| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
| 1 | /* $NetBSD: key.c,v 1.211 2017/08/07 03:30:45 ozaki-r Exp $ */ | | 1 | /* $NetBSD: key.c,v 1.212 2017/08/07 07:45:45 ozaki-r Exp $ */ |
| 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ | | 2 | /* $FreeBSD: src/sys/netipsec/key.c,v 1.3.2.3 2004/02/14 22:23:23 bms Exp $ */ |
| 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ | | 3 | /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ |
| 4 | | | 4 | |
| 5 | /* | | 5 | /* |
| 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. | | 6 | * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
| 7 | * All rights reserved. | | 7 | * All rights reserved. |
| 8 | * | | 8 | * |
| 9 | * Redistribution and use in source and binary forms, with or without | | 9 | * Redistribution and use in source and binary forms, with or without |
| 10 | * modification, are permitted provided that the following conditions | | 10 | * modification, are permitted provided that the following conditions |
| 11 | * are met: | | 11 | * are met: |
| 12 | * 1. Redistributions of source code must retain the above copyright | | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * 2. Redistributions in binary form must reproduce the above copyright | | 14 | * 2. Redistributions in binary form must reproduce the above copyright |
| @@ -22,27 +22,27 @@ | | | @@ -22,27 +22,27 @@ |
| 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | | 22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | | 23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE | | 24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
| 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | | 25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | | 26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | | 27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | | 28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | | 29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | | 30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| 31 | * SUCH DAMAGE. | | 31 | * SUCH DAMAGE. |
| 32 | */ | | 32 | */ |
| 33 | | | 33 | |
| 34 | #include <sys/cdefs.h> | | 34 | #include <sys/cdefs.h> |
| 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.211 2017/08/07 03:30:45 ozaki-r Exp $"); | | 35 | __KERNEL_RCSID(0, "$NetBSD: key.c,v 1.212 2017/08/07 07:45:45 ozaki-r Exp $"); |
| 36 | | | 36 | |
| 37 | /* | | 37 | /* |
| 38 | * This code is referd to RFC 2367 | | 38 | * This code is referd to RFC 2367 |
| 39 | */ | | 39 | */ |
| 40 | | | 40 | |
| 41 | #if defined(_KERNEL_OPT) | | 41 | #if defined(_KERNEL_OPT) |
| 42 | #include "opt_inet.h" | | 42 | #include "opt_inet.h" |
| 43 | #include "opt_ipsec.h" | | 43 | #include "opt_ipsec.h" |
| 44 | #include "opt_gateway.h" | | 44 | #include "opt_gateway.h" |
| 45 | #include "opt_net_mpsafe.h" | | 45 | #include "opt_net_mpsafe.h" |
| 46 | #endif | | 46 | #endif |
| 47 | | | 47 | |
| 48 | #include <sys/types.h> | | 48 | #include <sys/types.h> |
| @@ -5443,27 +5443,29 @@ key_api_update(struct socket *so, struct | | | @@ -5443,27 +5443,29 @@ key_api_update(struct socket *so, struct |
| 5443 | goto error; | | 5443 | goto error; |
| 5444 | } | | 5444 | } |
| 5445 | | | 5445 | |
| 5446 | error = key_init_xform(newsav); | | 5446 | error = key_init_xform(newsav); |
| 5447 | if (error != 0) { | | 5447 | if (error != 0) { |
| 5448 | key_delsav(newsav); | | 5448 | key_delsav(newsav); |
| 5449 | goto error; | | 5449 | goto error; |
| 5450 | } | | 5450 | } |
| 5451 | | | 5451 | |
| 5452 | /* add to satree */ | | 5452 | /* add to satree */ |
| 5453 | newsav->refcnt = 1; | | 5453 | newsav->refcnt = 1; |
| 5454 | newsav->state = SADB_SASTATE_MATURE; | | 5454 | newsav->state = SADB_SASTATE_MATURE; |
| 5455 | SAVLIST_ENTRY_INIT(newsav); | | 5455 | SAVLIST_ENTRY_INIT(newsav); |
| | | 5456 | mutex_enter(&key_sad.lock); |
| 5456 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); | | 5457 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); |
| | | 5458 | mutex_exit(&key_sad.lock); |
| 5457 | key_validate_savlist(sah, SADB_SASTATE_MATURE); | | 5459 | key_validate_savlist(sah, SADB_SASTATE_MATURE); |
| 5458 | | | 5460 | |
| 5459 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); | | 5461 | key_sa_chgstate(sav, SADB_SASTATE_DEAD); |
| 5460 | KEY_FREESAV(&sav); | | 5462 | KEY_FREESAV(&sav); |
| 5461 | KEY_FREESAV(&sav); | | 5463 | KEY_FREESAV(&sav); |
| 5462 | | | 5464 | |
| 5463 | { | | 5465 | { |
| 5464 | struct mbuf *n; | | 5466 | struct mbuf *n; |
| 5465 | | | 5467 | |
| 5466 | /* set msg buf from mhp */ | | 5468 | /* set msg buf from mhp */ |
| 5467 | n = key_getmsgbuf_x1(m, mhp); | | 5469 | n = key_getmsgbuf_x1(m, mhp); |
| 5468 | if (n == NULL) { | | 5470 | if (n == NULL) { |
| 5469 | IPSECLOG(LOG_DEBUG, "No more memory.\n"); | | 5471 | IPSECLOG(LOG_DEBUG, "No more memory.\n"); |
| @@ -5634,27 +5636,29 @@ key_api_add(struct socket *so, struct mb | | | @@ -5634,27 +5636,29 @@ key_api_add(struct socket *so, struct mb |
| 5634 | return key_senderror(so, m, EINVAL); | | 5636 | return key_senderror(so, m, EINVAL); |
| 5635 | } | | 5637 | } |
| 5636 | | | 5638 | |
| 5637 | error = key_init_xform(newsav); | | 5639 | error = key_init_xform(newsav); |
| 5638 | if (error != 0) { | | 5640 | if (error != 0) { |
| 5639 | key_delsav(newsav); | | 5641 | key_delsav(newsav); |
| 5640 | return key_senderror(so, m, error); | | 5642 | return key_senderror(so, m, error); |
| 5641 | } | | 5643 | } |
| 5642 | | | 5644 | |
| 5643 | /* add to satree */ | | 5645 | /* add to satree */ |
| 5644 | newsav->refcnt = 1; | | 5646 | newsav->refcnt = 1; |
| 5645 | newsav->state = SADB_SASTATE_MATURE; | | 5647 | newsav->state = SADB_SASTATE_MATURE; |
| 5646 | SAVLIST_ENTRY_INIT(newsav); | | 5648 | SAVLIST_ENTRY_INIT(newsav); |
| | | 5649 | mutex_enter(&key_sad.lock); |
| 5647 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); | | 5650 | SAVLIST_WRITER_INSERT_TAIL(sah, SADB_SASTATE_MATURE, newsav); |
| | | 5651 | mutex_exit(&key_sad.lock); |
| 5648 | key_validate_savlist(sah, SADB_SASTATE_MATURE); | | 5652 | key_validate_savlist(sah, SADB_SASTATE_MATURE); |
| 5649 | | | 5653 | |
| 5650 | /* | | 5654 | /* |
| 5651 | * don't call key_freesav() here, as we would like to keep the SA | | 5655 | * don't call key_freesav() here, as we would like to keep the SA |
| 5652 | * in the database on success. | | 5656 | * in the database on success. |
| 5653 | */ | | 5657 | */ |
| 5654 | | | 5658 | |
| 5655 | { | | 5659 | { |
| 5656 | struct mbuf *n; | | 5660 | struct mbuf *n; |
| 5657 | | | 5661 | |
| 5658 | /* set msg buf from mhp */ | | 5662 | /* set msg buf from mhp */ |
| 5659 | n = key_getmsgbuf_x1(m, mhp); | | 5663 | n = key_getmsgbuf_x1(m, mhp); |
| 5660 | if (n == NULL) { | | 5664 | if (n == NULL) { |