8 files changed, 236 insertions, 25 deletions

diff --git a/src/starter/Makefile.am b/src/starter/Makefile.am
index a3c58126e..457c0650e 100644
--- a/src/starter/Makefile.am
+++ b/src/starter/Makefile.am
@@ -39,15 +39,21 @@ starter_LDADD = \
 	libstarter.la \
 	$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
 
-EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
-MAINTAINERCLEANFILES = keywords.c
-BUILT_SOURCES = keywords.c parser/parser.h
+EXTRA_DIST = keywords.h.in keywords.txt ipsec.conf ipsec.secrets Android.mk
+MAINTAINERCLEANFILES = keywords.h keywords.c
+BUILT_SOURCES = keywords.h keywords.c parser/parser.h
 
 if USE_LOAD_WARNING
   AM_CPPFLAGS += -DLOAD_WARNING
 endif
 
-keywords.c:	$(srcdir)/keywords.txt $(srcdir)/keywords.h
+keywords.h: $(srcdir)/keywords.h.in
+		$(AM_V_GEN) \
+		sed \
+		-e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+		$< > $@
+
+keywords.c:	$(srcdir)/keywords.txt keywords.h
 		$(AM_V_GEN) \
 		$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
 
diff --git a/src/starter/Makefile.in b/src/starter/Makefile.in
index 2fa22ae97..80fd2c68d 100644
--- a/src/starter/Makefile.in
+++ b/src/starter/Makefile.in
@@ -289,9 +289,11 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
 GEM = @GEM@
 GENHTML = @GENHTML@
 GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
 GPRBUILD = @GPRBUILD@
 GREP = @GREP@
 INSTALL = @INSTALL@
@@ -524,9 +526,9 @@ starter_LDADD = \
 	libstarter.la \
 	$(SOCKLIB) $(PTHREADLIB) $(ATOMICLIB)
 
-EXTRA_DIST = keywords.txt ipsec.conf ipsec.secrets Android.mk
-MAINTAINERCLEANFILES = keywords.c
-BUILT_SOURCES = keywords.c parser/parser.h
+EXTRA_DIST = keywords.h.in keywords.txt ipsec.conf ipsec.secrets Android.mk
+MAINTAINERCLEANFILES = keywords.h keywords.c
+BUILT_SOURCES = keywords.h keywords.c parser/parser.h
 all: $(BUILT_SOURCES)
 	$(MAKE) $(AM_MAKEFLAGS) all-recursive
 
@@ -995,7 +997,13 @@ uninstall-am: uninstall-ipsecPROGRAMS
 .PRECIOUS: Makefile
 
 
-keywords.c:	$(srcdir)/keywords.txt $(srcdir)/keywords.h
+keywords.h: $(srcdir)/keywords.h.in
+		$(AM_V_GEN) \
+		sed \
+		-e "s:\@GPERF_LEN_TYPE\@:$(GPERF_LEN_TYPE):" \
+		$< > $@
+
+keywords.c:	$(srcdir)/keywords.txt keywords.h
 		$(AM_V_GEN) \
 		$(GPERF) -m 10 -C -G -D -t < $(srcdir)/keywords.txt > $@
 
diff --git a/src/starter/confread.c b/src/starter/confread.c
index f98fc8936..f154f8951 100644
--- a/src/starter/confread.c
+++ b/src/starter/confread.c
@@ -40,17 +40,9 @@
 #define SA_REPLACEMENT_RETRIES_DEFAULT   3
 #define SA_REPLAY_WINDOW_DEFAULT        -1 /* use charon.replay_window */
 
-static const char ike_defaults[] = "aes128-sha256-curve25519";
-static const char esp_defaults[] = "aes128-sha256";
-
 static const char firewall_defaults[] = IPSEC_SCRIPT " _updown iptables";
 
 /**
- * Provided by GPERF
- */
-extern kw_entry_t *in_word_set (char *str, unsigned int len);
-
-/**
  * Process deprecated keywords
  */
 static bool is_deprecated(kw_token_t token, char *name, char *conn)
@@ -95,7 +87,7 @@ static void load_setup(starter_config_t *cfg, conf_parser_t *parser)
 {
 	enumerator_t *enumerator;
 	dictionary_t *dict;
-	kw_entry_t *entry;
+	const kw_entry_t *entry;
 	char *key, *value;
 
 	DBG2(DBG_APP, "Loading config setup");
@@ -146,7 +138,7 @@ static void load_ca(starter_ca_t *ca, starter_config_t *cfg,
 {
 	enumerator_t *enumerator;
 	dictionary_t *dict;
-	kw_entry_t *entry;
+	const kw_entry_t *entry;
 	kw_token_t token;
 	char *key, *value;
 
@@ -211,7 +203,6 @@ static void conn_defaults(starter_conn_t *conn)
 	conn->mode    = MODE_TUNNEL;
 	conn->options = SA_OPTION_MOBIKE;
 
-	conn->ike                   = strdupnull(ike_defaults);
 	/* esp defaults are set after parsing the conn section */
 	conn->sa_ike_life_seconds   = IKE_LIFETIME_DEFAULT;
 	conn->sa_ipsec_life_seconds = IPSEC_LIFETIME_DEFAULT;
@@ -559,7 +550,7 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg,
 {
 	enumerator_t *enumerator;
 	dictionary_t *dict;
-	kw_entry_t *entry;
+	const kw_entry_t *entry;
 	kw_token_t token;
 	char *key, *value;
 
@@ -627,11 +618,6 @@ static void load_conn(starter_conn_t *conn, starter_config_t *cfg,
 
 	handle_firewall("left", &conn->left, cfg);
 	handle_firewall("right", &conn->right, cfg);
-
-	if (!conn->esp && !conn->ah)
-	{
-		conn->esp = strdupnull(esp_defaults);
-	}
 }
 
 /*
diff --git a/src/starter/keywords.c b/src/starter/keywords.c
index 505b66010..0e2d0fb4b 100644
--- a/src/starter/keywords.c
+++ b/src/starter/keywords.c
@@ -47,6 +47,7 @@ error "gperf generated tables don't work with this execution character set. Plea
 
 #include <string.h>
 
+#define IN_GPERF_GENERATED_FILE
 #include "keywords.h"
 
 struct kw_entry {
diff --git a/src/starter/keywords.h b/src/starter/keywords.h
index 0cb46a740..27d16b0b8 100644
--- a/src/starter/keywords.h
+++ b/src/starter/keywords.h
@@ -196,4 +196,8 @@ struct kw_entry_t {
 	kw_token_t token;
 };
 
+#ifndef IN_GPERF_GENERATED_FILE
+const kw_entry_t *in_word_set(register const char*, register unsigned);
+#endif
+
 #endif /* _KEYWORDS_H_ */
diff --git a/src/starter/keywords.h.in b/src/starter/keywords.h.in
new file mode 100644
index 000000000..d2b08f2cf
--- /dev/null
+++ b/src/starter/keywords.h.in
@@ -0,0 +1,203 @@
+/*
+ * Copyright (C) 2005 Andreas Steffen
+ * Hochschule fuer Technik Rapperswil, Switzerland
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#ifndef _KEYWORDS_H_
+#define _KEYWORDS_H_
+
+typedef enum kw_token_t kw_token_t;
+typedef struct kw_entry_t kw_entry_t;
+
+enum kw_token_t {
+	/* config setup keywords */
+	KW_CHARONDEBUG,
+	KW_UNIQUEIDS,
+	KW_CACHECRLS,
+	KW_STRICTCRLPOLICY,
+	KW_PKCS11_DEPRECATED,
+	KW_SETUP_DEPRECATED,
+
+#define KW_SETUP_FIRST  KW_CHARONDEBUG
+#define KW_SETUP_LAST   KW_SETUP_DEPRECATED
+
+	/* conn section keywords */
+	KW_CONN_NAME,
+	KW_CONN_SETUP,
+	KW_KEYEXCHANGE,
+	KW_TYPE,
+	KW_COMPRESS,
+	KW_INSTALLPOLICY,
+	KW_AGGRESSIVE,
+	KW_AUTHBY,
+	KW_EAP_IDENTITY,
+	KW_AAA_IDENTITY,
+	KW_MOBIKE,
+	KW_FORCEENCAPS,
+	KW_FRAGMENTATION,
+	KW_IKEDSCP,
+	KW_IKELIFETIME,
+	KW_KEYLIFE,
+	KW_REKEYMARGIN,
+	KW_LIFEBYTES,
+	KW_MARGINBYTES,
+	KW_LIFEPACKETS,
+	KW_MARGINPACKETS,
+	KW_KEYINGTRIES,
+	KW_REKEYFUZZ,
+	KW_REKEY,
+	KW_REAUTH,
+	KW_IKE,
+	KW_ESP,
+	KW_AH,
+	KW_DPDDELAY,
+	KW_DPDTIMEOUT,
+	KW_DPDACTION,
+	KW_CLOSEACTION,
+	KW_SHA256_96,
+	KW_INACTIVITY,
+	KW_MODECONFIG,
+	KW_XAUTH,
+	KW_XAUTH_IDENTITY,
+	KW_MEDIATION,
+	KW_MEDIATED_BY,
+	KW_ME_PEERID,
+	KW_REQID,
+	KW_REPLAY_WINDOW,
+	KW_MARK,
+	KW_MARK_IN,
+	KW_MARK_OUT,
+	KW_TFC,
+	KW_PFS_DEPRECATED,
+	KW_CONN_DEPRECATED,
+
+#define KW_CONN_FIRST   KW_CONN_SETUP
+#define KW_CONN_LAST    KW_CONN_DEPRECATED
+
+	/* ca section keywords */
+	KW_CA_NAME,
+	KW_CA_SETUP,
+	KW_CACERT,
+	KW_CRLURI,
+	KW_CRLURI2,
+	KW_OCSPURI,
+	KW_OCSPURI2,
+	KW_CERTURIBASE,
+	KW_CA_DEPRECATED,
+
+#define KW_CA_FIRST     KW_CA_SETUP
+#define KW_CA_LAST      KW_CA_DEPRECATED
+
+	/* end keywords */
+	KW_HOST,
+	KW_IKEPORT,
+	KW_SUBNET,
+	KW_PROTOPORT,
+	KW_SOURCEIP,
+	KW_DNS,
+	KW_FIREWALL,
+	KW_HOSTACCESS,
+	KW_ALLOWANY,
+	KW_UPDOWN,
+	KW_AUTH1,
+	KW_AUTH2,
+	KW_ID,
+	KW_ID2,
+	KW_SIGKEY,
+	KW_CERT,
+	KW_CERT2,
+	KW_CERTPOLICY,
+	KW_SENDCERT,
+	KW_CA,
+	KW_CA2,
+	KW_GROUPS,
+	KW_GROUPS2,
+	KW_END_DEPRECATED,
+
+#define KW_END_FIRST    KW_HOST
+#define KW_END_LAST     KW_END_DEPRECATED
+
+	/* left end keywords */
+	KW_LEFT,
+	KW_LEFTIKEPORT,
+	KW_LEFTSUBNET,
+	KW_LEFTPROTOPORT,
+	KW_LEFTSOURCEIP,
+	KW_LEFTDNS,
+	KW_LEFTFIREWALL,
+	KW_LEFTHOSTACCESS,
+	KW_LEFTALLOWANY,
+	KW_LEFTUPDOWN,
+	KW_LEFTAUTH,
+	KW_LEFTAUTH2,
+	KW_LEFTID,
+	KW_LEFTID2,
+	KW_LEFTSIGKEY,
+	KW_LEFTCERT,
+	KW_LEFTCERT2,
+	KW_LEFTCERTPOLICY,
+	KW_LEFTSENDCERT,
+	KW_LEFTCA,
+	KW_LEFTCA2,
+	KW_LEFTGROUPS,
+	KW_LEFTGROUPS2,
+	KW_LEFT_DEPRECATED,
+
+#define KW_LEFT_FIRST   KW_LEFT
+#define KW_LEFT_LAST    KW_LEFT_DEPRECATED
+
+	/* right end keywords */
+	KW_RIGHT,
+	KW_RIGHTIKEPORT,
+	KW_RIGHTSUBNET,
+	KW_RIGHTPROTOPORT,
+	KW_RIGHTSOURCEIP,
+	KW_RIGHTDNS,
+	KW_RIGHTFIREWALL,
+	KW_RIGHTHOSTACCESS,
+	KW_RIGHTALLOWANY,
+	KW_RIGHTUPDOWN,
+	KW_RIGHTAUTH,
+	KW_RIGHTAUTH2,
+	KW_RIGHTID,
+	KW_RIGHTID2,
+	KW_RIGHTSIGKEY,
+	KW_RIGHTCERT,
+	KW_RIGHTCERT2,
+	KW_RIGHTCERTPOLICY,
+	KW_RIGHTSENDCERT,
+	KW_RIGHTCA,
+	KW_RIGHTCA2,
+	KW_RIGHTGROUPS,
+	KW_RIGHTGROUPS2,
+	KW_RIGHT_DEPRECATED,
+
+#define KW_RIGHT_FIRST  KW_RIGHT
+#define KW_RIGHT_LAST   KW_RIGHT_DEPRECATED
+
+	/* general section keywords */
+	KW_ALSO,
+	KW_AUTO,
+
+};
+
+struct kw_entry_t {
+	char *name;
+	kw_token_t token;
+};
+
+#ifndef IN_GPERF_GENERATED_FILE
+const kw_entry_t *in_word_set(register const char*, register @GPERF_LEN_TYPE@);
+#endif
+
+#endif /* _KEYWORDS_H_ */
diff --git a/src/starter/keywords.txt b/src/starter/keywords.txt
index 3f92dc83f..dd673bc7a 100644
--- a/src/starter/keywords.txt
+++ b/src/starter/keywords.txt
@@ -16,6 +16,7 @@
 
 #include <string.h>
 
+#define IN_GPERF_GENERATED_FILE
 #include "keywords.h"
 
 %}
diff --git a/src/starter/tests/Makefile.in b/src/starter/tests/Makefile.in
index fc5b86397..ce0c7b43c 100644
--- a/src/starter/tests/Makefile.in
+++ b/src/starter/tests/Makefile.in
@@ -241,9 +241,11 @@ ECHO_T = @ECHO_T@
 EGREP = @EGREP@
 EXEEXT = @EXEEXT@
 FGREP = @FGREP@
+FUZZING_LDFLAGS = @FUZZING_LDFLAGS@
 GEM = @GEM@
 GENHTML = @GENHTML@
 GPERF = @GPERF@
+GPERF_LEN_TYPE = @GPERF_LEN_TYPE@
 GPRBUILD = @GPRBUILD@
 GREP = @GREP@
 INSTALL = @INSTALL@