mirror of
https://git.freebsd.org/ports.git
synced 2025-06-01 02:46:27 -04:00
- Unbreak the build against modern OpenSSL versions
- Remove useless line from the port description
This commit is contained in:
Alexey Dokuchaev
parent
2fd7f0a7c5
commit
ecefd5a2c1
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=568724
13 changed files with 941 additions and 10 deletions
|
|
@ -36,13 +36,6 @@ LDAP_USE= OPENLDAP=yes
|
|||
LDAP_CMAKE_ON= -DLDAP=YES
|
||||
NATT_CMAKE_ON= -DNATT=YES
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if ${SSL_DEFAULT} == base
|
||||
BROKEN_FreeBSD_12= variable has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st')
|
||||
BROKEN_FreeBSD_13= variable has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st')
|
||||
.endif
|
||||
|
||||
post-install:
|
||||
@if ! ${SYSCTL} -a | ${GREP} -q ipsec; then \
|
||||
${ECHO_MSG} "===> -------------------------------------------------------------------------"; \
|
||||
|
|
@ -58,4 +51,6 @@ post-install-NATT-on:
|
|||
@${ECHO_MSG} "===> options IPSEC_NAT_T"
|
||||
@${ECHO_MSG} "===> -------------------------------------------------------------------------"
|
||||
|
||||
.include <bsd.port.post.mk>
|
||||
.include <bsd.port.mk>
|
||||
|
||||
PATCH_ARGS+= -l
|
||||
|
|
|
|||
100
security/ike/files/patch-source_iked_crypto.cpp
Normal file
100
security/ike/files/patch-source_iked_crypto.cpp
Normal file
|
|
@ -0,0 +1,100 @@
|
|||
--- source/iked/crypto.cpp.orig 2012-12-11 06:56:33 UTC
|
||||
+++ source/iked/crypto.cpp
|
||||
@@ -376,10 +376,6 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||
if( dh == NULL )
|
||||
return false;
|
||||
|
||||
- dh->p = NULL;
|
||||
- dh->g = NULL;
|
||||
- dh->length = 0;
|
||||
-
|
||||
//
|
||||
// set p ( prime ) value
|
||||
//
|
||||
@@ -387,49 +383,50 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||
unsigned char * p_data = NULL;
|
||||
size_t p_size = 0;
|
||||
|
||||
- dh->p = BN_new();
|
||||
- if( dh->p == NULL )
|
||||
+ BIGNUM *p = BN_new();
|
||||
+ BIGNUM *g = BN_new();
|
||||
+ if( p == NULL || g == NULL )
|
||||
goto dh_failed;
|
||||
|
||||
switch( group )
|
||||
{
|
||||
case 1:
|
||||
- if( !BN_bin2bn( group1, sizeof( group1 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group1, sizeof( group1 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
case 2:
|
||||
- if( !BN_bin2bn( group2, sizeof( group2 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group2, sizeof( group2 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
case 5:
|
||||
- if( !BN_bin2bn( group5, sizeof( group5 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group5, sizeof( group5 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
case 14:
|
||||
- if( !BN_bin2bn( group14, sizeof( group14 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group14, sizeof( group14 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
case 15:
|
||||
- if( !BN_bin2bn( group15, sizeof( group15 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group15, sizeof( group15 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
case 16:
|
||||
- if( !BN_bin2bn( group16, sizeof( group16 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group16, sizeof( group16 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
case 17:
|
||||
- if( !BN_bin2bn( group17, sizeof( group17 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group17, sizeof( group17 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
case 18:
|
||||
- if( !BN_bin2bn( group18, sizeof( group18 ), dh->p ) )
|
||||
+ if( !BN_bin2bn( group18, sizeof( group18 ), p ) )
|
||||
goto dh_failed;
|
||||
break;
|
||||
|
||||
@@ -441,13 +438,11 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||
// set g ( generator ) value
|
||||
//
|
||||
|
||||
- dh->g = BN_new();
|
||||
- if( dh->g == NULL )
|
||||
+ if( !BN_set_word( g, 2 ) )
|
||||
goto dh_failed;
|
||||
|
||||
- if( !BN_set_word( dh->g, 2 ) )
|
||||
- goto dh_failed;
|
||||
-
|
||||
+ DH_set0_pqg(dh, p, NULL, g);
|
||||
+
|
||||
//
|
||||
// generate private and public DH values
|
||||
//
|
||||
@@ -456,7 +451,7 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||
goto dh_failed;
|
||||
|
||||
*dh_data = dh;
|
||||
- *dh_size = BN_num_bytes( dh->p );
|
||||
+ *dh_size = BN_num_bytes( DH_get0_p( dh ) );
|
||||
|
||||
return true;
|
||||
|
||||
90
security/ike/files/patch-source_iked_ike.cpp
Normal file
90
security/ike/files/patch-source_iked_ike.cpp
Normal file
|
|
@ -0,0 +1,90 @@
|
|||
--- source/iked/ike.cpp.orig 2009-02-12 02:35:43 UTC
|
||||
+++ source/iked/ike.cpp
|
||||
@@ -391,11 +391,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
|
||||
// init cipher key and iv
|
||||
//
|
||||
|
||||
- EVP_CIPHER_CTX ctx_cipher;
|
||||
- EVP_CIPHER_CTX_init( &ctx_cipher );
|
||||
+ EVP_CIPHER_CTX *ctx_cipher;
|
||||
+ ctx_cipher = EVP_CIPHER_CTX_new();
|
||||
|
||||
EVP_CipherInit_ex(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
sa->evp_cipher,
|
||||
NULL,
|
||||
NULL,
|
||||
@@ -403,11 +403,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
|
||||
0 );
|
||||
|
||||
EVP_CIPHER_CTX_set_key_length(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
( int ) sa->key.size() );
|
||||
|
||||
EVP_CipherInit_ex(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
NULL,
|
||||
NULL,
|
||||
sa->key.buff(),
|
||||
@@ -419,12 +419,12 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
|
||||
//
|
||||
|
||||
EVP_Cipher(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
data + sizeof( IKE_HEADER ),
|
||||
data + sizeof( IKE_HEADER ),
|
||||
( int ) size - sizeof( IKE_HEADER ) );
|
||||
|
||||
- EVP_CIPHER_CTX_cleanup( &ctx_cipher );
|
||||
+ EVP_CIPHER_CTX_free( ctx_cipher );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -595,11 +595,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
|
||||
// encrypt all but header
|
||||
//
|
||||
|
||||
- EVP_CIPHER_CTX ctx_cipher;
|
||||
- EVP_CIPHER_CTX_init( &ctx_cipher );
|
||||
+ EVP_CIPHER_CTX *ctx_cipher;
|
||||
+ ctx_cipher = EVP_CIPHER_CTX_new();
|
||||
|
||||
EVP_CipherInit_ex(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
sa->evp_cipher,
|
||||
NULL,
|
||||
NULL,
|
||||
@@ -607,11 +607,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
|
||||
1 );
|
||||
|
||||
EVP_CIPHER_CTX_set_key_length(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
( int ) sa->key.size() );
|
||||
|
||||
EVP_CipherInit_ex(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
NULL,
|
||||
NULL,
|
||||
sa->key.buff(),
|
||||
@@ -619,12 +619,12 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
|
||||
1 );
|
||||
|
||||
EVP_Cipher(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
data + sizeof( IKE_HEADER ),
|
||||
data + sizeof( IKE_HEADER ),
|
||||
( int ) size - sizeof( IKE_HEADER ) );
|
||||
|
||||
- EVP_CIPHER_CTX_cleanup( &ctx_cipher );
|
||||
+ EVP_CIPHER_CTX_free( ctx_cipher );
|
||||
|
||||
//
|
||||
// store cipher iv data
|
||||
48
security/ike/files/patch-source_iked_ike.exch.config.cpp
Normal file
48
security/ike/files/patch-source_iked_ike.exch.config.cpp
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
--- source/iked/ike.exch.config.cpp.orig 2013-04-07 16:28:06 UTC
|
||||
+++ source/iked/ike.exch.config.cpp
|
||||
@@ -2481,15 +2481,15 @@ long _IKED::config_chk_hash( IDB_PH1 * ph1, IDB_CFG *
|
||||
BDATA hash_c;
|
||||
hash_c.size( ph1->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &msgid, 4 );
|
||||
- HMAC_Update( &ctx_prf, cfg->hda.buff(), cfg->hda.size() );
|
||||
- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &msgid, 4 );
|
||||
+ HMAC_Update( ctx_prf, cfg->hda.buff(), cfg->hda.size() );
|
||||
+ HMAC_Final( ctx_prf, hash_c.buff(), NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -2543,15 +2543,15 @@ long _IKED::config_message_send( IDB_PH1 * ph1, IDB_CF
|
||||
// create message authentication hash
|
||||
//
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
|
||||
- HMAC_Update( &ctx_prf, packet.buff() + beg, end - beg );
|
||||
- HMAC_Final( &ctx_prf, hash.buff(), 0 );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
|
||||
+ HMAC_Update( ctx_prf, packet.buff() + beg, end - beg );
|
||||
+ HMAC_Final( ctx_prf, hash.buff(), 0 );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
memcpy( packet.buff() + off + 4, hash.buff(), hash.size() );
|
||||
|
||||
48
security/ike/files/patch-source_iked_ike.exch.inform.cpp
Normal file
48
security/ike/files/patch-source_iked_ike.exch.inform.cpp
Normal file
|
|
@ -0,0 +1,48 @@
|
|||
--- source/iked/ike.exch.inform.cpp.orig 2010-12-02 16:06:10 UTC
|
||||
+++ source/iked/ike.exch.inform.cpp
|
||||
@@ -399,15 +399,15 @@ long _IKED::inform_chk_hash( IDB_PH1 * ph1, IDB_XCH *
|
||||
BDATA hash_c;
|
||||
hash_c.size( ph1->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
|
||||
- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||
- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
|
||||
+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||
+ HMAC_Final( ctx_prf, hash_c.buff(), NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -439,15 +439,15 @@ long _IKED::inform_gen_hash( IDB_PH1 * ph1, IDB_XCH *
|
||||
{
|
||||
inform->hash_l.size( ph1->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
|
||||
- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||
- HMAC_Final( &ctx_prf, inform->hash_l.buff(), 0 );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
|
||||
+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||
+ HMAC_Final( ctx_prf, inform->hash_l.buff(), 0 );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
347
security/ike/files/patch-source_iked_ike.exch.phase1.cpp
Normal file
347
security/ike/files/patch-source_iked_ike.exch.phase1.cpp
Normal file
|
|
@ -0,0 +1,347 @@
|
|||
--- source/iked/ike.exch.phase1.cpp.orig 2012-02-08 05:09:35 UTC
|
||||
+++ source/iked/ike.exch.phase1.cpp
|
||||
@@ -1044,14 +1044,14 @@ long _IKED::process_phase1_send( IDB_PH1 * ph1 )
|
||||
BDATA psk_hash;
|
||||
psk_hash.size( ph1->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
|
||||
- HMAC_Final( &ctx_prf, psk_hash.buff(), NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
|
||||
+ HMAC_Final( ctx_prf, psk_hash.buff(), NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
//
|
||||
// add the notification payload
|
||||
@@ -1557,7 +1557,7 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
{
|
||||
BDATA prv;
|
||||
prv.size( ph1->dh_size );
|
||||
- BN_bn2bin( ph1->dh->priv_key, prv.buff() );
|
||||
+ BN_bn2bin( DH_get0_priv_key( ph1->dh ), prv.buff() );
|
||||
|
||||
log.bin(
|
||||
LLOG_DECODE,
|
||||
@@ -1656,25 +1656,25 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
case XAUTH_AUTH_INIT_PSK:
|
||||
case XAUTH_AUTH_RESP_PSK:
|
||||
{
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
|
||||
|
||||
if( ph1->initiator )
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||
- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||
+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||
+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||
}
|
||||
else
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||
- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||
+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||
+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||
}
|
||||
|
||||
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
break;
|
||||
}
|
||||
@@ -1704,14 +1704,14 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
nonce.add( ph1->nonce_l );
|
||||
}
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
break;
|
||||
}
|
||||
@@ -1730,15 +1730,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
// compute SKEYID_d
|
||||
//
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||
- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||
+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||
|
||||
ph1->skeyid_d.set( skeyid_data, skeyid_size );
|
||||
|
||||
@@ -1753,13 +1753,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
// compute SKEYID_a
|
||||
//
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
|
||||
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||
- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\1", 1 );
|
||||
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
|
||||
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||
+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\1", 1 );
|
||||
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||
|
||||
ph1->skeyid_a.set( skeyid_data, skeyid_size );
|
||||
|
||||
@@ -1774,13 +1774,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
// compute SKEYID_e
|
||||
//
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
|
||||
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||
- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\2", 1 );
|
||||
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
|
||||
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||
+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\2", 1 );
|
||||
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||
|
||||
ph1->skeyid_e.set( skeyid_data, skeyid_size );
|
||||
|
||||
@@ -1821,15 +1821,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
|
||||
// create extended key data
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||
- HMAC_Final( &ctx_prf, key_data, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||
+ HMAC_Final( ctx_prf, key_data, NULL );
|
||||
|
||||
for( long size = skeyid_size; size < key_size; size += skeyid_size )
|
||||
{
|
||||
- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||
- HMAC_Final( &ctx_prf, key_data + size, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||
+ HMAC_Final( ctx_prf, key_data + size, NULL );
|
||||
}
|
||||
}
|
||||
else
|
||||
@@ -1839,7 +1839,7 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
memcpy( key_data, skeyid_data, key_size );
|
||||
}
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
if( proposal->ciph_kl )
|
||||
key_size = ( proposal->ciph_kl + 7 ) / 8;
|
||||
@@ -1860,22 +1860,23 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||
unsigned char iv_data[ HMAC_MAX_MD_CBLOCK ];
|
||||
unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
|
||||
|
||||
- EVP_MD_CTX ctx_hash;
|
||||
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||
+ EVP_MD_CTX *ctx_hash;
|
||||
+ ctx_hash = EVP_MD_CTX_new();
|
||||
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||
|
||||
if( ph1->initiator )
|
||||
{
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||
}
|
||||
else
|
||||
{
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||
}
|
||||
|
||||
- EVP_DigestFinal( &ctx_hash, iv_data, NULL );
|
||||
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||
+ EVP_DigestFinal( ctx_hash, iv_data, NULL );
|
||||
+ EVP_MD_CTX_free( ctx_hash );
|
||||
|
||||
ph1->iv.set( iv_data, iv_size );
|
||||
|
||||
@@ -1903,29 +1904,29 @@ long _IKED::phase1_gen_hash_i( IDB_PH1 * sa, BDATA & h
|
||||
|
||||
hash.size( sa->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||
|
||||
if( sa->initiator )
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
}
|
||||
else
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
}
|
||||
|
||||
- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||
- HMAC_Update( &ctx_prf, sa->idi.buff(), sa->idi.size() );
|
||||
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||
+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->idi.buff(), sa->idi.size() );
|
||||
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -1945,29 +1946,29 @@ long _IKED::phase1_gen_hash_r( IDB_PH1 * sa, BDATA & h
|
||||
|
||||
hash.size( sa->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||
|
||||
if( sa->initiator )
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
}
|
||||
else
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||
}
|
||||
|
||||
- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||
- HMAC_Update( &ctx_prf, sa->idr.buff(), sa->idr.size() );
|
||||
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||
+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||
+ HMAC_Update( ctx_prf, sa->idr.buff(), sa->idr.size() );
|
||||
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -2569,14 +2570,14 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
|
||||
// hash for remote address
|
||||
//
|
||||
|
||||
- EVP_MD_CTX ctx_hash;
|
||||
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
|
||||
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
|
||||
- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
|
||||
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||
+ EVP_MD_CTX *ctx_hash;
|
||||
+ ctx_hash = EVP_MD_CTX_new();
|
||||
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
|
||||
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
|
||||
+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
|
||||
|
||||
ph1->natd_hash_l.add( natd );
|
||||
|
||||
@@ -2585,13 +2586,13 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
|
||||
// hash for local address
|
||||
//
|
||||
|
||||
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
|
||||
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
|
||||
- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
|
||||
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
|
||||
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
|
||||
+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
|
||||
+ EVP_MD_CTX_free( ctx_hash );
|
||||
|
||||
ph1->natd_hash_l.add( natd );
|
||||
|
||||
153
security/ike/files/patch-source_iked_ike.exch.phase2.cpp
Normal file
153
security/ike/files/patch-source_iked_ike.exch.phase2.cpp
Normal file
|
|
@ -0,0 +1,153 @@
|
|||
--- source/iked/ike.exch.phase2.cpp.orig 2010-12-22 21:35:36 UTC
|
||||
+++ source/iked/ike.exch.phase2.cpp
|
||||
@@ -1008,14 +1008,14 @@ long _IKED::phase2_gen_hash_i( IDB_PH1 * ph1, IDB_PH2
|
||||
|
||||
hash.size( ph1->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, input.buff(), input.size() );
|
||||
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, input.buff(), input.size() );
|
||||
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -1048,14 +1048,14 @@ long _IKED::phase2_gen_hash_r( IDB_PH1 * ph1, IDB_PH2
|
||||
|
||||
hash.size( ph1->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, input.buff(), input.size() );
|
||||
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, input.buff(), input.size() );
|
||||
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -1093,14 +1093,14 @@ long _IKED::phase2_gen_hash_p( IDB_PH1 * ph1, IDB_PH2
|
||||
|
||||
hash.size( ph1->hash_size );
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, input.buff(), input.size() );
|
||||
- HMAC_Final( &ctx_prf, hash.buff(), 0 );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, input.buff(), input.size() );
|
||||
+ HMAC_Final( ctx_prf, hash.buff(), 0 );
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
log.bin(
|
||||
LLOG_DEBUG,
|
||||
@@ -1555,7 +1555,7 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 *
|
||||
{
|
||||
BDATA prv;
|
||||
prv.size( ph2->dh_size );
|
||||
- BN_bn2bin( ph2->dh->priv_key, prv.buff() );
|
||||
+ BN_bn2bin( DH_get0_priv_key( ph2->dh ), prv.buff() );
|
||||
|
||||
log.bin(
|
||||
LLOG_DECODE,
|
||||
@@ -1817,56 +1817,56 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 *
|
||||
// K3 = prf( SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b )
|
||||
//
|
||||
|
||||
- HMAC_CTX ctx_prf;
|
||||
- HMAC_CTX_init( &ctx_prf );
|
||||
+ HMAC_CTX *ctx_prf;
|
||||
+ ctx_prf = HMAC_CTX_new();
|
||||
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||
|
||||
if( ph2->dhgr_id )
|
||||
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||
|
||||
if( ph2->initiator )
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
}
|
||||
else
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
}
|
||||
|
||||
- HMAC_Final( &ctx_prf, key_data, NULL );
|
||||
+ HMAC_Final( ctx_prf, key_data, NULL );
|
||||
|
||||
for( long size = skeyid_size; size < key_size; size += skeyid_size )
|
||||
{
|
||||
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||
- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||
+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||
|
||||
if( ph2->dhgr_id )
|
||||
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||
|
||||
if( ph2->initiator )
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
}
|
||||
else
|
||||
{
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||
}
|
||||
|
||||
- HMAC_Final( &ctx_prf, key_data + size, 0 );
|
||||
+ HMAC_Final( ctx_prf, key_data + size, 0 );
|
||||
}
|
||||
|
||||
- HMAC_CTX_cleanup( &ctx_prf );
|
||||
+ HMAC_CTX_free( ctx_prf );
|
||||
|
||||
//
|
||||
// separate encrypt and auth key data
|
||||
22
security/ike/files/patch-source_iked_ike.idb.exch.cpp
Normal file
22
security/ike/files/patch-source_iked_ike.idb.exch.cpp
Normal file
|
|
@ -0,0 +1,22 @@
|
|||
--- source/iked/ike.idb.exch.cpp.orig 2011-01-15 22:09:32 UTC
|
||||
+++ source/iked/ike.idb.exch.cpp
|
||||
@@ -134,12 +134,13 @@ bool _IDB_XCH::new_msgiv( IDB_PH1 * ph1 )
|
||||
unsigned char iv_data[ EVP_MAX_MD_SIZE ];
|
||||
unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
|
||||
|
||||
- EVP_MD_CTX ctx_hash;
|
||||
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||
- EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );
|
||||
- EVP_DigestUpdate( &ctx_hash, &msgid, 4 );
|
||||
- EVP_DigestFinal( &ctx_hash, iv_data, NULL );
|
||||
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||
+ EVP_MD_CTX *ctx_hash;
|
||||
+ ctx_hash = EVP_MD_CTX_new();
|
||||
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||
+ EVP_DigestUpdate( ctx_hash, ph1->iv.buff(), ph1->iv.size() );
|
||||
+ EVP_DigestUpdate( ctx_hash, &msgid, 4 );
|
||||
+ EVP_DigestFinal( ctx_hash, iv_data, NULL );
|
||||
+ EVP_MD_CTX_free( ctx_hash );
|
||||
|
||||
iv.set( iv_data, iv_size );
|
||||
|
||||
11
security/ike/files/patch-source_iked_ike.idb.phase1.cpp
Normal file
11
security/ike/files/patch-source_iked_ike.idb.phase1.cpp
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
--- source/iked/ike.idb.phase1.cpp.orig 2011-02-01 07:21:32 UTC
|
||||
+++ source/iked/ike.idb.phase1.cpp
|
||||
@@ -676,7 +676,7 @@ bool _IDB_PH1::setup_dhgrp( IKE_PROPOSAL * proposal )
|
||||
}
|
||||
|
||||
xl.size( dh_size );
|
||||
- long result = BN_bn2bin( dh->pub_key, xl.buff() );
|
||||
+ long result = BN_bn2bin( DH_get0_pub_key( dh ), xl.buff() );
|
||||
|
||||
//
|
||||
// fixup public buffer alignment
|
||||
11
security/ike/files/patch-source_iked_ike.idb.phase2.cpp
Normal file
11
security/ike/files/patch-source_iked_ike.idb.phase2.cpp
Normal file
|
|
@ -0,0 +1,11 @@
|
|||
--- source/iked/ike.idb.phase2.cpp.orig 2012-11-19 23:28:52 UTC
|
||||
+++ source/iked/ike.idb.phase2.cpp
|
||||
@@ -438,7 +438,7 @@ bool _IDB_PH2::setup_dhgrp()
|
||||
}
|
||||
|
||||
xl.size( dh_size );
|
||||
- long result = BN_bn2bin( dh->pub_key, xl.buff() );
|
||||
+ long result = BN_bn2bin( DH_get0_pub_key( dh ), xl.buff() );
|
||||
|
||||
//
|
||||
// fixup public buffer alignment
|
||||
82
security/ike/files/patch-source_iked_ike.keyfile.cpp
Normal file
82
security/ike/files/patch-source_iked_ike.keyfile.cpp
Normal file
|
|
@ -0,0 +1,82 @@
|
|||
--- source/iked/ike.keyfile.cpp.orig 2012-12-15 22:14:32 UTC
|
||||
+++ source/iked/ike.keyfile.cpp
|
||||
@@ -663,15 +663,19 @@ static int verify_cb( int ok, X509_STORE_CTX * store_c
|
||||
{
|
||||
long ll = LLOG_ERROR;
|
||||
char name[ 512 ];
|
||||
+ int error, error_depth;
|
||||
|
||||
- X509_NAME * x509_name = X509_get_subject_name( store_ctx->current_cert );
|
||||
+ X509_NAME * x509_name = X509_get_subject_name( X509_STORE_CTX_get_current_cert(store_ctx) );
|
||||
|
||||
X509_NAME_oneline(
|
||||
x509_name,
|
||||
name,
|
||||
512 );
|
||||
+
|
||||
+ error = X509_STORE_CTX_get_error(store_ctx);
|
||||
+ error_depth = X509_STORE_CTX_get_error_depth(store_ctx);
|
||||
|
||||
- switch( store_ctx->error )
|
||||
+ switch( error )
|
||||
{
|
||||
case X509_V_ERR_UNABLE_TO_GET_CRL:
|
||||
ok = 1;
|
||||
@@ -683,9 +687,9 @@ static int verify_cb( int ok, X509_STORE_CTX * store_c
|
||||
ll,
|
||||
"ii : %s(%d) at depth:%d\n"
|
||||
"ii : subject :%s\n",
|
||||
- X509_verify_cert_error_string( store_ctx->error ),
|
||||
- store_ctx->error,
|
||||
- store_ctx->error_depth,
|
||||
+ X509_verify_cert_error_string( error ),
|
||||
+ error,
|
||||
+ error_depth,
|
||||
name );
|
||||
}
|
||||
|
||||
@@ -857,7 +861,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, FILE * fp, B
|
||||
if( evp_pkey == NULL )
|
||||
return false;
|
||||
|
||||
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||
EVP_PKEY_free( evp_pkey );
|
||||
|
||||
return converted;
|
||||
@@ -883,7 +887,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, FILE * fp, B
|
||||
if( evp_pkey == NULL )
|
||||
return false;
|
||||
|
||||
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||
EVP_PKEY_free( evp_pkey );
|
||||
|
||||
return converted;
|
||||
@@ -939,7 +943,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, BDATA & inpu
|
||||
if( evp_pkey == NULL )
|
||||
return false;
|
||||
|
||||
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||
EVP_PKEY_free( evp_pkey );
|
||||
|
||||
return converted;
|
||||
@@ -976,7 +980,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, BDATA & inpu
|
||||
if( evp_pkey == NULL )
|
||||
return false;
|
||||
|
||||
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||
EVP_PKEY_free( evp_pkey );
|
||||
|
||||
return converted;
|
||||
@@ -1010,7 +1014,7 @@ bool _IKED::pubkey_rsa_read( BDATA & cert, BDATA & pub
|
||||
if( evp_pkey == NULL )
|
||||
return false;
|
||||
|
||||
- bool result = pubkey_rsa_2_bdata( pubkey, evp_pkey->pkey.rsa );
|
||||
+ bool result = pubkey_rsa_2_bdata( pubkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||
|
||||
EVP_PKEY_free( evp_pkey );
|
||||
|
||||
26
security/ike/files/patch-source_libike_manager.file.cpp
Normal file
26
security/ike/files/patch-source_libike_manager.file.cpp
Normal file
|
|
@ -0,0 +1,26 @@
|
|||
--- source/libike/manager.file.cpp.orig 2011-02-06 16:40:00 UTC
|
||||
+++ source/libike/manager.file.cpp
|
||||
@@ -679,11 +679,11 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config,
|
||||
BDATA pwd;
|
||||
data.get( pwd );
|
||||
|
||||
- EVP_CIPHER_CTX ctx_cipher;
|
||||
- EVP_CIPHER_CTX_init( &ctx_cipher );
|
||||
+ EVP_CIPHER_CTX *ctx_cipher;
|
||||
+ ctx_cipher = EVP_CIPHER_CTX_new();
|
||||
|
||||
EVP_CipherInit_ex(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
EVP_des_ede3_cbc(),
|
||||
NULL,
|
||||
key,
|
||||
@@ -691,7 +691,7 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config,
|
||||
0 );
|
||||
|
||||
EVP_Cipher(
|
||||
- &ctx_cipher,
|
||||
+ ctx_cipher,
|
||||
pwd.buff(),
|
||||
pwd.buff(),
|
||||
( unsigned int ) pwd.size() );
|
||||
|
|
@ -5,6 +5,4 @@ running the ipsec-tools racoon daemon. The latest version offers a
|
|||
high level of compatibility with Cisco, Juniper, Zywall, Fortigate
|
||||
and many other commercial IPsec VPN gateways.
|
||||
|
||||
For more information please visit ...
|
||||
|
||||
WWW: http://www.shrew.net/
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue