summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-07 04:46:46 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-06-07 04:46:46 +0000
commite067709466d0eca5513d5d7a05b8dbf7699fcf96 (patch)
tree29deb182fd5cf6533a1c417dbac5f42e55aaae71
parentba03a212376f5be0a3f0952b1aade4421a7e59ab (diff)
No need to allocate/free X509 policy information -- the certs are
converted as needed, and the CA certs are irrelevant.
-rw-r--r--sbin/isakmpd/policy.c5
-rw-r--r--sbin/isakmpd/x509.c169
2 files changed, 21 insertions, 153 deletions
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c
index 525121dd041..4645c338011 100644
--- a/sbin/isakmpd/policy.c
+++ b/sbin/isakmpd/policy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: policy.c,v 1.31 2001/06/07 04:23:35 angelos Exp $ */
+/* $OpenBSD: policy.c,v 1.32 2001/06/07 04:46:45 angelos Exp $ */
/* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */
/*
@@ -124,9 +124,6 @@ static struct dynload_script libkeynote_script[] = {
char **keynote_policy_asserts = NULL;
int keynote_policy_asserts_num = 0;
-char **x509_policy_asserts = NULL;
-int x509_policy_asserts_num = 0;
-int x509_policy_asserts_num_alloc = 0;
struct exchange *policy_exchange = 0;
struct sa *policy_sa = 0;
struct sa *policy_isakmp_sa = 0;
diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c
index a5185b17457..322152a708b 100644
--- a/sbin/isakmpd/x509.c
+++ b/sbin/isakmpd/x509.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: x509.c,v 1.55 2001/06/07 04:23:35 angelos Exp $ */
+/* $OpenBSD: x509.c,v 1.56 2001/06/07 04:46:45 angelos Exp $ */
/* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */
/*
@@ -116,7 +116,6 @@ x509_generate_kn (int id, X509 *cert)
X509_OBJECT obj;
X509 *icert;
RSA *key;
- char **new_asserts;
time_t tt;
char before[15], after[15];
ASN1_TIME *tm;
@@ -465,66 +464,17 @@ x509_generate_kn (int id, X509 *cert)
free (ikey);
free (skey);
- /* If we've been given a session, add it there */
- if (id != -1)
+ if (LK (kn_add_assertion, (id, buf, strlen (buf),
+ ASSERT_FLAG_LOCAL)) == -1)
{
- if (LK (kn_add_assertion, (id, buf, strlen (buf),
- ASSERT_FLAG_LOCAL)) == -1)
- {
- LOG_DBG ((LOG_POLICY, 30,
- "x509_generate_kn: failed to add new KeyNote credential"));
- free (buf);
- return 0;
- }
-
- /* We could print the assertion here, but log_print() truncates... */
- LOG_DBG ((LOG_POLICY, 60, "x509_generate_kn: added credential"));
+ LOG_DBG ((LOG_POLICY, 30,
+ "x509_generate_kn: failed to add new KeyNote credential"));
+ free (buf);
+ return 0;
}
- else
- {
- /* We could print the assertion here, but log_print() truncates... */
- LOG_DBG ((LOG_POLICY, 60, "x509_generate_kn: adding policy"));
-
- /* Store the X509-derived assertion so we can use it as a policy. */
- if (x509_policy_asserts_num == 0)
- {
- x509_policy_asserts = calloc (4, sizeof (char *));
- if (!x509_policy_asserts)
- {
- log_error ("x509_generate_kn: failed to allocate %d bytes",
- 4 * sizeof (char *));
- free (buf);
- return 0;
- }
-
- x509_policy_asserts_num_alloc = 4;
- x509_policy_asserts_num = 1;
- x509_policy_asserts[0] = buf;
- }
- else
- {
- if (x509_policy_asserts_num + 1 > x509_policy_asserts_num_alloc)
- {
- x509_policy_asserts_num_alloc *= 2;
- new_asserts = realloc (x509_policy_asserts,
- x509_policy_asserts_num_alloc
- * sizeof (char *));
- if (!new_asserts)
- {
- x509_policy_asserts_num_alloc /= 2;
- log_error ("x509_generate_kn: failed to allocate %d bytes",
- x509_policy_asserts_num_alloc * sizeof (char *));
- free (buf);
- return 0;
- }
-
- x509_policy_asserts = new_asserts;
- }
- /* Assign to the next available. */
- x509_policy_asserts[x509_policy_asserts_num++] = buf;
- }
- }
+ /* We could print the assertion here, but log_print() truncates... */
+ LOG_DBG ((LOG_POLICY, 60, "x509_generate_kn: added credential"));
free (buf);
@@ -552,65 +502,18 @@ x509_generate_kn (int id, X509 *cert)
sprintf (buf, fmt2, isname, subname, timecomp, before, timecomp2, after);
- if (id != -1)
+ if (LK (kn_add_assertion, (id, buf, strlen (buf),
+ ASSERT_FLAG_LOCAL)) == -1)
{
- if (LK (kn_add_assertion, (id, buf, strlen (buf),
- ASSERT_FLAG_LOCAL)) == -1)
- {
- LOG_DBG ((LOG_POLICY, 30,
- "x509_generate_kn: failed to add new KeyNote credential"));
- free (buf);
- return 0;
- }
-
- LOG_DBG ((LOG_POLICY, 80, "x509_generate_kn: added credential:\n%s",
- buf));
+ LOG_DBG ((LOG_POLICY, 30,
+ "x509_generate_kn: failed to add new KeyNote credential"));
+ free (buf);
+ return 0;
}
- else
- {
- LOG_DBG ((LOG_POLICY, 80, "x509_generate_kn: adding policy:\n%s", buf));
- /* Store the X509-derived assertion so we can use it as a policy. */
- if (x509_policy_asserts_num == 0)
- {
- x509_policy_asserts = calloc (4, sizeof (char *));
- if (!x509_policy_asserts)
- {
- log_error ("x509_generate_kn: failed to allocate %d bytes",
- 4 * sizeof (char *));
- free (buf);
- return 0;
- }
-
- x509_policy_asserts_num_alloc = 4;
- x509_policy_asserts_num = 1;
- x509_policy_asserts[0] = buf;
- }
- else
- {
- if (x509_policy_asserts_num + 1 > x509_policy_asserts_num_alloc)
- {
- x509_policy_asserts_num_alloc *= 2;
- new_asserts = realloc (x509_policy_asserts,
- x509_policy_asserts_num_alloc
- * sizeof (char *));
- if (!new_asserts)
- {
- x509_policy_asserts_num_alloc /= 2;
- log_error ("x509_generate_kn: failed to allocate %d bytes",
- x509_policy_asserts_num_alloc * sizeof (char *));
- free (buf);
- return 0;
- }
-
- x509_policy_asserts = new_asserts;
- }
-
- /* Assign to the next available. */
- x509_policy_asserts[x509_policy_asserts_num++] = buf;
- }
- }
+ LOG_DBG ((LOG_POLICY, 80, "x509_generate_kn: added credential:\n%s", buf));
+ free (buf);
return 1;
}
#endif /* USE_POLICY */
@@ -833,23 +736,9 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash)
}
if (hash)
- {
- if (!x509_hash_enter (cert))
- log_print ("x509_read_from_dir: x509_hash_enter (%s) failed",
- file->d_name);
- }
- else
- {
-#ifdef USE_POLICY
-#ifdef USE_KEYNOTE
- if (x509_generate_kn (-1, cert) == 0)
-#else
- if (libkeynote && x509_generate_kn (-1, cert) == 0)
-#endif
- LOG_DBG ((LOG_POLICY, 50,
- "x509_read_from_dir: x509_generate_kn failed"));
-#endif /* USE_POLICY */
- }
+ if (!x509_hash_enter (cert))
+ log_print ("x509_read_from_dir: x509_hash_enter (%s) failed",
+ file->d_name);
}
closedir (dir);
@@ -862,27 +751,9 @@ int
x509_cert_init (void)
{
char *dirname;
-#if defined(USE_KEYNOTE) || defined(USE_POLICY)
- int i;
-#endif
x509_hash_init ();
-#if defined(USE_KEYNOTE) || defined(USE_POLICY)
- /* Cleanup */
- if (x509_policy_asserts)
- {
- for (i = 0; i < x509_policy_asserts_num; i++)
- if (x509_policy_asserts[i])
- free (x509_policy_asserts[i]);
-
- free (x509_policy_asserts);
- }
-
- x509_policy_asserts = 0;
- x509_policy_asserts_num = x509_policy_asserts_num_alloc = 0;
-#endif
-
/* Process CA certificates we will trust. */
dirname = conf_get_str ("X509-certificates", "CA-directory");
if (!dirname)