1 | /* original parser id follows */ |
---|
2 | /* yysccsid[] = "@(#)yaccpar 1.9 (Berkeley) 02/21/93" */ |
---|
3 | /* (use YYMAJOR/YYMINOR for ifdefs dependent on parser version) */ |
---|
4 | |
---|
5 | #define YYBYACC 1 |
---|
6 | #define YYMAJOR 1 |
---|
7 | #define YYMINOR 9 |
---|
8 | #define YYPATCH 20170201 |
---|
9 | |
---|
10 | #define YYEMPTY (-1) |
---|
11 | #define yyclearin (yychar = YYEMPTY) |
---|
12 | #define yyerrok (yyerrflag = 0) |
---|
13 | #define YYRECOVERING() (yyerrflag != 0) |
---|
14 | #define YYENOMEM (-2) |
---|
15 | #define YYEOF 0 |
---|
16 | |
---|
17 | #ifndef yyparse |
---|
18 | #define yyparse racoonprsaparse |
---|
19 | #endif /* yyparse */ |
---|
20 | |
---|
21 | #ifndef yylex |
---|
22 | #define yylex racoonprsalex |
---|
23 | #endif /* yylex */ |
---|
24 | |
---|
25 | #ifndef yyerror |
---|
26 | #define yyerror racoonprsaerror |
---|
27 | #endif /* yyerror */ |
---|
28 | |
---|
29 | #ifndef yychar |
---|
30 | #define yychar racoonprsachar |
---|
31 | #endif /* yychar */ |
---|
32 | |
---|
33 | #ifndef yyval |
---|
34 | #define yyval racoonprsaval |
---|
35 | #endif /* yyval */ |
---|
36 | |
---|
37 | #ifndef yylval |
---|
38 | #define yylval racoonprsalval |
---|
39 | #endif /* yylval */ |
---|
40 | |
---|
41 | #ifndef yydebug |
---|
42 | #define yydebug racoonprsadebug |
---|
43 | #endif /* yydebug */ |
---|
44 | |
---|
45 | #ifndef yynerrs |
---|
46 | #define yynerrs racoonprsanerrs |
---|
47 | #endif /* yynerrs */ |
---|
48 | |
---|
49 | #ifndef yyerrflag |
---|
50 | #define yyerrflag racoonprsaerrflag |
---|
51 | #endif /* yyerrflag */ |
---|
52 | |
---|
53 | #ifndef yylhs |
---|
54 | #define yylhs racoonprsalhs |
---|
55 | #endif /* yylhs */ |
---|
56 | |
---|
57 | #ifndef yylen |
---|
58 | #define yylen racoonprsalen |
---|
59 | #endif /* yylen */ |
---|
60 | |
---|
61 | #ifndef yydefred |
---|
62 | #define yydefred racoonprsadefred |
---|
63 | #endif /* yydefred */ |
---|
64 | |
---|
65 | #ifndef yydgoto |
---|
66 | #define yydgoto racoonprsadgoto |
---|
67 | #endif /* yydgoto */ |
---|
68 | |
---|
69 | #ifndef yysindex |
---|
70 | #define yysindex racoonprsasindex |
---|
71 | #endif /* yysindex */ |
---|
72 | |
---|
73 | #ifndef yyrindex |
---|
74 | #define yyrindex racoonprsarindex |
---|
75 | #endif /* yyrindex */ |
---|
76 | |
---|
77 | #ifndef yygindex |
---|
78 | #define yygindex racoonprsagindex |
---|
79 | #endif /* yygindex */ |
---|
80 | |
---|
81 | #ifndef yytable |
---|
82 | #define yytable racoonprsatable |
---|
83 | #endif /* yytable */ |
---|
84 | |
---|
85 | #ifndef yycheck |
---|
86 | #define yycheck racoonprsacheck |
---|
87 | #endif /* yycheck */ |
---|
88 | |
---|
89 | #ifndef yyname |
---|
90 | #define yyname racoonprsaname |
---|
91 | #endif /* yyname */ |
---|
92 | |
---|
93 | #ifndef yyrule |
---|
94 | #define yyrule racoonprsarule |
---|
95 | #endif /* yyrule */ |
---|
96 | #define YYPREFIX "racoonprsa" |
---|
97 | |
---|
98 | #define YYPURE 0 |
---|
99 | |
---|
100 | #line 6 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
101 | /* |
---|
102 | * Copyright (C) 2004 SuSE Linux AG, Nuernberg, Germany. |
---|
103 | * Contributed by: Michal Ludvig <mludvig@suse.cz>, SUSE Labs |
---|
104 | * All rights reserved. |
---|
105 | * |
---|
106 | * Redistribution and use in source and binary forms, with or without |
---|
107 | * modification, are permitted provided that the following conditions |
---|
108 | * are met: |
---|
109 | * 1. Redistributions of source code must retain the above copyright |
---|
110 | * notice, this list of conditions and the following disclaimer. |
---|
111 | * 2. Redistributions in binary form must reproduce the above copyright |
---|
112 | * notice, this list of conditions and the following disclaimer in the |
---|
113 | * documentation and/or other materials provided with the distribution. |
---|
114 | * 3. Neither the name of the project nor the names of its contributors |
---|
115 | * may be used to endorse or promote products derived from this software |
---|
116 | * without specific prior written permission. |
---|
117 | * |
---|
118 | * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND |
---|
119 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
---|
120 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
---|
121 | * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE |
---|
122 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
---|
123 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
---|
124 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
---|
125 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
---|
126 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
---|
127 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
---|
128 | * SUCH DAMAGE. |
---|
129 | */ |
---|
130 | |
---|
131 | /* This file contains a parser for FreeS/WAN-style ipsec.secrets RSA keys. */ |
---|
132 | |
---|
133 | #include "config.h" |
---|
134 | |
---|
135 | #include <stdio.h> |
---|
136 | #include <stdarg.h> |
---|
137 | #include <string.h> |
---|
138 | #include <errno.h> |
---|
139 | #include <unistd.h> |
---|
140 | |
---|
141 | #ifdef HAVE_STDARG_H |
---|
142 | #include <stdarg.h> |
---|
143 | #else |
---|
144 | #include <varargs.h> |
---|
145 | #endif |
---|
146 | |
---|
147 | #include <netdb.h> |
---|
148 | #include <netinet/in.h> |
---|
149 | #include <sys/socket.h> |
---|
150 | #include <arpa/inet.h> |
---|
151 | #include <sys/types.h> |
---|
152 | |
---|
153 | #include <sys/stat.h> |
---|
154 | #include <unistd.h> |
---|
155 | |
---|
156 | #include <openssl/bn.h> |
---|
157 | #include <openssl/rsa.h> |
---|
158 | |
---|
159 | #include "misc.h" |
---|
160 | #include "vmbuf.h" |
---|
161 | #include "plog.h" |
---|
162 | #include "oakley.h" |
---|
163 | #include "isakmp_var.h" |
---|
164 | #include "handler.h" |
---|
165 | #include "crypto_openssl.h" |
---|
166 | #include "sockmisc.h" |
---|
167 | #include "rsalist.h" |
---|
168 | #ifdef __rtems__ |
---|
169 | #define prsaparse yyparse |
---|
170 | #define prsaerror yyerror |
---|
171 | #define prsain racoonprsain |
---|
172 | #define prsawrap racoonprsawrap |
---|
173 | #endif /* __rtems__ */ |
---|
174 | |
---|
175 | extern void prsaerror(const char *str, ...); |
---|
176 | extern int prsawrap (void); |
---|
177 | extern int prsalex (void); |
---|
178 | |
---|
179 | extern char *prsatext; |
---|
180 | extern int prsa_cur_lineno; |
---|
181 | extern char *prsa_cur_fname; |
---|
182 | extern FILE *prsain; |
---|
183 | |
---|
184 | int prsa_cur_lineno = 0; |
---|
185 | char *prsa_cur_fname = NULL; |
---|
186 | struct genlist *prsa_cur_list = NULL; |
---|
187 | enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY; |
---|
188 | |
---|
189 | static RSA *rsa_cur; |
---|
190 | |
---|
191 | void |
---|
192 | prsaerror(const char *s, ...) |
---|
193 | { |
---|
194 | char fmt[512]; |
---|
195 | |
---|
196 | va_list ap; |
---|
197 | #ifdef HAVE_STDARG_H |
---|
198 | va_start(ap, s); |
---|
199 | #else |
---|
200 | va_start(ap); |
---|
201 | #endif |
---|
202 | snprintf(fmt, sizeof(fmt), "%s:%d: %s", |
---|
203 | prsa_cur_fname, prsa_cur_lineno, s); |
---|
204 | plogv(LLV_ERROR, LOCATION, NULL, fmt, ap); |
---|
205 | va_end(ap); |
---|
206 | } |
---|
207 | |
---|
208 | void |
---|
209 | prsawarning(const char *s, ...) |
---|
210 | { |
---|
211 | char fmt[512]; |
---|
212 | |
---|
213 | va_list ap; |
---|
214 | #ifdef HAVE_STDARG_H |
---|
215 | va_start(ap, s); |
---|
216 | #else |
---|
217 | va_start(ap); |
---|
218 | #endif |
---|
219 | snprintf(fmt, sizeof(fmt), "%s:%d: %s", |
---|
220 | prsa_cur_fname, prsa_cur_lineno, s); |
---|
221 | plogv(LLV_WARNING, LOCATION, NULL, fmt, ap); |
---|
222 | va_end(ap); |
---|
223 | } |
---|
224 | |
---|
225 | int |
---|
226 | prsawrap() |
---|
227 | { |
---|
228 | return 1; |
---|
229 | } |
---|
230 | #ifdef YYSTYPE |
---|
231 | #undef YYSTYPE_IS_DECLARED |
---|
232 | #define YYSTYPE_IS_DECLARED 1 |
---|
233 | #endif |
---|
234 | #ifndef YYSTYPE_IS_DECLARED |
---|
235 | #define YYSTYPE_IS_DECLARED 1 |
---|
236 | #line 136 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
237 | typedef union { |
---|
238 | BIGNUM *bn; |
---|
239 | RSA *rsa; |
---|
240 | char *chr; |
---|
241 | long num; |
---|
242 | struct netaddr *naddr; |
---|
243 | } YYSTYPE; |
---|
244 | #endif /* !YYSTYPE_IS_DECLARED */ |
---|
245 | #line 246 "racoonprsa.tab.c" |
---|
246 | |
---|
247 | /* compatibility with bison */ |
---|
248 | #ifdef YYPARSE_PARAM |
---|
249 | /* compatibility with FreeBSD */ |
---|
250 | # ifdef YYPARSE_PARAM_TYPE |
---|
251 | # define YYPARSE_DECL() yyparse(YYPARSE_PARAM_TYPE YYPARSE_PARAM) |
---|
252 | # else |
---|
253 | # define YYPARSE_DECL() yyparse(void *YYPARSE_PARAM) |
---|
254 | # endif |
---|
255 | #else |
---|
256 | # define YYPARSE_DECL() yyparse(void) |
---|
257 | #endif |
---|
258 | |
---|
259 | /* Parameters sent to lex. */ |
---|
260 | #ifdef YYLEX_PARAM |
---|
261 | # define YYLEX_DECL() yylex(void *YYLEX_PARAM) |
---|
262 | # define YYLEX yylex(YYLEX_PARAM) |
---|
263 | #else |
---|
264 | # define YYLEX_DECL() yylex(void) |
---|
265 | # define YYLEX yylex() |
---|
266 | #endif |
---|
267 | |
---|
268 | /* Parameters sent to yyerror. */ |
---|
269 | #ifndef YYERROR_DECL |
---|
270 | #define YYERROR_DECL() yyerror(const char *s) |
---|
271 | #endif |
---|
272 | #ifndef YYERROR_CALL |
---|
273 | #define YYERROR_CALL(msg) yyerror(msg) |
---|
274 | #endif |
---|
275 | |
---|
276 | extern int YYPARSE_DECL(); |
---|
277 | |
---|
278 | #define COLON 257 |
---|
279 | #define HEX 258 |
---|
280 | #define OBRACE 259 |
---|
281 | #define EBRACE 260 |
---|
282 | #define TAG_RSA 261 |
---|
283 | #define TAG_PUB 262 |
---|
284 | #define TAG_PSK 263 |
---|
285 | #define MODULUS 264 |
---|
286 | #define PUBLIC_EXPONENT 265 |
---|
287 | #define PRIVATE_EXPONENT 266 |
---|
288 | #define PRIME1 267 |
---|
289 | #define PRIME2 268 |
---|
290 | #define EXPONENT1 269 |
---|
291 | #define EXPONENT2 270 |
---|
292 | #define COEFFICIENT 271 |
---|
293 | #define ADDR4 272 |
---|
294 | #define ADDR6 273 |
---|
295 | #define ADDRANY 274 |
---|
296 | #define SLASH 275 |
---|
297 | #define NUMBER 276 |
---|
298 | #define BASE64 277 |
---|
299 | #define YYERRCODE 256 |
---|
300 | typedef int YYINT; |
---|
301 | static const YYINT racoonprsalhs[] = { -1, |
---|
302 | 0, 0, 6, 6, 6, 1, 1, 1, 5, 5, |
---|
303 | 5, 3, 4, 2, 2, 7, 7, 8, 8, 8, |
---|
304 | 8, 8, 8, 8, 8, |
---|
305 | }; |
---|
306 | static const YYINT racoonprsalen[] = { 2, |
---|
307 | 2, 1, 4, 3, 2, 4, 2, 2, 1, 1, |
---|
308 | 1, 2, 2, 0, 2, 2, 1, 3, 3, 3, |
---|
309 | 3, 3, 3, 3, 3, |
---|
310 | }; |
---|
311 | static const YYINT racoonprsadefred[] = { 0, |
---|
312 | 0, 0, 0, 11, 0, 9, 10, 0, 2, 0, |
---|
313 | 0, 5, 0, 12, 13, 1, 0, 0, 0, 8, |
---|
314 | 7, 15, 4, 0, 0, 0, 0, 0, 0, 0, |
---|
315 | 0, 0, 0, 17, 3, 0, 0, 0, 0, 0, |
---|
316 | 0, 0, 0, 6, 16, 18, 19, 20, 21, 22, |
---|
317 | 23, 24, 25, |
---|
318 | }; |
---|
319 | static const YYINT racoonprsadgoto[] = { 5, |
---|
320 | 12, 14, 6, 7, 8, 9, 33, 34, |
---|
321 | }; |
---|
322 | static const YYINT racoonprsasindex[] = { -256, |
---|
323 | -255, -272, -272, 0, -256, 0, 0, -252, 0, -248, |
---|
324 | -258, 0, -266, 0, 0, 0, -255, -253, -226, 0, |
---|
325 | 0, 0, 0, -255, -245, -244, -243, -242, -230, -229, |
---|
326 | -228, -211, -234, 0, 0, -210, -209, -208, -207, -206, |
---|
327 | -205, -204, -203, 0, 0, 0, 0, 0, 0, 0, |
---|
328 | 0, 0, 0, |
---|
329 | }; |
---|
330 | static const YYINT racoonprsarindex[] = { 0, |
---|
331 | 0, -249, -249, 0, 0, 0, 0, 0, 0, 0, |
---|
332 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
333 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
334 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
335 | 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, |
---|
336 | 0, 0, 0, |
---|
337 | }; |
---|
338 | static const YYINT racoonprsagindex[] = { 0, |
---|
339 | -15, 44, 0, 0, 48, 52, 0, 25, |
---|
340 | }; |
---|
341 | #define YYTABLESIZE 58 |
---|
342 | static const YYINT racoonprsatable[] = { 20, |
---|
343 | 1, 23, 13, 24, 17, 10, 11, 14, 35, 22, |
---|
344 | 19, 36, 37, 38, 39, 2, 3, 4, 21, 2, |
---|
345 | 3, 4, 14, 14, 14, 44, 40, 41, 42, 25, |
---|
346 | 26, 27, 28, 29, 30, 31, 32, 25, 26, 27, |
---|
347 | 28, 29, 30, 31, 32, 43, 15, 46, 47, 48, |
---|
348 | 49, 50, 51, 52, 53, 18, 16, 45, |
---|
349 | }; |
---|
350 | static const YYINT racoonprsacheck[] = { 258, |
---|
351 | 257, 17, 275, 257, 257, 261, 262, 257, 24, 276, |
---|
352 | 259, 257, 257, 257, 257, 272, 273, 274, 277, 272, |
---|
353 | 273, 274, 272, 273, 274, 260, 257, 257, 257, 264, |
---|
354 | 265, 266, 267, 268, 269, 270, 271, 264, 265, 266, |
---|
355 | 267, 268, 269, 270, 271, 257, 3, 258, 258, 258, |
---|
356 | 258, 258, 258, 258, 258, 8, 5, 33, |
---|
357 | }; |
---|
358 | #define YYFINAL 5 |
---|
359 | #ifndef YYDEBUG |
---|
360 | #define YYDEBUG 0 |
---|
361 | #endif |
---|
362 | #define YYMAXTOKEN 277 |
---|
363 | #define YYUNDFTOKEN 288 |
---|
364 | #define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a)) |
---|
365 | #if YYDEBUG |
---|
366 | static const char *const racoonprsaname[] = { |
---|
367 | |
---|
368 | "end-of-file",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
369 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
370 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
371 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
372 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
373 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, |
---|
374 | 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"COLON","HEX","OBRACE","EBRACE", |
---|
375 | "TAG_RSA","TAG_PUB","TAG_PSK","MODULUS","PUBLIC_EXPONENT","PRIVATE_EXPONENT", |
---|
376 | "PRIME1","PRIME2","EXPONENT1","EXPONENT2","COEFFICIENT","ADDR4","ADDR6", |
---|
377 | "ADDRANY","SLASH","NUMBER","BASE64",0,0,0,0,0,0,0,0,0,0,"illegal-symbol", |
---|
378 | }; |
---|
379 | static const char *const racoonprsarule[] = { |
---|
380 | "$accept : statements", |
---|
381 | "statements : statements statement", |
---|
382 | "statements : statement", |
---|
383 | "statement : addr addr COLON rsa_statement", |
---|
384 | "statement : addr COLON rsa_statement", |
---|
385 | "statement : COLON rsa_statement", |
---|
386 | "rsa_statement : TAG_RSA OBRACE params EBRACE", |
---|
387 | "rsa_statement : TAG_PUB BASE64", |
---|
388 | "rsa_statement : TAG_PUB HEX", |
---|
389 | "addr : addr4", |
---|
390 | "addr : addr6", |
---|
391 | "addr : ADDRANY", |
---|
392 | "addr4 : ADDR4 prefix", |
---|
393 | "addr6 : ADDR6 prefix", |
---|
394 | "prefix :", |
---|
395 | "prefix : SLASH NUMBER", |
---|
396 | "params : params param", |
---|
397 | "params : param", |
---|
398 | "param : MODULUS COLON HEX", |
---|
399 | "param : PUBLIC_EXPONENT COLON HEX", |
---|
400 | "param : PRIVATE_EXPONENT COLON HEX", |
---|
401 | "param : PRIME1 COLON HEX", |
---|
402 | "param : PRIME2 COLON HEX", |
---|
403 | "param : EXPONENT1 COLON HEX", |
---|
404 | "param : EXPONENT2 COLON HEX", |
---|
405 | "param : COEFFICIENT COLON HEX", |
---|
406 | |
---|
407 | }; |
---|
408 | #endif |
---|
409 | |
---|
410 | int yydebug; |
---|
411 | int yynerrs; |
---|
412 | |
---|
413 | int yyerrflag; |
---|
414 | int yychar; |
---|
415 | YYSTYPE yyval; |
---|
416 | YYSTYPE yylval; |
---|
417 | |
---|
418 | /* define the initial stack-sizes */ |
---|
419 | #ifdef YYSTACKSIZE |
---|
420 | #undef YYMAXDEPTH |
---|
421 | #define YYMAXDEPTH YYSTACKSIZE |
---|
422 | #else |
---|
423 | #ifdef YYMAXDEPTH |
---|
424 | #define YYSTACKSIZE YYMAXDEPTH |
---|
425 | #else |
---|
426 | #define YYSTACKSIZE 10000 |
---|
427 | #define YYMAXDEPTH 10000 |
---|
428 | #endif |
---|
429 | #endif |
---|
430 | |
---|
431 | #define YYINITSTACKSIZE 200 |
---|
432 | |
---|
433 | typedef struct { |
---|
434 | unsigned stacksize; |
---|
435 | YYINT *s_base; |
---|
436 | YYINT *s_mark; |
---|
437 | YYINT *s_last; |
---|
438 | YYSTYPE *l_base; |
---|
439 | YYSTYPE *l_mark; |
---|
440 | } YYSTACKDATA; |
---|
441 | /* variables for the parser stack */ |
---|
442 | static YYSTACKDATA yystack; |
---|
443 | #line 327 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
444 | |
---|
445 | int prsaparse(void); |
---|
446 | |
---|
447 | int |
---|
448 | prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type) |
---|
449 | { |
---|
450 | FILE *fp = NULL; |
---|
451 | int ret; |
---|
452 | |
---|
453 | if (!fname) |
---|
454 | return -1; |
---|
455 | if (type == RSA_TYPE_PRIVATE) { |
---|
456 | struct stat st; |
---|
457 | if (stat(fname, &st) < 0) |
---|
458 | return -1; |
---|
459 | if (st.st_mode & (S_IRWXG | S_IRWXO)) { |
---|
460 | plog(LLV_ERROR, LOCATION, NULL, |
---|
461 | "Too slack permissions on private key '%s'\n", |
---|
462 | fname); |
---|
463 | plog(LLV_ERROR, LOCATION, NULL, |
---|
464 | "Should be at most 0600, now is 0%o\n", |
---|
465 | st.st_mode & 0777); |
---|
466 | return -1; |
---|
467 | } |
---|
468 | } |
---|
469 | fp = fopen(fname, "r"); |
---|
470 | if (!fp) |
---|
471 | return -1; |
---|
472 | prsain = fp; |
---|
473 | prsa_cur_lineno = 1; |
---|
474 | prsa_cur_fname = fname; |
---|
475 | prsa_cur_list = list; |
---|
476 | prsa_cur_type = type; |
---|
477 | rsa_cur = RSA_new(); |
---|
478 | ret = prsaparse(); |
---|
479 | if (rsa_cur) { |
---|
480 | RSA_free(rsa_cur); |
---|
481 | rsa_cur = NULL; |
---|
482 | } |
---|
483 | fclose (fp); |
---|
484 | prsain = NULL; |
---|
485 | return ret; |
---|
486 | } |
---|
487 | #line 488 "racoonprsa.tab.c" |
---|
488 | |
---|
489 | #if YYDEBUG |
---|
490 | #include <stdio.h> /* needed for printf */ |
---|
491 | #endif |
---|
492 | |
---|
493 | #include <stdlib.h> /* needed for malloc, etc */ |
---|
494 | #include <string.h> /* needed for memset */ |
---|
495 | |
---|
496 | /* allocate initial stack or double stack size, up to YYMAXDEPTH */ |
---|
497 | static int yygrowstack(YYSTACKDATA *data) |
---|
498 | { |
---|
499 | int i; |
---|
500 | unsigned newsize; |
---|
501 | YYINT *newss; |
---|
502 | YYSTYPE *newvs; |
---|
503 | |
---|
504 | if ((newsize = data->stacksize) == 0) |
---|
505 | newsize = YYINITSTACKSIZE; |
---|
506 | else if (newsize >= YYMAXDEPTH) |
---|
507 | return YYENOMEM; |
---|
508 | else if ((newsize *= 2) > YYMAXDEPTH) |
---|
509 | newsize = YYMAXDEPTH; |
---|
510 | |
---|
511 | i = (int) (data->s_mark - data->s_base); |
---|
512 | newss = (YYINT *)realloc(data->s_base, newsize * sizeof(*newss)); |
---|
513 | if (newss == 0) |
---|
514 | return YYENOMEM; |
---|
515 | |
---|
516 | data->s_base = newss; |
---|
517 | data->s_mark = newss + i; |
---|
518 | |
---|
519 | newvs = (YYSTYPE *)realloc(data->l_base, newsize * sizeof(*newvs)); |
---|
520 | if (newvs == 0) |
---|
521 | return YYENOMEM; |
---|
522 | |
---|
523 | data->l_base = newvs; |
---|
524 | data->l_mark = newvs + i; |
---|
525 | |
---|
526 | data->stacksize = newsize; |
---|
527 | data->s_last = data->s_base + newsize - 1; |
---|
528 | return 0; |
---|
529 | } |
---|
530 | |
---|
531 | #if YYPURE || defined(YY_NO_LEAKS) |
---|
532 | static void yyfreestack(YYSTACKDATA *data) |
---|
533 | { |
---|
534 | free(data->s_base); |
---|
535 | free(data->l_base); |
---|
536 | memset(data, 0, sizeof(*data)); |
---|
537 | } |
---|
538 | #else |
---|
539 | #define yyfreestack(data) /* nothing */ |
---|
540 | #endif |
---|
541 | |
---|
542 | #define YYABORT goto yyabort |
---|
543 | #define YYREJECT goto yyabort |
---|
544 | #define YYACCEPT goto yyaccept |
---|
545 | #define YYERROR goto yyerrlab |
---|
546 | |
---|
547 | int |
---|
548 | YYPARSE_DECL() |
---|
549 | { |
---|
550 | int yym, yyn, yystate; |
---|
551 | #if YYDEBUG |
---|
552 | const char *yys; |
---|
553 | |
---|
554 | if ((yys = getenv("YYDEBUG")) != 0) |
---|
555 | { |
---|
556 | yyn = *yys; |
---|
557 | if (yyn >= '0' && yyn <= '9') |
---|
558 | yydebug = yyn - '0'; |
---|
559 | } |
---|
560 | #endif |
---|
561 | |
---|
562 | yym = 0; |
---|
563 | yyn = 0; |
---|
564 | yynerrs = 0; |
---|
565 | yyerrflag = 0; |
---|
566 | yychar = YYEMPTY; |
---|
567 | yystate = 0; |
---|
568 | |
---|
569 | #if YYPURE |
---|
570 | memset(&yystack, 0, sizeof(yystack)); |
---|
571 | #endif |
---|
572 | |
---|
573 | if (yystack.s_base == NULL && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
574 | yystack.s_mark = yystack.s_base; |
---|
575 | yystack.l_mark = yystack.l_base; |
---|
576 | yystate = 0; |
---|
577 | *yystack.s_mark = 0; |
---|
578 | |
---|
579 | yyloop: |
---|
580 | if ((yyn = yydefred[yystate]) != 0) goto yyreduce; |
---|
581 | if (yychar < 0) |
---|
582 | { |
---|
583 | yychar = YYLEX; |
---|
584 | if (yychar < 0) yychar = YYEOF; |
---|
585 | #if YYDEBUG |
---|
586 | if (yydebug) |
---|
587 | { |
---|
588 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
589 | printf("%sdebug: state %d, reading %d (%s)\n", |
---|
590 | YYPREFIX, yystate, yychar, yys); |
---|
591 | } |
---|
592 | #endif |
---|
593 | } |
---|
594 | if (((yyn = yysindex[yystate]) != 0) && (yyn += yychar) >= 0 && |
---|
595 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) |
---|
596 | { |
---|
597 | #if YYDEBUG |
---|
598 | if (yydebug) |
---|
599 | printf("%sdebug: state %d, shifting to state %d\n", |
---|
600 | YYPREFIX, yystate, yytable[yyn]); |
---|
601 | #endif |
---|
602 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
603 | yystate = yytable[yyn]; |
---|
604 | *++yystack.s_mark = yytable[yyn]; |
---|
605 | *++yystack.l_mark = yylval; |
---|
606 | yychar = YYEMPTY; |
---|
607 | if (yyerrflag > 0) --yyerrflag; |
---|
608 | goto yyloop; |
---|
609 | } |
---|
610 | if (((yyn = yyrindex[yystate]) != 0) && (yyn += yychar) >= 0 && |
---|
611 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yychar) |
---|
612 | { |
---|
613 | yyn = yytable[yyn]; |
---|
614 | goto yyreduce; |
---|
615 | } |
---|
616 | if (yyerrflag != 0) goto yyinrecovery; |
---|
617 | |
---|
618 | YYERROR_CALL("syntax error"); |
---|
619 | |
---|
620 | goto yyerrlab; /* redundant goto avoids 'unused label' warning */ |
---|
621 | yyerrlab: |
---|
622 | ++yynerrs; |
---|
623 | |
---|
624 | yyinrecovery: |
---|
625 | if (yyerrflag < 3) |
---|
626 | { |
---|
627 | yyerrflag = 3; |
---|
628 | for (;;) |
---|
629 | { |
---|
630 | if (((yyn = yysindex[*yystack.s_mark]) != 0) && (yyn += YYERRCODE) >= 0 && |
---|
631 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) YYERRCODE) |
---|
632 | { |
---|
633 | #if YYDEBUG |
---|
634 | if (yydebug) |
---|
635 | printf("%sdebug: state %d, error recovery shifting\ |
---|
636 | to state %d\n", YYPREFIX, *yystack.s_mark, yytable[yyn]); |
---|
637 | #endif |
---|
638 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
639 | yystate = yytable[yyn]; |
---|
640 | *++yystack.s_mark = yytable[yyn]; |
---|
641 | *++yystack.l_mark = yylval; |
---|
642 | goto yyloop; |
---|
643 | } |
---|
644 | else |
---|
645 | { |
---|
646 | #if YYDEBUG |
---|
647 | if (yydebug) |
---|
648 | printf("%sdebug: error recovery discarding state %d\n", |
---|
649 | YYPREFIX, *yystack.s_mark); |
---|
650 | #endif |
---|
651 | if (yystack.s_mark <= yystack.s_base) goto yyabort; |
---|
652 | --yystack.s_mark; |
---|
653 | --yystack.l_mark; |
---|
654 | } |
---|
655 | } |
---|
656 | } |
---|
657 | else |
---|
658 | { |
---|
659 | if (yychar == YYEOF) goto yyabort; |
---|
660 | #if YYDEBUG |
---|
661 | if (yydebug) |
---|
662 | { |
---|
663 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
664 | printf("%sdebug: state %d, error recovery discards token %d (%s)\n", |
---|
665 | YYPREFIX, yystate, yychar, yys); |
---|
666 | } |
---|
667 | #endif |
---|
668 | yychar = YYEMPTY; |
---|
669 | goto yyloop; |
---|
670 | } |
---|
671 | |
---|
672 | yyreduce: |
---|
673 | #if YYDEBUG |
---|
674 | if (yydebug) |
---|
675 | printf("%sdebug: state %d, reducing by rule %d (%s)\n", |
---|
676 | YYPREFIX, yystate, yyn, yyrule[yyn]); |
---|
677 | #endif |
---|
678 | yym = yylen[yyn]; |
---|
679 | if (yym > 0) |
---|
680 | yyval = yystack.l_mark[1-yym]; |
---|
681 | else |
---|
682 | memset(&yyval, 0, sizeof yyval); |
---|
683 | |
---|
684 | switch (yyn) |
---|
685 | { |
---|
686 | case 3: |
---|
687 | #line 167 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
688 | { |
---|
689 | rsa_key_insert(prsa_cur_list, yystack.l_mark[-3].naddr, yystack.l_mark[-2].naddr, yystack.l_mark[0].rsa); |
---|
690 | } |
---|
691 | break; |
---|
692 | case 4: |
---|
693 | #line 171 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
694 | { |
---|
695 | rsa_key_insert(prsa_cur_list, NULL, yystack.l_mark[-2].naddr, yystack.l_mark[0].rsa); |
---|
696 | } |
---|
697 | break; |
---|
698 | case 5: |
---|
699 | #line 175 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
700 | { |
---|
701 | rsa_key_insert(prsa_cur_list, NULL, NULL, yystack.l_mark[0].rsa); |
---|
702 | } |
---|
703 | break; |
---|
704 | case 6: |
---|
705 | #line 182 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
706 | { |
---|
707 | if (prsa_cur_type == RSA_TYPE_PUBLIC) { |
---|
708 | prsawarning("Using private key for public key purpose.\n"); |
---|
709 | if (!rsa_cur->n || !rsa_cur->e) { |
---|
710 | prsaerror("Incomplete key. Mandatory parameters are missing!\n"); |
---|
711 | YYABORT; |
---|
712 | } |
---|
713 | } |
---|
714 | else { |
---|
715 | if (!rsa_cur->n || !rsa_cur->e || !rsa_cur->d) { |
---|
716 | prsaerror("Incomplete key. Mandatory parameters are missing!\n"); |
---|
717 | YYABORT; |
---|
718 | } |
---|
719 | if (!rsa_cur->p || !rsa_cur->q || !rsa_cur->dmp1 |
---|
720 | || !rsa_cur->dmq1 || !rsa_cur->iqmp) { |
---|
721 | if (rsa_cur->p) BN_clear_free(rsa_cur->p); |
---|
722 | if (rsa_cur->q) BN_clear_free(rsa_cur->q); |
---|
723 | if (rsa_cur->dmp1) BN_clear_free(rsa_cur->dmp1); |
---|
724 | if (rsa_cur->dmq1) BN_clear_free(rsa_cur->dmq1); |
---|
725 | if (rsa_cur->iqmp) BN_clear_free(rsa_cur->iqmp); |
---|
726 | |
---|
727 | rsa_cur->p = NULL; |
---|
728 | rsa_cur->q = NULL; |
---|
729 | rsa_cur->dmp1 = NULL; |
---|
730 | rsa_cur->dmq1 = NULL; |
---|
731 | rsa_cur->iqmp = NULL; |
---|
732 | } |
---|
733 | } |
---|
734 | yyval.rsa = rsa_cur; |
---|
735 | rsa_cur = RSA_new(); |
---|
736 | } |
---|
737 | break; |
---|
738 | case 7: |
---|
739 | #line 214 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
740 | { |
---|
741 | if (prsa_cur_type == RSA_TYPE_PRIVATE) { |
---|
742 | prsaerror("Public key in private-key file!\n"); |
---|
743 | YYABORT; |
---|
744 | } |
---|
745 | yyval.rsa = base64_pubkey2rsa(yystack.l_mark[0].chr); |
---|
746 | free(yystack.l_mark[0].chr); |
---|
747 | } |
---|
748 | break; |
---|
749 | case 8: |
---|
750 | #line 223 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
751 | { |
---|
752 | if (prsa_cur_type == RSA_TYPE_PRIVATE) { |
---|
753 | prsaerror("Public key in private-key file!\n"); |
---|
754 | YYABORT; |
---|
755 | } |
---|
756 | yyval.rsa = bignum_pubkey2rsa(yystack.l_mark[0].bn); |
---|
757 | } |
---|
758 | break; |
---|
759 | case 11: |
---|
760 | #line 236 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
761 | { |
---|
762 | yyval.naddr = NULL; |
---|
763 | } |
---|
764 | break; |
---|
765 | case 12: |
---|
766 | #line 243 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
767 | { |
---|
768 | int err; |
---|
769 | struct sockaddr_in *sap; |
---|
770 | struct addrinfo hints, *res; |
---|
771 | |
---|
772 | if (yystack.l_mark[0].num == -1) yystack.l_mark[0].num = 32; |
---|
773 | if (yystack.l_mark[0].num < 0 || yystack.l_mark[0].num > 32) { |
---|
774 | prsaerror ("Invalid IPv4 prefix\n"); |
---|
775 | YYABORT; |
---|
776 | } |
---|
777 | yyval.naddr = calloc (sizeof(struct netaddr), 1); |
---|
778 | yyval.naddr->prefix = yystack.l_mark[0].num; |
---|
779 | sap = (struct sockaddr_in *)(&yyval.naddr->sa); |
---|
780 | memset(&hints, 0, sizeof(hints)); |
---|
781 | hints.ai_family = AF_INET; |
---|
782 | hints.ai_flags = AI_NUMERICHOST; |
---|
783 | err = getaddrinfo(yystack.l_mark[-1].chr, NULL, &hints, &res); |
---|
784 | if (err < 0) { |
---|
785 | prsaerror("getaddrinfo(%s): %s\n", yystack.l_mark[-1].chr, gai_strerror(err)); |
---|
786 | YYABORT; |
---|
787 | } |
---|
788 | memcpy(sap, res->ai_addr, res->ai_addrlen); |
---|
789 | freeaddrinfo(res); |
---|
790 | free(yystack.l_mark[-1].chr); |
---|
791 | } |
---|
792 | break; |
---|
793 | case 13: |
---|
794 | #line 272 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
795 | { |
---|
796 | int err; |
---|
797 | struct sockaddr_in6 *sap; |
---|
798 | struct addrinfo hints, *res; |
---|
799 | |
---|
800 | if (yystack.l_mark[0].num == -1) yystack.l_mark[0].num = 128; |
---|
801 | if (yystack.l_mark[0].num < 0 || yystack.l_mark[0].num > 128) { |
---|
802 | prsaerror ("Invalid IPv6 prefix\n"); |
---|
803 | YYABORT; |
---|
804 | } |
---|
805 | yyval.naddr = calloc (sizeof(struct netaddr), 1); |
---|
806 | yyval.naddr->prefix = yystack.l_mark[0].num; |
---|
807 | sap = (struct sockaddr_in6 *)(&yyval.naddr->sa); |
---|
808 | memset(&hints, 0, sizeof(hints)); |
---|
809 | hints.ai_family = AF_INET6; |
---|
810 | hints.ai_flags = AI_NUMERICHOST; |
---|
811 | err = getaddrinfo(yystack.l_mark[-1].chr, NULL, &hints, &res); |
---|
812 | if (err < 0) { |
---|
813 | prsaerror("getaddrinfo(%s): %s\n", yystack.l_mark[-1].chr, gai_strerror(err)); |
---|
814 | YYABORT; |
---|
815 | } |
---|
816 | memcpy(sap, res->ai_addr, res->ai_addrlen); |
---|
817 | freeaddrinfo(res); |
---|
818 | free(yystack.l_mark[-1].chr); |
---|
819 | } |
---|
820 | break; |
---|
821 | case 14: |
---|
822 | #line 300 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
823 | { yyval.num = -1; } |
---|
824 | break; |
---|
825 | case 15: |
---|
826 | #line 301 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
827 | { yyval.num = yystack.l_mark[0].num; } |
---|
828 | break; |
---|
829 | case 18: |
---|
830 | #line 310 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
831 | { if (!rsa_cur->n) rsa_cur->n = yystack.l_mark[0].bn; else { prsaerror ("Modulus already defined\n"); YYABORT; } } |
---|
832 | break; |
---|
833 | case 19: |
---|
834 | #line 312 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
835 | { if (!rsa_cur->e) rsa_cur->e = yystack.l_mark[0].bn; else { prsaerror ("PublicExponent already defined\n"); YYABORT; } } |
---|
836 | break; |
---|
837 | case 20: |
---|
838 | #line 314 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
839 | { if (!rsa_cur->d) rsa_cur->d = yystack.l_mark[0].bn; else { prsaerror ("PrivateExponent already defined\n"); YYABORT; } } |
---|
840 | break; |
---|
841 | case 21: |
---|
842 | #line 316 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
843 | { if (!rsa_cur->p) rsa_cur->p = yystack.l_mark[0].bn; else { prsaerror ("Prime1 already defined\n"); YYABORT; } } |
---|
844 | break; |
---|
845 | case 22: |
---|
846 | #line 318 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
847 | { if (!rsa_cur->q) rsa_cur->q = yystack.l_mark[0].bn; else { prsaerror ("Prime2 already defined\n"); YYABORT; } } |
---|
848 | break; |
---|
849 | case 23: |
---|
850 | #line 320 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
851 | { if (!rsa_cur->dmp1) rsa_cur->dmp1 = yystack.l_mark[0].bn; else { prsaerror ("Exponent1 already defined\n"); YYABORT; } } |
---|
852 | break; |
---|
853 | case 24: |
---|
854 | #line 322 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
855 | { if (!rsa_cur->dmq1) rsa_cur->dmq1 = yystack.l_mark[0].bn; else { prsaerror ("Exponent2 already defined\n"); YYABORT; } } |
---|
856 | break; |
---|
857 | case 25: |
---|
858 | #line 324 "../../ipsec-tools/src/racoon/prsa_par.y" |
---|
859 | { if (!rsa_cur->iqmp) rsa_cur->iqmp = yystack.l_mark[0].bn; else { prsaerror ("Coefficient already defined\n"); YYABORT; } } |
---|
860 | break; |
---|
861 | #line 862 "racoonprsa.tab.c" |
---|
862 | } |
---|
863 | yystack.s_mark -= yym; |
---|
864 | yystate = *yystack.s_mark; |
---|
865 | yystack.l_mark -= yym; |
---|
866 | yym = yylhs[yyn]; |
---|
867 | if (yystate == 0 && yym == 0) |
---|
868 | { |
---|
869 | #if YYDEBUG |
---|
870 | if (yydebug) |
---|
871 | printf("%sdebug: after reduction, shifting from state 0 to\ |
---|
872 | state %d\n", YYPREFIX, YYFINAL); |
---|
873 | #endif |
---|
874 | yystate = YYFINAL; |
---|
875 | *++yystack.s_mark = YYFINAL; |
---|
876 | *++yystack.l_mark = yyval; |
---|
877 | if (yychar < 0) |
---|
878 | { |
---|
879 | yychar = YYLEX; |
---|
880 | if (yychar < 0) yychar = YYEOF; |
---|
881 | #if YYDEBUG |
---|
882 | if (yydebug) |
---|
883 | { |
---|
884 | if ((yys = yyname[YYTRANSLATE(yychar)]) == NULL) yys = yyname[YYUNDFTOKEN]; |
---|
885 | printf("%sdebug: state %d, reading %d (%s)\n", |
---|
886 | YYPREFIX, YYFINAL, yychar, yys); |
---|
887 | } |
---|
888 | #endif |
---|
889 | } |
---|
890 | if (yychar == YYEOF) goto yyaccept; |
---|
891 | goto yyloop; |
---|
892 | } |
---|
893 | if (((yyn = yygindex[yym]) != 0) && (yyn += yystate) >= 0 && |
---|
894 | yyn <= YYTABLESIZE && yycheck[yyn] == (YYINT) yystate) |
---|
895 | yystate = yytable[yyn]; |
---|
896 | else |
---|
897 | yystate = yydgoto[yym]; |
---|
898 | #if YYDEBUG |
---|
899 | if (yydebug) |
---|
900 | printf("%sdebug: after reduction, shifting from state %d \ |
---|
901 | to state %d\n", YYPREFIX, *yystack.s_mark, yystate); |
---|
902 | #endif |
---|
903 | if (yystack.s_mark >= yystack.s_last && yygrowstack(&yystack) == YYENOMEM) goto yyoverflow; |
---|
904 | *++yystack.s_mark = (YYINT) yystate; |
---|
905 | *++yystack.l_mark = yyval; |
---|
906 | goto yyloop; |
---|
907 | |
---|
908 | yyoverflow: |
---|
909 | YYERROR_CALL("yacc stack overflow"); |
---|
910 | |
---|
911 | yyabort: |
---|
912 | yyfreestack(&yystack); |
---|
913 | return (1); |
---|
914 | |
---|
915 | yyaccept: |
---|
916 | yyfreestack(&yystack); |
---|
917 | return (0); |
---|
918 | } |
---|