[svn-upgrade] Integrating new upstream version, strongswan (4.3.4)

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-10-21 11:14:02 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-10-21 11:14:02 +0000
commit: 7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (patch)
tree: 3291beffa55649f9be28b4a98a7d503d334fbcf2 /src/libstrongswan/plugins/openssl
parent: 41787e147279ff0695e9d759487266a60b80867b (diff)
download: vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.tar.gz
vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.zip
9 files changed, 62 insertions, 13 deletions
diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am
index f331a78eb..25cc5aa1d 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.am
+++ b/src/libstrongswan/plugins/openssl/Makefile.am
@@ -16,6 +16,6 @@ libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
 	openssl_ec_private_key.c openssl_ec_private_key.h \
 	openssl_ec_public_key.c openssl_ec_public_key.h
 
-libstrongswan_openssl_la_LDFLAGS = -module
+libstrongswan_openssl_la_LDFLAGS = -module -avoid-version
 libstrongswan_openssl_la_LIBADD  = -lcrypto
 
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 0ebb5acf0..e6d7b479b 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -78,12 +78,14 @@ ETAGS = etags
 CTAGS = ctags
 DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
 ACLOCAL = @ACLOCAL@
+ALLOCA = @ALLOCA@
 AMTAR = @AMTAR@
 AR = @AR@
 AUTOCONF = @AUTOCONF@
 AUTOHEADER = @AUTOHEADER@
 AUTOMAKE = @AUTOMAKE@
 AWK = @AWK@
+BTLIB = @BTLIB@
 CC = @CC@
 CCDEPMODE = @CCDEPMODE@
 CFLAGS = @CFLAGS@
@@ -148,6 +150,7 @@ RUBYINCLUDE = @RUBYINCLUDE@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
+SOCKLIB = @SOCKLIB@
 STRIP = @STRIP@
 VERSION = @VERSION@
 YACC = @YACC@
@@ -188,7 +191,9 @@ includedir = @includedir@
 infodir = @infodir@
 install_sh = @install_sh@
 ipsecdir = @ipsecdir@
+ipsecgid = @ipsecgid@
 ipsecgroup = @ipsecgroup@
+ipsecuid = @ipsecuid@
 ipsecuser = @ipsecuser@
 libdir = @libdir@
 libexecdir = @libexecdir@
@@ -236,7 +241,7 @@ libstrongswan_openssl_la_SOURCES = openssl_plugin.h openssl_plugin.c \
 	openssl_ec_private_key.c openssl_ec_private_key.h \
 	openssl_ec_public_key.c openssl_ec_public_key.h
 
-libstrongswan_openssl_la_LDFLAGS = -module
+libstrongswan_openssl_la_LDFLAGS = -module -avoid-version
 libstrongswan_openssl_la_LIBADD = -lcrypto
 all: all-am
 
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index 7f48f1009..424fec60a 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -83,6 +83,7 @@ static openssl_algorithm_t encryption_algs[] = {
 /*	{ENCR_DES_IV32, 	"***",			0,	0}, */
 /*	{ENCR_NULL, 		"***",			0,	0}, */ /* handled separately */
 /*	{ENCR_AES_CBC, 		"***",			0,	0}, */ /* handled separately */
+/*	{ENCR_CAMELLIA_CBC,	"***",			0,	0}, */ /* handled separately */
 /*	{ENCR_AES_CTR, 		"***",			0,	0}, */ /* disabled in evp.h */
 	{END_OF_LIST, 		NULL,			0,	0},
 };
@@ -224,6 +225,23 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
 					return NULL;
 			}
 			break;
+		case ENCR_CAMELLIA_CBC:
+			switch (key_size)
+			{
+				case 16:        /* CAMELLIA 128 */
+					this->cipher = EVP_get_cipherbyname("camellia128");
+					break;
+				case 24:        /* CAMELLIA 192 */
+					this->cipher = EVP_get_cipherbyname("camellia192");
+					break;
+				case 32:        /* CAMELLIA 256 */
+					this->cipher = EVP_get_cipherbyname("camellia256"); 
+					break;
+				default:
+					free(this);
+					return NULL;
+			}
+			break;
 		case ENCR_DES_ECB:
 			this->cipher = EVP_des_ecb();
 			break;
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index c93acb75c..082aed9ca 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -108,7 +108,8 @@ error:
  * Convert an EC_POINT to a chunk by concatenating the x and y coordinates of
  * the point. This function allocates memory for the chunk.
  */
-static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, chunk_t *chunk)
+static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point,
+					  chunk_t *chunk, bool x_coordinate_only)
 {
 	BN_CTX *ctx;
 	BIGNUM *x, *y;
@@ -133,6 +134,10 @@ static bool ecp2chunk(const EC_GROUP *group, const EC_POINT *point, chunk_t *chu
 		goto error;
 	}
 	
+	if (x_coordinate_only)
+	{
+		y = NULL;
+	}
 	if (!openssl_bn_cat(EC_FIELD_ELEMENT_LEN(group), x, y, chunk))
 	{
 		goto error;
@@ -160,7 +165,7 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_
 {
 	const BIGNUM *priv_key;
 	EC_POINT *secret = NULL;
-	bool ret = FALSE;
+	bool x_coordinate_only, ret = FALSE;
 	
 	priv_key = EC_KEY_get0_private_key(this->key);
 	if (!priv_key)
@@ -179,7 +184,14 @@ static bool compute_shared_key(private_openssl_ec_diffie_hellman_t *this, chunk_
 		goto error;
 	}
 	
-	if (!ecp2chunk(this->ec_group, secret, shared_secret))
+	/*
+	 * The default setting ecp_x_coordinate_only = TRUE
+	 * applies the following errata for RFC 4753:
+	 * http://www.rfc-editor.org/errata_search.php?eid=9
+	 */
+	x_coordinate_only = lib->settings->get_bool(lib->settings,
+							"libstrongswan.ecp_x_coordinate_only", TRUE);
+	if (!ecp2chunk(this->ec_group, secret, shared_secret, x_coordinate_only))
 	{
 		goto error;
 	}
@@ -219,7 +231,7 @@ static void set_other_public_value(private_openssl_ec_diffie_hellman_t *this, ch
  */
 static void get_my_public_value(private_openssl_ec_diffie_hellman_t *this,chunk_t *value)
 {
-	ecp2chunk(this->ec_group, EC_KEY_get0_public_key(this->key), value);
+	ecp2chunk(this->ec_group, EC_KEY_get0_public_key(this->key), value, FALSE);
 }
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c
index ed3e57957..90a5229d5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c
@@ -65,6 +65,7 @@ static openssl_algorithm_t integrity_algs[] = {
 	{HASH_MD2,		"md2"},
 	{HASH_MD5,		"md5"},
 	{HASH_SHA1,		"sha1"},
+	{HASH_SHA224,	"sha224"},
 	{HASH_SHA256,	"sha256"},
 	{HASH_SHA384,	"sha384"},
 	{HASH_SHA512,	"sha512"},
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index a90dff7f1..ce6716f5a 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -84,7 +84,7 @@ static struct CRYPTO_dynlock_value *create_function(const char *file, int line)
 	struct CRYPTO_dynlock_value *lock;
 	
 	lock = malloc_thing(struct CRYPTO_dynlock_value);
-	lock->mutex = mutex_create(MUTEX_DEFAULT);
+	lock->mutex = mutex_create(MUTEX_TYPE_DEFAULT);
 	return lock;
 }
 
@@ -140,7 +140,7 @@ static void threading_init()
 	mutex = malloc(sizeof(mutex_t*) * num_locks);
 	for (i = 0; i < num_locks; i++)
 	{
-		mutex[i] = mutex_create(MUTEX_DEFAULT);
+		mutex[i] = mutex_create(MUTEX_TYPE_DEFAULT);
 	}
 }
 
@@ -212,6 +212,8 @@ plugin_t *plugin_create()
 	/* crypter */
 	lib->crypto->add_crypter(lib->crypto, ENCR_AES_CBC,
 					(crypter_constructor_t)openssl_crypter_create);
+	lib->crypto->add_crypter(lib->crypto, ENCR_CAMELLIA_CBC,
+					(crypter_constructor_t)openssl_crypter_create);
 	lib->crypto->add_crypter(lib->crypto, ENCR_3DES,
 					(crypter_constructor_t)openssl_crypter_create);
 	lib->crypto->add_crypter(lib->crypto, ENCR_RC5,
@@ -238,6 +240,8 @@ plugin_t *plugin_create()
 					(hasher_constructor_t)openssl_hasher_create);
 	lib->crypto->add_hasher(lib->crypto, HASH_MD5,
 					(hasher_constructor_t)openssl_hasher_create);
+	lib->crypto->add_hasher(lib->crypto, HASH_SHA224,
+					(hasher_constructor_t)openssl_hasher_create);
 	lib->crypto->add_hasher(lib->crypto, HASH_SHA256,
 					(hasher_constructor_t)openssl_hasher_create);
 	lib->crypto->add_hasher(lib->crypto, HASH_SHA384,
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index c5d4142da..95c0ffdc8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -165,6 +165,8 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
 			return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA224:
+			return build_emsa_pkcs1_signature(this, NID_sha224, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA256:
 			return build_emsa_pkcs1_signature(this, NID_sha256, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA384:
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 89912f24c..bc1ba35b6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -143,6 +143,8 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
 			return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
+		case SIGN_RSA_EMSA_PKCS1_SHA224:
+			return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA256:
 			return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA384:
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index bb0c296e1..c8c453f64 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -71,21 +71,26 @@ bool openssl_bn_cat(int len, BIGNUM *a, BIGNUM *b, chunk_t *chunk)
 {
 	int offset;
 	
-	chunk->len = len * 2;
+	chunk->len = len + (b ? len : 0);
 	chunk->ptr = malloc(chunk->len);
 	memset(chunk->ptr, 0, chunk->len);
 	
+	/* convert a */
 	offset = len - BN_num_bytes(a);
 	if (!BN_bn2bin(a, chunk->ptr + offset))
 	{
 		goto error;
 	}
 	
-	offset = len - BN_num_bytes(b);
-	if (!BN_bn2bin(b, chunk->ptr + len + offset))
+	/* optionally convert and concatenate b */
+	if (b)
 	{
-		goto error;
-	}
+		offset = len - BN_num_bytes(b);
+		if (!BN_bn2bin(b, chunk->ptr + len + offset))
+		{
+			goto error;
+		}
+	}	
 	
 	return TRUE;
 error:
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-10-21 11:14:02 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-10-21 11:14:02 +0000
commit	7410d3c6d6a9a1cd7aa55083c938946af6ff9498 (patch)
tree	3291beffa55649f9be28b4a98a7d503d334fbcf2 /src/libstrongswan/plugins/openssl
parent	41787e147279ff0695e9d759487266a60b80867b (diff)
download	vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.tar.gz vyos-strongswan-7410d3c6d6a9a1cd7aa55083c938946af6ff9498.zip