17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5004388ebScasper * Common Development and Distribution License (the "License"). 6004388ebScasper * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 2161961e0fSrobinson 227c478bd9Sstevel@tonic-gate /* 23*628b0c67SMark Fenwick * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 247c478bd9Sstevel@tonic-gate * Use is subject to license terms. 257c478bd9Sstevel@tonic-gate */ 267c478bd9Sstevel@tonic-gate 27e8031f0aSraf #include "mt.h" 287c478bd9Sstevel@tonic-gate #include <sys/types.h> 297c478bd9Sstevel@tonic-gate #include <sys/errno.h> 307c478bd9Sstevel@tonic-gate #include <sys/stat.h> 317c478bd9Sstevel@tonic-gate #include <ipsec_util.h> 327c478bd9Sstevel@tonic-gate #include <netdb.h> 337c478bd9Sstevel@tonic-gate #include <fcntl.h> 347c478bd9Sstevel@tonic-gate #include <unistd.h> 357c478bd9Sstevel@tonic-gate #include <synch.h> 367c478bd9Sstevel@tonic-gate #include <string.h> 377c478bd9Sstevel@tonic-gate #include <strings.h> 387c478bd9Sstevel@tonic-gate #include <stdlib.h> 397c478bd9Sstevel@tonic-gate #include <unistd.h> 407c478bd9Sstevel@tonic-gate #include <syslog.h> 417c478bd9Sstevel@tonic-gate 427c478bd9Sstevel@tonic-gate /* Globals... */ 437c478bd9Sstevel@tonic-gate static rwlock_t proto_rw = DEFAULTRWLOCK; /* Protects cached algorithm list. */ 447c478bd9Sstevel@tonic-gate static time_t proto_last_update; 457c478bd9Sstevel@tonic-gate static ipsec_proto_t *protos; 467c478bd9Sstevel@tonic-gate static int num_protos; 477c478bd9Sstevel@tonic-gate 487c478bd9Sstevel@tonic-gate void 497c478bd9Sstevel@tonic-gate _clean_trash(ipsec_proto_t *proto, int num) 507c478bd9Sstevel@tonic-gate { 517c478bd9Sstevel@tonic-gate int alg_offset; 527c478bd9Sstevel@tonic-gate 537c478bd9Sstevel@tonic-gate if (proto == NULL) 547c478bd9Sstevel@tonic-gate return; 557c478bd9Sstevel@tonic-gate 567c478bd9Sstevel@tonic-gate while (num-- != 0) { 577c478bd9Sstevel@tonic-gate free(proto[num].proto_name); 587c478bd9Sstevel@tonic-gate free(proto[num].proto_pkg); 597c478bd9Sstevel@tonic-gate for (alg_offset = 0; alg_offset < proto[num].proto_numalgs; 607c478bd9Sstevel@tonic-gate alg_offset++) 617c478bd9Sstevel@tonic-gate freeipsecalgent(proto[num].proto_algs[alg_offset]); 627c478bd9Sstevel@tonic-gate free(proto[num].proto_algs); 637c478bd9Sstevel@tonic-gate for (alg_offset = 0; alg_offset < proto[num].proto_algs_npkgs; 647c478bd9Sstevel@tonic-gate alg_offset++) 657c478bd9Sstevel@tonic-gate free(proto[num].proto_algs_pkgs[alg_offset].pkg_name); 667c478bd9Sstevel@tonic-gate free(proto[num].proto_algs_pkgs); 677c478bd9Sstevel@tonic-gate } 687c478bd9Sstevel@tonic-gate 697c478bd9Sstevel@tonic-gate free(proto); 707c478bd9Sstevel@tonic-gate } 717c478bd9Sstevel@tonic-gate 727c478bd9Sstevel@tonic-gate static const char *pipechar = "|"; 737c478bd9Sstevel@tonic-gate static const char *comma = ","; 747c478bd9Sstevel@tonic-gate static const char *dash = "-"; 757c478bd9Sstevel@tonic-gate static const char *slash = "/"; 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate /* 787c478bd9Sstevel@tonic-gate * Returns >= 0 if success (and > 0 means "increment"). 797c478bd9Sstevel@tonic-gate * Returns -1 if failure. 807c478bd9Sstevel@tonic-gate */ 817c478bd9Sstevel@tonic-gate static int 827c478bd9Sstevel@tonic-gate build_keysizes(int **sizep, char *input_string) 837c478bd9Sstevel@tonic-gate { 847c478bd9Sstevel@tonic-gate char *lasts, *token; 857c478bd9Sstevel@tonic-gate int *key_sizes = NULL, num_sizes, key_low, key_high, key_default; 867c478bd9Sstevel@tonic-gate int key_increment = 0; 877c478bd9Sstevel@tonic-gate 887c478bd9Sstevel@tonic-gate /* 897c478bd9Sstevel@tonic-gate * Okay, let's check the format of the key string. It'll be either: 907c478bd9Sstevel@tonic-gate * 917c478bd9Sstevel@tonic-gate * enumeration: size1,size2...,sizeN 927c478bd9Sstevel@tonic-gate * range: defaultSize/sizeLow-sizeHi,increment 937c478bd9Sstevel@tonic-gate * 947c478bd9Sstevel@tonic-gate * In the case of an enumeration, the default key size is the 957c478bd9Sstevel@tonic-gate * first one in the list. 967c478bd9Sstevel@tonic-gate */ 977c478bd9Sstevel@tonic-gate 987c478bd9Sstevel@tonic-gate if (strchr(input_string, '/') != NULL) { 997c478bd9Sstevel@tonic-gate /* key sizes specified by range */ 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate /* default */ 1027c478bd9Sstevel@tonic-gate token = strtok_r(input_string, slash, &lasts); 1037c478bd9Sstevel@tonic-gate if (token == NULL || (key_default = atoi(token)) == 0) 1047c478bd9Sstevel@tonic-gate return (-1); 1057c478bd9Sstevel@tonic-gate 1067c478bd9Sstevel@tonic-gate /* low */ 1077c478bd9Sstevel@tonic-gate token = strtok_r(NULL, dash, &lasts); 1087c478bd9Sstevel@tonic-gate if (token == NULL || (key_low = atoi(token)) == 0) 1097c478bd9Sstevel@tonic-gate return (-1); 1107c478bd9Sstevel@tonic-gate 1117c478bd9Sstevel@tonic-gate /* high */ 1127c478bd9Sstevel@tonic-gate token = strtok_r(NULL, comma, &lasts); 1137c478bd9Sstevel@tonic-gate if (token == NULL || (key_high = atoi(token)) == 0 || 1147c478bd9Sstevel@tonic-gate key_high <= key_low) 1157c478bd9Sstevel@tonic-gate return (-1); 1167c478bd9Sstevel@tonic-gate 1177c478bd9Sstevel@tonic-gate /* increment */ 1187c478bd9Sstevel@tonic-gate token = strtok_r(NULL, "", &lasts); 1197c478bd9Sstevel@tonic-gate if (token == NULL || (key_increment = atoi(token)) == 0) 1207c478bd9Sstevel@tonic-gate return (-1); 1217c478bd9Sstevel@tonic-gate 1227c478bd9Sstevel@tonic-gate key_sizes = (int *)malloc(LIBIPSEC_ALGS_KEY_NUM_VAL * 1237c478bd9Sstevel@tonic-gate sizeof (int)); 1247c478bd9Sstevel@tonic-gate if (key_sizes == NULL) 1257c478bd9Sstevel@tonic-gate return (-1); 1267c478bd9Sstevel@tonic-gate 1277c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_DEF_IDX] = key_default; 1287c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_MIN_IDX] = key_low; 1297c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_MAX_IDX] = key_high; 1307c478bd9Sstevel@tonic-gate key_sizes[LIBIPSEC_ALGS_KEY_MAX_IDX + 1] = 0; 1317c478bd9Sstevel@tonic-gate } else { 1327c478bd9Sstevel@tonic-gate /* key sizes specified by enumeration */ 1337c478bd9Sstevel@tonic-gate 1347c478bd9Sstevel@tonic-gate key_sizes = (int *)malloc(sizeof (int)); 1357c478bd9Sstevel@tonic-gate if (key_sizes == NULL) 1367c478bd9Sstevel@tonic-gate return (-1); 1377c478bd9Sstevel@tonic-gate num_sizes = 0; 1387c478bd9Sstevel@tonic-gate 1397c478bd9Sstevel@tonic-gate token = strtok_r(input_string, comma, &lasts); 140b9b5bfe9Sdm199272 if (token == NULL) { 141b9b5bfe9Sdm199272 free(key_sizes); 1427c478bd9Sstevel@tonic-gate return (-1); 143b9b5bfe9Sdm199272 } 1447c478bd9Sstevel@tonic-gate *key_sizes = 0; 1457c478bd9Sstevel@tonic-gate do { 1467c478bd9Sstevel@tonic-gate int *nks; 1477c478bd9Sstevel@tonic-gate 1487c478bd9Sstevel@tonic-gate nks = (int *)realloc(key_sizes, 1497c478bd9Sstevel@tonic-gate sizeof (int) * ((++num_sizes) + 1)); 1507c478bd9Sstevel@tonic-gate if (nks == NULL) { 1517c478bd9Sstevel@tonic-gate free(key_sizes); 1527c478bd9Sstevel@tonic-gate return (-1); 1537c478bd9Sstevel@tonic-gate } 1547c478bd9Sstevel@tonic-gate key_sizes = nks; 1557c478bd9Sstevel@tonic-gate /* Can't check for atoi() == 0 here... */ 1567c478bd9Sstevel@tonic-gate key_sizes[num_sizes - 1] = atoi(token); 1577c478bd9Sstevel@tonic-gate key_sizes[num_sizes] = 0; 1587c478bd9Sstevel@tonic-gate } while ((token = strtok_r(NULL, comma, &lasts)) != NULL); 1597c478bd9Sstevel@tonic-gate } 1607c478bd9Sstevel@tonic-gate *sizep = key_sizes; 1617c478bd9Sstevel@tonic-gate 1627c478bd9Sstevel@tonic-gate return (key_increment); 1637c478bd9Sstevel@tonic-gate } 1647c478bd9Sstevel@tonic-gate 1657c478bd9Sstevel@tonic-gate /* 1667c478bd9Sstevel@tonic-gate * Find the execution mode corresponding to the given string. 1677c478bd9Sstevel@tonic-gate * Returns 0 on success, -1 on failure. 1687c478bd9Sstevel@tonic-gate */ 1697c478bd9Sstevel@tonic-gate int 1707c478bd9Sstevel@tonic-gate _str_to_ipsec_exec_mode(char *str, ipsecalgs_exec_mode_t *exec_mode) 1717c478bd9Sstevel@tonic-gate { 1727c478bd9Sstevel@tonic-gate if (strcmp(str, "sync") == 0) { 1737c478bd9Sstevel@tonic-gate *exec_mode = LIBIPSEC_ALGS_EXEC_SYNC; 1747c478bd9Sstevel@tonic-gate return (0); 1757c478bd9Sstevel@tonic-gate } else if (strcmp(str, "async") == 0) { 1767c478bd9Sstevel@tonic-gate *exec_mode = LIBIPSEC_ALGS_EXEC_ASYNC; 1777c478bd9Sstevel@tonic-gate return (0); 1787c478bd9Sstevel@tonic-gate } 1797c478bd9Sstevel@tonic-gate 1807c478bd9Sstevel@tonic-gate return (-1); 1817c478bd9Sstevel@tonic-gate } 1827c478bd9Sstevel@tonic-gate 1837c478bd9Sstevel@tonic-gate /* 1847c478bd9Sstevel@tonic-gate * Given a file pointer, read all the text from the file and convert it into 1857c478bd9Sstevel@tonic-gate * a bunch of ipsec_proto_t's, each with an array of struct ipsecalgent 1867c478bd9Sstevel@tonic-gate * pointers - one for each algorithm. 1877c478bd9Sstevel@tonic-gate */ 1887c478bd9Sstevel@tonic-gate static ipsec_proto_t * 1897c478bd9Sstevel@tonic-gate build_list(FILE *f, int *num) 1907c478bd9Sstevel@tonic-gate { 1917c478bd9Sstevel@tonic-gate char line[1024]; 1927c478bd9Sstevel@tonic-gate char *token, *lasts, *alg_names, *ef_name, *key_string, *block_string; 193*628b0c67SMark Fenwick char *proto_name, *params_string; 1947c478bd9Sstevel@tonic-gate ipsec_proto_t *rc = NULL, *new_proto = NULL; 195*628b0c67SMark Fenwick int *block_sizes = NULL, *key_sizes = NULL, *mech_params = NULL; 1967c478bd9Sstevel@tonic-gate int rc_num = 0, key_increment; 197*628b0c67SMark Fenwick int new_num, alg_num, num_sizes, flags = 0; 1987c478bd9Sstevel@tonic-gate struct ipsecalgent *curalg, **newalglist; 1997c478bd9Sstevel@tonic-gate char cur_pkg[1024]; 2007c478bd9Sstevel@tonic-gate boolean_t doing_pkg = B_FALSE; 2017c478bd9Sstevel@tonic-gate ipsecalgs_exec_mode_t exec_mode; 2027c478bd9Sstevel@tonic-gate char diag_buf[128]; 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate diag_buf[0] = '\0'; 2057c478bd9Sstevel@tonic-gate 2067c478bd9Sstevel@tonic-gate while (fgets(line, sizeof (line), f) != NULL) { 2077c478bd9Sstevel@tonic-gate if (strncasecmp(line, LIBIPSEC_ALGS_LINE_PROTO, 2087c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PROTO) - 1) != 0 && 2097c478bd9Sstevel@tonic-gate strncasecmp(line, LIBIPSEC_ALGS_LINE_ALG, 2107c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_ALG) - 1) != 0 && 2117c478bd9Sstevel@tonic-gate strncasecmp(line, LIBIPSEC_ALGS_LINE_PKGSTART, 2127c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PKGSTART) - 1) != 0 && 2137c478bd9Sstevel@tonic-gate strncasecmp(line, LIBIPSEC_ALGS_LINE_PKGEND, 2147c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PKGEND) - 1) != 0) { 2157c478bd9Sstevel@tonic-gate if ((token = strtok_r(line, " \t\n", &lasts)) == NULL || 2167c478bd9Sstevel@tonic-gate token[0] == '#') { 2177c478bd9Sstevel@tonic-gate continue; 2187c478bd9Sstevel@tonic-gate } else { 21961961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 2207c478bd9Sstevel@tonic-gate "non-recognized start of line"); 2217c478bd9Sstevel@tonic-gate goto bail; 2227c478bd9Sstevel@tonic-gate } 2237c478bd9Sstevel@tonic-gate } 2247c478bd9Sstevel@tonic-gate 2257c478bd9Sstevel@tonic-gate if (strncasecmp(line, LIBIPSEC_ALGS_LINE_PROTO, 2267c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PROTO) - 1) == 0) { 2277c478bd9Sstevel@tonic-gate /* current line defines a new protocol */ 2287c478bd9Sstevel@tonic-gate 2297c478bd9Sstevel@tonic-gate /* skip the protocol token */ 2307c478bd9Sstevel@tonic-gate token = strtok_r(line, pipechar, &lasts); 2317c478bd9Sstevel@tonic-gate 2327c478bd9Sstevel@tonic-gate /* protocol number */ 2337c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 2347c478bd9Sstevel@tonic-gate if (token == NULL || (new_num = atoi(token)) == 0) { 23561961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 2367c478bd9Sstevel@tonic-gate "invalid protocol number"); 2377c478bd9Sstevel@tonic-gate goto bail; 2387c478bd9Sstevel@tonic-gate } 2397c478bd9Sstevel@tonic-gate 2407c478bd9Sstevel@tonic-gate /* protocol name */ 2417c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 2427c478bd9Sstevel@tonic-gate if (token == NULL) { 24361961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 2447c478bd9Sstevel@tonic-gate "cannot read protocol name"); 2457c478bd9Sstevel@tonic-gate goto bail; 2467c478bd9Sstevel@tonic-gate } 2477c478bd9Sstevel@tonic-gate proto_name = token; 2487c478bd9Sstevel@tonic-gate 2497c478bd9Sstevel@tonic-gate /* execution mode */ 2507c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 2517c478bd9Sstevel@tonic-gate if (token == NULL) { 25261961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 2537c478bd9Sstevel@tonic-gate "cannot read execution mode"); 2547c478bd9Sstevel@tonic-gate goto bail; 2557c478bd9Sstevel@tonic-gate } 2567c478bd9Sstevel@tonic-gate /* remove trailing '\n' */ 2577c478bd9Sstevel@tonic-gate token[strlen(token) - 1] = '\0'; 2587c478bd9Sstevel@tonic-gate if (_str_to_ipsec_exec_mode(token, &exec_mode) != 0) { 25961961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 2607c478bd9Sstevel@tonic-gate "invalid execution mode: \"%s\"", token); 2617c478bd9Sstevel@tonic-gate goto bail; 2627c478bd9Sstevel@tonic-gate } 2637c478bd9Sstevel@tonic-gate 2647c478bd9Sstevel@tonic-gate /* initialize protocol structure */ 2657c478bd9Sstevel@tonic-gate rc_num++; 2667c478bd9Sstevel@tonic-gate new_proto = (ipsec_proto_t *)realloc(rc, 2677c478bd9Sstevel@tonic-gate sizeof (ipsec_proto_t) * rc_num); 2687c478bd9Sstevel@tonic-gate rc = new_proto; 2697c478bd9Sstevel@tonic-gate if (new_proto == NULL) 2707c478bd9Sstevel@tonic-gate goto bail; 2717c478bd9Sstevel@tonic-gate new_proto += (rc_num - 1); 2727c478bd9Sstevel@tonic-gate new_proto->proto_num = new_num; 2737c478bd9Sstevel@tonic-gate new_proto->proto_algs = NULL; 2747c478bd9Sstevel@tonic-gate new_proto->proto_numalgs = 0; 2757c478bd9Sstevel@tonic-gate new_proto->proto_name = strdup(proto_name); 2767c478bd9Sstevel@tonic-gate if (new_proto->proto_name == NULL) 2777c478bd9Sstevel@tonic-gate goto bail; 2787c478bd9Sstevel@tonic-gate new_proto->proto_exec_mode = exec_mode; 2797c478bd9Sstevel@tonic-gate 2807c478bd9Sstevel@tonic-gate if (doing_pkg) { 2817c478bd9Sstevel@tonic-gate /* record proto as being part of current pkg */ 2827c478bd9Sstevel@tonic-gate new_proto->proto_pkg = strdup(cur_pkg); 2837c478bd9Sstevel@tonic-gate if (new_proto->proto_pkg == NULL) 2847c478bd9Sstevel@tonic-gate goto bail; 2857c478bd9Sstevel@tonic-gate } else { 2867c478bd9Sstevel@tonic-gate new_proto->proto_pkg = NULL; 2877c478bd9Sstevel@tonic-gate } 2887c478bd9Sstevel@tonic-gate 2897c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs = NULL; 2907c478bd9Sstevel@tonic-gate new_proto->proto_algs_npkgs = 0; 2917c478bd9Sstevel@tonic-gate 2927c478bd9Sstevel@tonic-gate } else if (strncasecmp(line, LIBIPSEC_ALGS_LINE_ALG, 2937c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_ALG) - 1) == 0) { 2947c478bd9Sstevel@tonic-gate /* current line defines a new algorithm */ 2957c478bd9Sstevel@tonic-gate 2967c478bd9Sstevel@tonic-gate /* skip the algorithm token */ 2977c478bd9Sstevel@tonic-gate token = strtok_r(line, pipechar, &lasts); 2987c478bd9Sstevel@tonic-gate 2997c478bd9Sstevel@tonic-gate /* protocol number */ 3007c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 3017c478bd9Sstevel@tonic-gate if (token == NULL || (new_num = atoi(token)) == 0) { 30261961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 3037c478bd9Sstevel@tonic-gate "invalid algorithm number"); 3047c478bd9Sstevel@tonic-gate goto bail; 3057c478bd9Sstevel@tonic-gate } 3067c478bd9Sstevel@tonic-gate 3077c478bd9Sstevel@tonic-gate /* We can be O(N) for now. There aren't that many. */ 3087c478bd9Sstevel@tonic-gate for (new_proto = rc; new_proto < (rc + new_num); 3097c478bd9Sstevel@tonic-gate new_proto++) 3107c478bd9Sstevel@tonic-gate if (new_proto->proto_num == new_num) 3117c478bd9Sstevel@tonic-gate break; 3127c478bd9Sstevel@tonic-gate if (new_proto == (rc + new_num)) { 31361961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 3147c478bd9Sstevel@tonic-gate "invalid protocol number %d for algorithm", 3157c478bd9Sstevel@tonic-gate new_num); 3167c478bd9Sstevel@tonic-gate goto bail; 3177c478bd9Sstevel@tonic-gate } 3187c478bd9Sstevel@tonic-gate 3197c478bd9Sstevel@tonic-gate /* algorithm number */ 3207c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 3217c478bd9Sstevel@tonic-gate if (token == NULL) { 32261961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 3237c478bd9Sstevel@tonic-gate "cannot read algorithm number"); 3247c478bd9Sstevel@tonic-gate goto bail; 3257c478bd9Sstevel@tonic-gate } 3267c478bd9Sstevel@tonic-gate /* Can't check for 0 here. */ 3277c478bd9Sstevel@tonic-gate alg_num = atoi(token); 3287c478bd9Sstevel@tonic-gate 3297c478bd9Sstevel@tonic-gate /* algorithm names */ 3307c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 3317c478bd9Sstevel@tonic-gate if (token == NULL) { 33261961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 3337c478bd9Sstevel@tonic-gate "cannot read algorithm number"); 3347c478bd9Sstevel@tonic-gate goto bail; 3357c478bd9Sstevel@tonic-gate } 3367c478bd9Sstevel@tonic-gate alg_names = token; 3377c478bd9Sstevel@tonic-gate 3387c478bd9Sstevel@tonic-gate /* mechanism name */ 3397c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 3407c478bd9Sstevel@tonic-gate if (token == NULL) { 34161961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 3427c478bd9Sstevel@tonic-gate "cannot read mechanism name for alg %d " 3437c478bd9Sstevel@tonic-gate "(proto %d)", alg_num, 3447c478bd9Sstevel@tonic-gate new_proto->proto_num); 3457c478bd9Sstevel@tonic-gate goto bail; 3467c478bd9Sstevel@tonic-gate } 3477c478bd9Sstevel@tonic-gate ef_name = token; 3487c478bd9Sstevel@tonic-gate 3497c478bd9Sstevel@tonic-gate /* key sizes */ 3507c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 3517c478bd9Sstevel@tonic-gate if (token == NULL) { 35261961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 3537c478bd9Sstevel@tonic-gate "cannot read key sizes for alg %d " 3547c478bd9Sstevel@tonic-gate "(proto %d)", alg_num, 3557c478bd9Sstevel@tonic-gate new_proto->proto_num); 3567c478bd9Sstevel@tonic-gate goto bail; 3577c478bd9Sstevel@tonic-gate } 3587c478bd9Sstevel@tonic-gate key_string = token; 3597c478bd9Sstevel@tonic-gate 3607c478bd9Sstevel@tonic-gate /* block sizes */ 3617c478bd9Sstevel@tonic-gate token = strtok_r(NULL, pipechar, &lasts); 3627c478bd9Sstevel@tonic-gate if (token == NULL) { 36361961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 364*628b0c67SMark Fenwick "cannot read block sizes for alg %d " 3657c478bd9Sstevel@tonic-gate "(proto %d)", alg_num, 3667c478bd9Sstevel@tonic-gate new_proto->proto_num); 3677c478bd9Sstevel@tonic-gate goto bail; 3687c478bd9Sstevel@tonic-gate } 3697c478bd9Sstevel@tonic-gate block_string = token; 3707c478bd9Sstevel@tonic-gate 371*628b0c67SMark Fenwick /* 372*628b0c67SMark Fenwick * Check for mechanism params and flags. As these 373*628b0c67SMark Fenwick * are optional, we won't bail if they don't exist. 374*628b0c67SMark Fenwick */ 375*628b0c67SMark Fenwick token = strtok_r(NULL, pipechar, &lasts); 376*628b0c67SMark Fenwick params_string = token; 377*628b0c67SMark Fenwick 378*628b0c67SMark Fenwick token = strtok_r(NULL, pipechar, &lasts); 379*628b0c67SMark Fenwick if (token != NULL) 380*628b0c67SMark Fenwick flags = atoi(token); 381*628b0c67SMark Fenwick 3827c478bd9Sstevel@tonic-gate /* extract key sizes */ 3837c478bd9Sstevel@tonic-gate key_increment = build_keysizes(&key_sizes, key_string); 3847c478bd9Sstevel@tonic-gate if (key_increment == -1) { 38561961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 3867c478bd9Sstevel@tonic-gate "invalid key sizes for alg %d (proto %d)", 3877c478bd9Sstevel@tonic-gate alg_num, new_proto->proto_num); 3887c478bd9Sstevel@tonic-gate goto bail; 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate /* extract block sizes */ 3927c478bd9Sstevel@tonic-gate block_sizes = (int *)malloc(sizeof (int)); 3937c478bd9Sstevel@tonic-gate if (block_sizes == NULL) { 3947c478bd9Sstevel@tonic-gate goto bail; 3957c478bd9Sstevel@tonic-gate } 3967c478bd9Sstevel@tonic-gate num_sizes = 0; 3977c478bd9Sstevel@tonic-gate token = strtok_r(block_string, comma, &lasts); 3987c478bd9Sstevel@tonic-gate if (token == NULL) { 39961961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 4007c478bd9Sstevel@tonic-gate "invalid block sizes for alg %d (proto %d)", 4017c478bd9Sstevel@tonic-gate alg_num, new_proto->proto_num); 4027c478bd9Sstevel@tonic-gate goto bail; 4037c478bd9Sstevel@tonic-gate } 4047c478bd9Sstevel@tonic-gate *block_sizes = 0; 4057c478bd9Sstevel@tonic-gate do { 4067c478bd9Sstevel@tonic-gate int *nbk; 4077c478bd9Sstevel@tonic-gate 4087c478bd9Sstevel@tonic-gate nbk = (int *)realloc(block_sizes, 4097c478bd9Sstevel@tonic-gate sizeof (int) * ((++num_sizes) + 1)); 4107c478bd9Sstevel@tonic-gate if (nbk == NULL) { 4117c478bd9Sstevel@tonic-gate goto bail; 4127c478bd9Sstevel@tonic-gate } 4137c478bd9Sstevel@tonic-gate block_sizes = nbk; 4147c478bd9Sstevel@tonic-gate /* Can't check for 0 here... */ 4157c478bd9Sstevel@tonic-gate block_sizes[num_sizes - 1] = atoi(token); 4167c478bd9Sstevel@tonic-gate block_sizes[num_sizes] = 0; 4177c478bd9Sstevel@tonic-gate } while ((token = strtok_r(NULL, comma, &lasts)) != 4187c478bd9Sstevel@tonic-gate NULL); 4197c478bd9Sstevel@tonic-gate 420*628b0c67SMark Fenwick /* extract mech params */ 421*628b0c67SMark Fenwick mech_params = (int *)malloc(sizeof (int)); 422*628b0c67SMark Fenwick if (mech_params == NULL) { 423*628b0c67SMark Fenwick goto bail; 424*628b0c67SMark Fenwick } 425*628b0c67SMark Fenwick *mech_params = 0; 426*628b0c67SMark Fenwick num_sizes = 0; 427*628b0c67SMark Fenwick if (params_string != NULL) { 428*628b0c67SMark Fenwick token = strtok_r(params_string, comma, &lasts); 429*628b0c67SMark Fenwick if (token == NULL) { 430*628b0c67SMark Fenwick (void) snprintf(diag_buf, 431*628b0c67SMark Fenwick sizeof (diag_buf), "invalid mech " 432*628b0c67SMark Fenwick "params for alg %d (proto %d)", 433*628b0c67SMark Fenwick alg_num, new_proto->proto_num); 434*628b0c67SMark Fenwick goto bail; 435*628b0c67SMark Fenwick } 436*628b0c67SMark Fenwick do { 437*628b0c67SMark Fenwick int *nbk; 438*628b0c67SMark Fenwick 439*628b0c67SMark Fenwick nbk = (int *)realloc(mech_params, 440*628b0c67SMark Fenwick sizeof (int) * ((++num_sizes) + 1)); 441*628b0c67SMark Fenwick if (nbk == NULL) { 442*628b0c67SMark Fenwick goto bail; 443*628b0c67SMark Fenwick } 444*628b0c67SMark Fenwick mech_params = nbk; 445*628b0c67SMark Fenwick /* Can't check for 0 here... */ 446*628b0c67SMark Fenwick mech_params[num_sizes - 1] = 447*628b0c67SMark Fenwick atoi(token); 448*628b0c67SMark Fenwick mech_params[num_sizes] = 0; 449*628b0c67SMark Fenwick } while ((token = strtok_r(NULL, comma, &lasts)) 450*628b0c67SMark Fenwick != NULL); 451*628b0c67SMark Fenwick } 4527c478bd9Sstevel@tonic-gate /* Allocate a new struct ipsecalgent. */ 4537c478bd9Sstevel@tonic-gate curalg = (struct ipsecalgent *)calloc( 4547c478bd9Sstevel@tonic-gate sizeof (struct ipsecalgent), 1); 4557c478bd9Sstevel@tonic-gate if (curalg == NULL) { 4567c478bd9Sstevel@tonic-gate goto bail; 4577c478bd9Sstevel@tonic-gate } 4587c478bd9Sstevel@tonic-gate curalg->a_proto_num = new_num; 4597c478bd9Sstevel@tonic-gate curalg->a_alg_num = alg_num; 4607c478bd9Sstevel@tonic-gate curalg->a_block_sizes = block_sizes; 461*628b0c67SMark Fenwick curalg->a_alg_flags = flags; 462*628b0c67SMark Fenwick curalg->a_mech_params = mech_params; 4637c478bd9Sstevel@tonic-gate curalg->a_key_sizes = key_sizes; 4647c478bd9Sstevel@tonic-gate curalg->a_key_increment = key_increment; 4657c478bd9Sstevel@tonic-gate if ((curalg->a_mech_name = strdup(ef_name)) == NULL) { 4667c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 4677c478bd9Sstevel@tonic-gate goto bail; 4687c478bd9Sstevel@tonic-gate } 4697c478bd9Sstevel@tonic-gate /* Set names. */ 4707c478bd9Sstevel@tonic-gate curalg->a_names = (char **)malloc(sizeof (char *)); 4717c478bd9Sstevel@tonic-gate num_sizes = 0; /* Recycle "sizes" */ 4727c478bd9Sstevel@tonic-gate token = strtok_r(alg_names, comma, &lasts); 4737c478bd9Sstevel@tonic-gate if (curalg->a_names == NULL || token == NULL) { 4747c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 4757c478bd9Sstevel@tonic-gate goto bail; 4767c478bd9Sstevel@tonic-gate } 4777c478bd9Sstevel@tonic-gate do { 4787c478bd9Sstevel@tonic-gate char **nnames; 4797c478bd9Sstevel@tonic-gate 4807c478bd9Sstevel@tonic-gate nnames = (char **)realloc(curalg->a_names, 4817c478bd9Sstevel@tonic-gate sizeof (char *) * ((++num_sizes) + 1)); 4827c478bd9Sstevel@tonic-gate if (nnames == NULL) { 4837c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 4847c478bd9Sstevel@tonic-gate goto bail; 4857c478bd9Sstevel@tonic-gate } 4867c478bd9Sstevel@tonic-gate curalg->a_names = nnames; 4877c478bd9Sstevel@tonic-gate curalg->a_names[num_sizes] = NULL; 4887c478bd9Sstevel@tonic-gate curalg->a_names[num_sizes - 1] = 4897c478bd9Sstevel@tonic-gate strdup(token); 4907c478bd9Sstevel@tonic-gate if (curalg->a_names[num_sizes - 1] == NULL) { 4917c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 4927c478bd9Sstevel@tonic-gate goto bail; 4937c478bd9Sstevel@tonic-gate } 4947c478bd9Sstevel@tonic-gate } while ((token = strtok_r(NULL, comma, &lasts)) != 4957c478bd9Sstevel@tonic-gate NULL); 4967c478bd9Sstevel@tonic-gate 4977c478bd9Sstevel@tonic-gate if (doing_pkg) { 4987c478bd9Sstevel@tonic-gate /* record alg as being part of current pkg */ 4997c478bd9Sstevel@tonic-gate int npkgs = new_proto->proto_algs_npkgs; 5007c478bd9Sstevel@tonic-gate 5017c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs = realloc( 5027c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs, 5037c478bd9Sstevel@tonic-gate (npkgs + 1) * sizeof (ipsecalgs_pkg_t)); 5047c478bd9Sstevel@tonic-gate if (new_proto->proto_algs_pkgs == NULL) 5057c478bd9Sstevel@tonic-gate goto bail; 5067c478bd9Sstevel@tonic-gate 5077c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs[npkgs].alg_num = 5087c478bd9Sstevel@tonic-gate curalg->a_alg_num; 5097c478bd9Sstevel@tonic-gate new_proto->proto_algs_pkgs[npkgs].pkg_name = 5107c478bd9Sstevel@tonic-gate strdup(cur_pkg); 5117c478bd9Sstevel@tonic-gate if (new_proto->proto_algs_pkgs[npkgs].pkg_name 5127c478bd9Sstevel@tonic-gate == NULL) 5137c478bd9Sstevel@tonic-gate goto bail; 5147c478bd9Sstevel@tonic-gate 5157c478bd9Sstevel@tonic-gate new_proto->proto_algs_npkgs = npkgs + 1; 5167c478bd9Sstevel@tonic-gate } 5177c478bd9Sstevel@tonic-gate 5187c478bd9Sstevel@tonic-gate /* add new alg to protocol */ 5197c478bd9Sstevel@tonic-gate newalglist = realloc(new_proto->proto_algs, 5207c478bd9Sstevel@tonic-gate (new_proto->proto_numalgs + 1) * 5217c478bd9Sstevel@tonic-gate sizeof (struct ipsecalgent *)); 5227c478bd9Sstevel@tonic-gate if (newalglist == NULL) { 5237c478bd9Sstevel@tonic-gate freeipsecalgent(curalg); 5247c478bd9Sstevel@tonic-gate goto bail; 5257c478bd9Sstevel@tonic-gate } 5267c478bd9Sstevel@tonic-gate newalglist[new_proto->proto_numalgs] = curalg; 5277c478bd9Sstevel@tonic-gate new_proto->proto_numalgs++; 5287c478bd9Sstevel@tonic-gate new_proto->proto_algs = newalglist; 5297c478bd9Sstevel@tonic-gate 5307c478bd9Sstevel@tonic-gate } else if (strncasecmp(line, LIBIPSEC_ALGS_LINE_PKGSTART, 5317c478bd9Sstevel@tonic-gate sizeof (LIBIPSEC_ALGS_LINE_PKGSTART) - 1) == 0) { 5327c478bd9Sstevel@tonic-gate /* start of package delimiter */ 5337c478bd9Sstevel@tonic-gate if (doing_pkg) { 53461961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 5357c478bd9Sstevel@tonic-gate "duplicate package start delimiters"); 5367c478bd9Sstevel@tonic-gate goto bail; 5377c478bd9Sstevel@tonic-gate } 5387c478bd9Sstevel@tonic-gate (void) strncpy(cur_pkg, line + 5397c478bd9Sstevel@tonic-gate (sizeof (LIBIPSEC_ALGS_LINE_PKGSTART) - 1), 5407c478bd9Sstevel@tonic-gate sizeof (cur_pkg)); 5417c478bd9Sstevel@tonic-gate /* remove trailing '\n' */ 5427c478bd9Sstevel@tonic-gate cur_pkg[strlen(cur_pkg) - 1] = '\0'; 5437c478bd9Sstevel@tonic-gate doing_pkg = B_TRUE; 5447c478bd9Sstevel@tonic-gate 5457c478bd9Sstevel@tonic-gate } else { 5467c478bd9Sstevel@tonic-gate /* end of package delimiter */ 5477c478bd9Sstevel@tonic-gate char tmp_pkg[1024]; 5487c478bd9Sstevel@tonic-gate 5497c478bd9Sstevel@tonic-gate if (!doing_pkg) { 55061961e0fSrobinson (void) snprintf(diag_buf, sizeof (diag_buf), 5517c478bd9Sstevel@tonic-gate "end package delimiter without start"); 5527c478bd9Sstevel@tonic-gate goto bail; 5537c478bd9Sstevel@tonic-gate } 5547c478bd9Sstevel@tonic-gate /* 5557c478bd9Sstevel@tonic-gate * Get specified pkg name, fail if it doesn't match 5567c478bd9Sstevel@tonic-gate * the package specified by the last # Begin. 5577c478bd9Sstevel@tonic-gate */ 5587c478bd9Sstevel@tonic-gate (void) strncpy(tmp_pkg, line + 5597c478bd9Sstevel@tonic-gate (sizeof (LIBIPSEC_ALGS_LINE_PKGEND) - 1), 5607c478bd9Sstevel@tonic-gate sizeof (tmp_pkg)); 5617c478bd9Sstevel@tonic-gate /* remove trailing '\n' */ 5627c478bd9Sstevel@tonic-gate tmp_pkg[strlen(tmp_pkg) - 1] = '\0'; 5637c478bd9Sstevel@tonic-gate if (strncmp(cur_pkg, tmp_pkg, sizeof (cur_pkg)) != 0) 5647c478bd9Sstevel@tonic-gate goto bail; 5657c478bd9Sstevel@tonic-gate doing_pkg = B_FALSE; 5667c478bd9Sstevel@tonic-gate } 5677c478bd9Sstevel@tonic-gate } 5687c478bd9Sstevel@tonic-gate 5697c478bd9Sstevel@tonic-gate *num = rc_num; 5707c478bd9Sstevel@tonic-gate return (rc); 5717c478bd9Sstevel@tonic-gate 5727c478bd9Sstevel@tonic-gate bail: 5737c478bd9Sstevel@tonic-gate if (strlen(diag_buf) > 0) { 5747c478bd9Sstevel@tonic-gate syslog(LOG_ERR, "possibly corrupt %s file: %s\n", 5757c478bd9Sstevel@tonic-gate INET_IPSECALGSFILE, diag_buf); 5767c478bd9Sstevel@tonic-gate } 577*628b0c67SMark Fenwick free(key_sizes); 578*628b0c67SMark Fenwick free(block_sizes); 579*628b0c67SMark Fenwick free(mech_params); 5807c478bd9Sstevel@tonic-gate _clean_trash(rc, rc_num); 5817c478bd9Sstevel@tonic-gate return (NULL); 5827c478bd9Sstevel@tonic-gate } 5837c478bd9Sstevel@tonic-gate 5847c478bd9Sstevel@tonic-gate /* 5857c478bd9Sstevel@tonic-gate * If alg_context is NULL, update the library's cached copy of 5867c478bd9Sstevel@tonic-gate * INET_IPSECALGSFILE. If alg_context is non-NULL, hang a 5877c478bd9Sstevel@tonic-gate * library-internal representation of a cached copy. The latter is useful 5887c478bd9Sstevel@tonic-gate * for routines in libipsecutil that _write_ the contents out. 5897c478bd9Sstevel@tonic-gate */ 5907c478bd9Sstevel@tonic-gate void 5917c478bd9Sstevel@tonic-gate _build_internal_algs(ipsec_proto_t **alg_context, int *alg_nums) 5927c478bd9Sstevel@tonic-gate { 593004388ebScasper FILE *f; 594004388ebScasper int rc, trash_num; 5957c478bd9Sstevel@tonic-gate ipsec_proto_t *new_protos = NULL, *trash; 5967c478bd9Sstevel@tonic-gate time_t filetime; 5977c478bd9Sstevel@tonic-gate struct stat statbuf; 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate /* 6007c478bd9Sstevel@tonic-gate * Construct new_protos from the file. 6017c478bd9Sstevel@tonic-gate */ 6027c478bd9Sstevel@tonic-gate if (alg_context == NULL) { 6037c478bd9Sstevel@tonic-gate /* 6047c478bd9Sstevel@tonic-gate * Check the time w/o holding the lock. This is just a 6057c478bd9Sstevel@tonic-gate * cache reality check. We'll do it again for real if this 6067c478bd9Sstevel@tonic-gate * surface check fails. 6077c478bd9Sstevel@tonic-gate */ 6087c478bd9Sstevel@tonic-gate if (stat(INET_IPSECALGSFILE, &statbuf) == -1 || 609b9b5bfe9Sdm199272 (statbuf.st_mtime < proto_last_update && protos != NULL)) 6107c478bd9Sstevel@tonic-gate return; 61161961e0fSrobinson (void) rw_wrlock(&proto_rw); 6127c478bd9Sstevel@tonic-gate } 6137c478bd9Sstevel@tonic-gate 614004388ebScasper f = fopen(INET_IPSECALGSFILE, "rF"); 615004388ebScasper if (f != NULL) { 616004388ebScasper rc = fstat(fileno(f), &statbuf); 6177c478bd9Sstevel@tonic-gate if (rc != -1) { 6187c478bd9Sstevel@tonic-gate /* 6197c478bd9Sstevel@tonic-gate * Update if the file is newer than our 6207c478bd9Sstevel@tonic-gate * last cached copy. 6217c478bd9Sstevel@tonic-gate */ 6227c478bd9Sstevel@tonic-gate filetime = statbuf.st_mtime; 6237c478bd9Sstevel@tonic-gate if (alg_context != NULL || 6247c478bd9Sstevel@tonic-gate filetime > proto_last_update) 6257c478bd9Sstevel@tonic-gate new_protos = build_list(f, &rc); 6267c478bd9Sstevel@tonic-gate } 627004388ebScasper /* Since f is read-only, can avoid all of the failures... */ 628004388ebScasper (void) fclose(f); 6297c478bd9Sstevel@tonic-gate } 6307c478bd9Sstevel@tonic-gate 6317c478bd9Sstevel@tonic-gate if (alg_context == NULL) { 6327c478bd9Sstevel@tonic-gate /* 6337c478bd9Sstevel@tonic-gate * If we have failed anywhere above, new_protoss will be NULL. 6347c478bd9Sstevel@tonic-gate * This way, the previous cached protos will still be intact. 6357c478bd9Sstevel@tonic-gate */ 6367c478bd9Sstevel@tonic-gate if (new_protos != NULL) { 6377c478bd9Sstevel@tonic-gate proto_last_update = filetime; 6387c478bd9Sstevel@tonic-gate trash = protos; 6397c478bd9Sstevel@tonic-gate trash_num = num_protos; 6407c478bd9Sstevel@tonic-gate protos = new_protos; 6417c478bd9Sstevel@tonic-gate num_protos = rc; 6427c478bd9Sstevel@tonic-gate } else { 6437c478bd9Sstevel@tonic-gate /* 6447c478bd9Sstevel@tonic-gate * Else the original protocols and algorithms lists 6457c478bd9Sstevel@tonic-gate * remains the same. 6467c478bd9Sstevel@tonic-gate */ 6477c478bd9Sstevel@tonic-gate trash = NULL; 6487c478bd9Sstevel@tonic-gate } 64961961e0fSrobinson (void) rw_unlock(&proto_rw); 6507c478bd9Sstevel@tonic-gate _clean_trash(trash, trash_num); 6517c478bd9Sstevel@tonic-gate } else { 6527c478bd9Sstevel@tonic-gate /* 6537c478bd9Sstevel@tonic-gate * Assume caller has done the appropriate locking, 6547c478bd9Sstevel@tonic-gate * cleanup, etc. And if new_protos is NULL, it's the caller's 6557c478bd9Sstevel@tonic-gate * problem. 6567c478bd9Sstevel@tonic-gate */ 6577c478bd9Sstevel@tonic-gate *alg_context = new_protos; 6587c478bd9Sstevel@tonic-gate *alg_nums = rc; 6597c478bd9Sstevel@tonic-gate } 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate } 6627c478bd9Sstevel@tonic-gate 6637c478bd9Sstevel@tonic-gate /* 6647c478bd9Sstevel@tonic-gate * Assume input is 0-terminated. 6657c478bd9Sstevel@tonic-gate */ 6667c478bd9Sstevel@tonic-gate static int * 6677c478bd9Sstevel@tonic-gate duplicate_intarr(int *orig) 6687c478bd9Sstevel@tonic-gate { 6697c478bd9Sstevel@tonic-gate size_t allocsize = sizeof (int); 6707c478bd9Sstevel@tonic-gate int *iwalker = orig; 6717c478bd9Sstevel@tonic-gate 6727c478bd9Sstevel@tonic-gate if (orig == NULL) 6737c478bd9Sstevel@tonic-gate return (NULL); 6747c478bd9Sstevel@tonic-gate 6757c478bd9Sstevel@tonic-gate while (*iwalker != 0) { 6767c478bd9Sstevel@tonic-gate allocsize += sizeof (int); 6777c478bd9Sstevel@tonic-gate iwalker++; 6787c478bd9Sstevel@tonic-gate } 6797c478bd9Sstevel@tonic-gate 6807c478bd9Sstevel@tonic-gate iwalker = malloc(allocsize); 6817c478bd9Sstevel@tonic-gate if (iwalker != NULL) 68261961e0fSrobinson (void) memcpy(iwalker, orig, allocsize); 6837c478bd9Sstevel@tonic-gate 6847c478bd9Sstevel@tonic-gate return (iwalker); 6857c478bd9Sstevel@tonic-gate } 6867c478bd9Sstevel@tonic-gate 6877c478bd9Sstevel@tonic-gate /* 6887c478bd9Sstevel@tonic-gate * Assume input is NULL terminated. 6897c478bd9Sstevel@tonic-gate */ 6907c478bd9Sstevel@tonic-gate static char ** 6917c478bd9Sstevel@tonic-gate duplicate_strarr(char **orig) 6927c478bd9Sstevel@tonic-gate { 6937c478bd9Sstevel@tonic-gate int i; 6947c478bd9Sstevel@tonic-gate char **swalker; 6957c478bd9Sstevel@tonic-gate char **newbie; 6967c478bd9Sstevel@tonic-gate 6977c478bd9Sstevel@tonic-gate if (orig == NULL) 6987c478bd9Sstevel@tonic-gate return (NULL); 6997c478bd9Sstevel@tonic-gate 7007c478bd9Sstevel@tonic-gate /* count number of elements in source array */ 701b9b5bfe9Sdm199272 for (swalker = orig; *swalker != NULL; swalker++) 702b9b5bfe9Sdm199272 ; 7037c478bd9Sstevel@tonic-gate 7047c478bd9Sstevel@tonic-gate /* use calloc() to get NULL-initialization */ 7057c478bd9Sstevel@tonic-gate newbie = calloc(swalker - orig + 1, sizeof (char *)); 7067c478bd9Sstevel@tonic-gate 7077c478bd9Sstevel@tonic-gate if (newbie != NULL) { 7087c478bd9Sstevel@tonic-gate /* do the copy */ 7097c478bd9Sstevel@tonic-gate for (i = 0; orig[i] != NULL; i++) { 7107c478bd9Sstevel@tonic-gate newbie[i] = strdup(orig[i]); 7117c478bd9Sstevel@tonic-gate if (newbie[i] == NULL) { 7127c478bd9Sstevel@tonic-gate for (swalker = newbie; *swalker != NULL; 7137c478bd9Sstevel@tonic-gate swalker++) 7147c478bd9Sstevel@tonic-gate free(*swalker); 7157c478bd9Sstevel@tonic-gate free(newbie); 7167c478bd9Sstevel@tonic-gate return (NULL); 7177c478bd9Sstevel@tonic-gate } 7187c478bd9Sstevel@tonic-gate } 7197c478bd9Sstevel@tonic-gate } 7207c478bd9Sstevel@tonic-gate 7217c478bd9Sstevel@tonic-gate return (newbie); 7227c478bd9Sstevel@tonic-gate } 7237c478bd9Sstevel@tonic-gate 7247c478bd9Sstevel@tonic-gate struct ipsecalgent * 7257c478bd9Sstevel@tonic-gate _duplicate_alg(struct ipsecalgent *orig) 7267c478bd9Sstevel@tonic-gate { 7277c478bd9Sstevel@tonic-gate struct ipsecalgent *rc; 7287c478bd9Sstevel@tonic-gate 7297c478bd9Sstevel@tonic-gate /* use calloc() to get NULL-initialization. */ 7307c478bd9Sstevel@tonic-gate rc = calloc(1, sizeof (struct ipsecalgent)); 7317c478bd9Sstevel@tonic-gate if (rc == NULL) 7327c478bd9Sstevel@tonic-gate return (NULL); 7337c478bd9Sstevel@tonic-gate 7347c478bd9Sstevel@tonic-gate rc->a_proto_num = orig->a_proto_num; 7357c478bd9Sstevel@tonic-gate rc->a_alg_num = orig->a_alg_num; 7367c478bd9Sstevel@tonic-gate rc->a_key_increment = orig->a_key_increment; 7377c478bd9Sstevel@tonic-gate rc->a_mech_name = strdup(orig->a_mech_name); 738*628b0c67SMark Fenwick rc->a_alg_flags = orig->a_alg_flags; 7397c478bd9Sstevel@tonic-gate rc->a_block_sizes = duplicate_intarr(orig->a_block_sizes); 740*628b0c67SMark Fenwick rc->a_mech_params = duplicate_intarr(orig->a_mech_params); 7417c478bd9Sstevel@tonic-gate rc->a_key_sizes = duplicate_intarr(orig->a_key_sizes); 7427c478bd9Sstevel@tonic-gate rc->a_names = duplicate_strarr(orig->a_names); 7437c478bd9Sstevel@tonic-gate 7447c478bd9Sstevel@tonic-gate if (rc->a_mech_name == NULL || rc->a_block_sizes == NULL || 745*628b0c67SMark Fenwick rc->a_key_sizes == NULL || rc->a_names == NULL || 746*628b0c67SMark Fenwick rc->a_mech_params == NULL) { 7477c478bd9Sstevel@tonic-gate freeipsecalgent(rc); 7487c478bd9Sstevel@tonic-gate return (NULL); 7497c478bd9Sstevel@tonic-gate } 7507c478bd9Sstevel@tonic-gate 7517c478bd9Sstevel@tonic-gate return (rc); 7527c478bd9Sstevel@tonic-gate } 7537c478bd9Sstevel@tonic-gate 7547c478bd9Sstevel@tonic-gate /* 7557c478bd9Sstevel@tonic-gate * Assume the rwlock is held for reading. 7567c478bd9Sstevel@tonic-gate */ 7577c478bd9Sstevel@tonic-gate static ipsec_proto_t * 7587c478bd9Sstevel@tonic-gate findprotobynum(int proto_num) 7597c478bd9Sstevel@tonic-gate { 7607c478bd9Sstevel@tonic-gate int i; 7617c478bd9Sstevel@tonic-gate 7627c478bd9Sstevel@tonic-gate for (i = 0; i < num_protos; i++) { 7637c478bd9Sstevel@tonic-gate if (protos[i].proto_num == proto_num) 7647c478bd9Sstevel@tonic-gate return (protos + i); 7657c478bd9Sstevel@tonic-gate } 7667c478bd9Sstevel@tonic-gate 7677c478bd9Sstevel@tonic-gate return (NULL); 7687c478bd9Sstevel@tonic-gate } 7697c478bd9Sstevel@tonic-gate 7707c478bd9Sstevel@tonic-gate static ipsec_proto_t * 7717c478bd9Sstevel@tonic-gate findprotobyname(const char *name) 7727c478bd9Sstevel@tonic-gate { 7737c478bd9Sstevel@tonic-gate int i; 7747c478bd9Sstevel@tonic-gate 7757c478bd9Sstevel@tonic-gate if (name == NULL) 7767c478bd9Sstevel@tonic-gate return (NULL); 7777c478bd9Sstevel@tonic-gate 7787c478bd9Sstevel@tonic-gate for (i = 0; i < num_protos; i++) { 7797c478bd9Sstevel@tonic-gate /* Can use strcasecmp because our proto_name is bounded. */ 7807c478bd9Sstevel@tonic-gate if (strcasecmp(protos[i].proto_name, name) == 0) 7817c478bd9Sstevel@tonic-gate return (protos + i); 7827c478bd9Sstevel@tonic-gate } 7837c478bd9Sstevel@tonic-gate 7847c478bd9Sstevel@tonic-gate return (NULL); 7857c478bd9Sstevel@tonic-gate } 7867c478bd9Sstevel@tonic-gate 7877c478bd9Sstevel@tonic-gate int * 7887c478bd9Sstevel@tonic-gate _real_getipsecprotos(int *nentries) 7897c478bd9Sstevel@tonic-gate { 7907c478bd9Sstevel@tonic-gate int *rc, i; 7917c478bd9Sstevel@tonic-gate 7927c478bd9Sstevel@tonic-gate if (nentries == NULL) 7937c478bd9Sstevel@tonic-gate return (NULL); 7947c478bd9Sstevel@tonic-gate 7957c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 7967c478bd9Sstevel@tonic-gate 79761961e0fSrobinson (void) rw_rdlock(&proto_rw); 7987c478bd9Sstevel@tonic-gate *nentries = num_protos; 7997c478bd9Sstevel@tonic-gate /* 8007c478bd9Sstevel@tonic-gate * Allocate 1 byte if there are no protocols so a non-NULL return 8017c478bd9Sstevel@tonic-gate * happens. 8027c478bd9Sstevel@tonic-gate */ 8037c478bd9Sstevel@tonic-gate rc = malloc((num_protos == 0) ? 1 : num_protos * sizeof (int)); 8047c478bd9Sstevel@tonic-gate if (rc != NULL) { 8057c478bd9Sstevel@tonic-gate for (i = 0; i < num_protos; i++) 8067c478bd9Sstevel@tonic-gate rc[i] = protos[i].proto_num; 8077c478bd9Sstevel@tonic-gate } 80861961e0fSrobinson (void) rw_unlock(&proto_rw); 8097c478bd9Sstevel@tonic-gate return (rc); 8107c478bd9Sstevel@tonic-gate } 8117c478bd9Sstevel@tonic-gate 8127c478bd9Sstevel@tonic-gate int * 8137c478bd9Sstevel@tonic-gate _real_getipsecalgs(int *nentries, int proto_num) 8147c478bd9Sstevel@tonic-gate { 8157c478bd9Sstevel@tonic-gate int *rc = NULL, i; 8167c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 8177c478bd9Sstevel@tonic-gate 8187c478bd9Sstevel@tonic-gate if (nentries == NULL) 8197c478bd9Sstevel@tonic-gate return (NULL); 8207c478bd9Sstevel@tonic-gate 8217c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 8227c478bd9Sstevel@tonic-gate 82361961e0fSrobinson (void) rw_rdlock(&proto_rw); 8247c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 8257c478bd9Sstevel@tonic-gate if (proto != NULL) { 8267c478bd9Sstevel@tonic-gate *nentries = proto->proto_numalgs; 8277c478bd9Sstevel@tonic-gate /* 8287c478bd9Sstevel@tonic-gate * Allocate 1 byte if there are no algorithms so a non-NULL 8297c478bd9Sstevel@tonic-gate * return happens. 8307c478bd9Sstevel@tonic-gate */ 8317c478bd9Sstevel@tonic-gate rc = malloc((proto->proto_numalgs == 0) ? 1 : 8327c478bd9Sstevel@tonic-gate proto->proto_numalgs * sizeof (int)); 8337c478bd9Sstevel@tonic-gate if (rc != NULL) { 8347c478bd9Sstevel@tonic-gate for (i = 0; i < proto->proto_numalgs; i++) 8357c478bd9Sstevel@tonic-gate rc[i] = proto->proto_algs[i]->a_alg_num; 8367c478bd9Sstevel@tonic-gate } 8377c478bd9Sstevel@tonic-gate } 83861961e0fSrobinson (void) rw_unlock(&proto_rw); 8397c478bd9Sstevel@tonic-gate return (rc); 8407c478bd9Sstevel@tonic-gate } 8417c478bd9Sstevel@tonic-gate 8427c478bd9Sstevel@tonic-gate struct ipsecalgent * 8437c478bd9Sstevel@tonic-gate getipsecalgbyname(const char *name, int proto_num, int *errnop) 8447c478bd9Sstevel@tonic-gate { 8457c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 8467c478bd9Sstevel@tonic-gate struct ipsecalgent *rc = NULL; 8477c478bd9Sstevel@tonic-gate int i, my_errno = ENOENT; 8487c478bd9Sstevel@tonic-gate char **name_check; 8497c478bd9Sstevel@tonic-gate 8507c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 8517c478bd9Sstevel@tonic-gate if (name == NULL) { 8527c478bd9Sstevel@tonic-gate my_errno = EFAULT; 8537c478bd9Sstevel@tonic-gate goto bail; 8547c478bd9Sstevel@tonic-gate } 8557c478bd9Sstevel@tonic-gate 85661961e0fSrobinson (void) rw_rdlock(&proto_rw); 8577c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 8587c478bd9Sstevel@tonic-gate if (proto != NULL) { 8597c478bd9Sstevel@tonic-gate for (i = 0; i < proto->proto_numalgs; i++) { 8607c478bd9Sstevel@tonic-gate for (name_check = proto->proto_algs[i]->a_names; 8617c478bd9Sstevel@tonic-gate *name_check != NULL; name_check++) { 8627c478bd9Sstevel@tonic-gate /* 8637c478bd9Sstevel@tonic-gate * Can use strcasecmp because our name_check 8647c478bd9Sstevel@tonic-gate * is bounded. 8657c478bd9Sstevel@tonic-gate */ 8667c478bd9Sstevel@tonic-gate if (strcasecmp(*name_check, name) == 0) { 8677c478bd9Sstevel@tonic-gate /* found match */ 8687c478bd9Sstevel@tonic-gate rc = _duplicate_alg( 8697c478bd9Sstevel@tonic-gate proto->proto_algs[i]); 8707c478bd9Sstevel@tonic-gate my_errno = (rc == NULL) ? ENOMEM : 0; 87161961e0fSrobinson (void) rw_unlock(&proto_rw); 8727c478bd9Sstevel@tonic-gate goto bail; 8737c478bd9Sstevel@tonic-gate } 8747c478bd9Sstevel@tonic-gate } 8757c478bd9Sstevel@tonic-gate } 8767c478bd9Sstevel@tonic-gate } else { 8777c478bd9Sstevel@tonic-gate my_errno = EINVAL; 8787c478bd9Sstevel@tonic-gate } 8797c478bd9Sstevel@tonic-gate 88061961e0fSrobinson (void) rw_unlock(&proto_rw); 8817c478bd9Sstevel@tonic-gate bail: 8827c478bd9Sstevel@tonic-gate if (errnop != NULL) 8837c478bd9Sstevel@tonic-gate *errnop = my_errno; 8847c478bd9Sstevel@tonic-gate return (rc); 8857c478bd9Sstevel@tonic-gate } 8867c478bd9Sstevel@tonic-gate 8877c478bd9Sstevel@tonic-gate struct ipsecalgent * 8887c478bd9Sstevel@tonic-gate getipsecalgbynum(int alg_num, int proto_num, int *errnop) 8897c478bd9Sstevel@tonic-gate { 8907c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 8917c478bd9Sstevel@tonic-gate struct ipsecalgent *rc = NULL; 8927c478bd9Sstevel@tonic-gate int i, my_errno = ENOENT; 8937c478bd9Sstevel@tonic-gate 8947c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 8957c478bd9Sstevel@tonic-gate 89661961e0fSrobinson (void) rw_rdlock(&proto_rw); 8977c478bd9Sstevel@tonic-gate 8987c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 8997c478bd9Sstevel@tonic-gate if (proto != NULL) { 9007c478bd9Sstevel@tonic-gate for (i = 0; i < proto->proto_numalgs; i++) { 9017c478bd9Sstevel@tonic-gate if (proto->proto_algs[i]->a_alg_num == alg_num) { 9027c478bd9Sstevel@tonic-gate rc = _duplicate_alg(proto->proto_algs[i]); 9037c478bd9Sstevel@tonic-gate my_errno = (rc == NULL) ? ENOMEM : 0; 9047c478bd9Sstevel@tonic-gate break; 9057c478bd9Sstevel@tonic-gate } 9067c478bd9Sstevel@tonic-gate } 9077c478bd9Sstevel@tonic-gate } else { 9087c478bd9Sstevel@tonic-gate my_errno = EINVAL; 9097c478bd9Sstevel@tonic-gate } 9107c478bd9Sstevel@tonic-gate 91161961e0fSrobinson (void) rw_unlock(&proto_rw); 9127c478bd9Sstevel@tonic-gate if (errnop != NULL) 9137c478bd9Sstevel@tonic-gate *errnop = my_errno; 9147c478bd9Sstevel@tonic-gate return (rc); 9157c478bd9Sstevel@tonic-gate } 9167c478bd9Sstevel@tonic-gate 9177c478bd9Sstevel@tonic-gate int 9187c478bd9Sstevel@tonic-gate getipsecprotobyname(const char *proto_name) 9197c478bd9Sstevel@tonic-gate { 9207c478bd9Sstevel@tonic-gate int rc = -1; 9217c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 9227c478bd9Sstevel@tonic-gate 9237c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 9247c478bd9Sstevel@tonic-gate 92561961e0fSrobinson (void) rw_rdlock(&proto_rw); 9267c478bd9Sstevel@tonic-gate proto = findprotobyname(proto_name); 9277c478bd9Sstevel@tonic-gate if (proto != NULL) 9287c478bd9Sstevel@tonic-gate rc = proto->proto_num; 92961961e0fSrobinson (void) rw_unlock(&proto_rw); 9307c478bd9Sstevel@tonic-gate return (rc); 9317c478bd9Sstevel@tonic-gate } 9327c478bd9Sstevel@tonic-gate 9337c478bd9Sstevel@tonic-gate char * 9347c478bd9Sstevel@tonic-gate getipsecprotobynum(int proto_num) 9357c478bd9Sstevel@tonic-gate { 9367c478bd9Sstevel@tonic-gate ipsec_proto_t *proto; 9377c478bd9Sstevel@tonic-gate char *rc = NULL; 9387c478bd9Sstevel@tonic-gate 9397c478bd9Sstevel@tonic-gate _build_internal_algs(NULL, NULL); 9407c478bd9Sstevel@tonic-gate 94161961e0fSrobinson (void) rw_rdlock(&proto_rw); 9427c478bd9Sstevel@tonic-gate proto = findprotobynum(proto_num); 9437c478bd9Sstevel@tonic-gate if (proto != NULL) 9447c478bd9Sstevel@tonic-gate rc = strdup(proto->proto_name); 9457c478bd9Sstevel@tonic-gate 94661961e0fSrobinson (void) rw_unlock(&proto_rw); 9477c478bd9Sstevel@tonic-gate return (rc); 9487c478bd9Sstevel@tonic-gate } 9497c478bd9Sstevel@tonic-gate 9507c478bd9Sstevel@tonic-gate void 9517c478bd9Sstevel@tonic-gate freeipsecalgent(struct ipsecalgent *ptr) 9527c478bd9Sstevel@tonic-gate { 9537c478bd9Sstevel@tonic-gate char **walker; 9547c478bd9Sstevel@tonic-gate 9557c478bd9Sstevel@tonic-gate if (ptr == NULL) 9567c478bd9Sstevel@tonic-gate return; 9577c478bd9Sstevel@tonic-gate 9587c478bd9Sstevel@tonic-gate if (ptr->a_names != NULL) { 9597c478bd9Sstevel@tonic-gate for (walker = ptr->a_names; *walker != NULL; walker++) 9607c478bd9Sstevel@tonic-gate free(*walker); 9617c478bd9Sstevel@tonic-gate } 9627c478bd9Sstevel@tonic-gate 9637c478bd9Sstevel@tonic-gate /* 9647c478bd9Sstevel@tonic-gate * Remember folks, free(NULL) works. 9657c478bd9Sstevel@tonic-gate */ 9667c478bd9Sstevel@tonic-gate free(ptr->a_names); 9677c478bd9Sstevel@tonic-gate free(ptr->a_mech_name); 9687c478bd9Sstevel@tonic-gate free(ptr->a_block_sizes); 969*628b0c67SMark Fenwick free(ptr->a_mech_params); 9707c478bd9Sstevel@tonic-gate free(ptr->a_key_sizes); 9717c478bd9Sstevel@tonic-gate free(ptr); 9727c478bd9Sstevel@tonic-gate } 973