(cursor.ptr) = val;
cursor.ptr = ptr_end;
}
@@ -788,7 +788,7 @@ inline void operator>>(_Inout_ eap::cursor_in &cursor, _Out_ unsigned int &val)
{
eap::cursor_in::ptr_type ptr_end = cursor.ptr + sizeof(unsigned int);
assert(ptr_end <= cursor.ptr_end);
val = *(unsigned int*)cursor.ptr;
val = *reinterpret_cast<const unsigned int*>(cursor.ptr);
cursor.ptr = ptr_end;
}

6
lib/EAPBase/include/Module.h
View File

@@ -330,12 +330,12 @@ namespace eap
// Import the 256-bit AES session key.
winstd::crypt_key key_aes;
if (!CryptImportKey(hProv, (LPCBYTE)data, 268, key_rsa, 0, &key_aes))
if (!CryptImportKey(hProv, reinterpret_cast<LPCBYTE>(data), 268, key_rsa, 0, &key_aes))
throw win_runtime_error(__FUNCTION__ " CryptImportKey failed.");
// Decrypt the data using AES session key.
std::vector<unsigned char, winstd::sanitizing_allocator<unsigned char> > buf;
buf.assign((const unsigned char*)data + 268, (const unsigned char*)data + size);
buf.assign(reinterpret_cast<const unsigned char*>(data) + 268, reinterpret_cast<const unsigned char*>(data) + size);
if (!CryptDecrypt(key_aes, hHash, TRUE, 0, buf))
throw win_runtime_error(__FUNCTION__ " CryptDecrypt failed.");
@@ -412,7 +412,7 @@ namespace eap
std::vector<unsigned char> hash_bin;
if (!CryptGetHashParam(hash, HP_HASHVAL, hash_bin, 0))
throw win_runtime_error(__FUNCTION__ " Calculating MD5 hash failed.");
if (memcmp((unsigned char*)data + enc_size, hash_bin.data(), dwHashSize) != 0)
if (memcmp(reinterpret_cast<const unsigned char*>(data) + enc_size, hash_bin.data(), dwHashSize) != 0)
throw invalid_argument(__FUNCTION__ " Invalid encrypted data.");
return dec;

12
lib/EAPBase/src/Config.cpp
View File

@@ -242,9 +242,9 @@ eap::config_method_with_cred::config_method_with_cred(_In_ module &mod, _In_ uns
eap::config_method_with_cred::config_method_with_cred(_In_ const config_method_with_cred &other) :
m_use_cred (other.m_use_cred ),
m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr),
config_method(other )
m_use_cred (other.m_use_cred ),
m_cred (other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr),
config_method(other )
{
}
@@ -262,7 +262,7 @@ eap::config_method_with_cred& eap::config_method_with_cred::operator=(_In_ const
if (this != &other) {
(config_method&)*this = other;
m_use_cred = other.m_use_cred;
m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr);
m_cred.reset(other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr);
}
return *this;
@@ -376,7 +376,7 @@ eap::config_provider::config_provider(_In_ const config_provider &other) :
{
m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? dynamic_cast<config_method*>(method->get()->clone()) : nullptr)));
}
@@ -415,7 +415,7 @@ eap::config_provider& eap::config_provider::operator=(_In_ const config_provider
m_methods.clear();
m_methods.reserve(other.m_methods.size());
for (vector<unique_ptr<config_method> >::const_iterator method = other.m_methods.cbegin(), method_end = other.m_methods.cend(); method != method_end; ++method)
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? (config_method*)method->get()->clone() : nullptr)));
m_methods.push_back(std::move(unique_ptr<config_method>(*method ? dynamic_cast<config_method*>(method->get()->clone()) : nullptr)));
}
return *this;

50
lib/EAPBase/src/Credentials.cpp
View File

@@ -363,8 +363,8 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in
WideCharToMultiByte(CP_UTF8, 0, m_password.c_str(), (int)m_password.length(), cred_utf8, NULL, NULL);
// Encrypt the password using user's key.
DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , (LPBYTE)cred_utf8.data() };
DATA_BLOB entropy_blob = { sizeof(s_entropy), (LPBYTE)s_entropy };
DATA_BLOB cred_blob = { (DWORD)cred_utf8.size() , const_cast<LPBYTE>(reinterpret_cast<LPCBYTE>(cred_utf8.data())) };
DATA_BLOB entropy_blob = { sizeof(s_entropy), const_cast<LPBYTE>( s_entropy ) };
data_blob cred_enc;
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
@@ -375,18 +375,18 @@ void eap::credentials_pass::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned in
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
(LPTSTR)target.c_str(), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
(LPTSTR)m_identity.c_str() // UserName
0, // Flags
CRED_TYPE_GENERIC, // Type
const_cast<LPTSTR>(target.c_str()), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
const_cast<LPTSTR>(m_identity.c_str()) // UserName
};
if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@@ -403,14 +403,14 @@ void eap::credentials_pass::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned
throw win_runtime_error(__FUNCTION__ " CredRead failed.");
// Decrypt the password using user's key.
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
data_blob cred_int;
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
// Convert password from UTF-8.
MultiByteToWideChar(CP_UTF8, 0, (LPCSTR)cred_int.pbData, (int)cred_int.cbData, m_password);
MultiByteToWideChar(CP_UTF8, 0, reinterpret_cast<LPCSTR>(cred_int.pbData), (int)cred_int.cbData, m_password);
SecureZeroMemory(cred_int.pbData, cred_int.cbData);
if (cred->UserName)
@@ -443,14 +443,14 @@ eap::credentials::source_t eap::credentials_pass::combine(
{
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_pass*)cred_cached;
*this = *dynamic_cast<const credentials_pass*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_cache;
}
if (cfg.m_use_cred) {
// Using configured credentials.
*this = *(credentials_pass*)cfg.m_cred.get();
*this = *dynamic_cast<const credentials_pass*>(cfg.m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG1, event_data((unsigned int)cfg.get_method_id()), event_data(credentials_pass::get_name()), event_data::blank);
return source_config;
}
@@ -553,11 +553,11 @@ eap::credentials_connection::credentials_connection(_In_ module &mod, _In_ const
eap::credentials_connection::credentials_connection(_In_ const credentials_connection &other) :
m_cfg (other.m_cfg ),
m_namespace(other.m_namespace),
m_id (other.m_id ),
m_cred (other.m_cred ? (credentials*)other.m_cred->clone() : nullptr),
config (other )
m_cfg (other.m_cfg ),
m_namespace(other.m_namespace ),
m_id (other.m_id ),
m_cred (other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr),
config (other )
{
}
@@ -578,7 +578,7 @@ eap::credentials_connection& eap::credentials_connection::operator=(_In_ const c
(config&)*this = other;
m_namespace = other.m_namespace;
m_id = other.m_id;
m_cred.reset(other.m_cred ? (credentials*)other.m_cred->clone() : nullptr);
m_cred.reset(other.m_cred ? dynamic_cast<credentials*>(other.m_cred->clone()) : nullptr);
}
return *this;

14
lib/EAPBase/src/Method.cpp
View File

@@ -169,13 +169,13 @@ void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned char f
// Diameter AVP header
diameter_avp_header hdr;
*(unsigned int*)hdr.code = htonl(code);
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags;
hton24(size_outer, hdr.length);
m_packet_res.insert(m_packet_res.end(), (unsigned char*)&hdr, (unsigned char*)(&hdr + 1));
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
m_packet_res.insert(m_packet_res.end(), (unsigned char*)data, (unsigned char*)data + size);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
m_packet_res.insert(m_packet_res.end(), padding, 0);
}
@@ -195,13 +195,13 @@ void eap::method_noneap::append_avp(_In_ unsigned int code, _In_ unsigned int ve
// Diameter AVP header
diameter_avp_header_ven hdr;
*(unsigned int*)hdr.code = htonl(code);
*reinterpret_cast<unsigned int*>(hdr.code) = htonl(code);
hdr.flags = flags | diameter_avp_flag_vendor;
hton24(size_outer, hdr.length);
*(unsigned int*)hdr.vendor = htonl(vendor_id);
m_packet_res.insert(m_packet_res.end(), (unsigned char*)&hdr, (unsigned char*)(&hdr + 1));
*reinterpret_cast<unsigned int*>(hdr.vendor) = htonl(vendor_id);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
// Data
m_packet_res.insert(m_packet_res.end(), (unsigned char*)data, (unsigned char*)data + size);
m_packet_res.insert(m_packet_res.end(), reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
m_packet_res.insert(m_packet_res.end(), padding, 0);
}

6
lib/EAPBase/src/Module.cpp
View File

@@ -69,13 +69,13 @@ EAP_ERROR* eap::module::make_error(_In_ DWORD dwErrorCode, _In_opt_z_ LPCWSTR ps
pError->repairGuid = pRepairGuid != NULL ? *pRepairGuid : GUID_NULL;
pError->helpLinkGuid = pHelpLinkGuid != NULL ? *pHelpLinkGuid : GUID_NULL;
if (nRootCauseSize) {
pError->pRootCauseString = (LPWSTR)p;
pError->pRootCauseString = const_cast<LPWSTR>(reinterpret_cast<LPCWSTR>(p));
memcpy(pError->pRootCauseString, pszRootCauseString, nRootCauseSize);
p += nRootCauseSize;
} else
pError->pRootCauseString = NULL;
if (nRepairStringSize) {
pError->pRepairString = (LPWSTR)p;
pError->pRepairString = const_cast<LPWSTR>(reinterpret_cast<LPCWSTR>(p));
memcpy(pError->pRepairString, pszRepairString, nRepairStringSize);
p += nRepairStringSize;
} else
@@ -201,7 +201,7 @@ std::vector<unsigned char> eap::module::encrypt(_In_ HCRYPTPROV hProv, _In_bytec
std::vector<unsigned char> enc(buf.begin(), buf.end());
// Pre-allocate memory to allow space, as encryption will grow the data.
buf.assign((const unsigned char*)data, (const unsigned char*)data + size);
buf.assign(reinterpret_cast<const unsigned char*>(data), reinterpret_cast<const unsigned char*>(data) + size);
DWORD dwBlockLen;
if (!CryptGetKeyParam(key_aes, KP_BLOCKLEN, dwBlockLen, 0)) dwBlockLen = 0;
buf.reserve((size + dwBlockLen) / dwBlockLen * dwBlockLen);

6
lib/EAPBase_UI/include/EAP_UI.h
View File

@@ -248,7 +248,7 @@ protected:
int idx = m_providers->GetSelection();
if (idx != wxNOT_FOUND) {
eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider();
m_prov_remove->Enable(true);
m_prov_advanced->Enable(!cfg_provider.m_read_only);
} else {
@@ -295,7 +295,7 @@ protected:
wxEAPConfigDialogBase::OnProvRemove(event);
int idx = m_providers->GetSelection();
eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider();
if (wxMessageBox(tstring_printf(_("Are you sure you want to permanently remove %ls provider from configuration?"), wxEAPGetProviderName(cfg_provider.m_name).c_str()), _("Warning"), wxYES_NO, this) == wxYES) {
// Delete provider.
@@ -317,7 +317,7 @@ protected:
wxEAPConfigDialogBase::OnProvAdvanced(event);
int idx = m_providers->GetSelection();
eap::config_provider &cfg_provider = ((_wxT*)m_providers->GetPage(idx))->GetProvider();
eap::config_provider &cfg_provider = dynamic_cast<_wxT*>(m_providers->GetPage(idx))->GetProvider();
wxEAPConfigProvider dlg(cfg_provider, this);
if (dlg.ShowModal() == wxID_OK)

28
lib/EAPBase_UI/src/EAP_UI.cpp
View File

@@ -455,7 +455,7 @@ eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
if (!wnd_class)
throw win_runtime_error(__FUNCTION__ " Error registering master monitor window class.");
tstring_guid guid_str(guid);
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, (LPCTSTR)wnd_class, guid_str.c_str());
HWND hwnd_master = FindWindowEx(HWND_MESSAGE, NULL, reinterpret_cast<LPCTSTR>(wnd_class), guid_str.c_str());
if (hwnd_master) {
// Another monitor is already running.
m_is_master = false;
@@ -484,18 +484,18 @@ eap::monitor_ui::monitor_ui(_In_ HINSTANCE module, _In_ const GUID &guid) :
}
m_hwnd = CreateWindowEx(
0, // dwExStyle
(LPCTSTR)wnd_class, // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
0, // dwExStyle
reinterpret_cast<LPCTSTR>(wnd_class), // lpClassName
guid_str.c_str(), // lpWindowName
0, // dwStyle
0, // x
0, // y
0, // nWidth
0, // nHeight
HWND_MESSAGE, // hWndParent
NULL, // hMenu
module, // hInstance
this); // lpParam
if (!m_is_master) {
// Notify master we are waiting him.
@@ -575,7 +575,7 @@ LRESULT eap::monitor_ui::winproc(
} else if (msg == s_msg_finish) {
// Master finished.
assert(!m_is_master);
m_data.assign((const unsigned char*)lparam, (const unsigned char*)lparam + wparam);
m_data.assign(reinterpret_cast<const unsigned char*>(lparam), reinterpret_cast<const unsigned char*>(lparam) + wparam);
// Finish slave too.
DestroyWindow(m_hwnd);

8
lib/MSCHAPv2/src/MSCHAPv2.cpp
View File

@@ -45,7 +45,7 @@ crypt_key eap::create_des_key(_In_ HCRYPTPROV cp, _In_count_(size) const unsigne
};
sanitizing_blob key_blob;
key_blob.reserve(sizeof(key_blob_prefix) + 8);
key_blob.assign((const unsigned char*)&s_prefix, (const unsigned char*)(&s_prefix + 1));
key_blob.assign(reinterpret_cast<const unsigned char*>(&s_prefix), reinterpret_cast<const unsigned char*>(&s_prefix + 1));
// Inject parity bits.
unsigned char out = 0, parity = 1;
@@ -215,7 +215,7 @@ eap::nt_response::nt_response(
static const DWORD mode_ecb = CRYPT_MODE_ECB;
// DesEncrypt(Challenge, 1st 7-octets of ZPasswordHash, giving 1st 8-octets of Response)
key = create_des_key(cp, (const unsigned char*)&hash_pwd, 7);
key = create_des_key(cp, reinterpret_cast<const unsigned char*>(&hash_pwd), 7);
if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0))
throw win_runtime_error(__FUNCTION__ " Error setting ECB mode.");
memcpy(data, &challenge, 8);
@@ -224,7 +224,7 @@ eap::nt_response::nt_response(
throw win_runtime_error(__FUNCTION__ " Error encrypting message 1/3.");
// DesEncrypt(Challenge, 2nd 7-octets of ZPasswordHash, giving 2nd 8-octets of Response)
key = create_des_key(cp, (const unsigned char*)&hash_pwd + 7, 7);
key = create_des_key(cp, reinterpret_cast<const unsigned char*>(&hash_pwd) + 7, 7);
if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0))
throw win_runtime_error(__FUNCTION__ " Error setting ECB mode.");
memcpy(data + 8, &challenge, 8);
@@ -233,7 +233,7 @@ eap::nt_response::nt_response(
throw win_runtime_error(__FUNCTION__ " Error encrypting message 2/3.");
// DesEncrypt(Challenge, 2nd 7-octets of ZPasswordHash, giving 2nd 8-octets of Response)
key = create_des_key(cp, (const unsigned char*)&hash_pwd + 14, 2);
key = create_des_key(cp, reinterpret_cast<const unsigned char*>(&hash_pwd) + 14, 2);
if (!CryptSetKeyParam(key, KP_MODE, (const BYTE*)&mode_ecb, 0))
throw win_runtime_error(__FUNCTION__ " Error setting ECB mode.");
memcpy(data + 16, &challenge, 8);

32
lib/MSCHAPv2/src/Method.cpp
View File

@@ -119,14 +119,14 @@ void eap::method_mschapv2::process_request_packet(
sizeof(nt_response)); // Response
response.push_back(m_ident);
response.push_back(0); // Flags
response.insert(response.end(), (unsigned char*)&m_challenge_client, (unsigned char*)(&m_challenge_client + 1)); // Peer-Challenge
response.insert(response.end(), reinterpret_cast<const unsigned char*>(&m_challenge_client), reinterpret_cast<const unsigned char*>(&m_challenge_client + 1)); // Peer-Challenge
response.insert(response.end(), 8, 0); // Reserved
response.insert(response.end(), (unsigned char*)&m_nt_resp, (unsigned char*)(&m_nt_resp + 1)); // NT-Response
response.insert(response.end(), reinterpret_cast<const unsigned char*>(&m_nt_resp), reinterpret_cast<const unsigned char*>(&m_nt_resp + 1)); // NT-Response
// Diameter AVP (User-Name=1, MS-CHAP-Challenge=11/311, MS-CHAP2-Response=25/311)
append_avp( 1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size() );
append_avp(11, 311, diameter_avp_flag_mandatory, (unsigned char*)&m_challenge_server , (unsigned int)sizeof(m_challenge_server));
append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() );
append_avp( 1, diameter_avp_flag_mandatory, identity_utf8.data(), (unsigned int)identity_utf8.size() );
append_avp(11, 311, diameter_avp_flag_mandatory, reinterpret_cast<const unsigned char*>(&m_challenge_server) , (unsigned int)sizeof(m_challenge_server));
append_avp(25, 311, diameter_avp_flag_mandatory, response.data() , (unsigned int)response.size() );
m_phase = phase_challenge_server;
m_cfg.m_last_status = config_method::status_cred_invalid; // Blame credentials if we fail beyond this point.
@@ -154,22 +154,22 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_
sanitizing_blob data;
wstring msg_w;
for (const unsigned char *pck = (const unsigned char*)_pck, *pck_end = pck + size_pck; pck < pck_end; ) {
for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(_pck), *pck_end = pck + size_pck; pck < pck_end; ) {
if (pck + sizeof(diameter_avp_header) > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header.");
const diameter_avp_header *hdr = (const diameter_avp_header*)pck;
unsigned int code = ntohl(*(unsigned int*)hdr->code);
const diameter_avp_header *hdr = reinterpret_cast<const diameter_avp_header*>(pck);
unsigned int code = ntohl(*reinterpret_cast<const unsigned int*>(hdr->code));
unsigned int vendor;
const unsigned char *msg;
if (hdr->flags & diameter_avp_flag_vendor) {
if (pck + sizeof(diameter_avp_header_ven) > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header.");
const diameter_avp_header_ven *hdr_ven = (const diameter_avp_header_ven*)pck;
vendor = ntohl(*(unsigned int*)hdr_ven->vendor);
msg = (const unsigned char*)(hdr_ven + 1);
const diameter_avp_header_ven *hdr_ven = reinterpret_cast<const diameter_avp_header_ven*>(pck);
vendor = ntohl(*reinterpret_cast<const unsigned int*>(hdr_ven->vendor));
msg = reinterpret_cast<const unsigned char*>(hdr_ven + 1);
} else {
vendor = 0;
msg = (const unsigned char*)(hdr + 1);
msg = reinterpret_cast<const unsigned char*>(hdr + 1);
}
unsigned int length = ntoh24(hdr->length);
const unsigned char
@@ -182,13 +182,13 @@ void eap::method_mschapv2::process_packet(_In_bytecount_(size_pck) const void *_
// MS-CHAP2-Success
if (msg[0] != m_ident)
throw invalid_argument(string_printf(__FUNCTION__ " Wrong MSCHAPv2 ident (expected: %u, received: %u).", m_ident, msg[0]).c_str());
const char *str = (const char*)(msg + 1);
process_success(parse_response(str, ((const char*)msg_end - str)));
const char *str = reinterpret_cast<const char*>(msg + 1);
process_success(parse_response(str, (reinterpret_cast<const char*>(msg_end) - str)));
} else if (code == 2 && vendor == 311) {
// MS-CHAP2-Error
m_ident = msg[0];
const char *str = (const char*)(msg + 1);
process_error(parse_response(str, ((const char*)msg_end - str)));
const char *str = reinterpret_cast<const char*>(msg + 1);
process_error(parse_response(str, (reinterpret_cast<const char*>(msg_end) - str)));
} else if (hdr->flags & diameter_avp_flag_mandatory)
throw win_runtime_error(ERROR_NOT_SUPPORTED, string_printf(__FUNCTION__ " Server sent mandatory Diameter AVP we do not support (code: %u, vendor: %u).", code, vendor).c_str());

36
lib/TLS/src/Credentials.cpp
View File

@@ -173,8 +173,8 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int
data_blob cred_enc;
if (m_cert) {
// Encrypt the certificate using user's key.
DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
DATA_BLOB cred_blob = { m_cert->cbCertEncoded, m_cert->pbCertEncoded };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
if (!CryptProtectData(&cred_blob, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN, &cred_enc))
throw win_runtime_error(__FUNCTION__ " CryptProtectData failed.");
}
@@ -185,18 +185,18 @@ void eap::credentials_tls::store(_In_z_ LPCTSTR pszTargetName, _In_ unsigned int
assert(cred_enc.cbData < CRED_MAX_CREDENTIAL_BLOB_SIZE);
assert(m_identity.length() < CRED_MAX_USERNAME_LENGTH );
CREDENTIAL cred = {
0, // Flags
CRED_TYPE_GENERIC, // Type
(LPTSTR)target.c_str(), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
(LPTSTR)m_identity.c_str() // UserName
0, // Flags
CRED_TYPE_GENERIC, // Type
const_cast<LPTSTR>(target.c_str()), // TargetName
_T(""), // Comment
{ 0, 0 }, // LastWritten
cred_enc.cbData, // CredentialBlobSize
cred_enc.pbData, // CredentialBlob
CRED_PERSIST_ENTERPRISE, // Persist
0, // AttributeCount
NULL, // Attributes
NULL, // TargetAlias
const_cast<LPTSTR>(m_identity.c_str()) // UserName
};
if (!CredWrite(&cred, 0))
throw win_runtime_error(__FUNCTION__ " CredWrite failed.");
@@ -214,8 +214,8 @@ void eap::credentials_tls::retrieve(_In_z_ LPCTSTR pszTargetName, _In_ unsigned
if (cred->CredentialBlobSize) {
// Decrypt the certificate using user's key.
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , (LPBYTE)s_entropy };
DATA_BLOB cred_enc = { cred->CredentialBlobSize, cred->CredentialBlob };
DATA_BLOB entropy_blob = { sizeof(s_entropy) , const_cast<LPBYTE>(s_entropy) };
data_blob cred_int;
if (!CryptUnprotectData(&cred_enc, NULL, &entropy_blob, NULL, NULL, CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_VERIFY_PROTECTION, &cred_int))
throw win_runtime_error(__FUNCTION__ " CryptUnprotectData failed.");
@@ -298,14 +298,14 @@ eap::credentials::source_t eap::credentials_tls::combine(
{
if (cred_cached) {
// Using EAP service cached credentials.
*this = *(credentials_tls*)cred_cached;
*this = *dynamic_cast<const credentials_tls*>(cred_cached);
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CACHED2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_cache;
}
if (cfg.m_use_cred) {
// Using configured credentials.
*this = *(credentials_tls*)cfg.m_cred.get();
*this = *dynamic_cast<const credentials_tls*>(cfg.m_cred.get());
m_module.log_event(&EAPMETHOD_TRACE_EVT_CRED_CONFIG2, event_data((unsigned int)eap_type_tls), event_data(credentials_tls::get_name()), event_data(pszTargetName), event_data::blank);
return source_config;
}

80
lib/TLS/src/Method.cpp
View File

@@ -376,8 +376,8 @@ void eap::method_tls::process_request_packet(
// Derive master secret.
static const unsigned char s_label[] = "master secret";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
memcpy(&m_master_secret, prf(m_cp, m_alg_prf, pms, seed, sizeof(tls_master_secret)).data(), sizeof(tls_master_secret));
// Create client key exchange message, and append to packet.
@@ -396,8 +396,8 @@ void eap::method_tls::process_request_packet(
// Derive client side keys.
static const unsigned char s_label[] = "key expansion";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed,
2*m_state_client_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1)
2*m_state_client_pending.m_size_enc_key + // client_write_key & server_write_key
@@ -518,9 +518,9 @@ void eap::method_tls::get_result(
// Fill array with RADIUS attributes.
eap_attr a;
m_eap_attr.reserve(m_eap_attr.size() + 3);
a.create_ms_mppe_key(16, (LPCBYTE)&m_key_mppe_client, sizeof(tls_random));
a.create_ms_mppe_key(16, reinterpret_cast<LPCBYTE>(&m_key_mppe_client), sizeof(tls_random));
m_eap_attr.push_back(std::move(a));
a.create_ms_mppe_key(17, (LPCBYTE)&m_key_mppe_server, sizeof(tls_random));
a.create_ms_mppe_key(17, reinterpret_cast<LPCBYTE>(&m_key_mppe_server), sizeof(tls_random));
m_eap_attr.push_back(std::move(a));
m_eap_attr.push_back(eap_attr::blank);
@@ -552,7 +552,7 @@ void eap::method_tls::get_result(
NULL,
&buf_out_desc);
if (SUCCEEDED(status))
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf_out[0].pvBuffer, (const unsigned char*)buf_out[0].pvBuffer + buf_out[0].cbBuffer);
m_packet_res.m_data.insert(m_packet_res.m_data.end(), reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer), reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer) + buf_out[0].cbBuffer);
}
#endif
@@ -594,14 +594,14 @@ eap::sanitizing_blob eap::method_tls::make_client_hello()
// SSL header
assert(size_data <= 0xffffff);
unsigned int ssl_header = htonl((tls_handshake_type_client_hello << 24) | (unsigned int)size_data);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// SSL version
msg.insert(msg.end(), (unsigned char*)&m_tls_version, (unsigned char*)(&m_tls_version + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&m_tls_version), reinterpret_cast<const unsigned char*>(&m_tls_version + 1));
// Generate client random and add it to the message
m_random_client.randomize(m_cp);
msg.insert(msg.end(), (unsigned char*)&m_random_client, (unsigned char*)(&m_random_client + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
// Session ID
assert(m_session_id.size() <= 32);
@@ -610,7 +610,7 @@ eap::sanitizing_blob eap::method_tls::make_client_hello()
// Cypher suite list
unsigned short size_cipher_suite2 = htons((unsigned short)sizeof(s_cipher_suite));
msg.insert(msg.end(), (unsigned char*)&size_cipher_suite2, (unsigned char*)(&size_cipher_suite2 + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&size_cipher_suite2), reinterpret_cast<const unsigned char*>(&size_cipher_suite2 + 1));
msg.insert(msg.end(), s_cipher_suite, s_cipher_suite + _countof(s_cipher_suite));
// Compression
@@ -638,7 +638,7 @@ eap::sanitizing_blob eap::method_tls::make_client_cert() const
// SSL header
assert(size_data <= 0xffffff);
unsigned int ssl_header = htonl((tls_handshake_type_certificate << 24) | (unsigned int)size_data);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// List size
assert(size_list <= 0xffffff);
@@ -663,7 +663,7 @@ eap::sanitizing_blob eap::method_tls::make_client_cert() const
eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_master_secret &pms) const
{
// Encrypt pre-master key with server public key first.
sanitizing_blob pms_enc((const unsigned char*)&pms, (const unsigned char*)(&pms + 1));
sanitizing_blob pms_enc(reinterpret_cast<const unsigned char*>(&pms), reinterpret_cast<const unsigned char*>(&pms + 1));
crypt_key key;
if (!key.import_public(m_cp_enc_client, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(m_server_cert_chain.front()->pCertInfo->SubjectPublicKeyInfo)))
throw win_runtime_error(__FUNCTION__ " Error importing server's public key.");
@@ -681,7 +681,7 @@ eap::sanitizing_blob eap::method_tls::make_client_key_exchange(_In_ const tls_ma
// SSL header
assert(size_data <= 0xffffff);
unsigned int ssl_header = htonl((tls_handshake_type_client_key_exchange << 24) | (unsigned int)size_data);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// Encrypted pre master secret size
assert(size_pms_enc <= 0xffff);
@@ -707,7 +707,7 @@ eap::sanitizing_blob eap::method_tls::make_finished() const
// SSL header
unsigned int ssl_header = htonl((unsigned int)(tls_handshake_type_finished << 24) | 12);
msg.insert(msg.end(), (unsigned char*)&ssl_header, (unsigned char*)(&ssl_header + 1));
msg.insert(msg.end(), reinterpret_cast<const unsigned char*>(&ssl_header), reinterpret_cast<const unsigned char*>(&ssl_header + 1));
// Create label + hash MD5 + hash SHA-1 seed.
crypt_hash hash;
@@ -760,7 +760,7 @@ eap::sanitizing_blob eap::method_tls::make_message(_In_ tls_message_type_t type,
sanitizing_blob msg;
msg.reserve(sizeof(message_header) + size_data);
msg.assign((const unsigned char*)&hdr, (const unsigned char*)(&hdr + 1));
msg.assign(reinterpret_cast<const unsigned char*>(&hdr), reinterpret_cast<const unsigned char*>(&hdr + 1));
msg.insert(msg.end(), data.begin(), data.end());
return msg;
}
@@ -774,8 +774,8 @@ void eap::method_tls::derive_msk()
#if EAP_TLS < EAP_TLS_SCHANNEL
static const unsigned char s_label[] = "client EAP encryption";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed, 2*sizeof(tls_random)));
_key_block = key_block.data();
#else
@@ -808,13 +808,13 @@ void eap::method_tls::process_packet(_In_bytecount_(size_pck) const void *_pck,
{
sanitizing_blob data;
for (const unsigned char *pck = (const unsigned char*)_pck, *pck_end = pck + size_pck; pck < pck_end; ) {
for (const unsigned char *pck = reinterpret_cast<const unsigned char*>(_pck), *pck_end = pck + size_pck; pck < pck_end; ) {
if (pck + 5 > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message header.");
const message_header *hdr = (const message_header*)pck;
const unsigned char
*msg = (const unsigned char*)(hdr + 1),
*msg_end = msg + ntohs(*(unsigned short*)hdr->length);
*msg = reinterpret_cast<const unsigned char*>(hdr + 1),
*msg_end = msg + ntohs(*reinterpret_cast<const unsigned short*>(hdr->length));
if (msg_end > pck_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete message data.");
@@ -870,7 +870,7 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(size_msg) const
if (size_msg < 1)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete change cipher spec.");
const unsigned char *msg = (const unsigned char*)_msg;
const unsigned char *msg = reinterpret_cast<const unsigned char*>(_msg);
if (msg[0] != 1)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, string_printf(__FUNCTION__ " Invalid change cipher spec message (expected 1, received %u).", msg[0]));
@@ -885,8 +885,8 @@ void eap::method_tls::process_change_cipher_spec(_In_bytecount_(size_msg) const
static const unsigned char s_label[] = "key expansion";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
sanitizing_blob key_block(prf(m_cp, m_alg_prf, m_master_secret, seed,
2*m_state_server_pending.m_size_mac_key + // client_write_MAC_secret & server_write_MAC_secret (SHA1)
2*m_state_server_pending.m_size_enc_key + // client_write_key & server_write_key
@@ -928,7 +928,7 @@ void eap::method_tls::process_alert(_In_bytecount_(size_msg) const void *_msg, _
if (size_msg < 2)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete alert.");
const unsigned char *msg = (const unsigned char*)_msg;
const unsigned char *msg = reinterpret_cast<const unsigned char*>(_msg);
m_module.log_event(&EAPMETHOD_TLS_ALERT, event_data((unsigned int)eap_type_tls), event_data((unsigned char)msg[0]), event_data((unsigned char)msg[1]), event_data::blank);
@@ -941,11 +941,11 @@ void eap::method_tls::process_alert(_In_bytecount_(size_msg) const void *_msg, _
void eap::method_tls::process_handshake(_In_bytecount_(size_msg) const void *_msg, _In_ size_t size_msg)
{
for (const unsigned char *msg = (const unsigned char*)_msg, *msg_end = msg + size_msg; msg < msg_end; ) {
for (const unsigned char *msg = reinterpret_cast<const unsigned char*>(_msg), *msg_end = msg + size_msg; msg < msg_end; ) {
// Parse record header.
if (msg + sizeof(unsigned int) > msg_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Incomplete record header.");
unsigned int hdr = ntohl(*(unsigned int*)msg);
unsigned int hdr = ntohl(*reinterpret_cast<const unsigned int*>(msg));
const unsigned char
*rec = msg + sizeof(unsigned int),
*rec_end = rec + (hdr & 0xffffff);
@@ -959,9 +959,9 @@ void eap::method_tls::process_handshake(_In_bytecount_(size_msg) const void *_ms
// TLS version
if (rec + 2 > rec_end)
throw win_runtime_error(EAP_E_EAPHOST_METHOD_INVALID_PACKET, __FUNCTION__ " Server SSL/TLS version missing or incomplete.");
else if (*(tls_version*)rec < tls_version_1_0 || m_tls_version < *(tls_version*)rec)
else if (*reinterpret_cast<const tls_version*>(rec) < tls_version_1_0 || m_tls_version < *reinterpret_cast<const tls_version*>(rec))
throw win_runtime_error(ERROR_NOT_SUPPORTED, __FUNCTION__ " Unsupported SSL/TLS version.");
m_tls_version = *(tls_version*)rec;
m_tls_version = *reinterpret_cast<const tls_version*>(rec);
m_alg_prf = m_tls_version < tls_version_1_2 ? CALG_TLS1PRF : CALG_SHA_256;
rec += 2;
@@ -1171,7 +1171,7 @@ void eap::method_tls::process_handshake()
// Send Schannel's token via EAP.
assert(buf_out[0].BufferType == SECBUFFER_TOKEN);
assert(m_sc_ctx.m_attrib & ISC_RET_ALLOCATED_MEMORY);
m_packet_res.m_data.assign((const unsigned char*)buf_out[0].pvBuffer, (const unsigned char*)buf_out[0].pvBuffer + buf_out[0].cbBuffer);
m_packet_res.m_data.assign(reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer), reinterpret_cast<const unsigned char*>(buf_out[0].pvBuffer) + buf_out[0].cbBuffer);
if (buf_in[1].BufferType == SECBUFFER_EXTRA) {
// Server appended extra data.
m_sc_queue.erase(m_sc_queue.begin(), m_sc_queue.end() - buf_in[1].cbBuffer);
@@ -1217,7 +1217,7 @@ void eap::method_tls::process_handshake()
// Send alert via EAP. Not that EAP will transmit it once we throw this is an error...
assert(buf_out[1].BufferType == SECBUFFER_ALERT);
assert(m_sc_ctx.m_attrib & ISC_RET_ALLOCATED_MEMORY);
m_packet_res.m_data.assign((const unsigned char*)buf_out[1].pvBuffer, (const unsigned char*)buf_out[1].pvBuffer + buf_out[1].cbBuffer);
m_packet_res.m_data.assign(reinterpret_cast<const unsigned char*>(buf_out[1].pvBuffer), reinterpret_cast<const unsigned char*>(buf_out[1].pvBuffer) + buf_out[1].cbBuffer);
}
throw sec_runtime_error(status, __FUNCTION__ " Schannel error.");
@@ -1265,7 +1265,7 @@ void eap::method_tls::process_application_data()
std::vector<unsigned char> extra;
for (size_t i = 0; i < _countof(buf); i++)
if (buf[i].BufferType == SECBUFFER_EXTRA)
extra.insert(extra.end(), (unsigned char*)buf[i].pvBuffer, (unsigned char*)buf[i].pvBuffer + buf[i].cbBuffer);
extra.insert(extra.end(), reinterpret_cast<const unsigned char*>(buf[i].pvBuffer), reinterpret_cast<const unsigned char*>(buf[i].pvBuffer) + buf[i].cbBuffer);
m_sc_queue = std::move(extra);
} else if (status == SEC_E_INCOMPLETE_MESSAGE) {
// Schannel neeeds more data. Send ACK packet to server to send more.
@@ -1647,7 +1647,7 @@ eap::sanitizing_blob eap::method_tls::prf(
size_S2 = size_S1;
const void
*S1 = &secret,
*S2 = (const unsigned char*)&secret + (sizeof(tls_master_secret) - size_S2);
*S2 = reinterpret_cast<const unsigned char*>(&secret) + (sizeof(tls_master_secret) - size_S2);
// Precalculate HMAC padding for speed.
hmac_padding
@@ -1656,8 +1656,8 @@ eap::sanitizing_blob eap::method_tls::prf(
// Prepare A for p_hash.
sanitizing_blob
A1((unsigned char*)seed, (unsigned char*)seed + size_seed),
A2((unsigned char*)seed, (unsigned char*)seed + size_seed);
A1(reinterpret_cast<const unsigned char*>(seed), reinterpret_cast<const unsigned char*>(seed) + size_seed),
A2(reinterpret_cast<const unsigned char*>(seed), reinterpret_cast<const unsigned char*>(seed) + size_seed);
sanitizing_blob
hmac1,
@@ -1706,7 +1706,7 @@ eap::sanitizing_blob eap::method_tls::prf(
hmac_padding padding(cp, alg, &secret, sizeof(tls_master_secret));
// Prepare A for p_hash.
sanitizing_blob A((unsigned char*)seed, (unsigned char*)seed + size_seed);
sanitizing_blob A(reinterpret_cast<const unsigned char*>(seed), reinterpret_cast<const unsigned char*>(seed) + size_seed);
sanitizing_blob hmac;
for (size_t i = 0; i < size; ) {
@@ -1759,8 +1759,8 @@ HCRYPTKEY eap::method_tls::create_key(
};
sanitizing_blob key_blob;
key_blob.reserve(sizeof(key_blob_prefix) + size_secret);
key_blob.assign((const unsigned char*)&prefix, (const unsigned char*)(&prefix + 1));
key_blob.insert(key_blob.end(), (const unsigned char*)secret, (const unsigned char*)secret + size_secret);
key_blob.assign( reinterpret_cast<const unsigned char*>(&prefix), reinterpret_cast<const unsigned char*>(&prefix + 1));
key_blob.insert(key_blob.end(), reinterpret_cast<const unsigned char*>( secret), reinterpret_cast<const unsigned char*>(secret) + size_secret);
// Import the key.
winstd::crypt_key key_out;
@@ -1795,7 +1795,7 @@ HCRYPTKEY eap::method_tls::create_key(
#pragma pack(pop)
sanitizing_blob key_blob;
key_blob.reserve(sizeof(key_blob_prefix) + size_key);
key_blob.assign((const unsigned char*)&prefix, (const unsigned char*)(&prefix + 1));
key_blob.assign(reinterpret_cast<const unsigned char*>(&prefix), reinterpret_cast<const unsigned char*>(&prefix + 1));
// Key in EME-PKCS1-v1_5 (RFC 3447).
key_blob.push_back(0); // Initial zero
@@ -1818,7 +1818,7 @@ HCRYPTKEY eap::method_tls::create_key(
key_blob.push_back(0); // PS and M zero delimiter
// M
key_blob.insert(key_blob.end(), (const unsigned char*)secret, (const unsigned char*)secret + size_secret);
key_blob.insert(key_blob.end(), reinterpret_cast<const unsigned char*>(secret), reinterpret_cast<const unsigned char*>(secret) + size_secret);
#ifdef _HOST_LOW_ENDIAN
std::reverse(key_blob.end() - size_key, key_blob.end());

10
lib/TLS/src/TLS.cpp
View File

@@ -496,11 +496,11 @@ bool eap::packet_tls::append_frag(_In_ const EapPacket *pck)
if (pck->Data[1] & flags_req_length_incl) {
// Length field is included.
packet_data_ptr = pck->Data + 6;
size_packet_data = ntohs(*(unsigned short*)pck->Length) - 10;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 10;
} else {
// Length field not included.
packet_data_ptr = pck->Data + 2;
size_packet_data = ntohs(*(unsigned short*)pck->Length) - 6;
size_packet_data = ntohs(*reinterpret_cast<const unsigned short*>(pck->Length)) - 6;
}
// Do the EAP-TLS defragmentation.
@@ -509,7 +509,7 @@ bool eap::packet_tls::append_frag(_In_ const EapPacket *pck)
// Start a new packet.
if (pck->Data[1] & flags_req_length_incl) {
// Preallocate data according to the Length field.
size_t size_tot = ntohl(*(unsigned int*)(pck->Data + 2));
size_t size_tot = ntohl(*reinterpret_cast<const unsigned int*>(pck->Data + 2));
m_data.reserve(size_tot);
//m_module.log_event(&EAPMETHOD_PACKET_RECV_FRAG_FIRST, event_data((unsigned int)eap_type_tls), event_data((unsigned int)size_packet_data), event_data((unsigned int)size_tot), event_data::blank);
} else {
@@ -561,7 +561,7 @@ unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck,
} else {
// But it should be fragmented.
m_flags |= flags_res_length_incl | flags_res_more_frag;
*(unsigned int*)(pck->Data + 2) = htonl(size_packet);
*reinterpret_cast<unsigned int*>(pck->Data + 2) = htonl(size_packet);
data_dst = pck->Data + 6;
size_data = size_packet_limit - 10;
size_packet = size_packet_limit;
@@ -585,7 +585,7 @@ unsigned short eap::packet_tls::get_frag(_Out_bytecap_(size_pck) EapPacket *pck,
pck->Code = (BYTE)m_code;
pck->Id = m_id;
*(unsigned short*)pck->Length = htons((unsigned short)size_packet);
*reinterpret_cast<unsigned short*>(pck->Length) = htons((unsigned short)size_packet);
pck->Data[0] = (BYTE)eap_type_tls;
pck->Data[1] = m_flags;
memcpy(data_dst, m_data.data(), size_data);

2
lib/TLS_UI/src/TLS_UI.cpp
View File

@@ -521,7 +521,7 @@ void wxTLSServerTrustPanel::OnRootCAAddFile(wxCommandEvent& event)
for (size_t i = 0, i_end = paths.GetCount(); i < i_end; i++) {
// Load certificate(s) from file.
winstd::cert_store cs;
if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, (LPCTSTR)(paths[i]))) {
if (cs.create(CERT_STORE_PROV_FILENAME, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL, CERT_STORE_OPEN_EXISTING_FLAG | CERT_STORE_READONLY_FLAG, paths[i])) {
for (PCCERT_CONTEXT cert = NULL; (cert = CertEnumCertificatesInStore(cs, cert)) != NULL;)
AddRootCA(cert);
} else

4
lib/TTLS/src/Config.cpp
View File

@@ -38,7 +38,7 @@ eap::config_method_ttls::config_method_ttls(_In_ module &mod, _In_ unsigned int
eap::config_method_ttls::config_method_ttls(const _In_ config_method_ttls &other) :
m_inner(other.m_inner ? (config_method_with_cred*)other.m_inner->clone() : nullptr),
m_inner(other.m_inner ? dynamic_cast<config_method_with_cred*>(other.m_inner->clone()) : nullptr),
m_anonymous_identity(other.m_anonymous_identity),
config_method_tls(other)
{
@@ -57,7 +57,7 @@ eap::config_method_ttls& eap::config_method_ttls::operator=(const _In_ config_me
{
if (this != &other) {
(config_method_tls&)*this = other;
m_inner.reset(other.m_inner ? (config_method_with_cred*)other.m_inner->clone() : nullptr);
m_inner.reset(other.m_inner ? dynamic_cast<config_method_with_cred*>(other.m_inner->clone()) : nullptr);
m_anonymous_identity = other.m_anonymous_identity;
}

4
lib/TTLS/src/Credentials.cpp
View File

@@ -35,7 +35,7 @@ eap::credentials_ttls::credentials_ttls(_In_ module &mod) :
eap::credentials_ttls::credentials_ttls(_In_ const credentials_ttls &other) :
m_inner(other.m_inner ? (credentials*)other.m_inner->clone() : nullptr),
m_inner(other.m_inner ? dynamic_cast<credentials*>(other.m_inner->clone()) : nullptr),
credentials_tls(other)
{
}
@@ -52,7 +52,7 @@ eap::credentials_ttls& eap::credentials_ttls::operator=(_In_ const credentials_t
{
if (this != &other) {
(credentials_tls&)*this = other;
m_inner.reset(other.m_inner ? (credentials*)other.m_inner->clone() : nullptr);
m_inner.reset(other.m_inner ? dynamic_cast<credentials*>(other.m_inner->clone()) : nullptr);
}
return *this;

10
lib/TTLS/src/Method.cpp
View File

@@ -157,8 +157,8 @@ void eap::method_ttls::derive_msk()
//
static const unsigned char s_label[] = "ttls keying material";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
sanitizing_blob key_block(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, 2*sizeof(tls_random)));
_key_block = key_block.data();
#else
@@ -197,8 +197,8 @@ void eap::method_ttls::derive_challenge()
#if EAP_TLS < EAP_TLS_SCHANNEL
static const unsigned char s_label[] = "ttls challenge";
sanitizing_blob seed(s_label, s_label + _countof(s_label) - 1);
seed.insert(seed.end(), (const unsigned char*)&m_random_client, (const unsigned char*)(&m_random_client + 1));
seed.insert(seed.end(), (const unsigned char*)&m_random_server, (const unsigned char*)(&m_random_server + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_client), reinterpret_cast<const unsigned char*>(&m_random_client + 1));
seed.insert(seed.end(), reinterpret_cast<const unsigned char*>(&m_random_server), reinterpret_cast<const unsigned char*>(&m_random_server + 1));
sanitizing_blob keying(prf(m_cp, CALG_TLS1PRF, m_master_secret, seed, sizeof(challenge_mschapv2) + 1));
memcpy(&inner_mschapv2->m_challenge_server, keying.data(), sizeof(challenge_mschapv2));
inner_mschapv2->m_ident = keying[sizeof(challenge_mschapv2) + 0];
@@ -294,7 +294,7 @@ void eap::method_ttls::process_application_data(_In_bytecount_(size_msg) const v
status = EncryptMessage(m_sc_ctx, 0, &buf_desc, 0);
if (FAILED(status))
throw sec_runtime_error(status, __FUNCTION__ " Error encrypting message.");
m_packet_res.m_data.insert(m_packet_res.m_data.end(), (const unsigned char*)buf[0].pvBuffer, (const unsigned char*)buf[0].pvBuffer + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
m_packet_res.m_data.insert(m_packet_res.m_data.end(), reinterpret_cast<const unsigned char*>(buf[0].pvBuffer), reinterpret_cast<const unsigned char*>(buf[0].pvBuffer) + buf[0].cbBuffer + buf[1].cbBuffer + buf[2].cbBuffer);
#endif
} else {
// Empty packets represent ACK message, and are not encrypted.

2
lib/WinStd

Submodule lib/WinStd updated: 129b9c9a10...3b4448dcf4

2
lib/wxExtend

Submodule lib/wxExtend updated: e9dd2b7ae5...2e3e188026