assert(st->sharedsecretlen);
if (st->sharedsecretlen > st->sharedsecretallocd) {
st->sharedsecretallocd=st->sharedsecretlen;
- st->sharedsecret=realloc(st->sharedsecret,st->sharedsecretallocd);
+ st->sharedsecret=safe_realloc_ary(st->sharedsecret,1,
+ st->sharedsecretallocd,
+ "site:sharedsecret");
}
- if (!st->sharedsecret) fatal_perror("site:sharedsecret");
/* Generate the shared key */
st->dh->makeshared(st->dh->st,st->dhsecret,st->dh->len,pk,
{
struct site *st=sst;
- *nfds_io=0; /* We don't use any file descriptors */
+ BEFOREPOLL_WANT_FDS(0); /* We don't use any file descriptors */
st->now=*now;
/* Work out when our next timeout is. The earlier of 'timeout' or
send_msg7(st,"shutting down");
}
+static void site_childpersist_clearkeys(void *sst, uint32_t newphase)
+{
+ struct site *st=sst;
+ dispose_transform(&st->current.transform);
+ dispose_transform(&st->auxiliary_key.transform);
+ dispose_transform(&st->new_transform);
+ /* Not much point overwiting the signing key, since we loaded it
+ from disk, and it is only valid prospectively if at all,
+ anyway. */
+ /* XXX it would be best to overwrite the DH state, because that
+ _is_ relevant to forward secrecy. However we have no
+ convenient interface for doing that and in practice gmp has
+ probably dribbled droppings all over the malloc arena. A good
+ way to fix this would be to have a privsep child for asymmetric
+ crypto operations, but that's a task for another day. */
+}
+
static list_t *site_apply(closure_t *self, struct cloc loc, dict_t *context,
list_t *args)
{
dict_t *dict;
int i;
- st=safe_malloc(sizeof(*st),"site_apply");
+ NEW(st);
st->cl.description="site";
st->cl.type=CL_SITE;
if (!things##_cfg) \
cfgfatal(loc,"site","closure list \"%s\" not found\n",dictkey); \
st->nthings=list_length(things##_cfg); \
- st->things=safe_malloc_ary(sizeof(*st->things),st->nthings,dictkey "s"); \
+ NEW_ARY(st->things,st->nthings); \
assert(st->nthings); \
for (i=0; i<st->nthings; i++) { \
item_t *item=list_elem(things##_cfg,i); \
/* We are interested in poll(), but only for timeouts. We don't have
any fds of our own. */
- register_for_poll(st, site_beforepoll, site_afterpoll, 0, "site");
+ register_for_poll(st, site_beforepoll, site_afterpoll, "site");
st->timeout=0;
st->remote_capabilities=0;
enter_state_stop(st);
add_hook(PHASE_SHUTDOWN,site_phase_hook,st);
+ add_hook(PHASE_CHILDPERSIST,site_childpersist_clearkeys,st);
return new_closure(&st->cl);
}