Line 0
Link Here
|
|
|
1 |
--- src/racoon/Makefile.am |
2 |
+++ src/racoon/Makefile.am |
3 |
@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrsa-gen |
4 |
noinst_PROGRAMS = eaytest |
5 |
include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \ |
6 |
schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \ |
7 |
- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h |
8 |
+ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h |
9 |
lib_LTLIBRARIES = libracoon.la |
10 |
|
11 |
adminsockdir=${localstatedir}/racoon |
12 |
@@ -32,7 +32,7 @@ racoon_SOURCES = \ |
13 |
gssapi.c dnssec.c getcertsbyname.c privsep.c \ |
14 |
pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \ |
15 |
policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \ |
16 |
- proposal.c sainfo.c strnames.c \ |
17 |
+ openssl_compat.c proposal.c sainfo.c strnames.c \ |
18 |
plog.c logger.c schedule.c str2val.c \ |
19 |
safefile.c backupsa.c genlist.c rsalist.c \ |
20 |
cftoken.l cfparse.y prsa_tok.l prsa_par.y |
21 |
@@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c |
22 |
libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS) |
23 |
|
24 |
plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \ |
25 |
- crypto_openssl.c logger.c |
26 |
+ crypto_openssl.c logger.c openssl_compat.c |
27 |
EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS) |
28 |
plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o |
29 |
plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o |
30 |
|
31 |
-eaytest_SOURCES = eaytest.c plog.c logger.c |
32 |
+eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c |
33 |
EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c |
34 |
eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \ |
35 |
$(CRYPTOBJS) |
36 |
@@ -75,7 +75,7 @@ noinst_HEADERS = \ |
37 |
debugrm.h isakmp.h misc.h sainfo.h \ |
38 |
dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \ |
39 |
isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \ |
40 |
- throttle.h privsep.h \ |
41 |
+ throttle.h privsep.h openssl_compat.h \ |
42 |
cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \ |
43 |
missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \ |
44 |
missing/crypto/rijndael/rijndael-api-fst.h \ |
45 |
--- src/racoon/algorithm.c |
46 |
+++ src/racoon/algorithm.c |
47 |
@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encdef[] = { |
48 |
{ "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16, |
49 |
eay_aes_encrypt, eay_aes_decrypt, |
50 |
eay_aes_weakkey, eay_aes_keylen, }, |
51 |
-#ifdef HAVE_OPENSSL_CAMELLIA_H |
52 |
+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) |
53 |
{ "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16, |
54 |
eay_camellia_encrypt, eay_camellia_decrypt, |
55 |
eay_camellia_weakkey, eay_camellia_keylen, }, |
56 |
@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef[] = { |
57 |
{ "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16, |
58 |
NULL, NULL, |
59 |
NULL, eay_twofish_keylen, }, |
60 |
-#ifdef HAVE_OPENSSL_IDEA_H |
61 |
+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) |
62 |
{ "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8, |
63 |
NULL, NULL, |
64 |
NULL, NULL, }, |
65 |
@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = { |
66 |
{ "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8, |
67 |
NULL, NULL, |
68 |
NULL, NULL, }, |
69 |
-#ifdef HAVE_OPENSSL_CAMELLIA_H |
70 |
+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) |
71 |
{ "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16, |
72 |
NULL, NULL, |
73 |
NULL, eay_camellia_keylen, }, |
74 |
--- src/racoon/cfparse.y |
75 |
+++ src/racoon/cfparse.y |
76 |
@@ -2564,7 +2564,7 @@ set_isakmp_proposal(rmconf) |
77 |
plog(LLV_DEBUG2, LOCATION, NULL, |
78 |
"encklen=%d\n", s->encklen); |
79 |
|
80 |
- memset(types, 0, ARRAYLEN(types)); |
81 |
+ memset(types, 0, sizeof types); |
82 |
types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc]; |
83 |
types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash]; |
84 |
types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh]; |
85 |
--- src/racoon/crypto_openssl.c |
86 |
+++ src/racoon/crypto_openssl.c |
87 |
@@ -90,6 +90,7 @@ |
88 |
#endif |
89 |
#endif |
90 |
#include "plog.h" |
91 |
+#include "openssl_compat.h" |
92 |
|
93 |
#define USE_NEW_DES_API |
94 |
|
95 |
@@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2) |
96 |
i = idx+1; |
97 |
goto end; |
98 |
} |
99 |
- if ((ea->value->length == 1 && ea->value->data[0] == '*') || |
100 |
- (eb->value->length == 1 && eb->value->data[0] == '*')) { |
101 |
- if (OBJ_cmp(ea->object,eb->object)) { |
102 |
+ ASN1_STRING *sa = X509_NAME_ENTRY_get_data(ea); |
103 |
+ ASN1_STRING *sb = X509_NAME_ENTRY_get_data(eb); |
104 |
+ if ((ASN1_STRING_length(sa) == 1 && ASN1_STRING_get0_data(sa)[0] == '*') || |
105 |
+ (ASN1_STRING_length(sb) == 1 && ASN1_STRING_get0_data(sb)[0] == '*')) { |
106 |
+ if (OBJ_cmp(X509_NAME_ENTRY_get_object(ea), |
107 |
+ X509_NAME_ENTRY_get_object(eb))) { |
108 |
i = idx+1; |
109 |
goto end; |
110 |
} |
111 |
@@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx) |
112 |
|
113 |
if (!ok) { |
114 |
X509_NAME_oneline( |
115 |
- X509_get_subject_name(ctx->current_cert), |
116 |
+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), |
117 |
buf, |
118 |
256); |
119 |
/* |
120 |
@@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx) |
121 |
* ok if they are self signed. But we should still warn |
122 |
* the user. |
123 |
*/ |
124 |
- switch (ctx->error) { |
125 |
+ int ctx_error = X509_STORE_CTX_get_error(ctx); |
126 |
+ switch (ctx_error) { |
127 |
case X509_V_ERR_CERT_HAS_EXPIRED: |
128 |
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: |
129 |
case X509_V_ERR_INVALID_CA: |
130 |
@@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx) |
131 |
} |
132 |
plog(log_tag, LOCATION, NULL, |
133 |
"%s(%d) at depth:%d SubjectName:%s\n", |
134 |
- X509_verify_cert_error_string(ctx->error), |
135 |
- ctx->error, |
136 |
- ctx->error_depth, |
137 |
+ X509_verify_cert_error_string(ctx_error), |
138 |
+ ctx_error, |
139 |
+ X509_STORE_CTX_get_error_depth(ctx), |
140 |
buf); |
141 |
} |
142 |
ERR_clear_error(); |
143 |
@@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx) |
144 |
|
145 |
if (!ok) { |
146 |
X509_NAME_oneline( |
147 |
- X509_get_subject_name(ctx->current_cert), |
148 |
+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), |
149 |
buf, |
150 |
256); |
151 |
- switch (ctx->error) { |
152 |
+ int ctx_error=X509_STORE_CTX_get_error(ctx); |
153 |
+ switch (ctx_error) { |
154 |
case X509_V_ERR_UNABLE_TO_GET_CRL: |
155 |
ok = 1; |
156 |
log_tag = LLV_WARNING; |
157 |
@@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx) |
158 |
} |
159 |
plog(log_tag, LOCATION, NULL, |
160 |
"%s(%d) at depth:%d SubjectName:%s\n", |
161 |
- X509_verify_cert_error_string(ctx->error), |
162 |
- ctx->error, |
163 |
- ctx->error_depth, |
164 |
+ X509_verify_cert_error_string(ctx_error), |
165 |
+ ctx_error, |
166 |
+ X509_STORE_CTX_get_error_depth(ctx), |
167 |
buf); |
168 |
} |
169 |
ERR_clear_error(); |
170 |
@@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert) |
171 |
if (x509 == NULL) |
172 |
goto error; |
173 |
|
174 |
+ X509_NAME *subject_name = X509_get_subject_name(x509); |
175 |
/* get the length of the name */ |
176 |
- len = i2d_X509_NAME(x509->cert_info->subject, NULL); |
177 |
+ len = i2d_X509_NAME(subject_name, NULL); |
178 |
name = vmalloc(len); |
179 |
if (!name) |
180 |
goto error; |
181 |
/* get the name */ |
182 |
bp = (unsigned char *) name->v; |
183 |
- len = i2d_X509_NAME(x509->cert_info->subject, &bp); |
184 |
+ len = i2d_X509_NAME(subject_name, &bp); |
185 |
|
186 |
X509_free(x509); |
187 |
|
188 |
@@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert) |
189 |
if (x509 == NULL) |
190 |
goto error; |
191 |
|
192 |
+ X509_NAME *issuer_name = X509_get_issuer_name(x509); |
193 |
/* get the length of the name */ |
194 |
- len = i2d_X509_NAME(x509->cert_info->issuer, NULL); |
195 |
+ len = i2d_X509_NAME(issuer_name, NULL); |
196 |
name = vmalloc(len); |
197 |
if (name == NULL) |
198 |
goto error; |
199 |
|
200 |
/* get the name */ |
201 |
bp = (unsigned char *) name->v; |
202 |
- len = i2d_X509_NAME(x509->cert_info->issuer, &bp); |
203 |
+ len = i2d_X509_NAME(issuer_name, &bp); |
204 |
|
205 |
X509_free(x509); |
206 |
|
207 |
@@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert) |
208 |
return -1; |
209 |
} |
210 |
|
211 |
- res = eay_rsa_verify(source, sig, evp->pkey.rsa); |
212 |
+ res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp)); |
213 |
|
214 |
EVP_PKEY_free(evp); |
215 |
X509_free(x509); |
216 |
@@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey) |
217 |
if (evp == NULL) |
218 |
return NULL; |
219 |
|
220 |
- sig = eay_rsa_sign(src, evp->pkey.rsa); |
221 |
+ sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp)); |
222 |
|
223 |
EVP_PKEY_free(evp); |
224 |
|
225 |
@@ -1079,7 +1087,11 @@ eay_strerror() |
226 |
int line, flags; |
227 |
unsigned long es; |
228 |
|
229 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
230 |
+ es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */ |
231 |
+#else |
232 |
es = CRYPTO_thread_id(); |
233 |
+#endif |
234 |
|
235 |
while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ |
236 |
n = snprintf(ebuf + len, sizeof(ebuf) - len, |
237 |
@@ -1100,7 +1112,7 @@ vchar_t * |
238 |
evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) |
239 |
{ |
240 |
vchar_t *res; |
241 |
- EVP_CIPHER_CTX ctx; |
242 |
+ EVP_CIPHER_CTX *ctx; |
243 |
|
244 |
if (!e) |
245 |
return NULL; |
246 |
@@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc |
247 |
if ((res = vmalloc(data->l)) == NULL) |
248 |
return NULL; |
249 |
|
250 |
- EVP_CIPHER_CTX_init(&ctx); |
251 |
+ ctx = EVP_CIPHER_CTX_new(); |
252 |
|
253 |
switch(EVP_CIPHER_nid(e)){ |
254 |
case NID_bf_cbc: |
255 |
@@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc |
256 |
/* XXX: can we do that also for algos with a fixed key size ? |
257 |
*/ |
258 |
/* init context without key/iv |
259 |
- */ |
260 |
- if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) |
261 |
- { |
262 |
- OpenSSL_BUG(); |
263 |
- vfree(res); |
264 |
- return NULL; |
265 |
- } |
266 |
+ */ |
267 |
+ if (!EVP_CipherInit(ctx, e, NULL, NULL, enc)) |
268 |
+ goto out; |
269 |
|
270 |
- /* update key size |
271 |
- */ |
272 |
- if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) |
273 |
- { |
274 |
- OpenSSL_BUG(); |
275 |
- vfree(res); |
276 |
- return NULL; |
277 |
- } |
278 |
- |
279 |
- /* finalize context init with desired key size |
280 |
- */ |
281 |
- if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, |
282 |
+ /* update key size |
283 |
+ */ |
284 |
+ if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l)) |
285 |
+ goto out; |
286 |
+ |
287 |
+ /* finalize context init with desired key size |
288 |
+ */ |
289 |
+ if (!EVP_CipherInit(ctx, NULL, (u_char *) key->v, |
290 |
(u_char *) iv->v, enc)) |
291 |
- { |
292 |
- OpenSSL_BUG(); |
293 |
- vfree(res); |
294 |
- return NULL; |
295 |
- } |
296 |
+ goto out; |
297 |
break; |
298 |
default: |
299 |
- if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, |
300 |
- (u_char *) iv->v, enc)) { |
301 |
- OpenSSL_BUG(); |
302 |
- vfree(res); |
303 |
- return NULL; |
304 |
- } |
305 |
+ if (!EVP_CipherInit(ctx, e, (u_char *) key->v, |
306 |
+ (u_char *) iv->v, enc)) |
307 |
+ goto out; |
308 |
} |
309 |
|
310 |
/* disable openssl padding */ |
311 |
- EVP_CIPHER_CTX_set_padding(&ctx, 0); |
312 |
+ EVP_CIPHER_CTX_set_padding(ctx, 0); |
313 |
|
314 |
- if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { |
315 |
- OpenSSL_BUG(); |
316 |
- vfree(res); |
317 |
- return NULL; |
318 |
- } |
319 |
+ if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l)) |
320 |
+ goto out; |
321 |
|
322 |
- EVP_CIPHER_CTX_cleanup(&ctx); |
323 |
+ EVP_CIPHER_CTX_free(ctx); |
324 |
|
325 |
return res; |
326 |
+out: |
327 |
+ EVP_CIPHER_CTX_free(ctx); |
328 |
+ OpenSSL_BUG(); |
329 |
+ vfree(res); |
330 |
+ return NULL; |
331 |
} |
332 |
|
333 |
int |
334 |
@@ -1230,7 +1229,7 @@ eay_des_keylen(len) |
335 |
return evp_keylen(len, EVP_des_cbc()); |
336 |
} |
337 |
|
338 |
-#ifdef HAVE_OPENSSL_IDEA_H |
339 |
+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) |
340 |
/* |
341 |
* IDEA-CBC |
342 |
*/ |
343 |
@@ -1587,7 +1586,7 @@ eay_aes_keylen(len) |
344 |
return len; |
345 |
} |
346 |
|
347 |
-#if defined(HAVE_OPENSSL_CAMELLIA_H) |
348 |
+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) |
349 |
/* |
350 |
* CAMELLIA-CBC |
351 |
*/ |
352 |
@@ -1680,9 +1679,9 @@ eay_hmac_init(key, md) |
353 |
vchar_t *key; |
354 |
const EVP_MD *md; |
355 |
{ |
356 |
- HMAC_CTX *c = racoon_malloc(sizeof(*c)); |
357 |
+ HMAC_CTX *c = HMAC_CTX_new(); |
358 |
|
359 |
- HMAC_Init(c, key->v, key->l, md); |
360 |
+ HMAC_Init_ex(c, key->v, key->l, md, NULL); |
361 |
|
362 |
return (caddr_t)c; |
363 |
} |
364 |
@@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c) |
365 |
|
366 |
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
367 |
res->l = l; |
368 |
- HMAC_cleanup((HMAC_CTX *)c); |
369 |
- (void)racoon_free(c); |
370 |
+ HMAC_CTX_free((HMAC_CTX *)c); |
371 |
|
372 |
if (SHA512_DIGEST_LENGTH != res->l) { |
373 |
plog(LLV_ERROR, LOCATION, NULL, |
374 |
@@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c) |
375 |
|
376 |
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
377 |
res->l = l; |
378 |
- HMAC_cleanup((HMAC_CTX *)c); |
379 |
- (void)racoon_free(c); |
380 |
+ HMAC_CTX_free((HMAC_CTX *)c); |
381 |
|
382 |
if (SHA384_DIGEST_LENGTH != res->l) { |
383 |
plog(LLV_ERROR, LOCATION, NULL, |
384 |
@@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c) |
385 |
|
386 |
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
387 |
res->l = l; |
388 |
- HMAC_cleanup((HMAC_CTX *)c); |
389 |
- (void)racoon_free(c); |
390 |
+ HMAC_CTX_free((HMAC_CTX *)c); |
391 |
|
392 |
if (SHA256_DIGEST_LENGTH != res->l) { |
393 |
plog(LLV_ERROR, LOCATION, NULL, |
394 |
@@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c) |
395 |
|
396 |
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
397 |
res->l = l; |
398 |
- HMAC_cleanup((HMAC_CTX *)c); |
399 |
- (void)racoon_free(c); |
400 |
+ HMAC_CTX_free((HMAC_CTX *)c); |
401 |
|
402 |
if (SHA_DIGEST_LENGTH != res->l) { |
403 |
plog(LLV_ERROR, LOCATION, NULL, |
404 |
@@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c) |
405 |
|
406 |
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); |
407 |
res->l = l; |
408 |
- HMAC_cleanup((HMAC_CTX *)c); |
409 |
- (void)racoon_free(c); |
410 |
+ HMAC_CTX_free((HMAC_CTX *)c); |
411 |
|
412 |
if (MD5_DIGEST_LENGTH != res->l) { |
413 |
plog(LLV_ERROR, LOCATION, NULL, |
414 |
@@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, priv) |
415 |
u_int32_t g; |
416 |
{ |
417 |
BIGNUM *p = NULL; |
418 |
+ BIGNUM *BNg = NULL; |
419 |
DH *dh = NULL; |
420 |
int error = -1; |
421 |
|
422 |
@@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, priv) |
423 |
|
424 |
if ((dh = DH_new()) == NULL) |
425 |
goto end; |
426 |
- dh->p = p; |
427 |
- p = NULL; /* p is now part of dh structure */ |
428 |
- dh->g = NULL; |
429 |
- if ((dh->g = BN_new()) == NULL) |
430 |
+ if ((BNg = BN_new()) == NULL) |
431 |
goto end; |
432 |
- if (!BN_set_word(dh->g, g)) |
433 |
+ if (!BN_set_word(BNg, g)) |
434 |
goto end; |
435 |
+ if (! DH_set0_pqg(dh, p, NULL, BNg)) |
436 |
+ goto end; |
437 |
+ BNg = NULL; |
438 |
+ p = NULL; /* p is now part of dh structure */ |
439 |
|
440 |
if (publen != 0) |
441 |
- dh->length = publen; |
442 |
+ DH_set_length(dh, publen); |
443 |
|
444 |
/* generate public and private number */ |
445 |
if (!DH_generate_key(dh)) |
446 |
goto end; |
447 |
|
448 |
/* copy results to buffers */ |
449 |
- if (eay_bn2v(pub, dh->pub_key) < 0) |
450 |
+ BIGNUM *pub_key, *priv_key; |
451 |
+ DH_get0_key(dh, (const BIGNUM**) &pub_key, (const BIGNUM**) &priv_key); |
452 |
+ if (eay_bn2v(pub, pub_key) < 0) |
453 |
goto end; |
454 |
- if (eay_bn2v(priv, dh->priv_key) < 0) { |
455 |
+ if (eay_bn2v(priv, priv_key) < 0) { |
456 |
vfree(*pub); |
457 |
goto end; |
458 |
} |
459 |
@@ -2306,6 +2304,8 @@ end: |
460 |
DH_free(dh); |
461 |
if (p != 0) |
462 |
BN_free(p); |
463 |
+ if (BNg != 0) |
464 |
+ BN_free(BNg); |
465 |
return(error); |
466 |
} |
467 |
|
468 |
@@ -2319,6 +2319,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) |
469 |
int l; |
470 |
unsigned char *v = NULL; |
471 |
int error = -1; |
472 |
+ BIGNUM *p = BN_new(); |
473 |
+ BIGNUM *BNg = BN_new(); |
474 |
+ BIGNUM *pub_key = BN_new(); |
475 |
+ BIGNUM *priv_key = BN_new(); |
476 |
|
477 |
/* make public number to compute */ |
478 |
if (eay_v2bn(&dh_pub, pub2) < 0) |
479 |
@@ -2327,19 +2331,21 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) |
480 |
/* make DH structure */ |
481 |
if ((dh = DH_new()) == NULL) |
482 |
goto end; |
483 |
- if (eay_v2bn(&dh->p, prime) < 0) |
484 |
+ if (p == NULL || BNg == NULL || pub_key == NULL || priv_key == NULL) |
485 |
goto end; |
486 |
- if (eay_v2bn(&dh->pub_key, pub) < 0) |
487 |
+ |
488 |
+ if (eay_v2bn(&p, prime) < 0) |
489 |
goto end; |
490 |
- if (eay_v2bn(&dh->priv_key, priv) < 0) |
491 |
+ if (eay_v2bn(&pub_key, pub) < 0) |
492 |
goto end; |
493 |
- dh->length = pub2->l * 8; |
494 |
- |
495 |
- dh->g = NULL; |
496 |
- if ((dh->g = BN_new()) == NULL) |
497 |
+ if (eay_v2bn(&priv_key, priv) < 0) |
498 |
goto end; |
499 |
- if (!BN_set_word(dh->g, g)) |
500 |
+ if (!BN_set_word(BNg, g)) |
501 |
goto end; |
502 |
+ DH_set0_key(dh, pub_key, priv_key); |
503 |
+ DH_set_length(dh, pub2->l * 8); |
504 |
+ DH_set0_pqg(dh, p, NULL, BNg); |
505 |
+ pub_key = priv_key = p = BNg = NULL; |
506 |
|
507 |
if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) |
508 |
goto end; |
509 |
@@ -2350,6 +2356,14 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) |
510 |
error = 0; |
511 |
|
512 |
end: |
513 |
+ if (p != NULL) |
514 |
+ BN_free(p); |
515 |
+ if (BNg != NULL) |
516 |
+ BN_free(BNg); |
517 |
+ if (pub_key != NULL) |
518 |
+ BN_free(pub_key); |
519 |
+ if (priv_key != NULL) |
520 |
+ BN_free(priv_key); |
521 |
if (dh_pub != NULL) |
522 |
BN_free(dh_pub); |
523 |
if (dh != NULL) |
524 |
@@ -2400,12 +2414,14 @@ eay_bn2v(var, bn) |
525 |
void |
526 |
eay_init() |
527 |
{ |
528 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
529 |
OpenSSL_add_all_algorithms(); |
530 |
ERR_load_crypto_strings(); |
531 |
#ifdef HAVE_OPENSSL_ENGINE_H |
532 |
ENGINE_load_builtin_engines(); |
533 |
ENGINE_register_all_complete(); |
534 |
#endif |
535 |
+#endif |
536 |
} |
537 |
|
538 |
vchar_t * |
539 |
@@ -2504,8 +2520,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf) |
540 |
goto out; |
541 |
} |
542 |
|
543 |
- rsa_pub->n = mod; |
544 |
- rsa_pub->e = exp; |
545 |
+ RSA_set0_key(rsa_pub, mod, exp, NULL); |
546 |
|
547 |
out: |
548 |
return rsa_pub; |
549 |
@@ -2582,5 +2597,5 @@ eay_random() |
550 |
const char * |
551 |
eay_version() |
552 |
{ |
553 |
- return SSLeay_version(SSLEAY_VERSION); |
554 |
+ return OpenSSL_version(OPENSSL_VERSION); |
555 |
} |
556 |
--- src/racoon/crypto_openssl.h |
557 |
+++ src/racoon/crypto_openssl.h |
558 |
@@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); |
559 |
extern int eay_aes_weakkey __P((vchar_t *)); |
560 |
extern int eay_aes_keylen __P((int)); |
561 |
|
562 |
-#if defined(HAVE_OPENSSL_CAMELLIA_H) |
563 |
+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) |
564 |
/* Camellia */ |
565 |
extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); |
566 |
extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); |
567 |
--- src/racoon/eaytest.c |
568 |
+++ src/racoon/eaytest.c |
569 |
@@ -62,6 +62,7 @@ |
570 |
#include "dhgroup.h" |
571 |
#include "crypto_openssl.h" |
572 |
#include "gnuc.h" |
573 |
+#include "openssl_compat.h" |
574 |
|
575 |
#include "package_version.h" |
576 |
|
577 |
@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_txt) |
578 |
printf ("PEM_read_PUBKEY(): %s\n", eay_strerror()); |
579 |
return -1; |
580 |
} |
581 |
- error = eay_check_rsasign(src, sig, evp->pkey.rsa); |
582 |
+ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp)); |
583 |
|
584 |
return error; |
585 |
} |
586 |
@@ -698,7 +699,7 @@ ciphertest(ac, av) |
587 |
eay_cast_encrypt, eay_cast_decrypt) < 0) |
588 |
return -1; |
589 |
|
590 |
-#ifdef HAVE_OPENSSL_IDEA_H |
591 |
+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) |
592 |
if (ciphertest_1 ("IDEA", |
593 |
&data, 8, |
594 |
&key, key.l, |
595 |
@@ -715,7 +716,7 @@ ciphertest(ac, av) |
596 |
eay_rc5_encrypt, eay_rc5_decrypt) < 0) |
597 |
return -1; |
598 |
#endif |
599 |
-#if defined(HAVE_OPENSSL_CAMELLIA_H) |
600 |
+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) |
601 |
if (ciphertest_1 ("CAMELLIA", |
602 |
&data, 16, |
603 |
&key, key.l, |
604 |
--- src/racoon/ipsec_doi.c |
605 |
+++ src/racoon/ipsec_doi.c |
606 |
@@ -715,7 +715,7 @@ out: |
607 |
/* key length must not be specified on some algorithms */ |
608 |
if (keylen) { |
609 |
if (sa->enctype == OAKLEY_ATTR_ENC_ALG_DES |
610 |
-#ifdef HAVE_OPENSSL_IDEA_H |
611 |
+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) |
612 |
|| sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA |
613 |
#endif |
614 |
|| sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) { |
615 |
--- /dev/null |
616 |
+++ src/racoon/openssl_compat.c |
617 |
@@ -0,0 +1,213 @@ |
618 |
+/* |
619 |
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. |
620 |
+ * |
621 |
+ * Licensed under the OpenSSL license (the "License"). You may not use |
622 |
+ * this file except in compliance with the License. You can obtain a copy |
623 |
+ * in the file LICENSE in the source distribution or at |
624 |
+ * https://www.openssl.org/source/license.html |
625 |
+ */ |
626 |
+ |
627 |
+#include "openssl_compat.h" |
628 |
+ |
629 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
630 |
+ |
631 |
+#include <string.h> |
632 |
+ |
633 |
+static void *OPENSSL_zalloc(size_t num) |
634 |
+{ |
635 |
+ void *ret = OPENSSL_malloc(num); |
636 |
+ |
637 |
+ if (ret != NULL) |
638 |
+ memset(ret, 0, num); |
639 |
+ return ret; |
640 |
+} |
641 |
+ |
642 |
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) |
643 |
+{ |
644 |
+ /* If the fields n and e in r are NULL, the corresponding input |
645 |
+ * parameters MUST be non-NULL for n and e. d may be |
646 |
+ * left NULL (in case only the public key is used). |
647 |
+ */ |
648 |
+ if ((r->n == NULL && n == NULL) |
649 |
+ || (r->e == NULL && e == NULL)) |
650 |
+ return 0; |
651 |
+ |
652 |
+ if (n != NULL) { |
653 |
+ BN_free(r->n); |
654 |
+ r->n = n; |
655 |
+ } |
656 |
+ if (e != NULL) { |
657 |
+ BN_free(r->e); |
658 |
+ r->e = e; |
659 |
+ } |
660 |
+ if (d != NULL) { |
661 |
+ BN_free(r->d); |
662 |
+ r->d = d; |
663 |
+ } |
664 |
+ |
665 |
+ return 1; |
666 |
+} |
667 |
+ |
668 |
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) |
669 |
+{ |
670 |
+ /* If the fields p and q in r are NULL, the corresponding input |
671 |
+ * parameters MUST be non-NULL. |
672 |
+ */ |
673 |
+ if ((r->p == NULL && p == NULL) |
674 |
+ || (r->q == NULL && q == NULL)) |
675 |
+ return 0; |
676 |
+ |
677 |
+ if (p != NULL) { |
678 |
+ BN_free(r->p); |
679 |
+ r->p = p; |
680 |
+ } |
681 |
+ if (q != NULL) { |
682 |
+ BN_free(r->q); |
683 |
+ r->q = q; |
684 |
+ } |
685 |
+ |
686 |
+ return 1; |
687 |
+} |
688 |
+ |
689 |
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) |
690 |
+{ |
691 |
+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input |
692 |
+ * parameters MUST be non-NULL. |
693 |
+ */ |
694 |
+ if ((r->dmp1 == NULL && dmp1 == NULL) |
695 |
+ || (r->dmq1 == NULL && dmq1 == NULL) |
696 |
+ || (r->iqmp == NULL && iqmp == NULL)) |
697 |
+ return 0; |
698 |
+ |
699 |
+ if (dmp1 != NULL) { |
700 |
+ BN_free(r->dmp1); |
701 |
+ r->dmp1 = dmp1; |
702 |
+ } |
703 |
+ if (dmq1 != NULL) { |
704 |
+ BN_free(r->dmq1); |
705 |
+ r->dmq1 = dmq1; |
706 |
+ } |
707 |
+ if (iqmp != NULL) { |
708 |
+ BN_free(r->iqmp); |
709 |
+ r->iqmp = iqmp; |
710 |
+ } |
711 |
+ |
712 |
+ return 1; |
713 |
+} |
714 |
+ |
715 |
+void RSA_get0_key(const RSA *r, |
716 |
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) |
717 |
+{ |
718 |
+ if (n != NULL) |
719 |
+ *n = r->n; |
720 |
+ if (e != NULL) |
721 |
+ *e = r->e; |
722 |
+ if (d != NULL) |
723 |
+ *d = r->d; |
724 |
+} |
725 |
+ |
726 |
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) |
727 |
+{ |
728 |
+ if (p != NULL) |
729 |
+ *p = r->p; |
730 |
+ if (q != NULL) |
731 |
+ *q = r->q; |
732 |
+} |
733 |
+ |
734 |
+void RSA_get0_crt_params(const RSA *r, |
735 |
+ const BIGNUM **dmp1, const BIGNUM **dmq1, |
736 |
+ const BIGNUM **iqmp) |
737 |
+{ |
738 |
+ if (dmp1 != NULL) |
739 |
+ *dmp1 = r->dmp1; |
740 |
+ if (dmq1 != NULL) |
741 |
+ *dmq1 = r->dmq1; |
742 |
+ if (iqmp != NULL) |
743 |
+ *iqmp = r->iqmp; |
744 |
+} |
745 |
+ |
746 |
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
747 |
+{ |
748 |
+ /* If the fields p and g in d are NULL, the corresponding input |
749 |
+ * parameters MUST be non-NULL. q may remain NULL. |
750 |
+ */ |
751 |
+ if ((dh->p == NULL && p == NULL) |
752 |
+ || (dh->g == NULL && g == NULL)) |
753 |
+ return 0; |
754 |
+ |
755 |
+ if (p != NULL) { |
756 |
+ BN_free(dh->p); |
757 |
+ dh->p = p; |
758 |
+ } |
759 |
+ if (q != NULL) { |
760 |
+ BN_free(dh->q); |
761 |
+ dh->q = q; |
762 |
+ } |
763 |
+ if (g != NULL) { |
764 |
+ BN_free(dh->g); |
765 |
+ dh->g = g; |
766 |
+ } |
767 |
+ |
768 |
+ if (q != NULL) { |
769 |
+ dh->length = BN_num_bits(q); |
770 |
+ } |
771 |
+ |
772 |
+ return 1; |
773 |
+} |
774 |
+ |
775 |
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) |
776 |
+{ |
777 |
+ if (pub_key != NULL) |
778 |
+ *pub_key = dh->pub_key; |
779 |
+ if (priv_key != NULL) |
780 |
+ *priv_key = dh->priv_key; |
781 |
+} |
782 |
+ |
783 |
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) |
784 |
+{ |
785 |
+ /* If the field pub_key in dh is NULL, the corresponding input |
786 |
+ * parameters MUST be non-NULL. The priv_key field may |
787 |
+ * be left NULL. |
788 |
+ */ |
789 |
+ if (dh->pub_key == NULL && pub_key == NULL) |
790 |
+ return 0; |
791 |
+ |
792 |
+ if (pub_key != NULL) { |
793 |
+ BN_free(dh->pub_key); |
794 |
+ dh->pub_key = pub_key; |
795 |
+ } |
796 |
+ if (priv_key != NULL) { |
797 |
+ BN_free(dh->priv_key); |
798 |
+ dh->priv_key = priv_key; |
799 |
+ } |
800 |
+ |
801 |
+ return 1; |
802 |
+} |
803 |
+ |
804 |
+int DH_set_length(DH *dh, long length) |
805 |
+{ |
806 |
+ dh->length = length; |
807 |
+ return 1; |
808 |
+} |
809 |
+ |
810 |
+HMAC_CTX *HMAC_CTX_new(void) |
811 |
+{ |
812 |
+ return OPENSSL_zalloc(sizeof(HMAC_CTX)); |
813 |
+} |
814 |
+ |
815 |
+void HMAC_CTX_free(HMAC_CTX *ctx) |
816 |
+{ |
817 |
+ HMAC_CTX_cleanup(ctx); |
818 |
+ OPENSSL_free(ctx); |
819 |
+} |
820 |
+ |
821 |
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) |
822 |
+{ |
823 |
+ if (pkey->type != EVP_PKEY_RSA) { |
824 |
+ return NULL; |
825 |
+ } |
826 |
+ return pkey->pkey.rsa; |
827 |
+} |
828 |
+ |
829 |
+ |
830 |
+#endif /* OPENSSL_VERSION_NUMBER */ |
831 |
--- /dev/null |
832 |
+++ src/racoon/openssl_compat.h |
833 |
@@ -0,0 +1,45 @@ |
834 |
+#ifndef OPENSSL_COMPAT_H |
835 |
+#define OPENSSL_COMPAT_H |
836 |
+ |
837 |
+#include <openssl/opensslv.h> |
838 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L |
839 |
+ |
840 |
+#include <openssl/rsa.h> |
841 |
+#include <openssl/dh.h> |
842 |
+#include <openssl/evp.h> |
843 |
+#include <openssl/hmac.h> |
844 |
+ |
845 |
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); |
846 |
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); |
847 |
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); |
848 |
+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); |
849 |
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); |
850 |
+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); |
851 |
+ |
852 |
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
853 |
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); |
854 |
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); |
855 |
+int DH_set_length(DH *dh, long length); |
856 |
+ |
857 |
+HMAC_CTX *HMAC_CTX_new(void); |
858 |
+void HMAC_CTX_free(HMAC_CTX* ctx); |
859 |
+ |
860 |
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); |
861 |
+ |
862 |
+#define ASN1_STRING_length(s) s->length |
863 |
+#define ASN1_STRING_get0_data(s) s->data |
864 |
+ |
865 |
+#define X509_get_subject_name(x) x->cert_info->subject |
866 |
+#define X509_get_issuer_name(x) x->cert_info->issuer |
867 |
+#define X509_NAME_ENTRY_get_data(n) n->value |
868 |
+#define X509_NAME_ENTRY_get_object(n) n->object |
869 |
+#define X509_STORE_CTX_get_current_cert(ctx) ctx->current_cert |
870 |
+#define X509_STORE_CTX_get_error(ctx) ctx->error |
871 |
+#define X509_STORE_CTX_get_error_depth(ctx) ctx->error_depth |
872 |
+ |
873 |
+#define OPENSSL_VERSION SSLEAY_VERSION |
874 |
+#define OpenSSL_version SSLeay_version |
875 |
+ |
876 |
+#endif /* OPENSSL_VERSION_NUMBER */ |
877 |
+ |
878 |
+#endif /* OPENSSL_COMPAT_H */ |
879 |
--- src/racoon/plainrsa-gen.c |
880 |
+++ src/racoon/plainrsa-gen.c |
881 |
@@ -60,6 +60,7 @@ |
882 |
#include "vmbuf.h" |
883 |
#include "plog.h" |
884 |
#include "crypto_openssl.h" |
885 |
+#include "openssl_compat.h" |
886 |
|
887 |
#include "package_version.h" |
888 |
|
889 |
@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key) |
890 |
char *binbuf; |
891 |
long binlen, ret; |
892 |
vchar_t *res; |
893 |
- |
894 |
- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n); |
895 |
+ const BIGNUM *e, *n; |
896 |
+ |
897 |
+ RSA_get0_key(key, &n, &e, NULL); |
898 |
+ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n); |
899 |
binbuf = malloc(binlen); |
900 |
memset(binbuf, 0, binlen); |
901 |
- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]); |
902 |
- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1])); |
903 |
+ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]); |
904 |
+ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1])); |
905 |
if (1 + binbuf[0] + ret != binlen) { |
906 |
plog(LLV_ERROR, LOCATION, NULL, |
907 |
"Pubkey generation failed. This is really strange...\n"); |
908 |
@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key) |
909 |
|
910 |
fprintf(fp, "# : PUB 0s%s\n", pubkey64->v); |
911 |
fprintf(fp, ": RSA\t{\n"); |
912 |
- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n)); |
913 |
+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; |
914 |
+ RSA_get0_key(key, &n, &e, &d); |
915 |
+ RSA_get0_factors(key, &p, &q); |
916 |
+ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp); |
917 |
+ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n)); |
918 |
fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v); |
919 |
- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n))); |
920 |
- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e))); |
921 |
- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d))); |
922 |
- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p))); |
923 |
- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q))); |
924 |
- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1))); |
925 |
- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1))); |
926 |
- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp))); |
927 |
+ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n))); |
928 |
+ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e))); |
929 |
+ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d))); |
930 |
+ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p))); |
931 |
+ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q))); |
932 |
+ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1))); |
933 |
+ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1))); |
934 |
+ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp))); |
935 |
fprintf(fp, " }\n"); |
936 |
|
937 |
vfree(pubkey64); |
938 |
@@ -203,11 +210,13 @@ int |
939 |
gen_rsa_key(FILE *fp, size_t bits, unsigned long exp) |
940 |
{ |
941 |
int ret; |
942 |
- RSA *key; |
943 |
+ RSA *key = RSA_new(); |
944 |
+ BIGNUM *e = BN_new(); |
945 |
|
946 |
- key = RSA_generate_key(bits, exp, NULL, NULL); |
947 |
- if (!key) { |
948 |
+ BN_set_word(e, exp); |
949 |
+ if (! RSA_generate_key_ex(key, bits, e, NULL)) { |
950 |
fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror()); |
951 |
+ RSA_free(key); |
952 |
return -1; |
953 |
} |
954 |
|
955 |
--- src/racoon/prsa_par.y |
956 |
+++ src/racoon/prsa_par.y |
957 |
@@ -68,6 +68,7 @@ |
958 |
#include "isakmp_var.h" |
959 |
#include "handler.h" |
960 |
#include "crypto_openssl.h" |
961 |
+#include "openssl_compat.h" |
962 |
#include "sockmisc.h" |
963 |
#include "rsalist.h" |
964 |
|
965 |
@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL; |
966 |
struct genlist *prsa_cur_list = NULL; |
967 |
enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY; |
968 |
|
969 |
-static RSA *rsa_cur; |
970 |
+struct my_rsa_st { |
971 |
+ BIGNUM *n; |
972 |
+ BIGNUM *e; |
973 |
+ BIGNUM *d; |
974 |
+ BIGNUM *p; |
975 |
+ BIGNUM *q; |
976 |
+ BIGNUM *dmp1; |
977 |
+ BIGNUM *dmq1; |
978 |
+ BIGNUM *iqmp; |
979 |
+}; |
980 |
+ |
981 |
+static struct my_rsa_st *rsa_cur; |
982 |
|
983 |
void |
984 |
prsaerror(const char *s, ...) |
985 |
@@ -201,8 +213,12 @@ rsa_statement: |
986 |
rsa_cur->iqmp = NULL; |
987 |
} |
988 |
} |
989 |
- $$ = rsa_cur; |
990 |
- rsa_cur = RSA_new(); |
991 |
+ RSA * rsa_tmp = RSA_new(); |
992 |
+ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d); |
993 |
+ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q); |
994 |
+ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp); |
995 |
+ $$ = rsa_tmp; |
996 |
+ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); |
997 |
} |
998 |
| TAG_PUB BASE64 |
999 |
{ |
1000 |
@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type) |
1001 |
prsa_cur_fname = fname; |
1002 |
prsa_cur_list = list; |
1003 |
prsa_cur_type = type; |
1004 |
- rsa_cur = RSA_new(); |
1005 |
+ rsa_cur = malloc(sizeof(struct my_rsa_st)); |
1006 |
+ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); |
1007 |
ret = prsaparse(); |
1008 |
if (rsa_cur) { |
1009 |
- RSA_free(rsa_cur); |
1010 |
+ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); |
1011 |
+ free(rsa_cur); |
1012 |
rsa_cur = NULL; |
1013 |
} |
1014 |
fclose (fp); |
1015 |
--- src/racoon/rsalist.c |
1016 |
+++ src/racoon/rsalist.c |
1017 |
@@ -52,6 +52,7 @@ |
1018 |
#include "genlist.h" |
1019 |
#include "remoteconf.h" |
1020 |
#include "crypto_openssl.h" |
1021 |
+#include "openssl_compat.h" |
1022 |
|
1023 |
#ifndef LIST_FIRST |
1024 |
#define LIST_FIRST(head) ((head)->lh_first) |
1025 |
@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key) |
1026 |
return NULL; |
1027 |
|
1028 |
if (key->rsa) { |
1029 |
- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa); |
1030 |
+ const BIGNUM *d; |
1031 |
+ RSA_get0_key(key->rsa, NULL, NULL, &d); |
1032 |
+ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa)); |
1033 |
if (new->rsa == NULL) |
1034 |
goto dup_error; |
1035 |
} |