diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2018-09-25 21:19:08 +0800 |
---|---|---|
committer | Khem Raj <raj.khem@gmail.com> | 2018-09-25 22:24:15 -0700 |
commit | 8a574d804d762bee6c750de0efbf0f58b940ab98 (patch) | |
tree | 8a2ca2ca1a6d590c349d4ed3b69bb3fb6e40ed75 /meta-networking/recipes-support/ipsec-tools/ipsec-tools | |
parent | e46ed5b414d617a20c1e6cd78e50915e960fffd8 (diff) | |
download | meta-openembedded-8a574d804d762bee6c750de0efbf0f58b940ab98.tar.gz |
ipsec-tools: support openssl 1.1.x
Long time no maintain from upstream since 2015,
backport a fix from openwrt
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/ipsec-tools/ipsec-tools')
-rw-r--r-- | meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch | 1086 |
1 files changed, 1086 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch new file mode 100644 index 000000000..228274436 --- /dev/null +++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch | |||
@@ -0,0 +1,1086 @@ | |||
1 | From b572350a922187d43dd4629c3b43e19979fae3ef Mon Sep 17 00:00:00 2001 | ||
2 | From: Eneas U de Queiroz <cote2004-github@yahoo.com> | ||
3 | Date: Tue, 25 Sep 2018 15:30:04 +0800 | ||
4 | Subject: [PATCH] ipsec-tools: add openssl 1.1 support | ||
5 | |||
6 | To: equeiroz@troianet.com.br | ||
7 | |||
8 | This patch updates the calls to openssl 1.1 API, and adds a | ||
9 | compatibility layer so it compiles with (at least) openssl 1.0.2, I | ||
10 | haven't tested it with lower versions, but all that's needed is to edit | ||
11 | the openssl_compat.* files and add the missing functions there--they're | ||
12 | usually trivial. | ||
13 | |||
14 | Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> | ||
15 | |||
16 | Upstream-Status: Submitted [https://sourceforge.net/p/ipsec-tools/mailman/message/36327963/] | ||
17 | https://github.com/openwrt/packages/blob/master/net/ipsec-tools/patches/015-openssl-1.1.patch | ||
18 | |||
19 | Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> | ||
20 | --- | ||
21 | src/racoon/Makefile.am | 10 +-- | ||
22 | src/racoon/algorithm.c | 6 +- | ||
23 | src/racoon/crypto_openssl.c | 197 +++++++++++++++++++++------------------- | ||
24 | src/racoon/crypto_openssl.h | 2 +- | ||
25 | src/racoon/eaytest.c | 7 +- | ||
26 | src/racoon/ipsec_doi.c | 2 +- | ||
27 | src/racoon/openssl_compat.c | 213 ++++++++++++++++++++++++++++++++++++++++++++ | ||
28 | src/racoon/openssl_compat.h | 45 ++++++++++ | ||
29 | src/racoon/plainrsa-gen.c | 41 +++++---- | ||
30 | src/racoon/prsa_par.y | 28 ++++-- | ||
31 | src/racoon/rsalist.c | 5 +- | ||
32 | 11 files changed, 430 insertions(+), 126 deletions(-) | ||
33 | create mode 100644 src/racoon/openssl_compat.c | ||
34 | create mode 100644 src/racoon/openssl_compat.h | ||
35 | |||
36 | diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am | ||
37 | index 0662957..272b009 100644 | ||
38 | --- a/src/racoon/Makefile.am | ||
39 | +++ b/src/racoon/Makefile.am | ||
40 | @@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrsa-gen | ||
41 | noinst_PROGRAMS = eaytest | ||
42 | include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \ | ||
43 | schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \ | ||
44 | - isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h | ||
45 | + isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h | ||
46 | lib_LTLIBRARIES = libracoon.la | ||
47 | |||
48 | adminsockdir=${localstatedir}/racoon | ||
49 | @@ -32,7 +32,7 @@ racoon_SOURCES = \ | ||
50 | gssapi.c dnssec.c getcertsbyname.c privsep.c \ | ||
51 | pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \ | ||
52 | policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \ | ||
53 | - proposal.c sainfo.c strnames.c \ | ||
54 | + openssl_compat.c proposal.c sainfo.c strnames.c \ | ||
55 | plog.c logger.c schedule.c str2val.c \ | ||
56 | safefile.c backupsa.c genlist.c rsalist.c \ | ||
57 | cftoken.l cfparse.y prsa_tok.l prsa_par.y | ||
58 | @@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c | ||
59 | libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS) | ||
60 | |||
61 | plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \ | ||
62 | - crypto_openssl.c logger.c | ||
63 | + crypto_openssl.c logger.c openssl_compat.c | ||
64 | EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS) | ||
65 | plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o | ||
66 | plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o | ||
67 | |||
68 | -eaytest_SOURCES = eaytest.c plog.c logger.c | ||
69 | +eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c | ||
70 | EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c | ||
71 | eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \ | ||
72 | $(CRYPTOBJS) | ||
73 | @@ -75,7 +75,7 @@ noinst_HEADERS = \ | ||
74 | debugrm.h isakmp.h misc.h sainfo.h \ | ||
75 | dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \ | ||
76 | isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \ | ||
77 | - throttle.h privsep.h \ | ||
78 | + throttle.h privsep.h openssl_compat.h \ | ||
79 | cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \ | ||
80 | missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \ | ||
81 | missing/crypto/rijndael/rijndael-api-fst.h \ | ||
82 | diff --git a/src/racoon/algorithm.c b/src/racoon/algorithm.c | ||
83 | index 3fd50f6..66c874b 100644 | ||
84 | --- a/src/racoon/algorithm.c | ||
85 | +++ b/src/racoon/algorithm.c | ||
86 | @@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encdef[] = { | ||
87 | { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16, | ||
88 | eay_aes_encrypt, eay_aes_decrypt, | ||
89 | eay_aes_weakkey, eay_aes_keylen, }, | ||
90 | -#ifdef HAVE_OPENSSL_CAMELLIA_H | ||
91 | +#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) | ||
92 | { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16, | ||
93 | eay_camellia_encrypt, eay_camellia_decrypt, | ||
94 | eay_camellia_weakkey, eay_camellia_keylen, }, | ||
95 | @@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef[] = { | ||
96 | { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16, | ||
97 | NULL, NULL, | ||
98 | NULL, eay_twofish_keylen, }, | ||
99 | -#ifdef HAVE_OPENSSL_IDEA_H | ||
100 | +#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) | ||
101 | { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8, | ||
102 | NULL, NULL, | ||
103 | NULL, NULL, }, | ||
104 | @@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = { | ||
105 | { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8, | ||
106 | NULL, NULL, | ||
107 | NULL, NULL, }, | ||
108 | -#ifdef HAVE_OPENSSL_CAMELLIA_H | ||
109 | +#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) | ||
110 | { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16, | ||
111 | NULL, NULL, | ||
112 | NULL, eay_camellia_keylen, }, | ||
113 | diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c | ||
114 | index 55b076a..8fb358f 100644 | ||
115 | --- a/src/racoon/crypto_openssl.c | ||
116 | +++ b/src/racoon/crypto_openssl.c | ||
117 | @@ -90,6 +90,7 @@ | ||
118 | #endif | ||
119 | #endif | ||
120 | #include "plog.h" | ||
121 | +#include "openssl_compat.h" | ||
122 | |||
123 | #define USE_NEW_DES_API | ||
124 | |||
125 | @@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2) | ||
126 | i = idx+1; | ||
127 | goto end; | ||
128 | } | ||
129 | - if ((ea->value->length == 1 && ea->value->data[0] == '*') || | ||
130 | - (eb->value->length == 1 && eb->value->data[0] == '*')) { | ||
131 | - if (OBJ_cmp(ea->object,eb->object)) { | ||
132 | + ASN1_STRING *sa = X509_NAME_ENTRY_get_data(ea); | ||
133 | + ASN1_STRING *sb = X509_NAME_ENTRY_get_data(eb); | ||
134 | + if ((ASN1_STRING_length(sa) == 1 && ASN1_STRING_get0_data(sa)[0] == '*') || | ||
135 | + (ASN1_STRING_length(sb) == 1 && ASN1_STRING_get0_data(sb)[0] == '*')) { | ||
136 | + if (OBJ_cmp(X509_NAME_ENTRY_get_object(ea), | ||
137 | + X509_NAME_ENTRY_get_object(eb))) { | ||
138 | i = idx+1; | ||
139 | goto end; | ||
140 | } | ||
141 | @@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx) | ||
142 | |||
143 | if (!ok) { | ||
144 | X509_NAME_oneline( | ||
145 | - X509_get_subject_name(ctx->current_cert), | ||
146 | + X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), | ||
147 | buf, | ||
148 | 256); | ||
149 | /* | ||
150 | @@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx) | ||
151 | * ok if they are self signed. But we should still warn | ||
152 | * the user. | ||
153 | */ | ||
154 | - switch (ctx->error) { | ||
155 | + int ctx_error = X509_STORE_CTX_get_error(ctx); | ||
156 | + switch (ctx_error) { | ||
157 | case X509_V_ERR_CERT_HAS_EXPIRED: | ||
158 | case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: | ||
159 | case X509_V_ERR_INVALID_CA: | ||
160 | @@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx) | ||
161 | } | ||
162 | plog(log_tag, LOCATION, NULL, | ||
163 | "%s(%d) at depth:%d SubjectName:%s\n", | ||
164 | - X509_verify_cert_error_string(ctx->error), | ||
165 | - ctx->error, | ||
166 | - ctx->error_depth, | ||
167 | + X509_verify_cert_error_string(ctx_error), | ||
168 | + ctx_error, | ||
169 | + X509_STORE_CTX_get_error_depth(ctx), | ||
170 | buf); | ||
171 | } | ||
172 | ERR_clear_error(); | ||
173 | @@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx) | ||
174 | |||
175 | if (!ok) { | ||
176 | X509_NAME_oneline( | ||
177 | - X509_get_subject_name(ctx->current_cert), | ||
178 | + X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), | ||
179 | buf, | ||
180 | 256); | ||
181 | - switch (ctx->error) { | ||
182 | + int ctx_error=X509_STORE_CTX_get_error(ctx); | ||
183 | + switch (ctx_error) { | ||
184 | case X509_V_ERR_UNABLE_TO_GET_CRL: | ||
185 | ok = 1; | ||
186 | log_tag = LLV_WARNING; | ||
187 | @@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx) | ||
188 | } | ||
189 | plog(log_tag, LOCATION, NULL, | ||
190 | "%s(%d) at depth:%d SubjectName:%s\n", | ||
191 | - X509_verify_cert_error_string(ctx->error), | ||
192 | - ctx->error, | ||
193 | - ctx->error_depth, | ||
194 | + X509_verify_cert_error_string(ctx_error), | ||
195 | + ctx_error, | ||
196 | + X509_STORE_CTX_get_error_depth(ctx), | ||
197 | buf); | ||
198 | } | ||
199 | ERR_clear_error(); | ||
200 | @@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert) | ||
201 | if (x509 == NULL) | ||
202 | goto error; | ||
203 | |||
204 | + X509_NAME *subject_name = X509_get_subject_name(x509); | ||
205 | /* get the length of the name */ | ||
206 | - len = i2d_X509_NAME(x509->cert_info->subject, NULL); | ||
207 | + len = i2d_X509_NAME(subject_name, NULL); | ||
208 | name = vmalloc(len); | ||
209 | if (!name) | ||
210 | goto error; | ||
211 | /* get the name */ | ||
212 | bp = (unsigned char *) name->v; | ||
213 | - len = i2d_X509_NAME(x509->cert_info->subject, &bp); | ||
214 | + len = i2d_X509_NAME(subject_name, &bp); | ||
215 | |||
216 | X509_free(x509); | ||
217 | |||
218 | @@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert) | ||
219 | if (x509 == NULL) | ||
220 | goto error; | ||
221 | |||
222 | + X509_NAME *issuer_name = X509_get_issuer_name(x509); | ||
223 | /* get the length of the name */ | ||
224 | - len = i2d_X509_NAME(x509->cert_info->issuer, NULL); | ||
225 | + len = i2d_X509_NAME(issuer_name, NULL); | ||
226 | name = vmalloc(len); | ||
227 | if (name == NULL) | ||
228 | goto error; | ||
229 | |||
230 | /* get the name */ | ||
231 | bp = (unsigned char *) name->v; | ||
232 | - len = i2d_X509_NAME(x509->cert_info->issuer, &bp); | ||
233 | + len = i2d_X509_NAME(issuer_name, &bp); | ||
234 | |||
235 | X509_free(x509); | ||
236 | |||
237 | @@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert) | ||
238 | return -1; | ||
239 | } | ||
240 | |||
241 | - res = eay_rsa_verify(source, sig, evp->pkey.rsa); | ||
242 | + res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp)); | ||
243 | |||
244 | EVP_PKEY_free(evp); | ||
245 | X509_free(x509); | ||
246 | @@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey) | ||
247 | if (evp == NULL) | ||
248 | return NULL; | ||
249 | |||
250 | - sig = eay_rsa_sign(src, evp->pkey.rsa); | ||
251 | + sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp)); | ||
252 | |||
253 | EVP_PKEY_free(evp); | ||
254 | |||
255 | @@ -1079,7 +1087,11 @@ eay_strerror() | ||
256 | int line, flags; | ||
257 | unsigned long es; | ||
258 | |||
259 | +#if OPENSSL_VERSION_NUMBER >= 0x10100000L | ||
260 | + es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */ | ||
261 | +#else | ||
262 | es = CRYPTO_thread_id(); | ||
263 | +#endif | ||
264 | |||
265 | while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ | ||
266 | n = snprintf(ebuf + len, sizeof(ebuf) - len, | ||
267 | @@ -1100,7 +1112,7 @@ vchar_t * | ||
268 | evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) | ||
269 | { | ||
270 | vchar_t *res; | ||
271 | - EVP_CIPHER_CTX ctx; | ||
272 | + EVP_CIPHER_CTX *ctx; | ||
273 | |||
274 | if (!e) | ||
275 | return NULL; | ||
276 | @@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc | ||
277 | if ((res = vmalloc(data->l)) == NULL) | ||
278 | return NULL; | ||
279 | |||
280 | - EVP_CIPHER_CTX_init(&ctx); | ||
281 | + ctx = EVP_CIPHER_CTX_new(); | ||
282 | |||
283 | switch(EVP_CIPHER_nid(e)){ | ||
284 | case NID_bf_cbc: | ||
285 | @@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc | ||
286 | /* XXX: can we do that also for algos with a fixed key size ? | ||
287 | */ | ||
288 | /* init context without key/iv | ||
289 | - */ | ||
290 | - if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) | ||
291 | - { | ||
292 | - OpenSSL_BUG(); | ||
293 | - vfree(res); | ||
294 | - return NULL; | ||
295 | - } | ||
296 | + */ | ||
297 | + if (!EVP_CipherInit(ctx, e, NULL, NULL, enc)) | ||
298 | + goto out; | ||
299 | |||
300 | - /* update key size | ||
301 | - */ | ||
302 | - if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) | ||
303 | - { | ||
304 | - OpenSSL_BUG(); | ||
305 | - vfree(res); | ||
306 | - return NULL; | ||
307 | - } | ||
308 | - | ||
309 | - /* finalize context init with desired key size | ||
310 | - */ | ||
311 | - if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, | ||
312 | + /* update key size | ||
313 | + */ | ||
314 | + if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l)) | ||
315 | + goto out; | ||
316 | + | ||
317 | + /* finalize context init with desired key size | ||
318 | + */ | ||
319 | + if (!EVP_CipherInit(ctx, NULL, (u_char *) key->v, | ||
320 | (u_char *) iv->v, enc)) | ||
321 | - { | ||
322 | - OpenSSL_BUG(); | ||
323 | - vfree(res); | ||
324 | - return NULL; | ||
325 | - } | ||
326 | + goto out; | ||
327 | break; | ||
328 | default: | ||
329 | - if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, | ||
330 | - (u_char *) iv->v, enc)) { | ||
331 | - OpenSSL_BUG(); | ||
332 | - vfree(res); | ||
333 | - return NULL; | ||
334 | - } | ||
335 | + if (!EVP_CipherInit(ctx, e, (u_char *) key->v, | ||
336 | + (u_char *) iv->v, enc)) | ||
337 | + goto out; | ||
338 | } | ||
339 | |||
340 | /* disable openssl padding */ | ||
341 | - EVP_CIPHER_CTX_set_padding(&ctx, 0); | ||
342 | + EVP_CIPHER_CTX_set_padding(ctx, 0); | ||
343 | |||
344 | - if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { | ||
345 | - OpenSSL_BUG(); | ||
346 | - vfree(res); | ||
347 | - return NULL; | ||
348 | - } | ||
349 | + if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l)) | ||
350 | + goto out; | ||
351 | |||
352 | - EVP_CIPHER_CTX_cleanup(&ctx); | ||
353 | + EVP_CIPHER_CTX_free(ctx); | ||
354 | |||
355 | return res; | ||
356 | +out: | ||
357 | + EVP_CIPHER_CTX_free(ctx); | ||
358 | + OpenSSL_BUG(); | ||
359 | + vfree(res); | ||
360 | + return NULL; | ||
361 | } | ||
362 | |||
363 | int | ||
364 | @@ -1230,7 +1229,7 @@ eay_des_keylen(len) | ||
365 | return evp_keylen(len, EVP_des_cbc()); | ||
366 | } | ||
367 | |||
368 | -#ifdef HAVE_OPENSSL_IDEA_H | ||
369 | +#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) | ||
370 | /* | ||
371 | * IDEA-CBC | ||
372 | */ | ||
373 | @@ -1587,7 +1586,7 @@ eay_aes_keylen(len) | ||
374 | return len; | ||
375 | } | ||
376 | |||
377 | -#if defined(HAVE_OPENSSL_CAMELLIA_H) | ||
378 | +#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) | ||
379 | /* | ||
380 | * CAMELLIA-CBC | ||
381 | */ | ||
382 | @@ -1680,9 +1679,9 @@ eay_hmac_init(key, md) | ||
383 | vchar_t *key; | ||
384 | const EVP_MD *md; | ||
385 | { | ||
386 | - HMAC_CTX *c = racoon_malloc(sizeof(*c)); | ||
387 | + HMAC_CTX *c = HMAC_CTX_new(); | ||
388 | |||
389 | - HMAC_Init(c, key->v, key->l, md); | ||
390 | + HMAC_Init_ex(c, key->v, key->l, md, NULL); | ||
391 | |||
392 | return (caddr_t)c; | ||
393 | } | ||
394 | @@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c) | ||
395 | |||
396 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); | ||
397 | res->l = l; | ||
398 | - HMAC_cleanup((HMAC_CTX *)c); | ||
399 | - (void)racoon_free(c); | ||
400 | + HMAC_CTX_free((HMAC_CTX *)c); | ||
401 | |||
402 | if (SHA512_DIGEST_LENGTH != res->l) { | ||
403 | plog(LLV_ERROR, LOCATION, NULL, | ||
404 | @@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c) | ||
405 | |||
406 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); | ||
407 | res->l = l; | ||
408 | - HMAC_cleanup((HMAC_CTX *)c); | ||
409 | - (void)racoon_free(c); | ||
410 | + HMAC_CTX_free((HMAC_CTX *)c); | ||
411 | |||
412 | if (SHA384_DIGEST_LENGTH != res->l) { | ||
413 | plog(LLV_ERROR, LOCATION, NULL, | ||
414 | @@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c) | ||
415 | |||
416 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); | ||
417 | res->l = l; | ||
418 | - HMAC_cleanup((HMAC_CTX *)c); | ||
419 | - (void)racoon_free(c); | ||
420 | + HMAC_CTX_free((HMAC_CTX *)c); | ||
421 | |||
422 | if (SHA256_DIGEST_LENGTH != res->l) { | ||
423 | plog(LLV_ERROR, LOCATION, NULL, | ||
424 | @@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c) | ||
425 | |||
426 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); | ||
427 | res->l = l; | ||
428 | - HMAC_cleanup((HMAC_CTX *)c); | ||
429 | - (void)racoon_free(c); | ||
430 | + HMAC_CTX_free((HMAC_CTX *)c); | ||
431 | |||
432 | if (SHA_DIGEST_LENGTH != res->l) { | ||
433 | plog(LLV_ERROR, LOCATION, NULL, | ||
434 | @@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c) | ||
435 | |||
436 | HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); | ||
437 | res->l = l; | ||
438 | - HMAC_cleanup((HMAC_CTX *)c); | ||
439 | - (void)racoon_free(c); | ||
440 | + HMAC_CTX_free((HMAC_CTX *)c); | ||
441 | |||
442 | if (MD5_DIGEST_LENGTH != res->l) { | ||
443 | plog(LLV_ERROR, LOCATION, NULL, | ||
444 | @@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, priv) | ||
445 | u_int32_t g; | ||
446 | { | ||
447 | BIGNUM *p = NULL; | ||
448 | + BIGNUM *BNg = NULL; | ||
449 | DH *dh = NULL; | ||
450 | int error = -1; | ||
451 | |||
452 | @@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, priv) | ||
453 | |||
454 | if ((dh = DH_new()) == NULL) | ||
455 | goto end; | ||
456 | - dh->p = p; | ||
457 | - p = NULL; /* p is now part of dh structure */ | ||
458 | - dh->g = NULL; | ||
459 | - if ((dh->g = BN_new()) == NULL) | ||
460 | + if ((BNg = BN_new()) == NULL) | ||
461 | goto end; | ||
462 | - if (!BN_set_word(dh->g, g)) | ||
463 | + if (!BN_set_word(BNg, g)) | ||
464 | goto end; | ||
465 | + if (! DH_set0_pqg(dh, p, NULL, BNg)) | ||
466 | + goto end; | ||
467 | + BNg = NULL; | ||
468 | + p = NULL; /* p is now part of dh structure */ | ||
469 | |||
470 | if (publen != 0) | ||
471 | - dh->length = publen; | ||
472 | + DH_set_length(dh, publen); | ||
473 | |||
474 | /* generate public and private number */ | ||
475 | if (!DH_generate_key(dh)) | ||
476 | goto end; | ||
477 | |||
478 | /* copy results to buffers */ | ||
479 | - if (eay_bn2v(pub, dh->pub_key) < 0) | ||
480 | + BIGNUM *pub_key, *priv_key; | ||
481 | + DH_get0_key(dh, (const BIGNUM**) &pub_key, (const BIGNUM**) &priv_key); | ||
482 | + if (eay_bn2v(pub, pub_key) < 0) | ||
483 | goto end; | ||
484 | - if (eay_bn2v(priv, dh->priv_key) < 0) { | ||
485 | + if (eay_bn2v(priv, priv_key) < 0) { | ||
486 | vfree(*pub); | ||
487 | goto end; | ||
488 | } | ||
489 | @@ -2306,6 +2304,8 @@ end: | ||
490 | DH_free(dh); | ||
491 | if (p != 0) | ||
492 | BN_free(p); | ||
493 | + if (BNg != 0) | ||
494 | + BN_free(BNg); | ||
495 | return(error); | ||
496 | } | ||
497 | |||
498 | @@ -2319,6 +2319,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) | ||
499 | int l; | ||
500 | unsigned char *v = NULL; | ||
501 | int error = -1; | ||
502 | + BIGNUM *p = BN_new(); | ||
503 | + BIGNUM *BNg = BN_new(); | ||
504 | + BIGNUM *pub_key = BN_new(); | ||
505 | + BIGNUM *priv_key = BN_new(); | ||
506 | |||
507 | /* make public number to compute */ | ||
508 | if (eay_v2bn(&dh_pub, pub2) < 0) | ||
509 | @@ -2327,19 +2331,21 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) | ||
510 | /* make DH structure */ | ||
511 | if ((dh = DH_new()) == NULL) | ||
512 | goto end; | ||
513 | - if (eay_v2bn(&dh->p, prime) < 0) | ||
514 | + if (p == NULL || BNg == NULL || pub_key == NULL || priv_key == NULL) | ||
515 | goto end; | ||
516 | - if (eay_v2bn(&dh->pub_key, pub) < 0) | ||
517 | + | ||
518 | + if (eay_v2bn(&p, prime) < 0) | ||
519 | goto end; | ||
520 | - if (eay_v2bn(&dh->priv_key, priv) < 0) | ||
521 | + if (eay_v2bn(&pub_key, pub) < 0) | ||
522 | goto end; | ||
523 | - dh->length = pub2->l * 8; | ||
524 | - | ||
525 | - dh->g = NULL; | ||
526 | - if ((dh->g = BN_new()) == NULL) | ||
527 | + if (eay_v2bn(&priv_key, priv) < 0) | ||
528 | goto end; | ||
529 | - if (!BN_set_word(dh->g, g)) | ||
530 | + if (!BN_set_word(BNg, g)) | ||
531 | goto end; | ||
532 | + DH_set0_key(dh, pub_key, priv_key); | ||
533 | + DH_set_length(dh, pub2->l * 8); | ||
534 | + DH_set0_pqg(dh, p, NULL, BNg); | ||
535 | + pub_key = priv_key = p = BNg = NULL; | ||
536 | |||
537 | if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) | ||
538 | goto end; | ||
539 | @@ -2350,6 +2356,14 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) | ||
540 | error = 0; | ||
541 | |||
542 | end: | ||
543 | + if (p != NULL) | ||
544 | + BN_free(p); | ||
545 | + if (BNg != NULL) | ||
546 | + BN_free(BNg); | ||
547 | + if (pub_key != NULL) | ||
548 | + BN_free(pub_key); | ||
549 | + if (priv_key != NULL) | ||
550 | + BN_free(priv_key); | ||
551 | if (dh_pub != NULL) | ||
552 | BN_free(dh_pub); | ||
553 | if (dh != NULL) | ||
554 | @@ -2400,12 +2414,14 @@ eay_bn2v(var, bn) | ||
555 | void | ||
556 | eay_init() | ||
557 | { | ||
558 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
559 | OpenSSL_add_all_algorithms(); | ||
560 | ERR_load_crypto_strings(); | ||
561 | #ifdef HAVE_OPENSSL_ENGINE_H | ||
562 | ENGINE_load_builtin_engines(); | ||
563 | ENGINE_register_all_complete(); | ||
564 | #endif | ||
565 | +#endif | ||
566 | } | ||
567 | |||
568 | vchar_t * | ||
569 | @@ -2504,8 +2520,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf) | ||
570 | goto out; | ||
571 | } | ||
572 | |||
573 | - rsa_pub->n = mod; | ||
574 | - rsa_pub->e = exp; | ||
575 | + RSA_set0_key(rsa_pub, mod, exp, NULL); | ||
576 | |||
577 | out: | ||
578 | return rsa_pub; | ||
579 | @@ -2582,5 +2597,5 @@ eay_random() | ||
580 | const char * | ||
581 | eay_version() | ||
582 | { | ||
583 | - return SSLeay_version(SSLEAY_VERSION); | ||
584 | + return OpenSSL_version(OPENSSL_VERSION); | ||
585 | } | ||
586 | diff --git a/src/racoon/crypto_openssl.h b/src/racoon/crypto_openssl.h | ||
587 | index 66fac73..ee5b765 100644 | ||
588 | --- a/src/racoon/crypto_openssl.h | ||
589 | +++ b/src/racoon/crypto_openssl.h | ||
590 | @@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); | ||
591 | extern int eay_aes_weakkey __P((vchar_t *)); | ||
592 | extern int eay_aes_keylen __P((int)); | ||
593 | |||
594 | -#if defined(HAVE_OPENSSL_CAMELLIA_H) | ||
595 | +#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) | ||
596 | /* Camellia */ | ||
597 | extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); | ||
598 | extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); | ||
599 | diff --git a/src/racoon/eaytest.c b/src/racoon/eaytest.c | ||
600 | index d609e4f..d2d20da 100644 | ||
601 | --- a/src/racoon/eaytest.c | ||
602 | +++ b/src/racoon/eaytest.c | ||
603 | @@ -62,6 +62,7 @@ | ||
604 | #include "dhgroup.h" | ||
605 | #include "crypto_openssl.h" | ||
606 | #include "gnuc.h" | ||
607 | +#include "openssl_compat.h" | ||
608 | |||
609 | #include "package_version.h" | ||
610 | |||
611 | @@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_txt) | ||
612 | printf ("PEM_read_PUBKEY(): %s\n", eay_strerror()); | ||
613 | return -1; | ||
614 | } | ||
615 | - error = eay_check_rsasign(src, sig, evp->pkey.rsa); | ||
616 | + error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp)); | ||
617 | |||
618 | return error; | ||
619 | } | ||
620 | @@ -698,7 +699,7 @@ ciphertest(ac, av) | ||
621 | eay_cast_encrypt, eay_cast_decrypt) < 0) | ||
622 | return -1; | ||
623 | |||
624 | -#ifdef HAVE_OPENSSL_IDEA_H | ||
625 | +#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) | ||
626 | if (ciphertest_1 ("IDEA", | ||
627 | &data, 8, | ||
628 | &key, key.l, | ||
629 | @@ -715,7 +716,7 @@ ciphertest(ac, av) | ||
630 | eay_rc5_encrypt, eay_rc5_decrypt) < 0) | ||
631 | return -1; | ||
632 | #endif | ||
633 | -#if defined(HAVE_OPENSSL_CAMELLIA_H) | ||
634 | +#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) | ||
635 | if (ciphertest_1 ("CAMELLIA", | ||
636 | &data, 16, | ||
637 | &key, key.l, | ||
638 | diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c | ||
639 | index 08e4325..7b1604d 100644 | ||
640 | --- a/src/racoon/ipsec_doi.c | ||
641 | +++ b/src/racoon/ipsec_doi.c | ||
642 | @@ -715,7 +715,7 @@ out: | ||
643 | /* key length must not be specified on some algorithms */ | ||
644 | if (keylen) { | ||
645 | if (sa->enctype == OAKLEY_ATTR_ENC_ALG_DES | ||
646 | -#ifdef HAVE_OPENSSL_IDEA_H | ||
647 | +#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) | ||
648 | || sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA | ||
649 | #endif | ||
650 | || sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) { | ||
651 | diff --git a/src/racoon/openssl_compat.c b/src/racoon/openssl_compat.c | ||
652 | new file mode 100644 | ||
653 | index 0000000..864b5fb | ||
654 | --- /dev/null | ||
655 | +++ b/src/racoon/openssl_compat.c | ||
656 | @@ -0,0 +1,213 @@ | ||
657 | +/* | ||
658 | + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. | ||
659 | + * | ||
660 | + * Licensed under the OpenSSL license (the "License"). You may not use | ||
661 | + * this file except in compliance with the License. You can obtain a copy | ||
662 | + * in the file LICENSE in the source distribution or at | ||
663 | + * https://www.openssl.org/source/license.html | ||
664 | + */ | ||
665 | + | ||
666 | +#include "openssl_compat.h" | ||
667 | + | ||
668 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
669 | + | ||
670 | +#include <string.h> | ||
671 | + | ||
672 | +static void *OPENSSL_zalloc(size_t num) | ||
673 | +{ | ||
674 | + void *ret = OPENSSL_malloc(num); | ||
675 | + | ||
676 | + if (ret != NULL) | ||
677 | + memset(ret, 0, num); | ||
678 | + return ret; | ||
679 | +} | ||
680 | + | ||
681 | +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) | ||
682 | +{ | ||
683 | + /* If the fields n and e in r are NULL, the corresponding input | ||
684 | + * parameters MUST be non-NULL for n and e. d may be | ||
685 | + * left NULL (in case only the public key is used). | ||
686 | + */ | ||
687 | + if ((r->n == NULL && n == NULL) | ||
688 | + || (r->e == NULL && e == NULL)) | ||
689 | + return 0; | ||
690 | + | ||
691 | + if (n != NULL) { | ||
692 | + BN_free(r->n); | ||
693 | + r->n = n; | ||
694 | + } | ||
695 | + if (e != NULL) { | ||
696 | + BN_free(r->e); | ||
697 | + r->e = e; | ||
698 | + } | ||
699 | + if (d != NULL) { | ||
700 | + BN_free(r->d); | ||
701 | + r->d = d; | ||
702 | + } | ||
703 | + | ||
704 | + return 1; | ||
705 | +} | ||
706 | + | ||
707 | +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) | ||
708 | +{ | ||
709 | + /* If the fields p and q in r are NULL, the corresponding input | ||
710 | + * parameters MUST be non-NULL. | ||
711 | + */ | ||
712 | + if ((r->p == NULL && p == NULL) | ||
713 | + || (r->q == NULL && q == NULL)) | ||
714 | + return 0; | ||
715 | + | ||
716 | + if (p != NULL) { | ||
717 | + BN_free(r->p); | ||
718 | + r->p = p; | ||
719 | + } | ||
720 | + if (q != NULL) { | ||
721 | + BN_free(r->q); | ||
722 | + r->q = q; | ||
723 | + } | ||
724 | + | ||
725 | + return 1; | ||
726 | +} | ||
727 | + | ||
728 | +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) | ||
729 | +{ | ||
730 | + /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input | ||
731 | + * parameters MUST be non-NULL. | ||
732 | + */ | ||
733 | + if ((r->dmp1 == NULL && dmp1 == NULL) | ||
734 | + || (r->dmq1 == NULL && dmq1 == NULL) | ||
735 | + || (r->iqmp == NULL && iqmp == NULL)) | ||
736 | + return 0; | ||
737 | + | ||
738 | + if (dmp1 != NULL) { | ||
739 | + BN_free(r->dmp1); | ||
740 | + r->dmp1 = dmp1; | ||
741 | + } | ||
742 | + if (dmq1 != NULL) { | ||
743 | + BN_free(r->dmq1); | ||
744 | + r->dmq1 = dmq1; | ||
745 | + } | ||
746 | + if (iqmp != NULL) { | ||
747 | + BN_free(r->iqmp); | ||
748 | + r->iqmp = iqmp; | ||
749 | + } | ||
750 | + | ||
751 | + return 1; | ||
752 | +} | ||
753 | + | ||
754 | +void RSA_get0_key(const RSA *r, | ||
755 | + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) | ||
756 | +{ | ||
757 | + if (n != NULL) | ||
758 | + *n = r->n; | ||
759 | + if (e != NULL) | ||
760 | + *e = r->e; | ||
761 | + if (d != NULL) | ||
762 | + *d = r->d; | ||
763 | +} | ||
764 | + | ||
765 | +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) | ||
766 | +{ | ||
767 | + if (p != NULL) | ||
768 | + *p = r->p; | ||
769 | + if (q != NULL) | ||
770 | + *q = r->q; | ||
771 | +} | ||
772 | + | ||
773 | +void RSA_get0_crt_params(const RSA *r, | ||
774 | + const BIGNUM **dmp1, const BIGNUM **dmq1, | ||
775 | + const BIGNUM **iqmp) | ||
776 | +{ | ||
777 | + if (dmp1 != NULL) | ||
778 | + *dmp1 = r->dmp1; | ||
779 | + if (dmq1 != NULL) | ||
780 | + *dmq1 = r->dmq1; | ||
781 | + if (iqmp != NULL) | ||
782 | + *iqmp = r->iqmp; | ||
783 | +} | ||
784 | + | ||
785 | +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) | ||
786 | +{ | ||
787 | + /* If the fields p and g in d are NULL, the corresponding input | ||
788 | + * parameters MUST be non-NULL. q may remain NULL. | ||
789 | + */ | ||
790 | + if ((dh->p == NULL && p == NULL) | ||
791 | + || (dh->g == NULL && g == NULL)) | ||
792 | + return 0; | ||
793 | + | ||
794 | + if (p != NULL) { | ||
795 | + BN_free(dh->p); | ||
796 | + dh->p = p; | ||
797 | + } | ||
798 | + if (q != NULL) { | ||
799 | + BN_free(dh->q); | ||
800 | + dh->q = q; | ||
801 | + } | ||
802 | + if (g != NULL) { | ||
803 | + BN_free(dh->g); | ||
804 | + dh->g = g; | ||
805 | + } | ||
806 | + | ||
807 | + if (q != NULL) { | ||
808 | + dh->length = BN_num_bits(q); | ||
809 | + } | ||
810 | + | ||
811 | + return 1; | ||
812 | +} | ||
813 | + | ||
814 | +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) | ||
815 | +{ | ||
816 | + if (pub_key != NULL) | ||
817 | + *pub_key = dh->pub_key; | ||
818 | + if (priv_key != NULL) | ||
819 | + *priv_key = dh->priv_key; | ||
820 | +} | ||
821 | + | ||
822 | +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) | ||
823 | +{ | ||
824 | + /* If the field pub_key in dh is NULL, the corresponding input | ||
825 | + * parameters MUST be non-NULL. The priv_key field may | ||
826 | + * be left NULL. | ||
827 | + */ | ||
828 | + if (dh->pub_key == NULL && pub_key == NULL) | ||
829 | + return 0; | ||
830 | + | ||
831 | + if (pub_key != NULL) { | ||
832 | + BN_free(dh->pub_key); | ||
833 | + dh->pub_key = pub_key; | ||
834 | + } | ||
835 | + if (priv_key != NULL) { | ||
836 | + BN_free(dh->priv_key); | ||
837 | + dh->priv_key = priv_key; | ||
838 | + } | ||
839 | + | ||
840 | + return 1; | ||
841 | +} | ||
842 | + | ||
843 | +int DH_set_length(DH *dh, long length) | ||
844 | +{ | ||
845 | + dh->length = length; | ||
846 | + return 1; | ||
847 | +} | ||
848 | + | ||
849 | +HMAC_CTX *HMAC_CTX_new(void) | ||
850 | +{ | ||
851 | + return OPENSSL_zalloc(sizeof(HMAC_CTX)); | ||
852 | +} | ||
853 | + | ||
854 | +void HMAC_CTX_free(HMAC_CTX *ctx) | ||
855 | +{ | ||
856 | + HMAC_CTX_cleanup(ctx); | ||
857 | + OPENSSL_free(ctx); | ||
858 | +} | ||
859 | + | ||
860 | +RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) | ||
861 | +{ | ||
862 | + if (pkey->type != EVP_PKEY_RSA) { | ||
863 | + return NULL; | ||
864 | + } | ||
865 | + return pkey->pkey.rsa; | ||
866 | +} | ||
867 | + | ||
868 | + | ||
869 | +#endif /* OPENSSL_VERSION_NUMBER */ | ||
870 | diff --git a/src/racoon/openssl_compat.h b/src/racoon/openssl_compat.h | ||
871 | new file mode 100644 | ||
872 | index 0000000..9e152c2 | ||
873 | --- /dev/null | ||
874 | +++ b/src/racoon/openssl_compat.h | ||
875 | @@ -0,0 +1,45 @@ | ||
876 | +#ifndef OPENSSL_COMPAT_H | ||
877 | +#define OPENSSL_COMPAT_H | ||
878 | + | ||
879 | +#include <openssl/opensslv.h> | ||
880 | +#if OPENSSL_VERSION_NUMBER < 0x10100000L | ||
881 | + | ||
882 | +#include <openssl/rsa.h> | ||
883 | +#include <openssl/dh.h> | ||
884 | +#include <openssl/evp.h> | ||
885 | +#include <openssl/hmac.h> | ||
886 | + | ||
887 | +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); | ||
888 | +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); | ||
889 | +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); | ||
890 | +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); | ||
891 | +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); | ||
892 | +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); | ||
893 | + | ||
894 | +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); | ||
895 | +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); | ||
896 | +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); | ||
897 | +int DH_set_length(DH *dh, long length); | ||
898 | + | ||
899 | +HMAC_CTX *HMAC_CTX_new(void); | ||
900 | +void HMAC_CTX_free(HMAC_CTX* ctx); | ||
901 | + | ||
902 | +RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); | ||
903 | + | ||
904 | +#define ASN1_STRING_length(s) s->length | ||
905 | +#define ASN1_STRING_get0_data(s) s->data | ||
906 | + | ||
907 | +#define X509_get_subject_name(x) x->cert_info->subject | ||
908 | +#define X509_get_issuer_name(x) x->cert_info->issuer | ||
909 | +#define X509_NAME_ENTRY_get_data(n) n->value | ||
910 | +#define X509_NAME_ENTRY_get_object(n) n->object | ||
911 | +#define X509_STORE_CTX_get_current_cert(ctx) ctx->current_cert | ||
912 | +#define X509_STORE_CTX_get_error(ctx) ctx->error | ||
913 | +#define X509_STORE_CTX_get_error_depth(ctx) ctx->error_depth | ||
914 | + | ||
915 | +#define OPENSSL_VERSION SSLEAY_VERSION | ||
916 | +#define OpenSSL_version SSLeay_version | ||
917 | + | ||
918 | +#endif /* OPENSSL_VERSION_NUMBER */ | ||
919 | + | ||
920 | +#endif /* OPENSSL_COMPAT_H */ | ||
921 | diff --git a/src/racoon/plainrsa-gen.c b/src/racoon/plainrsa-gen.c | ||
922 | index cad1861..b949b08 100644 | ||
923 | --- a/src/racoon/plainrsa-gen.c | ||
924 | +++ b/src/racoon/plainrsa-gen.c | ||
925 | @@ -60,6 +60,7 @@ | ||
926 | #include "vmbuf.h" | ||
927 | #include "plog.h" | ||
928 | #include "crypto_openssl.h" | ||
929 | +#include "openssl_compat.h" | ||
930 | |||
931 | #include "package_version.h" | ||
932 | |||
933 | @@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key) | ||
934 | char *binbuf; | ||
935 | long binlen, ret; | ||
936 | vchar_t *res; | ||
937 | - | ||
938 | - binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n); | ||
939 | + const BIGNUM *e, *n; | ||
940 | + | ||
941 | + RSA_get0_key(key, &n, &e, NULL); | ||
942 | + binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n); | ||
943 | binbuf = malloc(binlen); | ||
944 | memset(binbuf, 0, binlen); | ||
945 | - binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]); | ||
946 | - ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1])); | ||
947 | + binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]); | ||
948 | + ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1])); | ||
949 | if (1 + binbuf[0] + ret != binlen) { | ||
950 | plog(LLV_ERROR, LOCATION, NULL, | ||
951 | "Pubkey generation failed. This is really strange...\n"); | ||
952 | @@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key) | ||
953 | |||
954 | fprintf(fp, "# : PUB 0s%s\n", pubkey64->v); | ||
955 | fprintf(fp, ": RSA\t{\n"); | ||
956 | - fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n)); | ||
957 | + const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; | ||
958 | + RSA_get0_key(key, &n, &e, &d); | ||
959 | + RSA_get0_factors(key, &p, &q); | ||
960 | + RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp); | ||
961 | + fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n)); | ||
962 | fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v); | ||
963 | - fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n))); | ||
964 | - fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e))); | ||
965 | - fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d))); | ||
966 | - fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p))); | ||
967 | - fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q))); | ||
968 | - fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1))); | ||
969 | - fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1))); | ||
970 | - fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp))); | ||
971 | + fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n))); | ||
972 | + fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e))); | ||
973 | + fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d))); | ||
974 | + fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p))); | ||
975 | + fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q))); | ||
976 | + fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1))); | ||
977 | + fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1))); | ||
978 | + fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp))); | ||
979 | fprintf(fp, " }\n"); | ||
980 | |||
981 | vfree(pubkey64); | ||
982 | @@ -203,11 +210,13 @@ int | ||
983 | gen_rsa_key(FILE *fp, size_t bits, unsigned long exp) | ||
984 | { | ||
985 | int ret; | ||
986 | - RSA *key; | ||
987 | + RSA *key = RSA_new(); | ||
988 | + BIGNUM *e = BN_new(); | ||
989 | |||
990 | - key = RSA_generate_key(bits, exp, NULL, NULL); | ||
991 | - if (!key) { | ||
992 | + BN_set_word(e, exp); | ||
993 | + if (! RSA_generate_key_ex(key, bits, e, NULL)) { | ||
994 | fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror()); | ||
995 | + RSA_free(key); | ||
996 | return -1; | ||
997 | } | ||
998 | |||
999 | diff --git a/src/racoon/prsa_par.y b/src/racoon/prsa_par.y | ||
1000 | index 1987e4d..27ce4c6 100644 | ||
1001 | --- a/src/racoon/prsa_par.y | ||
1002 | +++ b/src/racoon/prsa_par.y | ||
1003 | @@ -68,6 +68,7 @@ | ||
1004 | #include "isakmp_var.h" | ||
1005 | #include "handler.h" | ||
1006 | #include "crypto_openssl.h" | ||
1007 | +#include "openssl_compat.h" | ||
1008 | #include "sockmisc.h" | ||
1009 | #include "rsalist.h" | ||
1010 | |||
1011 | @@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL; | ||
1012 | struct genlist *prsa_cur_list = NULL; | ||
1013 | enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY; | ||
1014 | |||
1015 | -static RSA *rsa_cur; | ||
1016 | +struct my_rsa_st { | ||
1017 | + BIGNUM *n; | ||
1018 | + BIGNUM *e; | ||
1019 | + BIGNUM *d; | ||
1020 | + BIGNUM *p; | ||
1021 | + BIGNUM *q; | ||
1022 | + BIGNUM *dmp1; | ||
1023 | + BIGNUM *dmq1; | ||
1024 | + BIGNUM *iqmp; | ||
1025 | +}; | ||
1026 | + | ||
1027 | +static struct my_rsa_st *rsa_cur; | ||
1028 | |||
1029 | void | ||
1030 | prsaerror(const char *s, ...) | ||
1031 | @@ -201,8 +213,12 @@ rsa_statement: | ||
1032 | rsa_cur->iqmp = NULL; | ||
1033 | } | ||
1034 | } | ||
1035 | - $$ = rsa_cur; | ||
1036 | - rsa_cur = RSA_new(); | ||
1037 | + RSA * rsa_tmp = RSA_new(); | ||
1038 | + RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d); | ||
1039 | + RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q); | ||
1040 | + RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp); | ||
1041 | + $$ = rsa_tmp; | ||
1042 | + memset(rsa_cur, 0, sizeof(struct my_rsa_st)); | ||
1043 | } | ||
1044 | | TAG_PUB BASE64 | ||
1045 | { | ||
1046 | @@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type) | ||
1047 | prsa_cur_fname = fname; | ||
1048 | prsa_cur_list = list; | ||
1049 | prsa_cur_type = type; | ||
1050 | - rsa_cur = RSA_new(); | ||
1051 | + rsa_cur = malloc(sizeof(struct my_rsa_st)); | ||
1052 | + memset(rsa_cur, 0, sizeof(struct my_rsa_st)); | ||
1053 | ret = prsaparse(); | ||
1054 | if (rsa_cur) { | ||
1055 | - RSA_free(rsa_cur); | ||
1056 | + memset(rsa_cur, 0, sizeof(struct my_rsa_st)); | ||
1057 | + free(rsa_cur); | ||
1058 | rsa_cur = NULL; | ||
1059 | } | ||
1060 | fclose (fp); | ||
1061 | diff --git a/src/racoon/rsalist.c b/src/racoon/rsalist.c | ||
1062 | index f152c82..96e8363 100644 | ||
1063 | --- a/src/racoon/rsalist.c | ||
1064 | +++ b/src/racoon/rsalist.c | ||
1065 | @@ -52,6 +52,7 @@ | ||
1066 | #include "genlist.h" | ||
1067 | #include "remoteconf.h" | ||
1068 | #include "crypto_openssl.h" | ||
1069 | +#include "openssl_compat.h" | ||
1070 | |||
1071 | #ifndef LIST_FIRST | ||
1072 | #define LIST_FIRST(head) ((head)->lh_first) | ||
1073 | @@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key) | ||
1074 | return NULL; | ||
1075 | |||
1076 | if (key->rsa) { | ||
1077 | - new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa); | ||
1078 | + const BIGNUM *d; | ||
1079 | + RSA_get0_key(key->rsa, NULL, NULL, &d); | ||
1080 | + new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa)); | ||
1081 | if (new->rsa == NULL) | ||
1082 | goto dup_error; | ||
1083 | } | ||
1084 | -- | ||
1085 | 2.7.4 | ||
1086 | |||