diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/charon/daemon.c | 2 | ||||
| -rw-r--r-- | src/libstrongswan/utils.h | 1 | ||||
| -rw-r--r-- | src/pluto/crypto.c | 15 | ||||
| -rw-r--r-- | src/pluto/crypto.h | 2 | ||||
| -rw-r--r-- | src/pluto/plutomain.c | 7 | ||||
| -rw-r--r-- | src/pluto/timer.c | 9 | ||||
| -rw-r--r-- | src/pluto/timer.h | 2 | ||||
| -rw-r--r-- | src/starter/invokecharon.c | 5 | ||||
| -rw-r--r-- | src/starter/invokepluto.c | 5 | ||||
| -rw-r--r-- | src/starter/starter.c | 4 |
10 files changed, 37 insertions, 15 deletions
diff --git a/src/charon/daemon.c b/src/charon/daemon.c index 30b28a6bb..973f6b6b8 100644 --- a/src/charon/daemon.c +++ b/src/charon/daemon.c @@ -759,7 +759,7 @@ int main(int argc, char *argv[]) { DBG1(DBG_DMN, "initialization failed - aborting charon"); destroy(private_charon); - exit(-1); + exit(SS_RC_INITIALIZATION_FAILED); } if (check_pidfile()) diff --git a/src/libstrongswan/utils.h b/src/libstrongswan/utils.h index 56f7b7095..4e8f685b3 100644 --- a/src/libstrongswan/utils.h +++ b/src/libstrongswan/utils.h @@ -33,6 +33,7 @@ */ #define SS_RC_LIBSTRONGSWAN_INTEGRITY 64 #define SS_RC_DAEMON_INTEGRITY 65 +#define SS_RC_INITIALIZATION_FAILED 66 /** * Number of bits in a byte diff --git a/src/pluto/crypto.c b/src/pluto/crypto.c index 1adccc74e..f47ad1eeb 100644 --- a/src/pluto/crypto.c +++ b/src/pluto/crypto.c @@ -235,7 +235,7 @@ static struct dh_desc dh_desc_ecp_224 = { ke_size: 2*224 / BITS_PER_BYTE }; -void init_crypto(void) +bool init_crypto(void) { enumerator_t *enumerator; encryption_algorithm_t encryption_alg; @@ -275,13 +275,13 @@ void init_crypto(void) } enumerator->destroy(enumerator); - if (no_sha1) + if (no_sha1 || no_md5) { - exit_log("pluto cannot run without a SHA-1 hasher"); - } - if (no_md5) - { - exit_log("pluto cannot run without an MD5 hasher"); + plog("pluto cannot run without a %s%s%s hasher", + (no_sha1) ? "SHA-1" : "", + (no_sha1 && no_md5) ? " and " : "", + (no_md5) ? "MD5" : ""); + return FALSE; } enumerator = lib->crypto->create_crypter_enumerator(lib->crypto); @@ -363,6 +363,7 @@ void init_crypto(void) ike_alg_add((struct ike_alg *)desc); } enumerator->destroy(enumerator); + return TRUE; } void free_crypto(void) diff --git a/src/pluto/crypto.h b/src/pluto/crypto.h index 06c4e1d1a..019ba5764 100644 --- a/src/pluto/crypto.h +++ b/src/pluto/crypto.h @@ -20,7 +20,7 @@ #include "ike_alg.h" -extern void init_crypto(void); +extern bool init_crypto(void); extern void free_crypto(void); extern const struct dh_desc unset_group; /* magic signifier */ diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c index af0c98821..5d0e008f3 100644 --- a/src/pluto/plutomain.c +++ b/src/pluto/plutomain.c @@ -655,13 +655,16 @@ int main(int argc, char **argv) lib->settings->get_str(lib->settings, "pluto.load", PLUGINS)); print_plugins(); + if (!init_secret() || !init_crypto()) + { + plog("initialization failed - aborting pluto"); + exit_pluto(SS_RC_INITIALIZATION_FAILED); + } init_nat_traversal(nat_traversal, keep_alive, force_keepalive, nat_t_spf); init_virtual_ip(virtual_private); scx_init(pkcs11_module_path, pkcs11_init_args); xauth_init(); - init_secret(); init_states(); - init_crypto(); init_demux(); init_kernel(); init_adns(); diff --git a/src/pluto/timer.c b/src/pluto/timer.c index a61baa966..89082f88e 100644 --- a/src/pluto/timer.c +++ b/src/pluto/timer.c @@ -140,14 +140,21 @@ void event_schedule(enum event_type type, time_t tm, struct state *st) * Generate the secret value for responder cookies, and * schedule an event for refresh. */ -void init_secret(void) +bool init_secret(void) { rng_t *rng; rng = lib->crypto->create_rng(lib->crypto, RNG_STRONG); + + if (rng == NULL) + { + plog("secret initialization failed, no RNG supported"); + return FALSE; + } rng->get_bytes(rng, sizeof(secret_of_the_day), secret_of_the_day); rng->destroy(rng); event_schedule(EVENT_REINIT_SECRET, EVENT_REINIT_SECRET_DELAY, NULL); + return true; } /** diff --git a/src/pluto/timer.h b/src/pluto/timer.h index 322aeba6a..c8e9b727c 100644 --- a/src/pluto/timer.h +++ b/src/pluto/timer.h @@ -31,4 +31,4 @@ extern void delete_event(struct state *st); extern void delete_dpd_event(struct state *st); extern void daily_log_event(void); extern void free_events(void); -extern void init_secret(void); +extern bool init_secret(void); diff --git a/src/starter/invokecharon.c b/src/starter/invokecharon.c index bd15ac148..1eb2a0332 100644 --- a/src/starter/invokecharon.c +++ b/src/starter/invokecharon.c @@ -53,6 +53,11 @@ void starter_charon_sigchild(pid_t pid, int status) (status == 64) ? "libstrongswan" : "charon"); _stop_requested = 1; } + else if (status == SS_RC_INITIALIZATION_FAILED) + { + plog("charon has quit: initialization failed"); + _stop_requested = 1; + } if (!_stop_requested) { plog("charon has died -- restart scheduled (%dsec)" diff --git a/src/starter/invokepluto.c b/src/starter/invokepluto.c index 5ca1b45ab..08fb0657a 100644 --- a/src/starter/invokepluto.c +++ b/src/starter/invokepluto.c @@ -54,6 +54,11 @@ starter_pluto_sigchild(pid_t pid, int status) (status == 64) ? "libstrongswan" : "pluto"); _stop_requested = 1; } + else if (status == SS_RC_INITIALIZATION_FAILED) + { + plog("pluto has quit: initialization failed"); + _stop_requested = 1; + } if (!_stop_requested) { plog("pluto has died -- restart scheduled (%dsec)" diff --git a/src/starter/starter.c b/src/starter/starter.c index b64227238..72421ca96 100644 --- a/src/starter/starter.c +++ b/src/starter/starter.c @@ -103,8 +103,8 @@ static void fsig(int signal) else if (WIFEXITED(status)) { exit_status = WEXITSTATUS(status); - if (exit_status == SS_RC_LIBSTRONGSWAN_INTEGRITY || - exit_status == SS_RC_DAEMON_INTEGRITY) + if (exit_status >= SS_RC_LIBSTRONGSWAN_INTEGRITY && + exit_status <= SS_RC_INITIALIZATION_FAILED) { _action_ = FLAG_ACTION_QUIT; } |