summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/ike_auth.c
diff options
context:
space:
mode:
Diffstat (limited to 'sbin/isakmpd/ike_auth.c')
-rw-r--r--sbin/isakmpd/ike_auth.c23
1 files changed, 16 insertions, 7 deletions
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 72816f12533..ddcd8cd0b32 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.93 2004/06/22 18:22:18 hshoexer Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.94 2004/06/23 03:01:52 hshoexer Exp $ */
/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
/*
@@ -148,6 +148,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
{
char *key, *buf;
#if defined (USE_X509) || defined (USE_KEYNOTE)
+ int fd;
char *keyfile;
#if defined (USE_X509)
FILE *keyfp;
@@ -204,7 +205,7 @@ ike_auth_get_key(int type, char *id, char *local_id, size_t *keylen)
struct stat sb;
struct keynote_deckey dc;
char *privkeyfile, *buf2;
- int fd, pkflen;
+ int pkflen;
size_t size;
pkflen = strlen(keyfile) + strlen(local_id) +
@@ -284,15 +285,23 @@ ignorekeynote:
/* Otherwise, try X.509 */
keyfile = conf_get_str("X509-certificates", "Private-key");
- if (check_file_secrecy(keyfile, &fsize))
- return 0;
-
- keyfp = monitor_fopen(keyfile, "r");
- if (!keyfp) {
+ fd = monitor_open(keyfile, O_RDONLY, 0);
+ if (fd < 0) {
log_print("ike_auth_get_key: failed opening \"%s\"",
keyfile);
return 0;
}
+
+ if (check_file_secrecy_fd(fd, keyfile, &fsize) < 0) {
+ close(fd);
+ return 0;
+ }
+
+ if ((keyfp = fdopen(fd, "r")) == NULL) {
+ log_print("ike_auth_get_key: fdopen failed");
+ close(fd);
+ return 0;
+ }
#if SSLEAY_VERSION_NUMBER >= 0x00904100L
rsakey = PEM_read_RSAPrivateKey(keyfp, NULL, NULL, NULL);
#else