From 25663e04c3ab01ef8dc9f906608282319cfea2db Mon Sep 17 00:00:00 2001 From: Yves-Alexis Perez Date: Thu, 20 Oct 2016 16:18:38 +0200 Subject: New upstream version 5.5.1 --- src/libstrongswan/plugins/openssl/Makefile.in | 5 +- .../plugins/openssl/openssl_ec_private_key.c | 25 +++++++- .../plugins/openssl/openssl_ec_private_key.h | 14 ++++- src/libstrongswan/plugins/openssl/openssl_gcm.c | 6 +- src/libstrongswan/plugins/openssl/openssl_pkcs12.c | 4 -- src/libstrongswan/plugins/openssl/openssl_plugin.c | 70 ++++++++++++++++++---- .../plugins/openssl/openssl_rsa_private_key.c | 41 +++++++++---- .../plugins/openssl/openssl_rsa_private_key.h | 14 ++++- .../plugins/openssl/openssl_rsa_public_key.c | 12 ++-- src/libstrongswan/plugins/openssl/openssl_util.h | 7 +++ 10 files changed, 154 insertions(+), 44 deletions(-) (limited to 'src/libstrongswan/plugins/openssl') diff --git a/src/libstrongswan/plugins/openssl/Makefile.in b/src/libstrongswan/plugins/openssl/Makefile.in index f453f43b5..dd8a17ed7 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.in +++ b/src/libstrongswan/plugins/openssl/Makefile.in @@ -360,7 +360,6 @@ clearsilver_LIBS = @clearsilver_LIBS@ cmd_plugins = @cmd_plugins@ datadir = @datadir@ datarootdir = @datarootdir@ -dbusservicedir = @dbusservicedir@ dev_headers = @dev_headers@ docdir = @docdir@ dvidir = @dvidir@ @@ -394,8 +393,6 @@ libiptc_LIBS = @libiptc_LIBS@ linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ -maemo_CFLAGS = @maemo_CFLAGS@ -maemo_LIBS = @maemo_LIBS@ manager_plugins = @manager_plugins@ mandir = @mandir@ medsrv_plugins = @medsrv_plugins@ @@ -449,6 +446,8 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +tss2_CFLAGS = @tss2_CFLAGS@ +tss2_LIBS = @tss2_LIBS@ urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c index 24fe623eb..22bbf6dc7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2012 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -304,7 +304,26 @@ static private_openssl_ec_private_key_t *create_empty(void) return this; } -/** +/* + * See header. + */ +private_key_t *openssl_ec_private_key_create(EVP_PKEY *key) +{ + private_openssl_ec_private_key_t *this; + EC_KEY *ec; + + ec = EVP_PKEY_get1_EC_KEY(key); + EVP_PKEY_free(key); + if (!ec) + { + return NULL; + } + this = create_empty(); + this->ec = ec; + return &this->public.key; +} + +/* * See header. */ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, diff --git a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h index f56c95aa1..84314f671 100644 --- a/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_ec_private_key.h @@ -1,6 +1,6 @@ /* - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +21,8 @@ #ifndef OPENSSL_EC_PRIVATE_KEY_H_ #define OPENSSL_EC_PRIVATE_KEY_H_ +#include + #include #include @@ -61,4 +63,12 @@ openssl_ec_private_key_t *openssl_ec_private_key_gen(key_type_t type, openssl_ec_private_key_t *openssl_ec_private_key_load(key_type_t type, va_list args); +/** + * Wrap an EVP_PKEY object of type EVP_PKEY_EC + * + * @param key EVP_PKEY_EC key object (adopted) + * @return loaded key, NULL on failure + */ +private_key_t *openssl_ec_private_key_create(EVP_PKEY *key); + #endif /** OPENSSL_EC_PRIVATE_KEY_H_ @}*/ diff --git a/src/libstrongswan/plugins/openssl/openssl_gcm.c b/src/libstrongswan/plugins/openssl/openssl_gcm.c index 6bbe4af95..5ef885b16 100644 --- a/src/libstrongswan/plugins/openssl/openssl_gcm.c +++ b/src/libstrongswan/plugins/openssl/openssl_gcm.c @@ -255,13 +255,13 @@ aead_t *openssl_gcm_create(encryption_algorithm_t algo, key_size = 16; /* FALL */ case 16: - this->cipher = EVP_get_cipherbyname("aes-128-gcm"); + this->cipher = EVP_aes_128_gcm(); break; case 24: - this->cipher = EVP_get_cipherbyname("aes-192-gcm"); + this->cipher = EVP_aes_192_gcm(); break; case 32: - this->cipher = EVP_get_cipherbyname("aes-256-gcm"); + this->cipher = EVP_aes_256_gcm(); break; default: free(this); diff --git a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c index 705e96c69..bbd400cac 100644 --- a/src/libstrongswan/plugins/openssl/openssl_pkcs12.c +++ b/src/libstrongswan/plugins/openssl/openssl_pkcs12.c @@ -23,10 +23,6 @@ #include #include -#ifdef OPENSSL_IS_BORINGSSL -#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) -#endif - typedef struct private_pkcs12_t private_pkcs12_t; /** diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 3e3b986df..ab73d718f 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2008-2013 Tobias Brunner + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2008 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -269,6 +269,53 @@ static bool seed_rng() return TRUE; } +/** + * Generic key loader + */ +static private_key_t *openssl_private_key_load(key_type_t type, va_list args) +{ + chunk_t blob = chunk_empty; + EVP_PKEY *key; + + while (TRUE) + { + switch (va_arg(args, builder_part_t)) + { + case BUILD_BLOB_ASN1_DER: + blob = va_arg(args, chunk_t); + continue; + case BUILD_END: + break; + default: + return NULL; + } + break; + } + + if (blob.ptr) + { + key = d2i_AutoPrivateKey(NULL, (const u_char**)&blob.ptr, blob.len); + if (key) + { + switch (EVP_PKEY_base_id(key)) + { +#ifndef OPENSSL_NO_RSA + case EVP_PKEY_RSA: + return openssl_rsa_private_key_create(key); +#endif +#ifndef OPENSSL_NO_ECDSA + case EVP_PKEY_EC: + return openssl_ec_private_key_create(key); +#endif + default: + EVP_PKEY_free(key); + break; + } + } + } + return NULL; +} + METHOD(plugin_t, get_name, char*, private_openssl_plugin_t *this) { @@ -438,16 +485,16 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA1), #endif #ifndef OPENSSL_NO_SHA256 - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA224), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA256), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA224), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA256), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_256), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_224), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_256), #endif #ifndef OPENSSL_NO_SHA512 - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA384), - PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA512), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA384), - PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA512), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_SHA2_512), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_384), + PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_RSA_EMSA_PKCS1_SHA2_512), #endif #ifndef OPENSSL_NO_MD5 PLUGIN_PROVIDE(PRIVKEY_SIGN, SIGN_RSA_EMSA_PKCS1_MD5), @@ -504,6 +551,9 @@ METHOD(plugin_t, get_features, int, PLUGIN_PROVIDE(PUBKEY_VERIFY, SIGN_ECDSA_521), #endif #endif /* OPENSSL_NO_ECDSA */ + /* generic key loader */ + PLUGIN_REGISTER(PRIVKEY, openssl_private_key_load, TRUE), + PLUGIN_PROVIDE(PRIVKEY, KEY_ANY), PLUGIN_REGISTER(RNG, openssl_rng_create), PLUGIN_PROVIDE(RNG, RNG_STRONG), PLUGIN_PROVIDE(RNG, RNG_WEAK), diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c index 485e0bbc7..54ecf2542 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c @@ -1,7 +1,7 @@ /* + * Copyright (C) 2008-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -158,16 +158,16 @@ METHOD(private_key_t, sign, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return build_emsa_pkcs1_signature(this, NID_undef, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return build_emsa_pkcs1_signature(this, NID_sha224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return build_emsa_pkcs1_signature(this, NID_sha256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return build_emsa_pkcs1_signature(this, NID_sha384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return build_emsa_pkcs1_signature(this, NID_sha512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return build_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return build_emsa_pkcs1_signature(this, NID_md5, data, signature); default: @@ -327,7 +327,7 @@ static private_openssl_rsa_private_key_t *create_empty() return this; } -/** +/* * See header. */ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, @@ -383,7 +383,26 @@ error: return NULL; } -/** +/* + * See header + */ +private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key) +{ + private_openssl_rsa_private_key_t *this; + RSA *rsa; + + rsa = EVP_PKEY_get1_RSA(key); + EVP_PKEY_free(key); + if (!rsa) + { + return NULL; + } + this = create_empty(); + this->rsa = rsa; + return &this->public.key; +} + +/* * See header */ openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, @@ -528,7 +547,7 @@ static bool login(ENGINE *engine, chunk_t keyid) } #endif /* OPENSSL_NO_ENGINE */ -/** +/* * See header. */ openssl_rsa_private_key_t *openssl_rsa_private_key_connect(key_type_t type, diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h index 60889d651..34ce4c776 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.h @@ -1,6 +1,6 @@ /* - * Copyright (C) 2008 Tobias Brunner - * Hochschule fuer Technik Rapperswil + * Copyright (C) 2008-2016 Tobias Brunner + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +21,8 @@ #ifndef OPENSSL_RSA_PRIVATE_KEY_H_ #define OPENSSL_RSA_PRIVATE_KEY_H_ +#include + #include #include @@ -61,6 +63,14 @@ openssl_rsa_private_key_t *openssl_rsa_private_key_gen(key_type_t type, openssl_rsa_private_key_t *openssl_rsa_private_key_load(key_type_t type, va_list args); +/** + * Wrap an EVP_PKEY object of type EVP_PKEY_RSA + * + * @param key EVP_PKEY_RSA key object (adopted) + * @return loaded key, NULL on failure + */ +private_key_t *openssl_rsa_private_key_create(EVP_PKEY *key); + /** * Connect to a RSA private key on a smartcard. * diff --git a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c index d66d5016e..d3a644f72 100644 --- a/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c +++ b/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c @@ -143,16 +143,16 @@ METHOD(public_key_t, verify, bool, { case SIGN_RSA_EMSA_PKCS1_NULL: return verify_emsa_pkcs1_signature(this, NID_undef, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA1: - return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA224: + case SIGN_RSA_EMSA_PKCS1_SHA2_224: return verify_emsa_pkcs1_signature(this, NID_sha224, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA256: + case SIGN_RSA_EMSA_PKCS1_SHA2_256: return verify_emsa_pkcs1_signature(this, NID_sha256, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA384: + case SIGN_RSA_EMSA_PKCS1_SHA2_384: return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature); - case SIGN_RSA_EMSA_PKCS1_SHA512: + case SIGN_RSA_EMSA_PKCS1_SHA2_512: return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature); + case SIGN_RSA_EMSA_PKCS1_SHA1: + return verify_emsa_pkcs1_signature(this, NID_sha1, data, signature); case SIGN_RSA_EMSA_PKCS1_MD5: return verify_emsa_pkcs1_signature(this, NID_md5, data, signature); default: diff --git a/src/libstrongswan/plugins/openssl/openssl_util.h b/src/libstrongswan/plugins/openssl/openssl_util.h index f4186e8c4..7c5c367f7 100644 --- a/src/libstrongswan/plugins/openssl/openssl_util.h +++ b/src/libstrongswan/plugins/openssl/openssl_util.h @@ -135,6 +135,13 @@ int openssl_asn1_known_oid(ASN1_OBJECT *obj); */ time_t openssl_asn1_to_time(ASN1_TIME *time); +/** + * Compatibility macros + */ +#ifdef OPENSSL_IS_BORINGSSL +#define EVP_PKEY_base_id(p) EVP_PKEY_type(p->type) +#endif + /** * Macros to define fallback getters/setters to access keys (BIGNUM*) for types * that were made opaque with OpenSSL 1.1.0. -- cgit v1.2.3