Update to FreeBSD head 2019-09-24

Git mirror commit 6b0307a0a5184339393f555d5d424190d8a8277a.

6 files changed, 61 insertions, 34 deletions

diff --git a/freebsd/sys/netipsec/ipsec.c b/freebsd/sys/netipsec/ipsec.c
index 116557ed..f5c3967c 100644
--- a/freebsd/sys/netipsec/ipsec.c
+++ b/freebsd/sys/netipsec/ipsec.c
@@ -218,6 +218,11 @@ SYSCTL_INT(_net_inet_ipsec, OID_AUTO, filtertunnel,
 SYSCTL_VNET_PCPUSTAT(_net_inet_ipsec, OID_AUTO, ipsecstats, struct ipsecstat,
     ipsec4stat, "IPsec IPv4 statistics.");
 
+struct timeval ipsec_warn_interval = { .tv_sec = 1, .tv_usec = 0 };
+SYSCTL_TIMEVAL_SEC(_net_inet_ipsec, OID_AUTO, crypto_warn_interval, CTLFLAG_RW,
+    &ipsec_warn_interval,
+    "Delay in seconds between warnings of deprecated IPsec crypto algorithms.");
+
 #ifdef REGRESSION
 /*
  * When set to 1, IPsec will send packets with the same sequence number.
@@ -1320,6 +1325,8 @@ ok:
 		    __func__, replay->overflow,
 		    ipsec_sa2str(sav, buf, sizeof(buf))));
 	}
+
+	replay->count++;
 	return (0);
 }
 
diff --git a/freebsd/sys/netipsec/ipsec.h b/freebsd/sys/netipsec/ipsec.h
index eed2d077..b9b6eca2 100644
--- a/freebsd/sys/netipsec/ipsec.h
+++ b/freebsd/sys/netipsec/ipsec.h
@@ -287,6 +287,8 @@ VNET_DECLARE(int, crypto_support);
 VNET_DECLARE(int, async_crypto);
 VNET_DECLARE(int, natt_cksum_policy);
 
+extern struct timeval ipsec_warn_interval;
+
 #define	IPSECSTAT_INC(name)	\
     VNET_PCPUSTAT_ADD(struct ipsecstat, ipsec4stat, name, 1)
 #define	V_ip4_esp_trans_deflev	VNET(ip4_esp_trans_deflev)
diff --git a/freebsd/sys/netipsec/key.c b/freebsd/sys/netipsec/key.c
index 4b79f881..062fbf28 100644
--- a/freebsd/sys/netipsec/key.c
+++ b/freebsd/sys/netipsec/key.c
@@ -286,7 +286,7 @@ key_addrprotohash(const union sockaddr_union *src,
 #endif
 	default:
 		hval = 0;
-		ipseclog((LOG_DEBUG, "%s: unknown address family %d",
+		ipseclog((LOG_DEBUG, "%s: unknown address family %d\n",
 		    __func__, dst->sa.sa_family));
 	}
 	return (hval);
@@ -2041,8 +2041,8 @@ key_spdadd(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 			key_freesp(&newsp);
 		} else {
 			key_freesp(&newsp);
-			ipseclog((LOG_DEBUG, "%s: a SP entry exists already.",
-			    __func__));
+			ipseclog((LOG_DEBUG,
+			    "%s: a SP entry exists already.\n", __func__));
 			return (key_senderror(so, m, EEXIST));
 		}
 	}
@@ -4762,34 +4762,10 @@ key_random()
 {
 	u_long value;
 
-	key_randomfill(&value, sizeof(value));
+	arc4random_buf(&value, sizeof(value));
 	return value;
 }
 
-void
-key_randomfill(void *p, size_t l)
-{
-	size_t n;
-	u_long v;
-	static int warn = 1;
-
-	n = 0;
-	n = (size_t)read_random(p, (u_int)l);
-	/* last resort */
-	while (n < l) {
-		v = random();
-		bcopy(&v, (u_int8_t *)p + n,
-		    l - n < sizeof(v) ? l - n : sizeof(v));
-		n += sizeof(v);
-
-		if (warn) {
-			printf("WARNING: pseudo-random number generator "
-			    "used for IPsec processing\n");
-			warn = 0;
-		}
-	}
-}
-
 /*
  * map SADB_SATYPE_* to IPPROTO_*.
  * if satype == SADB_SATYPE then satype is mapped to ~0.
@@ -5435,7 +5411,7 @@ key_update(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 	}
 	/* saidx should match with SA. */
 	if (key_cmpsaidx(&sav->sah->saidx, &saidx, CMP_MODE_REQID) == 0) {
-		ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u",
+		ipseclog((LOG_DEBUG, "%s: saidx mismatched for SPI %u\n",
 		    __func__, ntohl(sav->spi)));
 		key_freesav(&sav);
 		return key_senderror(so, m, ESRCH);
@@ -6911,14 +6887,14 @@ key_acqdone(const struct secasindex *saidx, uint32_t seq)
 	if (acq != NULL) {
 		if (key_cmpsaidx(&acq->saidx, saidx, CMP_EXACTLY) == 0) {
 			ipseclog((LOG_DEBUG,
-			    "%s: Mismatched saidx for ACQ %u", __func__, seq));
+			    "%s: Mismatched saidx for ACQ %u\n", __func__, seq));
 			acq = NULL;
 		} else {
 			acq->created = 0;
 		}
 	} else {
 		ipseclog((LOG_DEBUG,
-		    "%s: ACQ %u is not found.", __func__, seq));
+		    "%s: ACQ %u is not found.\n", __func__, seq));
 	}
 	ACQ_UNLOCK();
 	if (acq == NULL)
@@ -7190,7 +7166,7 @@ key_register(struct socket *so, struct mbuf *m, const struct sadb_msghdr *mhp)
 		return key_senderror(so, m, ENOBUFS);
 
 	MGETHDR(n, M_NOWAIT, MT_DATA);
-	if (len > MHLEN) {
+	if (n != NULL && len > MHLEN) {
 		if (!(MCLGET(n, M_NOWAIT))) {
 			m_freem(n);
 			n = NULL;
diff --git a/freebsd/sys/netipsec/key.h b/freebsd/sys/netipsec/key.h
index 7d7ae69f..2ee7c208 100644
--- a/freebsd/sys/netipsec/key.h
+++ b/freebsd/sys/netipsec/key.h
@@ -78,7 +78,6 @@ void key_unregister_ifnet(struct secpolicy **, u_int);
 void key_delete_xform(const struct xformsw *);
 
 extern u_long key_random(void);
-extern void key_randomfill(void *, size_t);
 extern void key_freereg(struct socket *);
 extern int key_parse(struct mbuf *, struct socket *);
 extern void key_init(void);
diff --git a/freebsd/sys/netipsec/xform_ah.c b/freebsd/sys/netipsec/xform_ah.c
index 84ba6c16..618fbd9b 100644
--- a/freebsd/sys/netipsec/xform_ah.c
+++ b/freebsd/sys/netipsec/xform_ah.c
@@ -110,6 +110,7 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_ah, IPSECCTL_STATS, stats, struct ahstat,
 #endif
 
 static unsigned char ipseczeroes[256];	/* larger than an ip6 extension hdr */
+static struct timeval md5warn, ripewarn, kpdkmd5warn, kpdksha1warn;
 
 static int ah_input_cb(struct cryptop*);
 static int ah_output_cb(struct cryptop*);
@@ -186,6 +187,26 @@ ah_init0(struct secasvar *sav, struct xformsw *xsp, struct cryptoini *cria)
 			__func__, sav->alg_auth));
 		return EINVAL;
 	}
+
+	switch (sav->alg_auth) {
+	case SADB_AALG_MD5HMAC:
+		if (ratecheck(&md5warn, &ipsec_warn_interval))
+			gone_in(13, "MD5-HMAC authenticator for IPsec");
+		break;
+	case SADB_X_AALG_RIPEMD160HMAC:
+		if (ratecheck(&ripewarn, &ipsec_warn_interval))
+			gone_in(13, "RIPEMD160-HMAC authenticator for IPsec");
+		break;
+	case SADB_X_AALG_MD5:
+		if (ratecheck(&kpdkmd5warn, &ipsec_warn_interval))
+			gone_in(13, "Keyed-MD5 authenticator for IPsec");
+		break;
+	case SADB_X_AALG_SHA:
+		if (ratecheck(&kpdksha1warn, &ipsec_warn_interval))
+			gone_in(13, "Keyed-SHA1 authenticator for IPsec");
+		break;
+	}
+
 	/*
 	 * Verify the replay state block allocation is consistent with
 	 * the protocol type.  We check here so we can make assumptions
diff --git a/freebsd/sys/netipsec/xform_esp.c b/freebsd/sys/netipsec/xform_esp.c
index f8473575..388fe499 100644
--- a/freebsd/sys/netipsec/xform_esp.c
+++ b/freebsd/sys/netipsec/xform_esp.c
@@ -96,6 +96,8 @@ SYSCTL_VNET_PCPUSTAT(_net_inet_esp, IPSECCTL_STATS, stats,
     struct espstat, espstat,
     "ESP statistics (struct espstat, netipsec/esp_var.h");
 
+static struct timeval deswarn, blfwarn, castwarn, camelliawarn;
+
 static int esp_input_cb(struct cryptop *op);
 static int esp_output_cb(struct cryptop *crp);
 
@@ -158,6 +160,26 @@ esp_init(struct secasvar *sav, struct xformsw *xsp)
 			__func__));
 		return EINVAL;
 	}
+
+	switch (sav->alg_enc) {
+	case SADB_EALG_DESCBC:
+		if (ratecheck(&deswarn, &ipsec_warn_interval))
+			gone_in(13, "DES cipher for IPsec");
+		break;
+	case SADB_X_EALG_BLOWFISHCBC:
+		if (ratecheck(&blfwarn, &ipsec_warn_interval))
+			gone_in(13, "Blowfish cipher for IPsec");
+		break;
+	case SADB_X_EALG_CAST128CBC:
+		if (ratecheck(&castwarn, &ipsec_warn_interval))
+			gone_in(13, "CAST cipher for IPsec");
+		break;
+	case SADB_X_EALG_CAMELLIACBC:
+		if (ratecheck(&camelliawarn, &ipsec_warn_interval))
+			gone_in(13, "Camellia cipher for IPsec");
+		break;
+	}
+
 	/* subtract off the salt, RFC4106, 8.1 and RFC3686, 5.1 */
 	keylen = _KEYLEN(sav->key_enc) - SAV_ISCTRORGCM(sav) * 4;
 	if (txform->minkey > keylen || keylen > txform->maxkey) {
@@ -770,7 +792,7 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav,
 	 */
 	switch (sav->flags & SADB_X_EXT_PMASK) {
 	case SADB_X_EXT_PRAND:
-		(void) read_random(pad, padding - 2);
+		arc4random_buf(pad, padding - 2);
 		break;
 	case SADB_X_EXT_PZERO:
 		bzero(pad, padding - 2);