1 /*        $NetBSD: crypto_openssl.c,v 1.31 2025/03/08 16:39:08 christos Exp $   */
2 
3 /* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
4 
5 /*
6  * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
7  * All rights reserved.
8  *
9  * Redistribution and use in source and binary forms, with or without
10  * modification, are permitted provided that the following conditions
11  * are met:
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  * 2. Redistributions in binary form must reproduce the above copyright
15  *    notice, this list of conditions and the following disclaimer in the
16  *    documentation and/or other materials provided with the distribution.
17  * 3. Neither the name of the project nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  */
33 
34 #include "config.h"
35 
36 #include <sys/types.h>
37 #include <sys/param.h>
38 
39 #include <stdlib.h>
40 #include <stdio.h>
41 #include <limits.h>
42 #include <string.h>
43 
44 /* get openssl/ssleay version number */
45 #include <openssl/opensslv.h>
46 
47 #if !defined(OPENSSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x0090813fL)
48 #error OpenSSL version 0.9.8s or later required.
49 #endif
50 
51 #include <openssl/pem.h>
52 #include <openssl/evp.h>
53 #include <openssl/x509.h>
54 #include <openssl/x509v3.h>
55 #include <openssl/x509_vfy.h>
56 #include <openssl/bn.h>
57 #include <openssl/dh.h>
58 #include <openssl/md5.h>
59 #include <openssl/sha.h>
60 #include <openssl/hmac.h>
61 #include <openssl/des.h>
62 #include <openssl/crypto.h>
63 #ifdef HAVE_OPENSSL_ENGINE_H
64 #include <openssl/engine.h>
65 #endif
66 #include <openssl/blowfish.h>
67 #include <openssl/cast.h>
68 #include <openssl/err.h>
69 #ifdef HAVE_OPENSSL_RC5_H
70 #include <openssl/rc5.h>
71 #endif
72 #ifdef HAVE_OPENSSL_IDEA_H
73 #include <openssl/idea.h>
74 #endif
75 #if defined(HAVE_OPENSSL_AES_H)
76 #include <openssl/aes.h>
77 #elif defined(HAVE_OPENSSL_RIJNDAEL_H)
78 #include <openssl/rijndael.h>
79 #else
80 #include "crypto/rijndael/rijndael-api-fst.h"
81 #endif
82 #if defined(HAVE_OPENSSL_CAMELLIA_H)
83 #include <openssl/camellia.h>
84 #endif
85 #ifdef WITH_SHA2
86 #ifdef HAVE_OPENSSL_SHA2_H
87 #include <openssl/sha2.h>
88 #else
89 #include "crypto/sha2/sha2.h"
90 #endif
91 #endif
92 #include "plog.h"
93 
94 #define USE_NEW_DES_API
95 
96 #define OpenSSL_BUG()         do { plog(LLV_ERROR, LOCATION, NULL, "OpenSSL function failed\n"); } while(0)
97 
98 #include "var.h"
99 #include "misc.h"
100 #include "vmbuf.h"
101 #include "plog.h"
102 #include "crypto_openssl.h"
103 #include "debug.h"
104 #include "gcmalloc.h"
105 #include "isakmp.h"
106 
107 /*
108  * I hate to cast every parameter to des_xx into void *, but it is
109  * necessary for SSLeay/OpenSSL portability.  It sucks.
110  */
111 
112 static int cb_check_cert_local(int, X509_STORE_CTX *);
113 static int cb_check_cert_remote(int, X509_STORE_CTX *);
114 static X509 *mem2x509(vchar_t *);
115 
116 static caddr_t eay_hmac_init(vchar_t *, const EVP_MD *);
117 
118 /* X509 Certificate */
119 /*
120  * convert the string of the subject name into DER
121  * e.g. str = "C=JP, ST=Kanagawa";
122  */
123 vchar_t *
eay_str2asn1dn(const char * str,int len)124 eay_str2asn1dn(const char *str, int len)
125 {
126           X509_NAME *name;
127           char *buf, *dst;
128           char *field, *value;
129           int i;
130           vchar_t *ret = NULL;
131           caddr_t p;
132 
133           if (len == -1)
134                     len = strlen(str);
135 
136           buf = racoon_malloc(len + 1);
137           if (!buf) {
138                     plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
139                     return NULL;
140           }
141           memcpy(buf, str, len);
142 
143           name = X509_NAME_new();
144 
145           dst = field = &buf[0];
146           value = NULL;
147           for (i = 0; i < len; i++) {
148                     if (buf[i] == '\\') {
149                               /* Escape characters specified in RFC 2253 */
150                               if (i < len - 1 &&
151                                   strchr("\\,=+<>#;", buf[i+1]) != NULL) {
152                                         *dst++ = buf[++i];
153                                         continue;
154                               } else if (i < len - 2) {
155                                         /* RFC 2253 hexpair character escape */
156                                         long u;
157                                         char esc_str[3];
158                                         char *endptr;
159 
160                                         esc_str[0] = buf[++i];
161                                         esc_str[1] = buf[++i];
162                                         esc_str[2] = '\0';
163                                         u = strtol(esc_str, &endptr, 16);
164                                         if (*endptr != '\0' || u < 0 || u > 255)
165                                                   goto err;
166                                         *dst++ = u;
167                                         continue;
168                               } else
169                                         goto err;
170                     }
171                     if (!value && buf[i] == '=') {
172                               *dst = '\0';
173                               dst = value = &buf[i + 1];
174                               continue;
175                     } else if (buf[i] == ',' || buf[i] == '/') {
176                               *dst = '\0';
177 
178                               plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
179                                    field, value);
180 
181                               if (!value) goto err;
182                               if (!X509_NAME_add_entry_by_txt(name, field,
183                                                   (value[0] == '*' && value[1] == 0) ?
184                                                             V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
185                                                   (unsigned char *) value, -1, -1, 0)) {
186                                         plog(LLV_ERROR, LOCATION, NULL,
187                                              "Invalid DN field: %s=%s\n",
188                                              field, value);
189                                         plog(LLV_ERROR, LOCATION, NULL,
190                                              "%s\n", eay_strerror());
191                                         goto err;
192                               }
193 
194                               while (i + 1 < len && buf[i + 1] == ' ') i++;
195                               dst = field = &buf[i + 1];
196                               value = NULL;
197                               continue;
198                     } else {
199                               *dst++  = buf[i];
200                     }
201           }
202           *dst = '\0';
203 
204           plog(LLV_DEBUG, LOCATION, NULL, "DN: %s=%s\n",
205                field, value);
206 
207           if (!value) goto err;
208           if (!X509_NAME_add_entry_by_txt(name, field,
209                               (value[0] == '*' && value[1] == 0) ?
210                                         V_ASN1_PRINTABLESTRING : MBSTRING_ASC,
211                               (unsigned char *) value, -1, -1, 0)) {
212                     plog(LLV_ERROR, LOCATION, NULL,
213                          "Invalid DN field: %s=%s\n",
214                          field, value);
215                     plog(LLV_ERROR, LOCATION, NULL,
216                          "%s\n", eay_strerror());
217                     goto err;
218           }
219 
220           i = i2d_X509_NAME(name, NULL);
221           if (!i)
222                     goto err;
223           ret = vmalloc(i);
224           if (!ret)
225                     goto err;
226           p = ret->v;
227           i = i2d_X509_NAME(name, (void *)&p);
228           if (!i)
229                     goto err;
230 
231           return ret;
232 
233     err:
234           if (buf)
235                     racoon_free(buf);
236           if (name)
237                     X509_NAME_free(name);
238           if (ret)
239                     vfree(ret);
240           return NULL;
241 }
242 
243 /*
244  * convert the hex string of the subject name into DER
245  */
246 vchar_t *
eay_hex2asn1dn(const char * hex,int len)247 eay_hex2asn1dn(const char *hex, int len)
248 {
249           BIGNUM *bn = BN_new();
250           char *binbuf;
251           size_t binlen;
252           vchar_t *ret = NULL;
253 
254           if (len == -1)
255                     len = strlen(hex);
256 
257           if (BN_hex2bn(&bn, hex) != len) {
258                     plog(LLV_ERROR, LOCATION, NULL,
259                          "conversion of Hex-encoded ASN1 string to binary failed: %s\n",
260                          eay_strerror());
261                     goto out;
262           }
263 
264           binlen = BN_num_bytes(bn);
265           ret = vmalloc(binlen);
266           if (!ret) {
267                     plog(LLV_WARNING, LOCATION, NULL,"failed to allocate buffer\n");
268                     return NULL;
269           }
270           binbuf = ret->v;
271 
272           BN_bn2bin(bn, (unsigned char *) binbuf);
273 
274 out:
275           BN_free(bn);
276 
277           return ret;
278 }
279 
280 /*
281  * compare two subjectNames.
282  * OUT:        0: equal
283  *        positive:
284  *              -1: other error.
285  */
286 int
eay_cmp_asn1dn(vchar_t * n1,vchar_t * n2)287 eay_cmp_asn1dn(vchar_t *n1, vchar_t *n2)
288 {
289           X509_NAME *a = NULL, *b = NULL;
290           caddr_t p;
291           char oneLine[512];
292           int i = -1;
293           int idx;
294 
295           p = n1->v;
296           if (!d2i_X509_NAME(&a, (void *)&p, n1->l)) {
297                     plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: first dn not a dn");
298                     goto end;
299           }
300           plog(LLV_DEBUG, LOCATION, NULL, "1st name: %s\n", X509_NAME_oneline(a, oneLine, sizeof(oneLine)));
301           p = n2->v;
302           if (!d2i_X509_NAME(&b, (void *)&p, n2->l)) {
303                     plog(LLV_ERROR, LOCATION, NULL, "eay_cmp_asn1dn: second dn not a dn");
304                     goto end;
305           }
306           plog(LLV_DEBUG, LOCATION, NULL, "2nd name: %s\n", X509_NAME_oneline(b, oneLine, sizeof(oneLine)));
307 
308           /* handle wildcard: do not compare entry content but only entry object type */
309           for(idx = 0; idx < X509_NAME_entry_count(a); idx++) {
310                     X509_NAME_ENTRY *ea = X509_NAME_get_entry(a, idx);
311                     X509_NAME_ENTRY *eb = X509_NAME_get_entry(b, idx);
312                     ASN1_STRING *eda, *edb;
313                     if (!eb) {          /* reached end of eb while still entries in ea, can not be equal... */
314                               i = idx+1;
315                               goto end;
316                     }
317                     eda = X509_NAME_ENTRY_get_data(ea);
318                     edb = X509_NAME_ENTRY_get_data(eb);
319                     if ((eda->length == 1 && eda->data[0] == '*') ||
320                         (edb->length == 1 && edb->data[0] == '*')) {
321                               ASN1_OBJECT *eoa, *eob;
322                               eoa = X509_NAME_ENTRY_get_object(ea);
323                               eob = X509_NAME_ENTRY_get_object(eb);
324                               if (OBJ_cmp(eoa, eob)) {
325                                         i = idx+1;
326                                         goto end;
327                               }
328                               /* OK: object type equals, we don't care for this entry anymore, so let's forget it... */
329                               X509_NAME_delete_entry(a, idx);
330                               X509_NAME_delete_entry(b, idx);
331                               X509_NAME_ENTRY_free(ea);
332                               X509_NAME_ENTRY_free(eb);
333                               idx--;
334                     }
335           }
336           if (X509_NAME_entry_count(a) == 0 && X509_NAME_entry_count(b) == 0)
337                     i = 0;
338           else
339                     i = X509_NAME_cmp(a, b);
340 
341     end:
342           if (a)
343                     X509_NAME_free(a);
344           if (b)
345                     X509_NAME_free(b);
346           return i;
347 }
348 
349 /*
350  * this functions is derived from apps/verify.c in OpenSSL0.9.5
351  */
352 int
eay_check_x509cert(vchar_t * cert,char * CApath,char * CAfile,int local)353 eay_check_x509cert(vchar_t *cert, char *CApath, char *CAfile, int local)
354 {
355           X509_STORE *cert_ctx = NULL;
356           X509_LOOKUP *lookup = NULL;
357           X509 *x509 = NULL;
358           X509_STORE_CTX *csc;
359           int error = -1;
360 
361           cert_ctx = X509_STORE_new();
362           if (cert_ctx == NULL)
363                     goto end;
364 
365           if (local)
366                     X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_local);
367           else
368                     X509_STORE_set_verify_cb_func(cert_ctx, cb_check_cert_remote);
369 
370           lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_file());
371           if (lookup == NULL)
372                     goto end;
373 
374           X509_LOOKUP_load_file(lookup, CAfile,
375               (CAfile == NULL) ? X509_FILETYPE_DEFAULT : X509_FILETYPE_PEM);
376 
377           lookup = X509_STORE_add_lookup(cert_ctx, X509_LOOKUP_hash_dir());
378           if (lookup == NULL)
379                     goto end;
380           error = X509_LOOKUP_add_dir(lookup, CApath, X509_FILETYPE_PEM);
381           if(!error) {
382                     error = -1;
383                     goto end;
384           }
385           error = -1;         /* initialized */
386 
387           /* read the certificate to be verified */
388           x509 = mem2x509(cert);
389           if (x509 == NULL)
390                     goto end;
391 
392           csc = X509_STORE_CTX_new();
393           if (csc == NULL)
394                     goto end;
395           X509_STORE_CTX_init(csc, cert_ctx, x509, NULL);
396           X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK);
397           X509_STORE_CTX_set_flags (csc, X509_V_FLAG_CRL_CHECK_ALL);
398           error = X509_verify_cert(csc);
399           X509_STORE_CTX_free(csc);
400 
401           /*
402            * if x509_verify_cert() is successful then the value of error is
403            * set non-zero.
404            */
405           error = error ? 0 : -1;
406 
407 end:
408           if (error)
409                     plog(LLV_WARNING, LOCATION, NULL,"%s\n", eay_strerror());
410           if (cert_ctx != NULL)
411                     X509_STORE_free(cert_ctx);
412           if (x509 != NULL)
413                     X509_free(x509);
414 
415           return(error);
416 }
417 
418 /*
419  * callback function for verifing certificate.
420  * this function is derived from cb() in openssl/apps/s_server.c
421  */
422 static int
cb_check_cert_local(int ok,X509_STORE_CTX * ctx)423 cb_check_cert_local(int ok, X509_STORE_CTX *ctx)
424 {
425           char buf[256];
426           int log_tag, error;
427 
428           if (!ok) {
429                     X509_NAME_oneline(X509_get_subject_name(
430                         X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
431                     /*
432                      * since we are just checking the certificates, it is
433                      * ok if they are self signed. But we should still warn
434                      * the user.
435                      */
436                     switch (error = X509_STORE_CTX_get_error(ctx)) {
437                     case X509_V_ERR_CERT_HAS_EXPIRED:
438                     case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
439                     case X509_V_ERR_INVALID_CA:
440                     case X509_V_ERR_PATH_LENGTH_EXCEEDED:
441                     case X509_V_ERR_INVALID_PURPOSE:
442                     case X509_V_ERR_UNABLE_TO_GET_CRL:
443                               ok = 1;
444                               log_tag = LLV_WARNING;
445                               break;
446                     default:
447                               log_tag = LLV_ERROR;
448                     }
449                     plog(log_tag, LOCATION, NULL,
450                               "%s(%d) at depth:%d SubjectName:%s\n",
451                               X509_verify_cert_error_string(error), error,
452                               X509_STORE_CTX_get_error_depth(ctx),
453                               buf);
454           }
455           ERR_clear_error();
456 
457           return ok;
458 }
459 
460 /*
461  * callback function for verifing remote certificates.
462  * this function is derived from cb() in openssl/apps/s_server.c
463  */
464 static int
cb_check_cert_remote(int ok,X509_STORE_CTX * ctx)465 cb_check_cert_remote(int ok, X509_STORE_CTX *ctx)
466 {
467           char buf[256];
468           int log_tag, error;
469 
470           if (!ok) {
471                     X509_NAME_oneline(X509_get_subject_name(
472                         X509_STORE_CTX_get_current_cert(ctx)), buf, 256);
473                     switch (error = X509_STORE_CTX_get_error(ctx)) {
474                     case X509_V_ERR_UNABLE_TO_GET_CRL:
475                               ok = 1;
476                               log_tag = LLV_WARNING;
477                               break;
478                     default:
479                               log_tag = LLV_ERROR;
480                     }
481                     plog(log_tag, LOCATION, NULL,
482                               "%s(%d) at depth:%d SubjectName:%s\n",
483                               X509_verify_cert_error_string(error),
484                               error,
485                               X509_STORE_CTX_get_error_depth(ctx),
486                               buf);
487           }
488           ERR_clear_error();
489 
490           return ok;
491 }
492 
493 /*
494  * get a subjectName from X509 certificate.
495  */
496 vchar_t *
eay_get_x509asn1subjectname(vchar_t * cert)497 eay_get_x509asn1subjectname(vchar_t *cert)
498 {
499           X509 *x509 = NULL;
500           X509_NAME *xname;
501           u_char *bp;
502           vchar_t *name = NULL;
503           int len;
504 
505           x509 = mem2x509(cert);
506           if (x509 == NULL)
507                     goto error;
508 
509           /* get the length of the name */
510           xname = X509_get_subject_name(x509);
511           len = i2d_X509_NAME(xname, NULL);
512           name = vmalloc(len);
513           if (!name)
514                     goto error;
515           /* get the name */
516           bp = (unsigned char *) name->v;
517           len = i2d_X509_NAME(xname, &bp);
518 
519           X509_free(x509);
520 
521           return name;
522 
523 error:
524           plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
525 
526           if (name != NULL)
527                     vfree(name);
528 
529           if (x509 != NULL)
530                     X509_free(x509);
531 
532           return NULL;
533 }
534 
535 /*
536  * get the subjectAltName from X509 certificate.
537  * the name must be terminated by '\0'.
538  */
539 int
eay_get_x509subjectaltname(vchar_t * cert,char ** altname,int * type,int pos)540 eay_get_x509subjectaltname(vchar_t *cert, char **altname, int *type, int pos)
541 {
542           X509 *x509 = NULL;
543           GENERAL_NAMES *gens = NULL;
544           GENERAL_NAME *gen;
545           int len;
546           int error = -1;
547 
548           *altname = NULL;
549           *type = GENT_OTHERNAME;
550 
551           x509 = mem2x509(cert);
552           if (x509 == NULL)
553                     goto end;
554 
555           gens = X509_get_ext_d2i(x509, NID_subject_alt_name, NULL, NULL);
556           if (gens == NULL)
557                     goto end;
558 
559           /* there is no data at "pos" */
560           if (pos > sk_GENERAL_NAME_num(gens))
561                     goto end;
562 
563           gen = sk_GENERAL_NAME_value(gens, pos - 1);
564 
565           /* read DNSName / Email */
566           if (gen->type == GEN_DNS      ||
567                     gen->type == GEN_EMAIL        ||
568                     gen->type == GEN_URI )
569           {
570                     /* make sure if the data is terminated by '\0'. */
571                     if (gen->d.ia5->data[gen->d.ia5->length] != '\0')
572                     {
573                               plog(LLV_ERROR, LOCATION, NULL,
574                                          "data is not terminated by NUL.");
575                               racoon_hexdump(gen->d.ia5->data, gen->d.ia5->length + 1);
576                               goto end;
577                     }
578 
579                     len = gen->d.ia5->length + 1;
580                     *altname = racoon_malloc(len);
581                     if (!*altname)
582                               goto end;
583 
584                     strlcpy(*altname, (char *) gen->d.ia5->data, len);
585                     *type = gen->type;
586                     error = 0;
587           }
588           /* read IP address */
589           else if (gen->type == GEN_IPADD)
590           {
591                     switch (gen->d.iPAddress->length) {
592                     case 4: /* IPv4 */
593                               *altname = racoon_malloc(4*3 + 3 + 1); /* digits + decimals + null */
594                               if (!*altname)
595                                         goto end;
596 
597                               snprintf(*altname, 12+3+1, "%u.%u.%u.%u",
598                                        (unsigned)gen->d.iPAddress->data[0],
599                                        (unsigned)gen->d.iPAddress->data[1],
600                                        (unsigned)gen->d.iPAddress->data[2],
601                                        (unsigned)gen->d.iPAddress->data[3]);
602                               break;
603                     case 16: { /* IPv6 */
604                               int i;
605 
606                               *altname = racoon_malloc(16*2 + 7 + 1); /* digits + colons + null */
607                               if (!*altname)
608                                         goto end;
609 
610                               /* Make NULL terminated IPv6 address */
611                               for (i=0; i<16; ++i) {
612                                         int xpos = i*2 + i/2;
613 
614                                         if (i>0 && i%2==0)
615                                                   (*altname)[xpos-1] = ':';
616 
617                                         snprintf(*altname + xpos, 3, "%02x",
618                                                  (unsigned)gen->d.iPAddress->data[i]);
619 
620                               }
621                               plog(LLV_INFO, LOCATION, NULL,
622                                    "Remote X509 IPv6 addr: %s", *altname);
623                               break;
624                     }
625                     default:
626                               plog(LLV_ERROR, LOCATION, NULL,
627                                    "Unknown IP address length: %u octects.",
628                                    gen->d.iPAddress->length);
629                               goto end;
630                     }
631 
632                     *type = gen->type;
633                     error = 0;
634           }
635           /* XXX other possible types ?
636            * For now, error will be -1 if unsupported type
637            */
638 
639 end:
640           if (error) {
641                     if (*altname) {
642                               racoon_free(*altname);
643                               *altname = NULL;
644                     }
645                     plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
646           }
647           if (x509)
648                     X509_free(x509);
649           if (gens)
650                     /* free the whole stack. */
651                     sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
652 
653           return error;
654 }
655 
656 /*
657  * get a issuerName from X509 certificate.
658  */
659 vchar_t *
eay_get_x509asn1issuername(vchar_t * cert)660 eay_get_x509asn1issuername(vchar_t *cert)
661 {
662           X509 *x509 = NULL;
663           X509_NAME *xissuer;
664           u_char *bp;
665           vchar_t *name = NULL;
666           int len;
667 
668           x509 = mem2x509(cert);
669           if (x509 == NULL)
670                     goto error;
671 
672           /* get the length of the name */
673           xissuer = X509_get_issuer_name(x509);
674           len = i2d_X509_NAME(xissuer, NULL);
675           name = vmalloc(len);
676           if (name == NULL)
677                     goto error;
678 
679           /* get the name */
680           bp = (unsigned char *) name->v;
681           len = i2d_X509_NAME(xissuer, &bp);
682 
683           X509_free(x509);
684 
685           return name;
686 
687 error:
688           plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
689 
690           if (name != NULL)
691                     vfree(name);
692           if (x509 != NULL)
693                     X509_free(x509);
694 
695           return NULL;
696 }
697 
698 /*
699  * decode a X509 certificate and make a readable text terminated '\n'.
700  * return the buffer allocated, so must free it later.
701  */
702 char *
eay_get_x509text(vchar_t * cert)703 eay_get_x509text(vchar_t *cert)
704 {
705           X509 *x509 = NULL;
706           BIO *bio = NULL;
707           char *text = NULL;
708           u_char *bp = NULL;
709           long len = 0;
710           int error = -1;
711 
712           x509 = mem2x509(cert);
713           if (x509 == NULL)
714                     goto end;
715 
716           bio = BIO_new(BIO_s_mem());
717           if (bio == NULL)
718                     goto end;
719 
720           error = X509_print(bio, x509);
721           if (error != 1) {
722                     error = -1;
723                     goto end;
724           }
725 
726           len = BIO_get_mem_data(bio, &bp);
727           text = racoon_malloc(len + 1);
728           if (text == NULL)
729                     goto end;
730           memcpy(text, bp, len);
731           text[len] = '\0';
732 
733           error = 0;
734 
735     end:
736           if (error) {
737                     if (text) {
738                               racoon_free(text);
739                               text = NULL;
740                     }
741                     plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
742           }
743           if (bio)
744                     BIO_free(bio);
745           if (x509)
746                     X509_free(x509);
747 
748           return text;
749 }
750 
751 /* get X509 structure from buffer. */
752 static X509 *
mem2x509(vchar_t * cert)753 mem2x509(vchar_t *cert)
754 {
755           X509 *x509;
756 
757 #ifndef EAYDEBUG
758     {
759           u_char *bp;
760 
761           bp = (unsigned char *) cert->v + 1;
762 
763           x509 = d2i_X509(NULL, (void *)&bp, cert->l - 1);
764     }
765 #else
766     {
767           BIO *bio;
768           int len;
769 
770           bio = BIO_new(BIO_s_mem());
771           if (bio == NULL)
772                     return NULL;
773           len = BIO_write(bio, cert->v + 1, cert->l - 1);
774           if (len == -1)
775                     return NULL;
776           x509 = PEM_read_bio_X509(bio, NULL, NULL, NULL);
777           BIO_free(bio);
778     }
779 #endif
780           return x509;
781 }
782 
783 /*
784  * get a X509 certificate from local file.
785  * a certificate must be PEM format.
786  * Input:
787  *        path to a certificate.
788  * Output:
789  *        NULL if error occured
790  *        other is the cert.
791  */
792 vchar_t *
eay_get_x509cert(char * path)793 eay_get_x509cert(char *path)
794 {
795           FILE *fp;
796           X509 *x509;
797           vchar_t *cert;
798           u_char *bp;
799           int len;
800           int error;
801 
802           /* Read private key */
803           fp = fopen(path, "r");
804           if (fp == NULL)
805                     return NULL;
806           x509 = PEM_read_X509(fp, NULL, NULL, NULL);
807           fclose (fp);
808 
809           if (x509 == NULL)
810                     return NULL;
811 
812           len = i2d_X509(x509, NULL);
813           cert = vmalloc(len + 1);
814           if (cert == NULL) {
815                     X509_free(x509);
816                     return NULL;
817           }
818           cert->v[0] = ISAKMP_CERT_X509SIGN;
819           bp = (unsigned char *) &cert->v[1];
820           error = i2d_X509(x509, &bp);
821           X509_free(x509);
822 
823           if (error == 0) {
824                     vfree(cert);
825                     return NULL;
826           }
827 
828           return cert;
829 }
830 
831 /*
832  * check a X509 signature
833  *        XXX: to be get hash type from my cert ?
834  *                  to be handled EVP_dss().
835  * OUT: return -1 when error.
836  *        0
837  */
838 int
eay_check_x509sign(vchar_t * source,vchar_t * sig,vchar_t * cert)839 eay_check_x509sign(vchar_t *source, vchar_t *sig, vchar_t *cert)
840 {
841           X509 *x509;
842           EVP_PKEY *evp;
843           int res;
844 
845           x509 = mem2x509(cert);
846           if (x509 == NULL)
847                     return -1;
848 
849           evp = X509_get_pubkey(x509);
850           if (! evp) {
851                     plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey(): %s\n", eay_strerror());
852                     X509_free(x509);
853                     return -1;
854           }
855 
856           res = eay_rsa_verify(source, sig, __UNCONST(EVP_PKEY_get0_RSA(evp)));
857 
858           EVP_PKEY_free(evp);
859           X509_free(x509);
860 
861           return res;
862 }
863 
864 /*
865  * check RSA signature
866  * OUT: return -1 when error.
867  *        0 on success
868  */
869 int
eay_check_rsasign(vchar_t * source,vchar_t * sig,RSA * rsa)870 eay_check_rsasign(vchar_t *source, vchar_t *sig, RSA *rsa)
871 {
872           return eay_rsa_verify(source, sig, rsa);
873 }
874 
875 /*
876  * get PKCS#1 Private Key of PEM format from local file.
877  */
878 vchar_t *
eay_get_pkcs1privkey(char * path)879 eay_get_pkcs1privkey(char *path)
880 {
881           FILE *fp;
882           EVP_PKEY *evp = NULL;
883           vchar_t *pkey = NULL;
884           u_char *bp;
885           int pkeylen;
886           int error = -1;
887 
888           /* Read private key */
889           fp = fopen(path, "r");
890           if (fp == NULL)
891                     return NULL;
892 
893           evp = PEM_read_PrivateKey(fp, NULL, NULL, NULL);
894 
895           fclose (fp);
896 
897           if (evp == NULL)
898                     return NULL;
899 
900           pkeylen = i2d_PrivateKey(evp, NULL);
901           if (pkeylen == 0)
902                     goto end;
903           pkey = vmalloc(pkeylen);
904           if (pkey == NULL)
905                     goto end;
906           bp = (unsigned char *) pkey->v;
907           pkeylen = i2d_PrivateKey(evp, &bp);
908           if (pkeylen == 0)
909                     goto end;
910 
911           error = 0;
912 
913 end:
914           if (evp != NULL)
915                     EVP_PKEY_free(evp);
916           if (error != 0 && pkey != NULL) {
917                     vfree(pkey);
918                     pkey = NULL;
919           }
920 
921           return pkey;
922 }
923 
924 /*
925  * get PKCS#1 Public Key of PEM format from local file.
926  */
927 vchar_t *
eay_get_pkcs1pubkey(char * path)928 eay_get_pkcs1pubkey(char *path)
929 {
930           FILE *fp;
931           EVP_PKEY *evp = NULL;
932           vchar_t *pkey = NULL;
933           X509 *x509 = NULL;
934           u_char *bp;
935           int pkeylen;
936           int error = -1;
937 
938           /* Read private key */
939           fp = fopen(path, "r");
940           if (fp == NULL)
941                     return NULL;
942 
943           x509 = PEM_read_X509(fp, NULL, NULL, NULL);
944 
945           fclose (fp);
946 
947           if (x509 == NULL)
948                     return NULL;
949 
950           /* Get public key - eay */
951           evp = X509_get_pubkey(x509);
952           if (evp == NULL)
953                     return NULL;
954 
955           pkeylen = i2d_PublicKey(evp, NULL);
956           if (pkeylen == 0)
957                     goto end;
958           pkey = vmalloc(pkeylen);
959           if (pkey == NULL)
960                     goto end;
961           bp = (unsigned char *) pkey->v;
962           pkeylen = i2d_PublicKey(evp, &bp);
963           if (pkeylen == 0)
964                     goto end;
965 
966           error = 0;
967 end:
968           if (evp != NULL)
969                     EVP_PKEY_free(evp);
970           if (error != 0 && pkey != NULL) {
971                     vfree(pkey);
972                     pkey = NULL;
973           }
974 
975           return pkey;
976 }
977 
978 vchar_t *
eay_get_x509sign(vchar_t * src,vchar_t * privkey)979 eay_get_x509sign(vchar_t *src, vchar_t *privkey)
980 {
981           EVP_PKEY *evp;
982           u_char *bp = (unsigned char *) privkey->v;
983           vchar_t *sig = NULL;
984 
985           /* XXX to be handled EVP_PKEY_DSA */
986           evp = d2i_PrivateKey(EVP_PKEY_RSA, NULL, (void *)&bp, privkey->l);
987           if (evp == NULL)
988                     return NULL;
989 
990           sig = eay_rsa_sign(src, __UNCONST(EVP_PKEY_get0_RSA(evp)));
991 
992           EVP_PKEY_free(evp);
993 
994           return sig;
995 }
996 
997 vchar_t *
eay_get_rsasign(vchar_t * src,RSA * rsa)998 eay_get_rsasign(vchar_t *src, RSA *rsa)
999 {
1000           return eay_rsa_sign(src, rsa);
1001 }
1002 
1003 vchar_t *
eay_rsa_sign(vchar_t * src,RSA * rsa)1004 eay_rsa_sign(vchar_t *src, RSA *rsa)
1005 {
1006           int len;
1007           vchar_t *sig = NULL;
1008           int pad = RSA_PKCS1_PADDING;
1009 
1010           len = RSA_size(rsa);
1011 
1012           sig = vmalloc(len);
1013           if (sig == NULL)
1014                     return NULL;
1015 
1016           len = RSA_private_encrypt(src->l, (unsigned char *) src->v,
1017                               (unsigned char *) sig->v, rsa, pad);
1018 
1019           if (len == 0 || len != sig->l) {
1020                     vfree(sig);
1021                     sig = NULL;
1022           }
1023 
1024           return sig;
1025 }
1026 
1027 int
eay_rsa_verify(vchar_t * src,vchar_t * sig,RSA * rsa)1028 eay_rsa_verify(vchar_t *src, vchar_t *sig, RSA *rsa)
1029 {
1030           vchar_t *xbuf = NULL;
1031           int pad = RSA_PKCS1_PADDING;
1032           int len = 0;
1033           int error;
1034 
1035           len = RSA_size(rsa);
1036           xbuf = vmalloc(len);
1037           if (xbuf == NULL) {
1038                     plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1039                     return -1;
1040           }
1041 
1042           len = RSA_public_decrypt(sig->l, (unsigned char *) sig->v,
1043                               (unsigned char *) xbuf->v, rsa, pad);
1044           if (len == 0 || len != src->l) {
1045                     plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
1046                     vfree(xbuf);
1047                     return -1;
1048           }
1049 
1050           error = memcmp(src->v, xbuf->v, src->l);
1051           vfree(xbuf);
1052           if (error != 0)
1053                     return -1;
1054 
1055           return 0;
1056 }
1057 
1058 /*
1059  * get error string
1060  * MUST load ERR_load_crypto_strings() first.
1061  */
1062 char *
eay_strerror(void)1063 eay_strerror(void)
1064 {
1065           static char ebuf[512];
1066           int len = 0, n;
1067           unsigned long l;
1068           char buf[200];
1069           const char *file, *data;
1070           int line, flags;
1071           unsigned long es;
1072 
1073           es = CRYPTO_thread_id();
1074 
1075           while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
1076                     n = snprintf(ebuf + len, sizeof(ebuf) - len,
1077                                         "%lu:%s:%s:%d:%s ",
1078                                         es, ERR_error_string(l, buf), file, line,
1079                                         (flags & ERR_TXT_STRING) ? data : "");
1080                     if (n < 0 || n >= sizeof(ebuf) - len)
1081                               break;
1082                     len += n;
1083                     if (sizeof(ebuf) < len)
1084                               break;
1085           }
1086 
1087           return ebuf;
1088 }
1089 
1090 vchar_t *
evp_crypt(vchar_t * data,vchar_t * key,vchar_t * iv,const EVP_CIPHER * e,int enc)1091 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
1092 {
1093           vchar_t *res;
1094           EVP_CIPHER_CTX *ctx;
1095 
1096           if (!e)
1097                     return NULL;
1098 
1099           if (data->l % EVP_CIPHER_block_size(e))
1100                     return NULL;
1101 
1102           if ((res = vmalloc(data->l)) == NULL)
1103                     return NULL;
1104 
1105           ctx = EVP_CIPHER_CTX_new();
1106           if (ctx == NULL)
1107                     return NULL;
1108 
1109           switch(EVP_CIPHER_nid(e)){
1110           case NID_bf_cbc:
1111           case NID_bf_ecb:
1112           case NID_bf_cfb64:
1113           case NID_bf_ofb64:
1114           case NID_cast5_cbc:
1115           case NID_cast5_ecb:
1116           case NID_cast5_cfb64:
1117           case NID_cast5_ofb64:
1118                     /* XXX: can we do that also for algos with a fixed key size ?
1119                      */
1120                     /* init context without key/iv
1121                      */
1122                     if (!EVP_CipherInit(ctx, e, NULL, NULL, enc))
1123                               goto out;
1124 
1125                     /* update key size
1126                      */
1127                     if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l))
1128                               goto out;
1129 
1130                     /* finalize context init with desired key size
1131                      */
1132                     if (!EVP_CipherInit(ctx, NULL, (u_char *)key->v,
1133                         (u_char *)iv->v, enc))
1134                               goto out;
1135                     break;
1136           default:
1137                     if (!EVP_CipherInit(ctx, e, (u_char *) key->v,
1138                         (u_char *) iv->v, enc))
1139                         goto out;
1140           }
1141 
1142           /* disable openssl padding */
1143           EVP_CIPHER_CTX_set_padding(ctx, 0);
1144 
1145           if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l))
1146                     goto out;
1147 
1148           EVP_CIPHER_CTX_free(ctx);
1149 
1150           return res;
1151 out:
1152           EVP_CIPHER_CTX_free(ctx);
1153           OpenSSL_BUG();
1154           vfree(res);
1155           return NULL;
1156 }
1157 
1158 int
evp_weakkey(vchar_t * key __unused,const EVP_CIPHER * e __unused)1159 evp_weakkey(vchar_t *key __unused, const EVP_CIPHER *e __unused)
1160 {
1161           return 0;
1162 }
1163 
1164 int
evp_keylen(int len,const EVP_CIPHER * e)1165 evp_keylen(int len, const EVP_CIPHER *e)
1166 {
1167           if (!e)
1168                     return -1;
1169           /* EVP functions return lengths in bytes, ipsec-tools
1170            * uses lengths in bits, therefore conversion is required. --AK
1171            */
1172           if (len != 0 && len != (EVP_CIPHER_key_length(e) << 3))
1173                     return -1;
1174 
1175           return EVP_CIPHER_key_length(e) << 3;
1176 }
1177 
1178 /*
1179  * DES-CBC
1180  */
1181 vchar_t *
eay_des_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1182 eay_des_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1183 {
1184           return evp_crypt(data, key, iv, EVP_des_cbc(), 1);
1185 }
1186 
1187 vchar_t *
eay_des_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1188 eay_des_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1189 {
1190           return evp_crypt(data, key, iv, EVP_des_cbc(), 0);
1191 }
1192 
1193 int
eay_des_weakkey(vchar_t * key)1194 eay_des_weakkey(vchar_t *key)
1195 {
1196 #ifdef USE_NEW_DES_API
1197           return DES_is_weak_key((void *)key->v);
1198 #else
1199           return des_is_weak_key((void *)key->v);
1200 #endif
1201 }
1202 
1203 int
eay_des_keylen(int len)1204 eay_des_keylen(int len)
1205 {
1206           return evp_keylen(len, EVP_des_cbc());
1207 }
1208 
1209 #ifdef HAVE_OPENSSL_IDEA_H
1210 /*
1211  * IDEA-CBC
1212  */
1213 vchar_t *
eay_idea_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1214 eay_idea_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1215 {
1216           vchar_t *res;
1217           IDEA_KEY_SCHEDULE ks;
1218 
1219           idea_set_encrypt_key((unsigned char *)key->v, &ks);
1220 
1221           /* allocate buffer for result */
1222           if ((res = vmalloc(data->l)) == NULL)
1223                     return NULL;
1224 
1225           /* encrypt data */
1226           idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1227                               &ks, (unsigned char *)iv->v, IDEA_ENCRYPT);
1228 
1229           return res;
1230 }
1231 
1232 vchar_t *
eay_idea_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1233 eay_idea_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1234 {
1235           vchar_t *res;
1236           IDEA_KEY_SCHEDULE ks, dks;
1237 
1238           idea_set_encrypt_key((unsigned char *)key->v, &ks);
1239           idea_set_decrypt_key(&ks, &dks);
1240 
1241           /* allocate buffer for result */
1242           if ((res = vmalloc(data->l)) == NULL)
1243                     return NULL;
1244 
1245           /* decryption data */
1246           idea_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1247                               &dks, (unsigned char *)iv->v, IDEA_DECRYPT);
1248 
1249           return res;
1250 }
1251 
1252 int
eay_idea_weakkey(vchar_t * key __unused)1253 eay_idea_weakkey(vchar_t *key __unused)
1254 {
1255           return 0;       /* XXX */
1256 }
1257 
1258 int
eay_idea_keylen(int len)1259 eay_idea_keylen(int len)
1260 {
1261           if (len != 0 && len != 128)
1262                     return -1;
1263           return 128;
1264 }
1265 #endif
1266 
1267 /*
1268  * BLOWFISH-CBC
1269  */
1270 vchar_t *
eay_bf_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1271 eay_bf_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1272 {
1273           return evp_crypt(data, key, iv, EVP_bf_cbc(), 1);
1274 }
1275 
1276 vchar_t *
eay_bf_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1277 eay_bf_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1278 {
1279           return evp_crypt(data, key, iv, EVP_bf_cbc(), 0);
1280 }
1281 
1282 int
eay_bf_weakkey(vchar_t * key __unused)1283 eay_bf_weakkey(vchar_t *key __unused)
1284 {
1285           return 0; /* XXX to be done. refer to RFC 2451 */
1286 }
1287 
1288 int
eay_bf_keylen(int len)1289 eay_bf_keylen(int len)
1290 {
1291           if (len == 0)
1292                     return 448;
1293           if (len < 40 || len > 448)
1294                     return -1;
1295           return len;
1296 }
1297 
1298 #ifdef HAVE_OPENSSL_RC5_H
1299 /*
1300  * RC5-CBC
1301  */
1302 vchar_t *
1303 eay_rc5_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1304           vchar_t *data, *key, *iv;
1305 {
1306           vchar_t *res;
1307           RC5_32_KEY ks;
1308 
1309           /* in RFC 2451, there is information about the number of round. */
1310           RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1311 
1312           /* allocate buffer for result */
1313           if ((res = vmalloc(data->l)) == NULL)
1314                     return NULL;
1315 
1316           /* encrypt data */
1317           RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1318                     &ks, (unsigned char *)iv->v, RC5_ENCRYPT);
1319 
1320           return res;
1321 }
1322 
1323 vchar_t *
1324 eay_rc5_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1325           vchar_t *data, *key, *iv;
1326 {
1327           vchar_t *res;
1328           RC5_32_KEY ks;
1329 
1330           /* in RFC 2451, there is information about the number of round. */
1331           RC5_32_set_key(&ks, key->l, (unsigned char *)key->v, 16);
1332 
1333           /* allocate buffer for result */
1334           if ((res = vmalloc(data->l)) == NULL)
1335                     return NULL;
1336 
1337           /* decryption data */
1338           RC5_32_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l,
1339                     &ks, (unsigned char *)iv->v, RC5_DECRYPT);
1340 
1341           return res;
1342 }
1343 
1344 int
1345 eay_rc5_weakkey(vchar_t *key)
1346           vchar_t *key;
1347 {
1348           return 0;       /* No known weak keys when used with 16 rounds. */
1349 
1350 }
1351 
1352 int
eay_rc5_keylen(len)1353 eay_rc5_keylen(len)
1354           int len;
1355 {
1356           if (len == 0)
1357                     return 128;
1358           if (len < 40 || len > 2040)
1359                     return -1;
1360           return len;
1361 }
1362 #endif
1363 
1364 /*
1365  * 3DES-CBC
1366  */
1367 vchar_t *
eay_3des_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1368 eay_3des_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1369 {
1370           return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 1);
1371 }
1372 
1373 vchar_t *
eay_3des_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1374 eay_3des_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1375 {
1376           return evp_crypt(data, key, iv, EVP_des_ede3_cbc(), 0);
1377 }
1378 
1379 int
eay_3des_weakkey(vchar_t * key)1380 eay_3des_weakkey(vchar_t *key)
1381 {
1382 #ifdef USE_NEW_DES_API
1383           return (DES_is_weak_key((void *)key->v) ||
1384               DES_is_weak_key((void *)(key->v + 8)) ||
1385               DES_is_weak_key((void *)(key->v + 16)));
1386 #else
1387           if (key->l < 24)
1388                     return 0;
1389 
1390           return (des_is_weak_key((void *)key->v) ||
1391               des_is_weak_key((void *)(key->v + 8)) ||
1392               des_is_weak_key((void *)(key->v + 16)));
1393 #endif
1394 }
1395 
1396 int
eay_3des_keylen(int len)1397 eay_3des_keylen(int len)
1398 {
1399           if (len != 0 && len != 192)
1400                     return -1;
1401           return 192;
1402 }
1403 
1404 /*
1405  * CAST-CBC
1406  */
1407 vchar_t *
eay_cast_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1408 eay_cast_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1409 {
1410           return evp_crypt(data, key, iv, EVP_cast5_cbc(), 1);
1411 }
1412 
1413 vchar_t *
eay_cast_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1414 eay_cast_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1415 {
1416           return evp_crypt(data, key, iv, EVP_cast5_cbc(), 0);
1417 }
1418 
1419 /*ARGSUSED*/
1420 int
eay_cast_weakkey(vchar_t * key __unused)1421 eay_cast_weakkey(vchar_t *key __unused)
1422 {
1423           return 0; /* No known weak keys. */
1424 }
1425 
1426 int
eay_cast_keylen(int len)1427 eay_cast_keylen(int len)
1428 {
1429           if (len == 0)
1430                     return 128;
1431           if (len < 40 || len > 128)
1432                     return -1;
1433           return len;
1434 }
1435 
1436 /*
1437  * AES(RIJNDAEL)-CBC
1438  */
1439 #ifndef HAVE_OPENSSL_AES_H
1440 vchar_t *
eay_aes_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1441 eay_aes_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1442 {
1443           vchar_t *res;
1444           keyInstance k;
1445           cipherInstance c;
1446 
1447           memset(&k, 0, sizeof(k));
1448           if (rijndael_makeKey(&k, DIR_ENCRYPT, key->l << 3, key->v) < 0)
1449                     return NULL;
1450 
1451           /* allocate buffer for result */
1452           if ((res = vmalloc(data->l)) == NULL)
1453                     return NULL;
1454 
1455           /* encryption data */
1456           memset(&c, 0, sizeof(c));
1457           if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1458                     vfree(res);
1459                     return NULL;
1460           }
1461           if (rijndael_blockEncrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1462                     vfree(res);
1463                     return NULL;
1464           }
1465 
1466           return res;
1467 }
1468 
1469 vchar_t *
1470 eay_aes_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1471           vchar_t *data, *key, *iv;
1472 {
1473           vchar_t *res;
1474           keyInstance k;
1475           cipherInstance c;
1476 
1477           memset(&k, 0, sizeof(k));
1478           if (rijndael_makeKey(&k, DIR_DECRYPT, key->l << 3, key->v) < 0)
1479                     return NULL;
1480 
1481           /* allocate buffer for result */
1482           if ((res = vmalloc(data->l)) == NULL)
1483                     return NULL;
1484 
1485           /* decryption data */
1486           memset(&c, 0, sizeof(c));
1487           if (rijndael_cipherInit(&c, MODE_CBC, iv->v) < 0){
1488                     vfree(res);
1489                     return NULL;
1490           }
1491           if (rijndael_blockDecrypt(&c, &k, data->v, data->l << 3, res->v) < 0){
1492                     vfree(res);
1493                     return NULL;
1494           }
1495 
1496           return res;
1497 }
1498 #else
1499 static inline const EVP_CIPHER *
aes_evp_by_keylen(int keylen)1500 aes_evp_by_keylen(int keylen)
1501 {
1502           switch(keylen) {
1503                     case 16:
1504                     case 128:
1505                               return EVP_aes_128_cbc();
1506                     case 24:
1507                     case 192:
1508                               return EVP_aes_192_cbc();
1509                     case 32:
1510                     case 256:
1511                               return EVP_aes_256_cbc();
1512                     default:
1513                               return NULL;
1514           }
1515 }
1516 
1517 vchar_t *
eay_aes_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1518 eay_aes_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1519 {
1520           return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 1);
1521 }
1522 
1523 vchar_t *
eay_aes_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1524 eay_aes_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1525 {
1526           return evp_crypt(data, key, iv, aes_evp_by_keylen(key->l), 0);
1527 }
1528 #endif
1529 
1530 /*ARGSUSED*/
1531 int
eay_aes_weakkey(vchar_t * key __unused)1532 eay_aes_weakkey(vchar_t *key __unused)
1533 {
1534           return 0;
1535 }
1536 
1537 int
eay_aes_keylen(int len)1538 eay_aes_keylen(int len)
1539 {
1540           if (len == 0)
1541                     return 128;
1542           if (len != 128 && len != 192 && len != 256)
1543                     return -1;
1544           return len;
1545 }
1546 
1547 int
eay_aesgcm_keylen(int len)1548 eay_aesgcm_keylen(int len)
1549 {
1550           /* RFC 4106:
1551            * The size of the KEYMAT for the AES-GCM-ESP MUST be four octets longer
1552            * than is needed for the associated AES key.  The keying material is
1553            * used as follows:
1554            *
1555            * AES-GCM-ESP with a 128 bit key
1556            * The KEYMAT requested for each AES-GCM key is 20 octets.  The first
1557            * 16 octets are the 128-bit AES key, and the remaining four octets
1558            * are used as the salt value in the nonce.
1559            *
1560            * AES-GCM-ESP with a 192 bit key
1561            * The KEYMAT requested for each AES-GCM key is 28 octets.  The first
1562            * 24 octets are the 192-bit AES key, and the remaining four octets
1563            * are used as the salt value in the nonce.
1564            *
1565            * AES-GCM-ESP with a 256 bit key
1566            * The KEYMAT requested for each AES GCM key is 36 octets.  The first
1567            * 32 octets are the 256-bit AES key, and the remaining four octets
1568            * are used as the salt value in the nonce.
1569            */
1570           if (len == 0)
1571                     len = 128;
1572 
1573           if (len != 128 && len != 192 && len != 256)
1574                     return -1;
1575 
1576           return len + 32;
1577 }
1578 
1579 #if defined(HAVE_OPENSSL_CAMELLIA_H)
1580 /*
1581  * CAMELLIA-CBC
1582  */
1583 static inline const EVP_CIPHER *
camellia_evp_by_keylen(int keylen)1584 camellia_evp_by_keylen(int keylen)
1585 {
1586           switch(keylen) {
1587                     case 16:
1588                     case 128:
1589                               return EVP_camellia_128_cbc();
1590                     case 24:
1591                     case 192:
1592                               return EVP_camellia_192_cbc();
1593                     case 32:
1594                     case 256:
1595                               return EVP_camellia_256_cbc();
1596                     default:
1597                               return NULL;
1598           }
1599 }
1600 
1601 vchar_t *
eay_camellia_encrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1602 eay_camellia_encrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1603 {
1604           return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 1);
1605 }
1606 
1607 vchar_t *
eay_camellia_decrypt(vchar_t * data,vchar_t * key,vchar_t * iv)1608 eay_camellia_decrypt(vchar_t *data, vchar_t *key, vchar_t *iv)
1609 {
1610           return evp_crypt(data, key, iv, camellia_evp_by_keylen(key->l), 0);
1611 }
1612 
1613 int
eay_camellia_weakkey(vchar_t * key)1614 eay_camellia_weakkey(vchar_t *key)
1615 {
1616           return 0;
1617 }
1618 
1619 int
eay_camellia_keylen(int len)1620 eay_camellia_keylen(int len)
1621 {
1622           if (len == 0)
1623                     return 128;
1624           if (len != 128 && len != 192 && len != 256)
1625                     return -1;
1626           return len;
1627 }
1628 
1629 #endif
1630 
1631 /* for ipsec part */
1632 int
eay_null_hashlen(void)1633 eay_null_hashlen(void)
1634 {
1635           return 0;
1636 }
1637 
1638 int
eay_kpdk_hashlen(void)1639 eay_kpdk_hashlen(void)
1640 {
1641           return 0;
1642 }
1643 
1644 int
eay_twofish_keylen(int len)1645 eay_twofish_keylen(int len)
1646 {
1647           if (len < 0 || len > 256)
1648                     return -1;
1649           return len;
1650 }
1651 
1652 /*ARGSUSED*/
1653 int
eay_null_keylen(int len __unused)1654 eay_null_keylen(int len __unused)
1655 {
1656           return 0;
1657 }
1658 
1659 /*
1660  * HMAC functions
1661  */
1662 static caddr_t
eay_hmac_init(vchar_t * key,const EVP_MD * md)1663 eay_hmac_init(vchar_t *key, const EVP_MD *md)
1664 {
1665           HMAC_CTX *c = HMAC_CTX_new();
1666 
1667           HMAC_Init_ex(c, key->v, key->l, md, NULL);
1668 
1669           return (caddr_t)c;
1670 }
1671 
eay_hmac_one(vchar_t * key,vchar_t * data,const EVP_MD * type)1672 static vchar_t *eay_hmac_one(vchar_t *key, vchar_t *data, const EVP_MD *type)
1673 {
1674           vchar_t *res;
1675 
1676           if ((res = vmalloc(EVP_MD_size(type))) == 0)
1677                     return NULL;
1678 
1679           if (!HMAC(type, (void *) key->v, key->l,
1680                       (void *) data->v, data->l, (void *) res->v, NULL)) {
1681                     vfree(res);
1682                     return NULL;
1683           }
1684 
1685           return res;
1686 }
1687 
eay_digest_one(vchar_t * data,const EVP_MD * type)1688 static vchar_t *eay_digest_one(vchar_t *data, const EVP_MD *type)
1689 {
1690           vchar_t *res;
1691 
1692           if ((res = vmalloc(EVP_MD_size(type))) == 0)
1693                     return NULL;
1694 
1695           if (!EVP_Digest((void *) data->v, data->l,
1696                               (void *) res->v, NULL, type, NULL)) {
1697                     vfree(res);
1698                     return NULL;
1699           }
1700 
1701           return res;
1702 }
1703 
1704 #ifdef WITH_SHA2
1705 /*
1706  * HMAC SHA2-512
1707  */
1708 vchar_t *
eay_hmacsha2_512_one(vchar_t * key,vchar_t * data)1709 eay_hmacsha2_512_one(vchar_t *key, vchar_t *data)
1710 {
1711           return eay_hmac_one(key, data, EVP_sha2_512());
1712 }
1713 
1714 caddr_t
eay_hmacsha2_512_init(vchar_t * key)1715 eay_hmacsha2_512_init(vchar_t *key)
1716 {
1717           return eay_hmac_init(key, EVP_sha2_512());
1718 }
1719 
1720 void
eay_hmacsha2_512_update(caddr_t c,vchar_t * data)1721 eay_hmacsha2_512_update(caddr_t c, vchar_t *data)
1722 {
1723           HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1724 }
1725 
1726 vchar_t *
eay_hmacsha2_512_final(caddr_t cv)1727 eay_hmacsha2_512_final(caddr_t cv)
1728 {
1729           vchar_t *res;
1730           HMAC_CTX *c = (HMAC_CTX *)cv;
1731           unsigned int l;
1732 
1733           if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1734                     return NULL;
1735 
1736           HMAC_Final(c, (unsigned char *) res->v, &l);
1737           res->l = l;
1738           HMAC_CTX_free(c);
1739 
1740           if (SHA512_DIGEST_LENGTH != res->l) {
1741                     plog(LLV_ERROR, LOCATION, NULL,
1742                               "hmac sha2_512 length mismatch %zd.\n", res->l);
1743                     vfree(res);
1744                     return NULL;
1745           }
1746 
1747           return(res);
1748 }
1749 
1750 /*
1751  * HMAC SHA2-384
1752  */
1753 vchar_t *
eay_hmacsha2_384_one(vchar_t * key,vchar_t * data)1754 eay_hmacsha2_384_one(vchar_t *key, vchar_t *data)
1755 {
1756           return eay_hmac_one(key, data, EVP_sha2_384());
1757 }
1758 
1759 caddr_t
eay_hmacsha2_384_init(vchar_t * key)1760 eay_hmacsha2_384_init(vchar_t *key)
1761 {
1762           return eay_hmac_init(key, EVP_sha2_384());
1763 }
1764 
1765 void
eay_hmacsha2_384_update(caddr_t c,vchar_t * data)1766 eay_hmacsha2_384_update(caddr_t c, vchar_t *data)
1767 {
1768           HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1769 }
1770 
1771 vchar_t *
eay_hmacsha2_384_final(caddr_t cv)1772 eay_hmacsha2_384_final(caddr_t cv)
1773 {
1774           HMAC_CTX *c = (HMAC_CTX *)cv;
1775           vchar_t *res;
1776           unsigned int l;
1777 
1778           if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
1779                     return NULL;
1780 
1781           HMAC_Final(c, (unsigned char *) res->v, &l);
1782           res->l = l;
1783           HMAC_CTX_free(c);
1784 
1785           if (SHA384_DIGEST_LENGTH != res->l) {
1786                     plog(LLV_ERROR, LOCATION, NULL,
1787                               "hmac sha2_384 length mismatch %zd.\n", res->l);
1788                     vfree(res);
1789                     return NULL;
1790           }
1791 
1792           return(res);
1793 }
1794 
1795 /*
1796  */
1797 vchar_t *
eay_hmacsha2_256_one(vchar_t * key,vchar_t * data)1798 eay_hmacsha2_256_one(vchar_t *key, vchar_t *data)
1799 {
1800           return eay_hmac_one(key, data, EVP_sha2_256());
1801 }
1802 
1803 caddr_t
eay_hmacsha2_256_init(vchar_t * key)1804 eay_hmacsha2_256_init(vchar_t *key)
1805 {
1806           return eay_hmac_init(key, EVP_sha2_256());
1807 }
1808 
1809 void
eay_hmacsha2_256_update(caddr_t c,vchar_t * data)1810 eay_hmacsha2_256_update(caddr_t c, vchar_t *data)
1811 {
1812           HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1813 }
1814 
1815 vchar_t *
eay_hmacsha2_256_final(caddr_t cv)1816 eay_hmacsha2_256_final(caddr_t cv)
1817 {
1818           HMAC_CTX *c = (HMAC_CTX *)cv;
1819           vchar_t *res;
1820           unsigned int l;
1821 
1822           if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
1823                     return NULL;
1824 
1825           HMAC_Final(c, (unsigned char *) res->v, &l);
1826           res->l = l;
1827           HMAC_CTX_free(c);
1828 
1829           if (SHA256_DIGEST_LENGTH != res->l) {
1830                     plog(LLV_ERROR, LOCATION, NULL,
1831                               "hmac sha2_256 length mismatch %zd.\n", res->l);
1832                     vfree(res);
1833                     return NULL;
1834           }
1835 
1836           return(res);
1837 }
1838 #endif    /* WITH_SHA2 */
1839 
1840 /*
1841  * HMAC SHA1
1842  */
1843 vchar_t *
eay_hmacsha1_one(vchar_t * key,vchar_t * data)1844 eay_hmacsha1_one(vchar_t *key, vchar_t *data)
1845 {
1846           return eay_hmac_one(key, data, EVP_sha1());
1847 }
1848 
1849 caddr_t
eay_hmacsha1_init(vchar_t * key)1850 eay_hmacsha1_init(vchar_t *key)
1851 {
1852           return eay_hmac_init(key, EVP_sha1());
1853 }
1854 
1855 void
eay_hmacsha1_update(caddr_t c,vchar_t * data)1856 eay_hmacsha1_update(caddr_t c, vchar_t *data)
1857 {
1858           HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1859 }
1860 
1861 vchar_t *
eay_hmacsha1_final(caddr_t cv)1862 eay_hmacsha1_final(caddr_t cv)
1863 {
1864           HMAC_CTX *c = (HMAC_CTX *)cv;
1865           vchar_t *res;
1866           unsigned int l;
1867 
1868           if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
1869                     return NULL;
1870 
1871           HMAC_Final(c, (unsigned char *) res->v, &l);
1872           res->l = l;
1873           HMAC_CTX_free(c);
1874 
1875           if (SHA_DIGEST_LENGTH != res->l) {
1876                     plog(LLV_ERROR, LOCATION, NULL,
1877                               "hmac sha1 length mismatch %zd.\n", res->l);
1878                     vfree(res);
1879                     return NULL;
1880           }
1881 
1882           return(res);
1883 }
1884 
1885 /*
1886  * HMAC MD5
1887  */
1888 vchar_t *
eay_hmacmd5_one(vchar_t * key,vchar_t * data)1889 eay_hmacmd5_one(vchar_t *key, vchar_t *data)
1890 {
1891           return eay_hmac_one(key, data, EVP_md5());
1892 }
1893 
1894 caddr_t
eay_hmacmd5_init(vchar_t * key)1895 eay_hmacmd5_init(vchar_t *key)
1896 {
1897           return eay_hmac_init(key, EVP_md5());
1898 }
1899 
1900 void
eay_hmacmd5_update(caddr_t c,vchar_t * data)1901 eay_hmacmd5_update(caddr_t c, vchar_t *data)
1902 {
1903           HMAC_Update((HMAC_CTX *)c, (unsigned char *) data->v, data->l);
1904 }
1905 
1906 vchar_t *
eay_hmacmd5_final(caddr_t cv)1907 eay_hmacmd5_final(caddr_t cv)
1908 {
1909           HMAC_CTX *c = (HMAC_CTX *)cv;
1910           vchar_t *res;
1911           unsigned int l;
1912 
1913           if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
1914                     return NULL;
1915 
1916           HMAC_Final(c, (unsigned char *) res->v, &l);
1917           res->l = l;
1918           HMAC_CTX_free(c);
1919 
1920           if (MD5_DIGEST_LENGTH != res->l) {
1921                     plog(LLV_ERROR, LOCATION, NULL,
1922                               "hmac md5 length mismatch %zd.\n", res->l);
1923                     vfree(res);
1924                     return NULL;
1925           }
1926 
1927           return(res);
1928 }
1929 
1930 #ifdef WITH_SHA2
1931 /*
1932  * SHA2-512 functions
1933  */
1934 caddr_t
eay_sha2_512_init(void)1935 eay_sha2_512_init(void)
1936 {
1937           SHA512_CTX *c = racoon_malloc(sizeof(*c));
1938 
1939           SHA512_Init(c);
1940 
1941           return((caddr_t)c);
1942 }
1943 
1944 void
eay_sha2_512_update(caddr_t c,vchar_t * data)1945 eay_sha2_512_update(caddr_t c, vchar_t *data)
1946 {
1947           SHA512_Update((SHA512_CTX *)c, (unsigned char *) data->v, data->l);
1948 
1949           return;
1950 }
1951 
1952 vchar_t *
eay_sha2_512_final(caddr_t c)1953 eay_sha2_512_final(caddr_t c)
1954 {
1955           vchar_t *res;
1956 
1957           if ((res = vmalloc(SHA512_DIGEST_LENGTH)) == 0)
1958                     return(0);
1959 
1960           SHA512_Final((unsigned char *) res->v, (SHA512_CTX *)c);
1961           (void)racoon_free(c);
1962 
1963           return(res);
1964 }
1965 
1966 vchar_t *
eay_sha2_512_one(vchar_t * data)1967 eay_sha2_512_one(vchar_t *data)
1968 {
1969           return eay_digest_one(data, EVP_sha512());
1970 }
1971 
1972 int
eay_sha2_512_hashlen(void)1973 eay_sha2_512_hashlen(void)
1974 {
1975           return SHA512_DIGEST_LENGTH << 3;
1976 }
1977 #endif
1978 
1979 #ifdef WITH_SHA2
1980 /*
1981  * SHA2-384 functions
1982  */
1983 caddr_t
eay_sha2_384_init(void)1984 eay_sha2_384_init(void)
1985 {
1986           SHA384_CTX *c = racoon_malloc(sizeof(*c));
1987 
1988           SHA384_Init(c);
1989 
1990           return((caddr_t)c);
1991 }
1992 
1993 void
eay_sha2_384_update(caddr_t c,vchar_t * data)1994 eay_sha2_384_update(caddr_t c, vchar_t *data)
1995 {
1996           SHA384_Update((SHA384_CTX *)c, (unsigned char *) data->v, data->l);
1997 
1998           return;
1999 }
2000 
2001 vchar_t *
eay_sha2_384_final(caddr_t c)2002 eay_sha2_384_final(caddr_t c)
2003 {
2004           vchar_t *res;
2005 
2006           if ((res = vmalloc(SHA384_DIGEST_LENGTH)) == 0)
2007                     return(0);
2008 
2009           SHA384_Final((unsigned char *) res->v, (SHA384_CTX *)c);
2010           (void)racoon_free(c);
2011 
2012           return(res);
2013 }
2014 
2015 vchar_t *
eay_sha2_384_one(vchar_t * data)2016 eay_sha2_384_one(vchar_t *data)
2017 {
2018           return eay_digest_one(data, EVP_sha2_384());
2019 }
2020 
2021 int
eay_sha2_384_hashlen(void)2022 eay_sha2_384_hashlen(void)
2023 {
2024           return SHA384_DIGEST_LENGTH << 3;
2025 }
2026 #endif
2027 
2028 #ifdef WITH_SHA2
2029 /*
2030  * SHA2-256 functions
2031  */
2032 caddr_t
eay_sha2_256_init(void)2033 eay_sha2_256_init(void)
2034 {
2035           SHA256_CTX *c = racoon_malloc(sizeof(*c));
2036 
2037           SHA256_Init(c);
2038 
2039           return((caddr_t)c);
2040 }
2041 
2042 void
eay_sha2_256_update(caddr_t c,vchar_t * data)2043 eay_sha2_256_update(caddr_t c, vchar_t *data)
2044 {
2045           SHA256_Update((SHA256_CTX *)c, (unsigned char *) data->v, data->l);
2046 
2047           return;
2048 }
2049 
2050 vchar_t *
eay_sha2_256_final(caddr_t c)2051 eay_sha2_256_final(caddr_t c)
2052 {
2053           vchar_t *res;
2054 
2055           if ((res = vmalloc(SHA256_DIGEST_LENGTH)) == 0)
2056                     return(0);
2057 
2058           SHA256_Final((unsigned char *) res->v, (SHA256_CTX *)c);
2059           (void)racoon_free(c);
2060 
2061           return(res);
2062 }
2063 
2064 vchar_t *
eay_sha2_256_one(vchar_t * data)2065 eay_sha2_256_one(vchar_t *data)
2066 {
2067           return eay_digest_one(data, EVP_sha2_256());
2068 }
2069 
2070 int
eay_sha2_256_hashlen(void)2071 eay_sha2_256_hashlen(void)
2072 {
2073           return SHA256_DIGEST_LENGTH << 3;
2074 }
2075 #endif
2076 
2077 /*
2078  * SHA functions
2079  */
2080 caddr_t
eay_sha1_init(void)2081 eay_sha1_init(void)
2082 {
2083           SHA_CTX *c = racoon_malloc(sizeof(*c));
2084 
2085           SHA1_Init(c);
2086 
2087           return((caddr_t)c);
2088 }
2089 
2090 void
eay_sha1_update(caddr_t c,vchar_t * data)2091 eay_sha1_update(caddr_t c, vchar_t *data)
2092 {
2093           SHA1_Update((SHA_CTX *)c, data->v, data->l);
2094 
2095           return;
2096 }
2097 
2098 vchar_t *
eay_sha1_final(caddr_t c)2099 eay_sha1_final(caddr_t c)
2100 {
2101           vchar_t *res;
2102 
2103           if ((res = vmalloc(SHA_DIGEST_LENGTH)) == 0)
2104                     return(0);
2105 
2106           SHA1_Final((unsigned char *) res->v, (SHA_CTX *)c);
2107           (void)racoon_free(c);
2108 
2109           return(res);
2110 }
2111 
2112 vchar_t *
eay_sha1_one(vchar_t * data)2113 eay_sha1_one(vchar_t *data)
2114 {
2115           return eay_digest_one(data, EVP_sha1());
2116 }
2117 
2118 int
eay_sha1_hashlen(void)2119 eay_sha1_hashlen(void)
2120 {
2121           return SHA_DIGEST_LENGTH << 3;
2122 }
2123 
2124 /*
2125  * MD5 functions
2126  */
2127 caddr_t
eay_md5_init(void)2128 eay_md5_init(void)
2129 {
2130           MD5_CTX *c = racoon_malloc(sizeof(*c));
2131 
2132           MD5_Init(c);
2133 
2134           return((caddr_t)c);
2135 }
2136 
2137 void
eay_md5_update(caddr_t c,vchar_t * data)2138 eay_md5_update(caddr_t c, vchar_t *data)
2139 {
2140           MD5_Update((MD5_CTX *)c, data->v, data->l);
2141 
2142           return;
2143 }
2144 
2145 vchar_t *
eay_md5_final(caddr_t c)2146 eay_md5_final(caddr_t c)
2147 {
2148           vchar_t *res;
2149 
2150           if ((res = vmalloc(MD5_DIGEST_LENGTH)) == 0)
2151                     return(0);
2152 
2153           MD5_Final((unsigned char *) res->v, (MD5_CTX *)c);
2154           (void)racoon_free(c);
2155 
2156           return(res);
2157 }
2158 
2159 vchar_t *
eay_md5_one(vchar_t * data)2160 eay_md5_one(vchar_t *data)
2161 {
2162           return eay_digest_one(data, EVP_md5());
2163 }
2164 
2165 int
eay_md5_hashlen(void)2166 eay_md5_hashlen(void)
2167 {
2168           return MD5_DIGEST_LENGTH << 3;
2169 }
2170 
2171 /*
2172  * eay_set_random
2173  *   size: number of bytes.
2174  */
2175 vchar_t *
eay_set_random(uint32_t size)2176 eay_set_random(uint32_t size)
2177 {
2178           BIGNUM *r = NULL;
2179           vchar_t *res = 0;
2180 
2181           if ((r = BN_new()) == NULL)
2182                     goto end;
2183           BN_rand(r, size * 8, 0, 0);
2184           eay_bn2v(&res, r);
2185 
2186 end:
2187           if (r)
2188                     BN_free(r);
2189           return(res);
2190 }
2191 
2192 /* DH */
2193 int
eay_dh_generate(vchar_t * prime,uint32_t ig,u_int publen,vchar_t ** pub,vchar_t ** priv)2194 eay_dh_generate(vchar_t *prime, uint32_t ig, u_int publen, vchar_t **pub,
2195     vchar_t **priv)
2196 {
2197           BIGNUM *p = NULL, *g = NULL;
2198           const BIGNUM *pub_key, *priv_key;
2199           DH *dh = NULL;
2200           int error = -1;
2201 
2202           /* initialize */
2203           /* pre-process to generate number */
2204           if (eay_v2bn(&p, prime) < 0)
2205                     goto end;
2206 
2207           if ((dh = DH_new()) == NULL)
2208                     goto end;
2209           if ((g = BN_new()) == NULL)
2210                     goto end;
2211           if (!BN_set_word(g, ig))
2212                     goto end;
2213           if (!DH_set0_pqg(dh, p, NULL, g))
2214                     goto end;
2215           p = g = NULL;
2216 
2217           if (publen != 0)
2218                     DH_set_length(dh, publen);
2219 
2220           /* generate public and private number */
2221           if (!DH_generate_key(dh))
2222                     goto end;
2223 
2224           DH_get0_key(dh, &pub_key, &priv_key);
2225 
2226           /* copy results to buffers */
2227           if (eay_bn2v(pub, __UNCONST(pub_key)) < 0)
2228                     goto end;
2229           if (eay_bn2v(priv, __UNCONST(priv_key)) < 0) {
2230                     vfree(*pub);
2231                     goto end;
2232           }
2233 
2234           error = 0;
2235 
2236 end:
2237           if (dh != NULL)
2238                     DH_free(dh);
2239           BN_free(p);
2240           BN_free(g);
2241           return(error);
2242 }
2243 
2244 int
eay_dh_compute(vchar_t * prime,uint32_t ig,vchar_t * pub,vchar_t * priv,vchar_t * pub2,vchar_t ** key)2245 eay_dh_compute(vchar_t *prime, uint32_t ig, vchar_t *pub, vchar_t *priv,
2246     vchar_t *pub2, vchar_t **key)
2247 {
2248           BIGNUM *dh_pub = NULL;
2249           BIGNUM *p = NULL, *g = NULL, *pub_key = NULL, *priv_key = NULL;
2250           DH *dh = NULL;
2251           int l;
2252           unsigned char *v = NULL;
2253           int error = -1;
2254 
2255           /* make public number to compute */
2256           if (eay_v2bn(&dh_pub, pub2) < 0)
2257                     goto end;
2258 
2259           /* make DH structure */
2260           if ((dh = DH_new()) == NULL)
2261                     goto end;
2262           if (eay_v2bn(&p, prime) < 0)
2263                     goto end;
2264 
2265           if (eay_v2bn(&pub_key, pub) < 0)
2266                     goto end;
2267           if (eay_v2bn(&priv_key, priv) < 0)
2268                     goto end;
2269 
2270           DH_set_length(dh, pub2->l * 8);
2271 
2272           if ((g = BN_new()) == NULL)
2273                     goto end;
2274           if (!BN_set_word(g, ig))
2275                     goto end;
2276 
2277           if (!DH_set0_pqg(dh, p, NULL, g))
2278                     goto end;
2279           p = g = NULL;
2280 
2281           if (!DH_set0_key(dh, pub_key, priv_key))
2282                     goto end;
2283           pub_key = priv_key = NULL;
2284 
2285           if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
2286                     goto end;
2287 
2288           if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
2289                     goto end;
2290           memcpy((*key)->v + (prime->l - l), v, l);
2291 
2292           error = 0;
2293 
2294 end:
2295           BN_free(dh_pub);
2296           BN_free(pub_key);
2297           BN_free(priv_key);
2298           BN_free(p);
2299           BN_free(g);
2300           if (dh != NULL)
2301                     DH_free(dh);
2302           if (v != NULL)
2303                     racoon_free(v);
2304           return error;
2305 }
2306 
2307 /*
2308  * convert vchar_t <-> BIGNUM.
2309  *
2310  * vchar_t: unit is u_char, network endian, most significant byte first.
2311  * BIGNUM: unit is BN_ULONG, each of BN_ULONG is in host endian,
2312  *        least significant BN_ULONG must come first.
2313  *
2314  * hex value of "0x3ffe050104" is represented as follows:
2315  *        vchar_t: 3f fe 05 01 04
2316  *        BIGNUM (BN_ULONG = uint8_t): 04 01 05 fe 3f
2317  *        BIGNUM (BN_ULONG = uint16_t): 0x0104 0xfe05 0x003f
2318  *        BIGNUM (BN_ULONG = uint32_t_t): 0xfe050104 0x0000003f
2319  */
2320 int
eay_v2bn(BIGNUM ** bn,vchar_t * var)2321 eay_v2bn(BIGNUM **bn, vchar_t *var)
2322 {
2323           if ((*bn = BN_bin2bn((unsigned char *) var->v, var->l, NULL)) == NULL)
2324                     return -1;
2325 
2326           return 0;
2327 }
2328 
2329 int
eay_bn2v(vchar_t ** var,BIGNUM * bn)2330 eay_bn2v(vchar_t **var, BIGNUM *bn)
2331 {
2332           *var = vmalloc(BN_num_bytes(bn));
2333           if (*var == NULL)
2334                     return(-1);
2335 
2336           (*var)->l = BN_bn2bin(bn, (unsigned char *) (*var)->v);
2337 
2338           return 0;
2339 }
2340 
2341 void
eay_init(void)2342 eay_init(void)
2343 {
2344           OpenSSL_add_all_algorithms();
2345           ERR_load_crypto_strings();
2346 #ifdef HAVE_OPENSSL_ENGINE_H
2347           ENGINE_load_builtin_engines();
2348           ENGINE_register_all_complete();
2349 #endif
2350 }
2351 
2352 vchar_t *
base64_decode(char * in,long inlen)2353 base64_decode(char *in, long inlen)
2354 {
2355           BIO *bio=NULL, *b64=NULL;
2356           vchar_t *res = NULL;
2357           char *outb;
2358           long outlen;
2359 
2360           outb = malloc(inlen * 2);
2361           if (outb == NULL)
2362                     goto out;
2363           bio = BIO_new_mem_buf(in, inlen);
2364           b64 = BIO_new(BIO_f_base64());
2365           BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2366           bio = BIO_push(b64, bio);
2367 
2368           outlen = BIO_read(bio, outb, inlen * 2);
2369           if (outlen <= 0) {
2370                     plog(LLV_ERROR, LOCATION, NULL, "%s\n", eay_strerror());
2371                     goto out;
2372           }
2373 
2374           res = vmalloc(outlen);
2375           if (!res)
2376                     goto out;
2377 
2378           memcpy(res->v, outb, outlen);
2379 
2380 out:
2381           if (outb)
2382                     free(outb);
2383           if (bio)
2384                     BIO_free_all(bio);
2385 
2386           return res;
2387 }
2388 
2389 vchar_t *
base64_encode(char * in,long inlen)2390 base64_encode(char *in, long inlen)
2391 {
2392           BIO *bio=NULL, *b64=NULL;
2393           char *ptr;
2394           long plen = -1;
2395           vchar_t *res = NULL;
2396 
2397           bio = BIO_new(BIO_s_mem());
2398           b64 = BIO_new(BIO_f_base64());
2399           BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL);
2400           bio = BIO_push(b64, bio);
2401 
2402           BIO_write(bio, in, inlen);
2403           (void)BIO_flush(bio);
2404 
2405           plen = BIO_get_mem_data(bio, &ptr);
2406           res = vmalloc(plen+1);
2407           if (!res)
2408                     goto out;
2409 
2410           memcpy (res->v, ptr, plen);
2411           res->v[plen] = '\0';
2412 
2413 out:
2414           if (bio)
2415                     BIO_free_all(bio);
2416 
2417           return res;
2418 }
2419 
2420 static RSA *
binbuf_pubkey2rsa(vchar_t * binbuf)2421 binbuf_pubkey2rsa(vchar_t *binbuf)
2422 {
2423           BIGNUM *exp = NULL, *mod;
2424           RSA *rsa_pub = NULL;
2425 
2426           if (binbuf->v[0] > binbuf->l - 1) {
2427                     plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2428                     goto out;
2429           }
2430 
2431           exp = BN_bin2bn((unsigned char *) (binbuf->v + 1), binbuf->v[0], NULL);
2432           mod = BN_bin2bn((unsigned char *) (binbuf->v + binbuf->v[0] + 1),
2433                               binbuf->l - binbuf->v[0] - 1, NULL);
2434           rsa_pub = RSA_new();
2435 
2436           if (!exp || !mod || !rsa_pub) {
2437                     plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey parsing error: %s\n", eay_strerror());
2438                     goto out;
2439           }
2440 
2441           if (!RSA_set0_key(rsa_pub, mod, exp, NULL))
2442                     goto out;
2443 
2444           return rsa_pub;
2445 out:
2446           BN_free(exp);
2447           RSA_free(rsa_pub);
2448           return NULL;
2449 }
2450 
2451 RSA *
base64_pubkey2rsa(char * in)2452 base64_pubkey2rsa(char *in)
2453 {
2454           RSA *rsa_pub = NULL;
2455           vchar_t *binbuf;
2456 
2457           if (strncmp(in, "0s", 2) != 0) {
2458                     plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: doesn't start with '0s'\n");
2459                     return NULL;
2460           }
2461 
2462           binbuf = base64_decode(in + 2, strlen(in + 2));
2463           if (!binbuf) {
2464                     plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: Base64 decoding failed.\n");
2465                     return NULL;
2466           }
2467 
2468           if (binbuf->v[0] > binbuf->l - 1) {
2469                     plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey format error: decoded string doesn't make sense.\n");
2470                     goto out;
2471           }
2472 
2473           rsa_pub = binbuf_pubkey2rsa(binbuf);
2474 
2475 out:
2476           if (binbuf)
2477                     vfree(binbuf);
2478 
2479           return rsa_pub;
2480 }
2481 
2482 RSA *
bignum_pubkey2rsa(BIGNUM * in)2483 bignum_pubkey2rsa(BIGNUM *in)
2484 {
2485           RSA *rsa_pub = NULL;
2486           vchar_t *binbuf;
2487 
2488           binbuf = vmalloc(BN_num_bytes(in));
2489           if (!binbuf) {
2490                     plog(LLV_ERROR, LOCATION, NULL, "Plain RSA pubkey conversion: memory allocation failed..\n");
2491                     return NULL;
2492           }
2493 
2494           BN_bn2bin(in, (unsigned char *) binbuf->v);
2495 
2496           rsa_pub = binbuf_pubkey2rsa(binbuf);
2497 
2498           if (binbuf)
2499                     vfree(binbuf);
2500 
2501           return rsa_pub;
2502 }
2503 
2504 uint32_t
eay_random(void)2505 eay_random(void)
2506 {
2507           uint32_t result;
2508           vchar_t *vrand;
2509 
2510           vrand = eay_set_random(sizeof(result));
2511           memcpy(&result, vrand->v, sizeof(result));
2512           vfree(vrand);
2513 
2514           return result;
2515 }
2516 
2517 const char *
eay_version(void)2518 eay_version(void)
2519 {
2520           return SSLeay_version(SSLEAY_VERSION);
2521 }
2522