Module Name: src Committed By: christos Date: Wed Feb 7 03:59:03 UTC 2018
Modified Files: src/crypto/dist/ipsec-tools/src/racoon: crypto_openssl.c crypto_openssl.h prsa_par.y rsalist.c Log Message: Welcome to the 21st century Buck Rogers: OpenSSL-1.1 To generate a diff of this commit: cvs rdiff -u -r1.26 -r1.27 \ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c cvs rdiff -u -r1.8 -r1.9 \ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h cvs rdiff -u -r1.6 -r1.7 src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y \ src/crypto/dist/ipsec-tools/src/racoon/rsalist.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c diff -u src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.26 src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.27 --- src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.26 Sun Jun 11 18:12:56 2017 +++ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c Tue Feb 6 22:59:03 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: crypto_openssl.c,v 1.26 2017/06/11 22:12:56 christos Exp $ */ +/* $NetBSD: crypto_openssl.c,v 1.27 2018/02/07 03:59:03 christos Exp $ */ /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ @@ -109,11 +109,11 @@ * necessary for SSLeay/OpenSSL portability. It sucks. */ -static int cb_check_cert_local __P((int, X509_STORE_CTX *)); -static int cb_check_cert_remote __P((int, X509_STORE_CTX *)); -static X509 *mem2x509 __P((vchar_t *)); +static int cb_check_cert_local(int, X509_STORE_CTX *); +static int cb_check_cert_remote(int, X509_STORE_CTX *); +static X509 *mem2x509(vchar_t *); -static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *)); +static caddr_t eay_hmac_init(vchar_t *, const EVP_MD *); /* X509 Certificate */ /* @@ -312,13 +312,19 @@ eay_cmp_asn1dn(n1, n2) for(idx = 0; idx < X509_NAME_entry_count(a); idx++) { X509_NAME_ENTRY *ea = X509_NAME_get_entry(a, idx); X509_NAME_ENTRY *eb = X509_NAME_get_entry(b, idx); + ASN1_STRING *eda, *edb; if (!eb) { /* reached end of eb while still entries in ea, can not be equal... */ i = idx+1; goto end; } - if ((ea->value->length == 1 && ea->value->data[0] == '*') || - (eb->value->length == 1 && eb->value->data[0] == '*')) { - if (OBJ_cmp(ea->object,eb->object)) { + eda = X509_NAME_ENTRY_get_data(ea); + edb = X509_NAME_ENTRY_get_data(eb); + if ((eda->length == 1 && eda->data[0] == '*') || + (edb->length == 1 && edb->data[0] == '*')) { + ASN1_OBJECT *eoa, *eob; + eoa = X509_NAME_ENTRY_get_object(ea); + eob = X509_NAME_ENTRY_get_object(eb); + if (OBJ_cmp(eoa, eob)) { i = idx+1; goto end; } @@ -426,19 +432,17 @@ cb_check_cert_local(ok, ctx) X509_STORE_CTX *ctx; { char buf[256]; - int log_tag; + int log_tag, error; if (!ok) { - X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert), - buf, - 256); + X509_NAME_oneline(X509_get_subject_name( + X509_STORE_CTX_get_current_cert(ctx)), buf, 256); /* * since we are just checking the certificates, it is * ok if they are self signed. But we should still warn * the user. */ - switch (ctx->error) { + switch (error = X509_STORE_CTX_get_error(ctx)) { case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: case X509_V_ERR_INVALID_CA: @@ -453,9 +457,8 @@ cb_check_cert_local(ok, ctx) } plog(log_tag, LOCATION, NULL, "%s(%d) at depth:%d SubjectName:%s\n", - X509_verify_cert_error_string(ctx->error), - ctx->error, - ctx->error_depth, + X509_verify_cert_error_string(error), error, + X509_STORE_CTX_get_error_depth(ctx), buf); } ERR_clear_error(); @@ -473,14 +476,12 @@ cb_check_cert_remote(ok, ctx) X509_STORE_CTX *ctx; { char buf[256]; - int log_tag; + int log_tag, error; if (!ok) { - X509_NAME_oneline( - X509_get_subject_name(ctx->current_cert), - buf, - 256); - switch (ctx->error) { + X509_NAME_oneline(X509_get_subject_name( + X509_STORE_CTX_get_current_cert(ctx)), buf, 256); + switch (error = X509_STORE_CTX_get_error(ctx)) { case X509_V_ERR_UNABLE_TO_GET_CRL: ok = 1; log_tag = LLV_WARNING; @@ -490,9 +491,9 @@ cb_check_cert_remote(ok, ctx) } plog(log_tag, LOCATION, NULL, "%s(%d) at depth:%d SubjectName:%s\n", - X509_verify_cert_error_string(ctx->error), - ctx->error, - ctx->error_depth, + X509_verify_cert_error_string(error), + error, + X509_STORE_CTX_get_error_depth(ctx), buf); } ERR_clear_error(); @@ -508,6 +509,7 @@ eay_get_x509asn1subjectname(cert) vchar_t *cert; { X509 *x509 = NULL; + X509_NAME *xname; u_char *bp; vchar_t *name = NULL; int len; @@ -517,13 +519,14 @@ eay_get_x509asn1subjectname(cert) goto error; /* get the length of the name */ - len = i2d_X509_NAME(x509->cert_info->subject, NULL); + xname = X509_get_subject_name(x509); + len = i2d_X509_NAME(xname, NULL); name = vmalloc(len); if (!name) goto error; /* get the name */ bp = (unsigned char *) name->v; - len = i2d_X509_NAME(x509->cert_info->subject, &bp); + len = i2d_X509_NAME(xname, &bp); X509_free(x509); @@ -674,6 +677,7 @@ eay_get_x509asn1issuername(cert) vchar_t *cert; { X509 *x509 = NULL; + X509_NAME *xissuer; u_char *bp; vchar_t *name = NULL; int len; @@ -683,14 +687,15 @@ eay_get_x509asn1issuername(cert) goto error; /* get the length of the name */ - len = i2d_X509_NAME(x509->cert_info->issuer, NULL); + xissuer = X509_get_issuer_name(x509); + len = i2d_X509_NAME(xissuer, NULL); name = vmalloc(len); if (name == NULL) goto error; /* get the name */ bp = (unsigned char *) name->v; - len = i2d_X509_NAME(x509->cert_info->issuer, &bp); + len = i2d_X509_NAME(xissuer, &bp); X509_free(x509); @@ -871,7 +876,7 @@ eay_check_x509sign(source, sig, cert) return -1; } - res = eay_rsa_verify(source, sig, evp->pkey.rsa); + res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp)); EVP_PKEY_free(evp); X509_free(x509); @@ -1013,7 +1018,7 @@ eay_get_x509sign(src, privkey) if (evp == NULL) return NULL; - sig = eay_rsa_sign(src, evp->pkey.rsa); + sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp)); EVP_PKEY_free(evp); @@ -1121,7 +1126,7 @@ vchar_t * evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) { vchar_t *res; - EVP_CIPHER_CTX ctx; + EVP_CIPHER_CTX *ctx; if (!e) return NULL; @@ -1132,7 +1137,9 @@ evp_crypt(vchar_t *data, vchar_t *key, v if ((res = vmalloc(data->l)) == NULL) return NULL; - EVP_CIPHER_CTX_init(&ctx); + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) + return NULL; switch(EVP_CIPHER_nid(e)){ case NID_bf_cbc: @@ -1146,54 +1153,41 @@ evp_crypt(vchar_t *data, vchar_t *key, v /* XXX: can we do that also for algos with a fixed key size ? */ /* init context without key/iv - */ - if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) - { - OpenSSL_BUG(); - vfree(res); - return NULL; - } - - /* update key size - */ - if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) - { - OpenSSL_BUG(); - vfree(res); - return NULL; - } - - /* finalize context init with desired key size - */ - if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, - (u_char *) iv->v, enc)) - { - OpenSSL_BUG(); - vfree(res); - return NULL; - } + */ + if (!EVP_CipherInit(ctx, e, NULL, NULL, enc)) + goto out; + + /* update key size + */ + if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l)) + goto out; + + /* finalize context init with desired key size + */ + if (!EVP_CipherInit(ctx, NULL, (u_char *)key->v, + (u_char *)iv->v, enc)) + goto out; break; default: - if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, - (u_char *) iv->v, enc)) { - OpenSSL_BUG(); - vfree(res); - return NULL; - } + if (!EVP_CipherInit(ctx, e, (u_char *) key->v, + (u_char *) iv->v, enc)) + goto out; } /* disable openssl padding */ - EVP_CIPHER_CTX_set_padding(&ctx, 0); + EVP_CIPHER_CTX_set_padding(ctx, 0); - if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { - OpenSSL_BUG(); - vfree(res); - return NULL; - } + if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l)) + goto out; - EVP_CIPHER_CTX_cleanup(&ctx); + EVP_CIPHER_CTX_free(ctx); return res; +out: + EVP_CIPHER_CTX_free(ctx); + OpenSSL_BUG(); + vfree(res); + return NULL; } int @@ -1348,7 +1342,7 @@ eay_bf_keylen(len) return len; } -#ifdef HAVE_OPENSSL_RC5_H +#ifdef HAVE_OPENSSL_RC5_H /* * RC5-CBC */ @@ -1734,9 +1728,9 @@ eay_hmac_init(key, md) vchar_t *key; const EVP_MD *md; { - HMAC_CTX *c = racoon_malloc(sizeof(*c)); + HMAC_CTX *c = HMAC_CTX_new(); - HMAC_Init(c, key->v, key->l, md); + HMAC_Init_ex(c, key->v, key->l, md, NULL); return (caddr_t)c; } @@ -1804,19 +1798,19 @@ eay_hmacsha2_512_update(c, data) } vchar_t * -eay_hmacsha2_512_final(c) - caddr_t c; +eay_hmacsha2_512_final(cv) + caddr_t cv; { vchar_t *res; + HMAC_CTX *c = (HMAC_CTX *)cv; unsigned int l; if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0) return NULL; - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + HMAC_Final(c, (unsigned char *) res->v, &l); res->l = l; - HMAC_cleanup((HMAC_CTX *)c); - (void)racoon_free(c); + HMAC_CTX_free(c); if (SHA512_DIGEST_LENGTH != res->l) { plog(LLV_ERROR, LOCATION, NULL, @@ -1854,19 +1848,19 @@ eay_hmacsha2_384_update(c, data) } vchar_t * -eay_hmacsha2_384_final(c) - caddr_t c; +eay_hmacsha2_384_final(cv) + caddr_t cv; { + HMAC_CTX *c = (HMAC_CTX *)cv; vchar_t *res; unsigned int l; if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0) return NULL; - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + HMAC_Final(c, (unsigned char *) res->v, &l); res->l = l; - HMAC_cleanup((HMAC_CTX *)c); - (void)racoon_free(c); + HMAC_CTX_free(c); if (SHA384_DIGEST_LENGTH != res->l) { plog(LLV_ERROR, LOCATION, NULL, @@ -1904,19 +1898,19 @@ eay_hmacsha2_256_update(c, data) } vchar_t * -eay_hmacsha2_256_final(c) - caddr_t c; +eay_hmacsha2_256_final(cv) + caddr_t cv; { + HMAC_CTX *c = (HMAC_CTX *)cv; vchar_t *res; unsigned int l; if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0) return NULL; - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + HMAC_Final(c, (unsigned char *) res->v, &l); res->l = l; - HMAC_cleanup((HMAC_CTX *)c); - (void)racoon_free(c); + HMAC_CTX_free(c); if (SHA256_DIGEST_LENGTH != res->l) { plog(LLV_ERROR, LOCATION, NULL, @@ -1955,19 +1949,19 @@ eay_hmacsha1_update(c, data) } vchar_t * -eay_hmacsha1_final(c) - caddr_t c; +eay_hmacsha1_final(cv) + caddr_t cv; { + HMAC_CTX *c = (HMAC_CTX *)cv; vchar_t *res; unsigned int l; if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0) return NULL; - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + HMAC_Final(c, (unsigned char *) res->v, &l); res->l = l; - HMAC_cleanup((HMAC_CTX *)c); - (void)racoon_free(c); + HMAC_CTX_free(c); if (SHA_DIGEST_LENGTH != res->l) { plog(LLV_ERROR, LOCATION, NULL, @@ -2005,19 +1999,19 @@ eay_hmacmd5_update(c, data) } vchar_t * -eay_hmacmd5_final(c) - caddr_t c; +eay_hmacmd5_final(cv) + caddr_t cv; { + HMAC_CTX *c = (HMAC_CTX *)cv; vchar_t *res; unsigned int l; if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0) return NULL; - HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + HMAC_Final(c, (unsigned char *) res->v, &l); res->l = l; - HMAC_cleanup((HMAC_CTX *)c); - (void)racoon_free(c); + HMAC_CTX_free(c); if (MD5_DIGEST_LENGTH != res->l) { plog(LLV_ERROR, LOCATION, NULL, @@ -2314,12 +2308,13 @@ end: /* DH */ int -eay_dh_generate(prime, g, publen, pub, priv) +eay_dh_generate(prime, ig, publen, pub, priv) vchar_t *prime, **pub, **priv; u_int publen; - u_int32_t g; + u_int32_t ig; { - BIGNUM *p = NULL; + BIGNUM *p = NULL, *g = NULL; + const BIGNUM *pub_key, *priv_key; DH *dh = NULL; int error = -1; @@ -2330,25 +2325,26 @@ eay_dh_generate(prime, g, publen, pub, p if ((dh = DH_new()) == NULL) goto end; - dh->p = p; - p = NULL; /* p is now part of dh structure */ - dh->g = NULL; - if ((dh->g = BN_new()) == NULL) + if ((g = BN_new()) == NULL) + goto end; + if (!BN_set_word(g, ig)) goto end; - if (!BN_set_word(dh->g, g)) + if (!DH_set0_pqg(dh, p, NULL, g)) goto end; if (publen != 0) - dh->length = publen; + DH_set_length(dh, publen); /* generate public and private number */ if (!DH_generate_key(dh)) goto end; + DH_get0_key(dh, &pub_key, &priv_key); + /* copy results to buffers */ - if (eay_bn2v(pub, dh->pub_key) < 0) + if (eay_bn2v(pub, __UNCONST(pub_key)) < 0) goto end; - if (eay_bn2v(priv, dh->priv_key) < 0) { + if (eay_bn2v(priv, __UNCONST(priv_key)) < 0) { vfree(*pub); goto end; } @@ -2358,17 +2354,18 @@ eay_dh_generate(prime, g, publen, pub, p end: if (dh != NULL) DH_free(dh); - if (p != 0) - BN_free(p); + BN_free(p); + BN_free(g); return(error); } int -eay_dh_compute(prime, g, pub, priv, pub2, key) +eay_dh_compute(prime, ig, pub, priv, pub2, key) vchar_t *prime, *pub, *priv, *pub2, **key; - u_int32_t g; + u_int32_t ig; { BIGNUM *dh_pub = NULL; + BIGNUM *p = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL; DH *dh = NULL; int l; unsigned char *v = NULL; @@ -2381,22 +2378,30 @@ eay_dh_compute(prime, g, pub, priv, pub2 /* make DH structure */ if ((dh = DH_new()) == NULL) goto end; - if (eay_v2bn(&dh->p, prime) < 0) + if (eay_v2bn(&p, prime) < 0) goto end; - if (eay_v2bn(&dh->pub_key, pub) < 0) + + if (eay_v2bn(&pub_key, pub) < 0) goto end; - if (eay_v2bn(&dh->priv_key, priv) < 0) + if (eay_v2bn(&priv_key, priv) < 0) goto end; - dh->length = pub2->l * 8; - dh->g = NULL; - if ((dh->g = BN_new()) == NULL) + DH_set_length(dh, pub2->l * 8); + + if ((g = BN_new()) == NULL) goto end; - if (!BN_set_word(dh->g, g)) + if (!BN_set_word(g, ig)) + goto end; + + if (!DH_set0_pqg(dh, p, NULL, g)) + goto end; + + if (!DH_set0_key(dh, pub_key, priv_key)) goto end; if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) goto end; + if ((l = DH_compute_key(v, dh_pub, dh)) == -1) goto end; memcpy((*key)->v + (prime->l - l), v, l); @@ -2404,13 +2409,16 @@ eay_dh_compute(prime, g, pub, priv, pub2 error = 0; end: - if (dh_pub != NULL) - BN_free(dh_pub); + BN_free(dh_pub); + BN_free(pub_key); + BN_free(priv_key); + BN_free(p); + BN_free(g); if (dh != NULL) DH_free(dh); if (v != NULL) racoon_free(v); - return(error); + return error; } /* @@ -2548,21 +2556,18 @@ binbuf_pubkey2rsa(vchar_t *binbuf) if (!exp || !mod || !rsa_pub) { plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror()); - if (exp) - BN_free(exp); - if (mod) - BN_free(exp); - if (rsa_pub) - RSA_free(rsa_pub); - rsa_pub = NULL; goto out; } - rsa_pub->n = mod; - rsa_pub->e = exp; + if (!RSA_set0_key(rsa_pub, mod, exp, NULL)) + goto out; -out: return rsa_pub; +out: + BN_free(exp); + BN_free(exp); + RSA_free(rsa_pub); + return NULL; } RSA * Index: src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h diff -u src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h:1.8 src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h:1.9 --- src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h:1.8 Thu Nov 29 10:31:25 2012 +++ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.h Tue Feb 6 22:59:03 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: crypto_openssl.h,v 1.8 2012/11/29 15:31:25 vanhu Exp $ */ +/* $NetBSD: crypto_openssl.h,v 1.9 2018/02/07 03:59:03 christos Exp $ */ /* Id: crypto_openssl.h,v 1.11 2004/11/13 11:28:01 manubsd Exp */ @@ -47,188 +47,189 @@ #define GENT_IPADD GEN_IPADD #define GENT_RID GEN_RID -extern vchar_t *eay_str2asn1dn __P((const char *, int)); -extern vchar_t *eay_hex2asn1dn __P((const char *, int)); -extern int eay_cmp_asn1dn __P((vchar_t *, vchar_t *)); -extern int eay_check_x509cert __P((vchar_t *, char *, char *, int)); -extern vchar_t *eay_get_x509asn1subjectname __P((vchar_t *)); -extern int eay_get_x509subjectaltname __P((vchar_t *, char **, int *, int)); -extern vchar_t * eay_get_x509asn1issuername __P((vchar_t *)); -extern char *eay_get_x509text __P((vchar_t *)); -extern vchar_t *eay_get_x509cert __P((char *)); -extern vchar_t *eay_get_x509sign __P((vchar_t *, vchar_t *)); -extern int eay_check_x509sign __P((vchar_t *, vchar_t *, vchar_t *)); +extern vchar_t *eay_str2asn1dn(const char *, int); +extern vchar_t *eay_hex2asn1dn(const char *, int); +extern int eay_cmp_asn1dn(vchar_t *, vchar_t *); +extern int eay_check_x509cert(vchar_t *, char *, char *, int); +extern vchar_t *eay_get_x509asn1subjectname(vchar_t *); +extern int eay_get_x509subjectaltname(vchar_t *, char **, int *, int); +extern vchar_t * eay_get_x509asn1issuername(vchar_t *); +extern char *eay_get_x509text(vchar_t *); +extern vchar_t *eay_get_x509cert(char *); +extern vchar_t *eay_get_x509sign(vchar_t *, vchar_t *); +extern int eay_check_x509sign(vchar_t *, vchar_t *, vchar_t *); -extern int eay_check_rsasign __P((vchar_t *, vchar_t *, RSA *)); -extern vchar_t *eay_get_rsasign __P((vchar_t *, RSA *)); +extern int eay_check_rsasign(vchar_t *, vchar_t *, RSA *); +extern vchar_t *eay_get_rsasign(vchar_t *, RSA *); /* RSA */ -extern vchar_t *eay_rsa_sign __P((vchar_t *, RSA *)); -extern int eay_rsa_verify __P((vchar_t *, vchar_t *, RSA *)); +extern vchar_t *eay_rsa_sign(vchar_t *, RSA *); +extern int eay_rsa_verify(vchar_t *, vchar_t *, RSA *); /* ASN.1 */ -extern vchar_t *eay_get_pkcs1privkey __P((char *)); -extern vchar_t *eay_get_pkcs1pubkey __P((char *)); +extern vchar_t *eay_get_pkcs1privkey(char *); +extern vchar_t *eay_get_pkcs1pubkey(char *); /* string error */ -extern char *eay_strerror __P((void)); +extern char *eay_strerror(void); /* OpenSSL initialization */ -extern void eay_init __P((void)); +extern void eay_init(void); /* Generic EVP */ -extern vchar_t *evp_crypt __P((vchar_t *data, vchar_t *key, vchar_t *iv, - const EVP_CIPHER *e, int enc)); -extern int evp_weakkey __P((vchar_t *key, const EVP_CIPHER *e)); -extern int evp_keylen __P((int len, const EVP_CIPHER *e)); +extern vchar_t *evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, + const EVP_CIPHER *e, int enc); +extern int evp_weakkey(vchar_t *key, const EVP_CIPHER *e); +extern int evp_keylen(int len, const EVP_CIPHER *e); /* DES */ -extern vchar_t *eay_des_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_des_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_des_weakkey __P((vchar_t *)); -extern int eay_des_keylen __P((int)); +extern vchar_t *eay_des_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_des_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_des_weakkey(vchar_t *); +extern int eay_des_keylen(int); /* IDEA */ -extern vchar_t *eay_idea_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_idea_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_idea_weakkey __P((vchar_t *)); -extern int eay_idea_keylen __P((int)); +extern vchar_t *eay_idea_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_idea_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_idea_weakkey(vchar_t *); +extern int eay_idea_keylen(int); /* blowfish */ -extern vchar_t *eay_bf_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_bf_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_bf_weakkey __P((vchar_t *)); -extern int eay_bf_keylen __P((int)); +extern vchar_t *eay_bf_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_bf_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_bf_weakkey(vchar_t *); +extern int eay_bf_keylen(int); /* RC5 */ -extern vchar_t *eay_rc5_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_rc5_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_rc5_weakkey __P((vchar_t *)); -extern int eay_rc5_keylen __P((int)); +extern vchar_t *eay_rc5_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_rc5_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_rc5_weakkey(vchar_t *); +extern int eay_rc5_keylen(int); /* 3DES */ -extern vchar_t *eay_3des_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_3des_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_3des_weakkey __P((vchar_t *)); -extern int eay_3des_keylen __P((int)); +extern vchar_t *eay_3des_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_3des_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_3des_weakkey(vchar_t *); +extern int eay_3des_keylen(int); /* CAST */ -extern vchar_t *eay_cast_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_cast_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_cast_weakkey __P((vchar_t *)); -extern int eay_cast_keylen __P((int)); +extern vchar_t *eay_cast_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_cast_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_cast_weakkey(vchar_t *); +extern int eay_cast_keylen(int); /* AES(RIJNDAEL) */ -extern vchar_t *eay_aes_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_aes_weakkey __P((vchar_t *)); -extern int eay_aes_keylen __P((int)); +extern vchar_t *eay_aes_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_aes_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_aes_weakkey(vchar_t *); +extern int eay_aes_keylen(int); /* AES GCM 16*/ -extern int eay_aesgcm_keylen __P((int)); +extern int eay_aesgcm_keylen(int); #if defined(HAVE_OPENSSL_CAMELLIA_H) /* Camellia */ -extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); -extern int eay_camellia_weakkey __P((vchar_t *)); -extern int eay_camellia_keylen __P((int)); +extern vchar_t *eay_camellia_encrypt(vchar_t *, vchar_t *, vchar_t *); +extern vchar_t *eay_camellia_decrypt(vchar_t *, vchar_t *, vchar_t *); +extern int eay_camellia_weakkey(vchar_t *); +extern int eay_camellia_keylen(int); #endif /* misc */ -extern int eay_null_keylen __P((int)); -extern int eay_null_hashlen __P((void)); -extern int eay_kpdk_hashlen __P((void)); -extern int eay_twofish_keylen __P((int)); +extern int eay_null_keylen(int); +extern int eay_null_hashlen(void); +extern int eay_kpdk_hashlen(void); +extern int eay_twofish_keylen(int); /* hash */ #if defined(WITH_SHA2) /* HMAC SHA2 */ -extern vchar_t *eay_hmacsha2_512_one __P((vchar_t *, vchar_t *)); -extern caddr_t eay_hmacsha2_512_init __P((vchar_t *)); -extern void eay_hmacsha2_512_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_hmacsha2_512_final __P((caddr_t)); -extern vchar_t *eay_hmacsha2_384_one __P((vchar_t *, vchar_t *)); -extern caddr_t eay_hmacsha2_384_init __P((vchar_t *)); -extern void eay_hmacsha2_384_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_hmacsha2_384_final __P((caddr_t)); -extern vchar_t *eay_hmacsha2_256_one __P((vchar_t *, vchar_t *)); -extern caddr_t eay_hmacsha2_256_init __P((vchar_t *)); -extern void eay_hmacsha2_256_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_hmacsha2_256_final __P((caddr_t)); +extern vchar_t *eay_hmacsha2_512_one(vchar_t *, vchar_t *); +extern caddr_t eay_hmacsha2_512_init(vchar_t *); +extern void eay_hmacsha2_512_update(caddr_t, vchar_t *); +extern vchar_t *eay_hmacsha2_512_final(caddr_t); +extern vchar_t *eay_hmacsha2_384_one(vchar_t *, vchar_t *); +extern caddr_t eay_hmacsha2_384_init(vchar_t *); +extern void eay_hmacsha2_384_update(caddr_t, vchar_t *); +extern vchar_t *eay_hmacsha2_384_final(caddr_t); +extern vchar_t *eay_hmacsha2_256_one(vchar_t *, vchar_t *); +extern caddr_t eay_hmacsha2_256_init(vchar_t *); +extern void eay_hmacsha2_256_update(caddr_t, vchar_t *); +extern vchar_t *eay_hmacsha2_256_final(caddr_t); #endif /* HMAC SHA1 */ -extern vchar_t *eay_hmacsha1_one __P((vchar_t *, vchar_t *)); -extern caddr_t eay_hmacsha1_init __P((vchar_t *)); -extern void eay_hmacsha1_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_hmacsha1_final __P((caddr_t)); +extern vchar_t *eay_hmacsha1_one(vchar_t *, vchar_t *); +extern caddr_t eay_hmacsha1_init(vchar_t *); +extern void eay_hmacsha1_update(caddr_t, vchar_t *); +extern vchar_t *eay_hmacsha1_final(caddr_t); /* HMAC MD5 */ -extern vchar_t *eay_hmacmd5_one __P((vchar_t *, vchar_t *)); -extern caddr_t eay_hmacmd5_init __P((vchar_t *)); -extern void eay_hmacmd5_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_hmacmd5_final __P((caddr_t)); +extern vchar_t *eay_hmacmd5_one(vchar_t *, vchar_t *); +extern caddr_t eay_hmacmd5_init(vchar_t *); +extern void eay_hmacmd5_update(caddr_t, vchar_t *); +extern vchar_t *eay_hmacmd5_final(caddr_t); #if defined(WITH_SHA2) /* SHA2 functions */ -extern caddr_t eay_sha2_512_init __P((void)); -extern void eay_sha2_512_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_sha2_512_final __P((caddr_t)); -extern vchar_t *eay_sha2_512_one __P((vchar_t *)); +extern caddr_t eay_sha2_512_init(void); +extern void eay_sha2_512_update(caddr_t, vchar_t *); +extern vchar_t *eay_sha2_512_final(caddr_t); +extern vchar_t *eay_sha2_512_one(vchar_t *); #endif -extern int eay_sha2_512_hashlen __P((void)); +extern int eay_sha2_512_hashlen(void); #if defined(WITH_SHA2) -extern caddr_t eay_sha2_384_init __P((void)); -extern void eay_sha2_384_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_sha2_384_final __P((caddr_t)); -extern vchar_t *eay_sha2_384_one __P((vchar_t *)); +extern caddr_t eay_sha2_384_init(void); +extern void eay_sha2_384_update(caddr_t, vchar_t *); +extern vchar_t *eay_sha2_384_final(caddr_t); +extern vchar_t *eay_sha2_384_one(vchar_t *); #endif -extern int eay_sha2_384_hashlen __P((void)); +extern int eay_sha2_384_hashlen(void); #if defined(WITH_SHA2) -extern caddr_t eay_sha2_256_init __P((void)); -extern void eay_sha2_256_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_sha2_256_final __P((caddr_t)); -extern vchar_t *eay_sha2_256_one __P((vchar_t *)); +extern caddr_t eay_sha2_256_init(void); +extern void eay_sha2_256_update(caddr_t, vchar_t *); +extern vchar_t *eay_sha2_256_final(caddr_t); +extern vchar_t *eay_sha2_256_one(vchar_t *); #endif -extern int eay_sha2_256_hashlen __P((void)); +extern int eay_sha2_256_hashlen(void); /* SHA functions */ -extern caddr_t eay_sha1_init __P((void)); -extern void eay_sha1_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_sha1_final __P((caddr_t)); -extern vchar_t *eay_sha1_one __P((vchar_t *)); -extern int eay_sha1_hashlen __P((void)); +extern caddr_t eay_sha1_init(void); +extern void eay_sha1_update(caddr_t, vchar_t *); +extern vchar_t *eay_sha1_final(caddr_t); +extern vchar_t *eay_sha1_one(vchar_t *); +extern int eay_sha1_hashlen(void); /* MD5 functions */ -extern caddr_t eay_md5_init __P((void)); -extern void eay_md5_update __P((caddr_t, vchar_t *)); -extern vchar_t *eay_md5_final __P((caddr_t)); -extern vchar_t *eay_md5_one __P((vchar_t *)); -extern int eay_md5_hashlen __P((void)); +extern caddr_t eay_md5_init(void); +extern void eay_md5_update(caddr_t, vchar_t *); +extern vchar_t *eay_md5_final(caddr_t); +extern vchar_t *eay_md5_one(vchar_t *); +extern int eay_md5_hashlen(void); /* RNG */ -extern vchar_t *eay_set_random __P((u_int32_t)); -extern u_int32_t eay_random __P((void)); +extern vchar_t *eay_set_random(u_int32_t); +extern u_int32_t eay_random(void); /* DH */ -extern int eay_dh_generate __P((vchar_t *, u_int32_t, u_int, vchar_t **, vchar_t **)); -extern int eay_dh_compute __P((vchar_t *, u_int32_t, vchar_t *, vchar_t *, vchar_t *, vchar_t **)); +extern int eay_dh_generate(vchar_t *, u_int32_t, u_int, vchar_t **, vchar_t **); +extern int eay_dh_compute(vchar_t *, u_int32_t, vchar_t *, vchar_t *, + vchar_t *, vchar_t **); /* Base 64 */ -vchar_t *base64_encode(char *in, long inlen); -vchar_t *base64_decode(char *in, long inlen); +vchar_t *base64_encode(char *, long); +vchar_t *base64_decode(char *, long); -RSA *base64_pubkey2rsa(char *in); -RSA *bignum_pubkey2rsa(BIGNUM *in); +RSA *base64_pubkey2rsa(char *); +RSA *bignum_pubkey2rsa(BIGNUM *); /* misc */ -extern int eay_revbnl __P((vchar_t *)); +extern int eay_revbnl(vchar_t *); #include <openssl/bn.h> -extern int eay_v2bn __P((BIGNUM **, vchar_t *)); -extern int eay_bn2v __P((vchar_t **, BIGNUM *)); +extern int eay_v2bn(BIGNUM **, vchar_t *); +extern int eay_bn2v(vchar_t **, BIGNUM *); -extern const char *eay_version __P((void)); +extern const char *eay_version(void); #define CBC_BLOCKLEN 8 #define IPSEC_ENCRYPTKEYLEN 8 Index: src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y diff -u src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.6 src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.7 --- src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.6 Wed Mar 2 09:49:21 2011 +++ src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y Tue Feb 6 22:59:03 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: prsa_par.y,v 1.6 2011/03/02 14:49:21 vanhu Exp $ */ +/* $NetBSD: prsa_par.y,v 1.7 2018/02/07 03:59:03 christos Exp $ */ /* Id: prsa_par.y,v 1.3 2004/11/08 12:04:23 ludvigm Exp */ @@ -174,31 +174,26 @@ statement: rsa_statement: TAG_RSA OBRACE params EBRACE { + const BIGNUM *n, *e, *d; + RSA_get0_key(rsa_cur, &n, &e, &d); if (prsa_cur_type == RSA_TYPE_PUBLIC) { prsawarning("Using private key for public key purpose.\n"); - if (!rsa_cur->n || !rsa_cur->e) { + if (!n || !e) { prsaerror("Incomplete key. Mandatory parameters are missing!\n"); YYABORT; } } else { - if (!rsa_cur->n || !rsa_cur->e || !rsa_cur->d) { + const BIGNUM *p, *q, *dmp1, *dmq1, *iqmp; + if (!n || !e || !d) { prsaerror("Incomplete key. Mandatory parameters are missing!\n"); YYABORT; } - if (!rsa_cur->p || !rsa_cur->q || !rsa_cur->dmp1 - || !rsa_cur->dmq1 || !rsa_cur->iqmp) { - if (rsa_cur->p) BN_clear_free(rsa_cur->p); - if (rsa_cur->q) BN_clear_free(rsa_cur->q); - if (rsa_cur->dmp1) BN_clear_free(rsa_cur->dmp1); - if (rsa_cur->dmq1) BN_clear_free(rsa_cur->dmq1); - if (rsa_cur->iqmp) BN_clear_free(rsa_cur->iqmp); - - rsa_cur->p = NULL; - rsa_cur->q = NULL; - rsa_cur->dmp1 = NULL; - rsa_cur->dmq1 = NULL; - rsa_cur->iqmp = NULL; + RSA_get0_factors(rsa_cur, &p, &q); + RSA_get0_crt_params(rsa_cur, &dmp1, &dmq1, &iqmp); + if (!p || !q || !dmp1 || !dmq1 || !iqmp) { + RSA_free(rsa_cur); + rsa_cur = RSA_new(); } } $$ = rsa_cur; @@ -301,21 +296,93 @@ params: param: MODULUS COLON HEX - { if (!rsa_cur->n) rsa_cur->n = $3; else { prsaerror ("Modulus already defined\n"); YYABORT; } } + { + const BIGNUM *n; + RSA_get0_key(rsa_cur, &n, NULL, NULL); + if (!n) + RSA_set0_key(rsa_cur, $3, NULL, NULL); + else { + prsaerror("Modulus already defined\n"); + YYABORT; + } + } | PUBLIC_EXPONENT COLON HEX - { if (!rsa_cur->e) rsa_cur->e = $3; else { prsaerror ("PublicExponent already defined\n"); YYABORT; } } + { + const BIGNUM *e; + RSA_get0_key(rsa_cur, NULL, &e, NULL); + if (!e) + RSA_set0_key(rsa_cur, NULL, $3, NULL); + else { + prsaerror("PublicExponent already defined\n"); + YYABORT; + } + } | PRIVATE_EXPONENT COLON HEX - { if (!rsa_cur->d) rsa_cur->d = $3; else { prsaerror ("PrivateExponent already defined\n"); YYABORT; } } + { + const BIGNUM *d; + RSA_get0_key(rsa_cur, NULL, NULL, &d); + if (!d) + RSA_set0_key(rsa_cur, NULL, NULL, $3); + else { + prsaerror("PrivateExponent already defined\n"); + YYABORT; + } + } | PRIME1 COLON HEX - { if (!rsa_cur->p) rsa_cur->p = $3; else { prsaerror ("Prime1 already defined\n"); YYABORT; } } + { + const BIGNUM *p; + RSA_get0_factors(rsa_cur, &p, NULL); + if (!p) + RSA_set0_factors(rsa_cur, $3, NULL); + else { + prsaerror("Prime1 already defined\n"); + YYABORT; + } + } | PRIME2 COLON HEX - { if (!rsa_cur->q) rsa_cur->q = $3; else { prsaerror ("Prime2 already defined\n"); YYABORT; } } + { + const BIGNUM *q; + RSA_get0_factors(rsa_cur, NULL, &q); + if (!q) + RSA_set0_factors(rsa_cur, NULL, $3); + else { + prsaerror("Prime2 already defined\n"); + YYABORT; + } + } | EXPONENT1 COLON HEX - { if (!rsa_cur->dmp1) rsa_cur->dmp1 = $3; else { prsaerror ("Exponent1 already defined\n"); YYABORT; } } + { + const BIGNUM *dmp1; + RSA_get0_crt_params(rsa_cur, &dmp1, NULL, NULL); + if (!dmp1) + RSA_set0_crt_params(rsa_cur, $3, NULL, NULL); + else { + prsaerror("Exponent1 already defined\n"); + YYABORT; + } + } | EXPONENT2 COLON HEX - { if (!rsa_cur->dmq1) rsa_cur->dmq1 = $3; else { prsaerror ("Exponent2 already defined\n"); YYABORT; } } + { + const BIGNUM *dmq1; + RSA_get0_crt_params(rsa_cur, NULL, &dmq1, NULL); + if (!dmq1) + RSA_set0_crt_params(rsa_cur, NULL, $3, NULL); + else { + prsaerror("Exponent2 already defined\n"); + YYABORT; + } + } | COEFFICIENT COLON HEX - { if (!rsa_cur->iqmp) rsa_cur->iqmp = $3; else { prsaerror ("Coefficient already defined\n"); YYABORT; } } + { + const BIGNUM *iqmp; + RSA_get0_crt_params(rsa_cur, NULL, NULL, &iqmp); + if (!iqmp) + RSA_set0_crt_params(rsa_cur, NULL, NULL, $3); + else { + prsaerror("Coefficient already defined\n"); + YYABORT; + } + } ; %% Index: src/crypto/dist/ipsec-tools/src/racoon/rsalist.c diff -u src/crypto/dist/ipsec-tools/src/racoon/rsalist.c:1.6 src/crypto/dist/ipsec-tools/src/racoon/rsalist.c:1.7 --- src/crypto/dist/ipsec-tools/src/racoon/rsalist.c:1.6 Mon Mar 14 11:50:36 2011 +++ src/crypto/dist/ipsec-tools/src/racoon/rsalist.c Tue Feb 6 22:59:03 2018 @@ -1,4 +1,4 @@ -/* $NetBSD: rsalist.c,v 1.6 2011/03/14 15:50:36 vanhu Exp $ */ +/* $NetBSD: rsalist.c,v 1.7 2018/02/07 03:59:03 christos Exp $ */ /* Id: rsalist.c,v 1.3 2004/11/08 12:04:23 ludvigm Exp */ @@ -98,7 +98,9 @@ rsa_key_dup(struct rsa_key *key) return NULL; if (key->rsa) { - new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa); + const BIGNUM *d; + RSA_get0_key(key->rsa, NULL, NULL, &d); + new->rsa = d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa); if (new->rsa == NULL) goto dup_error; }