summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
authorAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-05-31 20:25:11 +0000
committerAngelos D. Keromytis <angelos@cvs.openbsd.org>2001-05-31 20:25:11 +0000
commitd9c0b9d5c66492218adb2bc09af65060864b4d93 (patch)
treeeb7c8e5ab4757dae3fb806d2fb3b36f1adea23aa /sbin
parent27f8b3365505b80000aecd13614f08dd4ad56056 (diff)
Copy the new information from the exchange to the sa at the end of the
exchange, and generalize certificate copying by taking advantage of the new routines in the cert handler.
Diffstat (limited to 'sbin')
-rw-r--r--sbin/isakmpd/exchange.c83
1 files changed, 36 insertions, 47 deletions
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index 4900fe7376f..02b41a00d3c 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.46 2001/05/05 00:48:11 angelos Exp $ */
+/* $OpenBSD: exchange.c,v 1.47 2001/05/31 20:25:10 angelos Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -63,9 +63,7 @@
#include "ipsec.h"
#include "sa.h"
#include "util.h"
-#ifdef USE_X509
-#include "x509.h"
-#endif
+#include "key.h"
/* Initial number of bits from the cookies used as hash. */
#define INITIAL_BUCKET_BITS 6
@@ -1181,11 +1179,21 @@ exchange_free_aux (void *v_exch)
handler = cert_get (exchange->recv_certtype);
if (handler)
handler->cert_free (exchange->recv_cert);
- else if (exchange->recv_certtype == ISAKMP_CERTENC_NONE)
- free (exchange->recv_cert);
+ }
+ if (exchange->sent_cert)
+ {
+ handler = cert_get (exchange->sent_certtype);
+ if (handler)
+ handler->cert_free (exchange->sent_cert);
}
if (exchange->recv_key)
- free (exchange->recv_key);
+ key_free (exchange->recv_keytype, ISAKMP_KEYTYPE_PUBLIC,
+ exchange->recv_key);
+ if (exchange->sent_key)
+ key_free (exchange->sent_keytype, ISAKMP_KEYTYPE_PRIVATE,
+ exchange->sent_key);
+ if (exchange->keynote_key)
+ free (exchange->keynote_key); /* This is just a string */
#if defined(POLICY) || defined(KEYNOTE)
if (exchange->policy_id != -1)
@@ -1279,6 +1287,7 @@ exchange_finalize (struct message *msg)
struct proto *proto;
struct conf_list *attrs;
struct conf_list_node *attr;
+ struct cert_handler *handler;
int i;
exchange_dump ("exchange_finalize", exchange);
@@ -1347,55 +1356,35 @@ exchange_finalize (struct message *msg)
exchange->keystate = 0;
msg->isakmp_sa->recv_certtype = exchange->recv_certtype;
- msg->isakmp_sa->recv_certlen = exchange->recv_certlen;
+ msg->isakmp_sa->sent_certtype = exchange->sent_certtype;
+ msg->isakmp_sa->recv_keytype = exchange->recv_keytype;
+ msg->isakmp_sa->sent_keytype = exchange->sent_keytype;
msg->isakmp_sa->recv_key = exchange->recv_key;
+ msg->isakmp_sa->sent_key = exchange->sent_key;
+ msg->isakmp_sa->keynote_key = exchange->keynote_key;
exchange->recv_key = NULL; /* Reset */
+ exchange->sent_key = NULL; /* Reset */
+ exchange->keynote_key = NULL; /* Reset */
msg->isakmp_sa->policy_id = exchange->policy_id;
exchange->policy_id = -1; /* Reset */
msg->isakmp_sa->id_i_len = exchange->id_i_len;
msg->isakmp_sa->id_r_len = exchange->id_r_len;
msg->isakmp_sa->initiator = exchange->initiator;
- switch (exchange->recv_certtype)
- {
- case ISAKMP_CERTENC_NONE:
- case ISAKMP_CERTENC_KEYNOTE: /* No need for special handling */
- msg->isakmp_sa->recv_cert = malloc (exchange->recv_certlen);
- if (!msg->isakmp_sa->recv_cert)
- {
- log_error ("exchange_finalize: malloc (%d) failed",
- exchange->recv_certlen);
- /* XXX How to cleanup? */
- return;
- }
- memcpy (msg->isakmp_sa->recv_cert, exchange->recv_cert,
- msg->isakmp_sa->recv_certlen);
- break;
-
- case ISAKMP_CERTENC_X509_SIG:
-#ifdef USE_X509
- msg->isakmp_sa->recv_cert = LC (X509_dup,
- ((X509 *) exchange->recv_cert));
- if (!msg->isakmp_sa->recv_cert)
- {
- log_print ("exchange_finalize: "
- "failed copying X509 certificate to isakmp_sa");
- /* XXX How to cleanup? */
- return;
- }
- break;
-#endif
+ if (exchange->recv_certtype && exchange->recv_cert)
+ {
+ handler = cert_get (exchange->recv_certtype);
+ if (handler)
+ msg->isakmp_sa->recv_cert =
+ handler->cert_dup (exchange->recv_cert);
+ }
- /* XXX Eventually handle these */
- case ISAKMP_CERTENC_PKCS:
- case ISAKMP_CERTENC_PGP:
- case ISAKMP_CERTENC_DNS:
- case ISAKMP_CERTENC_X509_KE:
- case ISAKMP_CERTENC_KERBEROS:
- case ISAKMP_CERTENC_CRL:
- case ISAKMP_CERTENC_ARL:
- case ISAKMP_CERTENC_SPKI:
- case ISAKMP_CERTENC_X509_ATTR:
+ if (exchange->sent_certtype)
+ {
+ handler = cert_get (exchange->sent_certtype);
+ if (handler)
+ msg->isakmp_sa->sent_cert =
+ handler->cert_dup (exchange->sent_cert);
}
LOG_DBG ((LOG_EXCHANGE, 10,