xform_ah.c revision 1.45
1 /* $NetBSD: xform_ah.c,v 1.45 2017/04/06 09:20:07 ozaki-r Exp $ */ 2 /* $FreeBSD: src/sys/netipsec/xform_ah.c,v 1.1.4.1 2003/01/24 05:11:36 sam Exp $ */ 3 /* $OpenBSD: ip_ah.c,v 1.63 2001/06/26 06:18:58 angelos Exp $ */ 4 /* 5 * The authors of this code are John Ioannidis (ji (at) tla.org), 6 * Angelos D. Keromytis (kermit (at) csd.uch.gr) and 7 * Niels Provos (provos (at) physnet.uni-hamburg.de). 8 * 9 * The original version of this code was written by John Ioannidis 10 * for BSD/OS in Athens, Greece, in November 1995. 11 * 12 * Ported to OpenBSD and NetBSD, with additional transforms, in December 1996, 13 * by Angelos D. Keromytis. 14 * 15 * Additional transforms and features in 1997 and 1998 by Angelos D. Keromytis 16 * and Niels Provos. 17 * 18 * Additional features in 1999 by Angelos D. Keromytis and Niklas Hallqvist. 19 * 20 * Copyright (c) 1995, 1996, 1997, 1998, 1999 by John Ioannidis, 21 * Angelos D. Keromytis and Niels Provos. 22 * Copyright (c) 1999 Niklas Hallqvist. 23 * Copyright (c) 2001 Angelos D. Keromytis. 24 * 25 * Permission to use, copy, and modify this software with or without fee 26 * is hereby granted, provided that this entire notice is included in 27 * all copies of any software which is or includes a copy or 28 * modification of this software. 29 * You may use this code under the GNU public license if you so wish. Please 30 * contribute changes back to the authors under this freer than GPL license 31 * so that we may further the use of strong encryption without limitations to 32 * all. 33 * 34 * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR 35 * IMPLIED WARRANTY. IN PARTICULAR, NONE OF THE AUTHORS MAKES ANY 36 * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE 37 * MERCHANTABILITY OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR 38 * PURPOSE. 39 */ 40 41 #include <sys/cdefs.h> 42 __KERNEL_RCSID(0, "$NetBSD: xform_ah.c,v 1.45 2017/04/06 09:20:07 ozaki-r Exp $"); 43 44 #if defined(_KERNEL_OPT) 45 #include "opt_inet.h" 46 #ifdef __FreeBSD__ 47 #include "opt_inet6.h" 48 #endif 49 #include "opt_ipsec.h" 50 #endif 51 52 #include <sys/param.h> 53 #include <sys/systm.h> 54 #include <sys/mbuf.h> 55 #include <sys/socket.h> 56 #include <sys/syslog.h> 57 #include <sys/kernel.h> 58 #include <sys/sysctl.h> 59 #include <sys/socketvar.h> /* for softnet_lock */ 60 61 #include <net/if.h> 62 63 #include <netinet/in.h> 64 #include <netinet/in_systm.h> 65 #include <netinet/ip.h> 66 #include <netinet/ip_ecn.h> 67 #include <netinet/ip6.h> 68 69 #include <net/route.h> 70 #include <netipsec/ipsec.h> 71 #include <netipsec/ipsec_private.h> 72 #include <netipsec/ah.h> 73 #include <netipsec/ah_var.h> 74 #include <netipsec/xform.h> 75 76 #ifdef INET6 77 #include <netinet6/ip6_var.h> 78 #include <netinet6/scope6_var.h> 79 #include <netipsec/ipsec6.h> 80 # ifdef __FreeBSD__ 81 # include <netinet6/ip6_ecn.h> 82 # endif 83 #endif 84 85 #include <netipsec/key.h> 86 #include <netipsec/key_debug.h> 87 #include <netipsec/ipsec_osdep.h> 88 89 #include <opencrypto/cryptodev.h> 90 91 /* 92 * Return header size in bytes. The old protocol did not support 93 * the replay counter; the new protocol always includes the counter. 94 */ 95 #define HDRSIZE(sav) \ 96 (((sav)->flags & SADB_X_EXT_OLD) ? \ 97 sizeof (struct ah) : sizeof (struct ah) + sizeof (u_int32_t)) 98 /* 99 * Return authenticator size in bytes. The old protocol is known 100 * to use a fixed 16-byte authenticator. The new algorithm gets 101 * this size from the xform but is (currently) always 12. 102 */ 103 #define AUTHSIZE(sav) \ 104 ((sav->flags & SADB_X_EXT_OLD) ? 16 : (sav)->tdb_authalgxform->authsize) 105 106 percpu_t *ahstat_percpu; 107 108 int ah_enable = 1; /* control flow of packets with AH */ 109 int ip4_ah_cleartos = 1; /* clear ip_tos when doing AH calc */ 110 111 #ifdef __FreeBSD__ 112 SYSCTL_DECL(_net_inet_ah); 113 SYSCTL_INT(_net_inet_ah, OID_AUTO, 114 ah_enable, CTLFLAG_RW, &ah_enable, 0, ""); 115 SYSCTL_INT(_net_inet_ah, OID_AUTO, 116 ah_cleartos, CTLFLAG_RW, &ip4_ah_cleartos, 0, ""); 117 SYSCTL_STRUCT(_net_inet_ah, IPSECCTL_STATS, 118 stats, CTLFLAG_RD, &ahstat, ahstat, ""); 119 120 #endif /* __FreeBSD__ */ 121 122 static unsigned char ipseczeroes[256]; /* larger than an ip6 extension hdr */ 123 124 static int ah_input_cb(struct cryptop*); 125 static int ah_output_cb(struct cryptop*); 126 127 /* 128 * NB: this is public for use by the PF_KEY support. 129 */ 130 const struct auth_hash * 131 ah_algorithm_lookup(int alg) 132 { 133 if (alg >= AH_ALG_MAX) 134 return NULL; 135 switch (alg) { 136 case SADB_X_AALG_NULL: 137 return &auth_hash_null; 138 case SADB_AALG_MD5HMAC: 139 return &auth_hash_hmac_md5_96; 140 case SADB_AALG_SHA1HMAC: 141 return &auth_hash_hmac_sha1_96; 142 case SADB_X_AALG_RIPEMD160HMAC: 143 return &auth_hash_hmac_ripemd_160_96; 144 case SADB_X_AALG_MD5: 145 return &auth_hash_key_md5; 146 case SADB_X_AALG_SHA: 147 return &auth_hash_key_sha1; 148 case SADB_X_AALG_SHA2_256: 149 return &auth_hash_hmac_sha2_256; 150 case SADB_X_AALG_SHA2_384: 151 return &auth_hash_hmac_sha2_384; 152 case SADB_X_AALG_SHA2_512: 153 return &auth_hash_hmac_sha2_512; 154 case SADB_X_AALG_AES_XCBC_MAC: 155 return &auth_hash_aes_xcbc_mac_96; 156 } 157 return NULL; 158 } 159 160 size_t 161 ah_hdrsiz(const struct secasvar *sav) 162 { 163 size_t size; 164 165 if (sav != NULL) { 166 int authsize; 167 IPSEC_ASSERT(sav->tdb_authalgxform != NULL, 168 ("ah_hdrsiz: null xform")); 169 /*XXX not right for null algorithm--does it matter??*/ 170 authsize = AUTHSIZE(sav); 171 size = roundup(authsize, sizeof (u_int32_t)) + HDRSIZE(sav); 172 } else { 173 /* default guess */ 174 size = sizeof (struct ah) + sizeof (u_int32_t) + 16; 175 } 176 return size; 177 } 178 179 /* 180 * NB: public for use by esp_init. 181 */ 182 int 183 ah_init0(struct secasvar *sav, const struct xformsw *xsp, 184 struct cryptoini *cria) 185 { 186 const struct auth_hash *thash; 187 int keylen; 188 189 thash = ah_algorithm_lookup(sav->alg_auth); 190 if (thash == NULL) { 191 DPRINTF(("ah_init: unsupported authentication algorithm %u\n", 192 sav->alg_auth)); 193 return EINVAL; 194 } 195 /* 196 * Verify the replay state block allocation is consistent with 197 * the protocol type. We check here so we can make assumptions 198 * later during protocol processing. 199 */ 200 /* NB: replay state is setup elsewhere (sigh) */ 201 if (((sav->flags&SADB_X_EXT_OLD) == 0) ^ (sav->replay != NULL)) { 202 DPRINTF(("ah_init: replay state block inconsistency, " 203 "%s algorithm %s replay state\n", 204 (sav->flags & SADB_X_EXT_OLD) ? "old" : "new", 205 sav->replay == NULL ? "without" : "with")); 206 return EINVAL; 207 } 208 if (sav->key_auth == NULL) { 209 DPRINTF(("ah_init: no authentication key for %s " 210 "algorithm\n", thash->name)); 211 return EINVAL; 212 } 213 keylen = _KEYLEN(sav->key_auth); 214 if (keylen != thash->keysize && thash->keysize != 0) { 215 DPRINTF(("ah_init: invalid keylength %d, algorithm " 216 "%s requires keysize %d\n", 217 keylen, thash->name, thash->keysize)); 218 return EINVAL; 219 } 220 221 sav->tdb_xform = xsp; 222 sav->tdb_authalgxform = thash; 223 224 /* Initialize crypto session. */ 225 memset(cria, 0, sizeof (*cria)); 226 cria->cri_alg = sav->tdb_authalgxform->type; 227 cria->cri_klen = _KEYBITS(sav->key_auth); 228 cria->cri_key = _KEYBUF(sav->key_auth); 229 230 return 0; 231 } 232 233 /* 234 * ah_init() is called when an SPI is being set up. 235 */ 236 static int 237 ah_init(struct secasvar *sav, const struct xformsw *xsp) 238 { 239 struct cryptoini cria; 240 int error; 241 242 error = ah_init0(sav, xsp, &cria); 243 if (!error) 244 error = crypto_newsession(&sav->tdb_cryptoid, 245 &cria, crypto_support); 246 return error; 247 } 248 249 /* 250 * Paranoia. 251 * 252 * NB: public for use by esp_zeroize (XXX). 253 */ 254 int 255 ah_zeroize(struct secasvar *sav) 256 { 257 int err; 258 259 if (sav->key_auth) 260 memset(_KEYBUF(sav->key_auth), 0, _KEYLEN(sav->key_auth)); 261 262 err = crypto_freesession(sav->tdb_cryptoid); 263 sav->tdb_cryptoid = 0; 264 sav->tdb_authalgxform = NULL; 265 sav->tdb_xform = NULL; 266 return err; 267 } 268 269 /* 270 * Massage IPv4/IPv6 headers for AH processing. 271 */ 272 static int 273 ah_massage_headers(struct mbuf **m0, int proto, int skip, int alg, int out) 274 { 275 struct mbuf *m = *m0; 276 unsigned char *ptr; 277 int off, count; 278 279 #ifdef INET 280 struct ip *ip; 281 #endif /* INET */ 282 283 #ifdef INET6 284 struct ip6_ext *ip6e; 285 struct ip6_hdr ip6; 286 int alloc, ad, nxt; 287 #endif /* INET6 */ 288 289 switch (proto) { 290 #ifdef INET 291 case AF_INET: 292 /* 293 * This is the least painful way of dealing with IPv4 header 294 * and option processing -- just make sure they're in 295 * contiguous memory. 296 */ 297 *m0 = m = m_pullup(m, skip); 298 if (m == NULL) { 299 DPRINTF(("ah_massage_headers: m_pullup failed\n")); 300 return ENOBUFS; 301 } 302 303 /* Fix the IP header */ 304 ip = mtod(m, struct ip *); 305 if (ip4_ah_cleartos) 306 ip->ip_tos = 0; 307 ip->ip_ttl = 0; 308 ip->ip_sum = 0; 309 ip->ip_off = htons(ntohs(ip->ip_off) & ip4_ah_offsetmask); 310 311 /* 312 * On FreeBSD, ip_off and ip_len assumed in host endian; 313 * they are converted (if necessary) by ip_input(). 314 * On NetBSD, ip_off and ip_len are in network byte order. 315 * They must be massaged back to network byte order 316 * before verifying the HMAC. Moreover, on FreeBSD, 317 * we should add `skip' back into the massaged ip_len 318 * (presumably ip_input() deducted it before we got here?) 319 * whereas on NetBSD, we should not. 320 */ 321 #ifdef __FreeBSD__ 322 #define TOHOST(x) (x) 323 #else 324 #define TOHOST(x) (ntohs(x)) 325 #endif 326 if (!out) { 327 u_int16_t inlen = TOHOST(ip->ip_len); 328 329 #ifdef __FreeBSD__ 330 ip->ip_len = htons(inlen + skip); 331 #else /*!__FreeBSD__ */ 332 ip->ip_len = htons(inlen); 333 #endif /*!__FreeBSD__ */ 334 335 if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) 336 ip->ip_off &= IP_OFF_CONVERT(IP_DF); 337 else 338 ip->ip_off = 0; 339 } else { 340 if (alg == CRYPTO_MD5_KPDK || alg == CRYPTO_SHA1_KPDK) 341 ip->ip_off &= IP_OFF_CONVERT(IP_DF); 342 else 343 ip->ip_off = 0; 344 } 345 346 ptr = mtod(m, unsigned char *); 347 348 /* IPv4 option processing */ 349 for (off = sizeof(struct ip); off < skip;) { 350 if (ptr[off] == IPOPT_EOL || ptr[off] == IPOPT_NOP || 351 off + 1 < skip) 352 ; 353 else { 354 DPRINTF(("ah_massage_headers: illegal IPv4 " 355 "option length for option %d\n", 356 ptr[off])); 357 358 m_freem(m); 359 return EINVAL; 360 } 361 362 switch (ptr[off]) { 363 case IPOPT_EOL: 364 off = skip; /* End the loop. */ 365 break; 366 367 case IPOPT_NOP: 368 off++; 369 break; 370 371 case IPOPT_SECURITY: /* 0x82 */ 372 case 0x85: /* Extended security. */ 373 case 0x86: /* Commercial security. */ 374 case 0x94: /* Router alert */ 375 case 0x95: /* RFC1770 */ 376 /* Sanity check for option length. */ 377 if (ptr[off + 1] < 2) { 378 DPRINTF(("ah_massage_headers: " 379 "illegal IPv4 option length for " 380 "option %d\n", ptr[off])); 381 382 m_freem(m); 383 return EINVAL; 384 } 385 386 off += ptr[off + 1]; 387 break; 388 389 case IPOPT_LSRR: 390 case IPOPT_SSRR: 391 /* Sanity check for option length. */ 392 if (ptr[off + 1] < 2) { 393 DPRINTF(("ah_massage_headers: " 394 "illegal IPv4 option length for " 395 "option %d\n", ptr[off])); 396 397 m_freem(m); 398 return EINVAL; 399 } 400 401 /* 402 * On output, if we have either of the 403 * source routing options, we should 404 * swap the destination address of the 405 * IP header with the last address 406 * specified in the option, as that is 407 * what the destination's IP header 408 * will look like. 409 */ 410 if (out) 411 bcopy(ptr + off + ptr[off + 1] - 412 sizeof(struct in_addr), 413 &(ip->ip_dst), sizeof(struct in_addr)); 414 415 /* Fall through */ 416 default: 417 /* Sanity check for option length. */ 418 if (ptr[off + 1] < 2) { 419 DPRINTF(("ah_massage_headers: " 420 "illegal IPv4 option length for " 421 "option %d\n", ptr[off])); 422 m_freem(m); 423 return EINVAL; 424 } 425 426 /* Zeroize all other options. */ 427 count = ptr[off + 1]; 428 memcpy(ptr + off, ipseczeroes, count); 429 off += count; 430 break; 431 } 432 433 /* Sanity check. */ 434 if (off > skip) { 435 DPRINTF(("ah_massage_headers(): malformed " 436 "IPv4 options header\n")); 437 438 m_freem(m); 439 return EINVAL; 440 } 441 } 442 443 break; 444 #endif /* INET */ 445 446 #ifdef INET6 447 case AF_INET6: /* Ugly... */ 448 /* Copy and "cook" the IPv6 header. */ 449 m_copydata(m, 0, sizeof(ip6), &ip6); 450 451 /* We don't do IPv6 Jumbograms. */ 452 if (ip6.ip6_plen == 0) { 453 DPRINTF(("ah_massage_headers: unsupported IPv6 jumbogram\n")); 454 m_freem(m); 455 return EMSGSIZE; 456 } 457 458 ip6.ip6_flow = 0; 459 ip6.ip6_hlim = 0; 460 ip6.ip6_vfc &= ~IPV6_VERSION_MASK; 461 ip6.ip6_vfc |= IPV6_VERSION; 462 463 /* Scoped address handling. */ 464 if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_src)) 465 ip6.ip6_src.s6_addr16[1] = 0; 466 if (IN6_IS_SCOPE_LINKLOCAL(&ip6.ip6_dst)) 467 ip6.ip6_dst.s6_addr16[1] = 0; 468 469 /* Done with IPv6 header. */ 470 m_copyback(m, 0, sizeof(struct ip6_hdr), &ip6); 471 472 /* Let's deal with the remaining headers (if any). */ 473 if (skip - sizeof(struct ip6_hdr) > 0) { 474 if (m->m_len <= skip) { 475 ptr = (unsigned char *) malloc( 476 skip - sizeof(struct ip6_hdr), 477 M_XDATA, M_NOWAIT); 478 if (ptr == NULL) { 479 DPRINTF(("ah_massage_headers: failed " 480 "to allocate memory for IPv6 " 481 "headers\n")); 482 m_freem(m); 483 return ENOBUFS; 484 } 485 486 /* 487 * Copy all the protocol headers after 488 * the IPv6 header. 489 */ 490 m_copydata(m, sizeof(struct ip6_hdr), 491 skip - sizeof(struct ip6_hdr), ptr); 492 alloc = 1; 493 } else { 494 /* No need to allocate memory. */ 495 ptr = mtod(m, unsigned char *) + 496 sizeof(struct ip6_hdr); 497 alloc = 0; 498 } 499 } else 500 break; 501 502 nxt = ip6.ip6_nxt & 0xff; /* Next header type. */ 503 504 for (off = 0; off < skip - sizeof(struct ip6_hdr);) 505 switch (nxt) { 506 case IPPROTO_HOPOPTS: 507 case IPPROTO_DSTOPTS: 508 ip6e = (struct ip6_ext *) (ptr + off); 509 510 /* 511 * Process the mutable/immutable 512 * options -- borrows heavily from the 513 * KAME code. 514 */ 515 for (count = off + sizeof(struct ip6_ext); 516 count < off + ((ip6e->ip6e_len + 1) << 3);) { 517 if (ptr[count] == IP6OPT_PAD1) { 518 count++; 519 continue; /* Skip padding. */ 520 } 521 522 /* Sanity check. */ 523 if (count > off + 524 ((ip6e->ip6e_len + 1) << 3)) { 525 m_freem(m); 526 527 /* Free, if we allocated. */ 528 if (alloc) 529 free(ptr, M_XDATA); 530 return EINVAL; 531 } 532 533 ad = ptr[count + 1]; 534 535 /* If mutable option, zeroize. */ 536 if (ptr[count] & IP6OPT_MUTABLE) 537 memcpy(ptr + count, ipseczeroes, 538 ptr[count + 1]); 539 540 count += ad; 541 542 /* Sanity check. */ 543 if (count > 544 skip - sizeof(struct ip6_hdr)) { 545 m_freem(m); 546 547 /* Free, if we allocated. */ 548 if (alloc) 549 free(ptr, M_XDATA); 550 return EINVAL; 551 } 552 } 553 554 /* Advance. */ 555 off += ((ip6e->ip6e_len + 1) << 3); 556 nxt = ip6e->ip6e_nxt; 557 break; 558 559 case IPPROTO_ROUTING: 560 /* 561 * Always include routing headers in 562 * computation. 563 */ 564 { 565 struct ip6_rthdr *rh; 566 567 ip6e = (struct ip6_ext *) (ptr + off); 568 rh = (struct ip6_rthdr *)(ptr + off); 569 /* 570 * must adjust content to make it look like 571 * its final form (as seen at the final 572 * destination). 573 * we only know how to massage type 0 routing 574 * header. 575 */ 576 if (out && rh->ip6r_type == IPV6_RTHDR_TYPE_0) { 577 struct ip6_rthdr0 *rh0; 578 struct in6_addr *addr, finaldst; 579 int i; 580 581 rh0 = (struct ip6_rthdr0 *)rh; 582 addr = (struct in6_addr *)(rh0 + 1); 583 584 for (i = 0; i < rh0->ip6r0_segleft; i++) 585 in6_clearscope(&addr[i]); 586 587 finaldst = addr[rh0->ip6r0_segleft - 1]; 588 memmove(&addr[1], &addr[0], 589 sizeof(struct in6_addr) * 590 (rh0->ip6r0_segleft - 1)); 591 592 m_copydata(m, 0, sizeof(ip6), &ip6); 593 addr[0] = ip6.ip6_dst; 594 ip6.ip6_dst = finaldst; 595 m_copyback(m, 0, sizeof(ip6), &ip6); 596 597 rh0->ip6r0_segleft = 0; 598 } 599 600 /* advance */ 601 off += ((ip6e->ip6e_len + 1) << 3); 602 nxt = ip6e->ip6e_nxt; 603 break; 604 } 605 606 default: 607 DPRINTF(("ah_massage_headers: unexpected " 608 "IPv6 header type %d", off)); 609 if (alloc) 610 free(ptr, M_XDATA); 611 m_freem(m); 612 return EINVAL; 613 } 614 615 /* Copyback and free, if we allocated. */ 616 if (alloc) { 617 m_copyback(m, sizeof(struct ip6_hdr), 618 skip - sizeof(struct ip6_hdr), ptr); 619 free(ptr, M_XDATA); 620 } 621 622 break; 623 #endif /* INET6 */ 624 } 625 626 return 0; 627 } 628 629 /* 630 * ah_input() gets called to verify that an input packet 631 * passes authentication. 632 */ 633 static int 634 ah_input(struct mbuf *m, const struct secasvar *sav, int skip, int protoff) 635 { 636 const struct auth_hash *ahx; 637 struct tdb_ident *tdbi; 638 struct tdb_crypto *tc; 639 struct m_tag *mtag; 640 struct newah *ah; 641 int hl, rplen, authsize, error; 642 643 struct cryptodesc *crda; 644 struct cryptop *crp; 645 646 IPSEC_SPLASSERT_SOFTNET("ah_input"); 647 648 IPSEC_ASSERT(sav != NULL, ("ah_input: null SA")); 649 IPSEC_ASSERT(sav->key_auth != NULL, 650 ("ah_input: null authentication key")); 651 IPSEC_ASSERT(sav->tdb_authalgxform != NULL, 652 ("ah_input: null authentication xform")); 653 654 /* Figure out header size. */ 655 rplen = HDRSIZE(sav); 656 657 /* XXX don't pullup, just copy header */ 658 IP6_EXTHDR_GET(ah, struct newah *, m, skip, rplen); 659 if (ah == NULL) { 660 DPRINTF(("ah_input: cannot pullup header\n")); 661 AH_STATINC(AH_STAT_HDROPS); /*XXX*/ 662 m_freem(m); 663 return ENOBUFS; 664 } 665 666 /* Check replay window, if applicable. */ 667 if (sav->replay && !ipsec_chkreplay(ntohl(ah->ah_seq), sav)) { 668 AH_STATINC(AH_STAT_REPLAY); 669 DPRINTF(("ah_input: packet replay failure: %s\n", 670 ipsec_logsastr(sav))); 671 m_freem(m); 672 return ENOBUFS; 673 } 674 675 /* Verify AH header length. */ 676 hl = ah->ah_len * sizeof (u_int32_t); 677 ahx = sav->tdb_authalgxform; 678 authsize = AUTHSIZE(sav); 679 if (hl != authsize + rplen - sizeof (struct ah)) { 680 DPRINTF(("ah_input: bad authenticator length %u (expecting %lu)" 681 " for packet in SA %s/%08lx\n", 682 hl, (u_long) (authsize + rplen - sizeof (struct ah)), 683 ipsec_address(&sav->sah->saidx.dst), 684 (u_long) ntohl(sav->spi))); 685 AH_STATINC(AH_STAT_BADAUTHL); 686 m_freem(m); 687 return EACCES; 688 } 689 AH_STATADD(AH_STAT_IBYTES, m->m_pkthdr.len - skip - hl); 690 691 /* Get crypto descriptors. */ 692 crp = crypto_getreq(1); 693 if (crp == NULL) { 694 DPRINTF(("ah_input: failed to acquire crypto descriptor\n")); 695 AH_STATINC(AH_STAT_CRYPTO); 696 m_freem(m); 697 return ENOBUFS; 698 } 699 700 crda = crp->crp_desc; 701 IPSEC_ASSERT(crda != NULL, ("ah_input: null crypto descriptor")); 702 703 crda->crd_skip = 0; 704 crda->crd_len = m->m_pkthdr.len; 705 crda->crd_inject = skip + rplen; 706 707 /* Authentication operation. */ 708 crda->crd_alg = ahx->type; 709 crda->crd_key = _KEYBUF(sav->key_auth); 710 crda->crd_klen = _KEYBITS(sav->key_auth); 711 712 /* Find out if we've already done crypto. */ 713 for (mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_CRYPTO_DONE, NULL); 714 mtag != NULL; 715 mtag = m_tag_find(m, PACKET_TAG_IPSEC_IN_CRYPTO_DONE, mtag)) { 716 tdbi = (struct tdb_ident *) (mtag + 1); 717 if (tdbi->proto == sav->sah->saidx.proto && 718 tdbi->spi == sav->spi && 719 !memcmp(&tdbi->dst, &sav->sah->saidx.dst, 720 sizeof (union sockaddr_union))) 721 break; 722 } 723 724 /* Allocate IPsec-specific opaque crypto info. */ 725 if (mtag == NULL) { 726 tc = (struct tdb_crypto *) malloc(sizeof (struct tdb_crypto) + 727 skip + rplen + authsize, M_XDATA, M_NOWAIT|M_ZERO); 728 } else { 729 /* Hash verification has already been done successfully. */ 730 tc = (struct tdb_crypto *) malloc(sizeof (struct tdb_crypto), 731 M_XDATA, M_NOWAIT|M_ZERO); 732 } 733 if (tc == NULL) { 734 DPRINTF(("ah_input: failed to allocate tdb_crypto\n")); 735 AH_STATINC(AH_STAT_CRYPTO); 736 crypto_freereq(crp); 737 m_freem(m); 738 return ENOBUFS; 739 } 740 741 error = m_makewritable(&m, 0, skip + rplen + authsize, M_NOWAIT); 742 if (error) { 743 m_freem(m); 744 DPRINTF(("ah_input: failed to copyback_cow\n")); 745 AH_STATINC(AH_STAT_HDROPS); 746 free(tc, M_XDATA); 747 crypto_freereq(crp); 748 return error; 749 } 750 751 /* Only save information if crypto processing is needed. */ 752 if (mtag == NULL) { 753 /* 754 * Save the authenticator, the skipped portion of the packet, 755 * and the AH header. 756 */ 757 m_copydata(m, 0, skip + rplen + authsize, (tc + 1)); 758 759 /* Zeroize the authenticator on the packet. */ 760 m_copyback(m, skip + rplen, authsize, ipseczeroes); 761 762 /* "Massage" the packet headers for crypto processing. */ 763 error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family, 764 skip, ahx->type, 0); 765 if (error != 0) { 766 /* NB: mbuf is free'd by ah_massage_headers */ 767 AH_STATINC(AH_STAT_HDROPS); 768 free(tc, M_XDATA); 769 crypto_freereq(crp); 770 return error; 771 } 772 } 773 774 /* Crypto operation descriptor. */ 775 crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ 776 crp->crp_flags = CRYPTO_F_IMBUF; 777 crp->crp_buf = m; 778 crp->crp_callback = ah_input_cb; 779 crp->crp_sid = sav->tdb_cryptoid; 780 crp->crp_opaque = tc; 781 782 /* These are passed as-is to the callback. */ 783 tc->tc_spi = sav->spi; 784 tc->tc_dst = sav->sah->saidx.dst; 785 tc->tc_proto = sav->sah->saidx.proto; 786 tc->tc_nxt = ah->ah_nxt; 787 tc->tc_protoff = protoff; 788 tc->tc_skip = skip; 789 tc->tc_ptr = mtag; /* Save the mtag we've identified. */ 790 791 DPRINTF(("ah: hash over %d bytes, skip %d: " 792 "crda len %d skip %d inject %d\n", 793 crp->crp_ilen, tc->tc_skip, 794 crda->crd_len, crda->crd_skip, crda->crd_inject)); 795 796 if (mtag == NULL) 797 return crypto_dispatch(crp); 798 else 799 return ah_input_cb(crp); 800 } 801 802 #ifdef INET6 803 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag) do { \ 804 if (saidx->dst.sa.sa_family == AF_INET6) { \ 805 error = ipsec6_common_input_cb(m, sav, skip, protoff, mtag); \ 806 } else { \ 807 error = ipsec4_common_input_cb(m, sav, skip, protoff, mtag); \ 808 } \ 809 } while (0) 810 #else 811 #define IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag) \ 812 (error = ipsec4_common_input_cb(m, sav, skip, protoff, mtag)) 813 #endif 814 815 /* 816 * AH input callback from the crypto driver. 817 */ 818 static int 819 ah_input_cb(struct cryptop *crp) 820 { 821 int rplen, error, skip, protoff; 822 unsigned char calc[AH_ALEN_MAX]; 823 struct mbuf *m; 824 struct tdb_crypto *tc; 825 struct m_tag *mtag; 826 struct secasvar *sav; 827 struct secasindex *saidx; 828 u_int8_t nxt; 829 char *ptr; 830 int s, authsize; 831 u_int16_t dport; 832 u_int16_t sport; 833 834 tc = (struct tdb_crypto *) crp->crp_opaque; 835 IPSEC_ASSERT(tc != NULL, ("ah_input_cb: null opaque crypto data area!")); 836 skip = tc->tc_skip; 837 nxt = tc->tc_nxt; 838 protoff = tc->tc_protoff; 839 mtag = (struct m_tag *) tc->tc_ptr; 840 m = (struct mbuf *) crp->crp_buf; 841 842 843 /* find the source port for NAT-T */ 844 nat_t_ports_get(m, &dport, &sport); 845 846 s = splsoftnet(); 847 mutex_enter(softnet_lock); 848 849 sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, sport, dport); 850 if (sav == NULL) { 851 AH_STATINC(AH_STAT_NOTDB); 852 DPRINTF(("ah_input_cb: SA expired while in crypto\n")); 853 error = ENOBUFS; /*XXX*/ 854 goto bad; 855 } 856 857 saidx = &sav->sah->saidx; 858 IPSEC_ASSERT(saidx->dst.sa.sa_family == AF_INET || 859 saidx->dst.sa.sa_family == AF_INET6, 860 ("ah_input_cb: unexpected protocol family %u", 861 saidx->dst.sa.sa_family)); 862 863 /* Check for crypto errors. */ 864 if (crp->crp_etype) { 865 if (sav->tdb_cryptoid != 0) 866 sav->tdb_cryptoid = crp->crp_sid; 867 868 if (crp->crp_etype == EAGAIN) { 869 mutex_exit(softnet_lock); 870 splx(s); 871 return crypto_dispatch(crp); 872 } 873 874 AH_STATINC(AH_STAT_NOXFORM); 875 DPRINTF(("ah_input_cb: crypto error %d\n", crp->crp_etype)); 876 error = crp->crp_etype; 877 goto bad; 878 } else { 879 AH_STATINC(AH_STAT_HIST + sav->alg_auth); 880 crypto_freereq(crp); /* No longer needed. */ 881 crp = NULL; 882 } 883 884 /* Shouldn't happen... */ 885 if (m == NULL) { 886 AH_STATINC(AH_STAT_CRYPTO); 887 DPRINTF(("ah_input_cb: bogus returned buffer from crypto\n")); 888 error = EINVAL; 889 goto bad; 890 } 891 892 /* Figure out header size. */ 893 rplen = HDRSIZE(sav); 894 authsize = AUTHSIZE(sav); 895 896 if (ipsec_debug) 897 memset(calc, 0, sizeof(calc)); 898 899 /* Copy authenticator off the packet. */ 900 m_copydata(m, skip + rplen, authsize, calc); 901 902 /* 903 * If we have an mtag, we don't need to verify the authenticator -- 904 * it has been verified by an IPsec-aware NIC. 905 */ 906 if (mtag == NULL) { 907 ptr = (char *) (tc + 1); 908 909 /* Verify authenticator. */ 910 if (!consttime_memequal(ptr + skip + rplen, calc, authsize)) { 911 u_int8_t *pppp = ptr + skip+rplen; 912 DPRINTF(("ah_input: authentication hash mismatch " \ 913 "over %d bytes " \ 914 "for packet in SA %s/%08lx:\n" \ 915 "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x, " \ 916 "%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x:%02x%02x\n", 917 authsize, 918 ipsec_address(&saidx->dst), 919 (u_long) ntohl(sav->spi), 920 calc[0], calc[1], calc[2], calc[3], 921 calc[4], calc[5], calc[6], calc[7], 922 calc[8], calc[9], calc[10], calc[11], 923 pppp[0], pppp[1], pppp[2], pppp[3], 924 pppp[4], pppp[5], pppp[6], pppp[7], 925 pppp[8], pppp[9], pppp[10], pppp[11] 926 )); 927 AH_STATINC(AH_STAT_BADAUTH); 928 error = EACCES; 929 goto bad; 930 } 931 932 /* Fix the Next Protocol field. */ 933 ((u_int8_t *) ptr)[protoff] = nxt; 934 935 /* Copyback the saved (uncooked) network headers. */ 936 m_copyback(m, 0, skip, ptr); 937 } else { 938 /* Fix the Next Protocol field. */ 939 m_copyback(m, protoff, sizeof(u_int8_t), &nxt); 940 } 941 942 free(tc, M_XDATA), tc = NULL; /* No longer needed */ 943 944 /* 945 * Header is now authenticated. 946 */ 947 m->m_flags |= M_AUTHIPHDR|M_AUTHIPDGM; 948 949 /* 950 * Update replay sequence number, if appropriate. 951 */ 952 if (sav->replay) { 953 u_int32_t seq; 954 955 m_copydata(m, skip + offsetof(struct newah, ah_seq), 956 sizeof (seq), &seq); 957 if (ipsec_updatereplay(ntohl(seq), sav)) { 958 AH_STATINC(AH_STAT_REPLAY); 959 error = ENOBUFS; /*XXX as above*/ 960 goto bad; 961 } 962 } 963 964 /* 965 * Remove the AH header and authenticator from the mbuf. 966 */ 967 error = m_striphdr(m, skip, rplen + authsize); 968 if (error) { 969 DPRINTF(("ah_input_cb: mangled mbuf chain for SA %s/%08lx\n", 970 ipsec_address(&saidx->dst), (u_long) ntohl(sav->spi))); 971 972 AH_STATINC(AH_STAT_HDROPS); 973 goto bad; 974 } 975 976 IPSEC_COMMON_INPUT_CB(m, sav, skip, protoff, mtag); 977 978 KEY_FREESAV(&sav); 979 mutex_exit(softnet_lock); 980 splx(s); 981 return error; 982 bad: 983 if (sav) 984 KEY_FREESAV(&sav); 985 mutex_exit(softnet_lock); 986 splx(s); 987 if (m != NULL) 988 m_freem(m); 989 if (tc != NULL) 990 free(tc, M_XDATA); 991 if (crp != NULL) 992 crypto_freereq(crp); 993 return error; 994 } 995 996 /* 997 * AH output routine, called by ipsec[46]_process_packet(). 998 */ 999 static int 1000 ah_output( 1001 struct mbuf *m, 1002 struct ipsecrequest *isr, 1003 struct mbuf **mp, 1004 int skip, 1005 int protoff 1006 ) 1007 { 1008 const struct secasvar *sav; 1009 const struct auth_hash *ahx; 1010 struct cryptodesc *crda; 1011 struct tdb_crypto *tc; 1012 struct mbuf *mi; 1013 struct cryptop *crp; 1014 u_int16_t iplen; 1015 int error, rplen, authsize, maxpacketsize, roff; 1016 u_int8_t prot; 1017 struct newah *ah; 1018 1019 IPSEC_SPLASSERT_SOFTNET("ah_output"); 1020 1021 sav = isr->sav; 1022 IPSEC_ASSERT(sav != NULL, ("ah_output: null SA")); 1023 ahx = sav->tdb_authalgxform; 1024 IPSEC_ASSERT(ahx != NULL, ("ah_output: null authentication xform")); 1025 1026 AH_STATINC(AH_STAT_OUTPUT); 1027 1028 /* Figure out header size. */ 1029 rplen = HDRSIZE(sav); 1030 1031 /* Check for maximum packet size violations. */ 1032 switch (sav->sah->saidx.dst.sa.sa_family) { 1033 #ifdef INET 1034 case AF_INET: 1035 maxpacketsize = IP_MAXPACKET; 1036 break; 1037 #endif /* INET */ 1038 #ifdef INET6 1039 case AF_INET6: 1040 maxpacketsize = IPV6_MAXPACKET; 1041 break; 1042 #endif /* INET6 */ 1043 default: 1044 DPRINTF(("ah_output: unknown/unsupported protocol " 1045 "family %u, SA %s/%08lx\n", 1046 sav->sah->saidx.dst.sa.sa_family, 1047 ipsec_address(&sav->sah->saidx.dst), 1048 (u_long) ntohl(sav->spi))); 1049 AH_STATINC(AH_STAT_NOPF); 1050 error = EPFNOSUPPORT; 1051 goto bad; 1052 } 1053 authsize = AUTHSIZE(sav); 1054 if (rplen + authsize + m->m_pkthdr.len > maxpacketsize) { 1055 DPRINTF(("ah_output: packet in SA %s/%08lx got too big " 1056 "(len %u, max len %u)\n", 1057 ipsec_address(&sav->sah->saidx.dst), 1058 (u_long) ntohl(sav->spi), 1059 rplen + authsize + m->m_pkthdr.len, maxpacketsize)); 1060 AH_STATINC(AH_STAT_TOOBIG); 1061 error = EMSGSIZE; 1062 goto bad; 1063 } 1064 1065 /* Update the counters. */ 1066 AH_STATADD(AH_STAT_OBYTES, m->m_pkthdr.len - skip); 1067 1068 m = m_clone(m); 1069 if (m == NULL) { 1070 DPRINTF(("ah_output: cannot clone mbuf chain, SA %s/%08lx\n", 1071 ipsec_address(&sav->sah->saidx.dst), 1072 (u_long) ntohl(sav->spi))); 1073 AH_STATINC(AH_STAT_HDROPS); 1074 error = ENOBUFS; 1075 goto bad; 1076 } 1077 1078 /* Inject AH header. */ 1079 mi = m_makespace(m, skip, rplen + authsize, &roff); 1080 if (mi == NULL) { 1081 DPRINTF(("ah_output: failed to inject %u byte AH header for SA " 1082 "%s/%08lx\n", 1083 rplen + authsize, 1084 ipsec_address(&sav->sah->saidx.dst), 1085 (u_long) ntohl(sav->spi))); 1086 AH_STATINC(AH_STAT_HDROPS); /*XXX differs from openbsd */ 1087 error = ENOBUFS; 1088 goto bad; 1089 } 1090 1091 /* 1092 * The AH header is guaranteed by m_makespace() to be in 1093 * contiguous memory, at roff bytes offset into the returned mbuf. 1094 */ 1095 ah = (struct newah *)(mtod(mi, char *) + roff); 1096 1097 /* Initialize the AH header. */ 1098 m_copydata(m, protoff, sizeof(u_int8_t), &ah->ah_nxt); 1099 ah->ah_len = (rplen + authsize - sizeof(struct ah)) / sizeof(u_int32_t); 1100 ah->ah_reserve = 0; 1101 ah->ah_spi = sav->spi; 1102 1103 /* Zeroize authenticator. */ 1104 m_copyback(m, skip + rplen, authsize, ipseczeroes); 1105 1106 /* Insert packet replay counter, as requested. */ 1107 if (sav->replay) { 1108 if (sav->replay->count == ~0 && 1109 (sav->flags & SADB_X_EXT_CYCSEQ) == 0) { 1110 DPRINTF(("ah_output: replay counter wrapped for SA " 1111 "%s/%08lx\n", 1112 ipsec_address(&sav->sah->saidx.dst), 1113 (u_long) ntohl(sav->spi))); 1114 AH_STATINC(AH_STAT_WRAP); 1115 error = EINVAL; 1116 goto bad; 1117 } 1118 #ifdef IPSEC_DEBUG 1119 /* Emulate replay attack when ipsec_replay is TRUE. */ 1120 if (!ipsec_replay) 1121 #endif 1122 sav->replay->count++; 1123 ah->ah_seq = htonl(sav->replay->count); 1124 } 1125 1126 /* Get crypto descriptors. */ 1127 crp = crypto_getreq(1); 1128 if (crp == NULL) { 1129 DPRINTF(("ah_output: failed to acquire crypto descriptors\n")); 1130 AH_STATINC(AH_STAT_CRYPTO); 1131 error = ENOBUFS; 1132 goto bad; 1133 } 1134 1135 crda = crp->crp_desc; 1136 1137 crda->crd_skip = 0; 1138 crda->crd_inject = skip + rplen; 1139 crda->crd_len = m->m_pkthdr.len; 1140 1141 /* Authentication operation. */ 1142 crda->crd_alg = ahx->type; 1143 crda->crd_key = _KEYBUF(sav->key_auth); 1144 crda->crd_klen = _KEYBITS(sav->key_auth); 1145 1146 /* Allocate IPsec-specific opaque crypto info. */ 1147 tc = (struct tdb_crypto *) malloc( 1148 sizeof(struct tdb_crypto) + skip, M_XDATA, M_NOWAIT|M_ZERO); 1149 if (tc == NULL) { 1150 crypto_freereq(crp); 1151 DPRINTF(("ah_output: failed to allocate tdb_crypto\n")); 1152 AH_STATINC(AH_STAT_CRYPTO); 1153 error = ENOBUFS; 1154 goto bad; 1155 } 1156 1157 /* Save the skipped portion of the packet. */ 1158 m_copydata(m, 0, skip, (tc + 1)); 1159 1160 /* 1161 * Fix IP header length on the header used for 1162 * authentication. We don't need to fix the original 1163 * header length as it will be fixed by our caller. 1164 */ 1165 switch (sav->sah->saidx.dst.sa.sa_family) { 1166 #ifdef INET 1167 case AF_INET: 1168 bcopy(((char *)(tc + 1)) + 1169 offsetof(struct ip, ip_len), 1170 &iplen, sizeof(u_int16_t)); 1171 iplen = htons(ntohs(iplen) + rplen + authsize); 1172 m_copyback(m, offsetof(struct ip, ip_len), 1173 sizeof(u_int16_t), &iplen); 1174 break; 1175 #endif /* INET */ 1176 1177 #ifdef INET6 1178 case AF_INET6: 1179 bcopy(((char *)(tc + 1)) + 1180 offsetof(struct ip6_hdr, ip6_plen), 1181 &iplen, sizeof(u_int16_t)); 1182 iplen = htons(ntohs(iplen) + rplen + authsize); 1183 m_copyback(m, offsetof(struct ip6_hdr, ip6_plen), 1184 sizeof(u_int16_t), &iplen); 1185 break; 1186 #endif /* INET6 */ 1187 } 1188 1189 /* Fix the Next Header field in saved header. */ 1190 ((u_int8_t *) (tc + 1))[protoff] = IPPROTO_AH; 1191 1192 /* Update the Next Protocol field in the IP header. */ 1193 prot = IPPROTO_AH; 1194 m_copyback(m, protoff, sizeof(u_int8_t), &prot); 1195 1196 /* "Massage" the packet headers for crypto processing. */ 1197 error = ah_massage_headers(&m, sav->sah->saidx.dst.sa.sa_family, 1198 skip, ahx->type, 1); 1199 if (error != 0) { 1200 m = NULL; /* mbuf was free'd by ah_massage_headers. */ 1201 free(tc, M_XDATA); 1202 crypto_freereq(crp); 1203 goto bad; 1204 } 1205 1206 /* Crypto operation descriptor. */ 1207 crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ 1208 crp->crp_flags = CRYPTO_F_IMBUF; 1209 crp->crp_buf = m; 1210 crp->crp_callback = ah_output_cb; 1211 crp->crp_sid = sav->tdb_cryptoid; 1212 crp->crp_opaque = tc; 1213 1214 /* These are passed as-is to the callback. */ 1215 tc->tc_isr = isr; 1216 tc->tc_spi = sav->spi; 1217 tc->tc_dst = sav->sah->saidx.dst; 1218 tc->tc_proto = sav->sah->saidx.proto; 1219 tc->tc_skip = skip; 1220 tc->tc_protoff = protoff; 1221 1222 return crypto_dispatch(crp); 1223 bad: 1224 if (m) 1225 m_freem(m); 1226 return (error); 1227 } 1228 1229 /* 1230 * AH output callback from the crypto driver. 1231 */ 1232 static int 1233 ah_output_cb(struct cryptop *crp) 1234 { 1235 int skip, error; 1236 struct tdb_crypto *tc; 1237 struct ipsecrequest *isr; 1238 struct secasvar *sav; 1239 struct mbuf *m; 1240 void *ptr; 1241 int s, err; 1242 1243 tc = (struct tdb_crypto *) crp->crp_opaque; 1244 IPSEC_ASSERT(tc != NULL, ("ah_output_cb: null opaque data area!")); 1245 skip = tc->tc_skip; 1246 ptr = (tc + 1); 1247 m = (struct mbuf *) crp->crp_buf; 1248 1249 s = splsoftnet(); 1250 mutex_enter(softnet_lock); 1251 1252 isr = tc->tc_isr; 1253 sav = KEY_ALLOCSA(&tc->tc_dst, tc->tc_proto, tc->tc_spi, 0, 0); 1254 if (sav == NULL) { 1255 AH_STATINC(AH_STAT_NOTDB); 1256 DPRINTF(("ah_output_cb: SA expired while in crypto\n")); 1257 error = ENOBUFS; /*XXX*/ 1258 goto bad; 1259 } 1260 IPSEC_ASSERT(isr->sav == sav, ("ah_output_cb: SA changed\n")); 1261 1262 /* Check for crypto errors. */ 1263 if (crp->crp_etype) { 1264 if (sav->tdb_cryptoid != 0) 1265 sav->tdb_cryptoid = crp->crp_sid; 1266 1267 if (crp->crp_etype == EAGAIN) { 1268 KEY_FREESAV(&sav); 1269 mutex_exit(softnet_lock); 1270 splx(s); 1271 return crypto_dispatch(crp); 1272 } 1273 1274 AH_STATINC(AH_STAT_NOXFORM); 1275 DPRINTF(("ah_output_cb: crypto error %d\n", crp->crp_etype)); 1276 error = crp->crp_etype; 1277 goto bad; 1278 } 1279 1280 /* Shouldn't happen... */ 1281 if (m == NULL) { 1282 AH_STATINC(AH_STAT_CRYPTO); 1283 DPRINTF(("ah_output_cb: bogus returned buffer from crypto\n")); 1284 error = EINVAL; 1285 goto bad; 1286 } 1287 AH_STATINC(AH_STAT_HIST + sav->alg_auth); 1288 1289 /* 1290 * Copy original headers (with the new protocol number) back 1291 * in place. 1292 */ 1293 m_copyback(m, 0, skip, ptr); 1294 1295 /* No longer needed. */ 1296 free(tc, M_XDATA); 1297 crypto_freereq(crp); 1298 1299 #ifdef IPSEC_DEBUG 1300 /* Emulate man-in-the-middle attack when ipsec_integrity is TRUE. */ 1301 if (ipsec_integrity) { 1302 int alen; 1303 1304 /* 1305 * Corrupt HMAC if we want to test integrity verification of 1306 * the other side. 1307 */ 1308 alen = AUTHSIZE(sav); 1309 m_copyback(m, m->m_pkthdr.len - alen, alen, ipseczeroes); 1310 } 1311 #endif 1312 1313 /* NB: m is reclaimed by ipsec_process_done. */ 1314 err = ipsec_process_done(m, isr); 1315 KEY_FREESAV(&sav); 1316 mutex_exit(softnet_lock); 1317 splx(s); 1318 return err; 1319 bad: 1320 if (sav) 1321 KEY_FREESAV(&sav); 1322 mutex_exit(softnet_lock); 1323 splx(s); 1324 if (m) 1325 m_freem(m); 1326 free(tc, M_XDATA); 1327 crypto_freereq(crp); 1328 return error; 1329 } 1330 1331 static struct xformsw ah_xformsw = { 1332 XF_AH, XFT_AUTH, "IPsec AH", 1333 ah_init, ah_zeroize, ah_input, ah_output, 1334 NULL, 1335 }; 1336 1337 INITFN void 1338 ah_attach(void) 1339 { 1340 ahstat_percpu = percpu_alloc(sizeof(uint64_t) * AH_NSTATS); 1341 xform_register(&ah_xformsw); 1342 } 1343 1344 #ifdef __FreeBSD__ 1345 SYSINIT(ah_xform_init, SI_SUB_PROTO_DOMAIN, SI_ORDER_MIDDLE, ah_attach, NULL); 1346 #endif 1347
Indexes created Tue Sep 23 07:09:52 GMT 2025