summaryrefslogtreecommitdiff
path: root/sbin
diff options
context:
space:
mode:
Diffstat (limited to 'sbin')
-rw-r--r--sbin/isakmpd/exchange.c8
-rw-r--r--sbin/isakmpd/ike_auth.c29
-rw-r--r--sbin/isakmpd/sa.c4
-rw-r--r--sbin/isakmpd/sa.h6
4 files changed, 19 insertions, 28 deletions
diff --git a/sbin/isakmpd/exchange.c b/sbin/isakmpd/exchange.c
index cdbccc597c6..d48501b94e5 100644
--- a/sbin/isakmpd/exchange.c
+++ b/sbin/isakmpd/exchange.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: exchange.c,v 1.78 2003/03/06 13:32:42 ho Exp $ */
+/* $OpenBSD: exchange.c,v 1.79 2003/05/15 02:28:55 ho Exp $ */
/* $EOM: exchange.c,v 1.143 2000/12/04 00:02:25 angelos Exp $ */
/*
@@ -1299,9 +1299,6 @@ exchange_free_aux (void *v_exch)
if (exchange->recv_key)
key_free (exchange->recv_keytype, ISAKMP_KEYTYPE_PUBLIC,
exchange->recv_key);
- if (exchange->sent_key)
- key_free (exchange->sent_keytype, ISAKMP_KEYTYPE_PRIVATE,
- exchange->sent_key);
if (exchange->keynote_key)
free (exchange->keynote_key); /* This is just a string */
@@ -1471,13 +1468,10 @@ exchange_finalize (struct message *msg)
msg->isakmp_sa->recv_certtype = exchange->recv_certtype;
msg->isakmp_sa->sent_certtype = exchange->sent_certtype;
msg->isakmp_sa->recv_keytype = exchange->recv_keytype;
- msg->isakmp_sa->sent_keytype = exchange->sent_keytype;
msg->isakmp_sa->recv_key = exchange->recv_key;
- msg->isakmp_sa->sent_key = exchange->sent_key;
msg->isakmp_sa->keynote_key = exchange->keynote_key;
/* Reset. */
exchange->recv_key = 0;
- exchange->sent_key = 0;
exchange->keynote_key = 0;
msg->isakmp_sa->policy_id = exchange->policy_id;
exchange->policy_id = -1;
diff --git a/sbin/isakmpd/ike_auth.c b/sbin/isakmpd/ike_auth.c
index 5ced46a612e..d0e182c3f2a 100644
--- a/sbin/isakmpd/ike_auth.c
+++ b/sbin/isakmpd/ike_auth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ike_auth.c,v 1.71 2003/05/15 02:08:54 ho Exp $ */
+/* $OpenBSD: ike_auth.c,v 1.72 2003/05/15 02:28:56 ho Exp $ */
/* $EOM: ike_auth.c,v 1.59 2000/11/21 00:21:31 angelos Exp $ */
/*
@@ -964,6 +964,8 @@ rsa_sig_encode_hash (struct message *msg)
u_int8_t *id;
size_t id_len;
int idtype;
+ int sent_keytype;
+ void *sent_key;
id = initiator ? exchange->id_i : exchange->id_r;
id_len = initiator ? exchange->id_i_len : exchange->id_r_len;
@@ -1117,11 +1119,10 @@ rsa_sig_encode_hash (struct message *msg)
return 0;
}
- exchange->sent_keytype = ISAKMP_KEY_RSA;
- exchange->sent_key = key_internalize (ISAKMP_KEY_RSA,
- ISAKMP_KEYTYPE_PRIVATE, data,
- datalen);
- if (!exchange->sent_key)
+ sent_keytype = ISAKMP_KEY_RSA;
+ sent_key = key_internalize (ISAKMP_KEY_RSA, ISAKMP_KEYTYPE_PRIVATE, data,
+ datalen);
+ if (!sent_key)
{
log_print ("rsa_sig_encode_hash: bad RSA private key from dynamic "
"SA acquisition subsystem");
@@ -1130,22 +1131,22 @@ rsa_sig_encode_hash (struct message *msg)
}
else /* Try through the regular means. */
{
- exchange->sent_key = ike_auth_get_key (IKE_AUTH_RSA_SIG, exchange->name,
- (char *)buf2, 0);
+ sent_key = ike_auth_get_key (IKE_AUTH_RSA_SIG, exchange->name,
+ (char *)buf2, 0);
free (buf2);
/* Did we find a key? */
- if (!exchange->sent_key)
+ if (!sent_key)
{
log_print ("rsa_sig_encode_hash: could not get private key");
return -1;
}
- exchange->sent_keytype = ISAKMP_KEY_RSA;
+ sent_keytype = ISAKMP_KEY_RSA;
}
/* Enable RSA blinding. */
- if (RSA_blinding_on (exchange->sent_key, NULL) != 1)
+ if (RSA_blinding_on (sent_key, NULL) != 1)
{
log_error ("rsa_sig_encode_hash: RSA_blinding_on () failed.");
return -1;
@@ -1169,15 +1170,15 @@ rsa_sig_encode_hash (struct message *msg)
snprintf (header, 80, "rsa_sig_encode_hash: HASH_%c", initiator ? 'I' : 'R');
LOG_DBG_BUF ((LOG_MISC, 80, header, buf, hashsize));
- data = malloc (RSA_size (exchange->sent_key));
+ data = malloc (RSA_size (sent_key));
if (!data)
{
log_error ("rsa_sig_encode_hash: malloc (%d) failed",
- RSA_size (exchange->sent_key));
+ RSA_size (sent_key));
return -1;
}
- datalen = RSA_private_encrypt (hashsize, buf, data, exchange->sent_key,
+ datalen = RSA_private_encrypt (hashsize, buf, data, sent_key,
RSA_PKCS1_PADDING);
if (datalen == -1)
{
diff --git a/sbin/isakmpd/sa.c b/sbin/isakmpd/sa.c
index 76c9cb30ce0..330803d0bb2 100644
--- a/sbin/isakmpd/sa.c
+++ b/sbin/isakmpd/sa.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.c,v 1.67 2003/05/14 17:37:22 ho Exp $ */
+/* $OpenBSD: sa.c,v 1.68 2003/05/15 02:28:56 ho Exp $ */
/* $EOM: sa.c,v 1.112 2000/12/12 00:22:52 niklas Exp $ */
/*
@@ -791,8 +791,6 @@ sa_release (struct sa *sa)
}
if (sa->recv_key)
key_free (sa->recv_keytype, ISAKMP_KEYTYPE_PUBLIC, sa->recv_key);
- if (sa->sent_key)
- key_free (sa->sent_keytype, ISAKMP_KEYTYPE_PRIVATE, sa->sent_key);
if (sa->keynote_key)
free (sa->keynote_key); /* This is just a string */
#if defined (USE_POLICY) || defined (USE_KEYNOTE)
diff --git a/sbin/isakmpd/sa.h b/sbin/isakmpd/sa.h
index 4b7fbb0b07c..683d5f47a64 100644
--- a/sbin/isakmpd/sa.h
+++ b/sbin/isakmpd/sa.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sa.h,v 1.29 2002/06/09 08:13:07 todd Exp $ */
+/* $OpenBSD: sa.h,v 1.30 2003/05/15 02:28:56 ho Exp $ */
/* $EOM: sa.h,v 1.58 2000/10/10 12:39:01 provos Exp $ */
/*
@@ -166,11 +166,9 @@ struct sa {
* Certificates or other information we used to authenticate to the peer,
* Phase 1.
*/
- int sent_certtype, sent_keytype;
+ int sent_certtype;
/* Certificate (to be) sent to peer, native format. */
void *sent_cert;
- /* Key we'll use to authenticate to peer, native format. */
- void *sent_key;
/* DOI-specific opaque data. */
void *data;