/usr/src/sbin/iked/ikev2

Bug Summary

File:	src/sbin/iked/ikev2_msg.c
Warning:	line 1257, column 3 Use of memory after it is freed
Annotated Source Code

Press '?' to see keyboard shortcuts
Show analyzer invocation
clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name ikev2_msg.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/sbin/iked/obj -resource-dir /usr/local/llvm16/lib/clang/16 -I /usr/src/sbin/iked -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/sbin/iked/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/sbin/iked/ikev2_msg.c
1/*	$OpenBSD: ikev2_msg.c,v 1.100 2023/08/04 19:06:25 claudio Exp $	*/

3/*
* Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de>
* Copyright (c) 2010-2013 Reyk Floeter <reyk@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/

20#include <sys/types.h>
21#include <sys/queue.h>
22#include <sys/socket.h>
23#include <sys/uio.h>

25#include <netinet/in.h>
26#include <arpa/inet.h>

28#include <stdlib.h>
29#include <stdio.h>
30#include <syslog.h>
31#include <unistd.h>
32#include <string.h>
33#include <signal.h>
34#include <endian.h>
35#include <errno(*__errno()).h>
36#include <err.h>
37#include <event.h>

39#include <openssl/sha.h>
40#include <openssl/evp.h>

42#include "iked.h"
43#include "ikev2.h"
44#include "eap.h"
45#include "dh.h"

47void	 ikev1_recv(struct iked *, struct iked_message *);
48void	 ikev2_msg_response_timeout(struct iked *, void *);
49void	 ikev2_msg_retransmit_timeout(struct iked *, void *);
50int	 ikev2_check_frag_oversize(struct iked_sa *, struct ibuf *);
51int	 ikev2_send_encrypted_fragments(struct iked *, struct iked_sa *,
   struct ibuf *, uint8_t, uint8_t, int);
53int	 ikev2_msg_encrypt_prepare(struct iked_sa *, struct ikev2_payload *,
   struct ibuf*, struct ibuf *, struct ike_header *, uint8_t, int);

56void
57ikev2_msg_cb(int fd, short event, void *arg)
58{
struct iked_socket	*sock = arg;
struct iked		*env = sock->sock_env;
struct iked_message	 msg;
struct ike_header	 hdr;
uint32_t		 natt = 0x00000000;
uint8_t			 buf[IKED_MSGBUF_MAX8192];
ssize_t			 len;
off_t			 off;

bzero(&msg, sizeof(msg));
bzero(buf, sizeof(buf));

msg.msg_peerlen = sizeof(msg.msg_peer);
msg.msg_locallen = sizeof(msg.msg_local);
msg.msg_parent = &msg;
memcpy(&msg.msg_local, &sock->sock_addr, sizeof(sock->sock_addr));

if ((len = recvfromto(fd, buf, sizeof(buf), 0,
   (struct sockaddr *)&msg.msg_peer, &msg.msg_peerlen,
   (struct sockaddr *)&msg.msg_local, &msg.msg_locallen)) <
   (ssize_t)sizeof(natt))
return;

if (socket_getport((struct sockaddr *)&msg.msg_local) ==
   env->sc_nattportsc_static.st_nattport) {
if (memcmp(&natt, buf, sizeof(natt)) != 0)
	return;
msg.msg_natt = 1;
off = sizeof(natt);
} else
off = 0;

if ((size_t)(len - off) <= sizeof(hdr))
return;
memcpy(&hdr, buf + off, sizeof(hdr));

if ((msg.msg_data = ibuf_new(buf + off, len - off)) == NULL((void *)0))
return;

TAILQ_INIT(&msg.msg_proposals)do { (&msg.msg_proposals)->tqh_first = ((void *)0); (&
msg.msg_proposals)->tqh_last = &(&msg.msg_proposals
)->tqh_first; } while (0);
SIMPLEQ_INIT(&msg.msg_certreqs)do { (&msg.msg_certreqs)->sqh_first = ((void *)0); (&
msg.msg_certreqs)->sqh_last = &(&msg.msg_certreqs)
->sqh_first; } while (0);
msg.msg_fd = fd;

if (hdr.ike_version == IKEV1_VERSION0x10)
ikev1_recv(env, &msg);
else
ikev2_recv(env, &msg);

ikev2_msg_cleanup(env, &msg);
108}

110void
111ikev1_recv(struct iked *env, struct iked_message *msg)
112{
struct ike_header	*hdr;

if (ibuf_size(msg->msg_data) <= sizeof(*hdr)) {
log_debug("%s: short message", __func__);
return;
}

hdr = (struct ike_header *)ibuf_data(msg->msg_data);

log_debug("%s: header ispi %s rspi %s"
   " nextpayload %u version 0x%02x exchange %u flags 0x%02x"
   " msgid %u length %u", __func__,
   print_spi(betoh64(hdr->ike_ispi)(__uint64_t)(__builtin_constant_p(hdr->ike_ispi) ? (__uint64_t
)((((__uint64_t)(hdr->ike_ispi) & 0xff) << 56) |
 ((__uint64_t)(hdr->ike_ispi) & 0xff00ULL) << 40
 | ((__uint64_t)(hdr->ike_ispi) & 0xff0000ULL) <<
| ((__uint64_t)(hdr->ike_ispi) & 0xff000000ULL) <<
| ((__uint64_t)(hdr->ike_ispi) & 0xff00000000ULL) >>
| ((__uint64_t)(hdr->ike_ispi) & 0xff0000000000ULL)
 >> 24 | ((__uint64_t)(hdr->ike_ispi) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(hdr->ike_ispi) & 0xff00000000000000ULL
) >> 56) : __swap64md(hdr->ike_ispi)), 8),
   print_spi(betoh64(hdr->ike_rspi)(__uint64_t)(__builtin_constant_p(hdr->ike_rspi) ? (__uint64_t
)((((__uint64_t)(hdr->ike_rspi) & 0xff) << 56) |
 ((__uint64_t)(hdr->ike_rspi) & 0xff00ULL) << 40
 | ((__uint64_t)(hdr->ike_rspi) & 0xff0000ULL) <<
| ((__uint64_t)(hdr->ike_rspi) & 0xff000000ULL) <<
| ((__uint64_t)(hdr->ike_rspi) & 0xff00000000ULL) >>
| ((__uint64_t)(hdr->ike_rspi) & 0xff0000000000ULL)
 >> 24 | ((__uint64_t)(hdr->ike_rspi) & 0xff000000000000ULL
) >> 40 | ((__uint64_t)(hdr->ike_rspi) & 0xff00000000000000ULL
) >> 56) : __swap64md(hdr->ike_rspi)), 8),
   hdr->ike_nextpayload,
   hdr->ike_version,
   hdr->ike_exchange,
   hdr->ike_flags,
   betoh32(hdr->ike_msgid)(__uint32_t)(__builtin_constant_p(hdr->ike_msgid) ? (__uint32_t
)(((__uint32_t)(hdr->ike_msgid) & 0xff) << 24 | (
(__uint32_t)(hdr->ike_msgid) & 0xff00) << 8 | ((
__uint32_t)(hdr->ike_msgid) & 0xff0000) >> 8 | (
(__uint32_t)(hdr->ike_msgid) & 0xff000000) >> 24
) : __swap32md(hdr->ike_msgid)),
   betoh32(hdr->ike_length)(__uint32_t)(__builtin_constant_p(hdr->ike_length) ? (__uint32_t
)(((__uint32_t)(hdr->ike_length) & 0xff) << 24 |
 ((__uint32_t)(hdr->ike_length) & 0xff00) << 8 |
 ((__uint32_t)(hdr->ike_length) & 0xff0000) >> 8
 | ((__uint32_t)(hdr->ike_length) & 0xff000000) >>
 24) : __swap32md(hdr->ike_length)));

log_debug("%s: IKEv1 not supported", __func__);
135}

137struct ibuf *
138ikev2_msg_init(struct iked *env, struct iked_message *msg,
  struct sockaddr_storage *peer, socklen_t peerlen,
  struct sockaddr_storage *local, socklen_t locallen, int response)
141{
bzero(msg, sizeof(*msg));
memcpy(&msg->msg_peer, peer, peerlen);
msg->msg_peerlen = peerlen;
memcpy(&msg->msg_local, local, locallen);
msg->msg_locallen = locallen;
msg->msg_response = response ? 1 : 0;
msg->msg_fd = -1;
msg->msg_data = ibuf_static();
msg->msg_e = 0;
msg->msg_parent = msg;	/* has to be set */
TAILQ_INIT(&msg->msg_proposals)do { (&msg->msg_proposals)->tqh_first = ((void *)0)
; (&msg->msg_proposals)->tqh_last = &(&msg->
msg_proposals)->tqh_first; } while (0);

return (msg->msg_data);
155}

157struct iked_message *
158ikev2_msg_copy(struct iked *env, struct iked_message *msg)
159{
struct iked_message		*m = NULL((void *)0);
struct ibuf			*buf;
size_t				 len;
void				*ptr;

if (ibuf_size(msg->msg_data) < msg->msg_offset)
return (NULL((void *)0));
len = ibuf_size(msg->msg_data) - msg->msg_offset;

if ((m = malloc(sizeof(*m))) == NULL((void *)0))
return (NULL((void *)0));

if ((ptr = ibuf_seek(msg->msg_data, msg->msg_offset, len)) == NULL((void *)0) ||
   (buf = ikev2_msg_init(env, m, &msg->msg_peer, msg->msg_peerlen,
    &msg->msg_local, msg->msg_locallen, msg->msg_response)) == NULL((void *)0) ||
   ibuf_add(buf, ptr, len)) {
free(m);
return (NULL((void *)0));
}

m->msg_fd = msg->msg_fd;
m->msg_msgid = msg->msg_msgid;
m->msg_offset = msg->msg_offset;
m->msg_sa = msg->msg_sa;

return (m);
186}

188void
189ikev2_msg_cleanup(struct iked *env, struct iked_message *msg)
190{
struct iked_certreq	*cr;
int			 i;

if (msg == msg->msg_parent) {
ibuf_free(msg->msg_nonce);
ibuf_free(msg->msg_ke);
ibuf_free(msg->msg_auth.id_buf);
ibuf_free(msg->msg_peerid.id_buf);
ibuf_free(msg->msg_localid.id_buf);
ibuf_free(msg->msg_cert.id_buf);
for (i = 0; i < IKED_SCERT_MAX3; i++)
	ibuf_free(msg->msg_scert[i].id_buf);
ibuf_free(msg->msg_cookie);
ibuf_free(msg->msg_cookie2);
ibuf_free(msg->msg_del_buf);
free(msg->msg_eap.eam_user);
free(msg->msg_cp_addr);
free(msg->msg_cp_addr6);
free(msg->msg_cp_dns);

msg->msg_nonce = NULL((void *)0);
msg->msg_ke = NULL((void *)0);
msg->msg_auth.id_buf = NULL((void *)0);
msg->msg_peerid.id_buf = NULL((void *)0);
msg->msg_localid.id_buf = NULL((void *)0);
msg->msg_cert.id_buf = NULL((void *)0);
for (i = 0; i < IKED_SCERT_MAX3; i++)
	msg->msg_scert[i].id_buf = NULL((void *)0);
msg->msg_cookie = NULL((void *)0);
msg->msg_cookie2 = NULL((void *)0);
msg->msg_del_buf = NULL((void *)0);
msg->msg_eap.eam_user = NULL((void *)0);
msg->msg_cp_addr = NULL((void *)0);
msg->msg_cp_addr6 = NULL((void *)0);
msg->msg_cp_dns = NULL((void *)0);

config_free_proposals(&msg->msg_proposals, 0);
while ((cr = SIMPLEQ_FIRST(&msg->msg_certreqs)((&msg->msg_certreqs)->sqh_first))) {
	ibuf_free(cr->cr_data);
	SIMPLEQ_REMOVE_HEAD(&msg->msg_certreqs, cr_entry)do { if (((&msg->msg_certreqs)->sqh_first = (&msg
->msg_certreqs)->sqh_first->cr_entry.sqe_next) == ((
void *)0)) (&msg->msg_certreqs)->sqh_last = &(&
msg->msg_certreqs)->sqh_first; } while (0);
	free(cr);
}
}

if (msg->msg_data != NULL((void *)0)) {
ibuf_free(msg->msg_data);
msg->msg_data = NULL((void *)0);
}
239}

241int
242ikev2_msg_valid_ike_sa(struct iked *env, struct ike_header *oldhdr,
  struct iked_message *msg)
244{
if (msg->msg_sa != NULL((void *)0) && msg->msg_policy != NULL((void *)0)) {
if (msg->msg_sa->sa_state == IKEV2_STATE_CLOSED11)
	return (-1);
/*
 * Only permit informational requests from initiator
 * on closing SAs (for DELETE).
 */
if (msg->msg_sa->sa_state == IKEV2_STATE_CLOSING10) {
	if (((oldhdr->ike_flags &
	    (IKEV2_FLAG_INITIATOR0x08|IKEV2_FLAG_RESPONSE0x20)) ==
	    IKEV2_FLAG_INITIATOR0x08) &&
	    (oldhdr->ike_exchange ==
	    IKEV2_EXCHANGE_INFORMATIONAL37))
		return (0);
	return (-1);
}
return (0);
}

/* Always fail */
return (-1);
266}

268int
269ikev2_msg_send(struct iked *env, struct iked_message *msg)
270{
struct iked_sa		*sa = msg->msg_sa;
struct ibuf		*buf = msg->msg_data;
uint32_t		 natt = 0x00000000;
int			 isnatt = 0;
uint8_t			 exchange, flags;
struct ike_header	*hdr;
struct iked_message	*m;

if (buf == NULL((void *)0) || (hdr = ibuf_seek(msg->msg_data,
   msg->msg_offset, sizeof(*hdr))) == NULL((void *)0))
return (-1);

isnatt = (msg->msg_natt || (sa && sa->sa_natt));

exchange = hdr->ike_exchange;
flags = hdr->ike_flags;
logit(exchange == IKEV2_EXCHANGE_INFORMATIONAL37 ?  LOG_DEBUG7 : LOG_INFO6,
   "%ssend %s %s %u peer %s local %s, %zu bytes%s",
   SPI_IH(hdr)ikev2_ikesa_info((__uint64_t)(__builtin_constant_p((hdr)->
ike_ispi) ? (__uint64_t)((((__uint64_t)((hdr)->ike_ispi) &
 0xff) << 56) | ((__uint64_t)((hdr)->ike_ispi) &
 0xff00ULL) << 40 | ((__uint64_t)((hdr)->ike_ispi) &
 0xff0000ULL) << 24 | ((__uint64_t)((hdr)->ike_ispi)
 & 0xff000000ULL) << 8 | ((__uint64_t)((hdr)->ike_ispi
) & 0xff00000000ULL) >> 8 | ((__uint64_t)((hdr)->
ike_ispi) & 0xff0000000000ULL) >> 24 | ((__uint64_t
)((hdr)->ike_ispi) & 0xff000000000000ULL) >> 40 |
 ((__uint64_t)((hdr)->ike_ispi) & 0xff00000000000000ULL
) >> 56) : __swap64md((hdr)->ike_ispi)), ((void *)0)
),
   print_map(exchange, ikev2_exchange_map),
   (flags & IKEV2_FLAG_RESPONSE0x20) ? "res" : "req",
   betoh32(hdr->ike_msgid)(__uint32_t)(__builtin_constant_p(hdr->ike_msgid) ? (__uint32_t
)(((__uint32_t)(hdr->ike_msgid) & 0xff) << 24 | (
(__uint32_t)(hdr->ike_msgid) & 0xff00) << 8 | ((
__uint32_t)(hdr->ike_msgid) & 0xff0000) >> 8 | (
(__uint32_t)(hdr->ike_msgid) & 0xff000000) >> 24
) : __swap32md(hdr->ike_msgid)),
   print_addr(&msg->msg_peer),
   print_addr(&msg->msg_local),
   ibuf_size(buf), isnatt ? ", NAT-T" : "");

if (isnatt) {
struct ibuf *new;
if ((new = ibuf_new(&natt, sizeof(natt))) == NULL((void *)0)) {
	log_debug("%s: failed to set NAT-T", __func__);
	return (-1);
}
if (ibuf_add_buf(new, buf) == -1) {
	ibuf_free(new);
	log_debug("%s: failed to set NAT-T", __func__);
	return (-1);
}
ibuf_free(buf);
buf = msg->msg_data = new;
}

if (sendtofrom(msg->msg_fd, ibuf_data(buf), ibuf_size(buf), 0,
   (struct sockaddr *)&msg->msg_peer, msg->msg_peerlen,
   (struct sockaddr *)&msg->msg_local, msg->msg_locallen) == -1) {
log_warn("%s: sendtofrom", __func__);
if (sa != NULL((void *)0) && errno(*__errno()) == EADDRNOTAVAIL49) {
	sa_state(env, sa, IKEV2_STATE_CLOSING10);
	timer_del(env, &sa->sa_timer);
	timer_set(env, &sa->sa_timer,
	    ikev2_ike_sa_timeout, sa);
	timer_add(env, &sa->sa_timer,
	    IKED_IKE_SA_DELETE_TIMEOUT120);
}
ikestat_inc(env, ikes_msg_send_failures)do { env->sc_stats.ikes_msg_send_failures += (1); } while(
0);
} else
ikestat_inc(env, ikes_msg_sent)do { env->sc_stats.ikes_msg_sent += (1); } while(0);

if (sa == NULL((void *)0))
return (0);

if ((m = ikev2_msg_copy(env, msg)) == NULL((void *)0)) {
log_debug("%s: failed to copy a message", __func__);
return (-1);
}
m->msg_exchange = exchange;

if (flags & IKEV2_FLAG_RESPONSE0x20) {
if (ikev2_msg_enqueue(env, &sa->sa_responses, m,
    IKED_RESPONSE_TIMEOUT120) != 0) {
	ikev2_msg_cleanup(env, m);
	free(m);
	return (-1);
}
} else {
if (ikev2_msg_enqueue(env, &sa->sa_requests, m,
    IKED_RETRANSMIT_TIMEOUT2) != 0) {
	ikev2_msg_cleanup(env, m);
	free(m);
	return (-1);
}
}

return (0);
354}

356uint32_t
357ikev2_msg_id(struct iked *env, struct iked_sa *sa)
358{
uint32_t		id = sa->sa_reqid;

if (++sa->sa_reqid == UINT32_MAX0xffffffffU) {
/* XXX we should close and renegotiate the connection now */
log_debug("%s: IKEv2 message sequence overflow", __func__);
}
return (id);
366}

368/*
* Calculate the final sizes of the IKEv2 header and the encrypted payload
* header.  This must be done before encryption to make sure the correct
* headers are authenticated.
*/
373int
374ikev2_msg_encrypt_prepare(struct iked_sa *sa, struct ikev2_payload *pld,
  struct ibuf *buf, struct ibuf *e, struct ike_header *hdr,
  uint8_t firstpayload, int fragmentation)
377{
size_t	 len, ivlen, encrlen, integrlen, blocklen, pldlen, outlen;

if (sa == NULL((void *)0) ||
   sa->sa_encr == NULL((void *)0) ||
   sa->sa_integr == NULL((void *)0)) {
log_debug("%s: invalid SA", __func__);
return (-1);
}

len = ibuf_size(e);
blocklen = cipher_length(sa->sa_encr);
integrlen = hash_length(sa->sa_integr);
ivlen = cipher_ivlength(sa->sa_encr);
encrlen = roundup(len + 1, blocklen)((((len + 1)+((blocklen)-1))/(blocklen))*(blocklen));
outlen = cipher_outlength(sa->sa_encr, encrlen);
pldlen = ivlen + outlen + integrlen;

if (ikev2_next_payload(pld,
   pldlen + (fragmentation ? sizeof(struct ikev2_frag_payload) : 0),
   firstpayload) == -1)
return (-1);
if (ikev2_set_header(hdr, ibuf_size(buf) + pldlen - sizeof(*hdr)) == -1)
return (-1);

return (0);
403}

405struct ibuf *
406ikev2_msg_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf *src,
  struct ibuf *aad)
408{
size_t			 len, encrlen, integrlen, blocklen,
		    outlen;
uint8_t			*buf, pad = 0, *ptr;
struct ibuf		*encr, *dst = NULL((void *)0), *out = NULL((void *)0);

buf = ibuf_data(src);
len = ibuf_size(src);

log_debug("%s: decrypted length %zu", __func__, len);
print_hex(buf, 0, len);

if (sa == NULL((void *)0) ||
   sa->sa_encr == NULL((void *)0) ||
   sa->sa_integr == NULL((void *)0)) {
log_debug("%s: invalid SA", __func__);
goto done;
}

if (sa->sa_hdr.sh_initiator)
encr = sa->sa_key_iencr;
else
encr = sa->sa_key_rencr;

blocklen = cipher_length(sa->sa_encr);
integrlen = hash_length(sa->sa_integr);
encrlen = roundup(len + sizeof(pad), blocklen)((((len + sizeof(pad))+((blocklen)-1))/(blocklen))*(blocklen)
);
pad = encrlen - (len + sizeof(pad));

/*
* Pad the payload and encrypt it
*/
if (pad) {
if ((ptr = ibuf_reserve(src, pad)) == NULL((void *)0))
	goto done;
arc4random_buf(ptr, pad);
}
if (ibuf_add(src, &pad, sizeof(pad)) != 0)
goto done;

log_debug("%s: padded length %zu", __func__, ibuf_size(src));
print_hexbuf(src);

cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_size(encr));
cipher_setiv(sa->sa_encr, NULL((void *)0), 0);	/* XXX ivlen */
if (cipher_init_encrypt(sa->sa_encr) == -1) {
log_info("%s: error initiating cipher.", __func__);
goto done;
}

if ((dst = ibuf_dup(sa->sa_encr->encr_iv)) == NULL((void *)0))
goto done;

if ((out = ibuf_new(NULL((void *)0),
   cipher_outlength(sa->sa_encr, encrlen))) == NULL((void *)0))
goto done;

outlen = ibuf_size(out);

/* Add AAD for AEAD ciphers */
if (sa->sa_integr->hash_isaead)
cipher_aad(sa->sa_encr, ibuf_data(aad), ibuf_size(aad),
    &outlen);

if (cipher_update(sa->sa_encr, ibuf_data(src), encrlen,
   ibuf_data(out), &outlen) == -1) {
log_info("%s: error updating cipher.", __func__);
goto done;
}

if (cipher_final(sa->sa_encr) == -1) {
log_info("%s: encryption failed.", __func__);
goto done;
}

if (outlen && ibuf_add(dst, ibuf_data(out), outlen) != 0)
goto done;

if ((ptr = ibuf_reserve(dst, integrlen)) == NULL((void *)0))
goto done;
explicit_bzero(ptr, integrlen);

log_debug("%s: length %zu, padding %d, output length %zu",
   __func__, len + sizeof(pad), pad, ibuf_size(dst));
print_hexbuf(dst);

ibuf_free(src);
ibuf_free(out);
return (dst);
done:
ibuf_free(src);
ibuf_free(out);
ibuf_free(dst);
return (NULL((void *)0));
502}

504int
505ikev2_msg_integr(struct iked *env, struct iked_sa *sa, struct ibuf *src)
506{
int			 ret = -1;
size_t			 integrlen, tmplen;
struct ibuf		*integr, *tmp = NULL((void *)0);
uint8_t			*ptr;

log_debug("%s: message length %zu", __func__, ibuf_size(src));
print_hexbuf(src);

if (sa == NULL((void *)0) ||
   sa->sa_encr == NULL((void *)0) ||
   sa->sa_integr == NULL((void *)0)) {
log_debug("%s: invalid SA", __func__);
return (-1);
}

integrlen = hash_length(sa->sa_integr);
log_debug("%s: integrity checksum length %zu", __func__,
   integrlen);

/*
* Validate packet checksum
*/
if ((tmp = ibuf_new(NULL((void *)0), hash_keylength(sa->sa_integr))) == NULL((void *)0))
goto done;

if (!sa->sa_integr->hash_isaead) {
if (sa->sa_hdr.sh_initiator)
	integr = sa->sa_key_iauth;
else
	integr = sa->sa_key_rauth;

hash_setkey(sa->sa_integr, ibuf_data(integr),
    ibuf_size(integr));
hash_init(sa->sa_integr);
hash_update(sa->sa_integr, ibuf_data(src),
    ibuf_size(src) - integrlen);
hash_final(sa->sa_integr, ibuf_data(tmp), &tmplen);

if (tmplen != integrlen) {
	log_debug("%s: hash failure", __func__);
	goto done;
}
} else {
/* Append AEAD tag */
if (cipher_gettag(sa->sa_encr, ibuf_data(tmp), ibuf_size(tmp)))
	goto done;
}

if ((ptr = ibuf_seek(src,
   ibuf_size(src) - integrlen, integrlen)) == NULL((void *)0))
goto done;
memcpy(ptr, ibuf_data(tmp), integrlen);

print_hexbuf(tmp);

ret = 0;
done:
ibuf_free(tmp);

return (ret);
567}

569struct ibuf *
570ikev2_msg_decrypt(struct iked *env, struct iked_sa *sa,
  struct ibuf *msg, struct ibuf *src)
572{
ssize_t			 ivlen, encrlen, integrlen, blocklen,
		    outlen, tmplen;
uint8_t			 pad = 0, *ptr, *integrdata;
struct ibuf		*integr, *encr, *tmp = NULL((void *)0), *out = NULL((void *)0);
off_t			 ivoff, encroff, integroff;

if (sa == NULL((void *)0) ||
   sa->sa_encr == NULL((void *)0) ||
   sa->sa_integr == NULL((void *)0)) {
log_debug("%s: invalid SA", __func__);
print_hexbuf(src);
goto done;
}

if (!sa->sa_hdr.sh_initiator) {
encr = sa->sa_key_iencr;
integr = sa->sa_key_iauth;
} else {
encr = sa->sa_key_rencr;
integr = sa->sa_key_rauth;
}

blocklen = cipher_length(sa->sa_encr);
ivlen = cipher_ivlength(sa->sa_encr);
ivoff = 0;
integrlen = hash_length(sa->sa_integr);
integroff = ibuf_size(src) - integrlen;
encroff = ivlen;
encrlen = ibuf_size(src) - integrlen - ivlen;

if (encrlen < 0 || integroff < 0) {
log_debug("%s: invalid integrity value", __func__);
goto done;
}

log_debug("%s: IV length %zd", __func__, ivlen);
print_hex(ibuf_data(src), 0, ivlen);
log_debug("%s: encrypted payload length %zd", __func__, encrlen);
print_hex(ibuf_data(src), encroff, encrlen);
log_debug("%s: integrity checksum length %zd", __func__, integrlen);
print_hex(ibuf_data(src), integroff, integrlen);

/*
* Validate packet checksum
*/
if (!sa->sa_integr->hash_isaead) {
if ((tmp = ibuf_new(NULL((void *)0), hash_keylength(sa->sa_integr))) == NULL((void *)0))
	goto done;

hash_setkey(sa->sa_integr, ibuf_data(integr),
    ibuf_size(integr));
hash_init(sa->sa_integr);
hash_update(sa->sa_integr, ibuf_data(msg),
    ibuf_size(msg) - integrlen);
hash_final(sa->sa_integr, ibuf_data(tmp), &tmplen);

integrdata = ibuf_seek(src, integroff, integrlen);
if (integrdata == NULL((void *)0))
	goto done;
if (memcmp(ibuf_data(tmp), integrdata, integrlen) != 0) {
	log_debug("%s: integrity check failed", __func__);
	goto done;
}

log_debug("%s: integrity check succeeded", __func__);
print_hex(ibuf_data(tmp), 0, tmplen);

ibuf_free(tmp);
tmp = NULL((void *)0);
}

/*
* Decrypt the payload and strip any padding
*/
if ((encrlen % blocklen) != 0) {
log_debug("%s: unaligned encrypted payload", __func__);
goto done;
}

cipher_setkey(sa->sa_encr, ibuf_data(encr), ibuf_size(encr));
cipher_setiv(sa->sa_encr, ibuf_seek(src, ivoff, ivlen), ivlen);
if (cipher_init_decrypt(sa->sa_encr) == -1) {
log_info("%s: error initiating cipher.", __func__);
goto done;
}

/* Set AEAD tag */
if (sa->sa_integr->hash_isaead) {
integrdata = ibuf_seek(src, integroff, integrlen);
if (integrdata == NULL((void *)0))
	goto done;
if (cipher_settag(sa->sa_encr, integrdata, integrlen)) {
	log_info("%s: failed to set tag.", __func__);
	goto done;
}
}

if ((out = ibuf_new(NULL((void *)0), cipher_outlength(sa->sa_encr,
   encrlen))) == NULL((void *)0))
goto done;

/*
* Add additional authenticated data for AEAD ciphers
*/
if (sa->sa_integr->hash_isaead) {
log_debug("%s: AAD length %zu", __func__,
    ibuf_size(msg) - ibuf_size(src));
print_hex(ibuf_data(msg), 0, ibuf_size(msg) - ibuf_size(src));
cipher_aad(sa->sa_encr, ibuf_data(msg),
    ibuf_size(msg) - ibuf_size(src), &outlen);
}

if ((outlen = ibuf_size(out)) != 0) {
if (cipher_update(sa->sa_encr, ibuf_seek(src, encroff, encrlen),
    encrlen, ibuf_data(out), &outlen) == -1) {
	log_info("%s: error updating cipher.", __func__);
	goto done;
}

ptr = ibuf_seek(out, outlen - 1, 1);
pad = *ptr;
}

if (cipher_final(sa->sa_encr) == -1) {
log_info("%s: decryption failed.", __func__);
goto done;
}

log_debug("%s: decrypted payload length %zd/%zd padding %d",
   __func__, outlen, encrlen, pad);
print_hexbuf(out);

/* Strip padding and padding length */
if (ibuf_setsize(out, outlen - pad - 1) != 0)
goto done;

ibuf_free(src);
return (out);
done:
ibuf_free(tmp);
ibuf_free(out);
ibuf_free(src);
return (NULL((void *)0));
716}

718int
719ikev2_check_frag_oversize(struct iked_sa *sa, struct ibuf *buf) {
size_t		len = ibuf_length(buf);
sa_family_t	sa_fam;
size_t		max;
size_t		ivlen, integrlen, blocklen;

if (sa == NULL((void *)0) ||
   sa->sa_encr == NULL((void *)0) ||
   sa->sa_integr == NULL((void *)0)) {
log_debug("%s: invalid SA", __func__);
return (-1);
}

sa_fam = ((struct sockaddr *)&sa->sa_local.addr)->sa_family;

max = sa_fam == AF_INET2 ? IKEV2_MAXLEN_IPV4_FRAG(576 - (20 + 8 + 28))
   : IKEV2_MAXLEN_IPV6_FRAG(1280 - (40 + 8 + 28));

blocklen = cipher_length(sa->sa_encr);
ivlen = cipher_ivlength(sa->sa_encr);
integrlen = hash_length(sa->sa_integr);

/* Estimated maximum packet size (with 0 < padding < blocklen) */
return ((len + ivlen + blocklen + integrlen) >= max) && sa->sa_frag;
743}

745int
746ikev2_msg_send_encrypt(struct iked *env, struct iked_sa *sa, struct ibuf **ep,
  uint8_t exchange, uint8_t firstpayload, int response)
748{
struct iked_message		 resp;
struct ike_header		*hdr;
struct ikev2_payload		*pld;
struct ibuf			*buf, *e = *ep;
int				 ret = -1;

/* Check if msg needs to be fragmented */
if (ikev2_check_frag_oversize(sa, e)) {
return ikev2_send_encrypted_fragments(env, sa, e, exchange,
    firstpayload, response);
}

if ((buf = ikev2_msg_init(env, &resp, &sa->sa_peer.addr,
   sa->sa_peer.addr.ss_len, &sa->sa_local.addr,
   sa->sa_local.addr.ss_len, response)) == NULL((void *)0))
goto done;

resp.msg_msgid = response ? sa->sa_msgid_current : ikev2_msg_id(env, sa);

/* IKE header */
if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid, IKEV2_PAYLOAD_SK46,
   exchange, response ? IKEV2_FLAG_RESPONSE0x20 : 0)) == NULL((void *)0))
goto done;

if ((pld = ikev2_add_payload(buf)) == NULL((void *)0))
goto done;

if (ikev2_msg_encrypt_prepare(sa, pld, buf, e, hdr, firstpayload, 0) == -1)
goto done;

/* Encrypt message and add as an E payload */
if ((e = ikev2_msg_encrypt(env, sa, e, buf)) == NULL((void *)0)) {
log_debug("%s: encryption failed", __func__);
goto done;
}
if (ibuf_add_buf(buf, e) != 0)
goto done;

/* Add integrity checksum (HMAC) */
if (ikev2_msg_integr(env, sa, buf) != 0) {
log_debug("%s: integrity checksum failed", __func__);
goto done;
}

resp.msg_data = buf;
resp.msg_sa = sa;
resp.msg_fd = sa->sa_fd;
TAILQ_INIT(&resp.msg_proposals)do { (&resp.msg_proposals)->tqh_first = ((void *)0); (
&resp.msg_proposals)->tqh_last = &(&resp.msg_proposals
)->tqh_first; } while (0);

(void)ikev2_pld_parse(env, hdr, &resp, 0);

ret = ikev2_msg_send(env, &resp);

done:
/* e is cleaned up by the calling function */
*ep = e;
ikev2_msg_cleanup(env, &resp);

return (ret);
808}

810int
811ikev2_send_encrypted_fragments(struct iked *env, struct iked_sa *sa,
  struct ibuf *in, uint8_t exchange, uint8_t firstpayload, int response) {
struct iked_message		 resp;
struct ibuf			*buf, *e = NULL((void *)0);
struct ike_header		*hdr;
struct ikev2_payload		*pld;
struct ikev2_frag_payload	*frag;
sa_family_t			 sa_fam;
size_t				 ivlen, integrlen, blocklen;
size_t				 max_len, left,  offset=0;
size_t				 frag_num = 1, frag_total;
uint8_t				*data;
uint32_t			 msgid;
int				 ret = -1;

if (sa == NULL((void *)0) ||
   sa->sa_encr == NULL((void *)0) ||
   sa->sa_integr == NULL((void *)0)) {
log_debug("%s: invalid SA", __func__);
ikestat_inc(env, ikes_frag_send_failures)do { env->sc_stats.ikes_frag_send_failures += (1); } while
(0);
return ret;
}

sa_fam = ((struct sockaddr *)&sa->sa_local.addr)->sa_family;

left = ibuf_length(in);

/* Calculate max allowed size of a fragments payload */
blocklen = cipher_length(sa->sa_encr);
ivlen = cipher_ivlength(sa->sa_encr);
integrlen = hash_length(sa->sa_integr);
max_len = (sa_fam == AF_INET2 ? IKEV2_MAXLEN_IPV4_FRAG(576 - (20 + 8 + 28))
   : IKEV2_MAXLEN_IPV6_FRAG(1280 - (40 + 8 + 28)))
   - ivlen - blocklen - integrlen;

/* Total number of fragments to send */
frag_total = (left / max_len) + 1;

msgid = response ? sa->sa_msgid_current : ikev2_msg_id(env, sa);

while (frag_num <= frag_total) {
if ((buf = ikev2_msg_init(env, &resp, &sa->sa_peer.addr,
    sa->sa_peer.addr.ss_len, &sa->sa_local.addr,
    sa->sa_local.addr.ss_len, response)) == NULL((void *)0))
	goto done;

resp.msg_msgid = msgid;

/* IKE header */
if ((hdr = ikev2_add_header(buf, sa, resp.msg_msgid,
    IKEV2_PAYLOAD_SKF53, exchange, response ? IKEV2_FLAG_RESPONSE0x20
    : 0)) == NULL((void *)0))
	goto done;

/* Payload header */
if ((pld = ikev2_add_payload(buf)) == NULL((void *)0))
	goto done;

/* Fragment header */
if ((frag = ibuf_reserve(buf, sizeof(*frag))) == NULL((void *)0)) {
	log_debug("%s: failed to add SKF fragment header",
	    __func__);
	goto done;
}
frag->frag_num = htobe16(frag_num)(__uint16_t)(__builtin_constant_p(frag_num) ? (__uint16_t)(((
__uint16_t)(frag_num) & 0xffU) << 8 | ((__uint16_t)
(frag_num) & 0xff00U) >> 8) : __swap16md(frag_num));
frag->frag_total = htobe16(frag_total)(__uint16_t)(__builtin_constant_p(frag_total) ? (__uint16_t)(
((__uint16_t)(frag_total) & 0xffU) << 8 | ((__uint16_t
)(frag_total) & 0xff00U) >> 8) : __swap16md(frag_total
));

/* Encrypt message and add as an E payload */
data = ibuf_seek(in, offset, 0);
if ((e = ibuf_new(data, MINIMUM(left, max_len)(((left)<(max_len))?(left):(max_len)))) == NULL((void *)0)) {
	goto done;
}

if (ikev2_msg_encrypt_prepare(sa, pld, buf, e, hdr,
    firstpayload, 1) == -1)
	goto done;

if ((e = ikev2_msg_encrypt(env, sa, e, buf)) == NULL((void *)0)) {
	log_debug("%s: encryption failed", __func__);
	goto done;
}
if (ibuf_add_buf(buf, e) != 0)
	goto done;

/* Add integrity checksum (HMAC) */
if (ikev2_msg_integr(env, sa, buf) != 0) {
	log_debug("%s: integrity checksum failed", __func__);
	goto done;
}

log_debug("%s: Fragment %zu of %zu has size of %zu bytes.",
    __func__, frag_num, frag_total,
    ibuf_size(buf) - sizeof(*hdr));
print_hexbuf(buf);

resp.msg_data = buf;
resp.msg_sa = sa;
resp.msg_fd = sa->sa_fd;
TAILQ_INIT(&resp.msg_proposals)do { (&resp.msg_proposals)->tqh_first = ((void *)0); (
&resp.msg_proposals)->tqh_last = &(&resp.msg_proposals
)->tqh_first; } while (0);

if (ikev2_msg_send(env, &resp) == -1)
	goto done;

ikestat_inc(env, ikes_frag_sent)do { env->sc_stats.ikes_frag_sent += (1); } while(0);

offset += MINIMUM(left, max_len)(((left)<(max_len))?(left):(max_len));
left -= MINIMUM(left, max_len)(((left)<(max_len))?(left):(max_len));
frag_num++;

/* MUST be zero after first fragment */
firstpayload = 0;

ikev2_msg_cleanup(env, &resp);
ibuf_free(e);
e = NULL((void *)0);
}

return 0;
929done:
ikev2_msg_cleanup(env, &resp);
ibuf_free(e);
ikestat_inc(env, ikes_frag_send_failures)do { env->sc_stats.ikes_frag_send_failures += (1); } while
(0);
return ret;
934}

936struct ibuf *
937ikev2_msg_auth(struct iked *env, struct iked_sa *sa, int response)
938{
struct ibuf		*authmsg = NULL((void *)0), *nonce, *prfkey, *buf;
uint8_t			*ptr;
struct iked_id		*id;
size_t			 tmplen;

/*
* Create the payload to be signed/MAC'ed for AUTH
*/

if (!response) {
if ((nonce = sa->sa_rnoncesa_kex.kex_rnonce) == NULL((void *)0) ||
    (sa->sa_iid.id_type == 0) ||
    (prfkey = sa->sa_key_iprf) == NULL((void *)0) ||
    (buf = sa->sa_1stmsg) == NULL((void *)0))
	return (NULL((void *)0));
id = &sa->sa_iid;
} else {
if ((nonce = sa->sa_inoncesa_kex.kex_inonce) == NULL((void *)0) ||
    (sa->sa_rid.id_type == 0) ||
    (prfkey = sa->sa_key_rprf) == NULL((void *)0) ||
    (buf = sa->sa_2ndmsg) == NULL((void *)0))
	return (NULL((void *)0));
id = &sa->sa_rid;
}

if ((authmsg = ibuf_dup(buf)) == NULL((void *)0))
return (NULL((void *)0));
if (ibuf_add_buf(authmsg, nonce) != 0)
goto fail;

if ((hash_setkey(sa->sa_prf, ibuf_data(prfkey),
   ibuf_size(prfkey))) == NULL((void *)0))
goto fail;

/* require non-truncating hash */
if (hash_keylength(sa->sa_prf) != hash_length(sa->sa_prf))
goto fail;

if ((ptr = ibuf_reserve(authmsg, hash_keylength(sa->sa_prf))) == NULL((void *)0))
goto fail;

hash_init(sa->sa_prf);
hash_update(sa->sa_prf, ibuf_data(id->id_buf), ibuf_size(id->id_buf));
hash_final(sa->sa_prf, ptr, &tmplen);

if (tmplen != hash_length(sa->sa_prf))
goto fail;

log_debug("%s: %s auth data length %zu",
   __func__, response ? "responder" : "initiator",
   ibuf_size(authmsg));
print_hexbuf(authmsg);

return (authmsg);

fail:
ibuf_free(authmsg);
return (NULL((void *)0));
997}

999int
1000ikev2_msg_authverify(struct iked *env, struct iked_sa *sa,
  struct iked_auth *auth, uint8_t *buf, size_t len, struct ibuf *authmsg)
1002{
uint8_t				*key, *psk = NULL((void *)0);
ssize_t				 keylen;
struct iked_id			*id;
struct iked_dsa			*dsa = NULL((void *)0);
int				 ret = -1;
uint8_t				 keytype;

if (sa->sa_hdr.sh_initiator)
id = &sa->sa_rcert;
else
id = &sa->sa_icert;

if ((dsa = dsa_verify_new(auth->auth_method, sa->sa_prf)) == NULL((void *)0)) {
log_debug("%s: invalid auth method", __func__);
return (-1);
}

switch (auth->auth_method) {
case IKEV2_AUTH_SHARED_KEY_MIC2:
if (!auth->auth_length) {
	log_debug("%s: no pre-shared key found", __func__);
	goto done;
}
if ((keylen = ikev2_psk(sa, auth->auth_data,
    auth->auth_length, &psk)) == -1) {
	log_debug("%s: failed to get PSK", __func__);
	goto done;
}
key = psk;
keytype = 0;
break;
default:
if (!id->id_type || !ibuf_length(id->id_buf)) {
	log_debug("%s: no cert found", __func__);
	goto done;
}
key = ibuf_data(id->id_buf);
keylen = ibuf_size(id->id_buf);
keytype = id->id_type;
break;
}

log_debug("%s: method %s keylen %zd type %s", __func__,
   print_map(auth->auth_method, ikev2_auth_map), keylen,
   print_map(id->id_type, ikev2_cert_map));

if (dsa_setkey(dsa, key, keylen, keytype) == NULL((void *)0) ||
   dsa_init(dsa, buf, len) != 0 ||
   dsa_update(dsa, ibuf_data(authmsg), ibuf_size(authmsg))) {
log_debug("%s: failed to compute digital signature", __func__);
goto done;
}

if ((ret = dsa_verify_final(dsa, buf, len)) == 0) {
log_debug("%s: authentication successful", __func__);
sa_state(env, sa, IKEV2_STATE_AUTH_SUCCESS6);
sa_stateflags(sa, IKED_REQ_AUTHVALID0x0010);
} else {
log_debug("%s: authentication failed", __func__);
sa_state(env, sa, IKEV2_STATE_AUTH_REQUEST5);
}

done:
free(psk);
dsa_free(dsa);

return (ret);
1070}

1072int
1073ikev2_msg_authsign(struct iked *env, struct iked_sa *sa,
  struct iked_auth *auth, struct ibuf *authmsg)
1075{
uint8_t				*key, *psk = NULL((void *)0);
ssize_t				 keylen, siglen;
struct iked_hash		*prf = sa->sa_prf;
struct iked_id			*id;
struct iked_dsa			*dsa = NULL((void *)0);
struct ibuf			*buf;
int				 ret = -1;
uint8_t			 keytype;

if (sa->sa_hdr.sh_initiator)
id = &sa->sa_icert;
else
id = &sa->sa_rcert;

if ((dsa = dsa_sign_new(auth->auth_method, prf)) == NULL((void *)0)) {
log_debug("%s: invalid auth method", __func__);
return (-1);
}

switch (auth->auth_method) {
case IKEV2_AUTH_SHARED_KEY_MIC2:
if (!auth->auth_length) {
	log_debug("%s: no pre-shared key found", __func__);
	goto done;
}
if ((keylen = ikev2_psk(sa, auth->auth_data,
    auth->auth_length, &psk)) == -1) {
	log_debug("%s: failed to get PSK", __func__);
	goto done;
}
key = psk;
keytype = 0;
break;
default:
if (id == NULL((void *)0)) {
	log_debug("%s: no cert found", __func__);
	goto done;
}
key = ibuf_data(id->id_buf);
keylen = ibuf_size(id->id_buf);
keytype = id->id_type;
break;
}

if (dsa_setkey(dsa, key, keylen, keytype) == NULL((void *)0) ||
   dsa_init(dsa, NULL((void *)0), 0) != 0 ||
   dsa_update(dsa, ibuf_data(authmsg), ibuf_size(authmsg))) {
log_debug("%s: failed to compute digital signature", __func__);
goto done;
}

ibuf_free(sa->sa_localauth.id_buf);
sa->sa_localauth.id_buf = NULL((void *)0);

if ((buf = ibuf_new(NULL((void *)0), dsa_length(dsa))) == NULL((void *)0)) {
log_debug("%s: failed to get auth buffer", __func__);
goto done;
}

if ((siglen = dsa_sign_final(dsa,
   ibuf_data(buf), ibuf_size(buf))) < 0) {
log_debug("%s: failed to create auth signature", __func__);
ibuf_free(buf);
goto done;
}

if (ibuf_setsize(buf, siglen) < 0) {
log_debug("%s: failed to set auth signature size to %zd",
    __func__, siglen);
ibuf_free(buf);
goto done;
}

sa->sa_localauth.id_type = auth->auth_method;
sa->sa_localauth.id_buf = buf;

ret = 0;
done:
free(psk);
dsa_free(dsa);

return (ret);
1158}

1160int
1161ikev2_msg_frompeer(struct iked_message *msg)
1162{
struct iked_sa		*sa = msg->msg_sa;
struct ike_header	*hdr;

msg = msg->msg_parent;

if (sa == NULL((void *)0) ||
   (hdr = ibuf_seek(msg->msg_data, 0, sizeof(*hdr))) == NULL((void *)0))
return (0);

if (!sa->sa_hdr.sh_initiator &&
   (hdr->ike_flags & IKEV2_FLAG_INITIATOR0x08))
return (1);
else if (sa->sa_hdr.sh_initiator &&
   (hdr->ike_flags & IKEV2_FLAG_INITIATOR0x08) == 0)
return (1);

return (0);
1180}

1182struct iked_socket *
1183ikev2_msg_getsocket(struct iked *env, int af, int natt)
1184{
switch (af) {
case AF_INET2:
return (env->sc_sock4[natt ? 1 : 0]);
case AF_INET624:
return (env->sc_sock6[natt ? 1 : 0]);
}

log_debug("%s: af socket %d not available", __func__, af);
return (NULL((void *)0));
1194}

1196int
1197ikev2_msg_enqueue(struct iked *env, struct iked_msgqueue *queue,
  struct iked_message *msg, int timeout)
1199{
struct iked_msg_retransmit *mr;

if ((mr = ikev2_msg_lookup(env, queue, msg, msg->msg_exchange)) ==
   NULL((void *)0)) {
if ((mr = calloc(1, sizeof(*mr))) == NULL((void *)0))
	return (-1);
TAILQ_INIT(&mr->mrt_frags)do { (&mr->mrt_frags)->tqh_first = ((void *)0); (&
mr->mrt_frags)->tqh_last = &(&mr->mrt_frags)
->tqh_first; } while (0);
mr->mrt_tries = 0;

timer_set(env, &mr->mrt_timer, msg->msg_response ?
    ikev2_msg_response_timeout : ikev2_msg_retransmit_timeout,
    mr);
timer_add(env, &mr->mrt_timer, timeout);

TAILQ_INSERT_TAIL(queue, mr, mrt_entry)do { (mr)->mrt_entry.tqe_next = ((void *)0); (mr)->mrt_entry
.tqe_prev = (queue)->tqh_last; *(queue)->tqh_last = (mr
); (queue)->tqh_last = &(mr)->mrt_entry.tqe_next; }
 while (0);
}

TAILQ_INSERT_TAIL(&mr->mrt_frags, msg, msg_entry)do { (msg)->msg_entry.tqe_next = ((void *)0); (msg)->msg_entry
.tqe_prev = (&mr->mrt_frags)->tqh_last; *(&mr->
mrt_frags)->tqh_last = (msg); (&mr->mrt_frags)->
tqh_last = &(msg)->msg_entry.tqe_next; } while (0);

return 0;
1220}

1222void
1223ikev2_msg_prevail(struct iked *env, struct iked_msgqueue *queue,
  struct iked_message *msg)
1225{
struct iked_msg_retransmit	*mr, *mrtmp;

TAILQ_FOREACH_SAFE(mr, queue, mrt_entry, mrtmp)for ((mr) = ((queue)->tqh_first); (mr) != ((void *)0) &&
 ((mrtmp) = ((mr)->mrt_entry.tqe_next), 1); (mr) = (mrtmp)
) {
if (TAILQ_FIRST(&mr->mrt_frags)((&mr->mrt_frags)->tqh_first)->msg_msgid < msg->msg_msgid)
	ikev2_msg_dispose(env, queue, mr);
}
1232}

1234void
1235ikev2_msg_dispose(struct iked *env, struct iked_msgqueue *queue,
  struct iked_msg_retransmit *mr)
1237{
struct iked_message	*m;

while ((m = TAILQ_FIRST(&mr->mrt_frags)((&mr->mrt_frags)->tqh_first)) != NULL((void *)0)) {
4
←
Assuming the condition is false→
5
←
Loop condition is false. Execution continues on line 1246→
TAILQ_REMOVE(&mr->mrt_frags, m, msg_entry)do { if (((m)->msg_entry.tqe_next) != ((void *)0)) (m)->
msg_entry.tqe_next->msg_entry.tqe_prev = (m)->msg_entry
.tqe_prev; else (&mr->mrt_frags)->tqh_last = (m)->
msg_entry.tqe_prev; *(m)->msg_entry.tqe_prev = (m)->msg_entry
.tqe_next; ; ; } while (0);
ikev2_msg_cleanup(env, m);
free(m);
}

timer_del(env, &mr->mrt_timer);
TAILQ_REMOVE(queue, mr, mrt_entry)do { if (((mr)->mrt_entry.tqe_next) != ((void *)0)) (mr)->
mrt_entry.tqe_next->mrt_entry.tqe_prev = (mr)->mrt_entry
.tqe_prev; else (queue)->tqh_last = (mr)->mrt_entry.tqe_prev
; *(mr)->mrt_entry.tqe_prev = (mr)->mrt_entry.tqe_next;
 ; ; } while (0);
6
←
Assuming field 'tqe_next' is equal to null→
7
←
Taking false branch→
8
←
Loop condition is false.  Exiting loop→
free(mr);
9
←
Memory is released→
1249}

1251void
1252ikev2_msg_flushqueue(struct iked *env, struct iked_msgqueue *queue)
1253{
struct iked_msg_retransmit	*mr = NULL((void *)0);

while ((mr = TAILQ_FIRST(queue)((queue)->tqh_first)) != NULL((void *)0))
1
Assuming the condition is true→
2
←
Loop condition is true.  Entering loop body→
11
←
Loop condition is true.  Entering loop body→
ikev2_msg_dispose(env, queue, mr);
3
←
Calling 'ikev2_msg_dispose'→
10
←
Returning; memory was released via 3rd parameter→
12
←
Use of memory after it is freed
1258}

1260struct iked_msg_retransmit *
1261ikev2_msg_lookup(struct iked *env, struct iked_msgqueue *queue,
  struct iked_message *msg, uint8_t exchange)
1263{
struct iked_msg_retransmit	*mr = NULL((void *)0);

TAILQ_FOREACH(mr, queue, mrt_entry)for((mr) = ((queue)->tqh_first); (mr) != ((void *)0); (mr)
 = ((mr)->mrt_entry.tqe_next)) {
if (TAILQ_FIRST(&mr->mrt_frags)((&mr->mrt_frags)->tqh_first)->msg_msgid ==
    msg->msg_msgid &&
    TAILQ_FIRST(&mr->mrt_frags)((&mr->mrt_frags)->tqh_first)->msg_exchange == exchange)
	break;
}

return (mr);
1274}

1276int
1277ikev2_msg_retransmit_response(struct iked *env, struct iked_sa *sa,
  struct iked_message *msg, uint8_t exchange)
1279{
struct iked_msg_retransmit	*mr = NULL((void *)0);
struct iked_message	*m = NULL((void *)0);

if ((mr = ikev2_msg_lookup(env, &sa->sa_responses, msg, exchange))
   == NULL((void *)0))
return (-2);	/* not found */

TAILQ_FOREACH(m, &mr->mrt_frags, msg_entry)for((m) = ((&mr->mrt_frags)->tqh_first); (m) != ((void
 *)0); (m) = ((m)->msg_entry.tqe_next)) {
if (sendtofrom(m->msg_fd, ibuf_data(m->msg_data),
    ibuf_size(m->msg_data), 0,
    (struct sockaddr *)&m->msg_peer, m->msg_peerlen,
    (struct sockaddr *)&m->msg_local, m->msg_locallen) == -1) {
	log_warn("%s: sendtofrom", __func__);
	ikestat_inc(env, ikes_msg_send_failures)do { env->sc_stats.ikes_msg_send_failures += (1); } while(
0);
	return (-1);
}
log_info("%sretransmit %s res %u local %s peer %s",
    SPI_SA(sa, NULL)ikev2_ikesa_info((&(sa)->sa_hdr)->sh_ispi, ((((void
 *)0)))),
    print_map(exchange, ikev2_exchange_map),
    m->msg_msgid,
    print_addr(&m->msg_local),
    print_addr(&m->msg_peer));
}

timer_add(env, &mr->mrt_timer, IKED_RESPONSE_TIMEOUT120);
ikestat_inc(env, ikes_retransmit_response)do { env->sc_stats.ikes_retransmit_response += (1); } while
(0);
return (0);
1307}

1309void
1310ikev2_msg_response_timeout(struct iked *env, void *arg)
1311{
struct iked_msg_retransmit	*mr = arg;
struct iked_sa		*sa;

sa = TAILQ_FIRST(&mr->mrt_frags)((&mr->mrt_frags)->tqh_first)->msg_sa;
ikev2_msg_dispose(env, &sa->sa_responses, mr);
1317}

1319void
1320ikev2_msg_retransmit_timeout(struct iked *env, void *arg)
1321{
struct iked_msg_retransmit *mr = arg;
struct iked_message	*msg = TAILQ_FIRST(&mr->mrt_frags)((&mr->mrt_frags)->tqh_first);
struct iked_sa		*sa = msg->msg_sa;

if (mr->mrt_tries < IKED_RETRANSMIT_TRIES5) {
TAILQ_FOREACH(msg, &mr->mrt_frags, msg_entry)for((msg) = ((&mr->mrt_frags)->tqh_first); (msg) !=
 ((void *)0); (msg) = ((msg)->msg_entry.tqe_next)) {
	if (sendtofrom(msg->msg_fd, ibuf_data(msg->msg_data),
	    ibuf_size(msg->msg_data), 0,
	    (struct sockaddr *)&msg->msg_peer, msg->msg_peerlen,
	    (struct sockaddr *)&msg->msg_local,
	    msg->msg_locallen) == -1) {
		log_warn("%s: sendtofrom", __func__);
		ikev2_ike_sa_setreason(sa, "retransmit failed");
		sa_free(env, sa);
		ikestat_inc(env, ikes_msg_send_failures)do { env->sc_stats.ikes_msg_send_failures += (1); } while(
0);
		return;
	}
	log_info("%sretransmit %d %s req %u peer %s "
	    "local %s", SPI_SA(sa, NULL)ikev2_ikesa_info((&(sa)->sa_hdr)->sh_ispi, ((((void
 *)0)))), mr->mrt_tries + 1,
	    print_map(msg->msg_exchange, ikev2_exchange_map),
	    msg->msg_msgid,
	    print_addr(&msg->msg_peer),
	    print_addr(&msg->msg_local));
}
/* Exponential timeout */
timer_add(env, &mr->mrt_timer,
    IKED_RETRANSMIT_TIMEOUT2 * (2 << (mr->mrt_tries++)));
ikestat_inc(env, ikes_retransmit_request)do { env->sc_stats.ikes_retransmit_request += (1); } while
(0);
} else {
log_debug("%s: retransmit limit reached for req %u",
    __func__, msg->msg_msgid);
ikev2_ike_sa_setreason(sa, "retransmit limit reached");
ikestat_inc(env, ikes_retransmit_limit)do { env->sc_stats.ikes_retransmit_limit += (1); } while(0
);
sa_free(env, sa);
}
1357}