Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Bring in latest racoon/libipsec from KAME (not part of a snap 

kit).  Includes a few bugfixes from, including a re-key problem
and memory leak when doing GSSAPI authentication for Phase 1.
Also some better config file documentation.
This commit is contained in:
thorpej 2001-01-26 23:53:26 +00:00
parent 22189b442b
commit 034d969067
9 changed files with 45 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
crypto/dist/kame/racoon/algorithm.c vendored
View File

@ -1,4 +1,4 @@
/* $KAME: algorithm.c,v 1.12 2000/12/15 13:43:54 sakane Exp $ */
/* $KAME: algorithm.c,v 1.13 2001/01/26 03:26:22 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -44,7 +44,7 @@
#include "isakmp.h"
#include "ipsec_doi.h"
static int ipsecenc2doi[] = {
static const int ipsecenc2doi[] = {
ALGTYPE_NOTHING,
IPSECDOI_ESP_DES_IV64,
IPSECDOI_ESP_DES,
@ -60,7 +60,7 @@ static int ipsecenc2doi[] = {
IPSECDOI_ESP_RIJNDAEL,
IPSECDOI_ESP_TWOFISH,
};
static int ipsecauth2doi[] = {
static const int ipsecauth2doi[] = {
ALGTYPE_NOTHING,
IPSECDOI_ATTR_AUTH_HMAC_MD5,
IPSECDOI_ATTR_AUTH_HMAC_SHA1,
@ -68,13 +68,13 @@ static int ipsecauth2doi[] = {
IPSECDOI_ATTR_AUTH_KPDK,
IPSECDOI_ATTR_AUTH_NONE,
};
static int ipseccomp2doi[] = {
static const int ipseccomp2doi[] = {
ALGTYPE_NOTHING,
IPSECDOI_IPCOMP_OUI,
IPSECDOI_IPCOMP_DEFLATE,
IPSECDOI_IPCOMP_LZS,
};
static int isakmpenc2doi[] = {
static const int isakmpenc2doi[] = {
ALGTYPE_NOTHING,
-1,
OAKLEY_ATTR_ENC_ALG_DES,
@ -84,13 +84,13 @@ static int isakmpenc2doi[] = {
OAKLEY_ATTR_ENC_ALG_CAST,
OAKLEY_ATTR_ENC_ALG_BLOWFISH,
};
static int isakmphash2doi[] = {
static const int isakmphash2doi[] = {
ALGTYPE_NOTHING,
OAKLEY_ATTR_HASH_ALG_MD5,
OAKLEY_ATTR_HASH_ALG_SHA,
OAKLEY_ATTR_HASH_ALG_TIGER,
};
static int isakmpameth2doi[] = {
static const int isakmpameth2doi[] = {
ALGTYPE_NOTHING,
OAKLEY_ATTR_AUTH_METHOD_PSKEY,
OAKLEY_ATTR_AUTH_METHOD_DSSSIG,
@ -99,7 +99,7 @@ static int isakmpameth2doi[] = {
OAKLEY_ATTR_AUTH_METHOD_RSAREV,
OAKLEY_ATTR_AUTH_METHOD_GSSAPI_KRB,
};
static int isakmpdh2doi[] = {
static const int isakmpdh2doi[] = {
ALGTYPE_NOTHING,
OAKLEY_ATTR_GRP_DESC_MODP768,
OAKLEY_ATTR_GRP_DESC_MODP1024,

9
crypto/dist/kame/racoon/crypto_openssl.c vendored
View File

@ -1,4 +1,4 @@
/* $KAME: crypto_openssl.c,v 1.47 2001/01/16 21:53:19 sakane Exp $ */
/* $KAME: crypto_openssl.c,v 1.48 2001/01/25 03:22:39 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -1656,6 +1656,8 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
{
BIGNUM *dh_pub = NULL;
DH *dh = NULL;
int l;
caddr_t v;
#if 0
vchar_t *gv = 0;
#endif
@ -1690,7 +1692,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
goto end;
#endif
DH_compute_key((*key)->v, dh_pub, dh);
v = (caddr_t)calloc(prime->l, sizeof(u_char));
l = DH_compute_key(v, dh_pub, dh);
memcpy((*key)->v + (prime->l - l), v, l);
free(v);
error = 0;

4
crypto/dist/kame/racoon/handler.c vendored
View File

@ -1,4 +1,4 @@
/* $KAME: handler.c,v 1.41 2000/12/15 13:43:55 sakane Exp $ */
/* $KAME: handler.c,v 1.42 2001/01/26 04:02:45 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -273,10 +273,10 @@ delph1(iph1)
VPTRINIT(iph1->sa);
VPTRINIT(iph1->sa_ret);
#ifdef HAVE_GSSAPI
VPTRINIT(iph1->gi_i);
VPTRINIT(iph1->gi_r);
#ifdef HAVE_GSSAPI
gssapi_free_state(iph1);
#endif

4
crypto/dist/kame/racoon/handler.h vendored
View File

@ -1,4 +1,4 @@
/* $KAME: handler.h,v 1.35 2001/01/10 16:24:57 sakane Exp $ */
/* $KAME: handler.h,v 1.36 2001/01/26 04:02:46 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -155,10 +155,12 @@ struct ph1handle {
/* NOT INCLUDING general header. */
/* NOTE: Should be release after use. */
#ifdef HAVE_GSSAPI
void *gssapi_state; /* GSS-API specific state. */
/* Allocated when needed */
vchar_t *gi_i; /* optional initiator GSS id */
vchar_t *gi_r; /* optional responder GSS id */
#endif
struct isakmp_pl_hash *pl_hash; /* pointer to hash payload */

6
crypto/dist/kame/racoon/isakmp.c vendored
View File

@ -1,4 +1,4 @@
/* $KAME: isakmp.c,v 1.123 2001/01/24 02:35:23 thorpej Exp $ */
/* $KAME: isakmp.c,v 1.124 2001/01/26 04:02:46 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -748,7 +748,9 @@ isakmp_ph1begin_i(rmconf, remote)
iph1->msgid = 0;
iph1->flags = 0;
iph1->ph2cnt = 0;
#ifdef HAVE_GSSAPI
iph1->gssapi_state = NULL;
#endif
iph1->approval = NULL;
/* XXX copy remote address */
@ -832,7 +834,9 @@ isakmp_ph1begin_r(msg, remote, local, etype)
iph1->etype = etypeok->type;
iph1->version = isakmp->v;
iph1->msgid = 0;
#ifdef HAVE_GSSAPI
iph1->gssapi_state = NULL;
#endif
iph1->approval = NULL;
/* copy remote address */

6
crypto/dist/kame/racoon/isakmp_ident.c vendored
View File

@ -1,4 +1,4 @@
/* $KAME: isakmp_ident.c,v 1.52 2001/01/24 02:36:53 thorpej Exp $ */
/* $KAME: isakmp_ident.c,v 1.53 2001/01/26 04:02:46 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -803,9 +803,11 @@ ident_r1send(iph1, msg)
/* set responder's cookie */
isakmp_newcookie((caddr_t)&iph1->index.r_ck, iph1->remote, iph1->local);
#ifdef HAVE_GSSAPI
if (iph1->approval->gssid != NULL)
gss_sa = ipsecdoi_setph1proposal(iph1->approval);
else
#endif
gss_sa = iph1->sa_ret;
/* create buffer to send isakmp payload */
@ -844,8 +846,10 @@ ident_r1send(iph1, msg)
error = 0;
end:
#ifdef HAVE_GSSAPI
if (gss_sa != iph1->sa_ret)
vfree(gss_sa);
#endif
return error;
}

8
crypto/dist/kame/racoon/pfkey.c vendored
View File

@ -1,4 +1,4 @@
/* $KAME: pfkey.c,v 1.96 2001/01/10 16:24:57 sakane Exp $ */
/* $KAME: pfkey.c,v 1.97 2001/01/26 10:14:12 sakane Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -871,7 +871,7 @@ pk_recvgetspi(mhp)
iph2 = getph2byseq(msg->sadb_msg_seq);
if (iph2 == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
plog(LLV_DEBUG, LOCATION, NULL,
"seq %d of %s message not interesting.\n",
msg->sadb_msg_seq,
s_pfkey_type(msg->sadb_msg_type));
@ -1044,7 +1044,7 @@ pk_recvupdate(mhp)
iph2 = getph2byseq(msg->sadb_msg_seq);
if (iph2 == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
plog(LLV_DEBUG, LOCATION, NULL,
"seq %d of %s message not interesting.\n",
msg->sadb_msg_seq,
s_pfkey_type(msg->sadb_msg_type));
@ -1231,7 +1231,7 @@ pk_recvadd(mhp)
iph2 = getph2byseq(msg->sadb_msg_seq);
if (iph2 == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
plog(LLV_DEBUG, LOCATION, NULL,
"seq %d of %s message not interesting.\n",
msg->sadb_msg_seq,
s_pfkey_type(msg->sadb_msg_type));

9
crypto/dist/kame/racoon/remoteconf.c vendored
View File

@ -1,4 +1,4 @@
/* $KAME: remoteconf.c,v 1.18 2000/12/15 13:43:57 sakane Exp $ */
/* $KAME: remoteconf.c,v 1.20 2001/01/26 04:02:46 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -187,6 +187,10 @@ delisakmpsa(sa)
oakley_dhgrp_free(sa->dhgrp);
if (sa->next)
delisakmpsa(sa->next);
#ifdef HAVE_GSSAPI
if (sa->gssid)
vfree(sa->gssid);
#endif
free(sa);
}
@ -262,6 +266,9 @@ newisakmpsa()
new->next = NULL;
new->rmconf = NULL;
#ifdef HAVE_GSSAPI
new->gssid = NULL;
#endif
return new;
}

4
crypto/dist/kame/racoon/remoteconf.h vendored
View File

@ -1,4 +1,4 @@
/* $KAME: remoteconf.h,v 1.20 2000/12/12 16:59:43 thorpej Exp $ */
/* $KAME: remoteconf.h,v 1.21 2001/01/26 04:02:46 thorpej Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@ -92,7 +92,9 @@ struct isakmpsa {
int encklen;
int authmethod;
int hashtype;
#ifdef HAVE_GSSAPI
vchar_t *gssid;
#endif
int dh_group; /* don't use it if aggressive mode */
struct dhgroup *dhgrp; /* don't use it if aggressive mode */