version 1.1.1.2.2.3, 2005/09/03 07:03:49 |
version 1.15.4.1, 2009/02/08 18:42:15 |
|
|
/* $NetBSD$ */ |
/* $NetBSD$ */ |
|
|
/* Id: crypto_openssl.c,v 1.40.4.5 2005/07/12 11:50:15 manubsd Exp */ |
/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */ |
|
|
/* |
/* |
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. |
|
|
#else |
#else |
#include "crypto/rijndael/rijndael-api-fst.h" |
#include "crypto/rijndael/rijndael-api-fst.h" |
#endif |
#endif |
|
#if defined(HAVE_OPENSSL_CAMELLIA_H) |
|
#include <openssl/camellia.h> |
|
#endif |
#ifdef WITH_SHA2 |
#ifdef WITH_SHA2 |
#ifdef HAVE_OPENSSL_SHA2_H |
#ifdef HAVE_OPENSSL_SHA2_H |
#include <openssl/sha2.h> |
#include <openssl/sha2.h> |
|
|
#include "crypto/sha2/sha2.h" |
#include "crypto/sha2/sha2.h" |
#endif |
#endif |
#endif |
#endif |
|
#include "plog.h" |
|
|
/* 0.9.7 stuff? */ |
/* 0.9.7 stuff? */ |
#if OPENSSL_VERSION_NUMBER < 0x0090700fL |
#if OPENSSL_VERSION_NUMBER < 0x0090700fL |
Line 129 eay_str2asn1dn(str, len) |
|
Line 133 eay_str2asn1dn(str, len) |
|
char *buf; |
char *buf; |
char *field, *value; |
char *field, *value; |
int i, j; |
int i, j; |
vchar_t *ret; |
vchar_t *ret = NULL; |
caddr_t p; |
caddr_t p; |
|
|
if (len == -1) |
if (len == -1) |
Line 137 eay_str2asn1dn(str, len) |
|
Line 141 eay_str2asn1dn(str, len) |
|
|
|
buf = racoon_malloc(len + 1); |
buf = racoon_malloc(len + 1); |
if (!buf) { |
if (!buf) { |
printf("failed to allocate buffer\n"); |
plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); |
return NULL; |
return NULL; |
} |
} |
memcpy(buf, str, len); |
memcpy(buf, str, len); |
Line 214 eay_str2asn1dn(str, len) |
|
Line 218 eay_str2asn1dn(str, len) |
|
racoon_free(buf); |
racoon_free(buf); |
if (name) |
if (name) |
X509_NAME_free(name); |
X509_NAME_free(name); |
|
if (ret) |
|
vfree(ret); |
return NULL; |
return NULL; |
} |
} |
|
|
Line 241 eay_hex2asn1dn(const char *hex, int len) |
|
Line 247 eay_hex2asn1dn(const char *hex, int len) |
|
binlen = BN_num_bytes(bn); |
binlen = BN_num_bytes(bn); |
ret = vmalloc(binlen); |
ret = vmalloc(binlen); |
if (!ret) { |
if (!ret) { |
printf("failed to allocate buffer\n"); |
plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n"); |
return NULL; |
return NULL; |
} |
} |
binbuf = ret->v; |
binbuf = ret->v; |
Line 490 eay_check_x509cert(cert, CApath, CAfile, |
|
Line 496 eay_check_x509cert(cert, CApath, CAfile, |
|
|
|
end: |
end: |
if (error) |
if (error) |
printf("%s\n", eay_strerror()); |
plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror()); |
if (cert_ctx != NULL) |
if (cert_ctx != NULL) |
X509_STORE_free(cert_ctx); |
X509_STORE_free(cert_ctx); |
if (x509 != NULL) |
if (x509 != NULL) |
Line 594 eay_get_x509asn1subjectname(cert) |
|
Line 600 eay_get_x509asn1subjectname(cert) |
|
u_char *bp; |
u_char *bp; |
vchar_t *name = NULL; |
vchar_t *name = NULL; |
int len; |
int len; |
int error = -1; |
|
|
|
bp = (unsigned char *) cert->v; |
bp = (unsigned char *) cert->v; |
|
|
x509 = mem2x509(cert); |
x509 = mem2x509(cert); |
if (x509 == NULL) |
if (x509 == NULL) |
goto end; |
goto error; |
|
|
/* get the length of the name */ |
/* get the length of the name */ |
len = i2d_X509_NAME(x509->cert_info->subject, NULL); |
len = i2d_X509_NAME(x509->cert_info->subject, NULL); |
name = vmalloc(len); |
name = vmalloc(len); |
if (!name) |
if (!name) |
goto end; |
goto error; |
/* get the name */ |
/* get the name */ |
bp = (unsigned char *) name->v; |
bp = (unsigned char *) name->v; |
len = i2d_X509_NAME(x509->cert_info->subject, &bp); |
len = i2d_X509_NAME(x509->cert_info->subject, &bp); |
|
|
error = 0; |
X509_free(x509); |
|
|
end: |
return name; |
if (error) { |
|
plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
error: |
if (name) { |
plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
vfree(name); |
|
name = NULL; |
if (name != NULL) |
} |
vfree(name); |
} |
|
if (x509) |
if (x509 != NULL) |
X509_free(x509); |
X509_free(x509); |
|
|
return name; |
return NULL; |
} |
} |
|
|
/* |
/* |
Line 671 eay_get_x509subjectaltname(cert, altname |
|
Line 676 eay_get_x509subjectaltname(cert, altname |
|
{ |
{ |
plog(LLV_ERROR, LOCATION, NULL, |
plog(LLV_ERROR, LOCATION, NULL, |
"data is not terminated by NUL."); |
"data is not terminated by NUL."); |
hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); |
racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1); |
goto end; |
goto end; |
} |
} |
|
|
Line 1289 eay_idea_encrypt(data, key, iv) |
|
Line 1294 eay_idea_encrypt(data, key, iv) |
|
vchar_t *res; |
vchar_t *res; |
IDEA_KEY_SCHEDULE ks; |
IDEA_KEY_SCHEDULE ks; |
|
|
idea_set_encrypt_key(key->v, &ks); |
idea_set_encrypt_key((unsigned char *)key->v, &ks); |
|
|
/* allocate buffer for result */ |
/* allocate buffer for result */ |
if ((res = vmalloc(data->l)) == NULL) |
if ((res = vmalloc(data->l)) == NULL) |
return NULL; |
return NULL; |
|
|
/* decryption data */ |
/* decryption data */ |
idea_cbc_encrypt(data->v, res->v, data->l, |
idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
&ks, iv->v, IDEA_ENCRYPT); |
&ks, (unsigned char *)iv->v, IDEA_ENCRYPT); |
|
|
return res; |
return res; |
} |
} |
Line 1309 eay_idea_decrypt(data, key, iv) |
|
Line 1314 eay_idea_decrypt(data, key, iv) |
|
vchar_t *res; |
vchar_t *res; |
IDEA_KEY_SCHEDULE ks, dks; |
IDEA_KEY_SCHEDULE ks, dks; |
|
|
idea_set_encrypt_key(key->v, &ks); |
idea_set_encrypt_key((unsigned char *)key->v, &ks); |
idea_set_decrypt_key(&ks, &dks); |
idea_set_decrypt_key(&ks, &dks); |
|
|
/* allocate buffer for result */ |
/* allocate buffer for result */ |
Line 1317 eay_idea_decrypt(data, key, iv) |
|
Line 1322 eay_idea_decrypt(data, key, iv) |
|
return NULL; |
return NULL; |
|
|
/* decryption data */ |
/* decryption data */ |
idea_cbc_encrypt(data->v, res->v, data->l, |
idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
&dks, iv->v, IDEA_DECRYPT); |
&dks, (unsigned char *)iv->v, IDEA_DECRYPT); |
|
|
return res; |
return res; |
} |
} |
Line 1387 eay_rc5_encrypt(data, key, iv) |
|
Line 1392 eay_rc5_encrypt(data, key, iv) |
|
RC5_32_KEY ks; |
RC5_32_KEY ks; |
|
|
/* in RFC 2451, there is information about the number of round. */ |
/* in RFC 2451, there is information about the number of round. */ |
RC5_32_set_key(&ks, key->l, key->v, 16); |
RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); |
|
|
/* allocate buffer for result */ |
/* allocate buffer for result */ |
if ((res = vmalloc(data->l)) == NULL) |
if ((res = vmalloc(data->l)) == NULL) |
return NULL; |
return NULL; |
|
|
/* decryption data */ |
/* decryption data */ |
RC5_32_cbc_encrypt(data->v, res->v, data->l, |
RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
&ks, iv->v, RC5_ENCRYPT); |
&ks, (unsigned char *)iv->v, RC5_ENCRYPT); |
|
|
return res; |
return res; |
} |
} |
Line 1408 eay_rc5_decrypt(data, key, iv) |
|
Line 1413 eay_rc5_decrypt(data, key, iv) |
|
RC5_32_KEY ks; |
RC5_32_KEY ks; |
|
|
/* in RFC 2451, there is information about the number of round. */ |
/* in RFC 2451, there is information about the number of round. */ |
RC5_32_set_key(&ks, key->l, key->v, 16); |
RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16); |
|
|
/* allocate buffer for result */ |
/* allocate buffer for result */ |
if ((res = vmalloc(data->l)) == NULL) |
if ((res = vmalloc(data->l)) == NULL) |
return NULL; |
return NULL; |
|
|
/* decryption data */ |
/* decryption data */ |
RC5_32_cbc_encrypt(data->v, res->v, data->l, |
RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, |
&ks, iv->v, RC5_DECRYPT); |
&ks, (unsigned char *)iv->v, RC5_DECRYPT); |
|
|
return res; |
return res; |
} |
} |
Line 1635 eay_aes_keylen(len) |
|
Line 1640 eay_aes_keylen(len) |
|
return len; |
return len; |
} |
} |
|
|
|
#if defined(HAVE_OPENSSL_CAMELLIA_H) |
|
/* |
|
* CAMELLIA-CBC |
|
*/ |
|
static inline const EVP_CIPHER * |
|
camellia_evp_by_keylen(int keylen) |
|
{ |
|
switch(keylen) { |
|
case 16: |
|
case 128: |
|
return EVP_camellia_128_cbc(); |
|
case 24: |
|
case 192: |
|
return EVP_camellia_192_cbc(); |
|
case 32: |
|
case 256: |
|
return EVP_camellia_256_cbc(); |
|
default: |
|
return NULL; |
|
} |
|
} |
|
|
|
vchar_t * |
|
eay_camellia_encrypt(data, key, iv) |
|
vchar_t *data, *key, *iv; |
|
{ |
|
return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1); |
|
} |
|
|
|
vchar_t * |
|
eay_camellia_decrypt(data, key, iv) |
|
vchar_t *data, *key, *iv; |
|
{ |
|
return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0); |
|
} |
|
|
|
int |
|
eay_camellia_weakkey(key) |
|
vchar_t *key; |
|
{ |
|
return 0; |
|
} |
|
|
|
int |
|
eay_camellia_keylen(len) |
|
int len; |
|
{ |
|
if (len == 0) |
|
return 128; |
|
if (len != 128 && len != 192 && len != 256) |
|
return -1; |
|
return len; |
|
} |
|
|
|
#endif |
|
|
/* for ipsec part */ |
/* for ipsec part */ |
int |
int |
eay_null_hashlen() |
eay_null_hashlen() |
Line 2439 base64_decode(char *in, long inlen) |
|
Line 2500 base64_decode(char *in, long inlen) |
|
{ |
{ |
BIO *bio=NULL, *b64=NULL; |
BIO *bio=NULL, *b64=NULL; |
vchar_t *res = NULL; |
vchar_t *res = NULL; |
char out[inlen*2]; |
char *outb; |
long outlen; |
long outlen; |
|
|
|
outb = malloc(inlen * 2); |
|
if (outb == NULL) |
|
goto out; |
bio = BIO_new_mem_buf(in, inlen); |
bio = BIO_new_mem_buf(in, inlen); |
b64 = BIO_new(BIO_f_base64()); |
b64 = BIO_new(BIO_f_base64()); |
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); |
bio = BIO_push(b64, bio); |
bio = BIO_push(b64, bio); |
|
|
outlen = BIO_read(bio, out, inlen * 2); |
outlen = BIO_read(bio, outb, inlen * 2); |
if (outlen <= 0) { |
if (outlen <= 0) { |
plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror()); |
goto out; |
goto out; |
Line 2457 base64_decode(char *in, long inlen) |
|
Line 2521 base64_decode(char *in, long inlen) |
|
if (!res) |
if (!res) |
goto out; |
goto out; |
|
|
memcpy(res->v, out, outlen); |
memcpy(res->v, outb, outlen); |
|
|
out: |
out: |
|
if (outb) |
|
free(outb); |
if (bio) |
if (bio) |
BIO_free_all(bio); |
BIO_free_all(bio); |
|
|