summaryrefslogtreecommitdiff
path: root/src/libstrongswan/plugins/openssl
diff options
context:
space:
mode:
authorYves-Alexis Perez <corsac@debian.org>2015-06-01 14:46:30 +0200
committerYves-Alexis Perez <corsac@debian.org>2015-06-01 14:46:30 +0200
commitfc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (patch)
tree7360889e50de867d72741213d534a756c73902c8 /src/libstrongswan/plugins/openssl
parent83b8aebb19fe6e49e13a05d4e8f5ab9a06177642 (diff)
downloadvyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.tar.gz
vyos-strongswan-fc556ec2bc92a9d476c11406fad2c33db8bf7cb0.zip
Imported Upstream version 5.3.1
Diffstat (limited to 'src/libstrongswan/plugins/openssl')
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_crypter.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c13
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c44
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_hmac.c22
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_pkcs7.c2
-rw-r--r--src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c2
6 files changed, 77 insertions, 8 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_crypter.c b/src/libstrongswan/plugins/openssl/openssl_crypter.c
index c2478a4ed..26f4700b8 100644
--- a/src/libstrongswan/plugins/openssl/openssl_crypter.c
+++ b/src/libstrongswan/plugins/openssl/openssl_crypter.c
@@ -226,10 +226,12 @@ openssl_crypter_t *openssl_crypter_create(encryption_algorithm_t algo,
return NULL;
}
break;
+#ifndef OPENSSL_NO_DES
case ENCR_DES_ECB:
key_size = 8;
this->cipher = EVP_des_ecb();
break;
+#endif
default:
{
char* name;
diff --git a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
index 2615d60a2..cac442fc0 100644
--- a/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_diffie_hellman.c
@@ -112,6 +112,18 @@ METHOD(diffie_hellman_t, set_other_public_value, bool,
return TRUE;
}
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_openssl_diffie_hellman_t *this, chunk_t value)
+{
+ if (BN_bin2bn(value.ptr, value.len, this->dh->priv_key))
+ {
+ chunk_clear(&this->shared_secret);
+ this->computed = FALSE;
+ return DH_generate_key(this->dh);
+ }
+ return FALSE;
+}
+
METHOD(diffie_hellman_t, get_dh_group, diffie_hellman_group_t,
private_openssl_diffie_hellman_t *this)
{
@@ -160,6 +172,7 @@ openssl_diffie_hellman_t *openssl_diffie_hellman_create(
.get_shared_secret = _get_shared_secret,
.set_other_public_value = _set_other_public_value,
.get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
.get_dh_group = _get_dh_group,
.destroy = _destroy,
},
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
index 550a5432f..a1af500e2 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_diffie_hellman.c
@@ -248,6 +248,49 @@ METHOD(diffie_hellman_t, get_my_public_value, bool,
return TRUE;
}
+METHOD(diffie_hellman_t, set_private_value, bool,
+ private_openssl_ec_diffie_hellman_t *this, chunk_t value)
+{
+ EC_POINT *pub = NULL;
+ BIGNUM *priv = NULL;
+ bool ret = FALSE;
+
+ priv = BN_bin2bn(value.ptr, value.len, NULL);
+ if (!priv)
+ {
+ goto error;
+ }
+ pub = EC_POINT_new(EC_KEY_get0_group(this->key));
+ if (!pub)
+ {
+ goto error;
+ }
+ if (EC_POINT_mul(this->ec_group, pub, priv, NULL, NULL, NULL) != 1)
+ {
+ goto error;
+ }
+ if (EC_KEY_set_private_key(this->key, priv) != 1)
+ {
+ goto error;
+ }
+ if (EC_KEY_set_public_key(this->key, pub) != 1)
+ {
+ goto error;
+ }
+ ret = TRUE;
+
+error:
+ if (pub)
+ {
+ EC_POINT_free(pub);
+ }
+ if (priv)
+ {
+ BN_free(priv);
+ }
+ return ret;
+}
+
METHOD(diffie_hellman_t, get_shared_secret, bool,
private_openssl_ec_diffie_hellman_t *this, chunk_t *secret)
{
@@ -558,6 +601,7 @@ openssl_ec_diffie_hellman_t *openssl_ec_diffie_hellman_create(diffie_hellman_gro
.get_shared_secret = _get_shared_secret,
.set_other_public_value = _set_other_public_value,
.get_my_public_value = _get_my_public_value,
+ .set_private_value = _set_private_value,
.get_dh_group = _get_dh_group,
.destroy = _destroy,
},
diff --git a/src/libstrongswan/plugins/openssl/openssl_hmac.c b/src/libstrongswan/plugins/openssl/openssl_hmac.c
index 4f0bcc7c3..065187a8c 100644
--- a/src/libstrongswan/plugins/openssl/openssl_hmac.c
+++ b/src/libstrongswan/plugins/openssl/openssl_hmac.c
@@ -69,15 +69,26 @@ struct private_mac_t {
* Current HMAC context
*/
HMAC_CTX hmac;
+
+ /**
+ * Key set on HMAC_CTX?
+ */
+ bool key_set;
};
METHOD(mac_t, set_key, bool,
private_mac_t *this, chunk_t key)
{
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
- return HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL);
+ if (HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL))
+ {
+ this->key_set = TRUE;
+ return TRUE;
+ }
+ return FALSE;
#else /* OPENSSL_VERSION_NUMBER < 1.0 */
HMAC_Init_ex(&this->hmac, key.ptr, key.len, this->hasher, NULL);
+ this->key_set = TRUE;
return TRUE;
#endif
}
@@ -85,6 +96,10 @@ METHOD(mac_t, set_key, bool,
METHOD(mac_t, get_mac, bool,
private_mac_t *this, chunk_t data, u_int8_t *out)
{
+ if (!this->key_set)
+ {
+ return FALSE;
+ }
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
if (!HMAC_Update(&this->hmac, data.ptr, data.len))
{
@@ -153,11 +168,6 @@ static mac_t *hmac_create(hash_algorithm_t algo)
}
HMAC_CTX_init(&this->hmac);
- if (!set_key(this, chunk_empty))
- {
- destroy(this);
- return NULL;
- }
return &this->public;
}
diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
index 9c3c4040c..891e829ae 100644
--- a/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
+++ b/src/libstrongswan/plugins/openssl/openssl_pkcs7.c
@@ -305,7 +305,7 @@ static bool verify_digest(CMS_ContentInfo *cms, CMS_SignerInfo *si, int hash_oid
}
hasher->destroy(hasher);
- if (!chunk_equals(digest, hash))
+ if (!chunk_equals_const(digest, hash))
{
free(hash.ptr);
DBG1(DBG_LIB, "invalid messageDigest");
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index 9748e28f2..aa54d3bbd 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -74,7 +74,7 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
RSA_PKCS1_PADDING);
if (len != -1)
{
- valid = chunk_equals(data, chunk_create(buf, len));
+ valid = chunk_equals_const(data, chunk_create(buf, len));
}
free(buf);
}