-/* $OpenBSD: ca.c,v 1.80 2021/11/25 18:28:51 tobhe Exp $ */
+/* $OpenBSD: ca.c,v 1.81 2021/12/01 16:42:12 deraadt Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
int ca_dispatch_parent(int, struct privsep_proc *, struct imsg *);
int ca_dispatch_ikev2(int, struct privsep_proc *, struct imsg *);
int ca_dispatch_control(int, struct privsep_proc *, struct imsg *);
-void ca_store_info(struct iked *, const char *, X509_STORE *);
+void ca_store_info(struct iked *, const char *, X509_STORE *);
static struct privsep_proc procs[] = {
{ "parent", PROC_PARENT, ca_dispatch_parent },
void
ca_shutdown(struct privsep_proc *p)
{
- struct iked *env = p->p_env;
+ struct iked *env = p->p_env;
struct ca_store *store;
if (env == NULL)
if ((sanid.id_buf = ibuf_new(data, len))
== NULL) {
log_debug("%s: failed to get id buffer",
- __func__);
+ __func__);
continue;
}
ikev2_print_id(&sanid, idstr, sizeof(idstr));
-/* $OpenBSD: crypto.c,v 1.37 2021/11/29 06:43:42 deraadt Exp $ */
+/* $OpenBSD: crypto.c,v 1.38 2021/12/01 16:42:12 deraadt Exp $ */
/*
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
/*
* We always have EVP_CIPH_NO_PADDING set. This means arg
- * out is not used and olen should always be 0.
- */
+ * out is not used and olen should always be 0.
+ */
if (EVP_CipherFinal_ex(encr->encr_ctx, NULL, &olen) != 1) {
ca_sslerror(__func__);
return (-1);
int
dsa_init(struct iked_dsa *dsa, const void *buf, size_t len)
{
- int ret;
+ int ret;
EVP_PKEY_CTX *pctx = NULL;
if (dsa->dsa_hmac) {
-/* $OpenBSD: iked.c,v 1.61 2021/11/29 13:20:24 jmc Exp $ */
+/* $OpenBSD: iked.c,v 1.62 2021/12/01 16:42:12 deraadt Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
config_setcoupled(env, env->sc_decoupled ? 0 : 1);
config_setocsp(env);
config_setcertpartialchain(env);
- /* Must be last */
+ /* Must be last */
config_setmode(env, env->sc_passive ? 1 : 0);
} else {
config_setreset(env, reset, PROC_IKEV2);
-/* $OpenBSD: iked.h,v 1.200 2021/11/29 06:43:42 deraadt Exp $ */
+/* $OpenBSD: iked.h,v 1.201 2021/12/01 16:42:12 deraadt Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
int sa_mobike; /* MOBIKE */
int sa_frag; /* fragmentation */
- int sa_use_transport_mode; /* peer requested */
- int sa_used_transport_mode; /* we enabled */
+ int sa_use_transport_mode; /* peer requested */
+ int sa_used_transport_mode; /* we enabled */
struct iked_timer sa_timer; /* SA timeouts */
#define IKED_IKE_SA_EXCHANGE_TIMEOUT 300 /* 5 minutes */
-/* $OpenBSD: ikev2.c,v 1.339 2021/11/30 17:47:30 tobhe Exp $ */
+/* $OpenBSD: ikev2.c,v 1.340 2021/12/01 16:42:12 deraadt Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
case IKEV2_EXCHANGE_CREATE_CHILD_SA:
if (!(sa->sa_stateflags & IKED_REQ_CHILDSA)) {
log_debug("%s: IKED_REQ_CHILDSA missing",
- __func__);
+ __func__);
return (-1);
}
sa->sa_stateflags &= ~IKED_REQ_CHILDSA;
nsa->sa_cp_dns = sa->sa_cp_dns;
sa->sa_cp_dns = NULL;
/* Transfer other attributes */
- if (sa->sa_dstid_entry_valid) {
+ if (sa->sa_dstid_entry_valid) {
sa_dstid_remove(env, sa);
sa_dstid_insert(env, nsa);
}
return (-1);
}
if (RB_FIND(iked_addrpool, &env->sc_addrpool,
- &key)) {
+ &key)) {
*errstr = "requested addr in use";
return (-1);
}
if ((ipcomp = csa->csa_bundled) != NULL &&
ipcomp->csa_loaded)
if (pfkey_sa_update_addresses(env, ipcomp)
- != 0)
+ != 0)
log_debug("%s: failed to update sa", __func__);
}
-/* $OpenBSD: ikev2_msg.c,v 1.83 2021/11/29 06:43:42 deraadt Exp $ */
+/* $OpenBSD: ikev2_msg.c,v 1.84 2021/12/01 16:42:13 deraadt Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
struct ikev2_frag_payload *frag;
sa_family_t sa_fam;
size_t ivlen, integrlen, blocklen;
- size_t max_len, left, offset=0;
+ size_t max_len, left, offset=0;
size_t frag_num = 1, frag_total;
uint8_t *data;
uint32_t msgid;
- int ret = -1;
+ int ret = -1;
if (sa == NULL ||
sa->sa_encr == NULL ||
integrlen = hash_length(sa->sa_integr);
max_len = (sa_fam == AF_INET ? IKEV2_MAXLEN_IPV4_FRAG
: IKEV2_MAXLEN_IPV6_FRAG)
- - ivlen - blocklen - integrlen;
+ - ivlen - blocklen - integrlen;
/* Total number of fragments to send */
frag_total = (left / max_len) + 1;
/* IKE header */
if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid,
IKEV2_PAYLOAD_SKF, exchange, response ? IKEV2_FLAG_RESPONSE
- : 0)) == NULL)
+ : 0)) == NULL)
goto done;
/* Payload header */
-/* $OpenBSD: ikev2_pld.c,v 1.121 2021/11/27 21:50:05 tobhe Exp $ */
+/* $OpenBSD: ikev2_pld.c,v 1.122 2021/12/01 16:42:13 deraadt Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
return (-1);
}
if (ikev2_nat_detection(env, msg, md, sizeof(md), type,
- ikev2_msg_frompeer(msg)) == -1)
+ ikev2_msg_frompeer(msg)) == -1)
return (-1);
if (memcmp(buf, md, left) != 0) {
log_debug("%s: %s detected NAT", __func__,
if (left < sizeof(signature_hash) ||
left % sizeof(signature_hash)) {
log_debug("%s: malformed signature hash notification"
- "(%zu bytes)", __func__, left);
+ "(%zu bytes)", __func__, left);
return (0);
}
while (left >= sizeof(signature_hash)) {
uint8_t *buf;
struct ibuf *e = NULL;
size_t frag_num, frag_total;
- size_t len;
+ size_t len;
int ret = -1;
ssize_t elen;
goto done;
}
log_debug("%s: Received fragment: %zu of %zu",
- __func__, frag_num, frag_total);
+ __func__, frag_num, frag_total);
/* Drop fragment if frag_num and frag_total don't match */
if (frag_num > frag_total)
goto done;
- /* Decrypt fragment */
+ /* Decrypt fragment */
if ((e = ibuf_new(buf, len)) == NULL)
goto done;
-/* $OpenBSD: parse.y,v 1.137 2021/11/20 20:44:33 tobhe Exp $ */
+/* $OpenBSD: parse.y,v 1.138 2021/12/01 16:42:13 deraadt Exp $ */
/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
}
;
-rdomain : /* empty */ { $$ = -1; }
+rdomain : /* empty */ { $$ = -1; }
| RDOMAIN NUMBER {
if ($2 > 255 || $2 < 0) {
yyerror("rdomain outside range");
pol.pol_ipproto[i] = ipp->type;
pol.pol_nipproto++;
}
-
+
pol.pol_flags = flags;
pol.pol_rdomain = rdomain;
memcpy(&pol.pol_auth, authtype, sizeof(struct iked_auth));
-/* $OpenBSD: policy.c,v 1.88 2021/11/27 21:50:05 tobhe Exp $ */
+/* $OpenBSD: policy.c,v 1.89 2021/12/01 16:42:13 deraadt Exp $ */
/*
* Copyright (c) 2020-2021 Tobias Heider <tobhe@openbsd.org>
static __inline int
sa_dstid_cmp(struct iked_sa *a, struct iked_sa *b)
{
- struct iked_id *aid = NULL, *bid = NULL;
+ struct iked_id *aid = NULL, *bid = NULL;
size_t alen, blen;
uint8_t *aptr, *bptr;
-/* $OpenBSD: vroute.c,v 1.14 2021/09/06 13:29:17 tobhe Exp $ */
+/* $OpenBSD: vroute.c,v 1.15 2021/12/01 16:42:13 deraadt Exp $ */
/*
* Copyright (c) 2021 Tobias Heider <tobhe@openbsd.org>
{
struct iked_vroute_sc *ivr = env->sc_vroute;
struct vroute_dns *dns;
-
+
dns = calloc(1, sizeof(*dns));
if (dns == NULL)
fatalx("%s: calloc.", __func__);
memcpy(&dns->vd_addr, addr, addr->sa_len);
dns->vd_ifidx = ifidx;
-
+
ivr->ivr_dns = dns;
}
projects / openbsd / commitdiff