From be2b38f5ba97b0408cfd65ca4e65dfb8e5d972f0 Mon Sep 17 00:00:00 2001 From: claudio Date: Tue, 23 May 2023 13:12:19 +0000 Subject: [PATCH] Replace ibuf_release() with ibuf_free() since the former just calls the latter OK kn@ tb@ --- sbin/iked/ca.c | 46 +++++++-------- sbin/iked/config.c | 64 ++++++++++----------- sbin/iked/crypto.c | 20 +++---- sbin/iked/eap.c | 12 ++-- sbin/iked/iked.h | 3 +- sbin/iked/ikev2.c | 128 +++++++++++++++++++++--------------------- sbin/iked/ikev2_msg.c | 58 +++++++++---------- sbin/iked/ikev2_pld.c | 24 ++++---- sbin/iked/imsg_util.c | 10 +--- sbin/iked/policy.c | 6 +- 10 files changed, 182 insertions(+), 189 deletions(-) diff --git a/sbin/iked/ca.c b/sbin/iked/ca.c index 409e8a67796..cd10fca4dd6 100644 --- a/sbin/iked/ca.c +++ b/sbin/iked/ca.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ca.c,v 1.91 2023/03/05 22:17:22 tobhe Exp $ */ +/* $OpenBSD: ca.c,v 1.92 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -132,13 +132,13 @@ ca_shutdown(void) struct iked *env = iked_env; struct ca_store *store; - ibuf_release(env->sc_certreq); + ibuf_free(env->sc_certreq); if ((store = env->sc_priv) == NULL) return; X509_STORE_free(store->ca_cas); X509_STORE_free(store->ca_certs); - ibuf_release(store->ca_pubkey.id_buf); - ibuf_release(store->ca_privkey.id_buf); + ibuf_free(store->ca_pubkey.id_buf); + ibuf_free(store->ca_privkey.id_buf); free(store); } @@ -171,7 +171,7 @@ ca_getkey(struct privsep *ps, struct iked_id *key, enum imsg_type type) ibuf_length(key->id_buf)); /* clear old key and copy new one */ - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); memcpy(id, key, sizeof(*id)); } @@ -348,7 +348,7 @@ ca_setscert(struct iked *env, struct iked_sahdr *sh, uint8_t type, X509 *cert) iovcnt++; ret = proc_composev(&env->sc_ps, PROC_IKEV2, IMSG_SCERT, iov, iovcnt); - ibuf_release(buf); + ibuf_free(buf); return (ret); } @@ -401,7 +401,7 @@ ca_setreq(struct iked *env, struct iked_sa *sa, ret = 0; done: - ibuf_release(id.id_buf); + ibuf_free(id.id_buf); return (ret); } @@ -757,7 +757,7 @@ ca_getreq(struct iked *env, struct imsg *imsg) ca_setcert(env, &sh, NULL, type, ibuf_data(buf), ibuf_size(buf), PROC_IKEV2); - ibuf_release(buf); + ibuf_free(buf); return (0); } @@ -816,9 +816,9 @@ ca_getauth(struct iked *env, struct imsg *imsg) ret = ca_setauth(env, &sa, sa.sa_localauth.id_buf, PROC_IKEV2); - ibuf_release(sa.sa_localauth.id_buf); + ibuf_free(sa.sa_localauth.id_buf); sa.sa_localauth.id_buf = NULL; - ibuf_release(authmsg); + ibuf_free(authmsg); return (ret); } @@ -899,7 +899,7 @@ ca_reload(struct iked *env) /* * Save CAs signatures for the IKEv2 CERTREQ */ - ibuf_release(env->sc_certreq); + ibuf_free(env->sc_certreq); if ((env->sc_certreq = ibuf_new(NULL, 0)) == NULL) return (-1); @@ -922,7 +922,7 @@ ca_reload(struct iked *env) OPENSSL_free(subj_name); if (ibuf_add(env->sc_certreq, md, len) != 0) { - ibuf_release(env->sc_certreq); + ibuf_free(env->sc_certreq); env->sc_certreq = NULL; return (-1); } @@ -1267,7 +1267,7 @@ ca_pubkey_serialize(EVP_PKEY *key, struct iked_id *id) case EVP_PKEY_RSA: id->id_type = 0; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if ((rsa = EVP_PKEY_get0_RSA(key)) == NULL) @@ -1279,7 +1279,7 @@ ca_pubkey_serialize(EVP_PKEY *key, struct iked_id *id) d = ibuf_data(id->id_buf); if (i2d_RSAPublicKey(rsa, &d) != len) { - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; goto done; } @@ -1289,7 +1289,7 @@ ca_pubkey_serialize(EVP_PKEY *key, struct iked_id *id) case EVP_PKEY_EC: id->id_type = 0; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if ((ec = EVP_PKEY_get0_EC_KEY(key)) == NULL) @@ -1301,7 +1301,7 @@ ca_pubkey_serialize(EVP_PKEY *key, struct iked_id *id) d = ibuf_data(id->id_buf); if (i2d_EC_PUBKEY(ec, &d) != len) { - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; goto done; } @@ -1336,7 +1336,7 @@ ca_privkey_serialize(EVP_PKEY *key, struct iked_id *id) case EVP_PKEY_RSA: id->id_type = 0; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if ((rsa = EVP_PKEY_get0_RSA(key)) == NULL) @@ -1348,7 +1348,7 @@ ca_privkey_serialize(EVP_PKEY *key, struct iked_id *id) d = ibuf_data(id->id_buf); if (i2d_RSAPrivateKey(rsa, &d) != len) { - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; goto done; } @@ -1358,7 +1358,7 @@ ca_privkey_serialize(EVP_PKEY *key, struct iked_id *id) case EVP_PKEY_EC: id->id_type = 0; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if ((ec = EVP_PKEY_get0_EC_KEY(key)) == NULL) @@ -1370,7 +1370,7 @@ ca_privkey_serialize(EVP_PKEY *key, struct iked_id *id) d = ibuf_data(id->id_buf); if (i2d_ECPrivateKey(ec, &d) != len) { - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; goto done; } @@ -1680,7 +1680,7 @@ ca_validate_pubkey(struct iked *env, struct iked_static_id *id, if (ret != 0) ca_sslerror(__func__); done: - ibuf_release(idp.id_buf); + ibuf_free(idp.id_buf); EVP_PKEY_free(localkey); RSA_free(localrsa); if (len > 0) @@ -1901,7 +1901,7 @@ ca_x509_subjectaltname_do(X509 *cert, int mode, const char *logmsg, } ikev2_print_id(&sanid, idstr, sizeof(idstr)); log_info("%s: altname: %s", logmsg, idstr); - ibuf_release(sanid.id_buf); + ibuf_free(sanid.id_buf); sanid.id_buf = NULL; } /* Compare length and data */ @@ -1916,7 +1916,7 @@ ca_x509_subjectaltname_do(X509 *cert, int mode, const char *logmsg, } /* Get first ID */ if (mode == MODE_ALT_GET) { - ibuf_release(retid->id_buf); + ibuf_free(retid->id_buf); if ((retid->id_buf = ibuf_new(data, len)) == NULL) { log_debug("%s: failed to get id buffer", __func__); diff --git a/sbin/iked/config.c b/sbin/iked/config.c index 711c29cb17d..5b3acc5e537 100644 --- a/sbin/iked/config.c +++ b/sbin/iked/config.c @@ -1,4 +1,4 @@ -/* $OpenBSD: config.c,v 1.91 2022/12/03 22:34:35 tobhe Exp $ */ +/* $OpenBSD: config.c,v 1.92 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -82,12 +82,12 @@ config_free_kex(struct iked_kex *kex) if (kex == NULL) return; - ibuf_release(kex->kex_inonce); - ibuf_release(kex->kex_rnonce); + ibuf_free(kex->kex_inonce); + ibuf_free(kex->kex_rnonce); group_free(kex->kex_dhgroup); - ibuf_release(kex->kex_dhiexchange); - ibuf_release(kex->kex_dhrexchange); + ibuf_free(kex->kex_dhiexchange); + ibuf_free(kex->kex_dhrexchange); free(kex); } @@ -140,42 +140,42 @@ config_free_sa(struct iked *env, struct iked_sa *sa) ikev2_msg_flushqueue(env, &sa->sa_requests); ikev2_msg_flushqueue(env, &sa->sa_responses); - ibuf_release(sa->sa_inonce); - ibuf_release(sa->sa_rnonce); + ibuf_free(sa->sa_inonce); + ibuf_free(sa->sa_rnonce); group_free(sa->sa_dhgroup); - ibuf_release(sa->sa_dhiexchange); - ibuf_release(sa->sa_dhrexchange); + ibuf_free(sa->sa_dhiexchange); + ibuf_free(sa->sa_dhrexchange); - ibuf_release(sa->sa_simult); + ibuf_free(sa->sa_simult); hash_free(sa->sa_prf); hash_free(sa->sa_integr); cipher_free(sa->sa_encr); - ibuf_release(sa->sa_key_d); - ibuf_release(sa->sa_key_iauth); - ibuf_release(sa->sa_key_rauth); - ibuf_release(sa->sa_key_iencr); - ibuf_release(sa->sa_key_rencr); - ibuf_release(sa->sa_key_iprf); - ibuf_release(sa->sa_key_rprf); - - ibuf_release(sa->sa_1stmsg); - ibuf_release(sa->sa_2ndmsg); - - ibuf_release(sa->sa_iid.id_buf); - ibuf_release(sa->sa_rid.id_buf); - ibuf_release(sa->sa_icert.id_buf); - ibuf_release(sa->sa_rcert.id_buf); + ibuf_free(sa->sa_key_d); + ibuf_free(sa->sa_key_iauth); + ibuf_free(sa->sa_key_rauth); + ibuf_free(sa->sa_key_iencr); + ibuf_free(sa->sa_key_rencr); + ibuf_free(sa->sa_key_iprf); + ibuf_free(sa->sa_key_rprf); + + ibuf_free(sa->sa_1stmsg); + ibuf_free(sa->sa_2ndmsg); + + ibuf_free(sa->sa_iid.id_buf); + ibuf_free(sa->sa_rid.id_buf); + ibuf_free(sa->sa_icert.id_buf); + ibuf_free(sa->sa_rcert.id_buf); for (i = 0; i < IKED_SCERT_MAX; i++) - ibuf_release(sa->sa_scert[i].id_buf); - ibuf_release(sa->sa_localauth.id_buf); - ibuf_release(sa->sa_peerauth.id_buf); + ibuf_free(sa->sa_scert[i].id_buf); + ibuf_free(sa->sa_localauth.id_buf); + ibuf_free(sa->sa_peerauth.id_buf); - ibuf_release(sa->sa_eap.id_buf); + ibuf_free(sa->sa_eap.id_buf); free(sa->sa_eapid); - ibuf_release(sa->sa_eapmsk); + ibuf_free(sa->sa_eapmsk); free(sa->sa_cp_addr); free(sa->sa_cp_addr6); @@ -1064,8 +1064,8 @@ config_setkeys(struct iked *env) if (fp != NULL) fclose(fp); - ibuf_release(pubkey.id_buf); - ibuf_release(privkey.id_buf); + ibuf_free(pubkey.id_buf); + ibuf_free(privkey.id_buf); EVP_PKEY_free(key); return (ret); diff --git a/sbin/iked/crypto.c b/sbin/iked/crypto.c index f1a66143f2f..a6d9b54b011 100644 --- a/sbin/iked/crypto.c +++ b/sbin/iked/crypto.c @@ -1,4 +1,4 @@ -/* $OpenBSD: crypto.c,v 1.42 2023/03/30 17:20:53 bluhm Exp $ */ +/* $OpenBSD: crypto.c,v 1.43 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -306,7 +306,7 @@ hash_new(uint8_t type, uint16_t id) struct ibuf * hash_setkey(struct iked_hash *hash, void *key, size_t keylen) { - ibuf_release(hash->hash_key); + ibuf_free(hash->hash_key); if ((hash->hash_key = ibuf_new(key, keylen)) == NULL) { log_debug("%s: alloc hash key", __func__); return (NULL); @@ -320,7 +320,7 @@ hash_free(struct iked_hash *hash) if (hash == NULL) return; HMAC_CTX_free(hash->hash_ctx); - ibuf_release(hash->hash_key); + ibuf_free(hash->hash_key); free(hash); } @@ -487,7 +487,7 @@ cipher_new(uint8_t type, uint16_t id, uint16_t id_length) struct ibuf * cipher_setkey(struct iked_cipher *encr, const void *key, size_t keylen) { - ibuf_release(encr->encr_key); + ibuf_free(encr->encr_key); if ((encr->encr_key = ibuf_new(key, keylen)) == NULL) { log_debug("%s: alloc cipher key", __func__); return (NULL); @@ -498,7 +498,7 @@ cipher_setkey(struct iked_cipher *encr, const void *key, size_t keylen) struct ibuf * cipher_setiv(struct iked_cipher *encr, const void *iv, size_t len) { - ibuf_release(encr->encr_iv); + ibuf_free(encr->encr_iv); encr->encr_iv = NULL; if (iv != NULL) { if (len < encr->encr_ivlength) { @@ -551,8 +551,8 @@ cipher_free(struct iked_cipher *encr) if (encr == NULL) return; EVP_CIPHER_CTX_free(encr->encr_ctx); - ibuf_release(encr->encr_iv); - ibuf_release(encr->encr_key); + ibuf_free(encr->encr_iv); + ibuf_free(encr->encr_key); free(encr); } @@ -767,7 +767,7 @@ dsa_free(struct iked_dsa *dsa) EVP_PKEY_free(dsa->dsa_key); } - ibuf_release(dsa->dsa_keydata); + ibuf_free(dsa->dsa_keydata); free(dsa); } @@ -780,7 +780,7 @@ dsa_setkey(struct iked_dsa *dsa, void *key, size_t keylen, uint8_t type) EC_KEY *ec = NULL; EVP_PKEY *pkey = NULL; - ibuf_release(dsa->dsa_keydata); + ibuf_free(dsa->dsa_keydata); if ((dsa->dsa_keydata = ibuf_new(key, keylen)) == NULL) { log_debug("%s: alloc signature key", __func__); return (NULL); @@ -855,7 +855,7 @@ dsa_setkey(struct iked_dsa *dsa, void *key, size_t keylen, uint8_t type) EVP_PKEY_free(pkey); X509_free(cert); BIO_free(rawcert); - ibuf_release(dsa->dsa_keydata); + ibuf_free(dsa->dsa_keydata); dsa->dsa_keydata = NULL; return (NULL); } diff --git a/sbin/iked/eap.c b/sbin/iked/eap.c index 194fc421ea8..013805434b6 100644 --- a/sbin/iked/eap.c +++ b/sbin/iked/eap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: eap.c,v 1.22 2022/12/03 21:02:27 tobhe Exp $ */ +/* $OpenBSD: eap.c,v 1.23 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -176,7 +176,7 @@ eap_identity_request(struct iked *env, struct iked_sa *sa) ret = ikev2_msg_send_encrypt(env, sa, &e, IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 1); done: - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -230,7 +230,7 @@ eap_challenge_request(struct iked *env, struct iked_sa *sa, ret = ikev2_send_ike_e(env, sa, e, IKEV2_PAYLOAD_EAP, IKEV2_EXCHANGE_IKE_AUTH, 1); done: - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -253,7 +253,7 @@ eap_message_send(struct iked *env, struct iked_sa *sa, int eap_code, int eap_id) ret = ikev2_send_ike_e(env, sa, e, IKEV2_PAYLOAD_EAP, IKEV2_EXCHANGE_IKE_AUTH, 1); done: - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -300,7 +300,7 @@ eap_mschap_challenge(struct iked *env, struct iked_sa *sa, int eap_id, ret = ikev2_send_ike_e(env, sa, eapmsg, IKEV2_PAYLOAD_EAP, IKEV2_EXCHANGE_IKE_AUTH, 1); done: - ibuf_release(eapmsg); + ibuf_free(eapmsg); return (ret); } @@ -327,7 +327,7 @@ eap_mschap_success(struct iked *env, struct iked_sa *sa, int eap_id) ret = ikev2_send_ike_e(env, sa, eapmsg, IKEV2_PAYLOAD_EAP, IKEV2_EXCHANGE_IKE_AUTH, 1); done: - ibuf_release(eapmsg); + ibuf_free(eapmsg); return (ret); } diff --git a/sbin/iked/iked.h b/sbin/iked/iked.h index 9750805348e..76bf8625867 100644 --- a/sbin/iked/iked.h +++ b/sbin/iked/iked.h @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.h,v 1.211 2023/05/23 12:43:26 claudio Exp $ */ +/* $OpenBSD: iked.h,v 1.212 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -1268,7 +1268,6 @@ struct ibuf * struct ibuf * ibuf_static(void); int ibuf_cat(struct ibuf *, struct ibuf *); -void ibuf_release(struct ibuf *); size_t ibuf_length(struct ibuf *); int ibuf_setsize(struct ibuf *, size_t); uint8_t * diff --git a/sbin/iked/ikev2.c b/sbin/iked/ikev2.c index 8533d8cec73..04e905b849c 100644 --- a/sbin/iked/ikev2.c +++ b/sbin/iked/ikev2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2.c,v 1.365 2023/03/10 19:26:06 tobhe Exp $ */ +/* $OpenBSD: ikev2.c,v 1.366 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -222,7 +222,7 @@ ikev2_shutdown(void) { struct iked *env = iked_env; - ibuf_release(env->sc_certreq); + ibuf_free(env->sc_certreq); env->sc_certreq = NULL; config_doreset(env, RESET_ALL); } @@ -324,7 +324,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) memcpy(&type, ptr, sizeof(type)); ptr += sizeof(type); - ibuf_release(env->sc_certreq); + ibuf_free(env->sc_certreq); env->sc_certreqtype = type; env->sc_certreq = ibuf_new(ptr, IMSG_DATA_SIZE(imsg) - sizeof(type)); @@ -349,7 +349,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) id->id_type = type; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if (len > 0 && (id->id_buf = ibuf_new(ptr, len)) == NULL) { @@ -402,7 +402,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) id->id_type = type; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if (len <= 0 || (id->id_buf = ibuf_new(ptr, len)) == NULL) { @@ -451,7 +451,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) id->id_type = type; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if (len <= 0 || (id->id_buf = ibuf_new(ptr, len)) == NULL) { @@ -479,7 +479,7 @@ ikev2_dispatch_cert(int fd, struct privsep_proc *p, struct imsg *imsg) id = &sa->sa_localauth; id->id_type = type; id->id_offset = 0; - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; if (type != IKEV2_AUTH_NONE) { @@ -900,7 +900,7 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa) ibuf_data(sa->sa_peerauth.id_buf), ibuf_length(sa->sa_peerauth.id_buf), authmsg); - ibuf_release(authmsg); + ibuf_free(authmsg); if (ret != 0) { log_info("%s: ikev2_msg_authverify failed", SPI_SA(sa, __func__)); @@ -919,7 +919,7 @@ ikev2_auth_verify(struct iked *env, struct iked_sa *sa) /* XXX 2nd AUTH for EAP messages */ ret = ikev2_msg_authsign(env, sa, &ikeauth, authmsg); - ibuf_release(authmsg); + ibuf_free(authmsg); if (ret != 0) { ikev2_send_auth_failed(env, sa); explicit_bzero(&ikeauth, sizeof(ikeauth)); @@ -1044,7 +1044,7 @@ ikev2_ike_auth_recv(struct iked *env, struct iked_sa *sa, } ca_setauth(env, sa, authmsg, PROC_CERT); - ibuf_release(authmsg); + ibuf_free(authmsg); } } @@ -1502,7 +1502,7 @@ ikev2_init_ike_sa_peer(struct iked *env, struct iked_policy *pol, (void)ikev2_pld_parse(env, hdr, &req, 0); - ibuf_release(sa->sa_1stmsg); + ibuf_free(sa->sa_1stmsg); if ((sa->sa_1stmsg = ibuf_dup(buf)) == NULL) { log_debug("%s: failed to copy 1st message", __func__); goto done; @@ -1550,10 +1550,10 @@ ikev2_init_auth(struct iked *env, struct iked_message *msg) if (ca_setauth(env, sa, authmsg, PROC_CERT) == -1) { log_info("%s: failed to get cert", SPI_SA(sa, __func__)); - ibuf_release(authmsg); + ibuf_free(authmsg); return (-1); } - ibuf_release(authmsg); + ibuf_free(authmsg); return (ikev2_init_ike_auth(env, sa)); } @@ -1702,7 +1702,7 @@ ikev2_init_ike_auth(struct iked *env, struct iked_sa *sa) IKEV2_EXCHANGE_IKE_AUTH, firstpayload, 0); done: - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -1815,7 +1815,7 @@ ikev2_policy2id(struct iked_static_id *polid, struct iked_id *id, int srcid) case IKEV2_ID_IPV4: if (inet_pton(AF_INET, (char *)polid->id_data, &in4) != 1 || ibuf_add(id->id_buf, &in4, sizeof(in4)) != 0) { - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; return (-1); } @@ -1823,7 +1823,7 @@ ikev2_policy2id(struct iked_static_id *polid, struct iked_id *id, int srcid) case IKEV2_ID_IPV6: if (inet_pton(AF_INET6, (char *)polid->id_data, &in6) != 1 || ibuf_add(id->id_buf, &in6, sizeof(in6)) != 0) { - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; return (-1); } @@ -1836,7 +1836,7 @@ ikev2_policy2id(struct iked_static_id *polid, struct iked_id *id, int srcid) (i2d_X509_NAME(name, &p)) < 0) { if (name) X509_NAME_free(name); - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; return (-1); } @@ -1845,7 +1845,7 @@ ikev2_policy2id(struct iked_static_id *polid, struct iked_id *id, int srcid) default: if (ibuf_add(id->id_buf, polid->id_data, polid->id_length) != 0) { - ibuf_release(id->id_buf); + ibuf_free(id->id_buf); id->id_buf = NULL; return (-1); } @@ -2876,7 +2876,7 @@ ikev2_resp_informational(struct iked *env, struct iked_sa *sa, sa_state(env, sa, IKEV2_STATE_CLOSED); } done: - ibuf_release(buf); + ibuf_free(buf); return (ret); } @@ -3156,7 +3156,7 @@ ikev2_handle_delete(struct iked *env, struct iked_message *msg, done: free(localspi); free(peersas); - ibuf_release(spibuf); + ibuf_free(spibuf); return (ret); } @@ -3429,7 +3429,7 @@ ikev2_resp_ike_sa_init(struct iked *env, struct iked_message *msg) (void)ikev2_pld_parse(env, hdr, &resp, 0); - ibuf_release(sa->sa_2ndmsg); + ibuf_free(sa->sa_2ndmsg); if ((sa->sa_2ndmsg = ibuf_dup(buf)) == NULL) { log_debug("%s: failed to copy 2nd message", __func__); goto done; @@ -3481,7 +3481,7 @@ ikev2_send_auth_failed(struct iked *env, struct iked_sa *sa) if (exchange == IKEV2_EXCHANGE_INFORMATIONAL) sa->sa_stateflags |= IKED_REQ_INF; done: - ibuf_release(buf); + ibuf_free(buf); /* cleanup SA after timeout */ sa_state(env, sa, IKEV2_STATE_CLOSING); @@ -3615,7 +3615,7 @@ ikev2_send_error(struct iked *env, struct iked_sa *sa, ret = ikev2_send_ike_e(env, sa, buf, IKEV2_PAYLOAD_NOTIFY, exchange, 1); done: - ibuf_release(buf); + ibuf_free(buf); return (ret); } @@ -3722,7 +3722,7 @@ ikev2_handle_certreq(struct iked* env, struct iked_message *msg) ibuf_length(cr->cr_data), PROC_CERT); - ibuf_release(cr->cr_data); + ibuf_free(cr->cr_data); SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); free(cr); } @@ -3991,7 +3991,7 @@ ikev2_resp_ike_auth(struct iked *env, struct iked_sa *sa) done: if (ret) ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -4023,7 +4023,7 @@ ikev2_send_ike_e(struct iked *env, struct iked_sa *sa, struct ibuf *buf, response); done: - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -4087,7 +4087,7 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, return (-1); } - ibuf_release(sa->sa_simult); + ibuf_free(sa->sa_simult); sa->sa_simult = NULL; sa->sa_rekeyspi = 0; /* clear rekey spi */ initiator = sa->sa_hdr.sh_initiator ? 1 : 0; @@ -4106,7 +4106,7 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, goto done; /* Update initiator nonce */ - ibuf_release(sa->sa_inonce); + ibuf_free(sa->sa_inonce); sa->sa_inonce = nonce; if ((e = ibuf_static()) == NULL) @@ -4229,7 +4229,7 @@ ikev2_send_create_child_sa(struct iked *env, struct iked_sa *sa, } done: - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -4336,7 +4336,7 @@ done: ikev2_ike_sa_setreason(nsa, "failed to send CREATE_CHILD_SA"); sa_free(env, nsa); } - ibuf_release(e); + ibuf_free(e); if (ret == 0) log_debug("%s: create child SA sent", __func__); @@ -4523,7 +4523,7 @@ ikev2_init_create_child_sa(struct iked *env, struct iked_message *msg) SPI_SA(sa, __func__)); return (-1); } - ibuf_release(sa->sa_rnonce); + ibuf_free(sa->sa_rnonce); sa->sa_rnonce = msg->msg_nonce; msg->msg_nonce = NULL; @@ -4588,7 +4588,7 @@ done: ikev2_childsa_delete(env, sa, csa->csa_saproto, csa->csa_peerspi, NULL, 0); } - ibuf_release(buf); + ibuf_free(buf); return (ret); } @@ -4660,10 +4660,10 @@ ikev2_ikesa_enable(struct iked *env, struct iked_sa *sa, struct iked_sa *nsa) } /* Preserve ID information */ - ibuf_release(nsa->sa_iid.id_buf); - ibuf_release(nsa->sa_rid.id_buf); - ibuf_release(nsa->sa_icert.id_buf); - ibuf_release(nsa->sa_rcert.id_buf); + ibuf_free(nsa->sa_iid.id_buf); + ibuf_free(nsa->sa_rid.id_buf); + ibuf_free(nsa->sa_icert.id_buf); + ibuf_free(nsa->sa_rcert.id_buf); if (sa->sa_hdr.sh_initiator == nsa->sa_hdr.sh_initiator) { nsa->sa_iid = sa->sa_iid; nsa->sa_rid = sa->sa_rid; @@ -4768,7 +4768,7 @@ ikev2_ikesa_delete(struct iked *env, struct iked_sa *sa, int initiator) sa->sa_stateflags |= IKED_REQ_INF; log_info("%s: sent delete, closing SA", SPI_SA(sa, __func__)); done: - ibuf_release(buf); + ibuf_free(buf); sa_state(env, sa, IKEV2_STATE_CLOSED); } else { sa_state(env, sa, IKEV2_STATE_CLOSING); @@ -4968,7 +4968,7 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) log_debug("%s: initiator didn't send nonce", __func__); goto fail; } - ibuf_release(kex->kex_inonce); + ibuf_free(kex->kex_inonce); kex->kex_inonce = msg->msg_nonce; msg->msg_nonce = NULL; @@ -4977,7 +4977,7 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) goto fail; /* Update responder's nonce */ - ibuf_release(kex->kex_rnonce); + ibuf_free(kex->kex_rnonce); kex->kex_rnonce = nonce; if (ikev2_childsa_negotiate(env, sa, kex, &proposals, 0, pfs)) { @@ -4991,7 +4991,7 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) SPI_SA(sa, __func__), print_spi(rekey->spi, rekey->spi_size), print_spi(sa->sa_rekeyspi, rekey->spi_size)); - ibuf_release(sa->sa_simult); + ibuf_free(sa->sa_simult); if (ikev2_nonce_cmp(kex->kex_inonce, nonce) < 0) sa->sa_simult = ibuf_dup(kex->kex_inonce); else @@ -5088,7 +5088,7 @@ ikev2_resp_create_child_sa(struct iked *env, struct iked_message *msg) done: if (ret && protoid != IKEV2_SAPROTO_IKE) ikev2_childsa_delete(env, sa, 0, 0, NULL, 1); - ibuf_release(e); + ibuf_free(e); config_free_proposals(&proposals, 0); config_free_kex(kextmp); return (ret); @@ -5339,7 +5339,7 @@ ikev2_send_informational(struct iked *env, struct iked_message *msg) ret = ikev2_msg_send(env, &resp); done: - ibuf_release(e); + ibuf_free(e); ikev2_msg_cleanup(env, &resp); return (ret); @@ -5520,7 +5520,7 @@ ikev2_sa_initiator(struct iked *env, struct iked_sa *sa, if (ikev2_sa_negotiate_common(env, sa, msg) != 0) return (-1); - ibuf_release(sa->sa_2ndmsg); + ibuf_free(sa->sa_2ndmsg); if ((sa->sa_2ndmsg = ibuf_dup(msg->msg_data)) == NULL) { log_info("%s: failed to copy 2nd message", SPI_SA(sa, __func__)); @@ -5609,7 +5609,7 @@ ikev2_sa_responder(struct iked *env, struct iked_sa *sa, struct iked_sa *osa, sa_state(env, sa, IKEV2_STATE_SA_INIT); - ibuf_release(sa->sa_1stmsg); + ibuf_free(sa->sa_1stmsg); if ((sa->sa_1stmsg = ibuf_dup(msg->msg_data)) == NULL) { log_debug("%s: failed to copy 1st message", __func__); return (-1); @@ -5847,11 +5847,11 @@ ikev2_sa_keys(struct iked *env, struct iked_sa *sa, struct ibuf *key) ret = 0; done: - ibuf_release(ninr); - ibuf_release(dhsecret); - ibuf_release(skeyseed); - ibuf_release(s); - ibuf_release(t); + ibuf_free(ninr); + ibuf_free(dhsecret); + ibuf_free(skeyseed); + ibuf_free(s); + ibuf_free(t); return (ret); } @@ -5859,8 +5859,8 @@ ikev2_sa_keys(struct iked *env, struct iked_sa *sa, struct ibuf *key) void ikev2_sa_cleanup_dh(struct iked_sa *sa) { - ibuf_release(sa->sa_dhiexchange); - ibuf_release(sa->sa_dhrexchange); + ibuf_free(sa->sa_dhiexchange); + ibuf_free(sa->sa_dhrexchange); group_free(sa->sa_dhgroup); sa->sa_dhiexchange = NULL; sa->sa_dhrexchange = NULL; @@ -5901,7 +5901,7 @@ ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, for (i = 0; i < rlen; i++) { if (t1 != NULL) { t2 = ibuf_new(t1->buf, ibuf_length(t1)); - ibuf_release(t1); + ibuf_free(t1); } else t2 = ibuf_new(NULL, 0); t1 = ibuf_new(NULL, hash_keylength(prf)); @@ -5917,7 +5917,7 @@ ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, if (hashlen != hash_length(prf)) fatalx("ikev2_prfplus: hash length mismatch"); - ibuf_release(t2); + ibuf_free(t2); ibuf_add(t, t1->buf, ibuf_length(t1)); log_debug("%s: T%d with %zu bytes", __func__, @@ -5928,13 +5928,13 @@ ikev2_prfplus(struct iked_hash *prf, struct ibuf *key, struct ibuf *seed, log_debug("%s: Tn with %zu bytes", __func__, ibuf_length(t)); print_hex(t->buf, 0, ibuf_length(t)); - ibuf_release(t1); + ibuf_free(t1); return (t); fail: - ibuf_release(t1); - ibuf_release(t); + ibuf_free(t1); + ibuf_free(t); return (NULL); } @@ -6076,7 +6076,7 @@ ikev2_childsa_delete_proposed(struct iked *env, struct iked_sa *sa, sa->sa_stateflags |= IKED_REQ_INF; ret = 0; done: - ibuf_release(buf); + ibuf_free(buf); return (ret); } @@ -6397,9 +6397,9 @@ ikev2_childsa_negotiate(struct iked *env, struct iked_sa *sa, ret = 0; done: sa->sa_use_transport_mode = 0; /* reset state after use */ - ibuf_release(dhsecret); - ibuf_release(keymat); - ibuf_release(seed); + ibuf_free(dhsecret); + ibuf_free(keymat); + ibuf_free(seed); childsa_free(csa); childsa_free(csb); childsa_free(csa2); @@ -6586,8 +6586,8 @@ ikev2_childsa_enable(struct iked *env, struct iked_sa *sa) ret = 0; done: - ibuf_release(spibuf); - ibuf_release(flowbuf); + ibuf_free(spibuf); + ibuf_free(flowbuf); return (ret); } @@ -6865,7 +6865,7 @@ ikev2_child_sa_drop(struct iked *env, struct iked_spi *drop) sa->sa_stateflags |= IKED_REQ_INF; done: - ibuf_release(buf); + ibuf_free(buf); return (0); } @@ -6888,7 +6888,7 @@ ikev2_print_static_id(struct iked_static_id *id, char *idstr, size_t idstrlen) } ret = 0; done: - ibuf_release(idp.id_buf); + ibuf_free(idp.id_buf); return (ret); } diff --git a/sbin/iked/ikev2_msg.c b/sbin/iked/ikev2_msg.c index aa98c78f492..d279d9fb86f 100644 --- a/sbin/iked/ikev2_msg.c +++ b/sbin/iked/ikev2_msg.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_msg.c,v 1.90 2022/12/06 09:07:33 tobhe Exp $ */ +/* $OpenBSD: ikev2_msg.c,v 1.91 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -191,15 +191,15 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg) struct iked_certreq *cr; if (msg == msg->msg_parent) { - ibuf_release(msg->msg_nonce); - ibuf_release(msg->msg_ke); - ibuf_release(msg->msg_auth.id_buf); - ibuf_release(msg->msg_peerid.id_buf); - ibuf_release(msg->msg_localid.id_buf); - ibuf_release(msg->msg_cert.id_buf); - ibuf_release(msg->msg_cookie); - ibuf_release(msg->msg_cookie2); - ibuf_release(msg->msg_del_buf); + ibuf_free(msg->msg_nonce); + ibuf_free(msg->msg_ke); + ibuf_free(msg->msg_auth.id_buf); + ibuf_free(msg->msg_peerid.id_buf); + ibuf_free(msg->msg_localid.id_buf); + ibuf_free(msg->msg_cert.id_buf); + ibuf_free(msg->msg_cookie); + ibuf_free(msg->msg_cookie2); + ibuf_free(msg->msg_del_buf); free(msg->msg_eap.eam_user); free(msg->msg_cp_addr); free(msg->msg_cp_addr6); @@ -221,14 +221,14 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg) config_free_proposals(&msg->msg_proposals, 0); while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) { - ibuf_release(cr->cr_data); + ibuf_free(cr->cr_data); SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry); free(cr); } } if (msg->msg_data != NULL) { - ibuf_release(msg->msg_data); + ibuf_free(msg->msg_data); msg->msg_data = NULL; } } @@ -478,13 +478,13 @@ ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src, __func__, len + sizeof(pad), pad, ibuf_size(dst)); print_hex(ibuf_data(dst), 0, ibuf_size(dst)); - ibuf_release(src); - ibuf_release(out); + ibuf_free(src); + ibuf_free(out); return (dst); done: - ibuf_release(src); - ibuf_release(out); - ibuf_release(dst); + ibuf_free(src); + ibuf_free(out); + ibuf_free(dst); return (NULL); } @@ -548,7 +548,7 @@ ikev2_msg_integr(struct iked *env, struct iked_sa *sa, struct ibuf *src) ret = 0; done: - ibuf_release(tmp); + ibuf_free(tmp); return (ret); } @@ -623,7 +623,7 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa, log_debug("%s: integrity check succeeded", __func__); print_hex(tmp->buf, 0, tmplen); - ibuf_release(tmp); + ibuf_free(tmp); tmp = NULL; } @@ -691,12 +691,12 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa, if (ibuf_setsize(out, outlen - pad - 1) != 0) goto done; - ibuf_release(src); + ibuf_free(src); return (out); done: - ibuf_release(tmp); - ibuf_release(out); - ibuf_release(src); + ibuf_free(tmp); + ibuf_free(out); + ibuf_free(src); return (NULL); } @@ -906,14 +906,14 @@ ikev2_send_encrypted_fragments(struct iked *env, struct iked_sa *sa, firstpayload = 0; ikev2_msg_cleanup(env, &resp); - ibuf_release(e); + ibuf_free(e); e = NULL; } return 0; done: ikev2_msg_cleanup(env, &resp); - ibuf_release(e); + ibuf_free(e); ikestat_inc(env, ikes_frag_send_failures); return ret; } @@ -977,7 +977,7 @@ ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response) return (authmsg); fail: - ibuf_release(authmsg); + ibuf_free(authmsg); return (NULL); } @@ -1109,7 +1109,7 @@ ikev2_msg_authsign(struct iked *env, struct iked_sa *sa, goto done; } - ibuf_release(sa->sa_localauth.id_buf); + ibuf_free(sa->sa_localauth.id_buf); sa->sa_localauth.id_buf = NULL; if ((buf = ibuf_new(NULL, dsa_length(dsa))) == NULL) { @@ -1120,14 +1120,14 @@ ikev2_msg_authsign(struct iked *env, struct iked_sa *sa, if ((siglen = dsa_sign_final(dsa, ibuf_data(buf), ibuf_size(buf))) < 0) { log_debug("%s: failed to create auth signature", __func__); - ibuf_release(buf); + ibuf_free(buf); goto done; } if (ibuf_setsize(buf, siglen) < 0) { log_debug("%s: failed to set auth signature size to %zd", __func__, siglen); - ibuf_release(buf); + ibuf_free(buf); goto done; } diff --git a/sbin/iked/ikev2_pld.c b/sbin/iked/ikev2_pld.c index 8a851d0f425..a055c2f1be1 100644 --- a/sbin/iked/ikev2_pld.c +++ b/sbin/iked/ikev2_pld.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ikev2_pld.c,v 1.127 2022/12/06 09:07:33 tobhe Exp $ */ +/* $OpenBSD: ikev2_pld.c,v 1.128 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2019 Tobias Heider @@ -748,7 +748,7 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, return (-1); if (ikev2_print_id(&idb, idstr, sizeof(idstr)) == -1) { - ibuf_release(idb.id_buf); + ibuf_free(idb.id_buf); log_debug("%s: malformed id", __func__); return (-1); } @@ -756,7 +756,7 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, log_debug("%s: id %s length %zu", __func__, idstr, len); if (!ikev2_msg_frompeer(msg)) { - ibuf_release(idb.id_buf); + ibuf_free(idb.id_buf); return (0); } @@ -766,13 +766,13 @@ ikev2_pld_id(struct iked *env, struct ikev2_payload *pld, else if (!sa->sa_hdr.sh_initiator && payload == IKEV2_PAYLOAD_IDr) idp = &msg->msg_parent->msg_localid; else { - ibuf_release(idb.id_buf); + ibuf_free(idb.id_buf); log_debug("%s: unexpected id payload", __func__); return (0); } if (idp->id_type) { - ibuf_release(idb.id_buf); + ibuf_free(idb.id_buf); log_debug("%s: duplicate id payload", __func__); return (-1); } @@ -964,7 +964,7 @@ ikev2_pld_auth(struct iked *env, struct ikev2_payload *pld, return (-1); } - ibuf_release(idp->id_buf); + ibuf_free(idp->id_buf); idp->id_type = auth.auth_method; idp->id_offset = 0; if ((idp->id_buf = ibuf_new(buf, len)) == NULL) @@ -1279,7 +1279,7 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, " notification: %zu", __func__, left); return (0); } - ibuf_release(msg->msg_cookie2); /* should not happen */ + ibuf_free(msg->msg_cookie2); /* should not happen */ if ((msg->msg_cookie2 = ibuf_new(buf, left)) == NULL) { log_debug("%s: failed to get peer cookie2", __func__); return (-1); @@ -1300,7 +1300,7 @@ ikev2_pld_notify(struct iked *env, struct ikev2_payload *pld, log_debug("%s: received cookie, len %zu", __func__, left); print_hex(buf, 0, left); - ibuf_release(msg->msg_cookie); + ibuf_free(msg->msg_cookie); if ((msg->msg_cookie = ibuf_new(buf, left)) == NULL) { log_debug("%s: failed to get peer cookie", __func__); return (-1); @@ -1710,12 +1710,12 @@ ikev2_pld_ef(struct iked *env, struct ikev2_payload *pld, done: if (!processed) ikestat_inc(env, ikes_frag_rcvd_drop); - ibuf_release(e); + ibuf_free(e); return (ret); dropall: ikestat_add(env, ikes_frag_rcvd_drop, sa_frag->frag_count + 1); config_free_fragments(sa_frag); - ibuf_release(e); + ibuf_free(e); return -1; } @@ -1782,7 +1782,7 @@ done: else ikestat_add(env, ikes_frag_reass_drop, sa_frag->frag_total); config_free_fragments(sa_frag); - ibuf_release(e); + ibuf_free(e); return (ret); } @@ -1837,7 +1837,7 @@ ikev2_pld_e(struct iked *env, struct ikev2_payload *pld, pld->pld_nextpayload); done: - ibuf_release(e); + ibuf_free(e); return (ret); } diff --git a/sbin/iked/imsg_util.c b/sbin/iked/imsg_util.c index 65e8ba5df55..abbd3e5ef99 100644 --- a/sbin/iked/imsg_util.c +++ b/sbin/iked/imsg_util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: imsg_util.c,v 1.14 2023/05/23 12:43:26 claudio Exp $ */ +/* $OpenBSD: imsg_util.c,v 1.15 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2010-2013 Reyk Floeter @@ -81,12 +81,6 @@ ibuf_advance(struct ibuf *buf, size_t len) return ibuf_reserve(buf, len); } -void -ibuf_release(struct ibuf *buf) -{ - ibuf_free(buf); -} - size_t ibuf_length(struct ibuf *buf) { @@ -166,7 +160,7 @@ ibuf_prepend(struct ibuf *buf, void *data, size_t len) if ((new = ibuf_new(data, len)) == NULL) return (-1); if (ibuf_cat(new, buf) == -1) { - ibuf_release(new); + ibuf_free(new); return (-1); } free(buf->buf); diff --git a/sbin/iked/policy.c b/sbin/iked/policy.c index fec73e319f9..be34ed9df9a 100644 --- a/sbin/iked/policy.c +++ b/sbin/iked/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.93 2023/02/08 19:59:10 tb Exp $ */ +/* $OpenBSD: policy.c,v 1.94 2023/05/23 13:12:19 claudio Exp $ */ /* * Copyright (c) 2020-2021 Tobias Heider @@ -784,8 +784,8 @@ childsa_free(struct iked_childsa *csa) csb->csa_bundled = NULL; if ((csb = csa->csa_peersa) != NULL) csb->csa_peersa = NULL; - ibuf_release(csa->csa_encrkey); - ibuf_release(csa->csa_integrkey); + ibuf_free(csa->csa_encrkey); + ibuf_free(csa->csa_integrkey); free(csa); } -- 2.20.1