Module Name: src
Committed By: christos
Date: Wed Feb 7 03:59:03 UTC 2018
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: crypto_openssl.c
crypto_openssl.h prsa_par.y rsalist.c
Log Message:
Welcome to the 21st century Buck Rogers: OpenSSL-1.1
To generate a diff of this commit:
cvs rdiff -u -r1.26 -r1.27 \
src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
cvs rdiff -u -r1.8 -r1.9 \
src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h
cvs rdiff -u -r1.6 -r1.7 src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y \
src/crypto/dist/ipsec-tools/src/racoon/rsalist.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.26 src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.27
--- src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.26 Sun Jun 11 18:12:56 2017
+++ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c Tue Feb 6 22:59:03 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: crypto_openssl.c,v 1.26 2017/06/11 22:12:56 christos Exp $ */
+/* $NetBSD: crypto_openssl.c,v 1.27 2018/02/07 03:59:03 christos Exp $ */
/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
@@ -109,11 +109,11 @@
* necessary for SSLeay/OpenSSL portability. It sucks.
*/
-static int cb_check_cert_local __P((int, X509_STORE_CTX *));
-static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
-static X509 *mem2x509 __P((vchar_t *));
+static int cb_check_cert_local(int, X509_STORE_CTX *);
+static int cb_check_cert_remote(int, X509_STORE_CTX *);
+static X509 *mem2x509(vchar_t *);
-static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
+static caddr_t eay_hmac_init(vchar_t *, const EVP_MD *);
/* X509 Certificate */
/*
@@ -312,13 +312,19 @@ eay_cmp_asn1dn(n1, n2)
for(idx = 0; idx < X509_NAME_entry_count(a); idx++) {
X509_NAME_ENTRY *ea = X509_NAME_get_entry(a, idx);
X509_NAME_ENTRY *eb = X509_NAME_get_entry(b, idx);
+ ASN1_STRING *eda, *edb;
if (!eb) { /* reached end of eb while still entries in ea, can not be equal... */
i = idx+1;
goto end;
}
- if ((ea->value->length == 1 && ea->value->data[0] == '*') ||
- (eb->value->length == 1 && eb->value->data[0] == '*')) {
- if (OBJ_cmp(ea->object,eb->object)) {
+ eda = X509_NAME_ENTRY_get_data(ea);
+ edb = X509_NAME_ENTRY_get_data(eb);
+ if ((eda->length == 1 && eda->data[0] == '*') ||
+ (edb->length == 1 && edb->data[0] == '*')) {
+ ASN1_OBJECT *eoa, *eob;
+ eoa = X509_NAME_ENTRY_get_object(ea);
+ eob = X509_NAME_ENTRY_get_object(eb);
+ if (OBJ_cmp(eoa, eob)) {
i = idx+1;
goto end;
}
@@ -426,19 +432,17 @@ cb_check_cert_local(ok, ctx)
X509_STORE_CTX *ctx;
{
char buf[256];
- int log_tag;
+ int log_tag, error;
if (!ok) {
- X509_NAME_oneline(
- X509_get_subject_name(ctx->current_cert),
- buf,
- 256);
+ X509_NAME_oneline(X509_get_subject_name(
+ X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
/*
* since we are just checking the certificates, it is
* ok if they are self signed. But we should still warn
* the user.
*/
- switch (ctx->error) {
+ switch (error = X509_STORE_CTX_get_error(ctx)) {
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
case X509_V_ERR_INVALID_CA:
@@ -453,9 +457,8 @@ cb_check_cert_local(ok, ctx)
}
plog(log_tag, LOCATION, NULL,
"%s(%d) at depth:%d SubjectName:%s\n",
- X509_verify_cert_error_string(ctx->error),
- ctx->error,
- ctx->error_depth,
+ X509_verify_cert_error_string(error), error,
+ X509_STORE_CTX_get_error_depth(ctx),
buf);
}
ERR_clear_error();
@@ -473,14 +476,12 @@ cb_check_cert_remote(ok, ctx)
X509_STORE_CTX *ctx;
{
char buf[256];
- int log_tag;
+ int log_tag, error;
if (!ok) {
- X509_NAME_oneline(
- X509_get_subject_name(ctx->current_cert),
- buf,
- 256);
- switch (ctx->error) {
+ X509_NAME_oneline(X509_get_subject_name(
+ X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
+ switch (error = X509_STORE_CTX_get_error(ctx)) {
case X509_V_ERR_UNABLE_TO_GET_CRL:
ok = 1;
log_tag = LLV_WARNING;
@@ -490,9 +491,9 @@ cb_check_cert_remote(ok, ctx)
}
plog(log_tag, LOCATION, NULL,
"%s(%d) at depth:%d SubjectName:%s\n",
- X509_verify_cert_error_string(ctx->error),
- ctx->error,
- ctx->error_depth,
+ X509_verify_cert_error_string(error),
+ error,
+ X509_STORE_CTX_get_error_depth(ctx),
buf);
}
ERR_clear_error();
@@ -508,6 +509,7 @@ eay_get_x509asn1subjectname(cert)
vchar_t *cert;
{
X509 *x509 = NULL;
+ X509_NAME *xname;
u_char *bp;
vchar_t *name = NULL;
int len;
@@ -517,13 +519,14 @@ eay_get_x509asn1subjectname(cert)
goto error;
/* get the length of the name */
- len = i2d_X509_NAME(x509->cert_info->subject, NULL);
+ xname = X509_get_subject_name(x509);
+ len = i2d_X509_NAME(xname, NULL);
name = vmalloc(len);
if (!name)
goto error;
/* get the name */
bp = (unsigned char *) name->v;
- len = i2d_X509_NAME(x509->cert_info->subject, &bp);
+ len = i2d_X509_NAME(xname, &bp);
X509_free(x509);
@@ -674,6 +677,7 @@ eay_get_x509asn1issuername(cert)
vchar_t *cert;
{
X509 *x509 = NULL;
+ X509_NAME *xissuer;
u_char *bp;
vchar_t *name = NULL;
int len;
@@ -683,14 +687,15 @@ eay_get_x509asn1issuername(cert)
goto error;
/* get the length of the name */
- len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
+ xissuer = X509_get_issuer_name(x509);
+ len = i2d_X509_NAME(xissuer, NULL);
name = vmalloc(len);
if (name == NULL)
goto error;
/* get the name */
bp = (unsigned char *) name->v;
- len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
+ len = i2d_X509_NAME(xissuer, &bp);
X509_free(x509);
@@ -871,7 +876,7 @@ eay_check_x509sign(source, sig, cert)
return -1;
}
- res = eay_rsa_verify(source, sig, evp->pkey.rsa);
+ res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp));
EVP_PKEY_free(evp);
X509_free(x509);
@@ -1013,7 +1018,7 @@ eay_get_x509sign(src, privkey)
if (evp == NULL)
return NULL;
- sig = eay_rsa_sign(src, evp->pkey.rsa);
+ sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp));
EVP_PKEY_free(evp);
@@ -1121,7 +1126,7 @@ vchar_t *
evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
{
vchar_t *res;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
if (!e)
return NULL;
@@ -1132,7 +1137,9 @@ evp_crypt(vchar_t *data, vchar_t *key, v
if ((res = vmalloc(data->l)) == NULL)
return NULL;
- EVP_CIPHER_CTX_init(&ctx);
+ ctx = EVP_CIPHER_CTX_new();
+ if (ctx == NULL)
+ return NULL;
switch(EVP_CIPHER_nid(e)){
case NID_bf_cbc:
@@ -1146,54 +1153,41 @@ evp_crypt(vchar_t *data, vchar_t *key, v
/* XXX: can we do that also for algos with a fixed key size ?
*/
/* init context without key/iv
- */
- if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
- {
- OpenSSL_BUG();
- vfree(res);
- return NULL;
- }
-
- /* update key size
- */
- if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
- {
- OpenSSL_BUG();
- vfree(res);
- return NULL;
- }
-
- /* finalize context init with desired key size
- */
- if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
- (u_char *) iv->v, enc))
- {
- OpenSSL_BUG();
- vfree(res);
- return NULL;
- }
+ */
+ if (!EVP_CipherInit(ctx, e, NULL, NULL, enc))
+ goto out;
+
+ /* update key size
+ */
+ if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l))
+ goto out;
+
+ /* finalize context init with desired key size
+ */
+ if (!EVP_CipherInit(ctx, NULL, (u_char *)key->v,
+ (u_char *)iv->v, enc))
+ goto out;
break;
default:
- if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
- (u_char *) iv->v, enc)) {
- OpenSSL_BUG();
- vfree(res);
- return NULL;
- }
+ if (!EVP_CipherInit(ctx, e, (u_char *) key->v,
+ (u_char *) iv->v, enc))
+ goto out;
}
/* disable openssl padding */
- EVP_CIPHER_CTX_set_padding(&ctx, 0);
+ EVP_CIPHER_CTX_set_padding(ctx, 0);
- if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
- OpenSSL_BUG();
- vfree(res);
- return NULL;
- }
+ if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l))
+ goto out;
- EVP_CIPHER_CTX_cleanup(&ctx);
+ EVP_CIPHER_CTX_free(ctx);
return res;
+out:
+ EVP_CIPHER_CTX_free(ctx);
+ OpenSSL_BUG();
+ vfree(res);
+ return NULL;
}
int
@@ -1348,7 +1342,7 @@ eay_bf_keylen(len)
return len;
}
-#ifdef HAVE_OPENSSL_RC5_H
+#ifdef HAVE_OPENSSL_RC5_H
/*
* RC5-CBC
*/
@@ -1734,9 +1728,9 @@ eay_hmac_init(key, md)
vchar_t *key;
const EVP_MD *md;
{
- HMAC_CTX *c = racoon_malloc(sizeof(*c));
+ HMAC_CTX *c = HMAC_CTX_new();
- HMAC_Init(c, key->v, key->l, md);
+ HMAC_Init_ex(c, key->v, key->l, md, NULL);
return (caddr_t)c;
}
@@ -1804,19 +1798,19 @@ eay_hmacsha2_512_update(c, data)
}
vchar_t *
-eay_hmacsha2_512_final(c)
- caddr_t c;
+eay_hmacsha2_512_final(cv)
+ caddr_t cv;
{
vchar_t *res;
+ HMAC_CTX *c = (HMAC_CTX *)cv;
unsigned int l;
if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
return NULL;
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ HMAC_Final(c, (unsigned char *) res->v, &l);
res->l = l;
- HMAC_cleanup((HMAC_CTX *)c);
- (void)racoon_free(c);
+ HMAC_CTX_free(c);
if (SHA512_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -1854,19 +1848,19 @@ eay_hmacsha2_384_update(c, data)
}
vchar_t *
-eay_hmacsha2_384_final(c)
- caddr_t c;
+eay_hmacsha2_384_final(cv)
+ caddr_t cv;
{
+ HMAC_CTX *c = (HMAC_CTX *)cv;
vchar_t *res;
unsigned int l;
if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
return NULL;
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ HMAC_Final(c, (unsigned char *) res->v, &l);
res->l = l;
- HMAC_cleanup((HMAC_CTX *)c);
- (void)racoon_free(c);
+ HMAC_CTX_free(c);
if (SHA384_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -1904,19 +1898,19 @@ eay_hmacsha2_256_update(c, data)
}
vchar_t *
-eay_hmacsha2_256_final(c)
- caddr_t c;
+eay_hmacsha2_256_final(cv)
+ caddr_t cv;
{
+ HMAC_CTX *c = (HMAC_CTX *)cv;
vchar_t *res;
unsigned int l;
if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
return NULL;
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ HMAC_Final(c, (unsigned char *) res->v, &l);
res->l = l;
- HMAC_cleanup((HMAC_CTX *)c);
- (void)racoon_free(c);
+ HMAC_CTX_free(c);
if (SHA256_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -1955,19 +1949,19 @@ eay_hmacsha1_update(c, data)
}
vchar_t *
-eay_hmacsha1_final(c)
- caddr_t c;
+eay_hmacsha1_final(cv)
+ caddr_t cv;
{
+ HMAC_CTX *c = (HMAC_CTX *)cv;
vchar_t *res;
unsigned int l;
if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
return NULL;
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ HMAC_Final(c, (unsigned char *) res->v, &l);
res->l = l;
- HMAC_cleanup((HMAC_CTX *)c);
- (void)racoon_free(c);
+ HMAC_CTX_free(c);
if (SHA_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -2005,19 +1999,19 @@ eay_hmacmd5_update(c, data)
}
vchar_t *
-eay_hmacmd5_final(c)
- caddr_t c;
+eay_hmacmd5_final(cv)
+ caddr_t cv;
{
+ HMAC_CTX *c = (HMAC_CTX *)cv;
vchar_t *res;
unsigned int l;
if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
return NULL;
- HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ HMAC_Final(c, (unsigned char *) res->v, &l);
res->l = l;
- HMAC_cleanup((HMAC_CTX *)c);
- (void)racoon_free(c);
+ HMAC_CTX_free(c);
if (MD5_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
@@ -2314,12 +2308,13 @@ end:
/* DH */
int
-eay_dh_generate(prime, g, publen, pub, priv)
+eay_dh_generate(prime, ig, publen, pub, priv)
vchar_t *prime, **pub, **priv;
u_int publen;
- u_int32_t g;
+ u_int32_t ig;
{
- BIGNUM *p = NULL;
+ BIGNUM *p = NULL, *g = NULL;
+ const BIGNUM *pub_key, *priv_key;
DH *dh = NULL;
int error = -1;
@@ -2330,25 +2325,26 @@ eay_dh_generate(prime, g, publen, pub, p
if ((dh = DH_new()) == NULL)
goto end;
- dh->p = p;
- p = NULL; /* p is now part of dh structure */
- dh->g = NULL;
- if ((dh->g = BN_new()) == NULL)
+ if ((g = BN_new()) == NULL)
+ goto end;
+ if (!BN_set_word(g, ig))
goto end;
- if (!BN_set_word(dh->g, g))
+ if (!DH_set0_pqg(dh, p, NULL, g))
goto end;
if (publen != 0)
- dh->length = publen;
+ DH_set_length(dh, publen);
/* generate public and private number */
if (!DH_generate_key(dh))
goto end;
+ DH_get0_key(dh, &pub_key, &priv_key);
+
/* copy results to buffers */
- if (eay_bn2v(pub, dh->pub_key) < 0)
+ if (eay_bn2v(pub, __UNCONST(pub_key)) < 0)
goto end;
- if (eay_bn2v(priv, dh->priv_key) < 0) {
+ if (eay_bn2v(priv, __UNCONST(priv_key)) < 0) {
vfree(*pub);
goto end;
}
@@ -2358,17 +2354,18 @@ eay_dh_generate(prime, g, publen, pub, p
end:
if (dh != NULL)
DH_free(dh);
- if (p != 0)
- BN_free(p);
+ BN_free(p);
+ BN_free(g);
return(error);
}
int
-eay_dh_compute(prime, g, pub, priv, pub2, key)
+eay_dh_compute(prime, ig, pub, priv, pub2, key)
vchar_t *prime, *pub, *priv, *pub2, **key;
- u_int32_t g;
+ u_int32_t ig;
{
BIGNUM *dh_pub = NULL;
+ BIGNUM *p = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
DH *dh = NULL;
int l;
unsigned char *v = NULL;
@@ -2381,22 +2378,30 @@ eay_dh_compute(prime, g, pub, priv, pub2
/* make DH structure */
if ((dh = DH_new()) == NULL)
goto end;
- if (eay_v2bn(&dh->p, prime) < 0)
+ if (eay_v2bn(&p, prime) < 0)
goto end;
- if (eay_v2bn(&dh->pub_key, pub) < 0)
+
+ if (eay_v2bn(&pub_key, pub) < 0)
goto end;
- if (eay_v2bn(&dh->priv_key, priv) < 0)
+ if (eay_v2bn(&priv_key, priv) < 0)
goto end;
- dh->length = pub2->l * 8;
- dh->g = NULL;
- if ((dh->g = BN_new()) == NULL)
+ DH_set_length(dh, pub2->l * 8);
+
+ if ((g = BN_new()) == NULL)
goto end;
- if (!BN_set_word(dh->g, g))
+ if (!BN_set_word(g, ig))
+ goto end;
+
+ if (!DH_set0_pqg(dh, p, NULL, g))
+ goto end;
+
+ if (!DH_set0_key(dh, pub_key, priv_key))
goto end;
if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
goto end;
+
if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
goto end;
memcpy((*key)->v + (prime->l - l), v, l);
@@ -2404,13 +2409,16 @@ eay_dh_compute(prime, g, pub, priv, pub2
error = 0;
end:
- if (dh_pub != NULL)
- BN_free(dh_pub);
+ BN_free(dh_pub);
+ BN_free(pub_key);
+ BN_free(priv_key);
+ BN_free(p);
+ BN_free(g);
if (dh != NULL)
DH_free(dh);
if (v != NULL)
racoon_free(v);
- return(error);
+ return error;
}
/*
@@ -2548,21 +2556,18 @@ binbuf_pubkey2rsa(vchar_t *binbuf)
if (!exp || !mod || !rsa_pub) {
plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
- if (exp)
- BN_free(exp);
- if (mod)
- BN_free(exp);
- if (rsa_pub)
- RSA_free(rsa_pub);
- rsa_pub = NULL;
goto out;
}
- rsa_pub->n = mod;
- rsa_pub->e = exp;
+ if (!RSA_set0_key(rsa_pub, mod, exp, NULL))
+ goto out;
-out:
return rsa_pub;
+out:
+ BN_free(exp);
+ BN_free(exp);
+ RSA_free(rsa_pub);
+ return NULL;
}
RSA *
Index: src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h:1.8 src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h:1.9
--- src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h:1.8 Thu Nov 29 10:31:25 2012
+++ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h Tue Feb 6 22:59:03 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: crypto_openssl.h,v 1.8 2012/11/29 15:31:25 vanhu Exp $ */
+/* $NetBSD: crypto_openssl.h,v 1.9 2018/02/07 03:59:03 christos Exp $ */
/* Id: crypto_openssl.h,v 1.11 2004/11/13 11:28:01 manubsd Exp */
@@ -47,188 +47,189 @@
#define GENT_IPADD GEN_IPADD
#define GENT_RID GEN_RID
-extern vchar_t *eay_str2asn1dn __P((const char *, int));
-extern vchar_t *eay_hex2asn1dn __P((const char *, int));
-extern int eay_cmp_asn1dn __P((vchar_t *, vchar_t *));
-extern int eay_check_x509cert __P((vchar_t *, char *, char *, int));
-extern vchar_t *eay_get_x509asn1subjectname __P((vchar_t *));
-extern int eay_get_x509subjectaltname __P((vchar_t *, char **, int *, int));
-extern vchar_t * eay_get_x509asn1issuername __P((vchar_t *));
-extern char *eay_get_x509text __P((vchar_t *));
-extern vchar_t *eay_get_x509cert __P((char *));
-extern vchar_t *eay_get_x509sign __P((vchar_t *, vchar_t *));
-extern int eay_check_x509sign __P((vchar_t *, vchar_t *, vchar_t *));
+extern vchar_t *eay_str2asn1dn(const char *, int);
+extern vchar_t *eay_hex2asn1dn(const char *, int);
+extern int eay_cmp_asn1dn(vchar_t *, vchar_t *);
+extern int eay_check_x509cert(vchar_t *, char *, char *, int);
+extern vchar_t *eay_get_x509asn1subjectname(vchar_t *);
+extern int eay_get_x509subjectaltname(vchar_t *, char **, int *, int);
+extern vchar_t * eay_get_x509asn1issuername(vchar_t *);
+extern char *eay_get_x509text(vchar_t *);
+extern vchar_t *eay_get_x509cert(char *);
+extern vchar_t *eay_get_x509sign(vchar_t *, vchar_t *);
+extern int eay_check_x509sign(vchar_t *, vchar_t *, vchar_t *);
-extern int eay_check_rsasign __P((vchar_t *, vchar_t *, RSA *));
-extern vchar_t *eay_get_rsasign __P((vchar_t *, RSA *));
+extern int eay_check_rsasign(vchar_t *, vchar_t *, RSA *);
+extern vchar_t *eay_get_rsasign(vchar_t *, RSA *);
/* RSA */
-extern vchar_t *eay_rsa_sign __P((vchar_t *, RSA *));
-extern int eay_rsa_verify __P((vchar_t *, vchar_t *, RSA *));
+extern vchar_t *eay_rsa_sign(vchar_t *, RSA *);
+extern int eay_rsa_verify(vchar_t *, vchar_t *, RSA *);
/* ASN.1 */
-extern vchar_t *eay_get_pkcs1privkey __P((char *));
-extern vchar_t *eay_get_pkcs1pubkey __P((char *));
+extern vchar_t *eay_get_pkcs1privkey(char *);
+extern vchar_t *eay_get_pkcs1pubkey(char *);
/* string error */
-extern char *eay_strerror __P((void));
+extern char *eay_strerror(void);
/* OpenSSL initialization */
-extern void eay_init __P((void));
+extern void eay_init(void);
/* Generic EVP */
-extern vchar_t *evp_crypt __P((vchar_t *data, vchar_t *key, vchar_t *iv,
- const EVP_CIPHER *e, int enc));
-extern int evp_weakkey __P((vchar_t *key, const EVP_CIPHER *e));
-extern int evp_keylen __P((int len, const EVP_CIPHER *e));
+extern vchar_t *evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv,
+ const EVP_CIPHER *e, int enc);
+extern int evp_weakkey(vchar_t *key, const EVP_CIPHER *e);
+extern int evp_keylen(int len, const EVP_CIPHER *e);
/* DES */
-extern vchar_t *eay_des_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_des_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_des_weakkey __P((vchar_t *));
-extern int eay_des_keylen __P((int));
+extern vchar_t *eay_des_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_des_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_des_weakkey(vchar_t *);
+extern int eay_des_keylen(int);
/* IDEA */
-extern vchar_t *eay_idea_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_idea_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_idea_weakkey __P((vchar_t *));
-extern int eay_idea_keylen __P((int));
+extern vchar_t *eay_idea_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_idea_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_idea_weakkey(vchar_t *);
+extern int eay_idea_keylen(int);
/* blowfish */
-extern vchar_t *eay_bf_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_bf_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_bf_weakkey __P((vchar_t *));
-extern int eay_bf_keylen __P((int));
+extern vchar_t *eay_bf_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_bf_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_bf_weakkey(vchar_t *);
+extern int eay_bf_keylen(int);
/* RC5 */
-extern vchar_t *eay_rc5_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_rc5_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_rc5_weakkey __P((vchar_t *));
-extern int eay_rc5_keylen __P((int));
+extern vchar_t *eay_rc5_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_rc5_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_rc5_weakkey(vchar_t *);
+extern int eay_rc5_keylen(int);
/* 3DES */
-extern vchar_t *eay_3des_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_3des_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_3des_weakkey __P((vchar_t *));
-extern int eay_3des_keylen __P((int));
+extern vchar_t *eay_3des_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_3des_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_3des_weakkey(vchar_t *);
+extern int eay_3des_keylen(int);
/* CAST */
-extern vchar_t *eay_cast_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_cast_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_cast_weakkey __P((vchar_t *));
-extern int eay_cast_keylen __P((int));
+extern vchar_t *eay_cast_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_cast_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_cast_weakkey(vchar_t *);
+extern int eay_cast_keylen(int);
/* AES(RIJNDAEL) */
-extern vchar_t *eay_aes_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_aes_weakkey __P((vchar_t *));
-extern int eay_aes_keylen __P((int));
+extern vchar_t *eay_aes_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_aes_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_aes_weakkey(vchar_t *);
+extern int eay_aes_keylen(int);
/* AES GCM 16*/
-extern int eay_aesgcm_keylen __P((int));
+extern int eay_aesgcm_keylen(int);
#if defined(HAVE_OPENSSL_CAMELLIA_H)
/* Camellia */
-extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-extern int eay_camellia_weakkey __P((vchar_t *));
-extern int eay_camellia_keylen __P((int));
+extern vchar_t *eay_camellia_encrypt(vchar_t *, vchar_t *, vchar_t *);
+extern vchar_t *eay_camellia_decrypt(vchar_t *, vchar_t *, vchar_t *);
+extern int eay_camellia_weakkey(vchar_t *);
+extern int eay_camellia_keylen(int);
#endif
/* misc */
-extern int eay_null_keylen __P((int));
-extern int eay_null_hashlen __P((void));
-extern int eay_kpdk_hashlen __P((void));
-extern int eay_twofish_keylen __P((int));
+extern int eay_null_keylen(int);
+extern int eay_null_hashlen(void);
+extern int eay_kpdk_hashlen(void);
+extern int eay_twofish_keylen(int);
/* hash */
#if defined(WITH_SHA2)
/* HMAC SHA2 */
-extern vchar_t *eay_hmacsha2_512_one __P((vchar_t *, vchar_t *));
-extern caddr_t eay_hmacsha2_512_init __P((vchar_t *));
-extern void eay_hmacsha2_512_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_hmacsha2_512_final __P((caddr_t));
-extern vchar_t *eay_hmacsha2_384_one __P((vchar_t *, vchar_t *));
-extern caddr_t eay_hmacsha2_384_init __P((vchar_t *));
-extern void eay_hmacsha2_384_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_hmacsha2_384_final __P((caddr_t));
-extern vchar_t *eay_hmacsha2_256_one __P((vchar_t *, vchar_t *));
-extern caddr_t eay_hmacsha2_256_init __P((vchar_t *));
-extern void eay_hmacsha2_256_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_hmacsha2_256_final __P((caddr_t));
+extern vchar_t *eay_hmacsha2_512_one(vchar_t *, vchar_t *);
+extern caddr_t eay_hmacsha2_512_init(vchar_t *);
+extern void eay_hmacsha2_512_update(caddr_t, vchar_t *);
+extern vchar_t *eay_hmacsha2_512_final(caddr_t);
+extern vchar_t *eay_hmacsha2_384_one(vchar_t *, vchar_t *);
+extern caddr_t eay_hmacsha2_384_init(vchar_t *);
+extern void eay_hmacsha2_384_update(caddr_t, vchar_t *);
+extern vchar_t *eay_hmacsha2_384_final(caddr_t);
+extern vchar_t *eay_hmacsha2_256_one(vchar_t *, vchar_t *);
+extern caddr_t eay_hmacsha2_256_init(vchar_t *);
+extern void eay_hmacsha2_256_update(caddr_t, vchar_t *);
+extern vchar_t *eay_hmacsha2_256_final(caddr_t);
#endif
/* HMAC SHA1 */
-extern vchar_t *eay_hmacsha1_one __P((vchar_t *, vchar_t *));
-extern caddr_t eay_hmacsha1_init __P((vchar_t *));
-extern void eay_hmacsha1_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_hmacsha1_final __P((caddr_t));
+extern vchar_t *eay_hmacsha1_one(vchar_t *, vchar_t *);
+extern caddr_t eay_hmacsha1_init(vchar_t *);
+extern void eay_hmacsha1_update(caddr_t, vchar_t *);
+extern vchar_t *eay_hmacsha1_final(caddr_t);
/* HMAC MD5 */
-extern vchar_t *eay_hmacmd5_one __P((vchar_t *, vchar_t *));
-extern caddr_t eay_hmacmd5_init __P((vchar_t *));
-extern void eay_hmacmd5_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_hmacmd5_final __P((caddr_t));
+extern vchar_t *eay_hmacmd5_one(vchar_t *, vchar_t *);
+extern caddr_t eay_hmacmd5_init(vchar_t *);
+extern void eay_hmacmd5_update(caddr_t, vchar_t *);
+extern vchar_t *eay_hmacmd5_final(caddr_t);
#if defined(WITH_SHA2)
/* SHA2 functions */
-extern caddr_t eay_sha2_512_init __P((void));
-extern void eay_sha2_512_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_sha2_512_final __P((caddr_t));
-extern vchar_t *eay_sha2_512_one __P((vchar_t *));
+extern caddr_t eay_sha2_512_init(void);
+extern void eay_sha2_512_update(caddr_t, vchar_t *);
+extern vchar_t *eay_sha2_512_final(caddr_t);
+extern vchar_t *eay_sha2_512_one(vchar_t *);
#endif
-extern int eay_sha2_512_hashlen __P((void));
+extern int eay_sha2_512_hashlen(void);
#if defined(WITH_SHA2)
-extern caddr_t eay_sha2_384_init __P((void));
-extern void eay_sha2_384_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_sha2_384_final __P((caddr_t));
-extern vchar_t *eay_sha2_384_one __P((vchar_t *));
+extern caddr_t eay_sha2_384_init(void);
+extern void eay_sha2_384_update(caddr_t, vchar_t *);
+extern vchar_t *eay_sha2_384_final(caddr_t);
+extern vchar_t *eay_sha2_384_one(vchar_t *);
#endif
-extern int eay_sha2_384_hashlen __P((void));
+extern int eay_sha2_384_hashlen(void);
#if defined(WITH_SHA2)
-extern caddr_t eay_sha2_256_init __P((void));
-extern void eay_sha2_256_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_sha2_256_final __P((caddr_t));
-extern vchar_t *eay_sha2_256_one __P((vchar_t *));
+extern caddr_t eay_sha2_256_init(void);
+extern void eay_sha2_256_update(caddr_t, vchar_t *);
+extern vchar_t *eay_sha2_256_final(caddr_t);
+extern vchar_t *eay_sha2_256_one(vchar_t *);
#endif
-extern int eay_sha2_256_hashlen __P((void));
+extern int eay_sha2_256_hashlen(void);
/* SHA functions */
-extern caddr_t eay_sha1_init __P((void));
-extern void eay_sha1_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_sha1_final __P((caddr_t));
-extern vchar_t *eay_sha1_one __P((vchar_t *));
-extern int eay_sha1_hashlen __P((void));
+extern caddr_t eay_sha1_init(void);
+extern void eay_sha1_update(caddr_t, vchar_t *);
+extern vchar_t *eay_sha1_final(caddr_t);
+extern vchar_t *eay_sha1_one(vchar_t *);
+extern int eay_sha1_hashlen(void);
/* MD5 functions */
-extern caddr_t eay_md5_init __P((void));
-extern void eay_md5_update __P((caddr_t, vchar_t *));
-extern vchar_t *eay_md5_final __P((caddr_t));
-extern vchar_t *eay_md5_one __P((vchar_t *));
-extern int eay_md5_hashlen __P((void));
+extern caddr_t eay_md5_init(void);
+extern void eay_md5_update(caddr_t, vchar_t *);
+extern vchar_t *eay_md5_final(caddr_t);
+extern vchar_t *eay_md5_one(vchar_t *);
+extern int eay_md5_hashlen(void);
/* RNG */
-extern vchar_t *eay_set_random __P((u_int32_t));
-extern u_int32_t eay_random __P((void));
+extern vchar_t *eay_set_random(u_int32_t);
+extern u_int32_t eay_random(void);
/* DH */
-extern int eay_dh_generate __P((vchar_t *, u_int32_t, u_int, vchar_t **, vchar_t **));
-extern int eay_dh_compute __P((vchar_t *, u_int32_t, vchar_t *, vchar_t *, vchar_t *, vchar_t **));
+extern int eay_dh_generate(vchar_t *, u_int32_t, u_int, vchar_t **, vchar_t **);
+extern int eay_dh_compute(vchar_t *, u_int32_t, vchar_t *, vchar_t *,
+ vchar_t *, vchar_t **);
/* Base 64 */
-vchar_t *base64_encode(char *in, long inlen);
-vchar_t *base64_decode(char *in, long inlen);
+vchar_t *base64_encode(char *, long);
+vchar_t *base64_decode(char *, long);
-RSA *base64_pubkey2rsa(char *in);
-RSA *bignum_pubkey2rsa(BIGNUM *in);
+RSA *base64_pubkey2rsa(char *);
+RSA *bignum_pubkey2rsa(BIGNUM *);
/* misc */
-extern int eay_revbnl __P((vchar_t *));
+extern int eay_revbnl(vchar_t *);
#include <openssl/bn.h>
-extern int eay_v2bn __P((BIGNUM **, vchar_t *));
-extern int eay_bn2v __P((vchar_t **, BIGNUM *));
+extern int eay_v2bn(BIGNUM **, vchar_t *);
+extern int eay_bn2v(vchar_t **, BIGNUM *);
-extern const char *eay_version __P((void));
+extern const char *eay_version(void);
#define CBC_BLOCKLEN 8
#define IPSEC_ENCRYPTKEYLEN 8
Index: src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y
diff -u src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.6 src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.7
--- src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.6 Wed Mar 2 09:49:21 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y Tue Feb 6 22:59:03 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: prsa_par.y,v 1.6 2011/03/02 14:49:21 vanhu Exp $ */
+/* $NetBSD: prsa_par.y,v 1.7 2018/02/07 03:59:03 christos Exp $ */
/* Id: prsa_par.y,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
@@ -174,31 +174,26 @@ statement:
rsa_statement:
TAG_RSA OBRACE params EBRACE
{
+ const BIGNUM *n, *e, *d;
+ RSA_get0_key(rsa_cur, &n, &e, &d);
if (prsa_cur_type == RSA_TYPE_PUBLIC) {
prsawarning("Using private key for public key purpose.\n");
- if (!rsa_cur->n || !rsa_cur->e) {
+ if (!n || !e) {
prsaerror("Incomplete key. Mandatory parameters are missing!\n");
YYABORT;
}
}
else {
- if (!rsa_cur->n || !rsa_cur->e || !rsa_cur->d) {
+ const BIGNUM *p, *q, *dmp1, *dmq1, *iqmp;
+ if (!n || !e || !d) {
prsaerror("Incomplete key. Mandatory parameters are missing!\n");
YYABORT;
}
- if (!rsa_cur->p || !rsa_cur->q || !rsa_cur->dmp1
- || !rsa_cur->dmq1 || !rsa_cur->iqmp) {
- if (rsa_cur->p) BN_clear_free(rsa_cur->p);
- if (rsa_cur->q) BN_clear_free(rsa_cur->q);
- if (rsa_cur->dmp1) BN_clear_free(rsa_cur->dmp1);
- if (rsa_cur->dmq1) BN_clear_free(rsa_cur->dmq1);
- if (rsa_cur->iqmp) BN_clear_free(rsa_cur->iqmp);
-
- rsa_cur->p = NULL;
- rsa_cur->q = NULL;
- rsa_cur->dmp1 = NULL;
- rsa_cur->dmq1 = NULL;
- rsa_cur->iqmp = NULL;
+ RSA_get0_factors(rsa_cur, &p, &q);
+ RSA_get0_crt_params(rsa_cur, &dmp1, &dmq1, &iqmp);
+ if (!p || !q || !dmp1 || !dmq1 || !iqmp) {
+ RSA_free(rsa_cur);
+ rsa_cur = RSA_new();
}
}
$$ = rsa_cur;
@@ -301,21 +296,93 @@ params:
param:
MODULUS COLON HEX
- { if (!rsa_cur->n) rsa_cur->n = $3; else { prsaerror ("Modulus already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *n;
+ RSA_get0_key(rsa_cur, &n, NULL, NULL);
+ if (!n)
+ RSA_set0_key(rsa_cur, $3, NULL, NULL);
+ else {
+ prsaerror("Modulus already defined\n");
+ YYABORT;
+ }
+ }
| PUBLIC_EXPONENT COLON HEX
- { if (!rsa_cur->e) rsa_cur->e = $3; else { prsaerror ("PublicExponent already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *e;
+ RSA_get0_key(rsa_cur, NULL, &e, NULL);
+ if (!e)
+ RSA_set0_key(rsa_cur, NULL, $3, NULL);
+ else {
+ prsaerror("PublicExponent already defined\n");
+ YYABORT;
+ }
+ }
| PRIVATE_EXPONENT COLON HEX
- { if (!rsa_cur->d) rsa_cur->d = $3; else { prsaerror ("PrivateExponent already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *d;
+ RSA_get0_key(rsa_cur, NULL, NULL, &d);
+ if (!d)
+ RSA_set0_key(rsa_cur, NULL, NULL, $3);
+ else {
+ prsaerror("PrivateExponent already defined\n");
+ YYABORT;
+ }
+ }
| PRIME1 COLON HEX
- { if (!rsa_cur->p) rsa_cur->p = $3; else { prsaerror ("Prime1 already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *p;
+ RSA_get0_factors(rsa_cur, &p, NULL);
+ if (!p)
+ RSA_set0_factors(rsa_cur, $3, NULL);
+ else {
+ prsaerror("Prime1 already defined\n");
+ YYABORT;
+ }
+ }
| PRIME2 COLON HEX
- { if (!rsa_cur->q) rsa_cur->q = $3; else { prsaerror ("Prime2 already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *q;
+ RSA_get0_factors(rsa_cur, NULL, &q);
+ if (!q)
+ RSA_set0_factors(rsa_cur, NULL, $3);
+ else {
+ prsaerror("Prime2 already defined\n");
+ YYABORT;
+ }
+ }
| EXPONENT1 COLON HEX
- { if (!rsa_cur->dmp1) rsa_cur->dmp1 = $3; else { prsaerror ("Exponent1 already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *dmp1;
+ RSA_get0_crt_params(rsa_cur, &dmp1, NULL, NULL);
+ if (!dmp1)
+ RSA_set0_crt_params(rsa_cur, $3, NULL, NULL);
+ else {
+ prsaerror("Exponent1 already defined\n");
+ YYABORT;
+ }
+ }
| EXPONENT2 COLON HEX
- { if (!rsa_cur->dmq1) rsa_cur->dmq1 = $3; else { prsaerror ("Exponent2 already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *dmq1;
+ RSA_get0_crt_params(rsa_cur, NULL, &dmq1, NULL);
+ if (!dmq1)
+ RSA_set0_crt_params(rsa_cur, NULL, $3, NULL);
+ else {
+ prsaerror("Exponent2 already defined\n");
+ YYABORT;
+ }
+ }
| COEFFICIENT COLON HEX
- { if (!rsa_cur->iqmp) rsa_cur->iqmp = $3; else { prsaerror ("Coefficient already defined\n"); YYABORT; } }
+ {
+ const BIGNUM *iqmp;
+ RSA_get0_crt_params(rsa_cur, NULL, NULL, &iqmp);
+ if (!iqmp)
+ RSA_set0_crt_params(rsa_cur, NULL, NULL, $3);
+ else {
+ prsaerror("Coefficient already defined\n");
+ YYABORT;
+ }
+ }
;
%%
Index: src/crypto/dist/ipsec-tools/src/racoon/rsalist.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/rsalist.c:1.6 src/crypto/dist/ipsec-tools/src/racoon/rsalist.c:1.7
--- src/crypto/dist/ipsec-tools/src/racoon/rsalist.c:1.6 Mon Mar 14 11:50:36 2011
+++ src/crypto/dist/ipsec-tools/src/racoon/rsalist.c Tue Feb 6 22:59:03 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: rsalist.c,v 1.6 2011/03/14 15:50:36 vanhu Exp $ */
+/* $NetBSD: rsalist.c,v 1.7 2018/02/07 03:59:03 christos Exp $ */
/* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
@@ -98,7 +98,9 @@ rsa_key_dup(struct rsa_key *key)
return NULL;
if (key->rsa) {
- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
+ const BIGNUM *d;
+ RSA_get0_key(key->rsa, NULL, NULL, &d);
+ new->rsa = d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
if (new->rsa == NULL)
goto dup_error;
}
