• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*	$NetBSD: crypto_openssl.c,v 1.20 2010/10/20 13:40:02 tteras Exp $	*/
2 
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <sys/types.h>
37 #include <sys/param.h>
38 
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <limits.h>
42 #include <string.h>
43 
44 /* get openssl/ssleay version number */
45 #include <openssl/opensslv.h>
46 
47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090602fL)
48 #error OpenSSL version 0.9.6 or later required.
49 #endif
50 
51 #include <openssl/pem.h>
52 #include <openssl/evp.h>
53 #include <openssl/x509.h>
54 #include <openssl/x509v3.h>
55 #include <openssl/x509_vfy.h>
56 #include <openssl/bn.h>
57 #include <openssl/dh.h>
58 #include <openssl/md5.h>
59 #include <openssl/sha.h>
60 #include <openssl/hmac.h>
61 #include <openssl/des.h>
62 #include <openssl/crypto.h>
63 #ifdef HAVE_OPENSSL_ENGINE_H
64 #include <openssl/engine.h>
65 #endif
66 #ifndef ANDROID_CHANGES
67 #include <openssl/blowfish.h>
68 #include <openssl/cast.h>
69 #else
70 #define EVP_bf_cbc()    NULL
71 #define EVP_cast5_cbc() NULL
72 #endif
73 #include <openssl/err.h>
74 #ifdef HAVE_OPENSSL_RC5_H
75 #include <openssl/rc5.h>
76 #endif
77 #ifdef HAVE_OPENSSL_IDEA_H
78 #include <openssl/idea.h>
79 #endif
80 #if defined(HAVE_OPENSSL_AES_H)
81 #include <openssl/aes.h>
82 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
83 #include <openssl/rijndael.h>
84 #else
85 #include "crypto/rijndael/rijndael-api-fst.h"
86 #endif
87 #if defined(HAVE_OPENSSL_CAMELLIA_H)
88 #include <openssl/camellia.h>
89 #endif
90 #ifdef WITH_SHA2
91 #ifdef HAVE_OPENSSL_SHA2_H
92 #include <openssl/sha2.h>
93 #else
94 #include "crypto/sha2/sha2.h"
95 #endif
96 #endif
97 #include "plog.h"
98 
99 /* 0.9.7 stuff? */
100 #if OPENSSL_VERSION_NUMBER < 0x0090700fL
101 typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES;
102 #else
103 #define USE_NEW_DES_API
104 #endif
105 
106 #define OpenSSL_BUG()	do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
107 
108 #include "var.h"
109 #include "misc.h"
110 #include "vmbuf.h"
111 #include "plog.h"
112 #include "crypto_openssl.h"
113 #include "debug.h"
114 #include "gcmalloc.h"
115 #include "isakmp.h"
116 
117 /*
118  * I hate to cast every parameter to des_xx into void *, but it is
119  * necessary for SSLeay/OpenSSL portability.  It sucks.
120  */
121 
122 static int cb_check_cert_local __P((int, X509_STORE_CTX *));
123 static int cb_check_cert_remote __P((int, X509_STORE_CTX *));
124 static X509 *mem2x509 __P((vchar_t *));
125 
126 static caddr_t eay_hmac_init __P((vchar_t *, const EVP_MD *));
127 
128 /* X509 Certificate */
129 /*
130  * convert the string of the subject name into DER
131  * e.g. str = "C=JP, ST=Kanagawa";
132  */
133 vchar_t *
eay_str2asn1dn(str,len)134 eay_str2asn1dn(str, len)
135 	const char *str;
136 	int len;
137 {
138 	X509_NAME *name;
139 	char *buf, *dst;
140 	char *field, *value;
141 	int i;
142 	vchar_t *ret = NULL;
143 	caddr_t p;
144 
145 	if (len == -1)
146 		len = strlen(str);
147 
148 	buf = racoon_malloc(len + 1);
149 	if (!buf) {
150 		plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
151 		return NULL;
152 	}
153 	memcpy(buf, str, len);
154 
155 	name = X509_NAME_new();
156 
157 	dst = field = &buf[0];
158 	value = NULL;
159 	for (i = 0; i < len; i++) {
160 		if (buf[i] == '\\') {
161 			/* Escape characters specified in RFC 2253 */
162 			if (i < len - 1 &&
163 			    strchr("\\,=+<>#;", buf[i+1]) != NULL) {
164 				*dst++ = buf[++i];
165 				continue;
166 			} else if (i < len - 2) {
167 				/* RFC 2253 hexpair character escape */
168 				long u;
169 				char esc_str[3];
170 				char *endptr;
171 
172 				esc_str[0] = buf[++i];
173 				esc_str[1] = buf[++i];
174 				esc_str[2] = '\0';
175 				u = strtol(esc_str, &endptr, 16);
176 				if (*endptr != '\0' || u < 0 || u > 255)
177 					goto err;
178 				*dst++ = u;
179 				continue;
180 			} else
181 				goto err;
182 		}
183 		if (!value && buf[i] == '=') {
184 			*dst = '\0';
185 			dst = value = &buf[i + 1];
186 			continue;
187 		} else if (buf[i] == ',' || buf[i] == '/') {
188 			*dst = '\0';
189 
190 			plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
191 			     field, value);
192 
193 			if (!value) goto err;
194 			if (!X509_NAME_add_entry_by_txt(name, field,
195 					(value[0] == '*' && value[1] == 0) ?
196 						V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
197 					(unsigned char *) value, -1, -1, 0)) {
198 				plog(LLV_ERROR, LOCATION, NULL,
199 				     "Invalid DN field: %s=%s\n",
200 				     field, value);
201 				plog(LLV_ERROR, LOCATION, NULL,
202 				     "%s\n", eay_strerror());
203 				goto err;
204 			}
205 
206 			while (i + 1 < len && buf[i + 1] == ' ') i++;
207 			dst = field = &buf[i + 1];
208 			value = NULL;
209 			continue;
210 		} else {
211 			*dst++  = buf[i];
212 		}
213 	}
214 	*dst = '\0';
215 
216 	plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
217 	     field, value);
218 
219 	if (!value) goto err;
220 	if (!X509_NAME_add_entry_by_txt(name, field,
221 			(value[0] == '*' && value[1] == 0) ?
222 				V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
223 			(unsigned char *) value, -1, -1, 0)) {
224 		plog(LLV_ERROR, LOCATION, NULL,
225 		     "Invalid DN field: %s=%s\n",
226 		     field, value);
227 		plog(LLV_ERROR, LOCATION, NULL,
228 		     "%s\n", eay_strerror());
229 		goto err;
230 	}
231 
232 	i = i2d_X509_NAME(name, NULL);
233 	if (!i)
234 		goto err;
235 	ret = vmalloc(i);
236 	if (!ret)
237 		goto err;
238 	p = ret->v;
239 	i = i2d_X509_NAME(name, (void *)&p);
240 	if (!i)
241 		goto err;
242 
243 	return ret;
244 
245     err:
246 	if (buf)
247 		racoon_free(buf);
248 	if (name)
249 		X509_NAME_free(name);
250 	if (ret)
251 		vfree(ret);
252 	return NULL;
253 }
254 
255 /*
256  * convert the hex string of the subject name into DER
257  */
258 vchar_t *
eay_hex2asn1dn(const char * hex,int len)259 eay_hex2asn1dn(const char *hex, int len)
260 {
261 	BIGNUM *bn = BN_new();
262 	char *binbuf;
263 	size_t binlen;
264 	vchar_t *ret = NULL;
265 
266 	if (len == -1)
267 		len = strlen(hex);
268 
269 	if (BN_hex2bn(&bn, hex) != len) {
270 		plog(LLV_ERROR, LOCATION, NULL,
271 		     "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
272 		     eay_strerror());
273 		goto out;
274 	}
275 
276 	binlen = BN_num_bytes(bn);
277 	ret = vmalloc(binlen);
278 	if (!ret) {
279 		plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
280 		return NULL;
281 	}
282 	binbuf = ret->v;
283 
284 	BN_bn2bin(bn, (unsigned char *) binbuf);
285 
286 out:
287 	BN_free(bn);
288 
289 	return ret;
290 }
291 
292 /*
293  * The following are derived from code in crypto/x509/x509_cmp.c
294  * in OpenSSL0.9.7c:
295  * X509_NAME_wildcmp() adds wildcard matching to the original
296  * X509_NAME_cmp(), nocase_cmp() and nocase_spacenorm_cmp() are as is.
297  */
298 #include <ctype.h>
299 /* Case insensitive string comparision */
nocase_cmp(const ASN1_STRING * a,const ASN1_STRING * b)300 static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
301 {
302 	int i;
303 
304 	if (a->length != b->length)
305 		return (a->length - b->length);
306 
307 	for (i=0; i<a->length; i++)
308 	{
309 		int ca, cb;
310 
311 		ca = tolower(a->data[i]);
312 		cb = tolower(b->data[i]);
313 
314 		if (ca != cb)
315 			return(ca-cb);
316 	}
317 	return 0;
318 }
319 
320 /* Case insensitive string comparision with space normalization
321  * Space normalization - ignore leading, trailing spaces,
322  *       multiple spaces between characters are replaced by single space
323  */
nocase_spacenorm_cmp(const ASN1_STRING * a,const ASN1_STRING * b)324 static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
325 {
326 	unsigned char *pa = NULL, *pb = NULL;
327 	int la, lb;
328 
329 	la = a->length;
330 	lb = b->length;
331 	pa = a->data;
332 	pb = b->data;
333 
334 	/* skip leading spaces */
335 	while (la > 0 && isspace(*pa))
336 	{
337 		la--;
338 		pa++;
339 	}
340 	while (lb > 0 && isspace(*pb))
341 	{
342 		lb--;
343 		pb++;
344 	}
345 
346 	/* skip trailing spaces */
347 	while (la > 0 && isspace(pa[la-1]))
348 		la--;
349 	while (lb > 0 && isspace(pb[lb-1]))
350 		lb--;
351 
352 	/* compare strings with space normalization */
353 	while (la > 0 && lb > 0)
354 	{
355 		int ca, cb;
356 
357 		/* compare character */
358 		ca = tolower(*pa);
359 		cb = tolower(*pb);
360 		if (ca != cb)
361 			return (ca - cb);
362 
363 		pa++; pb++;
364 		la--; lb--;
365 
366 		if (la <= 0 || lb <= 0)
367 			break;
368 
369 		/* is white space next character ? */
370 		if (isspace(*pa) && isspace(*pb))
371 		{
372 			/* skip remaining white spaces */
373 			while (la > 0 && isspace(*pa))
374 			{
375 				la--;
376 				pa++;
377 			}
378 			while (lb > 0 && isspace(*pb))
379 			{
380 				lb--;
381 				pb++;
382 			}
383 		}
384 	}
385 	if (la > 0 || lb > 0)
386 		return la - lb;
387 
388 	return 0;
389 }
390 
X509_NAME_wildcmp(const X509_NAME * a,const X509_NAME * b)391 static int X509_NAME_wildcmp(const X509_NAME *a, const X509_NAME *b)
392 {
393     int i,j;
394     X509_NAME_ENTRY *na,*nb;
395 
396     if (sk_X509_NAME_ENTRY_num(a->entries)
397 	!= sk_X509_NAME_ENTRY_num(b->entries))
398 	    return sk_X509_NAME_ENTRY_num(a->entries)
399 	      -sk_X509_NAME_ENTRY_num(b->entries);
400     for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--)
401     {
402 	    na=sk_X509_NAME_ENTRY_value(a->entries,i);
403 	    nb=sk_X509_NAME_ENTRY_value(b->entries,i);
404 	    j=OBJ_cmp(na->object,nb->object);
405 	    if (j) return(j);
406 	    if ((na->value->length == 1 && na->value->data[0] == '*')
407 	     || (nb->value->length == 1 && nb->value->data[0] == '*'))
408 		    continue;
409 	    j=na->value->type-nb->value->type;
410 	    if (j) return(j);
411 	    if (na->value->type == V_ASN1_PRINTABLESTRING)
412 		    j=nocase_spacenorm_cmp(na->value, nb->value);
413 	    else if (na->value->type == V_ASN1_IA5STRING
414 		    && OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
415 		    j=nocase_cmp(na->value, nb->value);
416 	    else
417 		    {
418 		    j=na->value->length-nb->value->length;
419 		    if (j) return(j);
420 		    j=memcmp(na->value->data,nb->value->data,
421 			    na->value->length);
422 		    }
423 	    if (j) return(j);
424 	    j=na->set-nb->set;
425 	    if (j) return(j);
426     }
427 
428     return(0);
429 }
430 
431 /*
432  * compare two subjectNames.
433  * OUT:        0: equal
434  *	positive:
435  *	      -1: other error.
436  */
437 int
eay_cmp_asn1dn(n1,n2)438 eay_cmp_asn1dn(n1, n2)
439 	vchar_t *n1, *n2;
440 {
441 	X509_NAME *a = NULL, *b = NULL;
442 	caddr_t p;
443 	int i = -1;
444 
445 	p = n1->v;
446 	if (!d2i_X509_NAME(&a, (void *)&p, n1->l))
447 		goto end;
448 	p = n2->v;
449 	if (!d2i_X509_NAME(&b, (void *)&p, n2->l))
450 		goto end;
451 
452 	i = X509_NAME_wildcmp(a, b);
453 
454     end:
455 	if (a)
456 		X509_NAME_free(a);
457 	if (b)
458 		X509_NAME_free(b);
459 	return i;
460 }
461 
462 #ifdef ANDROID_CHANGES
463 
BIO_from_android(char * path)464 static BIO *BIO_from_android(char *path)
465 {
466 	void *data;
467 	if (sscanf(path, pname, &data) == 1) {
468 		return BIO_new_mem_buf(data, -1);
469 	}
470 	return NULL;
471 }
472 
473 #endif
474 
475 /*
476  * this functions is derived from apps/verify.c in OpenSSL0.9.5
477  */
478 int
eay_check_x509cert(cert,CApath,CAfile,local)479 eay_check_x509cert(cert, CApath, CAfile, local)
480 	vchar_t *cert;
481 	char *CApath;
482 	char *CAfile;
483 	int local;
484 {
485 	X509_STORE *cert_ctx = NULL;
486 	X509_LOOKUP *lookup = NULL;
487 	X509 *x509 = NULL;
488 	X509_STORE_CTX *csc;
489 	int error = -1;
490 
491 	cert_ctx = X509_STORE_new();
492 	if (cert_ctx == NULL)
493 		goto end;
494 
495 	if (local)
496 		X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
497 	else
498 		X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
499 
500 #ifdef ANDROID_CHANGES
501 	if (pname) {
502 		BIO *bio = BIO_from_android(CAfile);
503 		STACK_OF(X509_INFO) *stack;
504 		X509_INFO *info;
505 		int i;
506 
507 		if (!bio) {
508 			goto end;
509 		}
510 		stack = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL);
511 		BIO_free(bio);
512 		if (!stack) {
513 			goto end;
514 		}
515 		for (i = 0; i < sk_X509_INFO_num(stack); ++i) {
516 			info = sk_X509_INFO_value(stack, i);
517 			if (info->x509) {
518 				X509_STORE_add_cert(cert_ctx, info->x509);
519 			}
520 			if (info->crl) {
521 				X509_STORE_add_crl(cert_ctx, info->crl);
522 			}
523 		}
524 		sk_X509_INFO_pop_free(stack, X509_INFO_free);
525 	} else {
526 #endif
527 	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
528 	if (lookup == NULL)
529 		goto end;
530 
531 	X509_LOOKUP_load_file(lookup, CAfile,
532 	    (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
533 
534 	lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
535 	if (lookup == NULL)
536 		goto end;
537 	error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
538 	if(!error) {
539 		error = -1;
540 		goto end;
541 	}
542 	error = -1;	/* initialized */
543 #ifdef ANDROID_CHANGES
544 	}
545 #endif
546 
547 	/* read the certificate to be verified */
548 	x509 = mem2x509(cert);
549 	if (x509 == NULL)
550 		goto end;
551 
552 	csc = X509_STORE_CTX_new();
553 	if (csc == NULL)
554 		goto end;
555 	X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
556 #if OPENSSL_VERSION_NUMBER >= 0x00907000L
557 	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
558 	X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
559 #endif
560 	error = X509_verify_cert(csc);
561 	X509_STORE_CTX_free(csc);
562 
563 	/*
564 	 * if x509_verify_cert() is successful then the value of error is
565 	 * set non-zero.
566 	 */
567 	error = error ? 0 : -1;
568 
569 end:
570 	if (error)
571 		plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
572 	if (cert_ctx != NULL)
573 		X509_STORE_free(cert_ctx);
574 	if (x509 != NULL)
575 		X509_free(x509);
576 
577 	return(error);
578 }
579 
580 /*
581  * callback function for verifing certificate.
582  * this function is derived from cb() in openssl/apps/s_server.c
583  */
584 static int
cb_check_cert_local(ok,ctx)585 cb_check_cert_local(ok, ctx)
586 	int ok;
587 	X509_STORE_CTX *ctx;
588 {
589 	char buf[256];
590 	int log_tag;
591 
592 	if (!ok) {
593 		X509_NAME_oneline(
594 				X509_get_subject_name(ctx->current_cert),
595 				buf,
596 				256);
597 		/*
598 		 * since we are just checking the certificates, it is
599 		 * ok if they are self signed. But we should still warn
600 		 * the user.
601  		 */
602 		switch (ctx->error) {
603 		case X509_V_ERR_CERT_HAS_EXPIRED:
604 		case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
605 		case X509_V_ERR_INVALID_CA:
606 		case X509_V_ERR_PATH_LENGTH_EXCEEDED:
607 		case X509_V_ERR_INVALID_PURPOSE:
608 		case X509_V_ERR_UNABLE_TO_GET_CRL:
609 			ok = 1;
610 			log_tag = LLV_WARNING;
611 			break;
612 		default:
613 			log_tag = LLV_ERROR;
614 		}
615 		plog(log_tag, LOCATION, NULL,
616 			"%s(%d) at depth:%d SubjectName:%s\n",
617 			X509_verify_cert_error_string(ctx->error),
618 			ctx->error,
619 			ctx->error_depth,
620 			buf);
621 	}
622 	ERR_clear_error();
623 
624 	return ok;
625 }
626 
627 /*
628  * callback function for verifing remote certificates.
629  * this function is derived from cb() in openssl/apps/s_server.c
630  */
631 static int
cb_check_cert_remote(ok,ctx)632 cb_check_cert_remote(ok, ctx)
633 	int ok;
634 	X509_STORE_CTX *ctx;
635 {
636 	char buf[256];
637 	int log_tag;
638 
639 	if (!ok) {
640 		X509_NAME_oneline(
641 				X509_get_subject_name(ctx->current_cert),
642 				buf,
643 				256);
644 		switch (ctx->error) {
645 		case X509_V_ERR_UNABLE_TO_GET_CRL:
646 			ok = 1;
647 			log_tag = LLV_WARNING;
648 			break;
649 		default:
650 			log_tag = LLV_ERROR;
651 		}
652 		plog(log_tag, LOCATION, NULL,
653 			"%s(%d) at depth:%d SubjectName:%s\n",
654 			X509_verify_cert_error_string(ctx->error),
655 			ctx->error,
656 			ctx->error_depth,
657 			buf);
658 	}
659 	ERR_clear_error();
660 
661 	return ok;
662 }
663 
664 /*
665  * get a subjectName from X509 certificate.
666  */
667 vchar_t *
eay_get_x509asn1subjectname(cert)668 eay_get_x509asn1subjectname(cert)
669 	vchar_t *cert;
670 {
671 	X509 *x509 = NULL;
672 	u_char *bp;
673 	vchar_t *name = NULL;
674 	int len;
675 
676 	x509 = mem2x509(cert);
677 	if (x509 == NULL)
678 		goto error;
679 
680 	/* get the length of the name */
681 	len = i2d_X509_NAME(x509->cert_info->subject, NULL);
682 	name = vmalloc(len);
683 	if (!name)
684 		goto error;
685 	/* get the name */
686 	bp = (unsigned char *) name->v;
687 	len = i2d_X509_NAME(x509->cert_info->subject, &bp);
688 
689 	X509_free(x509);
690 
691 	return name;
692 
693 error:
694 	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
695 
696 	if (name != NULL)
697 		vfree(name);
698 
699 	if (x509 != NULL)
700 		X509_free(x509);
701 
702 	return NULL;
703 }
704 
705 /*
706  * get the subjectAltName from X509 certificate.
707  * the name must be terminated by '\0'.
708  */
709 int
eay_get_x509subjectaltname(cert,altname,type,pos)710 eay_get_x509subjectaltname(cert, altname, type, pos)
711 	vchar_t *cert;
712 	char **altname;
713 	int *type;
714 	int pos;
715 {
716 	X509 *x509 = NULL;
717 	GENERAL_NAMES *gens = NULL;
718 	GENERAL_NAME *gen;
719 	int len;
720 	int error = -1;
721 
722 	*altname = NULL;
723 	*type = GENT_OTHERNAME;
724 
725 	x509 = mem2x509(cert);
726 	if (x509 == NULL)
727 		goto end;
728 
729 	gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
730 	if (gens == NULL)
731 		goto end;
732 
733 	/* there is no data at "pos" */
734 	if (pos > sk_GENERAL_NAME_num(gens))
735 		goto end;
736 
737 	gen = sk_GENERAL_NAME_value(gens, pos - 1);
738 
739 	/* read DNSName / Email */
740 	if (gen->type == GEN_DNS	||
741 		gen->type == GEN_EMAIL	||
742 		gen->type == GEN_URI )
743 	{
744 		/* make sure if the data is terminated by '\0'. */
745 		if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
746 		{
747 			plog(LLV_ERROR, LOCATION, NULL,
748 				 "data is not terminated by NUL.");
749 			racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
750 			goto end;
751 		}
752 
753 		len = gen->d.ia5->length + 1;
754 		*altname = racoon_malloc(len);
755 		if (!*altname)
756 			goto end;
757 
758 		strlcpy(*altname, (char *) gen->d.ia5->data, len);
759 		*type = gen->type;
760 		error = 0;
761 	}
762 	/* read IP address */
763 	else if (gen->type == GEN_IPADD)
764 	{
765 		unsigned char p[5], *ip;
766 		ip = p;
767 
768 		/* only support IPv4 */
769 		if (gen->d.ip->length != 4)
770 			goto end;
771 
772 		/* convert Octet String to String
773 		 * XXX ???????
774 		 */
775 		/*i2d_ASN1_OCTET_STRING(gen->d.ip,&ip);*/
776 		ip = gen->d.ip->data;
777 
778 		/* XXX Magic, enough for an IPv4 address
779 		 */
780 		*altname = racoon_malloc(20);
781 		if (!*altname)
782 			goto end;
783 
784 		sprintf(*altname, "%u.%u.%u.%u", ip[0], ip[1], ip[2], ip[3]);
785 		*type = gen->type;
786 		error = 0;
787 	}
788 	/* XXX other possible types ?
789 	 * For now, error will be -1 if unsupported type
790 	 */
791 
792 end:
793 	if (error) {
794 		if (*altname) {
795 			racoon_free(*altname);
796 			*altname = NULL;
797 		}
798 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
799 	}
800 	if (x509)
801 		X509_free(x509);
802 	if (gens)
803 		/* free the whole stack. */
804 		sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
805 
806 	return error;
807 }
808 
809 /*
810  * get a issuerName from X509 certificate.
811  */
812 vchar_t *
eay_get_x509asn1issuername(cert)813 eay_get_x509asn1issuername(cert)
814 	vchar_t *cert;
815 {
816 	X509 *x509 = NULL;
817 	u_char *bp;
818 	vchar_t *name = NULL;
819 	int len;
820 
821 	x509 = mem2x509(cert);
822 	if (x509 == NULL)
823 		goto error;
824 
825 	/* get the length of the name */
826 	len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
827 	name = vmalloc(len);
828 	if (name == NULL)
829 		goto error;
830 
831 	/* get the name */
832 	bp = (unsigned char *) name->v;
833 	len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
834 
835 	X509_free(x509);
836 
837 	return name;
838 
839 error:
840 	plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
841 
842 	if (name != NULL)
843 		vfree(name);
844 	if (x509 != NULL)
845 		X509_free(x509);
846 
847 	return NULL;
848 }
849 
850 /*
851  * decode a X509 certificate and make a readable text terminated '\n'.
852  * return the buffer allocated, so must free it later.
853  */
854 char *
eay_get_x509text(cert)855 eay_get_x509text(cert)
856 	vchar_t *cert;
857 {
858 	X509 *x509 = NULL;
859 	BIO *bio = NULL;
860 	char *text = NULL;
861 	u_char *bp = NULL;
862 	int len = 0;
863 	int error = -1;
864 
865 	x509 = mem2x509(cert);
866 	if (x509 == NULL)
867 		goto end;
868 
869 	bio = BIO_new(BIO_s_mem());
870 	if (bio == NULL)
871 		goto end;
872 
873 	error = X509_print(bio, x509);
874 	if (error != 1) {
875 		error = -1;
876 		goto end;
877 	}
878 
879 	len = BIO_get_mem_data(bio, &bp);
880 	text = racoon_malloc(len + 1);
881 	if (text == NULL)
882 		goto end;
883 	memcpy(text, bp, len);
884 	text[len] = '\0';
885 
886 	error = 0;
887 
888     end:
889 	if (error) {
890 		if (text) {
891 			racoon_free(text);
892 			text = NULL;
893 		}
894 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
895 	}
896 	if (bio)
897 		BIO_free(bio);
898 	if (x509)
899 		X509_free(x509);
900 
901 	return text;
902 }
903 
904 /* get X509 structure from buffer. */
905 static X509 *
mem2x509(cert)906 mem2x509(cert)
907 	vchar_t *cert;
908 {
909 	X509 *x509;
910 
911 #ifndef EAYDEBUG
912     {
913 	u_char *bp;
914 
915 	bp = (unsigned char *) cert->v + 1;
916 
917 	x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1);
918     }
919 #else
920     {
921 	BIO *bio;
922 	int len;
923 
924 	bio = BIO_new(BIO_s_mem());
925 	if (bio == NULL)
926 		return NULL;
927 	len = BIO_write(bio, cert->v + 1, cert->l - 1);
928 	if (len == -1)
929 		return NULL;
930 	x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
931 	BIO_free(bio);
932     }
933 #endif
934 	return x509;
935 }
936 
937 /*
938  * get a X509 certificate from local file.
939  * a certificate must be PEM format.
940  * Input:
941  *	path to a certificate.
942  * Output:
943  *	NULL if error occured
944  *	other is the cert.
945  */
946 vchar_t *
eay_get_x509cert(path)947 eay_get_x509cert(path)
948 	char *path;
949 {
950 	FILE *fp;
951 	X509 *x509;
952 	vchar_t *cert;
953 	u_char *bp;
954 	int len;
955 	int error;
956 
957 #ifdef ANDROID_CHANGES
958 	if (pname) {
959 		BIO *bio = BIO_from_android(path);
960 		if (!bio) {
961 			return NULL;
962 		}
963 		x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
964 		BIO_free(bio);
965 	} else {
966 #endif
967 	/* Read private key */
968 	fp = fopen(path, "r");
969 	if (fp == NULL)
970 		return NULL;
971 	x509 = PEM_read_X509(fp, NULL, NULL, NULL);
972 	fclose (fp);
973 #ifdef ANDROID_CHANGES
974 	}
975 #endif
976 
977 	if (x509 == NULL)
978 		return NULL;
979 
980 	len = i2d_X509(x509, NULL);
981 	cert = vmalloc(len + 1);
982 	if (cert == NULL) {
983 		X509_free(x509);
984 		return NULL;
985 	}
986 	cert->v[0] = ISAKMP_CERT_X509SIGN;
987 	bp = (unsigned char *) &cert->v[1];
988 	error = i2d_X509(x509, &bp);
989 	X509_free(x509);
990 
991 	if (error == 0) {
992 		vfree(cert);
993 		return NULL;
994 	}
995 
996 	return cert;
997 }
998 
999 /*
1000  * check a X509 signature
1001  *	XXX: to be get hash type from my cert ?
1002  *		to be handled EVP_dss().
1003  * OUT: return -1 when error.
1004  *	0
1005  */
1006 int
eay_check_x509sign(source,sig,cert)1007 eay_check_x509sign(source, sig, cert)
1008 	vchar_t *source;
1009 	vchar_t *sig;
1010 	vchar_t *cert;
1011 {
1012 	X509 *x509;
1013 	EVP_PKEY *evp;
1014 	int res;
1015 
1016 	x509 = mem2x509(cert);
1017 	if (x509 == NULL)
1018 		return -1;
1019 
1020 	evp = X509_get_pubkey(x509);
1021 	if (! evp) {
1022 		plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
1023 		X509_free(x509);
1024 		return -1;
1025 	}
1026 
1027 	res = eay_rsa_verify(source, sig, evp->pkey.rsa);
1028 
1029 	EVP_PKEY_free(evp);
1030 	X509_free(x509);
1031 
1032 	return res;
1033 }
1034 
1035 /*
1036  * check RSA signature
1037  * OUT: return -1 when error.
1038  *	0 on success
1039  */
1040 int
eay_check_rsasign(source,sig,rsa)1041 eay_check_rsasign(source, sig, rsa)
1042 	vchar_t *source;
1043 	vchar_t *sig;
1044 	RSA *rsa;
1045 {
1046 	return eay_rsa_verify(source, sig, rsa);
1047 }
1048 
1049 /*
1050  * get PKCS#1 Private Key of PEM format from local file.
1051  */
1052 vchar_t *
eay_get_pkcs1privkey(path)1053 eay_get_pkcs1privkey(path)
1054 	char *path;
1055 {
1056 	FILE *fp;
1057 	EVP_PKEY *evp = NULL;
1058 	vchar_t *pkey = NULL;
1059 	u_char *bp;
1060 	int pkeylen;
1061 	int error = -1;
1062 
1063 #ifdef ANDROID_CHANGES
1064 	if (pname) {
1065 		BIO *bio = BIO_from_android(path);
1066 		if (!bio) {
1067 			return NULL;
1068 		}
1069 		evp = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL);
1070 		BIO_free(bio);
1071 	} else {
1072 #endif
1073 	/* Read private key */
1074 	fp = fopen(path, "r");
1075 	if (fp == NULL)
1076 		return NULL;
1077 
1078 	evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
1079 
1080 	fclose (fp);
1081 #ifdef ANDROID_CHANGES
1082 	}
1083 #endif
1084 
1085 	if (evp == NULL)
1086 		return NULL;
1087 
1088 	pkeylen = i2d_PrivateKey(evp, NULL);
1089 	if (pkeylen == 0)
1090 		goto end;
1091 	pkey = vmalloc(pkeylen);
1092 	if (pkey == NULL)
1093 		goto end;
1094 	bp = (unsigned char *) pkey->v;
1095 	pkeylen = i2d_PrivateKey(evp, &bp);
1096 	if (pkeylen == 0)
1097 		goto end;
1098 
1099 	error = 0;
1100 
1101 end:
1102 	if (evp != NULL)
1103 		EVP_PKEY_free(evp);
1104 	if (error != 0 && pkey != NULL) {
1105 		vfree(pkey);
1106 		pkey = NULL;
1107 	}
1108 
1109 	return pkey;
1110 }
1111 
1112 /*
1113  * get PKCS#1 Public Key of PEM format from local file.
1114  */
1115 vchar_t *
eay_get_pkcs1pubkey(path)1116 eay_get_pkcs1pubkey(path)
1117 	char *path;
1118 {
1119 	FILE *fp;
1120 	EVP_PKEY *evp = NULL;
1121 	vchar_t *pkey = NULL;
1122 	X509 *x509 = NULL;
1123 	u_char *bp;
1124 	int pkeylen;
1125 	int error = -1;
1126 
1127 	/* Read private key */
1128 	fp = fopen(path, "r");
1129 	if (fp == NULL)
1130 		return NULL;
1131 
1132 	x509 = PEM_read_X509(fp, NULL, NULL, NULL);
1133 
1134 	fclose (fp);
1135 
1136 	if (x509 == NULL)
1137 		return NULL;
1138 
1139 	/* Get public key - eay */
1140 	evp = X509_get_pubkey(x509);
1141 	if (evp == NULL)
1142 		return NULL;
1143 
1144 	pkeylen = i2d_PublicKey(evp, NULL);
1145 	if (pkeylen == 0)
1146 		goto end;
1147 	pkey = vmalloc(pkeylen);
1148 	if (pkey == NULL)
1149 		goto end;
1150 	bp = (unsigned char *) pkey->v;
1151 	pkeylen = i2d_PublicKey(evp, &bp);
1152 	if (pkeylen == 0)
1153 		goto end;
1154 
1155 	error = 0;
1156 end:
1157 	if (evp != NULL)
1158 		EVP_PKEY_free(evp);
1159 	if (error != 0 && pkey != NULL) {
1160 		vfree(pkey);
1161 		pkey = NULL;
1162 	}
1163 
1164 	return pkey;
1165 }
1166 
1167 vchar_t *
eay_get_x509sign(src,privkey)1168 eay_get_x509sign(src, privkey)
1169 	vchar_t *src, *privkey;
1170 {
1171 	EVP_PKEY *evp;
1172 	u_char *bp = (unsigned char *) privkey->v;
1173 	vchar_t *sig = NULL;
1174 	int len;
1175 	int pad = RSA_PKCS1_PADDING;
1176 
1177 	/* XXX to be handled EVP_PKEY_DSA */
1178 	evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
1179 	if (evp == NULL)
1180 		return NULL;
1181 
1182 	sig = eay_rsa_sign(src, evp->pkey.rsa);
1183 
1184 	EVP_PKEY_free(evp);
1185 
1186 	return sig;
1187 }
1188 
1189 vchar_t *
eay_get_rsasign(src,rsa)1190 eay_get_rsasign(src, rsa)
1191 	vchar_t *src;
1192 	RSA *rsa;
1193 {
1194 	return eay_rsa_sign(src, rsa);
1195 }
1196 
1197 vchar_t *
eay_rsa_sign(vchar_t * src,RSA * rsa)1198 eay_rsa_sign(vchar_t *src, RSA *rsa)
1199 {
1200 	int len;
1201 	vchar_t *sig = NULL;
1202 	int pad = RSA_PKCS1_PADDING;
1203 
1204 	len = RSA_size(rsa);
1205 
1206 	sig = vmalloc(len);
1207 	if (sig == NULL)
1208 		return NULL;
1209 
1210 	len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1211 			(unsigned char *) sig->v, rsa, pad);
1212 
1213 	if (len == 0 || len != sig->l) {
1214 		vfree(sig);
1215 		sig = NULL;
1216 	}
1217 
1218 	return sig;
1219 }
1220 
1221 int
eay_rsa_verify(src,sig,rsa)1222 eay_rsa_verify(src, sig, rsa)
1223 	vchar_t *src, *sig;
1224 	RSA *rsa;
1225 {
1226 	vchar_t *xbuf = NULL;
1227 	int pad = RSA_PKCS1_PADDING;
1228 	int len = 0;
1229 	int error;
1230 
1231 	len = RSA_size(rsa);
1232 	xbuf = vmalloc(len);
1233 	if (xbuf == NULL) {
1234 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1235 		return -1;
1236 	}
1237 
1238 	len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1239 			(unsigned char *) xbuf->v, rsa, pad);
1240 	if (len == 0 || len != src->l) {
1241 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1242 		vfree(xbuf);
1243 		return -1;
1244 	}
1245 
1246 	error = memcmp(src->v, xbuf->v, src->l);
1247 	vfree(xbuf);
1248 	if (error != 0)
1249 		return -1;
1250 
1251 	return 0;
1252 }
1253 
1254 /*
1255  * get error string
1256  * MUST load ERR_load_crypto_strings() first.
1257  */
1258 char *
eay_strerror()1259 eay_strerror()
1260 {
1261 	static char ebuf[512];
1262 	int len = 0, n;
1263 	unsigned long l;
1264 	char buf[200];
1265 	const char *file, *data;
1266 	int line, flags;
1267 	unsigned long es;
1268 
1269 	es = CRYPTO_thread_id();
1270 
1271 	while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1272 		n = snprintf(ebuf + len, sizeof(ebuf) - len,
1273 				"%lu:%s:%s:%d:%s ",
1274 				es, ERR_error_string(l, buf), file, line,
1275 				(flags & ERR_TXT_STRING) ? data : "");
1276 		if (n < 0 || n >= sizeof(ebuf) - len)
1277 			break;
1278 		len += n;
1279 		if (sizeof(ebuf) < len)
1280 			break;
1281 	}
1282 
1283 	return ebuf;
1284 }
1285 
1286 vchar_t *
evp_crypt(vchar_t * data,vchar_t * key,vchar_t * iv,const EVP_CIPHER * e,int enc)1287 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1288 {
1289 	vchar_t *res;
1290 	EVP_CIPHER_CTX ctx;
1291 
1292 	if (!e)
1293 		return NULL;
1294 
1295 	if (data->l % EVP_CIPHER_block_size(e))
1296 		return NULL;
1297 
1298 	if ((res = vmalloc(data->l)) == NULL)
1299 		return NULL;
1300 
1301 	EVP_CIPHER_CTX_init(&ctx);
1302 
1303 	switch(EVP_CIPHER_nid(e)){
1304 	case NID_bf_cbc:
1305 	case NID_bf_ecb:
1306 	case NID_bf_cfb64:
1307 	case NID_bf_ofb64:
1308 	case NID_cast5_cbc:
1309 	case NID_cast5_ecb:
1310 	case NID_cast5_cfb64:
1311 	case NID_cast5_ofb64:
1312 		/* XXX: can we do that also for algos with a fixed key size ?
1313 		 */
1314 		/* init context without key/iv
1315          */
1316         if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
1317         {
1318             OpenSSL_BUG();
1319             vfree(res);
1320             return NULL;
1321         }
1322 
1323         /* update key size
1324          */
1325         if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
1326         {
1327             OpenSSL_BUG();
1328             vfree(res);
1329             return NULL;
1330         }
1331 
1332         /* finalize context init with desired key size
1333          */
1334         if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
1335 							(u_char *) iv->v, enc))
1336         {
1337             OpenSSL_BUG();
1338             vfree(res);
1339             return NULL;
1340 		}
1341 		break;
1342 	default:
1343 		if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
1344 							(u_char *) iv->v, enc)) {
1345 			OpenSSL_BUG();
1346 			vfree(res);
1347 			return NULL;
1348 		}
1349 	}
1350 
1351 	/* disable openssl padding */
1352 	EVP_CIPHER_CTX_set_padding(&ctx, 0);
1353 
1354 	if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
1355 		OpenSSL_BUG();
1356 		vfree(res);
1357 		return NULL;
1358 	}
1359 
1360 	EVP_CIPHER_CTX_cleanup(&ctx);
1361 
1362 	return res;
1363 }
1364 
1365 int
evp_weakkey(vchar_t * key,const EVP_CIPHER * e)1366 evp_weakkey(vchar_t *key, const EVP_CIPHER *e)
1367 {
1368 	return 0;
1369 }
1370 
1371 int
evp_keylen(int len,const EVP_CIPHER * e)1372 evp_keylen(int len, const EVP_CIPHER *e)
1373 {
1374 	if (!e)
1375 		return -1;
1376 	/* EVP functions return lengths in bytes, ipsec-tools
1377 	 * uses lengths in bits, therefore conversion is required. --AK
1378 	 */
1379 	if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1380 		return -1;
1381 
1382 	return EVP_CIPHER_key_length(e) << 3;
1383 }
1384 
1385 /*
1386  * DES-CBC
1387  */
1388 vchar_t *
eay_des_encrypt(data,key,iv)1389 eay_des_encrypt(data, key, iv)
1390 	vchar_t *data, *key, *iv;
1391 {
1392 	return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1393 }
1394 
1395 vchar_t *
eay_des_decrypt(data,key,iv)1396 eay_des_decrypt(data, key, iv)
1397 	vchar_t *data, *key, *iv;
1398 {
1399 	return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1400 }
1401 
1402 int
eay_des_weakkey(key)1403 eay_des_weakkey(key)
1404 	vchar_t *key;
1405 {
1406 #ifdef USE_NEW_DES_API
1407 	return DES_is_weak_key((void *)key->v);
1408 #else
1409 	return des_is_weak_key((void *)key->v);
1410 #endif
1411 }
1412 
1413 int
eay_des_keylen(len)1414 eay_des_keylen(len)
1415 	int len;
1416 {
1417 	return evp_keylen(len, EVP_des_cbc());
1418 }
1419 
1420 #ifdef HAVE_OPENSSL_IDEA_H
1421 /*
1422  * IDEA-CBC
1423  */
1424 vchar_t *
eay_idea_encrypt(data,key,iv)1425 eay_idea_encrypt(data, key, iv)
1426 	vchar_t *data, *key, *iv;
1427 {
1428 	vchar_t *res;
1429 	IDEA_KEY_SCHEDULE ks;
1430 
1431 	idea_set_encrypt_key((unsigned char *)key->v, &ks);
1432 
1433 	/* allocate buffer for result */
1434 	if ((res = vmalloc(data->l)) == NULL)
1435 		return NULL;
1436 
1437 	/* decryption data */
1438 	idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1439 			&ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1440 
1441 	return res;
1442 }
1443 
1444 vchar_t *
eay_idea_decrypt(data,key,iv)1445 eay_idea_decrypt(data, key, iv)
1446 	vchar_t *data, *key, *iv;
1447 {
1448 	vchar_t *res;
1449 	IDEA_KEY_SCHEDULE ks, dks;
1450 
1451 	idea_set_encrypt_key((unsigned char *)key->v, &ks);
1452 	idea_set_decrypt_key(&ks, &dks);
1453 
1454 	/* allocate buffer for result */
1455 	if ((res = vmalloc(data->l)) == NULL)
1456 		return NULL;
1457 
1458 	/* decryption data */
1459 	idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1460 			&dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1461 
1462 	return res;
1463 }
1464 
1465 int
eay_idea_weakkey(key)1466 eay_idea_weakkey(key)
1467 	vchar_t *key;
1468 {
1469 	return 0;       /* XXX */
1470 }
1471 
1472 int
eay_idea_keylen(len)1473 eay_idea_keylen(len)
1474 	int len;
1475 {
1476 	if (len != 0 && len != 128)
1477 		return -1;
1478 	return 128;
1479 }
1480 #endif
1481 
1482 /*
1483  * BLOWFISH-CBC
1484  */
1485 vchar_t *
eay_bf_encrypt(data,key,iv)1486 eay_bf_encrypt(data, key, iv)
1487 	vchar_t *data, *key, *iv;
1488 {
1489 	return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1490 }
1491 
1492 vchar_t *
eay_bf_decrypt(data,key,iv)1493 eay_bf_decrypt(data, key, iv)
1494 	vchar_t *data, *key, *iv;
1495 {
1496 	return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1497 }
1498 
1499 int
eay_bf_weakkey(key)1500 eay_bf_weakkey(key)
1501 	vchar_t *key;
1502 {
1503 	return 0;	/* XXX to be done. refer to RFC 2451 */
1504 }
1505 
1506 int
eay_bf_keylen(len)1507 eay_bf_keylen(len)
1508 	int len;
1509 {
1510 	if (len == 0)
1511 		return 448;
1512 	if (len < 40 || len > 448)
1513 		return -1;
1514 	return len;
1515 }
1516 
1517 #ifdef HAVE_OPENSSL_RC5_H
1518 /*
1519  * RC5-CBC
1520  */
1521 vchar_t *
eay_rc5_encrypt(data,key,iv)1522 eay_rc5_encrypt(data, key, iv)
1523 	vchar_t *data, *key, *iv;
1524 {
1525 	vchar_t *res;
1526 	RC5_32_KEY ks;
1527 
1528 	/* in RFC 2451, there is information about the number of round. */
1529 	RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1530 
1531 	/* allocate buffer for result */
1532 	if ((res = vmalloc(data->l)) == NULL)
1533 		return NULL;
1534 
1535 	/* decryption data */
1536 	RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1537 		&ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1538 
1539 	return res;
1540 }
1541 
1542 vchar_t *
eay_rc5_decrypt(data,key,iv)1543 eay_rc5_decrypt(data, key, iv)
1544 	vchar_t *data, *key, *iv;
1545 {
1546 	vchar_t *res;
1547 	RC5_32_KEY ks;
1548 
1549 	/* in RFC 2451, there is information about the number of round. */
1550 	RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1551 
1552 	/* allocate buffer for result */
1553 	if ((res = vmalloc(data->l)) == NULL)
1554 		return NULL;
1555 
1556 	/* decryption data */
1557 	RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1558 		&ks, (unsigned char *)iv->v, RC5_DECRYPT);
1559 
1560 	return res;
1561 }
1562 
1563 int
eay_rc5_weakkey(key)1564 eay_rc5_weakkey(key)
1565 	vchar_t *key;
1566 {
1567 	return 0;       /* No known weak keys when used with 16 rounds. */
1568 
1569 }
1570 
1571 int
eay_rc5_keylen(len)1572 eay_rc5_keylen(len)
1573 	int len;
1574 {
1575 	if (len == 0)
1576 		return 128;
1577 	if (len < 40 || len > 2040)
1578 		return -1;
1579 	return len;
1580 }
1581 #endif
1582 
1583 /*
1584  * 3DES-CBC
1585  */
1586 vchar_t *
eay_3des_encrypt(data,key,iv)1587 eay_3des_encrypt(data, key, iv)
1588 	vchar_t *data, *key, *iv;
1589 {
1590 	return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1591 }
1592 
1593 vchar_t *
eay_3des_decrypt(data,key,iv)1594 eay_3des_decrypt(data, key, iv)
1595 	vchar_t *data, *key, *iv;
1596 {
1597 	return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1598 }
1599 
1600 int
eay_3des_weakkey(key)1601 eay_3des_weakkey(key)
1602 	vchar_t *key;
1603 {
1604 #ifdef USE_NEW_DES_API
1605 	return (DES_is_weak_key((void *)key->v) ||
1606 	    DES_is_weak_key((void *)(key->v + 8)) ||
1607 	    DES_is_weak_key((void *)(key->v + 16)));
1608 #else
1609 	if (key->l < 24)
1610 		return 0;
1611 
1612 	return (des_is_weak_key((void *)key->v) ||
1613 	    des_is_weak_key((void *)(key->v + 8)) ||
1614 	    des_is_weak_key((void *)(key->v + 16)));
1615 #endif
1616 }
1617 
1618 int
eay_3des_keylen(len)1619 eay_3des_keylen(len)
1620 	int len;
1621 {
1622 	if (len != 0 && len != 192)
1623 		return -1;
1624 	return 192;
1625 }
1626 
1627 /*
1628  * CAST-CBC
1629  */
1630 vchar_t *
eay_cast_encrypt(data,key,iv)1631 eay_cast_encrypt(data, key, iv)
1632 	vchar_t *data, *key, *iv;
1633 {
1634 	return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1635 }
1636 
1637 vchar_t *
eay_cast_decrypt(data,key,iv)1638 eay_cast_decrypt(data, key, iv)
1639 	vchar_t *data, *key, *iv;
1640 {
1641 	return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1642 }
1643 
1644 int
eay_cast_weakkey(key)1645 eay_cast_weakkey(key)
1646 	vchar_t *key;
1647 {
1648 	return 0;	/* No known weak keys. */
1649 }
1650 
1651 int
eay_cast_keylen(len)1652 eay_cast_keylen(len)
1653 	int len;
1654 {
1655 	if (len == 0)
1656 		return 128;
1657 	if (len < 40 || len > 128)
1658 		return -1;
1659 	return len;
1660 }
1661 
1662 /*
1663  * AES(RIJNDAEL)-CBC
1664  */
1665 #ifndef HAVE_OPENSSL_AES_H
1666 vchar_t *
eay_aes_encrypt(data,key,iv)1667 eay_aes_encrypt(data, key, iv)
1668 	vchar_t *data, *key, *iv;
1669 {
1670 	vchar_t *res;
1671 	keyInstance k;
1672 	cipherInstance c;
1673 
1674 	memset(&k, 0, sizeof(k));
1675 	if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1676 		return NULL;
1677 
1678 	/* allocate buffer for result */
1679 	if ((res = vmalloc(data->l)) == NULL)
1680 		return NULL;
1681 
1682 	/* encryption data */
1683 	memset(&c, 0, sizeof(c));
1684 	if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1685 		vfree(res);
1686 		return NULL;
1687 	}
1688 	if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1689 		vfree(res);
1690 		return NULL;
1691 	}
1692 
1693 	return res;
1694 }
1695 
1696 vchar_t *
eay_aes_decrypt(data,key,iv)1697 eay_aes_decrypt(data, key, iv)
1698 	vchar_t *data, *key, *iv;
1699 {
1700 	vchar_t *res;
1701 	keyInstance k;
1702 	cipherInstance c;
1703 
1704 	memset(&k, 0, sizeof(k));
1705 	if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1706 		return NULL;
1707 
1708 	/* allocate buffer for result */
1709 	if ((res = vmalloc(data->l)) == NULL)
1710 		return NULL;
1711 
1712 	/* decryption data */
1713 	memset(&c, 0, sizeof(c));
1714 	if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1715 		vfree(res);
1716 		return NULL;
1717 	}
1718 	if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1719 		vfree(res);
1720 		return NULL;
1721 	}
1722 
1723 	return res;
1724 }
1725 #else
1726 static inline const EVP_CIPHER *
aes_evp_by_keylen(int keylen)1727 aes_evp_by_keylen(int keylen)
1728 {
1729 	switch(keylen) {
1730 		case 16:
1731 		case 128:
1732 			return EVP_aes_128_cbc();
1733 		case 24:
1734 		case 192:
1735 			return EVP_aes_192_cbc();
1736 		case 32:
1737 		case 256:
1738 			return EVP_aes_256_cbc();
1739 		default:
1740 			return NULL;
1741 	}
1742 }
1743 
1744 vchar_t *
eay_aes_encrypt(data,key,iv)1745 eay_aes_encrypt(data, key, iv)
1746        vchar_t *data, *key, *iv;
1747 {
1748 	return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1749 }
1750 
1751 vchar_t *
eay_aes_decrypt(data,key,iv)1752 eay_aes_decrypt(data, key, iv)
1753        vchar_t *data, *key, *iv;
1754 {
1755 	return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1756 }
1757 #endif
1758 
1759 int
eay_aes_weakkey(key)1760 eay_aes_weakkey(key)
1761 	vchar_t *key;
1762 {
1763 	return 0;
1764 }
1765 
1766 int
eay_aes_keylen(len)1767 eay_aes_keylen(len)
1768 	int len;
1769 {
1770 	if (len == 0)
1771 		return 128;
1772 	if (len != 128 && len != 192 && len != 256)
1773 		return -1;
1774 	return len;
1775 }
1776 
1777 #if defined(HAVE_OPENSSL_CAMELLIA_H)
1778 /*
1779  * CAMELLIA-CBC
1780  */
1781 static inline const EVP_CIPHER *
camellia_evp_by_keylen(int keylen)1782 camellia_evp_by_keylen(int keylen)
1783 {
1784 	switch(keylen) {
1785 		case 16:
1786 		case 128:
1787 			return EVP_camellia_128_cbc();
1788 		case 24:
1789 		case 192:
1790 			return EVP_camellia_192_cbc();
1791 		case 32:
1792 		case 256:
1793 			return EVP_camellia_256_cbc();
1794 		default:
1795 			return NULL;
1796 	}
1797 }
1798 
1799 vchar_t *
eay_camellia_encrypt(data,key,iv)1800 eay_camellia_encrypt(data, key, iv)
1801        vchar_t *data, *key, *iv;
1802 {
1803 	return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1804 }
1805 
1806 vchar_t *
eay_camellia_decrypt(data,key,iv)1807 eay_camellia_decrypt(data, key, iv)
1808        vchar_t *data, *key, *iv;
1809 {
1810 	return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1811 }
1812 
1813 int
eay_camellia_weakkey(key)1814 eay_camellia_weakkey(key)
1815 	vchar_t *key;
1816 {
1817 	return 0;
1818 }
1819 
1820 int
eay_camellia_keylen(len)1821 eay_camellia_keylen(len)
1822 	int len;
1823 {
1824 	if (len == 0)
1825 		return 128;
1826 	if (len != 128 && len != 192 && len != 256)
1827 		return -1;
1828 	return len;
1829 }
1830 
1831 #endif
1832 
1833 /* for ipsec part */
1834 int
eay_null_hashlen()1835 eay_null_hashlen()
1836 {
1837 	return 0;
1838 }
1839 
1840 int
eay_kpdk_hashlen()1841 eay_kpdk_hashlen()
1842 {
1843 	return 0;
1844 }
1845 
1846 int
eay_twofish_keylen(len)1847 eay_twofish_keylen(len)
1848 	int len;
1849 {
1850 	if (len < 0 || len > 256)
1851 		return -1;
1852 	return len;
1853 }
1854 
1855 int
eay_null_keylen(len)1856 eay_null_keylen(len)
1857 	int len;
1858 {
1859 	return 0;
1860 }
1861 
1862 /*
1863  * HMAC functions
1864  */
1865 static caddr_t
eay_hmac_init(key,md)1866 eay_hmac_init(key, md)
1867 	vchar_t *key;
1868 	const EVP_MD *md;
1869 {
1870 	HMAC_CTX *c = racoon_malloc(sizeof(*c));
1871 
1872 	HMAC_Init(c, key->v, key->l, md);
1873 
1874 	return (caddr_t)c;
1875 }
1876 
eay_hmac_one(key,data,type)1877 static vchar_t *eay_hmac_one(key, data, type)
1878 	vchar_t *key, *data;
1879 	const EVP_MD *type;
1880 {
1881 	vchar_t *res;
1882 
1883 	if ((res = vmalloc(EVP_MD_size(type))) == 0)
1884 		return NULL;
1885 
1886 	if (!HMAC(type, (void *) key->v, key->l,
1887 		  (void *) data->v, data->l, (void *) res->v, NULL)) {
1888 		vfree(res);
1889 		return NULL;
1890 	}
1891 
1892 	return res;
1893 }
1894 
eay_digest_one(data,type)1895 static vchar_t *eay_digest_one(data, type)
1896 	vchar_t *data;
1897 	const EVP_MD *type;
1898 {
1899 	vchar_t *res;
1900 
1901 	if ((res = vmalloc(EVP_MD_size(type))) == 0)
1902 		return NULL;
1903 
1904 	if (!EVP_Digest((void *) data->v, data->l,
1905 			(void *) res->v, NULL, type, NULL)) {
1906 		vfree(res);
1907 		return NULL;
1908 	}
1909 
1910 	return res;
1911 }
1912 
1913 #ifdef WITH_SHA2
1914 /*
1915  * HMAC SHA2-512
1916  */
1917 vchar_t *
eay_hmacsha2_512_one(key,data)1918 eay_hmacsha2_512_one(key, data)
1919 	vchar_t *key, *data;
1920 {
1921 	return eay_hmac_one(key, data, EVP_sha2_512());
1922 }
1923 
1924 caddr_t
eay_hmacsha2_512_init(key)1925 eay_hmacsha2_512_init(key)
1926 	vchar_t *key;
1927 {
1928 	return eay_hmac_init(key, EVP_sha2_512());
1929 }
1930 
1931 void
eay_hmacsha2_512_update(c,data)1932 eay_hmacsha2_512_update(c, data)
1933 	caddr_t c;
1934 	vchar_t *data;
1935 {
1936 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1937 }
1938 
1939 vchar_t *
eay_hmacsha2_512_final(c)1940 eay_hmacsha2_512_final(c)
1941 	caddr_t c;
1942 {
1943 	vchar_t *res;
1944 	unsigned int l;
1945 
1946 	if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1947 		return NULL;
1948 
1949 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
1950 	res->l = l;
1951 	HMAC_cleanup((HMAC_CTX *)c);
1952 	(void)racoon_free(c);
1953 
1954 	if (SHA512_DIGEST_LENGTH != res->l) {
1955 		plog(LLV_ERROR, LOCATION, NULL,
1956 			"hmac sha2_512 length mismatch %zd.\n", res->l);
1957 		vfree(res);
1958 		return NULL;
1959 	}
1960 
1961 	return(res);
1962 }
1963 
1964 /*
1965  * HMAC SHA2-384
1966  */
1967 vchar_t *
eay_hmacsha2_384_one(key,data)1968 eay_hmacsha2_384_one(key, data)
1969 	vchar_t *key, *data;
1970 {
1971 	return eay_hmac_one(key, data, EVP_sha2_384());
1972 }
1973 
1974 caddr_t
eay_hmacsha2_384_init(key)1975 eay_hmacsha2_384_init(key)
1976 	vchar_t *key;
1977 {
1978 	return eay_hmac_init(key, EVP_sha2_384());
1979 }
1980 
1981 void
eay_hmacsha2_384_update(c,data)1982 eay_hmacsha2_384_update(c, data)
1983 	caddr_t c;
1984 	vchar_t *data;
1985 {
1986 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1987 }
1988 
1989 vchar_t *
eay_hmacsha2_384_final(c)1990 eay_hmacsha2_384_final(c)
1991 	caddr_t c;
1992 {
1993 	vchar_t *res;
1994 	unsigned int l;
1995 
1996 	if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1997 		return NULL;
1998 
1999 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2000 	res->l = l;
2001 	HMAC_cleanup((HMAC_CTX *)c);
2002 	(void)racoon_free(c);
2003 
2004 	if (SHA384_DIGEST_LENGTH != res->l) {
2005 		plog(LLV_ERROR, LOCATION, NULL,
2006 			"hmac sha2_384 length mismatch %zd.\n", res->l);
2007 		vfree(res);
2008 		return NULL;
2009 	}
2010 
2011 	return(res);
2012 }
2013 
2014 /*
2015  * HMAC SHA2-256
2016  */
2017 vchar_t *
eay_hmacsha2_256_one(key,data)2018 eay_hmacsha2_256_one(key, data)
2019 	vchar_t *key, *data;
2020 {
2021 	return eay_hmac_one(key, data, EVP_sha2_256());
2022 }
2023 
2024 caddr_t
eay_hmacsha2_256_init(key)2025 eay_hmacsha2_256_init(key)
2026 	vchar_t *key;
2027 {
2028 	return eay_hmac_init(key, EVP_sha2_256());
2029 }
2030 
2031 void
eay_hmacsha2_256_update(c,data)2032 eay_hmacsha2_256_update(c, data)
2033 	caddr_t c;
2034 	vchar_t *data;
2035 {
2036 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2037 }
2038 
2039 vchar_t *
eay_hmacsha2_256_final(c)2040 eay_hmacsha2_256_final(c)
2041 	caddr_t c;
2042 {
2043 	vchar_t *res;
2044 	unsigned int l;
2045 
2046 	if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2047 		return NULL;
2048 
2049 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2050 	res->l = l;
2051 	HMAC_cleanup((HMAC_CTX *)c);
2052 	(void)racoon_free(c);
2053 
2054 	if (SHA256_DIGEST_LENGTH != res->l) {
2055 		plog(LLV_ERROR, LOCATION, NULL,
2056 			"hmac sha2_256 length mismatch %zd.\n", res->l);
2057 		vfree(res);
2058 		return NULL;
2059 	}
2060 
2061 	return(res);
2062 }
2063 #endif	/* WITH_SHA2 */
2064 
2065 /*
2066  * HMAC SHA1
2067  */
2068 vchar_t *
eay_hmacsha1_one(key,data)2069 eay_hmacsha1_one(key, data)
2070 	vchar_t *key, *data;
2071 {
2072 	return eay_hmac_one(key, data, EVP_sha1());
2073 }
2074 
2075 caddr_t
eay_hmacsha1_init(key)2076 eay_hmacsha1_init(key)
2077 	vchar_t *key;
2078 {
2079 	return eay_hmac_init(key, EVP_sha1());
2080 }
2081 
2082 void
eay_hmacsha1_update(c,data)2083 eay_hmacsha1_update(c, data)
2084 	caddr_t c;
2085 	vchar_t *data;
2086 {
2087 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2088 }
2089 
2090 vchar_t *
eay_hmacsha1_final(c)2091 eay_hmacsha1_final(c)
2092 	caddr_t c;
2093 {
2094 	vchar_t *res;
2095 	unsigned int l;
2096 
2097 	if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2098 		return NULL;
2099 
2100 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2101 	res->l = l;
2102 	HMAC_cleanup((HMAC_CTX *)c);
2103 	(void)racoon_free(c);
2104 
2105 	if (SHA_DIGEST_LENGTH != res->l) {
2106 		plog(LLV_ERROR, LOCATION, NULL,
2107 			"hmac sha1 length mismatch %zd.\n", res->l);
2108 		vfree(res);
2109 		return NULL;
2110 	}
2111 
2112 	return(res);
2113 }
2114 
2115 /*
2116  * HMAC MD5
2117  */
2118 vchar_t *
eay_hmacmd5_one(key,data)2119 eay_hmacmd5_one(key, data)
2120 	vchar_t *key, *data;
2121 {
2122 	return eay_hmac_one(key, data, EVP_md5());
2123 }
2124 
2125 caddr_t
eay_hmacmd5_init(key)2126 eay_hmacmd5_init(key)
2127 	vchar_t *key;
2128 {
2129 	return eay_hmac_init(key, EVP_md5());
2130 }
2131 
2132 void
eay_hmacmd5_update(c,data)2133 eay_hmacmd5_update(c, data)
2134 	caddr_t c;
2135 	vchar_t *data;
2136 {
2137 	HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
2138 }
2139 
2140 vchar_t *
eay_hmacmd5_final(c)2141 eay_hmacmd5_final(c)
2142 	caddr_t c;
2143 {
2144 	vchar_t *res;
2145 	unsigned int l;
2146 
2147 	if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2148 		return NULL;
2149 
2150 	HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
2151 	res->l = l;
2152 	HMAC_cleanup((HMAC_CTX *)c);
2153 	(void)racoon_free(c);
2154 
2155 	if (MD5_DIGEST_LENGTH != res->l) {
2156 		plog(LLV_ERROR, LOCATION, NULL,
2157 			"hmac md5 length mismatch %zd.\n", res->l);
2158 		vfree(res);
2159 		return NULL;
2160 	}
2161 
2162 	return(res);
2163 }
2164 
2165 #ifdef WITH_SHA2
2166 /*
2167  * SHA2-512 functions
2168  */
2169 caddr_t
eay_sha2_512_init()2170 eay_sha2_512_init()
2171 {
2172 	SHA512_CTX *c = racoon_malloc(sizeof(*c));
2173 
2174 	SHA512_Init(c);
2175 
2176 	return((caddr_t)c);
2177 }
2178 
2179 void
eay_sha2_512_update(c,data)2180 eay_sha2_512_update(c, data)
2181 	caddr_t c;
2182 	vchar_t *data;
2183 {
2184 	SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
2185 
2186 	return;
2187 }
2188 
2189 vchar_t *
eay_sha2_512_final(c)2190 eay_sha2_512_final(c)
2191 	caddr_t c;
2192 {
2193 	vchar_t *res;
2194 
2195 	if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
2196 		return(0);
2197 
2198 	SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
2199 	(void)racoon_free(c);
2200 
2201 	return(res);
2202 }
2203 
2204 vchar_t *
eay_sha2_512_one(data)2205 eay_sha2_512_one(data)
2206 	vchar_t *data;
2207 {
2208 	return eay_digest_one(data, EVP_sha512());
2209 }
2210 
2211 int
eay_sha2_512_hashlen()2212 eay_sha2_512_hashlen()
2213 {
2214 	return SHA512_DIGEST_LENGTH << 3;
2215 }
2216 #endif
2217 
2218 #ifdef WITH_SHA2
2219 /*
2220  * SHA2-384 functions
2221  */
2222 caddr_t
eay_sha2_384_init()2223 eay_sha2_384_init()
2224 {
2225 	SHA384_CTX *c = racoon_malloc(sizeof(*c));
2226 
2227 	SHA384_Init(c);
2228 
2229 	return((caddr_t)c);
2230 }
2231 
2232 void
eay_sha2_384_update(c,data)2233 eay_sha2_384_update(c, data)
2234 	caddr_t c;
2235 	vchar_t *data;
2236 {
2237 	SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
2238 
2239 	return;
2240 }
2241 
2242 vchar_t *
eay_sha2_384_final(c)2243 eay_sha2_384_final(c)
2244 	caddr_t c;
2245 {
2246 	vchar_t *res;
2247 
2248 	if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2249 		return(0);
2250 
2251 	SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2252 	(void)racoon_free(c);
2253 
2254 	return(res);
2255 }
2256 
2257 vchar_t *
eay_sha2_384_one(data)2258 eay_sha2_384_one(data)
2259 	vchar_t *data;
2260 {
2261 	return eay_digest_one(data, EVP_sha2_384());
2262 }
2263 
2264 int
eay_sha2_384_hashlen()2265 eay_sha2_384_hashlen()
2266 {
2267 	return SHA384_DIGEST_LENGTH << 3;
2268 }
2269 #endif
2270 
2271 #ifdef WITH_SHA2
2272 /*
2273  * SHA2-256 functions
2274  */
2275 caddr_t
eay_sha2_256_init()2276 eay_sha2_256_init()
2277 {
2278 	SHA256_CTX *c = racoon_malloc(sizeof(*c));
2279 
2280 	SHA256_Init(c);
2281 
2282 	return((caddr_t)c);
2283 }
2284 
2285 void
eay_sha2_256_update(c,data)2286 eay_sha2_256_update(c, data)
2287 	caddr_t c;
2288 	vchar_t *data;
2289 {
2290 	SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2291 
2292 	return;
2293 }
2294 
2295 vchar_t *
eay_sha2_256_final(c)2296 eay_sha2_256_final(c)
2297 	caddr_t c;
2298 {
2299 	vchar_t *res;
2300 
2301 	if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2302 		return(0);
2303 
2304 	SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2305 	(void)racoon_free(c);
2306 
2307 	return(res);
2308 }
2309 
2310 vchar_t *
eay_sha2_256_one(data)2311 eay_sha2_256_one(data)
2312 	vchar_t *data;
2313 {
2314 	return eay_digest_one(data, EVP_sha2_256());
2315 }
2316 
2317 int
eay_sha2_256_hashlen()2318 eay_sha2_256_hashlen()
2319 {
2320 	return SHA256_DIGEST_LENGTH << 3;
2321 }
2322 #endif
2323 
2324 /*
2325  * SHA functions
2326  */
2327 caddr_t
eay_sha1_init()2328 eay_sha1_init()
2329 {
2330 	SHA_CTX *c = racoon_malloc(sizeof(*c));
2331 
2332 	SHA1_Init(c);
2333 
2334 	return((caddr_t)c);
2335 }
2336 
2337 void
eay_sha1_update(c,data)2338 eay_sha1_update(c, data)
2339 	caddr_t c;
2340 	vchar_t *data;
2341 {
2342 	SHA1_Update((SHA_CTX *)c, data->v, data->l);
2343 
2344 	return;
2345 }
2346 
2347 vchar_t *
eay_sha1_final(c)2348 eay_sha1_final(c)
2349 	caddr_t c;
2350 {
2351 	vchar_t *res;
2352 
2353 	if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2354 		return(0);
2355 
2356 	SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2357 	(void)racoon_free(c);
2358 
2359 	return(res);
2360 }
2361 
2362 vchar_t *
eay_sha1_one(data)2363 eay_sha1_one(data)
2364 	vchar_t *data;
2365 {
2366 	return eay_digest_one(data, EVP_sha1());
2367 }
2368 
2369 int
eay_sha1_hashlen()2370 eay_sha1_hashlen()
2371 {
2372 	return SHA_DIGEST_LENGTH << 3;
2373 }
2374 
2375 /*
2376  * MD5 functions
2377  */
2378 caddr_t
eay_md5_init()2379 eay_md5_init()
2380 {
2381 	MD5_CTX *c = racoon_malloc(sizeof(*c));
2382 
2383 	MD5_Init(c);
2384 
2385 	return((caddr_t)c);
2386 }
2387 
2388 void
eay_md5_update(c,data)2389 eay_md5_update(c, data)
2390 	caddr_t c;
2391 	vchar_t *data;
2392 {
2393 	MD5_Update((MD5_CTX *)c, data->v, data->l);
2394 
2395 	return;
2396 }
2397 
2398 vchar_t *
eay_md5_final(c)2399 eay_md5_final(c)
2400 	caddr_t c;
2401 {
2402 	vchar_t *res;
2403 
2404 	if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2405 		return(0);
2406 
2407 	MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2408 	(void)racoon_free(c);
2409 
2410 	return(res);
2411 }
2412 
2413 vchar_t *
eay_md5_one(data)2414 eay_md5_one(data)
2415 	vchar_t *data;
2416 {
2417 	return eay_digest_one(data, EVP_md5());
2418 }
2419 
2420 int
eay_md5_hashlen()2421 eay_md5_hashlen()
2422 {
2423 	return MD5_DIGEST_LENGTH << 3;
2424 }
2425 
2426 /*
2427  * eay_set_random
2428  *   size: number of bytes.
2429  */
2430 vchar_t *
eay_set_random(size)2431 eay_set_random(size)
2432 	u_int32_t size;
2433 {
2434 	BIGNUM *r = NULL;
2435 	vchar_t *res = 0;
2436 
2437 	if ((r = BN_new()) == NULL)
2438 		goto end;
2439 	BN_rand(r, size * 8, 0, 0);
2440 	eay_bn2v(&res, r);
2441 
2442 end:
2443 	if (r)
2444 		BN_free(r);
2445 	return(res);
2446 }
2447 
2448 /* DH */
2449 int
eay_dh_generate(prime,g,publen,pub,priv)2450 eay_dh_generate(prime, g, publen, pub, priv)
2451 	vchar_t *prime, **pub, **priv;
2452 	u_int publen;
2453 	u_int32_t g;
2454 {
2455 	BIGNUM *p = NULL;
2456 	DH *dh = NULL;
2457 	int error = -1;
2458 
2459 	/* initialize */
2460 	/* pre-process to generate number */
2461 	if (eay_v2bn(&p, prime) < 0)
2462 		goto end;
2463 
2464 	if ((dh = DH_new()) == NULL)
2465 		goto end;
2466 	dh->p = p;
2467 	p = NULL;	/* p is now part of dh structure */
2468 	dh->g = NULL;
2469 	if ((dh->g = BN_new()) == NULL)
2470 		goto end;
2471 	if (!BN_set_word(dh->g, g))
2472 		goto end;
2473 
2474 	if (publen != 0)
2475 		dh->length = publen;
2476 
2477 	/* generate public and private number */
2478 	if (!DH_generate_key(dh))
2479 		goto end;
2480 
2481 	/* copy results to buffers */
2482 	if (eay_bn2v(pub, dh->pub_key) < 0)
2483 		goto end;
2484 	if (eay_bn2v(priv, dh->priv_key) < 0) {
2485 		vfree(*pub);
2486 		goto end;
2487 	}
2488 
2489 	error = 0;
2490 
2491 end:
2492 	if (dh != NULL)
2493 		DH_free(dh);
2494 	if (p != 0)
2495 		BN_free(p);
2496 	return(error);
2497 }
2498 
2499 int
eay_dh_compute(prime,g,pub,priv,pub2,key)2500 eay_dh_compute(prime, g, pub, priv, pub2, key)
2501 	vchar_t *prime, *pub, *priv, *pub2, **key;
2502 	u_int32_t g;
2503 {
2504 	BIGNUM *dh_pub = NULL;
2505 	DH *dh = NULL;
2506 	int l;
2507 	unsigned char *v = NULL;
2508 	int error = -1;
2509 
2510 	/* make public number to compute */
2511 	if (eay_v2bn(&dh_pub, pub2) < 0)
2512 		goto end;
2513 
2514 	/* make DH structure */
2515 	if ((dh = DH_new()) == NULL)
2516 		goto end;
2517 	if (eay_v2bn(&dh->p, prime) < 0)
2518 		goto end;
2519 	if (eay_v2bn(&dh->pub_key, pub) < 0)
2520 		goto end;
2521 	if (eay_v2bn(&dh->priv_key, priv) < 0)
2522 		goto end;
2523 	dh->length = pub2->l * 8;
2524 
2525 	dh->g = NULL;
2526 	if ((dh->g = BN_new()) == NULL)
2527 		goto end;
2528 	if (!BN_set_word(dh->g, g))
2529 		goto end;
2530 
2531 	if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2532 		goto end;
2533 	if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2534 		goto end;
2535 	memcpy((*key)->v + (prime->l - l), v, l);
2536 
2537 	error = 0;
2538 
2539 end:
2540 	if (dh_pub != NULL)
2541 		BN_free(dh_pub);
2542 	if (dh != NULL)
2543 		DH_free(dh);
2544 	if (v != NULL)
2545 		racoon_free(v);
2546 	return(error);
2547 }
2548 
2549 /*
2550  * convert vchar_t <-> BIGNUM.
2551  *
2552  * vchar_t: unit is u_char, network endian, most significant byte first.
2553  * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2554  *	least significant BN_ULONG must come first.
2555  *
2556  * hex value of "0x3ffe050104" is represented as follows:
2557  *	vchar_t: 3f fe 05 01 04
2558  *	BIGNUM (BN_ULONG = u_int8_t): 04 01 05 fe 3f
2559  *	BIGNUM (BN_ULONG = u_int16_t): 0x0104 0xfe05 0x003f
2560  *	BIGNUM (BN_ULONG = u_int32_t_t): 0xfe050104 0x0000003f
2561  */
2562 int
eay_v2bn(bn,var)2563 eay_v2bn(bn, var)
2564 	BIGNUM **bn;
2565 	vchar_t *var;
2566 {
2567 	if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2568 		return -1;
2569 
2570 	return 0;
2571 }
2572 
2573 int
eay_bn2v(var,bn)2574 eay_bn2v(var, bn)
2575 	vchar_t **var;
2576 	BIGNUM *bn;
2577 {
2578 	*var = vmalloc(bn->top * BN_BYTES);
2579 	if (*var == NULL)
2580 		return(-1);
2581 
2582 	(*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2583 
2584 	return 0;
2585 }
2586 
2587 void
eay_init()2588 eay_init()
2589 {
2590 	OpenSSL_add_all_algorithms();
2591 	ERR_load_crypto_strings();
2592 #ifdef HAVE_OPENSSL_ENGINE_H
2593 	ENGINE_load_builtin_engines();
2594 	ENGINE_register_all_complete();
2595 #endif
2596 }
2597 
2598 vchar_t *
base64_decode(char * in,long inlen)2599 base64_decode(char *in, long inlen)
2600 {
2601 	BIO *bio=NULL, *b64=NULL;
2602 	vchar_t *res = NULL;
2603 	char *outb;
2604 	long outlen;
2605 
2606 	outb = malloc(inlen * 2);
2607 	if (outb == NULL)
2608 		goto out;
2609 	bio = BIO_new_mem_buf(in, inlen);
2610 	b64 = BIO_new(BIO_f_base64());
2611 	BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2612 	bio = BIO_push(b64, bio);
2613 
2614 	outlen = BIO_read(bio, outb, inlen * 2);
2615 	if (outlen <= 0) {
2616 		plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2617 		goto out;
2618 	}
2619 
2620 	res = vmalloc(outlen);
2621 	if (!res)
2622 		goto out;
2623 
2624 	memcpy(res->v, outb, outlen);
2625 
2626 out:
2627 	if (outb)
2628 		free(outb);
2629 	if (bio)
2630 		BIO_free_all(bio);
2631 
2632 	return res;
2633 }
2634 
2635 vchar_t *
base64_encode(char * in,long inlen)2636 base64_encode(char *in, long inlen)
2637 {
2638 	BIO *bio=NULL, *b64=NULL;
2639 	char *ptr;
2640 	long plen = -1;
2641 	vchar_t *res = NULL;
2642 
2643 	bio = BIO_new(BIO_s_mem());
2644 	b64 = BIO_new(BIO_f_base64());
2645 	BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2646 	bio = BIO_push(b64, bio);
2647 
2648 	BIO_write(bio, in, inlen);
2649 	BIO_flush(bio);
2650 
2651 	plen = BIO_get_mem_data(bio, &ptr);
2652 	res = vmalloc(plen+1);
2653 	if (!res)
2654 		goto out;
2655 
2656 	memcpy (res->v, ptr, plen);
2657 	res->v[plen] = '\0';
2658 
2659 out:
2660 	if (bio)
2661 		BIO_free_all(bio);
2662 
2663 	return res;
2664 }
2665 
2666 static RSA *
binbuf_pubkey2rsa(vchar_t * binbuf)2667 binbuf_pubkey2rsa(vchar_t *binbuf)
2668 {
2669 	BIGNUM *exp, *mod;
2670 	RSA *rsa_pub = NULL;
2671 
2672 	if (binbuf->v[0] > binbuf->l - 1) {
2673 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2674 		goto out;
2675 	}
2676 
2677 	exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2678 	mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2679 			binbuf->l - binbuf->v[0] - 1, NULL);
2680 	rsa_pub = RSA_new();
2681 
2682 	if (!exp || !mod || !rsa_pub) {
2683 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2684 		if (exp)
2685 			BN_free(exp);
2686 		if (mod)
2687 			BN_free(exp);
2688 		if (rsa_pub)
2689 			RSA_free(rsa_pub);
2690 		rsa_pub = NULL;
2691 		goto out;
2692 	}
2693 
2694 	rsa_pub->n = mod;
2695 	rsa_pub->e = exp;
2696 
2697 out:
2698 	return rsa_pub;
2699 }
2700 
2701 RSA *
base64_pubkey2rsa(char * in)2702 base64_pubkey2rsa(char *in)
2703 {
2704 	BIGNUM *exp, *mod;
2705 	RSA *rsa_pub = NULL;
2706 	vchar_t *binbuf;
2707 
2708 	if (strncmp(in, "0s", 2) != 0) {
2709 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2710 		return NULL;
2711 	}
2712 
2713 	binbuf = base64_decode(in + 2, strlen(in + 2));
2714 	if (!binbuf) {
2715 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2716 		return NULL;
2717 	}
2718 
2719 	if (binbuf->v[0] > binbuf->l - 1) {
2720 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2721 		goto out;
2722 	}
2723 
2724 	rsa_pub = binbuf_pubkey2rsa(binbuf);
2725 
2726 out:
2727 	if (binbuf)
2728 		vfree(binbuf);
2729 
2730 	return rsa_pub;
2731 }
2732 
2733 RSA *
bignum_pubkey2rsa(BIGNUM * in)2734 bignum_pubkey2rsa(BIGNUM *in)
2735 {
2736 	RSA *rsa_pub = NULL;
2737 	vchar_t *binbuf;
2738 
2739 	binbuf = vmalloc(BN_num_bytes(in));
2740 	if (!binbuf) {
2741 		plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2742 		return NULL;
2743 	}
2744 
2745 	BN_bn2bin(in, (unsigned char *) binbuf->v);
2746 
2747 	rsa_pub = binbuf_pubkey2rsa(binbuf);
2748 
2749 out:
2750 	if (binbuf)
2751 		vfree(binbuf);
2752 
2753 	return rsa_pub;
2754 }
2755 
2756 u_int32_t
eay_random()2757 eay_random()
2758 {
2759 	u_int32_t result;
2760 	vchar_t *vrand;
2761 
2762 	vrand = eay_set_random(sizeof(result));
2763 	memcpy(&result, vrand->v, sizeof(result));
2764 	vfree(vrand);
2765 
2766 	return result;
2767 }
2768 
2769 const char *
eay_version()2770 eay_version()
2771 {
2772 	return SSLeay_version(SSLEAY_VERSION);
2773 }
2774