X-Git-Url: https://git.saurik.com/apple/ipsec.git/blobdiff_plain/65c257469f746e64364e5df94f3ed8c6698a9d0a..7685aad60c1b188a3f84904e9b609a7438e833c9:/ipsec-tools/racoon/isakmp_quick.c diff --git a/ipsec-tools/racoon/isakmp_quick.c b/ipsec-tools/racoon/isakmp_quick.c index 8bb4a87..b31a34c 100644 --- a/ipsec-tools/racoon/isakmp_quick.c +++ b/ipsec-tools/racoon/isakmp_quick.c @@ -53,9 +53,6 @@ # include # endif #endif -#ifdef ENABLE_HYBRID -#include -#endif #ifndef HAVE_NETINET6_IPSEC #include @@ -691,7 +688,7 @@ quick_i2recv(iph2, msg0) goto end; } - result = memcmp(my_hash->v, r_hash, my_hash->l); + result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l); vfree(my_hash); if (result) { @@ -1020,7 +1017,7 @@ quick_i4recv(iph2, msg0) goto end; } - result = memcmp(my_hash->v, r_hash, my_hash->l); + result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l); vfree(my_hash); if (result) { @@ -1357,7 +1354,7 @@ quick_r1recv(iph2, msg0) goto end; } - result = memcmp(my_hash->v, r_hash, my_hash->l); + result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l); vfree(my_hash); if (result) { @@ -1385,7 +1382,8 @@ quick_r1recv(iph2, msg0) plog(ASL_LEVEL_ERR, "failed to generate a proposal template " "from client's proposal.\n"); - return ISAKMP_INTERNAL_ERROR; + error = ISAKMP_INTERNAL_ERROR; + goto end; } /*FALLTHROUGH*/ case 0: @@ -1891,7 +1889,7 @@ quick_r3recv(iph2, msg0) goto end; } - result = memcmp(my_hash->v, r_hash, my_hash->l); + result = timingsafe_bcmp(my_hash->v, r_hash, my_hash->l); vfree(my_hash); if (result) { @@ -2610,11 +2608,11 @@ get_proposal_r_remote(iph2, ignore_id) if (sp_in == NULL || sp_in->policy == IPSEC_POLICY_GENERATE) { if (iph2->ph1->rmconf->gen_policy) { if (sp_in) - plog(ASL_LEVEL_INFO, + plog(ASL_LEVEL_NOTICE, "Update the generated policy : %s\n", spidx2str(&spidx)); else - plog(ASL_LEVEL_INFO, + plog(ASL_LEVEL_NOTICE, "no policy found, " "try to generate the policy : %s\n", spidx2str(&spidx));