source: rtems-libbsd/ipsec-tools/src/racoon/dnssec.c @ ff36f5e

55-freebsd-126-freebsd-12
Last change on this file since ff36f5e was ff36f5e, checked in by Christian Mauderer <christian.mauderer@…>, on 05/30/18 at 12:27:35

Import ipsec-tools 0.8.2.

Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.
  • Property mode set to 100644
File size: 3.8 KB
Line 
1/*      $NetBSD: dnssec.c,v 1.5 2009/03/12 10:57:26 tteras Exp $        */
2
3/*      $KAME: dnssec.c,v 1.2 2001/08/05 18:46:07 itojun Exp $  */
4
5/*
6 * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7 * All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 *    notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 *    notice, this list of conditions and the following disclaimer in the
16 *    documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the project nor the names of its contributors
18 *    may be used to endorse or promote products derived from this software
19 *    without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34#include "config.h"
35
36#include <sys/types.h>
37#include <sys/param.h>
38#include <stdlib.h>
39#include <string.h>
40
41#include "var.h"
42#include "vmbuf.h"
43#include "misc.h"
44#include "plog.h"
45#include "debug.h"
46
47#include "isakmp_var.h"
48#include "isakmp.h"
49#include "ipsec_doi.h"
50#include "oakley.h"
51#include "netdb_dnssec.h"
52#include "strnames.h"
53#include "dnssec.h"
54#include "gcmalloc.h"
55
56extern int h_errno;
57
58vchar_t *
59dnssec_getcert(id)
60        vchar_t *id;
61{
62        vchar_t *cert = NULL;
63        struct certinfo *res = NULL;
64        struct ipsecdoi_id_b *id_b;
65        int type;
66        char *name = NULL;
67        int namelen;
68        int error;
69
70        id_b = (struct ipsecdoi_id_b *)id->v;
71
72        namelen = id->l - sizeof(*id_b);
73        name = racoon_malloc(namelen + 1);
74        if (!name) {
75                plog(LLV_ERROR, LOCATION, NULL,
76                        "failed to get buffer.\n");
77                return NULL;
78        }
79        memcpy(name, id_b + 1, namelen);
80        name[namelen] = '\0';
81
82        switch (id_b->type) {
83        case IPSECDOI_ID_FQDN:
84                error = getcertsbyname(name, &res);
85                if (error != 0) {
86                        plog(LLV_ERROR, LOCATION, NULL,
87                                "getcertsbyname(\"%s\") failed.\n", name);
88                        goto err;
89                }
90                break;
91        case IPSECDOI_ID_IPV4_ADDR:
92        case IPSECDOI_ID_IPV6_ADDR:
93                /* XXX should be processed to query PTR ? */
94        default:
95                plog(LLV_ERROR, LOCATION, NULL,
96                        "inpropper ID type passed %s "
97                        "though getcert method is dnssec.\n",
98                        s_ipsecdoi_ident(id_b->type));
99                goto err;
100        }
101
102        /* check response */
103        if (res->ci_next != NULL) {
104                plog(LLV_WARNING, LOCATION, NULL,
105                        "not supported multiple CERT RR.\n");
106        }
107        switch (res->ci_type) {
108        case DNSSEC_TYPE_PKIX:
109                /* XXX is it enough condition to set this type ? */
110                type = ISAKMP_CERT_X509SIGN;
111                break;
112        default:
113                plog(LLV_ERROR, LOCATION, NULL,
114                        "not supported CERT RR type %d.\n", res->ci_type);
115                goto err;
116        }
117
118        /* create cert holder */
119        cert = vmalloc(res->ci_certlen + 1);
120        if (cert == NULL) {
121                plog(LLV_ERROR, LOCATION, NULL,
122                        "failed to get cert buffer.\n");
123                goto err;
124        }
125        cert->v[0] = type;
126        memcpy(&cert->v[1], res->ci_cert, res->ci_certlen);
127
128        plog(LLV_DEBUG, LOCATION, NULL, "created CERT payload:\n");
129        plogdump(LLV_DEBUG, cert->v, cert->l);
130
131err:
132        if (name)
133                racoon_free(name);
134        if (res)
135                freecertinfo(res);
136        return cert;
137}
Note: See TracBrowser for help on using the repository browser.