Updated to new upstream version.

author: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-06-23 11:35:38 +0000
committer: Rene Mayrhofer <rene@mayrhofer.eu.org> 2009-06-23 11:35:38 +0000
commit: 7c52c3f35cdbdff58443b994f2f33d13b4d81f57 (patch)
tree: e54a27979ea72ec41702bec2984c2eadac3b8862 /src/libstrongswan/plugins/openssl
parent: 4ef45ba0404dac3773e83af995a5ec584b23d633 (diff)
download: vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.tar.gz
vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.zip
21 files changed, 280 insertions, 227 deletions
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 0af89d377..0ebb5acf0 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.10.1 from Makefile.am.
+# Makefile.in generated by automake 1.10.2 from Makefile.am.
 # @configure_input@
 
 # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -92,6 +92,7 @@ CPPFLAGS = @CPPFLAGS@
 CYGPATH_W = @CYGPATH_W@
 DEFS = @DEFS@
 DEPDIR = @DEPDIR@
+DLLIB = @DLLIB@
 DSYMUTIL = @DSYMUTIL@
 DUMPBIN = @DUMPBIN@
 ECHO_C = @ECHO_C@
@@ -114,6 +115,9 @@ LDFLAGS = @LDFLAGS@
 LEX = @LEX@
 LEXLIB = @LEXLIB@
 LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
+LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@
+LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@
+LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@
 LIBOBJS = @LIBOBJS@
 LIBS = @LIBS@
 LIBTOOL = @LIBTOOL@
@@ -125,6 +129,7 @@ MAKEINFO = @MAKEINFO@
 MKDIR_P = @MKDIR_P@
 NM = @NM@
 NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
 OBJEXT = @OBJEXT@
 OTOOL = @OTOOL@
 OTOOL64 = @OTOOL64@
@@ -138,6 +143,8 @@ PATH_SEPARATOR = @PATH_SEPARATOR@
 PERL = @PERL@
 PKG_CONFIG = @PKG_CONFIG@
 RANLIB = @RANLIB@
+RUBY = @RUBY@
+RUBYINCLUDE = @RUBYINCLUDE@
 SED = @SED@
 SET_MAKE = @SET_MAKE@
 SHELL = @SHELL@
@@ -198,6 +205,7 @@ oldincludedir = @oldincludedir@
 pdfdir = @pdfdir@
 piddir = @piddir@
 plugindir = @plugindir@
+pluto_plugins = @pluto_plugins@
 prefix = @prefix@
 program_transform_name = @program_transform_name@
 psdir = @psdir@
@@ -209,6 +217,7 @@ srcdir = @srcdir@
 strongswan_conf = @strongswan_conf@
 sysconfdir = @sysconfdir@
 target_alias = @target_alias@
+top_build_prefix = @top_build_prefix@
 top_builddir = @top_builddir@
 top_srcdir = @top_srcdir@
 xml_CFLAGS = @xml_CFLAGS@
@@ -237,8 +246,8 @@ $(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
 	@for dep in $?; do \
 	  case '$(am__configure_deps)' in \
 	    *$$dep*) \
-	      cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh \
-		&& exit 0; \
+	      ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
+	        && { if test -f $@; then exit 0; else break; fi; }; \
 	      exit 1;; \
 	  esac; \
 	done; \
@@ -341,7 +350,7 @@ ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
 	unique=`for i in $$list; do \
 	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
 	  done | \
-	  $(AWK) '{ files[$$0] = 1; nonemtpy = 1; } \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
 	      END { if (nonempty) { for (i in files) print i; }; }'`; \
 	mkid -fID $$unique
 tags: TAGS
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index 5eddeb5f9..7f48f1009 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_crypter.c 4879 2009-02-18 19:41:33Z tobias $
  */
 
 #include "openssl_crypter.h"
@@ -133,10 +131,12 @@ static void crypt(private_openssl_crypter_t *this, chunk_t data,
 	}
 	EVP_CIPHER_CTX ctx;
 	EVP_CIPHER_CTX_init(&ctx);
-	EVP_CipherInit_ex(&ctx, this->cipher, NULL, this->key.ptr, iv.ptr, enc);
-	EVP_CIPHER_CTX_set_padding(&ctx, 0); /* disable padding */
+	EVP_CipherInit_ex(&ctx, this->cipher, NULL, NULL, NULL, enc);
+	EVP_CIPHER_CTX_set_padding(&ctx, 0); 		/* disable padding */
+	EVP_CIPHER_CTX_set_key_length(&ctx, this->key.len);
+	EVP_CipherInit_ex(&ctx, NULL, NULL, this->key.ptr, iv.ptr, enc);
 	EVP_CipherUpdate(&ctx, out, &len, data.ptr, data.len);
-	EVP_CipherFinal_ex(&ctx, out, &len); /* since padding is disabled this does nothing */
+	EVP_CipherFinal_ex(&ctx, out + len, &len); /* since padding is disabled this does nothing */
 	EVP_CIPHER_CTX_cleanup(&ctx);
 }
 
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.h b/src/libstrongswan/plugins/openssl/openssl_crypter.h
index 4510fb7ee..e5a899418 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.h
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- * 
- * $Id: openssl_crypter.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 7c83b3dea..fe042efdc 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -12,8 +12,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_diffie_hellman.c 4639 2008-11-12 15:09:24Z martin $
  */
 
 #include <openssl/dh.h>
@@ -171,7 +169,7 @@ static status_t set_modulus(private_openssl_diffie_hellman_t *this)
 	bool ansi_x9_42;
 	
 	ansi_x9_42 = lib->settings->get_bool(lib->settings,
-										 "charon.dh_exponent_ansi_x9_42", TRUE);
+										 "libstrongswan.dh_exponent_ansi_x9_42", TRUE);
 	
 	for (i = 0; i < (sizeof(modulus_entries) / sizeof(modulus_entry_t)); i++)
 	{
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
index c67ce8970..bdc153812 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- * 
- * $Id: openssl_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 9a89ad045..c93acb75c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_ec_diffie_hellman.c 4566 2008-11-04 13:12:11Z martin $
  */
 
 #include <openssl/ec.h>
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
index 6b135b36b..9d17aed57 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- * 
- * $Id: openssl_ec_diffie_hellman.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
index aeab15f26..d6b442ae9 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_ec_private_key.c 4317 2008-09-02 11:00:13Z martin $
  */
 
 #include "openssl_ec_private_key.h"
@@ -130,36 +128,18 @@ static bool sig2chunk(const EC_GROUP *group, ECDSA_SIG *sig, chunk_t *chunk)
  * Build the signature
  */
 static bool build_signature(private_openssl_ec_private_key_t *this,
-							int hash_type, chunk_t data, chunk_t *signature)
+							chunk_t hash, chunk_t *signature)
 {
-	chunk_t hash = chunk_empty;
-	ECDSA_SIG *sig;
-	bool ret = FALSE;
-	
-	if (!openssl_hash_chunk(hash_type, data, &hash))
-	{
-		return FALSE;
-	}
-	
-	sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
+	ECDSA_SIG *sig = ECDSA_do_sign(hash.ptr, hash.len, this->ec);
+	bool success;
+
 	if (!sig)
 	{
-		goto error;
-	}
-	
-	if (!sig2chunk(EC_KEY_get0_group(this->ec), sig, signature))
-	{
-		goto error;
-	}
-	
-	ret = TRUE;
-error:
-	chunk_free(&hash);
-	if (sig)
-	{
-		ECDSA_SIG_free(sig);
+		return FALSE;
 	}
-	return ret;
+	success = sig2chunk(EC_KEY_get0_group(this->ec), sig, signature);
+	ECDSA_SIG_free(sig);
+	return success;
 }
 
 /**
@@ -176,36 +156,51 @@ static key_type_t get_type(private_openssl_ec_private_key_t *this)
 static bool sign(private_openssl_ec_private_key_t *this, signature_scheme_t scheme, 
 				 chunk_t data, chunk_t *signature)
 {
-	EC_GROUP *req_group;
-	const EC_GROUP *my_group;
-	int hash, curve;
-	
-	if (!lookup_scheme(scheme, &hash, &curve))
-	{
-		DBG1("signature scheme %N not supported in EC",
-				 signature_scheme_names, scheme);
-		return FALSE;
-	}
-	
-	req_group = EC_GROUP_new_by_curve_name(curve);
-	if (!req_group)
+	bool success;
+
+	if (scheme == SIGN_ECDSA_WITH_NULL)
 	{
-		DBG1("signature scheme %N not supported in EC (required curve not supported)",
-				 signature_scheme_names, scheme);
-		return FALSE;
+		success = build_signature(this, data, signature);
 	}
-	
-	my_group = EC_KEY_get0_group(this->ec);
-	if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
+	else
 	{
-		DBG1("signature scheme %N not supported by private key",
-				 signature_scheme_names, scheme);
-		return FALSE;
-	}
+		EC_GROUP *req_group;
+		const EC_GROUP *my_group;
+		chunk_t hash = chunk_empty;
+		int hash_type, curve;
+
+		if (!lookup_scheme(scheme, &hash_type, &curve))
+		{
+			DBG1("signature scheme %N not supported in EC",
+					 signature_scheme_names, scheme);
+			return FALSE;
+		}
 	
-	EC_GROUP_free(req_group);
+		req_group = EC_GROUP_new_by_curve_name(curve);
+		if (!req_group)
+		{
+			DBG1("signature scheme %N not supported in EC (required curve not supported)",
+					 signature_scheme_names, scheme);
+			return FALSE;
+		}
 	
-	return build_signature(this, hash, data, signature);
+		my_group = EC_KEY_get0_group(this->ec);
+		if (EC_GROUP_cmp(my_group, req_group, NULL) != 0)
+		{
+			DBG1("signature scheme %N not supported by private key",
+					 signature_scheme_names, scheme);
+			return FALSE;
+		}
+		EC_GROUP_free(req_group);
+
+		if (!openssl_hash_chunk(hash_type, data, &hash))
+		{
+			return FALSE;
+		}
+		success = build_signature(this, hash, signature);
+		chunk_free(&hash);
+	}	
+	return success;
 }
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
index 29588ce18..6a6f7c867 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- * 
- * $Id: openssl_ec_private_key.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index 923df3938..635a106dd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_ec_public_key.c 4317 2008-09-02 11:00:13Z martin $
  */
 
 #include "openssl_ec_public_key.h"
@@ -75,9 +73,16 @@ static bool verify_signature(private_openssl_ec_public_key_t *this,
 	ECDSA_SIG *sig;
 	bool valid = FALSE;
 	
-	if (!openssl_hash_chunk(hash_type, data, &hash))
+	if (hash_type == NID_undef)
 	{
-		return FALSE;
+		hash = data;
+	}
+	else
+	{
+		if (!openssl_hash_chunk(hash_type, data, &hash))
+		{
+			return FALSE;
+		}
 	}
 	
 	sig = ECDSA_SIG_new();
@@ -90,7 +95,6 @@ static bool verify_signature(private_openssl_ec_public_key_t *this,
 	{
 		goto error;
 	}
-	
 	valid = (ECDSA_do_verify(hash.ptr, hash.len, sig, this->ec) == 1);
 	
 error:
@@ -98,7 +102,10 @@ error:
 	{
 		ECDSA_SIG_free(sig);
 	}
-	chunk_free(&hash);
+	if (hash_type != NID_undef)
+	{
+		chunk_free(&hash);
+	}
 	return valid;
 }
 
@@ -160,6 +167,8 @@ static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t sch
 {
 	switch (scheme)
 	{
+		case SIGN_ECDSA_WITH_NULL:
+			return verify_signature(this, NID_undef, data, signature);
 		case SIGN_ECDSA_WITH_SHA1:
 			return verify_default_signature(this, data, signature);
 		case SIGN_ECDSA_256:
@@ -178,7 +187,7 @@ static bool verify(private_openssl_ec_public_key_t *this, signature_scheme_t sch
 /**
  * Implementation of public_key_t.get_keysize.
  */
-static bool encrypt(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain)
+static bool encrypt_(private_openssl_ec_public_key_t *this, chunk_t crypto, chunk_t *plain)
 {
 	DBG1("EC public key encryption not implemented");
 	return FALSE;
@@ -279,7 +288,7 @@ static private_openssl_ec_public_key_t *openssl_ec_public_key_create_empty()
 	
 	this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
 	this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
-	this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt;
+	this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
 	this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
 	this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
 	this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
@@ -331,24 +340,6 @@ bool openssl_ec_public_key_build_id(EC_KEY *ec, identification_t **keyid,
 }
 
 /**
- * Create a public key from BIGNUM values, used in openssl_ec_private_key.c
- */
-openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec)
-{
-	private_openssl_ec_public_key_t *this = openssl_ec_public_key_create_empty();
-	
-	this->ec = EC_KEY_new();
-	EC_KEY_set_public_key(this->ec, EC_KEY_get0_public_key(ec));
-	
-	if (!openssl_ec_public_key_build_id(this->ec, &this->keyid, &this->keyid_info))
-	{
-		destroy(this);
-		return NULL;
-	}
-	return &this->public;
-}
-
-/**
  * Load a public key from an ASN1 encoded blob
  */
 static openssl_ec_public_key_t *load(chunk_t blob)
@@ -374,6 +365,14 @@ static openssl_ec_public_key_t *load(chunk_t blob)
 	return &this->public;
 }
 
+/**
+ * Create a public key from BIGNUM values, used in openssl_ec_private_key.c
+ */
+openssl_ec_public_key_t *openssl_ec_public_key_create_from_private_key(EC_KEY *ec)
+{
+	return (openssl_ec_public_key_t*)load(get_encoding_full(ec));
+}
+
 typedef struct private_builder_t private_builder_t;
 /**
  * Builder implementation for key loading
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
index 83552d590..bdbb2fe6e 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_ec_public_key.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.c b/src/libstrongswan/plugins/openssl/openssl_hasher.c
index d344dbd51..ed3e57957 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_hasher.c 4879 2009-02-18 19:41:33Z tobias $
  */
 
 #include "openssl_hasher.h"
diff --git a/src/libstrongswan/plugins/openssl/openssl_hasher.h b/src/libstrongswan/plugins/openssl/openssl_hasher.h
index 52699f7ff..aec5bc7dd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hasher.h
+++ b/src/libstrongswan/plugins/openssl/openssl_hasher.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- * 
- * $Id: openssl_hasher.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 725daff01..a90dff7f1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -12,8 +12,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_plugin.c 4879 2009-02-18 19:41:33Z tobias $
  */
 
 #include <openssl/conf.h>
@@ -121,7 +119,7 @@ static void destroy_function(struct CRYPTO_dynlock_value *lock,
  */
 static unsigned long id_function(void)
 {
-	return pthread_self();
+	return (unsigned long)pthread_self();
 }
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.h b/src/libstrongswan/plugins/openssl/openssl_plugin.h
index a6d2a060e..9f422c9d0 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.h
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- * 
- * $Id: openssl_plugin.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index 9730e0ab2..c5d4142da 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_rsa_private_key.c 4745 2008-12-03 10:12:20Z tobias $
  */
 
 #include "openssl_rsa_private_key.h"
@@ -80,65 +78,75 @@ openssl_rsa_public_key_t *openssl_rsa_public_key_create_from_n_e(BIGNUM *n, BIGN
  * Build an EMPSA PKCS1 signature described in PKCS#1
  */
 static bool build_emsa_pkcs1_signature(private_openssl_rsa_private_key_t *this,
-									   int type, chunk_t data, chunk_t *out)
+									   int type, chunk_t data, chunk_t *sig)
 {
 	bool success = FALSE;
-	u_char *sig = NULL;
-	u_int len;
-	const EVP_MD *hasher = EVP_get_digestbynid(type);
-	if (!hasher)
-	{
-		return FALSE;
-	}
-	
-	EVP_MD_CTX *ctx = EVP_MD_CTX_create();
-	EVP_PKEY *key = EVP_PKEY_new();
-	if (!ctx || !key)
-	{
-		goto error;
-	}
-	
-	if (!EVP_PKEY_set1_RSA(key, this->rsa))
-	{
-		goto error;
-	}
-	
-	if (!EVP_SignInit_ex(ctx, hasher, NULL))
-	{
-		goto error;
-	}
-	
-	if (!EVP_SignUpdate(ctx, data.ptr, data.len))
-	{
-		goto error;
-	}
-	
-	sig = malloc(EVP_PKEY_size(key));
-	if (EVP_SignFinal(ctx, sig, &len, key))
+
+	*sig = chunk_alloc(RSA_size(this->rsa));
+
+	if (type == NID_undef)
 	{
-		out->ptr = sig;
-		out->len = len;
-		success = TRUE;
+		if (RSA_private_encrypt(data.len, data.ptr, sig->ptr, this->rsa,
+								RSA_PKCS1_PADDING) == sig->len)
+		{
+			success = TRUE;
+		}
 	}
 	else
 	{
-		free(sig);
-	}
+		EVP_MD_CTX *ctx;
+		EVP_PKEY *key;
+		const EVP_MD *hasher;
+		u_int len;
+
+		hasher = EVP_get_digestbynid(type);
+		if (!hasher)
+		{
+			return FALSE;
+		}
+	
+		ctx = EVP_MD_CTX_create();
+		key = EVP_PKEY_new();
+		if (!ctx || !key)
+		{
+			goto error;
+		}
+		if (!EVP_PKEY_set1_RSA(key, this->rsa))
+		{
+			goto error;
+		}
+		if (!EVP_SignInit_ex(ctx, hasher, NULL))
+		{
+			goto error;
+		}
+		if (!EVP_SignUpdate(ctx, data.ptr, data.len))
+		{
+			goto error;
+		}
+		if (EVP_SignFinal(ctx, sig->ptr, &len, key))
+		{
+			success = TRUE;
+		}
 	
 error:
-	if (key)
-	{
-		EVP_PKEY_free(key);
+		if (key)
+		{
+			EVP_PKEY_free(key);
+		}
+		if (ctx)
+		{
+			EVP_MD_CTX_destroy(ctx);
+		}
 	}
-	if (ctx)
+	if (!success)
 	{
-		EVP_MD_CTX_destroy(ctx);
+		free(sig->ptr);
 	}
 	return success;
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_type.
  */
 static key_type_t get_type(private_openssl_rsa_private_key_t *this)
 {
@@ -146,15 +154,15 @@ static key_type_t get_type(private_openssl_rsa_private_key_t *this)
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.sign.
  */
 static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t scheme, 
 				 chunk_t data, chunk_t *signature)
 {
 	switch (scheme)
 	{
-		case SIGN_DEFAULT:
-			/* default is EMSA-PKCS1 using SHA1 */
+		case SIGN_RSA_EMSA_PKCS1_NULL:
+			return build_emsa_pkcs1_signature(this, NID_undef, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return build_emsa_pkcs1_signature(this, NID_sha1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA256:
@@ -173,7 +181,7 @@ static bool sign(private_openssl_rsa_private_key_t *this, signature_scheme_t sch
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.decrypt.
  */
 static bool decrypt(private_openssl_rsa_private_key_t *this,
 					chunk_t crypto, chunk_t *plain)
@@ -183,7 +191,7 @@ static bool decrypt(private_openssl_rsa_private_key_t *this,
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_keysize.
  */
 static size_t get_keysize(private_openssl_rsa_private_key_t *this)
 {
@@ -191,7 +199,7 @@ static size_t get_keysize(private_openssl_rsa_private_key_t *this)
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_id.
  */
 static identification_t* get_id(private_openssl_rsa_private_key_t *this,
 								id_type_t type)
@@ -208,7 +216,7 @@ static identification_t* get_id(private_openssl_rsa_private_key_t *this,
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_public_key.
  */
 static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_t *this)
 {
@@ -216,7 +224,35 @@ static openssl_rsa_public_key_t* get_public_key(private_openssl_rsa_private_key_
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.equals.
+ */
+static bool equals(private_openssl_rsa_private_key_t *this, private_key_t *other)
+{
+	identification_t *keyid;
+
+	if (&this->public.interface == other)
+	{
+		return TRUE;
+	}
+	if (other->get_type(other) != KEY_RSA)
+	{
+		return FALSE;
+	}
+	keyid = other->get_id(other, ID_PUBKEY_SHA1);
+	if (keyid && keyid->equals(keyid, this->keyid))
+	{
+		return TRUE;
+	}
+	keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+	if (keyid && keyid->equals(keyid, this->keyid_info))
+	{
+		return TRUE;
+	}
+	return FALSE;
+}
+
+/**
+ * Implementation of openssl_rsa_private_key.belongs_to.
  */
 static bool belongs_to(private_openssl_rsa_private_key_t *this, public_key_t *public)
 {
@@ -255,7 +291,7 @@ static chunk_t get_encoding(private_openssl_rsa_private_key_t *this)
 }
 
 /**
- * Implementation of openssl_rsa_private_key.destroy.
+ * Implementation of openssl_rsa_private_key.get_ref.
  */
 static private_openssl_rsa_private_key_t* get_ref(private_openssl_rsa_private_key_t *this)
 {
@@ -288,16 +324,17 @@ static private_openssl_rsa_private_key_t *openssl_rsa_private_key_create_empty(v
 {
 	private_openssl_rsa_private_key_t *this = malloc_thing(private_openssl_rsa_private_key_t);
 	
-	this->public.interface.get_type = (key_type_t (*)(private_key_t *this))get_type;
-	this->public.interface.sign = (bool (*)(private_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t *signature))sign;
-	this->public.interface.decrypt = (bool (*)(private_key_t *this, chunk_t crypto, chunk_t *plain))decrypt;
-	this->public.interface.get_keysize = (size_t (*) (private_key_t *this))get_keysize;
-	this->public.interface.get_id = (identification_t* (*) (private_key_t *this,id_type_t))get_id;
-	this->public.interface.get_public_key = (public_key_t* (*)(private_key_t *this))get_public_key;
-	this->public.interface.belongs_to = (bool (*) (private_key_t *this, public_key_t *public))belongs_to;
-	this->public.interface.get_encoding = (chunk_t(*)(private_key_t*))get_encoding;
-	this->public.interface.get_ref = (private_key_t* (*)(private_key_t *this))get_ref;
-	this->public.interface.destroy = (void (*)(private_key_t *this))destroy;
+	this->public.interface.get_type = (key_type_t (*) (private_key_t*))get_type;
+	this->public.interface.sign = (bool (*) (private_key_t*, signature_scheme_t, chunk_t, chunk_t*))sign;
+	this->public.interface.decrypt = (bool (*) (private_key_t*, chunk_t, chunk_t*))decrypt;
+	this->public.interface.get_keysize = (size_t (*) (private_key_t*))get_keysize;
+	this->public.interface.get_id = (identification_t* (*) (private_key_t*, id_type_t))get_id;
+	this->public.interface.get_public_key = (public_key_t* (*) (private_key_t*))get_public_key;
+	this->public.interface.equals = (bool (*) (private_key_t*, private_key_t*))equals;
+	this->public.interface.belongs_to = (bool (*) (private_key_t*, public_key_t*))belongs_to;
+	this->public.interface.get_encoding = (chunk_t(*) (private_key_t*))get_encoding;
+	this->public.interface.get_ref = (private_key_t* (*) (private_key_t*))get_ref;
+	this->public.interface.destroy = (void (*) (private_key_t*))destroy;
 	
 	this->engine = FALSE;
 	this->keyid = NULL;
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
index 05d83416c..53ec44b28 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- * 
- * $Id: openssl_rsa_private_key.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 794fa8123..89912f24c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_rsa_public_key.c 4567 2008-11-04 14:05:42Z martin $
  */
 
 #include "openssl_rsa_public_key.h"
@@ -62,49 +60,65 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
 										int type, chunk_t data, chunk_t signature)
 {
 	bool valid = FALSE;
-	const EVP_MD *hasher = EVP_get_digestbynid(type);
-	if (!hasher)
-	{
-		return FALSE;
-	}
-	
-	EVP_MD_CTX *ctx = EVP_MD_CTX_create();
-	EVP_PKEY *key = EVP_PKEY_new();
-	if (!ctx || !key)
-	{
-		goto error;
-	}
-	
-	if (!EVP_PKEY_set1_RSA(key, this->rsa))
-	{
-		goto error;
-	}
-	
-	if (!EVP_VerifyInit_ex(ctx, hasher, NULL))
+	int rsa_size = RSA_size(this->rsa);
+
+	/* OpenSSL expects a signature of exactly RSA size (no leading 0x00) */
+	if (signature.len > rsa_size)
 	{
-		goto error;
+		signature = chunk_skip(signature, signature.len - rsa_size);
 	}
-	
-	if (!EVP_VerifyUpdate(ctx, data.ptr, data.len))
+
+	if (type == NID_undef)
 	{
-		goto error;
+		chunk_t hash = chunk_alloc(rsa_size);
+
+		hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
+									  this->rsa, RSA_PKCS1_PADDING);
+		valid = chunk_equals(data, hash);
+		free(hash.ptr);
 	}
-	
-	/* VerifyFinal expects a signature of exactly RSA size (no leading 0x00) */
-	if (signature.len > RSA_size(this->rsa))
+	else
 	{
-		signature = chunk_skip(signature, signature.len - RSA_size(this->rsa));
-	}
-	valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1);
+		EVP_MD_CTX *ctx;
+		EVP_PKEY *key;
+		const EVP_MD *hasher;
+
+		hasher = EVP_get_digestbynid(type);
+		if (!hasher)
+		{
+			return FALSE;
+		}
+
+		ctx = EVP_MD_CTX_create();
+		key = EVP_PKEY_new();
+
+		if (!ctx || !key)
+		{
+			goto error;
+		}
+		if (!EVP_PKEY_set1_RSA(key, this->rsa))
+		{
+			goto error;
+		}
+		if (!EVP_VerifyInit_ex(ctx, hasher, NULL))
+		{
+			goto error;
+		}
+		if (!EVP_VerifyUpdate(ctx, data.ptr, data.len))
+		{
+			goto error;
+		}
+		valid = (EVP_VerifyFinal(ctx, signature.ptr, signature.len, key) == 1);
 	
 error:
-	if (key)
-	{
-		EVP_PKEY_free(key);
-	}
-	if (ctx)
-	{
-		EVP_MD_CTX_destroy(ctx);
+		if (key)
+		{
+			EVP_PKEY_free(key);
+		}
+		if (ctx)
+		{
+			EVP_MD_CTX_destroy(ctx);
+		}
 	}
 	return valid;
 }
@@ -125,8 +139,8 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
 {
 	switch (scheme)
 	{
-		case SIGN_DEFAULT:
-			/* default is EMSA-PKCS1 using SHA1 */
+		case SIGN_RSA_EMSA_PKCS1_NULL:
+			return verify_emsa_pkcs1_signature(this, NID_undef, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA1:
 			return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature);
 		case SIGN_RSA_EMSA_PKCS1_SHA256:
@@ -147,13 +161,41 @@ static bool verify(private_openssl_rsa_public_key_t *this, signature_scheme_t sc
 /**
  * Implementation of public_key_t.get_keysize.
  */
-static bool encrypt(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain)
+static bool encrypt_(private_openssl_rsa_public_key_t *this, chunk_t crypto, chunk_t *plain)
 {
 	DBG1("RSA public key encryption not implemented");
 	return FALSE;
 }
 
 /**
+ * Implementation of public_key_t.equals.
+ */
+static bool equals(private_openssl_rsa_public_key_t *this, public_key_t *other)
+{
+	identification_t *keyid;
+
+	if (&this->public.interface == other)
+	{
+		return TRUE;
+	}
+	if (other->get_type(other) != KEY_RSA)
+	{
+		return FALSE;
+	}
+	keyid = other->get_id(other, ID_PUBKEY_SHA1);
+	if (keyid && keyid->equals(keyid, this->keyid))
+	{
+		return TRUE;
+	}
+	keyid = other->get_id(other, ID_PUBKEY_INFO_SHA1);
+	if (keyid && keyid->equals(keyid, this->keyid_info))
+	{
+		return TRUE;
+	}
+	return FALSE;
+}
+
+/**
  * Implementation of public_key_t.get_keysize.
  */
 static size_t get_keysize(private_openssl_rsa_public_key_t *this)
@@ -263,7 +305,8 @@ static private_openssl_rsa_public_key_t *openssl_rsa_public_key_create_empty()
 	
 	this->public.interface.get_type = (key_type_t (*)(public_key_t *this))get_type;
 	this->public.interface.verify = (bool (*)(public_key_t *this, signature_scheme_t scheme, chunk_t data, chunk_t signature))verify;
-	this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt;
+	this->public.interface.encrypt = (bool (*)(public_key_t *this, chunk_t crypto, chunk_t *plain))encrypt_;
+	this->public.interface.equals = (bool (*) (public_key_t*, public_key_t*))equals;
 	this->public.interface.get_keysize = (size_t (*) (public_key_t *this))get_keysize;
 	this->public.interface.get_id = (identification_t* (*) (public_key_t *this,id_type_t))get_id;
 	this->public.interface.get_encoding = (chunk_t(*)(public_key_t*))get_encoding;
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
index c97ba1b92..ff99ddbc5 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_rsa_public_key.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.c b/src/libstrongswan/plugins/openssl/openssl_util.c
index 3c4f6595b..bb0c296e1 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.c
+++ b/src/libstrongswan/plugins/openssl/openssl_util.c
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_util.c 4051 2008-06-10 09:08:27Z tobias $
  */
 
 #include "openssl_util.h"
diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h
index e780e2a25..6ba1ff07b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_util.h
+++ b/src/libstrongswan/plugins/openssl/openssl_util.h
@@ -11,8 +11,6 @@
  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  * for more details.
- *
- * $Id: openssl_util.h 5003 2009-03-24 17:43:01Z martin $
  */
 
 /**
author	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-06-23 11:35:38 +0000
committer	Rene Mayrhofer <rene@mayrhofer.eu.org>	2009-06-23 11:35:38 +0000
commit	7c52c3f35cdbdff58443b994f2f33d13b4d81f57 (patch)
tree	e54a27979ea72ec41702bec2984c2eadac3b8862 /src/libstrongswan/plugins/openssl
parent	4ef45ba0404dac3773e83af995a5ec584b23d633 (diff)
download	vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.tar.gz vyos-strongswan-7c52c3f35cdbdff58443b994f2f33d13b4d81f57.zip