mirror of
https://git.freebsd.org/ports.git
synced 2025-07-18 01:39:16 -04:00
- Unbreak the build against modern OpenSSL versions
- Remove useless line from the port description
This commit is contained in:
Alexey Dokuchaev
parent
2fd7f0a7c5
commit
ecefd5a2c1
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=568724
13 changed files with 941 additions and 10 deletions
|
|
@ -36,13 +36,6 @@ LDAP_USE= OPENLDAP=yes
|
||||||
LDAP_CMAKE_ON= -DLDAP=YES
|
LDAP_CMAKE_ON= -DLDAP=YES
|
||||||
NATT_CMAKE_ON= -DNATT=YES
|
NATT_CMAKE_ON= -DNATT=YES
|
||||||
|
|
||||||
.include <bsd.port.pre.mk>
|
|
||||||
|
|
||||||
.if ${SSL_DEFAULT} == base
|
|
||||||
BROKEN_FreeBSD_12= variable has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st')
|
|
||||||
BROKEN_FreeBSD_13= variable has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st')
|
|
||||||
.endif
|
|
||||||
|
|
||||||
post-install:
|
post-install:
|
||||||
@if ! ${SYSCTL} -a | ${GREP} -q ipsec; then \
|
@if ! ${SYSCTL} -a | ${GREP} -q ipsec; then \
|
||||||
${ECHO_MSG} "===> -------------------------------------------------------------------------"; \
|
${ECHO_MSG} "===> -------------------------------------------------------------------------"; \
|
||||||
|
|
@ -58,4 +51,6 @@ post-install-NATT-on:
|
||||||
@${ECHO_MSG} "===> options IPSEC_NAT_T"
|
@${ECHO_MSG} "===> options IPSEC_NAT_T"
|
||||||
@${ECHO_MSG} "===> -------------------------------------------------------------------------"
|
@${ECHO_MSG} "===> -------------------------------------------------------------------------"
|
||||||
|
|
||||||
.include <bsd.port.post.mk>
|
.include <bsd.port.mk>
|
||||||
|
|
||||||
|
PATCH_ARGS+= -l
|
||||||
|
|
|
||||||
100
security/ike/files/patch-source_iked_crypto.cpp
Normal file
100
security/ike/files/patch-source_iked_crypto.cpp
Normal file
|
|
@ -0,0 +1,100 @@
|
||||||
|
--- source/iked/crypto.cpp.orig 2012-12-11 06:56:33 UTC
|
||||||
|
+++ source/iked/crypto.cpp
|
||||||
|
@@ -376,10 +376,6 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||||
|
if( dh == NULL )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
- dh->p = NULL;
|
||||||
|
- dh->g = NULL;
|
||||||
|
- dh->length = 0;
|
||||||
|
-
|
||||||
|
//
|
||||||
|
// set p ( prime ) value
|
||||||
|
//
|
||||||
|
@@ -387,49 +383,50 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||||
|
unsigned char * p_data = NULL;
|
||||||
|
size_t p_size = 0;
|
||||||
|
|
||||||
|
- dh->p = BN_new();
|
||||||
|
- if( dh->p == NULL )
|
||||||
|
+ BIGNUM *p = BN_new();
|
||||||
|
+ BIGNUM *g = BN_new();
|
||||||
|
+ if( p == NULL || g == NULL )
|
||||||
|
goto dh_failed;
|
||||||
|
|
||||||
|
switch( group )
|
||||||
|
{
|
||||||
|
case 1:
|
||||||
|
- if( !BN_bin2bn( group1, sizeof( group1 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group1, sizeof( group1 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 2:
|
||||||
|
- if( !BN_bin2bn( group2, sizeof( group2 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group2, sizeof( group2 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 5:
|
||||||
|
- if( !BN_bin2bn( group5, sizeof( group5 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group5, sizeof( group5 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 14:
|
||||||
|
- if( !BN_bin2bn( group14, sizeof( group14 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group14, sizeof( group14 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 15:
|
||||||
|
- if( !BN_bin2bn( group15, sizeof( group15 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group15, sizeof( group15 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 16:
|
||||||
|
- if( !BN_bin2bn( group16, sizeof( group16 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group16, sizeof( group16 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 17:
|
||||||
|
- if( !BN_bin2bn( group17, sizeof( group17 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group17, sizeof( group17 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 18:
|
||||||
|
- if( !BN_bin2bn( group18, sizeof( group18 ), dh->p ) )
|
||||||
|
+ if( !BN_bin2bn( group18, sizeof( group18 ), p ) )
|
||||||
|
goto dh_failed;
|
||||||
|
break;
|
||||||
|
|
||||||
|
@@ -441,13 +438,11 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||||
|
// set g ( generator ) value
|
||||||
|
//
|
||||||
|
|
||||||
|
- dh->g = BN_new();
|
||||||
|
- if( dh->g == NULL )
|
||||||
|
+ if( !BN_set_word( g, 2 ) )
|
||||||
|
goto dh_failed;
|
||||||
|
|
||||||
|
- if( !BN_set_word( dh->g, 2 ) )
|
||||||
|
- goto dh_failed;
|
||||||
|
-
|
||||||
|
+ DH_set0_pqg(dh, p, NULL, g);
|
||||||
|
+
|
||||||
|
//
|
||||||
|
// generate private and public DH values
|
||||||
|
//
|
||||||
|
@@ -456,7 +451,7 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
|
||||||
|
goto dh_failed;
|
||||||
|
|
||||||
|
*dh_data = dh;
|
||||||
|
- *dh_size = BN_num_bytes( dh->p );
|
||||||
|
+ *dh_size = BN_num_bytes( DH_get0_p( dh ) );
|
||||||
|
|
||||||
|
return true;
|
||||||
|
|
||||||
90
security/ike/files/patch-source_iked_ike.cpp
Normal file
90
security/ike/files/patch-source_iked_ike.cpp
Normal file
|
|
@ -0,0 +1,90 @@
|
||||||
|
--- source/iked/ike.cpp.orig 2009-02-12 02:35:43 UTC
|
||||||
|
+++ source/iked/ike.cpp
|
||||||
|
@@ -391,11 +391,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
|
||||||
|
// init cipher key and iv
|
||||||
|
//
|
||||||
|
|
||||||
|
- EVP_CIPHER_CTX ctx_cipher;
|
||||||
|
- EVP_CIPHER_CTX_init( &ctx_cipher );
|
||||||
|
+ EVP_CIPHER_CTX *ctx_cipher;
|
||||||
|
+ ctx_cipher = EVP_CIPHER_CTX_new();
|
||||||
|
|
||||||
|
EVP_CipherInit_ex(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
sa->evp_cipher,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
@@ -403,11 +403,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
|
||||||
|
0 );
|
||||||
|
|
||||||
|
EVP_CIPHER_CTX_set_key_length(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
( int ) sa->key.size() );
|
||||||
|
|
||||||
|
EVP_CipherInit_ex(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
sa->key.buff(),
|
||||||
|
@@ -419,12 +419,12 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
|
||||||
|
//
|
||||||
|
|
||||||
|
EVP_Cipher(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
data + sizeof( IKE_HEADER ),
|
||||||
|
data + sizeof( IKE_HEADER ),
|
||||||
|
( int ) size - sizeof( IKE_HEADER ) );
|
||||||
|
|
||||||
|
- EVP_CIPHER_CTX_cleanup( &ctx_cipher );
|
||||||
|
+ EVP_CIPHER_CTX_free( ctx_cipher );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -595,11 +595,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
|
||||||
|
// encrypt all but header
|
||||||
|
//
|
||||||
|
|
||||||
|
- EVP_CIPHER_CTX ctx_cipher;
|
||||||
|
- EVP_CIPHER_CTX_init( &ctx_cipher );
|
||||||
|
+ EVP_CIPHER_CTX *ctx_cipher;
|
||||||
|
+ ctx_cipher = EVP_CIPHER_CTX_new();
|
||||||
|
|
||||||
|
EVP_CipherInit_ex(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
sa->evp_cipher,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
@@ -607,11 +607,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
|
||||||
|
1 );
|
||||||
|
|
||||||
|
EVP_CIPHER_CTX_set_key_length(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
( int ) sa->key.size() );
|
||||||
|
|
||||||
|
EVP_CipherInit_ex(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
NULL,
|
||||||
|
NULL,
|
||||||
|
sa->key.buff(),
|
||||||
|
@@ -619,12 +619,12 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
|
||||||
|
1 );
|
||||||
|
|
||||||
|
EVP_Cipher(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
data + sizeof( IKE_HEADER ),
|
||||||
|
data + sizeof( IKE_HEADER ),
|
||||||
|
( int ) size - sizeof( IKE_HEADER ) );
|
||||||
|
|
||||||
|
- EVP_CIPHER_CTX_cleanup( &ctx_cipher );
|
||||||
|
+ EVP_CIPHER_CTX_free( ctx_cipher );
|
||||||
|
|
||||||
|
//
|
||||||
|
// store cipher iv data
|
||||||
48
security/ike/files/patch-source_iked_ike.exch.config.cpp
Normal file
48
security/ike/files/patch-source_iked_ike.exch.config.cpp
Normal file
|
|
@ -0,0 +1,48 @@
|
||||||
|
--- source/iked/ike.exch.config.cpp.orig 2013-04-07 16:28:06 UTC
|
||||||
|
+++ source/iked/ike.exch.config.cpp
|
||||||
|
@@ -2481,15 +2481,15 @@ long _IKED::config_chk_hash( IDB_PH1 * ph1, IDB_CFG *
|
||||||
|
BDATA hash_c;
|
||||||
|
hash_c.size( ph1->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &msgid, 4 );
|
||||||
|
- HMAC_Update( &ctx_prf, cfg->hda.buff(), cfg->hda.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &msgid, 4 );
|
||||||
|
+ HMAC_Update( ctx_prf, cfg->hda.buff(), cfg->hda.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, hash_c.buff(), NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -2543,15 +2543,15 @@ long _IKED::config_message_send( IDB_PH1 * ph1, IDB_CF
|
||||||
|
// create message authentication hash
|
||||||
|
//
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
|
||||||
|
- HMAC_Update( &ctx_prf, packet.buff() + beg, end - beg );
|
||||||
|
- HMAC_Final( &ctx_prf, hash.buff(), 0 );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
|
||||||
|
+ HMAC_Update( ctx_prf, packet.buff() + beg, end - beg );
|
||||||
|
+ HMAC_Final( ctx_prf, hash.buff(), 0 );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
memcpy( packet.buff() + off + 4, hash.buff(), hash.size() );
|
||||||
|
|
||||||
48
security/ike/files/patch-source_iked_ike.exch.inform.cpp
Normal file
48
security/ike/files/patch-source_iked_ike.exch.inform.cpp
Normal file
|
|
@ -0,0 +1,48 @@
|
||||||
|
--- source/iked/ike.exch.inform.cpp.orig 2010-12-02 16:06:10 UTC
|
||||||
|
+++ source/iked/ike.exch.inform.cpp
|
||||||
|
@@ -399,15 +399,15 @@ long _IKED::inform_chk_hash( IDB_PH1 * ph1, IDB_XCH *
|
||||||
|
BDATA hash_c;
|
||||||
|
hash_c.size( ph1->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
|
||||||
|
- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
|
||||||
|
+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, hash_c.buff(), NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -439,15 +439,15 @@ long _IKED::inform_gen_hash( IDB_PH1 * ph1, IDB_XCH *
|
||||||
|
{
|
||||||
|
inform->hash_l.size( ph1->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
|
||||||
|
- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, inform->hash_l.buff(), 0 );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
|
||||||
|
+ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, inform->hash_l.buff(), 0 );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
347
security/ike/files/patch-source_iked_ike.exch.phase1.cpp
Normal file
347
security/ike/files/patch-source_iked_ike.exch.phase1.cpp
Normal file
|
|
@ -0,0 +1,347 @@
|
||||||
|
--- source/iked/ike.exch.phase1.cpp.orig 2012-02-08 05:09:35 UTC
|
||||||
|
+++ source/iked/ike.exch.phase1.cpp
|
||||||
|
@@ -1044,14 +1044,14 @@ long _IKED::process_phase1_send( IDB_PH1 * ph1 )
|
||||||
|
BDATA psk_hash;
|
||||||
|
psk_hash.size( ph1->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, psk_hash.buff(), NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, psk_hash.buff(), NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
//
|
||||||
|
// add the notification payload
|
||||||
|
@@ -1557,7 +1557,7 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
{
|
||||||
|
BDATA prv;
|
||||||
|
prv.size( ph1->dh_size );
|
||||||
|
- BN_bn2bin( ph1->dh->priv_key, prv.buff() );
|
||||||
|
+ BN_bn2bin( DH_get0_priv_key( ph1->dh ), prv.buff() );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DECODE,
|
||||||
|
@@ -1656,25 +1656,25 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
case XAUTH_AUTH_INIT_PSK:
|
||||||
|
case XAUTH_AUTH_RESP_PSK:
|
||||||
|
{
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
|
||||||
|
|
||||||
|
if( ph1->initiator )
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||||
|
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -1704,14 +1704,14 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
nonce.add( ph1->nonce_l );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
@@ -1730,15 +1730,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
// compute SKEYID_d
|
||||||
|
//
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||||
|
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||||
|
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||||
|
|
||||||
|
ph1->skeyid_d.set( skeyid_data, skeyid_size );
|
||||||
|
|
||||||
|
@@ -1753,13 +1753,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
// compute SKEYID_a
|
||||||
|
//
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
|
||||||
|
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\1", 1 );
|
||||||
|
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
|
||||||
|
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\1", 1 );
|
||||||
|
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||||
|
|
||||||
|
ph1->skeyid_a.set( skeyid_data, skeyid_size );
|
||||||
|
|
||||||
|
@@ -1774,13 +1774,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
// compute SKEYID_e
|
||||||
|
//
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
|
||||||
|
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\2", 1 );
|
||||||
|
- HMAC_Final( &ctx_prf, skeyid_data, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
|
||||||
|
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\2", 1 );
|
||||||
|
+ HMAC_Final( ctx_prf, skeyid_data, NULL );
|
||||||
|
|
||||||
|
ph1->skeyid_e.set( skeyid_data, skeyid_size );
|
||||||
|
|
||||||
|
@@ -1821,15 +1821,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
|
||||||
|
// create extended key data
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||||
|
- HMAC_Final( &ctx_prf, key_data, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
|
||||||
|
+ HMAC_Final( ctx_prf, key_data, NULL );
|
||||||
|
|
||||||
|
for( long size = skeyid_size; size < key_size; size += skeyid_size )
|
||||||
|
{
|
||||||
|
- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||||
|
- HMAC_Final( &ctx_prf, key_data + size, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||||
|
+ HMAC_Final( ctx_prf, key_data + size, NULL );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
@@ -1839,7 +1839,7 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
memcpy( key_data, skeyid_data, key_size );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
if( proposal->ciph_kl )
|
||||||
|
key_size = ( proposal->ciph_kl + 7 ) / 8;
|
||||||
|
@@ -1860,22 +1860,23 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
|
||||||
|
unsigned char iv_data[ HMAC_MAX_MD_CBLOCK ];
|
||||||
|
unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
|
||||||
|
|
||||||
|
- EVP_MD_CTX ctx_hash;
|
||||||
|
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||||
|
+ EVP_MD_CTX *ctx_hash;
|
||||||
|
+ ctx_hash = EVP_MD_CTX_new();
|
||||||
|
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||||
|
|
||||||
|
if( ph1->initiator )
|
||||||
|
{
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
|
||||||
|
}
|
||||||
|
|
||||||
|
- EVP_DigestFinal( &ctx_hash, iv_data, NULL );
|
||||||
|
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||||
|
+ EVP_DigestFinal( ctx_hash, iv_data, NULL );
|
||||||
|
+ EVP_MD_CTX_free( ctx_hash );
|
||||||
|
|
||||||
|
ph1->iv.set( iv_data, iv_size );
|
||||||
|
|
||||||
|
@@ -1903,29 +1904,29 @@ long _IKED::phase1_gen_hash_i( IDB_PH1 * sa, BDATA & h
|
||||||
|
|
||||||
|
hash.size( sa->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||||
|
|
||||||
|
if( sa->initiator )
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->idi.buff(), sa->idi.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->idi.buff(), sa->idi.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -1945,29 +1946,29 @@ long _IKED::phase1_gen_hash_r( IDB_PH1 * sa, BDATA & h
|
||||||
|
|
||||||
|
hash.size( sa->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
|
||||||
|
|
||||||
|
if( sa->initiator )
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, sa->idr.buff(), sa->idr.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, sa->idr.buff(), sa->idr.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -2569,14 +2570,14 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
|
||||||
|
// hash for remote address
|
||||||
|
//
|
||||||
|
|
||||||
|
- EVP_MD_CTX ctx_hash;
|
||||||
|
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
|
||||||
|
- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
|
||||||
|
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||||
|
+ EVP_MD_CTX *ctx_hash;
|
||||||
|
+ ctx_hash = EVP_MD_CTX_new();
|
||||||
|
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
|
||||||
|
+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
|
||||||
|
|
||||||
|
ph1->natd_hash_l.add( natd );
|
||||||
|
|
||||||
|
@@ -2585,13 +2586,13 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
|
||||||
|
// hash for local address
|
||||||
|
//
|
||||||
|
|
||||||
|
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
|
||||||
|
- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
|
||||||
|
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||||
|
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
|
||||||
|
+ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
|
||||||
|
+ EVP_MD_CTX_free( ctx_hash );
|
||||||
|
|
||||||
|
ph1->natd_hash_l.add( natd );
|
||||||
|
|
||||||
153
security/ike/files/patch-source_iked_ike.exch.phase2.cpp
Normal file
153
security/ike/files/patch-source_iked_ike.exch.phase2.cpp
Normal file
|
|
@ -0,0 +1,153 @@
|
||||||
|
--- source/iked/ike.exch.phase2.cpp.orig 2010-12-22 21:35:36 UTC
|
||||||
|
+++ source/iked/ike.exch.phase2.cpp
|
||||||
|
@@ -1008,14 +1008,14 @@ long _IKED::phase2_gen_hash_i( IDB_PH1 * ph1, IDB_PH2
|
||||||
|
|
||||||
|
hash.size( ph1->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, input.buff(), input.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, input.buff(), input.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -1048,14 +1048,14 @@ long _IKED::phase2_gen_hash_r( IDB_PH1 * ph1, IDB_PH2
|
||||||
|
|
||||||
|
hash.size( ph1->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, input.buff(), input.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, hash.buff(), NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, input.buff(), input.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, hash.buff(), NULL );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -1093,14 +1093,14 @@ long _IKED::phase2_gen_hash_p( IDB_PH1 * ph1, IDB_PH2
|
||||||
|
|
||||||
|
hash.size( ph1->hash_size );
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, input.buff(), input.size() );
|
||||||
|
- HMAC_Final( &ctx_prf, hash.buff(), 0 );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, input.buff(), input.size() );
|
||||||
|
+ HMAC_Final( ctx_prf, hash.buff(), 0 );
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DEBUG,
|
||||||
|
@@ -1555,7 +1555,7 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 *
|
||||||
|
{
|
||||||
|
BDATA prv;
|
||||||
|
prv.size( ph2->dh_size );
|
||||||
|
- BN_bn2bin( ph2->dh->priv_key, prv.buff() );
|
||||||
|
+ BN_bn2bin( DH_get0_priv_key( ph2->dh ), prv.buff() );
|
||||||
|
|
||||||
|
log.bin(
|
||||||
|
LLOG_DECODE,
|
||||||
|
@@ -1817,56 +1817,56 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 *
|
||||||
|
// K3 = prf( SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b )
|
||||||
|
//
|
||||||
|
|
||||||
|
- HMAC_CTX ctx_prf;
|
||||||
|
- HMAC_CTX_init( &ctx_prf );
|
||||||
|
+ HMAC_CTX *ctx_prf;
|
||||||
|
+ ctx_prf = HMAC_CTX_new();
|
||||||
|
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||||
|
|
||||||
|
if( ph2->dhgr_id )
|
||||||
|
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||||
|
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||||
|
|
||||||
|
if( ph2->initiator )
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_Final( &ctx_prf, key_data, NULL );
|
||||||
|
+ HMAC_Final( ctx_prf, key_data, NULL );
|
||||||
|
|
||||||
|
for( long size = skeyid_size; size < key_size; size += skeyid_size )
|
||||||
|
{
|
||||||
|
- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||||
|
- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||||
|
+ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
|
||||||
|
+ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
|
||||||
|
|
||||||
|
if( ph2->dhgr_id )
|
||||||
|
- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
|
||||||
|
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||||
|
- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
|
||||||
|
+ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
|
||||||
|
|
||||||
|
if( ph2->initiator )
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
|
||||||
|
+ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_Final( &ctx_prf, key_data + size, 0 );
|
||||||
|
+ HMAC_Final( ctx_prf, key_data + size, 0 );
|
||||||
|
}
|
||||||
|
|
||||||
|
- HMAC_CTX_cleanup( &ctx_prf );
|
||||||
|
+ HMAC_CTX_free( ctx_prf );
|
||||||
|
|
||||||
|
//
|
||||||
|
// separate encrypt and auth key data
|
||||||
22
security/ike/files/patch-source_iked_ike.idb.exch.cpp
Normal file
22
security/ike/files/patch-source_iked_ike.idb.exch.cpp
Normal file
|
|
@ -0,0 +1,22 @@
|
||||||
|
--- source/iked/ike.idb.exch.cpp.orig 2011-01-15 22:09:32 UTC
|
||||||
|
+++ source/iked/ike.idb.exch.cpp
|
||||||
|
@@ -134,12 +134,13 @@ bool _IDB_XCH::new_msgiv( IDB_PH1 * ph1 )
|
||||||
|
unsigned char iv_data[ EVP_MAX_MD_SIZE ];
|
||||||
|
unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
|
||||||
|
|
||||||
|
- EVP_MD_CTX ctx_hash;
|
||||||
|
- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );
|
||||||
|
- EVP_DigestUpdate( &ctx_hash, &msgid, 4 );
|
||||||
|
- EVP_DigestFinal( &ctx_hash, iv_data, NULL );
|
||||||
|
- EVP_MD_CTX_cleanup( &ctx_hash );
|
||||||
|
+ EVP_MD_CTX *ctx_hash;
|
||||||
|
+ ctx_hash = EVP_MD_CTX_new();
|
||||||
|
+ EVP_DigestInit( ctx_hash, ph1->evp_hash );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, ph1->iv.buff(), ph1->iv.size() );
|
||||||
|
+ EVP_DigestUpdate( ctx_hash, &msgid, 4 );
|
||||||
|
+ EVP_DigestFinal( ctx_hash, iv_data, NULL );
|
||||||
|
+ EVP_MD_CTX_free( ctx_hash );
|
||||||
|
|
||||||
|
iv.set( iv_data, iv_size );
|
||||||
|
|
||||||
11
security/ike/files/patch-source_iked_ike.idb.phase1.cpp
Normal file
11
security/ike/files/patch-source_iked_ike.idb.phase1.cpp
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
--- source/iked/ike.idb.phase1.cpp.orig 2011-02-01 07:21:32 UTC
|
||||||
|
+++ source/iked/ike.idb.phase1.cpp
|
||||||
|
@@ -676,7 +676,7 @@ bool _IDB_PH1::setup_dhgrp( IKE_PROPOSAL * proposal )
|
||||||
|
}
|
||||||
|
|
||||||
|
xl.size( dh_size );
|
||||||
|
- long result = BN_bn2bin( dh->pub_key, xl.buff() );
|
||||||
|
+ long result = BN_bn2bin( DH_get0_pub_key( dh ), xl.buff() );
|
||||||
|
|
||||||
|
//
|
||||||
|
// fixup public buffer alignment
|
||||||
11
security/ike/files/patch-source_iked_ike.idb.phase2.cpp
Normal file
11
security/ike/files/patch-source_iked_ike.idb.phase2.cpp
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
--- source/iked/ike.idb.phase2.cpp.orig 2012-11-19 23:28:52 UTC
|
||||||
|
+++ source/iked/ike.idb.phase2.cpp
|
||||||
|
@@ -438,7 +438,7 @@ bool _IDB_PH2::setup_dhgrp()
|
||||||
|
}
|
||||||
|
|
||||||
|
xl.size( dh_size );
|
||||||
|
- long result = BN_bn2bin( dh->pub_key, xl.buff() );
|
||||||
|
+ long result = BN_bn2bin( DH_get0_pub_key( dh ), xl.buff() );
|
||||||
|
|
||||||
|
//
|
||||||
|
// fixup public buffer alignment
|
||||||
82
security/ike/files/patch-source_iked_ike.keyfile.cpp
Normal file
82
security/ike/files/patch-source_iked_ike.keyfile.cpp
Normal file
|
|
@ -0,0 +1,82 @@
|
||||||
|
--- source/iked/ike.keyfile.cpp.orig 2012-12-15 22:14:32 UTC
|
||||||
|
+++ source/iked/ike.keyfile.cpp
|
||||||
|
@@ -663,15 +663,19 @@ static int verify_cb( int ok, X509_STORE_CTX * store_c
|
||||||
|
{
|
||||||
|
long ll = LLOG_ERROR;
|
||||||
|
char name[ 512 ];
|
||||||
|
+ int error, error_depth;
|
||||||
|
|
||||||
|
- X509_NAME * x509_name = X509_get_subject_name( store_ctx->current_cert );
|
||||||
|
+ X509_NAME * x509_name = X509_get_subject_name( X509_STORE_CTX_get_current_cert(store_ctx) );
|
||||||
|
|
||||||
|
X509_NAME_oneline(
|
||||||
|
x509_name,
|
||||||
|
name,
|
||||||
|
512 );
|
||||||
|
+
|
||||||
|
+ error = X509_STORE_CTX_get_error(store_ctx);
|
||||||
|
+ error_depth = X509_STORE_CTX_get_error_depth(store_ctx);
|
||||||
|
|
||||||
|
- switch( store_ctx->error )
|
||||||
|
+ switch( error )
|
||||||
|
{
|
||||||
|
case X509_V_ERR_UNABLE_TO_GET_CRL:
|
||||||
|
ok = 1;
|
||||||
|
@@ -683,9 +687,9 @@ static int verify_cb( int ok, X509_STORE_CTX * store_c
|
||||||
|
ll,
|
||||||
|
"ii : %s(%d) at depth:%d\n"
|
||||||
|
"ii : subject :%s\n",
|
||||||
|
- X509_verify_cert_error_string( store_ctx->error ),
|
||||||
|
- store_ctx->error,
|
||||||
|
- store_ctx->error_depth,
|
||||||
|
+ X509_verify_cert_error_string( error ),
|
||||||
|
+ error,
|
||||||
|
+ error_depth,
|
||||||
|
name );
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -857,7 +861,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, FILE * fp, B
|
||||||
|
if( evp_pkey == NULL )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||||
|
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||||
|
EVP_PKEY_free( evp_pkey );
|
||||||
|
|
||||||
|
return converted;
|
||||||
|
@@ -883,7 +887,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, FILE * fp, B
|
||||||
|
if( evp_pkey == NULL )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||||
|
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||||
|
EVP_PKEY_free( evp_pkey );
|
||||||
|
|
||||||
|
return converted;
|
||||||
|
@@ -939,7 +943,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, BDATA & inpu
|
||||||
|
if( evp_pkey == NULL )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||||
|
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||||
|
EVP_PKEY_free( evp_pkey );
|
||||||
|
|
||||||
|
return converted;
|
||||||
|
@@ -976,7 +980,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, BDATA & inpu
|
||||||
|
if( evp_pkey == NULL )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
|
||||||
|
+ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||||
|
EVP_PKEY_free( evp_pkey );
|
||||||
|
|
||||||
|
return converted;
|
||||||
|
@@ -1010,7 +1014,7 @@ bool _IKED::pubkey_rsa_read( BDATA & cert, BDATA & pub
|
||||||
|
if( evp_pkey == NULL )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
- bool result = pubkey_rsa_2_bdata( pubkey, evp_pkey->pkey.rsa );
|
||||||
|
+ bool result = pubkey_rsa_2_bdata( pubkey, EVP_PKEY_get0_RSA(evp_pkey) );
|
||||||
|
|
||||||
|
EVP_PKEY_free( evp_pkey );
|
||||||
|
|
||||||
26
security/ike/files/patch-source_libike_manager.file.cpp
Normal file
26
security/ike/files/patch-source_libike_manager.file.cpp
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
--- source/libike/manager.file.cpp.orig 2011-02-06 16:40:00 UTC
|
||||||
|
+++ source/libike/manager.file.cpp
|
||||||
|
@@ -679,11 +679,11 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config,
|
||||||
|
BDATA pwd;
|
||||||
|
data.get( pwd );
|
||||||
|
|
||||||
|
- EVP_CIPHER_CTX ctx_cipher;
|
||||||
|
- EVP_CIPHER_CTX_init( &ctx_cipher );
|
||||||
|
+ EVP_CIPHER_CTX *ctx_cipher;
|
||||||
|
+ ctx_cipher = EVP_CIPHER_CTX_new();
|
||||||
|
|
||||||
|
EVP_CipherInit_ex(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
EVP_des_ede3_cbc(),
|
||||||
|
NULL,
|
||||||
|
key,
|
||||||
|
@@ -691,7 +691,7 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config,
|
||||||
|
0 );
|
||||||
|
|
||||||
|
EVP_Cipher(
|
||||||
|
- &ctx_cipher,
|
||||||
|
+ ctx_cipher,
|
||||||
|
pwd.buff(),
|
||||||
|
pwd.buff(),
|
||||||
|
( unsigned int ) pwd.size() );
|
||||||
|
|
@ -5,6 +5,4 @@ running the ipsec-tools racoon daemon. The latest version offers a
|
||||||
high level of compatibility with Cisco, Juniper, Zywall, Fortigate
|
high level of compatibility with Cisco, Juniper, Zywall, Fortigate
|
||||||
and many other commercial IPsec VPN gateways.
|
and many other commercial IPsec VPN gateways.
|
||||||
|
|
||||||
For more information please visit ...
|
|
||||||
|
|
||||||
WWW: http://www.shrew.net/
|
WWW: http://www.shrew.net/
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue