diff options
author | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-06-07 04:46:46 +0000 |
---|---|---|
committer | Angelos D. Keromytis <angelos@cvs.openbsd.org> | 2001-06-07 04:46:46 +0000 |
commit | e067709466d0eca5513d5d7a05b8dbf7699fcf96 (patch) | |
tree | 29deb182fd5cf6533a1c417dbac5f42e55aaae71 /sbin/isakmpd | |
parent | ba03a212376f5be0a3f0952b1aade4421a7e59ab (diff) |
No need to allocate/free X509 policy information -- the certs are
converted as needed, and the CA certs are irrelevant.
Diffstat (limited to 'sbin/isakmpd')
-rw-r--r-- | sbin/isakmpd/policy.c | 5 | ||||
-rw-r--r-- | sbin/isakmpd/x509.c | 169 |
2 files changed, 21 insertions, 153 deletions
diff --git a/sbin/isakmpd/policy.c b/sbin/isakmpd/policy.c index 525121dd041..4645c338011 100644 --- a/sbin/isakmpd/policy.c +++ b/sbin/isakmpd/policy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: policy.c,v 1.31 2001/06/07 04:23:35 angelos Exp $ */ +/* $OpenBSD: policy.c,v 1.32 2001/06/07 04:46:45 angelos Exp $ */ /* $EOM: policy.c,v 1.49 2000/10/24 13:33:39 niklas Exp $ */ /* @@ -124,9 +124,6 @@ static struct dynload_script libkeynote_script[] = { char **keynote_policy_asserts = NULL; int keynote_policy_asserts_num = 0; -char **x509_policy_asserts = NULL; -int x509_policy_asserts_num = 0; -int x509_policy_asserts_num_alloc = 0; struct exchange *policy_exchange = 0; struct sa *policy_sa = 0; struct sa *policy_isakmp_sa = 0; diff --git a/sbin/isakmpd/x509.c b/sbin/isakmpd/x509.c index a5185b17457..322152a708b 100644 --- a/sbin/isakmpd/x509.c +++ b/sbin/isakmpd/x509.c @@ -1,4 +1,4 @@ -/* $OpenBSD: x509.c,v 1.55 2001/06/07 04:23:35 angelos Exp $ */ +/* $OpenBSD: x509.c,v 1.56 2001/06/07 04:46:45 angelos Exp $ */ /* $EOM: x509.c,v 1.54 2001/01/16 18:42:16 ho Exp $ */ /* @@ -116,7 +116,6 @@ x509_generate_kn (int id, X509 *cert) X509_OBJECT obj; X509 *icert; RSA *key; - char **new_asserts; time_t tt; char before[15], after[15]; ASN1_TIME *tm; @@ -465,66 +464,17 @@ x509_generate_kn (int id, X509 *cert) free (ikey); free (skey); - /* If we've been given a session, add it there */ - if (id != -1) + if (LK (kn_add_assertion, (id, buf, strlen (buf), + ASSERT_FLAG_LOCAL)) == -1) { - if (LK (kn_add_assertion, (id, buf, strlen (buf), - ASSERT_FLAG_LOCAL)) == -1) - { - LOG_DBG ((LOG_POLICY, 30, - "x509_generate_kn: failed to add new KeyNote credential")); - free (buf); - return 0; - } - - /* We could print the assertion here, but log_print() truncates... */ - LOG_DBG ((LOG_POLICY, 60, "x509_generate_kn: added credential")); + LOG_DBG ((LOG_POLICY, 30, + "x509_generate_kn: failed to add new KeyNote credential")); + free (buf); + return 0; } - else - { - /* We could print the assertion here, but log_print() truncates... */ - LOG_DBG ((LOG_POLICY, 60, "x509_generate_kn: adding policy")); - - /* Store the X509-derived assertion so we can use it as a policy. */ - if (x509_policy_asserts_num == 0) - { - x509_policy_asserts = calloc (4, sizeof (char *)); - if (!x509_policy_asserts) - { - log_error ("x509_generate_kn: failed to allocate %d bytes", - 4 * sizeof (char *)); - free (buf); - return 0; - } - - x509_policy_asserts_num_alloc = 4; - x509_policy_asserts_num = 1; - x509_policy_asserts[0] = buf; - } - else - { - if (x509_policy_asserts_num + 1 > x509_policy_asserts_num_alloc) - { - x509_policy_asserts_num_alloc *= 2; - new_asserts = realloc (x509_policy_asserts, - x509_policy_asserts_num_alloc - * sizeof (char *)); - if (!new_asserts) - { - x509_policy_asserts_num_alloc /= 2; - log_error ("x509_generate_kn: failed to allocate %d bytes", - x509_policy_asserts_num_alloc * sizeof (char *)); - free (buf); - return 0; - } - - x509_policy_asserts = new_asserts; - } - /* Assign to the next available. */ - x509_policy_asserts[x509_policy_asserts_num++] = buf; - } - } + /* We could print the assertion here, but log_print() truncates... */ + LOG_DBG ((LOG_POLICY, 60, "x509_generate_kn: added credential")); free (buf); @@ -552,65 +502,18 @@ x509_generate_kn (int id, X509 *cert) sprintf (buf, fmt2, isname, subname, timecomp, before, timecomp2, after); - if (id != -1) + if (LK (kn_add_assertion, (id, buf, strlen (buf), + ASSERT_FLAG_LOCAL)) == -1) { - if (LK (kn_add_assertion, (id, buf, strlen (buf), - ASSERT_FLAG_LOCAL)) == -1) - { - LOG_DBG ((LOG_POLICY, 30, - "x509_generate_kn: failed to add new KeyNote credential")); - free (buf); - return 0; - } - - LOG_DBG ((LOG_POLICY, 80, "x509_generate_kn: added credential:\n%s", - buf)); + LOG_DBG ((LOG_POLICY, 30, + "x509_generate_kn: failed to add new KeyNote credential")); + free (buf); + return 0; } - else - { - LOG_DBG ((LOG_POLICY, 80, "x509_generate_kn: adding policy:\n%s", buf)); - /* Store the X509-derived assertion so we can use it as a policy. */ - if (x509_policy_asserts_num == 0) - { - x509_policy_asserts = calloc (4, sizeof (char *)); - if (!x509_policy_asserts) - { - log_error ("x509_generate_kn: failed to allocate %d bytes", - 4 * sizeof (char *)); - free (buf); - return 0; - } - - x509_policy_asserts_num_alloc = 4; - x509_policy_asserts_num = 1; - x509_policy_asserts[0] = buf; - } - else - { - if (x509_policy_asserts_num + 1 > x509_policy_asserts_num_alloc) - { - x509_policy_asserts_num_alloc *= 2; - new_asserts = realloc (x509_policy_asserts, - x509_policy_asserts_num_alloc - * sizeof (char *)); - if (!new_asserts) - { - x509_policy_asserts_num_alloc /= 2; - log_error ("x509_generate_kn: failed to allocate %d bytes", - x509_policy_asserts_num_alloc * sizeof (char *)); - free (buf); - return 0; - } - - x509_policy_asserts = new_asserts; - } - - /* Assign to the next available. */ - x509_policy_asserts[x509_policy_asserts_num++] = buf; - } - } + LOG_DBG ((LOG_POLICY, 80, "x509_generate_kn: added credential:\n%s", buf)); + free (buf); return 1; } #endif /* USE_POLICY */ @@ -833,23 +736,9 @@ x509_read_from_dir (X509_STORE *ctx, char *name, int hash) } if (hash) - { - if (!x509_hash_enter (cert)) - log_print ("x509_read_from_dir: x509_hash_enter (%s) failed", - file->d_name); - } - else - { -#ifdef USE_POLICY -#ifdef USE_KEYNOTE - if (x509_generate_kn (-1, cert) == 0) -#else - if (libkeynote && x509_generate_kn (-1, cert) == 0) -#endif - LOG_DBG ((LOG_POLICY, 50, - "x509_read_from_dir: x509_generate_kn failed")); -#endif /* USE_POLICY */ - } + if (!x509_hash_enter (cert)) + log_print ("x509_read_from_dir: x509_hash_enter (%s) failed", + file->d_name); } closedir (dir); @@ -862,27 +751,9 @@ int x509_cert_init (void) { char *dirname; -#if defined(USE_KEYNOTE) || defined(USE_POLICY) - int i; -#endif x509_hash_init (); -#if defined(USE_KEYNOTE) || defined(USE_POLICY) - /* Cleanup */ - if (x509_policy_asserts) - { - for (i = 0; i < x509_policy_asserts_num; i++) - if (x509_policy_asserts[i]) - free (x509_policy_asserts[i]); - - free (x509_policy_asserts); - } - - x509_policy_asserts = 0; - x509_policy_asserts_num = x509_policy_asserts_num_alloc = 0; -#endif - /* Process CA certificates we will trust. */ dirname = conf_get_str ("X509-certificates", "CA-directory"); if (!dirname) |