[src/netbsd-3]: src/crypto/dist/ipsec-tools/src/racoon Pull up revision 1.4 (...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/netbsd-3]: src/crypto/dist/ipsec-tools/src/racoon Pull up revision 1.4 (...
From: tron <tron%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 16:36:08 +0000

details:   https://anonhg.NetBSD.org/src/rev/87af5264ddc7
branches:  netbsd-3
changeset: 575795:87af5264ddc7
user:      tron <tron%NetBSD.org@localhost>
date:      Wed May 11 17:34:02 2005 +0000

description:
Pull up revision 1.4 (requested by manu in ticket #284):
proposal_check fixes:
- fix claim behavior in phase 1
- also check lifebyte

diffstat:

 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c |  54 +++++++++++++++++--------
 1 files changed, 37 insertions(+), 17 deletions(-)

diffs (87 lines):

diff -r 1b617253acef -r 87af5264ddc7 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
--- a/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c    Wed May 11 17:33:49 2005 +0000
+++ b/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c    Wed May 11 17:34:02 2005 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ipsec_doi.c,v 1.1.1.2.2.2 2005/05/01 11:01:04 tron Exp $       */
+/*     $NetBSD: ipsec_doi.c,v 1.1.1.2.2.3 2005/05/11 17:34:02 tron Exp $       */
 
 /* Id: ipsec_doi.c,v 1.26.2.1 2005/02/17 13:19:18 vanhu Exp */
 
@@ -221,13 +221,14 @@
                if (pair[i] == NULL)
                        continue;
                for (s = pair[i]; s; s = s->next) {
-                       prophlen = sizeof(struct isakmp_pl_p)
-                                       + s->prop->spi_size;
+                       prophlen = 
+                           sizeof(struct isakmp_pl_p) + s->prop->spi_size;
+
                        /* compare proposal and select one */
                        for (p = s; p; p = p->tnext) {
-                               sa = get_ph1approvalx(p, iph1->rmconf->proposal,
-                                                     &tsa, iph1->rmconf->pcheck_level);
-                               if (sa != NULL)
+                               if ((sa = get_ph1approvalx(p, 
+                                   iph1->rmconf->proposal, &tsa, 
+                                   iph1->rmconf->pcheck_level)) != NULL)
                                        goto found;
                        }
                }
@@ -388,27 +389,46 @@
                    tsap->authmethod == authmethod &&
                    tsap->hashtype == s->hashtype &&
                    tsap->dh_group == s->dh_group &&
-                   tsap->encklen == s->encklen)
-                       switch(check_level){
+                   tsap->encklen == s->encklen) {
+                       switch(check_level) {
                        case PROP_CHECK_OBEY:
-                               if (s->rmconf && s->rmconf->remote->sa_family != AF_UNSPEC)
-                                       s->lifetime=tsap->lifetime;
+                               s->lifetime = tsap->lifetime;
+                               s->lifebyte = tsap->lifebyte;
+                               goto found;
+                               break;
+
+                       case PROP_CHECK_STRICT:
+                               if ((tsap->lifetime > s->lifetime) ||
+                                   (tsap->lifebyte > s->lifebyte))
+                                       continue;
+
+                               s->lifetime = tsap->lifetime;
+                               s->lifebyte = tsap->lifebyte;
                                goto found;
                                break;
-                       case PROP_CHECK_STRICT:
+
                        case PROP_CHECK_CLAIM:
-                               if (tsap->lifetime > s->lifetime) 
-                                       continue ;
-                               if (s->rmconf && s->rmconf->remote->sa_family != AF_UNSPEC)
-                                       s->lifetime=tsap->lifetime;
+                               if (tsap->lifetime < s->lifetime)
+                                       s->lifetime = tsap->lifetime;
+                               if (tsap->lifebyte < s->lifebyte)
+                                       s->lifebyte = tsap->lifebyte;
                                goto found;
                                break;
+
                        case PROP_CHECK_EXACT:
-                               if (tsap->lifetime != s->lifetime) 
-                                       continue ;
+                               if ((tsap->lifetime != s->lifetime) ||
+                                   (tsap->lifebyte != s->lifebyte))
+                                       continue;
                                goto found;
                                break;
+
+                       default:
+                               plog(LLV_ERROR, LOCATION, NULL, 
+                                   "Unexpected proposal_check value\n");
+                               continue;
+                               break;
                        }
+               }
        }
 
 found:

Prev by Date: [src/netbsd-3]: src/usr.sbin/ypserv/ypserv Pull up revision 1.19 (requested b...
Next by Date: [src/netbsd-3]: src/crypto/dist/ipsec-tools/src/racoon Pull up revision 1.15 ...
Previous by Thread: [src/netbsd-3]: src/usr.sbin/ypserv/ypserv Pull up revision 1.19 (requested b...
Next by Thread: [src/netbsd-3]: src/crypto/dist/ipsec-tools/src/racoon Pull up revision 1.15 ...
Indexes:

Home | Main Index | Thread Index | Old Index