BSD: Fix TCP-MD5 code on current FreeBSD kernels

Current FreeBSD kernels require SA records for both directions. Thanks to Joseph Mulloy and Andrey V. Elsukov for reporting and solving the issue.
author: Ondrej Zajicek (work) <santiago@crfreenet.org> 2019-01-04 18:20:56 +0100
committer: Ondrej Zajicek (work) <santiago@crfreenet.org> 2019-01-04 18:20:56 +0100
commit: c30f00d4a803906bfd09e47874b922a3525855c7 (patch)
tree: dda7152d041a166f400f9b715367555ecdc29f6f
parent: 968c31ec6dd7882d626d1d54bbc0390ccf83f8b6 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/sysdep/bsd/setkey.h b/sysdep/bsd/setkey.h
index b417faca..cc85f62f 100644
--- a/sysdep/bsd/setkey.h
+++ b/sysdep/bsd/setkey.h
@@ -158,12 +158,14 @@ sk_set_md5_in_sasp_db(sock *s, ip_addr local, ip_addr remote, struct iface *ifa,
     if (len > TCP_KEYLEN_MAX)
       ERR_MSG("The password for TCP MD5 Signature is too long");
 
-    if (setkey_md5(&src, &dst, passwd, SADB_ADD) < 0)
+    if ((setkey_md5(&src, &dst, passwd, SADB_ADD) < 0) ||
+	(setkey_md5(&dst, &src, passwd, SADB_ADD) < 0))
       ERR_MSG("Cannot add TCP-MD5 password into the IPsec SA/SP database");
   }
   else
   {
-    if (setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0)
+    if ((setkey_md5(&src, &dst, NULL, SADB_DELETE) < 0) ||
+	(setkey_md5(&dst, &src, NULL, SADB_DELETE) < 0))
       ERR_MSG("Cannot delete TCP-MD5 password from the IPsec SA/SP database");
   }
   return 0;
author	Ondrej Zajicek (work) <santiago@crfreenet.org>	2019-01-04 18:20:56 +0100
committer	Ondrej Zajicek (work) <santiago@crfreenet.org>	2019-01-04 18:20:56 +0100
commit	c30f00d4a803906bfd09e47874b922a3525855c7 (patch)
tree	dda7152d041a166f400f9b715367555ecdc29f6f
parent	968c31ec6dd7882d626d1d54bbc0390ccf83f8b6 (diff)