Imported Upstream version 5.0.4

author: Yves-Alexis Perez <corsac@debian.org> 2013-04-30 17:51:33 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2013-04-30 17:51:33 +0200
commit: c83921a2b566aa9d55d8ccc7258f04fca6292ee6 (patch)
tree: 44039788fc816c84d5788df847d1555413ebe55a /src/libstrongswan
parent: 10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (diff)
download: vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.tar.gz
vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.zip
50 files changed, 142 insertions, 14 deletions
diff --git a/src/libstrongswan/Makefile.in b/src/libstrongswan/Makefile.in
index 15219c4f3..5435de406 100644
--- a/src/libstrongswan/Makefile.in
+++ b/src/libstrongswan/Makefile.in
@@ -514,6 +514,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/library.c b/src/libstrongswan/library.c
index 819c6808e..4dec61203 100644
--- a/src/libstrongswan/library.c
+++ b/src/libstrongswan/library.c
@@ -150,6 +150,51 @@ static bool equals(char *a, char *b)
 	return streq(a, b);
 }
 
+/**
+ * Write magic to memory, and try to clear it with memwipe()
+ */
+__attribute__((noinline))
+static void do_magic(int magic, int **stack)
+{
+	int buf[32], i;
+
+	/* tell caller where callee stack is (but don't point to buf) */
+	*stack = &i;
+	for (i = 0; i < countof(buf); i++)
+	{
+		buf[i] = magic;
+	}
+	/* passing buf to dbg should make sure the compiler can't optimize out buf.
+	 * we use directly dbg(3), as DBG3() might be stripped with DEBUG_LEVEL. */
+	dbg(DBG_LIB, 3, "memwipe() pre: %b", buf, sizeof(buf));
+	memwipe(buf, sizeof(buf));
+}
+
+/**
+ * Check if memwipe works as expected
+ */
+static bool check_memwipe()
+{
+	int magic = 0xCAFEBABE, *ptr, *deeper, i, stackdir = 1;
+
+	do_magic(magic, &deeper);
+
+	ptr = &magic;
+	if (deeper < ptr)
+	{	/* stack grows down */
+		stackdir = -1;
+	}
+	for (i = 0; i < 128; i++)
+	{
+		ptr = ptr + stackdir;
+		if (*ptr == magic)
+		{
+			return FALSE;
+		}
+	}
+	return TRUE;
+}
+
 /*
  * see header file
  */
@@ -221,6 +266,12 @@ bool library_init(char *settings)
 	this->public.scheduler = scheduler_create();
 	this->public.plugins = plugin_loader_create();
 
+	if (!check_memwipe())
+	{
+		DBG1(DBG_LIB, "memwipe() check failed");
+		return FALSE;
+	}
+
 	if (lib->settings->get_bool(lib->settings,
 								"libstrongswan.integrity_test", FALSE))
 	{
@@ -239,4 +290,3 @@ bool library_init(char *settings)
 
 	return !this->integrity_failed;
 }
-
diff --git a/src/libstrongswan/plugins/aes/Makefile.in b/src/libstrongswan/plugins/aes/Makefile.in
index 6010b9c9c..71e25a6a1 100644
--- a/src/libstrongswan/plugins/aes/Makefile.in
+++ b/src/libstrongswan/plugins/aes/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/af_alg/Makefile.in b/src/libstrongswan/plugins/af_alg/Makefile.in
index aab2cd847..eff6aec83 100644
--- a/src/libstrongswan/plugins/af_alg/Makefile.in
+++ b/src/libstrongswan/plugins/af_alg/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/agent/Makefile.in b/src/libstrongswan/plugins/agent/Makefile.in
index e7280adcb..b17a69a76 100644
--- a/src/libstrongswan/plugins/agent/Makefile.in
+++ b/src/libstrongswan/plugins/agent/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/blowfish/Makefile.in b/src/libstrongswan/plugins/blowfish/Makefile.in
index 2727a55b1..9c0390c96 100644
--- a/src/libstrongswan/plugins/blowfish/Makefile.in
+++ b/src/libstrongswan/plugins/blowfish/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/ccm/Makefile.in b/src/libstrongswan/plugins/ccm/Makefile.in
index 311f04b87..ee7f386dd 100644
--- a/src/libstrongswan/plugins/ccm/Makefile.in
+++ b/src/libstrongswan/plugins/ccm/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/cmac/Makefile.in b/src/libstrongswan/plugins/cmac/Makefile.in
index b771d76d9..12131c65c 100644
--- a/src/libstrongswan/plugins/cmac/Makefile.in
+++ b/src/libstrongswan/plugins/cmac/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/constraints/Makefile.in b/src/libstrongswan/plugins/constraints/Makefile.in
index e01f1397e..72517e9a1 100644
--- a/src/libstrongswan/plugins/constraints/Makefile.in
+++ b/src/libstrongswan/plugins/constraints/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/ctr/Makefile.in b/src/libstrongswan/plugins/ctr/Makefile.in
index 7d930d7aa..18abf3a38 100644
--- a/src/libstrongswan/plugins/ctr/Makefile.in
+++ b/src/libstrongswan/plugins/ctr/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/curl/Makefile.in b/src/libstrongswan/plugins/curl/Makefile.in
index ace838923..73f180c29 100644
--- a/src/libstrongswan/plugins/curl/Makefile.in
+++ b/src/libstrongswan/plugins/curl/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/des/Makefile.in b/src/libstrongswan/plugins/des/Makefile.in
index 8a8e8fe66..22241cccd 100644
--- a/src/libstrongswan/plugins/des/Makefile.in
+++ b/src/libstrongswan/plugins/des/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/dnskey/Makefile.in b/src/libstrongswan/plugins/dnskey/Makefile.in
index c30dcb530..402143106 100644
--- a/src/libstrongswan/plugins/dnskey/Makefile.in
+++ b/src/libstrongswan/plugins/dnskey/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/fips_prf/Makefile.in b/src/libstrongswan/plugins/fips_prf/Makefile.in
index 6a34c8a7b..878713157 100644
--- a/src/libstrongswan/plugins/fips_prf/Makefile.in
+++ b/src/libstrongswan/plugins/fips_prf/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/gcm/Makefile.in b/src/libstrongswan/plugins/gcm/Makefile.in
index a690613e4..660813f25 100644
--- a/src/libstrongswan/plugins/gcm/Makefile.in
+++ b/src/libstrongswan/plugins/gcm/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/gcrypt/Makefile.in b/src/libstrongswan/plugins/gcrypt/Makefile.in
index f866cbb1f..3716a09fe 100644
--- a/src/libstrongswan/plugins/gcrypt/Makefile.in
+++ b/src/libstrongswan/plugins/gcrypt/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/gmp/Makefile.in b/src/libstrongswan/plugins/gmp/Makefile.in
index 13fcd7ab5..74c19a734 100644
--- a/src/libstrongswan/plugins/gmp/Makefile.in
+++ b/src/libstrongswan/plugins/gmp/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/hmac/Makefile.in b/src/libstrongswan/plugins/hmac/Makefile.in
index 59c15f7c0..cc4e8b108 100644
--- a/src/libstrongswan/plugins/hmac/Makefile.in
+++ b/src/libstrongswan/plugins/hmac/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/ldap/Makefile.in b/src/libstrongswan/plugins/ldap/Makefile.in
index 11755b04c..0b8e68e4e 100644
--- a/src/libstrongswan/plugins/ldap/Makefile.in
+++ b/src/libstrongswan/plugins/ldap/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/md4/Makefile.in b/src/libstrongswan/plugins/md4/Makefile.in
index fd25eb78a..3243b2643 100644
--- a/src/libstrongswan/plugins/md4/Makefile.in
+++ b/src/libstrongswan/plugins/md4/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/md5/Makefile.in b/src/libstrongswan/plugins/md5/Makefile.in
index e22be6523..68a4244ba 100644
--- a/src/libstrongswan/plugins/md5/Makefile.in
+++ b/src/libstrongswan/plugins/md5/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/mysql/Makefile.in b/src/libstrongswan/plugins/mysql/Makefile.in
index d054952bd..5e73813d5 100644
--- a/src/libstrongswan/plugins/mysql/Makefile.in
+++ b/src/libstrongswan/plugins/mysql/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/nonce/Makefile.in b/src/libstrongswan/plugins/nonce/Makefile.in
index 4f651a8f8..bd04ab901 100644
--- a/src/libstrongswan/plugins/nonce/Makefile.in
+++ b/src/libstrongswan/plugins/nonce/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am
index e71567311..0ca27983f 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.am
+++ b/src/libstrongswan/plugins/openssl/Makefile.am
@@ -1,7 +1,7 @@
 
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
 
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = -rdynamic -DFIPS_MODE=${fips_mode}
 
 if MONOLITHIC
 noinst_LTLIBRARIES = libstrongswan-openssl.la
diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in
index 5eca47a1c..ba45e4bbc 100644
--- a/src/libstrongswan/plugins/openssl/Makefile.in
+++ b/src/libstrongswan/plugins/openssl/Makefile.in
@@ -256,6 +256,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
@@ -326,7 +327,7 @@ urandom_device = @urandom_device@
 xml_CFLAGS = @xml_CFLAGS@
 xml_LIBS = @xml_LIBS@
 INCLUDES = -I$(top_srcdir)/src/libstrongswan
-AM_CFLAGS = -rdynamic
+AM_CFLAGS = -rdynamic -DFIPS_MODE=${fips_mode}
 @MONOLITHIC_TRUE@noinst_LTLIBRARIES = libstrongswan-openssl.la
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-openssl.la
 libstrongswan_openssl_la_SOURCES = \
diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
index c8a45f79a..38cc8bedf 100644
--- a/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_ec_public_key.c
@@ -124,7 +124,7 @@ static bool verify_der_signature(private_openssl_ec_public_key_t *this,
 	if (openssl_hash_chunk(nid_hash, data, &hash))
 	{
 		valid = ECDSA_verify(0, hash.ptr, hash.len,
-							 signature.ptr, signature.len, this->ec);
+							 signature.ptr, signature.len, this->ec) == 1;
 		free(hash.ptr);
 	}
 	return valid;
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 915082234..ce6610ad6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -457,6 +457,25 @@ METHOD(plugin_t, destroy, void,
 plugin_t *openssl_plugin_create()
 {
 	private_openssl_plugin_t *this;
+	int fips_mode;
+
+	fips_mode = lib->settings->get_int(lib->settings,
+						"libstrongswan.plugins.openssl.fips_mode", FIPS_MODE);
+#ifdef OPENSSL_FIPS
+	if (!FIPS_mode_set(fips_mode))
+	{
+		DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
+		return NULL;
+	}
+	DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ",fips_mode,
+				   fips_mode ? "en" : "dis");
+#else
+	DBG1(DBG_LIB, "openssl FIPS mode(%d) unavailable", fips_mode);
+	if (fips_mode)
+	{
+		return NULL;
+	}
+#endif
 
 	INIT(this,
 		.public = {
diff --git a/src/libstrongswan/plugins/openssl/openssl_rng.c b/src/libstrongswan/plugins/openssl/openssl_rng.c
index d3d64f5e8..10db6293a 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rng.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rng.c
@@ -57,7 +57,7 @@ METHOD(rng_t, get_bytes, bool,
 	{
 		ret = RAND_pseudo_bytes((char*)buffer, bytes);
 	}
-	return ret != 0;
+	return ret == 1;
 }
 
 METHOD(rng_t, allocate_bytes, bool,
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
index fb86a6bf1..036f53d23 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c
@@ -428,7 +428,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
 	if (blob.ptr)
 	{
 		this->rsa = d2i_RSAPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len);
-		if (this->rsa && RSA_check_key(this->rsa))
+		if (this->rsa && RSA_check_key(this->rsa) == 1)
 		{
 			return &this->public;
 		}
@@ -450,7 +450,7 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type,
 			this->rsa->dmq1 = BN_bin2bn((const u_char*)exp2.ptr, exp2.len, NULL);
 		}
 		this->rsa->iqmp = BN_bin2bn((const u_char*)coeff.ptr, coeff.len, NULL);
-		if (RSA_check_key(this->rsa))
+		if (RSA_check_key(this->rsa) == 1)
 		{
 			return &this->public;
 		}
diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
index bf71d7901..48beedef6 100644
--- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
+++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c
@@ -48,8 +48,6 @@ struct private_openssl_rsa_public_key_t {
 	refcount_t ref;
 };
 
-
-
 /**
  * Verification of an EMPSA PKCS1 signature described in PKCS#1
  */
@@ -67,12 +65,17 @@ static bool verify_emsa_pkcs1_signature(private_openssl_rsa_public_key_t *this,
 
 	if (type == NID_undef)
 	{
-		chunk_t hash = chunk_alloc(rsa_size);
+		char *buf;
+		int len;
 
-		hash.len = RSA_public_decrypt(signature.len, signature.ptr, hash.ptr,
-									  this->rsa, RSA_PKCS1_PADDING);
-		valid = chunk_equals(data, hash);
-		free(hash.ptr);
+		buf = malloc(rsa_size);
+		len = RSA_public_decrypt(signature.len, signature.ptr, buf, this->rsa,
+								 RSA_PKCS1_PADDING);
+		if (len != -1)
+		{
+			valid = chunk_equals(data, chunk_create(buf, len));
+		}
+		free(buf);
 	}
 	else
 	{
diff --git a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
index 8c00e6a57..446c93e2b 100644
--- a/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
+++ b/src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
@@ -42,7 +42,14 @@ struct private_openssl_sha1_prf_t {
 METHOD(prf_t, get_bytes, bool,
 	private_openssl_sha1_prf_t *this, chunk_t seed, u_int8_t *bytes)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+	if (!SHA1_Update(&this->ctx, seed.ptr, seed.len))
+	{
+		return FALSE;
+	}
+#else /* OPENSSL_VERSION_NUMBER < 1.0 */
 	SHA1_Update(&this->ctx, seed.ptr, seed.len);
+#endif
 
 	if (bytes)
 	{
@@ -84,7 +91,14 @@ METHOD(prf_t, get_key_size, size_t,
 METHOD(prf_t, set_key, bool,
 	private_openssl_sha1_prf_t *this, chunk_t key)
 {
+#if OPENSSL_VERSION_NUMBER >= 0x10000000L
+	if (!SHA1_Init(&this->ctx))
+	{
+		return FALSE;
+	}
+#else /* OPENSSL_VERSION_NUMBER < 1.0 */
 	SHA1_Init(&this->ctx);
+#endif
 
 	if (key.len % 4)
 	{
diff --git a/src/libstrongswan/plugins/padlock/Makefile.in b/src/libstrongswan/plugins/padlock/Makefile.in
index e9ac1d5e3..a82e8d578 100644
--- a/src/libstrongswan/plugins/padlock/Makefile.in
+++ b/src/libstrongswan/plugins/padlock/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/pem/Makefile.in b/src/libstrongswan/plugins/pem/Makefile.in
index bb346b373..fa7e3891e 100644
--- a/src/libstrongswan/plugins/pem/Makefile.in
+++ b/src/libstrongswan/plugins/pem/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/pgp/Makefile.in b/src/libstrongswan/plugins/pgp/Makefile.in
index a96c6259f..897adfcc7 100644
--- a/src/libstrongswan/plugins/pgp/Makefile.in
+++ b/src/libstrongswan/plugins/pgp/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/pkcs1/Makefile.in b/src/libstrongswan/plugins/pkcs1/Makefile.in
index b4e78cd37..18af15599 100644
--- a/src/libstrongswan/plugins/pkcs1/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs1/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/pkcs11/Makefile.in b/src/libstrongswan/plugins/pkcs11/Makefile.in
index aab1ae9de..90a0ae97c 100644
--- a/src/libstrongswan/plugins/pkcs11/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs11/Makefile.in
@@ -253,6 +253,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/pkcs7/Makefile.in b/src/libstrongswan/plugins/pkcs7/Makefile.in
index 38781d34d..a4ef63364 100644
--- a/src/libstrongswan/plugins/pkcs7/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs7/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/pkcs8/Makefile.in b/src/libstrongswan/plugins/pkcs8/Makefile.in
index ea62a7d44..879020383 100644
--- a/src/libstrongswan/plugins/pkcs8/Makefile.in
+++ b/src/libstrongswan/plugins/pkcs8/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/pubkey/Makefile.in b/src/libstrongswan/plugins/pubkey/Makefile.in
index 2b54fd426..cecba00ba 100644
--- a/src/libstrongswan/plugins/pubkey/Makefile.in
+++ b/src/libstrongswan/plugins/pubkey/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/random/Makefile.in b/src/libstrongswan/plugins/random/Makefile.in
index 12eaa8a47..4909f4c8a 100644
--- a/src/libstrongswan/plugins/random/Makefile.in
+++ b/src/libstrongswan/plugins/random/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/rdrand/Makefile.in b/src/libstrongswan/plugins/rdrand/Makefile.in
index e2d9e1a6b..b611821a8 100644
--- a/src/libstrongswan/plugins/rdrand/Makefile.in
+++ b/src/libstrongswan/plugins/rdrand/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/revocation/Makefile.in b/src/libstrongswan/plugins/revocation/Makefile.in
index c0008c5b4..bc92c6ed1 100644
--- a/src/libstrongswan/plugins/revocation/Makefile.in
+++ b/src/libstrongswan/plugins/revocation/Makefile.in
@@ -252,6 +252,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/sha1/Makefile.in b/src/libstrongswan/plugins/sha1/Makefile.in
index 0308e1b26..4cb0a0907 100644
--- a/src/libstrongswan/plugins/sha1/Makefile.in
+++ b/src/libstrongswan/plugins/sha1/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/sha2/Makefile.in b/src/libstrongswan/plugins/sha2/Makefile.in
index 3d4e915b2..09fed2bdb 100644
--- a/src/libstrongswan/plugins/sha2/Makefile.in
+++ b/src/libstrongswan/plugins/sha2/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/soup/Makefile.in b/src/libstrongswan/plugins/soup/Makefile.in
index 035747700..8220dcaff 100644
--- a/src/libstrongswan/plugins/soup/Makefile.in
+++ b/src/libstrongswan/plugins/soup/Makefile.in
@@ -249,6 +249,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/sqlite/Makefile.in b/src/libstrongswan/plugins/sqlite/Makefile.in
index 1a9b21407..580cae7f1 100644
--- a/src/libstrongswan/plugins/sqlite/Makefile.in
+++ b/src/libstrongswan/plugins/sqlite/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/test_vectors/Makefile.in b/src/libstrongswan/plugins/test_vectors/Makefile.in
index 6cce8686b..f468cc3fd 100644
--- a/src/libstrongswan/plugins/test_vectors/Makefile.in
+++ b/src/libstrongswan/plugins/test_vectors/Makefile.in
@@ -257,6 +257,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/unbound/Makefile.in b/src/libstrongswan/plugins/unbound/Makefile.in
index f1a37bb03..4dfb2f31c 100644
--- a/src/libstrongswan/plugins/unbound/Makefile.in
+++ b/src/libstrongswan/plugins/unbound/Makefile.in
@@ -251,6 +251,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/x509/Makefile.in b/src/libstrongswan/plugins/x509/Makefile.in
index a0fcfd8ad..0e5520149 100644
--- a/src/libstrongswan/plugins/x509/Makefile.in
+++ b/src/libstrongswan/plugins/x509/Makefile.in
@@ -250,6 +250,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
diff --git a/src/libstrongswan/plugins/xcbc/Makefile.in b/src/libstrongswan/plugins/xcbc/Makefile.in
index 8730ba3fa..a679ce313 100644
--- a/src/libstrongswan/plugins/xcbc/Makefile.in
+++ b/src/libstrongswan/plugins/xcbc/Makefile.in
@@ -248,6 +248,7 @@ dev_headers = @dev_headers@
 docdir = @docdir@
 dvidir = @dvidir@
 exec_prefix = @exec_prefix@
+fips_mode = @fips_mode@
 gtk_CFLAGS = @gtk_CFLAGS@
 gtk_LIBS = @gtk_LIBS@
 h_plugins = @h_plugins@
author	Yves-Alexis Perez <corsac@debian.org>	2013-04-30 17:51:33 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2013-04-30 17:51:33 +0200
commit	c83921a2b566aa9d55d8ccc7258f04fca6292ee6 (patch)
tree	44039788fc816c84d5788df847d1555413ebe55a /src/libstrongswan
parent	10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (diff)
download	vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.tar.gz vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.zip