summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--usr.sbin/bgpd/bgpd.h3
-rw-r--r--usr.sbin/bgpd/parse.y4
-rw-r--r--usr.sbin/bgpd/pfkey.c16
3 files changed, 14 insertions, 9 deletions
diff --git a/usr.sbin/bgpd/bgpd.h b/usr.sbin/bgpd/bgpd.h
index 752d52bb461..30573720de7 100644
--- a/usr.sbin/bgpd/bgpd.h
+++ b/usr.sbin/bgpd/bgpd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bgpd.h,v 1.120 2004/05/06 11:57:55 henning Exp $ */
+/* $OpenBSD: bgpd.h,v 1.121 2004/05/06 14:41:47 henning Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -158,6 +158,7 @@ enum auth_method {
struct peer_auth {
enum auth_method method;
char md5key[TCP_MD5_KEY_LEN];
+ u_int8_t md5key_len;
u_int32_t spi_in;
u_int32_t spi_out;
u_int8_t auth_alg_in;
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index c5a0e5ac1c7..7d09e5005c6 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.100 2004/05/04 11:34:01 claudio Exp $ */
+/* $OpenBSD: parse.y,v 1.101 2004/05/06 14:41:47 henning Exp $ */
/*
* Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -520,6 +520,7 @@ peeropts : REMOTEAS asnumber {
YYERROR;
}
curpeer->conf.auth.method = AUTH_MD5SIG;
+ curpeer->conf.auth.md5key_len = strlen($4);
free($4);
}
| TCP MD5SIG KEY string {
@@ -556,6 +557,7 @@ peeropts : REMOTEAS asnumber {
strtoul(s, NULL, 16);
}
curpeer->conf.auth.method = AUTH_MD5SIG;
+ curpeer->conf.auth.md5key_len = strlen($4) / 2;
free($4);
}
| IPSEC ESP IKE {
diff --git a/usr.sbin/bgpd/pfkey.c b/usr.sbin/bgpd/pfkey.c
index 091e5bff0b1..0c78c50103c 100644
--- a/usr.sbin/bgpd/pfkey.c
+++ b/usr.sbin/bgpd/pfkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pfkey.c,v 1.27 2004/04/28 04:59:32 markus Exp $ */
+/* $OpenBSD: pfkey.c,v 1.28 2004/05/06 14:41:47 henning Exp $ */
/*
* Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -44,7 +44,7 @@ int pfkey_send(int, uint8_t, uint8_t, uint8_t,
struct bgpd_addr *, struct bgpd_addr *,
u_int32_t, uint8_t, int, char *, uint8_t, int, char *,
uint16_t, uint16_t);
-int pfkey_sa_add(struct bgpd_addr *, struct bgpd_addr *, char *,
+int pfkey_sa_add(struct bgpd_addr *, struct bgpd_addr *, u_int8_t, char *,
u_int32_t *);
int pfkey_sa_remove(struct bgpd_addr *, struct bgpd_addr *, u_int32_t *);
int pfkey_md5sig_establish(struct peer *);
@@ -469,8 +469,8 @@ pfkey_reply(int sd, u_int32_t *spip)
}
int
-pfkey_sa_add(struct bgpd_addr *src, struct bgpd_addr *dst, char *key,
- u_int32_t *spi)
+pfkey_sa_add(struct bgpd_addr *src, struct bgpd_addr *dst, u_int8_t keylen,
+ char *key, u_int32_t *spi)
{
if (pfkey_send(fd, SADB_X_SATYPE_TCPSIGNATURE, SADB_GETSPI, 0,
src, dst, 0, 0, 0, NULL, 0, 0, NULL, 0, 0) < 0)
@@ -478,7 +478,7 @@ pfkey_sa_add(struct bgpd_addr *src, struct bgpd_addr *dst, char *key,
if (pfkey_reply(fd, spi) < 0)
return (-1);
if (pfkey_send(fd, SADB_X_SATYPE_TCPSIGNATURE, SADB_UPDATE, 0,
- src, dst, *spi, 0, strlen(key), key, 0, 0, NULL, 0, 0) < 0)
+ src, dst, *spi, 0, keylen, key, 0, 0, NULL, 0, 0) < 0)
return (-1);
if (pfkey_reply(fd, NULL) < 0)
return (-1);
@@ -502,11 +502,13 @@ pfkey_md5sig_establish(struct peer *p)
{
if (!p->conf.auth.spi_out)
if (pfkey_sa_add(&p->conf.local_addr, &p->conf.remote_addr,
- p->conf.auth.md5key, &p->conf.auth.spi_out) == -1)
+ p->conf.auth.md5key_len, p->conf.auth.md5key,
+ &p->conf.auth.spi_out) == -1)
return (-1);
if (!p->conf.auth.spi_in)
if (pfkey_sa_add(&p->conf.remote_addr, &p->conf.local_addr,
- p->conf.auth.md5key, &p->conf.auth.spi_in) == -1)
+ p->conf.auth.md5key_len, p->conf.auth.md5key,
+ &p->conf.auth.spi_in) == -1)
return (-1);
p->auth_established = 1;