svn commit: r309004 - projects/ipsec/sys/netipsec

Tue Nov 22 14:31:50 UTC 2016

Author: ae
Date: Tue Nov 22 14:31:49 2016
New Revision: 309004
URL: https://svnweb.freebsd.org/changeset/base/309004

Log:
  Remove key_mature() function. The checks that it did now are in
  key_newsav() and key_setsaval().

Modified:
  projects/ipsec/sys/netipsec/key.c

Modified: projects/ipsec/sys/netipsec/key.c
==============================================================================

--- projects/ipsec/sys/netipsec/key.c	Tue Nov 22 14:25:25 2016	(r309003)
+++ projects/ipsec/sys/netipsec/key.c	Tue Nov 22 14:31:49 2016	(r309004)
@@ -3118,93 +3118,6 @@ fail:
 	key_cleansav(sav);
 	return (error);
 }
-/*
- * validation with a secasvar entry, and set SADB_SATYPE_MATURE.
- * OUT:	0:	valid
- *	other:	errno
- */
-static int
-key_mature(struct secasvar *sav)
-{
-	int error;
-
-	/* check SPI value */
-	switch (sav->sah->saidx.proto) {
-	case IPPROTO_ESP:
-	case IPPROTO_AH:
-		/*
-		 * RFC 4302, 2.4. Security Parameters Index (SPI), SPI values
-		 * 1-255 reserved by IANA for future use,
-		 * 0 for implementation specific, local use.
-		 */
-		if (ntohl(sav->spi) <= 255) {
-			ipseclog((LOG_DEBUG, "%s: illegal range of SPI %u.\n",
-			    __func__, (u_int32_t)ntohl(sav->spi)));
-			return EINVAL;
-		}
-		break;
-	}
-
-	/* check satype */
-	switch (sav->sah->saidx.proto) {
-	case IPPROTO_ESP:
-		/* check flags */
-		if ((sav->flags & (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) ==
-		    (SADB_X_EXT_OLD|SADB_X_EXT_DERIV)) {
-			ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
-				"given to old-esp.\n", __func__));
-			return EINVAL;
-		}
-		error = xform_init(sav, XF_ESP);
-		break;
-	case IPPROTO_AH:
-		/* check flags */
-		if (sav->flags & SADB_X_EXT_DERIV) {
-			ipseclog((LOG_DEBUG, "%s: invalid flag (derived) "
-				"given to AH SA.\n", __func__));
-			return EINVAL;
-		}
-		if (sav->alg_enc != SADB_EALG_NONE) {
-			ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
-				"mismated.\n", __func__));
-			return(EINVAL);
-		}
-		error = xform_init(sav, XF_AH);
-		break;
-	case IPPROTO_IPCOMP:
-		if (sav->alg_auth != SADB_AALG_NONE) {
-			ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
-				"mismated.\n", __func__));
-			return(EINVAL);
-		}
-		if ((sav->flags & SADB_X_EXT_RAWCPI) == 0
-		 && ntohl(sav->spi) >= 0x10000) {
-			ipseclog((LOG_DEBUG, "%s: invalid cpi for IPComp.\n",
-				__func__));
-			return(EINVAL);
-		}
-		error = xform_init(sav, XF_IPCOMP);
-		break;
-	case IPPROTO_TCP:
-		if (sav->alg_enc != SADB_EALG_NONE) {
-			ipseclog((LOG_DEBUG, "%s: protocol and algorithm "
-				"mismated.\n", __func__));
-			return(EINVAL);
-		}
-		error = xform_init(sav, XF_TCPSIGNATURE);
-		break;
-	default:
-		ipseclog((LOG_DEBUG, "%s: Invalid satype.\n", __func__));
-		error = EPROTONOSUPPORT;
-		break;
-	}
-	if (error == 0) {
-		SAHTREE_LOCK();
-		key_sa_chgstate(sav, SADB_SASTATE_MATURE);
-		SAHTREE_UNLOCK();
-	}
-	return (error);
-}
 
 /*
  * subroutine for SADB_GET and SADB_DUMP.
