Context Navigation

crypto_openssl.c @ ff36f5e

55-freebsd-126-freebsd-12

Last change on this file since ff36f5e was ff36f5e, checked in by Christian Mauderer <christian.mauderer@…>, on 05/30/18 at 12:27:35

Import ipsec-tools 0.8.2.

Import unchanged ipsec-tools sources in the release version 0.8.2. The
homepage of ipsec-tools is http://ipsec-tools.sourceforge.net/. The
sources can be obtained from there.

Property mode set to 100644

File size: 45.3 KB

Line
1	/* $NetBSD: crypto_openssl.c,v 1.20.4.3 2012/12/24 14:50:39 tteras Exp $ */
2
3	/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4
5	/*
6	* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7	* All rights reserved.
8	*
9	* Redistribution and use in source and binary forms, with or without
10	* modification, are permitted provided that the following conditions
11	* are met:
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	* 2. Redistributions in binary form must reproduce the above copyright
15	* notice, this list of conditions and the following disclaimer in the
16	* documentation and/or other materials provided with the distribution.
17	* 3. Neither the name of the project nor the names of its contributors
18	* may be used to endorse or promote products derived from this software
19	* without specific prior written permission.
20	*
21	* THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24	* ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31	* SUCH DAMAGE.
32	*/
33
34	#include "config.h"
35
36	#include <sys/types.h>
37	#include <sys/param.h>
38
39	#include <stdlib.h>
40	#include <stdio.h>
41	#include <limits.h>
42	#include <string.h>
43
44	/* get openssl/ssleay version number */
45	#include <openssl/opensslv.h>
46
47	#if !defined(OPENSSL_VERSION_NUMBER) \|\| (OPENSSL_VERSION_NUMBER < 0x0090813fL)
48	#error OpenSSL version 0.9.8s or later required.
49	#endif
50
51	#include <openssl/pem.h>
52	#include <openssl/evp.h>
53	#include <openssl/x509.h>
54	#include <openssl/x509v3.h>
55	#include <openssl/x509_vfy.h>
56	#include <openssl/bn.h>
57	#include <openssl/dh.h>
58	#include <openssl/md5.h>
59	#include <openssl/sha.h>
60	#include <openssl/hmac.h>
61	#include <openssl/des.h>
62	#include <openssl/crypto.h>
63	#ifdef HAVE_OPENSSL_ENGINE_H
64	#include <openssl/engine.h>
65	#endif
66	#include <openssl/blowfish.h>
67	#include <openssl/cast.h>
68	#include <openssl/err.h>
69	#ifdef HAVE_OPENSSL_RC5_H
70	#include <openssl/rc5.h>
71	#endif
72	#ifdef HAVE_OPENSSL_IDEA_H
73	#include <openssl/idea.h>
74	#endif
75	#if defined(HAVE_OPENSSL_AES_H)
76	#include <openssl/aes.h>
77	#elif defined(HAVE_OPENSSL_RIJNDAEL_H)
78	#include <openssl/rijndael.h>
79	#else
80	#include "crypto/rijndael/rijndael-api-fst.h"
81	#endif
82	#if defined(HAVE_OPENSSL_CAMELLIA_H)
83	#include <openssl/camellia.h>
84	#endif
85	#ifdef WITH_SHA2
86	#ifdef HAVE_OPENSSL_SHA2_H
87	#include <openssl/sha2.h>
88	#else
89	#include "crypto/sha2/sha2.h"
90	#endif
91	#endif
92	#include "plog.h"
93
94	#define USE_NEW_DES_API
95
96	#define OpenSSL_BUG() do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
97
98	#include "var.h"
99	#include "misc.h"
100	#include "vmbuf.h"
101	#include "plog.h"
102	#include "crypto_openssl.h"
103	#include "debug.h"
104	#include "gcmalloc.h"
105	#include "isakmp.h"
106
107	/*
108	* I hate to cast every parameter to des_xx into void *, but it is
109	* necessary for SSLeay/OpenSSL portability. It sucks.
110	*/
111
112	static int cb_check_cert_local __P((int, X509_STORE_CTX *));
113	static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
114	static X509 mem2x509 __P((vchar_t ));
115
116	static caddr_t eay_hmac_init __P((vchar_t , const EVP_MD ));
117
118	/* X509 Certificate */
119	/*
120	* convert the string of the subject name into DER
121	* e.g. str = "C=JP, ST=Kanagawa";
122	*/
123	vchar_t *
124	eay_str2asn1dn(str, len)
125	const char *str;
126	int len;
127	{
128	X509_NAME *name;
129	char buf, dst;
130	char field, value;
131	int i;
132	vchar_t *ret = NULL;
133	caddr_t p;
134
135	if (len == -1)
136	len = strlen(str);
137
138	buf = racoon_malloc(len + 1);
139	if (!buf) {
140	plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
141	return NULL;
142	}
143	memcpy(buf, str, len);
144
145	name = X509_NAME_new();
146
147	dst = field = &buf[0];
148	value = NULL;
149	for (i = 0; i < len; i++) {
150	if (buf[i] == '\\') {
151	/* Escape characters specified in RFC 2253 */
152	if (i < len - 1 &&
153	strchr("\\,=+<>#;", buf[i+1]) != NULL) {
154	*dst++ = buf[++i];
155	continue;
156	} else if (i < len - 2) {
157	/* RFC 2253 hexpair character escape */
158	long u;
159	char esc_str[3];
160	char *endptr;
161
162	esc_str[0] = buf[++i];
163	esc_str[1] = buf[++i];
164	esc_str[2] = '\0';
165	u = strtol(esc_str, &endptr, 16);
166	if (*endptr != '\0' \|\| u < 0 \|\| u > 255)
167	goto err;
168	*dst++ = u;
169	continue;
170	} else
171	goto err;
172	}
173	if (!value && buf[i] == '=') {
174	*dst = '\0';
175	dst = value = &buf[i + 1];
176	continue;
177	} else if (buf[i] == ',' \|\| buf[i] == '/') {
178	*dst = '\0';
179
180	plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
181	field, value);
182
183	if (!value) goto err;
184	if (!X509_NAME_add_entry_by_txt(name, field,
185	(value[0] == '*' && value[1] == 0) ?
186	V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
187	(unsigned char *) value, -1, -1, 0)) {
188	plog(LLV_ERROR, LOCATION, NULL,
189	"Invalid DN field: %s=%s\n",
190	field, value);
191	plog(LLV_ERROR, LOCATION, NULL,
192	"%s\n", eay_strerror());
193	goto err;
194	}
195
196	while (i + 1 < len && buf[i + 1] == ' ') i++;
197	dst = field = &buf[i + 1];
198	value = NULL;
199	continue;
200	} else {
201	*dst++ = buf[i];
202	}
203	}
204	*dst = '\0';
205
206	plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
207	field, value);
208
209	if (!value) goto err;
210	if (!X509_NAME_add_entry_by_txt(name, field,
211	(value[0] == '*' && value[1] == 0) ?
212	V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
213	(unsigned char *) value, -1, -1, 0)) {
214	plog(LLV_ERROR, LOCATION, NULL,
215	"Invalid DN field: %s=%s\n",
216	field, value);
217	plog(LLV_ERROR, LOCATION, NULL,
218	"%s\n", eay_strerror());
219	goto err;
220	}
221
222	i = i2d_X509_NAME(name, NULL);
223	if (!i)
224	goto err;
225	ret = vmalloc(i);
226	if (!ret)
227	goto err;
228	p = ret->v;
229	i = i2d_X509_NAME(name, (void *)&p);
230	if (!i)
231	goto err;
232
233	return ret;
234
235	err:
236	if (buf)
237	racoon_free(buf);
238	if (name)
239	X509_NAME_free(name);
240	if (ret)
241	vfree(ret);
242	return NULL;
243	}
244
245	/*
246	* convert the hex string of the subject name into DER
247	*/
248	vchar_t *
249	eay_hex2asn1dn(const char *hex, int len)
250	{
251	BIGNUM *bn = BN_new();
252	char *binbuf;
253	size_t binlen;
254	vchar_t *ret = NULL;
255
256	if (len == -1)
257	len = strlen(hex);
258
259	if (BN_hex2bn(&bn, hex) != len) {
260	plog(LLV_ERROR, LOCATION, NULL,
261	"conversion of Hex-encoded ASN1 string to binary failed: %s\n",
262	eay_strerror());
263	goto out;
264	}
265
266	binlen = BN_num_bytes(bn);
267	ret = vmalloc(binlen);
268	if (!ret) {
269	plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
270	return NULL;
271	}
272	binbuf = ret->v;
273
274	BN_bn2bin(bn, (unsigned char *) binbuf);
275
276	out:
277	BN_free(bn);
278
279	return ret;
280	}
281
282	/*
283	* compare two subjectNames.
284	* OUT: 0: equal
285	* positive:
286	* -1: other error.
287	*/
288	int
289	eay_cmp_asn1dn(n1, n2)
290	vchar_t n1, n2;
291	{
292	X509_NAME a = NULL, b = NULL;
293	caddr_t p;
294	char oneLine[512];
295	int i = -1;
296	int idx;
297
298	p = n1->v;
299	if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) {
300	plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: first dn not a dn");
301	goto end;
302	}
303	plog(LLV_DEBUG, LOCATION, NULL, "1st name: %s\n", X509_NAME_oneline(a, oneLine, sizeof(oneLine)));
304	p = n2->v;
305	if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) {
306	plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: second dn not a dn");
307	goto end;
308	}
309	plog(LLV_DEBUG, LOCATION, NULL, "2nd name: %s\n", X509_NAME_oneline(b, oneLine, sizeof(oneLine)));
310
311	/* handle wildcard: do not compare entry content but only entry object type */
312	for(idx = 0; idx < X509_NAME_entry_count(a); idx++) {
313	X509_NAME_ENTRY *ea = X509_NAME_get_entry(a, idx);
314	X509_NAME_ENTRY *eb = X509_NAME_get_entry(b, idx);
315	if (!eb) { /* reached end of eb while still entries in ea, can not be equal... */
316	i = idx+1;
317	goto end;
318	}
319	if ((ea->value->length == 1 && ea->value->data[0] == '*') \|\|
320	(eb->value->length == 1 && eb->value->data[0] == '*')) {
321	if (OBJ_cmp(ea->object,eb->object)) {
322	i = idx+1;
323	goto end;
324	}
325	/* OK: object type equals, we don't care for this entry anymore, so let's forget it... */
326	X509_NAME_delete_entry(a, idx);
327	X509_NAME_delete_entry(b, idx);
328	X509_NAME_ENTRY_free(ea);
329	X509_NAME_ENTRY_free(eb);
330	idx--;
331	}
332	}
333	if (X509_NAME_entry_count(a) == 0 && X509_NAME_entry_count(b) == 0)
334	i = 0;
335	else
336	i = X509_NAME_cmp(a, b);
337
338	end:
339	if (a)
340	X509_NAME_free(a);
341	if (b)
342	X509_NAME_free(b);
343	return i;
344	}
345
346	/*
347	* this functions is derived from apps/verify.c in OpenSSL0.9.5
348	*/
349	int
350	eay_check_x509cert(cert, CApath, CAfile, local)
351	vchar_t *cert;
352	char *CApath;
353	char *CAfile;
354	int local;
355	{
356	X509_STORE *cert_ctx = NULL;
357	X509_LOOKUP *lookup = NULL;
358	X509 *x509 = NULL;
359	X509_STORE_CTX *csc;
360	int error = -1;
361
362	cert_ctx = X509_STORE_new();
363	if (cert_ctx == NULL)
364	goto end;
365
366	if (local)
367	X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
368	else
369	X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
370
371	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
372	if (lookup == NULL)
373	goto end;
374
375	X509_LOOKUP_load_file(lookup, CAfile,
376	(CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
377
378	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
379	if (lookup == NULL)
380	goto end;
381	error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
382	if(!error) {
383	error = -1;
384	goto end;
385	}
386	error = -1; /* initialized */
387
388	/* read the certificate to be verified */
389	x509 = mem2x509(cert);
390	if (x509 == NULL)
391	goto end;
392
393	csc = X509_STORE_CTX_new();
394	if (csc == NULL)
395	goto end;
396	X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
397	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
398	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
399	error = X509_verify_cert(csc);
400	X509_STORE_CTX_free(csc);
401
402	/*
403	* if x509_verify_cert() is successful then the value of error is
404	* set non-zero.
405	*/
406	error = error ? 0 : -1;
407
408	end:
409	if (error)
410	plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
411	if (cert_ctx != NULL)
412	X509_STORE_free(cert_ctx);
413	if (x509 != NULL)
414	X509_free(x509);
415
416	return(error);
417	}
418
419	/*
420	* callback function for verifing certificate.
421	* this function is derived from cb() in openssl/apps/s_server.c
422	*/
423	static int
424	cb_check_cert_local(ok, ctx)
425	int ok;
426	X509_STORE_CTX *ctx;
427	{
428	char buf[256];
429	int log_tag;
430
431	if (!ok) {
432	X509_NAME_oneline(
433	X509_get_subject_name(ctx->current_cert),
434	buf,
435	256);
436	/*
437	* since we are just checking the certificates, it is
438	* ok if they are self signed. But we should still warn
439	* the user.
440	*/
441	switch (ctx->error) {
442	case X509_V_ERR_CERT_HAS_EXPIRED:
443	case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
444	case X509_V_ERR_INVALID_CA:
445	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
446	case X509_V_ERR_INVALID_PURPOSE:
447	case X509_V_ERR_UNABLE_TO_GET_CRL:
448	ok = 1;
449	log_tag = LLV_WARNING;
450	break;
451	default:
452	log_tag = LLV_ERROR;
453	}
454	plog(log_tag, LOCATION, NULL,
455	"%s(%d) at depth:%d SubjectName:%s\n",
456	X509_verify_cert_error_string(ctx->error),
457	ctx->error,
458	ctx->error_depth,
459	buf);
460	}
461	ERR_clear_error();
462
463	return ok;
464	}
465
466	/*
467	* callback function for verifing remote certificates.
468	* this function is derived from cb() in openssl/apps/s_server.c
469	*/
470	static int
471	cb_check_cert_remote(ok, ctx)
472	int ok;
473	X509_STORE_CTX *ctx;
474	{
475	char buf[256];
476	int log_tag;
477
478	if (!ok) {
479	X509_NAME_oneline(
480	X509_get_subject_name(ctx->current_cert),
481	buf,
482	256);
483	switch (ctx->error) {
484	case X509_V_ERR_UNABLE_TO_GET_CRL:
485	ok = 1;
486	log_tag = LLV_WARNING;
487	break;
488	default:
489	log_tag = LLV_ERROR;
490	}
491	plog(log_tag, LOCATION, NULL,
492	"%s(%d) at depth:%d SubjectName:%s\n",
493	X509_verify_cert_error_string(ctx->error),
494	ctx->error,
495	ctx->error_depth,
496	buf);
497	}
498	ERR_clear_error();
499
500	return ok;
501	}
502
503	/*
504	* get a subjectName from X509 certificate.
505	*/
506	vchar_t *
507	eay_get_x509asn1subjectname(cert)
508	vchar_t *cert;
509	{
510	X509 *x509 = NULL;
511	u_char *bp;
512	vchar_t *name = NULL;
513	int len;
514
515	x509 = mem2x509(cert);
516	if (x509 == NULL)
517	goto error;
518
519	/* get the length of the name */
520	len = i2d_X509_NAME(x509->cert_info->subject, NULL);
521	name = vmalloc(len);
522	if (!name)
523	goto error;
524	/* get the name */
525	bp = (unsigned char *) name->v;
526	len = i2d_X509_NAME(x509->cert_info->subject, &bp);
527
528	X509_free(x509);
529
530	return name;
531
532	error:
533	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
534
535	if (name != NULL)
536	vfree(name);
537
538	if (x509 != NULL)
539	X509_free(x509);
540
541	return NULL;
542	}
543
544	/*
545	* get the subjectAltName from X509 certificate.
546	* the name must be terminated by '\0'.
547	*/
548	int
549	eay_get_x509subjectaltname(cert, altname, type, pos)
550	vchar_t *cert;
551	char **altname;
552	int *type;
553	int pos;
554	{
555	X509 *x509 = NULL;
556	GENERAL_NAMES *gens = NULL;
557	GENERAL_NAME *gen;
558	int len;
559	int error = -1;
560
561	*altname = NULL;
562	*type = GENT_OTHERNAME;
563
564	x509 = mem2x509(cert);
565	if (x509 == NULL)
566	goto end;
567
568	gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
569	if (gens == NULL)
570	goto end;
571
572	/* there is no data at "pos" */
573	if (pos > sk_GENERAL_NAME_num(gens))
574	goto end;
575
576	gen = sk_GENERAL_NAME_value(gens, pos - 1);
577
578	/* read DNSName / Email */
579	if (gen->type == GEN_DNS \|\|
580	gen->type == GEN_EMAIL \|\|
581	gen->type == GEN_URI )
582	{
583	/* make sure if the data is terminated by '\0'. */
584	if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
585	{
586	plog(LLV_ERROR, LOCATION, NULL,
587	"data is not terminated by NUL.");
588	racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
589	goto end;
590	}
591
592	len = gen->d.ia5->length + 1;
593	*altname = racoon_malloc(len);
594	if (!*altname)
595	goto end;
596
597	strlcpy(altname, (char ) gen->d.ia5->data, len);
598	*type = gen->type;
599	error = 0;
600	}
601	/* read IP address */
602	else if (gen->type == GEN_IPADD)
603	{
604	unsigned char p[5], *ip;
605	ip = p;
606
607	/* only support IPv4 */
608	if (gen->d.ip->length != 4)
609	goto end;
610
611	/* convert Octet String to String
612	* XXX ???????
613	*/
614	/i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);/
615	ip = gen->d.ip->data;
616
617	/* XXX Magic, enough for an IPv4 address
618	*/
619	*altname = racoon_malloc(20);
620	if (!*altname)
621	goto end;
622
623	sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
624	*type = gen->type;
625	error = 0;
626	}
627	/* XXX other possible types ?
628	* For now, error will be -1 if unsupported type
629	*/
630
631	end:
632	if (error) {
633	if (*altname) {
634	racoon_free(*altname);
635	*altname = NULL;
636	}
637	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
638	}
639	if (x509)
640	X509_free(x509);
641	if (gens)
642	/* free the whole stack. */
643	sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
644
645	return error;
646	}
647
648	/*
649	* get a issuerName from X509 certificate.
650	*/
651	vchar_t *
652	eay_get_x509asn1issuername(cert)
653	vchar_t *cert;
654	{
655	X509 *x509 = NULL;
656	u_char *bp;
657	vchar_t *name = NULL;
658	int len;
659
660	x509 = mem2x509(cert);
661	if (x509 == NULL)
662	goto error;
663
664	/* get the length of the name */
665	len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
666	name = vmalloc(len);
667	if (name == NULL)
668	goto error;
669
670	/* get the name */
671	bp = (unsigned char *) name->v;
672	len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
673
674	X509_free(x509);
675
676	return name;
677
678	error:
679	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
680
681	if (name != NULL)
682	vfree(name);
683	if (x509 != NULL)
684	X509_free(x509);
685
686	return NULL;
687	}
688
689	/*
690	* decode a X509 certificate and make a readable text terminated '\n'.
691	* return the buffer allocated, so must free it later.
692	*/
693	char *
694	eay_get_x509text(cert)
695	vchar_t *cert;
696	{
697	X509 *x509 = NULL;
698	BIO *bio = NULL;
699	char *text = NULL;
700	u_char *bp = NULL;
701	int len = 0;
702	int error = -1;
703
704	x509 = mem2x509(cert);
705	if (x509 == NULL)
706	goto end;
707
708	bio = BIO_new(BIO_s_mem());
709	if (bio == NULL)
710	goto end;
711
712	error = X509_print(bio, x509);
713	if (error != 1) {
714	error = -1;
715	goto end;
716	}
717
718	len = BIO_get_mem_data(bio, &bp);
719	text = racoon_malloc(len + 1);
720	if (text == NULL)
721	goto end;
722	memcpy(text, bp, len);
723	text[len] = '\0';
724
725	error = 0;
726
727	end:
728	if (error) {
729	if (text) {
730	racoon_free(text);
731	text = NULL;
732	}
733	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
734	}
735	if (bio)
736	BIO_free(bio);
737	if (x509)
738	X509_free(x509);
739
740	return text;
741	}
742
743	/* get X509 structure from buffer. */
744	static X509 *
745	mem2x509(cert)
746	vchar_t *cert;
747	{
748	X509 *x509;
749
750	#ifndef EAYDEBUG
751	{
752	u_char *bp;
753
754	bp = (unsigned char *) cert->v + 1;
755
756	x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1);
757	}
758	#else
759	{
760	BIO *bio;
761	int len;
762
763	bio = BIO_new(BIO_s_mem());
764	if (bio == NULL)
765	return NULL;
766	len = BIO_write(bio, cert->v + 1, cert->l - 1);
767	if (len == -1)
768	return NULL;
769	x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
770	BIO_free(bio);
771	}
772	#endif
773	return x509;
774	}
775
776	/*
777	* get a X509 certificate from local file.
778	* a certificate must be PEM format.
779	* Input:
780	* path to a certificate.
781	* Output:
782	* NULL if error occured
783	* other is the cert.
784	*/
785	vchar_t *
786	eay_get_x509cert(path)
787	char *path;
788	{
789	FILE *fp;
790	X509 *x509;
791	vchar_t *cert;
792	u_char *bp;
793	int len;
794	int error;
795
796	/* Read private key */
797	fp = fopen(path, "r");
798	if (fp == NULL)
799	return NULL;
800	x509 = PEM_read_X509(fp, NULL, NULL, NULL);
801	fclose (fp);
802
803	if (x509 == NULL)
804	return NULL;
805
806	len = i2d_X509(x509, NULL);
807	cert = vmalloc(len + 1);
808	if (cert == NULL) {
809	X509_free(x509);
810	return NULL;
811	}
812	cert->v[0] = ISAKMP_CERT_X509SIGN;
813	bp = (unsigned char *) &cert->v[1];
814	error = i2d_X509(x509, &bp);
815	X509_free(x509);
816
817	if (error == 0) {
818	vfree(cert);
819	return NULL;
820	}
821
822	return cert;
823	}
824
825	/*
826	* check a X509 signature
827	* XXX: to be get hash type from my cert ?
828	* to be handled EVP_dss().
829	* OUT: return -1 when error.
830	* 0
831	*/
832	int
833	eay_check_x509sign(source, sig, cert)
834	vchar_t *source;
835	vchar_t *sig;
836	vchar_t *cert;
837	{
838	X509 *x509;
839	EVP_PKEY *evp;
840	int res;
841
842	x509 = mem2x509(cert);
843	if (x509 == NULL)
844	return -1;
845
846	evp = X509_get_pubkey(x509);
847	if (! evp) {
848	plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
849	X509_free(x509);
850	return -1;
851	}
852
853	res = eay_rsa_verify(source, sig, evp->pkey.rsa);
854
855	EVP_PKEY_free(evp);
856	X509_free(x509);
857
858	return res;
859	}
860
861	/*
862	* check RSA signature
863	* OUT: return -1 when error.
864	* 0 on success
865	*/
866	int
867	eay_check_rsasign(source, sig, rsa)
868	vchar_t *source;
869	vchar_t *sig;
870	RSA *rsa;
871	{
872	return eay_rsa_verify(source, sig, rsa);
873	}
874
875	/*
876	* get PKCS#1 Private Key of PEM format from local file.
877	*/
878	vchar_t *
879	eay_get_pkcs1privkey(path)
880	char *path;
881	{
882	FILE *fp;
883	EVP_PKEY *evp = NULL;
884	vchar_t *pkey = NULL;
885	u_char *bp;
886	int pkeylen;
887	int error = -1;
888
889	/* Read private key */
890	fp = fopen(path, "r");
891	if (fp == NULL)
892	return NULL;
893
894	evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
895
896	fclose (fp);
897
898	if (evp == NULL)
899	return NULL;
900
901	pkeylen = i2d_PrivateKey(evp, NULL);
902	if (pkeylen == 0)
903	goto end;
904	pkey = vmalloc(pkeylen);
905	if (pkey == NULL)
906	goto end;
907	bp = (unsigned char *) pkey->v;
908	pkeylen = i2d_PrivateKey(evp, &bp);
909	if (pkeylen == 0)
910	goto end;
911
912	error = 0;
913
914	end:
915	if (evp != NULL)
916	EVP_PKEY_free(evp);
917	if (error != 0 && pkey != NULL) {
918	vfree(pkey);
919	pkey = NULL;
920	}
921
922	return pkey;
923	}
924
925	/*
926	* get PKCS#1 Public Key of PEM format from local file.
927	*/
928	vchar_t *
929	eay_get_pkcs1pubkey(path)
930	char *path;
931	{
932	FILE *fp;
933	EVP_PKEY *evp = NULL;
934	vchar_t *pkey = NULL;
935	X509 *x509 = NULL;
936	u_char *bp;
937	int pkeylen;
938	int error = -1;
939
940	/* Read private key */
941	fp = fopen(path, "r");
942	if (fp == NULL)
943	return NULL;
944
945	x509 = PEM_read_X509(fp, NULL, NULL, NULL);
946
947	fclose (fp);
948
949	if (x509 == NULL)
950	return NULL;
951
952	/* Get public key - eay */
953	evp = X509_get_pubkey(x509);
954	if (evp == NULL)
955	return NULL;
956
957	pkeylen = i2d_PublicKey(evp, NULL);
958	if (pkeylen == 0)
959	goto end;
960	pkey = vmalloc(pkeylen);
961	if (pkey == NULL)
962	goto end;
963	bp = (unsigned char *) pkey->v;
964	pkeylen = i2d_PublicKey(evp, &bp);
965	if (pkeylen == 0)
966	goto end;
967
968	error = 0;
969	end:
970	if (evp != NULL)
971	EVP_PKEY_free(evp);
972	if (error != 0 && pkey != NULL) {
973	vfree(pkey);
974	pkey = NULL;
975	}
976
977	return pkey;
978	}
979
980	vchar_t *
981	eay_get_x509sign(src, privkey)
982	vchar_t src, privkey;
983	{
984	EVP_PKEY *evp;
985	u_char bp = (unsigned char ) privkey->v;
986	vchar_t *sig = NULL;
987	int len;
988	int pad = RSA_PKCS1_PADDING;
989
990	/* XXX to be handled EVP_PKEY_DSA */
991	evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
992	if (evp == NULL)
993	return NULL;
994
995	sig = eay_rsa_sign(src, evp->pkey.rsa);
996
997	EVP_PKEY_free(evp);
998
999	return sig;
1000	}
1001
1002	vchar_t *
1003	eay_get_rsasign(src, rsa)
1004	vchar_t *src;
1005	RSA *rsa;
1006	{
1007	return eay_rsa_sign(src, rsa);
1008	}
1009
1010	vchar_t *
1011	eay_rsa_sign(vchar_t src, RSA rsa)
1012	{
1013	int len;
1014	vchar_t *sig = NULL;
1015	int pad = RSA_PKCS1_PADDING;
1016
1017	len = RSA_size(rsa);
1018
1019	sig = vmalloc(len);
1020	if (sig == NULL)
1021	return NULL;
1022
1023	len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1024	(unsigned char *) sig->v, rsa, pad);
1025
1026	if (len == 0 \|\| len != sig->l) {
1027	vfree(sig);
1028	sig = NULL;
1029	}
1030
1031	return sig;
1032	}
1033
1034	int
1035	eay_rsa_verify(src, sig, rsa)
1036	vchar_t src, sig;
1037	RSA *rsa;
1038	{
1039	vchar_t *xbuf = NULL;
1040	int pad = RSA_PKCS1_PADDING;
1041	int len = 0;
1042	int error;
1043
1044	len = RSA_size(rsa);
1045	xbuf = vmalloc(len);
1046	if (xbuf == NULL) {
1047	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1048	return -1;
1049	}
1050
1051	len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1052	(unsigned char *) xbuf->v, rsa, pad);
1053	if (len == 0 \|\| len != src->l) {
1054	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1055	vfree(xbuf);
1056	return -1;
1057	}
1058
1059	error = memcmp(src->v, xbuf->v, src->l);
1060	vfree(xbuf);
1061	if (error != 0)
1062	return -1;
1063
1064	return 0;
1065	}
1066
1067	/*
1068	* get error string
1069	* MUST load ERR_load_crypto_strings() first.
1070	*/
1071	char *
1072	eay_strerror()
1073	{
1074	static char ebuf[512];
1075	int len = 0, n;
1076	unsigned long l;
1077	char buf[200];
1078	const char file, data;
1079	int line, flags;
1080	unsigned long es;
1081
1082	es = CRYPTO_thread_id();
1083
1084	while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1085	n = snprintf(ebuf + len, sizeof(ebuf) - len,
1086	"%lu:%s:%s:%d:%s ",
1087	es, ERR_error_string(l, buf), file, line,
1088	(flags & ERR_TXT_STRING) ? data : "");
1089	if (n < 0 \|\| n >= sizeof(ebuf) - len)
1090	break;
1091	len += n;
1092	if (sizeof(ebuf) < len)
1093	break;
1094	}
1095
1096	return ebuf;
1097	}
1098
1099	vchar_t *
1100	evp_crypt(vchar_t data, vchar_t key, vchar_t iv, const EVP_CIPHER e, int enc)
1101	{
1102	vchar_t *res;
1103	EVP_CIPHER_CTX ctx;
1104
1105	if (!e)
1106	return NULL;
1107
1108	if (data->l % EVP_CIPHER_block_size(e))
1109	return NULL;
1110
1111	if ((res = vmalloc(data->l)) == NULL)
1112	return NULL;
1113
1114	EVP_CIPHER_CTX_init(&ctx);
1115
1116	switch(EVP_CIPHER_nid(e)){
1117	case NID_bf_cbc:
1118	case NID_bf_ecb:
1119	case NID_bf_cfb64:
1120	case NID_bf_ofb64:
1121	case NID_cast5_cbc:
1122	case NID_cast5_ecb:
1123	case NID_cast5_cfb64:
1124	case NID_cast5_ofb64:
1125	/* XXX: can we do that also for algos with a fixed key size ?
1126	*/
1127	/* init context without key/iv
1128	*/
1129	if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1130	{
1131	OpenSSL_BUG();
1132	vfree(res);
1133	return NULL;
1134	}
1135
1136	/* update key size
1137	*/
1138	if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1139	{
1140	OpenSSL_BUG();
1141	vfree(res);
1142	return NULL;
1143	}
1144
1145	/* finalize context init with desired key size
1146	*/
1147	if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1148	(u_char *) iv->v, enc))
1149	{
1150	OpenSSL_BUG();
1151	vfree(res);
1152	return NULL;
1153	}
1154	break;
1155	default:
1156	if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1157	(u_char *) iv->v, enc)) {
1158	OpenSSL_BUG();
1159	vfree(res);
1160	return NULL;
1161	}
1162	}
1163
1164	/* disable openssl padding */
1165	EVP_CIPHER_CTX_set_padding(&ctx, 0);
1166
1167	if (!EVP_Cipher(&ctx, (u_char ) res->v, (u_char ) data->v, data->l)) {
1168	OpenSSL_BUG();
1169	vfree(res);
1170	return NULL;
1171	}
1172
1173	EVP_CIPHER_CTX_cleanup(&ctx);
1174
1175	return res;
1176	}
1177
1178	int
1179	evp_weakkey(vchar_t key, const EVP_CIPHER e)
1180	{
1181	return 0;
1182	}
1183
1184	int
1185	evp_keylen(int len, const EVP_CIPHER *e)
1186	{
1187	if (!e)
1188	return -1;
1189	/* EVP functions return lengths in bytes, ipsec-tools
1190	* uses lengths in bits, therefore conversion is required. --AK
1191	*/
1192	if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1193	return -1;
1194
1195	return EVP_CIPHER_key_length(e) << 3;
1196	}
1197
1198	/*
1199	* DES-CBC
1200	*/
1201	vchar_t *
1202	eay_des_encrypt(data, key, iv)
1203	vchar_t data, key, *iv;
1204	{
1205	return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1206	}
1207
1208	vchar_t *
1209	eay_des_decrypt(data, key, iv)
1210	vchar_t data, key, *iv;
1211	{
1212	return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1213	}
1214
1215	int
1216	eay_des_weakkey(key)
1217	vchar_t *key;
1218	{
1219	#ifdef USE_NEW_DES_API
1220	return DES_is_weak_key((void *)key->v);
1221	#else
1222	return des_is_weak_key((void *)key->v);
1223	#endif
1224	}
1225
1226	int
1227	eay_des_keylen(len)
1228	int len;
1229	{
1230	return evp_keylen(len, EVP_des_cbc());
1231	}
1232
1233	#ifdef HAVE_OPENSSL_IDEA_H
1234	/*
1235	* IDEA-CBC
1236	*/
1237	vchar_t *
1238	eay_idea_encrypt(data, key, iv)
1239	vchar_t data, key, *iv;
1240	{
1241	vchar_t *res;
1242	IDEA_KEY_SCHEDULE ks;
1243
1244	idea_set_encrypt_key((unsigned char *)key->v, &ks);
1245
1246	/* allocate buffer for result */
1247	if ((res = vmalloc(data->l)) == NULL)
1248	return NULL;
1249
1250	/* decryption data */
1251	idea_cbc_encrypt((unsigned char )data->v, (unsigned char )res->v, data->l,
1252	&ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1253
1254	return res;
1255	}
1256
1257	vchar_t *
1258	eay_idea_decrypt(data, key, iv)
1259	vchar_t data, key, *iv;
1260	{
1261	vchar_t *res;
1262	IDEA_KEY_SCHEDULE ks, dks;
1263
1264	idea_set_encrypt_key((unsigned char *)key->v, &ks);
1265	idea_set_decrypt_key(&ks, &dks);
1266
1267	/* allocate buffer for result */
1268	if ((res = vmalloc(data->l)) == NULL)
1269	return NULL;
1270
1271	/* decryption data */
1272	idea_cbc_encrypt((unsigned char )data->v, (unsigned char )res->v, data->l,
1273	&dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1274
1275	return res;
1276	}
1277
1278	int
1279	eay_idea_weakkey(key)
1280	vchar_t *key;
1281	{
1282	return 0; /* XXX */
1283	}
1284
1285	int
1286	eay_idea_keylen(len)
1287	int len;
1288	{
1289	if (len != 0 && len != 128)
1290	return -1;
1291	return 128;
1292	}
1293	#endif
1294
1295	/*
1296	* BLOWFISH-CBC
1297	*/
1298	vchar_t *
1299	eay_bf_encrypt(data, key, iv)
1300	vchar_t data, key, *iv;
1301	{
1302	return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1303	}
1304
1305	vchar_t *
1306	eay_bf_decrypt(data, key, iv)
1307	vchar_t data, key, *iv;
1308	{
1309	return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1310	}
1311
1312	int
1313	eay_bf_weakkey(key)
1314	vchar_t *key;
1315	{
1316	return 0; /* XXX to be done. refer to RFC 2451 */
1317	}
1318
1319	int
1320	eay_bf_keylen(len)
1321	int len;
1322	{
1323	if (len == 0)
1324	return 448;
1325	if (len < 40 \|\| len > 448)
1326	return -1;
1327	return len;
1328	}
1329
1330	#ifdef HAVE_OPENSSL_RC5_H
1331	/*
1332	* RC5-CBC
1333	*/
1334	vchar_t *
1335	eay_rc5_encrypt(data, key, iv)
1336	vchar_t data, key, *iv;
1337	{
1338	vchar_t *res;
1339	RC5_32_KEY ks;
1340
1341	/* in RFC 2451, there is information about the number of round. */
1342	RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1343
1344	/* allocate buffer for result */
1345	if ((res = vmalloc(data->l)) == NULL)
1346	return NULL;
1347
1348	/* decryption data */
1349	RC5_32_cbc_encrypt((unsigned char )data->v, (unsigned char )res->v, data->l,
1350	&ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1351
1352	return res;
1353	}
1354
1355	vchar_t *
1356	eay_rc5_decrypt(data, key, iv)
1357	vchar_t data, key, *iv;
1358	{
1359	vchar_t *res;
1360	RC5_32_KEY ks;
1361
1362	/* in RFC 2451, there is information about the number of round. */
1363	RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1364
1365	/* allocate buffer for result */
1366	if ((res = vmalloc(data->l)) == NULL)
1367	return NULL;
1368
1369	/* decryption data */
1370	RC5_32_cbc_encrypt((unsigned char )data->v, (unsigned char )res->v, data->l,
1371	&ks, (unsigned char *)iv->v, RC5_DECRYPT);
1372
1373	return res;
1374	}
1375
1376	int
1377	eay_rc5_weakkey(key)
1378	vchar_t *key;
1379	{
1380	return 0; /* No known weak keys when used with 16 rounds. */
1381
1382	}
1383
1384	int
1385	eay_rc5_keylen(len)
1386	int len;
1387	{
1388	if (len == 0)
1389	return 128;
1390	if (len < 40 \|\| len > 2040)
1391	return -1;
1392	return len;
1393	}
1394	#endif
1395
1396	/*
1397	* 3DES-CBC
1398	*/
1399	vchar_t *
1400	eay_3des_encrypt(data, key, iv)
1401	vchar_t data, key, *iv;
1402	{
1403	return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1404	}
1405
1406	vchar_t *
1407	eay_3des_decrypt(data, key, iv)
1408	vchar_t data, key, *iv;
1409	{
1410	return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1411	}
1412
1413	int
1414	eay_3des_weakkey(key)
1415	vchar_t *key;
1416	{
1417	#ifdef USE_NEW_DES_API
1418	return (DES_is_weak_key((void *)key->v) \|\|
1419	DES_is_weak_key((void *)(key->v + 8)) \|\|
1420	DES_is_weak_key((void *)(key->v + 16)));
1421	#else
1422	if (key->l < 24)
1423	return 0;
1424
1425	return (des_is_weak_key((void *)key->v) \|\|
1426	des_is_weak_key((void *)(key->v + 8)) \|\|
1427	des_is_weak_key((void *)(key->v + 16)));
1428	#endif
1429	}
1430
1431	int
1432	eay_3des_keylen(len)
1433	int len;
1434	{
1435	if (len != 0 && len != 192)
1436	return -1;
1437	return 192;
1438	}
1439
1440	/*
1441	* CAST-CBC
1442	*/
1443	vchar_t *
1444	eay_cast_encrypt(data, key, iv)
1445	vchar_t data, key, *iv;
1446	{
1447	return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1448	}
1449
1450	vchar_t *
1451	eay_cast_decrypt(data, key, iv)
1452	vchar_t data, key, *iv;
1453	{
1454	return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1455	}
1456
1457	int
1458	eay_cast_weakkey(key)
1459	vchar_t *key;
1460	{
1461	return 0; /* No known weak keys. */
1462	}
1463
1464	int
1465	eay_cast_keylen(len)
1466	int len;
1467	{
1468	if (len == 0)
1469	return 128;
1470	if (len < 40 \|\| len > 128)
1471	return -1;
1472	return len;
1473	}
1474
1475	/*
1476	* AES(RIJNDAEL)-CBC
1477	*/
1478	#ifndef HAVE_OPENSSL_AES_H
1479	vchar_t *
1480	eay_aes_encrypt(data, key, iv)
1481	vchar_t data, key, *iv;
1482	{
1483	vchar_t *res;
1484	keyInstance k;
1485	cipherInstance c;
1486
1487	memset(&k, 0, sizeof(k));
1488	if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1489	return NULL;
1490
1491	/* allocate buffer for result */
1492	if ((res = vmalloc(data->l)) == NULL)
1493	return NULL;
1494
1495	/* encryption data */
1496	memset(&c, 0, sizeof(c));
1497	if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1498	vfree(res);
1499	return NULL;
1500	}
1501	if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1502	vfree(res);
1503	return NULL;
1504	}
1505
1506	return res;
1507	}
1508
1509	vchar_t *
1510	eay_aes_decrypt(data, key, iv)
1511	vchar_t data, key, *iv;
1512	{
1513	vchar_t *res;
1514	keyInstance k;
1515	cipherInstance c;
1516
1517	memset(&k, 0, sizeof(k));
1518	if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1519	return NULL;
1520
1521	/* allocate buffer for result */
1522	if ((res = vmalloc(data->l)) == NULL)
1523	return NULL;
1524
1525	/* decryption data */
1526	memset(&c, 0, sizeof(c));
1527	if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1528	vfree(res);
1529	return NULL;
1530	}
1531	if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1532	vfree(res);
1533	return NULL;
1534	}
1535
1536	return res;
1537	}
1538	#else
1539	static inline const EVP_CIPHER *
1540	aes_evp_by_keylen(int keylen)
1541	{
1542	switch(keylen) {
1543	case 16:
1544	case 128:
1545	return EVP_aes_128_cbc();
1546	case 24:
1547	case 192:
1548	return EVP_aes_192_cbc();
1549	case 32:
1550	case 256:
1551	return EVP_aes_256_cbc();
1552	default:
1553	return NULL;
1554	}
1555	}
1556
1557	vchar_t *
1558	eay_aes_encrypt(data, key, iv)
1559	vchar_t data, key, *iv;
1560	{
1561	return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1562	}
1563
1564	vchar_t *
1565	eay_aes_decrypt(data, key, iv)
1566	vchar_t data, key, *iv;
1567	{
1568	return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1569	}
1570	#endif
1571
1572	int
1573	eay_aes_weakkey(key)
1574	vchar_t *key;
1575	{
1576	return 0;
1577	}
1578
1579	int
1580	eay_aes_keylen(len)
1581	int len;
1582	{
1583	if (len == 0)
1584	return 128;
1585	if (len != 128 && len != 192 && len != 256)
1586	return -1;
1587	return len;
1588	}
1589
1590	#if defined(HAVE_OPENSSL_CAMELLIA_H)
1591	/*
1592	* CAMELLIA-CBC
1593	*/
1594	static inline const EVP_CIPHER *
1595	camellia_evp_by_keylen(int keylen)
1596	{
1597	switch(keylen) {
1598	case 16:
1599	case 128:
1600	return EVP_camellia_128_cbc();
1601	case 24:
1602	case 192:
1603	return EVP_camellia_192_cbc();
1604	case 32:
1605	case 256:
1606	return EVP_camellia_256_cbc();
1607	default:
1608	return NULL;
1609	}
1610	}
1611
1612	vchar_t *
1613	eay_camellia_encrypt(data, key, iv)
1614	vchar_t data, key, *iv;
1615	{
1616	return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1617	}
1618
1619	vchar_t *
1620	eay_camellia_decrypt(data, key, iv)
1621	vchar_t data, key, *iv;
1622	{
1623	return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1624	}
1625
1626	int
1627	eay_camellia_weakkey(key)
1628	vchar_t *key;
1629	{
1630	return 0;
1631	}
1632
1633	int
1634	eay_camellia_keylen(len)
1635	int len;
1636	{
1637	if (len == 0)
1638	return 128;
1639	if (len != 128 && len != 192 && len != 256)
1640	return -1;
1641	return len;
1642	}
1643
1644	#endif
1645
1646	/* for ipsec part */
1647	int
1648	eay_null_hashlen()
1649	{
1650	return 0;
1651	}
1652
1653	int
1654	eay_kpdk_hashlen()
1655	{
1656	return 0;
1657	}
1658
1659	int
1660	eay_twofish_keylen(len)
1661	int len;
1662	{
1663	if (len < 0 \|\| len > 256)
1664	return -1;
1665	return len;
1666	}
1667
1668	int
1669	eay_null_keylen(len)
1670	int len;
1671	{
1672	return 0;
1673	}
1674
1675	/*
1676	* HMAC functions
1677	*/
1678	static caddr_t
1679	eay_hmac_init(key, md)
1680	vchar_t *key;
1681	const EVP_MD *md;
1682	{
1683	HMAC_CTX c = racoon_malloc(sizeof(c));
1684
1685	HMAC_Init(c, key->v, key->l, md);
1686
1687	return (caddr_t)c;
1688	}
1689
1690	static vchar_t *eay_hmac_one(key, data, type)
1691	vchar_t key, data;
1692	const EVP_MD *type;
1693	{
1694	vchar_t *res;
1695
1696	if ((res = vmalloc(EVP_MD_size(type))) == 0)
1697	return NULL;
1698
1699	if (!HMAC(type, (void *) key->v, key->l,
1700	(void ) data->v, data->l, (void ) res->v, NULL)) {
1701	vfree(res);
1702	return NULL;
1703	}
1704
1705	return res;
1706	}
1707
1708	static vchar_t *eay_digest_one(data, type)
1709	vchar_t *data;
1710	const EVP_MD *type;
1711	{
1712	vchar_t *res;
1713
1714	if ((res = vmalloc(EVP_MD_size(type))) == 0)
1715	return NULL;
1716
1717	if (!EVP_Digest((void *) data->v, data->l,
1718	(void *) res->v, NULL, type, NULL)) {
1719	vfree(res);
1720	return NULL;
1721	}
1722
1723	return res;
1724	}
1725
1726	#ifdef WITH_SHA2
1727	/*
1728	* HMAC SHA2-512
1729	*/
1730	vchar_t *
1731	eay_hmacsha2_512_one(key, data)
1732	vchar_t key, data;
1733	{
1734	return eay_hmac_one(key, data, EVP_sha2_512());
1735	}
1736
1737	caddr_t
1738	eay_hmacsha2_512_init(key)
1739	vchar_t *key;
1740	{
1741	return eay_hmac_init(key, EVP_sha2_512());
1742	}
1743
1744	void
1745	eay_hmacsha2_512_update(c, data)
1746	caddr_t c;
1747	vchar_t *data;
1748	{
1749	HMAC_Update((HMAC_CTX )c, (unsigned char ) data->v, data->l);
1750	}
1751
1752	vchar_t *
1753	eay_hmacsha2_512_final(c)
1754	caddr_t c;
1755	{
1756	vchar_t *res;
1757	unsigned int l;
1758
1759	if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1760	return NULL;
1761
1762	HMAC_Final((HMAC_CTX )c, (unsigned char ) res->v, &l);
1763	res->l = l;
1764	HMAC_cleanup((HMAC_CTX *)c);
1765	(void)racoon_free(c);
1766
1767	if (SHA512_DIGEST_LENGTH != res->l) {
1768	plog(LLV_ERROR, LOCATION, NULL,
1769	"hmac sha2_512 length mismatch %zd.\n", res->l);
1770	vfree(res);
1771	return NULL;
1772	}
1773
1774	return(res);
1775	}
1776
1777	/*
1778	* HMAC SHA2-384
1779	*/
1780	vchar_t *
1781	eay_hmacsha2_384_one(key, data)
1782	vchar_t key, data;
1783	{
1784	return eay_hmac_one(key, data, EVP_sha2_384());
1785	}
1786
1787	caddr_t
1788	eay_hmacsha2_384_init(key)
1789	vchar_t *key;
1790	{
1791	return eay_hmac_init(key, EVP_sha2_384());
1792	}
1793
1794	void
1795	eay_hmacsha2_384_update(c, data)
1796	caddr_t c;
1797	vchar_t *data;
1798	{
1799	HMAC_Update((HMAC_CTX )c, (unsigned char ) data->v, data->l);
1800	}
1801
1802	vchar_t *
1803	eay_hmacsha2_384_final(c)
1804	caddr_t c;
1805	{
1806	vchar_t *res;
1807	unsigned int l;
1808
1809	if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1810	return NULL;
1811
1812	HMAC_Final((HMAC_CTX )c, (unsigned char ) res->v, &l);
1813	res->l = l;
1814	HMAC_cleanup((HMAC_CTX *)c);
1815	(void)racoon_free(c);
1816
1817	if (SHA384_DIGEST_LENGTH != res->l) {
1818	plog(LLV_ERROR, LOCATION, NULL,
1819	"hmac sha2_384 length mismatch %zd.\n", res->l);
1820	vfree(res);
1821	return NULL;
1822	}
1823
1824	return(res);
1825	}
1826
1827	/*
1828	* HMAC SHA2-256
1829	*/
1830	vchar_t *
1831	eay_hmacsha2_256_one(key, data)
1832	vchar_t key, data;
1833	{
1834	return eay_hmac_one(key, data, EVP_sha2_256());
1835	}
1836
1837	caddr_t
1838	eay_hmacsha2_256_init(key)
1839	vchar_t *key;
1840	{
1841	return eay_hmac_init(key, EVP_sha2_256());
1842	}
1843
1844	void
1845	eay_hmacsha2_256_update(c, data)
1846	caddr_t c;
1847	vchar_t *data;
1848	{
1849	HMAC_Update((HMAC_CTX )c, (unsigned char ) data->v, data->l);
1850	}
1851
1852	vchar_t *
1853	eay_hmacsha2_256_final(c)
1854	caddr_t c;
1855	{
1856	vchar_t *res;
1857	unsigned int l;
1858
1859	if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1860	return NULL;
1861
1862	HMAC_Final((HMAC_CTX )c, (unsigned char ) res->v, &l);
1863	res->l = l;
1864	HMAC_cleanup((HMAC_CTX *)c);
1865	(void)racoon_free(c);
1866
1867	if (SHA256_DIGEST_LENGTH != res->l) {
1868	plog(LLV_ERROR, LOCATION, NULL,
1869	"hmac sha2_256 length mismatch %zd.\n", res->l);
1870	vfree(res);
1871	return NULL;
1872	}
1873
1874	return(res);
1875	}
1876	#endif /* WITH_SHA2 */
1877
1878	/*
1879	* HMAC SHA1
1880	*/
1881	vchar_t *
1882	eay_hmacsha1_one(key, data)
1883	vchar_t key, data;
1884	{
1885	return eay_hmac_one(key, data, EVP_sha1());
1886	}
1887
1888	caddr_t
1889	eay_hmacsha1_init(key)
1890	vchar_t *key;
1891	{
1892	return eay_hmac_init(key, EVP_sha1());
1893	}
1894
1895	void
1896	eay_hmacsha1_update(c, data)
1897	caddr_t c;
1898	vchar_t *data;
1899	{
1900	HMAC_Update((HMAC_CTX )c, (unsigned char ) data->v, data->l);
1901	}
1902
1903	vchar_t *
1904	eay_hmacsha1_final(c)
1905	caddr_t c;
1906	{
1907	vchar_t *res;
1908	unsigned int l;
1909
1910	if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1911	return NULL;
1912
1913	HMAC_Final((HMAC_CTX )c, (unsigned char ) res->v, &l);
1914	res->l = l;
1915	HMAC_cleanup((HMAC_CTX *)c);
1916	(void)racoon_free(c);
1917
1918	if (SHA_DIGEST_LENGTH != res->l) {
1919	plog(LLV_ERROR, LOCATION, NULL,
1920	"hmac sha1 length mismatch %zd.\n", res->l);
1921	vfree(res);
1922	return NULL;
1923	}
1924
1925	return(res);
1926	}
1927
1928	/*
1929	* HMAC MD5
1930	*/
1931	vchar_t *
1932	eay_hmacmd5_one(key, data)
1933	vchar_t key, data;
1934	{
1935	return eay_hmac_one(key, data, EVP_md5());
1936	}
1937
1938	caddr_t
1939	eay_hmacmd5_init(key)
1940	vchar_t *key;
1941	{
1942	return eay_hmac_init(key, EVP_md5());
1943	}
1944
1945	void
1946	eay_hmacmd5_update(c, data)
1947	caddr_t c;
1948	vchar_t *data;
1949	{
1950	HMAC_Update((HMAC_CTX )c, (unsigned char ) data->v, data->l);
1951	}
1952
1953	vchar_t *
1954	eay_hmacmd5_final(c)
1955	caddr_t c;
1956	{
1957	vchar_t *res;
1958	unsigned int l;
1959
1960	if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1961	return NULL;
1962
1963	HMAC_Final((HMAC_CTX )c, (unsigned char ) res->v, &l);
1964	res->l = l;
1965	HMAC_cleanup((HMAC_CTX *)c);
1966	(void)racoon_free(c);
1967
1968	if (MD5_DIGEST_LENGTH != res->l) {
1969	plog(LLV_ERROR, LOCATION, NULL,
1970	"hmac md5 length mismatch %zd.\n", res->l);
1971	vfree(res);
1972	return NULL;
1973	}
1974
1975	return(res);
1976	}
1977
1978	#ifdef WITH_SHA2
1979	/*
1980	* SHA2-512 functions
1981	*/
1982	caddr_t
1983	eay_sha2_512_init()
1984	{
1985	SHA512_CTX c = racoon_malloc(sizeof(c));
1986
1987	SHA512_Init(c);
1988
1989	return((caddr_t)c);
1990	}
1991
1992	void
1993	eay_sha2_512_update(c, data)
1994	caddr_t c;
1995	vchar_t *data;
1996	{
1997	SHA512_Update((SHA512_CTX )c, (unsigned char ) data->v, data->l);
1998
1999	return;
2000	}
2001
2002	vchar_t *
2003	eay_sha2_512_final(c)
2004	caddr_t c;
2005	{
2006	vchar_t *res;
2007
2008	if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2009	return(0);
2010
2011	SHA512_Final((unsigned char ) res->v, (SHA512_CTX )c);
2012	(void)racoon_free(c);
2013
2014	return(res);
2015	}
2016
2017	vchar_t *
2018	eay_sha2_512_one(data)
2019	vchar_t *data;
2020	{
2021	return eay_digest_one(data, EVP_sha512());
2022	}
2023
2024	int
2025	eay_sha2_512_hashlen()
2026	{
2027	return SHA512_DIGEST_LENGTH << 3;
2028	}
2029	#endif
2030
2031	#ifdef WITH_SHA2
2032	/*
2033	* SHA2-384 functions
2034	*/
2035	caddr_t
2036	eay_sha2_384_init()
2037	{
2038	SHA384_CTX c = racoon_malloc(sizeof(c));
2039
2040	SHA384_Init(c);
2041
2042	return((caddr_t)c);
2043	}
2044
2045	void
2046	eay_sha2_384_update(c, data)
2047	caddr_t c;
2048	vchar_t *data;
2049	{
2050	SHA384_Update((SHA384_CTX )c, (unsigned char ) data->v, data->l);
2051
2052	return;
2053	}
2054
2055	vchar_t *
2056	eay_sha2_384_final(c)
2057	caddr_t c;
2058	{
2059	vchar_t *res;
2060
2061	if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2062	return(0);
2063
2064	SHA384_Final((unsigned char ) res->v, (SHA384_CTX )c);
2065	(void)racoon_free(c);
2066
2067	return(res);
2068	}
2069
2070	vchar_t *
2071	eay_sha2_384_one(data)
2072	vchar_t *data;
2073	{
2074	return eay_digest_one(data, EVP_sha2_384());
2075	}
2076
2077	int
2078	eay_sha2_384_hashlen()
2079	{
2080	return SHA384_DIGEST_LENGTH << 3;
2081	}
2082	#endif
2083
2084	#ifdef WITH_SHA2
2085	/*
2086	* SHA2-256 functions
2087	*/
2088	caddr_t
2089	eay_sha2_256_init()
2090	{
2091	SHA256_CTX c = racoon_malloc(sizeof(c));
2092
2093	SHA256_Init(c);
2094
2095	return((caddr_t)c);
2096	}
2097
2098	void
2099	eay_sha2_256_update(c, data)
2100	caddr_t c;
2101	vchar_t *data;
2102	{
2103	SHA256_Update((SHA256_CTX )c, (unsigned char ) data->v, data->l);
2104
2105	return;
2106	}
2107
2108	vchar_t *
2109	eay_sha2_256_final(c)
2110	caddr_t c;
2111	{
2112	vchar_t *res;
2113
2114	if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2115	return(0);
2116
2117	SHA256_Final((unsigned char ) res->v, (SHA256_CTX )c);
2118	(void)racoon_free(c);
2119
2120	return(res);
2121	}
2122
2123	vchar_t *
2124	eay_sha2_256_one(data)
2125	vchar_t *data;
2126	{
2127	return eay_digest_one(data, EVP_sha2_256());
2128	}
2129
2130	int
2131	eay_sha2_256_hashlen()
2132	{
2133	return SHA256_DIGEST_LENGTH << 3;
2134	}
2135	#endif
2136
2137	/*
2138	* SHA functions
2139	*/
2140	caddr_t
2141	eay_sha1_init()
2142	{
2143	SHA_CTX c = racoon_malloc(sizeof(c));
2144
2145	SHA1_Init(c);
2146
2147	return((caddr_t)c);
2148	}
2149
2150	void
2151	eay_sha1_update(c, data)
2152	caddr_t c;
2153	vchar_t *data;
2154	{
2155	SHA1_Update((SHA_CTX *)c, data->v, data->l);
2156
2157	return;
2158	}
2159
2160	vchar_t *
2161	eay_sha1_final(c)
2162	caddr_t c;
2163	{
2164	vchar_t *res;
2165
2166	if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2167	return(0);
2168
2169	SHA1_Final((unsigned char ) res->v, (SHA_CTX )c);
2170	(void)racoon_free(c);
2171
2172	return(res);
2173	}
2174
2175	vchar_t *
2176	eay_sha1_one(data)
2177	vchar_t *data;
2178	{
2179	return eay_digest_one(data, EVP_sha1());
2180	}
2181
2182	int
2183	eay_sha1_hashlen()
2184	{
2185	return SHA_DIGEST_LENGTH << 3;
2186	}
2187
2188	/*
2189	* MD5 functions
2190	*/
2191	caddr_t
2192	eay_md5_init()
2193	{
2194	MD5_CTX c = racoon_malloc(sizeof(c));
2195
2196	MD5_Init(c);
2197
2198	return((caddr_t)c);
2199	}
2200
2201	void
2202	eay_md5_update(c, data)
2203	caddr_t c;
2204	vchar_t *data;
2205	{
2206	MD5_Update((MD5_CTX *)c, data->v, data->l);
2207
2208	return;
2209	}
2210
2211	vchar_t *
2212	eay_md5_final(c)
2213	caddr_t c;
2214	{
2215	vchar_t *res;
2216
2217	if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2218	return(0);
2219
2220	MD5_Final((unsigned char ) res->v, (MD5_CTX )c);
2221	(void)racoon_free(c);
2222
2223	return(res);
2224	}
2225
2226	vchar_t *
2227	eay_md5_one(data)
2228	vchar_t *data;
2229	{
2230	return eay_digest_one(data, EVP_md5());
2231	}
2232
2233	int
2234	eay_md5_hashlen()
2235	{
2236	return MD5_DIGEST_LENGTH << 3;
2237	}
2238
2239	/*
2240	* eay_set_random
2241	* size: number of bytes.
2242	*/
2243	vchar_t *
2244	eay_set_random(size)
2245	u_int32_t size;
2246	{
2247	BIGNUM *r = NULL;
2248	vchar_t *res = 0;
2249
2250	if ((r = BN_new()) == NULL)
2251	goto end;
2252	BN_rand(r, size * 8, 0, 0);
2253	eay_bn2v(&res, r);
2254
2255	end:
2256	if (r)
2257	BN_free(r);
2258	return(res);
2259	}
2260
2261	/* DH */
2262	int
2263	eay_dh_generate(prime, g, publen, pub, priv)
2264	vchar_t prime, pub, *priv;
2265	u_int publen;
2266	u_int32_t g;
2267	{
2268	BIGNUM *p = NULL;
2269	DH *dh = NULL;
2270	int error = -1;
2271
2272	/* initialize */
2273	/* pre-process to generate number */
2274	if (eay_v2bn(&p, prime) < 0)
2275	goto end;
2276
2277	if ((dh = DH_new()) == NULL)
2278	goto end;
2279	dh->p = p;
2280	p = NULL; /* p is now part of dh structure */
2281	dh->g = NULL;
2282	if ((dh->g = BN_new()) == NULL)
2283	goto end;
2284	if (!BN_set_word(dh->g, g))
2285	goto end;
2286
2287	if (publen != 0)
2288	dh->length = publen;
2289
2290	/* generate public and private number */
2291	if (!DH_generate_key(dh))
2292	goto end;
2293
2294	/* copy results to buffers */
2295	if (eay_bn2v(pub, dh->pub_key) < 0)
2296	goto end;
2297	if (eay_bn2v(priv, dh->priv_key) < 0) {
2298	vfree(*pub);
2299	goto end;
2300	}
2301
2302	error = 0;
2303
2304	end:
2305	if (dh != NULL)
2306	DH_free(dh);
2307	if (p != 0)
2308	BN_free(p);
2309	return(error);
2310	}
2311
2312	int
2313	eay_dh_compute(prime, g, pub, priv, pub2, key)
2314	vchar_t prime, pub, priv, pub2, **key;
2315	u_int32_t g;
2316	{
2317	BIGNUM *dh_pub = NULL;
2318	DH *dh = NULL;
2319	int l;
2320	unsigned char *v = NULL;
2321	int error = -1;
2322
2323	/* make public number to compute */
2324	if (eay_v2bn(&dh_pub, pub2) < 0)
2325	goto end;
2326
2327	/* make DH structure */
2328	if ((dh = DH_new()) == NULL)
2329	goto end;
2330	if (eay_v2bn(&dh->p, prime) < 0)
2331	goto end;
2332	if (eay_v2bn(&dh->pub_key, pub) < 0)
2333	goto end;
2334	if (eay_v2bn(&dh->priv_key, priv) < 0)
2335	goto end;
2336	dh->length = pub2->l * 8;
2337
2338	dh->g = NULL;
2339	if ((dh->g = BN_new()) == NULL)
2340	goto end;
2341	if (!BN_set_word(dh->g, g))
2342	goto end;
2343
2344	if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2345	goto end;
2346	if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2347	goto end;
2348	memcpy((*key)->v + (prime->l - l), v, l);
2349
2350	error = 0;
2351
2352	end:
2353	if (dh_pub != NULL)
2354	BN_free(dh_pub);
2355	if (dh != NULL)
2356	DH_free(dh);
2357	if (v != NULL)
2358	racoon_free(v);
2359	return(error);
2360	}
2361
2362	/*
2363	* convert vchar_t <-> BIGNUM.
2364	*
2365	* vchar_t: unit is u_char, network endian, most significant byte first.
2366	* BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2367	* least significant BN_ULONG must come first.
2368	*
2369	* hex value of "0x3ffe050104" is represented as follows:
2370	* vchar_t: 3f fe 05 01 04
2371	* BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2372	* BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2373	* BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2374	*/
2375	int
2376	eay_v2bn(bn, var)
2377	BIGNUM **bn;
2378	vchar_t *var;
2379	{
2380	if ((bn = BN_bin2bn((unsigned char ) var->v, var->l, NULL)) == NULL)
2381	return -1;
2382
2383	return 0;
2384	}
2385
2386	int
2387	eay_bn2v(var, bn)
2388	vchar_t **var;
2389	BIGNUM *bn;
2390	{
2391	*var = vmalloc(BN_num_bytes(bn));
2392	if (*var == NULL)
2393	return(-1);
2394
2395	(var)->l = BN_bn2bin(bn, (unsigned char ) (*var)->v);
2396
2397	return 0;
2398	}
2399
2400	void
2401	eay_init()
2402	{
2403	OpenSSL_add_all_algorithms();
2404	ERR_load_crypto_strings();
2405	#ifdef HAVE_OPENSSL_ENGINE_H
2406	ENGINE_load_builtin_engines();
2407	ENGINE_register_all_complete();
2408	#endif
2409	}
2410
2411	vchar_t *
2412	base64_decode(char *in, long inlen)
2413	{
2414	BIO bio=NULL, b64=NULL;
2415	vchar_t *res = NULL;
2416	char *outb;
2417	long outlen;
2418
2419	outb = malloc(inlen * 2);
2420	if (outb == NULL)
2421	goto out;
2422	bio = BIO_new_mem_buf(in, inlen);
2423	b64 = BIO_new(BIO_f_base64());
2424	BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2425	bio = BIO_push(b64, bio);
2426
2427	outlen = BIO_read(bio, outb, inlen * 2);
2428	if (outlen <= 0) {
2429	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2430	goto out;
2431	}
2432
2433	res = vmalloc(outlen);
2434	if (!res)
2435	goto out;
2436
2437	memcpy(res->v, outb, outlen);
2438
2439	out:
2440	if (outb)
2441	free(outb);
2442	if (bio)
2443	BIO_free_all(bio);
2444
2445	return res;
2446	}
2447
2448	vchar_t *
2449	base64_encode(char *in, long inlen)
2450	{
2451	BIO bio=NULL, b64=NULL;
2452	char *ptr;
2453	long plen = -1;
2454	vchar_t *res = NULL;
2455
2456	bio = BIO_new(BIO_s_mem());
2457	b64 = BIO_new(BIO_f_base64());
2458	BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2459	bio = BIO_push(b64, bio);
2460
2461	BIO_write(bio, in, inlen);
2462	BIO_flush(bio);
2463
2464	plen = BIO_get_mem_data(bio, &ptr);
2465	res = vmalloc(plen+1);
2466	if (!res)
2467	goto out;
2468
2469	memcpy (res->v, ptr, plen);
2470	res->v[plen] = '\0';
2471
2472	out:
2473	if (bio)
2474	BIO_free_all(bio);
2475
2476	return res;
2477	}
2478
2479	static RSA *
2480	binbuf_pubkey2rsa(vchar_t *binbuf)
2481	{
2482	BIGNUM exp, mod;
2483	RSA *rsa_pub = NULL;
2484
2485	if (binbuf->v[0] > binbuf->l - 1) {
2486	plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2487	goto out;
2488	}
2489
2490	exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2491	mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2492	binbuf->l - binbuf->v[0] - 1, NULL);
2493	rsa_pub = RSA_new();
2494
2495	if (!exp \|\| !mod \|\| !rsa_pub) {
2496	plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2497	if (exp)
2498	BN_free(exp);
2499	if (mod)
2500	BN_free(exp);
2501	if (rsa_pub)
2502	RSA_free(rsa_pub);
2503	rsa_pub = NULL;
2504	goto out;
2505	}
2506
2507	rsa_pub->n = mod;
2508	rsa_pub->e = exp;
2509
2510	out:
2511	return rsa_pub;
2512	}
2513
2514	RSA *
2515	base64_pubkey2rsa(char *in)
2516	{
2517	BIGNUM exp, mod;
2518	RSA *rsa_pub = NULL;
2519	vchar_t *binbuf;
2520
2521	if (strncmp(in, "0s", 2) != 0) {
2522	plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2523	return NULL;
2524	}
2525
2526	binbuf = base64_decode(in + 2, strlen(in + 2));
2527	if (!binbuf) {
2528	plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2529	return NULL;
2530	}
2531
2532	if (binbuf->v[0] > binbuf->l - 1) {
2533	plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2534	goto out;
2535	}
2536
2537	rsa_pub = binbuf_pubkey2rsa(binbuf);
2538
2539	out:
2540	if (binbuf)
2541	vfree(binbuf);
2542
2543	return rsa_pub;
2544	}
2545
2546	RSA *
2547	bignum_pubkey2rsa(BIGNUM *in)
2548	{
2549	RSA *rsa_pub = NULL;
2550	vchar_t *binbuf;
2551
2552	binbuf = vmalloc(BN_num_bytes(in));
2553	if (!binbuf) {
2554	plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2555	return NULL;
2556	}
2557
2558	BN_bn2bin(in, (unsigned char *) binbuf->v);
2559
2560	rsa_pub = binbuf_pubkey2rsa(binbuf);
2561
2562	out:
2563	if (binbuf)
2564	vfree(binbuf);
2565
2566	return rsa_pub;
2567	}
2568
2569	u_int32_t
2570	eay_random()
2571	{
2572	u_int32_t result;
2573	vchar_t *vrand;
2574
2575	vrand = eay_set_random(sizeof(result));
2576	memcpy(&result, vrand->v, sizeof(result));
2577	vfree(vrand);
2578
2579	return result;
2580	}
2581
2582	const char *
2583	eay_version()
2584	{
2585	return SSLeay_version(SSLEAY_VERSION);
2586	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: rtems-libbsd/ipsec-tools/src/racoon/crypto_openssl.c @ ff36f5e

Download in other formats: