sync code with last fixes and improvements from OpenBSD

SecBSD/src
Fork 0
Browse source
This commit is contained in:
purplerain
2023-06-07 21:20:56 +00:00
parent 4b78db449c
commit bf0676207f
Signed by:
purplerain
GPG key ID: F42C07F07E2E35B7
2406 changed files with 6353 additions and 434004 deletions
									
										80

sbin/iked/ikev2_msg.c
									
										View file
										
				@ -1,4 +1,4 @@

				/*	$OpenBSD: ikev2_msg.c,v 1.90 2022/12/06 09:07:33 tobhe Exp $	*/

				/*	$OpenBSD: ikev2_msg.c,v 1.94 2023/06/06 13:27:49 claudio Exp $	*/

				/*

				 * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>

				@ -191,15 +191,15 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)

					struct iked_certreq	*cr;

					if (msg == msg->msg_parent) {

						ibuf_release(msg->msg_nonce);

						ibuf_release(msg->msg_ke);

						ibuf_release(msg->msg_auth.id_buf);

						ibuf_release(msg->msg_peerid.id_buf);

						ibuf_release(msg->msg_localid.id_buf);

						ibuf_release(msg->msg_cert.id_buf);

						ibuf_release(msg->msg_cookie);

						ibuf_release(msg->msg_cookie2);

						ibuf_release(msg->msg_del_buf);

						ibuf_free(msg->msg_nonce);

						ibuf_free(msg->msg_ke);

						ibuf_free(msg->msg_auth.id_buf);

						ibuf_free(msg->msg_peerid.id_buf);

						ibuf_free(msg->msg_localid.id_buf);

						ibuf_free(msg->msg_cert.id_buf);

						ibuf_free(msg->msg_cookie);

						ibuf_free(msg->msg_cookie2);

						ibuf_free(msg->msg_del_buf);

						free(msg->msg_eap.eam_user);

						free(msg->msg_cp_addr);

						free(msg->msg_cp_addr6);

				@ -221,14 +221,14 @@ ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)

						config_free_proposals(&msg->msg_proposals, 0);

						while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs))) {

							ibuf_release(cr->cr_data);

							ibuf_free(cr->cr_data);

							SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry);

							free(cr);

						}

					}

					if (msg->msg_data != NULL) {

						ibuf_release(msg->msg_data);

						ibuf_free(msg->msg_data);

						msg->msg_data = NULL;

					}

				}

				@ -290,10 +290,18 @@ ikev2_msg_send(struct iked *env, struct iked_message *msg)

					    ibuf_length(buf), isnatt ? ", NAT-T" : "");

					if (isnatt) {

						if (ibuf_prepend(buf, &natt, sizeof(natt)) == -1) {

						struct ibuf *new;

						if ((new = ibuf_new(&natt, sizeof(natt))) == NULL) {

							log_debug("%s: failed to set NAT-T", __func__);

							return (-1);

						}

						if (ibuf_cat(new, buf) == -1) {

							ibuf_free(new);

							log_debug("%s: failed to set NAT-T", __func__);

							return (-1);

						}

						ibuf_free(buf);

						buf = msg->msg_data = new;

					}

					if (sendtofrom(msg->msg_fd, ibuf_data(buf), ibuf_size(buf), 0,

				@ -425,7 +433,7 @@ ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src,

					 * Pad the payload and encrypt it

					 */

					if (pad) {

						if ((ptr = ibuf_advance(src, pad)) == NULL)

						if ((ptr = ibuf_reserve(src, pad)) == NULL)

							goto done;

						arc4random_buf(ptr, pad);

					}

				@ -470,7 +478,7 @@ ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src,

					if (outlen && ibuf_add(dst, ibuf_data(out), outlen) != 0)

						goto done;

					if ((ptr = ibuf_advance(dst, integrlen)) == NULL)

					if ((ptr = ibuf_reserve(dst, integrlen)) == NULL)

						goto done;

					explicit_bzero(ptr, integrlen);

				@ -478,13 +486,13 @@ ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src,

					    __func__, len + sizeof(pad), pad, ibuf_size(dst));

					print_hex(ibuf_data(dst), 0, ibuf_size(dst));

					ibuf_release(src);

					ibuf_release(out);

					ibuf_free(src);

					ibuf_free(out);

					return (dst);

				 done:

					ibuf_release(src);

					ibuf_release(out);

					ibuf_release(dst);

					ibuf_free(src);

					ibuf_free(out);

					ibuf_free(dst);

					return (NULL);

				}

				@ -548,7 +556,7 @@ ikev2_msg_integr(struct iked *env, struct iked_sa *sa, struct ibuf *src)

					ret = 0;

				 done:

					ibuf_release(tmp);

					ibuf_free(tmp);

					return (ret);

				}

				@ -623,7 +631,7 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa,

						log_debug("%s: integrity check succeeded", __func__);

						print_hex(tmp->buf, 0, tmplen);

						ibuf_release(tmp);

						ibuf_free(tmp);

						tmp = NULL;

					}

				@ -636,7 +644,7 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa,

					}

					cipher_setkey(sa->sa_encr, encr->buf, ibuf_length(encr));

					cipher_setiv(sa->sa_encr, ibuf_data(src) + ivoff, ivlen);

					cipher_setiv(sa->sa_encr, ibuf_seek(src, ivoff, ivlen), ivlen);

					if (cipher_init_decrypt(sa->sa_encr) == -1) {

						log_info("%s: error initiating cipher.", __func__);

						goto done;

				@ -668,7 +676,7 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa,

					}

					if ((outlen = ibuf_length(out)) != 0) {

						if (cipher_update(sa->sa_encr, ibuf_data(src) + encroff,

						if (cipher_update(sa->sa_encr, ibuf_seek(src, encroff, encrlen),

						    encrlen, ibuf_data(out), &outlen) == -1) {

							log_info("%s: error updating cipher.", __func__);

							goto done;

				@ -691,12 +699,12 @@ ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa,

					if (ibuf_setsize(out, outlen - pad - 1) != 0)

						goto done;

					ibuf_release(src);

					ibuf_free(src);

					return (out);

				 done:

					ibuf_release(tmp);

					ibuf_release(out);

					ibuf_release(src);

					ibuf_free(tmp);

					ibuf_free(out);

					ibuf_free(src);

					return (NULL);

				}

				@ -852,7 +860,7 @@ ikev2_send_encrypted_fragments(struct iked *env, struct iked_sa *sa,

							goto done;

						/* Fragment header */

						if ((frag = ibuf_advance(buf, sizeof(*frag))) == NULL) {

						if ((frag = ibuf_reserve(buf, sizeof(*frag))) == NULL) {

							log_debug("%s: failed to add SKF fragment header",

							    __func__);

							goto done;

				@ -906,14 +914,14 @@ ikev2_send_encrypted_fragments(struct iked *env, struct iked_sa *sa,

						firstpayload = 0;

						ikev2_msg_cleanup(env, &resp);

						ibuf_release(e);

						ibuf_free(e);

						e = NULL;

					}

					return 0;

				done:

					ikev2_msg_cleanup(env, &resp);

					ibuf_release(e);

					ibuf_free(e);

					ikestat_inc(env, ikes_frag_send_failures);

					return ret;

				}

				@ -959,7 +967,7 @@ ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response)

					if (hash_keylength(sa->sa_prf) != hash_length(sa->sa_prf))

						goto fail;

					if ((ptr = ibuf_advance(authmsg, hash_keylength(sa->sa_prf))) == NULL)

					if ((ptr = ibuf_reserve(authmsg, hash_keylength(sa->sa_prf))) == NULL)

						goto fail;

					hash_init(sa->sa_prf);

				@ -977,7 +985,7 @@ ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response)

					return (authmsg);

				 fail:

					ibuf_release(authmsg);

					ibuf_free(authmsg);

					return (NULL);

				}

				@ -1109,7 +1117,7 @@ ikev2_msg_authsign(struct iked *env, struct iked_sa *sa,

						goto done;

					}

					ibuf_release(sa->sa_localauth.id_buf);

					ibuf_free(sa->sa_localauth.id_buf);

					sa->sa_localauth.id_buf = NULL;

					if ((buf = ibuf_new(NULL, dsa_length(dsa))) == NULL) {

				@ -1120,14 +1128,14 @@ ikev2_msg_authsign(struct iked *env, struct iked_sa *sa,

					if ((siglen = dsa_sign_final(dsa,

					    ibuf_data(buf), ibuf_size(buf))) < 0) {

						log_debug("%s: failed to create auth signature", __func__);

						ibuf_release(buf);

						ibuf_free(buf);

						goto done;

					}

					if (ibuf_setsize(buf, siglen) < 0) {

						log_debug("%s: failed to set auth signature size to %zd",

						    __func__, siglen);

						ibuf_release(buf);

						ibuf_free(buf);

						goto done;

					}
Rows
Columns
sync code with last fixes and improvements from OpenBSD

80 sbin/iked/ikev2_msg.c Unescape Escape View file

80

sbin/iked/ikev2_msg.c

View file
