From 73cd769d3c6dfaa7e6c189d38ab002f9bfb3d83f Mon Sep 17 00:00:00 2001 From: tobhe Date: Mon, 15 Jan 2024 15:29:00 +0000 Subject: [PATCH] Include cert_partial_chain in iked_static instead of sending a separate message. from markus@ --- sbin/iked/ca.c | 6 +++--- sbin/iked/config.c | 26 +++----------------------- sbin/iked/iked.c | 4 +--- sbin/iked/iked.h | 8 +++----- sbin/iked/ikev2.c | 4 +--- sbin/iked/types.h | 3 +-- 6 files changed, 12 insertions(+), 39 deletions(-) diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index 424bd997cd9..398a9ffacc4 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.97 2023/09/02 18:16:02 tobhe Exp $ */ +/* $OpenBSD: ca.c,v 1.98 2024/01/15 15:29:00 tobhe Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -351,8 +351,8 @@ ca_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) case IMSG_PUBKEY: config_getkey(env, imsg); break; - case IMSG_CERT_PARTIAL_CHAIN: - config_getcertpartialchain(env, imsg); + case IMSG_CTL_STATIC: + config_getstatic(env, imsg); break; default: return (-1); diff --git a/sbin/iked/config.c b/sbin/iked/config.c index e1dabf773d9..157aeb44b8e 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.93 2023/08/04 19:06:25 claudio Exp $ */ +/* $OpenBSD: config.c,v 1.94 2024/01/15 15:29:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -900,6 +900,8 @@ config_setstatic(struct iked *env) { proc_compose(&env->sc_ps, PROC_IKEV2, IMSG_CTL_STATIC, &env->sc_static, sizeof(env->sc_static)); + proc_compose(&env->sc_ps, PROC_CERT, IMSG_CTL_STATIC, + &env->sc_static, sizeof(env->sc_static)); return (0); } @@ -984,28 +986,6 @@ config_getocsp(struct iked *env, struct imsg *imsg) return (0); } -int -config_setcertpartialchain(struct iked *env) -{ - unsigned int boolval; - - boolval = env->sc_cert_partial_chain; - proc_compose(&env->sc_ps, PROC_CERT, IMSG_CERT_PARTIAL_CHAIN, - &boolval, sizeof(boolval)); - return (0); -} - -int -config_getcertpartialchain(struct iked *env, struct imsg *imsg) -{ - unsigned int boolval; - - IMSG_SIZE_CHECK(imsg, &boolval); - memcpy(&boolval, imsg->data, sizeof(boolval)); - env->sc_cert_partial_chain = boolval; - return (0); -} - int config_setkeys(struct iked *env) { diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c index 66268a9cad6..e370424c2ae 100644 --- a/sbin/iked/iked.c +++ b/sbin/iked/iked.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.c,v 1.66 2023/06/28 12:31:19 gerhard Exp $ */ +/* $OpenBSD: iked.c,v 1.67 2024/01/15 15:29:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -301,7 +301,6 @@ parent_configure(struct iked *env) config_setstatic(env); config_setcoupled(env, env->sc_decoupled ? 0 : 1); config_setocsp(env); - config_setcertpartialchain(env); /* Must be last */ config_setmode(env, env->sc_passive ? 1 : 0); @@ -334,7 +333,6 @@ parent_reload(struct iked *env, int reset, const char *filename) config_setstatic(env); config_setcoupled(env, env->sc_decoupled ? 0 : 1); config_setocsp(env); - config_setcertpartialchain(env); /* Must be last */ config_setmode(env, env->sc_passive ? 1 : 0); } else { diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index bdfac0ee74e..89d491aba29 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.224 2023/08/11 11:24:55 tobhe Exp $ */ +/* $OpenBSD: iked.h,v 1.225 2024/01/15 15:29:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -774,6 +774,7 @@ enum natt_mode { struct iked_static { uint64_t st_alive_timeout; + int st_cert_partial_chain; int st_enforcesingleikesa; uint8_t st_frag; /* fragmentation */ uint8_t st_mobike; /* MOBIKE */ @@ -793,6 +794,7 @@ struct iked { struct iked_static sc_static; #define sc_alive_timeout sc_static.st_alive_timeout +#define sc_cert_partial_chain sc_static.st_cert_partial_chain #define sc_enforcesingleikesa sc_static.st_enforcesingleikesa #define sc_frag sc_static.st_frag #define sc_mobike sc_static.st_mobike @@ -836,8 +838,6 @@ struct iked { struct iked_addrpool sc_addrpool; struct iked_addrpool6 sc_addrpool6; - - int sc_cert_partial_chain; }; struct iked_socket { @@ -940,8 +940,6 @@ int config_setkeys(struct iked *); int config_getkey(struct iked *, struct imsg *); int config_setstatic(struct iked *); int config_getstatic(struct iked *, struct imsg *); -int config_setcertpartialchain(struct iked *); -int config_getcertpartialchain(struct iked *, struct imsg *); /* policy.c */ void policy_init(struct iked *); diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 673327a8056..e8eefdbcc5b 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.380 2023/11/24 14:43:00 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.381 2024/01/15 15:29:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -295,8 +295,6 @@ ikev2_dispatch_parent(int fd, struct privsep_proc *p, struct imsg *imsg) return (config_getcompile(env)); case IMSG_CTL_STATIC: return (config_getstatic(env, imsg)); - case IMSG_CERT_PARTIAL_CHAIN: - return(config_getcertpartialchain(env, imsg)); default: break; } diff --git a/sbin/iked/types.h b/sbin/iked/types.h index 64923dbb2a2..fd8add52a23 100644 --- a/sbin/iked/types.h +++ b/sbin/iked/types.h @@ -1,4 +1,4 @@ -/* $OpenBSD: types.h,v 1.52 2023/03/04 22:22:51 tobhe Exp $ */ +/* $OpenBSD: types.h,v 1.53 2024/01/15 15:29:00 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -116,7 +116,6 @@ enum imsg_type { IMSG_CERT, IMSG_CERTVALID, IMSG_CERTINVALID, - IMSG_CERT_PARTIAL_CHAIN, IMSG_SCERT, IMSG_IF_ADDADDR, IMSG_IF_DELADDR, -- 2.20.1