[BACK]Return to crypto_openssl.c CVS log [TXT][DIR] Up to [cvs.NetBSD.org] / src / crypto / dist / ipsec-tools / src / racoon

Annotation of src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c, Revision 1.14.6.1

1.14.6.1! wrstuden    1: /*     $NetBSD: crypto_openssl.c,v 1.14 2008/01/11 14:09:05 vanhu Exp $        */
1.2       manu        2:
1.8       manu        3: /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
1.1       manu        4:
                      5: /*
                      6:  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
                      7:  * All rights reserved.
                      8:  *
                      9:  * Redistribution and use in source and binary forms, with or without
                     10:  * modification, are permitted provided that the following conditions
                     11:  * are met:
                     12:  * 1. Redistributions of source code must retain the above copyright
                     13:  *    notice, this list of conditions and the following disclaimer.
                     14:  * 2. Redistributions in binary form must reproduce the above copyright
                     15:  *    notice, this list of conditions and the following disclaimer in the
                     16:  *    documentation and/or other materials provided with the distribution.
                     17:  * 3. Neither the name of the project nor the names of its contributors
                     18:  *    may be used to endorse or promote products derived from this software
                     19:  *    without specific prior written permission.
                     20:  *
                     21:  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
                     22:  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
                     23:  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
                     24:  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
                     25:  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
                     26:  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
                     27:  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
                     28:  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
                     29:  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
                     30:  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
                     31:  * SUCH DAMAGE.
                     32:  */
                     33:
                     34: #include "config.h"
                     35:
                     36: #include <sys/types.h>
                     37: #include <sys/param.h>
                     38:
                     39: #include <stdlib.h>
                     40: #include <stdio.h>
                     41: #include <limits.h>
                     42: #include <string.h>
                     43:
                     44: /* get openssl/ssleay version number */
                     45: #include <openssl/opensslv.h>
                     46:
                     47: #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
                     48: #error OpenSSL version 0.9.6 or later required.
                     49: #endif
                     50:
                     51: #include <openssl/pem.h>
                     52: #include <openssl/evp.h>
                     53: #include <openssl/x509.h>
                     54: #include <openssl/x509v3.h>
                     55: #include <openssl/x509_vfy.h>
                     56: #include <openssl/bn.h>
                     57: #include <openssl/dh.h>
                     58: #include <openssl/md5.h>
                     59: #include <openssl/sha.h>
                     60: #include <openssl/hmac.h>
                     61: #include <openssl/des.h>
                     62: #include <openssl/crypto.h>
                     63: #ifdef HAVE_OPENSSL_ENGINE_H
                     64: #include <openssl/engine.h>
                     65: #endif
                     66: #include <openssl/blowfish.h>
                     67: #include <openssl/cast.h>
                     68: #include <openssl/err.h>
1.2       manu       69: #ifdef HAVE_OPENSSL_RC5_H
                     70: #include <openssl/rc5.h>
                     71: #endif
                     72: #ifdef HAVE_OPENSSL_IDEA_H
                     73: #include <openssl/idea.h>
                     74: #endif
1.1       manu       75: #if defined(HAVE_OPENSSL_AES_H)
                     76: #include <openssl/aes.h>
                     77: #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
                     78: #include <openssl/rijndael.h>
                     79: #else
                     80: #include "crypto/rijndael/rijndael-api-fst.h"
                     81: #endif
1.10      manu       82: #if defined(HAVE_OPENSSL_CAMELLIA_H)
                     83: #include <openssl/camellia.h>
                     84: #endif
1.1       manu       85: #ifdef WITH_SHA2
                     86: #ifdef HAVE_OPENSSL_SHA2_H
                     87: #include <openssl/sha2.h>
                     88: #else
                     89: #include "crypto/sha2/sha2.h"
                     90: #endif
                     91: #endif
1.13      vanhu      92: #include "plog.h"
1.1       manu       93:
                     94: /* 0.9.7 stuff? */
                     95: #if OPENSSL_VERSION_NUMBER < 0x0090700fL
                     96: typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
                     97: #else
                     98: #define USE_NEW_DES_API
                     99: #endif
                    100:
                    101: #define OpenSSL_BUG()  do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
                    102:
                    103: #include "var.h"
                    104: #include "misc.h"
                    105: #include "vmbuf.h"
                    106: #include "plog.h"
                    107: #include "crypto_openssl.h"
                    108: #include "debug.h"
                    109: #include "gcmalloc.h"
                    110:
                    111: /*
                    112:  * I hate to cast every parameter to des_xx into void *, but it is
                    113:  * necessary for SSLeay/OpenSSL portability.  It sucks.
                    114:  */
                    115:
                    116: static int cb_check_cert_local __P((int, X509_STORE_CTX *));
                    117: static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
                    118: static X509 *mem2x509 __P((vchar_t *));
                    119:
                    120: static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
                    121:
                    122: /* X509 Certificate */
                    123: /*
                    124:  * convert the string of the subject name into DER
                    125:  * e.g. str = "C=JP, ST=Kanagawa";
                    126:  */
                    127: vchar_t *
                    128: eay_str2asn1dn(str, len)
                    129:        const char *str;
                    130:        int len;
                    131: {
                    132:        X509_NAME *name;
                    133:        char *buf;
                    134:        char *field, *value;
                    135:        int i, j;
1.12      vanhu     136:        vchar_t *ret = NULL;
1.1       manu      137:        caddr_t p;
                    138:
                    139:        if (len == -1)
                    140:                len = strlen(str);
                    141:
                    142:        buf = racoon_malloc(len + 1);
                    143:        if (!buf) {
1.9       vanhu     144:                plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
1.1       manu      145:                return NULL;
                    146:        }
                    147:        memcpy(buf, str, len);
                    148:
                    149:        name = X509_NAME_new();
                    150:
                    151:        field = &buf[0];
                    152:        value = NULL;
                    153:        for (i = 0; i < len; i++) {
                    154:                if (!value && buf[i] == '=') {
                    155:                        buf[i] = '\0';
                    156:                        value = &buf[i + 1];
                    157:                        continue;
                    158:                } else if (buf[i] == ',' || buf[i] == '/') {
                    159:                        buf[i] = '\0';
                    160:
                    161:                        plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
                    162:                             field, value);
                    163:
                    164:                        if (!value) goto err;
                    165:                        if (!X509_NAME_add_entry_by_txt(name, field,
                    166:                                        (value[0] == '*' && value[1] == 0) ?
                    167:                                                V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
1.4       manu      168:                                        (unsigned char *) value, -1, -1, 0)) {
1.1       manu      169:                                plog(LLV_ERROR, LOCATION, NULL,
                    170:                                     "Invalid DN field: %s=%s\n",
                    171:                                     field, value);
                    172:                                plog(LLV_ERROR, LOCATION, NULL,
                    173:                                     "%s\n", eay_strerror());
                    174:                                goto err;
                    175:                        }
                    176:                        for (j = i + 1; j < len; j++) {
                    177:                                if (buf[j] != ' ')
                    178:                                        break;
                    179:                        }
                    180:                        field = &buf[j];
                    181:                        value = NULL;
                    182:                        continue;
                    183:                }
                    184:        }
                    185:        buf[len] = '\0';
                    186:
                    187:        plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
                    188:             field, value);
                    189:
                    190:        if (!value) goto err;
                    191:        if (!X509_NAME_add_entry_by_txt(name, field,
                    192:                        (value[0] == '*' && value[1] == 0) ?
                    193:                                V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
1.4       manu      194:                        (unsigned char *) value, -1, -1, 0)) {
1.1       manu      195:                plog(LLV_ERROR, LOCATION, NULL,
                    196:                     "Invalid DN field: %s=%s\n",
                    197:                     field, value);
                    198:                plog(LLV_ERROR, LOCATION, NULL,
                    199:                     "%s\n", eay_strerror());
                    200:                goto err;
                    201:        }
                    202:
                    203:        i = i2d_X509_NAME(name, NULL);
                    204:        if (!i)
                    205:                goto err;
                    206:        ret = vmalloc(i);
                    207:        if (!ret)
                    208:                goto err;
                    209:        p = ret->v;
                    210:        i = i2d_X509_NAME(name, (void *)&p);
                    211:        if (!i)
                    212:                goto err;
                    213:
                    214:        return ret;
                    215:
                    216:     err:
                    217:        if (buf)
                    218:                racoon_free(buf);
                    219:        if (name)
                    220:                X509_NAME_free(name);
1.12      vanhu     221:        if (ret)
                    222:                vfree(ret);
1.1       manu      223:        return NULL;
                    224: }
                    225:
                    226: /*
                    227:  * convert the hex string of the subject name into DER
                    228:  */
                    229: vchar_t *
                    230: eay_hex2asn1dn(const char *hex, int len)
                    231: {
                    232:        BIGNUM *bn = BN_new();
                    233:        char *binbuf;
                    234:        size_t binlen;
                    235:        vchar_t *ret = NULL;
                    236:
                    237:        if (len == -1)
                    238:                len = strlen(hex);
                    239:
                    240:        if (BN_hex2bn(&bn, hex) != len) {
                    241:                plog(LLV_ERROR, LOCATION, NULL,
                    242:                     "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
                    243:                     eay_strerror());
                    244:                goto out;
                    245:        }
                    246:
                    247:        binlen = BN_num_bytes(bn);
                    248:        ret = vmalloc(binlen);
                    249:        if (!ret) {
1.9       vanhu     250:                plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
1.1       manu      251:                return NULL;
                    252:        }
                    253:        binbuf = ret->v;
                    254:
1.4       manu      255:        BN_bn2bin(bn, (unsigned char *) binbuf);
1.1       manu      256:
                    257: out:
                    258:        BN_free(bn);
                    259:
                    260:        return ret;
                    261: }
                    262:
                    263: /*
                    264:  * The following are derived from code in crypto/x509/x509_cmp.c
                    265:  * in OpenSSL0.9.7c:
                    266:  * X509_NAME_wildcmp() adds wildcard matching to the original
                    267:  * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
                    268:  */
                    269: #include <ctype.h>
                    270: /* Case insensitive string comparision */
                    271: static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
                    272: {
                    273:        int i;
                    274:
                    275:        if (a->length != b->length)
                    276:                return (a->length - b->length);
                    277:
                    278:        for (i=0; i<a->length; i++)
                    279:        {
                    280:                int ca, cb;
                    281:
                    282:                ca = tolower(a->data[i]);
                    283:                cb = tolower(b->data[i]);
                    284:
                    285:                if (ca != cb)
                    286:                        return(ca-cb);
                    287:        }
                    288:        return 0;
                    289: }
                    290:
                    291: /* Case insensitive string comparision with space normalization
                    292:  * Space normalization - ignore leading, trailing spaces,
                    293:  *       multiple spaces between characters are replaced by single space
                    294:  */
                    295: static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
                    296: {
                    297:        unsigned char *pa = NULL, *pb = NULL;
                    298:        int la, lb;
                    299:
                    300:        la = a->length;
                    301:        lb = b->length;
                    302:        pa = a->data;
                    303:        pb = b->data;
                    304:
                    305:        /* skip leading spaces */
                    306:        while (la > 0 && isspace(*pa))
                    307:        {
                    308:                la--;
                    309:                pa++;
                    310:        }
                    311:        while (lb > 0 && isspace(*pb))
                    312:        {
                    313:                lb--;
                    314:                pb++;
                    315:        }
                    316:
                    317:        /* skip trailing spaces */
                    318:        while (la > 0 && isspace(pa[la-1]))
                    319:                la--;
                    320:        while (lb > 0 && isspace(pb[lb-1]))
                    321:                lb--;
                    322:
                    323:        /* compare strings with space normalization */
                    324:        while (la > 0 && lb > 0)
                    325:        {
                    326:                int ca, cb;
                    327:
                    328:                /* compare character */
                    329:                ca = tolower(*pa);
                    330:                cb = tolower(*pb);
                    331:                if (ca != cb)
                    332:                        return (ca - cb);
                    333:
                    334:                pa++; pb++;
                    335:                la--; lb--;
                    336:
                    337:                if (la <= 0 || lb <= 0)
                    338:                        break;
                    339:
                    340:                /* is white space next character ? */
                    341:                if (isspace(*pa) && isspace(*pb))
                    342:                {
                    343:                        /* skip remaining white spaces */
                    344:                        while (la > 0 && isspace(*pa))
                    345:                        {
                    346:                                la--;
                    347:                                pa++;
                    348:                        }
                    349:                        while (lb > 0 && isspace(*pb))
                    350:                        {
                    351:                                lb--;
                    352:                                pb++;
                    353:                        }
                    354:                }
                    355:        }
                    356:        if (la > 0 || lb > 0)
                    357:                return la - lb;
                    358:
                    359:        return 0;
                    360: }
                    361:
                    362: static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
                    363: {
                    364:     int i,j;
                    365:     X509_NAME_ENTRY *na,*nb;
                    366:
                    367:     if (sk_X509_NAME_ENTRY_num(a->entries)
                    368:        != sk_X509_NAME_ENTRY_num(b->entries))
                    369:            return sk_X509_NAME_ENTRY_num(a->entries)
                    370:              -sk_X509_NAME_ENTRY_num(b->entries);
                    371:     for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
                    372:     {
                    373:            na=sk_X509_NAME_ENTRY_value(a->entries,i);
                    374:            nb=sk_X509_NAME_ENTRY_value(b->entries,i);
                    375:            j=OBJ_cmp(na->object,nb->object);
                    376:            if (j) return(j);
                    377:            if ((na->value->length == 1 && na->value->data[0] == '*')
                    378:             || (nb->value->length == 1 && nb->value->data[0] == '*'))
                    379:                    continue;
                    380:            j=na->value->type-nb->value->type;
                    381:            if (j) return(j);
                    382:            if (na->value->type == V_ASN1_PRINTABLESTRING)
                    383:                    j=nocase_spacenorm_cmp(na->value, nb->value);
                    384:            else if (na->value->type == V_ASN1_IA5STRING
                    385:                    && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
                    386:                    j=nocase_cmp(na->value, nb->value);
                    387:            else
                    388:                    {
                    389:                    j=na->value->length-nb->value->length;
                    390:                    if (j) return(j);
                    391:                    j=memcmp(na->value->data,nb->value->data,
                    392:                            na->value->length);
                    393:                    }
                    394:            if (j) return(j);
                    395:            j=na->set-nb->set;
                    396:            if (j) return(j);
                    397:     }
                    398:
                    399:     return(0);
                    400: }
                    401:
                    402: /*
                    403:  * compare two subjectNames.
                    404:  * OUT:        0: equal
                    405:  *     positive:
                    406:  *           -1: other error.
                    407:  */
                    408: int
                    409: eay_cmp_asn1dn(n1, n2)
                    410:        vchar_t *n1, *n2;
                    411: {
                    412:        X509_NAME *a = NULL, *b = NULL;
                    413:        caddr_t p;
                    414:        int i = -1;
                    415:
                    416:        p = n1->v;
                    417:        if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
                    418:                goto end;
                    419:        p = n2->v;
                    420:        if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
                    421:                goto end;
                    422:
                    423:        i = X509_NAME_wildcmp(a, b);
                    424:
                    425:     end:
                    426:        if (a)
                    427:                X509_NAME_free(a);
                    428:        if (b)
                    429:                X509_NAME_free(b);
                    430:        return i;
                    431: }
                    432:
                    433: /*
                    434:  * this functions is derived from apps/verify.c in OpenSSL0.9.5
                    435:  */
                    436: int
                    437: eay_check_x509cert(cert, CApath, CAfile, local)
                    438:        vchar_t *cert;
                    439:        char *CApath;
                    440:        char *CAfile;
                    441:        int local;
                    442: {
                    443:        X509_STORE *cert_ctx = NULL;
                    444:        X509_LOOKUP *lookup = NULL;
                    445:        X509 *x509 = NULL;
                    446:        X509_STORE_CTX *csc;
                    447:        int error = -1;
                    448:
                    449:        cert_ctx = X509_STORE_new();
                    450:        if (cert_ctx == NULL)
                    451:                goto end;
                    452:
                    453:        if (local)
                    454:                X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
                    455:        else
                    456:                X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
                    457:
                    458:        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
                    459:        if (lookup == NULL)
                    460:                goto end;
                    461:
                    462:        X509_LOOKUP_load_file(lookup, CAfile,
                    463:            (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
                    464:
                    465:        lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
                    466:        if (lookup == NULL)
                    467:                goto end;
                    468:        error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
                    469:        if(!error) {
                    470:                error = -1;
                    471:                goto end;
                    472:        }
                    473:        error = -1;     /* initialized */
                    474:
                    475:        /* read the certificate to be verified */
                    476:        x509 = mem2x509(cert);
                    477:        if (x509 == NULL)
                    478:                goto end;
                    479:
                    480:        csc = X509_STORE_CTX_new();
                    481:        if (csc == NULL)
                    482:                goto end;
                    483:        X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
                    484: #if OPENSSL_VERSION_NUMBER >= 0x00907000L
                    485:        X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
                    486:        X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
                    487: #endif
                    488:        error = X509_verify_cert(csc);
                    489:        X509_STORE_CTX_cleanup(csc);
                    490:
                    491:        /*
                    492:         * if x509_verify_cert() is successful then the value of error is
                    493:         * set non-zero.
                    494:         */
                    495:        error = error ? 0 : -1;
                    496:
                    497: end:
                    498:        if (error)
1.9       vanhu     499:                plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
1.1       manu      500:        if (cert_ctx != NULL)
                    501:                X509_STORE_free(cert_ctx);
                    502:        if (x509 != NULL)
                    503:                X509_free(x509);
                    504:
                    505:        return(error);
                    506: }
                    507:
                    508: /*
                    509:  * callback function for verifing certificate.
                    510:  * this function is derived from cb() in openssl/apps/s_server.c
                    511:  */
                    512: static int
                    513: cb_check_cert_local(ok, ctx)
                    514:        int ok;
                    515:        X509_STORE_CTX *ctx;
                    516: {
                    517:        char buf[256];
                    518:        int log_tag;
                    519:
                    520:        if (!ok) {
                    521:                X509_NAME_oneline(
                    522:                                X509_get_subject_name(ctx->current_cert),
                    523:                                buf,
                    524:                                256);
                    525:                /*
                    526:                 * since we are just checking the certificates, it is
                    527:                 * ok if they are self signed. But we should still warn
                    528:                 * the user.
                    529:                 */
                    530:                switch (ctx->error) {
                    531:                case X509_V_ERR_CERT_HAS_EXPIRED:
                    532:                case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
                    533:                case X509_V_ERR_INVALID_CA:
                    534:                case X509_V_ERR_PATH_LENGTH_EXCEEDED:
                    535:                case X509_V_ERR_INVALID_PURPOSE:
                    536:                case X509_V_ERR_UNABLE_TO_GET_CRL:
                    537:                        ok = 1;
                    538:                        log_tag = LLV_WARNING;
                    539:                        break;
                    540:                default:
                    541:                        log_tag = LLV_ERROR;
                    542:                }
                    543:                plog(log_tag, LOCATION, NULL,
                    544:                        "%s(%d) at depth:%d SubjectName:%s\n",
                    545:                        X509_verify_cert_error_string(ctx->error),
                    546:                        ctx->error,
                    547:                        ctx->error_depth,
                    548:                        buf);
                    549:        }
                    550:        ERR_clear_error();
                    551:
                    552:        return ok;
                    553: }
                    554:
                    555: /*
                    556:  * callback function for verifing remote certificates.
                    557:  * this function is derived from cb() in openssl/apps/s_server.c
                    558:  */
                    559: static int
                    560: cb_check_cert_remote(ok, ctx)
                    561:        int ok;
                    562:        X509_STORE_CTX *ctx;
                    563: {
                    564:        char buf[256];
                    565:        int log_tag;
                    566:
                    567:        if (!ok) {
                    568:                X509_NAME_oneline(
                    569:                                X509_get_subject_name(ctx->current_cert),
                    570:                                buf,
                    571:                                256);
                    572:                switch (ctx->error) {
                    573:                case X509_V_ERR_UNABLE_TO_GET_CRL:
                    574:                        ok = 1;
                    575:                        log_tag = LLV_WARNING;
                    576:                        break;
                    577:                default:
                    578:                        log_tag = LLV_ERROR;
                    579:                }
                    580:                plog(log_tag, LOCATION, NULL,
                    581:                        "%s(%d) at depth:%d SubjectName:%s\n",
                    582:                        X509_verify_cert_error_string(ctx->error),
                    583:                        ctx->error,
                    584:                        ctx->error_depth,
                    585:                        buf);
                    586:        }
                    587:        ERR_clear_error();
                    588:
                    589:        return ok;
                    590: }
                    591:
                    592: /*
                    593:  * get a subjectAltName from X509 certificate.
                    594:  */
                    595: vchar_t *
                    596: eay_get_x509asn1subjectname(cert)
                    597:        vchar_t *cert;
                    598: {
                    599:        X509 *x509 = NULL;
                    600:        u_char *bp;
                    601:        vchar_t *name = NULL;
                    602:        int len;
                    603:
1.4       manu      604:        bp = (unsigned char *) cert->v;
1.1       manu      605:
                    606:        x509 = mem2x509(cert);
                    607:        if (x509 == NULL)
1.8       manu      608:                goto error;
1.1       manu      609:
                    610:        /* get the length of the name */
                    611:        len = i2d_X509_NAME(x509->cert_info->subject, NULL);
                    612:        name = vmalloc(len);
                    613:        if (!name)
1.8       manu      614:                goto error;
1.1       manu      615:        /* get the name */
1.4       manu      616:        bp = (unsigned char *) name->v;
1.1       manu      617:        len = i2d_X509_NAME(x509->cert_info->subject, &bp);
                    618:
1.8       manu      619:        X509_free(x509);
                    620:
                    621:        return name;
                    622:
                    623: error:
                    624:        plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
                    625:
                    626:        if (name != NULL)
                    627:                vfree(name);
1.1       manu      628:
1.8       manu      629:        if (x509 != NULL)
1.1       manu      630:                X509_free(x509);
                    631:
1.8       manu      632:        return NULL;
1.1       manu      633: }
                    634:
                    635: /*
                    636:  * get the subjectAltName from X509 certificate.
                    637:  * the name must be terminated by '\0'.
                    638:  */
                    639: int
                    640: eay_get_x509subjectaltname(cert, altname, type, pos)
                    641:        vchar_t *cert;
                    642:        char **altname;
                    643:        int *type;
                    644:        int pos;
                    645: {
                    646:        X509 *x509 = NULL;
                    647:        GENERAL_NAMES *gens = NULL;
                    648:        GENERAL_NAME *gen;
                    649:        int len;
                    650:        int error = -1;
                    651:
                    652:        *altname = NULL;
                    653:        *type = GENT_OTHERNAME;
                    654:
                    655:        x509 = mem2x509(cert);
                    656:        if (x509 == NULL)
                    657:                goto end;
                    658:
                    659:        gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
                    660:        if (gens == NULL)
                    661:                goto end;
                    662:
                    663:        /* there is no data at "pos" */
                    664:        if (pos > sk_GENERAL_NAME_num(gens))
                    665:                goto end;
                    666:
                    667:        gen = sk_GENERAL_NAME_value(gens, pos - 1);
                    668:
                    669:        /* read DNSName / Email */
                    670:        if (gen->type == GEN_DNS        ||
                    671:                gen->type == GEN_EMAIL  ||
                    672:                gen->type == GEN_URI )
                    673:        {
                    674:                /* make sure if the data is terminated by '\0'. */
                    675:                if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
                    676:                {
                    677:                        plog(LLV_ERROR, LOCATION, NULL,
                    678:                                 "data is not terminated by NUL.");
1.14.6.1! wrstuden  679:                        racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
1.1       manu      680:                        goto end;
                    681:                }
                    682:
                    683:                len = gen->d.ia5->length + 1;
                    684:                *altname = racoon_malloc(len);
                    685:                if (!*altname)
                    686:                        goto end;
                    687:
1.4       manu      688:                strlcpy(*altname, (char *) gen->d.ia5->data, len);
1.1       manu      689:                *type = gen->type;
                    690:                error = 0;
                    691:        }
                    692:        /* read IP address */
                    693:        else if (gen->type == GEN_IPADD)
                    694:        {
                    695:                unsigned char p[5], *ip;
                    696:                ip = p;
                    697:
                    698:                /* only support IPv4 */
                    699:                if (gen->d.ip->length != 4)
                    700:                        goto end;
                    701:
                    702:                /* convert Octet String to String
                    703:                 * XXX ???????
                    704:                 */
                    705:                /*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
                    706:                ip = gen->d.ip->data;
                    707:
                    708:                /* XXX Magic, enough for an IPv4 address
                    709:                 */
                    710:                *altname = racoon_malloc(20);
                    711:                if (!*altname)
                    712:                        goto end;
                    713:
                    714:                sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
                    715:                *type = gen->type;
                    716:                error = 0;
                    717:        }
                    718:        /* XXX other possible types ?
                    719:         * For now, error will be -1 if unsupported type
                    720:         */
                    721:
                    722: end:
                    723:        if (error) {
                    724:                if (*altname) {
                    725:                        racoon_free(*altname);
                    726:                        *altname = NULL;
                    727:                }
                    728:                plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
                    729:        }
                    730:        if (x509)
                    731:                X509_free(x509);
                    732:        if (gens)
                    733:                /* free the whole stack. */
                    734:                sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
                    735:
                    736:        return error;
                    737: }
                    738:
                    739:
                    740: /*
                    741:  * decode a X509 certificate and make a readable text terminated '\n'.
                    742:  * return the buffer allocated, so must free it later.
                    743:  */
                    744: char *
                    745: eay_get_x509text(cert)
                    746:        vchar_t *cert;
                    747: {
                    748:        X509 *x509 = NULL;
                    749:        BIO *bio = NULL;
                    750:        char *text = NULL;
                    751:        u_char *bp = NULL;
                    752:        int len = 0;
                    753:        int error = -1;
                    754:
                    755:        x509 = mem2x509(cert);
                    756:        if (x509 == NULL)
                    757:                goto end;
                    758:
                    759:        bio = BIO_new(BIO_s_mem());
                    760:        if (bio == NULL)
                    761:                goto end;
                    762:
                    763:        error = X509_print(bio, x509);
                    764:        if (error != 1) {
                    765:                error = -1;
                    766:                goto end;
                    767:        }
                    768:
                    769:        len = BIO_get_mem_data(bio, &bp);
                    770:        text = racoon_malloc(len + 1);
                    771:        if (text == NULL)
                    772:                goto end;
                    773:        memcpy(text, bp, len);
                    774:        text[len] = '\0';
                    775:
                    776:        error = 0;
                    777:
                    778:     end:
                    779:        if (error) {
                    780:                if (text) {
                    781:                        racoon_free(text);
                    782:                        text = NULL;
                    783:                }
                    784:                plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
                    785:        }
                    786:        if (bio)
                    787:                BIO_free(bio);
                    788:        if (x509)
                    789:                X509_free(x509);
                    790:
                    791:        return text;
                    792: }
                    793:
                    794: /* get X509 structure from buffer. */
                    795: static X509 *
                    796: mem2x509(cert)
                    797:        vchar_t *cert;
                    798: {
                    799:        X509 *x509;
                    800:
                    801: #ifndef EAYDEBUG
                    802:     {
                    803:        u_char *bp;
                    804:
1.4       manu      805:        bp = (unsigned char *) cert->v;
1.1       manu      806:
1.4       manu      807:        x509 = d2i_X509(NULL, (void *)&bp, cert->l);
1.1       manu      808:     }
                    809: #else
                    810:     {
                    811:        BIO *bio;
                    812:        int len;
                    813:
                    814:        bio = BIO_new(BIO_s_mem());
                    815:        if (bio == NULL)
                    816:                return NULL;
                    817:        len = BIO_write(bio, cert->v, cert->l);
                    818:        if (len == -1)
                    819:                return NULL;
                    820:        x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
                    821:        BIO_free(bio);
                    822:     }
                    823: #endif
                    824:        return x509;
                    825: }
                    826:
                    827: /*
                    828:  * get a X509 certificate from local file.
                    829:  * a certificate must be PEM format.
                    830:  * Input:
                    831:  *     path to a certificate.
                    832:  * Output:
                    833:  *     NULL if error occured
                    834:  *     other is the cert.
                    835:  */
                    836: vchar_t *
                    837: eay_get_x509cert(path)
                    838:        char *path;
                    839: {
                    840:        FILE *fp;
                    841:        X509 *x509;
                    842:        vchar_t *cert;
                    843:        u_char *bp;
                    844:        int len;
                    845:        int error;
                    846:
                    847:        /* Read private key */
                    848:        fp = fopen(path, "r");
                    849:        if (fp == NULL)
                    850:                return NULL;
                    851:        x509 = PEM_read_X509(fp, NULL, NULL, NULL);
                    852:        fclose (fp);
                    853:
                    854:        if (x509 == NULL)
                    855:                return NULL;
                    856:
                    857:        len = i2d_X509(x509, NULL);
                    858:        cert = vmalloc(len);
                    859:        if (cert == NULL) {
                    860:                X509_free(x509);
                    861:                return NULL;
                    862:        }
1.4       manu      863:        bp = (unsigned char *) cert->v;
1.1       manu      864:        error = i2d_X509(x509, &bp);
                    865:        X509_free(x509);
                    866:
                    867:        if (error == 0) {
                    868:                vfree(cert);
                    869:                return NULL;
                    870:        }
                    871:
                    872:        return cert;
                    873: }
                    874:
                    875: /*
                    876:  * check a X509 signature
                    877:  *     XXX: to be get hash type from my cert ?
                    878:  *             to be handled EVP_dss().
                    879:  * OUT: return -1 when error.
                    880:  *     0
                    881:  */
                    882: int
                    883: eay_check_x509sign(source, sig, cert)
                    884:        vchar_t *source;
                    885:        vchar_t *sig;
                    886:        vchar_t *cert;
                    887: {
                    888:        X509 *x509;
                    889:        u_char *bp;
                    890:        EVP_PKEY *evp;
                    891:        int res;
                    892:
1.4       manu      893:        bp = (unsigned char *) cert->v;
1.1       manu      894:
1.4       manu      895:        x509 = d2i_X509(NULL, (void *)&bp, cert->l);
1.1       manu      896:        if (x509 == NULL) {
                    897:                plog(LLV_ERROR, LOCATION, NULL, "d2i_X509(): %s\n", eay_strerror());
                    898:                return -1;
                    899:        }
                    900:
                    901:        evp = X509_get_pubkey(x509);
                    902:        if (! evp) {
                    903:                plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
                    904:                return -1;
                    905:        }
                    906:
                    907:        res = eay_rsa_verify(source, sig, evp->pkey.rsa);
                    908:
                    909:        EVP_PKEY_free(evp);
                    910:
                    911:        return res;
                    912: }
                    913:
                    914: /*
                    915:  * check RSA signature
                    916:  * OUT: return -1 when error.
                    917:  *     0 on success
                    918:  */
                    919: int
                    920: eay_check_rsasign(source, sig, rsa)
                    921:        vchar_t *source;
                    922:        vchar_t *sig;
                    923:        RSA *rsa;
                    924: {
                    925:        return eay_rsa_verify(source, sig, rsa);
                    926: }
                    927:
                    928: /*
                    929:  * get PKCS#1 Private Key of PEM format from local file.
                    930:  */
                    931: vchar_t *
                    932: eay_get_pkcs1privkey(path)
                    933:        char *path;
                    934: {
                    935:        FILE *fp;
                    936:        EVP_PKEY *evp = NULL;
                    937:        vchar_t *pkey = NULL;
                    938:        u_char *bp;
                    939:        int pkeylen;
                    940:        int error = -1;
                    941:
                    942:        /* Read private key */
                    943:        fp = fopen(path, "r");
                    944:        if (fp == NULL)
                    945:                return NULL;
                    946:
                    947:        evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
                    948:
                    949:        fclose (fp);
                    950:
                    951:        if (evp == NULL)
                    952:                return NULL;
                    953:
                    954:        pkeylen = i2d_PrivateKey(evp, NULL);
                    955:        if (pkeylen == 0)
                    956:                goto end;
                    957:        pkey = vmalloc(pkeylen);
                    958:        if (pkey == NULL)
                    959:                goto end;
1.4       manu      960:        bp = (unsigned char *) pkey->v;
1.1       manu      961:        pkeylen = i2d_PrivateKey(evp, &bp);
                    962:        if (pkeylen == 0)
                    963:                goto end;
                    964:
                    965:        error = 0;
                    966:
                    967: end:
                    968:        if (evp != NULL)
                    969:                EVP_PKEY_free(evp);
                    970:        if (error != 0 && pkey != NULL) {
                    971:                vfree(pkey);
                    972:                pkey = NULL;
                    973:        }
                    974:
                    975:        return pkey;
                    976: }
                    977:
                    978: /*
                    979:  * get PKCS#1 Public Key of PEM format from local file.
                    980:  */
                    981: vchar_t *
                    982: eay_get_pkcs1pubkey(path)
                    983:        char *path;
                    984: {
                    985:        FILE *fp;
                    986:        EVP_PKEY *evp = NULL;
                    987:        vchar_t *pkey = NULL;
                    988:        X509 *x509 = NULL;
                    989:        u_char *bp;
                    990:        int pkeylen;
                    991:        int error = -1;
                    992:
                    993:        /* Read private key */
                    994:        fp = fopen(path, "r");
                    995:        if (fp == NULL)
                    996:                return NULL;
                    997:
                    998:        x509 = PEM_read_X509(fp, NULL, NULL, NULL);
                    999:
                   1000:        fclose (fp);
                   1001:
                   1002:        if (x509 == NULL)
                   1003:                return NULL;
                   1004:
                   1005:        /* Get public key - eay */
                   1006:        evp = X509_get_pubkey(x509);
                   1007:        if (evp == NULL)
                   1008:                return NULL;
                   1009:
                   1010:        pkeylen = i2d_PublicKey(evp, NULL);
                   1011:        if (pkeylen == 0)
                   1012:                goto end;
                   1013:        pkey = vmalloc(pkeylen);
                   1014:        if (pkey == NULL)
                   1015:                goto end;
1.4       manu     1016:        bp = (unsigned char *) pkey->v;
1.1       manu     1017:        pkeylen = i2d_PublicKey(evp, &bp);
                   1018:        if (pkeylen == 0)
                   1019:                goto end;
                   1020:
                   1021:        error = 0;
                   1022: end:
                   1023:        if (evp != NULL)
                   1024:                EVP_PKEY_free(evp);
                   1025:        if (error != 0 && pkey != NULL) {
                   1026:                vfree(pkey);
                   1027:                pkey = NULL;
                   1028:        }
                   1029:
                   1030:        return pkey;
                   1031: }
                   1032:
                   1033: vchar_t *
                   1034: eay_get_x509sign(src, privkey)
                   1035:        vchar_t *src, *privkey;
                   1036: {
                   1037:        EVP_PKEY *evp;
1.4       manu     1038:        u_char *bp = (unsigned char *) privkey->v;
1.1       manu     1039:        vchar_t *sig = NULL;
                   1040:        int len;
                   1041:        int pad = RSA_PKCS1_PADDING;
                   1042:
                   1043:        /* XXX to be handled EVP_PKEY_DSA */
1.4       manu     1044:        evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1.1       manu     1045:        if (evp == NULL)
                   1046:                return NULL;
                   1047:
                   1048:        sig = eay_rsa_sign(src, evp->pkey.rsa);
                   1049:
                   1050:        EVP_PKEY_free(evp);
                   1051:
                   1052:        return sig;
                   1053: }
                   1054:
                   1055: vchar_t *
                   1056: eay_get_rsasign(src, rsa)
                   1057:        vchar_t *src;
                   1058:        RSA *rsa;
                   1059: {
                   1060:        return eay_rsa_sign(src, rsa);
                   1061: }
                   1062:
                   1063: vchar_t *
                   1064: eay_rsa_sign(vchar_t *src, RSA *rsa)
                   1065: {
                   1066:        int len;
                   1067:        vchar_t *sig = NULL;
                   1068:        int pad = RSA_PKCS1_PADDING;
                   1069:
                   1070:        len = RSA_size(rsa);
                   1071:
                   1072:        sig = vmalloc(len);
                   1073:        if (sig == NULL)
                   1074:                return NULL;
                   1075:
1.4       manu     1076:        len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
                   1077:                        (unsigned char *) sig->v, rsa, pad);
1.1       manu     1078:
                   1079:        if (len == 0 || len != sig->l) {
                   1080:                vfree(sig);
                   1081:                sig = NULL;
                   1082:        }
                   1083:
                   1084:        return sig;
                   1085: }
                   1086:
                   1087: int
                   1088: eay_rsa_verify(src, sig, rsa)
                   1089:        vchar_t *src, *sig;
                   1090:        RSA *rsa;
                   1091: {
                   1092:        vchar_t *xbuf = NULL;
                   1093:        int pad = RSA_PKCS1_PADDING;
                   1094:        int len = 0;
                   1095:        int error;
                   1096:
                   1097:        len = RSA_size(rsa);
                   1098:        xbuf = vmalloc(len);
                   1099:        if (xbuf == NULL) {
                   1100:                plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
                   1101:                return -1;
                   1102:        }
                   1103:
1.4       manu     1104:        len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
                   1105:                        (unsigned char *) xbuf->v, rsa, pad);
1.1       manu     1106:        if (len == 0 || len != src->l) {
                   1107:                plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
                   1108:                vfree(xbuf);
                   1109:                return -1;
                   1110:        }
                   1111:
                   1112:        error = memcmp(src->v, xbuf->v, src->l);
                   1113:        vfree(xbuf);
                   1114:        if (error != 0)
                   1115:                return -1;
                   1116:
                   1117:        return 0;
                   1118: }
                   1119:
                   1120: /*
                   1121:  * get error string
                   1122:  * MUST load ERR_load_crypto_strings() first.
                   1123:  */
                   1124: char *
                   1125: eay_strerror()
                   1126: {
                   1127:        static char ebuf[512];
                   1128:        int len = 0, n;
                   1129:        unsigned long l;
                   1130:        char buf[200];
                   1131:        const char *file, *data;
                   1132:        int line, flags;
                   1133:        unsigned long es;
                   1134:
                   1135:        es = CRYPTO_thread_id();
                   1136:
                   1137:        while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
                   1138:                n = snprintf(ebuf + len, sizeof(ebuf) - len,
                   1139:                                "%lu:%s:%s:%d:%s ",
                   1140:                                es, ERR_error_string(l, buf), file, line,
                   1141:                                (flags & ERR_TXT_STRING) ? data : "");
                   1142:                if (n < 0 || n >= sizeof(ebuf) - len)
                   1143:                        break;
                   1144:                len += n;
                   1145:                if (sizeof(ebuf) < len)
                   1146:                        break;
                   1147:        }
                   1148:
                   1149:        return ebuf;
                   1150: }
                   1151:
                   1152: vchar_t *
                   1153: evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
                   1154: {
                   1155:        vchar_t *res;
                   1156:        EVP_CIPHER_CTX ctx;
                   1157:
                   1158:        if (!e)
                   1159:                return NULL;
                   1160:
                   1161:        if (data->l % EVP_CIPHER_block_size(e))
                   1162:                return NULL;
                   1163:
                   1164:        if ((res = vmalloc(data->l)) == NULL)
                   1165:                return NULL;
                   1166:
                   1167:        EVP_CIPHER_CTX_init(&ctx);
                   1168:
1.4       manu     1169:        switch(EVP_CIPHER_nid(e)){
                   1170:        case NID_bf_cbc:
                   1171:        case NID_bf_ecb:
                   1172:        case NID_bf_cfb64:
                   1173:        case NID_bf_ofb64:
                   1174:        case NID_cast5_cbc:
                   1175:        case NID_cast5_ecb:
                   1176:        case NID_cast5_cfb64:
                   1177:        case NID_cast5_ofb64:
                   1178:                /* XXX: can we do that also for algos with a fixed key size ?
                   1179:                 */
                   1180:                /* init context without key/iv
                   1181:          */
                   1182:         if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
                   1183:         {
                   1184:             OpenSSL_BUG();
                   1185:             vfree(res);
                   1186:             return NULL;
                   1187:         }
                   1188:
                   1189:         /* update key size
                   1190:          */
                   1191:         if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
                   1192:         {
                   1193:             OpenSSL_BUG();
                   1194:             vfree(res);
                   1195:             return NULL;
                   1196:         }
                   1197:
                   1198:         /* finalize context init with desired key size
                   1199:          */
                   1200:         if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
                   1201:                                                        (u_char *) iv->v, enc))
                   1202:         {
                   1203:             OpenSSL_BUG();
                   1204:             vfree(res);
                   1205:             return NULL;
                   1206:                }
                   1207:                break;
                   1208:        default:
                   1209:                if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
                   1210:                                                        (u_char *) iv->v, enc)) {
                   1211:                        OpenSSL_BUG();
                   1212:                        vfree(res);
                   1213:                        return NULL;
                   1214:                }
1.1       manu     1215:        }
1.4       manu     1216:
                   1217:        /* disable openssl padding */
                   1218:        EVP_CIPHER_CTX_set_padding(&ctx, 0);
1.1       manu     1219:
1.4       manu     1220:        if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1.1       manu     1221:                OpenSSL_BUG();
                   1222:                vfree(res);
                   1223:                return NULL;
                   1224:        }
                   1225:
                   1226:        EVP_CIPHER_CTX_cleanup(&ctx);
                   1227:
                   1228:        return res;
                   1229: }
                   1230:
                   1231: int
                   1232: evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
                   1233: {
                   1234:        return 0;
                   1235: }
                   1236:
                   1237: int
                   1238: evp_keylen(int len, const EVP_CIPHER *e)
                   1239: {
                   1240:        if (!e)
                   1241:                return -1;
1.2       manu     1242:        /* EVP functions return lengths in bytes, ipsec-tools
                   1243:         * uses lengths in bits, therefore conversion is required. --AK
                   1244:         */
                   1245:        if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1.1       manu     1246:                return -1;
                   1247:
1.2       manu     1248:        return EVP_CIPHER_key_length(e) << 3;
1.1       manu     1249: }
                   1250:
                   1251: /*
                   1252:  * DES-CBC
                   1253:  */
                   1254: vchar_t *
                   1255: eay_des_encrypt(data, key, iv)
                   1256:        vchar_t *data, *key, *iv;
                   1257: {
                   1258:        return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
                   1259: }
                   1260:
                   1261: vchar_t *
                   1262: eay_des_decrypt(data, key, iv)
                   1263:        vchar_t *data, *key, *iv;
                   1264: {
                   1265:        return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
                   1266: }
                   1267:
                   1268: int
                   1269: eay_des_weakkey(key)
                   1270:        vchar_t *key;
                   1271: {
                   1272: #ifdef USE_NEW_DES_API
                   1273:        return DES_is_weak_key((void *)key->v);
                   1274: #else
                   1275:        return des_is_weak_key((void *)key->v);
                   1276: #endif
                   1277: }
                   1278:
                   1279: int
                   1280: eay_des_keylen(len)
                   1281:        int len;
                   1282: {
                   1283:        return evp_keylen(len, EVP_des_cbc());
                   1284: }
                   1285:
1.2       manu     1286: #ifdef HAVE_OPENSSL_IDEA_H
                   1287: /*
                   1288:  * IDEA-CBC
                   1289:  */
                   1290: vchar_t *
                   1291: eay_idea_encrypt(data, key, iv)
                   1292:        vchar_t *data, *key, *iv;
                   1293: {
                   1294:        vchar_t *res;
                   1295:        IDEA_KEY_SCHEDULE ks;
                   1296:
1.14      vanhu    1297:        idea_set_encrypt_key((unsigned char *)key->v, &ks);
1.2       manu     1298:
                   1299:        /* allocate buffer for result */
                   1300:        if ((res = vmalloc(data->l)) == NULL)
                   1301:                return NULL;
                   1302:
                   1303:        /* decryption data */
1.14      vanhu    1304:        idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
                   1305:                        &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1.2       manu     1306:
                   1307:        return res;
                   1308: }
                   1309:
                   1310: vchar_t *
                   1311: eay_idea_decrypt(data, key, iv)
                   1312:        vchar_t *data, *key, *iv;
                   1313: {
                   1314:        vchar_t *res;
                   1315:        IDEA_KEY_SCHEDULE ks, dks;
                   1316:
1.14      vanhu    1317:        idea_set_encrypt_key((unsigned char *)key->v, &ks);
1.2       manu     1318:        idea_set_decrypt_key(&ks, &dks);
                   1319:
                   1320:        /* allocate buffer for result */
                   1321:        if ((res = vmalloc(data->l)) == NULL)
                   1322:                return NULL;
                   1323:
                   1324:        /* decryption data */
1.14      vanhu    1325:        idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
                   1326:                        &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1.2       manu     1327:
                   1328:        return res;
                   1329: }
                   1330:
                   1331: int
                   1332: eay_idea_weakkey(key)
                   1333:        vchar_t *key;
                   1334: {
                   1335:        return 0;       /* XXX */
                   1336: }
                   1337:
                   1338: int
                   1339: eay_idea_keylen(len)
                   1340:        int len;
                   1341: {
                   1342:        if (len != 0 && len != 128)
                   1343:                return -1;
                   1344:        return 128;
                   1345: }
                   1346: #endif
                   1347:
1.1       manu     1348: /*
                   1349:  * BLOWFISH-CBC
                   1350:  */
                   1351: vchar_t *
                   1352: eay_bf_encrypt(data, key, iv)
                   1353:        vchar_t *data, *key, *iv;
                   1354: {
                   1355:        return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
                   1356: }
                   1357:
                   1358: vchar_t *
                   1359: eay_bf_decrypt(data, key, iv)
                   1360:        vchar_t *data, *key, *iv;
                   1361: {
                   1362:        return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
                   1363: }
                   1364:
                   1365: int
                   1366: eay_bf_weakkey(key)
                   1367:        vchar_t *key;
                   1368: {
                   1369:        return 0;       /* XXX to be done. refer to RFC 2451 */
                   1370: }
                   1371:
                   1372: int
                   1373: eay_bf_keylen(len)
                   1374:        int len;
                   1375: {
                   1376:        if (len == 0)
                   1377:                return 448;
                   1378:        if (len < 40 || len > 448)
                   1379:                return -1;
                   1380:        return len;
                   1381: }
                   1382:
1.2       manu     1383: #ifdef HAVE_OPENSSL_RC5_H
                   1384: /*
                   1385:  * RC5-CBC
                   1386:  */
                   1387: vchar_t *
                   1388: eay_rc5_encrypt(data, key, iv)
                   1389:        vchar_t *data, *key, *iv;
                   1390: {
                   1391:        vchar_t *res;
                   1392:        RC5_32_KEY ks;
                   1393:
                   1394:        /* in RFC 2451, there is information about the number of round. */
1.14      vanhu    1395:        RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1.2       manu     1396:
                   1397:        /* allocate buffer for result */
                   1398:        if ((res = vmalloc(data->l)) == NULL)
                   1399:                return NULL;
                   1400:
                   1401:        /* decryption data */
1.14      vanhu    1402:        RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
                   1403:                &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1.2       manu     1404:
                   1405:        return res;
                   1406: }
                   1407:
                   1408: vchar_t *
                   1409: eay_rc5_decrypt(data, key, iv)
                   1410:        vchar_t *data, *key, *iv;
                   1411: {
                   1412:        vchar_t *res;
                   1413:        RC5_32_KEY ks;
                   1414:
                   1415:        /* in RFC 2451, there is information about the number of round. */
1.14      vanhu    1416:        RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1.2       manu     1417:
                   1418:        /* allocate buffer for result */
                   1419:        if ((res = vmalloc(data->l)) == NULL)
                   1420:                return NULL;
                   1421:
                   1422:        /* decryption data */
1.14      vanhu    1423:        RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
                   1424:                &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1.2       manu     1425:
                   1426:        return res;
                   1427: }
                   1428:
                   1429: int
                   1430: eay_rc5_weakkey(key)
                   1431:        vchar_t *key;
                   1432: {
                   1433:        return 0;       /* No known weak keys when used with 16 rounds. */
                   1434:
                   1435: }
                   1436:
                   1437: int
                   1438: eay_rc5_keylen(len)
                   1439:        int len;
                   1440: {
                   1441:        if (len == 0)
                   1442:                return 128;
                   1443:        if (len < 40 || len > 2040)
                   1444:                return -1;
                   1445:        return len;
                   1446: }
                   1447: #endif
                   1448:
1.1       manu     1449: /*
                   1450:  * 3DES-CBC
                   1451:  */
                   1452: vchar_t *
                   1453: eay_3des_encrypt(data, key, iv)
                   1454:        vchar_t *data, *key, *iv;
                   1455: {
                   1456:        return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
                   1457: }
                   1458:
                   1459: vchar_t *
                   1460: eay_3des_decrypt(data, key, iv)
                   1461:        vchar_t *data, *key, *iv;
                   1462: {
                   1463:        return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
                   1464: }
                   1465:
                   1466: int
                   1467: eay_3des_weakkey(key)
                   1468:        vchar_t *key;
                   1469: {
                   1470: #ifdef USE_NEW_DES_API
                   1471:        return (DES_is_weak_key((void *)key->v) ||
                   1472:            DES_is_weak_key((void *)(key->v + 8)) ||
                   1473:            DES_is_weak_key((void *)(key->v + 16)));
                   1474: #else
                   1475:        if (key->l < 24)
                   1476:                return 0;
                   1477:
                   1478:        return (des_is_weak_key((void *)key->v) ||
                   1479:            des_is_weak_key((void *)(key->v + 8)) ||
                   1480:            des_is_weak_key((void *)(key->v + 16)));
                   1481: #endif
                   1482: }
                   1483:
                   1484: int
                   1485: eay_3des_keylen(len)
                   1486:        int len;
                   1487: {
                   1488:        if (len != 0 && len != 192)
                   1489:                return -1;
                   1490:        return 192;
                   1491: }
                   1492:
                   1493: /*
                   1494:  * CAST-CBC
                   1495:  */
                   1496: vchar_t *
                   1497: eay_cast_encrypt(data, key, iv)
                   1498:        vchar_t *data, *key, *iv;
                   1499: {
                   1500:        return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
                   1501: }
                   1502:
                   1503: vchar_t *
                   1504: eay_cast_decrypt(data, key, iv)
                   1505:        vchar_t *data, *key, *iv;
                   1506: {
                   1507:        return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
                   1508: }
                   1509:
                   1510: int
                   1511: eay_cast_weakkey(key)
                   1512:        vchar_t *key;
                   1513: {
                   1514:        return 0;       /* No known weak keys. */
                   1515: }
                   1516:
                   1517: int
                   1518: eay_cast_keylen(len)
                   1519:        int len;
                   1520: {
                   1521:        if (len == 0)
                   1522:                return 128;
                   1523:        if (len < 40 || len > 128)
                   1524:                return -1;
                   1525:        return len;
                   1526: }
                   1527:
                   1528: /*
                   1529:  * AES(RIJNDAEL)-CBC
                   1530:  */
                   1531: #ifndef HAVE_OPENSSL_AES_H
                   1532: vchar_t *
                   1533: eay_aes_encrypt(data, key, iv)
                   1534:        vchar_t *data, *key, *iv;
                   1535: {
                   1536:        vchar_t *res;
                   1537:        keyInstance k;
                   1538:        cipherInstance c;
                   1539:
                   1540:        memset(&k, 0, sizeof(k));
                   1541:        if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
                   1542:                return NULL;
                   1543:
                   1544:        /* allocate buffer for result */
                   1545:        if ((res = vmalloc(data->l)) == NULL)
                   1546:                return NULL;
                   1547:
                   1548:        /* encryption data */
                   1549:        memset(&c, 0, sizeof(c));
                   1550:        if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
                   1551:                vfree(res);
                   1552:                return NULL;
                   1553:        }
                   1554:        if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
                   1555:                vfree(res);
                   1556:                return NULL;
                   1557:        }
                   1558:
                   1559:        return res;
                   1560: }
                   1561:
                   1562: vchar_t *
                   1563: eay_aes_decrypt(data, key, iv)
                   1564:        vchar_t *data, *key, *iv;
                   1565: {
                   1566:        vchar_t *res;
                   1567:        keyInstance k;
                   1568:        cipherInstance c;
                   1569:
                   1570:        memset(&k, 0, sizeof(k));
                   1571:        if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
                   1572:                return NULL;
                   1573:
                   1574:        /* allocate buffer for result */
                   1575:        if ((res = vmalloc(data->l)) == NULL)
                   1576:                return NULL;
                   1577:
                   1578:        /* decryption data */
                   1579:        memset(&c, 0, sizeof(c));
                   1580:        if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
                   1581:                vfree(res);
                   1582:                return NULL;
                   1583:        }
                   1584:        if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
                   1585:                vfree(res);
                   1586:                return NULL;
                   1587:        }
                   1588:
                   1589:        return res;
                   1590: }
                   1591: #else
                   1592: static inline const EVP_CIPHER *
                   1593: aes_evp_by_keylen(int keylen)
                   1594: {
                   1595:        switch(keylen) {
                   1596:                case 16:
                   1597:                case 128:
                   1598:                        return EVP_aes_128_cbc();
                   1599:                case 24:
                   1600:                case 192:
                   1601:                        return EVP_aes_192_cbc();
                   1602:                case 32:
                   1603:                case 256:
                   1604:                        return EVP_aes_256_cbc();
                   1605:                default:
                   1606:                        return NULL;
                   1607:        }
                   1608: }
                   1609:
                   1610: vchar_t *
                   1611: eay_aes_encrypt(data, key, iv)
                   1612:        vchar_t *data, *key, *iv;
                   1613: {
                   1614:        return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
                   1615: }
                   1616:
                   1617: vchar_t *
                   1618: eay_aes_decrypt(data, key, iv)
                   1619:        vchar_t *data, *key, *iv;
                   1620: {
                   1621:        return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
                   1622: }
                   1623: #endif
                   1624:
                   1625: int
                   1626: eay_aes_weakkey(key)
                   1627:        vchar_t *key;
                   1628: {
                   1629:        return 0;
                   1630: }
                   1631:
                   1632: int
                   1633: eay_aes_keylen(len)
                   1634:        int len;
                   1635: {
                   1636:        if (len == 0)
                   1637:                return 128;
                   1638:        if (len != 128 && len != 192 && len != 256)
                   1639:                return -1;
                   1640:        return len;
                   1641: }
                   1642:
1.10      manu     1643: #if defined(HAVE_OPENSSL_CAMELLIA_H)
                   1644: /*
                   1645:  * CAMELLIA-CBC
                   1646:  */
                   1647: static inline const EVP_CIPHER *
                   1648: camellia_evp_by_keylen(int keylen)
                   1649: {
                   1650:        switch(keylen) {
                   1651:                case 16:
                   1652:                case 128:
                   1653:                        return EVP_camellia_128_cbc();
                   1654:                case 24:
                   1655:                case 192:
                   1656:                        return EVP_camellia_192_cbc();
                   1657:                case 32:
                   1658:                case 256:
                   1659:                        return EVP_camellia_256_cbc();
                   1660:                default:
                   1661:                        return NULL;
                   1662:        }
                   1663: }
                   1664:
                   1665: vchar_t *
                   1666: eay_camellia_encrypt(data, key, iv)
                   1667:        vchar_t *data, *key, *iv;
                   1668: {
                   1669:        return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
                   1670: }
                   1671:
                   1672: vchar_t *
                   1673: eay_camellia_decrypt(data, key, iv)
                   1674:        vchar_t *data, *key, *iv;
                   1675: {
                   1676:        return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
                   1677: }
                   1678:
                   1679: int
                   1680: eay_camellia_weakkey(key)
                   1681:        vchar_t *key;
                   1682: {
                   1683:        return 0;
                   1684: }
                   1685:
                   1686: int
                   1687: eay_camellia_keylen(len)
                   1688:        int len;
                   1689: {
                   1690:        if (len == 0)
                   1691:                return 128;
                   1692:        if (len != 128 && len != 192 && len != 256)
                   1693:                return -1;
                   1694:        return len;
                   1695: }
                   1696:
                   1697: #endif
                   1698:
1.1       manu     1699: /* for ipsec part */
                   1700: int
                   1701: eay_null_hashlen()
                   1702: {
                   1703:        return 0;
                   1704: }
                   1705:
                   1706: int
                   1707: eay_kpdk_hashlen()
                   1708: {
                   1709:        return 0;
                   1710: }
                   1711:
                   1712: int
                   1713: eay_twofish_keylen(len)
                   1714:        int len;
                   1715: {
                   1716:        if (len < 0 || len > 256)
                   1717:                return -1;
                   1718:        return len;
                   1719: }
                   1720:
                   1721: int
                   1722: eay_null_keylen(len)
                   1723:        int len;
                   1724: {
                   1725:        return 0;
                   1726: }
                   1727:
                   1728: /*
                   1729:  * HMAC functions
                   1730:  */
                   1731: static caddr_t
                   1732: eay_hmac_init(key, md)
                   1733:        vchar_t *key;
                   1734:        const EVP_MD *md;
                   1735: {
                   1736:        HMAC_CTX *c = racoon_malloc(sizeof(*c));
                   1737:
                   1738:        HMAC_Init(c, key->v, key->l, md);
                   1739:
                   1740:        return (caddr_t)c;
                   1741: }
                   1742:
                   1743: #ifdef WITH_SHA2
                   1744: /*
                   1745:  * HMAC SHA2-512
                   1746:  */
                   1747: vchar_t *
                   1748: eay_hmacsha2_512_one(key, data)
                   1749:        vchar_t *key, *data;
                   1750: {
                   1751:        vchar_t *res;
                   1752:        caddr_t ctx;
                   1753:
                   1754:        ctx = eay_hmacsha2_512_init(key);
                   1755:        eay_hmacsha2_512_update(ctx, data);
                   1756:        res = eay_hmacsha2_512_final(ctx);
                   1757:
                   1758:        return(res);
                   1759: }
                   1760:
                   1761: caddr_t
                   1762: eay_hmacsha2_512_init(key)
                   1763:        vchar_t *key;
                   1764: {
                   1765:        return eay_hmac_init(key, EVP_sha2_512());
                   1766: }
                   1767:
                   1768: void
                   1769: eay_hmacsha2_512_update(c, data)
                   1770:        caddr_t c;
                   1771:        vchar_t *data;
                   1772: {
1.4       manu     1773:        HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     1774: }
                   1775:
                   1776: vchar_t *
                   1777: eay_hmacsha2_512_final(c)
                   1778:        caddr_t c;
                   1779: {
                   1780:        vchar_t *res;
                   1781:        unsigned int l;
                   1782:
                   1783:        if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
                   1784:                return NULL;
                   1785:
1.4       manu     1786:        HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1.1       manu     1787:        res->l = l;
                   1788:        HMAC_cleanup((HMAC_CTX *)c);
                   1789:        (void)racoon_free(c);
                   1790:
                   1791:        if (SHA512_DIGEST_LENGTH != res->l) {
                   1792:                plog(LLV_ERROR, LOCATION, NULL,
                   1793:                        "hmac sha2_512 length mismatch %zd.\n", res->l);
                   1794:                vfree(res);
                   1795:                return NULL;
                   1796:        }
                   1797:
                   1798:        return(res);
                   1799: }
                   1800:
                   1801: /*
                   1802:  * HMAC SHA2-384
                   1803:  */
                   1804: vchar_t *
                   1805: eay_hmacsha2_384_one(key, data)
                   1806:        vchar_t *key, *data;
                   1807: {
                   1808:        vchar_t *res;
                   1809:        caddr_t ctx;
                   1810:
                   1811:        ctx = eay_hmacsha2_384_init(key);
                   1812:        eay_hmacsha2_384_update(ctx, data);
                   1813:        res = eay_hmacsha2_384_final(ctx);
                   1814:
                   1815:        return(res);
                   1816: }
                   1817:
                   1818: caddr_t
                   1819: eay_hmacsha2_384_init(key)
                   1820:        vchar_t *key;
                   1821: {
                   1822:        return eay_hmac_init(key, EVP_sha2_384());
                   1823: }
                   1824:
                   1825: void
                   1826: eay_hmacsha2_384_update(c, data)
                   1827:        caddr_t c;
                   1828:        vchar_t *data;
                   1829: {
1.4       manu     1830:        HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     1831: }
                   1832:
                   1833: vchar_t *
                   1834: eay_hmacsha2_384_final(c)
                   1835:        caddr_t c;
                   1836: {
                   1837:        vchar_t *res;
                   1838:        unsigned int l;
                   1839:
                   1840:        if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
                   1841:                return NULL;
                   1842:
1.4       manu     1843:        HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1.1       manu     1844:        res->l = l;
                   1845:        HMAC_cleanup((HMAC_CTX *)c);
                   1846:        (void)racoon_free(c);
                   1847:
                   1848:        if (SHA384_DIGEST_LENGTH != res->l) {
                   1849:                plog(LLV_ERROR, LOCATION, NULL,
                   1850:                        "hmac sha2_384 length mismatch %zd.\n", res->l);
                   1851:                vfree(res);
                   1852:                return NULL;
                   1853:        }
                   1854:
                   1855:        return(res);
                   1856: }
                   1857:
                   1858: /*
                   1859:  * HMAC SHA2-256
                   1860:  */
                   1861: vchar_t *
                   1862: eay_hmacsha2_256_one(key, data)
                   1863:        vchar_t *key, *data;
                   1864: {
                   1865:        vchar_t *res;
                   1866:        caddr_t ctx;
                   1867:
                   1868:        ctx = eay_hmacsha2_256_init(key);
                   1869:        eay_hmacsha2_256_update(ctx, data);
                   1870:        res = eay_hmacsha2_256_final(ctx);
                   1871:
                   1872:        return(res);
                   1873: }
                   1874:
                   1875: caddr_t
                   1876: eay_hmacsha2_256_init(key)
                   1877:        vchar_t *key;
                   1878: {
                   1879:        return eay_hmac_init(key, EVP_sha2_256());
                   1880: }
                   1881:
                   1882: void
                   1883: eay_hmacsha2_256_update(c, data)
                   1884:        caddr_t c;
                   1885:        vchar_t *data;
                   1886: {
1.4       manu     1887:        HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     1888: }
                   1889:
                   1890: vchar_t *
                   1891: eay_hmacsha2_256_final(c)
                   1892:        caddr_t c;
                   1893: {
                   1894:        vchar_t *res;
                   1895:        unsigned int l;
                   1896:
                   1897:        if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
                   1898:                return NULL;
                   1899:
1.4       manu     1900:        HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1.1       manu     1901:        res->l = l;
                   1902:        HMAC_cleanup((HMAC_CTX *)c);
                   1903:        (void)racoon_free(c);
                   1904:
                   1905:        if (SHA256_DIGEST_LENGTH != res->l) {
                   1906:                plog(LLV_ERROR, LOCATION, NULL,
                   1907:                        "hmac sha2_256 length mismatch %zd.\n", res->l);
                   1908:                vfree(res);
                   1909:                return NULL;
                   1910:        }
                   1911:
                   1912:        return(res);
                   1913: }
                   1914: #endif /* WITH_SHA2 */
                   1915:
                   1916: /*
                   1917:  * HMAC SHA1
                   1918:  */
                   1919: vchar_t *
                   1920: eay_hmacsha1_one(key, data)
                   1921:        vchar_t *key, *data;
                   1922: {
                   1923:        vchar_t *res;
                   1924:        caddr_t ctx;
                   1925:
                   1926:        ctx = eay_hmacsha1_init(key);
                   1927:        eay_hmacsha1_update(ctx, data);
                   1928:        res = eay_hmacsha1_final(ctx);
                   1929:
                   1930:        return(res);
                   1931: }
                   1932:
                   1933: caddr_t
                   1934: eay_hmacsha1_init(key)
                   1935:        vchar_t *key;
                   1936: {
                   1937:        return eay_hmac_init(key, EVP_sha1());
                   1938: }
                   1939:
                   1940: void
                   1941: eay_hmacsha1_update(c, data)
                   1942:        caddr_t c;
                   1943:        vchar_t *data;
                   1944: {
1.4       manu     1945:        HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     1946: }
                   1947:
                   1948: vchar_t *
                   1949: eay_hmacsha1_final(c)
                   1950:        caddr_t c;
                   1951: {
                   1952:        vchar_t *res;
                   1953:        unsigned int l;
                   1954:
                   1955:        if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
                   1956:                return NULL;
                   1957:
1.4       manu     1958:        HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1.1       manu     1959:        res->l = l;
                   1960:        HMAC_cleanup((HMAC_CTX *)c);
                   1961:        (void)racoon_free(c);
                   1962:
                   1963:        if (SHA_DIGEST_LENGTH != res->l) {
                   1964:                plog(LLV_ERROR, LOCATION, NULL,
                   1965:                        "hmac sha1 length mismatch %zd.\n", res->l);
                   1966:                vfree(res);
                   1967:                return NULL;
                   1968:        }
                   1969:
                   1970:        return(res);
                   1971: }
                   1972:
                   1973: /*
                   1974:  * HMAC MD5
                   1975:  */
                   1976: vchar_t *
                   1977: eay_hmacmd5_one(key, data)
                   1978:        vchar_t *key, *data;
                   1979: {
                   1980:        vchar_t *res;
                   1981:        caddr_t ctx;
                   1982:
                   1983:        ctx = eay_hmacmd5_init(key);
                   1984:        eay_hmacmd5_update(ctx, data);
                   1985:        res = eay_hmacmd5_final(ctx);
                   1986:
                   1987:        return(res);
                   1988: }
                   1989:
                   1990: caddr_t
                   1991: eay_hmacmd5_init(key)
                   1992:        vchar_t *key;
                   1993: {
                   1994:        return eay_hmac_init(key, EVP_md5());
                   1995: }
                   1996:
                   1997: void
                   1998: eay_hmacmd5_update(c, data)
                   1999:        caddr_t c;
                   2000:        vchar_t *data;
                   2001: {
1.4       manu     2002:        HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     2003: }
                   2004:
                   2005: vchar_t *
                   2006: eay_hmacmd5_final(c)
                   2007:        caddr_t c;
                   2008: {
                   2009:        vchar_t *res;
                   2010:        unsigned int l;
                   2011:
                   2012:        if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
                   2013:                return NULL;
                   2014:
1.4       manu     2015:        HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1.1       manu     2016:        res->l = l;
                   2017:        HMAC_cleanup((HMAC_CTX *)c);
                   2018:        (void)racoon_free(c);
                   2019:
                   2020:        if (MD5_DIGEST_LENGTH != res->l) {
                   2021:                plog(LLV_ERROR, LOCATION, NULL,
                   2022:                        "hmac md5 length mismatch %zd.\n", res->l);
                   2023:                vfree(res);
                   2024:                return NULL;
                   2025:        }
                   2026:
                   2027:        return(res);
                   2028: }
                   2029:
                   2030: #ifdef WITH_SHA2
                   2031: /*
                   2032:  * SHA2-512 functions
                   2033:  */
                   2034: caddr_t
                   2035: eay_sha2_512_init()
                   2036: {
                   2037:        SHA512_CTX *c = racoon_malloc(sizeof(*c));
                   2038:
                   2039:        SHA512_Init(c);
                   2040:
                   2041:        return((caddr_t)c);
                   2042: }
                   2043:
                   2044: void
                   2045: eay_sha2_512_update(c, data)
                   2046:        caddr_t c;
                   2047:        vchar_t *data;
                   2048: {
1.4       manu     2049:        SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     2050:
                   2051:        return;
                   2052: }
                   2053:
                   2054: vchar_t *
                   2055: eay_sha2_512_final(c)
                   2056:        caddr_t c;
                   2057: {
                   2058:        vchar_t *res;
                   2059:
                   2060:        if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
                   2061:                return(0);
                   2062:
1.4       manu     2063:        SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
1.1       manu     2064:        (void)racoon_free(c);
                   2065:
                   2066:        return(res);
                   2067: }
                   2068:
                   2069: vchar_t *
                   2070: eay_sha2_512_one(data)
                   2071:        vchar_t *data;
                   2072: {
                   2073:        caddr_t ctx;
                   2074:        vchar_t *res;
                   2075:
                   2076:        ctx = eay_sha2_512_init();
                   2077:        eay_sha2_512_update(ctx, data);
                   2078:        res = eay_sha2_512_final(ctx);
                   2079:
                   2080:        return(res);
                   2081: }
                   2082:
                   2083: int
                   2084: eay_sha2_512_hashlen()
                   2085: {
                   2086:        return SHA512_DIGEST_LENGTH << 3;
                   2087: }
                   2088: #endif
                   2089:
                   2090: #ifdef WITH_SHA2
                   2091: /*
                   2092:  * SHA2-384 functions
                   2093:  */
                   2094: caddr_t
                   2095: eay_sha2_384_init()
                   2096: {
                   2097:        SHA384_CTX *c = racoon_malloc(sizeof(*c));
                   2098:
                   2099:        SHA384_Init(c);
                   2100:
                   2101:        return((caddr_t)c);
                   2102: }
                   2103:
                   2104: void
                   2105: eay_sha2_384_update(c, data)
                   2106:        caddr_t c;
                   2107:        vchar_t *data;
                   2108: {
1.4       manu     2109:        SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     2110:
                   2111:        return;
                   2112: }
                   2113:
                   2114: vchar_t *
                   2115: eay_sha2_384_final(c)
                   2116:        caddr_t c;
                   2117: {
                   2118:        vchar_t *res;
                   2119:
                   2120:        if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
                   2121:                return(0);
                   2122:
1.4       manu     2123:        SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
1.1       manu     2124:        (void)racoon_free(c);
                   2125:
                   2126:        return(res);
                   2127: }
                   2128:
                   2129: vchar_t *
                   2130: eay_sha2_384_one(data)
                   2131:        vchar_t *data;
                   2132: {
                   2133:        caddr_t ctx;
                   2134:        vchar_t *res;
                   2135:
                   2136:        ctx = eay_sha2_384_init();
                   2137:        eay_sha2_384_update(ctx, data);
                   2138:        res = eay_sha2_384_final(ctx);
                   2139:
                   2140:        return(res);
                   2141: }
                   2142:
                   2143: int
                   2144: eay_sha2_384_hashlen()
                   2145: {
                   2146:        return SHA384_DIGEST_LENGTH << 3;
                   2147: }
                   2148: #endif
                   2149:
                   2150: #ifdef WITH_SHA2
                   2151: /*
                   2152:  * SHA2-256 functions
                   2153:  */
                   2154: caddr_t
                   2155: eay_sha2_256_init()
                   2156: {
                   2157:        SHA256_CTX *c = racoon_malloc(sizeof(*c));
                   2158:
                   2159:        SHA256_Init(c);
                   2160:
                   2161:        return((caddr_t)c);
                   2162: }
                   2163:
                   2164: void
                   2165: eay_sha2_256_update(c, data)
                   2166:        caddr_t c;
                   2167:        vchar_t *data;
                   2168: {
1.4       manu     2169:        SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
1.1       manu     2170:
                   2171:        return;
                   2172: }
                   2173:
                   2174: vchar_t *
                   2175: eay_sha2_256_final(c)
                   2176:        caddr_t c;
                   2177: {
                   2178:        vchar_t *res;
                   2179:
                   2180:        if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
                   2181:                return(0);
                   2182:
1.4       manu     2183:        SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
1.1       manu     2184:        (void)racoon_free(c);
                   2185:
                   2186:        return(res);
                   2187: }
                   2188:
                   2189: vchar_t *
                   2190: eay_sha2_256_one(data)
                   2191:        vchar_t *data;
                   2192: {
                   2193:        caddr_t ctx;
                   2194:        vchar_t *res;
                   2195:
                   2196:        ctx = eay_sha2_256_init();
                   2197:        eay_sha2_256_update(ctx, data);
                   2198:        res = eay_sha2_256_final(ctx);
                   2199:
                   2200:        return(res);
                   2201: }
                   2202:
                   2203: int
                   2204: eay_sha2_256_hashlen()
                   2205: {
                   2206:        return SHA256_DIGEST_LENGTH << 3;
                   2207: }
                   2208: #endif
                   2209:
                   2210: /*
                   2211:  * SHA functions
                   2212:  */
                   2213: caddr_t
                   2214: eay_sha1_init()
                   2215: {
                   2216:        SHA_CTX *c = racoon_malloc(sizeof(*c));
                   2217:
                   2218:        SHA1_Init(c);
                   2219:
                   2220:        return((caddr_t)c);
                   2221: }
                   2222:
                   2223: void
                   2224: eay_sha1_update(c, data)
                   2225:        caddr_t c;
                   2226:        vchar_t *data;
                   2227: {
                   2228:        SHA1_Update((SHA_CTX *)c, data->v, data->l);
                   2229:
                   2230:        return;
                   2231: }
                   2232:
                   2233: vchar_t *
                   2234: eay_sha1_final(c)
                   2235:        caddr_t c;
                   2236: {
                   2237:        vchar_t *res;
                   2238:
                   2239:        if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
                   2240:                return(0);
                   2241:
1.4       manu     2242:        SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
1.1       manu     2243:        (void)racoon_free(c);
                   2244:
                   2245:        return(res);
                   2246: }
                   2247:
                   2248: vchar_t *
                   2249: eay_sha1_one(data)
                   2250:        vchar_t *data;
                   2251: {
                   2252:        caddr_t ctx;
                   2253:        vchar_t *res;
                   2254:
                   2255:        ctx = eay_sha1_init();
                   2256:        eay_sha1_update(ctx, data);
                   2257:        res = eay_sha1_final(ctx);
                   2258:
                   2259:        return(res);
                   2260: }
                   2261:
                   2262: int
                   2263: eay_sha1_hashlen()
                   2264: {
                   2265:        return SHA_DIGEST_LENGTH << 3;
                   2266: }
                   2267:
                   2268: /*
                   2269:  * MD5 functions
                   2270:  */
                   2271: caddr_t
                   2272: eay_md5_init()
                   2273: {
                   2274:        MD5_CTX *c = racoon_malloc(sizeof(*c));
                   2275:
                   2276:        MD5_Init(c);
                   2277:
                   2278:        return((caddr_t)c);
                   2279: }
                   2280:
                   2281: void
                   2282: eay_md5_update(c, data)
                   2283:        caddr_t c;
                   2284:        vchar_t *data;
                   2285: {
                   2286:        MD5_Update((MD5_CTX *)c, data->v, data->l);
                   2287:
                   2288:        return;
                   2289: }
                   2290:
                   2291: vchar_t *
                   2292: eay_md5_final(c)
                   2293:        caddr_t c;
                   2294: {
                   2295:        vchar_t *res;
                   2296:
                   2297:        if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
                   2298:                return(0);
                   2299:
1.4       manu     2300:        MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
1.1       manu     2301:        (void)racoon_free(c);
                   2302:
                   2303:        return(res);
                   2304: }
                   2305:
                   2306: vchar_t *
                   2307: eay_md5_one(data)
                   2308:        vchar_t *data;
                   2309: {
                   2310:        caddr_t ctx;
                   2311:        vchar_t *res;
                   2312:
                   2313:        ctx = eay_md5_init();
                   2314:        eay_md5_update(ctx, data);
                   2315:        res = eay_md5_final(ctx);
                   2316:
                   2317:        return(res);
                   2318: }
                   2319:
                   2320: int
                   2321: eay_md5_hashlen()
                   2322: {
                   2323:        return MD5_DIGEST_LENGTH << 3;
                   2324: }
                   2325:
                   2326: /*
                   2327:  * eay_set_random
                   2328:  *   size: number of bytes.
                   2329:  */
                   2330: vchar_t *
                   2331: eay_set_random(size)
                   2332:        u_int32_t size;
                   2333: {
                   2334:        BIGNUM *r = NULL;
                   2335:        vchar_t *res = 0;
                   2336:
                   2337:        if ((r = BN_new()) == NULL)
                   2338:                goto end;
                   2339:        BN_rand(r, size * 8, 0, 0);
                   2340:        eay_bn2v(&res, r);
                   2341:
                   2342: end:
                   2343:        if (r)
                   2344:                BN_free(r);
                   2345:        return(res);
                   2346: }
                   2347:
                   2348: /* DH */
                   2349: int
                   2350: eay_dh_generate(prime, g, publen, pub, priv)
                   2351:        vchar_t *prime, **pub, **priv;
                   2352:        u_int publen;
                   2353:        u_int32_t g;
                   2354: {
                   2355:        BIGNUM *p = NULL;
                   2356:        DH *dh = NULL;
                   2357:        int error = -1;
                   2358:
                   2359:        /* initialize */
                   2360:        /* pre-process to generate number */
                   2361:        if (eay_v2bn(&p, prime) < 0)
                   2362:                goto end;
                   2363:
                   2364:        if ((dh = DH_new()) == NULL)
                   2365:                goto end;
                   2366:        dh->p = p;
                   2367:        p = NULL;       /* p is now part of dh structure */
                   2368:        dh->g = NULL;
                   2369:        if ((dh->g = BN_new()) == NULL)
                   2370:                goto end;
                   2371:        if (!BN_set_word(dh->g, g))
                   2372:                goto end;
                   2373:
                   2374:        if (publen != 0)
                   2375:                dh->length = publen;
                   2376:
                   2377:        /* generate public and private number */
                   2378:        if (!DH_generate_key(dh))
                   2379:                goto end;
                   2380:
                   2381:        /* copy results to buffers */
                   2382:        if (eay_bn2v(pub, dh->pub_key) < 0)
                   2383:                goto end;
                   2384:        if (eay_bn2v(priv, dh->priv_key) < 0) {
                   2385:                vfree(*pub);
                   2386:                goto end;
                   2387:        }
                   2388:
                   2389:        error = 0;
                   2390:
                   2391: end:
                   2392:        if (dh != NULL)
                   2393:                DH_free(dh);
                   2394:        if (p != 0)
                   2395:                BN_free(p);
                   2396:        return(error);
                   2397: }
                   2398:
                   2399: int
                   2400: eay_dh_compute(prime, g, pub, priv, pub2, key)
                   2401:        vchar_t *prime, *pub, *priv, *pub2, **key;
                   2402:        u_int32_t g;
                   2403: {
                   2404:        BIGNUM *dh_pub = NULL;
                   2405:        DH *dh = NULL;
                   2406:        int l;
1.4       manu     2407:        unsigned char *v = NULL;
1.1       manu     2408:        int error = -1;
                   2409:
                   2410:        /* make public number to compute */
                   2411:        if (eay_v2bn(&dh_pub, pub2) < 0)
                   2412:                goto end;
                   2413:
                   2414:        /* make DH structure */
                   2415:        if ((dh = DH_new()) == NULL)
                   2416:                goto end;
                   2417:        if (eay_v2bn(&dh->p, prime) < 0)
                   2418:                goto end;
                   2419:        if (eay_v2bn(&dh->pub_key, pub) < 0)
                   2420:                goto end;
                   2421:        if (eay_v2bn(&dh->priv_key, priv) < 0)
                   2422:                goto end;
                   2423:        dh->length = pub2->l * 8;
                   2424:
                   2425:        dh->g = NULL;
                   2426:        if ((dh->g = BN_new()) == NULL)
                   2427:                goto end;
                   2428:        if (!BN_set_word(dh->g, g))
                   2429:                goto end;
                   2430:
1.4       manu     2431:        if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
1.1       manu     2432:                goto end;
                   2433:        if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
                   2434:                goto end;
                   2435:        memcpy((*key)->v + (prime->l - l), v, l);
                   2436:
                   2437:        error = 0;
                   2438:
                   2439: end:
                   2440:        if (dh_pub != NULL)
                   2441:                BN_free(dh_pub);
                   2442:        if (dh != NULL)
                   2443:                DH_free(dh);
                   2444:        if (v != NULL)
                   2445:                racoon_free(v);
                   2446:        return(error);
                   2447: }
                   2448:
                   2449: /*
                   2450:  * convert vchar_t <-> BIGNUM.
                   2451:  *
                   2452:  * vchar_t: unit is u_char, network endian, most significant byte first.
                   2453:  * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
                   2454:  *     least significant BN_ULONG must come first.
                   2455:  *
                   2456:  * hex value of "0x3ffe050104" is represented as follows:
                   2457:  *     vchar_t: 3f fe 05 01 04
                   2458:  *     BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
                   2459:  *     BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
                   2460:  *     BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
                   2461:  */
                   2462: int
                   2463: eay_v2bn(bn, var)
                   2464:        BIGNUM **bn;
                   2465:        vchar_t *var;
                   2466: {
1.4       manu     2467:        if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
1.1       manu     2468:                return -1;
                   2469:
                   2470:        return 0;
                   2471: }
                   2472:
                   2473: int
                   2474: eay_bn2v(var, bn)
                   2475:        vchar_t **var;
                   2476:        BIGNUM *bn;
                   2477: {
                   2478:        *var = vmalloc(bn->top * BN_BYTES);
                   2479:        if (*var == NULL)
                   2480:                return(-1);
                   2481:
1.4       manu     2482:        (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
1.1       manu     2483:
                   2484:        return 0;
                   2485: }
                   2486:
                   2487: void
                   2488: eay_init()
                   2489: {
                   2490:        OpenSSL_add_all_algorithms();
                   2491:        ERR_load_crypto_strings();
                   2492: #ifdef HAVE_OPENSSL_ENGINE_H
                   2493:        ENGINE_load_builtin_engines();
                   2494:        ENGINE_register_all_complete();
                   2495: #endif
                   2496: }
                   2497:
                   2498: vchar_t *
                   2499: base64_decode(char *in, long inlen)
                   2500: {
                   2501:        BIO *bio=NULL, *b64=NULL;
                   2502:        vchar_t *res = NULL;
1.11      christos 2503:        char *outb;
1.1       manu     2504:        long outlen;
                   2505:
1.11      christos 2506:        outb = malloc(inlen * 2);
                   2507:        if (outb == NULL)
                   2508:                goto out;
1.1       manu     2509:        bio = BIO_new_mem_buf(in, inlen);
                   2510:        b64 = BIO_new(BIO_f_base64());
                   2511:        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
                   2512:        bio = BIO_push(b64, bio);
                   2513:
1.11      christos 2514:        outlen = BIO_read(bio, outb, inlen * 2);
1.1       manu     2515:        if (outlen <= 0) {
                   2516:                plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
                   2517:                goto out;
                   2518:        }
                   2519:
                   2520:        res = vmalloc(outlen);
                   2521:        if (!res)
                   2522:                goto out;
                   2523:
1.11      christos 2524:        memcpy(res->v, outb, outlen);
1.1       manu     2525:
                   2526: out:
1.11      christos 2527:        if (outb)
                   2528:                free(outb);
1.1       manu     2529:        if (bio)
                   2530:                BIO_free_all(bio);
                   2531:
                   2532:        return res;
                   2533: }
                   2534:
                   2535: vchar_t *
                   2536: base64_encode(char *in, long inlen)
                   2537: {
                   2538:        BIO *bio=NULL, *b64=NULL;
                   2539:        char *ptr;
                   2540:        long plen = -1;
                   2541:        vchar_t *res = NULL;
                   2542:
                   2543:        bio = BIO_new(BIO_s_mem());
                   2544:        b64 = BIO_new(BIO_f_base64());
                   2545:        BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
                   2546:        bio = BIO_push(b64, bio);
                   2547:
                   2548:        BIO_write(bio, in, inlen);
                   2549:        BIO_flush(bio);
                   2550:
                   2551:        plen = BIO_get_mem_data(bio, &ptr);
                   2552:        res = vmalloc(plen+1);
                   2553:        if (!res)
                   2554:                goto out;
                   2555:
                   2556:        memcpy (res->v, ptr, plen);
                   2557:        res->v[plen] = '\0';
                   2558:
                   2559: out:
                   2560:        if (bio)
                   2561:                BIO_free_all(bio);
                   2562:
                   2563:        return res;
                   2564: }
                   2565:
                   2566: static RSA *
                   2567: binbuf_pubkey2rsa(vchar_t *binbuf)
                   2568: {
                   2569:        BIGNUM *exp, *mod;
                   2570:        RSA *rsa_pub = NULL;
                   2571:
                   2572:        if (binbuf->v[0] > binbuf->l - 1) {
                   2573:                plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
                   2574:                goto out;
                   2575:        }
                   2576:
1.4       manu     2577:        exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
                   2578:        mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
                   2579:                        binbuf->l - binbuf->v[0] - 1, NULL);
1.1       manu     2580:        rsa_pub = RSA_new();
                   2581:
                   2582:        if (!exp || !mod || !rsa_pub) {
                   2583:                plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
                   2584:                if (exp)
                   2585:                        BN_free(exp);
                   2586:                if (mod)
                   2587:                        BN_free(exp);
                   2588:                if (rsa_pub)
                   2589:                        RSA_free(rsa_pub);
                   2590:                rsa_pub = NULL;
                   2591:                goto out;
                   2592:        }
                   2593:
                   2594:        rsa_pub->n = mod;
                   2595:        rsa_pub->e = exp;
                   2596:
                   2597: out:
                   2598:        return rsa_pub;
                   2599: }
                   2600:
                   2601: RSA *
                   2602: base64_pubkey2rsa(char *in)
                   2603: {
                   2604:        BIGNUM *exp, *mod;
                   2605:        RSA *rsa_pub = NULL;
                   2606:        vchar_t *binbuf;
                   2607:
                   2608:        if (strncmp(in, "0s", 2) != 0) {
                   2609:                plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
                   2610:                return NULL;
                   2611:        }
                   2612:
                   2613:        binbuf = base64_decode(in + 2, strlen(in + 2));
                   2614:        if (!binbuf) {
                   2615:                plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
                   2616:                return NULL;
                   2617:        }
                   2618:
                   2619:        if (binbuf->v[0] > binbuf->l - 1) {
                   2620:                plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
                   2621:                goto out;
                   2622:        }
                   2623:
                   2624:        rsa_pub = binbuf_pubkey2rsa(binbuf);
                   2625:
                   2626: out:
                   2627:        if (binbuf)
                   2628:                vfree(binbuf);
                   2629:
                   2630:        return rsa_pub;
                   2631: }
                   2632:
                   2633: RSA *
                   2634: bignum_pubkey2rsa(BIGNUM *in)
                   2635: {
                   2636:        RSA *rsa_pub = NULL;
                   2637:        vchar_t *binbuf;
                   2638:
                   2639:        binbuf = vmalloc(BN_num_bytes(in));
                   2640:        if (!binbuf) {
                   2641:                plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
                   2642:                return NULL;
                   2643:        }
                   2644:
1.4       manu     2645:        BN_bn2bin(in, (unsigned char *) binbuf->v);
1.1       manu     2646:
                   2647:        rsa_pub = binbuf_pubkey2rsa(binbuf);
                   2648:
                   2649: out:
                   2650:        if (binbuf)
                   2651:                vfree(binbuf);
                   2652:
                   2653:        return rsa_pub;
                   2654: }
                   2655:
                   2656: u_int32_t
                   2657: eay_random()
                   2658: {
                   2659:        u_int32_t result;
                   2660:        vchar_t *vrand;
                   2661:
                   2662:        vrand = eay_set_random(sizeof(result));
                   2663:        memcpy(&result, vrand->v, sizeof(result));
                   2664:        vfree(vrand);
                   2665:
                   2666:        return result;
                   2667: }
                   2668:
                   2669: const char *
                   2670: eay_version()
                   2671: {
                   2672:        return SSLeay_version(SSLEAY_VERSION);
                   2673: }

CVSweb <webmaster@jp.NetBSD.org>